Independent Submission S. Vinapamula Request for Comments: 7785 Juniper Networks Category: Informational M. Boucadair ISSN: 2070-1721 Orange February 2016
Independent Submission S. Vinapamula Request for Comments: 7785 Juniper Networks Category: Informational M. Boucadair ISSN: 2070-1721 Orange February 2016
Recommendations for Prefix Binding in the Context of Softwire Dual-Stack Lite
软线双栈Lite环境中前缀绑定的建议
Abstract
摘要
This document discusses issues induced by the change of the Dual-Stack Lite (DS-Lite) Basic Bridging BroadBand (B4) IPv6 address and sketches a set of recommendations to solve those issues.
本文档讨论了双栈Lite(DS Lite)基本桥接宽带(B4)IPv6地址更改引起的问题,并提出了一组解决这些问题的建议。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7785.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7785.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 2. The Problem . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Introducing Subscriber-Mask . . . . . . . . . . . . . . . . . 4 4. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 2. The Problem . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Introducing Subscriber-Mask . . . . . . . . . . . . . . . . . 4 4. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
IPv6 deployment models assume IPv6 prefixes are delegated by Service Providers to the connected CPEs (Customer Premises Equipment) or hosts, which in turn derive IPv6 addresses from that prefix. In the case of Dual-Stack Lite (DS-Lite) [RFC6333], which is an IPv4 service continuity mechanism over an IPv6 network, the Basic Bridging BroadBand (B4) element derives an IPv6 address for the IPv4-in-IPv6 softwire setup purposes.
IPv6部署模型假定IPv6前缀由服务提供商委派给连接的CPE(客户场所设备)或主机,而这些主机又从该前缀派生IPv6地址。在双栈Lite(DS Lite)[RFC6333]的情况下,它是IPv6网络上的IPv4服务连续性机制,基本桥接宽带(B4)元素为IPv4-In-IPv6软线设置目的派生IPv6地址。
The B4 element might obtain a new IPv6 address for a variety of reasons that include (but are not limited to) a reboot of the CPE, power outage, DHCPv6 lease expiry, or other actions undertaken by the Service Provider. If this occurs, traffic forwarded to a B4's previous IPv6 address may never reach its destination or may be delivered to another B4 that now uses the address formerly assigned to the original B4. This situation affects all mapping types, both implicit (e.g., by sending a TCP SYN) and explicit (e.g., using Port Control Protocol (PCP) [RFC6887]). The problem is further elaborated in Section 2.
B4元件可能出于各种原因获得新的IPv6地址,这些原因包括(但不限于)CPE重新启动、断电、DHCPv6租约到期或服务提供商采取的其他行动。如果发生这种情况,转发到B4先前IPv6地址的流量可能永远不会到达其目的地,或者可能会被传递到另一个B4,该B4现在使用先前分配给原始B4的地址。这种情况会影响所有映射类型,包括隐式映射(例如,通过发送TCP SYN)和显式映射(例如,使用端口控制协议(PCP)[RFC6887])。第2节进一步阐述了这个问题。
This document proposes recommendations to soften the impact of such renumbering issues (Section 4).
本文件提出了软化此类重新编号问题影响的建议(第4节)。
This document complements [RFC6908].
本文件是对[RFC6908]的补充。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Since private IPv4 addresses assigned to hosts serviced by a B4 element overlap across multiple CPEs, the IPv6 address of a B4 element plays a key role in demultiplexing connections, enforcing policies, and in identifying associated resources assigned for each of the connections maintained by the Address Family Transition Router (AFTR) [RFC6333]. For example, these resources maintain state of Endpoint-Independent Mapping (EIM) as defined in Section 4.1 of [RFC4787], Endpoint-Independent Filtering (EIF) as defined in Section 5 of [RFC4787], preserve the external IPv4 address assigned in the AFTR (i.e., "IP address pooling" behavior as defined in Section 4.1 of [RFC4787]), PCP mappings, etc.
由于分配给B4元素服务的主机的专用IPv4地址在多个CPE之间重叠,B4元素的IPv6地址在解复用连接、实施策略以及识别分配给地址族转换路由器(AFTR)维护的每个连接的相关资源方面起着关键作用[RFC6333]。例如,这些资源维护[RFC4787]第4.1节中定义的端点独立映射(EIM)状态,[RFC4787]第5节中定义的端点独立筛选(EIF),保留AFTR中分配的外部IPv4地址(即[RFC4787]第4.1节中定义的“IP地址池”行为),PCP映射,等
However, the IPv6 address used by the B4 element may change for some reason, e.g., because of a change in the CPE itself or because of privacy extensions enabled for generating the IPv6 address (e.g., [RFC7217] or [RFC4941]). Whenever the B4's IPv6 address changes, the associated mappings created in the AFTR are no longer valid. This may result in the creation of a new set of mappings in the AFTR.
然而,B4元素使用的IPv6地址可能由于某些原因而改变,例如,由于CPE本身的改变,或者由于为生成IPv6地址而启用的隐私扩展(例如,[RFC7217]或[RFC4941])。每当B4的IPv6地址更改时,AFTR中创建的关联映射将不再有效。这可能导致在AFTR中创建一组新映射。
Furthermore, a misbehaving user may be tempted to change the B4's IPv6 address in order to "grab" more ports and resources at the AFTR side. This behavior can be seen as a potential denial-of-service (DoS) attack from misbehaving users. Note that this DoS attack can be achieved whatever the port assignment policy enforced by the AFTR may be (individual ports, port sets, randomized port bulks, etc.).
此外,行为不端的用户可能会试图更改B4的IPv6地址,以便在AFTR端“获取”更多端口和资源。这种行为可以被视为来自行为不端用户的潜在拒绝服务(DoS)攻击。请注意,无论AFTR实施的端口分配策略是什么(单个端口、端口集、随机端口块等),都可以实现此DoS攻击。
Service Providers may want to enforce policies in order to limit the usage of the AFTR resources on a per-subscriber basis for fairness of resource usage (see REQ-4 of [RFC6888]). These policies are used for dimensioning purposes and also to ensure that AFTR resources are not exhausted. If the derived B4's IPv6 address can change, resource tracking using that address will give incomplete results. Also, whenever the B4's IPv6 address changes, enforcing policies based on that address doesn't resolve stale mappings hanging around in the system, consuming not only system resources, but also reducing the available quota of resources per subscriber. Clearing those mappings can be envisaged, but that will cause a lot of churn in the AFTR and could be disruptive to existing connections; this is not desirable. More concretely, if stale mappings have not been migrated to the new B4's IPv6 address so that packets can be forwarded to the appropriate B4, all incoming packets that are associated with those mappings will be rejected by the AFTR. Such behavior is not desirable because it's detrimental to quality of experience.
服务提供商可能希望强制执行策略,以限制每个订户对AFTR资源的使用,以确保资源使用的公平性(请参见[RFC6888]的REQ-4)。这些政策用于确定尺寸,并确保AFTR资源不会耗尽。如果派生B4的IPv6地址可以更改,则使用该地址的资源跟踪将给出不完整的结果。此外,每当B4的IPv6地址发生更改时,基于该地址强制执行策略并不能解决系统中挂起的过时映射,这不仅消耗系统资源,而且还减少了每个订阅者的可用资源配额。可以设想清除这些映射,但这将在AFTR中造成大量混乱,并可能破坏现有连接;这是不可取的。更具体地说,如果过时的映射尚未迁移到新B4的IPv6地址,以便数据包可以转发到适当的B4,则AFTR将拒绝与这些映射相关联的所有传入数据包。这种行为是不可取的,因为它对体验质量有害。
When application servers are hosted behind a B4 element, and when there is a change of the B4's IPv6 address that results in a change of the external IPv4 address and/or the external port number at the AFTR side, these servers have to advertise their change (see Section 1.1 of [RFC7393]). Some means to discover the change of B4's IPv6 address, the external IPv4 address, and/or the external port are therefore required. Latency issues are likely to be experienced when an application server has to advertise its newly assigned external IPv4 address and port, and the application clients have to discover that newly assigned address and/or port and re-initiate connections with the application server.
当应用服务器托管在B4元素之后,并且当B4的IPv6地址发生变化,导致外部IPv4地址和/或AFTR端的外部端口号发生变化时,这些服务器必须公布其变化(参见[RFC7393]第1.1节)。因此,需要一些方法来发现B4的IPv6地址、外部IPv4地址和/或外部端口的变化。当应用程序服务器必须公布其新分配的外部IPv4地址和端口,并且应用程序客户端必须发现新分配的地址和/或端口并重新启动与应用程序服务器的连接时,可能会遇到延迟问题。
A solution to these problems is to enforce policies based on the IPv6 prefix assigned to subscribers that have DS-Lite service instead of based on the B4's IPv6 address. Section 3 introduces the subscriber-mask that is meant to derive the IPv6 prefix assigned to a subscriber's CPE from the source IPv6 address of a packet received from a B4 element.
