Transmission of IP Packets over Overlay Multilink Network (OMNI) Interfaces
draft-templin-6man-omni3-03
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Fred Templin | ||
| Last updated | 2024-04-15 | ||
| Replaces | draft-templin-intarea-omni2 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-templin-6man-omni3-03
Network Working Group F. L. Templin, Ed.
Internet-Draft The Boeing Company
Updates: 4291 (if approved) 15 April 2024
Intended status: Standards Track
Expires: 17 October 2024
Transmission of IP Packets over Overlay Multilink Network (OMNI)
Interfaces
draft-templin-6man-omni3-03
Abstract
Air/land/sea/space mobile nodes (e.g., aircraft of various
configurations, terrestrial vehicles, seagoing vessels, space
systems, enterprise wireless devices, pedestrians with cell phones,
etc.) communicate with networked correspondents over wireless and/or
wired-line data links and configure mobile routers to connect end
user networks. This document presents a multilink virtual interface
specification that enables mobile nodes to coordinate with a network-
based mobility service, fixed node correspondents and/or other mobile
node peers. The virtual interface provides an adaptation layer
service suited for both mobile and more static environments such as
enterprise and home networks. Both Provider-Aggregated (PA) and
Provider-Independent (PI) addressing services are supported. This
document specifies the transmission of IP packets over Overlay
Multilink Network (OMNI) Interfaces.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 17 October 2024.
Templin Expires 17 October 2024 [Page 1]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 19
4. Overlay Multilink Network (OMNI) Interface Model . . . . . . 20
5. OMNI Interface Maximum Transmission Unit (MTU) . . . . . . . 27
5.1. IP Parcels . . . . . . . . . . . . . . . . . . . . . . . 28
5.2. Advanced Jumbos (AJs) . . . . . . . . . . . . . . . . . . 29
5.3. Control/Data Plane Considerations . . . . . . . . . . . . 30
6. The OMNI Adaptation Layer (OAL) . . . . . . . . . . . . . . . 30
6.1. OAL Source Encapsulation and Fragmentation . . . . . . . 31
6.2. OAL L2 Encapsulation and Re-Encapsulation . . . . . . . . 35
6.2.1. Carrier Fragment Size (CFS) Determination . . . . . . 39
6.3. Reassembly and Decapsulation . . . . . . . . . . . . . . 40
6.4. OMNI-Encoded IPv6 Extension Headers . . . . . . . . . . . 42
6.5. OMNI Full and Compressed Headers (OFH/OCH) . . . . . . . 45
6.6. L2 UDP/IP Encapsulation Avoidance . . . . . . . . . . . . 50
6.7. OAL Identification Window Maintenance . . . . . . . . . . 51
6.8. OAL Fragmentation Reports and Retransmissions . . . . . . 55
6.9. OMNI Interface MTU Feedback Messaging . . . . . . . . . . 57
6.10. OAL Super-Packets . . . . . . . . . . . . . . . . . . . . 59
6.11. OAL Bubbles . . . . . . . . . . . . . . . . . . . . . . . 61
6.12. OMNI Hosts . . . . . . . . . . . . . . . . . . . . . . . 61
6.13. IP Parcels . . . . . . . . . . . . . . . . . . . . . . . 64
6.14. OAL Requirements . . . . . . . . . . . . . . . . . . . . 66
6.15. OAL Fragmentation Security Implications . . . . . . . . . 67
6.16. Control/Data Plane Considerations . . . . . . . . . . . . 69
7. Ethernet-Compatible Link Layer Frame Format . . . . . . . . . 69
8. Link-Local Addresses (LLAs) . . . . . . . . . . . . . . . . . 70
9. Unique-Local Addresses (ULAs) . . . . . . . . . . . . . . . . 70
10. Global Unicast Addresses (GUAs) . . . . . . . . . . . . . . . 71
11. Node Identification . . . . . . . . . . . . . . . . . . . . . 72
12. Address Mapping - Unicast . . . . . . . . . . . . . . . . . . 73
Templin Expires 17 October 2024 [Page 2]
Internet-Draft IPv6 over OMNI Interfaces April 2024
12.1. The OMNI Option . . . . . . . . . . . . . . . . . . . . 74
12.2. OMNI Sub-Options . . . . . . . . . . . . . . . . . . . . 75
12.2.1. Pad1 . . . . . . . . . . . . . . . . . . . . . . . . 77
12.2.2. PadN . . . . . . . . . . . . . . . . . . . . . . . . 78
12.2.3. Node Identification . . . . . . . . . . . . . . . . 78
12.2.4. Authentication . . . . . . . . . . . . . . . . . . . 80
12.2.5. Neighbor Control . . . . . . . . . . . . . . . . . . 81
12.2.6. Interface Attributes . . . . . . . . . . . . . . . . 82
12.2.7. Traffic Selector . . . . . . . . . . . . . . . . . . 87
12.2.8. Multilink Vector . . . . . . . . . . . . . . . . . . 88
12.2.9. Geo Coordinates . . . . . . . . . . . . . . . . . . 90
12.2.10. Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
Message . . . . . . . . . . . . . . . . . . . . . . . 91
12.2.11. PIM-SM Message . . . . . . . . . . . . . . . . . . . 91
12.2.12. Host Identity Protocol (HIP) Message . . . . . . . . 92
12.2.13. QUIC-TLS Message . . . . . . . . . . . . . . . . . . 94
12.2.14. Fragmentation Report (FRAGREP) . . . . . . . . . . . 94
12.2.15. ICMPv6 Error . . . . . . . . . . . . . . . . . . . . 96
12.2.16. Proxy/Server Departure . . . . . . . . . . . . . . . 96
12.2.17. Sub-Type Extension . . . . . . . . . . . . . . . . . 97
13. Address Mapping - Multicast . . . . . . . . . . . . . . . . . 100
14. Multilink Conceptual Sending Algorithm . . . . . . . . . . . 101
14.1. Multiple OMNI Interfaces . . . . . . . . . . . . . . . . 101
14.2. Client-Proxy/Server Loop Prevention . . . . . . . . . . 102
15. Router Discovery and Prefix Delegation . . . . . . . . . . . 103
15.1. Window Synchronization . . . . . . . . . . . . . . . . . 112
15.2. Router Discovery in IP Multihop and IPv4-Only
Networks . . . . . . . . . . . . . . . . . . . . . . . . 113
15.3. DHCPv6-based Prefix Registration . . . . . . . . . . . . 116
15.4. OMNI Link Extension . . . . . . . . . . . . . . . . . . 117
16. Secure Redirection . . . . . . . . . . . . . . . . . . . . . 117
17. Proxy/Server Resilience . . . . . . . . . . . . . . . . . . . 118
18. Detecting and Responding to Proxy/Server Failures . . . . . . 118
19. Transition Considerations . . . . . . . . . . . . . . . . . . 119
20. OMNI Interfaces on Open Internetworks . . . . . . . . . . . . 119
21. Time-Varying MNPs . . . . . . . . . . . . . . . . . . . . . . 122
22. Address Selection . . . . . . . . . . . . . . . . . . . . . . 122
23. Error Messages . . . . . . . . . . . . . . . . . . . . . . . 123
24. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 123
24.1. Protocol Numbers Registry . . . . . . . . . . . . . . . 123
24.2. IEEE 802 Numbers Registry . . . . . . . . . . . . . . . 123
24.3. IPv4 Special-Purpose Address Registry . . . . . . . . . 124
24.4. IPv6 Neighbor Discovery Option Formats Registry . . . . 124
24.5. Ethernet Numbers Registry . . . . . . . . . . . . . . . 124
24.6. ICMPv6 Code Fields . . . . . . . . . . . . . . . . . . . 124
24.7. ICMPv4 PTB Messages . . . . . . . . . . . . . . . . . . 125
24.8. OMNI Option Sub-Types (New Registry) . . . . . . . . . . 125
24.9. OMNI Node Identification ID-Types (New Registry) . . . . 126
Templin Expires 17 October 2024 [Page 3]
Internet-Draft IPv6 over OMNI Interfaces April 2024
24.10. OMNI Geo Coordinates Types (New Registry) . . . . . . . 127
24.11. OMNI Option Sub-Type Extensions (New Registry) . . . . . 127
24.12. OMNI RFC4380 UDP/IP Header Option Types (New
Registry) . . . . . . . . . . . . . . . . . . . . . . . 127
24.13. OMNI RFC6081 UDP/IP Trailer Option Types (New
Registry) . . . . . . . . . . . . . . . . . . . . . . . 128
24.14. ICMPv6 Parameters - Trust Anchor Option . . . . . . . . 128
24.15. Additional Considerations . . . . . . . . . . . . . . . 129
25. Security Considerations . . . . . . . . . . . . . . . . . . . 129
26. Implementation Status . . . . . . . . . . . . . . . . . . . . 130
27. Document Updates . . . . . . . . . . . . . . . . . . . . . . 131
28. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 131
29. References . . . . . . . . . . . . . . . . . . . . . . . . . 132
29.1. Normative References . . . . . . . . . . . . . . . . . . 132
29.2. Informative References . . . . . . . . . . . . . . . . . 135
Appendix A. IPv4 Reassembly Checksum Algorithm . . . . . . . . . 146
Appendix B. IPv6 Compatible Addresses . . . . . . . . . . . . . 146
Appendix C. IPv6 ND Message Authentication and Integrity . . . . 147
Appendix D. VDL Mode 2 Considerations . . . . . . . . . . . . . 148
Appendix E. Client-Proxy/Server Isolation Through Link-Layer
Address Mapping . . . . . . . . . . . . . . . . . . . . . 149
Appendix F. Change Log . . . . . . . . . . . . . . . . . . . . . 149
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 150
1. Introduction
Air/land/sea/space mobile nodes (e.g., aircraft of various
configurations, terrestrial vehicles, seagoing vessels, space
systems, enterprise wireless devices, pedestrians with cellphones,
etc.) configure mobile routers with multiple interface connections to
wireless and/or wired-line data links. These data links may have
diverse performance, cost and availability properties that can change
dynamically according to mobility patterns, flight phases, proximity
to infrastructure, etc. The mobile router acts as a Client of a
network-based Mobility Service (MS) by configuring a virtual
interface over its underlay interface data link connections.
Each Client configures a virtual interface (termed the "Overlay
Multilink Network Interface (OMNI)") as a thin layer over its
underlay network interfaces (which may themselves connect to virtual
or physical links). The OMNI interface is therefore the only
interface abstraction exposed to the IP layer and behaves according
to the Non-Broadcast, Multiple Access (NBMA) interface principle,
while underlay interfaces appear as link layer communication channels
in the architecture. The OMNI interface internally employs the "OMNI
Adaptation Layer (OAL)" to ensure that original IP packets or parcels
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2] are adapted
to diverse underlay interfaces with heterogeneous properties.
Templin Expires 17 October 2024 [Page 4]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OMNI interface connects to a virtual overlay known as the "OMNI
link". The OMNI link spans one or more Internetworks that may
include private-use infrastructures (e.g., enterprise networks,
operator networks, etc.) and/or the global public Internet itself.
Together, OMNI and the OAL provide the foundational elements required
to support the "6 M's of Modern Internetworking", including:
1. Multilink - a Client's ability to coordinate multiple diverse
underlay interfaces as a single logical unit (i.e., the OMNI
interface) to achieve the required communications performance and
reliability objectives.
2. Multinet - the ability to span the OMNI link over a segment
routing topology with multiple diverse administrative domain
network segments while maintaining seamless end-to-end
communications between mobile Clients and correspondents such as
air traffic controllers, fleet administrators, etc.
3. Mobility - a Client's ability to change network points of
attachment (e.g., moving between wireless base stations) which
may result in an underlay interface address change, but without
disruptions to ongoing communication sessions with peers over the
OMNI link.
4. Multicast - the ability to send a single network transmission
that reaches multiple Clients belonging to the same interest
group, but without disturbing other Clients not subscribed to the
interest group.
5. Multihop - a mobile Client vehicle-to-vehicle relaying capability
useful when multiple forwarding hops between vehicles may be
necessary to "reach back" to an infrastructure access point
connection to the OMNI link.
6. (Performance) Maximization - the ability to exchange large
packets/parcels between peers without loss due to a link size
restriction, and to adaptively adjust packet/parcel sizes to
maintain the best performance profile for each independent
traffic flow.
Templin Expires 17 October 2024 [Page 5]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Client OMNI interfaces coordinate with the MS and/or OMNI peer nodes
through IPv6 Neighbor Discovery (ND) control message exchanges
[RFC4861]. The MS consists of a distributed set of service nodes
(including Proxy/Servers and other infrastructure elements) that also
configure OMNI interfaces. Automatic Extended Route Optimization
(AERO) in particular provides a companion MS compatible with the OMNI
architecture [I-D.templin-6man-aero3]. AERO discusses details of ND
message based multilink forwarding, route optimization, mobility
management, and multinet traversal while the fundamental aspects of
OMNI link operation are discussed in this document.
Each OMNI interface provides a multilink nexus for exchanging inbound
and outbound traffic flows via selected underlay interfaces. The IP
layer sees the OMNI interface as a point of connection to the OMNI
link. Each OMNI link has one or more associated Mobility Service
Prefixes (MSPs), which are typically IP Global Unicast Address (GUA)
prefixes assigned to the link and from which Mobile Network Prefixes
(MNPs) are delegated to Client end systems as Provider-Independent
(PI) address blocks. Clients in local domains also obtain Provider-
Aggregated (PA) addresses from internal/external Stable Network
Prefixes (SNPs) assigned to Proxy/Servers that connect the local
domain to the global topology per [I-D.bctb-6man-rfc6296-bis]. If
there are multiple OMNI links, the IP layer will see multiple OMNI
interfaces.
Clients receive SNP addresses and optionally also MNP prefix
delegations through IPv6 ND control message exchanges with Proxy/
Servers over MANETs, Access Networks (ANETs) and/or open
Internetworks (INETs). Clients sub-delegate MNPs to downstream-
attached End-user Networks (ENETs) independently of the underlay
interfaces selected for data transport. Each Client acts as a fixed
or mobile router on behalf of ENET peers, and uses OMNI interface
control messaging to coordinate with Hosts, Proxy/Servers and/or
other Clients. The Client iterates its control messaging over each
of the OMNI interface's (M)ANET/INET underlay interfaces in order to
register each interface with the MS (see Section 15). The Client can
also provide multihop forwarding services for a recursively extended
chain of other Clients and Hosts connected via downstream-attached
ENETs.
Clients may connect to multiple distinct OMNI links within the same
OMNI domain by configuring multiple OMNI interfaces, e.g., omni0,
omni1, omni2, etc. Each OMNI interface is configured over a distinct
set of underlay interfaces and provides a nexus for Safety-Based
Multilink (SBM) operation. The IP layer applies SBM routing to
select a specific OMNI interface, then the selected OMNI interface
applies Performance-Based Multilink (PBM) internally to select
appropriate underlay interfaces. Applications select SBM topologies
Templin Expires 17 October 2024 [Page 6]
Internet-Draft IPv6 over OMNI Interfaces April 2024
based on IP layer Segment Routing [RFC8402], while each OMNI
interface orchestrates PBM internally based on OAL Multinet
traversal.
OMNI provides a link model suitable for a wide range of use cases.
For example, the International Civil Aviation Organization (ICAO)
Working Group-I Mobility Subgroup is developing a future Aeronautical
Telecommunications Network with Internet Protocol Services (ATN/IPS)
and has issued a liaison statement requesting IETF adoption [ATN] in
support of ICAO Document 9896 [ATN-IPS]. The IETF IP Wireless Access
in Vehicular Environments (ipwave) working group has further included
problem statement and use case analysis for OMNI in [RFC9365]. Still
other communities of interest include AEEC, RTCA Special Committee
228 (SC-228) and NASA programs that examine commercial aviation,
Urban Air Mobility (UAM) and Unmanned Air Systems (UAS). Pedestrians
with handheld mobile devices, home and small office networks,
enterprise networks and many others represent still more large
classes of potential OMNI users.
This document specifies the transmission of original IP packets/
parcels and control messages over OMNI interfaces. The operation of
both IP protocol versions (i.e., IPv4 [RFC0791] and IPv6 [RFC8200])
is specified as the network layer data plane, while OMNI interfaces
use IPv6 ND messaging in the control plane independently of the data
plane protocol(s). OMNI interfaces also provide an adaptation layer
based on encapsulation and fragmentation over heterogeneous underlay
interfaces as an OAL sublayer between L3 and L2. OMNI and the OAL
are specified in detail throughout the remainder of this document.
2. Terminology
The terminology in the normative references applies; especially, the
terms "link" and "interface" are the same as defined in the IPv6
[RFC8200] and IPv6 Neighbor Discovery (ND) [RFC4861] specifications.
This document assumes the following IPv6 ND control plane message
types: Router Solicitation (RS), Router Advertisement (RA), Neighbor
Solicitation (NS), Neighbor Advertisement (NA), unsolicited NA (uNA)
and Redirect.
The terms "All-Routers multicast", "All-Nodes multicast" and "Subnet-
Router anycast" are the same as defined in [RFC4291]. Also, IPv6 ND
state names, variables and constants including REACHABLE,
ReachableTime and REACHABLE_TIME are the same as defined in
[RFC4861].
Templin Expires 17 October 2024 [Page 7]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The term "IP" is used to refer collectively to either Internet
Protocol version (i.e., IPv4 [RFC0791] or IPv6 [RFC8200]) when a
specification at the layer in question applies equally to either
version.
The terms Host, Client and Proxy/Server are intentionally capitalized
to denote an instance of that particular node type that also
configures an OMNI interface and engages the OMNI Adaptation Layer.
The terms "application layer (L5 and higher)", "transport layer
(L4)", "network layer (L3)", "(data) link layer (L2)" and "physical
layer (L1)" are used consistently with common Internetworking
terminology, with the understanding that reliable delivery protocol
users of UDP are considered as transport layer elements. The OMNI
specification further defines an "adaptation layer" positioned below
the network layer but above the link layer, which may include
physical links and Internet- or higher-layer tunnels. A (network)
interface is a node's attachment to a link (via L2), and an OMNI
interface is therefore a node's attachment to an OMNI link (via the
adaptation layer).
The terms "IP jumbogram", "advanced jumbo (AJ)" and "IP parcel" refer
to special packet formats that enable a new link model for the
Internet as discussed in [I-D.templin-6man-parcels2]
[I-D.templin-intarea-parcels2].
The following terms are defined within the scope of this document:
L3
The Network layer in the OSI network model. Also known as "layer
3", "IP layer", etc.
L2
The Data Link layer in the OSI network model. Also known as
"layer 2", "link layer", "sub-IP layer", etc.
Adaptation layer
An encapsulation mid-layer that adapts L3 to a diverse collection
of L2 underlay interfaces and their encapsulations. (No layer
number is assigned, since numbering was an artifact of the legacy
reference model that need not carry forward in the modern
architecture.) The adaptation layer sees the network layer as
"L3" and sees all link layer encapsulations as "L2
encapsulations", which may include UDP, IP and true link layer
(e.g., Ethernet, etc.) headers.
Templin Expires 17 October 2024 [Page 8]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Access Network (ANET)
a connected network region (e.g., an aviation radio access
network, corporate enterprise network, satellite service provider
network, cellular operator network, residential WiFi network,
etc.) that connects Clients to the rest of the OMNI link.
Physical and/or data link level security is assumed (sometimes
referred to as "protected spectrum" for wireless domains). ANETs
such as private enterprise networks and ground domain aviation
service networks often provide multiple secured IP hops between
the Client's physical point of connection and the nearest Proxy/
Server.
Mobile Ad-hoc NETwork (MANET)
a connected network region that shares the same properties as an
ANET except that links often have undetermined connectivity
properties, lower layer security services cannot always be assumed
and multihop forwarding between Clients acting as MANET routers
may be necessary.
Internetwork (INET)
a connected network region with a coherent IP addressing plan that
provides transit forwarding services between ANETs and/or OMNI
nodes that coordinate with the Mobility Service over unprotected
media. Since physical and/or data link level security cannot
always be assumed, security must be applied by the network and/or
higher layers if necessary. The global public Internet itself is
an example.
End-user Network (ENET)
a simple or complex "downstream" network tethered to a Client as a
single logical unit that travels together. The ENET could be as
simple as a single link connecting a single Host, or as complex as
a large network with many links, routers, bridges and end user
devices. The ENET provides an "upstream" link for arbitrarily
many low-, medium- or high-end devices dependent on the Client for
their upstream connectivity, i.e., as Internet of Things (IoT)
entities. The ENET can also support a recursively-descending
chain of additional Clients such that the ENET of an upstream
Client is seen as the ANET of a downstream Client.
Templin Expires 17 October 2024 [Page 9]
Internet-Draft IPv6 over OMNI Interfaces April 2024
*NET
a "wildcard" term used when a given specification applies equally
to all MANET/ANET/INET cases. From the Client's perspective, *NET
interfaces are "upstream" interfaces that connect the Client to
the Mobility Service, while ENET interfaces are "downstream"
interfaces that the Client uses to connect downstream ENETs, Hosts
and/or other Clients. Local communications between correspondents
within the same *NET can often be conducted based on IPv6 Unique
Local Addresses (ULAs).
underlay interface
a *NET or ENET interface over which an OMNI interface is
configured. The OMNI interface is seen as an L3 interface by the
network layer, and each underlay interface is seen as an L2
interface by the OMNI interface. The underlay interface either
connects directly to the physical communications media or
coordinates with another node where the physical media is hosted.
MANET Interface
a node's underlay interface connection to a local network with
indeterminant neighborhood properties over which multihop relaying
may be necessary. All MANET interfaces used by AERO/OMNI are IPv6
interfaces and therefore must configure a Maximum Transmission
Unit (MTU) at least as large as the IPv6 minimum MTU (1280 octets)
even if lower-layer fragmentation is needed.
OMNI link
a Non-Broadcast, Multiple Access (NBMA) virtual overlay configured
over one or more INETs and their connected (M)ANETs/ENETs. An
OMNI link may comprise multiple distinct "segments" joined by L2
forwarding devices the same as for any link; the addressing plans
in each segment may be mutually exclusive and managed by different
administrative entities. Proxy/Servers and other infrastructure
elements extend the link to support communications between Clients
as single-hop neighbors.
OMNI link segment
a Proxy/Server and all of its constituent Clients within any
attached *NETs is considered as a leaf OMNI link segment, with
each leaf interconnected via links and "bridge" nodes in
intermediate OMNI link segments. When the *NETs of multiple leaf
segments overlap (e.g., due to network mobility), they can combine
to form larger *NETs with no changes to Client-to-Proxy/Server
relationships. The OMNI link consists of the concatenation of all
OMNI link leaf and intermediate segments as a loop-free spanning
tree.
Templin Expires 17 October 2024 [Page 10]
Internet-Draft IPv6 over OMNI Interfaces April 2024
OMNI interface
a node's attachment to an OMNI link, and configured over one or
more underlay interfaces. If there are multiple OMNI links in an
OMNI domain, a separate OMNI interface is configured for each
link. The OMNI interface configures a Maximum Transmission Unit
(MTU) and an Effective MTU to Receive (EMTU_R) the same as any
interface.
OMNI Adaptation Layer (OAL)
an OMNI interface sublayer service that encapsulates original IP
packets/parcels admitted into the interface in an IPv6 header and/
or subjects them to fragmentation and reassembly. The OAL is also
responsible for generating MTU-related control messages as
necessary, and for providing addressing context for OMNI link SRT
traversal. The OAL presents a new layer in the Internet
architecture known simply as the "adaptation layer". The OMNI
link is an example of a limited domain [RFC8799] at the adaptation
layer although its segments may be joined over open Internetworks
at L2.
(OMNI) Host
an end user device that extends the OMNI link over an ENET
interface serviced by a Client. (As an implementation matter, the
Host either assigns the same IP address from the ENET (underlay)
interface to an (overlay) OMNI interface, or configures an OMNI-
like function as a virtual sublayer of the ENET interface itself.)
The IP addresses assigned to each Host ENET interface remain
stable even if the Client's upstream *NET interface connections
change.
(OMNI) Client
a network platform/device mobile router that configures one or
more OMNI interfaces over distinct sets of underlay interfaces
grouped as logical OMNI link units. The Client coordinates with
the Mobility Service via upstream networks over *NET interfaces,
and provides Proxy/Server services for Hosts and other Clients on
ENET interface downstream networks. The Client's *NET interface
addresses and performance characteristics may change over time
(e.g., due to node mobility, link quality, etc.) while downstream-
attached Hosts and other Clients see the ENET as a stable ANET.
(OMNI) Proxy/Server
a segment routing topology edge node that configures an OMNI
interface and connects Clients to the Mobility Service. As a
server, the Proxy/Server responds directly to some Client IPv6 ND
messages. As a proxy, the Proxy/Server forwards other Client IPv6
ND messages to other Proxy/Servers and Clients. As a router, the
Proxy/Server provides a forwarding service for ordinary data
Templin Expires 17 October 2024 [Page 11]
Internet-Draft IPv6 over OMNI Interfaces April 2024
messages that may be essential in some environments and a last
resort in others. Proxy/Servers at (M)ANET boundaries configure
both an (M)ANET downstream interface and *NET upstream interface,
while INET-based Proxy/Servers configure only an INET interface.
All Proxy/Servers configure a Stable Network Prefix (SNP) and
manage 1x1 mappings of internal Unique Local Addresses (ULAs) and
external Globally Unique Addresses (GUAs) according to
[I-D.bctb-6man-rfc6296-bis].
First-Hop Segment (FHS) Proxy/Server
a Proxy/Server connected to the source Client's *NET that forwards
OAL packets sent by the source into the segment routing topology.
FHS Proxy/Servers allocate Provider-Aggregated (Proxy/Server-
Aggregated) addresses to Clients within their local networks. FHS
Proxy/Servers also act as intermediate forwarding systems to
facilitate RS/RA-based Provider-Independent Prefix Delegation
exchanges between Clients and Mobility Anchor Point (MAP) Proxy/
Servers.
Last-Hop Segment (LHS) Proxy/Server
a Proxy/Server connected to the target Client's *NET that forwards
OAL packets received from the segment routing topology to the
target.
Mobility Anchor Point (MAP) Proxy/Server
a single Proxy/Server selected by the Client that provides a
designated router service for any *NET underlay networks that
register the Client's Mobile Network Prefix (MNP). Since all
Proxy/Servers provide equivalent services, Clients normally select
the first FHS Proxy/Server they coordinate with to serve as the
MAP. However, the MAP can instead be any available Proxy/Server
for the OMNI link, i.e., and not necessarily one of the Client's
FHS Proxy/Servers. This flexible arrangement supports a fully
distributed mobility management service.
Segment Routing Topology (SRT)
a multinet forwarding region configured over one or more INETs
between the FHS Proxy/Server and LHS Proxy/Server. The SRT spans
the OMNI link on behalf of communicating peer nodes using segment
routing in a manner outside the scope of this document (see:
[I-D.templin-6man-aero3]).
Templin Expires 17 October 2024 [Page 12]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Mobility Service (MS)
a mobile routing service that tracks Client movements and ensures
that Clients remain continuously reachable even across mobility
events. The MS consists of the set of all Proxy/Servers plus all
other OMNI link supporting infrastructure nodes. Specific MS
details are out of scope for this document, with an example found
in [I-D.templin-6man-aero3].
Mobility Service Prefix (MSP)
an aggregated IP Global Unicast Address (GUA) prefix (e.g.,
2001:db8::/32, 2002:192.0.2.0::/40, etc.) assigned to the OMNI
link and from which more-specific Mobile and Stable Network
Prefixes (MNPs/SNPs) are delegated, where IPv4 MSPs are
represented as "6to4 prefixes" per [RFC3056]. OMNI link
administrators typically obtain MSPs from an Internet address
registry, however private-use prefixes can also be used subject to
certain limitations (see: Section 10). OMNI links that connect to
the global Internet advertise their MSPs to their interdomain
routing peers.
Mobile Network Prefix (MNP)
a longer IP prefix delegated from an MSP (e.g.,
2001:db8:1000:2000::/56, 2002:192.0.2.8::/46, etc.) and assigned
to a Client. Clients receive MNPs from MAP Proxy/Servers and sub-
delegate them to routers, Hosts and other Clients located in
ENETs.
Stable Network Prefix (SNP)
a global IP and unique-local IP prefix pair assigned to one or
more Proxy/Servers that connect local *NET Client groups to the
rest of the OMNI link. Clients request address delegations from
the SNP that can be used to support global and local-scoped
communications. Clients communicate internally within *NET groups
using IPv6 Unique Local Addresses (ULAs) assigned in 1x1
correspondence to SNP Globally Unique Addresses (GUAs) made
visible to external peers through IP network address/prefix
translation
[RFC6145][RFC6146][RFC6147][I-D.bctb-6man-rfc6296-bis].
Foreign Network Prefix (FNP)
a global IP prefix not covered by a MSP and assigned to a link or
network outside of the OMNI domain.
Templin Expires 17 October 2024 [Page 13]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Subnet Router Anycast (SRA) Address
An IPv6 address taken from an FNP/MNP/SNP in which the remainder
of the address beyond the final bit of the prefix is set to the
value "all-zeros". For example, the SRA for 2001:db8:1::/48 is
simply 2001:db8:1:: (i.e., with the 80 least significant bits set
to 0). For IPv4, the IPv6 SRA corresponding to the IPv4 prefix
192.0.2.0/24 is 2002:192.0.2.0::/40 per [RFC3056].
original IP packet/parcel
a whole IP packet/parcel or fragment admitted into the OMNI
interface by the network layer prior to OAL encapsulation/
fragmentation, or an IP packet/parcel delivered to the network
layer by the OMNI interface following OAL reassembly/
decapsulation.
OAL packet
an original IP packet/parcel encapsulated in an OAL IPv6 header
with an IPv6 Extended Fragment Header extension that includes an
8-octet (64-bit) OAL Identification value. Each OAL packet is
then subject to OAL fragmentation and reassembly.
OAL fragment
a portion of an OAL packet following fragmentation but prior to L2
encapsulation/fragmentation, or following L2 reassembly/
decapsulation but prior to OAL reassembly.
(OAL) atomic fragment
an OAL packet that can be forwarded without fragmentation, but
still includes an IPv6 Extended Fragment Header with an 8-octet
(64-bit) OAL Identification value and with Fragment Offset and
More Fragments both set to 0.
(L2) carrier packet
an encapsulated OAL fragment following L2 encapsulation or prior
to L2 decapsulation. OAL sources and destinations exchange
carrier packets over underlay interfaces, and may be separated by
one or more OAL intermediate systems. OAL intermediate systems
may perform re-encapsulation on carrier packets by removing the L2
headers of the first hop network and replacing them with new L2
headers for the next hop network. Carrier packets may themselves
be subject to fragmentation and reassembly in L2 underlay networks
at a layer below the OAL. Carrier packets sent over unsecured
paths use OMNI protocol L2 encapsulations, while those sent over
secured paths use L2 security encapsulations such as IPsec
[RFC4301], etc. (The term "carrier" honors agents of the service
postulated by [RFC1149] and [RFC6214].)
Templin Expires 17 October 2024 [Page 14]
Internet-Draft IPv6 over OMNI Interfaces April 2024
OAL source
an OMNI interface acts as an OAL source when it encapsulates
original IP packets/parcels to form OAL packets, then performs OAL
fragmentation and encapsulation to create carrier packets which
may themselves be subject to fragmentation at their layer. Every
OAL source is also an OMNI link ingress.
OAL destination
an OMNI interface acts as an OAL destination when it decapsulates
carrier packets (while reassembling first, if necessary), then
performs OAL reassembly/decapsulation to derive the original IP
packet/parcel. Every OAL destination is also an OMNI link egress.
OAL intermediate system
an OMNI interface acts as an OAL intermediate system when it
reassembles/decapsulates carrier packets received from a first
segment to obtain the original OAL packet/fragment, then re-
encapsulates in new L2 headers appropriate for the next segment
and sends these new carrier packets into the next segment (while
re-fragmenting first, if necessary). OAL intermediate systems
decrement the Hop Limit in OAL packets/fragments during
forwarding, and discard the OAL packet/fragment if the Hop Limit
reaches 0. OAL intermediate systems do not decrement the TTL/Hop
Limit of the original IP packet/parcel, which can only be updated
by the network and higher layers.
OMNI Option
an IPv6 Neighbor Discovery Option providing multilink parameters
for the OMNI interface as specified in Section 12.
Interface Identifier (IID)
the least significant 64 bits of an IPv6 address, as specified in
the IPv6 addressing architecture [RFC4291].
(OMNI) Link Local Address (LLA)
an IPv6 address beginning with fe80::/64 per the IPv6 addressing
architecture [RFC4291] and with either a 64-bit MNP (LLA-MNP) or a
56-bit random value (LLA-RND) encoded in the IID as specified in
Section 8.
(OMNI) Unique Local Address (ULA)
an IPv6 address delegated to a *NET node beginning with fd00::/8
followed by a 40-bit Global ID, a 16-bit Subnet ID and a 64-bit
Interface ID per [RFC4193]. (Note that [RFC4193] specifies a
second form of ULAs based on the prefix fc00::/8, which are
referred to as "ULA-C" throughout this document to distinguish
them from the ULAs defined here.)
Templin Expires 17 October 2024 [Page 15]
Internet-Draft IPv6 over OMNI Interfaces April 2024
(OMNI) Hierarchical Host Identity Tag (HHIT)
a 128-bit IPv6 address according to [RFC9374]. Each Clients
assigns a unique HHIT used to bootstrap autoconfiguration in the
presence of OMNI link infrastructure or for sustained
communications in the absence of infrastructure. When a Client
receives a PA SNP GUA/ULA delegation from a Proxy/Server or a PI
prefix delegation from a MAP, it can begin using PA/PI addresses
instead of its HHIT for Internetworking communications.
Provider-Independent (PI) Address
a global unicast IP address allocated from an MNP delegated to a
Client via a MAP Proxy/Server is considered Provider-Independent
(Proxy/Server-Independent) or "PI".
Provider-Aggregated (PA) Address
a global unicast IP address delegated to a Client from a SNP
assigned to a FHS Proxy/Server is considered Provider-Aggregated
(Proxy/Server-Aggregated) or "PA".
Multilink
a Client OMNI interface's manner of managing multiple diverse *NET
underlay interfaces as a single logical unit. The OMNI interface
provides a single unified interface to the network layer, while
underlay interface selections are performed on a per-flow basis
considering traffic selectors such as DSCP, flow label,
application policy, signal quality, cost, etc. Multilink
selections are coordinated in both the outbound and inbound
directions based on source/target underlay interface pairs.
Multinet
an intermediate system's manner of spanning multiple diverse IP
Internetwork and/or private enterprise network "segments" through
OAL encapsulation. Through intermediate system concatenation of
SRT network segments, multiple diverse Internetworks (such as the
global public IPv4 and IPv6 Internets) can serve as transit
segments in an end-to-end OAL forwarding path. This OAL
concatenation capability provides benefits such as supporting
IPv4/IPv6 transition and coexistence, joining multiple diverse
operator networks into a cooperative single service network, etc.
See: [I-D.templin-6man-aero3] for further information.
Multihop
an iterative relaying of carrier packets between Client's over an
OMNI underlay interface technology (such as omnidirectional
wireless) without support of fixed infrastructure. Multihop
services entail Client-to-Client relaying within a Mobile/
Vehicular Ad-hoc Network (MANET/VANET) for Vehicle-to-Vehicle
(V2V) communications and/or for Vehicle-to-Infrastructure (V2I)
Templin Expires 17 October 2024 [Page 16]
Internet-Draft IPv6 over OMNI Interfaces April 2024
"range extension" where Clients within range of communications
infrastructure elements provide forwarding services for other
Clients.
Mobility
any action that results in a change to a Client underlay interface
address. The change could be due to, e.g., a handover to a new
wireless base station, loss of link due to signal fading, an
actual physical node movement, etc.
Safety-Based Multilink (SBM)
A means for ensuring fault tolerance through redundancy by
connecting multiple OMNI interfaces within the same domain to
independent routing topologies (i.e., multiple independent OMNI
links).
Performance Based Multilink (PBM)
A means for selecting one or more underlay interface(s) for
carrier packet transmission and reception within a single OMNI
interface.
OMNI Domain
The set of all SBM/PBM OMNI links that collectively provides
services for a common set of MSPs. All OMNI links within the same
domain configure, advertise and respond to the same OMNI IPv6
Anycast address(es).
AERO Forwarding Information Base (AFIB)
A multilink forwarding table on each OAL source, destination and
intermediate system that includes AERO Forwarding Vectors (AFV)
with both next hop forwarding instructions and context for
reconstructing compressed headers for specific underlay interface
pairs used to communicate with peers. See:
[I-D.templin-6man-aero3] for further discussion.
AERO Forwarding Vector (AFV)
An AFIB entry that includes soft state for each underlay interface
pairwise communication session between peer neighbors. AFVs are
identified by an AFV Index (AFVI) paired with the previous hop L2
address, with the pair established based on an IPv6 ND
solicitation and solicited IPv6 ND advertisement response. The
AFV also caches underlay interface pairwise Identification
sequence number parameters to support carrier packet filtering.
See: [I-D.templin-6man-aero3] for further discussion.
AERO Forwarding Vector Index (AFVI)
A 2-octet or 4-octet integer value supplied by a first hop OAL
node when it requests a next hop OAL node to create an AFV. (The
Templin Expires 17 October 2024 [Page 17]
Internet-Draft IPv6 over OMNI Interfaces April 2024
AFVI is always processed as a 4-octet value, but may be
transmitted as only the 2 least significant octets when the 2 most
significant octets are 0.) The next hop OAL node caches the AFVI
and L2 address supplied by the previous hop as header compression/
decompression state for future OAL packets with compressed
headers. The first hop OAL node must ensure that the AFVI values
it assigns to the next hop via a specific underlay interface are
distinct and reused only after their useful lifetimes expire. The
special AFVI value 0 means that no AFVI is assigned.
flow
a sequence of packets sent from a particular source to a
particular unicast, anycast, or multicast destination that a node
desires to label as a flow. The 3-tuple of the Flow Label, Source
Address and Destination Address fields enable efficient IPv6 flow
classification. The IPv6 Flow Label Specification is observed per
[RFC6437] [RFC6438].
(OMNI) L2 encapsulation
the OMNI protocol encapsulation of OAL packets/fragments in an
outer header or headers to form carrier packets that can be routed
within the scope of the local *NET underlay network partition.
