1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
|
<pre>Internet Engineering Task Force (IETF) F. Templin, Ed.
Request for Comments: 6706 Boeing Research & Technology
Category: Experimental August 2012
ISSN: 2070-1721
<span class="h1">Asymmetric Extended Route Optimization (AERO)</span>
Abstract
Nodes attached to common multi-access link types (e.g., multicast-
capable, shared media, non-broadcast multiple access (NBMA), etc.)
can exchange packets as neighbors on the link, but they may not
always be provisioned with sufficient routing information for optimal
neighbor selection. Such nodes should therefore be able to discover
a trusted intermediate router on the link that provides both
forwarding services to reach off-link destinations and redirection
services to inform the node of an on-link neighbor that is closer to
the final destination. This redirection can provide a useful route
optimization, since the triangular path from the ingress link
neighbor, to the intermediate router, and finally to the egress link
neighbor may be considerably longer than the direct path from ingress
to egress. However, ordinary redirection may lead to operational
issues on certain link types and/or in certain deployment scenarios.
This document therefore introduces an Asymmetric Extended Route
Optimization (AERO) capability that addresses the issues.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6706">http://www.rfc-editor.org/info/rfc6706</a>.
<span class="grey">Templin Experimental [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Templin Experimental [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-4">4</a>
<a href="#section-2">2</a>. Terminology .....................................................<a href="#page-6">6</a>
<a href="#section-3">3</a>. Motivation ......................................................<a href="#page-7">7</a>
<a href="#section-4">4</a>. Example Use Cases ...............................................<a href="#page-8">8</a>
<a href="#section-5">5</a>. Requirements ....................................................<a href="#page-9">9</a>
<a href="#section-6">6</a>. Asymmetric Extended Route Optimization (AERO) ..................<a href="#page-10">10</a>
<a href="#section-6.1">6.1</a>. AERO Link Dynamic Routing .................................<a href="#page-10">10</a>
<a href="#section-6.2">6.2</a>. AERO Node Behavior ........................................<a href="#page-11">11</a>
<a href="#section-6.2.1">6.2.1</a>. AERO Node Types ....................................<a href="#page-11">11</a>
<a href="#section-6.2.2">6.2.2</a>. AERO Host Behavior .................................<a href="#page-11">11</a>
<a href="#section-6.2.3">6.2.3</a>. Edge AERO Router Behavior ..........................<a href="#page-11">11</a>
<a href="#section-6.2.4">6.2.4</a>. Intermediate AERO Router Behavior ..................<a href="#page-12">12</a>
<a href="#section-6.3">6.3</a>. AERO Reference Operational Scenario .......................<a href="#page-12">12</a>
<a href="#section-6.4">6.4</a>. AERO Specification ........................................<a href="#page-14">14</a>
<a href="#section-6.4.1">6.4.1</a>. Traditional Redirection Approaches .................<a href="#page-14">14</a>
<a href="#section-6.4.2">6.4.2</a>. AERO Concept of Operations .........................<a href="#page-15">15</a>
<a href="#section-6.4.3">6.4.3</a>. Conceptual Data Structures and Protocol Constants ..16
<a href="#section-6.4.4">6.4.4</a>. Data Origin Authentication .........................<a href="#page-17">17</a>
<a href="#section-6.4.5">6.4.5</a>. AERO Redirection Message Format ....................<a href="#page-18">18</a>
<a href="#section-6.4.6">6.4.6</a>. Sending Predirects .................................<a href="#page-20">20</a>
<a href="#section-6.4.7">6.4.7</a>. Processing Predirects and Sending Redirects ........<a href="#page-21">21</a>
<a href="#section-6.4.8">6.4.8</a>. Forwarding Redirects ...............................<a href="#page-22">22</a>
<a href="#section-6.4.9">6.4.9</a>. Processing Redirects ...............................<a href="#page-23">23</a>
<a href="#section-6.4.10">6.4.10</a>. Sending Periodic Predirect Keepalives .............<a href="#page-24">24</a>
<a href="#section-6.4.11">6.4.11</a>. Neighbor Reachability Considerations ..............<a href="#page-26">26</a>
<a href="#section-6.4.12">6.4.12</a>. Mobility Considerations ...........................<a href="#page-26">26</a>
<a href="#section-6.4.13">6.4.13</a>. Link-Layer Address Change Considerations ..........<a href="#page-27">27</a>
<a href="#section-6.4.14">6.4.14</a>. Prefix Re-provisioning Considerations .............<a href="#page-28">28</a>
<a href="#section-6.4.15">6.4.15</a>. Backward Compatibility ............................<a href="#page-29">29</a>
<a href="#section-7">7</a>. IANA Considerations ............................................<a href="#page-29">29</a>
<a href="#section-8">8</a>. Security Considerations ........................................<a href="#page-29">29</a>
<a href="#section-9">9</a>. Acknowledgements ...............................................<a href="#page-29">29</a>
<a href="#section-10">10</a>. References ....................................................<a href="#page-30">30</a>
<a href="#section-10.1">10.1</a>. Normative References .....................................<a href="#page-30">30</a>
<a href="#section-10.2">10.2</a>. Informative References ...................................<a href="#page-30">30</a>
<a href="#appendix-A">Appendix A</a>. Intermediate Router Interworking ......................<a href="#page-32">32</a>
<span class="grey">Templin Experimental [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Nodes attached to common multi-access link types (e.g., multicast-
capable, shared media, non-broadcast multiple access (NBMA), etc.)
can exchange packets as neighbors on the link, but they may not
always be provisioned with sufficient routing information for optimal
neighbor selection. Such nodes should therefore be able to discover
a trusted intermediate router on the link that provides both default
forwarding services to reach off-link destinations and redirection
services to inform the node of an on-link neighbor that is closer to
the final destination.
+--------------+
| Router A |
| (D->C) |
+--------------+
|
X--------+--------+--------+------X
| |
+----------+---+ +---+----------+
| Node B | | Router C |
| (default->A) | +-------+------+
+--------------+ .-.
,-( _)-.
.-(_ IPv6 )-.
(__ EUN )
`-(______)-'
+-------+------+
| Node D |
+--------------+
Figure 1: Traditional Multi-Access Link Redirection
Figure 1 shows a traditional multi-access link redirection scenario.
In this figure, node ('B') is provisioned with only a default route
with router ('A') as the next hop. Router ('A'), in turn, has a more
specific route that lists router ('C') as the next-hop neighbor on
the link for the End User Network (EUN) attached to node ('D').
If node ('B') has a packet to send to node ('D'), node ('B') is
obliged to send its initial packets via router ('A'). Router ('A')
then forwards the packet to router ('C') and also returns a
redirection control message to inform ('B') that ('C') is, in fact,
an on-link neighbor that is closer to the final destination ('D').
After receiving the redirection control message, node ('B') can place
a more specific route in its forwarding table so that future packets
destined to node ('D') can be sent directly via router ('C'), as
shown in Figure 2.
<span class="grey">Templin Experimental [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
+--------------+
| Router A |
| (D->C) |
+--------------+
|
X--------+--------+--------+------X
| |
+----------+---+ +---+----------+
| Node B | | Router C |
| (default->A) | +-------+------+
| (D->C) | .-.
+--------------+ ,-( _)-.
.-(_ IPv6 )-.
(__ EUN )
`-(______)-'
+-------+------+
| Node D |
+--------------+
Figure 2: More Specific Route Following Redirection
This traditional redirection can provide a useful route optimization,
since the triangular path from the ingress link neighbor, to the
intermediate router, and finally to the egress link neighbor may be
considerably longer than the direct path from ingress to egress.
However, ordinary redirection may lead to operational issues on
certain link types and/or in certain deployment scenarios.
