Network Working Group A. Conta
Request for Comments: 2473 Lucent Technologies Inc.
Category: Standards Track S. Deering
Cisco Systems
December 1998
Network Working Group A. Conta
Request for Comments: 2473 Lucent Technologies Inc.
Category: Standards Track S. Deering
Cisco Systems
December 1998
Generic Packet Tunneling in IPv6 Specification
IPv6规范中的通用数据包隧道
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This document defines the model and generic mechanisms for IPv6 encapsulation of Internet packets, such as IPv6 and IPv4. The model and mechanisms can be applied to other protocol packets as well, such as AppleTalk, IPX, CLNP, or others.
本文档定义了Internet数据包(如IPv6和IPv4)的IPv6封装模型和通用机制。该模型和机制也可以应用于其他协议包,例如AppleTalk、IPX、CLNP或其他协议包。
Table of Contents
目录
1. Introduction..................................................2
2. Terminology...................................................2
3. IPv6 Tunneling................................................4
3.1 IPv6 Encapsulation.......................................6
3.2 IPv6 Packet Processing in Tunnels........................7
3.3 IPv6 Decapsulation.......................................7
3.4 IPv6 Tunnel Protocol Engine..............................8
4. Nested Encapsulation.........................................11
4.1 Limiting Nested Encapsulation..........................12
4.1.1 Tunnel Encapsulation Limit Option................13
4.1.2 Loopback Encapsulation...........................15
4.1.3 Routing Loop Nested Encapsulation................15
5. Tunnel IPv6 Header...........................................16
5.1 Tunnel IPv6 Extension Headers...........................17
6. IPv6 Tunnel State Variables..................................19
6.1 IPv6 Tunnel Entry-Point Node............................19
6.2 IPv6 Tunnel Exit-Point Node.............................19
1. Introduction..................................................2
2. Terminology...................................................2
3. IPv6 Tunneling................................................4
3.1 IPv6 Encapsulation.......................................6
3.2 IPv6 Packet Processing in Tunnels........................7
3.3 IPv6 Decapsulation.......................................7
3.4 IPv6 Tunnel Protocol Engine..............................8
4. Nested Encapsulation.........................................11
4.1 Limiting Nested Encapsulation..........................12
4.1.1 Tunnel Encapsulation Limit Option................13
4.1.2 Loopback Encapsulation...........................15
4.1.3 Routing Loop Nested Encapsulation................15
5. Tunnel IPv6 Header...........................................16
5.1 Tunnel IPv6 Extension Headers...........................17
6. IPv6 Tunnel State Variables..................................19
6.1 IPv6 Tunnel Entry-Point Node............................19
6.2 IPv6 Tunnel Exit-Point Node.............................19
6.3 IPv6 Tunnel Hop Limit...................................19
6.4 IPv6 Tunnel Packet Traffic Class........................20
6.5 IPv6 Tunnel Flow Label..................................20
6.6 IPv6 Tunnel Encapsulation Limit.........................20
6.7 IPv6 Tunnel MTU.........................................20
7. IPv6 Tunnel Packet Size Issues...............................21
7.1 IPv6 Tunnel Packet Fragmentation........................21
7.2 IPv4 Tunnel Packet Fragmentation........................22
8. IPv6 Tunnel Error Reporting and Processing...................22
8.1 Tunnel ICMP Messages....................................27
8.2 ICMP Messages for IPv6 Original Packets.................28
8.3 ICMP Messages for IPv4 Original Packets.................29
8.4 ICMP Messages for Nested Tunnel Packets.................30
9. Security Considerations......................................30
10. Acknowledgments.............................................31
11. References..................................................31
Authors' Addresses..............................................32
Appendix A. Risk Factors in Recursive Encapsulation.............33
Full Copyright Statement........................................36
6.3 IPv6 Tunnel Hop Limit...................................19
6.4 IPv6 Tunnel Packet Traffic Class........................20
6.5 IPv6 Tunnel Flow Label..................................20
6.6 IPv6 Tunnel Encapsulation Limit.........................20
6.7 IPv6 Tunnel MTU.........................................20
7. IPv6 Tunnel Packet Size Issues...............................21
7.1 IPv6 Tunnel Packet Fragmentation........................21
7.2 IPv4 Tunnel Packet Fragmentation........................22
8. IPv6 Tunnel Error Reporting and Processing...................22
8.1 Tunnel ICMP Messages....................................27
8.2 ICMP Messages for IPv6 Original Packets.................28
8.3 ICMP Messages for IPv4 Original Packets.................29
8.4 ICMP Messages for Nested Tunnel Packets.................30
9. Security Considerations......................................30
10. Acknowledgments.............................................31
11. References..................................................31
Authors' Addresses..............................................32
Appendix A. Risk Factors in Recursive Encapsulation.............33
Full Copyright Statement........................................36
This document specifies a method and generic mechanisms by which a packet is encapsulated and carried as payload within an IPv6 packet. The resulting packet is called an IPv6 tunnel packet. The forwarding path between the source and destination of the tunnel packet is called an IPv6 tunnel. The technique is called IPv6 tunneling.
本文档指定了一种方法和通用机制,通过该方法将数据包封装并作为有效负载携带到IPv6数据包中。产生的数据包称为IPv6隧道数据包。隧道数据包的源和目标之间的转发路径称为IPv6隧道。这种技术称为IPv6隧道。
A typical scenario for IPv6 tunneling is the case in which an intermediate node exerts explicit routing control by specifying particular forwarding paths for selected packets. This control is achieved by prepending IPv6 headers to each of the selected original packets. These prepended headers identify the forwarding paths.
IPv6隧道的一个典型场景是,中间节点通过指定选定数据包的特定转发路径来实施显式路由控制。此控制通过将IPv6头预先发送到每个选定的原始数据包来实现。这些预加标题标识转发路径。
In addition to the description of generic IPv6 tunneling mechanisms, which is the focus of this document, specific mechanisms for tunneling IPv6 and IPv4 packets are also described herein.
除了作为本文档重点的通用IPv6隧道机制的描述之外,本文还描述了用于隧道IPv6和IPv4数据包的特定机制。
The keywords MUST, MUST NOT, MAY, OPTIONAL, REQUIRED, RECOMMENDED, SHALL, SHALL NOT, SHOULD, SHOULD NOT are to be interpreted as defined in RFC 2119.
关键字必须、不得、可、可选、必需、推荐、应、不应、不应按照RFC 2119中的定义进行解释。
original packet
原始数据包
a packet that undergoes encapsulation.
经过封装的小包。
original header
原始标题
the header of an original packet.
原始数据包的头。
tunnel
地下通道
a forwarding path between two nodes on which the payloads of packets are original packets.
两个节点之间的转发路径,其中数据包的有效负载是原始数据包。
tunnel end-node
隧道端节点
a node where a tunnel begins or ends.
隧道开始或结束的节点。
tunnel header
隧道报头
the header prepended to the original packet during encapsulation. It specifies the tunnel end-points as source and destination.
在封装期间,报头在原始数据包之前。它将隧道端点指定为源和目标。
tunnel packet
隧道包
a packet that encapsulates an original packet.
封装原始数据包的数据包。
tunnel entry-point
隧道入口点
the tunnel end-node where an original packet is encapsulated.
封装原始数据包的隧道端节点。
tunnel exit-point
隧道出口点
the tunnel end-node where a tunnel packet is decapsulated.
隧道数据包被解除封装的隧道端节点。
IPv6 tunnel
IPv6隧道
a tunnel configured as a virtual link between two IPv6 nodes, on which the encapsulating protocol is IPv6.
配置为两个IPv6节点之间的虚拟链路的隧道,其上的封装协议为IPv6。
tunnel MTU
隧道MTU
the maximum size of a tunnel packet payload without requiring fragmentation, that is, the Path MTU between the tunnel entry-point and the tunnel exit-point nodes minus the size of the tunnel header.
不需要分段的隧道分组有效载荷的最大大小,即隧道入口点和隧道出口点节点之间的路径MTU减去隧道报头的大小。
tunnel hop limit
隧道跃点限制
the maximum number of hops that a tunnel packet can travel from the tunnel entry-point to the tunnel exit-point.
隧道数据包可以从隧道入口点传输到隧道出口点的最大跳数。
inner tunnel
内隧道
a tunnel that is a hop (virtual link) of another tunnel.
作为另一个隧道的跃点(虚拟链路)的隧道。
outer tunnel
外隧道
a tunnel containing one or more inner tunnels.
包含一个或多个内部通道的通道。
nested tunnel packet
嵌套隧道包
a tunnel packet that has as payload a tunnel packet.
一种隧道数据包,其有效载荷为隧道数据包。
nested tunnel header
嵌套式隧道掘进机
the tunnel header of a nested tunnel packet.
嵌套隧道数据包的隧道头。
nested encapsulation
嵌套封装
encapsulation of an encapsulated packet.
封装封装的数据包。
recursive encapsulation
递归封装
encapsulation of a packet that reenters a tunnel before exiting it.
封装在退出隧道之前重新进入隧道的数据包。
tunnel encapsulation limit
隧道封装极限
the maximum number of nested encapsulations of a packet.
数据包的最大嵌套封装数。
IPv6 tunneling is a technique for establishing a "virtual link" between two IPv6 nodes for transmitting data packets as payloads of IPv6 packets (see Fig.1). From the point of view of the two nodes, this "virtual link", called an IPv6 tunnel, appears as a point to point link on which IPv6 acts like a link-layer protocol. The two IPv6 nodes play specific roles. One node encapsulates original packets received from other nodes or from itself and forwards the resulting tunnel packets through the tunnel. The other node decapsulates the received tunnel packets and forwards the resulting original packets towards their destinations, possibly itself. The encapsulator node is called the tunnel entry-point node, and it is the source of the tunnel packets. The decapsulator node is called the tunnel exit-point, and it is the destination of the tunnel packets.
IPv6隧道是一种在两个IPv6节点之间建立“虚拟链路”的技术,用于将数据包作为IPv6数据包的有效载荷进行传输(见图1)。从这两个节点的角度来看,这种称为IPv6隧道的“虚拟链路”显示为一种点对点链路,IPv6在该链路上的行为类似于链路层协议。这两个IPv6节点扮演特定的角色。一个节点封装从其他节点或自身接收的原始数据包,并通过隧道转发产生的隧道数据包。另一个节点对接收到的隧道数据包进行去封装,并将得到的原始数据包转发到它们的目的地(可能是自身)。封装器节点称为隧道入口点节点,它是隧道数据包的源。解封装器节点称为隧道出口点,它是隧道数据包的目的地。
Note: This document refers in particular to tunnels between two nodes identified by unicast addresses - such tunnels look like "virtual point to point links". The mechanisms described herein apply also to tunnels in which the exit-point nodes are identified by other types of addresses, such as anycast or multicast. These tunnels may look like "virtual point to multipoint links". At the time of writing this document, IPv6 anycast addresses are a subject of ongoing specification and experimental work.
注:本文档特别提到由单播地址标识的两个节点之间的隧道-此类隧道看起来像“虚拟点对点链接”。本文描述的机制也适用于其中出口点节点由其他类型的地址(例如选播或多播)标识的隧道。这些隧道可能看起来像“虚拟点对多点链路”。在编写本文档时,IPv6选播地址是正在进行的规范和实验工作的主题。
Tunnel from node B to node C
<---------------------->
Tunnel Tunnel
Entry-Point Exit-Point
Node Node
+-+ +-+ +-+ +-+
|A|-->--//-->--|B|=====>=====//=====>=====|C|-->--//-->--|D|
+-+ +-+ +-+ +-+
Original Original
Packet Packet
Source Destination
Node Node
Fig.1 Tunnel
Tunnel from node B to node C
<---------------------->
Tunnel Tunnel
Entry-Point Exit-Point
Node Node
+-+ +-+ +-+ +-+
|A|-->--//-->--|B|=====>=====//=====>=====|C|-->--//-->--|D|
+-+ +-+ +-+ +-+
Original Original
Packet Packet
Source Destination
Node Node
Fig.1 Tunnel
An IPv6 tunnel is a unidirectional mechanism - tunnel packet flow takes place in one direction between the IPv6 tunnel entry-point and exit-point nodes (see Fig.1).
IPv6隧道是一种单向机制-隧道数据包流在IPv6隧道入口点和出口点节点之间的一个方向上发生(见图1)。
Tunnel from Node B to Node C
<------------------------>
Tunnel Tunnel
Original Entry-Point Exit-Point Original
Packet Node Node Packet
Source Destination
Node Node
+-+ +-+ +-+ +-+
| |-->--//-->--| |=====>=====//=====>======| |-->--//-->--| |
|A| |B| |C| |D|
| |--<--//--<--| |=====<=====//=====<======| |--<--//--<--| |
+-+ +-+ +-+ +-+
Original Original
Packet Packet
Destination Tunnel Tunnel Source
Node Exit-Point Entry-Point Node
Node Node
<------------------------->
Tunnel from Node C to Node B
Fig.2 Bi-directional Tunneling Mechanism
Tunnel from Node B to Node C
<------------------------>
Tunnel Tunnel
Original Entry-Point Exit-Point Original
Packet Node Node Packet
Source Destination
Node Node
+-+ +-+ +-+ +-+
| |-->--//-->--| |=====>=====//=====>======| |-->--//-->--| |
|A| |B| |C| |D|
| |--<--//--<--| |=====<=====//=====<======| |--<--//--<--| |
+-+ +-+ +-+ +-+
Original Original
Packet Packet
Destination Tunnel Tunnel Source
Node Exit-Point Entry-Point Node
Node Node
<------------------------->
Tunnel from Node C to Node B
Fig.2 Bi-directional Tunneling Mechanism
Bi-directional tunneling is achieved by merging two unidirectional mechanisms, that is, configuring two tunnels, each in opposite direction to the other - the entry-point node of one tunnel is the exit-point node of the other tunnel (see Fig.2).
通过合并两个单向机构实现双向隧道,即配置两个隧道,每个隧道的方向与另一个相反-一个隧道的入口点节点是另一个隧道的出口点节点(见图2)。
IPv6 encapsulation consists of prepending to the original packet an IPv6 header and, optionally, a set of IPv6 extension headers (see Fig.3), which are collectively called tunnel IPv6 headers. The encapsulation takes place in an IPv6 tunnel entry-point node, as the result of an original packet being forwarded onto the virtual link represented by the tunnel. The original packet is processed during forwarding according to the forwarding rules of the protocol of that packet. For instance if the original packet is an:
IPv6封装包括在原始数据包前附加一个IPv6头和一组可选的IPv6扩展头(见图3),它们统称为隧道IPv6头。封装发生在IPv6隧道入口点节点中,其结果是原始数据包被转发到由隧道表示的虚拟链路上。原始分组在转发期间根据该分组的协议的转发规则进行处理。例如,如果原始数据包是:
(a) IPv6 packet, the IPv6 original header hop limit is decremented by one.
(a) IPv6数据包,IPv6原始标头跳数限制减少1。
(b) IPv4 packet, the IPv4 original header time to live field (TTL) is decremented by one.
(b) IPv4数据包中,IPv4原始报头生存时间字段(TTL)递减1。
At encapsulation, the source field of the tunnel IPv6 header is filled with an IPv6 address of the tunnel entry-point node, and the destination field with an IPv6 address of the tunnel exit-point. Subsequently, the tunnel packet resulting from encapsulation is sent towards the tunnel exit-point node.
封装时,隧道IPv6头的源字段填充隧道入口点节点的IPv6地址,目标字段填充隧道出口点的IPv6地址。随后,由封装产生的隧道分组被发送到隧道出口点节点。
+----------------------------------//-----+
| Original | |
| | Original Packet Payload |
| Header | |
+----------------------------------//-----+
< Original Packet >
|
v
<Tunnel IPv6 Headers> < Original Packet >
+----------------------------------//-----+
| Original | |
| | Original Packet Payload |
| Header | |
+----------------------------------//-----+
< Original Packet >
|
v
<Tunnel IPv6 Headers> < Original Packet >
+---------+ - - - - - +-------------------------//--------------+
| IPv6 | IPv6 | |
| | Extension | Original Packet |
| Header | Headers | |
+---------+ - - - - - +-------------------------//--------------+
< Tunnel IPv6 Packet >
+---------+ - - - - - +-------------------------//--------------+
| IPv6 | IPv6 | |
| | Extension | Original Packet |
| Header | Headers | |
+---------+ - - - - - +-------------------------//--------------+
< Tunnel IPv6 Packet >
Fig.3 Encapsulating a Packet
图3封装数据包
Tunnel extension headers should appear in the order recommended by the specifications that define the extension headers, such as [IPv6- Spec].
隧道扩展头应按照定义扩展头的规范(如[IPv6-Spec])建议的顺序显示。
A source of original packets and a tunnel entry-point that encapsulates those packets can be the same node.
原始数据包的源和封装这些数据包的隧道入口点可以是同一节点。
The intermediate nodes in the tunnel process the IPv6 tunnel packets according to the IPv6 protocol. For example, a tunnel Hop by Hop Options extension header is processed by each receiving node in the tunnel; a tunnel Routing extension header identifies the intermediate processing nodes, and controls at a finer granularity the forwarding path of the tunnel packet through the tunnel; a tunnel Destination Options extension header is processed at the tunnel exit-point node.
隧道中的中间节点根据IPv6协议处理IPv6隧道数据包。例如,隧道中的每个接收节点处理隧道逐跳选项扩展报头;隧道路由扩展报头标识中间处理节点,并以更细粒度控制隧道分组通过隧道的转发路径;在隧道出口点节点处处理隧道目标选项扩展标头。
Decapsulation is graphically shown in Fig.4:
脱封如图4所示:
+---------+- - - - - -+----------------------------------//-----+
| IPv6 | IPv6 | |
| | Extension | Original Packet |
| Header | Headers | |
+---------+- - - - - -+----------------------------------//-----+
< Tunnel IPv6 Packet >
|
v
+----------------------------------//-----+
| Original | |
| | Original Packet Payload |
| Headers | |
+----------------------------------//-----+
< Original Packet >
+---------+- - - - - -+----------------------------------//-----+
| IPv6 | IPv6 | |
| | Extension | Original Packet |
| Header | Headers | |
+---------+- - - - - -+----------------------------------//-----+
< Tunnel IPv6 Packet >
|
v
+----------------------------------//-----+
| Original | |
| | Original Packet Payload |
| Headers | |
+----------------------------------//-----+
< Original Packet >
Fig.4 Decapsulating a Packet
图4对一个包进行去封装
Upon receiving an IPv6 packet destined to an IPv6 address of a tunnel exit-point node, its IPv6 protocol layer processes the tunnel headers. The strict left-to-right processing rules for extension headers is applied. When processing is complete, control is handed to the next protocol engine, which is identified by the Next Header field value in the last header processed. If this is set to a tunnel protocol value, the tunnel protocol engine discards the tunnel headers and passes the resulting original packet to the Internet or lower layer protocol identified by that value for further processing.
在接收到目的地为隧道出口点节点的IPv6地址的IPv6数据包时,其IPv6协议层处理隧道头。对扩展头应用严格的从左到右处理规则。处理完成后,控制权交给下一个协议引擎,该引擎由上一个处理的报头中的下一个报头字段值标识。如果将其设置为隧道协议值,隧道协议引擎将丢弃隧道报头,并将生成的原始数据包传递给由该值标识的互联网或较低层协议,以供进一步处理。
For example, in the case the Next Header field has the IPv6 Tunnel Protocol value, the resulting original packet is passed to the IPv6 protocol layer.
例如,在下一个报头字段具有IPv6隧道协议值的情况下,生成的原始数据包被传递到IPv6协议层。
The tunnel exit-point node, which decapsulates the tunnel packets, and the destination node, which receives the resulting original packets can be the same node.
隧道出口点节点(解除对隧道数据包的封装)和目标节点(接收生成的原始数据包)可以是同一个节点。
Packet flow (paths #1-7) through the IPv6 Tunnel Protocol Engine on a node is graphically shown in Fig.5:
通过节点上IPv6隧道协议引擎的数据包流(路径#1-7)如图5所示:
Note:
注:
In Fig.5, the Upper-Layer Protocols box represents transport protocols such as TCP, UDP, control protocols such as ICMP, routing protocols such as OSPF, and internet or lower-layer protocol being "tunneled" over IPv6, such as IPv4, IPX, etc. The Link-Layer Protocols box represents Ethernet, Token Ring, FDDI, PPP, X.25, Frame Relay, ATM, etc..., as well as internet layer "tunnels" such as IPv4 tunnels.
在图5中,上层协议框表示传输协议(如TCP、UDP)、控制协议(如ICMP)、路由协议(如OSPF)和互联网,或通过IPv6“隧道”的下层协议(如IPv4、IPX等)。链路层协议框表示以太网、令牌环、FDDI、PPP、X.25、帧中继、ATM等。。。,以及互联网层“隧道”,如IPv4隧道。
The IPv6 tunnel protocol engine acts as both an "upper-layer" and a "link-layer", each with a specific input and output as follows:
IPv6隧道协议引擎充当“上层”和“链路层”,每一层都有一个特定的输入和输出,如下所示:
(u.i) "tunnel upper-layer input" - consists of tunnel IPv6 packets that are going to be decapsulated. The tunnel packets are incoming through the IPv6 layer from:
(u.i)“隧道上层输入”-由将被解除封装的隧道IPv6数据包组成。隧道数据包通过IPv6层从以下位置传入:
(u.i.1) a link-layer - (path #1, Fig.5)
(u.i.1)链路层-(路径1,图5)
These are tunnel packets destined to this node and will undergo decapsulation.
这些是发送到此节点的隧道数据包,将进行解除封装。
(u.i.2) a tunnel link-layer - (path #7, Fig.5)
(u.i.2)隧道连接层-(路径7,图5)
These are tunnel packets that underwent one or more decapsulations on this node, that is, the packets had one or more nested tunnel headers and one nested tunnel header was just discarded. This node is the exit-point of both an outer tunnel and one or more of its inner tunnels.
这些是在此节点上经历了一次或多次解除封装的隧道数据包,也就是说,这些数据包具有一个或多个嵌套的隧道头,而一个嵌套的隧道头刚刚被丢弃。此节点是外部通道及其一个或多个内部通道的出口点。
For both above cases the resulting original packets are passed back to the IPv6 layer as "tunnel link-layer" output for further processing (see b.2).
