Independent Submission J. Wu Request for Comments: 5747 Y. Cui Category: Experimental X. Li ISSN: 2070-1721 M. Xu Tsinghua University C. Metz Cisco Systems, Inc. March 2010
Independent Submission J. Wu Request for Comments: 5747 Y. Cui Category: Experimental X. Li ISSN: 2070-1721 M. Xu Tsinghua University C. Metz Cisco Systems, Inc. March 2010
4over6 Transit Solution Using IP Encapsulation and MP-BGP Extensions
使用IP封装和MP-BGP扩展的4over6传输解决方案
Abstract
摘要
The emerging and growing deployment of IPv6 networks will introduce cases where connectivity with IPv4 networks crossing IPv6 transit backbones is desired. This document describes a mechanism for automatic discovery and creation of IPv4-over-IPv6 tunnels via extensions to multiprotocol BGP. It is targeted at connecting islands of IPv4 networks across an IPv6-only backbone without the need for a manually configured overlay of tunnels. The mechanisms described in this document have been implemented, tested, and deployed on the large research IPv6 network in China.
IPv6网络的新兴和不断增长的部署将引入需要跨IPv6传输主干网连接IPv4网络的情况。本文档描述了通过多协议BGP扩展自动发现和创建IPv4-over-IPv6隧道的机制。它的目标是在只支持IPv6的主干上连接IPv4网络的孤岛,而无需手动配置隧道覆盖。本文中描述的机制已经在中国的大型研究IPv6网络上实施、测试和部署。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation.
本文件不是互联网标准跟踪规范;它是为检查、实验实施和评估而发布的。
This document defines an Experimental Protocol for the Internet community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文档为互联网社区定义了一个实验协议。这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5747.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5747.
IESG Note
IESG注释
The mechanisms and techniques described in this document are related to specifications developed by the IETF softwire working group and published as Standards Track documents by the IETF, but the relationship does not prevent publication of this document.
本文件中描述的机制和技术与IETF软线工作组制定的规范相关,并由IETF作为标准跟踪文件发布,但这种关系并不妨碍本文件的发布。
Copyright Notice
版权公告
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction ....................................................3 2. 4over6 Framework Overview .......................................3 3. Prototype Implementation ........................................5 3.1. 4over6 Packet Forwarding ...................................5 3.2. Encapsulation Table ........................................6 3.3. MP-BGP 4over6 Protocol Extensions ..........................7 3.3.1. Receiving Routing Information from Local CE .........8 3.3.2. Receiving 4over6 Routing Information from a Remote 4over6 PE ....................................8 4. 4over6 Deployment Experience ....................................9 4.1. CNGI-CERNET2 ...............................................9 4.2. 4over6 Testbed on the CNGI-CERNET2 IPv6 Network ............9 4.3. Deployment Experiences ....................................10 5. Ongoing Experiment .............................................11 6. Relationship to Softwire Mesh Effort ...........................12 7. IANA Considerations ............................................12 8. Security Considerations ........................................13 9. Conclusion .....................................................13 10. Acknowledgements ..............................................13 11. Normative References ..........................................14
1. Introduction ....................................................3 2. 4over6 Framework Overview .......................................3 3. Prototype Implementation ........................................5 3.1. 4over6 Packet Forwarding ...................................5 3.2. Encapsulation Table ........................................6 3.3. MP-BGP 4over6 Protocol Extensions ..........................7 3.3.1. Receiving Routing Information from Local CE .........8 3.3.2. Receiving 4over6 Routing Information from a Remote 4over6 PE ....................................8 4. 4over6 Deployment Experience ....................................9 4.1. CNGI-CERNET2 ...............................................9 4.2. 4over6 Testbed on the CNGI-CERNET2 IPv6 Network ............9 4.3. Deployment Experiences ....................................10 5. Ongoing Experiment .............................................11 6. Relationship to Softwire Mesh Effort ...........................12 7. IANA Considerations ............................................12 8. Security Considerations ........................................13 9. Conclusion .....................................................13 10. Acknowledgements ..............................................13 11. Normative References ..........................................14
Due to the lack of IPv4 address space, more and more IPv6 networks have been deployed not only on edge networks but also on backbone networks. However, there are still a large number of legacy IPv4 hosts and applications. As a result, IPv6 networks and IPv4 applications/hosts will have to coexist for a long period of time.
由于缺少IPv4地址空间,越来越多的IPv6网络不仅部署在边缘网络上,而且部署在骨干网络上。但是,仍然有大量的传统IPv4主机和应用程序。因此,IPv6网络和IPv4应用程序/主机必须长期共存。
The emerging and growing deployment of IPv6 networks will introduce cases where connectivity with IPv4 networks is desired. Some IPv6 backbones will need to offer transit services to attached IPv4 access networks. The method to achieve this would be to encapsulate and then transport the IPv4 payloads inside IPv6 tunnels spanning the backbone. There are some IPv6/IPv4-related tunneling protocols and mechanisms defined in the literature. But at the time that the mechanism described in this document was introduced, most of these existing techniques focused on the problem of IPv6 over IPv4, rather than the case of IPv4 over IPv6. Encapsulation methods alone, such as those defined in [RFC2473], require manual configuration in order to operate. When a large number of tunnels are necessary, manual configuration can become burdensome. To the above problem, this document describes an approach, referred to as "4over6".
