Network Working Group | F. L. Templin, Ed. |
Internet-Draft | Boeing Research & Technology |
Obsoletes: rfc6706 (if approved) | March 17, 2014 |
Intended status: Standards Track | |
Expires: September 18, 2014 |
Transmission of IPv6 Packets over AERO Links
draft-templin-aerolink-07.txt
This document specifies the operation of IPv6 over tunnel virtual Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended Route Optimization (AERO). Nodes attached to AERO links can exchange packets via trusted intermediate routers on the link that provide forwarding services to reach off-link destinations and/or redirection services to inform the node of an on-link neighbor that is closer to the final destination. Operation of the IPv6 Neighbor Discovery (ND) protocol over AERO links is based on an IPv6 link local address format known as the AERO address.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 18, 2014.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document specifies the operation of IPv6 over tunnel virtual Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended Route Optimization (AERO). Nodes attached to AERO links can exchange packets via trusted intermediate routers on the link that provide forwarding services to reach off-link destinations and/or redirection services to inform the node of an on-link neighbor that is closer to the final destination.
Nodes on AERO links use an IPv6 link-local address format known as the AERO Address. This address type has properties that statelessly link IPv6 Neighbor Discovery (ND) to IPv6 routing. The AERO link can be used for tunneling to neighboring nodes on either IPv6 or IPv4 networks, i.e., AERO views the IPv6 and IPv4 networks as equivalent links for tunneling. The remainder of this document presents the AERO specification.
The terminology in the normative references applies; the following terms are defined within the scope of this document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The following sections specify the operation of IPv6 over Asymmetric Extended Route Optimization (AERO) links:
AERO Relays relay packets between nodes connected to the same AERO link and also forward packets between the AERO link and the native IPv6 network. The relaying process entails re-encapsulation of IPv6 packets that were received from a first AERO node and are to be forwarded without modification to a second AERO node.
AERO Servers configure their AERO interfaces as router interfaces, and provide default routing services to AERO Clients. AERO Servers configure a DHCPv6 Relay or Server function and facilitate DHCPv6 Prefix Delegation (PD) exchanges. An AERO Server may also act as an AERO Relay.
AERO Clients act as requesting routers to receive IPv6 prefixes through a DHCPv6 PD exchange via an AERO Server over the AERO link. Each AERO Client receives at least a /64 prefix delegation, and may receive even shorter prefixes.
AERO Clients that act as routers configure their AERO interfaces as router interfaces, i.e., even if the AERO Client otherwise displays the outward characteristics of an ordinary host (for example, the Client may internally configure both an AERO interface and (internal virtual) End User Network (EUN) interfaces). AERO Clients that act as routers sub-delegate portions of their received prefix delegations to links on EUNs.
AERO Clients that act as ordinary hosts configure their AERO interfaces as host interfaces and assign one or more IPv6 addresses taken from their received prefix delegations to the AERO interface but DO NOT assign the delegated prefix itself to the AERO interface. Instead, the host assigns the delegated prefix to a "black hole" route so that unused portions of the prefix are nullified.
End system applications on AERO hosts bind directly to the AERO interface, while applications on AERO routers (or IPv6 hosts served by an AERO router) bind to EUN interfaces.
AERO interfaces use IPv6-in-IPv6 encapsulation [RFC2473] to exchange tunneled packets with AERO neighbors attached to an underlying IPv6 network, and use IPv6-in-IPv4 encapsulation [RFC4213] to exchange tunneled packets with AERO neighbors attached to an underlying IPv4 network. AERO interfaces can also use IPsec encapsulation [RFC4301] (either IPv6-in-IPsec-in-IPv6 or IPv6-in-IPsec-in-IPv4) in environments where strong authentication and confidentiality are required. When NAT traversal and/or filtering middlebox traversal is necessary, a UDP header is further inserted between the outer IP encapsulation header and the inner packet.
AERO interfaces maintain a neighbor cache and use a variation of standard unicast IPv6 ND messaging. AERO interfaces use Neighbor Solicitation (NS), Neighbor Advertisement (NA) and Redirect messages the same as for any IPv6 link. They do not use Router Solicitation (RS) and Router Advertisement (RA) messages for several reasons. First, default router discovery is supported through other means more appropriate for AERO links as described below. Second, discovery of more-specific routes is through the receipt of NS, NA and Redirect messages. Finally, AERO nodes are pre-provisioned with IPv6 prefixes that they register using DHCPv6 PD; hence, there is no need for RA-based prefix discovery.
AERO Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages do not include Source/Target Link Layer Address Options (S/TLLAO). Instead, AERO nodes determine the link-layer addresses of neighbors by examining the encapsulation source address of any NS/NA messages they receive and ignore any S/TLLAOs included in these messages. This is vital to the operation of AERO links for which neighbors are separated by Network Address Translators (NATs) - either IPv4 or IPv6.
AERO Redirect messages include a TLLAO the same as for any IPv6 link. The TLLAO includes the link-layer address of the target node, including both the IP address and the UDP source port number used by the target when it sends UDP-encapsulated packets over the AERO interface (the TLLAO instead encodes the value 0 when the target does not use UDP encapsulation). TLLAOs for target nodes that use an IPv6 underlying address include the full 16 bytes of the IPv6 address as shown in Figure 1, while TLLAOs for target nodes that use an IPv4 underlying address include only the 4 bytes of the IPv4 address as shown in Figure 2.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 2 | Length = 3 | UDP Source Port (or 0) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-- --+ | | +-- IPv6 Address --+ | | +-- --+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: AERO TLLAO Format for IPv6
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 2 | Length = 1 | UDP Source Port (or 0) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: AERO TLLAO Format for IPv4
The base tunneling specifications for IPv4 and IPv6 typically set a static MTU on the tunnel interface to 1500 bytes minus the encapsulation overhead or smaller still if the tunnel is likely to incur additional encapsulations such as IPsec on the path. This can result in path MTU related black holes when packets that are too large to be accommodated over the AERO link are dropped, but the resulting ICMP Packet Too Big (PTB) messages are lost on the return path. As a result, AERO nodes use the following MTU mitigations to accommodate larger packets.
AERO nodes set their AERO interface MTU to the larger of 1500 bytes and the underlying interface MTU minus the encapsulation overhead. AERO nodes optionally cache other per-neighbor MTU values in the underlying IP path MTU discovery cache initialized to the underlying interface MTU.
AERO nodes admit packets that are no larger than 1280 bytes minus the encapsulation overhead (*) as well as packets that are larger than 1500 bytes into the tunnel without fragmentation, i.e., as long as they are no larger than the AERO interface MTU before encapsulation and also no larger than the cached per-neighbor MTU following encapsulation. For IPv4, the node sets the "Don't Fragment" (DF) bit to 0 for packets no larger than 1280 bytes minus the encapsulation overhead (*) and sets the DF bit to 1 for packets larger than 1500 bytes. If a large packet is lost in the path, the node may optionally cache the MTU reported in the resulting PTB message or may ignore the message, e.g., if there is a possibility that the message is spurious.
For packets destined to an AERO node that are larger than 1280 bytes minus the encapsulation overhead (*) but no larger than 1500 bytes, the node uses outer IP fragmentation to fragment the packet into two pieces (where the first fragment contains 1024 bytes of the fragmented inner packet) then admits the fragments into the tunnel. If the outer protocol is IPv4, the node admits the packet into the tunnel with DF set to 0 and subject to rate limiting to avoid reassembly errors [RFC4963][RFC6864]. For both IPv4 and IPv6, the node also sends a 1500 byte probe message (**) to the neighbor, subject to rate limiting. To construct a probe, the node prepares an ICMPv6 Neighbor Solicitation (NS) message with trailing padding octets added to a length of 1500 bytes but does not include the length of the padding in the IPv6 Payload Length field. The node then encapsulates the NS in the outer encapsulation headers (while including the length of the padding in the outer length fields), sets DF to 1 (for IPv4) and sends the padded NS message to the neighbor. If the neighbor returns an NA message, the node may then send whole packets within this size range and (for IPv4) relax the rate limiting requirement.
AERO nodes MUST be capable of reassembling packets up to 1500 bytes plus the encapsulation overhead length. It is therefore RECOMMENDED that AERO nodes be capable of reassembling at least 2KB.