For example, when an ingress link neighbor accepts an ordinary
redirection control message, it has no way of knowing whether the
egress link neighbor is ready and willing to accept packets directly
without forwarding through an intermediate router. Likewise, the
egress has no way of knowing that the ingress is authorized to
forward packets from the claimed network-layer source address. (This
is especially important for very large links, since any node on the
link can spoof the network-layer source address with low probability
of detection even if the link-layer source address cannot be
spoofed.) Additionally, the ingress would have no way of knowing
whether the direct path to the egress has failed, nor whether the
final destination has moved away from the egress to some other
network attachment point.
Therefore, a new approach is required that can enable redirection
signaling from the egress to the ingress link node under the
mediation of a trusted intermediate router. The mechanism is
asymmetric (since only the forward direction from the ingress to the
egress is optimized) and extended (since the redirection extends
<span class="grey">Templin Experimental [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
forward to the egress before reaching back to the ingress). This
document therefore introduces an Asymmetric Extended Route
Optimization (AERO) capability that addresses the issues.
While the AERO mechanisms were initially designed for the specific
purpose of NBMA tunnel virtual interfaces (e.g., see [<a href="./rfc2529" title=""Transmission of IPv6 over IPv4 Domains without Explicit Tunnels"">RFC2529</a>],
[<a href="./rfc5214" title=""Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)"">RFC5214</a>], [<a href="./rfc5569" title=""IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)"">RFC5569</a>], and [<a href="#ref-VET" title=""Virtual Enterprise Traversal (VET)"">VET</a>]), they can also be applied to any
multiple access link types that support redirection. The AERO
techniques are discussed herein with reference to IPv6
[<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>][RFC4861][<a href="./rfc4862" title=""IPv6 Stateless Address Autoconfiguration"">RFC4862</a>][RFC3315]; however, they can also be
applied to any other network-layer protocol (e.g., IPv4
[<a href="./rfc0791" title=""Internet Protocol"">RFC0791</a>][RFC0792][<a href="./rfc2131" title=""Dynamic Host Configuration Protocol"">RFC2131</a>], etc.) that provides a redirection
service (details of operation for other network-layer protocols are
out of scope).
This document is an Experimental RFC; therefore, it does not seek to
define a new standard for the Internet. Experimental status instead
of Standards Track has been used since the document proposes a new
and different dynamic routing mechanism. Experimentation will focus
on candidate multi-access link types that can connect large numbers
of neighboring nodes where the use of existing dynamic routing
protocols may be impractical. Examples include NBMA tunnel virtual
links, large bridged campus LANs, etc.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Terminology</span>
The terminology in the normative references applies; the following
terms are defined within the scope of this document:
AERO link
any link (either physical or virtual) over which the AERO
mechanisms can be applied. (For example, a virtual overlay of
tunnels can serve as an AERO link.)
AERO interface
a node's attachment to an AERO link.
AERO node
a router or host that is connected to an AERO link and that
participates in the AERO protocol on that link.
intermediate AERO router ("intermediate router")
a router that configures an advertising router interface on an
AERO link over which it can provide default forwarding and
redirection services for other AERO nodes.
<span class="grey">Templin Experimental [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
edge AERO router ("edge router")
a router that configures a non-advertising router interface on an
AERO link over which it can connect End User Networks (EUNs) to
the AERO link.
AERO host
a simple host on an AERO link.
ingress AERO node ("ingress node")
a node that injects packets into an AERO link.
egress AERO node ("egress node")
a node that receives packets from an AERO link.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Motivation</span>
AERO was designed to operate as an on-demand route optimization
function for nodes attached to a single multi-access link, i.e.,
similar to the standard IPv6 redirection mechanism based on ICMPv6
messaging [<a href="./rfc4443" title=""Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification"">RFC4443</a>][RFC4861]. However, AERO differs in that the
target of the redirection first receives a pre-authorization
notification, after which it returns route optimization information
to the source of the original packet. This scenario calls into
question whether a standard dynamic routing protocol could be used
instead of AERO, but a number of considerations indicate that
standard routing protocols may be poorly suited for the use cases
AERO was designed to address.
First, AERO is designed to work on very large multiple access links
that may connect a mix of many thousands of routers and hosts.
Traditional proactive dynamic routing protocols such as OSPF, IS-IS,
RIP, OLSR (Optimized Link State Routing), and TBRPF (Topology
Dissemination Based on Reverse-Path Forwarding) may be inefficient in
such environments due to the control message overhead scaling when
large numbers of routers are present and/or when link capacity is
low.
Second, AERO is designed to work on-demand of data packet arrival,
but it only seeks to discover neighbors on the same link and not
distant nodes that may be located many link hops away. Reactive
dynamic routing protocols such as Ad hoc On-Demand Distance Vector
(AODV) and Dynamic Source Routing (DSR) also operate on-demand;
however, they flood specialized route discovery messages that reach
all nodes on the link and may further traverse multiple link hops
<span class="grey">Templin Experimental [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
before a route reply is received. This requires a multicast-capable
network and does not ensure delivery of the original data packet,
which may be dropped or delayed during route discovery.
Additionally, AERO is designed to override an existing route to a
destination if the existing route directs traffic along a sub-optimal
path via an extraneous router on the shared link. AERO nodes send
data packets over a preexisting working route, and they may
subsequently receive notification of a better route based on route
optimization feedback from a trusted on-link neighbor. This stands
in contrast to on-demand routing protocols that were designed to
operate when no preexisting working routes are present and that
multicast explicit route request messages to receive a route reply
rather than simply unicast forwarding the data packet via a
preexisting route.
Finally, AERO requires less control message and/or processing
overhead than standard dynamic routing protocols on links for which
the number of routes that must be maintained by each router is far
smaller than the total number of routers on the link, and the routes
maintained by each router may be changing over time. For example, on
a link that connects N nodes, it will often be the case that each
node will only communicate with a small number of link neighbors, and
the set of neighbors may change dynamically over time. Therefore,
the number of active neighbor pairs on the link is V*N (where V is a
small variable number) instead of N**2. This is especially important
on very large links, e.g., for values of N such as 1,000 or more.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Example Use Cases</span>
AERO was designed to satisfy numerous operational use cases. As a
first example, a hypothetical major airline has deployed an overlay
network on top of the global Internet to track the aircraft in its
fleet. The global Internet therefore acts as the "link" over which
the overlay network is configured. Each aircraft acts as a mobile
router that fronts for an internal network that includes various
devices controlled and monitored by the airline. However, it would
be impractical for each aircraft to track the changing locations of
all other aircraft in the fleet due to control message overhead on
limited capacity communication links.
In this example, an aircraft ('A') en route to its destination needs
to report its ETA and communicate passenger itineraries to other en
route aircraft that will be servicing passenger connections. ('A')
knows the overlay network addresses of the other aircraft, but does
not know the current underlay address mappings. ('A') sends its
initial messages targeted to the other aircraft via an airline
central dispatch router ('D'), which may be located in a far away
<span class="grey">Templin Experimental [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
location. ('D') forwards the messages, but also initiates the AERO
redirection procedure to step out of the triangular path and allow
direct aircraft-to-aircraft communications.
In a second example, Mobile Ad hoc Networks (MANETs) are often
deployed in environments with a high degree of mobility, attrition,
and very limited wireless communications link bandwidth. Such
environments typically also require the use of network-layer security
mechanisms that view the MANET as a "link" over which encrypted
messages are forwarded in an overlay network. In such environments,
a dynamic routing protocol running in the overlay network may serve
to add unacceptable additional congestion to the already overtaxed
wireless links. In that case, the AERO route optimization mechanism
can eliminate costly extraneous routing hops without imparting
additional control message overhead.
In a further example, a large campus LAN that is joined by Layer 2
(L2) bridges may connect many thousands of routers and hosts that
appear to share a single common multi-access link. In that case, the
AERO mechanisms can be applied to satisfy the necessary intra-link
route optimization functions without employing an adjunct dynamic
routing protocol that may be inefficient for reasons mentioned above.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Requirements</span>
The route optimization mechanism must satisfy the following
requirements:
Req 1: Off-load traffic from performance-critical gateways.
The mechanism must offload sustained transit though an
intermediate AERO router that would otherwise become a
traffic concentrator.
Req 2: Support route optimization.
The ingress AERO node should be able to send packets directly
to the egress node without forwarding through an intermediate
router for route optimization purposes.
Req 3: Support scaling.
For scaling purposes, support interworking and control
message forwarding between multiple intermediate routers (see
<a href="#appendix-A">Appendix A</a>).
Req 4: Do not circumvent ingress filtering.
The mechanism must not open an attack vector where network-
layer source address spoofing is enabled even when link-layer
source address spoofing is disabled.
<span class="grey">Templin Experimental [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
Req 5: Do not expose packets to loss due to filtering.
The ingress AERO node must have a way of knowing that the
egress AERO node will accept its forwarded packets.
Req 6: Do not expose packets to loss due to path failure.
The ingress AERO node must have a way of discovering whether
the AERO egress node has gone unreachable on the route
optimized path.
Req 7: Do not introduce routing loops.
Intermediate routers must not invoke a route optimization
that would cause a routing loop to form.
Req 8: Support mobility.
The mechanism must continue to work even if the final
destination node/network moves from a first egress node and
re-associates with a second egress node.
Req 9: Support link layer address changes.
The mechanism must continue to work even if the Layer 2
addresses of ingress and/or egress AERO nodes change.
Req 10: Support network renumbering.
The mechanism must provide graceful transition when an AERO
node's attached EUN is renumbered.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Asymmetric Extended Route Optimization (AERO)</span>
The following sections specify an Asymmetric Extended Route
Optimization (AERO) capability that fulfills the requirements
specified in <a href="#section-5">Section 5</a>.
<span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. AERO Link Dynamic Routing</span>
In many AERO link use case scenarios (e.g., small enterprise
networks, small and stable MANETs, etc.), routers can engage in a
traditional dynamic routing protocol so that routing/forwarding
tables can be populated and standard forwarding between routers can
be used. In other scenarios (e.g., large enterprise/ISP networks,
cellular service provider networks, dynamic MANETs, etc.), this might
be impractical due to routing protocol control message scaling
issues.
When a traditional dynamic routing protocol cannot be used, the
mechanisms specified in this section can provide a useful on-demand
route discovery capability. When both traditional dynamic routing
<span class="grey">Templin Experimental [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
protocols and the AERO mechanism are active on the same link, routes
discovered by the dynamic routing protocol should take precedence
over those discovered by AERO.
<span class="h3"><a class="selflink" id="section-6.2" href="#section-6.2">6.2</a>. AERO Node Behavior</span>
The following sections discuss characteristics of nodes attached to
links over which AERO can be used.
<span class="h4"><a class="selflink" id="section-6.2.1" href="#section-6.2.1">6.2.1</a>. AERO Node Types</span>
Intermediate AERO routers configure their AERO link interfaces as
advertising router interfaces (see <a href="./rfc4861#section-6.2.2">[RFC4861], Section 6.2.2</a>);
therefore, they may send Router Advertisement (RA) messages that
include non-zero Router Lifetimes.
Edge AERO routers configure their AERO link interfaces as non-
advertising router interfaces.
AERO hosts configure their AERO link interfaces as simple host
interfaces.
<span class="h4"><a class="selflink" id="section-6.2.2" href="#section-6.2.2">6.2.2</a>. AERO Host Behavior</span>
AERO hosts observe the IPv6 host requirements defined in [<a href="./rfc6434" title=""IPv6 Node Requirements"">RFC6434</a>],
except that AERO hosts also engage in the AERO route optimization
procedure as specified in <a href="#section-6.4">Section 6.4</a>.
<span class="h4"><a class="selflink" id="section-6.2.3" href="#section-6.2.3">6.2.3</a>. Edge AERO Router Behavior</span>
Edge AERO routers observe the IPv6 router requirements defined in
[<a href="./rfc6434" title=""IPv6 Node Requirements"">RFC6434</a>] except that they act as "hosts" on their non-advertising
AERO link router interfaces in the same fashion as for IPv6 Customer
Premises Equipment (CPE) routers [<a href="./rfc6204" title=""Basic Requirements for IPv6 Customer Edge Routers"">RFC6204</a>]. Edge routers can then
acquire managed prefix delegations aggregated by an intermediate
router through the use of, e.g., DHCPv6 Prefix Delegation [<a href="./rfc3633" title=""IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6"">RFC3633</a>],
administrative configuration, etc.
After the edge router acquires prefixes, it can sub-delegate them to
nodes and links within its attached EUNs, then it can forward any
outbound packets coming from its EUNs via the intermediate router.
The edge router also engages in the AERO route optimization procedure
as specified in <a href="#section-6.4">Section 6.4</a>.
<span class="grey">Templin Experimental [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h4"><a class="selflink" id="section-6.2.4" href="#section-6.2.4">6.2.4</a>. Intermediate AERO Router Behavior</span>
Intermediate AERO routers observe the IPv6 router requirements
defined in [<a href="./rfc6434" title=""IPv6 Node Requirements"">RFC6434</a>] and respond to Router Solicitation (RS) messages
from AERO hosts and edge routers on their advertising AERO link
router interfaces by returning an RA message. Intermediate routers
further configure a DHCP relay/server function on their AERO links
and/or provide an administrative interface for delegation of network-
layer addresses and prefixes.
When the intermediate router completes a stateful network-layer
address or prefix delegation transaction (e.g., as a DHCPv6 relay/
server, etc.), it establishes forwarding table entries that list the
link-layer address of the client AERO node as the link-layer address
of the next hop toward the delegated network-layer addresses/
prefixes.
When the intermediate router forwards a packet out the same AERO
interface on which it arrived, it initiates an AERO route
optimization procedure as specified in <a href="#section-6.4">Section 6.4</a>.
<span class="h3"><a class="selflink" id="section-6.3" href="#section-6.3">6.3</a>. AERO Reference Operational Scenario</span>
Figure 3 depicts the AERO reference operational scenario. The figure
shows an intermediate AERO router ('A'), two edge AERO routers ('B',
'D'), an AERO host ('F'), and three ordinary IPv6 hosts ('C', 'E',
'G'):
<span class="grey">Templin Experimental [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
.-(::::::::)
.-(::: IPv6 :::)-. +-------------+
(:::: Internet ::::)--| Host G |
`-(::::::::::::)-' +-------------+
`-(::::::)-' 2001:db8:3::1
|
+--------------+ +--------------+
| Intermediate | | AERO Host F |
| AERO Router A| | (default->A) |
| (C->B; E->D) | +--------------+
+--------------+ 2001:db8:2:1
L3(A) L3(F)
L3(A) L2(F)
| |
X-----+-----------+-----------+-----------+---X
| AERO Link |
L2(B) L2(D)
L3(B) L3(D)
+--------------+ +--------------+ .-.
| AERO Edge | | AERO Edge | ,-( _)-.
| Router B | | Router D | .-(_ IPv6 )-.
| (default->A) | | (default->A) |--(__ EUN )
+--------------+ +--------------+ `-(______)-'
2001:db8:0::/48 2001:db8:1::/48 |
| 2001:db8:1::1
.-. +-------------+
,-( _)-. 2001:db8:0::1 | Host E |
.-(_ IPv6 )-. +-------------+ +-------------+
(__ EUN )--| Host C |
`-(______)-' +-------------+
Figure 3: AERO Reference Operational Scenario
In Figure 3, the intermediate AERO router ('A') connects to the AERO
link and connects to the IPv6 Internet, either directly or via other
IPv6 routers (not shown). Intermediate router ('A') configures an
AERO link interface with a link-local network-layer address L3(A) and
with link-layer address L2(A). The intermediate router ('A') next
arranges to add L2(A) to a published list of valid intermediate
routers for the link.
