注:本文为 “IPv6 扩展头” 相关内容合辑。
英文引文,机翻未校。
IPv6 header 报头
IPv6 头字段解释
IPv6 取消了 IPv4 报头中的选项字段,并引入了多种扩展报文头,在提高处理效率的同时还增强了 IPv6 的灵活性,为 IP 协议提供了良好的扩展能力。
| 字段 | 长度 ~~~~~~~~~~~ | 含义 |
|---|---|---|
| Version | 4 比特 | 版本号 4:表示为 IPv4;6:表示为 IPv6。 |
| Traffic class | 8 比特 | 流量类别 该字段及其功能类似于 IPv4 的业务类型字段。该字段以区分业务编码点(DSCP)标记一个 IPv6 数据包,以此指明数据包应当如何处理。 |
| Flow Label | 20 比特 | 流标签 该字段用来标记 IP 数据包的一个流,当前的标准中没有定义如何管理和处理流标签的细节。 |
| Payload length | 16 比特 | 有效载荷的长度 有效载荷是指紧跟 IPv6 基本报头的数据包,包含 IPv6 扩展报头。 |
| Next header | 8 比特 | 下一报头 该字段指明了跟随在 IPv6 基本报头后的扩展报头的信息类型。 |
| Hop limit | 8 比特 | 跳数限制 该字段定义了 IPv6 数据包所能经过的最大跳数,这个字段和 IPv4 中的 TTL 字段非常相似。 |
| Source Address | 128 比特 | 该报文的源地址 |
| Destination Address | 128 比特 | 该报文的目的地址 |
| Extension Headers | 可变 | 扩展报头: 当超过一种扩展报头被用在同一个分组里时,报头必须按照下列顺序出现 1. IPv6 基本报头 2. 逐跳选项扩展报头(Hop-by-Hop Options,值为 0):如果存在,必须被每个中间路由器处理。 3. 目的选项扩展报头(Destination Options,值为 60):如果存在,仅由目的节点处理。 4. 路由扩展报头(Routing Header,值为 43):用于源路由选项和 Mobile IPv6。 5. 分片扩展报头(Fragment Header,值为 44):当源节点发送的报文超过路径 MTU(Path MTU)时,对报文进行分片时使用。 6. 认证扩展报头(Authentication Header,值为 51):用于 IPSec,提供报文验证和完整性检查。 7. 封装安全有效载荷扩展报头(Encapsulating Security Payload,ESP,值为 50):用于 IPSec,提供报文验证、完整性检查和加密。 8. 上层协议报头: - TCP(传输控制协议),值为 6:是一种面向连接的、可靠的传输层协议,常用于对数据准确性和顺序要求较高的应用,如网页浏览(HTTP 通常基于 TCP)、文件传输(FTP)等。 - UDP(用户数据报协议),值为 17:是一种无连接的传输层协议,提供简单、快速的数据传输服务,适用于对实时性要求较高但对数据准确性要求相对较低的应用,如视频流(RTMP 部分基于 UDP)、音频通话(VoIP 的部分协议)等。 - ICMPv6(互联网控制报文协议版本 6),值为 58:用于在 IP 主机和路由器之间传递控制消息,如错误报告、网络状态查询等,是 IPv6 网络中维护网络功能的重要协议。 |
特殊说明:
-
目的选项扩展报头可以出现两次:
- 一次在路由扩展报头之前(针对中间路由节点)。
- 另一次在上层协议报头之前(针对最终目的节点)。
-
其他扩展报头只出现一次:
- 逐跳选项扩展报头、路由扩展报头、分片扩展报头、认证扩展报头和 ESP 扩展报头在 IPv6 分组中最多出现一次。
-
Next Header 字段的重要性:
- 每个报头(包括基本报头和扩展报头)的
Next Header字段都指示了下一个报头的类型。 - 路由设备在转发 IPv6 分组时,会根据 IPv6 基本报头中的 Next Header 字段 来决定是否处理扩展报头:
- 如果 Next Header 指向逐跳选项扩展报头(值为 0),则路由设备必须处理该扩展报头。
- 如果 Next Header 指向其他扩展报头(如目的选项、路由扩展报头等),则路由设备通常会跳过这些报头,直接传递给下一个节点,除非特定扩展报头需要中间节点处理(如路由扩展报头的某些类型)。
- 每个报头(包括基本报头和扩展报头)的
-
分片报头的位置:
- 在源端分片:
Fragment Header通常在源主机进行分片时添加,并位于需要分片的载荷之前。常见的位置是在Routing Header之后,或者直接在Destination Options之后(如果不需要路由)。 - 路由器分片:IPv6 的设计原则是避免路由器进行分片。如果路由器遇到超过路径 MTU 的数据包,会返回 ICMPv6 “Packet Too Big” 消息给源端,由源端重新调整报文大小。
- 在源端分片:
-
上层协议报头:
- 在 IPv6 分组的最后,是上层协议报头(如 TCP、UDP 或 ICMPv6)。这些报头的协议值在 IPv6 基本报头或扩展报头的 Next Header 字段中指定。
IPv6 Extension Headers 扩展头字段图
IPv6 基本头部定长为 40 字节,扩展头位于 IPv6 基本头后,取代了 IPv4 报头中的选项字段计。
每个 IPv6 数据包可以有 0 个或多个扩展头,每个扩展头长度都是 8 字节的整数倍。
IPv6 的扩展头被当作 IPv6 静载荷的一部分,计算在 IPv6 基本头的 Palyload Length 字段内。
