draft-ietf-ngtrans-isatap-23.txt   draft-ietf-ngtrans-isatap-24.txt 
Network Working Group F. Templin Network Working Group F. Templin
Internet-Draft Nokia Internet-Draft Consultant
December 10, 2004 T. Gleeson Expires: July 31, 2005 T. Gleeson
Expires: June 10, 2005 Cisco Systems K.K. Cisco Systems K.K.
M. Talwar M. Talwar
D. Thaler D. Thaler
Microsoft Corporation Microsoft Corporation
January 27, 2005
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
draft-ietf-ngtrans-isatap-23.txt draft-ietf-ngtrans-isatap-24.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable This document is an Internet-Draft and is subject to all provisions
patent or other IPR claims of which I am aware have been disclosed, of Section 3 of RFC 3667. By submitting this Internet-Draft, each
and any of which I become aware will be disclosed, in accordance with author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 10, 2004. This Internet-Draft will expire on July 31, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2005).
Abstract Abstract
The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects
IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4 network IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4 network
as a link layer for IPv6 and views other nodes on the network as as a link layer for IPv6 and views other nodes on the network as
potential IPv6 hosts/routers. ISATAP supports an automatic tunneling potential IPv6 hosts/routers. ISATAP supports an automatic tunneling
abstraction similar to the Non-Broadcast Multiple Access (NBMA) abstraction similar to the Non-Broadcast Multiple Access (NBMA)
model. model.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Domain of Applicability . . . . . . . . . . . . . . . . . . 4
5. Node Requirements . . . . . . . . . . . . . . . . . . . . . 4
6. Addressing Requirements . . . . . . . . . . . . . . . . . . 4
7. Automatic Tunneling . . . . . . . . . . . . . . . . . . . . 5
8. Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . 7
9. Site Administration Considerations . . . . . . . . . . . . . 9
10. Summary of Impact on Routing . . . . . . . . . . . . . . . . 9
11. Security considerations . . . . . . . . . . . . . . . . . . 10
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 11
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
14.1 Normative References . . . . . . . . . . . . . . . . . . 12
14.2 Informative References . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 13
A. Modified EUI-64 Addresses in the IANA Ethernet Address
Block . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
B. Changes since -22 . . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . 16
1. Introduction 1. Introduction
This document specifies a simple mechanism called the Intra-Site This document specifies a simple mechanism called the Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6 Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6
hosts/routers over IPv4 networks. Dual-stack (IPv6/IPv4) nodes use hosts/routers over IPv4 networks. Dual-stack (IPv6/IPv4) nodes use
ISATAP to automatically tunnel IPv6 packets in IPv4, i.e., ISATAP ISATAP to automatically tunnel IPv6 packets in IPv4, i.e., ISATAP
views the IPv4 network as a link layer for IPv6 and views other nodes views the IPv4 network as a link layer for IPv6 and views other nodes
on the network as potential IPv6 hosts/routers. on the network as potential IPv6 hosts/routers.
ISATAP enables automatic tunneling whether global or private IPv4 ISATAP enables automatic tunneling whether global or private IPv4
skipping to change at page 2, line 28 skipping to change at page 3, line 28
The main objectives of this document are to: 1) describe the domain The main objectives of this document are to: 1) describe the domain
of applicability, 2) specify addressing requirements, 3) specify of applicability, 2) specify addressing requirements, 3) specify
automatic tunneling using ISATAP, 4) specify the operation of IPv6 automatic tunneling using ISATAP, 4) specify the operation of IPv6
Neighbor Discovery over ISATAP interfaces, and 5) discuss Site Neighbor Discovery over ISATAP interfaces, and 5) discuss Site
Administration, Security and IANA considerations. Administration, Security and IANA considerations.
2. Requirements 2. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [BCP14]. document, are to be interpreted as described in [RFC2119].
