draft-ietf-ngtrans-isatap-17.txt   draft-ietf-ngtrans-isatap-18.txt 
Network Working Group F. Templin Network Working Group F. Templin
Internet-Draft Nokia Internet-Draft Nokia
Expires: July 20, 2004 T. Gleeson Expires: August 4, 2004 T. Gleeson
Cisco Systems K.K. Cisco Systems K.K.
M. Talwar M. Talwar
D. Thaler D. Thaler
Microsoft Corporation Microsoft Corporation
January 20, 2004 February 4, 2004
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Internet/Site Automatic Tunnel Addressing Protocol (ISATAP)
draft-ietf-ngtrans-isatap-17.txt draft-ietf-ngtrans-isatap-18.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is subject to all provisions
all provisions of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 20, 2004. This Internet-Draft will expire on August 4, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects The Internet/Site Automatic Tunnel Addressing Protocol (ISATAP)
IPv6 neighbors/routers over IPv4 networks. ISATAP views the IPv4 connects IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4
network as a Non-Broadcast, Multiple Access (NBMA) link layer for network as a link layer for IPv6 and views other nodes on the network
IPv6 and views other nodes on the network as potential IPv6 as potential IPv6 hosts/routers. ISATAP supports automatic tunneling
neighbors/routers. ISATAP interfaces support automatic tunneling and a tunnel interface management abstraction similar to the Non-
whether globally assigned or private IPv4 addresses are used. ISATAP Broadcast, Multiple Access (NBMA) and ATM Permanent/Switched Virtual
supports an abstraction for tunnel interface management similar to Circuit (PVC/SVC) models.
the ATM Permanent/Switched Virtual Circuit (PVC/SVC) model.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Model of Operation . . . . . . . . . . . . . . . . . . . . . . 4 4. ISATAP Conceptual Model . . . . . . . . . . . . . . . . . . . 4
5. Node Requirements . . . . . . . . . . . . . . . . . . . . . . 4 5. Node Requirements . . . . . . . . . . . . . . . . . . . . . . 5
6. Addressing Requirements . . . . . . . . . . . . . . . . . . . 4 6. Addressing Requirements . . . . . . . . . . . . . . . . . . . 5
7. Configuration and Management Requirements . . . . . . . . . . 6 7. Configuration and Management Requirements . . . . . . . . . . 6
8. Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . 12 8. Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . 10
9. Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . 17 9. Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . . 15
10. Other Requirements for Control Plane Signalling . . . . . . . 19 10. Other Requirements for Control Plane Signaling . . . . . . . . 18
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 11. Security considerations . . . . . . . . . . . . . . . . . . . 18
12. Security considerations . . . . . . . . . . . . . . . . . . . 20 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 13. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 19
Normative References . . . . . . . . . . . . . . . . . . . . . 21 14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20
Informative References . . . . . . . . . . . . . . . . . . . . 22 A. Major Changes . . . . . . . . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 B. Example ISATAP Driver API . . . . . . . . . . . . . . . . . . 21
A. Major Changes . . . . . . . . . . . . . . . . . . . . . . . . 25 C. The IPv6 Minimum MTU . . . . . . . . . . . . . . . . . . . . . 24
B. Interface Identifier Construction . . . . . . . . . . . . . . 26 D. Modified EUI-64 Addresses in the IANA Ethernet Address Block . 24
Intellectual Property and Copyright Statements . . . . . . . . 28 E. Proposed ICMPv6 Code Field Types . . . . . . . . . . . . . . . 25
Normative References . . . . . . . . . . . . . . . . . . . . . 25
Informative References . . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29
Intellectual Property and Copyright Statements . . . . . . . . 30
1. Introduction 1. Introduction
This document specifies a simple mechanism called the Intra-Site This document specifies a simple mechanism called the Internet/Site
Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6 Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6
[RFC2460] neighbors/routers over IPv4 [RFC0791] networks. ISATAP [RFC2460] hosts/routers over IPv4 [STD0005] networks. Dual-stack
allows dual-stack (IPv6/IPv4) nodes to automatically tunnel packets (IPv6/IPv4) nodes use ISATAP to automatically tunnel IPv6 packets in
to the IPv6 next-hop address through IPv4, i.e., ISATAP sees the IPv4 IPv4, i.e., ISATAP views the IPv4 network as a link layer for IPv6
network as a link layer for IPv6 and views other nodes on the network and views other nodes on the network as potential IPv6 hosts/routers.
as potential IPv6 neighbors/routers. ISATAP supports an abstraction
for tunnel interface management similar to the Non-Broadcast,
Multiple Access (NBMA) [RFC2491] and ATM Permanent/Switched Virtual
Circuit (PVC/SVC) [RFC2492] paradigms.
The main objectives of this document are to: 1) describe the ISATAP enables automatic tunneling whether global or private IPv4
operational model for ISATAP, 2) specify addressing requirements, 3) addresses are used, and supports a tunnel interface management
discuss configuration and management requirements, 4) specify abstraction similar to the Non-Broadcast, Multiple Access (NBMA)
automatic tunneling using ISATAP, 5) specify operational aspects of [RFC2491] and ATM Permanent/Switched Virtual Circuit (PVC/SVC)
IPv6 Neighbor Discovery, and 6) discuss IANA; Security [RFC2492] models.
considerations.
The main objectives of this document are to: 1) describe the ISATAP
conceptual model, 2) specify addressing requirements, 3) discuss
configuration and management requirements, 4) specify automatic
tunneling using ISATAP, 5) specify operational aspects of IPv6
Neighbor Discovery, and 6) discuss IANA and Security considerations.
This document surveys all IETF v6ops WG documents current up to
February 4, 2004.
2. Requirements 2. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [RFC2119]. document, are to be interpreted as described in [BCP0014].
3. Terminology 3. Terminology
The terminology of [RFC1122][RFC2460][RFC2461][RFC3582] applies to The terminology of [STD0003][RFC2460][RFC2461][RFC3582] applies to
this document. The following additional terms are defined: this document. The following additional terms are defined:
ISATAP node: ISATAP node:
a dual-stack (IPv6/IPv4) node that implements this specification. a node that implements the specifications in this document.
ISATAP daemon:
an ISATAP node's server application that uses an ISATAP driver API
for control plane signaling and tunnel interface
configuration/management.
ISATAP driver: ISATAP driver:
an ISATAP node's network driver module that provides an engine for an ISATAP node's network driver module that provides an API for
encapsulation, decapsulation and forwarding of packets between control plane signaling and tunnel interface configuration/
tunnel interfaces and the IPv4 stack; it also implements an API management. Also provides an engine for tunneled packet
for tunnel interface management. encapsulation, decapsulation and forwarding.
ISATAP server daemon: logical interface:
an ISATAP node's process that sends/receives tunnel configuration an IPv6 address or a configured tunnel interface associated with
control plane messages, and configures/manages tunnel interfaces an ISATAP interface.
via the ISATAP driver API; often will be the same server daemon
used for IPv6 neighbor/router discovery.
ISATAP interface: ISATAP interface:
an ISATAP node's point-to-multipoint IPv6 interface used for an ISATAP node's point-to-multipoint IPv6 interface for automatic
IPv6-in-IPv4 tunneling of control plane traffic; may also be used IPv6-in-IPv4 tunneling. Provides a control plane interface for the
to carry data plane traffic in some deployments scenarios, e.g., ISATAP daemon and a user plane nexus for its associated logical
certain enterprise networks. interfaces.
ISATAP interface identifier: ISATAP interface identifier:
an IPv6 interface identifier with an embedded IPv4 address an IPv6 interface identifier with an embedded IPv4 address
constructed as specified in Section 6.1. constructed as specified in section 6.1.
ISATAP address: ISATAP address:
an IPv6 unicast address assigned to an ISATAP interface with an an IPv6 unicast address assigned on an ISATAP interface with an
on-link prefix and an ISATAP interface identifier. on-link prefix and an ISATAP interface identifier.
4. Model of Operation locator:
an IPv4 address-to-interface mapping, i.e., a node's IPv4 address
and the index for it's associated interface.
locator set:
a set of locators associated with a tunnel interface, where each
locator in the set belongs to the same site.
4. ISATAP Conceptual Model
ISATAP nodes typically act as a host on some interfaces and as a
router on other interfaces; the distinction between host and router
is made per advertising interface.
ISATAP interfaces provide a point-to-multipoint abstraction for ISATAP interfaces provide a point-to-multipoint abstraction for
IPv6-in-IPv4 tunneling. They are commonly used as a nexus for IPv6-in-IPv4 tunneling. They provide a user plane nexus for tunneling
automatic configuration of point-to-point tunnels via tunnel packets on behalf of their associated logical interfaces. They also
configuration control plane messages (e.g., IPv6 Neighbor Discovery provide a control plane interface for tunnel configuration signaling
and other ICMPv6 messages). For each tunneled packet received, the between the ISATAP daemon and prospective peers (e.g., via IPv6
node's ISATAP driver examines a local forwarding table to determine Neighbor Discovery messages, DNS queries, etc.).
the correct interface to receive the packet after decapsulation. It
forwards tunnel configuration control plane messages via an ISATAP
interface to the node's ISATAP server daemon, and forwards data
messages to applications via configured tunnel interfaces based on a
specific match for the encapsulating IPv4 source address.
The ISATAP server daemon sends and receives control plane messages, The ISATAP driver sends tunneled packets via the node's IPv4 stack
and configures/manages tunnels via the ISATAP driver API. Each such according to the sending interface's encapsulation parameters. It
configured tunnel provides a nexus for multiplexing one or more also determines the correct interface to receive each tunneled packet
applications between the remote and local tunnel endpoints using IPv6 after decapsulation via a forwarding table lookup.
addresses as application identifiers. Each such application
identifier provides a nexus for multiplexing one or more sessions. In The ISATAP daemon configures and manages tunnels via an ISATAP driver
summary, each configured tunnel provides a single point-to-point API. Each such configured tunnel provides a nexus for multiple
connection between peers that can be used to carry multiple applications using IPv6 addresses as application identifiers. Each
applications and multiple instances of each application. such application identifier provides a nexus for multiple sessions.
In summary, each configured tunnel provides a point-to-point
connection between peers that can support multiple applications and
multiple instances of each application.
5. Node Requirements 5. Node Requirements
Nodes that use this specification implement the common functionality ISATAP nodes implement the common functionality required by [NODEREQ]
required by [NODEREQ] as well as the additional features specified in as well as the additional features specified in this document.
this document.
6. Addressing Requirements 6. Addressing Requirements
6.1 ISATAP Interface Identifiers 6.1 ISATAP Interface Identifiers
ISATAP interface identifiers are constructed in Modified EUI-64 ISATAP interface identifiers are constructed in Modified EUI-64
format as specified in ([ADDR-ARCH], section 2.5.1). They are formed format ([ADDR], appendix A). They are formed by concatenating the
by appending a 32-bit IPv4 address to the 32-bit leading token 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a
'0000:5EFE', then setting the universal/local ("u") bit as follows: 32-bit IPv4 address in network byte order ([AUTH], section 3.4).
When the IPv4 address is known to be globally unique, the "u" bit is The format for ISATAP interface identifiers is given below (where 'u'
set to 1 and the leading token becomes '0200:5EFE'. When the IPv4 is the IEEE univeral/local bit, 'g' is the IEEE group/individual bit,
address is from a private allocation or not otherwise known to be and the 'm' bits represent the concatenated IPv4 address):
globally unique, the "u" bit is set to 0 and the leading token
remains as '0000:5EFE'. See: Appendix B for additional non-normative
details.
