Network Working Group K. Tsuchiya Requests for Comments: 2767 H. Higuchi Category: Informational Y. Atarashi Hitachi February 2000
Network Working Group K. Tsuchiya Requests for Comments: 2767 H. Higuchi Category: Informational Y. Atarashi Hitachi February 2000
Dual Stack Hosts using the "Bump-In-the-Stack" Technique (BIS)
使用“堆栈中的凹凸”技术(BIS)的双堆栈主机
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
In the especially initial stage of the transition from IPv4 to IPv6, it is hard to provide a complete set of IPv6 applications. This memo proposes a mechanism of dual stack hosts using the technique called "Bump-in-the-Stack" in the IP security area. The mechanism allows the hosts to communicate with other IPv6 hosts using existing IPv4 applications.
在从IPv4向IPv6过渡的最初阶段,很难提供一套完整的IPv6应用程序。本备忘录提出了一种在IP安全领域使用称为“堆栈中的凹凸”技术的双堆栈主机机制。该机制允许主机使用现有IPv4应用程序与其他IPv6主机通信。
RFC1933 [TRANS-MECH] specifies transition mechanisms, including dual stack and tunneling, for the initial stage. Hosts and routers with the transition mechanisms are also developed. But there are few applications for IPv6 [IPV6] as compared with IPv4 [IPV4] in which a great number of applications are available. In order to advance the transition smoothly, it is highly desirable to make the availability of IPv6 applications increase to the same level as IPv4. Unfortunately, however, this is expected to take a very long time.
RFC1933[TRANS-MECH]为初始阶段指定了过渡机制,包括双堆栈和隧道。还开发了具有转换机制的主机和路由器。但是,与IPv4[IPv4]相比,IPv6[IPv6]的应用程序很少,IPv4[IPv4]中有大量可用的应用程序。为了顺利推进过渡,非常需要将IPv6应用程序的可用性提高到与IPv4相同的水平。然而,不幸的是,这需要很长时间。
This memo proposes a mechanism of dual stack hosts using the technique called "Bump-in-the-Stack" [BUMP] in the IP security area. The technique inserts modules, which snoop data flowing between a TCP/IPv4 module and network card driver modules and translate IPv4 into IPv6 and vice versa, into the hosts, and makes them self-translators. When they communicate with the other IPv6 hosts, pooled IPv4 addresses are assigned to the IPv6 hosts internally, but the IPv4 addresses never flow out from them. Moreover, since the assignment is automatically carried out using DNS protocol, users do
本备忘录提出了一种双堆栈主机机制,该机制在IP安全领域中使用称为“堆栈中的Bump”[Bump]的技术。该技术将侦听TCP/IPv4模块和网卡驱动程序模块之间的数据流并将IPv4转换为IPv6,反之亦然的模块插入主机,并使其自行转换。当它们与其他IPv6主机通信时,池IPv4地址在内部分配给IPv6主机,但IPv4地址永远不会从这些主机流出。此外,由于分配是使用DNS协议自动执行的,因此用户不需要这样做
not need to know whether target hosts are IPv6 ones. That is, this allows them to communicate with other IPv6 hosts using existing IPv4 applications; thus it seems as if they were dual stack hosts with applications for both IPv4 and IPv6. So they can expand the territory of dual stack hosts. Furthermore they can co-exist with other translators because their roles are different.
不需要知道目标主机是否是IPv6主机。也就是说,这允许它们使用现有的IPv4应用程序与其他IPv6主机通信;因此,它们似乎是具有IPv4和IPv6应用程序的双栈主机。因此,它们可以扩展双堆栈主机的范围。此外,他们可以与其他译者共存,因为他们的角色不同。
This memo uses the words defined in [IPV4], [IPV6], and [TRANS-MECH].