(*) Note that if it is known that the minimum Path MTU to an AERO node is MINMTU bytes (where 1280 < MINMTU < 1500) then MINMTU can be used instead of 1280 in the fragmentation threshold considerations listed above.
(**) It is RECOMMENDED that no probes smaller than 1500 bytes be used for MTU probing purposes, since smaller probes may be fragmented if there is a nested tunnel somewhere on the path to the neighbor.
AERO interfaces encapsulate IPv6 packets according to whether they are entering the AERO interface for the first time or if they are being forwarded out the same AERO interface that they arrived on. This latter form of encapsulation is known as "re-encapsulation".
AERO interfaces encapsulate packets per the specifications in , [RFC2473], [RFC4213] except that the interface copies the "TTL/Hop Limit", "Type of Service/Traffic Class" and "Congestion Experienced" values in the inner network layer header into the corresponding fields in the outer IP header. For packets undergoing re-encapsulation, the AERO interface instead copies the "TTL/Hop Limit", "Type of Service/Traffic Class" and "Congestion Experienced" values in the original outer IP header into the corresponding fields in the new outer IP header (i.e., the values are transferred between outer headers and *not* copied from the inner network layer header).
When UDP encapsulation is used, the AERO interface inserts a UDP header between the inner packet and outer IP header. If the outer header is IPv6 and is followed by an IPv6 Fragment header, the AERO interface inserts the UDP header between the outer IPv6 header and IPv6 Fragment header. The AERO interface sets the UDP source port to a constant value that it will use in each successive packet it sends, sets the UDP destination port to 8060 (i.e., the IANA-registered port number for AERO), sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) and sets the UDP length field to the length of the inner packet plus 8 bytes for the UDP header itself.
The AERO interface next sets the outer IP protocol number to the appropriate value for the first protocol layer within the encapsulation (e.g., IPv6, IPv6 Fragment Header, UDP, etc.). When IPv6 is used as the outer IP protocol, the ITE then sets the flow label value in the outer IPv6 header the same as described in [RFC6438]. When IPv4 is used as the outer IP protocol, the AERO interface sets the DF bit as discussed in Section 3.2.
AERO interfaces decapsulate packets destined either to the localhost or to a destination reached via an interface other than the receiving AERO interface per the specifications in , [RFC2473], [RFC4213]. When the encapsulated packet includes a UDP header, the AERO interfaces examines the first octet of data following the UDP header to determine the inner header type. If the most significant four bits of the first octet encode the value '0110', the inner header is an IPv6 header. Otherwise, the interface considers the first octet as an IP protocol type that encodes the value '44' for IPv6 fragment header, the value '50' for Encapsulating Security Payload, the value '51' for Authentication Header etc. (If the first octet encodes the value '0', the interface instead discards the packet, since this is the value reserved for experimentation under , [RFC6706]). During the decapsulation, the AERO interface records the UDP source port in the neighbor cache entry for this neighbor then discards the UDP header.
An AERO address is an IPv6 link-local address assigned to an AERO interface and with an IPv6 prefix embedded within the interface identifier. The AERO address is formatted as:
Each AERO Client configures an AERO address based on the delegated prefix it has received from the AERO link prefix delegation authority. The address begins with the prefix fe80::/64 and includes in its interface identifier the base /64 prefix taken from the Client's delegated IPv6 prefix. The base prefix is determined by masking the delegated prefix with the prefix length. For example, if an AERO Client has received the prefix delegation:
it would construct its AERO address as:
An AERO Client may have multiple non-contiguous IPv6 prefix delegations, in which case it would configure multiple AERO addresses - one for each prefix. Note that, in order for the DHCPv6 PD function to operate correctly, the AERO Client must already hold a delegated IPv6 prefix so that it can construct an AERO address to use as the source address in the DHCPv6 exchange. This means that the DHCPv6 PD function is really just a registration of a pre-provisioned prefix.
Each AERO Server configures the special AERO address fe80::1 to support the operation of IPv6 Neighbor Discovery over the AERO link; the address therefore has the properties of an IPv6 Anycast address. While all Servers configure the same AERO address and therefore cannot be distinguished from one another at the network layer, Clients can still distinguish Servers at the link layer by examining the Servers' link-layer addresses.