6.2 ISATAP Addresses |0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+----------------+
Any IPv6 unicast address ([ADDR-ARCH], section 2.5) that has an When the IPv4 address is known to be globally unique, the 'u' bit is
ISATAP interface identifier and an on-link prefix on an ISATAP set to 1; otherwise, the 'u' bit is set to 0 ([ADDR], section 2.5.1).
interface is considered an ISATAP address. ISATAP addresses are See: Appendix D for additional non-normative details.
constructed as follows:
| 64 bits | 32 bits | 32 bits | 6.2 ISATAP Addresses
+------------------------------+---------------+----------------+
| prefix | 000[0/2]:5EFE | IPv4 Address | Any IPv6 unicast address ([ADDR], section 2.5) that contains an
+------------------------------+---------------+----------------+ ISATAP interface identifier constructed as specified in section 6.1
and an on-link prefix on an ISATAP interface is considered an ISATAP
address.
6.3 Multicast/Anycast 6.3 Multicast/Anycast
ISATAP interfaces recognize a node's required IPv6 multicast/anycast ISATAP interfaces recognize a node's required IPv6 multicast/anycast
addresses ([ADDR-ARCH], section 2.8). addresses ([ADDR], section 2.8).
Section 8.2 discusses encapsulation for multicast/anycast packets. For IPv6 multicast addresses of interest to local applications,
ISATAP nodes join the corresponding Organization-Local Scope IPv4
multicast groups ([RFC2529], section 6) on each interface that
appears in an ISATAP interface's locator set (see: section 7.2).
IPv6 multicast addresses of interest include a node's required
multicast addresses, the 'All_DHCP_Relay_Agents_and_Servers' and
'All_DHCP_Servers' multicast addresses (i.e., if the node is
configured as a DHCPv6 server [RFC3315][RFC3633]), multicast
addresses discovered via MLD [RFC2710], etc.
Considerations for IPv6 anycast appear in [ANYCAST].
6.4 Source/Target Link Layer Address Options 6.4 Source/Target Link Layer Address Options
Source/Target Link Layer Address Options ([RFC2461], section 4.6.1) Source/Target Link Layer Address Options ([RFC2461], section 4.6.1)
for ISATAP have the following format: for ISATAP have the following format:
+-------+-------+-------+-------+-------+-------+-------+--------+ +-------+-------+-------+-------+-------+-------+-------+--------+
| Type |Length | 0 | 0 | IPv4 Address | | Type |Length | 0 | 0 | IPv4 Address |
+-------+-------+-------+-------+-------+-------+-------+--------+ +-------+-------+-------+-------+-------+-------+-------+--------+
Type: Type:
1 for Source Link-layer address. 1 for Source Link-layer address. 2 for Target Link-layer address.
2 for Target Link-layer address.
Length: Length:
1 (in units of 8 octets). 1 (in units of 8 octets).
IPv4 Address: IPv4 Address:
A 32 bit IPv4 address, in network byte order ([RFC2223bis], A 32 bit IPv4 address, in network byte order ([AUTH], section
section 3.4). 3.4).
ISATAP nodes use the specifications in ([MECH], section 3.8) that
pertain to sending and receiving Source/Target Link Layer Address
Options.
7. Configuration and Management Requirements 7. Configuration and Management Requirements
7.1 Network Management 7.1 Network Management
ISATAP nodes MAY support network management; ISATAP nodes that ISATAP nodes MAY support network management; those that do SHOULD
support network management SHOULD support the following MIBs: support the following MIBs: [FTMIB][IPMIB][TUNMIB][TCPMIB][UDPMIB].
[FTMIB][IPMIB][TUNNELMIB]. The configuration objects cited throughout
the remainder of this document were selected to match the names of
MIB objects. ISATAP nodes that do not support network management MAY
choose their own local representation of these objects.
7.2 ISATAP Driver API
The ISATAP driver provides an API for tunnel interface configuration
and management that may be accessed by processes running on the
ISATAP node, e.g., startup scripts, manual command line entry, kernel
processes, ISATAP server daemons, etc. Access MUST be restricted to
privileged users and applications. The API provides the following
primitives; operational details are given in the subsections that
follow:
'TUNNEL_CREATE':
creates a tunnel interface. Takes as parameters a tunnel
encapsulation method, parameters for setting read-write objects
for the tunnel, and a list of receive addresses to initialize a
forwarding entry in the system's ifRcvAddressTable. Returns an
index for the new tunnel interface, or a failure code.
'TUNNEL_DELETE':
deletes an existing tunnel interface. Takes as parameter an
index of the tunnel interface to be deleted. Returns success
or a failure code.
'TUNNEL_MODIFY':
adds or deletes attributes for an existing tunnel interface, and
its corresponding forwarding entry in the ifRcvAddressTable. Takes
the same list of parameters as for TUNNEL_CREATE, plus a flag that
denotes the operation (i.e., "add" or "delete"). Returns success
or a failure code.
'TUNNEL_DUP': This document defines no new MIB tables, nor extensions to any
duplicates an existing tunnel interface. Takes as parameter the existing MIB tables. Objects found in the MIBs listed above are
index of the tunnel interface to be duplicated. Returns an index supported as described in the following subsections.
for the newly-created tunnel interface, or a failure code.
'TUNNEL_GET': 7.2 The ifRcvAddressTable
copies configuration attributes from system table entries
associated with the specified tunnel interface into a user's
buffer. Takes as parameter an index of a tunnel interface.
Returns the number of system table entry data bytes written
into the application's buffer or a failure code.
7.2.1 TUNNEL_CREATE The ISATAP driver maintains ifRcvAddressTable as a bidirectional
association of locators with tunnel interfaces. Each locator in the
table includes a preferred IPv4 address-to-interface mapping (i.e., a
preferred IPv4 ipAddressEntry in the node's ipAddressTable) and a
list of associated tunnel interfaces. Each tunnel interface in the
table has a tunnelIfEntry and a list of associated locators, i.e., a
"locator set".
ISATAP drivers implement a 'TUNNEL_CREATE' primitive that provides a The ISATAP driver implements the following conceptual functions to
means for configuring the 'tunnelIfEncapsMethod', all read-write manage and search the ifRcvAddressTable:
objects associated with the 'tunnelIfEntry', and a list of receive
addresses for the tunnel which consist of an IPv4 address and an
index for the interface to which the address is assigned (i.e,. an
IPv4 address-to-interface mapping).
When a process on the ISATAP node issues 'TUNNEL_CREATE' primitive, 7.2.1 RcvTableAdd(locator, tunnel_interface)
it includes a parameter for configuring the 'tunnelIfEncapsMethod'
object, and MAY include parameters for configuring other read-write
objects in the 'tunnelIfEntry'. It MAY also include one or more
receive address parameters. (Any required configuration parameters
not included in the 'TUNNEL_CREATE' primitive are to be issued in a
subsequent 'TUNNEL_MODIFY' primitive.)
When the ISATAP driver processes a 'TUNNEL_CREATE' primitive, it
creates an entry in the 'tunnelInetConfigTable', which results in the
simultaneous creation of a 'tunnelIfEntry' in the 'tunnelIfTable' and
an 'ifEntry' in the appropriate 'ifTable'. Next, it sets the
'tunnelIfEncapsMetod' object to the 'IANAtunnelType' specified by the
primitive, and sets any other "read-write" objects in the
'tunnelIfEntry' based on parameters included.
After configuring the 'tunnelIfEntry', the driver uses each receive Creates a bidirectional association in the ifRcvAddressTable between
address parameter included to locate a preferred 'ipAddressEntry' in the locator and tunnel interface, i.e., adds the locator to the
the system's 'ipAddressTable'. It then creates an entry for the new tunnel interface's locator set and adds the tunnel interface to the
tunnel interface in the 'ifRcvAddressTable' that includes the list of locator's association list.
selected 'ipAddressEntry's, 'tunnelLocalInetAddress',
'tunnelRemoteInetAddress', 'tunnelIfEncapsMethod', and the 'ifIndex'
for the tunnel interface.
After performing the above actions, the ISATAP driver returns either Returns success or failure.
an interface index for the newly-created tunnel interface or a
failure code.
7.2.2 TUNNEL_DELETE 7.2.2 RcvTableDel(locator, tunnel_interface)
ISATAP drivers implement a 'TUNNEL_DELETE' primitive that provides a Deletes ifRcvAddressTable entries according to the locator and tunnel
means for deleting all table entries associated with a tunnel interface calling arguments as follows:
interface.
When an ISATAP node's process issues a 'TUNNEL_DELETE' primitive, it - if both arguments are NULL, garbage-collects the entire table.
includes an index for the tunnel interface returned via a previous
'TUNNEL_CREATE' or 'TUNNEL_DUP' primitive.
When the ISATAP driver processes a 'TUNNEL_DELETE' primitive, it - if both arguments are non-NULL, deletes the locator from the
locates the 'tunnelInetConfigEntry' for the tunnel interface based on tunnel interface's locator set and deletes the tunnel interface
the interface index parameter and deletes the entry from the from the locator's association list.
'tunnelInetConfigTable'. This has the result of simultaneously
deleting the 'tunnelIfEntry' and 'ifEntry' from their respective
tables. The driver also removes the corresponding forwarding table
entry for the tunnel interface from the 'ifRcvAddressTable'.
After performing the above actions, the ISATAP driver returns either - if the locator is non-NULL and tunnel interface is NULL, deletes
success or a failure code. the locator from the locator sets of all tunnel interfaces.
7.2.3 TUNNEL_MODIFY - if the locator is NULL and the tunnel interface is non-NULL,
deletes the tunnel interface from the association lists of all
locators.
ISATAP drivers implement a 'TUNNEL_MODIFY' primitive that provides a Returns success or failure.
means for modifying all read-write objects associated with the
'tunnelIfEntry' and for adding or deleting entries from the list of
receive addresses for the tunnel. The primitive also provides a flag
for specifying whether the desired operation is "add" or "delete".
(For vector objects, the "add"/"delete" operations have the meaning 7.2.3 RcvTableLocate(packet)
intended by their names; for scalar objects, the ISATAP driver
interprets an "add" operation as: "change to new value" and a
"delete" operation as: "reset to default".)
When an ISATAP node's process issues a 'TUNNEL_MODIFY' primitive, it Searches the ifRcvAddressTable to locate the correct tunnel interface
includes an index for the tunnel interface returned via a previous to decapsulate a packet. First, determines the locator that matches
'TUNNEL_CREATE' or 'TUNNEL_DUP' primitive, and also includes a flag the packet's IPv4 destination address and ifIndex for the interface
that specifies "add" or delete". It MAY include one or more parameter the packet arrived on. Next, checks each tunnel interface in the
for configuring read-write objects in the 'tunnelIfEntry' and MAY locator's association list for an exact match of tunnelIfEncapsMethod
also include one or more receive address (formatted as for with the packet's encapsulation type and an exact match of
'TUNNEL_CREATE'). tunnelIfRemoteInetAddress with the packet's IPv4 source address.
When the ISATAP driver processes a 'TUNNEL_MODIFY' primitive, it If there is no match on the packet's IPv4 source address, a tunnel
locates the correct 'tunnelIfEntry' for the interface index parameter interface with a matching tunnelIfEncapsMethod and with
and modifies objects for the entry based on any included parameters. tunnelIfRemoteInetAddress set to 0.0.0.0 is selected. If there are
If one or more receive address parameters are included, the driver multiple matches, a tunnel interface with tunnelIfLocalInetAddress
also adds or deletes receive addresses from the forwarding table that matches the packet's IPv4 destination address is preferred.
entry in the 'ifRcvAddressTable' corresponding to the
'tunnelIfEntry'. If no parameters are included, the result is a
NO-OP.
