Network Working Group                                         F. Templin
Request for Comments: 5214                          Boeing Phantom Works
Obsoletes: 4214                                               T. Gleeson
Category: Informational                               Cisco Systems K.K.
                                                               D. Thaler
                                                   Microsoft Corporation
                                                              March 2008
        
Network Working Group                                         F. Templin
Request for Comments: 5214                          Boeing Phantom Works
Obsoletes: 4214                                               T. Gleeson
Category: Informational                               Cisco Systems K.K.
                                                               D. Thaler
                                                   Microsoft Corporation
                                                              March 2008
        

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

站点内自动隧道寻址协议(ISATAP)

Status of This Memo

关于下段备忘

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

IESG Note

IESG注释

The IESG thinks that this work is related to IETF work done in WG softwires, but this does not prevent publishing.

IESG认为这项工作与工作组软线中的IETF工作有关,但这并不妨碍发布。

Abstract

摘要

The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects dual-stack (IPv6/IPv4) nodes over IPv4 networks. ISATAP views the IPv4 network as a link layer for IPv6 and supports an automatic tunneling abstraction similar to the Non-Broadcast Multiple Access (NBMA) model.

站点内自动隧道寻址协议(ISATAP)通过IPv4网络连接双栈(IPv6/IPv4)节点。ISATAP将IPv4网络视为IPv6的链路层,并支持类似于非广播多址(NBMA)模型的自动隧道抽象。

Table of Contents

目录

   1. Introduction ....................................................2
   2. Requirements ....................................................3
   3. Terminology .....................................................3
   4. Domain of Applicability .........................................4
   5. Node Requirements ...............................................4
   6. Addressing Requirements .........................................4
      6.1. ISATAP Interface Identifiers ...............................4
      6.2. ISATAP Interface Address Configuration .....................5
      6.3. Multicast/Anycast ..........................................5
   7. Automatic Tunneling .............................................5
      7.1. Encapsulation ..............................................5
      7.2. Handling ICMPv4 Errors .....................................5
      7.3. Decapsulation ..............................................6
      7.4. Link-Local Addresses .......................................6
      7.5. Neighbor Discovery over Tunnels ............................6
   8. Neighbor Discovery for ISATAP Interfaces ........................6
      8.1. Conceptual Model of a Host .................................7
      8.2. Router and Prefix Discovery - Router Specification .........7
      8.3. Router and Prefix Discovery - Host Specification ...........7
           8.3.1. Host Variables ......................................7
           8.3.2. Potential Router List Initialization ................7
           8.3.3. Processing Received Router Advertisements ...........8
           8.3.4. Sending Router Solicitations ........................8
      8.4. Neighbor Unreachability Detection ..........................9
   9. Site Administration Considerations ..............................9
   10. Security Considerations ........................................9
   11. IANA Considerations ...........................................10
   12. Acknowledgments ...............................................10
   13. References ....................................................11
      13.1. Normative References .....................................11
      13.2. Informative References ...................................12
   Appendix A. Modified EUI-64 Addresses in the IANA Ethernet
             Address Block ...........................................13
        
   1. Introduction ....................................................2
   2. Requirements ....................................................3
   3. Terminology .....................................................3
   4. Domain of Applicability .........................................4
   5. Node Requirements ...............................................4
   6. Addressing Requirements .........................................4
      6.1. ISATAP Interface Identifiers ...............................4
      6.2. ISATAP Interface Address Configuration .....................5
      6.3. Multicast/Anycast ..........................................5
   7. Automatic Tunneling .............................................5
      7.1. Encapsulation ..............................................5
      7.2. Handling ICMPv4 Errors .....................................5
      7.3. Decapsulation ..............................................6
      7.4. Link-Local Addresses .......................................6
      7.5. Neighbor Discovery over Tunnels ............................6
   8. Neighbor Discovery for ISATAP Interfaces ........................6
      8.1. Conceptual Model of a Host .................................7
      8.2. Router and Prefix Discovery - Router Specification .........7
      8.3. Router and Prefix Discovery - Host Specification ...........7
           8.3.1. Host Variables ......................................7
           8.3.2. Potential Router List Initialization ................7
           8.3.3. Processing Received Router Advertisements ...........8
           8.3.4. Sending Router Solicitations ........................8
      8.4. Neighbor Unreachability Detection ..........................9
   9. Site Administration Considerations ..............................9
   10. Security Considerations ........................................9
   11. IANA Considerations ...........................................10
   12. Acknowledgments ...............................................10
   13. References ....................................................11
      13.1. Normative References .....................................11
      13.2. Informative References ...................................12
   Appendix A. Modified EUI-64 Addresses in the IANA Ethernet
             Address Block ...........................................13
        
1. Introduction
1. 介绍

This document specifies a simple mechanism called the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) that connects dual-stack (IPv6/IPv4) nodes over IPv4 networks. Dual-stack nodes use ISATAP to automatically tunnel IPv6 packets in IPv4, i.e., ISATAP views the IPv4 network as a link layer for IPv6.

本文档指定了一种称为站点内自动隧道寻址协议(ISATAP)的简单机制,该协议通过IPv4网络连接双栈(IPv6/IPv4)节点。双栈节点使用ISATAP在IPv4中自动隧道IPv6数据包,即ISATAP将IPv4网络视为IPv6的链路层。

ISATAP enables automatic tunneling whether global or private IPv4 addresses are used, and it presents a Non-Broadcast Multiple Access (NBMA) abstraction similar to [RFC2491],[RFC2492],[RFC2529], and [RFC3056].

ISATAP支持在使用全局或专用IPv4地址时自动进行隧道传输,并且它提供了类似于[RFC2491]、[RFC2492]、[RFC2529]和[RFC3056]的非广播多址(NBMA)抽象。

The main objectives of this document are to: 1) describe the domain of applicability, 2) specify addressing requirements, 3) specify automatic tunneling using ISATAP, 4) specify the operation of IPv6 Neighbor Discovery over ISATAP interfaces, and 5) discuss Site Administration, Security, and IANA considerations.

本文档的主要目标是:1)描述适用范围,2)指定寻址要求,3)指定使用ISATAP的自动隧道,4)指定通过ISATAP接口进行IPv6邻居发现的操作,以及5)讨论站点管理、安全和IANA注意事项。

2. Requirements
2. 要求

The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in [RFC2119].

本文件中出现的关键词必须、不得、必需、应、不应、应、不应、建议、可和可选时,应按照[RFC2119]中的说明进行解释。

This document also uses internal conceptual variables to describe protocol behavior and external variables that an implementation must allow system administrators to change. The specific variable names, how their values change, and how their settings influence protocol behavior are provided in order to demonstrate protocol behavior. An implementation is not required to have them in the exact form described here, as long as its external behavior is consistent with that described in this document.

本文档还使用内部概念变量来描述协议行为和实现必须允许系统管理员更改的外部变量。为了演示协议行为,提供了特定的变量名称、它们的值如何变化以及它们的设置如何影响协议行为。只要实现的外部行为与本文档中描述的一致,就不要求实现的外部行为与本文中描述的完全相同。

3. Terminology
3. 术语

The terminology of [RFC2460] and [RFC4861] applies to this document. The following additional terms are defined:

[RFC2460]和[RFC4861]的术语适用于本文件。定义了以下附加术语:

ISATAP node/host/router: A dual-stack (IPv6/IPv4) node/host/router that implements the specifications in this document.

ISATAP节点/主机/路由器:实现本文档中规范的双栈(IPv6/IPv4)节点/主机/路由器。

ISATAP interface: An ISATAP node's Non-Broadcast Multi-Access (NBMA) IPv6 interface, used for automatic tunneling of IPv6 packets in IPv4.

ISATAP接口:ISATAP节点的非广播多址(NBMA)IPv6接口,用于IPv4中IPv6数据包的自动隧道传输。

ISATAP interface identifier: An IPv6 interface identifier with an embedded IPv4 address constructed as specified in Section 6.1.

ISATAP接口标识符:具有按照第6.1节规定构造的嵌入式IPv4地址的IPv6接口标识符。

ISATAP address: An IPv6 unicast address that matches an on-link prefix on an ISATAP interface of the node, and that includes an ISATAP interface identifier.

ISATAP地址:与节点的ISATAP接口上的链路前缀匹配的IPv6单播地址,包括ISATAP接口标识符。

locator: An IPv4 address-to-interface mapping; i.e., a node's IPv4 address and its associated interface.

定位器:IPv4地址到接口的映射;i、 例如,节点的IPv4地址及其关联接口。

locator set: A set of locators associated with an ISATAP interface. Each locator in the set belongs to the same site.

定位器集:与ISATAP接口关联的一组定位器。集合中的每个定位器都属于同一站点。

4. Domain of Applicability
4. 适用范围

The domain of applicability for this technical specification is automatic tunneling of IPv6 packets in IPv4 for ISATAP nodes within sites that observe the security considerations found in this document, including host-to-router, router-to-host, and host-to-host automatic tunneling in certain enterprise networks and 3GPP/3GPP2 wireless operator networks. (Other scenarios with a sufficient trust basis ensured by the mechanisms specified in this document also fall within this domain of applicability.)

本技术规范的适用范围是在遵守本文件中的安全注意事项的站点内,为ISATAP节点在IPv4中自动隧道IPv6数据包,包括主机到路由器、路由器到主机、,以及某些企业网络和3GPP/3GPP2无线运营商网络中的主机到主机自动隧道。(本文件中规定的机制所确保的具有充分信任基础的其他场景也属于该适用范围。)

Extensions to the above domain of applicability (e.g., by combining the mechanisms in this document with those in other technical specifications) are out of the scope of this document.

对上述适用范围的扩展(例如,通过将本文件中的机制与其他技术规范中的机制相结合)不在本文件范围内。

5. Node Requirements
5. 节点要求

ISATAP nodes observe the common functionality requirements for IPv6 nodes found in [RFC4294] and the requirements for dual IP layer operation found in Section 2 of [RFC4213]. They also implement the additional features specified in this document.