AERO node ('B') is an AERO edge router that connects to the AERO link
via an interface with link-local network-layer address L3(B) and with
link-layer address L2(B). Node ('B') configures a default route with
next-hop network-layer address L3(A) via the AERO interface, and it
assigns the network-layer prefix 2001:db8:0::/48 to its attached EUN
link. IPv6 host ('C') attaches to the EUN, and it configures the
network-layer address 2001:db8:0::1.
<span class="grey">Templin Experimental [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
AERO node ('D') is an AERO edge router that connects to the AERO link
via an interface with link-local network-layer address L3(D) and with
link-layer address L2(D). Node ('D') configures a default route with
next-hop network-layer address L3(A) via the AERO interface, and it
assigns the network-layer prefix 2001:db8:1::/48 to its attached EUN
link. IPv6 host ('E') attaches to the EUN, and it configures the
network-layer address 2001:db8:1::1.
AERO host ('F') connects to the AERO link via an interface with link-
local network-layer address L3(F) and with link-layer address L2(F).
Host ('F') configures a default route with next-hop network-layer
address L3(A) via the AERO interface, and it assigns the network-
layer address 2001:db8:2::1 to the AERO interface.
Finally, IPv6 host ('G') connects to an IPv6 network outside of the
AERO link domain. Host ('G') configures its IPv6 interface in a
manner specific to its attached IPv6 link, and it assigns the
network-layer address 2001:db8:3::1 to its IPv6 link interface.
In these arrangements, intermediate router ('A') must maintain state
that associates the delegated network-layer addresses/prefixes with
the link-local network-layer addresses of the correct edge routers
and/or hosts on the AERO link. The nodes must, in turn, maintain at
least a default route that points to intermediate router ('A'), and
they can discover more-specific routes either via a proactive dynamic
routing protocol or via the AERO mechanisms specified in <a href="#section-6.4">Section 6.4</a>.
<span class="h3"><a class="selflink" id="section-6.4" href="#section-6.4">6.4</a>. AERO Specification</span>
<a href="#section-6.3">Section 6.3</a> describes the AERO reference operational scenario. We
now discuss the operation and protocol details of AERO with respect
to this reference scenario.
<span class="h4"><a class="selflink" id="section-6.4.1" href="#section-6.4.1">6.4.1</a>. Traditional Redirection Approaches</span>
With reference to Figure 3, when the IPv6 source host ('C') sends a
packet to an IPv6 destination host ('E'), the packet is first
forwarded via the EUN to ingress AERO node ('B'). The ingress node
('B') then forwards the packet over its AERO interface to
intermediate router ('A'), which then forwards the packet to egress
AERO node ('D'), where the packet is finally forwarded to the IPv6
destination host ('E'). When intermediate router ('A') forwards the
packet back out on its advertising AERO interface, it must arrange to
redirect ingress node ('B') toward egress node ('D') as a better
next-hop node on the AERO link that is closer to the final
destination. However, this redirection process should only occur if
there is assurance that both the ingress and egress nodes are willing
participants.
<span class="grey">Templin Experimental [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
Consider a first alternative in which intermediate router ('A')
informs ingress node ('B') only and does not inform egress node ('D')
(i.e., "traditional redirection"). In that case, the egress node has
no way of knowing that the ingress is authorized to forward packets
from their claimed source network-layer addresses, and it may simply
elect to drop the packets. Also, the ingress node has no way of
knowing whether the egress is performing some form of source address
filtering that would reject packets arriving from a node other than a
trusted default router, nor whether the egress is even reachable via
a direct path that does not involve the intermediate router.
Finally, the ingress node has no way of knowing whether the final
destination has moved away from the egress node.
Consider a second alternative in which intermediate router ('A')
informs both ingress node ('B') and egress node ('D') separately, via
independent redirection control messages (i.e., "augmented
redirection"). In that case, several conditions can occur that could
result in communication failures. First, if the ingress receives the
redirection control message but the egress does not, subsequent
packets sent by the ingress could be dropped due to filtering since
the egress would not have neighbor state to verify their source
network-layer addresses. Second, if the egress receives the
redirection control message but the ingress does not, subsequent
packets sent in the reverse direction by the egress would be lost.
Finally, timing issues surrounding the establishment and garbage
collection of neighbor state at the ingress and egress nodes could
yield unpredictable behavior. For example, unless the timing were
carefully coordinated through some form of synchronization loop,
there would invariably be instances in which one node has the correct
neighbor state and the other node does not resulting in non-
deterministic packet loss.
Since neither of these alternatives can satisfy the requirements
listed in <a href="#section-5">Section 5</a>, a new redirection technique (i.e., "AERO
redirection") is needed.
<span class="h4"><a class="selflink" id="section-6.4.2" href="#section-6.4.2">6.4.2</a>. AERO Concept of Operations</span>
AERO redirection is used on links for which the traditional
redirection approaches described in <a href="#section-6.4.1">Section 6.4.1</a> are insufficient to
satisfy all requirements. We now discuss the concept of operations
for this new approach.
Again, with reference to Figure 3, when source host ('C') sends a
packet to destination host ('E'), the packet is first forwarded over
the source host's attached EUN to ingress node ('B'), which then
forwards the packet via its AERO interface to intermediate router
('A').
<span class="grey">Templin Experimental [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
Using AERO redirection, intermediate router ('A') then forwards the
packet out the same AERO interface toward egress node ('D') and also
sends an AERO "Predirect" message forward to the egress node as
specified in <a href="#section-6.4.6">Section 6.4.6</a>. The AERO Predirect message includes the
identity of ingress node ('B') as well as information that egress
node ('D') can use to determine the longest-match prefixes that cover
the source and destination network-layer addresses of the packet that
triggered the predirection event. After egress node ('D') receives
the AERO Predirect message, it process the message and returns an
AERO Redirect message to the intermediate router ('A') as specified
in <a href="#section-6.4.7">Section 6.4.7</a>. (During the process, it also creates or updates
neighbor state for ingress node ('B'), and retains this (src, dst)
"prefix pair" as ingress filtering information to accept future
packets using addresses matched by the prefixes from ingress node
('B').)
When the intermediate router ('A') receives the AERO Redirect
message, it processes the message and forwards it on to ingress node
('B') as specified in <a href="#section-6.4.8">Section 6.4.8</a>. The message includes the
identity of egress node ('D') as well as information that ingress
node ('B') can use to determine the longest-match prefixes that cover
the source and destination network-layer addresses of the packet that
triggered the redirection event. After ingress node ('B') receives
the AERO Redirect message, it processes the message as specified in
<a href="#section-6.4.9">Section 6.4.9</a>. (During the process, it also creates or updates
neighbor state for egress node ('D'), and retains this prefix pair as
forwarding information to forward future packets using addresses
matched by the prefixes to the egress node ('D').)
Following the above AERO Predirect/Redirect message exchange,
forwarding of packets with source and destination network-layer
addresses covered by the longest-match prefix pair is enabled in the
forward direction from ingress node ('B') to egress node ('D'). The
mechanisms that enable this exchange are specified in the following
sections.
<span class="h4"><a class="selflink" id="section-6.4.3" href="#section-6.4.3">6.4.3</a>. Conceptual Data Structures and Protocol Constants</span>
Each AERO node maintains a per-AERO interface conceptual neighbor
cache that includes an entry for each neighbor it communicates with
on the AERO link, the same as for any IPv6 interface (see [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>]).
Each AERO interface neighbor cache entry further maintains two lists
of (src, dst) prefix pairs. The AERO node adds a prefix pair to the
ACCEPT list if it has been informed by a trusted intermediate router
that it is safe to accept packets from the neighbor using network-
layer source and destination addresses covered by the prefix pair.
The AERO node adds a prefix pair to the FORWARD list if it has been
<span class="grey">Templin Experimental [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
informed by a trusted intermediate router that it is permitted to
forward packets to the neighbor using network-layer addresses covered
by the prefix pair.