IPv6网络的新兴和不断增长的部署将引入需要与IPv4网络连接的情况。一些IPv6主干网将需要向连接的IPv4接入网络提供传输服务。实现这一点的方法是在跨越主干网的IPv6隧道中封装并传输IPv4有效负载。文献中定义了一些与IPv6/IPv4相关的隧道协议和机制。但是,在介绍本文档中描述的机制时,大多数现有技术都集中于IPv4上的IPv6问题,而不是IPv6上的IPv4问题。单独的封装方法(如[RFC2473]中定义的封装方法)需要手动配置才能运行。当需要大量隧道时,手动配置可能会变得很麻烦。针对上述问题,本文档描述了一种称为“4over6”的方法。
The 4over6 mechanism concerns two aspects: the control plane and the data plane. The control plane needs to address the problem of how to set up an IPv4-over-IPv6 tunnel in an automatic and scalable fashion between a large number of edge routers. This document describes experimental extensions to Multiprotocol Extension for BGP (MP-BGP) [RFC4271] [RFC4760] employed to communicate tunnel endpoint information and establish 4over6 tunnels between dual-stack Provider Edge (PE) routers positioned at the edge of the IPv6 backbone network. Once the 4over6 tunnel is in place, the data plane focuses on the packet forwarding processes of encapsulation and decapsulation.
4over6机制涉及两个方面:控制平面和数据平面。控制平面需要解决如何在大量边缘路由器之间以自动和可伸缩的方式建立IPv4-over-IPv6隧道的问题。本文档描述了BGP(MP-BGP)[RFC4271][RFC4760]多协议扩展的实验性扩展,该扩展用于传输隧道端点信息,并在位于IPv6主干网络边缘的双堆栈提供商边缘(PE)路由器之间建立4over6个隧道。一旦4over6隧道就位,数据平面将关注封装和去封装的数据包转发过程。
In the topology shown in Figure 1, a number of IPv6-only P routers compose a native IPv6 backbone. The PE routers are dual stack and referred to as 4over6 PE routers. The IPv6 backbone acts as a transit core to transport IPv4 packets across the IPv6 backbone. This enables each of the IPv4 access islands to communicate with one another via 4over6 tunnels spanning the IPv6 transit core.
在图1所示的拓扑中,许多只支持IPv6的路由器组成了一个本机IPv6主干网。PE路由器是双栈的,称为4over6 PE路由器。IPv6主干充当传输核心,通过IPv6主干传输IPv4数据包。这使每个IPv4访问岛能够通过跨越IPv6传输核心的4个或6个隧道相互通信。
_._._._._ _._._._._ | IPv4 | | IPv4 | | access | | access | | island | | island | _._._._._ _._._._._ | | Dual-Stack Dual-Stack "4over6 PE" "4over6 PE" | | | | __+____________________+__ 4over6 / : : : : \ IPv6 only Tunnels | : : : : | transit core between | : [P] : | with multiple PEs | : : : : | [P routers] | : : : : | \_._._._._._._._._._._._._./ | / \ | | | Dual-Stack Dual-Stack "4over6 PE" "4over6 PE" | | | _._._._._ _._._._._ | IPv4 | | IPv4 | | access | | access | | island | | island | _._._._._ _._._._._
_._._._._ _._._._._ | IPv4 | | IPv4 | | access | | access | | island | | island | _._._._._ _._._._._ | | Dual-Stack Dual-Stack "4over6 PE" "4over6 PE" | | | | __+____________________+__ 4over6 / : : : : \ IPv6 only Tunnels | : : : : | transit core between | : [P] : | with multiple PEs | : : : : | [P routers] | : : : : | \_._._._._._._._._._._._._./ | / \ | | | Dual-Stack Dual-Stack "4over6 PE" "4over6 PE" | | | _._._._._ _._._._._ | IPv4 | | IPv4 | | access | | access | | island | | island | _._._._._ _._._._._
Figure 1: IPv4 over IPv6 Network Topology
图1:IPv4 over IPv6网络拓扑
As shown in Figure 1, there are multiple dual-stack PE routers connected to the IPv6 transit core. In order for the ingress 4over6 PE router to forward an IPv4 packet across the IPv6 backbone to the correct egress 4over6 PE router, the ingress 4over6 PE router must learn which IPv4 destination prefixes are reachable through each egress 4over6 PE router. MP-BGP will be extended to distribute the destination IPv4 prefix information between peering dual-stack PE routers. Section 4 of this document presents the definition of the 4over6 protocol field in MP-BGP, and Section 5 describes MP-BGP's extended behavior in support of this capability.
如图1所示,有多个双栈PE路由器连接到IPv6传输核心。为了让入口4over6 PE路由器通过IPv6主干将IPv4数据包转发到正确的出口4over6 PE路由器,入口4over6 PE路由器必须了解通过每个出口4over6 PE路由器可以访问哪些IPv4目标前缀。MP-BGP将被扩展以在对等双栈PE路由器之间分发目标IPv4前缀信息。本文档第4节介绍了MP-BGP中4over6协议字段的定义,第5节介绍了MP-BGP支持此功能的扩展行为。
After the ingress 4over6 PE router learns the correct egress 4over6 PE router via MP-BGP, it will forward the packet across the IPv6 backbone using IP encapsulation. The egress 4over6 PE router will receive the encapsulated packet, remove the IPv6 header, and then forward the original IPv4 packet to its final IPv4 destination. Section 6 describes the procedure of packet forwarding.
在入口4over6 PE路由器通过MP-BGP学习到正确的出口4over6 PE路由器后,它将使用IP封装通过IPv6主干转发数据包。出口4over6 PE路由器将接收封装的数据包,删除IPv6报头,然后将原始IPv4数据包转发到其最终IPv4目的地。第6节描述了数据包转发的过程。
An implementation of the 4over6 mechanisms described in this document was developed, tested, and deployed on Linux with kernel version 2.4. The prototype system is composed of three components: packet forwarding, the encapsulation table, and MP-BGP extensions. The packet forwarding and encapsulation table are Linux kernel modules, and the MP-BGP extension was developed by extending Zebra routing software.
本文中描述的4over6机制的一个实现是在内核版本为2.4的Linux上开发、测试和部署的。原型系统由三部分组成:包转发、封装表和MP-BGP扩展。包转发和封装表是Linux内核模块,MP-BGP扩展是通过扩展Zebra路由软件开发的。
The following sections will discuss these parts in detail.
以下各节将详细讨论这些部分。
Forwarding an IPv4 packet through the IPv6 transit core includes three parts: encapsulation of the incoming IPv4 packet with the IPv6 tunnel header, transmission of the encapsulated packet over the IPv6 transit backbone, and decapsulation of the IPv6 header and forwarding of the original IPv4 packet. Native IPv6 routing and forwarding are employed in the backbone network since the P routers take the 4over6 tunneled packets as just native IPv6 packets. Therefore, 4over6 packet forwarding involves only the encapsulation process and the decapsulation process, both of which are performed on the 4over6 PE routers.
通过IPv6传输核心转发IPv4数据包包括三个部分:用IPv6隧道报头封装传入的IPv4数据包、通过IPv6传输主干传输封装的数据包、解除IPv6报头封装并转发原始IPv4数据包。主干网中采用本机IPv6路由和转发,因为P路由器将4over6隧道数据包作为本机IPv6数据包。因此,4over6分组转发仅涉及封装过程和去封装过程,这两个过程都在4over6 PE路由器上执行。
Tunnel from Ingress PE to Egress PE ----------------------------> Tunnel Tunnel Entry-Point Exit-Point Node Node +-+ IPv4 +--+ IPv6 Transit Core +--+ IPv4 +-+ |S|-->--//-->--|PE|=====>=====//=====>=====|PE|-->--//-->--|D| +-+ +--+ +--+ +-+ Original Ingress PE Egress PE Original Packet (Encapsulation) (Decapsulation) Packet Source Destination Node Node
Tunnel from Ingress PE to Egress PE ----------------------------> Tunnel Tunnel Entry-Point Exit-Point Node Node +-+ IPv4 +--+ IPv6 Transit Core +--+ IPv4 +-+ |S|-->--//-->--|PE|=====>=====//=====>=====|PE|-->--//-->--|D| +-+ +--+ +--+ +-+ Original Ingress PE Egress PE Original Packet (Encapsulation) (Decapsulation) Packet Source Destination Node Node
Figure 2: Packet Forwarding along 4over6 Tunnel
图2:沿4over6隧道的数据包转发
As shown in Figure 2, packet encapsulation and decapsulation are both on the dual-stack 4over6 PE routers. Figure 3 shows the format of packet encapsulation and decapsulation.
如图2所示,数据包封装和去封装都在双栈4over6 PE路由器上。图3显示了数据包封装和去封装的格式。
+----------------------------------//-----+ | IPv4 Header | Packet Payload | +----------------------------------//-----+ < Original IPv4 Packet > | |(Encapsulation on ingress PE) | v < Tunnel IPv6 Headers > < Original IPv4 Packet > +-----------+ - - - - - +-------------+-----------//--------------+ | IPv6 | IPv6 | IPv4 | | | | Extension | | Packet Payload | | Header | Headers | Header | | +-----------+ - - - - - +-------------+-----------//--------------+ < Tunnel IPv6 Packet > | |(Decapsulation on egress PE) | v +----------------------------------//-----+ | IPv4 Header | Packet Payload | +----------------------------------//-----+ < Original IPv4 Packet >
+----------------------------------//-----+ | IPv4 Header | Packet Payload | +----------------------------------//-----+ < Original IPv4 Packet > | |(Encapsulation on ingress PE) | v < Tunnel IPv6 Headers > < Original IPv4 Packet > +-----------+ - - - - - +-------------+-----------//--------------+ | IPv6 | IPv6 | IPv4 | | | | Extension | | Packet Payload | | Header | Headers | Header | | +-----------+ - - - - - +-------------+-----------//--------------+ < Tunnel IPv6 Packet > | |(Decapsulation on egress PE) | v +----------------------------------//-----+ | IPv4 Header | Packet Payload | +----------------------------------//-----+ < Original IPv4 Packet >
Figure 3: Packet Encapsulation and Decapsulation on Dual-Stack 4over6 PE Router
图3:双栈4over6 PE路由器上的数据包封装和去封装
The encapsulation format to apply is IPv4 encapsulated in IPv6, as outlined in [RFC2473].
要应用的封装格式是IPv4封装在IPv6中,如[RFC2473]中所述。
Each 4over6 PE router maintains an encapsulation table as depicted in Figure 4. Each entry in the encapsulation table consists of an IPv4 prefix and its corresponding IPv6 address. The IPv4 prefix is a particular network located in an IPv4 access island network. The IPv6 address is the 4over6 virtual interface (VIF) address of the 4over6 PE router that the IPv4 prefix is reachable through. The encapsulation table is built and maintained using local configuration information and MP-BGP advertisements received from remote 4over6 PE routers.
