Transmission of IP Packets over
Overlay Multilink Network (OMNI) InterfacesThe Boeing CompanyP.O. Box 3707SeattleWA98124USAfltemplin@acm.orgI-DInternet-DraftMobile nodes (e.g., aircraft of various configurations, terrestrial
vehicles, seagoing vessels, space systems, enterprise wireless devices,
pedestrians with cell phones, etc.) communicate with networked
correspondents over wireless and/or wired-line data links and configure
mobile routers to connect end user networks. This document presents a
multilink virtual interface specification that enables mobile nodes to
coordinate with a network-based mobility service, fixed node correspondents
and/or other mobile node peers. The virtual interface provides an adaptation
layer service that also applies for both mobile and more static deployments
such as enterprise and home networks. This document specifies the
transmission of IP packets over Overlay Multilink Network (OMNI)
Interfaces.Mobile nodes (e.g., aircraft of various configurations, terrestrial
vehicles, seagoing vessels, space systems, enterprise wireless devices,
pedestrians with cellphones, etc.) configure mobile routers with
multiple interface connections to wireless and/or wired-line data links.
These data links may have diverse performance, cost and availability
properties that can change dynamically according to mobility patterns,
flight phases, proximity to infrastructure, etc. The mobile router acts
as a Client of a network-based Mobility Service (MS) by configuring a
virtual interface over its underlay interface data link connections.Each Client configures a virtual interface (termed the "Overlay
Multilink Network Interface (OMNI)") as a thin layer over its underlay
network interfaces (which may themselves connect to virtual or physical
links). The OMNI interface is therefore the only interface abstraction
exposed to the IP layer and behaves according to the Non-Broadcast,
Multiple Access (NBMA) interface principle, while underlay interfaces
appear as link layer communication channels in the architecture. The
OMNI interface internally employs the "OMNI Adaptation Layer (OAL)"
to ensure that original IP packets or parcels are adapted to diverse underlay
interfaces with heterogeneous properties.The OMNI interface connects to a virtual overlay known as the "OMNI
link". The OMNI link spans one or more Internetworks that may include
private-use infrastructures (e.g., enterprise networks) and/or the
global public Internet itself. Together, OMNI and the OAL provide the
foundational elements required to support the "6 M's of Modern
Internetworking", including:Multilink – a Client's ability to coordinate multiple
diverse underlay interfaces as a single logical unit (i.e., the OMNI
interface) to achieve the required communications performance and
reliability objectives.Multinet – the ability to span the OMNI link over a segment
routing topology with multiple diverse administrative domain network
segments while maintaining seamless end-to-end communications
between mobile Clients and correspondents such as air traffic
controllers, fleet administrators, etc.Mobility – a Client’s ability to change network
points of attachment (e.g., moving between wireless base stations)
which may result in an underlay interface address change, but
without disruptions to ongoing communication sessions with peers
over the OMNI link.Multicast – the ability to send a single network
transmission that reaches multiple Clients belonging to the same
interest group, but without disturbing other Clients not subscribed
to the interest group.Multihop – a mobile Client vehicle-to-vehicle relaying
capability useful when multiple forwarding hops between vehicles may
be necessary to “reach back” to an infrastructure access
point connection to the OMNI link.MTU assurance – the ability to deliver packets/parcels of
various robust sizes between peers without loss due to a link size
restriction, and to dynamically adjust packet/parcels sizes to
achieve the optimal performance for each independent traffic
flow.Client OMNI interfaces interact with the MS and/or other OMNI nodes
through IPv6 Neighbor Discovery (ND) control message exchanges . The MS consists of a distributed set of service
nodes (including Proxy/Servers and other infrastructure elements) that
also configure OMNI interfaces. Automatic Extended Route Optimization
(AERO) in particular provides a companion MS compatible with the OMNI
architecture . AERO discusses
details of ND message based route optimization, mobility management, and
multinet traversal while the fundamental aspects of OMNI link operation
are discussed in this document.Each OMNI interface provides a multilink nexus for exchanging inbound
and outbound traffic via selected underlay interface(s). The IP layer
sees the OMNI interface as a point of connection to the OMNI link. Each
OMNI link has one or more associated Mobility Service Prefixes (MSPs),
which are typically IP Global Unicast Address (GUA) prefixes assigned to
the link and from which Mobile Network Prefixes (MNPs) are derived. If
there are multiple OMNI links, the IP layer will see multiple OMNI
interfaces.Each Client receives an MNP through IPv6 ND control message exchanges
with Proxy/Servers over Access Networks (ANETs) and/or open
Internetworks (INETs). The Client sub-delegates the MNP to
downstream-attached End-user Networks (ENETs) independently of the
underlay interfaces selected for data transport. The Client acts as a
fixed or mobile router on behalf of ENET peers, and uses OMNI interface
control messaging to coordinate with Hosts, Proxy/Servers and/or other
Clients. The Client iterates its control messaging over each of the OMNI
interface's ANET/INET underlay interfaces in order to register each
interface with the MS (see ). The Client can also
provide Proxy/Server-like services for a recursively nested chain of
other Clients located in downstream-attached ENETs.Clients may connect to multiple distinct OMNI links within the same
OMNI domain by configuring multiple OMNI interfaces, e.g., omni0, omni1,
omni2, etc. Each OMNI interface is configured over a distinct set of
underlay interfaces and provides a nexus for Safety-Based Multilink
(SBM) operation. The IP layer applies SBM routing to select a specific
OMNI interface, then the selected OMNI interface applies
Performance-Based Multilink (PBM) internally to select appropriate
underlay interfaces. Applications select SBM topologies based on IP
layer Segment Routing , while each OMNI
interface orchestrates PBM internally based on OAL Multinet traversal.OMNI provides a link model suitable for a wide range of use cases.
For example, the International Civil Aviation Organization (ICAO)
Working Group-I Mobility Subgroup is developing a future Aeronautical
Telecommunications Network with Internet Protocol Services (ATN/IPS) and
has issued a liaison statement requesting IETF adoption in support of ICAO Document 9896 . The IETF IP Wireless Access in Vehicular
Environments (ipwave) working group has further included problem
statement and use case analysis for OMNI in a document now in AD
evaluation for RFC publication . Still other communities
of interest include AEEC, RTCA Special Committee 228 (SC-228) and NASA
programs that examine commercial aviation, Urban Air Mobility (UAM) and
Unmanned Air Systems (UAS). Pedestrians with handheld mobile devices
represent another large class of potential OMNI users.This document specifies the transmission of original IP
packets/parcels and control messages over OMNI interfaces. The operation
of both IP protocol versions (i.e., IPv4 and
IPv6 ) is specified as the network layer data
plane, while OMNI interfaces use IPv6 ND messaging in the control plane
independently of the data plane protocol(s). OMNI interfaces also
provide an OAL based on encapsulation and fragmentation over
heterogeneous underlay interfaces as an adaptation sublayer between L3
and L2. Both OMNI and the OAL are specified in detail throughout the
remainder of this document.The terminology in the normative references applies; especially, the
terms "link" and "interface" are the same as defined in the IPv6 and IPv6 Neighbor Discovery (ND) specifications. Additionally, this document assumes
the following IPv6 ND message types: Router Solicitation (RS), Router
Advertisement (RA), Neighbor Solicitation (NS), Neighbor Advertisement
(NA), unsolicited NA (uNA) and Redirect. Hosts, Clients and Proxy/Servers
that implement IPv6 ND maintain per-neighbor state in Neighbor Cache
Entries (NCEs). Each NCE is indexed by the neighbor's network layer
address(es) while the neighbor's OAL encapsulation address provides
context for Identification verification.The Protocol Constants defined in Section 10 of are used in their same format and meaning in this
document. The terms "All-Routers multicast", "All-Nodes multicast" and
"Subnet-Router anycast" are the same as defined in (with Link-Local scope assumed).The term "IP" is used to refer collectively to either Internet
Protocol version (i.e., IPv4 or IPv6 ) when a specification at the layer in question
applies equally to either version.The terms Host, Client and Proxy/Server are intentionally capitalized
to denote a node of that particular node type that also configures an
OMNI interface and engages the OMNI Adaptation Layer.The terms "application layer (upper layers)", "transport layer
(L4)", "network layer (L3)", "(data) link layer (L2)" and "physical
layer (L1)" are used consistently with common Internetworking
terminology, with the understanding that reliable delivery protocol
users of UDP are considered as transport layer elements. The OMNI
specification further defines an "adaptation layer" positioned
below the network layer but above the link layer, which may include
physical links and Internet- or higher-layer tunnels. A (network)
interface is a node's attachment to a link (via L2), and an OMNI
interface is therefore a node's attachment to an OMNI link (via
the adaptation layer).The following terms are defined within the scope of this
document:The Network layer in the OSI network
model. Also known as "layer 3", "IP layer", etc.The Data Link layer in the OSI network
model. Also known as "layer 2", "link layer", "sub-IP layer",
etc.An encapsulation mid-layer
that adapts L3 to a diverse collection of L2 underlay interfaces
and their encapsulations. (No layer number is assigned, since
numbering was an artifact of the legacy reference model that need
not carry forward in the modern architecture.) The adaptation
layer sees the network layer as "L3" and sees all link layer
encapsulations as "L2 encapsulations", which may include UDP,
IP and true link layer (e.g., Ethernet, etc.) headers.a connected network
region (e.g., an aviation radio access network, corporate
enterprise network, satellite service provider network, cellular
operator network, residential WiFi network, etc.) that connects
Clients to the Mobility Service. Physical and/or data link level
security is assumed (sometimes referred to as "protected spectrum"
for wireless domains). ANETs such as private enterprise networks
and ground domain aviation service networks often provide multiple
secured IP hops between the Client's physical point of connection
and the nearest Proxy/Server.a connected network
region with a coherent IP addressing plan that provides transit
forwarding services between ANETs and/or OMNI nodes that coordinate
with the Mobility Service over unprotected media. Since physical
and/or data link level security cannot always be assumed, security
must be applied by the network and/or higher layers if necessary.
The global public Internet itself is an example.a simple or complex
"downstream" network tethered to a Client as a single logical unit
that travels together. The ENET could be as simple as a single link
connecting a single Host, or as complex as a large network with many
links, routers, bridges and end user devices. The ENET provides an
"upstream" link for arbitrarily many low-, medium- or high-end devices
dependent on the Client for their upstream connectivity, i.e., as
Internet of Things (IoT) entities. The ENET can also support a
recursively-descending chain of additional Clients such that the
ENET of an upstream Client is seen as the ANET of a downstream Client.a Client's attachment to
a link in an {A,I,E}NET.a "wildcard" term used when a given
specification applies equally to both ANET/INET cases. From the
Client's perspective, *NET interfaces are "upstream" interfaces that
connect the Client to the Mobility Service, while ENET interfaces
are "downstream" interfaces that the Client uses to connect
downstream ENETs, Hosts and/or other Clients.an ANET/INET/ENET
interface over which an OMNI interface is configured. The OMNI
interface is seen as an L3 interface by the network layer, and each
underlay interface is seen as an L2 interface by the OMNI interface.
The underlay interface either connects directly to the physical
communications media or coordinates with another node where the
physical media is hosted.a connected network
region that shares the same properties as an ANET except that physical
and/or link layer security cannot always be assumed and multihop
forwarding between Clients acting as MANET routers may be necessary.
Proxy/Servers that connect the MANET to outside networks act as Clients
on their MANET interfaces and act as ordinary Proxy/Servers on their
ANET/INET interfaces, while Clients configure MANET interfaces and
provide a multihop forwarding service for other Clients.a node's underlay interface
connection to a local network with indeterminant neighborhood
properties over which multihop relaying may be necessary.a Non-Broadcast, Multiple Access
(NBMA) virtual overlay configured over one or more INETs and their
connected ANETs/ENETs. An OMNI link may comprise multiple distinct
"segments" joined by L2 forwarding devices the same as for any link;
the addressing plans in each segment may be mutually exclusive and
managed by different administrative entities. Proxy/Servers and
other infrastructure elements extend the link to support
communications between Clients as single-hop neighbors.a node's attachment to an OMNI
link, and configured over one or more underlay interfaces. If there
are multiple OMNI links in an OMNI domain, a separate OMNI interface
is configured for each link. The OMNI interface configures a Maximum
Transmission Unit (MTU) and a Maximum Reassembly Unit (MRU) the same
as any interface.an OMNI interface
sublayer service that encapsulates original IP packets/parcels
admitted into the interface in an IPv6 header and/or subjects them
to fragmentation and reassembly. The OAL is also responsible for
generating MTU-related control messages as necessary, and for
providing addressing context for OMNI link SRT traversal. The OAL
presents a new layer in the Internet architecture known simply as
the "adaptation layer".an end user device that extends the OMNI
link over an ENET interface serviced by a Client. (As an
implementation matter, the Host either assigns the same IP address
from the ENET (underlay) interface to an (overlay) OMNI interface,
or configures an OMNI-like function as a virtual sublayer of the
ENET interface itself.) The IP addresses assigned to each Host ENET
interface remain stable even if the Client's upstream *NET interface
connections change.a network platform/device mobile
router that configures one or more OMNI interfaces over distinct
sets of underlay interfaces grouped as logical OMNI link units. The
Client coordinates with the Mobility Service via upstream networks
over *NET interfaces, and provides Proxy/Server services for Hosts
and other Clients on ENET interface downstream networks. The
Client's *NET interface addresses and performance characteristics
may change over time (e.g., due to node mobility, link quality,
etc.) while downstream-attached Hosts and other Clients see the ENET
as a stable ANET.a segment routing topology edge
node that configures an OMNI interface and connects Clients to the
Mobility Service. As a server, the Proxy/Server responds directly to
some Client IPv6 ND messages. As a proxy, the Proxy/Server forwards
other Client IPv6 ND messages to other Proxy/Servers and Clients. As
a router, the Proxy/Server provides a forwarding service for
ordinary data messages that may be essential in some environments
and a last resort in others. Proxy/Servers at ANET boundaries
configure both an ANET downstream interface and *NET upstream
interface, while INET-based Proxy/Servers configure only an INET
interface.a
Proxy/Server connected to the source Client's *NET that forwards OAL
packets sent by the source into the segment routing topology. FHS
Proxy/Servers also act as intermediate forwarding nodes to
facilitate RS/RA exchanges between Clients and Hub
Proxy/Servers.a
Proxy/Server connected to the target Client's *NET that forwards OAL
packets received from the segment routing topology to the
target.a single Proxy/Server
selected by the Client that provides a designated router service for
all of the Client's*NET underlay networks. Since all Proxy/Servers
provide equivalent services, Clients normally select the first FHS
Proxy/Server they coordinate with to serve as the Hub. However, the
Hub can instead be any available Proxy/Server for the OMNI link,
i.e., and not necessarily one of the Client's FHS Proxy/Servers.a multinet
forwarding region configured over one or more INETs between the FHS
Proxy/Server and LHS Proxy/Server. The SRT spans the OMNI link on
behalf of source/target Client pairs using segment routing in a
manner outside the scope of this document (see: ).a mobile routing
service that tracks Client movements and ensures that Clients remain
continuously reachable even across mobility events. The MS consists
of the set of all Proxy/Servers plus any other OMNI link supporting
infrastructure nodes. Specific MS details are out of scope for this
document, with an example found in .an aggregated
IP Global Unicast Address (GUA) prefix (e.g., 2001:db8::/32,
192.0.2.0/24, etc.) assigned to the OMNI link and from which
more-specific Mobile Network Prefixes (MNPs) are delegated. OMNI
link administrators typically obtain MSPs from an Internet address
registry, however private-use prefixes can also be used subject to
certain limitations (see: ). OMNI links that
connect to the global Internet advertise their MSPs to their
interdomain routing peers.a longer IP
prefix delegated from an MSP (e.g., 2001:db8:1000:2000::/56,
192.0.2.8/30, etc.) and assigned to a Client. Clients receive MNPs
from Proxy/Servers and sub-delegate them to routers, Hosts and other
Clients located in ENETs.a whole IP
packet/parcel or fragment admitted into the OMNI interface by the
network layer prior to OAL encapsulation and fragmentation, or an IP
packet/parcel delivered to the network layer by the OMNI interface
following OAL decapsulation and reassembly.an original IP packet/parcel
encapsulated in an OAL IPv6 header before OAL fragmentation, or
following OAL reassembly.a portion of an OAL packet
following fragmentation but prior to L2 encapsulation, or following
L2 decapsulation but prior to OAL reassembly.an OAL packet that does
not require fragmentation is always encapsulated as an "atomic
fragment" with a Fragment Header with Fragment Offset and More
Fragments both set to 0, but with a valid Identification value.an encapsulated OAL
fragment following L2 encapsulation or prior to L2 decapsulation.
OAL sources and destinations exchange carrier packets over underlay
interfaces, and may be separated by one or more OAL intermediate
nodes. OAL intermediate nodes may perform re-encapsulation on
carrier packets by removing the L2 headers of the first hop network
and replacing them with new L2 headers for the next hop network.
(The term "carrier" honors agents of the service postulated by and .)an OMNI interface acts as an OAL
source when it encapsulates original IP packets/parcels to form OAL
packets, then performs OAL fragmentation and encapsulation to create
carrier packets.an OMNI interface acts as an
OAL destination when it decapsulates carrier packets, then performs
OAL reassembly and decapsulation to derive the original IP
packet/parcel.an OMNI interface acts
as an OAL intermediate node when it removes the L2 encapsulation
headers of carrier packets received from a first segment to obtain
the original OAL packet/fragment, then re-encapsulates in new L2
headers appropriate for the next segment and sends these new carrier
packets into the next segment. OAL intermediate nodes decrement the
Hop Limit in OAL packets/fragments during forwarding, and discard
the OAL packet/fragment if the Hop Limit reaches 0. OAL intermediate
nodes do not decrement the TTL/Hop Limit of the original IP
packet/parcel, which can only be examined by the network and
higher layers.an IPv6 Neighbor Discovery option
providing multilink parameters for the OMNI interface as specified
in .the least
significant 64 bits of an IPv6 address, as specified in the IPv6
addressing architecture .an IPv6 address
beginning with fe80::/64 per the IPv6 addressing architecture and with either a 64-bit MNP (LLA-MNP) or a
56-bit random value (LLA-RND) encoded in the IID as specified in
.an IPv6 address
beginning with fd00::/8 followed by a 40-bit Global ID followed by a
16-bit Subnet ID per and with either a
64-bit MNP (ULA-MNP) or a 56-bit random value (ULA-RND) encoded in
the IID as specified in . (Note that
specifies a second form of ULAs based on
the prefix fc00::/8, which are referred to as "ULA-C" throughout
this document to distinguish them from the ULAs defined here.)a ULA beginning
with fd00::/16 followed by a 48-bit randomly-initialized value
followed by an MNP-based (TLA-MNP) or random (TLA-RND) IID as
specified in . Clients use TLAs to
bootstrap autoconfiguration in the presence of OMNI link
infrastructure or for sustained communications in the absence of
infrastructure. (Note that in some environments Clients can instead
use a (Hierarchical) Host Identity Tag ((H)HIT) instead of a TLA -
see: .)a TLA beginning
with fd00::/64 followed by an MNP-based (XLA-MNP) or random
(XLA-RND) IID as specified in . An XLA
is simply a TLA with an all-0 48-bit value following fd00::/16, and
can be used to supply a "wildcard match" for IPv6 ND cache entries,
a routing table entry for the OMNI link routing system, etc. (Note
that XLAs can also be statelessly formed from LLAs (and vice-versa)
simply by inverting prefix bits 7 and 8.)a Client OMNI interface's manner of
managing multiple diverse *NET underlay interfaces as a single
logical unit. The OMNI interface provides a single unified interface
to the network layer, while underlay interface selections are performed
on a per-flow basis considering traffic selectors such as DSCP, flow
label, application policy, signal quality, cost, etc. Multilink
selections are coordinated in both the outbound and inbound
directions based on source/target underlay interface pairs.an intermediate node's manner of
spanning multiple diverse IP Internetwork and/or private enterprise
network "segments" through OAL encapsulation. Through intermediate
node concatenation of SRT network segments, multiple diverse
Internetworks (such as the global public IPv4 and IPv6 Internets)
can serve as transit segments in an end-to-end OAL forwarding path.
This OAL concatenation capability provides benefits such as
supporting IPv4/IPv6 transition and coexistence, joining multiple
diverse operator networks into a cooperative single service network,
etc. See: for further
information.an iterative relaying of carrier
packets between Client's over an OMNI underlay interface technology
(such as omnidirectional wireless) without support of fixed
infrastructure. Multihop services entail Client-to-Client relaying
within a Mobile/Vehicular Ad-hoc Network (MANET/VANET) for
Vehicle-to-Vehicle (V2V) communications and/or for
Vehicle-to-Infrastructure (V2I) "range extension" where Clients
within range of communications infrastructure elements provide
forwarding services for other Clients.any action that results in a change
to a Client underlay interface address. The change could be due to,
e.g., a handover to a new wireless base station, loss of link due to
signal fading, an actual physical node movement, etc.A means for
ensuring fault tolerance through redundancy by connecting multiple
OMNI interfaces within the same domain to independent routing
topologies (i.e., multiple independent OMNI links).A means for
selecting one or more underlay interface(s) for carrier packet
transmission and reception within a single OMNI interface.The set of all SBM/PBM OMNI links
that collectively provides services for a common set of MSPs. All
OMNI links within the same domain configure, advertise and respond
to the same OMNI IPv6 Anycast address(es).A
multilink forwarding table on each OAL source, destination and
intermediate node that includes AERO Forwarding Vectors (AFV) with
both next hop forwarding instructions and context for reconstructing
compressed headers for specific underlay interface pairs used to
communicate with peers. See:
for further discussion.An AFIB entry
that includes soft state for each underlay interface pairwise
communication session between peers. AFVs are identified by both a
next-hop and previous-hop AFV Index (AFVI), with the next-hop
established based on an IPv6 ND solicitation and the previous hop
established based on the solicited IPv6 ND advertisement response.
The AFV also caches underlay interface pairwise Identification
sequence number parameters to support carrier packet filtering. See:
for further discussion.A
locally-unique 2-octet or 4-octet value automatically generated
by an OAL node when it creates an AFV. OAL intermediate nodes assign
two distinct 4-octet AFVIs (called "A" and "B") to each AFV, with "A"
representing the forward path and "B" representing the reverse path.
Meanwhile, the OAL source assigns a single "B" AFVI, and the OAL
destination assigns a single "A" AFVI. Each OAL node advertises its
"A" AFVI to previous hop nodes on the reverse path toward the source
and advertises its "B" AFVI to next hop nodes on the forward path
toward the destination. Clients in MANETs also assign distinct
2-octet AFVIs (called "C" and "D") to support local multihop
forwarding. The same as for the A/B AFVIs, the "C" AFVI represents
the forward path and the "D" AFVI represents the reverse path. For
unidirectional MANET paths, only the forward path ("C") AFVI is used.
See: for further discussion.an IPv4 or IPv6 packet with a
Jumbo Payload option that includes a 32-bit length field to be used
instead of the 16-bit {Total, Payload} Length field (see: ). For IPv4, the Total Length field must be set to
the length of the IPv4 header only. For IPv6, the Payload Length
must be set to 0. Original IP packets, OAL packets and carrier
packets may all appear as IP Jumbograms.a special form of an IP Jumbogram
with a segment length value included in the {Total, Payload} Length
field and also with a Jumbo Payload option that encodes an 8-bit
"Nsegs" field followed by a 24-bit length field (see: ). Only original IP packets may appear as IP
Parcels.the OMNI protocol
encapsulation of OAL packets/fragments in an outer header or headers
to form carrier packets that can be routed within the scope of the
local {A,I,E}NET underlay network partition. Common L2 encapsulation
combinations include UDP/IP/Ethernet, etc. using a
port/protocol/type number for OMNI.an address that appears
in the OMNI protocol L2 encapsulation for an underlay interface and
also in IPv6 ND message OMNI options. L2ADDR can be either an IP
address for IP encapsulations or an IEEE EUI address for direct data link encapsulation. (When UDP/IP
encapsulation is used, the UDP port number is considered an
ancillary extension of the IP L2ADDR.)The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
when, and only when,
they appear in all capitals, as shown here.An implementation is not required to internally use the architectural
constructs described here so long as its external behavior is consistent
with that described in this document.An OMNI interface is a virtual interface configured over one or more
underlay interfaces, which may be physical (e.g., an aeronautical radio
link, a cellular wireless link, etc.) or virtual (e.g., a network or
higher-layer "tunnel"). The OMNI interface architectural layering model
is the same as in , and
augmented as shown in . The network layer
therefore sees the OMNI interface as a single L3 interface nexus
for multiple underlay interfaces that appear as L2 communication
channels in the architecture.| |
Address Binding | +----------------------------+
+---->| IP (L3) |
IP Address +---->| |
Binding | +----------------------------+
+---->| OMNI Interface |
Logical-to- +---->| (OMNI Adaptation Layer) |
Physical | +----------------------------+
Interface +---->| L2 | L2 | | L2 |
Binding |(IF#1)|(IF#2)| ..... |(IF#n)|
+------+------+ +------+
| L1 | L1 | | L1 |
| | | | |
+------+------+ +------+
]]>Each underlay interface provides an L2/L1 abstraction according to
one of the following models:ANET interfaces connect to a protected and secured ANET that is
separated from the open INET by Proxy/Servers. The ANET interface
may be either on the same L2 link segment as a Proxy/Server, or
separated from a Proxy/Server by multiple L2 hops. (Note that NATs
may appear internally within an ANET or on the Proxy/Server itself
and may require NAT traversal the same as for the INET case.)INET interfaces connect to an INET either natively or through one
or several IPv4 Network Address Translators (NATs). Native INET
interfaces have global IP addresses that are reachable from any INET
correspondent. NATed INET interfaces typically configure private IP
addresses and connect to a private network behind one or more NATs
with the outermost NAT providing INET access.ENET interfaces connect a Client's downstream-attached networks,
where the Client provides forwarding services for ENET Host and
Client communications to remote peers. An ENET may be as simple as a
small IoT sub-network that travels with a mobile Client to as complex
as a large private enterprise network that the Client connects to a
larger ANET or INET. Downstream-attached Hosts and Clients see the
ENET as an ANET and see the (upstream) Client as a Proxy/Server.VPNed interfaces use security encapsulation over an underlay
network to a Client or Proxy/Server acting as a Virtual Private
Network (VPN) gateway. Other than the link layer encapsulation
format, VPNed interfaces behave the same as for Direct
interfaces.Direct (aka "point-to-point") interfaces connect directly to a
Client or Proxy/Server without crossing any networked paths. An
example is a line-of-sight link between a remote pilot and an
unmanned aircraft.The OMNI interface forwards original IP packets/parcels from
the network layer using the OMNI Adaptation Layer (OAL) (see: ) as an encapsulation and fragmentation sublayer
service. This "OAL source" then further encapsulates the resulting OAL
packets/fragments in underlay network headers (e.g., UDP/IP, IP-only,
Ethernet-only, etc.) to create L2-encapsulated "carrier packets" for
transmission over underlay interfaces. The target OMNI interface
receives the carrier packets from underlay interfaces and discards the
L2 encapsulation headers. If the resulting OAL packets/fragments are
addressed to itself, the OMNI interface acts as an "OAL destination" and
performs reassembly if necessary, discards the OAL encapsulation, and
delivers the original IP packet/parcel to the network layer. If the OAL
fragments are addressed to another node, the OMNI interface instead acts
as an "OAL intermediate node" by re-encapsulating the carrier packets in
new underlay network L2 headers and forwarding them over an underlay
interface without reassembling or discarding the OAL encapsulation. The
OAL source and OAL destination are seen as "neighbors" on the OMNI link,
while OAL intermediate nodes provide a virtual bridging service that
joins the segments of a (multinet) Segment Routing Topology (SRT).The OMNI interface and its OAL can forward original IP packets/parcels
over underlay interfaces while including/omitting various lower layer
encapsulations including OAL, UDP, IP and Ethernet (ETH) or other
link layer header. The network layer can also engage the underlay
interfaces directly while bypassing the OMNI interface entirely when
necessary. This architectural flexibility may be beneficial for underlay
interfaces (e.g., some aviation data links) for which encapsulation
overhead is a primary consideration. OMNI interfaces that send
original IP packets/parcels directly over underlay interfaces without
invoking the OAL can only reach peers located on the same OMNI link
segment. Source Clients can instead use the OAL to coordinate with
target Clients in the same or different OMNI link segments by sending
initial carrier packets to a First-Hop Segment (FHS) Proxy/Server. The
FHS Proxy/Sever then sends the carrier packets into the SRT spanning
tree, which transports them to a Last-Hop Segment (LHS) Proxy/Server for
the target Client.Original IP packets/parcels sent directly over underlay interfaces
are subject to the same path MTU related issues as for any
Internetworking path, and do not include per-packet identifications that
can be used for data origin verification and/or link layer
retransmissions. Original IP packets/parcels presented directly to an
underlay interface that exceed the underlay network path MTU are dropped
with an ordinary ICMPv6 Packet Too Big (PTB) message returned. These PTB
messages are subject to loss the same as for
any non-OMNI IP interface.The OMNI interface encapsulation/decapsulation layering possibilities
are shown in below. Imaginary vertical
lines drawn between the Network Layer and Underlay interfaces in the
figure denote the encapsulation/decapsulation layering combination
possibilities. Common combinations include IP-only (i.e., direct access to
underlay interfaces with or without using the OMNI interface), IP/IP,
IP/UDP/IP, IP/UDP/IP/ETH(ERNET), IP/OAL/UDP/IP, IP/OAL/UDP/ETH,
etc.The OMNI/OAL model gives rise to a number of opportunities:Clients coordinate with the MS and receive MNP delegations
through IPv6 ND message exchanges with Proxy/Servers. Clients use
the MNP to construct Link-Local and Unique-Local Addresses
(LLA-MNP / ULA-MNP) through the algorithmic derivation specified
in and assign the addresses to the
OMNI interface. Since the LLA and ULA are derived from a unique
MNP, no Duplicate Address Detection (DAD) or Multicast Listener
Discovery (MLD) messaging is necessary.since Temporary ULAs with random IIDs (TLA-RNDs) are
statistically unique, they can be used without DAD until an MNP is
obtained.underlay interfaces on the same L2 link segment as a Proxy/Server
do not require any L3 addresses (i.e., not even link-local) in
environments where communications are coordinated entirely over the
OMNI interface.as underlay interface properties change (e.g., link quality,
cost, availability, etc.), any active interface can be used to
update the profiles of multiple additional interfaces in a single
message. This allows for timely adaptation and service continuity
under dynamically changing conditions.coordinating underlay interfaces in this way allows them to be
represented in a unified MS profile with provisions to support the
"6 M's of Modern Internetworking".exposing a single virtual interface abstraction to the network layer
allows for multilink operation (including QoS based link selection,
carrier packet replication, load balancing, etc.) at L2 while still
permitting L3 traffic shaping based on, e.g., DSCP, flow label,
etc.the OMNI interface supports multinet traversal over the SRT when
communications across different administrative domain network
segments are necessary. This mode of operation would not be possible
via direct communications over the underlay interfaces
themselves.the OAL supports lossless and adaptive path MTU mitigations not
available for communications directly over the underlay interfaces
themselves. The OAL supports "packing" of multiple original IP
payload packets/parcels within a single OAL "super-packet" and also
supports transmission of IP packets/parcels of all sizes up to and
including Jumbograms.the OAL assigns per-packet identification values that allow for
link layer reliability and data origin authentication.L3 sees the OMNI interface as a point of connection to the OMNI
link; if there are multiple OMNI links, L3 will see multiple OMNI
interfaces.Multiple independent OMNI interfaces can be used for increased
fault tolerance through Safety-Based Multilink (SBM), with
Performance-Based Multilink (PBM) applied within each interface.Multiple independent OMNI links can be joined together into a
single link without requiring renumbering of infrastructure
elements, since the ULAs assigned to the different links will be
mutually exclusive.the OMNI/OAL model supports transmission of a new form of IP
packets known as "IP Parcels" that improve performance and
efficiency for both transport layer protocols and networked paths.Note that even when the OMNI virtual interface is present,
applications can still access underlay interfaces either through the
network protocol stack using an Internet socket or directly using a raw
socket. This allows for intra-network (or point-to-point) communications
without invoking the OMNI interface and/or OAL. For example, when an
OMNI interface is configured over an underlay IP interface, applications
can still invoke intra-network IP communications directly over the
underlay interface as long as the communicating endpoints are not
subject to mobility dynamics. depicts the architectural model for a
source Client with an attached ENET connecting to the OMNI link via
multiple independent ANETs/INETs (i.e., *NETs). The Client's OMNI
interface forwards adaptation layer IPv6 ND solicitation messages over
available *NET underlay interfaces using any necessary L2 encapsulations.