When the node adds a prefix pair to a neighbor cache entry ACCEPT
list, it also sets an expiration timer for the prefix pair to
ACCEPT_TIME seconds. When the node adds a prefix pair to a neighbor
cache entry FORWARD list, it also sets an expiration timer for the
prefix pair to FORWARD_TIME seconds. The node further maintains a
keepalive interval KEEPALIVE_TIME used to limit the number of
keepalive control messages. Finally, the node maintains a constant
value MAX_RETRY to limit the number of keepalives sent when a
neighbor has gone unreachable.
It is RECOMMENDED that FORWARD_TIME be set to the default constant
value 30 seconds to match the default REACHABLE_TIME value specified
for IPv6 neighbor discovery [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>].
It is RECOMMENDED that ACCEPT_TIME be set to the default constant
value 40 seconds to allow a 10 second window so that the AERO
redirection procedure can converge before the ACCEPT_TIME timer
decrements below FORWARD_TIME.
It is RECOMMENDED that KEEPALIVE_TIME be set to the default constant
value 5 seconds to providing timely reachability verification without
causing excessive control message overhead.
It is RECOMMENDED that MAX_RETRY be set to 3 the same as described
for IPv6 neighbor discovery address resolution in <a href="./rfc4861#section-7.3.3">Section 7.3.3 of
[RFC4861]</a>.
Different values for FORWARD_TIME, ACCEPT_TIME, KEEPALIVE_TIME, and
MAX_RETRY MAY be administratively set, if necessary, to better match
the AERO link's performance characteristics; however, if different
values are chosen, all nodes on the link MUST consistently configure
the same values. ACCEPT_TIME SHOULD further be set to a value that
is sufficiently longer than FORWARD time to allow the AERO
redirection procedure to converge.
<span class="h4"><a class="selflink" id="section-6.4.4" href="#section-6.4.4">6.4.4</a>. Data Origin Authentication</span>
AERO nodes MUST employ a data origin authentication check for the
packets they receive on an AERO interface. In particular, the node
considers the network-layer source address correct for the link-layer
source address if at least one of the following is true:
<span class="grey">Templin Experimental [Page 17]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
o the network-layer source address is an on-link address that embeds
the link-layer source address, or
o the network-layer source address is explicitly linked to the link-
layer source address through per-neighbor state, or
o the link-layer source address is the address of a trusted
intermediate AERO router.
When the AERO node receives a packet on an AERO interface, it
processes the packet further if it satisfies one of these data origin
authentication conditions; otherwise, it drops the packet.
Note that on links in which link-layer address spoofing is possible,
AERO nodes may require additional securing mechanisms. To address
this, future work will define a strong data origin authentication
scheme such as the use of digital signatures.
<span class="h4"><a class="selflink" id="section-6.4.5" href="#section-6.4.5">6.4.5</a>. AERO Redirection Message Format</span>
AERO Redirect/Predirect messages use the same format as for ICMPv6
Redirect messages depicted in <a href="./rfc4861#section-4.5">Section 4.5 of [RFC4861]</a>; however, the
messages are encapsulated in a UDP header [<a href="./rfc0768" title=""User Datagram Protocol"">RFC0768</a>] to distinguish
them from ordinary ICMPv6 Redirect messages. AERO Redirect messages
therefore require a new UDP service port number 'AERO_PORT'.
AERO Redirect/Predirect messages are formatted as shown in Figure 4:
<span class="grey">Templin Experimental [Page 18]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (=0) | Code (=0) | Checksum (=0) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|P| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Target Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+-+-+-+-+-+-+-+-
Figure 4: AERO Redirect/Predirect Message Format
The AERO Redirect/Predirect message sender sets the 'Type' field to 0
(since this is not an actual ICMPv6 message), and it also sets the
'Checksum' field to 0 (since the UDP checksum will provide protection
for the entire packet). The sender further sets the 'P' bit to 1 if
this is a 'Predirect' message and sets the 'P' bit to 0 if this is a
'Redirect' message (as described below).
The sender then encapsulates the AERO Redirect message in IP/UDP
headers as shown in Figure 5:
<span class="grey">Templin Experimental [Page 19]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
+--------------------+
~ IP header ~
+--------------------+
~ UDP header ~
+--------------------+
| |
~ AERO Redirect ~
~ Message ~
| |
+--------------------+
Figure 5: AERO Message UDP Encapsulation Format
The AERO Redirect/Predirect message sender sets the UDP destination
port number to 'AERO_PORT' and sets the UDP source port number to a
(pseudo-)random value. The sender next sets the UDP length field to
the length of the UDP message, then calculates the checksum across
the message and writes the value into the UDP checksum field. Next,
the sender sets the IP TTL/Hop-limit field to a small integer value
chosen to provide a quick exit from any temporal routing loops. It
is RECOMMENDED that the sender set IP TTL/Hop-limit to the value 8
unless it has better knowledge of the AERO link characteristics.
<span class="h4"><a class="selflink" id="section-6.4.6" href="#section-6.4.6">6.4.6</a>. Sending Predirects</span>
When an intermediate AERO router forwards a packet out the same AERO
interface that it arrived on, the router sends an AERO Predirect
message forward toward the egress AERO node instead of sending an
ICMPv6 Redirect message back to the ingress AERO node.
In the reference operational scenario, when the intermediate router
('A') forwards a packet sent by the ingress node ('B') toward the
egress node ('D'), it also sends an AERO Predirect message forward
toward the egress, subject to rate limiting (see <a href="./rfc4861#section-8.2">Section 8.2 of
[RFC4861]</a>). The intermediate router ('A') prepares the AERO
Predirect message as follows:
o the link-layer source address is set to 'L2(A)' (i.e., the link-
layer address of the intermediate router).
o the link-layer destination address is set to 'L2(D)' (i.e., the
link-layer address of the egress node).
o the network-layer source address is set to 'L3(A)' (i.e., the
link-local network-layer address of the intermediate router).
o the network-layer destination address is set to 'L3(D)' (i.e., the
link-local network-layer address of the egress node).
<span class="grey">Templin Experimental [Page 20]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-21" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
o the UDP destination port is set to 'AERO_PORT'.
o the Target and Destination Addresses are both set to 'L3(B)'
(i.e., the link-local network-layer address of the ingress node).
o on links that require stateful address mapping, the message
includes a Target Link Layer Address Option (TLLAO) set to 'L2(B)'
(i.e., the link-layer address of the ingress node).
o the message includes a Route Information Option (RIO) [<a href="./rfc4191" title=""Default Router Preferences and More-Specific Routes"">RFC4191</a>]
that encodes the ingress node's network-layer address/prefix
delegation that covers the network-layer source address of the
originating packet.
o the message includes a Redirected Header Option (RHO) that
contains the originating packet truncated to ensure that at least
the network-layer header is included but the size of the message
does not exceed 1280 bytes.
o the 'P' bit is set to P=1.
The intermediate router ('A') then sends the message forward to the
egress node ('D').
<span class="h4"><a class="selflink" id="section-6.4.7" href="#section-6.4.7">6.4.7</a>. Processing Predirects and Sending Redirects</span>
When the egress node ('D') receives an AERO Predirect message, it
accepts the message only if it satisfies the data origin
authentication requirements specified in <a href="#section-6.4.4">Section 6.4.4</a>. The egress
further accepts the message only if it is willing to serve as a
redirection target.
Next, the egress node ('D') validates the message according to the
ICMPv6 Redirect message validation rules in <a href="./rfc4861#section-8.1">Section 8.1 of [RFC4861]</a>
with the exception that the message includes a Type value of 0, a
Checksum value of 0 and a link-local address in the ICMP destination
field that differs from the destination address of the packet header
encapsulated in the RHO.
In the reference operational scenario, when the egress node ('D')
receives a valid AERO Predirect message, it either creates or updates
a neighbor cache entry that stores the Target address of the message
(i.e., the link-local network-layer address of the ingress node
('B')). The egress node ('D') then records the prefix found in the
RIO along with its own prefix that matches the network-layer
destination address in the packet header found in the RHO with the
neighbor cache entry as an acceptable (src, dst) prefix pair. The
egress node ('D') then adds the prefix pair to the neighbor cache
<span class="grey">Templin Experimental [Page 21]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-22" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
entry ACCEPT list, and sets/resets an expiration timer for the prefix
pair to ACCEPT_TIME seconds. If the timer later expires, the egress
node ('D') deletes the prefix pair.
After processing the message, the egress node ('D') prepares an AERO
Redirect message response as follows:
o the link-layer source address is set to 'L2(D)' (i.e., the link-
layer address of the egress node).
o the link-layer destination address is set to 'L2(A)' (i.e., the
link-layer address of the intermediate router).
o the network-layer source address is set to 'L3(D)' (i.e., the
link-local network-layer address of the egress node).
o the network-layer destination address is set to 'L3(B)' (i.e., the
link-local network-layer address of the ingress node).
o the UDP destination port is set to 'AERO_PORT'.
o the Target and the Destination Addresses are both set to 'L3(D)'
(i.e., the link-local network-layer address of the egress node).
o on links that require stateful address mapping, the message
includes a Target Link Layer Address Option (TLLAO) set to
'L2(D)'.
o the message includes an RIO that encodes the egress node's
network-layer address/prefix delegation that covers the network-
layer destination address of the originating packet.
o the message includes as much of the RHO copied from the
corresponding AERO Predirect message as possible such that at
least the network-layer header is included but the size of the
message does not exceed 1280 bytes.
o the 'P' bit is set to P=0.
After the egress node ('D') prepares the AERO Redirect message, it
sends the message to the intermediate router ('A').
<span class="h4"><a class="selflink" id="section-6.4.8" href="#section-6.4.8">6.4.8</a>. Forwarding Redirects</span>
When the intermediate router ('A') receives an AERO Redirect message,
it accepts the message only if it satisfies the data origin
authentication requirements specified in <a href="#section-6.4.4">Section 6.4.4</a>. Next, the
intermediate router ('A') validates the message the same as described
<span class="grey">Templin Experimental [Page 22]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-23" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
in <a href="#section-6.4.7">Section 6.4.7</a>. Following validation, the intermediate router
('A') processes the Redirect, and then forwards a corresponding
Redirect on to the ingress node ('B') as follows.
In the reference operational scenario, the intermediate router ('A')
receives the AERO Redirect message from the egress node ('D') and
prepares to forward a corresponding AERO Redirect message to the
ingress node ('B'). The intermediate router ('A') then verifies that
the RIO encodes a network-layer address/prefix that the egress node
('D') is authorized to use, and it discards the message if
verification fails. Otherwise, the intermediate router ('A') changes
the link-layer source address of the message to 'L2(A)', changes the
network-layer source address of the message to the link-local
network-layer address 'L3(A)', and changes the link-layer destination
address to 'L2(B)' . The intermediate router ('A') finally
decrements the IP TTL/Hop-limit and forwards the message to the
ingress node ('B').
<span class="h4"><a class="selflink" id="section-6.4.9" href="#section-6.4.9">6.4.9</a>. Processing Redirects</span>
When the ingress node ('B') receives an AERO Redirect message (i.e.,
one with P=0), it accepts the message only if it satisfies the data
origin authentication requirements specified in <a href="#section-6.4.4">Section 6.4.4</a>. Next,
the ingress node ('B') validates the message the same as described in
<a href="#section-6.4.6">Section 6.4.6</a>. Following validation, the ingress node ('B') then
processes the message as follows.
In the reference operational scenario, when the ingress node ('B')
receives the AERO Redirect message, it either creates or updates a
neighbor cache entry that stores the Target address of the message
(i.e., the link-local network-layer address of the egress node
'L3(D)'). The ingress node ('B') then records the (src, dst) prefix
pair associated with the triggering packet in the neighbor cache
entry FORWARD list, i.e., it records its prefix that matches the
redirected packet's network-layer source address and the prefix
listed in the RIO as the prefix pair. The ingress node ('B') then
sets/resets an expiration timer for the prefix pair to FORWARD_TIME
seconds. If the timer later expires, the ingress node ('B') deletes
the entry.
Now, the ingress node ('B') has a neighbor cache FORWARD list entry
for the prefix pair, and the egress node ('D') has a neighbor cache
ACCEPT list entry for the prefix pair. Therefore, the ingress node
('B') may forward ordinary network-layer data packets with network-
layer source and destination addresses that match the prefix pair
directly to the egress node ('D') without forwarding through the
intermediate router ('A'). Note that the ingress node must have a
way of informing the network layer of a route that associates the
<span class="grey">Templin Experimental [Page 23]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-24" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
destination prefix with this neighbor cache entry. The manner of
establishing such a route (and deleting it when it is no longer
necessary) is left to the implementation.
To enable packet forwarding in the reverse direction, a separate AERO
redirection operation is required that is the mirror-image of the
forward operation described above but the link segments traversed in
the forward and reverse directions may be different, i.e., the
operations are asymmetric.
<span class="h4"><a class="selflink" id="section-6.4.10" href="#section-6.4.10">6.4.10</a>. Sending Periodic Predirect Keepalives</span>
In order to prevent prefix pairs from expiring while data packets are
actively flowing, the ingress node ('B') can send AERO Predirect
messages directly to the egress node ('D') as a "keepalive" to
solicit AERO Redirect messages. The node should send such keepalive
messages only when a data packet covered by the prefix pair has been
sent recently, and should wait for at least KEEPALIVE_TIME seconds
before sending each successive keepalive message in order to limit
control message overhead.
In the reference operational scenario, when the ingress node ('B')
needs to refresh the FORWARD timer for a specific prefix pair, it can
send an AERO Predirect message directly to the egress node ('D')
prepared as follows:
o the link-layer source address is set to 'L2(B)' (i.e., the link-
layer address of the ingress node).
o the link-layer destination address is set to 'L2(D)' (i.e., the
link-layer address of the egress node).
o the network-layer source address is set to 'L3(B)' (i.e., the
link-local network-layer address of the ingress node).
o the network-layer destination address is set to 'L3(D)' (i.e., the
link-local network-layer address of the egress node).
o the UDP destination port is set to 'AERO_PORT'.
o the Predirect Target and Destination Addresses are both set to
'L3(B)' (i.e., the link-local network-layer address of the ingress
node).
o the message includes an RHO that contains the originating packet
truncated to ensure that at least the network-layer header is
included but the size of the message does not exceed 1280 bytes.
<span class="grey">Templin Experimental [Page 24]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-25" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
o the 'P' bit is set to P=1.
When the egress node ('D') receives the AERO Predirect message, it
validates the message the same as described in <a href="#section-6.4.6">Section 6.4.6</a>.
Following validation, the egress node ('D') then resets its ACCEPT
timer for the prefix pair that matches the originating packet's
network-layer source and destination addresses to ACCEPT_TIME
seconds, and it sends an AERO Redirect message directly to the
ingress node ('B') prepared as follows:
o the link-layer source address is set to 'L2(D)' (i.e., the link-
layer address of the egress node).
o the link-layer destination address is set to 'L2(B)' (i.e., the
link-layer address of the ingress node).
o the network-layer source address is set to 'L3(D)' (i.e., the
link-local network-layer address of the egress node).
o the network-layer destination address is set to 'L3(B)' (i.e., the
link-local network-layer address of the ingress node).
o the UDP destination port is set to 'AERO_PORT'.
o the Redirect Target and Destination Addresses are both set to
'L3(D)' (i.e., the link-local network-layer address of the egress
node).
o the message includes as much of the RHO copied from the
corresponding AERO Predirect message as possible such that at
least the network-layer header is included but the size of the
message does not exceed 1280 bytes.
o the 'P' bit is set to P=0.
When the ingress node ('B') receives the AERO Redirect message, it
validates the message the same as described in <a href="#section-6.4.6">Section 6.4.6</a>.
Following validation, the ingress node ('B') then resets its FORWARD
timer for the prefix pair that matches the originating packet's
network-layer source and destination addresses to FORWARD_TIME
seconds.
In this process, if the ingress node sends MAX_RETRY AERO Predirect
messages as keepalives without receiving an AERO Redirect message
reply, it can either declare the prefix pair unreachable immediately
or allow the pair to expire after FORWARD_TIME seconds.
<span class="grey">Templin Experimental [Page 25]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-26" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h4"><a class="selflink" id="section-6.4.11" href="#section-6.4.11">6.4.11</a>. Neighbor Reachability Considerations</span>
When the ingress node ('B') receives an AERO Redirect message
informing it of a direct path to a new egress node ('D'), there is a
question in point as to whether the new egress node ('D') can be
reached directly without forwarding through an intermediate router
('A'). On some AERO links, it may be reasonable for the ingress node
('B') to (optimistically) assume that reachability is transitive, and
to immediately begin forwarding data packets to the egress node ('D')
without testing reachability.
On AERO links in which an optimistic assumption of transitive
reachability may be unreasonable, however, the ingress node ('B') can
defer the redirection until it tests the direct path to the egress
node ('D'), e.g., by sending an IPv6 Neighbor Solicitation to elicit
an IPv6 Neighbor Advertisement response. If the ingress node ('B')
is unable to elicit a response after MAX_RETRY attempts, it should
consider the direct path to the egress node ('D') to be unusable.
In either case, the ingress node ('B') can process any link errors
corresponding to the data packets sent directly to the egress node
('D') as a hint that the direct path has either failed or has become
intermittent. Conversely, the ingress node ('B') can further process
any AERO Redirect messages received as evidence of neighbor
reachability.
<span class="h4"><a class="selflink" id="section-6.4.12" href="#section-6.4.12">6.4.12</a>. Mobility Considerations</span>
Again, with reference to Figure 3, egress node ('D') can configure
both a non-advertising router interface on a provider AERO link and
advertising router interfaces on its connected EUN links. When an
EUN node ('E') in one of the egress node's connected EUNs moves to a
different network point of attachment, however, it can release its
network-layer address/prefix delegations that were registered with
egress node ('D' ) and re-establish them via a different router.
When the EUN node ('E') releases its network-layer address/prefix
delegations, the egress node ('D') marks its forwarding table entries
corresponding to the network-layer addresses/prefixes as "departed"
and no longer responds to AERO Predirect messages for the departed
addresses/prefixes. When egress node ('D') receives packets from an
ingress node ('B') with network-layer source and destination
addresses that match a prefix pair on the ACCEPT list, it forwards
them to the last-known link-layer address of EUN node ('E') as a
means for avoiding mobility-related packet loss during routing
changes. Egress node ('D') also returns a NULL AERO Redirect message
to inform the ingress node ('B') of the departure. The message is
prepared as follows:
<span class="grey">Templin Experimental [Page 26]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-27" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
o the link-layer source address is set to 'L2(D)'.
o the link-layer destination address is set to 'L2(B)'.
o the network-layer source address is set to the link-local address
'L3(D)'.
o the network-layer destination address is set to the link-local
address 'L3(B)'.
o the UDP destination port is set to 'AERO_PORT'.
o the Redirect Target and Destination Addresses are both set to
NULL.
o the message includes an RHO that contains as much of the original
packet as possible such that at least the network-layer header is
included but the size of the message does not exceed 1280 bytes.
o the 'P' bit is set to P=0.
When ingress node ('B') receives the NULL AERO Redirect message, it
deletes the prefix pair associated with the packet in the RHO from
its list of forwarding entries corresponding to egress node ('D').
When egress node ('D')s ACCEPT_TIME timer for the prefix pair
corresponding to the departed prefix expires, it deletes the prefix
pairs from its list of ingress filtering entries corresponding to
ingress node ('B').
Eventually, any such correspondent AERO nodes will receive a NULL
AERO Redirect message and will cease to use the egress node ('D') as
a next hop. They will then revert to sending packets destined to the
EUN node ('E') via a trusted intermediate router and may subsequently
receive new AERO Redirect messages to discover that the EUN node
('E') is now associated with a new AERO edge router.
Note that any packets forwarded by the egress node ('D') via a
departed forwarding table entry may be lost if the (mobile) EUN node
('E') moves off-link with respect to its previous EUN point of
attachment. This should not be a problem for large links (e.g.,
large cellular network deployments, large ISP networks, etc.) in
which all/most mobility events are intra-link.
<span class="h4"><a class="selflink" id="section-6.4.13" href="#section-6.4.13">6.4.13</a>. Link-Layer Address Change Considerations</span>
When an ingress node needs to change its link-layer address, it
deletes each FORWARD list entry that was established under the old
link layer address, changes the link layer address, then allows
<span class="grey">Templin Experimental [Page 27]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-28" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
packets to again flow through an intermediate router. Any egress
node that receives the packets will also receive new AERO Predirect
messages from the intermediate router. The egress node then deletes
the ACCEPT entry that included the ingress node's old link-layer
address and installs a new ACCEPT entry that includes the ingress
node's new link-layer address. The egress then returns a new AERO
Redirect message to the ingress node via the intermediate router,
which the ingress node uses to establish a new FORWARD list entry.
When an egress node needs to change its link-layer address, it
deletes each entry in the ACCEPT list and SHOULD also send NULL AERO
Redirect messages to the corresponding ingress node (i.e., the same
as described for mobility operations in <a href="#section-6.4.12">Section 6.4.12</a>) before
changing the link-layer address. Any ingress node that receives the
NULL AERO Redirect messages will delete any corresponding FORWARD
list entries and again allow packets to flow through an intermediate
router. The egress then changes the link-layer address, and it sends
new AERO Redirect messages in response to any AERO Predirect messages
it receives from the intermediate router while using the new link-
layer address.
<span class="h4"><a class="selflink" id="section-6.4.14" href="#section-6.4.14">6.4.14</a>. Prefix Re-provisioning Considerations</span>
When an AERO node configures one or more FORWARD/ACCEPT list prefix
pair entries, and the prefixes associated with the pair are somehow
reconfigured or renumbered, the stale FORWARD/ACCEPT list information
must be deleted.
When an ingress node ('B') reconfigures its network-layer source
prefix in such a way that the ACCEPT list entry in the egress node
('D') would no longer be valid (e.g., the prefix length of the source
prefix changes), the ingress node ('B') simply deletes the prefix
pair form its FORWARD list and allows subsequent packets to again
flow through an intermediate router ('A').
When the egress node ('D') reconfigures its network-layer destination
prefix in such a way that the FORWARD list entry in the ingress node
('B') would no longer be valid, the egress node ('D') sends a NULL
AERO Redirect message to the ingress node ('B') the same as described
for mobility and link-layer address change considerations when it
receives either an AERO Predirect message or a data packet (subject
to rate limiting) from the ingress node ('B').
<span class="grey">Templin Experimental [Page 28]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-29" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h4"><a class="selflink" id="section-6.4.15" href="#section-6.4.15">6.4.15</a>. Backward Compatibility</span>
There are no backward compatibility considerations since AERO
Redirect/Predirect messages use a new UDP port number that
distinguishes them from other kinds of control messages. Therefore,
legacy nodes will simply discard any AERO Redirect/Predirect messages
they may accidentally receive.
Note however that AERO redirection requires that all three (the
ingress, intermediate router, and egress) participate in the
protocol. Additionally, the intermediate router SHOULD disable
ordinary ICMPv6 Redirects when AERO redirection is enabled.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. IANA Considerations</span>
IANA has assigned UDP user port number 8060 for this protocol via the
expert review process [<a href="./rfc5226" title="">RFC5226</a>].
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Security Considerations</span>
AERO link security considerations are the same as for standard IPv6
Neighbor Discovery [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>] except that AERO improves on some
aspects. In particular, AERO is dependent on a trust basis between
AERO edge nodes and intermediate routers, where the edge nodes must
only engage in the AERO mechanism when it is facilitated by a trusted
intermediate router.
