draft-ietf-ngtrans-isatap-18.txt   draft-ietf-ngtrans-isatap-19.txt 
Network Working Group F. Templin Network Working Group F. Templin
Internet-Draft Nokia Internet-Draft Nokia
Expires: August 4, 2004 T. Gleeson Expires: August 15, 2004 T. Gleeson
Cisco Systems K.K. Cisco Systems K.K.
M. Talwar M. Talwar
D. Thaler D. Thaler
Microsoft Corporation Microsoft Corporation
February 4, 2004 February 16, 2004
Internet/Site Automatic Tunnel Addressing Protocol (ISATAP) Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
draft-ietf-ngtrans-isatap-18.txt draft-ietf-ngtrans-isatap-19.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 4, 2004. This Internet-Draft will expire on August 15, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
The Internet/Site Automatic Tunnel Addressing Protocol (ISATAP) The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects
connects IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4 IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4 network
network as a link layer for IPv6 and views other nodes on the network as a link layer for IPv6 and views other nodes on the network as
as potential IPv6 hosts/routers. ISATAP supports automatic tunneling potential IPv6 hosts/routers. ISATAP supports automatic tunneling and
and a tunnel interface management abstraction similar to the Non- a tunnel interface management abstraction similar to the Non-
Broadcast, Multiple Access (NBMA) and ATM Permanent/Switched Virtual Broadcast, Multiple Access (NBMA) and ATM Permanent/Switched Virtual
Circuit (PVC/SVC) models. Circuit (PVC/SVC) models.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. ISATAP Conceptual Model . . . . . . . . . . . . . . . . . . . 4 4. ISATAP Conceptual Model . . . . . . . . . . . . . . . . . . . 5
5. Node Requirements . . . . . . . . . . . . . . . . . . . . . . 5 5. Node Requirements . . . . . . . . . . . . . . . . . . . . . . 6
6. Addressing Requirements . . . . . . . . . . . . . . . . . . . 5 6. Addressing Requirements . . . . . . . . . . . . . . . . . . . 7
7. Configuration and Management Requirements . . . . . . . . . . 6 7. Configuration and Management Requirements . . . . . . . . . . 8
8. Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . 10 8. Automatic Tunneling . . . . . . . . . . . . . . . . . . . . . 12
9. Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . . 15 9. Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . . 17
10. Other Requirements for Control Plane Signaling . . . . . . . . 18 10. Security considerations . . . . . . . . . . . . . . . . . . . 20
11. Security considerations . . . . . . . . . . . . . . . . . . . 18 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 12. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 20
13. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 19 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22
14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 A. Major Changes . . . . . . . . . . . . . . . . . . . . . . . . 23
A. Major Changes . . . . . . . . . . . . . . . . . . . . . . . . 21 B. The IPv6 Minimum MTU . . . . . . . . . . . . . . . . . . . . . 23
B. Example ISATAP Driver API . . . . . . . . . . . . . . . . . . 21 C. Modified EUI-64 Addresses in the IANA Ethernet Address Block . 24
C. The IPv6 Minimum MTU . . . . . . . . . . . . . . . . . . . . . 24 D. Proposed ICMPv6 Code Field Types . . . . . . . . . . . . . . . 25
D. Modified EUI-64 Addresses in the IANA Ethernet Address Block . 24
E. Proposed ICMPv6 Code Field Types . . . . . . . . . . . . . . . 25
Normative References . . . . . . . . . . . . . . . . . . . . . 25 Normative References . . . . . . . . . . . . . . . . . . . . . 25
Informative References . . . . . . . . . . . . . . . . . . . . 27 Informative References . . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 28
Intellectual Property and Copyright Statements . . . . . . . . 30 Intellectual Property and Copyright Statements . . . . . . . . 29
1. Introduction 1. Introduction
This document specifies a simple mechanism called the Internet/Site This document specifies a simple mechanism called the Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6 Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6
[RFC2460] hosts/routers over IPv4 [STD0005] networks. Dual-stack [RFC2460] hosts/routers over IPv4 [STD5] networks. Dual-stack
(IPv6/IPv4) nodes use ISATAP to automatically tunnel IPv6 packets in (IPv6/IPv4) nodes use ISATAP to automatically tunnel IPv6 packets in
IPv4, i.e., ISATAP views the IPv4 network as a link layer for IPv6 IPv4, i.e., ISATAP views the IPv4 network as a link layer for IPv6
and views other nodes on the network as potential IPv6 hosts/routers. and views other nodes on the network as potential IPv6 hosts/routers.
ISATAP enables automatic tunneling whether global or private IPv4 ISATAP enables automatic tunneling whether global or private IPv4
addresses are used, and supports a tunnel interface management addresses are used, and supports a tunnel interface management
abstraction similar to the Non-Broadcast, Multiple Access (NBMA) abstraction similar to the Non-Broadcast, Multiple Access (NBMA)
[RFC2491] and ATM Permanent/Switched Virtual Circuit (PVC/SVC) [RFC2491] and ATM Permanent/Switched Virtual Circuit (PVC/SVC)
[RFC2492] models. [RFC2492] models.
The main objectives of this document are to: 1) describe the ISATAP The main objectives of this document are to: 1) describe the ISATAP
conceptual model, 2) specify addressing requirements, 3) discuss conceptual model, 2) specify addressing requirements, 3) discuss
configuration and management requirements, 4) specify automatic configuration and management requirements, 4) specify automatic
tunneling using ISATAP, 5) specify operational aspects of IPv6 tunneling using ISATAP, 5) specify operational aspects of IPv6
Neighbor Discovery, and 6) discuss IANA and Security considerations. Neighbor Discovery, and 6) discuss IANA and Security considerations.
This document surveys all IETF v6ops WG documents current up to This document surveys all IETF v6ops WG documents current up to
February 4, 2004. February 16, 2004.
2. Requirements 2. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [BCP0014]. document, are to be interpreted as described in [BCP14].
This document also makes use of internal conceptual variables to
describe protocol behavior and external variables that an
implementation must allow system administrators to change. The
specific variable names, how their values change, and how their
settings influence protocol behavior are provided to demonstrate
protocol behavior. An implementation is not required to have them in
the exact form described here, so long as its external behavior is
consistent with that described in this document.
3. Terminology 3. Terminology
The terminology of [STD0003][RFC2460][RFC2461][RFC3582] applies to The terminology of [STD3][RFC2460][RFC2461][RFC3582] applies to this
this document. The following additional terms are defined: document. The following additional terms are defined:
ISATAP node: ISATAP node:
a node that implements the specifications in this document. a node that implements the specifications in this document.
ISATAP daemon: ISATAP daemon:
an ISATAP node's server application that uses an ISATAP driver API an ISATAP node's server application that uses an API for control
for control plane signaling and tunnel interface plane signaling and tunnel interface configuration/management.
configuration/management.
ISATAP driver: ISATAP driver:
an ISATAP node's network driver module that provides an API for an ISATAP node's network module that provides an API for control
control plane signaling and tunnel interface configuration/ plane signaling and tunnel interface configuration/management.
management. Also provides an engine for tunneled packet Also provides a packet encapsulation/decapsulation engine, and an
encapsulation, decapsulation and forwarding. embedded gateway function (see: [STD3], section 3.3.4.2).
logical interface: logical interface:
an IPv6 address or a configured tunnel interface associated with an IPv6 address or a configured tunnel interface associated with
an ISATAP interface. an ISATAP interface (see: [STD3], section 3.3.4.1).
ISATAP interface: ISATAP interface:
an ISATAP node's point-to-multipoint IPv6 interface for automatic an ISATAP node's point-to-multipoint interface that provides a
IPv6-in-IPv4 tunneling. Provides a control plane interface for the control plane interface for the ISATAP daemon and a forwarding
ISATAP daemon and a user plane nexus for its associated logical plane nexus for its associated logical interfaces.
interfaces.
ISATAP interface identifier: ISATAP interface identifier:
an IPv6 interface identifier with an embedded IPv4 address an IPv6 interface identifier with an embedded IPv4 address
constructed as specified in section 6.1. constructed as specified in section 6.1.
ISATAP address: ISATAP address:
an IPv6 unicast address assigned on an ISATAP interface with an an IPv6 unicast address assigned on an ISATAP interface with an
on-link prefix and an ISATAP interface identifier. on-link prefix and an ISATAP interface identifier.
locator: locator:
an IPv4 address-to-interface mapping, i.e., a node's IPv4 address an IPv4 address-to-interface mapping, i.e., a node's IPv4 address
and the index for it's associated interface. and the index for it's associated interface.
locator set: locator set:
a set of locators associated with a tunnel interface, where each a set of locators associated with a tunnel interface, where each
locator in the set belongs to the same site. locator in the set belongs to the same site.
4. ISATAP Conceptual Model 4. ISATAP Conceptual Model
ISATAP nodes typically act as a host on some interfaces and as a ISATAP interfaces are advertising IPv6 interfaces that provide a
router on other interfaces; the distinction between host and router point-to-multipoint abstraction for IPv6-in-IPv4 tunneling. They
is made per advertising interface. provide a forwarding plane nexus (used by the ISATAP driver) for
their associated logical interfaces. They also provide a control
plane interface (used by the ISATAP daemon) for tunnel configuration
signaling.
ISATAP interfaces provide a point-to-multipoint abstraction for The ISATAP driver encapsulates packets for transmission according to
IPv6-in-IPv4 tunneling. They provide a user plane nexus for tunneling parameters associated with its logical interfaces. It also determines
packets on behalf of their associated logical interfaces. They also the correct interface to receive each tunneled packet after
provide a control plane interface for tunnel configuration signaling decapsulation, and provides an embedded gateway function.
between the ISATAP daemon and prospective peers (e.g., via IPv6
Neighbor Discovery messages, DNS queries, etc.).
The ISATAP driver sends tunneled packets via the node's IPv4 stack The ISATAP daemon configures and manages tunnels via an API provided
according to the sending interface's encapsulation parameters. It by the ISATAP driver. Each such configured tunnel provides a nexus
also determines the correct interface to receive each tunneled packet for multiple applications using IPv6 addresses as application
after decapsulation via a forwarding table lookup. identifiers. Each such application identifier provides a nexus for
multiple sessions. In summary, each configured tunnel provides a
point-to-point connection between peers that can support multiple
applications and multiple instances of each application.