每个4over6 PE路由器维护一个封装表,如图4所示。封装表中的每个条目都由IPv4前缀及其相应的IPv6地址组成。IPv4前缀是位于IPv4访问岛网络中的特定网络。IPv6地址是可通过其访问IPv4前缀的4over6 PE路由器的4over6虚拟接口(VIF)地址。封装表是使用本地配置信息和从远程4over6 PE路由器接收的MP-BGP播发构建和维护的。
The 4over6 VIF is an IPv6 /128 address that is locally configured on each 4over6 router. This address, as an ordinary global IPv6 address, must also be injected into the IPv6 IGP so that it is reachable across the IPv6 backbone.
4over6 VIF是在每个4over6路由器上本地配置的IPv6/128地址。该地址作为一个普通的全局IPv6地址,也必须注入IPv6 IGP中,以便可以通过IPv6主干访问该地址。
+-------------+------------------------------------------------+ | IPv4 Prefix | IPv6 Advertising Address Family Border Router | +-------------+------------------------------------------------+
+-------------+------------------------------------------------+ | IPv4 Prefix | IPv6 Advertising Address Family Border Router | +-------------+------------------------------------------------+
Figure 4: Encapsulation Table
图4:封装表
When an IPv4 packet arrives at the ingress 4over6 PE router, a lookup in the local IPv4 routing table will result in a pointer to the local encapsulation table entry with the matching destination IPv4 prefix. There is a corresponding IPv6 address in the encapsulation table. The IPv4 packet is encapsulated in an IPv6 header. The source address in the IPv6 header is the IPv6 VIF address of the local 4over6 PE router and the destination address is the IPv6 VIF address of the remote 4over6 PE router contained in the local encapsulation table. The packet is then subjected to normal IPv6 forwarding for transport across the IPv6 backbone.
当IPv4数据包到达入口4over6 PE路由器时,本地IPv4路由表中的查找将导致指向具有匹配目标IPv4前缀的本地封装表条目的指针。封装表中有相应的IPv6地址。IPv4数据包封装在IPv6报头中。IPv6标头中的源地址是本地4over6 PE路由器的IPv6 VIF地址,目标地址是本地封装表中包含的远程4over6 PE路由器的IPv6 VIF地址。然后,该数据包经过正常的IPv6转发,以便通过IPv6主干进行传输。
When the encapsulated packet arrives at the egress 4over6 PE router, the IPv6 header is removed and the original IPv4 packet is forwarded to the destination IPv4 network based on the outcome of the lookup in the IPv4 routing table contained in the egress 4over6 PE router.
当封装的数据包到达出口4over6 PE路由器时,将删除IPv6报头,并根据出口4over6 PE路由器中包含的IPv4路由表中的查找结果将原始IPv4数据包转发到目标IPv4网络。
Each 4over6 PE router possesses an IPv4 interface connected to an IPv4 access network(s). It can peer with other IPv4 routers using IGP or BGP routing protocols to exchange local IPv4 routing information. Routing information can also be installed on the 4over6 PE router using static configuration methods.
每个4over6 PE路由器都拥有一个连接到IPv4接入网络的IPv4接口。它可以使用IGP或BGP路由协议与其他IPv4路由器对等,以交换本地IPv4路由信息。也可以使用静态配置方法在4over6 PE路由器上安装路由信息。
Each 4over6 PE also possesses at least one IPv6 interface to connect it into the IPv6 transit backbone. The 4over6 PE typically uses IGP routing protocols to exchange IPv6 backbone routing information with other IPv6 P routers. The 4over6 PE router will also form an MP-iBGP (Internal BGP) peering relationship with other 4over6 PE routers connected to the IPv6 backbone network.
每个4over6 PE还拥有至少一个IPv6接口,以将其连接到IPv6传输主干网。4over6 PE通常使用IGP路由协议与其他IPv6 P路由器交换IPv6主干路由信息。4over6 PE路由器还将与连接到IPv6主干网络的其他4over6 PE路由器形成MP iBGP(内部BGP)对等关系。
The use of MP-iBGP suggests that the participating 4over6 PE routers that share a route reflector or form a full mesh of TCP connections are contained in the same autonomous system (AS). This implementation is in fact only deployed over a single AS. This was not an intentional design constraint but rather reflected the single AS topology of the CNGI-CERNET2 (China Next Generation Internet - China Education and Research Network) national IPv6 backbone used in the testing and deployment of this solution.
MP iBGP的使用表明,共享路由反射器或形成TCP连接完整网格的参与4over6 PE路由器包含在同一自治系统(AS)中。实际上,此实现仅在单个AS上部署。这不是故意的设计限制,而是反映了CNGI-CERNET2(中国下一代互联网-中国教育和研究网络)国家IPv6主干网的单一AS拓扑结构,用于测试和部署此解决方案。
When a 4over6 PE router learns routing information from the locally attached IPv4 access networks, the 4over6 MP-iBGP entity should process the information as follows:
当4over6 PE路由器从本地连接的IPv4接入网络学习路由信息时,4over6 MP iBGP实体应按如下方式处理该信息:
1. Install and maintain local IPv4 routing information in the IPv4 routing database.
1. 在IPv4路由数据库中安装和维护本地IPv4路由信息。
2. Install and maintain new entries in the encapsulation table. Each entry should consist of the IPv4 prefix and the local IPv6 VIF address.
