📄 rfc2473.txt
字号:
the tunnel header immediately preceding the original packet in the ICMP message payload. From here the processing depends on the protocol of the original packet:Conta & Deering Standards Track [Page 24]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 (a) - for an IPv6 original packet Fig.7 path #3 and Fig.8 (c.1)- for an IPv6 original packet, the ICMPv6 error report builds an ICMP message of a type and code according to the "internal error code", containing the "original packet" as ICMP payload. Fig.7 path #4 and Fig.8 (d.1)- The ICMP message has the tunnel entry-point node address as source address, and the original packet source node address as destination address. The tunnel entry-point node sends the ICMP message to the source node of the original packet. (b) - for an IPv4 original packet Fig.7 path #5 and Fig.8 (c.2) - for an IPv4 original packet, the ICMPv4 error report builds an ICMP message of a type and code derived from the the "internal error code", containing the "original packet" as ICMP payload. Fig.7 path #6 and Fig.8 (d.2) - The ICMP message has the tunnel entry-point node IPv4 address as source address, and the original packet IPv4 source node address as destination address. The tunnel entry-point node sends the ICMP message to the source node of the original packet. A graphical description of the header processing taking place is the following:Conta & Deering Standards Track [Page 25]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 < Tunnel Packet > +--------+- - - - - -+--------+------------------------------//------+ | IPv6 | IPv6 | ICMP | Tunnel |(a)| | Extension | | IPv6 | | Header | Headers | Header | Packet in error | +--------+- - - - - -+--------+------------------------------//------+ < Tunnel Headers > < Tunnel ICMP Message > < ICMPv6 Message Payload > | v < Tunnel ICMP Message > < Tunnel IPv6 Packet in Error > +--------+ +---------+ +----------+--------//------+ | ICMP | | Tunnel | | Original | Original |(b) | | + | IPv6 | + | | Packet | | Header | | Headers | | Headers | Payload | +--------+ +---------+ +----------+--------//------+ | <Original Packet in Error > ----------------- | | | --------------|--------------- | | V V +---------+ +--------+ +-------------------//------+ | New | | ICMP | | |(c.1) | IPv6 | + | | + | Orig. Packet in Error | | Headers | | Header | | | +---------+ +--------+ +-------------------//------+ | v +---------+--------+-------------------//------+ | New | ICMP | Original |(d.1) | IPv6 | | | | Headers | Header | Packet in Error | +---------+--------+-------------------//------+ < New ICMP Message >Conta & Deering Standards Track [Page 26]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 or for an IPv4 original packet +---------+ +--------+ +-------------------//------+ | New | | ICMP | | |(c.2) | IPv4 | + | | + | Orig. Packet in Error | | Header | | Header | | | +---------+ +--------+ +-------------------//------+ | v +---------+--------+-------------------//------+ | New | ICMP | Original |(d.2) | IPv4 | | | | Header | Header | Packet in Error | +---------+--------+-------------------//------+ < New ICMP Message > Fig.8 ICMP Error Reporting and Processing8.1 Tunnel ICMP Messages The tunnel ICMP messages that are reported to the source of the original packet are: hop limit exceeded The tunnel has a misconfigured hop limit, or contains a routing loop, and packets do not reach the tunnel exit- point node. This problem is reported to the tunnel entry- point node, where the tunnel hop limit can be reconfigured to a higher value. The problem is further reported to the source of the original packet as described in section 8.2, or 8.3. unreachable node One of the nodes in the tunnel is not or is no longer reachable. This problem is reported to the tunnel entry- point node, which should be reconfigured with a valid and active path between the entry and exit-point of the tunnel. The problem is further reported to the source of the original packet as described in section 8.2, or 8.3. parameter problem A Parameter Problem ICMP message pointing to a valid Tunnel Encapsulation Limit Destination header with a Tun Encap Lim field value set to one is an indication that the tunnelConta & Deering Standards Track [Page 27]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 packet exceeded the maximum number of encapsulations allowed. The problem is further reported to the source of the original packet as described in section 8.2, or 8.3. The above three problems detected inside the tunnel, which are a tunnel configuration and a tunnel topology problem, are reported to the source of the original IPv6 packet, as a tunnel generic "unreachable" problem caused by a "link problem" - see section 8.2 and 8.3. packet too big The tunnel packet exceeds the tunnel Path MTU. The information carried by this type of ICMP message is used as follows: - by a receiving tunnel entry-point node to set or adjust the tunnel MTU - by a sending tunnel entry-point node to indicate to the source of an original packet the MTU size that should be used in sending IPv6 packets towards the tunnel entry-point node.8.2 ICMP Messages for IPv6 Original Packets The tunnel entry-point node builds the ICMP and IPv6 headers of the ICMP message that is sent to the source of the original packet as follows: IPv6 Fields: Source Address A valid unicast IPv6 address of the outgoing interface. Destination Address Copied from the Source Address field of the Original IPv6 header. ICMP Fields: For any of the following tunnel ICMP error messages: "hop limit exceeded"Conta & Deering Standards Track [Page 28]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 "unreachable node" "parameter problem" - pointing to a valid Tunnel Encapsulation Limit destination header with the Tun Encap Lim field set to a value zero: Type 1 - unreachable node Code 3 - address unreachable For tunnel ICMP error message "packet too big": Type 2 - packet too big Code 0 MTU The MTU field from the tunnel ICMP message minus the length of the tunnel headers. According to the general rules described in 7.1, an ICMP "packet too big" message is sent to the source of the original packet only if the original packet size is larger than the minimum link MTU size required for IPv6 [IPv6-Spec].8.3 ICMP Messages for IPv4 Original Packets The tunnel entry-point node builds the ICMP and IPv4 header of the ICMP message that is sent to the source of the original packet as follows: IPv4 Fields: Source Address A valid unicast IPv4 address of the outgoing interface. Destination Address Copied from the Source Address field of the Original IPv4 header. ICMP Fields: For any of the following tunnel ICMP error messages: "hop limit exceeded"Conta & Deering Standards Track [Page 29]
RFC 2473 Generic Packet Tunneling in IPv6 December 1998 "unreachable node" "parameter problem" - pointing to a valid Tunnel Enacpsulation Limit destination header with the Tun Encap Lim field set to a value zero: Type 3 - destination unreachable Code 1 - host unreachable For a tunnel ICMP error message "packet too big": Type 3 - destination unreachable Code 4 - packet too big MTU The MTU field from the tunnel ICMP message minus the length of the tunnel headers. According to the general rules described in section 7.2, an ICMP "packet too big" message is sent to the original IPv4 packet source node if the the original IPv4 header has the DF - don't fragment - bit flag SET.8.4 ICMP Messages for Nested Tunnel Packets In case of an error uncovered with a nested tunnel packet, the inner tunnel entry-point, which receives the ICMP error message from the inner tunnel reporting node, relays the ICMP message to the outer tunnel entry-point following the mechanisms described in sections 8.,8.1, 8.2, and 8.3. Further, the outer tunnel entry-point relays the ICMP message to the source of the original packet, following the same mechanisms.9. Security Considerations An IPv6 tunnel can be secured by securing the IPv6 path between the tunnel entry-point and exit-point node. The security architecture, mechanisms, and services are described in [RFC2401], [RFC2402], and [RFC24⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -