Internet Engineering Task Force (IETF) T. Anderson Request for Comments: 7757 Redpill Linpro Updates: 6145 A. Leiva Popper Category: Standards Track NIC Mexico ISSN: 2070-1721 February 2016
Internet Engineering Task Force (IETF) T. Anderson Request for Comments: 7757 Redpill Linpro Updates: 6145 A. Leiva Popper Category: Standards Track NIC Mexico ISSN: 2070-1721 February 2016
Explicit Address Mappings for Stateless IP/ICMP Translation
无状态IP/ICMP转换的显式地址映射
Abstract
摘要
This document extends the Stateless IP/ICMP Translation Algorithm (SIIT) with an Explicit Address Mapping (EAM) algorithm and formally updates RFC 6145. The EAM algorithm facilitates stateless IP/ICMP translation between arbitrary (non-IPv4-translatable) IPv6 endpoints and IPv4.
本文档使用显式地址映射(EAM)算法扩展了无状态IP/ICMP转换算法(SIIT),并正式更新了RFC 6145。EAM算法促进了任意(非IPv4可翻译)IPv6端点和IPv4之间的无状态IP/ICMP转换。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7757.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7757.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 3. Explicit Address Mapping Algorithm . . . . . . . . . . . . . 5 3.1. Explicit Address Mapping Table . . . . . . . . . . . . . 5 3.2. Explicit Address Mapping Specification . . . . . . . . . 6 3.3. IP Address Translation Procedure . . . . . . . . . . . . 6 3.3.1. Address Translation Steps: IPv4 to IPv6 . . . . . . . 7 3.3.2. Address Translation Steps: IPv6 to IPv4 . . . . . . . 7 4. Hairpinning of IPv6 Traffic . . . . . . . . . . . . . . . . . 8 4.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 8 4.2. Recommendation . . . . . . . . . . . . . . . . . . . . . 9 4.2.1. Simple Hairpinning Support . . . . . . . . . . . . . 9 4.2.2. Intrinsic Hairpinning Support . . . . . . . . . . . . 9 5. Overlapping Explicit Address Mappings . . . . . . . . . . . . 10 6. Lack of Checksum Neutrality . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . 12 Appendix A. Use Cases . . . . . . . . . . . . . . . . . . . . . 14 A.1. 464XLAT . . . . . . . . . . . . . . . . . . . . . . . . . 14 A.2. IVI . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 A.3. SIIT-DC . . . . . . . . . . . . . . . . . . . . . . . . . 15 Appendix B. Example IP Address Translations . . . . . . . . . . 15 B.1. Hairpinning Examples . . . . . . . . . . . . . . . . . . 16 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 3. Explicit Address Mapping Algorithm . . . . . . . . . . . . . 5 3.1. Explicit Address Mapping Table . . . . . . . . . . . . . 5 3.2. Explicit Address Mapping Specification . . . . . . . . . 6 3.3. IP Address Translation Procedure . . . . . . . . . . . . 6 3.3.1. Address Translation Steps: IPv4 to IPv6 . . . . . . . 7 3.3.2. Address Translation Steps: IPv6 to IPv4 . . . . . . . 7 4. Hairpinning of IPv6 Traffic . . . . . . . . . . . . . . . . . 8 4.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 8 4.2. Recommendation . . . . . . . . . . . . . . . . . . . . . 9 4.2.1. Simple Hairpinning Support . . . . . . . . . . . . . 9 4.2.2. Intrinsic Hairpinning Support . . . . . . . . . . . . 9 5. Overlapping Explicit Address Mappings . . . . . . . . . . . . 10 6. Lack of Checksum Neutrality . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . 12 Appendix A. Use Cases . . . . . . . . . . . . . . . . . . . . . 14 A.1. 464XLAT . . . . . . . . . . . . . . . . . . . . . . . . . 14 A.2. IVI . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 A.3. SIIT-DC . . . . . . . . . . . . . . . . . . . . . . . . . 15 Appendix B. Example IP Address Translations . . . . . . . . . . 15 B.1. Hairpinning Examples . . . . . . . . . . . . . . . . . . 16 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
The Stateless IP/ICMP Translation Algorithm (SIIT) [RFC6145] specifies that when translating IPv4 addresses to IPv6 and vice versa, all addresses must be translated using the algorithm specified in [RFC6052]. This document specifies an alternative to the algorithm specified in [RFC6052], where IP addresses are translated according to a table of Explicit Address Mappings configured on the stateless translator. This removes the previous constraint that IPv6 nodes that communicate with IPv4 nodes through SIIT must be configured with IPv4-translatable IPv6 addresses.
无状态IP/ICMP转换算法(SIIT)[RFC6145]规定,当将IPv4地址转换为IPv6或反之亦然时,必须使用[RFC6052]中指定的算法转换所有地址。本文档指定了[RFC6052]中指定的算法的替代方案,其中IP地址根据无状态转换器上配置的显式地址映射表进行转换。这消除了以前的限制,即通过SIIT与IPv4节点通信的IPv6节点必须配置IPv4可翻译IPv6地址。
Translation using the Explicit Address Mapping Table does not replace [RFC6052]. For most use cases, it is expected that both algorithms are used in concert. The Explicit Address Mapping algorithm is used only when a mapping matching the address to be translated exists. If no matching mapping exists, the algorithm specified in [RFC6052] will
使用显式地址映射表的转换不会替换[RFC6052]。对于大多数用例,预期这两种算法都会协同使用。仅当存在与要翻译的地址匹配的映射时,才使用显式地址映射算法。如果不存在匹配映射,[RFC6052]中指定的算法将
be used instead. Thus, when translating an individual IP packet, an SIIT implementation might translate one of the two IP address fields according to an EAM, while the other IP address field is translated according to [RFC6052].
我们可以用它来代替。因此,在翻译单个IP数据包时,SIIT实现可能会根据EAM翻译两个IP地址字段中的一个,而另一个IP地址字段则根据[RFC6052]进行翻译。
This document makes use of the following terms:
本文件使用了以下术语:
EAM: An Explicit Address Mapping, as specified in Section 3.2.
EAM:第3.2节规定的显式地址映射。
EAMT: The Explicit Address Mapping Table, as specified in Section 3.1.
EAMT:第3.1节规定的显式地址映射表。
Inner (header or address): Refers to an IP header located inside the payload of an ICMP error packet or to an IP address within that header. Compare with "Outer".
内部(报头或地址):指位于ICMP错误数据包有效负载内的IP报头或该报头内的IP地址。与“外部”相比。
Outer (header or address): Refers to the first IP header in a packet or to an IP address within that header. In other words, an IP header or address that is NOT "Inner". If a reference is made to an IP header or address without the "Inner" or "Outer" qualifier, it should be considered as "Outer".
外部(报头或地址):指数据包中的第一个IP报头或该报头中的IP地址。换句话说,不是“内部”的IP头或地址。如果引用的IP头或地址没有“内部”或“外部”限定符,则应将其视为“外部”。
SIIT: The Stateless IP/ICMP Translation Algorithm, as specified in [RFC6145].
SIIT:无状态IP/ICMP转换算法,如[RFC6145]所述。
XLAT: Short for "translation".
XLAT:翻译的缩写。
IPv4-Converted IPv6 Addresses: As defined in Section 1.3 of [RFC6052].
IPv4转换的IPv6地址:如[RFC6052]第1.3节所定义。
IPv4-Translatable IPv6 Addresses: As defined in Section 1.3 of [RFC6052].
IPv4可翻译IPv6地址:如[RFC6052]第1.3节所定义。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Section 3.2.1 of [RFC6144] notes that "stateless translation mechanisms typically put constraints on what IPv6 addresses can be assigned to IPv6 nodes that want to communicate with IPv4 destinations using an algorithmic mapping." In practice, this means that the IPv6 nodes must be configured with IPv4-translatable IPv6 addresses. For the reasons discussed below, some environments may find that the use of IPv4-translatable IPv6 addresses is not desired or even possible.
[RFC6144]第3.2.1节指出,“无状态转换机制通常会限制哪些IPv6地址可以分配给希望使用算法映射与IPv4目的地通信的IPv6节点。”实际上,这意味着IPv6节点必须配置IPv4可转换IPv6地址。出于下面讨论的原因,某些环境可能会发现使用IPv4可翻译IPv6地址是不理想的,甚至是不可能的。
Limited availability: The number of IPv4-translatable IPv6 addresses available to an operator is equal to the number of IPv4 addresses that is assigned to the SIIT function. IPv4 addresses are scarce, and as a result, an operator might not have enough IPv4-translatable IPv6 addresses to number the entire IPv6 infrastructure.
有限可用性:运营商可用的IPv4可翻译IPv6地址数等于分配给SIIT功能的IPv4地址数。IPv4地址很少,因此,运营商可能没有足够的IPv4可翻译IPv6地址来为整个IPv6基础设施编号。
Restricted format: IPv4-translatable IPv6 addresses must conform to the format specified in Section 2.2 of [RFC6052]. This format is not compatible with other common IPv6 address formats, such as the IPv6 address format based on the 64-bit Extended Unique Identifier (EUI-64) and used by IPv6 Stateless Address Autoconfiguration [RFC4862].
受限格式:IPv4可翻译IPv6地址必须符合[RFC6052]第2.2节中指定的格式。此格式与其他常见IPv6地址格式不兼容,例如基于64位扩展唯一标识符(EUI-64)并由IPv6无状态地址自动配置使用的IPv6地址格式[RFC4862]。
An operator could overcome the above two problems by building an IPv6 network using regular (non-IPv4-translatable) IPv6 addresses and assigning IPv4-translatable IPv6 addresses as secondary addresses on the nodes that want to communicate with IPv4 nodes through SIIT only. However, doing so may result in a new set of undesired consequences:
运营商可以通过使用常规(非IPv4-可翻译)IPv6地址构建IPv6网络,并将IPv4-可翻译IPv6地址分配为只希望通过SIIT与IPv4节点通信的节点上的辅助地址,从而克服上述两个问题。但是,这样做可能会导致一系列新的不期望的后果:
Routing complexity: The IPv4-translatable IPv6 addresses must be routed throughout the IPv6 network separately from the primary (non-IPv4-translatable) IPv6 addresses used by the nodes. It might be impossible to aggregate these routes, as two adjacent IPv4-translatable IPv6 addresses might not be assigned to two adjacent IPv6 nodes. As a result, in order to support SIIT, the IPv6 network might need to carry a large number of extraneous routes. These routes must be separately injected into the IPv6 routing topology somehow. Any intermediate devices in the IPv6 network such as a firewall might require special configuration in order to treat the IPv4-translatable IPv6 address the same as the primary IPv6 address, for example, by requiring that any Access Control List (ACL) entries involving the primary IPv6 address of a node must be duplicated.
路由复杂性:IPv4可翻译IPv6地址必须与节点使用的主(非IPv4可翻译)IPv6地址分开在整个IPv6网络中路由。可能无法聚合这些路由,因为两个相邻的IPv4可翻译IPv6地址可能未分配给两个相邻的IPv6节点。因此,为了支持SIIT,IPv6网络可能需要承载大量无关的路由。这些路由必须以某种方式单独注入IPv6路由拓扑。IPv6网络中的任何中间设备(如防火墙)可能需要特殊配置,以便将IPv4可翻译IPv6地址视为与主IPv6地址相同的地址,例如,要求必须复制涉及节点主IPv6地址的任何访问控制列表(ACL)条目。
Operational complexity: The IPv4-translatable IPv6 addresses not only have to be assigned to the IPv6 nodes participating in SIIT, but also all applications and services on those nodes must be configured to use them. For example, if the IPv6 node is a load balancer, it might require a separate virtual server definition using the IPv4-translatable IPv6 address in addition to one using the service's primary IPv6 address. A web server might require specific configuration to listen for connections on both the IPv4-translatable and the primary IPv6 address. A high-availability cluster service must be set up to fail over both addresses between cluster nodes, and depending on how the IPv6 network learns the location of the IPv4-translatable IPv6 address, the fail-over mechanism used for the two addresses might be completely different. Service monitoring must be done for both the IPv4-translatable and the primary IPv6 address, and any troubleshooting procedures must be extended to involve both addresses. Finally, the Default Address Selection Policy Table [RFC6724] on the IPv6 nodes might need to be altered in order to ensure that outbound sessions towards the IPv4 Internet are sourced from an IPv4-translatable IPv6 address.
操作复杂性:IPv4可翻译IPv6地址不仅必须分配给参与SIIT的IPv6节点,而且这些节点上的所有应用程序和服务都必须配置为使用它们。例如,如果IPv6节点是负载平衡器,则除了使用服务的主IPv6地址外,还可能需要使用IPv4可翻译IPv6地址的单独虚拟服务器定义。web服务器可能需要特定配置来侦听IPv4可翻译地址和主IPv6地址上的连接。必须设置高可用性群集服务,以便在群集节点之间对这两个地址进行故障切换,并且根据IPv6网络如何识别IPv4可翻译IPv6地址的位置,用于这两个地址的故障切换机制可能完全不同。必须同时对IPv4可翻译地址和主IPv6地址进行服务监视,并且必须扩展任何故障排除过程以涉及这两个地址。最后,IPv6节点上的默认地址选择策略表[RFC6724]可能需要更改,以确保通向IPv4 Internet的出站会话来自IPv4可翻译IPv6地址。
In short, the use of IPv4-translatable IPv6 addresses in parallel with regular IPv6 addresses is in many ways analogous to the use of dual stack [RFC4213]. While no actual IPv4 packets are used, the IPv4-translatable IPv6 addresses create a secondary "stack" in the infrastructure that must be treated and operated separately from the primary one. This increases the complexity of the overall infrastructure, in turn increasing operational overhead and reducing reliability. An operator who for such reasons finds the use of dual stack unappealing might feel the same way about using SIIT with IPv4-translatable IPv6 addresses.
简言之,IPv4可翻译IPv6地址与常规IPv6地址并行使用在许多方面类似于双堆栈的使用[RFC4213]。虽然没有使用实际的IPv4数据包,但IPv4可翻译IPv6地址在基础结构中创建了一个辅助“堆栈”,必须与主“堆栈”分开处理和操作。这增加了整个基础设施的复杂性,进而增加了运营开销并降低了可靠性。由于这些原因,发现使用双堆栈不具吸引力的运营商可能会对将SIIT与IPv4可翻译IPv6地址一起使用有同样的感受。
This normative section defines the EAM algorithm and formally updates Sections 4.1 and 5.1 of [RFC6145]. Specifically, when the EAM algorithm is applied, it supplants the requirement in [RFC6145] that states that a translator operating in the stateless mode must translate the Source Address and Destination Address IP header fields according to Section 2.3 of [RFC6052].
本规范性章节定义了EAM算法,并正式更新了[RFC6145]第4.1节和第5.1节。具体而言,当应用EAM算法时,它取代了[RFC6145]中的要求,即在无状态模式下运行的转换器必须根据[RFC6052]第2.3节翻译源地址和目标地址IP头字段。
An SIIT implementation includes an EAMT, a conceptual table in which each row represents an EAM. Each EAM describes a mapping between IPv4 and IPv6 prefixes/addresses. An operator populates the EAMT to provide the mappings between the two address families.
SIIT实现包括一个EAMT,一个概念表,其中每一行表示一个EAM。每个EAM描述IPv4和IPv6前缀/地址之间的映射。运算符填充EAMT以提供两个地址族之间的映射。
The EAMT consists of the following columns:
EAMT由以下列组成:
o IPv4 Prefix
o IPv4前缀
o IPv6 Prefix
o IPv6前缀
SIIT implementations MAY include other columns in order to support proprietary extensions to the EAM algorithm.
SIIT实现可能包括其他列,以支持EAM算法的专有扩展。
Throughout this document, figures representing the EAMT contain an Index column using the pound sign as the header. This column is not a required part of this specification; it is included only as a convenience to the reader.
在本文档中,表示EAMT的图形包含一个索引列,使用磅符号作为标题。本栏不是本规范的必要部分;本手册仅为方便读者而提供。
An EAM consists of an IPv4 prefix and an IPv6 prefix. The prefix length MAY be omitted, in which case the implementation MUST assume it to be 32 for IPv4 and 128 for IPv6. Figure 1 illustrates an EAMT containing examples of valid EAMs.
EAM由IPv4前缀和IPv6前缀组成。前缀长度可以省略,在这种情况下,实现必须假定IPv4为32,IPv6为128。图1展示了一个包含有效EAM示例的EAMT。
+---+----------------+----------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+----------------+----------------------+ | 1 | 192.0.2.1 | 2001:db8:aaaa:: | | 2 | 192.0.2.2/32 | 2001:db8:bbbb::b/128 | | 3 | 192.0.2.16/28 | 2001:db8:cccc::/124 | | 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 | | 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 | | 6 | 192.0.2.224/31 | 64:ff9b::/127 | +---+----------------+----------------------+
+---+----------------+----------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+----------------+----------------------+ | 1 | 192.0.2.1 | 2001:db8:aaaa:: | | 2 | 192.0.2.2/32 | 2001:db8:bbbb::b/128 | | 3 | 192.0.2.16/28 | 2001:db8:cccc::/124 | | 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 | | 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 | | 6 | 192.0.2.224/31 | 64:ff9b::/127 | +---+----------------+----------------------+
Figure 1: Example EAMT
图1:EAMT示例
An EAM's IPv4 prefix value MUST have an identical or smaller number of suffix bits than its corresponding IPv6 prefix value.
EAM的IPv4前缀值的后缀位数必须与其相应的IPv6前缀值相同或更小。
Unless otherwise specified in Section 4, an SIIT implementation MUST individually translate each IP address it encounters in the packet's IP headers (including any IP headers contained within ICMP errors) according to Section 3.3.
除非第4节另有规定,否则SIIT实现必须根据第3.3节分别翻译其在数据包IP报头(包括ICMP错误中包含的任何IP报头)中遇到的每个IP地址。
This section describes step by step how an SIIT implementation translates addresses between IPv4 and IPv6. Only the outcome of the algorithm described should be considered normative, that is, an SIIT implementation may implement the exact procedure differently than
本节逐步介绍SIIT实现如何在IPv4和IPv6之间转换地址。只有所述算法的结果才应被视为规范性的,即,SIIT实现可能以不同于
what is described here, but the outcome of the algorithm MUST be the same.
这里描述的是什么,但算法的结果必须是相同的。
For concrete examples of IP address translations, refer to Appendix B.
有关IP地址转换的具体示例,请参阅附录B。
1. The IPv4 prefix column of the EAMT is searched for the EAM entry that shares the longest common prefix with the IPv4 address being translated. The IPv4 prefix and IPv6 prefix values of the EAM entry found is from now on referred to as EAM4 and EAM6, respectively.
1. 将在EAMT的IPv4前缀列中搜索与正在转换的IPv4地址共享最长公共前缀的EAM条目。从现在起,找到的EAM条目的IPv4前缀和IPv6前缀值分别称为EAM4和EAM6。
2. If no matching EAM entry is found, the EAM algorithm is aborted. The SIIT implementation MUST proceed to translate the address in accordance with [RFC6145] (and its updates).
2. 如果未找到匹配的EAM条目,EAM算法将中止。SIIT实施必须根据[RFC6145](及其更新)继续翻译地址。
3. The prefix bits of EAM4 are removed from the IPv4 address being translated. The remaining suffix bits from the IPv4 address being translated are stored in a temporary buffer.
3. EAM4的前缀位将从正在转换的IPv4地址中删除。正在转换的IPv4地址的剩余后缀位存储在临时缓冲区中。
4. The prefix bits of EAM6 are prepended to the temporary buffer.
4. EAM6的前缀位在临时缓冲区的前面。
5. If the temporary buffer at this point does not contain a 128-bit value, it is padded with trailing zeros so that it reaches a length of 128 bits.
5. 如果此时的临时缓冲区不包含128位值,则用尾随零填充它,使其达到128位的长度。
6. The contents of the temporary buffer is the translated IPv6 address.
6. 临时缓冲区的内容是转换后的IPv6地址。
1. The IPv6 prefix column of the EAMT is searched for the EAM entry that shares the longest common prefix with the IPv6 address being translated. The IPv4 prefix and IPv6 prefix values of the EAM entry found is from now on referred to as EAM4 and EAM6, respectively.
1. 将在EAMT的IPv6前缀列中搜索与正在转换的IPv6地址共享最长公共前缀的EAM条目。从现在起,找到的EAM条目的IPv4前缀和IPv6前缀值分别称为EAM4和EAM6。
2. If no matching EAM entry is found, the EAM algorithm is aborted. The SIIT implementation MUST proceed to translate the address in accordance with [RFC6145] (and its updates).
2. 如果未找到匹配的EAM条目,EAM算法将中止。SIIT实施必须根据[RFC6145](及其更新)继续翻译地址。
3. The prefix bits of EAM6 are removed from the IPv6 address being translated. The remaining suffix bits from the IPv6 address being translated are stored in a temporary buffer.
3. EAM6的前缀位将从正在转换的IPv6地址中删除。正在转换的IPv6地址的剩余后缀位存储在临时缓冲区中。
4. The prefix bits of EAM4 are prepended to the temporary buffer.
4. EAM4的前缀位在临时缓冲区的前面。
5. If the temporary buffer at this point does not contain a 32-bit value, any trailing bits are discarded so that the buffer is reduced to a length of 32 bits.
5. 如果此时的临时缓冲区不包含32位值,则丢弃任何尾随位,以便将缓冲区长度减少到32位。
6. The contents of the temporary buffer is the translated IPv4 address.
6. 临时缓冲区的内容是转换后的IPv4地址。
Two IPv6 nodes that are both covered by EAMs might in certain circumstances attempt to communicate through a stateless translator rather than using native IPv6 directly. This happens if one of the nodes initiates traffic towards the IPv4-converted IPv6 address whose embedded IPv4 address matches an EAM that covers the other node. Special consideration is required in order to make this communication pattern work in a bidirectional fashion. This is illustrated by the example below.
EAMs覆盖的两个IPv6节点在某些情况下可能会尝试通过无状态转换器进行通信,而不是直接使用本机IPv6。如果其中一个节点向IPv4转换的IPv6地址发起通信,该地址的嵌入IPv4地址与覆盖另一个节点的EAM匹配,则会发生这种情况。为了使这种通信模式以双向方式工作,需要特别考虑。下面的例子说明了这一点。
Assume that a stateless translator is configured with a translation prefix of 64:ff9b::/96 (per [RFC6052]) and the EAMT shown in Figure 1. The IPv6 node 2001:db8:aaaa:: transmits an IPv6 packet towards 64:ff9b::192.0.2.2, which reaches the translator and is translated into an IPv4 packet with source address 192.0.2.1 and destination address 192.0.2.2. This destination address is found in the EAMT, so the packet loops back into the translation function and is translated back to an IPv6 packet with source address 2001:db8:aaaa:: and destination address 2001:db8:bbbb::b.
假设一个无状态转换器配置了翻译前缀64:ff9b::/96(按照[RFC6052])和图1所示的EAMT。IPv6节点2001:db8:aaaa::向64:ff9b::192.0.2.2传输IPv6数据包,该数据包到达转换器,并被转换为源地址192.0.2.1和目标地址192.0.2.2的IPv4数据包。此目标地址在EAMT中找到,因此数据包循环回转换函数,并被转换回具有源地址2001:db8:aaaa::和目标地址2001:db8:bbbb::b的IPv6数据包。
While this packet will reach its destination just fine, a problem will occur when 2001:db8:bbbb::b responds to it. The response packet will have a source address of 2001:db8:bbbb::b and a destination address of 2001:db8:aaaa:: and will be routed directly to its destination without being subjected to any form of translation. Because the source address of this response packet (2001:db8:bbbb::b) is not equal to the destination address of the initial outgoing packet (64:ff9b::192.0.2.2), the packet will most likely be discarded by 2001:db8:aaaa::, and bidirectional communication will most likely fail.
虽然这个数据包可以很好地到达其目的地,但是当2001:db8:bbbb::b响应它时会出现问题。响应数据包的源地址为2001:db8:bbbb::b,目标地址为2001:db8:aaaa::并且将直接路由到其目标,而不进行任何形式的转换。由于此响应数据包(2001:db8:bbbb::b)的源地址不等于初始传出数据包(64:ff9b::192.0.2.2)的目标地址,因此该数据包极有可能被2001:db8:aaaa::)丢弃,双向通信极有可能失败。
The above scenario could be made to work by ensuring that the stateless translator is hairpinning the traffic in both directions. Section 4.2 describes how this is accomplished. The resulting address translations are demonstrated step by step in Appendix B.1.
通过确保无状态转换器在两个方向上对通信量进行发夹,可以使上述场景正常工作。第4.2节描述了如何实现这一点。产生的地址转换在附录B.1中逐步演示。
An SIIT implementation SHOULD include a feature that ensures that hairpinned IPv6 traffic is supported. The feature SHOULD be enabled by default. The following two subsections describe two alternate ways to implement this feature. An implementation MAY support both approaches.
SIIT实现应包括一项功能,以确保支持发夹式IPv6流量。默认情况下应启用该功能。以下两小节描述了实现此功能的两种可选方法。一个实现可以支持这两种方法。
When the simple hairpinning feature is enabled, the translator employs the following rules when translating from IPv4 to IPv6:
启用简单发夹功能后,转换器在从IPv4转换到IPv6时将采用以下规则:
1. If the packet is not an ICMPv4 error: The EAM algorithm MUST NOT be used in order to translate the source address in the IPv4 header.
1. 如果数据包不是ICMPv4错误:不得使用EAM算法翻译IPv4报头中的源地址。
2. If the packet is an ICMPv4 error: The EAM algorithm MUST NOT be used when translating the destination address in the inner IPv4 header.
2. 如果数据包是ICMPv4错误:在转换内部IPv4报头中的目标地址时,不得使用EAM算法。
3. If the packet is an ICMPv4 error whose outer IPv4 source address is equal to its inner IPv4 destination address: The EAM algorithm MUST NOT be used in order to translate the source address in the outer IPv4 header.
3. 如果数据包是外部IPv4源地址等于其内部IPv4目标地址的ICMPv4错误:不得使用EAM算法翻译外部IPv4报头中的源地址。
Rules #2 and #3 are cumulative.
规则2和规则3是累积的。
The addresses in question MUST instead be translated according to [RFC6145], as if they did not match any EAM.
问题中的地址必须按照[RFC6145]进行翻译,就像它们不匹配任何EAM一样。
When the intrinsic hairpinning feature is enabled, the translator employs the following rules after having translated an IPv6 packet to IPv4:
启用内部发夹功能时,转换器在将IPv6数据包转换为IPv4后采用以下规则:
If all the conditions in either of the two sets below are true, the packet is to be hairpinned. The implementation MUST immediately (i.e., prior to forwarding it to the IPv4 network) translate the packet back to IPv6. During the second translation pass, the behavior specified in Section 4.2.1 MUST be applied, and the Hop Limit field SHOULD NOT be decremented.
如果下面两组中的任何一组中的所有条件都为真,则该数据包将被发夹。实现必须立即(即,在将数据包转发到IPv4网络之前)将数据包转换回IPv6。在第二次转换过程中,必须应用第4.2.1节中规定的行为,且跳数限制字段不应减少。
Condition set A:
条件集A:
A1. The packet is not an ICMPv4 error.
A1。该数据包不是ICMPv4错误。
A2. The destination address was translated using the algorithm in [RFC6052].
A2。使用[RFC6052]中的算法转换目标地址。
A3. The destination address is found in the EAMT.
A3。在EAMT中找到目标地址。
Condition set B:
条件集B:
B1. The packet is an ICMPv4 error.
B1。该数据包是ICMPv4错误。
B2. The inner source address was translated using the algorithm in [RFC6052].
B2。使用[RFC6052]中的算法翻译内部源地址。
B3. The inner source address is found in the EAMT.