Nodes that are configured as pure AERO Relays (i.e., and that do not also act as Servers) do not configure an IPv6 address of any kind on their AERO interfaces. The Relay's AERO interface is therefore used purely for transit and does not participate in IPv6 ND message exchanges.
Figure 3 depicts the AERO reference operational scenario. The figure shows an AERO Server('A'), two AERO Clients ('B', 'D') and three ordinary IPv6 hosts ('C', 'E', 'F'):
.-(::::::::) .-(::: IPv6 :::)-. +-------------+ (:::: Internet ::::)--| Host F | `-(::::::::::::)-' +-------------+ `-(::::::)-' 2001:db8:3::1 | +--------------+ | AERO Server A| | (C->B; E->D) | +--------------+ fe80::1 L2(A) | X-----+-----------+-----------+--------X | AERO Link | L2(B) L2(D) fe80::2001:db8:0:0 fe80::2001:db8:1:0 .-. +--------------+ +--------------+ ,-( _)-. | AERO Client B| | AERO Client D| .-(_ IPv6 )-. | (default->A) | | (default->A) |--(__ EUN ) +--------------+ +--------------+ `-(______)-' 2001:DB8:0::/48 2001:DB8:1::/48 | | 2001:db8:1::1 .-. +-------------+ ,-( _)-. 2001:db8:0::1 | Host E | .-(_ IPv6 )-. +-------------+ +-------------+ (__ EUN )--| Host C | `-(______)-' +-------------+
Figure 3: AERO Reference Operational Scenario
In Figure 3, AERO Server ('A') connects to the AERO link and connects to the IPv6 Internet, either directly or via an AERO Relay (not shown). Server ('A') assigns the address fe80::1 to its AERO interface with link-layer address L2(A). Server ('A') next arranges to add L2(A) to a published list of valid Servers for the AERO link.
AERO Client ('B') assigns the address fe80::2001:db8:0:0 to its AERO interface with link-layer address L2(B) and registers the IPv6 prefix 2001:db8:0::/48 in a DHCPv6 PD exchange via Server ('A'). Client ('B') configures a default route via the AERO interface with next-hop address fe80::1 and link-layer address L2(A), then sub-delegates the prefix 2001:db8:0::/48 to its attached EUNs. IPv6 host ('C') connects to the EUN, and configures the address 2001:db8:0::1.
AERO Client ('D') assigns the address fe80::2001:db8:1:0 to its AERO interface with link-layer address L2(D) and registers the IPv6 prefix 2001:db8:1::/48 in a DHCPv6 PD exchange via Server ('A'). Client ('D') configures a default route via the AERO interface with next-hop address fe80::1 and link-layer address L2(A), then sub-delegates the prefix 2001:db8:1::/48 to its attached EUNs. IPv6 host ('E') connects to the EUN, and configures the address 2001:db8:1::1.
Finally, IPv6 host ('F') connects to an IPv6 network outside of the AERO link domain. Host ('F') configures its IPv6 interface in a manner specific to its attached IPv6 link, and assigns the address 2001:db8:3::1 to its IPv6 link interface.
AERO Clients observe the IPv6 router requirements defined in [RFC6434]. AERO Clients first discover the link-layer address of an AERO Server via static configuration, or through an automated means such as DNS name resolution. In the absence of other information, the Client resolves the Fully-Qualified Domain Name (FQDN) "linkupnetworks.domainname", where "domainname" is the DNS domain appropriate for the Client's attached underlying network. The Client then creates a neighbor cache entry with the IPv6 link-local address fe80::1 and the discovered address as the link-layer address. The Client further creates a default route with the link-local address fe80::1 as the next hop.
Next, the Client assigns the link-local AERO address(es) taken from its delegated prefix(es) to the AERO interface (see: Section 3.5). It then acts as a requesting router to register its IPv6 prefixes through DHCPv6 PD [RFC3633] via the Server. After the Client registers its prefixes, it sub-delegates them to nodes and links within its attached EUNs.
After configuring a default route and registering its prefixes, the Client sends periodic NS messages to the server to obtain new NAs in order to keep neighbor cache entries alive. The Client can also forward IPv6 packets destined to networks beyond its local EUNs via the Server as an IPv6 default router. The Server may in turn return a Redirect message informing the Client of a neighbor on the AERO link that is topologically closer to the final destination as specified in Section 3.9.