2. 在封装表中安装并维护新条目。每个条目应包含IPv4前缀和本地IPv6 VIF地址。
3. Advertise the new contents of the local encapsulation table in the form of MP_REACH_NLRI update information to remote 4over6 PE routers. The format of these updates is as follows:
3. 以MP_REACH_NLRI更新信息的形式向远程4over6 PE路由器公布本地封装表的新内容。这些更新的格式如下:
* AFI = 1 (IPv4)
* AFI=1(IPv4)
* SAFI = 67 (4over6)
* 安全系数=67(4/6)
* NLRI = IPv4 network prefix
* NLRI=IPv4网络前缀
* Network Address of Next Hop = IPv6 address of its 4over6 VIF
* 下一跳的网络地址=其4over6 VIF的IPv6地址
4. A new Subsequent Address Family Identifier (SAFI) BGP 4over6 (67) has been assigned by IANA. We call a BGP update with a SAFI of 67 as 4over6 routing information.
4. IANA分配了一个新的后续地址族标识符(SAFI)BGP4OVER6(67)。我们将SAFI为67的BGP更新称为4over6路由信息。
A local 4over6 PE router will receive MP_REACH_NLRI updates from remote 4over6 routers and use that information to populate the local encapsulation table and the BGP routing database. After validating the correctness of the received attribute, the following procedures are used to update the local encapsulation table and redistribute new information to the local IPv4 routing table:
本地4over6 PE路由器将从远程4over6路由器接收MP_REACH_NLRI更新,并使用该信息填充本地封装表和BGP路由数据库。验证接收属性的正确性后,使用以下过程更新本地封装表并将新信息重新分发到本地IPv4路由表:
1. Validate the received BGP update packet as 4over6 routing information by AFI = 1 (IPv4) and SAFI = 67 (4over6).
1. 通过AFI=1(IPv4)和SAFI=67(4over6),将接收到的BGP更新数据包验证为4over6路由信息。
2. Extract the IPv4 network address from the NLRI field and install as the IPv4 network prefix.
2. 从NLRI字段提取IPv4网络地址,并安装为IPv4网络前缀。
3. Extract the IPv6 address from the Network Address of the Next Hop field and place that as an associated entry next to the IPv4 network index. (Note, this describes the update of the local encapsulation table.)
3. 从下一个跃点的网络地址字段中提取IPv6地址,并将其作为关联条目放在IPv4网络索引旁边。(注意,这描述了本地封装表的更新。)
4. Install and maintain a new entry in the encapsulation table with the extracted IPv4 prefix and its corresponding IPv6 address.
4. 在封装表中安装并维护具有提取的IPv4前缀及其相应IPv6地址的新条目。
5. Redistribute the new 4over6 routing information to the local IPv4 routing table. Set the destination network prefix as the extracted IPv4 prefix, set the Next Hop as Null, and Set the OUTPUT Interface as the 4over6 VIF on the local 4over6 PE router.
5. 将新的4over6路由信息重新分发到本地IPv4路由表。将目标网络前缀设置为提取的IPv4前缀,将下一个跃点设置为Null,并将输出接口设置为本地4over6 PE路由器上的4over6 VIF。
Therefore, when an ingress 4over6 PE router receives an IPv4 packet, the lookup in its IPv4 routing table will have a result of the output interface as the local 4over6 VIF, where the incoming IPv4 packet will be encapsulated with a new IPv6 header, as indicated in the encapsulation table.
因此,当入口4over6 PE路由器接收到IPv4数据包时,其IPv4路由表中的查找将产生输出接口作为本地4over6 VIF的结果,其中传入的IPv4数据包将使用新的IPv6报头进行封装,如封装表中所示。
A prototype of the 4over6 solution is implemented and deployed on CNGI-CERNET2. CNGI-CERNET2 is one of the China Next Generation Internet (CNGI) backbones, operated by the China Education and Research Network (CERNET). CNGI-CERNET2 connects approximately 25 core nodes distributed in 20 cities in China at speeds of 2.5-10 Gb/s. The CNGI-CERNET2 backbone is IPv6-only with some attached customer premise networks (CPNs) being dual stack. The CNGI-CERNET2 backbone, attached CNGI-CERNET2 CPNs, and CNGI-6IX Exchange all have globally unique AS numbers. This IPv6 backbone is used to provide transit IPv4 services for customer IPv4 networks connected via 4over6 PE routers to the backbone.
4over6解决方案的原型已在CNGI-CERNET2上实现和部署。CNGI-CERNET2是由中国教育和研究网络(CERNET)运营的中国下一代互联网(CNGI)主干网之一。CNGI-CERNET2以2.5-10 Gb/s的速度连接分布在中国20个城市的大约25个核心节点。CNGI-CERNET2主干网仅为IPv6,一些连接的客户前提网络(CPN)为双栈。CNGI-CERNET2主干网、连接的CNGI-CERNET2 CPN和CNGI-6IX交换机都具有全球唯一的AS编号。此IPv6主干网用于为通过4over6 PE路由器连接到主干网的客户IPv4网络提供传输IPv4服务。
Figure 5 shows 4over6 deployment network topology.