B3。内部源地址位于EAMT中。
The algorithm specified in Section 3 relies on making a lookup in the EAMT in order to find the EAM entry that shares the longest common prefix with the address being translated. Operators should note that configuring EAMs with overlapping or identical IPv4 or IPv6 prefixes in the EAMT may create configurations where the IPv4-to-IPv6 and IPv6-to-IPv4 address translations will not be symmetric. This may in some cases make bidirectional communication impossible.
第3节中指定的算法依赖于在EAMT中进行查找,以找到与被翻译地址共享最长公共前缀的EAM条目。运营商应注意,在EAMT中配置具有重叠或相同IPv4或IPv6前缀的EAM可能会创建IPv4到IPv6和IPv6到IPv4地址转换不对称的配置。在某些情况下,这可能使双向通信变得不可能。
EAM #1 in the example EAMT (Figure 2) could be thought of as implementing IVI (Appendix A.2), while EAM #2 introduces a single exception in the style of SIIT-DC (Appendix A.3). The IPv4 prefixes of the two EAMs overlap, while the IPv6 prefixes do not. This results in a situation where the IPv6 address 2001:db8:ffc6:3364:4000:: will be translated (according to EAM #1) to the IPv4 address 198.51.100.64. However, when this IPv4 address is translated back to IPv6, it will be translated (according to EAM #2) to the IPv6 address 2001:db8::abcd. Because the IPv4-to-IPv6 translation in this example does not mirror the corresponding IPv6- to-IPv4 translation, bidirectional communication involving the IPv6 address 2001:db8:ffc6:3364:4000:: might fail. In order to help avoid such situations, implementations MAY warn the operator when a new EAM that overlaps with a previously existing one is inserted into the EAMT.
示例EAMT(图2)中的EAM#1可被视为实现IVI(附录A.2),而EAM#2以SIIT-DC(附录A.3)的形式引入了一个例外。两个EAM的IPv4前缀重叠,而IPv6前缀不重叠。这导致IPv6地址2001:db8:ffc6:3364:4000::将(根据EAM#1)转换为IPv4地址198.51.100.64。但是,当此IPv4地址转换回IPv6时,它将(根据EAM#2)转换为IPv6地址2001:db8::abcd。由于本例中的IPv4到IPv6转换未镜像相应的IPv6到IPv4转换,因此涉及IPv6地址2001:db8:ffc6:3364:4000::的双向通信可能会失败。为了帮助避免这种情况,当一个与先前存在的EAM重叠的新EAM插入EAMT时,实现可能会向操作员发出警告。
+---+------------------+--------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+------------------+--------------------+ | 1 | 0.0.0.0/0 | 2001:db8:ff00::/40 | | 2 | 198.51.100.64/32 | 2001:db8::abcd/128 | +---+------------------+--------------------+
+---+------------------+--------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+------------------+--------------------+ | 1 | 0.0.0.0/0 | 2001:db8:ff00::/40 | | 2 | 198.51.100.64/32 | 2001:db8::abcd/128 | +---+------------------+--------------------+
Figure 2: EAMT Containing Overlapping IPv4 Prefixes
图2:包含重叠IPv4前缀的EAMT
In Figure 3, the IPv6 prefixes of the two EAMs are identical. The behavior of the stateless translator when translating an IPv6 packet that contains the address 2001:db8::1 to IPv4 is in this case unspecified. In order to prevent this situation from occurring, implementations MAY refuse to insert a new EAM, whose IPv4 or IPv6 prefix value is identical to that of an already existing EAM, into the EAMT.
在图3中,两个EAM的IPv6前缀是相同的。在本例中,未指定将包含地址2001:db8::1的IPv6数据包转换为IPv4时无状态转换器的行为。为了防止这种情况发生,实现可能会拒绝将IPv4或IPv6前缀值与现有EAM前缀值相同的新EAM插入EAMT。
+---+-----------------+-----------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+-----------------+-----------------+ | 1 | 198.51.100.8/32 | 2001:db8::1/128 | | 2 | 198.51.100.9/32 | 2001:db8::1/128 | +---+-----------------+-----------------+
+---+-----------------+-----------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+-----------------+-----------------+ | 1 | 198.51.100.8/32 | 2001:db8::1/128 | | 2 | 198.51.100.9/32 | 2001:db8::1/128 | +---+-----------------+-----------------+
Figure 3: EAMT Containing Identical IPv6 Prefixes
图3:包含相同IPv6前缀的EAMT
When one or both of the address fields in an IP/ICMP packet are translated according to the EAM algorithm, the translation cannot be relied upon to be checksum neutral, even if the well-known prefix 64:ff9b::/96 is used. This consideration is discussed in more detail in Section 4.1 of [RFC6052].
当IP/ICMP数据包中的一个或两个地址字段根据EAM算法进行翻译时,即使使用了众所周知的前缀64:ff9b::/96,也不能依赖翻译为校验和中性。[RFC6052]第4.1节详细讨论了这一考虑因素。
The EAM algorithm does not introduce any new security issues beyond those that are already discussed in Section 7 of [RFC6145].
除了[RFC6145]第7节中已经讨论的安全问题外,EAM算法不会引入任何新的安全问题。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, DOI 10.17487/RFC6052, October 2010, <http://www.rfc-editor.org/info/rfc6052>.
[RFC6052]Bao,C.,Huitema,C.,Bagnulo,M.,Boucadair,M.,和X.Li,“IPv4/IPv6转换器的IPv6寻址”,RFC 6052,DOI 10.17487/RFC6052,2010年10月<http://www.rfc-editor.org/info/rfc6052>.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", RFC 6145, DOI 10.17487/RFC6145, April 2011, <http://www.rfc-editor.org/info/rfc6145>.
[RFC6145]Li,X.,Bao,C.,和F.Baker,“IP/ICMP翻译算法”,RFC 6145DOI 10.17487/RFC6145,2011年4月<http://www.rfc-editor.org/info/rfc6145>.
[RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, DOI 10.17487/RFC4213, October 2005, <http://www.rfc-editor.org/info/rfc4213>.
[RFC4213]Nordmark,E.和R.Gilligan,“IPv6主机和路由器的基本转换机制”,RFC 4213,DOI 10.17487/RFC4213,2005年10月<http://www.rfc-editor.org/info/rfc4213>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007, <http://www.rfc-editor.org/info/rfc4862>.
[RFC4862]Thomson,S.,Narten,T.和T.Jinmei,“IPv6无状态地址自动配置”,RFC 4862,DOI 10.17487/RFC4862,2007年9月<http://www.rfc-editor.org/info/rfc4862>.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for IPv4/IPv6 Translation", RFC 6144, DOI 10.17487/RFC6144, April 2011, <http://www.rfc-editor.org/info/rfc6144>.
[RFC6144]Baker,F.,Li,X.,Bao,C.,和K.Yin,“IPv4/IPv6转换框架”,RFC 6144DOI 10.17487/RFC6144,2011年4月<http://www.rfc-editor.org/info/rfc6144>.
[RFC6219] Li, X., Bao, C., Chen, M., Zhang, H., and J. Wu, "The China Education and Research Network (CERNET) IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition", RFC 6219, DOI 10.17487/RFC6219, May 2011, <http://www.rfc-editor.org/info/rfc6219>.
[RFC6219]Li,X.,Bao,C.,Chen,M.,Zhang,H.,和J.Wu,“针对IPv4/IPv6共存和过渡的中国教育和研究网络(CERNET)IVI翻译设计和部署”,RFC 6219,DOI 10.17487/RFC6219,2011年5月<http://www.rfc-editor.org/info/rfc6219>.
[RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, <http://www.rfc-editor.org/info/rfc6724>.
[RFC6724]Thaler,D.,Ed.,Draves,R.,Matsumoto,A.,和T.Chown,“互联网协议版本6(IPv6)的默认地址选择”,RFC 6724,DOI 10.17487/RFC67242012年9月<http://www.rfc-editor.org/info/rfc6724>.
[RFC6791] Li, X., Bao, C., Wing, D., Vaithianathan, R., and G. Huston, "Stateless Source Address Mapping for ICMPv6 Packets", RFC 6791, DOI 10.17487/RFC6791, November 2012, <http://www.rfc-editor.org/info/rfc6791>.
[RFC6791]Li,X.,Bao,C.,Wing,D.,Vaitianathan,R.,和G.Huston,“ICMPv6数据包的无状态源地址映射”,RFC 6791,DOI 10.17487/RFC6791192012年11月<http://www.rfc-editor.org/info/rfc6791>.
[RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: Combination of Stateful and Stateless Translation", RFC 6877, DOI 10.17487/RFC6877, April 2013, <http://www.rfc-editor.org/info/rfc6877>.
[RFC6877]Mawatari,M.,Kawashima,M.,和C.Byrne,“464XLAT:有状态和无状态翻译的组合”,RFC 6877,DOI 10.17487/RFC6877,2013年4月<http://www.rfc-editor.org/info/rfc6877>.
[RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335, DOI 10.17487/RFC7335, August 2014, <http://www.rfc-editor.org/info/rfc7335>.
[RFC7335]Byrne,C.,“IPv4服务连续性前缀”,RFC 7335,DOI 10.17487/RFC7335,2014年8月<http://www.rfc-editor.org/info/rfc7335>.
[RFC7755] Anderson, T., "SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Center Environments", RFC 7755, DOI 10.17487/RFC7755, February 2016, <http://www.rfc-editor.org/info/rfc7755>.
[RFC7755]Anderson,T.,“SIIT-DC:IPv6数据中心环境的无状态IP/ICMP转换”,RFC 7755,DOI 10.17487/RFC7755,2016年2月<http://www.rfc-editor.org/info/rfc7755>.
The following subsections describe some use cases that at the time of writing leverage SIIT with the EAM algorithm.
以下小节描述了在编写本文时使用EAM算法利用SIIT的一些用例。
When the customer-side translator (CLAT) component in the 464XLAT [RFC6877] architecture does not have a dedicated IPv6 prefix assigned, it may instead use "one interface IPv6 address that is claimed by the CLAT." This IPv6 address might not be IPv4-translatable. If this is the case, the CLAT essentially implements the EAM algorithm using an EAMT as follows (assuming the CLAT's IPv4 address is picked from the IPv4 Service Continuity Prefix [RFC7335]):
当464XLAT[RFC6877]体系结构中的客户端转换器(CLAT)组件未分配专用IPv6前缀时,它可以改为使用“CLAT声明的一个接口IPv6地址”。此IPv6地址可能不可转换为IPv4。如果是这种情况,CLAT基本上使用EAMT实现EAM算法,如下所示(假设CLAT的IPv4地址是从IPv4服务连续性前缀[RFC7335]中选取的):
+---+--------------+-------------------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+--------------+-------------------------------+ | 1 | 192.0.0.1/32 | CLAT_claimed_IPv6_address/128 | +---+--------------+-------------------------------+
+---+--------------+-------------------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+--------------+-------------------------------+ | 1 | 192.0.0.1/32 | CLAT_claimed_IPv6_address/128 | +---+--------------+-------------------------------+
Figure 4: Example EAMT for a 464XLAT CLAT
图4:464X车床CLAT的EAMT示例
In this particular use case, the EAM algorithm is used to translate IPv6 destination addresses to IPv4, and conversely, IPv4 source addresses to IPv6. Other addresses are translated using [RFC6052].
在这个特定的用例中,EAM算法用于将IPv6目标地址转换为IPv4,反之,将IPv4源地址转换为IPv6。其他地址使用[RFC6052]进行翻译。
IVI [RFC6219] describes a stateless translation model that embeds IPv4 addresses in a 40-bit translation prefix where bits 33-40 are required to be 1. The embedded IPv4 address is located in bits 41-72 of the IPv6 address. Bits 73-128 are required to be 0.
IVI[RFC6219]描述了一种无状态转换模型,该模型将IPv4地址嵌入到40位转换前缀中,其中位33-40要求为1。嵌入的IPv4地址位于IPv6地址的第41-72位。位73-128要求为0。
The location of the eight least significant IPv4 address bits makes the IVI address mapping differ from [RFC6052].
八个最低有效IPv4地址位的位置使IVI地址映射不同于[RFC6052]。
+---+-------------+--------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+-------------+--------------------+ | 1 | 0.0.0.0/0 | 2001:db8:ff00::/40 | +---+-------------+--------------------+
+---+-------------+--------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+-------------+--------------------+ | 1 | 0.0.0.0/0 | 2001:db8:ff00::/40 | +---+-------------+--------------------+
Figure 5: Example EAMT for IVI
图5:IVI的EAMT示例
In this particular use case, all addresses are translated according to the EAM algorithm. In other words, [RFC6052] mapping is not used at all.
在这个特定的用例中,所有地址都根据EAM算法进行转换。换句话说,根本不使用[RFC6052]映射。
SIIT-DC [RFC7755] describes the use of SIIT to facilitate connectivity from the IPv4 Internet to services hosted in an IPv6-only data center. In order to avoid the constraints relating to the use of IPv4-translatable IPv6 addresses discussed in Section 2, the stateless IPv4/IPv6 translators are provisioned with an EAMT containing one entry per IPv6-only service that are to be made available from the IPv4 Internet, for example (assuming 2001:db8:aaaa::1 and 2001:db8:bbbb::1 are assigned to load balancers or servers that provide the IPv6-only services in question):
SIIT-DC[RFC7755]描述了SIIT的使用,以促进从IPv4 Internet到仅IPv6数据中心托管的服务的连接。为了避免与第2节中讨论的IPv4可翻译IPv6地址的使用相关的限制,为无状态IPv4/IPv6转换器提供一个EAMT,该EAMT包含每个仅限IPv6的服务的一个条目,这些服务将从IPv4 Internet提供,例如(假设将2001:db8:aaaa::1和2001:db8:bbbb::1分配给提供所讨论的仅IPv6服务的负载平衡器或服务器):
+---+----------------+----------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+----------------+----------------------+ | 1 | 203.0.113.1/32 | 2001:db8:aaaa::1/128 | | 2 | 203.0.113.2/32 | 2001:db8:bbbb::1/128 | +---+----------------+----------------------+
+---+----------------+----------------------+ | # | IPv4 Prefix | IPv6 Prefix | +---+----------------+----------------------+ | 1 | 203.0.113.1/32 | 2001:db8:aaaa::1/128 | | 2 | 203.0.113.2/32 | 2001:db8:bbbb::1/128 | +---+----------------+----------------------+
Figure 6: Example EAMT for SIIT-DC
图6:SIIT-DC的EAMT示例
In this particular use case, the EAM algorithm is used to translate IPv4 destination addresses to IPv6, and conversely, IPv6 source addresses to IPv4. Other addresses are translated using [RFC6052].
在这个特定的用例中,EAM算法用于将IPv4目标地址转换为IPv6,反之,将IPv6源地址转换为IPv4。其他地址使用[RFC6052]进行翻译。
Figure 7 demonstrates how a set of example IP addresses are translated given the example EAMT in Figure 1. Implementors may use the examples given to develop test cases to validate correct operation. Note that the address translations are bidirectional, so a single row in the table describes two address translations: IPv4 to IPv6 and IPv6 to IPv4.
图7展示了给定图1中的示例EAMT,如何转换一组示例IP地址。实现者可以使用给出的示例来开发测试用例,以验证正确的操作。请注意,地址转换是双向的,因此表中的一行描述了两种地址转换:IPv4到IPv6和IPv6到IPv4。
It is also assumed that the translation prefix is configured to be 64:ff9b::/96 (per [RFC6052]).
还假设翻译前缀配置为64:ff9b::/96(根据[RFC6052])。
+--------------+------------------------+-----------------------+ | IPv4 Address | IPv6 Address | Comment | +--------------+------------------------+-----------------------+ | 192.0.2.1 | 2001:db8:aaaa:: | According to EAM #1 | | 192.0.2.2 | 2001:db8:bbbb::b | According to EAM #2 | | 192.0.2.16 | 2001:db8:cccc:: | According to EAM #3 | | 192.0.2.24 | 2001:db8:cccc::8 | According to EAM #3 | | 192.0.2.31 | 2001:db8:cccc::f | According to EAM #3 | | 192.0.2.128 | 2001:db8:dddd:: | According to EAM #4 | | 192.0.2.152 | 2001:db8:dddd:0:6000:: | According to EAM #4 | | 192.0.2.183 | 2001:db8:dddd:0:dc00:: | According to EAM #4 | | 192.0.2.191 | 2001:db8:dddd:0:fc00:: | According to EAM #4 | | 192.0.2.195 | 2001:db8:eeee:9:8000:: | According to EAM #5 | | 192.0.2.225 | 64:ff9b::1 | According to EAM #6 | | 192.0.2.248 | 64:ff9b::c000:2f8 | According to RFC 6052 | +--------------+------------------------+-----------------------+
+--------------+------------------------+-----------------------+ | IPv4 Address | IPv6 Address | Comment | +--------------+------------------------+-----------------------+ | 192.0.2.1 | 2001:db8:aaaa:: | According to EAM #1 | | 192.0.2.2 | 2001:db8:bbbb::b | According to EAM #2 | | 192.0.2.16 | 2001:db8:cccc:: | According to EAM #3 | | 192.0.2.24 | 2001:db8:cccc::8 | According to EAM #3 | | 192.0.2.31 | 2001:db8:cccc::f | According to EAM #3 | | 192.0.2.128 | 2001:db8:dddd:: | According to EAM #4 | | 192.0.2.152 | 2001:db8:dddd:0:6000:: | According to EAM #4 | | 192.0.2.183 | 2001:db8:dddd:0:dc00:: | According to EAM #4 | | 192.0.2.191 | 2001:db8:dddd:0:fc00:: | According to EAM #4 | | 192.0.2.195 | 2001:db8:eeee:9:8000:: | According to EAM #5 | | 192.0.2.225 | 64:ff9b::1 | According to EAM #6 | | 192.0.2.248 | 64:ff9b::c000:2f8 | According to RFC 6052 | +--------------+------------------------+-----------------------+
Figure 7: Example IP Address Translations
图7:示例IP地址转换
The following examples show how hairpinned IPv6 packets between the IPv6 nodes 2001:db8:aaaa:: and 2001:db8:bbbb::b are translated according to Section 4. As in Appendix B, the EAMT in Figure 1 is used, and the translation prefix is 64:ff9b::/96 (per [RFC6052]). In addition, the [RFC6791] pool is assumed to contain only the single address 198.51.100.1.
以下示例显示了如何根据第4节翻译IPv6节点2001:db8:aaaa::和2001:db8:bbbb::b之间的发夹式IPv6数据包。如附录B所示,使用图1中的EAMT,翻译前缀为64:ff9b::/96(根据[RFC6052])。此外,假定[RFC6791]池仅包含单个地址198.51.100.1。
+--------------+--------------------+---------------------+ | XLAT Stage | Source Address | Destination Address | +--------------+--------------------+---------------------+ | Initial | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+--------------------+---------------------+ | Intermediate | 192.0.2.1 | 192.0.2.2 | +--------------+--------------------+---------------------+ | Final | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+--------------------+---------------------+
+--------------+--------------------+---------------------+ | XLAT Stage | Source Address | Destination Address | +--------------+--------------------+---------------------+ | Initial | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+--------------------+---------------------+ | Intermediate | 192.0.2.1 | 192.0.2.2 | +--------------+--------------------+---------------------+ | Final | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+--------------------+---------------------+
Figure 8: Hairpinning of a Normal IPv6 Packet
图8:普通IPv6数据包的发夹
Figure 8 illustrates how a normal (i.e., not an ICMP error) IPv6 packet sent from 2001:db8:aaaa:: towards 64:ff9b::192.0.2.2 is hairpinned. In this example, rule #1 in Section 4.2.1 was applied in order to disable the EAM algorithm when translating the intermediate IPv4 source address to IPv6.
图8说明了从2001:db8:aaaa::发送到64:ff9b::192.0.2.2的正常(即不是ICMP错误)IPv6数据包是如何被发夹的。在本例中,应用了第4.2.1节中的规则#1,以便在将中间IPv4源地址转换为IPv6时禁用EAM算法。
+--------------+-------+-----------------------+--------------------+ | XLAT Stage | Loc. | Source Address | Destination Addr. | +--------------+-------+-----------------------+--------------------+ | Initial | Outer | 2001:db8::1234 | 64:ff9b::192.0.2.1 | | | Inner | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+-------+-----------------------+--------------------+ | Intermediate | Outer | 198.51.100.1 | 192.0.2.1 | | | Inner | 192.0.2.1 | 192.0.2.2 | +--------------+-------+-----------------------+--------------------+ | Final | Outer | 64:ff9b::198.51.100.1 | 2001:db8:aaaa:: | | | Inner | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+-------+-----------------------+--------------------+
+--------------+-------+-----------------------+--------------------+ | XLAT Stage | Loc. | Source Address | Destination Addr. | +--------------+-------+-----------------------+--------------------+ | Initial | Outer | 2001:db8::1234 | 64:ff9b::192.0.2.1 | | | Inner | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+-------+-----------------------+--------------------+ | Intermediate | Outer | 198.51.100.1 | 192.0.2.1 | | | Inner | 192.0.2.1 | 192.0.2.2 | +--------------+-------+-----------------------+--------------------+ | Final | Outer | 64:ff9b::198.51.100.1 | 2001:db8:aaaa:: | | | Inner | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+-------+-----------------------+--------------------+
Figure 9: Hairpinning of a Router-Originated ICMPv6 Error
图9:路由器引发的ICMPv6错误的发夹
Figure 9 illustrates the hairpinning of an ICMPv6 error sent by an arbitrary IPv6 router (2001:db8::1234) in response to the packet in Figure 8. In this example, rule #2 in Section 4.2.1 was applied in order to disable the EAM algorithm when translating the intermediate inner IPv4 destination address to IPv6.