The OAL node that performs encapsulation is known as the "L2
source" while the OAL node that performs decapsulation is known as
the "L2 destination"; both OAL end and intermediate systems can
also act as an L2 source or destination. Common L2 encapsulation
combinations include UDP, IP and/or Ethernet using a
port/protocol/type number for OMNI.
L2 address (L2ADDR)
an address that appears in the OMNI protocol L2 encapsulation for
an underlay interface and also in IPv6 ND message OMNI options.
L2ADDR can be either an IP address for IP encapsulations or an
IEEE EUI address [EUI] for direct data link encapsulation. (When
UDP/IP encapsulation is used, the UDP port number is considered an
ancillary extension of the IP L2ADDR.)
OAL Fragment Size (OFS)
the current size for OAL source fragmentation which must be no
smaller than 1024 octets and no larger than 65279 octets (allowing
for up to 256 octets of L2 encapsulations for each OAL fragment).
Each OAL source maintains an OFS in AERO Forwarding Vectors (AFVs)
for each OAL destination. The source discovers the "maximum OFS"
through IPv6 Minimum Path MTU Options [RFC9268] and maintains an
equal or smaller value "effective OFS" according to dynamic
network control message feedback. The OAL source should
adaptively seek to use the largest possible effective OFS under
current network conditions to provide better performance for upper
Templin Expires 17 October 2024 [Page 18]
Internet-Draft IPv6 over OMNI Interfaces April 2024
layers. OAL fragments prepared by the source must not be further
fragmented by OAL intermediate systems on the path to the OAL
destination.
Carrier Fragment Size (CFS)
the current size for L2 carrier packet fragments including the
headers, trailers and OAL fragment body. The OAL L2 source
applies source fragmentation if necessary to each L2-encapsulated
OAL fragment under the default CFS of 1280 octets (i.e., the IPv6
minimum MTU) until it can either engage IPv4 network fragmentation
or determine whether a larger CFS is possible through
Packetization Layer Path MTU Discovery for Datagram Transports
[RFC8899]. The L2 source should adaptively seek to maximize CFS
to provide better performance for upper layers.
3. Requirements
OMNI interfaces limit the size of their IPv6 ND control plane
messages (plus any original IP packet/parcel attachments) to the
minimum IPv6 link MTU minus overhead for adaptation and link layer
encapsulation. If there are sufficient OMNI parameters and/or IP
packet/parcel attachments that would exceed this size, the OMNI
interface forwards the information as multiple smaller IPv6 ND
messages and the recipient accepts the union of all information
received. This allows the messages to travel without loss due to a
size restriction over secured control plane paths that include IPsec
tunnels [RFC4301], secured direct point-to-point links and/or
unsecured paths that require an authentication signature.
Host, Client and Proxy/Server OMNI interfaces that employ IPv6 ND
control plane messaging maintain per-neighbor state in Neighbor Cache
Entries (NCEs). Each NCE is indexed by the neighbor's network layer
address(es) while the neighbor's OAL encapsulation address provides
context for Identification verification. The IPv6 ND Protocol
Constants defined in Section 10 of [RFC4861] are used in their same
format and meaning in this document.
The L3, adaptation and (virtual) L2 layers each include distinct
packet Identification numbering spaces. The adaptation layer employs
an 8-octet Identification numbering space that is distinct from L3/L2
spaces, with an Identification value appearing in an IPv6 Extended
Fragment Header [I-D.templin-6man-ipid-ext2] or an OMNI Compressed
Header (OCH) (see: Section 6.5) in each adaptation layer
encapsulation.
Templin Expires 17 October 2024 [Page 19]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here.
4. Overlay Multilink Network (OMNI) Interface Model
An OMNI interface is a virtual interface configured over one or more
underlay interfaces, which may be physical (e.g., an aeronautical
radio link, a cellular wireless link, etc.) or virtual (e.g., an
internet-layer or higher-layer "tunnel"). The OMNI interface
architectural layering model is the same as in [RFC5558][RFC7847],
and augmented as shown in Figure 1. The network layer therefore sees
the OMNI interface as a single L3 interface nexus for multiple
underlay interfaces that appear as L2 communication channels in the
architecture.
+----------------------------+
| Upper Layer Protocol |
Session-to-IP +---->| |
Address Binding | +----------------------------+
+---->| IP (L3) |
IP Address +---->| |
Binding | +----------------------------+
+---->| OMNI Interface |
Logical-to- +---->| (OMNI Adaptation Layer) |
Physical | +----------------------------+
Interface +---->| L2 | L2 | | L2 |
Binding |(IF#1)|(IF#2)| ..... |(IF#n)|
+------+------+ +------+
| L1 | L1 | | L1 |
| | | | |
+------+------+ +------+
Figure 1: OMNI Interface Architectural Layering Model
Each underlay interface provides an L2/L1 abstraction according to
one of the following models:
* (M)ANET interfaces connect to a (M)ANET that is separated from the
open INET by Proxy/Servers. The (M)ANET interface may be either
on the same link segment as a Proxy/Server, or separated from a
Proxy/Server by multiple adaptation layer and/or L2 hops. (Note
that NATs may appear internally within a (M)ANET or on the Proxy/
Server itself and may require NAT traversal the same as for the
INET case.)
Templin Expires 17 October 2024 [Page 20]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* INET interfaces connect to an INET either natively or through IP
Network Address Translators (NATs). Native INET interfaces have
global IP addresses that are reachable from any INET
correspondent. NATed INET interfaces typically configure private
IP addresses and connect to a private network behind one or more
NATs with the outermost NAT providing INET access.
* ENET interfaces connect a Client's downstream-attached networks,
where the Client provides forwarding services for ENET Host and
Client communications to remote peers. An ENET may be as simple
as a small IoT sub-network that travels with a mobile Client to as
complex as a large private enterprise network that the Client
connects to a larger *NET. Downstream-attached Hosts and Clients
see the ENET as a *NET and see the (upstream) Client as a Proxy/
Server.
* VPN interfaces use security encapsulations (e.g. IPsec tunnels)
over underlay networks to connect Client, Proxy/Server or other
critical infrastructure nodes. VPN interfaces provide security
services at lower layers of the architecture (L2/L1), with
securing properties similar to Direct point-to-point interfaces.
* Direct point-to-point interfaces securely connect Clients, Proxy/
Servers and/or other critical infrastructure nodes over physical
or virtual media that does not transit any open Internetwork
paths. Examples include a line-of-sight link between a remote
pilot and an unmanned aircraft, a fiberoptic link between
gateways, etc.
The OMNI interface forwards original IP packets/parcels from the
network layer using the OMNI Adaptation Layer (OAL) (see: Section 5)
as an encapsulation and fragmentation sublayer service. This "OAL
source" then further encapsulates the resulting OAL packets/fragments
in underlay network headers (e.g., UDP/IP, IP-only, Ethernet-only,
etc.) to create L2 encapsulated "carrier packets" for fragmentation
and transmission over underlay interfaces. The target OMNI interface
then receives the carrier packets from underlay interfaces and
performs L2 reassembly/decapsulation.
Templin Expires 17 October 2024 [Page 21]
Internet-Draft IPv6 over OMNI Interfaces April 2024
If the resulting OAL packets/fragments are addressed to itself, the
OMNI interface performs reassembly/decapsulation as an "OAL
destination" and delivers the original IP packet/parcel to the
network layer. If the OAL packets/fragments are addressed to another
node, the OMNI interface instead re-encapsulates them in new underlay
network L2 headers as an "OAL intermediate system" then performs L2
fragmentation and forwards the resulting carrier packets over an
underlay interface. The OAL source and OAL destination are seen as
"neighbors" on the OMNI link, while OAL intermediate systems provide
a virtual bridging service that joins the segments of a (multinet)
Segment Routing Topology (SRT).
The OMNI interface transports carrier packets over either secured or
unsecured underlay interfaces to access the secured/unsecured OMNI
link spanning trees as discussed further throughout the document.
Carrier packets that carry control plane messages over secured
underlay interfaces use secured L2/L1 services such as IPsec, direct
encapsulation over secured point-to-point links, etc. Carrier
packets that carry data plane messages over unsecured underlay
interfaces instead use L2 encapsulations appropriate for public or
private Internetworks and are subject for the following sections.
The OMNI interface and its OAL can forward original IP packets/
parcels over underlay interfaces while including/omitting various
lower layer encapsulations including OAL, UDP, IP and (ETH)ernet or
other link layer header. The network layer can also engage underlay
interfaces directly while bypassing the OMNI interface entirely when
necessary. This architectural flexibility may be beneficial for
underlay interfaces (e.g., some aviation data links) for which
encapsulation overhead is a primary consideration. OMNI interfaces
that send original IP packets/parcels directly over underlay
interfaces without invoking the OAL can only reach peers located on
the same OMNI link segment. Source Clients can instead use the OAL
to coordinate with target Clients in the same or different OMNI link
segments by sending initial carrier packets to a First-Hop Segment
(FHS) Proxy/Server. The FHS Proxy/Sever then sends the carrier
packets into the SRT spanning tree, which transports them to a Last-
Hop Segment (LHS) Proxy/Server for the target Client.
The OMNI interface encapsulation/decapsulation layering possibilities
are shown in Figure 2 below. Imaginary vertical lines drawn between
the Network Layer at the top of the figure and Underlay Interfaces at
the bottom of the figure denote the various encapsulation/
decapsulation layering combination possibilities. Common
combinations include IP-only (i.e., direct access to underlay
interfaces with or without using the OMNI interface, IP/IP, IP/UDP/
IP, IP/UDP/IP/ETH, IP/OAL/UDP/IP, IP/OAL/UDP/ETH, etc.).
Templin Expires 17 October 2024 [Page 22]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+------------------------------------------------------------+ ^
| Network Layer (Original IP packets/parcels) | |
+--+---------------------------------------------------------+ L3
| OMNI Interface (virtual sublayer nexus) | |
+--------------------------+------------------------------+ -
| OAL Encaps/Decaps | |
+------------------------------+ OAL
| OAL Frag/Reass | |
+------------+---------------+--------------+ -
| UDP Encaps/Decaps/Compress | |
+----+---+------------+--------+--+ +--------+ |
| IP E/D | | IP E/D | | IP E/D | L2
+----+-----+--+----+ +--+----+---+ +---+----+--+ |
|ETH E/D| |ETH E/D| |ETH E/D| |ETH E/D| |
+------+-------+--+-------+----+-------+-------------+-------+ v
| Underlay Interfaces |
+------------------------------------------------------------+
Figure 2: OMNI Interface Layering
The OMNI/OAL model gives rise to a number of opportunities:
* Clients coordinate with the MS and receive both SNP addresses and
MNP delegations through IPv6 ND control plane message exchanges
with Proxy/Servers. Since the GUA and ULA addresses and MNPs are
managed for uniqueness, no Duplicate Address Detection (DAD) or
Multicast Listener Discovery (MLD) messaging is necessary over the
OMNI interface.
* since HHITs are uniquely assigned and can be confirmed as
authentic, they can be used without DAD until SNP addresses and/or
an MNP is obtained.
* underlay interfaces on the same L2 link segment as a Proxy/Server
do not require any L3 addresses (i.e., not even link-local) in
environments where communications are coordinated entirely over
the OMNI interface.
* as underlay interface properties change (e.g., link quality, cost,
availability, etc.), any active interface can be used to update
the profiles of multiple additional interfaces in a single
message. This allows for timely adaptation and service continuity
under dynamically changing conditions.
* coordinating underlay interfaces in this way allows them to be
represented in a unified MS profile with provisions to support the
"6 M's of Modern Internetworking".
Templin Expires 17 October 2024 [Page 23]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* header compression and path MTU determination is conducted on a
per-flow basis, with each flow adapting to the best performance
profiles and path selections.
* exposing a single virtual interface abstraction to the network
layer allows for multilink operation (including QoS based link
selection, carrier packet replication, load balancing, etc.) at L2
while still permitting L3 traffic shaping based on, e.g., DSCP,
flow label, etc.
* the OMNI interface supports multinet traversal over the SRT when
communications across different administrative domain network
segments are necessary. This mode of operation would not be
possible via direct communications over the underlay interfaces
themselves.
* the OAL supports lossless and adaptive path MTU mitigations not
available for communications directly over the underlay interfaces
themselves. The OAL supports "packing" of multiple original IP
payload packets/parcels within a single OAL "super-packet" and
also supports transmission of IP packets/parcels of all sizes up
to and including (advanced) jumbograms.
* the OAL assigns per-packet Identification values that allow for
adaptation/link layer reliability and data origin authentication.
* L3 sees the OMNI interface as a point of connection to the OMNI
link; if there are multiple OMNI links, L3 will see multiple OMNI
interfaces.
* Multiple independent OMNI interfaces can be used for increased
fault tolerance through Safety-Based Multilink (SBM), with
Performance-Based Multilink (PBM) applied within each interface.
* Multiple independent OMNI links can be joined together into a
single link without requiring renumbering of infrastructure
elements, since the ULAs assigned to the different links will be
mutually exclusive.
* the OMNI/OAL model supports transmission of a new form of IP
packets known as "IP parcels" that improve performance and
efficiency for both transport layer protocols and networked paths.
* OMNI provides robust support for both Provider-Aggregated (PA) and
Provider-Independent (PI) addressing resulting in a best of all
worlds service for all Client use cases.
Templin Expires 17 October 2024 [Page 24]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Figure 3 depicts the architectural model for a source Client with an
attached ENET connecting to the OMNI link via multiple independent
*NETs. The Client's OMNI interface forwards adaptation layer IPv6 ND
solicitation messages over available *NET underlay interfaces using
any necessary L2 encapsulations. The IPv6 ND messages traverse the
*NETs until they reach an FHS Proxy/Server (FHS#1, FHS#2, ...,
FHS#n), which returns an IPv6 ND advertisement message and/or
forwards a proxyed version of the message over the SRT to an LHS
Proxy/Server near the target Client (LHS#1, LHS#2, ..., LHS#m). The
Hop Limit in IPv6 ND messages is not decremented due to
encapsulation; hence, the source and target Client OMNI interfaces
appear to be attached to a common link.
+--------------+
|Source Client |
+--------------+ (:::)-.
|OMNI interface|<-->.-(::ENET::)
+----+----+----+ `-(::::)-'
+--------|IF#1|IF#2|IF#n|------ +
/ +----+----+----+ \
/ | \
/ | \
v v v
(:::)-. (:::)-. (:::)-.
.-(::*NET:::) .-(::*NET:::) .-(::*NET:::)
`-(::::)-' `-(::::)-' `-(::::)-'
+-----+ +-----+ +-----+
... |FHS#1| ......... |FHS#2| ......... |FHS#n| ...
. +--|--+ +--|--+ +--|--+ .
. | | |
. \ v / .
. \ / .
. v (:::)-. v .
. .-(::::::::) .
. .-(::: Segment :::)-. .
. (::::: Routing ::::) .
. `-(:: Topology ::)-' .
. `-(:::::::-' .
. / | \ .
. / | \ .
. v v v
. +-----+ +-----+ +-----+ .
... |LHS#1| ......... |LHS#2| ......... |LHS#m| ...
+--|--+ +--|--+ +--|--+
\ | /
v v v
<-- Target Clients -->
Templin Expires 17 October 2024 [Page 25]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Figure 3: Source/Target Client Coordination over the OMNI Link
After the initial IPv6 ND message exchange, the source Client (as
well as any nodes on its attached ENETs) can send carrier packets to
the target Client via the OMNI interface. OMNI interface multilink
services will send the carrier packets via FHS Proxy/Servers for the
correct underlay *NETs. The FHS Proxy/Server then re-encapsulates
the carrier packets and sends them over the SRT which delivers them
to an LHS Proxy/Server, and the LHS Proxy/Server in turn re-
encapsulates and sends them to the target Client. (Note that when
the source and target Client are on the same SRT segment, the FHS and
LHS Proxy/Servers may be one and the same.)
Mobile Clients select a MAP Proxy/Server (not shown in the figure),
which will often be one of their FHS Proxy/Servers but could also be
any Proxy/Server on the OMNI link. Clients then register all of
their *NET underlay interfaces with the MAP Proxy/Server via per
interface FHS Proxy/Servers in a pure proxy role. The MAP Proxy/
Server then provides a designated router that advertises the Client's
MNPs into the OMNI link routing system, and the Client can quickly
migrate to a new MAP Proxy/Server if the former becomes unresponsive.
Clients therefore use Proxy/Servers as gateways into the SRT to reach
OMNI link correspondents via a spanning tree established in a manner
outside the scope of this document. Proxy/Servers forward critical
MS control messages via the secured spanning tree and forward other
messages via the unsecured spanning tree (see Security
Considerations). When AERO route optimization is applied, Clients
can instead forward directly to correspondents in the same SRT
segment to reduce Proxy/Server and/or Gateway load.
Note: while not shown in the figure, a Client's ENET may connect many
additional Hosts and even other Clients in a recursive extension of
the OMNI link. This OMNI virtual link extension will be discussed
more fully throughout the document.
Note: Original IP packets/parcels sent into an OMNI interface will
receive consistent consideration according to their size as discussed
in the following sections, while those sent directly over underlay
interfaces that exceed the underlay network path MTU are dropped with
an ordinary ICMP Packet Too Big (PTB) message returned. These PTB
messages are subject to loss the same as for any non-OMNI IP
interface [RFC2923].
Templin Expires 17 October 2024 [Page 26]
Internet-Draft IPv6 over OMNI Interfaces April 2024
5. OMNI Interface Maximum Transmission Unit (MTU)
The OMNI interface observes the link nature of tunnels, including the
Maximum Transmission Unit (MTU), Effective MTU to Send (EMTU_S),
Effective MTU to Receive (EMTU_R) and the role of fragmentation and
reassembly [I-D.ietf-intarea-tunnels]. The OMNI interface is
configured over one or more underlay interfaces as discussed in
Section 4, where underlay links and network paths may have diverse
MTUs. OMNI interface considerations for accommodating original IP
packets/parcels of various sizes are discussed in the following
sections.
IPv6 underlay interfaces are REQUIRED to configure a minimum MTU of
1280 octets and a minimum EMTU_R of 1500 octets [RFC8200].
Therefore, the minimum IPv6 path MTU is 1280 octets since routers on
the path are not permitted to perform network fragmentation even
though the destination is required to reassemble more. The network
therefore MUST forward original IP packets/parcels as large as 1280
octets without generating an IPv6 Path MTU Discovery (PMTUD) Packet
Too Big (PTB) message [RFC8201]. Since each OAL intermediate system
must configure an EMTU_R of at least 65535 octets (see: Section 6.3),
the source can apply "source fragmentation" for carrier packets as
large as that size but this does not affect the minimum IPv6 path
MTU.)
IPv4 underlay interfaces are REQUIRED to configure a minimum MTU of
68 octets [RFC0791] and a minimum EMTU_R of 576 octets
[RFC0791][RFC1122]. Therefore, when the Don't Fragment (DF) bit in
the IPv4 header is set to 0 the minimum IPv4 path MTU is 576 octets
since routers on the path support network fragmentation and the
destination is required to reassemble at least that much. The OMNI
interface therefore SHOULD set DF to 0 in the IPv4 encapsulation
headers of carrier packets no larger than 576 octets, and SHOULD set
DF to 1 in larger carrier packets unless it has a way to determine
the EMTU_R of the next OAL hop as discussed in Section 6.15. This
limitation is therefore relaxed by the requirement that each OAL
intermediate system must configure a minimum EMTU_R of 65535 octets
(see: Section 6.3) allowing for IPv4 fragmentation and reassembly for
larger carrier packets.
The OMNI interface itself sets an "unlimited" MTU of (2**32 - 1)
octets. The network layer therefore unconditionally admits all
original IP packets/parcels into the OMNI interface, where the
adaptation layer accommodates them if possible according to their
size. For each parcel that it accommodates, the OAL source within
the OMNI interface first performs "parcellation" if necessary to
break large parcels into smaller sub-parcels that can transit the OAL
path (see: Section 5.1). The OAL source then invokes adaptation
Templin Expires 17 October 2024 [Page 27]
Internet-Draft IPv6 over OMNI Interfaces April 2024
layer encapsulation/fragmentation services to transform all original
IP packets and (sub-)parcels no larger that 65535 octets into OAL
packets/fragments. The OAL source then applies L2 encapsulation and
fragmentation if necessary to form carrier packets and finally
forwards the carrier packets via underlay interfaces.
When the OAL source performs IPv6 encapsulation and fragmentation
(see: Section 6), the Fragment Offset field limits the maximum-sized
original IP packet/parcel that the OAL can accommodate while applying
IPv6 fragmentation to (2**16 - 1) = 65535 octets (plus the length of
the OAL encapsulation extension headers). The OAL source is also
permitted to forward packets/parcels larger than this size as a best-
effort delivery service if the L2 path can accommodate them through
"jumbo-in-jumbo" encapsulation (see: Section 5.2); otherwise, the OAL
source discards the packet and arranges to return a PTB "hard error"
to the original source (see: Section 6.9).
Each OMNI interface therefore sets a minimum EMTU_R of 65535 octets
(plus the length of the OAL encapsulation headers), and each OAL
destination must consistently either accept or reject still larger
whole packets that arrive over any of its underlay interfaces
according to their size. If an underlay interface presents a whole
packet larger than the OAL destination is prepared to accept (e.g.,
due to a buffer size restriction), the OAL destination discards the
packet and arranges to return a PTB "hard error" to the OAL source
which in turn forwards the PTB to the original source (see:
Section 6.9).
5.1. IP Parcels
As specified in [I-D.templin-6man-parcels2]
[I-D.templin-intarea-parcels2], an IP parcel is an IP jumbogram
variant for which an IPv6 Parcel Payload Option field encodes a value
between 256 and 65535 octets denoting the non-final transport layer
protocol segment length while the parcel body includes as many as 64
individual transport layer protocol segments. The Jumbo Payload
length field is modified to include a Parcel Index field plus flags
followed by a 22-bit Parcel Payload Length field which together
determine the size and number of transport layer segments included in
the parcel.
IP parcel "parcellation" and "reunification" procedures for OMNI
interfaces are specified in [I-D.templin-6man-parcels2]
[I-D.templin-intarea-parcels2], while OAL encapsulation and
fragmentation procedures are specified in Section 6.13 of this
document. The maximum-sized IP parcel that can be conveyed over an
OMNI interface using OAL parcellation and IPv6 fragmentation-based
assured delivery is one with 64 segments of 65535 (minus headers)
Templin Expires 17 October 2024 [Page 28]
Internet-Draft IPv6 over OMNI Interfaces April 2024
octets in length. (The OAL source can instead forward large parcels
as a best-effort service using jumbo-in-jumbo encapsulation if the
OAL/L2 path can accommodate them.)
IP parcels follow the same link models described for Advanced Jumbos
below. IP parcels that accumulate link errors on the path are
subject to error detection and correction at the final destination.
ENET end systems that implement either the full OMNI interface (i.e.,
Clients) or enough of the OAL to process parcels (i.e., Hosts) are
permitted to exchange parcels with consenting peers. This
accommodates nodes that connect to the OMNI link but do not assign
OAL addresses.
5.2. Advanced Jumbos (AJs)
While the maximum-sized original IP packet/parcel that the OAL can
accommodate using IPv6 fragmentation-based assured delivery is 65535
octets, OMNI interfaces can forward much larger singleton parcels
termed "Advanced Jumbos (AJs)" via jumbo-in-jumbo encapsulation as
specified in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2]. For
jumbo-in-jumbo encapsulation of large AJs, the OAL source appends an
OAL IPv6 header plus extensions then appends any L2 headers to
identify this as an AJ. Since the Jumbo Payload Length is 32 bits,
the largest possible AJ is limited to (2**32 - 1) octets minus the
lengths of any extension/encapsulation headers, or smaller still for
transmission over underlay interfaces that include additional
extensions/encapsulations.
Basic IPv6 jumbograms per [RFC2675] use the Jumbo Payload Option and
set the IPv6 Payload Length field to 0. IP parcels and AJs instead
use an adaptation of the IPv6 Minimum Path MTU option [RFC9268] known
as the Parcel Payload Option. The OAL/L2 source forwards basic
jumbograms and AJs as giant carrier packets using jumbo-in-jumbo
encapsulation, noting that traditional 32-bit link CRCs do not
provide adequate integrity protection for such large sizes [CRC]. If
a basic jumbogram is dropped along the path to the OAL destination,
the OAL source arranges to return an ICMP PTB "hard error" to the
original source. If a parcel/AJ is dropped, the OAL source instead
arranges to return ICMP PTB "soft errors" (see: Section 6.9).
AJs range in size from the largest possible unit as discussed above
to the smallest unit that includes only the headers and a small or
possibly even null payload. Intermediate hops forward AJs that
follow a new DTN link model for the Internet (instead of dropping)
even if link errors were incurred along the path. The AJ will then
arrive at the destination along with any cumulative link errors
Templin Expires 17 October 2024 [Page 29]
Internet-Draft IPv6 over OMNI Interfaces April 2024
collected on the path, then the final destination applies end-to-end
integrity checks and/or error correction while requesting
retransmission only as a last resort. This link model may be more
appropriate for delay/disruption-tolerant environments such as
anticipated for air/land/sea/space mobile Internetworking.
Advanced jumbo services for both IPv6 and IPv4 (including jumbo path
probing and jumbo-in-jumbo encapsulation) are specified in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2].
5.3. Control/Data Plane Considerations
The above sections primarily concern data plane aspects of the OMNI
interface MTU and describe the data plane service model offered to
the network layer. OMNI interfaces also internally employ a control
plane service based on IPv6 Neighbor Discovery (ND) messaging. These
control plane messages must be sent over secured underlay interfaces
(e.g., IPsec tunnels, secured direct point-to-point links, etc.) or
over unsecured paths but with an authentication signature included.
In all control plane path cases, the IPv6 minimum MTU of 1280 octets
must be assumed.
OMNI interfaces therefore offer an unlimited data plane MTU to the
network layer but set a more conservative MTU for the internal
control plane operation. OMNI interfaces assume a fixed control
plane path MTU of 1280 octets (minus OAL encapsulation overhead) for
transmission of IPv6 ND messages. OMNI interfaces should send
multiple smaller IPv6 ND messages instead of singleton larger
messages whenever possible to minimize fragmentation.
6. The OMNI Adaptation Layer (OAL)
When an OMNI interface forwards an original IP packet/parcel from the
network layer for transmission over one or more underlay interfaces,
the OMNI Adaptation Layer (OAL) acting as the OAL source applies IPv6
encapsulation to form OAL packets subject to OAL fragmentation
producing fragments suitable for L2 encapsulation and transmission as
carrier packets. These carrier packets may in turn be subject to IP
fragmentation over underlay interface paths as described in
Section 6.1. The carrier packets/fragments then travel over one or
more underlay networks spanned by OAL intermediate systems in the
SRT, which first perform L2 reassembly (if necessary) then re-
encapsulate by removing the L2 headers of the first underlay network
and appending L2 headers appropriate for the next underlay network in
succession while re-fragmenting if necessary. (This process supports
the multinet concatenation capability needed for joining multiple
diverse networks.) Following any forwarding by OAL intermediate
systems, the carrier packets arrive at the OAL destination.
Templin Expires 17 October 2024 [Page 30]
Internet-Draft IPv6 over OMNI Interfaces April 2024
When the OAL destination receives the carrier packets, it performs L2
reassembly (if necessary) then discards the L2 headers and
reassembles the resulting OAL fragments into an OAL packet as
described in Section 6.3. The OAL destination next decapsulates the
OAL packet to obtain the original IP packet/parcel which it then
delivers to the network layer. The OAL source may be either the
source Client or its FHS Proxy/Server, while the OAL destination may
be either the LHS Proxy/Server or the target Client. Proxy/Servers
(and SRT Gateways as discussed in [I-D.templin-6man-aero3]) may also
serve as OAL intermediate systems.
The OAL presents an OMNI sublayer abstraction similar to ATM
Adaptation Layer 5 (AAL5). Unlike AAL5 which performs segmentation
and reassembly with fixed-length 53-octet cells over ATM networks,
however, the OAL uses IPv6 encapsulation, fragmentation and
reassembly with larger variable-length cells over heterogeneous
networks. Detailed operations of the OAL are specified in the
following sections.
6.1. OAL Source Encapsulation and Fragmentation
When the network layer forwards an original IP packet/parcel into the
OMNI interface, it either sets the TTL/Hop Limit for locally-
generated packets or decrements the TTL/Hop Limit according to
standard IP forwarding rules. The OAL source next creates an "OAL
packet" by prepending an IPv6 encapsulation header in the spirit of
[RFC2473] but with Version set to "OMNI-OFH" (see: Section 6.2, with
Next Header set to TBD1 (see: IANA Considerations) and with the IPv6
encapsulation header followed by the original packet.
When IPv6 encapsulation is performed, the OAL source next copies the
"Type of Service/Traffic Class" [RFC2983] and "Explicit Congestion
Notification (ECN)" [RFC3168] values in the original packet/parcel's
IP header into the corresponding fields in the OAL IPv6 header, then
sets the IPv6 header "Flow Label" as specified in [RFC6438]. The OAL
source next sets the IPv6 header Payload Length to the length of the
original IP packet/parcel and sets Hop Limit to a value that MUST NOT
be larger than 63 yet is still sufficiently large to support loop-
free forwarding over multiple concatenated OAL intermediate hops.
The OAL source next selects OAL IPv6 source and destination
addresses. Client OMNI interfaces set the OAL source address to a
Unique Local Address (ULA) or Globally Unique Address (GUA) based on
MNPs/SNPs received from a Proxy/Server. When a Client OMNI interface
does not (yet) have a ULA/GUA, it can instead use a (Hierarchical)
Host Identity Tag ((H)HIT [RFC9374] as an OAL address.
Templin Expires 17 October 2024 [Page 31]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OAL source next inserts any necessary extension headers following
the IPv6 header as specified in Section 6.4. For OAL data plane
packets, the source first inserts any per-fragment extension headers
(e.g., Hop-by-Hop, Routing, etc.) then inserts an IPv6 Extended
Fragment Header (see: [I-D.templin-6man-ipid-ext2]) with an 8-octet
(64-bit) OAL packet Identification. Note that the extension header
insertions could cause the IPv6 Payload Length to exceed 65535 octets
by a small amount when the original IP packet is (nearly) the maximum
length. The OAL source then fragments the OAL packet if necessary
according to an OAL Fragment Size (OFS) maintained in AERO Forwarding
Vectors (AVFs) for each OAL destination. (OAL packets that are no
larger than the OFS and original IP packets/parcels larger than 65535
octets are instead processed as "atomic fragments".) OAL fragments
prepared by the source must not be fragmented further by OAL
intermediate systems on the path to the OAL destination.
OAL packets that contain original IP parcels no larger than
(64*65535) octets may be first subject to OMNI interface
parcellation, after which the (sub-)parcels (as well as OAL packets
that contain original IP packets no larger than 65535 octets) are
subject to OAL fragmentation-based assured delivery. Advanced Jumbos
(AJs) larger than 65535 octets (see: [I-D.templin-6man-parcels2]
[I-D.templin-intarea-parcels2]) are not eligible for OAL
fragmentation but instead engage a best effort jumbo-in-jumbo
encapsulation service as discussed in Section 5.2. (Note: the
original source can optionally elect this best-effort jumbo-in-jumbo
delivery service for any parcel/AJ regardless of its size.)
OAL fragmentation is conducted the same as for standard IPv6
fragmentation [RFC8200] with the exception that an Extended Fragment
Header is used and the IPv6 Payload Length may exceed 65535 by at
most the length of the extension headers. The OAL source MUST set a
"maximum OFS" to a size no smaller than 1024 octets and no larger
than 65279 octets and thereafter reduce or increase the "effective
OFS" according to dynamic network control message feedback. (Note
that these sizes allow for up to 256 octets of L2 encapsulation
relative to the IPv6 minimum MTU of 1280 octets and the maximum-sized
reassembled packet of 65535 octets.) Specifically, if an OAL
intermediate system or the OAL destination advertises a reduced size,
the OAL source SHOULD reduce the effective OFS accordingly (to a size
no smaller than 1024 octets) and can later increase the effective OFS
(to a size no larger than the maximum OFS) as network conditions
improve. When the OAL source performs fragmentation, it SHOULD
produce the minimum number of fragments under the effective OFS
constraints, where the fragments MUST be non-overlapping and the
portion of each non-final fragment following the IPv6 Extended
Fragment Header MUST be equal in length while that of the final
fragment may be a different length.
Templin Expires 17 October 2024 [Page 32]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OAL source discovers the maximum OFS by including an IPv6 Minimum
Path MTU Hop-by-Hop Option [RFC9268] in the OAL encapsulation header
of its Neighbor Solicitation (NS) / Neighbor Advertisement (NA)
exchanges over the secured spanning tree used to establish multilink
forwarding state (see: [I-D.templin-6man-aero3]). Each OAL
intermediate system on the path sets the minimum path MTU in the NS
message OAL extension header to the maximum OFS capable of traversing
the next segment. (Note that segments traversed by L2 encapsulations
such as IPsec tunnels can normally regard the MTU for their unsecured
overlay network segments as 65535 octets while those traversed by
direct point-to-point links and multihop MANET links must regard the
link MTU as a restricting size; therefore, each OAL intermediate
system MUST correctly recognize and honor the IPv6 Minimum Path MTU
Hop-by-Hop Option. Note also that OAL intermediate systems forward
the NS/NA messages in the control plane, but the returned MTU
reflects the maximum OFS for the data plane.) When the OAL
destination returns an NA message with an OAL header containing an
IPv6 Minimum Path MTU Hop-by-Hop Option, the OAL source can then set
the maximum OFS for this AFV by subtracting 256 from the returned
MTU. The OAL source can later adaptively increase or decrease the
effective OFS if it receives dynamic path MTU feedback from an OAL
intermediate node or destination with the understanding that larger
OFS sizes may provide better performance but also increase the
retransmission unit in case of loss.
During fragmentation, the OAL source replaces the IPv6 Extended
Fragment Header 1-octet "Reserved" field with OMNI-specific encodings
as shown in Figure 4:
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Parcel ID |P|S| | Ordinal |Res|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
a) First fragment a) Non-first fragment
Figure 4: IPv6 Extended Fragment Header Reserved Field Coding
For the first fragment (i.e., the one with Fragment Offset set to 0),
the OAL source sets "Parcel ID", "(P)arcel" and "More (S)egments" as
specified in Section 6.13. For each non-first fragment, the OAL
source instead writes a monotonically-increasing "Ordinal" value
between 1 and 63. Specifically, the OAL source writes the Ordinal
value '1' for the first non-first fragment, '2' for the second, '3'
for the third, etc. up to the final fragment. The first fragment is
logically considered Ordinal number '0' while the final fragment may
assign an Ordinal as large as '63'; therefore at most 64 fragments
are possible. During a network path change, an OAL intermediate
system may apply further OAL fragmentation to produce (sub-)fragments
no larger than the minimum OFS. The OAL destination will then
Templin Expires 17 October 2024 [Page 33]
Internet-Draft IPv6 over OMNI Interfaces April 2024
reassemble these (sub-)fragments along with all other fragments of
the same OAL packet and return rate-limited indications to inform the
OAL source that the path has changed.
The OAL source finally encapsulates the fragments in L2 headers to
form carrier packets for transmission over underlay interfaces, while
retaining the fragments and their ordinal numbers (i.e., #0, #1, #2,
etc.) for a brief period to support adaptation layer retransmissions
(see: Section 6.8). OAL fragment and carrier packet formats are
shown in Figure 5 (note that IPv4 carrier packets with DF=0 may
include trailing checksums ("Csum") as discussed in Section 6.2).
+----------+-------------------------+---------------+
|OAL Header| Original Packet Headers | Frag #0 |
+----------+-------------------------+---------------+
+----------+----------------+
|OAL Header| Frag #1 |
+----------+----------------+
+----------+----------------+
|OAL Header| Frag #2 |
+----------+----------------+
....
+----------+----------------+
|OAL Header| Frag #(N-1) |
+----------+----------------+
a) OAL fragmentation
+----------+-----------------------------+
|OAL Header| Original IP packet/parcel |
+----------+-----------------------------+
b) An OAL atomic fragment
+--------+----------+----------------+------+
|L2 Hdrs |OAL Header| Frag #i | Csum |
+--------+----------+----------------+------+
c) OAL carrier packet after L2 encapsulation
Figure 5: OAL Fragments and Carrier Packets
Templin Expires 17 October 2024 [Page 34]
Internet-Draft IPv6 over OMNI Interfaces April 2024
6.2. OAL L2 Encapsulation and Re-Encapsulation
The OAL source or intermediate system next encapsulates each OAL
fragment (with either full or compressed headers) in L2 encapsulation
headers to create a carrier packet. The OAL source or intermediate
system (i.e., the L2 source) includes a UDP header as the innermost
sublayer if NATs and/or filtering middleboxes might occur on the
path. Otherwise, the L2 source includes a full/compressed IP header
and/or an actual link layer header (e.g., such as for Ethernet-
compatible links) as the innermost sublayer. The L2 source also
appends any additional encapsulation sublayer headers necessary
(e.g., IPsec AH/ESP, jumbo-in-jumbo encapsulation, etc.).
The L2 source encapsulates the OAL information immediately following
the innermost L2 sublayer header. The L2 source next interprets the
first 4 bits following the L2 headers as a Type field that determines
the type of OAL header that follows. The OAL source sets Type to
(OMNI-OFH) for an uncompressed IPv6 OMNI Full Header (OFH) or (OMNI-
OCH1/2) for an OMNI Compressed Header, Type 1 (OCH1) or 2 (OCH2) as
specified in Section 6.5. For IP packets/parcels that do not include
an OAL IPv6 encapsulation header, the L2 source instead interprets
the first 4 bits as a Version field that encodes '4' (OMNI-IP4) for
an ordinary IPv4 packet/parcel or '6' (OMNI-IP6) for an ordinary IPv6
packet/parcel. Other Type values (including a Type for a Hop-by-Hop
Options header that includes a Parcel Payload Option) may also appear
as specified in Section 6.5.
The OAL node prepares the L2 encapsulation headers for OAL packets/
fragments as follows:
Templin Expires 17 October 2024 [Page 35]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* For UDP/IP encapsulation, the L2 source sets the UDP source port
to 8060 (i.e., the port number reserved for AERO/OMNI). When the
L2 destination is a Proxy/Server or Gateway, the L2 source sets
the UDP destination port to 8060; otherwise, the L2 source sets
the UDP destination port to its cached port number value for the
peer. The L2 source next sets the UDP Length the same as
specified in [I-D.ietf-tsvwg-udp-options]. (If the OAL packet is
submitted for jumbo-in-jumbo encapsulation, the L2 source instead
includes a Hop-by-Hop Options header with a Parcel Payload Option
with Advanced Jumbo Type 0 following the L2 UDP/IP header with the
length of the L2 UDP header included in the Jumbo Payload Length.)
The L2 source then sets the IP {Protocol, Next Header} to '17'
(the UDP protocol number) and sets the {Total, Payload} Length the
same as specified in the base IP protocol specifications for IP
parcels and Advanced Jumbos
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2] or for
ordinary IP packets
[RFC0791][RFC8200][I-D.ietf-tsvwg-udp-options]. The L2 source
then continues to set the remaining IP header fields as discussed
below.
* For raw IP encapsulation, the L2 source sets the IP {Protocol,
Next Header} to TBD1 (see: IANA Considerations) and sets the
{Total, Payload} Length the same as specified in [RFC0791] or
[RFC8200]. (If the OAL header includes a Parcel Payload Option
with an Advanced Jumbo Type, the L2 source includes an Parcel
Payload Option with AJ Type 0 in the L2 IP header.) The L2 source
then continues to set the remaining IP header fields as discussed
below.
* For IPsec AH/ESP encapsulation, the L2 source sets the appropriate
IP or UDP header to indicate AH/ESP then sets the AH/ESP Next
Header field to TBD1 the same as for raw IP encapsulation.
* For direct encapsulations over Ethernet-compatible links, the L2
source prepares an Ethernet Header with EtherType set to TBD2
(see: Section 24.2) (see: Section 7).
* For OAL packet/fragment encapsulations over secured underlay
interface connections to the secured spanning tree, the L2 source
applies any L2 security encapsulations according to the protocol
(e.g., IPsec). These secured carrier packets are then subject to
lower layer security services including fragmentation and
reassembly.
When an L2 source includes a UDP header, it SHOULD calculate and
include a UDP checksum in carrier packets with full OAL headers to
prevent mis-delivery and/or detect IPv4 reassembly corruption; the L2
Templin Expires 17 October 2024 [Page 36]
Internet-Draft IPv6 over OMNI Interfaces April 2024
source MAY set UDP checksum to 0 (disabled) in carrier packets with
compressed OAL headers (see: Section 6.5) or when reassembly
corruption is not a concern. If the L2 source discovers that a path
is dropping carrier packets with UDP checksums disabled, it should
supply UDP checksums in future carrier packets sent to the same L2
destination. If the L2 source discovers that a path is dropping
carrier packets that do not include a UDP header, it should include a
UDP header in future carrier packets.
When an L2 source sends carrier packets with compressed OAL headers
and with UDP checksums disabled, mis-delivery due to corruption of
the AERO Forwarding Vector Index (AFVI) is possible but unlikely
since the corrupted index would somehow have to match valid state in
the (sparsely-populated) AERO Forwarding Information Base (AFIB). In
the unlikely event that a match occurs, an OAL destination may
receive carrier packets that contain a mis-delivered OAL fragment but
can immediately reject any with incorrect Identifications. If the
Identification value is somehow accepted, the OAL destination may
submit the mis-delivered OAL fragment to the reassembly cache where
it will most likely be rejected due to incorrect reassembly
parameters. If a reassembly that includes the mis-delivered OAL
fragment somehow succeeds (or, for atomic fragments) the OAL
destination will verify any included checksums to detect corruption.
Finally, any spurious data that somehow eludes all prior checks will
be detected and rejected by end-to-end upper layer integrity checks.
See: [RFC6935] [RFC6936] for further discussion.
For UDP/IP or IP-only L2 encapsulations, when the L2 source is also
the OAL source it next copies the "Type of Service/Traffic Class"
[RFC2983] and "Explicit Congestion Notification (ECN)" [RFC3168]
values in the OAL header into the corresponding fields in the L2 IP
header, then (for IPv6) set the L2 IPv6 header "Flow Label" as
specified in [RFC6438]. The L2 source then sets the L2 IP TTL/Hop
Limit the same as for any host (i.e., it does not copy the Hop Limit
value from the OAL header) and finally sets the source and
destination IP addresses to direct the carrier packet to the next OAL
hop. For carrier packets subject to re-encapsulation, the OAL
intermediate system as the L2 source reassembles if necessary then
removes the L2 header(s). The L2 source then decrements the OAL
header Hop Limit and discards the OAL packet/fragment if the value
reaches 0. The L2 source then copies the Type of Service/Traffic
Class and ECN values from the previous segment L2 encapsulation
header into the next segment L2 encapsulation header while setting
the next segment L2 source and destination IP addresses the same as
above. (The L2 source also writes the ECN value into the OAL full/
compressed header.)
Templin Expires 17 October 2024 [Page 37]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The L2 source then applies source fragmentation if necessary by
inserting an IPv6 Fragment Header between the L2 headers and the
(compressed) OAL header then applying IP fragmentation per [RFC8200]
or [I-D.herbert-ipv4-eh] to produce carrier packet fragments no
larger than the current Carrier Fragment Size (CFS). (Note that the
OMNI protocol L2 headers appear in each fragment and the Fragment
Header Next Header field is adjusted as described in Section 6.4
following fragmentation.) The L2 source should prepare carrier
packet fragments no larger than 1280 octets (i.e., the IPv6 minimum
MTU) until it can determine whether a larger CFS is possible, e.g.,
through dynamic path probing to the L2 destination. For IPv4, until
a probed CFS is determined the L2 source must set DF to 0 and include
ancillary integrity checks; these IPv4 carrier packet fragments may
be (further) fragmented by intermediate systems in the L2 network.
For UDP/IPv4 carrier packets/fragments that set DF to 0, the L2
source calculates the UDP checksum and also includes a trailing
2-octet IPv4 reassembly checksum as specified in Appendix A. The L2
source calculates the checksums simultaneously in a single pass over
the UDP pseudo-header plus the remainder of the packet following the
header, then writes the UDP result in the UDP header and the IPv4
fragmentation result as the final 2 octets of the packet while
incrementing the IPv4 length by 2. For raw IPv4 carrier packet
(re-)encapsulation with DF set to 0, the source instead includes a
trailing 2-octet IPv4 payload checksum followed by a 2-octet IPv4
reassembly checksum (calculated as above) while incrementing the IPv4
length by 4. The source calculates the IPv4 payload checksum the
same as specified for UDP checksums [RFC0768], except that instead of
the UDP length the pseudo header includes the length of the IPv4
payload only without including the IPv4 header or trailing checksum
lengths. The source calculates the IPv4 payload and reassembly
checksums simultaneously in a single pass over the pseudo header plus
IPv4 payload the same as for the UDP case without extending to cover
the trailing checksum fields themselves. (In both the UDP/IPv4 and
raw IPv4 cases, the trailing checksum lengths will not cause the
carrier packet to exceed 65535 octets since each OAL fragment
reserves space for up to 256 L2 encapsulation octets.)
The L2 source then sends the resulting carrier packet fragments over
one or more underlay interfaces. Underlay interfaces often connect
directly to physical media on the local platform (e.g., an aircraft
with a radio frequency link, a laptop computer with WiFi, etc.), but
in some configurations the physical media may be hosted on a separate
Local Area Network (LAN) node. In that case, the OMNI interface can
establish a Layer-2 VLAN or a point-to-point tunnel (at a layer below
the underlay interface) to the node hosting the physical media. The
OMNI interface may also apply encapsulation at the underlay interface
layer (e.g., as for a tunnel virtual interface) such that carrier
Templin Expires 17 October 2024 [Page 38]
Internet-Draft IPv6 over OMNI Interfaces April 2024
packets would appear "double-encapsulated" on the LAN; the node
hosting the physical media in turn removes the LAN encapsulation
prior to transmission or inserts it following reception. Finally,
the underlay interface must monitor the node hosting the physical
media (e.g., through periodic keepalives) so that it can convey up-
to-date Interface Attribute information to the OMNI interface.
Note: UDP/IPv4 and IPv4 L2 encapsulations that use IPsec AH/ESP do
not include payload or reassembly integrity checks since the security
encapsulations already include strong integrity checks.
Note: the L2 source must include a suitable Identification value in
the IPv6 Fragment Header when it performs source fragmentation and
must also include a suitable Identification value in the IPv4 header
when it sets DF=0.
6.2.1. Carrier Fragment Size (CFS) Determination
For paths that cannot rely on network fragmentation to deliver
carrier packets that exceed the path MTU, the L2 source should
actively probe the path to determine the largest possible Carrier
Fragment Size (CFS) for the L2 destination under current path
conditions. The L2 source conducts probing in the spirit of
"Packetization Layer Path MTU Discovery for Datagram Transports"
[RFC8899] using a probe packet such as an NS message that includes
Nonce and Timestamp options [RFC3971] plus a discard trailing packet
attachment as specified in Section 6.10. The L2 source then
encapsulates the message in L2 headers as a whole carrier packet and
sends the message over the unsecured underlay interface (for IPv4,
the L2 source also sets the probe packet DF flag to 1.)
Prior to any probing, the L2 source assumes a nominal CFS of 1280
octets (the IPv6 minimum MTU) for both IPv6 and IPv4. Since this
size is greater than the IPv4 minimum MTU, the L2 source must set the
DF bit to 0 in each carrier packet to increase the likelihood that it
will reach the L2 destination. When the L2 source sets DF to 0, it
must include IPv4 payload/reassembly checksum(s) as discussed above.
When the L2 source engages probing, it will receive NA responses from
the L2 destination to confirm delivery of its OAL and L2 encapsulated
padded NS messages. When the L2 source receives an NA with a
matching Nonce, it can then advance CFS to the size of the NS probe.
The L2 source must then continuously probe to confirm the current CFS
or advance to even larger CFS values using the probing strategies
specified in [RFC8899].
Templin Expires 17 October 2024 [Page 39]
Internet-Draft IPv6 over OMNI Interfaces April 2024
After the L2 source confirms a CFS through probing, it can send
carrier packet fragments up to CFS octets in length and with DF set
to 1 for IPv4. If the path changes, the L2 source may receive a PTB
message from a router on the path and should then reduce and/or re-
probe the CFS accordingly.
6.3. Reassembly and Decapsulation
All OAL intermediate systems and destinations MUST configure an L2
EMTU_R of 65535 octets on all unsecured underlay interfaces to enable
successful reassembly of fragmented carrier packets no larger than
that size (conversely, secured underlay interfaces use an EMTU_R
specific to the L2 security service such as IPsec). OAL nodes are
permitted to accept still larger unfragmented parcels/AJs as a best-
effort service. OAL nodes must further recognize and honor the
extended Identifications included in the IPv6 Extended Fragment
Header [I-D.templin-6man-ipid-ext2].
When an OAL node reassembles an IPv4 or IPv6 carrier packet, it
accepts the reassembled packet following UDP checksum verification if
necessary. When an OAL node reassembles an IPv4 carrier packet with
DF set to 0, it must verify both the UDP or IPv4 payload checksum and
the IPv4 reassembly checksum. The OAL node then accepts the
reassembled packet only if the included checksums are correct, then
trims the trailing payload/reassembly checksum(s) by decrementing the
IPv4 length before processing the packet further. When an OAL node
detects a checksum error or failed reassembly for either IPv4 or IPv6
carrier packets, and the IP first fragment includes enough of the OAL
packet header, the OAL node returns a uNA message with an OMNI
Fragmentation Report (FRAGREP) option to the OAL source as specified
in Section 6.8. The FRAGREP provides immediate feedback allowing the
OAL source to quickly retransmit the OAL fragment(s) lost due to
corruption.
If the carrier packet encodes OMNI L2 extension headers per
Section 6.4, the OAL node instead removes the UDP header if necessary
and submits the packet for IPv6 extension header processing per
[RFC8200] (while converting IPv4/Ethernet headers to IPv6 and
converting IPv4/EUI addresses to IPv6 compatible addresses if
necessary as specified above). The OAL node first sets the IPv6 Next
Header field to the 8 bit protocol value for the first extension.
When an (Extended) Fragment Header is included, the OAL node performs
L2 reassembly per the IPv6 extension header parameters.
When an OMNI interface processes a (reassembled) carrier packet from
an underlay interface, it copies the ECN value from the L2
encapsulation headers into the OAL header if the carrier packet
contains an OAL first-fragment. The OMNI interface next discards the
Templin Expires 17 October 2024 [Page 40]
Internet-Draft IPv6 over OMNI Interfaces April 2024
L2 encapsulation headers and examines the OAL header of the enclosed
OAL fragment according to the value in the Type field as discussed in
Section 6.2. If the OAL fragment is addressed to a different node,
the OMNI interface (acting as an OAL intermediate system) performs L2
encapsulation and fragmentation if necessary then forwards while
decrementing the OAL Hop Limit as discussed in Section 6.2. If the
OAL fragment is addressed to itself, the OMNI interface (acting as an
OAL destination) accepts or drops the fragment based on the (Source,
Destination, Identification)-tuple.
The OAL destination next drops all ordinal OAL non-first fragments
that would overlap or leave "holes" with respect to other ordinal
fragments already received. The OAL destination updates a checklist
of accepted ordinal fragments of the same OAL packet but admits all
accepted fragments into the reassembly cache.
During reassembly at the OAL destination, the reassembled OAL packet
may exceed 65535 by a small amount equal to the size of the OAL
encapsulation extension headers. The OAL destination does not write
this (too-large) value into the OAL header Payload Length field, but
rather remembers the value during reassembly. When reassembly is
complete, the OAL destination finally removes the OAL headers. The
OAL destination then delivers the original IP packet/parcel to the
network layer. The original IP packet/parcel may therefore be as
large as 65535 octets, or larger still for large parcels/AJs
delivered through jumbo-in-jumbo encapsulation without invoking
fragmentation.
When an OAL path traverses an IPv6 network with routers that perform
adaptation layer forwarding based on full IPv6 headers with OAL
addresses, the OAL intermediate system at the head of the IPv6 path
forwards the OAL packet/fragment the same as an ordinary IPv6 packet
without decapsulating and delivering to the network layer. Once
within the IPv6 network, these OAL packets/fragments may traverse
arbitrarily-many IPv6 hops before arriving at an OAL intermediate
system which may again encapsulate the OAL packets/fragments as
carrier packets for transmission over underlay interfaces.
Note: carrier packets often traverse paths with underlying links that
use integrity checks such as CRC-32 which provide adequate hop-by-hop
integrity assurance for payloads up to ~9K octets [CRC]. However,
other paths may traverse links (such as fragmenting tunnels over IPv4
- see: [RFC4963]) that do not include adequate checks. The end-to-
end integrity checks in IP parcels and AJs therefore allow the final
destination to detect any link errors that may have accumulated along
the path even if the links themselves do not provide adequate error
checking.
Templin Expires 17 October 2024 [Page 41]
Internet-Draft IPv6 over OMNI Interfaces April 2024
6.4. OMNI-Encoded IPv6 Extension Headers
The IPv6 specification [RFC8200] defines extension headers that
follow the base IPv6 header, while Upper Layer Protocols (ULPs) are
specified in other documents. Each extension header present is
identified by a "Next Header" octet in the previous (extension)
header and encodes a "Next Header" field in the first octet that
identifies the next extension header or ULP instance. The OMNI
specification supports encoding of IPv6 extension header chains
immediately following the OMNI L2 UDP, IP or Ethernet header even if
the L2 IP protocol version is IPv4. In all cases, the length of the
IPv6 extension header chain is limited by [I-D.ietf-6man-eh-limits].
The OAL source prepares an OMNI extension header chain by setting the
first 4 bits of the first IPv6 extension header in the chain to a
Type value for the extension header itself immediately following the
OMNI L2 protocol header. The source then sets the next 4 bits to a
Next value that identifies either a terminating ULP or the next
extension header in the chain. The source then sets the first 8 bits
of each subsequent IPv6 extension header in the chain to the standard
Next Header encoding as shown in Figure 6:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ OMNI L2 UDP, IP or Ethernet Header ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Next | Extension Header #1 ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Extension Header #2 ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Extension Header #3 ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... ... ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Extension Header #N ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ OMNI Full/Compressed, IPv6/IPv4, TCP/UDP, ICMPv6, ESP, etc. ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: OMNI Extension Header Chains
The following Type/Next values are currently defined:
0 (OMNI-RES) - Reserved for experimentation.
1 (OMNI-OCH1) - OMNI Compressed Header, Type 1 per Section 6.5.
Templin Expires 17 October 2024 [Page 42]
Internet-Draft IPv6 over OMNI Interfaces April 2024
2 (OMNI-OCH2) - OMNI Compressed Header, Type 2 per Section 6.5.
3 (OMNI-OFH) - OMNI Full Header, per Section 6.5.
4 (OMNI-IP4) - IPv4 header per [RFC0791].
5 (OMNI-HBH) - Hop-by-Hop Options per Section 4.3 of [RFC8200].
6 (OMNI-IP6) - IPv6 header per [RFC8200].
7 (OMNI-RH) - Routing Header per Section 4.4 of [RFC8200].
8 (OMNI-FH) - Fragment Header per Section 4.5 of [RFC8200].
9 (OMNI-DO) - Destination Options per Section 4.6 of [RFC8200].
10 (OMNI-AH) - Authentication Header per [RFC4302].
11 (OMNI-ESP) - Encapsulating Security Payload per [RFC4303].
12 (OMNI-NNH) - No Next Header per Section 4.7 of [RFC8200].
13 (OMNI-TCP) - TCP Header per [RFC9293].
14 (OMNI-UDP) - UDP Header per [RFC0768].
15 (OMNI-ULP) - Upper Layer Protocol shim (see below).
Entries OMNI-OCH1 through OMNI-AH in the above list follow the
convention that the OMNI Type/Version appears in the first 4 bits of
the extension header (or IP header) itself. Conversely, entries
OMNI-ESP through OMNI-UDP represent commonly-used ULPs which do not
encode a Type/Version in the first 4 bits.
Entries OMNI-HBH, OMNI-RH, OMNI-FH, OMNI-DO and OMNI-AH represent
true IPv6 extension headers encoded for OMNI, which may be chained.
Source and destination processing of OMNI extension headers follows
exactly per their definitions in the normative references, with the
exception of the special (Type, Next) coding in the first 8 bits of
the first extension header.
When a ULP not found in the above table immediately follows the OMNI
L2 UDP, IP or Ethernet header, the source includes a 2-octet "Type 1
ULP Shim" before the ULP where both the first 4 bit (Type) and next 4
bit (Next) fields encode the special value 15 (OMNI-ULP). The source
then includes a Next Header field that encodes the IP protocol number
of the ULP. The source then includes the ULP data immediately after
the shim as shown in Figure 7.
Templin Expires 17 October 2024 [Page 43]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Type=15|Next=15| Next Header | Upper Layer Protocol ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: OMNI Upper Layer Protocol (ULP) Shim (Type 1)
When a ULP "OMNI-(N)" found in the above table immediately follows
the OMNI L2 UDP, IP or Ethernet header, the source includes a 1-octet
"Type 2 ULP Shim" before the ULP where the first 4 bits encode the
special Type value 15 (OMNI-ULP) and the next 4 bits encode the Next
ULP type "N" taken from the table above. The source then includes
the ULP data immediately after the shim as shown in Figure 8.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Type=15| Next=N| Upper Layer Protocol ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: OMNI Upper Layer Protocol (ULP) Shim (Type 2)
When a ULP not found in the above table follows a first OMNI
extension header, the source sets the extension header Next field to
OMNI-ULP (15) and includes a 1-octet "Type 3 ULP Shim" that encodes
the IP protocol number for the Next Header of the ULP data that
follows as shown in Figure 9.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Upper Layer Protocol ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9: OMNI Upper Layer Protocol (ULP) Shim (Type 3)
When a ULP "OMNI-(N)" found in the above table follows a first OMNI
extension header, the source sets the extension header Next field to
the ULP Type "N" and does not include a shim. The ULP then begins
immediately after the first OMNI extension header.
When a ULP of any kind follows a non-first OMNI extension header, the
source sets the extension header Next Header field to the IP protocol
number for the ULP and does not include a shim. The ULP then begins
immediately after the non-first OMNI extension header.
Note: The L2 UDP header (when present) is logically considered as the
first L2 extension header in the chain. If an Advanced Jumbo
extension header is also present, its Jumbo Payload length includes
the length of the L2 UDP header.
Templin Expires 17 October 2024 [Page 44]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note: After a node parses the extension header chain, it changes the
"Type/Next" field in the first extension header back to the correct
"Next Header" value before processing the first extension header.
6.5. OMNI Full and Compressed Headers (OFH/OCH)
OAL sources that send OAL packets with OMNI Full Headers (OFH)
include a Compressed Routing Header (CRH)
[I-D.ietf-6man-comp-rtg-hdr] and IPv6 Extended Fragment Header
extensions for segment-by-segment forwarding based on an AERO
Forwarding Information Base (AFIB) in each OAL intermediate system.
OAL sources, intermediate systems and destinations establish AFIB an
header compression state through IPv6 ND NS/NA message exchanges.
After an initial NS/NA exchange, OAL nodes can apply OMNI Header
Compression to significantly reduce header overhead.
OAL nodes apply header compression in order to avoid transmission of
redundant data found in the original IP packet and OAL encapsulation
headers; the resulting compressed headers are often significantly
smaller than the original IP packet header itself even when OAL
encapsulation is applied. Header compression is limited to the OAL
IPv6 encapsulation header plus extensions along with the base
original IP packet header; it does not extend to include any
extension headers of the original IP packet which appear as upper
layer payload immediately following the compressed headers.
Each OAL node establishes AFIB soft state entries known as AERO
Forwarding Vectors (AFVs) which support both OAL packet/fragment
forwarding and OAL/IPv6 header compression/decompression. For FHS
OAL sources, each AFV is referenced by a single AERO Forwarding
Vector Index (AFVI) which in conjunction with the previous hop L2ADDR
provides compression/decompression and next hop forwarding context.
When an OAL node sends carrier packets that contain OAL packets/
fragments to a next hop, it includes an OFH with a CRH containing
AFVI forwarding information followed by an Extended Fragment Header.
If the OAL source applied OAL encapsulation, the first 4 bits
following the L2 headers must encode the Type OMNI-OFH to signify
that an uncompressed OFH (plus extensions) is present; otherwise, the
first 4 bits must encode the value OMNI-IP6 as a Type/Version value
for IPv6. The CRH include a single 32-bit AFVI (as CRH-32) and with
Segments Left set to 1.
Templin Expires 17 October 2024 [Page 45]
Internet-Draft IPv6 over OMNI Interfaces April 2024
When an OAL intermediate system forwards an OAL packet, it determines
the AFVI for the next OAL hop by using the AFVI included in the CRH
to search for a matching AFV. The OAL intermediate system then
writes the next hop AFVI into the CRH and forwards the OAL packet to
the next hop without decrementing Segments Left. This same AFVI re-
writing progression begins with the OAL source then continues over
all OAL intermediate nodes and finally ends at the OAL destination.
Whenever possible, the OAL source should omit significant portions of
the OAL header (plus extensions) and original IP packet header by
applying OMNI header compression when AFV state is available. For
OAL first fragments (including atomic fragments), the OAL node uses
OMNI Compressed Header, Type 1 (OCH1) Format (a) as shown in
Figure 10:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Traffic Class | Hop Limit | Parcel ID |P|S|R|Q|C|F|A|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OAL Identification (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFVI (2 or 4 octets) / Payload Len (0 or 2 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| L3 Next Header| L3 Hop Limit |Header Checksum (0 or 2 octets)|
+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
Figure 10: OMNI Compressed Header (OCH1) Format (a)
The format begins with a 4-bit Type followed by the 8-bit Traffic
Class (copied into the OAL header from the original IP packet header)
followed by a 6-bit (OAL) Hop Limit, a 6-bit Parcel ID with 2 P/S
flag bits followed by a Res(erved) bits and 5 flag bits. The header
next includes the 4 least significant octets of the OAL
Identification followed by a 2/4-octet AFVI according to whether the
A flag is set to 0/1, respectively. The format then includes a
2-octet Payload Length only if the L2 header does not include a
length field. The format finally includes the Next Header and Hop
Limit values from the original (L3) IP packet header, plus a 2-octet
Header Checksum only if the C flag is set. (Note that these values
represent compression of the original IP packet header plus the OFH
header along with its the CRH-32 and Extended Fragment Header in a
unified concatenation.)
The OAL node sets Type to OMNI-OCH1, sets Hop Limit to the minimum of
the uncompressed OAL header Hop Limit and 63 and sets the ECN bits in
the Traffic Class field the same as for an uncompressed IP header.
The OAL node next sets (F)irst to 1 as a first fragment then sets
(M)ore Fragments, Parcel ID, ((P)arcel, and More (S)egments the same
as for an uncompressed Extended Fragment Header. The OAL node
Templin Expires 17 October 2024 [Page 46]
Internet-Draft IPv6 over OMNI Interfaces April 2024
finally sets the L3 Next Header and Hop Limit fields to the values
that would appear in the uncompressed original IP header; the OAL
node also sets C to 1 and includes a 2-octet Header Checksum for IPv4
original packets, or sets C to 0 and omits the Header Checksum for
IPv6 original packets.
The payload of the OAL first fragment (i.e., beginning after the
original IP header) is then included immediately following the OCH1
header, and the L2 header length field (if present) is reduced by the
difference in length between the compressed and full-length headers.
If the L2 header includes a length field, the OAL destination can
determine the payload length by examining the L2 header; otherwise,
the OCH1 header itself includes a 2-octet Payload Length field that
encodes the length of the packet payload (or first fragment) that
follows the OCH1. Note that first fragments (and atomic packets) are
logically considered Ordinal fragment 0 even though no Ordinal value
is transmitted.
When the OAL source has multiple original atomic IP packets enqueued
that would include identical original IP headers (except for the
Payload Length), it can set the (Q)ueued flag and perform "compressed
packing" (see: Section 6.10). When the Q flag is set, the M flag
MUST be 0, meaning that the payload MUST NOT extend beyond the first
fragment. The Payload Length field MUST be included, but encodes the
length of the first queued packet payload only. The OCH1 header is
then followed by the payload of the first queued packet (i.e., with
the IP header removed) which is followed by a second Payload Length
field that encodes the length of the second queued packet payload.
The second Payload Length is then followed by the payload of the
second queued packet which is followed by a third Payload Length (and
possibly also a third packet payload), etc., until a final Payload
Length field that encodes the value 0 appears. When the OAL
destination receives an OCH1 OAL packet with the Q flag set, it
extracts each packet payload (while appending the original IP header
with only the Payload Length values differing) by following the chain
of Payload Length fields present.
For OAL non-first fragments (i.e., those with non-zero Fragment
Offsets), the OAL uses OMNI Compressed Header, Type 1 (OCH1) Format
(b) as shown in Figure 11:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Hop Limit | Ordinal | Fragment Offset |F|A|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFVI (2 or 4 octets) / Payload Len (0 or 2 octets) |
+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
Templin Expires 17 October 2024 [Page 47]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Figure 11: OMNI Compressed Header (OCH1) Format (b)
The format begins with a 4-bit Type, a 6-bit OAL Hop Limit, a 6-bit
Ordinal, a 13-bit Fragment Offset, a (F)irst flag, an (A)FVI
extension flag and a (M)ore Fragments flag. The format next includes
the least-significant 4 octets of the OAL Identification followed by
a 2/4-octet AFVI according to the A flag followed by a 0/2-octet
Payload Length field the same as for an OCH1 first fragment.
The OAL node sets Type to OMNI-OCH1, sets Hop Limit to the minimum of
the uncompressed OAL header Hop Limit and 63, and sets (Ordinal,
Fragment Offset, (F)irst, (M)ore Fragments, Identification) to their
appropriate values as a non-first fragment. In particular, the OAL
Node sets Ordinal to a monotonically increasing value beginning with
1 for the first non-first fragment, 2 for the second non-first
fragment, 3 for the third non-first fragment, etc., up to at most 63
for the final fragment.
The OAL non-first fragment body is then included immediately
following the OCH1 header, and the L2 header length field (if
present) is reduced by the difference in length between the
compressed headers and full-length original IP header with OFH plus
extensions. The OAL destination will then be able to determine the
Payload Length by examining the L2 header length field if present;
otherwise by examining the 2-octet OCH1 Payload Length the same as
for first fragments.
The OCH1 Format (a) is used for all original IPv6 packets that do not
include a Fragment Header as well as for original IPv4 packets that
set IHL to 4, DF to 1 and (MF; Fragment Offset) to 0 (the OCH1 Format
(b) is used for all non-first fragments regardless of the original IP
version). For other "non-atomic" original IP packets and first
fragments, the OAL uses the "Type 2" OMNI Compressed Header (OCH2)
format shown in Figure 12:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Traffic Class | Hop Limit | Parcel ID |P|S| zero |A|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OAL Identification (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFVI (2 or 4 octets) / Payload Len (0 or 2 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| L3 Next Header| L3 Hop Limit | Fragment Offset |Res|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 Identification |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 12: OMNI Compressed Header, Type 2 (OCH2) Format (a)
Templin Expires 17 October 2024 [Page 48]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type |Type of Service| Hop Limit | Parcel ID |P|S| IHL |A|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OAL Identification (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFVI (2 or 4 octets) / Payload Len (0 or 2 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 13: OMNI Compressed Header, Type 2 (OCH2) Format (b)
In the above format, the first 10-12 octets of the OCH2 include the
same information that would appear in the first 10-12 octets of a
corresponding OCH1 header with the exception that the (R, Q, C, F)
flags are replaced by a 4-bit value 0 ("zero") for IPv6 packets
(format a) or a 4-bit Internet Header Length (IHL) field that uses
the same semantics as the field of the same name in an uncompressed
IPv4 header (format b). The OCH2 next includes a 2-octet Payload Len
field only if the L2 header does not include a length field;
otherwise, the field is omitted.
The remainder of the OCH2 format (a) includes the same fields that
would appear in an uncompressed IPv6 header plus Fragment Header
extension per [RFC8200], while the remainder of format (b) includes
the same fields that would appear in an uncompressed IPv4 header per
[RFC0791]. In both cases, the Source and Destination addresses are
not transmitted. (Note that packing is not supported with the OCH2
format since each non-atomic IP packet header will include different
values.)
When an OAL destination or intermediate system receives a carrier
packet, it determines the length of the encapsulated OAL information
and verifies that the innermost L2 next header field indicates OMNI
(see: Section 6.2), then processes any included OMNI L2 extension
headers as specified in Section 6.4. The OAL destination then
examines the Next Header field of the final L2 extension header. If
the Next Header field contains the value TBD1, and the 4-bit Type
that follows encodes a value OMNI-IP6, OMNI-OFH, OMNI-OCH1 or OMNI-
OCH2 the OAL node processes the remainder of the OAL header as a full
or compressed header as specified above.
Templin Expires 17 October 2024 [Page 49]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OAL node then uses the AFVI to locate the cached AFV which
determines the next hop. During forwarding for compressed headers,
the OAL node changes the OCH AFVI to the cached value for the AFV
next hop. If the OAL node is the destination, it instead
reconstructs the OFH and original IP headers based on the information
cached in the AFV combined with the received information in the
OCH1/2. For non-atomic fragments, the OAL node then adds the
resulting OAL fragment to the reassembly cache if the Identification
is acceptable. Following OAL reassembly if necessary, the OAL node
delivers the original IP packet to the network layer.
For all OCH1/2 types, the source node sets all Reserved fields and
bits to 0 on transmission and the destination node ignores the values
on reception. For both OCH1/2, ECN information is compiled for first
fragments, and not for non-first fragments.
Finally, if an IPv6 Hop-by-Hop (HBH) and/or Routing Header extension
header is required to appear as per-fragment extensions with each OAL
fragment that uses OCH1 format (b) or OCH2 compression the OAL node
inserts an OMNI-HBH and/or OMNI-RH header as the first extension(s)
following the L2 header and before the OMNI-OCH1/2 as discussed in
Section 6.4.
6.6. L2 UDP/IP Encapsulation Avoidance
When the OAL node is unable to determine whether the next OAL hop is
connected to the same underlay link, it should perform carrier packet
L2 encapsulation for initial packets sent via the next hop over a
specific underlay interface by including full UDP/IP headers and with
the UDP port numbers set as discussed in Section 6.2. The node can
thereafter attempt to send an NS to the next OAL hop in carrier
packet(s) that omit the UDP header and set the IP protocol number to
TBD1. If the OAL node receives an NA reply, it can omit the UDP
header in subsequent packets. The node can further attempt to send
an NS in carrier packet(s) that omit both the UDP and IP headers and
set EtherType to TBD2. If the source receives an NA reply, it can
begin omitting both the UDP and IP headers in subsequent packets.
Note: in the above, "next OAL hop" refers to the first OAL node
encountered on the optimized path to the destination over a specific
underlay interface as determined through route optimization (e.g.,
see: [I-D.templin-6man-aero3]). The next OAL hop could be a Proxy/
Server, Gateway or the OAL destination itself.
Templin Expires 17 October 2024 [Page 50]
Internet-Draft IPv6 over OMNI Interfaces April 2024
6.7. OAL Identification Window Maintenance
The OAL encapsulates each original IP packet/parcel as an OAL packet
then performs fragmentation to produce one or more carrier packets
with the same 8-octet Identification value. In environments where
spoofing is not considered a threat, OMNI interfaces send OAL packets
with Identifications beginning with an unpredictable Initial Send
Sequence (ISS) value [RFC7739] monotonically incremented (modulo
2**64) for each successive OAL packet sent to either a specific
neighbor or to any neighbor. (The OMNI interface may later change to
a new unpredictable ISS value as long as the Identifications are
assured unique within a timeframe that would prevent the fragments of
a first OAL packet from becoming associated with the reassembly of a
second OAL packet.) In other environments, OMNI interfaces should
maintain explicit per-flow send and receive windows to detect and
exclude spurious carrier packets that might clutter the reassembly
cache as discussed below.
OMNI interface neighbors use a window synchronization service similar
to TCP [RFC9293] to maintain unpredictable ISS values incremented
(modulo 2**64) for each successive OAL packet and re-negotiate
windows often enough to maintain an unpredictable profile. OMNI
interface neighbors exchange IPv6 ND messages that include OMNI
Multilink Vector sub-options (see: Section 12.2.8) that include TCP-
like information fields and flags to manage streams of OAL packets
instead of streams of octets. As a link layer service, the OAL
provides low-persistence best-effort retransmission with no
mitigations for duplication, reordering or deterministic delivery.
Since the service model is best-effort and only control message
sequence numbers are acknowledged, OAL nodes can select unpredictable
new initial sequence numbers outside of the current window without
delaying for the Maximum Segment Lifetime (MSL).
OMNI interface end neighbors and intermediate systems maintain
current and previous per-flow window state in IPv6 ND NCEs and/or
AFVs to support dynamic rollover to a new window while still sending
OAL packets and accepting carrier packets from the previous windows.
OMNI interface neighbors synchronize windows through asymmetric and/
or symmetric IPv6 ND message exchanges. When OMNI end and
intermediate systems receive an IPv6 ND message with new per-flow
window information, it resets the previous window state based on the
current window then resets the current window based on new and/or
pending information.
Templin Expires 17 October 2024 [Page 51]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The IPv6 ND message OMNI option Multilink Vector sub-option includes
TCP-like information fields including Sequence Number,
Acknowledgement Number, Window and flags (see: Section 12). OMNI
interface neighbors and intermediate systems maintain the following
TCP-like state variables on a per-interface-pair basis (i.e., through
a combination of NCE and/or AFV state):
Send Sequence Variables (current, previous and pending)
SND.NXT - send next
SND.WND - send window
ISS - initial send sequence number
Receive Sequence Variables (current and previous)
RCV.NXT - receive next
RCV.WND - receive window
IRS - initial receive sequence number
OMNI interface neighbors "OAL A" and "OAL B" exchange IPv6 ND
messages per [RFC4861] with OMNI options that include TCP-like
information fields in a Multilink Vector. When OAL A synchronizes
with OAL B, it maintains both a current and previous SND.WND
beginning with a new unpredictable ISS and monotonically increments
SND.NXT for each successive OAL packet transmission. OAL A initiates
synchronization by including the new ISS in the Sequence Number of an
authentic IPv6 ND message with the SYN flag set and with Window set
to M (up to 2**24) as its advertised send window size while creating
a NCE in the INCOMPLETE state if necessary. OAL A caches the new ISS
as pending, uses the new ISS as the Identification for OAL
encapsulation, then sends the resulting OAL packet to OAL B and waits
up to RetransTimer milliseconds to receive an IPv6 ND message
response with the ACK flag set (retransmitting up to
MAX_UNICAST_SOLICIT times if necessary).
When OAL B receives the SYN, it creates a NCE in the STALE state and
also an AFV if necessary, resets its RCV variables and caches the
source's send window size M as its receive window size. OAL B then
prepares an IPv6 ND message with the ACK flag set, with the
Acknowledgement Number set to OAL A's next sequence number, and with
Window set to M. Since OAL B does not assert an ISS of its own, it
uses the IRS it has cached for OAL A as the Identification for OAL
encapsulation then sends the ACK to OAL A.
When OAL A receives the ACK, it notes that the Identification in the
OAL header matches its pending ISS. OAL A then sets the NCE state to
REACHABLE and resets its SND variables based on the Window size and
Acknowledgement Number (which must include the sequence number
Templin Expires 17 October 2024 [Page 52]
Internet-Draft IPv6 over OMNI Interfaces April 2024
following the pending ISS). OAL A can then begin sending OAL packets
to OAL B with Identification values within the (new) current SND.WND
for this interface pair for up to ReachableTime milliseconds or until
the NCE is updated by a new IPv6 ND message exchange. This implies
that OAL A must send a new SYN before sending more than N OAL packets
within the current SND.WND, i.e., even if ReachableTime is not
nearing expiration. After OAL B returns the ACK, it accepts carrier
packets received from OAL A via this interface pair within either the
current or previous RCV.WND as well as any new authentic NS/RS SYN
messages received from OAL A even if outside the windows.
OMNI interface neighbors can employ asymmetric window synchronization
as described above using 2 independent (SYN -> ACK) exchanges (i.e.,
a 4-message exchange), or they can employ symmetric window
synchronization using a modified version of the TCP "3-way handshake"
as follows:
* OAL A prepares a SYN with an unpredictable ISS not within the
current SND.WND and with Window set to M as its advertised send
window size. OAL A caches the new ISS and Window size as pending
information, uses the pending ISS as the Identification for OAL
encapsulation, then sends the resulting OAL packet to OAL B and
waits up to RetransTimer milliseconds to receive an ACK response
(retransmitting up to MAX_UNICAST_SOLICIT times if necessary).
* OAL B receives the SYN, then resets its RCV variables based on the
Sequence Number while caching OAL A's send window size M as its
receive window size. OAL B then selects a new unpredictable ISS
outside of its current window, then prepares a response with
Sequence Number set to the pending ISS and Acknowledgement Number
set to OAL A's next sequence number. OAL B then sets both the SYN
and ACK flags, sets Window to a chosen send window size N and sets
the OPT flag according to whether an explicit concluding ACK is
optional or mandatory. OAL B then uses the pending ISS as the
Identification for OAL encapsulation, sends the resulting OAL
packet to OAL A and waits up to RetransTimer milliseconds to
receive an acknowledgement (retransmitting up to
MAX_UNICAST_SOLICIT times if necessary).
* OAL A receives the SYN/ACK, then resets its SND variables based on
the Acknowledgement Number (which must include the sequence number
following the pending ISS). OAL A then resets its RCV variables
based on the Sequence Number and OAL B's advertised send Window N
and marks the NCE as REACHABLE. If the OPT flag is clear, OAL A
next prepares an immediate unsolicited NA message with the ACK
flag set, the Acknowledgement Number set to OAL B's next sequence
number, with Window set to N, and with the OAL encapsulation
Identification to SND.NXT, then sends the resulting OAL packet to
Templin Expires 17 October 2024 [Page 53]
Internet-Draft IPv6 over OMNI Interfaces April 2024
OAL B. If the OPT flag is set and OAL A has OAL packets queued to
send to OAL B, it can optionally begin sending their carrier
packets under the current SND.WND as implicit acknowledgements
instead of returning an explicit ACK.
* OAL B receives the implicit/explicit acknowledgement(s) then
resets its SND state based on the pending/advertised values and
marks the NCE as REACHABLE. Note that OAL B sets the OPT flag in
the SYN/ACK to assert that it will interpret timely receipt of
carrier packets within the (new) current window as an implicit
acknowledgement. Potential benefits include reduced delays and
control message overhead, but use case analysis is outside the
scope of this specification.)
Following synchronization, OAL A and OAL B hold updated NCEs and
AFVs, and can exchange OAL packets with Identifications set to
SND.NXT for each flow while the state remains REACHABLE and there is
available window capacity. (Intermediate systems that establish AFVs
for the per-flow window synchronization exchanges can also use the
Identification window for source validation.) Either neighbor may at
any time send a new SYN to assert a new ISS. For example, if OAL A's
current SND.WND for OAL B is nearing exhaustion and/or ReachableTime
is nearing expiration, OAL A can continue sending OAL packets under
the current SND.WND while also sending a SYN with a new unpredictable
ISS. When OAL B receives the SYN, it resets its RCV variables and
may optionally return either an asymmetric ACK or a symmetric SYN/ACK
to also assert a new ISS. While sending SYNs, both neighbors
continue to send OAL packets with Identifications set to the current
SND.NXT for each interface pair then reset the SND variables after an
acknowledgement is received.
While the optimal symmetric exchange is efficient, anomalous
conditions such as receipt of old duplicate SYNs can cause confusion
for the algorithm as discussed in Section 3.5 of [RFC9293]. For this
reason, the OMNI Multilink Vector sub-option includes an RST flag
which OAL nodes set in solicited NA responses to ACKs received with
incorrect acknowledgement numbers. The RST procedures (and
subsequent synchronization recovery) are conducted exactly as
specified in [RFC9293].
OMNI interfaces that employ the window synchronization procedures
described above observe the following requirements:
* OMNI interfaces MUST select new unpredictable ISS values that are
at least a full window outside of the current SND.WND.
* OMNI interfaces MUST set the Window field in SYN messages as a
non-negotiable advertised send window size.
Templin Expires 17 October 2024 [Page 54]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* OMNI interfaces MUST send IPv6 ND messages used for window
synchronization securely while using unpredictable initial
Identification values until synchronization is complete.
It is essential to understand that the above window synchronization
operations between nodes OAL(A) and OAL(B) are conducted in IPv6 ND
message exchanges over multihop paths with potentially many OAL(i)
intermediate hops in the forward and reverse paths (which may be
disjoint). Each such forward path OAL(i) caches the sequence number
and window size advertised from OAL(A) to OAL(B) in its AFV entry
indexed by the previous hop L2ADDR and AFVI, while each such reverse
path OAL(i) caches the sequence number, window size and AFVI
advertised from OAL(B) to OAL(A). (The forward/reverse path OAL(i)
nodes then select new unique next-hop AFVIs before forwarding.)
Note: Although OMNI interfaces employ TCP-like window synchronization
and support uNA ACK responses to SYNs, all other aspects of the IPv6
ND protocol (e.g., control message exchanges, NCE state management,
timers, retransmission limits, etc.) are honored exactly per
[RFC4861]. OMNI interfaces further manage per-interface-pair window
synchronization parameters in one or more AFVs for each neighbor
pair.
Note: Recipients of OAL-encapsulated IPv6 ND messages index the NCE
based on the message source address, which also determines the
carrier packet Identification window. However, IPv6 ND messages may
contain a message source address that does not match the OMNI
encapsulation source address when the recipient acts as a proxy.
Note: OMNI interface neighbors apply separate send and receive
windows for all of their (multilink) underlay interface pairs that
exchange carrier packets. Each interface pair represents a distinct
underlay network path, and the set of paths traversed may be highly
diverse when multiple interface pairs are used. OMNI intermediate
systems therefore become aware of each distinct set of interface pair
window synchronization parameters based on periodic IPv6 ND message
updates to their respective AFVs.
6.8. OAL Fragmentation Reports and Retransmissions
The OAL source should maintain a short-term cache of the OAL
fragments it sends to OAL destinations in case timely best-effort
selective retransmission is requested. The OAL destination in turn
maintains a checklist for (Source, Destination, Identification)-
tuples of recently received OAL fragments and notes the ordinal
numbers of OAL fragments already received (i.e., as ordinals #0, #1,
#2, #3, etc.). The timeframe for maintaining the OAL source and
destination caches determines the link persistence (see: [RFC3366]).
Templin Expires 17 October 2024 [Page 55]
Internet-Draft IPv6 over OMNI Interfaces April 2024
If the OAL destination notices some fragments missing after most
other fragments within the same link persistence timeframe have
already arrived, it may issue an Automatic Repeat Request (ARQ) with
Selective Repeat (SR) by sending a uNA message to the OAL source.
The OAL destination creates a uNA message with an OMNI option with
one or more Fragmentation Report (FRAGREP) sub-options that include
(Identification, Bitmap)-tuples for fragments received and missing
from this OAL source (see: Section 12). The OAL destination includes
an authentication signature if necessary, performs OAL encapsulation
(with the its own address as the OAL source and the source address of
the message that prompted the uNA as the OAL destination) and sends
the message to the OAL source.
If an OAL intermediate system or OAL destination processes an OAL
fragment for which corruption is detected, it may similarly issue an
immediate ARQ/SR the same as described above. The FRAGREP provides
an immediate (rather than time-bounded) indication to the OAL source
that a retransmission is required.
When the OAL source receives the uNA message, it authenticates the
message then examines any enclosed FRAGREPs. For each (Source,
Destination, Identification)-tuple, the OAL source determines whether
it still holds the corresponding OAL fragments in its cache and
retransmits any for which the Bitmap indicates a loss event. For
example, if the Bitmap indicates that ordinal fragments #3, #7, #10
and #13 from the OAL packet with Identification 0x0123456789abcdef
are missing the OAL source only retransmits those fragments. When
the OAL destination receives the retransmitted OAL fragments, it
admits them into the reassembly cache and updates its checklist. If
some fragments are still missing, the OAL destination may send a
small number of additional uNA ARQ/SRs within the link persistence
timeframe.
The OAL therefore provides a link layer low-to-medium persistence
ARQ/SR service consistent with [RFC3366] and Section 8.1 of
[RFC3819]. The service provides the benefit of timely best-effort
link layer retransmissions which may reduce OAL fragment loss and
avoid some unnecessary end-to-end delays. This best-effort network-
based service therefore compliments transport and higher layer end-
to-end protocols responsible for true reliability.
Templin Expires 17 October 2024 [Page 56]
Internet-Draft IPv6 over OMNI Interfaces April 2024
6.9. OMNI Interface MTU Feedback Messaging
When the OMNI interface forwards original IP packets/parcels from the
network layer, it invokes the OAL and returns internally-generated
Path MTU Discovery (PMTUD) ICMPv4 "Fragmentation Needed and Don't
Fragment Set" [RFC1191] or ICMPv6 "Packet Too Big (PTB)" [RFC8201]
messages as necessary. This document refers to both message types as
"PTBs" and introduces a distinction between PTB "hard" and "soft"
errors as discussed below.
Ordinary PTB messages are hard errors that always indicate loss due
to a real MTU restriction has occurred. However, the OMNI interface
can also forward original IP packets/packets via OAL encapsulation
and fragmentation while at the same time returning PTB soft error
messages (subject to rate limiting) to the original source to suggest
smaller sizes due to factors such as link performance
characteristics, number of fragments needed, reassembly congestion,
etc.
This ensures that the path MTU is adaptive and reflects the current
path used for a given data flow. The OMNI interface can therefore
continuously forward original IP packets/parcels without loss while
returning PTB soft error messages recommending a smaller size if
necessary. Original sources that receive the soft errors in turn
reduce the size of the original IP packets/parcels they send, i.e.,
the same as for hard errors but not necessarily due to a loss event.
The original source can then resume sending larger packets/parcels
without delay if the soft errors subside.
OAL destinations and intermediate systems may experience reassembly
cache congestion, and can return uNA messages to the OAL source that
include OMNI encapsulated PTB messages with a PTB soft error Code to
OAL sources that originate the fragments (subject to rate limiting).
The OAL node creates a uNA message with an authentication signature
and an OMNI option containing an ICMPv6 Error sub-option. The OAL
node encodes a PTB message in the sub-option with MTU set to a
reduced value and with the leading portion an OAL first fragment
containing the header of an original IP packet/parcel for which the
source must be notified (see: Section 12).
The OAL node that sends the uNA encapsulates the leading portion of
the OAL first fragment (beginning with the OAL header) in the PTB
"packet in error" field, signs the message if an authentication
signature is included, performs OAL encapsulation (with the its own
address as the OAL source and the source address of the message that
prompted the uNA as the OAL destination) and sends the message to the
OAL source.
Templin Expires 17 October 2024 [Page 57]
Internet-Draft IPv6 over OMNI Interfaces April 2024
When the OAL source receives a uNA message from an OAL intermediate
system, it can reduce its OFS estimate and begin sending smaller OAL
fragments and/or reduce its CFS estimate and begin sending smaller
carrier packet fragments. When the OAL source receives a uNA message
from the OAL destination, it sends a corresponding network layer PTB
soft error to the original source to recommend a smaller size.
The OAL source prepares the PTB soft error by first setting the Type
field to 2 for IPv6 [RFC4443] or TBD6 for IPv4 (see: IANA
considerations). The OAL source then sets the Code field to "PTB
Soft Error (no loss)" if the OAL destination forwarded the original
IP packet/parcel successfully or "PTB Soft Error (loss)" if it was
dropped (see: IANA considerations). The OAL source next sets the PTB
destination address to the original IP packet/parcel source, and sets
the source address to one of its OMNI interface addresses that is
reachable from the perspective of the original source.
The OAL source then sets the MTU field to a value smaller than the
original IP packet/parcel size but no smaller than 1280, writes as
much of the original IP packet/parcel first fragment as possible into
the "packet in error" field such that the entire PTB including the IP
header is no larger than 1280 octets for IPv6 or 576 octets for IPv4.
The OAL source then calculates and sets the ICMP Checksum and returns
the PTB to the original source.
An original sources that receives these PTB soft errors first
verifies that the ICMP Checksum is correct and the packet-in-error
contains the leading portion of one of its recent packet/parcel
transmissions. The original source can then adaptively tune the size
of the original IP packets/parcels it sends to produce the best
possible throughput and latency, with the understanding that these
parameters may fluctuate over time due to factors such as congestion,
mobility, network path changes, etc. Original sources should
therefore consider receipt or absence of soft errors as hints of when
decreasing or increasing packet/parcel sizes may provide better
performance.
The OMNI interface supports continuous transmission and reception of
packets/parcels of various sizes in the face of dynamically changing
network conditions. Moreover, since PTB soft errors do not indicate
a hard limit, original sources that receive soft errors can resume
sending larger packets/parcels without waiting for the recommended 10
minutes specified for PTB hard errors [RFC1191][RFC8201]. The OMNI
interface therefore provides an adaptive service that accommodates
MTU diversity especially well-suited for dynamic multilink networks.
Templin Expires 17 October 2024 [Page 58]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OMNI interface may also return PTB messages with Parcel Report
and/or Jumbo Report Codes in response to parcels and/or AJs delivered
by the network layer and forwarded through jumbo-in-jumbo
encapsulation. These Parcel/Jumbo Report messages are prepared the
same as for PTB soft errors discussed above. IP parcels and AJs are
discussed in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2].
6.10. OAL Super-Packets
The OAL source ordinarily includes a 40-octet IPv6 encapsulation
header for each original IP packet/parcel during OAL encapsulation.
The OAL source then performs fragmentation such that a copy of the
40-octet IPv6 header plus a 16-octet IPv6 Extended Fragment Header is
included in each OAL fragment (when a Routing Header is added, the
OAL encapsulation headers become larger still). However, these
encapsulations may represent excessive overhead in some environments.
OAL header compression as discussed in Section 6.5 can dramatically
reduce encapsulation overhead, however a complimentary technique
known as "packing" (see: [I-D.ietf-intarea-tunnels]) supports
encapsulation of multiple original IP packets/parcels and/or control
messages within a single OAL "super-packet".
When the OAL source has multiple original IP packets/parcels to send
to the same OAL destination with total length no larger than the OAL
destination EMTU_R, it can concatenate them into a super-packet
encapsulated in a single OAL header. Within the OAL super-packet,
the IP header of the first original IP packet/parcel (iHa) followed
by its data (iDa) is concatenated immediately following the OAL
header, then the IP header of the next original packet/parcel (iHb)
followed by its data (iDb) is concatenated immediately following the
first, etc. The OAL super-packet format is transposed from
[I-D.ietf-intarea-tunnels] and shown in Figure 14:
Templin Expires 17 October 2024 [Page 59]
Internet-Draft IPv6 over OMNI Interfaces April 2024
<------- Original IP packets ------->
+-----+-----+
| iHa | iDa |
+-----+-----+
|
| +-----+-----+
| | iHb | iDb |
| +-----+-----+
| |
| | +-----+-----+
| | | iHc | iDc |
| | +-----+-----+
| | |
v v v
+----------+-----+-----+-----+-----+-----+-----+
| OAL Hdr | iHa | iDa | iHb | iDb | iHc | iDc |
+----------+-----+-----+-----+-----+-----+-----+
<--- OAL "Super-Packet" with single OAL Hdr --->
Figure 14: OAL Super-Packet Format
When the OAL source prepares a super-packet, it applies OAL
fragmentation then applies L2 encapsulation/fragmentation and sends
the resulting carrier packets to the OAL destination. When the OAL
destination receives the super-packet it first reassembles if
necessary. The OAL destination then selectively extracts each
original IP packet/parcel (e.g., by setting pointers into the super-
packet buffer and maintaining a reference count, by copying each
packet into a separate buffer, etc.) and forwards each one to the
network layer. During extraction, the OAL determines the IP protocol
version of each successive original IP packet/parcel 'j' by examining
the 4 most-significant bits of iH(j), and determines the length of
each one by examining the rest of iH(j) according to the IP protocol
version.
When an OAL source prepares a super-packet that includes an IPv6 ND
message with an authentication signature as the first original IP
packet/parcel (i.e., iHa/iDa), it calculates the authentication
signature over the remainder of super-packet. Authentication and
integrity for forwarding initial data messages in conjunction with
IPv6 ND messages used to establish NCE state are therefore supported.
(A second common use case entails a path MTU probe beginning with an
unsigned IPv6 ND message followed by a suitably large NULL packet
(e.g., an IP packet with padding octets added beyond the IP header
and with {Protocol, Next Header} set to 59 ("No Next Header"), a UDP/
IP packet with port number set to '9' ("discard") [RFC0863], etc.)
Templin Expires 17 October 2024 [Page 60]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OAL source can also apply this super-packet packing technique at
the same time it performs OCH1 header compression as discussed in
Section 6.5. Note that this technique can only be applied when all
original IP packets are atomic packets with IP headers that differ
only in Payload Length, such as for a stream of packets for a single
flow that are queued for transmission service at roughly the same
time.
The OAL header of a super packet may also include a Parcel Payload
Option with AJ Type 0 if the total length of all payload packets/
parcels exceeds 65535 octets. In that case, the super-packet must be
forwarded as an atomic fragment over OAL paths that support such
large sizes.
6.11. OAL Bubbles
OAL sources may send NULL OAL packets known as "bubbles" for the
purpose of establishing Network Address Translator (NAT) state on the
path to the OAL destination. The OAL source prepares a bubble by
crafting an OAL header with appropriate IPv6 source and destination
ULAs, with the IPv6 Next Header field set to the value 59 ("No Next
Header" - see [RFC8200]) and with 0 or more octets of NULL protocol
data immediately following the IPv6 header.
The OAL source includes a random Identification value then
encapsulates the OAL packet in L2 headers destined to either the
mapped address of the OAL destination's first-hop ingress NAT or the
L2 address of the OAL destination itself. When the OAL source sends
the resulting carrier packet, any egress NATs in the path toward the
L2 destination will establish state based on the activity but the
bubble will be harmlessly discarded by either an ingress NAT on the
path to the OAL destination or by the OAL destination itself.
The bubble concept for establishing NAT state originated in [RFC4380]
and was later updated by [RFC6081]. OAL bubbles may be employed by
mobility services such as AERO.
6.12. OMNI Hosts
OMNI Hosts are end systems that connect to the OMNI link over ENET
underlay interfaces (i.e., either via an OMNI interface or as a
sublayer of the ENET interface itself). Each ENET connects to the
rest of the OMNI link via a Client that receives an MNP delegation.
Clients delegate MNP addresses and/or sub-prefixes to ENET nodes
(i.e., Hosts, other Clients, routers and non-OMNI hosts) using
standard mechanisms such as DHCP [RFC8415][RFC2131] and IPv6
Stateless Address AutoConfiguration (SLAAC) [RFC4862]. Clients
forward original IP packets/parcels between their ENET Hosts and
Templin Expires 17 October 2024 [Page 61]
Internet-Draft IPv6 over OMNI Interfaces April 2024
peers on external networks acting as routers and/or OAL intermediate
systems.
OMNI Hosts coordinate with Clients and/or other Hosts connected to
the same ENET using OMNI L2 encapsulation of OMNI IPv6 ND messages.
The L2 encapsulation headers and ND messages both use the MNP-based
addresses assigned to ENET underlay interfaces as source and
destination addresses (i.e., instead of ULAs). For IPv4 MNPs, the ND
messages use IPv4-Compatible IPv6 addresses [RFC4291] in place of the
IPv4 addresses.
Hosts discover Clients by sending encapsulated RS messages using an
OMNI link IP anycast address (or the unicast address of the Client)
as the RS L2 encapsulation destination as specified in Section 15.
The Client configures the IPv4 and/or IPv6 anycast addresses for the
OMNI link on its ENET interface and advertises the address(es) into
the ENET routing system. The Client then responds to the
encapsulated RS messages by sending an encapsulated RA message that
uses its ENET unicast address as the source. (To differentiate
itself from an INET border Proxy/Server, the Client sets the RA
message OMNI Interface Attributes sub-option LHS field to 0 for the
Host's interface index. When the RS message includes an L2 anycast
destination address, the Client also includes an Interface Attributes
sub-option for interface index 0 to inform the Host of its L2 unicast
address - see: Section 15 for full details on the RS and RA message
contents.)
Hosts coordinate with peer Hosts on the same ENET by sending
encapsulated NS messages to receive an NA reply. (Hosts determine
whether a peer is on the same ENET by matching the peer's IP address
with the MNP (sub)-prefix for the ENET advertised in the Client's RA
message [RFC8028].) Each ENET peer then creates a NCE and
synchronizes Identification windows the same as for OMNI link
neighbors, and the Host can then engage in OMNI link transactions
with the Client and/or other ENET Hosts. The Host therefore regards
the Client as if it were an ANET Proxy/Server, and the Client
provides the same services that a Proxy/Server would provide. By
coordinating with other Hosts, the peers can exchange large IP
packets/parcels over the ENET using encapsulation and fragmentation
if necessary.
When a Host prepares an original IP packet/parcel, it uses the IP
address of its OMNI interface (which is the same as the IP address of
the underlying native ENET interface) as the source and the IP
address of the (remote) peer as the destination. The Host next
performs parcellation if necessary (see: Section 6.13) then
encapsulates the packet(s)/(sub-)parcel(s) in OMNI L2 headers while
setting the L2 source to the L3 source address and L2 destination to
Templin Expires 17 October 2024 [Page 62]
Internet-Draft IPv6 over OMNI Interfaces April 2024
either the L3 destination address if the peer is on the local ENET,
or to the IP address of the Client otherwise. The Host can then
proceed to exchange packets/parcels with the destination, either
directly or via the Client as an intermediate system.
The encapsulation procedures are coordinated per Section 6.1, except
that the OMNI L2 encapsulation header is followed by an IPv6
(Extended) Fragment Header. When the L2 encapsulation is based on an
EUI or IPv4 address, the Host next translates the encapsulation
header into an IPv6 header with IPv6 compatible addresses per
Appendix B. Next, for IPv4 ENETs the Host sets the {IPv6 Traffic
Class, Payload Length, Next Header, Hop Limit} fields according to
the IPv4 {Type of Service, Total Length, Protocol, TTL} fields,
respectively and also sets Flow Label as specified in [RFC6438]. The
Host then applies IPv6 fragmentation to produce IPv6 fragments no
smaller than the effective OFS described in Section 6.1. The Host
next translates the IPv6 encapsulation headers back to OMNI L2
headers for the native ENET address format and with Type set to
indicate the presence of the L2 IPv6 (Extended) Fragment Header. The
Host finally sends the resultant carrier packets to the ENET peer.
When the ENET peer receives the carrier packets, it first translates
the OMNI L2 headers back to IPv6 headers with compatible addresses.
The peer then reassembles then removes the encapsulation headers and
applies parcel reunification if necessary. The peer then either
delivers the original IP packet/parcel to the transport layers if it
is also the final destination or forwards the packet/parcel via the
next hop if it is a Client acting as an intermediate system.
Hosts and Clients that initiate OMNI-based original IP packet/parcel
transactions should first test the path toward the final destination
using the parcel path qualification procedure specified in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2]. An OMNI
Host that sends and receives parcels need not implement the full OMNI
interface abstraction but MUST implement enough of the OAL to be
capable of fragmenting and reassembling maximum-length encapsulated
IP packets/parcels and sub-parcels as discussed above and in the
following section.
Note: Hosts and their peer Clients/Hosts on the same ANET/ENET can
improve efficiency by forwarding original IP packets/parcels that do
not require fragmentation as direct encapsulations within the OMNI L2
header and without including a L2 IPv6 (Extended) Fragment Header.
In that case, the first 4 bits immediately following the OMNI L2
encapsulation header encode the value '4' for IPv4 or '6' for IPv6.
Note that this savings comes at the expense of omitting a well-
behaved Identification, but this may be an acceptable tradeoff in
many secured ANET/ENET instances.
Templin Expires 17 October 2024 [Page 63]
Internet-Draft IPv6 over OMNI Interfaces April 2024
6.13. IP Parcels
IP parcels are formed by an OMNI Host or Client transport layer
protocol entity identified by the "5-tuple" (source address,
destination address, source port, destination port, protocol number)
when it produces a {TCP,UDP} protocol data unit containing the
concatenation of multiple transport layer protocol segments. The
transport layer protocol entity then presents the buffer and non-
final segment size to the network layer which appends a single
{TCP,UDP}/IP header (plus any extension headers) before presenting
the parcel to the OMNI Interface. Transport and network protocol
formatting and processing rules as well as parcellation and
reunification procedures for IP parcels are specified in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2], while
detailed OAL encapsulation and fragmentation procedures are specified
here.
When the network layer forwards a parcel, the OMNI interface invokes
the OAL which forwards it to either an intermediate system or the
final destination itself. The OAL source first invokes parcellation
by subdividing the parcel into sub-parcels if necessary with each
sub-parcel no larger than 65535 (minus headers). The OAL source also
maintains a Parcel ID for each sub-parcel of the same original parcel
that along with the Identification value for this OAL packet supports
reassembly; the OAL source increments Parcel ID (modulo 64) for each
successive parcel.
The OAL source next performs encapsulation on each sub-parcel with
destination set to the next hop address. If the next hop is reached
via a (M)ANET/INET interface, the OAL source inserts an OAL header
the same as discussed in Section 6.1 and sets the destination to the
ULA of the target Client. If the next hop is reached via an ENET
interface, the OAL source instead inserts an IP header of the
appropriate protocol version for the underlay ENET (i.e., even if the
encapsulation header is IPv4) and sets the destination to the ENET IP
address of the next hop. The OAL source inserts the encapsulation
header even if no actual fragmentation is needed and/or even if the
Parcel Payload Option is present.
The OAL source next assigns an appropriate Identification number that
is monotonically-incremented for each consecutive sub-parcel, then
performs IPv6 fragmentation over the sub-parcel if necessary to
create fragments small enough to traverse the path to the next hop.
(If the encapsulation header is IPv4, the OAL source first translates
the encapsulation header into an IPv6 header with IPv4-Compatible
IPv6 addresses during fragmentation/reassembly while inserting the
IPv6 Extended Fragment Header.) The OAL source then writes the
"Parcel ID" and sets/clears the "(P)arcel" and "More (S)egments" bits
Templin Expires 17 October 2024 [Page 64]
Internet-Draft IPv6 over OMNI Interfaces April 2024
in the Reserved field of the IPv6 Extended Fragment Header of the
first fragment (see: Figure 4). (The OAL source sets P to 1 for a
parcel or to 0 for a non-parcel. When P is 1, the OAL next sets S to
1 for non-final sub-parcels or to 0 if the sub-parcel contains the
final segment.) The OAL source then sends each resulting carrier
packet to the next hop, i.e., after first translating the IPv6
encapsulation header back to IPv4 if necessary.
When the OAL destination receives the carrier packets, it reassembles
if necessary (i.e., after first translating the IPv4 encapsulation
header to IPv6 if necessary). If the P flag in the first fragment is
0, the OAL destination then processes the reassembled entity as an
ordinary IP packet; otherwise it continues processing as a sub-
parcel. If the OAL destination is not the final destination, it can
optionally retain the sub-parcels along with their Parcel ID and
Identification values for a brief time for opportunistic
reunification with peer sub-parcels of the same original parcel
identified by the 4-tuple consisting of the adaptation layer (OAL
source, OAL destination, Parcel ID, Identification). (Note that the
OAL destination must not consult the parcel's network layer "5-tuple"
at the adaptation layer, since it is possible that multiple sub-
parcels of the same parcel may be forwarded over different network
paths).
The OAL destination performs adaptation layer reunification by
concatenating the segments included in sub-parcels with the same
Parcel ID and Identification values within 64 of one another to
create a larger sub-parcel possibly even as large as the entire
original (sub)parcel. Order of concatenation is determined by
increasing Identification values, noting that a sub-parcel that sets
any TCP control flags must occur as a first concatenation, and the
final sub-parcel (i.e., the one with S set to 0) must occur as a
final concatenation and not as an intermediate. The OAL destination
then appends common {TCP,UDP}/IP headers plus extensions to each
reunified sub-parcel as specified in
[I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2].
When the OAL destination is not the final destination, it next
forwards the reunified (sub-)parcel(s) to the next hop toward the
final destination while ensuring that the S flag remains set to 0 in
the sub-parcel that contains the final segment. When the parcel or
sub-parcels arrive at the final destination, it performs network
layer reunification to form the largest possible (sub)-parcels (while
honoring the S flag) then delivers them to the transport layer entity
which acts on the enclosed 5-tuple information supplied by the
original source.
Templin Expires 17 October 2024 [Page 65]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note: IP parcels may also originate from a non-OMNI original source
and travel over multiple parcel-capable IP links before reaching an
OMNI link ingress node (i.e., either a Client or Proxy/Server acting
as a "relay"). The ingress node then forwards the parcel into the
OMNI link according to the rules established above for locally-
generated parcels, with the exception that the parcel IP TTL/Hop
Limit is decremented. Similarly, when the IP parcel arrives at the
OMNI link egress node (i.e., either a Client or Proxy/Server acting
as a "relay"), the parcel may travel over multiple parcel-capable IP
links before reaching the final destination.
Note: The OAL destination process of reunifying parcels at the
adaptation layer is optional, and should be avoided in cases where
performance could be negatively impacted. It is always acceptable
(albeit sometimes sub-optimal) for the OAL destination to forward
sub-parcels on toward the final destination without performing
adaptation layer reunification, since each sub-parcel will contain a
well-formed header and an integral number of transport layer protocol
segments and with the Parcel ID field and P, S flag set
appropriately. The final destination can then optionally perform
network layer reunification independently of any adaptation layer
reunification that may have been applied by the OAL.
Note: The "Parcel ID" that appears in the OAL Extended Fragment
Header and OCH1/2 headers is an adaptation layer value that encodes
the same value for all sub-parcels of the original parcel at the
adaptation layer. This is different than the "(Parcel) Index" that
appears in the Parcel Payload Option header as well as L2/L3 IPv6
Extended Fragment Headers, which is a network layer value that
encodes a transport layer segment index.
Note: Parcel Path Qualification procedures require 2 additional ICMP
PTB message Code values to identify a Parcel Report and Jumbo Report.
These Code values are specified in [I-D.templin-6man-parcels2] for
IPv6 and [I-D.templin-intarea-parcels2] for IPv4.
6.14. OAL Requirements
In light of the above, OAL sources, destinations and intermediate
systems observe the following normative requirements:
* OAL sources MUST forward original IP packets/parcels either larger
than the OMNI interface minimum EMTU_R or smaller than the minimum
OFS as atomic fragments (i.e., and not as multiple fragments).
* OAL sources MUST perform OAL fragmentation such that all non-final
fragments are equal in length while the final fragment may be a
different length.
Templin Expires 17 October 2024 [Page 66]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* OAL sources MUST produce non-final fragments with payloads no
smaller than the minimum OFS during fragmentation.
* OAL intermediate systems SHOULD and OAL destinations MUST
unconditionally drop any non-final OAL fragments with payloads
smaller than the minimum OFS.
* OAL destinations MUST drop any new OAL fragments with offset and
length that would overlap with other fragments and/or leave holes
smaller than the minimum OFS between fragments that have already
been received.
Note: Under the minimum OFS, an ordinary 1500-octet original IP
packet/parcel would require at most 2 OAL fragments, with the first
fragment containing 1024 payload octets and the final fragment
containing the remainder. For all packet/parcel sizes, the
likelihood of successful reassembly may improve when the OMNI
interface sends all fragments of the same fragmented OAL packet
consecutively over the same underlay interface pair instead of spread
across multiple underlay interface pairs. Finally, an assured
minimum OFS allows continuous operation over all paths including
those that traverse bridged L2 media with dissimilar MTUs.
Note: Certain legacy network hardware of the past millennium was
unable to accept IP fragment "bursts" resulting from a fragmentation
event - even to the point that the hardware would reset itself when
presented with a burst. This does not seem to be a common problem in
the modern era, where fragmentation and reassembly can be readily
demonstrated at line rate (e.g., using tools such as 'iperf3') even
over fast links on ordinary hardware platforms. Even so, while the
OAL destination is reporting reassembly congestion (see: Section 6.9)
the OAL source could impose "pacing" by inserting an inter-fragment
delay and increasing or decreasing the delay according to congestion
indications.
6.15. OAL Fragmentation Security Implications
As discussed in Section 3.7 of [RFC8900], there are 4 basic threats
concerning IPv6 fragmentation; each of which is addressed by
effective mitigations as follows:
1. Overlapping fragment attacks - reassembly of overlapping
fragments is forbidden by [RFC8200]; therefore, this threat does
not apply to the OAL.
2. Resource exhaustion attacks - this threat is mitigated by
providing a sufficiently large OAL reassembly cache and
instituting "fast discard" of incomplete reassemblies that may be
Templin Expires 17 October 2024 [Page 67]
Internet-Draft IPv6 over OMNI Interfaces April 2024
part of a buffer exhaustion attack. The reassembly cache should
be sufficiently large so that a sustained attack does not cause
excessive loss of good reassemblies but not so large that (timer-
based) data structure management becomes computationally
expensive. The cache should also be indexed based on the arrival
underlay interface such that congestion experienced over a first
underlay interface does not cause discard of incomplete
reassemblies for uncongested underlay interfaces.
3. Attacks based on predictable fragment Identification values - in
environments where spoofing is possible, this threat is mitigated
through the use of Identification windows beginning with
unpredictable values per Section 6.7. By maintaining windows of
acceptable Identifications, OAL neighbors can quickly discard
spurious carrier packets that might otherwise clutter the
reassembly cache. The OAL additionally provides an integrity
check to detect corruption that may be caused by spurious
fragments received with in-window Identification values.
4. Evasion of Network Intrusion Detection Systems (NIDS) - since the
OAL source employs a robust OFS, network-based firewalls can
inspect and drop OAL fragments containing malicious data thereby
disabling reassembly by the OAL destination. However, since OAL
fragments may take different paths through the network (some of
which may not employ a firewall) each OAL destination must also
employ a firewall.
IPv4 includes a 2-octet (16-bit) Identification (IP ID) field with
only 65535 unique values such that even at moderate data rates the
field could wrap and apply to new carrier packets while the fragments
of old carrier packets using the same IP ID are still alive in the
network [RFC4963]. Carrier packets sent via an IPv4 path with DF set
to 0 and with trailing payload/reassembly checksum(s) therefore
ensure sufficient integrity to detect and discard reassembly errors.
Since IPv6 provides a 4-octet (32-bit) Identification value, IP ID
wraparound for IPv6 fragmentation may only be a concern at extreme
data rates (e.g., 1Tbps or more). Note that these limitations are
fully addressed through the Extended Identification format supported
by [I-D.templin-6man-ipid-ext2].
Fragmentation security concerns for large IPv6 ND messages are
documented in [RFC6980]. These concerns are addressed when the OMNI
interface employs the OAL instead of directly fragmenting the IPv6 ND
message itself. For this reason, OMNI interfaces MUST employ OAL
encapsulation and fragmentation for IPv6 ND messages larger than the
effective OFS for this OAL destination.
Templin Expires 17 October 2024 [Page 68]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Unless the path is secured at the network layer or below (i.e., in
environments where spoofing is possible), OMNI interfaces MUST NOT
send OAL packets/fragments with Identification values outside the
current window and MUST secure IPv6 ND messages used for address
resolution or window state synchronization. OAL destinations SHOULD
therefore discard without reassembling any out-of-window OAL
fragments received over an unsecured path.
6.16. Control/Data Plane Considerations
The above sections primarily concern data plane aspects of the OMNI
interface service and describe the data plane service model offered
to the network layer. OMNI interfaces also internally employ a
control plane service based on IPv6 Neighbor Discovery (ND)
messaging. These control plane messages must be sent over secured
underlay interfaces (e.g., IPsec tunnels, secured direct point-to-
point links, etc.) or over unsecured underlay interfaces and with an
authentication signature included. In both cases, the IPv6 minimum
MTU of 1280 octets must be assumed.
OMNI interfaces therefore send all control plane messages as "atomic
OAL packets" that are no larger than 1280 octets and do not include
an IPv6 Extended Fragment Header nor Compressed Routing Header (CRH)
in contrast to the data plane. This means that these messages must
not be subject to OAL fragmentation and reassembly, although they may
be subject to L2 fragmentation and reassembly along some paths.
7. Ethernet-Compatible Link Layer Frame Format
When the OMNI interface forwards original IP packets/parcels from the
network layer it first invokes OAL encapsulation and fragmentation,
then wraps each resulting OAL packet/fragment in any necessary L2
headers to produce carrier packets according to the native frame
format of the underlay interface. For example, for Ethernet-
compatible interfaces the frame format is specified in [RFC2464], for
aeronautical radio interfaces the frame format is specified in
standards such as ICAO Doc 9776 (VDL Mode 2 Technical Manual), for
various forms of tunnels the frame format is found in the appropriate
tunneling specification, etc.
When the OMNI interface encapsulates an OAL packet/fragment directly
over an Ethernet-compatible link layer, the over-the-wire
transmission format is shown in Figure 15:
+--- ~~~ ---+-------~~~------+---------~~~---------+--- ~~~ ---+
| eth-hdr | OMNI Ext. Hdrs | OAL Packet/Fragment | eth-trail |
+-- ~~~ ---+-------~~~------+---------~~~---------+--- ~~~ ---+
|<------- Ethernet Payload -------->|
Templin Expires 17 October 2024 [Page 69]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Figure 15: OMNI Ethernet Frame Format
The format includes a standard Ethernet Header ("eth-hdr") with
EtherType TBD2 (see: Section 24.2) followed by an Ethernet Payload
that includes zero or more OMNI Extension Headers followed by an OAL
(or native IPv6/IPv4) Packet/Fragment. The Ethernet Payload is then
followed by a standard Ethernet Trailer ("eth-trail").
The first OMNI extension header and the OAL Packet/Fragment both
begin with a 4-bit "Type/Version" as discussed in Section 6.2. When
"Type/Version" encodes an OMNI extension header type, the length of
the extension headers is limited by [I-D.ietf-6man-eh-limits] and the
length of the OAL Packet/Fragment is determined by the IP header
fields that follow the extension headers.
When "Type/Version" encodes OMNI-OFH, OMNI-OCH1/2, OMNI-IP4 or OMNI-
IP6 the length of the OAL Packet/Fragment is determined by the
{Total,Payload} Length field found in the full/compressed header
according to the specific protocol rules.