本备忘录使用[IPV4]、[IPV6]和[TRANS-MECH]中定义的词语。
Dual stack hosts defined in RFC1933 [TRANS-MECH] need applications, TCP/IP modules and addresses for both IPv4 and IPv6. The proposed hosts in this memo have 3 modules instead of IPv6 applications, and communicate with other IPv6 hosts using IPv4 applications. They are a translator, an extension name resolver and an address mapper.
RFC1933[TRANS-MECH]中定义的双栈主机需要IPv4和IPv6的应用程序、TCP/IP模块和地址。本备忘录中建议的主机有3个模块,而不是IPv6应用程序,并使用IPv4应用程序与其他IPv6主机通信。它们是转换器、扩展名解析程序和地址映射程序。
Figure 1 illustrates the structure of the host in which they are installed.
图1显示了安装它们的主机的结构。
+----------------------------------------------------------+ | +----------------------------------------------------+ | | | IPv4 applications | | | +----------------------------------------------------+ | | +----------------------------------------------------+ | | | TCP/IPv4 | | | | +-------------------------------------------+ | | | | +-----------+ +---------+ +------------+ | | | | | extension | | address | | translator | | | | | | name | | mapper | +------------+ | | | | | resolver | | | +------------+ | | | | | | | | | IPv6 | | | +--------+ +-----------+ +---------+ +------------+ | | +----------------------------------------------------+ | | | Network card drivers | | | +----------------------------------------------------+ | +----------------------------------------------------------+ +----------------------------------------------------------+ | Network cards | +----------------------------------------------------------+
+----------------------------------------------------------+ | +----------------------------------------------------+ | | | IPv4 applications | | | +----------------------------------------------------+ | | +----------------------------------------------------+ | | | TCP/IPv4 | | | | +-------------------------------------------+ | | | | +-----------+ +---------+ +------------+ | | | | | extension | | address | | translator | | | | | | name | | mapper | +------------+ | | | | | resolver | | | +------------+ | | | | | | | | | IPv6 | | | +--------+ +-----------+ +---------+ +------------+ | | +----------------------------------------------------+ | | | Network card drivers | | | +----------------------------------------------------+ | +----------------------------------------------------------+ +----------------------------------------------------------+ | Network cards | +----------------------------------------------------------+
Figure. 1 Structure of the proposed dual stack host
图1拟议双栈主机的结构
It translates IPv4 into IPv6 and vice versa using the IP conversion mechanism defined in [SIIT].
它使用[SIIT]中定义的IP转换机制将IPv4转换为IPv6,反之亦然。
When receiving IPv4 packets from IPv4 applications, it converts IPv4 packet headers into IPv6 packet headers, then fragments the IPv6 packets (because header length of IPv6 is typically 20 bytes larger than that of IPv4), and sends them to IPv6 networks. When receiving IPv6 packets from the IPv6 networks, it works symmetrically to the previous case, except that there is no need to fragment the packets.
当从IPv4应用程序接收IPv4数据包时,它会将IPv4数据包头转换为IPv6数据包头,然后对IPv6数据包进行分段(因为IPv6的头长度通常比IPv4的头长度大20字节),并将其发送到IPv6网络。当从IPv6网络接收IPv6数据包时,它的工作原理与前一种情况对称,只是不需要对数据包进行分段。
It returns a "proper" answer in response to the IPv4 application's request.
它返回一个“正确”答案以响应IPv4应用程序的请求。
The application typically sends a query to a name server to resolve 'A' records for the target host name. It snoops the query, then creates another query to resolve both 'A' and 'AAAA' records for the host name, and sends the query to the server. If the 'A' record is resolved, it returns the 'A' record to the application as is. In the case, there is no need for the IP conversion by the translator. If only the 'AAAA' record is available, it requests the mapper to assign an IPv4 address corresponding to the IPv6 address, then creates the 'A' record for the assigned IPv4 address, and returns the 'A' record to the application.
