1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
|
<pre>Internet Engineering Task Force (IETF) S. Krishnan
Request for Comments: 6564 Ericsson
Updates: <a href="./rfc2460">2460</a> J. Woodyatt
Category: Standards Track Apple
ISSN: 2070-1721 E. Kline
Google
J. Hoagland
Symantec
M. Bhatia
Alcatel-Lucent
April 2012
<span class="h1">A Uniform Format for IPv6 Extension Headers</span>
Abstract
In IPv6, optional internet-layer information is encoded in separate
headers that may be placed between the IPv6 header and the transport-
layer header. There are a small number of such extension headers
currently defined. This document describes the issues that can arise
when defining new extension headers and discusses the alternate
extension mechanisms in IPv6. It also provides a common format for
defining any new IPv6 extension headers, if they are needed.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6564">http://www.rfc-editor.org/info/rfc6564</a>.
<span class="grey">Krishnan, et al. Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6564">RFC 6564</a> Format for IPv6 Extension Headers April 2012</span>
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-2">2</a>. Conventions Used in This Document ...............................<a href="#page-3">3</a>
<a href="#section-3">3</a>. Applicability ...................................................<a href="#page-3">3</a>
<a href="#section-4">4</a>. Proposed IPv6 Extension Header Format ...........................<a href="#page-4">4</a>
<a href="#section-5">5</a>. Backward Compatibility ..........................................<a href="#page-4">4</a>
<a href="#section-6">6</a>. Future Work .....................................................<a href="#page-5">5</a>
<a href="#section-7">7</a>. Security Considerations .........................................<a href="#page-5">5</a>
<a href="#section-8">8</a>. Acknowledgements ................................................<a href="#page-5">5</a>
<a href="#section-9">9</a>. Normative References ............................................<a href="#page-5">5</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
The base IPv6 standard [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>] defines extension headers as an
expansion mechanism to carry optional internet-layer information.
Extension headers, with the exception of the Hop-by-Hop Options
header, are not usually processed on intermediate nodes. However,
several existing deployed IPv6 routers and several existing deployed
IPv6 firewalls, in contradiction to [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>], are capable of parsing
past or ignoring all currently defined IPv6 extension headers (e.g.,
to examine transport-layer header fields) at wire speed (e.g., by
using custom Application-specific Integrated Circuits (ASICs) for
packet processing). Hence, one must also consider that any new IPv6
extension header will break IPv6 deployments that use these existing
capabilities.
Any IPv6 header or option that has hop-by-hop behavior, and is
intended for general use in the public IPv6 Internet, could be
subverted to create an attack on IPv6 routers that process packets
containing such a header or option. Reports from the field indicate
that some IP routers deployed within the global Internet are
configured either to ignore the presence of headers with hop-by-hop
<span class="grey">Krishnan, et al. Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6564">RFC 6564</a> Format for IPv6 Extension Headers April 2012</span>
behavior or to drop packets containing headers with hop-by-hop
behavior.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Conventions Used in This Document</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Applicability</span>
The base IPv6 standard [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>] allows the use of both extension
headers and destination options in order to encode optional
destination information in an IPv6 packet. The use of destination
options to encode this information provides more flexible handling
characteristics and better backward compatibility than using
extension headers. Because of this, implementations SHOULD use
destination options as the preferred mechanism for encoding optional
destination information, and use a new extension header only if
destination options do not satisfy their needs. The request for
creation of a new IPv6 extension header MUST be accompanied by a
specific explanation of why destination options could not be used to
convey this information.
The base IPv6 standard [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>] defines 3 extension headers (i.e.,
Routing header, Destination Options header, Hop-by-Hop Options
header) to be used for any new IPv6 options. The same standard only
allows the creation of new extension headers in limited circumstances
(<a href="./rfc2460#section-4.6">[RFC2460], Section 4.6</a>).
As noted above, the use of any option with hop-by-hop behavior can be
problematic in the global public Internet. New IPv6 extension
header(s) having hop-by-hop behavior MUST NOT be created or
specified. New options for the existing Hop-by-Hop Header SHOULD NOT
be created or specified unless no alternative solution is feasible.
Any proposal to create a new option for the existing Hop-by-Hop
Header MUST include a detailed explanation of why the hop-by-hop
behavior is absolutely essential in the document proposing the new
option with hop-by-hop behavior.
The use of IPv6 Destination Options to encode information provides
more flexible handling characteristics and better backward
compatibility than using a new extension header. Because of this,
new optional information to be sent SHOULD be encoded in a new option
for the existing IPv6 Destination Options header.
<span class="grey">Krishnan, et al. Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6564">RFC 6564</a> Format for IPv6 Extension Headers April 2012</span>
Mindful of the need for compatibility with existing IPv6 deployments,
new IPv6 extension headers MUST NOT be created or specified, unless
no existing IPv6 extension header can be used by specifying a new
option for that existing IPv6 extension header. Any proposal to
create or specify a new IPv6 extension header MUST include a detailed
technical explanation of why no existing IPv6 extension header can be
used in the document proposing the new IPv6 extension header.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Proposed IPv6 Extension Header Format</span>
Any IPv6 extension headers defined in the future, keeping in mind the
restrictions specified in <a href="#section-3">Section 3</a> and also the restrictions
specified in [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>], MUST use the consistent format defined in
Figure 1. This minimizes breakage in intermediate nodes that examine
these extension headers.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Header Specific Data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Next Header 8-bit selector. Identifies the type of header
immediately following the extension header.
Uses the same values as the IPv4 Protocol field
[<a href="#ref-IANA_IP_PARAM" title=""IP Parameters"">IANA_IP_PARAM</a>].
Hdr Ext Len 8-bit unsigned integer. Length of the extension
header in 8-octet units, not including the first
8 octets.
Header Specific Variable length. Fields specific to the
Data extension header.
Figure 1: Extension Header Layout
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Backward Compatibility</span>
The scheme proposed in this document is not intended to be backward
compatible with all the currently defined IPv6 extension headers. It
applies only to newly defined extension headers. Specifically, the
<span class="grey">Krishnan, et al. Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6564">RFC 6564</a> Format for IPv6 Extension Headers April 2012</span>
fragment header predates this document and does not follow the format
proposed in this document.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Future Work</span>
This document proposes one step in easing the inspection of extension
headers by middleboxes. There is further work required in this area.
Some issues that are left unresolved beyond this document include:
o There can be an arbitrary number of extension headers.
o Extension headers must be processed in the order they appear.
o Extension headers may alter the processing of the payload itself,
and hence the packet may not be processed properly without
knowledge of said header.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
This document proposes a standard format for the IPv6 extension
headers that minimizes breakage at intermediate nodes that inspect
but do not understand the contents of these headers. Intermediate
nodes, such as firewalls, that skip over unknown headers might end up
allowing the setup of a covert channel from the outside of the
firewall to the inside using the data field(s) of the unknown
extension headers.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Acknowledgements</span>
The authors would like to thank Albert Manfredi, Bob Hinden, Brian
Carpenter, Erik Nordmark, Hemant Singh, Lars Westberg, Markku Savela,
Tatuya Jinmei, Thomas Narten, Vishwas Manral, Alfred Hoenes, Joel
Halpern, Ran Atkinson, Steven Blake, Jari Arkko, Kathleen Moriarty,
Stephen Farrell, Ralph Droms, Sean Turner, and Adrian Farrel for
their reviews and suggestions that made this document better.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Normative References</span>
[<a id="ref-IANA_IP_PARAM">IANA_IP_PARAM</a>] IANA, "IP Parameters",
<<a href="http://www.iana.org/assignments/ip-parameters">http://www.iana.org/assignments/ip-parameters</a>>.
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC2460">RFC2460</a>] Deering, S. and R. Hinden, "Internet Protocol,
Version 6 (IPv6) Specification", <a href="./rfc2460">RFC 2460</a>, December
1998.
<span class="grey">Krishnan, et al. Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6564">RFC 6564</a> Format for IPv6 Extension Headers April 2012</span>
Authors' Addresses
Suresh Krishnan
Ericsson
8400 Decarie Blvd.
Town of Mount Royal, QC
Canada
Phone: +1 514 345 7900 x42871
EMail: suresh.krishnan@ericsson.com
James Woodyatt
Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
US
EMail: jhw@apple.com
Erik Kline
Google
Mori Tower 26F
Roppongi 6-10-1
Minato ku
Tokyo 106-6126
Japan
Phone: +81 3-6384-9635
EMail: ek@google.com
James Hoagland
Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
US
EMail: Jim_Hoagland@symantec.com
URI: <a href="http://symantec.com/">http://symantec.com/</a>
Manav Bhatia
Alcatel-Lucent
Bangalore
India
EMail: manav.bhatia@alcatel-lucent.com
Krishnan, et al. Standards Track [Page 6]
</pre>
|
