Skip to main content

Transmission of IP Packets over Overlay Multilink Network (OMNI) Interfaces
draft-templin-6man-omni3-26

Document Type Active Internet-Draft (individual)
Author Fred Templin
Last updated 2025-01-07
Replaces draft-templin-intarea-omni2
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-templin-6man-omni3-26
Network Working Group                                 F. L. Templin, Ed.
Internet-Draft                                        The Boeing Company
Updates: 4291 (if approved)                               7 January 2025
Intended status: Standards Track                                        
Expires: 11 July 2025

    Transmission of IP Packets over Overlay Multilink Network (OMNI)
                               Interfaces
                      draft-templin-6man-omni3-26

Abstract

   Air/land/sea/space mobile nodes (e.g., aircraft of various
   configurations, terrestrial vehicles, seagoing vessels, space
   systems, enterprise wireless devices, pedestrians with cell phones,
   etc.) communicate with networked correspondents over wireless and/or
   wired-line data links and configure mobile routers to connect end
   user networks.  This document presents a multilink virtual interface
   specification that enables mobile nodes to coordinate with a network-
   based mobility service, fixed node correspondents and/or other mobile
   node peers.  The virtual interface provides an adaptation layer
   service suited for both mobile and more static environments such as
   enterprise and home networks.  Both Provider-Aggregated (PA) and
   Provider-Independent (PI) addressing services are supported.  This
   document specifies the transmission of IP packets over Overlay
   Multilink Network (OMNI) Interfaces.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 11 July 2025.

Templin                   Expires 11 July 2025                  [Page 1]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

Copyright Notice

   Copyright (c) 2025 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   7
   3.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .  19
   4.  Overlay Multilink Network (OMNI) Interface Model  . . . . . .  20
   5.  OMNI Interface Maximum Transmission Unit (MTU)  . . . . . . .  27
     5.1.  IP Parcels  . . . . . . . . . . . . . . . . . . . . . . .  28
     5.2.  Advanced Jumbos (AJs) . . . . . . . . . . . . . . . . . .  29
     5.3.  Control/Data Plane Considerations . . . . . . . . . . . .  30
   6.  The OMNI Adaptation Layer (OAL) . . . . . . . . . . . . . . .  30
     6.1.  OAL Source Encapsulation and Fragmentation  . . . . . . .  31
     6.2.  OAL L2 Encapsulation and Re-Encapsulation . . . . . . . .  35
       6.2.1.  Carrier Fragment Size (CFS) Determination . . . . . .  39
     6.3.  Reassembly and Decapsulation  . . . . . . . . . . . . . .  39
     6.4.  OMNI-Encoded IPv6 Extension Headers . . . . . . . . . . .  41
     6.5.  OMNI Full and Compressed Headers (OFH/OCH)  . . . . . . .  44
     6.6.  L2 UDP/IP Encapsulation Avoidance . . . . . . . . . . . .  51
     6.7.  OAL Identification Window Maintenance . . . . . . . . . .  51
     6.8.  OAL Fragmentation Reports and Retransmissions . . . . . .  56
     6.9.  OMNI Interface MTU Feedback Messaging . . . . . . . . . .  58
     6.10. OAL Composite Packets . . . . . . . . . . . . . . . . . .  60
     6.11. OAL Bubbles . . . . . . . . . . . . . . . . . . . . . . .  62
     6.12. OMNI Hosts  . . . . . . . . . . . . . . . . . . . . . . .  63
     6.13. IP Parcels  . . . . . . . . . . . . . . . . . . . . . . .  65
     6.14. OAL Requirements  . . . . . . . . . . . . . . . . . . . .  68
     6.15. OAL Fragmentation Security Implications . . . . . . . . .  69
     6.16. Control/Data Plane Considerations . . . . . . . . . . . .  70
   7.  Ethernet-Compatible Link Layer Frame Format . . . . . . . . .  71
   8.  OMNI Addressing . . . . . . . . . . . . . . . . . . . . . . .  72
   9.  Node Identification . . . . . . . . . . . . . . . . . . . . .  74
   10. Address Mapping - Unicast . . . . . . . . . . . . . . . . . .  75
     10.1.  The OMNI Option  . . . . . . . . . . . . . . . . . . . .  77
     10.2.  OMNI Sub-Options . . . . . . . . . . . . . . . . . . . .  78

Templin                   Expires 11 July 2025                  [Page 2]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

       10.2.1.  Pad1 . . . . . . . . . . . . . . . . . . . . . . . .  80
       10.2.2.  PadN . . . . . . . . . . . . . . . . . . . . . . . .  80
       10.2.3.  Node Identification  . . . . . . . . . . . . . . . .  81
       10.2.4.  Authentication . . . . . . . . . . . . . . . . . . .  82
       10.2.5.  Neighbor Control . . . . . . . . . . . . . . . . . .  83
       10.2.6.  Interface Attributes . . . . . . . . . . . . . . . .  84
       10.2.7.  Traffic Selector . . . . . . . . . . . . . . . . . .  89
       10.2.8.  Multilink Vector . . . . . . . . . . . . . . . . . .  91
       10.2.9.  Geo Coordinates  . . . . . . . . . . . . . . . . . .  93
       10.2.10. Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
               Message . . . . . . . . . . . . . . . . . . . . . . .  94
       10.2.11. PIM-SM Message . . . . . . . . . . . . . . . . . . .  95
       10.2.12. Host Identity Protocol (HIP) Message . . . . . . . .  96
       10.2.13. QUIC-TLS Message . . . . . . . . . . . . . . . . . .  97
       10.2.14. Fragmentation Report (FRAGREP) . . . . . . . . . . .  98
       10.2.15. ICMPv6 Error . . . . . . . . . . . . . . . . . . . .  99
       10.2.16. Proxy/Server Departure . . . . . . . . . . . . . . . 100
       10.2.17. Timestamp  . . . . . . . . . . . . . . . . . . . . . 101
       10.2.18. Nonce  . . . . . . . . . . . . . . . . . . . . . . . 101
       10.2.19. Sub-Type Extension . . . . . . . . . . . . . . . . . 102
   11. Address Mapping - Multicast . . . . . . . . . . . . . . . . . 105
   12. Multilink Conceptual Sending Algorithm  . . . . . . . . . . . 105
     12.1.  Multiple OMNI Interfaces . . . . . . . . . . . . . . . . 106
     12.2.  Client-Proxy/Server Loop Prevention  . . . . . . . . . . 107
   13. Router Discovery and Prefix Delegation  . . . . . . . . . . . 107
     13.1.  Client-Proxy/Server Window Synchronization . . . . . . . 117
     13.2.  Router Discovery in IP Multihop and IPv4-Only
            Networks . . . . . . . . . . . . . . . . . . . . . . . . 118
     13.3.  DHCPv6-based Prefix Registration . . . . . . . . . . . . 121
     13.4.  OMNI Link Extension  . . . . . . . . . . . . . . . . . . 122
   14. Secure Redirection  . . . . . . . . . . . . . . . . . . . . . 122
   15. Proxy/Server Resilience . . . . . . . . . . . . . . . . . . . 123
   16. Detecting and Responding to Proxy/Server Failures . . . . . . 123
   17. Transition Considerations . . . . . . . . . . . . . . . . . . 124
   18. OMNI Interfaces on Open Internetworks . . . . . . . . . . . . 124
   19. Time-Varying MNPs . . . . . . . . . . . . . . . . . . . . . . 127
   20. Error Messages  . . . . . . . . . . . . . . . . . . . . . . . 127
   21. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 127
     21.1.  Protocol Numbers Registry  . . . . . . . . . . . . . . . 127
     21.2.  IEEE 802 Numbers Registry  . . . . . . . . . . . . . . . 128
     21.3.  OMNI Routing Header (ORH)  . . . . . . . . . . . . . . . 128
     21.4.  IPv4 Special-Purpose Address Registry  . . . . . . . . . 128
     21.5.  Ethernet Numbers Registry  . . . . . . . . . . . . . . . 128
     21.6.  ICMPv6 Code Fields . . . . . . . . . . . . . . . . . . . 129
     21.7.  ICMPv4 PTB Messages  . . . . . . . . . . . . . . . . . . 129
     21.8.  OMNI Option Sub-Types (New Registry) . . . . . . . . . . 129
     21.9.  OMNI Node Identification ID-Types (New Registry) . . . . 130
     21.10. OMNI Geo Coordinates Types (New Registry)  . . . . . . . 131

Templin                   Expires 11 July 2025                  [Page 3]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

     21.11. OMNI Option Sub-Type Extensions (New Registry) . . . . . 131
     21.12. OMNI RFC4380 UDP/IP Header Options (New Registry)  . . . 131
     21.13. OMNI RFC6081 UDP/IP Trailer Options (New Registry) . . . 132
     21.14. ICMPv6 Parameters - Trust Anchor Option  . . . . . . . . 132
     21.15. Additional Considerations  . . . . . . . . . . . . . . . 133
   22. Security Considerations . . . . . . . . . . . . . . . . . . . 133
   23. Implementation Status . . . . . . . . . . . . . . . . . . . . 134
   24. Document Updates  . . . . . . . . . . . . . . . . . . . . . . 135
   25. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . 135
   26. References  . . . . . . . . . . . . . . . . . . . . . . . . . 137
     26.1.  Normative References . . . . . . . . . . . . . . . . . . 137
     26.2.  Informative References . . . . . . . . . . . . . . . . . 139
   Appendix A.  IPv4 Reassembly Checksum Algorithm . . . . . . . . . 151
   Appendix B.  OMNI Routing Header Processing . . . . . . . . . . . 151
   Appendix C.  IPv6 Compatible Addresses  . . . . . . . . . . . . . 153
   Appendix D.  IPv6 ND Message Authentication and Integrity . . . . 154
   Appendix E.  VDL Mode 2 Considerations  . . . . . . . . . . . . . 155
   Appendix F.  Client-Proxy/Server Isolation Through Link-Layer
           Address Mapping . . . . . . . . . . . . . . . . . . . . . 156
   Appendix G.  IPv6 ND Virtual Interface Model  . . . . . . . . . . 156
   Appendix H.  Change Log . . . . . . . . . . . . . . . . . . . . . 157
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . 158

1.  Introduction

   Air/land/sea/space mobile nodes (e.g., aircraft of various
   configurations, terrestrial vehicles, seagoing vessels, space
   systems, enterprise wireless devices, pedestrians with cellphones,
   etc.) configure mobile routers with multiple interface connections to
   wireless and/or wired-line data links.  These data links often have
   diverse performance, cost and availability properties that can change
   dynamically according to mobility patterns, flight phases, proximity
   to infrastructure, etc.  The mobile router acts as a Client of a
   network-based Mobility Service (MS) by configuring a virtual
   interface over its underlay interface data link connections.

   Each Client configures a virtual network interface (termed the
   "Overlay Multilink Network Interface (OMNI)") as a thin layer over
   its underlay interfaces which may themselves connect to virtual or
   physical links.  The OMNI interface is therefore the only interface
   abstraction exposed to the IP layer and behaves according to the Non-
   Broadcast, Multiple Access (NBMA) interface principle, while each
   underlay interface appears as a link layer communication channel in
   the architecture.  The OMNI interface appears as a "virtual Ethernet
   (veth)" interface to the IP layer and internally employs the "OMNI
   Adaptation Layer (OAL)" to ensure that original IP packets or parcels
   [I-D.templin-6man-parcels2][I-D.templin-intarea-parcels2] are adapted
   to diverse underlay interfaces with heterogeneous properties.

Templin                   Expires 11 July 2025                  [Page 4]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OMNI interface connects to a virtual overlay known as the "OMNI
   link".  The OMNI link spans one or more Internetworks that may
   include private-use infrastructures (e.g., enterprise networks,
   operator networks, etc.) and/or the global public Internet itself.
   Together, OMNI and the OAL provide the foundational elements required
   to support the "6 M's of Modern Internetworking", including:

   1.  Multilink - a Client's ability to coordinate multiple diverse
       underlay interfaces as a single logical unit (i.e., the OMNI
       interface) to achieve the required communications performance and
       reliability objectives.

   2.  Multinet - the ability to span the OMNI link over a segment
       routing topology with multiple diverse administrative domain
       network segments while maintaining seamless end-to-end
       communications between mobile Clients and correspondents such as
       air traffic controllers, fleet administrators, etc.

   3.  Mobility - a Client's ability to change network points of
       attachment (e.g., moving between wireless base stations) which
       may result in an underlay interface address change, but without
       disruptions to ongoing communication sessions with peers over the
       OMNI link.

   4.  Multicast - the ability to send a single network transmission
       that reaches multiple Clients belonging to the same interest
       group, but without disturbing other Clients not subscribed to the
       interest group.

   5.  Multihop - a mobile Client peer-to-peer relaying capability
       useful when multiple forwarding hops between peers may be
       necessary to reach a target peer or an infrastructure access
       point connection to the OMNI link.

   6.  (Performance) Maximization - the ability to exchange large
       packets/parcels between peers without loss due to a link size
       restriction, and to adaptively adjust packet/parcel sizes to
       maintain the best performance profile for each independent
       traffic flow.

Templin                   Expires 11 July 2025                  [Page 5]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Client OMNI interfaces coordinate with the MS and/or OMNI peer nodes
   through IPv6 Neighbor Discovery (ND) control message exchanges
   [RFC4861].  The MS consists of a distributed set of service nodes
   (including Proxy/Servers and other infrastructure elements) that also
   configure OMNI interfaces.  Automatic Extended Route Optimization
   (AERO) in particular provides a companion MS compatible with the OMNI
   architecture [I-D.templin-6man-aero3].  AERO discusses details of ND
   message based multilink forwarding, route optimization, mobility
   management, and multinet traversal while the fundamental aspects of
   OMNI link operation are discussed in this document.

   Each OMNI interface provides a multilink nexus for exchanging inbound
   and outbound traffic flows via selected underlay interfaces.  The IP
   layer sees the OMNI interface as a point of connection to the OMNI
   link.  Each OMNI link assigns one or more associated Mobility Service
   Prefixes (MSPs), which are typically IP Global Unicast Address (GUA)
   prefixes.  The MS then delegates Mobile Network Prefixes (MNPs) taken
   from an MSP to Client end systems as PI address blocks.  Clients in
   local domains also obtain PA addresses from internal/external Stable
   Network Prefixes (SNPs) assigned to Proxy/Servers that connect the
   local domain to the global topology per [RFC6296].  If there are
   multiple OMNI links, the IP layer will see multiple OMNI interfaces.

   Clients receive SNP addresses and optionally also MNP prefix
   delegations through IPv6 ND control message exchanges with Proxy/
   Servers over MANETs, Access Networks (ANETs) and/or open
   Internetworks (INETs).  Clients sub-delegate MNPs to downstream-
   attached End-user Networks (ENETs) independently of the underlay
   interfaces selected for upstream data transport.  Each Client acts as
   a fixed or mobile router on behalf of ENET peers, and uses OMNI
   interface control messaging to coordinate with Hosts, Proxy/Servers
   and/or other Clients.  The Client iterates its control messaging over
   each of the OMNI interface's (M)ANET/INET underlay interfaces in
   order to register each interface with the MS (see Section 13).  The
   Client can also provide multihop forwarding services for a
   recursively extended chain of other Clients and Hosts connected via
   downstream-attached ENETs.

Templin                   Expires 11 July 2025                  [Page 6]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Clients may connect to multiple distinct OMNI links within the same
   OMNI domain by configuring multiple OMNI interfaces, e.g., omni0,
   omni1, omni2, etc.  Each OMNI interface is configured over a distinct
   set of underlay interfaces and provides a nexus for Safety-Based
   Multilink (SBM) operation.  The IP layer applies SBM routing to
   select a specific OMNI interface, then the selected OMNI interface
   applies Performance-Based Multilink (PBM) internally to select
   appropriate underlay interfaces.  Applications select SBM topologies
   based on IP layer Segment Routing [RFC8402], while each OMNI
   interface orchestrates PBM internally based on OAL Multinet
   traversal.

   OMNI provides a link model suitable for a wide range of use cases.
   For example, the International Civil Aviation Organization (ICAO)
   Working Group-I Mobility Subgroup is developing a future Aeronautical
   Telecommunications Network with Internet Protocol Services (ATN/IPS)
   and has issued a liaison statement requesting IETF adoption [ATN] in
   support of ICAO Document 9896 [ATN-IPS].  The IETF IP Wireless Access
   in Vehicular Environments (ipwave) working group has further included
   problem statement and use case analysis for OMNI in [RFC9365].  Still
   other communities of interest include AEEC, RTCA Special Committee
   228 (SC-228) and NASA programs that examine commercial aviation,
   Urban Air Mobility (UAM) and Unmanned Air Systems (UAS).  Pedestrians
   with handheld mobile devices using 5G/6G wireless services, home and
   small office networks, enterprise networks and many others represent
   additional large classes of potential OMNI users.

   This document specifies the transmission of original IP packets/
   parcels and control messages over OMNI interfaces.  The operation of
   both IP protocol versions (i.e., IPv4 [RFC0791] and IPv6 [RFC8200])
   is specified as the network layer data plane, while OMNI interfaces
   use IPv6 ND messaging in the control plane independently of the data
   plane protocol(s).  OMNI interfaces also provide an adaptation layer
   based on encapsulation and fragmentation over heterogeneous underlay
   interfaces as an OAL sublayer between L3 and L2.  OMNI and the OAL
   are specified in detail throughout the remainder of this document.

2.  Terminology

   The terminology in the normative references applies; especially, the
   terms "link" and "interface" are the same as defined in the IPv6
   [RFC8200] and IPv6 Neighbor Discovery (ND) [RFC4861] specifications.
   This document assumes the following IPv6 ND control plane message
   types: Router Solicitation (RS), Router Advertisement (RA), Neighbor
   Solicitation (NS), Neighbor Advertisement (NA), unsolicited NA (uNA)
   and Redirect.

Templin                   Expires 11 July 2025                  [Page 7]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The terms "All-Routers multicast", "All-Nodes multicast" and "Subnet-
   Router anycast" are the same as defined in [RFC4291].  Also, IPv6 ND
   state names, variables and constants including REACHABLE,
   ReachableTime and REACHABLE_TIME are the same as defined in
   [RFC4861].

   The term "IP" is used to refer collectively to either Internet
   Protocol version (i.e., IPv4 [RFC0791] or IPv6 [RFC8200]) when a
   specification at the layer in question applies equally to either
   version.

   The terms Host, Client and Proxy/Server are intentionally capitalized
   to denote an instance of that particular node type that also
   configures an OMNI interface and engages the OMNI Adaptation Layer.

   The terms "application layer (L5 and higher)", "transport layer
   (L4)", "network layer (L3)", "(data) link layer (L2)" and "physical
   layer (L1)" are used consistently with common Internetworking
   terminology, with the understanding that reliable delivery protocol
   users of UDP are considered as transport layer elements.  The OMNI
   specification further defines an "adaptation layer" positioned below
   the network layer but above the link layer, which may include
   physical links and Internet- or higher-layer tunnels.  A (network)
   interface is a node's attachment to a link (via L2), and an OMNI
   interface is therefore a node's attachment to an OMNI link (via the
   adaptation layer).

   The terms "IP jumbogram", "advanced jumbo (AJ)" and "IP parcel" refer
   to special packet formats supported under a new link model for the
   Internet as discussed in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2].

   The following terms are defined within the scope of this document:

   GUA, ULA, LLA, MLA
      A Globally-Unique (GUA), Unique-Local (ULA) or Link-Local (LLA)
      address per the IPv6 addressing architecture [RFC4193] [RFC4291],
      or a Multilink-Local Address (MLA) per [I-D.templin-6man-mla].
      IPv4 prefixes other than those reserved for special purposes
      [RFC6890] are also considered as GUA prefixes.

   L3
      The Network layer in the OSI network model.  Also known as "layer
      3", "IP layer", etc.

   L2
      The Data Link layer in the OSI network model.  Also known as
      "layer 2", "link layer", "sub-IP layer", etc.

Templin                   Expires 11 July 2025                  [Page 8]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Adaptation layer
      An encapsulation mid-layer that adapts L3 to a diverse collection
      of L2 underlay interfaces and their encapsulations.  (No layer
      number is assigned, since numbering was an artifact of the legacy
      reference model that need not carry forward in the modern
      architecture.)  The adaptation layer sees the network layer as
      "L3" and sees all link layer encapsulations as "L2
      encapsulations", which may include UDP, IP and true link layer
      (e.g., Ethernet, etc.) headers.

   Access Network (ANET)
      a connected network region (e.g., an aviation radio access
      network, corporate enterprise network, satellite service provider
      network, cellular operator network, residential WiFi network,
      etc.) that connects Clients to the rest of the OMNI link.
      Physical and/or data link level security is assumed (sometimes
      referred to as "protected spectrum" for wireless domains).  ANETs
      such as private enterprise networks and ground domain aviation
      service networks often provide multiple secured IP hops between
      the Client's physical point of connection and the nearest Proxy/
      Server.

   Mobile Ad-hoc NETwork (MANET)
      a connected ANET region for which links often have undetermined
      connectivity properties, lower layer security services cannot
      always be assumed and multihop forwarding between Clients acting
      as MANET routers may be necessary.

   Internetwork (INET)
      a connected network region with a coherent IP addressing plan that
      provides transit forwarding services between ANETs and/or OMNI
      nodes that coordinate with the Mobility Service over unprotected
      media.  Since physical and/or data link level security cannot
      always be assumed, security must be applied by the network and/or
      higher layers if necessary.  The global public Internet itself is
      an example.

   End-user Network (ENET)
      a simple or complex "downstream" network tethered to a Client as a
      single logical unit that travels together.  The ENET could be as
      simple as a single link connecting a single Host, or as complex as
      a large network with many links, routers, bridges and end user
      devices.  The ENET provides an "upstream" link for arbitrarily
      many low-, medium- or high-end devices dependent on the Client for
      their upstream connectivity, i.e., as Internet of Things (IoT)
      entities.  The ENET can also support a recursively-descending
      chain of additional Clients such that the ENET of an upstream
      Client is seen as the ANET of a downstream Client.

Templin                   Expires 11 July 2025                  [Page 9]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *NET
      a "wildcard" term used when a given specification applies equally
      to all MANET/ANET/INET cases.  From the Client's perspective, *NET
      interfaces are "upstream" interfaces that connect the Client to
      the Mobility Service, while ENET interfaces are "downstream"
      interfaces that the Client uses to connect downstream ENETs, Hosts
      and/or other Clients.  Local communications between correspondents
      within the same *NET can often be conducted based on IPv6 ULAs
      [RFC4193] or MLAs [I-D.templin-6man-mla].

   underlay interface
      a *NET or ENET interface over which an OMNI interface is
      configured.  The OMNI interface is seen as an L3 interface by the
      network layer, and each underlay interface is seen as an L2
      interface by the OMNI interface.  The underlay interface either
      connects directly to the physical communications media or
      coordinates with another node where the physical media is hosted.

   MANET Interface
      a node's underlay interface to a local network with indeterminant
      neighborhood properties over which multihop relaying may be
      necessary.  All MANET interfaces used by AERO/OMNI are IPv6
      interfaces and therefore must configure a Maximum Transmission
      Unit (MTU) no smaller than the IPv6 minimum MTU (1280 octets) even
      if lower-layer fragmentation is needed.

   OMNI link
      a Non-Broadcast, Multiple Access (NBMA) virtual overlay configured
      over one or more INETs and their connected (M)ANETs/ENETs.  An
      OMNI link may comprise multiple distinct "segments" joined by
      "bridges" the same as for any link; the addressing plans in each
      segment may be mutually exclusive and managed by different
      administrative entities.  Proxy/Servers and other infrastructure
      elements extend the link to support communications between Clients
      as single-hop neighbors.

   OMNI link segment
      a Proxy/Server and all of its constituent Clients within any
      attached *NETs is considered as a leaf OMNI link segment, with
      each leaf interconnected via links and "bridge" nodes in
      intermediate OMNI link segments.  When the *NETs of multiple leaf
      segments overlap (e.g., due to network mobility), they can combine
      to form larger *NETs with no changes to Client-to-Proxy/Server
      relationships.  The OMNI link consists of the concatenation of all
      OMNI link leaf and intermediate segments as a loop-free spanning
      tree.

Templin                   Expires 11 July 2025                 [Page 10]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   OMNI interface
      a node's virtual Ethernet (veth) interface to an OMNI link, and
      configured over one or more underlay interfaces.  If there are
      multiple OMNI links in an OMNI domain, a separate OMNI interface
      is configured for each link.  The OMNI interface configures a
      Maximum Transmission Unit (MTU) and an Effective MTU to Receive
      (EMTU_R) the same as any interface.  The OMNI interface assigns an
      LLA the same as for any IPv6 interface and assigns the MLAs for
      each of its distinct underlay networks.  The OMNI interface
      further assigns any unicast or anycast ULA/GUA addresses acquired
      through address autoconfiguration.  Since OMNI interface addresses
      are managed for uniqueness, OMNI interfaces do not require
      Duplicate Address Detection (DAD) and therefore set the
      administrative variable 'DupAddrDetectTransmits' to zero
      [RFC4862].

   OMNI Adaptation Layer (OAL)
      an OMNI interface sublayer service that encapsulates original IP
      packets/parcels admitted into the interface in an IPv6 header and/
      or subjects them to fragmentation and reassembly.  The OAL is also
      responsible for generating MTU-related control messages as
      necessary, and for providing addressing context for OMNI link SRT
      traversal.  The OAL presents a new layer in the Internet
      architecture known simply as the "adaptation layer".  The OMNI
      link is an example of a limited domain [RFC8799] at the adaptation
      layer although its segments may be joined over open Internetworks
      at L2.

   OMNI Option
      a pseudo IPv6 ND option providing multilink parameters for the
      OMNI interface as specified in Section 10.  The OMNI option is
      appended to the end of an IPv6 ND message during OAL encapsulation
      such that it appears immediately following the final message
      option.

   (OMNI) Host
      an end user device that extends the OMNI link over an ENET
      interface serviced by a Client.  (As an implementation matter, the
      Host either assigns the same IP address from the ENET (underlay)
      interface to an (overlay) OMNI interface, or configures an OMNI-
      like function as a virtual sublayer of the ENET interface itself.)
      The IP addresses assigned to each Host ENET interface remain
      stable even if the Client's upstream *NET interface connections
      change.

   (OMNI) Client
      a network platform/device mobile router that configures one or
      more OMNI interfaces over distinct sets of underlay interfaces

Templin                   Expires 11 July 2025                 [Page 11]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      grouped as logical OMNI link units.  The Client coordinates with
      the Mobility Service via upstream networks over *NET interfaces,
      and provides Proxy/Server services for Hosts and other Clients on
      ENET interface downstream networks.  The Client's *NET interface
      addresses and performance characteristics may change over time
      (e.g., due to node mobility, link quality, etc.) while downstream-
      attached Hosts and other Clients see the ENET as a stable ANET.

   (OMNI) Proxy/Server
      a segment routing topology edge node that configures an OMNI
      interface and connects Clients to the Mobility Service.  As a
      server, the Proxy/Server responds directly to some Client IPv6 ND
      messages.  As a proxy, the Proxy/Server forwards other Client IPv6
      ND messages to other Proxy/Servers and Clients.  As a router, the
      Proxy/Server provides a forwarding service for ordinary data
      messages that may be essential in some environments and a last
      resort in others.  Proxy/Servers at (M)ANET boundaries configure
      both an (M)ANET downstream interface and *NET upstream interface,
      while INET-based Proxy/Servers configure only an INET interface.
      All Proxy/Servers configure a Stable Network Prefix (SNP) and
      manage 1x1 mappings of internal ULAs and external GUAs according
      to [RFC6296].

   First-Hop Segment (FHS) Proxy/Server
      a Proxy/Server connected to the source Client's *NET that forwards
      OAL packets sent by the source into the segment routing topology.
      FHS Proxy/Servers allocate Provider-Aggregated (Proxy/Server-
      Aggregated) addresses to Clients within their local networks.  FHS
      Proxy/Servers also act as intermediate forwarding systems to
      facilitate RS/RA-based Provider-Independent Prefix Delegation
      exchanges between Clients and Mobility Anchor Point (MAP) Proxy/
      Servers.

   Last-Hop Segment (LHS) Proxy/Server
      a Proxy/Server connected to the target Client's *NET that forwards
      OAL packets received from the segment routing topology to the
      target.

   Mobility Anchor Point (MAP) Proxy/Server
      a Proxy/Server selected by the Client that provides a designated
      router service for any *NET underlay networks that register the
      Client's Mobile Network Prefix (MNP).  Since all Proxy/Servers
      provide equivalent services, Clients normally select the first FHS
      Proxy/Server they coordinate with to serve as the MAP.  However,
      the MAP can instead be any available Proxy/Server for the OMNI
      link, i.e., and not necessarily one of the Client's FHS Proxy/
      Servers.  This flexible arrangement supports a fully distributed
      mobility management service.

Templin                   Expires 11 July 2025                 [Page 12]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Segment Routing Topology (SRT)
      a multinet forwarding region configured over one or more INETs
      between the FHS Proxy/Server and LHS Proxy/Server.  The SRT spans
      the OMNI link on behalf of communicating peer nodes using segment
      routing in a manner outside the scope of this document (see:
      [I-D.templin-6man-aero3]).

   Mobility Service (MS)
      a mobile routing service that tracks Client movements and ensures
      that Clients remain continuously reachable even across mobility
      events.  The MS consists of the set of all Proxy/Servers plus all
      other OMNI link supporting infrastructure nodes.  Specific MS
      details are out of scope for this document, with an example found
      in [I-D.templin-6man-aero3].

   Mobility Service Prefix (MSP)
      an aggregated IP GUA prefix (e.g., 2001:db8::/32,
      2002:192.0.2.0::/40, etc.) assigned to the OMNI link and from
      which more-specific Mobile and Stable Network Prefixes (MNPs/SNPs)
      are delegated, where IPv4 MSPs are represented as "6to4 prefixes"
      per [RFC3056].  OMNI link administrators typically obtain MSPs
      from an Internet address registry, however private-use prefixes
      can also be used subject to certain limitations (see: Section 8).
      OMNI links that connect to the global Internet advertise their
      MSPs to their interdomain routing peers.

   Mobile Network Prefix (MNP)
      a longer IP prefix delegated from an MSP (e.g.,
      2001:db8:1000:2000::/56, 2002:192.0.2.8::/46, etc.) and assigned
      to a Client.  Clients receive MNPs from MAP Proxy/Servers and sub-
      delegate them to routers, Hosts and other Clients located in
      ENETs.

   Stable Network Prefix (SNP)
      a ULA/GUA IP prefix pair assigned to one or more Proxy/Servers
      that connect local *NET Client groups to the rest of the OMNI
      link.  Clients request address delegations from the SNP that can
      be used to support global and local-scoped communications.
      Clients communicate internally within *NET groups using IPv6 ULAs
      assigned in 1x1 correspondence to SNP GUAs made visible to
      external peers through IP network address/prefix translation
      [RFC6145][RFC6146][RFC6147][RFC6296].

   Foreign Network Prefix (FNP)
      a global IP prefix not covered by a MSP and assigned to a link or
      network outside of the OMNI domain.

Templin                   Expires 11 July 2025                 [Page 13]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Subnet Router Anycast (SRA) Address
      An IPv6 address taken from an FNP/MNP/SNP in which the remainder
      of the address beyond the prefix is set to the value "all-zeros".
      For example, the SRA for 2001:db8:1::/48 is simply 2001:db8:1::
      (i.e., with the 80 least significant bits set to 0).  For IPv4,
      the IPv6 SRA corresponding to the IPv4 prefix 192.0.2.0/24 is
      2002:192.0.2.0::/40 per [RFC3056].

   Provider-Aggregated (PA) Address
      a ULA/GUA address pair delegated to a Client from an FHS Proxy/
      Server SNP is considered Provider-Aggregated (PA) or "Proxy/
      Server-Aggregated".  The Client either assigns the GUA PA address
      to its own OMNI interface or allows the FHS Proxy/Server to supply
      the address via Network Prefix Translation for IPv6 (NPTv6)
      [RFC6296].

   Provider-Independent (PI) Address
      a GUA allocated from an MNP delegated to a Client via a MAP Proxy/
      Server is considered Provider-Independent (PI) or "Proxy/Server-
      Independent".  The Client assigns PI addresses to (downstream)
      ENET interfaces and can also sub-delegate the MNP to downstream
      ENET nodes.

   original IP packet/parcel
      a whole IP packet/parcel or fragment admitted into the OMNI
      interface by the network layer prior to OAL encapsulation/
      fragmentation, or an IP packet/parcel delivered to the network
      layer by the OMNI interface following OAL reassembly/
      decapsulation.

   OAL packet
      an original IP packet/parcel encapsulated in an OAL IPv6 header
      with an IPv6 Extended Fragment Header extension that includes an
      8-octet (64-bit) OAL Identification value.  Each OAL packet is
      then subject to OAL fragmentation and reassembly.

   OAL fragment
      a portion of an OAL packet following fragmentation but prior to L2
      encapsulation/fragmentation, or following L2 reassembly/
      decapsulation but prior to OAL reassembly.

   (OAL) atomic fragment
      an OAL packet that can be forwarded without fragmentation, but
      still includes an IPv6 Extended Fragment Header with an 8-octet
      (64-bit) OAL Identification value and with Index and More
      Fragments both set to 0.

Templin                   Expires 11 July 2025                 [Page 14]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   (L2) carrier packet
      an encapsulated OAL fragment following L2 encapsulation or prior
      to L2 decapsulation.  OAL sources and destinations exchange
      carrier packets over underlay interfaces, and may be separated by
      one or more OAL intermediate systems.  OAL intermediate systems
      may perform re-encapsulation on carrier packets by removing the L2
      headers of the first hop network and replacing them with new L2
      headers for the next hop network.  Carrier packets may themselves
      be subject to fragmentation and reassembly in L2 underlay networks
      at a layer below the OAL.  Carrier packets sent over unsecured
      paths use OMNI protocol L2 encapsulations, while those sent over
      secured paths use L2 security encapsulations such as IPsec
      [RFC4301], etc.  (The term "carrier" honors agents of the service
      postulated by [RFC1149] and [RFC6214].)

   OAL source
      an OMNI interface acts as an OAL source when it encapsulates
      original IP packets/parcels to form OAL packets, then performs OAL
      fragmentation and encapsulation to create carrier packets which
      may themselves be subject to fragmentation at their layer.  Every
      OAL source is also an OMNI link ingress.

   OAL destination
      an OMNI interface acts as an OAL destination when it decapsulates
      carrier packets (while reassembling first, if necessary), then
      performs OAL reassembly/decapsulation to derive the original IP
      packet/parcel.  Every OAL destination is also an OMNI link egress.

   OAL intermediate system
      an OMNI interface acts as an OAL intermediate system when it
      reassembles/decapsulates carrier packets received from a first
      segment to obtain the original OAL packet/fragment, then re-
      encapsulates in new L2 headers appropriate for the next segment
      and sends these new carrier packets into the next segment (while
      re-fragmenting first, if necessary).  OAL intermediate systems
      decrement the Hop Limit in OAL packets/fragments during
      forwarding, and discard the OAL packet/fragment if the Hop Limit
      reaches 0.  OAL intermediate systems do not decrement the TTL/Hop
      Limit of the original IP packet/parcel, which can only be updated
      by the network and higher layers.

Templin                   Expires 11 July 2025                 [Page 15]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Multilink
      a Client OMNI interface's manner of managing multiple diverse *NET
      underlay interfaces as a single logical unit.  The OMNI interface
      provides a single unified interface to the network layer, while
      underlay interface selections are performed on a per-flow basis
      considering traffic selectors such as DSCP, flow label,
      application policy, signal quality, cost, etc.  Multilink
      selections are coordinated in both the outbound and inbound
      directions based on source/target underlay interface pairs.

   Multinet
      an intermediate system's manner of spanning multiple diverse IP
      Internetwork and/or private enterprise network "segments" through
      OAL encapsulation.  Multiple diverse Internetworks (such as the
      global public IPv4 and IPv6 Internets) can serve as transit
      segments in an end-to-end OAL forwarding path through intermediate
      system concatenation of SRT network segments.  This OAL
      concatenation capability provides benefits such as supporting
      IPv4/IPv6 transition and coexistence, joining multiple diverse
      operator networks into a cooperative single service network, etc.
      See: [I-D.templin-6man-aero3] for further information.

   Multihop
      an iterative relaying of carrier packets between Client's over an
      OMNI underlay interface technology (such as omnidirectional
      wireless) without support of fixed infrastructure.  Multihop
      services entail Client-to-Client relaying within a Mobile/
      Vehicular Ad-hoc Network (MANET/VANET) for Vehicle-to-Vehicle
      (V2V) communications and/or for Vehicle-to-Infrastructure (V2I)
      "range extension" where Clients within range of communications
      infrastructure elements provide forwarding services for other
      Clients.

   Mobility
      any action that results in a change to a Client underlay interface
      address.  The change could be due to, e.g., a handover to a new
      wireless base station, loss of link due to signal fading, an
      actual physical node movement, etc.

   Safety-Based Multilink (SBM)
      A means for ensuring fault tolerance through redundancy by
      connecting multiple OMNI interfaces within the same domain to
      independent routing topologies (i.e., multiple independent OMNI
      links).

Templin                   Expires 11 July 2025                 [Page 16]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Performance Based Multilink (PBM)
      A means for selecting one or more underlay interface(s) for
      carrier packet transmission and reception within a single OMNI
      interface.

   OMNI Domain
      The set of all SBM/PBM OMNI links that collectively provides
      services for a common set of MSPs.  All OMNI links within the same
      domain configure, advertise and respond to the SRA address(es)
      corresponding to the MSP(s) assigned to the domain.

   AERO Forwarding Information Base (AFIB)
      A multilink forwarding table on each OAL source, destination and
      intermediate system that includes AERO Forwarding Vectors (AFV)
      with both next hop forwarding instructions and context for
      reconstructing compressed headers for specific underlay interface
      pairs used to communicate with peers.  See:
      [I-D.templin-6man-aero3] for further discussion.

   AERO Forwarding Vector (AFV)
      An AFIB entry that includes soft state for each underlay interface
      pairwise communication session between peer neighbors.  AFVs are
      identified by an AFV Index (AFVI) paired with the previous hop L2
      address, with the pair established based on an IPv6 ND
      solicitation and solicited IPv6 ND advertisement response.  The
      AFV also caches underlay interface pairwise Identification
      sequence number parameters to support carrier packet filtering.
      See: [I-D.templin-6man-aero3] for further discussion.

   AERO Forwarding Vector Index (AFVI)
      A 2-octet or 4-octet integer value supplied by a first hop OAL
      node when it requests a next hop OAL node to create an AFV.  (The
      AFVI is always processed as a 4-octet value, but may be
      transmitted as only the 2 least significant octets when the 2 most
      significant octets are 0.)  The next hop OAL node caches the AFVI
      and L2 address supplied by the previous hop as header compression/
      decompression state for future OAL packets with compressed
      headers.  The first hop OAL node must ensure that the AFVI values
      it assigns to the next hop via a specific underlay interface are
      distinct and reused only after their useful lifetimes expire.  The
      special AFVI value 0 means that no AFVI is assigned.

Templin                   Expires 11 July 2025                 [Page 17]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   flow
      a sequence of packets sent from a particular source to a
      particular unicast, anycast, or multicast destination that a node
      desires to label as a flow.  The 3-tuple of the Flow Label, Source
      Address and Destination Address fields enable efficient IPv6 flow
      classification.  The IPv6 Flow Label Specification is observed per
      [RFC6437] [RFC6438].

   (OMNI) L2 encapsulation
      the OMNI protocol encapsulation of OAL packets/fragments in an
      outer header or headers to form carrier packets that can be routed
      within the scope of the local *NET underlay network partition.
      The OAL node that performs encapsulation is known as the "L2
      source" while the OAL node that performs decapsulation is known as
      the "L2 destination"; both OAL end and intermediate systems can
      also act as an L2 source or destination.  Common L2 encapsulation
      combinations include UDP, IP and/or Ethernet using a
      port/protocol/type number for OMNI.

   L2 address (L2ADDR)
      an address that appears in the OMNI protocol L2 encapsulation for
      an underlay interface and also in IPv6 ND message OMNI options.
      L2ADDR can be either an IP address for IP encapsulations or an
      IEEE EUI address [EUI] for direct data link encapsulation.  (When
      UDP/IP encapsulation is used, the UDP port number is considered an
      ancillary extension of the IP L2ADDR.)

   OAL Fragment Size (OFS)
      the current size for OAL source fragmentation which must be no
      smaller than 1024 octets and should be no larger than 65279 octets
      (allowing for up to 256 octets of L2 encapsulations for each OAL
      fragment).  Each OAL source maintains an OFS in AERO Forwarding
      Vectors (AFVs) for each OAL destination.  The source discovers the
      "maximum OFS" through IPv6 Minimum Path MTU Options [RFC9268] and
      maintains an equal or smaller value "effective OFS" according to
      dynamic network control message feedback.  The OAL source should
      adaptively seek to use the largest possible effective OFS under
      current network conditions to provide better performance for upper
      layers.

Templin                   Expires 11 July 2025                 [Page 18]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Carrier Fragment Size (CFS)
      the current size for L2 carrier packet fragments including the
      headers, trailers and OAL fragment body.  The OAL L2 source
      applies source fragmentation if necessary to each L2-encapsulated
      OAL fragment under the default CFS of 1280 octets (i.e., the IPv6
      minimum MTU) until it can either engage IPv4 network fragmentation
      or determine whether a larger CFS is possible through
      Packetization Layer Path MTU Discovery for Datagram Transports
      [RFC8899].  The L2 source should adaptively seek to maximize CFS
      to provide better performance for upper layers.

3.  Requirements

   OMNI interfaces maintain the same Conceptual Data Structures as for
   any IPv6 interface, including the Neighbor Cache, Destination Cache,
   Prefix List and Default Router List [RFC4861].  The same as for any
   IPv6 interface, different routers on the link may advertise different
   prefixes.  The OMNI interface must therefore ensure that any
   addresses configured from the prefixes and assigned to the interface
   are associated with the correct default routers.

