Independent Submission                                        F. Templin
Request for Comments: 6964                  Boeing Research & Technology
Category: Informational                                         May 2013
ISSN: 2070-1721
        
Independent Submission                                        F. Templin
Request for Comments: 6964                  Boeing Research & Technology
Category: Informational                                         May 2013
ISSN: 2070-1721
        

Operational Guidance for IPv6 Deployment in IPv4 Sites Using the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

使用站点内自动隧道寻址协议(ISATAP)在IPv4站点中部署IPv6的操作指南

Abstract

摘要

Many end-user sites in the Internet today still have predominantly IPv4 internal infrastructures. These sites range in size from small home/office networks to large corporate enterprise networks, but share the commonality that IPv4 provides satisfactory internal routing and addressing services for most applications. As more and more IPv6-only services are deployed, however, end-user devices within such sites will increasingly require at least basic IPv6 functionality. This document therefore provides operational guidance for deployment of IPv6 within predominantly IPv4 sites using the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP).

如今,互联网上的许多最终用户站点仍然主要拥有IPv4内部基础设施。这些站点的规模从小型家庭/办公室网络到大型企业网络不等,但它们的共同点是IPv4为大多数应用程序提供了令人满意的内部路由和寻址服务。然而,随着越来越多的纯IPv6服务的部署,这些站点中的最终用户设备将越来越需要至少基本的IPv6功能。因此,本文档提供了使用站点内自动隧道寻址协议(ISATAP)在主要IPv4站点内部署IPv6的操作指南。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6964.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6964.

Copyright Notice

版权公告

Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Enabling IPv6 Services Using ISATAP . . . . . . . . . . . . .   4
   3.  SLAAC Services  . . . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Advertising ISATAP Router Behavior  . . . . . . . . . . .   5
     3.2.  ISATAP Host Behavior  . . . . . . . . . . . . . . . . . .   6
     3.3.  Reference Operational Scenario - Shared Prefix Model  . .   6
     3.4.  Reference Operational Scenario - Individual Prefix Model    9
     3.5.  SLAAC Site Administration Guidance  . . . . . . . . . . .  12
     3.6.  Loop Avoidance  . . . . . . . . . . . . . . . . . . . . .  14
     3.7.  Considerations for Compatibility of Interface Identifiers  14
   4.  Manual Configuration  . . . . . . . . . . . . . . . . . . . .  15
   5.  Scaling Considerations  . . . . . . . . . . . . . . . . . . .  15
   6.  Site Renumbering Considerations . . . . . . . . . . . . . . .  16
   7.  Path MTU Considerations . . . . . . . . . . . . . . . . . . .  16
   8.  Alternative Approaches  . . . . . . . . . . . . . . . . . . .  17
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  17
   10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  18
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  18
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  18
     11.2.  Informative References . . . . . . . . . . . . . . . . .  18
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Enabling IPv6 Services Using ISATAP . . . . . . . . . . . . .   4
   3.  SLAAC Services  . . . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Advertising ISATAP Router Behavior  . . . . . . . . . . .   5
     3.2.  ISATAP Host Behavior  . . . . . . . . . . . . . . . . . .   6
     3.3.  Reference Operational Scenario - Shared Prefix Model  . .   6
     3.4.  Reference Operational Scenario - Individual Prefix Model    9
     3.5.  SLAAC Site Administration Guidance  . . . . . . . . . . .  12
     3.6.  Loop Avoidance  . . . . . . . . . . . . . . . . . . . . .  14
     3.7.  Considerations for Compatibility of Interface Identifiers  14
   4.  Manual Configuration  . . . . . . . . . . . . . . . . . . . .  15
   5.  Scaling Considerations  . . . . . . . . . . . . . . . . . . .  15
   6.  Site Renumbering Considerations . . . . . . . . . . . . . . .  16
   7.  Path MTU Considerations . . . . . . . . . . . . . . . . . . .  16
   8.  Alternative Approaches  . . . . . . . . . . . . . . . . . . .  17
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  17
   10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  18
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  18
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  18
     11.2.  Informative References . . . . . . . . . . . . . . . . .  18
        
1. Introduction
1. 介绍

End-user sites in the Internet today internally use IPv4 routing and addressing for core operating functions, such as web browsing, file sharing, network printing, email, teleconferencing, and numerous other site-internal networking services. Such sites typically have an abundance of public and/or private IPv4 addresses for internal networking and are separated from the public Internet by firewalls, packet filtering gateways, proxies, address translators, and other site-border demarcation devices. To date, such sites have had little incentive to enable IPv6 services internally [RFC1687].

如今,互联网中的最终用户站点在内部使用IPv4路由和寻址实现核心操作功能,如web浏览、文件共享、网络打印、电子邮件、电话会议和许多其他站点内部网络服务。此类站点通常具有大量用于内部网络的公共和/或私有IPv4地址,并通过防火墙、包过滤网关、代理、地址转换器和其他站点边界划分设备与公共互联网分离。到目前为止,此类网站几乎没有动力在内部启用IPv6服务[RFC1687]。

End-user sites that currently use IPv4 services internally come in endless sizes and varieties. For example, a home network behind a Network Address Translator (NAT) may consist of a single link supporting a few laptops, printers, etc. As a larger example, a small business may consist of one or a few offices with several networks connecting considerably larger numbers of computers, routers, handheld devices, printers, faxes, etc. Moving further up the scale, large financial institutions, major retailers, large corporations, etc., may consist of hundreds or thousands of branches worldwide that are tied together in a complex global enterprise network. Additional examples include personal-area networks, mobile vehicular networks, disaster relief networks, tactical military networks, various forms of Mobile Ad Hoc Networks (MANETs), etc.

目前在内部使用IPv4服务的最终用户站点的规模和种类无穷无尽。例如,网络地址转换器(NAT)后面的家庭网络可能由支持几台笔记本电脑、打印机等的单个链路组成。作为一个更大的示例,小型企业可能由一个或几个办公室组成,其中几个办公室的多个网络连接大量的计算机、路由器、手持设备、打印机、传真机、,随着规模的进一步扩大,大型金融机构、大型零售商、大型公司等可能由全球数百家或数千家分支机构组成,这些分支机构被捆绑在一个复杂的全球企业网络中。其他示例包括个人区域网络、移动车辆网络、救灾网络、战术军事网络、各种形式的移动自组网(MANET)等。

With the proliferation of IPv6 services, however, existing IPv4 sites will increasingly require a means for enabling IPv6 services so that hosts within the site can communicate with IPv6-only correspondents. Such services must be deployable with minimal configuration and in a fashion that will not cause disruptions to existing IPv4 services. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] provides a simple-to-use service that sites can deploy in the near term to meet these requirements.

然而,随着IPv6服务的激增,现有IPv4站点将越来越需要一种启用IPv6服务的方法,以便站点内的主机可以与仅限IPv6的通信方通信。此类服务必须能够以最少的配置部署,并且不会对现有IPv4服务造成中断。站点内自动隧道寻址协议(ISATAP)[RFC5214]提供了一种简单易用的服务,站点可以在短期内部署该服务以满足这些要求。

ISATAP has also often been mentioned with respect to IPv6 deployment in enterprise networks [RFC4057] [RFC4852] [ENT-IPv6]. ISATAP can therefore be considered as an IPv6 solution alternative based on candidate enterprise network characteristics.

ISATAP还经常提到在企业网络中部署IPv6[RFC4057][RFC4852][ENT-IPv6]。因此,ISATAP可以被视为基于候选企业网络特征的IPv6解决方案替代方案。

This document provides operational guidance for using ISATAP to enable IPv6 services within predominantly IPv4 sites while causing no disruptions to existing IPv4 services. The terminology of ISATAP (see [RFC5214], Section 3) applies also to this document.

本文档提供了使用ISATAP在主要IPv4站点内启用IPv6服务的操作指南,同时不会中断现有IPv4服务。ISATAP的术语(见[RFC5214],第3节)也适用于本文件。

2. Enabling IPv6 Services Using ISATAP
2. 使用ISATAP启用IPv6服务

Existing sites within the Internet will soon need to enable IPv6 services. Larger sites typically obtain provider-independent IPv6 prefixes from an Internet registry and advertise the prefixes into the IPv6 routing system on their own behalf, i.e., they act as an Internet Service Provider (ISP) unto themselves. Smaller sites that wish to enable IPv6 can arrange to obtain public IPv6 prefixes from an ISP, where the prefixes may be either purely native or the near-native prefixes offered by the IPv6 Rapid Deployment on IPv4 (6rd) [RFC5969]. Alternatively, the site can obtain prefixes independently of an ISP, e.g., via a tunnel broker [RFC3053], by using one of its public IPv4 addresses to form a 6to4 prefix [RFC3056], etc. In any case, after obtaining IPv6 prefixes, the site can automatically enable IPv6 services internally by configuring ISATAP.

Internet中的现有站点很快将需要启用IPv6服务。大型站点通常从Internet注册表获取独立于提供商的IPv6前缀,并代表自己将前缀发布到IPv6路由系统中,即充当自己的Internet服务提供商(ISP)。希望启用IPv6的较小站点可以安排从ISP获取公共IPv6前缀,其中前缀可以是纯本机前缀,也可以是IPv4(6rd)上IPv6快速部署提供的接近本机前缀[RFC5969]。或者,站点可以独立于ISP获得前缀,例如通过隧道代理[RFC3053],通过使用其公共IPv4地址之一形成6to4前缀[RFC3056]等。在任何情况下,在获得IPv6前缀后,站点可以通过配置ISATAP在内部自动启用IPv6服务。

The ISATAP service uses a Non-Broadcast, Multiple Access (NBMA) tunnel virtual interface model [RFC2491] [RFC2529] based on IPv6-in-IPv4 encapsulation [RFC4213]. The encapsulation format can further use Differentiated Services (DS) [RFC2983] and Explicit Congestion Notification (ECN) [RFC3168] mapping between the inner and outer IP headers to ensure expected per-hop behavior within well-managed sites.