图5显示了4over6部署网络拓扑。
+-----------------------------------------------------+ | IPv6 (CERNET2) | | | +-----------------------------------------------------+ | | | | Tsinghua|Univ. Peking|Univ. SJTU| Southeast|Univ. +------+ +------+ +------+ +------+ |4over6| ... |4over6| |4over6| ... |4over6| |router| |router| |router| |router| +------+ +------+ +------+ +------+ | | | | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+ |IPv4 access| ... |IPv4 access| |IPv4 access| ... |IPv4 access| | network | | network | | network | | network | +-----------+ +-----------+ +-----------+ +-----------+ | +----------------------+ | IPv4 (Internet) | | | +----------------------+
+-----------------------------------------------------+ | IPv6 (CERNET2) | | | +-----------------------------------------------------+ | | | | Tsinghua|Univ. Peking|Univ. SJTU| Southeast|Univ. +------+ +------+ +------+ +------+ |4over6| ... |4over6| |4over6| ... |4over6| |router| |router| |router| |router| +------+ +------+ +------+ +------+ | | | | | | | | | | | | +-----------+ +-----------+ +-----------+ +-----------+ |IPv4 access| ... |IPv4 access| |IPv4 access| ... |IPv4 access| | network | | network | | network | | network | +-----------+ +-----------+ +-----------+ +-----------+ | +----------------------+ | IPv4 (Internet) | | | +----------------------+
Figure 5: 4over6 Deployment Network Topology
图5:4over6部署网络拓扑
The IPv4-only access networks are equipped with servers and clients running different applications. The 4over6 PE routers are deployed at 8 x IPv6 nodes of CNGI-CERNET2, located in seven universities and five cities across China. As suggested in Figure 5, some of the IPv4 access networks are connected to both IPv6 and IPv4 networks, and others are only connected to the IPv6 backbone. In the deployment, users in different IPv4 networks can communicate with each other through 4over6 tunnels.
仅IPv4接入网络配备了运行不同应用程序的服务器和客户端。4over6 PE路由器部署在CNGI-CERNET2的8个IPv6节点上,位于中国七所大学和五个城市。如图5所示,一些IPv4接入网络同时连接到IPv6和IPv4网络,而另一些仅连接到IPv6主干网。在部署中,不同IPv4网络中的用户可以通过4over6隧道相互通信。
A number of 4over6 PE routers were deployed and configured to support the 4over6 transit solution. MP-BGP peerings were established, and successful distribution of 4over6 SAFI information occurred. Inspection of the BGP routing and encapsulation tables confirmed that the correct entries were sent and received. ICMP ping traffic indicated that IPv4 packets were successfully transiting the IPv6 backbone.
部署和配置了许多4over6 PE路由器,以支持4over6传输解决方案。建立了MP-BGP对等,成功分发了4over6 SAFI信息。对BGP路由和封装表的检查确认发送和接收了正确的条目。ICMP ping通信量表明IPv4数据包正在成功地传输IPv6主干网。
In addition, other application protocols were successfully tested per the following:
此外,其他应用程序协议已根据以下要求成功测试:
o HTTP. A client running Internet Explorer in one IPv4 client network was able to access and download multiple objects from an HTTP server located in another IPv4 client network.
o HTTP。在一个IPv4客户端网络中运行Internet Explorer的客户端能够从位于另一个IPv4客户端网络中的HTTP服务器访问和下载多个对象。
o P2P. BitComet software running on several PCs placed in different IPv4 client networks were able to find each other and share files.
o P2P。在位于不同IPv4客户端网络的多台PC上运行的BitComet软件能够相互查找并共享文件。
Other protocols, including FTP, SSH, IM (e.g., MSN, Google Talk), and Multimedia Streaming, all functioned correctly.
其他协议,包括FTP、SSH、IM(如MSN、Google Talk)和多媒体流,都正常运行。
Based on the above successful experiment, we are going to have further experiments in the following two aspects.
基于以上成功的实验,我们将在以下两个方面进行进一步的实验。
1. Inter-AS 4over6
1. 国米AS 4over6
The above experiment is only deployed over a single AS. With the growth of the network, there could be multiple ASes between the edge networks. Specifically, the Next Hop field in MP-BGP indicates the tunnel endpoint in the current 4over6 technology. However, in the Inter-AS scenario, the tunnel endpoint needs to be separated from the field of Next Hop. Moreover, since the technology of 4over6 is deployed on the router running MP-BGP, the supportability of 4over6 on each Autonomous System Border Router (ASBR) will be a main concern in the Inter-AS experiment. We may consider different situations: (1) Some ASBRs do not support 4over6; (2) ASBRs only support the 4over6 control plane (i.e., MP-BGP extension of 4over6) rather than 4over6 data plane; (3) ASBRs support both the control plane and the data plane for 4over6.
上述实验仅部署在单个AS上。随着网络的发展,边缘网络之间可能存在多个ASE。具体而言,MP-BGP中的下一跳字段表示当前4over6技术中的隧道端点。然而,在Inter-AS场景中,隧道端点需要与下一跳的字段分离。此外,由于4over6技术部署在运行MP-BGP的路由器上,因此在AS间试验中,4over6在每个自治系统边界路由器(ASBR)上的可支持性将是一个主要问题。我们可以考虑不同的情况:(1)一些ASBR不支持4OF6;(2) ASBR仅支持4over6控制平面(即4over6的MP-BGP扩展),不支持4over6数据平面;(3) ASBR支持4over6的控制平面和数据平面。
2. Multicast 4over6
2. 多播4over6
The current 4over6 technology only supports unicast routing and data forwarding. With the deployment of network-layer multicast in multiple IPv4 edge networks, we need to extend the 4over6 technology to support multicast including both multicast tree manipulation on the control plane and multicast traffic forwarding on the data plane. Based on the current unicast 4over6 technology providing the unicast connectivity of edge networks over the backbone in another address family, the multicast 4over6 will focus on the mapping technologies between the multicast groups in the different address families.