   OMNI interfaces limit the size of their IPv6 ND control plane
   messages (plus any original IP packet/parcel attachments) to the
   minimum IPv6 link MTU minus overhead for adaptation and link layer
   encapsulation.  If there are sufficient OMNI parameters and/or IP
   packet/parcel attachments that would exceed this size, the OMNI
   interface forwards the information as multiple smaller IPv6 ND
   messages and the recipient accepts the union of all information
   received.  This allows the messages to travel without loss due to a
   size restriction over secured control plane paths that include IPsec
   tunnels [RFC4301], secured direct point-to-point links and/or
   unsecured paths that require an authentication signature.

   Host, Client and Proxy/Server OMNI interfaces maintain per-
   destination state in Destination Cache Entries (DCEs) as a level of
   indirection into per-neighbor state in Neighbor Cache Entries (NCEs).
   The function of these caches and the IPv6 ND Protocol Constants
   defined in Section 10 of [RFC4861] apply for this document.

   The L3, adaptation and (virtual) L2 layers each include distinct
   packet Identification numbering spaces.  The adaptation layer employs
   an 8-octet Identification numbering space that is distinct from L3/L2
   spaces, with an Identification value appearing in an IPv6 Extended
   Fragment Header [I-D.templin-6man-ipid-ext2] or an OMNI Compressed
   Header (OCH) (see: Section 6.5) in each adaptation layer
   encapsulation.

Templin                   Expires 11 July 2025                 [Page 19]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119][RFC8174] when, and only when, they appear in all
   capitals, as shown here.

4.  Overlay Multilink Network (OMNI) Interface Model

   The IP layer sees the OMNI interface as a virtual Ethernet (veth)
   interface configured over one or more underlay interfaces, which may
   be physical (e.g., an aeronautical radio link, a cellular wireless
   link, etc.) or virtual (e.g., an internet-layer or higher-layer
   "tunnel").  The OMNI interface architectural layering model is the
   same as in [RFC5558][RFC7847], and augmented as shown in Figure 1.
   The network layer therefore sees the OMNI interface as a single L3
   interface nexus for multiple underlay interfaces that appear as L2
   communication channels in the architecture.

                                     +----------------------------+
                                     |    Upper Layer Protocol    |
              Session-to-IP    +---->|                            |
              Address Binding  |     +----------------------------+
                               +---->|           IP (L3)          |
              IP Address       +---->|                            |
              Binding          |     +----------------------------+
                               +---->|       OMNI Interface       |
              Logical-to-      +---->|   (OMNI Adaptation Layer)  |
              Physical         |     +----------------------------+
              Interface        +---->|  L2  |  L2  |       |  L2  |
              Binding                |(IF#1)|(IF#2)| ..... |(IF#n)|
                                     +------+------+       +------+
                                     |  L1  |  L1  |       |  L1  |
                                     |      |      |       |      |
                                     +------+------+       +------+

           Figure 1: OMNI Interface Architectural Layering Model

   Each underlay interface provides an L2/L1 abstraction according to
   one of the following models:

   *  (M)ANET interfaces connect to a (M)ANET that is separated from the
      open INET by Proxy/Servers.  The (M)ANET interface may be either
      on the same link segment as a Proxy/Server, or separated from a
      Proxy/Server by multiple adaptation layer and/or L2 hops.  (Note
      that NATs may appear internally within a (M)ANET or on the Proxy/
      Server itself and may require NAT traversal the same as for the
      INET case.)

Templin                   Expires 11 July 2025                 [Page 20]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  INET interfaces connect to an INET either natively or through IP
      Network Address Translators (NATs).  Native INET interfaces have
      global IP addresses that are reachable from any INET
      correspondent.  NATed INET interfaces typically configure private
      IP addresses and connect to a private network behind one or more
      NATs with the outermost NAT providing INET access.

   *  ENET interfaces connect a Client's downstream-attached networks,
      where the Client provides forwarding services for ENET Host and
      Client communications to remote peers.  An ENET may be as simple
      as a small IoT sub-network that travels with a mobile Client to as
      complex as a large private enterprise network that the Client
      connects to a larger *NET.  Downstream-attached Hosts and Clients
      see the ENET as a *NET and see the (upstream) Client as a Proxy/
      Server.

   *  VPN interfaces use security encapsulations (e.g.  IPsec tunnels)
      over underlay networks to connect Client, Proxy/Server or other
      critical infrastructure nodes.  VPN interfaces provide security
      services at lower layers of the architecture (L2/L1), with
      securing properties similar to Direct point-to-point interfaces.

   *  Direct point-to-point interfaces securely connect Clients, Proxy/
      Servers and/or other critical infrastructure nodes over physical
      or virtual media that does not transit any open Internetwork
      paths.  Examples include a line-of-sight link between a remote
      pilot and an unmanned aircraft, a fiberoptic link between
      gateways, etc.

   The OMNI interface forwards original IP packets/parcels from the
   network layer using the OMNI Adaptation Layer (OAL) (see: Section 5)
   as an encapsulation and fragmentation sublayer service.  This "OAL
   source" then further encapsulates the resulting OAL packets/fragments
   in underlay network headers (e.g., UDP/IP, IP-only, Ethernet-only,
   etc.) to create L2 encapsulated "carrier packets" for fragmentation
   and transmission over underlay interfaces.  The target OMNI interface
   then receives the carrier packets from underlay interfaces and
   performs L2 reassembly/decapsulation.

Templin                   Expires 11 July 2025                 [Page 21]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   If the resulting OAL packets/fragments are addressed to itself, the
   OMNI interface performs reassembly/decapsulation as an "OAL
   destination" and delivers the original IP packet/parcel to the
   network layer.  If the OAL packets/fragments are addressed to another
   node, the OMNI interface instead re-encapsulates them in new underlay
   network L2 headers as an "OAL intermediate system" then performs L2
   fragmentation and forwards the resulting carrier packets over an
   underlay interface.  The OAL source and OAL destination are seen as
   "neighbors" on the OMNI link, while OAL intermediate systems provide
   a virtual bridging service that joins the segments of a (multinet)
   Segment Routing Topology (SRT).

   The OMNI interface transports carrier packets over either secured or
   unsecured underlay interfaces to access the secured/unsecured OMNI
   link spanning trees as discussed further throughout the document.
   Carrier packets that carry control plane messages over secured
   underlay interfaces use secured L2/L1 services such as IPsec, direct
   encapsulation over secured point-to-point links, etc.  Carrier
   packets that carry data plane messages over unsecured underlay
   interfaces instead use L2 encapsulations appropriate for public or
   private Internetworks and are subject for the following sections.

   The OMNI interface and its OAL can forward original IP packets/
   parcels over underlay interfaces while including/omitting various
   lower layer encapsulations including OAL, UDP, IP and (ETH)ernet or
   other link layer header.  The network layer can also engage underlay
   interfaces directly while bypassing the OMNI interface entirely when
   necessary.  This architectural flexibility may be beneficial for
   underlay interfaces (e.g., some aviation data links) for which
   encapsulation overhead is a primary consideration.  OMNI interfaces
   that send original IP packets/parcels directly over underlay
   interfaces without invoking the OAL can only reach peers located on
   the same OMNI link segment.  Source Clients can instead use the OAL
   to coordinate with target Clients in the same or different OMNI link
   segments by sending initial carrier packets to a First-Hop Segment
   (FHS) Proxy/Server.  The FHS Proxy/Sever then sends the carrier
   packets into the SRT spanning tree, which transports them to a Last-
   Hop Segment (LHS) Proxy/Server for the target Client.

   The OMNI interface encapsulation/decapsulation layering possibilities
   are shown in Figure 2 below.  Imaginary vertical lines drawn between
   the Network Layer at the top of the figure and Underlay Interfaces at
   the bottom of the figure denote the various encapsulation/
   decapsulation layering combination possibilities.  Common
   combinations include IP-only (i.e., direct access to underlay
   interfaces with or without using the OMNI interface), IP/IP, IP/UDP/
   IP, IP/UDP/IP/ETH, IP/OAL/UDP/IP, IP/OAL/UDP/ETH, etc.

Templin                   Expires 11 July 2025                 [Page 22]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

    +------------------------------------------------------------+  ^
    |          Network Layer (Original IP packets/parcels)       |  |
    +--+---------------------------------------------------------+ L3
       |         OMNI Interface (virtual sublayer nexus)         |  |
       +--------------------------+------------------------------+  -
                                  |      OAL Encaps/Decaps       |  ^
                                  +------------------------------+ OAL
                                  |        OAL Frag/Reass        |  v
                     +------------+---------------+--------------+  -
                     | UDP Encaps/Decaps/Compress |                 ^
                +----+---+------------+--------+--+  +--------+     |
                | IP E/D |            | IP E/D |     | IP E/D |    L2
           +----+-----+--+----+    +--+----+---+     +---+----+--+  |
           |ETH E/D|  |ETH E/D|    |ETH E/D|             |ETH E/D|  |
    +------+-------+--+-------+----+-------+-------------+-------+  v
    |                    Underlay Interfaces                     |
    +------------------------------------------------------------+

                     Figure 2: OMNI Interface Layering

   The OMNI/OAL model gives rise to a number of opportunities:

   *  Clients coordinate with the MS and receive both SNP addresses and
      MNP delegations through IPv6 ND control plane message exchanges
      with Proxy/Servers.  Since GUA and ULA addresses are managed for
      uniqueness, no Duplicate Address Detection (DAD) or Multicast
      Listener Discovery (MLD) messaging is necessary over the OMNI
      interface.

   *  underlay interfaces on the same L2 link segment as a Proxy/Server
      do not require any L3 addresses (i.e., not even link-local) in
      environments where communications are coordinated entirely over
      the OMNI interface.

   *  as underlay interface properties change (e.g., link quality, cost,
      availability, etc.), any active interface can be used to update
      the profiles of multiple additional interfaces in a single
      message.  This allows for timely adaptation and service continuity
      under dynamically changing conditions.

   *  coordinating underlay interfaces in this way allows them to be
      represented in a unified MS profile with provisions to support the
      "6 M's of Modern Internetworking".

   *  header compression and path MTU determination is conducted on a
      per-flow basis, with each flow adapting to the best performance
      profiles and path selections.

Templin                   Expires 11 July 2025                 [Page 23]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  exposing a single virtual interface abstraction to the network
      layer allows for multilink operation (including QoS based link
      selection, carrier packet replication, load balancing, etc.) at L2
      while still permitting L3 traffic shaping based on, e.g., DSCP,
      flow label, etc.

   *  the OMNI interface supports multinet traversal over the SRT when
      communications across different administrative domain network
      segments are necessary.  This mode of operation would not be
      possible via direct communications over the underlay interfaces
      themselves.

   *  the OAL supports lossless and adaptive path MTU mitigations not
      available for communications directly over the underlay interfaces
      themselves.  The OAL supports "packing" of multiple original IP
      payload packets/parcels within a single OAL "composite packet" and
      also supports transmission of IP packets/parcels of all sizes up
      to and including (advanced) jumbograms.

   *  the OAL assigns per-packet Identification values that allow for
      adaptation/link layer reliability and data origin authentication.

   *  L3 sees the OMNI interface as a point of connection to the OMNI
      link; if there are multiple OMNI links, L3 will see multiple OMNI
      interfaces.

   *  Multiple independent OMNI interfaces can be used for increased
      fault tolerance through Safety-Based Multilink (SBM), with
      Performance-Based Multilink (PBM) applied within each interface.

   *  Multiple independent OMNI links can be joined together into a
      single link without requiring renumbering of infrastructure
      elements, since the GUAs/ULAs assigned by Proxy/Servers of the
      different links will be mutually exclusive.

   *  the OMNI/OAL model supports transmission of new forms of IP
      packets known as "IP parcels and Advanced Jumbos (AJs)" that
      improve performance and efficiency for both transport layer
      protocols and networked paths.

   *  OMNI provides robust support for both Provider-Aggregated (PA) and
      Provider-Independent (PI) addressing resulting in a versatile
      service for all Client use cases.

   Figure 3 depicts the architectural model for a source Client with an
   attached ENET connecting to the OMNI link via multiple independent
   *NETs.  The Client's OMNI interface forwards adaptation layer IPv6 ND
   solicitation messages over available *NET underlay interfaces using

Templin                   Expires 11 July 2025                 [Page 24]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   any necessary L2 encapsulations.  The IPv6 ND messages traverse the
   *NETs until they reach an FHS Proxy/Server (FHS#1, FHS#2, ...,
   FHS#n), which returns an IPv6 ND advertisement message and/or
   forwards a proxyed version of the message over the SRT to an LHS
   Proxy/Server near the target Client (LHS#1, LHS#2, ..., LHS#m).  The
   Hop Limit in IPv6 ND messages is not decremented due to
   encapsulation; hence, the source and target Client OMNI interfaces
   appear to be attached to a common link.

                           +--------------+
                           |Source Client |
                           +--------------+        (:::)-.
                           |OMNI interface|<-->.-(::ENET::)
                           +----+----+----+      `-(::::)-'
                  +--------|IF#1|IF#2|IF#n|------ +
                 /         +----+----+----+        \
                /                 |                 \
               /                  |                  \
              v                   v                   v
           (:::)-.              (:::)-.              (:::)-.
      .-(::*NET:::)        .-(::*NET:::)        .-(::*NET:::)
        `-(::::)-'           `-(::::)-'           `-(::::)-'
         +-----+              +-----+              +-----+
    ...  |FHS#1|  .........   |FHS#2|   .........  |FHS#n|  ...
   .     +--|--+              +--|--+              +--|--+     .
   .        |                    |                    |
   .        \                    v                    /        .
   .         \                                       /         .
   .           v                 (:::)-.           v            .
   .                        .-(::::::::)                       .
   .                    .-(::: Segment :::)-.                  .
   .                  (:::::   Routing   ::::)                 .
   .                     `-(:: Topology ::)-'                  .
   .                         `-(:::::::-'                      .
   .                  /          |          \                  .
   .                 /           |           \                 .
   .                v            v            v
   .     +-----+              +-----+              +-----+     .
    ...  |LHS#1|  .........   |LHS#2|   .........  |LHS#m|  ...
         +--|--+              +--|--+              +--|--+
             \                   |                    /
              v                  v                   v
                       <-- Target Clients -->

       Figure 3: Source/Target Client Coordination over the OMNI Link

Templin                   Expires 11 July 2025                 [Page 25]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   After the initial IPv6 ND message exchange, the source Client (as
   well as any nodes on its attached ENETs) can send carrier packets to
   the target Client via the OMNI interface.  OMNI interface multilink
   services will forward the carrier packets via FHS Proxy/Servers for
   the correct underlay *NETs.  The FHS Proxy/Server then re-
   encapsulates the carrier packets and forwards them over the SRT which
   delivers them to an LHS Proxy/Server, and the LHS Proxy/Server in
   turn re-encapsulates and forwards them to the target Client.  (Note
   that when the source and target Client are on the same SRT segment,
   the FHS and LHS Proxy/Servers may be one and the same.)

   Mobile Clients select a MAP Proxy/Server (not shown in the figure),
   which will often be one of their FHS Proxy/Servers but could also be
   any Proxy/Server on the OMNI link.  Clients then register all of
   their *NET underlay interfaces with the MAP Proxy/Server via per
   interface FHS Proxy/Servers in a pure proxy role.  The MAP Proxy/
   Server then provides a designated router that advertises the Client's
   MNPs into the OMNI link routing system, and the Client can quickly
   migrate to a new MAP Proxy/Server if the former becomes unresponsive.

   Clients therefore use Proxy/Servers as gateways into the SRT to reach
   OMNI link correspondents via a spanning tree established in a manner
   outside the scope of this document.  Proxy/Servers forward critical
   MS control messages via the secured spanning tree and forward other
   messages via the unsecured spanning tree (see Security
   Considerations).  When AERO route optimization is applied, Clients
   can instead forward directly to correspondents in the same SRT
   segment to reduce Proxy/Server and/or Gateway load.

   Note: while not shown in the figure, a Client's ENET may connect many
   additional Hosts and even other Clients in a recursive extension of
   the OMNI link.  This OMNI virtual link extension will be discussed
   more fully throughout the document.

   Note: Original IP packets/parcels sent into an OMNI interface will
   receive consistent consideration according to their size as discussed
   in the following sections, while those sent directly over underlay
   interfaces that exceed the underlay network path MTU are dropped with
   an ordinary ICMP Packet Too Big (PTB) message returned.  These PTB
   messages are subject to loss the same as for any non-OMNI IP
   interface [RFC2923].

Templin                   Expires 11 July 2025                 [Page 26]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

5.  OMNI Interface Maximum Transmission Unit (MTU)

   The OMNI interface observes the link nature of tunnels, including the
   Maximum Transmission Unit (MTU), Effective MTU to Send (EMTU_S),
   Effective MTU to Receive (EMTU_R) and the role of fragmentation and
   reassembly [I-D.ietf-intarea-tunnels].  The OMNI interface is
   configured over one or more underlay interfaces as discussed in
   Section 4, where underlay links and network paths may have diverse
   MTUs.  OMNI interface considerations for accommodating original IP
   packets/parcels of various sizes are discussed in the following
   sections.

   IPv6 underlay interfaces are REQUIRED to configure a minimum MTU of
   1280 octets and a minimum EMTU_R of 1500 octets [RFC8200].
   Therefore, the minimum IPv6 path MTU is 1280 octets since routers on
   the path are not permitted to perform network fragmentation even
   though the destination is required to reassemble more.  The network
   therefore MUST forward original IP packets/parcels as large as 1280
   octets without generating an IPv6 Path MTU Discovery (PMTUD) Packet
   Too Big (PTB) message [RFC8201].  Since each OAL intermediate system
   must configure an EMTU_R of at least 65535 octets (see: Section 6.3),
   the source can apply "source fragmentation" for carrier packets as
   large as that size but this does not affect the minimum IPv6 path
   MTU.)

   IPv4 underlay interfaces are REQUIRED to configure a minimum MTU of
   68 octets [RFC0791] and a minimum EMTU_R of 576 octets
   [RFC0791][RFC1122].  Therefore, when the Don't Fragment (DF) bit in
   the IPv4 header is set to 0 the minimum IPv4 path MTU is 576 octets
   since routers on the path support network fragmentation and the
   destination is required to reassemble at least that much.  The OMNI
   interface therefore SHOULD set DF to 0 in the IPv4 encapsulation
   headers of carrier packets no larger than 576 octets, and SHOULD set
   DF to 1 in larger carrier packets unless it has a way to determine
   the EMTU_R of the next OAL hop as discussed in Section 6.15.  This
   limitation is therefore relaxed by the requirement that each OAL
   intermediate system must configure a minimum EMTU_R of 65535 octets
   (see: Section 6.3) allowing for IPv4 fragmentation and reassembly for
   larger carrier packets.

   The OMNI interface itself sets an "unlimited" MTU of (2**32 - 1)
   octets.  The network layer therefore unconditionally admits all
   original IP packets/parcels into the OMNI interface, where the
   adaptation layer accommodates them if possible according to their
   size.  For each parcel that it accommodates, the OAL source within
   the OMNI interface first performs "parcellation" if necessary to
   break large parcels into smaller sub-parcels that can transit the OAL
   path (see: Section 5.1).  The OAL source then invokes adaptation

Templin                   Expires 11 July 2025                 [Page 27]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   layer encapsulation/fragmentation services to transform all original
   IP packets and (sub-)parcels no larger that 65535 octets into OAL
   packets/fragments.  The OAL source then applies L2 encapsulation and
   fragmentation if necessary to form carrier packets and finally
   forwards the carrier packets via underlay interfaces.

   When the OAL source performs IPv6 encapsulation and fragmentation
   (see: Section 6), the Payload Length field limits the maximum-sized
   original IP packet/parcel that the OAL can accommodate while applying
   IPv6 fragmentation to (2**16 - 1) = 65535 octets (i.e., not including
   the OAL encapsulation header lengths).  The OAL source is also
   permitted to forward packets/parcels larger than this size as a best-
   effort delivery service if the L2 path can accommodate them through
   "jumbo-in-jumbo" encapsulation (see: Section 5.2); otherwise, the OAL
   source discards the packet and arranges to return a PTB "hard error"
   to the original source (see: Section 6.9).

   Each OMNI interface therefore sets a minimum EMTU_R of 65535 octets
   (plus the length of the OAL encapsulation headers), and each OAL
   destination must consistently either accept or reject still larger
   whole packets that arrive over any of its underlay interfaces
   according to their size.  If an underlay interface presents a whole
   packet larger than the OAL destination is prepared to accept (e.g.,
   due to a buffer size restriction), the OAL destination discards the
   packet and arranges to return a PTB "hard error" to the OAL source
   which in turn forwards the PTB to the original source (see:
   Section 6.9).

5.1.  IP Parcels

   As specified in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2], an IP parcel is an IP jumbogram
   variant for which an IPv6 Parcel Payload Option field encodes a value
   between 1 and 65535 octets denoting the non-final transport layer
   protocol segment length while the parcel body includes as many as 64
   individual transport layer protocol segments.  A single-segment
   parcel is termed an "Advanced Jumbo (AJ)" as discussed below.

   IP parcel "parcellation" and "reunification" procedures for OMNI
   interfaces are specified in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2], while OAL encapsulation and
   fragmentation procedures are specified in Section 6.13 of this
   document.  The maximum-sized IP parcel that can be conveyed over an
   OMNI interface using OAL parcellation and IPv6 fragmentation-based
   assured delivery is one with 64 segments of 65535 (minus headers)
   octets in length.  (The OAL source can instead forward larger AJs as
   a best-effort service using jumbo-in-jumbo encapsulation if the OAL/
   L2 path can accommodate them.)

Templin                   Expires 11 July 2025                 [Page 28]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   IP parcels follow the same link models described for Advanced Jumbos
   below.  IP parcels that accumulate link errors on the path are
   subject to end-to-end integrity checking at the final destination.

   ENET end systems that implement either the full OMNI interface (i.e.,
   Clients) or enough of the OAL to process parcels (i.e., Hosts) are
   permitted to exchange parcels with consenting peers.  This
   accommodates nodes that connect to the OMNI link but do not assign
   OAL addresses.

5.2.  Advanced Jumbos (AJs)

   While the maximum-sized original IP packet/parcel that the OAL can
   accommodate using IPv6 fragmentation-based assured delivery is 65535
   octets, OMNI interfaces can forward much larger singleton parcels
   termed "Advanced Jumbos (AJs)" via jumbo-in-jumbo encapsulation as
   specified in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2].  For jumbo-in-jumbo encapsulation of
   large AJs, the OAL source appends an OAL IPv6 header plus extensions
   then appends any L2 headers to identify this as an AJ.  Since the
   Jumbo Payload Length is 32 bits, the largest possible AJ is limited
   to (2**32 - 1) octets minus the lengths of any extension/
   encapsulation headers, or smaller still for transmission over
   underlay interfaces that include additional extensions/
   encapsulations.

   Basic IPv6 jumbograms per [RFC2675] use the Jumbo Payload Option and
   set the IPv6 Payload Length field to 0.  IP parcels and AJs instead
   use a suite of Destination and HBH options that carry the same option
   "rest" code but different option Types.  The OAL/L2 source forwards
   basic jumbograms and AJs as giant carrier packets using jumbo-in-
   jumbo encapsulation, noting that traditional 32-bit link CRCs do not
   provide adequate integrity protection for such large sizes [CRC].  If
   a basic jumbogram is dropped along the path to the OAL destination,
   the OAL source arranges to return an ICMP PTB "hard error" to the
   original source.  If a parcel/AJ is dropped, the OAL source instead
   arranges to return ICMP PTB "soft errors" (see: Section 6.9).

Templin                   Expires 11 July 2025                 [Page 29]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   AJs range in size from the largest possible unit as discussed above
   to the smallest unit that includes only the headers and a small or
   possibly even NULL payload.  Intermediate hops forward AJs that
   follow a new DTN link model for the Internet (instead of dropping)
   even if link errors were incurred along the path.  The AJ will then
   arrive at the destination along with any cumulative link errors
   collected on the path.  The final destination then applies end-to-end
   integrity checks and/or error correction while requesting
   retransmission only as a last resort.  This link model may be more
   appropriate for delay/disruption-tolerant environments such as
   anticipated for air/land/sea/space mobile Internetworking.

   Advanced jumbo services for both IPv6 and IPv4 (including jumbo path
   probing and jumbo-in-jumbo encapsulation) are specified in
   [I-D.templin-6man-parcels2] and [I-D.templin-intarea-parcels2].

5.3.  Control/Data Plane Considerations

   The above sections primarily concern data plane aspects of the OMNI
   interface MTU and describe the data plane service model offered to
   the network layer.  OMNI interfaces also internally employ a control
   plane service based on IPv6 Neighbor Discovery (ND) messaging.  These
   control plane messages must be sent over secured underlay interfaces
   (e.g., IPsec tunnels, secured direct point-to-point links, etc.) or
   over unsecured paths but with an authentication signature included.
   In all control plane path cases, the IPv6 minimum MTU of 1280 octets
   must be assumed.

   OMNI interfaces therefore offer an unlimited data plane MTU to the
   network layer but set a more conservative MTU for the internal
   control plane operation.  OMNI interfaces assume a fixed control
   plane path MTU of 1280 octets (minus OAL encapsulation overhead) for
   transmission of IPv6 ND messages.  OMNI interfaces should send
   multiple smaller IPv6 ND messages instead of singleton larger
   messages whenever possible to minimize fragmentation.

6.  The OMNI Adaptation Layer (OAL)

   The OMNI interface forwards original IP packets/parcels from the
   network layer for transmission over one or more underlay interfaces.
   The OMNI Adaptation Layer (OAL) acting as the OAL source then
   replaces the virtual Ethernet header with an IPv6 encapsulation
   header to form OAL packets subject to OAL fragmentation.  OAL
   fragmentation then produces IPv6 fragments suitable for L2
   encapsulation and transmission as carrier packets.  These carrier
   packets may in turn be subject to IP fragmentation over underlay
   interface paths as described in Section 6.1.

Templin                   Expires 11 July 2025                 [Page 30]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The carrier packets/fragments then travel over one or more underlay
   networks spanned by OAL intermediate systems in the SRT.  Each
   successive OAL intermediate system performs L2 reassembly (if
   necessary) then re-encapsulates by removing the L2 headers of the
   first underlay network and appending L2 headers appropriate for the
   next underlay network while re-fragmenting if necessary.  (This
   process supports the multinet concatenation capability needed for
   joining multiple diverse networks.)  Following any forwarding by OAL
   intermediate systems, the carrier packets arrive at the OAL
   destination.

   When the OAL destination receives the carrier packets, it performs L2
   reassembly (if necessary) then discards the L2 headers and
   reassembles the resulting OAL fragments into an OAL packet as
   described in Section 6.3.  The OAL destination next replaces the OAL
   packet IPv6 encapsulation header with a virtual Ethernet header to
   obtain the original IP packet/parcel for delivery to the network
   layer via the OMNI interface.  The OAL source may be either the
   source Client or its FHS Proxy/Server, while the OAL destination may
   be either the LHS Proxy/Server or the target Client.  Proxy/Servers
   (and SRT Gateways per [I-D.templin-6man-aero3]) may also serve as OAL
   intermediate systems.

   The OAL presents an OMNI sublayer abstraction similar to ATM
   Adaptation Layer 5 (AAL5).  Unlike AAL5 which performs segmentation
   and reassembly with fixed-length 53-octet cells over ATM networks,
   however, the OAL uses IPv6 encapsulation, fragmentation and
   reassembly with larger variable-length cells over heterogeneous
   networks.  Detailed operations of the OAL are specified in the
   following sections.

6.1.  OAL Source Encapsulation and Fragmentation

   When the network layer forwards an original IP packet/parcel into the
   OMNI interface, it either sets the TTL/Hop Limit for locally-
   generated packets or decrements the TTL/Hop Limit according to
   standard IP forwarding rules.  The OAL source next creates an "OAL
   packet" by replacing the virtual Ethernet header with an IPv6
   encapsulation header in the spirit of [RFC2473].  The OAL source sets
   the IPv6 encapsulation header Version to "OMNI-OFH" (see:
   Section 6.2) and Next Header to TBD1 (see: IANA Considerations).

   When the OAL source performs IPv6 encapsulation, it next copies the
   "Type of Service/Traffic Class" [RFC2983] and "Explicit Congestion
   Notification (ECN)" [RFC3168] values in the original packet/parcel's
   IP header into the corresponding fields in the OAL IPv6 header then
   sets the IPv6 header "Flow Label" as specified in [RFC6438].  The OAL
   source next sets the IPv6 header Payload Length to the length of the

Templin                   Expires 11 July 2025                 [Page 31]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   original IP packet/parcel and sets Hop Limit to a value that is
   sufficiently large to support loop-free forwarding over multiple
   concatenated OAL intermediate hops.  The OAL source next selects OAL
   IPv6 source and destination addresses associated with its own
   adaptation layer interface and the adaptation layer interface of the
   target.  (These are IPv6 addresses that correspond to the virtual
   Ethernet source and destination MAC addresses as maintained in a per
   neighbor address mapping cache for the interface.)

   The OAL source next inserts any necessary extension headers following
   the IPv6 header as specified in Section 6.4.  For OAL data plane
   packets, the source first inserts any per-fragment extension headers
   (e.g., Hop-by-Hop, Routing, etc.) then inserts an IPv6 Extended
   Fragment Header (see: [I-D.templin-6man-ipid-ext2]) with an 8-octet
   (64-bit) OAL packet Identification.  Note that the extension header
   insertions could cause the IPv6 Payload Length to exceed 65535 octets
   by a small amount when the original IP packet is (nearly) the maximum
   length.  The OAL source then fragments the OAL packet if necessary
   according to an OAL Fragment Size (OFS) maintained in AERO Forwarding
   Vectors (AVFs) for each OAL destination.  (The OAL source processes
   OAL packets with payloads that are no larger than the OFS and
   original IP packets/parcels larger than 65535 octets as "atomic
   fragments".)  OAL fragments prepared by the source must not be
   fragmented further by OAL intermediate systems on the path to the OAL
   destination.

   OAL packets that contain original IP parcels no larger than
   (64*65535) octets may be first subject to OMNI interface
   parcellation, after which the (sub-)parcels (as well as OAL packets
   that contain original IP packets no larger than 65535 octets) are
   subject to OAL fragmentation-based assured delivery.  Advanced Jumbos
   (AJs) larger than 65535 octets (see: [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2]) are not eligible for OAL
   fragmentation but instead engage a best effort jumbo-in-jumbo
   encapsulation service as discussed in Section 5.2.

   OAL fragmentation is conducted according to the IPv6 Extended
   Fragment Header (EFH) fragmentation specification in
   [I-D.templin-6man-ipid-ext2] with the exception that the IPv6 Payload
   Length may exceed 65535 by at most the length of the extension
   headers.  The OAL source MUST set a "maximum OFS" to a size no
   smaller than 1024 octets and thereafter reduce or increase the
   "effective OFS" according to dynamic network control message
   feedback.  The OAL source SHOULD limit the maximum OFS to a size no
   larger than 65279 octets unless it has assurance that a larger size
   can be accommodated.  (Note that these sizes allow for up to 256
   octets of L2 encapsulation relative to the IPv6 minimum MTU and
   maximum fragmented packet size.)  If an OAL intermediate system or

Templin                   Expires 11 July 2025                 [Page 32]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   the OAL destination advertises a reduced size, the OAL source SHOULD
   reduce the effective OFS accordingly (to a size no smaller than 1024
   octets) and can later increase the effective OFS as network
   conditions improve.  When the OAL source performs fragmentation, it
   SHOULD produce the minimum number of fragments under the effective
   OFS constraints.  The fragments produced MUST be non-overlapping and
   the portion of each non-final fragment following the IPv6 Extended
   Fragment Header MUST be equal in length while that of the final
   fragment MAY be smaller and MUST NOT be larger.

   The OAL source discovers the maximum OFS by including an IPv6 Minimum
   Path MTU Hop-by-Hop Option [RFC9268] in the OAL encapsulation header
   of its Neighbor Solicitation (NS) / Neighbor Advertisement (NA)
   exchanges over the secured spanning tree used to establish multilink
   forwarding state (see: [I-D.templin-6man-aero3]).  Each OAL
   intermediate system on the path sets the minimum path MTU in the NS
   message OAL extension header to the maximum OFS capable of traversing
   the next segment.  (Note that segments traversed by L2 encapsulations
   such as IP tunnels can normally regard the MTU for their unsecured
   overlay network segments as 65535 octets while those traversed by
   direct point-to-point links and multihop MANET links must regard the
   link MTU as a restricting size; therefore, each OAL intermediate
   system MUST correctly recognize and honor the IPv6 Minimum Path MTU
   Hop-by-Hop Option.  Note also that OAL intermediate systems forward
   the NS/NA messages in the control plane, but the returned MTU
   reflects the maximum OFS for the data plane.)  When the OAL
   destination returns an NA message with an OAL header containing an
   IPv6 Minimum Path MTU Hop-by-Hop Option, the OAL source can then set
   the maximum OFS for this AFV by subtracting 256 from the returned
   MTU.  The OAL source can later adaptively increase or decrease the
   effective OFS if it receives dynamic path MTU feedback from an OAL
   intermediate node or destination with the understanding that larger
   OFS sizes may provide better performance but also increase the
   retransmission unit in case of loss.

   For each first fragment, the OAL source replaces the IPv6 Extended
   Fragment Header 1-octet "Reserved" field with the encoding shown in
   Figure 4:

      +-+-+-+-+-+-+-+-+
      | Parcel ID |P|S|
      +-+-+-+-+-+-+-+-+

       Figure 4: IPv6 Extended Fragment Header Reserved Field Coding

   For the first fragment, the OAL source then sets "Parcel ID",
   "(P)arcel" and "More (S)egments" as specified in Section 6.13.

Templin                   Expires 11 July 2025                 [Page 33]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   For each consecutive fragment beginning with the first, the OAL
   source then writes a monotonically-increasing "ordinal" value between
   0 and 63 in the Extended Fragment Header Index field.  Specifically,
   the OAL source writes the ordinal value '0' for the first fragment,
   '1' for the first non-first fragment, '2' for the next, '3' for the
   next, etc. up to the final fragment.  The final fragment may assign
   an ordinal as large as '63' such that at most 64 fragments are
   possible.  During a network path change, an OAL intermediate system
   may apply further OAL fragmentation to produce minimum-length
   (sub-)fragments.  The OAL destination will then reassemble these
   (sub-)fragments then combine each reassembled fragment with all other
   fragments of the same OAL packet and return rate-limited indications
   to inform the OAL source that the path has changed.

   The OAL source finally encapsulates the fragments in L2 headers to
   form carrier packets for transmission over underlay interfaces, while
   retaining the fragments and their ordinal numbers (i.e., #0, #1, #2,
   etc.) for a brief period to support adaptation layer retransmissions
   (see: Section 6.8).  OAL fragment and carrier packet formats are
   shown in Figure 5 (note that IPv4 carrier packets with DF=0 may
   include trailing checksums ("Csum") as discussed in Section 6.2).

        +----------+-------------------------+---------------+
        |OAL Header| Original Packet Headers |    Frag #0    |
        +----------+-------------------------+---------------+
        +----------+----------------+
        |OAL Header|     Frag #1    |
        +----------+----------------+
        +----------+----------------+
        |OAL Header|     Frag #2    |
        +----------+----------------+
                    ....
        +----------+----------------+
        |OAL Header|   Frag #(N-1)  |
        +----------+----------------+
        a) OAL fragmentation

        +----------+-----------------------------+
        |OAL Header|  Original IP packet/parcel  |
        +----------+-----------------------------+
        b) An OAL atomic fragment

        +--------+----------+----------------+------+
        |L2 Hdrs |OAL Header|     Frag #i    | Csum |
        +--------+----------+----------------+------+
        c) OAL carrier packet after L2 encapsulation

Templin                   Expires 11 July 2025                 [Page 34]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                Figure 5: OAL Fragments and Carrier Packets

6.2.  OAL L2 Encapsulation and Re-Encapsulation

   The OAL source or intermediate system next encapsulates each OAL
   fragment (with either full or compressed headers) in L2 encapsulation
   headers to create a carrier packet.  The OAL source or intermediate
   system (i.e., the L2 source) includes a UDP header as the innermost
   sublayer if NATs and/or filtering middleboxes might occur on the
   path.  Otherwise, the L2 source includes a full/compressed IP header
   and/or an actual link layer header (e.g., such as for Ethernet-
   compatible links) as the innermost sublayer.  The L2 source also
   appends any additional encapsulation sublayer headers necessary
   (e.g., IPsec AH/ESP, jumbo-in-jumbo encapsulation, etc.).

   The L2 source encapsulates the OAL information immediately following
   the innermost L2 sublayer header.  The L2 source next interprets the
   first 4 bits following the L2 headers as a Type field that determines
   the type of OAL header that follows.  The OAL source sets Type to
   (OMNI-OFH) for an uncompressed IPv6 OMNI Full Header (OFH) or (OMNI-
   OCH1/2) for an OMNI Compressed Header, Type 1 (OCH1) or 2 (OCH2) as
   specified in Section 6.5.  For IP packets/parcels that do not include
   an OAL IPv6 encapsulation header, the L2 source instead interprets
   the first 4 bits as a Version field that encodes '4' (OMNI-IP4) for
   an ordinary IPv4 packet/parcel or '6' (OMNI-IP6) for an ordinary IPv6
   packet/parcel.  Other Type values (including a Type for a Hop-by-Hop
   Options header that includes a Parcel Payload Option) may also appear
   as specified in Section 6.5.

   The OAL node prepares the L2 encapsulation headers for OAL packets/
   fragments as follows:

   *  For UDP/IP encapsulation, the L2 source sets the UDP source port
      to 8060 (i.e., the port number reserved for AERO/OMNI).  When the
      L2 destination is a Proxy/Server or Gateway, the L2 source sets
      the UDP destination port to 8060; otherwise, the L2 source sets
      the UDP destination port to its cached port number value for the
      peer.  The L2 source next sets the UDP Length the same as
      specified in [I-D.ietf-tsvwg-udp-options].  (If the OAL packet is
      submitted for jumbo-in-jumbo encapsulation, the L2 source instead
      includes a Hop-by-Hop Options header with a Parcel Payload Option
      with Advanced Jumbo Type 0 following the L2 UDP/IP header with the
      length of the L2 UDP header included in the Jumbo Payload Length.)
      The L2 source then sets the IP {Protocol, Next Header} to '17'
      (the UDP protocol number) and sets the {Total, Payload} Length the
      same as specified in the base IP protocol specifications for IP
      parcels and Advanced Jumbos (see: [I-D.templin-6man-parcels2] and
      [I-D.templin-intarea-parcels2]) or for ordinary IP packets (see:

Templin                   Expires 11 July 2025                 [Page 35]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      [RFC0791], [RFC8200] and [I-D.ietf-tsvwg-udp-options]).  The L2
      source then continues to set the remaining IP header fields as
      discussed below.

   *  For raw IP encapsulation, the L2 source sets the IP {Protocol,
      Next Header} to TBD1 (see: IANA Considerations) and sets the
      {Total, Payload} Length the same as specified in [RFC0791] or
      [RFC8200].  (If the OAL header includes a Parcel Payload Option
      with an Advanced Jumbo Type, the L2 source includes an Parcel
      Payload Option with AJ Type 0 in the L2 IP header.)  The L2 source
      then continues to set the remaining IP header fields as discussed
      below.

   *  For IPsec AH/ESP encapsulation, the L2 source sets the appropriate
      IP or UDP header to indicate AH/ESP then sets the AH/ESP Next
      Header field to TBD1 the same as for raw IP encapsulation.

   *  For direct encapsulations over Ethernet-compatible links, the L2
      source prepares an Ethernet Header with EtherType set to TBD2
      (see: Section 21.2) (see: Section 7).

   *  For OAL packet/fragment encapsulations over secured underlay
      interface connections to the secured spanning tree, the L2 source
      applies any L2 security encapsulations according to the protocol
      (e.g., IPsec).  These secured carrier packets are then subject to
      lower layer security services including fragmentation and
      reassembly.

   When an L2 source includes a UDP header, it SHOULD calculate and
   include a UDP checksum in carrier packets with full OAL headers to
   prevent mis-delivery and/or detect IPv4 reassembly corruption; the L2
   source MAY set UDP checksum to 0 (disabled) in carrier packets with
   compressed OAL headers (see: Section 6.5) or when reassembly
   corruption is not a concern.  If the L2 source discovers that a path
   is dropping carrier packets with UDP checksums disabled, it should
   supply UDP checksums in future carrier packets sent to the same L2
   destination.  If the L2 source discovers that a path is dropping
   carrier packets that do not include a UDP header, it should include a
   UDP header in future carrier packets.

   When an L2 source sends carrier packets with compressed OAL headers
   and with UDP checksums disabled, mis-delivery due to corruption of
   the AERO Forwarding Vector Index (AFVI) is possible but unlikely
   since the corrupted index would somehow have to match valid state in
   the (sparsely-populated) AERO Forwarding Information Base (AFIB).  In
   the unlikely event that a match occurs, an OAL destination may
   receive carrier packets that contain a mis-delivered OAL fragment but
   can immediately reject any with incorrect Identifications.  If the

Templin                   Expires 11 July 2025                 [Page 36]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Identification value is somehow accepted, the OAL destination may
   submit the mis-delivered OAL fragment to the reassembly cache where
   it will most likely be rejected due to incorrect reassembly
   parameters.  If a reassembly that includes the mis-delivered OAL
   fragment somehow succeeds (or, for atomic fragments) the OAL
   destination will verify any included checksums to detect corruption.
   Finally, any spurious data that somehow eludes all prior checks will
   be detected and rejected by end-to-end upper layer integrity checks.
   See: [RFC6935] [RFC6936] for further discussion.

   For UDP/IP or IP-only L2 encapsulations, when the L2 source is also
   the OAL source it next copies the "Type of Service/Traffic Class"
   [RFC2983] and "Explicit Congestion Notification (ECN)" [RFC3168]
   values in the OAL header into the corresponding fields in the L2 IP
   header, then (for IPv6) set the L2 IPv6 header "Flow Label" as
   specified in [RFC6438].  The L2 source then sets the L2 IP TTL/Hop
   Limit the same as for any host (i.e., it does not copy the Hop Limit
   value from the OAL header) and finally sets the source and
   destination IP addresses to direct the carrier packet to the next OAL
   hop.  For carrier packets subject to re-encapsulation, the OAL
   intermediate system as the L2 source reassembles if necessary then
   removes the L2 header(s).  The L2 source then decrements the OAL
   header Hop Limit and discards the OAL packet/fragment if the value
   reaches 0.  The L2 source then copies the Type of Service/Traffic
   Class and ECN values from the previous segment L2 encapsulation
   header into the next segment L2 encapsulation header while setting
   the next segment L2 source and destination IP addresses the same as
   above.  (The L2 source also writes the ECN value into the OAL full/
   compressed header.)

