Transmission of IPv6 Packets over AERO LinksBoeing Research & TechnologyP.O. Box 3707SeattleWA98124USAfltemplin@acm.orgI-DInternet-DraftThis document specifies the operation of IPv6 over tunnel virtual
Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended
Route Optimization (AERO). Nodes attached to AERO links can exchange
packets via trusted intermediate routers on the link that provide
forwarding services to reach off-link destinations and/or redirection
services to inform the node of an on-link neighbor that is closer to the
final destination. Operation of the IPv6 Neighbor Discovery (ND)
protocol over AERO links is based on an IPv6 link local address format
known as the AERO address.This document specifies the operation of IPv6 over tunnel virtual
Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended
Route Optimization (AERO). Nodes attached to AERO links can exchange
packets via trusted intermediate routers on the link that provide
forwarding services to reach off-link destinations and/or redirection
services to inform the node of an on-link neighbor that is closer to the
final destination.Nodes on AERO links use an IPv6 link-local address format known as
the AERO Address. This address type has properties that statelessly link
IPv6 Neighbor Discovery (ND) to IPv6 routing. The AERO link can be used
for tunneling to neighboring nodes on either IPv6 or IPv4 networks,
i.e., AERO views the IPv6 and IPv4 networks as equivalent links for
tunneling. The remainder of this document presents the AERO
specification.The terminology in the normative references applies; the following
terms are defined within the scope of this document:a Non-Broadcast, Multiple Access
(NBMA) tunnel virtual overlay configured over a node's attached IPv6
and/or IPv4 networks. All nodes on the AERO link appear as
single-hop neighbors from the perspective of IPv6.a node's attachment to an AERO
link.an IPv6 link-local address
assigned to an AERO interface and constructed as specified in
Section 3.5.a node that is connected to an AERO
link and that participates in IPv6 Neighbor Discovery over the
link.a node that
configures either a host interface or a router interface on an AERO
link.a node that
configures a router interface on an AERO link over which it can
provide default forwarding and redirection services for other AERO
nodes.a node that
relays IPv6 packets between Servers on the same AERO link, and/or
that forwards IPv6 packets between the AERO link and the IPv6
Internet. An AERO Relay may or may not also be configured as an AERO
Server.an AERO
interface endpoint that injects packets into an AERO link.an AERO
interface endpoint that receives tunneled packets from an AERO
link.a connected IPv6 or IPv4
network routing region over which AERO nodes tunnel IPv6
packets.an AERO node's interface
point of attachment to an underlying network.an IPv6 or IPv4 address
assigned to an AERO node's underlying interface. When UDP
encapsulation is used, the UDP port number is also considered as
part of the underlying address. Underlying addresses are used as the
source and destination addresses of the AERO encapsulation
header.the same as defined for
"underlying address" above.an IPv6 address used as
the source or destination address of the inner IPv6 packet
header.an IPv6 network
attached to a downstream interface of an AERO Client (where the AERO
interface is seen as the upstream interface).The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .The following sections specify the operation of IPv6 over Asymmetric
Extended Route Optimization (AERO) links:AERO hosts configure their AERO interfaces as host interfaces,
while AERO routers configure their AERO interfaces as
(non-advertising) router interfaces. End system applications on AERO
hosts bind directly to the AERO interface, while applications on AERO
routers (or IPv6 hosts served by an AERO router) bind to end user
network (EUN) interfaces beyond which their packets may be forwarded
over an AERO interface.AERO interfaces use IPv6-in-IPv6 encapsulation to exchange tunneled packets with AERO neighbors
attached to an underlying IPv6 network, and use IPv6-in-IPv4
encapsulation to exchange tunneled packets
with AERO neighbors attached to an underlying IPv4 network. AERO
interfaces can also use IPsec encapsulation
(either IPv6-in-IPv6 or IPv6-in-IPv4) in environments where strong
authentication and confidentiality are required. When NAT traversal
and/or filtering middlebox traversal is necessary, a UDP header is
further inserted between the outer IP encapsulation header and the
inner packet.AERO interfaces configure a Maximum Transmission Unit (MTU) that is
as large as the MTU of the underlying interface minus the
encapsulation overhead (where the largest possible sizes are 64KB
minus encapsulation overhead over IPv4, and 4GB minus encapsulation
overhead over IPv6).AERO interfaces maintain a neighbor cache and use a variation of
standard unicast IPv6 ND messaging. AERO interfaces use Neighbor
Solicitation (NS), Neighbor Advertisement (NA) and Redirect messages
the same as for any IPv6 link. They do not use Router Solicitation
(RS) and Router Advertisement (RA) messages for several reasons.