ISATAP节点遵守[RFC4294]中IPv6节点的通用功能要求和[RFC4213]第2节中的双IP层操作要求。它们还实现了本文档中指定的其他功能。

6. Addressing Requirements
6. 满足要求
6.1. ISATAP Interface Identifiers
6.1. ISATAP接口标识符

ISATAP interface identifiers are constructed in Modified EUI-64 format per Section 2.5.1 of [RFC4291] by concatenating the 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4 address in network byte order as follows:

ISATAP接口标识符按照[RFC4291]第2.5.1节的规定,通过按网络字节顺序连接24位IANA OUI(00-00-5E)、8位十六进制值0xFE和32位IPv4地址,以修改的EUI-64格式构建,如下所示:

   |0              1|1              3|3                              6|
   |0              5|6              1|2                              3|
   +----------------+----------------+--------------------------------+
   |000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm|
   +----------------+----------------+--------------------------------+
        
   |0              1|1              3|3                              6|
   |0              5|6              1|2                              3|
   +----------------+----------------+--------------------------------+
   |000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm|
   +----------------+----------------+--------------------------------+
        

When the IPv4 address is known to be globally unique, the "u" bit (universal/local) is set to 1; otherwise, the "u" bit is set to 0. "g" is the individual/group bit, and "m" represents the bits of the IPv4 address.

当已知IPv4地址全局唯一时,“u”位(通用/本地)设置为1;否则,“u”位设置为0。“g”是单个/组位,“m”表示IPv4地址的位。

Per Section 2.5.1 of [RFC4291], ISATAP nodes are not required to validate that interface identifiers created with modified EUI-64 tokens with the "u" bit set to universal are unique.

根据[RFC4291]第2.5.1节,ISATAP节点无需验证使用“u”位设置为universal的修改过的EUI-64令牌创建的接口标识符是否唯一。

6.2. ISATAP Interface Address Configuration
6.2. ISATAP接口地址配置

Each ISATAP interface configures a set of locators consisting of IPv4 address-to-interface mappings from a single site; i.e., an ISATAP interface's locator set MUST NOT span multiple sites.

每个ISATAP接口配置一组定位器,由单个站点的IPv4地址到接口映射组成;i、 例如,ISATAP接口的定位器集不得跨越多个站点。

When an IPv4 address is removed from an interface, the corresponding locator SHOULD be removed from its associated locator set(s). When a new IPv4 address is assigned to an interface, the corresponding locator MAY be added to the appropriate locator set(s).

从接口中删除IPv4地址时,应从其关联的定位器集中删除相应的定位器。当一个新的IPv4地址分配给一个接口时,相应的定位器可以添加到相应的定位器集中。

ISATAP interfaces form ISATAP interface identifiers from IPv4 addresses in their locator set and use them to create link-local ISATAP addresses (Section 5.3 of [RFC4862]).

ISATAP接口根据其定位器集中的IPv4地址形成ISATAP接口标识符,并使用它们创建链路本地ISATAP地址(RFC4862第5.3节)。

6.3. Multicast/Anycast
6.3. 多播/选播

It is not possible to assume the general availability of wide-area IPv4 multicast, so (unlike 6over4 [RFC2529]) ISATAP must assume that its underlying IPv4 carrier network only has unicast capability. Support for IPv6 multicast over ISATAP interfaces is not described in this document.

无法假定广域IPv4多播的普遍可用性,因此(与6over4[RFC2529]不同),ISATAP必须假定其基础IPv4载波网络仅具有单播能力。本文档中未描述通过ISATAP接口支持IPv6多播。

Similarly, support for Reserved IPv6 Subnet Anycast Addresses is not described in this document.

类似地,本文档中未描述对保留IPv6子网选播地址的支持。

7. Automatic Tunneling
7. 自动隧道

ISATAP interfaces use the basic tunneling mechanisms specified in Section 3 of [RFC4213]. The following sub-sections describe additional specifications.

ISATAP接口使用[RFC4213]第3节中规定的基本隧道机制。以下小节描述了附加规范。

7.1. Encapsulation
7.1. 封装

ISATAP addresses are mapped to a link-layer address by a static computation; i.e., the last four octets are treated as an IPv4 address.

ISATAP地址通过静态计算映射到链路层地址;i、 例如,最后四个八位字节被视为IPv4地址。

7.2. Handling ICMPv4 Errors
7.2. 处理ICMPv4错误

ISATAP interfaces SHOULD process Address Resolution Protocol (ARP) failures and persistent ICMPv4 errors as link-specific information indicating that a path to a neighbor may have failed (Section 7.3.3 of [RFC4861]).

ISATAP接口应将地址解析协议(ARP)故障和持续ICMPv4错误处理为链路特定信息,表明到邻居的路径可能发生故障(RFC4861第7.3.3节)。

7.3. Decapsulation
7.3. 脱封

The specification in Section 3.6 of [RFC4213] is used. Additionally, when an ISATAP node receives an IPv4 protocol 41 datagram that does not belong to a configured tunnel interface, it determines whether the packet's IPv4 destination address and arrival interface match a locator configured in an ISATAP interface's locator set.