   The L2 source then applies source fragmentation if necessary by
   inserting an IPv6 Fragment Header between the L2 headers and the
   (compressed) OAL header then applying IP fragmentation per [RFC8200]
   or [I-D.herbert-ipv4-eh] to produce carrier packet fragments no
   larger than the current Carrier Fragment Size (CFS).  (Note that the
   OMNI protocol L2 headers appear in each fragment and the Fragment
   Header Next Header field is adjusted as described in Section 6.4
   following fragmentation.)  The L2 source should prepare carrier
   packet fragments no larger than 1280 octets (i.e., the IPv6 minimum
   MTU) until it can determine whether a larger CFS is possible, e.g.,
   through dynamic path probing to the L2 destination.  For IPv4, until
   a probed CFS is determined the L2 source must set DF to 0 and include
   ancillary integrity checks (see below); these IPv4 carrier packet
   fragments may be (further) fragmented by intermediate systems in the
   L2 network.

Templin                   Expires 11 July 2025                 [Page 37]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   For UDP/IPv4 carrier packets/fragments that set DF to 0, the L2
   source calculates the UDP checksum and also includes a trailing
   2-octet IPv4 reassembly checksum as specified in Appendix A.  The L2
   source calculates the checksums simultaneously in a single pass over
   the UDP pseudo-header plus the remainder of the packet following the
   header, then writes the UDP result in the UDP header and the IPv4
   fragmentation result as the final 2 octets of the packet while
   incrementing the IPv4 length by 2.  For raw IPv4 carrier packet
   (re-)encapsulation with DF set to 0, the source instead includes a
   trailing 2-octet IPv4 payload checksum followed by a 2-octet IPv4
   reassembly checksum (calculated as above) while incrementing the IPv4
   length by 4.  The source calculates the IPv4 payload checksum the
   same as specified for UDP checksums [RFC0768], except that instead of
   the UDP length the pseudo header includes the length of the IPv4
   payload only without including the IPv4 header or trailing checksum
   lengths.  The source calculates the IPv4 payload and reassembly
   checksums simultaneously in a single pass over the pseudo header plus
   IPv4 payload the same as for the UDP case without extending to cover
   the trailing checksum fields themselves.  (In both the UDP/IPv4 and
   raw IPv4 cases, the trailing checksum lengths will not cause the
   carrier packet to exceed 65535 octets since each OAL fragment
   reserves space for up to 256 L2 encapsulation octets.)

   The L2 source then sends the resulting carrier packet fragments over
   one or more underlay interfaces.  Underlay interfaces often connect
   directly to physical media on the local platform (e.g., an aircraft
   with a radio frequency link, a laptop computer with WiFi, etc.), but
   in some configurations the physical media may be hosted on a separate
   Local Area Network (LAN) node.  In that case, the OMNI interface can
   establish a Layer-2 VLAN or a point-to-point tunnel (at a layer below
   the underlay interface) to the node hosting the physical media.  The
   OMNI interface may also apply encapsulation at the underlay interface
   layer (e.g., as for a tunnel virtual interface) such that carrier
   packets would appear "double-encapsulated" on the LAN; the node
   hosting the physical media in turn removes the LAN encapsulation
   prior to transmission or inserts it following reception.  Finally,
   the underlay interface must monitor the node hosting the physical
   media (e.g., through periodic keepalives) so that it can convey up-
   to-date Interface Attribute information to the OMNI interface.

   Note: UDP/IPv4 and IPv4 L2 encapsulations that use IPsec AH/ESP do
   not include payload or reassembly integrity checks since the security
   encapsulations already include strong integrity checks.

   Note: the L2 source must include a suitable Identification value in
   the IPv6 Fragment Header when it performs source fragmentation and
   must also include a suitable Identification value in the IPv4 header
   when it sets DF=0.

Templin                   Expires 11 July 2025                 [Page 38]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

6.2.1.  Carrier Fragment Size (CFS) Determination

   For paths that cannot rely on network fragmentation to deliver
   carrier packets that exceed the path MTU, the L2 source should
   actively probe the path to determine the largest possible Carrier
   Fragment Size (CFS) for the L2 destination under current path
   conditions.  The L2 source conducts probing in the spirit of
   "Packetization Layer Path MTU Discovery for Datagram Transports"
   [RFC8899] using a probe packet such as an NS message that includes
   Nonce and Timestamp options [RFC3971] plus a discard trailing packet
   attachment as specified in Section 6.10.  The L2 source then
   encapsulates the message in L2 headers as a whole carrier packet and
   sends the message over the unsecured underlay interface (for IPv4,
   the L2 source also sets the probe packet DF flag to 1.)

   Prior to any probing, the L2 source assumes a nominal CFS of 1280
   octets (the IPv6 minimum MTU) for both IPv6 and IPv4.  Since this
   size is greater than the IPv4 minimum MTU, the L2 source must set the
   DF bit to 0 in each carrier packet to increase the likelihood that it
   will reach the L2 destination.  When the L2 source sets DF to 0, it
   must include IPv4 payload/reassembly checksum(s) as discussed above.

   When the L2 source engages probing, it will receive NA responses from
   the L2 destination to confirm delivery of its OAL and L2 encapsulated
   padded NS messages.  When the L2 source receives an NA with a
   matching Nonce, it can then advance CFS to the size of the NS probe.
   The L2 source must then continuously probe to confirm the current CFS
   or advance to even larger CFS values using the probing strategies
   specified in [RFC8899].

   After the L2 source confirms a CFS through probing, it can send
   carrier packet fragments up to CFS octets in length and with DF set
   to 1 for IPv4.  If the path changes, the L2 source may receive a PTB
   message from a router on the path and should then reduce and/or re-
   probe the CFS accordingly.

6.3.  Reassembly and Decapsulation

   All OAL intermediate systems and destinations MUST configure an L2
   EMTU_R of 65535 octets on all unsecured underlay interfaces to enable
   successful reassembly of fragmented carrier packets no larger than
   that size (conversely, secured underlay interfaces use an EMTU_R
   specific to the L2 security service such as IPsec).  OAL nodes are
   permitted to accept still larger unfragmented parcels/AJs as a best-
   effort service.  OAL nodes must further recognize and honor the
   extended Identifications included in the IPv6 Extended Fragment
   Header [I-D.templin-6man-ipid-ext2].

Templin                   Expires 11 July 2025                 [Page 39]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   When an OAL node reassembles an IPv4 or IPv6 carrier packet, it
   accepts the reassembled packet following L2 checksum verification if
   necessary.  When an OAL node reassembles an IPv4 carrier packet with
   DF set to 0, it must verify both the UDP or IPv4 payload checksum and
   the IPv4 reassembly checksum.  The OAL node then accepts the
   reassembled packet only if the included checksums are correct, then
   trims the trailing payload/reassembly checksum(s) by decrementing the
   IPv4 length before processing the packet further.  When an OAL node
   detects a checksum error or failed reassembly for either IPv4 or IPv6
   carrier packets, and the IP first fragment includes enough of the OAL
   packet header, the OAL node returns a uNA message with an OMNI
   Fragmentation Report (FRAGREP) option to the OAL source as specified
   in Section 6.8.

   If the carrier packet encodes OMNI L2 extension headers per
   Section 6.4, the OAL node instead removes the UDP header if necessary
   and submits the packet for IPv6 extension header processing per
   [RFC8200] (while converting IPv4/Ethernet headers to IPv6 and
   converting IPv4/EUI addresses to IPv6 compatible addresses if
   necessary as specified above).  The OAL node first sets the IPv6 Next
   Header field to the 8 bit protocol value for the first extension.
   When an (Extended) Fragment Header is included, the OAL node performs
   L2 reassembly per the IPv6 extension header parameters.

   When an OMNI interface processes a (reassembled) carrier packet from
   an underlay interface, it copies the ECN value from the L2
   encapsulation headers into the OAL header if the carrier packet
   contains an OAL first-fragment.  The OMNI interface next discards the
   L2 encapsulation headers and examines the OAL header of the enclosed
   OAL fragment according to the value in the Type field as discussed in
   Section 6.2.  If the OAL fragment is addressed to a different node,
   the OMNI interface (acting as an OAL intermediate system) performs L2
   encapsulation and fragmentation if necessary then forwards while
   decrementing the OAL Hop Limit as discussed in Section 6.2.  If the
   OAL fragment is addressed to itself, the OMNI interface (acting as an
   OAL destination) accepts or drops the fragment based on the (Source,
   Destination, Identification)-tuple.

   The OAL destination next drops all ordinal OAL non-first fragments
   that would overlap or leave "holes" with respect to other ordinal
   fragments already received.  The OAL destination updates a checklist
   of accepted ordinal fragments of the same OAL packet but admits all
   accepted fragments into the reassembly cache.

   During reassembly at the OAL destination, the reassembled OAL packet
   may exceed 65535 by a small amount equal to the size of the OAL
   encapsulation extension headers.  The OAL destination does not write
   this (too-large) value into the OAL header Payload Length field, but

Templin                   Expires 11 July 2025                 [Page 40]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   rather remembers the value during reassembly.  When reassembly is
   complete, the OAL destination finally replaces the OAL IPv6
   encapsulation header with a virtual Ethernet header.  The OAL
   destination's OMNI interface then delivers the original IP packet/
   parcel to the network layer.  The original IP packet/parcel may
   therefore be as large as 65535 octets, or larger still for large
   parcels/AJs delivered through jumbo-in-jumbo encapsulation without
   invoking fragmentation.

   When an OAL path traverses an IPv6 network with routers that perform
   adaptation layer forwarding based on full IPv6 headers with OAL
   addresses, the OAL intermediate system at the head of the IPv6 path
   forwards the OAL packet/fragment the same as an ordinary IPv6 packet
   without decapsulating and delivering to the network layer.  Once
   within the IPv6 network, these OAL packets/fragments may traverse
   arbitrarily-many IPv6 hops before arriving at an OAL intermediate
   system which may again encapsulate the OAL packets/fragments as
   carrier packets for transmission over underlay interfaces.

   Note: carrier packets often traverse paths with underlying links that
   use integrity checks such as CRC-32 which provide adequate hop-by-hop
   integrity assurance for payloads up to ~9K octets [CRC].  However,
   other paths may traverse links (such as fragmenting tunnels over IPv4
   - see: [RFC4963]) that do not include adequate checks.  IP parcels
   and AJs that include end-to-end integrity checks therefore allow the
   final destination to detect any link errors that may have accumulated
   along the path even if the links themselves do not provide adequate
   error checking.

6.4.  OMNI-Encoded IPv6 Extension Headers

   The IPv6 specification [RFC8200] defines extension headers that
   follow the base IPv6 header, while Upper Layer Protocols (ULPs) are
   specified in other documents.  Each extension header present is
   identified by a "Next Header" octet in the previous (extension)
   header and encodes a "Next Header" field in the first octet that
   identifies the next extension header or ULP instance.  The OMNI
   specification supports encoding of IPv6 extension header chains
   immediately following the OMNI L2 UDP, IP or Ethernet header even if
   the L2 IP protocol version is IPv4.  In all cases, the length of the
   IPv6 extension header chain is limited by [I-D.ietf-6man-eh-limits].

Templin                   Expires 11 July 2025                 [Page 41]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OAL source prepares an OMNI extension header chain by setting the
   first 4 bits of the first IPv6 extension header in the chain to a
   Type value for the extension header itself immediately following the
   OMNI L2 protocol header.  The source then sets the next 4 bits to a
   Next value that identifies either a terminating ULP or the next
   extension header in the chain.  The source then sets the first 8 bits
   of each subsequent IPv6 extension header in the chain to the standard
   Next Header encoding as shown in Figure 6:

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      ~               OMNI L2 UDP, IP or Ethernet Header              ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Type |  Next |           Extension Header #1                 ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Next Header  |           Extension Header #2                 ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Next Header  |           Extension Header #3                 ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             ...                         ...                          ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Next Header  |           Extension Header #N                 ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      ~  OMNI Full/Compressed, IPv6/IPv4, TCP/UDP, ICMPv6, ESP, etc.  ~
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 6: OMNI Extension Header Chains

   The following Type/Next values are currently defined:

      0 (OMNI-RES) - Reserved for experimentation.

      1 (OMNI-OCH1) - OMNI Compressed Header, Type 1 per Section 6.5.

      2 (OMNI-OCH2) - OMNI Compressed Header, Type 2 per Section 6.5.

      3 (OMNI-OFH) - OMNI Full Header, per Section 6.5.

      4 (OMNI-IP4) - IPv4 header per [RFC0791].

      5 (OMNI-HBH) - Hop-by-Hop Options per Section 4.3 of [RFC8200].

      6 (OMNI-IP6) - IPv6 header per [RFC8200].

      7 (OMNI-RH) - Routing Header per Section 4.4 of [RFC8200].

      8 (OMNI-FH) - Fragment Header per Section 4.5 of [RFC8200].

Templin                   Expires 11 July 2025                 [Page 42]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      9 (OMNI-DO) - Destination Options per Section 4.6 of [RFC8200].

      10 (OMNI-AH) - Authentication Header per [RFC4302].

      11 (OMNI-ESP) - Encapsulating Security Payload per [RFC4303].

      12 (OMNI-NNH) - No Next Header per Section 4.7 of [RFC8200].

      13 (OMNI-TCP) - TCP Header per [RFC9293].

      14 (OMNI-UDP) - UDP Header per [RFC0768].

      15 (OMNI-ULP) - Upper Layer Protocol shim (see below).

   Entries OMNI-OCH1 through OMNI-AH in the above list follow the
   convention that the OMNI Type/Version appears in the first 4 bits of
   the extension header (or IP header) itself.  Conversely, entries
   OMNI-ESP through OMNI-UDP represent commonly-used ULPs which do not
   encode a Type/Version in the first 4 bits.

   Entries OMNI-HBH, OMNI-RH, OMNI-FH, OMNI-DO and OMNI-AH represent
   true IPv6 extension headers encoded for OMNI, which may be chained.
   Source and destination processing of OMNI extension headers follows
   exactly per their definitions in the normative references, with the
   exception of the special (Type, Next) coding in the first 8 bits of
   the first extension header.

   When a ULP not found in the above table immediately follows the OMNI
   L2 UDP, IP or Ethernet header, the source includes a 2-octet "Type 1
   ULP Shim" before the ULP where both the first 4 bit (Type) and next 4
   bit (Next) fields encode the special value 15 (OMNI-ULP).  The source
   then includes a Next Header field that encodes the IP protocol number
   of the ULP.  The source then includes the ULP data immediately after
   the shim as shown in Figure 7.

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Type=15|Next=15|  Next Header  |   Upper Layer Protocol        ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

          Figure 7: OMNI Upper Layer Protocol (ULP) Shim (Type 1)

   When a ULP "OMNI-(N)" found in the above table immediately follows
   the OMNI L2 UDP, IP or Ethernet header, the source includes a 1-octet
   "Type 2 ULP Shim" before the ULP where the first 4 bits encode the
   special Type value 15 (OMNI-ULP) and the next 4 bits encode the Next
   ULP type "N" taken from the table above.  The source then includes
   the ULP data immediately after the shim as shown in Figure 8.

Templin                   Expires 11 July 2025                 [Page 43]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Type=15| Next=N|          Upper Layer Protocol                 ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

          Figure 8: OMNI Upper Layer Protocol (ULP) Shim (Type 2)

   When a ULP not found in the above table follows a first OMNI
   extension header, the source sets the extension header Next field to
   OMNI-ULP (15) and includes a 1-octet "Type 3 ULP Shim" that encodes
   the IP protocol number for the Next Header of the ULP data that
   follows as shown in Figure 9.

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Next Header  |           Upper Layer Protocol                ~
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

          Figure 9: OMNI Upper Layer Protocol (ULP) Shim (Type 3)

   When a ULP "OMNI-(N)" found in the above table follows a first OMNI
   extension header, the source sets the extension header Next field to
   the ULP Type "N" and does not include a shim.  The ULP then begins
   immediately after the first OMNI extension header.

   When a ULP of any kind follows a non-first OMNI extension header, the
   source sets the extension header Next Header field to the IP protocol
   number for the ULP and does not include a shim.  The ULP then begins
   immediately after the non-first OMNI extension header.

   Note: The L2 UDP header (when present) is logically considered as the
   first L2 extension header in the chain.  If an Advanced Jumbo
   extension header is also present, its Jumbo Payload length includes
   the length of the L2 UDP header.

   Note: After a node parses the extension header chain, it changes the
   "Type/Next" field in the first extension header back to the correct
   "Next Header" value before processing the first extension header.

6.5.  OMNI Full and Compressed Headers (OFH/OCH)

   OAL sources that send OAL packets with OMNI Full Headers (OFH)
   include a new Type TBD3 OMNI Routing Header (ORH) (see: IANA
   Considerations) formatted as shown in Figure 10:

Templin                   Expires 11 July 2025                 [Page 44]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Next Header  |  Hdr Ext Len  | Rtg Type=TBD3 | Segments Left |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                AERO Forwarding Vector Index (AFVI)            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                           Address[1]                          +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                           Address[2]                          +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Figure 10: OMNI Routing Header (ORH)

   In this format, AFVI is a 4-octet AERO Forwarding Vector Index, while
   Address[1] and Address[2] are the IPv6 GUA of the LHS Proxy/Server
   and IPv6 MLA of the final destination, respectively.  At most two
   IPv6 addresses may be present, and the "Hdr Ext Len" value must be
   one of 0, 2 or 4.  If both addresses are present, they must
   correspond to different address scopes, i.e., global scope for the
   first address and MLA scope for the final address.  Processing of the
   routing header segments is the same as specified for IPv6 Routing
   Header 0 (RH0) found in the now-obsolete predecessor of [RFC8200] and
   reproduced in Appendix B of this document.

   The ORH is followed by an IPv6 Extended Fragment Header to support
   segment-by-segment forwarding based on an AERO Forwarding Information
   Base (AFIB) in each OAL intermediate system.  OAL sources,
   intermediate systems and destinations establish header compression
   state in the AFIB through IPv6 ND NS/NA message exchanges.  After an
   initial NS/NA exchange, OAL nodes can apply OMNI Header Compression
   to significantly reduce header overhead.

   OAL nodes apply header compression in order to avoid transmission of
   redundant data found in the original IP packet and OAL encapsulation
   headers; the resulting compressed headers are often significantly
   smaller than the original IP packet header itself even when OAL
   encapsulation is applied.  Header compression is limited to the OAL

Templin                   Expires 11 July 2025                 [Page 45]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   IPv6 encapsulation header plus extensions along with the base
   original IP packet header; it does not extend to include any
   extension headers of the original IP packet which appear as upper
   layer payload immediately following the compressed headers.

   Each OAL node establishes AFIB soft state entries known as AERO
   Forwarding Vectors (AFVs) which support both OAL packet/fragment
   forwarding and OAL/IPv6 header compression/decompression.  The FHS
   OAL sources references each AFV by an AERO Forwarding Vector Index
   (AFVI) which in conjunction with the previous hop L2ADDR provides
   compression/decompression and next hop forwarding context.

   When an OAL node sends carrier packets that contain OAL packets/
   fragments to a next hop, it includes an OFH with an ORH containing
   AFVI forwarding information followed by an Extended Fragment Header.
   If the OAL source applied OAL encapsulation, the first 4 bits
   following the L2 headers must encode the Type OMNI-OFH to signify
   that an uncompressed OFH (plus extensions) is present; otherwise, the
   first 4 bits must encode the value OMNI-IP6 as a Type/Version value
   for IPv6.

   When an OAL intermediate system forwards an OAL packet, it determines
   the AFVI for the next OAL hop by using the AFVI included in the ORH
   to search for a matching AFV.  The OAL intermediate system then
   writes the next hop AFVI into the ORH and forwards the OAL packet to
   the next hop without decrementing Segments Left.  This same AFVI re-
   writing progression begins with the OAL source then continues over
   all OAL intermediate nodes and finally ends at the OAL destination.

   When AFV state is available, the OAL source should omit significant
   portions of the OAL header (plus extensions) and the entire original
   IP packet header by applying OMNI header compression.  For OAL first
   fragments (including atomic fragments), the OAL source uses OMNI
   Compressed Header, Type 1 (OCH1) Format (a) as shown in Figure 11:

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Type  | Traffic Class | OAL Hop Limit | Parcel ID |P|S|Q|F|A|M|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                OAL Identification (4 octets)                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     AFVI (2 or 4 octets)      /  Payload Len (0 or 2 octets)  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | L3 Next Header|  L3 Hop Limit |Header Checksum (0 or 2 octets)|
      +~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+

            Figure 11: OMNI Compressed Header (OCH1) Format (a)

Templin                   Expires 11 July 2025                 [Page 46]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The format begins with a 4-bit Type followed by the 8-bit Traffic
   Class (copied into the OAL header from the original IP packet header)
   followed by an 8-bit (OAL) Hop Limit followed by followed by a 6-bit
   Parcel ID with 2 P/S control bits followed by 4 flag bits.  The
   header next includes the 4 least significant octets of the OAL
   Identification followed by a 2/4-octet AFVI according to whether the
   A flag is set to 0/1, respectively.  The format then includes a
   2-octet Payload Length only if the L2 header does not include a
   length field.  The format finally includes the Next Header and Hop
   Limit values from the original (L3) IP packet header, plus a 2-octet
   Header Checksum only for IPv4 original packets.  (Note that these
   values represent compression of the original IP packet header plus
   the OFH header along with its ORH and Extended Fragment Header in a
   unified concatenation.)

   The OAL node sets Type to OMNI-OCH1, sets Hop Limit to the
   uncompressed OAL header Hop Limit and sets the ECN bits in the
   Traffic Class field the same as for an uncompressed IP header.  The
   OAL node next sets (F)ormat to 0 then sets (M)ore Fragments, Parcel
   ID, (P)arcel, and More (S)egments the same as for an uncompressed
   Extended Fragment Header.  The OAL node finally sets the L3 Next
   Header and Hop Limit fields to the values that would appear in the
   uncompressed original IP header; the OAL node also includes a 2-octet
   Header Checksum for IPv4 original packets, or omits the Header
   Checksum for IPv6 original packets.

   The payload of the OAL first fragment (i.e., beginning after the
   original IP header) is then included immediately following the OCH1
   header, and the L2 header length field (if present) is reduced by the
   difference in length between the compressed and full-length headers.
   If the L2 header includes a length field, the OAL destination can
   determine the payload length by examining the L2 header; otherwise,
   the OCH1 header itself includes a 2-octet Payload Length field that
   encodes the length of the packet payload (or first fragment) that
   follows the OCH1.  Note that first fragments (and atomic packets) are
   logically considered ordinal fragment 0 even though no ordinal value
   is transmitted.

   When the OAL source has multiple original atomic IP packets enqueued
   that would include identical original IP headers (except for the
   Payload Length), it can set the (Q)ueued flag and perform "compressed
   packing" (see: Section 6.10).  When the Q flag is set, the M flag
   MUST be 0, meaning that the payload MUST NOT extend beyond the first
   fragment.  The Payload Length field MUST be included, but encodes the
   length of the first queued packet payload only.  The OCH1 header is
   then followed by the payload of the first queued packet (i.e., with
   the IP header removed) which is followed by a second Payload Length
   field that encodes the length of the second queued packet payload.

Templin                   Expires 11 July 2025                 [Page 47]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The second Payload Length is then followed by the payload of the
   second queued packet which is followed by a third Payload Length (and
   possibly also a third packet payload), etc., until a final Payload
   Length field that encodes the value 0 appears.  When the OAL
   destination receives an OCH1 OAL packet with the Q flag set, it
   extracts each packet payload (while appending the original IP header
   with only the Payload Length values differing) by following the chain
   of Payload Length fields present.

   For OAL non-first fragments (i.e., those with non-zero Index), the
   OAL uses OMNI Compressed Header, Type 1 (OCH1) Format (b) as shown in
   Figure 12:

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Type  | Traffic Class | OAL Hop Limit |   Index   |Resvd|F|A|M|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                   Identification (4 octets)                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     AFVI (2 or 4 octets)      /  Payload Len (0 or 2 octets)  |
      +~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+

            Figure 12: OMNI Compressed Header (OCH1) Format (b)

   The format begins with a 4-bit Type followed by an 8-bit Traffic
   Class followed by an 8-bit OAL Hop Limit the same as for first
   fragments.  The format next includes a 6-bit ordinal fragment Index
   followed by a (F)ormat flag, an (A)FVI extension flag and finally a
   (M)ore Fragments flag.  The format next includes the least-
   significant 4 octets of the OAL Identification followed by a
   2/4-octet AFVI according to the A flag followed by a 0/2-octet
   Payload Length field the same as for an OCH1 first fragment.

   The OAL node sets Type to OMNI-OCH1, sets Hop Limit to the
   uncompressed OAL header Hop Limit value, sets (Index, (M)ore
   Fragments, Identification) to their appropriate values as a non-first
   fragment and sets (F)ormat to 1.  In the process, the OAL Node sets
   Index to a monotonically increasing ordinal value beginning with 1
   for the first non-first fragment, 2 for the second non-first
   fragment, 3 for the third non-first fragment, etc., up to at most 63
   for the final fragment.

Templin                   Expires 11 July 2025                 [Page 48]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OAL non-first fragment body is then included immediately
   following the OCH1 header, and the L2 header length field (if
   present) is reduced by the difference in length between the
   compressed headers and full-length original IP header with OFH plus
   extensions.  The OAL destination will then be able to determine the
   Payload Length by examining the L2 header length field if present;
   otherwise by examining the 2-octet OCH1 Payload Length the same as
   for first fragments.

   The OCH1 Format (a) is used for all original IPv6 packets that do not
   include a Fragment Header as well as for original IPv4 packets that
   set IHL to 5, DF to 1 and (MF; Fragment Offset) to 0 (the OCH1 Format
   (b) is used for all non-first fragments regardless of the original IP
   version).

   For other "non-atomic" original IP packets and first fragments, the
   OAL uses the "Type 2" OMNI Compressed Header (OCH2) formats shown in
   Figure 13 and Figure 14:

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Type  | Traffic Class | OAL Hop Limit | Parcel ID |P|S|R|F|A|M|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                  OAL Identification (4 octets)                |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     AFVI (2 or 4 octets)      /  Payload Len (0 or 2 octets)  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | L3 Next Header| L3 Hop Limit  |      Fragment Offset    |Res|M|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       IPv6 Identification                     |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

        Figure 13: OMNI Compressed Header, Type 2 (OCH2) Format (a)

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Type  |Type of Service| OAL Hop Limit | Parcel ID |P|S|R|F|A|M|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                  OAL Identification (4 octets)                |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     AFVI (2 or 4 octets)      /  Payload Len (0 or 2 octets)  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Version|  IHL  |      IPv4 Identification      |Flags|Offset(1)|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Offset(2)   | Time to Live  |    Protocol   |  Checksum (1) |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Checksum (2) |            Options            |    Padding    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

        Figure 14: OMNI Compressed Header, Type 2 (OCH2) Format (b)

Templin                   Expires 11 July 2025                 [Page 49]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   In both of the above OCH2 formats, the leading octets include the
   same information that would appear in a corresponding OCH1 format (a)
   header with the exception that the Q flag is replaced with an R flag
   set to 0.  The (F)ormat flag is set to 0 for format (a) or 1 for
   format (b) the same as for OCH1.

   The remainder of the OCH2 format (a) includes fields that would
   appear in an uncompressed IPv6 header plus Fragment Header extension
   per [RFC8200], while the remainder of format (b) includes fields that
   would appear in an uncompressed IPv4 header per [RFC0791] with the
   Options and Padding lengths calculated based on IHL.

   In both cases, the Source and Destination addresses are not
   transmitted.  (Note that packing is not supported with the OCH2
   format since each non-atomic IP packet header will often include
   different values.)

   When an OAL destination or intermediate system receives a carrier
   packet, it determines the length of the encapsulated OAL information
   and verifies that the innermost L2 next header field indicates OMNI
   (see: Section 6.2), then processes any included OMNI L2 extension
   headers as specified in Section 6.4.  The OAL destination then
   examines the Next Header field of the final L2 extension header.  If
   the Next Header field contains the value TBD1, and the 4-bit Type
   that follows encodes a value OMNI-IP6, OMNI-OFH, OMNI-OCH1 or OMNI-
   OCH2 the OAL node processes the remainder of the OAL header as a full
   or compressed header as specified above.

   The OAL node then uses the AFVI to locate the cached AFV which
   determines the next hop.  During forwarding for compressed headers,
   the OAL node changes the OCH AFVI to the cached value for the AFV
   next hop.  If the OAL node is the destination, it instead
   reconstructs the OFH and original IP headers based on the information
   cached in the AFV combined with the received information in the
   OCH1/2.  For non-atomic fragments, the OAL node then adds the
   resulting OAL fragment to the reassembly cache if the Identification
   is acceptable.  Following OAL reassembly if necessary, the OAL node
   delivers the original IP packet to the network layer.

   For all OCH1/2 types, the source node sets all Reserved fields and
   bits to 0 on transmission and the destination node ignores the values
   on reception.  For both OCH1/2, ECN information is compiled for first
   fragments, and not for non-first fragments.

Templin                   Expires 11 July 2025                 [Page 50]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Finally, if an IPv6 Hop-by-Hop (HBH) and/or Routing Header extension
   header is required to appear as per-fragment extensions with each OAL
   fragment that uses OCH1 format (b) or OCH2 compression the OAL node
   inserts an OMNI-HBH and/or OMNI-RH header as the first extension(s)
   following the L2 header and before the OMNI-OCH1/2 as discussed in
   Section 6.4.

6.6.  L2 UDP/IP Encapsulation Avoidance

   When the OAL node is unable to determine whether the next OAL hop is
   connected to the same underlay link, it should perform carrier packet
   L2 encapsulation for initial packets sent via the next hop over a
   specific underlay interface by including full UDP/IP headers and with
   the UDP port numbers set as discussed in Section 6.2.  The node can
   thereafter attempt to send an NS to the next OAL hop in carrier
   packet(s) that omit the UDP header and set the IP protocol number to
   TBD1.  If the OAL node receives an NA reply, it can omit the UDP
   header in subsequent packets.  The node can further attempt to send
   an NS in carrier packet(s) that omit both the UDP and IP headers and
   set EtherType to TBD2.  If the source receives an NA reply, it can
   begin omitting both the UDP and IP headers in subsequent packets.

   Note: in the above, "next OAL hop" refers to the first OAL node
   encountered on the optimized path to the destination over a specific
   underlay interface as determined through route optimization (e.g.,
   see: [I-D.templin-6man-aero3]).  The next OAL hop could be a Proxy/
   Server, Gateway or the OAL destination itself.

6.7.  OAL Identification Window Maintenance

   The OAL encapsulates each original IP packet/parcel as an OAL packet
   then performs fragmentation to produce one or more carrier packets
   with the same 8-octet Identification value.  In environments where
   spoofing is not considered a threat, OMNI interfaces send OAL packets
   with Identifications beginning with an unpredictable Initial Send
   Sequence (ISS) value [RFC7739] monotonically incremented (modulo
   2**64) for each successive OAL packet sent to either a specific
   neighbor or to any neighbor.  (The OMNI interface may later change to
   a new unpredictable ISS value as long as the Identifications are
   assured unique within a timeframe that would prevent the fragments of
   a first OAL packet from becoming associated with the reassembly of a
   second OAL packet.)  In other environments, OMNI interfaces should
   maintain explicit per-flow send and receive windows to detect and
   exclude spurious carrier packets that might clutter the reassembly
   cache as discussed below.

Templin                   Expires 11 July 2025                 [Page 51]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   OMNI interface neighbors use a window synchronization service similar
   to TCP [RFC9293] to maintain unpredictable ISS values incremented
   (modulo 2**64) for each successive OAL packet and re-negotiate
   windows often enough to maintain an unpredictable profile.  OMNI
   interface neighbors exchange IPv6 ND messages that include OMNI
   Multilink Vector sub-options (see: Section 10.2.8) that include TCP-
   like information fields and flags to manage streams of OAL packets
   instead of streams of octets.  As a link layer service, the OAL
   provides low-persistence best-effort retransmission with no
   mitigations for duplication, reordering or deterministic delivery.
   Since the service model is best-effort and only control message
   sequence numbers are acknowledged, OAL nodes can select unpredictable
   new initial sequence numbers outside of the current window without
   delaying for the Maximum Segment Lifetime (MSL).

   OMNI interface end neighbors and intermediate systems maintain
   current and previous per-flow window state in IPv6 ND NCEs and/or
   AFVs to support dynamic rollover to a new window while still sending
   OAL packets and accepting carrier packets from the previous windows.
   OMNI interface neighbors synchronize windows through asymmetric and/
   or symmetric IPv6 ND message exchanges.  When OMNI end and
   intermediate systems receive an IPv6 ND message with new per-flow
   window information, it resets the previous window state based on the
   current window then resets the current window based on new and/or
   pending information.

   The IPv6 ND message OMNI option Multilink Vector sub-option includes
   TCP-like information fields including Sequence Number,
   Acknowledgement Number, Window and flags (see: Section 10).  OMNI
   interface neighbors and intermediate systems maintain the following
   TCP-like state variables on a per-interface-pair basis (i.e., through
   a combination of NCE and/or AFV state):

       Send Sequence Variables (current, previous and pending)

         SND.NXT - send next
         SND.WND - send window
         ISS     - initial send sequence number

       Receive Sequence Variables (current and previous)

         RCV.NXT - receive next
         RCV.WND - receive window
         IRS     - initial receive sequence number

   OMNI interface neighbors "OAL A" and "OAL B" exchange IPv6 ND
   messages per [RFC4861] with OMNI options that include TCP-like
   information fields in a Multilink Vector.  When OAL A synchronizes

Templin                   Expires 11 July 2025                 [Page 52]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   with OAL B, it maintains both a current and previous SND.WND
   beginning with a new unpredictable ISS and monotonically increments
   SND.NXT for each successive OAL packet transmission.  OAL A initiates
   synchronization by including the new ISS in the Sequence Number of an
   authentic IPv6 ND message with the SYN flag set and with Window set
   to M (up to 2**24) as its advertised send window size while creating
   a NCE in the INCOMPLETE state if necessary.  OAL A caches the new ISS
   as pending, uses the new ISS as the Identification for OAL
   encapsulation, then sends the resulting OAL packet to OAL B and waits
   up to RetransTimer milliseconds to receive an IPv6 ND message
   response with the ACK flag set (retransmitting up to
   MAX_UNICAST_SOLICIT times if necessary).

   When OAL B receives the SYN, it creates a NCE in the STALE state and
   also an AFV if necessary, resets its RCV variables and caches the
   source's send window size M as its receive window size.  OAL B then
   prepares an IPv6 ND message with the ACK flag set, with the
   Acknowledgement Number set to OAL A's next sequence number, and with
   Window set to M.  Since OAL B does not assert an ISS of its own, it
   uses the IRS it has cached for OAL A as the Identification for OAL
   encapsulation then sends the ACK to OAL A.

   When OAL A receives the ACK, it notes that the Identification in the
   OAL header matches its pending ISS.  OAL A then sets the NCE state to
   REACHABLE and resets its SND variables based on the Window size and
   Acknowledgement Number (which must include the sequence number
   following the pending ISS).  OAL A can then begin sending OAL packets
   to OAL B with Identification values within the (new) current SND.WND
   for this interface pair for up to ReachableTime milliseconds or until
   the NCE is updated by a new IPv6 ND message exchange.  This implies
   that OAL A must send a new SYN before sending more than N OAL packets
   within the current SND.WND, i.e., even if ReachableTime is not
   nearing expiration.  After OAL B returns the ACK, it accepts carrier
   packets received from OAL A via this interface pair within either the
   current or previous RCV.WND as well as any new authentic NS/RS SYN
   messages received from OAL A even if outside the windows.

   OMNI interface neighbors can employ asymmetric window synchronization
   as described above using 2 independent (SYN -> ACK) exchanges (i.e.,
   a 4-message exchange), or they can employ symmetric window
   synchronization using a modified version of the TCP "3-way handshake"
   as follows:

Templin                   Expires 11 July 2025                 [Page 53]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  OAL A prepares a SYN with an unpredictable ISS not within the
      current SND.WND and with Window set to M as its advertised send
      window size.  OAL A caches the new ISS and Window size as pending
      information, uses the pending ISS as the Identification for OAL
      encapsulation, then sends the resulting OAL packet to OAL B and
      waits up to RetransTimer milliseconds to receive an ACK response
      (retransmitting up to MAX_UNICAST_SOLICIT times if necessary).

   *  OAL B receives the SYN, then resets its RCV variables based on the
      Sequence Number while caching OAL A's send window size M as its
      receive window size.  OAL B then selects a new unpredictable ISS
      outside of its current window, then prepares a response with
      Sequence Number set to the pending ISS and Acknowledgement Number
      set to OAL A's next sequence number.  OAL B then sets both the SYN
      and ACK flags, sets Window to a chosen send window size N and sets
      the OPT flag according to whether an explicit concluding ACK is
      optional or mandatory.  OAL B then uses the pending ISS as the
      Identification for OAL encapsulation, sends the resulting OAL
      packet to OAL A and waits up to RetransTimer milliseconds to
      receive an acknowledgement (retransmitting up to
      MAX_UNICAST_SOLICIT times if necessary).

   *  OAL A receives the SYN/ACK, then resets its SND variables based on
      the Acknowledgement Number (which must include the sequence number
      following the pending ISS).  OAL A then resets its RCV variables
      based on the Sequence Number and OAL B's advertised send Window N
      and marks the NCE as REACHABLE.  If the OPT flag is clear, OAL A
      next prepares an immediate unsolicited NA message with the ACK
      flag set, the Acknowledgement Number set to OAL B's next sequence
      number, with Window set to N, and with the OAL encapsulation
      Identification to SND.NXT, then sends the resulting OAL packet to
      OAL B.  If the OPT flag is set and OAL A has OAL packets queued to
      send to OAL B, it can optionally begin sending their carrier
      packets under the current SND.WND as implicit acknowledgements
      instead of returning an explicit ACK.

   *  OAL B receives the implicit/explicit acknowledgement(s) then
      resets its SND state based on the pending/advertised values and
      marks the NCE as REACHABLE.  Note that OAL B sets the OPT flag in
      the SYN/ACK to assert that it will interpret timely receipt of
      carrier packets within the (new) current window as an implicit
      acknowledgement.  Potential benefits include reduced delays and
      control message overhead, but use case analysis is outside the
      scope of this specification.)

   Following synchronization, OAL A and OAL B hold updated NCEs and
   AFVs, and can exchange OAL packets with Identifications set to
   SND.NXT for each flow while the state remains REACHABLE and there is

Templin                   Expires 11 July 2025                 [Page 54]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   available window capacity.  (Intermediate systems that establish AFVs
   for the per-flow window synchronization exchanges can also use the
   Identification window for source validation.)  Either neighbor may at
   any time send a new SYN to assert a new ISS.  For example, if OAL A's
   current SND.WND for OAL B is nearing exhaustion and/or ReachableTime
   is nearing expiration, OAL A can continue sending OAL packets under
   the current SND.WND while also sending a SYN with a new unpredictable
   ISS.  When OAL B receives the SYN, it resets its RCV variables and
   may optionally return either an asymmetric ACK or a symmetric SYN/ACK
   to also assert a new ISS.  While sending SYNs, both neighbors
   continue to send OAL packets with Identifications set to the current
   SND.NXT for each interface pair then reset the SND variables after an
   acknowledgement is received.

   While the optimal symmetric exchange is efficient, anomalous
   conditions such as receipt of old duplicate SYNs can cause confusion
   for the algorithm as discussed in Section 3.5 of [RFC9293].  For this
   reason, the OMNI Multilink Vector sub-option includes an RST flag
   which OAL nodes set in solicited NA responses to ACKs received with
   incorrect acknowledgement numbers.  The RST procedures (and
   subsequent synchronization recovery) are conducted exactly as
   specified in [RFC9293].

   OMNI interfaces that employ the window synchronization procedures
   described above observe the following requirements:

   *  OMNI interfaces MUST select new unpredictable ISS values that are
      at least a full window outside of the current SND.WND.

   *  OMNI interfaces MUST set the Window field in SYN messages as a
      non-negotiable advertised send window size.

   *  OMNI interfaces MUST send IPv6 ND messages used for window
      synchronization securely while using unpredictable initial
      Identification values until synchronization is complete.

   It is essential to understand that the above window synchronization
   operations between nodes OAL(A) and OAL(B) are conducted in IPv6 ND
   message exchanges over multihop paths with potentially many OAL(i)
   intermediate hops in the forward and reverse paths (which may be
   disjoint).  Each such forward path OAL(i) caches the sequence number
   and window size advertised from OAL(A) to OAL(B) in its AFV entry
   indexed by the previous hop L2ADDR and AFVI, while each such reverse
   path OAL(i) caches the sequence number, window size and AFVI
   advertised from OAL(B) to OAL(A).  (The forward/reverse path OAL(i)
   nodes then select new unique next-hop AFVIs before forwarding.)

Templin                   Expires 11 July 2025                 [Page 55]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note: Although OMNI interfaces employ TCP-like window synchronization
   and support uNA ACK responses to SYNs, all other aspects of the IPv6
   ND protocol (e.g., control message exchanges, NCE state management,
   timers, retransmission limits, etc.) are honored exactly per
   [RFC4861].  OMNI interfaces further manage per-interface-pair window
   synchronization parameters in one or more AFVs for each neighbor
   pair.

   Note: Recipients of OAL-encapsulated IPv6 ND messages index the NCE
   based on the message source address, which also determines the
   carrier packet Identification window.  However, IPv6 ND messages may
   contain a message source address that does not match the OMNI
   encapsulation source address when the recipient acts as a proxy.

   Note: OMNI interface neighbors apply separate send and receive
   windows for all of their (multilink) underlay interface pairs that
   exchange carrier packets.  Each interface pair represents a distinct
   underlay network path, and the set of paths traversed may be highly
   diverse when multiple interface pairs are used.  OMNI intermediate
   systems therefore become aware of each distinct set of interface pair
   window synchronization parameters based on periodic IPv6 ND message
   updates to their respective AFVs.

