Internet-Draft | IPv6 over OMNI Interfaces | May 2023 |
Templin | Expires 5 November 2023 | [Page] |
Mobile nodes (e.g., aircraft of various configurations, terrestrial vehicles, seagoing vessels, space systems, enterprise wireless devices, pedestrians with cell phones, etc.) communicate with networked correspondents over wireless and/or wired-line data links and configure mobile routers to connect end user networks. This document presents a multilink virtual interface specification that enables mobile nodes to coordinate with a network-based mobility service, fixed node correspondents and/or other mobile node peers. The virtual interface provides an adaptation layer service that also applies for both mobile and more static deployments such as enterprise and home networks. This document specifies the transmission of IP packets over Overlay Multilink Network (OMNI) Interfaces.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 November 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Mobile nodes (e.g., aircraft of various configurations, terrestrial vehicles, seagoing vessels, space systems, enterprise wireless devices, pedestrians with cellphones, etc.) configure mobile routers with multiple interface connections to wireless and/or wired-line data links. These data links may have diverse performance, cost and availability properties that can change dynamically according to mobility patterns, flight phases, proximity to infrastructure, etc. The mobile router acts as a Client of a network-based Mobility Service (MS) by configuring a virtual interface over its underlay interface data link connections.¶
Each Client configures a virtual interface (termed the "Overlay Multilink Network Interface (OMNI)") as a thin layer over its underlay network interfaces (which may themselves connect to virtual or physical links). The OMNI interface is therefore the only interface abstraction exposed to the IP layer and behaves according to the Non-Broadcast, Multiple Access (NBMA) interface principle, while underlay interfaces appear as link layer communication channels in the architecture. The OMNI interface internally employs the "OMNI Adaptation Layer (OAL)" to ensure that original IP packets or parcels [I-D.templin-intarea-parcels] are adapted to diverse underlay interfaces with heterogeneous properties.¶
The OMNI interface connects to a virtual overlay known as the "OMNI link". The OMNI link spans one or more Internetworks that may include private-use infrastructures (e.g., enterprise networks) and/or the global public Internet itself. Together, OMNI and the OAL provide the foundational elements required to support the "6 M's of Modern Internetworking", including:¶
Client OMNI interfaces interact with the MS and/or other OMNI nodes through IPv6 Neighbor Discovery (ND) control message exchanges [RFC4861]. The MS consists of a distributed set of service nodes (including Proxy/Servers and other infrastructure elements) that also configure OMNI interfaces. Automatic Extended Route Optimization (AERO) in particular provides a companion MS compatible with the OMNI architecture [I-D.templin-intarea-aero]. AERO discusses details of ND message based route optimization, mobility management, and multinet traversal while the fundamental aspects of OMNI link operation are discussed in this document.¶
Each OMNI interface provides a multilink nexus for exchanging inbound and outbound traffic via selected underlay interface(s). The IP layer sees the OMNI interface as a point of connection to the OMNI link. Each OMNI link has one or more associated Mobility Service Prefixes (MSPs), which are typically IP Global Unicast Address (GUA) prefixes assigned to the link and from which Mobile Network Prefixes (MNPs) are derived. If there are multiple OMNI links, the IP layer will see multiple OMNI interfaces.¶
Each Client receives an MNP through IPv6 ND control message exchanges with Proxy/Servers over Access Networks (ANETs) and/or open Internetworks (INETs). The Client sub-delegates the MNP to downstream-attached End-user Networks (ENETs) independently of the underlay interfaces selected for data transport. The Client acts as a fixed or mobile router on behalf of ENET peers, and uses OMNI interface control messaging to coordinate with Hosts, Proxy/Servers and/or other Clients. The Client iterates its control messaging over each of the OMNI interface's ANET/INET underlay interfaces in order to register each interface with the MS (see Section 15). The Client can also provide Proxy/Server-like services for a recursively nested chain of other Clients located in downstream-attached ENETs.¶
Clients may connect to multiple distinct OMNI links within the same OMNI domain by configuring multiple OMNI interfaces, e.g., omni0, omni1, omni2, etc. Each OMNI interface is configured over a distinct set of underlay interfaces and provides a nexus for Safety-Based Multilink (SBM) operation. The IP layer applies SBM routing to select a specific OMNI interface, then the selected OMNI interface applies Performance-Based Multilink (PBM) internally to select appropriate underlay interfaces. Applications select SBM topologies based on IP layer Segment Routing [RFC8402], while each OMNI interface orchestrates PBM internally based on OAL Multinet traversal.¶
OMNI provides a link model suitable for a wide range of use cases. For example, the International Civil Aviation Organization (ICAO) Working Group-I Mobility Subgroup is developing a future Aeronautical Telecommunications Network with Internet Protocol Services (ATN/IPS) and has issued a liaison statement requesting IETF adoption [ATN] in support of ICAO Document 9896 [ATN-IPS]. The IETF IP Wireless Access in Vehicular Environments (ipwave) working group has further included problem statement and use case analysis for OMNI in [I-D.ietf-ipwave-vehicular-networking]. Still other communities of interest include AEEC, RTCA Special Committee 228 (SC-228) and NASA programs that examine commercial aviation, Urban Air Mobility (UAM) and Unmanned Air Systems (UAS). Pedestrians with handheld mobile devices represent another large class of potential OMNI users.¶
This document specifies the transmission of original IP packets/parcels and control messages over OMNI interfaces. The operation of both IP protocol versions (i.e., IPv4 [RFC0791] and IPv6 [RFC8200]) is specified as the network layer data plane, while OMNI interfaces use IPv6 ND messaging in the control plane independently of the data plane protocol(s). OMNI interfaces also provide an OAL based on encapsulation and fragmentation over heterogeneous underlay interfaces as an adaptation sublayer between L3 and L2. Both OMNI and the OAL are specified in detail throughout the remainder of this document.¶
The terminology in the normative references applies; especially, the terms "link" and "interface" are the same as defined in the IPv6 [RFC8200] and IPv6 Neighbor Discovery (ND) [RFC4861] specifications. Additionally, this document assumes the following IPv6 ND message types: Router Solicitation (RS), Router Advertisement (RA), Neighbor Solicitation (NS), Neighbor Advertisement (NA), unsolicited NA (uNA) and Redirect. Hosts, Clients and Proxy/Servers that implement IPv6 ND maintain per-neighbor state in Neighbor Cache Entries (NCEs). Each NCE is indexed by the neighbor's network layer address(es) while the neighbor's OAL encapsulation address provides context for Identification verification.¶
The Protocol Constants defined in Section 10 of [RFC4861] are used in their same format and meaning in this document. The terms "All-Routers multicast", "All-Nodes multicast" and "Subnet-Router anycast" are the same as defined in [RFC4291] (with Link-Local scope assumed). Also, IPv6 ND state names, variables and constants including REACHABLE, ReachableTime and REACHABLE_TIME are the same as defined in [RFC4861].¶
The term "IP" is used to refer collectively to either Internet Protocol version (i.e., IPv4 [RFC0791] or IPv6 [RFC8200]) when a specification at the layer in question applies equally to either version.¶
The terms Host, Client and Proxy/Server are intentionally capitalized to denote a node of that particular node type that also configures an OMNI interface and engages the OMNI Adaptation Layer.¶
The terms "application layer (L5 and higher)", "transport layer (L4)", "network layer (L3)", "(data) link layer (L2)" and "physical layer (L1)" are used consistently with common Internetworking terminology, with the understanding that reliable delivery protocol users of UDP are considered as transport layer elements. The OMNI specification further defines an "adaptation layer" positioned below the network layer but above the link layer, which may include physical links and Internet- or higher-layer tunnels. A (network) interface is a node's attachment to a link (via L2), and an OMNI interface is therefore a node's attachment to an OMNI link (via the adaptation layer).¶
The terms "IP jumbogram", "advanced jumbo" and "IP parcel" refer to special large packet formats discussed in detail in [I-D.templin-intarea-parcels].¶
The following terms are defined within the scope of this document:¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
An implementation is not required to internally use the architectural constructs described here so long as its external behavior is consistent with that described in this document.¶
An OMNI interface is a virtual interface configured over one or more underlay interfaces, which may be physical (e.g., an aeronautical radio link, a cellular wireless link, etc.) or virtual (e.g., a network or higher-layer "tunnel"). The OMNI interface architectural layering model is the same as in [RFC5558][RFC7847], and augmented as shown in Figure 1. The network layer therefore sees the OMNI interface as a single L3 interface nexus for multiple underlay interfaces that appear as L2 communication channels in the architecture.¶
Each underlay interface provides an L2/L1 abstraction according to one of the following models:¶
The OMNI interface forwards original IP packets/parcels from the network layer using the OMNI Adaptation Layer (OAL) (see: Section 5) as an encapsulation and fragmentation sublayer service. This "OAL source" then further encapsulates the resulting OAL packets/fragments in underlay network headers (e.g., UDP/IP, IP-only, Ethernet-only, etc.) to create L2-encapsulated "carrier packets" for transmission over underlay interfaces. The target OMNI interface receives the carrier packets from underlay interfaces and discards the L2 encapsulation headers. If the resulting OAL packets/fragments are addressed to itself, the OMNI interface acts as an "OAL destination" and performs reassembly if necessary, discards the OAL encapsulation, and delivers the original IP packet/parcel to the network layer. If the OAL fragments are addressed to another node, the OMNI interface instead acts as an "OAL intermediate node" by re-encapsulating the carrier packets in new underlay network L2 headers and forwarding them over an underlay interface without reassembling or discarding the OAL encapsulation. The OAL source and OAL destination are seen as "neighbors" on the OMNI link, while OAL intermediate nodes provide a virtual bridging service that joins the segments of a (multinet) Segment Routing Topology (SRT).¶
The OMNI interface and its OAL can forward original IP packets/parcels over underlay interfaces while including/omitting various lower layer encapsulations including OAL, UDP, IP and Ethernet (ETH) or other link layer header. The network layer can also engage the underlay interfaces directly while bypassing the OMNI interface entirely when necessary. This architectural flexibility may be beneficial for underlay interfaces (e.g., some aviation data links) for which encapsulation overhead is a primary consideration. OMNI interfaces that send original IP packets/parcels directly over underlay interfaces without invoking the OAL can only reach peers located on the same OMNI link segment. Source Clients can instead use the OAL to coordinate with target Clients in the same or different OMNI link segments by sending initial carrier packets to a First-Hop Segment (FHS) Proxy/Server. The FHS Proxy/Sever then sends the carrier packets into the SRT spanning tree, which transports them to a Last-Hop Segment (LHS) Proxy/Server for the target Client.¶
Original IP packets/parcels sent directly over underlay interfaces are subject to the same path MTU related issues as for any Internetworking path, and do not include per-packet identifications that can be used for data origin verification and/or link layer retransmissions. Original IP packets/parcels presented directly to an underlay interface that exceed the underlay network path MTU are dropped with an ordinary ICMPv6 Packet Too Big (PTB) message returned. These PTB messages are subject to loss [RFC2923] the same as for any non-OMNI IP interface.¶
The OMNI interface encapsulation/decapsulation layering possibilities are shown in Figure 2 below. Imaginary vertical lines drawn between the Network Layer and Underlay interfaces in the figure denote the encapsulation/decapsulation layering combination possibilities. Common combinations include IP-only (i.e., direct access to underlay interfaces with or without using the OMNI interface), IP/IP, IP/UDP/IP, IP/UDP/IP/ETH(ERNET), IP/OAL/UDP/IP, IP/OAL/UDP/ETH, etc.¶
The OMNI/OAL model gives rise to a number of opportunities:¶
Note that even when the OMNI virtual interface is present, applications can still access underlay interfaces either through the network protocol stack using an Internet socket or directly using a raw socket. This allows for intra-network (or point-to-point) communications without invoking the OMNI interface and/or OAL. For example, when an OMNI interface is configured over an underlay IP interface, applications can still invoke intra-network IP communications directly over the underlay interface as long as the communicating endpoints are not subject to mobility dynamics.¶
Figure 3 depicts the architectural model for a source Client with an attached ENET connecting to the OMNI link via multiple independent ANETs/INETs (i.e., *NETs). The Client's OMNI interface forwards adaptation layer IPv6 ND solicitation messages over available *NET underlay interfaces using any necessary L2 encapsulations. The IPv6 ND messages traverse the *NETs until they reach an FHS Proxy/Server (FHS#1, FHS#2, ..., FHS#n), which returns an IPv6 ND advertisement message and/or forwards a proxyed version of the message over the SRT to an LHS Proxy/Server near the target Client (LHS#1, LHS#2, ..., LHS#m). The Hop Limit in IPv6 ND messages is not decremented due to encapsulation; hence, the source and target Client OMNI interfaces appear to be attached to a common link.¶
After the initial IPv6 ND message exchange, the source Client (as well as any nodes on its attached ENETs) can send carrier packets to the target Client via the OMNI interface. OMNI interface multilink services will send the carrier packets via FHS Proxy/Servers for the correct underlay *NETs. The FHS Proxy/Server then re-encapsulates the carrier packets and sends them over the SRT which delivers them to an LHS Proxy/Server, and the LHS Proxy/Server in turn re-encapsulates and sends them to the target Client. (Note that when the source and target Client are on the same SRT segment, the FHS and LHS Proxy/Servers may be one and the same.)¶
Clients select a Hub Proxy/Server (not shown in the figure), which will often be one of their FHS Proxy/Servers but could also be any Proxy/Server on the OMNI link. Clients then register all of their *NET underlay interfaces with the Hub Proxy/Server via the FHS Proxy/Server in a pure proxy role. The Hub Proxy/Server then provides a designated router service for the Client, and the Client can quickly migrate to a new Hub Proxy/Server if the first becomes unresponsive.¶
Clients therefore use Proxy/Servers as gateways into the SRT to reach OMNI link correspondents via a spanning tree established in a manner outside the scope of this document. Proxy/Servers forward critical MS control messages via the secured spanning tree and forward other messages via the unsecured spanning tree (see Security Considerations). When AERO route optimization is applied, Clients can instead forward directly to SRT intermediate nodes (or directly to correspondents in the same SRT segment) to reduce Proxy/Server load.¶
Note: while not shown in the figure, a Client's ENET may connect many additional Hosts and even other Clients in a recursive extension of the OMNI link. This OMNI virtual link extension will be discussed more fully throughout the document.¶
The OMNI interface observes the link nature of tunnels, including the Maximum Transmission Unit (MTU), Maximum Reassembly Unit (MRU) and the role of fragmentation and reassembly [I-D.ietf-intarea-tunnels]. The OMNI interface is configured over one or more underlay interfaces as discussed in Section 4, where the interfaces (and their associated underlay network paths) may have diverse MTUs. OMNI interface considerations for accommodating original IP packets/parcels of various sizes are discussed in the following sections.¶
IPv6 underlay interfaces are REQUIRED to configure a minimum MTU of 1280 octets and a minimum MRU of 1500 octets [RFC8200]. Therefore, the minimum IPv6 path MTU is 1280 octets since routers on the path are not permitted to perform network fragmentation even though the destination is required to reassemble more. The network therefore MUST forward original IP packets/parcels of at least 1280 octets without generating an IPv6 Path MTU Discovery (PMTUD) Packet Too Big (PTB) message [RFC8201]. (While the source can apply "source fragmentation" for locally-generated original IPv6 packets/parcels up to 1500 octets and larger still if it knows the destination configures a larger MRU, this does not affect the minimum IPv6 path MTU.)¶
IPv4 underlay interfaces are REQUIRED to configure a minimum MTU of 68 octets [RFC0791] and a minimum MRU of 576 octets [RFC0791][RFC1122]. Therefore, when the Don't Fragment (DF) bit in the IPv4 header is set to 0 the minimum IPv4 path MTU is 576 octets since routers on the path support network fragmentation and the destination is required to reassemble at least that much. The OMNI interface therefore SHOULD set DF to 0 in the IPv4 encapsulation headers of carrier packets that are no larger than 576 octets, and SHOULD set DF to 1 in larger carrier packets unless it has a way to determine the encapsulation destination MRU and has carefully considered the issues discussed in Section 6.14.¶
The OMNI interface itself sets an "unlimited" MTU of (2**32 - 1) octets. The network layer therefore unconditionally admits all original IP packets/parcels into the OMNI interface, where the adaptation layer accommodates or discards them according to their size. For each packet that it accommodates, the OAL source within the OMNI interface first performs "parcellation" if necessary to break large parcels into smaller sub-parcels that can transit the OAL path (see: Section 5.2). The OAL source then invokes adaptation layer encapsulation/fragmentation services to transform IP packets/parcels into OAL packets/fragments. The OAL source then applies L2 encapsulation to form carrier packets and finally forwards the carrier packets via underlay interfaces.¶
When the OAL source performs IPv6 encapsulation and fragmentation (see: Section 6), the Fragment Offset field limits the maximum-sized original IP packet/parcel that the OAL can accommodate with IPv6 fragmentation-based assured delivery to (2**16 - 1) = 65535 octets. The OAL source is also permitted to forward packets/parcels larger than this size as a best-effort delivery service if the path can accommodate them as whole packets known as jumbograms (see: Section 5.1); otherwise, the OAL source discards the packet and arranges to return a PTB "hard error" to the original source (see: Section 6.8).¶
Each OMNI interface therefore sets a minimum MRU of 65535 octets, and each OAL destination must consistently either accept or reject still larger whole packets that arrive over any of its underlay interfaces according to their size. If an underlay interface presents a whole packet larger than the OAL destination is prepared to accept (e.g., due to a buffer size restriction), the OAL destination discards the packet and arranges to return a PTB "hard error" to the OAL source which in turn forwards the PTB to the original source (see: Section 6.8).¶
While the maximum-sized original IP packet/parcel that the OAL can accommodate using IPv6 fragmentation-based assured delivery is 65535 octets, OMNI interfaces can forward much larger whole packets in a best-effort service based on "IP Jumbograms" [RFC2675]. For such large sizes, the OAL source performs encapsulation by appending an IPv6 header (40 octets) followed by a Hop-by-Hop header with a Jumbo Payload option (8 octets) followed by a Fragment Header (8 octets) but without applying fragmentation (in some cases, a Routing Header may also be necessary).¶
Since the Jumbo Payload option includes a 32-bit length field, the largest possible original packet is limited to ((2**32 - 1) - 40 - 8 - 8) = 4294967239 octets, or smaller still for transmission over underlay interfaces that include additional encapsulations.¶
Basic IPv6 jumbograms set the IPv6 Payload Length field to 0 to distinguish them from parcels (see: Section 5.2). (IP advanced jumbos instead set the IP {Total, Payload} Length to 1/2 as specified in [I-D.templin-intarea-parcels].) The OAL source forwards jumbograms and advanced jumbos as "atomic fragments" under the assumption that upper and/or lower layers will employ sufficient integrity assurance, noting that traditional 32-bit CRCs are inadequate for such large sizes [CRC]. If a basic jumbogram is dropped along the path to the OAL destination, the OAL source arranges to return an ICMPv6 PTB "hard error" to the original source. If an advanced jumbo is dropped, the OAL source instead arranges to return a Jumbo Report (see: Section 6.8).¶
Advanced jumbo services for both IPv6 and IPv4 (including jumbo path probing) are specified in [I-D.templin-intarea-parcels]. All OMNI link aspects of the services are conducted as specified above.¶
As specified in [I-D.templin-intarea-parcels], a parcel is a variation of the jumbogram format where the IP {Total, Payload} Length field encodes a value between 512 and 65535 octets denoting the non-final transport layer protocol segment length. The Jumbo Payload Length field is further modified to include a 1-octet segment Index followed by a 3-octet parcel length ("Parcel Payload Length"). Together, these fields determine the size and number of transport layer segments included in the parcel.¶
IP parcel "parcellation" and "reunification" procedures for OMNI interfaces are specified in [I-D.templin-intarea-parcels], while OAL encapsulation and fragmentation procedures are specified in Section 6.12 of this document. The maximum-sized IP parcel that can be conveyed over an OMNI interface using OAL parcellation and IPv6 fragmentation-based assured delivery is one with 256 segments of 65535 (minus headers) octets in length. (The OAL source can forward still larger IP parcels as (best-effort) ordinary jumbograms if the OAL path can accommodate whole packets up to that size.)¶
ENET end systems that implement either the full OMNI interface (i.e., Clients) or enough of the OAL to process parcels (i.e., Hosts) are permitted to exchange parcels with consenting peers. This accommodates nodes that connect to the OMNI link but do not assign OAL addresses.¶
When an OMNI interface forwards an original IP packet/parcel from the network layer for transmission over one or more underlay interfaces, the OMNI Adaptation Layer (OAL) acting as the OAL source applies encapsulation to form OAL packets subject to fragmentation producing OAL fragments suitable for L2 encapsulation and transmission as carrier packets over underlay interfaces as described in Section 6.1. These carrier packets travel over one or more underlay networks spanned by OAL intermediate nodes in the SRT, which re-encapsulate by removing the L2 headers of the first underlay network and appending L2 headers appropriate for the next underlay network in succession. (This process supports the multinet concatenation capability needed for joining multiple diverse networks.) After re-encapsulation by zero or more OAL intermediate nodes, the carrier packets arrive at the OAL destination.¶
When the OAL destination receives the carrier packets, it discards the L2 headers and reassembles the resulting OAL fragments (if necessary) into an OAL packet as described in Section 6.3. The OAL destination next decapsulates the OAL packet to obtain the original IP packet/parcel which it then delivers to the network layer. The OAL source may be either the source Client or its FHS Proxy/Server, while the OAL destination may be either the LHS Proxy/Server or the target Client. Proxy/Servers (and SRT Gateways as discussed in [I-D.templin-intarea-aero]) may also serve as OAL intermediate nodes.¶
The OAL presents an OMNI sublayer abstraction similar to ATM Adaptation Layer 5 (AAL5). Unlike AAL5 which performs segmentation and reassembly with fixed-length 53-octet cells over ATM networks, however, the OAL uses IPv6 encapsulation, fragmentation and reassembly with larger variable-length cells over heterogeneous networks. Detailed operations of the OAL are specified in the following sections.¶
When the network layer forwards an original IP packet/parcel into the OMNI interface, the TTL/Hop Limit is maintained or decremented according to standard IP forwarding rules the same as for any interface. The OAL source next creates an "OAL packet" by prepending an IPv6 OAL encapsulation header per [RFC2473] with Next Header set to '4' for IPv4 or '41' for IPv6 original packets. The OAL source copies the "Type of Service/Traffic Class" [RFC2983] and "Explicit Congestion Notification (ECN)" [RFC3168] values in the original packet/parcel's IP header into the corresponding fields in the OAL header, then sets the OAL header "Flow Label" as specified in [RFC6438]. The OAL source next sets the OAL header IPv6 Payload Length to the length of the original IP packet/parcel and sets Hop Limit to a value that MUST NOT be larger than 63 yet is still sufficiently large to enable loop-free forwarding over multiple concatenated OAL intermediate hops. The OAL source then includes IPv6 extension headers following the OAL IPv6 header but before the original IP packet/parcel (if necessary) as discussed further throughout this document.¶
The OAL source next selects OAL packet source and destination addresses. Client OMNI interfaces set the OAL source address to a Unique Local Address (ULA) based on the Mobile Network Prefix (ULA-MNP). When a Client OMNI interface does not (yet) have a ULA prefix and/or an MNP suffix, it can instead use a Temporary ULA (TLA) (or a (Hierarchical) Host Identity Tag ((H)HIT - see: Section 22) as an OAL address. Finally, when the Client needs to express its MNP outside the context of a specific ULA prefix, it can use an eXtended ULA (XLA). Proxy/Server OMNI interfaces instead set the source address to a Random ULA (ULA-RND) (see: Section 9), but also process carrier packets with anycast and/or multicast OAL addresses that they are configured to recognize.)¶
If the original IP packet/parcel includes a Jumbo Payload option (see: [I-D.templin-intarea-parcels]) the OAL source includes the necessary jumbo extension headers as discussed in Section 5.1. Note that original IP packets/parcels no larger than 65535 octets do not require an OAL Jumbo Payload encapsulation and may be subject to fragmentation the same as for any OAL packet. Conversely, true IP jumbograms and IP parcels larger than 65535 octets require an OAL Jumbo Payload encapsulation for transmission as ordinary jumbograms according to best-effort delivery (i.e., and without applying fragmentation).¶
For all OAL packets that do not include an OAL Jumbo Payload header, the OAL source next calculates a 16-bit OAL checksum using the algorithm specified in Appendix A beginning with a pseudo-header of the full OAL IPv6 header the same as specified in Section 8.1 of [RFC8200]. The OAL source sets the pseudo-header "Upper-Layer Packet Length" to the entire length of the original IP packet/parcel and "Next Header" to the value '4' for IPv4 or '41' for IPv6 original packets. The OAL source then continues the checksum calculation over the full length of the original IP packet/parcel which immediately follows the OAL IPv6 header plus extensions.¶
After calculating the checksum (if necessary), the OAL source next selects a 32-bit OAL packet Identification value as specified in Section 6.6 then fragments the OAL packet if necessary. The OAL source assumes the IPv4 minimum path MTU (i.e., 576 octets) as the worst case for OAL fragmentation regardless of the underlay interface IP protocol version since IPv6/IPv4 protocol translation and/or IPv6-in-IPv4 encapsulation may occur in any underlay network path. By initially assuming the IPv4 minimum even for IPv6 underlay interfaces, the OAL source may produce smaller fragments with additional encapsulation overhead but avoids loss due to presenting an underlay interface with a carrier packet that exceeds its MRU. Additionally, the OAL path could traverse multiple SRT segments with intermediate OAL forwarding nodes performing re-encapsulation where the L2 encapsulation of the previous segment is replaced by the L2 encapsulation of the next segment which may be based on a different IP protocol version and/or encapsulation sizes.¶
The OAL source therefore assumes a default minimum path MTU of 576 octets at each SRT segment for the purpose of generating OAL fragments for L2 encapsulation and transmission as carrier packets. Each successive SRT intermediate node may include either a 20-octet IPv4 or 40-octet IPv6 header, an 8-octet UDP header and in some cases an IP security encapsulation (40 octets maximum assumed) during re-encapsulation. Intermediate nodes at any SRT segment may also insert or modify the Routing Header (40 octets maximum) following the 40-octet OAL IPv6 header and preceding the 8-octet Fragment Header. Therefore, assuming a worst case of (40 + 40 + 8) = 88 octets for L2 encapsulations plus (40 + 40 + 8) = 88 octets for OAL encapsulation leaves no less than (576 - 88 - 88) = 400 octets remaining to accommodate a portion of the original IP packet/parcel. The OAL source therefore sets a minimum Maximum Payload Size (MPS) of 400 octets as the basis for the minimum-sized OAL fragment that can be assured of traversing all SRT segments without loss due to an MTU/MRU restriction. The Maximum Fragment Size (MFS) for OAL fragmentation is therefore determined by the MPS plus the size of the OAL encapsulation headers.¶
The OAL source SHOULD maintain "path MPS" values for individual OAL destinations initialized to the minimum MPS and increased to larger values if better information is known or discovered. For example, when peers share a common underlay network link or a fixed path with a known larger MTU, the OAL source can set path MPS to a larger size (i.e., greater than 400 octets) as long as the peer reassembles before re-encapsulating and forwarding (while re-fragmenting if necessary). Also, if the OAL source has a way of knowing the maximum L2 encapsulation size for all SRT segments along the path it may be able to increase path MPS to reserve additional room for payload data. Even when OAL header compression is used, the OAL source must include the uncompressed OAL header size in its path MPS calculation since it may need to include a full header at any time.¶
The OAL source can also optimistically set a larger path MPS and/or actively probe individual OAL destinations to discover larger sizes using packetization layer probes in a similar fashion as [RFC4821][RFC8899], but care must be taken to avoid setting static values for dynamically changing paths leading to black holes. The probe involves sending an OAL packet larger than the current path MPS and receiving a small acknowledgement response (with the possible receipt of link layer error message when a probe is lost). For this purpose, the OAL source can send an NS message with one or more OMNI options with large PadN sub-options (see: Section 12) and/or with a trailing large NULL packet in a super-packet (see: Section 6.9) in order to receive a small NA response from the OAL destination. While observing the minimum MPS will always result in robust and secure behavior, the OAL source should optimize path MPS values when more efficient utilization may result in better performance (e.g. for wireless aviation data links). The OAL source should maintain separate path MPS values for each (source, target) underlay interface pair for the same OAL destination, since different underlay interface pairs may support differing path MPS values.¶
When the OAL source performs fragmentation, it SHOULD produce the minimum number of non-overlapping fragments under current MPS constraints, where each non-final fragment MUST be at least as large as the minimum MPS, while the final fragment MAY be smaller. The OAL source also converts all original IP packets/parcels no larger than the current MPS (or larger than 65535 octets) into atomic fragments by including a Fragment Header with Fragment Offset and More Fragments both set to 0. The OAL source then inserts a Routing Header (if necessary) following the IPv6 encapsulation header and before the Fragment Header. If the original IP packet/parcel is larger than 65535, the OAL source also inserts a Hop-By-Hop header with Jumbo Payload option immediately following the IPv6 encapsulation header and before the Routing Header (if necessary), then includes an (atomic) Fragment Header. The header extension order for each fragment therefore appears as the OAL IPv6 header followed by Hop-By-Hop header followed by Routing Header followed by Fragment Header.¶
For all packets that do not include an OAL Jumbo Payload header, the OAL source next appends the OAL checksum as the final 2 octets of the final fragment while increasing its Payload Length by 2. If appending the checksum would cause the final fragment to exceed the current MPS, the OAL source instead reduces this "former" final fragment's Payload Length ("PL") by (N*8 + (PL mod 8)) octets, where N is an integer that would result in a non-zero reduction but without causing the former final fragment to become smaller than the minimum MPS. The OAL source then creates a "new" final fragment by first copying the OAL IPv6 header and extension headers from the former final fragment, then copying the (N*8 + (PL mod 8)) octets from the end of the former final fragment immediately following the new final fragment extension headers. The OAL source then sets the former final fragment's More Fragments flag to 1, increments the new final fragment's fragment offset by the former final fragment's new (PL / 8) and finally appends the checksum the same as discussed above.¶
Next, the OAL source replaces the IPv6 Fragment Header 1-octet "Reserved" field (and for first fragments also the 2-bit "Reserved Flags" field) with OMNI-specific encodings as shown in:¶
For the first fragment (i.e., the one with Fragment Offset set to 0), the OAL source sets "Parcel ID", "(P)arcel" and "More (S)egments" as specified in Section 6.12. For each non-first fragment, the OAL source instead writes a monotonically-increasing "Ordinal" value between 1 and 127. Specifically, the OAL source writes the Ordinal value '1' for the first non-first fragment, '2' for the second, '3' for the third, etc. up to the final fragment or the Ordinal value '127', whichever comes first. (For any additional non-first fragments beyond true ordinal '127', the OAL source also sets the Ordinal value '127' but OAL packets with such a large number of fragments should rarely occur.) The first fragment is always considered ordinal number '0' even though the header does not include an explicit Ordinal field; non-first fragments that contain the Ordinal value '0' must be unconditionally dropped.¶
The OAL source finally encapsulates the fragments in L2 headers to form carrier packets and sends them over an underlay interface, while retaining the fragments and their ordinal numbers (i.e., #0, #1, #2, etc.) for a brief period to support link layer retransmissions (see: Section 6.7). OAL fragment and carrier packet formats are shown in Figure 5.¶
Note: the minimum MPS assumes that any middleboxes (e.g. IPv4 NATs) that connect private networks with path MTUs smaller than 576 octets must reassemble any fragmented (outbound) IPv4 carrier packets sent by OAL sources before forwarding them to external Internetworks since middleboxes that connect OAL destinations often unconditionally drop (inbound) IPv4 fragments. However, when the path MTU in the destination private network is small, the OAL destination itself will be able to reassemble any IPv4 fragmentation that occurs in the inbound path.¶
Note: appending the 2-octet checksum to the final fragment after fragmentation instead of to the end of the original IP packet/parcel before fragmentation ensures consistent support for all packet sizes. Otherwise, 65534- and 65535-octet packets would be unable to append the checksum without inserting a jumbo payload option which would inhibit transmission over the vast majority of common link types.¶
The OAL source or intermediate node next encapsulates each OAL fragment (with either full or compressed headers) in L2 encapsulation headers to create a carrier packet. The OAL source or intermediate node (i.e., the L2 source) includes a UDP header as the innermost sublayer if NATs and/or filtering middleboxes might occur on the path; otherwise, the L2 source includes a full/compressed IP header and/or an actual link layer header (e.g., such as for Ethernet-compatible links). The L2 source then appends any additional encapsulation sublayer headers necessary and presents the resulting carrier packet to an underlay interface, where the underlay network conveys it to a next-hop OAL intermediate node or destination (i.e., the L2 destination).¶
The L2 source encapsulates the OAL information immediately following the innermost L2 sublayer header. The L2 source next interprets the first four bits following the L2 headers as a Type field that determines the type of OAL header that follows. The L2 source sets Type to '0' for an uncompressed OAL IPv6 header or '1', '2', '3' for an OMNI Compressed Header as specified in Section 6.4. For raw IP packets/parcels (i.e., those that do not include an OAL header), the L2 source instead interprets the first four bits as a Version field that encodes '4' for an ordinary IPv4 packet/parcel or '6' for an ordinary IPv6 packet/parcel. (Type values '0' through '3' and Version values '4' and '6' are currently specified, while all other values are reserved for future use. Carrier packets that contain an unrecognized Type/Version value are unconditionally dropped.)¶
The OAL node prepares the L2 encapsulation headers for OAL packets as follows:¶
When an L2 source includes a UDP header, it SHOULD calculate and include a UDP checksum in carrier packets with full OAL headers to prevent mis-delivery, and MAY disable UDP checksums in carrier packets with compressed OAL headers (see: Section 6.4). If the L2 source discovers that a path is dropping carrier packets with UDP checksums disabled, it should enable UDP checksums in future carrier packets sent to the same L2 destination. If the L2 source discovers that a path is dropping carrier packets that do not include a UDP header, it should include a UDP header in future carrier packets.¶
When an L2 source sends carrier packets with compressed OAL headers and with UDP checksums disabled, mis-delivery due to corruption of the AERO Forwarding Vector Index (AFVI) is possible but unlikely since the corrupted index would somehow have to match valid state in the (sparsely-populated) AERO Forwarding Information Base (AFIB). In the unlikely event that a match occurs, an OAL destination may receive a mis-delivered carrier packet but can immediately reject carrier packets with an incorrect Identification. If the Identification value is somehow accepted, the OAL destination may submit the mis-delivered carrier packet to the reassembly cache where it will most likely be rejected due to incorrect reassembly parameters. If a reassembly that includes the mis-delivered carrier packets somehow succeeds (or, for atomic fragments) the OAL destination will verify the OAL checksum to detect corruption. Finally, any spurious data that somehow eludes all prior checks will be detected and rejected by end-to-end upper layer integrity checks. See: [RFC6935][RFC6936] for further discussion.¶
For UDP/IP or IP-only L2 encapsulations, when the L2 source is also the OAL source it next copies the "Type of Service/Traffic Class" [RFC2983] and "Explicit Congestion Notification (ECN)" [RFC3168] values in the OAL header into the corresponding fields in the L2 IP header, then (for IPv6) set the L2 IPv6 header "Flow Label" as specified in [RFC6438]. The L2 source then sets the L2 IP TTL/Hop Limit the same as for any host (i.e., it does not copy the Hop Limit value from the OAL header) and finally sets the source and destination IP addresses to direct the carrier packet to the next hop. For carrier packets undergoing re-encapsulation, the OAL intermediate node L2 source decrements the OAL header Hop Limit and discards the OAL packet/fragment if the value reaches 0. The L2 source then copies the Type of Service/Traffic Class and ECN values from the previous segment L2 encapsulation header into the next segment L2 encapsulation header while setting the next segment L2 source and destination IP addresses the same as above. (Note: the L2 source also writes the ECN value into the OAL full/compressed header.)¶
Following L2 encapsulation/re-encapsulation, the L2 source sends the resulting carrier packets over one or more underlay interfaces. The underlay interfaces often connect directly to physical media on the local platform (e.g., an aircraft with a radio frequency link, a laptop computer with WiFi, etc.), but in some configurations the physical media may be hosted on a separate Local Area Network (LAN) node. In that case, the OMNI interface can establish a Layer-2 VLAN or a point-to-point tunnel (at a layer below the underlay interface) to the node hosting the physical media. The OMNI interface may also apply encapsulation at the underlay interface layer (e.g., as for a tunnel virtual interface) such that carrier packets would appear "double-encapsulated" on the LAN; the node hosting the physical media in turn removes the LAN encapsulation prior to transmission or inserts it following reception. Finally, the underlay interface must monitor the node hosting the physical media (e.g., through periodic keepalives) so that it can convey up/down/status information to the OMNI interface.¶
When an OMNI interface receives a carrier packet from an underlay interface, it copies the ECN value from the L2 encapsulation headers into the OAL header if the carrier packet contains a first-fragment. The OMNI interface next discards the L2 encapsulation headers and examines the OAL header of the enclosed OAL fragment according to the value in the Type field as discussed in Section 6.2. If the OAL fragment is addressed to a different node, the OMNI interface (acting as an OAL intermediate node) re-encapsulates and forwards while decrementing the OAL Hop Limit as discussed in Section 6.2. If the OAL fragment is addressed to itself, the OMNI interface (acting as an OAL destination) accepts or drops the fragment based on the (Source, Destination, Identification)-tuple and/or integrity checks.¶
The OAL destination next drops all non-final OAL fragments smaller than the minimum MPS and all fragments that would overlap or leave "holes" smaller than the minimum MPS with respect to other fragments already received. The OAL destination updates a checklist of accepted fragments of the same OAL packet that include an Ordinal number (i.e., Ordinals 0 through 127), but admits all accepted fragments into the reassembly cache after first removing any extension headers except for the fragment header itself. When the OAL destination receives the final fragment (i.e., the one with More Fragments set to 0), it caches the trailing checksum and reduces the Payload Length by 2. When reassembly is complete, the OAL destination verifies the OAL packet checksum and discards the OAL packet if the checksum is incorrect. If the OAL packet was accepted, the OAL destination finally removes the OAL headers and delivers the original IP packet/parcel to the network layer.¶
Carrier packets often traverse paths with underlying links that use integrity checks such as CRC-32 which provide adequate hop-by-hop integrity assurance for payloads up to 9180 octets [CRC]. However, other paths may traverse links (such as fragmenting tunnels over IPv4 - see: [RFC4963]) that do not include adequate checks. The OAL checksum therefore allows OAL destinations to detect reassembly misassociation splicing errors and/or carrier packet corruption caused by links with inadequate protection (see: Appendix A). Note that since OAL packets that include a Jumbo Payload header do not include an OAL checksum, links must provide sufficient integrity checks (and possibly also forward error correction codes) to ensure IP jumbogram integrity at their layer.¶
The OAL checksum also provides algorithmic diversity with respect to both link layer CRCs and network or higher layer Internet checksums as part of a complimentary multi-layer integrity assurance architecture. Any corruption not detected (and corrected) by link layer integrity checks is therefore very likely to be detected by OAL, network or higher layer integrity checks that employ diverse algorithms.¶
OAL sources that send carrier packets with full OAL headers include a Compressed Routing Header (CRH) [I-D.bonica-6man-comp-rtg-hdr] extension for segment-by-segment forwarding based on an AERO Forwarding Information Base (AFIB) in each OAL intermediate node. OAL source, intermediate and destination nodes can instead establish header compression state through IPv6 ND NS/NA message exchanges. After an initial NS/NA exchange, OAL nodes can apply OAL Header Compression to significantly reduce encapsulation overhead.¶
Each OAL node establishes AFIB soft state entries known as AERO Forwarding Vectors (AFVs) which support both OAL packet/fragment forwarding and OAL header compression/decompression. For FHS OAL sources, each AFV is referenced by a single AERO Forwarding Vector Index (AFVI) that provides compression/decompression and forwarding context for the next hop. For LHS OAL destinations, the AFV is referenced by a single AFVI that provides context for the previous hop. For OAL intermediate nodes, the AFV is referenced by two AFVIs - one for the previous hop and one for the next hop.¶
When an OAL node sends carrier packets that contain OAL packets/fragments to a next hop, it can include a full OAL IPv6 header with a CRH extension containing AFVI forwarding information. In that case, the first four bits following the L2 headers must encode the Type value '0' (Type '0') to signify that an uncompressed OAL IPv6 header (plus extensions) is present. The (Type) value '0' is termed "OMNI Compressed Header - Type 0 (OCH-0)" and differentiates uncompressed OAL IPv6 headers from ordinary IP headers which are identified by the (Version) value '4' for IPv4 or '6' for IPv6.¶
When an OAL intermediate node forwards an OAL packet with '0' in the Type/Version field to an IPv6 router for the SRT, it discards the L2 encapsulation headers and resets the Type/Version field value to '6'. When an OAL intermediate node forwards an OAL packet received from an SRT IPv6 router, it resets the Type/Version field value to '0' and includes new L2 encapsulation headers.¶
Whenever possible, OAL nodes should omit significant portions of the OAL header (plus extensions) while applying OAL header compression when sufficient AFV state is available. Three OAL compressed header types (Types '1' through '3') are currently specified.¶
For OAL first-fragments (including atomic fragments), the OAL node uses OMNI Compressed Header - Type 1 (OCH-1) format as shown in Figure 6:¶
The format begins with a 4-bit Type, a 6-bit Hop Limit, a 2-bit Explicit Congestion Notification (ECN) field, an 8-bit Parcel ID and 4 flag bits. The format concludes with a 4-octet Identification field followed by a 2- or 4-octet AFVI field. The OAL node sets Type to the value 1, sets Hop Limit to the minimum of the uncompressed OAL header Hop Limit and 63, sets ECN the same as for an uncompressed OAL header, and sets (Parcel ID, (P)arcel, More (S)egments, (M)ore Fragments, Identification) the same as for an uncompressed fragment header. The OAL node finally sets e(X)tended to 0 if the AFVI field is 2-octets or to 1 if the AFVI field is 4-octets in length.¶
The OAL first fragment (beginning with the original IP header) is then included immediately following the OCH-1 header, and the L2 header length field is reduced by the difference in length between the compressed headers and full-length OAL IPv6 and Fragment headers. The OAL destination can therefore determine the Payload Length by examining the L2 header length field and/or the length field(s) in the original IP header. The OCH-1 format applies for first fragments only, which are always regarded as ordinal fragment 0 even though no explicit Ordinal field is included.¶
For OAL non-first fragments (i.e., those with non-zero Fragment Offsets), the OAL uses OMNI Compressed Header - Type 2 (OCH-2) format as shown in Figure 7:¶
The format begins with a 4-bit Type, a 6-bit Hop Limit, a 7-bit Ordinal, a 13-bit Fragment Offset and 2 flag bits. The format concludes with a 4-octet Identification field followed by a 2- or 4-octet AFVI field. The OAL node sets Type to the value 2, sets Hop Limit to the minimum of the uncompressed OAL header Hop Limit and 63, and sets (Ordinal, Fragment Offset, (M)ore Fragments, Identification) the same as for an uncompressed fragment header. The OAL node finally sets e(X)tended to 0 if the AFVI field is 2-octets or to 1 if the AFVI field is 4-octets in length.¶
The OAL non-first fragment body is then included immediately following the OCH-2 header, and the L2 header length field is reduced by the difference in length between the compressed headers and full-length OAL IPv6 and Fragment headers. The OAL destination will then be able to determine the Payload Length by examining the L2 header length field. The OCH-2 format applies for non-first fragments only; therefore, the OAL source sets Ordinal to a monotonically increasing value beginning with 1 for the first non-first fragment, 2 for the second non-first fragment, etc., up to and including the final fragment. If more than 127 non-first fragments appear, all fragments beyond Ordinal 127 also set the value 127. (The Ordinal value 0 is undefined; all OCH-2 carrier packets received with Ordinal value 0 must be unconditionally dropped.) The (A)RQ flag is always implicitly set, and therefore omitted from the OCH-2 header.¶
When the entire OAL header is compressed, only the information that would normally appear in the IPv6 Fragment Header is included and with no information from the OAL IPv6 header. The OMNI Compressed Header - Type 3 (OCH-3) is shown in Figure 8:¶
The format begins with a 4-bit Type set to the value 3 followed by a 7-bit Ordinal. When Ordinal encodes the value 0, the format continues according to the "First fragment" specification discussed above. When the J flag is set, the Identification field is followed by a 32-bit Jumbo Payload Length field and the payload beyond is the beginning of a jumbo/parcel. When the J flag is clear, only the Identification field appears and the payload beyond is the beginning of an ordinary packet.¶
When Ordinal encodes any other value, the format continues according to the above "Non-first fragment" specification. The fields for both formats include the same information that would appear in a (modified) IPv6 Fragment Header as specified in Figure 4 with the exception that the first fragment does not include a Fragment Offset (since its offset is always 0) and non-first fragments do not include a Next Header field (since that field already appears in the first fragment).¶
When an OAL destination or intermediate node receives a carrier packet, it determines the length of the encapsulated OAL information by examining the length field of the innermost L2 header, verifies that the innermost next header field indicates OMNI (see: Section 6.2), then examines the first four bits immediately following the innermost header. If the bits contain a value 0 through 3 the OAL node processes the remainder of the header as a full OAL header (OCH-0) or OCH-1/2/3 compressed header as specified above. If the bits contain the value 4 or 6, the OAL node instead processes the remainder as an ordinary IP header.¶
For carrier packets that contain OAL packets/fragments with OCH-1/2 headers (or full OAL headers with CRH extensions) and addressed to itself, the OAL node then uses the AFVI to locate the cached AFV which determines the next hop. During forwarding, the OAL node changes the AFVI to the cached value for the AFV next hop. If the OAL node is the destination, it instead reconstructs the full OAL headers then adds the resulting OAL fragment to the reassembly cache if the Identification is acceptable. (Note that for carrier packets that contain OAL packets/fragments with an OCH-1 with both the X and M flags set to 0, the OAL node can instead locate forwarding state by examining the original IP packet/parcel header information that appears immediately after the OCH-1 header.)¶
Note: OAL header compression does not interfere with checksum calculation and verification, which must be applied according to the full OAL pseudo-header per Section 6.1 even when compression is used.¶
Note: The OCH-1/2 formats do not include the Traffic Class and Flow Label information that appears in uncompressed OAL IPv6 headers. Therefore, when OAL header compression state is initialized the Traffic Class and Flow Label are considered fixed for as long as the flow uses OCH-1/2 headers. If the flow requires frequent changes to Traffic Class and/or Flow Label information, it can include uncompressed OAL headers either continuously or periodically to update header compression state.¶
When the OAL source and OAL destination are on the same OMNI link segment as determined by neighbor discovery, the OMNI interface forwards packets directly to the specific underlay interface without applying OAL encapsulation. In that case, the OAL source treats the IPv6 header of the original packet the same as if it had applied an OAL encapsulation header. The Next Header field will therefore encode a value specific to the transport layer protocol (e.g., '6' for TCP, '17' for UDP, etc.) since the OAL does not insert an IPv6 encapsulation header. The OAL source then applies fragmentation, header compression and L2 encapsulation the same as described above even though a single IPv6 header (and not an additional OAL encapsulation header) is present.¶
The OAL source can also apply these same encapsulation avoidance procedures for IPv4 by first translating the IPv4 header of the original packet into an IPv6 header and translating the IPv4 addresses into IPv4-compatible IPv6 addresses. These translated headers can then be manipulated the same as for IPv6 headers as described above, including fragmentation, header compression, etc.¶
When an OAL node and its next OAL hop are known to be connected to the same underlay link, or when the node's underlay interface connects to a Mobile Ad-Hoc Network (MANET) where MANET-local IPv6 routing protocols are applied, the node does not include full UDP/IP headers as part of the carrier packet L2 encapsulation and instead uses link layer encapsulation using EtherType TBD2 for Ethernet-compatible data links. The MANET-local IPv6 routing protocols will then direct the packets to the correct destination which may be one or more MANET routing hops away from the source.¶
When the OAL node is unable to determine whether the next OAL hop is connected to the same underlay link, it should perform carrier packet L2 encapsulation for initial packets sent via the next hop over a specific underlay interface by including full UDP/IP headers and with the UDP port numbers set as discussed in Section 6.2. The node can thereafter attempt to send an NS to the next OAL hop in carrier packet(s) that omit the UDP header and set the IP protocol number to TBD1. If the OAL node receives an NA reply, it can begin omitting the UDP header in subsequent packets. The node can further attempt to send an NS in carrier packet(s) that omit both the UDP and IP headers and set EtherType to TBD2. If the source receives an NA reply, it can begin omitting both the UDP and IP headers in subsequent packets.¶
Note: in the above, "next OAL hop" refers to the first OAL node encountered on the optimized path to the destination over a specific underlay interface as determined through route optimization (e.g., see: [I-D.templin-intarea-aero]). The next OAL hop could be a Proxy/Server, Gateway or the OAL destination itself.¶
The OAL encapsulates each original IP packet/parcel as an OAL packet then performs fragmentation to produce one or more carrier packets with the same 32-bit Identification value. In environments where spoofing is not considered a threat, OMNI interfaces send OAL packets with Identifications beginning with an unpredictable Initial Send Sequence (ISS) value [RFC7739] monotonically incremented (modulo 2**32) for each successive OAL packet sent to either a specific neighbor or to any neighbor. (The OMNI interface may later change to a new unpredictable ISS value as long as the Identifications are assured unique within a timeframe that would prevent the fragments of a first OAL packet from becoming associated with the reassembly of a second OAL packet.) In other environments, OMNI interfaces should maintain explicit per-interface-pair send and receive windows to detect and exclude spurious carrier packets that might clutter the reassembly cache as discussed below.¶
OMNI interface neighbors use TCP-like synchronization to maintain windows with unpredictable ISS values incremented (modulo 2**32) for each successive OAL packet and re-negotiate windows often enough to maintain an unpredictable profile. OMNI interface neighbors exchange IPv6 ND messages that include OMNI Window Synchronization sub-options (see: Section 12.2.5) with TCP-like information fields and flags to manage streams of OAL packets instead of streams of octets. As a link layer service, the OAL provides low-persistence best-effort retransmission with no mitigations for duplication, reordering or deterministic delivery. Since the service model is best-effort and only control message sequence numbers are acknowledged, OAL nodes can select unpredictable new initial sequence numbers outside of the current window without delaying for the Maximum Segment Lifetime (MSL).¶
OMNI interface neighbors maintain current and previous per-interface-pair window state in IPv6 ND NCEs and/or AFVs to support dynamic rollover to a new window while still sending OAL packets and accepting carrier packets from the previous windows. OMNI interface neighbors synchronize windows through asymmetric and/or symmetric IPv6 ND message exchanges. When a node receives an IPv6 ND message with new interface pair-based window information, it resets the previous window state based on the current window then resets the current window based on new and/or pending information.¶
The IPv6 ND message OMNI option header extension sub-option includes TCP-like information fields including Sequence Number, Acknowledgement Number, Window and flags (see: Section 12). OMNI interface neighbors maintain the following TCP-like state variables on a per-interface-pair basis (i.e., through a combination of NCE and AFV state):¶
Send Sequence Variables (current, previous and pending) SND.NXT - send next SND.WND - send window ISS - initial send sequence number Receive Sequence Variables (current and previous) RCV.NXT - receive next RCV.WND - receive window IRS - initial receive sequence number¶
OMNI interface neighbors "OAL A" and "OAL B" exchange IPv6 ND messages per [RFC4861] with OMNI options that include TCP-like information fields as well as interface pair parameters such as Interface Attributes or AERO Forwarding Parameters. When OAL A synchronizes with OAL B, it maintains both a current and previous SND.WND beginning with a new unpredictable ISS and monotonically increments SND.NXT for each successive OAL packet transmission. OAL A initiates synchronization by including the new ISS in the Sequence Number of an authentic IPv6 ND message with the SYN flag set and with Window set to M (up to 2**24) as a tentative receive window size while creating a NCE in the INCOMPLETE state if necessary. OAL A caches the new ISS as pending, uses the new ISS as the Identification for OAL encapsulation, then sends the resulting OAL packet to OAL B and waits up to RetransTimer milliseconds to receive an IPv6 ND message response with the ACK flag set (retransmitting up to MAX_UNICAST_SOLICIT times if necessary).¶
When OAL B receives the SYN, it creates a NCE in the STALE state and also an AFV if necessary, resets its RCV variables, caches the tentative (send) window size M, and selects a (receive) window size N (up to 2**24) to indicate the number of OAL packets it is willing to accept under the current RCV.WND. (The RCV.WND should be large enough to minimize control message overhead yet small enough to provide an effective filter for spurious carrier packets.) OAL B then prepares an IPv6 ND message with the ACK flag set, with the Acknowledgement Number set to OAL A's next sequence number, and with Window set to N. Since OAL B does not assert an ISS of its own, it uses the IRS it has cached for OAL A as the Identification for OAL encapsulation then sends the ACK to OAL A.¶
When OAL A receives the ACK, it notes that the Identification in the OAL header matches its pending ISS. OAL A then sets the NCE state to REACHABLE and resets its SND variables based on the Window size and Acknowledgement Number (which must include the sequence number following the pending ISS). OAL A can then begin sending OAL packets to OAL B with Identification values within the (new) current SND.WND for this interface pair for up to ReachableTime milliseconds or until the NCE is updated by a new IPv6 ND message exchange. This implies that OAL A must send a new SYN before sending more than N OAL packets within the current SND.WND, i.e., even if ReachableTime is not nearing expiration. After OAL B returns the ACK, it accepts carrier packets received from OAL A via this interface pair within either the current or previous RCV.WND as well as any new authentic NS/RS SYN messages received from OAL A even if outside the windows.¶
OMNI interface neighbors can employ asymmetric window synchronization as described above using two independent (SYN -> ACK) exchanges (i.e., a four-message exchange), or they can employ symmetric window synchronization using a modified version of the TCP three-way handshake as follows:¶
Following synchronization, OAL A and OAL B hold updated NCEs and AFVs, and can exchange OAL packets with Identifications set to SND.NXT for each interface pair while the state remains REACHABLE and there is available window capacity. Either neighbor may at any time send a new SYN to assert a new ISS. For example, if OAL A's current SND.WND for OAL B is nearing exhaustion and/or ReachableTime is nearing expiration, OAL A continues to send OAL packets under the current SND.WND while also sending a SYN with a new unpredictable ISS. When OAL B receives the SYN, it resets its RCV variables and may optionally return either an asymmetric ACK or a symmetric SYN/ACK to also assert a new ISS. While sending SYNs, both neighbors continue to send OAL packets with Identifications set to the current SND.NXT for each interface pair then reset the SND variables after an acknowledgement is received.¶
While the optimal symmetric exchange is efficient, anomalous conditions such as receipt of old duplicate SYNs can cause confusion for the algorithm as discussed in Section 3.5 of [RFC9293]. For this reason, the OMNI Window Synchronization sub-option includes an RST flag which OAL nodes set in solicited NA responses to ACKs received with incorrect acknowledgement numbers. The RST procedures (and subsequent synchronization recovery) are conducted exactly as specified in [RFC9293].¶
OMNI interfaces that employ the window synchronization procedures described above observe the following requirements:¶
Note: Although OMNI interfaces employ TCP-like window synchronization and support uNA ACK responses to SYNs, all other aspects of the IPv6 ND protocol (e.g., control message exchanges, NCE state management, timers, retransmission limits, etc.) are honored exactly per [RFC4861]. OMNI interfaces further manage per-interface-pair window synchronization parameters in one or more AFVs for each neighbor pair.¶
Note: Recipients of OAL-encapsulated IPv6 ND messages index the NCE based on the message source address, which also determines the carrier packet Identification window. However, IPv6 ND messages may contain a message source address that does not match the OMNI encapsulation source address when the recipient acts as a proxy.¶
Note: OMNI interface neighbors apply separate send and receive windows for all of their (multilink) underlay interface pairs that exchange carrier packets. Each interface pair represents a distinct underlay network path, and the set of paths traversed may be highly diverse when multiple interface pairs are used. OMNI intermediate nodes therefore become aware of each distinct set of interface pair window synchronization parameters based on periodic IPv6 ND message updates to their respective AFVs.¶
When the OAL source sends carrier packets to an OAL destination, it should cache recently sent carrier packets in case timely best-effort selective retransmission is requested. The OAL destination in turn maintains a checklist for the (Source, Destination, Identification)-tuple of recently received carrier packets and notes the ordinal numbers of OAL packet fragments already received (i.e., as Frag #0, Frag #1, Frag #2, etc.). The timeframe for maintaining the OAL source and destination caches determines the link persistence (see: [RFC3366]).¶
If the OAL destination notices some fragments missing after most other fragments within the same link persistence timeframe have already arrived, it may issue an Automatic Repeat Request (ARQ) with Selective Repeat (SR) by sending a uNA message to the OAL source. The OAL destination creates a uNA message with an OMNI option with one or more Fragmentation Report (FRAGREP) sub-options that include a list of (Identification, Bitmap)-tuples for fragments received and missing from this OAL source (see: Section 12). The OAL destination includes an authentication signature if necessary, performs OAL encapsulation (with the its own address as the OAL source and the source address of the message that prompted the uNA as the OAL destination) and sends the message to the OAL source.¶
When the OAL source receives the uNA message, it authenticates the message then examines the FRAGREP. For each (Source, Destination, Identification)-tuple, the OAL source determines whether it still holds the corresponding carrier packets in its cache and retransmits any for which the Bitmap indicates a loss event. For example, if the Bitmap indicates that ordinal fragments #3, #7, #10 and #13 from the OAL packet with Identification 0x12345678 are missing the OAL source only retransmits carrier packets containing those fragments. When the OAL destination receives the retransmitted carrier packets, it admits the enclosed fragments into the reassembly cache and updates its checklist. If some fragments are still missing, the OAL destination may send a small number of additional uNA ARQ/SRs within the link persistence timeframe.¶
The OAL therefore provides a link layer low-to-medium persistence ARQ/SR service consistent with [RFC3366] and Section 8.1 of [RFC3819]. The service provides the benefit of timely best-effort link layer retransmissions which may reduce carrier packet loss and avoid some unnecessary end-to-end delays. This best-effort network-based service therefore compliments transport and higher layer end-to-end protocols responsible for true reliability.¶
Note: If a FRAGREP for a fragmented OAL packet that includes more than 128 fragments sets ordinal fragment bit #127, the OAL source should retransmit all ordinal fragments beginning with the actual #127 and continuing to the final fragment. Fragmented OAL packets with such a large number of fragments should occur very rarely if ever, however.¶
When the OMNI interface forwards original IP packets/parcels from the network layer, it invokes the OAL and returns internally-generated ICMPv4 Fragmentation Needed [RFC1191] or ICMPv6 Path MTU Discovery (PMTUD) Packet Too Big (PTB) [RFC8201] messages as necessary. This document refers to both of these ICMPv4/ICMPv6 message types simply as "PTBs", and introduces a distinction between PTB "hard" and "soft" errors as discussed below.¶
Ordinary PTB messages with ICMPv4 header "unused" field or ICMPv6 header Code field value 0 are hard errors that always indicate loss due to a real MTU restriction has occurred. However, the OMNI interface can also forward original IP packets/packets via OAL encapsulation and fragmentation while at the same time returning PTB soft error messages (subject to rate limiting) to suggest smaller sizes due to factors such as link performance characteristics, number of fragments needed, reassembly congestion, etc.¶
This ensures that the path MTU is adaptive and reflects the current path used for a given data flow. The OMNI interface can therefore continuously forward original IP packets/parcels without loss while returning PTB soft error messages recommending a smaller size if necessary. Original sources that receive the soft errors in turn reduce the size of the original IP packets/parcels they send, i.e., the same as for hard errors but without necessarily corresponding to a loss event. The original source can then resume sending larger packets/parcels without delay if the soft errors subside.¶
An OAL source returns a soft error as an ICMPv6 PTB with the header Code field set to the value 1 if the original IP packet/parcel was dropped or 2 if it was forwarded successfully (see: Section 25). The OAL source sets the PTB destination address to the original IP packet/parcel source, and sets the source address to one of its OMNI interface addresses that is routable from the perspective of the original source (and for IPv4 addresses sets the source/destination to the corresponding IPv4-compatible IPv6 address).¶
The OAL source then sets the MTU field to a value smaller than the original IP packet/parcel size but no smaller than 576 for IPv4 or 1280 for IPv6, writes the leading portion of the original IP packet/parcel first fragment into the "packet in error" field such that the entire PTB including the IPv6 header is no larger than 512 octets. The OAL source then sets the ICMPv6 Checksum to 0 and encapsulates the PTB soft error in UDP/IP headers with IP addresses copied from the PTB IP header and with UDP port set to 8060 (i.e., the port number reserved for AERO/OMNI). The OAL source then calculates and sets the UDP Checksum and returns the PTB to the original source.¶
An OAL destination may experience reassembly cache congestion, and can return uNA messages that include OMNI encapsulated PTB messages with code 1 or 2 to the OAL source that originated the fragments (subject to rate limiting). The OAL destination creates a uNA message with an OMNI option containing an authentication message sub-option if necessary followed optionally by a ICMPv6 Error sub-option that encodes a PTB message with a reduced value and with the leading portion an OAL first fragment containing the header of an original IP packet/parcel for which source must be notified (see: Section 12).¶
The OAL destination encapsulates the leading portion of the OAL first fragment (beginning with the OAL header) in the PTB "packet in error" field, signs the message if an authentication sub-option is included, performs OAL encapsulation (with the its own address as the OAL source and the source address of the message that prompted the uNA as the OAL destination) and sends the message to the OAL source.¶
When the OAL source receives the uNA message, it sends a corresponding network layer PTB soft error to the original source to recommend a smaller size. The OAL source crafts the PTB by extracting the leading portion of the original IP packet/parcel from the OMNI encapsulated PTB message (i.e., not including the OAL header) and writes as much as will fit in the "packet in error" field of a network layer PTB message without causing the message to exceed 512 octets. The OAL source sets the destination to the original IP packet/parcel source and sets the source to one of its OMNI interface addresses that is routable from the perspective of the original source. The OAL source then encapsulates the PTB in UDP/IP headers the same as discussed above and returns the message to the original source.¶
Original sources that receive these OMNI-encapsulated PTB soft errors first verify that the UDP Checksum is correct and that the ICMPv6 Checksum is set to 0. The original source can then dynamically tune the size of the original IP packets/parcels it sends to produce the best possible throughput and latency, with the understanding that these parameters may change over time due to factors such as congestion, mobility, network path changes, etc. Original sources should therefore consider receipt or absence of soft errors as hints of when increasing or decreasing packet/parcel sizes may provide better performance.¶
The OMNI interface supports continuous transmission and reception of packets/parcels of various sizes in the face of dynamically changing network conditions. Moreover, since PTB soft errors do not indicate a hard limit, original sources that receive soft errors can resume sending larger packets/parcels without waiting for the recommended 10 minutes specified for PTB hard errors [RFC1191][RFC8201]. The OMNI interface therefore provides an adaptive service that accommodates MTU diversity especially well-suited for dynamic multilink environments.¶
When the OAL source forwards a packet larger than the minimum MRU of 65535 octets (i.e., a "jumbogram"), it either drops and returns a PTB hard error to the original source or forwards the packet into the OAL path under "best effort" expectations. If a router in the OAL path returns a PTB, the OAL source first determines if the message is authentic then (if so) returns a PTB to the original source. If the large packet reaches an OAL destination that is unable to accommodate it, the OAL destination returns a signed uNA containing a PTB hard error to the OAL source. The OAL source authenticates the uNA and translates the error into a PTB to return to the original source.¶
The OMNI interface also returns Parcel Report (PTB code 3) and/or Jumbo Report (PTB code 4) messages in response to any parcels and/or advanced jumbos delivered by the network layer. These Parcel/Jumbo Report messages are prepared as UDP/IP encapsulated ICMPv6 PTB messages the same as for PTB soft errors discussed above. IP parcels and advanced are discussed in [I-D.templin-intarea-parcels].¶
Note: the OAL source encapsulates PTB soft errors in UDP/IP headers with the UDP port number reserved for OMNI (8060) since network layer middleboxes often filter raw ICMP messages (even those as important as PTBs). Original sources that send large packets therefore should implement enough of the OMNI specification to be able to recognize and process these messages.¶
Note: UDP/IP-encapsulated PTB messages include a valid and non-zero UDP Checksum but set the ICMPv6 Checksum to 0. This allows the original source to verify the integrity by first checking the UDP Checksum then second by verifying that the ICMPv6 Checksum encodes the value 0.¶
The OAL source ordinarily includes a 40-octet IPv6 encapsulation header for each original IP packet/parcel during OAL encapsulation. The OAL source also calculates the OAL checksum then performs fragmentation such that a copy of the 40-octet IPv6 header plus an 8-octet IPv6 Fragment Header is included in each OAL fragment (when a Routing Header is added, the OAL encapsulation headers become larger still). However, these encapsulations may represent excessive overhead in some environments. OAL header compression can dramatically reduce the amount of encapsulation overhead, however a complimentary technique known as "packing" (see: [I-D.ietf-intarea-tunnels]) supports encapsulation of multiple original IP packets/parcels and/or control messages within a single OAL "super-packet".¶
When the OAL source has multiple original IP packets/parcels to send to the same OAL destination with total length no larger than the OAL destination MRU, it can concatenate them into a super-packet encapsulated in a single OAL header. Within the OAL super-packet, the IP header of the first original IP packet/parcel (iHa) followed by its data (iDa) is concatenated immediately following the OAL header, then the IP header of the next original packet/parcel (iHb) followed by its data (iDb) is concatenated immediately following the first, etc. with the trailing OAL checksum included in the final fragment. The OAL super-packet format is transposed from [I-D.ietf-intarea-tunnels] and shown in Figure 9:¶
When the OAL source prepares a super-packet, it applies OAL fragmentation, includes a trailing checksum in the final fragment, applies L2 encapsulation to each fragment then sends the resulting carrier packets to the OAL destination. When the OAL destination receives the super-packet it sets aside the trailing checksum, reassembles if necessary, then verifies the checksum while regarding the remaining OAL header Payload Length as the sum of the lengths of all payload packets/parcels. The OAL destination then selectively extracts each original IP packet/parcel (e.g., by setting pointers into the super-packet buffer and maintaining a reference count, by copying each packet into a separate buffer, etc.) and forwards each one to the network layer. During extraction, the OAL determines the IP protocol version of each successive original IP packet/parcel 'j' by examining the four most-significant bits of iH(j), and determines the length of each one by examining the rest of iH(j) according to the IP protocol version.¶
When an OAL source prepares a super-packet that includes an IPv6 ND message with an authentication signature as the first original IP packet/parcel (i.e., iHa/iDa), it calculates the authentication signature over the remainder of super-packet. Security and integrity for forwarding initial data messages in conjunction with IPv6 ND messages used to establish NCE state are therefore supported. (A common use case entails a path MPS probe beginning with a signed IPv6 ND message followed by a suitably large NULL packet (e.g., an IP packet with padding octets added beyond the IP header and with {Protocol, Next Header} set to 59 ("No Next Header"), a UDP/IP packet with port number set to '9' ("discard") [RFC0863], etc.)¶
The OAL header of a super packet may also include a Jumbo Payload option if the total length of all payload packets/parcels exceeds 65535 octets. In that case, the super-packet does not include a trailing OAL checksum and must be forwarded as an atomic fragment over an OAL path that supports such large sizes.¶
OAL sources may send NULL OAL packets known as "bubbles" for the purpose of establishing Network Address Translator (NAT) state on the path to the OAL destination. The OAL source prepares a bubble by crafting an OAL header with appropriate IPv6 source and destination ULAs, with the IPv6 Next Header field set to the value 59 ("No Next Header" - see [RFC8200]) and with only the trailing OAL Checksum field (i.e., and no protocol data) immediately following the IPv6 header.¶
The OAL source includes a random Identification value then encapsulates the OAL packet in L2 headers destined to either the mapped address of the OAL destination's first-hop ingress NAT or the L2 address of the OAL destination itself. When the OAL source sends the resulting carrier packet, any egress NATs in the path toward the L2 destination will establish state based on the activity but the bubble will be harmlessly discarded by either an ingress NAT on the path to the OAL destination or by the OAL destination itself.¶
The bubble concept for establishing NAT state originated in [RFC4380] and was later updated by [RFC6081]. OAL bubbles may be employed by mobility services such as AERO.¶
OMNI Hosts are end systems that connect to the OMNI link over ENET underlay interfaces (i.e., either via an OMNI interface or as a sublayer of the ENET interface itself). Each ENET is connected to the rest of the OMNI link by a Client that receives an MNP delegation. Clients delegate MNP addresses and/or sub-prefixes to ENET nodes (i.e., Hosts, other Clients, routers and non-OMNI hosts) using standard mechanisms such as DHCP [RFC8415][RFC2131] and IPv6 Stateless Address AutoConfiguration (SLAAC) [RFC4862]. Clients forward original IP packets/parcels between their ENET Hosts and peers on external networks acting as routers and/or OAL intermediate nodes.¶
OMNI Hosts coordinate with Clients and/or other Hosts connected to the same ENET using OMNI L2 encapsulation of IPv6 ND messages without including OAL encapsulation. The L2 encapsulation headers and ND messages both use the MNP-based addresses assigned to ENET underlay interfaces as source and destination addresses (i.e., instead of ULAs). For IPv4 MNPs, the ND messages use IPv4-Compatible IPv6 addresses [RFC4291] in place of the IPv4 addresses.¶
Hosts discover Clients by sending encapsulated RS messages using an OMNI link IP anycast address (or the unicast address of the Client) as the RS L2 encapsulation destination as specified in Section 15. The Client configures the IPv4 and/or IPv6 anycast addresses for the OMNI link on its ENET interface and advertises the address(es) into the ENET routing system. The Client then responds to the encapsulated RS messages by sending an encapsulated RA message that uses its ENET unicast address as the source. (To differentiate itself from an INET border Proxy/Server, the Client sets the RA message OMNI Interface Attributes sub-option LHS field to 0 for the Host's interface index. When the RS message includes an L2 anycast destination address, the Client also includes an Interface Attributes sub-option for interface index 0 to inform the Host of its L2 unicast address - see: Section 15 for full details on the RS and RA message contents.)¶
Hosts coordinate with peer Hosts on the same ENET by sending encapsulated NS messages to receive an NA reply. (Hosts determine whether a peer is on the same ENET by matching the peer's IP address with the MNP (sub)-prefix for the ENET advertised in the Client's RA message [RFC8028].) Each ENET peer then creates a NCE and synchronizes Identification windows the same as for OMNI link neighbors, and the Host can then engage in OMNI link transactions with the Client and/or other ENET Hosts. By coordinating with the Client in this way, the Host treats the Client as if it were an ANET Proxy/Server, and the Client provides the same services that a Proxy/Server would provide. By coordinating with other Hosts, the peer hosts can exchange large IP packets/parcels over the ENET using encapsulation and fragmentation if necessary.¶
When a Host prepares an original IP packet/parcel, it uses the IP address of its OMNI interface (which is the same as the IP address of the underlying native ENET interface) as the source and the IP address of the (remote) peer as the destination. The Host next performs parcel segmentation if necessary (see: Section 6.12) then encapsulates the packet/parcel in OMNI L2 headers while setting the L2 source to the L3 source address and L2 destination to either the L3 destination address if the peer is on the local ENET, or to the IP address of the Client otherwise. The Host can then proceed to exchange packets/parcels with the destination, either directly or via the Client as an intermediate node.¶
The encapsulation procedures are coordinated per Section 6.1, except that the OMNI L2 encapsulation header is followed by a Type value of '3' as the first four bits of an OCH-3 OMNI compressed header that includes Fragment Header information (see: Section 6.4). When the L2 encapsulation is based on an EUI [EUI] or IPv4 address, the Host next translates the encapsulation header into an IPv6 header with compatible addresses that include the N octets of the EUI or IPv4 address in the N least significant bits of the IPv6 address while setting the (16-N) most significant octets to 0. Next, for IPv4 ENETs the Host sets the {IPv6 Traffic Class, Payload Length, Next Header, Hop Limit} fields according to the IPv4 {Type of Service, Total Length, Protocol, TTL} fields, respectively and also sets Flow Label as specified in [RFC6438]. The Host then calculates an OAL checksum (using a pseudo-header based on this IPv6 header instead of an OAL header), writes the value as the final 2 octets of the encapsulation then applies IPv6 fragmentation to produce IPv6 fragments no smaller than the MPS the same as described in Section 6.1. The Host next translates the IPv6 encapsulation headers back to OMNI L2 headers for the native ENET address format and with Type set to 3 to indicate the presence of an OCH-3 header. The Host finally sends the resultant carrier packets to the ENET peer.¶
When the ENET peer receives the carrier packets, it first translates the OMNI L2 headers back to IPv6 headers with compatible addresses and translates the OCH-3 headers into IPv6 Fragment Headers the same as above. The peer then reassembles and verifies the OAL checksum. If the checksum is correct, the peer next removes the encapsulation headers and applies parcel reconstitution if necessary. The peer then either delivers the original IP packet/parcel to the transport layers if the peer hosts the final destination or forwards the packet/parcel via the next hop if the peer is a Client acting as an intermediate node.¶
Hosts and Clients that initiate OMNI-based original IP packet/parcel transactions should first test the path toward the final destination using the parcel path qualification procedure specified in [I-D.templin-intarea-parcels]. An OMNI Host that sends and receives parcels need not implement the full OMNI interface abstraction but MUST implement enough of the OAL to be capable of fragmenting and reassembling maximum-length encapsulated IP packets/parcels and sub-parcels as discussed above and in the following section.¶
Note: Hosts and their peer Clients/Hosts on the same ANET/ENET can improve efficiency by forwarding original IP packets/parcels that do not require fragmentation as direct encapsulations within the OMNI L2 header and without including an OCH-3 header. In that case, the first four bits immediately following the OMNI L2 encapsulation header encode the value '4' for IPv4 or '6' for IPv6. Note that this savings comes at the expense of omitting a well-behaved Identification, but this may be an acceptable tradeoff in many secured ANET/ENET instances.¶
IP parcels are formed by an OMNI Host or Client transport layer protocol entity identified by the "5-tuple" (source address, destination address, source port, destination port, protocol number) when it produces a {TCP,UDP} protocol data unit containing the concatenation of multiple transport layer protocol segments. The transport layer protocol entity then presents the buffer and non-final segment size to the network layer which appends a single {TCP,UDP}/IP header (plus any extension headers) before presenting the parcel to the OMNI Interface. Transport and network protocol formatting and processing rules as well as parcellation and reconstitution procedures for IP parcels are specified in [I-D.templin-intarea-parcels], while detailed OAL encapsulation and fragmentation procedures are specified here.¶
When the network layer forwards a parcel, the OMNI interface invokes the OAL which forwards it to either an intermediate node or the final destination itself. The OAL source first invokes parcellation by assigning a monotonically-incrementing (modulo 255) "Parcel ID" and subdividing the parcel into sub-parcels if necessary as specified in [I-D.templin-intarea-parcels] with each sub-parcel no larger than the maximum of the path MTU to the next hop or 64KB (minus headers). The OAL source next performs encapsulation on each sub-parcel with destination set to the next hop address. If the next hop is reached via an ANET/INET interface, the OAL source inserts an OAL header the same as discussed in Section 6.1 and sets the destination to the ULA-MNP of the target Client. If the next hop is reached via an ENET interface, the OAL source instead inserts an IP header of the appropriate protocol version for the underlay ENET (i.e., even if the encapsulation header is IPv4) and sets the destination to the ENET IP address of the next hop. The OAL source inserts the encapsulation header even if no actual fragmentation is needed and/or even if the Jumbo Payload option is present.¶
The OAL source next assigns an appropriate Identification number that is monotonically-incremented for each consecutive sub-parcel, calculates and appends the OAL checksum, then performs IPv6 fragmentation over the sub-parcel if necessary to create fragments small enough to traverse the path to the next hop. (If the encapsulation header is IPv4, the OAL source first translates the encapsulation header into an IPv6 header with IPv4-Compatible IPv6 addresses before performing the fragmentation/reassembly operation while inserting the IPv6 Fragment Header.) The OAL source then writes the "Parcel ID" and sets/clears the "(P)arcel" and "More (S)egments" bits in the Fragment Header of the first fragment (see: Figure 4). (The OAL source sets P to 1 for a parcel or to 0 for a non-parcel. When P is 1, the OAL next sets S to 1 for non-final sub-parcels or to 0 if the sub-parcel contains the final segment.) The OAL source then sends each resulting carrier packet to the next hop, i.e., after first translating the IPv6 encapsulation header back to IPv4 if necessary.¶
When the OAL destination receives the carrier packets, it reassembles if necessary (i.e., after first translating the IPv4 encapsulation header to IPv6 if necessary). If the P flag in the first fragment is 0, the OAL destination then processes the reassembled entity as an ordinary IP packet; otherwise it continues processing as a sub-parcel. If the OAL destination is not the final destination, it can optionally retain the sub-parcels along with their Parcel ID and Identification values for a brief time for opportunistic reconstitution with peer sub-parcels of the same original parcel identified by the 3-tuple consisting of the adaptation layer (OAL source, OAL destination, Parcel ID). (Note that the OAL destination must not consult the parcel's network layer "5-tuple" at the adaptation layer, since it is possible that multiple sub-parcels of the same parcel may be forwarded over different network paths). The OAL destination performs adaptation layer reconstitution by concatenating the segments included in sub-parcels with the same Parcel ID and with consecutive Identification values within 256 of one another to create a larger sub-parcel possibly even as large as the entire original (sub)parcel. Order of concatenation is determined by increasing Identification value, noting that a sub-parcel that sets any TCP control flags must occur as a first concatenation, and the final sub-parcel (i.e., the one with S set to 0) must occur as a final concatenation and not as an intermediate. The OAL destination then appends a common {TCP,UDP}/IP header plus extensions to each reconstituted sub-parcel as specified in [I-D.templin-intarea-parcels].¶
When the OAL destination is not the final destination, it next forwards the reconstituted (sub-)parcel(s) to the next hop toward the final destination while ensuring that the S flag remains set to 0 in the sub-parcel that contains the final segment. When the parcel or sub-parcels arrive at the final destination, it performs network layer reconstitution to form the largest possible (sub)-parcels (while honoring the S flag) then delivers them to the transport layer entity which acts on the enclosed 5-tuple information supplied by the original source.¶
The Parcel Path Qualification procedures specified in [I-D.templin-intarea-parcels] require two new Code values in the ICMPv6 PTB field to identify a Parcel Report and Jumbo Report. These ICMPv6 PTB messages are always encapsulated according to OMNI rules and are processed only by nodes that implement at least enough of the OMNI specification to recognize the messages. This document therefore defines a new ICMPv6 PTB Code value 3 for Parcel Report and Code value 4 for Jumbo Report messages (see: Section 25).¶
Note: IP parcels may also originate from a non-OMNI original source and travel over multiple parcel-capable IP links before reaching an OMNI link ingress node (i.e., either a Client or Proxy/Server acting as a "relay"). The ingress node then forwards the parcel into the OMNI link according to the rules established above for locally-generated parcels, with the exception that the parcel IP TTL/Hop Limit is decremented. Similarly, when the IP parcel arrives at the OMNI link egress node (i.e., either a Client or Proxy/Server acting as a "relay"), the parcel may travel over multiple parcel-capable IP links before reaching the final destination.¶
Note: The OAL destination process of reconstituting parcels at the adaptation layer is optional, and should be avoided in cases where performance could be negatively impacted. It is always acceptable (albeit sometimes sub-optimal) for the OAL destination to forward sub-parcels on toward the final destination without performing adaptation layer reconstitution, since each sub-parcel will contain a well-formed header and an integral number of transport layer protocol segments and with the Index field and S flag set appropriately. The final destination can then optionally perform network layer reconstitution independently of any adaptation layer reconstitution that may have been applied by the OAL.¶
In light of the above, OAL sources, destinations and intermediate nodes observe the following normative requirements:¶
Note: Under the minimum MPS, an ordinary 1500-octet original IP packet/parcel would require at most 4 OAL fragments, with each non-final fragment containing 400 payload octets and the final fragment containing 302 payload octets (i.e., the final 300 octets of the original IP packet/parcel plus the 2-octet trailing checksum). For all packet/parcel sizes, the likelihood of successful reassembly may improve when the OMNI interface sends all fragments of the same fragmented OAL packet consecutively over the same underlay interface pair instead of spread across multiple underlay interface pairs. Finally, an assured minimum/path MPS allows continuous operation over all paths including those that traverse bridged L2 media with dissimilar MTUs.¶
Note: Certain legacy network hardware of the past millennium was unable to accept IP fragment "bursts" resulting from a fragmentation event - even to the point that the hardware would reset itself when presented with a burst. This does not seem to be a common problem in the modern era, where fragmentation and reassembly can be readily demonstrated at line rate (e.g., using tools such as 'iperf3') even over fast links on ordinary hardware platforms. Even so, while the OAL destination is reporting reassembly congestion (see: Section 6.8) the OAL source could impose "pacing" by inserting an inter-fragment delay and increasing or decreasing the delay according to congestion indications.¶
As discussed in Section 3.7 of [RFC8900], there are four basic threats concerning IPv6 fragmentation; each of which is addressed by effective mitigations as follows:¶
IPv4 includes a 16-bit Identification (IP ID) field with only 65535 unique values such that at high data rates the field could wrap and apply to new carrier packets while the fragments of old carrier packets using the same IP ID are still alive in the network [RFC4963]. Since carrier packets sent via an IPv4 path with DF=0 are normally no larger than 576 octets, IPv4 fragmentation is possible only at small-MTU links in the path which should support data rates low enough for safe reassembly [RFC3819]. (IPv4 carrier packets larger than 576 octets with DF=0 may incur high data rate reassembly errors in the path, but the OAL checksum provides OAL destination integrity assurance.) Since IPv6 provides a 32-bit Identification value, IP ID wraparound at high data rates is not a concern for IPv6 fragmentation.¶
Fragmentation security concerns for large IPv6 ND messages are documented in [RFC6980]. These concerns are addressed when the OMNI interface employs the OAL instead of directly fragmenting the IPv6 ND message itself. For this reason, OMNI interfaces MUST NOT send IPv6 ND messages larger than the OMNI interface MTU, and MUST employ OAL encapsulation and fragmentation for IPv6 ND messages larger than the minimum/path MPS for this OAL destination.¶
Unless the path is secured at the network layer or below (i.e., in environments where spoofing is possible), OMNI interfaces MUST NOT send ordinary carrier packets with Identification values outside the current window and MUST secure IPv6 ND messages used for address resolution or window state synchronization. OAL destinations SHOULD therefore discard without reassembling any out-of-window OAL fragments received over an unsecured path.¶
When the OMNI interface forwards original IP packets/parcels from the network layer it first invokes OAL encapsulation and fragmentation, then wraps each resulting OAL packet/fragment in any necessary L2 headers to produce carrier packets according to the native frame format of the underlay interface. For example, for Ethernet-compatible interfaces the frame format is specified in [RFC2464], for aeronautical radio interfaces the frame format is specified in standards such as ICAO Doc 9776 (VDL Mode 2 Technical Manual), for various forms of tunnels the frame format is found in the appropriate tunneling specification, etc.¶
When the OMNI interface encapsulates an OAL packet/fragment directly over an Ethernet-compatible link layer, the over-the-wire transmission format is shown in Figure 10:¶
The format includes a standard Ethernet Header ("eth-hdr") with EtherType TBD2 (see: Section 25.2) followed by an Ethernet Payload that includes a 2-octet OAL Length field followed by an OAL (or native IPv6/IPv4) Packet/Fragment. The Ethernet Payload is then followed by a standard Ethernet Trailer ("eth-trail").¶
The OAL Packet/Fragment begins with a 4-bit "Type/Version" as discussed in Section 6.2. When "Type/Version" encodes '1' or '2', the OAL Packet/Fragment includes a compressed OAL IPv6 header and OAL Length MUST encode the value that would appear in the uncompressed header Payload Length. When "Type/Version" encodes '3', the OAL header is compressed away entirely and only a Fragment/Jumbo header appears as the leading portion of the Packet/Fragment.¶
When "Type/Version" encodes '0', '4' or '6', the OAL Packet/Fragment instead includes an uncompressed OAL IPv6, native IPv4, or native IPv6 header (respectively). In that case, the IP header {Total, Payload} and/or Jumbo Payload Length fields determine the packet/fragment length and the OAL Length field in the Ethernet Payload is unused (noting that future documents MAY specify an alternate use).¶
See Figure 2 for a map of the various L2 layering combinations possible. For any layering combination, the final layer (e.g., UDP, IP, Ethernet, etc.) must have an assigned number and frame format representation that is compatible with the selected underlay interface.¶
Note: For IP parcels/jumbograms larger than 65535 octets submitted for direct link layer encapsulation, the Ethernet Payload following the OAL Length must begin with a native IPv4/IPv6 header, an OCH-0 or an OCH-3 with J flag set to 1.¶
[RFC4861] requires that nodes assign Link-Local Addresses (LLAs) to all interfaces, and that routers use their LLAs as the source address for RA and Redirect messages. OMNI interfaces honor the first requirement, but do not honor the second since the OMNI link could consist of the concatenation of multiple links with diverse ULA prefixes (see Section 9) but for which multiple nodes might configure identical interface identifiers (IIDs). OMNI interface LLAs are therefore considered only as context for IID formation as discussed below and have no other operational role.¶
OMNI interfaces assign IPv6 LLAs through pre-service administrative actions. Clients assign "LLA-MNPs" with IIDs that embed the Client's unique MNP, while Proxy/Servers assign "LLA-RNDs" that include a randomly-generated IIDs generated as specified in [RFC7217]. LLAs are configured as follows:¶
Since the prefix 0000::/8 is "Reserved by the IETF" [RFC4291], no MNPs can be allocated from that block ensuring that there is no possibility for overlap between the different MNP and RND LLA constructs discussed above.¶
Since LLA-MNPs are based on the distribution of administratively assured unique MNPs, and since LLA-RNDs are assumed unique through pseudo-random assignment, OMNI interfaces set the autoconfiguration variable DupAddrDetectTransmits to 0 [RFC4862].¶
Note: If future protocol extensions relax the 64-bit boundary in IPv6 addressing, the additional prefix bits of an MNP could be encoded in bits 16 through 63 of the LLA-MNP. (The most-significant 64 bits would therefore still be in bits 64-127, and the remaining bits would appear in bits 16 through 48.) However, this would interfere with the relationship between OMNI LLAs and ULAs (see: Section 9) and render many OMNI functions inoperable. The analysis provided in [RFC7421] furthermore suggests that the 64-bit boundary will remain in the IPv6 architecture for the foreseeable future.¶
OMNI links use IPv6 Unique-Local Addresses (ULAs) as the source and destination addresses in both IPv6 ND messages and OAL packet IPv6 encapsulation headers. ULAs are routable only within the scope of an OMNI link, and are derived from the IPv6 Unique Local Address prefix fd00::/8 (i.e., the prefix fc00::/7 followed by the L bit set to 1). When the first 16 bits of the ULA encode the value fd00::/16, the address is considered as either a Temporary ULA (TLA) or an eXtended ULA (XLA) - see below. For all other ULAs, the 56 bits following fd00::/8 encode a 40-bit Global ID followed by a 16-bit Subnet ID as specified in Section 3 of [RFC4193]. All OMNI link ULA types finally include a 64-bit value in the IID portion of the address ULA::/64 as specified below.¶
When a node configures a ULA for OMNI, it selects a 40-bit Global ID for the OMNI link initialized to a candidate pseudo-random value as specified in Section 3 of [RFC4193]; if the most significant 8 bits of the candidate encodes the value '0', the node selects a new candidate until it obtains one with a different most significant 8 bits. All nodes on the same OMNI link use the same Global ID, and statistical uniqueness of the pseudo-random Global ID provides a unique OMNI link identifier allowing different links to be joined together in the future without requiring renumbering.¶
Next, for each logical segment of the same OMNI link the node selects a 16-bit Subnet ID value between 0x0000 and 0xffff. Nodes on the same logical segment configure the same Subnet ID, but nodes on different segments of the same OMNI link can still exchange IPv6 ND messages as single-hop neighbors even if they configure different Subnet IDs. When a node moves to a different OMNI link segment, it resets the Global ID and Subnet ID value according to the new segment but need not change the IID.¶
ULAs and their associated prefix lengths are configured in correspondence with LLAs through stateless prefix translation where "ULA-MNPs" simply copy the IIDs of their corresponding LLA-MNPs and "ULA-RNDs" simply copy the IIDs of their corresponding LLA-RNDs. For example, for the OMNI link ULA prefix fd{Global}:{Subnet}::/64:¶
The ULA presents an IPv6 address format that is routable within the OMNI link routing system and can be used to convey link-scoped (i.e., single-hop) IPv6 ND messages across multiple hops through IPv6 encapsulation [RFC2473]. The OMNI link extends across one or more underlying Internetworks to include all Proxy/Servers and other service nodes. All Clients are also considered to be connected to the OMNI link, however unnecessary encapsulations are omitted whenever possible to conserve bandwidth (see: Section 14).¶
Clients can configure TLAs when they have no other ULA addresses by setting the ULA prefix to fd00::/16 followed by a 48-bit randomly-generated number followed by a random or MNP-based IID the same as specified in Section 8. XLAs are special-case TLAs that use the prefix fd00::/64; XLAs can also be formed from LLAs simply by inverting bits 7 and 8 of 'fe80' to form 'fd00'.¶
OMNI nodes use XLA-MNPs as "default" ULAs for representing MNPs in the OMNI link routing system. Clients use {TLA,XLA}-MNPs when they already know their MNP but need to express it outside the context of a specific ULA prefix, and Proxy/Servers advertise XLA-MNPs into the OMNI link routing system instead of advertising fully-qualified {TLA,ULA}-MNPs and/or non-routable LLA-MNPs.¶
{TLAs,XLAs} provide initial "bootstrapping" addresses while the Client is in the process of procuring an MNP and/or identifying the ULA prefix for the OMNI link segment; TLAs are not advertised into the OMNI link routing system but can be used for Client-to-Client communications within a single {A,I,E}NET when no OMNI link infrastructure is present. Within each individual {A,I,E}NET, TLAs employ optimistic DAD principles [RFC4429] since they are statistically unique.¶
Each OMNI link may be subdivided into SRT segments that often correspond to different administrative domains or physical partitions. Each SRT segment is identified by a different Subnet ID within the same ULA ::/48 prefix. Multiple distinct OMNI links with different ULA ::/48 prefixes can also be joined together into a single unified OMNI link through simple interconnection without requiring renumbering. In that case, the (larger) unified OMNI link routing system may carry multiple distinct ULA prefixes.¶