First, default router discovery is supported through other means more
appropriate for AERO links as described below. Second, discovery of
more-specific routes is through the receipt of NS, NA and Redirect
messages. Finally, AERO nodes receive IPv6 prefix delegations via
DHCPv6; hence, there is no need for RA-based prefix discovery.AERO Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages do not include Source/Target Link Layer Address Options
(S/TLLAO). Instead, AERO nodes determine the link-layer addresses of
neighbors by examining the encapsulation source address of any NS/NA
messages they receive and ignore any S/TLLAOs included in these
messages. This is vital to the operation of AERO links for which
neighbors are separated by Network Address Translators (NATs) - either
IPv4 or IPv6.AERO Redirect messages include a TLLAO the same as for any IPv6
link. The TLLAO includes the link-layer address of the target node,
including both the IP address and the UDP source port number used by
the target when it sends UDP-encapsulated packets over the AERO
interface (the TLLAO instead encodes the value 0 when the target does
not use UDP encapsulation). TLLAOs for target nodes that use an IPv6
underlying address include the full 16 bytes of the IPv6 address as
shown in , while TLLAOs for target nodes that
use an IPv4 underlying address include only the 4 bytes of the IPv4
address as shown in .Finally, nodes on AERO interfaces use a simple data origin
authentication for encapsulated packets they receive from other nodes.
In particular, AERO Clients accept encapsulated packets with a
link-layer source address belonging to their current AERO Server. AERO
nodes also accept encapsulated packets with a link-layer source
address that is correct for the network-layer source address. The AERO
node considers the link-layer source address correct for the
network-layer source address if there is an IPv6 route that matches
the network-layer source address as well as a neighbor cache entry
corresponding to the next hop that includes the link-layer address.
(An exception is that NS, NA and Redirect messages may include a
different link-layer address than the one currently in the neighbor
cache, and the new link-layer address updates the neighbor cache
entry.)The base tunneling specifications for IPv4 and IPv6 typically set a
static MTU on the tunnel interface to 1500 bytes minus the
encapsulation overhead or smaller still if the tunnel is likely to
incur additional encapsulations such as IPsec on the path. This can
result in path MTU related black holes when packets that are too large
to be accommodated over the AERO link are dropped, but the resulting
ICMP Packet Too Big (PTB) messages are lost on the return path. As a
result, AERO nodes MUST use the following MTU mitigations to
accommodate larger packets.AERO Clients MUST set their AERO interface MTU to the larger of
1280 bytes and the underlying interface MTU minus the encapsulation
overhead while AERO Relays and Servers MUST set their AERO interface
MTU to the larger of 1500 bytes and the underlying interface MTU minus
the encapsulation overhead. (AERO Relays and Servers set their AERO
interface MTU to at least 1500 bytes so that IPv6 packets up to 1500
bytes in length entering the AERO link from the IPv6 Internet will not
be dropped due to an MTU restriction resulting in a PTB message being
generated. AERO Clients MAY set a smaller MTU since the loss of an
IPv6 packet originating from their attached EUNs will result in
deterministic delivery of PTB messages to the IPv6 source.)AERO nodes optionally cache per-neighbor MTU values in the
underlying IP path MTU discovery cache initialized to the underlying
interface MTU. The node then admits packets that are no larger than
1280 bytes minus the encapsulation overhead as well as packets that
are larger than 1500 bytes into the tunnel without fragmentation
(i.e., as long as they are no larger than the AERO interface MTU). For
IPv4, the node sets the "Don't Fragment" (DF) bit to 0 for packets no
larger than 1280 bytes and sets the DF bit to 1 for packets larger
than 1500 bytes. If a large packet is lost in the path, the node may
optionally cache the MTU reported in the resulting PTB message or may
ignore the message, e.g., if there is a possibility that the message
is spurious.For packets larger than 1280 bytes minus the encapsulation overhead
but no larger than 1500 bytes, if the outer protocol is IPv6 the node
uses outer IPv6 fragmentation to fragment the packet into two pieces
(where the first fragment contains at least 1024 bytes of the
fragmented inner packet) then admits the fragments into the tunnel. If
the outer protocol is IPv4, the node instead admits the packet into
the tunnel with DF set to 0 subject to rate limiting to ensure that
any fragmentation resulting in the path does not result in reassembly
errors . For both IPv4
and IPv6, the node also sends a 1500 byte probe message to the
neighbor, subject to rate limiting. To construct a probe, the node
prepares an ICMPv6 Neighbor Solicitation (NS) message with trailing
padding octets added to a length of 1500 bytes but does not include
the length of the padding in the IPv6 Payload Length field. The node