AERO Servers observe the IPv6 router requirements defined in [RFC6434]. They further configure a DHCPv6 relay/server function on their AERO links. When the Server delegates prefixes, it also establishes forwarding table and neighbor cache entries that list the AERO address of the Client as the next hop toward the delegated IPv6 prefixes (where the AERO address is constructed as specified in Section 3.5).
Servers respond to NS messages from Clients on their AERO interfaces by returning an NA message. When the Server receives an NS message, it updates the neighbor cache entry using the network layer source address as the neighbor's network layer address and using the link-layer source address of the NS message as the neighbor's link-layer address.
When the Server forwards a packet via the same AERO interface on which it arrived, it initiates an AERO route optimization procedure as specified in Section 3.9.
After an AERO node has received a prefix delegation, it creates an AERO address as specified in Section 3.5. It can then send NS messages to elicit NA messages from other AERO nodes. When the AERO node sends NS/NA messages, however, it must also include the length of the prefix corresponding to the AERO address. AERO NS/NA messages therefore include an 8-bit "Prefix Length" field take from the low-order 8 bits of the Reserved field as shown in Figure 4 and Figure 5.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=135) | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Target Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+-
Figure 4: AERO Neighbor Solicitation (NS) Message Format
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=136) | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | R|S|O| Reserved | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Target Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+-
Figure 5: AERO Neighbor Advertisement (NA) Message Format
When an AERO node receives an NS/NA message, it accepts the message if the Prefix Length applied to the source address is correct for the neighbor; otherwise, it ignores the message.
Section 3.6 describes the AERO reference operational scenario. We now discuss the operation and protocol details of AERO Redirection with respect to this reference scenario.
With reference to Figure 3, when the IPv6 source host ('C') sends a packet to an IPv6 destination host ('E'), the packet is first forwarded via the EUN to AERO Client ('B'). Client ('B') then forwards the packet over its AERO interface to AERO Server ('A'), which then re-encapsulates and forwards the packet to AERO Client ('D'), where the packet is finally forwarded to the IPv6 destination host ('E'). When Server ('A') re-encapsulates and forwards the packet back out on its advertising AERO interface, it must arrange to redirect Client ('B') toward Client ('D') as a better next-hop node on the AERO link that is closer to the final destination. However, this redirection process applied to AERO interfaces must be more carefully orchestrated than on ordinary links since the parties may be separated by potentially many underlying network routing hops.
Consider a first alternative in which Server ('A') informs Client ('B') only and does not inform Client ('D') (i.e., "classical redirection"). In that case, Client ('D') has no way of knowing that Client ('B') is authorized to forward packets from their claimed network-layer source addresses, and it may simply elect to drop the packets. Also, Client ('B') has no way of knowing whether Client ('D') is performing some form of source address filtering that would reject packets arriving from a node other than a trusted default router, nor whether Client ('D') is even reachable via a direct path that does not involve Server ('A').
Consider a second alternative in which Server ('A') informs both Client ('B') and Client ('D') separately, via independent redirection control messages (i.e., "augmented redirection"). In that case, if Client ('B') receives the redirection control message but Client ('D') does not, subsequent packets sent by Client ('B') could be dropped due to filtering since Client ('D') would not have a route to verify their source network-layer addresses. Also, if Client ('D') receives the redirection control message but Client ('B') does not, subsequent packets sent in the reverse direction by Client ('D') would be lost.
Since both of these alternatives have shortcomings, a new redirection technique (i.e., "AERO redirection") is needed.
Again, with reference to Figure 3, when source host ('C') sends a packet to destination host ('E'), the packet is first forwarded over the source host's attached EUN to Client ('B'), which then forwards the packet via its AERO interface to Server ('A').
Server ('A') then re-encapsulates forwards the packet out the same AERO interface toward Client ('D') and also sends an AERO "Predirect" message forward to Client ('D') as specified in Section 3.9.4. The Predirect message includes Client ('B')'s network- and link-layer addresses as well as information that Client ('D') can use to determine the IPv6 prefix used by Client ('B') . After Client ('D') receives the Predirect message, it process the message and returns an AERO Redirect message destined for Client ("B") via Server ('A') as specified in Section 3.9.5. During the process, Client ('D') also creates or updates a neighbor cache entry for Client ('B'), and creates an IPv6 route for Client ('B')'s IPv6 prefix.