The ISATAP daemon configures and manages tunnels via an ISATAP driver The following example diagram depicts the ISATAP conceptual model:
API. Each such configured tunnel provides a nexus for multiple
applications using IPv6 addresses as application identifiers. Each <-- IPv6-enabled applications -->
such application identifier provides a nexus for multiple sessions. +----+ +---------------------------------------------+
In summary, each configured tunnel provides a point-to-point |I D| | IPv6 Stack |
connection between peers that can support multiple applications and |S a| | |
multiple instances of each application. |A e| | <-- IPv6 addresses --> |
|T m| | +--+ +--+ +--+ +--+ +--+ +--+ +--+ +--+ |
|A o| | |v6| |v6| |v6| |v6| |v6| |v6| |v6| ... |v6| |
|P n| | +--+ +-++ ++-+ ++-+ ++++ ++-+ +-++ +-++ |
+-+--+ +---/---/----|----|---/-|--|-\----|--------|--+
| / / | | / | | \ | | <----+
x / / | | / | | \ | | I |
/ / +--++ +++-+ +--++ ++-++ +-+-+ S |
/ / |tun| |tun| |tun| |tun| ... |tun| A |
/ / +-+-+ +--++ +-+-+ ++--+ +-+-+ T |
/ / | \ | / | A |
x / / x | x \ | / x | P |
| / / | | | \ | / | | |
+--+---+---+ +------+---+ +-----+-+-++ +--------+-+ D |
|ISATAP I/F| |ISATAP I/F| |ISATAP I/F| .. |ISATAP I/F| r |
| (site 1) | | (site 1) | | (site 3) | | (site n) | i |
+---+----+++ +-++-----+-+ +-+-----+-++ +------+---+ v |
| | \ / | | | | \ | e |
| | \/ | | | | \ | r |
| | /\ | | | | \ | <----+
+---|----|-/--\-|-----|-----|-----|-----\ -------|---+
| +-+-+ +++-+ +++-+ +-+-+ +-+-+ +-+-+ +--++ +-+-+ |
| |loc| |loc| |loc| |loc| |loc| |loc| |loc| .. |loc| |
| +-+-+ +--++ +---+ +---+ +-+-+ +-+-+ +-+-+ +-+-+ |
| | / / / \ | / / |
| | / / +---+ \ | / / |
| | / / / \ | / / |
| | / / / IPv4 Stack \ | / / |
+-+-+-+--+-+--+--------+--+------+++------+-+------+-+
|IPv4 I/F| |IPv4 I/F| |IPv4 I/F| .... |IPv4 I/F|
|(site 1)| |(site 2)| |(site 3)| |(site n)|
+--------+ +--------+ +--------+ +--------+
5. Node Requirements 5. Node Requirements
ISATAP nodes implement the common functionality required by [NODEREQ] ISATAP nodes observe the common functionality requirements in
as well as the additional features specified in this document. [NODEREQ] and the DNS requirements in ([MECH], section 2.2). They
also implement the additional features specified in this document.
6. Addressing Requirements 6. Addressing Requirements
6.1 ISATAP Interface Identifiers 6.1 ISATAP Interface Identifiers
ISATAP interface identifiers are constructed in Modified EUI-64 ISATAP interface identifiers are constructed in Modified EUI-64
format ([ADDR], appendix A). They are formed by concatenating the format ([ADDR], appendix A). They are formed by concatenating the
24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a
32-bit IPv4 address in network byte order ([AUTH], section 3.4). 32-bit IPv4 address in network byte order.
The format for ISATAP interface identifiers is given below (where 'u' The format for ISATAP interface identifiers is given below (where 'u'
is the IEEE univeral/local bit, 'g' is the IEEE group/individual bit, is the IEEE univeral/local bit, 'g' is the IEEE group/individual bit,
and the 'm' bits represent the concatenated IPv4 address): and the 'm' bits represent the concatenated IPv4 address):
|0 1|1 3|3 4|4 6| |0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3| |0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+ +----------------+----------------+----------------+----------------+
|000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm| |000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+----------------+ +----------------+----------------+----------------+----------------+
When the IPv4 address is known to be globally unique, the 'u' bit is When the IPv4 address is known to be globally unique, the 'u' bit is
set to 1; otherwise, the 'u' bit is set to 0 ([ADDR], section 2.5.1). set to 1; otherwise, the 'u' bit is set to 0 ([ADDR], section 2.5.1).
See: Appendix D for additional non-normative details. See: Appendix C for additional non-normative details.
6.2 ISATAP Addresses 6.2 ISATAP Addresses
Any IPv6 unicast address ([ADDR], section 2.5) that contains an Any IPv6 unicast address ([ADDR], section 2.5) that contains an
ISATAP interface identifier constructed as specified in section 6.1 ISATAP interface identifier constructed as specified in section 6.1
and an on-link prefix on an ISATAP interface is considered an ISATAP and an on-link prefix on an ISATAP interface is considered an ISATAP
address. address.
6.3 Multicast/Anycast 6.3 Multicast/Anycast
ISATAP interfaces recognize a node's required IPv6 multicast/anycast ISATAP interfaces recognize a node's required IPv6 multicast/anycast
addresses ([ADDR], section 2.8). addresses ([ADDR], section 2.8).
For IPv6 multicast addresses of interest to local applications, For IPv6 multicast addresses of interest to local applications,
ISATAP nodes join the corresponding Organization-Local Scope IPv4 ISATAP nodes join the corresponding Organization-Local Scope IPv4
multicast groups ([RFC2529], section 6) on each interface that multicast groups ([RFC2529], section 6) on each interface that
appears in an ISATAP interface's locator set (see: section 7.2). appears in an ISATAP interface's locator set (see: section 7.2).
IPv6 multicast addresses of interest include a node's required IPv6 multicast addresses of interest include a node's required
multicast addresses, the 'All_DHCP_Relay_Agents_and_Servers' and multicast addresses, and may also include e.g, the
'All_DHCP_Servers' multicast addresses (i.e., if the node is 'All_DHCP_Relay_Agents_and_Servers' and 'All_DHCP_Servers' multicast
configured as a DHCPv6 server [RFC3315][RFC3633]), multicast addresses (i.e., if the node is configured as a DHCPv6 server
addresses discovered via MLD [RFC2710], etc. [RFC3315][RFC3633]), etc.
Considerations for IPv6 anycast appear in [ANYCAST]. Considerations for IPv6 anycast appear in [ANYCAST].
6.4 Source/Target Link Layer Address Options 6.4 Source/Target Link Layer Address Options
Source/Target Link Layer Address Options ([RFC2461], section 4.6.1) Source/Target Link Layer Address Options ([RFC2461], section 4.6.1)
for ISATAP have the following format: for ISATAP have the following format:
+-------+-------+-------+-------+-------+-------+-------+--------+ +-------+-------+-------+-------+-------+-------+-------+--------+
| Type |Length | 0 | 0 | IPv4 Address | | Type |Length | 0 | 0 | IPv4 Address |
+-------+-------+-------+-------+-------+-------+-------+--------+ +-------+-------+-------+-------+-------+-------+-------+--------+
Type: Type:
1 for Source Link-layer address. 2 for Target Link-layer address. 1 for Source Link-layer address. 2 for Target Link-layer address.
Length: Length:
1 (in units of 8 octets). 1 (in units of 8 octets).
IPv4 Address: IPv4 Address:
A 32 bit IPv4 address, in network byte order ([AUTH], section A 32 bit IPv4 address, in network byte order.
3.4).
ISATAP nodes use the specifications in ([MECH], section 3.8) that ISATAP nodes use the specifications in ([MECH], section 3.8) that
pertain to sending and receiving Source/Target Link Layer Address pertain to sending and receiving Source/Target Link Layer Address
Options. Options.
7. Configuration and Management Requirements 7. Configuration and Management Requirements
7.1 Network Management 7.1 Network Management
ISATAP nodes MAY support network management; those that do SHOULD
support the following MIBs: [FTMIB][IPMIB][TUNMIB][TCPMIB][UDPMIB].
This document defines no new MIB tables, nor extensions to any This document defines no new MIB tables, nor extensions to any
existing MIB tables. Objects found in the MIBs listed above are existing MIB tables. Objects found in [FTMIB][IPMIB][TUNMIB] are
supported as described in the following subsections. supported as described in the following subsections.
7.2 The ifRcvAddressTable 7.2 The ifRcvAddressTable
The ISATAP driver maintains ifRcvAddressTable as a bidirectional The ISATAP driver maintains ifRcvAddressTable as a bidirectional
association of locators with tunnel interfaces. Each locator in the association of locators with tunnel interfaces. Each locator in the
table includes a preferred IPv4 address-to-interface mapping (i.e., a table includes an IPv4 address-to-interface mapping (i.e., an IPv4
preferred IPv4 ipAddressEntry in the node's ipAddressTable) and a ipAddressEntry in the node's ipAddressTable) and a list of associated
list of associated tunnel interfaces. Each tunnel interface in the tunnel interfaces. Each tunnel interface in the table has a
table has a tunnelIfEntry and a list of associated locators, i.e., a tunnelIfEntry and a list of associated locators, i.e., a "locator
"locator set". set".
The ISATAP driver implements the following conceptual functions to The ISATAP driver implements the following conceptual functions to
manage and search the ifRcvAddressTable: manage and search the ifRcvAddressTable:
7.2.1 RcvTableAdd(locator, tunnel_interface) 7.2.1 RcvTableAdd(locator, tunnel_interface)
Creates a bidirectional association in the ifRcvAddressTable between Creates a bidirectional association in the ifRcvAddressTable between
the locator and tunnel interface, i.e., adds the locator to the the locator and tunnel interface, i.e., adds the locator to the
tunnel interface's locator set and adds the tunnel interface to the tunnel interface's locator set and adds the tunnel interface to the
locator's association list. locator's association list.
Returns success or failure. Returns success or failure.