AERO links must be protected against link-layer address spoofing
attacks in which an attacker on the link pretends to be a trusted
neighbor. Links that provide link-layer securing mechanisms (e.g.,
WiFi networks) and links that provide physical security (e.g.,
enterprise network LANs) provide a first line of defense that is
often sufficient. In other instances, sufficient assurances against
link-layer address spoofing attacks are possible if the source can
digitally sign its messages through means outside the scope of this
document.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Acknowledgements</span>
Discussions both on the v6ops list and in private exchanges helped
shape some of the concepts in this work. Individuals who contributed
insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant,
Brian Carpenter, Brian Haberman, Joel Halpern, and Lee Howard.
Members of the IESG also provided valuable input during their review
process that greatly improved the document. Special thanks go to
Stewart Bryant, Joel Halpern, and Brian Haberman for their
shepherding guidance.
<span class="grey">Templin Experimental [Page 29]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-30" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h2"><a class="selflink" id="section-10" href="#section-10">10</a>. References</span>
<span class="h3"><a class="selflink" id="section-10.1" href="#section-10.1">10.1</a>. Normative References</span>
[<a id="ref-RFC0768">RFC0768</a>] Postel, J., "User Datagram Protocol", STD 6, <a href="./rfc768">RFC 768</a>,
August 1980.
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC2460">RFC2460</a>] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", <a href="./rfc2460">RFC 2460</a>, December 1998.
[<a id="ref-RFC4191">RFC4191</a>] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", <a href="./rfc4191">RFC 4191</a>, November 2005.
[<a id="ref-RFC4861">RFC4861</a>] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", <a href="./rfc4861">RFC 4861</a>,
September 2007.
[<a id="ref-RFC4862">RFC4862</a>] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", <a href="./rfc4862">RFC 4862</a>, September 2007.
[<a id="ref-RFC5226">RFC5226</a>] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", <a href="https://www.rfc-editor.org/bcp/bcp26">BCP 26</a>, <a href="./rfc5226">RFC 5226</a>,
May 2008.
[<a id="ref-RFC6434">RFC6434</a>] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node
Requirements", <a href="./rfc6434">RFC 6434</a>, December 2011.
<span class="h3"><a class="selflink" id="section-10.2" href="#section-10.2">10.2</a>. Informative References</span>
[<a id="ref-IRON">IRON</a>] Templin, F., "The Internet Routing Overlay Network
(IRON)", Work in Progress, June 2012.
[<a id="ref-RFC0791">RFC0791</a>] Postel, J., "Internet Protocol", STD 5, <a href="./rfc791">RFC 791</a>,
September 1981.
[<a id="ref-RFC0792">RFC0792</a>] Postel, J., "Internet Control Message Protocol", STD 5,
<a href="./rfc792">RFC 792</a>, September 1981.
[<a id="ref-RFC2131">RFC2131</a>] Droms, R., "Dynamic Host Configuration Protocol",
<a href="./rfc2131">RFC 2131</a>, March 1997.
[<a id="ref-RFC2529">RFC2529</a>] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
Domains without Explicit Tunnels", <a href="./rfc2529">RFC 2529</a>, March 1999.
<span class="grey">Templin Experimental [Page 30]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-31" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
[<a id="ref-RFC3315">RFC3315</a>] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", <a href="./rfc3315">RFC 3315</a>, July 2003.
[<a id="ref-RFC3633">RFC3633</a>] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", <a href="./rfc3633">RFC 3633</a>,
December 2003.
[<a id="ref-RFC4443">RFC4443</a>] Conta, A., Deering, S., and M. Gupta, "Internet Control
Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification", <a href="./rfc4443">RFC 4443</a>, March 2006.
[<a id="ref-RFC5214">RFC5214</a>] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP)", <a href="./rfc5214">RFC 5214</a>,
March 2008.
[<a id="ref-RFC5569">RFC5569</a>] Despres, R., "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd)", <a href="./rfc5569">RFC 5569</a>, January 2010.
[<a id="ref-RFC6204">RFC6204</a>] Singh, H., Beebee, W., Donley, C., Stark, B., and O.
Troan, "Basic Requirements for IPv6 Customer Edge
Routers", <a href="./rfc6204">RFC 6204</a>, April 2011.
[<a id="ref-VET">VET</a>] Templin, F., <a style="text-decoration: none" href='https://www.google.com/search?sitesearch=datatracker.ietf.org%2Fdoc%2Fhtml%2F&q=inurl:draft-+%22Virtual+Enterprise+Traversal+%28VET%29%22'>"Virtual Enterprise Traversal (VET)"</a>, Work
in Progress, June 2012.
<span class="grey">Templin Experimental [Page 31]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-32" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Intermediate Router Interworking</span>
Figure 3 depicts a reference AERO operational scenario with a single
intermediate router on the AERO link. In order to support scaling to
larger numbers of nodes, the AERO link can deploy multiple
intermediate routers, e.g., as shown in Figure 6.
+--------------+ +--------------+
| Intermediate | +--------------+ | Intermediate |
| Router C | | Core Router D| | Router E |
| (default->D) | | (A->C; G->E) | | (default->D) |
| (A->B) | +--------------+ | (G->F) |
+-------+------+ +------+-------+
| |
X---+---+--------------------------------------+---+---X
| AERO Link |
+-----+--------+ +--------+-----+
| Edge Router B| | Edge Router F|
| (default->C) | | (default->E) |
+--------------+ +--------------+
.-. .-.
,-( _)-. ,-( _)-.
.-(_ IPv6 )-. .-(_ IPv6 )-.
(__ EUN ) (__ EUN )
`-(______)-' `-(______)-'
| |
+--------+ +--------+
| Host A | | Host G |
+--------+ +--------+
Figure 6: Multiple Intermediate Routers
In this example, the ingress AERO node ('B') (in this case an edge
router, but could also be a host) associates with intermediate AERO
router ('C'), while the egress AERO node ('F') (in this case an edge
router, but could also be a host) associates with intermediate AERO
router ('E'). Furthermore, intermediate routers ('C') and ('E') do
not associate with each other directly, but rather have an
association with a "core" router ('D') (i.e., a router that has full
topology information concerning its associated intermediate routers).
Core router ('D') may connect to either the AERO link or to other
physical or virtual links (not shown) to which intermediate routers
('C') and ('E') also connect.
When host ('A') sends a packet toward destination host ('G'), IPv6
forwarding directs the packet through the EUN to edge router ('B'),
which forwards the packet to intermediate router ('C') in absence of
more-specific forwarding information. Intermediate router ('C')
<span class="grey">Templin Experimental [Page 32]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-33" ></span>
<span class="grey"><a href="./rfc6706">RFC 6706</a> AERO August 2012</span>
forwards the packet, and it also generates an AERO Predirect message
that is then forwarded through core router ('D') to intermediate
router ('E'). When intermediate router ('E') receives the message,
it forwards the message to egress router ('F').
After processing the AERO Predirect message, egress router ('F')
sends an AERO Redirect message to intermediate router ('E').
Intermediate router ('E'), in turn, forwards the message through core
router ('D') to intermediate router ('C'). When intermediate router
('C') receives the message, it forwards the message to ingress edge
router ('B') informing it that host 'G's EUN can be reached via
egress router ('F'), thus completing the AERO redirection.
The interworkings between intermediate and core routers (including
the conveyance of pseudo Predirects and Redirects) must be carefully
coordinated in a manner outside the scope of this document. In
particular, the intermediate and core routers must ensure that any
routing loops that may be formed are temporal in nature. See [<a href="#ref-IRON" title=""The Internet Routing Overlay Network (IRON)"">IRON</a>]
for an architectural discussion of coordination between intermediate
and core routers.
Author's Address
Fred L. Templin (editor)
Boeing Research & Technology
P.O. Box 3707 MC 7L-49
Seattle, WA 98124
USA
EMail: fltemplin@acm.org
Templin Experimental [Page 33]
</pre>
|