When Server ('A') receives the Redirect message, it re-encapsulates the message and forwards it on to Client ('B') as specified in Section 3.9.6. The message includes Client ('D')'s network- and link-layer addresses as well as information that Client ('B') can use to determine the IPv6 prefix used by Client ('D'). After Client ('B') receives the Redirect message, it processes the message as specified in Section 3.9.7. During the process, Client ('B') also creates or updates a neighbor cache entry for Client ('D'), and creates an IPv6 route for Client ('D')'s IPv6 prefix.
Following the above Predirect/Redirect message exchange, forwarding of packets from Client ('B') to Client ('D') without involving Server ('A) as an intermediary is enabled. The mechanisms that support this exchange are specified in the following sections.
AERO Redirect/Predirect messages use the same format as for ICMPv6 Redirect messages depicted in Section 4.5 of [RFC4861], but also include a new "Prefix Length" field taken from the low-order 8 bits of the Redirect message Reserved field. The Redirect/Predirect messages are formatted as shown in Figure 6:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=137) | Code (=0/1) | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Target Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+-
Figure 6: AERO Redirect/Predirect Message Format
When an AERO Server forwards a packet out the same AERO interface that it arrived on, the Server sends a Predirect message forward toward the AERO Client nearest the destination instead of sending a Redirect message back to AERO Client nearest the source.
In the reference operational scenario, when Server ('A') forwards a packet sent by Client ('B') toward Client ('D'), it also sends a Predirect message forward toward Client ('D'), subject to rate limiting (see Section 8.2 of [RFC4861]). Server ('A') prepares the Predirect message as follows:
Server ('A') then sends the message forward to Client ('D').
When Client ('D') receives a Predirect message, it accepts the message only if it has a link-layer source address of the Server, i.e. 'L2(A)'. Client ('D') further accepts the message only if it is willing to serve as a redirection target. Next, Client ('D') validates the message according to the ICMPv6 Redirect message validation rules in Section 8.1 of [RFC4861].
In the reference operational scenario, when the Client ('D') receives a valid Predirect message, it either creates or updates a neighbor cache entry that stores the Target Address of the message as the network-layer address of Client ('B') and stores the link-layer address found in the TLLAO as the link-layer address of Client ('B'). Client ('D') then applies the Prefix Length to the Interface Identifier portion of the Target Address and records the resulting IPv6 prefix in its IPv6 forwarding table.
After processing the message, Client ('D') prepares a Redirect message response as follows:
After Client ('D') prepares the Redirect message, it sends the message to Server ('A').
When Server ('A') receives a Redirect message, it accepts the message only if it has a neighbor cache entry that associates the message's link-layer source address with the network-layer source address. Next, Server ('A') validates the message according to the ICMPv6 Redirect message validation rules in Section 8.1 of [RFC4861]. Following validation, Server ('A') re-encapsulates the Redirect then relays the re-encapsulated Redirect on to Client ('B') as follows.
In the reference operational scenario, Server ('A') receives the Redirect message from Client ('D') and prepares to re-encapsulate and forward the message to Client ('B'). Server ('A') first verifies that Client ('D') is authorized to use the Prefix Length in the Redirect message when applied to the AERO address in the network-layer source of the Redirect message, and discards the message if verification fails. Otherwise, Server ('A') re-encapsulates the message by changing the link-layer source address of the message to 'L2(A)', changing the network-layer source address of the message to fe80::1, and changing the link-layer destination address to 'L2(B)' . Server ('A') finally relays the re-encapsulated message to the ingress node ('B') without decrementing the network-layer IPv6 header Hop Limit field.
While not shown in Figure 3, AERO Relays relay Redirect and Predirect messages in exactly this same fashion described above. See Figure 7 in Appendix A for an extension of the reference operational scenario that includes Relays.
When Client ('B') receives the Redirect message, it accepts the message only if it has a link-layer source address of the Server, i.e. 'L2(A)'. Next, Client ('B') validates the message according to the ICMPv6 Redirect message validation rules in Section 8.1 of [RFC4861]. Following validation, Client ('B') then processes the message as follows.
In the reference operational scenario, when Client ('B') receives the Redirect message, it either creates or updates a neighbor cache entry that stores the Target Address of the message as the network-layer address of Client ('D') and stores the link-layer address found in the TLLAO as the link-layer address of Client ('D'). Client ('B') then applies the Prefix Length to the Interface Identifier portion of the Target Address and records the resulting IPv6 prefix in its IPv6 forwarding table.
Now, Client ('B') has an IPv6 forwarding table entry for Client('D')'s prefix, and Client ('D') has an IPv6 forwarding table entry for Client ('B')'s prefix. Thereafter, the clients may exchange ordinary network-layer data packets directly without forwarding through Server ('A').
When a source Client discovers a target neighbor (either through redirection or some other means) it MUST test the direct path to the target, e.g., by sending an initial NS message to elicit a solicited NA response. While testing the path, the Client SHOULD continue sending packets via the Server until target reachability has been confirmed. The Client MUST thereafter follow the Neighbor Unreachability Detection (NUD) procedures in Section 7.3 of [RFC4861], and can resume sending packets via the Server at any time the direct path appears to be failing.
If the Client is unable to elicit a NUD response after MAX_RETRY attempts, it SHOULD consider the direct path unusable for forwarding purposes but still viable for ingress filtering purposes.
If reachability is confirmed, the Client SHOULD thereafter process any link-layer errors as a hint that the direct path to the target has either failed or has become intermittent.
On some AERO links, establishment and maintenance of a direct path between neighbors requires coordination such as through the Internet Key Exchange (IKEv2) protocol [RFC5996]. In those cases, link-specific hints of forward progress can be used instead of NS/NA to test neighbor reachability.
When a Client needs to change its link-layer address (e.g., due to a mobility event, due to a change in underlying network interface, etc.), it sends an immediate NS message forward to any of its correspondents (including the Server and any other Clients) which then discover the new link-layer address. The Client may instead send an immediate NA message if there is strong assurance that the correspondent would receive the message with no need for an acknowledgement.
If two Clients change their link-layer addresses simultaneously, the NS/NA messages may be lost. In that case, the Clients SHOULD delete their respective neighbor cache entries and allow packets to again flow through their Server(s), which MAY result in a new AERO redirection exchange.
When a Client needs to change to a new Server, it performs a DHCPv6 "Release" message exchange with the delegating router via the old Server then sends a DHCPv6 "Request" message to the delegating router via the new Server. Note that this may result in a temporary service outage during Server "handovers".
A source Client may connect only to an IPvX underlying network, while the target Client connects only to an IPvY underlying network. In that case, the source Client has no means for reaching the target directly (since they connect to underlying networks of different IP protocol versions) and so must ignore any Redirects and continue to send packets via the Server.
When the underlying network does not support multicast, AERO nodes map IPv6 link-scoped multicast addresses (including "All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of the AERO Server.
When the underlying network supports multicast, AERO nodes use the multicast address mapping specification found in [RFC2529] for IPv4 underlying networks and use a direct multicast mapping for IPv6 underlying networks. (In the latter case, "direct multicast mapping" means that if the IPv6 multicast destination address of the inner packet is "M", then the IPv6 multicast destination address of the encapsulating header is also "M".)
In some AERO link scenarios, there may be no Server on the link and/or no need for Clients to use a Server as an intermediary trust anchor. In that case, Clients can establish neighbor cache entries and IPv6 routes by performing direct Client-to-Client exchanges, and some other form of trust basis must be applied so that each Client can verify that the prospective neighbor is authorized to use its claimed prefix.
When there is no Server on the link, Clients must arrange to receive prefix delegations and publish the delegations via a secure prefix discovery service through some means outside the scope of this document.
IPv6 hosts serviced by an AERO Client can reach IPv4-only services via a NAT64 gateway [RFC6146] within the IPv6 network.
AERO nodes can use the Default Address Selection Policy with DHCPv6 option [RFC7078] the same as on any IPv6 link.
All other (non-multicast) functions that operate over ordinary IPv6 links operate in the same fashion over AERO links.