ISATAP服务使用基于IPv6-in-IPv4封装[RFC4213]的非广播多址(NBMA)隧道虚拟接口模型[RFC2491][RFC2529]。封装格式还可以在内部和外部IP报头之间使用区分服务(DS)[RFC2983]和显式拥塞通知(ECN)[RFC3168]映射,以确保管理良好的站点内的预期每跳行为。

The ISATAP service is based on two node types known as advertising ISATAP routers and ISATAP hosts. (While out of scope for this document, a third node type known as non-advertising ISATAP routers is defined in [ISATAP-UPDATE].) Each node may further have multiple ISATAP interfaces (i.e., one interface for each site) and may act as an advertising ISATAP router on some of those interfaces and a simple ISATAP host on others. Hence, the node type is considered on a per-interface basis.

ISATAP服务基于两种节点类型,即ISATAP路由器和ISATAP主机。(虽然不在本文件的范围内,但在[ISATAP-UPDATE]中定义了称为非广告ISATAP路由器的第三种节点类型)。每个节点还可以具有多个ISATAP接口(即,每个站点一个接口),并且可以在其中一些接口上充当广告ISATAP路由器,在其他接口上充当简单的ISATAP主机。因此,节点类型是基于每个接口考虑的。

Advertising ISATAP routers configure their ISATAP interfaces as advertising router interfaces (see [RFC4861], Section 6.2.2). ISATAP hosts configure their ISATAP interfaces as simple host interfaces and also coordinate their autoconfiguration operations with advertising ISATAP routers. In this sense, advertising ISATAP routers are "servers" while ISATAP hosts are "clients" in the service model.

广告ISATAP路由器将其ISATAP接口配置为广告路由器接口(参见[RFC4861],第6.2.2节)。ISATAP主机将其ISATAP接口配置为简单的主机接口,并与ISATAP路由器协调其自动配置操作。从这个意义上说,在服务模型中,ISATAP路由器是“服务器”,而ISATAP主机是“客户端”。

Advertising ISATAP routers arrange to add their IPv4 addresses to the site's Potential Router List (PRL) so that ISATAP clients can discover them, as discussed in Sections 8.3.2 and 9 of [RFC5214]. Alternatively, site administrators could include IPv4 anycast addresses in the PRL and assign each such address to multiple advertising ISATAP routers. In that case, IPv4 routing within the site would direct the ISATAP client to the nearest advertising ISATAP router.

广告ISATAP路由器安排将其IPv4地址添加到站点的潜在路由器列表(PRL)中,以便ISATAP客户端可以发现它们,如[RFC5214]第8.3.2和9节所述。或者,站点管理员可以在PRL中包括IPv4选播地址,并将每个地址分配给多个路由器。在这种情况下,站点内的IPv4路由会将ISATAP客户端定向到最近的ISATAP路由器。

After the PRL is published, ISATAP clients within the site can automatically perform unicast IPv6 Neighbor Discovery Router Solicitation (RS) / Router Advertisement (RA) exchanges with advertising ISATAP routers using IPv6-in-IPv4 encapsulation [RFC4861] [RFC5214]. In the exchange, the IPv4 source address of the RS and the destination address of the RA are an IPv4 address of the client, while the IPv4 destination address of the RS and the source address of the RA are an IPv4 address of a server found in the PRL. Similarly, the IPv6 source address of the RS is a link-local ISATAP address that embeds the client's IPv4 address, while the source address of the RA is a link-local ISATAP address that embeds the server's IPv4 address. (The destination addresses of the RS and RA may be either the neighbor's link-local ISATAP address or a link-scoped multicast address, depending on the implementation.)

PRL发布后,站点内的ISATAP客户端可以使用IPv6-in-IPv4封装[RFC4861][RFC5214]自动执行单播IPv6邻居发现路由器请求(RS)/路由器广告(RA)与广告ISATAP路由器的交换。在exchange中,RS的IPv4源地址和RA的目标地址是客户端的IPv4地址,而RS的IPv4目标地址和RA的源地址是在PRL中找到的服务器的IPv4地址。类似地,RS的IPv6源地址是嵌入客户端IPv4地址的链路本地ISATAP地址,而RA的源地址是嵌入服务器IPv4地址的链路本地ISATAP地址。(RS和RA的目的地地址可能是邻居的链路本地ISATAP地址或链路作用域多播地址,具体取决于实现。)

Following router discovery, ISATAP clients can configure and assign IPv6 addresses and/or prefixes using Stateless Address AutoConfiguration (SLAAC) [RFC4862] [RFC5214]. While out of scope for this document, use of the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC3315] is also possible, pending future updates (see [ISATAP-UPDATE]).

在路由器发现之后,ISATAP客户端可以使用无状态地址自动配置(SLAAC)[RFC4862][RFC5214]配置和分配IPv6地址和/或前缀。虽然不在本文档的范围内,但也可以使用IPv6动态主机配置协议(DHCPv6)[RFC3315],等待将来的更新(请参阅[ISATAP-UPDATE])。

3. SLAAC Services
3. 斯拉克服务

Predominantly IPv4 sites can enable SLAAC services for ISATAP clients that need to communicate with IPv6 correspondents. SLAAC services are enabled using either the "shared" or "individual" prefix model. In the shared prefix model, all advertising ISATAP routers advertise a common prefix (e.g., 2001:db8::/64) to ISATAP clients within the site. In the individual prefix model, advertising ISATAP router advertise individual prefixes (e.g., 2001:db8:0:1::/64, 2001:db8:0:2::/64, 2001:db8:0:3::/64, etc.) to ISATAP clients within the site. Note that combinations of the shared and individual prefix models are also possible, in which some of the site's ISATAP routers advertise shared prefixes and others advertise individual prefixes.

主要是IPv4站点可以为需要与IPv6通信的ISATAP客户端启用SLAAC服务。SLAAC服务使用“共享”或“单个”前缀模型启用。在共享前缀模型中,所有播发ISATAP路由器向站点内的ISATAP客户端播发一个公共前缀(例如,2001:db8::/64)。在单个前缀模型中,播发ISATAP路由器向站点内的ISATAP客户端播发单个前缀(例如,2001:db8:0:1::/64,2001:db8:0:2::/64,2001:db8:0:3::/64等)。请注意,共享前缀模型和单个前缀模型的组合也是可能的,其中一些站点的ISATAP路由器发布共享前缀,而其他路由器发布单个前缀。

The following sections discuss operational considerations for enabling ISATAP SLAAC services within predominantly IPv4 sites.

以下各节讨论在IPv4站点中启用ISATAP SLAAC服务的操作注意事项。

3.1. Advertising ISATAP Router Behavior
3.1. 路由器行为的广告分析

Advertising ISATAP routers that support SLAAC services send RA messages in response to RS messages received on an advertising ISATAP interface. SLAAC services are enabled when advertising ISATAP routers advertise non-link-local IPv6 prefixes in the Prefix Information Options (PIOs) with the A flag set to 1 [RFC4861]. When there are multiple advertising ISATAP routers, the routers can advertise a shared IPv6 prefix or individual IPv6 prefixes.

支持SLAAC服务的广告ISATAP路由器发送RA消息,以响应在广告ISATAP接口上接收的RS消息。当ISATAP路由器在前缀信息选项(PIO)中以设置为1[RFC4861]的标志发布非链路本地IPv6前缀时,将启用SLAAC服务。当存在多个播发ISATAP路由器时,路由器可以播发共享IPv6前缀或单个IPv6前缀。

3.2. ISATAP Host Behavior
3.2. ISATAP主机行为

ISATAP hosts resolve the PRL and send RS messages to obtain RA messages from an advertising ISATAP router. When the host receives RA messages, it uses SLAAC to configure IPv6 addresses from any advertised prefixes with the A flag set to 1 as specified in [RFC4862] and [RFC5214], then it assigns the addresses to the ISATAP interface. The host also assigns any of the advertised prefixes with the L flag set to 1 to the ISATAP interface. (Note that the IPv6 link-local prefix fe80::/64 is always considered on-link on an ISATAP interface.)

ISATAP主机解析PRL并发送RS消息以从ISATAP路由器获取RA消息。当主机接收到RA消息时,它使用SLAAC从任何播发前缀配置IPv6地址,并按照[RFC4862]和[RFC5214]中的规定将标志设置为1,然后将地址分配给ISATAP接口。主机还将L标志设置为1的任何播发前缀分配给ISATAP接口。(请注意,IPv6链路本地前缀fe80::/64始终在ISATAP接口上的链路上考虑。)

3.3. Reference Operational Scenario - Shared Prefix Model
3.3. 参考操作场景-共享前缀模型

Figure 1 depicts an example ISATAP network topology for allowing hosts within a predominantly IPv4 site to configure ISATAP services using SLAAC with the shared prefix model. The example shows two advertising ISATAP routers ('A', 'B'), two ISATAP hosts ('C', 'D'), and an ordinary IPv6 host ('E') outside of the site in a typical deployment configuration. In this model, routers 'A' and 'B' both advertise the same (shared) IPv6 prefix 2001:db8::/64 into the IPv6 routing system, and also advertise the prefix in the RA messages they send to ISATAP clients.

图1描述了一个示例ISATAP网络拓扑,该拓扑允许主要IPv4站点内的主机使用带有共享前缀模型的SLAAC配置ISATAP服务。该示例显示了典型部署配置中站点外部的两个ISATAP路由器('A','B')、两个ISATAP主机('C','D')和一个普通IPv6主机('E')。在此模型中,路由器“A”和“B”都将相同(共享)IPv6前缀2001:db8::/64播发到IPv6路由系统中,并在它们发送给ISATAP客户端的RA消息中播发前缀。

                    .-(::::::::)      2001:db8:1::1
                 .-(::: IPv6 :::)-.  +-------------+
                (:::: Internet ::::) | IPv6 Host E |
                 `-(::::::::::::)-'  +-------------+
                    `-(::::::)-'
                ,~~~~~~~~~~~~~~~~~,
           ,----|companion gateway|--.
          /     '~~~~~~~~~~~~~~~~~'  :
         /                           |.
      ,-'                              `.
     ;  +------------+   +------------+  )
     :  |  Router A  |   |  Router B  |  /
      : |  (isatap)  |   |  (isatap)  |  :
      : | 192.0.2.1  |   | 192.0.2.1  | ;
      + +------------+   +------------+  \
     fe80::*:192.0.2.1   fe80::*:192.0.2.1
     | 2001:db8::/64       2001:db8::/64  |
     |                                   ;
     :              IPv4 Site         -+-'
      `-.       (PRL: 192.0.2.1)       .)
         \                           _)
          `-----+--------)----+'----'
     fe80::*:192.0.2.18          fe80::*:192.0.2.34
   2001:db8::*:192.0.2.18      2001:db8::*:192.0.2.34
     +--------------+           +--------------+
     |  192.0.2.18  |           |  192.0.2.34  |
     |   (isatap)   |           |   (isatap)   |
     |    Host C    |           |    Host D    |
     +--------------+           +--------------+
        
                    .-(::::::::)      2001:db8:1::1
                 .-(::: IPv6 :::)-.  +-------------+
                (:::: Internet ::::) | IPv6 Host E |
                 `-(::::::::::::)-'  +-------------+
                    `-(::::::)-'
                ,~~~~~~~~~~~~~~~~~,
           ,----|companion gateway|--.
          /     '~~~~~~~~~~~~~~~~~'  :
         /                           |.
      ,-'                              `.
     ;  +------------+   +------------+  )
     :  |  Router A  |   |  Router B  |  /
      : |  (isatap)  |   |  (isatap)  |  :
      : | 192.0.2.1  |   | 192.0.2.1  | ;
      + +------------+   +------------+  \
     fe80::*:192.0.2.1   fe80::*:192.0.2.1
     | 2001:db8::/64       2001:db8::/64  |
     |                                   ;
     :              IPv4 Site         -+-'
      `-.       (PRL: 192.0.2.1)       .)
         \                           _)
          `-----+--------)----+'----'
     fe80::*:192.0.2.18          fe80::*:192.0.2.34
   2001:db8::*:192.0.2.18      2001:db8::*:192.0.2.34
     +--------------+           +--------------+
     |  192.0.2.18  |           |  192.0.2.34  |
     |   (isatap)   |           |   (isatap)   |
     |    Host C    |           |    Host D    |
     +--------------+           +--------------+
        
   (* == "0000:5efe", i.e., the organizational unique code for ISATAP,
    per Section 6.1 of [RFC5214])
        
   (* == "0000:5efe", i.e., the organizational unique code for ISATAP,
    per Section 6.1 of [RFC5214])
        

Figure 1: Example ISATAP Network Topology Using Shared Prefix Model

图1:使用共享前缀模型的ISATAP网络拓扑示例

With reference to Figure 1, advertising ISATAP routers 'A' and 'B' within the IPv4 site connect to the IPv6 Internet either directly or via a companion gateway. The routers advertise the shared prefix 2001:db8::/64 into the IPv6 Internet routing system either as a singleton /64 or as part of a shorter aggregated IPv6 prefix. For the purpose of this example, we also assume that the IPv4 site is configured within multiple IPv4 subnets -- each with an IPv4 prefix length of /28.

参考图1,IPv4站点内的路由器“A”和“B”直接或通过伴随网关连接到IPv6 Internet。路由器将共享前缀2001:db8::/64作为单例/64或作为较短的聚合IPv6前缀的一部分发布到IPv6 Internet路由系统中。在本例中,我们还假设IPv4站点配置在多个IPv4子网中——每个子网的IPv4前缀长度为/28。

Advertising ISATAP routers 'A' and 'B' both configure the IPv4 anycast address 192.0.2.1 on a site-interior IPv4 interface, then configure an advertising ISATAP router interface for the site with link-local ISATAP address fe80::5efe:192.0.2.1. The site

播发ISATAP路由器“A”和“B”都在站点内部IPv4接口上配置IPv4选播地址192.0.2.1,然后使用链路本地ISATAP地址fe80::5efe:192.0.2.1为站点配置播发ISATAP路由器接口。场地

administrator then places the single IPv4 address 192.0.2.1 in the site's PRL. 'A' and 'B' then both advertise the anycast address/ prefix into the site's IPv4 routing system so that ISATAP clients can locate the router that is topologically closest. (Note: advertising ISATAP routers can also use individual IPv4 unicast addresses instead of, or in addition to, a shared IPv4 anycast address. In that case, the PRL will contain multiple IPv4 addresses of advertising routers -- some of which may be anycast and others unicast.)

然后,管理员将单个IPv4地址192.0.2.1放入站点的PRL中。”然后A'和B'都将选播地址/前缀播发到站点的IPv4路由系统中,以便ISATAP客户端可以找到拓扑上最接近的路由器。(注意:播发ISATAP路由器也可以使用单独的IPv4单播地址,而不是共享的IPv4选播地址,或者除此之外使用共享的IPv4选播地址。在这种情况下,PRL将包含播发路由器的多个IPv4地址——其中一些可能是选播,另一些可能是单播。)

ISATAP host 'C' connects to the site via an IPv4 interface with address 192.0.2.18/28 and also configures an ISATAP host interface with link-local ISATAP address fe80::5efe:192.0.2.18 over the IPv4 interface. 'C' next resolves the PRL and sends an RS message to the IPv4 address 192.0.2.1, where IPv4 routing will direct it to the closest of either 'A' or 'B'. Assuming 'A' is closest, 'C' receives an RA from 'A' then configures a default IPv6 route with next-hop address fe80::5efe:192.0.2.1 via the ISATAP interface and processes the IPv6 prefix 2001:db8::/64 advertised in the PIO. If the A flag is set in the PIO, 'C' uses SLAAC to automatically configure the IPv6 address 2001:db8::5efe:192.0.2.18 (i.e., an address with an ISATAP interface identifier) and assigns it to the ISATAP interface. If the L flag is set, 'C' also assigns the prefix 2001:db8::/64 to the ISATAP interface, and the IPv6 address becomes a true ISATAP address.

ISATAP主机“C”通过地址为192.0.2.18/28的IPv4接口连接到站点,并通过IPv4接口配置链接本地ISATAP地址为fe80::5efe:192.0.2.18的ISATAP主机接口C'下一步解析PRL并向IPv4地址192.0.2.1发送RS消息,IPv4路由将其定向到最接近的'A'或'B'。假设“A”最接近,“C”从“A”接收RA,然后通过ISATAP接口使用下一跳地址fe80::5efe:192.0.2.1配置默认IPv6路由,并处理PIO中公布的IPv6前缀2001:db8::/64。如果在PIO中设置了A标志,“C”使用SLAAC自动配置IPv6地址2001:db8::5efe:192.0.2.18(即具有ISATAP接口标识符的地址),并将其分配给ISATAP接口。如果设置了L标志,“C”还会将前缀2001:db8::/64分配给ISATAP接口,IPv6地址将成为真正的ISATAP地址。

In the same fashion, ISATAP host 'D' configures its IPv4 interface with address 192.0.2.34/28 and configures its ISATAP interface with link-local ISATAP address fe80::5efe:192.0.2.34. 'D' next performs an RS/RA exchange that is serviced by 'B', then uses SLAAC to autoconfigure the address 2001:db8::5efe:192.0.2.34 and a default IPv6 route with next-hop address fe80::5efe:192.0.2.1. Finally, IPv6 host 'E' connects to an IPv6 network outside of the site. 'E' configures its IPv6 interface in a manner specific to its attached IPv6 link and autoconfigures the IPv6 address 2001:db8:1::1.

同样,ISATAP主机“D”将其IPv4接口配置为地址192.0.2.34/28,并将其ISATAP接口配置为链路本地ISATAP地址fe80::5efe:192.0.2.34D'下一步执行由'B'提供服务的RS/RA交换,然后使用SLAAC自动配置地址2001:db8::5efe:192.0.2.34和下一跳地址fe80::5efe:192.0.2.1的默认IPv6路由。最后,IPv6主机“E”连接到站点外部的IPv6网络E'以特定于其连接的IPv6链路的方式配置其IPv6接口,并自动配置IPv6地址2001:db8:1::1。

Following this autoconfiguration, when host 'C' inside the site has an IPv6 packet to send to host 'E' outside the site, it prepares the packet with source address 2001:db8::5efe:192.0.2.18 and destination address 2001:db8:1::1. 'C' then uses IPv6-in-IPv4 encapsulation to forward the packet to the IPv4 address 192.0.2.1, which will be directed to 'A' based on IPv4 routing. 'A' in turn decapsulates the packet and forwards it into the public IPv6 Internet, where it will be conveyed to 'E' via normal IPv6 routing. In the same fashion, host 'D' uses IPv6-in-IPv4 encapsulation via its default router 'B' to send IPv6 packets to IPv6 Internet hosts such as 'E'.