当前的4over6技术仅支持单播路由和数据转发。随着在多个IPv4边缘网络中部署网络层多播,我们需要扩展4over6技术以支持多播,包括控制平面上的多播树操作和数据平面上的多播流量转发。基于当前的单播4over6技术,该技术在另一个地址族的主干上提供边缘网络的单播连接,多播4over6将重点关注不同地址族中多播组之间的映射技术。
The 4over6 solution was presented at the IETF Softwires Working Group Interim meeting in Hong Kong in January 2006. The existence of this large-scale implementation and deployment clearly showed that MP-BGP could be employed to support tunnel setup in a scalable fashion across an IPv6 backbone. Perhaps most important was the use-case presented -- an IPv6 backbone that offers transit to attached client IPv4 networks.
4UF6解决方案在2006年1月的IETF SoffTwites工作组临时会议上提交给香港。这种大规模实施和部署的存在清楚地表明,MP-BGP可以用于以可扩展的方式跨IPv6主干支持隧道设置。也许最重要的是所展示的用例——一个提供到连接的客户端IPv4网络的传输的IPv6主干网。
The 4over6 solution can be viewed as a precursor to the Softwire Mesh Framework proposed in the softwire problem statement [RFC4925]. However, there are several differences with this solution and the effort that emerged from the Softwires Working Group called "softwire Mesh Framework" [RFC5565] and the related solutions [RFC5512] [RFC5549].
4over6解决方案可被视为软线问题声明[RFC4925]中提出的软线网格框架的前身。但是,该解决方案与名为“softwire Mesh Framework”[RFC5565]的softwire工作组以及相关解决方案[RFC5512][RFC5549]所做的工作存在一些差异。
o MP-BGP Extensions. 4over6 employs a new SAFI (BGP 4over6) to convey client IPv4 prefixes between 4over6 PE routers. Softwire Mesh retains the original AFI-SAFI designations, but it uses a modified MP_REACH_NLRI format to convey IPv4 Network Layer Reachability Information (NLRI) prefix information with an IPv6 next_hop address [RFC5549].
o MP-BGP扩展。4over6使用新的SAFI(BGP4over6)在4over6 PE路由器之间传输客户端IPv4前缀。Softwire Mesh保留了原始的AFI-SAFI名称,但它使用修改后的MP_-REACH_-NLRI格式,以IPv6下一跳地址[RFC5549]传递IPv4网络层可达性信息(NLRI)前缀信息。
o Encapsulation. 4over6 assumes IP-in-IP or it is possible to configure Generic Routing Encapsulation (GRE). Softwires uses those two scenarios configured locally or for IP headers that require dynamic updating. As a result, the BGP encapsulation SAFI is introduced in [RFC5512].
o 封装。4over6假设IP为IP,或者可以配置通用路由封装(GRE)。Softwire使用这两种在本地配置的方案或需要动态更新的IP头。因此,[RFC5512]中引入了BGP封装SAFI。
o Multicast. The basic 4over6 solution only implemented unicast communications. The multicast communications are specified in the Softwire Mesh Framework and are also supported by the multicast extension of 4over6.
o 多播。基本的4over6解决方案仅实现单播通信。多播通信在Softwire Mesh框架中指定,并且也由4over6的多播扩展支持。
o Use-Cases. The 4over6 solution in this document specifies the 4over6 use-case, which is also pretty easy to extend for the use-case of 6over4. The Softwire Mesh Framework supports both 4over6 and 6over4.
o 用例。本文档中的4over6解决方案指定了4over6用例,这对于6over4用例来说也是非常容易扩展的。软线网框架支持4over6和6over4。
A new SAFI value (67) has been assigned by IANA for the BGP 4over6 SAFI.
IANA为BGP 4over6 SAFI分配了一个新的SAFI值(67)。
Tunneling mechanisms, especially automatic ones, often have potential problems of Distributed Denial of Service (DDoS) attacks on the tunnel entry-point or tunnel exit-point. As the advantage, the BGP 4over6 extension doesn't allocate resources to a single flow or maintain the state for a flow. However, since the IPv6 tunnel endpoints are globally reachable IPv6 addresses, it would be trivial to spoof IPv4 packets by encapsulating and sending them over IPv6 to the tunnel interface. This could bypass IPv4 Reverse Path Forwarding (RPF) or other antispoofing techniques. Also, any IPv4 filters may be bypassed.
隧道机制,尤其是自动隧道机制,通常在隧道入口点或隧道出口点上存在分布式拒绝服务(DDoS)攻击的潜在问题。作为优势,BGP4over6扩展不向单个流分配资源或维护流的状态。但是,由于IPv6隧道端点是全局可访问的IPv6地址,因此通过封装IPv4数据包并通过IPv6将其发送到隧道接口来欺骗IPv4数据包是很简单的。这可能会绕过IPv4反向路径转发(RPF)或其他反屏蔽技术。此外,任何IPv4筛选器都可能被绕过。
An iBGP peering relationship may be maintained over IPsec or other secure communications.
iBGP对等关系可以通过IPsec或其他安全通信进行维护。
The emerging and growing deployment of IPv6 networks, in particular, IPv6 backbone networks, will introduce cases where connectivity with IPv4 networks is desired. Some IPv6 backbones will need to offer transit services to attached IPv4 access networks. The 4over6 solution outlined in this document supports such a capability through an extension to MP-BGP to convey IPv4 routing information along with an associated IPv6 address. Basic IP encapsulation is used in the data plane as IPv4 packets are tunneled through the IPv6 backbone.