The IPv6 ND messages traverse the *NETs until they reach an FHS Proxy/Server
(FHS#1, FHS#2, ..., FHS#n), which returns an IPv6 ND advertisement message
and/or forwards a proxyed version of the message over the SRT to an LHS
Proxy/Server near the target Client (LHS#1, LHS#2, ..., LHS#m). The Hop
Limit in IPv6 ND messages is not decremented due to encapsulation; hence,
the source and target Client OMNI interfaces appear to be attached to
a common link..-(::ENET::)
+----+----+----+ `-(::::)-'
+--------|IF#1|IF#2|IF#n|------ +
/ +----+----+----+ \
/ | \
/ | \
v v v
(:::)-. (:::)-. (:::)-.
.-(::*NET:::) .-(::*NET:::) .-(::*NET:::)
`-(::::)-' `-(::::)-' `-(::::)-'
+-----+ +-----+ +-----+
... |FHS#1| ......... |FHS#2| ......... |FHS#n| ...
. +--|--+ +--|--+ +--|--+ .
. | | |
. \ v / .
. \ / .
. v (:::)-. v .
. .-(::::::::) .
. .-(::: Segment :::)-. .
. (::::: Routing ::::) .
. `-(:: Topology ::)-' .
. `-(:::::::-' .
. / | \ .
. / | \ .
. v v v
. +-----+ +-----+ +-----+ .
... |LHS#1| ......... |LHS#2| ......... |LHS#m| ...
+--|--+ +--|--+ +--|--+
\ | /
v v v
<-- Target Clients -->
]]>After the initial IPv6 ND message exchange, the source Client (as
well as any nodes on its attached ENETs) can send carrier packets to the
target Client via the OMNI interface. OMNI interface multilink services
will send the carrier packets via FHS Proxy/Servers for the correct
underlay *NETs. The FHS Proxy/Server then re-encapsulates the carrier
packets and sends them over the SRT which delivers them to an LHS
Proxy/Server, and the LHS Proxy/Server in turn re-encapsulates and sends
them to the target Client. (Note that when the source and target Client
are on the same SRT segment, the FHS and LHS Proxy/Servers may be one
and the same.)Clients select a Hub Proxy/Server (not shown in the figure), which
will often be one of their FHS Proxy/Servers but could also be any
Proxy/Server on the OMNI link. Clients then register all of their *NET
underlay interfaces with the Hub Proxy/Server via the FHS Proxy/Server
in a pure proxy role. The Hub Proxy/Server then provides a designated
router service for the Client, and the Client can quickly migrate to a
new Hub Proxy/Server if the first becomes unresponsive.Clients therefore use Proxy/Servers as gateways into the SRT to reach
OMNI link correspondents via a spanning tree established in a manner
outside the scope of this document. Proxy/Servers forward critical MS
control messages via the secured spanning tree and forward other
messages via the unsecured spanning tree (see Security Considerations).
When AERO route optimization is applied, Clients can instead forward directly
to SRT intermediate nodes (or directly to correspondents in the same SRT
segment) to reduce Proxy/Server load.Note: while not shown in the figure, a Client's ENET may connect many
additional Hosts and even other Clients in a recursive extension of the
OMNI link. This OMNI virtual link extension will be discussed more fully
throughout the document.The OMNI interface observes the link nature of tunnels, including the
Maximum Transmission Unit (MTU), Maximum Reassembly Unit (MRU) and the
role of fragmentation and reassembly . The OMNI interface is configured
over one or more underlay interfaces as discussed in , where the interfaces (and their associated underlay
network paths) may have diverse MTUs. OMNI interface considerations for
accommodating original IP packets/parcels of various sizes are discussed
in the following sections.IPv6 underlay interfaces are REQUIRED to configure a minimum MTU of
1280 octets and a minimum MRU of 1500 octets .
Therefore, the minimum IPv6 path MTU is 1280 octets since routers on the
path are not permitted to perform network fragmentation even though the
destination is required to reassemble more. The network therefore MUST
forward original IP packets/parcels of at least 1280 octets without
generating an IPv6 Path MTU Discovery (PMTUD) Packet Too Big (PTB)
message . (While the source can apply "source
fragmentation" for locally-generated original IPv6 packets/parcels up to
1500 octets and larger still if it knows the destination configures a
larger MRU, this does not affect the minimum IPv6 path MTU.)IPv4 underlay interfaces are REQUIRED to configure a minimum MTU of
68 octets and a minimum MRU of 576 octets . Therefore, when the Don't
Fragment (DF) bit in the IPv4 header is set to 0 the minimum IPv4 path
MTU is 576 octets since routers on the path support network
fragmentation and the destination is required to reassemble at least
that much. The OMNI interface therefore SHOULD set DF to 0 in the IPv4
encapsulation headers of carrier packets that are no larger than 576
octets, and SHOULD set DF to 1 in larger carrier packets unless it has a
way to determine the encapsulation destination MRU and has carefully
considered the issues discussed in .When the network layer admits an original IP packet/parcel into
the OMNI interface the OAL prepends an IPv6 encapsulation header (see:
) where the 16-bit Payload Length field limits the
maximum-sized original IP packet/parcel to (2**16 -1) = 65535 octets;
this is also the maximum size that the OAL can accommodate using IPv6
fragmentation and reassembly. The OMNI interface therefore MUST set a
minimum MTU and MRU of 65535 octets, and MUST consistently either
accept or reject even larger whole packets that arrive over any of
its underlay interfaces according to their size.The OMNI interface SHOULD set an MTU of at least
(2*24 - 1) = 16,777,215 octets to support efficient handling of
IP parcels of all sizes, and MAY set a still larger MTU to support
best-effort delivery of IP Jumbograms. The OMNI interface then
employs the OAL as an encapsulation sublayer service to transform
original IP packets/parcels into OAL packets/fragments, and the
OAL in turn uses underlay network L2 encapsulation to forward
carrier packets over underlay interfaces (see: ).As specified in , an
IP Parcel is a variation of the IP Jumbogram format (see: where the IP header {Total, Payload} Length field
encodes the length of the first transport layer protocol segment, while
the Jumbo Payload Length field is modified to include a 1-octet number
of segments ("Nsegs") followed by a 3-octet parcel length ("Jumbo
Payload"). Together, these fields determine the size and number of
transport layer protocol segments within the parcel.IP parcel "parcellation" and "reconstitution" procedures for OMNI
interfaces are specified in ,
while OAL encapsulation and fragmentation procedures are specified in
of this document. The maximum-sized IP Parcel
that can be conveyed over an OMNI interface using OAL parcellation and
IPv6 fragmentation is one with 256 segments of 64KB (minus headers)
octets in length; therefore, OMNI interfaces should set an MTU of at
least (2**24 - 1) = 16,777,215 octets to support efficient handling
of IP Parcels up to that size.ENET end systems that implement either the full OMNI interface
(i.e., Clients) or enough of the OAL to process parcels (i.e., Hosts)
are permitted to exchange parcels with consenting peers. This
accommodates nodes that connect to the OMNI link but do not
assign OAL addresses.While the maximum-sized original IP packet/parcel that the OAL can
accommodate using IPv6 fragmentation is 65535 octets (and the OAL can
accommodate IP parcels as large as 16,777,215 octets), OMNI interfaces
can also forward very large whole IP packets through the application of
IP Jumbograms . For such large IP packets, the
OMNI interface performs OAL encapsulation by appending an IPv6 header
(40 octets) followed by a Hop-by-Hop header with a Jumbo Payload option
(8 octets) followed by a Fragment Header (8 octets) but without applying
fragmentation (in some cases, a Routing Header may also be necessary).Since the Jumbo Payload option includes a 32-bit length field, OMNI
interfaces can therefore configure a larger IP MTU up to a maximum of
((2**32 - 1) - 40 - 8 - 8) = 4294967239 octets. In that case, the OAL
will still provide smaller original IP packets/parcels with an assured
delivery service, while IP Jumbograms will receive a best-effort delivery
service made possible since the OAL destination is permitted to accept
atomic fragments that exceed the OMNI interface MRU.The OAL source forwards IP Jumbograms as "atomic fragments" under
the assumption that upper and/or lower layers will employ sufficient
integrity assurance, noting that commonly-used 32-bit CRCs are
inadequate for such large sizes . If the original
IP Jumbogram is dropped along the path to the OAL destination, the
OAL source must arrange to return a PTB "hard error" to the original
source .An IP Jumbogram service for both IPv6 and IPv4 is specified in
, where all OMNI link
aspects of the service are conducted as specified above.When an OMNI interface forwards an original IP packet/parcel from the
network layer for transmission over one or more underlay interfaces, the
OMNI Adaptation Layer (OAL) acting as the OAL source applies
encapsulation to form OAL packets subject to fragmentation producing OAL
fragments suitable for L2 encapsulation and transmission as carrier
packets over underlay interfaces as described in .
These carrier packets travel over one or more underlay networks spanned
by OAL intermediate nodes in the SRT, which re-encapsulate by removing
the L2 headers of the first underlay network and appending L2 headers
appropriate for the next underlay network in succession. (This process
supports the multinet concatenation capability needed for joining
multiple diverse networks.) After re-encapsulation by zero or more OAL
intermediate nodes, the carrier packets arrive at the OAL
destination.When the OAL destination receives the carrier packets, it discards
the L2 headers and reassembles the resulting OAL fragments (if
necessary) into an OAL packet as described in .
The OAL destination next decapsulates the OAL packet to obtain the
original IP packet/parcel which it then delivers to the network layer.
The OAL source may be either the source Client or its FHS Proxy/Server,
while the OAL destination may be either the LHS Proxy/Server or the
target Client. Proxy/Servers (and SRT Gateways as discussed in ) may also serve as OAL intermediate
nodes.The OAL presents an OMNI sublayer abstraction similar to ATM
Adaptation Layer 5 (AAL5). Unlike AAL5 which performs segmentation and
reassembly with fixed-length 53-octet cells over ATM networks, however,
the OAL uses IPv6 encapsulation, fragmentation and reassembly with
larger variable-length cells over heterogeneous networks. Detailed
operations of the OAL are specified in the following sections.When the network layer forwards an original IP packet/parcel into
the OMNI interface, the TTL/Hop Limit is maintained or decremented
according to standard IP forwarding rules the same as for any
interface. The OAL source next creates an "OAL packet" by prepending
an IPv6 OAL encapsulation header per with
Next Header set to '4' for IPv4 or '41' for IPv6 original packets.
The OAL source copies the "Type of Service/Traffic Class" and "Explicit Congestion Notification (ECN)" values in the original packet/parcel's IP header
into the corresponding fields in the OAL header, then sets the OAL
header "Flow Label" as specified in . The OAL
source next sets the OAL header IPv6 Payload Length to the length of
the original IP packet/parcel and sets Hop Limit to a value that MUST
NOT be larger than 63 yet is still sufficiently large to enable
loop-free forwarding over multiple concatenated OAL intermediate
hops. The OAL source then includes IPv6 extension headers following
the OAL IPv6 header but before the original IP packet/parcel (if
necessary) as discussed further throughout this document.The OAL source next selects OAL packet source and destination
addresses. Client OMNI interfaces set the OAL source address to a
Unique Local Address (ULA) based on the Mobile Network Prefix
(ULA-MNP). When a Client OMNI interface does not (yet) have a ULA
prefix and/or an MNP suffix, it can instead use a Temporary ULA (TLA)
(or a (Hierarchical) Host Identity Tag ((H)HIT - see: ) as an OAL address. Finally, when the Client needs
to express its MNP outside the context of a specific ULA prefix, it
can use an eXtended ULA (XLA). Proxy/Server OMNI interfaces instead
set the source address to a Random ULA (ULA-RND) (see: ), but also process carrier packets with
anycast and/or multicast OAL addresses that they are configured to
recognize.)If the original IP packet/parcel includes a Jumbo Payload option
(see: ) the OAL source
includes the necessary jumbo extension headers as discussed in . Note that original IP packets/parcels no larger than
65535 octets do not require an OAL Jumbo Payload encapsulation and may
be subject to fragmentation the same as for any OAL packet.
Conversely, true IP Jumbograms and IP parcels larger than 65535 octets
require an OAL Jumbo Payload encapsulation for transmission as
ordinary jumbograms according to best-effort delivery (i.e., and
without applying fragmentation).For all OAL packets that do not include an OAL Jumbo Payload
header, the OAL source next calculates a 16-bit OAL checksum using
the algorithm specified in beginning with
a pseudo-header of the full OAL IPv6 header the same as specified in
Section 8.1 of . The OAL source sets the
pseudo-header "Upper-Layer Packet Length" to the entire length of
the original IP packet/parcel and "Next Header" to the value '4'
for IPv4 or '41' for IPv6 original packets. The OAL source then
continues the checksum calculation over the full length of the
original IP packet/parcel which immediately follows the OAL IPv6
header plus extensions.After calculating the checksum (if necessary), the OAL source
next selects a 32-bit OAL packet Identification value as specified
in then fragments the OAL packet if necessary.
The OAL source assumes the IPv4 minimum path MTU
(i.e., 576 octets) as the worst case for OAL fragmentation regardless
of the underlay interface IP protocol version since IPv6/IPv4 protocol
translation and/or IPv6-in-IPv4 encapsulation may occur in any
underlay network path. By initially assuming the IPv4 minimum even for
IPv6 underlay interfaces, the OAL source may produce smaller fragments
with additional encapsulation overhead but avoids loss due to
presenting an underlay interface with a carrier packet that exceeds
its MRU. Additionally, the OAL path could traverse multiple SRT
segments with intermediate OAL forwarding nodes performing
re-encapsulation where the L2 encapsulation of the previous segment
is replaced by the L2 encapsulation of the next segment which may be
based on a different IP protocol version and/or encapsulation sizes.The OAL source therefore assumes a default minimum path MTU of 576
octets at each SRT segment for the purpose of generating OAL fragments
for L2 encapsulation and transmission as carrier packets. Each
successive SRT intermediate node may include either a 20-octet IPv4 or
40-octet IPv6 header, an 8-octet UDP header and in some cases an IP
security encapsulation (40 octets maximum assumed) during
re-encapsulation. Intermediate nodes at any SRT segment may also
insert or modify the Routing Header (40 octets maximum) following the
40-octet OAL IPv6 header and preceding the 8-octet Fragment Header.
Therefore, assuming a worst case of (40 + 40 + 8) = 88 octets for L2
encapsulations plus (40 + 40 + 8) = 88 octets for OAL encapsulation
leaves no less than (576 - 88 - 88) = 400 octets remaining to
accommodate a portion of the original IP packet/parcel. The OAL source
therefore sets a minimum Maximum Payload Size (MPS) of 400 octets as
the basis for the minimum-sized OAL fragment that can be assured of
traversing all SRT segments without loss due to an MTU/MRU
restriction. The Maximum Fragment Size (MFS) for OAL fragmentation is
therefore determined by the MPS plus the size of the OAL encapsulation
headers.The OAL source SHOULD maintain "path MPS" values for individual OAL
destinations initialized to the minimum MPS and increased to larger
values if better information is known or discovered. For example, when
peers share a common underlay network link or a fixed path with a
known larger MTU, the OAL source can set path MPS to a larger size
(i.e., greater than 400 octets) as long as the peer reassembles before
re-encapsulating and forwarding (while re-fragmenting if necessary).
Also, if the OAL source has a way of knowing the maximum L2
encapsulation size for all SRT segments along the path it may be able
to increase path MPS to reserve additional room for payload data. Even
when OAL header compression is used, the OAL source must include the
uncompressed OAL header size in its path MPS calculation since it may
need to include a full header at any time.The OAL source can also optimistically set a larger path MPS and/or
actively probe individual OAL destinations to discover larger sizes
using packetization layer probes in a similar fashion as , but care must be taken to
avoid setting static values for dynamically changing paths leading to
black holes. The probe involves sending an OAL packet larger than the
current path MPS and receiving a small acknowledgement response (with
the possible receipt of link layer error message when a probe is
lost). For this purpose, the OAL source can send an NS message with
one or more OMNI options with large PadN sub-options (see: ) and/or with a trailing large NULL packet in a
super-packet (see: ) in order to receive a
small NA response from the OAL destination. While observing the
minimum MPS will always result in robust and secure behavior, the OAL
source should optimize path MPS values when more efficient utilization
may result in better performance (e.g. for wireless aviation data
links). The OAL source should maintain separate path MPS values for
each (source, target) underlay interface pair for the same OAL
destination, since different underlay interface pairs may support
differing path MPS values.When the OAL source performs fragmentation, it SHOULD produce the
minimum number of non-overlapping fragments under current MPS
constraints, where each non-final fragment MUST be at least as large
as the minimum MPS, while the final fragment MAY be smaller. The OAL
source also converts all original IP packets/parcels no larger than
the current MPS (or larger than 65535 octets) into atomic fragments by
including a Fragment Header with Fragment Offset and More Fragments
both set to 0. The OAL source then inserts a Routing Header (if
necessary) following the IPv6 encapsulation header and before the
Fragment Header. If the original IP packet/parcel is larger than
65535, the OAL source also inserts a Hop-By-Hop header with Jumbo
Payload option immediately following the IPv6 encapsulation header and
before the Routing Header (if necessary), then includes an (atomic)
Fragment Header. The header extension order for each fragment
therefore appears as the OAL IPv6 header followed by Hop-By-Hop header
followed by Routing Header followed by Fragment Header.For all packets that do not include an OAL Jumbo Payload header,
the OAL source next appends the OAL checksum as the final 2 octets of
the final fragment while increasing its Payload Length by 2. If appending
the checksum would cause the final fragment to exceed the current MPS,
the OAL source instead reduces this "former" final fragment's Payload
Length ("PL") by (N*8 + (PL mod 8)) octets, where N is an integer that
would result in a non-zero reduction but without causing the former
final fragment to become smaller than the minimum MPS. The OAL source
then creates a "new" final fragment by first copying the OAL IPv6 header
and extension headers from the former final fragment, then copying the
(N*8 + (PL mod 8)) octets from the end of the former final fragment
immediately following the new final fragment extension headers. The
OAL source then sets the former final fragment's More Fragments flag
to 1, increments the new final fragment's fragment offset by the former
final fragment's new (PL / 8) and finally appends the checksum the
same as discussed above.Next, the OAL source replaces the IPv6 Fragment Header 1-octet
"Reserved" field (and for first fragments also the 2-bit "Reserved
Flags" field) with OMNI-specific encodings as shown in:For the first fragment (i.e., the one with Fragment Offset set
to 0), the OAL source sets "Parcel ID", "(P)arcel" and "(S)ub-Parcels"
as specified in . For each non-first fragment,
the OAL source instead writes a monotonically-increasing "Ordinal"
value between 1 and 127. Specifically, the OAL source writes
the Ordinal value '1' for the first non-first fragment, '2' for the
second, '3' for the third, etc. up to the final fragment or the
Ordinal value '127', whichever comes first. (For any additional
non-first fragments beyond true ordinal '127', the OAL source also
sets the Ordinal value '127' but OAL packets with such a large number
of fragments should rarely occur.) The first fragment is always
considered ordinal number '0' even though the header does not include
an explicit Ordinal field; non-first fragments that contain the Ordinal
value '0' must be unconditionally dropped.The OAL source finally encapsulates the fragments in L2 headers to
form carrier packets and sends them over an underlay interface, while
retaining the fragments and their ordinal numbers (i.e., #0, #1, #2,
etc.) for a brief period to support link layer
retransmissions (see: ). OAL fragment and
carrier packet formats are shown in .Note: the minimum MPS assumes that any middleboxes (e.g.
IPv4 NATs) that connect private networks with path MTUs smaller than
576 octets must reassemble any fragmented (outbound) IPv4 carrier
packets sent by OAL sources before forwarding them to external
Internetworks since middleboxes that connect OAL destinations often
unconditionally drop (inbound) IPv4 fragments. However, when the path
MTU in the destination private network is small, the OAL destination
itself will be able to reassemble any IPv4 fragmentation that occurs
in the inbound path.Note: appending the 2-octet checksum to the final fragment after
fragmentation instead of to the end of the original IP packet/parcel
before fragmentation ensures consistent support for all packet sizes.
Otherwise, 65534- and 65535-octet packets would be unable to append
the checksum without inserting a jumbo payload option which would
inhibit transmission over the vast majority of common link types.The OAL source or intermediate node next encapsulates each OAL
fragment (with either full or compressed headers) in L2 encapsulation
headers to create a carrier packet. The OAL source or intermediate
node (i.e., the L2 source) includes a UDP header as the innermost
sublayer if NATs and/or filtering middleboxes might occur on the path;
otherwise, the L2 source includes a full/compressed IP header and/or
an actual link layer header (e.g., such as for Ethernet-compatible
links). The L2 source then appends any additional encapsulation
sublayer headers necessary and presents the resulting carrier packet
to an underlay interface, where the underlay network conveys it to a
next-hop OAL intermediate node or destination (i.e., the L2
destination).The L2 source encapsulates the OAL information immediately
following the innermost L2 sublayer header. The L2 source next
interprets the first four bits following the L2 headers as a Type
field that determines the type of OAL header that follows. The L2
source sets Type to '0' for an uncompressed OAL IPv6 header or '1',
'2', '3' for an OMNI Compressed Header as specified in . For raw IP packets/parcels (i.e., those that do not
include an OAL header), the L2 source instead interprets the first
four bits as a Version field that encodes '4' for an ordinary IPv4
packet/parcel or '6' for an ordinary IPv6 packet/parcel. (Type values
'0' through '3' and Version values '4' and '6' are currently
specified, while all other values are reserved for future use. Carrier
packets that contain an unrecognized Type/Version value are
unconditionally dropped.)The OAL node prepares the L2 encapsulation headers for OAL
packets as follows:For UDP/IP encapsulation, the L2 source sets the UDP source port
to 8060 (i.e., the port number reserved for AERO/OMNI). When the
L2 destination is a Proxy/Server or Gateway, the L2 source sets
the UDP destination port to 8060; otherwise, the L2 source sets
the UDP destination port to its cached port number value for the
peer. The L2 source finally sets the UDP Length the same as
specified in . (If the OAL header includes
a Jumbo Payload option, the L2 source instead sets the UDP length
to 0 and includes a Jumbo Payload option in the L2 IP header.)
The L2 source then sets the IP {Protocol, Next Header} to '17'
(the UDP protocol number) and sets the {Total, Payload} Length
the same as specified in or
. The L2 source then sets the
remaining IP header fields as discussed below.For IP-only encapsulation, the L2 source sets the IP {Protocol,
Next Header} to TBD1 (see: IANA Considerations) and sets the
{Total, Payload} Length the same as specified in or . (If the OAL header
includes a Jumbo Payload option, the L2 source includes a Jumbo
Payload option in the L2 IP header.) The L2 source then sets
the remaining IP header fields as discussed below.For direct encapsulations over Ethernet-compatible links, the
L2 source prepares an Ethernet Header with EtherType set to TBD2
(see: ) and sets the Ethernet Payload to a
2-octet OAL Length followed by the actual OAL packet/fragment
(see: ).When an L2 source includes a UDP header, it SHOULD calculate and
include a UDP checksum in carrier packets with full OAL headers to
prevent mis-delivery, and MAY disable UDP checksums in carrier packets
with compressed OAL headers (see: ). If the L2
source discovers that a path is dropping carrier packets with UDP
checksums disabled, it should enable UDP checksums in future carrier
packets sent to the same L2 destination. If the L2 source discovers
that a path is dropping carrier packets that do not include a UDP
header, it should include a UDP header in future carrier packets.When an L2 source sends carrier packets with compressed OAL headers
and with UDP checksums disabled, mis-delivery due to corruption of the
AERO Forwarding Vector Index (AFVI) is possible but unlikely
since the corrupted index would somehow have to match valid state in
the (sparsely-populated) AERO Forwarding Information Base (AFIB). In
the unlikely event that a match occurs, an OAL destination may receive
a mis-delivered carrier packet but can immediately reject carrier
packets with an incorrect Identification. If the Identification value
is somehow accepted, the OAL destination may submit the mis-delivered
carrier packet to the reassembly cache where it will most likely be
rejected due to incorrect reassembly parameters. If a reassembly that
includes the mis-delivered carrier packets somehow succeeds (or, for
atomic fragments) the OAL destination will verify the OAL checksum to
detect corruption. Finally, any spurious data that somehow eludes all
prior checks will be detected and rejected by end-to-end upper layer
integrity checks. See: for further discussion.For UDP/IP or IP-only L2 encapsulations, when the L2 source is
also the OAL source it next copies the "Type of Service/Traffic Class"
and "Explicit Congestion Notification (ECN)"
values in the OAL header into the corresponding
fields in the L2 IP header, then (for IPv6) set the L2 IPv6 header
"Flow Label" as specified in . The L2 source
then sets the L2 IP TTL/Hop Limit the same as for any host (i.e., it
does not copy the Hop Limit value from the OAL header) and finally
sets the source and destination IP addresses to direct the carrier
packet to the next hop. For carrier packets undergoing
re-encapsulation, the OAL intermediate node L2 source decrements the
OAL header Hop Limit and discards the OAL packet/fragment if the value
reaches 0. The L2 source then copies the Type of Service/Traffic Class
and ECN values from the previous segment L2 encapsulation header into
the next segment L2 encapsulation header while setting the next
segment L2 source and destination IP addresses the same as above.
(Note: the L2 source also writes the ECN value into the OAL
full/compressed header.)Following L2 encapsulation/re-encapsulation, the L2 source sends
the resulting carrier packets over one or more underlay interfaces.
The underlay interfaces often connect directly to physical media on
the local platform (e.g., an aircraft with a radio frequency link,
a laptop computer with WiFi, etc.), but in some configurations the
physical media may be hosted on a separate Local Area Network (LAN)
node. In that case, the OMNI interface can establish a Layer-2 VLAN
or a point-to-point tunnel (at a layer below the underlay interface)
to the node hosting the physical media. The OMNI interface may also
apply encapsulation at the underlay interface layer (e.g., as for a
tunnel virtual interface) such that carrier packets would appear
"double-encapsulated" on the LAN; the node hosting the physical media
in turn removes the LAN encapsulation prior to transmission or inserts
it following reception. Finally, the underlay interface must monitor
the node hosting the physical media (e.g., through periodic keepalives)
so that it can convey up/down/status information to the OMNI interface.When an OMNI interface receives a carrier packet from an underlay
interface, it copies the ECN value from the L2 encapsulation headers
into the OAL header if the carrier packet contains a first-fragment.