6.8.  OAL Fragmentation Reports and Retransmissions

   When the round-trip delay from the original source to the final
   destination is long while the route-trip time from the OAL source the
   OAL destination is significantly shorter, the OAL source can maintain
   a short-term cache of the OAL fragments it sends to OAL destinations
   in case timely best-effort selective retransmission is requested.
   The OAL destination in turn maintains a checklist for (Source,
   Destination, Identification)-tuples of recently received OAL
   fragments and notes the ordinal numbers of OAL fragments already
   received (i.e., as ordinals #0, #1, #2, #3, etc.).  The timeframe for
   maintaining the OAL source and destination caches determines the link
   persistence (see: [RFC3366]).

Templin                   Expires 11 July 2025                 [Page 56]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   If the OAL destination notices some fragments missing after most
   other fragments within the same link persistence timeframe have
   already arrived, it may issue an Automatic Repeat Request (ARQ) with
   Selective Repeat (SR) by sending a uNA message to the OAL source.
   The OAL destination creates a uNA message with an OMNI option with
   one or more Fragmentation Report (FRAGREP) sub-options that include
   (Identification, Bitmap)-tuples for fragments received and missing
   from this OAL source (see: Section 10).  The OAL destination includes
   an authentication signature if necessary, performs OAL encapsulation
   (with its own address as the OAL source and the source address of the
   message that prompted the uNA as the OAL destination) and sends the
   message to the OAL source.

   If an OAL intermediate system or OAL destination processes an OAL
   fragment for which corruption is detected, it may similarly issue an
   immediate ARQ/SR the same as described above.  The FRAGREP provides
   an immediate (rather than time-bounded) indication to the OAL source
   that a fragment has been lost.

   When the OAL source receives the uNA message, it authenticates the
   message then examines any enclosed FRAGREPs.  For each (Source,
   Destination, Identification)-tuple, the OAL source determines whether
   it still holds the corresponding OAL fragments in its cache and
   retransmits any for which the Bitmap indicates a loss event.  For
   example, if the Bitmap indicates that ordinal fragments #3, #7, #10
   and #13 from the OAL packet with Identification 0x0123456789abcdef
   are missing the OAL source only retransmits those fragments.  When
   the OAL destination receives the retransmitted OAL fragments, it
   admits them into the reassembly cache and updates its checklist.  If
   some fragments are still missing, the OAL destination may send a
   small number of additional uNA ARQ/SRs within the link persistence
   timeframe.

   The OAL therefore provides a link layer low-to-medium persistence
   ARQ/SR service consistent with [RFC3366] and Section 8.1 of
   [RFC3819].  The service provides the benefit of timely best-effort
   link layer retransmissions which may reduce OAL fragment loss and
   avoid some unnecessary end-to-end delays.  This best-effort network-
   based service therefore compliments transport and higher layer end-
   to-end protocols responsible for true reliability.

Templin                   Expires 11 July 2025                 [Page 57]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

6.9.  OMNI Interface MTU Feedback Messaging

   When the OMNI interface forwards original IP packets/parcels from the
   network layer, it invokes the OAL and returns internally-generated
   Path MTU Discovery (PMTUD) ICMPv4 "Fragmentation Needed and Don't
   Fragment Set" [RFC1191] or ICMPv6 "Packet Too Big (PTB)" [RFC8201]
   messages as necessary.  This document refers to both message types as
   "PTBs" and introduces a distinction between PTB "hard" and "soft"
   errors as discussed below.

   Ordinary PTB messages are hard errors that always indicate loss due
   to a real MTU restriction has occurred.  However, the OMNI interface
   can also forward original IP packets/parcels via OAL encapsulation
   and fragmentation while at the same time returning PTB soft error
   messages (subject to rate limiting) to the original source to suggest
   smaller sizes due to factors such as link performance
   characteristics, excessive number of fragments needed, reassembly
   congestion, etc.

   This ensures that the path MTU is adaptive and reflects the current
   path used for a given data flow.  The OMNI interface can therefore
   continuously forward original IP packets/parcels without loss while
   returning PTB soft error messages that recommend smaller sizes.
   Original sources that receive the soft errors in turn reduce the size
   of the original IP packets/parcels they send the same as for hard
   errors, but not necessarily due to a loss event.  The original source
   can then resume sending larger packets/parcels if the soft errors
   subside.

   OAL intermediate systems that experience fragment loss and OAL end
   systems that experience reassembly cache congestion can return uNA
   messages that include OMNI encapsulated PTB soft error messages to
   OAL sources that originate fragments (subject to rate limiting).  The
   OAL node creates a secured uNA message with an OMNI option containing
   an ICMPv6 Error sub-option.  The OAL node encodes a PTB message in
   the sub-option with MTU set to a reduced value and with the leading
   portion an OAL first fragment containing the header of an original IP
   packet/parcel for which the source must be notified (see:
   Section 10).

Templin                   Expires 11 July 2025                 [Page 58]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OAL node that sends the uNA encapsulates the leading portion of
   the OAL first fragment (beginning with the OAL header) in the PTB
   "packet in error" field and signs the message if an authentication
   signature is included.  The OAL node then performs OAL encapsulation
   (with its own address as the source and the source address of the
   message that prompted the uNA as the destination) and sends the
   message to the OAL source.  (Note that OAL intermediate systems
   forward uNAs via the secured spanning tree while OAL destination end
   systems include an authentication signature when necessary.)

   When the OAL source receives a uNA message from an OAL intermediate
   system, it can reduce its OFS estimate and begin sending smaller OAL
   fragments and/or reduce its CFS estimate and begin sending smaller
   carrier packet fragments.  When the OAL source receives a uNA message
   from the OAL destination, it sends a corresponding network layer PTB
   soft error to the original source.

   The OAL source prepares the PTB soft error by first setting the Type
   field to 2 for IPv6 [RFC4443] or TBD6 for IPv4 (see: IANA
   considerations).  The OAL source then sets the Code field to "PTB
   Soft Error (no loss)" if the OAL destination forwarded the original
   IP packet/parcel successfully or "PTB Soft Error (loss)" if it was
   dropped (see: IANA considerations).  The OAL source next sets the PTB
   destination address to the original IP packet/parcel source, and sets
   the source address to one of its OMNI interface addresses that is
   reachable from the perspective of the original source.

   The OAL source then sets the MTU field to a value smaller than the
   original IP packet/parcel size but no smaller than 1280, writes as
   much of the original IP packet/parcel first fragment as possible into
   the "packet in error" field such that the entire PTB including the IP
   header is no larger than 1280 octets for IPv6 or 576 octets for IPv4.
   The OAL source then calculates and sets the ICMP Checksum and returns
   the PTB to the original source.

   An original sources that receives these PTB soft errors first
   verifies that the ICMP Checksum is correct and the packet-in-error
   contains the leading portion of one of its recent packet/parcel
   transmissions.  The original source can then adaptively tune the size
   of the original IP packets/parcels it sends to produce the best
   possible throughput and latency, with the understanding that these
   parameters may fluctuate over time due to factors such as congestion,
   mobility, network path changes, etc.  Original sources should
   therefore consider receipt or absence of soft errors as hints of when
   decreasing or increasing packet/parcel sizes may provide better
   performance.

Templin                   Expires 11 July 2025                 [Page 59]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OMNI interface supports continuous transmission and reception of
   packets/parcels of various sizes in the face of dynamically changing
   network conditions.  Moreover, since PTB soft errors do not indicate
   a hard limit, original sources that receive soft errors can resume
   sending larger packets/parcels without waiting for the recommended 10
   minutes specified for PTB hard errors [RFC1191][RFC8201].  The OMNI
   interface therefore provides an adaptive service that accommodates
   MTU diversity especially well-suited for air/land/sea/space mobile
   Internetworking.

   The OMNI interface may also return PTB messages with Parcel Report
   and/or Jumbo Report Codes in response to parcels and/or AJs delivered
   by the network layer and forwarded through jumbo-in-jumbo
   encapsulation.  These Parcel/Jumbo Report messages are prepared the
   same as for PTB soft errors discussed above.  IP parcels and AJs are
   discussed in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2].

   Note: when the OAL source receives persistent Fragmentation Reports
   for a given flow (see: Section 6.8), it should return PTB soft errors
   to the original source (subject to rate limiting) the same as if it
   had received PTB soft errors from the OAL destination.  When the
   original source is likely to retransmit an entire original IP packet
   on its own behalf in case of loss, the OAL destination can elect to
   return only PTB soft errors and refrain from returning Fragmentation
   Reports.

   Note: the OAL source may receive uNA messages that include both a PTB
   soft error and Fragmentation Report(s).  If so, the OAL source both
   returns PTB soft errors to the original source (subject to rate
   limiting) and retransmits any missing fragments if it is configured
   to do so.

   Note: OAL intermediate nodes that reassemble fragmented carrier
   packets should return PTB soft errors subject to rate limiting during
   periods of fragment loss and/or L2 reassembly cache congestion.  The
   OAL previous hop should regard these PTB soft errors as an indication
   to reduce the current CFS for this L2 destination.

6.10.  OAL Composite Packets

   The OAL source ordinarily includes a 40-octet IPv6 encapsulation
   header for each original IP packet/parcel during OAL encapsulation.
   The OAL source then performs fragmentation such that a copy of the
   40-octet IPv6 header plus a 16-octet IPv6 Extended Fragment Header is
   included in each OAL fragment (when a Routing Header is added, the
   OAL encapsulation headers become larger still).  However, these
   encapsulations may represent excessive overhead in some environments.

Templin                   Expires 11 July 2025                 [Page 60]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   OAL header compression as discussed in Section 6.5 can dramatically
   reduce encapsulation overhead, however a complimentary technique
   known as "packing" (see: [I-D.ietf-intarea-tunnels]) supports
   encapsulation of multiple original IP packets/parcels and/or control
   messages within a single OAL "composite packet".

   When the OAL source has multiple original IP packets/parcels to send
   to the same OAL destination with total length no larger than the OAL
   destination EMTU_R, it can concatenate them into a composite packet
   encapsulated in a single OAL header.  Within the OAL composite
   packet, the IP header of the first original IP packet/parcel (iHa)
   followed by its data (iDa) is concatenated immediately following the
   OAL header.  The IP header of the next original packet/parcel (iHb)
   followed by its data (iDb) is then concatenated immediately following
   the first, with each remaining original IP packet/parcel concatenated
   in succession.  The OAL composite packet format is transposed from
   [I-D.ietf-intarea-tunnels] and shown in Figure 15:

                   <------- Original IP packets ------->
                   +-----+-----+
                   | iHa | iDa |
                   +-----+-----+
                         |
                         |     +-----+-----+
                         |     | iHb | iDb |
                         |     +-----+-----+
                         |           |
                         |           |     +-----+-----+
                         |           |     | iHc | iDc |
                         |           |     +-----+-----+
                         |           |           |
                         v           v           v
        +----------+-----+-----+-----+-----+-----+-----+
        |  OAL Hdr | iHa | iDa | iHb | iDb | iHc | iDc |
        +----------+-----+-----+-----+-----+-----+-----+
        <-- OAL composite packet with single OAL Hdr -->

                   Figure 15: OAL Composite Packet Format

   When the OAL source prepares a composite packet, it applies OAL
   fragmentation then applies L2 encapsulation/fragmentation and sends
   the resulting carrier packets to the OAL destination.  When the OAL
   destination receives the composite packet it first reassembles if
   necessary.  The OAL destination then selectively extracts each
   original IP packet/parcel (e.g., by setting pointers into the
   composite packet buffer and maintaining a reference count, by copying
   each packet into a separate buffer, etc.) and forwards each one to
   the network layer.  During extraction, the OAL determines the IP

Templin                   Expires 11 July 2025                 [Page 61]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   protocol version of each successive original IP packet/parcel 'j' by
   examining the 4 most-significant bits of iH(j), and determines the
   length of each one by examining the rest of iH(j) according to the IP
   protocol version.

   When an OAL source prepares a composite packet that includes an IPv6
   ND message with an authentication signature as the first original IP
   packet/parcel (i.e., iHa/iDa), it calculates the authentication
   signature over the remainder of composite packet.  Authentication and
   integrity for forwarding initial data messages in conjunction with
   IPv6 ND messages used to establish NCE state are therefore supported.
   (A second common use case entails a path MTU probe beginning with an
   unsigned IPv6 ND message followed by a suitably large NULL packet
   (e.g., an IP packet with padding octets added beyond the IP header
   and with {Protocol, Next Header} set to 59 ("No Next Header"), a UDP/
   IP packet with port number set to 9 ("discard") [RFC0863], etc.)

   The OAL source can also apply this composite packet packing technique
   at the same time it performs OCH1 header compression as discussed in
   Section 6.5.  Note that this technique can only be applied when all
   original IP packets are atomic packets with IP headers that differ
   only in Payload Length, such as for a stream of packets for a single
   flow that are queued for transmission service at roughly the same
   time.

   The OAL header of a super packet may also include a Parcel Payload
   Option with AJ Type 0 if the total length of all payload packets/
   parcels exceeds 65535 octets.  In that case, the composite packet
   must be forwarded as an atomic fragment over OAL paths that support
   such large sizes.

6.11.  OAL Bubbles

   OAL sources may send NULL OAL packets known as "bubbles" for the
   purpose of establishing Network Address Translator (NAT) state on the
   path to the OAL destination.  The OAL source prepares a bubble by
   crafting an OAL header with appropriate IPv6 source and destination
   ULAs, with the IPv6 Next Header field set to the value 59 ("No Next
   Header" - see [RFC8200]) and with 0 or more octets of NULL protocol
   data immediately following the IPv6 header.

Templin                   Expires 11 July 2025                 [Page 62]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The OAL source includes a random Identification value then
   encapsulates the OAL packet in L2 headers destined to either the
   mapped address of the OAL destination's first-hop ingress NAT or the
   L2 address of the OAL destination itself.  When the OAL source sends
   the resulting carrier packet, any egress NATs in the path toward the
   L2 destination will establish state based on the activity.  At the
   same time, the bubble themselves will be harmlessly discarded by
   either an ingress NAT on the path to the OAL destination or by the
   OAL destination itself.

   The bubble concept for establishing NAT state originated in [RFC4380]
   and was later updated by [RFC6081].  OAL bubbles may be employed by
   mobility services such as AERO.

6.12.  OMNI Hosts

   OMNI Hosts are end systems that connect to the OMNI link over ENET
   underlay interfaces (i.e., either via an OMNI interface or as a
   sublayer of the ENET interface itself).  Each ENET connects to the
   rest of the OMNI link via a Client that distributes an MNP
   delegation.  Clients delegate MNP addresses and/or sub-prefixes to
   ENET nodes (i.e., Hosts, other Clients, routers and non-OMNI hosts)
   using standard mechanisms such as DHCP
   [I-D.ietf-dhc-rfc8415bis][RFC2131] and IPv6 Stateless Address
   AutoConfiguration (SLAAC) [RFC4862].  Clients forward original IP
   packets/parcels between their ENET Hosts and peers on external
   networks acting as routers and/or OAL intermediate systems.

   OMNI Hosts coordinate with Clients and/or other Hosts connected to
   the same ENET using OMNI L2 encapsulation of OMNI IPv6 ND messages.
   The L2 encapsulation headers and ND messages both use the MNP-based
   addresses assigned to ENET underlay interfaces as source and
   destination addresses (i.e., instead of MLAs).  For IPv4 MNPs, the ND
   messages use IPv4-Compatible IPv6 addresses [RFC4291] in place of the
   IPv4 addresses.

   Hosts discover Clients by sending encapsulated RS messages using an
   OMNI link IP anycast address (or the unicast address of the Client)
   as the RS L2 encapsulation destination as specified in Section 13.
   The Client configures the IPv4 and/or IPv6 anycast addresses for the
   OMNI link on its ENET interface and advertises the address(es) into
   the ENET routing system.  The Client then responds to the
   encapsulated RS messages by sending an encapsulated RA message that
   uses its ENET unicast address as the source.  (To differentiate
   itself from an INET border Proxy/Server, the Client sets the RA
   message OMNI Interface Attributes sub-option LHS field to 0 for the
   Host's interface index.  When the RS message includes an L2 anycast
   destination address, the Client also includes an Interface Attributes

Templin                   Expires 11 July 2025                 [Page 63]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   sub-option for interface index 0 to inform the Host of its L2 unicast
   address - see: Section 13 for full details on the RS and RA message
   contents.)

   Hosts coordinate with peer Hosts on the same ENET by sending
   encapsulated NS messages to receive an NA reply.  (Hosts determine
   whether a peer is on the same ENET by matching the peer's IP address
   with the MNP (sub)-prefix for the ENET advertised in the Client's RA
   message [RFC8028].)  Each ENET peer then creates a NCE and
   synchronizes Identification windows the same as for OMNI link
   neighbors, and the Host can then engage in OMNI link transactions
   with the Client and/or other ENET Hosts.  The Host therefore regards
   the Client as if it were an ANET Proxy/Server, and the Client
   provides the same services that a Proxy/Server would provide.  By
   coordinating with other Hosts, the peers can exchange large IP
   packets/parcels over the ENET using encapsulation and fragmentation
   if necessary.

   When a Host prepares an original IP packet/parcel, it uses the IP
   address of its OMNI interface (which is the same as the IP address of
   the underlying native ENET interface) as the source and the IP
   address of the (remote) peer as the destination.  The Host next
   performs parcellation if necessary (see: Section 6.13) then
   encapsulates the packet(s)/(sub-)parcel(s) in OMNI L2 headers while
   setting the L2 source to the L3 source address and L2 destination to
   either the L3 destination address if the peer is on the local ENET,
   or to the IP address of the Client otherwise.  The Host can then
   proceed to exchange packets/parcels with the destination, either
   directly or via the Client as an intermediate system.

   The encapsulation procedures are coordinated per Section 6.1, except
   that the OMNI L2 encapsulation header is followed by an IPv6
   (Extended) Fragment Header.  When the L2 encapsulation is based on an
   EUI or IPv4 address, the Host next translates the encapsulation
   header into an IPv6 header with IPv6 compatible addresses per
   Appendix C.  Next, for IPv4 ENETs the Host sets the {IPv6 Traffic
   Class, Payload Length, Next Header, Hop Limit} fields according to
   the IPv4 {Type of Service, Total Length, Protocol, TTL} fields,
   respectively and also sets Flow Label as specified in [RFC6438].  The
   Host then applies IPv6 fragmentation to produce IPv6 fragments no
   smaller than the effective OFS described in Section 6.1.  The Host
   next translates the IPv6 encapsulation headers back to OMNI L2
   headers for the native ENET address format and with Type set to
   indicate the presence of the L2 IPv6 (Extended) Fragment Header.  The
   Host finally sends the resultant carrier packets to the ENET peer.

Templin                   Expires 11 July 2025                 [Page 64]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   When the ENET peer receives the carrier packets, it first translates
   the OMNI L2 headers back to IPv6 headers with compatible addresses.
   The peer then reassembles then removes the encapsulation headers and
   applies parcel reunification if necessary.  The peer then either
   delivers the original IP packet/parcel to the transport layers if it
   is also the final destination or forwards the packet/parcel via the
   next hop if it is a Client acting as an intermediate system.

   Hosts and Clients that initiate OMNI-based original IP packet/parcel
   transactions should first test the path toward the final destination
   using the parcel path qualification procedure specified in
   [I-D.templin-6man-parcels2] and [I-D.templin-intarea-parcels2].  An
   OMNI Host that sends and receives parcels need not implement the full
   OMNI interface abstraction but MUST implement enough of the OAL to be
   capable of fragmenting and reassembling maximum-length encapsulated
   IP packets/parcels and sub-parcels as discussed above and in the
   following section.

   Note: Hosts and their peer Clients/Hosts on the same ANET/ENET can
   improve efficiency by forwarding original IP packets/parcels that do
   not require fragmentation as direct encapsulations within the OMNI L2
   header and without including a L2 IPv6 (Extended) Fragment Header.
   In that case, the first 4 bits immediately following the OMNI L2
   encapsulation header encode the value '4' for IPv4 or '6' for IPv6.
   Note that this savings comes at the expense of omitting a well-
   behaved Identification, but this may be an acceptable tradeoff in
   many secured ANET/ENET instances.

6.13.  IP Parcels

   IP parcels are formed by an OMNI Host or Client transport layer
   protocol entity identified by the "5-tuple" (source address,
   destination address, source port, destination port, protocol number)
   when it produces a {TCP,UDP} protocol data unit containing the
   concatenation of multiple transport layer protocol segments.  The
   transport layer protocol entity then presents the buffer and non-
   final segment size to the network layer which appends a single
   {TCP,UDP}/IP header (plus any extension headers) before presenting
   the parcel to the OMNI Interface.  Transport and network protocol
   formatting and processing rules as well as parcellation and
   reunification procedures for IP parcels are specified in
   [I-D.templin-6man-parcels2] and [I-D.templin-intarea-parcels2], while
   detailed OAL encapsulation and fragmentation procedures are specified
   here.

   When the network layer forwards a parcel, the OMNI interface invokes
   the OAL which forwards it to either an intermediate system or the
   final destination itself.  The OAL source first invokes parcellation

Templin                   Expires 11 July 2025                 [Page 65]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   by subdividing the parcel into sub-parcels if necessary with each
   sub-parcel no larger than 65535 (minus headers).  The OAL source also
   maintains a Parcel ID for each sub-parcel of the same original parcel
   that along with the Identification value for this OAL packet supports
   reassembly; the OAL source increments Parcel ID (modulo 64) for each
   successive parcel.

   The OAL source next performs encapsulation on each sub-parcel with
   destination set to the next hop address.  If the next hop is reached
   via a (M)ANET/INET interface, the OAL source inserts an OAL header
   the same as discussed in Section 6.1 and sets the destination to the
   ULA of the target Client.  If the next hop is reached via an ENET
   interface, the OAL source instead inserts an IP header of the
   appropriate protocol version for the underlay ENET (i.e., even if the
   encapsulation header is IPv4) and sets the destination to the ENET IP
   address of the next hop.  The OAL source inserts the encapsulation
   header even if no actual fragmentation is needed and/or even if the
   Parcel Payload Option is present.

   The OAL source next assigns an appropriate Identification number that
   is monotonically-incremented for each consecutive sub-parcel, then
   performs IPv6 fragmentation over the sub-parcel if necessary to
   create fragments small enough to traverse the path to the next hop.
   (If the encapsulation header is IPv4, the OAL source first translates
   the encapsulation header into an IPv6 header with IPv4-Compatible
   IPv6 addresses during fragmentation/reassembly while inserting the
   IPv6 Extended Fragment Header.)  The OAL source then writes the
   "Parcel ID" and sets/clears the "(P)arcel" and "More (S)egments" bits
   in the Reserved field of the IPv6 Extended Fragment Header of the
   first fragment (see: Figure 4).  (The OAL source sets P to 1 for a
   parcel or to 0 for a non-parcel.  When P is 1, the OAL next sets S to
   1 for non-final sub-parcels or to 0 if the sub-parcel contains the
   final segment.)  The OAL source then sends each resulting carrier
   packet to the next hop, i.e., after first translating the IPv6
   encapsulation header back to IPv4 if necessary.

   When the OAL destination receives the carrier packets, it reassembles
   if necessary (i.e., after first translating the IPv4 encapsulation
   header to IPv6 if necessary).  If the P flag in the first fragment is
   0, the OAL destination then processes the reassembled entity as an
   ordinary IP packet; otherwise it continues processing as a sub-
   parcel.  If the OAL destination is not the final destination, it can
   optionally retain the sub-parcels along with their Parcel ID and
   Identification values for a brief time for opportunistic
   reunification with peer sub-parcels of the same original parcel
   identified by the 4-tuple consisting of the adaptation layer (OAL
   source, OAL destination, Parcel ID, Identification).  (Note that the
   OAL destination must not consult the parcel's network layer "5-tuple"

Templin                   Expires 11 July 2025                 [Page 66]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   at the adaptation layer, since it is possible that multiple sub-
   parcels of the same parcel may be forwarded over different network
   paths).

   The OAL destination performs adaptation layer reunification by
   concatenating the segments included in sub-parcels with the same
   Parcel ID and Identification values within 64 of one another to
   create a larger sub-parcel possibly even as large as the entire
   original (sub)parcel.  Order of concatenation is determined by
   increasing Identification values, noting that a sub-parcel that sets
   any TCP control flags must occur as a first concatenation, and the
   final sub-parcel (i.e., the one with S set to 0) must occur as a
   final concatenation and not as an intermediate.  The OAL destination
   then appends common {TCP,UDP}/IP headers plus extensions to each
   reunified sub-parcel as specified in [I-D.templin-6man-parcels2] and
   [I-D.templin-intarea-parcels2].

   When the OAL destination is not the final destination, it next
   forwards the reunified (sub-)parcel(s) to the next hop toward the
   final destination while ensuring that the S flag remains set to 0 in
   the sub-parcel that contains the final segment.  When the parcel or
   sub-parcels arrive at the final destination, it performs network
   layer reunification to form the largest possible (sub)-parcels (while
   honoring the S flag) then delivers them to the transport layer entity
   which acts on the enclosed 5-tuple information supplied by the
   original source.

   Note: IP parcels may also originate from a non-OMNI original source
   and travel over multiple parcel-capable IP links before reaching an
   OMNI link ingress node (i.e., either a Client or Proxy/Server acting
   as a "relay").  The ingress node then forwards the parcel into the
   OMNI link according to the rules established above for locally-
   generated parcels, with the exception that the parcel IP TTL/Hop
   Limit is decremented.  Similarly, when the IP parcel arrives at the
   OMNI link egress node (i.e., either a Client or Proxy/Server acting
   as a "relay"), the parcel may travel over multiple parcel-capable IP
   links before reaching the final destination.

Templin                   Expires 11 July 2025                 [Page 67]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note: The OAL destination process of reunifying parcels at the
   adaptation layer is optional, and should be avoided in cases where
   performance could be negatively impacted.  It is always acceptable
   (albeit sometimes sub-optimal) for the OAL destination to forward
   sub-parcels on toward the final destination without performing
   adaptation layer reunification, since each sub-parcel will contain a
   well-formed header and an integral number of transport layer protocol
   segments and with the Parcel ID field and P, S flag set
   appropriately.  The final destination can then optionally perform
   network layer reunification independently of any adaptation layer
   reunification that may have been applied by the OAL.

   Note: The "Parcel ID" that appears in the OAL Extended Fragment
   Header and OCH1/2 headers is an adaptation layer value that encodes
   the same value for all sub-parcels of the original parcel at the
   adaptation layer.  This is different than the "(Parcel) Index" that
   appears in the Parcel Payload Option header as well as L2/L3 IPv6
   Extended Fragment Headers, which is a network layer value that
   encodes a transport layer segment index.

   Note: Parcel Path Qualification procedures require 2 additional ICMP
   PTB message Code values to identify a Parcel Report and Jumbo Report.
   These Code values are specified in [I-D.templin-6man-parcels2] for
   IPv6 and [I-D.templin-intarea-parcels2] for IPv4.

6.14.  OAL Requirements

   In light of the above, OAL sources, destinations and intermediate
   systems observe the following normative requirements:

   *  OAL sources MUST forward original IP packets/parcels either larger
      than the OMNI interface minimum EMTU_R or smaller than the minimum
      OFS as atomic fragments (i.e., and not as multiple fragments).

   *  OAL sources MUST perform OAL fragmentation such that all non-final
      fragments are equal in length while the final fragment may be a
      different length.

   *  OAL sources MUST produce non-final fragments with payloads no
      smaller than the minimum OFS during fragmentation.

   *  OAL intermediate systems SHOULD and OAL destinations MUST
      unconditionally drop any non-final OAL fragments with payloads
      smaller than the minimum OFS.

   *  OAL destinations MUST drop any new OAL fragments that would
      overlap with other fragments and/or leave holes smaller than the
      minimum OFS between fragments that have already been received.

Templin                   Expires 11 July 2025                 [Page 68]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note: Under the minimum OFS, an ordinary 1500-octet original IP
   packet/parcel would require at most 2 OAL fragments, with the first
   fragment containing 1024 payload octets and the final fragment
   containing the remainder.  For all packet/parcel sizes, the
   likelihood of successful reassembly may improve when the OMNI
   interface sends all fragments of the same fragmented OAL packet
   consecutively over the same underlay interface pair instead of
   distributed across multiple underlay interface pairs.  Finally, an
   assured minimum OFS allows continuous operation over all paths
   including those that traverse bridged L2 media with dissimilar MTUs.

   Note: Certain legacy network hardware of the past millennium was
   unable to accept IP fragment "bursts" resulting from a fragmentation
   event - even to the point that the hardware would reset itself when
   presented with a burst.  This does not seem to be a common problem in
   the modern era, where fragmentation and reassembly can be readily
   demonstrated at line rate (e.g., using tools such as 'iperf3') even
   over fast links on ordinary hardware platforms.  Even so, while the
   OAL destination is reporting reassembly congestion (see: Section 6.9)
   the OAL source could impose "pacing" by inserting an inter-fragment
   delay and increasing or decreasing the delay according to congestion
   indications.

6.15.  OAL Fragmentation Security Implications

   As discussed in Section 3.7 of [RFC8900], there are 4 basic threats
   concerning IPv6 fragmentation; each of which is addressed by
   effective mitigations as follows:

   1.  Overlapping fragment attacks - reassembly of overlapping
       fragments is forbidden by [RFC8200]; therefore, this threat does
       not apply to the OAL.

   2.  Resource exhaustion attacks - this threat is mitigated by
       providing a sufficiently large OAL reassembly cache and
       instituting "fast discard" of incomplete reassemblies that may be
       part of a buffer exhaustion attack.  The reassembly cache should
       be sufficiently large so that a sustained attack does not cause
       excessive loss of good reassemblies but not so large that (timer-
       based) data structure management becomes computationally
       expensive.  The cache should also be indexed based on the arrival
       underlay interface such that congestion experienced over a first
       underlay interface does not cause discard of incomplete
       reassemblies for uncongested underlay interfaces.

   3.  Attacks based on predictable fragment Identification values - in
       environments where spoofing is possible, this threat is mitigated
       through the use of Identification windows beginning with

Templin                   Expires 11 July 2025                 [Page 69]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

       unpredictable values per Section 6.7.  By maintaining windows of
       acceptable Identifications, OAL neighbors can quickly discard
       spurious carrier packets that might otherwise clutter the
       reassembly cache.

   4.  Evasion of Network Intrusion Detection Systems (NIDS) - since the
       OAL source employs a robust OFS, network-based firewalls can
       inspect and drop OAL fragments containing malicious data thereby
       disabling reassembly by the OAL destination.  However, since OAL
       fragments may take different paths through the network (some of
       which may not employ a firewall) each OAL destination must also
       employ a firewall.

   IPv4 includes a 2-octet (16-bit) Identification (IP ID) field with
   only 65535 unique values such that even at moderate data rates the
   field could wrap and apply to new carrier packets while the fragments
   of old carrier packets using the same IP ID are still alive in the
   network [RFC4963].  Carrier packets sent via an IPv4 path with DF set
   to 0 and with trailing payload/reassembly checksum(s) therefore
   ensure sufficient integrity to detect and discard reassembly errors.
   Since IPv6 provides a 4-octet (32-bit) Identification value, IP ID
   wraparound for IPv6 fragmentation may only be a concern at extreme
   data rates (e.g., 1Tbps or more).  Note that these limitations are
   fully addressed through the 8-octet (64-bit) Extended Identification
   format supported by [I-D.templin-6man-ipid-ext2].

   Unless the path is secured at the network layer or below (i.e., in
   environments where spoofing is possible), OMNI interfaces MUST NOT
   send OAL packets/fragments with Identification values outside the
   current window and MUST secure IPv6 ND messages used for address
   resolution or window state synchronization.  OAL destinations SHOULD
   therefore discard without reassembling any out-of-window OAL
   fragments received over an unsecured path.

6.16.  Control/Data Plane Considerations

   The above sections primarily concern data plane aspects of the OMNI
   interface service and describe the data plane service model offered
   to the network layer.  OMNI interfaces also internally employ a
   control plane service based on IPv6 Neighbor Discovery (ND)
   messaging.  These control plane messages are forwarded over secured
   underlay interfaces (e.g., IPsec tunnels, secured direct point-to-
   point links, etc.) or over unsecured underlay interfaces and with an
   authentication signature included.  In both cases, the IPv6 minimum
   MTU of 1280 octets must be assumed.

Templin                   Expires 11 July 2025                 [Page 70]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   OMNI interfaces therefore send all control plane messages as "atomic
   OAL packets" that are no larger than 1280 octets.  This means that
   these messages must not be subject to OAL fragmentation and
   reassembly, although they may be subject to L2 fragmentation and
   reassembly along some paths.  Fragmentation security concerns for
   large IPv6 ND messages are documented in [RFC6980].

7.  Ethernet-Compatible Link Layer Frame Format

   When the OMNI interface forwards original IP packets/parcels from the
   network layer it first invokes OAL encapsulation and fragmentation,
   then wraps each resulting OAL packet/fragment in any necessary L2
   headers to produce carrier packets according to the native frame
   format of the underlay interface.  For example, for Ethernet-
   compatible interfaces the frame format is specified in [RFC2464], for
   aeronautical radio interfaces the frame format is specified in
   standards such as ICAO Doc 9776 (VDL Mode 2 Technical Manual), for
   various forms of tunnels the frame format is found in the appropriate
   tunneling specification, etc.

   When the OMNI interface encapsulates an OAL packet/fragment directly
   over an Ethernet-compatible link layer, the over-the-wire
   transmission format is shown in Figure 16:

      +--- ~~~ ---+-------~~~------+---------~~~---------+--- ~~~ ---+
      |  eth-hdr  | OMNI Ext. Hdrs | OAL Packet/Fragment | eth-trail |
      +--  ~~~ ---+-------~~~------+---------~~~---------+--- ~~~ ---+
                  |<-------   Ethernet Payload   -------->|

                   Figure 16: OMNI Ethernet Frame Format

   The format includes a standard Ethernet Header ("eth-hdr") with
   EtherType TBD2 (see: Section 21.2) followed by an Ethernet Payload
   that includes zero or more OMNI Extension Headers followed by an OAL
   (or native IPv6/IPv4) Packet/Fragment.  The Ethernet Payload is then
   followed by a standard Ethernet Trailer ("eth-trail").

   The first OMNI extension header and the OAL Packet/Fragment both
   begin with a 4-bit "Type/Version" as discussed in Section 6.2.  When
   "Type/Version" encodes an OMNI extension header type, the length of
   the extension headers is limited by [I-D.ietf-6man-eh-limits] and the
   length of the OAL Packet/Fragment is determined by the IP header
   fields that follow the extension headers.

   When "Type/Version" encodes OMNI-OFH, OMNI-OCH1/2, OMNI-IP4 or OMNI-
   IP6 the length of the OAL Packet/Fragment is determined by the
   {Total, Payload} Length field found in the full/compressed header
   according to the specific protocol rules.

Templin                   Expires 11 July 2025                 [Page 71]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   See Figure 2 for a map of the various L2 layering combinations
   possible.  For any layering combination, the final layer (e.g., UDP,
   IP, Ethernet, etc.) must have an assigned number and frame format
   representation that is compatible with the selected underlay
   interface.

8.  OMNI Addressing

   OMNI addressing follows the IPv6 addressing architecture [RFC4291]
   which states that: "IPv6 addresses of all types are assigned to
   interfaces, not nodes.  An IPv6 unicast address refers to a single
   interface.  Since each interface belongs to a single node, any of
   that node's interfaces' unicast addresses may be used as an
   identifier for the node."  OMNI addressing further follows the IPv6
   address preference policies specified in [RFC6724] as updated by
   [I-D.ietf-6man-rfc6724-update].

   Each OMNI interface is configured over a set of underlay interfaces.
   OMNI nodes assign IP addresses to their *NET interfaces according to
   the native underlay network autoconfiguration service(s) or through
   manual configuration.  OMNI nodes assign IPv6 addresses to their OMNI
   and underlay interfaces as specified in this section.

   [RFC4861] requires that hosts and routers assign Link-Local Addresses
   (LLAs) to all interfaces (including the OMNI interface), and that
   routers use their LLAs as the source address for RA and Redirect
   messages.  Since the OMNI "link" comprises the concatenation of
   potentially many OMNI link segments, however, LLA uniqueness
   assurance is possible only on a node-local basis.  To support this
   local uniqueness property, OMNI interface LLAs must configure
   Modified EUI-64 Interface Identifiers per Section 2.5.1 of [RFC4291]
   that use MAC addresses maintained in a local representation of all
   active neighbors.  The OMNI interface adaptation layer therefore
   translates the interface identifiers of destination LLAs prior to
   transmission of IPv6 packets over the external media and translates
   the interface identifiers of source LLAs prior to delivery of
   received IPv6 packets to the IPv6 layer.  (See: Section 10 for
   further information.)

   [I-D.templin-6man-mla] specifies Multilink Local Address (MLA) types
   that OMNI nodes can assign to the OMNI interface.  This document
   asserts that OMNI nodes can use (Hierarchical) Host Identity Tags
   ("(H)HITs") per [RFC7343] and [RFC9374] as MLAs given proper
   uniqueness assurances.  The node assigns an MLA to an OMNI interface
   configured over a set of underlay interfaces that connect to the same
   *NET as suggested for "sites" in the IPv6 scoped addressing
   architecture [RFC4007].  MLAs are considered as adaptation layer
   addresses in the architecture, but nodes may also use them as the

Templin                   Expires 11 July 2025                 [Page 72]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   source and destination addresses of original IP packets exchanged
   between peers in isolated MANETs with intermittent connection to the
   global Internet.  Each original IP packet with MLA addresses is
   subject to OAL encapsulation with an IPv6 header that also uses MLA
   addresses.

   OMNI interfaces assign IPv6 Unique Local Addresses (ULAs) and use
   them as the source and destination addresses in IPv6 packets
   forwarded over the OMNI interface within the local *NET.  OMNI
   interfaces also assign corresponding IPv6 Globally Unique Addresses
   (GUAs) and use them for IPv6 packets forwarded to peers in external
   networks.  ULAs are routable only within the scope of each individual
   *NET, and are derived from the IPv6 prefix fd00::/8 (i.e., the ULA
   prefix fc00::/7 followed by the L bit set to 1).  The 56 bits
   following fd00::/8 encode a 40-bit Global ID followed by a 16-bit
   Subnet ID followed by a 64-bit Interface Identifier as specified in
   Section 3 of [RFC4193].

   When a Proxy/Server configures a ULA prefix for OMNI, it selects a
   40-bit Global ID for the OMNI link segment initialized to a candidate
   pseudo-random value as specified in Section 3 of [RFC4193].  All
   nodes on the same OMNI link segment use the same Global ID, and
   statistical uniqueness of the pseudo-random Global ID provides a
   unique OMNI link segment identifier.  This property allows different
   link segments to join together in the future without requiring
   renumbering even if the segments come in contact with one another and
   overlap, e.g., as a result of a mobility event.

   Proxy/Servers for each OMNI link segment use the DHCPv6 service to
   delegate 1x1 mapped ULA/GUA SNP addresses for each Client that
   requests an address delegation.  Clients in turn assign the ULA/GUA
   delegations to their OMNI interfaces which ensures that the addresses
   are available for use and that no duplicates will be assigned within
   each subnet.  Considerations for 1x1 ULA/GUA address mapping are
   discussed in [I-D.ietf-v6ops-ula-usage-considerations] and [RFC6296].

   The OMNI link extends across one or more underlying Internetworks to
   include all Proxy/Servers and other service nodes.  All Clients are
   also considered to be connected to the OMNI link, however unnecessary
   encapsulations are omitted whenever possible to conserve bandwidth
   (see: Section 12).

   OMNI domains manage MSPs delegated from the IP GUA prefix space
   [RFC4291] from which the MS delegates MNPs to support Client PI
   addressing.  OMNI Proxy Servers also configure SNPs paired with a ULA
   configured as above to delegate PA internal (ULA) and external (GUA)
   addresses to Clients within their local *NETs.

Templin                   Expires 11 July 2025                 [Page 73]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   For IPv6, MSPs are assigned to the OMNI link by IANA and/or an
   associated Regional Internet Registry [IPV6-GUA] such that the link
   can be interconnected to the global IPv6 Internet without causing
   inconsistencies in the routing system.  Instead of GUAs, an OMNI link
   could use ULAs with the 'L' bit set to 0 (i.e., from the "ULA-C"
   prefix fc00::/8) [RFC4193], however this would require IPv6 NAT if
   the domain were ever connected to the global IPv6 Internet.

   For IPv4, MSPs are assigned to the OMNI link by IANA and/or an
   associated RIR [IPV4-GUA] such that the link can be interconnected to
   the global IPv4 Internet without causing routing inconsistencies.  An
   OMNI *NET could instead use private IPv4 prefixes (e.g., 10.0.0.0/8,
   etc.)  [RFC3330], however this would require IPv4 NAT at the *NET
   boundary.  OMNI interfaces advertise IPv4 MSPs into IPv6 routing
   systems as "6to4 prefixes" [RFC3056] (e.g., the IPv6 prefix for the
   IPv4 MSP "V4ADDR/24" is 2002:V4ADDR::/40).

   IPv4 routers that configure OMNI interfaces advertise the prefix
   TBD4/N (see: IANA Considerations) into the routing systems of their
   connected *NETs and assign the IPv4 OMNI anycast address TBD4.1 to
   their *NET interfaces.  IPv6 routers that configure OMNI interfaces
   advertise the prefix 2002:TBD4::/(N+16) into the routing systems of
   their connected *NETs and assign the IPv6 OMNI anycast address
   2002:TBD4:: to their *NET interfaces.

   Proxy/Server OMNI interfaces configure ULA/GUA IPv6 SNP SRA addresses
   per [RFC4291] and accept packets addressed to the SRA the same as for
   any IPv6 router.  Proxy/Servers also configure the global IPv6 SRA
   address for each MSP managed by this OMNI link and accept packets
   addressed to the SRA address on their internal interfaces to support
   Client OMNI link discovery.  Client OMNI interfaces configure the
   IPv6 SRA address corresponding to their MNP delegations.

   OMNI interfaces use their OMNI IPv6 and IPv4 anycast addresses to
   support control plane Service Discovery in the spirit of [RFC7094],
   i.e., the addresses are not intended for use in supporting longer
   term data plane flows.  Specific applications for OMNI IPv6 and IPv4
   anycast addresses are discussed throughout the document as well as in
   [I-D.templin-6man-aero3].