应用程序通常向名称服务器发送查询,以解析目标主机名的“a”记录。它嗅探查询,然后创建另一个查询以解析主机名的“A”和“AAAA”记录,并将查询发送到服务器。如果解析了“A”记录,它会按原样将“A”记录返回给应用程序。在这种情况下,翻译器不需要进行IP转换。如果只有“AAAA”记录可用,它会请求映射程序分配与IPv6地址对应的IPv4地址,然后为分配的IPv4地址创建“A”记录,并将“A”记录返回给应用程序。
NOTE: This action is similar to that of the DNS ALG (Application Layer Gateway) used in [NAT-PT]. See also [NAT-PT].
注意:此操作类似于[NAT-PT]中使用的DNS ALG(应用层网关)。另见[NAT-PT]。
It maintains an IPv4 address spool. The spool, for example, consists of private addresses [PRIVATE]. Also, it maintains a table which consists of pairs of an IPv4 address and an IPv6 address.
它维护一个IPv4地址假脱机。例如,spool由私有地址[private]组成。此外,它还维护一个由IPv4地址和IPv6地址对组成的表。
When the resolver or the translator requests it to assign an IPv4 address corresponding to an IPv6 address, it selects and returns an IPv4 address out of the spool, and registers a new entry into the table dynamically. The registration occurs in the following 2 cases:
当解析程序或转换器请求它分配与IPv6地址对应的IPv4地址时,它会从假脱机中选择并返回IPv4地址,并在表中动态注册一个新条目。在以下两种情况下进行注册:
(1) When the resolver gets only an 'AAAA' record for the target host name and there is not a mapping entry for the IPv6 address. (2) When the translator receives an IPv6 packet and there is not a mapping entry for the IPv6 source address.
(1) 当解析程序仅获取目标主机名的“AAAA”记录,并且没有IPv6地址的映射条目时。(2) 当转换器接收到IPv6数据包且没有IPv6源地址的映射条目时。
NOTE: There is only one exception. When initializing the table, it registers a pair of its own IPv4 address and IPv6 address into the table statically.
注意:只有一个例外。初始化表时,它将自己的一对IPv4地址和IPv6地址静态注册到表中。
This section describes action of the proposed dual stack host called "dual stack," which communicates with an IPv6 host called "host6" using an IPv4 application.
本节描述了建议的名为“双堆栈”的双堆栈主机的操作,该主机使用IPv4应用程序与名为“host6”的IPv6主机进行通信。
This subsection describes the originator behavior of "dual stack." The communication is triggered by "dual stack."
本小节描述“双堆栈”的发起者行为。通信由“双堆栈”触发
The application sends a query to its name server to resolve 'A' records for "host6."
应用程序向其名称服务器发送查询,以解析“host6”的“a”记录
The resolver snoops the query, then creates another query to resolve both 'A' and 'AAAA' records for the host name, and sends it to the server. In this case, only the 'AAAA' record is resolved, so the resolver requests the mapper to assign an IPv4 address corresponding to the IPv6 address.
解析程序嗅探查询,然后创建另一个查询来解析主机名的“A”和“AAAA”记录,并将其发送到服务器。在这种情况下,只解析“AAAA”记录,因此解析程序请求映射程序分配与IPv6地址对应的IPv4地址。
NOTE: In the case of communication with an IPv4 host, the 'A' record is resolved and then the resolver returns it to the application as is. There is no need for the IP conversion as shown later.
注意:在与IPv4主机通信的情况下,解析“A”记录,然后解析程序将其按原样返回给应用程序。不需要如后面所示的IP转换。
The mapper selects an IPv4 address out of the spool and returns it to the resolver.
映射程序从假脱机中选择一个IPv4地址,并将其返回到解析器。
The resolver creates the 'A' record for the assigned IPv4 address and returns it to the application.
冲突解决程序为分配的IPv4地址创建“A”记录,并将其返回给应用程序。
NOTE: See subsection 4.3 about the influence on other hosts caused by an IPv4 address assigned here.
注意:关于此处分配的IPv4地址对其他主机造成的影响,请参见第4.3小节。
The application sends an IPv4 packet to "host6."