The OMNI interface next discards the L2 encapsulation headers and
examines the OAL header of the enclosed OAL fragment according to the
value in the Type field as discussed in . If the
OAL fragment is addressed to a different node, the OMNI interface
(acting as an OAL intermediate node) re-encapsulates and forwards
while decrementing the OAL Hop Limit as discussed in . If the OAL fragment is addressed to itself, the OMNI
interface (acting as an OAL destination) accepts or drops the fragment
based on the (Source, Destination, Identification)-tuple and/or
integrity checks.The OAL destination next drops all non-final OAL fragments smaller
than the minimum MPS and all fragments that would overlap or leave
"holes" smaller than the minimum MPS with respect to other fragments
already received. The OAL destination updates a checklist of accepted
fragments of the same OAL packet that include an Ordinal number (i.e.,
Ordinals 0 through 127), but admits all accepted fragments into the
reassembly cache after first removing any extension headers except for
the fragment header itself. When the OAL destination receives the
final fragment (i.e., the one with More Fragments set to 0), it caches
the trailing checksum and reduces the Payload Length by 2. When
reassembly is complete, the OAL destination verifies the OAL packet
checksum and discards the OAL packet if the checksum is incorrect. If
the OAL packet was accepted, the OAL destination finally removes the
OAL headers and delivers the original IP packet/parcel to the network
layer.Carrier packets often traverse paths with underlying links that
use integrity checks such as CRC-32 which provide adequate hop-by-hop
integrity assurance for payloads up to 9180 octets .
However, other paths may traverse links (such as fragmenting tunnels
over IPv4 - see: ) that do not include adequate
checks. The OAL checksum therefore allows OAL destinations to detect
reassembly misassociation splicing errors and/or carrier packet corruption
caused by links with inadequate protection (see: ).
Note that since OAL packets that include a Jumbo Payload header do not
include an OAL checksum, links must provide sufficient integrity checks
(and possibly also forward error correction codes) to ensure IP
Jumbogram integrity at their layer.The OAL checksum also provides algorithmic diversity with respect
to both link layer CRCs and network or higher layer Internet checksums
as part of a complimentary multi-layer integrity assurance architecture.
Any corruption not detected (and corrected) by link layer integrity
checks is therefore very likely to be detected by OAL, network or
higher layer integrity checks that employ diverse algorithms.OAL sources that send carrier packets with full OAL headers include
a Compressed Routing Header (CRH)
extension for segment-by-segment forwarding based on an AERO
Forwarding Information Base (AFIB) in each OAL intermediate node. OAL
source, intermediate and destination nodes can instead establish
header compression state through IPv6 ND NS/NA message exchanges.
After an initial NS/NA exchange, OAL nodes can apply OAL Header
Compression to significantly reduce encapsulation overhead.Each OAL node establishes AFIB soft state entries known as AERO
Forwarding Vectors (AFVs) which support both OAL packet/fragment
forwarding and OAL header compression/decompression. For FHS OAL
sources, each AFV is referenced by a single AERO Forwarding Vector
Index (AFVI) that provides compression/decompression and forwarding
context for the next hop. For LHS OAL destinations, the AFV is
referenced by a single AFVI that provides context for the previous
hop. For OAL intermediate nodes, the AFV is referenced by two AFVIs -
one for the previous hop and one for the next hop.When an OAL node sends carrier packets that contain OAL
packets/fragments to a next hop, it can include a full OAL IPv6 header
with a CRH extension containing AFVI forwarding information. In that
case, the first four bits following the L2 headers must encode the Type
value '0' (Type '0') to signify that an uncompressed OAL IPv6 header
(plus extensions) is present. The (Type) value '0' is termed
"OMNI Compressed Header - Type 0 (OCH-0)" and differentiates
uncompressed OAL IPv6 headers from ordinary IP headers which are
identified by the (Version) value '4' for IPv4 or '6' for IPv6.When an OAL intermediate node
forwards an OAL packet with '0' in the Type/Version field to an
IPv6 router for the SRT, it discards the L2 encapsulation headers and
resets the Type/Version field value to '6'. When an OAL intermediate
node forwards an OAL packet received from an SRT IPv6 router, it
resets the Type/Version field value to '0' and includes new L2
encapsulation headers.Whenever possible, OAL nodes should omit significant portions of
the OAL header (plus extensions) while applying OAL header compression
when sufficient AFV state is available. Three OAL compressed header
types (Types '1' through '3') are currently specified.For OAL first-fragments (including atomic fragments), the OAL node
uses OMNI Compressed Header - Type 1 (OCH-1) format as shown in :The format begins with a 4-bit Type, a 6-bit Hop Limit, a
2-bit Explicit Congestion Notification (ECN) field, an 8-bit Parcel ID
and 4 flag bits. The format concludes with a 4-octet Identification
field followed by a 2- or 4-octet AFVI field. The OAL node sets
Type to the value 1, sets Hop Limit to the minimum of the uncompressed
OAL header Hop Limit and 63, sets ECN the same as for an uncompressed
OAL header, and sets (Parcel ID, (P)arcel, (S)ub-parcels, (M)ore
Fragments, Identification) the same as for an uncompressed fragment
header. The OAL node finally sets e(X)tended to 0 if the AFVI field
is 2-octets or to 1 if the AFVI field is 4-octets in length.The OAL first fragment (beginning with the original IP header) is
then included immediately following the OCH-1 header, and the L2
header length field is reduced by the difference in length between the
compressed headers and full-length OAL IPv6 and Fragment headers. The
OAL destination can therefore determine the Payload Length by
examining the L2 header length field and/or the length field(s) in the
original IP header. The OCH-1 format applies for first fragments only,
which are always regarded as ordinal fragment 0 even though no
explicit Ordinal field is included.For OAL non-first fragments (i.e., those with non-zero Fragment
Offsets), the OAL uses OMNI Compressed Header - Type 2 (OCH-2) format
as shown in :The format begins with a 4-bit Type, a 6-bit Hop Limit, a
7-bit Ordinal, a 13-bit Fragment Offset and 2 flag bits. The format
concludes with a 4-octet Identification field followed by
a 2- or 4-octet AFVI field. The OAL node sets Type to the value 2, sets
Hop Limit to the minimum of the uncompressed OAL header Hop Limit and 63,
and sets (Ordinal, Fragment Offset, (M)ore Fragments, Identification)
the same as for an uncompressed fragment header. The OAL node finally
sets e(X)tended to 0 if the AFVI field is 2-octets or to 1 if the AFVI
field is 4-octets in length.The OAL non-first fragment body is then included immediately
following the OCH-2 header, and the L2 header length field is reduced
by the difference in length between the compressed headers and
full-length OAL IPv6 and Fragment headers. The OAL destination will
then be able to determine the Payload Length by examining the L2
header length field. The OCH-2 format applies for non-first fragments
only; therefore, the OAL source sets Ordinal to a monotonically
increasing value beginning with 1 for the first non-first fragment, 2
for the second non-first fragment, etc., up to and including the final
fragment. If more than 127 non-first fragments appear, all fragments
beyond Ordinal 127 also set the value 127. (The Ordinal value 0 is
undefined; all OCH-2 carrier packets received with Ordinal value 0
must be unconditionally dropped.) The (A)RQ flag is always implicitly
set, and therefore omitted from the OCH-2 header.When the entire OAL header is compressed, only the information that
would normally appear in the IPv6 Fragment Header is included and with
no information from the OAL IPv6 header. The OMNI Compressed Header -
Type 3 (OCH-3) is shown in :The format begins with a 4-bit Type set to the value 3
followed by a 7-bit
Ordinal. When Ordinal encodes the value 0, the format continues
according to the "First fragment" specification discussed above.
When the J flag is set, the Identification field is followed by
a 32-bit Jumbo Payload Length field and the payload beyond is
the beginning of a jumbo/parcel. When the J flag is clear, only
the Identification field appears and the payload beyond is the
beginning of an ordinary packet.When Ordinal encodes any other value, the format continues according
to the above "Non-first
fragment" specification. The fields for both formats include the same
information that would appear in a (modified) IPv6 Fragment Header as
specified in with the exception that the
first fragment does not include a Fragment Offset (since its offset is
always 0) and non-first fragments do not include a Next Header field
(since that field already appears in the first fragment).When an OAL destination or intermediate node receives a carrier
packet, it determines the length of the encapsulated OAL information
by examining the length field of the innermost L2 header, verifies
that the innermost next header field indicates OMNI (see: ), then examines the first four bits immediately
following the innermost header. If the bits contain a value 0 through
3 the OAL node processes the remainder of the header as a full OAL
header (OCH-0) or OCH-1/2/3 compressed header as specified above.
If the bits contain the value 4 or 6, the OAL node instead processes
the remainder as an ordinary IP header.For carrier packets that contain OAL packets/fragments with OCH-1/2
headers (or full OAL headers with CRH extensions) and addressed to
itself, the OAL node then uses the AFVI to locate the cached AFV which
determines the next hop. During forwarding, the OAL node changes the
AFVI to the cached value for the AFV next hop. If the OAL node is the
destination, it instead reconstructs the full OAL headers then adds
the resulting OAL fragment to the reassembly cache if the
Identification is acceptable. (Note that for carrier packets that
contain OAL packets/fragments with an OCH-1 with both the X and M
flags set to 0, the OAL node can instead locate forwarding state by
examining the original IP packet/parcel header information that
appears immediately after the OCH-1 header.)Note: OAL header compression does not interfere with checksum
calculation and verification, which must be applied according to the
full OAL pseudo-header per even when
compression is used.Note: The OCH-1/2 formats do not include the Traffic Class and Flow
Label information that appears in uncompressed OAL IPv6 headers.
Therefore, when OAL header compression state is initialized the
Traffic Class and Flow Label are considered fixed for as long as the
flow uses OCH-1/2 headers. If the flow requires frequent changes to
Traffic Class and/or Flow Label information, it can include
uncompressed OAL headers either continuously or periodically to update
header compression state.When the OAL source and OAL destination are on the same OMNI
link segment as determined by neighbor discovery, the OMNI
interface forwards packets directly to the specific underlay
interface without applying OAL encapsulation. In that case, the
OAL source treats the IPv6 header of the original packet
the same as if it had applied an OAL encapsulation header. The
Next Header field will therefore encode a value specific to the
transport layer protocol (e.g., '6' for TCP, '17' for UDP, etc.)
since the OAL does not insert an IPv6 encapsulation header. The
OAL source then applies fragmentation, header compression
and L2 encapsulation the same as described above even though a
single IPv6 header (and not an additional OAL encapsulation
header) is present.The OAL source can also apply these same encapsulation
avoidance procedures for IPv4 by first translating the IPv4 header
of the original packet into an IPv6 header and translating the
IPv4 addresses into IPv4-compatible IPv6 addresses. These
translated headers can then be manipulated the same as for IPv6
headers as described above, including fragmentation, header
compression, etc.When an OAL node and its next OAL hop are known to be connected
to the same underlay link, or when the node's underlay interface
connects to a Mobile Ad-Hoc Network (MANET) where MANET-local
IPv6 routing protocols are applied, the node does not include
full UDP/IP headers as part of the carrier packet L2 encapsulation
and instead uses link layer encapsulation using EtherType TBD2
for Ethernet-compatible data links. The MANET-local IPv6 routing
protocols will then direct the packets to the correct destination
which may be one or more MANET routing hops away from the source.When the OAL node is unable to determine whether the next OAL
hop is connected to the same underlay link, it should
perform carrier packet L2 encapsulation for initial packets
sent via the next hop over a specific underlay interface by including
full UDP/IP headers and with the UDP port numbers set as discussed in
. The node can thereafter attempt to
send an NS to the next OAL hop in carrier packet(s) that omit the
UDP header and set the IP protocol number to TBD1. If the OAL node
receives an NA reply, it can begin omitting the UDP header in subsequent
packets. The node can further attempt to send an NS in carrier
packet(s) that omit both the UDP and IP headers and set EtherType
to TBD2. If the source receives an NA reply, it can begin omitting
both the UDP and IP headers in subsequent packets.Note: in the above, "next OAL hop" refers to the first OAL node
encountered on the optimized path to the destination over a specific
underlay interface as determined through route optimization (e.g.,
see: ). The next OAL hop
could be a Proxy/Server, Gateway or the OAL destination itself.The OAL encapsulates each original IP packet/parcel as an OAL
packet then performs fragmentation to produce one or more carrier
packets with the same 32-bit Identification value. In environments
where spoofing is not considered a threat, OMNI interfaces send OAL
packets with Identifications beginning with an unpredictable Initial
Send Sequence (ISS) value monotonically
incremented (modulo 2**32) for each successive OAL packet sent to
either a specific neighbor or to any neighbor. (The OMNI interface may
later change to a new unpredictable ISS value as long as the
Identifications are assured unique within a timeframe that would
prevent the fragments of a first OAL packet from becoming associated
with the reassembly of a second OAL packet.) In other environments,
OMNI interfaces should maintain explicit per-interface-pair send and
receive windows to detect and exclude spurious carrier packets that
might clutter the reassembly cache as discussed below.OMNI interface neighbors use TCP-like synchronization to maintain
windows with unpredictable ISS values incremented (modulo 2**32) for
each successive OAL packet and re-negotiate windows often enough to
maintain an unpredictable profile. OMNI interface neighbors exchange
IPv6 ND messages that include OMNI Window Synchronization sub-options
(see: ) with TCP-like information fields and
flags to manage streams of OAL packets instead of streams of octets.
As a link layer service, the OAL provides low-persistence best-effort
retransmission with no mitigations for duplication, reordering or
deterministic delivery. Since the service model is best-effort and
only control message sequence numbers are acknowledged, OAL nodes can
select unpredictable new initial sequence numbers outside of the
current window without delaying for the Maximum Segment Lifetime
(MSL).OMNI interface neighbors maintain current and previous
per-interface-pair window state in IPv6 ND NCEs and/or AFVs to support
dynamic rollover to a new window while still sending OAL packets and
accepting carrier packets from the previous windows. OMNI interface
neighbors synchronize windows through asymmetric and/or symmetric IPv6
ND message exchanges. When a node receives an IPv6 ND message with new
interface pair-based window information, it resets the previous window
state based on the current window then resets the current window based
on new and/or pending information.The IPv6 ND message OMNI option header extension sub-option
includes TCP-like information fields including Sequence Number,
Acknowledgement Number, Window and flags (see: ). OMNI interface neighbors maintain the following
TCP-like state variables on a per-interface-pair basis (i.e., through
a combination of NCE and AFV state):OMNI interface neighbors "OAL A" and "OAL B" exchange IPv6 ND
messages per with OMNI options that include
TCP-like information fields as well as interface pair parameters such
as Interface Attributes or AERO Forwarding Parameters. When OAL A
synchronizes with OAL B, it maintains both a current and previous
SND.WND beginning with a new unpredictable ISS and monotonically
increments SND.NXT for each successive OAL packet transmission. OAL A
initiates synchronization by including the new ISS in the Sequence
Number of an authentic IPv6 ND message with the SYN flag set and with
Window set to M (up to 2**24) as a tentative receive window size while
creating a NCE in the INCOMPLETE state if necessary. OAL A caches the
new ISS as pending, uses the new ISS as the Identification for OAL
encapsulation, then sends the resulting OAL packet to OAL B and waits
up to RetransTimer milliseconds to receive an IPv6 ND message response
with the ACK flag set (retransmitting up to MAX_UNICAST_SOLICIT times
if necessary).When OAL B receives the SYN, it creates a NCE in the STALE state
and also an AFV if necessary, resets its RCV variables, caches the
tentative (send) window size M, and selects a (receive) window size N
(up to 2**24) to indicate the number of OAL packets it is willing to
accept under the current RCV.WND. (The RCV.WND should be large enough
to minimize control message overhead yet small enough to provide an
effective filter for spurious carrier packets.) OAL B then prepares an
IPv6 ND message with the ACK flag set, with the Acknowledgement Number
set to OAL A's next sequence number, and with Window set to N. Since
OAL B does not assert an ISS of its own, it uses the IRS it has cached
for OAL A as the Identification for OAL encapsulation then sends the
ACK to OAL A.When OAL A receives the ACK, it notes that the Identification in
the OAL header matches its pending ISS. OAL A then sets the NCE state
to REACHABLE and resets its SND variables based on the Window size and
Acknowledgement Number (which must include the sequence number
following the pending ISS). OAL A can then begin sending OAL packets
to OAL B with Identification values within the (new) current SND.WND
for this interface pair for up to ReachableTime milliseconds or until
the NCE is updated by a new IPv6 ND message exchange. This implies
that OAL A must send a new SYN before sending more than N OAL packets
within the current SND.WND, i.e., even if ReachableTime is not nearing
expiration. After OAL B returns the ACK, it accepts carrier packets
received from OAL A via this interface pair within either the current
or previous RCV.WND as well as any new authentic NS/RS SYN messages
received from OAL A even if outside the windows.OMNI interface neighbors can employ asymmetric window
synchronization as described above using two independent (SYN ->
ACK) exchanges (i.e., a four-message exchange), or they can employ
symmetric window synchronization using a modified version of the TCP
three-way handshake as follows:OAL A prepares a SYN with an unpredictable ISS not within the
current SND.WND and with Window set to M as a tentative receive
window size. OAL A caches the new ISS and Window size as pending
information, uses the pending ISS as the Identification for OAL
encapsulation, then sends the resulting OAL packet to OAL B and
waits up to RetransTimer milliseconds to receive an ACK response
(retransmitting up to MAX_UNICAST_SOLICIT times if necessary).OAL B receives the SYN, then resets its RCV variables based on
the Sequence Number while caching OAL A's tentative receive Window
size M and a new unpredictable ISS outside of its current window
as pending information. OAL B then prepares a response with
Sequence Number set to the pending ISS and Acknowledgement Number
set to OAL A's next sequence number. OAL B then sets both the SYN
and ACK flags, sets Window to N and sets the OPT flag according to
whether an explicit concluding ACK is optional or mandatory. OAL B
then uses the pending ISS as the Identification for OAL
encapsulation, sends the resulting OAL packet to OAL A and waits
up to RetransTimer milliseconds to receive an acknowledgement
(retransmitting up to MAX_UNICAST_SOLICIT times if necessary).OAL A receives the SYN/ACK, then resets its SND variables based
on the Acknowledgement Number (which must include the sequence
number following the pending ISS) and OAL B's advertised Window N.
OAL A then resets its RCV variables based on the Sequence Number
and marks the NCE as REACHABLE. If the OPT flag is clear, OAL A
next prepares an immediate unsolicited NA message with the ACK flag
set, the Acknowledgement Number set to OAL B's next sequence
number, with Window set a value that may be the same as or
different than M, and with the OAL encapsulation Identification to
SND.NXT, then sends the resulting OAL packet to OAL B. If the OPT
flag is set and OAL A has OAL packets queued to send to OAL B, it
can optionally begin sending their carrier packets under the (new)
current SND.WND as implicit acknowledgements instead of returning
an explicit ACK. In that case, the tentative Window size M becomes
the current receive window size.OAL B receives the implicit/explicit acknowledgement(s) then
resets its SND state based on the pending/advertised values and
marks the NCE as REACHABLE. If OAL B receives an explicit
acknowledgement, it uses the advertised Window size and abandons
the tentative size. (Note that OAL B sets the OPT flag in the
SYN/ACK to assert that it will interpret timely receipt of carrier
packets within the (new) current window as an implicit
acknowledgement. Potential benefits include reduced delays and
control message overhead, but use case analysis is outside the
scope of this specification.)Following synchronization, OAL A and OAL B hold updated NCEs and
AFVs, and can exchange OAL packets with Identifications set to SND.NXT
for each interface pair while the state remains REACHABLE and there is
available window capacity. Either neighbor may at any time send a new
SYN to assert a new ISS. For example, if OAL A's current SND.WND for
OAL B is nearing exhaustion and/or ReachableTime is nearing
expiration, OAL A continues to send OAL packets under the current
SND.WND while also sending a SYN with a new unpredictable ISS. When
OAL B receives the SYN, it resets its RCV variables and may optionally
return either an asymmetric ACK or a symmetric SYN/ACK to also assert
a new ISS. While sending SYNs, both neighbors continue to send OAL
packets with Identifications set to the current SND.NXT for each
interface pair then reset the SND variables after an acknowledgement
is received.While the optimal symmetric exchange is efficient, anomalous
conditions such as receipt of old duplicate SYNs can cause confusion
for the algorithm as discussed in Section 3.5 of . For this reason, the OMNI Window Synchronization
sub-option includes an RST flag which OAL nodes set in solicited NA
responses to ACKs received with incorrect acknowledgement numbers.
The RST procedures (and subsequent synchronization recovery) are
conducted exactly as specified in .OMNI interfaces that employ the window synchronization procedures
described above observe the following requirements:OMNI interfaces MUST select new unpredictable ISS values that
are at least a full window outside of the current SND.WND.OMNI interfaces MUST set the initial SYN message Window field
to a tentative value to be used only if no concluding NA ACK is
sent.OMNI interfaces MUST send IPv6 ND messages used for window
synchronization securely while using unpredictable initial
Identification values until synchronization is complete.Note: Although OMNI interfaces employ TCP-like window
synchronization and support uNA ACK responses to SYNs, all
other aspects of the IPv6 ND protocol (e.g., control message
exchanges, NCE state management, timers, retransmission limits, etc.)
are honored exactly per . OMNI interfaces
further manage per-interface-pair window synchronization parameters in
one or more AFVs for each neighbor pair.Note: Recipients of OAL-encapsulated IPv6 ND messages index the NCE
based on the message source address, which also determines the carrier
packet Identification window. However, IPv6 ND messages may contain a
message source address that does not match the OMNI encapsulation
source address when the recipient acts as a proxy.Note: OMNI interface neighbors apply separate send and receive
windows for all of their (multilink) underlay interface pairs that
exchange carrier packets. Each interface pair represents a distinct
underlay network path, and the set of paths traversed may be highly
diverse when multiple interface pairs are used. OMNI intermediate
nodes therefore become aware of each distinct set of interface pair
window synchronization parameters based on periodic IPv6 ND message
updates to their respective AFVs.When the OAL source sends carrier packets to an OAL destination, it
should cache recently sent carrier packets in case timely best-effort
selective retransmission is requested. The OAL destination in turn
maintains a checklist for the (Source, Destination,
Identification)-tuple of recently received carrier packets and notes
the ordinal numbers of OAL packet fragments already received (i.e., as
Frag #0, Frag #1, Frag #2, etc.). The timeframe for maintaining the
OAL source and destination caches determines the link persistence
(see: ).If the OAL destination notices some fragments missing after most
other fragments within the same link persistence timeframe have
already arrived, it may issue an Automatic Repeat Request (ARQ) with
Selective Repeat (SR) by sending a uNA message to the OAL source. The
OAL destination creates a uNA message with an OMNI option with one or
more Fragmentation Report (FRAGREP) sub-options that include a list of
(Identification, Bitmap)-tuples for fragments received and missing
from this OAL source (see: ). The OAL
destination includes an authentication signature if necessary,
performs OAL encapsulation (with the its own address as the OAL
source and the source address of the message that prompted the
uNA as the OAL destination) and sends the message to the OAL source.When the OAL source receives the uNA message, it authenticates the
message then examines the FRAGREP. For each (Source, Destination,
Identification)-tuple, the OAL source determines whether it still
holds the corresponding carrier packets in its cache and retransmits
any for which the Bitmap indicates a loss event. For example, if the
Bitmap indicates that ordinal fragments #3, #7, #10 and #13 from the
OAL packet with Identification 0x12345678 are missing the OAL source
only retransmits carrier packets containing those fragments. When the
OAL destination receives the retransmitted carrier packets, it admits
the enclosed fragments into the reassembly cache and updates its
checklist. If some fragments are still missing, the OAL destination
may send a small number of additional uNA ARQ/SRs within the link
persistence timeframe.The OAL therefore provides a link layer low-to-medium persistence
ARQ/SR service consistent with and Section
8.1 of . The service provides the benefit of
timely best-effort link layer retransmissions which may reduce carrier
packet loss and avoid some unnecessary end-to-end delays. This
best-effort network-based service therefore compliments transport
and higher layer end-to-end protocols responsible for true reliability.Note: If a FRAGREP for a fragmented OAL packet that includes more
than 128 fragments sets ordinal fragment bit #127, the OAL source
should retransmit all ordinal fragments beginning with the actual
#127 and continuing to the final fragment. Fragmented OAL packets
with such a large number of fragments should occur very rarely
if ever, however.When the OMNI interface forwards original IP packets/parcels from
the network layer, it invokes the OAL and returns internally-generated
ICMPv4 Fragmentation Needed or ICMPv6 Path
MTU Discovery (PMTUD) Packet Too Big (PTB)
messages as necessary. This document refers to both of these
ICMPv4/ICMPv6 message types simply as "PTBs", and introduces a
distinction between PTB "hard" and "soft" errors as discussed below.Ordinary PTB messages with ICMPv4 header "unused" field or ICMPv6
header Code field value 0 are hard errors that always indicate loss
due to a real MTU restriction has occurred. However, the OMNI
interface can also forward large original IP packets/packets via OAL
encapsulation and fragmentation while at the same time returning PTB
soft error messages (subject to rate limiting) if it deems the
original IP packet/parcel too large according to factors such as link
performance characteristics, number of fragments needed, reassembly
congestion, etc. This ensures that the path MTU is adaptive and
reflects the current path used for a given data flow. The OMNI
interface can therefore continuously forward original IP
packets/parcels without loss while returning PTB soft error messages
recommending a smaller size if necessary. Original sources that
receive the soft errors in turn reduce the size of the original IP
packets/parcels they send (i.e., the same as for hard errors), but can
soon resume sending larger packets/parcels if the soft errors
subside.An OAL source sends PTB soft error messages by setting the ICMPv4
header "unused" field or ICMPv6 header Code field to the value 1 if
the original IP packet/parcel was dropped or 2 if it was forwarded
successfully (see: ). The OAL source sets the PTB
destination address to the original IP packet/parcel source, and sets
the source address to one of its OMNI interface addresses that is
routable from the perspective of the original source. The OAL source
then sets the MTU field to a value smaller than the original IP
packet/parcel size but no smaller than 576 for ICMPv4 or 1280 for
ICMPv6, writes the leading portion of the original IP packet/parcel
first fragment into the "packet in error" field such that the entire
PTB is no larger than 512 octets. The OAL source then encapsulates
the PTB soft error in UDP/IP headers with IP addresses copied from
the PTB IP header and with UDP port set to 8060 (i.e., the port number
reserved for AERO/OMNI) and returns the PTB to the original source.
When the original source receives the PTB soft error, it temporarily
reduces the size of the IP packets/parcels it sends the same as for
hard errors but may seek to increase future packet/parcel sizes
dynamically while no further soft errors are arriving.An OAL destination may experience reassembly cache congestion, and
can return uNA messages to the OAL source that originated the
fragments (subject to rate limiting) that include OMNI encapsulated
PTB messages with code 1 or 2. The OAL destination creates a uNA
message with an OMNI option containing an authentication message
sub-option if necessary followed optionally by a ICMPv6 Error
sub-option that encodes a PTB message with a reduced value and with
the leading portion an OAL first fragment containing the header of an
original IP packet/parcel whose source must be notified (see: ). The OAL destination encapsulates the leading
portion of the OAL first fragment (beginning with the OAL header) in
the PTB "packet in error" field, signs the message if an authentication
sub-option is included, performs OAL encapsulation (with the its
own address as the OAL source and the source address of the message
that prompted the uNA as the OAL destination) and sends the message
to the OAL source.When the OAL source receives the uNA message, it sends a
corresponding network layer PTB soft error to the original source to
recommend a smaller size. The OAL source crafts the PTB by extracting
the leading portion of the original IP packet/parcel from the OMNI
encapsulated PTB message (i.e., not including the OAL header) and
writes as much as will fit in the "packet in error" field of a
network layer PTB message without causing the message to exceed 512
octets. The OAL source sets the destination to the original IP
packet/parcel source and sets the source to one of its OMNI interface
addresses that is routable from the perspective of the original source.
The OAL source then encapsulates the PTB in UDP/IP headers the same
as discussed above and returns the message to the original source.Original sources that receive these OMNI-encapsulated PTB soft
errors can dynamically tune the size of the original IP packets/parcels
they to send to produce the best possible throughput and latency, with
the understanding that these parameters may change over time due to
factors such as congestion, mobility, network path changes, etc. Original
sources should therefore consider receipt or absence of soft errors as
hints of when increasing or decreasing packet/parcel sizes may provide
better performance. The OMNI interface supports continuous
transmission and reception of packets/parcels of various sizes in the
face of dynamically changing network conditions. Moreover, since PTB
soft errors do not indicate a hard limit, original sources that
receive soft errors can resume sending larger packets/parcels without
waiting for the recommended 10 minutes specified for PTB hard errors
. The OMNI interface
therefore provides an adaptive service that accommodates MTU diversity
especially well-suited for dynamic multilink environments.Note: Since network layer middleboxes often filter raw ICMP messages
(even those as important as PTBs), encapsulates PTB soft errors in
UDP/IP headers to return MTU feedback to the original source. The
OAL source then prepares the PTB message as discussed above while
encapsulating the message in UDP/IP headers using the same IP source
and destination addresses that appear in the PTB header and with the
UDP port number reserved for OMNI (8060). Original sources that send
large packets therefore SHOULD implement enough of the OMNI
specification to be able to recognize and process these messages.The OAL source ordinarily includes a 40-octet IPv6 encapsulation
header for each original IP packet/parcel during OAL encapsulation.
The OAL source also calculates the OAL checksum then performs
fragmentation such that a copy of the 40-octet IPv6 header plus an
8-octet IPv6 Fragment Header is included in each OAL fragment (when a
Routing Header is added, the OAL encapsulation headers become larger
still). However, these encapsulations may represent excessive overhead
in some environments. OAL header compression can dramatically reduce
the amount of encapsulation overhead, however a complimentary
technique known as "packing" (see: ) supports encapsulation of
multiple original IP packets/parcels and/or control messages within a
single OAL "super-packet".When the OAL source has multiple original IP packets/parcels to
send to the same OAL destination with total length no larger than the
OAL destination MRU, it can concatenate them into a super-packet
encapsulated in a single OAL header. Within the OAL super-packet, the
IP header of the first original IP packet/parcel (iHa) followed by its
data (iDa) is concatenated immediately following the OAL header, then
the IP header of the next original packet/parcel (iHb) followed by its
data (iDb) is concatenated immediately following the first, etc. with
the trailing OAL checksum included in the final fragment. The OAL
super-packet format is transposed from and shown in :
+-----+-----+
| iHa | iDa |
+-----+-----+
|
| +-----+-----+
| | iHb | iDb |
| +-----+-----+
| |
| | +-----+-----+
| | | iHc | iDc |
| | +-----+-----+
| | |
v v v
+----------+-----+-----+-----+-----+-----+-----+----+
| OAL Hdr | iHa | iDa | iHb | iDb | iHc | iDc |Csum|
+----------+-----+-----+-----+-----+-----+-----+----+
<--- OAL "Super-Packet" with single OAL Hdr/Csum --->
]]>When the OAL source prepares a super-packet, it applies OAL
fragmentation, includes a trailing checksum in the final fragment,
applies L2 encapsulation to each fragment then sends the resulting
carrier packets to the OAL destination. When the OAL destination
receives the super-packet it sets aside the trailing checksum,
reassembles if necessary, then verifies the checksum while regarding
the remaining OAL header Payload Length as the sum of the lengths of
all payload packets/parcels. The OAL destination then selectively
extracts each original IP packet/parcel (e.g., by setting pointers
into the super-packet buffer and maintaining a reference count, by
copying each packet into a separate buffer, etc.) and forwards each
one to the network layer. During extraction, the OAL determines the IP
protocol version of each successive original IP packet/parcel 'j' by
examining the four most-significant bits of iH(j), and determines the
length of each one by examining the rest of iH(j) according to the IP
protocol version.When an OAL source prepares a super-packet that includes an IPv6 ND
message with an authentication signature as the first original IP
packet/parcel (i.e., iHa/iDa), it calculates the authentication
signature over the remainder of super-packet. Security and integrity
for forwarding initial data messages in conjunction with IPv6 ND
messages used to establish NCE state are therefore supported. (A
common use case entails a path MPS probe beginning with a signed IPv6
ND message followed by a suitably large NULL packet (e.g., an
IP packet with padding octets added beyond the IP header and with
{Protocol, Next Header} set to 59 ("No Next Header"), a UDP/IP packet
with port number set to '9' ("discard") , etc.)The OAL header of a super packet may also include a Jumbo Payload
option if the total length of all payload packets/parcels exceeds
65535 octets. In that case, the super-packet does not include a
trailing OAL checksum and must be forwarded as an atomic fragment
over an OAL path that supports such large sizes.OAL sources may send NULL OAL packets known as "bubbles" for the
purpose of establishing Network Address Translator (NAT) state on the
path to the OAL destination. The OAL source prepares a bubble by
crafting an OAL header with appropriate IPv6 source and destination
ULAs, with the IPv6 Next Header field set to the value 59 ("No Next
Header" - see ) and with only the trailing OAL
Checksum field (i.e., and no protocol data) immediately following the
IPv6 header.The OAL source includes a random Identification value then
encapsulates the OAL packet in L2 headers destined to either the
mapped address of the OAL destination's first-hop ingress NAT or the
L2 address of the OAL destination itself. When the OAL source sends
the resulting carrier packet, any egress NATs in the path toward the
L2 destination will establish state based on the activity but the
bubble will be harmlessly discarded by either an ingress NAT on the
path to the OAL destination or by the OAL destination itself.The bubble concept for establishing NAT state originated in and was later updated by .
OAL bubbles may be employed by mobility services such as AERO.OMNI Hosts are end systems that connect to the OMNI link over ENET
underlay interfaces (i.e., either via an OMNI interface or as a
sublayer of the ENET interface itself). Each ENET is connected to the
rest of the OMNI link by a Client that receives an MNP delegation.
Clients delegate MNP addresses and/or sub-prefixes to ENET nodes
(i.e., Hosts, other Clients, routers and non-OMNI hosts) using
standard mechanisms such as DHCP and IPv6 Stateless Address AutoConfiguration
(SLAAC) . Clients forward original IP
packets/parcels between their ENET Hosts and peers on external
networks acting as routers and/or OAL intermediate nodes.OMNI Hosts coordinate with Clients and/or other Hosts connected to
the same ENET using OMNI L2 encapsulation of IPv6 ND messages without
including OAL encapsulation. The L2 encapsulation headers and ND
messages both use the MNP-based addresses assigned to ENET underlay
interfaces as source and destination addresses (i.e., instead of
ULAs). For IPv4 MNPs, the ND messages use IPv4-Compatible IPv6
addresses in place of the IPv4 addresses.Hosts discover Clients by sending encapsulated RS messages using an
OMNI link IP anycast address (or the unicast address of the Client) as
the RS L2 encapsulation destination as specified in . The Client configures the IPv4 and/or IPv6 anycast
addresses for the OMNI link on its ENET interface and advertises the
address(es) into the ENET routing system. The Client then responds to
the encapsulated RS messages by sending an encapsulated RA message
that uses its ENET unicast address as the source. (To differentiate
itself from an INET border Proxy/Server, the Client sets the RA
message OMNI Interface Attributes sub-option LHS field to 0 for the
Host's interface index. When the RS message includes an L2 anycast
destination address, the Client also includes an Interface Attributes
sub-option for interface index 0 to inform the Host of its L2 unicast
address - see: for full details on the RS and
RA message contents.)Hosts coordinate with peer Hosts on the same ENET by sending
encapsulated NS messages to receive an NA reply. (Hosts determine
whether a peer is on the same ENET by matching the peer's IP address
with the MNP (sub)-prefix for the ENET advertised in the Client's RA
message .) Each ENET peer then creates a NCE
and synchronizes Identification windows the same as for OMNI link
neighbors, and the Host can then engage in OMNI link transactions with
the Client and/or other ENET Hosts. By coordinating with the Client in
this way, the Host treats the Client as if it were an ANET
Proxy/Server, and the Client provides the same services that a
Proxy/Server would provide. By coordinating with other Hosts, the peer
hosts can exchange large IP packets/parcels over the ENET using
encapsulation and fragmentation if necessary.When a Host prepares an original IP packet/parcel, it uses the IP
address of its OMNI interface (which is the same as the IP address of
the underlying native ENET interface) as the source and the IP address
of the (remote) peer as the destination. The Host next performs parcel
segmentation if necessary (see: ) then
encapsulates the packet/parcel in OMNI L2 headers while setting the
L2 source to the L3 source address and L2 destination to either the
L3 destination address if the peer is on the local ENET, or to the
IP address of the Client otherwise. The Host can then proceed to
exchange packets/parcels with the destination, either directly or
via the Client as an intermediate node.The encapsulation procedures are coordinated per , except that the OMNI L2 encapsulation header is
followed by a Type value of '3' as the first four bits of an OCH-3
OMNI compressed header that includes Fragment Header information (see:
). When the L2 encapsulation is based on an EUI
or IPv4 address, the Host next translates the
encapsulation header into an IPv6 header with compatible addresses
that include the N octets of the EUI or IPv4 address in the N least
significant bits of the IPv6 address while setting the (16-N) most
significant octets to 0. Next, for IPv4 ENETs the Host sets the {IPv6
Traffic Class, Payload Length, Next Header, Hop Limit} fields
according to the IPv4 {Type of Service, Total Length, Protocol, TTL}
fields, respectively and also sets Flow Label to 0. The Host then
calculates an OAL checksum (using a pseudo-header based on this IPv6
header instead of an OAL header), writes the value as the final 2
octets of the encapsulation then applies IPv6 fragmentation to produce
IPv6 fragments no smaller than the MPS the same as described in . The Host next translates the IPv6 encapsulation
headers back to OMNI L2 headers for the native ENET address format and
with Type set to 3 to indicate the presence of an OCH-3 header. The
Host finally sends the resultant carrier packets to the ENET peer.When the ENET peer receives the carrier packets, it first
translates the OMNI L2 headers back to IPv6 headers with compatible
addresses and translates the OCH-3 headers into IPv6 Fragment Headers
the same as above. The peer then reassembles and verifies the OAL
checksum. If the checksum is correct, the peer next removes the
encapsulation headers and applies parcel reconstitution if necessary.
The peer then either delivers the original IP packet/parcel to the
transport layers if the peer hosts the final destination or forwards
the packet/parcel via the next hop if the peer is a Client acting as
an intermediate node.Hosts and Clients that initiate OMNI-based original IP
packet/parcel transactions should first test the path toward the final
destination using the parcel path qualification procedure specified in
. An OMNI Host that sends
and receives parcels need not implement the full OMNI interface
abstraction but MUST implement enough of the OAL to be capable of
fragmenting and reassembling maximum-length encapsulated IP
packets/parcels and sub-parcels as discussed above and in the
following section.Note: Hosts and their peer Clients/Hosts on the same ANET/ENET can
improve efficiency by forwarding original IP packets/parcels that do
not require fragmentation as direct encapsulations within the OMNI L2
header and without including an OCH-3 header. In that case, the first
four bits immediately following the OMNI L2 encapsulation header
encode the value '4' for IPv4 or '6' for IPv6. Note that this savings
comes at the expense of omitting a well-behaved Identification, but
this may be an acceptable tradeoff in many secured ANET/ENET
instances.IP parcels are formed by an OMNI Host or Client transport
layer protocol entity identified by the "5-tuple" (source address,
destination address, source port, destination port, protocol number)
when it produces a {TCP,UDP} protocol data unit containing the
concatenation of multiple transport layer protocol segments. The transport
layer protocol entity then presents the buffer and non-final segment size
to the network layer which appends a single {TCP,UDP}/IP header (plus any
extension headers) before presenting the parcel to the OMNI Interface.
Transport and network protocol formatting and processing rules as well
as parcellation and reconstitution procedures for IP parcels are
specified in , while
detailed OAL encapsulation and fragmentation procedures are
specified here.When the network layer forwards a parcel, the OMNI interface invokes
the OAL which forwards it to either an intermediate node or the final
destination itself. The OAL source first invokes parcellation by
assigning a monotonically-incrementing (modulo 255) "Parcel ID" and
subdividing the parcel into sub-parcels if necessary as specified in
with each sub-parcel no
larger than the maximum of the path MTU to the next hop or 64KB (minus
headers). The OAL source next performs encapsulation on each
sub-parcel with destination set to the next hop address. If the next
hop is reached via an ANET/INET interface, the OAL source inserts an
OAL header the same as discussed in and sets
the destination to the ULA-MNP of the target Client. If the next hop
is reached via an ENET interface, the OAL source instead inserts an IP
header of the appropriate protocol version for the underlay ENET
(i.e., even if the encapsulation header is IPv4) and sets the
destination to the ENET IP address of the next hop. The OAL source
inserts the encapsulation header even if no actual fragmentation is
needed and/or even if the Jumbo Payload option is present.The OAL source next assigns an appropriate Identification number
that is monotonically-incremented for each consecutive sub-parcel,
calculates and appends the OAL checksum, then performs IPv6
fragmentation over the sub-parcel if necessary to create fragments
small enough to traverse the path to the next hop. (If the
encapsulation header is IPv4, the OAL source first translates the
encapsulation header into an IPv6 header with IPv4-Compatible IPv6
addresses before performing the fragmentation/reassembly operation
while inserting the IPv6 Fragment Header.) The OAL source then writes
the "Parcel ID" and sets/clears the "(P)arcel" and "(More)
(S)ub-Parcels" bits in the Fragment Header of the first fragment (see:
). (The OAL source sets P to 1 for a
parcel or to 0 for a non-parcel. When P is 1, the OAL next sets S to 1
for non-final sub-parcels or to 0 if the sub-parcel contains the final
segment.) The OAL source then sends each resulting carrier packet to
the next hop, i.e., after first translating the IPv6 encapsulation
header back to IPv4 if necessary.When the OAL destination receives the carrier packets, it reassembles
if necessary (i.e., after first translating the IPv4 encapsulation header
to IPv6 if necessary). If the P flag in the first fragment is 0, the OAL
destination then
processes the reassembled entity as an ordinary IP packet; otherwise
it continues processing as a sub-parcel. If the OAL destination is not
the final destination, it can optionally retain the sub-parcels along
with their Parcel ID and Identification values for a brief time for
opportunistic reconstitution with peer sub-parcels of the same original
parcel identified by the 3-tuple consisting of the adaptation layer
(OAL source, OAL destination, Parcel ID). (Note that the OAL
destination must not consult the parcel's network layer "5-tuple" at
the adaptation layer, since it is possible that multiple sub-parcels
of the same parcel may be forwarded over different network paths). The
OAL destination performs adaptation layer reconstitution by concatenating
the segments included in sub-parcels with the same Parcel ID and with
Identification values within 256 of one another to create a larger
sub-parcel possibly even as large as the entire original (sub)parcel.
Order of concatenation need not be strictly observed, with the exception
that a sub-parcel that sets any TCP control flags must occur as a first
concatenation, and the final sub-parcel (i.e., the one with S set to 0)
must occur as a final concatenation and not as an intermediate. The OAL
destination then appends a common {TCP,UDP}/IP header plus extensions
to each re-combined sub-parcel as specified in
.When the OAL destination is not the final destination, it next
forwards the reconstituted (sub-)parcel(s) to the next hop toward the
final destination while ensuring that the S flag remains set to 0 in
the sub-parcel that contains the final segment. When the parcel or
sub-parcels arrive at the final destination, it performs network
layer reconstitution to form the largest possible (sub)-parcels
(while honoring the S flag) then delivers them to the transport
layer entity which acts on the enclosed 5-tuple information
supplied by the original source.The Parcel Path Qualification procedures specified in require a new Code value in the
ICMPv6 PTB field to identify a Parcel Reply. These ICMPv6 PTB messages
are always encapsulated according to OMNI rules and are processed only
by nodes that implement at least enough of the OMNI specification to
recognize the messages. This document therefore defines a new ICMPv6
PTB Code value 3 for Parcel Reply messages (see: ).Note: IP Parcels may also originate from a non-OMNI original source
and travel over multiple parcel-capable IP links before reaching an
OMNI link ingress node (i.e., either a Client or Proxy/Server acting
as a "relay"). The ingress node then forwards the parcel into the OMNI
link according to the rules established above for locally-generated
parcels, with the exception that the parcel IP TTL/Hop Limit is
decremented. Similarly, when the IP parcel arrives at the OMNI link
egress node (i.e., either a Client or Proxy/Server acting as a
"relay"), the parcel may travel over multiple parcel-capable IP links
before reaching the final destination.Note: The OAL destination process of reconstituting parcels at
the adaptation layer is optional, and should be avoided in cases
where performance could be negatively impacted. It is always acceptable
(albeit sometimes sub-optimal) for the OAL destination to forward
sub-parcels on toward the final destination without performing
adaptation layer reconstitution, since each sub-parcel will contain
a well-formed header and an integral number of transport layer protocol
segments and with the S flag set appropriately. The final destination
can then optionally perform network layer reconstitution independently
of any adaptation layer reconstitution that may have been applied by
the OAL.In light of the above, OAL sources, destinations and intermediate
nodes observe the following normative requirements:OAL sources MUST forward original IP packets/parcels either
larger than the OMNI interface MRU or smaller than the minimum MPS
minus the trailing checksum size as atomic fragments (i.e., and
not as multiple fragments).OAL sources MUST produce non-final fragments with payloads no
smaller than the minimum MPS during fragmentation.OAL intermediate nodes SHOULD and OAL destinations MUST
unconditionally drop any non-final OAL fragments with payloads
smaller than the minimum MPS.OAL destinations MUST drop any new OAL fragments with offset
and length that would overlap with other fragments and/or leave
holes smaller than the minimum MPS between fragments that have
already been received.Note: Under the minimum MPS, an ordinary 1500-octet original IP
packet/parcel would require at most 4 OAL fragments, with each
non-final fragment containing 400 payload octets and the final
fragment containing 302 payload octets (i.e., the final 300 octets of
the original IP packet/parcel plus the 2-octet trailing checksum). For
all packet/parcel sizes, the likelihood of successful reassembly may
improve when the OMNI interface sends all fragments of the same
fragmented OAL packet consecutively over the same underlay interface
pair instead of spread across multiple underlay interface pairs.
Finally, an assured minimum/path MPS allows continuous operation over
all paths including those that traverse bridged L2 media with
dissimilar MTUs.Note: Certain legacy network hardware of the past millennium was
unable to accept IP fragment "bursts" resulting from a fragmentation
event - even to the point that the hardware would reset itself when
presented with a burst. This does not seem to be a common problem in
the modern era, where fragmentation and reassembly can be readily
demonstrated at line rate (e.g., using tools such as 'iperf3') even
over fast links on ordinary hardware platforms. Even so, while the OAL
destination is reporting reassembly congestion (see: ) the OAL source could impose "pacing" by inserting an
inter-fragment delay and increasing or decreasing the delay according
to congestion indications.As discussed in Section 3.7 of , there are
four basic threats concerning IPv6 fragmentation; each of which is
addressed by effective mitigations as follows:Overlapping fragment attacks - reassembly of overlapping
fragments is forbidden by ; therefore,
this threat does not apply to the OAL.Resource exhaustion attacks - this threat is mitigated by
providing a sufficiently large OAL reassembly cache and
instituting “fast discard” of incomplete reassemblies
that may be part of a buffer exhaustion attack. The reassembly
cache should be sufficiently large so that a sustained attack does
not cause excessive loss of good reassemblies but not so large
that (timer-based) data structure management becomes
computationally expensive. The cache should also be indexed based
on the arrival underlay interface such that congestion experienced
over a first underlay interface does not cause discard of
incomplete reassemblies for uncongested underlay interfaces.Attacks based on predictable fragment identification values -
in environments where spoofing is possible, this threat is
mitigated through the use of Identification windows beginning with
unpredictable values per . By maintaining
windows of acceptable Identifications, OAL neighbors can quickly
discard spurious carrier packets that might otherwise clutter the
reassembly cache. The OAL additionally provides an integrity check
to detect corruption that may be caused by spurious fragments
received with in-window Identification values.Evasion of Network Intrusion Detection Systems (NIDS) - since
the OAL source employs a robust MPS, network-based firewalls can
inspect and drop OAL fragments containing malicious data thereby
disabling reassembly by the OAL destination. However, since OAL
fragments may take different paths through the network (some of
which may not employ a firewall) each OAL destination must also
employ a firewall.IPv4 includes a 16-bit Identification (IP ID) field with only
65535 unique values such that at high data rates the field could wrap
and apply to new carrier packets while the fragments of old carrier
packets using the same IP ID are still alive in the network . Since carrier packets sent via an IPv4 path with
DF=0 are normally no larger than 576 octets, IPv4 fragmentation is
possible only at small-MTU links in the path which should support data
rates low enough for safe reassembly . (IPv4
carrier packets larger than 576 octets with DF=0 may incur high data
rate reassembly errors in the path, but the OAL checksum provides OAL
destination integrity assurance.) Since IPv6 provides a 32-bit
Identification value, IP ID wraparound at high data rates is not a
concern for IPv6 fragmentation.Fragmentation security concerns for large IPv6 ND messages are
documented in . These concerns are addressed
when the OMNI interface employs the OAL instead of directly
fragmenting the IPv6 ND message itself. For this reason, OMNI
interfaces MUST NOT send IPv6 ND messages larger than the OMNI
interface MTU, and MUST employ OAL encapsulation and fragmentation for
IPv6 ND messages larger than the minimum/path MPS for this OAL
destination.Unless the path is secured at the network layer or below (i.e., in
environments where spoofing is possible), OMNI interfaces MUST NOT
send ordinary carrier packets with Identification values outside the
current window and MUST secure IPv6 ND messages used for address
resolution or window state synchronization. OAL destinations SHOULD
therefore discard without reassembling any out-of-window OAL fragments
received over an unsecured path.When the OMNI interface forwards original IP packets/parcels from the
network layer it first invokes OAL encapsulation and fragmentation, then
wraps each resulting OAL packet/fragment in any necessary L2 headers to
produce carrier packets according to the native frame format of the
underlay interface. For example, for Ethernet-compatible interfaces the
frame format is specified in , for aeronautical
radio interfaces the frame format is specified in standards such as ICAO
Doc 9776 (VDL Mode 2 Technical Manual), for various forms of tunnels the
frame format is found in the appropriate tunneling specification,
etc.When the OMNI interface encapsulates an OAL packet/fragment directly
over an Ethernet-compatible link layer, the over-the-wire transmission
format is shown in :|
]]>The format includes a standard Ethernet Header ("eth-hdr")
with EtherType TBD2 (see: ) followed by an
Ethernet Payload that includes a 2-octet OAL Length field followed by
an OAL (or native IPv6/IPv4) Packet/Fragment. The Ethernet Payload is
then followed by a standard Ethernet Trailer ("eth-trail").The OAL Packet/Fragment begins with a 4-bit "Type/Version" as
discussed in . When "Type/Version" encodes '1'
or '2', the OAL Packet/Fragment includes a compressed OAL IPv6
header and OAL Length MUST encode the value that would appear in the
uncompressed header Payload Length. When "Type/Version" encodes '3',
the OAL header is compressed away entirely and only a Fragment/Jumbo
header appears as the leading portion of the Packet/Fragment.When "Type/Version" encodes '0', '4' or '6', the OAL Packet/Fragment
instead includes an uncompressed OAL IPv6, native IPv4, or native IPv6
header (respectively). In that case, the IP header {Total, Payload}
and/or Jumbo Payload Length fields determine the packet/fragment
length and the OAL Length field in the Ethernet Payload is unused
(noting that future documents MAY specify an alternate use).See for a map of the various L2
layering combinations possible. For any layering combination, the final
layer (e.g., UDP, IP, Ethernet, etc.) must have an assigned number and
frame format representation that is compatible with the selected
underlay interface.Note: For IP parcels/jumbograms larger than 65535 octets submitted
for direct link layer encapsulation, the Ethernet Payload following
the OAL Length must begin with a native IPv4/IPv6 header, an OCH-0
or an OCH-3 with J flag set to 1. requires that nodes assign Link-Local
Addresses (LLAs) to all interfaces, and that routers use their LLAs as
the source address for RA and Redirect messages. OMNI interfaces honor
the first requirement, but do not honor the second since the OMNI link
could consist of the concatenation of multiple links with diverse ULA
prefixes (see ) but for which multiple
nodes might configure identical interface identifiers (IIDs). OMNI
interface LLAs are therefore considered only as context for IID
formation as discussed below and have no other operational role.OMNI interfaces assign IPv6 LLAs through pre-service administrative
actions. Clients assign "LLA-MNPs" with IIDs that embed the Client's
unique MNP, while Proxy/Servers assign "LLA-RNDs" that include a
randomly-generated IIDs generated as specified in . LLAs are configured as follows:IPv6 LLA-MNPs encode the most-significant 64 bits of an MNP
within the least-significant 64 bits of the IPv6 link-local prefix
fe80::/64, i.e., in the IID portion of the LLA. The LLA prefix
length is determined by adding 64 to the MNP prefix length. e.g.,
for the MNP 2001:db8:1000:2000::/56 the corresponding LLA-MNP prefix
is fe80::2001:db8:1000:2000/120. (The base LLA-MNP for each "/N"
prefix sets the final 128-N bits to 0, but all LLA-MNPs that match
the prefix are also accepted.) Non-MNP IPv6 prefix-based LLAs are
also represented the same as for LLA-MNPs, but include a GUA prefix
that is not properly covered by the MSP.IPv4-Compatible LLA-MNPs are constructed as fe80::{IPv4-Prefix},
i.e., the IID consists of 32 '0' bits followed by a 32 bit IPv4
address/prefix, which may be either public or private in
correspondence with the network layer addressing plan. The
IPv4-Compatible LLA-MNP prefix length is determined by adding 96 to
the IPv4 prefix length. For example, the IPv4-Compatible LLA-MNP for
192.0.2.0/24 is fe80::192.0.2.0/120, also written as
fe80::c000:0200/120. (The base LLA-MNP for each "/N" prefix sets the
final 128-N bits to 0, but all LLA-MNPs that match the prefix are
also accepted.) Non-MNP IPv4 prefix-based LLAs are also represented
the same as for LLA-MNPs, but include a GUA prefix that is not
properly covered by the MSP.LLA-RNDs are randomly-generated and assigned to Proxy/Servers and
other SRT infrastructure elements. They may also be assigned by
Clients to support the MNP delegation process. The upper 72 bits of
the LLA-RND encode the prefix fe80::/72, and the lower 56 bits
include a randomly-generated candidate pseudo-random value
configured as specified in ;
if the most significant 24 bits of the 56 bit candidate encodes the value
'0', the node generates a new candidate to obtain one with a different
most significant 24 bits to avoid overlap with IPv4-Compatible
LLAs.The address fe80::/128 (i.e., the LLA /64 prefix followed by an
all-zero IID) is considered the LLA Subnet Router Anycast
addressSince the prefix 0000::/8 is "Reserved by the IETF" , no MNPs can be allocated from that block ensuring
that there is no possibility for overlap between the different MNP and
RND LLA constructs discussed above.Since LLA-MNPs are based on the distribution of administratively
assured unique MNPs, and since LLA-RNDs are assumed unique through
pseudo-random assignment, OMNI interfaces set the autoconfiguration
variable DupAddrDetectTransmits to 0 .Note: If future protocol extensions relax the 64-bit boundary in IPv6
addressing, the additional prefix bits of an MNP could be encoded in
bits 16 through 63 of the LLA-MNP. (The most-significant 64 bits would
therefore still be in bits 64-127, and the remaining bits would appear
in bits 16 through 48.) However, this would interfere with the
relationship between OMNI LLAs and ULAs (see: ) and render many OMNI functions inoperable. The
analysis provided in furthermore suggests that
the 64-bit boundary will remain in the IPv6 architecture for the
foreseeable future.OMNI links use IPv6 Unique-Local Addresses (ULAs) as the source and
destination addresses in both IPv6 ND messages and OAL packet IPv6
encapsulation headers. ULAs are routable only within the scope of an
OMNI link, and are derived from the IPv6 Unique Local Address prefix
fd00::/8 (i.e., the prefix fc00::/7 followed by the L bit set to 1).
When the first 16 bits of the ULA encode the value fd00::/16, the
address is considered as either a Temporary ULA (TLA) or an eXtended ULA
(XLA) - see below. For all other ULAs, the 56 bits following fd00::/8
encode a 40-bit Global ID followed by a 16-bit Subnet ID as specified in
Section 3 of . All OMNI link ULA types finally
include a 64-bit value in the IID portion of the address ULA::/64 as
specified below.When a node configures a ULA for OMNI, it selects a 40-bit Global ID
for the OMNI link initialized to a candidate pseudo-random value as
specified in Section 3 of ; if the most
significant 8 bits of the candidate encodes the value '0', the node
selects a new candidate until it obtains one with a different most
significant 8 bits. All nodes on the same OMNI link use the same Global
ID, and statistical uniqueness of the pseudo-random Global ID provides a
unique OMNI link identifier allowing different links to be joined
together in the future without requiring renumbering.Next, for each logical segment of the same OMNI link the node selects
a 16-bit Subnet ID value between 0x0000 and 0xffff. Nodes on the same
logical segment configure the same Subnet ID, but nodes on different
segments of the same OMNI link can still exchange IPv6 ND messages as
single-hop neighbors even if they configure different Subnet IDs. When a
node moves to a different OMNI link segment, it resets the Global ID and
Subnet ID value according to the new segment but need not change the
IID.ULAs and their associated prefix lengths are configured in
correspondence with LLAs through stateless prefix translation where
"ULA-MNPs" simply copy the IIDs of their corresponding LLA-MNPs and
"ULA-RNDs" simply copy the IIDs of their corresponding LLA-RNDs. For
example, for the OMNI link ULA prefix fd{Global}:{Subnet}::/64:the ULA-MNP corresponding to the LLA-MNP fe80::2001:db8:1:2 with
a 56-bit MNP length is simply fd{Global}:{Subnet}:2001:db8:1:2/120
(where, the ULA prefix length becomes 64 plus the IPv6 MNP
length).the ULA-MNP corresponding to fe80::192.0.2.0 with a 28-bit MNP
length is simply fd{Global}:{Subnet}::192.0.2.0/124 (where, the ULA
prefix length becomes 96 plus the IPv4 MNP length).the ULA-RND corresponding to fe80::0012:3456:789a:bcde is simply
fd{Global}:{Subnet}::0012:3456:789a:bcde/128.the Subnet Router Anycast ULA corresponding to fe80::/128 is
simply fd{Global}:{Subnet}::/128.The ULA presents an IPv6 address format that is routable within the
OMNI link routing system and can be used to convey link-scoped (i.e.,
single-hop) IPv6 ND messages across multiple hops through IPv6
encapsulation . The OMNI link extends across one
or more underlying Internetworks to include all Proxy/Servers and other
service nodes. All Clients are also considered to be connected to the
OMNI link, however unnecessary encapsulations are omitted whenever
possible to conserve bandwidth (see: ).Clients can configure TLAs when they have no other ULA addresses
by setting the ULA prefix to fd00::/16 followed by a 48-bit
randomly-generated number followed by a random or MNP-based IID
the same as specified in .
XLAs are special-case TLAs that use the prefix fd00::/64; XLAs can
also be formed from LLAs simply by inverting bits 7 and 8 of 'fe80'
to form 'fd00'.OMNI nodes use XLA-MNPs as "default" ULAs for representing MNPs in
the OMNI link routing system. Clients use {TLA,XLA}-MNPs when they
already know their MNP but need to express it outside the context of a
specific ULA prefix, and Proxy/Servers advertise XLA-MNPs into the OMNI
link routing system instead of advertising fully-qualified
{TLA,ULA}-MNPs and/or non-routable LLA-MNPs.{TLAs,XLAs} provide initial "bootstrapping" addresses while the
Client is in the process of procuring an MNP and/or identifying the ULA
prefix for the OMNI link segment; TLAs are not advertised into the OMNI
link routing system but can be used for Client-to-Client communications
within a single {A,I,E}NET when no OMNI link infrastructure is present.
Within each individual {A,I,E}NET, TLAs employ optimistic DAD principles
since they are statistically unique.Each OMNI link may be subdivided into SRT segments that often
correspond to different administrative domains or physical partitions.
Each SRT segment is identified by a different Subnet ID within the same
ULA ::/48 prefix. Multiple distinct OMNI links with different ULA ::/48
prefixes can also be joined together into a single unified OMNI link
through simple interconnection without requiring renumbering. In that
case, the (larger) unified OMNI link routing system may carry multiple
distinct ULA prefixes.OMNI nodes can use Segment Routing to
support efficient forwarding to destinations located in other OMNI link
segments. A full discussion of Segment Routing over the OMNI link
appears in .Note: IPv6 ULAs taken from the prefix fc00::/7 followed by the L bit
set to 0 (i.e., as fc00::/8) are never used for OMNI OAL addressing,
however the range could be used for MSP/MNP addressing under certain
limiting conditions (see: ). When used within the
context of OMNI, ULAs based on the prefix fc00::/8 are referred to as
"ULA-C's".Note: When they appear in the OMNI link routing table, ULA-RNDs
always use prefix lengths between /48 and /64 (or, /128) while XLA-MNPs
always use prefix lengths between /65 and /128. {TLA,ULA}-MNPs and
{TLA,XLA}-RNDs should never appear in the OMNI link routing table, but
may appear in {A,I,E}NET routing tables.OMNI domains use IP Global Unicast Address (GUA) prefixes as Mobility Service Prefixes (MSPs) from which Mobile
Network Prefixes (MNP) are delegated to Clients. Fixed correspondent
node networks reachable from the OMNI link are represented by non-MNP
GUA prefixes that are not derived from the MSP, but are treated in all
other ways the same as for MNPs.For IPv6, GUA MSPs are assigned by IANA
and/or an associated Regional Internet Registry (RIR) such that the OMNI
link can be interconnected to the global IPv6 Internet without causing
inconsistencies in the routing system. An OMNI link could instead use
ULAs with the 'L' bit set to 0 (i.e., from the "ULA-C" prefix
fc00::/8), however this would require
IPv6 NAT if the domain were ever connected to the global IPv6
Internet.For IPv4, GUA MSPs are assigned by IANA
and/or an associated RIR such that the OMNI link can be interconnected
to the global IPv4 Internet without causing routing inconsistencies. An
OMNI ANET/ENET could instead use private IPv4 prefixes (e.g.,
10.0.0.0/8, etc.) , however this would require
IPv4 NAT at the INET-to-ANET/ENET boundary. OMNI interfaces advertise
IPv4 MSPs into IPv6 routing systems as IPv4-Compatible IPv6 prefixes
(e.g., the IPv6 prefix for the IPv4 MSP
192.0.2.0/24 is ::192.0.2.0/120).OMNI interfaces assign the IPv4 anycast address TBD3 (see: IANA
Considerations), and IPv4 routers that configure OMNI interfaces
advertise the prefix TBD3/N into the routing system of other networks
(see: IANA Considerations). OMNI interfaces also configure global IPv6
anycast addresses formed according to as:2002:TBD3{32}:MSP{64}:Link-ID{16}where TBD3{32} is the 32 bit IPv4 anycast address and MSP{64} encodes
an MSP zero-padded to 64 bits (if necessary). For example, the OMNI IPv6
anycast address for MSP 2001:db8::/32 is
2002:TBD3{32}:2001:db8:0:0:{Link-ID}, the OMNI IPv6 anycast address for
MSP 192.0.2.0/24 is 2002:TBD3{32}::c000:0200:{Link-ID}, etc.).The 16-bit Link-ID in the OMNI IPv6 anycast address identifies a
specific OMNI link within the domain that services the MSP. The special
Link-ID value '0' is a wildcard that matches all links, while all other
values identify specific links. Mappings between Link-ID values and the
ULA Global IDs assigned to OMNI links are outside the scope of this
document.OMNI interfaces assign OMNI IPv6 anycast addresses, and IPv6 routers
that configure OMNI interfaces advertise the corresponding prefixes into
the routing systems of other networks. An OMNI IPv6 anycast prefix is
formed the same as for any IPv6 prefix; for example, the prefix
2002:TBD3{32}:2001:db8::/80 matches all OMNI IPv6 anycast addresses
covered by the prefix. When IPv6 routers advertise OMNI IPv6 anycast
prefixes in this way, Clients can locate and associate with either a
specific OMNI link or any OMNI link within the domain that services the
MSP of interest.OMNI interfaces use OMNI IPv6 and IPv4 anycast addresses to support
Service Discovery in the spirit of , i.e., the
addresses are not intended for use in long-term transport protocol
sessions. Specific applications for OMNI IPv6 and IPv4 anycast addresses
are discussed throughout the document as well as in .OMNI Clients and Proxy/Servers that connect over open Internetworks
include a unique node identification value for themselves in the OMNI
options of their IPv6 ND messages (see: ). An
example identification value alternative is the Host Identity Tag (HIT)
as specified in , while Hierarchical HITs
(HHITs) may be more appropriate for
certain domains such as the Unmanned (Air) Traffic Management (UTM)
service for Unmanned Air Systems (UAS). Another example is the
Universally Unique IDentifier (UUID) which can
be self-generated by a node without supporting infrastructure with very
low probability of collision.When a Client is truly outside the context of any infrastructure, it
may have no MNP information at all. In that case, the Client can use a
TLA or (H)HIT as an IPv6 source/destination address for sustained
communications in Vehicle-to-Vehicle (V2V) and (multihop)
Vehicle-to-Infrastructure (V2I) scenarios. The Client can also propagate
the ULA/(H)HIT into the multihop routing tables of (collective)
Mobile/Vehicular Ad-hoc Networks (MANETs/VANETs) using only the vehicles
themselves as communications relays.When a Client connects via a protected-spectrum ANET, an alternate
form of node identification (e.g., MAC address, serial number, airframe
identification value, VIN, etc.) embedded in a ULA may be sufficient.
The Client can then include OMNI "Node Identification" sub-options (see:
) in IPv6 ND messages should the need to transmit
identification information over the network arise.HHITs provide an especially useful construct since they appear as
properly-formed IPv6 GUAs and can therefore be assigned to interfaces.
Clients may assign an HHIT to their OMNI interface to support peer-to-peer
communications with other OMNI nodes that configure HHITs within the
same OMNI link segment without the need for encapsulation. Clients may
inject their HHIT into the local routing system of each OMNI link segment,
but Proxy/Servers must not inject HHITs into the OMNI link global routing
system.OMNI interfaces maintain a network layer conceptual neighbor cache
per or the same as for
any IP interface, and (for IPv6) use the link-local
address format specified in . The network
layer maintains state through static and/or dynamic Neighbor Cache
Entry (NCE) configurations.Each OMNI interface also maintains a separate internal adaptation
layer conceptual neighbor cache that includes a NCE for the unique-local
address of each of its active OAL
neighbors (see: ). For each peer NCE,
OAL neighbors also maintain AERO Forwarding Vectors (AFVs) which
map per-interface-pair parameters. Throughout this document, the
terms "neighbor cache", "NCE" and "AFV" refer to this OAL neighbor
information unless otherwise specified.IPv6 Neighbor Discovery (ND) messages sent
over OMNI interfaces without OAL encapsulation observe the native
underlay interface Source/Target Link-Layer Address Option (S/TLLAO)
format (e.g., for Ethernet the S/TLLAO is specified in ). IPv6 ND messages sent from within the OMNI
interface using OAL encapsulation do not include S/TLLAOs, but instead
include a new option type that encodes OMNI link-specific information.
Hence, this document does not define a new S/TLLAO format but instead
defines a new option type termed the "OMNI option" designed for these
purposes. (Note that OMNI interface IPv6 ND messages sent without
encapsulation may include both OMNI options and S/TLLAOs, but the
information conveyed in each is mutually exclusive.)For each IPv6 ND message, the OMNI interface includes one or more
OMNI options (and any other ND message options) then completely
populates all option information. OMNI options should be padded
when necessary to ensure that they end on their natural 64-bit
boundaries the same as for any IPv6 ND message option.If the OMNI interface includes an OMNI option with an authentication
signature, it first sets the signature field to 0 then calculates the
authentication signature beginning after the IPv6 ND message header
checksum field. The OMNI interface extends the calculation over the
entire length of the ND message (as well as any concatenated extensions
in the case of a super-packet) then writes the authentication signature
value into the appropriate OMNI authentication sub-option field.The OMNI interface then applies any non-OMNI authentication
signatures, then calculates the IPv6 ND message checksum per
beginning with a pseudo-header of the IPv6
header and writes the value into the Checksum field. OMNI interfaces
verify first integrity then authenticity of each IPv6 ND message or
super-packet received, and process the message further only following
successful verification.OMNI interface Clients such as aircraft typically have multiple
wireless data link types (e.g. satellite-based, cellular, terrestrial,
air-to-air directional, etc.) with diverse performance, cost and
availability properties. The OMNI interface would therefore appear to
have multiple L2 connections, and may include information for multiple
underlay interfaces in a single IPv6 ND message exchange. OMNI
interfaces manage their dynamically-changing multilink profiles by
including OMNI options in IPv6 ND messages as discussed in the
following subsections.OMNI options appear in IPv6 ND messages formatted as shown in :In this format:Type is set to TBD4 (see: IANA Considerations).Length is set to the number of 8-octet blocks in the option.
The value 0 is invalid, while the values 1 through 255 (i.e., 8
through 2040 octets, respectively) indicate the total length of
the OMNI option. If multiple OMNI option instances appear in the
same IPv6 ND message, the union of the contents of all OMNI
options is accepted unless otherwise qualified for specific
sub-options below.Sub-Options is a Variable-length field padded with Pad1/N
sub-options if necessary (see below) such that the complete
OMNI Option is an integer multiple of 8 octets long. The
Sub-Options field contains zero or more sub-options as
specified in .The OMNI option is included in OMNI interface IPv6 ND
messages; the option is processed by receiving interfaces that
recognize it and otherwise ignored. The OMNI interface processes all
OMNI option instances received in the same IPv6 ND message in the
consecutive order in which they appear. The OMNI option(s) included in
each IPv6 ND message may include full or partial information for the
neighbor. The OMNI interface therefore retains the union of the
information in the most recently received OMNI options in the
corresponding NCE.Each OMNI option includes a Sub-Options block containing zero or
more individual sub-options. Each consecutive sub-option is
concatenated immediately following its predecessor. All sub-options
except Pad1 (see below) are in an OMNI-specific type-length-value
(TLV) format encoded as follows: Sub-Type is a 5-bit field that encodes the sub-option type.
Sub-option types defined in this document are:Sub-Types 17-29 are available for future assignment for
major protocol functions, while Sub-Type 30 supports scalable
extension to include other functions. Sub-Type 31 is reserved by
IANA.Sub-Length is an 11-bit field that encodes the length of the
Sub-Option Data in octets.Sub-Option Data is a block of data with format determined by
Sub-Type and length determined by Sub-Length. Note that each
sub-option is concatenated consecutively with the previous and
may therefore begin and/or end on an arbitrary octet boundary.The OMNI interface codes each sub-option with a 2-octet
header that includes Sub-Type in the most significant 5 bits followed
by Sub-Length in the next most significant 11 bits. Each sub-option
encodes a maximum Sub-Length value of 2038 octets minus the lengths
of the OMNI option header and any preceding sub-options. This allows
ample Sub-Option Data space for coding large objects (e.g., ASCII
strings, domain names, protocol messages, security codes, etc.),
while a single OMNI option is limited to 2040 octets the same as
for any IPv6 ND option.The OMNI interface codes initial sub-options in a first OMNI option
instance and any additional sub-options in additional instances in the
same IPv6 ND message in the intended order of processing. If the
size of all OMNI options with their sub-options would cause the IPv6
ND message to exceed the OMNI interface MTU, the OMNI interface can
code any remaining sub-options in additional IPv6 ND messages.The OMNI interface processes all OMNI options received in an
IPv6 ND message while skipping over and ignoring any
unrecognized sub-options. The OMNI interface processes the sub-options
of all OMNI option instances in the consecutive order in which they
appear in the IPv6 ND message, beginning with the first instance and
continuing through any additional instances to the end of the message.
If an individual sub-option length would cause processing to exceed
the OMNI option instance and/or IPv6 ND message lengths, the OMNI
interface accepts any sub-options already processed and ignores the
remainder of that instance. The interface then processes any remaining
OMNI option instances in the same fashion to the end of the IPv6 ND
message.IPv6 ND messages that require OMNI authentication services MUST
include a Node Identification sub-option as the first sub-option of
the first OMNI option, and MUST include some form of authentication
(e.g., HMAC, HIP, QUIC, etc.) as the immediately next sub-option
whether in the same or different OMNI option. A single IPv6 ND
messages may include only one OMNI authentication service sub-option;
if multiple are included, the first sub-option is processed and all
others are ignored. The IPv6 ND message may also include non-OMNI
authentication options such as those specified in
or either instead
of or in addition to an OMNI authentication option. Nodes that
receive IPv6 ND messages over unsecured underlying networks first
verify the IPv6 ND message checksum then authenticate the message
by processing any authentication options/sub-options.Note: large objects that exceed the maximum Sub-Option Data length
are not supported under the current specification; if this proves to
be limiting in practice, future specifications may define support for
fragmenting large sub-options across multiple OMNI options within the
same IPv6 ND message (or even across multiple IPv6 ND messages, if
necessary).The following sub-option types and formats are defined in this
document:Sub-Type is set to 0. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Type is followed by 3 'x' bits, set to any value on
transmission (typically all-zeros) and ignored on reception.
Pad1 therefore consists of a single octet with the most significant
5 bits set to 0, and with no Sub-Length or Sub-Option Data fields
following.If more than a single octet of padding is required, the PadN
option, described next, should be used, rather than multiple Pad1
options.Sub-Type is set to 1. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N that encodes the number of padding
octets that follow.Sub-Option Data consists of N octets, set to any value on
transmission (typically all-zeros) and ignored on receipt.When a proxy forwards an IPv6 ND message with OMNI options,
it can employ PadN to void any non-Pad1 sub-options that should not
be processed by the next hop by simply writing the value
'1' over the Sub-Type. When the proxy alters the IPv6 ND message
contents in this way, any included authentication and integrity
checks are invalidated. See: for a
discussion of IPv6 ND message authentication and integrity.The Node Identification sub-option includes a form of
identification for the node, and (when present) must appear as the
first sub-option of the first OMNI option in each IPv6 ND message.At least one instance of the sub-option must be present in messages
that also include an OMNI authentication service sub-option. If multiple
instances appear in OMNI options of the same IPv6 ND message the first
instance of a specific ID-Type is processed and all other instances of
the same ID-Type are ignored. (It is therefore possible for a single
IPv6 ND message to convey multiple distinct Node Identifications - each
with a different ID-Type.)The format
and contents of the sub-option are shown in :Sub-Type is set to 2. Multiple instances are processed as
discussed above.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The ID-Type field is always present;
hence, the maximum Node Identification Value length is limited
by the remaining available space in this OMNI option.ID-Type is a 1-octet field that encodes the type of the Node
Identification Value. The following ID-Type values are currently
defined:0 - Universally Unique IDentifier (UUID) . Indicates that Node Identification Value
contains a 16-octet UUID.1 - Host Identity Tag (HIT) .
Indicates that Node Identification Value contains a 16-octet
HIT.2 - Hierarchical HIT (HHIT) . Indicates that Node
Identification Value contains a 16-octet HHIT.3 - Network Access Identifier (NAI) . Indicates that Node Identification Value
contains an (N-1)-octet NAI.4 - Fully-Qualified Domain Name (FQDN) . Indicates that Node Identification Value
contains an (N-1)-octet FQDN.5 - IPv6 Address. Indicates that Node Identification
contains a 16-octet IPv6 address that is not a (H)HIT. The
IPv6 address type is determined according to the IPv6
addressing architecture .6 - 252 - Unassigned.253 - 254 - reserved for experimentation, as recommended in
.255 - reserved by IANA.Node Identification Value is an (N-1)-octet field encoded
according to the appropriate the "ID-Type" reference above.OMNI interfaces code Node Identification Values used for DHCPv6
messaging purposes as a DHCP Unique IDentifier (DUID) using the
"DUID-EN for OMNI" format with enterprise number 45282 (see: ) as shown in :In this format, the OMNI interface codes the ID-Type and Node
Identification Value fields from the OMNI sub-option following a
6-octet DUID-EN header, then includes the entire "DUID-EN for OMNI"
in a DHCPv6 message per .The Authentication sub-option includes a Hashed Message
Authentication Code (HMAC) computed according to and .The Authentication sub-option is formatted as shown in :Sub-Type is set to 3. The Authentication sub-option must
appear at most once in any IPv6 ND message; if multiple
instances appear in OMNI options of the same message
the first is processed and all others are ignored.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the HMAC. The length of the HMAC is
therefore limited by the remaining available space for this
sub-option.Type encodes the authentication algorithm type found in the
IANA "ICMPv6 Parameters - Trust Anchor Option (Type 15) Name
Field" registry, and determines the length of the HMAC. For
example, when Type is 3 the authentication algorithm is SHA-1 and
the HMAC is 160 bits (20 octets) in length, when Type is 5 the
algorithm is SHA-256 and the HMAC is 256 bits (32 octets) in
length, etc. A full list of available Types is found in the
registry, which cites for several
well-known Types.HMAC includes the Hashed Message Authentication Code for this
IPv6 ND message with field length determined by Type. IPv6 ND messages used for window synchronization between Clients
and Proxy/Servers include a Window Synchronization sub-option.The Window Synchronization sub-option is formatted as follows:Sub-Type is set to 4. If instances appear in OMNI options
of the same message, the first is processed and all others
are ignored.Sub-Length is set to 12.Sub-Option Data is modeled from the Transmission Control
Protocol (TCP) header specified in Section 3.1 of
. The field is formatted as a 4-octet Sequence
Number, followed by a 4-octet Acknowledgement Number, followed
by a 1-octet flags field followed by a 3-octet Window size. The TCP
(ACK, RST, SYN) flags are used for TCP-like window synchronization,
while the TCP (CWR, ECE, URG, PSH, FIN) flags are unused. The OPT
flag (discussed in ) is an OMNI-specific
replacement for the TCP URG flag, and the four remaining unused
flags appear as reserved (RES). Together, these fields support
the OAL window synchronization services specified in
.IPv6 ND messages that need to assert/request an MNP prefix
length or assert neighbor control flags can include a simple
Neighbor Control sub-option instead of a full DHCPv6 message
and/or other large sub-options. The Neighbor Control sub-option
is formatted as follows:Sub-Type is set to 5. If multiple instances appear in
OMNI options of the same message, the first is processed
and all others are ignored.Sub-Length is set to a value between 1 and 5, inclusive;
if any other value appears the sub-option is ignored. The
Sub-Length value determines whether flag bit fields follow.Preflen is an 1-octet field that determines the length of
a subject MNP. Values 1 through 64 specify a valid MNP
length; any other value that appears must be ignored. Nodes
should only accept Preflen values in authentic IPv6 ND messages
received through trusted neighbors, since untrusted neighbors
may assert Preflen values they are not authorized to use. Preflen
is interpreted according to the specific IPv6 ND message type
as follows:For RS messages, when the source address contains an MNP
Preflen refers to the RS source address; otherwise it
determines the MNP delegation length the Client wishes to
receive from the service.For RA messages, Preflen refers to the MNP found in the
RA destination address.For NS messages, Preflen refers to the MNP found in the
NS source address.For NA messages, Preflen refers to the MNP found in the
Target Address field within the NA message body.For Redirect messages, Preflen refers to the MNP
found in the Destination Address field within the Redirect
message body.For Sub-length values larger than 1, a first octet containing
neighbor control flags plus up to 3 additional octets follow.
Clients set the Neighbor Unreachability Detection (NUD), Address
Resolution Responder (ARR) and Report (RPT) flags in RS messages
to control the operation of their Proxy/Server neighbors as
discussed in . Nodes set the Synchronous
(u)NA Required (SNR) flag in non-solicitation IPv6 ND messages
(i.e., solicited/unsolicited NA/RA and Redirects) for which they
require a synchronous (but technically "unsolicited") NA reply
(see: ). The next 4
bits following the neighbor control flags are (Reserved1)
and up to 3 additional flag octets (Reserved2 - Reserved4)
follow. Any included Reserved flags must be set to zero on
transmission and ignored on reception (future specifications
may define new values).Note that in the above Preflen applies only to the MNP
itself. Any ULAs/XLAs that include the MNP in the interface
identifier are represented in the forwarding and routing
information as (64 + Preflen).The Interface Attributes sub-option provides neighbors with
forwarding information for the multilink conceptual sending
algorithm discussed in . Neighbors use the
forwarding information to selecting among potentially multiple
candidate underlay interfaces that can be used to forward carrier
packets to the neighbor based on factors such as traffic selectors
and link quality. Interface Attributes further include link layer
address information to be used for either direct INET encapsulation
for targets in the local SRT segment or spanning tree forwarding for
targets in remote SRT segments.OMNI nodes include Interface Attributes for some/all of a source
or target Client's underlay interfaces in NS/NA and uNA messages
used to publish Client information (see: ). At most one Interface Attributes
sub-option for each distinct ifIndex may be included; if an IPv6 ND
message includes multiple Interface Attributes sub-options for the
same ifIndex, the first is processed and all others are ignored.
OMNI nodes that receive NS/NA messages can use all of the included
Interface Attributes and/or Traffic Selectors to formulate a map of
the prospective source or target node as well as to seed the
information to be later populated in an AERO Forwarding Parameters
sub-option (see: ).OMNI Clients and Proxy/Servers also include Interface Attributes
sub-options in RS/RA messages used to initialize, discover and
populate routing and addressing information. Each RS message MUST
contain exactly one Interface Attributes sub-option with an ifIndex
corresponding to the Client's underlay interface used to transmit
the message, and each RA message MUST echo the same Interface
Attributes sub-option with any (proxyed) information populated by
the FHS Proxy/Server to provide operational context.When an FHS Proxy/Server receives an RS message destined to
an anycast L2 address, it MUST include an Interface Attributes
sub-option with ifIndex '0' that encodes its unicast L2 address
relative to the Client's underlay interface immediately after the
Client Interface Attributes sub-option in the solicited RA response.
Any additional Interface Attributes sub-options that appear in
RS/RA messages are ignored.The Interface Attributes sub-option is formatted as shown
below:Sub-Type is set to 6. Multiple instances are processed as
discussed above.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option Data contains an "Interface Attributes" option
encoded as follows:Link encodes a 4-bit link metric. The value '0' means the
link is DOWN, and the remaining values mean the link is UP
with metric ranging from '1' ("lowest") to '15'
("highest").TS-Form is a 4-bit field that encodes the same value that
would appear in an TS Format and
determines the trailing RFC 6088 Format Traffic Selector
type, if present. The following values are currently defined:0 - no traffic selector1 - IPv4 binary traffic selector2 - IPv6 binary traffic selectorifIndex is a 4-octet index value corresponding to a
specific underlay interface. Client OMNI interfaces MUST
number each distinct underlay interface with a non-zero
ifIndex value assigned by network management per and include the value in this field. The
ifIndex value '0' denotes "unspecified".ifType is a 4-octet type value corresponding to this
underlay interface. The value is coded per the
'IANAifType-MIB' registry [http://www.iana.org].ifProvider is a 4-octet provider identifier corresponding
to this underlay interface. This document defines the single
provider identifier value '0' (undefined). Future documents
may define other values.SRT is a 1-octet Segment Routing Topology prefix length
value between 0 and 128 that determines the prefix length
associated with the LHS ULA.FMT - a 1-octet "Forward/Mode/Type" code interpreted as
follows:The most significant two bits (i.e., "FMT-Forward"
and "FMT-Mode") are interpreted in conjunction with one
another. When FMT-Forward is clear, the LHS Proxy/Server
performs OAL reassembly and decapsulation to obtain the
original IP packet/parcel before forwarding. If the
FMT-Mode bit is clear, the LHS Proxy/Server then
forwards the original IP packet/parcel at L3;
otherwise, it invokes the OAL to re-encapsulate,
re-fragment and sends the resulting carrier packets to
the Client via the selected underlay interface. When
FMT-Forward is set, the LHS Proxy/Server forwards
unsecured OAL fragments to the Client without
reassembling, while reassembling secured OAL fragments
before re-fragmenting and forwarding to the Client. If
FMT-Mode is clear, all carrier packets destined to the
Client must always be sent via the LHS Proxy/Server;
otherwise the Client is eligible for direct forwarding
over the open INET where it may be located behind one or
more NATs.The value encoded in the least significant 6 bits
(i.e., "FMT-Type") determines the type and length of the
L2ADDR field. The following values are currently defined:
0 - L2ADDR is 4 octets in length and encodes an
IPv4 address.1 - L2ADDR is 16 octets in length and encodes an
IPv6 address.2 - L2ADDR is 6 octets in length and encodes an
EUI-48 address .3 - L2ADDR is 8 octets in length and encodes an
EUI-64 address .LHS Proxy/Server ULA/L2ADDR - encodes the 15 least
significant octets of the Proxy/Server ULA followed by the
L2ADDR field formatted as above (note that the FMT code is
replaced with the value "fd" after processing to form a
proper 16-octet ULA). When SRT and ULA are both set to 0,
the LHS Proxy/Server is considered unspecified in this IPv6
ND message. FMT, SRT and LHS together provide guidance for
the OMNI interface forwarding algorithm. Specifically, if
LHS::/SRT is located in the local OMNI link segment, then
the source can address the target Client either through its
dependent Proxy/Server or through direct encapsulation
following NAT traversal according to FMT. Otherwise, the
target Client is located on a different SRT segment and the
path from the source must employ a combination of route
optimization and spanning tree hop traversals. L2ADDR
identifies the LHS Proxy/Server's INET-facing interface not
located behind NATs, therefore no UDP port number is
included since port number 8060 is used when the L2
encapsulation includes a UDP header. Instead, L2ADDR
includes only an L2 address with type and length determined
by FMT-Type as described above. When L2ADDR includes an IPv4
or IPv6 address, it is recorded in network byte order in
ones-compliment "obfuscated" form as specified in .RFC 6088 Format Traffic Selector (optional) - when present,
includes traffic selectors formatted according to TS Form,
with length determined by the remainder of the sup-option
length following the LHS information. When TS Form encodes
the value 1 or 2, the field is processed per
; when TS Form encodes any other
value the field (if present) is ignored.The Traffic Selector sub-option provides forwarding information
for the multilink conceptual sending algorithm discussed in . The sub-option includes traffic selector
information as an extension to an Interface Attributes sub-option
with the same ifIndex value, or as standalone information when no
Interface Attributes sub-option is present.IPv6 ND messages may include multiple Traffic Selectors for
some or all of the source/target Client's underlay interfaces
(see: for more information).Traffic Selectors must be honored by all implementations in the
format shown below:Sub-Type is set to 7. Multiple instances with the same
ifIndex value may appear in the same IPv6 ND message. When
multiple instances appear, all are processed and the
cumulative information from all is accepted.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option Data contains a "Traffic Selector" encoded as
follows:TS Format is a 1-octet field that encodes a Traffic
Selector version per . If TS Format
encodes the value 1 or 2, the Traffic Selector includes IPv4
or IPv6 information, respectively. If TS Format encodes any
other value, the sub-option is ignored.ifIndex is a 4-octet value corresponding to a specific
underlay interface the same as specified above for Interface
Attributes and AERO Forwarding Parameters above. The OMNI
options of a single message may include multiple Traffic
Selector sub-options; each with the same or different
ifIndex values.The remainder of the sub-option includes a traffic
selector formatted per beginning
with the "Flags (A-N)" field, and with the Traffic Selector
IP protocol version coded in the TS Format field. If a
single interface identified by ifIndex requires Traffic
Selectors for multiple IP protocol versions, or if a Traffic
Selector block would exceed the available space, the
remaining information is coded in additional Traffic
Selector sub-options that all encode the same ifIndex.OMNI nodes include the AERO Forwarding Parameters sub-option in
NS/NA messages used to coordinate with multilink route optimization
targets. If an NS/NA message includes the sub-option in a manner
that solicits a response, the NA response must also include the
sub-option. Each NS/NA message may contain at most one AERO
Forwarding Parameters sub-option; if an NS/NA message contains
additional AERO Forwarding Parameters sub-options, the first
is processed and all others are ignored.When an NS/NA message includes an AERO Forwarding Parameters
sub-option with Job code '00' (see below), the FHS Client Interface
Attributes MUST correspond to the underlay interface used to
transmit the solicitation message. When the NS/NA message also
includes Interface Attributes sub-options and/or Traffic Selectors,
the options must appear following the AERO Forwarding Parameters
sub-option.The AERO Forwarding Parameters sub-option includes the necessary
state for establishing AERO Forwarding Vectors (AFVs) in the AERO
Forwarding Information Bases (AFIBs) of the OAL source, destination
and intermediate nodes in the path. The sub-option also records
addressing information for FHS/LHS nodes on the path, including
"L2ADDRs" which MUST be unicast encapsulation addresses (i.e., and
not anycast/multicast). The manner for populating multilink
forwarding information is specified in detail in .The AERO Forwarding Parameters sub-option is formatted as shown
in :Sub-Type is set to 8. If multiple instances appear in OMNI
options of the same message the first instance is processed
and all others are ignored.Sub-Length encodes the number of Sub-Option Data octets that
follow. The length includes all fields up to and including the
AFVI List for all Job codes, while including the remaining
FHS/LHS fields only for Job codes "0" and "1" (see below).Sub-Option Data contains AERO Forwarding Parameters as
follows:A/B and Job are fields that determine per-hop processing
of the AFVI List, where A is a 3-bit count of the number of
"A" AFVI List entries and B is a 3-bit count of the number
of "B" AFVI List entries (valid A/B values are 0-5). Job is
a 2-bit code interpreted as follows:'00' - "Initialize; Build B" - the FHS source sets
this code in an NS/NA used to initialize AFV state.
The FHS source first sets A/B to 0, and the FHS source
and each intermediate node along the path to the LHS
destination that processes the message creates a new
AFV. Each node that processes the message then assigns a
unique 4-octet "B" AFVI to the AFV and also writes the
value into list entry B, then increments B. When the
message arrives at the LHS destination, B will contain
the number of AFVI List "B" entries, with the FHS source
entry first, followed by entries for each consecutive
intermediate node and ending with an entry for the final
intermediate node (i.e., the list is populated in the
forward direction). An NS/NA message containing a Job
Code '00' AERO Forwarding Parameters sub-option always
solicits a responsive NA message containing Job Code
'01'.'01' - "Follow B; Build A" - the LHS source sets this
code in a solicited NA response to an NS/NA with Job
code "0". The LHS source first copies the AFVI List
and B value from the code '00' solicitation into these
fields and sets A to 0. The LHS source and each
intermediate node along the path to the FHS destination
that processes the message then uses AFVI List entry B
to locate the corresponding AFV. Each node that
processes the message then assigns a unique 4-octet "A"
AFVI to the AFV and also writes the value into list
entry B, then increments A and decrements B. When the
message arrives at the FHS destination, A will contain
the number of AFVI List "A" entries, with the LHS source
entry last, preceded by entries for each consecutive
intermediate node and beginning with an entry for the
final intermediate node (i.e., the list is populated in
the reverse direction).'10' - "Follow A; Record B" - the FHS node that sent
the original code '00' solicitation and received the
corresponding code '01' advertisement sets this code in
any subsequent NS/NA messages sent to the same LHS
destination. The FHS source copies the AFVI List and A
value from the code '01' advertisement into these fields
and sets B to 0. The FHS source and each intermediate
node along the path to the LHS destination that
processes the message then uses the "A" AFVI found at
list entry B to locate the corresponding AFV. Each node
that processes the message then writes the AFV's "B"
AFVI into list entry B, then decrements A and increments
B. When the message arrives at the LHS destination, B
will contain the number of AFVI List "B" entries
populated in the forward direction.'11' - "Follow B; Record A" - the LHS node that
received the original code '00' solicitation and sent
the corresponding code '01' advertisement sets this code
in any subsequent NS/NA messages sent to the same FHS
destination. The LHS source copies the AFVI List and B
values from the code '00' solicitation into these fields
and sets A to 0. The LHS source and each intermediate
node along the path to the FHS destination that
processes the message then uses the "B" AFVI List entry
found at list entry B to locate the corresponding AFV.
Each node that processes the message then writes the
AFV's "A" AFVI into list entry B, then increments A and
decrements B. When the message arrives at the FHS
destination, A will contain the number of AFVI List "A"
entries populated in the reverse direction.Job and A/B together determine the per-hop behavior
at each FHS/LHS source, intermediate node and destination
that processes an IPv6 ND message. When a Job code specifies
"Initialize", each FHS/LHS node that processes the message
creates a new AFV. When a Job code specifies "Build", each
node that processes the message assigns a new AFVI. When a
Job code specifies "Follow", each node that processes the
message uses an A/B AFVI List entry to locate an AFV (if the
AFV cannot be located, the node returns a parameter problem
and drops the message). Using this algorithm, FHS sources
that send code '00' solicitations and receive code '01'
advertisements discover only "A" information, while LHS
sources that receive code '00' solicitations and return code
'01' advertisements discover only "B" information. FHS/LHS
intermediate nodes can instead examine A, B and the AFVI
List to determine the number of previous hops, the number of
remaining hops, and the A/B AFVIs associated with the
previous/remaining hops. However, no intermediate nodes will
discover inappropriate A/B AFVIs for their location in the
multihop forwarding chain. See: for further discussion on
A/B AFVI processing.AERO Forwarding Vector Index (AFVI) List is a 20-octet
block that contains 5 consecutive 4-octet AFVI entries. The
FHS/LHS source and each intermediate node on the path to the
destination processes the list according to the Job and A/B
codes (see above). Note that the reason the AFVI list
contains at most 5 entries is that only the FHS (Client,
Proxy/Server, Gateway) and LHS (Client, Proxy/Server,
Gateway) nodes are eligible for OMNI link route optimization
resulting in at most 5 AFVIs "hops" that must be exposed.
All other OMNI link nodes (i.e., downstream Clients that
connect via an FHS/LHS Client) must forward through their
upstream-dependent OMNI link neighbors without applying OMNI
link route optimization.For Job codes '00' and '01' only, trailing state variable
blocks are included for First-Hop Segment (FHS) followed by
Last-Hop Segment (LHS) network elements. When present, the
FHS/LHS blocks encode the following information:Client ifIndex encodes the 4-octet index for this
Client interface. The source sets the FHS/LHS ifIndex
values according to its own local interface information
and neighbor information discovered from earlier NS/NA
address resolution exchanges.Proxy/Server FMT/ULA/L2ADDR encodes a 1-octet FMT
code immediately followed by the 15 least significant
octets of the Proxy/Server ULA, where FMT/ULA are
interpreted the same as defined for the Interface
Attribute sub-option in but with
the FMT-Forward and FMT-Mode bits ignored. FMT/ULA is
then followed by a 16-octet L2ADDR that identifies an
open INET interface not located behind NATs, therefore
no UDP port number is included since port number 8060 is
used when the L2 encapsulation includes a UDP header.
Unlike the Interface Attribute sub-option, L2ADDR is
always exactly 16 octets in length regardless of the
actual L2 address length 'N' with the L2 address
appearing in the N least-significant octets and the (16
- N) most-significant octets set to '0'. When L2ADDR
includes an IPv4 or IPv6 address, it is recorded in
network byte order in ones-compliment "obfuscated" form
as specified in .Gateway FMT/ULA/L2ADDR encodes a 1-octet FMT code
followed by the 15 least significant ULA octets followed
by a 16-octet L2ADDR exactly as for the Proxy/Server
FMT/ULA/L2ADDR above.Sub-Type is set to 9. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Geo Type is a 1-octet field that encodes a type designator
that determines the format and contents of the Geo Coordinates
field that follows. The following types are currently
defined:0 - NULL, i.e., the Geo Coordinates field is
zero-length.Geo Coordinates is a type-specific format field of length
up to the remaining available space for this OMNI option. New
formats to be specified in future documents and may include
attributes such as latitude/longitude, altitude, heading,
speed, etc.The Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
sub-option may be included in the OMNI options of Client RS messages
and Proxy/Server RA messages.FHS Proxy/Servers that forward RS/RA messages between a Client
and an LHS Proxy/Server also forward DHCPv6 sub-options unchanged.
Note that OMNI DHCPv6 messages do not include a Checksum field since
integrity is protected by the IPv6 ND message checksum, authentication
signature and/or link or physical layer authentication and integrity
checks.
Sub-Type is set to 10. If multiple instances appear in OMNI
options of the same message the first is processed and all others
are ignored.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The 'msg-type' and 'transaction-id'
fields are always present; hence, the length of the DHCPv6
options is limited by the remaining available space for this
OMNI option.'msg-type' and 'transaction-id' are coded according to
Section 8 of .A set of DHCPv6 options coded according to Section 21 of
follows.The Protocol Independent Multicast - Sparse Mode (PIM-SM) Message
sub-option may be included in the OMNI options of IPv6 ND messages.
PIM-SM messages are formatted as specified in Section 4.9 of , with the exception that the Checksum field is
omitted since the IPv6 ND message is already protected by the IPv6
ND message checksum, authentication signature and/or link or
physical layer authentication and integrity checks.The PIM-SM message sub-option format is shown in
:Sub-Type is set to 11. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the PIM-SM message. The length of the
entire PIM-SM message is therefore limited by the remaining
available space for this OMNI option.The PIM-SM message is coded exactly as specified in Section
4.9 of , except that the Checksum field
is omitted, and the Reserved field is set to 0 on transmission and
ignored on reception. The "PIM Ver" field encodes the value
2, and the "Type" field encodes the PIM message type. (See
Section 4.9 of for a list of PIM-SM
message types and formats.)The Host Identity Protocol (HIP) Message sub-option (when
present) provides an authentication service alternative for IPv6 ND
messages exchanged between Clients and FHS Proxy/Servers (or between
Clients and their peers) over an open Internetwork. When the HIP
service is used, FHS Proxy/Servers verify the HIP authentication
signatures in source Client IPv6 ND messages then remove the HIP message
sub-option and securely forward the ND messages to other OMNI nodes.
LHS Proxy/Servers that receive secured IPv6 ND messages from other OMNI
nodes that do not already include a security sub-option can insert HIP
authentication signatures before forwarding them to the target Client.OMNI interfaces that use the HIP service include the HIP message
sub-option when they forward IPv6 ND messages that require security
over INET underlay interfaces, i.e., where authentication and integrity
is not already assured by link/physical layers or other OMNI layer
services. The OMNI interface calculates the authentication signature
over the entire length of the OAL packet (or super-packet) beginning
after the IPv6 ND message header and extending over the remainder of
the OAL packet or super-packet. OMNI interfaces that process OAL
packets containing secured IPv6 ND messages verify the signature
then either process the rest of the message locally or forward a
proxyed copy to the next hop.When an FHS Client inserts a HIP message sub-option in an IPv6 ND
message destined to a target in a remote spanning tree segment, it
must ensure that the insertion does not cause the message to exceed
the OMNI interface MTU. If the LHS Proxy/Server cannot create
sufficient space through any means without causing the OMNI option
to exceed 2040 octets or causing the IPv6 ND message to exceed the
OMNI interface MTU, it returns a suitable error (see: ) and drops the message.The HIP message sub-option is formatted as shown below:Sub-Type is set to 12. If multiple instances appear in OMNI
options of the same message the first is processed and all
others are ignored.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the HIP parameters. The length of the
entire HIP message is therefore limited by the remaining
available space for this OMNI option.The HIP message is coded per Section 5 of , except that the OMNI "Sub-Type" and
"Sub-Length" fields replace the first 2 octets of the HIP
message header (i.e., the Next Header and Header Length fields).
Also, since the IPv6 ND message is already protected by its own
checksum, the 2-octet HIP message Checksum field is omitted.Note: In some environments, maintenance of a Host Identity
Tag (HIT) namespace may be unnecessary for securely associating an
OMNI node with an IPv6 address-based identity. In that case, IPv6
ULAs can be used instead of HITs in the authentication signature as
long as the address can be uniquely associated with the
Sender/Receiver.Sub-Type is set to 13. If multiple instances appear in OMNI
options of the same IPv6 ND message, the first is processed and
all others are ignored.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.The QUIC-TLS message encodes the QUIC and
TLS message parameters necessary to support QUIC connection
establishment.IPv6 ND messages serve as couriers to transport the QUIC
and TLS parameters necessary to establish a secured QUIC connection.Fragmentation Report (FRAGREP) sub-options may be included in the
OMNI options of uNA messages sent from an OAL destination to an OAL
source. The message consists of (N / 20)-many (Identification,
Bitmap)-tuples which include the Identification values of OAL
fragments received plus a Bitmap marking the ordinal positions of
individual fragments received and fragments missing.Sub-Type is set to 14. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the sub-option. If N is not an integral
multiple of 20 octets, the sub-option is ignored. The length of
the entire sub-option should not cause the entire IPv6 ND
message to exceed the minimum IPv6 MTU.Identification (i) includes the 32-bit IPv6 Identification
value found in the Fragment Header of a received OAL fragment.
(Only those Identification values included represent fragments
for which loss was experienced; any Identification values not
included correspond to fragments that were either received
in their entirety or may still be in transit.)Bitmap (i) includes a 128-bit ordinal checklist of up to 128
fragments, with each bit set to 1 for a fragment received or 0
for a fragment missing. For example, for a 20-fragment OAL
packet with ordinal fragments #3, #10, #13 and #17 missing and
all other fragments received, Bitmap (i) encodes the
following:(Note that loss of an OAL atomic fragment is
indicated by a Bitmap(i) with all bits set to 0.)Sub-Type is set to 15. If multiple instances appear in OMNI
options of the same IPv6 ND message all are processed.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option Data includes a 1-octet Type followed by a
1-octet Code followed by an (N-2)-octet ICMPv6 Error Message
body encoded exactly as per Section 2.1 of ,
i.e., with the IPv6 header omitted. OMNI interfaces include as
much of the "packet in error" in the ICMPv6 error message body
as possible without causing the IPv6 ND message that includes
the OMNI option to exceed the IPv6 minimum MTU. While all ICMPv6
error message types are supported, OAL destinations in particular
often include ICMPv6 PTB messages in uNA messages to provide MTU
feedback information via the OAL source (see: ).
Note: ICMPv6 informational messages must not be included and must
be ignored if received.OMNI Clients include a Proxy/Server Departure sub-option in RS
messages when they associate with a new FHS and/or Hub Proxy/Server
and need to send a departure indication to an old FHS and/or Hub
Proxy/Server. The Proxy/Server Departure sub-option is formatted as
shown below:Sub-Type is set to 16. If multiple instances appear in
OMNI options of the same message, the first is processed
and all others are ignored.Sub-Length is set to 32.Sub-Option Data contains the 16-octet ULA for the "Old FHS
Proxy/Server" followed by a 16-octet ULA for an "Old Hub
Proxy/Server. (If the Old FHS/Hub is a different node, the
corresponding ULA includes the address of the (foreign)
Proxy/Server. If the Old FHS/Hub is the local node, the
corresponding ULA includes the node's own address. If the
FHS/Hub is unspecified, the corresponding ULA instead includes
the value 0.)Since the Sub-Type field is only 5 bits in length, future
specifications of major protocol functions may exhaust the remaining
Sub-Type values available for assignment. This document therefore
defines Sub-Type 30 as an "extension", meaning that the actual
sub-option type is determined by examining a 1-octet
"Extension-Type" field immediately following the Sub-Length field.
The Sub-Type Extension is formatted as shown in :Sub-Type is set to 30. If multiple instances appear in OMNI
options of the same message all are processed, where each
individual extension defines its own policy for processing
multiple of that type.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The Extension-Type field is always
present, and the maximum Extension-Type Body length is limited
by the remaining available space in this OMNI option.Extension-Type contains a 1-octet Sub-Type Extension value
between 0 and 255.Extension-Type Body contains an (N-1)-octet block with format
defined by the given extension specification.Extension-Type values 0 and 1 are defined in the following
subsections, while Extension-Type values 2 through 252 are available
for assignment by future specifications which must also define the
format of the Extension-Type Body and its processing rules.
Extension-Type values 253 and 254 are reserved for experimentation,
as recommended in , and value 255 is
reserved by IANA.Sub-Type is set to 30.Sub-Length is set to N that encodes the number of
Sub-Option Data octets that follow. The Extension-Type and
Header Type fields are always present, and the Header Option
Value is limited by the remaining available space in this OMNI
option.Extension-Type is set to 0. Each instance encodes exactly
one header option per Section 5.1.1 of , with Ext-Type and Header Type representing
the first 2 octets of the option. If multiple instances of
the same Header Type appear in OMNI options of the same
message the first instance is processed and all others are
ignored.Header Type and Header Option Value are coded exactly as
specified in Section 5.1.1 of ; the
following types are currently defined:0 - Origin Indication (IPv4) - value coded as a UDP
port number followed by a 4-octet IPv4 address both in
"obfuscated" form per Section 5.1.1 of .1 - Authentication Encapsulation - value coded per
Section 5.1.1 of .2 - Origin Indication (IPv6) - value coded as a UDP
port number followed by an IP address both in "obfuscated"
form per Section 5.1.1 of , except
that the IP address is a 16-octet IPv6 address instead of
a 4-octet IPv4 address.Header Type values 3 through 252 are available for
assignment by future specifications, which must also define
the format of the Header Option Value and its processing
rules. Header Type values 253 and 254 are reserved for
experimentation, as recommended in ,
and value 255 is reserved by IANA.Sub-Type is set to 30.Sub-Length is set to N that encodes the number of
Sub-Option Data octets that follow. The Extension-Type and
Trailer Type fields are always present, and the maximum-length
Trailer Option Value is limited by the remaining available
space in this OMNI option.Extension-Type is set to 1. Each instance encodes exactly
one trailer option per Section 4 of .
If multiple instances of the same Trailer Type appear in OMNI
options of the same message the first instance is processed
and all others ignored.Trailer Type and Trailer Option Value are coded exactly as
specified in Section 4 of ; the
following Trailer Types are currently defined:0 - Unassigned1 - Nonce Trailer - value coded per Section 4.2 of
.2 - Unassigned3 - Alternate Address Trailer (IPv4) - value coded per
Section 4.3 of .4 - Neighbor Discovery Option Trailer - value coded per
Section 4.4 of .5 - Random Port Trailer - value coded per Section 4.5
of .6 - Alternate Address Trailer (IPv6) - value coded per
Section 4.3 of , except that each
address is a 16-octet IPv6 address instead of a 4-octet
IPv4 address.Trailer Type values 7 through 252 are available for
assignment by future specifications, which must also define
the format of the Trailer Option Value and its processing
rules. Trailer Type values 253 and 254 are reserved for
experimentation, as recommended in ,
and value 255 is reserved by IANA.The multicast address mapping of the native underlay interface
applies. The Client mobile router also serves as an IGMP/MLD Proxy for
its ENETs and/or hosted applications per .The Client uses Multicast Listener Discovery (MLDv2) to coordinate with Proxy/Servers, and underlay
network elements use MLD snooping . The Client
can also employ multicast routing protocols to coordinate with
network-based multicast sources as specified in .Since the OMNI link model is NBMA, OMNI links support link-scoped
multicast through iterative unicast transmissions to individual
multicast group members (i.e., unicast/multicast emulation).The Client's network layer selects the outbound OMNI interface according
to SBM considerations when forwarding original IP packets/parcels from
local or ENET applications to external correspondents. Each OMNI
interface maintains an internal OAL neighbor cache maintained the same
as discussed in , but also includes additional
state for multilink coordination. Each Client OMNI interface maintains
default routes via Proxy/Servers discovered as discussed in , and may configure more-specific routes discovered
through means outside the scope of this specification.For each original IP packet/parcel it forwards, the OMNI interface
selects one or more source underlay interfaces based on PBM factors
(e.g., traffic attributes, cost, performance, message size, etc.) and
one or more target underlay interfaces for the neighbor based on
Interface Attributes received in IPv6 ND messages (see: ). Multilink forwarding may also direct carrier packet
replication across multiple underlay interface pairs for increased
reliability at the expense of duplication. The set of all Interface
Attributes and Traffic Selectors received in IPv6 ND messages determines
the multilink forwarding profile for selecting target underlay
interfaces.When the OMNI interface forwards an original IP packet/parcel over a
selected source underlay interface, it first employs OAL encapsulation
and fragmentation as discussed in , then performs
L2 encapsulation as directed by the appropriate AFV. The OMNI interface
also performs L2 encapsulation (following OAL encapsulation) when the
nearest Proxy/Server is located multiple hops away as discussed in .OMNI interface multilink service designers MUST observe the BCP
guidance in Section 15 in terms of implications
for reordering when original IP packets/parcels from the same flow may
be spread across multiple underlay interfaces having diverse
properties.Clients may connect to multiple independent OMNI links within the
same or different OMNI domains to support SBM. The Client configures a
separate OMNI interface for each link so that multiple interfaces
(e.g., omni0, omni1, omni2, etc.) are exposed to the network layer. Each
OMNI interface configures one or more OMNI anycast addresses (see:
), and the Client injects the corresponding
anycast prefixes into the ENET routing system. Multiple distinct OMNI
links can therefore be used to support fault tolerance, load
balancing, reliability, etc.Applications in ENETs can use Segment Routing to select the desired
OMNI interface based on SBM considerations. The application writes an
OMNI anycast address into the original IP packet/parcel's destination
address, and writes the actual destination (along with any additional
intermediate hops) into the Segment Routing Header. Standard IP
routing directs the packet/parcel to the Client's mobile router
entity, where the anycast address identifies the correct OMNI
interface for next hop forwarding. When the Client receives the
packet/parcel, it replaces the IP destination address with the next
hop found in the Segment Routing Header and forwards the message via
the OMNI interface identified by the anycast address.Note: The Client need not configure its OMNI interface indexes in
one-to-one correspondence with the global OMNI Link-IDs configured for
OMNI domain administration since the Client's indexes (i.e., omni0,
omni1, omni2, etc.) are used only for its own local interface
management.After a Proxy/Server has registered an MNP for a Client (see: ), the Proxy/Server will forward all original IP
packets/parcels (or carrier packets) destined to an address within the
MNP to the Client. The Client will under normal circumstances then
forward the resulting original IP packet/parcel to the correct
destination within its connected (downstream) ENETs.If at some later time the Client loses state (e.g., after a
reboot), it may begin returning original IP packets/parcels (or
carrier packets) with destinations corresponding to its MNP to the
Proxy/Server as its default router. The Proxy/Server therefore drops
any original IP packets/parcels received from the Client with a
destination address that corresponds to the Client's MNP (i.e.,
whether ULA or GUA), and drops any carrier packets with both source
and destination address corresponding to the same Client's MNP
regardless of their origin.Clients engage the MS by sending RS messages with OMNI options under
the assumption that one or more Proxy/Server will process the message
and respond. The RS message is received by a FHS Proxy/Server, which may
in turn forward a proxyed copy of the RS to a Hub Proxy/Server located
on the same or different SRT segment. The Hub Proxy/Server then returns
an RA message either directly to the Client or via an FHS Proxy/Server
acting as a proxy.To support Client to service coordination, OMNI defines three
flag bits in the OMNI Neighbor Coordination sub-option discussed in
. Clients set or clear the NUD, ARR
and/or RPT flags in RS messages as directives to the Mobility
Service FHS and Hub Proxy/Servers. Proxy/Servers interpret the
flags as follows:When an FHS Proxy/Server forwards or processes an RS with the NUD
flag set, it responds directly to NS Neighbor Unreachability
Detection (NUD) messages by returning NA(NUD) replies; otherwise, it
forwards NS(NUD) messages to the Client.When the Hub Proxy/Server receives an RS with the ARR flag set,
it responds directly to NS Address Resolution (AR) messages by
returning NA(AR) replies; otherwise, it forwards NS(AR) messages to
the Client.When the Hub Proxy/Server receives an RS with the RPT flag set, it
maintains a Report List of recent NS(AR) message sources for the
source or target Client and sends uNA messages to all list members
if any aspects of the Client's underlay interfaces change.Mobility Service Proxy/Servers function according to the NUD,
ARR and RPT flag settings received in the most recent RS message to
support dynamic Client updates.Clients and FHS Proxy/Servers include an authentication signature in
their RS/RA exchanges when necessary but always include a valid IPv6 ND
message checksum. FHS and Hub Proxy/Server RS/RA message exchanges over
the SRT secured spanning tree instead always include the checksum and
omit the authentication signature. Clients and Proxy/Servers use the
information included in RS/RA messages to establish NCE state and OMNI
link autoconfiguration information as discussed in this section.For each underlay interface, the Client sends RS messages with OMNI
options to coordinate with a (potentially) different FHS Proxy/Server
for each interface but with a single Hub Proxy/Server. All Proxy/Servers
are identified by their ULA-RNDs and accept carrier packets addressed to
their anycast/unicast L2ADDRs; the Hub Proxy/Server may be chosen among
any of the Client's FHS Proxy/Servers or may be any other Proxy/Server
for the OMNI link. Example ULA/L2ADDR discovery methods are given in
and include data link login parameters, name
service lookups, static configuration, a static "hosts" file, etc. In
the absence of other information, the Client can resolve the DNS
Fully-Qualified Domain Name (FQDN) "linkupnetworks.[domainname]" where
"linkupnetworks" is a constant text string and "[domainname]" is a DNS
suffix for the OMNI link (e.g., "example.com"). The name resolution will
retain a set of DNS resource records with the addresses of Proxy/Servers
for the domain.Each FHS Proxy/Server configures a ULA-RND based on a /64 ULA prefix
for the link/segment with randomly-generated Global ID to assure global
uniqueness then administratively assigned to FHS Proxy/Servers for the
link to assure global consistency. The Client can then configure
ULA-MNPs derived from the 64-bit ULA prefix assigned to a FHS
Proxy/Server for each underlay interface. The FHS Proxy/Servers
discovered over multiple of the Client's underlay interfaces may
configure the same or different ULA prefixes, and the Client's ULA-MNP
for each underlay interface will fall within the ULA (multilink) subnet
relative to each FHS Proxy/Server.Clients configure OMNI interfaces that observe the properties
discussed in previous sections. The OMNI interface and its underlay
interfaces are said to be in either the "UP" or "DOWN" state according
to administrative actions in conjunction with the interface connectivity
status. An OMNI interface transitions to UP or DOWN through
administrative action and/or through state transitions of the underlay
interfaces. When a first underlay interface transitions to UP, the OMNI
interface also transitions to UP. When all underlay interfaces
transition to DOWN, the OMNI interface also transitions to DOWN.When a Client OMNI interface transitions to UP, it sends RS messages
to register its MNP and an initial set of underlay interfaces that are
also UP. The Client sends additional RS messages to refresh lifetimes
and to register/deregister underlay interfaces as they transition to UP
or DOWN. The Client's OMNI interface sends initial RS messages over an
UP underlay interface with its XLA-MNP as the source (or with a HHIT
or TLA-RND
as the source if it does not yet have an MNP) and with destination set
to link-scoped All-Routers multicast or the ULA of a specific (Hub)
Proxy/Server. The Client sets the RS NUD, ARR and RPT flags, then
includes an OMNI option per with an OMNI
Window Coordination sub-option, a Neighbor Control or DHCPv6 Solicit
sub-option if necessary, an Interface Attributes sub-option for the
underlay interface, and with any other necessary
OMNI sub-options such as authentication, Proxy/Server Departure, etc.