图9说明了任意IPv6路由器(2001:db8::1234)响应图8中的数据包发送的ICMPv6错误的发夹。在本例中,应用了第4.2.1节中的规则#2,以便在将中间内部IPv4目标地址转换为IPv6时禁用EAM算法。
+--------------+-------+--------------------+--------------------+ | XLAT Stage | Loc. | Source Address | Destination Addr. | +--------------+-------+--------------------+--------------------+ | Initial | Outer | 2001:db8:bbbb::b | 64:ff9b::192.0.2.1 | | | Inner | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+-------+--------------------+--------------------+ | Intermediate | Outer | 192.0.2.2 | 192.0.2.1 | | | Inner | 192.0.2.1 | 192.0.2.2 | +--------------+-------+--------------------+--------------------+ | Final | Outer | 64:ff9b::192.0.2.2 | 2001:db8:aaaa:: | | | Inner | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+-------+--------------------+--------------------+
+--------------+-------+--------------------+--------------------+ | XLAT Stage | Loc. | Source Address | Destination Addr. | +--------------+-------+--------------------+--------------------+ | Initial | Outer | 2001:db8:bbbb::b | 64:ff9b::192.0.2.1 | | | Inner | 64:ff9b::192.0.2.1 | 2001:db8:bbbb::b | +--------------+-------+--------------------+--------------------+ | Intermediate | Outer | 192.0.2.2 | 192.0.2.1 | | | Inner | 192.0.2.1 | 192.0.2.2 | +--------------+-------+--------------------+--------------------+ | Final | Outer | 64:ff9b::192.0.2.2 | 2001:db8:aaaa:: | | | Inner | 2001:db8:aaaa:: | 64:ff9b::192.0.2.2 | +--------------+-------+--------------------+--------------------+
Figure 10: Hairpinning of a Host-Originated ICMPv6 Error
图10:源于主机的ICMPv6错误的发夹
Figure 10 illustrates the hairpinning of an ICMPv6 error sent by the original destination host itself in response to the packet in Figure 8. In this example, rules #2 and #3 in Section 4.2.1 were both applied in order to disable the EAM algorithm when translating the intermediate inner IPv4 destination address and the intermediate outer IPv4 source address to IPv6.
图10说明了原始目标主机本身发送的ICMPv6错误的发夹,以响应图8中的数据包。在本例中,第4.2.1节中的规则#2和#3均适用于在将中间内部IPv4目标地址和中间外部IPv4源地址转换为IPv6时禁用EAM算法。
+--------------+--------------------+---------------------+ | XLAT Stage | Source Address | Destination Address | +--------------+--------------------+---------------------+ | Initial | 2001:db8:bbbb::b | 64:ff9b::192.0.2.1 | +--------------+--------------------+---------------------+ | Intermediate | 192.0.2.2 | 192.0.2.1 | +--------------+--------------------+---------------------+ | Final | 64:ff9b::192.0.2.2 | 2001:db8:aaaa:: | +--------------+--------------------+---------------------+
+--------------+--------------------+---------------------+ | XLAT Stage | Source Address | Destination Address | +--------------+--------------------+---------------------+ | Initial | 2001:db8:bbbb::b | 64:ff9b::192.0.2.1 | +--------------+--------------------+---------------------+ | Intermediate | 192.0.2.2 | 192.0.2.1 | +--------------+--------------------+---------------------+ | Final | 64:ff9b::192.0.2.2 | 2001:db8:aaaa:: | +--------------+--------------------+---------------------+
Figure 11: Hairpinning of Normal Response Packet
图11:正常响应数据包的发夹
Figure 11 illustrates how the response from 2001:db8:bbbb::b to the packet in Figure 8 is hairpinned in the exact same fashion as the initial packet. Again, rule #1 in Section 4.2.1 was applied in order to disable the EAM algorithm when translating the intermediate IPv4 source address to IPv6. The example is included in order to illustrate how the addresses in the packet initially sent by 2001:db8:aaaa:: match those in the translated response packet sent by 2001:db8:bbbb::b, thus facilitating bidirectional communication.
图11说明了从2001:db8:bbbb::b到图8中的数据包的响应是如何以与初始数据包完全相同的方式进行发夹的。同样,第4.2.1节中的规则#1用于在将中间IPv4源地址转换为IPv6时禁用EAM算法。包括该示例是为了说明最初由2001:db8:aaaa::发送的包中的地址如何与由2001:db8:bbbb::b发送的翻译响应包中的地址匹配,从而促进双向通信。
Acknowledgements
致谢
This document was conceived due to comments made by Dave Thaler in the V6OPS session at IETF 91 as well as email discussions between Fred Baker and the authors.
本文件是根据Dave Thaler在IETF 91的V6OPS会议上的评论以及Fred Baker和作者之间的电子邮件讨论而构思的。
Valuable reviews, suggestions, and other feedback was given by Fred Baker, Mohamed Boucadair, Cameron Byrne, Brian E. Carpenter, Brian Haberman, Ray Hunter, Alvaro Retana, Michael Richardson, Dan Romascanu, Hemant Singh, and Andrew Yourtchenko.
Fred Baker、Mohamed Boucadair、Cameron Byrne、Brian E.Carpenter、Brian Haberman、Ray Hunter、Alvaro Retana、Michael Richardson、Dan Romascanu、Hemant Singh和Andrew Yourtchenko提供了宝贵的评论、建议和其他反馈。
Authors' Addresses
作者地址
Tore Anderson Redpill Linpro Vitaminveien 1A 0485 Oslo Norway
挪威奥斯陆Tore Anderson Redpill Linpro Vitaminveien 1A 0485
Phone: +47 959 31 212 Email: tore@redpill-linpro.com URI: http://www.redpill-linpro.com
Phone: +47 959 31 212 Email: tore@redpill-linpro.com URI: http://www.redpill-linpro.com
Alberto Leiva Popper NIC Mexico Av. Eugenio Garza Sada 427 L4-6 Monterrey, Nuevo Leon 64840 Mexico
阿尔贝托·莱瓦·波普尔墨西哥大道。Eugenio Garza Sada 427 L4-6蒙特雷,新莱昂64840墨西哥
Email: ydahhrk@gmail.com URI: http://www.nicmexico.mx/
Email: ydahhrk@gmail.com URI: http://www.nicmexico.mx/