7.2.2 RcvTableDel(locator, tunnel_interface) 7.2.2 RcvTableDel(locator, tunnel_interface)
Deletes ifRcvAddressTable entries according to the locator and tunnel Deletes ifRcvAddressTable entries according to the locator and tunnel
interface calling arguments as follows: interface arguments as follows:
- if both arguments are NULL, garbage-collects the entire table. - if both arguments are NULL, garbage-collects the entire table.
- if both arguments are non-NULL, deletes the locator from the - if both arguments are non-NULL, deletes the locator from the
tunnel interface's locator set and deletes the tunnel interface tunnel interface's locator set and deletes the tunnel interface
from the locator's association list. from the locator's association list.
- if the locator is non-NULL and tunnel interface is NULL, deletes - if the locator is non-NULL and tunnel interface is NULL, deletes
the locator from the locator sets of all tunnel interfaces. the locator from the locator sets of all tunnel interfaces.
skipping to change at page 8, line 11 skipping to change at page 9, line 40
locators. locators.
Returns success or failure. Returns success or failure.
7.2.3 RcvTableLocate(packet) 7.2.3 RcvTableLocate(packet)
Searches the ifRcvAddressTable to locate the correct tunnel interface Searches the ifRcvAddressTable to locate the correct tunnel interface
to decapsulate a packet. First, determines the locator that matches to decapsulate a packet. First, determines the locator that matches
the packet's IPv4 destination address and ifIndex for the interface the packet's IPv4 destination address and ifIndex for the interface
the packet arrived on. Next, checks each tunnel interface in the the packet arrived on. Next, checks each tunnel interface in the
locator's association list for an exact match of tunnelIfEncapsMethod locator's association list for exact matches of tunnelIfEncapsMethod
with the packet's encapsulation type and an exact match of with the packet's encapsulation type and tunnelIfRemoteInetAddress
tunnelIfRemoteInetAddress with the packet's IPv4 source address. with the packet's IPv4 source address.
If there is no match on the packet's IPv4 source address, a tunnel If there is no match on the packet's IPv4 source address, a tunnel
interface with a matching tunnelIfEncapsMethod and with interface with a matching tunnelIfEncapsMethod and with
tunnelIfRemoteInetAddress set to 0.0.0.0 is selected. If there are tunnelIfRemoteInetAddress set to 0.0.0.0 is selected. If there are
multiple matches, a tunnel interface with tunnelIfLocalInetAddress multiple matches, a tunnel interface with tunnelIfLocalInetAddress
that matches the packet's IPv4 destination address is preferred. that matches the packet's IPv4 destination address is preferred.
Returns a pointer to a tunnel interface if a match is found; else Returns a pointer to a tunnel interface if a match is found; else
NULL. NULL.
7.3 ISATAP Driver API 7.3 ISATAP Driver API
The ISATAP driver implements an API for calling processes, e.g., The ISATAP driver implements an API used by, e.g., the ISATAP daemon,
ISATAP daemons, startup scripts, manual command line entry, kernel startup scripts, manual command line entry, kernel processes, etc.
processes, etc. Access MUST be restricted to privileged users and Access MUST be restricted to privileged users and applications.
applications. The API provides primitives for sending/receiving ISATAP nodes implement the basic and advanced APIs for IPv6
control plane messages as well as creating, deleting, modifying, and [RFC3493][RFC3542].
otherwise managing tunnel interfaces. An example (i.e., non-
normative) API is given in Appendix B.
7.4 ISATAP Interface Creation/Configuration 7.4 ISATAP Interface Creation/Configuration
ISATAP interfaces are created via the tunnelIfConfigTable, which ISATAP interfaces are created via the tunnelIfConfigTable, which
results in simultaneous creation of a tunnelIfEntry and a companion results in simultaneous creation of a tunnelIfEntry and a companion
ipv6InterfaceEntry. Each ISATAP interface configures a locator set, ipv6InterfaceEntry. Each ISATAP interface configures a locator set,
where each locator in the set represents an IPv4 address-to- where each locator in the set represents an IPv4 address-to-interface
interface mapping for the same site (or, represents a mapping that is mapping for the same site (or, represents a mapping that is routable
routable on the global Internet). An ISATAP interface MUST NOT on the global Internet). ISATAP interfaces MUST NOT configure a
configure a locator set that spans multiple sites. locator set that spans multiple sites.
ISATAP interfaces configure the following objects in tunnelIfEntry: ISATAP interfaces configure the following values for objects in
tunnelIfEntry:
- tunnelIfEncapsMethod is set to an IANATunnelType for "isatap". - tunnelIfEncapsMethod is set to an IANATunnelType for "isatap".
- tunnelIfLocalInetAddress is set to an IPv4 address from the - tunnelIfLocalInetAddress is set to an IPv4 address from the
interface's locator set. interface's locator set.
- tunnelIfRemoteInetAddress is set to 0.0.0.0 to denote wildcard - tunnelIfRemoteInetAddress is set to 0.0.0.0 to denote wildcard
match for remote tunnel endpoints. match for remote tunnel endpoints.
- other read-write objects in the tunnelIfEntry are configured as - other read-write objects in the tunnelIfEntry are configured as
for any tunnel interface. for any tunnel interface.
ISATAP interfaces also configure the following objects in ISATAP interfaces are configured as advertising IPv6 interfaces and
ipv6InterfaceEntry: set the following values for objects in ipv6InterfaceEntry:
- ipv6InterfaceType is set to "tunnel". - ipv6InterfaceType is set to "tunnel".
- ipv6InterfacePhysicalAddress is set to an octet string of zero - ipv6InterfacePhysicalAddress is set to an octet string of zero
length to indicate that this IPv6 interface does not have a length to indicate that this IPv6 interface does not have a
physical address. physical address.
- ipv6InterfaceForwarding and, if necessary, ip6Forwarding for the - ipv6InterfaceForwarding and ip6Forwarding for the node are set to
node are set to "forwarding". "forwarding".
- other read-write objects in ipv6InterfaceEntry are configured as - other read-write objects in ipv6InterfaceEntry are configured as
for any IPv6 interface. for any IPv6 interface.
Finally, an ipv6RouterAdvertEntry for the ISATAP interface is created ISATAP interfaces create an ipv6RouterAdvertEntry and set its
in ipv6RouterAdvertTable and its ipv6RouterAdvertIfIndex object is ipv6RouterAdvertIfIndex object to the same value as
set to the same value as ipv6InterfaceIfIndex. Other objects in ipv6InterfaceIfIndex. Other objects in ipv6RouterAdvertEntry are
ipv6RouterAdvertEntry are configured as for any IPv6 router. configured as for any IPv6 router.
7.5 Dynamic Creation of Configured Tunnels IPv6 address selection rules for ISATAP interfaces are specified in
[RFC3484].
7.5 Configured Tunnel Creation/Configuration
Configured tunnels are normally created by the ISATAP daemon in Configured tunnels are normally created by the ISATAP daemon in
dynamic response to a tunnel creation request. Configured tunnel dynamic response to a tunnel creation request as an ISATAP
interfaces are configured as for ISATAP interfaces (see: section interface's associated logical interface; they inherit the locator
7.4), except that tunnelIfRemoteInetAddress is normally set to a set of their associated ISATAP interface. Configured tunnels set the
specific IPv4 address for a remote node at the far end of the tunnel, following values for objects in tunnelIfEntry:
i.e., configured tunnels are normally configured as point-to-point.
Also, tunnelIfEncapsMethod for the new entry is set to an
IANATunnelType appropriate for the method of encapsulation.
Configured tunnels MAY be "bound" to an ISATAP interface such that - tunnelIfEncapsMethod is set to an appropriate IANATunnelType
they inherit the ISATAP interface's locator set, e.g., for ease of value.
management and to avoid misconfigurations.
Configured tunnels MAY also be created as independent entities and - tunnelIfLocalInetAddress is set to an IPv4 address from the
configure their own locator set, but (as for ISATAP interfaces) they interface's locator set.
MUST NOT configure a locator set that spans multiple sites.
- tunnelIfRemoteInetAddress is set to an IPv4 address for the node
at the far end of the tunnel.
- other read-write objects in the tunnelIfEntry are configured as
for any tunnel interface.
Configured tunnels set values for objects in ipv6InterfaceEntry as
follows:
- ipv6InterfaceType is set to "tunnel".
- ipv6InterfacePhysicalAddress is set to an octet string of zero
length to indicate that this IPv6 interface does not have a
physical address.
- other read-write objects in ipv6InterfaceEntry are configured as
for any IPv6 interface.
IPv6 address selection rules for configured tunnel interfaces are
specified in [RFC3484].
7.6 Reconfigurations Due to IPv4 Address Changes 7.6 Reconfigurations Due to IPv4 Address Changes
When a locator becomes deprecated (e.g., when an IPv4 address is When an IPv4 address is removed from an interface, its corresponding
removed from an IPv4 interface) the locator SHOULD be removed from locator SHOULD be removed from all locator sets via
all tunnel interface associations via RcvTableDel(locator, NULL). RcvTableDel(locator, NULL); tunnelIfEntrys that used the IPv4 address
Also, all tunnel interfaces that used the deprecated IPv4 address as as tunnelIfLocalInetAddress SHOULD also configure a different local
tunnelIfLocalInetAddress SHOULD configure a different local IPv4 IPv4 address from their remaining locator set.
address from their remaining locator set.
When a new IPv4 address is added to an IPv4 interface, the node MAY When a new IPv4 address is added to an IPv4 interface, the node MAY
add the corresponding new locator to the locator set for one or more add the corresponding new locator to a tunnel interface's locator set
tunnel interfaces via RcvTableAdd(locator, tunnel_interface), and MAY via RcvTableAdd(locator, tunnel_interface), and MAY also set
set tunnelIfLocalInetAddress for tunnel interfaces referenced by the tunnelIfLocalInetAddress for its tunnelIfEntry to the new address.
updated forwarding entries to the new address.
Methods for triggering the above changes, and for communicating IPv4 Methods for triggering the above changes are out of scope.
address changes to remote nodes, are out of scope.
8. Automatic Tunneling 8. Automatic Tunneling
ISATAP nodes use the basic tunneling mechanisms specified in [MECH]. ISATAP nodes use the basic tunneling mechanisms specified in [MECH].
The following additional specifications are also used: The following additional specifications are also used:
8.1 Encapsulation 8.1 Encapsulation
The ISATAP driver encapsulates IPv6 packets in IPv4 using various The ISATAP driver encapsulates IPv6 packets using various
encapsulation methods, including ip-protocol-41 (e.g., 6over4 encapsulation methods, including ip-protocol-41 (e.g., 6over4
[RFC2529], 6to4 [RFC3056], IPv6-in-IPv4 configured tunnels [MECH], [RFC2529], 6to4 [RFC3056], IPv6-in-IPv4 configured tunnels [MECH],
isatap, etc.), UDP [STD0006] port 3544, and others. isatap, etc.), UDP [STD6] port 3544, and others.
AH [RFC2402] and/or ESP [RFC2406] processing and header compression Security processing (e.g., [RFC2402][RFC2406], etc.), upper layer
for the packet's inner headers are performed prior to encapsulation. fragmentation [RFC3542] and header compression for the packet's inner
headers are performed prior to encapsulation.
8.1.1 NAT Traversal 8.1.1 NAT Traversal
Native IPv6 and/or ip-protocol-41 encapsulation provides sufficient Native IPv6 and/or ip-protocol-41 encapsulation provides sufficient
functionality to support peer-to-peer communications when both peers functionality to support communications between peers that reside
reside within the same site (i.e., the same enterprise network). When within the same site (i.e., the same enterprise network). When the
the remote peer resides within a different site, NAT traversal via remote peer is in a different site, NAT traversal via UDP/IPv4
UDP/IPv4 encapsulation MAY be necessary. encapsulation MAY be necessary.
When an ISATAP node determines that NAT traversal is necessary to When an ISATAP node determines that NAT traversal is necessary to
reach a particular peer, it encapsulates IPv6 packets using UDP/IPv4 reach a particular peer, it encapsulates IPv6 packets using UDP/IPv4
encapsulation with a UDP destination port of 3544. This determination port 3544 encapsulation. This determination may come through, e.g.,
may come through, e.g., first attempting communications via ip- first attempting communications via ip-protocol-41 then failing over
protocol-41 then failing over to UDP/IPv4 port 3544 encapsulation, to UDP/IPv4 port 3544 encapsulation, administrative knowledge that a
administrative knowledge that a NAT traversal will occur along the NAT is on the path, etc.
path, etc.
When UDP/IPv4 port 3544 encapsulation is used, the specifications in
this document apply the same as for any form of encapsulation
supported by ISATAP.
8.1.2 Multicast 8.1.2 Multicast
ISATAP interfaces encapsulate packets with IPv6 multicast destination ISATAP interfaces encapsulate packets with IPv6 multicast destination
addresses using a mapped Organization-Local Scope IPv4 multicast addresses using a mapped Organization-Local Scope IPv4 multicast
address ([RFC2529], section 6) as the destination address in the address ([RFC2529], section 6) as the destination address in the
encapsulating IPv4 header. encapsulating IPv4 header.
8.2 Tunnel MTU and Fragmentation 8.2 Tunnel MTU and Fragmentation
Encapsulated packets may incur host-based IPv4 fragmentation, e.g., Encapsulated packets sent by the ISATAP driver may require host-based
when the underlying physical link has a small IPv4 MTU [BCP0048]. In IPv4 fragmentation in order to satisfy the 1280 byte IPv6 minimum
such cases, host-based IPv4 fragmentation is required to satisfy the MTU, e.g., when the underlying link has a small IPv4 MTU [BCP48].
1280 byte IPv6 minimum MTU, and is not considered harmful [FRAG]. On While this intentional fragmentation is not considered harmful,
the other hand, unmitigated IPv4 fragmentation caused by the network unmitigated IPv4 fragmentation caused by the network can cause poor
can cause poor performance. For example, since the minimum IPv4 performance [FRAG]. For example, since the minimum IPv4 fragment
fragment size is only 8 bytes [STD0005], network middleboxes could size is only 8 bytes [STD5], a single 1280 byte encapsulated packet
shred a 1280 byte tunneled packet into as many as 160 IPv4 fragments. could be shredded by the network into as many as 160 IPv4 fragments
with obvious negative performance implications.
ISATAP uses the MTU and fragmentation specifications in ([MECH], ISATAP uses the MTU and fragmentation specifications in ([MECH],
section 3.2) and the Maximum Reassembly Unit (MRU) specifications in section 3.2) and the Maximum Reassembly Unit (MRU) specifications in
([MECH], section 3.6), which provide sufficient measures for avoiding ([MECH], section 3.6), which provide sufficient measures for avoiding
excessive IPv4 fragmentation in certain controlled environments excessive IPv4 fragmentation in certain controlled environments
(e.g., 3GPP operator networks, enterprise networks, etc). To minimize (e.g., 3GPP operator networks, enterprise networks, etc). To minimize
IPv4 fragmentation and improve performance in general use case IPv4 fragmentation and improve performance in general use case
scenarios, ISATAP nodes SHOULD add the following simple scenarios, ISATAP nodes SHOULD add the following simple
instrumentation to the IPv4 reassembly cache: instrumentation to the IPv4 reassembly cache:
When the initial fragment of an encapsulated packet arrives, the When the initial fragment of an encapsulated packet arrives, the
packet's IPv4 reassembly timer is set to 1 second (i.e., the worst packet's IPv4 reassembly timer is set to 1 second (i.e., the worst
case store-and-forward delay budget for a 1280 byte packet). If an case store-and-forward delay budget for a 1280 byte packet). If an
encapsulated packet's IPv4 reassembly timer expires: encapsulated packet's IPv4 reassembly timer expires:
- If enough contiguous leading bytes of the packet have arrived - If enough contiguous leading bytes of the packet have arrived
(see: section 8.6), reassemble the packet from all fragments (see: section 8.6), reassemble the packet using zero-filled or
received. (Otherwise, garbage-collect the reassembly buffer and
return from processing.) During reassembly, copy zero-filled or,
heuristically-chosen replacement data bytes in place of any heuristically-chosen replacement data bytes in place of any
missing fragments. missing fragments. (Otherwise, garbage-collect the reassembly
buffer and return from processing.)
- Mark the packet as "INCOMPLETE", and also mark it with a - Mark the packet as "INCOMPLETE", and also mark it with an
"TOTAL_BYTES" length that encodes the total number of data bytes "ACTUAL_BYTES" length that encodes the actual number of data bytes
in fragments that arrived. in fragments that arrived.
- Deliver the packet to the ISATAP driver as though reassembly had - Deliver the packet to the ISATAP driver, and do not send an ICMPv4
succeeded. "time exceeded" message [STD5].
- Do not send an ICMPv4 "time exceeded" message [STD0005].
Appendix C provides informative text on the derivation of the 1280 Appendix B provides informative text on the derivation of the 1280
byte IPv6 minimum MTU. byte IPv6 minimum MTU.
8.3 Handling ICMPv4 Errors 8.3 Handling ICMPv4 Errors
ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4 ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4
errors as link-specific information indicating that a path to a errors as link-specific information indicating that a path to a
neighbor may have failed ([RFC2461], section 7.3.3). neighbor may have failed ([RFC2461], section 7.3.3).
8.4 Link-Local Addresses 8.4 Link-Local Addresses
skipping to change at page 13, line 22 skipping to change at page 15, line 13
an ISATAP interface associated with the locator that matched an ISATAP interface associated with the locator that matched
the packet (see: section 7.2.3), or: the packet (see: section 7.2.3), or:
- the IPv4 source address is a member of the Potential Router - the IPv4 source address is a member of the Potential Router
List (see: section 9.1). List (see: section 9.1).
If the IPv4 source address is incorrect, silently discard the If the IPv4 source address is incorrect, silently discard the
packet and return from processing. packet and return from processing.
4. Perform IPv4 ingress filtering (optional; disabled by default) 4. Perform IPv4 ingress filtering (optional; disabled by default)
then decapsulate the packet. If the IPv6 source address is then decapsulate the packet but do not discard encapsulating
invalid (see: [MECH], section 3.6), silently discard the packet headers. If the IPv6 source address is invalid (see: [MECH],
and return from processing. section 3.6), silently discard the packet and return from
processing.
For UDP port 3544 packets received on an ISATAP interface, if the For UDP port 3544 packets received on an ISATAP interface, if the
IPv6 source address is an ISATAP link local address with the 'u' IPv6 source address is an ISATAP link local address with the 'u'
bit set to 0 and an embedded IPv4 address that does not match the bit set to 0 and an embedded IPv4 address that does not match the
IPv4 source address (see: section 6), rewrite the IPv6 source IPv4 source address (see: section 6), rewrite the IPv6 source
address to inform upper layers of the sender's mapped UDP port address to inform upper layers of the sender's mapped UDP port
number and IPv4 source address. Specific rules for rewriting the number and IPv4 source address. Specific rules for rewriting the
IPv6 source address are established during ISATAP interface IPv6 source address are established during ISATAP interface
configuration. configuration.
Next, discard encapsulating headers and continue processing the
encapsulated IPv6 packet.
5. Perform ingress filtering on the IPv6 source address (see: 5. Perform ingress filtering on the IPv6 source address (see:
[MECH], section 3.6). Next, determine the correct transport [MECH], section 3.6). Next, determine the correct transport
protocol listener [FLOW] if the packet is destined to the protocol listener [FLOW] if the packet is destined to the
localhost; otherwise, perform an IPv6 forwarding table lookup and localhost; otherwise, perform an IPv6 forwarding table lookup and
site border/firewall filtering (see: [UNIQUE], section 6). site border/firewall filtering (see: [UNIQUE], section 6).