then encapsulates the NS in the outer encapsulation headers (while
including the length of the padding in the outer length fields), sets
DF to 1 (for IPv4) and sends the padded NS message to the neighbor. If
the neighbor returns an NA message, the node may then send whole
packets within this size range and (for IPv4) set DF to 1 and relax
the rate limiting requirement.In addition to these MTU mitigations, AERO nodes rewrite the TCP
Maximum Segment Size (MSS) value in any TCP connection handshakes they
originate over the AERO interface . The node performs this "MSS clamping" by rewriting
the MSS to a size that is no larger than 1500 bytes minus the length
of the TCP and IPv6 headers minus the encapsulation overhead minus the
length of any additional encapsulations (e.g., IPsec) expected on the
path.By writing a reduced value in the TCP MSS, the AERO Client ensures
that the resulting TCP session will use packet sizes small enough to
avoid fragmentation. The communicating endpoints can subsequently
probe for larger packet sizes using Packetization Layer Path MTU
Discovery (PLMPMTUD) , which searches for
successful packet sizes larger than the original MSS. Other protocol
types that do not include an MSS exchange in their connection
establishment (e.g., UDP) will still see a maximal MTU even if a small
amount of fragmentation and reassembly are required.AERO nodes MUST be capable of reassembling packets up to 1500 bytes
plus the encapsulation overhead length. It is RECOMMENDED that AERO
nodes be capable of reassembling at least 2KB.AERO interfaces encapsulate IPv6 packets according to whether they
are entering the AERO interface for the first time or if they are
being forwarded out the same AERO interface that they arrived on. This
latter form of encapsulation is known as "re-encapsulation".AERO interfaces encapsulate packets per the specifications in ,, except that
the interface copies the "TTL/Hop Limit", "Type of Service/Traffic
Class" and "Congestion Experienced" values in the inner network layer
header into the corresponding fields in the outer IP header. For
packets undergoing re-encapsulation, the AERO interface instead copies
the "TTL/Hop Limit", "Type of Service/Traffic Class" and "Congestion
Experienced" values in the original outer IP header into the
corresponding fields in the new outer IP header (i.e., the values are
transferred between outer headers and *not* copied from the inner
network layer header).When UDP encapsulation is used, the AERO interface inserts a UDP
header between the inner packet and outer IP header. If the outer
header is IPv6 and is followed by an IPv6 Fragment header, the AERO
interface inserts the UDP header between the outer IPv6 header and
IPv6 Fragment header. The AERO interface sets the UDP source port to a
constant value that it will use in each successive packet it sends,
sets the UDP destination port to 8060 (i.e., the IANA-registered port
number for AERO), sets the UDP checksum field to zero (see: ) and sets the UDP length
field to the length of the inner packet plus 8 bytes for the UDP
header itself.The AERO interface next sets the outer IP protocol number to the
appropriate value for the first protocol layer within the
encapsulation (e.g., IPv6, IPv6 Fragment Header, UDP, etc.). When IPv6
is used as the outer IP protocol, the ITE then sets the flow label
value in the outer IPv6 header the same as described in . When IPv4 is used as the outer IP protocol, the
AERO interface sets the DF bit as discussed in Section 3.2.AERO interfaces decapsulate packets destined either to the
localhost or to a destination reached via an interface other than the
receiving AERO interface per the specifications in ,,. When the
encapsulated packet includes a UDP header, the AERO interfaces
examines the first octet of data following the UDP header to determine
the inner header type. If the most significant four bits of the first
octet encode the value '0110', the inner header is an IPv6 header.
Otherwise, the interface considers the first octet as an IP protocol
type that encodes the value '44' for IPv6 fragment header, the value
'50' for Encapsulating Security Payload, the value '51' for
Authentication Header etc. (If the first octet encodes the value '0',
the interface instead discards the packet, since this is the value
reserved for experimentation under ,).
During the decapsulation, the AERO interface records the UDP source
port in the neighbor cache entry for this neighbor then discards the
UDP header.AERO Relays relay packets between nodes connected to the same AERO
link and also forward packets between the AERO link and the native
IPv6 network. The relaying process entails re-encapsulation of IPv6
packets that were received from a first AERO node and are to be
forwarded without modification to a second AERO node.AERO Servers configure their AERO link interfaces as router
interfaces, and provide default routing services to AERO Clients. An
AERO Server may also act as an AERO Relay.AERO Clients are provisioned with IPv6 Prefix Delegations either
through a DHCPv6 Prefix Delegation exchange with an AERO Server over
the AERO link or via a static delegation obtained through an
out-of-band exchange with an AERO link prefix delegation authority.