IPv6网络(特别是IPv6主干网)的新兴和不断增长的部署将引入需要与IPv4网络连接的情况。一些IPv6主干网将需要向连接的IPv4接入网络提供传输服务。本文档中概述的4over6解决方案通过对MP-BGP的扩展支持这种功能,以传输IPv4路由信息以及相关的IPv6地址。在数据平面中使用基本IP封装,因为IPv4数据包通过IPv6主干进行隧道传输。
An actual implementation has been developed and deployed on the CNGI-CERNET2 IPv6 backbone.
已在CNGI-CERNET2 IPv6主干上开发并部署了一个实际实现。
During the design procedure of the 4over6 framework and definition of BGP-MP 4over6 extension, Professor Ke Xu gave the authors many valuable comments. The support of the IETF Softwires WG is also gratefully acknowledged with special thanks to David Ward, Alain Durand, and Mark Townsley for their rich experience and knowledge in this field. Yakov Rekhter provided helpful comments and advice. Mark Townsley reviewed this document carefully and gave the authors a lot of valuable comments, which were very important for improving this document.
在4over6框架的设计过程和BGP-MP 4over6扩展的定义中,徐克教授给了作者许多宝贵的意见。我们还特别感谢David Ward、Alain Durand和Mark Townsley在该领域的丰富经验和知识,感谢他们对IETF Softwires工作组的支持。雅科夫·雷克特提供了有益的评论和建议。马克·汤斯利仔细审阅了这份文件,并给了作者许多宝贵的意见,这些意见对改进这份文件非常重要。
The deployment and test for the prototype system was conducted among seven universities -- namely, Tsinghua University, Peking University, Beijing University of Post and Telecommunications, Shanghai Jiaotong University, Huazhong University of Science and Technology, Southeast
在清华大学、北京大学、邮电大学北京大学、上海交通大学、华中科技大学、东南大学等七所高校进行了原型系统的部署与测试。
University, and South China University of Technology. The authors would like to thank everyone involved in this effort at these universities.
大学和华南理工大学。作者要感谢在这些大学参与这项工作的每一个人。
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, December 1998.
[RFC2473]Conta,A.和S.Deering,“IPv6规范中的通用数据包隧道”,RFC 2473,1998年12月。
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4271]Rekhter,Y.,Li,T.,和S.Hares,“边境网关协议4(BGP-4)”,RFC 42712006年1月。
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, January 2007.
[RFC4760]Bates,T.,Chandra,R.,Katz,D.,和Y.Rekhter,“BGP-4的多协议扩展”,RFC 4760,2007年1月。
[RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire Problem Statement", RFC 4925, July 2007.
[RFC4925]Li,X.,Dawkins,S.,Ward,D.,和A.Durand,“软线问题声明”,RFC 49252007年7月。
[RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation Subsequent Address Family Identifier (SAFI) and the BGP Tunnel Encapsulation Attribute", RFC 5512, April 2009.
[RFC5512]Mohapatra,P.和E.Rosen,“BGP封装后续地址族标识符(SAFI)和BGP隧道封装属性”,RFC 5512,2009年4月。
[RFC5549] Le Faucheur, F. and E. Rosen, "Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop", RFC 5549, May 2009.
[RFC5549]Le Faucheur,F.和E.Rosen,“通过IPv6下一跳来宣传IPv4网络层可达性信息”,RFC 5549,2009年5月。
[RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh Framework", RFC 5565, June 2009.
[RFC5565]Wu,J.,Cui,Y.,Metz,C.和E.Rosen,“软线网格框架”,RFC 55652009年6月。
Authors' Addresses
作者地址
Jianping Wu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Phone: +86-10-6278-5983 EMail: jianping@cernet.edu.cn
吴建平清华大学计算机科学系,清华大学中国北京100084电话:+86-10-6278-5983电子邮件:jianping@cernet.edu.cn
Yong Cui Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Phone: +86-10-6278-5822 EMail: cy@csnet1.cs.tsinghua.edu.cn
崔勇清华大学计算机科学系,清华大学中国北京100084电话:+86-10-6278-5822电子邮件:cy@csnet1.cs.tsinghua.edu.cn
Xing Li Tsinghua University Department of Electronic Engineering, Tsinghua University Beijing 100084 P.R. China Phone: +86-10-6278-5983 EMail: xing@cernet.edu.cn
邢莉清华大学电子工程系,清华大学中国北京100084电话:+86-10-6278-5983电子邮件:xing@cernet.edu.cn
Mingwei Xu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Phone: +86-10-6278-5822 EMail: xmw@csnet1.cs.tsinghua.edu.cn
徐明伟清华大学计算机科学系,清华大学中国北京100084电话:+86-10-6278-5822电子邮件:xmw@csnet1.cs.tsinghua.edu.cn
Chris Metz Cisco Systems, Inc. 3700 Cisco Way San Jose, CA 95134 USA EMail: chmetz@cisco.com
Chris Metz Cisco Systems,Inc.美国加利福尼亚州圣何塞市思科大道3700号,邮编95134电子邮件:chmetz@cisco.com