对于上述两种情况,生成的原始数据包作为“隧道链路层”输出传回IPv6层,以供进一步处理(见b.2)。
+-----------------------+ +-----------------------------------+
| Upper-Layer Protocols | | IPv6 Tunnel Upper-Layer |
| | | |
| | | ---<-------------------<------- |
| | | | ---->---|------>--------- | |
| | | | | | | | | |
+-----------------------+ +-----------------------+ | | |
| | | | | | | | | v ^ |
v ^ v ^ v ^ v ^ Tunnel | | | |
| | | | | | | | Packets| | | |
+---------------------------------------------+ | | | |
| | | | | / / | | | | D E |
| v ^ IPv6 | --<-3--/-/--<---- | | | | E N |
| | | Layer ---->-4-/-/--->-- | | | | | C C |
| v ^ / / | | | | | | A A |
| | | 2 1 | | | | | | P P |
| v ^ -----<---5---/-/-<---- v ^ v ^ | | S S |
| | | | -->---6---/-/-->-- | | | | | | | U U |
| v ^ | | / / 6 5 4 3 8 7 | | L L |
| | | | | / / | | | | | | | | A A |
| v ^ v ^ / / v ^ | | | | | | T T |
+---------------------------------------------+ | E E |
| | | | | | | | | | | | | | | |
v ^ v ^ v ^ v ^ v ^ v ^ Original| | | |
| | | | | | | | | | | | Packets | v ^ |
+-----------------------+ +-----------------------+ | | |
| | | | | | | | | | | |
| | | | ---|----|-------<-------- | |
| | | --->--------------->------>---- |
| | | |
| Link-Layer Protocols | | IPv6 Tunnel Link-Layer |
+-----------------------+ +-----------------------------------+
+-----------------------+ +-----------------------------------+
| Upper-Layer Protocols | | IPv6 Tunnel Upper-Layer |
| | | |
| | | ---<-------------------<------- |
| | | | ---->---|------>--------- | |
| | | | | | | | | |
+-----------------------+ +-----------------------+ | | |
| | | | | | | | | v ^ |
v ^ v ^ v ^ v ^ Tunnel | | | |
| | | | | | | | Packets| | | |
+---------------------------------------------+ | | | |
| | | | | / / | | | | D E |
| v ^ IPv6 | --<-3--/-/--<---- | | | | E N |
| | | Layer ---->-4-/-/--->-- | | | | | C C |
| v ^ / / | | | | | | A A |
| | | 2 1 | | | | | | P P |
| v ^ -----<---5---/-/-<---- v ^ v ^ | | S S |
| | | | -->---6---/-/-->-- | | | | | | | U U |
| v ^ | | / / 6 5 4 3 8 7 | | L L |
| | | | | / / | | | | | | | | A A |
| v ^ v ^ / / v ^ | | | | | | T T |
+---------------------------------------------+ | E E |
| | | | | | | | | | | | | | | |
v ^ v ^ v ^ v ^ v ^ v ^ Original| | | |
| | | | | | | | | | | | Packets | v ^ |
+-----------------------+ +-----------------------+ | | |
| | | | | | | | | | | |
| | | | ---|----|-------<-------- | |
| | | --->--------------->------>---- |
| | | |
| Link-Layer Protocols | | IPv6 Tunnel Link-Layer |
+-----------------------+ +-----------------------------------+
Fig.5 Packet Flow in the IPv6 Tunneling Protocol Engine on a Node
图5节点上IPv6隧道协议引擎中的数据包流
(u.o) "tunnel upper-layer output" - consists of tunnel IPv6 packets that are passed through the IPv6 layer down to:
(u.o)“隧道上层输出”-包括通过IPv6层向下传递到以下位置的隧道IPv6数据包:
(u.o.1) a link-layer - (path #2, Fig.5)
(u.o.1)链路层-(路径2,图5)
These packets underwent encapsulation and are sent towards the tunnel exit-point
这些数据包经过封装后被发送到隧道出口点
(u.o.2) a tunnel link-layer - (path #8, Fig.5)
(u.o.2)隧道连接层-(路径8,图5)
These tunnel packets undergo nested encapsulation. This node is the entry-point node of both an outer tunnel and one or more of its inner tunnel.
这些隧道包进行嵌套封装。此节点是外部通道及其一个或多个内部通道的入口点节点。
Implementation Note:
实施说明:
The tunnel upper-layer input and output can be implemented similar to the input and output of the other upper-layer protocols.
隧道上层输入和输出可以与其他上层协议的输入和输出类似地实现。
The tunnel link-layer input and output are as follows:
隧道链路层输入和输出如下:
(l.i) "tunnel link-layer input" - consists of original IPv6 packets that are going to be encapsulated.
(l.i)“隧道链路层输入”-由将被封装的原始IPv6数据包组成。
The original packets are incoming through the IPv6 layer from:
原始数据包通过IPv6层从以下位置传入:
(l.i.1) an upper-layer - (path #4, Fig.5)
(l.i.1)上层-(路径4,图5)
These are original packets originating on this node that undergo encapsulation. The original packet source and tunnel entry-point are the same node.
这些是源于此节点并经过封装的原始数据包。原始数据包源和隧道入口点是同一节点。
(l.i.2) a link-layer - (path #6, Fig.5)
(l.i.2)链路层-(路径6,图5)
These are original packets incoming from a different node that undergo encapsulation on this tunnel entry-point node.
这些是从不同节点传入的原始数据包,在该隧道入口点节点上进行封装。
(l.i.3) a tunnel upper-layer - (path #8, Fig.5)
(l.i.3)隧道上层-(路径8,图5)
These packets are tunnel packets that undergo nested encapsulation. This node is the entry-point node of both an outer tunnel and one or more of its inner tunnels.
这些数据包是经过嵌套封装的隧道数据包。此节点是外部通道及其一个或多个内部通道的入口点节点。
The resulting tunnel packets are passed as tunnel upper-layer output packets through the IPv6 layer (see u.o) down to:
产生的隧道数据包作为隧道上层输出数据包通过IPv6层(参见u.o)向下传递至:
(l.o) "tunnel link-layer output" - consists of original IPv6 packets resulting from decapsulation. These packets are passed through the IPv6 layer to:
(l.o)“隧道链路层输出”-由解除封装产生的原始IPv6数据包组成。这些数据包通过IPv6层传递到:
(l.o.1) an upper-layer - (path #3, Fig.5)
(l.o.1)上层-(路径3,图5)
These original packets are destined to this node.
这些原始数据包将发送到此节点。
(l.o.2) a link-layer - (path #5, Fig.5)
(l.o.2)链路层-(路径5,图5)
These original packets are destined to another node; they are transmitted on a link towards their destination.
这些原始分组被发送到另一个节点;它们通过链路传输到目的地。
(l.o.3) a tunnel upper-layer - (path #7, Fig.5)
(l.o.3)隧道上层-(路径7,图5)
These packets undergo another decapsulation; they were nested tunnel packets. This node is both the exit-point node of an outer tunnel and one or more inner tunnels.
这些包进行另一次去封装;它们是嵌套的隧道数据包。此节点既是外部通道的出口点节点,也是一个或多个内部通道的出口点节点。
Implementation Note:
实施说明:
The tunnel link-layer input and output can be implemented similar to the input and output of other link-layer protocols, for instance, associating an interface or pseudo-interface with the IPv6 tunnel.
隧道链路层输入和输出可以类似于其他链路层协议的输入和输出来实现,例如,将接口或伪接口与IPv6隧道相关联。
The selection of the "IPv6 tunnel link" over other links results from the packet forwarding decision taken based on the content of the node's routing table.
在其他链路上选择“IPv6隧道链路”是根据节点路由表的内容做出的分组转发决策的结果。
Nested IPv6 encapsulation is the encapsulation of a tunnel packet. It takes place when a hop of an IPv6 tunnel is a tunnel. The tunnel containing a tunnel is called an outer tunnel. The tunnel contained in the outer tunnel is called an inner tunnel - see Fig.6. Inner tunnels and their outer tunnels are nested tunnels.
嵌套IPv6封装是隧道数据包的封装。它发生在IPv6隧道的一个跃点是隧道时。包含隧道的隧道称为外部隧道。外部通道中包含的通道称为内部通道-见图6。内部隧道及其外部隧道均为嵌套隧道。
The entry-point node of an "inner IPv6 tunnel" receives tunnel IPv6 packets encapsulated by the "outer IPv6 tunnel" entry-point node. The "inner tunnel entry-point node" treats the receiving tunnel packets as original packets and performs encapsulation. The resulting packets are "tunnel packets" for the "inner IPv6 tunnel", and "nested tunnel packets" for the "outer IPv6 tunnel".
“内部IPv6隧道”的入口点节点接收由“外部IPv6隧道”入口点节点封装的隧道IPv6数据包。“内部隧道入口点节点”将接收隧道分组视为原始分组并执行封装。生成的数据包是“内部IPv6隧道”的“隧道数据包”,以及“外部IPv6隧道”的“嵌套隧道数据包”。
Outer Tunnel
<------------------------------------->
<--links--><-virtual link-><--links--->
Inner Tunnel
Outer Tunnel
<------------------------------------->
<--links--><-virtual link-><--links--->
Inner Tunnel
Outer Tunnel Outer Tunnel
Entry-Point Exit-Point
Node Node
+-+ +-+ +-+ +-+ +-+ +-+
| | | | | | | | | | | |
| |->-//->-| |=>=//=>=| |**>**//**>**| |=>=//=>==| |->-//->-| |
| | | | | | | | | | | |
+-+ +-+ +-+ +-+ +-+ +-+
Original Inner Tunnel Inner Tunnel Original
Packet Entry-Point Exit-Point Packet
Source Node Node Destination
Node Node
Outer Tunnel Outer Tunnel
Entry-Point Exit-Point
Node Node
+-+ +-+ +-+ +-+ +-+ +-+
| | | | | | | | | | | |
| |->-//->-| |=>=//=>=| |**>**//**>**| |=>=//=>==| |->-//->-| |
| | | | | | | | | | | |
+-+ +-+ +-+ +-+ +-+ +-+
Original Inner Tunnel Inner Tunnel Original
Packet Entry-Point Exit-Point Packet
Source Node Node Destination
Node Node
Fig.6. Nested Encapsulation
图6。嵌套封装
A tunnel IPv6 packet is limited to the maximum IPv6 packet size [IPv6-Spec]. Each encapsulation adds to the size of an encapsulated packet the size of the tunnel IPv6 headers. Consequently, the number of tunnel headers, and therefore, the number of nested encapsulations is limited by the maximum packet size. However this limit is so large (more than 1600 encapsulations for an original packet of minimum size) that it is not an effective limit in most cases.
隧道IPv6数据包被限制为最大IPv6数据包大小[IPv6规范]。每个封装都会将隧道IPv6头的大小添加到封装数据包的大小中。因此,隧道头的数量以及嵌套封装的数量受到最大数据包大小的限制。但是,该限制非常大(对于最小大小的原始数据包,超过1600个封装),因此在大多数情况下都不是有效的限制。
The increase in the size of a tunnel IPv6 packet due to nested encapsulations may require fragmentation [IPv6-Spec] at a tunnel entry point - see section 7. Furthermore, each fragmentation, due to nested encapsulation, of an already fragmented tunnel packet results in a doubling of the number of fragments. Moreover, it is probable that once this fragmentation begins, each new nested encapsulation results in yet additional fragmentation. Therefore limiting nested encapsulation is recommended.
由于嵌套封装导致的隧道IPv6数据包大小的增加可能需要在隧道入口点进行分段[IPv6规范]——参见第7节。此外,由于嵌套封装,已经碎片化的隧道数据包的每个碎片都会导致碎片数量加倍。此外,一旦这个分段开始,每个新的嵌套封装都可能导致额外的分段。因此,建议限制嵌套封装。
The proposed mechanism for limiting excessive nested encapsulation is a "Tunnel Encapsulation Limit" option, which is carried in an IPv6 Destination Options extension header accompanying an encapsulating IPv6 header.
建议的限制过度嵌套封装的机制是“隧道封装限制”选项,该选项携带在IPv6目标选项扩展报头中,与封装IPv6报头一起。
A tunnel entry-point node may be configured to include a Tunnel Encapsulation Limit option as part of the information prepended to all packets entering a tunnel at that node. The Tunnel Encapsulaton Limit option is carried in a Destination Options extension header [IPv6-Spec] placed between the encapsulating IPv6 header and the IPv6 header of the original packet. (Other IPv6 extension headers may also be present preceding or following the Destination Options extension header, depending on configuration information at the tunnel entry-point node.)
隧道入口点节点可被配置为包括隧道封装限制选项,作为在该节点处进入隧道的所有分组的信息的一部分。隧道封装限制选项位于原始数据包的封装IPv6标头和IPv6标头之间的目标选项扩展标头[IPv6 Spec]中。(根据隧道入口点节点处的配置信息,其他IPv6扩展头也可能出现在目标选项扩展头之前或之后。)
The Tunnel Encapsulation Limit option specifies how many additional levels of encapsulation are permitted to be prepended to the packet -- or, in other words, how many further levels of nesting the packet is permitted to undergo -- not counting the encapsulation in which the option itself is contained. For example, a Tunnel Encapsulation Limit option containing a limit value of zero means that a packet carrying that option may not enter another tunnel before exiting the current tunnel.
隧道封装限制选项指定允许向数据包添加多少额外的封装级别,或者换句话说,允许对数据包进行多少进一步的嵌套级别,而不包括包含选项本身的封装。例如,包含限制值为零的隧道封装限制选项意味着携带该选项的数据包在退出当前隧道之前不能进入另一个隧道。
The Tunnel Encapsulation Limit option has the following format:
隧道封装限制选项具有以下格式:
Option Type Opt Data Len Opt Data Len
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 0 0 1 0 0| 1 | Tun Encap Lim |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Type Opt Data Len Opt Data Len
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 0 0 1 0 0| 1 | Tun Encap Lim |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Option Type decimal value 4
选项类型十进制值4
- the highest-order two bits - set to 00 - indicate "skip over this option if the option is not recognized".
