Independent Submission R. Despres, Ed.
Request for Comments: 6751 RD-IPtech
Category: Experimental B. Carpenter
ISSN: 2070-1721 Univ. of Auckland
D. Wing
Cisco
S. Jiang
Huawei Technologies Co., Ltd.
October 2012
Independent Submission R. Despres, Ed.
Request for Comments: 6751 RD-IPtech
Category: Experimental B. Carpenter
ISSN: 2070-1721 Univ. of Auckland
D. Wing
Cisco
S. Jiang
Huawei Technologies Co., Ltd.
October 2012
Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment (6a44)
IPv4到IPv4 NAT客户场所设备(6a44)背后的本机IPv6
Abstract
摘要
In customer sites having IPv4-only Customer Premises Equipment (CPE), Teredo (RFC 4380, RFC 5991, RFC 6081) provides last-resort IPv6 connectivity. However, because it is designed to work without the involvement of Internet Service Providers, it has significant limitations (connectivity between IPv6 native addresses and Teredo addresses is uncertain; connectivity between Teredo addresses fails for some combinations of NAT types). 6a44 is a complementary solution that, being based on ISP cooperation, avoids these limitations. At the beginning of 6a44 IPv6 addresses, it replaces the Teredo well-known prefix, present at the beginning of Teredo IPv6 addresses, with network-specific /48 prefixes assigned by local ISPs (an evolution similar to that from 6to4 to 6rd (IPv6 Rapid Deployment on IPv4 Infrastructures)). The specification is expected to be complete enough for running code to be independently written and the solution to be incrementally deployed and used.
在只有IPv4的客户场所设备(CPE)的客户站点中,Teredo(RFC 4380、RFC 5991、RFC 6081)提供了最后的IPv6连接。但是,由于它的设计目的是在没有互联网服务提供商参与的情况下工作,因此它有很大的局限性(IPv6本机地址和Teredo地址之间的连接不确定;对于某些NAT类型的组合,Teredo地址之间的连接失败)。6a44是一种基于ISP合作的补充解决方案,可避免这些限制。在6a44 IPv6地址的开头,它用本地ISP分配的网络特定/48前缀替换Teredo IPv6地址开头的Teredo众所周知的前缀(类似于从6to4到6rd(IPv4基础设施上的IPv6快速部署))。该规范应该足够完整,可以独立编写运行的代码,并且可以增量部署和使用解决方案。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation.
本文件不是互联网标准跟踪规范;它是为检查、实验实施和评估而发布的。
This document defines an Experimental Protocol for the Internet community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文档为互联网社区定义了一个实验协议。这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6751.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6751.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction ....................................................3
2. Requirements Language ...........................................5
3. Definitions .....................................................5
4. Design Goals, Requirements, and Model of Operation ..............7
4.1. Hypotheses about NAT Behavior ..............................7
4.2. Native IPv6 Connectivity for Unmanaged Hosts behind
NAT44s .....................................................7
4.3. Operational Requirements ...................................8
4.4. Model of Operation .........................................9
5. 6a44 Addresses .................................................12
6. Specification of Clients and Relays ............................14
6.1. Packet Formats ............................................14
6.2. IPv6 Packet Encapsulations ................................14
6.3. 6a44 Bubbles ..............................................14
6.4. MTU Considerations ........................................16
6.5. 6a44 Client Specification .................................16
6.5.1. Tunnel Maintenance .................................16
6.5.2. Client Transmission ................................19
6.5.3. Client Reception ...................................20
6.6. 6a44 Relay Specification ..................................23
6.6.1. Relay Reception in IPv6 ............................23
6.6.2. Relay Reception in IPv4 ............................24
6.7. Implementation of Automatic Sunset ........................26
7. Security Considerations ........................................26
8. IANA Considerations ............................................30
9. Acknowledgments ................................................30
10. References ....................................................30
10.1. Normative References .....................................30
10.2. Informative References ...................................31
1. Introduction ....................................................3
2. Requirements Language ...........................................5
3. Definitions .....................................................5
4. Design Goals, Requirements, and Model of Operation ..............7
4.1. Hypotheses about NAT Behavior ..............................7
4.2. Native IPv6 Connectivity for Unmanaged Hosts behind
NAT44s .....................................................7
4.3. Operational Requirements ...................................8
4.4. Model of Operation .........................................9
5. 6a44 Addresses .................................................12
6. Specification of Clients and Relays ............................14
6.1. Packet Formats ............................................14
6.2. IPv6 Packet Encapsulations ................................14
6.3. 6a44 Bubbles ..............................................14
6.4. MTU Considerations ........................................16
6.5. 6a44 Client Specification .................................16
6.5.1. Tunnel Maintenance .................................16
6.5.2. Client Transmission ................................19
6.5.3. Client Reception ...................................20
6.6. 6a44 Relay Specification ..................................23
6.6.1. Relay Reception in IPv6 ............................23
6.6.2. Relay Reception in IPv4 ............................24
6.7. Implementation of Automatic Sunset ........................26
7. Security Considerations ........................................26
8. IANA Considerations ............................................30
9. Acknowledgments ................................................30
10. References ....................................................30
10.1. Normative References .....................................30
10.2. Informative References ...................................31
Although most Customer Premises Equipment (CPE) should soon be dual-stack capable, a large installed base of IPv4-only CPEs is likely to remain for several years. Their operation is based on IPv4-to-IPv4 NATs (NAT44s). Also, due to the IPv4 address shortage, more and more Internet Service Providers (ISPs), and more and more mobile operators, will assign private IPv4 addresses ([RFC1918]) to their customers (the [NAT444] model). For rapid and extensive use of IPv6 [RFC2460], there is therefore a need for IPv6 connectivity behind NAT44s, including those of the [NAT444] model.
尽管大多数客户场所设备(CPE)不久将具备双栈功能,但大量只安装IPv4的CPE可能会持续几年。它们的操作基于IPv4到IPv4 NAT(NAT44)。此外,由于IPv4地址短缺,越来越多的互联网服务提供商(ISP)和越来越多的移动运营商将向其客户分配专用IPv4地址([RFC1918])([NAT444]模式)。为了快速和广泛地使用IPv6[RFC2460],因此需要在NAT44后面实现IPv6连接,包括[NAT444]模型的连接。
At the moment, there are two tunneling techniques specified for IPv6 connectivity behind NAT44s:
目前,为NAT44背后的IPv6连接指定了两种隧道技术:
o Configured tunnels. These involve tunnel brokers with which users must register [RFC3053]. Well-known examples include deployments of the Hexago tool, and the SixXS collaboration, which are suitable for IPv6 early trials. However, this approach is not adequate for mass deployment: it imposes the restriction that even if two hosts are in the same customer site, IPv6 packets between them must transit via tunnel servers, which may be far away.
o 配置的隧道。这些涉及用户必须注册的隧道代理[RFC3053]。众所周知的例子包括Hexago工具的部署和SixXS协作,它们适合IPv6早期试用。但是,这种方法不适合大规模部署:它施加了一个限制,即即使两台主机位于同一客户站点,它们之间的IPv6数据包也必须通过可能很远的隧道服务器传输。
o Automatic Teredo tunnels [RFC4380] [RFC5991]. Teredo is specified as a last-resort solution that, due to its objective to work without local ISP involvement, has the following limitations:
o 自动Teredo隧道[RFC4380][RFC5991]。Teredo被指定为最后解决方案,由于其目标是在没有本地ISP参与的情况下工作,因此具有以下限制:
* Connectivity between IPv6 native addresses and Teredo addresses is uncertain. (As explained in [RFC4380] Section 8.3, this connectivity depends on paths being available from all IPv6 native addresses to some Teredo relays. ISPs lack sufficient motivations to ensure it.)
* IPv6本机地址和Teredo地址之间的连接不确定。(如[RFC4380]第8.3节所述,这种连接取决于从所有IPv6本机地址到某些Teredo中继的可用路径。ISP缺乏足够的动机来确保这种连接。)
* Between two Teredo addresses, IPv6 connectivity fails for some combinations of NAT44 types ([RFC6081] Section 3).
* 在两个Teredo地址之间,NAT44类型的某些组合的IPv6连接失败([RFC6081]第3节)。
* According to [RFC4380] Section 5.2, each Teredo host has to be configured with the IPv4 address of a Teredo server (a constraint that can, however, be avoided in some implementations).
* 根据[RFC4380]第5.2节,每个Teredo主机必须配置Teredo服务器的IPv4地址(但在某些实现中可以避免这一限制)。
6a44 is designed to avoid Teredo limitations: with 6a44, ISPs can participate in the solution. The approach for this is similar to the approach that permitted 6rd [RFC5569] [RFC5969] to avoid the limitations of 6to4 [RFC3056] [RFC3068]: at the beginning of IPv6 addresses, the Teredo well-known prefix is replaced by network-specific prefixes assigned by local ISPs.
6a44旨在避免Teredo限制:有了6a44,ISP可以参与解决方案。这种方法类似于允许第六方[RFC5569][RFC5969]避免6to4[RFC3056][RFC3068]限制的方法:在IPv6地址的开头,Teredo众所周知的前缀被本地ISP分配的网络特定前缀所取代。
This document is organized as follows: terms used in the document are defined in Section 3; design goals and model of operation are presented in Section 4; Section 5 describes the format of 6a44 IPv6 addresses; Section 6 specifies in detail the behaviors of 6a44 clients and 6a44 relays; security and IANA considerations are covered in Sections 7 and 8, respectively.
本文件的组织结构如下:第3节定义了本文件中使用的术语;第4节介绍了设计目标和运行模式;第5节描述了6a44 IPv6地址的格式;第6节详细规定了6a44客户机和6a44继电器的行为;第7节和第8节分别介绍了安全和IANA考虑因素。
This specification is expected to be complete enough for running code to be independently written and the solution to be incrementally deployed and used. Its status is Experimental rather than Standards Track, to reflect uncertainty as to which major Internet players may be willing to support it.
该规范应该足够完整,可以独立编写运行代码,并增量部署和使用解决方案。它的地位是实验性的,而不是标准轨道,以反映主要互联网参与者可能愿意支持它的不确定性。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
The following definitions are used in this document:
本文件中使用了以下定义:
MAJOR NEW DEFINITIONS
主要新定义
6a44 ISP network: An IPv4-capable ISP network that supports at least one 6a44 relay. Additional conditions are that it assigns individual IPv4 addresses to its customer sites (global or private), that it supports ingress filtering [RFC2827], and that its path MTUs are at least 1308 octets.
6a44 ISP网络:支持IPv4的ISP网络,至少支持一个6a44中继。附加条件是,它将单个IPv4地址分配给其客户站点(全局或专用),支持入口过滤[RFC2827],并且其路径MTU至少为1308个八位字节。
6a44 relay: A node that supports the 6a44 relay function defined in this document and that has interfaces to an IPv6-capable upstream network and to an IPv4-capable downstream network.
6a44中继:支持本文档中定义的6a44中继功能的节点,具有与支持IPv6的上游网络和支持IPv4的下游网络的接口。
6a44 client: A host that supports the 6a44 client function defined in this document and has no means other than 6a44 to have an IPv6 native address.
6a44客户机:支持本文档中定义的6a44客户机功能的主机,除6a44外,没有其他方式具有IPv6本机地址。
6a44 tunnel: A tunnel established and maintained between a 6a44 client and 6a44 relays of its ISP network.
6a44隧道:在6a44客户端和ISP网络的6a44中继之间建立和维护的隧道。
6a44 bubble: A UDP/IPv4 packet sent from a 6a44 client to the 6a44-relay address, or vice versa, and having a UDP payload that cannot be confused with an IPv6 packet. In the client-to-relay direction, it is a request for a response bubble. In the relay-to-client direction, it conveys the up-to-date IPv6 prefix of the client.
6a44气泡:从6a44客户端发送到6a44中继地址的UDP/IPv4数据包,反之亦然,并且具有不能与IPv6数据包混淆的UDP有效负载。在客户端到中继的方向上,这是一个响应气泡的请求。在中继到客户端的方向上,它传递客户端的最新IPv6前缀。
SECONDARY NEW DEFINITIONS
二级新定义
(This list is for reference and can be skipped by readers familiar with the usual terminology.)
(此列表仅供参考,熟悉常用术语的读者可以跳过。)
6a44 service: The service offered by a 6a44 ISP network to its 6a44 clients.
6a44服务:由6a44 ISP网络向其6a44客户端提供的服务。
6a44-client IPv6 address: The IPv6 address of a 6a44 client. It is composed of the client IPv6 prefix, received from a 6a44 relay, followed by the client local IPv4 address.
6a44客户端IPv6地址:6a44客户端的IPv6地址。它由客户机IPv6前缀(从6a44中继接收)和客户机本地IPv4地址组成。
6a44-client IPv6 prefix: For a 6a44 client, the IPv6 prefix (/96) composed of the IPv6 prefix of the local 6a44 network (/48) followed by the UDP/IPv4 mapped address of the client (32 + 16 bits).