This document also makes use of internal conceptual variables to This document also makes use of internal conceptual variables to
describe protocol behavior and external variables that an describe protocol behavior and external variables that an
implementation must allow system administrators to change. The implementation must allow system administrators to change. The
specific variable names, how their values change, and how their specific variable names, how their values change, and how their
settings influence protocol behavior are provided to demonstrate settings influence protocol behavior are provided to demonstrate
protocol behavior. An implementation is not required to have them in protocol behavior. An implementation is not required to have them in
the exact form described here, so long as its external behavior is the exact form described here, so long as its external behavior is
consistent with that described in this document. consistent with that described in this document.
3. Terminology 3. Terminology
The terminology of [RFC2460][RFC2461] applies to this document. The The terminology of [RFC2460][RFC2461] applies to this document. The
following additional terms are defined: following additional terms are defined:
site:
a connected, self-contained, single administrative domain network
surrounded by zero or more border-filtering routers and containing
interior routers and links with their attached interfaces.
ISATAP node: ISATAP node:
a node that implements the specifications in this document. a node that implements the specifications in this document.
ISATAP interface: ISATAP interface:
an ISATAP node's non-broadcast multi-access (NBMA) IPv6 interface an ISATAP node's non-broadcast multi-access (NBMA) IPv6 interface
used for automatic tunneling of IPv6 packets in IPv4. used for automatic tunneling of IPv6 packets in IPv4.
ISATAP interface identifier: ISATAP interface identifier:
an IPv6 interface identifier with an embedded IPv4 address an IPv6 interface identifier with an embedded IPv4 address
constructed as specified in section 6.1. constructed as specified in Section 6.1.
ISATAP address: ISATAP address:
an IPv6 unicast address that matches an on-link prefix on an an IPv6 unicast address that matches an on-link prefix on an
ISATAP interface of the node, and includes an ISATAP interface ISATAP interface of the node, and includes an ISATAP interface
identifier. identifier.
locator: locator:
an IPv4 address-to-interface mapping, i.e., a node's IPv4 address an IPv4 address-to-interface mapping, i.e., a node's IPv4 address
and its associated interface. and its associated interface.
skipping to change at page 5, line 8 skipping to change at page 5, line 52
unicast capability in its underlying IPv4 carrier network. Support unicast capability in its underlying IPv4 carrier network. Support
for IPv6 multicast over ISATAP interfaces is not described in this for IPv6 multicast over ISATAP interfaces is not described in this
document. document.
Similarly, support for Reserved IPv6 Subnet Anycast Addresses is not Similarly, support for Reserved IPv6 Subnet Anycast Addresses is not
described in this document. described in this document.
7. Automatic Tunneling 7. Automatic Tunneling
ISATAP interfaces use the basic tunneling mechanisms specified in ISATAP interfaces use the basic tunneling mechanisms specified in
([MECH], section 3). The following additional specifications are also ([MECH], section 3). The following additional specifications are
used: also used:
7.1 Encapsulation 7.1 Encapsulation
ISATAP addresses are mapped to a link-layer address by a static ISATAP addresses are mapped to a link-layer address by a static
computation, i.e., the last four octets are treated as an IPv4 computation, i.e., the last four octets are treated as an IPv4
address. address.
7.2 Handling ICMPv4 Errors 7.2 Handling IPv4 ICMP Errors
ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4 ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4
errors as link-specific information indicating that a path to a errors as link-specific information indicating that a path to a
neighbor may have failed ([RFC2461], section 7.3.3). neighbor may have failed ([RFC2461], section 7.3.3).
7.3 Decapsulation 7.3 Decapsulation
The specification in ([MECH], section 3.6) is used. Additionally, The specification in ([MECH], section 3.6) is used. Additionally,
when an ISATAP node receives an IPv4 protocol 41 datagram that does when an ISATAP node receives an IPv4 protocol 41 datagram that does
not belong to a configured tunnel interface, it determines whether not belong to a configured tunnel interface, it determines whether
the packet's IPv4 destination address and arrival interface match a the packet's IPv4 destination address and arrival interface match a
locator configured in an ISATAP interface's locator set. locator configured in an ISATAP interface's locator set.