- 最高顺序的两位(设置为00)表示“如果无法识别该选项,则跳过该选项”。
- the third-highest-order bit - set to 0 - indicates that the option data in this option does not change en route to the packet's destination [IPv6-Spec].
-第三高阶位-设置为0-表示此选项中的选项数据在发送到数据包目的地[IPv6规范]的过程中不会更改。
Opt Data Len value 1 - the data portion of the Option is one octet long.
Opt Data Len value 1-选项的数据部分为一个八位字节长。
Opt Data Value the Tunnel Encapsulation Limit value - 8-bit unsigned integer specifying how many further levels of encapsulation are permitted for the
Opt Data Value隧道封装限制值-8位无符号整数,指定允许为隧道进一步封装的级别
Tunnel Encapsulation Limit options are of interest only to tunnel entry points. A tunnel entry-point node is required to execute the following procedure for every packet entering a tunnel at that node:
隧道封装限制选项仅对隧道入口点感兴趣。隧道入口点节点需要对在该节点进入隧道的每个数据包执行以下过程:
(a) Examine the packet to see if a Tunnel Encapsulation Limit option is present following its IPv6 header. The headers following the IPv6 header must be examined in strict "left-to-right" order, with the examination stopping as soon as any one of the following headers is encountered: (i) a Destination Options extension header containing a Tunnel Encapsulation Limit, (ii) another IPv6 header, (iii) a non-extension header, such as TCP, UDP, or ICMP, or (iv) a header that cannot be parsed because it is encrypted or its type is unknown. (Note that this requirment is an exception to the general IPv6 rule that a Destination Options extension header need only be examined by a packet's destination node. An alternative and "cleaner" approach would have been to use a Hop-by-Hop extension header for this purpose, but that would have imposed an undesirable extra processing burden, and possible consequent extra delay, at every IPv6 node along the path of a tunnel.)
(a) 检查数据包,查看其IPv6标头后是否存在隧道封装限制选项。必须严格按照“从左到右”的顺序检查IPv6标头后面的标头,一旦遇到以下任何标头,检查就会停止:(i)包含隧道封装限制的目标选项扩展标头,(ii)另一个IPv6标头,(iii)非扩展标头,如TCP、UDP或ICMP,或(iv)由于已加密或其类型未知而无法解析的标头。(注意,此要求是对一般IPv6规则的例外,即目的地选项扩展标头只需由数据包的目的地节点检查。另一种选择是“更干净”这种方法是使用逐跳扩展报头来实现此目的,但这会在隧道路径上的每个IPv6节点上造成不希望的额外处理负担,并可能导致额外延迟。)
(b) If a Tunnel Encapsulation Limit option is found in the packet entering the tunnel and its limit value is zero, the packet is discarded and an ICMP Parameter Problem message [ICMP-Spec] is sent to the source of the packet, which is the previous tunnel entry-point node. The Code field of the Parameter Problem message is set to zero ("erroneous header field encountered") and the Pointer field is set to point to the third octet of the Tunnel Encapsulation Limit option (i.e., the octet containing the limit value of zero).
(b) 如果在进入隧道的数据包中发现隧道封装限制选项,且其限制值为零,则丢弃该数据包,并将ICMP参数问题消息[ICMP Spec]发送到该数据包的源,即前一个隧道入口点节点。参数问题消息的代码字段设置为零(“遇到错误的标题字段”),指针字段设置为指向隧道封装限制选项的第三个八位字节(即,包含零限制值的八位字节)。
(c) If a Tunnel Encapsulation Limit option is found in the packet entering the tunnel and its limit value is non-zero, an additional Tunnel Encapsulation Limit option must be included as part of the encapsulating headers being added at this entry point. The limit value in the encapsulating option is set to one less than the limit value found in the packet being encapsulated.
(c) 如果在进入隧道的数据包中发现隧道封装限制选项,且其限制值为非零,则必须将附加的隧道封装限制选项包括在此入口点添加的封装头的一部分。封装选项中的限制值设置为比正在封装的数据包中的限制值小一个。
(d) If a Tunnel Encapsulation Limit option is not found in the packet entering the tunnel and if an encapsulation limit has been configured for this tunnel, a Tunnel Encapsulation Limit option must be included as part of the encapsulating headers being added at this entry point. The limit value in the option is set to the configured limit.
(d) 如果在进入隧道的数据包中未找到隧道封装限制选项,并且如果已为此隧道配置了封装限制,则必须将隧道封装限制选项包括在此入口点添加的封装头的一部分。选项中的限制值设置为配置的限制。
(e) If a Tunnel Encapsulation Limit option is not found in the packet entering the tunnel and if no encapsulation limit has been configured for this tunnel, then no Tunnel Encapsulation Limit option is included as part of the encapsulating headers being added at this entry point.
(e) 如果在进入隧道的数据包中找不到隧道封装限制选项,并且没有为此隧道配置封装限制,则不包括隧道封装限制选项,作为在该入口点添加的封装头的一部分。
A Tunnel Encapsulation Limit option added at a tunnel entry-point node is removed as part of the decapsulation process at that tunnel's exit-point node.
在隧道入口点节点添加的隧道封装限制选项将作为该隧道出口点节点处的解封装过程的一部分被删除。
Two cases of encapsulation that should be avoided are described below:
应避免的两种封装情况如下所述:
A particular case of encapsulation which must be avoided is the loopback encapsulation. Loopback encapsulation takes place when a tunnel IPv6 entry-point node encapsulates tunnel IPv6 packets originated from itself, and destined to itself. This can generate an infinite processing loop in the entry-point node.
必须避免的一种特殊封装情况是环回封装。当隧道IPv6入口点节点封装源自自身并以自身为目的地的隧道IPv6数据包时,将发生环回封装。这可以在入口点节点中生成无限的处理循环。
To avoid such a case, it is recommended that an implementation have a mechanism that checks and rejects the configuration of a tunnel in which both the entry-point and exit-point node addresses belong to the same node. It is also recommended that the encapsulating engine check for and reject the encapsulation of a packet that has the pair of tunnel entry-point and exit-point addresses identical with the pair of original packet source and final destination addresses.
为了避免这种情况,建议实现具有检查和拒绝入口点和出口点节点地址都属于同一节点的隧道配置的机制。还建议封装引擎检查并拒绝具有与原始数据包源和最终目的地地址对相同的隧道入口点和出口点地址的数据包的封装。
In the case of a forwarding path with multiple-level nested tunnels, a routing-loop from an inner tunnel to an outer tunnel is particularly dangerous when packets from the inner tunnels reenter an outer tunnel from which they have not yet exited. In such a case, the nested encapsulation becomes a recursive encapsulation with the negative effects described in 4.1. Because each nested encapsulation adds a tunnel header with a new hop limit value, the IPv6 hop limit mechanism cannot control the number of times the packet reaches the outer tunnel entry-point node, and thus cannot control the number of recursive encapsulations.
在具有多级嵌套隧道的转发路径的情况下,当来自内部隧道的数据包重新进入尚未退出的外部隧道时,从内部隧道到外部隧道的路由循环尤其危险。在这种情况下,嵌套封装成为递归封装,其负面影响如4.1所述。由于每个嵌套封装都会添加一个具有新的跃点限制值的隧道头,因此IPv6跃点限制机制无法控制数据包到达外部隧道入口点节点的次数,因此无法控制递归封装的次数。
When the path of a packet from source to final destination includes tunnels, the maximum number of hops that the packet can traverse should be controlled by two mechanisms used together to avoid the negative effects of recursive encapsulation in routing loops:
当数据包从源到最终目的地的路径包括隧道时,数据包可以通过的最大跳数应由两种机制共同控制,以避免路由循环中递归封装的负面影响:
(a) the original packet hop limit.
(a) 原始数据包跳跃限制。
It is decremented at each forwarding operation performed on an original packet. This includes each encapsulation of the original packet. It does not include nested encapsulations of the original packet
它在对原始分组执行的每个转发操作时递减。这包括原始数据包的每个封装。它不包括原始数据包的嵌套封装
(b) the tunnel IPv6 packet encapsulation limit.
(b) 隧道IPv6数据包封装限制。
It is decremented at each nested encapsulation of the packet.
它在包的每个嵌套封装处递减。
For a discussion of the excessive encapsulation risk factors in nested encapsulation see Appendix A.
有关嵌套封装中过度封装风险因素的讨论,请参见附录a。
The tunnel entry-point node fills out a tunnel IPv6 main header [IPv6-Spec] as follows:
隧道入口点节点填写隧道IPv6主标头[IPv6 Spec],如下所示:
Version:
版本:
value 6
价值6
Traffic Class:
交通等级:
Depending on the entry-point node tunnel configuration, the traffic class can be set to that of either the original packet or a pre-configured value - see section 6.4.
根据入口点节点隧道配置,可以将流量等级设置为原始数据包的流量等级或预配置值的流量等级-参见第6.4节。
Flow Label:
流量标签:
Depending on the entry-point node tunnel configuration, the flow label can be set to a pre-configured value. The typical value is zero - see section 6.5.
根据入口点节点隧道配置,可以将流量标签设置为预先配置的值。典型值为零-见第6.5节。
Payload Length:
有效载荷长度:
The original packet length, plus the length of the encapsulating (prepended) IPv6 extension headers, if any.
原始数据包长度,加上封装(预加)IPv6扩展头的长度(如果有)。
Next Header:
下一标题:
The next header value according to [IPv6-Spec] from the Assigned Numbers RFC [RFC-1700 or its successors].
根据分配编号RFC[RFC-1700或其后续编号]的[IPv6 Spec]的下一个标头值。
For example, if the original packet is an IPv6 packet, this is set to:
例如,如果原始数据包是IPv6数据包,则设置为:
- decimal value 41 (Assigned Next Header number for IPv6) - if there are no tunnel extension headers.
- 十进制值41(为IPv6分配下一个标头编号)-如果没有隧道扩展标头。
- value 0 (Assigned Next Header number for IPv6 Hop by Hop Options extension header) - if a hop by hop options extension header immediately follows the tunnel IPv6 header.
- 值0(为IPv6逐跳选项扩展标头分配的下一个标头编号)-如果逐跳选项扩展标头紧跟在隧道IPv6标头之后。
- decimal value 60 (Assigned Next Header number for IPv6 Destination Options extension header) - if a destination options extension header immediately follows the tunnel IPv6 header.
- 十进制值60(为IPv6目标选项扩展标头分配的下一个标头编号)-如果目标选项扩展标头紧跟在隧道IPv6标头之后。
Hop Limit:
跃点限制:
The tunnel IPv6 header hop limit is set to a pre-configured value - see section 6.3.
隧道IPv6标头跃点限制设置为预先配置的值-请参阅第6.3节。
The default value for hosts is the Neighbor Discovery advertised hop limit [ND-Spec]. The default value for routers is the default IPv6 Hop Limit value from the Assigned Numbers RFC (64 at the time of writing this document).
主机的默认值是邻居发现播发的跃点限制[ND Spec]。路由器的默认值是指定号码RFC中的默认IPv6跃点限制值(编写本文档时为64)。
Source Address:
来源地址:
An IPv6 address of the outgoing interface of the tunnel entry-point node. This address is configured as the tunnel entry-point node address - see section 6.1.
隧道入口点节点的传出接口的IPv6地址。该地址配置为隧道入口点节点地址-见第6.1节。
Destination Address:
目的地地址:
An IPv6 address of the tunnel exit-point node. This address is configured as the tunnel exit-point node address - see section 6.2.
隧道出口点节点的IPv6地址。该地址配置为隧道出口点节点地址-见第6.2节。
Depending on IPv6 node configuration parameters, a tunnel entry-point node may append to the tunnel IPv6 main header one or more IPv6 extension headers, such as a Hop-by-Hop Options header, a Routing header, or others.