If the packet cannot be delivered, the driver SHOULD send an If the packet cannot be delivered, the driver SHOULD send an
ICMPv6 Destination Unreachable message ([RFC2463], section 3.2) ICMPv6 Destination Unreachable message ([RFC2463], section 3.2)
to the packet's source. The message SHOULD select as its source to the packet's source. The message SHOULD select as its source
address an IPv6 address from the outgoing interface (if the address an IPv6 address from the outgoing interface (if the
skipping to change at page 14, line 37 skipping to change at page 16, line 25
- if the packet was received on a point-to-point link and - if the packet was received on a point-to-point link and
destined to an address within a subnet assigned to that same destined to an address within a subnet assigned to that same
link, or if the reason for the failure to deliver cannot be link, or if the reason for the failure to deliver cannot be
mapped to any of the specific conditions listed above, the mapped to any of the specific conditions listed above, the
Code field is set to 3 ([RFC2463], section 3.2). Code field is set to 3 ([RFC2463], section 3.2).
After sending the ICMPv6 Destination Unreachable message, discard After sending the ICMPv6 Destination Unreachable message, discard
the packet and return from processing. the packet and return from processing.
6. If the packet is "INCOMPLETE" (see section 8.2) send an 6. If the packet is "INCOMPLETE" (see section 8.2) prepare an
authenticated, unsolicited Router Advertisement message authenticated, unsolicited Router Advertisement message
([RFC2461], section 6.2.4) to the packet's IPv6 source address ([RFC2461], section 6.2.4) with an MTU option that encodes the
with an MTU option that encodes "TOTAL_BYTES". maximum of "ACTUAL_BYTES" and (68 bytes minus the size of
encapsulating headers.)
7. If the packet was destined to a remote host, forward the packet The IPv6 destination address in the Router Advertisement message
and return from processing. Otherwise, apply AH [RFC2402] or ESP is set to the packet's IPv6 source address, and the message is
[RFC2406] processing (if necessary), and deliver the decapsulated reverse-encapsulated and returned to the node that sent the
packet by placing it in a buffer for upper layers. The buffer may "INCOMPLETE" packet, i.e., it is NOT presented to the native IPv6
be, e.g., the IPv6 reassembly cache, an application's mapped data stack for transmission.
buffer [RFC3542], etc.
The 68 byte minimum MTU is due to the requirement that every
Internet module must be able to forward a datagram of 68 octets
without further fragmentation ([STD5], Internet Protocol, section
3.2).
7. Discard encapsulating headers. If the packet was destined to a
remote host, forward the packet and return from processing.
Otherwise, apply security processing (e.g., [RFC2402][RFC2406],
etc.), and place the packet in a buffer for upper layers. The
buffer may be, e.g., the IPv6 reassembly cache, an application's
mapped data buffer [RFC3542], etc.
If there is clear evidence that upper layer reassembly has If there is clear evidence that upper layer reassembly has
stalled, an ICMPv6 Packet Too Big message [RFC1981] MAY be sent stalled, an ICMPv6 Packet Too Big message [RFC1981] MAY be sent
to the packet's source address with an MTU value indicating a to the packet's source address with an MTU value likely to incur
size that is likely to incur successful reassembly. Some successful reassembly. Some applications may realize greater
applications may realize greater efficiency by accepting partial efficiency by accepting partial information from "INCOMPLETE"
information from "INCOMPLETE" packets (see: section 8.2) and packets (see: section 8.2) and requesting selective
requesting selective retransmission of missing portions. retransmission of missing portions.
9. Neighbor Discovery for ISATAP Interfaces 9. Neighbor Discovery for ISATAP Interfaces
ISATAP nodes use the neighbor discovery mechanisms specified in ISATAP nodes use the neighbor discovery mechanisms specified in
[RFC2461] along with securing mechanisms (e.g., [SEND]) to create/ [RFC2461] along with securing mechanisms (e.g., [SEND]) to create/
change neighbor cache entries and to provide control plane signaling change neighbor cache entries and to provide control plane signaling
for automatic tunnel configuration. ISATAP interfaces also implement for automatic tunnel configuration. ISATAP interfaces also implement
the following specifications: the following specifications:
9.1 Conceptual Model Of A Host 9.1 Conceptual Model Of A Host
skipping to change at page 15, line 32 skipping to change at page 17, line 33
A set of entries about potential routers; used to support the A set of entries about potential routers; used to support the
mechanisms specified in section 9.2.2.1. Each entry ("PRL(i)") mechanisms specified in section 9.2.2.1. Each entry ("PRL(i)")
has an associated timer ("TIMER(i)"), and an IPv4 address has an associated timer ("TIMER(i)"), and an IPv4 address
("V4ADDR(i)") that represents a router's advertising ISATAP ("V4ADDR(i)") that represents a router's advertising ISATAP
interface. interface.
9.2 Router and Prefix Discovery 9.2 Router and Prefix Discovery
9.2.1 Router Specification 9.2.1 Router Specification
As permitted by ([RFC2461], section 6.2.6), the ISATAP daemon SHOULD The Router Specification in ([RFC2461], section 6.2) is used. Router
send unicast Router Advertisement messages to the soliciting node's Advertisements sent on ISATAP interfaces MAY include information
address when the solicitation's source address is not the unspecified delegated via DHCPv6 [RFC3633]). Router Advertisements sent on ISATAP
address. (Router Advertisements MAY include information delegated via interfaces MUST NOT include a prefix option containing a preferred
DHCPv6 [RFC3633]). lifetime greater than the valid lifetime.
Routers MUST NOT send prefix options containing a preferred lifetime
greater than the valid lifetime.
9.2.2 Host Specification 9.2.2 Host Specification
The Host Specification in ([RFC2461], section 6.3) is used. ISATAP
interfaces add the following specifications:
9.2.2.1 Host Variables 9.2.2.1 Host Variables
To the list of host variables ([RFC2461], section 6.3.2), ISATAP To the list of host variables ([RFC2461], section 6.3.2), ISATAP
interfaces add: interfaces add:
PrlRefreshInterval PrlRefreshInterval
Time in seconds between successive refreshments of the PRL after Time in seconds between successive refreshments of the PRL after
initialization. It SHOULD be no less than 3600 seconds. The initialization. The designated value of all 1's (0xffffffff)
designated value of all 1's (0xffffffff) represents infinity. represents infinity.
Default: 3600 seconds Default: 3600 seconds
MinRouterSolicitInterval MinRouterSolicitInterval
Minimum time in seconds between successive solicitations of the Minimum time in seconds between successive solicitations of the
same advertising ISATAP interface. The designated value of all 1's same advertising ISATAP interface. The designated value of all 1's
(0xffffffff) represents infinity. (0xffffffff) represents infinity.
Default: 900 seconds
9.2.2.2 Potential Router List Initialization 9.2.2.2 Potential Router List Initialization
ISATAP nodes provision an ISATAP interface's PRL with IPv4 addresses ISATAP nodes provision an ISATAP interface's PRL with IPv4 addresses
discovered via manual configuration, a DNS fully-qualified domain discovered via a DNS fully-qualified domain name (FQDN) [STD13],
name (FQDN) [STD0013], a DHCPv4 option, a DHCPv4 vendor-specific manual configuration, a DHCPv4 option, a DHCPv4 vendor-specific
option, or an unspecified alternate method. option, or an unspecified alternate method.
FQDNs are established via manual configuration or an unspecified FQDNs are established via manual configuration or an unspecified
alternate method. FQDNs are resolved into IPv4 addresses through alternate method. FQDNs are resolved into IPv4 addresses through
lookup in a static host file, querying the DNS service, or an querying the DNS service, querying a site-specific name service,
unspecified alternate method. static host file lookup, or an unspecified alternate method.
When the node provisions an ISATAP interface's PRL with IPv4 When the node provisions an ISATAP interface's PRL with IPv4
addresses, it sets a timer for the interface (e.g., addresses, it sets a timer for the interface (e.g.,
PrlRefreshIntervalTimer) to PrlRefreshInterval seconds. The node re- PrlRefreshIntervalTimer) to PrlRefreshInterval seconds. The node re-
initializes the PRL as specified above when PrlRefreshIntervalTimer initializes the PRL as specified above when PrlRefreshIntervalTimer
expires, or when an asynchronous re-initialization event occurs. When expires, or when an asynchronous re-initialization event occurs. When
the node re-initializes the PRL, it resets PrlRefreshIntervalTimer to the node re-initializes the PRL, it resets PrlRefreshIntervalTimer to
PrlRefreshInterval seconds. PrlRefreshInterval seconds.
9.2.2.3 Processing Received Router Advertisements 9.2.2.3 Processing Received Router Advertisements
The ISATAP daemon processes Router Advertisements (RAs) exactly as To the list of checks for validating Router Advertisement messages
specified in ([RFC2461], section 6.3.4). The DHCPv6 specification ([RFC2461], section 6.1.1), ISATAP interfaces add:
[RFC3315] is the stateful mechanism associated with the M and O bits.
When the ISATAP daemon receives a Router Advertisement with an MTU
option from a router at the far end of a tunnel, it records the
advertised MTU value, e.g., in the node's IPv6 routing table. If the
MTU value is less than the MTU of the tunnel interface, the value is
recorded in such a way that the node will perform upper layer
fragmentation (i.e., above the IPv4 link layer) to reduce the size of
the IPv4 encapsulated packets it sends via the router. The recorded
value is aged as for IPv6 path MTU information [RFC1981].
For Router Advertisement messages that include prefix options, Route - IP Source Address is an ISATAP link-local address that embeds
information options [DEFLT] and/or non-zero values in the Router V4ADDR(i) for some PRL(i).
Lifetime, the ISATAP daemon resets TIMER(i) to schedule the next
solicitation event (see: section 9.2.2.4). Let "MIN_LIFETIME" be the
minimum value in the Router Lifetime or the lifetime(s) encoded in
options included in the RA message. Then, TIMER(i) is reset as
follows:
TIMER(i) = MAX((0.5 * MIN_LIFETIME), MinRouterSolicitInterval) Valid Router Advertisements received on an ISATAP interface are
processed exactly as specified in ([RFC2461], section 6.3.4) except
that, for unicast Router Advertisements that include an MTU option,
the MTU value does not alter the ISATAP interface LinkMTU. Instead,
the MTU value is recorded, e.g., in the IPv6 forwarding table. If the
IPv6 destination address is one of the node's own unicast addresses,
the MTU value is recorded such that upper layer fragmentation
[RFC3542] will be used to reduce the size of the encapsulated packets
sent via the router. The recorded value is aged as for IPv6 path MTU
information [RFC1981].