If an ISATAP interface that configures a matching locator is found, If an ISATAP interface that configures a matching locator is found,
the decapsulator MUST verify that the packet's IPv4 source address is the decapsulator MUST verify that the packet's IPv4 source address is
correct for the encapsulated IPv6 source address. The IPv4 source correct for the encapsulated IPv6 source address. The IPv4 source
address is correct if: address is correct if:
- the IPv6 source address is an ISATAP address that embeds the o the IPv6 source address is an ISATAP address that embeds the IPv4
IPv4 source address in its interface identifier, or: source address in its interface identifier, or:
- the IPv4 source address is a member of the Potential Router o the IPv4 source address is a member of the Potential Router List
List (see: section 8.1). (see: section 8.1).
Packets for which the IPv4 source address is incorrect for this Packets for which the IPv4 source address is incorrect for this
ISATAP interface are checked to determine whether they belong to ISATAP interface are checked to determine whether they belong to
another tunnel interface. another tunnel interface.
7.4 Link-Local Addresses 7.4 Link-Local Addresses
ISATAP interfaces use link local addresses constructed as specified ISATAP interfaces use link local addresses constructed as specified
in section 6 of this document. in section 6 of this document.
7.5 Neighbor Discovery over Tunnels 7.5 Neighbor Discovery over Tunnels
ISATAP interfaces use the specifications for neighbor discovery found ISATAP interfaces use the specifications for neighbor discovery found
in the following section of this document. in section 8 of this document.
8. Neighbor Discovery for ISATAP Interfaces 8. Neighbor Discovery for ISATAP Interfaces
ISATAP interfaces use the neighbor discovery mechanisms specified in ISATAP interfaces use the neighbor discovery mechanisms specified in
[RFC2461] and also implement the following specifications: [RFC2461] and also implement the following specifications:
8.1 Conceptual Model Of A Host 8.1 Conceptual Model Of A Host
To the list of Conceptual Data Structures ([RFC2461], section 5.1), To the list of Conceptual Data Structures ([RFC2461], section 5.1),
ISATAP interfaces add: ISATAP interfaces add:
Potential Router List (PRL) Potential Router List
A set of entries about potential routers; used to support router A set of entries about potential routers; used to support router
and prefix discovery. Each entry ("PRL(i)") has an associated and prefix discovery. Each entry ("PRL(i)") has an associated
timer ("TIMER(i)"), and an IPv4 address ("V4ADDR(i)") that timer ("TIMER(i)"), and an IPv4 address ("V4ADDR(i)") that
represents a router's advertising ISATAP interface. represents a router's advertising ISATAP interface.
8.2 Router and Prefix Discovery - Router Specification 8.2 Router and Prefix Discovery - Router Specification
Advertising ISATAP interfaces send Solicited Router Advertisement Advertising ISATAP interfaces send Solicited Router Advertisement
messages as specified in ([RFC2461], section 6.2.6) except that the messages as specified in ([RFC2461], section 6.2.6) except that the
messages are sent directly to the soliciting node, i.e., they might messages are sent directly to the soliciting node, i.e., they might
skipping to change at page 6, line 47 skipping to change at page 7, line 42
8.3.1 Host Variables 8.3.1 Host Variables
To the list of host variables ([RFC2461], section 6.3.2), ISATAP To the list of host variables ([RFC2461], section 6.3.2), ISATAP
interfaces add: interfaces add:
PrlRefreshInterval PrlRefreshInterval
Time in seconds between successive refreshments of the PRL after Time in seconds between successive refreshments of the PRL after
initialization. The designated value of all 1's (0xffffffff) initialization. The designated value of all 1's (0xffffffff)
represents infinity. represents infinity.
Default: 3600 seconds Default: 3600 seconds
MinRouterSolicitInterval MinRouterSolicitInterval
Minimum time in seconds between successive solicitations of the Minimum time in seconds between successive solicitations of the
same advertising ISATAP interface. The designated value of all 1's same advertising ISATAP interface. The designated value of all
(0xffffffff) represents infinity. 1's (0xffffffff) represents infinity.
8.3.2 Potential Router List Initialization 8.3.2 Potential Router List Initialization
ISATAP nodes initialize an ISATAP interface's PRL with IPv4 addresses ISATAP nodes initialize an ISATAP interface's PRL with IPv4 addresses
discovered via manual configuration, a DNS fully-qualified domain discovered via manual configuration, a DNS fully-qualified domain
name (FQDN) [STD13], a DHCPv4 option, a DHCPv4 vendor-specific name (FQDN) [RFC1035], a DHCPv4 option, a DHCPv4 vendor-specific
option, or an unspecified alternate method. FQDNs are established via option, or an unspecified alternate method. FQDNs are established
manual configuration or an unspecified alternate method. FQDNs are via manual configuration or an unspecified alternate method. FQDNs
resolved into IPv4 addresses through a static host file lookup, are resolved into IPv4 addresses through a static host file lookup,
querying the DNS service, querying a site-specific name service, or querying the DNS service, querying a site-specific name service, or
an unspecified alternate method. an unspecified alternate method.
After initializing an ISATAP interface's PRL, the node sets a timer After initializing an ISATAP interface's PRL, if the PRL is empty the
node SHOULD disable the interface. Otherwise, the node sets a timer
for the interface to PrlRefreshInterval seconds and re-initializes for the interface to PrlRefreshInterval seconds and re-initializes
the interface's PRL as specified above when the timer expires. When the interface's PRL as specified above when the timer expires. When
an FQDN is used, and when it is resolved via a service that includes an FQDN is used, and when it is resolved via a service that includes
TTLs with the IPv4 addresses returned (e.g., DNS 'A' resource records TTLs with the IPv4 addresses returned (e.g., DNS 'A' resource records
[STD13]), the timer SHOULD be set to the minimum of [RFC1035]), the timer SHOULD be set to the minimum of
PrlRefreshInterval and the minimum TTL returned. (Zero-valued TTLs PrlRefreshInterval and the minimum TTL returned. (Zero-valued TTLs
are interpreted to mean that the PRL is re-initialized before each are interpreted to mean that the PRL is re-initialized before each
Router Solicitation event - see: section 8.3.4). Router Solicitation event - see: section 8.3.4).
8.3.3 Processing Received Router Advertisements 8.3.3 Processing Received Router Advertisements
To the list of checks for validating Router Advertisement messages To the list of checks for validating Router Advertisement messages
([RFC2461], section 6.1.1), ISATAP interfaces add: ([RFC2461], section 6.1.1), ISATAP interfaces add:
- IP Source Address is a link-local ISATAP address that embeds o IP Source Address is a link-local ISATAP address that embeds
V4ADDR(i) for some PRL(i). V4ADDR(i) for some PRL(i).
Valid Router Advertisements received on an ISATAP interface are Valid Router Advertisements received on an ISATAP interface are
processed as specified in ([RFC2461], section 6.3.4). processed as specified in ([RFC2461], section 6.3.4).
8.3.4 Sending Router Solicitations 8.3.4 Sending Router Solicitations
To the list of events after which Router Solicitation messages may be To the list of events after which Router Solicitation messages may be
sent ([RFC2461], section 6.3.7), ISATAP interfaces add: sent ([RFC2461], section 6.3.7), ISATAP interfaces add:
- TIMER(i) for some PRL(i) expires. o TIMER(i) for some PRL(i) expires.
Since unsolicited Router Advertisements may be incomplete and/or Since unsolicited Router Advertisements may be incomplete and/or
absent, ISATAP nodes MAY schedule periodic Router Solicitation events absent, ISATAP nodes MAY schedule periodic Router Solicitation events
for certain PRL(i)'s by setting the corresponding TIMER(i). for certain PRL(i)'s by setting the corresponding TIMER(i).