根据IPv6节点配置参数,隧道入口点节点可以将一个或多个IPv6扩展头附加到隧道IPv6主头,例如逐跳选项头、路由头或其他。
To limit the number of nested encapsulations of a packet, if it was configured to do so - see section 6.6 - a tunnel entry-point includes a Destination Options extension header containing a Tunnel Encapsulation Limit option. If that option is the only option present in the Destination Options header, the header has the following format:
要限制数据包的嵌套封装数量,如果配置为这样做-请参阅第6.6节-隧道入口点包括包含隧道封装限制选项的目标选项扩展标头。如果该选项是目标选项标题中的唯一选项,则标题的格式如下:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header |Hdr Ext Len = 0| Opt Type = 4 |Opt Data Len=1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tun Encap Lim |PadN Opt Type=1|Opt Data Len=1 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header |Hdr Ext Len = 0| Opt Type = 4 |Opt Data Len=1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tun Encap Lim |PadN Opt Type=1|Opt Data Len=1 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Next Header:
下一标题:
Identifies the type of the original packet header. For example, if the original packet is an IPv6 packet, the next header protocol value is set to decimal value 41 (Assigned payload type number for IPv6).
标识原始数据包标头的类型。例如,如果原始数据包是IPv6数据包,则下一报头协议值设置为十进制值41(为IPv6分配的有效负载类型编号)。
Hdr Ext Len:
Hdr外部透镜:
Length of the Destination Options extension header in 8- octet units, not including the first 8 octets. Set to value 0, if no other options are present in this destination options header.
目标选项扩展标头的长度,以8个八位字节为单位,不包括前8个八位字节。如果此目标选项标题中不存在其他选项,则设置为值0。
Option Type:
选项类型:
value 4 - see section 4.1.1.
值4-见第4.1.1节。
Opt Data Len:
选择数据长度:
value 1 - see section 4.1.1.
值1-见第4.1.1节。
Tun Encap Lim:
Tun Encap Lim:
8 bit unsigned integer - see section 4.1.1.
8位无符号整数-见第4.1.1节。
Option Type:
选项类型:
value 1 - PadN option, to align the header following this header.
值1-PadN选项,将标题与此标题对齐。
Opt Data Len:
选择数据长度:
value 1 - one octet of option data.
值1-选项数据的一个八位字节。
Option Data:
选项数据:
value 0 - one zero-valued octet.
值0-一个零值八位组。
The IPv6 tunnel state variables, some of which are or may be configured on the tunnel entry-point node, are:
IPv6隧道状态变量(其中一些是或可能是在隧道入口点节点上配置的)包括:
The tunnel entry-point node address is one of the valid IPv6 unicast addresses of the entry-point node - the validation of the address at tunnel configuration time is recommended.
隧道入口点节点地址是入口点节点的有效IPv6单播地址之一-建议在隧道配置时验证该地址。
The tunnel entry-point node address is copied to the source address field in the tunnel IPv6 header during packet encapsulation.
在数据包封装期间,隧道入口点节点地址被复制到隧道IPv6报头中的源地址字段。
The tunnel exit-point node address is used as IPv6 destination address for the tunnel IPv6 header. A tunnel acts like a virtual point to point link between the entry-point node and exit-point node.
隧道出口点节点地址用作隧道IPv6标头的IPv6目标地址。隧道就像入口点节点和出口点节点之间的虚拟点对点链接。
The tunnel exit-point node address is copied to the destination address field in the tunnel IPv6 header during packet encapsulation.
在数据包封装期间,隧道出口点节点地址被复制到隧道IPv6报头中的目标地址字段。
The configuration of the tunnel entry-point and exit-point addresses is not subject to IPv6 Autoconfiguration or IPv6 Neighbor Discovery.
隧道入口点和出口点地址的配置不受IPv6自动配置或IPv6邻居发现的约束。
An IPv6 tunnel is modeled as a "single-hop virtual link" tunnel, in which the passing of the original packet through the tunnel is like the passing of the original packet over a one hop link, regardless of the number of hops in the IPv6 tunnel.
IPv6隧道被建模为“单跳虚拟链路”隧道,其中原始数据包通过隧道就像原始数据包通过单跳链路一样,而与IPv6隧道中的跳数无关。
The "single-hop" mechanism should be implemented by having the tunnel entry point node set a tunnel IPv6 header hop limit independently of the hop limit of the original header.
“单跳”机制应通过让隧道入口点节点设置独立于原始报头的跳数限制的隧道IPv6报头跳数限制来实现。
The "single-hop" mechanism hides from the original IPv6 packets the number of IPv6 hops of the tunnel.
“单跳”机制对原始IPv6数据包隐藏了隧道的IPv6跳数。
It is recommended that the tunnel hop limit be configured with a value that ensures:
建议为隧道跃点限制配置一个值,以确保:
(a) that tunnel IPv6 packets can reach the tunnel exit-point node
(a) 隧道IPv6数据包可以到达隧道出口点节点
(b) a quick expiration of the tunnel packet if a routing loop occurs within the IPv6 tunnel.
(b) 如果IPv6隧道内发生路由循环,则隧道数据包将快速过期。
The tunnel hop limit default value for hosts is the IPv6 Neighbor Discovery advertised hop limit [ND-Spec]. The tunnel hop limit default value for routers is the default IPv6 Hop Limit value from the Assigned Numbers RFC (64 at the time of writing this document).
主机的隧道跃点限制默认值是IPv6邻居发现播发的跃点限制[ND Spec]。路由器的隧道跃点限制默认值是指定编号RFC(编写本文档时为64)的默认IPv6跃点限制值。
The tunnel hop limit is copied into the hop limit field of the tunnel IPv6 header of each packet encapsulated by the tunnel entry-point node.
隧道跃点限制被复制到隧道入口点节点封装的每个数据包的隧道IPv6头的跃点限制字段中。
The IPv6 Tunnel Packet Traffic Class indicates the value that a tunnel entry-point node sets in the Traffic Class field of a tunnel header. The default value is zero. The configured Packet Traffic Class can also indicate whether the value of the Traffic Class field in the tunnel header is copied from the original header, or it is set to the pre-configured value.
IPv6隧道数据包流量类别表示隧道入口点节点在隧道头的流量类别字段中设置的值。默认值为零。配置的分组流量类还可以指示隧道报头中的流量类字段的值是从原始报头复制的,还是设置为预配置的值。
The IPv6 Tunnel Flow Label indicates the value that a tunnel entry-point node sets in the flow label of a tunnel header. The default value is zero.
IPv6隧道流标签指示隧道入口点节点在隧道标头的流标签中设置的值。默认值为零。
The Tunnel Encapsulation Limit value can indicate whether the entry-point node is configured to limit the number of encapsulations of tunnel packets originating on that node. The IPv6 Tunnel Encapsulation Limit is the maximum number of additional encapsulations permitted for packets undergoing encapsulation at that entry-point node. Recommended default value is 4. An entry-point node configured to limit the number of nested encapsulations prepends a Destination Options extension header containing a Tunnel Encapsulation Limit option to an original packet undergoing encapsulation - see sections 4.1 and 4.1.1.
隧道封装限制值可指示入口点节点是否配置为限制源自该节点的隧道数据包的封装数量。IPv6隧道封装限制是在该入口点节点上进行封装的数据包允许的最大附加封装数。建议的默认值为4。配置为限制嵌套封装数量的入口点节点将包含隧道封装限制选项的目标选项扩展头前置到正在进行封装的原始数据包-请参阅第4.1节和第4.1.1节。
The tunnel MTU is set dynamically to the Path MTU between the tunnel entry-point and the tunnel exit-point nodes, minus the size of the tunnel headers: the maximum size of a tunnel packet payload that can
隧道MTU动态设置为隧道入口点和隧道出口点节点之间的路径MTU,减去隧道报头的大小:可以传输的隧道数据包有效负载的最大大小
be sent through the tunnel without fragmentation [IPv6-Spec]. The tunnel entry-point node performs Path MTU discovery on the path between the tunnel entry-point and exit-point nodes [PMTU-Spec], [ICMP-Spec]. The tunnel MTU of a nested tunnel is the tunnel MTU of the outer tunnel minus the size of the nested tunnel headers.
通过隧道发送而不产生碎片[IPv6规范]。隧道入口点节点在隧道入口点和出口点节点[PMTU Spec]、[ICMP Spec]之间的路径上执行路径MTU发现。嵌套隧道的隧道MTU是外部隧道的隧道MTU减去嵌套隧道头的尺寸。
Prepending a tunnel header increases the size of a packet, therefore a tunnel packet resulting from the encapsulation of an IPv6 original packet may require fragmentation.
预先结束隧道报头会增加数据包的大小,因此,由于封装IPv6原始数据包而产生的隧道数据包可能需要分段。
A tunnel IPv6 packet resulting from the encapsulation of an original packet is considered an IPv6 packet originating from the tunnel entry-point node. Therefore, like any source of an IPv6 packet, a tunnel entry-point node must support fragmentation of tunnel IPv6 packets.
由于封装原始数据包而产生的隧道IPv6数据包被视为源自隧道入口点节点的IPv6数据包。因此,与IPv6数据包的任何源一样,隧道入口点节点必须支持隧道IPv6数据包的分段。
A tunnel intermediate node that forwards a tunnel packet to another node in the tunnel follows the general IPv6 rule that it must not fragment a packet undergoing forwarding.
将隧道数据包转发到隧道中另一个节点的隧道中间节点遵循一般IPv6规则,即它不能对正在转发的数据包进行分段。
A tunnel exit-point node receiving tunnel packets at the end of the tunnel for decapsulation applies the strict left-to-right processing rules for extension headers. In the case of a fragmented tunnel packet, the fragments are reassembled into a complete tunnel packet before determining that an embedded packet is present.
隧道出口点节点在隧道末端接收用于解除封装的隧道数据包,对扩展头应用严格的从左到右处理规则。在片段隧道分组的情况下,在确定存在嵌入分组之前,片段被重新组装成完整的隧道分组。
Note:
注:
A particular problem arises when the destination of a fragmented tunnel packet is an exit-point node identified by an anycast address. The problem, which is similar to that of original fragmented IPv6 packets destined to nodes identified by an anycast address, is that all the fragments of a packet must arrive at the same destination node for that node to be able to perform a successful reassembly, a requirement that is not necessarily satisfied by packets sent to an anycast address.
当分段隧道数据包的目的地是由选播地址标识的出口点节点时,会出现一个特定的问题。问题类似于发送到由选播地址标识的节点的原始分段IPv6数据包的问题,即数据包的所有片段必须到达同一目标节点,该节点才能成功地重新组装,发送到选播地址的数据包不一定满足的一种要求。
When an IPv6 original packet enters a tunnel, if the original packet size exceeds the tunnel MTU (i.e., the Path MTU between the tunnel entry-point and the tunnel exit-point, minus the size of the tunnel header(s)), it is handled as follows:
当IPv6原始数据包进入隧道时,如果原始数据包大小超过隧道MTU(即,隧道入口点和隧道出口点之间的路径MTU减去隧道头的大小),则按如下方式处理:
(a) if the original IPv6 packet size is larger than the IPv6 minimum link MTU [IPv6-Spec], the entry-point node discards the packet and sends an ICMPv6 "Packet Too Big" message to the source address of the original packet with the recommended MTU size field set to the tunnel MTU or the IPv6 minimum link MTU, whichever is larger, i.e. max (tunnel MTU, IPv6 minimum link MTU). Also see sections 6.7 and 8.2.
(a) 如果原始IPv6数据包大小大于IPv6最小链路MTU[IPv6规范],则入口点节点丢弃该数据包,并向原始数据包的源地址发送ICMPv6“数据包太大”消息,建议的MTU大小字段设置为隧道MTU或IPv6最小链路MTU,以较大者为准,即最大值(隧道MTU、IPv6最小链路MTU)。另见第6.7节和第8.2节。
(b) if the original IPv6 packet is equal or smaller than the IPv6 minimum link MTU, the tunnel entry-point node encapsulates the original packet, and subsequently fragments the resulting IPv6 tunnel packet into IPv6 fragments that do not exceed the Path MTU to the tunnel exit-point.