After performing the above actions, the ISATAP driver returns either Returns a pointer to a tunnel interface if a match is found; else
success or a failure code. NULL.
7.2.4 TUNNEL_DUP 7.3 ISATAP Driver API
ISATAP drivers implement a 'TUNNEL_DUP' primitive that creates a new The ISATAP driver implements an API for calling processes, e.g.,
tunnel interface by duplicating a set of system table entries from an ISATAP daemons, startup scripts, manual command line entry, kernel
existing tunnel interface. processes, etc. Access MUST be restricted to privileged users and
applications. The API provides primitives for sending/receiving
control plane messages as well as creating, deleting, modifying, and
otherwise managing tunnel interfaces. An example (i.e., non-
normative) API is given in Appendix B.
When a user application or a system process issues a 'TUNNEL_MODIFY' 7.4 ISATAP Interface Creation/Configuration
primitive, it includes an index for the tunnel interface to be
duplicated from a previous 'TUNNEL_CREATE' or 'TUNNEL_DUP' primitive.
When the ISATAP driver processes a 'TUNNEL_DUP' primitive, it creates ISATAP interfaces are created via the tunnelIfConfigTable, which
a new entry in the 'tunnelInetConfigTable' exactly as for results in simultaneous creation of a tunnelIfEntry and a companion
'TUNNEL_CREATE' (see: Section 7.2.1). Next, it locates the ipv6InterfaceEntry. Each ISATAP interface configures a locator set,
'tunnelIfEntry' and 'ifEntry' for the tunnel interface to be where each locator in the set represents an IPv4 address-to-
duplicated and copies all attributes from those objects into the interface mapping for the same site (or, represents a mapping that is
newly-created 'tunnelIfEntry' and 'ifEntry'. The driver also creates routable on the global Internet). An ISATAP interface MUST NOT
a duplicate forwarding table entry in the 'ifRcvAddressTable' using configure a locator set that spans multiple sites.
the existing entry identified by the interface index parameter as a
prototype, then sets the newly-created forwarding entry's index to
the 'ifIndex' for the newly-created tunnel interface.
After performing the above actions, the ISATAP driver returns either ISATAP interfaces configure the following objects in tunnelIfEntry:
an interface index for the newly-created tunnel interface or a
failure code.
7.2.5 TUNNEL_GET - tunnelIfEncapsMethod is set to an IANATunnelType for "isatap".
To aid network administrators, ISATAP drivers SHOULD implement a - tunnelIfLocalInetAddress is set to an IPv4 address from the
'TUNNEL_GET' primitive that returns the current configuration of all interface's locator set.
tables in the system associated with the specified tunnel interface.
When a user application issues a 'TUNNEL_GET' primitive, it includes - tunnelIfRemoteInetAddress is set to 0.0.0.0 to denote wildcard
an index for a tunnel interface from a previous 'TUNNEL_CREATE' or match for remote tunnel endpoints.
'TUNNEL_DUP' primitive, a pointer to a character buffer to receive
the configuration information, and an integer indicating the
available space in the buffer.
When the ISATAP driver processes a 'TUNNEL_GET' primitive, it - other read-write objects in the tunnelIfEntry are configured as
prepares a character string that includes the concatenation of the for any tunnel interface.
'tunnelIfEntry' and the 'ifRcvAddressTable' entry for the tunnel
interface identified by the index parameter. (The 'ifEntry' is not
concatenated, since its contents may be examined via primitives from
other APIs.) Next, the driver copies the character string to the
server daemon's character buffer up to the specified available buffer
space.
After performing the above actions, the ISATAP driver returns either ISATAP interfaces also configure the following objects in
the number of bytes copied or a failure code (to include a code that ipv6InterfaceEntry:
indicates "operation not supported").
7.3 ISATAP Interface Configuration - ipv6InterfaceType is set to "tunnel".
ISATAP interfaces are normally configured by an ISATAP node's system - ipv6InterfacePhysicalAddress is set to an octet string of zero
startup scripts or via manual configuration, but may also be created length to indicate that this IPv6 interface does not have a
by a dynamic process. When a node creates (or later modifies) an physical address.
ISATAP interface, it assigns to the interface one or more receive
address that consists of an IPv4 address and an index for the
interface to which the address is assigned (i.e,. an IPv4
address-to-interface mapping). Each receive address assigned MUST
represent a mapping for the same site (or, MUST represent a mapping
that is routable on the global Internet), i.e., the receive addresses
assigned to a single tunnel interface MUST NOT span multiple sites.
ISATAP nodes issue 'TUNNEL_CREATE' and 'TUNNEL_MODIFY' primitives for - ipv6InterfaceForwarding and, if necessary, ip6Forwarding for the
ISATAP interfaces the same as for any tunnel interface; node are set to "forwarding".
'TUNNEL_CREATE' primitives include a parameter to set
'tunnelIfEncapsMethod' to an 'IANATunnelType' code for "isatap". A
'TUNNEL_CREATE' or 'TUNNEL_MODIFY' primitive that includes parameters
to set 'tunnelIfLocalInetAddress' to an IPv4 address that will be
used as one of the interface's receive addresses, and
'tunnelIfRemoteInetAddress' to 0.0.0.0 to denote wildcard match for
remote tunnel endpoints SHOULD be issued before the IPv6 interface
associated with the tunnel interface is enabled (see below).
When an ISATAP interface is created, the ISATAP driver also creates - other read-write objects in ipv6InterfaceEntry are configured as
an 'ipv6InterfaceEntry' as the companion 'ifEntry' to the for any IPv6 interface.
'tunnelIfEntry'. After setting the required objects in the
'tunnelIfEntry' (see above), the ISATAP node configures objects in
the 'ipv6InterfaceEntry' for an ISATAP interface the same as for any
IPv6 interface. For ISATAP interfaces (and other tunnel interfaces
that use IPv4 as a link layer for IPv6 ), the node sets the
'ipv6InterfaceType' object to "tunnel". Next, the node sets the
'ipv6InterfacePhysicalAddress' object to an IPv4 address that will be
used as one of the tunnel interface's receive addresses; this object
MUST be formatted as a 4-octet entity containing an IPv4 address in
network byte order ([RFC2223bis], section 3.4). The node next sets
the 'ipv6ScopeZoneIndexLinkLocal' object to a zone index identifier
that denotes the site for which the tunnel interface's receive
addresses are valid. Finally, the node configures all other required
read-write parameters in the 'ipv6InterfaceEntry' as for any IPv6
interface, and sets 'ipv6InterfaceAdminStatus' to "up".
After configuring the ISATAP interface, the node sets the interface's Finally, an ipv6RouterAdvertEntry for the ISATAP interface is created
'ipv6InterfaceForwarding' object (and, if necessary, the node's in ipv6RouterAdvertTable and its ipv6RouterAdvertIfIndex object is
'ip6Forwarding' object) to "forwarding". The node also creates an set to the same value as ipv6InterfaceIfIndex. Other objects in
'ipv6RouterAdvertEntry' in the 'ipv6RouterAdvertTable' and sets the ipv6RouterAdvertEntry are configured as for any IPv6 router.
'ipv6RouterAdvertIfIndex' object to the same value as
'ipv6InterfaceIfIndex'. Objects in the 'ipv6RouterAdvertEntry' for an
ISATAP interface are configured as for any IPv6 router, however
'ipv6RouterAdvertLinkMTU' SHOULD NOT be set to a value other than 0
unless the ISATAP driver will monitor the IPv4 reassembly cache and
report fragmentation of tunneled packets to the source by sending
IPv6 Router Advertisements with MTU options (see: Section 8.3).
Configuration of objects relating to IPv6 forwarding is normally
managed by the ISATAP server daemon.
7.4 Dynamic Creation of Configured Tunnels 7.5 Dynamic Creation of Configured Tunnels
Configured tunnels are normally created through ISATAP driver API Configured tunnels are normally created by the ISATAP daemon in
calls issued by an ISATAP server daemon in dynamic response to a dynamic response to a tunnel creation request. Configured tunnel
tunnel creation request. Configured tunnel interfaces are created as interfaces are configured as for ISATAP interfaces (see: section
for ISATAP interfaces (see: Section 7.3), except that the 7.4), except that tunnelIfRemoteInetAddress is normally set to a
'tunnelIfRemoteInetAddress' for the new entry is normally set to a
specific IPv4 address for a remote node at the far end of the tunnel, specific IPv4 address for a remote node at the far end of the tunnel,
i.e., configured tunnels are normally configured as point-to-point. i.e., configured tunnels are normally configured as point-to-point.
As for ISATAP interfaces, configured tunnels MUST NOT select a list Also, tunnelIfEncapsMethod for the new entry is set to an
of receive address mappings that span multiple sites. IANATunnelType appropriate for the method of encapsulation.
Processes that create configured tunnels may find the 'TUNNEL_DUP' Configured tunnels MAY be "bound" to an ISATAP interface such that
primitive useful (and, in some cases essential) for reducing they inherit the ISATAP interface's locator set, e.g., for ease of
administrative complexity. An ISATAP interface may be used as the management and to avoid misconfigurations.
prototype for the 'TUNNEL_DUP' primitive; the configured tunnel
interface inherits the attributes of the ISATAP interface, including
the forwarding table entry in the system's 'ifRecvAddressTable'.
After creating a configured tunnel via the 'TUNNEL_DUP' primitive,
the process uses the 'TUNNEL_MODIFY' primitive to modify specific
attributes.
7.5 Reconfigurations Due to IPv4 Address Changes Configured tunnels MAY also be created as independent entities and
configure their own locator set, but (as for ISATAP interfaces) they
MUST NOT configure a locator set that spans multiple sites.
When an 'ipAddressEntry' becomes deprecated (e.g., when an IPv4 7.6 Reconfigurations Due to IPv4 Address Changes
address is removed from an IPv4 interface) the 'ipAddressEntry' MUST
be removed from all forwarding entries in the 'ifRcvAddressTable' When a locator becomes deprecated (e.g., when an IPv4 address is
that referenced it. Also, all 'tunnelIfEntry's that used removed from an IPv4 interface) the locator SHOULD be removed from
'ipAddressAddr' as 'tunnelIfLocalInetAddress' and all tunnel interface associations via RcvTableDel(locator, NULL).
'ipv6InterfaceEntry's that used 'ipAddressAddr' as Also, all tunnel interfaces that used the deprecated IPv4 address as
'ipv6InterfacePhysicalAddress' MUST select a different IPv4 address tunnelIfLocalInetAddress SHOULD configure a different local IPv4
for those objects from their remaining list of receive addresses. address from their remaining locator set.
Methods for triggering the mandatory changes are implementor's
choice.
When a new IPv4 address is added to an IPv4 interface, the node MAY When a new IPv4 address is added to an IPv4 interface, the node MAY
add the new 'ipAddressEntry' to the list of receive addresses for add the corresponding new locator to the locator set for one or more
forwarding entries in 'ifRcvAddressTable', and MAY set tunnel interfaces via RcvTableAdd(locator, tunnel_interface), and MAY
'tunnelIfLocalInetAddress' and/or 'ipv6InterfacePhysicalAddress' for set tunnelIfLocalInetAddress for tunnel interfaces referenced by the
interfaces referenced by the updated forwarding entries to the new updated forwarding entries to the new address.
address.
Methods for triggering the above changes, and for communicating IPv4
address changes to remote nodes, are out of scope.
8. Automatic Tunneling 8. Automatic Tunneling
ISATAP nodes use the basic tunneling mechanisms specified in [MECH]. ISATAP nodes use the basic tunneling mechanisms specified in [MECH].