When periodic Router Solicitation events are scheduled, the node When periodic Router Solicitation events are scheduled, the node
SHOULD set TIMER(i) such that the next event will refresh remaining SHOULD set TIMER(i) such that the next event will refresh remaining
lifetimes stored for PRL(i) before they expire, including the Router lifetimes stored for PRL(i) before they expire, including the Router
Lifetime, Valid Lifetimes received in Prefix Information Options, and Lifetime, Valid Lifetimes received in Prefix Information Options, and
Route Lifetimes received in Route Information Options [DEFLT]. Route Lifetimes received in Route Information Options [DEFLT].
skipping to change at page 9, line 5 skipping to change at page 9, line 44
The PRL is commonly maintained as an FQDN for the ISATAP service in The PRL is commonly maintained as an FQDN for the ISATAP service in
the site's name service (see: section 8.3.2). There are no mandatory the site's name service (see: section 8.3.2). There are no mandatory
rules for the selection of the FQDN, but site administrators are rules for the selection of the FQDN, but site administrators are
encouraged to use the convention "isatap.domainname" (e.g., encouraged to use the convention "isatap.domainname" (e.g.,
isatap.example.com). isatap.example.com).
When the site's name service includes TTLs with the IPv4 addresses When the site's name service includes TTLs with the IPv4 addresses
returned, site administrators SHOULD configure the TTLs with returned, site administrators SHOULD configure the TTLs with
conservative values to minimize control traffic. conservative values to minimize control traffic.
10. Security considerations 10. Summary of Impact on Routing
As stated in Section 4, this document focuses on connectivity to
hosts. Router-to-router protocols which rely on the use of multicast
will not work over an ISATAP link, but this is not required for
ISATAP's domain of applicability. For router-to-host communication,
the impact on Neighbor Discovery/Router Discovery is covered in
Section 8.
Finally, there is no impact on existing routing protocols outside of
the ISATAP link, as any arbitrary prefix can be used, as with most
other link-layer protocols.
11. Security considerations
Implementors should be aware that, in addition to possible attacks Implementors should be aware that, in addition to possible attacks
against IPv6, security attacks against IPv4 must also be considered. against IPv6, security attacks against IPv4 must also be considered.
Use of IP security at both IPv4 and IPv6 levels should nevertheless Use of IP security at both IPv4 and IPv6 levels should nevertheless
be avoided, for efficiency reasons. For example, if IPv6 is running be avoided, for efficiency reasons. For example, if IPv6 is running
encrypted, encryption of IPv4 would be redundant except if traffic encrypted, encryption of IPv4 would be redundant except if traffic
analysis is felt to be a threat. If IPv6 is running authenticated, analysis is felt to be a threat. If IPv6 is running authenticated,
then authentication of IPv4 will add little. Conversely, IPv4 then authentication of IPv4 will add little. Conversely, IPv4
security will not protect IPv6 traffic once it leaves the ISATAP security will not protect IPv6 traffic once it leaves the ISATAP
domain. Therefore, implementing IPv6 security is required even if domain. Therefore, implementing IPv6 security is required even if
IPv4 security is available. IPv4 security is available.
The threats associated with IPv6 Neighbor Discovery are described in There is a possible spoofing attack in which an attacker outside the
[RFC3756]. IPv4 site spoofs an IPv6 source address which appears to be an
on-link ISATAP address, and encapsulates it to an ISATAP node. Since
There is a possible spoofing attack in which spurious ip-protocol-41 an ISATAP link spans an entire IPv4 site, restricting access to the
packets are injected into an ISATAP link from outside. Since an link can be achieved by restricting access to the site, i.e., by
ISATAP link spans an entire IPv4 site, restricting access to the link having site border routers implement IPv4 ingress filtering and
can be achieved by restricting access to the site, i.e., by having
site border routers implement IPv4 ingress filtering and
ip-protocol-41 filtering. ip-protocol-41 filtering.
