Internet Engineering Task Force (IETF) Y. Cui Request for Comments: 7040 J. Wu Category: Informational P. Wu ISSN: 2070-1721 Tsinghua University O. Vautrin Juniper Networks Y. Lee Comcast November 2013
Internet Engineering Task Force (IETF) Y. Cui Request for Comments: 7040 J. Wu Category: Informational P. Wu ISSN: 2070-1721 Tsinghua University O. Vautrin Juniper Networks Y. Lee Comcast November 2013
Public IPv4-over-IPv6 Access Network
公共IPv4-over-IPv6接入网
Abstract
摘要
This document describes a mechanism called Public 4over6, which is designed to provide IPv4 Internet connectivity over an IPv6 access network using global IPv4 addresses. Public 4over6 was developed in the IETF and is in use in some existing deployments but is not recommended for new deployments. Future deployments of similar scenarios should use Lightweight 4over6. Public 4over6 follows the Hub and Spoke softwire model and uses an IPv4-in-IPv6 tunnel to forward IPv4 packets over an IPv6 access network. The bidirectionality of the IPv4 communication is achieved by explicitly allocating global non-shared IPv4 addresses to end users and by maintaining IPv4-IPv6 address binding on the border relay. Public 4over6 aims to provide uninterrupted IPv4 services to users, like Internet Content Providers (ICPs), etc., while an operator makes the access network transition to an IPv6-only access network.
本文档描述了一种称为Public 4over6的机制,该机制旨在通过使用全局IPv4地址的IPv6访问网络提供IPv4 Internet连接。Public 4over6是在IETF中开发的,在一些现有部署中使用,但不建议用于新部署。类似场景的未来部署应使用轻量级4over6。Public 4over6遵循集线器辐射式软线模型,并使用IPv6中的IPv4隧道通过IPv6接入网络转发IPv4数据包。IPv4通信的双向性是通过向最终用户显式分配全局非共享IPv4地址以及在边界中继上保持IPv4-IPv6地址绑定来实现的。Public 4over6旨在向用户(如互联网内容提供商(ICP)等)提供不间断的IPv4服务,同时运营商将接入网络转换为仅限IPv6的接入网络。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7040.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7040.
Copyright Notice
版权公告
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................2 2. Terminology .....................................................4 3. Scenario and Use Cases ..........................................4 4. Public 4over6 Address Provisioning ..............................6 4.1. Basic Provisioning Steps ...................................6 4.2. Public IPv4 Address Allocation .............................7 5. 4over6 CE Behavior ..............................................7 6. 4over6 BR Behavior ..............................................8 7. Fragmentation and Reassembly ....................................9 8. DNS .............................................................9 9. Security Considerations ........................................10 10. Contributors ..................................................11 11. References ....................................................12 11.1. Normative References .....................................12 11.2. Informative References ...................................12
1. Introduction ....................................................2 2. Terminology .....................................................4 3. Scenario and Use Cases ..........................................4 4. Public 4over6 Address Provisioning ..............................6 4.1. Basic Provisioning Steps ...................................6 4.2. Public IPv4 Address Allocation .............................7 5. 4over6 CE Behavior ..............................................7 6. 4over6 BR Behavior ..............................................8 7. Fragmentation and Reassembly ....................................9 8. DNS .............................................................9 9. Security Considerations ........................................10 10. Contributors ..................................................11 11. References ....................................................12 11.1. Normative References .....................................12 11.2. Informative References ...................................12
When operators make the access network transition to an IPv6-only access network, they must continue to provide IPv4 services to their users to access IPv4 contents. IPv4 connectivity is required when communicating with the IPv4-only Internet. This document describes a mechanism called Public 4over6 for providing IPv4 connectivity over a native IPv6-only access network. This memo focuses on interactions between Public 4over6 elements as well as the deployment architecture.
当运营商将接入网络转换为仅限IPv6的接入网络时,他们必须继续向其用户提供IPv4服务以访问IPv4内容。与仅IPv4的Internet通信时需要IPv4连接。本文档描述了一种称为Public 4over6的机制,用于通过仅限IPv6的本机访问网络提供IPv4连接。本备忘录关注公共4over6元素之间的交互以及部署架构。
Public 4over6 is in active deployment in some environments, particularly in China Next Generation Internet (CNGI) and China Education and Research Network 2 (CERNET2), but it is not recommended for new deployments. Documenting this approach is intended to benefit users and operators of existing deployments as well as readers of other IPv4-over-IPv6 documents.