按照此自动配置,当站点内的主机“C”有一个IPv6数据包要发送到站点外的主机“E”时,它将使用源地址2001:db8::5efe:192.0.2.18和目标地址2001:db8:1::1准备数据包C'然后使用IPv6-in-IPv4封装将数据包转发到IPv4地址192.0.2.1,该地址将根据IPv4路由定向到'A'“A”依次解除数据包的封装,并将其转发到公共IPv6 Internet,在那里它将通过正常IPv6路由传输到“E”。同样,主机“D”通过其默认路由器“B”使用IPv6-In-IPv4封装,将IPv6数据包发送到IPv6互联网主机(如“E”)。

When host 'E' outside the site sends IPv6 packets to ISATAP host 'C' inside the site, the IPv6 routing system may direct the packet to either 'A' or 'B'. If the site is not partitioned internally, the

当站点外部的主机“E”向站点内部的ISATAP主机“C”发送IPv6数据包时,IPv6路由系统可能会将数据包定向到“A”或“B”。如果站点没有内部分区,则

router that receives the packet can use ISATAP to statelessly forward the packet directly to 'C'. If the site may be partitioned internally, however, the packet must first be forwarded to 'C's serving router based on IPv6 routing information. This implies that, in a partitioned site, the advertising ISATAP routers must connect within a full or partial mesh of IPv6 links, and they must either run a dynamic IPv6 routing protocol or configure static routes so that incoming IPv6 packets can be forwarded to the correct serving router.

接收数据包的路由器可以使用ISATAP无状态地将数据包直接转发到“C”。但是,如果站点可以在内部分区,则必须首先根据IPv6路由信息将数据包转发到“C”的服务路由器。这意味着,在分区站点中,ISATAP路由器必须在IPv6链路的完整或部分网格内连接,并且它们必须运行动态IPv6路由协议或配置静态路由,以便将传入的IPv6数据包转发到正确的服务路由器。

In this example, 'A' can configure the IPv6 route 2001:db8::5efe:192.0.2.32/124 with the IPv6 address of the next hop toward 'B' in the mesh network as the next hop, and 'B' can configure the IPv6 route 2001:db8::5efe:192.0.2.16/124 with the IPv6 address of the next hop toward 'A' as the next hop. (Notice that the /124 prefixes properly cover the /28 prefix of the IPv4 address that is embedded within the IPv6 address.) In that case, when 'A' receives a packet from the IPv6 Internet with destination address 2001:db8::5efe:192.0.2.34, it first forwards the packet toward 'B' over an IPv6 mesh link. 'B' in turn uses ISATAP to forward the packet into the site, where IPv4 routing will direct it to 'D'. In the same fashion, when 'B' receives a packet from the IPv6 Internet with destination address 2001:db8::5efe:192.0.2.18, it first forwards the packet toward 'A' over an IPv6 mesh link. 'A' then uses ISATAP to forward the packet into the site, where IPv4 routing will direct it to 'C'.

在本例中,“A”可以配置IPv6路由2001:db8::5efe:192.0.2.32/124,将网状网络中朝向“B”的下一个跃点的IPv6地址作为下一个跃点,“B”可以配置IPv6路由2001:db8::5efe:192.0.2.16/124,将朝向“A”的下一个跃点的IPv6地址作为下一个跃点。(请注意,/124前缀正确地覆盖了嵌入IPv6地址中的IPv4地址的/28前缀。)在这种情况下,当“A”从IPv6 Internet接收到目标地址为2001:db8::5efe:192.0.2.34的数据包时,它首先通过IPv6网状链路将数据包转发到“B”B'反过来使用ISATAP将数据包转发到站点,IPv4路由将数据包定向到“D”。同样,当“B”从IPv6 Internet接收到目标地址为2001:db8::5efe:192.0.2.18的数据包时,它首先通过IPv6网状链路将数据包转发给“a”A'然后使用ISATAP将数据包转发到站点,IPv4路由将数据包定向到C'。

Finally, when host 'C' inside the site connects to host 'D' inside the site, it has the option of using the native IPv4 service or the ISATAP IPv6-in-IPv4 encapsulation service. When there is operational assurance that IPv4 services between the two hosts are available, the hosts may be better served to continue to use legacy IPv4 services in order to avoid encapsulation overhead and to avoid communication failures due to middleboxes in the path that filter protocol-41 packets [RFC4213]. If 'C' and 'D' could be in different IPv4 network partitions, however, IPv6-in-IPv4 encapsulation should be used with one or both of routers 'A' and 'B' serving as intermediate gateways.

最后,当站点内的主机“C”连接到站点内的主机“D”时,它可以选择使用本机IPv4服务或ISATAP IPv6-in-IPv4封装服务。当两台主机之间的IPv4服务可用时,可以更好地为主机提供服务,以继续使用传统IPv4服务,以避免封装开销,并避免由于过滤协议-41数据包的路径中的中间盒而导致的通信故障[RFC4213]。但是,如果“C”和“D”可能位于不同的IPv4网络分区中,则应将IPv6-in-IPv4封装与一个或两个路由器“A”和“B”一起用作中间网关。

3.4. Reference Operational Scenario - Individual Prefix Model
3.4. 参考操作场景-单个前缀模型

Figure 2 depicts an example ISATAP network topology for allowing hosts within a predominantly IPv4 site to configure ISATAP services using SLAAC with the individual prefix model. The example shows two advertising ISATAP routers ('A', 'B'), two ISATAP hosts ('C', 'D'), and an ordinary IPv6 host ('E') outside of the site in a typical deployment configuration. In the figure, ISATAP routers 'A' and 'B' both advertise different prefixes taken from the aggregated prefix 2001:db8::/48, with 'A' advertising 2001:db8:0:1::/64 and 'B' advertising 2001:db8:0:2::/64.

图2描述了一个示例ISATAP网络拓扑,该拓扑允许主要IPv4站点中的主机使用带有单个前缀模型的SLAAC配置ISATAP服务。该示例显示了典型部署配置中站点外部的两个ISATAP路由器('A','B')、两个ISATAP主机('C','D')和一个普通IPv6主机('E')。在图中,ISATAP路由器“A”和“B”都会播发来自聚合前缀2001:db8::/48的不同前缀,其中“A”播发2001:db8:0:1::/64和“B”播发2001:db8:0:2::/64。

                    .-(::::::::)      2001:db8:1::1
                 .-(::: IPv6 :::)-.  +-------------+
                (:::: Internet ::::) | IPv6 Host E |
                 `-(::::::::::::)-'  +-------------+
                    `-(::::::)-'
                ,~~~~~~~~~~~~~~~~~,
           ,----|companion gateway|--.
          /     '~~~~~~~~~~~~~~~~~'  :
         /                           |.
      ,-'                              `.
     ;  +------------+   +------------+  )
     :  |  Router A  |   |  Router B  |  /
      : |  (isatap)  |   |  (isatap)  |  :
      : | 192.0.2.17 |   | 192.0.2.33 | ;
      + +------------+   +------------+  \
     fe80::*:192.0.2.17   fe80::*:192.0.2.33
     2001:db8:0:1::/64   2001:db8:0:2::/64
     |                                   ;
     :              IPv4 Site         -+-'
      `-.       (PRL: 192.0.2.1)       .)
         \                           _)
          `-----+--------)----+'----'
     fe80::*:192.0.2.18          fe80::*:192.0.2.34
   2001:db8:0:1::*:192.0.2.18  2001:db8:0:2::*:192.0.2.34
     +--------------+           +--------------+
     |  192.0.2.18  |           |  192.0.2.34  |
     |   (isatap)   |           |   (isatap)   |
     |    Host C    |           |    Host D    |
     +--------------+           +--------------+
        
                    .-(::::::::)      2001:db8:1::1
                 .-(::: IPv6 :::)-.  +-------------+
                (:::: Internet ::::) | IPv6 Host E |
                 `-(::::::::::::)-'  +-------------+
                    `-(::::::)-'
                ,~~~~~~~~~~~~~~~~~,
           ,----|companion gateway|--.
          /     '~~~~~~~~~~~~~~~~~'  :
         /                           |.
      ,-'                              `.
     ;  +------------+   +------------+  )
     :  |  Router A  |   |  Router B  |  /
      : |  (isatap)  |   |  (isatap)  |  :
      : | 192.0.2.17 |   | 192.0.2.33 | ;
      + +------------+   +------------+  \
     fe80::*:192.0.2.17   fe80::*:192.0.2.33
     2001:db8:0:1::/64   2001:db8:0:2::/64
     |                                   ;
     :              IPv4 Site         -+-'
      `-.       (PRL: 192.0.2.1)       .)
         \                           _)
          `-----+--------)----+'----'
     fe80::*:192.0.2.18          fe80::*:192.0.2.34
   2001:db8:0:1::*:192.0.2.18  2001:db8:0:2::*:192.0.2.34
     +--------------+           +--------------+
     |  192.0.2.18  |           |  192.0.2.34  |
     |   (isatap)   |           |   (isatap)   |
     |    Host C    |           |    Host D    |
     +--------------+           +--------------+
        
   (* == "0000:5efe")
        
   (* == "0000:5efe")
        

Figure 2: Example ISATAP Network Topology Using Individual Prefix Model

图2:使用单个前缀模型的ISATAP网络拓扑示例

With reference to Figure 2, advertising ISATAP routers 'A' and 'B' within the IPv4 site connect to the IPv6 Internet either directly or via a companion gateway. Router 'A' advertises the individual prefix 2001:db8:0:1::/64 into the IPv6 Internet routing system, and router 'B' advertises the individual prefix 2001:db8:0:2::/64. The routers could instead both advertise a shorter shared prefix such as 2001:db8::/48 into the IPv6 routing system, but in that case they would need to configure a mesh of IPv6 links between themselves in the same fashion as described for the shared prefix model in Section 3.3. For the purpose of this example, we also assume that the IPv4 site is configured within multiple IPv4 subnets -- each with an IPv4 prefix length of /28.

参考图2,IPv4站点内的路由器“A”和“B”直接或通过伴随网关连接到IPv6 Internet。路由器“A”向IPv6 Internet路由系统播发单个前缀2001:db8:0:1::/64,路由器“B”播发单个前缀2001:db8:0:2::/64。路由器可以将较短的共享前缀(如2001:db8::/48)播发到IPv6路由系统中,但在这种情况下,它们需要以与第3.3节中共享前缀模型相同的方式配置它们之间的IPv6链路网格。在本例中,我们还假设IPv4站点配置在多个IPv4子网中——每个子网的IPv4前缀长度为/28。

Advertising ISATAP routers 'A' and 'B' both configure individual IPv4 unicast addresses 192.0.2.17/28 and 192.0.2.33/28 (respectively) instead of, or in addition to, a shared IPv4 anycast address. Router 'A' then configures an advertising ISATAP router interface for the site with link-local ISATAP address fe80::5efe:192.0.2.17, while router 'B' configures an advertising ISATAP router interface for the site with link-local ISATAP address fe80::5efe:192.0.2.33. The site administrator then places the IPv4 addresses 192.0.2.17 and 192.0.2.33 in the site's PRL. 'A' and 'B' then both advertise their IPv4 addresses into the site's IPv4 routing system.

ISATAP路由器“A”和“B”都配置单独的IPv4单播地址192.0.2.17/28和192.0.2.33/28(分别),而不是共享IPv4选播地址,或者作为共享IPv4选播地址的补充。然后,路由器“A”为链接本地ISATAP地址为fe80::5efe:192.0.2.17的站点配置广告ISATAP路由器接口,而路由器“B”为链接本地ISATAP地址为fe80::5efe:192.0.2.33的站点配置广告ISATAP路由器接口。然后,站点管理员将IPv4地址192.0.2.17和192.0.2.33放在站点的PRL中。”然后,A'和B'都将其IPv4地址播发到站点的IPv4路由系统中。

ISATAP host 'C' connects to the site via an IPv4 interface with address 192.0.2.18/28 and also configures an ISATAP host interface with link-local ISATAP address fe80::5efe:192.0.2.18 over the IPv4 interface. 'C' next resolves the PRL and sends an RS message to the IPv4 address 192.0.2.17, where IPv4 routing will direct it to 'A'. 'C' then receives an RA from 'A' then configures a default IPv6 route with next-hop address fe80::5efe:192.0.2.17 via the ISATAP interface and processes the IPv6 prefix 2001:db8:0:1:/64 advertised in the PIO. If the A flag is set in the PIO, 'C' uses SLAAC to automatically configure the IPv6 address 2001:db8:0:1::5efe:192.0.2.18 (i.e., an address with an ISATAP interface identifier) and assigns it to the ISATAP interface. If the L flag is set, 'C' also assigns the prefix 2001:db8:0:1::/64 to the ISATAP interface, and the IPv6 address becomes a true ISATAP address.

ISATAP主机“C”通过地址为192.0.2.18/28的IPv4接口连接到站点,并通过IPv4接口配置链接本地ISATAP地址为fe80::5efe:192.0.2.18的ISATAP主机接口C'下一步解析PRL并向IPv4地址192.0.2.17发送RS消息,IPv4路由将其定向到'A'C'然后从“A”接收RA,然后通过ISATAP接口使用下一跳地址fe80::5efe:192.0.2.17配置默认IPv6路由,并处理PIO中公布的IPv6前缀2001:db8:0:1:/64。如果在PIO中设置了A标志,“C”使用SLAAC自动配置IPv6地址2001:db8:0:1::5efe:192.0.2.18(即具有ISATAP接口标识符的地址),并将其分配给ISATAP接口。如果设置了L标志,“C”还会将前缀2001:db8:0:1::/64分配给ISATAP接口,IPv6地址将成为真正的ISATAP地址。

In the same fashion, ISATAP host 'D' configures its IPv4 interface with address 192.0.2.34/28 and configures its ISATAP interface with link-local ISATAP address fe80::5efe:192.0.2.34. 'D' next performs an RS/RA exchange that is serviced by 'B', then uses SLAAC to autoconfigure the address 2001:db8:0:2::5efe:192.0.2.34 and a default IPv6 route with next-hop address fe80::5efe:192.0.2.33. Finally, IPv6 host 'E' connects to an IPv6 network outside of the site. 'E' configures its IPv6 interface in a manner specific to its attached IPv6 link, and it autoconfigures the IPv6 address 2001:db8:1::1.

同样,ISATAP主机“D”将其IPv4接口配置为地址192.0.2.34/28,并将其ISATAP接口配置为链路本地ISATAP地址fe80::5efe:192.0.2.34D'下一步执行由'B'提供服务的RS/RA交换,然后使用SLAAC自动配置地址2001:db8:0:2::5efe:192.0.2.34和下一跳地址fe80::5efe:192.0.2.33的默认IPv6路由。最后,IPv6主机“E”连接到站点外部的IPv6网络E'以特定于其连接的IPv6链路的方式配置其IPv6接口,并自动配置IPv6地址2001:db8:1::1。

Following this autoconfiguration, when host 'C' inside the site has an IPv6 packet to send to host 'E' outside the site, it prepares the packet with source address 2001:db8::5efe:192.0.2.18 and destination address 2001:db8:1::1. 'C' then uses IPv6-in-IPv4 encapsulation to forward the packet to the IPv4 address 192.0.2.17, which will be directed to 'A' based on IPv4 routing. 'A' in turn decapsulates the packet and forwards it into the public IPv6 Internet, where it will be conveyed to 'E' via normal IPv6 routing. In the same fashion, host 'D' uses IPv6-in-IPv4 encapsulation via its default router 'B' to send IPv6 packets to IPv6 Internet hosts such as 'E'.

按照此自动配置,当站点内的主机“C”有一个IPv6数据包要发送到站点外的主机“E”时,它将使用源地址2001:db8::5efe:192.0.2.18和目标地址2001:db8:1::1准备数据包C'然后使用IPv6-in-IPv4封装将数据包转发到IPv4地址192.0.2.17,该地址将根据IPv4路由定向到'A'“A”依次解除数据包的封装,并将其转发到公共IPv6 Internet,在那里它将通过正常IPv6路由传输到“E”。同样,主机“D”通过其默认路由器“B”使用IPv6-In-IPv4封装,将IPv6数据包发送到IPv6互联网主机(如“E”)。

When host 'E' outside the site sends IPv6 packets to ISATAP host 'C' inside the site, the IPv6 routing system will direct the packet to 'A' since 'A' advertises the individual prefix that matches 'C's destination address. 'A' can then use ISATAP to statelessly forward the packet directly to 'C'. If 'A' and 'B' both advertise the shared shorter prefix 2001:db8::/48 into the IPv6 routing system, however, packets coming from 'E' may be directed to either 'A' or 'B'. In that case, the advertising ISATAP routers must connect within a full or partial mesh of IPv6 links the same as for the shared prefix model and must either run a dynamic IPv6 routing protocol or configure static routes so that incoming IPv6 packets can be forwarded to the correct serving router.

当站点外部的主机“E”向站点内部的ISATAP主机“C”发送IPv6数据包时,IPv6路由系统会将数据包定向到“A”,因为“A”播发与“C”的目标地址匹配的单个前缀然后,“A”可以使用ISATAP无状态地将数据包直接转发到“C”。但是,如果“A”和“B”都将共享的较短前缀2001:db8::/48播发到IPv6路由系统中,则来自“E”的数据包可能被定向到“A”或“B”。在这种情况下,ISATAP路由器必须在与共享前缀模型相同的完整或部分IPv6链路网格内连接,并且必须运行动态IPv6路由协议或配置静态路由,以便可以将传入的IPv6数据包转发到正确的服务路由器。

In this example, 'A' can configure the IPv6 route 2001:db8:0:2::/64 with the IPv6 address of the next hop toward 'B' in the mesh network as the next hop, and 'B' can configure the IPv6 route 2001:db8:0.1::/64 with the IPv6 address of the next hop toward 'A' as the next hop. Then, when 'A' receives a packet from the IPv6 Internet with destination address 2001:db8:0:2::5efe:192.0.2.34, it first forwards the packet toward 'B' over an IPv6 mesh link. 'B' in turn uses ISATAP to forward the packet into the site, where IPv4 routing will direct it to 'D'. In the same fashion, when 'B' receives a packet from the IPv6 Internet with destination address 2001:db8:0:1::5efe:192.0.2.18, it first forwards the packet toward 'A' over an IPv6 mesh link. 'A' then uses ISATAP to forward the packet into the site, where IPv4 routing will direct it to 'C'.