6a44客户端IPv6前缀:对于6a44客户端,IPv6前缀(/96)由本地6a44网络的IPv6前缀(/48)和客户端的UDP/IPv4映射地址(32+16位)组成。
6a44-client UDP/IPv4 mapped address: For a 6a44 client, the external UDP/IPv4 address that, in the CPE NAT44 of the site, is that of its 6a44 tunnel.
6a44客户端UDP/IPv4映射地址:对于6a44客户端,在站点的CPE NAT44中为其6a44隧道的外部UDP/IPv4地址。
6a44-client UDP/IPv4 local address: For a 6a44 client, the combination of its local IPv4 address and the 6a44 port.
6a44客户端UDP/IPv4本地地址:对于6a44客户端,其本地IPv4地址和6a44端口的组合。
6a44 port: UDP port 1027, reserved by IANA for 6a44 (see Section 8).
6a44端口:IANA为6a44保留的UDP端口1027(见第8节)。
6a44-relay UDP/IPv4 address: The UDP/IPv4 address composed of the 6a44-relay anycast address and the 6a44 port.
6a44中继UDP/IPv4地址:由6a44中继选播地址和6a44端口组成的UDP/IPv4地址。
6a44-relay anycast address: IPv4 anycast address 192.88.99.2, reserved by IANA for 6a44 (see Section 8).
6a44中继选播地址:IPv4选播地址192.88.99.2,IANA为6a44保留(见第8节)。
6a44-network IPv6 prefix: An IPv6 /48 prefix assigned by an ISP to a 6a44 network.
6a44网络IPv6前缀:ISP分配给6a44网络的IPv6/48前缀。
USUAL DEFINITIONS
常用定义
(This list is for reference and can be skipped by readers familiar with the usual terminology.)
(此列表仅供参考,熟悉常用术语的读者可以跳过。)
Upstream direction: For a network border node, the direction toward the Internet core.
上行方向:对于网络边界节点,指向互联网核心的方向。
Downstream direction: For a network border node, the direction toward end-user nodes (opposite to the upstream direction).
下游方向:对于网络边界节点,指向最终用户节点的方向(与上游方向相反)。
IPv4 private address: An address that starts with one of the three [RFC1918] prefixes (10/8, 172.16/12, or 192.168/16).
IPv4专用地址:以三个[RFC1918]前缀之一(10/8、172.16/12或192.168/16)开头的地址。
IPv6 native address: An IPv6 global unicast address that starts with an aggregatable prefix assigned to an ISP.
IPv6本机地址:以分配给ISP的可聚合前缀开头的IPv6全局单播地址。
UDP/IPv4 address: The combination of an IPv4 address and a UDP port.
UDP/IPv4地址:IPv4地址和UDP端口的组合。
UDP/IPv4 packet: A UDP datagram contained in an IPv4 packet.
UDP/IPv4数据包:包含在IPv4数据包中的UDP数据报。
IPv6/UDP/IPv4 packet: An IPv6 packet contained in a UDP/IPv4 packet.
IPv6/UDP/IPv4数据包:UDP/IPv4数据包中包含的IPv6数据包。
6a44 is designed to work with NAT44 behaviors identified in Section 3 of [RFC6081]. In particular, it has to work with endpoint-dependent mappings as well as with endpoint-independent mappings, including cases where there are dynamic changes from one mode to the other.
6a44设计用于[RFC6081]第3节中确定的NAT44行为。特别是,它必须处理端点相关映射以及端点无关映射,包括从一种模式到另一种模式的动态更改。
The only assumption is that, after a mapping has been established in the NAT44, it is maintained as long as it is reused at least once, in each direction, every 30 seconds.
唯一的假设是,在NAT44中建立映射后,只要在每个方向上每30秒至少重复使用一次,就可以保持映射。
NOTE: 30 seconds is the value used for the same mapping-maintenance purpose in Teredo [RFC4380] and in SIP [RFC5626].
注:30秒是Teredo[RFC4380]和SIP[RFC5626]中用于相同映射维护目的的值。
The objective remains that, as soon as possible, CPEs and ISPs support IPv6 native prefixes. 6a44 is therefore designed only as a temporary solution for hosts to obtain IPv6 native addresses in sites whose CPEs are not IPv6 capable yet.
目标仍然是,CPE和ISP尽快支持IPv6本机前缀。因此,6a44仅被设计为一种临时解决方案,用于主机在其CPE尚不支持IPv6的站点中获取IPv6本机地址。
As noted in Section 1, IPv6 native addresses obtainable with configured tunnels have important limitations. However, compared to 6a44 addresses, they have the advantage of remaining unchanged in the case of NAT44 reset. 6a44 therefore remains the last-resort solution for IPv6 native addresses in unmanaged hosts of IPv4-only-CPE sites, while configured tunnels may still be preferred for some managed hosts if reported limitations of configured tunnels are judged to be acceptable. As their scopes are different, the two solutions can usefully coexist.
如第1节所述,可通过配置的隧道获得的IPv6本机地址具有重要的限制。然而,与6a44地址相比,它们的优点是在NAT44复位的情况下保持不变。因此,6a44仍然是仅IPv4的CPE站点的非托管主机中IPv6本机地址的最后解决方案,而对于某些托管主机,如果所报告的已配置隧道的限制被判断为可接受,则配置隧道可能仍然是首选。由于它们的范围不同,这两种解决方案可以有效地共存。
Note that Teredo remains a last-resort solution for hosts to have IPv6 addresses where IPv6 native addresses cannot be made available (and where Teredo limitations are judged to be acceptable).
请注意,Teredo仍然是在无法提供IPv6本机地址(并且Teredo限制被认为是可接受的)的情况下使用IPv6地址的主机的最后解决方案。
Operational requirements of 6a44 include the following:
6a44的操作要求包括以下内容:
Robust IPv6 connectivity: A node having a 6a44 address must have paths across the Internet to and from all IPv6 native addresses that are not subject to voluntary firewall filtering.
强健的IPv6连接:具有6a44地址的节点必须在Internet上具有与所有IPv6本机地址之间的路径,这些地址不受自愿防火墙过滤的约束。
Intra-site path efficiency: Packets exchanged between 6a44 clients that are behind the same CPE NAT44 must not have to traverse it. If these clients have IPv4 connectivity using their private IPv4 addresses, they must also have IPv6 connectivity using their 6a44 addresses.
站点内路径效率:在同一CPE NAT44后面的6a44客户端之间交换的数据包不必遍历它。如果这些客户端使用其专用IPv4地址具有IPv4连接,则它们还必须使用其6a44地址具有IPv6连接。
Plug-and-play operation of 6a44 clients: In order to obtain a 6a44 address from its local ISP, a 6a44 client must need no parameter configuration.
6a44客户端的即插即用操作:为了从本地ISP获取6a44地址,6a44客户端必须无需参数配置。
Scalability of ISP functions: For the solution to be easily scalable, ISP-supported functions have to be completely stateless.
ISP功能的可扩展性:要使解决方案易于扩展,ISP支持的功能必须是完全无状态的。
Anti-spoofing protection: Where address anti-spoofing is ensured in IPv4 with ingress filtering [RFC2827] [RFC3704], IPv6 addresses must benefit from the same degree of anti-spoofing protection.
反欺骗保护:在IPv4中通过入口过滤[RFC2827][RFC3704]确保地址反欺骗的情况下,IPv6地址必须受益于相同程度的反欺骗保护。
Overall operational simplicity: To paraphrase what Antoine de Saint-Exupery said in [TheTool], "it seems that perfection is attained not when there is nothing more to add, but when there is nothing more to remove".
整体操作简单:套用Antoine de Saint Exupery在[工具]中所说的话,“似乎完美不是在没有更多可添加的情况下实现的,而是在没有更多可删除的情况下实现的”。
Incremental deployability: Hosts and ISP networks must be able to become 6a44 capable independently of each other. IPv6 must be operational where both are available, and there must be no perceptible effect where they are not both available.
增量部署能力:主机和ISP网络必须能够独立地成为6a44。IPv6必须在两者都可用的情况下运行,并且在两者都不可用的情况下不得产生明显的影响。
Operation of 6a44 involves two types of nodes: 6a44 clients and 6a44 relays. Figure 1 shows the two applicability scenarios:
6a44的操作涉及两种类型的节点:6a44客户端和6a44中继。图1显示了两种适用性场景:
o In the first one, IPv4 addresses assigned to customer sites are global IPv4.
o 在第一种情况下,分配给客户站点的IPv4地址是全局IPv4地址。
o In the second one, they are private IPv4 addresses (the [NAT444] model, where ISPs operate one or several NAT44s, also called Carrier-Grade NATs (CGNs)).
o 在第二种情况下,它们是专用IPv4地址(即[NAT444]模型,其中ISP操作一个或多个NAT44,也称为载波级NAT(CGN))。
(A) GLOBAL IPv4 ISP NETWORK
+------------------+
6a44 customer network(s) |GLOBAL IPv4 | Upstream
+-----------+ ---| MTU >= 1308 +--- IPv4 network
---| Private | | ingress filtering| (<== no route
+----+ | IPv4 +-----+ | IPv6 optional | to 6a44 relays)
| |-----| |NAT44|----+ |
+----+ | +-----+ | +-------------+
6a44 ---|MTU >= 1308| | --+6a44 relay(s)|--- Upstream
client(s) | no | ---| +-------------+ IPv6 network
|native IPv6| | |
+-----------+ +------------------+
(A) GLOBAL IPv4 ISP NETWORK
+------------------+
6a44 customer network(s) |GLOBAL IPv4 | Upstream
+-----------+ ---| MTU >= 1308 +--- IPv4 network
---| Private | | ingress filtering| (<== no route
+----+ | IPv4 +-----+ | IPv6 optional | to 6a44 relays)
| |-----| |NAT44|----+ |
+----+ | +-----+ | +-------------+
6a44 ---|MTU >= 1308| | --+6a44 relay(s)|--- Upstream
client(s) | no | ---| +-------------+ IPv6 network
|native IPv6| | |
+-----------+ +------------------+
(B) PRIVATE IPv4 ISP NETWORK
+------------------+
|PRIVATE IPv4 |
| as above |
---| |
| +--------------+
| --+ ISP NAT44(s) |--- Upstream
as above ----+ +--------------+ IPv4 network
| |
| +--------------+
---| --+6a44 relay(s) |--- Upstream
| +--------------+ IPv6 network
| |
+------------------+
(B) PRIVATE IPv4 ISP NETWORK
+------------------+
|PRIVATE IPv4 |
| as above |
---| |
| +--------------+
| --+ ISP NAT44(s) |--- Upstream
as above ----+ +--------------+ IPv4 network
| |
| +--------------+
---| --+6a44 relay(s) |--- Upstream
| +--------------+ IPv6 network
| |
+------------------+
Figure 1: 6a44 Applicability Scenarios
图1:6a44适用性场景
In both configurations, the ISP network may also assign IPv6 prefixes to customer sites:
在这两种配置中,ISP网络还可以向客户站点分配IPv6前缀:
o If customer sites are only assigned IPv4 addresses (IPv6 prefix available neither natively nor with any tunnel), 6a44 applies not only to sites whose CPEs are IPv4-only capable but also to those whose CPEs are dual-stack capable.
o 如果客户站点仅分配了IPv4地址(IPv6前缀既不是本机可用的,也不是任何隧道可用的),则6a44不仅适用于其CPE仅支持IPv4的站点,也适用于其CPE支持双堆栈的站点。
o If customer sites are assigned both IPv4 addresses and IPv6 prefixes, 6a44 only applies to sites whose CPEs are IPv4-only capable.
o 如果为客户站点分配了IPv4地址和IPv6前缀,则6a44仅适用于CPE仅支持IPv4的站点。
Figure 2 illustrates paths of IPv6 packets between a 6a44 client, A, and various possible locations of remote hosts (E in the same site, F in another 6a44 site of the same ISP, G in a non-6a44 IPv6 site of the same ISP, D in an IPv6 site of another ISP). Between 6a44 clients of a same site, IPv6 packets are encapsulated in IPv4 packets. Those between 6a44 clients and 6a44 relays are encapsulated in UDP/IPv4 packets.
图2说明了6a44客户端、a和远程主机的各种可能位置(E在同一站点,F在同一ISP的另一6a44站点,G在同一ISP的非6a44 IPv6站点,D在另一ISP的IPv6站点)之间的IPv6数据包路径。在同一站点的6a44客户端之间,IPv6数据包封装在IPv4数据包中。6a44客户端和6a44中继之间的数据包封装在UDP/IPv4数据包中。
6a44 operates as follows (details in Section 6):
6a44的操作如下(详情见第6节):
1. A 6a44 client starts operation by sending a 6a44 bubble to the 6a44-relay UDP/IPv4 address.
1. 6a44客户端通过向6a44中继UDP/IPv4地址发送6a44气泡来启动操作。
2. When a 6a44 relay receives a bubble from one of its 6a44 clients, it returns to this client a bubble containing the IPv6 prefix of this client.