9.  Node Identification

   OMNI Clients and Proxy/Servers that connect over open Internetworks
   include a unique node identification value for themselves in the OMNI
   options of their IPv6 ND messages (see: Section 10.2.3).  An example
   identification value alternative is the (H)HIT per [RFC7343] and
   [RFC9374].  (Another example is the Universally Unique IDentifier
   (UUID) [RFC9562] which can be self-generated by a node without

Templin                   Expires 11 July 2025                 [Page 74]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   supporting infrastructure with very low probability of collision.)

   When a Client is truly outside the context of any infrastructure, it
   may have no addressing information at all.  In that case, the Client
   can use an MLA as an IPv6 source/destination address for sustained
   communications in Vehicle-to-Vehicle (V2V) and (multihop) Vehicle-to-
   Infrastructure (V2I) scenarios.  The Client can also propagate the
   MLA into the multihop routing tables of (collective) Mobile/Vehicular
   Ad-hoc Networks (MANETs/VANETs) using only the vehicles themselves as
   communications relays.  MLAs provide an especially useful node
   identification construct since they appear as properly-formed IPv6
   addresses.

10.  Address Mapping - Unicast

   OMNI interfaces maintain network layer conceptual neighbor and
   destination caches per [RFC1256][RFC4861] the same as for any IP
   interface.  The network layer maintains state through static and/or
   dynamic Neighbor/Destination Cache Entry (NCE/DCE) configurations.

   Each OMNI interface also maintains an internal adaptation layer view
   of the neighbor cache that supplements the network layer NCEs for
   each of its active neighbors.  For each peer NCE, neighbors also
   maintain AERO Forwarding Vectors (AFVs) in the OAL which map per-
   interface-pair parameters.  Throughout this document, the terms
   "neighbor cache", "NCE" and "AFV" refer to this OAL neighbor cache
   view unless otherwise specified.

   When the IP layer sends or receives IPv6 Neighbor Discovery (ND)
   messages over an OMNI interface, it follows the procedures in
   [RFC4861] using the Source/Target Link-Layer Address Option (S/TLLAO)
   format defined for Ethernet [RFC2464]).  On transmission, the OMNI
   interface OAL leaves the S/TLLAO unchanged, sets the IPv6
   encapsulation source addresses to an MLA for the OMNI interface,
   includes an ORH if necessary to include an SNP GUA SRA for the LHS
   Proxy/Server followed by an MLA for this neighbor, then sets the IPv6
   encapsulation destination address to an MLA for the FHS Proxy/Server.
   (If the IPv6 destination address is an LLA, the OAL also translates
   the LLA interface identifier based on a cached remote Ethernet
   address for this neighbor).  On reception, the OAL uses the IPv6
   encapsulation header GUA/MLA source address to translate the S/TLLAO
   Ethernet address into a unique locally-generated value for this
   neighbor (if the IPv6 source address is an LLA, the OAL also
   translates the LLA interface identifier based on this local
   representation of the neighbor's Ethernet address).

Templin                   Expires 11 July 2025                 [Page 75]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   When the IP layer sends or receives an ordinary IP packet over an
   OMNI interface, the OAL includes an ORH if necessary as above then
   consults the Ethernet address to GUA/MLA mappings established by
   earlier IPv6 ND message exchanges.  On transmission, the OAL uses the
   Ethernet destination address to determine the GUA/MLA destination
   address for the IPv6 encapsulation header; if the IPv6 destination
   address is an LLA, the OAL also translates the LLA interface
   identifier based on a remote representation of the neighbor's
   Ethernet address.  On reception, the OAL uses the IPv6 encapsulation
   header source address to determine the source address for the virtual
   Ethernet header; if the IPv6 source address is an LLA, the OAL also
   translates the LLA interface identifier based on this local
   representation of the neighbor's Ethernet address.

   The OMNI interface must therefore maintain internal per neighbor NCEs
   that map local Ethernet addresses to remote Ethernet addresses and
   GUAs/MLAs while exposing only the local representation of the
   addresses to the IP layer.  When the OMNI interface discovers a new
   neighbor (e.g., when it creates a new NCE based on receipt of an IPv6
   ND message), it maps the remote Ethernet address and GUA/MLA to a
   randomly-chosen 6 octet local Ethernet address that must be unique
   for this interface then installs the mapping in the cache.  For IPv6
   ND messages that are required to use LLA source addresses, the OMNI
   interface sets the IPv6 ND message IPv6 source address to an IPv6 LLA
   according to Modified EUI-64 format based on the locally cached
   Ethernet address per [RFC4291].  When the OMNI interface discards an
   existing neighbor (e.g., when it deletes an expired NCE), it removes
   the internal address mappings from the cache.

   When the OAL forwards IPv6 ND messages from the network layer to the
   link layer, it performs encapsulation by adding an adaptation layer
   IPv6 header (plus any necessary routing headers) and a new pseudo
   IPv6 ND option trailer that encodes OMNI link-specific information.
   When the OAL forwards IPv6 ND messages from the link layer to the
   network layer, it performs decapsulation by removing the adaptation
   layer IPv6 header while also parsing and removing the trailer.
   Hence, this document defines a new pseudo IPv6 ND option type termed
   the "OMNI option" designed for these purposes.  Since the pseudo-
   option is inserted and removed by the adaptation layer and never
   inspected by the network layer, it does not require a formal IPv6 ND
   option number assignment.

   OMNI interface Clients such as aircraft typically have multiple
   wireless data link types (e.g. satellite-based, cellular,
   terrestrial, air-to-air directional, etc.) with diverse performance,
   cost and availability properties.  The OMNI interface would therefore
   appear to have multiple L2 connections, and may include information
   for multiple underlay interfaces in a single IPv6 ND message

Templin                   Expires 11 July 2025                 [Page 76]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   exchange.  OMNI interfaces manage their dynamically-changing
   multilink profiles by including OMNI options in IPv6 ND messages as
   discussed in the following subsections.

10.1.  The OMNI Option

   During IPv6 ND message encapsulation, the OAL source appends a single
   OMNI (pseudo-)option as a contiguous block of data immediately
   following the final ND option in the message.  During decapsulation,
   the OAL destination processes the OMNI option contents then removes
   the option before delivering the original IPv6 ND message to the
   network layer.  The OMNI option format is shown in Figure 17:

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~             OMNI Sub-Options (0 or more octets)               ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       | OMNI Option Length (2 octets) |OMNI Option Checksum (2 octets)|
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 17: OMNI Option Format

   In this format:

   *  OMNI Sub-Options is a variable-length concatenation of 0 or more
      sub-option entries formatted as specified in Section 10.2.

   *  OMNI Option Length is set to the combined integer length of the
      Sub-Options, Length and Checksum fields i.e., for a minimum value
      of 4 octets.

   *  OMNI Option Checksum is the Internet checksum calculated over the
      length of the OMNI option.  The OAL source calculates the Internet
      checksum with the Checksum field initialized to 0 and overwrites
      the resulting value into the Checksum field.  The OAL destination
      verifies the checksum upon receipt and processes the OMNI option
      further only if the checksum is correct.

   The OAL source includes the OMNI Option Length and Checksum fields as
   a 4 octet trailer of each OAL-encapsulated IPv6 ND message even when
   the OMNI Sub-Options block is empty.

   The OMNI Sub-Options may include full or partial information for the
   neighbor.  The OMNI interface therefore retains the union of the most
   recently received information in the corresponding NCE.

Templin                   Expires 11 July 2025                 [Page 77]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

10.2.  OMNI Sub-Options

   The OMNI option includes a Sub-Options block containing zero or more
   individual sub-options.  Each successive sub-option is concatenated
   immediately following its predecessor.  All sub-options except Pad1
   (see below) are in an OMNI-specific type-length-value (TLV) format
   encoded as follows:

        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
        | Sub-Type|      Sub-Length     | Sub-Option Data ...
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

                        Figure 18: Sub-Option Format

   *  Sub-Type is a 5-bit field that encodes the sub-option type.  Sub-
      option types defined in this document include:

           Sub-Option Name             Sub-Type
           Pad1                           0
           PadN                           1
           Node Identification            2
           Authentication                 3
           Neighbor Control               4
           Interface Attributes           5
           Traffic Selector               6
           Multilink Vector               7
           Geo Coordinates                8
           DHCPv6 Message                 9
           PIM-SM Message                10
           HIP Message                   11
           QUIC-TLS Message              12
           Fragmentation Report          13
           ICMPv6 Error                  14
           Proxy/Server Departure        15
           Timestamp                     16
           Nonce                         17
           Sub-Type Extension            30

                                  Figure 19

      Sub-Types 18-29 are available for future assignment for major
      protocol functions, while Sub-Type 30 supports scalable extension
      to include other functions.  Sub-Type 31 is reserved by IANA.

   *  Sub-Length is an 11-bit field that encodes the length of the Sub-
      Option Data in octets.

Templin                   Expires 11 July 2025                 [Page 78]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Sub-Option Data is a block of data with format determined by Sub-
      Type and length determined by Sub-Length.  Note that each sub-
      option is concatenated consecutively with the previous and may
      therefore begin and/or end on an arbitrary octet boundary.

   The OMNI interface codes each sub-option with a 2-octet header that
   includes Sub-Type in the most significant 5 bits followed by Sub-
   Length in the next most significant 11 bits.  Each sub-option encodes
   a maximum Sub-Length value of 2038 octets minus the lengths of the
   OMNI option trailer and any preceding sub-options.  This allows ample
   Sub-Option Data space for coding large objects (e.g., ASCII strings,
   domain names, protocol messages, security codes, etc.), while a
   single OMNI option is limited to 2040 octets the same as for any IPv6
   ND option.

   The OMNI interface codes all sub-options in a single OMNI option in
   the same IPv6 ND message in the intended order of processing.  If the
   size of the sub-options would cause the IPv6 ND message to exceed
   1280 octets, the OMNI interface includes as many sub-options as
   possible without exceeding the 1280 octet limit and codes any
   remaining sub-options in additional IPv6 ND messages.

   The OMNI interface processes the OMNI option received in an IPv6 ND
   message while skipping over and ignoring any unrecognized sub-
   options.  If an individual sub-option length would cause processing
   to exceed the OMNI option instance and/or IPv6 ND message lengths,
   the OMNI interface accepts any sub-options already processed and
   ignores the remainder of that instance.

   IPv6 ND messages that require OMNI authentication services include a
   Node Identification sub-option as the first OMNI sub-option unless
   the IPv6 source address itself can serve as a node identification.
   The immediately next OMNI sub-option must then include some form of
   authentication (e.g., HMAC, HIP, QUIC, etc.) as discussed in the
   following subsections.

   A single IPv6 ND message includes a single effective OMNI
   authentication service sub-option; if multiple are included, the
   first sub-option is processed and all others are ignored.  The IPv6
   ND message may also include non-OMNI authentication options such as
   those specified in [RFC3971] or [RFC8928].

   Note: large objects that exceed the maximum Sub-Option Data length
   are not supported under the current specification; if this proves to
   be limiting in practice, future specifications may define support for
   fragmenting large sub-options across multiple IPv6 ND messages, if
   necessary.

Templin                   Expires 11 July 2025                 [Page 79]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The following sub-option types and formats are defined in this
   document:

10.2.1.  Pad1

        +-+-+-+-+-+-+-+-+
        | S-Type=0|x|x|x|
        +-+-+-+-+-+-+-+-+

                              Figure 20: Pad1

   *  Sub-Type is set to 0.  If multiple contiguous instances of Pad1
      appear in the OMNI option of the same message the message should
      be dropped.  (If more than a single octet of padding is necessary,
      the PadN option is used.)

   *  Sub-Type is followed by 3 'x' bits, set to any value on
      transmission (typically all-zeros) and ignored on reception.  Pad1
      therefore consists of a single octet with the most significant 5
      bits set to 0, and with no Sub-Length or Sub-Option Data fields
      following.

10.2.2.  PadN

        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
        | S-Type=1|    Sub-length=N     | N padding octets ...
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

                              Figure 21: PadN

   *  Sub-Type is set to 1.

   *  Sub-Length is set to N that encodes the number of padding octets
      that follow.

   *  Sub-Option Data consists of N octets, set to any value on
      transmission (typically all-zeros) and ignored on reception.

   When an intermediate system forwards an IPv6 ND message with an OMNI
   option, it can void any non-Pad1 sub-options that should not be
   processed by the next hop by simply writing the value '1' (PadN) over
   the Sub-Type.  When the intermediate system alters the OMNI option in
   this way, the OMNI integrity check is invalidated and must be re-
   calculated.  See: Appendix D for a discussion of IPv6 ND message
   authentication and integrity.

Templin                   Expires 11 July 2025                 [Page 80]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

10.2.3.  Node Identification

   The Node Identification sub-option (when present) must appear as the
   first sub-option in the OMNI option of each IPv6 ND message.  If
   multiple instances appear in the same OMNI option, the first instance
   of a specific ID-Type is processed and all other instances of the
   same ID-Type are ignored.  (A single IPv6 ND message can therefore
   convey multiple distinct Node Identifications - each with a different
   ID-Type.)

   The format and contents of the sub-option are shown in Figure 22:

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       | S-Type=2|    Sub-length=N     |            ID-Type            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~            Node Identification Value (N-2 octets)             ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 22: Node Identification

   *  Sub-Type is set to 2.  Multiple instances are processed as
      discussed above.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.  The ID-Type field is always present, and the
      maximum Node Identification Value length is limited by the
      remaining available space in this OMNI option.

   *  ID-Type is a 2-octet field that encodes the type of the Node
      Identification Value.  The following ID-Type values are currently
      defined:

      -  0 - Universally Unique IDentifier (UUID) [RFC9562].  Indicates
         that Node Identification Value contains a 16-octet UUID.

      -  1 - Host Identity Tag (HIT) [RFC7343].  Indicates that Node
         Identification Value contains a 16-octet HIT.

      -  2 - Hierarchical HIT (HHIT) [RFC9374].  Indicates that Node
         Identification Value contains a 16-octet HHIT.

      -  3 - Network Access Identifier (NAI) [RFC7542].  Indicates that
         Node Identification Value contains an (N-1)-octet NAI.

      -  4 - Fully-Qualified Domain Name (FQDN) [RFC1035].  Indicates
         that Node Identification Value contains an (N-1)-octet FQDN.

Templin                   Expires 11 July 2025                 [Page 81]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      -  5 - IPv6 Address.  Indicates that Node Identification contains
         a 16-octet IPv6 address that is not a (H)HIT.  The IPv6 address
         type is determined according to the IPv6 addressing
         architecture [RFC4291].

      -  6 - 65532 - Unassigned.

      -  65533 - 65534 - reserved for experimentation, as recommended in
         [RFC3692].

      -  65535 - reserved by IANA.

   *  Node Identification Value is an (N-2)-octet field encoded
      according to the appropriate the "ID-Type" reference above.

   OMNI interfaces code Node Identification Values used for DHCPv6
   messaging purposes as a DHCP Unique IDentifier (DUID) using the
   "DUID-EN for OMNI" format with enterprise number 45282 (see:
   Section 21) as shown in Figure 23:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |         DUID-Type (2)         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                   Enterprise Number (45282)                   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |            ID-Type            |                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               ~
       |                                                               ~
       ~                   Node Identification Value                   ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Figure 23: DUID-EN for OMNI Format

   In this format, the OMNI interface codes the ID-Type and Node
   Identification Value fields from the OMNI sub-option following a
   6-octet DUID-EN header, then includes the entire "DUID-EN for OMNI"
   in a DHCPv6 message per [I-D.ietf-dhc-rfc8415bis].

10.2.4.  Authentication

   The Authentication sub-option includes a Hashed Message
   Authentication Code (HMAC) computed according to [RFC2104] and
   [RFC6234].

   The Authentication sub-option is formatted as shown in Figure 24:

Templin                   Expires 11 July 2025                 [Page 82]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                       | S-Type=3|    Sub-length=N     |      Type     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~    Hashed Message Authentication Code (HMAC) (N-1 Octets)     ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Figure 24: Authentication

   *  Sub-Type is set to 3.  The Authentication sub-option must appear
      at most once in any IPv6 ND message; if multiple instances appear
      in the same message the first is processed and all others are
      ignored.

   *  Sub-Length is set to N, i.e., the length of the option in octets
      beginning immediately following the Sub-Length field and extending
      to the end of the HMAC.  The length of the HMAC is therefore
      limited by the remaining available space for this sub-option.

   *  Type encodes the authentication algorithm type found in the IANA
      "ICMPv6 Parameters - Trust Anchor Option (Type 15) Name Field"
      registry, and determines the length of the HMAC.  For example,
      when Type is 3 the authentication algorithm is SHA-1 and the HMAC
      is 160 bits (20 octets) in length, when Type is 5 the algorithm is
      SHA-256 and the HMAC is 256 bits (32 octets) in length, etc.  A
      full list of available Types is found in the registry, which cites
      [RFC6495] for several well-known Types.  The Type value TBD7 is
      reserved for the Edwards-Curve Digital Signature Algorithm (EdDSA)
      (see IANA Considerations) with the HMAC (i.e., digital signature)
      including 64 octets for Ed25519 or 114 octets for Ed448 per
      [RFC8032].

   *  HMAC includes a Hashed Message Authentication Code or digital
      signature for this IPv6 ND message with (N-1)-octet length
      according to Type.

10.2.5.  Neighbor Control

   IPv6 ND messages used to manage neighbor relationships between
   Clients and their Proxy/Servers (and also between Clients and their
   peer Clients) include a Neighbor Control OMNI sub-option.  Each IPv6
   ND message includes at most one Neighbor Control sub-option which
   must be specific to the underlying interface over which the ND
   message is sent.

   The Neighbor Control sub-option is formatted as follows:

Templin                   Expires 11 July 2025                 [Page 83]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       | S-Type=4|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |N|A|R|S|P|     |
       |U|R|P|N|C| Res |    Reserved
       |D|R|T|R|H|     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ....

                       Figure 25: Neighbor Control

   *  Sub-Type is set to 4.  If multiple instances appear in the same
      OMNI option, the first is processed and all others are ignored.

   *  Sub-Length is set to N.

   *  Sub-Option Data includes an N-octet neighbor control flags field.
      This specification defines several Control flags in the first
      octet, with the remainder of the first octet and any additional
      octets Reserved.

   *  Clients set the Neighbor Unreachability Detection (NUD), Address
      Resolution Responder (ARR) and Report (RPT) flags in RS messages
      to control the operation of their Proxy/Server neighbors as
      discussed in Section 13.

   *  Nodes set the Synchronous (u)NA Required (SNR) flag in non-
      solicitation IPv6 ND messages (i.e., solicited/unsolicited NA/RA
      and Redirects) for which they require a synchronous (but
      technically "unsolicited") NA reply (see:
      [I-D.templin-6man-aero3]).

   *  OAL intermediate systems set the Path Change (PCH) flag in uNA
      messages used to report a change in a path established by
      multilink forwarding.

   *  All remaining flags in the first octet plus any additional octets
      are Reserved and must be set to 0; future specifications may
      define new flags.

10.2.6.  Interface Attributes

   The Interface Attributes sub-option provides neighbors with
   forwarding information for the multilink conceptual sending algorithm
   discussed in Section 12.  Neighbors use the forwarding information to
   select among candidate underlay interfaces that can be used to
   forward carrier packets to the neighbor based on factors such as
   traffic selectors and link metrics.  Interface Attributes further
   include link layer address information to be used for either direct

Templin                   Expires 11 July 2025                 [Page 84]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   INET encapsulation for targets in the local SRT segment or spanning
   tree forwarding for targets in remote SRT segments.

   OMNI nodes include Interface Attributes for some/all of a source or
   target Client's underlay interfaces in NS/NA and uNA messages used to
   publish Client information (see: [I-D.templin-6man-aero3]).  At most
   one Interface Attributes sub-option for each distinct ifIndex may be
   included; if an IPv6 ND message includes multiple Interface
   Attributes sub-options for the same ifIndex, the first is processed
   and all others are ignored.  OMNI nodes that receive NS/NA messages
   can use all of the included Interface Attributes and/or Traffic
   Selectors to formulate a map of the prospective source or target node
   as well as to seed the information to be populated in future neighbor
   exchanges.

   OMNI Clients and Proxy/Servers also include Interface Attributes sub-
   options in RS/RA messages used to initialize, discover and populate
   routing and addressing information.  Each RS message MUST contain
   exactly one Interface Attributes sub-option with an ifIndex
   corresponding to the Client's underlay interface used to transmit the
   message, and each RA message MUST echo the same Interface Attributes
   sub-option with any (proxyed) information populated by the FHS Proxy/
   Server to provide operational context.

   When an FHS Proxy/Server receives an RS message destined to an
   anycast L2 address, it MUST include an additional Interface
   Attributes sub-option with ifIndex '0' that encodes its own unicast
   L2 address relative to the Client's underlay interface in the
   solicited RA response.  Any additional Interface Attributes sub-
   options that appear in RS/RA messages (i.e., besides those for the
   Client's own ifIndex and ifIndex '0') are ignored.

   The Interface Attributes sub-option is formatted as shown below:

Templin                   Expires 11 July 2025                 [Page 85]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       | S-Type=5|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifIndex                            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifType                             |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifProvider                         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifMetric                           |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifGroup                            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |      SRT      |      FMT      |                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               ~
       ~                     LHS L3ADDR/MLA/L2ADDR                     ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~               Traffic Selector Blocks (Optional)              ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       ...

                     Figure 26: Interface Attributes

   *  Sub-Type is set to 5.  Multiple instances are processed as
      discussed above.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.

   *  Sub-Option Data contains an "Interface Attributes" option encoded
      as follows:

      -  ifIndex is a 4-octet index value corresponding to a specific
         underlay interface.  Client OMNI interfaces MUST number each
         distinct underlay interface with a unique non-zero ifIndex
         value assigned by network management per [RFC2863] and include
         the value in this field.  The ifIndex value '0' denotes
         "unspecified".

      -  ifType is a 4-octet type value corresponding to this underlay
         interface.  The value is coded per the 'IANAifType-MIB'
         registry [http://www.iana.org].

Templin                   Expires 11 July 2025                 [Page 86]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      -  ifProvider is a 4-octet provider identifier corresponding to
         this underlay interface.  This document defines the single
         provider identifier value '0' (undefined).  Future documents
         may define other values.

      -  ifMetric encodes a 4-octet interface metric.  Lower values
         indicate higher priorities, and the highest value indicates an
         interface that should not be selected.  The ifMetric setting
         provides an instantaneous indication of the interface
         bandwidth, link quality, signal strength, cost, etc.; hence,
         its value may change in successive IPv6 ND messages.

      -  ifGroup is a 4-octet identifier for a Link Aggregation Group
         (LAG) [IEEE802.1AX] corresponding to the underlay interface
         identified by ifIndex.  Interface attributes for ifIndex
         members of the same group will encode the same value in
         ifGroup.  This document defines the single ifGroup value '0'
         meaning "no group assigned".  Future documents will specify the
         setting of other values.

      -  SRT is a 1-octet Segment Routing Topology prefix length that
         determines the length associated with this sub-tree of a larger
         topology that may include the concatenation of multiple
         connected segments.  The SRT value ranges from 0 to 128.

      -  FMT - a 1-octet "Forward/Mode/Type" code interpreted as
         follows:

         o  The most significant 2 bits (i.e., "FMT-Forward" and "FMT-
            Mode") are interpreted in conjunction with one another.
            When FMT-Forward is clear, the LHS Proxy/Server performs OAL
            reassembly and decapsulation to obtain the original IP
            packet/parcel before forwarding.  If the FMT-Mode bit is
            clear, the LHS Proxy/Server then forwards the original IP
            packet/parcel at L3; otherwise, it invokes the OAL to re-
            encapsulate, re-fragment and sends the resulting carrier
            packets to the Client via the selected underlay interface.
            When FMT-Forward is set, the LHS Proxy/Server forwards
            unmodified OAL fragments to the Client without reassembling.
            If FMT-Mode is clear, all carrier packets destined to the
            Client must always be sent via the LHS Proxy/Server;
            otherwise the Client is eligible for direct forwarding over
            the open INET where it may be located behind one or more
            NATs.

Templin                   Expires 11 July 2025                 [Page 87]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

         o  The next most significant 2 bits are reserved, and the value
            encoded in the least significant 4 bits (i.e., "FMT-Type")
            determines the type and length of the L2ADDR field.  The
            following values are currently defined:

            +  0 - L2ADDR is 0 octets in length and unused.

            +  1 - L2ADDR is 4 octets in length and encodes an IPv4
               address.

            +  2 - L2ADDR is 6 octets in length and encodes an EUI-48
               address [EUI].

            +  3 - L2ADDR is 8 octets in length and encodes an EUI-64
               address [EUI].

            +  4 - L2ADDR is 16 octets in length and encodes an IPv6
               address.

      -  LHS L3ADDR/MLA/L2ADDR - encodes the 16 octet SNP IPv6 ULA/GUA
         L3ADDR of the node relative to the LHS Proxy/Server followed by
         the 16 octet MLA of the node followed by an L2ADDR field
         formatted as above.  When MLA is non-zero, L3ADDR must include
         the SNP SRA GUA for the LHS Proxy/Server.  When MLA is zero,
         L3ADDR must include the SNP GUA for the Client relative to the
         LHS Proxy/Server.  L2ADDR identifies the LHS Proxy/Server's
         INET-facing interface not located behind NATs, therefore no UDP
         port number is included since port number 8060 is used when the
         L2 encapsulation includes a UDP header.  Instead, L2ADDR
         includes only an L2 address with type and length determined by
         FMT-Type as described above.  When L2ADDR includes an IPv4 or
         IPv6 address, it is recorded in network byte order in ones-
         compliment "obfuscated" form per [RFC4380].  The LHS
         information therefore satisfies per-interface address
         resolution.  FMT, SRT and LHS together also provide guidance
         for the OMNI interface forwarding algorithm.  Specifically, if
         LHS::/SRT is located in the local OMNI link segment, then the
         source can address the target Client either through its
         dependent Proxy/Server or through direct encapsulation
         following NAT traversal according to FMT.  Otherwise, the
         target Client is located on a different SRT segment and the
         path from the source must employ a combination of route
         optimization and spanning tree hop traversals.

      -  Traffic Selector Blocks(s) - zero or more Traffic Selector
         blocks follow, with their total length determined by the number
         of octets remaining in the Interface Attributes sub-option
         beyond the end of the LHS Proxy/Server information.  Each

Templin                   Expires 11 July 2025                 [Page 88]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

         Traffic Selector block is formatted the same as specified in
         Section 10.2.7 and processed consecutively, with its length
         subtracted from the remaining length of the Interface
         Attributes sub-option.

10.2.7.  Traffic Selector

   The Traffic Selector sub-option provides forwarding information for
   the multilink conceptual sending algorithm discussed in Section 12.
   The sub-option includes an augmented traffic selector per [RFC6088]
   as ancillary information for an Interface Attributes sub-option with
   the same ifIndex value, or as discrete information for the included
   ifIndex when no Interface Attributes sub-option is present.  (Note
   that the OMNI augmented traffic selector includes additional fields
   'O' and 'P' that do not appear in [RFC6088].)

   IPv6 ND messages may include multiple Traffic Selectors for some or
   all of the source/target Client's underlay interfaces (see:
   [I-D.templin-6man-aero3] for further discussion).  Traffic Selectors
   must be honored by all implementations in the format shown below:

Templin                   Expires 11 July 2025                 [Page 89]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       | S-Type=6|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                            ifIndex                            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |   TS Length   |   TS Format   |A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                 (A)Start Source Address                       |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                 (B)End Source Address                         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                 (C)Start Destination Address                  |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                 (D)End Destination Address                    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                     (E)Start IPsec SPI                        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                      (F)End IPsec SPI                         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |   (G)Start Source port        |   (H)End Source port          |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |   (I)Start Destination port   |   (J)End Destination port     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  (K)Start DS  |  (L)End DS    |(M)Start Prot. | (N) End Prot. |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                      (O)Start Flow Label                      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                      (P)End Flow Label                        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~               Additional Traffic Selector Blocks              ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       ...

                       Figure 27: Traffic Selector

   *  Sub-Type is set to 6.  Multiple instances with the same or
      different ifIndex values may appear in the same OMNI option.  When
      multiple instances appear, all are processed and the cumulative
      information from all is accepted.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.

Templin                   Expires 11 July 2025                 [Page 90]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Sub-Option data begins with a 4-octet ifIndex value corresponding
      to a specific underlay interface.  (Note that when traffic
      selector blocks appear within an Interface Attributes sub-option,
      the ifIndex field already appears and is not included multiple
      times.)

   *  The remainder of Sub-Option Data contains one or more "Traffic
      Selector" blocks for this ifIndex that each begin with 1-octet "TS
      Length" and "TS Format" fields.  TS length encodes the combined
      lengths of the TS* fields plus the Traffic Selector body that
      follows (i.e. a value between 2-255 octets).  When TS Format
      encodes the value 1 or 2, the Traffic Selector body encodes an
      IPv4 or IPv6 traffic selector per [RFC6088] beginning with 16 flag
      bits ("A-P"); when TS Format encodes any other value the Traffic
      Selector block is skipped and processing resumes beginning with
      the next Traffic Selector block (note that future specifications
      may define new TS Formats).

   *  The Traffic Selector block elements then appear immediately after
      the flags (with no 16-bit Reserved field included) and encode the
      information corresponding to any set flag bit(s) in order the same
      as specified in [RFC6088].  Each included Traffic Selector block
      is processed consecutively, with its length subtracted from the
      remaining sub-option length until all blocks are processed.  If
      the length of any Traffic Selector block would exceed the
      remaining length for the entire sub-option, the remainder of the
      sub-option is ignored.

10.2.8.  Multilink Vector

   Clients exchange IPv6 ND messages with their FHS Proxy/Servers and
   other Client peers to populate forward and reverse path AFIB state.

   The Multilink Vector sub-option provides the necessary information
   allowing OAL intermediate and end systems in the path to establish
   AFVs to support future packet forwarding.

   Each IPv6 ND message OMNI option contains at most one Multilink
   Vector sub-option; if multiple are present, the first is processed
   and all others are ignored.

   The Multilink Vector sub-option is formatted as follows:

Templin                   Expires 11 July 2025                 [Page 91]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       | S-Type=7|    Sub-length=32    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |              AERO Forwarding Vector Index (AFVI)              |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                     FHS (initiator) ifIndex                   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                     LHS (responder) ifIndex                   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                        Sequence Number                        ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                     Acknowledgment Number                     ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |     |A|O|R|S|T|                                               |
       | Res |C|P|S|Y|S|                   Window                      |
       |     |K|T|T|N|T|                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 28: Multilink Vector

   *  Sub-Type is set to 7 and Sub-Length is set to 32.  If multiple
      instances appear in the same OMNI option, the first is processed
      and all others are ignored.

   *  the first 4 octets of Sub-Option Data include an AFVI generated by
      the IPv6 ND message source.  When the SYN flag is set, each OAL
      intermediate hop records this (previous hop) AFVI value along with
      the previous hop L2 address in an AFIB AFV, then also generates
      and records a new (next hop) AFVI value.  When the SYN flag is not
      set, the intermediate hop instead uses the AFVI value to locate an
      existing AFV without creating a new one.  Each intermediate hop
      then rewrites the Multilink Vector AFVI field to the next hop
      value and forwards the message to the next hop.  The process
      continues until the message arrives at the IPv6 ND message
      destination.

   *  the next 8 octets include the 4-octet ifIndex of the FHS
      (initiator) node followed by the 4-octet ifIndex of the LHS
      (responder) node.

   *  the final 20 octets of Sub-Option Data follows from the
      Transmission Control Protocol (TCP) header specified in
      Section 3.1 of [RFC9293].  The field is formatted as an 8-octet
      Sequence Number, followed by an 8-octet Acknowledgement Number,

Templin                   Expires 11 July 2025                 [Page 92]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      followed by a 1-octet flags field followed by a 3-octet Window
      size.  The TCP (ACK, RST, SYN) flags are used for TCP-like window
      synchronization, while the TCP (CWR, ECE, URG, PSH, FIN) flags are
      unused.  The OPT flag (discussed in Section 6.7) is an OMNI-
      specific replacement for the TCP PSH flag, the TST flag (discussed
      in [I-D.templin-6man-aero3] is an OMNI-specific replacement for
      the TCP FIN flag and the 3 remaining unused flags appear as
      reserved (Res).  Together, these fields support the OAL window
      synchronization services specified in Section 6.7.

   When an IPv6 ND message source includes a Multilink Vector sub-
   option, it MUST temporarily reset the AFVI to 0 before calculating an
   authentication signature over the message since OAL intermediate
   nodes in the path will rewrite the AFVI to a different value.  The
   source then MUST reset the AFVI to its actual value before
   calculating the OMNI option checksum and forwarding the message.
   When an OAL intermediate system forwards the message, it first
   verifies the checksum then rewrites the AFVI and recalculates the
   checksum.  When an OAL intermediate system or destination receives
   verifies the authentication signature, it first verifies the checksum
   then temporarily resets the AFVI to 0 before verifying the
   authentication signature.

10.2.9.  Geo Coordinates

                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                       | S-Type=8|     Sub-length=N    |    Geo Type   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                        Geo Coordinates                        ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Figure 29: Geo Coordinates

   *  Sub-Type is set to 8.  If multiple instances appear in the same
      OMNI option all are processed.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.

   *  Geo Type is a 1-octet field that encodes a type designator that
      determines the format and contents of the Geo Coordinates field
      that follows.  The following types are currently defined:

      -  0 - NULL, i.e., the Geo Coordinates field is zero-length.

Templin                   Expires 11 July 2025                 [Page 93]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Geo Coordinates is a type-specific format field of length up to
      the remaining available space for this OMNI option.  New formats
      to be specified in future documents and may include attributes
      such as latitude/longitude, altitude, heading, speed, etc.

10.2.10.  Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Message

   The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) sub-option
   may be included in the OMNI options of Client RS messages and Proxy/
   Server RA messages.  The DHCPv6 sub-option is formatted per Section 8
   of [I-D.ietf-dhc-rfc8415bis] as shown in Figure 30:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       | S-Type=9|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    msg-type   |               transaction-id                  |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                        DHCPv6 options                         ~
       ~                 (variable number and length)                  ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Figure 30: DHCPv6 Message

   *  Sub-Type is set to 9.  At most 2 instances may appear in a single
      OMNI option.  If more instances appear, the first 2 are processed
      and all others are ignored.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.  The 'msg-type' and 'transaction-id' fields
      are always present; hence, the length of the DHCPv6 options is
      limited by the remaining available space for this OMNI option.

   *  'msg-type' and 'transaction-id' are coded according to Section 8
      of [I-D.ietf-dhc-rfc8415bis].

   *  A set of DHCPv6 options coded according to Section 21 of
      [I-D.ietf-dhc-rfc8415bis] follows.

Templin                   Expires 11 July 2025                 [Page 94]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Clients should include at most 2 DHCPv6 sub-options in their RS
   messages, with the first instance processed by the FHS Proxy/Server
   and the second instance (when present) processed by the MAP Proxy/
   Server.  The first DHCPv6 sub-option includes a DHCPv6 Solicit
   message type with an Identity Association for Non-temporary Addresses
   (IA_NA) option, a Rapid Commit option and any other DHCPv6 options
   necessary to support the transaction.  The second sub-option includes
   a DHCPv6 Solicit message type with an Identity Association for Prefix
   Delegation (IA_PD) option, a Rapid Commit option and any other
   options.

   When the MAP Proxy/Server processes the DHCPv6 option and returns an
   RA response, it includes a single DHCPv6 Reply sub-option with the
   results of an IA_PD transaction.  When the FHS Proxy/Server proxies
   the MAP's RA message or returns a standalone RA message, it appends
   its own DHCPv6 Reply sub-option with the results of an IA_NA
   transaction.

   The Client is responsible for its own reliability and should
   therefore observe the above conventions unless other DHCPv6 services
   are necessary.  The Client is responsible for correlating the RA
   message DHCPv6 IA_PD Reply with the MAP Proxy/Server and for
   correlating the DHCPv6 IA_NA Reply with the FHS Proxy/Server.

10.2.11.  PIM-SM Message

   The Protocol Independent Multicast - Sparse Mode (PIM-SM) Message
   sub-option may be included in the OMNI options of IPv6 ND messages.
   The PIM-SM message sub-option is formatted per Section 4.9 of
   [RFC7761] and as shown in Figure 31:

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |S-Type=10|    Sub-length=N     |PIM Ver| Type  |   Reserved    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                         PIM-SM Message                        ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                 Figure 31: PIM-SM Message Option Format

   *  Sub-Type is set to 10.  If multiple instances appear in a single
      OMNI option all are processed.

Templin                   Expires 11 July 2025                 [Page 95]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Sub-Length is set to N, i.e., the length of the option in octets
      beginning immediately following the Sub-Length field and extending
      to the end of the PIM-SM message.  The length of the entire PIM-SM
      message is therefore limited by the remaining available space for
      this OMNI option.

   *  The PIM-SM message is coded exactly as specified in Section 4.9 of
      [RFC7761], except that the Checksum field is omitted since message
      integrity is already assured by the OMNI option checksum.  The
      Reserved field is set to 0 on transmission and ignored on
      reception.  The "PIM Ver" field encodes the value 2, and the
      "Type" field encodes the PIM message type.  (See Section 4.9 of
      [RFC7761] for a list of PIM-SM message types and formats.)

10.2.12.  Host Identity Protocol (HIP) Message

   The Host Identity Protocol (HIP) Message sub-option (when present)
   provides an authentication service alternative for IPv6 ND messages
   exchanged between Clients and FHS Proxy/Servers (or between Clients
   and their peers) over an open Internetwork.  When the HIP service is
   used, FHS Proxy/Servers verify the HIP authentication signatures in
   source Client IPv6 ND messages then remove the HIP message sub-option
   and securely forward the ND messages to other OMNI nodes.  LHS Proxy/
   Servers that receive secured IPv6 ND messages from other OMNI nodes
   that do not already include a security sub-option can insert HIP
   authentication signatures before forwarding them to the target
   Client.

   OMNI interfaces that use the HIP service include the HIP message sub-
   option when they forward IPv6 ND messages that require security over
   INET underlay interfaces, i.e., where authentication and integrity is
   not already assured by link/physical layers or other OMNI layer
   services.  The OMNI interface calculates the authentication signature
   over the entire length of the OAL packet (or composite packet)
   beginning after the IPv6 ND message header and extending over the
   remainder of the OAL packet or composite packet.  OMNI interfaces
   that process OAL packets containing secured IPv6 ND messages verify
   the signature then either process the rest of the message locally or
   forward a proxyed copy to the next hop.

   When an FHS Client inserts a HIP message sub-option in an IPv6 ND
   message destined to a target in a remote spanning tree segment, it
   must ensure that the insertion does not cause the message to exceed
   the IPv6 minimum MTU.  If the LHS Proxy/Server cannot create
   sufficient space through any means without causing the IPv6 ND
   message to exceed the IPv6 minimum MTU, it returns a suitable error
   (see: Section 10.2.15) and drops the message.

Templin                   Expires 11 July 2025                 [Page 96]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The HIP message sub-option is formatted as shown below:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=11|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |0| Packet Type |Version| RES.|1|           Controls            |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                Sender's Host Identity Tag (HIT)               ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~               Receiver's Host Identity Tag (HIT)              ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                        HIP Parameters                         ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                          Figure 32: HIP Message

   *  Sub-Type is set to 11.  If multiple instances appear in the same
      OMNI option the first is processed and all others are ignored.

   *  Sub-Length is set to N, i.e., the length of the option in octets
      beginning immediately following the Sub-Length field and extending
      to the end of the HIP parameters.  The length of the entire HIP
      message is therefore limited by the remaining available space for
      this OMNI option.

   *  The HIP message is coded per Section 5 of [RFC7401], except that
      the OMNI "Sub-Type" and "Sub-Length" fields replace the first 2
      octets of the HIP message header (i.e., the Next Header and Header
      Length fields).  Also, since the OMNI message is already protected
      by its own checksum, the 2-octet HIP message Checksum field is
      omitted.

10.2.13.  QUIC-TLS Message

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=12|     Sub-length=N    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                         QUIC-TLS Message                      ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Templin                   Expires 11 July 2025                 [Page 97]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

                       Figure 33: QUIC-TLS Message

   *  Sub-Type is set to 12.  If multiple instances appear in the same
      OMNI option, the first is processed and all others are ignored.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.

   *  The QUIC-TLS message [RFC9000][RFC9001][RFC9002] encodes the QUIC
      and TLS message parameters necessary to support QUIC connection
      establishment.

   IPv6 ND messages serve as couriers to transport the QUIC and TLS
   parameters necessary to establish a secured QUIC connection.

10.2.14.  Fragmentation Report (FRAGREP)

   Fragmentation Report (FRAGREP) sub-options may be included in the
   OMNI options of uNA messages sent from an OAL destination to an OAL
   source.  The message consists of (N/16)-many (Identification,
   Bitmap)-tuples which include the Identification values of OAL
   fragments received plus a Bitmap marking the ordinal positions of
   individual fragments received and missing.

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=13|    Sub-Length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +-+-+-+-          Identification (0) (64 bits)           -+-+-+-+
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +-+-+-+-              Bitmap (0) (64 bits)               -+-+-+-+
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +-+-+-+-          Identification (1) (64 bits)           -+-+-+-+
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +-+-+-+-              Bitmap (1) (64 bits)               -+-+-+-+
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                           ...                                 |

                Figure 34: Fragmentation Report (FRAGREP)

Templin                   Expires 11 July 2025                 [Page 98]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Sub-Type is set to 13.  If multiple instances appear in the same
      OMNI option all are processed.

   *  Sub-Length is set to N which must be a multiple of 16, i.e., the
      combined lengths of each (Identification, Bitmap) pair beginning
      immediately following the Sub-Length field and extending to the
      end of the sub-option.

   *  Identification(i) includes the 8-octet Identification value found
      in a received OAL fragment.

   *  Bitmap(i) includes a 64-bit checklist of up to 64 ordinal
      fragments for this Identification, with each bit set to 1 for a
      fragment received or 0 for a fragment corrupted, lost or still in
      transit.  For example, for a 20-fragment OAL packet with ordinal
      fragments #3, #10, #13 and #17 missing or corrupted and all other
      fragments received or still in transit, Bitmap(i) encodes the
      following:

           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
           |1|1|1|0|1|1|1|1|1|1|0|1|1|0|1|1|1|0|1|1|0|0|0|...
           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

                                  Figure 35

10.2.15.  ICMPv6 Error

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |S-Type=14|     Sub-length=N    |     Type      |     Code      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                    ICMPv6 Error Message Body                  ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Figure 36: ICMPv6 Error

   *  Sub-Type is set to 14.  If multiple instances appear in the same
      OMNI option all are processed.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.

   *  Sub-Option Data includes an N-octet ICMPv6 Error Message body
      encoded per Section 2.1 of [RFC4443], but with the IPv6 header and
      Checksum fields omitted.  OMNI interfaces include as much of the
      "packet in error" in the ICMPv6 error message body as possible
      without causing the IPv6 ND message to exceed the IPv6 minimum

Templin                   Expires 11 July 2025                 [Page 99]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      MTU.  While all ICMPv6 error message types are supported, OAL
      destinations often include ICMPv6 PTB messages in uNA messages to
      provide MTU feedback information via the OAL source (see:
      Section 6.9).  Note: ICMPv6 informational messages must not be
      included on transmission and must be ignored if received.

10.2.16.  Proxy/Server Departure

   OMNI Clients include a Proxy/Server Departure sub-option in RS
   messages when they associate with a new FHS and/or MAP Proxy/Server
   and need to send a departure indication to an old FHS and/or MAP
   Proxy/Server.  The Proxy/Server Departure sub-option is formatted as
   shown below:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=15|   Sub-length=32     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~              Old FHS Proxy/Server L3ADDR (16 octets)          ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~              Old MAP Proxy/Server L3ADDR (16 octets)          ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Figure 37: Proxy/Server Departure

   *  Sub-Type is set to 15.  If multiple instances appear in the same
      OMNI option, the first is processed and all others are ignored.

   *  Sub-Length is set to 32.

   *  Sub-Option Data contains the 16-octet L3ADDR for the "Old FHS
      Proxy/Server" followed by a 16-octet L3ADDR for an "Old MAP Proxy/
      Server.  If the Old FHS/MAP is a different node, the corresponding
      L3ADDR includes the address of the (foreign) Proxy/Server.  If the
      Old FHS/MAP is the local node, the corresponding L3ADDR includes
      the node's own address.  If the FHS/MAP is unspecified, the
      corresponding L3ADDR instead includes the value "::/128".

Templin                   Expires 11 July 2025                [Page 100]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

10.2.17.  Timestamp

   OMNI nodes include a Timestamp option in IPv6 ND messages to ensure
   that unsolicited advertisements and redirects have not been replayed.
   The Timestamp option is processed exactly the same as described in
   Section 5.3.1 of [RFC3971] with the exception that the Timestamp
   field itself can begin on any octet boundary and does not require
   8-octet alignment.  The OMNI Timestamp option has the following
   format:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=16|    Sub-length=8     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       +                       Timestamp (8 octets)                    +
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                           Figure 38: Timestamp

10.2.18.  Nonce

   OMNI nodes include a Timestamp option in IPv6 ND messages to make
   sure that an advertisement is a fresh response to a solicitation sent
   earlier by the node.  The Nonce option is processed exactly the same
   as described in Section 5.3.2 of [RFC3971] with the exception that
   the Nonce field itself need not be an integral number of 8-octet
   words.  The OMNI Nonce option has the following format:

                                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                       |S-Type=17|    Sub-length=N     |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                         Nonce (N octets)                      ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                             Figure 39: Nonce

   Note that the Nonce itself may be any length within the constraints
   of OMNI sub-option size limits, but for practical purposes the
   nominal Nonce size will often be 8 octets.

Templin                   Expires 11 July 2025                [Page 101]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

10.2.19.  Sub-Type Extension

   Since the Sub-Type field is only 5 bits in length, future
   specifications of major protocol functions may exhaust the remaining
   Sub-Type values available for assignment.  This document therefore
   defines Sub-Type 30 as an "extension", meaning that the actual sub-
   option type is determined by examining a 1-octet "Extension-Type"
   field immediately following the Sub-Length field.  The Sub-Type
   Extension is formatted as shown in Figure 40:

                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                       |S-Type=30|     Sub-length=N    | Extension-Type|
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                       Extension-Type Body                     ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 40: Sub-Type Extension

   *  Sub-Type is set to 30.  If multiple instances appear in the same
      OMNI option all are processed, where each individual extension
      defines its own policy for processing multiple of that type.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.  The Extension-Type field is always present,
      and the maximum Extension-Type Body length is limited by the
      remaining available space in this OMNI option.

   *  Extension-Type contains a 1-octet Sub-Type Extension value between
      0 and 255.

   *  Extension-Type Body contains an (N-1)-octet block with format
      defined by the given extension specification.

   Initial Extension-Type values are defined in the following
   subsections, while remaining Extension-Type values are available for
   assignment by future specifications which must also define the format
   of the Extension-Type Body and its processing rules.  Extension-Type
   values 253 and 254 are reserved for experimentation, as recommended
   in [RFC3692], while value 255 is reserved by IANA.

10.2.19.1.  RFC4380 Header Extension Option

Templin                   Expires 11 July 2025                [Page 102]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |S-Type=30|      Sub-length=N   |   Ext-Type=0  |   Header Type |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                      Header Option Value                      ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Figure 41: RFC4380 Header Extension Option (Extension-Type 0)

   *  Sub-Type is set to 30.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.  The Extension-Type and Header Type fields are
      always present, and the Header Option Value is limited by the
      remaining available space in this OMNI option.

   *  Extension-Type is set to 0.  Each instance encodes exactly one
      header option per Section 5.1.1 of [RFC4380], with Ext-Type and
      Header Type representing the first 2 octets of the option.  If
      multiple instances of the same Header Type appear in the same OMNI
      option the first instance is processed and all others are ignored.

   *  Header Type and Header Option Value are coded exactly as specified
      in Section 5.1.1 of [RFC4380]; the following types are currently
      defined:

      -  0 - Origin Indication (IPv4) - value coded as a UDP port number
         followed by a 4-octet IPv4 address both in "obfuscated" form
         per Section 5.1.1 of [RFC4380].

      -  1 - Authentication Encapsulation - value coded per
         Section 5.1.1 of [RFC4380].

      -  2 - Origin Indication (IPv6) - value coded as a UDP port number
         followed by an IP address both in "obfuscated" form per
         Section 5.1.1 of [RFC4380], except that the IP address is a
         16-octet IPv6 address instead of a 4-octet IPv4 address.

   *  Header Type values 3 through 252 are available for assignment by
      future specifications, which must also define the format of the
      Header Option Value and its processing rules.  Header Type values
      253 and 254 are reserved for experimentation, as recommended in
      [RFC3692], and value 255 is reserved by IANA.

10.2.19.2.  RFC6081 Trailer Extension Option

Templin                   Expires 11 July 2025                [Page 103]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |S-Type=30|      Sub-length=N   |   Ext-Type=1  |  Trailer Type |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                                                               |
       ~                     Trailer Option Value                      ~
       |                                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Figure 42: RFC6081 Trailer Extension Option (Extension-Type 1)

   *  Sub-Type is set to 30.

   *  Sub-Length is set to N that encodes the number of Sub-Option Data
      octets that follow.  The Extension-Type and Trailer Type fields
      are always present, and the maximum-length Trailer Option Value is
      limited by the remaining available space in this OMNI option.

   *  Extension-Type is set to 1.  Each instance encodes exactly one
      trailer option per Section 4 of [RFC6081].  If multiple instances
      of the same Trailer Type appear in the same OMNI option the first
      instance is processed and all others ignored.

   *  Trailer Type and Trailer Option Value are coded exactly as
      specified in Section 4 of [RFC6081]; the following Trailer Types
      are currently defined:

      -  0 - Unassigned

      -  1 - Nonce Trailer - value coded per Section 4.2 of [RFC6081].

      -  2 - Unassigned

      -  3 - Alternate Address Trailer (IPv4) - value coded per
         Section 4.3 of [RFC6081].

      -  4 - Neighbor Discovery Option Trailer - value coded per
         Section 4.4 of [RFC6081].

      -  5 - Random Port Trailer - value coded per Section 4.5 of
         [RFC6081].

      -  6 - Alternate Address Trailer (IPv6) - value coded per
         Section 4.3 of [RFC6081], except that each address is a
         16-octet IPv6 address instead of a 4-octet IPv4 address.

Templin                   Expires 11 July 2025                [Page 104]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  Trailer Type values 7 through 252 are available for assignment by
      future specifications, which must also define the format of the
      Trailer Option Value and its processing rules.  Trailer Type
      values 253 and 254 are reserved for experimentation, as
      recommended in [RFC3692], while value 255 is reserved by IANA.

11.  Address Mapping - Multicast

   The multicast address mapping of the native underlay interface
   applies.  The Client mobile router also serves as an IGMP/MLD Proxy
   for its ENETs and/or hosted applications per [RFC4605].

   The Client uses Multicast Listener Discovery (MLDv2) [RFC3810] to
   coordinate with Proxy/Servers, and underlay network elements use MLD
   snooping [RFC4541].  The Client can also employ multicast routing
   protocols to coordinate with network-based multicast sources as
   specified in [I-D.templin-6man-aero3].

   Since the OMNI link model is NBMA, OMNI links support link-scoped
   multicast through iterative unicast transmissions to individual
   multicast group members (i.e., unicast/multicast emulation).

12.  Multilink Conceptual Sending Algorithm

   The Client's network layer selects the outbound OMNI interface
   according to SBM considerations when forwarding original IP packets/
   parcels from local or ENET applications to external correspondents.
   Each OMNI interface maintains an internal OAL neighbor cache
   maintained the same as discussed in [RFC4861], but also includes
   additional state for multilink coordination.  Each Client OMNI
   interface maintains default routes via Proxy/Servers discovered as
   discussed in Section 13, and may configure more-specific routes
   discovered through means outside the scope of this specification.

   For each original IP packet/parcel it forwards, the OMNI interface
   selects one or more source underlay interfaces based on PBM factors
   (e.g., traffic attributes, cost, performance, message size, etc.) and
   one or more target underlay interfaces for the neighbor based on
   Interface Attributes received in IPv6 ND messages (see:
   Section 10.2.5).  Multilink forwarding may also direct carrier packet
   replication across multiple underlay interface pairs for increased
   reliability at the expense of duplication.  The set of all Interface
   Attributes and Traffic Selectors received in IPv6 ND messages
   determines the multilink forwarding profile for selecting target
   underlay interfaces.

Templin                   Expires 11 July 2025                [Page 105]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   When the OMNI interface forwards an original IP packet/parcel over a
   selected source underlay interface, it first employs OAL
   encapsulation and fragmentation as discussed in Section 5, then
   performs L2 encapsulation as directed by the appropriate AFV.  The
   OMNI interface also performs L2 encapsulation (following OAL
   encapsulation) when the nearest Proxy/Server is located multiple hops
   away as discussed in Section 13.2.

   OMNI interface multilink service designers MUST observe the BCP
   guidance in Section 15 [RFC3819] in terms of implications for
   reordering when original IP packets/parcels from the same flow may be
   spread across multiple underlay interfaces having diverse properties.

12.1.  Multiple OMNI Interfaces

   Clients may connect to multiple independent OMNI links within the
   same or different OMNI domains to support SBM.  The Client configures
   a separate OMNI interface for each link so that multiple interfaces
   (e.g., omni0, omni1, omni2, etc.) are exposed to the network layer.
   Each OMNI interface is configured over a separate set of underlying
   interfaces and configures one or more OMNI link SRA addresses (see:
   Section 8); the Client injects the corresponding SRA prefixes into
   the ENET routing system.  Multiple distinct OMNI links can therefore
   be used to support fault tolerance, load balancing, reliability, etc.

   Applications in ENETs can use Segment Routing to select the desired
   OMNI interface based on SBM considerations.  The application writes
   an OMNI link SRA address into the original IP packet/parcel's
   destination address, and writes the actual destination (along with
   any additional intermediate hops) into the Segment Routing Header.
   Standard IP routing directs the packet/parcel to the Client's mobile
   router entity, where the OMNI link SRA address identifies the correct
   OMNI interface for next hop forwarding.  When the Client receives the
   packet/parcel, it replaces the IP destination address with the next
   hop found in the Segment Routing Header and forwards the message via
   the OMNI interface identified by the SRA address.

   Note: The Client need not configure its OMNI interface indexes in
   one-to-one correspondence with the global OMNI Link-IDs configured
   for OMNI domain administration since the Client's indexes (i.e.,
   omni0, omni1, omni2, etc.) are used only for its own local interface
   management.

Templin                   Expires 11 July 2025                [Page 106]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

12.2.  Client-Proxy/Server Loop Prevention

   After a Proxy/Server has registered an MNP for a Client (see:
   Section 13), the Proxy/Server will forward all original IP packets/
   parcels (or carrier packets) destined to an address within the MNP to
   the Client.  The Client will under normal circumstances then forward
   the resulting original IP packet/parcel to the correct destination
   within its connected (downstream) ENETs.

   If at some later time the Client loses state (e.g., after a reboot),
   it may begin returning original IP packets/parcels (or carrier
   packets) with destinations corresponding to its MNP to the Proxy/
   Server as its default router.  The Proxy/Server therefore drops any
   original IP packets/parcels received from the Client with a
   destination address that corresponds to the Client's MNP (i.e.,
   whether ULA or GUA), and drops any carrier packets with both source
   and destination address corresponding to the same Client's MNP
   regardless of their origin.

   Proxy/Servers support "hairpinning" for packets with SNP source and
   destination addresses that would convey useful data from a source SNP
   Client to a target SNP Client both located in the same OMNI link
   segment.  Proxy/Servers support this hairpinning according to
   [RFC6296], however ULA-to-ULA addressing between peer nodes within
   the same OMNI link segment is preferred whenever possible.

13.  Router Discovery and Prefix Delegation

   Clients engage their FHS Proxy/Servers and the MS by sending OAL
   encapsulated RS messages with OMNI options under the assumption that
   one or more Proxy/Server will process the message and respond.  The
   RS message is received by a FHS Proxy/Server, which may in turn
   forward a proxyed copy to a MAP Proxy/Server located in a local or
   remote SRT segment if the Client requires MNP service.  The MAP
   Proxy/Server then returns an OAL encapsulated RA message either
   directly to the Client or via the original FHS Proxy/Server acting as
   a proxy.

   To support Client to service coordination, the OMNI option provides
   flag bits in the OMNI Neighbor Control sub-option as discussed in
   Section 10.2.5.  Clients set or clear the NUD, ARR and/or RPT flags
   in RS messages as directives to the Mobility Service FHS/MAP Proxy/
   Servers.  Proxy/Servers interpret the flags as follows:

Templin                   Expires 11 July 2025                [Page 107]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   *  When an FHS Proxy/Server forwards or processes an RS with the NUD
      flag set, it responds directly to future NS Neighbor
      Unreachability Detection (NUD) messages with the Client as the
      target by returning NA(NUD) replies; otherwise, it forwards
      NS(NUD) messages to the Client.

   *  When the MAP Proxy/Server receives an RS with the ARR flag set, it
      responds directly to future NS Address Resolution (AR) messages
      with the Client as the target by returning NA(AR) replies;
      otherwise, it forwards NS(AR) messages to the Client.

   *  When the MAP Proxy/Server receives an RS with the RPT flag set, it
      maintains a Report List of recent NS(AR) message sources for the
      source or target Client and sends uNA messages to all list members
      if any aspects of the Client's underlay interfaces change.

   Mobility Service Proxy/Servers function according to the NUD, ARR and
   RPT flag settings received in the most recent RS message to support
   dynamic Client updates.

   Clients and FHS Proxy/Servers include an authentication signature as
   an OMNI sub-option in their RS/RA exchanges when necessary but always
   include valid IPv6 ND message and OMNI option checksums.  FHS and MAP
   Proxy/Server RS/RA message exchanges over the SRT secured spanning
   tree instead always include the checksums and omit the authentication
   signature.  Clients and Proxy/Servers use the information included in
   RS/RA messages to establish NCE state and OMNI link autoconfiguration
   information as discussed in this section.

Templin                   Expires 11 July 2025                [Page 108]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   For each underlay interface, the Client sends RS messages with OMNI
   options to coordinate with a (potentially) different FHS Proxy/Server
   for each interface but typically with a limited set of MAP Proxy/
   Servers (normally only one).  All Proxy/Servers are identified by
   their MLA/ULA/GUA addresses and accept carrier packets addressed to
   their anycast/unicast L2ADDRs; the MAP Proxy/Server may be chosen
   among any of the Client's FHS Proxy/Servers or may be any other
   Proxy/Server for the OMNI link.  Example L2ADDR discovery methods
   appear in [RFC5214] and include data link login parameters, name
   service lookups, static configuration, a DHCP option, a static
   "hosts" file, etc.  In the absence of other information, the Client
   can resolve the DNS Fully-Qualified Domain Name (FQDN)
   "linkupnetworks.[domainname]" where "linkupnetworks" is a constant
   text string and "[domainname]" is a DNS suffix for the OMNI link
   (e.g., "example.com").  The name resolution will return a set of DNS
   resource records with the addresses of Proxy/Servers for the local
   OMNI link segment.  When the underlay *NET does not support standard
   unicast server-based name resolution [RFC1035] the Client can engage
   a multicast service such as mDNS [RFC6762] within the local OMNI link
   segment.

   Each FHS Proxy/Server configures an MLA and SNP ULA/GUA prefix pairs
   for the local OMNI link segment then advertises its L2ADDR(s) for
   discovery as above.  The Client can then manage its own SNP ULA/GUA
   addresses through DHCPv6 address autoconfiguration exchanges with FHS
   Proxy/Servers.  The FHS Proxy/Servers discovered over multiple of the
   Client's underlay interfaces may configure the same or different SNP
   ULA/GUA prefix pairs, and the Client's ULA for each underlay
   interface will fall within the ULA OMNI link segment relative to each
   FHS Proxy/Server.

   Clients configure OMNI interfaces that observe the properties
   discussed in previous sections.  The OMNI interface and its underlay
   interfaces are said to be in either the "UP" or "DOWN" state
   according to administrative actions in conjunction with the interface
   connectivity status.  An OMNI interface transitions to UP/DOWN
   through administrative action and/or through underlay interface state
   transitions.  When a first underlay interface transitions to UP, the
   OMNI interface also transitions to UP.  When all underlay interfaces
   transition to DOWN, the OMNI interface also transitions to DOWN.

   When a Client OMNI interface transitions to UP, the IP layer sends RS
   messages into the OMNI interface; the OMNI interface then appends a
   single OMNI option at the end of each RS message while sending an
   interface-specific copy of the message over each underlay interface.
   These OMNI RS messages will register an initial set of underlay
   interfaces that are also UP and optionally also register/request an
   MNP.  The Client sends additional RS messages to refresh lifetimes

Templin                   Expires 11 July 2025                [Page 109]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   and to register/deregister underlay interfaces as they transition to
   UP or DOWN.  The Client's OMNI interface sends initial RS messages
   over an UP underlay interface with source set to its LLA or the SNP
   ULA for the local OMNI link segment (otherwise with source set to the
   unspecified address ("::/128") per [RFC4861]) and with destination
   set to either the LLA of a specific (MAP) Proxy/Server or link-scoped
   All-Routers multicast (ff02::2) [RFC4291].  The Client includes an
   OMNI option per Section 10 with a Neighbor Control sub-option with
   the RS NUD, ARR and RPT flags set or cleared as necessary.

   Clients in MANETs and open INET deployments also include an OMNI
   Multilink Vector sub-option with FHS ifIndex set to the ifIndex of
   its own underlay interface and with LHS ifIndex set to 0 (i.e., the
   default ifIndex configured by all Proxy/Servers).  The Client also
   sets AFVI to 0, sets Sequence Number to a randomly-chosen 8-octet
   value and sets the Flow Label in the IPv6 header to 0.  The resulting
   exchange will establish symmetric Identification windows for the
   Client and Proxy/Server for use in authenticating control messages.

   The Client next includes an Interface Attributes sub-option for the
   underlay interface, a first DHCPv6 Solicit sub-option with IA_NA
   DHCPv6 options and (optionally) a second DHCPv6 Solicit sub-option
   with IA_PD options.  The Client then includes any other necessary
   OMNI sub-options such as authentication, Timestamp, Nonce, Proxy/
   Server Departure, etc.  The OMNI interface finally sets or clears the
   Interface Attributes FMT-Forward and FMT-Mode bits according to its
   desired FHS Proxy/Server service model as described in
   Section 10.2.5.

   The Client next prepares to forward the RS over the underlay
   interface using OAL encapsulation.  The OMNI interface first
   calculates and sets the authentication signature if necessary
   followed by the OMNI option checksum.  The OMNI interface next sets
   the OAL source address to an MLA for the outgoing underlay network
   and sets the OAL destination to site-scoped All-Routers multicast
   (ff05::2) [RFC4291], a known FHS Proxy/Server MLA or an anycast
   address.  When L2 encapsulation is used, the Client next includes the
   discovered FHS Proxy/Server L2ADDR or an anycast address as the L2
   destination then fragments if necessary and forwards the resulting
   carrier packet(s) into the underlay network.  Note that the Client
   does not yet create a NCE, but instead caches its RS message
   transmissions in the OAL to match against any received RA messages.

   When an FHS Proxy/Server receives the carrier packets containing an
   RS it performs L2 reassembly if necessary, sets aside the L2 and OAL
   headers, then verifies the checksums/authentication signature.  The
   FHS Proxy/Server then creates/updates a NCE indexed by the local
   representation of the Client's LLA source address.  The FHS Proxy/

Templin                   Expires 11 July 2025                [Page 110]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Server then caches the OMNI Interface Attributes and any Traffic
   Selector sub-options while also caching the L2 (UDP/IP) and OAL
   source and destination address information.  The FHS Proxy/Server
   then searches for the first OMNI DHCPv6 sub-option then coordinates
   with the local DHCPv6 server to either allocate new SNP ULA/GUA pairs
   or extend the lease lifetime for existing SNP ULA/GUA pairs for the
   Client.  The FHS Proxy/Server next caches the SNP ULA/GUA in the
   (newly-created) NCE, then caches the RS Neighbor Control NUD flag and
   Multilink Vector parameters if present (see: Section 10.1) and
   examines the RS destination address.

   If the destination matches one of its own addresses and a second OMNI
   DHCPv6 sub-option with IA_PD options is present, the FHS Proxy/Server
   coordinates with the local DHCPv6 server then assumes the MAP role as
   a default router entry point for injecting the Client's MNP(s) into
   the OMNI link routing system.  The FHS/MAP Proxy/Server then caches
   the RS ARR and RPT flags to determine its role in processing NS(AR)
   messages and generating uNA messages (see: Section 10.1).

   The FHS/MAP Proxy/Server then prepares to return an RA message
   directly to the Client by first populating the Cur Hop Limit, Flags,
   Router Lifetime, Reachable Time and Retrans Timer fields with values
   appropriate for the OMNI link.  The FHS/MAP Proxy/Server next
   includes an OMNI option with a Neighbor Control sub-option and a
   responsive Multilink Vector sub-option with AFVI set to 0 and with
   responsive window synchronization information.  The FHS/MAP Proxy/
   Server also includes an authentication sub-option if necessary and a
   (proxyed) copy of the Client's original Interface Attributes sub-
   option with its INET-facing interface information written in the FMT,
   SRT and LHS Proxy/Server L3ADDR/L2ADDR fields.  The Proxy/Server also
   includes a separate DHCPv6 Reply sub-option for each IA_NA and/or
   IA_PD option that was processed/populated by the DHCPv6 exchange(s).

   The FHS/MAP Proxy/Server next sets or clears the FMT-Forward and FMT-
   Mode flags if necessary to convey its capabilities to the Client,
   noting that it should honor the Client's stated preferences for those
   parameters if possible or override otherwise.  The FMT-Forward/Mode
   flags thereafter remain fixed unless and until a new RS/RA exchange
   establishes different values (see: Section 10.2.5 for further
   discussion).  If the FHS/MAP Proxy/Server's Client-facing interface
   is different than its INET-facing interface, the Proxy/Server next
   includes a second Interface Attributes sub-option with ifIndex set to
   '0', with a unicast L2 address for its Client-facing interface in the
   L2ADDR field and with its SRA ULA in the L3ADDR field.

   The FHS/MAP Proxy/Server next includes an OMNI Origin Indication sub-
   option that includes the RS L2 source L2ADDR information (see:
   Section 10.2.19.1), then includes any other necessary OMNI sub-

Templin                   Expires 11 July 2025                [Page 111]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   options such as Nonce and Timestamp.  The FHS/MAP Proxy/Server also
   includes any other necessary RA options including 2 PIOs with (A=0;
   L=0) that include the ULA/GUA SNP prefixes for the segment per
   [RFC8028], RIOs per [RFC4191], etc.  The FHS/MAP Proxy/Server then
   sets the RA source address to its own LLA and sets the RA destination
   to the (new) SNP ULA for the Client.  The FHS/MAP Proxy/Server then
   calculates the authentication signature/checksums and performs OAL
   encapsulation while setting the OAL source to its own MLA and
   destination to the OAL source that appeared in the RS.  The FHS/MAP
   Proxy/Server then performs L2 encapsulation/fragmentation with L2
   source and destination address information reversed from the RS L2
   information and returns the resulting carrier packets to the Client
   over the same underlay interface the RS arrived on.

   When an FHS Proxy/Server receives an RS with valid checksums and
   authentication signature with destination set to link-scoped All-
   Routers multicast (ff02::2), it can either assume the MAP role itself
   the same as above or act as a proxy and select the SNP SRA GUA of
   another Proxy/Server to serve as the MAP.  When an FHS Proxy/Server
   assumes the proxy role or receives an RS with destination set to the
   SNP SRA GUA of another Proxy/Server, it forwards the message as a
   proxy.  The FHS Proxy/Server creates or updates a NCE for the Client
   (i.e., based on the RS source address) and caches the OAL source,
   Neighbor Control, Multilink Vector and Interface Attributes
   addressing information as above.  The FHS Proxy/Server then locally
   processes any DHCPv6 IA_NA options found in the RS OMNI option and
   assigns the SNP ULA/GUA address pairs to the Client NCE.

   The FHS Proxy/Server then over-writes the first DHCPv6 sub-option
   containing the IA_NA option with a PadN sub-option code or otherwise
   removes the sub-option altogether.  The FHS Proxy/Server next writes
   its own INET-facing FMT, SRT and LHS Proxy/Server L3ADDR/L2ADDR
   information into the appropriate Interface Attributes sub-option
   fields (while also setting/clearing FMT-Forward and FMT-Type as
   above) where the L3ADDR is the Client's SNP GUA address.  Next, the
   FHS Proxy/Server caches the Multilink Vector sub-option and removes
   it from the RS message, sets the RS source address to the Client's
   SNP GUA and sets the RS destination to the SNP SRA address of the MAP
   Proxy/Server.  The FHS Proxy/Server then calculates and includes the
   message checksums, sets the OAL source to the Client's SNP GUA and
   destination to the MAP Proxy/Server SNP SRA GUA, performs L2
   encapsulation/fragmentation and sends the resulting carrier packets
   into the SRT secured spanning tree.

   When the MAP Proxy/Server receives the carrier packets, it performs
   L2 reassembly/decapsulation and OAL decapsulation to obtain the
   proxyed RS, verifies the checksums, then performs DHCPv6 IA_PD
   processing to obtain or update any MNPs for the Client.  The MAP

Templin                   Expires 11 July 2025                [Page 112]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Proxy/Server then creates/updates a NCE for the Client's MNP(s) and
   caches any state (including the ARR and RPT flags, IA_NA addresses,
   OAL addresses, Interface Attributes information and Traffic
   Selectors), then finally performs routing protocol injection.  The
   MAP Proxy/Server then returns an OMNI encapsulated RA that echoes the
   Client's (proxyed) Interface Attributes sub-option and with any RA
   parameters the same as specified for the FHS/MAP Proxy/Server case
   above while also including a DHCPv6 Reply sub-option with the IA_PD
   transaction results.  The MAP Proxy/Server sets the RA source address
   to its own LLA and sets the destination address to the RS source
   address.  The OMNI interface of the MAP Proxy/Server then sets the
   OAL source address to its own SNP SRA GUA and destination address to
   the cached value for the RS source.  The MAP Proxy/Server then
   calculates the message checksums and encapsulates the RA as an OAL
   packet.  The MAP Proxy/Server finally performs L2 encapsulation/
   fragmentation and sends the resulting carrier packets into the
   secured spanning tree.

   When the FHS Proxy/Server receives the carrier packets it performs L2
   reassembly/decapsulation followed by OAL decapsulation to obtain the
   RA message, verifies checksums then updates the OMNI interface NCE
   for the Client and creates/updates a NCE for the MAP.  The FHS Proxy/
   Server then sets the P flag in the RA flags field [RFC4389] and
   proxys the RA by changing the OAL source to its MLA and changing the
   OAL destination to the source address from the Client's original RS
   message while also recording any DHCPv6 IA_NA SNP ULA/GUA address
   pairs as alternate indexes into the Client NCE.  The FHS Proxy/Server
   then includes 2 RA message PIOs with (A=0; L=0) with the SNP ULA/GUA
   prefixes for the segment per [RFC8028].  The FHS Proxy/Server next
   includes OMNI sub-options including Neighbor Control parameters
   responsive to those in the Client's RS, a Multilink Vector sub-option
   with its responses to its cached initiations from the Client and a
   DHCPv6 Reply sub-option with the IA_NA configuration results.  The
   FHS Proxy/Server also includes an Interface Attributes sub-option
   with ifIndex '0' and with its Client-facing interface unicast L2
   address if necessary (see above), an Origin Indication sub-option
   with the Client's cached L2ADDR and an authentication sub-option if
   necessary.  The FHS Proxy/Server finally calculates the
   authentication signature and message checksums, performs L2
   encapsulation/fragmentation with addresses taken from the Client's
   NCE and sends the resulting carrier packets via the same underlay
   interface over which the RS was received.

   When the Client receives the carrier packets, it performs L2
   reassembly/decapsulation followed by OAL decapsulation to obtain the
   RA message.  The Client next verifies the authentication signature/
   checksums, then matches the RA with its previously-sent RS by
   comparing the RS Sequence Number with the RA Acknowledgement Number

Templin                   Expires 11 July 2025                [Page 113]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   and also comparing the Nonce and/or Timestamp values.  If the values
   match, the Client then creates/updates OMNI interface NCEs for both
   the MAP and FHS Proxy/Server and caches the information in the RA
   message.  The Client next discovers its own SNP ULA by examining the
   RA destination address, discovers its own SNP GUA by examining the
   IA_NA DHCPv6 delegated addresses, and discovers the SNP ULA/GUA PIO
   prefixes for the OMNI link segment per [RFC8028].  The Client then
   adds the ULA/GUA prefixes to the OMNI interface Prefix List
   associated with this FHS Proxy/Server and considers the ULA/GUA
   prefix SRA addresses as the Proxy/Server addresses.  If the Client
   has multiple underlay interfaces, it creates additional FHS Proxy/
   Server NCEs as necessary when it receives RAs over those interfaces
   (noting that multiple of the Client's underlay interfaces may be
   serviced by the same or different FHS Proxy/Servers).  If the RA
   message includes a DHCPv6 Reply with the results of the IA_PD
   transaction, the Client accepts the delegated prefixes and provisions
   them on downstream-facing links.  The Client finally adds each FHS
   Proxy/Server SRA ULA to the OMNI interface Default Router List.

   For each underlay interface, the Client next caches the (filled-out)
   Interface Attributes for its own ifIndex and Origin Indication
   information that it received in an RA message over that interface so
   that it can include them in future NS/NA messages to provide
   neighbors with accurate FMT/SRT/LHS information.  (If the message
   includes an Interface Attributes sub-option with ifIndex '0', the
   Client also caches the L2ADDR as the underlay network-local unicast
   address of the FHS Proxy/Server via that underlay interface.)  The
   Client then compares the Origin Indication L2ADDR information with
   its own underlay interface addresses to determine whether there may
   be NATs on the path to the FHS Proxy/Server; if the L2ADDR
   information differs, the Client is behind one or more NATs and must
   supply the Origin information in IPv6 ND message exchanges with
   prospective neighbors on the same SRT segment.  The Client then
   caches the Multilink Vector responsive window synchronization
   parameters for use in future IPv6 ND message exchanges via this FHS
   Proxy/Server.  The Client finally configures default routes and
   assigns the IPv6 SRA address corresponding to the MNP (e.g.,
   2001:db8:1:2::) to the OMNI interface.  Note that these operations
   are conducted from within the OMNI interface.  As a final step, the
   OMNI interface replaces LLA source interface identifier and SLLAO
   Ethernet address with a locally unique address for this router.  The
   OMNI interface then forwards the RA message to the IP layer which can
   then update its view of the neighbor cache and default router list.

Templin                   Expires 11 July 2025                [Page 114]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Following the initial exchange, the FHS Proxy/Server MAY later send
   additional periodic and/or event-driven unsolicited RA messages per
   [RFC4861].  (The unsolicited RAs may be initiated either by the FHS
   Proxy/Server itself or by the MAP via the FHS as a proxy.)  The
   Client then continuously manages its underlay interfaces according to
   their states as follows:

   *  When an underlay interface transitions to UP, the Client sends an
      RS over the underlay interface with an OMNI option with sub-
      options as specified above.

   *  When an underlay interface transitions to DOWN, the Client sends
      unsolicited NA messages over any UP underlay interface with an
      OMNI option containing Interface Attributes sub-options for the
      DOWN underlay interface with ifMetric set to 'ffffffff'.  The
      Client sends isolated unsolicited NAs when reliability is not
      thought to be a concern (e.g., if redundant transmissions are sent
      on multiple underlay interfaces), or may instead set the SNR flag
      in an OMNI Neighbor Control sub-option to trigger an unsolicited
      NA reply (see: [I-D.templin-6man-aero3]).

   *  When the Router Lifetime for the MAP Proxy/Server nears
      expiration, the Client sends an RS over any underlay interface to
      receive a fresh RA from the MAP.  If no RA messages are received
      over a first underlay interface (i.e., after retrying), the Client
      marks the underlay interface as DOWN and should attempt to contact
      the MAP Proxy/Server via a different underlay interface.  If the
      MAP Proxy/Server is unresponsive over additional underlay
      interfaces, the Client sends an RS message with destination set to
      the SNP SRA GUA of another Proxy/Server which will then assume the
      MAP role.

   *  When all of a Client's underlay interfaces have transitioned to
      DOWN (or if a prefix delegation lifetime expires), the MAP Proxy/
      Server withdraws the MNP the same as if it had received a message
      with a release indication.

Templin                   Expires 11 July 2025                [Page 115]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The Client is responsible for retrying each RS exchange up to
   MAX_RTR_SOLICITATIONS times separated by RTR_SOLICITATION_INTERVAL
   seconds until an RA is received.  If no RA is received over an UP
   underlay interface (i.e., even after attempting to contact alternate
   Proxy/Servers), the Client can either declare this underlay interface
   as DOWN or continue to use the interface to support any peer-to-peer
   local communications with peers located in the same *NET.  When
   changing to a new FHS/MAP Proxy/Server, the Client also includes a
   Proxy/Server Departure OMNI sub-option in new RS messages; the (new)
   FHS Proxy/Server will in turn send uNA messages to the old FHS and/or
   MAP Proxy/Server to announce the Client's departure as discussed in
   [I-D.templin-6man-aero3].

   The network layer sees the OMNI interface as an ordinary IPv6
   interface.  Therefore, when the network layer sends an RS message the
   OMNI interface eventually returns corresponding RA messages from each
   responding FHS Proxy/Server.  Each RA message contains configuration
   information consistent with the information received from the RAs
   generated by the Proxy/Servers.  Note that this same logic applies to
   IPv4 implementations that employ "ICMP Router Discovery" per
   [RFC1256]; the OAL must convert ICMPv4 RS/RA messages into IPv6 ND
   RS/RA messages in a manner outside the scope of this specification
   prior to OMNI encapsulation.

   Note: The Router Lifetime value in RA messages indicates the time
   before which the Client must send another RS message over this
   underlay interface (e.g., 600 seconds), however that timescale may be
   significantly longer than the lifetime the MS has committed to retain
   the prefix registration (e.g., REACHABLE_TIME seconds).  Proxy/
   Servers are therefore responsible for keeping MS state alive on a
   shorter timescale than the Client may be required to do on its own
   behalf.

   Note: On certain multicast-capable underlay interfaces, Clients
   should send periodic unsolicited multicast NA messages and Proxy/
   Servers should send periodic unsolicited multicast RA messages as
   "beacons" that can be heard by other nodes on the link.  If a node
   fails to receive a beacon after a timeout value specific to the link,
   it can initiate Neighbor Unreachability Detection (NUD) exchanges to
   test reachability.

   Note: Although the Client's FHS Proxy/Server is a first-hop segment
   node from its own perspective, the Client stores the Proxy/Server's
   FMT/SRT/L3ADDR/L2ADDR as last-hop segment (LHS) information to supply
   to neighbors.  This allows both the Client and MAP Proxy/Server to
   supply the information to neighbors that will perceive it as LHS
   information on the return path to the Client.

Templin                   Expires 11 July 2025                [Page 116]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note: The MAP Proxy/Server injects Client MNPs into the OMNI link
   routing system by simply creating a route-to-interface forwarding
   table entry for MNP::/N via the OMNI interface.  The dynamic routing
   protocol will notice the new entry and propagate the route to its
   peers.  If the MAP receives additional RS messages, it need not re-
   create the forwarding table entry (nor disturb the dynamic routing
   protocol) if an entry is already present.  If the MAP ceases to
   receive RS messages from any of the Client's interfaces, it removes
   the Client MNP(s) from the forwarding table (i.e., after a short
   delay) which also results in their removal from the routing system.

   Note: If the Client's initial RS message includes an anycast L2
   destination address, the FHS Proxy/Server returns the solicited RA
   using the same anycast address as the L2 source while including an
   Interface Attributes sub-option with ifIndex '0' and its true unicast
   address in the L2ADDR.  When the Client sends additional RS messages,
   it includes this FHS Proxy/Server unicast address as the L2
   destination and the FHS Proxy/Server returns the solicited RA using
   the same unicast address as the L2 source.  This will ensure that RS/
   RA exchanges are not impeded by any NATs on the path while avoiding
   long-term exposure of messages that use an anycast address as the
   source.

   Note: The Origin Indication sub-option is included only by the FHS
   Proxy/Server and not by the MAP (unless the MAP is also serving as an
   FHS).

   Note: Clients should set the NUD, ARR and RPT flags consistently in
   successive RS messages and only change those settings when an FHS/MAP
   Proxy/Server service profile update is necessary.

13.1.  Client-Proxy/Server Window Synchronization

   The RS/RA exchanges discussed above observe the principles specified
   in Section 6.7.  Window synchronization is conducted between the
   Client and each FHS Proxy/Server used to contact the MAP Proxy/
   Server, i.e., and not between the Client and the MAP.  This is due to
   the fact that the MAP Proxy/Server is responsible only for forwarding
   messages via the secured spanning tree to FHS Proxy/Servers, and is
   not responsible for forwarding messages directly to the Client over
   unsecured networks.

   When a Client sends an RS to perform window synchronization via a new
   FHS Proxy/Server, it includes an OMNI Multilink Vector sub-option
   with window synchronization parameters with FHS ifIndex set to its
   own interface index, with LHS ifIndex set to 0, with AFVI set to 0,
   with the SYN flag set and ACK flag clear, and with an initial
   Sequence Number.  The Client finally includes an Interface Attributes

Templin                   Expires 11 July 2025                [Page 117]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   sub-option then performs OAL encapsulation and L2 encapsulation/
   fragmentation then sends the resulting carrier packets to the FHS
   Proxy/Server.  When the FHS Proxy/Server receives the carrier
   packets, it performs L2 reassembly/decapsulation, then extracts the
   RS message and caches the Multilink Vector parameters.  In the
   process, the FHS Proxy/Server removes the Multilink Vector sub-option
   itself, since the path to the MAP Proxy/Server is not included in
   window synchronization.

   The FHS Proxy/Server then performs L2 encapsulation/fragmentation and
   sends the resulting carrier packets via the secured spanning tree to
   the MAP Proxy/Server, which updates the Client's Interface Attributes
   and returns a unicast RA message.  The MAP Proxy/Server performs OAL
   encapsulation followed by L2 encapsulation/fragmentation and sends
   the carrier packets via the secured spanning tree to the FHS Proxy/
   Server.  The FHS Proxy/Server then proxys the message as discussed in
   the previous section and includes a Multilink Vector sub-option with
   responsive window synchronization information.  The FHS Proxy/Server
   then forwards the message to the Client via OAL encapsulation which
   updates its window synchronization information for the FHS Proxy/
   Server as necessary.

   Following the initial RS/RA-driven window synchronization, the Client
   can re-assert new windows with specific FHS Proxy/Servers by
   performing RS/RA exchanges between its own ULAs and the ULAs of the
   FHS Proxy/Servers at any time without having to disturb the MAP.
   When the Client also needs to refresh MAP state, it can set the RS
   destination address to the MAP SNP SRA address.

   This window synchronization is necessary only for MANET and INET
   Clients that must include authentication signatures with their IPv6
   ND messages; Clients in secured ANETs can omit window
   synchronization.  When Client-to-Proxy/Server window synchronization
   is used, subsequent IPv6 ND NS/NA messages exchanged between peers
   include IPv6 Extended Fragment Headers in the OAL encapsulations with
   in-window Identification values to support message authentication.
   No header compression state is maintained by OAL intermediate
   systems, which only maintain state for per-flow data plane windows.

13.2.  Router Discovery in IP Multihop and IPv4-Only Networks

   On some *NETs, a Client may be located multiple intermediate OAL hops
   away from the nearest OMNI link Proxy/Server.  Clients in multihop
   networks perform route discovery through the application of an
   adaptation layer routing protocol (e.g., a MANET routing protocol
   over omnidirectional wireless interfaces, etc.) then apply
   corresponding forwarding entries to the OMNI interface.  Example
   routing protocols optimized for MANET operations include OSPFv3

Templin                   Expires 11 July 2025                [Page 118]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC5340] with MANET Designated Router (OSPF-MDR) extensions
   [RFC5614], OLSRv2 [RFC7181], AODVv2 [I-D.perkins-manet-aodvv2] and
   others.  Clients employ the routing protocol according to the link
   model found in [RFC5889] and subnet model articulated in [RFC5942].
   For unique identification within the MANET, Clients use an MLA as a
   Router ID.

   A Client located potentially multiple OAL hops away from the nearest
   Proxy/Server prepares an RS message, sets the source address to its
   SNP ULA, LLA or unspecified ("::/128"), and sets the destination to
   link-scoped All-Routers multicast (ff02::2) or the SNP SRA ULA of a
   Proxy/Server the same as discussed above.  The OMNI interface then
   employs OAL encapsulation, sets the OAL source address to its MLA and
   sets the OAL destination to the MLA of the Proxy/Server, the site-
   scoped All-Routers multicast address (ff05::2) or the OMNI IPv6
   anycast address.

   For IPv6-enabled *NETs where the underlay interface observes the
   MANET properties discussed above, the Client injects the MLA into the
   IPv6 multihop routing system and forwards the message without further
   encapsulation.  Otherwise, the Client encapsulates the message in
   UDP/IPv6 L2 headers, sets the source to the underlay interface IPv6
   address and sets the destination to the discovered L2 unicast or
   anycast address of a Proxy/Server.  The Client then forwards the
   message into the IPv6 multihop routing system which conveys it to the
   nearest Proxy/Server.  If the nearest Proxy/Server is too busy, it
   should forward (without Proxying) the OAL-encapsulated RS to another
   nearby Proxy/Server connected to the same IPv6 (multihop) network.

   For IPv4-only *NETs, the Client encapsulates the RS message in UDP/
   IPv4 L2 headers, sets the source to the underlay interface IPv4
   address and sets the destination to the discovered L2 unicast address
   of a Proxy/Server or the OMNI IPv4 anycast address.  The Client then
   forwards the message into the IPv4 multihop routing system which
   conveys it to the nearest Proxy/Server that advertises the
   corresponding IPv4 prefix.  If the nearest Proxy/Server is too busy,
   it should forward (without Proxying) the OAL-encapsulated RS to
   another nearby Proxy/Server connected to the same IPv4 (multihop)
   network that configures the OMNI IPv6 anycast address.  (In
   environments where reciprocal RS forwarding cannot be supported, the
   first Proxy/Server should instead return an RA based on its own
   MSP(s).)

   When an OAL intermediate node that participates in the routing
   protocol receives the encapsulated RS, it forwards the message
   according to its OAL IPv6 forwarding table (note that an OAL
   intermediate system could be a fixed infrastructure element such as a
   roadside unit or another MANET/VANET Client).  This process repeats

Templin                   Expires 11 July 2025                [Page 119]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   iteratively until the RS message is received by a penultimate OAL hop
   within single-hop communications range of a Proxy/Server, which
   forwards the message to the Proxy/Server final hop.

   When a Proxy/Server that configures the OMNI IPv6 anycast destination
   address receives the message, it decapsulates the RS and assumes
   either the MAP or FHS role (in which case, it may forward the RS to a
   candidate MAP).  The MAP/FHS Proxy/Server then prepares an RA message
   using the same addressing disciplines as discussed in Section 13 and
   forwards the RA either to the FHS Proxy/Server or directly to the
   Client.

   When the MAP or FHS Proxy/Server forwards the RA to the Client, it
   encapsulates the message in L2 encapsulation headers (if necessary)
   The Proxy/Server then forwards the message to an OAL node within
   communications range, which forwards the message according to the
   next OAL hop by consulting its OAL IPv6 forwarding tables.  The
   multihop forwarding process within the *NET continues repetitively
   until the message arrives at the original Client, which decapsulates
   the message and performs autoconfiguration the same as if it had
   received the RA directly from a Proxy/Server on the same physical
   link.  The Client can optionally inject the delegated ULA and any MNP
   SRA GUAs into the IPv6 multihop routing system but this may represent
   excessive routing protocol overhead in some networks.

   Note: When the RS message includes anycast OAL and/or L2
   encapsulation destinations, the FHS Proxy/Server must use the same
   anycast addresses as the OAL and/or L2 encapsulation sources to
   support forwarding of the RA message plus any initial data messages.
   The FHS Proxy/Server then sends the resulting carrier packets over
   any NATs on the path.  When the Client receives the RA, it will
   discover the FHS Proxy/Server unicast ULAs and/or L2 encapsulation
   addresses and can send future carrier packets using the unicast
   (instead of anycast) addresses to populate NAT state in the forward
   path.  (If the Client does not have immediate data to send to the FHS
   Proxy/Server, it can instead send an OAL "bubble" - see
   Section 6.11.)  After the Client begins using unicast OAL/L2
   encapsulation addresses in this way, the FHS Proxy/Server should also
   begin using the same unicast addresses in the reverse direction.

   Note: When an OMNI interface configures an MLA, any nodes that
   forward an encapsulated RS message with the MLA as the OAL source
   must not consider the message as being specific to a particular OMNI
   link segment.  MLAs can therefore also serve as the source and
   destination addresses of unencapsulated IPv6 data communications
   within the local routing region, and if the MLAs are injected into
   the local network routing protocol their prefix length must be set to
   128 per [RFC5889].

Templin                   Expires 11 July 2025                [Page 120]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note: intermediate forwarding systems often coordinate multi-hop
   relaying using the same underlay interface in both the inbound and
   outbound directions, i.e. as opposed to different underlay
   interfaces.  The final forwarding node within range of a Proxy/Server
   could use the same or a different underlay interface to exchange
   carrier packets with the Proxy/Server, but may not be well positioned
   to perform multilink selections over multiple underlay interfaces on
   behalf of multihop dependent peers.

13.3.  DHCPv6-based Prefix Registration

   When a Client requires SNP ULA/GUA delegations via a specific Proxy/
   Server (or, when the Client requires MNP delegations for the OMNI
   link), it invokes the DHCPv6 service [I-D.ietf-dhc-rfc8415bis] in
   conjunction with its OMNI RS/RA message exchanges.

   When a Client requires the MS to delegate PA ULA/GUA pairs or PI
   MNPs, it sends an RS message to a FHS Proxy/Server.  If the Client
   requires one or more address or MNP delegations, it includes at most
   2 OMNI DHCPv6 Message sub-options - the first for address delegations
   and optionally a second for MNP delegations.  Each DHCPv6 sub-option
   contains a Client Identifier, either an IA_NA or IA_PD option and a
   Rapid Commit option then sets the 'msg-type' field to "Solicit" and
   includes a 3-octet 'transaction-id'.  The Client then sets the RS
   destination to link-scoped All-Routers multicast (ff02::2) and sends
   the message using OAL encapsulation as discussed above.

   When the FHS/MAP Proxy/Server receives the RS message, it examines
   the OMNI option contents.  Next, if the OMNI option includes a DHCPv6
   message sub-option the FHS/MAP Proxy/Server acts as a "Proxy DHCPv6
   Client" in a message exchange with the locally-resident DHCPv6
   server.  The FHS/MAP Proxy/Server then sends the DHCPv6 message to
   the DHCPv6 Server, which delegates SNP ULA/GUA pairs or MNPs and
   returns a DHCPv6 Reply message with autoconfiguration parameters.

   When the FHS Proxy/Server receives a DHCPv6 Reply with delegated
   addresses, it records the delegated SNP ULA/GUA pairs in the NCE for
   the Client, then forwards the RS message to the MAP Proxy/Server for
   prefix delegation if necessary; otherwise, it returns an immediate RA
   message to the Client.

   When the MAP Proxy/Server receives a DHCPv6 Reply with delegated
   prefixes, it creates OMNI interface MNP forwarding table entries
   (i.e., to prompt the dynamic routing protocol).  The MAP Proxy/Server
   then sends an RA back to the FHS Proxy/Server with the DHCPv6 Reply
   message for the IA_PD delegation included in an OMNI DHCPv6 message
   sub-option.  The FHS Proxy/Server then includes a DHCPv6 Reply for
   the IA_NA delegation and returns the RA to the Client.

Templin                   Expires 11 July 2025                [Page 121]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

13.4.  OMNI Link Extension

   Clients can provide an OMNI link ingress point for other nodes on
   their (downstream) ENETs that also act as Clients.  When Client A has
   already coordinated with an (upstream) (M)ANET/INET Proxy/Server,
   Client B on an ENET serviced by Client A can send OAL-encapsulated RS
   messages with addresses set the same as specified in Section 13.2.
   When Client A receives the RS message, it infers from the OAL
   encapsulation that Client B is seeking to establish itself as a
   Client instead of just a simple ENET Host.

   Client A then returns an RA message the same as a Proxy/Server would
   do as specified in Section 13.2 except that it instead uses its own
   MNP SRA GUA as the RA and OAL source addresses and performs
   (recursive) DHCPv6 Prefix Delegation.  The MNP delegation in the RA
   message must be a sub-MNP from the MNP delegated to Client A.  For
   example, if Client A receives the MNP 2001:db8:1000::/48 it can
   provide a sub-delegation such as 2001:db8:1000:2000::/56 to Client B.
   Client B can in turn sub-delegate 2001:db8:1000:2000::/56 to its own
   ENET(s), where there may be a further prospective Client C that would
   in turn request OMNI link services via Client B.

   To support this Client-to-Client chaining, Clients send IPv6 ND
   messages addressed to link-scoped All-Routers multicast (ff02::2) via
   their *NET (i.e., upstream) interfaces, but respond to IPv6 ND
   messages addressed to link-scoped All-Routers multicast over their
   ENET (i.e., downstream) networks where there may be further
   prospective Clients wishing to join the chain.  The ENET of the
   upstream Client is therefore seen as an ANET by downstream Clients,
   and the upstream Client is seen as a Proxy/Server by downstream
   Clients.

14.  Secure Redirection

   If the *NET link model is multiple access, the FHS Proxy/Server is
   responsible for assuring that address duplication cannot corrupt the
   neighbor caches of other nodes on the link through the use of the
   DHCPv6 address delegation service.  When the Client sends an RS
   message on a multiple access *NET, the Proxy/Server verifies that the
   Client is authorized to use the address and responds with an RA (or
   forwards the RS to the MAP) only if the Client is authorized.

   After verifying Client authorization and returning an RA, the Proxy/
   Server MAY return IPv6 ND Redirect messages in response to subsequent
   data plane packet transmissions to direct Clients located on the same
   *NET to exchange OAL packets directly without transiting the Proxy/
   Server.  In that case, the Clients can exchange OAL packets according
   to their unicast L2 addresses discovered from the Redirect message

Templin                   Expires 11 July 2025                [Page 122]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   instead of using the dogleg path through the Proxy/Server.  In some
   *NETs, however, such direct communications may be undesirable and
   continued use of the dogleg path through the Proxy/Server may provide
   better performance.  In that case, the Proxy/Server can refrain from
   sending Redirects, and/or Clients can ignore them.

15.  Proxy/Server Resilience

   *NETs SHOULD deploy Proxy/Servers in Virtual Router Redundancy
   Protocol (VRRP) [RFC5798] configurations so that service continuity
   is maintained even if one or more Proxy/Servers fail.  Using VRRP,
   the Client is unaware which of the (redundant) FHS Proxy/Servers is
   currently providing service, and any service discontinuity will be
   limited to the failover time supported by VRRP.  Widely deployed
   public domain implementations of VRRP are available.

   Proxy/Servers SHOULD use high availability clustering services so
   that multiple redundant systems can provide coordinated response to
   failures.  As with VRRP, widely deployed public domain
   implementations of high availability clustering services are
   available.  Note that special-purpose and expensive dedicated
   hardware is not necessary, and public domain implementations can be
   used even between lightweight virtual machines in cloud deployments.

16.  Detecting and Responding to Proxy/Server Failures

   In environments where fast recovery from Proxy/Server failure is
   essential, FHS Proxy/Servers SHOULD use proactive Neighbor
   Unreachability Detection (NUD) in a manner that parallels
   Bidirectional Forwarding Detection (BFD) [RFC5880] to track MAP
   Proxy/Server reachability.  FHS Proxy/Servers can then quickly detect
   and react to failures so that cached information is re-established
   through alternate paths.  Proactive NUD control messaging is carried
   only over well-connected ground domain networks (i.e., and not low-
   end links such as aeronautical radios) and can therefore be tuned for
   rapid response.

   FHS Proxy/Servers perform proactive NUD for MAP Proxy/Servers for
   which there are currently active Clients.  If a MAP Proxy/Server
   fails, the FHS Proxy/Server can quickly inform Clients of the outage
   by sending multicast RA messages.  The FHS Proxy/Server sends RA
   messages to Clients with source set to the GUA of the MAP, with
   destination address set to link-scoped All-Nodes multicast (ff02::1)
   [RFC4291] and with Router Lifetime set to 0.

Templin                   Expires 11 July 2025                [Page 123]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   The FHS Proxy/Server SHOULD send MAX_FINAL_RTR_ADVERTISEMENTS RA
   messages separated by small delays [RFC4861].  Any Clients that have
   been using the (now defunct) MAP Proxy/Server will receive the RA
   messages.

17.  Transition Considerations

   When a Client connects to a *NET link for the first time, it sends an
   RS message with an OMNI option.  If the first hop router recognizes
   the option, it responds according to the appropriate FHS/MAP Proxy/
   Server role resulting in an RA message with an OMNI option returned
   to the Client.  The Client then engages this FHS Proxy/Sever
   according to the OMNI link model specified above.  If the first hop
   router is a legacy IPv6 router, however, it instead returns an RA
   message with no OMNI option and with an ordinary unicast source LLA
   as specified in [RFC4861].  In that case, the Client engages the *NET
   according to the legacy IPv6 link model and without the OMNI
   extensions specified in this document.

   If the *NET link model is multiple access, there must be assurance
   that address duplication cannot corrupt the neighbor caches of other
   nodes on the link.  When the Client sends an RS message on a multiple
   access *NET link with an OMNI option, first hop routers that
   recognize the option ensure that the Client is authorized to use the
   address and return an RA with a non-zero Router Lifetime only if the
   Client is authorized.  First hop routers that do not recognize the
   OMNI option instead return an RA that makes no statement about the
   Client's authorization to use the source address.  In that case, the
   Client should perform Duplicate Address Detection to ensure that it
   does not interfere with other nodes on the link.

   An alternative approach for multiple access *NET links to ensure
   isolation for Client-Proxy/Server communications is through link
   layer address mappings as discussed in Appendix F.  This arrangement
   imparts a (virtual) point-to-point link model over the (physical)
   multiple access link.

18.  OMNI Interfaces on Open Internetworks

   Client OMNI interfaces configured over IPv6-enabled underlay
   interfaces on an open Internetwork without an OMNI-aware first-hop
   router receive IPv6 RA messages with no OMNI options, while OMNI
   interfaces configured over IPv4-only underlay interfaces receive no
   IPv6 RA messages at all (but may receive IPv4 RA messages per
   [RFC1256]).  Client OMNI interfaces that receive RA messages with
   OMNI options configure addresses, on-link prefixes, etc. on the
   underlay interface that received the RA according to standard IPv6 ND
   and address resolution conventions [RFC4861] [RFC4862].  Client OMNI

Templin                   Expires 11 July 2025                [Page 124]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   interfaces configured over IPv4-only underlay interfaces configure
   IPv4 address information on the underlay interfaces using mechanisms
   such as DHCPv4 [RFC2131].

   Client OMNI interfaces configured over underlay interfaces connected
   to open Internetworks can apply lower layer security services such as
   VPNs (e.g., IPsec tunnels) to connect to a Proxy/Server, or can
   establish a secured direct point-to-point link to the Proxy/Server
   through some other means (see Section 4).  In environments where
   lower layer security may be impractical or undesirable, Client OMNI
   interfaces can instead send IPv6 ND messages with OMNI options that
   include authentication signatures.

   OMNI interfaces use UDP/IP as L2 encapsulation headers for
   transmission over open Internetworks with UDP service port number
   8060 for both IPv4 and IPv6 underlay interfaces.  The OMNI interface
   submits original IP packets/parcels for OAL encapsulation, then
   encapsulates the resulting OAL fragments in UDP/IP L2 headers to form
   carrier packets.  (The first 4 bits following the UDP header
   determine whether the OAL headers are uncompressed/compressed as
   discussed in Section 6.5.)  The OMNI interface sets the UDP length to
   the encapsulated OAL fragment length and sets the IP length to an
   appropriate value at least as large as the UDP datagram.

   When necessary, sources include an OMNI option with an authentication
   sub-option in IPv6 ND messages.  The source can employ a simple
   Hashed Message Authentication Code (HMAC) as specified in
   [RFC2104][RFC6234], EdDSA [RFC8032], or a message-based
   authentication service such as HIP [RFC7401], QUIC-TLS
   [RFC9000][RFC9001], etc., by using the IPv6 ND message OMNI option as
   a "shipping container".  Before calculating the authentication
   signature, the source fully populates any necessary OMNI sub-options
   as well as any ordinary IPv6 ND options as necessary.

   The source then sets both the OMNI option checksum and authentication
   signature fields to 0 and calculates the authentication signature
   over the full length of the IPv6 ND message beginning with the IPv6
   ND message checksum field and extending over the length of the
   message.  (If the IPv6 ND message is part of an OAL composite packet,
   the source instead continues to calculate the authentication
   signature over the entire length of the composite packet.)  The
   source next writes the authentication signature into the appropriate
   sub-option field, calculates and writes the OMNI option checksum,
   then forwards the message.

   After establishing a secured underlay link or preparing for UDP/IP
   encapsulation, OMNI interfaces send RS/RA messages for Client-Proxy/
   Server coordination (see: Section 13) and NS/NA messages for

Templin                   Expires 11 July 2025                [Page 125]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   multilink forwarding, route optimization, and mobility management
   (see: [I-D.templin-6man-aero3]).  These control plane messages must
   be authenticated while other control and data plane messages are
   delivered the same as for ordinary best effort traffic with source
   address and/or Identification window-based data origin verification.
   Transport and higher layer protocol sessions over OMNI interfaces
   that connect over open Internetworks without an explicit underlay
   link security services should therefore employ security at their
   layers to ensure authentication, integrity and/or confidentiality.

   Clients should avoid using INET Proxy/Servers as general-purpose
   routers for steady streams of carrier packets that do not require
   authentication.  Clients should therefore perform route optimization
   to coordinate with other INET nodes that can provide forwarding
   services (or preferably coordinate with peer Clients directly)
   instead of burdening the Proxy/Server.  Procedures for coordinating
   with peer Clients and discovering INET nodes that can provide better
   forwarding services are discussed in [I-D.templin-6man-aero3].

   Clients that attempt to contact peers over INET underlay interfaces
   often encounter NATs in the path.  OMNI interfaces accommodate NAT
   traversal using UDP/IP encapsulation and the mechanisms discussed in
   [I-D.templin-6man-aero3].  FHS Proxy/Servers include Origin
   Indications in RA messages to allow Clients to detect the presence of
   NATs.

   Note: Following the initial IPv6 ND message exchange, OMNI interfaces
   configured over INET underlay interfaces maintain neighbor
   relationships by transmitting periodic IPv6 ND messages with OMNI
   options that include authentication signatures.  Other authentication
   services that use their own IPv6 ND option types such as [RFC3971]
   and [RFC8928] can also be used in addition to any OMNI authentication
   services.

   Note: OMNI interfaces configured over INET underlay interfaces should
   employ the Identification window synchronization mechanisms specified
   in Section 6.7 in order to exclude spurious carrier packets that
   might otherwise clutter the reassembly cache.  This is especially
   important in environments where carrier packet spoofing and/or
   corruption is a threat.

   Note: NATs may be present on the path from a Client to its FHS Proxy/
   Server, but never on the path from the FHS Proxy/Server to the MAP
   where only INET and/or spanning tree hops occur.  Therefore, the FHS
   Proxy/Server does not communicate Client origin information to the
   MAP where it would serve no purpose.

Templin                   Expires 11 July 2025                [Page 126]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

19.  Time-Varying MNPs

   In some use cases, it is desirable, beneficial and efficient for the
   Client to receive a constant MNP that travels with the Client
   wherever it moves.  For example, this would allow air traffic
   controllers to easily track aircraft, etc.  In other cases, however
   (e.g., intelligent transportation systems), the Client may be willing
   to sacrifice a modicum of efficiency in order to have time-varying
   MNPs that can be changed occasionally to defeat adversarial tracking.

   The prefix delegation services discussed in Section 13.3 allows
   Clients that desire time-varying MNPs to obtain short-lived prefixes
   to send RS messages with an OMNI option with DHCPv6 IA_PD sub-
   options.  The Client would then be obligated to renumber its internal
   networks whenever its MNPs change.  This should not present a
   challenge for Clients with automated network renumbering services,
   but may disrupt persistent sessions that would prefer to use a
   constant address.

20.  Error Messages

   An OAL destination or intermediate system may need to return
   ICMPv6-like error messages (e.g., Destination Unreachable, Packet Too
   Big, Time Exceeded, etc.)  [RFC4443] to an OAL source.  Since ICMPv6
   error messages do not themselves include authentication codes, OAL
   nodes can instead return error messages as an OMNI ICMPv6 Error sub-
   option in a secured IPv6 ND uNA message.

21.  IANA Considerations

   The following IANA actions are requested in accordance with [RFC8126]
   and [RFC8726].  Both existing registries and new registries specific
   to OMNI are affected.  Existing registries should be updated
   according to standard IANA practices.  New registries should be
   created under a new registry group for "Overlay Multilink Network
   Interface (OMNI)".

21.1.  Protocol Numbers Registry

   The IANA is instructed to allocate an Internet Protocol number TBD1
   from the 'protocol numbers' registry for the Overlay Multilink
   Network Interface (OMNI) protocol.  Guidance is found in [RFC5237]
   (registration procedure is IESG Approval or Standards Action).

Templin                   Expires 11 July 2025                [Page 127]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

21.2.  IEEE 802 Numbers Registry

   During final publication stages, the IESG will be requested to
   procure an IEEE EtherType value TBD2 for OMNI according to the
   statement found at https://www.ietf.org/about/groups/iesg/statements/
   ethertypes/.

   Following this procurement, the IANA is instructed to register the
   value TBD2 in the 'ieee-802-numbers' registry for Overlay Multilink
   Network Interface (OMNI) encapsulation on Ethernet networks.
   Guidance is found in [RFC7042] (registration procedure is Expert
   Review).

21.3.  OMNI Routing Header (ORH)

   IANA is instructed to assign a new Routing Type value "TBD3"
   description "OMNI Routing Header" in the ipv6-parameters registry
   (registration procedure is IETF Review or IESG Approval).

21.4.  IPv4 Special-Purpose Address Registry

   The IANA is instructed to assign TBD4/N as an "OMNI IPv4 anycast"
   address/prefix in the "IPv4 Special-Purpose Address" registry in a
   similar fashion as for [RFC3068].  The assignment also automatically
   provides the basis for an "OMNI IPv6 anycast" address configured as
   2002:TBD4::. The IANA is requested assist the author's efforts to
   obtain a TBD4/N public IPv4 prefix, whether through an RIR
   allocation, a delegation from IANA's "IPv4 Recovered Address Space"
   registry or through an unspecified third party donation.

21.5.  Ethernet Numbers Registry

   The IANA is instructed to allocate one Ethernet unicast address TBD5
   (suggested value '00-52-14') in the 'ethernet-numbers' registry under
   "IANA Unicast 48-bit MAC Addresses" (registration procedure is Expert
   Review).  The registration should appear as follows:

   Addresses      Usage                                         Reference
   ---------      -----                                         ---------
   00-52-14       Overlay Multilink Network (OMNI) Interface    [RFCXXXX]

             Figure 43: IANA Unicast 48-bit MAC Addresses

Templin                   Expires 11 July 2025                [Page 128]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

21.6.  ICMPv6 Code Fields

   The IANA is instructed to assign new Code values in the "ICMPv6 Code
   Fields: Type 2 - Packet Too Big" table in the 'icmpv6-parameters'
   registry (registration procedure is Standards Action or IESG
   Approval).  The registry entries should appear as follows:

      Code            Name                         Reference
      ---             ----                         ---------
      0               PTB Hard Error               [RFC4443]
      1 (suggested)   PTB Soft Error (no loss)     [RFCXXXX]
      2 (suggested)   PTB Soft Error (loss)        [RFCXXXX]

       Figure 44: ICMPv6 Code Fields: Type 2 - Packet Too Big Values

21.7.  ICMPv4 PTB Messages

   The IANA is instructed to assign a new Type number TBD6 in the 'icmp-
   parameters' registry "ICMP Type Numbers" table (registration
   procedures IESG Approval or Standards Action).  The entry should set
   "Type" to TBD6, "Name" to "Packet Too Big (PTB)" and "Reference" to
   [RFCXXXX] (i.e., this document).

   The IANA is further instructed to create a new table titled: "Type
   TBD6 - Packet Too Big (PTB)" in the 'icmp-parameters' Code tables,
   with registration procedures IESG Approval or Standards Action.  The
   table should have the following initial format:

      Code            Name                         Reference
      ---             ----                         ---------
      0               Reserved                     [RFCXXXX]
      1 (suggested)   PTB Soft Error (no loss)     [RFCXXXX]
      2 (suggested)   PTB Soft Error (loss)        [RFCXXXX]

                Figure 45: Type TBD6 - Packet Too Big (PTB)

21.8.  OMNI Option Sub-Types (New Registry)

   The OMNI option defines a 5-bit Sub-Type field, for which IANA is
   instructed to create and maintain a new registry entitled "OMNI
   Option Sub-Type Values".  Initial values are given below
   (registration procedure is RFC required):

Templin                   Expires 11 July 2025                [Page 129]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        Pad1                           [RFCXXXX]
      1        PadN                           [RFCXXXX]
      2        Node Identification            [RFCXXXX]
      3        Authentication                 [RFCXXXX]
      4        Neighbor Control               [RFCXXXX]
      5        Interface Attributes           [RFCXXXX]
      6        Traffic Selector               [RFCXXXX]
      7        Multilink Vector               [RFCXXXX]
      8        Geo Coordinates                [RFCXXXX]
      9        DHCPv6 Message                 [RFCXXXX]
      10       PIM-SM Message                 [RFCXXXX]
      11       HIP Message                    [RFCXXXX]
      12       QUIC-TLS Message               [RFCXXXX]
      13       Fragmentation Report           [RFCXXXX]
      14       ICMPv6 Error                   [RFCXXXX]
      15       Proxy/Server Departure         [RFCXXXX]
      16       Timestamp                      [RFCXXXX]
      17       Nonce                          [RFCXXXX]
      18-29    Unassigned
      30       Sub-Type Extension             [RFCXXXX]
      31       Reserved by IANA               [RFCXXXX]

                   Figure 46: OMNI Option Sub-Type Values

21.9.  OMNI Node Identification ID-Types (New Registry)

   The OMNI Node Identification sub-option (see: Section 10.2.3)
   contains an 8-bit ID-Type field, for which IANA is instructed to
   create and maintain a new registry entitled "OMNI Node Identification
   ID-Type Values".  Initial values are given below (registration
   procedure is RFC required):

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        UUID                           [RFCXXXX]
      1        HIT                            [RFCXXXX]
      2        HHIT                           [RFCXXXX]
      3        Network Access Identifier      [RFCXXXX]
      4        FQDN                           [RFCXXXX]
      5        IPv6 Address                   [RFCXXXX]
      6-252    Unassigned                     [RFCXXXX]
      253-254  Reserved for Experimental Use  [RFCXXXX]
      255      Reserved by IANA               [RFCXXXX]

             Figure 47: OMNI Node Identification ID-Type Values

Templin                   Expires 11 July 2025                [Page 130]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

21.10.  OMNI Geo Coordinates Types (New Registry)

   The OMNI Geo Coordinates sub-option (see: Section 10.2.9) contains an
   8-bit Type field, for which IANA is instructed to create and maintain
   a new registry entitled "OMNI Geo Coordinates Type Values".  Initial
   values are given below (registration procedure is RFC required):

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        NULL                           [RFCXXXX]
      1-252    Unassigned                     [RFCXXXX]
      253-254  Reserved for Experimental Use  [RFCXXXX]
      255      Reserved by IANA               [RFCXXXX]

                    Figure 48: OMNI Geo Coordinates Type

21.11.  OMNI Option Sub-Type Extensions (New Registry)

   The OMNI option defines an 8-bit Extension-Type field for Sub-Type 30
   (Sub-Type Extension), for which IANA is instructed to create and
   maintain a new registry entitled "OMNI Option Sub-Type Extension
   Values".  Initial values are given below (registration procedure is
   RFC required):

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        RFC4380 UDP/IP Header Option   [RFCXXXX]
      1        RFC6081 UDP/IP Trailer Option  [RFCXXXX]
      2-252    Unassigned
      253-254  Reserved for Experimental Use  [RFCXXXX]
      255      Reserved by IANA               [RFCXXXX]

              Figure 49: OMNI Option Sub-Type Extension Values

21.12.  OMNI RFC4380 UDP/IP Header Options (New Registry)

   The OMNI Sub-Type Extension "RFC4380 UDP/IP Header Option" defines an
   8-bit Header Type field, for which IANA is instructed to create and
   maintain a new registry entitled "OMNI RFC4380 UDP/IP Header Option".
   Initial registry values are given below (registration procedure is
   RFC required):

Templin                   Expires 11 July 2025                [Page 131]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        Origin Indication (IPv4)       [RFC4380]
      1        Authentication Encapsulation   [RFC4380]
      2        Origin Indication (IPv6)       [RFCXXXX]
      3-252    Unassigned
      253-254  Reserved for Experimental Use  [RFCXXXX]
      255      Reserved by IANA               [RFCXXXX]

                Figure 50: OMNI RFC4380 UDP/IP Header Option

21.13.  OMNI RFC6081 UDP/IP Trailer Options (New Registry)

   The OMNI Sub-Type Extension for "RFC6081 UDP/IP Trailer Option"
   defines an 8-bit Trailer Type field, for which IANA is instructed to
   create and maintain a new registry entitled "OMNI RFC6081 UDP/IP
   Trailer Option".  Initial registry values are given below
   (registration procedure is RFC required):

      Value    Sub-Type name                  Reference
      -----    -------------                  ----------
      0        Unassigned
      1        Nonce                          [RFC6081]
      2        Unassigned
      3        Alternate Address (IPv4)       [RFC6081]
      4        Neighbor Discovery Option      [RFC6081]
      5        Random Port                    [RFC6081]
      6        Alternate Address (IPv6)       [RFCXXXX]
      7-252    Unassigned
      253-254  Reserved for Experimental Use  [RFCXXXX]
      255      Reserved by IANA               [RFCXXXX]

                   Figure 51: OMNI RFC6081 Trailer Option

21.14.  ICMPv6 Parameters - Trust Anchor Option

   The IANA "ICMPv6 Parameters - Trust Anchor Option (Type 15) Name
   Field" registry includes Type values for common authentication
   signature values that could be used for SEcure Neighbor Discovery
   (SEND).  IANA is instructed to assign the value TBD7 for "Edwards-
   Curve Digital Signature Algorithm (EdDSA)" [RFC8032] in this registry
   with reference set to [RFCXXXX] (i.e., this document).

Templin                   Expires 11 July 2025                [Page 132]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

21.15.  Additional Considerations

   The IANA has assigned the UDP port number "8060" for an earlier
   experimental version of AERO [RFC6706].  This document reclaims the
   UDP port number "8060" for 'aero' as the service port for UDP/IP
   encapsulation.  (Note that, although [RFC6706] is not widely
   implemented or deployed, any messages coded to that specification can
   be easily distinguished and ignored since they include an invalid
   ICMPv6 message type number '0'.)  The IANA is therefore instructed to
   update the reference for UDP port number "8060" from "RFC6706" to
   "RFCXXXX" (i.e., this document) while retaining the existing name
   'aero'.

   The IANA has assigned a 4-octet Private Enterprise Number (PEN) code
   "45282" in the "enterprise-numbers" registry.  This document is the
   normative reference for using this code in DHCP Unique IDentifiers
   based on Enterprise Numbers ("DUID-EN for OMNI Interfaces") (see:
   Section 9).  The IANA is therefore instructed to change the
   enterprise designation for PEN code "45282" from "LinkUp Networks" to
   "Overlay Multilink Network Interface (OMNI)".

   The IANA has assigned the ifType code "301 - omni - Overlay Multilink
   Network Interface (OMNI)" in accordance with Section 6 of [RFC8892].
   The registration appears under the IANA "Structure of Management
   Information (SMI) Numbers (MIB Module Registrations) - Interface
   Types (ifType)" registry.  No further IANA actions are required.

   No further IANA actions are required.

22.  Security Considerations

   Security considerations for IPv4 [RFC0791], IPv6 [RFC8200] and IPv6
   Neighbor Discovery [RFC4861] apply.  OMNI interface IPv6 ND message
   OMNI options SHOULD include Nonce and Timestamp sub-options when
   transaction confirmation and/or time synchronization is needed per
   [RFC3971].

   OMNI interfaces configured over secured ANET/ENET interfaces inherit
   the physical and/or link layer security properties (i.e., "protected
   spectrum") of the connected networks.  OMNI interfaces configured
   over open *NET interfaces can use symmetric securing services such as
   IPsec tunnels [RFC4301] or can by some other means establish a direct
   point-to-point link secured at lower layers.  When lower layer
   security may be impractical or undesirable, however, control message
   integrity and authorization services such as those specified in
   [RFC7401], [RFC4380], [RFC6234], [RFC8032], [RFC9000], etc. must be
   employed.

Templin                   Expires 11 July 2025                [Page 133]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   OMNI link mobility services MUST support strong network layer
   authentication for control plane messages and forwarding path
   integrity for data plane messages.  In particular, the AERO service
   [I-D.templin-6man-aero3] constructs a secured spanning tree with
   Proxy/Servers as leaf nodes and secures the spanning tree links with
   network layer security services based on IPsec [RFC4301] with IKEv2
   [RFC7296].  (Note that direct point-to-point links secured at lower
   layers can also be used instead of or in addition to network layer
   security.)  These network (and/or lower-layer) services together
   provide connectionless integrity and data origin authentication with
   optional protection against replays.

   Control plane messages that affect the routing system or neighbor
   state either include authentication signatures or are constrained to
   travel only over secured spanning tree paths; in both cases, the
   messages are protected by network (and/or lower-layer) security.
   Other control and data plane messages can travel over unsecured route
   optimized paths that do not strictly follow the spanning tree,
   therefore end-to-end sessions should employ transport or higher layer
   security services (e.g., TLS/SSL [RFC8446], DTLS [RFC6347], etc.).
   Additionally, the OAL Identification value can provide a first level
   of data origin authentication to mitigate off-path spoofing.

   Identity-based key verification infrastructure services such as iPSK
   may be necessary for verifying the identities claimed by Clients.
   This requirement should be harmonized with the manner in which
   identifiers such as (H)HITs are attested in a given operational
   environment.

   Security considerations for specific access network interface types
   are covered under the corresponding IP-over-(foo) specification
   (e.g., [RFC2464], [RFC2492], etc.).

   Security considerations for IPv6 fragmentation and reassembly are
   discussed in Section 6.15.  In environments where spoofing is
   considered a threat, OMNI nodes SHOULD employ Identification window
   synchronization and OAL destinations SHOULD configure an (end-system-
   based) firewall.

23.  Implementation Status

   AERO/OMNI Release-3.2 was tagged on March 30, 2021, and was subject
   to internal testing.  The implementation is not planned for public
   release.

Templin                   Expires 11 July 2025                [Page 134]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   A new implementation architecture based on a clean-slate has been
   developed and will incorporate updated aspects of the AERO/OMNI
   specs, with the goal of producing a reference implementation for
   future release.

24.  Document Updates

   This document suggests that the following could be updated through
   future IETF initiatives:

   *  [RFC1191]

   *  [RFC4443]

   *  [RFC8200]

   *  [RFC8201]

   Updates can be through, e.g., standards action, the errata process,
   etc. as appropriate.

25.  Acknowledgements

   The first version of this document was prepared per the consensus
   decision at the 7th Conference of the International Civil Aviation
   Organization (ICAO) Working Group-I Mobility Subgroup on March 22,
   2019.  Consensus to take the document forward to the IETF was reached
   at the 9th Conference of the Mobility Subgroup on November 22, 2019.
   Attendees and contributors included: Guray Acar, Danny Bharj,
   Francois D'Humieres, Pavel Drasil, Nikos Fistas, Giovanni Garofolo,
   Bernhard Haindl, Vaughn Maiolla, Tom McParland, Victor Moreno, Madhu
   Niraula, Brent Phillips, Liviu Popescu, Jacky Pouzet, Aloke Roy, Greg
   Saccone, Robert Segers, Michal Skorepa, Michel Solery, Stephane
   Tamalet, Fred Templin, Jean-Marc Vacher, Bela Varkonyi, Tony Whyman,
   Fryderyk Wrobel and Dongsong Zeng.

   The following individuals are acknowledged for their useful comments:
   Felipe Magno de Almeida, Amanda Baber, Scott Burleigh, Stuart Card,
   Donald Eastlake, Adrian Farrel, Michael Matyas, Robert Moskowitz,
   Madhu Niraula, Greg Saccone, Stephane Tamalet, Eliot Lear, Eduard
   Vasilenko, Eric Vyncke.  Pavel Drasil, Zdenek Jaron and Michal
   Skorepa are especially recognized for their many helpful ideas and
   suggestions.  Akash Agarwal, Madhuri Madhava Badgandi, Sean Dickson,
   Don Dillenburg, Joe Dudkowski, Vijayasarathy Rajagopalan, Ron
   Sackman, Bhargava Raman Sai Prakash and Katherine Tran are
   acknowledged for their hard work on the implementation and technical
   insights that led to improvements for the spec.

Templin                   Expires 11 July 2025                [Page 135]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Discussions on the IETF 6man and atn mailing lists during the fall of
   2020 suggested additional points to consider.  The authors gratefully
   acknowledge the list members who contributed valuable insights
   through those discussions.  Eric Vyncke and Erik Kline were the
   intarea ADs, while Bob Hinden and Ole Troan were the 6man WG chairs
   at the time the document was developed; they are all gratefully
   acknowledged for their many helpful insights.  Many of the ideas in
   this document have further built on IETF experiences beginning in the
   1990s, with insights from colleagues including Ron Bonica, Brian
   Carpenter, Ralph Droms, Tom Herbert, Bob Hinden, Christian Huitema,
   Thomas Narten, Dave Thaler, Joe Touch, Pascal Thubert, and many
   others who deserve recognition.

   Early observations on IP fragmentation performance implications were
   noted in the 1986 Digital Equipment Corporation (DEC) "qe reset"
   investigation, where fragment bursts from NFS UDP traffic triggered
   hardware resets resulting in communication failures.  Jeff Chase,
   Fred Glover and Chet Juzsczak of the Ultrix Engineering Group led the
   investigation, and determined that setting a smaller NFS mount block
   size reduced the amount of fragmentation and suppressed the resets.
   Early observations on L2 media MTU issues were noted in the 1988 DEC
   FDDI investigation, where Raj Jain, KK Ramakrishnan and Kathy Wilde
   represented architectural considerations for FDDI networking in
   general including FDDI/Ethernet bridging.  Jeff Mogul (who led the
   IETF Path MTU Discovery working group) and other DEC colleagues who
   supported these early investigations are also acknowledged.

   Throughout the 1990's and into the 2000's, many colleagues supported
   and encouraged continuation of the work.  Beginning with the DEC
   Project Sequoia effort at the University of California, Berkeley,
   then moving to the DEC research lab offices in Palo Alto CA, then to
   Sterling Software at the NASA Ames Research Center, then to SRI in
   Menlo Park, CA, then to Nokia in Mountain View, CA and finally to the
   Boeing Company in 2005 the work saw continuous advancement through
   the encouragement of many.  Those who offered their support and
   encouragement are gratefully acknowledged.

   This work is aligned with the NASA Safe Autonomous Systems Operation
   (SASO) program under NASA contract number NNA16BD84C.

   This work is aligned with the FAA as per the SE2025 contract number
   DTFAWA-15-D-00030.

   This work is aligned with the Boeing Information Technology (BIT)
   Mobility Vision Lab (MVL) program.

   This work is aligned with the Boeing/Virginia Tech Network Security
   Institute (VTNSI) 5G MANET research program.

Templin                   Expires 11 July 2025                [Page 136]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Honoring life, liberty and the pursuit of happiness.

26.  References

26.1.  Normative References

   [I-D.ietf-dhc-rfc8415bis]
              Mrugalski, T., Volz, B., Richardson, M., Jiang, S., and T.
              Winters, "Dynamic Host Configuration Protocol for IPv6
              (DHCPv6)", Work in Progress, Internet-Draft, draft-ietf-
              dhc-rfc8415bis-07, 12 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-dhc-
              rfc8415bis-07>.

   [I-D.templin-6man-ipid-ext2]
              Templin, F. and T. Herbert, "IPv6 Extended Fragment Header
              (EFH)", Work in Progress, Internet-Draft, draft-templin-
              6man-ipid-ext2-05, 31 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-templin-6man-
              ipid-ext2-05>.

   [I-D.templin-6man-parcels2]
              Templin, F., "IPv6 Parcels and Advanced Jumbos (AJs)",
              Work in Progress, Internet-Draft, draft-templin-6man-
              parcels2-19, 23 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-templin-6man-
              parcels2-19>.

   [I-D.templin-intarea-parcels2]
              Templin, F., "IPv4 Parcels and Advanced Jumbos (AJs)",
              Work in Progress, Internet-Draft, draft-templin-intarea-
              parcels2-15, 31 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-templin-
              intarea-parcels2-15>.

   [RFC0768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
              DOI 10.17487/RFC0768, August 1980,
              <https://www.rfc-editor.org/info/rfc768>.

   [RFC0791]  Postel, J., "Internet Protocol", STD 5, RFC 791,
              DOI 10.17487/RFC0791, September 1981,
              <https://www.rfc-editor.org/info/rfc791>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

Templin                   Expires 11 July 2025                [Page 137]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <https://www.rfc-editor.org/info/rfc2460>.

   [RFC2473]  Conta, A. and S. Deering, "Generic Packet Tunneling in
              IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473,
              December 1998, <https://www.rfc-editor.org/info/rfc2473>.

   [RFC3971]  Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander,
              "SEcure Neighbor Discovery (SEND)", RFC 3971,
              DOI 10.17487/RFC3971, March 2005,
              <https://www.rfc-editor.org/info/rfc3971>.