在本例中,“A”可以配置IPv6路由2001:db8:0:2::/64,将网状网络中朝向“B”的下一个跃点的IPv6地址作为下一个跃点,“B”可以配置IPv6路由2001:db8:0.1::/64,将朝向“A”的下一个跃点的IPv6地址作为下一个跃点。然后,当“A”从IPv6 Internet接收到目标地址为2001:db8:0:2::5efe:192.0.2.34的数据包时,它首先通过IPv6网状链路将数据包转发给“B”B'反过来使用ISATAP将数据包转发到站点,IPv4路由将数据包定向到“D”。同样,当“B”从IPv6 Internet接收到目标地址为2001:db8:0:1::5efe:192.0.2.18的数据包时,它首先通过IPv6网状链路将数据包转发给“a”A'然后使用ISATAP将数据包转发到站点,IPv4路由将数据包定向到C'。

Finally, when host 'C' inside the site connects to host 'D' inside the site, it has the option of using the native IPv4 service or the ISATAP IPv6-in-IPv4 encapsulation service. When there is operational assurance that IPv4 services between the two hosts are available, the hosts may be better served to continue to use legacy IPv4 services in order to avoid encapsulation overhead and to avoid any IPv4 protocol-41 filtering middleboxes that may be in the path. If 'C' and 'D' may be in different IPv4 network partitions, however, IPv6-in-IPv4 encapsulation should be used with one or both of routers 'A' and 'B' serving as intermediate gateways.

最后,当站点内的主机“C”连接到站点内的主机“D”时,它可以选择使用本机IPv4服务或ISATAP IPv6-in-IPv4封装服务。当两台主机之间的IPv4服务可用时,可以更好地为主机提供服务,以继续使用传统IPv4服务,从而避免封装开销,并避免路径中可能存在的任何IPv4协议41过滤中间盒。但是,如果“C”和“D”可能位于不同的IPv4网络分区中,则IPv4中的IPv6封装应与一个或两个路由器“A”和“B”一起用作中间网关。

3.5. SLAAC Site Administration Guidance
3.5. SLAAC现场管理指南

In common practice, firewalls, gateways, and packet filtering devices of various forms are often deployed in order to divide the site into separate partitions. In both the shared and individual prefix models described above, the entire site can be represented by the aggregate IPv6 prefix assigned to the site, while each site partition can be represented by "sliver" IPv6 prefixes taken from the aggregate. In order to provide a simple service that does not interact poorly with the site topology, site administrators should therefore institute an

通常,为了将站点划分为单独的分区,通常会部署各种形式的防火墙、网关和数据包过滤设备。在上述共享和单个前缀模型中,整个站点都可以由分配给站点的聚合IPv6前缀表示,而每个站点分区都可以由从聚合中提取的“小”IPv6前缀表示。为了提供一个与站点拓扑交互不差的简单服务,站点管理员应该建立一个

address plan to align IPv6 sliver prefixes with IPv4 site partition boundaries.

将IPv6狭长前缀与IPv4站点分区边界对齐的地址计划。

For example, in the shared prefix model in Section 3.3, the aggregate prefix is 2001:db8::/64, and the sliver prefixes are 2001:db8::5efe:192.0.2.0/124, 2001:db8::5efe:192.0.2.16/124, 2001:db8::5efe:192.0.2.32/124, etc. In the individual prefix model in Section 3.4, the aggregate prefix is 2001:db8::/48, and the sliver prefixes are 2001:db8:0:0::/64, 2001:db8:0:1::/64, 2001:db8:0:2::/64, etc.

例如,在第3.3节中的共享前缀模型中,聚合前缀是2001:db8::/64,小片段前缀是2001:db8::5efe:192.0.2.0/124,2001:db8::5efe:192.0.2.16/124,2001:db8::5efe:192.0.2.32/124,等等。在第3.4节中的单个前缀模型中,聚合前缀是2001:db8::/48,小条前缀是2001:db8:0:0::/642001:db8:0:1::/642001:db8:0:2::/64,等等。

When individual prefixes are used, site administrators can configure advertising ISATAP routers to advertise different individual prefixes to different sets of clients, e.g., based on the client's IPv4 subnet prefix such that the IPv6 prefixes are congruent with the IPv4 addressing plan. (For example, administrators can configure each advertising ISATAP router to provide services only to certain sets of ISATAP clients through inbound IPv6 Access Control List (ACL) entries that match the IPv4 subnet prefix embedded in the ISATAP interface identifier of the IPv6 source address.) When a shared prefix is used, site administrators instead configure the ISATAP routers to advertise the shared prefix to all clients.

当使用单个前缀时,站点管理员可以将播发ISATAP路由器配置为向不同的客户端组播发不同的单个前缀,例如,基于客户端的IPv4子网前缀,以便IPv6前缀与IPv4寻址计划一致。(例如,管理员可以通过与IPv6源地址的ISATAP接口标识符中嵌入的IPv4子网前缀匹配的入站IPv6访问控制列表(ACL)条目,将每个播发ISATAP路由器配置为仅向某些ISATAP客户端集提供服务。)使用共享前缀时,站点管理员将ISATAP路由器配置为向所有客户端播发共享前缀。

Advertising ISATAP routers can advertise prefixes with the (A, L) flags set to (1,0) so that ISATAP clients will use SLAAC to autoconfigure IPv6 addresses with ISATAP interface identifiers from the prefixes and assign them to the receiving ISATAP interface, but they will not assign the prefix itself to the ISATAP interface. In that case, the advertising router must assign the sliver prefix for the site partition to the advertising ISATAP interface. In this way, the advertising router considers the addresses covered by the sliver prefix as true ISATAP addresses, but the ISATAP clients themselves do not. This configuration enables a hub-and-spoke architecture, which in some cases may be augmented by route optimization based on the receipt of ICMPv6 Redirects.

播发ISATAP路由器可以播发(A,L)标志设置为(1,0)的前缀,以便ISATAP客户端将使用SLAAC从前缀中自动配置带有ISATAP接口标识符的IPv6地址,并将其分配给接收ISATAP接口,但不会将前缀本身分配给ISATAP接口。在这种情况下,广告路由器必须将站点分区的狭长前缀分配给广告ISATAP接口。通过这种方式,广告路由器将银前缀覆盖的地址视为真正的ISATAP地址,但ISATAP客户端本身不这样做。此配置启用了一个中心辐射架构,在某些情况下,可以通过基于接收ICMPv6重定向的路由优化来增强该架构。

Site administrators can implement address selection policy rules [RFC6724] through explicit configurations in each ISATAP client in order to give preference to IPv4 destination addresses over destination addresses derived from one of the client's IPv6 sliver prefixes. For example, site administrators can configure each ISATAP client associated with a sliver prefix such as 2001:db8::5efe:192.0.2.64/124 to add the prefix to its address selection policy table with a lower precedence than the prefix ::ffff:0:0/96. In this way, IPv4 addresses are preferred over IPv6 addresses from within the same sliver. The prefix could be added to each ISATAP client either manually or through an automated service such as a DHCP option [ADDR-SELECT] discovered by the client, e.g.,

站点管理员可以通过在每个ISATAP客户端中进行显式配置来实施地址选择策略规则[RFC6724],以便优先选择IPv4目标地址,而不是从客户端的一个IPv6狭长前缀派生的目标地址。例如,站点管理员可以配置与狭长前缀(如2001:db8::5efe:192.0.2.64/124)关联的每个ISATAP客户端,以将前缀添加到其地址选择策略表中,优先级低于前缀::ffff:0:0/96。通过这种方式,IPv4地址优先于同一条带内的IPv6地址。前缀可以手动或通过自动服务添加到每个ISATAP客户端,如客户端发现的DHCP选项[ADDR-SELECT],例如。,

using Stateless DHCPv6 [RFC3736]. In this way, clients will use IPv4 communications to reach correspondents within the same IPv4 site partition and will use IPv6 communications to reach correspondents in other partitions and/or outside of the site.

使用无状态DHCPv6[RFC3736]。通过这种方式,客户端将使用IPv4通信到达同一IPv4站点分区内的对应方,并将使用IPv6通信到达其他分区和/或站点外的对应方。

It should be noted that sliver prefixes longer than /64 cannot be advertised for SLAAC purposes. Also, sliver prefixes longer than /64 do not allow for interface identifier rewriting by address translators. These factors may favor the individual prefix model in some deployment scenarios, while the flexibility afforded by the shared prefix model may be more desirable in others. Additionally, if the network is small, then the shared prefix model works well. If the network is large, however, a better alternative may be to deploy separate ISATAP routers in each partition and have each advertise its own individual prefix.

应该注意的是,长度超过/64的条子前缀不能用于斯拉克语目的。此外,长度大于/64的狭长前缀不允许地址转换器重写接口标识符。在某些部署场景中,这些因素可能有利于单个前缀模型,而在其他场景中,共享前缀模型提供的灵活性可能更理想。此外,如果网络较小,则共享前缀模型工作良好。但是,如果网络很大,更好的选择可能是在每个分区中部署单独的ISATAP路由器,并让每个路由器公布其各自的前缀。

Finally, site administrators should configure ISATAP routers to not send ICMPv6 Redirect messages to inform a source client of a better next hop toward the destination unless there is strong assurance that the client and the next hop are within the same IPv4 site partition.

最后,站点管理员应将ISATAP路由器配置为不发送ICMPv6重定向消息,以通知源客户端到目标的下一个更好的跃点,除非有强有力的保证,即客户端和下一个跃点位于同一IPv4站点分区内。

3.6. Loop Avoidance
3.6. 环路避免

In sites that provide IPv6 services through ISATAP with SLAAC as described in this section, site administrators must take operational precautions to avoid routing loops. For example, each advertising ISATAP router should drop any incoming IPv6 packets that would be forwarded back to itself via another of the site's advertising routers. Additionally, each advertising ISATAP router should drop any encapsulated packets received from another advertising router that would be forwarded back to that same advertising router. This corresponds to the mitigation documented in Section 3.2.3 of [RFC6324], but other mitigations specified in that document can also be employed.

如本节所述,在通过ISATAP和SLAAC提供IPv6服务的站点中,站点管理员必须采取操作预防措施以避免路由循环。例如,每个广告ISATAP路由器应该丢弃任何传入的IPv6数据包,这些数据包将通过站点的另一个广告路由器转发回自己。此外,每个广告ISATAP路由器应丢弃从另一个广告路由器接收的任何封装数据包,这些数据包将转发回同一个广告路由器。这与[RFC6324]第3.2.3节中记录的缓解措施相对应,但也可采用该文件中规定的其他缓解措施。

Note that IPv6 packets with link-local ISATAP addresses are exempt from these checks, since they cannot be forwarded by an IPv6 router and may be necessary for router-to-router coordinations.

请注意,具有链路本地ISATAP地址的IPv6数据包不必进行这些检查,因为它们不能由IPv6路由器转发,并且可能是路由器到路由器协调所必需的。

3.7. Considerations for Compatibility of Interface Identifiers
3.7. 接口标识符兼容性的注意事项

[RFC5214], Section 6.1 specifies the setting of the "u" bit in the Modified EUI-64 interface identifier format used by ISATAP. Implementations that comply with the specification set the "u" bit to 1 when the IPv4 address is known to be globally unique; however, some legacy implementations unconditionally set the "u" bit to 0.

[RFC5214],第6.1节规定了ISATAP使用的修改EUI-64接口标识符格式中“u”位的设置。当已知IPv4地址全局唯一时,符合规范的实现将“u”位设置为1;然而,一些遗留实现无条件地将“u”位设置为0。

Implementations interpret the ISATAP interface identifier only within the link to which the corresponding ISATAP prefix is assigned; hence, the value of the "u" bit is interpreted only within the context of an on-link prefix and not within a global context. Implementers are responsible for ensuring that their products are interoperable; therefore, implementations must make provisions for ensuring "u" bit compatibility for intra-link communications.

实现仅在分配了相应ISATAP前缀的链路内解释ISATAP接口标识符;因此,“u”位的值仅在链路前缀的上下文中解释,而不是在全局上下文中解释。实施者负责确保其产品的互操作性;因此,实现必须为确保链路内通信的“u”位兼容性作出规定。

Site administrators should accordingly configure ACL entries and other literal representations of ISATAP interface identifiers such that both values of the "u" bit are accepted. For example, if the site administrator configures an ACL entry that matches the prefix "fe80::0000:5efe:192.0.2.0/124", they should also configure a companion list entry that matches the prefix "fe80::0200:5efe:192.0.2.0/124".

站点管理员应相应地配置ACL条目和ISATAP接口标识符的其他文字表示,以便接受“u”位的两个值。例如,如果站点管理员配置的ACL条目与前缀“fe80::0000:5efe:192.0.2.0/124”匹配,则还应配置与前缀“fe80::0200:5efe:192.0.2.0/124”匹配的伴随列表条目。

4. Manual Configuration
4. 手动配置

When no autoconfiguration services are available (e.g., if there are no advertising ISATAP routers present), site administrators can use manual configuration to assign IPv6 addresses with ISATAP interface identifiers to the ISATAP interfaces of clients. Otherwise, site administrators should avoid manual configurations that would in any way invalidate the assumptions of the autoconfiguration service. For example, manually configured addresses may not be automatically renumbered during a site-wide renumbering event, which could subsequently result in communication failures.

当没有可用的自动配置服务时(例如,如果没有广告ISATAP路由器),站点管理员可以使用手动配置将带有ISATAP接口标识符的IPv6地址分配给客户端的ISATAP接口。否则,站点管理员应避免以任何方式使自动配置服务的假设无效的手动配置。例如,在站点范围的重新编号事件期间,手动配置的地址可能不会自动重新编号,这可能会导致通信故障。

5. Scaling Considerations
5. 缩放注意事项

Section 3 depicts ISATAP network topologies with only two advertising ISATAP routers within the site. In order to support larger numbers of ISATAP clients (and/or multiple site partitions), the site can deploy more advertising ISATAP routers to support load balancing and generally shortest-path routing.

第3节描述了站点内只有两个ISATAP路由器的ISATAP网络拓扑。为了支持更多的ISATAP客户端(和/或多个站点分区),站点可以部署更多的ISATAP路由器,以支持负载平衡和通常最短路径路由。

Such an arrangement requires that the advertising ISATAP routers participate in an IPv6 routing protocol instance so that IPv6 addresses/prefixes can be mapped to the correct ISATAP router. The routing protocol instance can be configured as either a full-mesh topology involving all advertising ISATAP routers, or as a partial-mesh topology with each advertising ISATAP router associating with one or more companion gateways. Each such companion gateway would in turn participate in a full mesh between all companion gateways.

这种安排要求广告ISATAP路由器参与IPv6路由协议实例,以便IPv6地址/前缀可以映射到正确的ISATAP路由器。路由协议实例可以配置为涉及所有广告ISATAP路由器的全网状拓扑,或者配置为每个广告ISATAP路由器与一个或多个伙伴网关关联的部分网状拓扑。每个这样的伙伴网关将依次参与所有伙伴网关之间的完整网格。

6. Site Renumbering Considerations
6. 站点重新编号注意事项

Advertising ISATAP routers distribute IPv6 prefixes to ISATAP clients within the site. If the site subsequently reconnects to a different ISP, however, the site must renumber to use addresses derived from the new IPv6 prefixes [RFC6879].

广告ISATAP路由器向站点内的ISATAP客户端分发IPv6前缀。但是,如果站点随后重新连接到其他ISP,则该站点必须重新编号以使用从新IPv6前缀派生的地址[RFC6879]。

For IPv6 services provided by SLAAC, site renumbering in the event of a change in an ISP-served IPv6 prefix entails a simple renumbering of IPv6 addresses and/or prefixes that are assigned to the ISATAP interfaces of clients within the site. In some cases, filtering rules (e.g., within filtering tables at site-border firewalls) may also require renumbering, but this operation can be automated and limited to only one or a few administrative "touch points".

对于SLAAC提供的IPv6服务,如果ISP提供的IPv6前缀发生变化,则站点重新编号需要对分配给站点内客户端的ISATAP接口的IPv6地址和/或前缀进行简单的重新编号。在某些情况下,过滤规则(例如,在站点边界防火墙的过滤表内)也可能需要重新编号,但此操作可以自动化,并且仅限于一个或几个管理“接触点”。

In order to renumber the ISATAP interfaces of clients within the site using SLAAC, advertising ISATAP routers need only schedule the services offered by the old ISP for deprecation and begin to advertise the IPv6 prefixes provided by the new ISP. Lifetimes of ISATAP client interface addresses will eventually expire, and the host will renumber its interfaces with addresses derived from the new prefixes. ISATAP clients should also eventually remove any deprecated SLAAC prefixes from their address selection policy tables, but this action is not time-critical.

为了使用SLAAC对站点内客户端的ISATAP接口进行重新编号,广告ISATAP路由器只需安排旧ISP提供的服务进行弃用,并开始广告新ISP提供的IPv6前缀。ISATAP客户端接口地址的生存期最终将到期,主机将使用从新前缀派生的地址对其接口重新编号。ISATAP客户端最终还应该从其地址选择策略表中删除任何不推荐使用的SLAAC前缀,但此操作不是时间关键的。

Finally, site renumbering in the event of a change in an ISP-served IPv6 prefix further entails locating and rewriting all IPv6 addresses in naming services, databases, configuration files, packet filtering rules, documentation, etc. If the site has published the IPv6 addresses of any site-internal nodes within the public Internet DNS system, then the corresponding resource records will also need to be updated during the renumbering operation. This can be accomplished via secure dynamic updates to the DNS.

最后,如果ISP提供的IPv6前缀发生变化,则站点重新编号还需要在命名服务、数据库、配置文件、数据包过滤规则、文档等中查找和重写所有IPv6地址。如果站点已在公共Internet DNS系统内发布了任何站点内部节点的IPv6地址,然后,在重新编号操作期间,还需要更新相应的资源记录。这可以通过DNS的安全动态更新来实现。

7. Path MTU Considerations
7. 路径MTU注意事项

IPv6-in-IPv4 encapsulation overhead effectively reduces the size of IPv6 packets that can traverse the tunnel in relation to the actual Maximum Transmission Unit (MTU) of the underlying IPv4 network path between the tunnel ingress and egress. Two methods for accommodating IPv6 path MTU discovery over IPv6-in-IPv4 tunnels (i.e., the static and dynamic methods) are documented in Section 3.2 of [RFC4213].

IPv6-in-IPv4封装开销相对于隧道入口和出口之间的底层IPv4网络路径的实际最大传输单元(MTU),有效地减少了可以通过隧道的IPv6数据包的大小。[RFC4213]第3.2节记录了两种通过IPv6-in-IPv4隧道进行IPv6路径MTU发现的方法(即静态和动态方法)。

The static method places a "safe" upper bound on the size of IPv6 packets permitted to enter the tunnel; however, the method can be overly conservative when larger IPv4 path MTUs are available. The dynamic method can accommodate much larger IPv6 packet sizes in some

静态方法对允许进入隧道的IPv6数据包的大小设置了“安全”上限;然而,当较大的IPv4路径MTU可用时,该方法可能过于保守。在某些情况下,动态方法可以适应更大的IPv6数据包大小

cases, but can fail silently if the underlying IPv4 network path does not return the necessary error messages.

但如果基础IPv4网络路径未返回必要的错误消息,则可能会以静默方式失败。

This document notes that sites that include well-managed IPv4 links, routers, and other network middleboxes are candidates for use of the dynamic MTU determination method, which may provide for a better operational IPv6 experience in the presence of IPv6-in-IPv4 tunnels.