The following additional specifications are used for ISATAP: The following additional specifications are also used:
8.1 Encapsulation 8.1 Encapsulation
The ISATAP driver is responsible for inserting the outermost IPv4 The ISATAP driver encapsulates IPv6 packets in IPv4 using various
encapsulating header for all tunneled packets. Tunnel interfaces that encapsulation methods, including ip-protocol-41 (e.g., 6over4
use various encapsulation methods (e.g., 6over4 [RFC2529], 6to4 [RFC2529], 6to4 [RFC3056], IPv6-in-IPv4 configured tunnels [MECH],
[RFC3056], teredo, IP encapsulation within IP [RFC2003], minimal isatap, etc.), UDP [STD0006] port 3544, and others.
encapsulation within IP [RFC2004], basic IPv6-in-IPv4 encapsulation
[MECH], ISATAP encapsulation itself, etc.) can all be configured as
encapsulation clients of the ISATAP driver.
The ISATAP driver performs AH [RFC2402] and ESP [RFC2406] processing AH [RFC2402] and/or ESP [RFC2406] processing and header compression
for tunnels that use IPsec, and may also perform header compression for the packet's inner headers are performed prior to encapsulation.
prior to encapsulation.
8.2 Multicast/Anycast 8.1.1 NAT Traversal
ISATAP interfaces tunnel only those packets with IPv6 multicast/ Native IPv6 and/or ip-protocol-41 encapsulation provides sufficient
anycast destinations to include a node's required multicast/anycast functionality to support peer-to-peer communications when both peers
addresses, the 'All_DHCP_Relay_Agents_and_Servers' and reside within the same site (i.e., the same enterprise network). When
'All_DHCP_Servers' multicast addresses [RFC3315] and multicast the remote peer resides within a different site, NAT traversal via
addresses discovered via MLD [RFC2710]. Packets with unrecognized UDP/IPv4 encapsulation MAY be necessary.
IPv6 multicast/anycast destinations are silently dropped.
ISATAP interfaces automatically tunnel IPv6 multicast packets with When an ISATAP node determines that NAT traversal is necessary to
the 'All_DHCP_Relay_Agents_and_Servers' and 'All_DHCP_Servers' using reach a particular peer, it encapsulates IPv6 packets using UDP/IPv4
the IPv4 'all hosts' broadcast address (i.e., 0xffffffff broadcast encapsulation with a UDP destination port of 3544. This determination
address) as the destination address in the encapsulating IPv4 header may come through, e.g., first attempting communications via ip-
under the assumption that DHCPv6 servers will be co-located with protocol-41 then failing over to UDP/IPv4 port 3544 encapsulation,
DHCPv4 servers. administrative knowledge that a NAT traversal will occur along the
path, etc.
For other IPv6 multicast destinations, ISATAP interfaces When UDP/IPv4 port 3544 encapsulation is used, the specifications in
automatically tunnel packets using a mapped Organization-Local Scope this document apply the same as for any form of encapsulation
IPv4 multicast address ([RFC2529], section 6) as the destination supported by ISATAP.
address in the encapsulating IPv4 header. ISATAP nodes join the
Organization-Local Scope IPv4 multicast groups required to support
IPv6 Neighbor Discovery ([RFC2529], Appendix A) on interfaces that
may receive IPv4 packets to be forwarded to an ISATAP interface.
NOTE: When the ISATAP node enables one or more 6over4 interfaces 8.1.2 Multicast
[RFC2529], the 6over4 interfaces MAY be used (i.e., instead of ISATAP
interfaces) for sending and receiving multicast packets.
8.3 Tunnel MTU and Fragmentation ISATAP interfaces encapsulate packets with IPv6 multicast destination
addresses using a mapped Organization-Local Scope IPv4 multicast
address ([RFC2529], section 6) as the destination address in the
encapsulating IPv4 header.
The specification in ([MECH], section 3.2) is not used; the 8.2 Tunnel MTU and Fragmentation
specification in this section is used instead:
ISATAP interfaces set a static MTU of 1280 bytes, i.e., the minimum Encapsulated packets may incur host-based IPv4 fragmentation, e.g.,
MTU for IPv6 interfaces ([RFC2460], section 5) and do not set the when the underlying physical link has a small IPv4 MTU [BCP0048]. In
Don't Fragment bit in the encapsulating IPv4 headers of tunneled such cases, host-based IPv4 fragmentation is required to satisfy the
packets. ISATAP interfaces MAY provide a configuration knob for 1280 byte IPv6 minimum MTU, and is not considered harmful [FRAG]. On
setting a larger MTU, but larger MTUs MUST NOT be configured other the other hand, unmitigated IPv4 fragmentation caused by the network
than for certain constrained deployments, e.g., in some enterprise can cause poor performance. For example, since the minimum IPv4
networks). Interfaces that may receive IPv4 packets to be forwarded fragment size is only 8 bytes [STD0005], network middleboxes could
to an ISATAP interface SHOULD configure an Effective MTU to Receive shred a 1280 byte tunneled packet into as many as 160 IPv4 fragments.
(EMTU_R) [RFC1122], section 3.3.2) of at least 1500 bytes, i.e., they
SHOULD be able to reassemble IPv4 packets of 1500 bytes or larger.
1280 bytes was chosen as the IPv6 interface minimum MTU [DEERING97] ISATAP uses the MTU and fragmentation specifications in ([MECH],
to allow extra room for link layer encapsulations without exceeding section 3.2) and the Maximum Reassembly Unit (MRU) specifications in
the Ethernet MTU of 1500 bytes, i.e., the practical physical cell ([MECH], section 3.6), which provide sufficient measures for avoiding
size of the Internet. The 1280 byte MTU provides a fixed upper bound excessive IPv4 fragmentation in certain controlled environments
for the size of IPv6 packets/fragments with a maximum (e.g., 3GPP operator networks, enterprise networks, etc). To minimize
store-and-forward delay budget of ~1 second assuming worst-case link IPv4 fragmentation and improve performance in general use case
speeds of ~10Kbps [RFC3150], thus allowing a convenient value for use scenarios, ISATAP nodes SHOULD add the following simple
in reassembly buffer timer settings. Finally, the 1280 byte MTU instrumentation to the IPv4 reassembly cache:
allows transport connections (e.g., TCP) to configure a large-enough
maximum segment size for improved performance even if the IPv4
interface that will send the tunneled packets uses a smaller MTU.
When the size of the IPv6 destination's receive buffer is known, When the initial fragment of an encapsulated packet arrives, the
applications MAY send IPv6 packets up to that size using IPv6 packet's IPv4 reassembly timer is set to 1 second (i.e., the worst
fragmentation (or, fragmentation via an alternate form of case store-and-forward delay budget for a 1280 byte packet). If an
encapsulation) with a maximum fragment size that is no larger than encapsulated packet's IPv4 reassembly timer expires:
the minimum of the MTU of the IPv4 interface used for tunneling and
1280 bytes. Even so, IPv4 fragmentation MAY still occur along some
paths; in particular, since the minimum IPv4 fragment size is only 8
bytes ([RFC0791], section 2), middleboxes with unusual
implementations of IPv4 fragmentation could shatter the tunneled
packets into as many as 187 IPv4 fragments to accommodate a 1500 byte
IPv4 packet. Such sustained bursts of small packets could result in
poor performance due to increased loss probability on paths with
non-negligible packet loss due to, e.g., link errors, congested
router queues, etc.
Therefore, ISATAP nodes that anticipate or experience poor - If enough contiguous leading bytes of the packet have arrived
performance along some paths MAY choose to adaptively vary the (see: section 8.6), reassemble the packet from all fragments
maximum size for the packets/fragments they send. For example, received. (Otherwise, garbage-collect the reassembly buffer and
implementations may choose to employ a "fragment size slow start" return from processing.) During reassembly, copy zero-filled or,
scheme that begins with as little as 8 bytes (i.e., the minimum IPv4 heuristically-chosen replacement data bytes in place of any
fragment size) and varies the size of the fragments using, e.g., an missing fragments.
additive-increase, multiplicative-decrease strategy to determine the
size that yields the best performance. The process can be made to
converge more quickly when next-hop IPv6 routers are configured to
send Router Advertisements with MTU options when they experience IPv4
fragmentation, since the sender is made aware that fragmentation is
occurring, and the MTU option can be used to return the size of the
largest IPv4 fragment observed which may help the sender determine
the optimal fragment size.
Since many nodes are expected to implement this specification, an - Mark the packet as "INCOMPLETE", and also mark it with a
overall increase in small packets in the Internet may occur as more "TOTAL_BYTES" length that encodes the total number of data bytes
nodes with tunnel interfaces implement schemes such as the one in fragments that arrived.
described above to avoid IPv4 fragmentation-related performance
issues. For this reason, network equipment manufacturers and network
administrators are encouraged to observe the Recommendations on Queue
Management and Congestion Avoidance in the Internet [RFC2309]. In
particular, byte mode queue averaging for RED is encouraged.
With reference to the above, it is RECOMMENDED that ISATAP nodes use - Deliver the packet to the ISATAP driver as though reassembly had
adaptive techniques to minimize IPv4 fragmentation and use IPv6 succeeded.
fragmentation/reassembly (or, fragmentation/reassembly via an
alternate form of encapsulation) to manage the size of the tunneled
packets they send. It is also RECOMMENDED that ISATAP nodes monitor
the IPv4 reassembly cache in order to give early indications of IPv4
network fragmentation by sending Router Advertisements with MTU
options to the source of the IPv4 fragments. The MTU options should
include a value to indicate the size of the largest packet that can
be expected to arrive without incurring IPv4 fragmentation. Finally,
it is RECOMMENDED that ISATAP nodes set small timeout values, e.g. 1
second, for IPv4 reassembly of tunneled packets.
8.4 Handling IPv4 ICMP Errors - Do not send an ICMPv4 "time exceeded" message [STD0005].
Appendix C provides informative text on the derivation of the 1280
byte IPv6 minimum MTU.
8.3 Handling ICMPv4 Errors
ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4 ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4
errors as link-specific information indicating that a path to a errors as link-specific information indicating that a path to a
neighbor may have failed ([RFC2461], section 7.3.3). neighbor may have failed ([RFC2461], section 7.3.3).
8.5 Link-Local Addresses 8.4 Link-Local Addresses
The specification in ([MECH], section 3.7) is not used; the ISATAP interfaces use link local addresses constructed as specified
specification in Section 6.1 of this document is used instead. in section 6.1 of this document.
8.6 Neighbor Discovery over Tunnels 8.5 Neighbor Discovery over Tunnels
The specification in ([MECH], section 3.8) is not used; the The specification in ([MECH], section 3.8) is used; the additional
specification in Section 9 of this document is used instead. specification for neighbor discovery in section 9 of this document
are also used.
8.7 Decapsulation/Filtering 8.6 Decapsulation/Filtering
ISATAP nodes arrange for the ISATAP driver to received all tunneled ISATAP nodes typically arrange for the ISATAP driver to receive all
packets that use an IPv4 header as the outermost layer of IPv4-encapsulated IPv6 packets that are addressed to one of the
encapsulation. Examples include ip-protocol-41 (6to4, 6over4, isatap, node's IPv4 addresses. Examples include ip-protocol-41 (e.g., 6to4,
etc.), ip-protocol-4 (IP encapsulation within IP, minimal 6over4, configured tunnels, isatap, etc.), UDP/IPv4 port 3544, and
encapsulation within IP, etc.), UDP port 3544 (teredo, etc.) and others. The ISATAP driver uses the decapsulation and filtering
others. The ISATAP driver determines the correct tunnel interface to specifications in ([MECH], section 3.6), and processes each packet
receive each packet via a lookup in the 'ifRcvAdddressTable' for the according to the following steps:
packet's IPv4 source address, destination address, an index for the
receiving IPv4 interface and the type of encapsulation. Packets for
which the correct tunnel interface cannot be determined are silently
discarded.