应用程序向“主机6”发送IPv4数据包
The IPv4 packet reaches the translator. The translator tries to translate the IPv4 packet into an IPv6 packet but does not know how to translate the IPv4 destination address and the IPv4 source address. So the translator requests the mapper to provide mapping entries for them.
IPv4数据包到达转换器。转换器尝试将IPv4数据包转换为IPv6数据包,但不知道如何转换IPv4目标地址和IPv4源地址。因此,转换器请求映射器为它们提供映射条目。
The mapper checks its mapping table and finds entries for each of them, and then returns the IPv6 destination address and the IPv6 source address to the translator.
映射程序检查其映射表并查找每个映射表的条目,然后将IPv6目标地址和IPv6源地址返回给转换器。
NOTE: The mapper will register its own IPv4 address and IPv6 address into the table beforehand. See subsection 2.3.
注意:映射程序将事先在表中注册自己的IPv4地址和IPv6地址。见第2.3小节。
The translator translates the IPv4 packet into an IPv6 packet then fragments the IPv6 packet if necessary and sends it to an IPv6 network.
转换器将IPv4数据包转换为IPv6数据包,然后根据需要对IPv6数据包进行分段,并将其发送到IPv6网络。
The IPv6 packet reaches "host6." Then "host6" sends a new IPv6 packet to "dual stack."
IPv6数据包到达“主机6”。然后“主机6”向“双堆栈”发送一个新的IPv6数据包
The IPv6 packet reaches the translator in "dual stack."
IPv6数据包以“双堆栈”的形式到达转换器
The translator gets mapping entries for the IPv6 destination address and the IPv6 source address from the mapper in the same way as before.
转换器从映射器中获取IPv6目标地址和IPv6源地址的映射项,方法与前面相同。
Then the translator translates the IPv6 packet into an IPv4 packet and tosses it up to the application.
然后,转换器将IPv6数据包转换为IPv4数据包,并将其抛给应用程序。
The following diagram illustrates the action described above:
下图说明了上述操作:
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Resolve an IPv4 address for "host6".>> | | | | | | | | | |------|------>| Query of 'A' records for "host6". | Name | | | | | | | Server | | |---------|-------|-----------|---------|--->| | | | Query of 'A' records and 'AAAA' for "host6" | | | | | | | | | | |<--------|-------|-----------|---------|----| | | | Reply only with 'AAAA' record. | | | | | | | | | | |<<Only 'AAAA' record is resolved.>> | | | | | | | | | | |-------->| Request one IPv4 address | | | | | corresponding to the IPv6 address. | | | | | | | | | | |<<Assign one IPv4 address.>> | | | | | | | | | | |<--------| Reply with the IPv4 address. | | | | | | | | | |<<Create 'A' record for the IPv4 address.>> | | | | | | | |<-----|-------| Reply with the 'A' record. | | | | | | | | |
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Resolve an IPv4 address for "host6".>> | | | | | | | | | |------|------>| Query of 'A' records for "host6". | Name | | | | | | | Server | | |---------|-------|-----------|---------|--->| | | | Query of 'A' records and 'AAAA' for "host6" | | | | | | | | | | |<--------|-------|-----------|---------|----| | | | Reply only with 'AAAA' record. | | | | | | | | | | |<<Only 'AAAA' record is resolved.>> | | | | | | | | | | |-------->| Request one IPv4 address | | | | | corresponding to the IPv6 address. | | | | | | | | | | |<<Assign one IPv4 address.>> | | | | | | | | | | |<--------| Reply with the IPv4 address. | | | | | | | | | |<<Create 'A' record for the IPv4 address.>> | | | | | | | |<-----|-------| Reply with the 'A' record. | | | | | | | | |
Figure 2 Action of the originator (1/2)
图2发起人的行动(1/2)