Public 4over6在某些环境中正在积极部署,特别是在中国下一代互联网(CNGI)和中国教育和研究网络2(CERNET2)中,但不建议在新的部署中使用。记录此方法旨在使现有部署的用户和操作员以及其他IPv4-over-IPv6文档的读者受益。
In addition to Public 4over6 and its deployment architecture as described in this memo, the IETF is currently working on a more generic solution called Lightweight 4over6 [SOFTWIRE-LW46], which is classified as a binding approach in the Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE) [SOFTWIRE-CPE]. Lightweight 4over6 covers both sharing and non-sharing global IPv4 addresses in the Hub and Spoke model. Future deployments should use [SOFTWIRE-LW46].
除了本备忘录中所述的公共4over6及其部署架构外,IETF目前正在开发一种更通用的解决方案,称为轻量级4over6[SOFTWIRE-LW46],该解决方案被归类为统一IPv4-In-IPv6软线客户场所设备(CPE)[SOFTWIRE-CPE]中的绑定方法。轻量级4over6涵盖了集线器辐射模型中的共享和非共享全局IPv4地址。未来的部署应使用[SOFTWIRE-LW46]。
Public 4over6 utilizes the IPv4-in-IPv6 tunnel technique defined in [RFC2473], which enables IPv4 datagrams to traverse through native IPv6 networks. IPv4 nodes connect to the Tunnel Entry-Point Node and Tunnel Exit-Point Node to communicate over the IPv6-only network. Therefore, the Internet Service Providers (ISPs) can run an IPv6-only infrastructure instead of a fully dual-stack network as well as avoid the need to deploy scarce IPv4 address resources throughout the network.
Public 4over6利用[RFC2473]中定义的IPv4-in-IPv6隧道技术,使IPv4数据报能够穿越本机IPv6网络。IPv4节点连接到隧道入口点节点和隧道出口点节点,以便通过仅限IPv6的网络进行通信。因此,Internet服务提供商(ISP)可以运行仅限IPv6的基础设施,而不是完全双栈网络,并避免在整个网络中部署稀缺的IPv4地址资源。
This mechanism focuses on providing full end-to-end transparency to the user side. Therefore, global IPv4 addresses are expected to be provisioned to end users, and carrier-side address translation can be avoided. Furthermore, global non-shared IPv4 addresses are preferable to shared IPv4 addresses, so that user-side address translation is not necessary either. It is important, in particular, to users that are required to run their applications on an IP protocol different from TCP and UDP (e.g., IPsec, L2TP) or on certain well-known TCP/UDP ports (e.g., HTTP, SMTP). For many ISPs that are actually capable of provisioning non-shared unique IPv4 addresses, the mechanism provides a pure, suitable solution.
该机制的重点是为用户端提供完整的端到端透明性。因此,预期将向最终用户提供全局IPv4地址,并且可以避免载波侧地址转换。此外,全局非共享IPv4地址比共享IPv4地址更可取,因此也不需要进行用户端地址转换。对于需要在不同于TCP和UDP的IP协议(例如IPsec、L2TP)或某些众所周知的TCP/UDP端口(例如HTTP、SMTP)上运行应用程序的用户来说,这一点尤其重要。对于许多实际上能够提供非共享唯一IPv4地址的ISP,该机制提供了一个纯粹、合适的解决方案。
Another focus of this mechanism is deployment and operational flexibility. Public 4over6 allows IPv4 and IPv6 address architectures to be totally independent of each other; the end user's IPv4 address is not embedded in its IPv6 address. Therefore, IPv4 address planning has no implication for IPv6 address planning. Operators can manage the IPv4 address resources in a flat, centralized manner. This requires that the tunnel concentrator [RFC4925] maintain the binding between an IPv4 address and an IPv6 address, i.e., maintaining per-subscriber binding state.
该机制的另一个重点是部署和操作灵活性。Public 4over6允许IPv4和IPv6地址体系结构完全相互独立;最终用户的IPv4地址未嵌入其IPv6地址中。因此,IPv4地址规划对IPv6地址规划没有影响。运营商可以以统一、集中的方式管理IPv4地址资源。这要求隧道集中器[RFC4925]保持IPv4地址和IPv6地址之间的绑定,即保持每个订户的绑定状态。
The mechanism follows the Hub and Spoke softwire model [RFC4925] and uses IPv4-in-IPv6 tunneling as the basic data-plane method. Global non-shared IPv4 addresses are allocated from the ISP to end hosts or CPEs over an IPv6 network. Simultaneously, the binding between the allocated IPv4 address and the end user's IPv6 address is maintained on the tunnel concentrator for encapsulation usage.
该机制遵循中心辐射软线模型[RFC4925],并使用IPv4-in-IPv6隧道作为基本数据平面方法。全局非共享IPv4地址通过IPv6网络从ISP分配给终端主机或CPE。同时,在隧道集中器上维护分配的IPv4地址和最终用户的IPv6地址之间的绑定,以用于封装。
Public 4over6: A per-subscriber, stateful IPv4-in-IPv6 tunnel mechanism. Public 4over6 supports bidirectional communication between the global IPv4 Internet and IPv4 hosts or customer networks via an IPv6 access network by leveraging IPv4-in-IPv6 tunneling [RFC2473] and global IPv4 address allocation over IPv6. The term 'Public' means the allocated IPv4 address is globally routable.
Public 4over6:每个订户的有状态IPv4-in-IPv6隧道机制。Public 4over6通过利用IPv6上的IPv4-in-IPv6隧道[RFC2473]和全局IPv4地址分配,支持通过IPv6接入网络在全局IPv4 Internet和IPv4主机或客户网络之间进行双向通信。术语“Public”表示分配的IPv4地址是全局可路由的。
Full IPv4 address: An IPv4 address that is not shared by multiple users. The user with this IPv4 address has full access to all the available TCP/UDP ports, including the well-known TCP/UDP ports.
完整IPv4地址:不由多个用户共享的IPv4地址。具有此IPv4地址的用户可以完全访问所有可用的TCP/UDP端口,包括已知的TCP/UDP端口。
4over6 Customer Edge (CE): A device functioning as the Customer Edge equipment in a Public 4over6 environment. A 4over6 CE can be either a dual-stack capable host or a dual-stack CPE device, both of which have a tunnel interface to support IPv4-in-IPv6 encapsulation. In the former case, the host supports both IPv4 and IPv6 stacks but its uplink is IPv6 only. In the latter case, the CPE has an IPv6 interface connecting to the ISP network and an IPv4 or dual-stack interface connecting to the customer network; hosts in the customer network can be IPv4 only or dual stack.
4over6客户边缘(CE):在公共4over6环境中充当客户边缘设备的设备。4over6 CE可以是支持双栈的主机或双栈CPE设备,两者都具有支持IPv4-in-IPv6封装的隧道接口。在前一种情况下,主机同时支持IPv4和IPv6协议栈,但其上行链路仅支持IPv6。在后一种情况下,CPE具有连接到ISP网络的IPv6接口和连接到客户网络的IPv4或双栈接口;客户网络中的主机可以是仅IPv4或双堆栈。
4over6 Border Relay (BR): A router deployed in the edge of the operator's IPv6 access network that supports IPv4-in-IPv6 tunnel termination. A 4over6 BR is a dual-stack router that connects to both the IPv6 access network and the IPv4 Internet. The 4over6 BR can also work as a DHCPv4-over-IPv6 [DHCPv4-IPv6] server/relay for assigning and distributing global IPv4 addresses to 4over6 CEs.
4over6边界中继(BR):部署在运营商IPv6接入网络边缘的路由器,支持IPv4-in-IPv6隧道终止。4over6 BR是一种双栈路由器,可连接到IPv6接入网络和IPv4 Internet。4over6 BR还可以用作DHCPv4-over-IPv6[DHCPv4-IPv6]服务器/中继,用于向4over6 CE分配和分发全局IPv4地址。
The general Public 4over6 scenario is shown in Figure 1. Users in an IPv6 network take IPv6 as their native service. Some users are end hosts that face the ISP network directly, while others are in private networks behind CPEs, such as a home Local Area Network (LAN), an enterprise network, etc. The ISP network is IPv6 only rather than dual stack, which means the ISP cannot provide native IPv4 service to users. In order to support legacy IPv4 transport, some routers on
图1显示了一般公共4over6场景。IPv6网络中的用户将IPv6作为其本机服务。一些用户是直接面向ISP网络的终端主机,而其他用户则位于CPE后面的专用网络中,如家庭局域网(LAN)、企业网络等。ISP网络仅为IPv6而不是双栈,这意味着ISP无法向用户提供本机IPv4服务。为了支持传统IPv4传输,上的一些路由器
the carrier side are dual stack and are connected to the IPv4 Internet. These routers act as 4over6 BRs. Network users that require IPv4 connectivity obtain it through these routers.
载波端为双栈,连接到IPv4互联网。这些路由器充当4over6 BRs。需要IPv4连接的网络用户可以通过这些路由器获得IPv4连接。
+-------------------------+ | IPv6 ISP Network | | | +------+ | |4over6|Host +-------+ +-----------+ | CE |=================| | | | +------+ | | | | | |4over6 | | IPv4 | +--------------+ +------+ IPv4-in-IPv6 | BR |---| Internet | | Customer | |4over6| | | | | | Private IPv4 |--| CE |=================| | | | | Network | | |CPE +-------+ +-----------+ +--------------+ +------+ | | | | | +-------------------------+
+-------------------------+ | IPv6 ISP Network | | | +------+ | |4over6|Host +-------+ +-----------+ | CE |=================| | | | +------+ | | | | | |4over6 | | IPv4 | +--------------+ +------+ IPv4-in-IPv6 | BR |---| Internet | | Customer | |4over6| | | | | | Private IPv4 |--| CE |=================| | | | | Network | | |CPE +-------+ +-----------+ +--------------+ +------+ | | | | | +-------------------------+
Figure 1: Public 4over6 Scenario
图1:公共4over6场景
Public 4over6 can be applicable in several use cases. If an ISP that switches to IPv6 still has plenty of global IPv4 address resources, it can deploy Public 4over6 to provide transparent IPv4 service for all its customers. If the ISP does not have enough IPv4 addresses, it can deploy Dual-Stack Lite [RFC6333] as the basic IPv4-over-IPv6 service. Along with Dual-Stack Lite, Public 4over6 can be deployed as a value-added service, overcoming the service degradation caused by the Carrier Grade NAT (CGN). An IPv4 application server is a typical high-end user of Public 4over6. Using a full, global IPv4 address brings significant advantages in this case and is important for Internet Content Providers (ICPs) making the transition to IPv6:
Public 4over6可应用于多个用例。如果切换到IPv6的ISP仍然拥有大量全局IPv4地址资源,则可以部署Public 4over6为其所有客户提供透明的IPv4服务。如果ISP没有足够的IPv4地址,它可以部署双栈Lite[RFC6333]作为基本的IPv4-over-IPv6服务。与双栈Lite一起,Public 4over6可以部署为增值服务,克服了运营商级NAT(CGN)造成的服务降级。IPv4应用服务器是公共4over6的典型高端用户。在这种情况下,使用完整的全局IPv4地址会带来显著的优势,对于向IPv6过渡的互联网内容提供商(ICP)来说非常重要:
o The DNS registration can be direct, using a dedicated address;
o DNS注册可以是直接的,使用专用地址;
o Accessing the application service can be straightforward, with no translation involved;
o 访问应用程序服务可以很简单,不需要翻译;
o There will be no need to provide NAT traversal mechanisms for incoming traffic, and no special handling is required for the well-known TCP/UDP ports.
o 将不需要为传入流量提供NAT遍历机制,并且对于众所周知的TCP/UDP端口不需要特殊处理。
Figure 2 shows the basic provisioning steps for Public 4over6.
图2显示了公共4over6的基本配置步骤。
4over6 DHCPv6 4over6 DHCPv4 CE Server BR Server |Assign IPv6 Addr/Pref +| | | | BR's IPv6 Addr Info | | | |<----------------------| | | | DHCPv6/Other | | | WAN | | IPv6 Configure | | | | | | Assign Public IPv4 Addr (DHCPv4 over v6/Static Conf) | |<--------------------------------------|<-------------| | | IPv4-IPv6 | | | Binding SYN | Tunnel | IPv4 Configure Binding Update | | | IPv4-in-IPv6 Tunnel | |<------------------------------------->| | |
4over6 DHCPv6 4over6 DHCPv4 CE Server BR Server |Assign IPv6 Addr/Pref +| | | | BR's IPv6 Addr Info | | | |<----------------------| | | | DHCPv6/Other | | | WAN | | IPv6 Configure | | | | | | Assign Public IPv4 Addr (DHCPv4 over v6/Static Conf) | |<--------------------------------------|<-------------| | | IPv4-IPv6 | | | Binding SYN | Tunnel | IPv4 Configure Binding Update | | | IPv4-in-IPv6 Tunnel | |<------------------------------------->| | |
Figure 2: Public 4over6 Address Provisioning
图2:公共4over6地址设置
The main steps are:
主要步骤是:
o IPv6 address/prefix is provisioned to 4over6 CE, along with knowledge of 4over6 BR's IPv6 address, using DHCPv6 or other means.
o IPv6地址/前缀通过DHCPv6或其他方式提供给4over6 CE,以及4over6 BR的IPv6地址。
o 4over6 CE configures its WAN interface with a globally unique IPv6 address, which is a result of IPv6 provisioning, including DHCPv6, Stateless Address Autoconfiguration (SLAAC), or manual configuration.
o 4over6 CE使用全球唯一的IPv6地址配置其WAN接口,这是IPv6配置的结果,包括DHCPv6、无状态地址自动配置(SLAAC)或手动配置。
o IPv4 address is provisioned to 4over6 CE by DHCPv4 over IPv6 or static configuration.
o IPv4地址由DHCPv4通过IPv6或静态配置提供给4over6 CE。
o 4over6 BR obtains the IPv4 and IPv6 addresses of the 4over6 CE using information provided by the DHCPv4 server.
o 4over6 BR使用DHCPv4服务器提供的信息获取4over6 CE的IPv4和IPv6地址。
o 4over6 CE configures its tunnel interface as a result of IPv4 provisioning.
o 4over6 CE根据IPv4配置配置其隧道接口。
o 4over6 BR updates the IPv4-IPv6 address-binding table according to the address-binding information acquired from the DHCPv4 server.
o 4over6 BR根据从DHCPv4服务器获取的地址绑定信息更新IPv4-IPv6地址绑定表。
Usually, each CE is provisioned with one global IPv4 address. However, it is possible that a CE would require an IPv4 prefix. The key problem here is the mechanism for IPv4 address provisioning over IPv6 networks.
通常,为每个CE提供一个全局IPv4地址。但是,CE可能需要IPv4前缀。这里的关键问题是通过IPv6网络提供IPv4地址的机制。
There are two possibilities: DHCPv4 over IPv6, and static configuration. Public 4over6 supports both these methods. DHCPv4 over IPv6 allows DHCPv4 messages to be transported in IPv6 rather than IPv4; therefore, the DHCPv4 process can be performed over an IPv6 network between the BR and the relevant CE. [DHCPv4-IPv6] describes the DHCP protocol extensions needed to support this operation. For static configuration, Public 4over6 users and ISP operators negotiate beforehand to authorize the IPv4 address(es). Then the tunnel interface and the address binding are configured by the user and the ISP, respectively.
有两种可能性:IPv6上的DHCPv4和静态配置。public4over6支持这两种方法。IPv6上的DHCPv4允许在IPv6而不是IPv4中传输DHCPv4消息;因此,DHCPv4过程可以在BR和相关CE之间的IPv6网络上执行。[DHCPv4-IPv6]描述了支持此操作所需的DHCP协议扩展。对于静态配置,公共4over6用户和ISP运营商事先协商授权IPv4地址。然后,用户和ISP分别配置隧道接口和地址绑定。
While regular users would probably opt for DHCPv4 over IPv6, the static configuration is particularly applicable in two cases: for application servers, which require a stable IPv4 address; and for enterprise networks, which usually require an IPv4 prefix rather than one single address. (Note that DHCPv4 does not support prefix allocation.)
虽然普通用户可能会选择通过IPv6的DHCPv4,但静态配置特别适用于两种情况:应用服务器,需要稳定的IPv4地址;对于企业网络,通常需要IPv4前缀而不是单个地址。(请注意,DHCPv4不支持前缀分配。)
A CE is provisioned with IPv6 before the Public 4over6 process. It also learns the BR's IPv6 address beforehand. This IPv6 address can be configured using a variety of methods, ranging from an out-of-band mechanism, manual configuration, or via a DHCPv6 option. In order to guarantee interoperability, the CE element implements the AFTR-Name DHCPv6 option defined in [RFC6334].
CE在公共4over6进程之前配置了IPv6。它还预先了解BR的IPv6地址。可以使用多种方法配置此IPv6地址,包括带外机制、手动配置或通过DHCPv6选项。为了保证互操作性,CE元素实现[RFC6334]中定义的AFTR Name DHCPv6选项。
A CE supports DHCPv4 over IPv6 [DHCPv4-IPv6] to dynamically acquire an IPv4 address over IPv6 and assign it to the IPv4-in-IPv6 tunnel interface. The CE regards the BR as its DHCPv4-over-IPv6 server/relay, which is used to obtain its global IPv4 address allocation; its IPv6 address is learned by the CE as described above.
CE支持通过IPv6的DHCPv4[DHCPv4-IPv6]通过IPv6动态获取IPv4地址并将其分配给IPv4-in-IPv6隧道接口。CE将BR视为其DHCPv4-over-IPv6服务器/中继,用于获取其全局IPv4地址分配;其IPv6地址由CE如上所述读取。
A CE also supports static configuration of the tunnel interface. In the case of prefix provisioning, the tunnel interface is assigned with the well-known IPv4 address defined in Section 5.7 of [RFC6333], rather than using an address from the prefix. If the CE has multiple IPv6 addresses on its WAN interface, it uses one of the IPv6 addresses for DHCPv4 over IPv6 or negotiation of static configuration. The CE then uses the same IPv6 address for data-plane encapsulation.
CE还支持隧道接口的静态配置。在前缀配置的情况下,隧道接口被分配有[RFC6333]第5.7节中定义的已知IPv4地址,而不是使用前缀中的地址。如果CE在其WAN接口上有多个IPv6地址,它将其中一个IPv6地址用于通过IPv6的DHCPv4或静态配置协商。CE然后使用相同的IPv6地址进行数据平面封装。
A CE performs IPv4-in-IPv6 encapsulation and decapsulation on the tunnel interface. When sending out an IPv4 packet, it performs the encapsulation using the IPv6 address of the 4over6 BR as the IPv6 destination address and its own IPv6 address as the IPv6 source address. The decapsulation on the 4over6 CE is simple. When receiving an IPv4-in-IPv6 packet, the CE just removes the IPv6 header and either hands it to a local upper layer or forwards it to the customer network according to the IPv4 destination address.
CE在隧道接口上执行IPv4-in-IPv6封装和解除封装。发送IPv4数据包时,它使用4over6 BR的IPv6地址作为IPv6目标地址,并使用其自己的IPv6地址作为IPv6源地址来执行封装。4over6 CE上的去封装非常简单。当接收IPv4-in-IPv6数据包时,CE只需删除IPv6报头,然后将其交给本地上层,或者根据IPv4目标地址将其转发到客户网络。
A CE runs a regular IPv4 Network Address and Port Translation (NAPT) for its customer network when it is provisioned with one single IPv4 address. In that case, the assigned IPv4 address of the tunnel interface would be the external IPv4 address of the NAPT. Then the CE performs IPv4 private-to-public translation before encapsulation of IPv4 packets from the customer network and IPv4 public-to-private translation after decapsulation of IPv4-in-IPv6 packets.
当CE配置了一个IPv4地址时,CE会为其客户网络运行常规IPv4网络地址和端口转换(NAPT)。在这种情况下,隧道接口的指定IPv4地址将是NAPT的外部IPv4地址。然后,CE在封装来自客户网络的IPv4数据包之前执行IPv4私有到公共转换,在解除IPv4-in-IPv6数据包的封装之后执行IPv4公有到私有转换。
IPv4 NAPT is not necessary when the CE is provisioned with an IPv4 prefix. In this case, detailed customer network planning is out of scope for this document.
当CE配置了IPv4前缀时,不需要IPv4 NAPT。在这种情况下,详细的客户网络规划超出了本文档的范围。
The 4over6 CE supports backward compatibility with DS-Lite. A CE can employ the well-known IPv4 address for the Basic Bridging BroadBand (B4) element [RFC6333] and switch to Dual-Stack Lite for IPv4 communications if it can't get a global IPv4 address from the DHCPv4 server (for instance, if the DHCPv4-over-IPv6 process fails or the DHCPv4 server refuses to allocate a global IPv4 address to it, etc.).
4over6 CE支持与DS Lite的向后兼容性。如果CE无法从DHCPv4服务器获取全局IPv4地址(例如,如果DHCPv4-over-IPv6进程失败或DHCPv4服务器拒绝为其分配全局IPv4地址等),则CE可以为基本桥接宽带(B4)元素[RFC6333]使用众所周知的IPv4地址,并切换到双栈Lite进行IPv4通信。
The 4over6 BR maintains the bindings between the CE IPv6 address and CE IPv4 address (prefixes). The bindings are used to provide the correct encapsulation destination address for inbound IPv4 packets and also to validate the IPv6-IPv4 source of the outbound IPv4-in-IPv6 packets.
4over6 BR维护CE IPv6地址和CE IPv4地址(前缀)之间的绑定。绑定用于为入站IPv4数据包提供正确的封装目标地址,还用于验证出站IPv4-in-IPv6数据包的IPv6-IPv4源。
The BR acquires the binding information through the IPv4 address provisioning process. For static configuration, the operator manually configures the BR using the binding information obtained through negotiation with the customer. As for DHCPv4 over IPv6, there are multiple possibilities, which are deployment-specific:
BR通过IPv4地址设置过程获取绑定信息。对于静态配置,操作员使用通过与客户协商获得的绑定信息手动配置BR。对于IPv6上的DHCPv4,有多种可能,这些可能是特定于部署的:
o The BR can be co-located with the DHCPv4-over-IPv6 server. Then the synchronization happens within the BR. It installs a binding when sending out an ACK for a DHCP lease and deletes it when the lease expires or a DHCP RELEASE message is received.
o BR可以与DHCPv4-over-IPv6服务器位于同一位置。然后同步在BR中进行。它在为DHCP租约发送ACK时安装绑定,并在租约到期或收到DHCP释放消息时将其删除。
o The BR can play the role of IPv6-Transport Relay Agent (TRA) as described in [DHCPv4-IPv6] and snoop for the DHCPv4 ACK and RELEASE messages as well as keep a timer for each binding according to the DHCP lease time.
o BR可以扮演[DHCPv4-IPv6]中所述的IPv6传输中继代理(TRA)角色,对DHCPv4确认和释放消息进行监听,并根据DHCP租约时间为每个绑定保留一个计时器。
On the IPv6 side, the BR decapsulates IPv4-in-IPv6 packets coming from 4over6 CEs. It removes the IPv6 header of every IPv4-in-IPv6 packet and forwards it to the IPv4 Internet. Before the decapsulation, the BR checks the inner IPv4 source address against the outer IPv6 source address by matching such a binding entry in the binding table. If no binding is found, the BR silently drops the packet. On the IPv4 side, the BR encapsulates the IPv4 packets destined to 4over6 CEs. When performing the IPv4-in-IPv6 encapsulation, the BR uses its own IPv6 address as the IPv6 source address and uses the IPv4 destination address in the packet to look up the IPv6 destination address in the address-binding table. After the encapsulation, the BR sends the IPv6 packet on its IPv6 interface to reach a CE.
在IPv6端,BR对来自4over6 CE的IPv4-in-IPv6数据包进行解除封装。它删除每个IPv4-in-IPv6数据包的IPv6标头,并将其转发到IPv4 Internet。在解除封装之前,BR通过在绑定表中匹配这样的绑定条目来检查内部IPv4源地址与外部IPv6源地址。如果没有找到绑定,BR会自动丢弃数据包。在IPv4端,BR封装发送到4over6 CE的IPv4数据包。在执行IPv4-in-IPv6封装时,BR使用其自己的IPv6地址作为IPv6源地址,并使用数据包中的IPv4目标地址在地址绑定表中查找IPv6目标地址。封装后,BR在其IPv6接口上发送IPv6数据包以到达CE。
The BR supports the hairpinning of traffic between two CEs by performing decapsulation and re-encapsulation of packets.
BR通过执行数据包的去封装和重新封装来支持两个CE之间的流量发夹。
In cases where the BR manages the global IPv4 address pool, the BR advertises the routing information of IPv4 addresses to the IPv4 Internet.
在BR管理全局IPv4地址池的情况下,BR向IPv4 Internet播发IPv4地址的路由信息。
The same considerations as those described in Sections 5.3 and 6.3 of [RFC6333] are taken into account for the CE and the BR, respectively.
CE和BR分别考虑了[RFC6333]第5.3节和第6.3节中所述的考虑因素。
The procedure described in Sections 5.5 and 6.4 of [RFC6333] is followed by the CE and the BR, respectively.
CE和BR分别遵循[RFC6333]第5.5节和第6.4节中所述的程序。
The 4over6 BR implements methods to limit service only to registered customers. On the control plane, the BR allocates IPv4 addresses only to registered customers. The BR can filter on the IPv6 source addresses of incoming DHCP requests and only respond to the ones that are conveyed by registered IPv6 source addresses. But this doesn't work in situations where multi-homing is present. In the networks where Public 4over6 is deployed, multi-homing is disallowed to avoid this issue.
4over6 BR实现了将服务仅限于注册客户的方法。在控制平面上,BR仅将IPv4地址分配给已注册的客户。BR可以筛选传入DHCP请求的IPv6源地址,并且只响应由注册的IPv6源地址传送的请求。但这在存在多归宿的情况下不起作用。在部署了Public 4over6的网络中,为了避免此问题,不允许多主。
Alternatively, the BR can filter out the unregistered CE's requests during the DHCP process. For data packets, the BR does ingress filtering by looking up addresses in the IPv4-IPv6 address-binding table for the related matches as described in Section 6.
或者,BR可以在DHCP过程中过滤掉未注册CE的请求。对于数据包,BR通过在IPv4-IPv6地址绑定表中查找相关匹配的地址进行入口过滤,如第6节所述。
In the case of fallback to DS-Lite, security considerations in Section 11 of [RFC6333] are followed.
