📄 rfc1933.txt
字号:
hostnames into addresses. A new resource record type named "AAAA"
has been defined for IPv6 addresses [6]. Since IPv6/IPv4 nodes must
be able to interoperate directly with both IPv4 and IPv6 nodes, they
must provide resolver libraries capable of dealing with IPv4 "A"
records as well as IPv6 "AAAA" records.
3.2.1. Handling Records for IPv4-Compatible Addresses
When an IPv4-compatible IPv6 addresses is assigned to an IPv6/IPv4
host that supports automatic tunneling, both A and AAAA records are
listed in the DNS. The AAAA record holds the full IPv4-compatible
IPv6 address, while the A record holds the low-order 32-bits of that
address. The AAAA record is needed so that queries by IPv6 hosts can
be satisfied. The A record is needed so that queries by IPv4-only
hosts, whose resolver libraries only support the A record type, will
locate the host.
DNS resolver libraries on IPv6/IPv4 nodes must be capable of handling
both AAAA and A records. However, when a query locates an AAAA
record holding an IPv4-compatible IPv6 address, and an A record
holding the corresponding IPv4 address, the resolver library need not
necessarily return both addresses. It has three options:
Gilligan & Nordmark Standards Track [Page 6]
RFC 1933 IPv6 Transition Mechanisms April 1996
- Return only the IPv6 address to the application.
- Return only the IPv4 address to the application.
- Return both addresses to the application.
The selection of which address type to return in this case, or, if
both addresses are returned, in which order they are listed, can
affect what type of IP traffic is generated. If the IPv6 address is
returned, the node will communicate with that destination using IPv6
packets (in most cases encapsulated in IPv4); If the IPv4 address is
returned, the communication will use IPv4 packets.
The way that DNS resolver implementations handle redundant records
for IPv4-compatible addresses may depend on whether that
implementation supports automatic tunneling, or whether it is
enabled. For example, an implementation that does not support
automatic tunneling would not return IPv4-compatible IPv6 addresses
to applications because those destinations are generally only
reachable via tunneling. On the other hand, those implementations in
which automatic tunneling is supported and enabled may elect to
return only the IPv4-compatible IPv6 address and not the IPv4
address.
4. IPv6-over-IPv4 Tunneling
In most deployment scenarios, the IPv6 routing infrastructure will be
built up over time. While the IPv6 infrastructure is being deployed,
the existing IPv4 routing infrastructure can remain functional, and
can be used to carry IPv6 traffic. Tunneling provides a way to
utilize an existing IPv4 routing infrastructure to carry IPv6
traffic.
IPv6/IPv4 hosts and routers can tunnel IPv6 datagrams over regions of
IPv4 routing topology by encapsulating them within IPv4 packets.
Tunneling can be used in a variety of ways:
- Router-to-Router. IPv6/IPv4 routers interconnected by an IPv4
infrastructure can tunnel IPv6 packets between themselves. In
this case, the tunnel spans one segment of the end-to-end path
that the IPv6 packet takes.
- Host-to-Router. IPv6/IPv4 hosts can tunnel IPv6 packets to an
intermediary IPv6/IPv4 router that is reachable via an IPv4
infrastructure. This type of tunnel spans the first segment
of the packet's end-to-end path.
Gilligan & Nordmark Standards Track [Page 7]
RFC 1933 IPv6 Transition Mechanisms April 1996
- Host-to-Host. IPv6/IPv4 hosts that are interconnected by an
IPv4 infrastructure can tunnel IPv6 packets between
themselves. In this case, the tunnel spans the entire
end-to-end path that the packet takes.
- Router-to-Host. IPv6/IPv4 routers can tunnel IPv6 packets to
their final destination IPv6/IPv4 host. This tunnel spans
only the last segment of the end-to-end path.
Tunneling techniques are usually classified according to the
mechanism by which the encapsulating node determines the address of
the node at the end of the tunnel. In the first two tunneling
methods listed above -- router-to-router and host-to-router -- the
IPv6 packet is being tunneled to a router. The endpoint of this type
of tunnel is an intermediary router which must decapsulate the IPv6
packet and forward it on to its final destination. When tunneling to
a router, the endpoint of the tunnel is different from the
destination of the packet being tunneled. So the addresses in the
IPv6 packet being tunneled do not provide the IPv4 address of the
tunnel endpoint. Instead, the tunnel endpoint address must be
determined from configuration information on the node performing the
tunneling. We use the term "configured tunneling" to describe the
type of tunneling where the endpoint is explicitly configured.
In the last two tunneling methods -- host-to-host and router-to-host
-- the IPv6 packet is tunneled all the way to its final destination.
The tunnel endpoint is the node to which the IPv6 packet is
addressed. Since the endpoint of the tunnel is the destination of
the IPv6 packet, the tunnel endpoint can be determined from the
destination IPv6 address of that packet: If that address is an IPv4-
compatible address, then the low-order 32-bits hold the IPv4 address
of the destination node, and that can be used as the tunnel endpoint
address. This technique avoids the need to explicitly configure the
tunnel endpoint address. Deriving the tunnel endpoint address from
the embedded IPv4 address of the packet's IPv6 address is termed
"automatic tunneling".
The two tunneling techniques -- automatic and configured -- differ
primarily in how they determine the tunnel endpoint address. Most of
the underlying mechanisms are the same:
- The entry node of the tunnel (the encapsulating node) creates an
encapsulating IPv4 header and transmits the encapsulated packet.
- The exit node of the tunnel (the decapsulating node) receives
the encapsulated packet, removes the IPv4 header, updates the
IPv6 header, and processes the received IPv6 packet.
Gilligan & Nordmark Standards Track [Page 8]
RFC 1933 IPv6 Transition Mechanisms April 1996
- The encapsulating node may need to maintain soft state
information for each tunnel recording such parameters as the MTU
of the tunnel in order to process IPv6 packets forwarded into
the tunnel. Since the number of tunnels that any one host or
router may be using may grow to be quite large, this state
information can be cached and discarded when not in use.
The next section discusses the common mechanisms that apply to both
types of tunneling. Subsequent sections discuss how the tunnel
endpoint address is determined for automatic and configured
tunneling.
4.1. Common Tunneling Mechanisms
The encapsulation of an IPv6 datagram in IPv4 is shown below:
+-------------+
| IPv4 |
| Header |
+-------------+ +-------------+
| IPv6 | | IPv6 |
| Header | | Header |
+-------------+ +-------------+
| Transport | | Transport |
| Layer | ===> | Layer |
| Header | | Header |
+-------------+ +-------------+
| | | |
~ Data ~ ~ Data ~
| | | |
+-------------+ +-------------+
Encapsulating IPv6 in IPv4
In addition to adding an IPv4 header, the encapsulating node also has
to handle some more complex issues:
- Determine when to fragment and when to report an ICMP "packet
too big" error back to the source.
- How to reflect IPv4 ICMP errors from routers along the tunnel
path back to the source as IPv6 ICMP errors.
Those issues are discussed in the following sections.
Gilligan & Nordmark Standards Track [Page 9]
RFC 1933 IPv6 Transition Mechanisms April 1996
4.1.1. Tunnel MTU and Fragmentation
The encapsulating node could view encapsulation as IPv6 using IPv4 as
a link layer with a very large MTU (65535-20 bytes to be exact; 20
bytes "extra" are needed for the encapsulating IPv4 header). The
encapsulating node would need only to report IPv6 ICMP "packet too
big" errors back to the source for packets that exceed this MTU.
However, such a scheme would be inefficient for two reasons:
1) It would result in more fragmentation than needed. IPv4 layer
fragmentation should be avoided due to the performance problems
caused by the loss unit being smaller than the retransmission
unit [11].
2) Any IPv4 fragmentation occurring inside the tunnel would have to
be reassembled at the tunnel endpoint. For tunnels that
terminate at a router, this would require additional memory to
reassemble the IPv4 fragments into a complete IPv6 packet before
that packet could be forwarded onward.
The fragmentation inside the tunnel can be reduced to a minimum by
having the encapsulating node track the IPv4 Path MTU across the
tunnel, using the IPv4 Path MTU Discovery Protocol [8] and recording
the resulting path MTU. The IPv6 layer in the encapsulating node can
then view a tunnel as a link layer with an MTU equal to the IPv4 path
MTU, minus the size of the encapsulating IPv4 header.
Note that this does not completely eliminate IPv4 fragmentation in
the case when the IPv4 path MTU would result in an IPv6 MTU less than
576 bytes. (Any link layer used by IPv6 has to have an MTU of at
least 576 bytes [4].) In this case the IPv6 layer has to "see" a link
layer with an MTU of 576 bytes and the encapsulating node has to use
IPv4 fragmentation in order to forward the 576 byte IPv6 packets.
The encapsulating node can employ the following algorithm to
determine when to forward an IPv6 packet that is larger than the
tunnel's path MTU using IPv4 fragmentation, and when to return an
IPv6 ICMP "packet too big" message:
if (IPv4 path MTU - 20) is less than or equal to 576
if packet is larger than 576 bytes
Send IPv6 ICMP "packet too big" with MTU = 576.
Drop packet.
else
Encapsulate but do not set the Don't Fragment
flag in the IPv4 header. The resulting IPv4
packet might be fragmented by the IPv4 layer on
the encapsulating node or by some router along
Gilligan & Nordmark Standards Track [Page 10]
RFC 1933 IPv6 Transition Mechanisms April 1996
the IPv4 path.
endif
else
if packet is larger than (IPv4 path MTU - 20)
Send IPv6 ICMP "packet too big" with
MTU = (IPv4 path MTU - 20).
Drop packet.
else
Encapsulate and set the Don't Fragment flag
in the IPv4 header.
endif
endif
Encapsulating nodes that have a large number of tunnels might not be
able to store the IPv4 Path MTU for all tunnels. Such nodes can, at
the expense of additional fragmentation in the network, avoid using
the IPv4 Path MTU algorithm across the tunnel and instead use the MTU
of the link layer (under IPv4) in the above algorithm instead of the
IPv4 path MTU.
In this case the Don't Fragment bit must not be set in the
encapsulating IPv4 header.
4.1.2. Hop Limit
IPv6-over-IPv4 tunnels are modeled as "single-hop". That is, the
IPv6 hop limit is decremented by 1 when an IPv6 packet traverses the
tunnel. The single-hop model serves to hide the existence of a
tunnel. The tunnel is opaque to users of the network, and is not
detectable by network diagnostic tools such as traceroute.
The single-hop model is implemented by having the encapsulating and
decapsulating nodes process the IPv6 hop limit field as they would if
they were forwarding a packet on to any other datalink. That is,
they decrement the hop limit by 1 when forwarding an IPv6 packet.
(The originating node and final destination do not decrement the hop
limit.)
The TTL of the encapsulating IPv4 header is selected in an
implementation dependent manner. The current suggested value is
published in the "Assigned Numbers RFC. Implementations may provide
a mechanism to allow the administrator to configure the IPv4 TTL.
4.1.3. Handling IPv4 ICMP errors
In response to encapsulated packets it has sent into the tunnel, the
encapsulating node may receive IPv4 ICMP error messages from IPv4
routers inside the tunnel. These packets are addressed to the
Gilligan & Nordmark Standards Track [Page 11]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -