Internet Engineering Task Force (IETF) D. Smith
Request for Comments: 6178 J. Mullooly
Updates: 3031 Cisco Systems
Category: Standards Track W. Jaeger
ISSN: 2070-1721 AT&T
T. Scholl
nLayer Communications
March 2011
Label Edge Router Forwarding of IPv4 Option Packets
Abstract
This document specifies how Label Edge Routers (LERs) should behave
when determining whether to MPLS encapsulate an IPv4 packet with
header options. Lack of a formal standard has resulted in different
LER forwarding behaviors for IPv4 packets with header options despite
being associated with a prefix-based Forwarding Equivalence Class
(FEC). IPv4 option packets that belong to a prefix-based FEC, yet
are forwarded into an IPv4/MPLS network without being MPLS-
encapsulated, present a security risk against the MPLS
infrastructure. Further, LERs that are unable to MPLS encapsulate
IPv4 packets with header options cannot operate in certain MPLS
environments. While this newly defined LER behavior is mandatory to
implement, it is optional to invoke.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6178.
Smith, et al. Standards Track [Page 1]RFC 6178 LER Forwarding of IPv4 Option Packets March 2011Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Motivation ......................................................2
2. Introduction ....................................................2
3. Specification of Requirements ...................................4
4. Ingress Label Edge Router Requirement ...........................4
5. Security Considerations .........................................5
5.1. IPv4 Option Packets That Bypass MPLS Encapsulation .........5
5.2. Router Alert Label Imposition ..............................7
6. Acknowledgements ................................................7
7. References ......................................................7
7.1. Normative References .......................................7
7.2. Informative References .....................................8
1. Motivation
This document is motivated by the need to formalize MPLS
encapsulation processing of IPv4 packets with header options in order
to mitigate the existing risks of IPv4 options-based security attacks
against MPLS infrastructures. We believe that this document adds
details that have not been fully addressed in [RFC3031] and
[RFC3032], and that the methods presented in this document update
[RFC3031] as well as complement [RFC3270], [RFC3443], and [RFC4950].
2. Introduction
The IPv4 packet header provides for various IPv4 options as
originally specified in [RFC791]. IPv4 header options are used to
enable control functions within the IPv4 data forwarding plane that
are required in some specific situations but not necessary for most
common IPv4 communications. Typical IPv4 header options include
Smith, et al. Standards Track [Page 2]RFC 6178 LER Forwarding of IPv4 Option Packets March 2011
provisions for timestamps, security, and special routing. Example
datatracker.ietf.org