Transmission of IP Packets over
Overlay Multilink Network (OMNI) InterfacesThe Boeing CompanyP.O. Box 3707SeattleWA98124USAfltemplin@acm.orgI-DInternet-DraftAir/land/sea/space mobile nodes (e.g., aircraft of various configurations,
terrestrial vehicles, seagoing vessels, space systems, enterprise wireless devices,
pedestrians with cell phones, etc.) communicate with networked correspondents over
wireless and/or wired-line data links and configure mobile routers to connect end
user networks. This document presents a multilink virtual interface specification
that enables mobile nodes to coordinate with a network-based mobility service,
fixed node correspondents and/or other mobile node peers. The virtual interface
provides an adaptation layer service suited for both mobile and more static
environments such as enterprise and home networks. Both Provider-Aggregated (PA)
and Provider-Independent (PI) addressing services are supported. This document
specifies the transmission of IP packets over Overlay Multilink Network (OMNI)
Interfaces.Air/land/sea/space mobile nodes (e.g., aircraft of various configurations,
terrestrial vehicles, seagoing vessels, space systems, enterprise wireless
devices, pedestrians with cellphones, etc.) configure mobile routers with
multiple interface connections to wireless and/or wired-line data links.
These data links often have diverse performance, cost and availability
properties that can change dynamically according to mobility patterns,
flight phases, proximity to infrastructure, etc. The mobile router acts
as a Client of a network-based Mobility Service (MS) by configuring a
virtual interface over its underlay interface data link connections.Each Client configures a virtual network interface (termed the "Overlay
Multilink Network Interface (OMNI)") as a thin layer over its underlay
interfaces (which may themselves connect to virtual or physical
links). The OMNI interface is therefore the only interface abstraction
exposed to the IP layer and behaves according to the Non-Broadcast,
Multiple Access (NBMA) interface principle, while each underlay interface
appears as a link layer communication channel in the architecture. The
OMNI interface internally employs the "OMNI Adaptation Layer (OAL)"
to ensure that original IP packets or parcels , are adapted to diverse underlay
interfaces with heterogeneous properties.The OMNI interface connects to a virtual overlay known as the "OMNI
link". The OMNI link spans one or more Internetworks that may include
private-use infrastructures (e.g., enterprise networks, operator networks,
etc.) and/or the global public Internet itself. Together, OMNI and the
OAL provide the foundational elements required to support the "6 M's
of Modern Internetworking", including:Multilink - a Client's ability to coordinate multiple
diverse underlay interfaces as a single logical unit (i.e., the OMNI
interface) to achieve the required communications performance and
reliability objectives.Multinet - the ability to span the OMNI link over a segment
routing topology with multiple diverse administrative domain network
segments while maintaining seamless end-to-end communications
between mobile Clients and correspondents such as air traffic
controllers, fleet administrators, etc.Mobility - a Client's ability to change network
points of attachment (e.g., moving between wireless base stations)
which may result in an underlay interface address change, but
without disruptions to ongoing communication sessions with peers
over the OMNI link.Multicast - the ability to send a single network
transmission that reaches multiple Clients belonging to the same
interest group, but without disturbing other Clients not subscribed
to the interest group.Multihop - a mobile Client peer-to-peer relaying
capability useful when multiple forwarding hops between peers may
be necessary to "reach back" to an infrastructure access
point connection to the OMNI link.(Performance) Maximization - the ability to exchange large
packets/parcels between peers without loss due to a link size
restriction, and to adaptively adjust packet/parcel sizes to
maintain the best performance profile for each independent
traffic flow.Client OMNI interfaces coordinate with the MS and/or OMNI peer nodes
through IPv6 Neighbor Discovery (ND) control message exchanges . The MS consists of a distributed set of service
nodes (including Proxy/Servers and other infrastructure elements) that
also configure OMNI interfaces. Automatic Extended Route Optimization
(AERO) in particular provides a companion MS compatible with the OMNI
architecture . AERO discusses
details of ND message based multilink forwarding, route optimization,
mobility management, and multinet traversal while the fundamental
aspects of OMNI link operation are discussed in this document.Each OMNI interface provides a multilink nexus for exchanging inbound
and outbound traffic flows via selected underlay interfaces. The IP layer
sees the OMNI interface as a point of connection to the OMNI link. Each
OMNI link assigns one or more associated Mobility Service Prefixes (MSPs),
which are typically IP Global Unicast Address (GUA) prefixes. The MS
then delegates Mobile Network Prefixes (MNPs) taken from an MSP to
Client end systems as Provider-Independent (PI) address blocks. Clients
in local domains also obtain Provider-Aggregated (PA) addresses from
internal/external Stable Network Prefixes (SNPs) assigned to
Proxy/Servers that connect the local domain to the global topology
per . If there are multiple
OMNI links, the IP layer will see multiple OMNI interfaces.Clients receive SNP addresses and optionally also MNP prefix
delegations through IPv6 ND control message exchanges with Proxy/Servers
over MANETs, Access Networks (ANETs) and/or open Internetworks (INETs).
Clients sub-delegate MNPs to downstream-attached End-user Networks
(ENETs) independently of the underlay interfaces selected for upstream
data transport. Each Client acts as a fixed or mobile router on behalf
of ENET peers, and uses OMNI interface control messaging to coordinate
with Hosts, Proxy/Servers and/or other Clients. The Client iterates
its control messaging over each of the OMNI interface's (M)ANET/INET
underlay interfaces in order to register each interface with the MS
(see ). The Client can also provide
multihop forwarding services for a recursively extended chain of
other Clients and Hosts connected via downstream-attached ENETs.Clients may connect to multiple distinct OMNI links within the same
OMNI domain by configuring multiple OMNI interfaces, e.g., omni0, omni1,
omni2, etc. Each OMNI interface is configured over a distinct set of
underlay interfaces and provides a nexus for Safety-Based Multilink
(SBM) operation. The IP layer applies SBM routing to select a specific
OMNI interface, then the selected OMNI interface applies
Performance-Based Multilink (PBM) internally to select appropriate
underlay interfaces. Applications select SBM topologies based on IP
layer Segment Routing , while each OMNI
interface orchestrates PBM internally based on OAL Multinet traversal.OMNI provides a link model suitable for a wide range of use cases.
For example, the International Civil Aviation Organization (ICAO)
Working Group-I Mobility Subgroup is developing a future Aeronautical
Telecommunications Network with Internet Protocol Services (ATN/IPS)
and has issued a liaison statement requesting IETF adoption in support of ICAO Document 9896 .
The IETF IP Wireless Access in Vehicular Environments (ipwave) working
group has further included problem statement and use case analysis for
OMNI in . Still other communities of interest
include AEEC, RTCA Special Committee 228 (SC-228) and NASA programs
that examine commercial aviation, Urban Air Mobility (UAM) and Unmanned
Air Systems (UAS). Pedestrians with handheld mobile devices, home and
small office networks, enterprise networks and many others represent
additional large classes of potential OMNI users.This document specifies the transmission of original IP
packets/parcels and control messages over OMNI interfaces. The operation
of both IP protocol versions (i.e., IPv4 and
IPv6 ) is specified as the network layer data
plane, while OMNI interfaces use IPv6 ND messaging in the control plane
independently of the data plane protocol(s). OMNI interfaces also
provide an adaptation layer based on encapsulation and fragmentation
over heterogeneous underlay interfaces as an OAL sublayer between L3
and L2. OMNI and the OAL are specified in detail throughout the
remainder of this document.The terminology in the normative references applies; especially, the
terms "link" and "interface" are the same as defined in the IPv6 and IPv6 Neighbor Discovery (ND) specifications. This document assumes the following IPv6
ND control plane message types: Router Solicitation (RS), Router
Advertisement (RA), Neighbor Solicitation (NS), Neighbor Advertisement
(NA), unsolicited NA (uNA) and Redirect.The terms "All-Routers multicast", "All-Nodes multicast"
and "Subnet-Router anycast" are the same as defined in . Also, IPv6 ND state names, variables and
constants including REACHABLE, ReachableTime and REACHABLE_TIME
are the same as defined in .The term "IP" is used to refer collectively to either Internet
Protocol version (i.e., IPv4 or IPv6 ) when a specification at the layer in question
applies equally to either version.The terms Host, Client and Proxy/Server are intentionally capitalized
to denote an instance of that particular node type that also configures
an OMNI interface and engages the OMNI Adaptation Layer.The terms "application layer (L5 and higher)", "transport layer
(L4)", "network layer (L3)", "(data) link layer (L2)" and "physical
layer (L1)" are used consistently with common Internetworking
terminology, with the understanding that reliable delivery protocol
users of UDP are considered as transport layer elements. The OMNI
specification further defines an "adaptation layer" positioned
below the network layer but above the link layer, which may include
physical links and Internet- or higher-layer tunnels. A (network)
interface is a node's attachment to a link (via L2), and an OMNI
interface is therefore a node's attachment to an OMNI link (via
the adaptation layer).The terms "IP jumbogram", "advanced jumbo (AJ)" and "IP parcel"
refer to special packet formats that enable a new link model for the
Internet as discussed in
and .The following terms are defined within the scope of this
document:The Network layer in the OSI network
model. Also known as "layer 3", "IP layer", etc.The Data Link layer in the OSI network
model. Also known as "layer 2", "link layer", "sub-IP layer",
etc.An encapsulation mid-layer
that adapts L3 to a diverse collection of L2 underlay interfaces
and their encapsulations. (No layer number is assigned, since
numbering was an artifact of the legacy reference model that need
not carry forward in the modern architecture.) The adaptation
layer sees the network layer as "L3" and sees all link layer
encapsulations as "L2 encapsulations", which may include UDP,
IP and true link layer (e.g., Ethernet, etc.) headers.a connected network
region (e.g., an aviation radio access network, corporate
enterprise network, satellite service provider network, cellular
operator network, residential WiFi network, etc.) that connects
Clients to the rest of the OMNI link. Physical and/or data link level
security is assumed (sometimes referred to as "protected spectrum"
for wireless domains). ANETs such as private enterprise networks
and ground domain aviation service networks often provide multiple
secured IP hops between the Client's physical point of connection
and the nearest Proxy/Server.a connected network
region that shares similar properties as an ANET except that links often
have undetermined connectivity properties, lower layer security services
cannot always be assumed and multihop forwarding between Clients acting
as MANET routers may be necessary.a connected network
region with a coherent IP addressing plan that provides transit
forwarding services between ANETs and/or OMNI nodes that coordinate
with the Mobility Service over unprotected media. Since physical
and/or data link level security cannot always be assumed, security
must be applied by the network and/or higher layers if necessary.
The global public Internet itself is an example.a simple or complex
"downstream" network tethered to a Client as a single logical unit
that travels together. The ENET could be as simple as a single link
connecting a single Host, or as complex as a large network with many
links, routers, bridges and end user devices. The ENET provides an
"upstream" link for arbitrarily many low-, medium- or high-end devices
dependent on the Client for their upstream connectivity, i.e., as
Internet of Things (IoT) entities. The ENET can also support a
recursively-descending chain of additional Clients such that the
ENET of an upstream Client is seen as the ANET of a downstream Client.a "wildcard" term used when a given
specification applies equally to all MANET/ANET/INET cases. From the
Client's perspective, *NET interfaces are "upstream" interfaces that
connect the Client to the Mobility Service, while ENET interfaces
are "downstream" interfaces that the Client uses to connect
downstream ENETs, Hosts and/or other Clients. Local communications
between correspondents within the same *NET can often be conducted
based on IPv6 Unique Local Addresses (ULAs) ,
MANET Local Addresses (MLAs)
or Hierarchical Host Identity Tags (HHITs) .a *NET or ENET
interface over which an OMNI interface is configured. The OMNI
interface is seen as an L3 interface by the network layer, and each
underlay interface is seen as an L2 interface by the OMNI interface.
The underlay interface either connects directly to the physical
communications media or coordinates with another node where the
physical media is hosted.a node's underlay interface
to a local network with indeterminant neighborhood properties over
which multihop relaying may be necessary. The MANET interface
appears as an Adaptation Layer interface from the viewpoint of
the OMNI interface. All MANET interfaces used by AERO/OMNI are
IPv6 interfaces and therefore must configure a Maximum Transmission
Unit (MTU) no smaller than the IPv6 minimum MTU (1280 octets)
even if lower-layer fragmentation is needed.
a virtual interface configured beneath the OMNI interface but
over an underlay interface connection to an ANET or INET.
The ALVIF provides context for the assignment of adaptation
layer IPv6 addresses. MANET interfaces need not configure an
ALVIF since they are already adaptation layer interfaces.a Non-Broadcast, Multiple Access
(NBMA) virtual overlay configured over one or more INETs and their
connected (M)ANETs/ENETs. An OMNI link may comprise multiple distinct
"segments" joined by "bridges" the same as for any link; the
addressing plans in each segment may be mutually exclusive and
managed by different administrative entities. Proxy/Servers and
other infrastructure elements extend the link to support
communications between Clients as single-hop neighbors.a Proxy/Server and
all of its constituent Clients within any attached *NETs is
considered as a leaf OMNI link segment, with each leaf
interconnected via links and "bridge" nodes in intermediate
OMNI link segments. When the *NETs of multiple leaf segments
overlap (e.g., due to network mobility), they can combine to
form larger *NETs with no changes to Client-to-Proxy/Server
relationships. The OMNI link consists of the concatenation
of all OMNI link leaf and intermediate segments as a
loop-free spanning tree.a node's attachment to an OMNI
link, and configured over one or more underlay interfaces. If there
are multiple OMNI links in an OMNI domain, a separate OMNI interface
is configured for each link. The OMNI interface configures a Maximum
Transmission Unit (MTU) and an Effective MTU to Receive (EMTU_R) the
same as any interface.an OMNI interface
sublayer service that encapsulates original IP packets/parcels
admitted into the interface in an IPv6 header and/or subjects them
to fragmentation and reassembly. The OAL is also responsible for
generating MTU-related control messages as necessary, and for
providing addressing context for OMNI link SRT traversal. The OAL
presents a new layer in the Internet architecture known simply as
the "adaptation layer". The OMNI link is an example of a limited
domain at the adaptation layer although
its segments may be joined over open Internetworks at L2.an end user device that extends
the OMNI link over an ENET interface serviced by a Client. (As an
implementation matter, the Host either assigns the same IP address
from the ENET (underlay) interface to an (overlay) OMNI interface,
or configures an OMNI-like function as a virtual sublayer of the
ENET interface itself.) The IP addresses assigned to each Host ENET
interface remain stable even if the Client's upstream *NET interface
connections change.a network platform/device mobile
router that configures one or more OMNI interfaces over distinct
sets of underlay interfaces grouped as logical OMNI link units. The
Client coordinates with the Mobility Service via upstream networks
over *NET interfaces, and provides Proxy/Server services for Hosts
and other Clients on ENET interface downstream networks. The
Client's *NET interface addresses and performance characteristics
may change over time (e.g., due to node mobility, link quality,
etc.) while downstream-attached Hosts and other Clients see the ENET
as a stable ANET.a segment routing topology
edge node that configures an OMNI interface and connects Clients to the
Mobility Service. As a server, the Proxy/Server responds directly to
some Client IPv6 ND messages. As a proxy, the Proxy/Server forwards
other Client IPv6 ND messages to other Proxy/Servers and Clients. As
a router, the Proxy/Server provides a forwarding service for
ordinary data messages that may be essential in some environments
and a last resort in others. Proxy/Servers at (M)ANET boundaries
configure both an (M)ANET downstream interface and *NET upstream
interface, while INET-based Proxy/Servers configure only an INET
interface. All Proxy/Servers configure a Stable Network Prefix
(SNP) and manage 1x1 mappings of internal Unique Local Addresses
(ULAs) and external Globally Unique Addresses (GUAs) according
to .a
Proxy/Server connected to the source Client's *NET that forwards OAL
packets sent by the source into the segment routing topology. FHS
Proxy/Servers allocate Provider-Aggregated (Proxy/Server-Aggregated)
addresses to Clients within their local networks. FHS Proxy/Servers
also act as intermediate forwarding systems to facilitate RS/RA-based
Provider-Independent Prefix Delegation exchanges between Clients and
Mobility Anchor Point (MAP) Proxy/Servers.a
Proxy/Server connected to the target Client's *NET that forwards
OAL packets received from the segment routing topology to the
target.a
Proxy/Server selected by the Client that provides a designated
router service for any *NET underlay networks that register the
Client's Mobile Network Prefix (MNP). Since all Proxy/Servers
provide equivalent services, Clients normally select the first FHS
Proxy/Server they coordinate with to serve as the MAP. However, the
MAP can instead be any available Proxy/Server for the OMNI link,
i.e., and not necessarily one of the Client's FHS Proxy/Servers.
This flexible arrangement supports a fully distributed mobility
management service.a multinet
forwarding region configured over one or more INETs between the FHS
Proxy/Server and LHS Proxy/Server. The SRT spans the OMNI link on
behalf of communicating peer nodes using segment routing in a manner
outside the scope of this document (see: ).a mobile routing
service that tracks Client movements and ensures that Clients remain
continuously reachable even across mobility events. The MS consists
of the set of all Proxy/Servers plus all other OMNI link supporting
infrastructure nodes. Specific MS details are out of scope for this
document, with an example found in .an aggregated
IP Global Unicast Address (GUA) prefix (e.g., 2001:db8::/32,
2002:192.0.2.0::/40, etc.) assigned to the OMNI link and from
which more-specific Mobile and Stable Network Prefixes (MNPs/SNPs)
are delegated, where IPv4 MSPs are represented as "6to4 prefixes"
per . OMNI link administrators typically
obtain MSPs from an Internet address registry, however private-use
prefixes can also be used subject to certain limitations (see:
). OMNI links that connect to the global
Internet advertise their MSPs to their interdomain routing
peers.a longer IP
prefix delegated from an MSP (e.g., 2001:db8:1000:2000::/56,
2002:192.0.2.8::/46, etc.) and assigned to a Client. Clients
receive MNPs from MAP Proxy/Servers and sub-delegate them to
routers, Hosts and other Clients located in ENETs.a global IP and
unique-local IP prefix pair assigned to one or more Proxy/Servers
that connect local *NET Client groups to the rest of the OMNI link.
Clients request address delegations from the SNP that can be used
to support global and local-scoped communications. Clients
communicate internally within *NET groups using IPv6 Unique
Local Addresses (ULAs) assigned in 1x1 correspondence to SNP
GUAs made visible to external peers through IP network
address/prefix translation .a global IP
prefix not covered by a MSP and assigned to a link or network
outside of the OMNI domain.An
IPv6 address taken from an FNP/MNP/SNP in which the remainder
of the address beyond the prefix is set to the value "all-zeros".
For example, the SRA for 2001:db8:1::/48 is simply 2001:db8:1::
(i.e., with the 80 least significant bits set to 0). For IPv4,
the IPv6 SRA corresponding to the IPv4 prefix 192.0.2.0/24 is
2002:192.0.2.0::/40 per .a whole IP
packet/parcel or fragment admitted into the OMNI interface by the
network layer prior to OAL encapsulation/fragmentation, or an IP
packet/parcel delivered to the network layer by the OMNI interface
following OAL reassembly/decapsulation.an original IP packet/parcel
encapsulated in an OAL IPv6 header with an IPv6 Extended Fragment
Header extension that includes an 8-octet (64-bit) OAL Identification
value. Each OAL packet is then subject to OAL fragmentation and
reassembly.a portion of an OAL packet
following fragmentation but prior to L2 encapsulation/fragmentation,
or following L2 reassembly/decapsulation but prior to OAL reassembly.an OAL packet that can
be forwarded without fragmentation, but still includes an IPv6 Extended
Fragment Header with an 8-octet (64-bit) OAL Identification value
and with Index and More Fragments both set to 0.an encapsulated OAL
fragment following L2 encapsulation or prior to L2 decapsulation.
OAL sources and destinations exchange carrier packets over underlay
interfaces, and may be separated by one or more OAL intermediate
systems. OAL intermediate systems may perform re-encapsulation on
carrier packets by removing the L2 headers of the first hop network
and replacing them with new L2 headers for the next hop network.
Carrier packets may themselves be subject to fragmentation and
reassembly in L2 underlay networks at a layer below the OAL.
Carrier packets sent over unsecured paths use OMNI protocol L2
encapsulations, while those sent over secured paths use L2
security encapsulations such as IPsec ,
etc. (The term "carrier" honors agents of the service postulated
by and .)an OMNI interface acts as an OAL
source when it encapsulates original IP packets/parcels to form OAL
packets, then performs OAL fragmentation and encapsulation to create
carrier packets which may themselves be subject to fragmentation at
their layer. Every OAL source is also an OMNI link ingress.an OMNI interface acts as an
OAL destination when it decapsulates carrier packets (while reassembling
first, if necessary), then performs OAL reassembly/decapsulation
to derive the original IP packet/parcel. Every OAL destination is
also an OMNI link egress.an OMNI interface acts
as an OAL intermediate system when it reassembles/decapsulates carrier
packets received from a first segment to obtain the original OAL
packet/fragment, then re-encapsulates in new L2 headers appropriate
for the next segment and sends these new carrier packets into the next
segment (while re-fragmenting first, if necessary). OAL intermediate
systems decrement the Hop Limit in OAL packets/fragments during
forwarding, and discard the OAL packet/fragment if the Hop Limit
reaches 0. OAL intermediate systems do not decrement the TTL/Hop
Limit of the original IP packet/parcel, which can only be updated
by the network and higher layers.an IPv6 Neighbor Discovery Option
providing multilink parameters for the OMNI interface as specified
in .the least
significant 64 bits of an IPv6 address, as specified in the IPv6
addressing architecture .an IPv6 address
beginning with fe80::/64 per the IPv6 addressing architecture and assigned to an IPv6 interface.an IPv6 address
beginning with fee0::/11 followed by a 53-bit random Subnet ID and a
64-bit Interface ID. Each OMNI node assigns an MLA with a /128 prefix
length on its adaptation layer interfaces (including MANET and ALVIF
interfaces) per . The node also
assigns the MLA to the OMNI interface itself.
an IPv6 address with a /128 prefix length according to . Each OMNI node assigns an HHIT on its adaptation layer
interfaces to domains which provide access to an attestation service.
The node also assigns the HHIT to the OMNI interface itself.an IPv6 address
delegated to an OMNI node beginning with fd00::/8 followed by a 40-bit
Global ID, a 16-bit Subnet ID and a 64-bit Interface ID per . The OMNI node assigns the ULA to the OMNI
interface. (Note that specifies a
second form of ULAs based on the prefix fc00::/8, which are referred
to as "ULA-C" throughout this document to distinguish them from the
ULAs defined here.)a globally
unique IPv6 address per the IPv6 addressing architecture or a globally unique IPv4 address that is not
reserved for a special-purpose per .
a GUA delegated to a Client from a SNP assigned to a FHS Proxy/Server
is considered Provider-Aggregated (PA) or "Proxy/Server-Aggregated".
The Client either assigns the PA address to its own OMNI interface
or allows the FHS Proxy/Server to supply the address via Network
Prefix Translation for IPv6 (NPTv6) .
a GUA allocated from an MNP delegated to a Client via a
MAP Proxy/Server is considered Provider-Independent (PI)
or "Proxy/Server-Independent". The Client assigns a PI
address to a (downstream) ENET interfaces can sub-delegate
the MNP to downstream ENET nodes.a Client OMNI interface's manner of
managing multiple diverse *NET underlay interfaces as a single
logical unit. The OMNI interface provides a single unified interface
to the network layer, while underlay interface selections are performed
on a per-flow basis considering traffic selectors such as DSCP, flow
label, application policy, signal quality, cost, etc. Multilink
selections are coordinated in both the outbound and inbound
directions based on source/target underlay interface pairs.an intermediate system's manner of
spanning multiple diverse IP Internetwork and/or private enterprise
network "segments" through OAL encapsulation. Multiple diverse
Internetworks (such as the global public IPv4 and IPv6 Internets)
can serve as transit segments in an end-to-end OAL forwarding path
through intermediate system concatenation of SRT network segments.
This OAL concatenation capability provides benefits such as
supporting IPv4/IPv6 transition and coexistence, joining multiple
diverse operator networks into a cooperative single service network,
etc. See: for further
information.an iterative relaying of carrier
packets between Client's over an OMNI underlay interface technology
(such as omnidirectional wireless) without support of fixed
infrastructure. Multihop services entail Client-to-Client relaying
within a Mobile/Vehicular Ad-hoc Network (MANET/VANET) for
Vehicle-to-Vehicle (V2V) communications and/or for
Vehicle-to-Infrastructure (V2I) "range extension" where Clients
within range of communications infrastructure elements provide
forwarding services for other Clients.any action that results in a change
to a Client underlay interface address. The change could be due to,
e.g., a handover to a new wireless base station, loss of link due to
signal fading, an actual physical node movement, etc.A means for
ensuring fault tolerance through redundancy by connecting multiple
OMNI interfaces within the same domain to independent routing
topologies (i.e., multiple independent OMNI links).A means
for selecting one or more underlay interface(s) for carrier packet
transmission and reception within a single OMNI interface.The set of all SBM/PBM OMNI links
that collectively provides services for a common set of MSPs. All
OMNI links within the same domain configure, advertise and respond
to the SRA address(es) corresponding to the MSP(s) assigned to
the domain.A
multilink forwarding table on each OAL source, destination and
intermediate system that includes AERO Forwarding Vectors (AFV) with
both next hop forwarding instructions and context for reconstructing
compressed headers for specific underlay interface pairs used to
communicate with peers. See:
for further discussion.An AFIB entry
that includes soft state for each underlay interface pairwise
communication session between peer neighbors. AFVs are identified
by an AFV Index (AFVI) paired with the previous hop L2 address, with
the pair established based on an IPv6 ND solicitation and solicited
IPv6 ND advertisement response. The AFV also caches underlay interface
pairwise Identification sequence number parameters to support carrier
packet filtering. See:
for further discussion.A
2-octet or 4-octet integer value supplied by a first hop OAL
node when it requests a next hop OAL node to create an AFV.
(The AFVI is always processed as a 4-octet value, but may be
transmitted as only the 2 least significant octets when the
2 most significant octets are 0.) The next hop OAL node caches
the AFVI and L2 address supplied by the previous hop as header
compression/decompression state for future OAL packets with
compressed headers. The first hop OAL node must ensure that
the AFVI values it assigns to the next hop via a specific
underlay interface are distinct and reused only after their
useful lifetimes expire. The special AFVI value 0 means that
no AFVI is assigned.a sequence of packets sent from a
particular source to a particular unicast, anycast, or multicast
destination that a node desires to label as a flow. The 3-tuple
of the Flow Label, Source Address and Destination Address fields
enable efficient IPv6 flow classification. The IPv6 Flow Label
Specification is observed per .the OMNI protocol
encapsulation of OAL packets/fragments in an outer header or headers
to form carrier packets that can be routed within the scope of the
local *NET underlay network partition. The OAL node that
performs encapsulation is known as the "L2 source" while the OAL
node that performs decapsulation is known as the "L2 destination";
both OAL end and intermediate systems can also act as an L2 source
or destination. Common L2 encapsulation combinations include UDP,
IP and/or Ethernet using a port/protocol/type number for OMNI.an address that appears
in the OMNI protocol L2 encapsulation for an underlay interface and
also in IPv6 ND message OMNI options. L2ADDR can be either an IP
address for IP encapsulations or an IEEE EUI address for direct data link encapsulation. (When UDP/IP
encapsulation is used, the UDP port number is considered an
ancillary extension of the IP L2ADDR.)the current size for
OAL source fragmentation which must be no smaller than 1024 octets
and should be no larger than 65279 octets (allowing for up to 256
octets of L2 encapsulations for each OAL fragment). Each OAL source
maintains an OFS in AERO Forwarding Vectors (AFVs) for each OAL
destination. The source discovers the "maximum OFS" through IPv6
Minimum Path MTU Options and maintains an
equal or smaller value "effective OFS" according to dynamic network
control message feedback. The OAL source should adaptively seek to
use the largest possible effective OFS under current network
conditions to provide better performance for upper layers.the current
size for L2 carrier packet fragments including the headers,
trailers and OAL fragment body. The OAL L2 source applies source
fragmentation if necessary to each L2-encapsulated OAL fragment
under the default CFS of 1280 octets (i.e., the IPv6 minimum MTU)
until it can either engage IPv4 network fragmentation or determine
whether a larger CFS is possible through Packetization Layer Path
MTU Discovery for Datagram Transports .
The L2 source should adaptively seek to maximize CFS to provide
better performance for upper layers.OMNI interfaces limit the size of their IPv6 ND control
plane messages (plus any original IP packet/parcel attachments)
to the minimum IPv6 link MTU minus overhead for adaptation and
link layer encapsulation. If there are sufficient OMNI parameters
and/or IP packet/parcel attachments that would exceed this size,
the OMNI interface forwards the information as multiple smaller
IPv6 ND messages and the recipient accepts the union of all
information received. This allows the messages to travel
without loss due to a size restriction over secured control
plane paths that include IPsec tunnels ,
secured direct point-to-point links and/or unsecured paths that
require an authentication signature.Host, Client and Proxy/Server OMNI interfaces that employ IPv6
ND control plane messaging maintain per-neighbor state in Neighbor
Cache Entries (NCEs). Each NCE is indexed by the neighbor's network
layer address(es) while the neighbor's OAL encapsulation address
provides context for Identification verification. The IPv6 ND
Protocol Constants defined in Section 10 of are used in their same format and meaning in this
document. The L3, adaptation and (virtual) L2 layers each include distinct
packet Identification numbering spaces. The adaptation layer employs
an 8-octet Identification numbering space that is distinct from L3/L2
spaces, with an Identification value appearing in an IPv6 Extended
Fragment Header or an
OMNI Compressed Header (OCH) (see: ) in
each adaptation layer encapsulation.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
when, and only when,
they appear in all capitals, as shown here.An OMNI interface is a virtual interface configured over one or more
underlay interfaces, which may be physical (e.g., an aeronautical radio
link, a cellular wireless link, etc.) or virtual (e.g., an internet-layer
or higher-layer "tunnel"). The OMNI interface architectural layering model
is the same as in , and
augmented as shown in . The network layer
therefore sees the OMNI interface as a single L3 interface nexus
for multiple underlay interfaces that appear as L2 communication
channels in the architecture.| |
Address Binding | +----------------------------+
+---->| IP (L3) |
IP Address +---->| |
Binding | +----------------------------+
+---->| OMNI Interface |
Logical-to- +---->| (OMNI Adaptation Layer) |
Physical | +----------------------------+
Interface +---->| L2 | L2 | | L2 |
Binding |(IF#1)|(IF#2)| ..... |(IF#n)|
+------+------+ +------+
| L1 | L1 | | L1 |
| | | | |
+------+------+ +------+
]]>Each underlay interface provides an L2/L1 abstraction according to
one of the following models:(M)ANET interfaces connect to a (M)ANET that is separated from
the open INET by Proxy/Servers. The (M)ANET interface may be either
on the same link segment as a Proxy/Server, or separated from a
Proxy/Server by multiple adaptation layer and/or L2 hops. (Note
that NATs may appear internally within a (M)ANET or on the
Proxy/Server itself and may require NAT traversal the same
as for the INET case.) The OMNI interface configures an
ALVIF over each ANET interface, while MANET interfaces
already appear as adaptation layer interfaces and need
not configure an ALVIF.INET interfaces connect to an INET either natively or through
IP Network Address Translators (NATs). Native INET interfaces have
global IP addresses that are reachable from any INET correspondent.
NATed INET interfaces typically configure private IP addresses and
connect to a private network behind one or more NATs with the
outermost NAT providing INET access. The same as for ANET
interfaces, the OMNI interface configures an ALVIF over
each INET interface.ENET interfaces connect a Client's downstream-attached networks,
where the Client provides forwarding services for ENET Host and
Client communications to remote peers. An ENET may be as simple as a
small IoT sub-network that travels with a mobile Client to as complex
as a large private enterprise network that the Client connects to a
larger *NET. Downstream-attached Hosts and Clients see the ENET
as a *NET and see the (upstream) Client as a Proxy/Server.VPN interfaces use security encapsulations (e.g. IPsec tunnels)
over underlay networks to connect Client, Proxy/Server or other
critical infrastructure nodes. VPN interfaces provide security
services at lower layers of the architecture (L2/L1), with
securing properties similar to Direct point-to-point interfaces.Direct point-to-point interfaces securely connect Clients,
Proxy/Servers and/or other critical infrastructure nodes over physical
or virtual media that does not transit any open Internetwork paths.
Examples include a line-of-sight link between a remote pilot and an
unmanned aircraft, a fiberoptic link between gateways, etc.The OMNI interface forwards original IP packets/parcels from
the network layer using the OMNI Adaptation Layer (OAL) (see: ) as an encapsulation and fragmentation sublayer
service. This "OAL source" then further encapsulates the resulting OAL
packets/fragments in underlay network headers (e.g., UDP/IP, IP-only,
Ethernet-only, etc.) to create L2 encapsulated "carrier packets" for
fragmentation and transmission over underlay interfaces. The target
OMNI interface then receives the carrier packets from underlay
interfaces and performs L2 reassembly/decapsulation.If the resulting OAL packets/fragments are addressed to itself, the
OMNI interface performs reassembly/decapsulation as an "OAL destination"
and delivers the original IP packet/parcel to the network layer. If the
OAL packets/fragments are addressed to another node, the OMNI interface
instead re-encapsulates them in new underlay network L2 headers as an
"OAL intermediate system" then performs L2 fragmentation and forwards
the resulting carrier packets over an underlay interface. The OAL source
and OAL destination are seen as "neighbors" on the OMNI link, while OAL
intermediate systems provide a virtual bridging service that joins the
segments of a (multinet) Segment Routing Topology (SRT).The OMNI interface transports carrier packets over either secured or
unsecured underlay interfaces to access the secured/unsecured OMNI link
spanning trees as discussed further throughout the document. Carrier
packets that carry control plane messages over secured underlay
interfaces use secured L2/L1 services such as IPsec, direct encapsulation
over secured point-to-point links, etc. Carrier packets that carry data
plane messages over unsecured underlay interfaces instead use L2
encapsulations appropriate for public or private Internetworks and
are subject for the following sections.The OMNI interface and its OAL can forward original IP packets/parcels
over underlay interfaces while including/omitting various lower layer
encapsulations including OAL, UDP, IP and (ETH)ernet or other link
layer header. The network layer can also engage underlay interfaces
directly while bypassing the OMNI interface entirely when necessary.
This architectural flexibility may be beneficial for underlay
interfaces (e.g., some aviation data links) for which encapsulation
overhead is a primary consideration. OMNI interfaces that send
original IP packets/parcels directly over underlay interfaces without
invoking the OAL can only reach peers located on the same OMNI link
segment. Source Clients can instead use the OAL to coordinate with
target Clients in the same or different OMNI link segments by sending
initial carrier packets to a First-Hop Segment (FHS) Proxy/Server. The
FHS Proxy/Sever then sends the carrier packets into the SRT spanning
tree, which transports them to a Last-Hop Segment (LHS) Proxy/Server for
the target Client.The OMNI interface encapsulation/decapsulation layering possibilities
are shown in below. Imaginary vertical
lines drawn between the Network Layer at the top of the figure and
Underlay Interfaces at the bottom of the figure denote the various
encapsulation/decapsulation layering combination possibilities. Common
combinations include IP-only (i.e., direct access to underlay interfaces
with or without using the OMNI interface), IP/IP, IP/UDP/IP,
IP/UDP/IP/ETH, IP/OAL/UDP/IP, IP/OAL/UDP/ETH, etc.
The OMNI/OAL model gives rise to a number of opportunities:Clients coordinate with the MS and receive both SNP addresses
and MNP delegations through IPv6 ND control plane message exchanges
with Proxy/Servers. Since GUA and ULA addresses are managed for
uniqueness, no Duplicate Address Detection (DAD) or Multicast
Listener Discovery (MLD) messaging is necessary over the OMNI
interface.underlay interfaces on the same L2 link segment as a Proxy/Server
do not require any L3 addresses (i.e., not even link-local) in
environments where communications are coordinated entirely over the
OMNI interface.as underlay interface properties change (e.g., link quality,
cost, availability, etc.), any active interface can be used to
update the profiles of multiple additional interfaces in a single
message. This allows for timely adaptation and service continuity
under dynamically changing conditions.coordinating underlay interfaces in this way allows them to be
represented in a unified MS profile with provisions to support the
"6 M's of Modern Internetworking".header compression and path MTU determination is conducted on
a per-flow basis, with each flow adapting to the best performance
profiles and path selections.exposing a single virtual interface abstraction to the network layer
allows for multilink operation (including QoS based link selection,
carrier packet replication, load balancing, etc.) at L2 while still
permitting L3 traffic shaping based on, e.g., DSCP, flow label,
etc.the OMNI interface supports multinet traversal over the SRT when
communications across different administrative domain network
segments are necessary. This mode of operation would not be possible
via direct communications over the underlay interfaces themselves.the OAL supports lossless and adaptive path MTU mitigations not
available for communications directly over the underlay interfaces
themselves. The OAL supports "packing" of multiple original IP
payload packets/parcels within a single OAL "super-packet" and also
supports transmission of IP packets/parcels of all sizes up to and
including (advanced) jumbograms.the OAL assigns per-packet Identification values that allow for
adaptation/link layer reliability and data origin authentication.L3 sees the OMNI interface as a point of connection to the OMNI
link; if there are multiple OMNI links, L3 will see multiple OMNI
interfaces.Multiple independent OMNI interfaces can be used for increased
fault tolerance through Safety-Based Multilink (SBM), with
Performance-Based Multilink (PBM) applied within each interface.Multiple independent OMNI links can be joined together into a
single link without requiring renumbering of infrastructure
elements, since the GUAs/ULAs assigned by Proxy/Servers of
the different links will be mutually exclusive.the OMNI/OAL model supports transmission of new forms of IP
packets known as "IP parcels and Advanced Jumbos (AJs)" that
improve performance and efficiency for both transport layer
protocols and networked paths.OMNI provides robust support for both Provider-Aggregated (PA)
and Provider-Independent (PI) addressing resulting in a versatile
service for all Client use cases. depicts the architectural model for a
source Client with an attached ENET connecting to the OMNI link via
multiple independent *NETs. The Client's OMNI interface forwards
adaptation layer IPv6 ND solicitation messages over available *NET
underlay interfaces using any necessary L2 encapsulations. The IPv6
ND messages traverse the *NETs until they reach an FHS Proxy/Server
(FHS#1, FHS#2, ..., FHS#n), which returns an IPv6 ND advertisement message
and/or forwards a proxyed version of the message over the SRT to an LHS
Proxy/Server near the target Client (LHS#1, LHS#2, ..., LHS#m). The Hop
Limit in IPv6 ND messages is not decremented due to encapsulation; hence,
the source and target Client OMNI interfaces appear to be attached to
a common link..-(::ENET::)
+----+----+----+ `-(::::)-'
+--------|IF#1|IF#2|IF#n|------ +
/ +----+----+----+ \
/ | \
/ | \
v v v
(:::)-. (:::)-. (:::)-.
.-(::*NET:::) .-(::*NET:::) .-(::*NET:::)
`-(::::)-' `-(::::)-' `-(::::)-'
+-----+ +-----+ +-----+
... |FHS#1| ......... |FHS#2| ......... |FHS#n| ...
. +--|--+ +--|--+ +--|--+ .
. | | |
. \ v / .
. \ / .
. v (:::)-. v .
. .-(::::::::) .
. .-(::: Segment :::)-. .
. (::::: Routing ::::) .
. `-(:: Topology ::)-' .
. `-(:::::::-' .
. / | \ .
. / | \ .
. v v v
. +-----+ +-----+ +-----+ .
... |LHS#1| ......... |LHS#2| ......... |LHS#m| ...
+--|--+ +--|--+ +--|--+
\ | /
v v v
<-- Target Clients -->
]]>After the initial IPv6 ND message exchange, the source Client (as
well as any nodes on its attached ENETs) can send carrier packets to the
target Client via the OMNI interface. OMNI interface multilink services
will send the carrier packets via FHS Proxy/Servers for the correct
underlay *NETs. The FHS Proxy/Server then re-encapsulates the carrier
packets and forwards them over the SRT which delivers them to an LHS
Proxy/Server, and the LHS Proxy/Server in turn re-encapsulates and
forwards them to the target Client. (Note that when the source and
target Client are on the same SRT segment, the FHS and LHS
Proxy/Servers may be one and the same.)Mobile Clients select a MAP Proxy/Server (not shown in the figure),
which will often be one of their FHS Proxy/Servers but could also be any
Proxy/Server on the OMNI link. Clients then register all of their *NET
underlay interfaces with the MAP Proxy/Server via per interface FHS
Proxy/Servers in a pure proxy role. The MAP Proxy/Server then provides
a designated router that advertises the Client's MNPs into the OMNI
link routing system, and the Client can quickly migrate to a new MAP
Proxy/Server if the former becomes unresponsive.Clients therefore use Proxy/Servers as gateways into the SRT to reach
OMNI link correspondents via a spanning tree established in a manner
outside the scope of this document. Proxy/Servers forward critical MS
control messages via the secured spanning tree and forward other
messages via the unsecured spanning tree (see Security Considerations).
When AERO route optimization is applied, Clients can instead forward
directly to correspondents in the same SRT segment to reduce
Proxy/Server and/or Gateway load.Note: while not shown in the figure, a Client's ENET may connect many
additional Hosts and even other Clients in a recursive extension of the
OMNI link. This OMNI virtual link extension will be discussed more fully
throughout the document.Note: Original IP packets/parcels sent into an OMNI interface will
receive consistent consideration according to their size as discussed
in the following sections, while those sent directly over underlay
interfaces that exceed the underlay network path MTU are dropped with
an ordinary ICMP Packet Too Big (PTB) message returned. These PTB
messages are subject to loss the same as for any non-OMNI IP
interface .The OMNI interface observes the link nature of tunnels, including
the Maximum Transmission Unit (MTU), Effective MTU to Send (EMTU_S),
Effective MTU to Receive (EMTU_R) and the role of fragmentation and
reassembly . The OMNI
interface is configured over one or more underlay interfaces as
discussed in , where underlay links and
network paths may have diverse MTUs. OMNI interface considerations
for accommodating original IP packets/parcels of various sizes
are discussed in the following sections.IPv6 underlay interfaces are REQUIRED to configure a minimum MTU of
1280 octets and a minimum EMTU_R of 1500 octets .
Therefore, the minimum IPv6 path MTU is 1280 octets since routers on the
path are not permitted to perform network fragmentation even though the
destination is required to reassemble more. The network therefore MUST
forward original IP packets/parcels as large as 1280 octets without
generating an IPv6 Path MTU Discovery (PMTUD) Packet Too Big (PTB)
message . Since each OAL intermediate system
must configure an EMTU_R of at least 65535 octets (see: ), the source can apply "source fragmentation" for carrier
packets as large as that size but this does not affect the minimum
IPv6 path MTU.)IPv4 underlay interfaces are REQUIRED to configure a minimum MTU of
68 octets and a minimum EMTU_R of 576 octets
. Therefore, when the
Don't Fragment (DF) bit in the IPv4 header is set to 0 the minimum
IPv4 path MTU is 576 octets since routers on the path support network
fragmentation and the destination is required to reassemble at least
that much. The OMNI interface therefore SHOULD set DF to 0 in the IPv4
encapsulation headers of carrier packets no larger than 576 octets,
and SHOULD set DF to 1 in larger carrier packets unless it has a
way to determine the EMTU_R of the next OAL hop as discussed in . This limitation is therefore relaxed by the
requirement that each OAL intermediate system must configure a
minimum EMTU_R of 65535 octets (see: )
allowing for IPv4 fragmentation and reassembly for larger
carrier packets.The OMNI interface itself sets an "unlimited" MTU of (2**32 - 1)
octets. The network layer therefore unconditionally admits all original
IP packets/parcels into the OMNI interface, where the adaptation layer
accommodates them if possible according to their size. For each parcel
that it accommodates, the OAL source within the OMNI interface first
performs "parcellation" if necessary to break large parcels into smaller
sub-parcels that can transit the OAL path (see: ).
The OAL source then invokes adaptation layer encapsulation/fragmentation
services to transform all original IP packets and (sub-)parcels no larger
that 65535 octets into OAL packets/fragments. The OAL source then applies
L2 encapsulation and fragmentation if necessary to form carrier packets
and finally forwards the carrier packets via underlay interfaces.When the OAL source performs IPv6 encapsulation and fragmentation
(see: ), the Payload Length field limits the
maximum-sized original IP packet/parcel that the OAL can accommodate
while applying IPv6 fragmentation to (2**16 - 1) = 65535 octets
(i.e., not including the OAL encapsulation header lengths). The
OAL source is also permitted to forward packets/parcels larger
than this size as a best-effort delivery service if the L2 path
can accommodate them through "jumbo-in-jumbo" encapsulation (see:
); otherwise, the OAL source discards the
packet and arranges to return a PTB "hard error" to the original
source (see: ).Each OMNI interface therefore sets a minimum EMTU_R of 65535 octets
(plus the length of the OAL encapsulation headers), and each OAL
destination must consistently either accept or reject still larger
whole packets that arrive over any of its underlay interfaces according
to their size. If an underlay interface presents a whole packet larger
than the OAL destination is prepared to accept (e.g., due to a buffer
size restriction), the OAL destination discards the packet and arranges
to return a PTB "hard error" to the OAL source which in turn forwards
the PTB to the original source (see: ).As specified in
and , an
IP parcel is an IP jumbogram variant for which an IPv6 Parcel Payload
Option field encodes a value between 256 and 65535 octets denoting the
non-final transport layer protocol segment length while the parcel body
includes as many as 64 individual transport layer protocol segments.
The Jumbo Payload length field is modified to include a Parcel Index
field plus flags followed by a Parcel Payload Length field which
together determine the size and number of transport layer segments
included in the parcel.IP parcel "parcellation" and "reunification" procedures for OMNI
interfaces are specified in
and , while OAL encapsulation
and fragmentation procedures are specified in
of this document. The maximum-sized IP parcel that can be conveyed over
an OMNI interface using OAL parcellation and IPv6 fragmentation-based
assured delivery is one with 64 segments of 65535 (minus headers)
octets in length. (The OAL source can instead forward large parcels
as a best-effort service using jumbo-in-jumbo encapsulation if the
OAL/L2 path can accommodate them.)IP parcels follow the same link models described for Advanced Jumbos
below. IP parcels that accumulate link errors on the path are subject
to error detection and correction at the final destination.ENET end systems that implement either the full OMNI interface
(i.e., Clients) or enough of the OAL to process parcels (i.e., Hosts)
are permitted to exchange parcels with consenting peers. This
accommodates nodes that connect to the OMNI link but do not
assign OAL addresses.While the maximum-sized original IP packet/parcel that the OAL can
accommodate using IPv6 fragmentation-based assured delivery is 65535
octets, OMNI interfaces can forward much larger singleton parcels
termed "Advanced Jumbos (AJs)" via jumbo-in-jumbo encapsulation
as specified in and . For jumbo-in-jumbo encapsulation
of large AJs, the OAL source appends an OAL IPv6 header plus extensions
then appends any L2 headers to identify this as an AJ. Since the Jumbo
Payload Length is 32 bits, the largest possible AJ is limited to
(2**32 - 1) octets minus the lengths of any extension/encapsulation
headers, or smaller still for transmission over underlay interfaces
that include additional extensions/encapsulations.Basic IPv6 jumbograms per use the Jumbo
Payload Option and set the IPv6 Payload Length field to 0. IP parcels
and AJs instead use an adaptation of the IPv6 Minimum Path MTU option
known as the Parcel Payload Option. The
OAL/L2 source forwards basic jumbograms and AJs as giant carrier
packets using jumbo-in-jumbo encapsulation, noting that traditional
32-bit link CRCs do not provide adequate integrity protection for
such large sizes . If a basic jumbogram is
dropped along the path to the OAL destination, the OAL source
arranges to return an ICMP PTB "hard error" to the original source.
If a parcel/AJ is dropped, the OAL source instead arranges to
return ICMP PTB "soft errors" (see: ).AJs range in size from the largest possible unit as discussed above
to the smallest unit that includes only the headers and a small or
possibly even null payload. Intermediate hops forward AJs that follow
a new DTN link model for the Internet (instead of dropping) even if
link errors were incurred along the path. The AJ will then arrive at
the destination along with any cumulative link errors collected on
the path. The final destination then applies end-to-end integrity
checks and/or error correction while requesting retransmission only
as a last resort. This link model may be more appropriate for
delay/disruption-tolerant environments such as anticipated for
air/land/sea/space mobile Internetworking.Advanced jumbo services for both IPv6 and IPv4 (including jumbo
path probing and jumbo-in-jumbo encapsulation) are specified in
and .The above sections primarily concern data plane aspects of the OMNI
interface MTU and describe the data plane service model offered to
the network layer. OMNI interfaces also internally employ a control
plane service based on IPv6 Neighbor Discovery (ND) messaging. These
control plane messages must be sent over secured underlay interfaces
(e.g., IPsec tunnels, secured direct point-to-point links, etc.) or
over unsecured paths but with an authentication signature included.
In all control plane path cases, the IPv6 minimum MTU of 1280 octets
must be assumed.OMNI interfaces therefore offer an unlimited data plane MTU to
the network layer but set a more conservative MTU for the internal
control plane operation. OMNI interfaces assume a fixed control
plane path MTU of 1280 octets (minus OAL encapsulation overhead)
for transmission of IPv6 ND messages. OMNI interfaces should send
multiple smaller IPv6 ND messages instead of singleton larger
messages whenever possible to minimize fragmentation.The OMNI interface forwards original IP packets/parcels from the
network layer for transmission over one or more underlay interfaces.
The OMNI Adaptation Layer (OAL) acting as the OAL source then applies
IPv6 encapsulation to form OAL packets subject to OAL fragmentation
producing fragments suitable for L2 encapsulation and transmission as
carrier packets. These carrier packets may in turn be subject to IP
fragmentation over underlay interface paths as described in . The carrier packets/fragments then travel over one
or more underlay networks spanned by OAL intermediate systems in the
SRT. Each successive OAL intermediate system performs L2 reassembly
(if necessary) then re-encapsulates by removing the L2 headers of
the first underlay network and appending L2 headers appropriate for
the next underlay network while re-fragmenting if necessary. (This
process supports the multinet concatenation capability needed for
joining multiple diverse networks.) Following any forwarding by OAL
intermediate systems, the carrier packets arrive at the OAL destination.When the OAL destination receives the carrier packets, it performs
L2 reassembly (if necessary) then discards the L2 headers and reassembles
the resulting OAL fragments into an OAL packet as described in . The OAL destination next decapsulates the OAL packet
to obtain the original IP packet/parcel which it then delivers to the
network layer. The OAL source may be either the source Client or its
FHS Proxy/Server, while the OAL destination may be either the LHS
Proxy/Server or the target Client. Proxy/Servers (and SRT Gateways
as discussed in ) may also
serve as OAL intermediate systems.The OAL presents an OMNI sublayer abstraction similar to ATM
Adaptation Layer 5 (AAL5). Unlike AAL5 which performs segmentation and
reassembly with fixed-length 53-octet cells over ATM networks, however,
the OAL uses IPv6 encapsulation, fragmentation and reassembly with
larger variable-length cells over heterogeneous networks. Detailed
operations of the OAL are specified in the following sections.When the network layer forwards an original IP packet/parcel
into the OMNI interface, it either sets the TTL/Hop Limit for
locally-generated packets or decrements the TTL/Hop Limit
according to standard IP forwarding rules. The OAL source next
creates an "OAL packet" by prepending an IPv6 encapsulation
header in the spirit of . The OAL
source includes the IPv6 encapsulation header then sets Version
to "OMNI-OFH" (see: ) and Next Header to
TBD1 (see: IANA Considerations).When the OAL source performs IPv6 encapsulation, it next
copies the "Type of Service/Traffic Class" and "Explicit Congestion Notification
(ECN)" values in the original
packet/parcel's IP header into the corresponding fields in
the OAL IPv6 header then sets the IPv6 header "Flow Label" as
specified in . The OAL source next
sets the IPv6 header Payload Length to the length of the
original IP packet/parcel and sets Hop Limit to a value that
is sufficiently large to support loop-free forwarding over
multiple concatenated OAL intermediate hops. The OAL source
next selects OAL IPv6 source and destination addresses
associated with its own adaptation layer interface and
the adaptation layer interface of the target.The OAL source next inserts any necessary extension headers
following the IPv6 header as specified in .
For OAL data plane packets, the source first inserts any per-fragment
extension headers (e.g., Hop-by-Hop, Routing, etc.) then inserts an
IPv6 Extended Fragment Header (see: ) with an 8-octet (64-bit) OAL packet
Identification. Note that the extension header insertions could cause
the IPv6 Payload Length to exceed 65535 octets by a small amount when
the original IP packet is (nearly) the maximum length. The OAL source
then fragments the OAL packet if necessary according to an OAL
Fragment Size (OFS) maintained in AERO Forwarding Vectors (AVFs)
for each OAL destination. (The OAL source processes OAL packets
with payloads that are no larger than the OFS and original IP
packets/parcels larger than 65535 octets as "atomic fragments".)
OAL fragments prepared by the source must not be fragmented further
by OAL intermediate systems on the path to the OAL destination.OAL packets that contain original IP parcels no larger than
(64*65535) octets may be first subject to OMNI interface parcellation,
after which the (sub-)parcels (as well as OAL packets that contain
original IP packets no larger than 65535 octets) are subject to OAL
fragmentation-based assured delivery. Advanced Jumbos (AJs) larger
than 65535 octets (see:
and ) are not eligible
for OAL fragmentation but instead engage a best effort jumbo-in-jumbo
encapsulation service as discussed in .
(Note: the original source can optionally elect this best-effort
jumbo-in-jumbo delivery service for any parcel/AJ regardless of
its size.)OAL fragmentation is conducted according to the IPv6 Extended
Fragment Header (EFH) fragmentation specification in with the exception that the IPv6
Payload Length may exceed 65535 by at most the length of the extension
headers. The OAL source MUST set a "maximum OFS" to a size no smaller
than 1024 octets and thereafter reduce or increase the "effective OFS"
according to dynamic network control message feedback. The OAL source
SHOULD limit the maximum OFS to a size no larger than 65279 octets
unless it has assurance that a larger size can be accommodated.
(Note that these sizes allow for up to 256 octets of L2 encapsulation
relative to the IPv6 minimum MTU and maximum fragmented packet size.)
If an OAL intermediate system or the OAL destination advertises
a reduced size, the OAL source SHOULD reduce the effective OFS
accordingly (to a size no smaller than 1024 octets) and can later
increase the effective OFS as network conditions improve. When the
OAL source performs fragmentation, it SHOULD produce the minimum number
of fragments under the effective OFS constraints. The fragments produced
MUST be non-overlapping and the portion of each non-final fragment
following the IPv6 Extended Fragment Header MUST be equal in length
while that of the final fragment MAY be smaller and MUST NOT be
larger.The OAL source discovers the maximum OFS by including an IPv6 Minimum
Path MTU Hop-by-Hop Option in the OAL encapsulation
header of its Neighbor Solicitation (NS) / Neighbor Advertisement (NA)
exchanges over the secured spanning tree used to establish multilink
forwarding state (see: ). Each
OAL intermediate system on the path sets the minimum path MTU in the NS
message OAL extension header to the maximum OFS capable of traversing
the next segment. (Note that segments traversed by L2 encapsulations
such as IP tunnels can normally regard the MTU for their unsecured
overlay network segments as 65535 octets while those traversed by direct
point-to-point links and multihop MANET links must regard the link MTU
as a restricting size; therefore, each OAL intermediate system MUST
correctly recognize and honor the IPv6 Minimum Path MTU Hop-by-Hop
Option. Note also that OAL intermediate systems forward the NS/NA
messages in the control plane, but the returned MTU reflects the
maximum OFS for the data plane.) When the OAL destination returns
an NA message with an OAL header containing an IPv6 Minimum Path
MTU Hop-by-Hop Option, the OAL source can then set the maximum OFS
for this AFV by subtracting 256 from the returned MTU. The OAL source
can later adaptively increase or decrease the effective OFS if it
receives dynamic path MTU feedback from an OAL intermediate node
or destination with the understanding that larger OFS sizes may
provide better performance but also increase the retransmission
unit in case of loss.For each first fragment, the OAL source replaces the IPv6 Extended
Fragment Header 1-octet "Reserved" field with the encoding shown in
:
For the first fragment, the OAL source then sets "Parcel ID",
"(P)arcel" and "More (S)egments" as specified in .For each consecutive fragment beginning with the first, the
OAL source then writes a monotonically-increasing "ordinal" value
between 0 and 63 in the Extended Fragment Header Index field.
Specifically, the OAL source writes the ordinal value '0' for
the first fragment, '1' for the first non-first fragment, '2'
for the next, '3' for the next, etc. up to the final fragment.
The final fragment may assign an ordinal as large as '63' such
that at most 64 fragments are possible. During a network path
change, an OAL intermediate system may apply further OAL
fragmentation to produce minimum-length (sub-)fragments. The
OAL destination will then reassemble these (sub-)fragments
then combine each reassembled fragment with all other fragments
of the same OAL packet and return rate-limited indications to
inform the OAL source that the path has changed.The OAL source finally encapsulates the fragments in L2 headers to
form carrier packets for transmission over underlay interfaces, while
retaining the fragments and their ordinal numbers (i.e., #0, #1, #2,
etc.) for a brief period to support adaptation layer retransmissions
(see: ). OAL fragment and carrier packet formats
are shown in (note that IPv4 carrier packets
with DF=0 may include trailing checksums ("Csum") as discussed in ).
The OAL source or intermediate system next encapsulates each OAL
fragment (with either full or compressed headers) in L2 encapsulation
headers to create a carrier packet. The OAL source or intermediate
system (i.e., the L2 source) includes a UDP header as the innermost
sublayer if NATs and/or filtering middleboxes might occur on the path.
Otherwise, the L2 source includes a full/compressed IP header and/or
an actual link layer header (e.g., such as for Ethernet-compatible
links) as the innermost sublayer. The L2 source also appends any
additional encapsulation sublayer headers necessary (e.g., IPsec
AH/ESP, jumbo-in-jumbo encapsulation, etc.).The L2 source encapsulates the OAL information immediately
following the innermost L2 sublayer header. The L2 source next
interprets the first 4 bits following the L2 headers as a Type
field that determines the type of OAL header that follows. The OAL
source sets Type to (OMNI-OFH) for an uncompressed IPv6 OMNI Full Header
(OFH) or (OMNI-OCH1/2) for an OMNI Compressed Header, Type 1 (OCH1) or
2 (OCH2) as specified in . For IP packets/parcels
that do not include an OAL IPv6 encapsulation header, the L2 source
instead interprets the first 4 bits as a Version field that encodes
'4' (OMNI-IP4) for an ordinary IPv4 packet/parcel or '6' (OMNI-IP6)
for an ordinary IPv6 packet/parcel. Other Type values (including a
Type for a Hop-by-Hop Options header that includes a Parcel Payload
Option) may also appear as specified in .The OAL node prepares the L2 encapsulation headers for OAL
packets/fragments as follows:For UDP/IP encapsulation, the L2 source sets the UDP source port
to 8060 (i.e., the port number reserved for AERO/OMNI). When the
L2 destination is a Proxy/Server or Gateway, the L2 source sets
the UDP destination port to 8060; otherwise, the L2 source sets
the UDP destination port to its cached port number value for the
peer. The L2 source next sets the UDP Length the same as specified
in . (If the OAL packet
is submitted for jumbo-in-jumbo encapsulation, the L2 source instead
includes a Hop-by-Hop Options header with a Parcel Payload Option
with Advanced Jumbo Type 0 following the L2 UDP/IP header with the
length of the L2 UDP header included in the Jumbo Payload Length.)
The L2 source then sets the IP {Protocol, Next Header} to '17' (the
UDP protocol number) and sets the {Total, Payload} Length the same
as specified in the base IP protocol specifications for IP parcels
and Advanced Jumbos (see:
and ) or for ordinary
IP packets (see: ,
and ). The L2 source then
continues to set the remaining IP header fields as discussed below.For raw IP encapsulation, the L2 source sets the IP {Protocol,
Next Header} to TBD1 (see: IANA Considerations) and sets the
{Total, Payload} Length the same as specified in or . (If the OAL header
includes a Parcel Payload Option with an Advanced Jumbo Type,
the L2 source includes an Parcel Payload Option with AJ Type
0 in the L2 IP header.) The L2 source then continues to set
the remaining IP header fields as discussed below.For IPsec AH/ESP encapsulation, the L2 source sets the
appropriate IP or UDP header to indicate AH/ESP then sets
the AH/ESP Next Header field to TBD1 the same as for raw
IP encapsulation.For direct encapsulations over Ethernet-compatible links, the
L2 source prepares an Ethernet Header with EtherType set to TBD2
(see: ) (see: ).For OAL packet/fragment encapsulations over secured underlay
interface connections to the secured spanning tree, the L2 source
applies any L2 security encapsulations according to the protocol
(e.g., IPsec). These secured carrier packets are then subject to
lower layer security services including fragmentation and reassembly.When an L2 source includes a UDP header, it SHOULD calculate and
include a UDP checksum in carrier packets with full OAL headers to
prevent mis-delivery and/or detect IPv4 reassembly corruption; the
L2 source MAY set UDP checksum to 0 (disabled) in carrier packets
with compressed OAL headers (see: ) or when
reassembly corruption is not a concern. If the L2 source discovers
that a path is dropping carrier packets with UDP checksums disabled,
it should supply UDP checksums in future carrier packets sent to
the same L2 destination. If the L2 source discovers that a path
is dropping carrier packets that do not include a UDP header, it
should include a UDP header in future carrier packets.When an L2 source sends carrier packets with compressed OAL headers
and with UDP checksums disabled, mis-delivery due to corruption of the
AERO Forwarding Vector Index (AFVI) is possible but unlikely since the
corrupted index would somehow have to match valid state in the
(sparsely-populated) AERO Forwarding Information Base (AFIB). In the
unlikely event that a match occurs, an OAL destination may receive
carrier packets that contain a mis-delivered OAL fragment but can
immediately reject any with incorrect Identifications. If the Identification
value is somehow accepted, the OAL destination may submit the mis-delivered
OAL fragment to the reassembly cache where it will most likely be
rejected due to incorrect reassembly parameters. If a reassembly that
includes the mis-delivered OAL fragment somehow succeeds (or, for
atomic fragments) the OAL destination will verify any included
checksums to detect corruption. Finally, any spurious data that
somehow eludes all prior checks will be detected and rejected by
end-to-end upper layer integrity checks. See: for further discussion.For UDP/IP or IP-only L2 encapsulations, when the L2 source is
also the OAL source it next copies the "Type of Service/Traffic Class"
and "Explicit Congestion Notification (ECN)"
values in the OAL header into the corresponding
fields in the L2 IP header, then (for IPv6) set the L2 IPv6 header
"Flow Label" as specified in . The L2 source
then sets the L2 IP TTL/Hop Limit the same as for any host (i.e., it
does not copy the Hop Limit value from the OAL header) and finally
sets the source and destination IP addresses to direct the carrier
packet to the next OAL hop. For carrier packets subject to
re-encapsulation, the OAL intermediate system as the L2 source
reassembles if necessary then removes the L2 header(s). The L2
source then decrements the OAL header Hop Limit and discards the
OAL packet/fragment if the value reaches 0. The L2 source then
copies the Type of Service/Traffic Class and ECN values from the
previous segment L2 encapsulation header into the next segment L2
encapsulation header while setting the next segment L2 source and
destination IP addresses the same as above. (The L2 source also
writes the ECN value into the OAL full/compressed header.)The L2 source then applies source fragmentation if necessary
by inserting an IPv6 Fragment Header between the L2 headers and
the (compressed) OAL header then applying IP fragmentation per
or
to produce carrier packet fragments no larger than the current
Carrier Fragment Size (CFS). (Note that the OMNI protocol L2 headers
appear in each fragment and the Fragment Header Next Header field
is adjusted as described in following
fragmentation.) The L2 source should prepare carrier packet fragments
no larger than 1280 octets (i.e., the IPv6 minimum MTU) until it can
determine whether a larger CFS is possible, e.g., through dynamic
path probing to the L2 destination. For IPv4, until a probed CFS
is determined the L2 source must set DF to 0 and include ancillary
integrity checks (see below); these IPv4 carrier packet fragments
may be (further) fragmented by intermediate systems in the L2
network.For UDP/IPv4 carrier packets/fragments that set DF to 0, the L2
source calculates the UDP checksum and also includes a trailing
2-octet IPv4 reassembly checksum as specified in . The L2 source calculates the checksums simultaneously
in a single pass over the UDP pseudo-header plus the remainder of
the packet following the header, then writes the UDP result in the
UDP header and the IPv4 fragmentation result as the final 2 octets
of the packet while incrementing the IPv4 length by 2. For raw IPv4
carrier packet (re-)encapsulation with DF set to 0, the source
instead includes a trailing 2-octet IPv4 payload checksum followed
by a 2-octet IPv4 reassembly checksum (calculated as above) while
incrementing the IPv4 length by 4. The source calculates the
IPv4 payload checksum the same as specified for UDP checksums
, except that instead of the UDP length the
pseudo header includes the length of the IPv4 payload only without
including the IPv4 header or trailing checksum lengths. The source
calculates the IPv4 payload and reassembly checksums simultaneously
in a single pass over the pseudo header plus IPv4 payload the same
as for the UDP case without extending to cover the trailing checksum
fields themselves. (In both the UDP/IPv4 and raw IPv4 cases, the
trailing checksum lengths will not cause the carrier packet to
exceed 65535 octets since each OAL fragment reserves space for
up to 256 L2 encapsulation octets.)The L2 source then sends the resulting carrier packet fragments
over one or more underlay interfaces. Underlay interfaces often
connect directly to physical media on the local platform (e.g.,
an aircraft with a radio frequency link, a laptop computer with
WiFi, etc.), but in some configurations the physical media may be
hosted on a separate Local Area Network (LAN) node. In that case,
the OMNI interface can establish a Layer-2 VLAN or a point-to-point
tunnel (at a layer below the underlay interface) to the node hosting
the physical media. The OMNI interface may also apply encapsulation
at the underlay interface layer (e.g., as for a tunnel virtual interface)
such that carrier packets would appear "double-encapsulated" on the LAN;
the node hosting the physical media in turn removes the LAN encapsulation
prior to transmission or inserts it following reception. Finally, the
underlay interface must monitor the node hosting the physical media
(e.g., through periodic keepalives) so that it can convey up-to-date
Interface Attribute information to the OMNI interface.Note: UDP/IPv4 and IPv4 L2 encapsulations that use IPsec AH/ESP
do not include payload or reassembly integrity checks since the
security encapsulations already include strong integrity checks.Note: the L2 source must include a suitable Identification value
in the IPv6 Fragment Header when it performs source fragmentation
and must also include a suitable Identification value in the IPv4
header when it sets DF=0.For paths that cannot rely on network fragmentation to deliver
carrier packets that exceed the path MTU, the L2 source should actively
probe the path to determine the largest possible Carrier Fragment Size
(CFS) for the L2 destination under current path conditions. The L2 source
conducts probing in the spirit of "Packetization Layer Path MTU Discovery
for Datagram Transports" using a probe packet
such as an NS message that includes Nonce and Timestamp options
plus a discard trailing packet attachment as
specified in . The L2 source then encapsulates
the message in L2 headers as a whole carrier packet and sends the message
over the unsecured underlay interface (for IPv4, the L2 source also sets
the probe packet DF flag to 1.)Prior to any probing, the L2 source assumes a nominal CFS of 1280
octets (the IPv6 minimum MTU) for both IPv6 and IPv4. Since this size
is greater than the IPv4 minimum MTU, the L2 source must set the DF bit
to 0 in each carrier packet to increase the likelihood that it will
reach the L2 destination. When the L2 source sets DF to 0, it must
include IPv4 payload/reassembly checksum(s) as discussed above.When the L2 source engages probing, it will receive NA responses
from the L2 destination to confirm delivery of its OAL and L2
encapsulated padded NS messages. When the L2 source receives an
NA with a matching Nonce, it can then advance CFS to the size of
the NS probe. The L2 source must then continuously probe to confirm
the current CFS or advance to even larger CFS values using the probing
strategies specified in .After the L2 source confirms a CFS through probing, it can send
carrier packet fragments up to CFS octets in length and with DF set
to 1 for IPv4. If the path changes, the L2 source may receive a PTB
message from a router on the path and should then reduce and/or
re-probe the CFS accordingly.All OAL intermediate systems and destinations MUST configure an L2
EMTU_R of 65535 octets on all unsecured underlay interfaces to enable
successful reassembly of fragmented carrier packets no larger than that
size (conversely, secured underlay interfaces use an EMTU_R specific to
the L2 security service such as IPsec). OAL nodes are permitted to accept
still larger unfragmented parcels/AJs as a best-effort service. OAL
nodes must further recognize and honor the extended Identifications
included in the IPv6 Extended Fragment Header .When an OAL node reassembles an IPv4 or IPv6 carrier packet,
it accepts the reassembled packet following L2 checksum verification
if necessary. When an OAL node reassembles an IPv4 carrier packet with
DF set to 0, it must verify both the UDP or IPv4 payload checksum and
the IPv4 reassembly checksum. The OAL node then accepts the reassembled
packet only if the included checksums are correct, then trims the
trailing payload/reassembly checksum(s) by decrementing the IPv4
length before processing the packet further. When an OAL node detects
a checksum error or failed reassembly for either IPv4 or IPv6 carrier
packets, and the IP first fragment includes enough of the OAL packet
header, the OAL node returns a uNA message with an OMNI Fragmentation
Report (FRAGREP) option to the OAL source as specified in . The FRAGREP provides immediate feedback allowing
the OAL source to quickly retransmit the OAL fragment(s) lost due
to corruption.If the carrier packet encodes OMNI L2 extension headers per
, the OAL node instead removes the UDP header
if necessary and submits the packet for IPv6 extension header processing
per (while converting IPv4/Ethernet headers to
IPv6 and converting IPv4/EUI addresses to IPv6 compatible addresses if
necessary as specified above). The OAL node first sets the IPv6 Next
Header field to the 8 bit protocol value for the first extension. When
an (Extended) Fragment Header is included, the OAL node performs L2
reassembly per the IPv6 extension header parameters.When an OMNI interface processes a (reassembled) carrier packet
from an underlay interface, it copies the ECN value from the L2
encapsulation headers into the OAL header if the carrier packet
contains an OAL first-fragment. The OMNI interface next discards
the L2 encapsulation headers and examines the OAL header of the
enclosed OAL fragment according to the value in the Type field
as discussed in . If the OAL fragment is
addressed to a different node, the OMNI interface (acting as an
OAL intermediate system) performs L2 encapsulation and fragmentation
if necessary then forwards while decrementing the OAL Hop Limit as
discussed in . If the OAL fragment is
addressed to itself, the OMNI interface (acting as an OAL
destination) accepts or drops the fragment based on the
(Source, Destination, Identification)-tuple.The OAL destination next drops all ordinal OAL non-first fragments
that would overlap or leave "holes" with respect to other ordinal
fragments already received. The OAL destination updates a checklist
of accepted ordinal fragments of the same OAL packet but admits
all accepted fragments into the reassembly cache.During reassembly at the OAL destination, the reassembled OAL
packet may exceed 65535 by a small amount equal to the size of the
OAL encapsulation extension headers. The OAL destination does not
write this (too-large) value into the OAL header Payload Length
field, but rather remembers the value during reassembly. When
reassembly is complete, the OAL destination finally removes the
OAL headers. The OAL destination then delivers the original
IP packet/parcel to the network layer. The original IP
packet/parcel may therefore be as large as 65535 octets,
or larger still for large parcels/AJs delivered through
jumbo-in-jumbo encapsulation without invoking fragmentation.When an OAL path traverses an IPv6 network with routers that perform
adaptation layer forwarding based on full IPv6 headers with OAL addresses,
the OAL intermediate system at the head of the IPv6 path forwards the OAL
packet/fragment the same as an ordinary IPv6 packet without decapsulating
and delivering to the network layer. Once within the IPv6 network, these
OAL packets/fragments may traverse arbitrarily-many IPv6 hops before
arriving at an OAL intermediate system which may again encapsulate the
OAL packets/fragments as carrier packets for transmission over underlay
interfaces.Note: carrier packets often traverse paths with underlying links that
use integrity checks such as CRC-32 which provide adequate hop-by-hop
integrity assurance for payloads up to ~9K octets .
However, other paths may traverse links (such as fragmenting tunnels
over IPv4 - see: ) that do not include adequate
checks. The end-to-end integrity checks in IP parcels and AJs therefore
allow the final destination to detect any link errors that may have
accumulated along the path even if the links themselves do not provide
adequate error checking.The IPv6 specification defines extension
headers that follow the base IPv6 header, while Upper Layer Protocols
(ULPs) are specified in other documents. Each extension header present
is identified by a "Next Header" octet in the previous (extension)
header and encodes a "Next Header" field in the first octet that
identifies the next extension header or ULP instance. The OMNI
specification supports encoding of IPv6 extension header chains
immediately following the OMNI L2 UDP, IP or Ethernet header even
if the L2 IP protocol version is IPv4. In all cases, the length
of the IPv6 extension header chain is limited by .The OAL source prepares an OMNI extension header chain by setting
the first 4 bits of the first IPv6 extension header in the chain to a
Type value for the extension header itself immediately following the
OMNI L2 protocol header. The source then sets the next 4 bits to a Next
value that identifies either a terminating ULP or the next extension
header in the chain. The source then sets the first 8 bits of each
subsequent IPv6 extension header in the chain to the standard Next
Header encoding as shown in :The following Type/Next values are currently defined: 0 (OMNI-RES) - Reserved for experimentation. 1 (OMNI-OCH1) - OMNI Compressed Header, Type 1 per . 2 (OMNI-OCH2) - OMNI Compressed Header, Type 2 per . 3 (OMNI-OFH) - OMNI Full Header, per . 4 (OMNI-IP4) - IPv4 header per . 5 (OMNI-HBH) - Hop-by-Hop Options per Section 4.3 of . 6 (OMNI-IP6) - IPv6 header per . 7 (OMNI-RH) - Routing Header per Section 4.4 of . 8 (OMNI-FH) - Fragment Header per Section 4.5 of . 9 (OMNI-DO) - Destination Options per Section 4.6 of .10 (OMNI-AH) - Authentication Header per .11 (OMNI-ESP) - Encapsulating Security Payload per .12 (OMNI-NNH) - No Next Header per Section 4.7 of .13 (OMNI-TCP) - TCP Header per .14 (OMNI-UDP) - UDP Header per .15 (OMNI-ULP) - Upper Layer Protocol shim (see below).Entries OMNI-OCH1 through OMNI-AH in the above list follow the
convention that the OMNI Type/Version appears in the first 4 bits
of the extension header (or IP header) itself. Conversely, entries
OMNI-ESP through OMNI-UDP represent commonly-used ULPs which do
not encode a Type/Version in the first 4 bits.Entries OMNI-HBH, OMNI-RH, OMNI-FH, OMNI-DO and OMNI-AH represent
true IPv6 extension headers encoded for OMNI, which may be chained.
Source and destination processing of OMNI extension headers follows
exactly per their definitions in the normative references, with the
exception of the special (Type, Next) coding in the first 8 bits of
the first extension header.When a ULP not found in the above table immediately follows
the OMNI L2 UDP, IP or Ethernet header, the source includes a 2-octet
"Type 1 ULP Shim" before the ULP where both the first 4 bit (Type) and
next 4 bit (Next) fields encode the special value 15 (OMNI-ULP). The
source then includes a Next Header field that encodes the IP protocol
number of the ULP. The source then includes the ULP data immediately
after the shim as shown in .When a ULP "OMNI-(N)" found in the above table immediately follows
the OMNI L2 UDP, IP or Ethernet header, the source includes a 1-octet
"Type 2 ULP Shim" before the ULP where the first 4 bits encode the
special Type value 15 (OMNI-ULP) and the next 4 bits encode the Next
ULP type "N" taken from the table above. The source then includes the
ULP data immediately after the shim as shown in .When a ULP not found in the above table follows a first OMNI
extension header, the source sets the extension header Next field
to OMNI-ULP (15) and includes a 1-octet "Type 3 ULP Shim" that
encodes the IP protocol number for the Next Header of the ULP
data that follows as shown in .When a ULP "OMNI-(N)" found in the above table follows a first
OMNI extension header, the source sets the extension header Next
field to the ULP Type "N" and does not include a shim. The ULP
then begins immediately after the first OMNI extension header.When a ULP of any kind follows a non-first OMNI extension
header, the source sets the extension header Next Header field to
the IP protocol number for the ULP and does not include a shim. The
ULP then begins immediately after the non-first OMNI extension header.Note: The L2 UDP header (when present) is logically considered as
the first L2 extension header in the chain. If an Advanced Jumbo
extension header is also present, its Jumbo Payload length includes
the length of the L2 UDP header.Note: After a node parses the extension header chain, it changes
the "Type/Next" field in the first extension header back to the
correct "Next Header" value before processing the first extension
header.OAL sources that send OAL packets with OMNI Full Headers (OFH)
include a Compressed Routing Header (CRH) and IPv6 Extended Fragment
Header extensions for segment-by-segment forwarding based on an
AERO Forwarding Information Base (AFIB) in each OAL intermediate
system. OAL sources, intermediate systems and destinations establish
header compression state in the AFIB through IPv6 ND NS/NA message
exchanges. After an initial NS/NA exchange, OAL nodes can apply
OMNI Header Compression to significantly reduce header overhead.OAL nodes apply header compression in order to avoid transmission
of redundant data found in the original IP packet and OAL encapsulation
headers; the resulting compressed headers are often significantly smaller
than the original IP packet header itself even when OAL encapsulation is
applied. Header compression is limited to the OAL IPv6 encapsulation
header plus extensions along with the base original IP packet header;
it does not extend to include any extension headers of the original
IP packet which appear as upper layer payload immediately following
the compressed headers.Each OAL node establishes AFIB soft state entries known as AERO
Forwarding Vectors (AFVs) which support both OAL packet/fragment
forwarding and OAL/IPv6 header compression/decompression. The FHS
OAL sources references each AFV by an AERO Forwarding Vector
Index (AFVI) which in conjunction with the previous hop L2ADDR
provides compression/decompression and next hop forwarding
context.When an OAL node sends carrier packets that contain OAL
packets/fragments to a next hop, it includes an OFH with a
CRH containing AFVI forwarding information followed by an
Extended Fragment Header. If the OAL source applied OAL
encapsulation, the first 4 bits following the L2 headers
must encode the Type OMNI-OFH to signify that an uncompressed
OFH (plus extensions) is present; otherwise, the first 4
bits must encode the value OMNI-IP6 as a Type/Version value
for IPv6. The CRH include a single 32-bit AFVI (as CRH-32)
and with Segments Left set to 1.When an OAL intermediate system forwards an OAL packet, it
determines the AFVI for the next OAL hop by using the AFVI
included in the CRH to search for a matching AFV. The OAL
intermediate system then writes the next hop AFVI into the
CRH and forwards the OAL packet to the next hop without
decrementing Segments Left. This same AFVI re-writing
progression begins with the OAL source then continues
over all OAL intermediate nodes and finally ends at the
OAL destination.When AFV state is available, the OAL source should omit
significant portions of the OAL header (plus extensions) and
the entire original IP packet header by applying OMNI header
compression. For OAL first fragments (including atomic
fragments), the OAL source uses OMNI Compressed Header, Type 1
(OCH1) Format (a) as shown in :
The format begins with a 4-bit Type followed by
the 8-bit Traffic Class (copied into the OAL header from the
original IP packet header) followed by an 8-bit (OAL) Hop
Limit followed by followed by a 6-bit Parcel ID with 2 P/S
control bits followed by 4 flag bits. The header next includes
the 4 least significant octets of the OAL Identification followed
by a 2/4-octet AFVI according to whether the A flag is set to
0/1, respectively. The format then includes a 2-octet Payload
Length only if the L2 header does not include a length field.
The format finally includes the Next Header and Hop Limit
values from the original (L3) IP packet header, plus a 2-octet
Header Checksum only for IPv4 original packets. (Note that
these values represent compression of the original IP packet
header plus the OFH header along with its CRH-32 and Extended
Fragment Header in a unified concatenation.)The OAL node sets Type to OMNI-OCH1, sets Hop Limit to
the uncompressed OAL header Hop Limit and sets the ECN bits
in the Traffic Class field the same as for an uncompressed
IP header. The OAL node next sets (F)irst to 1 as a first
fragment then sets (M)ore Fragments, Parcel ID, (P)arcel,
and More (S)egments the same as for an uncompressed Extended
Fragment Header. The OAL node finally sets the L3 Next Header
and Hop Limit fields to the values that would appear in the
uncompressed original IP header; the OAL node also includes
a 2-octet Header Checksum for IPv4 original packets, or
omits the Header Checksum for IPv6 original packets.The payload of the OAL first fragment (i.e., beginning after
the original IP header) is then included immediately following
the OCH1 header, and the L2 header length field (if present) is
reduced by the difference in length between the compressed and
full-length headers. If the L2 header includes a length field,
the OAL destination can determine the payload length by examining
the L2 header; otherwise, the OCH1 header itself includes a 2-octet
Payload Length field that encodes the length of the packet payload
(or first fragment) that follows the OCH1. Note that first fragments
(and atomic packets) are logically considered ordinal fragment 0
even though no ordinal value is transmitted.When the OAL source has multiple original atomic IP packets
enqueued that would include identical original IP headers (except
for the Payload Length), it can set the (Q)ueued flag and perform
"compressed packing" (see: ). When the Q
flag is set, the M flag MUST be 0, meaning that the payload MUST
NOT extend beyond the first fragment. The Payload Length field
MUST be included, but encodes the length of the first queued packet
payload only. The OCH1 header is then followed by the payload
of the first queued packet (i.e., with the IP header removed)
which is followed by a second Payload Length field that encodes
the length of the second queued packet payload. The second Payload
Length is then followed by the payload of the second queued packet
which is followed by a third Payload Length (and possibly also a
third packet payload), etc., until a final Payload Length field
that encodes the value 0 appears. When the OAL destination
receives an OCH1 OAL packet with the Q flag set, it extracts
each packet payload (while appending the original IP header
with only the Payload Length values differing) by following
the chain of Payload Length fields present.For OAL non-first fragments (i.e., those with non-zero Index),
the OAL uses OMNI Compressed Header, Type 1 (OCH1) Format
(b) as shown in :The format begins with a 4-bit Type followed by
an 8-bit Traffic Class followed by an 8-bit OAL Hop Limit
the same as for first fragments. The format next includes a
6-bit ordinal fragment Index followed by a (F)irst flag, an
(A)FVI extension flag and finally a (M)ore Fragments flag.
The format next includes the least-significant 4 octets of
the OAL Identification followed by a 2/4-octet AFVI according
to the A flag followed by a 0/2-octet Payload Length field
the same as for an OCH1 first fragment.The OAL node sets Type to OMNI-OCH1, sets Hop Limit to the
uncompressed OAL header Hop Limit value, and sets (Index,
(F)irst, (M)ore Fragments, Identification) to their appropriate
values as a non-first fragment. In particular, the OAL Node
sets Index to a monotonically increasing ordinal value
beginning with 1 for the first non-first fragment, 2 for the
second non-first fragment, 3 for the third non-first fragment,
etc., up to at most 63 for the final fragment.The OAL non-first fragment body is then included immediately
following the OCH1 header, and the L2 header length field (if
present) is reduced by the difference in length between the
compressed headers and full-length original IP header with
OFH plus extensions. The OAL destination will then be able
to determine the Payload Length by examining the L2 header
length field if present; otherwise by examining the 2-octet
OCH1 Payload Length the same as for first fragments.The OCH1 Format (a) is used for all original IPv6 packets
that do not include a Fragment Header as well as for original
IPv4 packets that set IHL to 5, DF to 1 and (MF; Fragment
Offset) to 0 (the OCH1 Format (b) is used for all non-first
fragments regardless of the original IP version). For other
"non-atomic" original IP packets and first fragments, the
OAL uses the "Type 2" OMNI Compressed Header (OCH2) formats
shown in and :In both of the above OCH2 formats, the leading octets
include the same information that would appear in a
corresponding OCH1 header with the exception that the
(Q, F) flags are replaced by a 2-bit Reserved field.
The remainder of the OCH2 format (a) includes fields
that would appear in an uncompressed IPv6 header plus
Fragment Header extension per ,
while the remainder of format (b) includes fields that
would appear in an uncompressed IPv4 header per with the Options and Padding lengths
calculated based on IHL. In both cases, the Source and
Destination addresses are not transmitted. (Note that
packing is not supported with the OCH2 format since
each non-atomic IP packet header will often include
different values.)When an OAL destination or intermediate system receives a carrier
packet, it determines the length of the encapsulated OAL information
and verifies that the innermost L2 next header field indicates OMNI (see:
), then processes any included OMNI L2 extension
headers as specified in . The OAL destination
then examines the Next Header field of the final L2 extension header.
If the Next Header field contains the value TBD1, and the 4-bit Type
that follows encodes a value OMNI-IP6, OMNI-OFH, OMNI-OCH1 or
OMNI-OCH2 the OAL node processes the remainder of the OAL header
as a full or compressed header as specified above.The OAL node then uses the AFVI to locate the cached AFV which
determines the next hop. During forwarding for compressed headers,
the OAL node changes the OCH AFVI to the cached value for the AFV
next hop. If the OAL node is the destination, it instead reconstructs
the OFH and original IP headers based on the information cached in
the AFV combined with the received information in the OCH1/2. For
non-atomic fragments, the OAL node then adds the resulting OAL
fragment to the reassembly cache if the Identification is
acceptable. Following OAL reassembly if necessary, the OAL
node delivers the original IP packet to the network layer.For all OCH1/2 types, the source node sets all Reserved fields and
bits to 0 on transmission and the destination node ignores the values
on reception. For both OCH1/2, ECN information is compiled for first
fragments, and not for non-first fragments.Finally, if an IPv6 Hop-by-Hop (HBH) and/or Routing Header
extension header is required to appear as per-fragment extensions
with each OAL fragment that uses OCH1 format (b) or OCH2 compression
the OAL node inserts an OMNI-HBH and/or OMNI-RH header as the first
extension(s) following the L2 header and before the OMNI-OCH1/2
as discussed in .When the OAL node is unable to determine whether the next OAL
hop is connected to the same underlay link, it should perform
carrier packet L2 encapsulation for initial packets sent via the
next hop over a specific underlay interface by including full
UDP/IP headers and with the UDP port numbers set as discussed
in . The node can thereafter attempt to
send an NS to the next OAL hop in carrier packet(s) that omit the
UDP header and set the IP protocol number to TBD1. If the OAL node
receives an NA reply, it can omit the UDP header in subsequent
packets. The node can further attempt to send an NS in carrier
packet(s) that omit both the UDP and IP headers and set EtherType
to TBD2. If the source receives an NA reply, it can begin omitting
both the UDP and IP headers in subsequent packets.Note: in the above, "next OAL hop" refers to the first OAL node
encountered on the optimized path to the destination over a specific
underlay interface as determined through route optimization (e.g.,
see: ). The next OAL hop
could be a Proxy/Server, Gateway or the OAL destination itself.The OAL encapsulates each original IP packet/parcel as an OAL
packet then performs fragmentation to produce one or more carrier
packets with the same 8-octet Identification value. In environments
where spoofing is not considered a threat, OMNI interfaces send OAL
packets with Identifications beginning with an unpredictable Initial
Send Sequence (ISS) value monotonically
incremented (modulo 2**64) for each successive OAL packet sent to
either a specific neighbor or to any neighbor. (The OMNI interface
may later change to a new unpredictable ISS value as long as the
Identifications are assured unique within a timeframe that would
prevent the fragments of a first OAL packet from becoming associated
with the reassembly of a second OAL packet.) In other environments,
OMNI interfaces should maintain explicit per-flow send and receive
windows to detect and exclude spurious carrier packets that might
clutter the reassembly cache as discussed below.OMNI interface neighbors use a window synchronization service
similar to TCP to maintain unpredictable ISS
values incremented (modulo 2**64) for each successive OAL packet and
re-negotiate windows often enough to maintain an unpredictable profile.
OMNI interface neighbors exchange IPv6 ND messages that include OMNI
Multilink Vector sub-options (see: ) that
include TCP-like information fields and flags to manage streams of OAL
packets instead of streams of octets. As a link layer service, the
OAL provides low-persistence best-effort retransmission with no
mitigations for duplication, reordering or deterministic delivery.
Since the service model is best-effort and only control message
sequence numbers are acknowledged, OAL nodes can select unpredictable
new initial sequence numbers outside of the current window without
delaying for the Maximum Segment Lifetime (MSL).OMNI interface end neighbors and intermediate systems maintain
current and previous per-flow window state in IPv6 ND NCEs and/or
AFVs to support dynamic rollover to a new window while still
sending OAL packets and accepting carrier packets from the previous
windows. OMNI interface neighbors synchronize windows through asymmetric
and/or symmetric IPv6 ND message exchanges. When OMNI end and intermediate
systems receive an IPv6 ND message with new per-flow window information,
it resets the previous window state based on the current window then
resets the current window based on new and/or pending information.The IPv6 ND message OMNI option Multilink Vector sub-option
includes TCP-like information fields including Sequence Number,
Acknowledgement Number, Window and flags (see: ). OMNI interface neighbors and intermediate
systems maintain the following TCP-like state variables on
a per-interface-pair basis (i.e., through a combination of
NCE and/or AFV state):OMNI interface neighbors "OAL A" and "OAL B" exchange IPv6 ND
messages per with OMNI options that include
TCP-like information fields in a Multilink Vector. When OAL A
synchronizes with OAL B, it maintains both a current and previous
SND.WND beginning with a new unpredictable ISS and monotonically
increments SND.NXT for each successive OAL packet transmission.
OAL A initiates synchronization by including the new ISS in the
Sequence Number of an authentic IPv6 ND message with the SYN flag
set and with Window set to M (up to 2**24) as its advertised send
window size while creating a NCE in the INCOMPLETE state if necessary.
OAL A caches the new ISS as pending, uses the new ISS as the
Identification for OAL encapsulation, then sends the resulting
OAL packet to OAL B and waits up to RetransTimer milliseconds
to receive an IPv6 ND message response with the ACK flag set
(retransmitting up to MAX_UNICAST_SOLICIT times if necessary).When OAL B receives the SYN, it creates a NCE in the STALE state
and also an AFV if necessary, resets its RCV variables and caches the
source's send window size M as its receive window size. OAL B then
prepares an IPv6 ND message with the ACK flag set, with the
Acknowledgement Number set to OAL A's next sequence number, and with
Window set to M. Since OAL B does not assert an ISS of its own, it
uses the IRS it has cached for OAL A as the Identification for OAL
encapsulation then sends the ACK to OAL A.When OAL A receives the ACK, it notes that the Identification in
the OAL header matches its pending ISS. OAL A then sets the NCE state
to REACHABLE and resets its SND variables based on the Window size and
Acknowledgement Number (which must include the sequence number
following the pending ISS). OAL A can then begin sending OAL packets
to OAL B with Identification values within the (new) current SND.WND
for this interface pair for up to ReachableTime milliseconds or until
the NCE is updated by a new IPv6 ND message exchange. This implies
that OAL A must send a new SYN before sending more than N OAL packets
within the current SND.WND, i.e., even if ReachableTime is not nearing
expiration. After OAL B returns the ACK, it accepts carrier packets
received from OAL A via this interface pair within either the current
or previous RCV.WND as well as any new authentic NS/RS SYN messages
received from OAL A even if outside the windows.OMNI interface neighbors can employ asymmetric window
synchronization as described above using 2 independent (SYN ->
ACK) exchanges (i.e., a 4-message exchange), or they can employ
symmetric window synchronization using a modified version of the TCP
"3-way handshake" as follows:OAL A prepares a SYN with an unpredictable ISS not within the
current SND.WND and with Window set to M as its advertised send
window size. OAL A caches the new ISS and Window size as pending
information, uses the pending ISS as the Identification for OAL
encapsulation, then sends the resulting OAL packet to OAL B and
waits up to RetransTimer milliseconds to receive an ACK response
(retransmitting up to MAX_UNICAST_SOLICIT times if necessary).OAL B receives the SYN, then resets its RCV variables based on
the Sequence Number while caching OAL A's send window size M as
its receive window size. OAL B then selects a new unpredictable
ISS outside of its current window, then prepares a response with
Sequence Number set to the pending ISS and Acknowledgement Number
set to OAL A's next sequence number. OAL B then sets both the SYN
and ACK flags, sets Window to a chosen send window size N and sets
the OPT flag according to whether an explicit concluding ACK is
optional or mandatory. OAL B then uses the pending ISS as the
Identification for OAL encapsulation, sends the resulting OAL
packet to OAL A and waits up to RetransTimer milliseconds to
receive an acknowledgement (retransmitting up to
MAX_UNICAST_SOLICIT times if necessary).OAL A receives the SYN/ACK, then resets its SND variables based
on the Acknowledgement Number (which must include the sequence
number following the pending ISS). OAL A then resets its RCV
variables based on the Sequence Number and OAL B's advertised
send Window N and marks the NCE as REACHABLE. If the OPT flag
is clear, OAL A next prepares an immediate unsolicited NA message
with the ACK flag set, the Acknowledgement Number set to OAL B's
next sequence number, with Window set to N, and with the OAL
encapsulation Identification to SND.NXT, then sends the resulting
OAL packet to OAL B. If the OPT flag is set and OAL A has OAL
packets queued to send to OAL B, it can optionally begin sending
their carrier packets under the current SND.WND as implicit
acknowledgements instead of returning an explicit ACK.OAL B receives the implicit/explicit acknowledgement(s) then
resets its SND state based on the pending/advertised values and
marks the NCE as REACHABLE. Note that OAL B sets the OPT flag
in the SYN/ACK to assert that it will interpret timely receipt
of carrier packets within the (new) current window as an implicit
acknowledgement. Potential benefits include reduced delays and
control message overhead, but use case analysis is outside the
scope of this specification.)Following synchronization, OAL A and OAL B hold updated NCEs and
AFVs, and can exchange OAL packets with Identifications set to SND.NXT
for each flow while the state remains REACHABLE and there is
available window capacity. (Intermediate systems that establish AFVs
for the per-flow window synchronization exchanges can also use
the Identification window for source validation.) Either neighbor may
at any time send a new SYN to assert a new ISS. For example, if OAL
A's current SND.WND for OAL B is nearing exhaustion and/or ReachableTime
is nearing expiration, OAL A can continue sending OAL packets under the
current SND.WND while also sending a SYN with a new unpredictable ISS. When
OAL B receives the SYN, it resets its RCV variables and may optionally
return either an asymmetric ACK or a symmetric SYN/ACK to also assert
a new ISS. While sending SYNs, both neighbors continue to send OAL
packets with Identifications set to the current SND.NXT for each
interface pair then reset the SND variables after an acknowledgement
is received.While the optimal symmetric exchange is efficient, anomalous
conditions such as receipt of old duplicate SYNs can cause confusion
for the algorithm as discussed in Section 3.5 of . For this reason, the OMNI Multilink Vector
sub-option includes an RST flag which OAL nodes set in solicited NA
responses to ACKs received with incorrect acknowledgement numbers.
The RST procedures (and subsequent synchronization recovery) are
conducted exactly as specified in .OMNI interfaces that employ the window synchronization procedures
described above observe the following requirements:OMNI interfaces MUST select new unpredictable ISS values that
are at least a full window outside of the current SND.WND.OMNI interfaces MUST set the Window field in SYN messages
as a non-negotiable advertised send window size.OMNI interfaces MUST send IPv6 ND messages used for window
synchronization securely while using unpredictable initial
Identification values until synchronization is complete.It is essential to understand that the above window synchronization
operations between nodes OAL(A) and OAL(B) are conducted in IPv6 ND
message exchanges over multihop paths with potentially many OAL(i)
intermediate hops in the forward and reverse paths (which may be
disjoint). Each such forward path OAL(i) caches the sequence number
and window size advertised from OAL(A) to OAL(B) in its AFV entry
indexed by the previous hop L2ADDR and AFVI, while each such reverse
path OAL(i) caches the sequence number, window size and AFVI
advertised from OAL(B) to OAL(A). (The forward/reverse path OAL(i)
nodes then select new unique next-hop AFVIs before forwarding.)Note: Although OMNI interfaces employ TCP-like window
synchronization and support uNA ACK responses to SYNs, all
other aspects of the IPv6 ND protocol (e.g., control message
exchanges, NCE state management, timers, retransmission limits, etc.)
are honored exactly per . OMNI interfaces
further manage per-interface-pair window synchronization parameters
in one or more AFVs for each neighbor pair.Note: Recipients of OAL-encapsulated IPv6 ND messages index the NCE
based on the message source address, which also determines the carrier
packet Identification window. However, IPv6 ND messages may contain a
message source address that does not match the OMNI encapsulation
source address when the recipient acts as a proxy.Note: OMNI interface neighbors apply separate send and receive
windows for all of their (multilink) underlay interface pairs that
exchange carrier packets. Each interface pair represents a distinct
underlay network path, and the set of paths traversed may be highly
diverse when multiple interface pairs are used. OMNI intermediate
systems therefore become aware of each distinct set of interface pair
window synchronization parameters based on periodic IPv6 ND message
updates to their respective AFVs.When the round-trip delay from the original source to the OAL
source is significant, the OAL source should maintain a short-term
cache of the OAL fragments it sends to OAL destinations in case timely
best-effort selective retransmission is requested. The OAL destination
in turn maintains a checklist for (Source, Destination, Identification)-tuples
of recently received OAL fragments and notes the ordinal numbers of
OAL fragments already received (i.e., as ordinals #0, #1, #2, #3, etc.).
The timeframe for maintaining the OAL source and destination caches
determines the link persistence (see: ).If the OAL destination notices some fragments missing after most
other fragments within the same link persistence timeframe have
already arrived, it may issue an Automatic Repeat Request (ARQ) with
Selective Repeat (SR) by sending a uNA message to the OAL source. The
OAL destination creates a uNA message with an OMNI option with one or
more Fragmentation Report (FRAGREP) sub-options that include
(Identification, Bitmap)-tuples for fragments received and missing
from this OAL source (see: ). The OAL
destination includes an authentication signature if necessary,
performs OAL encapsulation (with its own address as the OAL
source and the source address of the message that prompted the
uNA as the OAL destination) and sends the message to the OAL source.If an OAL intermediate system or OAL destination processes an
OAL fragment for which corruption is detected, it may similarly
issue an immediate ARQ/SR the same as described above. The FRAGREP
provides an immediate (rather than time-bounded) indication to
the OAL source that a retransmission is required.When the OAL source receives the uNA message, it authenticates
the message then examines any enclosed FRAGREPs. For each (Source,
Destination, Identification)-tuple, the OAL source determines whether
it still holds the corresponding OAL fragments in its cache and
retransmits any for which the Bitmap indicates a loss event. For
example, if the Bitmap indicates that ordinal fragments #3, #7,
#10 and #13 from the OAL packet with Identification 0x0123456789abcdef
are missing the OAL source only retransmits those fragments. When the
OAL destination receives the retransmitted OAL fragments, it admits
them into the reassembly cache and updates its checklist. If some
fragments are still missing, the OAL destination may send a small
number of additional uNA ARQ/SRs within the link persistence timeframe.The OAL therefore provides a link layer low-to-medium persistence
ARQ/SR service consistent with and Section
8.1 of . The service provides the benefit of
timely best-effort link layer retransmissions which may reduce OAL
fragment loss and avoid some unnecessary end-to-end delays. This
best-effort network-based service therefore compliments transport
and higher layer end-to-end protocols responsible for true reliability.When the OMNI interface forwards original IP packets/parcels from
the network layer, it invokes the OAL and returns internally-generated
Path MTU Discovery (PMTUD) ICMPv4 "Fragmentation Needed and Don't
Fragment Set" or ICMPv6 "Packet Too Big
(PTB)" messages as necessary. This document
refers to both message types as "PTBs" and introduces a distinction
between PTB "hard" and "soft" errors as discussed below.Ordinary PTB messages are hard errors that always indicate loss
due to a real MTU restriction has occurred. However, the OMNI
interface can also forward original IP packets/parcels via OAL
encapsulation and fragmentation while at the same time returning
PTB soft error messages (subject to rate limiting) to the original
source to suggest smaller sizes due to factors such as link
performance characteristics, excessive number of fragments
needed, reassembly congestion, etc.This ensures that the path MTU is adaptive and reflects the
current path used for a given data flow. The OMNI interface can
therefore continuously forward original IP packets/parcels without
loss while returning PTB soft error messages that recommend smaller
sizes. Original sources that receive the soft errors in turn reduce
the size of the original IP packets/parcels they send the same as
for hard errors, but not necessarily due to a loss event. The
original source can then resume sending larger packets/parcels
if the soft errors subside.OAL destinations and intermediate systems that experience
reassembly cache congestion can return uNA messages that include
OMNI encapsulated PTB soft error messages to OAL sources that
originate fragments (subject to rate limiting). The OAL node
creates a secured uNA message with an OMNI option containing
an ICMPv6 Error sub-option. The OAL node encodes a PTB message
in the sub-option with MTU set to a reduced value and with the
leading portion an OAL first fragment containing the header of
an original IP packet/parcel for which the source must be
notified (see: ).The OAL node that sends the uNA encapsulates the leading portion
of the OAL first fragment (beginning with the OAL header) in the PTB
"packet in error" field and signs the message if an authentication
signature is included. The OAL node then performs OAL encapsulation
(with the its own address as the source and the source address
of the message that prompted the uNA as the destination) and
sends the message to the OAL source. (Note that OAL intermediate
systems forward uNAs via the secured spanning tree while OAL
destination end systems include an authentication signature
when necessary.)When the OAL source receives a uNA message from an OAL intermediate
system, it can reduce its OFS estimate and begin sending smaller OAL
fragments and/or reduce its CFS estimate and begin sending smaller
carrier packet fragments. When the OAL source receives a uNA message
from the OAL destination, it sends a corresponding network layer PTB
soft error to the original source.The OAL source prepares the PTB soft error by first setting the
Type field to 2 for IPv6 or TBD6 for
IPv4 (see: IANA considerations). The OAL source then sets the Code
field to "PTB Soft Error (no loss)" if the OAL destination forwarded
the original IP packet/parcel successfully or "PTB Soft Error (loss)"
if it was dropped (see: IANA considerations). The OAL source next
sets the PTB destination address to the original IP packet/parcel
source, and sets the source address to one of its OMNI interface
addresses that is reachable from the perspective of the original
source.The OAL source then sets the MTU field to a value smaller than
the original IP packet/parcel size but no smaller than 1280, writes
as much of the original IP packet/parcel first fragment as possible
into the "packet in error" field such that the entire PTB including
the IP header is no larger than 1280 octets for IPv6 or 576 octets
for IPv4. The OAL source then calculates and sets the ICMP
Checksum and returns the PTB to the original source.An original sources that receives these PTB soft errors first
verifies that the ICMP Checksum is correct and the packet-in-error
contains the leading portion of one of its recent packet/parcel
transmissions. The original source can then adaptively tune the
size of the original IP packets/parcels it sends to produce the
best possible throughput and latency, with the understanding that
these parameters may fluctuate over time due to factors such as
congestion, mobility, network path changes, etc. Original sources
should therefore consider receipt or absence of soft errors as
hints of when decreasing or increasing packet/parcel sizes may
provide better performance.The OMNI interface supports continuous transmission and reception
of packets/parcels of various sizes in the face of dynamically changing
network conditions. Moreover, since PTB soft errors do not indicate a
hard limit, original sources that receive soft errors can resume sending
larger packets/parcels without waiting for the recommended 10 minutes
specified for PTB hard errors . The OMNI interface therefore provides an adaptive
service that accommodates MTU diversity especially well-suited
for air/land/sea/space mobile Internetworking.The OMNI interface may also return PTB messages with Parcel Report
and/or Jumbo Report Codes in response to parcels and/or AJs delivered
by the network layer and forwarded through jumbo-in-jumbo encapsulation.
These Parcel/Jumbo Report messages are prepared the same as for PTB
soft errors discussed above. IP parcels and AJs are discussed in
and .Note: when the OAL source receives persistent Fragmentation Reports
for a given flow (see: ), it should return PTB
soft errors to the original source (subject to rate limiting) the
same as if it had received PTB soft errors from the OAL destination.
When the original source is likely to retransmit an entire original
IP packet on its own behalf in case of loss, the OAL destination can
elect to return only PTB soft errors and refrain from returning
Fragmentation Reports.Note: OAL intermediate nodes that reassemble fragmented carrier
packets should return PTB soft errors subject to rate limiting during
periods of fragment loss and/or L2 reassembly cache congestion.
The OAL previous hop should regard these PTB soft errors as an
indication to reduce the current CFS for this L2 destination.The OAL source ordinarily includes a 40-octet IPv6 encapsulation
header for each original IP packet/parcel during OAL encapsulation.
The OAL source then performs fragmentation such that a copy of the
40-octet IPv6 header plus a 16-octet IPv6 Extended Fragment Header
is included in each OAL fragment (when a Routing Header is added,
the OAL encapsulation headers become larger still). However, these
encapsulations may represent excessive overhead in some environments.OAL header compression as discussed in
can dramatically reduce encapsulation overhead, however a
complimentary technique known as "packing" (see: ) supports encapsulation of multiple
original IP packets/parcels and/or control messages within a
single OAL "super-packet".When the OAL source has multiple original IP packets/parcels to
send to the same OAL destination with total length no larger than the
OAL destination EMTU_R, it can concatenate them into a super-packet
encapsulated in a single OAL header. Within the OAL super-packet, the
IP header of the first original IP packet/parcel (iHa) followed by its
data (iDa) is concatenated immediately following the OAL header. The
IP header of the next original packet/parcel (iHb) followed by its
data (iDb) is then concatenated immediately following the first,
with each remaining original IP packet/parcel concatenated in
succession. The OAL super-packet format is transposed from and shown in :
+-----+-----+
| iHa | iDa |
+-----+-----+
|
| +-----+-----+
| | iHb | iDb |
| +-----+-----+
| |
| | +-----+-----+
| | | iHc | iDc |
| | +-----+-----+
| | |
v v v
+----------+-----+-----+-----+-----+-----+-----+
| OAL Hdr | iHa | iDa | iHb | iDb | iHc | iDc |
+----------+-----+-----+-----+-----+-----+-----+
<--- OAL "Super-Packet" with single OAL Hdr --->
]]>When the OAL source prepares a super-packet, it applies OAL
fragmentation then applies L2 encapsulation/fragmentation and
sends the resulting carrier packets to the OAL destination. When
the OAL destination receives the super-packet it first reassembles
if necessary. The OAL destination then selectively extracts each
original IP packet/parcel (e.g., by setting pointers into the
super-packet buffer and maintaining a reference count, by copying
each packet into a separate buffer, etc.) and forwards each one
to the network layer. During extraction, the OAL determines the IP
protocol version of each successive original IP packet/parcel 'j' by
examining the 4 most-significant bits of iH(j), and determines the
length of each one by examining the rest of iH(j) according to the IP
protocol version.When an OAL source prepares a super-packet that includes an IPv6
ND message with an authentication signature as the first original
IP packet/parcel (i.e., iHa/iDa), it calculates the authentication
signature over the remainder of super-packet. Authentication and
integrity for forwarding initial data messages in conjunction with
IPv6 ND messages used to establish NCE state are therefore supported.
(A second common use case entails a path MTU probe beginning with an
unsigned IPv6 ND message followed by a suitably large NULL packet
(e.g., an IP packet with padding octets added beyond the IP header
and with {Protocol, Next Header} set to 59 ("No Next Header"), a
UDP/IP packet with port number set to 9 ("discard") , etc.)The OAL source can also apply this super-packet packing technique
at the same time it performs OCH1 header compression as discussed in
. Note that this technique can only be applied
when all original IP packets are atomic packets with IP headers that
differ only in Payload Length, such as for a stream of packets for a
single flow that are queued for transmission service at roughly the
same time.The OAL header of a super packet may also include a Parcel Payload
Option with AJ Type 0 if the total length of all payload packets/parcels
exceeds 65535 octets. In that case, the super-packet must be forwarded
as an atomic fragment over OAL paths that support such large sizes.OAL sources may send NULL OAL packets known as "bubbles" for the
purpose of establishing Network Address Translator (NAT) state on
the path to the OAL destination. The OAL source prepares a bubble by
crafting an OAL header with appropriate IPv6 source and destination
ULAs, with the IPv6 Next Header field set to the value 59 ("No Next
Header" - see ) and with 0 or more octets
of NULL protocol data immediately following the IPv6 header.The OAL source includes a random Identification value then
encapsulates the OAL packet in L2 headers destined to either the
mapped address of the OAL destination's first-hop ingress NAT or the
L2 address of the OAL destination itself. When the OAL source sends
the resulting carrier packet, any egress NATs in the path toward the
L2 destination will establish state based on the activity. At the
same time, the bubble themselves will be harmlessly discarded by
either an ingress NAT on the path to the OAL destination or by
the OAL destination itself.The bubble concept for establishing NAT state originated in and was later updated by .
OAL bubbles may be employed by mobility services such as AERO.OMNI Hosts are end systems that connect to the OMNI link over
ENET underlay interfaces (i.e., either via an OMNI interface or
as a sublayer of the ENET interface itself). Each ENET connects
to the rest of the OMNI link via a Client that distributes an
MNP delegation. Clients delegate MNP addresses and/or sub-prefixes
to ENET nodes (i.e., Hosts, other Clients, routers and non-OMNI
hosts) using standard mechanisms such as DHCP and IPv6
Stateless Address AutoConfiguration (SLAAC) . Clients forward original IP packets/parcels
between their ENET Hosts and peers on external networks
acting as routers and/or OAL intermediate systems.OMNI Hosts coordinate with Clients and/or other Hosts connected
to the same ENET using OMNI L2 encapsulation of OMNI IPv6 ND messages.
The L2 encapsulation headers and ND messages both use the MNP-based
addresses assigned to ENET underlay interfaces as source and destination
addresses (i.e., instead of ULAs). For IPv4 MNPs, the ND messages use
IPv4-Compatible IPv6 addresses in place of
the IPv4 addresses.Hosts discover Clients by sending encapsulated RS messages using an
OMNI link IP anycast address (or the unicast address of the Client) as
the RS L2 encapsulation destination as specified in . The Client configures the IPv4 and/or IPv6 anycast
addresses for the OMNI link on its ENET interface and advertises
the address(es) into the ENET routing system. The Client then responds to
the encapsulated RS messages by sending an encapsulated RA message
that uses its ENET unicast address as the source. (To differentiate
itself from an INET border Proxy/Server, the Client sets the RA
message OMNI Interface Attributes sub-option LHS field to 0 for the
Host's interface index. When the RS message includes an L2 anycast
destination address, the Client also includes an Interface Attributes
sub-option for interface index 0 to inform the Host of its L2 unicast
address - see: for full details on the RS and
RA message contents.)Hosts coordinate with peer Hosts on the same ENET by sending
encapsulated NS messages to receive an NA reply. (Hosts determine
whether a peer is on the same ENET by matching the peer's IP address
with the MNP (sub)-prefix for the ENET advertised in the Client's RA
message .) Each ENET peer then creates a NCE
and synchronizes Identification windows the same as for OMNI link
neighbors, and the Host can then engage in OMNI link transactions
with the Client and/or other ENET Hosts. The Host therefore regards
the Client as if it were an ANET Proxy/Server, and the Client provides
the same services that a Proxy/Server would provide. By coordinating
with other Hosts, the peers can exchange large IP packets/parcels
over the ENET using encapsulation and fragmentation if necessary.When a Host prepares an original IP packet/parcel, it uses the IP
address of its OMNI interface (which is the same as the IP address of
the underlying native ENET interface) as the source and the IP address
of the (remote) peer as the destination. The Host next performs
parcellation if necessary (see: ) then
encapsulates the packet(s)/(sub-)parcel(s) in OMNI L2 headers while
setting the L2 source to the L3 source address and L2 destination to
either the L3 destination address if the peer is on the local ENET,
or to the IP address of the Client otherwise. The Host can then
proceed to exchange packets/parcels with the destination, either
directly or via the Client as an intermediate system.The encapsulation procedures are coordinated per , except that the OMNI L2 encapsulation header is followed
by an IPv6 (Extended) Fragment Header. When the L2 encapsulation is
based on an EUI or IPv4 address, the Host next translates the
encapsulation header into an IPv6 header with IPv6 compatible
addresses per . Next, for IPv4 ENETs
the Host sets the {IPv6 Traffic Class, Payload Length, Next Header,
Hop Limit} fields according to the IPv4 {Type of Service, Total
Length, Protocol, TTL} fields, respectively and also sets Flow
Label as specified in . The Host then
applies IPv6 fragmentation to produce IPv6 fragments no smaller
than the effective OFS described in . The
Host next translates the IPv6 encapsulation headers back to OMNI
L2 headers for the native ENET address format and with Type set
to indicate the presence of the L2 IPv6 (Extended) Fragment Header.
The Host finally sends the resultant carrier packets to the
ENET peer.When the ENET peer receives the carrier packets, it first
translates the OMNI L2 headers back to IPv6 headers with compatible
addresses. The peer then reassembles then removes the encapsulation
headers and applies parcel reunification if necessary. The peer then
either delivers the original IP packet/parcel to the transport layers
if it is also the final destination or forwards the packet/parcel via
the next hop if it is a Client acting as an intermediate system.Hosts and Clients that initiate OMNI-based original IP packet/parcel
transactions should first test the path toward the final destination
using the parcel path qualification procedure specified in and . An OMNI Host that sends and receives
parcels need not implement the full OMNI interface abstraction but
MUST implement enough of the OAL to be capable of fragmenting and
reassembling maximum-length encapsulated IP packets/parcels and
sub-parcels as discussed above and in the following section.Note: Hosts and their peer Clients/Hosts on the same ANET/ENET can
improve efficiency by forwarding original IP packets/parcels that do
not require fragmentation as direct encapsulations within the OMNI L2
header and without including a L2 IPv6 (Extended) Fragment Header. In
that case, the first 4 bits immediately following the OMNI L2
encapsulation header encode the value '4' for IPv4 or '6' for IPv6.
Note that this savings comes at the expense of omitting a well-behaved
Identification, but this may be an acceptable tradeoff in many secured
ANET/ENET instances.IP parcels are formed by an OMNI Host or Client transport
layer protocol entity identified by the "5-tuple" (source address,
destination address, source port, destination port, protocol number)
when it produces a {TCP,UDP} protocol data unit containing the
concatenation of multiple transport layer protocol segments. The
transport layer protocol entity then presents the buffer and
non-final segment size to the network layer which appends a single
{TCP,UDP}/IP header (plus any extension headers) before presenting
the parcel to the OMNI Interface. Transport and network protocol
formatting and processing rules as well as parcellation and
reunification procedures for IP parcels are specified in and , while detailed OAL
encapsulation and fragmentation procedures are specified here.When the network layer forwards a parcel, the OMNI interface
invokes the OAL which forwards it to either an intermediate system
or the final destination itself. The OAL source first invokes
parcellation by subdividing the parcel into sub-parcels if necessary
with each sub-parcel no larger than 65535 (minus headers). The OAL
source also maintains a Parcel ID for each sub-parcel of the same
original parcel that along with the Identification value for this
OAL packet supports reassembly; the OAL source increments Parcel
ID (modulo 64) for each successive parcel.The OAL source next performs encapsulation on each sub-parcel
with destination set to the next hop address. If the next hop is
reached via a (M)ANET/INET interface, the OAL source inserts an
OAL header the same as discussed in and sets
the destination to the ULA of the target Client. If the next hop
is reached via an ENET interface, the OAL source instead inserts an
IP header of the appropriate protocol version for the underlay ENET
(i.e., even if the encapsulation header is IPv4) and sets the
destination to the ENET IP address of the next hop. The OAL source
inserts the encapsulation header even if no actual fragmentation is
needed and/or even if the Parcel Payload Option is present.The OAL source next assigns an appropriate Identification number
that is monotonically-incremented for each consecutive sub-parcel,
then performs IPv6 fragmentation over the sub-parcel if necessary
to create fragments small enough to traverse the path to the next
hop. (If the encapsulation header is IPv4, the OAL source first
translates the encapsulation header into an IPv6 header with
IPv4-Compatible IPv6 addresses during fragmentation/reassembly
while inserting the IPv6 Extended Fragment Header.) The OAL source
then writes the "Parcel ID" and sets/clears the "(P)arcel" and
"More (S)egments" bits in the Reserved field of the IPv6 Extended
Fragment Header of the first fragment (see: ). (The OAL source sets P to 1 for a parcel or
to 0 for a non-parcel. When P is 1, the OAL next sets S to 1 for
non-final sub-parcels or to 0 if the sub-parcel contains the final
segment.) The OAL source then sends each resulting carrier packet
to the next hop, i.e., after first translating the IPv6
encapsulation header back to IPv4 if necessary.When the OAL destination receives the carrier packets, it reassembles
if necessary (i.e., after first translating the IPv4 encapsulation header
to IPv6 if necessary). If the P flag in the first fragment is 0, the OAL
destination then processes the reassembled entity as an ordinary IP packet;
otherwise it continues processing as a sub-parcel. If the OAL destination
is not the final destination, it can optionally retain the sub-parcels
along with their Parcel ID and Identification values for a brief time for
opportunistic reunification with peer sub-parcels of the same original
parcel identified by the 4-tuple consisting of the adaptation layer
(OAL source, OAL destination, Parcel ID, Identification). (Note that
the OAL destination must not consult the parcel's network layer "5-tuple"
at the adaptation layer, since it is possible that multiple sub-parcels
of the same parcel may be forwarded over different network paths).The OAL destination performs adaptation layer reunification by
concatenating the segments included in sub-parcels with the same Parcel
ID and Identification values within 64 of one another to create a larger
sub-parcel possibly even as large as the entire original (sub)parcel.
Order of concatenation is determined by increasing Identification
values, noting that a sub-parcel that sets any TCP control flags must
occur as a first concatenation, and the final sub-parcel (i.e., the
one with S set to 0) must occur as a final concatenation and not as
an intermediate. The OAL destination then appends common {TCP,UDP}/IP
headers plus extensions to each reunified sub-parcel as specified in
and .When the OAL destination is not the final destination, it next
forwards the reunified (sub-)parcel(s) to the next hop toward the
final destination while ensuring that the S flag remains set to 0 in
the sub-parcel that contains the final segment. When the parcel or
sub-parcels arrive at the final destination, it performs network
layer reunification to form the largest possible (sub)-parcels
(while honoring the S flag) then delivers them to the transport
layer entity which acts on the enclosed 5-tuple information
supplied by the original source.Note: IP parcels may also originate from a non-OMNI original source
and travel over multiple parcel-capable IP links before reaching an
OMNI link ingress node (i.e., either a Client or Proxy/Server acting
as a "relay"). The ingress node then forwards the parcel into the OMNI
link according to the rules established above for locally-generated
parcels, with the exception that the parcel IP TTL/Hop Limit is
decremented. Similarly, when the IP parcel arrives at the OMNI link
egress node (i.e., either a Client or Proxy/Server acting as a
"relay"), the parcel may travel over multiple parcel-capable IP links
before reaching the final destination.Note: The OAL destination process of reunifying parcels at the
adaptation layer is optional, and should be avoided in cases where
performance could be negatively impacted. It is always acceptable
(albeit sometimes sub-optimal) for the OAL destination to forward
sub-parcels on toward the final destination without performing
adaptation layer reunification, since each sub-parcel will contain
a well-formed header and an integral number of transport layer protocol
segments and with the Parcel ID field and P, S flag set appropriately.
The final destination can then optionally perform network layer
reunification independently of any adaptation layer reunification
that may have been applied by the OAL.Note: The "Parcel ID" that appears in the OAL Extended Fragment
Header and OCH1/2 headers is an adaptation layer value that encodes
the same value for all sub-parcels of the original parcel at the
adaptation layer. This is different than the "(Parcel) Index" that
appears in the Parcel Payload Option header as well as L2/L3 IPv6
Extended Fragment Headers, which is a network layer value that
encodes a transport layer segment index.Note: Parcel Path Qualification procedures require 2 additional
ICMP PTB message Code values to identify a Parcel Report and Jumbo
Report. These Code values are specified in for IPv6 and for IPv4.In light of the above, OAL sources, destinations and intermediate
systems observe the following normative requirements:OAL sources MUST forward original IP packets/parcels either
larger than the OMNI interface minimum EMTU_R or smaller than
the minimum OFS as atomic fragments (i.e., and not as multiple
fragments).OAL sources MUST perform OAL fragmentation such that all
non-final fragments are equal in length while the final
fragment may be a different length.OAL sources MUST produce non-final fragments with payloads no
smaller than the minimum OFS during fragmentation.OAL intermediate systems SHOULD and OAL destinations MUST
unconditionally drop any non-final OAL fragments with payloads
smaller than the minimum OFS.OAL destinations MUST drop any new OAL fragments that would
overlap with other fragments and/or leave holes smaller than
the minimum OFS between fragments that have already been received.Note: Under the minimum OFS, an ordinary 1500-octet original IP
packet/parcel would require at most 2 OAL fragments, with the first
fragment containing 1024 payload octets and the final fragment containing
the remainder. For all packet/parcel sizes, the likelihood of successful
reassembly may improve when the OMNI interface sends all fragments of the
same fragmented OAL packet consecutively over the same underlay interface
pair instead of distributed across multiple underlay interface pairs.
Finally, an assured minimum OFS allows continuous operation over
all paths including those that traverse bridged L2 media with
dissimilar MTUs.Note: Certain legacy network hardware of the past millennium was
unable to accept IP fragment "bursts" resulting from a fragmentation
event - even to the point that the hardware would reset itself when
presented with a burst. This does not seem to be a common problem in
the modern era, where fragmentation and reassembly can be readily
demonstrated at line rate (e.g., using tools such as 'iperf3') even
over fast links on ordinary hardware platforms. Even so, while the
OAL destination is reporting reassembly congestion (see: ) the OAL source could impose "pacing" by inserting an
inter-fragment delay and increasing or decreasing the delay according
to congestion indications.As discussed in Section 3.7 of , there are
4 basic threats concerning IPv6 fragmentation; each of which is
addressed by effective mitigations as follows:Overlapping fragment attacks - reassembly of overlapping
fragments is forbidden by ; therefore,
this threat does not apply to the OAL.Resource exhaustion attacks - this threat is mitigated by
providing a sufficiently large OAL reassembly cache and
instituting "fast discard" of incomplete reassemblies
that may be part of a buffer exhaustion attack. The reassembly
cache should be sufficiently large so that a sustained attack does
not cause excessive loss of good reassemblies but not so large
that (timer-based) data structure management becomes
computationally expensive. The cache should also be indexed based
on the arrival underlay interface such that congestion experienced
over a first underlay interface does not cause discard of
incomplete reassemblies for uncongested underlay interfaces.Attacks based on predictable fragment Identification values -
in environments where spoofing is possible, this threat is
mitigated through the use of Identification windows beginning with
unpredictable values per . By maintaining
windows of acceptable Identifications, OAL neighbors can quickly
discard spurious carrier packets that might otherwise clutter the
reassembly cache.Evasion of Network Intrusion Detection Systems (NIDS) - since
the OAL source employs a robust OFS, network-based firewalls can
inspect and drop OAL fragments containing malicious data thereby
disabling reassembly by the OAL destination. However, since OAL
fragments may take different paths through the network (some of
which may not employ a firewall) each OAL destination must also
employ a firewall.IPv4 includes a 2-octet (16-bit) Identification (IP ID) field
with only 65535 unique values such that even at moderate data rates the
field could wrap and apply to new carrier packets while the fragments of old
carrier packets using the same IP ID are still alive in the network . Carrier packets sent via an IPv4 path with DF set to
0 and with trailing payload/reassembly checksum(s) therefore ensure
sufficient integrity to detect and discard reassembly errors. Since IPv6
provides a 4-octet (32-bit) Identification value, IP ID wraparound for
IPv6 fragmentation may only be a concern at extreme data rates (e.g.,
1Tbps or more). Note that these limitations are fully addressed through
the Extended Identification format supported by .Unless the path is secured at the network layer or below (i.e., in
environments where spoofing is possible), OMNI interfaces MUST NOT
send OAL packets/fragments with Identification values outside the
current window and MUST secure IPv6 ND messages used for address
resolution or window state synchronization. OAL destinations SHOULD
therefore discard without reassembling any out-of-window OAL fragments
received over an unsecured path.The above sections primarily concern data plane aspects of the OMNI
interface service and describe the data plane service model offered to
the network layer. OMNI interfaces also internally employ a control
plane service based on IPv6 Neighbor Discovery (ND) messaging. These
control plane messages are forwarded over secured underlay interfaces
(e.g., IPsec tunnels, secured direct point-to-point links, etc.) or
over unsecured underlay interfaces and with an authentication signature
included. In both cases, the IPv6 minimum MTU of 1280 octets must
be assumed.OMNI interfaces therefore send all control plane messages as
"atomic OAL packets" that are no larger than 1280 octets and do
not include an IPv6 Extended Fragment Header nor Compressed
Routing Header (CRH) in contrast to the data plane. This means
that these messages must not be subject to OAL fragmentation
and reassembly, although they may be subject to L2 fragmentation
and reassembly along some paths. Fragmentation security concerns
for large IPv6 ND messages are documented in .When the OMNI interface forwards original IP packets/parcels from the
network layer it first invokes OAL encapsulation and fragmentation, then
wraps each resulting OAL packet/fragment in any necessary L2 headers to
produce carrier packets according to the native frame format of the
underlay interface. For example, for Ethernet-compatible interfaces the
frame format is specified in , for aeronautical
radio interfaces the frame format is specified in standards such as ICAO
Doc 9776 (VDL Mode 2 Technical Manual), for various forms of tunnels the
frame format is found in the appropriate tunneling specification,
etc.When the OMNI interface encapsulates an OAL packet/fragment directly
over an Ethernet-compatible link layer, the over-the-wire transmission
format is shown in :|
]]>The format includes a standard Ethernet Header ("eth-hdr")
with EtherType TBD2 (see: ) followed by an
Ethernet Payload that includes zero or more OMNI Extension Headers
followed by an OAL (or native IPv6/IPv4) Packet/Fragment. The Ethernet
Payload is then followed by a standard Ethernet Trailer ("eth-trail").The first OMNI extension header and the OAL Packet/Fragment both
begin with a 4-bit "Type/Version" as discussed in .
When "Type/Version" encodes an OMNI extension header type, the length of
the extension headers is limited by
and the length of the OAL Packet/Fragment is determined by the IP
header fields that follow the extension headers.When "Type/Version" encodes OMNI-OFH, OMNI-OCH1/2, OMNI-IP4 or
OMNI-IP6 the length of the OAL Packet/Fragment is determined by the
{Total, Payload} Length field found in the full/compressed header
according to the specific protocol rules.See for a map of the various L2
layering combinations possible. For any layering combination, the final
layer (e.g., UDP, IP, Ethernet, etc.) must have an assigned number and
frame format representation that is compatible with the selected
underlay interface.OMNI addressing follows the IPv6 addressing architecture
which states that: "IPv6 addresses
of all types are assigned to interfaces, not nodes. An IPv6
unicast address refers to a single interface. Since each
interface belongs to a single node, any of that node's
interfaces' unicast addresses may be used as an identifier
for the node." OMNI addressing further follows the IPv6
address preference policies specified in as updated by .Each OMNI interface is configured over a set of MANET
and/or ALVIF interfaces, and each ALVIF is in turn configured
over a single *NET underlay interface. OMNI nodes assign IP
addresses to their *NET interfaces according to the native
underlay network autoconfiguration service(s) or through
manual configuration. OMNI nodes assign IPv6 addresses to
their OMNI, MANET and ALVIF interfaces as specified in
this section. requires that hosts and routers assign
Link-Local Addresses (LLAs) to all interfaces (including the OMNI
interface), and that routers use their LLAs as the source address
for RA and Redirect messages. Since the OMNI "link" comprises the
concatenation of potentially many OMNI link segments, however, LLA
uniqueness assurance is possible only on a per-segment basis and
not across the entire OMNI link. For example, a Proxy/Server and
all of the Client's that connect through it via a local *NET all
share a common OMNI link segment over which LLA uniqueness applies.
However, the LLAs used within a local *NET may overlap with those
in other *NETs which represent different segments. Finally, MANET
and ALVIF interfaces need not ensure uniqueness for the LLAs they
assign since they will not be used as adaptation layer source or
destination addresses nor as an identifier for the node. specifies the MANET
Local Address (MLA), and specifies a
Hierarchical Host Identity Tag (HHIT). OMNI nodes assign a unique
MLA or HHIT to each MANET and ALVIF interface as well as to the
OMNI interface itself. According to the IPv6 scoped addressing
architecture , the node may assign the
same MLA/HHIT to multiple ALVIF or MANET interfaces that connect
to the same *NET. MLAs and HHITs are considered as adaptation
layer addresses in the architecture, but nodes may also use them
as the source and destination addresses of original IP packets
exchanged between peers in isolated MANETs with no connection
to the global Internet. When the node uses the OMNI interface,
the original IP packet with MLA or HHIT addresses is subject
to OAL encapsulation with an IPv6 header that also uses MLA or
HHIT addresses. When the node uses a MANET or ALVIF interface,
the original IP packet with MLA or HHIT addresses is presented
for L2 encapsulation without including an OAL IPv6 header.OMNI interfaces assign IPv6 Unique-Local Addresses (ULAs)
and use them as the source and destination addresses in IPv6
packets forwarded over the OMNI interface within the local
*NET. ULAs are routable only within the scope of each individual
*NET, and are derived from the IPv6 prefix fd00::/8 (i.e., the
ULA prefix fc00::/7 followed by the L bit set to 1). The 56 bits
following fd00::/8 encode a 40-bit Global ID followed by a 16-bit
Subnet ID followed by a 64-bit Interface Identifier as specified
in Section 3 of .When a Proxy/Server configures a ULA prefix for OMNI, it
selects a 40-bit Global ID for the OMNI link segment initialized
to a candidate pseudo-random value as specified in Section 3 of
. All nodes on the same OMNI link segment
use the same Global ID, and statistical uniqueness of the
pseudo-random Global ID provides a unique OMNI link segment
identifier. This property allows different link segments to
join together in the future without requiring renumbering even
if the segments come in contact with one another and overlap,
e.g., as a result of a mobility event.Proxy/Servers for each OMNI link segment use the DHCPv6
service to delegate 1x1 mapped ULA/GUA SNP addresses for each
Client that requests an address delegation. Clients in turn
assign the ULA/GUA delegations to their OMNI interfaces which
ensures that the addresses are available for use and that no
duplicates will be assigned within each subnet. Considerations
for 1x1 ULA/GUA address mapping are discussed in and
. The ULA presents an IPv6 address format that is routable within
the local OMNI link segment and can be used to convey link-scoped (i.e.,
single-hop) IPv6 ND messages across multiple hops through OAL IPv6
encapsulation. The OMNI link extends across one or more underlying
Internetworks to include all Proxy/Servers and other service nodes.
All Clients are also considered to be connected to the OMNI link,
however unnecessary encapsulations are omitted whenever possible
to conserve bandwidth (see: ).OMNI domains manage MSPs delegated from the IP GUA prefix space
from which the MS delegates MNPs to support
Client PI addressing. OMNI Proxy Servers also configure SNPs paired
with a ULA configured as above to delegate PA internal (ULA) and
external (GUA) addresses to Clients within their local *NETs.For IPv6, MSPs are assigned to the OMNI link by IANA and/or
an associated Regional Internet Registry
such that the link can be interconnected to the global IPv6 Internet
without causing inconsistencies in the routing system. Instead of
GUAs, an OMNI link could use ULAs with the 'L' bit set to 0 (i.e.,
from the "ULA-C" prefix fc00::/8) , however
this would require IPv6 NAT if the domain were ever connected to
the global IPv6 Internet.For IPv4, MSPs are assigned to the OMNI link by IANA and/or
an associated RIR such that the link can
be interconnected to the global IPv4 Internet without causing routing
inconsistencies. An OMNI *NET could instead use private IPv4 prefixes
(e.g., 10.0.0.0/8, etc.) , however this would
require IPv4 NAT at the *NET boundary. OMNI interfaces advertise IPv4
MSPs into IPv6 routing systems as "6to4 prefixes" (e.g., the IPv6 prefix for the IPv4 MSP "V4ADDR/24"
is 2002:V4ADDR::/40).IPv4 routers that configure OMNI interfaces advertise the prefix
TBD3/N (see: IANA Considerations) into the routing systems of their
connected *NETs and assign the IPv4 OMNI anycast address TBD3.1 to
their *NET interfaces. IPv6 routers that configure OMNI interfaces
advertise the prefix 2002:TBD3::/(N+16) into the routing systems
of their connected *NETs and assign the IPv6 OMNI anycast address
2002:TBD3:: to their *NET interfaces.Proxy/Server OMNI interfaces configure ULA/GUA IPv6 SNP SRA
addresses per and accept packets addressed
to the SRA the same as for any IPv6 router. Proxy/Servers also
configure the global IPv6 SRA address for each MSP managed by this
OMNI link and accept packets addressed to the SRA address on their
internal interfaces to support Client OMNI link discovery. Client
OMNI interfaces configure the IPv6 SRA address corresponding to
their MNP delegations.OMNI interfaces use their OMNI IPv6 and IPv4 anycast addresses
to support control plane Service Discovery in the spirit of , i.e., the addresses are not intended for use
in supporting longer term data plane flows. Specific applications
for OMNI IPv6 and IPv4 anycast addresses are discussed throughout
the document as well as in .OMNI Clients and Proxy/Servers that connect over open Internetworks
include a unique node identification value for themselves in the OMNI
options of their IPv6 ND messages (see: ). An
example identification value alternative is the (H)HIT per and . (Another example
is the Universally Unique IDentifier (UUID)
which can be self-generated by a node without supporting infrastructure
with very low probability of collision.)When a Client is truly outside the context of any infrastructure,
it may have no addressing information at all. In that case, the Client
can use an MLA or HHIT as an IPv6 source/destination address for
sustained communications in Vehicle-to-Vehicle (V2V) and (multihop)
Vehicle-to-Infrastructure (V2I) scenarios. The Client can also
propagate the MLA or HHIT into the multihop routing tables of
(collective) Mobile/Vehicular Ad-hoc Networks (MANETs/VANETs)
using only the vehicles themselves as communications relays.MLAs and HHITs provide an especially useful construct since they
appear as properly-formed IPv6 addresses and can therefore be assigned
to interfaces. Clients may assign an MLA or HHIT to their MANET or
ALVIF interfaces to support peer-to-peer communications with other
nodes within the same OMNI link segment without the need for OMNI
encapsulation. Clients also assign the same MLA or HHIT to the OMNI
interface itself so that the MLA or HHIT can appear as the source
address of an original IP packet that becomes subject to OMNI
encapsulation. Clients may inject their MLA or HHIT into the local
routing system of each OMNI link segment, but Proxy/Servers must
not inject MLAs or HHITs into the OMNI link global routing system.OMNI interfaces maintain a network layer conceptual neighbor cache
per or the same as
for any IP interface. The network layer maintains state through static
and/or dynamic Neighbor Cache Entry (NCE) configurations.Each OMNI interface also maintains a separate internal adaptation
layer conceptual neighbor cache that includes a NCE for each of its
active OAL neighbors. For each peer NCE, OAL neighbors also maintain
AERO Forwarding Vectors (AFVs) which map per-interface-pair parameters.
Throughout this document, the terms "neighbor cache", "NCE" and "AFV"
refer to this OAL neighbor information unless otherwise specified.IPv6 Neighbor Discovery (ND) messages sent
over OMNI interfaces without OAL encapsulation observe the native
underlay interface Source/Target Link-Layer Address Option (S/TLLAO)
format (e.g., for Ethernet the S/TLLAO is specified in ). IPv6 ND messages sent from within the OMNI
interface using OAL encapsulation do not include S/TLLAOs, but instead
include a new option type that encodes OMNI link-specific information.
Hence, this document does not define a new S/TLLAO format but instead
defines a new option type termed the "OMNI option" designed for these
purposes. (Note that OMNI interface IPv6 ND messages sent without
encapsulation may include both OMNI options and S/TLLAOs, but the
information conveyed in each is mutually exclusive.)For each IPv6 ND message, the OMNI interface includes one or more
OMNI options (and any other ND message options) then completely
populates all option information. OMNI options should be padded
when necessary to ensure that they end on their natural 64-bit
boundaries the same as for any IPv6 ND message option.If the OMNI interface includes an OMNI option with an authentication
signature, it first sets the signature field to 0 then calculates the
authentication signature beginning after the IPv6 ND message header
checksum field. The OMNI interface extends the calculation over the
entire length of the ND message (as well as any concatenated extensions
in the case of a super-packet) then writes the authentication signature
value into the appropriate OMNI authentication sub-option field.The OMNI interface then applies any non-OMNI authentication
signatures, calculates the IPv6 ND message checksum per beginning with a pseudo-header of the IPv6 header and
writes the value into the Checksum field. OMNI interfaces verify
first integrity then authenticity of each IPv6 ND message or
super-packet received, and process the message further only
following successful verification.OMNI interface Clients such as aircraft typically have multiple
wireless data link types (e.g. satellite-based, cellular, terrestrial,
air-to-air directional, etc.) with diverse performance, cost and
availability properties. The OMNI interface would therefore appear to
have multiple L2 connections, and may include information for multiple
underlay interfaces in a single IPv6 ND message exchange. OMNI
interfaces manage their dynamically-changing multilink profiles by
including OMNI options in IPv6 ND messages as discussed in the
following subsections.OMNI options appear in IPv6 ND messages formatted as shown in :In this format:Type is set to TBD4 (see: IANA Considerations).Length is set to the number of 8-octet blocks in the option.
The value 0 is invalid, while the values 1 through 255 (i.e., 8
through 2040 octets, respectively) indicate the total length of
the OMNI option. If multiple OMNI option instances appear in the
same IPv6 ND message, the union of the contents of all OMNI
options is accepted unless otherwise qualified for specific
sub-options below.Sub-Options is a Variable-length field padded with Pad1/N
sub-options if necessary (see below) such that the complete
OMNI option is an integer multiple of 8 octets long. The
Sub-Options field contains zero or more sub-options as
specified in .The OMNI option is included in OMNI interface IPv6 ND
messages; the option is processed by receiving interfaces that
recognize it and otherwise ignored. The OMNI interface processes all
OMNI option instances received in the same IPv6 ND message in the
consecutive order in which they appear. The OMNI option(s) included in
each IPv6 ND message may include full or partial information for the
neighbor. The OMNI interface therefore retains the union of the
information in the most recently received OMNI options in the
corresponding NCE.Each OMNI option includes a Sub-Options block containing zero or
more individual sub-options. Each consecutive sub-option is
concatenated immediately following its predecessor. All sub-options
except Pad1 (see below) are in an OMNI-specific type-length-value
(TLV) format encoded as follows: Sub-Type is a 5-bit field that encodes the sub-option type.
Sub-option types defined in this document are:Sub-Types 16-29 are available for future assignment for
major protocol functions, while Sub-Type 30 supports scalable
extension to include other functions. Sub-Type 31 is reserved by
IANA.Sub-Length is an 11-bit field that encodes the length of the
Sub-Option Data in octets.Sub-Option Data is a block of data with format determined by
Sub-Type and length determined by Sub-Length. Note that each
sub-option is concatenated consecutively with the previous and
may therefore begin and/or end on an arbitrary octet boundary.The OMNI interface codes each sub-option with a 2-octet
header that includes Sub-Type in the most significant 5 bits followed
by Sub-Length in the next most significant 11 bits. Each sub-option
encodes a maximum Sub-Length value of 2038 octets minus the lengths
of the OMNI option header and any preceding sub-options. This allows
ample Sub-Option Data space for coding large objects (e.g., ASCII
strings, domain names, protocol messages, security codes, etc.),
while a single OMNI option is limited to 2040 octets the same as
for any IPv6 ND option.The OMNI interface codes initial sub-options in a first OMNI option
instance and any additional sub-options in additional instances in the
same IPv6 ND message in the intended order of processing. If the
size of all OMNI options with their sub-options would cause the IPv6
ND message to exceed the OMNI interface MTU, the OMNI interface can
code any remaining sub-options in additional IPv6 ND messages.The OMNI interface processes all OMNI options received in an
IPv6 ND message while skipping over and ignoring any unrecognized
sub-options. The OMNI interface processes the sub-options of all
OMNI option instances in the consecutive order in which they appear
in the IPv6 ND message, beginning with the first instance and
continuing through any additional instances to the end of the message.
If an individual sub-option length would cause processing to exceed
the OMNI option instance and/or IPv6 ND message lengths, the OMNI
interface accepts any sub-options already processed and ignores the
remainder of that instance.IPv6 ND messages that require OMNI authentication services include
a Node Identification sub-option as the first sub-option of the first
OMNI option if necessary. Whether or not a Node Identification is
included, the IPv6 ND message includes some form of authentication
(e.g., HMAC, HIP, QUIC, etc.) as the immediately next sub-option
whether in the same or a different OMNI option. A single IPv6 ND
messages includes a single effective OMNI authentication service
sub-option; if multiple are included, the first sub-option is
processed and all others are ignored. The IPv6 ND message may
instead include non-OMNI authentication options such as those
specified in or .
Nodes that receive IPv6 ND messages over unsecured underlying
networks first verify the IPv6 ND message checksum then authenticate
the message by processing the authentication option/sub-option.Note: large objects that exceed the maximum Sub-Option Data length
are not supported under the current specification; if this proves to
be limiting in practice, future specifications may define support for
fragmenting large sub-options across multiple OMNI options within the
same IPv6 ND message (or even across multiple IPv6 ND messages, if
necessary).The following sub-option types and formats are defined in this
document:Sub-Type is set to 0. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Type is followed by 3 'x' bits, set to any value on
transmission (typically all-zeros) and ignored on reception.
Pad1 therefore consists of a single octet with the most significant
5 bits set to 0, and with no Sub-Length or Sub-Option Data fields
following.If more than a single octet of padding is required, the PadN
option, described next, should be used, rather than multiple Pad1
options.Sub-Type is set to 1. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N that encodes the number of padding
octets that follow.Sub-Option Data consists of N octets, set to any value on
transmission (typically all-zeros) and ignored on receipt.When an intermediate system forwards an IPv6 ND message
with OMNI options, it can void any non-Pad1 sub-options that should
not be processed by the next hop by simply writing the value '1'
(PadN) over the Sub-Type. When the intermediate system alters the
IPv6 ND message in this way, the integrity check is invalidated
and must be re-calculated. See: for a
discussion of IPv6 ND message authentication and integrity.The Node Identification sub-option (when present) must appear as the
first sub-option of the first OMNI option in each IPv6 ND message.
If multiple instances appear in OMNI options of the same IPv6 ND
message the first instance of a specific ID-Type is processed and
all other instances of the same ID-Type are ignored. (A single
IPv6 ND message can therefore convey multiple distinct Node
Identifications - each with a different ID-Type.)The format and contents of the sub-option are shown in :Sub-Type is set to 2. Multiple instances are processed as
discussed above.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The ID-Type field is always present,
and the maximum Node Identification Value length is limited
by the remaining available space in this OMNI option.ID-Type is a 1-octet field that encodes the type of the Node
Identification Value. The following ID-Type values are currently
defined:0 - Universally Unique IDentifier (UUID) . Indicates that Node Identification Value
contains a 16-octet UUID.1 - Host Identity Tag (HIT) .
Indicates that Node Identification Value contains a 16-octet
HIT.2 - Hierarchical HIT (HHIT) .
Indicates that Node Identification Value contains a 16-octet
HHIT.3 - Network Access Identifier (NAI) . Indicates that Node Identification Value
contains an (N-1)-octet NAI.4 - Fully-Qualified Domain Name (FQDN) . Indicates that Node Identification Value
contains an (N-1)-octet FQDN.5 - IPv6 Address. Indicates that Node Identification
contains a 16-octet IPv6 address that is not a (H)HIT. The
IPv6 address type is determined according to the IPv6
addressing architecture .6 - 252 - Unassigned.253 - 254 - reserved for experimentation, as recommended in
.255 - reserved by IANA.Node Identification Value is an (N-1)-octet field encoded
according to the appropriate the "ID-Type" reference above.OMNI interfaces code Node Identification Values used for DHCPv6
messaging purposes as a DHCP Unique IDentifier (DUID) using the
"DUID-EN for OMNI" format with enterprise number 45282 (see: ) as shown in :In this format, the OMNI interface codes the ID-Type and Node
Identification Value fields from the OMNI sub-option following a
6-octet DUID-EN header, then includes the entire "DUID-EN for OMNI"
in a DHCPv6 message per .The Authentication sub-option includes a Hashed Message
Authentication Code (HMAC) computed according to and .The Authentication sub-option is formatted as shown in :Sub-Type is set to 3. The Authentication sub-option must
appear at most once in any IPv6 ND message; if multiple
instances appear in OMNI options of the same message
the first is processed and all others are ignored.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the HMAC. The length of the HMAC is
therefore limited by the remaining available space for this
sub-option.Type encodes the authentication algorithm type found in the
IANA "ICMPv6 Parameters - Trust Anchor Option (Type 15) Name
Field" registry, and determines the length of the HMAC. For
example, when Type is 3 the authentication algorithm is SHA-1
and the HMAC is 160 bits (20 octets) in length, when Type is 5
the algorithm is SHA-256 and the HMAC is 256 bits (32 octets)
in length, etc. A full list of available Types is found in the
registry, which cites for several
well-known Types. The Type value TBD7 is reserved for the
Edwards-Curve Digital Signature Algorithm (EdDSA) (see IANA
Considerations) with the HMAC (i.e., digital signature)
including 64 octets for Ed25519 or 114 octets for Ed448 per
.HMAC includes a Hashed Message Authentication Code
or digital signature for this IPv6 ND message with
(N-1)-octet length according to Type.IPv6 ND messages used to manage neighbor relationships
between Clients and their Proxy/Servers (and also between
Clients and their peer Clients) include a Neighbor Control
OMNI sub-option. Each IPv6 ND message includes at most one
Neighbor Control sub-option which must be specific to the
underlying interface over which the ND message is sent.The Neighbor Control sub-option is formatted as follows:
Sub-Type is set to 4. If multiple instances appear in OMNI
options of the same message, the first is processed and all
others are ignored.Sub-Length is set to N.Sub-Option Data includes an N-octet neighbor control flags
field. This specification defines several Control flags in the
first octet.Clients set the Neighbor Unreachability Detection (NUD),
Address Resolution Responder (ARR) and Report (RPT) flags in RS
messages to control the operation of their Proxy/Server neighbors
as discussed in .Nodes set the Synchronous (u)NA Required (SNR) flag in
non-solicitation IPv6 ND messages (i.e., solicited/unsolicited
NA/RA and Redirects) for which they require a synchronous (but
technically "unsolicited") NA reply (see: ).OAL intermediate systems set the Path Change (PCH) flag
in uNA messages used to report a change in a path established
by multilink forwarding.All remaining flags in the first octet plus any additional
octets are Reserved and must be set to 0; future specifications
may define new flags.The Interface Attributes sub-option provides neighbors with
forwarding information for the multilink conceptual sending
algorithm discussed in . Neighbors use
the forwarding information to select among candidate underlay
interfaces that can be used to forward carrier packets to the
neighbor based on factors such as traffic selectors and link
metrics. Interface Attributes further include link layer address
information to be used for either direct INET encapsulation for
targets in the local SRT segment or spanning tree forwarding for
targets in remote SRT segments.OMNI nodes include Interface Attributes for some/all of a source
or target Client's underlay interfaces in NS/NA and uNA messages
used to publish Client information (see: ). At most one Interface Attributes
sub-option for each distinct ifIndex may be included; if an IPv6 ND
message includes multiple Interface Attributes sub-options for the
same ifIndex, the first is processed and all others are ignored.
OMNI nodes that receive NS/NA messages can use all of the included
Interface Attributes and/or Traffic Selectors to formulate a map of
the prospective source or target node as well as to seed the
information to be populated in future neighbor exchanges.OMNI Clients and Proxy/Servers also include Interface Attributes
sub-options in RS/RA messages used to initialize, discover and
populate routing and addressing information. Each RS message MUST
contain exactly one Interface Attributes sub-option with an ifIndex
corresponding to the Client's underlay interface used to transmit
the message, and each RA message MUST echo the same Interface
Attributes sub-option with any (proxyed) information populated by
the FHS Proxy/Server to provide operational context.When an FHS Proxy/Server receives an RS message destined to
an anycast L2 address, it MUST include an additional Interface
Attributes sub-option with ifIndex '0' that encodes its own
unicast L2 address relative to the Client's underlay interface
in the solicited RA response. Any additional Interface Attributes
sub-options that appear in RS/RA messages (i.e., besides those
for the Client's own ifIndex and ifIndex '0') are ignored.The Interface Attributes sub-option is formatted as shown
below:Sub-Type is set to 5. Multiple instances are processed as
discussed above.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option Data contains an "Interface Attributes" option
encoded as follows:ifIndex is a 4-octet index value corresponding to a
specific underlay interface. Client OMNI interfaces MUST
number each distinct underlay interface with a non-zero
ifIndex value assigned by network management per and include the value in this field. The
ifIndex value '0' denotes "unspecified".ifType is a 4-octet type value corresponding to this
underlay interface. The value is coded per the
'IANAifType-MIB' registry [http://www.iana.org].ifProvider is a 4-octet provider identifier corresponding
to this underlay interface. This document defines the single
provider identifier value '0' (undefined). Future documents
may define other values.ifMetric encodes a 4-octet interface metric. Lower values
indicate higher priorities, and the highest value indicates
an interface that should not be selected. The ifMetric setting
provides an instantaneous indication of the interface bandwidth,
link quality, signal strength, cost, etc.; hence, its value
may change in successive IPv6 ND messages.ifGroup is a 4-octet identifier for a Link Aggregation Group
(LAG) corresponding to the underlay
interface identified by ifIndex. Interface attributes for ifIndex
members of the same group will encode the same value in ifGroup.
This document defines the single ifGroup value '0' meaning
"no group assigned". Future documents will specify the setting
of other values.SRT is a 1-octet Segment Routing Topology prefix length
that determines the length associated with this sub-tree of
a larger topology that may include the concatenation of
multiple connected segments. The SRT value ranges from
0 to 128.FMT - a 1-octet "Forward/Mode/Type" code interpreted as
follows:The most significant 2 bits (i.e., "FMT-Forward"
and "FMT-Mode") are interpreted in conjunction with one
another. When FMT-Forward is clear, the LHS Proxy/Server
performs OAL reassembly and decapsulation to obtain the
original IP packet/parcel before forwarding. If the
FMT-Mode bit is clear, the LHS Proxy/Server then
forwards the original IP packet/parcel at L3;
otherwise, it invokes the OAL to re-encapsulate,
re-fragment and sends the resulting carrier packets to
the Client via the selected underlay interface. When
FMT-Forward is set, the LHS Proxy/Server forwards
unmodified OAL fragments to the Client without
reassembling. If FMT-Mode is clear, all carrier packets
destined to the Client must always be sent via the LHS
Proxy/Server; otherwise the Client is eligible for direct
forwarding over the open INET where it may be located
behind one or more NATs.The next most significant 2 bits are reserved, and
the value encoded in the least significant 4 bits (i.e.,
"FMT-Type") determines the type and length of the L2ADDR
field. The following values are currently defined:
0 - L2ADDR is 0 octets in length and unused.1 - L2ADDR is 4 octets in length and encodes an
IPv4 address.2 - L2ADDR is 6 octets in length and encodes an
EUI-48 address .3 - L2ADDR is 8 octets in length and encodes an
EUI-64 address .4 - L2ADDR is 16 octets in length and encodes an
IPv6 address.LHS GUA/L2ADDR - encodes the 16 octet SNP IPv6 GUA of the
node relative to the LHS Proxy/Server followed by the L2ADDR
field formatted as above. FMT, SRT and LHS together provide
guidance for the OMNI interface forwarding algorithm.
Specifically, if LHS::/SRT is located in the local OMNI
link segment, then the source can address the target Client
either through its dependent Proxy/Server or through direct
encapsulation following NAT traversal according to FMT.
Otherwise, the target Client is located on a different SRT
segment and the path from the source must employ a combination
of route optimization and spanning tree hop traversals. L2ADDR
identifies the LHS Proxy/Server's INET-facing interface not
located behind NATs, therefore no UDP port number is
included since port number 8060 is used when the L2
encapsulation includes a UDP header. Instead, L2ADDR
includes only an L2 address with type and length determined
by FMT-Type as described above. When L2ADDR includes an IPv4
or IPv6 address, it is recorded in network byte order in
ones-compliment "obfuscated" form per .Traffic Selector Blocks(s) - zero or more Traffic Selector
blocks follow, with their total length determined by the number
of octets remaining in the Interface Attributes sub-option
beyond the end of the LHS Proxy/Server information. Each
Traffic Selector block is formatted the same as specified
in and processed consecutively,
with its length subtracted from the remaining length of
the Interface Attributes sub-option.The Traffic Selector sub-option provides forwarding information
for the multilink conceptual sending algorithm discussed in . The sub-option includes traffic selector
information per as ancillary information
for an Interface Attributes sub-option with the same ifIndex value,
or as discrete information for the included ifIndex when no
Interface Attributes sub-option is present.IPv6 ND messages may include multiple Traffic Selectors for some
or all of the source/target Client's underlay interfaces (see: for further discussion). Traffic
Selectors must be honored by all implementations in the format shown
below: Sub-Type is set to 6. Multiple instances with the same or
different ifIndex values may appear in the same IPv6 ND message.
When multiple instances appear, all are processed and the
cumulative information from all is accepted.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option data begins with a 4-octet ifIndex value
corresponding to a specific underlay interface. (Note that when
traffic selector blocks appear within an Interface Attributes
sub-option, the ifIndex field already appears and is not
included multiple times.)The remainder of Sub-Option Data contains one or more "Traffic
Selector" blocks for this ifIndex that each begin with 1-octet
"TS Length" and "TS Format" fields. TS length encodes the combined
lengths of the TS* fields plus the Traffic Selector body that
follows (i.e. a value between 2-255 octets). When TS Format encodes
the value 1 or 2, the Traffic Selector body encodes an IPv4 or IPv6
traffic selector per beginning with 16
flag bits ("A-N" plus 2 "Reserved"); when TS Format encodes any
other value the Traffic Selector block is skipped and processing
resumes beginning with the next Traffic Selector block (if any).
The Traffic Selector block elements then appear immediately after
the flags (with no 16-bit Reserved field included) and encode the
information corresponding to any set flag bit(s) in order the same
as specified in . Each included Traffic
Selector block is processed consecutively, with its length
subtracted from the remaining sub-option length until all blocks
are processed. If the length of any Traffic Selector block would
exceed the remaining length for the entire sub-option, the
remainder of the sub-option is ignored.Clients exchange IPv6 ND messages with their FHS Proxy/Servers
and other Client peers to populate forward and reverse path AFIB
state.The Multilink Vector sub-option provides the necessary
information allowing OAL intermediate and end systems in
the path to establish AFVs to support future packet forwarding.Each IPv6 ND message contain at most one Multilink Vector
sub-option; if multiple are present, the first is processed
and all others are ignored.The Multilink Vector sub-option is formatted as follows:
Sub-Type is set to 7 and Sub-Length is set to 32. If
multiple instances appear in OMNI options of the same
message, the first is processed and all others are ignored.the first 4 octets of Sub-Option Data include an AFVI
generated by the IPv6 ND message source. When the SYN flag
is set, each OAL intermediate hop records this (previous hop)
AFVI value along with the previous hop L2 address in an AFIB
AFV, then also generates and records a new (next hop) AFVI
value. When the SYN flag is not set, the intermediate hop
instead uses the AFVI value to locate an existing AFV without
creating a new one. Each intermediate hop then rewrites the
Multilink Vector AFVI field to the next hop value and forwards
the message to the next hop. The process continues until the
message arrives at the IPv6 ND message destination.the next 8 octets include the 4-octet ifIndex of the
FHS (initiator) node followed by the 4-octet ifIndex of
the LHS (responder) node.the final 20 octets of Sub-Option Data follows from
the Transmission Control Protocol (TCP) header specified in
Section 3.1 of . The field is formatted
as an 8-octet Sequence Number, followed by an 8-octet Acknowledgement
Number, followed by a 1-octet flags field followed by a 3-octet
Window size. The TCP (ACK, RST, SYN) flags are used for TCP-like
window synchronization, while the TCP (CWR, ECE, URG, PSH, FIN)
flags are unused. The OPT flag (discussed in ) is an OMNI-specific replacement for the TCP PSH
flag, the TST flag (discussed in is an OMNI-specific replacement for
the TCP FIN flag and the 3 remaining unused flags appear as
reserved (RES). Together, these fields support the OAL window
synchronization services specified in .When an IPv6 ND message source includes a Multilink Vector
sub-option, it MUST temporarily reset the AFVI to 0 before
calculating an authentication signature over the message since OAL
intermediate nodes in the path will rewrite the AFVI to a different
value. The source then MUST reset the AFVI to its actual value before
calculating the IPv6 ND message checksum and forwarding the message.
When an OAL intermediate system or destination receives the message,
it first verifies the checksum then MUST temporarily reset the AFVI
to 0 before verifying the authentication signature.Sub-Type is set to 8. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Geo Type is a 1-octet field that encodes a type designator
that determines the format and contents of the Geo Coordinates
field that follows. The following types are currently
defined:0 - NULL, i.e., the Geo Coordinates field is
zero-length.Geo Coordinates is a type-specific format field of length
up to the remaining available space for this OMNI option. New
formats to be specified in future documents and may include
attributes such as latitude/longitude, altitude, heading,
speed, etc.The Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
sub-option may be included in the OMNI options of Client RS messages
and Proxy/Server RA messages. The DHCPv6 sub-option is formatted
per Section 8 of as shown
in :Sub-Type is set to 9. If multiple instances appear in OMNI
options of the same message the first is processed and all others
are ignored.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The 'msg-type' and 'transaction-id'
fields are always present; hence, the length of the DHCPv6
options is limited by the remaining available space for this
OMNI option.'msg-type' and 'transaction-id' are coded according to
Section 8 of .A set of DHCPv6 options coded according to Section 21 of
follows.The Protocol Independent Multicast - Sparse Mode (PIM-SM) Message
sub-option may be included in the OMNI options of IPv6 ND messages.
The PIM-SM message sub-option is formatted per Section 4.9 of and as shown in :Sub-Type is set to 10. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the PIM-SM message. The length of the
entire PIM-SM message is therefore limited by the remaining
available space for this OMNI option.The PIM-SM message is coded exactly as specified in Section
4.9 of , except that the Checksum field
is omitted since message integrity is already assured by the
IPv6 ND message Checksum. The Reserved field is set to 0 on
transmission and ignored on reception. The "PIM Ver" field
encodes the value 2, and the "Type" field encodes the PIM
message type. (See Section 4.9 of
for a list of PIM-SM message types and formats.)The Host Identity Protocol (HIP) Message sub-option (when
present) provides an authentication service alternative for IPv6 ND
messages exchanged between Clients and FHS Proxy/Servers (or between
Clients and their peers) over an open Internetwork. When the HIP
service is used, FHS Proxy/Servers verify the HIP authentication
signatures in source Client IPv6 ND messages then remove the HIP message
sub-option and securely forward the ND messages to other OMNI nodes.
LHS Proxy/Servers that receive secured IPv6 ND messages from other OMNI
nodes that do not already include a security sub-option can insert HIP
authentication signatures before forwarding them to the target Client.OMNI interfaces that use the HIP service include the HIP message
sub-option when they forward IPv6 ND messages that require security
over INET underlay interfaces, i.e., where authentication and integrity
is not already assured by link/physical layers or other OMNI layer
services. The OMNI interface calculates the authentication signature
over the entire length of the OAL packet (or super-packet) beginning
after the IPv6 ND message header and extending over the remainder of
the OAL packet or super-packet. OMNI interfaces that process OAL
packets containing secured IPv6 ND messages verify the signature
then either process the rest of the message locally or forward a
proxyed copy to the next hop.When an FHS Client inserts a HIP message sub-option in an IPv6 ND
message destined to a target in a remote spanning tree segment, it
must ensure that the insertion does not cause the message to exceed
the IPv6 minimum MTU. If the LHS Proxy/Server cannot create
sufficient space through any means without causing the IPv6 ND
message to exceed the IPv6 minimum MTU, it returns a suitable
error (see: ) and drops the message.The HIP message sub-option is formatted as shown below:Sub-Type is set to 11. If multiple instances appear in OMNI
options of the same message the first is processed and all
others are ignored.Sub-Length is set to N, i.e., the length of the option in
octets beginning immediately following the Sub-Length field and
extending to the end of the HIP parameters. The length of the
entire HIP message is therefore limited by the remaining
available space for this OMNI option.The HIP message is coded per Section 5 of , except that the OMNI "Sub-Type" and
"Sub-Length" fields replace the first 2 octets of the HIP
message header (i.e., the Next Header and Header Length fields).
Also, since the IPv6 ND message is already protected by its own
checksum, the 2-octet HIP message Checksum field is omitted.Sub-Type is set to 12. If multiple instances appear in OMNI
options of the same IPv6 ND message, the first is processed and
all others are ignored.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.The QUIC-TLS message encodes the QUIC and
TLS message parameters necessary to support QUIC connection
establishment.IPv6 ND messages serve as couriers to transport the QUIC
and TLS parameters necessary to establish a secured QUIC connection.Fragmentation Report (FRAGREP) sub-options may be included in the
OMNI options of uNA messages sent from an OAL destination to an OAL
source. The message consists of (N/16)-many (Identification,
Bitmap)-tuples which include the Identification values of OAL
fragments received plus a Bitmap marking the ordinal positions
of individual fragments received and missing.Sub-Type is set to 13. If multiple instances appear in OMNI
options of the same message all are processed.Sub-Length is set to N which must be a multiple of 16, i.e.,
the combined lengths of each (Identification, Bitmap) pair
beginning immediately following the Sub-Length field and
extending to the end of the sub-option.Identification(i) includes the 8-octet Identification
value found in a received OAL fragment.Bitmap(i) includes a 64-bit checklist of up to 64 ordinal
fragments for this Identification, with each bit set to 1 for
a fragment received or 0 for a fragment corrupted, lost or
still in transit. For example, for a 20-fragment OAL packet
with ordinal fragments #3, #10, #13 and #17 missing or corrupted
and all other fragments received or still in transit, Bitmap(i)
encodes the following:Sub-Type is set to 14. If multiple instances appear in OMNI
options of the same IPv6 ND message all are processed.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow.Sub-Option Data includes an N-octet ICMPv6 Error Message
body encoded per Section 2.1 of ,
but with the IPv6 header and Checksum fields omitted. OMNI
interfaces include as much of the "packet in error" in the
ICMPv6 error message body as possible without causing the
IPv6 ND message that includes the OMNI option to exceed the
IPv6 minimum MTU. While all ICMPv6 error message types are
supported, OAL destinations often include ICMPv6 PTB messages
in uNA messages to provide MTU feedback information via the
OAL source (see: ). Note: ICMPv6
informational messages must not be included and must
be ignored if received.OMNI Clients include a Proxy/Server Departure sub-option in RS
messages when they associate with a new FHS and/or MAP Proxy/Server
and need to send a departure indication to an old FHS and/or MAP
Proxy/Server. The Proxy/Server Departure sub-option is formatted as
shown below:Sub-Type is set to 15. If multiple instances appear in
OMNI options of the same message, the first is processed
and all others are ignored.Sub-Length is set to 32.Sub-Option Data contains the 16-octet GUA for the "Old FHS
Proxy/Server" followed by a 16-octet GUA for an "Old MAP
Proxy/Server. If the Old FHS/MAP is a different node, the
corresponding GUA includes the address of the (foreign)
Proxy/Server. If the Old FHS/MAP is the local node, the
corresponding GUA includes the node's own address. If the
FHS/MAP is unspecified, the corresponding GUA instead includes
the value "::/128".Since the Sub-Type field is only 5 bits in length, future
specifications of major protocol functions may exhaust the remaining
Sub-Type values available for assignment. This document therefore
defines Sub-Type 30 as an "extension", meaning that the actual
sub-option type is determined by examining a 1-octet
"Extension-Type" field immediately following the Sub-Length field.
The Sub-Type Extension is formatted as shown in :Sub-Type is set to 30. If multiple instances appear in OMNI
options of the same message all are processed, where each
individual extension defines its own policy for processing
multiple of that type.Sub-Length is set to N that encodes the number of Sub-Option
Data octets that follow. The Extension-Type field is always
present, and the maximum Extension-Type Body length is limited
by the remaining available space in this OMNI option.Extension-Type contains a 1-octet Sub-Type Extension value
between 0 and 255.Extension-Type Body contains an (N-1)-octet block with format
defined by the given extension specification.Initial Extension-Type values are defined in the following
subsections, while remaining Extension-Type values are available
for assignment by future specifications which must also define the
format of the Extension-Type Body and its processing rules.
Extension-Type values 253 and 254 are reserved for experimentation,
as recommended in , while value 255 is
reserved by IANA.Sub-Type is set to 30.Sub-Length is set to N that encodes the number of
Sub-Option Data octets that follow. The Extension-Type and
Header Type fields are always present, and the Header Option
Value is limited by the remaining available space in this OMNI
option.Extension-Type is set to 0. Each instance encodes exactly
one header option per Section 5.1.1 of , with Ext-Type and Header Type representing
the first 2 octets of the option. If multiple instances of
the same Header Type appear in OMNI options of the same
message the first instance is processed and all others are
ignored.Header Type and Header Option Value are coded exactly as
specified in Section 5.1.1 of ; the
following types are currently defined:0 - Origin Indication (IPv4) - value coded as a UDP
port number followed by a 4-octet IPv4 address both in
"obfuscated" form per Section 5.1.1 of .1 - Authentication Encapsulation - value coded per
Section 5.1.1 of .2 - Origin Indication (IPv6) - value coded as a UDP
port number followed by an IP address both in "obfuscated"
form per Section 5.1.1 of , except
that the IP address is a 16-octet IPv6 address instead of
a 4-octet IPv4 address.Header Type values 3 through 252 are available for
assignment by future specifications, which must also define
the format of the Header Option Value and its processing
rules. Header Type values 253 and 254 are reserved for
experimentation, as recommended in ,
and value 255 is reserved by IANA.Sub-Type is set to 30.Sub-Length is set to N that encodes the number of
Sub-Option Data octets that follow. The Extension-Type and
Trailer Type fields are always present, and the maximum-length
Trailer Option Value is limited by the remaining available
space in this OMNI option.Extension-Type is set to 1. Each instance encodes exactly
one trailer option per Section 4 of .
If multiple instances of the same Trailer Type appear in OMNI
options of the same message the first instance is processed
and all others ignored.Trailer Type and Trailer Option Value are coded exactly as
specified in Section 4 of ; the
following Trailer Types are currently defined:0 - Unassigned1 - Nonce Trailer - value coded per Section 4.2 of
.2 - Unassigned3 - Alternate Address Trailer (IPv4) - value coded per
Section 4.3 of .4 - Neighbor Discovery Option Trailer - value coded per
Section 4.4 of .5 - Random Port Trailer - value coded per Section 4.5
of .6 - Alternate Address Trailer (IPv6) - value coded per
Section 4.3 of , except that each
address is a 16-octet IPv6 address instead of a 4-octet
IPv4 address.Trailer Type values 7 through 252 are available for
assignment by future specifications, which must also define
the format of the Trailer Option Value and its processing
rules. Trailer Type values 253 and 254 are reserved for
experimentation, as recommended in ,
while value 255 is reserved by IANA.The multicast address mapping of the native underlay interface
applies. The Client mobile router also serves as an IGMP/MLD Proxy for
its ENETs and/or hosted applications per .The Client uses Multicast Listener Discovery (MLDv2) to coordinate with Proxy/Servers, and underlay
network elements use MLD snooping . The Client
can also employ multicast routing protocols to coordinate with
network-based multicast sources as specified in .Since the OMNI link model is NBMA, OMNI links support link-scoped
multicast through iterative unicast transmissions to individual
multicast group members (i.e., unicast/multicast emulation).The Client's network layer selects the outbound OMNI interface according
to SBM considerations when forwarding original IP packets/parcels from
local or ENET applications to external correspondents. Each OMNI
interface maintains an internal OAL neighbor cache maintained the same
as discussed in , but also includes additional
state for multilink coordination. Each Client OMNI interface maintains
default routes via Proxy/Servers discovered as discussed in , and may configure more-specific routes discovered
through means outside the scope of this specification.For each original IP packet/parcel it forwards, the OMNI interface
selects one or more source underlay interfaces based on PBM factors
(e.g., traffic attributes, cost, performance, message size, etc.) and
one or more target underlay interfaces for the neighbor based on
Interface Attributes received in IPv6 ND messages (see: ). Multilink forwarding may also direct carrier packet
replication across multiple underlay interface pairs for increased
reliability at the expense of duplication. The set of all Interface
Attributes and Traffic Selectors received in IPv6 ND messages determines
the multilink forwarding profile for selecting target underlay
interfaces.When the OMNI interface forwards an original IP packet/parcel over a
selected source underlay interface, it first employs OAL encapsulation
and fragmentation as discussed in , then performs
L2 encapsulation as directed by the appropriate AFV. The OMNI interface
also performs L2 encapsulation (following OAL encapsulation) when the
nearest Proxy/Server is located multiple hops away as discussed in .OMNI interface multilink service designers MUST observe the BCP
guidance in Section 15 in terms of implications
for reordering when original IP packets/parcels from the same flow may
be spread across multiple underlay interfaces having diverse
properties.Clients may connect to multiple independent OMNI links within the
same or different OMNI domains to support SBM. The Client configures a
separate OMNI interface for each link so that multiple interfaces
(e.g., omni0, omni1, omni2, etc.) are exposed to the network layer.
Each OMNI interface is configured over a separate set of underlying
interfaces and configures one or more OMNI link SRA addresses (see:
); the Client injects the corresponding SRA
prefixes into the ENET routing system. Multiple distinct OMNI links
can therefore be used to support fault tolerance, load balancing,
reliability, etc.Applications in ENETs can use Segment Routing to select the desired
OMNI interface based on SBM considerations. The application writes an
OMNI link SRA address into the original IP packet/parcel's destination
address, and writes the actual destination (along with any additional
intermediate hops) into the Segment Routing Header. Standard IP
routing directs the packet/parcel to the Client's mobile router
entity, where the OMNI link SRA address identifies the correct OMNI
interface for next hop forwarding. When the Client receives the
packet/parcel, it replaces the IP destination address with the next
hop found in the Segment Routing Header and forwards the message via
the OMNI interface identified by the SRA address.Note: The Client need not configure its OMNI interface indexes in
one-to-one correspondence with the global OMNI Link-IDs configured for
OMNI domain administration since the Client's indexes (i.e., omni0,
omni1, omni2, etc.) are used only for its own local interface
management.After a Proxy/Server has registered an MNP for a Client (see: ), the Proxy/Server will forward all original IP
packets/parcels (or carrier packets) destined to an address within the
MNP to the Client. The Client will under normal circumstances then
forward the resulting original IP packet/parcel to the correct
destination within its connected (downstream) ENETs.If at some later time the Client loses state (e.g., after a
reboot), it may begin returning original IP packets/parcels (or
carrier packets) with destinations corresponding to its MNP to the
Proxy/Server as its default router. The Proxy/Server therefore drops
any original IP packets/parcels received from the Client with a
destination address that corresponds to the Client's MNP (i.e.,
whether ULA or GUA), and drops any carrier packets with both source
and destination address corresponding to the same Client's MNP
regardless of their origin.Proxy/Servers support "hairpinning" for packets with SNP
source and destination addresses that would convey useful
data from a source SNP Client to a target SNP Client both
located in the same OMNI link segment. Proxy/Servers support
this hairpinning according to , however ULA-to-ULA addressing
between peer nodes within the same OMNI link segment is
preferred whenever possible.Clients engage their FHS Proxy/Servers and the MS by sending OAL
encapsulated RS messages with OMNI options under the assumption that
one or more Proxy/Server will process the message and respond. The RS
message is received by a FHS Proxy/Server, which may in turn forward
a proxyed copy to a MAP Proxy/Server located in a local or remote
SRT segment if the Client requires MNP service. The MAP Proxy/Server
then returns an OAL encapsulated RA message either directly to the
Client or via the original FHS Proxy/Server acting as a proxy.To support Client to service coordination, OMNI defines flag
bits in the OMNI Neighbor Control sub-option discussed in
. Clients set or clear the NUD, ARR
and/or RPT flags in RS messages as directives to the Mobility
Service FHS/MAP Proxy/Servers. Proxy/Servers interpret the
flags as follows:When an FHS Proxy/Server forwards or processes an RS with
the NUD flag set, it responds directly to future NS Neighbor
Unreachability Detection (NUD) messages with the Client as the
target by returning NA(NUD) replies; otherwise, it forwards
NS(NUD) messages to the Client.When the MAP Proxy/Server receives an RS with the ARR flag
set, it responds directly to future NS Address Resolution (AR)
messages with the Client as the target by returning NA(AR)
replies; otherwise, it forwards NS(AR) messages to the Client.When the MAP Proxy/Server receives an RS with the RPT flag set,
it maintains a Report List of recent NS(AR) message sources for the
source or target Client and sends uNA messages to all list members
if any aspects of the Client's underlay interfaces change.Mobility Service Proxy/Servers function according to the NUD,
ARR and RPT flag settings received in the most recent RS message to
support dynamic Client updates.Clients and FHS Proxy/Servers include an authentication signature
as an OMNI sub-option in their RS/RA exchanges when necessary but
always include a valid IPv6 ND message checksum as the final step.
FHS and MAP Proxy/Server RS/RA message exchanges over the SRT
secured spanning tree instead always include the checksum and
omit the authentication signature. Clients and Proxy/Servers use the
information included in RS/RA messages to establish NCE state and OMNI
link autoconfiguration information as discussed in this section.For each underlay interface, the Client sends RS messages with OMNI
options to coordinate with a (potentially) different FHS Proxy/Server
for each interface but typically with a limited set of MAP Proxy/Servers
(normally only one). All Proxy/Servers are identified by their ULA/GUA SRA
addresses and accept carrier packets addressed to their anycast/unicast
L2ADDRs; the MAP Proxy/Server may be chosen among any of the Client's
FHS Proxy/Servers or may be any other Proxy/Server for the OMNI link.
Example L2ADDR discovery methods appear in
and include data link login parameters, name service lookups, static
configuration, a DHCP option, a static "hosts" file, etc. In the
absence of other information, the Client can resolve the DNS
Fully-Qualified Domain Name (FQDN) "linkupnetworks.[domainname]" where
"linkupnetworks" is a constant text string and "[domainname]" is a DNS
suffix for the OMNI link (e.g., "example.com"). The name resolution will
return a set of DNS resource records with the addresses of Proxy/Servers
for the local OMNI link segment. When the underlay *NET does not support
standard unicast server-based name resolution
the Client can engage a multicast service such as mDNS within the local OMNI link segment.Each FHS Proxy/Server configures a SNP SRA ULA/GUA address pair
for the local OMNI link segment and advertises its L2ADDR(s)
for discovery as above. The Client can then manage its own SNP
ULA/GUA addresses through DHCPv6 address autoconfiguration exchanges
with FHS Proxy/Servers. The FHS Proxy/Servers discovered over multiple
of the Client's underlay interfaces may configure the same or different
SNP SRA ULAs/GUAs, and the Client's ULA for each underlay interface
will fall within the ULA OMNI link segment relative to each FHS
Proxy/Server.Clients configure OMNI interfaces that observe the properties
discussed in previous sections. The OMNI interface and its underlay
interfaces are said to be in either the "UP" or "DOWN" state according
to administrative actions in conjunction with the interface connectivity
status. An OMNI interface transitions to UP/DOWN through administrative
action and/or through underlay interface state transitions. When a first
underlay interface transitions to UP, the OMNI interface also transitions
to UP. When all underlay interfaces transition to DOWN, the OMNI interface
also transitions to DOWN.When a Client OMNI interface transitions to UP, it sends RS messages
to register an initial set of underlay interfaces that are also UP and
to optionally register/request an MNP. The Client sends additional RS
messages to refresh lifetimes and to register/deregister underlay
interfaces as they transition to UP or DOWN. The Client's OMNI
interface sends initial RS messages over an UP underlay interface
with source set to an SNP ULA for the local OMNI link segment
if it has one (otherwise with source set to the unspecified address
("::/128") per ) and with destination set to
either the SRA GUA of a specific (MAP) Proxy/Server or link-scoped
All-Routers multicast (ff02::2) . The Client
includes an OMNI option per with a Neighbor
Control sub-option with the RS NUD, ARR and RPT flags set or cleared
as necessary.Clients in MANETs and open INET deployments also include an OMNI
Multilink Vector sub-option with FHS ifIndex set to the ifIndex
of its own underlay interface and with LHS ifIndex set to 0
(i.e., the default ifIndex configured by all Proxy/Servers). The Client
also sets AFVI to 0, sets Sequence Number to a randomly-chosen
8-octet value and sets the Flow Label in the IPv6 header to
0. The resulting exchange will establish symmetric Identification
windows for the Client and Proxy/Server for use in authenticating
control messages.The Client next includes an Interface Attributes sub-option for
the underlay interface, a DHCPv6 Solicit sub-option with IA_NA and
(optionally) IA_PD DHCPv6 options, and with any other necessary OMNI
sub-options such as authentication, Proxy/Server Departure, etc.
The OMNI interface finally sets or clears the Interface Attributes
FMT-Forward and FMT-Mode bits according to its desired FHS Proxy/Server
service model as described in .The Client next prepares to forward the RS over the underlay
interface using OAL encapsulation. The OMNI interface first
includes a Nonce and/or Timestamp if necessary, then calculates
and sets the authentication signature if necessary followed by
the RS message checksum. The OMNI interface next sets the OAL
source address to the MLA or HHIT for the outgoing MANET or
ALVIF interface and sets the OAL destination to site-scoped
All-Routers multicast (ff05::2) , a
known Proxy/Server SNP SRA ULA or an anycast address. When L2
encapsulation is used, the Client next includes the discovered
FHS Proxy/Server L2ADDR or an anycast address as the L2 destination
then fragments if necessary and forwards the resulting carrier
packet(s) into the underlay network. Note that the Client does
not yet create a NCE, but instead caches the Nonce and/or
Timestamp values included in its RS message transmissions
to match against any received RA messages.When an FHS Proxy/Server receives the carrier packets containing
an RS it performs L2 reassembly if necessary, sets aside the L2 and
OAL headers, then verifies the RS checksum/authentication signature.
The FHS Proxy/Server then creates/updates a NCE indexed by the RS ULA
source address unless unspecified (in which case indexed by the OAL
source address). The FHS Proxy/Server then caches the OMNI Interface
Attributes and any Traffic Selector sub-options while also caching
the L2 (UDP/IP) and OAL source and destination address information.
The FHS Proxy/Server then searches for DHCPv6 IA_NA options in the
OMNI DHCPv6 sub-option. If IA_NA options are present, the FHS
Proxy/Server coordinates with the local DHCPv6 server to either
allocate new SNP GUA/ULA pairs or extend the lease lifetime for
existing SNP GUA/ULA pairs for the Client. The FHS Proxy/Server
next caches the SNP GUA/ULA in the (newly-created) NCE, then
caches the RS Neighbor Control NUD flag and Multilink Vector
parameters if present (see: ) and
examines the RS destination address.If the destination matches one of its own addresses and
the OMNI DHCPv6 sub-option includes DHCPv6 IA_PD options,
the FHS Proxy/Server assumes the MAP role as a default
router entry point for injecting the Client's MNP(s) into
the OMNI link routing system (i.e., after performing any
necessary prefix delegation operations). The FHS/MAP
Proxy/Server then caches the RS ARR and RPT flags to determine
its role in processing NS(AR) messages and generating uNA
messages (see: ).The FHS/MAP Proxy/Server then prepares to return an RA message
directly to the Client by first populating the Cur Hop Limit, Flags,
Router Lifetime, Reachable Time and Retrans Timer fields with values
appropriate for the OMNI link. The FHS/MAP Proxy/Server next includes
as the first RA message option an OMNI option with a Neighbor Control
sub-option and a responsive Multilink Vector sub-option with AFVI set
to 0 and with responsive window synchronization information. The
FHS/MAP Proxy/Server also includes an authentication sub-option if
necessary and a (proxyed) copy of the Client's original Interface
Attributes sub-option with its INET-facing interface information
written in the FMT, SRT and LHS Proxy/Server GUA/L2ADDR fields.
The Proxy/Server also includes a DHCPv6 Reply sub-option with
any IA_NA/IA_PD options that have been processed/populated by
the DHCPv6 exchange(s).The FHS/MAP Proxy/Server next sets or clears the FMT-Forward and
FMT-Mode flags if necessary to convey its capabilities to the Client,
noting that it should honor the Client's stated preferences for those
parameters if possible or override otherwise. The FMT-Forward/Mode
flags thereafter remain fixed unless and until a new RS/RA exchange
establishes different values (see: for further
discussion). If the FHS/MAP Proxy/Server's Client-facing interface
is different than its INET-facing interface, the Proxy/Server next
includes a second Interface Attributes sub-option with ifIndex set
to '0', with a unicast L2 address for its Client-facing interface
in the L2ADDR field and with its SRA ULA in the GUA field.The FHS/MAP Proxy/Server next includes an Origin Indication
sub-option that includes the RS L2 source L2ADDR information (see: ), then includes any other necessary OMNI sub-options
(either within the same OMNI option or in additional OMNI options).
Following the OMNI option(s), the FHS/MAP Proxy/Server next includes any
other necessary RA options including 2 PIOs with (A=0; L=0) that include
the ULA/GUA SNP prefixes for the segment per ,
RIOs with more-specific routes per , Nonce and
Timestamp options, etc. The FHS/MAP Proxy/Server then sets the RA source
address to its own SNP SRA GUA and destination address to the (new) SNP
ULA for the Client, then calculates the authentication signature/checksum.
The FHS/MAP Proxy/Server finally performs OAL encapsulation while setting
the source to its own MLA or HHIT and destination to the OAL source that
appeared in the RS, performs L2 encapsulation/fragmentation with L2 source
and destination address information reversed from the RS L2 information
and returns the resulting carrier packets to the Client over the
same underlay interface the RS arrived on.When an FHS Proxy/Server receives an RS with a valid checksum and
authentication signature with destination set to link-scoped All-Routers
multicast (ff02::2), it can either assume the MAP role itself the same
as above or act as a proxy and select the SNP SRA GUA of another Proxy/Server
to serve as the MAP. When an FHS Proxy/Server assumes the proxy role
or receives an RS with destination set to the SNP SRA GUA of
another Proxy/Server, it forwards the message as a proxy. The FHS
Proxy/Server creates or updates a NCE for the Client (i.e., based on
the RS source address) and caches the OAL source, Neighbor Control,
Multilink Vector and Interface Attributes addressing information as
above. The FHS Proxy/Server then locally processes any DHCPv6 IA_NA
options found in the RS OMNI option and assigns the SNP ULA/GUA
address pairs to the Client NCE. The FHS Proxy/Server then writes
its own INET-facing FMT, SRT and LHS Proxy/Server GUA/L2ADDR
information into the appropriate Interface Attributes sub-option
fields (while also setting/clearing FMT-Forward and FMT-Type as
above) where the GUA is the Client's SNP GUA address. Next, the
FHS Proxy/Server caches the Multilink Vector sub-option and removes
it from the RS message, sets the RS source address to the Client's
SNP GUA and sets the RS destination to the SNP SRA address of the
MAP Proxy/Server. The FHS Proxy/Server then calculates and includes
the RS message checksum, sets the OAL source to the Client's SNP
GUA and destination to the MAP Proxy/Server SNP SRA GUA, performs
L2 encapsulation/fragmentation and sends the resulting carrier
packets into the SRT secured spanning tree.When the MAP Proxy/Server receives the carrier packets, it performs
L2 reassembly/decapsulation and OAL decapsulation to obtain the
proxyed RS, verifies the checksum, then performs DHCPv6 Prefix
Delegation (PD) to obtain or update any MNPs for the Client. The MAP
Proxy/Server then creates/updates a NCE for the Client's MNP(s) and
caches any state (including the ARR and RPT flags, IA_NA addresses,
OAL addresses, Interface Attributes information and Traffic Selectors),
then finally performs routing protocol injection. The MAP Proxy/Server
then returns an RA that echoes the Client's (proxyed) Interface Attributes
sub-option and with any RA parameters the same as specified for the FHS/MAP
Proxy/Server case above. The MAP Proxy/Server sets the RA source
address to its own SNP SRA GUA and destination address to the RS
source address (i.e., the Client SNP GUA). The MAP Proxy/Server next
calculates the RA message checksum then encapsulates the RA as an OAL
packet with source set to the RS message destination (i.e., its own
SNP SRA GUA) and destination set to the RS message source (i.e.,
the Client's SNP GUA). The MAP Proxy/Server finally performs L2
encapsulation/fragmentation and sends the resulting carrier
packets into the secured spanning tree.When the FHS Proxy/Server receives the carrier packets it performs
L2 reassembly/decapsulation followed by OAL decapsulation to obtain
the RA message, verifies checksums then updates the OMNI interface
NCE for the Client and creates/updates a NCE for the MAP. The FHS
Proxy/Server then sets the P flag in the RA flags field and proxys the RA by changing the OAL source to its SNP
SRA ULA and changing the OAL destination to the source address from
the Client's original RS message while also recording any DHCPv6 IA_NA
SNP GUA/ULA address pairs as alternate indexes into the Client NCE.
The FHS Proxy/Server then includes 2 PIOs with (A=0; L=0) with
the SNP ULA/GUA prefixes for the segment per .
The FHS Proxy/Server next includes Neighbor Control parameters
responsive to those in the Client's RS and a Multilink Vector
sub-option with its responses to its cached initiations from the
Client. The FHS Proxy/Server also includes an Interface Attributes
sub-option with ifIndex '0' and with its Client-facing interface
unicast L2 address if necessary (see above), an Origin Indication
sub-option with the Client's cached L2ADDR and an authentication
sub-option if necessary. The FHS Proxy/Server finally calculates
the authentication signature and RA message checksum, performs
L2 encapsulation/fragmentation with addresses taken from the
Client's NCE and sends the resulting carrier packets via the
same underlay interface over which the RS was received.When the Client receives the carrier packets, it performs L2
reassembly/decapsulation followed by OAL decapsulation to obtain
the RA message. The Client next verifies the authentication
signature/checksum, then matches the RA with its previously-sent
RS by comparing the RS Sequence Number with the RA Acknowledgement
Number and also comparing the Nonce and/or Timestamp values. If the
values match, the Client then creates/updates OMNI interface NCEs for
both the MAP and FHS Proxy/Server and caches the information in the
RA message. The Client also caches the RA source address as the MAP
Proxy/Server SNP SRA GUA and uses the OAL source address to configure
the SNP SRA ULA of this FHS Proxy/Server. The Client next discovers
its own SNP ULA by examining the RA destination address, discovers
its own SNP GUA by examining the IA_NA DHCPv6 delegated addresses,
and discovers the SNP ULA/GUA PIO prefixes for the OMNI link segment
per . If the Client has multiple underlay
interfaces, it creates additional FHS Proxy/Server NCEs as necessary
when it receives RAs over those interfaces (noting that multiple of
the Client's underlay interfaces may be serviced by the same or
different FHS Proxy/Servers). The Client finally adds the MAP
Proxy/Server SRA GUA to the default router list if necessary.For each underlay interface, the Client next caches the (filled-out)
Interface Attributes for its own ifIndex and Origin Indication
information that it received in an RA message over that interface so
that it can include them in future NS/NA messages to provide neighbors
with accurate FMT/SRT/LHS information. (If the message includes an
Interface Attributes sub-option with ifIndex '0', the Client also caches
the L2ADDR as the underlay network-local unicast address of the FHS
Proxy/Server via that underlay interface.) The Client then compares the
Origin Indication L2ADDR information with its own underlay interface
addresses to determine whether there may be NATs on the path to the FHS
Proxy/Server; if the L2ADDR information differs, the Client is behind one
or more NATs and must supply the Origin information in IPv6 ND message
exchanges with prospective neighbors on the same SRT segment. The
Client then caches the Multilink Vector responsive window synchronization
parameters for use in future IPv6 ND message exchanges via this FHS
Proxy/Server. The Client finally configures default routes and assigns
the IPv6 SRA address corresponding to the MNP (e.g., 2001:db8:1:2::)
to the OMNI interface.Following the initial exchange, the FHS Proxy/Server MAY later send
additional periodic and/or event-driven unsolicited RA messages per
. (The unsolicited RAs may be initiated either
by the FHS Proxy/Server itself or by the MAP via the FHS as a proxy.)
The Client then continuously manages its underlay interfaces according
to their states as follows:When an underlay interface transitions to UP, the Client sends an
RS over the underlay interface with an OMNI option with sub-options
as specified above.When an underlay interface transitions to DOWN, the Client sends
unsolicited NA messages over any UP underlay interface with an OMNI
option containing Interface Attributes sub-options for the DOWN
underlay interface with ifMetric set to 'ffffffff'. The Client
sends isolated unsolicited NAs when reliability is not thought
to be a concern (e.g., if redundant transmissions are sent on
multiple underlay interfaces), or may instead set the SNR flag
in an OMNI Neighbor Control sub-option to trigger an unsolicited
NA reply (see: ).When the Router Lifetime for the MAP Proxy/Server nears
expiration, the Client sends an RS over any underlay interface to
receive a fresh RA from the MAP. If no RA messages are received over
a first underlay interface (i.e., after retrying), the Client marks
the underlay interface as DOWN and should attempt to contact the MAP
Proxy/Server via a different underlay interface. If the MAP
Proxy/Server is unresponsive over additional underlay interfaces,
the Client sends an RS message with destination set to the SNP
SRA GUA of another Proxy/Server which will then assume the MAP
role.When all of a Client's underlay interfaces have transitioned
to DOWN (or if a prefix delegation lifetime expires), the MAP
Proxy/Server withdraws the MNP the same as if it had received a
message with a release indication.The Client is responsible for retrying each RS exchange up
to MAX_RTR_SOLICITATIONS times separated by RTR_SOLICITATION_INTERVAL
seconds until an RA is received. If no RA is received over an UP
underlay interface (i.e., even after attempting to contact alternate
Proxy/Servers), the Client can either declare this underlay interface
as DOWN or continue to use the interface to support any peer-to-peer
local communications with peers located in the same *NET. When changing
to a new FHS/MAP Proxy/Server, the Client also includes a Proxy/Server
Departure OMNI sub-option in new RS messages; the (new) FHS Proxy/Server
will in turn send uNA messages to the old FHS and/or MAP Proxy/Server
to announce the Client's departure as discussed in
.The network layer sees the OMNI interface as an ordinary IPv6 interface.
Therefore, when the network layer sends an RS message the OMNI interface
returns an internally-generated RA message as though the message
originated from an IPv6 router. The internally-generated RA message
contains configuration information consistent with the information
received from the RAs generated by the MAP Proxy/Server. Whether the
OMNI interface IPv6 ND messaging process is initiated from the receipt
of an RS message from the network layer or independently of the network
layer is an implementation matter. Some implementations may elect to defer
the OMNI interface internal RS/RA messaging process until an RS is received
from the network layer, while others may elect to initiate the process
independently. Still other deployments may elect to administratively
disable network layer RS/RA messaging over the OMNI interface, since the
messages are not required to drive the OMNI interface internal RS/RA
process. (Note that this same logic applies to IPv4 implementations
that employ "ICMP Router Discovery" .)Note: The Router Lifetime value in RA messages indicates the time
before which the Client must send another RS message over this underlay
interface (e.g., 600 seconds), however that timescale may be
significantly longer than the lifetime the MS has committed to retain
the prefix registration (e.g., REACHABLE_TIME seconds). Proxy/Servers are
therefore responsible for keeping MS state alive on a shorter timescale
than the Client may be required to do on its own behalf.Note: On certain multicast-capable underlay interfaces, Clients
should send periodic unsolicited multicast NA messages and Proxy/Servers
should send periodic unsolicited multicast RA messages as "beacons" that
can be heard by other nodes on the link. If a node fails to receive a
beacon after a timeout value specific to the link, it can initiate
Neighbor Unreachability Detection (NUD) exchanges to test
reachability.Note: Although the Client's FHS Proxy/Server is a first-hop segment
node from its own perspective, the Client stores the Proxy/Server's
FMT/SRT/GUA/L2ADDR as last-hop segment (LHS) information to supply to
neighbors. This allows both the Client and MAP Proxy/Server to supply
the information to neighbors that will perceive it as LHS information
on the return path to the Client.Note: The MAP Proxy/Server injects Client MNPs into the OMNI link
routing system by simply creating a route-to-interface forwarding table
entry for MNP::/N via the OMNI interface. The dynamic routing
protocol will notice the new entry and propagate the route to its peers.
If the MAP receives additional RS messages, it need not re-create the
forwarding table entry (nor disturb the dynamic routing protocol) if an
entry is already present. If the MAP ceases to receive RS messages from
any of the Client's interfaces, it removes the Client MNP(s) from the
forwarding table (i.e., after a short delay) which also results in
their removal from the routing system.Note: If the Client's initial RS message includes an anycast L2
destination address, the FHS Proxy/Server returns the solicited RA using
the same anycast address as the L2 source while including an Interface
Attributes sub-option with ifIndex '0' and its true unicast address in
the L2ADDR. When the Client sends additional RS messages, it includes
this FHS Proxy/Server unicast address as the L2 destination and the FHS
Proxy/Server returns the solicited RA using the same unicast address as
the L2 source. This will ensure that RS/RA exchanges are not impeded by
any NATs on the path while avoiding long-term exposure of messages that
use an anycast address as the source.Note: The Origin Indication sub-option is included only by the FHS
Proxy/Server and not by the MAP (unless the MAP is also serving as an
FHS).Note: Clients should set the NUD, ARR and RPT flags consistently in
successive RS messages and only change those settings when an FHS/MAP
Proxy/Server service profile update is necessary.Note: Although the Client adds the MAP Proxy/Server SNP SRA GUA
to the default router list, it also caches the ULAs of the FHS
Proxy/Servers on the path to the MAP over each underlying interface.
When the Client needs to send an original IP packet/parcel to a
default router, it engages OAL encapsulation/fragmentation while
using a destination ULA corresponding to the selected interface
which directs the packet to an FHS Proxy/Server for that interface.
The FHS Proxy/Server then performs L2 encapsulation/fragmentation
and forwards the resulting carrier packets without disturbing
the MAP.The RS/RA exchanges discussed above observe the principles
specified in . Window synchronization is
conducted between the Client and each FHS Proxy/Server used to contact
the MAP Proxy/Server, i.e., and not between the Client and the MAP.
This is due to the fact that the MAP Proxy/Server is responsible only
for forwarding messages via the secured spanning tree to FHS
Proxy/Servers, and is not responsible for forwarding messages
directly to the Client.When a Client sends an RS to perform window synchronization via
a new FHS Proxy/Server, it includes an OMNI Multilink Vector sub-option
with window synchronization parameters with FHS ifIndex set to its
own interface index, with LHS ifIndex set to 0, with AFVI set to 0, with
the SYN flag set and ACK flag clear, and with an initial Sequence Number.
The Client finally includes an Interface Attributes sub-option then
performs OAL encapsulation and L2 encapsulation/fragmentation then
sends the resulting carrier packets to the FHS Proxy/Server. When
the FHS Proxy/Server receives the carrier packets, it performs L2
reassembly/decapsulation, then extracts the RS message and caches
the Multilink Vector parameters. In the process, the FHS Proxy/Server
removes the Multilink Vector sub-option itself, since the path to
the MAP Proxy/Server is not included in window synchronization.The FHS Proxy/Server then performs L2 encapsulation/fragmentation
and sends the resulting carrier packets via the secured spanning tree
to the MAP Proxy/Server, which updates the Client's Interface Attributes
and returns a unicast RA message. The MAP Proxy/Server performs OAL
encapsulation followed by L2 encapsulation/fragmentation and sends
the carrier packets via the secured spanning tree to the FHS Proxy/Server.
The FHS Proxy/Server then proxys the message as discussed in the previous
section and includes a Multilink Vector sub-option with responsive window
synchronization information. The FHS Proxy/Server then forwards the
message to the Client via OAL encapsulation which updates its window
synchronization information for the FHS Proxy/Server as necessary.Following the initial RS/RA-driven window synchronization, the
Client can re-assert new windows with specific FHS Proxy/Servers by
performing RS/RA exchanges between its own ULAs and the ULAs of
the FHS Proxy/Servers at any time without having to disturb the
MAP. When the Client also needs to refresh MAP state, it can
set the RS destination address to the MAP SNP SRA address.This window synchronization is necessary only for MANET and INET
Clients that must include authentication signatures with their IPv6
ND messages; Clients in secured ANETs can omit window synchronization.
When Client-to-Proxy/Server window synchronization is used, subsequent
IPv6 ND NS/NA messages exchanged between peers include IPv6 Extended
Fragment Headers in the OAL encapsulations with in-window Identification
values to support message authentication. No header compression state
is maintained by OAL intermediate systems, which only maintain state
for per-flow data plane windows.On some *NETs, a Client may be located multiple intermediate OAL
hops away from the nearest OMNI link Proxy/Server. Clients in multihop
networks perform route discovery through the application of an
adaptation layer routing protocol (e.g., a MANET routing protocol
over omnidirectional wireless interfaces, etc.) then apply
corresponding forwarding entries to the OMNI interface. Example
routing protocols optimized for MANET operations include OSPFv3
with MANET Designated Router (OSPF-MDR)
extensions , OLSRv2 ,
AODVv2 and others. Clients
employ the routing protocol according to the link model found in
and subnet model articulated in . For unique identification within the MANET,
Clients use an MLA or HHIT as a Router ID.A Client located potentially multiple OAL hops away from the
nearest Proxy/Server prepares an RS message, sets the source address
to its ULA or unspecified ("::/128"), and sets the destination to
link-scoped All-Routers multicast (ff02::2) or the SNP SRA ULA of
a Proxy/Server the same as discussed above. The OMNI interface
then employs OAL encapsulation, sets the OAL source address to
its MLA/HHIT and sets the OAL destination to either the site-
scoped All-Routers multicast address (ff05::2) or the OMNI
IPv6 anycast address.For IPv6-enabled *NETs where the underlay interface observes the
MANET properties discussed above, the Client injects the MLA/HHIT
into the IPv6 multihop routing system and forwards the message without
further encapsulation. Otherwise, the Client encapsulates the message
in UDP/IPv6 L2 headers, sets the source to the underlay interface IPv6
address and sets the destination to the discovered L2 unicast or anycast
address of a Proxy/Server. The Client then forwards the message into
the IPv6 multihop routing system which conveys it to the nearest
Proxy/Server. If the nearest Proxy/Server is too busy, it should
forward (without Proxying) the OAL-encapsulated RS to another nearby
Proxy/Server connected to the same IPv6 (multihop) network.For IPv4-only *NETs, the Client encapsulates the RS message in
UDP/IPv4 L2 headers, sets the source to the underlay interface IPv4
address and sets the destination to the discovered L2 unicast
address of a Proxy/Server or the OMNI IPv4 anycast address.
The Client then forwards the message into the IPv4 multihop
routing system which conveys it to the nearest Proxy/Server that
advertises the corresponding IPv4 prefix. If the nearest Proxy/Server
is too busy, it should forward (without Proxying) the OAL-encapsulated
RS to another nearby Proxy/Server connected to the same IPv4
(multihop) network that configures the OMNI IPv6 anycast address.
(In environments where reciprocal RS forwarding cannot be supported,
the first Proxy/Server should instead return an RA based on its own
MSP(s).)When an OAL intermediate node that participates in the
routing protocol receives the encapsulated RS, it forwards the
message according to its OAL IPv6 forwarding table (note that
an OAL intermediate system could be a fixed infrastructure
element such as a roadside unit or another MANET/VANET Client).
This process repeats iteratively until the RS message is
received by a penultimate OAL hop within single-hop
communications range of a Proxy/Server, which forwards
the message to the Proxy/Server final hop.When a Proxy/Server that configures the OMNI IPv6 anycast
destination address receives the message, it decapsulates the RS
and assumes either the MAP or FHS role (in which case, it may
forward the RS to a candidate MAP). The MAP/FHS Proxy/Server
then prepares an RA message using the same addressing disciplines
as discussed in and forwards the RA either
to the FHS Proxy/Server or directly to the Client.When the MAP or FHS Proxy/Server forwards the RA to the Client, it
encapsulates the message in L2 encapsulation headers (if necessary)
The Proxy/Server then forwards the message to an OAL node within
communications range, which forwards the message according to the
next OAL hop by consulting its OAL IPv6 forwarding tables. The
multihop forwarding process within the *NET continues repetitively
until the message arrives at the original Client, which decapsulates
the message and performs autoconfiguration the same as if it had
received the RA directly from a Proxy/Server on the same physical
link. The Client then injects the delegated ULA and any MNP SRA
GUAs into the IPv6 multihop routing system.Note: When the RS message includes anycast OAL and/or L2
encapsulation destinations, the FHS Proxy/Server must use the same
anycast addresses as the OAL and/or L2 encapsulation sources to
support forwarding of the RA message plus any initial data messages.
The FHS Proxy/Server then sends the resulting carrier packets over any
NATs on the path. When the Client receives the RA, it will discover
the FHS Proxy/Server unicast ULAs and/or L2 encapsulation addresses
and can send future carrier packets using the unicast (instead of
anycast) addresses to populate NAT state in the forward path. (If
the Client does not have immediate data to send to the FHS
Proxy/Server, it can instead send an OAL "bubble" - see .) After the Client begins using unicast OAL/L2
encapsulation addresses in this way, the FHS Proxy/Server should
also begin using the same unicast addresses in the reverse direction.Note: When an OMNI interface configures an MLA/HHIT, any nodes that
forward an encapsulated RS message with the MLA/HHIT as the OAL source
must not consider the message as being specific to a particular OMNI
link segment. MLAs/HHITs can therefore also serve as the source and
destination addresses of unencapsulated IPv6 data communications within
the local routing region, and if the MLAs/HHITs are injected into the
local network routing protocol their prefix length must be set to 128.Note: intermediate forwarding systems often coordinate multi-hop
relaying using the same underlay interface in both the inbound
and outbound directions, i.e. as opposed to different underlay interfaces.
The final forwarding node within range of a Proxy/Server could use the
same or a different underlay interface to exchange carrier packets with
the Proxy/Server, but may not be well positioned to perform multilink
selections over multiple underlay interfaces on behalf of multihop
dependent peers.When a Client requires SNP ULA/GUA delegations via a specific
Proxy/Server (or, when the Client requires MNP delegations for the
OMNI link), it invokes the DHCPv6 service in conjunction with its OMNI
RS/RA message exchanges.When a Client requires the MS to delegate PA ULA/GUA pairs or
PI MNPs, it sends an RS message to a FHS Proxy/Server. If the
Client requires one or more address or MNP delegations, it
includes a DHCPv6 Message sub-option containing a Client Identifier,
one or more IA_NA/IA_PD options and a Rapid Commit option then sets
the 'msg-type' field to "Solicit" and includes a 3-octet
'transaction-id'. The Client then sets the RS destination to
link-scoped All-Routers multicast (ff02::2) and sends the message
using OAL encapsulation and fragmentation if necessary as discussed
above.When the FHS/MAP Proxy/Server receives the RS message, it
performs OAL reassembly if necessary. Next, if the OMNI option
includes a DHCPv6 message sub-option, the FHS/MAP Proxy/Server
acts as a "Proxy DHCPv6 Client" in a message exchange with the
locally-resident DHCPv6 server. The FHS/MAP Proxy/Server then
sends the DHCPv6 message to the DHCPv6 Server, which delegates
SNP ULA/GUA pairs or MNPs and returns a DHCPv6 Reply message with
autoconfiguration parameters.When the FHS Proxy/Server receives a DHCPv6 Reply with delegated
addresses, it records the delegated SNP ULA/GUA pairs in the NCE for
the Client, then forwards the RS message to the MAP Proxy/Server for
prefix delegation if necessary; otherwise, it returns an immediate
RA message to the Client.When the MAP Proxy/Server receives a DHCPv6 Reply with delegated
prefixes, it creates OMNI interface MNP forwarding table entries (i.e.,
to prompt the dynamic routing protocol). The MAP Proxy/Server then
sends an RA back to the FHS Proxy/Server with the DHCPv6 Reply message
included in an OMNI DHCPv6 message sub-option, and the FHS Proxy/Server
returns the RA to the Client.Clients can provide an OMNI link ingress point for other nodes on
their (downstream) ENETs that also act as Clients. When Client A has
already coordinated with an (upstream) (M)ANET/INET Proxy/Server,
Client B on an ENET serviced by Client A can send OAL-encapsulated
RS messages with addresses set the same as specified in . When Client A receives the RS message, it infers
from the OAL encapsulation that Client B is seeking to establish
itself as a Client instead of just a simple ENET Host.Client A then returns an RA message the same as a Proxy/Server
would do as specified in except that it
instead uses its own MNP SRA GUA as the RA and OAL source addresses
and performs (recursive) DHCPv6 Prefix Delegation. The MNP delegation
in the RA message must be a sub-MNP from the MNP delegated to Client A.
For example, if Client A receives the MNP 2001:db8:1000::/48 it can
provide a sub-delegation such as 2001:db8:1000:2000::/56 to Client B.
Client B can in turn sub-delegate 2001:db8:1000:2000::/56 to its own
ENET(s), where there may be a further prospective Client C that would
in turn request OMNI link services via Client B.To support this Client-to-Client chaining, Clients send IPv6 ND
messages addressed to link-scoped All-Routers multicast (ff02::2)
via their *NET (i.e., upstream) interfaces, but respond to IPv6 ND
messages addressed to link-scoped All-Routers multicast over their
ENET (i.e., downstream) networks where there may be further
prospective Clients wishing to join the chain. The ENET of the
upstream Client is therefore seen as an ANET by downstream Clients,
and the upstream Client is seen as a Proxy/Server by downstream
Clients.If the *NET link model is multiple access, the FHS Proxy/Server
is responsible for assuring that address duplication cannot corrupt
the neighbor caches of other nodes on the link through the use of
the DHCPv6 address delegation service. When the Client sends an RS
message on a multiple access *NET, the Proxy/Server verifies that
the Client is authorized to use the address and responds with an
RA (or forwards the RS to the MAP) only if the Client is authorized.After verifying Client authorization and returning an RA, the
Proxy/Server MAY return IPv6 ND Redirect messages in response to
subsequent data plane packet transmissions to direct Clients located
on the same *NET to exchange OAL packets directly without transiting
the Proxy/Server. In that case, the Clients can exchange OAL packets
according to their unicast L2 addresses discovered from the
Redirect message instead of using the dogleg path through the
Proxy/Server. In some *NETs, however, such direct communications
may be undesirable and continued use of the dogleg path through
the Proxy/Server may provide better performance. In that case,
the Proxy/Server can refrain from sending Redirects, and/or
Clients can ignore them.*NETs SHOULD deploy Proxy/Servers in Virtual Router Redundancy
Protocol (VRRP) configurations so that service
continuity is maintained even if one or more Proxy/Servers fail. Using
VRRP, the Client is unaware which of the (redundant) FHS Proxy/Servers
is currently providing service, and any service discontinuity will be
limited to the failover time supported by VRRP. Widely deployed public
domain implementations of VRRP are available.Proxy/Servers SHOULD use high availability clustering services so
that multiple redundant systems can provide coordinated response to
failures. As with VRRP, widely deployed public domain implementations
of high availability clustering services are available. Note that
special-purpose and expensive dedicated hardware is not necessary,
and public domain implementations can be used even between
lightweight virtual machines in cloud deployments.In environments where fast recovery from Proxy/Server failure is
essential, FHS Proxy/Servers SHOULD use proactive Neighbor Unreachability
Detection (NUD) in a manner that parallels Bidirectional Forwarding
Detection (BFD) to track MAP Proxy/Server
reachability. FHS Proxy/Servers can then quickly detect and react to
failures so that cached information is re-established through alternate
paths. Proactive NUD control messaging is carried only over
well-connected ground domain networks (i.e., and not low-end links
such as aeronautical radios) and can therefore be tuned for rapid
response.FHS Proxy/Servers perform proactive NUD for MAP Proxy/Servers for
which there are currently active Clients. If a MAP Proxy/Server fails,
the FHS Proxy/Server can quickly inform Clients of the outage by sending
multicast RA messages. The FHS Proxy/Server sends RA messages to Clients
with source set to the ULA of the MAP, with destination address set to
link-scoped All-Nodes multicast (ff02::1) and
with Router Lifetime set to 0.The FHS Proxy/Server SHOULD send MAX_FINAL_RTR_ADVERTISEMENTS RA
messages separated by small delays . Any Clients
that have been using the (now defunct) MAP Proxy/Server will receive the
RA messages.When a Client connects to a *NET link for the first time, it sends
an RS message with an OMNI option. If the first hop router recognizes
the option, it responds according to the appropriate FHS/MAP
Proxy/Server role resulting in an RA message with an OMNI option
returned to the Client. The Client then engages this FHS Proxy/Sever
according to the OMNI link model specified above. If the first hop
router is a legacy IPv6 router, however, it instead returns an RA
message with no OMNI option and with an ordinary unicast source LLA as
specified in . In that case, the Client engages
the *NET according to the legacy IPv6 link model and without the OMNI
extensions specified in this document.If the *NET link model is multiple access, there must be assurance
that address duplication cannot corrupt the neighbor caches of other
nodes on the link. When the Client sends an RS message on a multiple
access *NET link with an OMNI option, first hop routers that recognize
the option ensure that the Client is authorized to use the address and
return an RA with a non-zero Router Lifetime only if the Client is
authorized. First hop routers that do not recognize the OMNI option
instead return an RA that makes no statement about the Client's
authorization to use the source address. In that case, the Client should
perform Duplicate Address Detection to ensure that it does not interfere
with other nodes on the link.An alternative approach for multiple access *NET links to ensure
isolation for Client-Proxy/Server communications is through link layer
address mappings as discussed in . This
arrangement imparts a (virtual) point-to-point link model over the
(physical) multiple access link.Client OMNI interfaces configured over IPv6-enabled underlay
interfaces on an open Internetwork without an OMNI-aware first-hop
router receive IPv6 RA messages with no OMNI options, while OMNI
interfaces configured over IPv4-only underlay interfaces receive no IPv6
RA messages at all (but may receive IPv4 RA messages per ). Client OMNI interfaces that receive RA messages with OMNI
options configure addresses, on-link prefixes, etc. on the underlay
interface that received the RA according to standard IPv6 ND and
address resolution conventions . Client OMNI interfaces configured over IPv4-only underlay
interfaces configure IPv4 address information on the underlay interfaces
using mechanisms such as DHCPv4 .Client OMNI interfaces configured over underlay interfaces connected
to open Internetworks can apply lower layer security services such as VPNs
(e.g., IPsec tunnels) to connect to a Proxy/Server, or can establish a
secured direct point-to-point link to the Proxy/Server through some other
means (see ). In environments where lower layer
security may be impractical or undesirable, Client OMNI interfaces can
instead send IPv6 ND messages with OMNI options that include authentication
signatures.OMNI interfaces use UDP/IP as L2 encapsulation headers for
transmission over open Internetworks with UDP service port number 8060
for both IPv4 and IPv6 underlay interfaces. The OMNI interface submits
original IP packets/parcels for OAL encapsulation, then encapsulates
the resulting OAL fragments in UDP/IP L2 headers to form carrier packets.
(The first 4 bits following the UDP header determine whether the OAL
headers are uncompressed/compressed as discussed in .)
The OMNI interface sets the UDP length to the encapsulated OAL fragment
length and sets the IP length to an appropriate value at least as large
as the UDP datagram.When necessary, sources include an OMNI option with an authentication
sub-option in IPv6 ND messages. The source can employ a simple Hashed
Message Authentication Code (HMAC) as specified in , EdDSA ,
or a message-based authentication service such as HIP , QUIC-TLS ,
etc., by using the IPv6 ND message OMNI option as a "shipping container".
Before calculating the authentication signature, the source fully
populates any necessary OMNI sub-options as well as any ordinary
IPv6 ND options as necessary.The source then sets both the IPv6 ND message Checksum and
authentication signature fields to 0 and calculates the authentication
signature over the full length of the IPv6 ND message beginning after
the IPv6 ND message checksum field and extending over the length of
the message. (If the IPv6 ND message is part of an OAL super-packet,
the source instead continues to calculate the authentication signature
over the entire length of the super-packet.) The source next writes
the authentication signature into the appropriate sub-option field,
calculates and writes the message checksum, then forwards the message.After establishing a secured underlay link or preparing for UDP/IP
encapsulation, OMNI interfaces send RS/RA messages for Client-Proxy/Server
coordination (see: ) and NS/NA messages for
multilink forwarding, route optimization, and mobility management
(see: ). These control plane
messages must be authenticated while other control and data plane
messages are delivered the same as for ordinary best effort traffic
with source address and/or Identification window-based data origin
verification. Transport and higher layer protocol sessions over
OMNI interfaces that connect over open Internetworks without an
explicit underlay link security services should therefore employ
security at their layers to ensure authentication, integrity and/or
confidentiality.Clients should avoid using INET Proxy/Servers as general-purpose
routers for steady streams of carrier packets that do not require
authentication. Clients should therefore perform route optimization to
coordinate with other INET nodes that can provide forwarding services
(or preferably coordinate with peer Clients directly) instead of
burdening the Proxy/Server. Procedures for coordinating with peer
Clients and discovering INET nodes that can provide better forwarding
services are discussed in .Clients that attempt to contact peers over INET underlay interfaces
often encounter NATs in the path. OMNI interfaces accommodate NAT
traversal using UDP/IP encapsulation and the mechanisms discussed in
. FHS Proxy/Servers include Origin
Indications in RA messages to allow Clients to detect the presence of
NATs.Note: Following the initial IPv6 ND message exchange, OMNI interfaces
configured over INET underlay interfaces maintain neighbor relationships
by transmitting periodic IPv6 ND messages with OMNI options that include
authentication signatures. Other authentication services that use their
own IPv6 ND option types such as and can also be used in addition to any OMNI
authentication services.Note: OMNI interfaces configured over INET underlay interfaces should
employ the Identification window synchronization mechanisms specified in
in order to exclude spurious carrier packets
that might otherwise clutter the reassembly cache. This is especially
important in environments where carrier packet spoofing and/or
corruption is a threat.Note: NATs may be present on the path from a Client to its FHS
Proxy/Server, but never on the path from the FHS Proxy/Server to the
MAP where only INET and/or spanning tree hops occur. Therefore, the
FHS Proxy/Server does not communicate Client origin information to
the MAP where it would serve no purpose.In some use cases, it is desirable, beneficial and efficient for the
Client to receive a constant MNP that travels with the Client wherever
it moves. For example, this would allow air traffic controllers to
easily track aircraft, etc. In other cases, however (e.g., intelligent
transportation systems), the Client may be willing to sacrifice a
modicum of efficiency in order to have time-varying MNPs that can be
changed occasionally to defeat adversarial tracking.The prefix delegation services discussed in
allows Clients that desire time-varying MNPs to obtain short-lived
prefixes to send RS messages with an OMNI option with DHCPv6 IA_PD
sub-options. The Client would then be obligated to renumber its
internal networks whenever its MNPs change. This should not present
a challenge for Clients with automated network renumbering services,
but may disrupt persistent sessions that would prefer to use a
constant address.An OAL destination or intermediate system may need to return
ICMPv6-like error messages (e.g., Destination Unreachable, Packet Too
Big, Time Exceeded, etc.) to an OAL source.
Since ICMPv6 error messages do not themselves include authentication
codes, OAL nodes can instead return error messages as an OMNI ICMPv6
Error sub-option in a secured IPv6 ND uNA message.The following IANA actions are requested in accordance with and :The IANA is instructed to allocate an Internet Protocol number
TBD1 from the 'protocol numbers' registry for the Overlay Multilink
Network Interface (OMNI) protocol. Guidance is found in (registration procedure is IESG Approval or
Standards Action).During final publication stages, the IESG will be requested to
procure an IEEE EtherType value TBD2 for OMNI according to the
statement found at
https://www.ietf.org/about/groups/iesg/statements/ethertypes/.Following this procurement, the IANA is instructed to register the
value TBD2 in the 'ieee-802-numbers' registry for Overlay Multilink
Network Interface (OMNI) encapsulation on Ethernet networks. Guidance
is found in (registration procedure is Expert
Review).The IANA is instructed to assign TBD3/N as an "OMNI IPv4 anycast"
address/prefix in the "IPv4 Special-Purpose Address" registry in a
similar fashion as for . The assignment also
automatically provides the basis for an "OMNI IPv6 anycast" address
configured as 2002:TBD3::. The IANA is requested assist the author's
efforts to obtain a TBD3/N public IPv4 prefix, whether through an
RIR allocation, a delegation from IANA's "IPv4 Recovered Address
Space" registry or through an unspecified third party donation.The IANA is instructed to allocate an official Type number TBD4
from the "IPv6 Neighbor Discovery Option Formats" registry for the
OMNI option (registration procedure is RFC required).The IANA is instructed to allocate one Ethernet unicast address
TBD5 (suggested value '00-52-14') in the 'ethernet-numbers' registry
under "IANA Unicast 48-bit MAC Addresses" (registration procedure is
Expert Review). The registration should appear as follows:The IANA is instructed to assign new Code values in the
"ICMPv6 Code Fields: Type 2 - Packet Too Big" table in the
'icmpv6-parameters' registry (registration procedure is Standards
Action or IESG Approval). The registry entries should appear as
follows:The IANA is instructed to assign a new Type number TBD6 in
the 'icmp-parameters' registry "ICMP Type Numbers" table
(registration procedures IESG Approval or Standards Action).
The entry should set "Type" to TBD6, "Name" to "Packet Too
Big (PTB)" and "Reference" to [RFCXXXX] (i.e., this document).The IANA is further instructed to create a new table titled:
"Type TBD6 - Packet Too Big (PTB)" in the 'icmp-parameters' Code
tables, with registration procedures IESG Approval or Standards
Action. The table should have the following initial format:
The OMNI option defines a 5-bit Sub-Type field, for which IANA is
instructed to create and maintain a new registry entitled "OMNI Option
Sub-Type Values". Initial values are given below (registration
procedure is RFC required):The OMNI Node Identification sub-option (see: )
contains an 8-bit ID-Type field, for which IANA is instructed to create
and maintain a new registry entitled "OMNI Node Identification ID-Type
Values". Initial values are given below (registration procedure is RFC
required):The OMNI Geo Coordinates sub-option (see: )
contains an 8-bit Type field, for which IANA is instructed to create
and maintain a new registry entitled "OMNI Geo Coordinates Type
Values". Initial values are given below (registration procedure is RFC
required):The OMNI option defines an 8-bit Extension-Type field for Sub-Type
30 (Sub-Type Extension), for which IANA is instructed to create and
maintain a new registry entitled "OMNI Option Sub-Type Extension
Values". Initial values are given below (registration procedure is RFC
required):The OMNI Sub-Type Extension "RFC4380 UDP/IP Header Option" defines
an 8-bit Header Type field, for which IANA is instructed to create and
maintain a new registry entitled "OMNI RFC4380 UDP/IP Header Option".
Initial registry values are given below (registration procedure is RFC
required):The OMNI Sub-Type Extension for "RFC6081 UDP/IP Trailer Option"
defines an 8-bit Trailer Type field, for which IANA is instructed to
create and maintain a new registry entitled "OMNI RFC6081 UDP/IP
Trailer Option". Initial registry values are given below (registration
procedure is RFC required):The IANA "ICMPv6 Parameters - Trust Anchor Option (Type 15)
Name Field" registry includes Type values for common authentication
signature values that could be used for SEcure Neighbor Discovery
(SEND). IANA is instructed to assign the value TBD7 for "Edwards-
Curve Digital Signature Algorithm (EdDSA)
in this registry with reference set to [RFCXXXX] (i.e., this document).The IANA has assigned the UDP port number "8060" for an earlier
experimental version of AERO . This document
reclaims the UDP port number "8060" for 'aero' as the service port for
UDP/IP encapsulation. (Note that, although is
not widely implemented or deployed, any messages coded to that
specification can be easily distinguished and ignored since they
include an invalid ICMPv6 message type number '0'.) The IANA is
therefore instructed to update the reference for UDP port number
"8060" from "RFC6706" to "RFCXXXX" (i.e., this document) while
retaining the existing name 'aero'.The IANA has assigned a 4-octet Private Enterprise Number (PEN)
code "45282" in the "enterprise-numbers" registry. This document is
the normative reference for using this code in DHCP Unique IDentifiers
based on Enterprise Numbers ("DUID-EN for OMNI Interfaces") (see:
). The IANA is therefore instructed to change
the enterprise designation for PEN code "45282" from "LinkUp Networks"
to "Overlay Multilink Network Interface (OMNI)".The IANA has assigned the ifType code "301 - omni - Overlay
Multilink Network Interface (OMNI)" in accordance with Section 6 of
. The registration appears under the IANA
"Structure of Management Information (SMI) Numbers (MIB Module
Registrations) - Interface Types (ifType)" registry.No further IANA actions are required.Security considerations for IPv4 , IPv6 and IPv6 Neighbor Discovery
apply. OMNI interface IPv6 ND messages SHOULD include Nonce and
Timestamp options when transaction confirmation
and/or time synchronization is needed.OMNI interfaces configured over secured ANET/ENET interfaces inherit
the physical and/or link layer security properties (i.e., "protected
spectrum") of the connected networks. OMNI interfaces configured over
open *NET interfaces can use symmetric securing services such as IPsec
tunnels or can by some other means establish
a direct point-to-point link secured at lower layers. When lower layer
security may be impractical or undesirable, however, control message
integrity and authorization services such as those specified in
, , , , ,
etc. must be employed.OMNI link mobility services MUST support strong network layer
authentication for control plane messages and forwarding path integrity
for data plane messages. In particular, the AERO service constructs a secured spanning tree
with Proxy/Servers as leaf nodes and secures the spanning tree links
with network layer security services based on IPsec
with IKEv2 . (Note that direct point-to-point
links secured at lower layers can also be used instead of or in addition
to network layer security.) These network (and/or lower-layer) services
together provide connectionless integrity and data origin authentication
with optional protection against replays.Control plane messages that affect the routing system or neighbor
state are constrained to travel only over secured spanning tree paths
and are therefore protected by network (and/or lower-layer) security.
Other control and data plane messages can travel over unsecured route
optimized paths that do not strictly follow the spanning tree,
therefore end-to-end sessions should employ transport or higher
layer security services (e.g., TLS/SSL ,
DTLS , etc.). Additionally, the OAL
Identification value can provide a first level of data origin
authentication to mitigate off-path spoofing.Identity-based key verification infrastructure services such as iPSK
may be necessary for verifying the identities claimed by Clients. This
requirement should be harmonized with the manner in which identifiers
such as (H)HITs are attested in a given operational environment.Security considerations for specific access network interface types
are covered under the corresponding IP-over-(foo) specification (e.g.,
, , etc.).Security considerations for IPv6 fragmentation and reassembly are
discussed in . In environments where spoofing is
considered a threat, OMNI nodes SHOULD employ Identification window
synchronization and OAL destinations SHOULD configure an
(end-system-based) firewall.AERO/OMNI Release-3.2 was tagged on March 30, 2021, and was
subject to internal testing. The implementation is not planned
for public release.A new implementation architecture based on a clean-slate
has been developed and will incorporate updated aspects of
the AERO/OMNI specs, with the goal of producing a reference
implementation for future release.This document suggests that the following could be updated through
future IETF initiatives:Updates can be through, e.g., standards action, the errata
process, etc. as appropriate.The first version of this document was prepared per the consensus
decision at the 7th Conference of the International Civil Aviation
Organization (ICAO) Working Group-I Mobility Subgroup on March 22, 2019.
Consensus to take the document forward to the IETF was reached at the
9th Conference of the Mobility Subgroup on November 22, 2019. Attendees
and contributors included: Guray Acar, Danny Bharj, Francois
D´Humieres, Pavel Drasil, Nikos Fistas, Giovanni Garofolo,
Bernhard Haindl, Vaughn Maiolla, Tom McParland, Victor Moreno, Madhu
Niraula, Brent Phillips, Liviu Popescu, Jacky Pouzet, Aloke Roy, Greg
Saccone, Robert Segers, Michal Skorepa, Michel Solery, Stephane Tamalet,
Fred Templin, Jean-Marc Vacher, Bela Varkonyi, Tony Whyman, Fryderyk
Wrobel and Dongsong Zeng.The following individuals are acknowledged for their useful comments:
Amanda Baber, Scott Burleigh, Stuart Card, Donald Eastlake, Adrian Farrel,
Michael Matyas, Robert Moskowitz, Madhu Niraula, Greg Saccone, Stephane
Tamalet, Eliot Lear, Eduard Vasilenko, Eric Vyncke. Pavel Drasil, Zdenek
Jaron and Michal Skorepa are especially recognized for their many helpful
ideas and suggestions. Akash Agarwal, Madhuri Madhava Badgandi, Sean
Dickson, Don Dillenburg, Joe Dudkowski, Vijayasarathy Rajagopalan, Ron
Sackman, Bhargava Raman Sai Prakash and Katherine Tran are acknowledged
for their hard work on the implementation and technical insights that
led to improvements for the spec.Discussions on the IETF 6man and atn mailing lists during the fall of
2020 suggested additional points to consider. The authors gratefully
acknowledge the list members who contributed valuable insights through
those discussions. Eric Vyncke and Erik Kline were the intarea ADs,
while Bob Hinden and Ole Troan were the 6man WG chairs at the time the
document was developed; they are all gratefully acknowledged for their
many helpful insights. Many of the ideas in this document have further
built on IETF experiences beginning in the 1990s, with insights from
colleagues including Ron Bonica, Brian Carpenter, Ralph Droms, Tom
Herbert, Bob Hinden, Christian Huitema, Thomas Narten, Dave Thaler,
Joe Touch, Pascal Thubert, and many others who deserve recognition.Early observations on IP fragmentation performance implications were
noted in the 1986 Digital Equipment Corporation (DEC) "qe reset"
investigation, where fragment bursts from NFS UDP traffic triggered
hardware resets resulting in communication failures. Jeff Chase, Fred
Glover and Chet Juzsczak of the Ultrix Engineering Group led the
investigation, and determined that setting a smaller NFS mount block
size reduced the amount of fragmentation and suppressed the resets.
Early observations on L2 media MTU issues were noted in the 1988 DEC
FDDI investigation, where Raj Jain, KK Ramakrishnan and Kathy Wilde
represented architectural considerations for FDDI networking in general
including FDDI/Ethernet bridging. Jeff Mogul (who led the IETF Path MTU
Discovery working group) and other DEC colleagues who supported these
early investigations are also acknowledged.Throughout the 1990's and into the 2000's, many colleagues supported
and encouraged continuation of the work. Beginning with the DEC Project
Sequoia effort at the University of California, Berkeley, then moving to
the DEC research lab offices in Palo Alto CA, then to Sterling Software
at the NASA Ames Research Center, then to SRI in Menlo Park, CA, then to
Nokia in Mountain View, CA and finally to the Boeing Company in 2005 the
work saw continuous advancement through the encouragement of many. Those
who offered their support and encouragement are gratefully
acknowledged.This work is aligned with the NASA Safe Autonomous Systems Operation
(SASO) program under NASA contract number NNA16BD84C.This work is aligned with the FAA as per the SE2025 contract number
DTFAWA-15-D-00030.This work is aligned with the Boeing Information Technology (BIT)
Mobility Vision Lab (MVL) program.Honoring life, liberty and the pursuit of happiness.Error Characteristics of Fiber Distributed Data Interface
(FDDI), IEEE Transactions on CommunicationsPerformance of Checksums and CRC's Over Real Data, IEEE/ACM
Transactions on Networking, Vol. 6, No. 5The OMNI Interface - An IPv6 Air/Ground Interface for Civil
Aviation, IETF Liaison Statement #1676,
https://datatracker.ietf.org/liaison/1676/ICAO Document 9896 (Manual on the Aeronautical
Telecommunication Network (ATN) using Internet Protocol Suite (IPS)
Standards and Protocol), Draft Edition 3 (work-in-progress)IPv4 Address Space Registry,
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtmlIPv6 Global Unicast Address Assignments,
https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtmlIEEE Guidelines for Use of Extended Unique Identifier (EUI),
Organizationally Unique Identifier (OUI), and Company ID,
https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdfInstitute of Electrical and Electronics Engineers,
Link Aggregation, IEEE Standard 802.1AX-2008,
https://standards.ieee.org/ieee/802.1AX/6768/The IPv4 reassembly checksum algorithm adopts the 8-bit Fletcher
algorithm specified in Appendix I of as also
analyzed in . declared
historic for the reason that the algorithms
had never seen widespread use with TCP, however this document adopts
the 8-bit Fletcher algorithm for a different purpose. Quoting from
Appendix I of , the IPv4 Fragmentation
Checksum Algorithm proceeds as follows:"The 8-bit Fletcher Checksum Algorithm is calculated over a
sequence of data octets (call them D[1] through D[N]) by maintaining
2 unsigned 1's-complement 8-bit accumulators A and B whose contents
are initially zero, and performing the following loop where i ranges
from 1 to N:A := A + D[i]B := B + AIt can be shown that at the end of the loop A will contain
the 8-bit 1's complement sum of all octets in the datagram, and that
B will contain (N)D[1] + (N-1)D[2] + ... + D[N]."To calculate the IPv4 reassembly checksum, the above algorithm is
applied over the N-octets of the L2-encapsulated OAL packet/fragment
body beginning immediately after the L2 encapsulation header(s).Section 2.5.5.1 of defines an "IPv4-Compatible
IPv6 Address" with the following structure:Although deprecates the address format
from its former use in IPv6 transition mechanisms, this document
now assigns new uses and therefore updates .When an IPv4-Compatible IPv6 address appears in a packet sent
over the wire, the most significant 96 bits are 0 and the least
significant 32 bits include an IPv4 address as shown above.When the address format is used for temporary local address
conversions to IPv6, however, it can also be used to represent
EUI-48 and EUI-64 addresses as shown below:The above EUI-48 and EUI-64 compatible IPv6 forms MAY be used
for temporary local address conversions, such as when converting
EUI addresses to IPv6 to support IPv6 fragmentation/reassembly.
The address forms MUST NOT appear in the IPv6 headers of packets
sent over the wire, however they MAY appear in the body of a
packet if also accompanied by a Type designator.OMNI interface IPv6 ND messages are subject to authentication and
integrity checks at multiple levels. When an OMNI interface sends an
IPv6 ND message over an INET interface, it includes an authentication
sub-option with a valid signature if necessary and always includes an
IPv6 ND message checksum. The OMNI interface that receives the message
verifies the IPv6 ND message checksum followed by the authentication
signature (if present) to ensure IPv6 ND message integrity and
authenticity.When an OMNI interface sends an IPv6 ND message over an underlay
interface connected to a secured network, it omits authentication
(sub-)options but always calculates/includes an IPv6 ND message checksum
beginning with a pseudo-header of the IPv6 header and extending to the
end of the IPv6 ND message only with the Checksum field itself set to
0. When an OMNI interface sends an IPv6 ND message over an underlay
interface connected to an unsecured network, it first includes an
authentication (sub-)option and calculates the signature beginning
with the first octet following the IPv6 ND message header Checksum
field and extending to the end of the entire packet or super-packet
with the authentication signature field set to 0. The OMNI interface
next writes the signature into the signature field, then calculates
the IPv6 ND message checksum as above.The OMNI interface that receives the message applies any link layer
authentication and integrity checks, then verifies the IPv6 ND message
checksum. If the checks are correct, the OMNI interface next verifies
the authentication signature. The OMNI interface then processes the
packet further only if all checksums and authentication signatures
were correct.OAL destinations also discard carrier packets with unacceptable
Identifications and submit the encapsulated fragments in all others
for reassembly. The reassembly algorithm rejects any fragments with
unacceptable sizes, offsets, etc. and reassembles all others. During
reassembly, the extended Identification value provides an integrity
assurance vector that compliments any integrity checks already applied
by lower layers as well as a first-pass filter for any checks that
will be applied later by upper layers.ICAO Doc 9776 is the "Technical Manual for VHF Data Link Mode 2"
(VDLM2) that specifies an essential radio frequency data link service
for aircraft and ground stations in worldwide civil aviation air traffic
management. The VDLM2 link type is "multicast capable" , but with considerable differences from common
multicast links such as Ethernet and IEEE 802.11.First, the VDLM2 link data rate is only 31.5Kbps - multiple orders of
magnitude less than most modern wireless networking gear. Second, due to
the low available link bandwidth only VDLM2 ground stations (i.e., and
not aircraft) are permitted to send broadcasts, and even so only as
compact link layer "beacons". Third, aircraft employ the services of ground
stations by performing unicast RS/RA exchanges upon receipt of beacons
instead of listening for multicast RA messages and/or sending multicast
RS messages.This beacon-oriented unicast RS/RA approach is necessary to conserve
the already-scarce available link bandwidth. Moreover, since the numbers
of beaconing ground stations operating within a given spatial range must
be kept as sparse as possible, it would not be feasible to have
different classes of ground stations within the same region observing
different protocols. It is therefore highly desirable that all ground
stations observe a common language of RS/RA as specified in this
document.Note that links of this nature may benefit from compression
techniques that reduce the bandwidth necessary for conveying the same
amount of data. The IETF lpwan working group is considering possible
alternatives: [https://datatracker.ietf.org/wg/lpwan/documents].Per , IPv6 ND messages may be sent to either
a multicast or unicast link-scoped IPv6 destination address. However,
IPv6 ND messaging should be coordinated between the Client and
Proxy/Server only without invoking other nodes on the underlay network.
This implies that Client-Proxy/Server control messaging should be
isolated and not overheard by other nodes on the link.To support Client-Proxy/Server isolation on some links, Proxy/Servers
can maintain an OMNI-specific unicast link layer address ("MSADDR"). For
Ethernet-compatible links, this specification reserves one Ethernet
unicast address TBD5 (see: IANA Considerations). For non-Ethernet
statically-addressed links MSADDR is reserved per the assigned numbers
authority for the link layer addressing space. For still other links,
MSADDR may be dynamically discovered through other means, e.g.,
link layer beacons.Clients map the L3 addresses of all IPv6 ND messages they send (i.e.,
both multicast and unicast) to MSADDR instead of to an ordinary unicast
or multicast link layer address. In this way, all of the Client's IPv6
ND messages will be received by Proxy/Servers that are configured to
accept carrier packets destined to MSADDR. Note that multiple
Proxy/Servers on the link could be configured to accept carrier packets
destined to MSADDR, e.g., as a basis for supporting redundancy.Therefore, Proxy/Servers must accept and process carrier packets
destined to MSADDR, while all other devices must not process carrier
packets destined to MSADDR. This model has well-established operational
experience in Proxy Mobile IPv6 (PMIP) .<< RFC Editor - remove prior to publication >>Differences from earlier versions:Submit for review.