Another possible spoofing attack involves spurious ip-protocol-41 Another possible spoofing attack involves spurious ip-protocol-41
packets injected from within an ISATAP link by a node pretending to packets injected from within an ISATAP link by a node pretending to
be a router. The Potential Router List (PRL) provides a list of IPv4 be a router. The Potential Router List (PRL) provides a list of IPv4
addresses representing advertising ISATAP interfaces of routers that addresses representing advertising ISATAP interfaces of routers that
hosts use in filtering decisions. Site administrators should ensure hosts use in filtering decisions. Site administrators should ensure
that the PRL is kept up to date, and that the resolution mechanism that the PRL is kept up to date, and that the resolution mechanism
(see: section 9) cannot be subverted. (see: section 9) cannot be subverted. ISATAP SHOULD NOT be used when
the PRL is empty (see: section 8.3.2).
ISATAP has unique characteristics that do not exist in other
tunneling solutions such as 6to4 [RFC3056] and result in avoiding
most security issues that exist in those protocols. Unlike such
protocols, ISATAP is only to be used within a site with border
routers which filter ip-protocol-41 packets, as noted above. This
reduces the scope of spoofing attacks to other attackers inside the
site. Also unlike such protocols, ISATAP will not accept packets
from arbitrary routers, only from routers in the Potential Router
List it knows, as noted above. This avoids spoofing attacks that
would otherwise be possible by an attacker pretending to be a router,
but relies on the security of the PRL resolution method used.
Together, these characteristics mean that spoofing an IPv6 source
address requires either spoofing the IPv4 address embedded in an
ISATAP address, or spoofing an IPv4 address in the PRL. This is
hence no worse than IPv4 without ISATAP in this respect.
The threats associated with IPv6 Neighbor Discovery are described in
[RFC3756].
The use of temporary addresses [RFC3041] and Cryptographically The use of temporary addresses [RFC3041] and Cryptographically
Generated Addresses [CGA] on ISATAP interfaces is outside the scope Generated Addresses [CGA] on ISATAP interfaces is outside the scope
of this specification. of this specification.
11. IANA Considerations 12. IANA Considerations
The IANA is requested to specify the format for Modified EUI-64 The IANA is requested to specify the format for Modified EUI-64
address construction ([RFC3513], Appendix A) in the IANA Ethernet address construction ([RFC3513], Appendix A) in the IANA Ethernet
Address Block. The text in Appendix B of this document is offered as Address Block. The text in Appendix B of this document is offered as
an example specification. The current version of the IANA registry an example specification. The current version of the IANA registry
for Ether Types can be accessed at: for Ether Types can be accessed at:
http://www.iana.org/assignments/ethernet-numbers http://www.iana.org/assignments/ethernet-numbers
12. Acknowledgments 13. Acknowledgments
The ideas in this document are not original, and the authors The ideas in this document are not original, and the authors
acknowledge the original architects. Portions of this work were acknowledge the original architects. Portions of this work were
sponsored through SRI International internal projects and government sponsored through U.S. government contracts and internal projects at
contracts. Government sponsors include Monica Farah-Stapleton and SRI International and Nokia. Government sponsors include Monica
Russell Langan (U.S. Army CECOM ASEO), and Dr. Allen Moshfegh (U.S. Farah-Stapleton and Russell Langan (U.S. Army CECOM ASEO), and Dr.
Office of Naval Research). SRI International sponsors include Dr. Allen Moshfegh (U.S. Office of Naval Research). SRI International
Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi sponsors include Dr. Mike Frankel, J. Peter Marcotullio, Lou
Sastry. Rodriguez, and Dr. Ambatipudi Sastry.
The following are acknowledged for providing peer review input: Jim The following are acknowledged for providing peer review input: Jim
Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader, Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader,
Ole Troan, Vlad Yasevich. Ole Troan, Vlad Yasevich.