本文档注意到,包含管理良好的IPv4链路、路由器和其他网络中间盒的站点是使用动态MTU确定方法的候选站点,该方法可以在IPv4隧道中存在IPv6时提供更好的IPv6操作体验。

Finally, since all ISATAP tunnels terminate at a host, transport protocols that perform packet-size negotiations will see an IPv6 MTU that accounts for the encapsulation headers and therefore will avoid sending encapsulated packets that exceed the IPv4 path MTU.

最后,由于所有ISATAP隧道都在主机上终止,因此执行数据包大小协商的传输协议将看到一个IPv6 MTU,该MTU负责封装头,因此将避免发送超过IPv4路径MTU的封装数据包。

8. Alternative Approaches
8. 替代办法

[RFC4554] proposes a use of VLANs for IPv4-IPv6 coexistence in enterprise networks. The ISATAP approach provides a more flexible and broadly applicable alternative and with fewer administrative touch points.

[RFC4554]建议在企业网络中使用VLAN实现IPv4-IPv6共存。ISATAP方法提供了一种更灵活、适用范围更广的替代方案,并且管理接触点更少。

The tunnel broker service [RFC3053] uses point-to-point tunnels that require end users to establish an explicit administrative configuration of the tunnel's far end, which may be outside of the administrative boundaries of the site.

隧道代理服务[RFC3053]使用点对点隧道,要求最终用户建立隧道远端的明确管理配置,该远端可能位于现场管理边界之外。

6to4 [RFC3056] and Teredo [RFC4380] provide "last resort" unmanaged automatic tunneling services when no other means for IPv6 connectivity is available. These services are given lower priority when the ISATAP managed service and/or native IPv6 services are enabled.

6to4[RFC3056]和Teredo[RFC4380]在没有其他IPv6连接方式可用时提供“最后手段”非托管自动隧道服务。启用ISATAP托管服务和/或本机IPv6服务时,这些服务的优先级较低。

6rd [RFC5969] enables a stateless prefix delegation capability based on IPv4-embedded IPv6 prefixes, whereas ISATAP enables a stateful prefix delegation capability based on native IPv6 prefixes.

第6rd[RFC5969]支持基于IPv4嵌入IPv6前缀的无状态前缀委派功能,而ISATAP支持基于本机IPv6前缀的有状态前缀委派功能。

9. Security Considerations
9. 安全考虑

In addition to the security considerations documented in [RFC5214], sites that use ISATAP should take care to ensure that no routing loops are enabled [RFC6324]. Additional security concerns with IP tunneling are documented in [RFC6169].

除了[RFC5214]中记录的安全注意事项外,使用ISATAP的站点应注意确保未启用路由循环[RFC6324]。[RFC6169]中记录了IP隧道的其他安全问题。

10. Acknowledgments
10. 致谢

The following are acknowledged for their insights that helped shape this work: Dmitry Anipko, Fred Baker, Ron Bonica, Brian Carpenter, Remi Despres, Thomas Henderson, Philip Homburg, Lee Howard, Ray Hunter, Joel Jaeggli, John Mann, Gabi Nakibly, Christopher Palmer, Hemant Singh, Mark Smith, Ole Troan, and Gunter Van de Velde.

以下是他们帮助塑造这部作品的见解:Dmitry Anipko、Fred Baker、Ron Bonica、Brian Carpenter、Remi Despres、Thomas Henderson、Philip Homburg、Lee Howard、Ray Hunter、Joel Jaeggli、John Mann、Gabi Nakbly、Christopher Palmer、Hemant Singh、Mark Smith、Ole Troan和Gunter Van de Velde。

11. References
11. 工具书类
11.1. Normative References
11.1. 规范性引用文件

[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.

[RFC3315]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。

[RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6", RFC 3736, April 2004.

[RFC3736]Droms,R.,“IPv6的无状态动态主机配置协议(DHCP)服务”,RFC 3736,2004年4月。

[RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, October 2005.

[RFC4213]Nordmark,E.和R.Gilligan,“IPv6主机和路由器的基本转换机制”,RFC 4213,2005年10月。

[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007.

[RFC4861]Narten,T.,Nordmark,E.,Simpson,W.,和H.Soliman,“IP版本6(IPv6)的邻居发现”,RFC 48612007年9月。

[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007.

[RFC4862]Thomson,S.,Narten,T.,和T.Jinmei,“IPv6无状态地址自动配置”,RFC 48622007年9月。

[RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, March 2008.

[RFC5214]Templin,F.,Gleeson,T.,和D.Thaler,“站点内自动隧道寻址协议(ISATAP)”,RFC 52142008年3月。

11.2. Informative References
11.2. 资料性引用

[ADDR-SELECT] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing Address Selection Policy using DHCPv6", Work in Progress, April 2013.

[ADDR-SELECT]Matsumoto,A.,Fujisaki,T.,和T.Chown,“使用DHCPv6分发地址选择策略”,正在进行的工作,2013年4月。

[ENT-IPv6] Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V., Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment Guidelines", Work in Progress, February 2013.

[ENT-IPv6]Chittimaneni,K.,Chown,T.,Howard,L.,Kuarsingh,V.,Pouffary,Y.,和E.Vyncke,“企业IPv6部署指南”,正在进行的工作,2013年2月。

[ISATAP-UPDATE] Templin, F., "ISATAP Updates", Work in Progress, May 2012.

[ISATAP-UPDATE]Templin,F.,“ISATAP更新”,正在进行的工作,2012年5月。

[RFC1687] Fleischman, E., "A Large Corporate User's View of IPng", RFC 1687, August 1994.

[RFC1687]Fleischman,E.,“大型企业用户对IPng的看法”,RFC1687,1994年8月。

[RFC2491] Armitage, G., Schulter, P., Jork, M., and G. Harter, "IPv6 over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491, January 1999.

[RFC2491]Armitage,G.,Schulter,P.,Jork,M.,和G.Harter,“非广播多址(NBMA)网络上的IPv6”,RFC 2491,1999年1月。

[RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels", RFC 2529, March 1999.

[RFC2529]Carpenter,B.和C.Jung,“在没有明确隧道的IPv4域上传输IPv6”,RFC 2529,1999年3月。

[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC 2983, October 2000.

[RFC2983]Black,D.,“差异化服务和隧道”,RFC 29832000年10月。

[RFC3053] Durand, A., Fasano, P., Guardini, I., and D. Lento, "IPv6 Tunnel Broker", RFC 3053, January 2001.

[RFC3053]Durand,A.,Fasano,P.,Guardini,I.,和D.Lento,“IPv6隧道代理”,RFC 3053,2001年1月。

[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via IPv4 Clouds", RFC 3056, February 2001.

[RFC3056]Carpenter,B.和K.Moore,“通过IPv4云连接IPv6域”,RFC 3056,2001年2月。

[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, September 2001.

[RFC3168]Ramakrishnan,K.,Floyd,S.,和D.Black,“向IP添加显式拥塞通知(ECN)”,RFC 3168,2001年9月。

[RFC4057] Bound, J., "IPv6 Enterprise Network Scenarios", RFC 4057, June 2005.

[RFC4057]Bound,J.,“IPv6企业网络场景”,RFC 4057,2005年6月。

[RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)", RFC 4380, February 2006.

[RFC4380]Huitema,C.,“Teredo:通过网络地址转换(NAT)通过UDP传输IPv6”,RFC 43802006年2月。

[RFC4554] Chown, T., "Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks", RFC 4554, June 2006.

[RFC4554]Chown,T,“在企业网络中使用VLAN实现IPv4-IPv6共存”,RFC 4554,2006年6月。

[RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. Green, "IPv6 Enterprise Network Analysis - IP Layer 3 Focus", RFC 4852, April 2007.

[RFC4852]Bound,J.,Pouffary,Y.,Klynsma,S.,Chown,T.,和D.Green,“IPv6企业网络分析-IP层3焦点”,RFC 48522007年4月。

[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol Specification", RFC 5969, August 2010.

[RFC5969]Townsley,W.和O.Troan,“IPv4基础设施上的IPv6快速部署(第6条)——协议规范”,RFC 5969,2010年8月。

[RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security Concerns with IP Tunneling", RFC 6169, April 2011.

[RFC6169]Krishnan,S.,Thaler,D.,和J.Hoagland,“IP隧道的安全问题”,RFC 61692011年4月。

[RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations", RFC 6324, August 2011.

[RFC6324]Nakbly,G.和F.Templin,“使用IPv6自动隧道的路由循环攻击:问题陈述和建议的缓解措施”,RFC 63242011年8月。

[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, September 2012.

[RFC6724]Thaler,D.,Draves,R.,Matsumoto,A.,和T.Chown,“互联网协议版本6(IPv6)的默认地址选择”,RFC 67242012年9月。

[RFC6879] Jiang, S., Liu, B., and B. Carpenter, "IPv6 Enterprise Network Renumbering Scenarios, Considerations, and Methods", RFC 6879, February 2013.

[RFC6879]Jiang,S.,Liu,B.和B.Carpenter,“IPv6企业网络重新编号方案、注意事项和方法”,RFC 6879,2013年2月。

Author's Address

作者地址

Fred L. Templin Boeing Research & Technology P.O. Box 3707 MC 7L-49 Seattle, WA 98124 USA

Fred L.Templin波音研究与技术公司美国华盛顿州西雅图3707 MC 7L-49邮政信箱98124

   EMail: fltemplin@acm.org
        
   EMail: fltemplin@acm.org