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Send an IPv4 packet to "host6".>>| | | | | | | | | | |======|=======|=========|======>| An IPv4 packet. | | | | | | | | | | | |<------| Request IPv6 addresses | | | | | corresponding to the IPv4 | | | | | addresses. | | | | | | | | | | | |------>| Reply with the IPv6| | | | | | addresses. | | | | | | | | | | | | |<<Translate IPv4 into IPv6.>> | | | | | | | | | |An IPv6 packet. |===========|========>| | | | | | | | | | | | <<Reply an IPv6 packet to | | | | "dual stack".>> | | | | | | | | | | |An IPv6 packet. |<==========|=========| | | | | | | | | | | | |<<Translate IPv6 into IPv4.>> | | | | | | | |<=====|=======|=========|=======| An IPv4 packet. | | | | | | | |
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Send an IPv4 packet to "host6".>>| | | | | | | | | | |======|=======|=========|======>| An IPv4 packet. | | | | | | | | | | | |<------| Request IPv6 addresses | | | | | corresponding to the IPv4 | | | | | addresses. | | | | | | | | | | | |------>| Reply with the IPv6| | | | | | addresses. | | | | | | | | | | | | |<<Translate IPv4 into IPv6.>> | | | | | | | | | |An IPv6 packet. |===========|========>| | | | | | | | | | | | <<Reply an IPv6 packet to | | | | "dual stack".>> | | | | | | | | | | |An IPv6 packet. |<==========|=========| | | | | | | | | | | | |<<Translate IPv6 into IPv4.>> | | | | | | | |<=====|=======|=========|=======| An IPv4 packet. | | | | | | | |
Figure 2 Action of the originator (2/2)
图2发起人的行动(2/2)
This subsection describes the recipient behavior of "dual stack." The communication is triggered by "host6."
本小节描述“双堆栈”的接收方行为。通信由“主机6”触发
"host6" resolves the 'AAAA' record for "dual stack" through its name server, and then sends an IPv6 packet to the IPv6 address.
“host6”通过其名称服务器解析“双堆栈”的“AAAA”记录,然后向IPv6地址发送IPv6数据包。
The IPv6 packet reaches the translator in "dual stack."
IPv6数据包以“双堆栈”的形式到达转换器
The translator tries to translate the IPv6 packet into an IPv4 packet but does not know how to translate the IPv6 destination address and the IPv6 source address. So the translator requests the mapper to provide mapping entries for them.
转换器尝试将IPv6数据包转换为IPv4数据包,但不知道如何转换IPv6目标地址和IPv6源地址。因此,转换器请求映射器为它们提供映射条目。
The mapper checks its mapping table with each of them and finds a mapping entry for the IPv6 destination address.
映射程序将检查其映射表,并查找IPv6目标地址的映射项。
NOTE: The mapper will register its own IPv4 address and IPv6 address into the table beforehand. See subsection 2.3.
注意:映射程序将事先在表中注册自己的IPv4地址和IPv6地址。见第2.3小节。
But there is not a mapping entry for the IPv6 source address, so the mapper selects an IPv4 address out of the spool for it, and then returns the IPv4 destination address and the IPv4 source address to the translator.
但IPv6源地址没有映射条目,因此映射程序从假脱机中为其选择IPv4地址,然后将IPv4目标地址和IPv4源地址返回给转换器。
NOTE: See subsection 4.3 about the influence on other hosts caused by an IPv4 address assigned here.
注意:关于此处分配的IPv4地址对其他主机造成的影响,请参见第4.3小节。
The translator translates the IPv6 packet into an IPv4 packet and tosses it up to the application.
转换器将IPv6数据包转换为IPv4数据包,并将其抛给应用程序。
The application sends a new IPv4 packet to "host6."
应用程序向“主机6”发送一个新的IPv4数据包
The following behavior is the same as that described in subsection 3.1.