这些问题的解决方案是基于分配给具有DS Lite服务的订阅者的IPv6前缀强制执行策略,而不是基于B4的IPv6地址。第3节介绍了订户掩码,该掩码用于从从B4元素接收的数据包的源IPv6地址派生分配给订户的CPE的IPv6前缀。
The subscriber-mask is defined as an integer that indicates the length of significant bits to be applied on the source IPv6 address (internal side) to identify unambiguously a CPE.
订户掩码被定义为一个整数,该整数指示应用于源IPv6地址(内部侧)以明确标识CPE的有效位的长度。
Subscriber-mask is an AFTR system-wide configuration parameter that is used to enforce generic per-subscriber policies. Applying these generic policies does not require configuring every subscriber's prefix.
订户掩码是一个AFTR系统范围的配置参数,用于强制每个订户的通用策略。应用这些通用策略不需要配置每个订阅服务器的前缀。
Subscriber-mask must be configurable; the default value is 56. The default value is motivated by current practices to assign IPv6 prefix lengths of /56 to end-sites (e.g., [RIPE], [LACNIC]).
用户掩码必须是可配置的;默认值为56。默认值是由当前将IPv6前缀长度分配给终端站点(例如,[RIME]、[LACNIC])的做法决定的。
Example: suppose the 2001:db8:100:100::/56 prefix is assigned to a CPE that is DS-Lite enabled. Suppose also that the 2001:db8:100:100::1 address is the IPv6 address used by the B4 element that resides in that CPE. When the AFTR receives a packet from this B4 element (i.e., the source address of the IPv4-in-IPv6 packet is 2001:db8:100:100::1), the AFTR applies the subscriber-mask (e.g., 56) on the source IPv6 address to compute the associated prefix for this B4 element (that is, 2001:db8:100:100::/56). Then, the AFTR enforces policies based on that prefix (2001:db8:100:100::/56), not on the exact source IPv6 address.
示例:假设将2001:db8:100:100::/56前缀分配给启用DS Lite的CPE。还假设2001:db8:100:100::1地址是驻留在该CPE中的B4元素使用的IPv6地址。当AFTR从该B4元素接收到数据包时(即,IPv4-in-IPv6数据包的源地址为2001:db8:100:100::1),AFTR在源IPv6地址上应用订户掩码(例如56),以计算该B4元素的相关前缀(即,2001:db8:100:100::/56)。然后,AFTR基于该前缀(2001:db8:100:100::/56)而不是确切的源IPv6地址强制执行策略。
In order to mitigate the issues discussed in Section 2, the following recommendations are made:
为了缓解第2节中讨论的问题,提出以下建议:
1. A policy SHOULD be enforced at the AFTR to limit the number of active DS-Lite softwires per subscriber. The default value MUST be 1.
1. AFTR应实施一项策略,以限制每个订阅者的活动DS-Lite软线数量。默认值必须为1。
This policy aims to prevent a misbehaving subscriber from mounting several DS-Lite softwires that would consume additional AFTR resources (e.g., get more external ports if the quota were enforced on a per-softwire basis, consume extra processing due to a large number of active softwires).
此策略旨在防止行为不端的订阅者挂载多个DS Lite软线,这些软线将消耗额外的AFTR资源(例如,如果在每个软线的基础上实施配额,则获得更多的外部端口,由于大量活动软线而消耗额外的处理)。
2. Resource contexts created and maintained by the AFTR SHOULD be based on the delegated IPv6 prefix instead of the B4's IPv6 address. The AFTR derives the delegated prefix from the B4's IPv6 address by means of a configured subscriber-mask (Section 3). Administrators SHOULD configure per-prefix limits of resource usage, instead of per-tunnel limits. These resources include the maximum number of active flows, the maximum number of PCP-created mappings, NAT pool resources, etc.
2. AFTR创建和维护的资源上下文应基于委派的IPv6前缀,而不是B4的IPv6地址。AFTR通过配置的用户掩码(第3节)从B4的IPv6地址派生委派前缀。管理员应配置资源使用的每个前缀限制,而不是每个隧道限制。这些资源包括活动流的最大数量、PCP创建的映射的最大数量、NAT池资源等。
3. In the event a new IPv6 address is assigned to the B4 element, the AFTR SHOULD migrate existing state to be bound to the new IPv6 address. This operation ensures that traffic destined to the previous B4's IPv6 address will be redirected to the newer B4's IPv6 address. The destination IPv6 address for tunneling return traffic from the AFTR SHOULD be the last seen as the B4's IPv6 source address from the CPE.