在回退到DS Lite的情况下,遵循[RFC6333]第11节中的安全注意事项。
The following are those who have made contributions to the effort:
以下是对这项工作作出贡献的人:
Huiling Zhao China Telecom Room 502, No.118, Xizhimennei Street Beijing 100035 P.R.China Phone: +86-10-58552002 Email: zhaohl@ctbri.com.cn
赵慧玲中国电信北京西直门内大街118号502室,邮编100035电话:+86-10-58552002电子邮件:zhaohl@ctbri.com.cn
Chongfeng Xie China Telecom Room 708, No.118, Xizhimennei Street Beijing 100035 P.R.China Phone: +86-10-58552116 Email: xiechf@ctbri.com.cn
中国电信北京西直门内大街118号708室,邮编100035电话:+86-10-58552116电子邮件:xiechf@ctbri.com.cn
Qiong Sun China Telecom Room 708, No.118, Xizhimennei Street Beijing 100035 P.R.China Phone: +86-10-58552936 Email: sunqiong@ctbri.com.cn
琼孙中国电信北京西直门内大街118号708室100035中国电话:+86-10-58552936电子邮件:sunqiong@ctbri.com.cn
Qi Sun Tsinghua University Beijing 100084 P.R.China Phone: +86-10-62785822 Email: sunqi@csnet1.cs.tsinghua.edu.cn
齐孙清华大学北京100084中华人民共和国电话:+86-10-62785822电子邮件:sunqi@csnet1.cs.tsinghua.edu.cn
Chris Metz Cisco Systems 3700 Cisco Way San Jose, CA 95134 USA Email: chmetz@cisco.com
Chris Metz Cisco Systems 3700 Cisco Way San Jose,CA 95134美国电子邮件:chmetz@cisco.com
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, December 1998.
[RFC2473]Conta,A.和S.Deering,“IPv6规范中的通用数据包隧道”,RFC 2473,1998年12月。
[RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire Problem Statement", RFC 4925, July 2007.
[RFC4925]Li,X.,Dawkins,S.,Ward,D.,和A.Durand,“软线问题声明”,RFC 49252007年7月。
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, August 2011.
[RFC6333]Durand,A.,Droms,R.,Woodyatt,J.,和Y.Lee,“IPv4耗尽后的双栈Lite宽带部署”,RFC 63332011年8月。
[RFC6334] Hankins, D. and T. Mrugalski, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite", RFC 6334, August 2011.
[RFC6334]Hankins,D.和T.Mrugalski,“双栈Lite的IPv6动态主机配置协议(DHCPv6)选项”,RFC 63342011年8月。
[DHCPv4-IPv6] Cui, Y., Wu, P., Wu, J., Lemon, T., and Q. Sun, "DHCPv4 over IPv6 Transport", Work in Progress, October 2013.
[DHCPv4-IPv6]Cui,Y.,Wu,P.,Wu,J.,Lemon,T.,和Q.Sun,“通过IPv6传输的DHCPv4”,正在进行的工作,2013年10月。
[SOFTWIRE-CPE] Boucadair, M., Farrer, I., Perreault, S., Ed., and S. Sivakumar, Ed., "Unified IPv4-in-IPv6 Softwire CPE", Work in Progress, May 2013.
[SOFTWIRE-CPE]Boucadair,M.,Farrer,I.,Perreault,S.,Ed.,和S.Sivakumar,Ed.,“统一IPv4-in-IPv6软线CPE”,正在进行的工作,2013年5月。
[SOFTWIRE-LW46] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. Farrer, "Lightweight 4over6: An Extension to the DS-Lite Architecture", Work in Progress, November 2013.
[SOFTWIRE-LW46]Cui,Y.,Sun,Q.,Boucadair,M.,Tsou,T.,Lee,Y.,和I.Farrer,“轻量级4over6:DS Lite架构的扩展”,正在进行的工作,2013年11月。
Authors' Addresses
作者地址
Yong Cui Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6260-3059 EMail: yong@csnet1.cs.tsinghua.edu.cn
崔勇清华大学北京100084中华人民共和国电话:+86-10-6260-3059电子邮件:yong@csnet1.cs.tsinghua.edu.cn
Jianping Wu Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5983 EMail: jianping@cernet.edu.cn
吴建平清华大学北京100084中华人民共和国电话:+86-10-6278-5983电子邮件:jianping@cernet.edu.cn
Peng Wu Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 EMail: pengwu.thu@gmail.com
吴鹏清华大学北京100084中华人民共和国电话:+86-10-6278-5822电子邮件:吴鹏。thu@gmail.com
Olivier Vautrin Juniper Networks 1194 N. Mathilda Avenue Sunnyvale, CA 94089 USA EMail: Olivier@juniper.net
美国加利福尼亚州桑尼维尔市马蒂尔达大道北1194号Olivier Vautrin Juniper Networks邮编94089电子邮件:Olivier@juniper.net
Yiu L. Lee Comcast One Comcast Center Philadelphia, PA 19103 USA EMail: yiu_lee@cable.comcast.com
Yiu L.Lee Comcast One Comcast Center费城,宾夕法尼亚州19103美国电子邮件:Yiu_lee@cable.comcast.com