以下行为与第3.1小节中描述的行为相同。
The following diagram illustrates the action described above:
下图说明了上述操作:
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Receive data from "host6".>> | | | | | | | | | | | | |An IPv6 packet. |<==========|=========| | | | | | | | | | | |<------| Request IPv4 addresses | | | | | corresponding to the IPv6 | | | | | addresses. | | | | | | | | | | | |------>| Reply with the IPv4| | | | | | addresses. | | | | | | | | | | | | |<<Translate IPv6 into IPv4.>> | | | | | | | |<=====|=======|=========|=======| An IPv4 packet. | | | | | | | | <<Reply an IPv4 packet to "host6".>> | | | | | | | | | |======|=======|=========|======>| An IPv4 packet. | | | | | | | | | | | | |<<Translate IPv4 into IPv6.>> | | | | | | | | | |An IPv6 packet. |===========|========>| | | | | | | |
"dual stack" "host6" IPv4 TCP/ extension address translator IPv6 appli- IPv4 name mapper cation resolver | | | | | | | <<Receive data from "host6".>> | | | | | | | | | | | | |An IPv6 packet. |<==========|=========| | | | | | | | | | | |<------| Request IPv4 addresses | | | | | corresponding to the IPv6 | | | | | addresses. | | | | | | | | | | | |------>| Reply with the IPv4| | | | | | addresses. | | | | | | | | | | | | |<<Translate IPv6 into IPv4.>> | | | | | | | |<=====|=======|=========|=======| An IPv4 packet. | | | | | | | | <<Reply an IPv4 packet to "host6".>> | | | | | | | | | |======|=======|=========|======>| An IPv4 packet. | | | | | | | | | | | | |<<Translate IPv4 into IPv6.>> | | | | | | | | | |An IPv6 packet. |===========|========>| | | | | | | |
Figure 3 Action of the recipient
图3接受者的行动
This section considers some issues of the proposed dual stack hosts.
本节将讨论建议的双堆栈主机的一些问题。
In common with NAT [NAT], IP conversion needs to translate IP addresses embedded in application layer protocols, which are typically found in FTP [FTP]. So it is hard to translate all such applications completely.
与NAT[NAT]一样,IP转换需要转换嵌入在应用层协议中的IP地址,这些协议通常在FTP[FTP]中找到。因此,很难完全翻译所有这些应用程序。
The spool, for example, consists of private addresses [PRIVATE]. So a large address space can be used for the spool. Nonetheless, IPv4
例如,spool由私有地址[private]组成。因此,可以为假脱机使用较大的地址空间。尽管如此,IPv4
addresses in the spool will be exhausted and cannot be assigned to IPv6 target hosts, if the host communicates with a great number of other IPv6 hosts and the mapper never frees entries registered into the mapping table once. To solve the problem, for example, it is desirable for the mapper to free the oldest entry in the mapping table and re-use the IPv4 address for creating a new entry.
如果主机与大量其他IPv6主机通信,并且映射程序从未释放一次注册到映射表中的条目,则spool中的地址将耗尽,并且无法分配给IPv6目标主机。例如,为了解决这个问题,映射程序需要释放映射表中最旧的条目,并重新使用IPv4地址来创建新条目。
IPv4 addresses, which are internally assigned to IPv6 target hosts out of the spool, never flow out from the host, and so do not negatively affect other hosts.
IPv4地址在内部从假脱机分配给IPv6目标主机,不会从主机流出,因此不会对其他主机产生负面影响。
This section considers applicability and limitations of the proposed dual stack hosts.
本节考虑建议的双堆栈主机的适用性和局限性。
The mechanism can be useful for users in the especially initial stage where some applications not modified into IPv6 remain. And it can also help users who cannot upgrade their certain applications for some reason after all applications have been modified. The reason is that it allows hosts to communicate with IPv6 hosts using existing IPv4 applications, and that they can get connectivity for both IPv4 and IPv6 even if they do not have IPv6 applications as a result.
该机制对于处于某些未修改为IPv6的应用程序保留的初始阶段的用户非常有用。它还可以帮助那些在所有应用程序都被修改后由于某种原因无法升级其特定应用程序的用户。原因是它允许主机使用现有的IPv4应用程序与IPv6主机通信,并且即使它们没有IPv6应用程序,它们也可以获得IPv4和IPv6的连接。
Note that it can also work in conjunction with a complete IPv6 stack. They can communicate with both IPv4 hosts and IPv6 hosts using IPv4 applications via the mechanism, and can also communicate with IPv6 hosts using IPv6 applications via the complete IPv6 stack.
请注意,它还可以与完整的IPv6堆栈配合使用。它们可以通过该机制与IPv4主机和使用IPv4应用程序的IPv6主机通信,也可以通过完整的IPv6堆栈与使用IPv6应用程序的IPv6主机通信。
The mechanism is valid only for unicast communication, but invalid for multicast communication. Multicast communication needs another mechanism.
该机制仅对单播通信有效,但对多播通信无效。多播通信需要另一种机制。
It allows hosts to communicate with IPv6 hosts using existing IPv4 applications, but this can not be applied to IPv4 applications which use any IPv4 option since it is impossible to translate IPv4 options into IPv6. Similarly it is impossible to translate any IPv6 option headers into IPv4, except for fragment headers and routing headers. So IPv6 inbound communication having the option headers may be rejected.
它允许主机使用现有IPv4应用程序与IPv6主机通信,但这不能应用于使用任何IPv4选项的IPv4应用程序,因为无法将IPv4选项转换为IPv6。类似地,除了片段头和路由头之外,不可能将任何IPv6选项头转换为IPv4。因此,具有选项标头的IPv6入站通信可能会被拒绝。
In common with NAT [NAT], IP conversion needs to translate IP addresses embedded in application layer protocols, which are typically found in FTP [FTP]. So it is hard to translate all such applications completely.
与NAT[NAT]一样,IP转换需要转换嵌入在应用层协议中的IP地址,这些协议通常在FTP[FTP]中找到。因此,很难完全翻译所有这些应用程序。
It may be impossible that the hosts using the mechanism utilize the security above network layer since the data may carry IP addresses.
使用该机制的主机可能不可能利用网络层以上的安全性,因为数据可能携带IP地址。
Finally it can not combine with secure DNS since the extension name resolver can not handle the protocol.
最后,它不能与安全DNS结合,因为扩展名解析程序不能处理该协议。
This section considers security of the proposed dual stack hosts.
本节考虑建议的双堆栈主机的安全性。
The hosts can utilize the security of all layers like ordinary IPv4 communication when they communicate with IPv4 hosts using IPv4 applications via the mechanism. Likewise they can utilize the security of all layers like ordinary IPv6 communication when they communicate with IPv6 hosts using IPv6 applications via the complete IPv6 stack. However, unfortunately, they can not utilize the security above network layer when they communicate with IPv6 hosts using IPv4 applications via the mechanism. The reason is that when the protocol data with which IP addresses are embedded is encrypted, or when the protocol data is encrypted using IP addresses as keys, it is impossible for the mechanism to translate the IPv4 data into IPv6 and vice versa. Therefore it is highly desirable to upgrade to the applications modified into IPv6 for utilizing the security at communication with IPv6 hosts.
当主机通过该机制与使用IPv4应用程序的IPv4主机通信时,它们可以像普通IPv4通信一样利用所有层的安全性。同样,当它们通过完整的IPv6堆栈使用IPv6应用程序与IPv6主机通信时,它们可以利用所有层的安全性,如普通IPv6通信。然而,不幸的是,当它们通过该机制与使用IPv4应用程序的IPv6主机通信时,无法利用网络层以上的安全性。原因是,当嵌入IP地址的协议数据被加密时,或者当协议数据使用IP地址作为密钥进行加密时,该机制不可能将IPv4数据转换为IPv6,反之亦然。因此,非常需要升级到修改为IPv6的应用程序,以利用与IPv6主机通信时的安全性。
[SIIT] Nordmark, E., "Stateless IP/ICMP Translator (SIIT)", RFC 2765, February 2000.