使用[RFC4213]第3.6节中的规范。此外,当ISATAP节点接收到不属于已配置隧道接口的IPv4协议41数据报时,它确定数据包的IPv4目标地址和到达接口是否与在ISATAP接口的定位器集中配置的定位器匹配。

If an ISATAP interface that configures a matching locator is found, the decapsulator MUST verify that the packet's IPv4 source address is correct for the encapsulated IPv6 source address. The IPv4 source address is correct if:

如果找到配置匹配定位器的ISATAP接口,则解封装器必须验证数据包的IPv4源地址与封装的IPv6源地址是否正确。如果满足以下条件,则IPv4源地址正确:

o the IPv6 source address is an ISATAP address that embeds the IPv4 source address in its interface identifier, or

o IPv6源地址是将IPv4源地址嵌入其接口标识符的ISATAP地址,或

o the IPv4 source address is a member of the Potential Router List (see Section 8.1).

o IPv4源地址是潜在路由器列表的成员(参见第8.1节)。

Packets for which the IPv4 source address is incorrect for this ISATAP interface are checked to determine whether they belong to another tunnel interface.

将检查IPv4源地址对于此ISATAP接口不正确的数据包,以确定它们是否属于另一个隧道接口。

7.4. Link-Local Addresses
7.4. 链接本地地址

ISATAP interfaces use link-local addresses constructed as specified in Section 6 of this document.

ISATAP接口使用本文件第6节规定的链接本地地址。

7.5. Neighbor Discovery over Tunnels
7.5. 隧道上的邻居发现

ISATAP interfaces use the specifications for neighbor discovery found in the following section of this document.

ISATAP接口使用本文档下一节中的邻居发现规范。

8. Neighbor Discovery for ISATAP Interfaces
8. ISATAP接口的邻居发现

ISATAP interfaces use the neighbor discovery mechanisms specified in [RFC4861]. The following sub-sections describe specifications that are also implemented.

ISATAP接口使用[RFC4861]中指定的邻居发现机制。以下小节描述了也实施的规范。

8.1. Conceptual Model of a Host
8.1. 主机的概念模型

To the list of Conceptual Data Structures (Section 5.1 of [RFC4861]), ISATAP interfaces add the following:

在概念数据结构列表(RFC4861第5.1节)中,ISATAP接口增加了以下内容:

Potential Router List (PRL) A set of entries about potential routers; used to support router and prefix discovery. Each entry ("PRL(i)") has an associated timer ("TIMER(i)"), and an IPv4 address ("V4ADDR(i)") that represents a router's advertising ISATAP interface.

潜在路由器列表(PRL)关于潜在路由器的一组条目;用于支持路由器和前缀发现。每个条目(“PRL(i)”都有一个关联的计时器(“计时器(i)”)和一个IPv4地址(“V4ADDR(i)”),表示路由器的ISATAP接口。

8.2. Router and Prefix Discovery - Router Specification
8.2. 路由器和前缀发现.路由器规范

Advertising ISATAP interfaces send Solicited Router Advertisement messages as specified in Section 6.2.6 of [RFC4861] except that the messages are sent directly to the soliciting node; i.e., they might not be received by other nodes on the link.

广告ISATAP接口发送[RFC4861]第6.2.6节规定的请求路由器广告消息,但消息直接发送到请求节点的情况除外;i、 例如,它们可能不会被链路上的其他节点接收。

8.3. Router and Prefix Discovery - Host Specification
8.3. 路由器和前缀发现-主机规范

The Host Specification in Section 6.3 of [RFC4861] is used. The following sub-sections describe specifications added by ISATAP interfaces.

使用[RFC4861]第6.3节中的主机规范。以下小节描述了ISATAP接口添加的规范。

8.3.1. Host Variables
8.3.1. 主变量

To the list of host variables (Section 6.3.2 of [RFC4861]), ISATAP interfaces add the following:

在主机变量列表(RFC4861第6.3.2节)中,ISATAP接口添加了以下内容:

PrlRefreshInterval Time in seconds between successive refreshments of the PRL after initialization. The designated value of all ones (0xffffffff) represents infinity.

PRLRefresh初始化后连续刷新PRL之间的间隔时间(秒)。所有1的指定值(0xFFFFFF)表示无穷大。

Default: 3600 seconds

默认值:3600秒

MinRouterSolicitInterval Minimum time in seconds between successive solicitations of the same advertising ISATAP interface. The designated value of all ones (0xffffffff) represents infinity.