Each AERO Client receives at least a /64 prefix delegation, and may
receive even shorter prefixes.AERO Clients that act as routers configure their AERO link
interfaces as router interfaces, i.e., even if the AERO Client
otherwise displays the outward characteristics of an ordinary host
(for example, the Client may internally configure both an AERO
interface and (internal virtual) EUN interfaces). AERO Clients that
act as routers sub-delegate portions of their received prefix
delegations to links on EUNs.AERO Clients that act as ordinary hosts configure their AERO link
interfaces as host interfaces and assign one or more IPv6 addresses
taken from their received prefix delegations to their AERO interfaces
but DO NOT assign the delegated prefix itself to the AERO interface.
Instead, the host assigns the delegated prefix to a "black hole" route
so that unused portions of the prefix are nullified.An AERO address is an IPv6 link-local address assigned to an AERO
interface and with an IPv6 prefix embedded within the interface
identifier. The AERO address is formatted as:fe80::[IPv6 prefix]Each AERO Client configures an AERO address based on the delegated
prefix it has received from the AERO link prefix delegation authority.
The address begins with the prefix fe80::/64 and includes in its
interface identifier the base /64 prefix taken from the Client's
delegated IPv6 prefix. The base prefix is determined by masking the
delegated prefix with the prefix length. For example, if an AERO
Client has received the prefix delegation:2001:db8:1000:2000::/56it would construct its AERO address as:fe80::2001:db8:1000:2000An AERO Client may receive multiple non-contiguous IPv6
prefix delegations, in which case it would configure multiple AERO
addresses - one for each prefix.Each AERO Server configures the special AERO address fe80::1 to
support the operation of IPv6 Neighbor Discovery over the AERO link;
the address therefore has the properties of an IPv6 Anycast address.
While all Servers configure the same AERO address and therefore cannot
be distinguished from one another at the network layer, Clients can
still distinguish Servers at the link layer by examining the Servers'
link-layer addresses.Nodes that are configured as pure AERO Relays (i.e., and that do
not also act as Servers) do not configure an IPv6 address of any kind
on their AERO interfaces. The Relay's AERO interface is therefore used
purely for transit and does not participate in IPv6 ND message
exchanges. depicts the AERO reference
operational scenario. The figure shows an AERO Server('A'), two AERO
Clients ('B', 'D') and three ordinary IPv6 hosts ('C', 'E', 'F'):In , AERO Server ('A')
connects to the AERO link and connects to the IPv6 Internet, either
directly or via other IPv6 routers (not shown). Server ('A') assigns
the address fe80::1 to its AERO interface with link-layer address
L2(A). Server ('A') next arranges to add L2(A) to a published list of
valid Servers for the AERO link.AERO Client ('B') assigns the address fe80::2001:db8:0:0 to its
AERO interface with link-layer address L2(B). Client ('B') configures
a default route via the AERO interface with next-hop network-layer
address fe80::1 and link-layer address L2(A), then sub-delegates the
prefix 2001:db8:0::/48 to its attached EUNs. IPv6 host ('C') connects
to the EUN, and configures the network-layer address
2001:db8:0::1.AERO Client ('D') assigns the address fe80::2001:db8:1:0 to its
AERO interface with link-layer address L2(D). Client ('D') configures
a default route via the AERO interface with next-hop network-layer
address fe80::1 and link-layer address L2(A), then sub-delegates the
network-layer prefix 2001:db8:1::/48 to its attached EUNs. IPv6 host
('E') connects to the EUN, and configures the network-layer address
2001:db8:1::1.Finally, IPv6 host ('F') connects to an IPv6 network outside of the
AERO link domain. Host ('F') configures its IPv6 interface in a manner
specific to its attached IPv6 link, and assigns the network-layer
address 2001:db8:3::1 to its IPv6 link interface.AERO Clients observe the IPv6 router requirements defined in
. AERO Clients first discover the link-layer
address of an AERO Server via static configuration, or through an
automated means such as DNS name resolution. In the absence of other
information, the Client resolves the Fully-Qualified Domain Name
(FQDN) "linkupnetworks.domainname", where "domainname" is the DNS
domain appropriate for the Client's attached underlying network. The
Client then creates a neighbor cache entry with the IPv6 link-local
address fe80::1 and the discovered address as the link-layer
address. The Client further creates a default route with the
link-local address fe80::1 as the next hop.Next, the Client acts as a requesting router to obtain IPv6
prefixes through DHCPv6 Prefix Delegation
via the Server. After the Client acquires prefixes, it sub-delegates
them to nodes and links within its attached EUNs. It also assigns
the link-local AERO address(es) taken from its delegated prefix(es)
to the AERO interface (see: Section 3.5).After configuring a default route and obtaining prefixes, the
Client sends periodic NS messages to the server to obtain new NAs in
order to keep neighbor cache entries alive. The Client can also
forward IPv6 packets destined to networks beyond its local EUNs via
the Server as an IPv6 default router. The Server may in turn return
a Redirect message informing the Client of a neighbor on the AERO
link that is topologically closer to the final destination as
specified in .AERO Servers observe the IPv6 router requirements defined in
. They further configure a DHCPv6
relay/server function on their AERO links. When the Server delegates
prefixes, it also establishes forwarding table and neighbor cache
entries that list the AERO address of the Client as the next hop
toward the delegated IPv6 prefixes (where the AERO address is
constructed as specified in Section 3.5).Servers respond to NS messages from Clients on their AERO
interfaces by returning an NA message. When the Server receives an
NS message, it updates the neighbor cache entry using the network
layer source address as the neighbor's network layer address and
using the link-layer source address of the NS message as the
neighbor's link-layer address.When the Server forwards a packet via the same AERO interface on
which it arrived, it initiates an AERO route optimization procedure
as specified in .After an AERO node has received a prefix delegation, it creates an
AERO address as specified in Section 3.5. It can then send NS messages
to elicit NA messages from other AERO nodes. When the AERO node sends
NS/NA messages, however, it must also include the length of the prefix
corresponding to the AERO address. AERO NS/NA messages therefore
include an 8-bit "Prefix Length" field take from the low-order 8 bits
of the Reserved field as shown in and .When an AERO node sends an NS/NA message, it MUST use its
AERO address as the IPv6 source address and MUST include its AERO
address prefix length in the Prefix Length field.When an AERO node receives an NS/NA message, it accepts the message
if the Prefix Length applied to the source address is correct for the
neighbor; otherwise, it ignores the message. describes the AERO reference
operational scenario. We now discuss the operation and protocol
details of AERO Redirection with respect to this reference
scenario.With reference to , when the
IPv6 source host ('C') sends a packet to an IPv6 destination host
('E'), the packet is first forwarded via the EUN to AERO Client
('B'). Client ('B') then forwards the packet over its AERO interface
to AERO Server ('A'), which then re-encapsulates and forwards the
packet to AERO Client ('D'), where the packet is finally forwarded
to the IPv6 destination host ('E'). When Server ('A')
re-encapsulates and forwards the packet back out on its advertising
AERO interface, it must arrange to redirect Client ('B') toward
Client ('D') as a better next-hop node on the AERO link that is
closer to the final destination. However, this redirection process
applied to AERO interfaces must be more carefully orchestrated than
on ordinary links since the parties may be separated by potentially
many underlying network routing hops.Consider a first alternative in which Server ('A') informs Client
('B') only and does not inform Client ('D') (i.e., "classical
redirection"). In that case, Client ('D') has no way of knowing that
Client ('B') is authorized to forward packets from their claimed
network-layer source addresses, and it may simply elect to drop the
packets. Also, Client ('B') has no way of knowing whether Client
('D') is performing some form of source address filtering that would
reject packets arriving from a node other than a trusted default
router, nor whether Client ('D') is even reachable via a direct path
that does not involve Server ('A').Consider a second alternative in which Server ('A') informs both
Client ('B') and Client ('D') separately, via independent
redirection control messages (i.e., "augmented redirection"). In
that case, if Client ('B') receives the redirection control message
but Client ('D') does not, subsequent packets sent by Client ('B')
could be dropped due to filtering since Client ('D') would not have
a route to verify their source network-layer addresses. Also, if
Client ('D') receives the redirection control message but Client
('B') does not, subsequent packets sent in the reverse direction by
Client ('D') would be lost.Since both of these alternatives have shortcomings, a new
redirection technique (i.e., "AERO redirection") is needed.Again, with reference to ,
when source host ('C') sends a packet to destination host ('E'), the
packet is first forwarded over the source host's attached EUN to
Client ('B'), which then forwards the packet via its AERO interface
to Server ('A').Server ('A') then re-encapsulates forwards the packet out the