   [RFC4007]  Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and
              B. Zill, "IPv6 Scoped Address Architecture", RFC 4007,
              DOI 10.17487/RFC4007, March 2005,
              <https://www.rfc-editor.org/info/rfc4007>.

   [RFC4191]  Draves, R. and D. Thaler, "Default Router Preferences and
              More-Specific Routes", RFC 4191, DOI 10.17487/RFC4191,
              November 2005, <https://www.rfc-editor.org/info/rfc4191>.

   [RFC4193]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
              Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
              <https://www.rfc-editor.org/info/rfc4193>.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, DOI 10.17487/RFC4291, February
              2006, <https://www.rfc-editor.org/info/rfc4291>.

   [RFC4443]  Conta, A., Deering, S., and M. Gupta, Ed., "Internet
              Control Message Protocol (ICMPv6) for the Internet
              Protocol Version 6 (IPv6) Specification", STD 89,
              RFC 4443, DOI 10.17487/RFC4443, March 2006,
              <https://www.rfc-editor.org/info/rfc4443>.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              DOI 10.17487/RFC4861, September 2007,
              <https://www.rfc-editor.org/info/rfc4861>.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862,
              DOI 10.17487/RFC4862, September 2007,
              <https://www.rfc-editor.org/info/rfc4862>.

Templin                   Expires 11 July 2025                [Page 138]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC6088]  Tsirtsis, G., Giarreta, G., Soliman, H., and N. Montavont,
              "Traffic Selectors for Flow Bindings", RFC 6088,
              DOI 10.17487/RFC6088, January 2011,
              <https://www.rfc-editor.org/info/rfc6088>.

   [RFC6437]  Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
              "IPv6 Flow Label Specification", RFC 6437,
              DOI 10.17487/RFC6437, November 2011,
              <https://www.rfc-editor.org/info/rfc6437>.

   [RFC6438]  Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
              for Equal Cost Multipath Routing and Link Aggregation in
              Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011,
              <https://www.rfc-editor.org/info/rfc6438>.

   [RFC8028]  Baker, F. and B. Carpenter, "First-Hop Router Selection by
              Hosts in a Multi-Prefix Network", RFC 8028,
              DOI 10.17487/RFC8028, November 2016,
              <https://www.rfc-editor.org/info/rfc8028>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8200]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", STD 86, RFC 8200,
              DOI 10.17487/RFC8200, July 2017,
              <https://www.rfc-editor.org/info/rfc8200>.

   [RFC8201]  McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
              "Path MTU Discovery for IP version 6", STD 87, RFC 8201,
              DOI 10.17487/RFC8201, July 2017,
              <https://www.rfc-editor.org/info/rfc8201>.

   [RFC9268]  Hinden, R. and G. Fairhurst, "IPv6 Minimum Path MTU Hop-
              by-Hop Option", RFC 9268, DOI 10.17487/RFC9268, August
              2022, <https://www.rfc-editor.org/info/rfc9268>.

   [RFC9293]  Eddy, W., Ed., "Transmission Control Protocol (TCP)",
              STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022,
              <https://www.rfc-editor.org/info/rfc9293>.

26.2.  Informative References

   [ATN]      Maiolla, V., "The OMNI Interface - An IPv6 Air/Ground
              Interface for Civil Aviation, IETF Liaison Statement
              #1676, https://datatracker.ietf.org/liaison/1676/", 3
              March 2020.

Templin                   Expires 11 July 2025                [Page 139]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [ATN-IPS]  "ICAO Document 9896 (Manual on the Aeronautical
              Telecommunication Network (ATN) using Internet Protocol
              Suite (IPS) Standards and Protocol), Draft Edition 3
              (work-in-progress)", 10 December 2020.

   [CKSUM]    Stone, J., Greenwald, M., Partridge, C., and J. Hughes,
              "Performance of Checksums and CRC's Over Real Data, IEEE/
              ACM Transactions on Networking, Vol. 6, No. 5", October
              1998.

   [CRC]      Jain, R., "Error Characteristics of Fiber Distributed Data
              Interface (FDDI), IEEE Transactions on Communications",
              August 1990.

   [EUI]      "IEEE Guidelines for Use of Extended Unique Identifier
              (EUI), Organizationally Unique Identifier (OUI), and
              Company ID, https://standards.ieee.org/wp-
              content/uploads/import/documents/tutorials/eui.pdf", 3
              August 2017.

   [I-D.herbert-ipv4-eh]
              Herbert, T., "IPv4 Extension Headers and Flow Label", Work
              in Progress, Internet-Draft, draft-herbert-ipv4-eh-03, 22
              February 2024, <https://datatracker.ietf.org/doc/html/
              draft-herbert-ipv4-eh-03>.

   [I-D.ietf-6man-eh-limits]
              Herbert, T., "Limits on Sending and Processing IPv6
              Extension Headers", Work in Progress, Internet-Draft,
              draft-ietf-6man-eh-limits-18, 20 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-6man-eh-
              limits-18>.

   [I-D.ietf-6man-rfc6724-update]
              Buraglio, N., Chown, T., and J. Duncan, "Prioritizing
              known-local IPv6 ULAs through address selection policy",
              Work in Progress, Internet-Draft, draft-ietf-6man-rfc6724-
              update-15, 6 November 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-6man-
              rfc6724-update-15>.

   [I-D.ietf-intarea-tunnels]
              Touch, J. D. and M. Townsley, "IP Tunnels in the Internet
              Architecture", Work in Progress, Internet-Draft, draft-
              ietf-intarea-tunnels-14, 3 November 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-intarea-
              tunnels-14>.

Templin                   Expires 11 July 2025                [Page 140]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [I-D.ietf-tsvwg-udp-options]
              Touch, J. D. and C. M. Heard, "Transport Options for UDP",
              Work in Progress, Internet-Draft, draft-ietf-tsvwg-udp-
              options-38, 3 November 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-
              udp-options-38>.

   [I-D.ietf-v6ops-ula-usage-considerations]
              Jiang, S., Liu, B., and N. Buraglio, "Considerations For
              Using Unique Local Addresses", Work in Progress, Internet-
              Draft, draft-ietf-v6ops-ula-usage-considerations-05, 11
              December 2024, <https://datatracker.ietf.org/doc/html/
              draft-ietf-v6ops-ula-usage-considerations-05>.

   [I-D.perkins-manet-aodvv2]
              Perkins, C. E., Dowdell, J., Steenbrink, L., and V.
              Pritchard, "Ad Hoc On-demand Distance Vector Version 2
              (AODVv2) Routing", Work in Progress, Internet-Draft,
              draft-perkins-manet-aodvv2-05, 22 November 2024,
              <https://datatracker.ietf.org/doc/html/draft-perkins-
              manet-aodvv2-05>.

   [I-D.templin-6man-aero3]
              Templin, F., "Automatic Extended Route Optimization
              (AERO)", Work in Progress, Internet-Draft, draft-templin-
              6man-aero3-22, 31 December 2024,
              <https://datatracker.ietf.org/doc/html/draft-templin-6man-
              aero3-22>.

   [I-D.templin-6man-mla]
              Templin, F., "IPv6 Addresses for Ad Hoc Networks", Work in
              Progress, Internet-Draft, draft-templin-6man-mla-25, 24
              September 2024, <https://datatracker.ietf.org/doc/html/
              draft-templin-6man-mla-25>.

   [IEEE802.1AX]
              "Institute of Electrical and Electronics Engineers, Link
              Aggregation, IEEE Standard 802.1AX-2008,
              https://standards.ieee.org/ieee/802.1AX/6768/", 29 May
              2020.

   [IPV4-GUA] Postel, J., "IPv4 Address Space Registry,
              https://www.iana.org/assignments/ipv4-address-space/ipv4-
              address-space.xhtml", 14 December 2020.

Templin                   Expires 11 July 2025                [Page 141]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [IPV6-GUA] Postel, J., "IPv6 Global Unicast Address Assignments,
              https://www.iana.org/assignments/ipv6-unicast-address-
              assignments/ipv6-unicast-address-assignments.xhtml", 14
              December 2020.

   [RFC0863]  Postel, J., "Discard Protocol", STD 21, RFC 863,
              DOI 10.17487/RFC0863, May 1983,
              <https://www.rfc-editor.org/info/rfc863>.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
              November 1987, <https://www.rfc-editor.org/info/rfc1035>.

   [RFC1122]  Braden, R., Ed., "Requirements for Internet Hosts -
              Communication Layers", STD 3, RFC 1122,
              DOI 10.17487/RFC1122, October 1989,
              <https://www.rfc-editor.org/info/rfc1122>.

   [RFC1146]  Zweig, J. and C. Partridge, "TCP alternate checksum
              options", RFC 1146, DOI 10.17487/RFC1146, March 1990,
              <https://www.rfc-editor.org/info/rfc1146>.

   [RFC1149]  Waitzman, D., "Standard for the transmission of IP
              datagrams on avian carriers", RFC 1149,
              DOI 10.17487/RFC1149, April 1990,
              <https://www.rfc-editor.org/info/rfc1149>.

   [RFC1191]  Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
              DOI 10.17487/RFC1191, November 1990,
              <https://www.rfc-editor.org/info/rfc1191>.

   [RFC1256]  Deering, S., Ed., "ICMP Router Discovery Messages",
              RFC 1256, DOI 10.17487/RFC1256, September 1991,
              <https://www.rfc-editor.org/info/rfc1256>.

   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              <https://www.rfc-editor.org/info/rfc2104>.

   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
              RFC 2131, DOI 10.17487/RFC2131, March 1997,
              <https://www.rfc-editor.org/info/rfc2131>.

   [RFC2464]  Crawford, M., "Transmission of IPv6 Packets over Ethernet
              Networks", RFC 2464, DOI 10.17487/RFC2464, December 1998,
              <https://www.rfc-editor.org/info/rfc2464>.

Templin                   Expires 11 July 2025                [Page 142]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC2492]  Armitage, G., Schulter, P., and M. Jork, "IPv6 over ATM
              Networks", RFC 2492, DOI 10.17487/RFC2492, January 1999,
              <https://www.rfc-editor.org/info/rfc2492>.

   [RFC2675]  Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms",
              RFC 2675, DOI 10.17487/RFC2675, August 1999,
              <https://www.rfc-editor.org/info/rfc2675>.

   [RFC2863]  McCloghrie, K. and F. Kastenholz, "The Interfaces Group
              MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000,
              <https://www.rfc-editor.org/info/rfc2863>.

   [RFC2923]  Lahey, K., "TCP Problems with Path MTU Discovery",
              RFC 2923, DOI 10.17487/RFC2923, September 2000,
              <https://www.rfc-editor.org/info/rfc2923>.

   [RFC2983]  Black, D., "Differentiated Services and Tunnels",
              RFC 2983, DOI 10.17487/RFC2983, October 2000,
              <https://www.rfc-editor.org/info/rfc2983>.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, DOI 10.17487/RFC3056, February
              2001, <https://www.rfc-editor.org/info/rfc3056>.

   [RFC3068]  Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
              RFC 3068, DOI 10.17487/RFC3068, June 2001,
              <https://www.rfc-editor.org/info/rfc3068>.

   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
              of Explicit Congestion Notification (ECN) to IP",
              RFC 3168, DOI 10.17487/RFC3168, September 2001,
              <https://www.rfc-editor.org/info/rfc3168>.

   [RFC3330]  IANA, "Special-Use IPv4 Addresses", RFC 3330,
              DOI 10.17487/RFC3330, September 2002,
              <https://www.rfc-editor.org/info/rfc3330>.

   [RFC3366]  Fairhurst, G. and L. Wood, "Advice to link designers on
              link Automatic Repeat reQuest (ARQ)", BCP 62, RFC 3366,
              DOI 10.17487/RFC3366, August 2002,
              <https://www.rfc-editor.org/info/rfc3366>.

   [RFC3692]  Narten, T., "Assigning Experimental and Testing Numbers
              Considered Useful", BCP 82, RFC 3692,
              DOI 10.17487/RFC3692, January 2004,
              <https://www.rfc-editor.org/info/rfc3692>.

Templin                   Expires 11 July 2025                [Page 143]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC3810]  Vida, R., Ed. and L. Costa, Ed., "Multicast Listener
              Discovery Version 2 (MLDv2) for IPv6", RFC 3810,
              DOI 10.17487/RFC3810, June 2004,
              <https://www.rfc-editor.org/info/rfc3810>.

   [RFC3819]  Karn, P., Ed., Bormann, C., Fairhurst, G., Grossman, D.,
              Ludwig, R., Mahdavi, J., Montenegro, G., Touch, J., and L.
              Wood, "Advice for Internet Subnetwork Designers", BCP 89,
              RFC 3819, DOI 10.17487/RFC3819, July 2004,
              <https://www.rfc-editor.org/info/rfc3819>.

   [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
              Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
              December 2005, <https://www.rfc-editor.org/info/rfc4301>.

   [RFC4302]  Kent, S., "IP Authentication Header", RFC 4302,
              DOI 10.17487/RFC4302, December 2005,
              <https://www.rfc-editor.org/info/rfc4302>.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)",
              RFC 4303, DOI 10.17487/RFC4303, December 2005,
              <https://www.rfc-editor.org/info/rfc4303>.

   [RFC4380]  Huitema, C., "Teredo: Tunneling IPv6 over UDP through
              Network Address Translations (NATs)", RFC 4380,
              DOI 10.17487/RFC4380, February 2006,
              <https://www.rfc-editor.org/info/rfc4380>.

   [RFC4389]  Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
              Proxies (ND Proxy)", RFC 4389, DOI 10.17487/RFC4389, April
              2006, <https://www.rfc-editor.org/info/rfc4389>.

   [RFC4429]  Moore, N., "Optimistic Duplicate Address Detection (DAD)
              for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006,
              <https://www.rfc-editor.org/info/rfc4429>.

   [RFC4541]  Christensen, M., Kimball, K., and F. Solensky,
              "Considerations for Internet Group Management Protocol
              (IGMP) and Multicast Listener Discovery (MLD) Snooping
              Switches", RFC 4541, DOI 10.17487/RFC4541, May 2006,
              <https://www.rfc-editor.org/info/rfc4541>.

   [RFC4605]  Fenner, B., He, H., Haberman, B., and H. Sandick,
              "Internet Group Management Protocol (IGMP) / Multicast
              Listener Discovery (MLD)-Based Multicast Forwarding
              ("IGMP/MLD Proxying")", RFC 4605, DOI 10.17487/RFC4605,
              August 2006, <https://www.rfc-editor.org/info/rfc4605>.

Templin                   Expires 11 July 2025                [Page 144]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC4821]  Mathis, M. and J. Heffner, "Packetization Layer Path MTU
              Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
              <https://www.rfc-editor.org/info/rfc4821>.

   [RFC4963]  Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly
              Errors at High Data Rates", RFC 4963,
              DOI 10.17487/RFC4963, July 2007,
              <https://www.rfc-editor.org/info/rfc4963>.

   [RFC5213]  Gundavelli, S., Ed., Leung, K., Devarapalli, V.,
              Chowdhury, K., and B. Patil, "Proxy Mobile IPv6",
              RFC 5213, DOI 10.17487/RFC5213, August 2008,
              <https://www.rfc-editor.org/info/rfc5213>.

   [RFC5214]  Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
              Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
              DOI 10.17487/RFC5214, March 2008,
              <https://www.rfc-editor.org/info/rfc5214>.

   [RFC5237]  Arkko, J. and S. Bradner, "IANA Allocation Guidelines for
              the Protocol Field", BCP 37, RFC 5237,
              DOI 10.17487/RFC5237, February 2008,
              <https://www.rfc-editor.org/info/rfc5237>.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
              <https://www.rfc-editor.org/info/rfc5340>.

   [RFC5558]  Templin, F., Ed., "Virtual Enterprise Traversal (VET)",
              RFC 5558, DOI 10.17487/RFC5558, February 2010,
              <https://www.rfc-editor.org/info/rfc5558>.

   [RFC5614]  Ogier, R. and P. Spagnolo, "Mobile Ad Hoc Network (MANET)
              Extension of OSPF Using Connected Dominating Set (CDS)
              Flooding", RFC 5614, DOI 10.17487/RFC5614, August 2009,
              <https://www.rfc-editor.org/info/rfc5614>.

   [RFC5798]  Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP)
              Version 3 for IPv4 and IPv6", RFC 5798,
              DOI 10.17487/RFC5798, March 2010,
              <https://www.rfc-editor.org/info/rfc5798>.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
              (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
              <https://www.rfc-editor.org/info/rfc5880>.

Templin                   Expires 11 July 2025                [Page 145]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC5889]  Baccelli, E., Ed. and M. Townsley, Ed., "IP Addressing
              Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889,
              September 2010, <https://www.rfc-editor.org/info/rfc5889>.

   [RFC5942]  Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet
              Model: The Relationship between Links and Subnet
              Prefixes", RFC 5942, DOI 10.17487/RFC5942, July 2010,
              <https://www.rfc-editor.org/info/rfc5942>.

   [RFC6081]  Thaler, D., "Teredo Extensions", RFC 6081,
              DOI 10.17487/RFC6081, January 2011,
              <https://www.rfc-editor.org/info/rfc6081>.

   [RFC6145]  Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
              Algorithm", RFC 6145, DOI 10.17487/RFC6145, April 2011,
              <https://www.rfc-editor.org/info/rfc6145>.

   [RFC6146]  Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
              NAT64: Network Address and Protocol Translation from IPv6
              Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
              April 2011, <https://www.rfc-editor.org/info/rfc6146>.

   [RFC6147]  Bagnulo, M., Sullivan, A., Matthews, P., and I. van
              Beijnum, "DNS64: DNS Extensions for Network Address
              Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
              DOI 10.17487/RFC6147, April 2011,
              <https://www.rfc-editor.org/info/rfc6147>.

   [RFC6214]  Carpenter, B. and R. Hinden, "Adaptation of RFC 1149 for
              IPv6", RFC 6214, DOI 10.17487/RFC6214, April 2011,
              <https://www.rfc-editor.org/info/rfc6214>.

   [RFC6234]  Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
              (SHA and SHA-based HMAC and HKDF)", RFC 6234,
              DOI 10.17487/RFC6234, May 2011,
              <https://www.rfc-editor.org/info/rfc6234>.

   [RFC6247]  Eggert, L., "Moving the Undeployed TCP Extensions RFC
              1072, RFC 1106, RFC 1110, RFC 1145, RFC 1146, RFC 1379,
              RFC 1644, and RFC 1693 to Historic Status", RFC 6247,
              DOI 10.17487/RFC6247, May 2011,
              <https://www.rfc-editor.org/info/rfc6247>.

   [RFC6296]  Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
              Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011,
              <https://www.rfc-editor.org/info/rfc6296>.

Templin                   Expires 11 July 2025                [Page 146]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC6347]  Rescorla, E. and N. Modadugu, "Datagram Transport Layer
              Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
              January 2012, <https://www.rfc-editor.org/info/rfc6347>.

   [RFC6495]  Gagliano, R., Krishnan, S., and A. Kukec, "Subject Key
              Identifier (SKI) SEcure Neighbor Discovery (SEND) Name
              Type Fields", RFC 6495, DOI 10.17487/RFC6495, February
              2012, <https://www.rfc-editor.org/info/rfc6495>.

   [RFC6543]  Gundavelli, S., "Reserved IPv6 Interface Identifier for
              Proxy Mobile IPv6", RFC 6543, DOI 10.17487/RFC6543, May
              2012, <https://www.rfc-editor.org/info/rfc6543>.

   [RFC6706]  Templin, F., Ed., "Asymmetric Extended Route Optimization
              (AERO)", RFC 6706, DOI 10.17487/RFC6706, August 2012,
              <https://www.rfc-editor.org/info/rfc6706>.

   [RFC6724]  Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
              "Default Address Selection for Internet Protocol Version 6
              (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
              <https://www.rfc-editor.org/info/rfc6724>.

   [RFC6762]  Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
              DOI 10.17487/RFC6762, February 2013,
              <https://www.rfc-editor.org/info/rfc6762>.

   [RFC6890]  Cotton, M., Vegoda, L., Bonica, R., Ed., and B. Haberman,
              "Special-Purpose IP Address Registries", BCP 153,
              RFC 6890, DOI 10.17487/RFC6890, April 2013,
              <https://www.rfc-editor.org/info/rfc6890>.

   [RFC6935]  Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
              UDP Checksums for Tunneled Packets", RFC 6935,
              DOI 10.17487/RFC6935, April 2013,
              <https://www.rfc-editor.org/info/rfc6935>.

   [RFC6936]  Fairhurst, G. and M. Westerlund, "Applicability Statement
              for the Use of IPv6 UDP Datagrams with Zero Checksums",
              RFC 6936, DOI 10.17487/RFC6936, April 2013,
              <https://www.rfc-editor.org/info/rfc6936>.

   [RFC6980]  Gont, F., "Security Implications of IPv6 Fragmentation
              with IPv6 Neighbor Discovery", RFC 6980,
              DOI 10.17487/RFC6980, August 2013,
              <https://www.rfc-editor.org/info/rfc6980>.

Templin                   Expires 11 July 2025                [Page 147]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC7042]  Eastlake 3rd, D. and J. Abley, "IANA Considerations and
              IETF Protocol and Documentation Usage for IEEE 802
              Parameters", RFC 7042, DOI 10.17487/RFC7042, October 2013,
              <https://www.rfc-editor.org/info/rfc7042>.

   [RFC7094]  McPherson, D., Oran, D., Thaler, D., and E. Osterweil,
              "Architectural Considerations of IP Anycast", RFC 7094,
              DOI 10.17487/RFC7094, January 2014,
              <https://www.rfc-editor.org/info/rfc7094>.

   [RFC7181]  Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg,
              "The Optimized Link State Routing Protocol Version 2",
              RFC 7181, DOI 10.17487/RFC7181, April 2014,
              <https://www.rfc-editor.org/info/rfc7181>.

   [RFC7217]  Gont, F., "A Method for Generating Semantically Opaque
              Interface Identifiers with IPv6 Stateless Address
              Autoconfiguration (SLAAC)", RFC 7217,
              DOI 10.17487/RFC7217, April 2014,
              <https://www.rfc-editor.org/info/rfc7217>.

   [RFC7296]  Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
              Kivinen, "Internet Key Exchange Protocol Version 2
              (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
              2014, <https://www.rfc-editor.org/info/rfc7296>.

   [RFC7343]  Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay
              Routable Cryptographic Hash Identifiers Version 2
              (ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September
              2014, <https://www.rfc-editor.org/info/rfc7343>.

   [RFC7401]  Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
              Henderson, "Host Identity Protocol Version 2 (HIPv2)",
              RFC 7401, DOI 10.17487/RFC7401, April 2015,
              <https://www.rfc-editor.org/info/rfc7401>.

   [RFC7421]  Carpenter, B., Ed., Chown, T., Gont, F., Jiang, S.,
              Petrescu, A., and A. Yourtchenko, "Analysis of the 64-bit
              Boundary in IPv6 Addressing", RFC 7421,
              DOI 10.17487/RFC7421, January 2015,
              <https://www.rfc-editor.org/info/rfc7421>.

   [RFC7542]  DeKok, A., "The Network Access Identifier", RFC 7542,
              DOI 10.17487/RFC7542, May 2015,
              <https://www.rfc-editor.org/info/rfc7542>.

Templin                   Expires 11 July 2025                [Page 148]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC7739]  Gont, F., "Security Implications of Predictable Fragment
              Identification Values", RFC 7739, DOI 10.17487/RFC7739,
              February 2016, <https://www.rfc-editor.org/info/rfc7739>.

   [RFC7761]  Fenner, B., Handley, M., Holbrook, H., Kouvelas, I.,
              Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent
              Multicast - Sparse Mode (PIM-SM): Protocol Specification
              (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March
              2016, <https://www.rfc-editor.org/info/rfc7761>.

   [RFC7847]  Melia, T., Ed. and S. Gundavelli, Ed., "Logical-Interface
              Support for IP Hosts with Multi-Access Support", RFC 7847,
              DOI 10.17487/RFC7847, May 2016,
              <https://www.rfc-editor.org/info/rfc7847>.

   [RFC8032]  Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
              Signature Algorithm (EdDSA)", RFC 8032,
              DOI 10.17487/RFC8032, January 2017,
              <https://www.rfc-editor.org/info/rfc8032>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

   [RFC8402]  Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
              Decraene, B., Litkowski, S., and R. Shakir, "Segment
              Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
              July 2018, <https://www.rfc-editor.org/info/rfc8402>.

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/info/rfc8446>.

   [RFC8726]  Farrel, A., "How Requests for IANA Action Will Be Handled
              on the Independent Stream", RFC 8726,
              DOI 10.17487/RFC8726, November 2020,
              <https://www.rfc-editor.org/info/rfc8726>.

   [RFC8799]  Carpenter, B. and B. Liu, "Limited Domains and Internet
              Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
              <https://www.rfc-editor.org/info/rfc8799>.

   [RFC8892]  Thaler, D. and D. Romascanu, "Guidelines and Registration
              Procedures for Interface Types and Tunnel Types",
              RFC 8892, DOI 10.17487/RFC8892, August 2020,
              <https://www.rfc-editor.org/info/rfc8892>.

Templin                   Expires 11 July 2025                [Page 149]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   [RFC8899]  Fairhurst, G., Jones, T., Tüxen, M., Rüngeler, I., and T.
              Völker, "Packetization Layer Path MTU Discovery for
              Datagram Transports", RFC 8899, DOI 10.17487/RFC8899,
              September 2020, <https://www.rfc-editor.org/info/rfc8899>.

   [RFC8900]  Bonica, R., Baker, F., Huston, G., Hinden, R., Troan, O.,
              and F. Gont, "IP Fragmentation Considered Fragile",
              BCP 230, RFC 8900, DOI 10.17487/RFC8900, September 2020,
              <https://www.rfc-editor.org/info/rfc8900>.

   [RFC8928]  Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik,
              "Address-Protected Neighbor Discovery for Low-Power and
              Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November
              2020, <https://www.rfc-editor.org/info/rfc8928>.

   [RFC8981]  Gont, F., Krishnan, S., Narten, T., and R. Draves,
              "Temporary Address Extensions for Stateless Address
              Autoconfiguration in IPv6", RFC 8981,
              DOI 10.17487/RFC8981, February 2021,
              <https://www.rfc-editor.org/info/rfc8981>.

   [RFC9000]  Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
              Multiplexed and Secure Transport", RFC 9000,
              DOI 10.17487/RFC9000, May 2021,
              <https://www.rfc-editor.org/info/rfc9000>.

   [RFC9001]  Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
              QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
              <https://www.rfc-editor.org/info/rfc9001>.

   [RFC9002]  Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection
              and Congestion Control", RFC 9002, DOI 10.17487/RFC9002,
              May 2021, <https://www.rfc-editor.org/info/rfc9002>.

   [RFC9365]  Jeong, J., Ed., "IPv6 Wireless Access in Vehicular
              Environments (IPWAVE): Problem Statement and Use Cases",
              RFC 9365, DOI 10.17487/RFC9365, March 2023,
              <https://www.rfc-editor.org/info/rfc9365>.

   [RFC9374]  Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov,
              "DRIP Entity Tag (DET) for Unmanned Aircraft System Remote
              ID (UAS RID)", RFC 9374, DOI 10.17487/RFC9374, March 2023,
              <https://www.rfc-editor.org/info/rfc9374>.

   [RFC9562]  Davis, K., Peabody, B., and P. Leach, "Universally Unique
              IDentifiers (UUIDs)", RFC 9562, DOI 10.17487/RFC9562, May
              2024, <https://www.rfc-editor.org/info/rfc9562>.

Templin                   Expires 11 July 2025                [Page 150]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

Appendix A.  IPv4 Reassembly Checksum Algorithm

   The IPv4 reassembly checksum algorithm adopts the 8-bit Fletcher
   algorithm specified in Appendix I of [RFC1146] as also analyzed in
   [CKSUM].  [RFC6247] declared [RFC1146] historic for the reason that
   the algorithms had never seen widespread use with TCP, however this
   document adopts the 8-bit Fletcher algorithm for a different purpose.
   Quoting from Appendix I of [RFC1146], the IPv4 Fragmentation Checksum
   Algorithm proceeds as follows:

      "The 8-bit Fletcher Checksum Algorithm is calculated over a
      sequence of data octets (call them D[1] through D[N]) by
      maintaining 2 unsigned 1's-complement 8-bit accumulators A and B
      whose contents are initially zero, and performing the following
      loop where i ranges from 1 to N:

         A := A + D[i]

         B := B + A

      It can be shown that at the end of the loop A will contain the
      8-bit 1's complement sum of all octets in the datagram, and that B
      will contain (N)D[1] + (N-1)D[2] + ... + D[N]."

   To calculate the IPv4 reassembly checksum, the above algorithm is
   applied over the N-octets of the L2-encapsulated OAL packet/fragment
   body beginning immediately after the L2 encapsulation header(s).

Appendix B.  OMNI Routing Header Processing

   Section 4.4 of the now-obsolete previous IPv6 specification [RFC2460]
   included detailed procedures for the processing of IPv6 addresses in
   Routing Header, Type 0 (RH0).  These same procedures apply exactly
   for the OMNI Routing Header (ORH) defined in this document.  The
   procedures are as follows:

   "A Routing header is not examined or processed until it reaches the
   node identified in the Destination Address field of the IPv6 header.
   In that node, dispatching on the Next Header field of the immediately
   preceding header causes the Routing header module to be invoked,
   which, in the case of Routing Type 0, performs the following
   algorithm:

Templin                   Expires 11 July 2025                [Page 151]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

     if Segments Left = 0 {
        proceed to process the next header in the packet, whose type is
        identified by the Next Header field in the Routing header
     }
     else if Hdr Ext Len is odd {
           send an ICMP Parameter Problem, Code 0, message to the Source
           Address, pointing to the Hdr Ext Len field, and discard the
           packet
     }
     else {
        compute n, the number of addresses in the Routing header, by
        dividing Hdr Ext Len by 2

        if Segments Left is greater than n {
           send an ICMP Parameter Problem, Code 0, message to the Source
           Address, pointing to the Segments Left field, and discard the
           packet
        }
        else {
           decrement Segments Left by 1;
           compute i, the index of the next address to be visited in
           the address vector, by subtracting Segments Left from n

           if Address [i] or the IPv6 Destination Address is multicast {
              discard the packet
           }
           else {
              swap the IPv6 Destination Address and Address[i]

              if the IPv6 Hop Limit is less than or equal to 1 {
                 send an ICMP Time Exceeded -- Hop Limit Exceeded in
                 Transit message to the Source Address and discard the
                 packet
              }
              else {
                 decrement the Hop Limit by 1

                 resubmit the packet to the IPv6 module for transmission
                 to the new destination
              }
           }
        }
     }

                                Figure 52

Templin                   Expires 11 July 2025                [Page 152]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   As an example of the effects of the above algorithm, consider the
   case of a source node S sending a packet to destination node D, using
   a Routing header to cause the packet to be routed via intermediate
   nodes I1 and I2.  The values of the relevant IPv6 header and Routing
   header fields on each segment of the delivery path would be as
   follows:

      As the packet travels from S to I1:

           Source Address = S                  Hdr Ext Len = 4
           Destination Address = I1            Segments Left = 2
                                               Address[1] = I2
                                               Address[2] = D

      As the packet travels from I1 to I2:

           Source Address = S                  Hdr Ext Len = 4
           Destination Address = I2            Segments Left = 1
                                               Address[1] = I1
                                               Address[2] = D

      As the packet travels from I2 to D:

           Source Address = S                  Hdr Ext Len = 4
           Destination Address = D             Segments Left = 0
                                               Address[1] = I1
                                               Address[2] = I2"

                                 Figure 53

Appendix C.  IPv6 Compatible Addresses

   Section 2.5.5.1 of [RFC4291] defines an "IPv4-Compatible IPv6
   Address" with the following structure:

     |                80 bits               | 16 |      32 bits        |
     +--------------------------------------+----+---------------------+
     |0000..............................0000|0000|    IPv4 address     |
     +--------------------------------------+----+---------------------+

                 Figure 54: IPv4-Compatible IPv6 Address

   Although [RFC4291] deprecates the address format from its former use
   in IPv6 transition mechanisms, this document now assigns new uses and
   therefore updates [RFC4291].

Templin                   Expires 11 July 2025                [Page 153]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   When an IPv4-Compatible IPv6 address appears in a packet sent over
   the wire, the most significant 96 bits are 0 and the least
   significant 32 bits include an IPv4 address as shown above.

   When the address format is used for temporary local address
   conversions to IPv6, however, it can also be used to represent EUI-48
   and EUI-64 addresses as shown below:

     |                80 bits               |          48 bits         |
     +--------------------------------------+--------------------------+
     |0000..............................0000|      EUI-48 address      |
     +--------------------------------------+--------------------------+

     |             64 bits            |             64 bits            |
     +--------------------------------+--------------------------------+
     |0000........................0000|         EUI-64 address         |
     +--------------------------------+--------------------------------+

             Figure 55: EUI-[48/64] Compatible IPv6 Addresses

   The above EUI-48 and EUI-64 compatible IPv6 forms MAY be used for
   temporary local address conversions, such as when converting EUI
   addresses to IPv6 to support IPv6 fragmentation/reassembly.  The
   address forms MUST NOT appear in the IPv6 headers of packets sent
   over the wire, however they MAY appear in the body of a packet if
   also accompanied by a Type designator.

Appendix D.  IPv6 ND Message Authentication and Integrity

   OMNI interface IPv6 ND messages are subject to authentication and
   integrity checks at multiple levels.  When an OMNI interface sends an
   IPv6 ND message over an INET interface, it includes an authentication
   sub-option with a valid signature if necessary and always includes
   both an IPv6 ND message checksum and an OMNI option checksum.  The
   OMNI interface that receives the message verifies the OMNI option
   checksum followed by the authentication signature (if present) to
   ensure IPv6 ND message integrity and authenticity.  (The network
   layer will then verify the IPv6 ND message checksum following OAL
   processing.)

   When an OMNI interface sends an IPv6 ND message over an underlay
   interface connected to a secured network, it omits authentication
   (sub-)options but always calculates/includes the IPv6 ND message and
   OMNI option checksums.  When an OMNI interface sends an IPv6 ND
   message over an underlay interface connected to an unsecured network,
   it first includes an OMNI authentication sub-option and calculates
   the signature beginning with the IPv6 ND message header checksum
   field and extending to the end of the entire (composite) packet with

Templin                   Expires 11 July 2025                [Page 154]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   the OMNI option checksum and authentication signature fields set to
   0.  The OMNI interface next writes the signature into the signature
   field, then calculates the OMNI option checksum as above.

   The OMNI interface that receives the message applies any link layer
   authentication and integrity checks, then verifies the OMNI option
   checksum.  If the checks are correct, the OMNI interface next
   verifies the authentication signature.  The OMNI interface then
   delivers the IPv6 ND message to the network layer only if the OMNI
   option checksum and authentication signature were correct.

   OAL destinations also discard carrier packets with unacceptable
   Identifications and submit the encapsulated fragments in all others
   for reassembly.  The reassembly algorithm rejects any fragments with
   unacceptable sizes, offsets, etc. and reassembles all others.  During
   reassembly, the extended Identification value provides an integrity
   assurance vector that compliments any integrity checks already
   applied by lower layers as well as a first-pass filter for any checks
   that will be applied later by upper layers.

Appendix E.  VDL Mode 2 Considerations

   ICAO Doc 9776 is the "Technical Manual for VHF Data Link Mode 2"
   (VDLM2) that specifies an essential radio frequency data link service
   for aircraft and ground stations in worldwide civil aviation air
   traffic management.  The VDLM2 link type is "multicast capable"
   [RFC4861], but with considerable differences from common multicast
   links such as Ethernet and IEEE 802.11.

   First, the VDLM2 link data rate is only 31.5Kbps - multiple orders of
   magnitude less than most modern wireless networking gear.  Second,
   due to the low available link bandwidth only VDLM2 ground stations
   (i.e., and not aircraft) are permitted to send broadcasts, and even
   so only as compact link layer "beacons".  Third, aircraft employ the
   services of ground stations by performing unicast RS/RA exchanges
   upon receipt of beacons instead of listening for multicast RA
   messages and/or sending multicast RS messages.

   This beacon-oriented unicast RS/RA approach is necessary to conserve
   the already-scarce available link bandwidth.  Moreover, since the
   numbers of beaconing ground stations operating within a given spatial
   range must be kept as sparse as possible, it would not be feasible to
   have different classes of ground stations within the same region
   observing different protocols.  It is therefore highly desirable that
   all ground stations observe a common language of RS/RA as specified
   in this document.

Templin                   Expires 11 July 2025                [Page 155]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Note that links of this nature may benefit from compression
   techniques that reduce the bandwidth necessary for conveying the same
   amount of data.  The IETF lpwan working group is considering possible
   alternatives: [https://datatracker.ietf.org/wg/lpwan/documents].

Appendix F.  Client-Proxy/Server Isolation Through Link-Layer Address
             Mapping

   Per [RFC4861], IPv6 ND messages may be sent to either a multicast or
   unicast link-scoped IPv6 destination address.  However, IPv6 ND
   messaging should be coordinated between the Client and Proxy/Server
   only without invoking other nodes on the underlay network.  This
   implies that Client-Proxy/Server control messaging should be isolated
   and not overheard by other nodes on the link.

   To support Client-Proxy/Server isolation on some links, Proxy/Servers
   can maintain an OMNI-specific unicast link layer address ("MSADDR").
   For Ethernet-compatible links, this specification reserves one
   Ethernet unicast address TBD5 (see: IANA Considerations).  For non-
   Ethernet statically-addressed links MSADDR is reserved per the
   assigned numbers authority for the link layer addressing space.  For
   still other links, MSADDR may be dynamically discovered through other
   means, e.g., link layer beacons.

   Clients map the L3 addresses of all IPv6 ND messages they send (i.e.,
   both multicast and unicast) to MSADDR instead of to an ordinary
   unicast or multicast link layer address.  In this way, all of the
   Client's IPv6 ND messages will be received by Proxy/Servers that are
   configured to accept carrier packets destined to MSADDR.  Note that
   multiple Proxy/Servers on the link could be configured to accept
   carrier packets destined to MSADDR, e.g., as a basis for supporting
   redundancy.

   Therefore, Proxy/Servers must accept and process carrier packets
   destined to MSADDR, while all other devices must not process carrier
   packets destined to MSADDR.  This model has well-established
   operational experience in Proxy Mobile IPv6 (PMIP)
   [RFC5213][RFC6543].

Appendix G.  IPv6 ND Virtual Interface Model

   The OMNI interface linkage between the network and adaptation layers
   described in this document is based on a virtual Ethernet interface
   abstraction in a point-to-multipoint configuration.  The abstraction
   allows the network layer and adaptation layer to exchange packets via
   a virtual Ethernet as though the network layer represents a singular
   host on one end of the link communicating with a multitude of host
   entities at the adaptation layer on the other end.  This allows the

Templin                   Expires 11 July 2025                [Page 156]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   network layer to manage the OMNI interface according to standard IPv6
   ND procedures including address resolution, neighbor unreachability
   detection, duplicate address detection, router discovery and
   multicast listener discovery.

   In an alternative arrangement, the adaptation layer could also
   emulate a singular host instead of multiple and the virtual link
   appears as point-to-point.  In this model, the network layer
   configures a static permanent neighbor cache entry for a fictitious
   hardware address that represents the adaptation layer side of the
   virtual link.  The network layer then forwards all IP packets to this
   singular adaptation layer neighbor address, and the OMNI interface
   internally assumes the role of performing all IPv6 ND coordination
   with external peers without network layer intervention.

   While this document is written from the perspective of the point-to-
   multipoint model, implementations are free to use the point-to-point
   model as an alternative.  Note that it is not required for all nodes
   on the OMNI link to engage the same model as long as the external
   appearance of IPv6 ND messages over interconnecting networks is
   consistent.

Appendix H.  Change Log

   << RFC Editor - remove prior to publication >>

   Differences from earlier versions:

   Draft -24 to -26
      *  OMNI option trailing length and checksum clarified.

      *  Clarified DHCPv6 message option protocol.

   Draft -23 to -24
      *  Updated sections on parcels and AJs to better match changes to
         their base specifications.

      *  New Node ID sub-option encoding to better match DHCPv6 options.

      *  Reference updates.

   Draft -22 to -23
      *  Updated IANA considerations based on IANA early review input.

      *  Added specification for OMNI Routing Header.

      *  Clarified that LLA Interface Identifiers are based on EUI-64.

Templin                   Expires 11 July 2025                [Page 157]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

      *  Readjusted OMNI option length and checksum.

   Draft -20 to -22
      *  OMNI option is now an OAL encapsulation trailer and not an
         actual IPv6 ND option.

      *  Exactly one OMNI option must appear in each OMNI-encapsulated
         IPv6 ND message.

      *  Added Timestamp and Nonce sub-options for OMNI.

   Draft -19 to -20
      *  Clarifications on address mapping.

      *  "super-packet" renamed as "composite packet".

   Draft -18 to -19
      *  S/TLLAO and MLA/LLA address mapping specified.

      *  LLA usage in OMNI interface IPv6 ND messages now functions
         exactly as specified in [RFC4861].

   Draft -17 to -18
      *  MLAs now locally specified, with informative reference only.

   Draft -16 to -17
      *  Link-Local Address mapping for OMNI interfaces explained.

   Draft -15 to -16
      *  Changed to make S/TLLAO and OMNI option mutually exclusive.
         When the network layer prepares an IPv6 ND message it includes
         only an S/TLLAO and no OMNI option.  When the adaptation layer
         prepares or forwards an IPv6 ND message, it includes only an
         OMNI option and no S/TLLAO.

   Draft -14 to -15
      *  Introduced virtual Ethernet model for driving OMNI interface
         from IP layer IPv6 ND messaging.  This allows the IP layer to
         interact with the OMNI interface as an ordinary IP interface
         instead of an embedded virtual router.

   Draft -13 to -14
      *  Clarified roles of OMNI interface Destination/Neighbor caches.

Author's Address

Templin                   Expires 11 July 2025                [Page 158]
Internet-Draft          IPv6 over OMNI Interfaces           January 2025

   Fred L. Templin (editor)
   The Boeing Company
   P.O. Box 3707
   Seattle, WA 98124
   United States of America
   Email: fltemplin@acm.org

Templin                   Expires 11 July 2025                [Page 159]