[SIIT]Nordmark,E.“无状态IP/ICMP转换器(SIIT)”,RFC 27652000年2月。
[IPV4] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
[IPV4]Postel,J.,“互联网协议”,STD 5,RFC 7911981年9月。
[FTP] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, RFC 959, October 1985.
[FTP]Postel,J.和J.Reynolds,“文件传输协议”,STD 9,RFC 959,1985年10月。
[NAT] Kjeld B. and P. Francis, "The IP Network Address Translator (NAT)", RFC 1631, May 1994.
[NAT]Kjeld B.和P.Francis,“IP网络地址转换器(NAT)”,RFC 16311994年5月。
[IPV6] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[IPV6]Deering,S.和R.Hinden,“互联网协议,第6版(IPV6)规范”,RFC 2460,1998年12月。
[PRIVATE] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. J. and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996.
[私人]Rekhter,Y.,Moskowitz,B.,Karrenberg,D.,de Groot,G.J.和E.Lear,“私人互联网地址分配”,BCP 5,RFC 1918,1996年2月。
[TRANS-MECH] Gilligan, R. and E. Nordmark, "Transition Mechanisms for IPv6 Hosts and Routers", RFC 1933, April 1996.
[TRANS-MECH]Gilligan,R.和E.Nordmark,“IPv6主机和路由器的过渡机制”,RFC 1933,1996年4月。
[BUMP] D.A. Wagner and S.M. Bellovin, "A Bump in the Stack Encryptor for MS-DOS Systems", The 1996 Symposium on Network and Distributed Systems Security (SNDSS'96) Proceedings.
[BUMP]D.A.Wagner和S.M.Bellovin,“MS-DOS系统的堆栈加密机中的BUMP”,1996年网络和分布式系统安全研讨会(SNDSS'96)论文集。
[NAT-PT] Tsirtsis, G. and P. Srisuresh, "Network Address Translation - Protocol Translation (NAT-PT)", RFC 2766, February 2000.
[NAT-PT]Tsirtsis,G.和P.Srisuresh,“网络地址转换-协议转换(NAT-PT)”,RFC 2766,2000年2月。
The authors gratefully acknowledge the many helpful suggestions of the members of the WIDE Project, Kazuhiko YAMAMOTO, Jun MURAI, Munechika SUMIKAWA, Ken WATANABE, and Takahisa MIYAMOTO, at large.
作者非常感谢WIDE项目成员山本和彦、村井俊二、住川幕纪子、渡边健和宫本隆久提出的许多有益建议。
Kazuaki TSUCHIYA Enterprise Server Division, Hitachi, Ltd. 810 Shimoimaizumi, Ebina-shi, Kanagawa-ken, 243-0435 JAPAN
日立株式会社Kazuaki-TSUCHIYA企业服务器部,地址:日本神奈川县艾比纳市Shimoimaizumi 810号,邮编243-0435
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: tsuchi@ebina.hitachi.co.jp
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: tsuchi@ebina.hitachi.co.jp
Hidemitsu HIGUCHI Enterprise Server Division, Hitachi, Ltd. 810 Shimoimaizumi, Ebina-shi, Kanagawa-ken, 243-0435 JAPAN
Hidemitsu HIGUCHI企业服务器部,日立有限公司,地址:日本神奈川县艾比纳市Shimoimaizumi 810号,邮编243-0435
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: h-higuti@ebina.hitachi.co.jp
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: h-higuti@ebina.hitachi.co.jp
Yoshifumi ATARASHI Enterprise Server Division, Hitachi, Ltd. 810 Shimoimaizumi, Ebina-shi, Kanagawa-ken, 243-0435 JAPAN
日本神奈川县艾比纳市Shimoimaizumi岛810号日立有限公司吉文-ATARASHI企业服务器部,邮编243-0435
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: atarashi@ebina.hitachi.co.jp
Phone: +81-462-32-2121 Fax: +81-462-35-8324 EMail: atarashi@ebina.hitachi.co.jp
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。