The OMNI interface finally sets or clears the Interface Attributes
FMT-Forward and FMT-Mode bits according to the behavior it would like to
receive from the FHS Proxy/Server as described in .The Client then calculates the authentication signature checksum
and prepares to forward the RS over the underlay interface using OAL
encapsulation and fragmentation if necessary. The OMNI interface selects
an Identification value (see:
), sets the OAL source address to the ULA-MNP
corresponding to the RS source if known (otherwise to an HHIT/TLA), sets
the OAL destination to an OMNI IPv6 anycast address or a known
Proxy/Server ULA, optionally includes a Nonce and/or Timestamp, then
performs fragmentation if necessary. When L2 encapsulation is used, the
Client includes the discovered FHS Proxy/Server L2ADDR or an anycast
address as the L2 destination then forwards the resulting carrier
packet(s) into the underlay network. Note that the Client does not yet
create a NCE, but instead caches the Identification, Nonce and/or
Timestamp values included in its RS message transmissions to match
against any received RA messages.When an FHS Proxy/Server receives the carrier packets containing an
RS it sets aside the L2 headers, verifies the Identifications and
reassembles if necessary, sets aside the OAL header, then verifies the
RS authentication signature/checksum. The FHS Proxy/Server then
creates/updates a NCE indexed by the Client's RS source address and
caches the OMNI Interface Attributes and any Traffic Selector
sub-options while also caching the L2 (UDP/IP) and OAL source and
destination address information. The FHS Proxy/Server next caches the
RS NUD flag and Window Synchronization parameters
(see: ) then examines the RS
destination address. If the destination matches its own ULA, the FHS
Proxy/Server assumes the Hub role and acts as the sole entry point for
injecting the Client's XLA-MNP into the OMNI link routing system (i.e.,
after performing any necessary prefix delegation operations) while
setting the prefix to fd00::/64 and suffix to the 64-bit MNP, then
including a prefix length set to the MNP prefix length plus 64. (For
example, if the MNP prefix length is 48, the prefix length field encodes
the value 112.) The FHS/Hub Proxy/Server then caches the RS ARR and RPT
flags to determine its role in processing NS(AR) messages and generating
uNA messages (see: ).The FHS/Hub Proxy/Server then prepares to return an RA message
directly to the Client by first populating the Cur Hop Limit, Flags,
Router Lifetime, Reachable Time and Retrans Timer fields with values
appropriate for the OMNI link. The FHS/Hub Proxy/Server next includes as
the first RA message option an OMNI option with a Window Synchronization
sub-option, an authentication
sub-option if necessary and a (proxyed) copy of the Client's original
Interface Attributes sub-option with its INET-facing interface
information written in the FMT, SRT and LHS Proxy/Server ULA/L2ADDR
fields. The Proxy/Server also sets or clears the FMT-Forward and
FMT-Mode flags if necessary to convey its capabilities to the Client,
noting that it should honor the Client's stated preferences for those
parameters if possible or override otherwise. The FMT-Forward/Mode flags
thereafter remain fixed unless and until a new RS/RA exchange produces
different values (see: for further discussion). If
the FHS/Hub Proxy/Server's Client-facing interface is different than its
INET-facing interface, the Proxy/Server next includes a second Interface
Attributes sub-option with ifIndex set to '0' and with a unicast L2
address for its Client-facing interface in the L2ADDR field.The FHS/Hub Proxy/Server next includes an Origin Indication
sub-option that includes the RS L2 source L2ADDR information (see: ), then includes any other necessary OMNI sub-options
(either within the same OMNI option or in additional OMNI options).
Following the OMNI option(s), the FHS/Hub Proxy/Server next includes any
other necessary RA options such as PIOs with (A; L=0) that include the
OMNI link MSPs , RIOs
with more-specific routes, Nonce and Timestamp options, etc. The FHS/Hub
Proxy/Server then sets the RA source address to its own ULA and
destination address to the Client's ULA-MNP (i.e., relative to the ULA
/64 prefix for its Client-facing underlay interface) while also
recording the corresponding XLA-MNP as an (alternate) index to the
Client NCE, then calculates the authentication signature/checksum. The
FHS/Hub Proxy/Server finally performs OAL encapsulation with source set
to its own ULA and destination set to the OAL source that appeared in
the RS, then calculates the OAL checksum, selects an appropriate
Identification, fragments if necessary, encapsulates each fragment in
appropriate L2 headers with source and destination address information
reversed from the RS L2 information and returns the resulting carrier
packets to the Client over the same underlay interface the RS arrived
on.When an FHS Proxy/Server receives an RS with a valid authentication
signature/checksum and with destination set to link-scoped All-Routers
multicast, it can either assume the Hub role itself the same as above or
act as a proxy and select the ULA of another Proxy/Server to serve as
the Hub. When an FHS Proxy/Server assumes the proxy role or receives an
RS with destination set to the ULA of another Proxy/Server, it forwards
the message while acting as a proxy. The FHS Proxy/Server
creates/updates a NCE for the Client (i.e., based on the RS source
address) and caches the OAL source, Window Synchronization, NUD flag,
Interface Attributes addressing information as above then writes its own
INET-facing FMT, SRT and LHS Proxy/Server ULA/L2ADDR information into
the appropriate Interface Attributes sub-option fields (while also
setting/clearing FMT-Forward and FMT-Type as above). The FHS
Proxy/Server then calculates and includes the checksum, performs OAL
encapsulation with source set to its own ULA and destination set to the
ULA of the Hub Proxy/Server, calculates the OAL checksum, selects an
appropriate Identification, fragments if necessary, encapsulates each
fragment in appropriate L2 headers and sends the resulting carrier
packets into the SRT secured spanning tree.When the Hub Proxy/Server receives the carrier packets, it discards
the L2 headers, reassembles if necessary to obtain the proxyed RS,
verifies checksums, then performs DHCPv6 Prefix Delegation (PD) to
obtain the Client's MNP if the RS source is not already MNP-based. The
Hub Proxy/Server then creates/updates a NCE for the Client's XLA-MNP
and caches any state (including the ARR and RPT flags, OAL addresses,
Interface Attributes information and Traffic Selectors), then finally performs
routing protocol injection. The Hub Proxy/Server then returns an RA that
echoes the Client's (proxyed) Interface Attributes sub-option and with
any RA parameters the same as specified for the FHS/Hub Proxy/Server
case above. The Hub Proxy/Server then sets the RA source address to its
own ULA and destination address to the RS source address; if the RS
source address is an HHIT/TLA, the Hub Proxy/Server also includes the
MNP in a DHCPv6 PD Reply OMNI sub-option. The Hub Proxy/Server next
calculates the checksum, then encapsulates the RA as an OAL packet with
source set to its own ULA and destination set to the ULA of the FHS
Proxy/Server that forwarded the RS. The Hub Proxy/Server finally
calculates the OAL checksum, selects an appropriate Identification,
fragments if necessary, encapsulates each fragment in appropriate L2
headers and sends the resulting carrier packets into the secured
spanning tree.When the FHS Proxy/Server receives the carrier packets it discards
the L2 headers, reassembles if necessary to obtain the RA message,
verifies checksums then updates the OMNI interface NCE for the Client
and creates/updates a NCE for the Hub. The FHS Proxy/Server then sets
the P flag in the RA flags field and proxys the
RA by changing the OAL source to its own ULA, changing the OAL
destination to the OAL address found in the Client's NCE, and changing
the RA destination address to the ULA-MNP of the Client relative to its
own /64 ULA prefix while also recording the corresponding XLA-MNP as an
alternate index into the Client NCE. (If the RA destination address was
an HHIT/TLA, the FHS Proxy Server determines the MNP by consulting the
DHCPv6 PD Reply message sub-option.) The FHS Proxy/Server next includes
Window Synchronization parameters responsive to those in the Client's
RS, an Interface Attributes sub-option with ifIndex '0' and with its
Client-facing interface unicast L2 address if necessary (see above), an
Origin Indication sub-option with the Client's cached L2ADDR and an
authentication sub-option if necessary. The FHS Proxy/Server finally
selects an Identification value per , calculates
the authentication signature/checksum, fragments if necessary,
encapsulates each fragment in L2 headers with addresses taken from the
Client's NCE and sends the resulting carrier packets via the same
underlay interface over which the RS was received.When the Client receives the carrier packets, it discards the L2
headers, reassembles if necessary and removes the OAL header to obtain
the RA message. The Client next verifies the authentication
signature/checksum, then matches the RA message with its previously-sent
RS by comparing the RS Sequence Number with the RA Acknowledgement
Number and also comparing the Nonce and/or Timestamp values if present.
If the values match, the Client then creates/updates OMNI interface NCEs
for both the Hub and FHS Proxy/Server and caches the information in the
RA message. In particular, the Client caches the RA source address as
the Hub Proxy/Server ULA and uses the OAL source address to configure
both an underlay interface-specific ULA for the Hub Proxy/Server and the
ULA of this FHS Proxy/Server. The Client then uses the ULA-MNP in the RA
destination address to configure its address within the ULA (multilink)
subnet prefix of the FHS Proxy/Server. If the Client has multiple
underlay interfaces, it creates additional FHS Proxy/Server NCEs and
ULA-MNPs as necessary when it receives RAs over those interfaces (noting
that multiple of the Client's underlay interfaces may be serviced by the
same or different FHS Proxy/Servers). The Client finally adds the Hub
Proxy/Server ULA to the default router list if necessary.For each underlay interface, the Client next caches the (filled-out)
Interface Attributes for its own ifIndex and Origin Indication
information that it received in an RA message over that interface so
that it can include them in future NS/NA messages to provide neighbors
with accurate FMT/SRT/LHS information. (If the message includes an
Interface Attributes sub-option with ifIndex '0', the Client also caches
the L2ADDR as the underlay network-local unicast address of the FHS
Proxy//Server via that underlay interface.) The Client then compares the
Origin Indication L2ADDR information with its own underlay interface
addresses to determine whether there may be NATs on the path to the FHS
Proxy/Server; if the L2ADDR information differs, the Client is behind a
NAT and must supply the Origin information in IPv6 ND message exchanges
with prospective neighbors on the same SRT segment. The Client finally
configures default routes and assigns the OMNI Subnet Router Anycast
address corresponding to the MNP (e.g., 2001:db8:1:2::) to the OMNI
interface.Following the initial exchange, the FHS Proxy/Server MAY later send
additional periodic and/or event-driven unsolicited RA messages per
. (The unsolicited RAs may be initiated either
by the FHS Proxy/Server itself or by the Hub via the FHS as a proxy.)
The Client then continuously manages its underlay interfaces according
to their states as follows:When an underlay interface transitions to UP, the Client sends an
RS over the underlay interface with an OMNI option with sub-options
as specified above.When an underlay interface transitions to DOWN, the Client sends
unsolicited NA messages over any UP underlay interface with an OMNI
option containing Interface Attributes sub-options for the DOWN
underlay interface with Link set to '0'. The Client sends isolated
unsolicited NAs when reliability is not thought to be a concern
(e.g., if redundant transmissions are sent on multiple underlay
interfaces), or may instead set the SNR flag in an OMNI Neighbor
Control sub-option to trigger an unsolicited NA reply (see:
).When the Router Lifetime for the Hub Proxy/Server nears
expiration, the Client sends an RS over any underlay interface to
receive a fresh RA from the Hub. If no RA messages are received over
a first underlay interface (i.e., after retrying), the Client marks
the underlay interface as DOWN and should attempt to contact the Hub
Proxy/Server via a different underlay interface. If the Hub
Proxy/Server is unresponsive over additional underlay interfaces,
the Client sends an RS message with destination set to the ULA of
another Proxy/Server which will then assume the Hub role.When all of a Client's underlay interfaces have transitioned to
DOWN (or if the prefix registration lifetime expires), the Hub
Proxy/Server withdraws the MNP the same as if it had received a
message with a release indication.The Client is responsible for retrying each RS exchange up to
MAX_RTR_SOLICITATIONS times separated by RTR_SOLICITATION_INTERVAL
seconds until an RA is received. If no RA is received over an UP
underlay interface (i.e., even after attempting to contact alternate
Proxy/Servers), the Client declares this underlay interface as DOWN.
When changing to a new FHS or Hub Proxy/Server, the Client also includes
a Proxy/Server Departure OMNI sub-option in new RS messages; the (new)
FHS Proxy/Server will in turn send uNA messages to the old FHS and/or
Hub Proxy/Server to announce the Client's departure as discussed in
.The network layer sees the OMNI interface as an ordinary IPv6 interface.
Therefore, when the network layer sends an RS message the OMNI interface
returns an internally-generated RA message as though the message
originated from an IPv6 router. The internally-generated RA message
contains configuration information consistent with the information
received from the RAs generated by the Hub Proxy/Server. Whether the
OMNI interface IPv6 ND messaging process is initiated from the receipt
of an RS message from the network layer or independently of the network layer
is an implementation matter. Some implementations may elect to defer the
OMNI interface internal RS/RA messaging process until an RS is received
from the network layer, while others may elect to initiate the process
proactively. Still other deployments may elect to administratively
disable network layer RS/RA messaging over the OMNI interface, since the
messages are not required to drive the OMNI interface internal RS/RA
process. (Note that this same logic applies to IPv4 implementations that
employ "ICMP Router Discovery" .)Note: The Router Lifetime value in RA messages indicates the time
before which the Client must send another RS message over this underlay
interface (e.g., 600 seconds), however that timescale may be
significantly longer than the lifetime the MS has committed to retain
the prefix registration (e.g., REACHABLETIME seconds). Proxy/Servers are
therefore responsible for keeping MS state alive on a shorter timescale
than the Client may be required to do on its own behalf.Note: On certain multicast-capable underlay interfaces, Clients
should send periodic unsolicited multicast NA messages and Proxy/Servers
should send periodic unsolicited multicast RA messages as "beacons" that
can be heard by other nodes on the link. If a node fails to receive a
beacon after a timeout value specific to the link, it can initiate
Neighbor Unreachability Detection (NUD) exchanges to test
reachability.Note: If a single FHS Proxy/Server services multiple of a Client's
underlay interfaces, Window Synchronization will initially be repeated
for the RS/RA exchange over each underlay interface, i.e., until the
Client discovers the many-to-one relationship. This will naturally
result in a single window synchronization that applies over the Client's
multiple underlay interfaces for the same FHS Proxy/Server.Note: Although the Client's FHS Proxy/Server is a first-hop segment
node from its own perspective, the Client stores the Proxy/Server's
FMT/SRT/ULA/L2ADDR as last-hop segment (LHS) information to supply to
neighbors. This allows both the Client and Hub Proxy/Server to supply
the information to neighbors that will perceive it as LHS information on
the return path to the Client.Note: The Hub Proxy/Server injects Client XLA-MNP into the OMNI link
routing system by simply creating a route-to-interface forwarding table
entry for fd00::{MNP}/N via the OMNI interface. The dynamic routing
protocol will notice the new entry and propagate the route to its peers.
If the Hub receives additional RS messages, it need not re-create the
forwarding table entry (nor disturb the dynamic routing protocol) if an
entry is already present. If the Hub ceases to receive RS messages from
any of the Client's interfaces, it removes the Client XLA-MNP from the
forwarding table (i.e., after a short delay) resulting in its removal
also from the routing system.Note: If the Client's initial RS message includes an anycast L2
destination address, the FHS Proxy/Server returns the solicited RA using
the same anycast address as the L2 source while including an Interface
Attributes sub-option with ifIndex '0' and its true unicast address in
the L2ADDR. When the Client sends additional RS messages, it includes
this FHS Proxy/Server unicast address as the L2 destination and the FHS
Proxy/Server returns the solicited RA using the same unicast address as
the L2 source. This will ensure that RS/RA exchanges are not impeded by
any NATs on the path while avoiding long-term exposure of messages that
use an anycast address as the source.Note: The Origin Indication sub-option is included only by the FHS
Proxy/Server and not by the Hub (unless the Hub is also serving as an
FHS).Note: Clients should set the NUD, ARR and RPT flags consistently in
successive RS messages and only change those settings when an FHS/Hub
Proxy/Server service profile update is necessary.Note: Although the Client adds the Hub Proxy/Server ULA to the
default router list, it also caches the ULAs of the FHS Proxy/Servers on
the path to the Hub over each underlying interface. When the Client
needs to send an original IP packet/parcel to a default router, it
engages OAL encapsulation/fragmentation while using a destination ULA
corresponding to the selected interface which directs the packet to an
FHS Proxy/Server for that interface. The FHS Proxy/Server then performs
L2 encapsulation and sends the resulting carrier packets without
disturbing the Hub.In environments where Identification window synchronization is
necessary, the RS/RA exchanges discussed above observe the principles
specified in . Window synchronization is
conducted between the Client and each FHS Proxy/Server used to contact
the Hub Proxy/Server, i.e., and not between the Client and the Hub.
This is due to the fact that the Hub Proxy/Server is responsible only
for forwarding control and data messages via the secured spanning tree
to FHS Proxy/Servers, and is not responsible for forwarding messages
directly to the Client under a synchronized window. Also, in the
reverse direction the FHS Proxy/Servers handle all default forwarding
actions without forwarding Client-initiated data to the Hub.When a Client needs to perform window synchronization via a new FHS
Proxy/Server, it sets the RS source address to its own {TLA,XLA}-MNP
(or an HHIT/TLA) and destination address to the ULA of the Hub
Proxy/Server (or to All-Routers multicast in an initial RS), then sets
the SYN flag and includes an initial Sequence Number for Window
Synchronization. The Client then performs OAL encapsulation using its
own ULA-MNP (or the HHIT/TLA) as the source and the ULA of the FHS
Proxy/Server as the destination and includes an Interface Attributes
sub-option then performs L2 encapsulation and sends the resulting
carrier packets to the FHS Proxy/Server. The FHS Proxy/Server then
extracts the RS message and caches the Window Synchronization
parameters then re-encapsulates with its own ULA as the source and the
ULA of the Hub Proxy/Server as the target.The FHS Proxy/Server then performs L2 encapsulation and sends the
resulting carrier packets via the secured spanning tree to the Hub
Proxy/Server, which updates the Client's Interface Attributes and
returns a unicast RA message with source set to its own ULA and
destination set to the RS source address and with the Client's
Interface Attributes echoed. The Hub Proxy/Server then performs OAL
encapsulation using its own ULA as the source and the ULA of the FHS
Proxy/Server as the destination, then performs L2 encapsulation and
sends the carrier packets via the secured spanning tree to the FHS
Proxy/Server. The FHS Proxy/Server then proxys the message as
discussed in the previous section and includes responsive Window
Synchronization information. The FHS Proxy/Server then forwards the
message to the Client which updates its window synchronization
information for the FHS Proxy/Server as necessary.Following the initial RS/RA-driven window synchronization, the
Client can re-assert new windows with specific FHS Proxy/Servers by
performing NS/NA exchanges between its own XLA-MNPs and the ULAs of
the FHS Proxy/Servers without having to disturb the Hub.On some *NETs, a Client may be located multiple intermediate OMNI node
hops away from the nearest OMNI link Proxy/Server. Clients in multihop
networks perform route discovery through the application of a routing
protocol (e.g., a MANET/VANET routing protocol over omnidirectional wireless
interfaces, an inter-domain routing protocol in an enterprise network,
etc.) then apply corresponding forwarding entries to the OMNI interface.
Example routing protocols optimized for MANET/VANET operations
include OSPFv3 with MANET Designated Router
(OSPF-MDR) extensions , OLSRv2 , AODVv2
and others. Clients employ the routing protocol according to the link
model found in and subnet model articulated
in . For unique identification, Clients use
an HHIT/TLA as a Router ID or set an administrative value that is
managed for uniqueness within the MANET/VANET.A Client located potentially multiple *NET hops away from the
nearest Proxy/Server prepares an RS message, sets the source address
to its XLA-MNP (or to its HHIT/TLA if it does not yet have an MNP),
and sets the destination to link-scoped All-Routers multicast or the
unicast ULA of a Proxy/Server the same as discussed above. The OMNI
interface then employs OAL encapsulation, sets the OAL source address
to its HHIT/TLA and sets the OAL destination to an OMNI IPv6 anycast
address based on either a native IPv6 or IPv4-Compatible IPv6 prefix
(see: ).For IPv6-enabled *NETs where the underlay interface observes the
MANET properties discussed above, the Client injects the HHIT/TLA
into the IPv6 multihop routing system and forwards the message without
further encapsulation. Otherwise, the Client encapsulates the message
in UDP/IPv6 L2 headers, sets the source to the underlay interface IPv6
address and sets the destination to the same OMNI IPv6 anycast address.
The Client then forwards the message into the IPv6 multihop routing
system which conveys it to the nearest Proxy/Server that advertises
a matching OMNI IPv6 anycast prefix. If the nearest Proxy/Server is
too busy, it should forward (without Proxying) the OAL-encapsulated
RS to another nearby Proxy/Server connected to the same IPv6 (multihop)
network that also advertises the matching OMNI IPv6 anycast prefix.For IPv4-only *NETs, the Client encapsulates the RS message in
UDP/IPv4 L2 headers, sets the source to the underlay interface IPv4
address and sets the destination to the OMNI IPv4 anycast address. The
Client then forwards the message into the IPv4 multihop routing system
which conveys it to the nearest Proxy/Server that advertises the
corresponding IPv4 prefix. If the nearest Proxy/Server is too busy
and/or does not configure the specified OMNI IPv6 anycast address, it
should forward (without Proxying) the OAL-encapsulated RS to another
nearby Proxy/Server connected to the same IPv4 (multihop) network that
configures the OMNI IPv6 anycast address. (In environments where
reciprocal RS forwarding cannot be supported, the first Proxy/Server
should instead return an RA based on its own MSP(s).)When an intermediate *NET node that participates in the routing
protocol receives the encapsulated RS, it forwards the message
according to its routing tables (note that an intermediate node could
be a fixed infrastructure element such as a roadside unit or another
MANET/VANET Client). This process repeats iteratively until the RS
message is received by a penultimate *NET hop within single-hop
communications range of a Proxy/Server, which forwards the message to
the Proxy/Server.When a Proxy/Server that configures the OMNI IPv6 anycast OAL
destination receives the message, it decapsulates the RS and assumes
either the Hub or FHS role (in which case, it forwards the RS to a
candidate Hub). The Hub Proxy/Server then prepares an RA message with
source address set to its own ULA and destination address set to the
RS source address if it is acting only as the Hub (or to the Client
ULA-MNP within its ULA subnet prefix if it is also acting as the FHS
Proxy/Server). The Hub Proxy/Server then performs OAL encapsulation
with the RA OAL source/destination set to the RS OAL
destination/source and forwards the RA either to the FHS Proxy/Server
or directly to the Client.When the Hub or FHS Proxy/Server forwards the RA to the Client, it
encapsulates the message in L2 encapsulation headers (if necessary)
with (src, dst) set to the (dst, src) of the RS L2 encapsulation
headers. The Proxy/Server then forwards the message to a *NET node
within communications range, which forwards the message according to
its routing tables to an intermediate node. The multihop forwarding
process within the *NET continues repetitively until the message is
delivered to the original Client, which decapsulates the message and
performs autoconfiguration the same as if it had received the RA
directly from a Proxy/Server on the same physical link. The Client
then injects the ULA-MNP into the IPv6 multihop routing system to
advertise a unique address within the FHS Proxy/Server's "Multilink
Subnet".Note: When the RS message includes anycast OAL and/or L2
encapsulation destinations, the FHS Proxy/Server must use the same
anycast addresses as the OAL and/or L2 encapsulation sources to
support forwarding of the RA message plus any initial data messages.
The FHS Proxy/Server then sends the resulting carrier packets over any
NATs on the path. When the Client receives the RA, it will discover
its unicast ULA-MNP and/or L2 encapsulation addresses and can send
future carrier packets using the unicast (instead of anycast)
addresses to populate NAT state in the forward path. (If the Client
does not have immediate data to send to the FHS Proxy/Server, it can
instead send an OAL "bubble" - see .) After the
Client begins using unicast OAL/L2 encapsulation addresses in this
way, the FHS Proxy/Server should also begin using the same unicast
addresses in the reverse direction.Note: When an OMNI interface configures a HHIT/TLA, any nodes that
forward an encapsulated RS message with the HHIT/TLA as the OAL source
must not consider the message as being specific to a particular OMNI
link. HHITs/TLAs can therefore also serve as the source and destination
addresses of unencapsulated IPv6 data communications within the local
routing region, and if the HHIT/TLAs are injected into the local network
routing protocol their prefix length must be set to 128.Note: Each node normally conducts the multi-hop relaying between
intermediate forwarding nodes using the same underlay interface in
both the inbound and outbound directions, i.e. as opposed to different
underlay interfaces. The final forwarding node within range of a
Proxy/Server could use the same or a different underlay interface to
exchange carrier packets with the Proxy/Server, but may not be well
positioned to perform multilink selections over multiple underlay
interfaces on behalf of multihop dependent peers.When a Client is not pre-provisioned with an MNP (or, when the
Client requires additional MNP delegations), it requests the MS to
select MNPs on its behalf and set up the correct routing state. The
DHCPv6 service supports this requirement.When a Client requires the MS to select MNPs, it sends an RS
message with source set to an HHIT/TLA-RND. If the Client requires
only a
single MNP delegation, it can then include an OMNI Node Identification
sub-option plus an OMNI Neighbor Control sub-option with Preflen
set to the length of the desired MNP. If the Client requires
multiple MNP delegations and/or more complex DHCPv6 services, it instead
includes a DHCPv6 Message sub-option containing a Client Identifier,
one or more IA_PD options and a Rapid Commit option then sets the
'msg-type' field to "Solicit", and includes a 3-octet
'transaction-id'. The Client then sets the RS destination to
link-scoped All-Routers multicast and sends the message using OAL
encapsulation and fragmentation if necessary as discussed above.When the Hub Proxy/Server receives the RS message, it performs OAL
reassembly if necessary. Next, if the RS source is an HHIT/TLA-RND
and/or the OMNI option includes a DHCPv6 message sub-option, the Hub
Proxy/Server acts as a "Proxy DHCPv6 Client" in a message exchange
with the locally-resident DHCPv6 server. If the RS did not contain a
DHCPv6 message sub-option, the Hub Proxy/Server generates a DHCPv6
Solicit message on behalf of the Client using an IA_PD option with the
prefix length set to the OMNI Neighbor Control sub-option Preflen
value and with a Client Identifier formed from the OMNI option Node
Identification sub-option; otherwise, the Hub Proxy/Server uses the
DHCPv6 Solicit message contained in the OMNI option. The Hub
Proxy/Server then sends the DHCPv6 message to the DHCPv6 Server, which
delegates MNPs and returns a DHCPv6 Reply message with PD parameters.
(If the Hub Proxy/Server wishes to defer creation of Client state
until the DHCPv6 Reply is received, it can instead act as a
Lightweight DHCPv6 Relay Agent per by
encapsulating the DHCPv6 message in a Relay-forward/reply exchange
with Relay Message and Interface ID options. In the process, the Hub
Proxy/Server packs any state information needed to return an RA to the
Client in the Relay-forward Interface ID option so that the
information will be echoed back in the Relay-reply.)When the Hub Proxy/Server receives the DHCPv6 Reply, it creates
XLA-MNPs based on the delegated MNPs and creates OMNI interface
XLA-MNP forwarding table entries (i.e., to prompt the dynamic routing
protocol). The Hub Proxy/Server then sends an RA back to the FHS
Proxy/Server with the DHCPv6 Reply message included in an OMNI DHCPv6
message sub-option. The Hub Proxy/Server sets the RA destination
address to the RS source address, sets the RA source address to its
own ULA, performs OAL encapsulation and fragmentation, performs L2
encapsulation and sends the RA to the Client via the FHS Proxy/Server
as discussed above.When the FHS Proxy/Server receives the RA, it changes the RA
destination address to the ULA-MNP for the Client within its own ULA
subnet prefix, includes a Neighbor Control sub-option with Preflen set
to the length of the MNP, then forwards the RA to the Client. When the
Client receives the RA, it reassembles and discards the OAL encapsulation
then creates a default route, assigns Subnet Router Anycast addresses
and uses the RA destination address or DHCPv6-delegated MNP to
automatically configure its primary ULA-MNP. The Client will then use
these primary MNP-based addresses as the source address of any IPv6 ND
messages it sends as long as it retains ownership of the MNP.Note: when the Hub Proxy/Server is also the FHS Proxy/Server, it
forwards the RA message directly to the Client with the destination
set to the Client's ULA-MNP (i.e., instead of forwarding via another
Proxy/Server).Clients can provide an OMNI link ingress point for other nodes on
their (downstream) ENETs that also act as Clients. When Client A has
already coordinated with an (upstream) ANET/INET Proxy/Server, Client
B on an ENET serviced by Client A can send OAL-encapsulated RS
messages with addresses set the same as specified in . When Client A receives the RS message, it infers
from the OAL encapsulation that Client B is seeking to establish
itself as a Client instead of just a simple ENET Host.Client A then returns an RA message the same as a Proxy/Server
would do as specified in except that it
instead uses its own ULA-MNP as the RA and OAL source addresses and
performs (recursive) DHCPv6 Prefix Delegation. The MNP delegation in
the RA message must be a sub-MNP from the MNP delegated to Client A.
For example, if Client A receives the MNP 2001:db8:1000::/48 it can
provide a sub-delegation such as 2001:db8:1000:2000::/56 to Client B.
Client B can in turn sub-delegate 2001:db8:1000:2000::/56 to its own
ENET(s), where there may be a further prospective Client C that would
in turn request OMNI link services via Client B.To support this Client-to-Client chaining, Clients send IPv6 ND
messages addressed to the OMNI link anycast address via their
ANET/INET (i.e., upstream) interfaces, but advertise the OMNI link
anycast address into their ENET (i.e., downstream) networks where
there may be further prospective Clients wishing to join the chain.
The ENET of the upstream Client is therefore seen as an ANET by
downstream Clients, and the upstream Client is seen as a Proxy/Server
by downstream Clients.If the underlay network link model is multiple access, the FHS
Proxy/Server is responsible for assuring that address duplication cannot
corrupt the neighbor caches of other nodes on the link. When the Client
sends an RS message on a multiple access underlay network, the
Proxy/Server verifies that the Client is authorized to use the address
and responds with an RA (or forwards the RS to the Hub) only if the
Client is authorized.After verifying Client authorization and returning an RA, the
Proxy/Server MAY return IPv6 ND Redirect messages to direct Clients
located on the same underlay network to exchange OAL packets directly
without transiting the Proxy/Server. In that case, the Clients can
exchange OAL packets according to their unicast L2 addresses discovered
from the Redirect message instead of using the dogleg path through the
Proxy/Server. In some underlay networks, however, such direct
communications may be undesirable and continued use of the dogleg path
through the Proxy/Server may provide better performance. In that case,
the Proxy/Server can refrain from sending Redirects, and/or Clients can
ignore them.*NETs SHOULD deploy Proxy/Servers in Virtual Router Redundancy
Protocol (VRRP) configurations so that service
continuity is maintained even if one or more Proxy/Servers fail. Using
VRRP, the Client is unaware which of the (redundant) FHS Proxy/Servers
is currently providing service, and any service discontinuity will be
limited to the failover time supported by VRRP. Widely deployed public
domain implementations of VRRP are available.Proxy/Servers SHOULD use high availability clustering services so
that multiple redundant systems can provide coordinated response to
failures. As with VRRP, widely deployed public domain implementations of
high availability clustering services are available. Note that
special-purpose and expensive dedicated hardware is not necessary, and
public domain implementations can be used even between lightweight
virtual machines in cloud deployments.In environments where fast recovery from Proxy/Server failure is
required, FHS Proxy/Servers SHOULD use proactive Neighbor Unreachability
Detection (NUD) in a manner that parallels Bidirectional Forwarding
Detection (BFD) to track Hub Proxy/Server
reachability. FHS Proxy/Servers can then quickly detect and react to
failures so that cached information is re-established through alternate
paths. Proactive NUD control messaging is carried only over
well-connected ground domain networks (i.e., and not low-end links such
as aeronautical radios) and can therefore be tuned for rapid
response.FHS Proxy/Servers perform proactive NUD for Hub Proxy/Servers for
which there are currently active Clients. If a Hub Proxy/Server fails,
the FHS Proxy/Server can quickly inform Clients of the outage by sending
multicast RA messages. The FHS Proxy/Server sends RA messages to Clients
with source set to the ULA of the Hub, with destination address set to
All-Nodes multicast (ff02::1) and with Router
Lifetime set to 0.The FHS Proxy/Server SHOULD send MAX_FINAL_RTR_ADVERTISEMENTS RA
messages separated by small delays . Any Clients
that have been using the (now defunct) Hub Proxy/Server will receive the
RA messages.When a Client connects to an *NET link for the first time, it sends
an RS message with an OMNI option. If the first hop router recognizes
the option, it responds according to the appropriate FHS/Hub
Proxy/Server role resulting in an RA message with an OMNI option
returned to the Client. The Client then engages this FHS Proxy/Sever
according to the OMNI link model specified above. If the first hop
router is a legacy IPv6 router, however, it instead returns an RA
message with no OMNI option and with a non-OMNI unicast source LLA as
specified in . In that case, the Client engages
the *NET according to the legacy IPv6 link model and without the OMNI
extensions specified in this document.If the *NET link model is multiple access, there must be assurance
that address duplication cannot corrupt the neighbor caches of other
nodes on the link. When the Client sends an RS message on a multiple
access *NET link with an OMNI option, first hop routers that recognize
the option ensure that the Client is authorized to use the address and
return an RA with a non-zero Router Lifetime only if the Client is
authorized. First hop routers that do not recognize the OMNI option
instead return an RA that makes no statement about the Client's
authorization to use the source address. In that case, the Client should
perform Duplicate Address Detection to ensure that it does not interfere
with other nodes on the link.An alternative approach for multiple access *NET links to ensure
isolation for Client-Proxy/Server communications is through link layer
address mappings as discussed in . This
arrangement imparts a (virtual) point-to-point link model over the
(physical) multiple access link.Client OMNI interfaces configured over IPv6-enabled underlay
interfaces on an open Internetwork without an OMNI-aware first-hop
router receive IPv6 RA messages with no OMNI options, while OMNI
interfaces configured over IPv4-only underlay interfaces receive no IPv6
RA messages at all (but may receive IPv4 RA messages ). Client OMNI interfaces that receive RA messages
with OMNI options configure addresses, on-link prefixes, etc. on the
underlay interface that received the RA according to standard IPv6 ND
and address resolution conventions . Client OMNI interfaces configured over IPv4-only
underlay interfaces configure IPv4 address information on the underlay
interfaces using mechanisms such as DHCPv4 .Client OMNI interfaces configured over underlay interfaces connected
to open Internetworks can apply security services such as VPNs to
connect to a Proxy/Server, or can establish a direct link to the
Proxy/Server through some other means (see ).
In environments where an explicit VPN or direct link may be impractical
or undesirable, Client OMNI interfaces can instead send IPv6 ND messages
with OMNI options that include authentication signatures.OMNI interfaces use UDP/IP as L2 encapsulation headers for
transmission over open Internetworks with UDP service port number 8060
for both IPv4 and IPv6 underlay
interfaces. The OMNI interface submits original IP packets/parcels for
OAL encapsulation, then encapsulates the resulting OAL fragments in
UDP/IP L2 headers to form carrier packets. (The first four bits
following the UDP header determine whether the OAL headers are
uncompressed/compressed as discussed in .) The
OMNI interface sets the UDP length to the encapsulated OAL fragment
length and sets the IP length to an appropriate value at least as large
as the UDP datagram.When necessary, sources include an OMNI option with an authentication
sub-option in IPv6 ND messages. The source can employ a simple Hashed
Message Authentication Code (HMAC) as specified in or a message-based
authentication service such as HIP ,
QUIC-TLS , etc. using the
IPv6 ND message OMNI option as a "shipping container". Before calculating
any authentication signature, the source fully populates any necessary
OMNI sub-options as well as any ordinary IPv6 ND options as necessary.The source then sets both the IPv6 ND message Checksum and
authentication signature fields to 0 and calculates the authentication
signature over the full length of the IPv6 ND message beginning after
the IPv6 ND message checksum field and extending over the length of
the message. (If the IPv6 ND message is part of an OAL super-packet,
the source instead continues to calculate the authentication signature
over the entire length of the super-packet.) The source next writes
the authentication signature into the appropriate sub-option field
and forwards the message.After establishing a VPN or preparing for UDP/IP encapsulation, OMNI
interfaces send RS/RA messages for Client-Proxy/Server coordination
(see: ) and NS/NA messages for route
optimization, window synchronization and mobility management (see: ). These control plane messages must be
authenticated while other control and data plane messages are delivered
the same as for ordinary best-effort traffic with source address and/or
Identification window-based data origin verification. Transport and
higher layer protocol sessions over OMNI interfaces that connect over
open Internetworks without an explicit VPN should therefore employ
security at their layers to ensure authentication, integrity and/or
confidentiality.Clients should avoid using INET Proxy/Servers as general-purpose
routers for steady streams of carrier packets that do not require
authentication. Clients should therefore perform route optimization to
coordinate with other INET nodes that can provide forwarding services
(or preferably coordinate directly with peer Clients directly) instead
of burdening the Proxy/Server. Procedures for coordinating with peer
Clients and discovering INET nodes that can provide better forwarding
services are discussed in .Clients that attempt to contact peers over INET underlay interfaces
often encounter NATs in the path. OMNI interfaces accommodate NAT
traversal using UDP/IP encapsulation and the mechanisms discussed in
. FHS Proxy/Servers include Origin
Indications in RA messages to allow Clients to detect the presence of
NATs.Note: Following the initial IPv6 ND message exchange, OMNI interfaces
configured over INET underlay interfaces maintain neighbor relationships
by transmitting periodic IPv6 ND messages with OMNI options that include
authentication signatures. Other authentication services that use their
own IPv6 ND option types such as and
can also be used in addition to any
OMNI authentication services.Note: OMNI interfaces configured over INET underlay interfaces should
employ the Identification window synchronization mechanisms specified in
in order to exclude spurious carrier packets
that might otherwise clutter the reassembly cache. This is especially
important in environments where carrier packet spoofing and/or
corruption is a threat.Note: NATs may be present on the path from a Client to its FHS
Proxy/Server, but never on the path from the FHS Proxy/Server to the Hub
where only INET and/or spanning tree hops occur. Therefore, the FHS
Proxy/Server does not communicate Client origin information to the Hub
where it would serve no purpose.In some use cases, it is desirable, beneficial and efficient for the
Client to receive a constant MNP that travels with the Client wherever
it moves. For example, this would allow air traffic controllers to
easily track aircraft, etc. In other cases, however (e.g., intelligent
transportation systems), the Client may be willing to sacrifice a
modicum of efficiency in order to have time-varying MNPs that can be
changed every so often to defeat adversarial tracking.The prefix delegation services discussed in
allows Clients that desire time-varying MNPs to obtain short-lived
prefixes to send RS messages with an HHIT/TLA source address and/or
with an OMNI option with DHCPv6 Option sub-options. The Client would
then be obligated to renumber its internal networks whenever its MNP
(and therefore also its OMNI address) changes. This should not present a
challenge for Clients with automated network renumbering services, but
may disrupt persistent sessions that would prefer to use a constant
address.Clients that generate (H)HITs but do not have pre-assigned MNPs can
request MNP delegations by issuing IPv6 ND messages that use the (H)HIT
instead of a TLA. For example, when a Client creates an RS message it
can set the source to a (H)HIT and destination to link-scoped
All-Routers multicast. The IPv6 ND message includes an OMNI option with
a Node Identification sub-option, then encapsulates the message in an
IPv6 header with the (H)HIT as the source address. The Client then sends
the message as specified in .When the Hub Proxy/Server receives the RS message, it notes that the
source was a (H)HIT, then invokes the DHCPv6 protocol to request an MNP
prefix delegation while using the (H)HIT (in the form of a DUID) as the
Client Identifier. The Hub Proxy/Server then prepares an RA message with
source address set to its own ULA and destination set to the source of
the RS message. The Hub Proxy/Server next includes an OMNI option with a
Node Identification sub-option and any DHCPv6 prefix delegation
parameters. The Proxy/Server finally encapsulates the RA in an OAL
header with source address set to its own ULA and destination set to the
RS OAL source address, then returns the encapsulated RA to the Client
either directly or by way of the FHS Proxy/Server as a proxy.Clients can also use (H)HITs and/or TLAs for direct Client-to-Client
communications outside the context of any OMNI link supporting
infrastructure. When two Clients encounter one another they can use
their (H)HITs and/or TLAs as original IPv6 packet/parcel source and
destination addresses to support direct communications. Clients can also
inject their (H)HITs and/or TLAs into an IPv6 multihop routing protocol
to enable multihop communications as discussed in . Clients can further exchange other IPv6 ND messages
using their (H)HITs and/or TLAs as source and destination addresses.Lastly, when Clients are within the coverage range of OMNI link
infrastructure a case could be made for injecting (H)HITs and/or TLAs
into the global MS routing system. For example, when the Client sends an
RS to an FHS Proxy/Server it could include a request to inject the
(H)HIT / TLA into the routing system instead of requesting an MNP prefix
delegation. This would potentially enable OMNI link-wide communications
using only (H)HITs or TLAs, and not MNPs. This document notes the
opportunity, but makes no recommendation.Clients assign LLAs to the OMNI interface, but do not use LLAs as
IPv6 ND message source/destination addresses nor for addressing ordinary
original IP packets/parcels exchanged with OMNI link neighbors.Clients use ULA-MNPs as source/destination IPv6 addresses in the
encapsulation headers of OAL packets and use XLA-MNPs as the IPv6 source
addresses of the IPv6 ND messages themselves. Clients use TLAs when an
MNP is not available, or as source/destination IPv6 addresses for
communications within a MANET/VANET local area. Clients can also use
(H)HITs instead of TLAs for local communications when operation outside
the context of a specific ULA domain and/or source address attestation
is necessary.Clients use MNP-based GUAs as original IP packet/parcel source and
destination addresses for communications with Internet destinations when
they are within range of OMNI link supporting infrastructure that can
inject the MNP into the routing system. Clients can also use MNP-based
GUAs within multihop routing regions that are currently disconnected
from infrastructure as long as the corresponding ULA-MNPs have been
injected into the routing system.Clients use anycast GUAs as OAL and/or L2 encapsulation destination
addresses for RS messages used to discover the nearest FHS Proxy/Server.
When the Proxy/Server returns a solicited RA, it must also use the same
anycast address as the RA OAL/L2 encapsulation source in order to
successfully traverse any NATs in the path. The Client should then
immediately transition to using the FHS Proxy/Server's discovered
unicast OAL/L2 address as the destination in order to minimize
dependence on the Proxy/Server's use of an anycast source address.An OAL destination or intermediate node may need to return
ICMPv6-like error messages (e.g., Destination Unreachable, Packet Too
Big, Time Exceeded, etc.) to an OAL source.
Since ICMPv6 error messages do not themselves include authentication
codes, OAL nodes can instead return error messages as an OMNI ICMPv6
Error sub-option in a secured IPv6 ND uNA message.The following IANA actions are requested in accordance with and :The IANA is instructed to allocate an Internet Protocol number TBD1
from the 'protocol numbers' registry for the Overlay Multilink Network
Interface (OMNI) protocol. Guidance is found in (registration procedure is IESG Approval or
Standards Action).During final publication stages, the IESG will be requested to
procure an IEEE EtherType value TBD2 for OMNI according to the
statement found at
https://www.ietf.org/about/groups/iesg/statements/ethertypes/.Following this procurement, the IANA is instructed to register the
value TBD2 in the 'ieee-802-numbers' registry for Overlay Multilink
Network Interface (OMNI) encapsulation on Ethernet networks. Guidance
is found in (registration procedure is Expert
Review).The IANA is instructed to assign TBD3/N as an "OMNI IPv4 anycast"
address/prefix in the "IPv4 Special-Purpose Address" registry in a
similar fashion as for . The IANA is requested
to work with the authors to obtain a TBD3/N public IPv4 prefix,
whether through an RIR allocation, a delegation from IANA's "IPv4
Recovered Address Space" registry or through an unspecified third
party donation.The IANA is instructed to allocate an official Type number TBD4
from the "IPv6 Neighbor Discovery Option Formats" registry for the
OMNI option (registration procedure is RFC required).The IANA is instructed to allocate one Ethernet unicast address
TBD5 (suggested value '00-52-14') in the 'ethernet-numbers' registry
under "IANA Unicast 48-bit MAC Addresses" (registration procedure is
Expert Review). The registration should appear as follows:The IANA is instructed to assign three new Code values in the
"ICMPv6 Code Fields: Type 2 - Packet Too Big" registry (registration
procedure is Standards Action or IESG Approval). The registry should
appear as follows:(Note: this registry also defines values for the "unused"
field of ICMPv4 "Destination Unreachable - Fragmentation Needed" messages.)The OMNI option defines a 5-bit Sub-Type field, for which IANA is
instructed to create and maintain a new registry entitled "OMNI Option
Sub-Type Values". Initial values are given below (registration
procedure is RFC required):The OMNI Node Identification sub-option (see: ) contains an 8-bit ID-Type field, for which IANA is
instructed to create and maintain a new registry entitled "OMNI Node
Identification ID-Type Values". Initial values are given below
(registration procedure is RFC required):The OMNI Geo Coordinates sub-option (see: )
contains an 8-bit Type field, for which IANA is instructed to create
and maintain a new registry entitled "OMNI Geo Coordinates Type
Values". Initial values are given below (registration procedure is RFC
required):The OMNI option defines an 8-bit Extension-Type field for Sub-Type
30 (Sub-Type Extension), for which IANA is instructed to create and
maintain a new registry entitled "OMNI Option Sub-Type Extension
Values". Initial values are given below (registration procedure is RFC
required):The OMNI Sub-Type Extension "RFC4380 UDP/IP Header Option" defines
an 8-bit Header Type field, for which IANA is instructed to create and
maintain a new registry entitled "OMNI RFC4380 UDP/IP Header Option".
Initial registry values are given below (registration procedure is RFC
required):The OMNI Sub-Type Extension for "RFC6081 UDP/IP Trailer Option"
defines an 8-bit Trailer Type field, for which IANA is instructed to
create and maintain a new registry entitled "OMNI RFC6081 UDP/IP
Trailer Option". Initial registry values are given below (registration
procedure is RFC required):The IANA has assigned the UDP port number "8060" for an earlier
experimental version of AERO . This document
reclaims the UDP port number "8060" for 'aero' as the service port for
UDP/IP encapsulation. (Note that, although is
not widely implemented or deployed, any messages coded to that
specification can be easily distinguished and ignored since they
include an invalid ICMPv6 message type number '0'.) The IANA is
therefore instructed to update the reference for UDP port number
"8060" from "RFC6706" to "RFCXXXX" (i.e., this document) while
retaining the existing name 'aero'.The IANA has assigned a 4-octet Private Enterprise Number (PEN)
code "45282" in the "enterprise-numbers" registry. This document is
the normative reference for using this code in DHCP Unique IDentifiers
based on Enterprise Numbers ("DUID-EN for OMNI Interfaces") (see:
). The IANA is therefore instructed to change
the enterprise designation for PEN code "45282" from "LinkUp Networks"
to "Overlay Multilink Network Interface (OMNI)".The IANA has assigned the ifType code "301 - omni - Overlay
Multilink Network Interface (OMNI)" in accordance with Section 6 of
. The registration appears under the IANA
"Structure of Management Information (SMI) Numbers (MIB Module
Registrations) - Interface Types (ifType)" registry.No further IANA actions are required.Security considerations for IPv4 , IPv6 and IPv6 Neighbor Discovery
apply. OMNI interface IPv6 ND messages SHOULD include Nonce and
Timestamp options when transaction confirmation
and/or time synchronization is needed.OMNI interfaces configured over secured ANET/ENET interfaces inherit
the physical and/or link layer security properties (i.e., "protected
spectrum") of the connected networks. OMNI interfaces configured over
open INET interfaces can use symmetric securing services such as VPNs or
can by some other means establish a direct link. When a VPN or direct
link may be impractical or undesirable, however, security services such
as those specified in , ,
, , etc. can be employed.OMNI link mobility services MUST provide for strong network layer
security for control plane messages and forwarding path integrity for
data plane messages. For example, the AERO service constructs an SRT spanning tree with
Proxy/Servers as leaf nodes and secures the spanning tree links with
network layer security mechanisms such as IPsec
or WireGuard . Secured control plane messages are
then constrained to travel only over secured spanning tree paths and
are therefore protected from attack or eavesdropping. Other control and
data plane messages can travel over route optimized paths that do not
strictly follow the secured spanning tree, therefore end-to-end sessions
should employ transport or higher layer security services (e.g., TLS/SSL
, DTLS , etc.). Additionally,
the OAL Identification value can provide a first level of data origin
authentication to mitigate off-path spoofing.Identity-based key verification infrastructure services such as iPSK
may be necessary for verifying the identities claimed by Clients. This
requirement should be harmonized with the manner in which (H)HITs are
attested in a given operational environment.Security considerations for specific access network interface types
are covered under the corresponding IP-over-(foo) specification (e.g.,
, , etc.).Security considerations for IPv6 fragmentation and reassembly are
discussed in . In environments where spoofing is
considered a threat, OMNI nodes SHOULD employ Identification window
synchronization and OAL destinations SHOULD configure an
(end-system-based) firewall.AERO/OMNI Release-3.2 was tagged on March 30, 2021, and is undergoing
internal testing. Additional internal releases expected within the
coming months, with first public release expected end of 1H2021.Many AERO/OMNI functions are implemented and undergoing final
integration. OAL fragmentation/reassembly buffer management code has
been cleared for public release.This document does not itself update other RFCs, but suggests that
the following could be updated through future IETF initiatives:Updates can be through, e.g., standards action, the errata
process, etc. as appropriate.The first version of this document was prepared per the consensus
decision at the 7th Conference of the International Civil Aviation
Organization (ICAO) Working Group-I Mobility Subgroup on March 22, 2019.
Consensus to take the document forward to the IETF was reached at the
9th Conference of the Mobility Subgroup on November 22, 2019. Attendees
and contributors included: Guray Acar, Danny Bharj, Francois
D´Humieres, Pavel Drasil, Nikos Fistas, Giovanni Garofolo,
Bernhard Haindl, Vaughn Maiolla, Tom McParland, Victor Moreno, Madhu
Niraula, Brent Phillips, Liviu Popescu, Jacky Pouzet, Aloke Roy, Greg
Saccone, Robert Segers, Michal Skorepa, Michel Solery, Stephane Tamalet,
Fred Templin, Jean-Marc Vacher, Bela Varkonyi, Tony Whyman, Fryderyk
Wrobel and Dongsong Zeng.The following individuals are acknowledged for their useful comments:
Amanda Baber, Scott Burleigh, Stuart Card, Donald Eastlake, Adrian Farrel,
Michael Matyas, Robert Moskowitz, Madhu Niraula, Greg Saccone, Stephane
Tamalet, Eliot Lear, Eduard Vasilenko, Eric Vyncke. Pavel Drasil, Zdenek
Jaron and Michal Skorepa are especially recognized for their many helpful
ideas and suggestions. Akash Agarwal, Madhuri Madhava Badgandi, Sean
Dickson, Don Dillenburg, Joe Dudkowski, Vijayasarathy Rajagopalan, Ron
Sackman, Bhargava Raman Sai Prakash and Katherine Tran are acknowledged
for their hard work on the implementation and technical insights that
led to improvements for the spec.Discussions on the IETF 6man and atn mailing lists during the fall of
2020 suggested additional points to consider. The authors gratefully
acknowledge the list members who contributed valuable insights through
those discussions. Eric Vyncke and Erik Kline were the intarea ADs,
while Bob Hinden and Ole Troan were the 6man WG chairs at the time the
document was developed; they are all gratefully acknowledged for their
many helpful insights. Many of the ideas in this document have further
built on IETF experiences beginning in the 1990s, with insights from
colleagues including Ron Bonica, Brian Carpenter, Ralph Droms, Christian
Huitema, Thomas Narten, Dave Thaler, Joe Touch, Pascal Thubert, and many
others who deserve recognition.Early observations on IP fragmentation performance implications were
noted in the 1986 Digital Equipment Corporation (DEC) "qe reset"
investigation, where fragment bursts from NFS UDP traffic triggered
hardware resets resulting in communication failures. Jeff Chase, Fred
Glover and Chet Juzsczak of the Ultrix Engineering Group led the
investigation, and determined that setting a smaller NFS mount block
size reduced the amount of fragmentation and suppressed the resets.
Early observations on L2 media MTU issues were noted in the 1988 DEC
FDDI investigation, where Raj Jain, KK Ramakrishnan and Kathy Wilde
represented architectural considerations for FDDI networking in general
including FDDI/Ethernet bridging. Jeff Mogul (who led the IETF Path MTU
Discovery working group) and other DEC colleagues who supported these
early investigations are also acknowledged.Throughout the 1990's and into the 2000's, many colleagues supported
and encouraged continuation of the work. Beginning with the DEC Project
Sequoia effort at the University of California, Berkeley, then moving to
the DEC research lab offices in Palo Alto CA, then to Sterling Software
at the NASA Ames Research Center, then to SRI in Menlo Park, CA, then to
Nokia in Mountain View, CA and finally to the Boeing Company in 2005 the
work saw continuous advancement through the encouragement of many. Those
who offered their support and encouragement are gratefully
acknowledged.This work is aligned with the NASA Safe Autonomous Systems Operation
(SASO) program under NASA contract number NNA16BD84C.This work is aligned with the FAA as per the SE2025 contract number
DTFAWA-15-D-00030.This work is aligned with the Boeing Information Technology (BIT)
Mobility Vision Lab (MVL) program.Error Characteristics of Fiber Distributed Data Interface
(FDDI), IEEE Transactions on CommunicationsPerformance of Checksums and CRC's Over Real Data, IEEE/ACM
Transactions on Networking, Vol. 6, No. 5The OMNI Interface - An IPv6 Air/Ground Interface for Civil
Aviation, IETF Liaison Statement #1676,
https://datatracker.ietf.org/liaison/1676/WireGuard, Fast, Modern, Secure VPN Tunnel,
https://wireguard.com/ICAO Document 9896 (Manual on the Aeronautical
Telecommunication Network (ATN) using Internet Protocol Suite (IPS)
Standards and Protocol), Draft Edition 3 (work-in-progress)IPv4 Address Space Registry,
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtmlIPv6 Global Unicast Address Assignments,
https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtmlGuidelines for Use of Extended Unique Identifier (EUI),
Organizationally Unique Identifier (OUI), and Company ID,
https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdfThe OAL Checksum Algorithm adopts the 8-bit Fletcher algorithm
specified in Appendix I of as also analyzed in
. declared historic for the reason that the algorithms had never
seen widespread use with TCP, however this document adopts the 8-bit
Fletcher algorithm for a different purpose. Quoting from Appendix I of
, the OAL Checksum Algorithm proceeds as
follows:"The 8-bit Fletcher Checksum Algorithm is calculated over a
sequence of data octets (call them D[1] through D[N]) by maintaining
2 unsigned 1's-complement 8-bit accumulators A and B whose contents
are initially zero, and performing the following loop where i ranges
from 1 to N:A := A + D[i]B := B + AIt can be shown that at the end of the loop A will contain
the 8-bit 1's complement sum of all octets in the datagram, and that
B will contain (N)D[1] + (N-1)D[2] + ... + D[N]."To calculate the OAL checksum, the above algorithm is applied over
the N-octet concatenation of the OAL pseudo-header and the encapsulated
original IP packet(s)/parcel(s). Specifically, the algorithm is first
applied over the 40 octets of the OAL pseudo-header as data octets D[1]
through D[40], then continues over the entire length of the original IP
packet(s)/parcel(s) as data octets D[41] through D[N].OMNI interface IPv6 ND messages are subject to authentication and
integrity checks at multiple levels. When an OMNI interface sends an
IPv6 ND message over an INET interface, it includes an authentication
sub-option with a valid signature if necessary and always includes an
IPv6 ND message checksum. The OMNI interface that receives the message
verifies the OAL checksum as a first-level integrity check, then
verifies the IPv6 ND message checksum followed by the authentication
signature (if present) to ensure IPv6 ND message integrity and
authenticity.When an OMNI interface sends an IPv6 ND message over an underlay
interface connected to a secured network, it omits authentication
(sub-)options but always calculates/includes an IPv6 ND message checksum
beginning with a pseudo-header of the IPv6 header and extending to the
end of the IPv6 ND message only with the Checksum field itself set to
0. When an OMNI interface sends an IPv6 ND message over an underlay
interface connected to an unsecured network, it first includes an
authentication (sub-)option and calculates the signature beginning
with the first octet following the IPv6 ND message header Checksum
field and extending to the end of the entire packet or super-packet
with the authentication signature field set to 0. The OMNI interface
next writes the signature into the signature field, then calculates
the IPv6 ND message checksum as above.The OMNI interface that receives the message applies any link layer
authentication and integrity checks, then verifies both the OAL checksum
and the IPv6 ND message checksum. If the checksums are correct, the OMNI
interface next verifies the authentication signature. The OMNI interface
then processes the packet further only if all checksums and
authentication signatures were correct.OAL destinations also discard carrier packets with unacceptable
Identifications and submit the encapsulated fragments in all others for
reassembly. The reassembly algorithm rejects any fragments with
unacceptable sizes, offsets, etc. and reassembles all others. Following
reassembly, the OAL checksum algorithm provides an integrity assurance
layer that compliments any integrity checks already applied by lower
layers as well as a first-pass filter for any checks that will be
applied later by upper layers.ICAO Doc 9776 is the "Technical Manual for VHF Data Link Mode 2"
(VDLM2) that specifies an essential radio frequency data link service
for aircraft and ground stations in worldwide civil aviation air traffic
management. The VDLM2 link type is "multicast capable" , but with considerable differences from common
multicast links such as Ethernet and IEEE 802.11.First, the VDLM2 link data rate is only 31.5Kbps - multiple orders of
magnitude less than most modern wireless networking gear. Second, due to
the low available link bandwidth only VDLM2 ground stations (i.e., and
not aircraft) are permitted to send broadcasts, and even so only as
compact link layer "beacons". Third, aircraft employ the services of ground
stations by performing unicast RS/RA exchanges upon receipt of beacons
instead of listening for multicast RA messages and/or sending multicast
RS messages.This beacon-oriented unicast RS/RA approach is necessary to conserve
the already-scarce available link bandwidth. Moreover, since the numbers
of beaconing ground stations operating within a given spatial range must
be kept as sparse as possible, it would not be feasible to have
different classes of ground stations within the same region observing
different protocols. It is therefore highly desirable that all ground
stations observe a common language of RS/RA as specified in this
document.Note that links of this nature may benefit from compression
techniques that reduce the bandwidth necessary for conveying the same
amount of data. The IETF lpwan working group is considering possible
alternatives: [https://datatracker.ietf.org/wg/lpwan/documents].Per , IPv6 ND messages may be sent to either
a multicast or unicast link-scoped IPv6 destination address. However,
IPv6 ND messaging should be coordinated between the Client and
Proxy/Server only without invoking other nodes on the underlay network.
This implies that Client-Proxy/Server control messaging should be
isolated and not overheard by other nodes on the link.To support Client-Proxy/Server isolation on some links, Proxy/Servers
can maintain an OMNI-specific unicast link layer address ("MSADDR"). For
Ethernet-compatible links, this specification reserves one Ethernet
unicast address TBD5 (see: IANA Considerations). For non-Ethernet
statically-addressed links MSADDR is reserved per the assigned numbers
authority for the link layer addressing space. For still other links,
MSADDR may be dynamically discovered through other means, e.g.,
link layer beacons.Clients map the L3 addresses of all IPv6 ND messages they send (i.e.,
both multicast and unicast) to MSADDR instead of to an ordinary unicast
or multicast link layer address. In this way, all of the Client's IPv6
ND messages will be received by Proxy/Servers that are configured to
accept carrier packets destined to MSADDR. Note that multiple
Proxy/Servers on the link could be configured to accept carrier packets
destined to MSADDR, e.g., as a basis for supporting redundancy.Therefore, Proxy/Servers must accept and process carrier packets
destined to MSADDR, while all other devices must not process carrier
packets destined to MSADDR. This model has well-established operational
experience in Proxy Mobile IPv6 (PMIP) .<< RFC Editor - remove prior to publication >>Differences from earlier versions:Submit for Intarea Standards Track RFC Publication.