(b) 如果原始IPv6数据包等于或小于IPv6最小链路MTU,则隧道入口点节点封装原始数据包,并随后将生成的IPv6隧道数据包分割成不超过到隧道出口点的路径MTU的IPv6片段。
When an IPv4 original packet enters a tunnel, if the original packet size exceeds the tunnel MTU (i.e., the Path MTU between the tunnel entry-point and the tunnel exit-point, minus the size of the tunnel header(s)), it is handled as follows:
当IPv4原始数据包进入隧道时,如果原始数据包大小超过隧道MTU(即,隧道入口点和隧道出口点之间的路径MTU减去隧道头的大小),则按如下方式处理:
(a) if in the original IPv4 packet header the Don't Fragment - DF - bit flag is SET, the entry-point node discards the packet and returns an ICMP message. The ICMP message has the type = "unreachable", the code = "packet too big", and the recommended MTU size field set to the size of the tunnel MTU - see sections 6.7 and 8.3.
(a) 如果在原始IPv4数据包头中设置了Don't Fragment-DF-bit标志,则入口点节点将丢弃该数据包并返回ICMP消息。ICMP消息的type=“unreachable”、code=“packet too big”和建议的MTU大小字段设置为隧道MTU的大小-请参见第6.7节和第8.3节。
(b) if in the original packet header the Don't Fragment - DF - bit flag is CLEAR, the tunnel entry-point node encapsulates the original packet, and subsequently fragments the resulting IPv6 tunnel packet into IPv6 fragments that do not exceed the Path MTU to the tunnel exit-point.
(b) 如果在原始数据包报头中,不分段-DF-位标志是清除的,则隧道入口点节点封装原始数据包,并随后将生成的IPv6隧道数据包分段为不超过到隧道出口点的路径MTU的IPv6片段。
IPv6 Tunneling follows the general rule that an error detected during the processing of an IPv6 packet is reported through an ICMP message to the source of the packet.
IPv6隧道遵循的一般规则是,在处理IPv6数据包期间检测到的错误通过ICMP消息报告给数据包源。
On a forwarding path that includes IPv6 tunnels, an error detected by a node that is not in any tunnel is directly reported to the source of the original IPv6 packet.
在包含IPv6隧道的转发路径上,不在任何隧道中的节点检测到的错误将直接报告给原始IPv6数据包的源。
An error detected by a node inside a tunnel is reported to the source of the tunnel packet, that is, the tunnel entry-point node. The ICMP message sent to the tunnel entry-point node has as ICMP payload the tunnel IPv6 packet that has the original packet as its payload.
由隧道内的节点检测到的错误被报告给隧道分组的源,即隧道入口点节点。发送到隧道入口点节点的ICMP消息将原始数据包作为其有效负载的隧道IPv6数据包作为ICMP有效负载。
The cause of a packet error encountered inside a tunnel can be a problem with:
隧道内遇到数据包错误的原因可能是以下方面的问题:
(a) the tunnel header, or
(a) 隧道总管,或
(b) the tunnel packet.
(b) 隧道包。
Both tunnel header and tunnel packet problems are reported to the tunnel entry-point node.
隧道报头和隧道数据包问题都报告给隧道入口点节点。
If a tunnel packet problem is a consequence of a problem with the original packet, which is the payload of the tunnel packet, then the problem is also reported to the source of the original packet.
如果隧道数据包问题是原始数据包(即隧道数据包的有效载荷)问题的结果,则该问题也会报告给原始数据包的源。
To report a problem detected inside the tunnel to the source of an original packet, the tunnel entry point node must relay the ICMP message received from inside the tunnel to the source of that original IPv6 packet.
要向原始数据包的源报告在隧道内检测到的问题,隧道入口点节点必须将从隧道内接收到的ICMP消息中继到原始IPv6数据包的源。
An example of the processing that can take place in the error reporting mechanism of a node is illustrated in Fig.7, and Fig.8:
在节点的错误报告机制中可以发生的处理的示例如图7和图8所示:
Fig.7 path #0 and Fig.8 (a) - The IPv6 tunnel entry-point receives an ICMP packet from inside the tunnel, marked Tunnel ICMPv6 Message in Fig.7. The tunnel entry-point node IPv6 layer passes the received ICMP message to the ICMPv6 Input. The ICMPv6 Input, based on the ICMP type and code [ICMP-Spec] generates an internal "error code".
图7路径#0和图8(a)-IPv6隧道入口点从隧道内部接收ICMP数据包,在图7中标记为隧道ICMPv6消息。隧道入口点节点IPv6层将接收到的ICMP消息传递给ICMPv6输入。ICMPv6输入基于ICMP类型和代码[ICMP Spec]生成内部“错误代码”。
Fig.7 path #1 - The internal error code, is passed with the "ICMPv6 message payload" to the upper-layer protocol - in this case the IPv6 tunnel upper-layer error input.
图7路径#1-内部错误代码,与“ICMPv6消息有效负载”一起传递到上层协议-在本例中为IPv6隧道上层错误输入。
+-------+ +-------+ +-----------------------+
| Upper | | Upper | | Upper |
| Layer | | Layer | | Layer |
| Proto.| | Proto | | IPv6 Tunnel |
| Error | | Error | | Error |
| Input | | Input | | Input |
| | | | | Decapsulate |
| | | | | -->--ICMPv6--#2->-- |
| | | | | | Payload | |
+-------+ +-------+ +--|-----------------|--+
| | | |
^ ^ ^ v
| | | |
--------------------#1-- -----Orig.Packet?--- - - - - - - -
#1 #3 Int.Error Code, #5 |
Int.Error Code,^ v Source Address, v v
ICMPv6 Payload | IPv6 | Orig. Packet | IPv4 |
+--------------+ +------------+ +------------+ + - - +
| | | | | |
| ICMP v6 | | ICMP v6 | | ICMP v4 | | |
| Input | | Err Report | | Err Report |
| - - - - +----+ - - - -| + - - - -+ + - - +
| | | |
| IPv6 Layer | | IPv4 Layer | | |
| | | |
+--------------------------------+ +------------+ + - - +
| | |
^ V V
#0 #4 #6
| | |
Tunnel ICMPv6 ICMPv6 ICMPv4
Message Message Message
| | |
+-------+ +-------+ +-----------------------+
| Upper | | Upper | | Upper |
| Layer | | Layer | | Layer |
| Proto.| | Proto | | IPv6 Tunnel |
| Error | | Error | | Error |
| Input | | Input | | Input |
| | | | | Decapsulate |
| | | | | -->--ICMPv6--#2->-- |
| | | | | | Payload | |
+-------+ +-------+ +--|-----------------|--+
| | | |
^ ^ ^ v
| | | |
--------------------#1-- -----Orig.Packet?--- - - - - - - -
#1 #3 Int.Error Code, #5 |
Int.Error Code,^ v Source Address, v v
ICMPv6 Payload | IPv6 | Orig. Packet | IPv4 |
+--------------+ +------------+ +------------+ + - - +
| | | | | |
| ICMP v6 | | ICMP v6 | | ICMP v4 | | |
| Input | | Err Report | | Err Report |
| - - - - +----+ - - - -| + - - - -+ + - - +
| | | |
| IPv6 Layer | | IPv4 Layer | | |
| | | |
+--------------------------------+ +------------+ + - - +
| | |
^ V V
#0 #4 #6
| | |
Tunnel ICMPv6 ICMPv6 ICMPv4
Message Message Message
| | |
Fig.7 Error Reporting Flow in a Node (IPv6 Tunneling Protocol Engine)
图7节点中的错误报告流(IPv6隧道协议引擎)
Fig.7 path #2 and Fig.8 (b) - The IPv6 tunnel error input decapsulates the tunnel IPv6 packet, which is the ICMPv6 message payload, obtaining the original packet, and thus the original headers and dispatches the "internal error code", the source address from the original packet header, and the original packet, down to the error report block of the protocol identified by the Next Header field in the tunnel header immediately preceding the original packet in the ICMP message payload.
图7路径#2和图8(b)-IPv6隧道错误输入对隧道IPv6数据包(即ICMPv6消息有效载荷)进行解封,获得原始数据包,从而获得原始报头,并发送“内部错误代码”、原始数据包报头的源地址和原始数据包,直至ICMP消息有效负载中原始数据包之前的隧道报头中的下一个报头字段标识的协议的错误报告块。
From here the processing depends on the protocol of the original packet:
从这里开始,处理取决于原始数据包的协议:
(a) - for an IPv6 original packet
(a) -对于IPv6原始数据包
Fig.7 path #3 and Fig.8 (c.1)- for an IPv6 original packet, the ICMPv6 error report builds an ICMP message of a type and code according to the "internal error code", containing the "original packet" as ICMP payload.
图7路径#3和图8(c.1)-对于IPv6原始数据包,ICMPv6错误报告根据“内部错误代码”构建类型和代码的ICMP消息,其中包含作为ICMP有效负载的“原始数据包”。
Fig.7 path #4 and Fig.8 (d.1)- The ICMP message has the tunnel entry-point node address as source address, and the original packet source node address as destination address. The tunnel entry-point node sends the ICMP message to the source node of the original packet.
图7路径4和图8(d.1)-ICMP消息将隧道入口点节点地址作为源地址,原始数据包源节点地址作为目的地址。隧道入口点节点向原始数据包的源节点发送ICMP消息。
(b) - for an IPv4 original packet
(b) -对于IPv4原始数据包
Fig.7 path #5 and Fig.8 (c.2) - for an IPv4 original packet, the ICMPv4 error report builds an ICMP message of a type and code derived from the the "internal error code", containing the "original packet" as ICMP payload.
图7路径#5和图8(c.2)-对于IPv4原始数据包,ICMPv4错误报告构建一条ICMP消息,其类型和代码源自“内部错误代码”,包含“原始数据包”作为ICMP有效负载。
Fig.7 path #6 and Fig.8 (d.2) - The ICMP message has the tunnel entry-point node IPv4 address as source address, and the original packet IPv4 source node address as destination address. The tunnel entry-point node sends the ICMP message to the source node of the original packet.
图7路径#6和图8(d.2)-ICMP消息将隧道入口点节点IPv4地址作为源地址,原始数据包IPv4源节点地址作为目标地址。隧道入口点节点向原始数据包的源节点发送ICMP消息。
A graphical description of the header processing taking place is the following:
标题处理的图形描述如下:
< Tunnel Packet >
+--------+- - - - - -+--------+------------------------------//------+
| IPv6 | IPv6 | ICMP | Tunnel |
(a)| | Extension | | IPv6 |
| Header | Headers | Header | Packet in error |
+--------+- - - - - -+--------+------------------------------//------+
< Tunnel Headers > < Tunnel ICMP Message >
< ICMPv6 Message Payload >
|
v
< Tunnel ICMP Message >
< Tunnel IPv6 Packet in Error >
+--------+ +---------+ +----------+--------//------+
| ICMP | | Tunnel | | Original | Original |
(b) | | + | IPv6 | + | | Packet |
| Header | | Headers | | Headers | Payload |
+--------+ +---------+ +----------+--------//------+
| <Original Packet in Error >
----------------- |
| |
--------------|---------------
| |
V V
+---------+ +--------+ +-------------------//------+
| New | | ICMP | | |
(c.1) | IPv6 | + | | + | Orig. Packet in Error |
| Headers | | Header | | |
+---------+ +--------+ +-------------------//------+
|
v
+---------+--------+-------------------//------+
| New | ICMP | Original |
(d.1) | IPv6 | | |
| Headers | Header | Packet in Error |
+---------+--------+-------------------//------+
< New ICMP Message >
< Tunnel Packet >
+--------+- - - - - -+--------+------------------------------//------+
| IPv6 | IPv6 | ICMP | Tunnel |
(a)| | Extension | | IPv6 |
| Header | Headers | Header | Packet in error |
+--------+- - - - - -+--------+------------------------------//------+
< Tunnel Headers > < Tunnel ICMP Message >
< ICMPv6 Message Payload >
|
v
< Tunnel ICMP Message >
< Tunnel IPv6 Packet in Error >
+--------+ +---------+ +----------+--------//------+
| ICMP | | Tunnel | | Original | Original |
(b) | | + | IPv6 | + | | Packet |
| Header | | Headers | | Headers | Payload |
+--------+ +---------+ +----------+--------//------+
| <Original Packet in Error >
----------------- |
| |
--------------|---------------
| |
V V
+---------+ +--------+ +-------------------//------+
| New | | ICMP | | |
(c.1) | IPv6 | + | | + | Orig. Packet in Error |
| Headers | | Header | | |
+---------+ +--------+ +-------------------//------+
|
v
+---------+--------+-------------------//------+
| New | ICMP | Original |
(d.1) | IPv6 | | |
| Headers | Header | Packet in Error |
+---------+--------+-------------------//------+
< New ICMP Message >
or for an IPv4 original packet
或者对于IPv4原始数据包
+---------+ +--------+ +-------------------//------+
| New | | ICMP | | |
(c.2) | IPv4 | + | | + | Orig. Packet in Error |
| Header | | Header | | |
+---------+ +--------+ +-------------------//------+
|
v
+---------+--------+-------------------//------+
| New | ICMP | Original |
(d.2) | IPv4 | | |
| Header | Header | Packet in Error |
+---------+--------+-------------------//------+
< New ICMP Message >
+---------+ +--------+ +-------------------//------+
| New | | ICMP | | |
(c.2) | IPv4 | + | | + | Orig. Packet in Error |
| Header | | Header | | |
+---------+ +--------+ +-------------------//------+
|
v
+---------+--------+-------------------//------+
| New | ICMP | Original |
(d.2) | IPv4 | | |
| Header | Header | Packet in Error |
+---------+--------+-------------------//------+
< New ICMP Message >
Fig.8 ICMP Error Reporting and Processing
图8 ICMP错误报告和处理
The tunnel ICMP messages that are reported to the source of the original packet are:
报告给原始数据包源的隧道ICMP消息为:
hop limit exceeded
超出跃点限制
The tunnel has a misconfigured hop limit, or contains a routing loop, and packets do not reach the tunnel exit-point node. This problem is reported to the tunnel entry-point node, where the tunnel hop limit can be reconfigured to a higher value. The problem is further reported to the source of the original packet as described in section 8.2, or 8.3.
隧道具有错误配置的跃点限制,或包含路由循环,并且数据包未到达隧道出口点节点。此问题将报告给隧道入口点节点,在该节点中,可以将隧道跃点限制重新配置为更高的值。如第8.2节或第8.3节所述,将问题进一步报告给原始数据包的来源。
unreachable node
不可达节点
One of the nodes in the tunnel is not or is no longer reachable. This problem is reported to the tunnel entry-point node, which should be reconfigured with a valid and active path between the entry and exit-point of the tunnel.
隧道中的一个节点不可访问或不再可访问。此问题将报告给隧道入口点节点,该节点应使用隧道入口点和出口点之间的有效活动路径进行重新配置。
The problem is further reported to the source of the original packet as described in section 8.2, or 8.3.
如第8.2节或第8.3节所述,将问题进一步报告给原始数据包的来源。
parameter problem
参数问题
A Parameter Problem ICMP message pointing to a valid Tunnel Encapsulation Limit Destination header with a Tun Encap Lim field value set to one is an indication that the tunnel
指向Tun Encap Lim字段值设置为1的有效隧道封装限制目标标头的参数问题ICMP消息表示隧道
packet exceeded the maximum number of encapsulations allowed. The problem is further reported to the source of the original packet as described in section 8.2, or 8.3.
数据包超出了允许的最大封装数。如第8.2节或第8.3节所述,将问题进一步报告给原始数据包的来源。
The above three problems detected inside the tunnel, which are a tunnel configuration and a tunnel topology problem, are reported to the source of the original IPv6 packet, as a tunnel generic "unreachable" problem caused by a "link problem" - see section 8.2 and 8.3.
在隧道内检测到的上述三个问题,即隧道配置和隧道拓扑问题,将作为“链路问题”导致的隧道通用“无法访问”问题报告给原始IPv6数据包的源-请参阅第8.2节和第8.3节。
packet too big
包太大了
The tunnel packet exceeds the tunnel Path MTU.
隧道数据包超出了隧道路径MTU。
The information carried by this type of ICMP message is used as follows:
此类ICMP报文携带的信息使用如下:
- by a receiving tunnel entry-point node to set or adjust the tunnel MTU
- 由接收隧道入口点节点设置或调整隧道MTU
- by a sending tunnel entry-point node to indicate to the source of an original packet the MTU size that should be used in sending IPv6 packets towards the tunnel entry-point node.
- 由发送隧道入口点节点向原始数据包的源指示在向隧道入口点节点发送IPv6数据包时应使用的MTU大小。
The tunnel entry-point node builds the ICMP and IPv6 headers of the ICMP message that is sent to the source of the original packet as follows:
隧道入口点节点构建发送到原始数据包源的ICMP消息的ICMP和IPv6头,如下所示:
IPv6 Fields:
IPv6字段:
Source Address
源地址
A valid unicast IPv6 address of the outgoing interface.
传出接口的有效单播IPv6地址。
Destination Address
目的地址
Copied from the Source Address field of the Original IPv6 header.
从原始IPv6标头的源地址字段复制。
ICMP Fields:
ICMP字段:
For any of the following tunnel ICMP error messages:
对于以下任一隧道ICMP错误消息:
"hop limit exceeded"
“超出跃点限制”
"unreachable node"
“无法访问的节点”
"parameter problem" - pointing to a valid Tunnel Encapsulation Limit destination header with the Tun Encap Lim field set to a value zero:
“参数问题”-指向Tun Encap Lim字段设置为零值的有效隧道封装限制目标标头:
Type 1 - unreachable node
类型1-无法访问的节点
Code 3 - address unreachable
代码3-无法访问地址
For tunnel ICMP error message "packet too big":
对于隧道ICMP错误消息“数据包太大”:
Type 2 - packet too big
类型2-数据包太大
Code 0
代码0
MTU The MTU field from the tunnel ICMP message minus the length of the tunnel headers.
MTU隧道ICMP消息中的MTU字段减去隧道头的长度。
According to the general rules described in 7.1, an ICMP "packet too big" message is sent to the source of the original packet only if the original packet size is larger than the minimum link MTU size required for IPv6 [IPv6-Spec].
根据7.1中描述的一般规则,仅当原始数据包大小大于IPv6所需的最小链路MTU大小[IPv6规范]时,ICMP“数据包太大”消息才会发送到原始数据包的源。
The tunnel entry-point node builds the ICMP and IPv4 header of the ICMP message that is sent to the source of the original packet as follows:
隧道入口点节点构建发送到原始数据包源的ICMP消息的ICMP和IPv4报头,如下所示:
IPv4 Fields:
IPv4字段:
Source Address
源地址
A valid unicast IPv4 address of the outgoing interface.
传出接口的有效单播IPv4地址。
Destination Address
目的地址
Copied from the Source Address field of the Original IPv4 header.
从原始IPv4标头的源地址字段复制。
ICMP Fields:
ICMP字段:
For any of the following tunnel ICMP error messages:
对于以下任一隧道ICMP错误消息:
"hop limit exceeded"
“超出跃点限制”
"unreachable node"
“无法访问的节点”
"parameter problem" - pointing to a valid Tunnel Enacpsulation Limit destination header with the Tun Encap Lim field set to a value zero:
“参数问题”-指向Tun Encap Lim字段设置为零值的有效隧道启用限制目标标头:
Type 3 - destination unreachable
类型3-无法到达目的地
Code 1 - host unreachable
代码1-无法访问主机
For a tunnel ICMP error message "packet too big":
对于隧道ICMP错误消息“数据包太大”:
Type 3 - destination unreachable
类型3-无法到达目的地
Code 4 - packet too big
代码4-数据包太大
MTU The MTU field from the tunnel ICMP message minus the length of the tunnel headers.
MTU隧道ICMP消息中的MTU字段减去隧道头的长度。
According to the general rules described in section 7.2, an ICMP "packet too big" message is sent to the original IPv4 packet source node if the the original IPv4 header has the DF - don't fragment - bit flag SET.
根据第7.2节中描述的一般规则,如果原始IPv4报头设置了DF-不分段-位标志,则向原始IPv4数据包源节点发送ICMP“数据包太大”消息。
In case of an error uncovered with a nested tunnel packet, the inner tunnel entry-point, which receives the ICMP error message from the inner tunnel reporting node, relays the ICMP message to the outer tunnel entry-point following the mechanisms described in sections 8.,8.1, 8.2, and 8.3. Further, the outer tunnel entry-point relays the ICMP message to the source of the original packet, following the same mechanisms.
在嵌套隧道数据包发现错误的情况下,从内部隧道报告节点接收ICMP错误消息的内部隧道入口点按照第8、8.1、8.2和8.3节中描述的机制将ICMP消息中继到外部隧道入口点。此外,外部隧道入口点按照相同的机制将ICMP消息中继到原始分组的源。
An IPv6 tunnel can be secured by securing the IPv6 path between the tunnel entry-point and exit-point node. The security architecture, mechanisms, and services are described in [RFC2401], [RFC2402], and [RFC2406]. A secure IPv6 tunnel may act as a gateway-to-gateway secure path as described in [RFC2401].
可以通过保护隧道入口点和出口点节点之间的IPv6路径来保护IPv6隧道。[RFC2401]、[RFC2402]和[RFC2406]中描述了安全体系结构、机制和服务。如[RFC2401]所述,安全IPv6隧道可充当网关到网关的安全路径。
For a secure IPv6 tunnel, in addition to the mechanisms described earlier in this document, the entry-point node of the tunnel performs security algorithms on the packet and prepends as part of the tunnel headers one or more security headers in conformance with [IPv6-Spec], [RFC2401], and [RFC2402], or [RFC2406].
对于安全IPv6隧道,除了本文档前面描述的机制外,隧道的入口点节点对数据包执行安全算法,并根据[IPv6规范]、[RFC2401]和[RFC2402]或[RFC2406]将一个或多个安全报头作为隧道报头的一部分预先发送。
The exit-point node of a secure IPv6 tunnel performs security algorithms and processes the tunnel security header[s] as part of the tunnel headers processing described earlier, and in conformance with [RFC2401], and [RFC2402], or [RFC2406]. The exit-point node discards the tunnel security header[s] with the rest of the tunnel headers after tunnel headers processing completion.
安全IPv6隧道的出口点节点执行安全算法并处理隧道安全报头,作为前面描述的隧道报头处理的一部分,并符合[RFC2401]和[RFC2402]或[RFC2406]。在隧道标头处理完成后,出口点节点将丢弃隧道安全标头和其他隧道标头。
The degree of integrity, authentication, and confidentiality and the security processing performed on a tunnel packet at the entry-point and exit-point node of a secure IPv6 tunnel depend on the type of security header - authentication (AH) or encryption (ESP) - and parameters configured in the Security Association for the tunnel. There is no dependency or interaction between the security level and mechanisms applied to the tunnel packets and the security applied to the original packets which are the payloads of the tunnel packets. In case of nested tunnels, each inner tunnel may have its own set of security services, independently from those of the outer tunnels, or of those between the source and destination of the original packet.
在安全IPv6隧道的入口点和出口点节点对隧道数据包执行的完整性、身份验证和机密性程度以及安全处理取决于安全标头的类型(身份验证(AH)或加密(ESP)以及在隧道的安全关联中配置的参数。应用于隧道分组的安全级别和机制与应用于作为隧道分组的有效载荷的原始分组的安全性之间不存在依赖性或交互。在嵌套隧道的情况下,每个内部隧道可以有自己的安全服务集,独立于外部隧道的安全服务集,或者独立于原始数据包的源和目的地之间的安全服务集。
This document is partially derived from several discussions about IPv6 tunneling on the IPng Working Group Mailing List and from feedback from the IPng Working Group to an IPv6 presentation that focused on IPv6 tunneling at the 33rd IETF, in Stockholm, in July 1995.
本文件部分来源于IPng工作组邮件列表中关于IPv6隧道的几次讨论,以及IPng工作组对1995年7月在斯德哥尔摩举行的第33届IETF上关于IPv6隧道的IPv6演示的反馈。
Additionally, the following documents that focused on tunneling or encapsulation were helpful references: RFC 1933 (R. Gilligan, E. Nordmark), RFC 1241 (R. Woodburn, D. Mills), RFC 1326 (P. Tsuchiya), RFC 1701, RFC 1702 (S. Hanks, D. Farinacci, P. Traina), RFC 1853 (W. Simpson), as well as RFC 2003 (C. Perkins).
此外,以下侧重于隧道或封装的文件是有用的参考资料:RFC 1933(R.Gilligan,E.Nordmark)、RFC 1241(R.Woodburn,D.Mills)、RFC 1326(P.Tsuchiya)、RFC 1701、RFC 1702(S.Hanks,D.Farinaci,P.Traina)、RFC 1853(W.Simpson)以及RFC 2003(C.Perkins)。
Brian Carpenter, Richard Draves, Bob Hinden, Thomas Narten, Erik Nordmark (in alphabetical order) gave valuable reviewing comments and suggestions for the improvement of this document. Scott Bradner, Ross Callon, Dimitry Haskin, Paul Traina, and James Watt (in alphabetical order) shared their view or experience on matters of concern in this document. Judith Grossman provided a sample of her many years of editorial and writing experience as well as a good amount of probing technical questions.
Brian Carpenter、Richard Draves、Bob Hinden、Thomas Narten、Erik Nordmark(按字母顺序)为改进本文件提供了宝贵的评论和建议。Scott Bradner、Ross Callon、Dimitry Haskin、Paul Traina和James Watt(按字母顺序)在本文中分享了他们对关注事项的看法或经验。朱迪思·格罗斯曼(Judith Grossman)提供了她多年编辑和写作经验的样本,以及大量探索性的技术问题。
[IPv6-Spec] Deering, S. and R. Hinden, "Internet Protocol Version 6 (IPv6) Specification", RFC 2460, December 1998.
[IPv6规范]Deering,S.和R.Hinden,“互联网协议版本6(IPv6)规范”,RFC 2460,1998年12月。
[ICMP-Spec] Conta, A. and S. Deering "Internet Control Message Protocol for the Internet Protocol Version 6 (IPv6)", RFC 2463, December 1998.
[ICMP规范]Conta,A.和S.Deering“互联网协议版本6(IPv6)的互联网控制消息协议”,RFC 2463,1998年12月。
[ND-Spec] Narten, T., Nordmark, E., and W. Simpson "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998.
[ND Spec]Narten,T.,Nordmark,E.,和W.Simpson“IP版本6(IPv6)的邻居发现”,RFC 2461,1998年12月。
[PMTU-Spec] McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for IP Version 6 (IPv6)", RFC 1981, August 1996.
[PMTU规范]McCann,J.,Deering,S.和J.Mogul,“IP版本6(IPv6)的路径MTU发现”,RFC 1981,1996年8月。
[RFC2401] Atkinson, R., "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[RFC2401]Atkinson,R.,“互联网协议的安全架构”,RFC 2401,1998年11月。
[RFC2402] Atkinson, R., "IP Authentication Header", RFC 2402, November 1998.
[RFC2402]阿特金森,R.,“IP认证头”,RFC2402,1998年11月。
[RFC2406] Atkinson, R., "IP Encapsulation Security Payload (ESP)", RFC 2406, November 1998.
[RFC2406]阿特金森,R.,“IP封装安全有效载荷(ESP)”,RFC 2406,1998年11月。
[RFC-1853] Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995.
[RFC-1853]辛普森,W.,“IP隧道中的IP”,RFC 1853,1995年10月。
[Assign-Nr] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
RFC 1700, October 1994. See also:
http://www.iana.org/numbers.html
[Assign-Nr] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
RFC 1700, October 1994. See also:
http://www.iana.org/numbers.html
[RFC2119] Bradner, S., "Key words for use in RFCs to indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
Authors' Addresses
作者地址
Alex Conta Lucent Technologies Inc. 300 Baker Ave Concord, MA 01742-2168 +1-978-287-2842
Alex Conta-Lucent Technologies Inc.马萨诸塞州康科德贝克大道300号01742-2168+1-978-287-2842
EMail: aconta@lucent.com
EMail: aconta@lucent.com
Stephen Deering Cisco Systems 170 West Tasman Dr San Jose, CA 95132-1706
史蒂芬·迪林思科系统170西塔斯曼博士,加利福尼亚州圣何塞,邮编95132-1706
Phone: +1-408-527-8213
EMail: deering@cisco.com
Phone: +1-408-527-8213
EMail: deering@cisco.com
Nested encapsulations of a packet become a recursive encapsulation if the packet reenters an outer tunnel before exiting it. The cases which present a high risk of recursive encapsulation are those in which a tunnel entry-point node cannot determine whether a packet that undergoes encapsulation reenters the tunnel before exiting it. Routing loops that cause tunnel packets to reenter a tunnel before exiting it are certainly the major cause of the problem. But since routing loops exist, and happen, it is important to understand and describe, the cases in which the risk for recursive encapsulation is higher.
如果数据包在退出外部隧道之前重新进入外部隧道,则数据包的嵌套封装将成为递归封装。存在递归封装高风险的情况是隧道入口点节点无法确定经过封装的数据包是否在退出隧道之前重新进入隧道。导致隧道数据包在退出隧道之前重新进入隧道的路由循环肯定是问题的主要原因。但是由于路由循环的存在和发生,理解和描述递归封装的风险更高的情况很重要。
There are two significant elements that determine the risk factor of routing loop recursive encapsulation:
确定路由循环递归封装的风险因素有两个重要因素:
(a) the type of tunnel,
(a) 隧道的类型,
(b) the type of route to the tunnel exit-point, which determines the packet forwarding through the tunnel, that is, over the tunnel virtual-link.
(b) 到隧道出口点的路由类型,它确定通过隧道(即通过隧道虚拟链路)的数据包转发。
A.1.1 Risk Factor in Nested Encapsulation - type of tunnel.
A.1.1 嵌套封装中的风险因素-隧道类型。
The type of tunnels which were identified as a high risk factor for recursive encapsulation in routing loops are:
被确定为路由环路中递归封装的高风险因素的隧道类型如下:
"inner tunnels with identical exit-points".
“具有相同出口点的内部隧道”。
Since the source and destination of an original packet is the main information used to decide whether to forward a packet through a tunnel or not, a recursive encapsulation can be avoided in case of a single tunnel (non-inner), by checking that the packet to be encapsulated is not originated on the entry-point node. This mechanism is suggested in [RFC-1853].
由于原始数据包的源和目的地是用于决定是否通过隧道转发数据包的主要信息,因此在单个隧道(非内部)的情况下,可以通过检查要封装的数据包是否起源于入口点节点来避免递归封装。[RFC-1853]中提出了这种机制。
However, this type of protection does not seem to work well in case of inner tunnels with different entry-points, and identical exit-points.
然而,对于具有不同入口点和相同出口点的内部隧道,这种类型的保护似乎效果不佳。
Inner tunnels with different entry-points and identical exit-points introduce ambiguity in deciding whether to encapsulate a packet, when a packet encapsulated in an inner tunnel reaches the entry-point node of an outer tunnel by means of a routing loop. Because the source of the tunnel packet is the inner tunnel entry-point node which is different than the entry-point node of the outer tunnel, the source
当封装在内部隧道中的数据包通过路由循环到达外部隧道的入口点节点时,具有不同入口点和相同出口点的内部隧道在决定是否封装数据包时引入了模糊性。由于隧道数据包的源是内部隧道入口点节点,与外部隧道的入口点节点不同,因此源
address checking (mentioned above) fails to detect an invalid encapsulation, and as a consequence the tunnel packet gets encapsulated at the outer tunnel each time it reaches it through the routing loop.
地址检查(如上所述)无法检测到无效封装,因此,隧道数据包每次通过路由循环到达外部隧道时,都会在外部隧道中被封装。
A.1.2 Risk Factor in Nested Encapsulation - type of route.
A.1.2 嵌套封装中的风险因素-路由类型。
The type of route to a tunnel exit-point node has been also identified as a high risk factor of recursive encapsulation in routing loops.
隧道出口点节点的路由类型也被确定为路由循环中递归封装的高风险因素。
One type of route to a tunnel exit-point node is a route to a specified destination node, that is, the destination is a valid specified IPv6 address (route to node). Such a route can be selected based on the longest match of an original packet destination address with the destination address stored in the tunnel entry-point node routing table entry for that route. The packet forwarded on such a route is first encapsulated and then forwarded towards the tunnel exit-point node.
到隧道出口点节点的一种路由类型是到指定目标节点的路由,即,目标是有效的指定IPv6地址(到节点的路由)。可以基于原始分组目的地地址与存储在该路由的隧道入口点节点路由表条目中的目的地地址的最长匹配来选择这样的路由。在这样的路由上转发的分组首先被封装,然后被转发到隧道出口点节点。
Another type of route to a tunnel exit-point node is a route to a specified prefix-net, that is, the destination is a valid specified IPv6 prefix (route to net). Such a route can be selected based on the longest path match of an original packet destination address with the prefix destination stored in the tunnel entry-point node routing table entry for that route. The packet forwarded on such a route is first encapsulated and then forwarded towards the tunnel exit-point node.
到隧道出口点节点的另一种路由类型是到指定前缀网络的路由,即,目标是有效的指定IPv6前缀(到网络的路由)。可以基于原始分组目的地地址与存储在该路由的隧道入口点节点路由表条目中的前缀目的地的最长路径匹配来选择这样的路由。在这样的路由上转发的分组首先被封装,然后被转发到隧道出口点节点。
And finally another type of route to a tunnel exit-point is a default route, or a route to an unspecified destination. This route is selected when no-other match for the destination of the original packet has been found in the routing table. A tunnel that is the first hop of a default route is a "default tunnel".
最后,到隧道出口点的另一种类型的路由是默认路由,或到未指定目的地的路由。当在路由表中未找到与原始数据包目的地的其他匹配项时,选择此路由。作为默认路由的第一跳的隧道是“默认隧道”。
If the route to a tunnel exit-point is a route to node, the risk factor for recursive encapsulation is minimum.
如果到隧道出口点的路由是到节点的路由,则递归封装的风险系数最小。
If the route to a tunnel exit-point is a route to net, the risk factor for recursive encapsulation is medium. There is a range of destination addresses that will match the prefix the route is associated with. If one or more inner tunnels with different tunnel entry-points have exit-point node addresses that match the route to net of an outer tunnel exit-point, then a recursive encapsulation may occur if a tunnel packet gets diverted from inside such an inner tunnel to the entry-point of the outer tunnel that has a route to its exit-point that matches the exit-point of an inner tunnel.
如果到隧道出口点的路线是到网络的路线,则递归封装的风险因素为中等。存在一系列与路由关联的前缀匹配的目标地址。如果具有不同隧道入口点的一个或多个内部隧道的出口点节点地址与外部隧道出口点网络的路由匹配,然后,如果隧道数据包从这样的内部隧道转移到外部隧道的入口点,则可能发生递归封装,外部隧道的入口点具有到其出口点的路由,该出口点与内部隧道的出口点匹配。
If the route to a tunnel exit-point is a default route, the risk factor for recursive encapsulation is maximum. Packets are forwarded through a default tunnel for lack of a better route. In many situations, forwarding through a default tunnel can happen for a wide range of destination addresses which at the maximum extent is the entire Internet minus the node's link. As consequence, it is likely that in a routing loop case, if a tunnel packet gets diverted from an inner tunnel to an outer tunnel entry-point in which the tunnel is a default tunnel, the packet will be once more encapsulated, because the default routing mechanism will not be able to discern differently, based on the destination.
如果到隧道出口点的路由是默认路由,则递归封装的风险系数最大。由于缺少更好的路由,数据包通过默认隧道转发。在许多情况下,通过默认隧道的转发可能会发生在范围广泛的目标地址上,最大程度上是整个互联网减去节点的链接。因此,在路由循环情况下,如果隧道分组从内部隧道转移到外部隧道入口点,其中隧道是默认隧道,则该分组将再次被封装,因为默认路由机制将无法基于目的地进行不同的识别。
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。