2. 当6a44中继从其一个6a44客户端接收到气泡时,它将向该客户端返回一个包含该客户端IPv6前缀的气泡。
3. When a 6a44 client receives a bubble from a 6a44 relay, it updates (or confirms) its 6a44 address. It is an update if the client has no IPv6 address yet or if, due to a CPE reset, this address has changed. After receiving a bubble, a client is ready to start, or to continue, IPv6 operation.
3. 当6a44客户端从6a44中继接收到气泡时,它会更新(或确认)其6a44地址。如果客户端还没有IPv6地址,或者由于CPE重置,此地址已更改,则这是一个更新。接收到气泡后,客户端准备启动或继续IPv6操作。
4. When a 6a44 client having a 6a44 address has an IPv6 packet to send whose destination IS in the same customer site, it encapsulates it in an IPv4 packet whose destination is found in the IPv6 destination address. It then sends the resulting IPv6/ IPv4 packet.
4. 当具有6a44地址的6a44客户端有一个IPv6数据包要发送,其目的地位于同一客户站点时,它会将其封装在一个IPv4数据包中,该IPv4数据包的目的地位于IPv6目的地地址中。然后发送生成的IPv6/IPv4数据包。
5. When a 6a44 client receives a valid IPv6/IPv4 packet from a 6a44 client of the same site, it decapsulates the IPv6 packet and submits it to further IPv6 processing.
5. 当6a44客户端从同一站点的6a44客户端接收到有效的IPv6/IPv4数据包时,它将解除IPv6数据包的封装并将其提交给进一步的IPv6处理。
6. When a 6a44 client having a 6a44 address has an IPv6 packet to send whose destination IS NOT in the same customer site, it encapsulates the packet in a UDP/IPv4 packet whose destination is the 6a44-relay UDP/IPv4 address. It then sends the IPv6/UDP/ IPv4 packet.
6. 当具有6a44地址的6a44客户端有一个目标不在同一客户站点的IPv6数据包要发送时,它会将该数据包封装在一个目标为6a44中继UDP/IPv4地址的UDP/IPv4数据包中。然后发送IPv6/UDP/IPv4数据包。
7. When a 6a44 relay receives via its IPv4 interface a valid IPv6/ UDP/IPv4 packet whose destination IS one of its 6a44 clients, it forwards the contained IPv6 packet in a modified IPv6/UDP/IPv4 packet. The UDP/IPv4 destination of this packet is found in the IPv6 destination address.
7. 当6a44中继通过其IPv4接口接收到目标为其6a44客户端之一的有效IPv6/UDP/IPv4数据包时,它将转发修改后的IPv6/UDP/IPv4数据包中包含的IPv6数据包。此数据包的UDP/IPv4目标位于IPv6目标地址中。
8. When a 6a44 client receives a valid IPv6/UDP/IPv4 packet from a 6a44 relay, it decapsulates the IPv6 packet and submits it to further IPv6 processing.
8. 当6a44客户端从6a44中继接收到有效的IPv6/UDP/IPv4数据包时,它将解除IPv6数据包的封装并将其提交给进一步的IPv6处理。
9. When a 6a44 relay receives via its IPv4 interface a valid IPv6/ UDP/IPv4 packet whose IPv6 destination IS NOT one of its 6a44 clients, it decapsulates the IPv6 packet and sends it via its IPv6 interface.
9. 当6a44中继通过其IPv4接口接收到IPv6目标不是其6a44客户端之一的有效IPv6/UDP/IPv4数据包时,它将解除对IPv6数据包的封装,并通过其IPv6接口发送该数据包。
10. When a 6a44 relay receives via its IPv6 interface a valid IPv6 packet whose destination is one of its 6a44 clients, it encapsulates the packet in a UDP/IPv4 packet whose destination is the UDP/IPv4 address found in the IPv6 destination address. It then sends the resulting IPv6/UDP/IPv4 packet via its IPv4 interface.
10. 当6a44中继通过其IPv6接口接收到目标为其6a44客户端之一的有效IPv6数据包时,它会将该数据包封装在UDP/IPv4数据包中,该数据包的目标为IPv6目标地址中的UDP/IPv4地址。然后,它通过其IPv4接口发送生成的IPv6/UDP/IPv4数据包。
11. To maintain the NAT44 mapping of its 6a44 tunnel, and to quickly detect the need to change its 6a44 address in case of NAT44 reset, a 6a44 client from time to time sends a bubble to the 6a44-relay address (see Section 6.5.1).
11. 为了维护其6a44隧道的NAT44映射,并在NAT44重置时快速检测是否需要更改其6a44地址,6a44客户端会不时向6a44中继地址发送气泡(见第6.5.1节)。
12. When a 6a44 relay receives via its IPv4 interface an IPv6/UDP/ IPv4 packet whose IPv6 and UDP/IPv4 source addresses are not consistent, it discards the invalid packet and returns a bubble to the UDP/IPv4 source address. (This permits the 6a44 client at this address to update its IPv6 address.)
12. 当6a44中继通过其IPv4接口接收到IPv6和UDP/IPv4源地址不一致的IPv6/UDP/IPv4数据包时,它将丢弃无效数据包并向UDP/IPv4源地址返回气泡。(这允许位于该地址的6a44客户端更新其IPv6地址。)
CUSTOMER +-------------------------+
SITES | ISP NETWORK |
+---------+ +----------------+ |
| | |6a44 ISP NETWORK| | GLOBAL
| | | | | INTERNET
HOSTS | IPv6/UDP/IPv4 +---------+ | HOST
+-+ | +-----+ | B| 6a44 |C/48| IPv6 +-+
|A|---|--.---|NAT44|----|----------.---------.----|--- - - - ---|D|
+-+ | \ +-----+ | /| relay(s)|\ | +-+
+-+ | / | | ' +---------+ ' |
|E|---|--' | | | | | |
+-+ IPv6/IPv4 | | | | | |
+---------+ | | | | |
| | | | |
+---------+ | | | | |
| IPv6/UDP/IPv4 . | | |
+-+ | +-----+ | / | | |
|F|---|------|NAT44|----|------' | | |
+-+ | +-----+ | | | |
| | +----------------+ | |
+---------+ | . |
+-+ | / |
|G|---- - - - - - - ----|--------------------' |
+-+ IPv6 | |
+-------------------------+
CUSTOMER +-------------------------+
SITES | ISP NETWORK |
+---------+ +----------------+ |
| | |6a44 ISP NETWORK| | GLOBAL
| | | | | INTERNET
HOSTS | IPv6/UDP/IPv4 +---------+ | HOST
+-+ | +-----+ | B| 6a44 |C/48| IPv6 +-+
|A|---|--.---|NAT44|----|----------.---------.----|--- - - - ---|D|
+-+ | \ +-----+ | /| relay(s)|\ | +-+
+-+ | / | | ' +---------+ ' |
|E|---|--' | | | | | |
+-+ IPv6/IPv4 | | | | | |
+---------+ | | | | |
| | | | |
+---------+ | | | | |
| IPv6/UDP/IPv4 . | | |
+-+ | +-----+ | / | | |
|F|---|------|NAT44|----|------' | | |
+-+ | +-----+ | | | |
| | +----------------+ | |
+---------+ | . |
+-+ | / |
|G|---- - - - - - - ----|--------------------' |
+-+ IPv6 | |
+-------------------------+
IPv6 PATHS A-D: D is IPv6 of another ISP A-E: E is a 6a44 client in the same site A-F: F is a 6a44 client in another site of the same ISP A-G: G is IPv6 of the same ISP, other than 6a44
IPv6路径A-D:D是另一ISP的IPv6 A-E:E是同一站点中的6a44客户端A-F:F是同一ISP的另一站点中的6a44客户端A-G:G是同一ISP的IPv6,而不是6a44
Figure 2: IPv6 Paths between 6a44 Hosts and Remote Hosts
图2:6a44主机和远程主机之间的IPv6路径
The 6a44 IPv6 address an ISP assigns to a host must contain all pieces of information needed to reach it from other IPv6 addresses. These pieces are described below and illustrated in Figure 3:
ISP分配给主机的6a44 IPv6地址必须包含从其他IPv6地址到达主机所需的所有信息。这些部件如下所述,如图3所示:
o the 6a44-network IPv6 prefix C (a /48 the ISP has assigned to its 6a44 relays);
o 6a44网络IPv6前缀C(ISP分配给其6a44中继的a/48);
o the customer-site IPv4 address N (either global IPv4 or, if the ISP uses a [NAT444] model, private IPv4);
o 客户站点IPv4地址N(全局IPv4或专用IPv4(如果ISP使用[NAT444]型号);
o the mapped port Z of the 6a44 tunnel (i.e., the external port assigned by the NAT44 to the tunnel that the client maintains between its UDP/IPv4 local address A:W and the 6a44-relay UDP/IPv4 address B:W);
o 6a44隧道的映射端口Z(即,NAT44分配给客户端在其UDP/IPv4本地地址A:W和6a44中继UDP/IPv4地址B:W之间维护的隧道的外部端口);
o the client local IPv4 address A (i.e., the private IPv4 address assigned to the client in its customer site; it is needed for intra-site IPv6 connectivity).
o 客户端本地IPv4地址A(即,在其客户站点中分配给客户端的专用IPv4地址;站点内IPv6连接需要该地址)。
Customer network ISP network
+--------------+ +------------------+
Client |IPv4 CPE |IPv4 |
+----+ | +-----+ | +----------+
| ^ |-----| |NAT44|----+ |6a44 relay|---- IPv6
+-|-^+ | +-----+ | +----------+^
| | | ^ | ^ | ^ | |
| | +----------|---+ | +---------|--------+ |
| | | ^ | | |
| | >0/0| | |N/32< | |
| | | | |
| | Mapping | |
| | <a:w>-<N:Z> (*) | |
| | | |
| |A:W< >B:W| |
| |
IPv6 |C.N.Z.A/128< |C/48<
Customer network ISP network
+--------------+ +------------------+
Client |IPv4 CPE |IPv4 |
+----+ | +-----+ | +----------+
| ^ |-----| |NAT44|----+ |6a44 relay|---- IPv6
+-|-^+ | +-----+ | +----------+^
| | | ^ | ^ | ^ | |
| | +----------|---+ | +---------|--------+ |
| | | ^ | | |
| | >0/0| | |N/32< | |
| | | | |
| | Mapping | |
| | <a:w>-<N:Z> (*) | |
| | | |
| |A:W< >B:W| |
| |
IPv6 |C.N.Z.A/128< |C/48<
(*) With NAT44(s) between client and CPE, a:w may differ from A:W
(*) With NAT44(s) between client and CPE, a:w may differ from A:W
|0 47|48 79|80 95|96 127|
+-------+-------+-------+-------+-------+-------+-------+-------+
| 6a44-network | Customer-site |Tunnel | 6a44-client |
| IPv6 prefix | IPv4 address |mapped | local IPv4 |
| (C) | (N) |port(Z)| address (A) |
+-------+-------+-------+-------+-------+-------+-------+-------+
6a44-client
<-- UDP/IPv4 address -->
<------------ 6a44-client IPv6 prefix --------->
<---------------- 6a44-client IPv6 address --------------------->
|0 47|48 79|80 95|96 127|
+-------+-------+-------+-------+-------+-------+-------+-------+
| 6a44-network | Customer-site |Tunnel | 6a44-client |
| IPv6 prefix | IPv4 address |mapped | local IPv4 |
| (C) | (N) |port(Z)| address (A) |
+-------+-------+-------+-------+-------+-------+-------+-------+
6a44-client
<-- UDP/IPv4 address -->
<------------ 6a44-client IPv6 prefix --------->
<---------------- 6a44-client IPv6 address --------------------->
Figure 3: Host-Address Construction
图3:主机地址构造
NOTE: 6a44 addresses are not guaranteed to comply with the rule listed in [RFC4291], according to which bits 64-127 of aggregatable unicast addresses have to be in Modified-EUI-64 Interface Identifier (IID) format. However, these bits within the 6a44 addresses are interpreted only where 6a44 addresses are processed, i.e., in 6a44
注:6a44地址不保证符合[RFC4291]中列出的规则,根据该规则,可聚合单播地址的位64-127必须采用Modified-EUI-64接口标识符(IID)格式。然而,仅当处理6a44地址时,即在6a44中,才解释6a44地址内的这些位
relays and clients. No operational problem is therefore foreseen. Besides, because it is a purely transitional tool, it shouldn't prevent any "development of future technology that can take advantage of interface identifiers with universal scope" (the purpose of this format, as expressed in [RFC4291].
中继和客户端。因此,预计不会出现任何操作问题。此外,由于它是一个纯粹的过渡工具,因此不应阻止任何“利用通用范围接口标识符的未来技术的开发”(该格式的目的,如[RFC4291]所述)。
For NAT44 traversal, an IPv6 packet transmitted from a 6a44 client to a 6a44 relay, or vice versa, is encapsulated in a UDP/IP packet whose source and destination addresses are those of the two endpoints (A:W and B:W in the notations of Figure 3). The IPv4 packet is that of a complete datagram (its more-fragment bit is set to 0, its offset is set to 0, and its datagram identification may be set to 0). The UDP checksum is set to 0 (there is no need for an additional layer of checksum protection). The length of the IPv6 packet SHOULD NOT exceed 1280 octets (see Section 6.4).
对于NAT44遍历,从6a44客户端传输到6a44中继(反之亦然)的IPv6数据包被封装在UDP/IP数据包中,该数据包的源地址和目标地址为两个端点的地址(图3中的符号a:W和B:W)。IPv4数据包是完整数据报的数据包(其更多片段位设置为0,其偏移量设置为0,其数据报标识可以设置为0)。UDP校验和设置为0(不需要额外的校验和保护层)。IPv6数据包的长度不应超过1280个八位字节(见第6.4节)。
Octets: |0 |20 |28 |68 |
+----------+---+-------------------+-------//-----+
| IPv4 |UDP| IPv6 header | IPv6 payload |
+----------+---+-------------------+-------//-----+
Octets: |0 |20 |28 |68 |
+----------+---+-------------------+-------//-----+
| IPv4 |UDP| IPv6 header | IPv6 payload |
+----------+---+-------------------+-------//-----+
An IPv6 packet transmitted from a 6a44 client to another 6a44 client of the same site is encapsulated in an IPv4 packet whose source and destination addresses are the private IPv4 addresses of the two hosts. The IPv4 packet is that of a complete datagram (its more-fragment bit is set to 0, its offset is set to 0, and its datagram identification may be set to 0). The size of the IPv6 packet SHOULD NOT exceed 1280 octets (see Section 6.4).
从6a44客户端传输到同一站点的另一个6a44客户端的IPv6数据包封装在IPv4数据包中,该数据包的源地址和目标地址是两台主机的专用IPv4地址。IPv4数据包是完整数据报的数据包(其更多片段位设置为0,其偏移量设置为0,其数据报标识可以设置为0)。IPv6数据包的大小不应超过1280个八位字节(见第6.4节)。
Octets: |0 |20 |60 |
+----------+-------------------+-------//-----+
| IPv4 | IPv6 header | IPv6 payload |
+----------+-------------------+-------//-----+
Octets: |0 |20 |60 |
+----------+-------------------+-------//-----+
| IPv4 | IPv6 header | IPv6 payload |
+----------+-------------------+-------//-----+
A "bubble" is a UDP/IPv4 packet whose UDP payload is comprised of a "6a44-client IPv6 prefix" field and a "Bubble ID" field and whose UDP checksum is set to 0. Having no UDP checksum protection in bubbles is a simplification that is acceptable because bubble contents are
“气泡”是UDP/IPv4数据包,其UDP有效负载由“6a44客户端IPv6前缀”字段和“气泡ID”字段组成,其UDP校验和设置为0。气泡中没有UDP校验和保护是可以接受的简化,因为气泡内容是
regularly updated and non-critical (a client accepting a corrupted IPv6 prefix never leads to any IPv6 packet being accepted by any wrong destination).
定期更新且非关键(接受损坏IPv6前缀的客户端不会导致任何IPv6数据包被任何错误的目的地接受)。
"6a44-client IPv6 prefix" field
. from a 6a44 client = 0 (also denoted by ::/96)
. from a 6a44 relay = 6a44-client IPv6 prefix
|
Octets: |0 |20 |28| |40 |48
+----------+---+--|-+---+
| IPv4 |UDP| . | . |
+----------+---+----+-|-+
|
"Bubble ID" field
. from a 6a44 client: a client-selected value
. from a 6a44 relay:
- in a response bubble, copy of the received Bubble ID
- in an error-signaling bubble, 0
"6a44-client IPv6 prefix" field
. from a 6a44 client = 0 (also denoted by ::/96)
. from a 6a44 relay = 6a44-client IPv6 prefix
|
Octets: |0 |20 |28| |40 |48
+----------+---+--|-+---+
| IPv4 |UDP| . | . |
+----------+---+----+-|-+
|
"Bubble ID" field
. from a 6a44 client: a client-selected value
. from a 6a44 relay:
- in a response bubble, copy of the received Bubble ID
- in an error-signaling bubble, 0
Figure 4: 6a44 Bubble Format
图4:6a44气泡格式
In a bubble from a 6a44 client to a 6a44 relay, the "6a44-client IPv6 prefix" field is only reserved space for the response and is set to 0. In a bubble from a 6a44 relay to a 6a44 client, this field contains the IPv6 prefix of the client, left-justified.
在从6a44客户端到6a44中继的气泡中,“6a44客户端IPv6前缀”字段仅为响应保留空间,设置为0。在从6a44中继到6a44客户端的气泡中,此字段包含客户端的IPv6前缀(左对齐)。
In a bubble from a 6a44 client to a 6a44 relay, the "Bubble ID" field contains a randomly chosen value, renewed under the circumstances defined in Section 6.5.1. In a bubble from a 6a44 relay to a 6a44 client, if the bubble is a response to a bubble received from the client, the field contains the value found in the received bubble; if the bubble is a reaction to a received IPv6/UDP/IPv4 packet whose IPv6 and UDP/IPv4 sources are inconsistent (i.e., not conforming to R44-2 condition (3) in Section 6.6.2), the field is set to 0. The purpose of this field is to protect against 6a44-relay spoofing attacks (see Section 7).
在从6a44客户端到6a44中继的气泡中,“气泡ID”字段包含随机选择的值,在第6.5.1节定义的情况下更新。在从6a44中继到6a44客户端的气泡中,如果气泡是对从客户端接收到的气泡的响应,则该字段包含在接收到的气泡中找到的值;如果气泡是对接收到的IPv6/UDP/IPv4数据包的反应,该数据包的IPv6和UDP/IPv4源不一致(即不符合第6.6.2节中的R44-2条件(3)),则该字段设置为0。此字段的目的是防止6a44中继欺骗攻击(参见第7节)。
In order to preserve forward compatibility with any extension of bubble formats -- should one prove useful in the future -- 6a44 clients and 6a44 relays MUST be configured to receive bubbles whose UDP payload lengths are longer than 20 octets (up to that of an IPv6- packet header since, as detailed in Sections 6.5.3 and 6.6.2, bubbles are recognized by the fact that their lengths are shorter than that of tunneled IPv6 packets).
为了保持与气泡格式的任何扩展的前向兼容性(如果将来证明有用),必须将6a44客户端和6a44中继配置为接收UDP有效负载长度超过20个八位字节的气泡(由于如第6.5.3节和第6.6.2节所述,泡泡的长度比隧道IPv6数据包的长度短,因此泡泡可以识别为IPv6数据包头的长度)。
Reassembly of a fragmented IPv4 datagram necessitates that its identifier be remembered from reception of the first fragment to reception of the last one, and necessitates a timeout protection against packet losses. If such stateful IP-layer processing would be necessary for 6a44, it would make it more complex than needed, would introduce a vulnerability to denial-of-service attacks, and would impose the restriction that all fragments of a fragmented IPv4 datagram go to the same relay. This last point would be a constraint on how load balancing may be performed between multiple 6a44 relays, and would therefore be detrimental to scalability.
碎片化IPv4数据报的重新组装需要从接收第一个碎片到接收最后一个碎片都记住其标识符,并且需要防止数据包丢失的超时保护。如果6a44需要这种有状态的IP层处理,则会使其变得比需要的更复杂,会引入拒绝服务攻击的漏洞,并会强制限制碎片化IPv4数据报的所有碎片进入同一个中继。最后一点将限制如何在多个6a44中继之间执行负载平衡,因此将不利于可伸缩性。
For 6a44 processing to remain completely stateless, IPv4 packets containing encapsulated IPv6 packets must never be fragmented (DF always set to 1). For this requirement to be met, the following apply:
为了使6a44处理保持完全无状态,包含封装IPv6数据包的IPv4数据包决不能被分段(DF始终设置为1)。为满足此要求,以下各项适用:
o In customer sites, 6a44 clients MUST have IPv4 link MTUs that support encapsulated IPv6 packets of lengths up to 1280 octets, i.e., for IPv6/UDP/IPv4 packets that traverse the CPE, link MTUs of at least 1280+20+8=1308 octets. (This condition is in general satisfied.)
o 在客户站点中,6a44客户端必须具有支持长度不超过1280个八位字节的封装IPv6数据包的IPv4链路MTU,即,对于穿过CPE的IPv6/UDP/IPv4数据包,链路MTU至少为1280+20+8=1308个八位字节。(这一条件基本上得到满足。)
o For the same reason, 6a44 ISP networks must have IPv4 path MTUs of at least 1308 octets. (This condition is in general satisfied.)
o 出于同样的原因,6a44 ISP网络必须具有至少1308个八位字节的IPv4路径MTU。(这一条件基本上得到满足。)
o 6a44 clients SHOULD limit the size of IPv6 packets they transmit to 1280 octets.
o 6a44客户端应将其传输的IPv6数据包大小限制为1280个八位字节。
o 6a44 relays SHOULD set their IPv6 MTU to 1280. (If a relay receives an IPv6 packet longer than this MTU via its IPv6 upstream interface, it MUST return an ICMPv6 Packet Too Big error message.) Typical ISP networks have path MTUs that would permit IPv6 MTUs of 6a44 devices to be longer than 1280 octets, but accepting 1280 octets is a precaution that guarantees against problems with customer sites that may have internal path MTUs smaller than those supported by their ISP networks.
o 6a44中继应将其IPv6 MTU设置为1280。(如果中继通过其IPv6上游接口接收到的IPv6数据包长度超过此MTU,则必须返回ICMPv6数据包过大错误消息。)典型ISP网络的路径MTU允许6a44设备的IPv6 MTU长度超过1280个八位字节,但接受1280个八位字节是一种预防措施,可以保证客户站点的问题不会出现,因为这些站点的内部路径MTU可能小于ISP网络支持的路径MTU。
For a 6a44-client IPv6 address to remain valid, the port mapping of the 6a44 tunnel MUST be maintained in the CPE NAT44.
为了使6a44客户端IPv6地址保持有效,必须在CPE NAT44中维护6a44隧道的端口映射。
For this, the 6a44 client SHOULD apply the equivalent of the following TM-x rules, as illustrated in Figure 5.
为此,6a44客户机应应用与以下TM-x规则等效的规则,如图5所示。
TM-1 At initialization, a timer value T1 is randomly chosen in the recommended range of 1 to 1.5 seconds, and the "6a44 disabled" state is entered. (Randomness of this value is a precaution to avoid the following scenario: if many hosts happened to be re-initialized at the same time, the bubble traffic resulting from the following rules would be synchronized.)
TM-1初始化时,在建议的1至1.5秒范围内随机选择定时器值T1,并进入“6a44禁用”状态。(此值的随机性是一种预防措施,以避免出现以下情况:如果多台主机碰巧同时重新初始化,则将同步由以下规则产生的气泡流量。)
TM-2 In the "6a44-disabled" state, if it appears that the interface has no IPv6 native address BUT has a private IPv4 address, then (1) the Attempt count (a local variable) is set to 1; (2) a new Bubble ID (another local variable) is randomly chosen (it is not critical how random this new value is, as explained in Section 7); (3) a bubble is sent with this Bubble ID; (4) the "Bubble sent" state is entered with the timer set to T1.
TM-2处于“6a44禁用”状态,如果该接口似乎没有IPv6本机地址,但具有专用IPv4地址,则(1)尝试计数(局部变量)设置为1;(2) 随机选择一个新的气泡ID(另一个局部变量)(如第7节所述,该新值的随机性并不重要);(3) 发送带有此气泡ID的气泡;(4) 进入“气泡发送”状态时,计时器设置为T1。
TM-3 In the "Bubble sent" state, if the timer expires AND the Attempt count is less than 4, then (1) the Attempt count is increased by 1; (2) a new bubble is sent with the current Bubble ID; (3) the "Bubble sent" state is re-entered with the timer reset to T1.
TM-3处于“气泡发送”状态,如果计时器过期且尝试计数小于4,则(1)尝试计数增加1;(2) 发送带有当前气泡ID的新气泡;(3) 当计时器重置为T1时,重新进入“气泡发送”状态。
TM-4 In the "Bubble sent" state, if a bubble is received, then (1) the 6a44-client IPv6 address is set to the received 6a44-client IPv6 prefix followed by the host local IPv4 address; (2) the "Bubble received" state is entered with the timer set to T2, whose recommended value is 30 seconds minus 4 times T1.
TM-4处于“冒泡发送”状态,如果接收到冒泡,则(1)将6a44客户端IPv6地址设置为接收到的6a44客户端IPv6前缀,后跟主机本地IPv4地址;(2) 进入“气泡接收”状态时,计时器设置为T2,其建议值为30秒减去4倍T1。
TM-5 In the "Bubble sent" state, if timer T1 expires AND the Attempt count is equal to 4, then the "No 6a44 relay" state is entered with the timer set to T3, whose recommended value is 30 minutes.
TM-5处于“气泡发送”状态,如果计时器T1过期且尝试计数等于4,则进入“No 6a44继电器”状态,计时器设置为T3,其建议值为30分钟。
TM-6 In the "Bubble sent" state, OR the "Bubble received" state, OR the "No 6a44 relay" state, if an IPv6 native address is obtained by some other means, OR if the private IPv4 address of the host is no longer valid, then (1) the timer is disarmed; (2) the "6a44 disabled" state is entered.