same AERO interface toward Client ('D') and also sends an AERO
"Predirect" message forward to Client ('D') as specified in . The Predirect message includes Client
('B')'s network- and link-layer addresses as well as information
that Client ('D') can use to determine the IPv6 prefix used by
Client ('B') . After Client ('D') receives the Predirect message, it
process the message and returns an AERO Redirect message destined
for Client ("B") via Server ('A') as specified in . During the process, Client ('D') also creates
or updates a neighbor cache entry for Client ('B'), and creates an
IPv6 route for Client ('B')'s IPv6 prefix.When Server ('A') receives the Redirect message, it
re-encapsulates the message and forwards it on to Client ('B') as
specified in . The message includes
Client ('D')'s network- and link-layer addresses as well as
information that Client ('B') can use to determine the IPv6 prefix
used by Client ('D'). After Client ('B') receives the Redirect
message, it processes the message as specified in . During the process, Client ('B') also
creates or updates a neighbor cache entry for Client ('D'), and
creates an IPv6 route for Client ('D')'s IPv6 prefix.Following the above Predirect/Redirect message exchange,
forwarding of packets from Client ('B') to Client ('D') without
involving Server ('A) as an intermediary is enabled. The mechanisms
that support this exchange are specified in the following
sections.AERO Redirect/Predirect messages use the same format as for
ICMPv6 Redirect messages depicted in Section 4.5 of , but also include a new "Prefix Length" field
taken from the low-order 8 bits of the Redirect message Reserved
field. The Redirect/Predirect messages are formatted as shown in
:When an AERO Server forwards a packet out the same AERO interface
that it arrived on, the Server sends a Predirect message forward
toward the AERO Client nearest the destination instead of sending a
Redirect message back to AERO Client nearest the source.In the reference operational scenario, when Server ('A') forwards
a packet sent by Client ('B') toward Client ('D'), it also sends a
Predirect message forward toward Client ('D'), subject to rate
limiting (see Section 8.2 of ). Server ('A')
prepares the Predirect message as follows:the link-layer source address is set to 'L2(A)' (i.e., the
underlying address of Server ('A')).the link-layer destination address is set to 'L2(D)' (i.e.,
the underlying address of Client ('D')).the network-layer source address is set to fe80::1 (i.e., the
AERO address of Server ('A')).the network-layer destination address is set to
fe80::2001:db8:1:0 (i.e., the AERO address of Client ('D')).the Type is set to 137.the Code is set to 1 to indicate "Predirect".the Prefix Length is set to the length of the prefix to be
applied to Target address.the Target Address is set to fe80::2001:db8:0::0 (i.e., the
AERO address of Client ('B')).the Destination Address is set to the IPv6 source address of
the packet that triggered the Predirection event.the message includes a TLLAO set to 'L2(B)' (i.e., the
underlying address of Client ('B')).the message includes a Redirected Header Option (RHO) that
contains the originating packet truncated to ensure that at
least the network-layer header is included but the size of the
message does not exceed 1280 bytes.Server ('A') then sends the message forward to Client ('D').When Client ('D') receives a Predirect message, it accepts the
message only if it has a link-layer source address of the Server,
i.e. 'L2(A)'. Client ('D') further accepts the message only if it is
willing to serve as a redirection target. Next, Client ('D')
validates the message according to the ICMPv6 Redirect message
validation rules in Section 8.1 of .In the reference operational scenario, when the Client ('D')
receives a valid Predirect message, it either creates or updates a
neighbor cache entry that stores the Target Address of the message
as the network-layer address of Client ('B') and stores the
link-layer address found in the TLLAO as the link-layer address of
Client ('B'). Client ('D') then applies the Prefix Length to the
Interface Identifier portion of the Target Address and records the
resulting IPv6 prefix in its IPv6 forwarding table.After processing the message, Client ('D') prepares a Redirect
message response as follows:the link-layer source address is set to 'L2(D)' (i.e., the
link-layer address of Client ('D')).the link-layer destination address is set to 'L2(A)' (i.e.,
the link-layer address of Server ('A')).the network-layer source address is set to 'L3(D)' (i.e., the
AERO address of Client ('D')).the network-layer destination address is set to 'L3(B)'
(i.e., the AERO address of Client ('B')).the Type is set to 137.the Code is set to 0 to indicate "Redirect".the Prefix Length is set to the length of the prefix to be
applied to the Target and Destination address.the Target Address is set to fe80::2001:db8:1::1 (i.e., the
AERO address of Client ('D')).the Destination Address is set to the IPv6 destination
address of the packet that triggered the Redirection event.the message includes a TLLAO set to 'L2(D)' (i.e., the
underlying address of Client ('D')).the message includes as much of the RHO copied from the
corresponding AERO Predirect message as possible such that at
least the network-layer header is included but the size of the
message does not exceed 1280 bytes.After Client ('D') prepares the Redirect message, it sends the
message to Server ('A').When Server ('A') receives a Redirect message, it accepts the
message only if it has a neighbor cache entry that associates the
message's link-layer source address with the network-layer source
address. Next, Server ('A') validates the message according to the
ICMPv6 Redirect message validation rules in Section 8.1 of . Following validation, Server ('A')
re-encapsulates the Redirect then relays the re-encapsulated
Redirect on to Client ('B') as follows.In the reference operational scenario, Server ('A') receives the
Redirect message from Client ('D') and prepares to re-encapsulate
and forward the message to Client ('B'). Server ('A') first verifies
that Client ('D') is authorized to use the Prefix Length in the
Redirect message when applied to the AERO address in the
network-layer source of the Redirect message, and discards the
message if verification fails. Otherwise, Server ('A')
re-encapsulates the message by changing the link-layer source
address of the message to 'L2(A)', changing the network-layer source
address of the message to fe80::1, and changing the link-layer
destination address to 'L2(B)' . Server ('A') finally relays the
re-encapsulated message to the ingress node ('B') without
decrementing the network-layer IPv6 header Hop Limit field.While not shown in , AERO
Relays relay Redirect and Predirect messages in exactly this same
fashion described above. See in
Appendix A for an extension of the reference operational scenario
that includes Relays.When Client ('B') receives the Redirect message, it accepts the
message only if it has a link-layer source address of the Server,
i.e. 'L2(A)'. Next, Client ('B') validates the message according to
the ICMPv6 Redirect message validation rules in Section 8.1 of . Following validation, Client ('B') then
processes the message as follows.In the reference operational scenario, when Client ('B') receives
the Redirect message, it either creates or updates a neighbor cache
entry that stores the Target Address of the message as the
network-layer address of Client ('D') and stores the link-layer
address found in the TLLAO as the link-layer address of Client
('D'). Client ('B') then applies the Prefix Length to the Interface
Identifier portion of the Target Address and records the resulting
IPv6 prefix in its IPv6 forwarding table.Now, Client ('B') has an IPv6 forwarding table entry for
Client('D')'s prefix, and Client ('D') has an IPv6 forwarding table
entry for Client ('B')'s prefix. Thereafter, the clients may
exchange ordinary network-layer data packets directly without
forwarding through Server ('A').When a source Client discovers a target neighbor (either through
redirection or some other means) it MUST test the direct path to the
target, e.g., by sending an initial NS message to elicit a solicited
NA response. While testing the path, the Client SHOULD continue
sending packets via the Server until target reachability has been
confirmed. The Client MUST thereafter follow the Neighbor
Unreachability Detection (NUD) procedures in Section 7.3 of , and can resume sending packets via the Server at
any time the direct path appears to be failing.If the Client is unable to elicit a NUD response after MAX_RETRY
attempts, it SHOULD consider the direct path unusable for forwarding
purposes but still viable for ingress filtering purposes.If reachability is confirmed, the Client SHOULD thereafter process
any link-layer errors as a hint that the direct path to the target has
either failed or has become intermittent.On some AERO links, establishment and maintenance of a direct path
between neighbors requires coordination such as through the Internet
Key Exchange (IKEv2) protocol . In those
cases, link-specific hints of forward progress can be used instead of
NS/NA to test neighbor reachability.When a Client needs to change its link-layer address (e.g., due to
a mobility event, due to a change in underlying network interface,
etc.), it sends an immediate NA message forward to any of its
correspondents (including the Server and any other Clients) which then
discover the new link-layer address.If two Clients change their link-layer addresses simultaneously,
the NA messages may be lost. In that case, the Clients follow the same
NUD procedures specified in Section 3.10.A source Client may connect only to an IPvX underlying network,
while the target Client connects only to an IPvY underlying network.
In that case, the source Client has no means for reaching the target
directly (since they connect to underlying networks of different IP
protocol versions) and so must ignore any Redirects and continue to
send packets via the Server.When the underlying network does not support multicast, AERO nodes
map IPv6 link-scoped multicast addresses (including
"All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of
the AERO Server.When the underlying network supports multicast, AERO nodes use the
multicast address mapping specification found in for IPv4 underlying networks and use a direct
multicast mapping for IPv6 underlying networks. (In the latter case,
"direct multicast mapping" means that if the IPv6 multicast
destination address of the inner packet is "M", then the IPv6
multicast destination address of the encapsulating header is also
"M".)In some AERO link scenarios, there may be no Server on the link
and/or no need for Clients to use a Server as an intermediary trust
anchor. In that case, Clients can establish neighbor cache entries and
IPv6 routes by performing direct Client-to-Client exchanges, and some
other form of trust basis must be applied so that each Client can
verify that the prospective neighbor is authorized to use its claimed
prefix.When there is no Server on the link, Clients must arrange to
receive prefix delegations and publish the delegations via a secure
prefix discovery service through some means outside the scope of this
document.AERO nodes that connect to an IPv4 underlying network can configure
a NAT64 function to support any IPv6 nodes on
their attached EUNs.AERO nodes can use the Default Address Selection Policy with DHCPv6
option the same as on any IPv6 link.All other (non-multicast) functions that operate over ordinary IPv6
links operate in the same fashion over AERO links.An early implementation is available at:
http://linkupnetworks.com/seal/sealv2-1.0.tgz.This document uses the UDP Service Port Number 8060 reserved by IANA
for AERO in . Therefore, there are no new IANA
actions required for this document.AERO link security considerations are the same as for standard IPv6
Neighbor Discovery except that AERO improves on
some aspects. In particular, AERO is dependent on a trust basis between
AERO Clients and Servers, where the Clients only engage in the AERO
mechanism when it is facilitated by a trust anchor.AERO links must be protected against link-layer address spoofing
attacks in which an attacker on the link pretends to be a trusted
neighbor. Links that provide link-layer securing mechanisms (e.g., WiFi
networks) and links that provide physical security (e.g., enterprise
network LANs) provide a first line of defense that is often sufficient.
In other instances, securing mechanisms such as Secure Neighbor
Discovery (SeND) or IPsec must be used.Discussions both on the v6ops list and in private exchanges helped
shape some of the concepts in this work. Individuals who contributed
insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, Brian
Carpenter, Brian Haberman, Joel Halpern, and Lee Howard. Members of the
IESG also provided valuable input during their review process that
greatly improved the document. Special thanks go to Stewart Bryant, Joel
Halpern and Brian Haberman for their shepherding guidance.This work has further been encouraged and supported by Boeing
colleagues including Balaguruna Chidambaram, Jeff Holland, Cam Brodie,
Yueli Yang, Wen Fang, Ed King, Mike Slane, Kent Shuey, Gen MacLean, and
other members of the BR&T and BIT mobile networking teams.Earlier works on NBMA tunneling approaches are found in .The Internet Routing Overlay Network (IRON)Since the Internet must continue to support escalating growth
due to increasing demand, it is clear that current routing
architectures and operational practices must be updated. This
document proposes an Internet Routing Overlay Network (IRON)
architecture that supports sustainable growth while requiring no
changes to end systems and no changes to the existing routing
system. In addition to routing scaling, IRON further addresses
other important issues including mobility management, mobile
networks, multihoming, traffic engineering, NAT traversal and
security. While business considerations are an important
determining factor for widespread adoption, they are out of scope
for this document. depicts a reference AERO
operational scenario with a single Server on the AERO link. In order to
support scaling to larger numbers of nodes, the AERO link can deploy
multiple Servers and Relays, e.g., as shown in .In this example, AERO Client ('B') associates with AERO
Server ('C'), while AERO Client ('F') associates with AERO Server ('E').
Furthermore, AERO Servers ('C') and ('E') do not associate with each
other directly, but rather have an association with AERO Relay ('D')
(i.e., a router that has full topology information concerning its
associated Servers and their Clients). Relay ('D') connects to the AERO
link, and also connects to the native IPv6 Internetwork.When host ('A') sends a packet toward destination host ('G'), IPv6
forwarding directs the packet through the EUN to Client ('B'), which
forwards the packet to Server ('C') in absence of more-specific
forwarding information. Server ('C') forwards the packet, and it also
generates an AERO Predirect message that is then forwarded through Relay
('D') to Server ('E'). When Server ('E') receives the message, it
forwards the message to Client ('F').After processing the AERO Predirect message, Client ('F') sends an
AERO Redirect message to Server ('E'). Server ('E'), in turn, forwards
the message through Relay ('D') to Server ('C'). When Server ('C')
receives the message, it forwards the message to Client ('B') informing
it that host 'G's EUN can be reached via Client ('F'), thus completing
the AERO redirection.The network layer routing information shared between Servers and
Relays must be carefully coordinated in a manner outside the scope of
this document. In particular, Relays require full topology information,
while individual Servers only require partial topology information
(i.e., they only need to know the EUN prefixes associated with their
current set of Clients). See for an architectural
discussion of routing coordination between Relays and Servers.