MinRouterSolicitInterval同一广告ISATAP接口连续请求之间的最小时间(秒)。所有1的指定值(0xFFFFFF)表示无穷大。

8.3.2. Potential Router List Initialization
8.3.2. 潜在路由器列表初始化

ISATAP nodes initialize an ISATAP interface's PRL with IPv4 addresses acquired via manual configuration, a DNS Fully Qualified Domain Name (FQDN) [RFC1035], a DHCPv4 [RFC2131] vendor-specific option, or an unspecified alternate method. Domain names are acquired via manual

ISATAP节点使用通过手动配置获取的IPv4地址、DNS完全限定域名(FQDN)[RFC1035]、DHCPv4[RFC2131]特定于供应商的选项或未指定的替代方法初始化ISATAP接口的PRL。域名是通过人工获取的

configuration, receipt of a DHCPv4 Domain Name option [RFC2132], or an unspecified alternate method. FQDNs are resolved into IPv4 addresses through a static host file lookup, querying the DNS service, querying a site-specific name service, or with an unspecified alternate method.

配置、接收DHCPv4域名选项[RFC2132]或未指定的替代方法。FQDN通过静态主机文件查找、查询DNS服务、查询特定于站点的名称服务或使用未指定的替代方法解析为IPv4地址。

After initializing an ISATAP interface's PRL, the node sets a timer for the interface to PrlRefreshInterval seconds and re-initializes the interface's PRL as specified above when the timer expires. When an FQDN is used, and when it is resolved via a service that includes Times to Live (TTLs) with the IPv4 addresses returned (e.g., DNS 'A' resource records [RFC1035]), the timer SHOULD be set to the minimum of PrlRefreshInterval and the minimum TTL returned. (Zero-valued TTLs are interpreted to mean that the PRL is re-initialized before each Router Solicitation event; see Section 8.3.4.)

初始化ISATAP接口的PRL后,节点将该接口的计时器设置为PrlRefreshInterval秒,并在计时器过期时按照上述规定重新初始化接口的PRL。使用FQDN时,当通过包含生存时间(TTL)且返回IPv4地址(例如DNS“a”资源记录[RFC1035])的服务解析FQDN时,计时器应设置为PrlRefreshInterval的最小值和返回的TTL的最小值。(零值TTL被解释为在每个路由器请求事件之前重新初始化PRL;参见第8.3.4节。)

8.3.3. Processing Received Router Advertisements
8.3.3. 处理收到的路由器广告

To the list of checks for validating Router Advertisement messages (Section 6.1.2 of [RFC4861]), ISATAP interfaces add the following:

在验证路由器广告消息的检查列表(RFC4861的第6.1.2节)中,ISATAP接口添加了以下内容:

o IP Source Address is a link-local ISATAP address that embeds V4ADDR(i) for some PRL(i).

o IP源地址是一个链接本地ISATAP地址,它为某些PRL(i)嵌入了V4ADDR(i)。

Valid Router Advertisements received on an ISATAP interface are processed as specified in Section 6.3.4 of [RFC4861].

按照[RFC4861]第6.3.4节的规定处理在ISATAP接口上接收的有效路由器播发。

8.3.4. Sending Router Solicitations
8.3.4. 发送路由器请求

To the list of events after which Router Solicitation messages may be sent (Section 6.3.7 of [RFC4861]), ISATAP interfaces add the following:

在可发送路由器请求消息的事件列表中(RFC4861第6.3.7节),ISATAP接口添加了以下内容:

o TIMER(i) for some PRL(i) expires.

o 某些PRL(i)的计时器(i)过期。

Since unsolicited Router Advertisements may be incomplete and/or absent, ISATAP nodes MAY schedule periodic Router Solicitation events for certain PRL(i)s by setting the corresponding TIMER(i).

由于未经请求的路由器广告可能不完整和/或不存在,ISATAP节点可以通过设置相应的定时器(i)来为某些PRL(i)安排周期性的路由器请求事件。

When periodic Router Solicitation events are scheduled, the node SHOULD set TIMER(i) so that the next event will refresh remaining lifetimes stored for PRL(i) before they expire, including the Router Lifetime, Valid Lifetimes received in Prefix Information Options, and Route Lifetimes received in Route Information Options [RFC4191]. TIMER(i) MUST be set to no less than MinRouterSolicitInterval seconds where MinRouterSolicitInterval is configurable for the node, or for a specific PRL(i), with a conservative default value (e.g., 2 minutes).

当定期安排路由器请求事件时,节点应设置计时器(i),以便下一个事件将刷新为PRL(i)存储的剩余生存期,包括路由器生存期、前缀信息选项中接收的有效生存期以及路由信息选项中接收的路由生存期[RFC4191]。计时器(i)必须设置为不小于MinRouterSolicinterval秒,其中MinRouterSolicinterval可为节点或特定PRL(i)配置,具有保守的默认值(例如,2分钟)。

When TIMER(i) expires, the node sends Router Solicitation messages as specified in Section 6.3.7 of [RFC4861] except that the messages are sent directly to PRL(i); i.e., they might not be received by other routers. While the node continues to require periodic Router Solicitation events for PRL(i), and while PRL(i) continues to act as a router, the node resets TIMER(i) after each expiration event as described above.

当定时器(i)到期时,节点按照[RFC4861]第6.3.7节的规定发送路由器请求消息,但消息直接发送给PRL(i);i、 例如,它们可能不会被其他路由器接收。当节点继续要求针对PRL(i)的周期性路由器请求事件,并且当PRL(i)继续充当路由器时,节点在如上所述的每个到期事件之后重置计时器(i)。

8.4. Neighbor Unreachability Detection
8.4. 邻居不可达性检测

ISATAP hosts SHOULD perform Neighbor Unreachability Detection (Section 7.3 of [RFC4861]). ISATAP routers MAY perform Neighbor Unreachability Detection, but this might not scale in all environments.

ISATAP主机应执行邻居不可达性检测(RFC4861第7.3节)。ISATAP路由器可能执行邻居不可达性检测,但这可能无法在所有环境中扩展。

After address resolution, ISATAP hosts SHOULD perform an initial reachability confirmation by sending Neighbor Solicitation messages and receiving a Neighbor Advertisement message. ISATAP routers MAY perform this initial reachability confirmation, but this might not scale in all environments.

地址解析后,ISATAP主机应通过发送邻居请求消息和接收邻居公告消息来执行初始可达性确认。ISATAP路由器可能会执行此初始可达性确认,但这可能无法在所有环境中扩展。

9. Site Administration Considerations
9. 现场管理注意事项

Site administrators maintain a Potential Router List (PRL) of IPv4 addresses representing advertising ISATAP interfaces of routers.

站点管理员维护代表路由器接口的IPv4地址的潜在路由器列表(PRL)。

The PRL is commonly maintained as an FQDN for the ISATAP service in the site's name service (see Section 8.3.2). There are no mandatory rules for the selection of the FQDN, but site administrators are encouraged to use the convention "isatap.domainname" (e.g., isatap.example.com).

PRL通常作为ISATAP服务的FQDN维护在站点名称服务中(见第8.3.2节)。FQDN的选择没有强制性规则,但鼓励站点管理员使用约定“isatap.domainname”(例如isatap.example.com)。

When the site's name service includes TTLs with the IPv4 addresses returned, site administrators SHOULD configure the TTLs with conservative values to minimize control traffic.

当站点的名称服务包含返回IPv4地址的TTL时,站点管理员应使用保守值配置TTL,以最小化控制流量。

10. Security Considerations
10. 安全考虑

Implementers should be aware that, in addition to possible attacks against IPv6, security attacks against IPv4 must also be considered. Use of IP security at both IPv4 and IPv6 levels should nevertheless be avoided, for efficiency reasons. For example, if IPv6 is running encrypted, encryption of IPv4 would be redundant unless traffic analysis is felt to be a threat. If IPv6 is running authenticated, then authentication of IPv4 will add little. Conversely, IPv4 security will not protect IPv6 traffic once it leaves the ISATAP domain. Therefore, implementing IPv6 security is required even if IPv4 security is available.

实施者应该意识到,除了可能针对IPv6的攻击外,还必须考虑针对IPv4的安全攻击。出于效率考虑,应避免在IPv4和IPv6级别使用IP安全。例如,如果IPv6运行的是加密的,则IPv4的加密将是冗余的,除非流量分析被认为是一种威胁。如果IPv6运行的是经过身份验证的,那么IPv4的身份验证将不会增加多少。相反,一旦IPv6流量离开ISATAP域,IPv4安全将不会保护它。因此,即使IPv4安全可用,也需要实现IPv6安全。

The threats associated with IPv6 Neighbor Discovery are described in [RFC3756].

[RFC3756]中描述了与IPv6邻居发现相关的威胁。

There is a possible spoofing attack in which spurious ip-protocol-41 packets are injected into an ISATAP link from outside. Since an ISATAP link spans an entire IPv4 site, restricting access to the link can be achieved by restricting access to the site; i.e., by having site border routers implement IPv4 ingress filtering and ip-protocol-41 filtering.

存在一种可能的欺骗攻击,其中虚假ip-protocol-41数据包从外部注入ISATAP链路。由于ISATAP链路跨越整个IPv4站点,因此可以通过限制对该站点的访问来限制对该链路的访问;i、 例如,通过让站点边界路由器实现IPv4入口过滤和ip协议41过滤。

Another possible spoofing attack involves spurious ip-protocol-41 packets injected from within an ISATAP link by a node pretending to be a router. The Potential Router List (PRL) provides a list of IPv4 addresses representing advertising ISATAP interfaces of routers that hosts use in filtering decisions. Site administrators should ensure that the PRL is kept up to date, and that the resolution mechanism (see Section 9) cannot be subverted.

另一种可能的欺骗攻击涉及假装是路由器的节点从ISATAP链路内注入虚假ip-protocol-41数据包。潜在路由器列表(PRL)提供一个IPv4地址列表,表示主机在筛选决策中使用的路由器接口。站点管理员应确保PRL保持最新,并且解决机制(见第9节)不会被破坏。

The use of temporary addresses [RFC4941] and Cryptographically Generated Addresses [RFC3972] on ISATAP interfaces is outside the scope of this specification.

在ISATAP接口上使用临时地址[RFC4941]和加密生成的地址[RFC3972]不在本规范的范围内。

11. IANA Considerations
11. IANA考虑

The IANA has specified the format for Modified EUI-64 address construction (Appendix A of [RFC4291]) in the IANA Ethernet Address Block. The text in the Appendix of this document has been offered as an example specification. The current version of the IANA registry for Ether Types can be accessed at:

IANA在IANA以太网地址块中指定了修改后的EUI-64地址构造格式(RFC4291附录A)。本文件附录中的文本作为示例规范提供。乙醚类型IANA注册表的当前版本可访问:

   http://www.iana.org/assignments/ethernet-numbers
        
   http://www.iana.org/assignments/ethernet-numbers
        
12. Acknowledgments
12. 致谢

The ideas in this document are not original, and the authors acknowledge the original architects. Portions of this work were sponsored through SRI International and Nokia and Boeing internal projects and government contracts. Government sponsors include Monica Farah Stapleton and Russell Langan (U.S. Army CECOM ASEO) and Dr. Allen Moshfegh (U.S. Office of Naval Research). SRI International sponsors include Dr. Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi Sastry.

本文件中的想法并非原创,作者承认原创建筑师。这项工作的一部分由SRI国际、诺基亚和波音内部项目以及政府合同赞助。政府赞助商包括莫妮卡·法拉·斯泰普顿(Monica Farah Stapleton)、拉塞尔·兰根(Russell Langan)(美国陆军CECOM ASEO)和艾伦·莫斯菲格(Allen Moshfegh)博士(美国海军研究办公室)。SRI国际赞助商包括Mike Frankel博士、J.Peter Marcotullio、Lou Rodriguez和Ambatipudi Sastry博士。

The following are acknowledged for providing peer review input: Jim Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader, Ole Troan, and Vlad Yasevich.

以下人员因提供同行评审意见而受到认可:吉姆·邦德、里奇·德拉维斯、辛迪·荣格、安巴蒂普迪·萨斯特里、艾伦·施拉德、奥勒·特罗安和弗拉德·亚舍维奇。

The following are acknowledged for their significant contributions: Marcelo Albuquerque, Brian Carpenter, Alain Durand, Hannu Flinck, Jason Goldschmidt, Christian Huitema, Nathan Lutchansky, Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Markku Savela, Pekka Savola, Margaret Wasserman, Brian Zill, and members of the IETF IPv6 and V6OPS working groups. Mohit Talwar contributed to earlier versions of this document.

以下是对他们重大贡献的认可:马塞洛·阿尔伯克基、布赖恩·卡彭特、阿兰·杜兰德、汉努·弗林克、杰森·戈德施密特、克里斯蒂安·惠特马、内森·卢钦斯基、卡伦·尼尔森、莫汉·帕塔萨拉西、奇拉尤·帕特尔、艺术谢尔特、马克库·萨维拉、佩卡·萨沃拉、玛格丽特·瓦瑟曼、布赖恩·齐尔、,以及IETF IPv6和V6OPS工作组的成员。Mohit Talwar对本文件的早期版本做出了贡献。

The authors acknowledge the work done by Brian Carpenter and Cyndi Jung in RFC 2529 that introduced the concept of intra-site automatic tunneling. This concept was later called: "Virtual Ethernet" and researched by Quang Nguyen under the guidance of Dr. Lixia Zhang.

作者承认Brian Carpenter和Cyndi Jung在RFC 2529中所做的工作,该工作引入了场内自动隧道的概念。这一概念后来被称为“虚拟以太网”,由广元在张立霞博士的指导下进行了研究。

13. References
13. 工具书类
13.1. Normative References
13.1. 规范性引用文件

[RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987.

[RFC1035]Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 1035,1987年11月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.

[RFC2131]Droms,R.,“动态主机配置协议”,RFC21311997年3月。

[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.

[RFC2132]Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。

[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.

[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,1998年12月。

[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007.

[RFC4861]Narten,T.,Nordmark,E.,Simpson,W.,和H.Soliman,“IP版本6(IPv6)的邻居发现”,RFC 48612007年9月。

[RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, October 2005.

[RFC4213]Nordmark,E.和R.Gilligan,“IPv6主机和路由器的基本转换机制”,RFC 4213,2005年10月。

[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.

[RFC4291]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 42912006年2月。

[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007.

[RFC4862]Thomson,S.,Narten,T.,和T.Jinmei,“IPv6无状态地址自动配置”,RFC 48622007年9月。

13.2. Informative References
13.2. 资料性引用

[RFC2491] Armitage, G., Schulter, P., Jork, M., and G. Harter, "IPv6 over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491, January 1999.

[RFC2491]Armitage,G.,Schulter,P.,Jork,M.,和G.Harter,“非广播多址(NBMA)网络上的IPv6”,RFC 2491,1999年1月。

[RFC2492] Armitage, G., Schulter, P., and M. Jork, "IPv6 over ATM Networks", RFC 2492, January 1999.

[RFC2492]Armitage,G.,Schulter,P.,和M.Jork,“ATM网络上的IPv6”,RFC 2492,1999年1月。

[RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels", RFC 2529, March 1999.