The following are acknowledged for their significant contributions: The following are acknowledged for their significant contributions:
Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky, Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky,
Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest,
Markku Savela, Pekka Savola, Margaret Wasserman, Brian Zill. Markku Savela, Pekka Savola, Margaret Wasserman, Brian Zill.
The authors acknowledge the work of Quang Nguyen on "Virtual The authors acknowledge the work of Quang Nguyen on "Virtual
Ethernet" under the guidance of Dr. Lixia Zhang that proposed very Ethernet" under the guidance of Dr. Lixia Zhang that proposed very
similar ideas to those that appear in this document. This work was similar ideas to those that appear in this document. This work was
first brought to the authors' attention on September 20, 2002. first brought to the authors' attention on September 20, 2002.
Appendix A. Major Changes 14. References
Changes since version 21:
- incorporated proposed text from ISATAP Issue Tracker
issues 14, 22, 23
- revised section 6.3 to follow RFC 3056 precedent
- editorial changes
Changes since version 20:
- moved extensions into separate document.
- added Site Administration Considerations section.
- updated neighbor discovery, IANA considerations, security
considerations sections to match widely-deployed implementations.
Appendix B. Modified EUI-64 Addresses in the IANA Ethernet Address Block
Modified EUI-64 addresses ([RFC3513], section 2.5.1 and Appendix A)
in the IANA Ethernet Address Block are formed by concatenating the
24-bit IANA OUI (00-00-5E) with a 40-bit extension identifier and
inverting the "u" bit, i.e., the "u" bit is set to one (1) to
indicate universal scope and it is set to zero (0) to indicate local
scope.
Modified EUI-64 addresses have the following appearance in memory
(bits transmitted right-to-left within octets, octets transmitted
left-to-right):
0 23 63
| OUI | extension identifier |
000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
When the first two octets of the extension identifier encode the
hexadecimal value 0xFFFE, the remainder of the extension identifier
encodes a 24-bit vendor-supplied id as follows:
0 23 39 63
| OUI | 0xFFFE | vendor-supplied id |
000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx
When the first octet of the extension identifier encodes the 14.1 Normative References
hexadecimal value 0xFE, the remainder of the extension identifier
encodes a 32-bit IPv4 address as follows:
0 23 31 63 [MECH] Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms
| OUI | 0xFE | IPv4 address | for IPv6 Hosts and Routers",
000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx Internet-Draft draft-ietf-v6ops-mech-v2-00, February 2003.
Normative References [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[BCP14] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[STD13] Mockapetris, P., "Domain Names - Implementation and [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
Specification", STD 13, RFC 1035, November 1987. IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor [RFC2461] Narten, T., Nordmark, E. and W. Simpson, "Neighbor
Discovery for IP Version 6 (IPv6)", RFC 2461, December Discovery for IP Version 6 (IPv6)", RFC 2461, December
1998. 1998.
[RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address [RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998. Autoconfiguration", RFC 2462, December 1998.
[RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 3513, April 2003. (IPv6) Addressing Architecture", RFC 3513, April 2003.
[MECH] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 14.2 Informative References
for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2,
Work in Progress, January 2004.
Informative References [CGA] Aura, T., "Cryptographically Generated Addresses (CGA)",
Internet-Draft draft-ietf-send-cga, April 2004.
[DEFLT] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes",
Internet-Draft draft-ietf-ipv6-router-selection-06.txt,
October 2003.
[NODEREQ] Loughney, J., "IPv6 Node Requirements",
Internet-Draft draft-ietf-ipv6-node-requirements, August
2004.
[RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6 [RFC2491] Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6
over Non-Broadcast Multiple Access (NBMA) networks", RFC over Non-Broadcast Multiple Access (NBMA) networks",
2491, January 1999. RFC 2491, January 1999.
[RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM [RFC2492] Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM
Networks", RFC 2492, January 1999. Networks", RFC 2492, January 1999.
[RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
Domains without Explicit Tunnels", RFC 2529, March 1999. Domains without Explicit Tunnels", RFC 2529, March 1999.
[RFC3041] Narten, T. and R. Draves, "Privacy Extensions for [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, Stateless Address Autoconfiguration in IPv6", RFC 3041,
January 2001. January 2001.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3756] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor [RFC3756] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor
Discovery (ND) Trust Models and Threats", RFC 3756, May Discovery (ND) Trust Models and Threats", RFC 3756, May
2004. 2004.
[CGA] Aura, T., "Cryptographically Generated Addresses (CGA)",
draft-ietf-send-cga, Work in Progress, February 2004.
[DEFLT] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", draft-ietf-ipv6-router-selection,
Work in Progress, December 2003.
[NODEREQ] Loughney, J., "IPv6 Node Requirements",
draft-ietf-ipv6-node-requirements,
Work in Progress, May 2004.
Authors' Addresses Authors' Addresses
Fred L. Templin Fred L. Templin
Nokia Consultant
313 Fairchild Drive
Mountain View, CA 94110
US
Phone: +1 650 625 2331 Email: fltemplin@acm.org
EMail: ftemplin@iprg.nokia.com
Tim Gleeson Tim Gleeson
Cisco Systems K.K. Cisco Systems K.K.
Shinjuku Mitsu Building Shinjuku Mitsu Building
2-1-1 Nishishinjuku, Shinjuku-ku 2-1-1 Nishishinjuku, Shinjuku-ku
Tokyo 163-0409 Tokyo 163-0409
Japan Japan
EMail: tgleeson@cisco.com Email: tgleeson@cisco.com
Mohit Talwar Mohit Talwar
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA> 98052-6399
US US
Phone: +1 425 705 3131 Phone: +1 425 705 3131
EMail: mohitt@microsoft.com Email: mohitt@microsoft.com
Dave Thaler Dave Thaler
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA 98052-6399
US US
Phone: +1 425 703 8835 Phone: +1 425 703 8835
EMail: dthaler@microsoft.com Email: dthaler@microsoft.com
Full Copyright Statement Appendix A. Modified EUI-64 Addresses in the IANA Ethernet Address
Block
Copyright (C) The Internet Society (2004). This document is subject Modified EUI-64 addresses ([RFC3513], section 2.5.1 and Appendix A)
to the rights, licenses and restrictions contained in BCP 78 and in the IANA Ethernet Address Block are formed by concatenating the
except as set forth therein, the authors retain all their rights. 24-bit IANA OUI (00-00-5E) with a 40-bit extension identifier and
inverting the "u" bit, i.e., the "u" bit is set to one (1) to
indicate universal scope and it is set to zero (0) to indicate local
scope.
This document and the information contained herein are provided on an Modified EUI-64 addresses have the following appearance in memory
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS (bits transmitted right-to-left within octets, octets transmitted
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET left-to-right):
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property 0 23 63
| OUI | extension identifier |
000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
When the first two octets of the extension identifier encode the
hexadecimal value 0xFFFE, the remainder of the extension identifier
encodes a 24-bit vendor-supplied id as follows:
0 23 39 63
| OUI | 0xFFFE | vendor-supplied id |
000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx
When the first octet of the extension identifier encodes the
hexadecimal value 0xFE, the remainder of the extension identifier
encodes a 32-bit IPv4 address as follows:
0 23 31 63
| OUI | 0xFE | IPv4 address |
000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
Appendix B. Changes since -22
NOTE: This section to be removed before publication as an RFC.
o added definition for the term "site"
o added new section on summary of impact on routing
o added 6to4 comparision paragraph in Security Considerations
o clarified security considerations statement on possible spoofing
attacks from a node outside the site
o added "ISATAP SHOULD NOT be used when the PRL is empty" to section
8.3.2 and security considerations
o mentioned Nokia internal project work under acknowledgements
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 14, line 37 skipping to change at page 16, line 29
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/