9.2.2.4 Sending Router Solicitations 9.2.2.4 Sending Router Solicitations
To the list of events after which RSs may be sent ([RFC2461], section To the list of events after which Router Solicitation messages may be
6.3.2), ISATAP interfaces add: sent ([RFC2461], section 6.3.7), ISATAP interfaces add:
- TIMER(i) for some PRL(i) expires. - TIMER(i) for some PRL(i) expires.
Router Solicitations MAY be sent to an ISATAP link-local address that Since unsolicited Router Advertisements may be incomplete (and, since
embeds V4ADDR(i) for some PRL(i) instead of the All-Routers multicast multicast unsolicited Router Advertisements may not arrive) ISATAP
address. nodes schedule periodic events to solicit Router Advertisements from
certain PRL(i)'s. When this periodic solicitation is used, after
sending the initial solicitation and receiving a valid Router
Advertisement message from PRL(i) with a non-zero Router Lifetime the
node sets TIMER(i) to schedule the first periodic event.
The TIMER(i) value SHOULD be set such that the next periodic event
will trigger a solicited Router Advertisement message before the
expiration of remaining lifetimes stored for this PRL(i), including
the Router Lifetime, Valid Lifetimes received in Prefix Information
Options, and Route Lifetimes received in Route Information Options
[DEFLT]. The TIMER(i) value MUST be set to no less than
MinRouterSolicitInterval seconds, where MinRouterSolicitInterval is
configurable for the node with a conservative default value.
When TIMER(i) expires, the node sends Router Solicitation messages as
specified in ([RFC2461], section 6.3.7) except that the messages use
an ISATAP link-local address that embeds V4ADDR(i) as the IPv6
destination address (i.e., instead of the All-Routers multicast
address). If remaining lifetimes for this PRL(i) have not yet expired
and the PRL(i) is still in use, TIMER(i) is reset as described above.
9.3 Address Resolution and Neighbor Unreachability Detection 9.3 Address Resolution and Neighbor Unreachability Detection
9.3.1 Address Resolution 9.3.1 Address Resolution
The specification in ([RFC2461], section 7.2) is used. ISATAP The specification in ([RFC2461], section 7.2) is used. ISATAP
addresses for which the neighbor/router's link-layer address cannot addresses for which the neighbor's link-layer address cannot
otherwise be determined (e.g., from a neighbor cache entry) are otherwise be determined (e.g., from a neighbor cache entry) are
resolved to link-layer addresses by a static computation, i.e., the resolved to link-layer addresses by a static computation, i.e., the
last four octets are treated as an IPv4 address. last four octets are treated as an IPv4 address.
Hosts SHOULD perform an initial reachability confirmation by sending Hosts SHOULD perform an initial reachability confirmation by sending
Neighbor Solicitation message(s) and receiving a Neighbor Neighbor Solicitation message(s) and receiving a Neighbor
Advertisement message (NS messages are sent to the target's unicast Advertisement message. Routers MAY perform this initial reachability
address). Routers MAY perform this initial reachability confirmation, confirmation, but this might not scale in all environments.
but this might not scale in all environments.
All nodes MUST send solicited Neighbor Advertisements on ISATAP
interfaces ([RFC2461], section 7.2.4).
9.3.2 Neighbor Unreachability Detection 9.3.2 Neighbor Unreachability Detection
Hosts SHOULD perform Neighbor Unreachability Detection ([RFC2461], Hosts SHOULD perform Neighbor Unreachability Detection ([RFC2461],
section 7.3). Routers MAY perform neighbor unreachability detection, section 7.3). Routers MAY perform neighbor unreachability detection,
but this might not scale in all environments. but this might not scale in all environments.
10. Other Requirements for Control Plane Signaling 10. Security considerations
10.1 Domain Name System (DNS)
The specifications in ([MECH], section 2.2) are used. Additional
considerations are found in [DNSOPV6].
10.2 Linklocal Multicast Name Resolution (LLMNR)
ISATAP nodes SHOULD implement Link Local Multicast Name Resolution
[LLMNR], since they will commonly be deployed in environments (e.g.,
home networks, ad-hoc networks, etc.) with no DNS service.
10.3 Node Information Queries
ISATAP nodes MAY implement Node Information Queries as specified in
[NIQUERY], since they may help the querier discover some subset of
the responder's addresses.
11. Security considerations Security considerations in the normative references apply. Also:
The security considerations in the normative references apply; also: - ISATAP nodes observe the security considerations outlined in
[SENDPS]; use of (e.g., [RFC2402][RFC2406], etc.) is not always
feasible.
- site border routers SHOULD install a black hole route for the IPv6 - site border routers SHOULD install a reject route for the IPv6
prefix FC00::/7 to insure that packets with local IPv6 destination prefix FC00::/7 to insure that packets with local IPv6 destination
addresses will not be forwarded outside of the site via a default addresses will not be forwarded outside of the site via a default
route. route.
- administrators MUST ensure that lists of IPv4 addresses - administrators MUST ensure that lists of IPv4 addresses
representing the advertising ISATAP interfaces of PRL members are representing the advertising ISATAP interfaces of PRL members are
well maintained. well maintained.
12. IANA Considerations 11. IANA Considerations
The IANA is instructed to specify the format for Modified EUI-64 The IANA is instructed to specify the format for Modified EUI-64
address construction ([ADDR], Appendix A) in the IANA Ethernet address construction ([ADDR], Appendix A) in the IANA Ethernet
Address Block. The text in Appendix D of this document is offered as Address Block. The text in Appendix C of this document is offered as
an example specification. an example specification. The current version of the IANA registry
The current version of the IANA registry for Ether Types can be for Ether Types can be accessed at:
accessed at http://www.iana.org/assignments/ethernet-numbers. http://www.iana.org/assignments/ethernet-numbers.
The IANA is instructed to assign the new ICMPv6 code field types The IANA is instructed to assign the new ICMPv6 code field types
found in Appendix E of this document for the ICMPv6 Destination found in Appendix D of this document for the ICMPv6 Destination
Unreachable message. The policy for assigning new ICMPv6 code field Unreachable message. The policy for assigning new ICMPv6 code field
types is First Come First Served, as defined in [RFC2434]. The types is First Come First Served, as defined in [BCP26]. The current
current version of the IANA registry for ICMPv6 type numbers can be version of the IANA registry for ICMPv6 type numbers can be accessed
accessed at http://www.iana.org/assignments/icmpv6-parameters. at:
http://www.iana.org/assignments/icmpv6-parameters.
13. IAB Considerations 12. IAB Considerations
[RFC3424] ("IAB Considerations for UNilateral Self-Address Fixing [RFC3424] ("IAB Considerations for UNilateral Self-Address Fixing
(UNSAF) Across Network Address Translation") section 4 requires that (UNSAF) Across Network Address Translation") section 4 requires that
any proposal supporting NAT traversal must explicitly address the any proposal supporting NAT traversal must explicitly address the
following considerations: following considerations:
13.1 Problem Definition 12.1 Problem Definition
The specific problem being solved is enabling IPv6 connectivity for The specific problem being solved is enabling IPv6 connectivity for
ISATAP nodes that are unable to communicate via ip-protocol-41 or ISATAP nodes that are unable to communicate via ip-protocol-41 or
native IPv6. native IPv6.
13.2 Exit Strategy 12.2 Exit Strategy
ISATAP nodes use UDP/IPv4 encapsulation for NAT traversal as a last ISATAP nodes use UDP/IPv4 encapsulation for NAT traversal as a last
resort. As soon as native IPv6 or ip-protocol-41 support becomes resort. As soon as native IPv6 or ip-protocol-41 support becomes
available, ISATAP nodes will naturally cease using UDP/IPv4 available, ISATAP nodes will naturally cease using UDP/IPv4
encapsulation. encapsulation.
13.3 Brittleness 12.3 Brittleness
UDP/IPv4 encapsulation with ISATAP introduces brittleness into the UDP/IPv4 encapsulation with ISATAP introduces brittleness into the
system in several ways: the discovery process assumes a certain system in several ways: the discovery process assumes a certain
classification of devices based on their treatment of UDP; the classification of devices based on their treatment of UDP; the
mappings need to be continuously refreshed, and addressing structure mappings need to be continuously refreshed, and addressing structure
may cause some hosts located beyond a common NAT to be unreachable may cause some hosts located beyond a common NAT to be unreachable
from each other. from each other.
ISATAP assumes a certain classification of devices based on their ISATAP assumes a certain classification of devices based on their
treatment of UDP. There could be devices that would not fit into one treatment of UDP. There could be devices that would not fit into one
of these molds, and hence would be improperly classified by ISATAP. of these molds, and hence would be improperly classified by ISATAP.
The bindings allocated from the NAT need to be continuously The bindings allocated from the NAT need to be continuously
refreshed. Since the timeouts for these bindings is very refreshed. Since the timeouts for these bindings is very
implementation specific, the refresh interval cannot easily be implementation specific, the refresh interval cannot easily be
determined. When the binding is not being actively used to receive determined. When the binding is not being actively used to receive
traffic, but to wait for an incoming message, the binding refresh traffic, but to wait for an incoming message, the binding refresh
will needlessly consume network bandwidth. will needlessly consume network bandwidth.
13.4 Requirements for a Long Term Solution 12.4 Requirements for a Long Term Solution
The devices that implement the IPv4 NAT service should in the future The devices that implement the IPv4 NAT service should in the future
also become IPv6 routers. also become IPv6 routers.
14. Acknowledgments 13. Acknowledgments
The ideas in this document are not original, and the authors The ideas in this document are not original, and the authors
acknowledge the original architects. Portions of this work were acknowledge the original architects. Portions of this work were
sponsored through SRI International internal projects and government sponsored through SRI International internal projects and government
contracts. Government sponsors include Monica Farah-Stapleton and contracts. Government sponsors include Monica Farah-Stapleton and
Russell Langan (U.S. Army CECOM ASEO), and Dr. Allen Moshfegh (U.S. Russell Langan (U.S. Army CECOM ASEO), and Dr. Allen Moshfegh (U.S.
Office of Naval Research). SRI International sponsors include Dr. Office of Naval Research). SRI International sponsors include Dr.
Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi
Sastry. Sastry.
skipping to change at page 20, line 30 skipping to change at page 22, line 30
The following are acknowledged for their significant contributions: The following are acknowledged for their significant contributions:
Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky, Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky,
Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Pekka Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Pekka
Savola, Margaret Wasserman, Brian Zill. Savola, Margaret Wasserman, Brian Zill.
The authors acknowledge the work of Quang Nguyen on "Virtual The authors acknowledge the work of Quang Nguyen on "Virtual
Ethernet" under the guidance of Dr. Lixia Zhang that proposed very Ethernet" under the guidance of Dr. Lixia Zhang that proposed very
similar ideas to those that appear in this document. This work was similar ideas to those that appear in this document. This work was
first brought to the authors' attention on September 20, 2002. first brought to the authors' attention on September 20, 2002.
IAB considerations are the same as for Teredo. IAB considerations are the same as for Teredo. The diagram in section
4 was inspired by a similar diagram in RFC 3371.
The following individuals are acknowledged for their helpful insights The following individuals are acknowledged for their helpful insights
on path MTU discovery: Jari Arkko, Iljitsch van Beijnum, Jim Bound, on path MTU discovery: Jari Arkko, Iljitsch van Beijnum, Jim Bound,
Ralph Droms, Alain Durand, Jun-ichiro itojun Hagino, Brian Haberman, Ralph Droms, Alain Durand, Jun-ichiro itojun Hagino, Brian Haberman,
Bob Hinden, Christian Huitema, Kevin Lahey, Hakgoo Lee, Matt Mathis, Bob Hinden, Christian Huitema, Kevin Lahey, Hakgoo Lee, Matt Mathis,
Jeff Mogul, Erik Nordmark, Soohong Daniel Park, Chirayu Patel, Jeff Mogul, Erik Nordmark, Soohong Daniel Park, Chirayu Patel,
Michael Richardson, Pekka Savola, Hesham Soliman, Mark Smith, Dave Michael Richardson, Pekka Savola, Hesham Soliman, Mark Smith, Dave
Thaler, Michael Welzl, Lixia Zhang and the members of the Nokia NRC/ Thaler, Michael Welzl, Lixia Zhang and the members of the Nokia NRC/
COM Mountain View team. COM Mountain View team.
"...and I'm one step ahead of the shoe shine, "...and I'm one step ahead of the shoe shine,
Two steps away from the county line, Two steps away from the county line,
Just trying to keep my customers satisfied, Just trying to keep my customers satisfied,
Satisfi-i-ied!" - Paul Simon, 1969 Satisfi-i-ied!" - Paul Simon, 1969
Appendix A. Major Changes Appendix A. Major Changes
Major changes from earlier versions to version 17: Major changes from earlier versions to version 17:
- changed first words in title from "Intra-site" to "Internet/site"
to more accurately represent the functionality.
- new section on configuration/management. - new section on configuration/management.
- new appendices on tunnel driver API; IANA considerations. - new appendices on IPv6 minimum MTU; IANA considerations.
- expanded section on MTU and fragmentation. - expanded section on MTU and fragmentation.
- expanded sections on encapsulation/decapsulation. - expanded sections on encapsulation/decapsulation.
- specified relation to IPv6 Node Requirements. - specified relation to IPv6 Node Requirements.
- introduced distinction between control; user planes. - introduced distinction between control; forwarding planes.
- specified multicast mappings. - specified multicast mappings.
- revised neighbor discovery, address autoconfiguration, IANA - revised neighbor discovery, address autoconfiguration, IANA
considerations and security considerations sections. considerations and security considerations sections.
Appendix B. Example ISATAP Driver API Appendix B. The IPv6 minimum MTU
An ISATAP driver API should include primitives for sending and
receiving control plane messages as well as primitives for tunnel
configuration/management such as the following non-normative
examples:
B.1 ISATAP_SEND, ISATAP_RECEIVE Primitives
Description:
Sends/Receives control plane messages via the
ISATAP driver (e.g., via a routing socket, etc.)
B.2 ISATAP_CREATE Primitive
Description:
Creates a new tunnel interface and an associated IP
interface by creating a row in tunnelIfConfigTable.
Also optionally configures read-write objects for the
tunnel interface and adds locators to the receive address
table via RcvTableAdd(locator, tunnel_interface).
Required parameter:
- tunnelIfEncapsMethod.
Optional parameters:
- attributes for configuring read-write objects.
- list of locators to associate with tunnel interface.
Returns:
- ifIndex for the new tunnel interface, or a failure code.
B.3 ISATAP_DELETE Primitive
Description:
Deletes an existing tunnel interface by deleting the
corresponding row in tunnelIfConfigTable. Also frees
its locators via RcvTableDel(NULL, tunnel_interface).
Required parameter:
- ifIndex.
Returns:
- success or a failure code.
B.4 ISATAP_CONFIG Primitive
Description:
Configures attributes for an existing tunnel interface.
Also adds new locators via RcvTableAdd(locator,
tunnel_interface) and deletes old locators via
RcvTableDel(locator, tunnel_interface).
Required parameter:
- ifIndex.
Optional parameters:
- read-write objects for the tunnel interface.
- list of locators to associate with tunnel interface.
- list of locators to delete from association.
Returns:
- success or a failure code.
B.5 ISATAP_BIND Primitive
Description:
Binds (or, creates then binds) a configured tunnel interface
to an ISATAP interface. The configured tunnel interface
inherits the ISATAP interface's locator set and the ISATAP
interface uses the encapsulation parameters associated with
the bound configured tunnel interface.
Required parameter:
- ifIndex for the ISATAP interface.
- ifIndex for the configured tunnel interface, or NULL.
Conditional parameter:
- if ifIndex for the configured tunnel is NULL,
tunnelIfEncapsMethod.
Optional parameters:
- attributes for configuring read-write objects for the
configured tunnel interface.
Returns:
- ifIndex for the configured tunnel, or a failure code.
B.6 ISATAP_GET Primitive
Description:
Copies configuration attributes from system table entries
associated with the specified tunnel interface into a
calling process' buffer.
Required parameter:
- ifIndex
- address of a buffer in calling process's memory.
- number of bytes available in the user's buffer.
Returns:
- Number of bytes written into the calling process'
buffer, or a failure code.
Appendix C. The IPv6 minimum MTU
The 1280 byte IPv6 minimum MTU was proposed by Steve Deering and The 1280 byte IPv6 minimum MTU was proposed by Steve Deering and
agreed through working group consensus in November 1997 discussions agreed through working group consensus in November 1997 discussions
on the IPv6 mailing list. The size was chosen to allow extra room for on the IPv6 mailing list. The size was chosen to allow extra room for
link layer encapsulations without exceeding the Ethernet MTU of 1500 link layer encapsulations without exceeding the Ethernet MTU of 1500
bytes, i.e., the practical physical cell size of the Internet. The bytes, i.e., the practical physical cell size of the Internet. The
1280 byte MTU also provides a fixed upper bound for the size of IPv6 1280 byte MTU also provides a fixed upper bound for the size of IPv6
packets/fragments with a maximum store-and-forward delay budget of ~1 packets/fragments with a maximum store-and-forward delay budget of ~1
second assuming worst-case link speeds of ~10Kbps [BCP0048], thus second assuming worst-case link speeds of ~10Kbps [BCP48], thus
providing a convenient value for use in reassembly buffer timer providing a convenient value for use in reassembly buffer timer
settings. Finally, the 1280 byte MTU allows transport connections settings. Finally, the 1280 byte MTU allows transport connections
(e.g., TCP) to configure a large-enough maximum segment size for (e.g., TCP) to configure a large-enough maximum segment size for
improved performance even if the IPv4 interface that will send the improved performance even if the IPv4 interface that will send the
tunneled packets uses a smaller MTU. tunneled packets uses a smaller MTU.
Appendix D. Modified EUI-64 Addresses in the IANA Ethernet Address Block Appendix C. Modified EUI-64 Addresses in the IANA Ethernet Address Block
Modified EUI-64 addresses ([ADDR], Appendix A) in the IANA Ethernet Modified EUI-64 addresses ([ADDR], Appendix A) in the IANA Ethernet
Address Block are formed as the concatenation of the 24-bit IANA OUI Address Block are formed as the concatenation of the 24-bit IANA OUI
(00-00-5E) with a 40-bit extension identifier. They have the (00-00-5E) with a 40-bit extension identifier. They have the
following appearance in memory (bits transmitted right-to-left within following appearance in memory (bits transmitted right-to-left within
octets, octets transmitted left-to-right): octets, octets transmitted left-to-right):
0 23 63 0 23 63
| OUI | extension identifier | | OUI | extension identifier |
000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx 000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
skipping to change at page 25, line 4 skipping to change at page 24, line 24
| OUI | extension identifier | | OUI | extension identifier |
000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx 000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
When the first two octets of the extension identifier encode the When the first two octets of the extension identifier encode the
hexadecimal value 0xFFFE, the remainder of the extension identifier hexadecimal value 0xFFFE, the remainder of the extension identifier
encodes a 24-bit vendor-supplied id as follows: encodes a 24-bit vendor-supplied id as follows:
0 23 39 63 0 23 39 63
| OUI | 0xFFFE | vendor-supplied id | | OUI | 0xFFFE | vendor-supplied id |
000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx 000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx
When the first octet of the extension identifier encodes the When the first octet of the extension identifier encodes the
hexadecimal value 0xFE, the remainder of the extension identifier hexadecimal value 0xFE, the remainder of the extension identifier
encodes a 32-bit IPv4 address, as specified in ([ISATAP], section encodes a 32-bit IPv4 address as follows:
6.1) and as follows:
0 23 31 63 0 23 31 63
| OUI | 0xFE | IPv4 address | | OUI | 0xFE | IPv4 address |
000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx 000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
Modified EUI-64 format interface identifiers are formed by inverting Modified EUI-64 format interface identifiers are formed by inverting
the "u" bit, i.e., the "u" bit is set to one (1) to indicate the "u" bit, i.e., the "u" bit is set to one (1) to indicate
universal scope and it is set to zero (0) to indicate local scope universal scope and it is set to zero (0) to indicate local scope
([ADDR], section 2.5.1). ([ADDR], section 2.5.1).
