LOOPBACK6: A Utility For Detecting IPv6 Extension Header Changes

IPv6 [RFC8200] is an extensible protocol. Source nodes use IPv6 extension headers to elicit extended IPv6 behaviors. The following are a subset of IPv6 extension header types:

Hop-by-Hop Options
Routing
Destination Options

The Hop-by-hop Options extension header can be processed by each node along a packet's delivery path. However, the Routing extension header is processed by only a selected set of nodes along a packet's delivery path. And finally, the Destination Options extension header is processed by a packet's destination node only. Depending on their contents, IPv6 extensions headers can be mutable or immutable. Transit nodes can alter the contents of a mutable extension header. In at least one example , transit routers accumulate OAM information in mutable extension headers. However, transit nodes cannot alter the contents of an immutable extension header. LOOPBACK6 is a utility that network operators can use to determine how IPv6 extension headers have been altered by transit nodes. Its operation is similar to that of PING and PROBE . This document describes LOOPBACK6 operation.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Theory of Operation LOOPBACK6 executes on a probing node. It originates and sends an ICMPv6 Extended Echo Request message from the probing node to a probed interface that resides on a probed node. The L-bit of the ICMPv6 Extended Echo Request message MUST be set to 1. This indicates that the probed interface resides on the probed node. The ICMP Extended Echo Request contains an ICMP Extension Structure and the ICMP Extension Structure contains one or more of the following ICMP Extension Objects:

Hop-by-Hop Options Header
Routing Header
Destination Options Header

The above-mentioned ICMP Extension Objects are defined in Section 4 of this document. When they are used in the ICMPv6 Extended Echo Request message, they carry no payload. Therefore, their length MUST be equal to 4 octets. The ICMP Extended Echo Request is encapsulated in an IPv6 header and the IPv6 header can carry IPv6 extension headers. When the probed node receives the ICMPv6 Extended Echo Request message, it formats and sends an ICMPv6 Extended Reply message. The ICMP Extended Echo Reply contains an ICMP Extension Structure and the ICMP Extension Structure contains the same set of ICMP Extension Objects that the ICMP Extended Request message contained. However, the ICMP Extension objects MUST include payloads. Specifically:

The payload field for the Hop-by-Hop Options Header option MUST reflect the Hop-by-Hop Option extension header from the packet that carried the ICMPv6 Extended Echo Request message to the probed node.
The payload field for the Routing Header option MUST reflect the Routing extension header from the packet that carried the ICMPv6 Extended Echo Request message to the probed node.
The payload field for the Destination Options Header option MUST reflect the Destination Option extension header from the packet that carried the ICMPv6 Extended Echo Request message to the probed node.

LOOPBACK6 leverages two extended ICMPv6 messages: the Extended Echo Request Message and the Extended Echo Reply Message defined in [RFC8335].

the ICMPv6 Extended Echo Request message is encapsulated in an IPv6 header. Figure 1 depicts the ICMPv6 Extended Echo Request message.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier |Sequence Number| Reserved |L| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ICMP Extension Structure | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ICMPv6 Fields: Type: Extended Echo Request. As defined in [RFC8335], The value is 160. Code: MUST be set to 0. Checksum: As defined in [RFC4443]. Identifier: As defined in [RFC4443], the identifier to aid in matching Echo Replies to this Echo Request. May be zero. Sequence Number: As defined in [RFC4443], the sequence number to aid in matching Echo Replies to this Echo Request. May be zero. Reserved: This field MUST be set to 0 and ignored upon receipt. L (local): As defined in [RFC8335]. MUST be set to 0 in this document. ICMP Extension Structure: As defined in [RFC4884], it contains exactly one Extension Header followed by one or more extension objects.

Each extension object contains one 32-bit word, representing an object header without any payload. All object headers share a common format. Figure 2 depicts the object header.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Class-Num | C-Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ AS defined in [RFC4884], an object header has the following fields: Length: 16 bits, length of the object, measured in octets, including the object header. Class-Num: 8 bits, identifies object class. C-Type: 8 bits, identifies object sub-type. This document defines the values of Class-Num and C-Type as follows: Class-Num: IPv6 extension header Object, which instructs the Echo responder to copy the corresponding IPv6 extension header into the Object payload field in the extended Echo Reply packet. The values are listed as the following: Value Object Name ----- ----------- TBD1 the Hop-by-Hop Options header TBD2 the Destination Options header TBD3 the Routing header C-Type: Values are listed as the following: Class-Num C-Type C-Type Name --------- ------ ----------- TBD1 0 Reserved TBD2 0 Reserved TBD3 0 Reserved

The ICMPv6 Extended Echo Reply message is encapsulated in an IPv6 header. Figure 3 depicts the ICMPv6 Extended Echo Reply message.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier |Sequence Number|State|Res|A|4|6| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ICMP Extension Structure | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ICMPv6 Fields: Type: Extended Echo Reply. As defined in [RFC8335], The value is 161. Code: MUST be set to 0. Identifier: As defined in [RFC4443], the identifier from the invoking Echo Request message. Sequence Number: As defined in [RFC4443], the sequence number from the invoking Echo Request message. State: As defined in [RFC8335].This field MUST be set to 0 in this document. Res: This field MUST be set to 0 and ignored upon receipt. A (Active): As defined in [RFC8335]. 4 (IPv4): As defined in [RFC8335]. 6 (IPv6): As defined in [RFC8335]. ICMP Extension Structure: As defined in [RFC4884], it contains exactly one Extension Header followed by one or more extension objects.

Each extension object contains one or more 32-bit words, including an object header and payload. All object headers share a common format. Figure 4 depicts the object header and payload.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Class-Num | C-Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | // (Object payload) // | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ AS defined in [RFC4884], an object header has the following fields: Length: 16 bits, length of the object, measured in octets, including the object header. Class-Num: 8 bits, and its values are defined in Section 4.1.1. C-Type: 8 bits, and its values are defined in Section 4.1.1. Object payload: n*32 bits, MUST contain the integral IPv6 extension header, including Next Header field, Hdr Ext Len field and Options field, defined in [RFC8200].

In situ Operations, Administration, and Maintenance (IOAM) collects operational and telemetry information in packets while they traverse a path between two points in the network. The IOAM data fields are defined in [RFC9197]. This document presents an example of leveraging the ICMPv6 extensions for carrying and reflecting IPv6 options header, which contains the IOAM Trace Option. IPv6 encapsulation for IOAM data is defined in [RFC9486], which uses the IPv6 Hop-by-Hop option header to collect information along the path a packet traverses. Clearly in some cases, the sender is more concerned about these trace information. Some possible needs are listed as follows: Which nodes and links does the specified traffic flow traverse? In an Equal-Cost Multipath (ECMP) scenario, which ECMP path does a specified N-tuple of flow pass through? Is the specified traffic flow forwarding path consistent on both forward and reverse path? An integral extended Echo Request packet includes IPv6 header, Hop-by-Hop option header, ICMPv6 header and ICMP extension structure that contains one object, instructing the Echo responder to reflect IOAM trace information. This extended Echo Request packet is depicted as follows:

+----------------------------+ | IPv6 Header | +----------------------------+ | Hop-by-Hop Option Header | +----------------------------+ | ICMPv6 Header | +----------------------------+--+ | ICMP Extension Header | | +----------------------------+ ICMP Extension Structure | Object Header | | +----------------------------+--+ Similarly, an integral extended Echo Reply packet also includes IPv6 header, Hop-by-Hop option header, ICMPv6 header and ICMP extension structure that contains one object with object payload field filled with Hop-by-Hop option header. This extended Echo Reply packet is depicted as follows:

+----------------------------------+ | IPv6 Header | +----------------------------------+ | Hop-by-Hop Options Header | +----------------------------------+ | ICMPv6 Header | +----------------------------------+--+ | ICMP Extension Header | | +----------------------------------+ | | Object Header |ICMP Extension Structure +----------------------------------+ | | Object payload | | | (IPv6 Hop-by-Hop Options Header) | | +----------------------------------+--+

The sender (source) of the Echo request messages can be a host or network device. When a host or a network device sends an Echo request message, if it acts as an IOAM encapsulating node, it MUST perform the operation of IOAM Data-Fields encapsulation, i.e., it MUST place the IOAM Data-Fields directly in the IPv6 Hop-by-Hop Option Header. To accurately retrieve the trace information the Echo request packet traverses, including all nodes and links it passes through, the IOAM encapsulating node MUST set both the Most significant bit (Bit 0) and Bit 1 of the IOAM Trace-Type value to "1". Therefore, when processing this trace option, every transit node (including encapsulating node) in IOAM-Domain MUST populates its IOAM data with two data fields, namely, the Hop_Lim and node_id data field and ingress_if_id and egress_if_id data field. The rest of the bits of IOAM-Trace-Type MAY be set "1" or "0" depending on implementation. Similarly, the responder (destination) of the Echo request messages can also be a host or network device. When a host or a network device receives an Echo request message, if it acts as an IOAM node, no matter what node (encapsulating node, transit node or decapsulating node) it is, it MUST originate an Echo reply message, copying the entire IPv6 Hop-by-Hop Option Header with IOAM Data into the Object payload field of ICMP Extension Structure. In reverse path, to accurately retrieve the trace information the Echo reply packet traverses, similarly, when processing this trace option, every transit node in IOAM-Domain MUST populates IOAM Data with two data fields, namely, the Hop_Lim and node_id data field and ingress_if_id and egress_if_id data field. The sender can determine the consistence of the forward and reverse path by comparing the Object payload of ICMP Extension Structure with the IPv6 Hop-by-Hop Options Header carrying IOAM data in the received Echo reply packet. Notably, to simulate the real path the specified traffic flow traverses, especially in ECMP scenario, the same value or values in any ECMP affecting fields (e.g., the 3-tuple of the Flow Label, Source Address, and Destination Address fields [RFC6437]) MUST be populated in Echo request packets, ensuring the fate sharing between the Echo request/reply packets and the specified traffic flow packets.

IANA is requested to allocate the following values in the "ICMP Extension Object Classes and Class Sub-types" registry.

+--------------+------------------+----------+---------------+-----------------+ | Class-Num | Object Name | C-Type | C-Type Name | Reference | +--------------+------------------+----------+---------------+-----------------+ | TBD1 | Hop-by-Hop | 0 | Reserved | [This document] | | | Options Header | | | | +--------------+------------------+----------+---------------+-----------------+ | TBD2 | Destination | 0 | Reserved | [This document] | | | Options Header | | | | +--------------+------------------+----------+---------------+-----------------+ | TBD3 | Routing Header | 0 | Reserved | [This document] | +--------------+------------------+----------+---------------+-----------------+

Security Considerations The technology described in this document inherits all of the vulnerabilities described in . Because the ICMPv6 Extended Echo Reply message can be longer than the ICMPv6 Extended Echo Request message, there is a slight risk that this technology could be used as a vector for denial of service attacks. However, this risk is minimal, because the ICMPv6 Extended Echo Reply message, along with its IPv6 header, cannot exceed 1280 octets.