OMNI nodes can use Segment Routing [RFC8402] to support efficient forwarding to destinations located in other OMNI link segments. A full discussion of Segment Routing over the OMNI link appears in [I-D.templin-intarea-aero].¶
Note: IPv6 ULAs taken from the prefix fc00::/7 followed by the L bit set to 0 (i.e., as fc00::/8) are never used for OMNI OAL addressing, however the range could be used for MSP/MNP addressing under certain limiting conditions (see: Section 10). When used within the context of OMNI, ULAs based on the prefix fc00::/8 are referred to as "ULA-C's".¶
Note: When they appear in the OMNI link routing table, ULA-RNDs always use prefix lengths between /48 and /64 (or, /128) while XLA-MNPs always use prefix lengths between /65 and /128. {TLA,ULA}-MNPs and {TLA,XLA}-RNDs should never appear in the OMNI link routing table, but may appear in {A,I,E}NET routing tables.¶
OMNI domains use IP Global Unicast Address (GUA) prefixes [RFC4291] as Mobility Service Prefixes (MSPs) from which Mobile Network Prefixes (MNP) are delegated to Clients. Fixed correspondent node networks reachable from the OMNI link are represented by non-MNP GUA prefixes that are not derived from the MSP, but are treated in all other ways the same as for MNPs.¶
For IPv6, GUA MSPs are assigned by IANA [IPV6-GUA] and/or an associated Regional Internet Registry (RIR) such that the OMNI link can be interconnected to the global IPv6 Internet without causing inconsistencies in the routing system. An OMNI link could instead use ULAs with the 'L' bit set to 0 (i.e., from the "ULA-C" prefix fc00::/8)[RFC4193], however this would require IPv6 NAT if the domain were ever connected to the global IPv6 Internet.¶
For IPv4, GUA MSPs are assigned by IANA [IPV4-GUA] and/or an associated RIR such that the OMNI link can be interconnected to the global IPv4 Internet without causing routing inconsistencies. An OMNI ANET/ENET could instead use private IPv4 prefixes (e.g., 10.0.0.0/8, etc.) [RFC3330], however this would require IPv4 NAT at the INET-to-ANET/ENET boundary. OMNI interfaces advertise IPv4 MSPs into IPv6 routing systems as IPv4-Compatible IPv6 prefixes [RFC4291] (e.g., the IPv6 prefix for the IPv4 MSP 192.0.2.0/24 is ::192.0.2.0/120).¶
OMNI interfaces assign the IPv4 anycast address TBD3 (see: IANA Considerations), and IPv4 routers that configure OMNI interfaces advertise the prefix TBD3/N into the routing system of other networks (see: IANA Considerations). OMNI interfaces also configure global IPv6 anycast addresses formed according to [RFC3056] as:¶
2002:TBD3{32}:MSP{64}:Link-ID{16}¶
where TBD3{32} is the 32 bit IPv4 anycast address and MSP{64} encodes an MSP zero-padded to 64 bits (if necessary). For example, the OMNI IPv6 anycast address for MSP 2001:db8::/32 is 2002:TBD3{32}:2001:db8:0:0:{Link-ID}, the OMNI IPv6 anycast address for MSP 192.0.2.0/24 is 2002:TBD3{32}::c000:0200:{Link-ID}, etc.).¶
The 16-bit Link-ID in the OMNI IPv6 anycast address identifies a specific OMNI link within the domain that services the MSP. The special Link-ID value '0' is a wildcard that matches all links, while all other values identify specific links. Mappings between Link-ID values and the ULA Global IDs assigned to OMNI links are outside the scope of this document.¶
OMNI interfaces assign OMNI IPv6 anycast addresses, and IPv6 routers that configure OMNI interfaces advertise the corresponding prefixes into the routing systems of other networks. An OMNI IPv6 anycast prefix is formed the same as for any IPv6 prefix; for example, the prefix 2002:TBD3{32}:2001:db8::/80 matches all OMNI IPv6 anycast addresses covered by the prefix. When IPv6 routers advertise OMNI IPv6 anycast prefixes in this way, Clients can locate and associate with either a specific OMNI link or any OMNI link within the domain that services the MSP of interest.¶
OMNI interfaces use OMNI IPv6 and IPv4 anycast addresses to support Service Discovery in the spirit of [RFC7094], i.e., the addresses are not intended for use in long-term transport protocol sessions. Specific applications for OMNI IPv6 and IPv4 anycast addresses are discussed throughout the document as well as in [I-D.templin-intarea-aero].¶
OMNI Clients and Proxy/Servers that connect over open Internetworks include a unique node identification value for themselves in the OMNI options of their IPv6 ND messages (see: Section 12.2.3). An example identification value alternative is the Host Identity Tag (HIT) as specified in [RFC7401], while Hierarchical HITs (HHITs) [I-D.ietf-drip-rid] may be more appropriate for certain domains such as the Unmanned (Air) Traffic Management (UTM) service for Unmanned Air Systems (UAS). Another example is the Universally Unique IDentifier (UUID) [RFC4122] which can be self-generated by a node without supporting infrastructure with very low probability of collision.¶
When a Client is truly outside the context of any infrastructure, it may have no MNP information at all. In that case, the Client can use a TLA or (H)HIT as an IPv6 source/destination address for sustained communications in Vehicle-to-Vehicle (V2V) and (multihop) Vehicle-to-Infrastructure (V2I) scenarios. The Client can also propagate the ULA/(H)HIT into the multihop routing tables of (collective) Mobile/Vehicular Ad-hoc Networks (MANETs/VANETs) using only the vehicles themselves as communications relays.¶
When a Client connects via a protected-spectrum ANET, an alternate form of node identification (e.g., MAC address, serial number, airframe identification value, VIN, etc.) embedded in a ULA may be sufficient. The Client can then include OMNI "Node Identification" sub-options (see: Section 12.2.3) in IPv6 ND messages should the need to transmit identification information over the network arise.¶
HHITs provide an especially useful construct since they appear as properly-formed IPv6 GUAs and can therefore be assigned to interfaces. Clients may assign an HHIT to their OMNI interface to support peer-to-peer communications with other OMNI nodes that configure HHITs within the same OMNI link segment without the need for encapsulation. Clients may inject their HHIT into the local routing system of each OMNI link segment, but Proxy/Servers must not inject HHITs into the OMNI link global routing system.¶
OMNI interfaces maintain a network layer conceptual neighbor cache per [RFC1256] or [RFC4861] the same as for any IP interface, and (for IPv6) use the link-local address format specified in Section 8. The network layer maintains state through static and/or dynamic Neighbor Cache Entry (NCE) configurations.¶
Each OMNI interface also maintains a separate internal adaptation layer conceptual neighbor cache that includes a NCE for the unique-local address of each of its active OAL neighbors (see: Section 8). For each peer NCE, OAL neighbors also maintain AERO Forwarding Vectors (AFVs) which map per-interface-pair parameters. Throughout this document, the terms "neighbor cache", "NCE" and "AFV" refer to this OAL neighbor information unless otherwise specified.¶
IPv6 Neighbor Discovery (ND) [RFC4861] messages sent over OMNI interfaces without OAL encapsulation observe the native underlay interface Source/Target Link-Layer Address Option (S/TLLAO) format (e.g., for Ethernet the S/TLLAO is specified in [RFC2464]). IPv6 ND messages sent from within the OMNI interface using OAL encapsulation do not include S/TLLAOs, but instead include a new option type that encodes OMNI link-specific information. Hence, this document does not define a new S/TLLAO format but instead defines a new option type termed the "OMNI option" designed for these purposes. (Note that OMNI interface IPv6 ND messages sent without encapsulation may include both OMNI options and S/TLLAOs, but the information conveyed in each is mutually exclusive.)¶
For each IPv6 ND message, the OMNI interface includes one or more OMNI options (and any other ND message options) then completely populates all option information. OMNI options should be padded when necessary to ensure that they end on their natural 64-bit boundaries the same as for any IPv6 ND message option.¶
If the OMNI interface includes an OMNI option with an authentication signature, it first sets the signature field to 0 then calculates the authentication signature beginning after the IPv6 ND message header checksum field. The OMNI interface extends the calculation over the entire length of the ND message (as well as any concatenated extensions in the case of a super-packet) then writes the authentication signature value into the appropriate OMNI authentication sub-option field.¶
The OMNI interface then applies any non-OMNI authentication signatures, then calculates the IPv6 ND message checksum per [RFC4443] beginning with a pseudo-header of the IPv6 header and writes the value into the Checksum field. OMNI interfaces verify first integrity then authenticity of each IPv6 ND message or super-packet received, and process the message further only following successful verification.¶
OMNI interface Clients such as aircraft typically have multiple wireless data link types (e.g. satellite-based, cellular, terrestrial, air-to-air directional, etc.) with diverse performance, cost and availability properties. The OMNI interface would therefore appear to have multiple L2 connections, and may include information for multiple underlay interfaces in a single IPv6 ND message exchange. OMNI interfaces manage their dynamically-changing multilink profiles by including OMNI options in IPv6 ND messages as discussed in the following subsections.¶
OMNI options appear in IPv6 ND messages formatted as shown in Figure 11:¶
In this format:¶
The OMNI option is included in OMNI interface IPv6 ND messages; the option is processed by receiving interfaces that recognize it and otherwise ignored. The OMNI interface processes all OMNI option instances received in the same IPv6 ND message in the consecutive order in which they appear. The OMNI option(s) included in each IPv6 ND message may include full or partial information for the neighbor. The OMNI interface therefore retains the union of the information in the most recently received OMNI options in the corresponding NCE.¶
Each OMNI option includes a Sub-Options block containing zero or more individual sub-options. Each consecutive sub-option is concatenated immediately following its predecessor. All sub-options except Pad1 (see below) are in an OMNI-specific type-length-value (TLV) format encoded as follows:¶
Sub-Type is a 5-bit field that encodes the sub-option type. Sub-option types defined in this document are:¶
Sub-Types 17-29 are available for future assignment for major protocol functions, while Sub-Type 30 supports scalable extension to include other functions. Sub-Type 31 is reserved by IANA.¶
The OMNI interface codes each sub-option with a 2-octet header that includes Sub-Type in the most significant 5 bits followed by Sub-Length in the next most significant 11 bits. Each sub-option encodes a maximum Sub-Length value of 2038 octets minus the lengths of the OMNI option header and any preceding sub-options. This allows ample Sub-Option Data space for coding large objects (e.g., ASCII strings, domain names, protocol messages, security codes, etc.), while a single OMNI option is limited to 2040 octets the same as for any IPv6 ND option.¶
The OMNI interface codes initial sub-options in a first OMNI option instance and any additional sub-options in additional instances in the same IPv6 ND message in the intended order of processing. If the size of all OMNI options with their sub-options would cause the IPv6 ND message to exceed the OMNI interface MTU, the OMNI interface can code any remaining sub-options in additional IPv6 ND messages.¶
The OMNI interface processes all OMNI options received in an IPv6 ND message while skipping over and ignoring any unrecognized sub-options. The OMNI interface processes the sub-options of all OMNI option instances in the consecutive order in which they appear in the IPv6 ND message, beginning with the first instance and continuing through any additional instances to the end of the message. If an individual sub-option length would cause processing to exceed the OMNI option instance and/or IPv6 ND message lengths, the OMNI interface accepts any sub-options already processed and ignores the remainder of that instance. The interface then processes any remaining OMNI option instances in the same fashion to the end of the IPv6 ND message.¶
IPv6 ND messages that require OMNI authentication services MUST include a Node Identification sub-option as the first sub-option of the first OMNI option, and MUST include some form of authentication (e.g., HMAC, HIP, QUIC, etc.) as the immediately next sub-option whether in the same or different OMNI option. A single IPv6 ND messages may include only one OMNI authentication service sub-option; if multiple are included, the first sub-option is processed and all others are ignored. The IPv6 ND message may also include non-OMNI authentication options such as those specified in [RFC3971] or [RFC8928] either instead of or in addition to an OMNI authentication option. Nodes that receive IPv6 ND messages over unsecured underlying networks first verify the IPv6 ND message checksum then authenticate the message by processing any authentication options/sub-options.¶
Note: large objects that exceed the maximum Sub-Option Data length are not supported under the current specification; if this proves to be limiting in practice, future specifications may define support for fragmenting large sub-options across multiple OMNI options within the same IPv6 ND message (or even across multiple IPv6 ND messages, if necessary).¶
The following sub-option types and formats are defined in this document:¶
If more than a single octet of padding is required, the PadN option, described next, should be used, rather than multiple Pad1 options.¶
When a proxy forwards an IPv6 ND message with OMNI options, it can employ PadN to void any non-Pad1 sub-options that should not be processed by the next hop by simply writing the value '1' over the Sub-Type. When the proxy alters the IPv6 ND message contents in this way, any included authentication and integrity checks are invalidated. See: Appendix B for a discussion of IPv6 ND message authentication and integrity.¶
The Node Identification sub-option includes a form of identification for the node, and (when present) must appear as the first sub-option of the first OMNI option in each IPv6 ND message.¶
At least one instance of the sub-option must be present in messages that also include an OMNI authentication service sub-option. If multiple instances appear in OMNI options of the same IPv6 ND message the first instance of a specific ID-Type is processed and all other instances of the same ID-Type are ignored. (It is therefore possible for a single IPv6 ND message to convey multiple distinct Node Identifications - each with a different ID-Type.)¶
The format and contents of the sub-option are shown in Figure 16:¶
ID-Type is a 1-octet field that encodes the type of the Node Identification Value. The following ID-Type values are currently defined:¶
OMNI interfaces code Node Identification Values used for DHCPv6 messaging purposes as a DHCP Unique IDentifier (DUID) using the "DUID-EN for OMNI" format with enterprise number 45282 (see: Section 25) as shown in Figure 17:¶
In this format, the OMNI interface codes the ID-Type and Node Identification Value fields from the OMNI sub-option following a 6-octet DUID-EN header, then includes the entire "DUID-EN for OMNI" in a DHCPv6 message per [RFC8415].¶
The Authentication sub-option includes a Hashed Message Authentication Code (HMAC) computed according to [RFC2104] and [RFC6234].¶
The Authentication sub-option is formatted as shown in Figure 18:¶
IPv6 ND messages used for window synchronization between Clients and Proxy/Servers include a Window Synchronization sub-option.¶
The Window Synchronization sub-option is formatted as follows:¶
IPv6 ND messages that need to assert/request an MNP prefix length or assert neighbor control flags can include a simple Neighbor Control sub-option instead of a full DHCPv6 message and/or other large sub-options. The Neighbor Control sub-option is formatted as follows:¶
Preflen is an 1-octet field that determines the length of a subject MNP. Values 1 through 64 specify a valid MNP length; any other value that appears must be ignored. Nodes should only accept Preflen values in authentic IPv6 ND messages received through trusted neighbors, since untrusted neighbors may assert Preflen values they are not authorized to use. Preflen is interpreted according to the specific IPv6 ND message type as follows:¶
Note that in the above Preflen applies only to the MNP itself. Any ULAs/XLAs that include the MNP in the interface identifier are represented in the forwarding and routing information as (64 + Preflen).¶
The Interface Attributes sub-option provides neighbors with forwarding information for the multilink conceptual sending algorithm discussed in Section 14. Neighbors use the forwarding information to selecting among potentially multiple candidate underlay interfaces that can be used to forward carrier packets to the neighbor based on factors such as traffic selectors and link quality. Interface Attributes further include link layer address information to be used for either direct INET encapsulation for targets in the local SRT segment or spanning tree forwarding for targets in remote SRT segments.¶
OMNI nodes include Interface Attributes for some/all of a source or target Client's underlay interfaces in NS/NA and uNA messages used to publish Client information (see: [I-D.templin-intarea-aero]). At most one Interface Attributes sub-option for each distinct ifIndex may be included; if an IPv6 ND message includes multiple Interface Attributes sub-options for the same ifIndex, the first is processed and all others are ignored. OMNI nodes that receive NS/NA messages can use all of the included Interface Attributes and/or Traffic Selectors to formulate a map of the prospective source or target node as well as to seed the information to be later populated in an AERO Forwarding Parameters sub-option (see: Section 12.2.9).¶
OMNI Clients and Proxy/Servers also include Interface Attributes sub-options in RS/RA messages used to initialize, discover and populate routing and addressing information. Each RS message MUST contain exactly one Interface Attributes sub-option with an ifIndex corresponding to the Client's underlay interface used to transmit the message, and each RA message MUST echo the same Interface Attributes sub-option with any (proxyed) information populated by the FHS Proxy/Server to provide operational context.¶
When an FHS Proxy/Server receives an RS message destined to an anycast L2 address, it MUST include an Interface Attributes sub-option with ifIndex '0' that encodes its unicast L2 address relative to the Client's underlay interface immediately after the Client Interface Attributes sub-option in the solicited RA response. Any additional Interface Attributes sub-options that appear in RS/RA messages are ignored.¶
The Interface Attributes sub-option is formatted as shown below:¶
Sub-Option Data contains an "Interface Attributes" option encoded as follows:¶
TS-Form is a 4-bit field that encodes the same value that would appear in an [RFC6088] TS Format and determines the trailing RFC 6088 Format Traffic Selector type, if present. The following values are currently defined:¶
FMT - a 1-octet "Forward/Mode/Type" code interpreted as follows:¶
The value encoded in the least significant 6 bits (i.e., "FMT-Type") determines the type and length of the L2ADDR field. The following values are currently defined:¶
The Traffic Selector sub-option provides forwarding information for the multilink conceptual sending algorithm discussed in Section 14. The sub-option includes traffic selector information as an extension to an Interface Attributes sub-option with the same ifIndex value, or as standalone information when no Interface Attributes sub-option is present.¶
IPv6 ND messages may include multiple Traffic Selectors for some or all of the source/target Client's underlay interfaces (see: [I-D.templin-intarea-aero] for more information).¶
Traffic Selectors must be honored by all implementations in the format shown below:¶
Sub-Option Data contains a "Traffic Selector" encoded as follows:¶
OMNI nodes include the AERO Forwarding Parameters sub-option in NS/NA messages used to coordinate with multilink route optimization targets. If an NS/NA message includes the sub-option in a manner that solicits a response, the NA response must also include the sub-option. Each NS/NA message may contain at most one AERO Forwarding Parameters sub-option; if an NS/NA message contains additional AERO Forwarding Parameters sub-options, the first is processed and all others are ignored.¶
When an NS/NA message includes an AERO Forwarding Parameters sub-option with Job code '00' (see below), the FHS Client Interface Attributes MUST correspond to the underlay interface used to transmit the solicitation message. When the NS/NA message also includes Interface Attributes sub-options and/or Traffic Selectors, the options must appear following the AERO Forwarding Parameters sub-option.¶
The AERO Forwarding Parameters sub-option includes the necessary state for establishing AERO Forwarding Vectors (AFVs) in the AERO Forwarding Information Bases (AFIBs) of the OAL source, destination and intermediate nodes in the path. The sub-option also records addressing information for FHS/LHS nodes on the path, including "L2ADDRs" which MUST be unicast encapsulation addresses (i.e., and not anycast/multicast). The manner for populating multilink forwarding information is specified in detail in [I-D.templin-intarea-aero].¶
The AERO Forwarding Parameters sub-option is formatted as shown in Figure 23:¶
Sub-Option Data contains AERO Forwarding Parameters as follows:¶
A/B and Job are fields that determine per-hop processing of the AFVI List, where A is a 3-bit count of the number of "A" AFVI List entries and B is a 3-bit count of the number of "B" AFVI List entries (valid A/B values are 0-5). Job is a 2-bit code interpreted as follows:¶
Job and A/B together determine the per-hop behavior at each FHS/LHS source, intermediate node and destination that processes an IPv6 ND message. When a Job code specifies "Initialize", each FHS/LHS node that processes the message creates a new AFV. When a Job code specifies "Build", each node that processes the message assigns a new AFVI. When a Job code specifies "Follow", each node that processes the message uses an A/B AFVI List entry to locate an AFV (if the AFV cannot be located, the node returns a parameter problem and drops the message). Using this algorithm, FHS sources that send code '00' solicitations and receive code '01' advertisements discover only "A" information, while LHS sources that receive code '00' solicitations and return code '01' advertisements discover only "B" information. FHS/LHS intermediate nodes can instead examine A, B and the AFVI List to determine the number of previous hops, the number of remaining hops, and the A/B AFVIs associated with the previous/remaining hops. However, no intermediate nodes will discover inappropriate A/B AFVIs for their location in the multihop forwarding chain. See: [I-D.templin-intarea-aero] for further discussion on A/B AFVI processing.¶
For Job codes '00' and '01' only, trailing state variable blocks are included for First-Hop Segment (FHS) followed by Last-Hop Segment (LHS) network elements. When present, the FHS/LHS blocks encode the following information:¶
Geo Type is a 1-octet field that encodes a type designator that determines the format and contents of the Geo Coordinates field that follows. The following types are currently defined:¶
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) sub-option may be included in the OMNI options of Client RS messages and Proxy/Server RA messages.¶
FHS Proxy/Servers that forward RS/RA messages between a Client and an LHS Proxy/Server also forward DHCPv6 sub-options unchanged. Note that OMNI DHCPv6 messages do not include a Checksum field since integrity is protected by the IPv6 ND message checksum, authentication signature and/or link or physical layer authentication and integrity checks.¶
The Protocol Independent Multicast - Sparse Mode (PIM-SM) Message sub-option may be included in the OMNI options of IPv6 ND messages. PIM-SM messages are formatted as specified in Section 4.9 of [RFC7761], with the exception that the Checksum field is omitted since the IPv6 ND message is already protected by the IPv6 ND message checksum, authentication signature and/or link or physical layer authentication and integrity checks.¶
The PIM-SM message sub-option format is shown in Figure 26:¶
The Host Identity Protocol (HIP) Message sub-option (when present) provides an authentication service alternative for IPv6 ND messages exchanged between Clients and FHS Proxy/Servers (or between Clients and their peers) over an open Internetwork. When the HIP service is used, FHS Proxy/Servers verify the HIP authentication signatures in source Client IPv6 ND messages then remove the HIP message sub-option and securely forward the ND messages to other OMNI nodes. LHS Proxy/Servers that receive secured IPv6 ND messages from other OMNI nodes that do not already include a security sub-option can insert HIP authentication signatures before forwarding them to the target Client.¶
OMNI interfaces that use the HIP service include the HIP message sub-option when they forward IPv6 ND messages that require security over INET underlay interfaces, i.e., where authentication and integrity is not already assured by link/physical layers or other OMNI layer services. The OMNI interface calculates the authentication signature over the entire length of the OAL packet (or super-packet) beginning after the IPv6 ND message header and extending over the remainder of the OAL packet or super-packet. OMNI interfaces that process OAL packets containing secured IPv6 ND messages verify the signature then either process the rest of the message locally or forward a proxyed copy to the next hop.¶
When an FHS Client inserts a HIP message sub-option in an IPv6 ND message destined to a target in a remote spanning tree segment, it must ensure that the insertion does not cause the message to exceed the OMNI interface MTU. If the LHS Proxy/Server cannot create sufficient space through any means without causing the OMNI option to exceed 2040 octets or causing the IPv6 ND message to exceed the OMNI interface MTU, it returns a suitable error (see: Section 12.2.16) and drops the message.¶
The HIP message sub-option is formatted as shown below:¶
Note: In some environments, maintenance of a Host Identity Tag (HIT) namespace may be unnecessary for securely associating an OMNI node with an IPv6 address-based identity. In that case, IPv6 ULAs can be used instead of HITs in the authentication signature as long as the address can be uniquely associated with the Sender/Receiver.¶
IPv6 ND messages serve as couriers to transport the QUIC and TLS parameters necessary to establish a secured QUIC connection.¶
Fragmentation Report (FRAGREP) sub-options may be included in the OMNI options of uNA messages sent from an OAL destination to an OAL source. The message consists of (N / 20)-many (Identification, Bitmap)-tuples which include the Identification values of OAL fragments received plus a Bitmap marking the ordinal positions of individual fragments received and fragments missing.¶
Bitmap (i) includes a 128-bit ordinal checklist of up to 128 fragments, with each bit set to 1 for a fragment received or 0 for a fragment missing. For example, for a 20-fragment OAL packet with ordinal fragments #3, #10, #13 and #17 missing and all other fragments received, Bitmap (i) encodes the following:¶
(Note that loss of an OAL atomic fragment is indicated by a Bitmap(i) with all bits set to 0.)¶
OMNI Clients include a Proxy/Server Departure sub-option in RS messages when they associate with a new FHS and/or Hub Proxy/Server and need to send a departure indication to an old FHS and/or Hub Proxy/Server. The Proxy/Server Departure sub-option is formatted as shown below:¶
Since the Sub-Type field is only 5 bits in length, future specifications of major protocol functions may exhaust the remaining Sub-Type values available for assignment. This document therefore defines Sub-Type 30 as an "extension", meaning that the actual sub-option type is determined by examining a 1-octet "Extension-Type" field immediately following the Sub-Length field. The Sub-Type Extension is formatted as shown in Figure 33:¶
Extension-Type values 0 and 1 are defined in the following subsections, while Extension-Type values 2 through 252 are available for assignment by future specifications which must also define the format of the Extension-Type Body and its processing rules. Extension-Type values 253 and 254 are reserved for experimentation, as recommended in [RFC3692], and value 255 is reserved by IANA.¶
Header Type and Header Option Value are coded exactly as specified in Section 5.1.1 of [RFC4380]; the following types are currently defined:¶
Trailer Type and Trailer Option Value are coded exactly as specified in Section 4 of [RFC6081]; the following Trailer Types are currently defined:¶
The multicast address mapping of the native underlay interface applies. The Client mobile router also serves as an IGMP/MLD Proxy for its ENETs and/or hosted applications per [RFC4605].¶
The Client uses Multicast Listener Discovery (MLDv2) [RFC3810] to coordinate with Proxy/Servers, and underlay network elements use MLD snooping [RFC4541]. The Client can also employ multicast routing protocols to coordinate with network-based multicast sources as specified in [I-D.templin-intarea-aero].¶
Since the OMNI link model is NBMA, OMNI links support link-scoped multicast through iterative unicast transmissions to individual multicast group members (i.e., unicast/multicast emulation).¶
The Client's network layer selects the outbound OMNI interface according to SBM considerations when forwarding original IP packets/parcels from local or ENET applications to external correspondents. Each OMNI interface maintains an internal OAL neighbor cache maintained the same as discussed in [RFC4861], but also includes additional state for multilink coordination. Each Client OMNI interface maintains default routes via Proxy/Servers discovered as discussed in Section 15, and may configure more-specific routes discovered through means outside the scope of this specification.¶
For each original IP packet/parcel it forwards, the OMNI interface selects one or more source underlay interfaces based on PBM factors (e.g., traffic attributes, cost, performance, message size, etc.) and one or more target underlay interfaces for the neighbor based on Interface Attributes received in IPv6 ND messages (see: Section 12.2.7). Multilink forwarding may also direct carrier packet replication across multiple underlay interface pairs for increased reliability at the expense of duplication. The set of all Interface Attributes and Traffic Selectors received in IPv6 ND messages determines the multilink forwarding profile for selecting target underlay interfaces.¶
When the OMNI interface forwards an original IP packet/parcel over a selected source underlay interface, it first employs OAL encapsulation and fragmentation as discussed in Section 5, then performs L2 encapsulation as directed by the appropriate AFV. The OMNI interface also performs L2 encapsulation (following OAL encapsulation) when the nearest Proxy/Server is located multiple hops away as discussed in Section 15.2.¶
OMNI interface multilink service designers MUST observe the BCP guidance in Section 15 [RFC3819] in terms of implications for reordering when original IP packets/parcels from the same flow may be spread across multiple underlay interfaces having diverse properties.¶
Clients may connect to multiple independent OMNI links within the same or different OMNI domains to support SBM. The Client configures a separate OMNI interface for each link so that multiple interfaces (e.g., omni0, omni1, omni2, etc.) are exposed to the network layer. Each OMNI interface configures one or more OMNI anycast addresses (see: Section 10), and the Client injects the corresponding anycast prefixes into the ENET routing system. Multiple distinct OMNI links can therefore be used to support fault tolerance, load balancing, reliability, etc.¶
Applications in ENETs can use Segment Routing to select the desired OMNI interface based on SBM considerations. The application writes an OMNI anycast address into the original IP packet/parcel's destination address, and writes the actual destination (along with any additional intermediate hops) into the Segment Routing Header. Standard IP routing directs the packet/parcel to the Client's mobile router entity, where the anycast address identifies the correct OMNI interface for next hop forwarding. When the Client receives the packet/parcel, it replaces the IP destination address with the next hop found in the Segment Routing Header and forwards the message via the OMNI interface identified by the anycast address.¶
Note: The Client need not configure its OMNI interface indexes in one-to-one correspondence with the global OMNI Link-IDs configured for OMNI domain administration since the Client's indexes (i.e., omni0, omni1, omni2, etc.) are used only for its own local interface management.¶
After a Proxy/Server has registered an MNP for a Client (see: Section 15), the Proxy/Server will forward all original IP packets/parcels (or carrier packets) destined to an address within the MNP to the Client. The Client will under normal circumstances then forward the resulting original IP packet/parcel to the correct destination within its connected (downstream) ENETs.¶
If at some later time the Client loses state (e.g., after a reboot), it may begin returning original IP packets/parcels (or carrier packets) with destinations corresponding to its MNP to the Proxy/Server as its default router. The Proxy/Server therefore drops any original IP packets/parcels received from the Client with a destination address that corresponds to the Client's MNP (i.e., whether ULA or GUA), and drops any carrier packets with both source and destination address corresponding to the same Client's MNP regardless of their origin.¶
Clients engage the MS by sending RS messages with OMNI options under the assumption that one or more Proxy/Server will process the message and respond. The RS message is received by a FHS Proxy/Server, which may in turn forward a proxyed copy of the RS to a Hub Proxy/Server located on the same or different SRT segment. The Hub Proxy/Server then returns an RA message either directly to the Client or via an FHS Proxy/Server acting as a proxy.¶
To support Client to service coordination, OMNI defines three flag bits in the OMNI Neighbor Coordination sub-option discussed in Figure 20. Clients set or clear the NUD, ARR and/or RPT flags in RS messages as directives to the Mobility Service FHS and Hub Proxy/Servers. Proxy/Servers interpret the flags as follows:¶
Mobility Service Proxy/Servers function according to the NUD, ARR and RPT flag settings received in the most recent RS message to support dynamic Client updates.¶
Clients and FHS Proxy/Servers include an authentication signature in their RS/RA exchanges when necessary but always include a valid IPv6 ND message checksum. FHS and Hub Proxy/Server RS/RA message exchanges over the SRT secured spanning tree instead always include the checksum and omit the authentication signature. Clients and Proxy/Servers use the information included in RS/RA messages to establish NCE state and OMNI link autoconfiguration information as discussed in this section.¶
For each underlay interface, the Client sends RS messages with OMNI options to coordinate with a (potentially) different FHS Proxy/Server for each interface but with a single Hub Proxy/Server. All Proxy/Servers are identified by their ULA-RNDs and accept carrier packets addressed to their anycast/unicast L2ADDRs; the Hub Proxy/Server may be chosen among any of the Client's FHS Proxy/Servers or may be any other Proxy/Server for the OMNI link. Example ULA/L2ADDR discovery methods are given in [RFC5214] and include data link login parameters, name service lookups, static configuration, a static "hosts" file, etc. In the absence of other information, the Client can resolve the DNS Fully-Qualified Domain Name (FQDN) "linkupnetworks.[domainname]" where "linkupnetworks" is a constant text string and "[domainname]" is a DNS suffix for the OMNI link (e.g., "example.com"). The name resolution will retain a set of DNS resource records with the addresses of Proxy/Servers for the domain.¶
Each FHS Proxy/Server configures a ULA-RND based on a /64 ULA prefix for the link/segment with randomly-generated Global ID to assure global uniqueness then administratively assigned to FHS Proxy/Servers for the link to assure global consistency. The Client can then configure ULA-MNPs derived from the 64-bit ULA prefix assigned to a FHS Proxy/Server for each underlay interface. The FHS Proxy/Servers discovered over multiple of the Client's underlay interfaces may configure the same or different ULA prefixes, and the Client's ULA-MNP for each underlay interface will fall within the ULA (multilink) subnet relative to each FHS Proxy/Server.¶
Clients configure OMNI interfaces that observe the properties discussed in previous sections. The OMNI interface and its underlay interfaces are said to be in either the "UP" or "DOWN" state according to administrative actions in conjunction with the interface connectivity status. An OMNI interface transitions to UP or DOWN through administrative action and/or through state transitions of the underlay interfaces. When a first underlay interface transitions to UP, the OMNI interface also transitions to UP. When all underlay interfaces transition to DOWN, the OMNI interface also transitions to DOWN.¶
When a Client OMNI interface transitions to UP, it sends RS messages to register its MNP and an initial set of underlay interfaces that are also UP. The Client sends additional RS messages to refresh lifetimes and to register/deregister underlay interfaces as they transition to UP or DOWN. The Client's OMNI interface sends initial RS messages over an UP underlay interface with its XLA-MNP as the source (or with a HHIT or TLA-RND as the source if it does not yet have an MNP) and with destination set to link-scoped All-Routers multicast or the ULA of a specific (Hub) Proxy/Server. The Client sets the RS NUD, ARR and RPT flags, then includes an OMNI option per Section 12 with an OMNI Window Coordination sub-option, a Neighbor Control or DHCPv6 Solicit sub-option if necessary, an Interface Attributes sub-option for the underlay interface, and with any other necessary OMNI sub-options such as authentication, Proxy/Server Departure, etc. The OMNI interface finally sets or clears the Interface Attributes FMT-Forward and FMT-Mode bits according to the behavior it would like to receive from the FHS Proxy/Server as described in Section 12.2.7.¶
The Client then calculates the authentication signature checksum and prepares to forward the RS over the underlay interface using OAL encapsulation and fragmentation if necessary. The OMNI interface selects an Identification value (see: Section 6.6), sets the OAL source address to the ULA-MNP corresponding to the RS source if known (otherwise to an HHIT/TLA), sets the OAL destination to an OMNI IPv6 anycast address or a known Proxy/Server ULA, optionally includes a Nonce and/or Timestamp, then performs fragmentation if necessary. When L2 encapsulation is used, the Client includes the discovered FHS Proxy/Server L2ADDR or an anycast address as the L2 destination then forwards the resulting carrier packet(s) into the underlay network. Note that the Client does not yet create a NCE, but instead caches the Identification, Nonce and/or Timestamp values included in its RS message transmissions to match against any received RA messages.¶
When an FHS Proxy/Server receives the carrier packets containing an RS it sets aside the L2 headers, verifies the Identifications and reassembles if necessary, sets aside the OAL header, then verifies the RS authentication signature/checksum. The FHS Proxy/Server then creates/updates a NCE indexed by the Client's RS source address and caches the OMNI Interface Attributes and any Traffic Selector sub-options while also caching the L2 (UDP/IP) and OAL source and destination address information. The FHS Proxy/Server next caches the RS NUD flag and Window Synchronization parameters (see: Section 12.1) then examines the RS destination address. If the destination matches its own ULA, the FHS Proxy/Server assumes the Hub role and acts as the sole entry point for injecting the Client's XLA-MNP into the OMNI link routing system (i.e., after performing any necessary prefix delegation operations) while setting the prefix to fd00::/64 and suffix to the 64-bit MNP, then including a prefix length set to the MNP prefix length plus 64. (For example, if the MNP prefix length is 48, the prefix length field encodes the value 112.) The FHS/Hub Proxy/Server then caches the RS ARR and RPT flags to determine its role in processing NS(AR) messages and generating uNA messages (see: Section 12.1).¶
The FHS/Hub Proxy/Server then prepares to return an RA message directly to the Client by first populating the Cur Hop Limit, Flags, Router Lifetime, Reachable Time and Retrans Timer fields with values appropriate for the OMNI link. The FHS/Hub Proxy/Server next includes as the first RA message option an OMNI option with a Window Synchronization sub-option, an authentication sub-option if necessary and a (proxyed) copy of the Client's original Interface Attributes sub-option with its INET-facing interface information written in the FMT, SRT and LHS Proxy/Server ULA/L2ADDR fields. The Proxy/Server also sets or clears the FMT-Forward and FMT-Mode flags if necessary to convey its capabilities to the Client, noting that it should honor the Client's stated preferences for those parameters if possible or override otherwise. The FMT-Forward/Mode flags thereafter remain fixed unless and until a new RS/RA exchange produces different values (see: Section 12.2.7 for further discussion). If the FHS/Hub Proxy/Server's Client-facing interface is different than its INET-facing interface, the Proxy/Server next includes a second Interface Attributes sub-option with ifIndex set to '0' and with a unicast L2 address for its Client-facing interface in the L2ADDR field.¶
The FHS/Hub Proxy/Server next includes an Origin Indication sub-option that includes the RS L2 source L2ADDR information (see: Section 12.2.18.1), then includes any other necessary OMNI sub-options (either within the same OMNI option or in additional OMNI options). Following the OMNI option(s), the FHS/Hub Proxy/Server next includes any other necessary RA options such as PIOs with (A; L=0) that include the OMNI link MSPs [RFC8028], RIOs [RFC4191] with more-specific routes, Nonce and Timestamp options, etc. The FHS/Hub Proxy/Server then sets the RA source address to its own ULA and destination address to the Client's ULA-MNP (i.e., relative to the ULA /64 prefix for its Client-facing underlay interface) while also recording the corresponding XLA-MNP as an (alternate) index to the Client NCE, then calculates the authentication signature/checksum. The FHS/Hub Proxy/Server finally performs OAL encapsulation with source set to its own ULA and destination set to the OAL source that appeared in the RS, then calculates the OAL checksum, selects an appropriate Identification, fragments if necessary, encapsulates each fragment in appropriate L2 headers with source and destination address information reversed from the RS L2 information and returns the resulting carrier packets to the Client over the same underlay interface the RS arrived on.¶
When an FHS Proxy/Server receives an RS with a valid authentication signature/checksum and with destination set to link-scoped All-Routers multicast, it can either assume the Hub role itself the same as above or act as a proxy and select the ULA of another Proxy/Server to serve as the Hub. When an FHS Proxy/Server assumes the proxy role or receives an RS with destination set to the ULA of another Proxy/Server, it forwards the message while acting as a proxy. The FHS Proxy/Server creates/updates a NCE for the Client (i.e., based on the RS source address) and caches the OAL source, Window Synchronization, NUD flag, Interface Attributes addressing information as above then writes its own INET-facing FMT, SRT and LHS Proxy/Server ULA/L2ADDR information into the appropriate Interface Attributes sub-option fields (while also setting/clearing FMT-Forward and FMT-Type as above). The FHS Proxy/Server then calculates and includes the checksum, performs OAL encapsulation with source set to its own ULA and destination set to the ULA of the Hub Proxy/Server, calculates the OAL checksum, selects an appropriate Identification, fragments if necessary, encapsulates each fragment in appropriate L2 headers and sends the resulting carrier packets into the SRT secured spanning tree.¶
When the Hub Proxy/Server receives the carrier packets, it discards the L2 headers, reassembles if necessary to obtain the proxyed RS, verifies checksums, then performs DHCPv6 Prefix Delegation (PD) to obtain the Client's MNP if the RS source is not already MNP-based. The Hub Proxy/Server then creates/updates a NCE for the Client's XLA-MNP and caches any state (including the ARR and RPT flags, OAL addresses, Interface Attributes information and Traffic Selectors), then finally performs routing protocol injection. The Hub Proxy/Server then returns an RA that echoes the Client's (proxyed) Interface Attributes sub-option and with any RA parameters the same as specified for the FHS/Hub Proxy/Server case above. The Hub Proxy/Server then sets the RA source address to its own ULA and destination address to the RS source address; if the RS source address is an HHIT/TLA, the Hub Proxy/Server also includes the MNP in a DHCPv6 PD Reply OMNI sub-option. The Hub Proxy/Server next calculates the checksum, then encapsulates the RA as an OAL packet with source set to its own ULA and destination set to the ULA of the FHS Proxy/Server that forwarded the RS. The Hub Proxy/Server finally calculates the OAL checksum, selects an appropriate Identification, fragments if necessary, encapsulates each fragment in appropriate L2 headers and sends the resulting carrier packets into the secured spanning tree.¶
When the FHS Proxy/Server receives the carrier packets it discards the L2 headers, reassembles if necessary to obtain the RA message, verifies checksums then updates the OMNI interface NCE for the Client and creates/updates a NCE for the Hub. The FHS Proxy/Server then sets the P flag in the RA flags field [RFC4389] and proxys the RA by changing the OAL source to its own ULA, changing the OAL destination to the OAL address found in the Client's NCE, and changing the RA destination address to the ULA-MNP of the Client relative to its own /64 ULA prefix while also recording the corresponding XLA-MNP as an alternate index into the Client NCE. (If the RA destination address was an HHIT/TLA, the FHS Proxy Server determines the MNP by consulting the DHCPv6 PD Reply message sub-option.) The FHS Proxy/Server next includes Window Synchronization parameters responsive to those in the Client's RS, an Interface Attributes sub-option with ifIndex '0' and with its Client-facing interface unicast L2 address if necessary (see above), an Origin Indication sub-option with the Client's cached L2ADDR and an authentication sub-option if necessary. The FHS Proxy/Server finally selects an Identification value per Section 6.6, calculates the authentication signature/checksum, fragments if necessary, encapsulates each fragment in L2 headers with addresses taken from the Client's NCE and sends the resulting carrier packets via the same underlay interface over which the RS was received.¶
When the Client receives the carrier packets, it discards the L2 headers, reassembles if necessary and removes the OAL header to obtain the RA message. The Client next verifies the authentication signature/checksum, then matches the RA message with its previously-sent RS by comparing the RS Sequence Number with the RA Acknowledgement Number and also comparing the Nonce and/or Timestamp values if present. If the values match, the Client then creates/updates OMNI interface NCEs for both the Hub and FHS Proxy/Server and caches the information in the RA message. In particular, the Client caches the RA source address as the Hub Proxy/Server ULA and uses the OAL source address to configure both an underlay interface-specific ULA for the Hub Proxy/Server and the ULA of this FHS Proxy/Server. The Client then uses the ULA-MNP in the RA destination address to configure its address within the ULA (multilink) subnet prefix of the FHS Proxy/Server. If the Client has multiple underlay interfaces, it creates additional FHS Proxy/Server NCEs and ULA-MNPs as necessary when it receives RAs over those interfaces (noting that multiple of the Client's underlay interfaces may be serviced by the same or different FHS Proxy/Servers). The Client finally adds the Hub Proxy/Server ULA to the default router list if necessary.¶
For each underlay interface, the Client next caches the (filled-out) Interface Attributes for its own ifIndex and Origin Indication information that it received in an RA message over that interface so that it can include them in future NS/NA messages to provide neighbors with accurate FMT/SRT/LHS information. (If the message includes an Interface Attributes sub-option with ifIndex '0', the Client also caches the L2ADDR as the underlay network-local unicast address of the FHS Proxy//Server via that underlay interface.) The Client then compares the Origin Indication L2ADDR information with its own underlay interface addresses to determine whether there may be NATs on the path to the FHS Proxy/Server; if the L2ADDR information differs, the Client is behind a NAT and must supply the Origin information in IPv6 ND message exchanges with prospective neighbors on the same SRT segment. The Client finally configures default routes and assigns the OMNI Subnet Router Anycast address corresponding to the MNP (e.g., 2001:db8:1:2::) to the OMNI interface.¶
Following the initial exchange, the FHS Proxy/Server MAY later send additional periodic and/or event-driven unsolicited RA messages per [RFC4861]. (The unsolicited RAs may be initiated either by the FHS Proxy/Server itself or by the Hub via the FHS as a proxy.) The Client then continuously manages its underlay interfaces according to their states as follows:¶
The Client is responsible for retrying each RS exchange up to MAX_RTR_SOLICITATIONS times separated by RTR_SOLICITATION_INTERVAL seconds until an RA is received. If no RA is received over an UP underlay interface (i.e., even after attempting to contact alternate Proxy/Servers), the Client declares this underlay interface as DOWN. When changing to a new FHS or Hub Proxy/Server, the Client also includes a Proxy/Server Departure OMNI sub-option in new RS messages; the (new) FHS Proxy/Server will in turn send uNA messages to the old FHS and/or Hub Proxy/Server to announce the Client's departure as discussed in [I-D.templin-intarea-aero].¶
The network layer sees the OMNI interface as an ordinary IPv6 interface. Therefore, when the network layer sends an RS message the OMNI interface returns an internally-generated RA message as though the message originated from an IPv6 router. The internally-generated RA message contains configuration information consistent with the information received from the RAs generated by the Hub Proxy/Server. Whether the OMNI interface IPv6 ND messaging process is initiated from the receipt of an RS message from the network layer or independently of the network layer is an implementation matter. Some implementations may elect to defer the OMNI interface internal RS/RA messaging process until an RS is received from the network layer, while others may elect to initiate the process proactively. Still other deployments may elect to administratively disable network layer RS/RA messaging over the OMNI interface, since the messages are not required to drive the OMNI interface internal RS/RA process. (Note that this same logic applies to IPv4 implementations that employ "ICMP Router Discovery" [RFC1256].)¶
Note: The Router Lifetime value in RA messages indicates the time before which the Client must send another RS message over this underlay interface (e.g., 600 seconds), however that timescale may be significantly longer than the lifetime the MS has committed to retain the prefix registration (e.g., REACHABLE_TIME seconds). Proxy/Servers are therefore responsible for keeping MS state alive on a shorter timescale than the Client may be required to do on its own behalf.¶
Note: On certain multicast-capable underlay interfaces, Clients should send periodic unsolicited multicast NA messages and Proxy/Servers should send periodic unsolicited multicast RA messages as "beacons" that can be heard by other nodes on the link. If a node fails to receive a beacon after a timeout value specific to the link, it can initiate Neighbor Unreachability Detection (NUD) exchanges to test reachability.¶
Note: If a single FHS Proxy/Server services multiple of a Client's underlay interfaces, Window Synchronization will initially be repeated for the RS/RA exchange over each underlay interface, i.e., until the Client discovers the many-to-one relationship. This will naturally result in a single window synchronization that applies over the Client's multiple underlay interfaces for the same FHS Proxy/Server.¶
Note: Although the Client's FHS Proxy/Server is a first-hop segment node from its own perspective, the Client stores the Proxy/Server's FMT/SRT/ULA/L2ADDR as last-hop segment (LHS) information to supply to neighbors. This allows both the Client and Hub Proxy/Server to supply the information to neighbors that will perceive it as LHS information on the return path to the Client.¶
Note: The Hub Proxy/Server injects Client XLA-MNP into the OMNI link routing system by simply creating a route-to-interface forwarding table entry for fd00::{MNP}/N via the OMNI interface. The dynamic routing protocol will notice the new entry and propagate the route to its peers. If the Hub receives additional RS messages, it need not re-create the forwarding table entry (nor disturb the dynamic routing protocol) if an entry is already present. If the Hub ceases to receive RS messages from any of the Client's interfaces, it removes the Client XLA-MNP from the forwarding table (i.e., after a short delay) resulting in its removal also from the routing system.¶
Note: If the Client's initial RS message includes an anycast L2 destination address, the FHS Proxy/Server returns the solicited RA using the same anycast address as the L2 source while including an Interface Attributes sub-option with ifIndex '0' and its true unicast address in the L2ADDR. When the Client sends additional RS messages, it includes this FHS Proxy/Server unicast address as the L2 destination and the FHS Proxy/Server returns the solicited RA using the same unicast address as the L2 source. This will ensure that RS/RA exchanges are not impeded by any NATs on the path while avoiding long-term exposure of messages that use an anycast address as the source.¶
Note: The Origin Indication sub-option is included only by the FHS Proxy/Server and not by the Hub (unless the Hub is also serving as an FHS).¶
Note: Clients should set the NUD, ARR and RPT flags consistently in successive RS messages and only change those settings when an FHS/Hub Proxy/Server service profile update is necessary.¶
Note: Although the Client adds the Hub Proxy/Server ULA to the default router list, it also caches the ULAs of the FHS Proxy/Servers on the path to the Hub over each underlying interface. When the Client needs to send an original IP packet/parcel to a default router, it engages OAL encapsulation/fragmentation while using a destination ULA corresponding to the selected interface which directs the packet to an FHS Proxy/Server for that interface. The FHS Proxy/Server then performs L2 encapsulation and sends the resulting carrier packets without disturbing the Hub.¶
In environments where Identification window synchronization is necessary, the RS/RA exchanges discussed above observe the principles specified in Section 6.6. Window synchronization is conducted between the Client and each FHS Proxy/Server used to contact the Hub Proxy/Server, i.e., and not between the Client and the Hub. This is due to the fact that the Hub Proxy/Server is responsible only for forwarding control and data messages via the secured spanning tree to FHS Proxy/Servers, and is not responsible for forwarding messages directly to the Client under a synchronized window. Also, in the reverse direction the FHS Proxy/Servers handle all default forwarding actions without forwarding Client-initiated data to the Hub.¶
When a Client needs to perform window synchronization via a new FHS Proxy/Server, it sets the RS source address to its own {TLA,XLA}-MNP (or an HHIT/TLA) and destination address to the ULA of the Hub Proxy/Server (or to All-Routers multicast in an initial RS), then sets the SYN flag and includes an initial Sequence Number for Window Synchronization. The Client then performs OAL encapsulation using its own ULA-MNP (or the HHIT/TLA) as the source and the ULA of the FHS Proxy/Server as the destination and includes an Interface Attributes sub-option then performs L2 encapsulation and sends the resulting carrier packets to the FHS Proxy/Server. The FHS Proxy/Server then extracts the RS message and caches the Window Synchronization parameters then re-encapsulates with its own ULA as the source and the ULA of the Hub Proxy/Server as the target.¶
The FHS Proxy/Server then performs L2 encapsulation and sends the resulting carrier packets via the secured spanning tree to the Hub Proxy/Server, which updates the Client's Interface Attributes and returns a unicast RA message with source set to its own ULA and destination set to the RS source address and with the Client's Interface Attributes echoed. The Hub Proxy/Server then performs OAL encapsulation using its own ULA as the source and the ULA of the FHS Proxy/Server as the destination, then performs L2 encapsulation and sends the carrier packets via the secured spanning tree to the FHS Proxy/Server. The FHS Proxy/Server then proxys the message as discussed in the previous section and includes responsive Window Synchronization information. The FHS Proxy/Server then forwards the message to the Client which updates its window synchronization information for the FHS Proxy/Server as necessary.¶
Following the initial RS/RA-driven window synchronization, the Client can re-assert new windows with specific FHS Proxy/Servers by performing NS/NA exchanges between its own XLA-MNPs and the ULAs of the FHS Proxy/Servers without having to disturb the Hub.¶
On some *NETs, a Client may be located multiple intermediate OMNI node hops away from the nearest OMNI link Proxy/Server. Clients in multihop networks perform route discovery through the application of a routing protocol (e.g., a MANET/VANET routing protocol over omnidirectional wireless interfaces, an inter-domain routing protocol in an enterprise network, etc.) then apply corresponding forwarding entries to the OMNI interface. Example routing protocols optimized for MANET/VANET operations include OSPFv3 [RFC5340] with MANET Designated Router (OSPF-MDR) extensions [RFC5614], OLSRv2 [RFC7181], AODVv2 [I-D.perkins-manet-aodvv2] and others. Clients employ the routing protocol according to the link model found in [RFC5889] and subnet model articulated in [RFC5942]. For unique identification, Clients use an HHIT/TLA as a Router ID or set an administrative value that is managed for uniqueness within the MANET/VANET.¶
A Client located potentially multiple *NET hops away from the nearest Proxy/Server prepares an RS message, sets the source address to its XLA-MNP (or to its HHIT/TLA if it does not yet have an MNP), and sets the destination to link-scoped All-Routers multicast or the unicast ULA of a Proxy/Server the same as discussed above. The OMNI interface then employs OAL encapsulation, sets the OAL source address to its HHIT/TLA and sets the OAL destination to an OMNI IPv6 anycast address based on either a native IPv6 or IPv4-Compatible IPv6 prefix (see: Section 10).¶
For IPv6-enabled *NETs where the underlay interface observes the MANET properties discussed above, the Client injects the HHIT/TLA into the IPv6 multihop routing system and forwards the message without further encapsulation. Otherwise, the Client encapsulates the message in UDP/IPv6 L2 headers, sets the source to the underlay interface IPv6 address and sets the destination to the same OMNI IPv6 anycast address. The Client then forwards the message into the IPv6 multihop routing system which conveys it to the nearest Proxy/Server that advertises a matching OMNI IPv6 anycast prefix. If the nearest Proxy/Server is too busy, it should forward (without Proxying) the OAL-encapsulated RS to another nearby Proxy/Server connected to the same IPv6 (multihop) network that also advertises the matching OMNI IPv6 anycast prefix.¶
For IPv4-only *NETs, the Client encapsulates the RS message in UDP/IPv4 L2 headers, sets the source to the underlay interface IPv4 address and sets the destination to the OMNI IPv4 anycast address. The Client then forwards the message into the IPv4 multihop routing system which conveys it to the nearest Proxy/Server that advertises the corresponding IPv4 prefix. If the nearest Proxy/Server is too busy and/or does not configure the specified OMNI IPv6 anycast address, it should forward (without Proxying) the OAL-encapsulated RS to another nearby Proxy/Server connected to the same IPv4 (multihop) network that configures the OMNI IPv6 anycast address. (In environments where reciprocal RS forwarding cannot be supported, the first Proxy/Server should instead return an RA based on its own MSP(s).)¶
When an intermediate *NET node that participates in the routing protocol receives the encapsulated RS, it forwards the message according to its routing tables (note that an intermediate node could be a fixed infrastructure element such as a roadside unit or another MANET/VANET Client). This process repeats iteratively until the RS message is received by a penultimate *NET hop within single-hop communications range of a Proxy/Server, which forwards the message to the Proxy/Server.¶
When a Proxy/Server that configures the OMNI IPv6 anycast OAL destination receives the message, it decapsulates the RS and assumes either the Hub or FHS role (in which case, it forwards the RS to a candidate Hub). The Hub Proxy/Server then prepares an RA message with source address set to its own ULA and destination address set to the RS source address if it is acting only as the Hub (or to the Client ULA-MNP within its ULA subnet prefix if it is also acting as the FHS Proxy/Server). The Hub Proxy/Server then performs OAL encapsulation with the RA OAL source/destination set to the RS OAL destination/source and forwards the RA either to the FHS Proxy/Server or directly to the Client.¶
When the Hub or FHS Proxy/Server forwards the RA to the Client, it encapsulates the message in L2 encapsulation headers (if necessary) with (src, dst) set to the (dst, src) of the RS L2 encapsulation headers. The Proxy/Server then forwards the message to a *NET node within communications range, which forwards the message according to its routing tables to an intermediate node. The multihop forwarding process within the *NET continues repetitively until the message is delivered to the original Client, which decapsulates the message and performs autoconfiguration the same as if it had received the RA directly from a Proxy/Server on the same physical link. The Client then injects the ULA-MNP into the IPv6 multihop routing system to advertise a unique address within the FHS Proxy/Server's "Multilink Subnet".¶
Note: When the RS message includes anycast OAL and/or L2 encapsulation destinations, the FHS Proxy/Server must use the same anycast addresses as the OAL and/or L2 encapsulation sources to support forwarding of the RA message plus any initial data messages. The FHS Proxy/Server then sends the resulting carrier packets over any NATs on the path. When the Client receives the RA, it will discover its unicast ULA-MNP and/or L2 encapsulation addresses and can send future carrier packets using the unicast (instead of anycast) addresses to populate NAT state in the forward path. (If the Client does not have immediate data to send to the FHS Proxy/Server, it can instead send an OAL "bubble" - see Section 6.10.) After the Client begins using unicast OAL/L2 encapsulation addresses in this way, the FHS Proxy/Server should also begin using the same unicast addresses in the reverse direction.¶
Note: When an OMNI interface configures a HHIT/TLA, any nodes that forward an encapsulated RS message with the HHIT/TLA as the OAL source must not consider the message as being specific to a particular OMNI link. HHITs/TLAs can therefore also serve as the source and destination addresses of unencapsulated IPv6 data communications within the local routing region, and if the HHIT/TLAs are injected into the local network routing protocol their prefix length must be set to 128.¶
Note: Each node normally conducts the multi-hop relaying between intermediate forwarding nodes using the same underlay interface in both the inbound and outbound directions, i.e. as opposed to different underlay interfaces. The final forwarding node within range of a Proxy/Server could use the same or a different underlay interface to exchange carrier packets with the Proxy/Server, but may not be well positioned to perform multilink selections over multiple underlay interfaces on behalf of multihop dependent peers.¶
When a Client is not pre-provisioned with an MNP (or, when the Client requires additional MNP delegations), it requests the MS to select MNPs on its behalf and set up the correct routing state. The DHCPv6 service [RFC8415] supports this requirement.¶
When a Client requires the MS to select MNPs, it sends an RS message with source set to an HHIT/TLA-RND. If the Client requires only a single MNP delegation, it can then include an OMNI Node Identification sub-option plus an OMNI Neighbor Control sub-option with Preflen set to the length of the desired MNP. If the Client requires multiple MNP delegations and/or more complex DHCPv6 services, it instead includes a DHCPv6 Message sub-option containing a Client Identifier, one or more IA_PD options and a Rapid Commit option then sets the 'msg-type' field to "Solicit", and includes a 3-octet 'transaction-id'. The Client then sets the RS destination to link-scoped All-Routers multicast and sends the message using OAL encapsulation and fragmentation if necessary as discussed above.¶
When the Hub Proxy/Server receives the RS message, it performs OAL reassembly if necessary. Next, if the RS source is an HHIT/TLA-RND and/or the OMNI option includes a DHCPv6 message sub-option, the Hub Proxy/Server acts as a "Proxy DHCPv6 Client" in a message exchange with the locally-resident DHCPv6 server. If the RS did not contain a DHCPv6 message sub-option, the Hub Proxy/Server generates a DHCPv6 Solicit message on behalf of the Client using an IA_PD option with the prefix length set to the OMNI Neighbor Control sub-option Preflen value and with a Client Identifier formed from the OMNI option Node Identification sub-option; otherwise, the Hub Proxy/Server uses the DHCPv6 Solicit message contained in the OMNI option. The Hub Proxy/Server then sends the DHCPv6 message to the DHCPv6 Server, which delegates MNPs and returns a DHCPv6 Reply message with PD parameters. (If the Hub Proxy/Server wishes to defer creation of Client state until the DHCPv6 Reply is received, it can instead act as a Lightweight DHCPv6 Relay Agent per [RFC6221] by encapsulating the DHCPv6 message in a Relay-forward/reply exchange with Relay Message and Interface ID options. In the process, the Hub Proxy/Server packs any state information needed to return an RA to the Client in the Relay-forward Interface ID option so that the information will be echoed back in the Relay-reply.)¶
When the Hub Proxy/Server receives the DHCPv6 Reply, it creates XLA-MNPs based on the delegated MNPs and creates OMNI interface XLA-MNP forwarding table entries (i.e., to prompt the dynamic routing protocol). The Hub Proxy/Server then sends an RA back to the FHS Proxy/Server with the DHCPv6 Reply message included in an OMNI DHCPv6 message sub-option. The Hub Proxy/Server sets the RA destination address to the RS source address, sets the RA source address to its own ULA, performs OAL encapsulation and fragmentation, performs L2 encapsulation and sends the RA to the Client via the FHS Proxy/Server as discussed above.¶
When the FHS Proxy/Server receives the RA, it changes the RA destination address to the ULA-MNP for the Client within its own ULA subnet prefix, includes a Neighbor Control sub-option with Preflen set to the length of the MNP, then forwards the RA to the Client. When the Client receives the RA, it reassembles and discards the OAL encapsulation then creates a default route, assigns Subnet Router Anycast addresses and uses the RA destination address or DHCPv6-delegated MNP to automatically configure its primary ULA-MNP. The Client will then use these primary MNP-based addresses as the source address of any IPv6 ND messages it sends as long as it retains ownership of the MNP.¶
Note: when the Hub Proxy/Server is also the FHS Proxy/Server, it forwards the RA message directly to the Client with the destination set to the Client's ULA-MNP (i.e., instead of forwarding via another Proxy/Server).¶
Clients can provide an OMNI link ingress point for other nodes on their (downstream) ENETs that also act as Clients. When Client A has already coordinated with an (upstream) ANET/INET Proxy/Server, Client B on an ENET serviced by Client A can send OAL-encapsulated RS messages with addresses set the same as specified in Section 15.2. When Client A receives the RS message, it infers from the OAL encapsulation that Client B is seeking to establish itself as a Client instead of just a simple ENET Host.¶
Client A then returns an RA message the same as a Proxy/Server would do as specified in Section 15.2 except that it instead uses its own ULA-MNP as the RA and OAL source addresses and performs (recursive) DHCPv6 Prefix Delegation. The MNP delegation in the RA message must be a sub-MNP from the MNP delegated to Client A. For example, if Client A receives the MNP 2001:db8:1000::/48 it can provide a sub-delegation such as 2001:db8:1000:2000::/56 to Client B. Client B can in turn sub-delegate 2001:db8:1000:2000::/56 to its own ENET(s), where there may be a further prospective Client C that would in turn request OMNI link services via Client B.¶
To support this Client-to-Client chaining, Clients send IPv6 ND messages addressed to the OMNI link anycast address via their ANET/INET (i.e., upstream) interfaces, but advertise the OMNI link anycast address into their ENET (i.e., downstream) networks where there may be further prospective Clients wishing to join the chain. The ENET of the upstream Client is therefore seen as an ANET by downstream Clients, and the upstream Client is seen as a Proxy/Server by downstream Clients.¶
If the underlay network link model is multiple access, the FHS Proxy/Server is responsible for assuring that address duplication cannot corrupt the neighbor caches of other nodes on the link. When the Client sends an RS message on a multiple access underlay network, the Proxy/Server verifies that the Client is authorized to use the address and responds with an RA (or forwards the RS to the Hub) only if the Client is authorized.¶
After verifying Client authorization and returning an RA, the Proxy/Server MAY return IPv6 ND Redirect messages to direct Clients located on the same underlay network to exchange OAL packets directly without transiting the Proxy/Server. In that case, the Clients can exchange OAL packets according to their unicast L2 addresses discovered from the Redirect message instead of using the dogleg path through the Proxy/Server. In some underlay networks, however, such direct communications may be undesirable and continued use of the dogleg path through the Proxy/Server may provide better performance. In that case, the Proxy/Server can refrain from sending Redirects, and/or Clients can ignore them.¶
*NETs SHOULD deploy Proxy/Servers in Virtual Router Redundancy Protocol (VRRP) [RFC5798] configurations so that service continuity is maintained even if one or more Proxy/Servers fail. Using VRRP, the Client is unaware which of the (redundant) FHS Proxy/Servers is currently providing service, and any service discontinuity will be limited to the failover time supported by VRRP. Widely deployed public domain implementations of VRRP are available.¶
Proxy/Servers SHOULD use high availability clustering services so that multiple redundant systems can provide coordinated response to failures. As with VRRP, widely deployed public domain implementations of high availability clustering services are available. Note that special-purpose and expensive dedicated hardware is not necessary, and public domain implementations can be used even between lightweight virtual machines in cloud deployments.¶
In environments where fast recovery from Proxy/Server failure is required, FHS Proxy/Servers SHOULD use proactive Neighbor Unreachability Detection (NUD) in a manner that parallels Bidirectional Forwarding Detection (BFD) [RFC5880] to track Hub Proxy/Server reachability. FHS Proxy/Servers can then quickly detect and react to failures so that cached information is re-established through alternate paths. Proactive NUD control messaging is carried only over well-connected ground domain networks (i.e., and not low-end links such as aeronautical radios) and can therefore be tuned for rapid response.¶
FHS Proxy/Servers perform proactive NUD for Hub Proxy/Servers for which there are currently active Clients. If a Hub Proxy/Server fails, the FHS Proxy/Server can quickly inform Clients of the outage by sending multicast RA messages. The FHS Proxy/Server sends RA messages to Clients with source set to the ULA of the Hub, with destination address set to All-Nodes multicast (ff02::1) [RFC4291] and with Router Lifetime set to 0.¶
The FHS Proxy/Server SHOULD send MAX_FINAL_RTR_ADVERTISEMENTS RA messages separated by small delays [RFC4861]. Any Clients that have been using the (now defunct) Hub Proxy/Server will receive the RA messages.¶
When a Client connects to an *NET link for the first time, it sends an RS message with an OMNI option. If the first hop router recognizes the option, it responds according to the appropriate FHS/Hub Proxy/Server role resulting in an RA message with an OMNI option returned to the Client. The Client then engages this FHS Proxy/Sever according to the OMNI link model specified above. If the first hop router is a legacy IPv6 router, however, it instead returns an RA message with no OMNI option and with a non-OMNI unicast source LLA as specified in [RFC4861]. In that case, the Client engages the *NET according to the legacy IPv6 link model and without the OMNI extensions specified in this document.¶
If the *NET link model is multiple access, there must be assurance that address duplication cannot corrupt the neighbor caches of other nodes on the link. When the Client sends an RS message on a multiple access *NET link with an OMNI option, first hop routers that recognize the option ensure that the Client is authorized to use the address and return an RA with a non-zero Router Lifetime only if the Client is authorized. First hop routers that do not recognize the OMNI option instead return an RA that makes no statement about the Client's authorization to use the source address. In that case, the Client should perform Duplicate Address Detection to ensure that it does not interfere with other nodes on the link.¶
An alternative approach for multiple access *NET links to ensure isolation for Client-Proxy/Server communications is through link layer address mappings as discussed in Appendix D. This arrangement imparts a (virtual) point-to-point link model over the (physical) multiple access link.¶
Client OMNI interfaces configured over IPv6-enabled underlay interfaces on an open Internetwork without an OMNI-aware first-hop router receive IPv6 RA messages with no OMNI options, while OMNI interfaces configured over IPv4-only underlay interfaces receive no IPv6 RA messages at all (but may receive IPv4 RA messages [RFC1256]). Client OMNI interfaces that receive RA messages with OMNI options configure addresses, on-link prefixes, etc. on the underlay interface that received the RA according to standard IPv6 ND and address resolution conventions [RFC4861] [RFC4862]. Client OMNI interfaces configured over IPv4-only underlay interfaces configure IPv4 address information on the underlay interfaces using mechanisms such as DHCPv4 [RFC2131].¶
Client OMNI interfaces configured over underlay interfaces connected to open Internetworks can apply security services such as VPNs to connect to a Proxy/Server, or can establish a direct link to the Proxy/Server through some other means (see Section 4). In environments where an explicit VPN or direct link may be impractical or undesirable, Client OMNI interfaces can instead send IPv6 ND messages with OMNI options that include authentication signatures.¶
OMNI interfaces use UDP/IP as L2 encapsulation headers for transmission over open Internetworks with UDP service port number 8060 for both IPv4 and IPv6 underlay interfaces. The OMNI interface submits original IP packets/parcels for OAL encapsulation, then encapsulates the resulting OAL fragments in UDP/IP L2 headers to form carrier packets. (The first four bits following the UDP header determine whether the OAL headers are uncompressed/compressed as discussed in Section 6.4.) The OMNI interface sets the UDP length to the encapsulated OAL fragment length and sets the IP length to an appropriate value at least as large as the UDP datagram.¶
When necessary, sources include an OMNI option with an authentication sub-option in IPv6 ND messages. The source can employ a simple Hashed Message Authentication Code (HMAC) as specified in [RFC2104][RFC6234] or a message-based authentication service such as HIP [RFC7401], QUIC-TLS [RFC9000][RFC9001], etc. using the IPv6 ND message OMNI option as a "shipping container". Before calculating any authentication signature, the source fully populates any necessary OMNI sub-options as well as any ordinary IPv6 ND options as necessary.¶
The source then sets both the IPv6 ND message Checksum and authentication signature fields to 0 and calculates the authentication signature over the full length of the IPv6 ND message beginning after the IPv6 ND message checksum field and extending over the length of the message. (If the IPv6 ND message is part of an OAL super-packet, the source instead continues to calculate the authentication signature over the entire length of the super-packet.) The source next writes the authentication signature into the appropriate sub-option field and forwards the message.¶
After establishing a VPN or preparing for UDP/IP encapsulation, OMNI interfaces send RS/RA messages for Client-Proxy/Server coordination (see: Section 15) and NS/NA messages for route optimization, window synchronization and mobility management (see: [I-D.templin-intarea-aero]). These control plane messages must be authenticated while other control and data plane messages are delivered the same as for ordinary best-effort traffic with source address and/or Identification window-based data origin verification. Transport and higher layer protocol sessions over OMNI interfaces that connect over open Internetworks without an explicit VPN should therefore employ security at their layers to ensure authentication, integrity and/or confidentiality.¶
Clients should avoid using INET Proxy/Servers as general-purpose routers for steady streams of carrier packets that do not require authentication. Clients should therefore perform route optimization to coordinate with other INET nodes that can provide forwarding services (or preferably coordinate directly with peer Clients directly) instead of burdening the Proxy/Server. Procedures for coordinating with peer Clients and discovering INET nodes that can provide better forwarding services are discussed in [I-D.templin-intarea-aero].¶
Clients that attempt to contact peers over INET underlay interfaces often encounter NATs in the path. OMNI interfaces accommodate NAT traversal using UDP/IP encapsulation and the mechanisms discussed in [I-D.templin-intarea-aero]. FHS Proxy/Servers include Origin Indications in RA messages to allow Clients to detect the presence of NATs.¶
Note: Following the initial IPv6 ND message exchange, OMNI interfaces configured over INET underlay interfaces maintain neighbor relationships by transmitting periodic IPv6 ND messages with OMNI options that include authentication signatures. Other authentication services that use their own IPv6 ND option types such as [RFC3971] and [RFC8928] can also be used in addition to any OMNI authentication services.¶
Note: OMNI interfaces configured over INET underlay interfaces should employ the Identification window synchronization mechanisms specified in Section 6.6 in order to exclude spurious carrier packets that might otherwise clutter the reassembly cache. This is especially important in environments where carrier packet spoofing and/or corruption is a threat.¶
Note: NATs may be present on the path from a Client to its FHS Proxy/Server, but never on the path from the FHS Proxy/Server to the Hub where only INET and/or spanning tree hops occur. Therefore, the FHS Proxy/Server does not communicate Client origin information to the Hub where it would serve no purpose.¶
In some use cases, it is desirable, beneficial and efficient for the Client to receive a constant MNP that travels with the Client wherever it moves. For example, this would allow air traffic controllers to easily track aircraft, etc. In other cases, however (e.g., intelligent transportation systems), the Client may be willing to sacrifice a modicum of efficiency in order to have time-varying MNPs that can be changed every so often to defeat adversarial tracking.¶
The prefix delegation services discussed in Section 15.3 allows Clients that desire time-varying MNPs to obtain short-lived prefixes to send RS messages with an HHIT/TLA source address and/or with an OMNI option with DHCPv6 Option sub-options. The Client would then be obligated to renumber its internal networks whenever its MNP (and therefore also its OMNI address) changes. This should not present a challenge for Clients with automated network renumbering services, but may disrupt persistent sessions that would prefer to use a constant address.¶
Clients that generate (H)HITs but do not have pre-assigned MNPs can request MNP delegations by issuing IPv6 ND messages that use the (H)HIT instead of a TLA. For example, when a Client creates an RS message it can set the source to a (H)HIT and destination to link-scoped All-Routers multicast. The IPv6 ND message includes an OMNI option with a Node Identification sub-option, then encapsulates the message in an IPv6 header with the (H)HIT as the source address. The Client then sends the message as specified in Section 15.2.¶
When the Hub Proxy/Server receives the RS message, it notes that the source was a (H)HIT, then invokes the DHCPv6 protocol to request an MNP prefix delegation while using the (H)HIT (in the form of a DUID) as the Client Identifier. The Hub Proxy/Server then prepares an RA message with source address set to its own ULA and destination set to the source of the RS message. The Hub Proxy/Server next includes an OMNI option with a Node Identification sub-option and any DHCPv6 prefix delegation parameters. The Proxy/Server finally encapsulates the RA in an OAL header with source address set to its own ULA and destination set to the RS OAL source address, then returns the encapsulated RA to the Client either directly or by way of the FHS Proxy/Server as a proxy.¶
Clients can also use (H)HITs and/or TLAs for direct Client-to-Client communications outside the context of any OMNI link supporting infrastructure. When two Clients encounter one another they can use their (H)HITs and/or TLAs as original IPv6 packet/parcel source and destination addresses to support direct communications. Clients can also inject their (H)HITs and/or TLAs into an IPv6 multihop routing protocol to enable multihop communications as discussed in Section 15.2. Clients can further exchange other IPv6 ND messages using their (H)HITs and/or TLAs as source and destination addresses.¶
Lastly, when Clients are within the coverage range of OMNI link infrastructure a case could be made for injecting (H)HITs and/or TLAs into the global MS routing system. For example, when the Client sends an RS to an FHS Proxy/Server it could include a request to inject the (H)HIT / TLA into the routing system instead of requesting an MNP prefix delegation. This would potentially enable OMNI link-wide communications using only (H)HITs or TLAs, and not MNPs. This document notes the opportunity, but makes no recommendation.¶
Clients assign LLAs to the OMNI interface, but do not use LLAs as IPv6 ND message source/destination addresses nor for addressing ordinary original IP packets/parcels exchanged with OMNI link neighbors.¶
Clients use ULA-MNPs as source/destination IPv6 addresses in the encapsulation headers of OAL packets and use XLA-MNPs as the IPv6 source addresses of the IPv6 ND messages themselves. Clients use TLAs when an MNP is not available, or as source/destination IPv6 addresses for communications within a MANET/VANET local area. Clients can also use (H)HITs instead of TLAs for local communications when operation outside the context of a specific ULA domain and/or source address attestation is necessary.¶
Clients use MNP-based GUAs as original IP packet/parcel source and destination addresses for communications with Internet destinations when they are within range of OMNI link supporting infrastructure that can inject the MNP into the routing system. Clients can also use MNP-based GUAs within multihop routing regions that are currently disconnected from infrastructure as long as the corresponding ULA-MNPs have been injected into the routing system.¶
Clients use anycast GUAs as OAL and/or L2 encapsulation destination addresses for RS messages used to discover the nearest FHS Proxy/Server. When the Proxy/Server returns a solicited RA, it must also use the same anycast address as the RA OAL/L2 encapsulation source in order to successfully traverse any NATs in the path. The Client should then immediately transition to using the FHS Proxy/Server's discovered unicast OAL/L2 address as the destination in order to minimize dependence on the Proxy/Server's use of an anycast source address.¶
An OAL destination or intermediate node may need to return ICMPv6-like error messages (e.g., Destination Unreachable, Packet Too Big, Time Exceeded, etc.) [RFC4443] to an OAL source. Since ICMPv6 error messages do not themselves include authentication codes, OAL nodes can instead return error messages as an OMNI ICMPv6 Error sub-option in a secured IPv6 ND uNA message.¶
The following IANA actions are requested in accordance with [RFC8126] and [RFC8726]:¶
The IANA is instructed to allocate an Internet Protocol number TBD1 from the 'protocol numbers' registry for the Overlay Multilink Network Interface (OMNI) protocol. Guidance is found in [RFC5237] (registration procedure is IESG Approval or Standards Action).¶
During final publication stages, the IESG will be requested to procure an IEEE EtherType value TBD2 for OMNI according to the statement found at https://www.ietf.org/about/groups/iesg/statements/ethertypes/.¶
Following this procurement, the IANA is instructed to register the value TBD2 in the 'ieee-802-numbers' registry for Overlay Multilink Network Interface (OMNI) encapsulation on Ethernet networks. Guidance is found in [RFC7042] (registration procedure is Expert Review).¶
The IANA is instructed to assign TBD3/N as an "OMNI IPv4 anycast" address/prefix in the "IPv4 Special-Purpose Address" registry in a similar fashion as for [RFC3068]. The IANA is requested to work with the authors to obtain a TBD3/N public IPv4 prefix, whether through an RIR allocation, a delegation from IANA's "IPv4 Recovered Address Space" registry or through an unspecified third party donation.¶
The IANA is instructed to allocate an official Type number TBD4 from the "IPv6 Neighbor Discovery Option Formats" registry for the OMNI option (registration procedure is RFC required).¶
The IANA is instructed to allocate one Ethernet unicast address TBD5 (suggested value '00-52-14') in the 'ethernet-numbers' registry under "IANA Unicast 48-bit MAC Addresses" (registration procedure is Expert Review). The registration should appear as follows:¶
The IANA is instructed to assign three new Code values in the "ICMPv6 Code Fields: Type 2 - Packet Too Big" registry (registration procedure is Standards Action or IESG Approval). The registry should appear as follows:¶
(Note: this registry also defines values for the "unused" field of ICMPv4 "Destination Unreachable - Fragmentation Needed" messages.)¶
The OMNI option defines a 5-bit Sub-Type field, for which IANA is instructed to create and maintain a new registry entitled "OMNI Option Sub-Type Values". Initial values are given below (registration procedure is RFC required):¶
The OMNI Node Identification sub-option (see: Section 12.2.3) contains an 8-bit ID-Type field, for which IANA is instructed to create and maintain a new registry entitled "OMNI Node Identification ID-Type Values". Initial values are given below (registration procedure is RFC required):¶
The OMNI Geo Coordinates sub-option (see: Section 12.2.10) contains an 8-bit Type field, for which IANA is instructed to create and maintain a new registry entitled "OMNI Geo Coordinates Type Values". Initial values are given below (registration procedure is RFC required):¶
The OMNI option defines an 8-bit Extension-Type field for Sub-Type 30 (Sub-Type Extension), for which IANA is instructed to create and maintain a new registry entitled "OMNI Option Sub-Type Extension Values". Initial values are given below (registration procedure is RFC required):¶
The OMNI Sub-Type Extension "RFC4380 UDP/IP Header Option" defines an 8-bit Header Type field, for which IANA is instructed to create and maintain a new registry entitled "OMNI RFC4380 UDP/IP Header Option". Initial registry values are given below (registration procedure is RFC required):¶
The OMNI Sub-Type Extension for "RFC6081 UDP/IP Trailer Option" defines an 8-bit Trailer Type field, for which IANA is instructed to create and maintain a new registry entitled "OMNI RFC6081 UDP/IP Trailer Option". Initial registry values are given below (registration procedure is RFC required):¶
The IANA has assigned the UDP port number "8060" for an earlier experimental version of AERO [RFC6706]. This document reclaims the UDP port number "8060" for 'aero' as the service port for UDP/IP encapsulation. (Note that, although [RFC6706] is not widely implemented or deployed, any messages coded to that specification can be easily distinguished and ignored since they include an invalid ICMPv6 message type number '0'.) The IANA is therefore instructed to update the reference for UDP port number "8060" from "RFC6706" to "RFCXXXX" (i.e., this document) while retaining the existing name 'aero'.¶
The IANA has assigned a 4-octet Private Enterprise Number (PEN) code "45282" in the "enterprise-numbers" registry. This document is the normative reference for using this code in DHCP Unique IDentifiers based on Enterprise Numbers ("DUID-EN for OMNI Interfaces") (see: Section 11). The IANA is therefore instructed to change the enterprise designation for PEN code "45282" from "LinkUp Networks" to "Overlay Multilink Network Interface (OMNI)".¶
The IANA has assigned the ifType code "301 - omni - Overlay Multilink Network Interface (OMNI)" in accordance with Section 6 of [RFC8892]. The registration appears under the IANA "Structure of Management Information (SMI) Numbers (MIB Module Registrations) - Interface Types (ifType)" registry.¶
No further IANA actions are required.¶
Security considerations for IPv4 [RFC0791], IPv6 [RFC8200] and IPv6 Neighbor Discovery [RFC4861] apply. OMNI interface IPv6 ND messages SHOULD include Nonce and Timestamp options [RFC3971] when transaction confirmation and/or time synchronization is needed.¶
OMNI interfaces configured over secured ANET/ENET interfaces inherit the physical and/or link layer security properties (i.e., "protected spectrum") of the connected networks. OMNI interfaces configured over open INET interfaces can use symmetric securing services such as VPNs or can by some other means establish a direct link. When a VPN or direct link may be impractical or undesirable, however, security services such as those specified in [RFC7401], [RFC4380], [RFC6234], [RFC9000], etc. can be employed.¶
OMNI link mobility services MUST provide for strong network layer security for control plane messages and forwarding path integrity for data plane messages. For example, the AERO service [I-D.templin-intarea-aero] constructs an SRT spanning tree with Proxy/Servers as leaf nodes and secures the spanning tree links with network layer security mechanisms such as IPsec [RFC4301] or WireGuard [WGD]. Secured control plane messages are then constrained to travel only over secured spanning tree paths and are therefore protected from attack or eavesdropping. Other control and data plane messages can travel over route optimized paths that do not strictly follow the secured spanning tree, therefore end-to-end sessions should employ transport or higher layer security services (e.g., TLS/SSL [RFC8446], DTLS [RFC6347], etc.). Additionally, the OAL Identification value can provide a first level of data origin authentication to mitigate off-path spoofing.¶
Identity-based key verification infrastructure services such as iPSK may be necessary for verifying the identities claimed by Clients. This requirement should be harmonized with the manner in which (H)HITs are attested in a given operational environment.¶
Security considerations for specific access network interface types are covered under the corresponding IP-over-(foo) specification (e.g., [RFC2464], [RFC2492], etc.).¶
Security considerations for IPv6 fragmentation and reassembly are discussed in Section 6.14. In environments where spoofing is considered a threat, OMNI nodes SHOULD employ Identification window synchronization and OAL destinations SHOULD configure an (end-system-based) firewall.¶
AERO/OMNI Release-3.2 was tagged on March 30, 2021, and is undergoing internal testing. Additional internal releases expected within the coming months, with first public release expected end of 1H2021.¶
Many AERO/OMNI functions are implemented and undergoing final integration. OAL fragmentation/reassembly buffer management code has been cleared for public release.¶
This document does not itself update other RFCs, but suggests that the following could be updated through future IETF initiatives:¶
Updates can be through, e.g., standards action, the errata process, etc. as appropriate.¶
The first version of this document was prepared per the consensus decision at the 7th Conference of the International Civil Aviation Organization (ICAO) Working Group-I Mobility Subgroup on March 22, 2019. Consensus to take the document forward to the IETF was reached at the 9th Conference of the Mobility Subgroup on November 22, 2019. Attendees and contributors included: Guray Acar, Danny Bharj, Francois D´Humieres, Pavel Drasil, Nikos Fistas, Giovanni Garofolo, Bernhard Haindl, Vaughn Maiolla, Tom McParland, Victor Moreno, Madhu Niraula, Brent Phillips, Liviu Popescu, Jacky Pouzet, Aloke Roy, Greg Saccone, Robert Segers, Michal Skorepa, Michel Solery, Stephane Tamalet, Fred Templin, Jean-Marc Vacher, Bela Varkonyi, Tony Whyman, Fryderyk Wrobel and Dongsong Zeng.¶
The following individuals are acknowledged for their useful comments: Amanda Baber, Scott Burleigh, Stuart Card, Donald Eastlake, Adrian Farrel, Michael Matyas, Robert Moskowitz, Madhu Niraula, Greg Saccone, Stephane Tamalet, Eliot Lear, Eduard Vasilenko, Eric Vyncke. Pavel Drasil, Zdenek Jaron and Michal Skorepa are especially recognized for their many helpful ideas and suggestions. Akash Agarwal, Madhuri Madhava Badgandi, Sean Dickson, Don Dillenburg, Joe Dudkowski, Vijayasarathy Rajagopalan, Ron Sackman, Bhargava Raman Sai Prakash and Katherine Tran are acknowledged for their hard work on the implementation and technical insights that led to improvements for the spec.¶
Discussions on the IETF 6man and atn mailing lists during the fall of 2020 suggested additional points to consider. The authors gratefully acknowledge the list members who contributed valuable insights through those discussions. Eric Vyncke and Erik Kline were the intarea ADs, while Bob Hinden and Ole Troan were the 6man WG chairs at the time the document was developed; they are all gratefully acknowledged for their many helpful insights. Many of the ideas in this document have further built on IETF experiences beginning in the 1990s, with insights from colleagues including Ron Bonica, Brian Carpenter, Ralph Droms, Christian Huitema, Thomas Narten, Dave Thaler, Joe Touch, Pascal Thubert, and many others who deserve recognition.¶
Early observations on IP fragmentation performance implications were noted in the 1986 Digital Equipment Corporation (DEC) "qe reset" investigation, where fragment bursts from NFS UDP traffic triggered hardware resets resulting in communication failures. Jeff Chase, Fred Glover and Chet Juzsczak of the Ultrix Engineering Group led the investigation, and determined that setting a smaller NFS mount block size reduced the amount of fragmentation and suppressed the resets. Early observations on L2 media MTU issues were noted in the 1988 DEC FDDI investigation, where Raj Jain, KK Ramakrishnan and Kathy Wilde represented architectural considerations for FDDI networking in general including FDDI/Ethernet bridging. Jeff Mogul (who led the IETF Path MTU Discovery working group) and other DEC colleagues who supported these early investigations are also acknowledged.¶
Throughout the 1990's and into the 2000's, many colleagues supported and encouraged continuation of the work. Beginning with the DEC Project Sequoia effort at the University of California, Berkeley, then moving to the DEC research lab offices in Palo Alto CA, then to Sterling Software at the NASA Ames Research Center, then to SRI in Menlo Park, CA, then to Nokia in Mountain View, CA and finally to the Boeing Company in 2005 the work saw continuous advancement through the encouragement of many. Those who offered their support and encouragement are gratefully acknowledged.¶
This work is aligned with the NASA Safe Autonomous Systems Operation (SASO) program under NASA contract number NNA16BD84C.¶
This work is aligned with the FAA as per the SE2025 contract number DTFAWA-15-D-00030.¶
This work is aligned with the Boeing Information Technology (BIT) Mobility Vision Lab (MVL) program.¶
The OAL Checksum Algorithm adopts the 8-bit Fletcher algorithm specified in Appendix I of [RFC1146] as also analyzed in [CKSUM]. [RFC6247] declared [RFC1146] historic for the reason that the algorithms had never seen widespread use with TCP, however this document adopts the 8-bit Fletcher algorithm for a different purpose. Quoting from Appendix I of [RFC1146], the OAL Checksum Algorithm proceeds as follows:¶
"The 8-bit Fletcher Checksum Algorithm is calculated over a sequence of data octets (call them D[1] through D[N]) by maintaining 2 unsigned 1's-complement 8-bit accumulators A and B whose contents are initially zero, and performing the following loop where i ranges from 1 to N:¶
It can be shown that at the end of the loop A will contain the 8-bit 1's complement sum of all octets in the datagram, and that B will contain (N)D[1] + (N-1)D[2] + ... + D[N]."¶
To calculate the OAL checksum, the above algorithm is applied over the N-octet concatenation of the OAL pseudo-header and the encapsulated original IP packet(s)/parcel(s). Specifically, the algorithm is first applied over the 40 octets of the OAL pseudo-header as data octets D[1] through D[40], then continues over the entire length of the original IP packet(s)/parcel(s) as data octets D[41] through D[N].¶
OMNI interface IPv6 ND messages are subject to authentication and integrity checks at multiple levels. When an OMNI interface sends an IPv6 ND message over an INET interface, it includes an authentication sub-option with a valid signature if necessary and always includes an IPv6 ND message checksum. The OMNI interface that receives the message verifies the OAL checksum as a first-level integrity check, then verifies the IPv6 ND message checksum followed by the authentication signature (if present) to ensure IPv6 ND message integrity and authenticity.¶
When an OMNI interface sends an IPv6 ND message over an underlay interface connected to a secured network, it omits authentication (sub-)options but always calculates/includes an IPv6 ND message checksum beginning with a pseudo-header of the IPv6 header and extending to the end of the IPv6 ND message only with the Checksum field itself set to 0. When an OMNI interface sends an IPv6 ND message over an underlay interface connected to an unsecured network, it first includes an authentication (sub-)option and calculates the signature beginning with the first octet following the IPv6 ND message header Checksum field and extending to the end of the entire packet or super-packet with the authentication signature field set to 0. The OMNI interface next writes the signature into the signature field, then calculates the IPv6 ND message checksum as above.¶
The OMNI interface that receives the message applies any link layer authentication and integrity checks, then verifies both the OAL checksum and the IPv6 ND message checksum. If the checksums are correct, the OMNI interface next verifies the authentication signature. The OMNI interface then processes the packet further only if all checksums and authentication signatures were correct.¶
OAL destinations also discard carrier packets with unacceptable Identifications and submit the encapsulated fragments in all others for reassembly. The reassembly algorithm rejects any fragments with unacceptable sizes, offsets, etc. and reassembles all others. Following reassembly, the OAL checksum algorithm provides an integrity assurance layer that compliments any integrity checks already applied by lower layers as well as a first-pass filter for any checks that will be applied later by upper layers.¶
ICAO Doc 9776 is the "Technical Manual for VHF Data Link Mode 2" (VDLM2) that specifies an essential radio frequency data link service for aircraft and ground stations in worldwide civil aviation air traffic management. The VDLM2 link type is "multicast capable" [RFC4861], but with considerable differences from common multicast links such as Ethernet and IEEE 802.11.¶
First, the VDLM2 link data rate is only 31.5Kbps - multiple orders of magnitude less than most modern wireless networking gear. Second, due to the low available link bandwidth only VDLM2 ground stations (i.e., and not aircraft) are permitted to send broadcasts, and even so only as compact link layer "beacons". Third, aircraft employ the services of ground stations by performing unicast RS/RA exchanges upon receipt of beacons instead of listening for multicast RA messages and/or sending multicast RS messages.¶
This beacon-oriented unicast RS/RA approach is necessary to conserve the already-scarce available link bandwidth. Moreover, since the numbers of beaconing ground stations operating within a given spatial range must be kept as sparse as possible, it would not be feasible to have different classes of ground stations within the same region observing different protocols. It is therefore highly desirable that all ground stations observe a common language of RS/RA as specified in this document.¶
Note that links of this nature may benefit from compression techniques that reduce the bandwidth necessary for conveying the same amount of data. The IETF lpwan working group is considering possible alternatives: [https://datatracker.ietf.org/wg/lpwan/documents].¶
Per [RFC4861], IPv6 ND messages may be sent to either a multicast or unicast link-scoped IPv6 destination address. However, IPv6 ND messaging should be coordinated between the Client and Proxy/Server only without invoking other nodes on the underlay network. This implies that Client-Proxy/Server control messaging should be isolated and not overheard by other nodes on the link.¶
To support Client-Proxy/Server isolation on some links, Proxy/Servers can maintain an OMNI-specific unicast link layer address ("MSADDR"). For Ethernet-compatible links, this specification reserves one Ethernet unicast address TBD5 (see: IANA Considerations). For non-Ethernet statically-addressed links MSADDR is reserved per the assigned numbers authority for the link layer addressing space. For still other links, MSADDR may be dynamically discovered through other means, e.g., link layer beacons.¶
Clients map the L3 addresses of all IPv6 ND messages they send (i.e., both multicast and unicast) to MSADDR instead of to an ordinary unicast or multicast link layer address. In this way, all of the Client's IPv6 ND messages will be received by Proxy/Servers that are configured to accept carrier packets destined to MSADDR. Note that multiple Proxy/Servers on the link could be configured to accept carrier packets destined to MSADDR, e.g., as a basis for supporting redundancy.¶
Therefore, Proxy/Servers must accept and process carrier packets destined to MSADDR, while all other devices must not process carrier packets destined to MSADDR. This model has well-established operational experience in Proxy Mobile IPv6 (PMIP) [RFC5213][RFC6543].¶
<< RFC Editor - remove prior to publication >>¶
Differences from earlier versions:¶