See Figure 2 for a map of the various L2 layering combinations
possible. For any layering combination, the final layer (e.g., UDP,
IP, Ethernet, etc.) must have an assigned number and frame format
representation that is compatible with the selected underlay
interface.
8. Link-Local Addresses (LLAs)
[RFC4861] requires that hosts and routers assign Link-Local Addresses
(LLAs) to all interfaces, and that routers use their LLAs as the
source address for RA and Redirect messages. Since the OMNI "link"
comprises the concatenation of potentially many OMNI link segments,
however, LLA uniqueness is ensured only on a per-segment basis and
not across the entire OMNI link. For example, a Proxy/Server and all
of the Client's that connect through it via a local *NET all share a
common link segment over which LLA uniqueness applies. However, the
LLAs used within a local *NET may overlap with those in other *NETs
which represent different OMNI link segments.
9. Unique-Local Addresses (ULAs)
OMNI link *NETs use IPv6 Unique-Local Addresses (ULAs) as the source
and destination addresses in IPv6 ND messages, OAL packet IPv6
encapsulation headers and native IPv6 packet headers forwarded within
the local *NET. ULAs are routable only within the scope of each
separate *NET, and are derived from the IPv6 prefix fd00::/8 (i.e.,
the ULA prefix fc00::/7 followed by the L bit set to 1). The 56 bits
following fd00::/8 encode a 40-bit Global ID followed by a 16-bit
Templin Expires 17 October 2024 [Page 70]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Subnet ID followed by a 64-bit Interface Identifier as specified in
Section 3 of [RFC4193].
When a Proxy/Server configures a ULA prefix for OMNI, it selects a
40-bit Global ID for the OMNI link initialized to a candidate pseudo-
random value as specified in Section 3 of [RFC4193]. All nodes on
the same OMNI link segment use the same Global ID, and statistical
uniqueness of the pseudo-random Global ID provides a unique OMNI link
identifier. This uniqueness allows different link segments to join
together in the future without requiring renumbering even if
different link segments come in contact with one another and overlap
(e.g., as a result of a mobility event).
Next, Proxy/Servers for each OMNI link segment assign 1x1 mapped ULA/
GUA SNP addresses for each Client that requests an address delegation
via the DHCPv6 service. The managed delegation of Client SNP
addresses ensures that no duplicate addresses will be assigned within
each subnet.
Proxy/Server interfaces assign the IPv6 ULA Subnet Router Anycast
(SRA) addresses fd00::/8 and fd{Global ID}::/48 and advertise the
addresses into their connected *NETs.
The ULA presents an IPv6 address format that is routable within the
local OMNI link segment and can be used to convey link-scoped (i.e.,
single-hop) IPv6 ND messages across multiple hops through OAL IPv6
encapsulation. The OMNI link extends across one or more underlying
Internetworks to include all Proxy/Servers and other service nodes.
All Clients are also considered to be connected to the OMNI link,
however unnecessary encapsulations are omitted whenever possible to
conserve bandwidth (see: Section 14).
10. Global Unicast Addresses (GUAs)
OMNI domains manage Mobility Service Prefixes (MSPs) delegated from
the IP Global Unicast Address (GUA) prefix space [RFC4291] from which
the Mobility Service (MS) delegates Mobile Network Prefixes (MNPs) to
support Client PI addressing. OMNI Proxy Servers also assign Stable
Network Prefixes (SNPs) as separate prefix pairs to assign PA
internal (ULA) and external (GUA) addresses to Clients within their
local *NETs.
Templin Expires 17 October 2024 [Page 71]
Internet-Draft IPv6 over OMNI Interfaces April 2024
For IPv6, MNP prefixes are assigned by IANA [IPV6-GUA] and/or an
associated Regional Internet Registry (RIR) such that the OMNI link
can be interconnected to the global IPv6 Internet without causing
inconsistencies in the routing system. Instead of GUAs, an OMNI link
could use ULAs with the 'L' bit set to 0 (i.e., from the "ULA-C"
prefix fc00::/8) [RFC4193], however this would require IPv6 NAT if
the domain were ever connected to the global IPv6 Internet.
For IPv4, MNP prefixes are assigned by IANA [IPV4-GUA] and/or an
associated RIR such that the OMNI link can be interconnected to the
global IPv4 Internet without causing routing inconsistencies. An
OMNI *NET could instead use private IPv4 prefixes (e.g., 10.0.0.0/8,
etc.) [RFC3330], however this would require IPv4 NAT at the *NET
boundary. OMNI interfaces advertise IPv4 MSPs into IPv6 routing
systems as "6to4 prefixes" [RFC3056] (e.g., the IPv6 prefix for the
IPv4 MSP "V4ADDR/24" is 2002:V4ADDR::/40).
IPv4 routers that configure OMNI interfaces assign the IPv4 anycast
address TBD3 and advertise the prefix TBD3/N (see: IANA
Considerations) into the routing systems of their connected *NETs.
Proxy/Server OMNI interfaces configure global IPv6 SRA addresses per
[RFC4291] from their SNP GUA and accept packets addressed to the SRA
the same as for any IPv6 router. Proxy/Servers also configure the
global IPv6 SRA address for each MSP managed by this OMNI link and
accept packets addressed to the SRA on their internal interfaces to
support Client OMNI link discovery. Client OMNI interfaces configure
the IPv6 SRA corresponding to their MNP delegations.
OMNI interfaces use their IPv6 and IPv4 anycast addresses to support
Service Discovery in the spirit of [RFC7094], i.e., the addresses are
not intended for use in long-term transport protocol sessions.
Specific applications for OMNI IPv6 and IPv4 anycast addresses are
discussed throughout the document as well as in
[I-D.templin-6man-aero3].
11. Node Identification
OMNI Clients and Proxy/Servers that connect over open Internetworks
include a unique node identification value for themselves in the OMNI
options of their IPv6 ND messages (see: Section 12.2.3). An example
identification value alternative is the Host Identity Tag (HIT) as
specified in [RFC7401], while Hierarchical HITs (HHITs) [RFC9374] may
be more appropriate for mobile domains such as the Unmanned (Air)
Traffic Management (UTM) service for Unmanned Air Systems (UAS).
(Another example is the Universally Unique IDentifier (UUID)
[RFC4122] which can be self-generated by a node without supporting
infrastructure with very low probability of collision.)
Templin Expires 17 October 2024 [Page 72]
Internet-Draft IPv6 over OMNI Interfaces April 2024
When a Client is truly outside the context of any infrastructure, it
may have no addressing information at all. In that case, the Client
can use a (H)HIT as an IPv6 source/destination address for sustained
communications in Vehicle-to-Vehicle (V2V) and (multihop) Vehicle-to-
Infrastructure (V2I) scenarios. The Client can also propagate the
(H)HIT into the multihop routing tables of (collective) Mobile/
Vehicular Ad-hoc Networks (MANETs/VANETs) using only the vehicles
themselves as communications relays.
HHITs provide an especially useful construct since they appear as
properly-formed IPv6 GUAs and can therefore be assigned to
interfaces. Clients may assign an HHIT to their OMNI interface to
support peer-to-peer communications with other OMNI nodes that
configure HHITs within the same OMNI link segment without the need
for encapsulation. Clients may inject their HHIT into the local
routing system of each OMNI link segment, but Proxy/Servers must not
inject HHITs into the OMNI link global routing system.
12. Address Mapping - Unicast
OMNI interfaces maintain a network layer conceptual neighbor cache
per [RFC1256] or [RFC4861] the same as for any IP interface, and (for
IPv6) use the link-local address format specified in Section 8. The
network layer maintains state through static and/or dynamic Neighbor
Cache Entry (NCE) configurations.
Each OMNI interface also maintains a separate internal adaptation
layer conceptual neighbor cache that includes a NCE for the unique-
local address of each of its active OAL neighbors (see: Section 8).
For each peer NCE, OAL neighbors also maintain AERO Forwarding
Vectors (AFVs) which map per-interface-pair parameters. Throughout
this document, the terms "neighbor cache", "NCE" and "AFV" refer to
this OAL neighbor information unless otherwise specified.
IPv6 Neighbor Discovery (ND) [RFC4861] messages sent over OMNI
interfaces without OAL encapsulation observe the native underlay
interface Source/Target Link-Layer Address Option (S/TLLAO) format
(e.g., for Ethernet the S/TLLAO is specified in [RFC2464]). IPv6 ND
messages sent from within the OMNI interface using OAL encapsulation
do not include S/TLLAOs, but instead include a new option type that
encodes OMNI link-specific information. Hence, this document does
not define a new S/TLLAO format but instead defines a new option type
termed the "OMNI option" designed for these purposes. (Note that
OMNI interface IPv6 ND messages sent without encapsulation may
include both OMNI options and S/TLLAOs, but the information conveyed
in each is mutually exclusive.)
Templin Expires 17 October 2024 [Page 73]
Internet-Draft IPv6 over OMNI Interfaces April 2024
For each IPv6 ND message, the OMNI interface includes one or more
OMNI options (and any other ND message options) then completely
populates all option information. OMNI options should be padded when
necessary to ensure that they end on their natural 64-bit boundaries
the same as for any IPv6 ND message option.
If the OMNI interface includes an OMNI option with an authentication
signature, it first sets the signature field to 0 then calculates the
authentication signature beginning after the IPv6 ND message header
checksum field. The OMNI interface extends the calculation over the
entire length of the ND message (as well as any concatenated
extensions in the case of a super-packet) then writes the
authentication signature value into the appropriate OMNI
authentication sub-option field.
The OMNI interface then applies any non-OMNI authentication
signatures, calculates the IPv6 ND message checksum per [RFC4443]
beginning with a pseudo-header of the IPv6 header and writes the
value into the Checksum field. OMNI interfaces verify first
integrity then authenticity of each IPv6 ND message or super-packet
received, and process the message further only following successful
verification.
OMNI interface Clients such as aircraft typically have multiple
wireless data link types (e.g. satellite-based, cellular,
terrestrial, air-to-air directional, etc.) with diverse performance,
cost and availability properties. The OMNI interface would therefore
appear to have multiple L2 connections, and may include information
for multiple underlay interfaces in a single IPv6 ND message
exchange. OMNI interfaces manage their dynamically-changing
multilink profiles by including OMNI options in IPv6 ND messages as
discussed in the following subsections.
12.1. The OMNI Option
OMNI options appear in IPv6 ND messages formatted as shown in
Figure 16:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sub-Options ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 16: OMNI Option Format
In this format:
* Type is set to TBD4 (see: IANA Considerations).
Templin Expires 17 October 2024 [Page 74]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* Length is set to the number of 8-octet blocks in the option. The
value 0 is invalid, while the values 1 through 255 (i.e., 8
through 2040 octets, respectively) indicate the total length of
the OMNI option. If multiple OMNI option instances appear in the
same IPv6 ND message, the union of the contents of all OMNI
options is accepted unless otherwise qualified for specific sub-
options below.
* Sub-Options is a Variable-length field padded with Pad1/N sub-
options if necessary (see below) such that the complete OMNI
option is an integer multiple of 8 octets long. The Sub-Options
field contains zero or more sub-options as specified in
Section 12.2.
The OMNI option is included in OMNI interface IPv6 ND messages; the
option is processed by receiving interfaces that recognize it and
otherwise ignored. The OMNI interface processes all OMNI option
instances received in the same IPv6 ND message in the consecutive
order in which they appear. The OMNI option(s) included in each IPv6
ND message may include full or partial information for the neighbor.
The OMNI interface therefore retains the union of the information in
the most recently received OMNI options in the corresponding NCE.
12.2. OMNI Sub-Options
Each OMNI option includes a Sub-Options block containing zero or more
individual sub-options. Each consecutive sub-option is concatenated
immediately following its predecessor. All sub-options except Pad1
(see below) are in an OMNI-specific type-length-value (TLV) format
encoded as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| Sub-Type| Sub-Length | Sub-Option Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 17: Sub-Option Format
* Sub-Type is a 5-bit field that encodes the sub-option type. Sub-
option types defined in this document are:
Templin Expires 17 October 2024 [Page 75]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Sub-Option Name Sub-Type
Pad1 0
PadN 1
Node Identification 2
Authentication 3
Neighbor Control 4
Interface Attributes 5
Traffic Selector 6
Multilink Vector 7
Geo Coordinates 8
DHCPv6 Message 9
PIM-SM Message 10
HIP Message 11
QUIC-TLS Message 12
Fragmentation Report 13
ICMPv6 Error 14
Proxy/Server Departure 15
Sub-Type Extension 30
Figure 18
Sub-Types 16-29 are available for future assignment for major
protocol functions, while Sub-Type 30 supports scalable extension
to include other functions. Sub-Type 31 is reserved by IANA.
* Sub-Length is an 11-bit field that encodes the length of the Sub-
Option Data in octets.
* Sub-Option Data is a block of data with format determined by Sub-
Type and length determined by Sub-Length. Note that each sub-
option is concatenated consecutively with the previous and may
therefore begin and/or end on an arbitrary octet boundary.
The OMNI interface codes each sub-option with a 2-octet header that
includes Sub-Type in the most significant 5 bits followed by Sub-
Length in the next most significant 11 bits. Each sub-option encodes
a maximum Sub-Length value of 2038 octets minus the lengths of the
OMNI option header and any preceding sub-options. This allows ample
Sub-Option Data space for coding large objects (e.g., ASCII strings,
domain names, protocol messages, security codes, etc.), while a
single OMNI option is limited to 2040 octets the same as for any IPv6
ND option.
Templin Expires 17 October 2024 [Page 76]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The OMNI interface codes initial sub-options in a first OMNI option
instance and any additional sub-options in additional instances in
the same IPv6 ND message in the intended order of processing. If the
size of all OMNI options with their sub-options would cause the IPv6
ND message to exceed the OMNI interface MTU, the OMNI interface can
code any remaining sub-options in additional IPv6 ND messages.
The OMNI interface processes all OMNI options received in an IPv6 ND
message while skipping over and ignoring any unrecognized sub-
options. The OMNI interface processes the sub-options of all OMNI
option instances in the consecutive order in which they appear in the
IPv6 ND message, beginning with the first instance and continuing
through any additional instances to the end of the message. If an
individual sub-option length would cause processing to exceed the
OMNI option instance and/or IPv6 ND message lengths, the OMNI
interface accepts any sub-options already processed and ignores the
remainder of that instance. The interface then processes any
remaining OMNI option instances in the same fashion to the end of the
IPv6 ND message.
IPv6 ND messages that require OMNI authentication services MUST
include a Node Identification sub-option as the first sub-option of
the first OMNI option, and MUST include some form of authentication
(e.g., HMAC, HIP, QUIC, etc.) as the immediately next sub-option
whether in the same or different OMNI option. A single IPv6 ND
messages may include only one OMNI authentication service sub-option;
if multiple are included, the first sub-option is processed and all
others are ignored. The IPv6 ND message may also include non-OMNI
authentication options such as those specified in [RFC3971] or
[RFC8928] either instead of or in addition to an OMNI authentication
option. Nodes that receive IPv6 ND messages over unsecured
underlying networks first verify the IPv6 ND message checksum then
authenticate the message by processing any authentication options/
sub-options.
Note: large objects that exceed the maximum Sub-Option Data length
are not supported under the current specification; if this proves to
be limiting in practice, future specifications may define support for
fragmenting large sub-options across multiple OMNI options within the
same IPv6 ND message (or even across multiple IPv6 ND messages, if
necessary).
The following sub-option types and formats are defined in this
document:
12.2.1. Pad1
Templin Expires 17 October 2024 [Page 77]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+
| S-Type=0|x|x|x|
+-+-+-+-+-+-+-+-+
Figure 19: Pad1
* Sub-Type is set to 0. If multiple instances appear in OMNI
options of the same message all are processed.
* Sub-Type is followed by 3 'x' bits, set to any value on
transmission (typically all-zeros) and ignored on reception. Pad1
therefore consists of a single octet with the most significant 5
bits set to 0, and with no Sub-Length or Sub-Option Data fields
following.
If more than a single octet of padding is required, the PadN option,
described next, should be used, rather than multiple Pad1 options.
12.2.2. PadN
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| S-Type=1| Sub-length=N | N padding octets ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 20: PadN
* Sub-Type is set to 1. If multiple instances appear in OMNI
options of the same message all are processed.
* Sub-Length is set to N that encodes the number of padding octets
that follow.
* Sub-Option Data consists of N octets, set to any value on
transmission (typically all-zeros) and ignored on receipt.
When a proxy forwards an IPv6 ND message with OMNI options, it can
employ PadN to void any non-Pad1 sub-options that should not be
processed by the next hop by simply writing the value '1' over the
Sub-Type. When the proxy alters the IPv6 ND message contents in this
way, any included authentication and integrity checks are
invalidated. See: Appendix C for a discussion of IPv6 ND message
authentication and integrity.
12.2.3. Node Identification
The Node Identification sub-option includes a form of identification
for the node, and (when present) must appear as the first sub-option
of the first OMNI option in each IPv6 ND message.
Templin Expires 17 October 2024 [Page 78]
Internet-Draft IPv6 over OMNI Interfaces April 2024
At least one instance of the sub-option must be present in messages
that also include an OMNI authentication service sub-option. If
multiple instances appear in OMNI options of the same IPv6 ND message
the first instance of a specific ID-Type is processed and all other
instances of the same ID-Type are ignored. (It is therefore possible
for a single IPv6 ND message to convey multiple distinct Node
Identifications - each with a different ID-Type.)
The format and contents of the sub-option are shown in Figure 21:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=2| Sub-length=N | ID-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Node Identification Value (N-1 octets) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 21: Node Identification
* Sub-Type is set to 2. Multiple instances are processed as
discussed above.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow. The ID-Type field is always present; hence,
the maximum Node Identification Value length is limited by the
remaining available space in this OMNI option.
* ID-Type is a 1-octet field that encodes the type of the Node
Identification Value. The following ID-Type values are currently
defined:
- 0 - Universally Unique IDentifier (UUID) [RFC4122]. Indicates
that Node Identification Value contains a 16-octet UUID.
- 1 - Host Identity Tag (HIT) [RFC7401]. Indicates that Node
Identification Value contains a 16-octet HIT.
- 2 - Hierarchical HIT (HHIT) [RFC9374]. Indicates that Node
Identification Value contains a 16-octet HHIT.
- 3 - Network Access Identifier (NAI) [RFC7542]. Indicates that
Node Identification Value contains an (N-1)-octet NAI.
- 4 - Fully-Qualified Domain Name (FQDN) [RFC1035]. Indicates
that Node Identification Value contains an (N-1)-octet FQDN.
Templin Expires 17 October 2024 [Page 79]
Internet-Draft IPv6 over OMNI Interfaces April 2024
- 5 - IPv6 Address. Indicates that Node Identification contains
a 16-octet IPv6 address that is not a (H)HIT. The IPv6 address
type is determined according to the IPv6 addressing
architecture [RFC4291].
- 6 - 252 - Unassigned.
- 253 - 254 - reserved for experimentation, as recommended in
[RFC3692].
- 255 - reserved by IANA.
* Node Identification Value is an (N-1)-octet field encoded
according to the appropriate the "ID-Type" reference above.
OMNI interfaces code Node Identification Values used for DHCPv6
messaging purposes as a DHCP Unique IDentifier (DUID) using the
"DUID-EN for OMNI" format with enterprise number 45282 (see:
Section 24) as shown in Figure 22:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DUID-Type (2) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Enterprise Number (45282) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ID-Type | |
+-+-+-+-+-+-+-+-+ ~
~ Node Identification Value ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 22: DUID-EN for OMNI Format
In this format, the OMNI interface codes the ID-Type and Node
Identification Value fields from the OMNI sub-option following a
6-octet DUID-EN header, then includes the entire "DUID-EN for OMNI"
in a DHCPv6 message per [RFC8415].
12.2.4. Authentication
The Authentication sub-option includes a Hashed Message
Authentication Code (HMAC) computed according to [RFC2104] and
[RFC6234].
The Authentication sub-option is formatted as shown in Figure 23:
Templin Expires 17 October 2024 [Page 80]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=3| Sub-length=N | Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Hashed Message Authentication Code (HMAC) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 23: Authentication
* Sub-Type is set to 3. The Authentication sub-option must appear
at most once in any IPv6 ND message; if multiple instances appear
in OMNI options of the same message the first is processed and all
others are ignored.
* Sub-Length is set to N, i.e., the length of the option in octets
beginning immediately following the Sub-Length field and extending
to the end of the HMAC. The length of the HMAC is therefore
limited by the remaining available space for this sub-option.
* Type encodes the authentication algorithm type found in the IANA
"ICMPv6 Parameters - Trust Anchor Option (Type 15) Name Field"
registry, and determines the length of the HMAC. For example,
when Type is 3 the authentication algorithm is SHA-1 and the HMAC
is 160 bits (20 octets) in length, when Type is 5 the algorithm is
SHA-256 and the HMAC is 256 bits (32 octets) in length, etc. A
full list of available Types is found in the registry, which cites
[RFC6495] for several well-known Types. The Type value TBD7 is
reserved for the Edwards-Curve Digital Signature Algorithm (EdDSA)
(see IANA Considerations) with the HMAC (i.e., digital signature)
including 64 octets for Ed25519 or 114 octets for Ed448 per
[RFC8032].
* HMAC includes the Hashed Message Authentication Code or digital
signature for this IPv6 ND message with field length corresponding
to Type.
12.2.5. Neighbor Control
IPv6 ND messages used to manage neighbor relationships between
Clients and their Proxy/Servers (and also between Clients and their
peer Clients) include a Neighbor Control OMNI sub-option. Each IPv6
ND message includes at most one Neighbor Control sub-option which
must be specific to the underlying interface over which the ND
message is sent.
The Neighbor Control sub-option is formatted as follows:
Templin Expires 17 October 2024 [Page 81]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=4| Sub-length=4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|N|A|R|S|P| |
|U|R|P|N|C| Reserved |
|D|R|T|R|H| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 24: Neighbor Control
* Sub-Type is set to 4. If multiple instances appear in OMNI
options of the same message, the first is processed and all others
are ignored.
* Sub-Length is set to 4.
* Sub-Option Data includes a 4-octet neighbor control flags field.
Clients set the Neighbor Unreachability Detection (NUD), Address
Resolution Responder (ARR) and Report (RPT) flags in RS messages
to control the operation of their Proxy/Server neighbors as
discussed in Section 15. Nodes set the Synchronous (u)NA Required
(SNR) flag in non-solicitation IPv6 ND messages (i.e., solicited/
unsolicited NA/RA and Redirects) for which they require a
synchronous (but technically "unsolicited") NA reply (see:
[I-D.templin-6man-aero3]). OAL intermediate systems set the Path
Change (PCH) flag in uNA messages used to report a change in a
path established by multilink forwarding. The remaining flags are
Reserved and must be set to 0; future specifications may define
new flags.
12.2.6. Interface Attributes
The Interface Attributes sub-option provides neighbors with
forwarding information for the multilink conceptual sending algorithm
discussed in Section 14. Neighbors use the forwarding information to
select among potentially multiple candidate underlay interfaces that
can be used to forward carrier packets to the neighbor based on
factors such as traffic selectors and link metrics. Interface
Attributes further include link layer address information to be used
for either direct INET encapsulation for targets in the local SRT
segment or spanning tree forwarding for targets in remote SRT
segments.
OMNI nodes include Interface Attributes for some/all of a source or
target Client's underlay interfaces in NS/NA and uNA messages used to
publish Client information (see: [I-D.templin-6man-aero3]). At most
one Interface Attributes sub-option for each distinct ifIndex may be
included; if an IPv6 ND message includes multiple Interface
Templin Expires 17 October 2024 [Page 82]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Attributes sub-options for the same ifIndex, the first is processed
and all others are ignored. OMNI nodes that receive NS/NA messages
can use all of the included Interface Attributes and/or Traffic
Selectors to formulate a map of the prospective source or target node
as well as to seed the information to be populated in future neighbor
exchanges.
OMNI Clients and Proxy/Servers also include Interface Attributes sub-
options in RS/RA messages used to initialize, discover and populate
routing and addressing information. Each RS message MUST contain
exactly one Interface Attributes sub-option with an ifIndex
corresponding to the Client's underlay interface used to transmit the
message, and each RA message MUST echo the same Interface Attributes
sub-option with any (proxyed) information populated by the FHS Proxy/
Server to provide operational context.
When an FHS Proxy/Server receives an RS message destined to an
anycast L2 address, it MUST include an additional Interface
Attributes sub-option with ifIndex '0' that encodes its own unicast
L2 address relative to the Client's underlay interface in the
solicited RA response. Any additional Interface Attributes sub-
options that appear in RS/RA messages (i.e., besides those for the
Client's own ifIndex and ifIndex '0') are ignored.
The Interface Attributes sub-option is formatted as shown below:
Templin Expires 17 October 2024 [Page 83]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=5| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifIndex |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifProvider |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifMetric |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifGroup |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SRT | FMT | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~
~ LHS GUA/L2ADDR ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Traffic Selector Blocks ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...
Figure 25: Interface Attributes
* Sub-Type is set to 5. Multiple instances are processed as
discussed above.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow.
* Sub-Option Data contains an "Interface Attributes" option encoded
as follows:
- ifIndex is a 4-octet index value corresponding to a specific
underlay interface. Client OMNI interfaces MUST number each
distinct underlay interface with a non-zero ifIndex value
assigned by network management per [RFC2863] and include the
value in this field. The ifIndex value '0' denotes
"unspecified".
- ifType is a 4-octet type value corresponding to this underlay
interface. The value is coded per the 'IANAifType-MIB'
registry [http://www.iana.org].
Templin Expires 17 October 2024 [Page 84]
Internet-Draft IPv6 over OMNI Interfaces April 2024
- ifProvider is a 4-octet provider identifier corresponding to
this underlay interface. This document defines the single
provider identifier value '0' (undefined). Future documents
may define other values.
- ifMetric encodes a 4-octet interface metric. Lower values
indicate higher priorities, and the highest value indicates an
interface that should not be selected. The ifMetric setting
provides an instantaneous indication of the interface
bandwidth, link quality, signal strength, cost, etc.; hence,
its value may change in successive IPv6 ND messages.
- ifGroup is a 4-octet identifier for a Link Aggregation Group
(LAG) [IEEE802.1AX] corresponding to the underlay interface
identified by ifIndex. Interface attributes for ifIndex
members of the same group will encode the same value in
ifGroup. This document defines the single ifGroup value '0'
meaning "no group assigned". Future documents will specify the
setting of other values.
- SRT is a 1-octet Segment Routing Topology prefix length value
between 0 and 128 that determines the prefix length associated
with this sub-tree of the larger topology (which includes the
concatenation of one or more connected segments).
- FMT - a 1-octet "Forward/Mode/Type" code interpreted as
follows:
o The most significant 2 bits (i.e., "FMT-Forward" and "FMT-
Mode") are interpreted in conjunction with one another.
When FMT-Forward is clear, the LHS Proxy/Server performs OAL
reassembly and decapsulation to obtain the original IP
packet/parcel before forwarding. If the FMT-Mode bit is
clear, the LHS Proxy/Server then forwards the original IP
packet/parcel at L3; otherwise, it invokes the OAL to re-
encapsulate, re-fragment and sends the resulting carrier
packets to the Client via the selected underlay interface.
When FMT-Forward is set, the LHS Proxy/Server forwards
unmodified OAL fragments to the Client without reassembling.
If FMT-Mode is clear, all carrier packets destined to the
Client must always be sent via the LHS Proxy/Server;
otherwise the Client is eligible for direct forwarding over
the open INET where it may be located behind one or more
NATs.
Templin Expires 17 October 2024 [Page 85]
Internet-Draft IPv6 over OMNI Interfaces April 2024
o The next most significant 2 bits are reserved, and the value
encoded in the least significant 4 bits (i.e., "FMT-Type")
determines the type and length of the L2ADDR field. The
following values are currently defined:
+ 0 - L2ADDR is 0 octets in length and unused.
+ 1 - L2ADDR is 4 octets in length and encodes an IPv4
address.
+ 2 - L2ADDR is 6 octets in length and encodes an EUI-48
address [EUI].
+ 3 - L2ADDR is 8 octets in length and encodes an EUI-64
address [EUI].
+ 4 - L2ADDR is 16 octets in length and encodes an IPv6
address.
- LHS GUA/L2ADDR - encodes the 16 octet SNP IPv6 GUA of the node
relative to the LHS Proxy/Server followed by the L2ADDR field
formatted as above. When SRT and are both set to 0, the LHS
Proxy/Server is considered unspecified in this IPv6 ND message.
FMT, SRT and LHS together provide guidance for the OMNI
interface forwarding algorithm. Specifically, if LHS::/SRT is
located in the local OMNI link segment, then the source can
address the target Client either through its dependent Proxy/
Server or through direct encapsulation following NAT traversal
according to FMT. Otherwise, the target Client is located on a
different SRT segment and the path from the source must employ
a combination of route optimization and spanning tree hop
traversals. L2ADDR identifies the LHS Proxy/Server's INET-
facing interface not located behind NATs, therefore no UDP port
number is included since port number 8060 is used when the L2
encapsulation includes a UDP header. Instead, L2ADDR includes
only an L2 address with type and length determined by FMT-Type
as described above. When L2ADDR includes an IPv4 or IPv6
address, it is recorded in network byte order in ones-
compliment "obfuscated" form per [RFC4380].
- Traffic Selector Blocks(s) - zero or more Traffic Selector
blocks follow, with their total length determined by the number
of octets remaining in the Interface Attributes sub-option
beyond the end of the LHS Proxy/Server information. Each
Traffic Selector block is formatted the same as specified in
Section 12.2.7 and processed consecutively, with its length
subtracted from the remaining length of the Interface
Attributes sub-option.
Templin Expires 17 October 2024 [Page 86]
Internet-Draft IPv6 over OMNI Interfaces April 2024
12.2.7. Traffic Selector
The Traffic Selector sub-option provides forwarding information for
the multilink conceptual sending algorithm discussed in Section 14.
The sub-option includes traffic selector information per [RFC6088] as
ancillary information for an Interface Attributes sub-option with the
same ifIndex value, or as discrete information for the included
ifIndex when no Interface Attributes sub-option is present.
IPv6 ND messages may include multiple Traffic Selectors for some or
all of the source/target Client's underlay interfaces (see:
[I-D.templin-6man-aero3] for further discussion). Traffic Selectors
must be honored by all implementations in the format shown below:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=6| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ifIndex |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TS Length | TS Format |A|B|C|D|E|F|G|H|I|J|K|L|M|N|RES|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (A)Start Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (B)End Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (C)Start Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (D)End Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (E)Start IPsec SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (F)End IPsec SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (G)Start Source port | (H)End Source port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (I)Start Destination port | (J)End Destination port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (K)Start DS | (L)End DS |(M)Start Prot. | (N) End Prot. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Additional Traffic Selector Blocks ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...
Figure 26: Traffic Selector
Templin Expires 17 October 2024 [Page 87]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* Sub-Type is set to 6. Multiple instances with the same or
different ifIndex values may appear in the same IPv6 ND message.
When multiple instances appear, all are processed and the
cumulative information from all is accepted.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow.
* Sub-Option data begins with a 4-octet ifIndex value corresponding
to a specific underlay interface.
* The remainder of Sub-Option Data contains one or more "Traffic
Selector" blocks for this ifIndex that each begin with 1-octet "TS
Length" and "TS Format" fields. TS length encodes the combined
lengths of the TS* fields plus the Traffic Selector body that
follows (i.e. a value between 2-255 octets). When TS Format
encodes the value 1 or 2, the Traffic Selector body encodes an
IPv4 or IPv6 traffic selector per [RFC6088] beginning with 16 flag
bits ("A-N" plus 2 "Reserved"); when TS Format encodes any other
value the Traffic Selector block is skipped and processing resumes
beginning with the next Traffic Selector block (if any). The
Traffic Selector block elements then appear immediately after the
flags (with no 16-bit Reserved field included) and encode the
information corresponding to any set flag bit(s) in order the same
as specified in [RFC6088]. Each included Traffic Selector block
is processed consecutively, with its length subtracted from the
remaining sub-option length until all blocks are processed. If
the length of any Traffic Selector block would exceed the
remaining length for the entire sub-option, the remainder of the
sub-option is ignored.
12.2.8. Multilink Vector
Clients and their correspondents exchange NS/NA messages to populate
AERO Forwarding Vector (AFV) state in OAL intermediate and end
systems in the path between their respective underlay interfaces.
The Multilink Vector sub-option provides the necessary information
allowing OAL intermediate and end systems in the path to establish
(multilink) vectors to support future packet forwarding.
The NS/NA message used to initiate AFV state is termed the
"initiator" and the responsive NA message is termed the "responder",
i.e., in some cases the "initiator" may be an NA response to an NS.
Each IPv6 NS/NA message may contain at most one Multilink Vector sub-
option; if multiple are present, the first is processed and all
others are ignored.
The Multilink Vector sub-option is formatted as follows:
Templin Expires 17 October 2024 [Page 88]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=7| Sub-length=32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FHS ifIndex |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LHS ifIndex |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AERO Forwarding Vector Index (AFVI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Sequence Number ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Acknowledgment Number ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|R|A|O|R|S|T| |
|E|E|E|C|P|S|Y|S| Window |
|S|S|S|K|T|T|N|T| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 27: Multilink Vector
* Sub-Type is set to 7. If multiple instances appear in OMNI
options of the same message, the first is processed and all others
are ignored.
* Sub-Length is set to 32.
* the first 4 octets of Sub-Option Data include the 4-octet ifIndex
of the First-Hop Segment (FHS) node, and corresponds to an
initiator node that includes window control flags with SYN set and
ACK not set or with ACK set and SYN not set (see below).
* the next 4 octets include the 4-octet ifIndex of the Last-Hop
Segment (LHS) node, and corresponds to a responder node that
includes window control flags with both SYN and ACK set - see
below.
* the next 4 octets includes the AERO Forwarding Vector Index (AFVI)
that the initiator/responder provides to the next OAL hop. When
the SYN flag is set, the next hop records this AFVI in an AERO
Forwarding Information Base (AFIB) AERO Forwarding Vector (AFV)
indexed by both the previous hop L2 address and the AFVI. The
next hop then rewrites the NS/NA AFVI field to one of its own
chosen values and forwards the message to the following OAL hop.
When the SYN flag is not set, the next hop instead uses the NS/NA
Templin Expires 17 October 2024 [Page 89]
Internet-Draft IPv6 over OMNI Interfaces April 2024
AFVI value to verify that an AFV already exists without creating a
new one, then resets the NS/NA AFVI to its cached value for the
following OAL hop. The manner for populating AFV information is
specified in further detail in [I-D.templin-6man-aero3].
* the final 20 octets of Sub-Option Data is modeled from the
Transmission Control Protocol (TCP) header specified in
Section 3.1 of [RFC9293]. The field is formatted as an 8-octet
Sequence Number, followed by an 8-octet Acknowledgement Number,
followed by a 1-octet flags field followed by a 3-octet Window
size. The TCP (ACK, RST, SYN) flags are used for TCP-like window
synchronization, while the TCP (CWR, ECE, URG, PSH, FIN) flags are
unused. The OPT flag (discussed in Section 6.7) is an OMNI-
specific replacement for the TCP PSH flag, the TST flag (discussed
in [I-D.templin-6man-aero3] is an OMNI-specific replacement for
the TCP FIN flag and the 3 remaining unused flags appear as
reserved (RES). Together, these fields support the OAL window
synchronization services specified in Section 6.7.
12.2.9. Geo Coordinates
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=8| Sub-length=N | Geo Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Geo Coordinates ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 28: Geo Coordinates
* Sub-Type is set to 8. If multiple instances appear in OMNI
options of the same message all are processed.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow.
* Geo Type is a 1-octet field that encodes a type designator that
determines the format and contents of the Geo Coordinates field
that follows. The following types are currently defined:
- 0 - NULL, i.e., the Geo Coordinates field is zero-length.
* Geo Coordinates is a type-specific format field of length up to
the remaining available space for this OMNI option. New formats
to be specified in future documents and may include attributes
such as latitude/longitude, altitude, heading, speed, etc.
Templin Expires 17 October 2024 [Page 90]
Internet-Draft IPv6 over OMNI Interfaces April 2024
12.2.10. Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Message
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) sub-option
may be included in the OMNI options of Client RS messages and Proxy/
Server RA messages.
Note that OMNI DHCPv6 messages do not include a Checksum field since
integrity is protected by the IPv6 ND message checksum,
authentication signature and/or link or physical layer authentication
and integrity checks.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| S-Type=9| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| msg-type | transaction-id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ DHCPv6 options ~
~ (variable number and length) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 29: DHCPv6 Message
* Sub-Type is set to 9. If multiple instances appear in OMNI
options of the same message the first is processed and all others
are ignored.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow. The 'msg-type' and 'transaction-id' fields
are always present; hence, the length of the DHCPv6 options is
limited by the remaining available space for this OMNI option.
* 'msg-type' and 'transaction-id' are coded according to Section 8
of [RFC8415].
* A set of DHCPv6 options coded according to Section 21 of [RFC8415]
follows.
12.2.11. PIM-SM Message
The Protocol Independent Multicast - Sparse Mode (PIM-SM) Message
sub-option may be included in the OMNI options of IPv6 ND messages.
PIM-SM messages are formatted as specified in Section 4.9 of
[RFC7761], with the exception that the Checksum field is omitted
since the IPv6 ND message is already protected by the IPv6 ND message
checksum, authentication signature and/or link or physical layer
authentication and integrity checks.
Templin Expires 17 October 2024 [Page 91]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The PIM-SM message sub-option format is shown in Figure 30:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=10| Sub-length=N |PIM Ver| Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ PIM-SM Message ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 30: PIM-SM Message Option Format
* Sub-Type is set to 10. If multiple instances appear in OMNI
options of the same message all are processed.
* Sub-Length is set to N, i.e., the length of the option in octets
beginning immediately following the Sub-Length field and extending
to the end of the PIM-SM message. The length of the entire PIM-SM
message is therefore limited by the remaining available space for
this OMNI option.
* The PIM-SM message is coded exactly as specified in Section 4.9 of
[RFC7761], except that the Checksum field is omitted, and the
Reserved field is set to 0 on transmission and ignored on
reception. The "PIM Ver" field encodes the value 2, and the
"Type" field encodes the PIM message type. (See Section 4.9 of
[RFC7761] for a list of PIM-SM message types and formats.)