Appendix E. Proposed ICMPv6 Code Field Types Appendix D. Proposed ICMPv6 Code Field Types
Three new ICMPv6 Code Field Type definitions are proposed for the Three new ICMPv6 Code Field Type definitions are proposed for the
ICMPv6 Destination Unreachable message. The first proposes a new ICMPv6 Destination Unreachable message. The first proposes a new
definition for a currently-unassigned code type (2) in the ICMPv6 definition for a currently-unassigned code type (2) in the ICMPv6
Type Numbers registry; the others propose new definitions for code Type Numbers registry; the others propose new definitions for code
types (5) and (6). The code type field definition proposals appear types (5) and (6). The code type field definition proposals appear
below: below:
Type Name Reference Type Name Reference
---- ------------------------- --------- ---- ------------------------- ---------
1 Destination Unreachable [RFC2463] 1 Destination Unreachable [RFC2463]
Code 2 - beyond the scope of source address Code 2 - beyond the scope of source address
5 - source address failed ingress policy 5 - source address failed ingress policy
6 - reject route to destination 6 - reject route to destination
Normative References Normative References
[STD0003] Braden, R., "Requirements for Internet Hosts - Communication [BCP14] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[BCP26] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[STD3] Braden, R., "Requirements for Internet Hosts - Communication
Layers", STD 3, RFC 1122, October 1989. Layers", STD 3, RFC 1122, October 1989.
[STD0005] Postel, J., "Internet Protocol", STD 5, RFC 791, September [STD5] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
1981.
[STD0006] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August [STD6] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
1980. 1980.
[RFC1981] McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for [RFC1981] McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for
IP version 6", RFC 1981, August 1996. IP version 6", RFC 1981, August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery [RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998. for IP Version 6 (IPv6)", RFC 2461, December 1998.
[RFC2463] Conta, A., and S. Deering, "Internet Control Message Protocol [RFC2463] Conta, A., and S. Deering, "Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification",
RFC 2463, December 1998. RFC 2463, December 1998.
[RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
Domains without Explicit Tunnels", RFC 2529, March 1999. Domains without Explicit Tunnels", RFC 2529, March 1999.
[RFC3424] Daigle, L. and IAB, "IAB Considerations for UNilateral Self- [RFC3424] Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
Address Fixing (UNSAF) Across Network Address Translation", RFC 3424, Address Fixing (UNSAF) Across Network Address Translation", RFC 3424,
November 2002. November 2002.
[RFC3484] Draves, R., "Default Address Selection for Internet Protocol
version 6 (IPv6)", RFC 3484, February 2003.
[RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W.
Stevens, "Basic Socket Interface Extensions for IPv6", RFC 3493,
February 2003.
[RFC3542] Stevens, W., Thomas, M., Nordmark, E. and T. Jinmei, [RFC3542] Stevens, W., Thomas, M., Nordmark, E. and T. Jinmei,
"Advanced Sockets Application Program Interface (API) for IPv6", RFC "Advanced Sockets Application Program Interface (API) for IPv6", RFC
3542, May 2003. 3542, May 2003.
[RFC3582] Abley, J., Black, B. and V. Gill, "Goals for IPv6 Site- [RFC3582] Abley, J., Black, B. and V. Gill, "Goals for IPv6 Site-
Multihoming Architectures", RFC 3582, August 2003. Multihoming Architectures", RFC 3582, August 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.
[ADDR] Hinden, R. and S. Deering, "IP Version 6 Addressing [ADDR] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", draft-ietf-ipv6-addr-arch-v4 (work in progress), Architecture", draft-ietf-ipv6-addr-arch-v4, Work in Progress,
October 2003. October 2003.
[AUTH] Reynolds, J. and R. Braden, "Instructions to Request for
Comments (RFC) Authors", draft-rfc-editor-rfc2223bis (work in
progress), August 2003.
[DEFLT] Draves, R. and D. Thaler, "Default Router Preferences and [DEFLT] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", draft-ietf-ipv6-router-selection (work in More-Specific Routes", draft-ietf-ipv6-router-selection, Work in
progress), December 2003. Progress, December 2003.
[ISATAP] Templin, F., Gleeson, T., Talwar, M. and D. Thaler,
"Internet/Site Automatic Tunnel Addressing Protocol", draft-ietf-
ngtrans-isatap (work in progress), February 2004.
[LLMNR] Esibov, L., Aboba, B. and D. Thaler, "Linklocal Multicast
Name Resolution", draft-ietf-dnsext-mdns (work in progress), January
2004.
[MECH] Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms [MECH] Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms
for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2 (work in for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2, Work in
progress), February 2003. Progress, February 2003.
[NODEREQ] Loughney, J., "IPv6 Node Requirements", draft-ietf-ipv6-node- [NODEREQ] Loughney, J., "IPv6 Node Requirements", draft-ietf-ipv6-node-
requirements (work in progress), October 2003. requirements, Work in Progress, October 2003.
[UNIQUE] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [UNIQUE] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", draft-ietf-ipv6-unique-local-addr (work in progress), Addresses", draft-ietf-ipv6-unique-local-addr, Work in Progress,
January 2004. January 2004.
Informative References Informative References
[BCP0048] Dawkins, S., Montenegro, G., Kojo, M. and V. Magret, "End- [BCP48] Dawkins, S., Montenegro, G., Kojo, M. and V. Magret, "End-to-
to-end Performance Implications of Slow Links", BCP 48, RFC 3150, end Performance Implications of Slow Links", BCP 48, RFC 3150, July
July 2001. 2001.
[STD0013] Mockapetris, P., "Domain names - implementation and [STD13] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC
2402, November 1998. 2402, November 1998.
[RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload [RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
(ESP)", RFC 2406, November 1998. (ESP)", RFC 2406, November 1998.
[RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6 [RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6
over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491, over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491,
January 1999. January 1999.
[RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM [RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM
Networks", RFC 2492, January 1999. Networks", RFC 2492, January 1999.
[RFC2710] Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
Discovery (MLD) for IPv6", RFC 2710, October 1999.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via
IPv4 Clouds", RFC 3056, February 2001. IPv4 Clouds", RFC 3056, February 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.
Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC
3315, July 2003. 3315, July 2003.
[ANYCAST] Hagino, J. and K. Ettikan, "An Analysis of IPv6 Anycast", [ANYCAST] Hagino, J. and K. Ettikan, "An Analysis of IPv6 Anycast",
draft-ietf-ipngwg-ipv6-anycast-analysis (work in progress), June draft-ietf-ipngwg-ipv6-anycast-analysis, Work in Progress, June 2003.
2003.
[DNSOPV6] Durand, A., Ihren, J., and Savola P., "Operational
Considerations and Issues with IPv6 DNS", draft-ietf-dnsop-ipv6-dns-
issues, work-in-progress, January 2004.
[FLOW] Rajahalme, J., Conta, A., Carpenter, B. and S. Deering, [FLOW] Rajahalme, J., Conta, A., Carpenter, B. and S. Deering,
"IPv6 Flow Label Specification", draft-ietf-ipv6-flow-label (work in "IPv6 Flow Label Specification", draft-ietf-ipv6-flow-label, Work in
progress), December 2003. Progress, December 2003.
[FRAG] Mogul, J. and C. Kent, "Fragmentation Considered Harmful", In [FRAG] Mogul, J. and C. Kent, "Fragmentation Considered Harmful", In
Proc. SIGCOMM '87 Workshop on Frontiers in Computer Communications Proc. SIGCOMM '87 Workshop on Frontiers in Computer Communications
Technology. August, 1987. Technology. August, 1987.
[FTMIB] Haberman, B. and M. Wasserman, "IP Forwarding Table MIB", [FTMIB] Haberman, B. and M. Wasserman, "IP Forwarding Table MIB",
draft-ietf-ipv6-rfc2096-update (work in progress), August 2003. draft-ietf-ipv6-rfc2096-update, Work in Progress, August 2003.
[IPMIB] Routhier, S., "Management Information Base for the Internet [IPMIB] Routhier, S., "Management Information Base for the Internet
Protocol (IP)", draft-ietf-ipv6-rfc2011-update (work in progress), Protocol (IP)", draft-ietf-ipv6-rfc2011-update, Work in Progress,
September 2003. September 2003.
[NIQUERY] Crawford, M., "IPv6 Node Information Queries", draft-ietf-
ipngwg-icmp-name-lookups (work in progress), June 2003.
[SEND] Arkko, J., Kempf, J., Sommerfield, B., Zill, B. and P. [SEND] Arkko, J., Kempf, J., Sommerfield, B., Zill, B. and P.
Nikander, "Secure Neighbor Discovery (SEND)", draft-ietf-send-ndopt
(work in progress), October 2003.
[TCPMIB] Raghunarayan, R., "Management Information Base for the Nikander, "Secure Neighbor Discovery (SEND)", draft-ietf-send-ndopt,
Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update Work in Progress, October 2003.
(work in progress), November 2003.
[TUNMIB] Thaler, D., "IP Tunnel MIB", draft-ietf-ipv6-inet-tunnel-mib [SENDPS] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor
(work in progress), January 2004. Discovery Trust Models and Threats", draft-ietf-send-psreq, Work in
Progress, October 2003.
[UDPMIB] Raghunarayan, R., "Management Information Base for the [TUNMIB] Thaler, D., "IP Tunnel MIB", draft-ietf-ipv6-inet-tunnel-mib,
Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update Work in Progress, January 2004.
(work in progress), November 2003.
Authors' Addresses Authors' Addresses
Fred L. Templin Fred L. Templin
Nokia Nokia
313 Fairchild Drive 313 Fairchild Drive
Mountain View, CA 94110 Mountain View, CA 94110
US US
Phone: +1 650 625 2331 Phone: +1 650 625 2331
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/