3. 如果将新的IPv6地址分配给B4元素,AFTR应迁移现有状态以绑定到新的IPv6地址。此操作确保发送到先前B4的IPv6地址的流量将重定向到较新的B4的IPv6地址。来自AFTR的隧道返回流量的目标IPv6地址应最后一次被视为来自CPE的B4的IPv6源地址。
This recommendation avoids stale mappings at the AFTR and minimizes the risk of service disruption for subscribers.
此建议可避免AFTR中的过时映射,并将订户服务中断的风险降至最低。
The AFTR uses the subscriber-mask to determine whether two IPv6 addresses belong to the same CPE (e.g., if the subscriber-mask is set to 56, the AFTR concludes that 2001:db8:100:100::1 and 2001:db8:100:100::2 belong to the same CPE assigned with 2001:db8:100:100::/56).
AFTR使用订户掩码确定两个IPv6地址是否属于同一CPE(例如,如果订户掩码设置为56,AFTR得出结论,2001:db8:100:100::1和2001:db8:100:100::2属于分配给2001:db8:100:100::/56的同一CPE)。
As discussed in Section 5, changing the source B4's IPv6 address may be used as an attack vector. Packets with a new B4's IPv6 address from the same prefix SHOULD be rate-limited. It is RECOMMENDED to set this rate limit to 30 minutes; other values can be set on a per-deployment basis.
如第5节所讨论的,改变源B4的IPv6地址可以用作攻击向量。来自同一前缀的具有新B4 IPv6地址的数据包应具有速率限制。建议将此速率限制设置为30分钟;可以根据每个部署设置其他值。
One side effect of migrating mapping state is that a server deployed behind an AFTR does not need to update its DNS records (if any) by means of dynamic DNS, for example. If a dedicated mapping is instantiated, migrating the state during its validity lifetime will ensure that the same external IP address and port are assigned to that server.
迁移映射状态的一个副作用是,部署在AFTR后面的服务器不需要例如通过动态DNS更新其DNS记录(如果有)。如果实例化了专用映射,则在其有效期内迁移状态将确保为该服务器分配相同的外部IP地址和端口。
4. In the event of change of the CPE WAN's IPv6 prefix, unsolicited PCP ANNOUNCE messages SHOULD be sent by the B4 element to internal hosts connected to the PCP-capable CPE so that they update their mappings accordingly.
4. 在CPE WAN的IPv6前缀发生变化的情况下,B4元素应将未经请求的PCP公告消息发送到连接到支持PCP的CPE的内部主机,以便它们相应地更新其映射。
This allows internal PCP clients to update their mappings with the new B4's IPv6 address and to trigger updates to rendezvous servers (e.g., dynamic DNS). A PCP-based dynamic DNS solution is specified in [RFC7393].
这允许内部PCP客户端使用新B4的IPv6地址更新其映射,并触发对集合服务器(例如,动态DNS)的更新。[RFC7393]中规定了基于PCP的动态DNS解决方案。
5. When a new prefix is assigned to the CPE, stale mappings may exist in the AFTR. This will consume both implicit and explicit resources. In order to avoid such issues, stable IPv6 prefix assignment is RECOMMENDED.
5. 当向CPE分配新前缀时,AFTR中可能存在过时的映射。这将消耗隐式和显式资源。为了避免此类问题,建议使用稳定的IPv6前缀分配。
6. If for any reason an IPv6 prefix has to be reassigned, it is RECOMMENDED to reassign an IPv6 prefix (that was previously assigned to a given CPE) to another CPE only when all the resources in use associated with that prefix are cleared from the AFTR. Doing so avoids redirecting traffic, destined to the previous prefix owner, to the new one.
6. 如果出于任何原因必须重新分配IPv6前缀,建议仅当与该前缀相关联的所有正在使用的资源从AFTR中清除时,才将IPv6前缀(先前分配给给定CPE)重新分配给另一CPE。这样做可以避免将发送给前一个前缀所有者的流量重定向到新的前缀所有者。
Security considerations related to DS-Lite are discussed in [RFC6333].
[RFC6333]中讨论了与DS Lite相关的安全注意事项。
Enforcing the recommendations documented in Section 4 together with rate-limiting softwires with new source IPv6 addresses from the same prefix defend against DoS attacks that would result in varying the B4's IPv6 address to exhaust AFTR resources. A misbehaving CPE can be blacklisted by enforcing appropriate policies based on the prefix derived from the subscriber-mask.
实施第4节中记录的建议,以及具有相同前缀的新源IPv6地址的速率限制软线,以抵御DoS攻击,从而改变B4的IPv6地址以耗尽AFTR资源。通过基于从订户掩码派生的前缀实施适当的策略,可以将行为不端的CPE列入黑名单。
A CPE connected to a DS-Lite network is identified by a set of information that is specific to each network domain (e.g., service credentials, device identifiers, etc.). This document does not make any assumption nor introduce new requirements on how such identification is implemented network-wide.
连接到DS-Lite网络的CPE由特定于每个网络域的一组信息(例如,服务凭证、设备标识符等)来标识。本文件未对如何在网络范围内实施此类识别做出任何假设,也未提出新的要求。
This document adheres to Sections 6 and 8 of [RFC6333] for handling IPv4-in-IPv6 packets and IPv4 translation operations. In particular, this document does not leak extra information in packets exiting a DS-Lite network domain.
本文件遵循[RFC6333]第6节和第8节,以处理IPv6中的IPv4数据包和IPv4转换操作。特别是,本文档不会在退出DS Lite网络域的数据包中泄漏额外信息。
The recommendations in Section 4 (item 6, in particular) ensure that the traffic is forwarded to a legitimate CPE. If those recommendations are not implemented, privacy concerns may arise. For example, if an IPv6 prefix is reassigned while mapping entries associated with that prefix are still active in the AFTR, sensitive data that belong to a previous prefix owner may be disclosed to the new prefix owner.
第4节(特别是第6项)中的建议确保将流量转发给合法的CPE。如果不执行这些建议,可能会引起隐私问题。例如,如果在与IPv6前缀相关联的映射条目在AFTR中仍处于活动状态时重新分配了该前缀,则属于先前前缀所有者的敏感数据可能会披露给新前缀所有者。
These recommendations do not interfere with privacy extensions for generating IPv6 addresses (e.g., [RFC7217] or [RFC4941]). These recommendations allow a CPE to generate new IPv6 addresses with privacy extensions without experiencing DS-Lite service degradation. Even if activating privacy extensions makes it more difficult to track a CPE over time when compared to using a permanent Interface Identifier, tracking a CPE is still possible based on the first 64 bits of the IPv6 address. This is even exacerbated for deployments relying on stable IPv6 prefixes.
这些建议不会干扰生成IPv6地址的隐私扩展(例如,[RFC7217]或[RFC4941])。这些建议允许CPE生成具有隐私扩展的新IPv6地址,而不会出现DS Lite服务降级。即使与使用永久接口标识符相比,激活隐私扩展使跟踪CPE随着时间的推移变得更加困难,基于IPv6地址的前64位跟踪CPE仍然是可能的。对于依赖稳定IPv6前缀的部署,这种情况甚至更加严重。
This document does not nullify the privacy effects that may motivate the use of non-stable IPv6 prefixes. Particularly, the subscriber-mask does not enable identifying a CPE across renumbering (even within a DS-Lite network domain). This document mitigates some of the undesired effects of reassigning an IPv6 prefix to another CPE (e.g., update a rendezvous service, clear stale mappings).
本文档不会消除可能促使使用非稳定IPv6前缀的隐私影响。特别地,订户掩码不能通过重新编号(甚至在DS-Lite网络域内)识别CPE。本文档减轻了将IPv6前缀重新分配给另一个CPE(例如,更新集合服务、清除陈旧映射)的一些不希望的影响。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, <http://www.rfc-editor.org/info/rfc6333>.
[RFC6333]Durand,A.,Droms,R.,Woodyatt,J.,和Y.Lee,“IPv4耗尽后的双栈Lite宽带部署”,RFC 6333,DOI 10.17487/RFC6333,2011年8月<http://www.rfc-editor.org/info/rfc6333>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, DOI 10.17487/RFC6887, April 2013, <http://www.rfc-editor.org/info/rfc6887>.
[RFC6887]Wing,D.,Ed.,Cheshire,S.,Boucadair,M.,Penno,R.,和P.Selkirk,“港口控制协议(PCP)”,RFC 6887,DOI 10.17487/RFC6887,2013年4月<http://www.rfc-editor.org/info/rfc6887>.
[LACNIC] LACNIC, "IPv6 Address Allocation and Assignment Policies", December 2015, <http://www.lacnic.net/en/web/lacnic/manual-4>.
[LACNIC]LACNIC,“IPv6地址分配和分配策略”,2015年12月<http://www.lacnic.net/en/web/lacnic/manual-4>.
[RFC4787] Audet, F., Ed. and C. Jennings, "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January 2007, <http://www.rfc-editor.org/info/rfc4787>.
[RFC4787]Audet,F.,Ed.和C.Jennings,“单播UDP的网络地址转换(NAT)行为要求”,BCP 127,RFC 4787,DOI 10.17487/RFC4787,2007年1月<http://www.rfc-editor.org/info/rfc4787>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, <http://www.rfc-editor.org/info/rfc4941>.
[RFC4941]Narten,T.,Draves,R.,和S.Krishnan,“IPv6中无状态地址自动配置的隐私扩展”,RFC 4941,DOI 10.17487/RFC49411907年9月<http://www.rfc-editor.org/info/rfc4941>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, A., and H. Ashida, "Common Requirements for Carrier-Grade NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, April 2013, <http://www.rfc-editor.org/info/rfc6888>.
[RFC6888]Perreault,S.,Ed.,Yamagata,I.,Miyakawa,S.,Nakagawa,A.,和H.Ashida,“载体级NAT(CGN)的通用要求”,BCP 127,RFC 6888,DOI 10.17487/RFC6888,2013年4月<http://www.rfc-editor.org/info/rfc6888>.
[RFC6908] Lee, Y., Maglione, R., Williams, C., Jacquenet, C., and M. Boucadair, "Deployment Considerations for Dual-Stack Lite", RFC 6908, DOI 10.17487/RFC6908, March 2013, <http://www.rfc-editor.org/info/rfc6908>.
[RFC6908]Lee,Y.,Maglione,R.,Williams,C.,Jacquenet,C.,和M.Boucadair,“双堆栈Lite的部署注意事项”,RFC 6908,DOI 10.17487/RFC6908,2013年3月<http://www.rfc-editor.org/info/rfc6908>.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)", RFC 7217, DOI 10.17487/RFC7217, April 2014, <http://www.rfc-editor.org/info/rfc7217>.
[RFC7217]Gont,F.“使用IPv6无状态地址自动配置(SLAAC)生成语义不透明接口标识符的方法”,RFC 7217,DOI 10.17487/RFC72172014年4月<http://www.rfc-editor.org/info/rfc7217>.
[RFC7393] Deng, X., Boucadair, M., Zhao, Q., Huang, J., and C. Zhou, "Using the Port Control Protocol (PCP) to Update Dynamic DNS", RFC 7393, DOI 10.17487/RFC7393, November 2014, <http://www.rfc-editor.org/info/rfc7393>.
[RFC7393]Deng,X.,Boucadair,M.,Zhao,Q.,Huang,J.,和C.Zhou,“使用端口控制协议(PCP)更新动态DNS”,RFC 7393,DOI 10.17487/RFC7393,2014年11月<http://www.rfc-editor.org/info/rfc7393>.
[RIPE] RIPE, "IPv6 Address Allocation and Assignment Policy", August 2015, <https://www.ripe.net/publications/docs/ ripe-650>.
[成熟]成熟,“IPv6地址分配和分配政策”,2015年8月<https://www.ripe.net/publications/docs/ 熟透-650>。
Acknowledgments
致谢
G. Krishna, C. Jacquenet, I. Farrer, Y. Lee, Q. Sun, R. Weber, T. Taylor, D. Harkins, D. Gillmor, S. Sivakumar, A. Cooper, and B. Campbell provided useful comments. Many thanks to them.
G.Krishna、C.Jacquenet、I.Farrer、Y.Lee、Q.Sun、R.Weber、T.Taylor、D.Harkins、D.Gillmor、S.Sivakumar、A.Cooper和B.Campbell提供了有用的评论。非常感谢他们。
Authors' Addresses
作者地址
Suresh Vinapamula Juniper Networks 1194 North Mathilda Avenue Sunnyvale, CA 94089 United States
Suresh Vinapamula Juniper Networks 1194 North Mathilda Avenue Sunnyvale,加利福尼亚州94089
Phone: +1 408 936 5441 Email: sureshk@juniper.net
Phone: +1 408 936 5441 Email: sureshk@juniper.net
Mohamed Boucadair Orange Rennes 35000 France
穆罕默德·布卡代尔·奥兰治·雷恩35000法国
Email: mohamed.boucadair@orange.com
Email: mohamed.boucadair@orange.com