12.2.12. Host Identity Protocol (HIP) Message
The Host Identity Protocol (HIP) Message sub-option (when present)
provides an authentication service alternative for IPv6 ND messages
exchanged between Clients and FHS Proxy/Servers (or between Clients
and their peers) over an open Internetwork. When the HIP service is
used, FHS Proxy/Servers verify the HIP authentication signatures in
source Client IPv6 ND messages then remove the HIP message sub-option
and securely forward the ND messages to other OMNI nodes. LHS Proxy/
Servers that receive secured IPv6 ND messages from other OMNI nodes
that do not already include a security sub-option can insert HIP
authentication signatures before forwarding them to the target
Client.
OMNI interfaces that use the HIP service include the HIP message sub-
option when they forward IPv6 ND messages that require security over
INET underlay interfaces, i.e., where authentication and integrity is
not already assured by link/physical layers or other OMNI layer
services. The OMNI interface calculates the authentication signature
over the entire length of the OAL packet (or super-packet) beginning
Templin Expires 17 October 2024 [Page 92]
Internet-Draft IPv6 over OMNI Interfaces April 2024
after the IPv6 ND message header and extending over the remainder of
the OAL packet or super-packet. OMNI interfaces that process OAL
packets containing secured IPv6 ND messages verify the signature then
either process the rest of the message locally or forward a proxyed
copy to the next hop.
When an FHS Client inserts a HIP message sub-option in an IPv6 ND
message destined to a target in a remote spanning tree segment, it
must ensure that the insertion does not cause the message to exceed
the OMNI interface MTU. If the LHS Proxy/Server cannot create
sufficient space through any means without causing the OMNI option to
exceed 2040 octets or causing the IPv6 ND message to exceed the OMNI
interface MTU, it returns a suitable error (see: Section 12.2.15) and
drops the message.
The HIP message sub-option is formatted as shown below:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=11| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| Packet Type |Version| RES.|1| Controls |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Sender's Host Identity Tag (HIT) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Receiver's Host Identity Tag (HIT) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ HIP Parameters ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 31: HIP Message
* Sub-Type is set to 11. If multiple instances appear in OMNI
options of the same message the first is processed and all others
are ignored.
* Sub-Length is set to N, i.e., the length of the option in octets
beginning immediately following the Sub-Length field and extending
to the end of the HIP parameters. The length of the entire HIP
message is therefore limited by the remaining available space for
this OMNI option.
Templin Expires 17 October 2024 [Page 93]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* The HIP message is coded per Section 5 of [RFC7401], except that
the OMNI "Sub-Type" and "Sub-Length" fields replace the first 2
octets of the HIP message header (i.e., the Next Header and Header
Length fields). Also, since the IPv6 ND message is already
protected by its own checksum, the 2-octet HIP message Checksum
field is omitted.
Note: In some environments, maintenance of a Host Identity Tag (HIT)
namespace may be unnecessary for securely associating an OMNI node
with an IPv6 address-based identity. In that case, IPv6 ULAs can be
used instead of HITs in the authentication signature as long as the
address can be uniquely associated with the Sender/Receiver.
12.2.13. QUIC-TLS Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=12| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ QUIC-TLS Message ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 32: QUIC-TLS Message
* Sub-Type is set to 12. If multiple instances appear in OMNI
options of the same IPv6 ND message, the first is processed and
all others are ignored.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow.
* The QUIC-TLS message [RFC9000][RFC9001][RFC9002] encodes the QUIC
and TLS message parameters necessary to support QUIC connection
establishment.
IPv6 ND messages serve as couriers to transport the QUIC and TLS
parameters necessary to establish a secured QUIC connection.
12.2.14. Fragmentation Report (FRAGREP)
Fragmentation Report (FRAGREP) sub-options may be included in the
OMNI options of uNA messages sent from an OAL destination to an OAL
source. The message consists of (N/16)-many (Identification,
Bitmap)-tuples which include the Identification values of OAL
fragments received plus a Bitmap marking the ordinal positions of
individual non-first fragments received and missing.
Templin Expires 17 October 2024 [Page 94]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=13| Sub-Length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+- Identification (0) (64 bits) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+- Bitmap (0) (64 bits) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+- Identification (1) (64 bits) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+- Bitmap (1) (64 bits) -+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
Figure 33: Fragmentation Report (FRAGREP)
* Sub-Type is set to 13. If multiple instances appear in OMNI
options of the same message all are processed.
* Sub-Length is set to N which must be a multiple of 16, i.e., the
combined lengths of each (Identification, Bitmap) pair beginning
immediately following the Sub-Length field and extending to the
end of the sub-option.
* Identification(i) includes the 8-octet Identification value found
in a received OAL fragment.
* Bitmap(i) includes a 64-bit checklist of up to 64 ordinal
fragments for this Identification, with each bit set to 1 for a
fragment received or 0 for a fragment corrupted, lost or still in
transit. For example, for a 20-fragment OAL packet with ordinal
fragments #3, #10, #13 and #17 missing or corrupted and all other
fragments received or still in transit, Bitmap(i) encodes the
following:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
|1|1|1|0|1|1|1|1|1|1|0|1|1|0|1|1|1|0|1|1|0|0|0|...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 34
Templin Expires 17 October 2024 [Page 95]
Internet-Draft IPv6 over OMNI Interfaces April 2024
12.2.15. ICMPv6 Error
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=14| Sub-length=N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ ICMPv6 Error Message Body ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 35: ICMPv6 Error
* Sub-Type is set to 14. If multiple instances appear in OMNI
options of the same IPv6 ND message all are processed.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow.
* Sub-Option Data includes an N-octet ICMPv6 Error Message body
encoded exactly as per Section 2.1 of [RFC4443], i.e., with the
IPv6 header omitted. OMNI interfaces include as much of the
"packet in error" in the ICMPv6 error message body as possible
without causing the IPv6 ND message that includes the OMNI option
to exceed the IPv6 minimum MTU. While all ICMPv6 error message
types are supported, OAL destinations in particular often include
ICMPv6 PTB messages in uNA messages to provide MTU feedback
information via the OAL source (see: Section 6.9). Note: ICMPv6
informational messages must not be included and must be ignored if
received.
12.2.16. Proxy/Server Departure
OMNI Clients include a Proxy/Server Departure sub-option in RS
messages when they associate with a new FHS and/or MAP Proxy/Server
and need to send a departure indication to an old FHS and/or MAP
Proxy/Server. The Proxy/Server Departure sub-option is formatted as
shown below:
Templin Expires 17 October 2024 [Page 96]
Internet-Draft IPv6 over OMNI Interfaces April 2024
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=15| Sub-length=32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Old FHS Proxy/Server GUA (16 octets) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Old MAP Proxy/Server GUA (16 octets) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 36: Proxy/Server Departure
* Sub-Type is set to 15. If multiple instances appear in OMNI
options of the same message, the first is processed and all others
are ignored.
* Sub-Length is set to 32.
* Sub-Option Data contains the 16-octet GUA for the "Old FHS Proxy/
Server" followed by a 16-octet GUA for an "Old MAP Proxy/Server.
If the Old FHS/MAP is a different node, the corresponding GUA
includes the address of the (foreign) Proxy/Server. If the Old
FHS/MAP is the local node, the corresponding GUA includes the
node's own address. If the FHS/MAP is unspecified, the
corresponding GUA instead includes the value "::/128".
12.2.17. Sub-Type Extension
Since the Sub-Type field is only 5 bits in length, future
specifications of major protocol functions may exhaust the remaining
Sub-Type values available for assignment. This document therefore
defines Sub-Type 30 as an "extension", meaning that the actual sub-
option type is determined by examining a 1-octet "Extension-Type"
field immediately following the Sub-Length field. The Sub-Type
Extension is formatted as shown in Figure 37:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=30| Sub-length=N | Extension-Type|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Extension-Type Body ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 37: Sub-Type Extension
Templin Expires 17 October 2024 [Page 97]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* Sub-Type is set to 30. If multiple instances appear in OMNI
options of the same message all are processed, where each
individual extension defines its own policy for processing
multiple of that type.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow. The Extension-Type field is always present,
and the maximum Extension-Type Body length is limited by the
remaining available space in this OMNI option.
* Extension-Type contains a 1-octet Sub-Type Extension value between
0 and 255.
* Extension-Type Body contains an (N-1)-octet block with format
defined by the given extension specification.
Extension-Type values 0 and 1 are defined in the following
subsections, while Extension-Type values 2 through 252 are available
for assignment by future specifications which must also define the
format of the Extension-Type Body and its processing rules.
Extension-Type values 253 and 254 are reserved for experimentation,
as recommended in [RFC3692], and value 255 is reserved by IANA.
12.2.17.1. RFC4380 Header Extension Option
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=30| Sub-length=N | Ext-Type=0 | Header Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Header Option Value ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 38: RFC4380 Header Extension Option (Extension-Type 0)
* Sub-Type is set to 30.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow. The Extension-Type and Header Type fields are
always present, and the Header Option Value is limited by the
remaining available space in this OMNI option.
* Extension-Type is set to 0. Each instance encodes exactly one
header option per Section 5.1.1 of [RFC4380], with Ext-Type and
Header Type representing the first 2 octets of the option. If
multiple instances of the same Header Type appear in OMNI options
of the same message the first instance is processed and all others
are ignored.
Templin Expires 17 October 2024 [Page 98]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* Header Type and Header Option Value are coded exactly as specified
in Section 5.1.1 of [RFC4380]; the following types are currently
defined:
- 0 - Origin Indication (IPv4) - value coded as a UDP port number
followed by a 4-octet IPv4 address both in "obfuscated" form
per Section 5.1.1 of [RFC4380].
- 1 - Authentication Encapsulation - value coded per
Section 5.1.1 of [RFC4380].
- 2 - Origin Indication (IPv6) - value coded as a UDP port number
followed by an IP address both in "obfuscated" form per
Section 5.1.1 of [RFC4380], except that the IP address is a
16-octet IPv6 address instead of a 4-octet IPv4 address.
* Header Type values 3 through 252 are available for assignment by
future specifications, which must also define the format of the
Header Option Value and its processing rules. Header Type values
253 and 254 are reserved for experimentation, as recommended in
[RFC3692], and value 255 is reserved by IANA.
12.2.17.2. RFC6081 Trailer Extension Option
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S-Type=30| Sub-length=N | Ext-Type=1 | Trailer Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Trailer Option Value ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 39: RFC6081 Trailer Extension Option (Extension-Type 1)
* Sub-Type is set to 30.
* Sub-Length is set to N that encodes the number of Sub-Option Data
octets that follow. The Extension-Type and Trailer Type fields
are always present, and the maximum-length Trailer Option Value is
limited by the remaining available space in this OMNI option.
* Extension-Type is set to 1. Each instance encodes exactly one
trailer option per Section 4 of [RFC6081]. If multiple instances
of the same Trailer Type appear in OMNI options of the same
message the first instance is processed and all others ignored.
Templin Expires 17 October 2024 [Page 99]
Internet-Draft IPv6 over OMNI Interfaces April 2024
* Trailer Type and Trailer Option Value are coded exactly as
specified in Section 4 of [RFC6081]; the following Trailer Types
are currently defined:
- 0 - Unassigned
- 1 - Nonce Trailer - value coded per Section 4.2 of [RFC6081].
- 2 - Unassigned
- 3 - Alternate Address Trailer (IPv4) - value coded per
Section 4.3 of [RFC6081].
- 4 - Neighbor Discovery Option Trailer - value coded per
Section 4.4 of [RFC6081].
- 5 - Random Port Trailer - value coded per Section 4.5 of
[RFC6081].
- 6 - Alternate Address Trailer (IPv6) - value coded per
Section 4.3 of [RFC6081], except that each address is a
16-octet IPv6 address instead of a 4-octet IPv4 address.
* Trailer Type values 7 through 252 are available for assignment by
future specifications, which must also define the format of the
Trailer Option Value and its processing rules. Trailer Type
values 253 and 254 are reserved for experimentation, as
recommended in [RFC3692], and value 255 is reserved by IANA.
13. Address Mapping - Multicast
The multicast address mapping of the native underlay interface
applies. The Client mobile router also serves as an IGMP/MLD Proxy
for its ENETs and/or hosted applications per [RFC4605].
The Client uses Multicast Listener Discovery (MLDv2) [RFC3810] to
coordinate with Proxy/Servers, and underlay network elements use MLD
snooping [RFC4541]. The Client can also employ multicast routing
protocols to coordinate with network-based multicast sources as
specified in [I-D.templin-6man-aero3].
Since the OMNI link model is NBMA, OMNI links support link-scoped
multicast through iterative unicast transmissions to individual
multicast group members (i.e., unicast/multicast emulation).
Templin Expires 17 October 2024 [Page 100]
Internet-Draft IPv6 over OMNI Interfaces April 2024
14. Multilink Conceptual Sending Algorithm
The Client's network layer selects the outbound OMNI interface
according to SBM considerations when forwarding original IP packets/
parcels from local or ENET applications to external correspondents.
Each OMNI interface maintains an internal OAL neighbor cache
maintained the same as discussed in [RFC4861], but also includes
additional state for multilink coordination. Each Client OMNI
interface maintains default routes via Proxy/Servers discovered as
discussed in Section 15, and may configure more-specific routes
discovered through means outside the scope of this specification.
For each original IP packet/parcel it forwards, the OMNI interface
selects one or more source underlay interfaces based on PBM factors
(e.g., traffic attributes, cost, performance, message size, etc.) and
one or more target underlay interfaces for the neighbor based on
Interface Attributes received in IPv6 ND messages (see:
Section 12.2.5). Multilink forwarding may also direct carrier packet
replication across multiple underlay interface pairs for increased
reliability at the expense of duplication. The set of all Interface
Attributes and Traffic Selectors received in IPv6 ND messages
determines the multilink forwarding profile for selecting target
underlay interfaces.
When the OMNI interface forwards an original IP packet/parcel over a
selected source underlay interface, it first employs OAL
encapsulation and fragmentation as discussed in Section 5, then
performs L2 encapsulation as directed by the appropriate AFV. The
OMNI interface also performs L2 encapsulation (following OAL
encapsulation) when the nearest Proxy/Server is located multiple hops
away as discussed in Section 15.2.
OMNI interface multilink service designers MUST observe the BCP
guidance in Section 15 [RFC3819] in terms of implications for
reordering when original IP packets/parcels from the same flow may be
spread across multiple underlay interfaces having diverse properties.
14.1. Multiple OMNI Interfaces
Clients may connect to multiple independent OMNI links within the
same or different OMNI domains to support SBM. The Client configures
a separate OMNI interface for each link so that multiple interfaces
(e.g., omni0, omni1, omni2, etc.) are exposed to the network layer.
Each OMNI interface is configured over a separate set of underlying
interfaces and configures one or more OMNI anycast addresses (see:
Section 10); the Client injects the corresponding anycast prefixes
into the ENET routing system. Multiple distinct OMNI links can
therefore be used to support fault tolerance, load balancing,
Templin Expires 17 October 2024 [Page 101]
Internet-Draft IPv6 over OMNI Interfaces April 2024
reliability, etc.
Applications in ENETs can use Segment Routing to select the desired
OMNI interface based on SBM considerations. The application writes
an OMNI anycast address into the original IP packet/parcel's
destination address, and writes the actual destination (along with
any additional intermediate hops) into the Segment Routing Header.
Standard IP routing directs the packet/parcel to the Client's mobile
router entity, where the anycast address identifies the correct OMNI
interface for next hop forwarding. When the Client receives the
packet/parcel, it replaces the IP destination address with the next
hop found in the Segment Routing Header and forwards the message via
the OMNI interface identified by the anycast address.
Note: The Client need not configure its OMNI interface indexes in
one-to-one correspondence with the global OMNI Link-IDs configured
for OMNI domain administration since the Client's indexes (i.e.,
omni0, omni1, omni2, etc.) are used only for its own local interface
management.
14.2. Client-Proxy/Server Loop Prevention
After a Proxy/Server has registered an MNP for a Client (see:
Section 15), the Proxy/Server will forward all original IP packets/
parcels (or carrier packets) destined to an address within the MNP to
the Client. The Client will under normal circumstances then forward
the resulting original IP packet/parcel to the correct destination
within its connected (downstream) ENETs.
If at some later time the Client loses state (e.g., after a reboot),
it may begin returning original IP packets/parcels (or carrier
packets) with destinations corresponding to its MNP to the Proxy/
Server as its default router. The Proxy/Server therefore drops any
original IP packets/parcels received from the Client with a
destination address that corresponds to the Client's MNP (i.e.,
whether ULA or GUA), and drops any carrier packets with both source
and destination address corresponding to the same Client's MNP
regardless of their origin.
Proxy/Servers support "hair pinning" for packets with SNP source and
destination addresses that would convey useful data from a source SNP
Client to a target SNP Client both located in the same OMNI link
segment. Proxy/Servers support this hair pinning according to
[I-D.bctb-6man-rfc6296-bis], however ULA-to-ULA addressing between
peer nodes within the same OMNI link segment is preferred whenever
possible.
Templin Expires 17 October 2024 [Page 102]
Internet-Draft IPv6 over OMNI Interfaces April 2024
15. Router Discovery and Prefix Delegation
Clients engage their FHS Proxy/Servers and the MS by sending OAL
encapsulated RS messages with OMNI options under the assumption that
one or more Proxy/Server will process the message and respond. The
RS message is received by a FHS Proxy/Server, which may in turn
forward a proxyed copy to a MAP Proxy/Server located in a local or
remote SRT segment if the Client requires MNP service. The MAP
Proxy/Server then returns an OAL encapsulated RA message either
directly to the Client or via the original FHS Proxy/Server acting as
a proxy.
To support Client to service coordination, OMNI defines flag bits in
the OMNI Neighbor Control sub-option discussed in Section 12.2.5.
Clients set or clear the NUD, ARR and/or RPT flags in RS messages as
directives to the Mobility Service FHS/MAP Proxy/Servers. Proxy/
Servers interpret the flags as follows:
* When an FHS Proxy/Server forwards or processes an RS with the NUD
flag set, it responds directly to future NS Neighbor
Unreachability Detection (NUD) messages with the Client as the
target by returning NA(NUD) replies; otherwise, it forwards
NS(NUD) messages to the Client.
* When the MAP Proxy/Server receives an RS with the ARR flag set, it
responds directly to future NS Address Resolution (AR) messages
with the Client as the target by returning NA(AR) replies;
otherwise, it forwards NS(AR) messages to the Client.
* When the MAP Proxy/Server receives an RS with the RPT flag set, it
maintains a Report List of recent NS(AR) message sources for the
source or target Client and sends uNA messages to all list members
if any aspects of the Client's underlay interfaces change.
Mobility Service Proxy/Servers function according to the NUD, ARR and
RPT flag settings received in the most recent RS message to support
dynamic Client updates.
Clients and FHS Proxy/Servers include an authentication signature as
an OMNI sub-option in their RS/RA exchanges when necessary but always
include a valid IPv6 ND message checksum as the final step. FHS and
MAP Proxy/Server RS/RA message exchanges over the SRT secured
spanning tree instead always include the checksum and omit the
authentication signature. Clients and Proxy/Servers use the
information included in RS/RA messages to establish NCE state and
OMNI link autoconfiguration information as discussed in this section.
Templin Expires 17 October 2024 [Page 103]
Internet-Draft IPv6 over OMNI Interfaces April 2024
For each underlay interface, the Client sends RS messages with OMNI
options to coordinate with a (potentially) different FHS Proxy/Server
for each interface but typically with a limited set of MAP Proxy/
Servers (often only one). All Proxy/Servers are identified by their
ULA/GUA SRA addresses and accept carrier packets addressed to their
anycast/unicast L2ADDRs; the MAP Proxy/Server may be chosen among any
of the Client's FHS Proxy/Servers or may be any other Proxy/Server
for the OMNI link. Example ULA/L2ADDR discovery methods appear in
[RFC5214] and include data link login parameters, name service
lookups, static configuration, a DHCP option, a static "hosts" file,
etc. In the absence of other information, the Client can resolve the
DNS Fully-Qualified Domain Name (FQDN) "linkupnetworks.[domainname]"
where "linkupnetworks" is a constant text string and "[domainname]"
is a DNS suffix for the OMNI link (e.g., "example.com"). The name
resolution will return a set of DNS resource records with the
addresses of Proxy/Servers for the local OMNI link segment. When the
underlay *NET does not support standard unicast server-based name
resolution [RFC1035] the Client can engage a multicast service such
as mDNS [RFC6762] within the local OMNI link segment.
Each FHS Proxy/Server configures a SNP SRA ULA/GUA address pair for
the local link segment and advertises the GUA/L2ADDR combination for
discovery as above. The Client can then manage its own SNP ULA/GUA
addresses through DHCPv6 address autoconfiguration exchanges with FHS
Proxy/Servers. The FHS Proxy/Servers discovered over multiple of the
Client's underlay interfaces may configure the same or different SNP
SRA ULAs/GUAs, and the Client's ULA for each underlay interface will
fall within the ULA OMNI link segment relative to each FHS Proxy/
Server.
Clients configure OMNI interfaces that observe the properties
discussed in previous sections. The OMNI interface and its underlay
interfaces are said to be in either the "UP" or "DOWN" state
according to administrative actions in conjunction with the interface
connectivity status. An OMNI interface transitions to UP/DOWN
through administrative action and/or through underlay interface state
transitions. When a first underlay interface transitions to UP, the
OMNI interface also transitions to UP. When all underlay interfaces
transition to DOWN, the OMNI interface also transitions to DOWN.
When a Client OMNI interface transitions to UP, it sends RS messages
to register an initial set of underlay interfaces that are also UP
and to optionally register/request an MNP. The Client sends
additional RS messages to refresh lifetimes and to register/
deregister underlay interfaces as they transition to UP or DOWN. The
Client's OMNI interface sends initial RS messages over an UP underlay
interface with source set to an SNP ULA for the local OMNI link
segment if it has one (otherwise with source set to the unspecified
Templin Expires 17 October 2024 [Page 104]
Internet-Draft IPv6 over OMNI Interfaces April 2024
address ("::/128") per [RFC4861]) and with destination set to either
the SRA GUA of a specific (MAP) Proxy/Server or link-scoped All-
Routers multicast. The Client includes an OMNI option per Section 12
with a Neighbor Control sub-option with the RS NUD, ARR and RPT flags
set or cleared as necessary.
Clients in MANETs and open INET deployments also include a Multilink
Vector sub-option with "FHS ifIndex" set to the ifIndex of its own
underlay interface and with "LHS ifIndex" set to 0 (i.e., the default
ifIndex configured by all Proxy/Servers. The Client also sets AFVI
to 0, sets Sequence Number to a randomly-chosen 8-octet value and
sets the Flow Label in the IPv6 header to 0. The resulting exchange
will establish symmetric Identification windows for the Client and
Proxy/Server for use in authenticating control messages but without
establishing state in OAL intermediate nodes.
The Client next includes an Interface Attributes sub-option for the
underlay interface, a DHCPv6 Solicit sub-option with IA_NA and
(optionally) IA_PD DHCPv6 options, and with any other necessary OMNI
sub-options such as authentication, Proxy/Server Departure, etc. The
OMNI interface finally sets or clears the Interface Attributes FMT-
Forward and FMT-Mode bits according to the behavior it would like to
receive from the FHS Proxy/Server as described in Section 12.2.5.
The Client next prepares to forward the RS over the underlay
interface using OAL encapsulation. The OMNI interface first includes
a Nonce and/or Timestamp if necessary, then calculates and sets the
authentication signature if necessary followed by the RS message
checksum. The OMNI interface next sets the OAL source address to its
SNP ULA previously delegated by a Proxy/Server (otherwise to its
HHIT) and sets the OAL destination to fd00::/8 (i.e., the generic ULA
SRA address) or to a known Proxy/Server SNP SRA ULA. When L2
encapsulation is used, the Client next includes the discovered FHS
Proxy/Server L2ADDR or an anycast address as the L2 destination then
fragments if necessary and forwards the resulting carrier packet(s)
into the underlay network. Note that the Client does not yet create
a NCE, but instead caches the Nonce and/or Timestamp values included
in its RS message transmissions to match against any received RA
messages.
When an FHS Proxy/Server receives the carrier packets containing an
RS it performs L2 reassembly if necessary, sets aside the L2 and OAL
headers, then verifies the RS checksum/authentication signature. The
FHS Proxy/Server then creates/updates a NCE indexed by the RS ULA
source address unless unspecified; otherwise, indexed by the OAL
source address. The FHS Proxy/Server then caches the OMNI Interface
Attributes and any Traffic Selector sub-options while also caching
the L2 (UDP/IP) and OAL source and destination address information.
Templin Expires 17 October 2024 [Page 105]
Internet-Draft IPv6 over OMNI Interfaces April 2024
The FHS Proxy/Server then examines the OMNI DHCPv6 sub-option and
looks for DHCPv6 IA_NA options. If any IA_NA options are present,
the FHS Proxy/Server coordinates with the local DHCPv6 server to
either allocate new SNP GUA/ULA pairs or extend the lease lifetime
for existing SNP GUA/ULA pairs for the Client. The FHS Proxy/Server
next caches the SNP GUA/ULA in the (newly-created) NCE, then caches
the RS Neighbor Control NUD flag and Multilink Vector parameters if
present (see: Section 12.1) and examines the RS destination address.
If the destination matches one of its own unicast/anycast addresses
and the OMNI DHCPv6 sub-option includes one or more DHCPv6 IA_PD
options, the FHS Proxy/Server assumes the MAP role and acts as a
default router entry point for injecting the Client's MNP(s) into the
OMNI link routing system (i.e., after performing any necessary prefix
delegation operations). The FHS/MAP Proxy/Server then caches the RS
ARR and RPT flags to determine its role in processing NS(AR) messages
and generating uNA messages (see: Section 12.1).
The FHS/MAP Proxy/Server then prepares to return an RA message
directly to the Client by first populating the Cur Hop Limit, Flags,
Router Lifetime, Reachable Time and Retrans Timer fields with values
appropriate for the OMNI link. The FHS/MAP Proxy/Server next
includes as the first RA message option an OMNI option with a
Neighbor Control sub-option and a responsive Multilink Vector sub-
option with AFVI set to 0 and with responsive window synchronization
information. The FHS/MAP Proxy/Server also includes an
authentication sub-option if necessary and a (proxyed) copy of the
Client's original Interface Attributes sub-option with its INET-
facing interface information written in the FMT, SRT and LHS Proxy/
Server GUA/L2ADDR fields. The Proxy/Server also includes a DHCPv6
Reply sub-option with any IA_NA/IA_PD options that have been
processed/populated by the DHCPv6 exchange(s).
The FHS/MAP Proxy/Server next sets or clears the FMT-Forward and FMT-
Mode flags if necessary to convey its capabilities to the Client,
noting that it should honor the Client's stated preferences for those
parameters if possible or override otherwise. The FMT-Forward/Mode
flags thereafter remain fixed unless and until a new RS/RA exchange
establishes different values (see: Section 12.2.5 for further
discussion). If the FHS/MAP Proxy/Server's Client-facing interface
is different than its INET-facing interface, the Proxy/Server next
includes a second Interface Attributes sub-option with ifIndex set to
'0', with a unicast L2 address for its Client-facing interface in the
L2ADDR field and with its SRA ULA in the GUA field.
The FHS/MAP Proxy/Server next includes an Origin Indication sub-
option that includes the RS L2 source L2ADDR information (see:
Section 12.2.17.1), then includes any other necessary OMNI sub-
Templin Expires 17 October 2024 [Page 106]
Internet-Draft IPv6 over OMNI Interfaces April 2024
options (either within the same OMNI option or in additional OMNI
options). Following the OMNI option(s), the FHS/MAP Proxy/Server
next includes any other necessary RA options including 2 PIOs with
(A=0; L=0) that include the ULA/GUA SNP prefixes for the segment per
[RFC8028], RIOs with more-specific routes per [RFC4191], Nonce and
Timestamp options, etc. The FHS/MAP Proxy/Server then sets the RA
source address to its own SNP SRA GUA and destination address to the
(new) SNP ULA for the Client, then calculates the authentication
signature/checksum. The FHS/MAP Proxy/Server finally performs OAL
encapsulation while setting the source to its own SNP SRA ULA and
destination to the OAL source that appeared in the RS, performs L2
encapsulation/fragmentation with L2 source and destination address
information reversed from the RS L2 information and returns the
resulting carrier packets to the Client over the same underlay
interface the RS arrived on.
When an FHS Proxy/Server receives an RS with a valid checksum and
authentication signature with destination set to link-scoped All-
Routers multicast, it can either assume the MAP role itself the same
as above or act as a proxy and select the SNP SRA GUA of another
Proxy/Server to serve as the MAP. When an FHS Proxy/Server assumes
the proxy role or receives an RS with destination set to the SNP SRA
GUA of another Proxy/Server, it forwards the message as a proxy. The
FHS Proxy/Server creates or updates a NCE for the Client (i.e., based
on the RS source address) and caches the OAL source, Neighbor
Control, Multilink Vector and Interface Attributes addressing
information as above. The FHS Proxy/Server then locally processes
any DHCPv6 IA_NA options found in the RS OMNI option and assigns the
SNP ULA/GUA address pairs to the Client NCE. The FHS Proxy/Server
then writes its own INET-facing FMT, SRT and LHS Proxy/Server GUA/
L2ADDR information into the appropriate Interface Attributes sub-
option fields (while also setting/clearing FMT-Forward and FMT-Type
as above) where the GUA is the Client's SNP GUA address. Next, the
FHS Proxy/Server caches the Multilink Vector sub-option and removes
it from the RS message, sets the RS source address to the Client's
SNP GUA and sets the RS destination to the SNP SRA address of the MAP
Proxy/Server. The FHS Proxy/Server then calculates and includes the
checksum, sets the OAL source to the Client's SNP GUA and destination
SNP SRA GUA of the MAP Proxy/Server, performs L2 encapsulation/
fragmentation and sends the resulting carrier packets into the SRT
secured spanning tree.
When the MAP Proxy/Server receives the carrier packets, it performs
L2 reassembly/decapsulation and OAL decapsulation to obtain the
proxyed RS, verifies the checksum, then performs DHCPv6 Prefix
Delegation (PD) to obtain or update any MNPs for the Client. The MAP
Proxy/Server then creates/updates a NCE for the Client's MNP(s) and
caches any state (including the ARR and RPT flags, IA_NA addresses,
Templin Expires 17 October 2024 [Page 107]
Internet-Draft IPv6 over OMNI Interfaces April 2024
OAL addresses, Interface Attributes information and Traffic
Selectors), then finally performs routing protocol injection. The
MAP Proxy/Server then returns an RA that echoes the Client's
(proxyed) Interface Attributes sub-option and with any RA parameters
the same as specified for the FHS/MAP Proxy/Server case above. The
MAP Proxy/Server sets the RA source address to its own SNP SRA GUA
and destination address to the RS source address (i.e., the Client
SNP GUA). The MAP Proxy/Server next calculates the checksum then
encapsulates the RA as an OAL packet with source set to the
destination of the RS message (i.e., its own SNP SRA GUA) and
destination set to the source of the RS message (i.e., the Client's
SNP GUA). The MAP Proxy/Server finally performs L2 encapsulation/
fragmentation and sends the resulting carrier packets into the
secured spanning tree.
When the FHS Proxy/Server receives the carrier packets it performs L2
reassembly/decapsulation followed by OAL decapsulation to obtain the
RA message, verifies checksums then updates the OMNI interface NCE
for the Client and creates/updates a NCE for the MAP. The FHS Proxy/
Server then sets the P flag in the RA flags field [RFC4389] and
proxys the RA by changing the OAL source to its SNP SRA ULA and
changing the OAL destination to the source address from the Client's
original RS message while also recording any DHCPv6 IA_NA SNP GUA/ULA
address pairs as alternate indexes into the Client NCE. The FHS
Proxy/Server then includes 2 PIOs with (A=0; L=0) with the SNP ULA/
GUA prefixes for the segment per [RFC8028]. The FHS Proxy/Server
next includes Neighbor Control parameters responsive to those in the
Client's RS and a Multilink Vector sub-option with its responses to
its cached initiations from the Client. The FHS Proxy/Server also
includes an Interface Attributes sub-option with ifIndex '0' and with
its Client-facing interface unicast L2 address if necessary (see
above), an Origin Indication sub-option with the Client's cached
L2ADDR and an authentication sub-option if necessary. The FHS Proxy/
Server finally calculates the authentication signature/checksum,
performs L2 encapsulation/fragmentation with addresses taken from the
Client's NCE and sends the resulting carrier packets via the same
underlay interface over which the RS was received.
When the Client receives the carrier packets, it performs L2
reassembly/decapsulation followed by OAL decapsulation to obtain the
RA message. The Client next verifies the authentication signature/
checksum, then matches the RA with its previously-sent RS by
comparing the RS Sequence Number with the RA Acknowledgement Number
and also comparing the Nonce and/or Timestamp values. If the values
match, the Client then creates/updates OMNI interface NCEs for both
the MAP and FHS Proxy/Server and caches the information in the RA
message. The Client also caches the RA source address as the MAP
Proxy/Server SNP SRA GUA and uses the OAL source address to configure
Templin Expires 17 October 2024 [Page 108]
Internet-Draft IPv6 over OMNI Interfaces April 2024
the SNP SRA ULA of this FHS Proxy/Server. The Client next discovers
its own SNP ULA by examining the RA destination address, discovers
its own SNP GUA by examining the IA_NA DHCPv6 delegated addresses,
and discovers the SNP ULA/GUA PIO prefixes for the OMNI link segment
per [RFC8028]. If the Client has multiple underlay interfaces, it
creates additional FHS Proxy/Server NCEs as necessary when it
receives RAs over those interfaces (noting that multiple of the
Client's underlay interfaces may be serviced by the same or different
FHS Proxy/Servers). The Client finally adds the MAP Proxy/Server SRA
GUA to the default router list if necessary.
For each underlay interface, the Client next caches the (filled-out)
Interface Attributes for its own ifIndex and Origin Indication
information that it received in an RA message over that interface so
that it can include them in future NS/NA messages to provide
neighbors with accurate FMT/SRT/LHS information. (If the message
includes an Interface Attributes sub-option with ifIndex '0', the
Client also caches the L2ADDR as the underlay network-local unicast
address of the FHS Proxy/Server via that underlay interface.) The
Client then compares the Origin Indication L2ADDR information with
its own underlay interface addresses to determine whether there may
be NATs on the path to the FHS Proxy/Server; if the L2ADDR
information differs, the Client is behind one or more NATs and must
supply the Origin information in IPv6 ND message exchanges with
prospective neighbors on the same SRT segment. The Client then
caches the Multilink Vector responsive window synchronization
parameters for use in future IPv6 ND message exchanges via this FHS
Proxy/Server. The Client finally configures default routes and
assigns the IPv6 SRA address corresponding to the MNP (e.g.,
2001:db8:1:2::) to the OMNI interface.
Following the initial exchange, the FHS Proxy/Server MAY later send
additional periodic and/or event-driven unsolicited RA messages per
[RFC4861]. (The unsolicited RAs may be initiated either by the FHS
Proxy/Server itself or by the MAP via the FHS as a proxy.) The
Client then continuously manages its underlay interfaces according to
their states as follows:
* When an underlay interface transitions to UP, the Client sends an
RS over the underlay interface with an OMNI option with sub-
options as specified above.
* When an underlay interface transitions to DOWN, the Client sends
unsolicited NA messages over any UP underlay interface with an
OMNI option containing Interface Attributes sub-options for the
DOWN underlay interface with ifMetric set to 'ffffffff'. The
Client sends isolated unsolicited NAs when reliability is not
thought to be a concern (e.g., if redundant transmissions are sent
Templin Expires 17 October 2024 [Page 109]
Internet-Draft IPv6 over OMNI Interfaces April 2024
on multiple underlay interfaces), or may instead set the SNR flag
in an OMNI Neighbor Control sub-option to trigger an unsolicited
NA reply (see: [I-D.templin-6man-aero3]).
* When the Router Lifetime for the MAP Proxy/Server nears
expiration, the Client sends an RS over any underlay interface to
receive a fresh RA from the MAP. If no RA messages are received
over a first underlay interface (i.e., after retrying), the Client
marks the underlay interface as DOWN and should attempt to contact
the MAP Proxy/Server via a different underlay interface. If the
MAP Proxy/Server is unresponsive over additional underlay
interfaces, the Client sends an RS message with destination set to
the ULA of another Proxy/Server which will then assume the MAP
role.
* When all of a Client's underlay interfaces have transitioned to
DOWN (or if a prefix delegation lifetime expires), the MAP Proxy/
Server withdraws the MNP the same as if it had received a message
with a release indication.
The Client is responsible for retrying each RS exchange up to
MAX_RTR_SOLICITATIONS times separated by RTR_SOLICITATION_INTERVAL
seconds until an RA is received. If no RA is received over an UP
underlay interface (i.e., even after attempting to contact alternate
Proxy/Servers), the Client declares this underlay interface as DOWN.
When changing to a new FHS/MAP Proxy/Server, the Client also includes
a Proxy/Server Departure OMNI sub-option in new RS messages; the
(new) FHS Proxy/Server will in turn send uNA messages to the old FHS
and/or MAP Proxy/Server to announce the Client's departure as
discussed in [I-D.templin-6man-aero3].
The network layer sees the OMNI interface as an ordinary IPv6
interface. Therefore, when the network layer sends an RS message the
OMNI interface returns an internally-generated RA message as though
the message originated from an IPv6 router. The internally-generated
RA message contains configuration information consistent with the
information received from the RAs generated by the MAP Proxy/Server.
Whether the OMNI interface IPv6 ND messaging process is initiated
from the receipt of an RS message from the network layer or
independently of the network layer is an implementation matter. Some
implementations may elect to defer the OMNI interface internal RS/RA
messaging process until an RS is received from the network layer,
while others may elect to initiate the process independently. Still
other deployments may elect to administratively disable network layer
RS/RA messaging over the OMNI interface, since the messages are not
required to drive the OMNI interface internal RS/RA process. (Note
that this same logic applies to IPv4 implementations that employ
"ICMP Router Discovery" [RFC1256].)
Templin Expires 17 October 2024 [Page 110]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note: The Router Lifetime value in RA messages indicates the time
before which the Client must send another RS message over this
underlay interface (e.g., 600 seconds), however that timescale may be
significantly longer than the lifetime the MS has committed to retain
the prefix registration (e.g., REACHABLE_TIME seconds). Proxy/
Servers are therefore responsible for keeping MS state alive on a
shorter timescale than the Client may be required to do on its own
behalf.
Note: On certain multicast-capable underlay interfaces, Clients
should send periodic unsolicited multicast NA messages and Proxy/
Servers should send periodic unsolicited multicast RA messages as
"beacons" that can be heard by other nodes on the link. If a node
fails to receive a beacon after a timeout value specific to the link,
it can initiate Neighbor Unreachability Detection (NUD) exchanges to
test reachability.
Note: Although the Client's FHS Proxy/Server is a first-hop segment
node from its own perspective, the Client stores the Proxy/Server's
FMT/SRT/GUA/L2ADDR as last-hop segment (LHS) information to supply to
neighbors. This allows both the Client and MAP Proxy/Server to
supply the information to neighbors that will perceive it as LHS
information on the return path to the Client.
Note: The MAP Proxy/Server injects Client MNPs into the OMNI link
routing system by simply creating a route-to-interface forwarding
table entry for MNP::/N via the OMNI interface. The dynamic routing
protocol will notice the new entry and propagate the route to its
peers. If the MAP receives additional RS messages, it need not re-
create the forwarding table entry (nor disturb the dynamic routing
protocol) if an entry is already present. If the MAP ceases to
receive RS messages from any of the Client's interfaces, it removes
the Client MNP(s) from the forwarding table (i.e., after a short
delay) which also results in their removal from the routing system.
Note: If the Client's initial RS message includes an anycast L2
destination address, the FHS Proxy/Server returns the solicited RA
using the same anycast address as the L2 source while including an
Interface Attributes sub-option with ifIndex '0' and its true unicast
address in the L2ADDR. When the Client sends additional RS messages,
it includes this FHS Proxy/Server unicast address as the L2
destination and the FHS Proxy/Server returns the solicited RA using
the same unicast address as the L2 source. This will ensure that RS/
RA exchanges are not impeded by any NATs on the path while avoiding
long-term exposure of messages that use an anycast address as the
source.
Templin Expires 17 October 2024 [Page 111]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note: The Origin Indication sub-option is included only by the FHS
Proxy/Server and not by the MAP (unless the MAP is also serving as an
FHS).
Note: Clients should set the NUD, ARR and RPT flags consistently in
successive RS messages and only change those settings when an FHS/MAP
Proxy/Server service profile update is necessary.
Note: Although the Client adds the MAP Proxy/Server SNP GUA SRA
address to the default router list, it also caches the ULAs of the
FHS Proxy/Servers on the path to the MAP over each underlying
interface. When the Client needs to send an original IP packet/
parcel to a default router, it engages OAL encapsulation/
fragmentation while using a destination ULA corresponding to the
selected interface which directs the packet to an FHS Proxy/Server
for that interface. The FHS Proxy/Server then performs L2
encapsulation/fragmentation and sends the resulting carrier packets
without disturbing the MAP.
15.1. Window Synchronization
The RS/RA exchanges discussed above observe the principles specified
in Section 6.7. Window synchronization is conducted between the
Client and each FHS Proxy/Server used to contact the MAP Proxy/
Server, i.e., and not between the Client and the MAP. This is due to
the fact that the MAP Proxy/Server is responsible only for forwarding
messages via the secured spanning tree to FHS Proxy/Servers, and is
not responsible for forwarding messages directly to the Client.
When a Client sends an RS to perform window synchronization via a new
FHS Proxy/Server, it includes an OMNI Multilink Vector sub-option
with window synchronization parameters with FHS ifIndex set to its
own interface index, with LHS ifIndex set to 0, with AFVI set to 0,
with the SYN flag set and ACK flag clear, and with an initial
Sequence Number. The Client finally includes an Interface Attributes
sub-option then performs OAL encapsulation and L2 encapsulation/
fragmentation then sends the resulting carrier packets to the FHS
Proxy/Server. When the FHS Proxy/Server receives the carrier
packets, it performs L2 reassembly/decapsulation, then extracts the
RS message and caches the Multilink Vector parameters. In the
process, the FHS Proxy/Server removes the Multilink Vector sub-option
itself, since the path to the MAP Proxy/Server is not included in
window synchronization.
The FHS Proxy/Server then performs L2 encapsulation/fragmentation and
sends the resulting carrier packets via the secured spanning tree to
the MAP Proxy/Server, which updates the Client's Interface Attributes
and returns a unicast RA message. The MAP Proxy/Server performs OAL
Templin Expires 17 October 2024 [Page 112]
Internet-Draft IPv6 over OMNI Interfaces April 2024
encapsulation followed by L2 encapsulation/fragmentation and sends
the carrier packets via the secured spanning tree to the FHS Proxy/
Server. The FHS Proxy/Server then proxys the message as discussed in
the previous section and includes responsive window synchronization
information. The FHS Proxy/Server then forwards the message to the
Client via OAL encapsulation which updates its window synchronization
information for the FHS Proxy/Server as necessary.
Following the initial RS/RA-driven window synchronization, the Client
can re-assert new windows with specific FHS Proxy/Servers by
performing RS/RA exchanges between its own ULAs and the ULAs of the
FHS Proxy/Servers at any time without having to disturb the MAP (when
the Client needs to refresh MAP state, it can set the RS destination
address to the MAP SNP SRA address).
This window synchronization is necessary only for MANET and INET
Clients that must include authentication signatures with their IPv6
ND messages; Clients in secured ANETs can omit window
synchronization. When Client-to-Proxy/Server window synchronization
is used, subsequent IPv6 ND NS/NA messages exchanged between peers
include IPv6 Extended Fragment Headers in the OAL encapsulations with
in-window Identification values to support message authentication.
No header compression state is maintained by OAL intermediate
systems, which only maintain state for per-flow data plane windows.
15.2. Router Discovery in IP Multihop and IPv4-Only Networks
On some *NETs, a Client may be located multiple intermediate OAL hops
away from the nearest OMNI link Proxy/Server. Clients in multihop
networks perform route discovery through the application of an
adaptation layer routing protocol (e.g., a MANET routing protocol
over omnidirectional wireless interfaces, etc.) then apply
corresponding forwarding entries to the OMNI interface. Example
routing protocols optimized for MANET operations include OSPFv3
[RFC5340] with MANET Designated Router (OSPF-MDR) extensions
[RFC5614], OLSRv2 [RFC7181], AODVv2 [I-D.perkins-manet-aodvv2] and
others. Clients employ the routing protocol according to the link
model found in [RFC5889] and subnet model articulated in [RFC5942].
For unique identification, Clients use an HHIT as a Router ID or set
an administrative ULA value that is managed for uniqueness within the
MANET.
Templin Expires 17 October 2024 [Page 113]
Internet-Draft IPv6 over OMNI Interfaces April 2024
A Client located potentially multiple OAL hops away from the nearest
Proxy/Server prepares an RS message, sets the source address to its
ULA or unspecified ("::/128"), and sets the destination to link-
scoped All-Routers multicast or the SNP SRA GUA of a Proxy/Server the
same as discussed above. The OMNI interface then employs OAL
encapsulation, sets the OAL source address to its HHIT/ULA and sets
the OAL destination to an SNP SRA ULA.
For IPv6-enabled *NETs where the underlay interface observes the
MANET properties discussed above, the Client injects the HHIT/ULA
into the IPv6 multihop routing system and forwards the message
without further encapsulation. Otherwise, the Client encapsulates
the message in UDP/IPv6 L2 headers, sets the source to the underlay
interface IPv6 address and sets the destination to the same SNP SRA
ULA address. The Client then forwards the message into the IPv6
multihop routing system which conveys it to the nearest Proxy/Server
that advertises a matching SNP SRA ULA address. If the nearest
Proxy/Server is too busy, it should forward (without Proxying) the
OAL-encapsulated RS to another nearby Proxy/Server connected to the
same IPv6 (multihop) network that also advertises the matching OMNI
IPv6 anycast prefix.
For IPv4-only *NETs, the Client encapsulates the RS message in UDP/
IPv4 L2 headers, sets the source to the underlay interface IPv4
address and sets the destination to the OMNI IPv4 anycast address
TBD3. The Client then forwards the message into the IPv4 multihop
routing system which conveys it to the nearest Proxy/Server that
advertises the corresponding IPv4 prefix. If the nearest Proxy/
Server is too busy and/or does not configure the specified OMNI IPv6
SRA address, it should forward (without Proxying) the OAL-
encapsulated RS to another nearby Proxy/Server connected to the same
IPv4 (multihop) network that configures the OMNI IPv6 anycast
address. (In environments where reciprocal RS forwarding cannot be
supported, the first Proxy/Server should instead return an RA based
on its own MSP(s).)
When an OAL intermediate node that participates in the routing
protocol receives the encapsulated RS, it forwards the message
according to its OAL IPv6 forwarding table (note that an OAL
intermediate system could be a fixed infrastructure element such as a
roadside unit or another MANET/VANET Client). This process repeats
iteratively until the RS message is received by a penultimate OAL hop
within single-hop communications range of a Proxy/Server, which
forwards the message to the Proxy/Server final hop.
When a Proxy/Server that configures the OMNI IPv6 anycast OAL
destination address receives the message, it decapsulates the RS and
assumes either the MAP or FHS role (in which case, it may forward the
Templin Expires 17 October 2024 [Page 114]
Internet-Draft IPv6 over OMNI Interfaces April 2024
RS to a candidate MAP). The MAP/FHS Proxy/Server then prepares an RA
message using the same addressing disciplines as discussed in
Section 15 and forwards the RA either to the FHS Proxy/Server or
directly to the Client.
When the MAP or FHS Proxy/Server forwards the RA to the Client, it
encapsulates the message in L2 encapsulation headers (if necessary)
The Proxy/Server then forwards the message to an OAL node within
communications range, which forwards the message according to the
next OAL hop according to its OAL IPv6 forwarding tables. The
multihop forwarding process within the *NET continues repetitively
until the message arrives at the original Client, which decapsulates
the message and performs autoconfiguration the same as if it had
received the RA directly from a Proxy/Server on the same physical
link. The Client then injects the delegated ULA and any MNP SRA GUAs
into the IPv6 multihop routing system.
Note: When the RS message includes anycast OAL and/or L2
encapsulation destinations, the FHS Proxy/Server must use the same
anycast addresses as the OAL and/or L2 encapsulation sources to
support forwarding of the RA message plus any initial data messages.
The FHS Proxy/Server then sends the resulting carrier packets over
any NATs on the path. When the Client receives the RA, it will
discover the FHS Proxy/Server unicast ULAs and/or L2 encapsulation
addresses and can send future carrier packets using the unicast
(instead of anycast) addresses to populate NAT state in the forward
path. (If the Client does not have immediate data to send to the FHS
Proxy/Server, it can instead send an OAL "bubble" - see
Section 6.11.) After the Client begins using unicast OAL/L2
encapsulation addresses in this way, the FHS Proxy/Server should also
begin using the same unicast addresses in the reverse direction.
Note: When an OMNI interface configures a HHIT, any nodes that
forward an encapsulated RS message with the HHIT as the OAL source
must not consider the message as being specific to a particular OMNI
link segment. HHITs can therefore also serve as the source and
destination addresses of unencapsulated IPv6 data communications
within the local routing region, and if the HHITs are injected into
the local network routing protocol their prefix length must be set to
128.
Templin Expires 17 October 2024 [Page 115]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note: Each node normally conducts the multi-hop relaying between
intermediate forwarding systems using the same underlay interface in
both the inbound and outbound directions, i.e. as opposed to
different underlay interfaces. The final forwarding node within
range of a Proxy/Server could use the same or a different underlay
interface to exchange carrier packets with the Proxy/Server, but may
not be well positioned to perform multilink selections over multiple
underlay interfaces on behalf of multihop dependent peers.
15.3. DHCPv6-based Prefix Registration
When a Client requires SNP ULA/GUA delegations via a specific Proxy/
Server (or, when the Client requires MNP delegations for the OMNI
link), it invokes the DHCPv6 service [RFC8415] in conjunction with
its OMNI RS/RA message exchanges.
When a Client requires the MS to delegate PA ULA/GUA pairs or PI
MNPs, it sends an RS message to a FHS Proxy/Server. If the Client
requires one or more address or MNP delegations, it includes a DHCPv6
Message sub-option containing a Client Identifier, one or more IA_NA/
IA_PD options and a Rapid Commit option then sets the 'msg-type'
field to "Solicit" and includes a 3-octet 'transaction-id'. The
Client then sets the RS destination to link-scoped All-Routers
multicast and sends the message using OAL encapsulation and
fragmentation if necessary as discussed above.
When the FHS/MAP Proxy/Server receives the RS message, it performs
OAL reassembly if necessary. Next, if the OMNI option includes a
DHCPv6 message sub-option, the FHS/MAP Proxy/Server acts as a "Proxy
DHCPv6 Client" in a message exchange with the locally-resident DHCPv6
server. The FHS/MAP Proxy/Server then sends the DHCPv6 message to
the DHCPv6 Server, which delegates SNP ULA/GUA pairs or MNPs and
returns a DHCPv6 Reply message with autoconfiguration parameters.
When the FHS Proxy/Server receives a DHCPv6 Reply with delegated
addresses, it records the delegated SNP ULA/GUA pairs in the NCE for
the Client, then forwards the RS message to the MAP Proxy/Server for
prefix delegation if necessary; otherwise, it returns an immediate RA
message to the Client.
When the MAP Proxy/Server receives a DHCPv6 Reply with delegated
prefixes, it creates OMNI interface MNP forwarding table entries
(i.e., to prompt the dynamic routing protocol). The MAP Proxy/Server
then sends an RA back to the FHS Proxy/Server with the DHCPv6 Reply
message included in an OMNI DHCPv6 message sub-option, and the FHS
Proxy/Server returns the RA to the Client.
Templin Expires 17 October 2024 [Page 116]
Internet-Draft IPv6 over OMNI Interfaces April 2024
15.4. OMNI Link Extension
Clients can provide an OMNI link ingress point for other nodes on
their (downstream) ENETs that also act as Clients. When Client A has
already coordinated with an (upstream) (M)ANET/INET Proxy/Server,
Client B on an ENET serviced by Client A can send OAL-encapsulated RS
messages with addresses set the same as specified in Section 15.2.
When Client A receives the RS message, it infers from the OAL
encapsulation that Client B is seeking to establish itself as a
Client instead of just a simple ENET Host.
Client A then returns an RA message the same as a Proxy/Server would
do as specified in Section 15.2 except that it instead uses its own
MNP SRA GUA as the RA and OAL source addresses and performs
(recursive) DHCPv6 Prefix Delegation. The MNP delegation in the RA
message must be a sub-MNP from the MNP delegated to Client A. For
example, if Client A receives the MNP 2001:db8:1000::/48 it can
provide a sub-delegation such as 2001:db8:1000:2000::/56 to Client B.
Client B can in turn sub-delegate 2001:db8:1000:2000::/56 to its own
ENET(s), where there may be a further prospective Client C that would
in turn request OMNI link services via Client B.
To support this Client-to-Client chaining, Clients send IPv6 ND
messages addressed to the OMNI link anycast address via their *NET
(i.e., upstream) interfaces, but advertise the OMNI link anycast
address into their ENET (i.e., downstream) networks where there may
be further prospective Clients wishing to join the chain. The ENET
of the upstream Client is therefore seen as an ANET by downstream
Clients, and the upstream Client is seen as a Proxy/Server by
downstream Clients.
16. Secure Redirection
If the *NET link model is multiple access, the FHS Proxy/Server is
responsible for assuring that address duplication cannot corrupt the
neighbor caches of other nodes on the link through the use of the
DHCPv6 address delegation service. When the Client sends an RS
message on a multiple access *NET, the Proxy/Server verifies that the
Client is authorized to use the address and responds with an RA (or
forwards the RS to the MAP) only if the Client is authorized.
After verifying Client authorization and returning an RA, the Proxy/
Server MAY return IPv6 ND Redirect messages in response to subsequent
packet transmissions to direct Clients located on the same *NET to
exchange OAL packets directly without transiting the Proxy/Server.
In that case, the Clients can exchange OAL packets according to their
unicast L2 addresses discovered from the Redirect message instead of
using the dogleg path through the Proxy/Server. In some *NETs,
Templin Expires 17 October 2024 [Page 117]
Internet-Draft IPv6 over OMNI Interfaces April 2024
however, such direct communications may be undesirable and continued
use of the dogleg path through the Proxy/Server may provide better
performance. In that case, the Proxy/Server can refrain from sending
Redirects, and/or Clients can ignore them.
17. Proxy/Server Resilience
*NETs SHOULD deploy Proxy/Servers in Virtual Router Redundancy
Protocol (VRRP) [RFC5798] configurations so that service continuity
is maintained even if one or more Proxy/Servers fail. Using VRRP,
the Client is unaware which of the (redundant) FHS Proxy/Servers is
currently providing service, and any service discontinuity will be
limited to the failover time supported by VRRP. Widely deployed
public domain implementations of VRRP are available.
Proxy/Servers SHOULD use high availability clustering services so
that multiple redundant systems can provide coordinated response to
failures. As with VRRP, widely deployed public domain
implementations of high availability clustering services are
available. Note that special-purpose and expensive dedicated
hardware is not necessary, and public domain implementations can be
used even between lightweight virtual machines in cloud deployments.
18. Detecting and Responding to Proxy/Server Failures
In environments where fast recovery from Proxy/Server failure is
essential, FHS Proxy/Servers SHOULD use proactive Neighbor
Unreachability Detection (NUD) in a manner that parallels
Bidirectional Forwarding Detection (BFD) [RFC5880] to track MAP
Proxy/Server reachability. FHS Proxy/Servers can then quickly detect
and react to failures so that cached information is re-established
through alternate paths. Proactive NUD control messaging is carried
only over well-connected ground domain networks (i.e., and not low-
end links such as aeronautical radios) and can therefore be tuned for
rapid response.
FHS Proxy/Servers perform proactive NUD for MAP Proxy/Servers for
which there are currently active Clients. If a MAP Proxy/Server
fails, the FHS Proxy/Server can quickly inform Clients of the outage
by sending multicast RA messages. The FHS Proxy/Server sends RA
messages to Clients with source set to the ULA of the MAP, with
destination address set to All-Nodes multicast (ff02::1) [RFC4291]
and with Router Lifetime set to 0.
The FHS Proxy/Server SHOULD send MAX_FINAL_RTR_ADVERTISEMENTS RA
messages separated by small delays [RFC4861]. Any Clients that have
been using the (now defunct) MAP Proxy/Server will receive the RA
messages.
Templin Expires 17 October 2024 [Page 118]
Internet-Draft IPv6 over OMNI Interfaces April 2024
19. Transition Considerations
When a Client connects to a *NET link for the first time, it sends an
RS message with an OMNI option. If the first hop router recognizes
the option, it responds according to the appropriate FHS/MAP Proxy/
Server role resulting in an RA message with an OMNI option returned
to the Client. The Client then engages this FHS Proxy/Sever
according to the OMNI link model specified above. If the first hop
router is a legacy IPv6 router, however, it instead returns an RA
message with no OMNI option and with a non-OMNI unicast source LLA as
specified in [RFC4861]. In that case, the Client engages the *NET
according to the legacy IPv6 link model and without the OMNI
extensions specified in this document.
If the *NET link model is multiple access, there must be assurance
that address duplication cannot corrupt the neighbor caches of other
nodes on the link. When the Client sends an RS message on a multiple
access *NET link with an OMNI option, first hop routers that
recognize the option ensure that the Client is authorized to use the
address and return an RA with a non-zero Router Lifetime only if the
Client is authorized. First hop routers that do not recognize the
OMNI option instead return an RA that makes no statement about the
Client's authorization to use the source address. In that case, the
Client should perform Duplicate Address Detection to ensure that it
does not interfere with other nodes on the link.
An alternative approach for multiple access *NET links to ensure
isolation for Client-Proxy/Server communications is through link
layer address mappings as discussed in Appendix E. This arrangement
imparts a (virtual) point-to-point link model over the (physical)
multiple access link.
20. OMNI Interfaces on Open Internetworks
Client OMNI interfaces configured over IPv6-enabled underlay
interfaces on an open Internetwork without an OMNI-aware first-hop
router receive IPv6 RA messages with no OMNI options, while OMNI
interfaces configured over IPv4-only underlay interfaces receive no
IPv6 RA messages at all (but may receive IPv4 RA messages per
[RFC1256]). Client OMNI interfaces that receive RA messages with
OMNI options configure addresses, on-link prefixes, etc. on the
underlay interface that received the RA according to standard IPv6 ND
and address resolution conventions [RFC4861] [RFC4862]. Client OMNI
interfaces configured over IPv4-only underlay interfaces configure
IPv4 address information on the underlay interfaces using mechanisms
such as DHCPv4 [RFC2131].
Templin Expires 17 October 2024 [Page 119]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Client OMNI interfaces configured over underlay interfaces connected
to open Internetworks can apply lower layer security services such as
VPNs (e.g., IPsec tunnels) to connect to a Proxy/Server, or can
establish a secured direct point-to-point link to the Proxy/Server
through some other means (see Section 4). In environments where
lower layer security may be impractical or undesirable, Client OMNI
interfaces can instead send IPv6 ND messages with OMNI options that
include authentication signatures.
OMNI interfaces use UDP/IP as L2 encapsulation headers for
transmission over open Internetworks with UDP service port number
8060 for both IPv4 and IPv6 underlay interfaces. The OMNI interface
submits original IP packets/parcels for OAL encapsulation, then
encapsulates the resulting OAL fragments in UDP/IP L2 headers to form
carrier packets. (The first 4 bits following the UDP header
determine whether the OAL headers are uncompressed/compressed as
discussed in Section 6.5.) The OMNI interface sets the UDP length to
the encapsulated OAL fragment length and sets the IP length to an
appropriate value at least as large as the UDP datagram.
When necessary, sources include an OMNI option with an authentication
sub-option in IPv6 ND messages. The source can employ a simple
Hashed Message Authentication Code (HMAC) as specified in
[RFC2104][RFC6234], EdDSA [RFC8032], or a message-based
authentication service such as HIP [RFC7401], QUIC-TLS
[RFC9000][RFC9001], etc., by using the IPv6 ND message OMNI option as
a "shipping container". Before calculating the authentication
signature, the source fully populates any necessary OMNI sub-options
as well as any ordinary IPv6 ND options as necessary.
The source then sets both the IPv6 ND message Checksum and
authentication signature fields to 0 and calculates the
authentication signature over the full length of the IPv6 ND message
beginning after the IPv6 ND message checksum field and extending over
the length of the message. (If the IPv6 ND message is part of an OAL
super-packet, the source instead continues to calculate the
authentication signature over the entire length of the super-packet.)
The source next writes the authentication signature into the
appropriate sub-option field and forwards the message.
After establishing a secured underlay link or preparing for UDP/IP
encapsulation, OMNI interfaces send RS/RA messages for Client-Proxy/
Server coordination (see: Section 15) and NS/NA messages for
multilink forwarding, route optimization, and mobility management
(see: [I-D.templin-6man-aero3]). These control plane messages must
be authenticated while other control and data plane messages are
delivered the same as for ordinary best effort traffic with source
address and/or Identification window-based data origin verification.
Templin Expires 17 October 2024 [Page 120]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Transport and higher layer protocol sessions over OMNI interfaces
that connect over open Internetworks without an explicit underlay
link security services should therefore employ security at their
layers to ensure authentication, integrity and/or confidentiality.
Clients should avoid using INET Proxy/Servers as general-purpose
routers for steady streams of carrier packets that do not require
authentication. Clients should therefore perform route optimization
to coordinate with other INET nodes that can provide forwarding
services (or preferably coordinate with peer Clients directly)
instead of burdening the Proxy/Server. Procedures for coordinating
with peer Clients and discovering INET nodes that can provide better
forwarding services are discussed in [I-D.templin-6man-aero3].
Clients that attempt to contact peers over INET underlay interfaces
often encounter NATs in the path. OMNI interfaces accommodate NAT
traversal using UDP/IP encapsulation and the mechanisms discussed in
[I-D.templin-6man-aero3]. FHS Proxy/Servers include Origin
Indications in RA messages to allow Clients to detect the presence of
NATs.
Note: Following the initial IPv6 ND message exchange, OMNI interfaces
configured over INET underlay interfaces maintain neighbor
relationships by transmitting periodic IPv6 ND messages with OMNI
options that include authentication signatures. Other authentication
services that use their own IPv6 ND option types such as [RFC3971]
and [RFC8928] can also be used in addition to any OMNI authentication
services.
Note: OMNI interfaces configured over INET underlay interfaces should
employ the Identification window synchronization mechanisms specified
in Section 6.7 in order to exclude spurious carrier packets that
might otherwise clutter the reassembly cache. This is especially
important in environments where carrier packet spoofing and/or
corruption is a threat.
Note: NATs may be present on the path from a Client to its FHS Proxy/
Server, but never on the path from the FHS Proxy/Server to the MAP
where only INET and/or spanning tree hops occur. Therefore, the FHS
Proxy/Server does not communicate Client origin information to the
MAP where it would serve no purpose.
Templin Expires 17 October 2024 [Page 121]
Internet-Draft IPv6 over OMNI Interfaces April 2024
21. Time-Varying MNPs
In some use cases, it is desirable, beneficial and efficient for the
Client to receive a constant MNP that travels with the Client
wherever it moves. For example, this would allow air traffic
controllers to easily track aircraft, etc. In other cases, however
(e.g., intelligent transportation systems), the Client may be willing
to sacrifice a modicum of efficiency in order to have time-varying
MNPs that can be changed occasionally to defeat adversarial tracking.
The prefix delegation services discussed in Section 15.3 allows
Clients that desire time-varying MNPs to obtain short-lived prefixes
to send RS messages with an OMNI option with DHCPv6 IA-PD sub-
options. The Client would then be obligated to renumber its internal
networks whenever its MNPs change. This should not present a
challenge for Clients with automated network renumbering services,
but may disrupt persistent sessions that would prefer to use a
constant address.
22. Address Selection
Clients assign LLAs to the OMNI interface, but do not use LLAs as
IPv6 ND message source/destination addresses nor for addressing
ordinary original IP packets/parcels exchanged with OMNI link
neighbors.
Clients use HHITs, ULAs or MNP SRA addresses as source/destination
IPv6 addresses in the encapsulation headers of OAL packets and use
SNP GUAs or MNP SRA addresses as the IPv6 source addresses of the
IPv6 ND messages themselves. Clients use HHITs when an SNP/MNP is
not available, or as source/destination IPv6 addresses for
communications within a MANET/VANET local area. Clients can also use
HHITs for local communications when operation outside the context of
a specific ULA domain and/or source address attestation is necessary.
Finally, Clients can use the IPv6 unspecified address ("::/128") as
the IPv6 source address of an RS message used for address/prefix
delegation.
Application endpoints serviced by Clients use MNP-based GUAs as
original IP packet/parcel source and destination addresses for
communications with Internet destinations when the Client is within
range of OMNI link supporting infrastructure that can inject the MNP
into the routing system. Clients can also use MNP-based GUAs within
multihop routing regions that are currently disconnected from
infrastructure as long as the corresponding MNPs have been injected
into the routing system.
Templin Expires 17 October 2024 [Page 122]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Clients use anycast GUAs as OAL and/or L2 encapsulation destination
addresses for RS messages used to discover the nearest FHS Proxy/
Server. When the Proxy/Server returns a solicited RA, it must also
use the same anycast address as the RA OAL/L2 encapsulation source in
order to successfully traverse any NATs in the path. The Client
should then immediately transition to using the FHS Proxy/Server's
discovered unicast OAL/L2 address as the destination in order to
minimize dependence on the Proxy/Server's use of an anycast source
address.
23. Error Messages
An OAL destination or intermediate system may need to return
ICMPv6-like error messages (e.g., Destination Unreachable, Packet Too
Big, Time Exceeded, etc.) [RFC4443] to an OAL source. Since ICMPv6
error messages do not themselves include authentication codes, OAL
nodes can instead return error messages as an OMNI ICMPv6 Error sub-
option in a secured IPv6 ND uNA message.
24. IANA Considerations
The following IANA actions are requested in accordance with [RFC8126]
and [RFC8726]:
24.1. Protocol Numbers Registry
The IANA is instructed to allocate an Internet Protocol number TBD1
from the 'protocol numbers' registry for the Overlay Multilink
Network Interface (OMNI) protocol. Guidance is found in [RFC5237]
(registration procedure is IESG Approval or Standards Action).
24.2. IEEE 802 Numbers Registry
During final publication stages, the IESG will be requested to
procure an IEEE EtherType value TBD2 for OMNI according to the
statement found at https://www.ietf.org/about/groups/iesg/statements/
ethertypes/.
Following this procurement, the IANA is instructed to register the
value TBD2 in the 'ieee-802-numbers' registry for Overlay Multilink
Network Interface (OMNI) encapsulation on Ethernet networks.
Guidance is found in [RFC7042] (registration procedure is Expert
Review).
Templin Expires 17 October 2024 [Page 123]
Internet-Draft IPv6 over OMNI Interfaces April 2024
24.3. IPv4 Special-Purpose Address Registry
The IANA is instructed to assign TBD3/N as an "OMNI IPv4 anycast"
address/prefix in the "IPv4 Special-Purpose Address" registry in a
similar fashion as for [RFC3068]. The IANA is requested to work with
the authors to obtain a TBD3/N public IPv4 prefix, whether through an
RIR allocation, a delegation from IANA's "IPv4 Recovered Address
Space" registry or through an unspecified third party donation.
24.4. IPv6 Neighbor Discovery Option Formats Registry
The IANA is instructed to allocate an official Type number TBD4 from
the "IPv6 Neighbor Discovery Option Formats" registry for the OMNI
option (registration procedure is RFC required).
24.5. Ethernet Numbers Registry
The IANA is instructed to allocate one Ethernet unicast address TBD5
(suggested value '00-52-14') in the 'ethernet-numbers' registry under
"IANA Unicast 48-bit MAC Addresses" (registration procedure is Expert
Review). The registration should appear as follows:
Addresses Usage Reference
--------- ----- ---------
00-52-14 Overlay Multilink Network (OMNI) Interface [RFCXXXX]
Figure 40: IANA Unicast 48-bit MAC Addresses
24.6. ICMPv6 Code Fields
The IANA is instructed to assign new Code values in the "ICMPv6 Code
Fields: Type 2 - Packet Too Big" table in the 'icmpv6-parameters'
registry (registration procedure is Standards Action or IESG
Approval). The registry entries should appear as follows:
Code Name Reference
--- ---- ---------
0 PTB Hard Error [RFC4443]
1 (suggested) PTB Soft Error (no loss) [RFCXXXX]
2 (suggested) PTB Soft Error (loss) [RFCXXXX]
Figure 41: ICMPv6 Code Fields: Type 2 - Packet Too Big Values
Templin Expires 17 October 2024 [Page 124]
Internet-Draft IPv6 over OMNI Interfaces April 2024
24.7. ICMPv4 PTB Messages
The IANA is instructed to assign a new Type number TBD6 in the 'icmp-
parameters' registry "ICMP Type Numbers" table (registration
procedures IESG Approval or Standards Action). The entry should set
"Type" to TBD6, "Name" to "Packet Too Big (PTB)" and "Reference" to
[RFCXXXX] (i.e., this document).
The IANA is further instructed to create a new table titled: "Type
TBD6 - Packet Too Big (PTB)" in the 'icmp-parameters' Code tables,
with registration procedures IESG Approval or Standards Action. The
table should have the following initial format:
Code Name Reference
--- ---- ---------
0 Reserved [RFCXXXX]
1 (suggested) PTB Soft Error (no loss) [RFCXXXX]
2 (suggested) PTB Soft Error (loss) [RFCXXXX]
Figure 42: Type TBD6 - Packet Too Big (PTB)
24.8. OMNI Option Sub-Types (New Registry)
The OMNI option defines a 5-bit Sub-Type field, for which IANA is
instructed to create and maintain a new registry entitled "OMNI
Option Sub-Type Values". Initial values are given below
(registration procedure is RFC required):
Templin Expires 17 October 2024 [Page 125]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Value Sub-Type name Reference
----- ------------- ----------
0 Pad1 [RFCXXXX]
1 PadN [RFCXXXX]
2 Node Identification [RFCXXXX]
3 Authentication [RFCXXXX]
4 Neighbor Control [RFCXXXX]
5 Interface Attributes [RFCXXXX]
6 Traffic Selector [RFCXXXX]
7 Multilink Vector [RFCXXXX]
8 Geo Coordinates [RFCXXXX]
9 DHCPv6 Message [RFCXXXX]
10 PIM-SM Message [RFCXXXX]
11 HIP Message [RFCXXXX]
12 QUIC-TLS Message [RFCXXXX]
13 Fragmentation Report [RFCXXXX]
14 ICMPv6 Error [RFCXXXX]
15 Proxy/Server Departure [RFCXXXX]
16-29 Unassigned
30 Sub-Type Extension [RFCXXXX]
31 Reserved by IANA [RFCXXXX]
Figure 43: OMNI Option Sub-Type Values
24.9. OMNI Node Identification ID-Types (New Registry)
The OMNI Node Identification sub-option (see: Section 12.2.3)
contains an 8-bit ID-Type field, for which IANA is instructed to
create and maintain a new registry entitled "OMNI Node Identification
ID-Type Values". Initial values are given below (registration
procedure is RFC required):
Value Sub-Type name Reference
----- ------------- ----------
0 UUID [RFCXXXX]
1 HIT [RFCXXXX]
2 HHIT [RFCXXXX]
3 Network Access Identifier [RFCXXXX]
4 FQDN [RFCXXXX]
5 IPv6 Address [RFCXXXX]
6-252 Unassigned [RFCXXXX]
253-254 Reserved for Experimentation [RFCXXXX]
255 Reserved by IANA [RFCXXXX]
Figure 44: OMNI Node Identification ID-Type Values
Templin Expires 17 October 2024 [Page 126]
Internet-Draft IPv6 over OMNI Interfaces April 2024
24.10. OMNI Geo Coordinates Types (New Registry)
The OMNI Geo Coordinates sub-option (see: Section 12.2.9) contains an
8-bit Type field, for which IANA is instructed to create and maintain
a new registry entitled "OMNI Geo Coordinates Type Values". Initial
values are given below (registration procedure is RFC required):
Value Sub-Type name Reference
----- ------------- ----------
0 NULL [RFCXXXX]
1-252 Unassigned [RFCXXXX]
253-254 Reserved for Experimentation [RFCXXXX]
255 Reserved by IANA [RFCXXXX]
Figure 45: OMNI Geo Coordinates Type
24.11. OMNI Option Sub-Type Extensions (New Registry)
The OMNI option defines an 8-bit Extension-Type field for Sub-Type 30
(Sub-Type Extension), for which IANA is instructed to create and
maintain a new registry entitled "OMNI Option Sub-Type Extension
Values". Initial values are given below (registration procedure is
RFC required):
Value Sub-Type name Reference
----- ------------- ----------
0 RFC4380 UDP/IP Header Option [RFCXXXX]
1 RFC6081 UDP/IP Trailer Option [RFCXXXX]
2-252 Unassigned
253-254 Reserved for Experimentation [RFCXXXX]
255 Reserved by IANA [RFCXXXX]
Figure 46: OMNI Option Sub-Type Extension Values
24.12. OMNI RFC4380 UDP/IP Header Option Types (New Registry)
The OMNI Sub-Type Extension "RFC4380 UDP/IP Header Option" defines an
8-bit Header Type field, for which IANA is instructed to create and
maintain a new registry entitled "OMNI RFC4380 UDP/IP Header Option".
Initial registry values are given below (registration procedure is
RFC required):
Templin Expires 17 October 2024 [Page 127]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Value Sub-Type name Reference
----- ------------- ----------
0 Origin Indication (IPv4) [RFC4380]
1 Authentication Encapsulation [RFC4380]
2 Origin Indication (IPv6) [RFCXXXX]
3-252 Unassigned
253-254 Reserved for Experimentation [RFCXXXX]
255 Reserved by IANA [RFCXXXX]
Figure 47: OMNI RFC4380 UDP/IP Header Option
24.13. OMNI RFC6081 UDP/IP Trailer Option Types (New Registry)
The OMNI Sub-Type Extension for "RFC6081 UDP/IP Trailer Option"
defines an 8-bit Trailer Type field, for which IANA is instructed to
create and maintain a new registry entitled "OMNI RFC6081 UDP/IP
Trailer Option". Initial registry values are given below
(registration procedure is RFC required):
Value Sub-Type name Reference
----- ------------- ----------
0 Unassigned
1 Nonce [RFC6081]
2 Unassigned
3 Alternate Address (IPv4) [RFC6081]
4 Neighbor Discovery Option [RFC6081]
5 Random Port [RFC6081]
6 Alternate Address (IPv6) [RFCXXXX]
7-252 Unassigned
253-254 Reserved for Experimentation [RFCXXXX]
255 Reserved by IANA [RFCXXXX]
Figure 48: OMNI RFC6081 Trailer Option
24.14. ICMPv6 Parameters - Trust Anchor Option
The IANA "ICMPv6 Parameters - Trust Anchor Option (Type 15) Name
Field" registry includes Type values for common authentication
signature values that could be used for SEcure Neighbor Discovery
(SEND). IANA is instructed to assign the value TBD7 for "Edwards-
Curve Digital Signature Algorithm (EdDSA) [RFC8032] in this registry
with reference set to [RFCXXXX] (i.e., this document).
Templin Expires 17 October 2024 [Page 128]
Internet-Draft IPv6 over OMNI Interfaces April 2024
24.15. Additional Considerations
The IANA has assigned the UDP port number "8060" for an earlier
experimental version of AERO [RFC6706]. This document reclaims the
UDP port number "8060" for 'aero' as the service port for UDP/IP
encapsulation. (Note that, although [RFC6706] is not widely
implemented or deployed, any messages coded to that specification can
be easily distinguished and ignored since they include an invalid
ICMPv6 message type number '0'.) The IANA is therefore instructed to
update the reference for UDP port number "8060" from "RFC6706" to
"RFCXXXX" (i.e., this document) while retaining the existing name
'aero'.
The IANA has assigned a 4-octet Private Enterprise Number (PEN) code
"45282" in the "enterprise-numbers" registry. This document is the
normative reference for using this code in DHCP Unique IDentifiers
based on Enterprise Numbers ("DUID-EN for OMNI Interfaces") (see:
Section 11). The IANA is therefore instructed to change the
enterprise designation for PEN code "45282" from "LinkUp Networks" to
"Overlay Multilink Network Interface (OMNI)".
The IANA has assigned the ifType code "301 - omni - Overlay Multilink
Network Interface (OMNI)" in accordance with Section 6 of [RFC8892].
The registration appears under the IANA "Structure of Management
Information (SMI) Numbers (MIB Module Registrations) - Interface
Types (ifType)" registry.
No further IANA actions are required.
25. Security Considerations
Security considerations for IPv4 [RFC0791], IPv6 [RFC8200] and IPv6
Neighbor Discovery [RFC4861] apply. OMNI interface IPv6 ND messages
SHOULD include Nonce and Timestamp options [RFC3971] when transaction
confirmation and/or time synchronization is needed.
OMNI interfaces configured over secured ANET/ENET interfaces inherit
the physical and/or link layer security properties (i.e., "protected
spectrum") of the connected networks. OMNI interfaces configured
over open *NET interfaces can use symmetric securing services such as
IPsec tunnels [RFC4301] or can by some other means establish a direct
point-to-point link secured at lower layers. When lower layer
security may be impractical or undesirable, however, control message
integrity and authorization services such as those specified in
[RFC7401], [RFC4380], [RFC6234], [RFC8032], [RFC9000], etc. must be
employed.
Templin Expires 17 October 2024 [Page 129]
Internet-Draft IPv6 over OMNI Interfaces April 2024
OMNI link mobility services MUST support strong network layer
authentication for control plane messages and forwarding path
integrity for data plane messages. In particular, the AERO service
[I-D.templin-6man-aero3] constructs a secured spanning tree with
Proxy/Servers as leaf nodes and secures the spanning tree links with
network layer security services based on IPsec [RFC4301] with IKEv2
[RFC7296]. (Note that direct point-to-point links secured at lower
layers can also be used instead of or in addition to network layer
security.) These network (and/or lower-layer) services together
provide connectionless integrity and data origin authentication with
optional protection against replays.
Control plane messages that affect the routing system must be
constrained to travel only over secured spanning tree paths and are
therefore protected by network (and/or lower-layer) security. Other
control and data plane messages can travel over unsecured route
optimized paths that do not strictly follow the spanning tree,
therefore end-to-end sessions should employ transport or higher layer
security services (e.g., TLS/SSL [RFC8446], DTLS [RFC6347], etc.).
Additionally, the OAL Identification value can provide a first level
of data origin authentication to mitigate off-path spoofing.
Identity-based key verification infrastructure services such as iPSK
may be necessary for verifying the identities claimed by Clients.
This requirement should be harmonized with the manner in which
identifiers such as (H)HITs are attested in a given operational
environment.
Security considerations for specific access network interface types
are covered under the corresponding IP-over-(foo) specification
(e.g., [RFC2464], [RFC2492], etc.).
Security considerations for IPv6 fragmentation and reassembly are
discussed in Section 6.15. In environments where spoofing is
considered a threat, OMNI nodes SHOULD employ Identification window
synchronization and OAL destinations SHOULD configure an (end-system-
based) firewall.
26. Implementation Status
AERO/OMNI Release-3.2 was tagged on March 30, 2021, and was subject
to internal testing. The implementation is not planned for public
release.
A new implementation architecture based on a clean-slate has been
developed and will incorporate updated aspects of the AERO/OMNI
specs, with the goal of producing a reference implementation for
future release.
Templin Expires 17 October 2024 [Page 130]
Internet-Draft IPv6 over OMNI Interfaces April 2024
27. Document Updates
This document suggests that the following could be updated through
future IETF initiatives:
* [RFC1191]
* [RFC2675]
* [RFC4443]
* [RFC8200]
* [RFC8201]
Updates can be through, e.g., standards action, the errata process,
etc. as appropriate.
28. Acknowledgements
The first version of this document was prepared per the consensus
decision at the 7th Conference of the International Civil Aviation
Organization (ICAO) Working Group-I Mobility Subgroup on March 22,
2019. Consensus to take the document forward to the IETF was reached
at the 9th Conference of the Mobility Subgroup on November 22, 2019.
Attendees and contributors included: Guray Acar, Danny Bharj,
Francois D´Humieres, Pavel Drasil, Nikos Fistas, Giovanni Garofolo,
Bernhard Haindl, Vaughn Maiolla, Tom McParland, Victor Moreno, Madhu
Niraula, Brent Phillips, Liviu Popescu, Jacky Pouzet, Aloke Roy, Greg
Saccone, Robert Segers, Michal Skorepa, Michel Solery, Stephane
Tamalet, Fred Templin, Jean-Marc Vacher, Bela Varkonyi, Tony Whyman,
Fryderyk Wrobel and Dongsong Zeng.
The following individuals are acknowledged for their useful comments:
Amanda Baber, Scott Burleigh, Stuart Card, Donald Eastlake, Adrian
Farrel, Michael Matyas, Robert Moskowitz, Madhu Niraula, Greg
Saccone, Stephane Tamalet, Eliot Lear, Eduard Vasilenko, Eric Vyncke.
Pavel Drasil, Zdenek Jaron and Michal Skorepa are especially
recognized for their many helpful ideas and suggestions. Akash
Agarwal, Madhuri Madhava Badgandi, Sean Dickson, Don Dillenburg, Joe
Dudkowski, Vijayasarathy Rajagopalan, Ron Sackman, Bhargava Raman Sai
Prakash and Katherine Tran are acknowledged for their hard work on
the implementation and technical insights that led to improvements
for the spec.
Discussions on the IETF 6man and atn mailing lists during the fall of
2020 suggested additional points to consider. The authors gratefully
acknowledge the list members who contributed valuable insights
Templin Expires 17 October 2024 [Page 131]
Internet-Draft IPv6 over OMNI Interfaces April 2024
through those discussions. Eric Vyncke and Erik Kline were the
intarea ADs, while Bob Hinden and Ole Troan were the 6man WG chairs
at the time the document was developed; they are all gratefully
acknowledged for their many helpful insights. Many of the ideas in
this document have further built on IETF experiences beginning in the
1990s, with insights from colleagues including Ron Bonica, Brian
Carpenter, Ralph Droms, Tom Herbert, Bob Hinden, Christian Huitema,
Thomas Narten, Dave Thaler, Joe Touch, Pascal Thubert, and many
others who deserve recognition.
Early observations on IP fragmentation performance implications were
noted in the 1986 Digital Equipment Corporation (DEC) "qe reset"
investigation, where fragment bursts from NFS UDP traffic triggered
hardware resets resulting in communication failures. Jeff Chase,
Fred Glover and Chet Juzsczak of the Ultrix Engineering Group led the
investigation, and determined that setting a smaller NFS mount block
size reduced the amount of fragmentation and suppressed the resets.
Early observations on L2 media MTU issues were noted in the 1988 DEC
FDDI investigation, where Raj Jain, KK Ramakrishnan and Kathy Wilde
represented architectural considerations for FDDI networking in
general including FDDI/Ethernet bridging. Jeff Mogul (who led the
IETF Path MTU Discovery working group) and other DEC colleagues who
supported these early investigations are also acknowledged.
Throughout the 1990's and into the 2000's, many colleagues supported
and encouraged continuation of the work. Beginning with the DEC
Project Sequoia effort at the University of California, Berkeley,
then moving to the DEC research lab offices in Palo Alto CA, then to
Sterling Software at the NASA Ames Research Center, then to SRI in
Menlo Park, CA, then to Nokia in Mountain View, CA and finally to the
Boeing Company in 2005 the work saw continuous advancement through
the encouragement of many. Those who offered their support and
encouragement are gratefully acknowledged.
This work is aligned with the NASA Safe Autonomous Systems Operation
(SASO) program under NASA contract number NNA16BD84C.
This work is aligned with the FAA as per the SE2025 contract number
DTFAWA-15-D-00030.
This work is aligned with the Boeing Information Technology (BIT)
Mobility Vision Lab (MVL) program.
Honoring life, liberty and the pursuit of happiness.
29. References
29.1. Normative References
Templin Expires 17 October 2024 [Page 132]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[I-D.templin-6man-ipid-ext2]
Templin, F., "IPv6 Extended Fragment Header", Work in
Progress, Internet-Draft, draft-templin-6man-ipid-ext2-02,
12 April 2024, <https://datatracker.ietf.org/doc/html/
draft-templin-6man-ipid-ext2-02>.
[I-D.templin-6man-parcels2]
Templin, F., "IPv6 Parcels and Advanced Jumbos (AJs)",
Work in Progress, Internet-Draft, draft-templin-6man-
parcels2-03, 12 April 2024,
<https://datatracker.ietf.org/doc/html/draft-templin-6man-
parcels2-03>.
[I-D.templin-intarea-parcels2]
Templin, F., "IPv4 Parcels and Advanced Jumbos (AJs)",
Work in Progress, Internet-Draft, draft-templin-intarea-
parcels2-03, 12 April 2024,
<https://datatracker.ietf.org/doc/html/draft-templin-
intarea-parcels2-03>.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980,
<https://www.rfc-editor.org/info/rfc768>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in
IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473,
December 1998, <https://www.rfc-editor.org/info/rfc2473>.
[RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander,
"SEcure Neighbor Discovery (SEND)", RFC 3971,
DOI 10.17487/RFC3971, March 2005,
<https://www.rfc-editor.org/info/rfc3971>.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, DOI 10.17487/RFC4191,
November 2005, <https://www.rfc-editor.org/info/rfc4191>.
Templin Expires 17 October 2024 [Page 133]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
<https://www.rfc-editor.org/info/rfc4193>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>.
[RFC6088] Tsirtsis, G., Giarreta, G., Soliman, H., and N. Montavont,
"Traffic Selectors for Flow Bindings", RFC 6088,
DOI 10.17487/RFC6088, January 2011,
<https://www.rfc-editor.org/info/rfc6088>.
[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", RFC 6437,
DOI 10.17487/RFC6437, November 2011,
<https://www.rfc-editor.org/info/rfc6437>.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011,
<https://www.rfc-editor.org/info/rfc6438>.
[RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by
Hosts in a Multi-Prefix Network", RFC 8028,
DOI 10.17487/RFC8028, November 2016,
<https://www.rfc-editor.org/info/rfc8028>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Templin Expires 17 October 2024 [Page 134]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>.
[RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
"Path MTU Discovery for IP version 6", STD 87, RFC 8201,
DOI 10.17487/RFC8201, July 2017,
<https://www.rfc-editor.org/info/rfc8201>.
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A.,
Richardson, M., Jiang, S., Lemon, T., and T. Winters,
"Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 8415, DOI 10.17487/RFC8415, November 2018,
<https://www.rfc-editor.org/info/rfc8415>.
[RFC9268] Hinden, R. and G. Fairhurst, "IPv6 Minimum Path MTU Hop-
by-Hop Option", RFC 9268, DOI 10.17487/RFC9268, August
2022, <https://www.rfc-editor.org/info/rfc9268>.
[RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)",
STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022,
<https://www.rfc-editor.org/info/rfc9293>.
29.2. Informative References
[ATN] Maiolla, V., "The OMNI Interface - An IPv6 Air/Ground
Interface for Civil Aviation, IETF Liaison Statement
#1676, https://datatracker.ietf.org/liaison/1676/", 3
March 2020.
[ATN-IPS] "ICAO Document 9896 (Manual on the Aeronautical
Telecommunication Network (ATN) using Internet Protocol
Suite (IPS) Standards and Protocol), Draft Edition 3
(work-in-progress)", 10 December 2020.
[CKSUM] Stone, J., Greenwald, M., Partridge, C., and J. Hughes,
"Performance of Checksums and CRC's Over Real Data, IEEE/
ACM Transactions on Networking, Vol. 6, No. 5", October
1998.
[CRC] Jain, R., "Error Characteristics of Fiber Distributed Data
Interface (FDDI), IEEE Transactions on Communications",
August 1990.
Templin Expires 17 October 2024 [Page 135]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[EUI] "IEEE Guidelines for Use of Extended Unique Identifier
(EUI), Organizationally Unique Identifier (OUI), and
Company ID, https://standards.ieee.org/wp-
content/uploads/import/documents/tutorials/eui.pdf", 3
August 2017.
[I-D.bctb-6man-rfc6296-bis]
Cullen, M., Baker, F., Trøan, O., and N. Buraglio, "RFC
6296bis IPv6-to-IPv6 Network Prefix Translation", Work in
Progress, Internet-Draft, draft-bctb-6man-rfc6296-bis-02,
26 January 2024, <https://datatracker.ietf.org/doc/html/
draft-bctb-6man-rfc6296-bis-02>.
[I-D.herbert-ipv4-eh]
Herbert, T., "IPv4 Extension Headers and Flow Label", Work
in Progress, Internet-Draft, draft-herbert-ipv4-eh-03, 22
February 2024, <https://datatracker.ietf.org/doc/html/
draft-herbert-ipv4-eh-03>.
[I-D.ietf-6man-comp-rtg-hdr]
Bonica, R., Kamite, Y., Alston, A., Henriques, D., and L.
Jalil, "The IPv6 Compact Routing Header (CRH)", Work in
Progress, Internet-Draft, draft-ietf-6man-comp-rtg-hdr-05,
10 April 2024, <https://datatracker.ietf.org/doc/html/
draft-ietf-6man-comp-rtg-hdr-05>.
[I-D.ietf-6man-eh-limits]
Herbert, T., "Limits on Sending and Processing IPv6
Extension Headers", Work in Progress, Internet-Draft,
draft-ietf-6man-eh-limits-12, 18 December 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-6man-eh-
limits-12>.
[I-D.ietf-intarea-tunnels]
Touch, J. D. and M. Townsley, "IP Tunnels in the Internet
Architecture", Work in Progress, Internet-Draft, draft-
ietf-intarea-tunnels-13, 26 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-intarea-
tunnels-13>.
[I-D.ietf-tsvwg-udp-options]
Touch, J. D., "Transport Options for UDP", Work in
Progress, Internet-Draft, draft-ietf-tsvwg-udp-options-32,
21 March 2024, <https://datatracker.ietf.org/doc/html/
draft-ietf-tsvwg-udp-options-32>.
Templin Expires 17 October 2024 [Page 136]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[I-D.perkins-manet-aodvv2]
Perkins, C. E., Dowdell, J., Steenbrink, L., and V.
Pritchard, "Ad Hoc On-demand Distance Vector Version 2
(AODVv2) Routing", Work in Progress, Internet-Draft,
draft-perkins-manet-aodvv2-04, 3 March 2024,
<https://datatracker.ietf.org/doc/html/draft-perkins-
manet-aodvv2-04>.
[I-D.templin-6man-aero3]
Templin, F., "Automatic Extended Route Optimization
(AERO)", Work in Progress, Internet-Draft, draft-templin-
6man-aero3-02, 12 April 2024,
<https://datatracker.ietf.org/doc/html/draft-templin-6man-
aero3-02>.
[IEEE802.1AX]
"Institute of Electrical and Electronics Engineers, Link
Aggregation, IEEE Standard 802.1AX-2008,
https://standards.ieee.org/ieee/802.1AX/6768/", 29 May
2020.
[IPV4-GUA] Postel, J., "IPv4 Address Space Registry,
https://www.iana.org/assignments/ipv4-address-space/ipv4-
address-space.xhtml", 14 December 2020.
[IPV6-GUA] Postel, J., "IPv6 Global Unicast Address Assignments,
https://www.iana.org/assignments/ipv6-unicast-address-
assignments/ipv6-unicast-address-assignments.xhtml", 14
December 2020.
[RFC0863] Postel, J., "Discard Protocol", STD 21, RFC 863,
DOI 10.17487/RFC0863, May 1983,
<https://www.rfc-editor.org/info/rfc863>.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989,
<https://www.rfc-editor.org/info/rfc1122>.
[RFC1146] Zweig, J. and C. Partridge, "TCP alternate checksum
options", RFC 1146, DOI 10.17487/RFC1146, March 1990,
<https://www.rfc-editor.org/info/rfc1146>.
Templin Expires 17 October 2024 [Page 137]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC1149] Waitzman, D., "Standard for the transmission of IP
datagrams on avian carriers", RFC 1149,
DOI 10.17487/RFC1149, April 1990,
<https://www.rfc-editor.org/info/rfc1149>.
[RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
DOI 10.17487/RFC1191, November 1990,
<https://www.rfc-editor.org/info/rfc1191>.
[RFC1256] Deering, S., Ed., "ICMP Router Discovery Messages",
RFC 1256, DOI 10.17487/RFC1256, September 1991,
<https://www.rfc-editor.org/info/rfc1256>.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, DOI 10.17487/RFC2131, March 1997,
<https://www.rfc-editor.org/info/rfc2131>.
[RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet
Networks", RFC 2464, DOI 10.17487/RFC2464, December 1998,
<https://www.rfc-editor.org/info/rfc2464>.
[RFC2492] Armitage, G., Schulter, P., and M. Jork, "IPv6 over ATM
Networks", RFC 2492, DOI 10.17487/RFC2492, January 1999,
<https://www.rfc-editor.org/info/rfc2492>.
[RFC2675] Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms",
RFC 2675, DOI 10.17487/RFC2675, August 1999,
<https://www.rfc-editor.org/info/rfc2675>.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000,
<https://www.rfc-editor.org/info/rfc2863>.
[RFC2923] Lahey, K., "TCP Problems with Path MTU Discovery",
RFC 2923, DOI 10.17487/RFC2923, September 2000,
<https://www.rfc-editor.org/info/rfc2923>.
[RFC2983] Black, D., "Differentiated Services and Tunnels",
RFC 2983, DOI 10.17487/RFC2983, October 2000,
<https://www.rfc-editor.org/info/rfc2983>.
Templin Expires 17 October 2024 [Page 138]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, DOI 10.17487/RFC3056, February
2001, <https://www.rfc-editor.org/info/rfc3056>.
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
RFC 3068, DOI 10.17487/RFC3068, June 2001,
<https://www.rfc-editor.org/info/rfc3068>.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP",
RFC 3168, DOI 10.17487/RFC3168, September 2001,
<https://www.rfc-editor.org/info/rfc3168>.
[RFC3330] IANA, "Special-Use IPv4 Addresses", RFC 3330,
DOI 10.17487/RFC3330, September 2002,
<https://www.rfc-editor.org/info/rfc3330>.
[RFC3366] Fairhurst, G. and L. Wood, "Advice to link designers on
link Automatic Repeat reQuest (ARQ)", BCP 62, RFC 3366,
DOI 10.17487/RFC3366, August 2002,
<https://www.rfc-editor.org/info/rfc3366>.
[RFC3692] Narten, T., "Assigning Experimental and Testing Numbers
Considered Useful", BCP 82, RFC 3692,
DOI 10.17487/RFC3692, January 2004,
<https://www.rfc-editor.org/info/rfc3692>.
[RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener
Discovery Version 2 (MLDv2) for IPv6", RFC 3810,
DOI 10.17487/RFC3810, June 2004,
<https://www.rfc-editor.org/info/rfc3810>.
[RFC3819] Karn, P., Ed., Bormann, C., Fairhurst, G., Grossman, D.,
Ludwig, R., Mahdavi, J., Montenegro, G., Touch, J., and L.
Wood, "Advice for Internet Subnetwork Designers", BCP 89,
RFC 3819, DOI 10.17487/RFC3819, July 2004,
<https://www.rfc-editor.org/info/rfc3819>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>.
Templin Expires 17 October 2024 [Page 139]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
DOI 10.17487/RFC4302, December 2005,
<https://www.rfc-editor.org/info/rfc4302>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005,
<https://www.rfc-editor.org/info/rfc4303>.
[RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through
Network Address Translations (NATs)", RFC 4380,
DOI 10.17487/RFC4380, February 2006,
<https://www.rfc-editor.org/info/rfc4380>.
[RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
Proxies (ND Proxy)", RFC 4389, DOI 10.17487/RFC4389, April
2006, <https://www.rfc-editor.org/info/rfc4389>.
[RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD)
for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006,
<https://www.rfc-editor.org/info/rfc4429>.
[RFC4541] Christensen, M., Kimball, K., and F. Solensky,
"Considerations for Internet Group Management Protocol
(IGMP) and Multicast Listener Discovery (MLD) Snooping
Switches", RFC 4541, DOI 10.17487/RFC4541, May 2006,
<https://www.rfc-editor.org/info/rfc4541>.
[RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick,
"Internet Group Management Protocol (IGMP) / Multicast
Listener Discovery (MLD)-Based Multicast Forwarding
("IGMP/MLD Proxying")", RFC 4605, DOI 10.17487/RFC4605,
August 2006, <https://www.rfc-editor.org/info/rfc4605>.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
<https://www.rfc-editor.org/info/rfc4821>.
[RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly
Errors at High Data Rates", RFC 4963,
DOI 10.17487/RFC4963, July 2007,
<https://www.rfc-editor.org/info/rfc4963>.
[RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V.,
Chowdhury, K., and B. Patil, "Proxy Mobile IPv6",
RFC 5213, DOI 10.17487/RFC5213, August 2008,
<https://www.rfc-editor.org/info/rfc5213>.
Templin Expires 17 October 2024 [Page 140]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
DOI 10.17487/RFC5214, March 2008,
<https://www.rfc-editor.org/info/rfc5214>.
[RFC5237] Arkko, J. and S. Bradner, "IANA Allocation Guidelines for
the Protocol Field", BCP 37, RFC 5237,
DOI 10.17487/RFC5237, February 2008,
<https://www.rfc-editor.org/info/rfc5237>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<https://www.rfc-editor.org/info/rfc5340>.
[RFC5558] Templin, F., Ed., "Virtual Enterprise Traversal (VET)",
RFC 5558, DOI 10.17487/RFC5558, February 2010,
<https://www.rfc-editor.org/info/rfc5558>.
[RFC5614] Ogier, R. and P. Spagnolo, "Mobile Ad Hoc Network (MANET)
Extension of OSPF Using Connected Dominating Set (CDS)
Flooding", RFC 5614, DOI 10.17487/RFC5614, August 2009,
<https://www.rfc-editor.org/info/rfc5614>.
[RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP)
Version 3 for IPv4 and IPv6", RFC 5798,
DOI 10.17487/RFC5798, March 2010,
<https://www.rfc-editor.org/info/rfc5798>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.
[RFC5889] Baccelli, E., Ed. and M. Townsley, Ed., "IP Addressing
Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889,
September 2010, <https://www.rfc-editor.org/info/rfc5889>.
[RFC5942] Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet
Model: The Relationship between Links and Subnet
Prefixes", RFC 5942, DOI 10.17487/RFC5942, July 2010,
<https://www.rfc-editor.org/info/rfc5942>.
[RFC6081] Thaler, D., "Teredo Extensions", RFC 6081,
DOI 10.17487/RFC6081, January 2011,
<https://www.rfc-editor.org/info/rfc6081>.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, DOI 10.17487/RFC6145, April 2011,
<https://www.rfc-editor.org/info/rfc6145>.
Templin Expires 17 October 2024 [Page 141]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <https://www.rfc-editor.org/info/rfc6146>.
[RFC6147] Bagnulo, M., Sullivan, A., Matthews, P., and I. van
Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
DOI 10.17487/RFC6147, April 2011,
<https://www.rfc-editor.org/info/rfc6147>.
[RFC6214] Carpenter, B. and R. Hinden, "Adaptation of RFC 1149 for
IPv6", RFC 6214, DOI 10.17487/RFC6214, April 2011,
<https://www.rfc-editor.org/info/rfc6214>.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234,
DOI 10.17487/RFC6234, May 2011,
<https://www.rfc-editor.org/info/rfc6234>.
[RFC6247] Eggert, L., "Moving the Undeployed TCP Extensions RFC
1072, RFC 1106, RFC 1110, RFC 1145, RFC 1146, RFC 1379,
RFC 1644, and RFC 1693 to Historic Status", RFC 6247,
DOI 10.17487/RFC6247, May 2011,
<https://www.rfc-editor.org/info/rfc6247>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC6495] Gagliano, R., Krishnan, S., and A. Kukec, "Subject Key
Identifier (SKI) SEcure Neighbor Discovery (SEND) Name
Type Fields", RFC 6495, DOI 10.17487/RFC6495, February
2012, <https://www.rfc-editor.org/info/rfc6495>.
[RFC6543] Gundavelli, S., "Reserved IPv6 Interface Identifier for
Proxy Mobile IPv6", RFC 6543, DOI 10.17487/RFC6543, May
2012, <https://www.rfc-editor.org/info/rfc6543>.
[RFC6706] Templin, F., Ed., "Asymmetric Extended Route Optimization
(AERO)", RFC 6706, DOI 10.17487/RFC6706, August 2012,
<https://www.rfc-editor.org/info/rfc6706>.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
DOI 10.17487/RFC6762, February 2013,
<https://www.rfc-editor.org/info/rfc6762>.
Templin Expires 17 October 2024 [Page 142]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935,
DOI 10.17487/RFC6935, April 2013,
<https://www.rfc-editor.org/info/rfc6935>.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, DOI 10.17487/RFC6936, April 2013,
<https://www.rfc-editor.org/info/rfc6936>.
[RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation
with IPv6 Neighbor Discovery", RFC 6980,
DOI 10.17487/RFC6980, August 2013,
<https://www.rfc-editor.org/info/rfc6980>.
[RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and
IETF Protocol and Documentation Usage for IEEE 802
Parameters", RFC 7042, DOI 10.17487/RFC7042, October 2013,
<https://www.rfc-editor.org/info/rfc7042>.
[RFC7094] McPherson, D., Oran, D., Thaler, D., and E. Osterweil,
"Architectural Considerations of IP Anycast", RFC 7094,
DOI 10.17487/RFC7094, January 2014,
<https://www.rfc-editor.org/info/rfc7094>.
[RFC7181] Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg,
"The Optimized Link State Routing Protocol Version 2",
RFC 7181, DOI 10.17487/RFC7181, April 2014,
<https://www.rfc-editor.org/info/rfc7181>.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address
Autoconfiguration (SLAAC)", RFC 7217,
DOI 10.17487/RFC7217, April 2014,
<https://www.rfc-editor.org/info/rfc7217>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
Kivinen, "Internet Key Exchange Protocol Version 2
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
2014, <https://www.rfc-editor.org/info/rfc7296>.
[RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
Henderson, "Host Identity Protocol Version 2 (HIPv2)",
RFC 7401, DOI 10.17487/RFC7401, April 2015,
<https://www.rfc-editor.org/info/rfc7401>.
Templin Expires 17 October 2024 [Page 143]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC7421] Carpenter, B., Ed., Chown, T., Gont, F., Jiang, S.,
Petrescu, A., and A. Yourtchenko, "Analysis of the 64-bit
Boundary in IPv6 Addressing", RFC 7421,
DOI 10.17487/RFC7421, January 2015,
<https://www.rfc-editor.org/info/rfc7421>.
[RFC7542] DeKok, A., "The Network Access Identifier", RFC 7542,
DOI 10.17487/RFC7542, May 2015,
<https://www.rfc-editor.org/info/rfc7542>.
[RFC7739] Gont, F., "Security Implications of Predictable Fragment
Identification Values", RFC 7739, DOI 10.17487/RFC7739,
February 2016, <https://www.rfc-editor.org/info/rfc7739>.
[RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I.,
Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent
Multicast - Sparse Mode (PIM-SM): Protocol Specification
(Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March
2016, <https://www.rfc-editor.org/info/rfc7761>.
[RFC7847] Melia, T., Ed. and S. Gundavelli, Ed., "Logical-Interface
Support for IP Hosts with Multi-Access Support", RFC 7847,
DOI 10.17487/RFC7847, May 2016,
<https://www.rfc-editor.org/info/rfc7847>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8726] Farrel, A., "How Requests for IANA Action Will Be Handled
on the Independent Stream", RFC 8726,
DOI 10.17487/RFC8726, November 2020,
<https://www.rfc-editor.org/info/rfc8726>.
Templin Expires 17 October 2024 [Page 144]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet
Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
<https://www.rfc-editor.org/info/rfc8799>.
[RFC8892] Thaler, D. and D. Romascanu, "Guidelines and Registration
Procedures for Interface Types and Tunnel Types",
RFC 8892, DOI 10.17487/RFC8892, August 2020,
<https://www.rfc-editor.org/info/rfc8892>.
[RFC8899] Fairhurst, G., Jones, T., Tüxen, M., Rüngeler, I., and T.
Völker, "Packetization Layer Path MTU Discovery for
Datagram Transports", RFC 8899, DOI 10.17487/RFC8899,
September 2020, <https://www.rfc-editor.org/info/rfc8899>.
[RFC8900] Bonica, R., Baker, F., Huston, G., Hinden, R., Troan, O.,
and F. Gont, "IP Fragmentation Considered Fragile",
BCP 230, RFC 8900, DOI 10.17487/RFC8900, September 2020,
<https://www.rfc-editor.org/info/rfc8900>.
[RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik,
"Address-Protected Neighbor Discovery for Low-Power and
Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November
2020, <https://www.rfc-editor.org/info/rfc8928>.
[RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves,
"Temporary Address Extensions for Stateless Address
Autoconfiguration in IPv6", RFC 8981,
DOI 10.17487/RFC8981, February 2021,
<https://www.rfc-editor.org/info/rfc8981>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>.
[RFC9002] Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection
and Congestion Control", RFC 9002, DOI 10.17487/RFC9002,
May 2021, <https://www.rfc-editor.org/info/rfc9002>.
[RFC9365] Jeong, J., Ed., "IPv6 Wireless Access in Vehicular
Environments (IPWAVE): Problem Statement and Use Cases",
RFC 9365, DOI 10.17487/RFC9365, March 2023,
<https://www.rfc-editor.org/info/rfc9365>.
Templin Expires 17 October 2024 [Page 145]
Internet-Draft IPv6 over OMNI Interfaces April 2024
[RFC9374] Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov,
"DRIP Entity Tag (DET) for Unmanned Aircraft System Remote
ID (UAS RID)", RFC 9374, DOI 10.17487/RFC9374, March 2023,
<https://www.rfc-editor.org/info/rfc9374>.
Appendix A. IPv4 Reassembly Checksum Algorithm
The IPv4 reassembly checksum algorithm adopts the 8-bit Fletcher
algorithm specified in Appendix I of [RFC1146] as also analyzed in
[CKSUM]. [RFC6247] declared [RFC1146] historic for the reason that
the algorithms had never seen widespread use with TCP, however this
document adopts the 8-bit Fletcher algorithm for a different purpose.
Quoting from Appendix I of [RFC1146], the IPv4 Fragmentation Checksum
Algorithm proceeds as follows:
"The 8-bit Fletcher Checksum Algorithm is calculated over a
sequence of data octets (call them D[1] through D[N]) by
maintaining 2 unsigned 1's-complement 8-bit accumulators A and B
whose contents are initially zero, and performing the following
loop where i ranges from 1 to N:
A := A + D[i]
B := B + A
It can be shown that at the end of the loop A will contain the
8-bit 1's complement sum of all octets in the datagram, and that B
will contain (N)D[1] + (N-1)D[2] + ... + D[N]."
To calculate the IPv4 reassembly checksum, the above algorithm is
applied over the N-octets of the L2-encapsulated OAL packet/fragment
body beginning immediately after the L2 encapsulation header(s).
Appendix B. IPv6 Compatible Addresses
Section 2.5.5.1 of [RFC4291] defines an "IPv4-Compatible IPv6
Address" with the following structure:
| 80 bits | 16 | 32 bits |
+--------------------------------------+----+---------------------+
|0000..............................0000|0000| IPv4 address |
+--------------------------------------+----+---------------------+
Figure 49: IPv4-Compatible IPv6 Address
Although [RFC4291] deprecates the address format from its former use
in IPv6 transition mechanisms, this document now assigns new uses and
therefore updates [RFC4291].
Templin Expires 17 October 2024 [Page 146]
Internet-Draft IPv6 over OMNI Interfaces April 2024
When an IPv4-Compatible IPv6 address appears in a packet sent over
the wire, the most significant 96 bits are 0 and the least
significant 32 bits include an IPv4 address as shown above.
When the address format is used for temporary local address
conversions to IPv6, however, it can also be used to represent EUI-48
and EUI-64 addresses as shown below:
| 80 bits | 48 bits |
+--------------------------------------+--------------------------+
|0000..............................0000| EUI-48 address |
+--------------------------------------+--------------------------+
| 64 bits | 64 bits |
+--------------------------------+--------------------------------+
|0000........................0000| EUI-64 address |
+--------------------------------+--------------------------------+
Figure 50: EUI-[48/64] Compatible IPv6 Addresses
The above EUI-48 and EUI-64 compatible IPv6 forms MAY be used for
temporary local address conversions, such as when converting EUI
addresses to IPv6 to support IPv6 fragmentation/reassembly. The
address forms MUST NOT appear in the IPv6 headers of packets sent
over the wire, however they MAY appear in the body of a packet if
also accompanied by a Type designator.
Appendix C. IPv6 ND Message Authentication and Integrity
OMNI interface IPv6 ND messages are subject to authentication and
integrity checks at multiple levels. When an OMNI interface sends an
IPv6 ND message over an INET interface, it includes an authentication
sub-option with a valid signature if necessary and always includes an
IPv6 ND message checksum. The OMNI interface that receives the
message verifies the IPv6 ND message checksum followed by the
authentication signature (if present) to ensure IPv6 ND message
integrity and authenticity.
When an OMNI interface sends an IPv6 ND message over an underlay
interface connected to a secured network, it omits authentication
(sub-)options but always calculates/includes an IPv6 ND message
checksum beginning with a pseudo-header of the IPv6 header and
extending to the end of the IPv6 ND message only with the Checksum
field itself set to 0. When an OMNI interface sends an IPv6 ND
message over an underlay interface connected to an unsecured network,
it first includes an authentication (sub-)option and calculates the
signature beginning with the first octet following the IPv6 ND
message header Checksum field and extending to the end of the entire
Templin Expires 17 October 2024 [Page 147]
Internet-Draft IPv6 over OMNI Interfaces April 2024
packet or super-packet with the authentication signature field set to
0. The OMNI interface next writes the signature into the signature
field, then calculates the IPv6 ND message checksum as above.
The OMNI interface that receives the message applies any link layer
authentication and integrity checks, then verifies the IPv6 ND
message checksum. If the checks are correct, the OMNI interface next
verifies the authentication signature. The OMNI interface then
processes the packet further only if all checksums and authentication
signatures were correct.
OAL destinations also discard carrier packets with unacceptable
Identifications and submit the encapsulated fragments in all others
for reassembly. The reassembly algorithm rejects any fragments with
unacceptable sizes, offsets, etc. and reassembles all others. During
reassembly, the extended Identification value provides an integrity
assurance vector that compliments any integrity checks already
applied by lower layers as well as a first-pass filter for any checks
that will be applied later by upper layers.
Appendix D. VDL Mode 2 Considerations
ICAO Doc 9776 is the "Technical Manual for VHF Data Link Mode 2"
(VDLM2) that specifies an essential radio frequency data link service
for aircraft and ground stations in worldwide civil aviation air
traffic management. The VDLM2 link type is "multicast capable"
[RFC4861], but with considerable differences from common multicast
links such as Ethernet and IEEE 802.11.
First, the VDLM2 link data rate is only 31.5Kbps - multiple orders of
magnitude less than most modern wireless networking gear. Second,
due to the low available link bandwidth only VDLM2 ground stations
(i.e., and not aircraft) are permitted to send broadcasts, and even
so only as compact link layer "beacons". Third, aircraft employ the
services of ground stations by performing unicast RS/RA exchanges
upon receipt of beacons instead of listening for multicast RA
messages and/or sending multicast RS messages.
This beacon-oriented unicast RS/RA approach is necessary to conserve
the already-scarce available link bandwidth. Moreover, since the
numbers of beaconing ground stations operating within a given spatial
range must be kept as sparse as possible, it would not be feasible to
have different classes of ground stations within the same region
observing different protocols. It is therefore highly desirable that
all ground stations observe a common language of RS/RA as specified
in this document.
Templin Expires 17 October 2024 [Page 148]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Note that links of this nature may benefit from compression
techniques that reduce the bandwidth necessary for conveying the same
amount of data. The IETF lpwan working group is considering possible
alternatives: [https://datatracker.ietf.org/wg/lpwan/documents].
Appendix E. Client-Proxy/Server Isolation Through Link-Layer Address
Mapping
Per [RFC4861], IPv6 ND messages may be sent to either a multicast or
unicast link-scoped IPv6 destination address. However, IPv6 ND
messaging should be coordinated between the Client and Proxy/Server
only without invoking other nodes on the underlay network. This
implies that Client-Proxy/Server control messaging should be isolated
and not overheard by other nodes on the link.
To support Client-Proxy/Server isolation on some links, Proxy/Servers
can maintain an OMNI-specific unicast link layer address ("MSADDR").
For Ethernet-compatible links, this specification reserves one
Ethernet unicast address TBD5 (see: IANA Considerations). For non-
Ethernet statically-addressed links MSADDR is reserved per the
assigned numbers authority for the link layer addressing space. For
still other links, MSADDR may be dynamically discovered through other
means, e.g., link layer beacons.
Clients map the L3 addresses of all IPv6 ND messages they send (i.e.,
both multicast and unicast) to MSADDR instead of to an ordinary
unicast or multicast link layer address. In this way, all of the
Client's IPv6 ND messages will be received by Proxy/Servers that are
configured to accept carrier packets destined to MSADDR. Note that
multiple Proxy/Servers on the link could be configured to accept
carrier packets destined to MSADDR, e.g., as a basis for supporting
redundancy.
Therefore, Proxy/Servers must accept and process carrier packets
destined to MSADDR, while all other devices must not process carrier
packets destined to MSADDR. This model has well-established
operational experience in Proxy Mobile IPv6 (PMIP)
[RFC5213][RFC6543].
Appendix F. Change Log
<< RFC Editor - remove prior to publication >>
Differences from earlier versions:
* Submit for review.
Templin Expires 17 October 2024 [Page 149]
Internet-Draft IPv6 over OMNI Interfaces April 2024
Author's Address
Fred L. Templin (editor)
The Boeing Company
P.O. Box 3707
Seattle, WA 98124
United States of America
Email: fltemplin@acm.org
Templin Expires 17 October 2024 [Page 150]