After determining the correct tunnel interface, the ISATAP driver 1. Locate the correct tunnel interface to receive the packet (see:
verifies that the packet's link-layer (IPv4) source address is section 7.2.3). If not found, silently discard the packet and
correct for the network-layer (IPv6) source address. For configured return from processing.
tunnels, the IPv4 and IPv6 source addresses can be checked directly
against the configured tunnel's addresses. For ISATAP interfaces, the
packet's link-layer source address is correct if one (or more) of the
following are true:
o the network-layer source address is an ISATAP address that embeds 2. If the tunnel uses header compression, reconstitute headers. If
the link-layer source address in its interface identifier. header reconstitution fails, silently discard the packet and
return from processing.
o the network-layer source address is an IPv6 neighbor on an 3. Verify that the packet's IPv4 source address is correct for the
interface that has the same 'ipv6ScopeZoneIndexLinkLocal' as the encapsulated IPv6 source address. For packets received on a
receiving ISATAP interface. configured tunnel interface, verification is exactly as specified
in ([MECH], section 3.6).
o the link-layer source address is a member of the Potential Router For packets received on an ISATAP interface, the IPv4 source
List (see: Section 9.1). address is correct if:
Packets for which the link-layer source address is incorrect are - the IPv6 source address is an ISATAP address that embeds the
discarded and, if permitted by the current status of ICMPv6 message IPv4 source address in its interface identifier, or:
rate limiting parameters [ICMPV6], section 2.4, paragraph f), an
ICMPv6 Destination Unreachable message SHOULD be generated and sent
to the IPv6 source in the inner header of the encapsulated packet.
The error message SHOULD include only enough bytes from the invoking
packet to convey the IPv6 header information, i.e., it SHOULD NOT
include up to the minimum IPv6 MTU.
After determining the correct tunnel interface to receive the packet, - the IPv6 source address is the address of an IPv6 neighbor on
the ISATAP driver examines the IPv6 and IPv4 source addresses to an ISATAP interface associated with the locator that matched
determine whether a rewrite is required. If the IPv6 source address the packet (see: section 7.2.3), or:
is an ISATAP address with the 'u/l' and 'g' bits set to 0 (see:
Section 6.1), and the IPv4 source address does not match the IPv4
address encoded in the ISATAP interface identifier, the ISATAP driver
copies the IPv4 source address over the IPv4 address embedded in the
IPv6 address and sets the 'u/l' bit to 1. Other forms of rewrites
(e.g., rewrites for multicast rendezvous points based on the 'u' and
'g' bit) MAY be specified in other documents.
Next, the ISATAP driver discards the encapsulating IPv4 header and - the IPv4 source address is a member of the Potential Router
locates any existing host-pair information, e.g., via the IPv6 Flow List (see: section 9.1).
Label [FLOW]. Then:
o If header compression is indicated, the packet's inner header(s) If the IPv4 source address is incorrect, silently discard the
are reconstituted. packet and return from processing.
o If a security association is indicated, AH [RFC2402] or ESP 4. Perform IPv4 ingress filtering (optional; disabled by default)
[RFC2406] processing is applied. then decapsulate the packet. If the IPv6 source address is
invalid (see: [MECH], section 3.6), silently discard the packet
and return from processing.
o If the packet is a fragment, it is placed in a buffer for For UDP port 3544 packets received on an ISATAP interface, if the
reassembly. The buffer may be, e.g., the IPv6 reassembly cache, an IPv6 source address is an ISATAP link local address with the 'u'
application's own data buffer [RFC3542], etc. bit set to 0 and an embedded IPv4 address that does not match the
IPv4 source address (see: section 6), rewrite the IPv6 source
address to inform upper layers of the sender's mapped UDP port
number and IPv4 source address. Specific rules for rewriting the
IPv6 source address are established during ISATAP interface
configuration.
Finally, when a whole packet has been received, it is delivered to Next, discard encapsulating headers and continue processing the
the correct tunnel interface. If there is clear evidence that encapsulated IPv6 packet.
reassembly of a fragmented packet has stalled, an ICMPv6 "packet too
big" message [RFC1981] is sent to the packet's source address
(subject to ICMPv6 rate-limiting) with an MTU value indicating a size
that is likely to incur successful reassembly.
9. Neighbor Discovery 5. Perform ingress filtering on the IPv6 source address (see:
[MECH], section 3.6). Next, determine the correct transport
protocol listener [FLOW] if the packet is destined to the
localhost; otherwise, perform an IPv6 forwarding table lookup and
site border/firewall filtering (see: [UNIQUE], section 6).
If the packet cannot be delivered, the driver SHOULD send an
ICMPv6 Destination Unreachable message ([RFC2463], section 3.2)
to the packet's source. The message SHOULD select as its source
address an IPv6 address from the outgoing interface (if the
packet was destined to the localhost) or an ingress-wise correct
IPv6 address from the interface that would have forwarded the
packet had it not been filtered.
The Code field of the message is set as follows:
- if there is no route to the destination, the Code field is set
to 0 (see: [RFC2463], section 3.1).
- if communication with the destination is administratively
prohibited, the Code field is set to 1 ([RFC2463], section
3.1).
- if the packet is destined to the localhost, but the transport
protocol has no listener, the Code field is set to 4
([RFC2463], section 3.1).
- if the packet's destination is beyond the scope of the source
address, the Code field is set to 2 (see: IANA
Considerations).
- if the packet was dropped due to ingress filtering policies,
the Code field is set to 5 (see: IANA Considerations).
- if the packet is dropped due to a reject route, the Code field
is set to 6 (see: IANA Considerations).
- if the packet was received on a point-to-point link and
destined to an address within a subnet assigned to that same
link, or if the reason for the failure to deliver cannot be
mapped to any of the specific conditions listed above, the
Code field is set to 3 ([RFC2463], section 3.2).
After sending the ICMPv6 Destination Unreachable message, discard
the packet and return from processing.
6. If the packet is "INCOMPLETE" (see section 8.2) send an
authenticated, unsolicited Router Advertisement message
([RFC2461], section 6.2.4) to the packet's IPv6 source address
with an MTU option that encodes "TOTAL_BYTES".
7. If the packet was destined to a remote host, forward the packet
and return from processing. Otherwise, apply AH [RFC2402] or ESP
[RFC2406] processing (if necessary), and deliver the decapsulated
packet by placing it in a buffer for upper layers. The buffer may
be, e.g., the IPv6 reassembly cache, an application's mapped data
buffer [RFC3542], etc.
If there is clear evidence that upper layer reassembly has
stalled, an ICMPv6 Packet Too Big message [RFC1981] MAY be sent
to the packet's source address with an MTU value indicating a
size that is likely to incur successful reassembly. Some
applications may realize greater efficiency by accepting partial
information from "INCOMPLETE" packets (see: section 8.2) and
requesting selective retransmission of missing portions.
9. Neighbor Discovery for ISATAP Interfaces
ISATAP nodes use the neighbor discovery mechanisms specified in ISATAP nodes use the neighbor discovery mechanisms specified in
[RFC2461] along with securing mechanisms such as [SEND] to create/ [RFC2461] along with securing mechanisms (e.g., [SEND]) to create/
change neighbor cache entries and to provide control plane signalling change neighbor cache entries and to provide control plane signaling
for automatic tunnel configuration. ISATAP interfaces also implement for automatic tunnel configuration. ISATAP interfaces also implement
the following specifications: the following specifications:
9.1 Conceptual Model Of A Host 9.1 Conceptual Model Of A Host
To the list of Conceptual Data Structures ([RFC2461], section 5.1), To the list of Conceptual Data Structures ([RFC2461], section 5.1),
ISATAP interfaces add: ISATAP interfaces add:
Potential Router List Potential Router List
A set of entries about potential routers; used to support the A set of entries about potential routers; used to support the
mechanisms specified in Section 9.2.2.1. Each entry ("PRL(i)") mechanisms specified in section 9.2.2.1. Each entry ("PRL(i)")
has an associated timer ("TIMER(i)"), and an IPv4 address has an associated timer ("TIMER(i)"), and an IPv4 address
("V4ADDR(i)") that represents a router's advertising ISATAP ("V4ADDR(i)") that represents a router's advertising ISATAP
interface. interface.
9.2 Router and Prefix Discovery 9.2 Router and Prefix Discovery
9.2.1 Router Specification 9.2.1 Router Specification
As permitted by ([RFC2461], section 6.2.6), the ISATAP server daemon As permitted by ([RFC2461], section 6.2.6), the ISATAP daemon SHOULD
SHOULD send unicast Router Advertisement messages to the soliciting send unicast Router Advertisement messages to the soliciting node's
node's address when the solicitation's source address is not the address when the solicitation's source address is not the unspecified
unspecified address. address. (Router Advertisements MAY include information delegated via
DHCPv6 [RFC3633]).
Routers MUST NOT send prefix options containing a preferred lifetime
greater than the valid lifetime.
9.2.2 Host Specification 9.2.2 Host Specification
9.2.2.1 Host Variables 9.2.2.1 Host Variables
To the list of host variables ([RFC2461], section 6.3.2), ISATAP To the list of host variables ([RFC2461], section 6.3.2), ISATAP
interfaces add: interfaces add:
PrlRefreshInterval PrlRefreshInterval
Time in seconds between successive refreshments of the PRL after Time in seconds between successive refreshments of the PRL after
skipping to change at page 17, line 49 skipping to change at page 16, line 9
9.2.2.1 Host Variables 9.2.2.1 Host Variables
To the list of host variables ([RFC2461], section 6.3.2), ISATAP To the list of host variables ([RFC2461], section 6.3.2), ISATAP
interfaces add: interfaces add:
PrlRefreshInterval PrlRefreshInterval
Time in seconds between successive refreshments of the PRL after Time in seconds between successive refreshments of the PRL after
initialization. It SHOULD be no less than 3600 seconds. The initialization. It SHOULD be no less than 3600 seconds. The
designated value of all 1's (0xffffffff) represents infinity. designated value of all 1's (0xffffffff) represents infinity.
Default: 3600 seconds Default: 3600 seconds
MinRouterSolicitInterval MinRouterSolicitInterval
Minimum time in seconds between successive solicitations of the Minimum time in seconds between successive solicitations of the
same advertising ISATAP interface. It SHOULD be no less than 900 same advertising ISATAP interface. The designated value of all 1's
seconds. The designated value of alll 1's (0xffffffff) represents (0xffffffff) represents infinity.
infinity.
Default: 900 seconds Default: 900 seconds
9.2.2.2 Interface Initialization 9.2.2.2 Potential Router List Initialization
The ISATAP node joins the all-nodes multicast address on ISATAP
interfaces, as for multicast-capable interfaces ([RFC2461], section
6.3.3) and MAY also join other multicast groups, e.g., see: Section
8.2
Additionally, the node provisions the ISATAP interface's PRL with ISATAP nodes provision an ISATAP interface's PRL with IPv4 addresses
IPv4 addresses it discovers via manual configuration, a DNS discovered via manual configuration, a DNS fully-qualified domain
fully-qualified domain name (FQDN) [RFC1035], a DHCPv4 option, a name (FQDN) [STD0013], a DHCPv4 option, a DHCPv4 vendor-specific
DHCPv4 vendor-specific option, or an unspecified alternate method. option, or an unspecified alternate method.
ISATAP nodes establish FQDNs via manual configuration or an FQDNs are established via manual configuration or an unspecified
unspecified alternate method. Nodes resolves FQDNs into IPv4 alternate method. FQDNs are resolved into IPv4 addresses through
addresses through lookup in a static host file, querying the DNS lookup in a static host file, querying the DNS service, or an
service, or an unspecified alternate method. When DNS is used, client unspecified alternate method.
resolvers use the IPv4 transport.