An early implementation is available at: http://linkupnetworks.com/seal/sealv2-1.0.tgz.
This document uses the UDP Service Port Number 8060 reserved by IANA for AERO in [RFC6706]. Therefore, there are no new IANA actions required for this document.
AERO link security considerations are the same as for standard IPv6 Neighbor Discovery [RFC4861] except that AERO improves on some aspects. In particular, AERO is dependent on a trust basis between AERO Clients and Servers, where the Clients only engage in the AERO mechanism when it is facilitated by a trust anchor.
AERO links must be protected against link-layer address spoofing attacks in which an attacker on the link pretends to be a trusted neighbor. Links that provide link-layer securing mechanisms (e.g., WiFi networks) and links that provide physical security (e.g., enterprise network LANs) provide a first line of defense that is often sufficient. In other instances, securing mechanisms such as Secure Neighbor Discovery (SeND) [RFC3971] or IPsec [RFC4301] may be necessary.
AERO Clients MUST ensure that their connectivity is not used by unauthorized nodes to gain access to a protected network. (This concern is no different than for ordinary hosts that receive an IP address delegation but then "share" the address with unauthorized nodes via an IPv6/IPv6 NAT function.)
Discussions both on the v6ops list and in private exchanges helped shape some of the concepts in this work. Individuals who contributed insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, Brian Carpenter, Brian Haberman, Joel Halpern, Sascha Hlusiak, Lee Howard and Joe Touch. Members of the IESG also provided valuable input during their review process that greatly improved the document. Special thanks go to Stewart Bryant, Joel Halpern and Brian Haberman for their shepherding guidance.
This work has further been encouraged and supported by Boeing colleagues including Keith Bartley, Balaguruna Chidambaram, Jeff Holland, Cam Brodie, Yueli Yang, Wen Fang, Ed King, Mike Slane, Kent Shuey, Gen MacLean, and other members of the BR&T and BIT mobile networking teams.
Earlier works on NBMA tunneling approaches are found in [RFC2529][RFC5214][RFC5569].
Figure 3 depicts a reference AERO operational scenario with a single Server on the AERO link. In order to support scaling to larger numbers of nodes, the AERO link can deploy multiple Servers and Relays, e.g., as shown in Figure 7.
.-(::::::::) .-(::: IPv6 :::)-. (:: Internetwork ::) `-(::::::::::::)-' `-(::::::)-' | +--------------+ +------+-------+ +--------------+ |AERO Server C | | AERO Relay D | |AERO Server E | | (default->D) | | (A->C; G->E) | | (default->D) | | (A->B) | +-------+------+ | (G->F) | +-------+------+ | +------+-------+ | | | X---+---+-------------------+------------------+---+---X | AERO Link | +-----+--------+ +--------+-----+ |AERO Client B | |AERO Client F | | (default->C) | | (default->E) | +--------------+ +--------------+ .-. .-. ,-( _)-. ,-( _)-. .-(_ IPv6 )-. .-(_ IPv6 )-. (__ EUN ) (__ EUN ) `-(______)-' `-(______)-' | | +--------+ +--------+ | Host A | | Host G | +--------+ +--------+
Figure 7: AERO Server/Relay Interworking
When host ('A') sends a packet toward destination host ('G'), IPv6 forwarding directs the packet through the EUN to Client ('B'), which forwards the packet to Server ('C') in absence of more-specific forwarding information. Server ('C') forwards the packet, and it also generates an AERO Predirect message that is then forwarded through Relay ('D') to Server ('E'). When Server ('E') receives the message, it forwards the message to Client ('F').
After processing the AERO Predirect message, Client ('F') sends an AERO Redirect message to Server ('E'). Server ('E'), in turn, forwards the message through Relay ('D') to Server ('C'). When Server ('C') receives the message, it forwards the message to Client ('B') informing it that host 'G's EUN can be reached via Client ('F'), thus completing the AERO redirection.
The network layer routing information shared between Servers and Relays must be carefully coordinated in a manner outside the scope of this document. In particular, Relays require full topology information, while individual Servers only require partial topology information (i.e., they only need to know the EUN prefixes associated with their current set of Clients). See [IRON] for an architectural discussion of routing coordination between Relays and Servers.