TM-6处于“冒泡发送”状态、或“冒泡接收”状态、或“No 6a44中继”状态,如果通过其他方式获得IPv6本机地址,或如果主机的专用IPv4地址不再有效,则(1)定时器被解除;(2) 进入“6a44禁用”状态。
TM-7 In the "Bubble received" state, if timer T2 expires, then (1) the Attempt count is reset to 1; (2) a new Bubble ID is randomly chosen; (3) a bubble is sent with this Bubble ID; (4) the "Bubble sent" state is entered with the timer set to T1.
TM-7处于“气泡接收”状态,如果计时器T2过期,则(1)尝试计数重置为1;(2) 随机选择一个新的气泡ID;(3) 发送带有此气泡ID的气泡;(4) 进入“气泡发送”状态时,计时器设置为T1。
TM-8 In the "Bubble received" state, if a bubble is received, then the timer is reset to T2. (NOTE: Since a bubble is received by a 6a44 client either in response to a bubble it has sent or in
TM-8处于“气泡接收”状态,如果接收到气泡,则定时器重置为T2。(注意:由于6a44客户端接收到气泡是为了响应其发送的气泡或接收到的气泡。)
reaction to a packet it has sent with inconsistent IPv6 and UDP/IPv4 source addresses, receiving a bubble is a sign that the tunnel mapping reported in the received bubble prefix has recently been used in BOTH directions, a condition required by some NAT44s to maintain their mappings.)
对于发送的数据包的IPv6和UDP/IPv4源地址不一致,接收到气泡表示接收到的气泡前缀中报告的隧道映射最近已在两个方向上使用,这是某些NAT44维护其映射所需的条件。)
TM-9 In the "No 6a44 relay" state, if the timer expires, then (1) the Attempt count is reset to 1; (2) a new Bubble ID is randomly chosen; (3) a bubble is sent with this Bubble ID; (4) the "Bubble sent" state is entered with the timer set to T1.
TM-9处于“No 6a44继电器”状态,如果计时器过期,则(1)尝试计数重置为1;(2) 随机选择一个新的气泡ID;(3) 发送带有此气泡ID的气泡;(4) 进入“气泡发送”状态时,计时器设置为T1。
Initialization
________v________
/ \
| "6a44 disabled" |------------<-----------------+
\_________________/ ^
v no v6-add AND v4-add ^
+--------->--------------v ^
^ +--------------v--------------+ ^
^ | Reset the Attempt count | ^
^ | Renew the Bubble ID | ^
^ +--------------+--------------+ ^
^ +----->-------------v ^
^ ^ +--------------v--------------+ ^
^ ^ | Send a bubble | ^
^ ^ +--------------v--------------+ ^
^ ^ ________v________ ^
^ ^ Timer T1 / \ 4 attempts without answer ^
^ +----<-----| "Bubble sent" |-------->----------------+ ^
^ (1 to 1.5 s)\_________________/ v ^
^ v \ v6-add OR no v4-add v ^
^ Bubble received v +-----------------------------+
^ v-----------------<-----------+ v ^
^ _________v_________ ^ v ^
^ Timer T2 / \Bubble received ^ v ^
+----------<---| "Bubble received" |-------->----------+ v ^
^ (30 s - 4*T1)\___________________/ v ^
^ \ v6-add OR no v4-add v ^
^ +------->--------------------+
^ v ^
^ +----------------------------------+ ^
^ _______v________ ^
^ Timer T3 / \ v6-add OR no v4-add ^
+-----------<----| "No 6a44 relay" |----->-----------------------+
(30 min) \_________________/
Initialization
________v________
/ \
| "6a44 disabled" |------------<-----------------+
\_________________/ ^
v no v6-add AND v4-add ^
+--------->--------------v ^
^ +--------------v--------------+ ^
^ | Reset the Attempt count | ^
^ | Renew the Bubble ID | ^
^ +--------------+--------------+ ^
^ +----->-------------v ^
^ ^ +--------------v--------------+ ^
^ ^ | Send a bubble | ^
^ ^ +--------------v--------------+ ^
^ ^ ________v________ ^
^ ^ Timer T1 / \ 4 attempts without answer ^
^ +----<-----| "Bubble sent" |-------->----------------+ ^
^ (1 to 1.5 s)\_________________/ v ^
^ v \ v6-add OR no v4-add v ^
^ Bubble received v +-----------------------------+
^ v-----------------<-----------+ v ^
^ _________v_________ ^ v ^
^ Timer T2 / \Bubble received ^ v ^
+----------<---| "Bubble received" |-------->----------+ v ^
^ (30 s - 4*T1)\___________________/ v ^
^ \ v6-add OR no v4-add v ^
^ +------->--------------------+
^ v ^
^ +----------------------------------+ ^
^ _______v________ ^
^ Timer T3 / \ v6-add OR no v4-add ^
+-----------<----| "No 6a44 relay" |----->-----------------------+
(30 min) \_________________/
Figure 5: Tunnel Maintenance Algorithm
图5:隧道维护算法
A 6a44 client transmits packets according to the following CT-x rules. In figures that illustrate these rules, symbols used in Section 5 are reused; packets are represented as a succession of significant fields separated by commas, with sources preceding destinations as usual; != means "different from".
6a44客户端根据以下CT-x规则传输数据包。在说明这些规则的图中,重复使用第5节中使用的符号;数据包表示为一系列由逗号分隔的有效字段,源通常位于目的地之前;!=意思是“不同于”。
CT-1 BUBBLE SENT BY A 6a44 CLIENT
6a44客户端发送的CT-1气泡
(IPv4, A, B, UDP[W, W, ::/96, <current Bubble ID>])
|
+-------+--------+ |
| | 6a44 | |
| | client +------>---------- >B:W
| |function|A:W< UDP/IPv4
+-------+--------+
Host
(IPv4, A, B, UDP[W, W, ::/96, <current Bubble ID>])
|
+-------+--------+ |
| | 6a44 | |
| | client +------>---------- >B:W
| |function|A:W< UDP/IPv4
+-------+--------+
Host
Bubbles are transmitted from time to time. Conditions of their transmission are specified in Section 6.5.1, and their format is specified in Section 6.3.
气泡会不时地传播。第6.5.1节规定了其传输条件,第6.3节规定了其格式。
CT-2 IPv6/IPv4 PACKET SENT TO A HOST OF THE SAME SITE
发送到同一站点的主机的CT-2 IPv6/IPv4数据包
[IPv6, <C.N.Z.A>, <C.N..E>,...]
|
| (IPv4, A, A2, IP-in-IP[encapsulated packet])
| |
+----|--+--------+ |
| | | 6a44 | |
| -->--+ client +------>------ >A2
| IPv6 |function|<A IPv4
+-------+--------+
Host
[IPv6, <C.N.Z.A>, <C.N..E>,...]
|
| (IPv4, A, A2, IP-in-IP[encapsulated packet])
| |
+----|--+--------+ |
| | | 6a44 | |
| -->--+ client +------>------ >A2
| IPv6 |function|<A IPv4
+-------+--------+
Host
If an IPv6 packet is submitted for transmission with ALL the following conditions satisfied, the 6a44 client MUST encapsulate the IPv6 packet in an IPv4 packet whose protocol is set to IP in IP (protocol = 41) and whose IPv4 destination is copied from the last 32 bits of the IPv6 destination: (1) the IPv6 source address is the 6a44-client IPv6 address; (2) the IPv6 destination is a 6a44 address of the same site (it has the same 80 bits as the 6a44-client IPv6 address); (3) either the IPv6 packet does not exceed 1280 octets, or it is longer but it does not exceed the IPv4 link MTU minus 20 octets and the IPv4 destination address starts with the IPv4 link prefix.
如果在满足以下所有条件的情况下提交IPv6数据包进行传输,则6a44客户端必须将IPv6数据包封装在IPv4数据包中,该数据包的协议设置为IP-in-IP(协议=41),并且其IPv4目的地是从IPv6目的地的最后32位复制的:(1)IPv6源地址为6a44客户端IPv6地址;(2) IPv6目标是同一站点的6a44地址(它与6a44客户端IPv6地址具有相同的80位);(3) IPv6数据包不超过1280个八位字节,或者更长,但不超过IPv4链路MTU减去20个八位字节,并且IPv4目标地址以IPv4链路前缀开始。
CT-3 IPv6/UDP/IPv4 PACKET TO A HOST OF ANOTHER SITE
将CT-3 IPv6/UDP/IPv4数据包发送到另一站点的主机
[IPv6, <C.N.Z.A>, X != <C.N...>, ...]
|
| (IPv4, B, A, UDP(W, W, [encapsulated packet])
| |
+----|--+--------+ |
| | | 6a44 | |
| -->--+ client +------>---------- >B:W
| IPv6 |function|A:W< UDP/IPv4
+-------+--------+
Host
[IPv6, <C.N.Z.A>, X != <C.N...>, ...]
|
| (IPv4, B, A, UDP(W, W, [encapsulated packet])
| |
+----|--+--------+ |
| | | 6a44 | |
| -->--+ client +------>---------- >B:W
| IPv6 |function|A:W< UDP/IPv4
+-------+--------+
Host
If an IPv6 packet is submitted for transmission and ALL the following conditions are satisfied, the IPv6 packet MUST be encapsulated in a UDP/IPv4 packet whose destination is the 6a44-relay anycast address and whose source and destination ports are both the 6a44 port: (1) the source address is the local 6a44-client IPv6 address; (2) the destination is not a 6a44 address of the same site (its first 80 bits differ from those of the 6a44-client IPv6 address); (3) the IPv6 packet does not exceed 1280 octets.
如果提交IPv6数据包进行传输且满足以下所有条件,则IPv6数据包必须封装在UDP/IPv4数据包中,该数据包的目的地为6a44中继选播地址,且其源端口和目标端口均为6a44端口:(1)源地址为本地6a44客户端IPv6地址;(2) 目标不是同一站点的6a44地址(其前80位与6a44客户端IPv6地址的前80位不同);(3) IPv6数据包不超过1280个八位字节。
CT-4 IPv6 PACKET THAT DOESN'T CONCERN 6a44
与6a44无关的CT-4 IPv6数据包
If an IPv6 packet is submitted to the 6a44 client function for transmission with an IPv6 source address that is not the 6a44-client IPv6 address, the packet does not concern 6a44. It MUST be left for any other IPv6 transmission function that may apply (the source address can be a link-local address or a Unique Local Address (ULA) [RFC4193]).
如果将IPv6数据包提交给6a44客户端功能以使用不是6a44客户端IPv6地址的IPv6源地址进行传输,则该数据包与6a44无关。它必须留给可能应用的任何其他IPv6传输功能(源地址可以是链路本地地址或唯一本地地址(ULA)[RFC4193])。
Upon reception of an IPv4 packet, a 6a44 client applies the following CR-x rules:
当接收到IPv4数据包时,6a44客户端应用以下CR-x规则:
CR-1 BUBBLE RECEIVED FROM A 6a44 RELAY
从6a44继电器接收到CR-1气泡
(IPv4, B, A, UDP(W, W, [<C.N.Z>, <current Bubble ID>])
|
+-------+--------+ |
| | 6a44 | |
| | client +------<---------- <B:W
| | |A:W< UDP/IPv4
+-------+--------+
Host
(updates C.N.Z)
(IPv4, B, A, UDP(W, W, [<C.N.Z>, <current Bubble ID>])
|
+-------+--------+ |
| | 6a44 | |
| | client +------<---------- <B:W
| | |A:W< UDP/IPv4
+-------+--------+
Host
(updates C.N.Z)
If ALL the following conditions are satisfied (i.e., the packet is a 6a44 bubble from a 6a44 relay), the 6a44-client IPv6 address MUST be updated using the received IPv6 prefix C.N.Z: (1) the IPv4 packet contains a complete UDP datagram (protocol = 17, offset = 0, more-fragment bit = 0); (2) both ports of the UDP datagram are the 6a44 port, and the payload length is enough to contain a 6a44-client IPv6 prefix and a Bubble ID but shorter than an IPv6-packet header (protocol = 17, UDP payload length = at least 20 octets and less than 40 octets); (3) the received Bubble ID matches the current value of the Bubble-ID local variable.
如果满足以下所有条件(即,数据包是来自6a44中继的6a44气泡),则必须使用接收到的IPv6前缀C.N.Z更新6a44客户端IPv6地址:(1)IPv4数据包包含完整的UDP数据报(协议=17,偏移量=0,更多片段位=0);(2) UDP数据报的两个端口都是6a44端口,有效负载长度足以包含6a44客户端IPv6前缀和气泡ID,但短于IPv6数据包头(协议=17,UDP有效负载长度=至少20个八位字节,小于40个八位字节);(3) 接收到的气泡ID与气泡ID局部变量的当前值匹配。
CR-2 IPv6/IPv4 PACKET FROM A HOST OF THE SAME SITE
来自同一站点主机的CR-2 IPv6/IPv4数据包
(IPv4, E, A, IP-in-IP, [IPv6, <C.N..A2>, <C.N.Z.A>, ...])
|
[decapsulated packet] |
| |
+----|--+--------+ |
| | | 6a44 | |
| --<--+ client +------<------ <A2
| IPv6 | |A< IPv4
+-------+--------+
Host
(IPv4, E, A, IP-in-IP, [IPv6, <C.N..A2>, <C.N.Z.A>, ...])
|
[decapsulated packet] |
| |
+----|--+--------+ |
| | | 6a44 | |
| --<--+ client +------<------ <A2
| IPv6 | |A< IPv4
+-------+--------+
Host
If ALL the following conditions are satisfied (i.e., the packet comes from a 6a44 client of the same site), the 6a44 client MUST decapsulate the inner packet and treat it as a received IPv6 packet: (1) the IPv4 packet contains a complete UDP datagram (protocol = 17, offset = 0, more-fragment bit = 0); (2) both ports of the UDP datagram are the 6a44 port, and the UDP payload is an IPv6 packet (UDP length of at least 40 octets, version = 6); (3) the IPv6 source address is one of the same site (the first 80 bits match those of the 6a44-client IPv6 address; (4) its last 32 bits are equal to the IPv4 source address; (5) the IPv6 destination address is the 6a44-client IPv6 address.
如果满足以下所有条件(即,数据包来自同一站点的6a44客户端),6a44客户端必须将内部数据包解封并将其视为接收到的IPv6数据包:(1)IPv4数据包包含完整的UDP数据报(协议=17,偏移量=0,更多片段位=0);(2) UDP数据报的两个端口均为6a44端口,UDP有效负载为IPv6数据包(UDP长度至少为40个八位字节,版本=6);(3) IPv6源地址是同一站点中的一个(前80位与6a44客户端IPv6地址匹配;(4)其最后32位等于IPv4源地址;(5)IPv6目标地址是6a44客户端IPv6地址。
CR-3 IPv6/UDP/IPv4 PACKET FROM A HOST OF ANOTHER SITE
来自另一站点主机的CR-3 IPv6/UDP/IPv4数据包
(IPv4, B, A, UDP(W, W, [IPv6, X, <C.N.Z.A>,...])
|
[decapsulated packet] |
| |
+----|--+--------+ |
| | | 6a44 | |
| --<--+ client +------<---------- <B:W
| IPv6 | |A:W< UDP/IPv4
+-------+--------+
Host
(IPv4, B, A, UDP(W, W, [IPv6, X, <C.N.Z.A>,...])
|
[decapsulated packet] |
| |
+----|--+--------+ |
| | | 6a44 | |
| --<--+ client +------<---------- <B:W
| IPv6 | |A:W< UDP/IPv4
+-------+--------+
Host
If ALL the following conditions are satisfied (i.e., the packet has been relayed by a 6a44 relay), the 6a44 client MUST decapsulate the inner packet and treat it as a received IPv6 packet: (1) the IPv4 packet contains a complete UDP datagram (protocol = 17, offset = 0, more-fragment bit = 0); (2) the UDP payload is an IPv6 packet (length of at least 40 octets, version = 6); (3) the UDP/IPv4 source address is the 6a44-relay UDP/IPv4 address; (4) the IPv6 destination address is the 6a44-client IPv6 address.
如果满足以下所有条件(即,数据包已由6a44中继转发),6a44客户端必须对内部数据包进行解封,并将其视为接收到的IPv6数据包:(1)IPv4数据包包含完整的UDP数据报(协议=17,偏移量=0,更多片段位=0);(2) UDP有效负载是IPv6数据包(长度至少为40个八位字节,版本=6);(3) UDP/IPv4源地址为6a44中继UDP/IPv4地址;(4) IPv6目标地址是6a44客户端IPv6地址。
CR-4 RECEIVED ICMPv4 ERROR MESSAGE CONCERNING A 6a44 PACKET
CR-4收到关于6a44数据包的ICMPv4错误消息
If the 6a44 client receives an IPv4 error message [RFC0792] that concerns a discarded 6a44 packet (i.e., if the copied header of the discarded packet is that of a transmitted packet according to CT-2 or CT-3), it SHOULD translate it into an ICMPv6 error message [RFC4443] and then treat it as a received IPv6 packet. Translation of Type and Code conversions between IPv4 and IPv6 is described in Section 4.2 of [RFC6145], under "ICMPv4 error messages".
如果6a44客户端接收到与丢弃的6a44数据包有关的IPv4错误消息[RFC0792](即,如果丢弃数据包的复制头是根据CT-2或CT-3传输的数据包的复制头),则应将其转换为ICMPv6错误消息[RFC4443],然后将其视为接收到的IPv6数据包。[RFC6145]第4.2节“ICMPv4错误消息”中描述了IPv4和IPv6之间类型和代码转换的转换。
CR-5 RECEIVED IPv4 PACKET OTHER THAN 6a44
CR-5接收到除6a44以外的IPv4数据包
If ANY one or more of the following conditions are verified, the received IPv4 packet does not concern 6a44 and MUST therefore be left for any other IPv4 reception function that may apply: (1) the IPv4 payload is neither UDP nor IPv6 (protocol = neither 17 nor 41, or protocol = 41 and IP version in the payload is not = 6); (2) the IPv4 packet is an IP-datagram fragment other than the first one (offset > 0); (3) the IPv4 packet contains the first or unique fragment of a UDP datagram (protocol = 17, offset = 0), with neither port equal to the 6a44 port.
如果验证了以下任何一个或多个条件,则接收到的IPv4数据包与6a44无关,因此必须留给可能应用的任何其他IPv4接收功能:(1)IPv4有效负载既不是UDP也不是IPv6(协议=既不是17也不是41,或协议=41,有效负载中的IP版本不=6);(2) IPv4数据包是除第一个(偏移量>0)以外的IP数据报片段;(3) IPv4数据包包含UDP数据报的第一个或唯一片段(协议=17,偏移量=0),两个端口都不等于6a44端口。
Upon reception of a packet via its IPv6 interface with a destination address starting with the 6a44-network IPv6 prefix, a 6a44 relay MUST apply the following RR6-x rules:
当通过IPv6接口接收到目标地址以6a44网络IPv6前缀开头的数据包时,6a44中继必须应用以下RR6-x规则:
RR6-1 VALID IPv6 PACKET FROM OUTSIDE THE 6a44 ISP NETWORK
来自6a44 ISP网络外部的RR6-1有效IPv6数据包
[IPv6, (X != <C...> AND != <Teredo(IPv4=B)>), <C.<N != B>.Z...>,...]
|
(IPv4, B, N, UDP(W, Z, |
[encapsulated packet])) |
| |
| +--------+ |
| >B:W | 6a44 |C/48< |
N:Z< ---<--------| relay |-------<---- C.N.Z...<
IPv4 | | IPv6
+--------+
[IPv6, (X != <C...> AND != <Teredo(IPv4=B)>), <C.<N != B>.Z...>,...]
|
(IPv4, B, N, UDP(W, Z, |
[encapsulated packet])) |
| |
| +--------+ |
| >B:W | 6a44 |C/48< |
N:Z< ---<--------| relay |-------<---- C.N.Z...<
IPv4 | | IPv6
+--------+
If ALL the following conditions are satisfied, the IPv6 packet MUST be encapsulated in a UDP/IPv4 packet whose UDP/IPv4 destination is copied from bits 48 to 95 of the IPv6 destination address: (1) the IPv6 source address is not that of a 6a44 client of the ISP (it does not start with the 6a44-network IPv6 prefix); (2) the IPv6 source address is not a Teredo address whose embedded UDP/IPv4 address is the 6a44-relay anycast address; (3) the customer-site IPv4 address embedded in the 6a44 destination address is not the 6a44-relay anycast address; (4) the packet has at most 1280 octets.
如果满足以下所有条件,则必须将IPv6数据包封装在UDP/IPv4数据包中,该数据包的UDP/IPv4目标从IPv6目标地址的第48位复制到第95位:(1)IPv6源地址不是ISP的6a44客户端的源地址(它不以6a44网络IPv6前缀开头);(2) IPv6源地址不是其嵌入式UDP/IPv4地址为6a44中继选播地址的Teredo地址;(3) 嵌入在6a44目标地址中的客户站点IPv4地址不是6a44中继选播地址;(4) 数据包最多有1280个八位字节。
RR6-2 INVALID IPv6 PACKET FROM OUTSIDE THE 6a44 ISP NETWORK
来自6a44 ISP网络外部的RR6-2无效IPv6数据包
If ANY one or more of the following conditions are satisfied, the IPv6 packet MUST be discarded: (1) the packet has more than 1280 octets (in this case, an ICMPv6 Packet Too Big error message MUST be returned to the source); (2) the customer-site IPv4 address embedded in the IPv6 destination address is the 6a44-relay anycast address; (3) the IPv6 source address is a Teredo address whose embedded IPv4 address is the 6a44-relay anycast address.
如果满足以下任何一个或多个条件,则必须丢弃IPv6数据包:(1)数据包具有1280个八位字节以上(在这种情况下,必须将ICMPv6数据包过大错误消息返回到源);(2) 嵌入在IPv6目标地址中的客户站点IPv4地址是6a44中继选播地址;(3) IPv6源地址是Teredo地址,其嵌入的IPv4地址是6a44中继选播地址。
Upon reception via its IPv4 downstream interface of an IPv4 packet that contains a complete IP datagram (fragment offset = 0 and more-fragment bit = 0) and that contains a UDP datagram whose UDP/ IPv4 destination is the 6a44-relay UDP/IPv4 address, a 6a44 relay MUST apply the following rules:
当通过IPv4下游接口接收到包含完整IP数据报(片段偏移量=0且更多片段位=0)且包含UDP/IPv4目标为6a44中继UDP/IPv4地址的UDP数据报的IPv4数据包时,6a44中继必须应用以下规则:
RR4-1 BUBBLE FROM 6a44 CLIENT
来自6a44客户端的RR4-1气泡
(IPv4, N, B, UDP(Z, W, [::/96, Bubble ID]))
|
IPv4 | +--------+
------->----| |
>B:W| 6a44 |
| relay |
N:Z< -------<----| |
IPv4 | +--------+
|
|
(IPv4, B, N, UDP(W, Z, [<C.N.Z>, Bubble ID]))
(IPv4, N, B, UDP(Z, W, [::/96, Bubble ID]))
|
IPv4 | +--------+
------->----| |
>B:W| 6a44 |
| relay |
N:Z< -------<----| |
IPv4 | +--------+
|
|
(IPv4, B, N, UDP(W, Z, [<C.N.Z>, Bubble ID]))
If the following condition is satisfied, the 6a44 relay MUST return to the source a bubble derived from the bubble it just received by permuting its UDP/IPv4 source and destination, and by putting in its 6a44-client-IPv6-prefix field the received UDP/IPv4 source address: the UDP payload is a bubble, i.e., has at least 20 octets and less than 40 octets.
如果满足以下条件,则6a44中继必须通过排列其UDP/IPv4源和目标,并通过在其6a44-client-IPv6-prefix字段中输入接收到的UDP/IPv4源地址,将从其刚刚接收到的泡泡派生的泡泡返回到源:UDP有效负载是泡泡,即。,至少有20个八位字节,少于40个八位字节。
RR4-2 IPv6 PACKET FROM A 6a44 CLIENT TO ANOTHER 6a44 CLIENT
从一个6a44客户端到另一个6a44客户端的RR4-2 IPv6数据包
(IPv4, N1, B, UDP(Z1, W, [IPv6, <C.N1.Z1...>, <C.N2.Z2...>, ...]))
|
IPv4 | +--------+
------->----| |
>B:W| 6a44 |
| relay |
| |
N2.Z2< -------<----| |
IPv4 | +--------+
| 6a44 relay
|
(IPv4, B, N2, UDP(W, Z2, [encapsulated packet]))
(IPv4, N1, B, UDP(Z1, W, [IPv6, <C.N1.Z1...>, <C.N2.Z2...>, ...]))
|
IPv4 | +--------+
------->----| |
>B:W| 6a44 |
| relay |
| |
N2.Z2< -------<----| |
IPv4 | +--------+
| 6a44 relay
|
(IPv4, B, N2, UDP(W, Z2, [encapsulated packet]))
If ALL the following conditions are satisfied, the 6a44 relay MUST return back via its downstream IPv4 interface an IPv6/ UDP/IPv4 packet containing the same encapsulated packet, having its UDP/IPv4 destination set to the UDP/IPv4 address found in the 6a44 destination
如果满足以下所有条件,6a44中继必须通过其下游IPv4接口返回包含相同封装数据包的IPv6/UDP/IPv4数据包,并将其UDP/IPv4目标设置为在6a44目标中找到的UDP/IPv4地址
address, and having its UDP/IPv4 source set to the 6a44-relay UDP/IPv4 address: (1) the IPv4 packet contains a complete UDP datagram (protocol = 17, offset = 0, more-fragment bit = 0); (2) the UDP payload is an IPv6 packet (length of at least 40 octets, version = 6); (3) the IPv6 source address starts with the 6a44-network IPv6 prefix followed by the UDP/IPv4 source address of the received packet; (4) the IPv6 destination address starts with the 6a44-network IPv6 prefix.
地址,并将其UDP/IPv4源设置为6a44中继UDP/IPv4地址:(1)IPv4数据包包含完整的UDP数据报(协议=17,偏移量=0,更多片段位=0);(2) UDP有效负载是IPv6数据包(长度至少为40个八位字节,版本=6);(3) IPv6源地址以6a44网络IPv6前缀开头,后跟接收数据包的UDP/IPv4源地址;(4) IPv6目标地址以6a44网络IPv6前缀开头。
RR4-3 IPv6 PACKET FROM A 6a44 CLIENT TO A NON-6a44 CLIENT
从6a44客户端到非6a44客户端的RR4-3 IPv6数据包
(IPv4, N, B, UDP(Z, W, [IPv6, <C.N.Z...>,
| (X != <C...> AND != <Teredo(IPv4=B)), ...]))
|
| [decapsulated packet]
| |
| +--------+ |
| B:W>| 6a44 | |
>B:W --->----------| relay |------->---- >
IPv4 | | IPv6
+--------+
(IPv4, N, B, UDP(Z, W, [IPv6, <C.N.Z...>,
| (X != <C...> AND != <Teredo(IPv4=B)), ...]))
|
| [decapsulated packet]
| |
| +--------+ |
| B:W>| 6a44 | |
>B:W --->----------| relay |------->---- >
IPv4 | | IPv6
+--------+
If ALL the following conditions are satisfied, the 6a44 relay MUST decapsulate the IPv6 packet and forward it via the IPv6 interface: (1) the IPv4 packet contains a complete UDP datagram (protocol = 17, offset = 0, more-fragment bit = 0); (2) the UDP payload is an IPv6 packet (length of at least 40 octets, version = 6); (3) the IPv6 source address starts with the 6a44-network IPv6 prefix followed by the UDP/IPv4 source address of the received packet; (4) the IPv6 destination address does not start with the 6a44-network IPv6 prefix and is not a Teredo address whose embedded IPv4 address is the 6a44-relay anycast address.
如果满足以下所有条件,6a44中继必须解除IPv6数据包的封装并通过IPv6接口转发它:(1)IPv4数据包包含完整的UDP数据报(协议=17,偏移量=0,更多片段位=0);(2) UDP有效负载是IPv6数据包(长度至少为40个八位字节,版本=6);(3) IPv6源地址以6a44网络IPv6前缀开头,后跟接收数据包的UDP/IPv4源地址;(4) IPv6目标地址不以6a44网络IPv6前缀开头,也不是嵌入IPv4地址为6a44中继选播地址的Teredo地址。
RR4-4 RECEIVED ICMPv4 ERROR MESSAGE CONCERNING A 6a44 PACKET
RR4-4收到有关6a44数据包的ICMPv4错误消息
If the 6a44 relay receives an IPv4 error message [RFC0792] that concerns a discarded 6a44 packet (i.e., if the copied header of the discarded packet is that of a transmitted packet according to RR6-1 or RR4-2), it SHOULD translate it into an ICMPv6 error message [RFC4443] and then treat it as a received IPv6 packet. Translation of Type and Code conversions between IPv4 and IPv6 is described in Section 4.2 of [RFC6145], under "ICMPv4 error messages".
如果6a44中继接收到与丢弃的6a44数据包有关的IPv4错误消息[RFC0792](即,如果根据RR6-1或RR4-2,丢弃数据包的复制报头是传输数据包的报头),则应将其转换为ICMPv6错误消息[RFC4443],然后将其视为接收到的IPv6数据包。[RFC6145]第4.2节“ICMPv4错误消息”中描述了IPv4和IPv6之间类型和代码转换的转换。
RR4-5 INVALID IPv6/UDP/IPv4 PACKET
RR4-5无效的IPv6/UDP/IPv4数据包
For ANY other case, the 6a44 relay MUST discard the packet.
对于任何其他情况,6a44中继必须丢弃数据包。
6a44 is designed as an interim transition mechanism, not to be used any longer than strictly necessary. Its sole purpose is to accelerate availability of IPv6 native addresses where, for any reason, CPEs cannot quickly be replaced, or where, for any reason, ISP networks cannot quickly support dual-stack routing or 6rd.
6a44设计为临时过渡机制,使用时间不得超过严格必要的时间。其唯一目的是加速IPv6本机地址的可用性,无论出于何种原因,无法快速更换CPE,或者出于何种原因,ISP网络无法快速支持双栈路由或6rd。
A 6a44-capable ISP can first have an increase in its 6a44 traffic as more and more hosts behind IPv4-only CPEs support the 6a44 client function, but it should later have a decrease in this traffic as more and more CPEs operate in dual stack.
支持6a44的ISP首先可以增加其6a44通信量,因为只有IPv4的CPE后面的主机越来越多,支持6a44客户端功能,但随着越来越多的CPE在双堆栈中运行,该通信量应该会减少。
When this traffic becomes sufficiently negligible, the ISP may, after due prior notice, discontinue 6a44-relay operation. This terminates its sunset procedure.
当该通信量变得足够可忽略时,ISP可在适当的事先通知后停止6a44中继操作。这将终止其日落过程。
In a host that obtains an IPv6 native address by some means other than 6a44, the effect of having the 6a44 function in its protocol stack is inexistent. OS providers may therefore keep this function in their code for many years. When it becomes clear that the number of users of this function has become negligible, they can delete it from later releases. This terminates their sunset procedure.
在通过除6a44以外的其他方式获得IPv6本机地址的主机中,在其协议堆栈中具有6a44功能的效果是不存在的。因此,操作系统提供商可能会在其代码中保留此功能多年。当这个函数的用户数量变得微不足道时,他们可以从以后的版本中删除它。这将终止他们的日落程序。
Incoming reachability:
传入可达性:
Hosts that acquire 6a44 addresses become reachable from the Internet in IPv6 while they remain unreachable in IPv4 at their private IPv4 addresses.
获取6a44地址的主机在IPv6中可以从Internet访问,而在IPv4中它们在其专用IPv4地址上仍然无法访问。
For ordinary use, this should not introduce a perceptible new security risk for two reasons: (1) hosts can, without IPv6, use NAT44 hole-punching techniques such as Interactive Connectivity Establishment (ICE) [RFC5245] to receive incoming connections; (2) by default, modern operating systems that support IPv6 have their own protections against incoming connections.
对于普通用途,这不应带来明显的新安全风险,原因有两个:(1)在没有IPv6的情况下,主机可以使用NAT44穿孔技术,如交互式连接建立(ICE)[RFC5245]来接收传入连接;(2) 默认情况下,支持IPv6的现代操作系统对传入连接有自己的保护。
If 6a44 reachability across an ordinary NAT44 nevertheless has to be barred, this can be done by configuring its port-forwarding function with the 6a44 port bound to any internal address that is not assigned to any host. Thus, no bubble from a 6a44 relay can reach any 6a44-capable host, and this is sufficient to prevent hosts from using 6a44.
如果6a44在普通NAT44上的可达性必须被禁止,这可以通过将其端口转发功能配置为将6a44端口绑定到未分配给任何主机的任何内部地址来实现。因此,6a44中继中的气泡无法到达任何支持6a44的主机,这足以防止主机使用6a44。
For more sophisticated uses with managed firewalls, default configurations generally specify that packets that are not explicitly authorized are discarded. Thus, 6a44 can be used only if the 6a44 port is deliberately opened to incoming traffic.
对于更复杂的托管防火墙使用,默认配置通常指定丢弃未明确授权的数据包。因此,只有当6a44端口故意对传入流量开放时,才能使用6a44。
Subscriber authentication:
订户身份验证:
Any authentication that applies to an IPv4 address extends its effect to 6a44 addresses that are derived from it.
任何适用于IPv4地址的身份验证都会将其效力扩展到从IPv4地址派生的6a44地址。
Host-address spoofing:
主机地址欺骗:
With ingress filtering required in 6a44 ISP networks, and with the address checks specified in Section 6, no new IPv6 address-spoofing vulnerability is introduced by 6a44.
由于6a44 ISP网络需要进行入口过滤,并且第6节中指定了地址检查,因此6a44不会引入新的IPv6地址欺骗漏洞。
Address-and-port scanning:
地址和端口扫描:
To mitigate the (limited) risk of a malicious user trying to scan IPv4 address/port pairs to reach a host, Teredo addresses contain 12 random bits [RFC5991]. 6a44 addresses have no random bits but contain local IPv4 addresses of clients. Since possible values of these addresses are not deterministically known from outside customer sites and are in ranges that can be configured in typical NAT44s, some protection against address and port scanning is thus achieved. This protection may be less effective than that achieved with random bits but is in any case better for 6a44 IPv6 addresses than for IPv4 addresses alone.
为了降低恶意用户试图扫描IPv4地址/端口对以到达主机的(有限)风险,Teredo地址包含12个随机位[RFC5991]。6a44地址没有随机位,但包含客户端的本地IPv4地址。由于这些地址的可能值无法从外部客户站点确定,并且在典型NAT44中可以配置的范围内,因此可以实现一些针对地址和端口扫描的保护。这种保护可能不如使用随机位实现的保护有效,但在任何情况下,6a44 IPv6地址都比单独使用IPv4地址更好。
Denial of service:
拒绝服务:
Provided 6a44 relays are provisioned with enough processing power, which is facilitated by their being completely stateless, 6a44 introduces no denial-of-service vulnerabilities of its own.
如果6a44继电器具有足够的处理能力(由于其完全无状态),则6a44不会引入自身的拒绝服务漏洞。
Routing loops:
路由循环:
A risk of routing-loop attacks has been identified in [RFC6324]. Without taking precautions, it applies to some combinations of automatic-tunnel mechanisms such as 6to4, the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 6rd, and Teredo. This risk does not exist with 6a44 for the following reasons:
[RFC6324]中确定了路由循环攻击的风险。在不采取预防措施的情况下,它适用于自动隧道机制的某些组合,如6to4、站点内自动隧道寻址协议(ISATAP)、6rd和Teredo。6a44不存在此风险,原因如下:
1. When a packet enters a 6a44 relay via its IPv6 interface, the following apply:
1. 当数据包通过其IPv6接口进入6a44中继时,以下情况适用:
+ An IPv6/UDP/IPv4 packet cannot be sent to another 6a44 relay because its IPv4 destination would have to be a 6a44-relay IPv4 address. This is prevented by rule RR6-1 of Section 6.6.1.
+ IPv6/UDP/IPv4数据包无法发送到另一个6a44中继,因为其IPv4目标必须是6a44中继IPv4地址。第6.6.1节规则RR6-1阻止了这种情况。
+ If an IPv6/UDP/IPv4 packet is sent to the address of a 6to4 relay, 6rd relay, or ISATAP relay, it will be discarded there because these relays don't accept UDP/IPv4 packets.
+ 如果IPv6/UDP/IPv4数据包被发送到6to4中继、6rd中继或ISATAP中继的地址,它将被丢弃,因为这些中继不接受UDP/IPv4数据包。
+ If an IPv6/UDP/IPv4 packet is sent to a Teredo relay, it will be discarded there because (1) Teredo relays check that the IPv4 address that is embedded in the IPv6 source address of a received IPv6/IPv4 packet matches the IPv4 source address of the encapsulating packet (Section 5.4.2 of [RFC4380]); (2) encapsulating packets sent by 6a44 relays have the 6a44-relay anycast address as the IPv4 source address; (3) a 6a44 relay forwards a received IPv6 packet as an IPv6/UDP/IPv4 packet only if its IPv6 source address is not a Teredo address whose embedded IPv4 address is the 6a44-relay IPv4 address.
+ 如果将IPv6/UDP/IPv4数据包发送到Teredo中继,则该数据包将被丢弃,因为(1)Teredo中继会检查嵌入接收到的IPv6/IPv4数据包的IPv6源地址中的IPv4地址是否与封装数据包的IPv4源地址匹配(RFC4380的第5.4.2节);(2) 封装6a44中继发送的数据包时,将6a44中继选播地址作为IPv4源地址;(3) 只有当6a44中继的IPv6源地址不是嵌入IPv4地址为6a44中继IPv4地址的Teredo地址时,6a44中继才会将接收到的IPv6数据包作为IPv6/UDP/IPv4数据包转发。
2. When a packet enters a 6a44 relay via its IPv4 interface, the following apply:
2. 当数据包通过其IPv4接口进入6a44中继时,以下情况适用:
+ The received packet cannot come from another 6a44 relay (as just explained, 6rd relays do not send IPv6/UDP/IPv4 packets to other 6a44 relays).
+ 接收到的数据包不能来自其他6a44中继(如前所述,第6rd中继不向其他6a44中继发送IPv6/UDP/IPv4数据包)。
+ If the IPv4 packet comes from a 6to4 relay, a 6rd relay, or an ISATAP relay, its IPv6 encapsulated packet cannot be forwarded (the received packet is IPv6/IPv4 instead of being IPv6/UDP/IPv4, as required by rules RR4-2 and RR4-3 of Section 6.6.2).
+ 如果IPv4数据包来自6to4中继、6rd中继或ISATAP中继,则无法转发其IPv6封装数据包(根据第6.6.2节规则RR4-2和RR4-3的要求,接收到的数据包是IPv6/IPv4,而不是IPv6/UDP/IPv4)。
+ If the received packet is an IPv6/UDP/IPv4 packet coming from a Teredo relay, this packet cannot have been sent to the Teredo relay by a 6a44 relay: (1) in order to reach the
+ 如果接收到的数据包是来自Teredo中继的IPv6/UDP/IPv4数据包,则该数据包不能通过6a44中继发送到Teredo中继:(1)以到达
6a44 relay, the IPv6 destination of the IPv6 encapsulated packet must be a Teredo address whose embedded IPv4 address is the 6a44-relay anycast address (Section 5.4.1 of [RFC4380]); (2) a 6a44 relay does not forward via its IPv6 interface an IPv6 packet whose destination is a Teredo address whose embedded IPv4 address is the 6a44-relay anycast address (rule RR4-3 of Section 6.6.2).
6a44中继,IPv6封装数据包的IPv6目标必须是Teredo地址,其嵌入IPv4地址为6a44中继选播地址(RFC4380第5.4.1节);(2) 6a44中继不通过其IPv6接口转发其目的地为Teredo地址的IPv6数据包,其嵌入式IPv4地址为6a44中继选播地址(第6.6.2节规则RR4-3)。
6a44-relay spoofing:
6a44中继欺骗:
In a 6a44 network, no node can spoof a 6a44 relay because ingress filtering prevents any 6a44-relay anycast address from being spoofed.
在6a44网络中,没有节点可以欺骗6a44中继,因为入口过滤可以防止任何6a44中继选播地址被欺骗。
In a network that does not support ingress filtering (and therefore is not a 6a44 network), the following apply:
在不支持入口过滤的网络(因此不是6a44网络)中,以下情况适用:
* 6a44 packets sent by 6a44-capable hosts are discarded in the IPv4 backbone because their IPv4 destination, the 6a44-relay anycast address, does not start with any ISP-assigned prefix.
* 支持6a44的主机发送的6a44数据包在IPv4主干中被丢弃,因为它们的IPv4目的地6a44中继选播地址不以任何ISP分配的前缀开头。
* If an attacker tries to send to a 6a44-capable host a fake relay-to-client bubble, the probability that it would be accepted by its destination is negligible. It would require that all the following conditions be simultaneously satisfied:
* 如果攻击者试图向支持6a44的主机发送假中继到客户端气泡,则其目的地接受的概率可以忽略不计。它要求同时满足以下所有条件:
+ The UDP/IPv4 destination set by the attacker must reach a NAT44 node in which it is the external mapping of a 6a44 tunnel established by a 6a44-capable host.
+ 攻击者设置的UDP/IPv4目标必须到达NAT44节点,该节点是支持6a44的主机建立的6a44隧道的外部映射。
+ This host must be in the "Bubble sent" state -- the only one in which it listens to bubbles when its ISP is not 6a44 capable. This state is taken only for a few seconds every 30 minutes (rule TM-5 of Section 6.5.1).
+ 此主机必须处于“Bubble sent”状态——当其ISP不具备6a44功能时,它是唯一一个侦听Bubble的主机。该状态每30分钟仅持续几秒钟(第6.5.1节规则TM-5)。
+ This host accepts the bubble only if its Bubble ID has the right value -- an extremely unlikely possibility with a 64-bit randomly chosen Bubble ID (see Section 6.5.1).
+ 只有当冒泡ID具有正确的值时,此主机才接受冒泡—对于64位随机选择的冒泡ID,这种可能性极低(请参阅第6.5.1节)。
* If a 6a44-capable host -- despite this scenario being very unlikely -- accepts a fake bubble, the effect is that it wrongly believes, for about 30 seconds, that it has an assigned public IPv6 address. All IPv6 packets it then sends with this address as the source cannot be accepted by any destination (no relay will forward them, and no host of the same site will accept them). The consequences of this scenario would therefore not impair security.
* 如果一个支持6a44的主机——尽管这种情况不太可能发生——接受了一个虚假的气泡,其结果是在大约30秒的时间里,它错误地认为它有一个分配的公共IPv6地址。由于源无法被任何目的地接受(没有中继将转发它们,同一站点的任何主机也不会接受它们),因此它随后发送的所有带有此地址的IPv6数据包都无法被任何目的地接受。因此,这种情况的后果不会损害安全。
IANA has assigned the following:
IANA已分配以下各项:
1. IPv4 address 192.88.99.2 as the 6a44-relay anycast address (B in this document).
1. IPv4地址192.88.99.2作为6a44中继选播地址(本文档中为B)。
2. UDP port 1027 as the 6a44 port (W in this document).
2. UDP端口1027作为6a44端口(在本文档中为W)。
The choice of 192.88.99.2 as the 6a44 IPv4 anycast address doesn't conflict with any existing IETF specification because
选择192.88.99.2作为6a44 IPv4选播地址不会与任何现有IETF规范冲突,因为
o it starts with the 6to4 prefix 192.88.99.0/24 [RFC3068].
o 它以6to4前缀192.88.99.0/24开始[RFC3068]。
o it differs from the only currently assigned address that starts with this prefix (the anycast address of 6to4 relays -- 192.88.99.1 [RFC3068].
o 它不同于当前唯一以该前缀开头的分配地址(6to4中继的选播地址——192.88.99.1[RFC3068])。
This choice is made to permit implementations of 6a44 relays in physical nodes that are independent from any 6to4 relay or, if found to be more optimum, in nodes in which 6to4 relays and 6a44 relays are collocated.
做出此选择是为了允许在独立于任何6to4继电器的物理节点中实现6a44继电器,或者,如果发现更为优化,在6to4继电器和6a44继电器并置的节点中实现6a44继电器。
This specification, whose origin is a convergence effort based on two independent proposals -- [6rd+] and [SAMPLE] -- has benefited from various suggestions. Comments have been received during this process, in particular from Dave Thaler, Fred Templin, Ole Troan, Olivier Vautrin, Pascal Thubert, Washam Fan, and Yu Lee. The authors wish to thank them, and all others, for their useful contributions. Special recognition is due to Dave Thaler and John Mann. Their detailed reviews led to a few useful modifications and editorial improvements.
这个规范的起源是基于两个独立的建议--[6rd+]和[SAMPLE]的聚合努力,它受益于各种建议。在这一过程中收到了评论,特别是来自戴夫·泰勒、弗雷德·坦普林、奥勒·特罗安、奥利维尔·沃特林、帕斯卡·苏伯特、瓦沙姆·范和余·李的评论。作者谨感谢他们和所有其他人的有益贡献。戴夫·泰勒和约翰·曼获得了特别的认可。他们的详细评论导致了一些有用的修改和编辑改进。
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, September 1981.
[RFC0792]Postel,J.,“互联网控制消息协议”,STD 5,RFC 792,1981年9月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,1998年12月。
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.
[RFC4291]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 42912006年2月。
[6rd+] Despres, R., "Rapid Deployment of Native IPv6 Behind IPv4 NATs (6rd+)", Work in Progress, July 2010.
[6rd+]Despres,R.,“IPv4 NAT背后本机IPv6的快速部署(6rd+”,正在进行的工作,2010年7月。
[NAT444] Yamaguchi, J., Shirasaki, Y., Miyakawa, S., Nakagawa, A., and H. Ashida, "NAT444 addressing models", Work in Progress, July 2012.
[NAT444]Yamaguchi,J.,Shirasaki,Y.,Miyakawa,S.,Nakagawa,A.,和H.Ashida,“NAT444寻址模型”,正在进行的工作,2012年7月。
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996.
[RFC1918]Rekhter,Y.,Moskowitz,B.,Karrenberg,D.,de Groot,G.,和E.Lear,“私人互联网地址分配”,BCP 5,RFC 1918,1996年2月。
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000.
[RFC2827]Ferguson,P.和D.Senie,“网络入口过滤:击败利用IP源地址欺骗的拒绝服务攻击”,BCP 38,RFC 2827,2000年5月。
[RFC3053] Durand, A., Fasano, P., Guardini, I., and D. Lento, "IPv6 Tunnel Broker", RFC 3053, January 2001.
[RFC3053]Durand,A.,Fasano,P.,Guardini,I.,和D.Lento,“IPv6隧道代理”,RFC 3053,2001年1月。
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via IPv4 Clouds", RFC 3056, February 2001.
[RFC3056]Carpenter,B.和K.Moore,“通过IPv4云连接IPv6域”,RFC 3056,2001年2月。
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", RFC 3068, June 2001.
[RFC3068]Huitema,C.,“6to4中继路由器的选播前缀”,RFC3068,2001年6月。
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed Networks", BCP 84, RFC 3704, March 2004.
[RFC3704]Baker,F.和P.Savola,“多宿网络的入口过滤”,BCP 84,RFC 37042004年3月。
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast Addresses", RFC 4193, October 2005.
[RFC4193]Hinden,R.和B.Haberman,“唯一本地IPv6单播地址”,RFC 41932005年10月。
[RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)", RFC 4380, February 2006.
[RFC4380]Huitema,C.,“Teredo:通过网络地址转换(NAT)通过UDP传输IPv6”,RFC 43802006年2月。
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", RFC 4443, March 2006.
[RFC4443]Conta,A.,Deering,S.,和M.Gupta,Ed.,“互联网协议版本6(IPv6)规范的互联网控制消息协议(ICMPv6)”,RFC 4443,2006年3月。
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, April 2010.
[RFC5245]Rosenberg,J.,“交互式连接建立(ICE):提供/应答协议的网络地址转换器(NAT)遍历协议”,RFC 52452010年4月。
[RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)", RFC 5569, January 2010.
[RFC5569]Despres,R.,“IPv4基础设施上的IPv6快速部署(第6次)”,RFC 5569,2010年1月。
[RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., "Managing Client-Initiated Connections in the Session Initiation Protocol (SIP)", RFC 5626, October 2009.
[RFC5626]Jennings,C.,Ed.,Mahy,R.,Ed.,和F.Audet,Ed.,“在会话启动协议(SIP)中管理客户端启动的连接”,RFC 56262009年10月。
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol Specification", RFC 5969, August 2010.
[RFC5969]Townsley,W.和O.Troan,“IPv4基础设施上的IPv6快速部署(第6条)——协议规范”,RFC 5969,2010年8月。
[RFC5991] Thaler, D., Krishnan, S., and J. Hoagland, "Teredo Security Updates", RFC 5991, September 2010.
[RFC5991]Thaler,D.,Krishnan,S.,和J.Hoagland,“Teredo安全更新”,RFC 59912010年9月。
[RFC6081] Thaler, D., "Teredo Extensions", RFC 6081, January 2011.
[RFC6081]Thaler,D.,“Teredo扩展”,RFC 60812011年1月。
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", RFC 6145, April 2011.
[RFC6145]Li,X.,Bao,C.,和F.Baker,“IP/ICMP翻译算法”,RFC 61452011年4月。
[RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations", RFC 6324, August 2011.
[RFC6324]Nakbly,G.和F.Templin,“使用IPv6自动隧道的路由循环攻击:问题陈述和建议的缓解措施”,RFC 63242011年8月。
[SAMPLE] Carpenter, B. and S. Jiang, "Legacy NAT Traversal for IPv6: Simple Address Mapping for Premises Legacy Equipment (SAMPLE)", Work in Progress, June 2010.
[样本]Carpenter,B.和S.Jiang,“IPv6遗留NAT遍历:房屋遗留设备的简单地址映射(样本)”,正在进行的工作,2010年6月。
[TheTool] de Saint-Exupery, A., "Wind, Sand and Stars", Chapter III (The Tool), 1939.
圣埃克苏佩里,A.,“风、沙和星星”,第三章(工具),1939年。
Authors' Addresses
作者地址
Remi Despres (editor) RD-IPtech 3 rue du President Wilson Levallois France
雷米·德斯普雷斯(编辑)法国总统威尔逊·莱瓦洛伊街3号IPtech路
EMail: despres.remi@laposte.net
EMail: despres.remi@laposte.net
Brian Carpenter University of Auckland Department of Computer Science PB 92019 Auckland 1142 New Zealand
布瑞恩木匠奥克兰大学计算机系PB 92019奥克兰1142新西兰
EMail: brian.e.carpenter@gmail.com
EMail: brian.e.carpenter@gmail.com
Dan Wing Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134 USA
Dan Wing Cisco Systems,Inc.美国加利福尼亚州圣何塞西塔斯曼大道170号,邮编95134
EMail: dwing@cisco.com
EMail: dwing@cisco.com
Sheng Jiang Huawei Technologies Co., Ltd. Q14, Huawei Campus - No. 156 Beiqing Road Hai-Dian District, Beijing 100095 P.R. China
盛江华为技术有限公司,中国北京市海淀区北青路156号华为校区Q14,邮编100095
EMail: jiangsheng@huawei.com
EMail: jiangsheng@huawei.com