After the node provisions the ISATAP interface's PRL with IPv4 When the node provisions an ISATAP interface's PRL with IPv4
addresses, it sets PrlRefreshIntervalTimer to PrlRefreshInterval addresses, it sets a timer for the interface (e.g.,
seconds. The node re-initializes the PRL (i.e., as specified above) PrlRefreshIntervalTimer) to PrlRefreshInterval seconds. The node re-
when PrlRefreshIntervalTimer expires, or when an asynchronous initializes the PRL as specified above when PrlRefreshIntervalTimer
re-initialization event occurs. When the node re-initializes the PRL, expires, or when an asynchronous re-initialization event occurs. When
it resets PrlRefreshIntervalTimer to PrlRefreshInterval seconds. the node re-initializes the PRL, it resets PrlRefreshIntervalTimer to
PrlRefreshInterval seconds.
9.2.2.3 Processing Received Router Advertisements 9.2.2.3 Processing Received Router Advertisements
The ISATAP server daemon processes Router Advertisements (RAs) The ISATAP daemon processes Router Advertisements (RAs) exactly as
exactly as specified in ([RFC2461], section 6.3.4). Router specified in ([RFC2461], section 6.3.4). The DHCPv6 specification
Advertisement messages received on a point-to-point tunnel interface [RFC3315] is the stateful mechanism associated with the M and O bits.
that contain an MTU option with a value less than 1280 bytes cause
the interface to reduce its MTU to the lesser value, but Router
Advertisements received on an ISATAP interface MUST NOT cause the
ISATAP interface to reduce its MTU to a value less than 1280 bytes.
For Router Advertisement messages received on an ISATAP interface When the ISATAP daemon receives a Router Advertisement with an MTU
that include prefix options and/or non-zero values in the Router option from a router at the far end of a tunnel, it records the
Lifetime, the server daemon reset TIMER(i) to schedule the next advertised MTU value, e.g., in the node's IPv6 routing table. If the
solicitation event (see: Section 9.2.2.4). Let "MIN_LIFETIME" be the MTU value is less than the MTU of the tunnel interface, the value is
recorded in such a way that the node will perform upper layer
fragmentation (i.e., above the IPv4 link layer) to reduce the size of
the IPv4 encapsulated packets it sends via the router. The recorded
value is aged as for IPv6 path MTU information [RFC1981].
For Router Advertisement messages that include prefix options, Route
information options [DEFLT] and/or non-zero values in the Router
Lifetime, the ISATAP daemon resets TIMER(i) to schedule the next
solicitation event (see: section 9.2.2.4). Let "MIN_LIFETIME" be the
minimum value in the Router Lifetime or the lifetime(s) encoded in minimum value in the Router Lifetime or the lifetime(s) encoded in
options included in the RA message. Then, TIMER(i) is reset as options included in the RA message. Then, TIMER(i) is reset as
follows: follows:
TIMER(i) = MAX((0.5 * MIN_LIFETIME), MinRouterSolicitInterval) TIMER(i) = MAX((0.5 * MIN_LIFETIME), MinRouterSolicitInterval)
9.2.2.4 Sending Router Solicitations 9.2.2.4 Sending Router Solicitations
To the list of events after which RSs may be sent ([RFC2461], section To the list of events after which RSs may be sent ([RFC2461], section
6.3.2), ISATAP interfaces add: 6.3.2), ISATAP interfaces add:
o TIMER(i) for some PRL(i) expires. - TIMER(i) for some PRL(i) expires.
Additionally, the ISATAP server daemon MAY send Router Solicitations Router Solicitations MAY be sent to an ISATAP link-local address that
to an ISATAP link-local address that embeds V4ADDR(i) for some PRL(i) embeds V4ADDR(i) for some PRL(i) instead of the All-Routers multicast
instead of the All-Routers multicast address. address.
9.3 Address Resolution and Neighbor Unreachability Detection 9.3 Address Resolution and Neighbor Unreachability Detection
9.3.1 Address Resolution 9.3.1 Address Resolution
The specification in ([RFC2461], section 7.2) is used. ISATAP The specification in ([RFC2461], section 7.2) is used. ISATAP
addresses for which the neighbor/router's link-layer address cannot addresses for which the neighbor/router's link-layer address cannot
otherwise be determined (e.g., from a neighbor cache entry) are otherwise be determined (e.g., from a neighbor cache entry) are
resolved to link-layer addresses by a static computation, i.e., the resolved to link-layer addresses by a static computation, i.e., the
last four octets are treated as an IPv4 address. last four octets are treated as an IPv4 address.
Hosts SHOULD perform an initial reachability confirmation by sending Hosts SHOULD perform an initial reachability confirmation by sending
Neighbor Solicitation message(s) and receiving a Neighbor Neighbor Solicitation message(s) and receiving a Neighbor
Advertisement message (NS messages are sent to the target's unicast Advertisement message (NS messages are sent to the target's unicast
address). Routers MAY perform this initial reachability confirmation, address). Routers MAY perform this initial reachability confirmation,
but this might not scale in all environments. but this might not scale in all environments.
As specified in ([RFC2461], section 7.2.4), all nodes MUST send All nodes MUST send solicited Neighbor Advertisements on ISATAP
solicited Neighbor Advertisements on ISATAP interfaces. interfaces ([RFC2461], section 7.2.4).
9.3.2 Neighbor Unreachability Detection 9.3.2 Neighbor Unreachability Detection
Hosts SHOULD perform Neighbor Unreachability Detection ([RFC2461], Hosts SHOULD perform Neighbor Unreachability Detection ([RFC2461],
section 7.3). Routers MAY perform neighbor unreachability detection, section 7.3). Routers MAY perform neighbor unreachability detection,
but this might not scale in all environments. but this might not scale in all environments.
10. Other Requirements for Control Plane Signalling 10. Other Requirements for Control Plane Signaling
10.1 Node Information Queries
ISATAP nodes SHOULD implement Node Information Queries as specified
in [NIQUERY].
Node Information Queries/Responses provide the following advantages:
o the querier receives unambiguous confirmation that the responder
supports the protocol.
o the querier receives assurance that responses are coming from the 10.1 Domain Name System (DNS)
correct responder.
o the querier discovers some subset of the responder's addresses. The specifications in ([MECH], section 2.2) are used. Additional
considerations are found in [DNSOPV6].
10.2 Linklocal Multicast Name Resolution (LLMNR) 10.2 Linklocal Multicast Name Resolution (LLMNR)
ISATAP nodes SHOULD implement Link Local Multicast Name Resolution ISATAP nodes SHOULD implement Link Local Multicast Name Resolution
[LLMNR], since they will commonly be deployed in environments (e.g., [LLMNR], since they will commonly be deployed in environments (e.g.,
home networks, ad-hoc networks, etc.) with no access to a Domain Name home networks, ad-hoc networks, etc.) with no DNS service.
System (DNS) server.
11. IANA Considerations 10.3 Node Information Queries
The IANA is advised to specify construction rules for IEEE EUI-64 ISATAP nodes MAY implement Node Information Queries as specified in
addresses formed from the Organizationally Unique Identifier (OUI) [NIQUERY], since they may help the querier discover some subset of
"00-00-5E" in the IANA "ethernet-numbers" registry. The non-normative the responder's addresses.
text in Appendix B is offered as an example specification.
12. Security considerations 11. Security considerations
The security considerations in the normative references apply. The security considerations in the normative references apply; also:
Additionally, administrators MUST ensure that lists of IPv4 addresses - site border routers SHOULD install a black hole route for the IPv6
prefix FC00::/7 to insure that packets with local IPv6 destination
addresses will not be forwarded outside of the site via a default
route.
- administrators MUST ensure that lists of IPv4 addresses
representing the advertising ISATAP interfaces of PRL members are representing the advertising ISATAP interfaces of PRL members are
well maintained. well maintained.
13. Acknowledgments 12. IANA Considerations
Most of the basic ideas in this document are not original; the The IANA is instructed to specify the format for Modified EUI-64
authors acknowledge the original architects of those ideas. Portions address construction ([ADDR], Appendix A) in the IANA Ethernet
of this work were sponsored through SRI International internal Address Block. The text in Appendix D of this document is offered as
projects and government contracts. Government sponsors include Monica an example specification.
Farah-Stapleton and Russell Langan (U.S. Army CECOM ASEO), and Dr. The current version of the IANA registry for Ether Types can be
Allen Moshfegh (U.S. Office of Naval Research). SRI International accessed at http://www.iana.org/assignments/ethernet-numbers.
sponsors include Dr. Mike Frankel, J. Peter Marcotullio, Lou
Rodriguez, and Dr. Ambatipudi Sastry. The IANA is instructed to assign the new ICMPv6 code field types
found in Appendix E of this document for the ICMPv6 Destination
Unreachable message. The policy for assigning new ICMPv6 code field
types is First Come First Served, as defined in [RFC2434]. The
current version of the IANA registry for ICMPv6 type numbers can be
accessed at http://www.iana.org/assignments/icmpv6-parameters.
13. IAB Considerations
[RFC3424] ("IAB Considerations for UNilateral Self-Address Fixing
(UNSAF) Across Network Address Translation") section 4 requires that
any proposal supporting NAT traversal must explicitly address the
following considerations:
13.1 Problem Definition
The specific problem being solved is enabling IPv6 connectivity for
ISATAP nodes that are unable to communicate via ip-protocol-41 or
native IPv6.
13.2 Exit Strategy
ISATAP nodes use UDP/IPv4 encapsulation for NAT traversal as a last
resort. As soon as native IPv6 or ip-protocol-41 support becomes
available, ISATAP nodes will naturally cease using UDP/IPv4
encapsulation.
13.3 Brittleness
UDP/IPv4 encapsulation with ISATAP introduces brittleness into the
system in several ways: the discovery process assumes a certain
classification of devices based on their treatment of UDP; the
mappings need to be continuously refreshed, and addressing structure
may cause some hosts located beyond a common NAT to be unreachable
from each other.
ISATAP assumes a certain classification of devices based on their
treatment of UDP. There could be devices that would not fit into one
of these molds, and hence would be improperly classified by ISATAP.
The bindings allocated from the NAT need to be continuously
refreshed. Since the timeouts for these bindings is very
implementation specific, the refresh interval cannot easily be
determined. When the binding is not being actively used to receive
traffic, but to wait for an incoming message, the binding refresh
will needlessly consume network bandwidth.
13.4 Requirements for a Long Term Solution
The devices that implement the IPv4 NAT service should in the future
also become IPv6 routers.
14. Acknowledgments
The ideas in this document are not original, and the authors
acknowledge the original architects. Portions of this work were
sponsored through SRI International internal projects and government
contracts. Government sponsors include Monica Farah-Stapleton and
Russell Langan (U.S. Army CECOM ASEO), and Dr. Allen Moshfegh (U.S.
Office of Naval Research). SRI International sponsors include Dr.
Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi
Sastry.
The following are acknowledged for providing peer review input: Jim The following are acknowledged for providing peer review input: Jim
Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader, Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader,
Ole Troan, Vlad Yasevich. Ole Troan, Vlad Yasevich.
The following are acknowledged for their significant contributions: The following are acknowledged for their significant contributions:
Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky, Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky,
Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Pekka Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Pekka
Savola, Margaret Wasserman, Brian Zill. Savola, Margaret Wasserman, Brian Zill.
The authors acknowledge the work of Quang Nguyen [VET] under the The authors acknowledge the work of Quang Nguyen on "Virtual
guidance of Dr. Lixia Zhang that proposed very similar ideas to those Ethernet" under the guidance of Dr. Lixia Zhang that proposed very
that appear in this document. This work was first brought to the similar ideas to those that appear in this document. This work was
authors' attention on September 20, 2002. first brought to the authors' attention on September 20, 2002.
IAB considerations are the same as for Teredo.
The following individuals are acknowledged for their helpful insights The following individuals are acknowledged for their helpful insights
on path MTU discovery: Jari Arkko, Iljitsch van Beijnum, Jim Bound, on path MTU discovery: Jari Arkko, Iljitsch van Beijnum, Jim Bound,
Ralph Droms, Alain Durand, Jun-ichiro itojun Hagino, Brian Haberman, Ralph Droms, Alain Durand, Jun-ichiro itojun Hagino, Brian Haberman,
Bob Hinden, Christian Huitema, Kevin Lahey, Hakgoo Lee, Matt Mathis, Bob Hinden, Christian Huitema, Kevin Lahey, Hakgoo Lee, Matt Mathis,
Jeff Mogul, Erik Nordmark, Soohong Daniel Park, Chirayu Patel, Jeff Mogul, Erik Nordmark, Soohong Daniel Park, Chirayu Patel,
Michael Richardson, Pekka Savola, Hesham Soliman, Mark Smith, Dave Michael Richardson, Pekka Savola, Hesham Soliman, Mark Smith, Dave
Thaler, Michael Welzl, Lixia Zhang and the members of the Nokia NRC/ Thaler, Michael Welzl, Lixia Zhang and the members of the Nokia NRC/
COM Mountain View team. COM Mountain View team.
"...and I'm one step ahead of the shoe shine, "...and I'm one step ahead of the shoe shine,
Two steps away from the county line, Two steps away from the county line,
Just trying to keep my customers satisfied, Just trying to keep my customers satisfied,
Satisfi-i-ied!" - Simon and Garfunkel Satisfi-i-ied!" - Paul Simon, 1969
Normative References Appendix A. Major Changes
[ADDR-ARCH] Major changes from earlier versions to version 17:
Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", draft-ietf-ipv6-addr-arch-v4-00 (work in
progress), October 2003.
[ICMPV6] Conta, A. and S. Deering, "Internet Control Message - changed first words in title from "Intra-site" to "Internet/site"
Protocol (ICMPv6) for the Internet Protocol Version 6 to more accurately represent the functionality.
(IPv6) Specification", draft-ietf-ipngwg-icmp-v3 (work in
progress), November 2001.
[LLMNR] Esibov, L., Aboba, B. and D. Thaler, "Linklocal Multicast - new section on configuration/management.
Name Resolution", draft-ietf-dnsext-mdns (work in
progress), January 2004.
[MECH] Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms - new appendices on tunnel driver API; IANA considerations.
for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2-00
(work in progress), February 2003.
[NIQUERY] Crawford, M., "IPv6 Node Information Queries", - expanded section on MTU and fragmentation.
draft-ietf-ipngwg-icmp-name-lookups (work in progress),
June 2003.
[NODEREQ] Loughney, J., "IPv6 Node Requirements", - expanded sections on encapsulation/decapsulation.
draft-ietf-ipv6-node-requirements (work in progress),
October 2003.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September - specified relation to IPv6 Node Requirements.
- introduced distinction between control; user planes.
- specified multicast mappings.
- revised neighbor discovery, address autoconfiguration, IANA
considerations and security considerations sections.
Appendix B. Example ISATAP Driver API
An ISATAP driver API should include primitives for sending and
receiving control plane messages as well as primitives for tunnel
configuration/management such as the following non-normative
examples:
B.1 ISATAP_SEND, ISATAP_RECEIVE Primitives
Description:
Sends/Receives control plane messages via the
ISATAP driver (e.g., via a routing socket, etc.)
B.2 ISATAP_CREATE Primitive
Description:
Creates a new tunnel interface and an associated IP
interface by creating a row in tunnelIfConfigTable.
Also optionally configures read-write objects for the
tunnel interface and adds locators to the receive address
table via RcvTableAdd(locator, tunnel_interface).
Required parameter:
- tunnelIfEncapsMethod.
Optional parameters:
- attributes for configuring read-write objects.
- list of locators to associate with tunnel interface.
Returns:
- ifIndex for the new tunnel interface, or a failure code.
B.3 ISATAP_DELETE Primitive
Description:
Deletes an existing tunnel interface by deleting the
corresponding row in tunnelIfConfigTable. Also frees
its locators via RcvTableDel(NULL, tunnel_interface).
Required parameter:
- ifIndex.
Returns:
- success or a failure code.
B.4 ISATAP_CONFIG Primitive
Description:
Configures attributes for an existing tunnel interface.
Also adds new locators via RcvTableAdd(locator,
tunnel_interface) and deletes old locators via
RcvTableDel(locator, tunnel_interface).
Required parameter:
- ifIndex.
Optional parameters:
- read-write objects for the tunnel interface.
- list of locators to associate with tunnel interface.
- list of locators to delete from association.
Returns:
- success or a failure code.
B.5 ISATAP_BIND Primitive
Description:
Binds (or, creates then binds) a configured tunnel interface
to an ISATAP interface. The configured tunnel interface
inherits the ISATAP interface's locator set and the ISATAP
interface uses the encapsulation parameters associated with
the bound configured tunnel interface.
Required parameter:
- ifIndex for the ISATAP interface.
- ifIndex for the configured tunnel interface, or NULL.
Conditional parameter:
- if ifIndex for the configured tunnel is NULL,
tunnelIfEncapsMethod.
Optional parameters:
- attributes for configuring read-write objects for the
configured tunnel interface.
Returns:
- ifIndex for the configured tunnel, or a failure code.
B.6 ISATAP_GET Primitive
Description:
Copies configuration attributes from system table entries
associated with the specified tunnel interface into a
calling process' buffer.
Required parameter:
- ifIndex
- address of a buffer in calling process's memory.
- number of bytes available in the user's buffer.
Returns:
- Number of bytes written into the calling process'
buffer, or a failure code.
Appendix C. The IPv6 minimum MTU
The 1280 byte IPv6 minimum MTU was proposed by Steve Deering and
agreed through working group consensus in November 1997 discussions
on the IPv6 mailing list. The size was chosen to allow extra room for
link layer encapsulations without exceeding the Ethernet MTU of 1500
bytes, i.e., the practical physical cell size of the Internet. The
1280 byte MTU also provides a fixed upper bound for the size of IPv6
packets/fragments with a maximum store-and-forward delay budget of ~1
second assuming worst-case link speeds of ~10Kbps [BCP0048], thus
providing a convenient value for use in reassembly buffer timer
settings. Finally, the 1280 byte MTU allows transport connections
(e.g., TCP) to configure a large-enough maximum segment size for
improved performance even if the IPv4 interface that will send the
tunneled packets uses a smaller MTU.
Appendix D. Modified EUI-64 Addresses in the IANA Ethernet Address Block
Modified EUI-64 addresses ([ADDR], Appendix A) in the IANA Ethernet
Address Block are formed as the concatenation of the 24-bit IANA OUI
(00-00-5E) with a 40-bit extension identifier. They have the
following appearance in memory (bits transmitted right-to-left within
octets, octets transmitted left-to-right):
0 23 63
| OUI | extension identifier |
000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
When the first two octets of the extension identifier encode the
hexadecimal value 0xFFFE, the remainder of the extension identifier
encodes a 24-bit vendor-supplied id as follows:
0 23 39 63
| OUI | 0xFFFE | vendor-supplied id |
000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx
When the first octet of the extension identifier encodes the
hexadecimal value 0xFE, the remainder of the extension identifier
encodes a 32-bit IPv4 address, as specified in ([ISATAP], section
6.1) and as follows:
0 23 31 63
| OUI | 0xFE | IPv4 address |
000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
Modified EUI-64 format interface identifiers are formed by inverting
the "u" bit, i.e., the "u" bit is set to one (1) to indicate
universal scope and it is set to zero (0) to indicate local scope
([ADDR], section 2.5.1).
Appendix E. Proposed ICMPv6 Code Field Types
Three new ICMPv6 Code Field Type definitions are proposed for the
ICMPv6 Destination Unreachable message. The first proposes a new
definition for a currently-unassigned code type (2) in the ICMPv6
Type Numbers registry; the others propose new definitions for code
types (5) and (6). The code type field definition proposals appear
below:
Type Name Reference
---- ------------------------- ---------
1 Destination Unreachable [RFC2463]
Code 2 - beyond the scope of source address
5 - source address failed ingress policy
6 - reject route to destination
Normative References
[STD0003] Braden, R., "Requirements for Internet Hosts - Communication
Layers", STD 3, RFC 1122, October 1989.
[STD0005] Postel, J., "Internet Protocol", STD 5, RFC 791, September
1981. 1981.
[RFC1122] Braden, R., "Requirements for Internet Hosts - [STD0006] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
Communication Layers", STD 3, RFC 1122, October 1989. 1980.
[RFC1981] McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery [RFC1981] McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for
for IP version 6", RFC 1981, August 1996. IP version 6", RFC 1981, August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
IANA Considerations Section in RFCs", BCP 26, RFC 2434, Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
October 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor [RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
Discovery for IP Version 6 (IPv6)", RFC 2461, December for IP Version 6 (IPv6)", RFC 2461, December 1998.
1998.
[RFC2463] Conta, A., and S. Deering, "Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification",
RFC 2463, December 1998.
[RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
Domains without Explicit Tunnels", RFC 2529, March 1999. Domains without Explicit Tunnels", RFC 2529, March 1999.
[RFC3150] Dawkins, S., Montenegro, G., Kojo, M. and V. Magret, [RFC3424] Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
"End-to-end Performance Implications of Slow Links", BCP Address Fixing (UNSAF) Across Network Address Translation", RFC 3424,
48, RFC 3150, July 2001. November 2002.
[RFC3542] Stevens, W., Thomas, M., Nordmark, E. and T. Jinmei, [RFC3542] Stevens, W., Thomas, M., Nordmark, E. and T. Jinmei,
"Advanced Sockets Application Program Interface (API) for "Advanced Sockets Application Program Interface (API) for IPv6", RFC
IPv6", RFC 3542, May 2003. 3542, May 2003.
Informative References [RFC3582] Abley, J., Black, B. and V. Gill, "Goals for IPv6 Site-
Multihoming Architectures", RFC 3582, August 2003.
[DEERING97] [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
Deering, S., "http://www.cs-ipv6.lancs.ac.uk/ipv6/ Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
mail-archive/IPng/1997-12/0052.html", November 1997.
[FLOW] Rajahalme, J., Conta, A., Carpenter, B. and S. Deering, [ADDR] Hinden, R. and S. Deering, "IP Version 6 Addressing
"IPv6 Flow Label Specification", Architecture", draft-ietf-ipv6-addr-arch-v4 (work in progress),
draft-ietf-ipv6-flow-label (work in progress), December October 2003.
2003.
[FTMIB] Haberman, B. and M. Wasserman, "IP Forwarding Table MIB", [AUTH] Reynolds, J. and R. Braden, "Instructions to Request for
draft-ietf-ipv6-rfc2096-update (work in progress), August Comments (RFC) Authors", draft-rfc-editor-rfc2223bis (work in
2003. progress), August 2003.
[IPMIB] Routhier, S., "Management Information Base for the [DEFLT] Draves, R. and D. Thaler, "Default Router Preferences and
Internet Protocol (IP)", draft-ietf-ipv6-rfc2011-update More-Specific Routes", draft-ietf-ipv6-router-selection (work in
(work in progress), September 2003. progress), December 2003.
[RFC1035] Mockapetris, P., "Domain names - implementation and [ISATAP] Templin, F., Gleeson, T., Talwar, M. and D. Thaler,
specification", STD 13, RFC 1035, November 1987. "Internet/Site Automatic Tunnel Addressing Protocol", draft-ietf-
ngtrans-isatap (work in progress), February 2004.
[RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, [LLMNR] Esibov, L., Aboba, B. and D. Thaler, "Linklocal Multicast
October 1996. Name Resolution", draft-ietf-dnsext-mdns (work in progress), January
2004.
[RFC2004] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, [MECH] Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms
October 1996. for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2 (work in
progress), February 2003.
[RFC2223bis] [NODEREQ] Loughney, J., "IPv6 Node Requirements", draft-ietf-ipv6-node-
Reynolds, J. and R. Braden, "Instructions to Request for requirements (work in progress), October 2003.
Comments (RFC) Authors", draft-rfc-editor-rfc2223bis (work
in progress), August 2003.
[RFC2309] Braden, B., Clark, D., Crowcroft, J., Davie, B., Deering, [UNIQUE] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
S., Estrin, D., Floyd, S., Jacobson, V., Minshall, G., Addresses", draft-ietf-ipv6-unique-local-addr (work in progress),
Partridge, C., Peterson, L., Ramakrishnan, K., Shenker, January 2004.
S., Wroclawski, J. and L. Zhang, "Recommendations on Queue
Management and Congestion Avoidance in the Internet", RFC Informative References
2309, April 1998.
[BCP0048] Dawkins, S., Montenegro, G., Kojo, M. and V. Magret, "End-
to-end Performance Implications of Slow Links", BCP 48, RFC 3150,
July 2001.
[STD0013] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC
2402, November 1998. 2402, November 1998.
[RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security [RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
Payload (ESP)", RFC 2406, November 1998. (ESP)", RFC 2406, November 1998.
[RFC2486] Aboba, B. and M. Beadles, "The Network Access Identifier",
RFC 2486, January 1999.
[RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6 [RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6
over Non-Broadcast Multiple Access (NBMA) networks", RFC over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491,
2491, January 1999. January 1999.
[RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM [RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM
Networks", RFC 2492, January 1999. Networks", RFC 2492, January 1999.
[RFC2710] Deering, S., Fenner, W. and B. Haberman, "Multicast [RFC2710] Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
Listener Discovery (MLD) for IPv6", RFC 2710, October Discovery (MLD) for IPv6", RFC 2710, October 1999.
1999.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via
via IPv4 Clouds", RFC 3056, February 2001. IPv4 Clouds", RFC 3056, February 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.
M. Carney, "Dynamic Host Configuration Protocol for IPv6 Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC
(DHCPv6)", RFC 3315, July 2003. 3315, July 2003.
[RFC3582] Abley, J., Black, B. and V. Gill, "Goals for IPv6 [ANYCAST] Hagino, J. and K. Ettikan, "An Analysis of IPv6 Anycast",
Site-Multihoming Architectures", RFC 3582, August 2003. draft-ietf-ipngwg-ipv6-anycast-analysis (work in progress), June
2003.
[DNSOPV6] Durand, A., Ihren, J., and Savola P., "Operational
Considerations and Issues with IPv6 DNS", draft-ietf-dnsop-ipv6-dns-
issues, work-in-progress, January 2004.
[FLOW] Rajahalme, J., Conta, A., Carpenter, B. and S. Deering,
"IPv6 Flow Label Specification", draft-ietf-ipv6-flow-label (work in
progress), December 2003.
[FRAG] Mogul, J. and C. Kent, "Fragmentation Considered Harmful", In
Proc. SIGCOMM '87 Workshop on Frontiers in Computer Communications
Technology. August, 1987.
[FTMIB] Haberman, B. and M. Wasserman, "IP Forwarding Table MIB",
draft-ietf-ipv6-rfc2096-update (work in progress), August 2003.
[IPMIB] Routhier, S., "Management Information Base for the Internet
Protocol (IP)", draft-ietf-ipv6-rfc2011-update (work in progress),
September 2003.
[NIQUERY] Crawford, M., "IPv6 Node Information Queries", draft-ietf-
ipngwg-icmp-name-lookups (work in progress), June 2003.
[SEND] Arkko, J., Kempf, J., Sommerfield, B., Zill, B. and P. [SEND] Arkko, J., Kempf, J., Sommerfield, B., Zill, B. and P.
Nikander, "Secure Neighbor Discovery (SEND)", Nikander, "Secure Neighbor Discovery (SEND)", draft-ietf-send-ndopt
draft-ietf-send-ndopt (work in progress), October 2003. (work in progress), October 2003.
[TUNNELMIB] [TCPMIB] Raghunarayan, R., "Management Information Base for the
Thaler, D., "IP Tunnel MIB", Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update
draft-ietf-ipv6-inet-tunnel-mib (work in progress), (work in progress), November 2003.
January 2004.
[VET] Nguyen, Q., "http://irl.cs.ucla.edu/vet/report.ps", spring [TUNMIB] Thaler, D., "IP Tunnel MIB", draft-ietf-ipv6-inet-tunnel-mib
1998. (work in progress), January 2004.
[UDPMIB] Raghunarayan, R., "Management Information Base for the
Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update
(work in progress), November 2003.
Authors' Addresses Authors' Addresses
Fred L. Templin Fred L. Templin
Nokia Nokia
313 Fairchild Drive 313 Fairchild Drive
Mountain View, CA 94110 Mountain View, CA 94110
US US
Phone: +1 650 625 2331 Phone: +1 650 625 2331
skipping to change at page 25, line 4 skipping to change at page 29, line 24
EMail: ftemplin@iprg.nokia.com EMail: ftemplin@iprg.nokia.com
Tim Gleeson Tim Gleeson
Cisco Systems K.K. Cisco Systems K.K.
Shinjuku Mitsu Building Shinjuku Mitsu Building
2-1-1 Nishishinjuku, Shinjuku-ku 2-1-1 Nishishinjuku, Shinjuku-ku
Tokyo 163-0409 Tokyo 163-0409
Japan Japan
EMail: tgleeson@cisco.com EMail: tgleeson@cisco.com
Mohit Talwar Mohit Talwar
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA> 98052-6399 Redmond, WA 98052-6399
US US
Phone: +1 425 705 3131 Phone: +1 425 705 3131
EMail: mohitt@microsoft.com EMail: mohitt@microsoft.com
Dave Thaler Dave Thaler
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA 98052-6399
US US
Phone: +1 425 703 8835 Phone: +1 425 703 8835
EMail: dthaler@microsoft.com EMail: dthaler@microsoft.com
Appendix A. Major Changes
Major changes from earlier versions to version 17:
o added tunnel driver API
o expanded section on MTU and fragmentation
o expanded sections on encapsulation/decapsulation
o specified relation to IPv6 Node Requirements
o specified use of additional control plane signalling
o specified multicast mappings.
o specified link layer address option format.
o specified setting of "u" bit in interface id's.
o removed obsoleted appendix sections.
o re-organized major sections to match normative references.
o revised neighbor discovery, address autoconfiguration, security
considerations sections. Added new subsections on interface
management, decapsulation/filtering, address lifetime expiry.
Appendix B. Interface Identifier Construction
This section provides an example specification for constructing EUI64
addresses from the Organizationally-Unique Identifier (OUI) owned by
the Internet Assigned Numbers Authority (IANA). It can be used to
construct both modified EUI-64 format interface identifiers for IPv6
unicast addresses ([ADDR-ARCH], section 2.5.1) and "native" EUI64
addresses for future use:
|0 2|2 3|3 3|4 6|
|0 3|4 1|2 9|0 3|
+------------------------+--------+--------+------------------------+
| OUI ("00-00-5E"+u+g) | TYPE | TSE | TSD |
+------------------------+--------+--------+------------------------+
Where the fields are:
OUI IANA's OUI: 00-00-5E with "u" and "g" bits (3 octets)
TYPE Type field; specifies use of (TSE, TSD) (1 octet)
TSE Type-Specific Extension (1 octet)
TSD Type-Specific Data (3 octets)
And the following interpretations are specified based on TYPE:
TYPE (TSE, TSD) Interpretation
---- -------------------------
0x00-0xFD RESERVED for future IANA use
0xFE (TSE, TSD) together contain an IPv4 address
0xFF TSD is interpreted based on TSE as follows:
TSE TSD Interpretation
--- ------------------
0x00-0xFD RESERVED for future IANA use
0xFE TSD contains 24-bit EUI-48 intf id
0xFF RESERVED by IEEE/RAC
Using this example specification, if TYPE=0xFE, then TSE is an
extension of TSD. If TYPE=0xFF, then TSE is an extension of TYPE.
(Other values for TYPE, and other interpretations of TSE, TSD are
reserved for future IANA use.) When TYPE='0xFE' the EUI64 address
embeds an IPv4 address, encoded in network byte order.
For Modified EUI64 format interface identifiers in IPv6 unicast
addresses ([ADDR-ARCH], Appendix A) using IANA's OUI, when TYPE=0xFE
and the IPv4 address is a globally unique (i.e., provider-assigned)
unicast address, the "u" bit is set to 1 to indicate universal scope.
When TYPE=0xFE and the IPv4 address is from a private allocation, the
"u" bit is set to 0 to indicate local scope. Thus, when the first
four octets of the interface identifier in an IPv6 unicast address
are either: '02-00-5E-FE' or: '00-00-5E-FE', the next four octets
embed an IPv4 address and the interface identifier is said to be in
"ISATAP format".
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to intellectual property or other rights that might be claimed to pertain
pertain to the implementation or use of the technology described in to the implementation or use of the technology described in this
this document or the extent to which any license under such rights document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; neither does it represent that it has
has made any effort to identify any such rights. Information on the made any effort to identify any such rights. Information on the IETF's
IETF's procedures with respect to rights in standards-track and procedures with respect to rights in standards-track and standards-
standards-related documentation can be found in BCP-11. Copies of related documentation can be found in BCP-11. Copies of claims of rights
claims of rights made available for publication and any assurances of made available for publication and any assurances of licenses to be made
licenses to be made available, or the result of an attempt made to available, or the result of an attempt made to obtain a general license
obtain a general license or permission for the use of such or permission for the use of such proprietary rights by implementors or
proprietary rights by implementors or users of this specification can users of this specification can be obtained from the IETF Secretariat.
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary rights
rights which may cover technology that may be required to practice which may cover technology that may be required to practice this
this standard. Please address the information to the IETF Executive standard. Please address the information to the IETF Executive Director.
Director.
The IETF has been notified of intellectual property rights claimed in The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this regard to some or all of the specification contained in this document.
document. For more information consult the online list of claimed For more information consult the online list of claimed rights.
rights.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it or
or assist in its implementation may be prepared, copied, published assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any kind,
kind, provided that the above copyright notice and this paragraph are provided that the above copyright notice and this paragraph are included
included on all such copies and derivative works. However, this on all such copies and derivative works. However, this document itself
document itself may not be modified in any way, such as by removing may not be modified in any way, such as by removing the copyright notice
the copyright notice or references to the Internet Society or other or references to the Internet Society or other Internet organizations,
Internet organizations, except as needed for the purpose of except as needed for the purpose of developing Internet standards in
developing Internet standards in which case the procedures for which case the procedures for copyrights defined in the Internet
copyrights defined in the Internet Standards process must be Standards process must be followed, or as required to translate it into
followed, or as required to translate it into languages other than languages other than English.
English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees. revoked by the Internet Society or its successors or assignees. This
document and the information contained herein is provided on an "AS IS"
This document and the information contained herein is provided on an basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF PARTICULAR PURPOSE.
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/