[RFC2529]Carpenter,B.和C.Jung,“在没有明确隧道的IPv4域上传输IPv6”,RFC 2529,1999年3月。

[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via IPv4 Clouds", RFC 3056, February 2001.

[RFC3056]Carpenter,B.和K.Moore,“通过IPv4云连接IPv6域”,RFC 3056,2001年2月。

[RFC3756] Nikander, P., Ed., Kempf, J., and E. Nordmark, "IPv6 Neighbor Discovery (ND) Trust Models and Threats", RFC 3756, May 2004.

[RFC3756]Nikander,P.,Ed.,Kempf,J.,和E.Nordmark,“IPv6邻居发现(ND)信任模型和威胁”,RFC 3756,2004年5月。

[RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005.

[RFC3972]Aura,T.,“加密生成地址(CGA)”,RFC 39722005年3月。

[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and More-Specific Routes", RFC 4191, November 2005.

[RFC4191]Draves,R.和D.Thaler,“默认路由器首选项和更具体的路由”,RFC 41912005年11月。

[RFC4294] Loughney, J., Ed., "IPv6 Node Requirements", RFC 4294, April 2006.

[RFC4294]Loughney,J.,编辑,“IPv6节点要求”,RFC 42942006年4月。

[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007.

[RFC4941]Narten,T.,Draves,R.,和S.Krishnan,“IPv6中无状态地址自动配置的隐私扩展”,RFC 49412007年9月。

Appendix A. Modified EUI-64 Addresses in the IANA Ethernet Address Block

附录A.IANA以太网地址块中修改的EUI-64地址

Modified EUI-64 addresses (Section 2.5.1 and Appendix A of [RFC4291]) in the IANA Ethernet Address Block are formed by concatenating the 24-bit IANA OUI (00-00-5E) with a 40-bit extension identifier and inverting the "u" bit; i.e., the "u" bit is set to one (1) to indicate universal scope and set to zero (0) to indicate local scope. Modified EUI-64 addresses have the following appearance in memory (bits transmitted right-to-left within octets, octets transmitted left-to-right):

IANA以太网地址块中修改的EUI-64地址(第2.5.1节和[RFC4291]附录A)通过将24位IANA OUI(00-00-5E)与40位扩展标识符连接并反转“u”位形成;i、 例如,“u”位设置为一(1)表示通用范围,设置为零(0)表示局部范围。修改后的EUI-64地址在内存中的外观如下(位在八位字节内从右向左传输,八位字节从左向右传输):

0 23 63 | OUI | extension identifier | 000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

0 23 63 | OUI |扩展标识符| 000000 UG00000000 01011110XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

When the first two octets of the extension identifier encode the hexadecimal value 0xFFFE, the remainder of the extension identifier encodes a 24-bit vendor-supplied id as follows:

当扩展标识符的前两个八位字节编码十六进制值0xFFFE时,扩展标识符的其余部分编码供应商提供的24位id,如下所示:

0 23 39 63 | OUI | 0xFFFE | vendor-supplied id | 000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx

0 23 39 63 | OUI | 0xFFFE |供应商提供的id | 000000 UG00000000 0101111111111111111111111111 0xxxxxxxxxxxxxxxxxxxxxxx

When the first octet of the extension identifier encodes the hexadecimal value 0xFE, the remainder of the extension identifier encodes a 32-bit IPv4 address as follows:

当扩展标识符的第一个八位字节编码十六进制值0xFE时,扩展标识符的其余部分编码32位IPv4地址,如下所示:

0 23 31 63 | OUI | 0xFE | IPv4 address | 000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

0 23 31 63 | OUI | 0xFE | IPv4地址| 000000 UG00000000 01011111111110 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Authors' Addresses

作者地址

Fred L. Templin Boeing Phantom Works P.O. Box 3707 MC 7L-49 Seattle, WA 98124 USA

Fred L.Templin波音幻影工厂美国华盛顿州西雅图3707 MC 7L-49邮政信箱98124

   EMail: fred.l.templin@boeing.com
        
   EMail: fred.l.templin@boeing.com
        

Tim Gleeson Cisco Systems K.K. Shinjuku Mitsui Building 2-1-1 Nishishinjuku, Shinjuku-ku Tokyo 163-0409 Japan

Tim Gleeson Cisco Systems K.K.新宿三井大厦2-1-1-1号,新宿东京163-0409

   EMail: tgleeson@cisco.com
        
   EMail: tgleeson@cisco.com
        

Dave Thaler Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 US

Dave Thaler微软公司美国华盛顿州雷德蒙微软大道一号98052-6399

   Phone: +1 425 703 8835
   EMail: dthaler@microsoft.com
        
   Phone: +1 425 703 8835
   EMail: dthaler@microsoft.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The IETF Trust (2008).

版权所有(C)IETF信托基金(2008年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78 and at http://www.rfc-editor.org/copyright.html, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78和http://www.rfc-editor.org/copyright.html,除本协议另有规定外,提交人保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.