扩展头是可选的,具体格式根据不同的类型而有所不同。只在必要时添加,简化了高性能路由器的设计和实现。
扩展头提供了特殊功能,可以与高层协议头部连接,形成级联的头部结构。
常用的上层协议及对应的 Next Header 值
| Next header 值 | 对应的扩展头或高层协议类型 |
|---|---|
| 0 | 逐跳选项扩展头 |
| 6 | TCP |
| 17 | UDP |
| 43 | 路由选择扩展头 |
| 44 | 分段扩展头 |
| 50 | ESP 扩展头 |
| 51 | AH 扩展头 |
| 58 | ICMPv6 |
| 60 | 目的选项扩展头 |
| 89 | OSPFv3 |
IPv6 扩展头排列顺序
IPv6 选项字段是通过形成链式结构的扩展头支持的。
1. 逐跳可选项报头(Hop-By-Hop Options),值为 0(在 IPv6 基本头中定义)
此选项为在传送路径上的每跳转发指定发送参数,传送路径上的每台中间节点都要读取并处理该字段,被转发路径所有节点处理。
路由告警(RSVP 和 MLDv1)通知到转发路径中所有节点
Jumbo 帧(长度超过 65535 的巨型帧)在转发路径中所有节点的正常处理
2. 目的可选项报头(Destination Options),值为 60
此选项可能出现在两个位置:路由头前和上层头前。当目的选项报头出现在路由头前时,该选项头将被目的节点以及路由头中指定的节点处理;而当目的选项报头出现在上层头前时(任何ESP选项之后),该选项头仅能被目的节点处理。
目的选项报头携带了一些只有目的节点才需要处理的信息。Mobile IPv6中使用了目的选项头,其中新增加了一种类型的目的选项头——家乡地址选项头。家乡地址选项头由目的选项头携带,用于在移动节点离开家乡后通知接收节点移动节点对应的家乡地址。当接收节点收到带有家乡地址选项头的报文时,会将家乡地址选项头中源地址(即移动节点的家乡地址)和报文中的源地址(即移动节点的转交地址)交换,从而使得上层协议始终认为与移动节点的家乡地址在通信,实现了移动漫游功能。
3. 路由报头(Routing Header),值为 43
用于源路由选项和 Mobile IPv6 。通过列出在到达目的地的路径中数据包所要经过的节点列表来提供源路由选择的功能。
路由报头和 IPv4 的 Loose Source and Record Route 选项类似,该报头能够被 IPv6 源节点用来强制数据包经过特定的路由器。
4. 分段报头(Fragment header),值为 44
此选项头在源节点发送的报文超过 Path MTU(源和目的之间传输路径的 MTU)时对报文分片时使用。
IPv6 中的分段与 IPv4 有一些重要的不同之处。在 IPv4 和 IPv6 数据包中,当报文长度超过路径 MTU(Path MTU,即源和目的之间传输路径的最大传输单元)时,需要对报文进行分段。然而,IPv6 与 IPv4 不同的是,只有发起该数据包的节点能够对数据包进行分段;而 IPv6 路由器并不会对数据包进行分段。
因此,发起数据包的节点必须通过路径 MTU 发现(PMD,Path MTU Discovery,详见 RFC1191)来获取到达目的地路径上最小的 MTU 值,或者选择永远不发送大于 1280 字节的数据包。根据 IPv6 协议规定,所有支持 IPv6 的链路都必须能够支持最小大小为 1280 字节的数据包。因此,如果可以选择的话,发起数据包的节点可以利用最小长度选项来避免使用 PMD。
和 IPv4 类似,IPv6 报文发送也受到 MTU 的限制。当报文长度超过 MTU 时就需要将报文分段发送,而在 IPv6 中,分段发送使用的是分段报头。
5. 认证报头(AH,Authentication Header),值为 51
用于 IPSec,提供报文验证、完整性检查以及重放保护。它还对 IPv6 基本报头中的一些字段进行保护。定义和 IPv4 中相同。
6. 封装安全有效载荷报头(ESP,Encapsulation Security Payload),值为 50
用于 IPSec,提供报文验证、完整性检查和加密以及重放保护。定义和 IPv4 中相同,类似于认证报头。
7. 上层报头,上层协议头
如 TCP / UDP / ICMP 等,目的选项头最多出现两次(一次在路由头前,一次在上层协议头前),其它选项头最多出现一次。但 IPv6 节点必须能够处理选项头(逐跳选项头除外,它固定只能进随基本头之后)的任意出现位置和任意出现次数,以保证互通性。
IPv6 扩展报头规约顺序图
- 扩展报头必须按下图排列顺序出现
IPv6 目的选项报头 (Destination Options Header) 说明
在 IPv6 中,除了目的选项报头外,每种扩展报头只能出现一次。目的选项报头最多可以出现两次,具体取决于数据包的传输需求和网络策略:
- 路由报头之前(可选): 用于在数据包到达中间节点之前,对数据包进行必要的操作,例如设置服务质量参数或流量标记。 如果不需要对中间节点进行特殊处理,则可以不使用这一位置的目的选项报头。
- 上层协议头部之前(可选): 用于指示最终目的地节点对数据包进行特定的处理,例如安全检查或路由验证。如果最终目的地不需要执行这些特殊操作,则可以省略这一位置的目的选项报头。
总结:
- 两次出现都是可选的,是否使用以及使用的位置取决于数据包的传输需求。
- 如果数据包不包含路由报头,则目的选项报头最多只能出现一次,且只能位于上层协议头部之前。
- 如果数据包既不需要中间节点的特殊处理,也不需要最终节点的特殊处理,则可以完全不使用目的选项报头。
这种设计的灵活性使得 IPv6 能够适应不同的网络策略和应用场景,同时避免了不必要的开销。
数据包无路由报头时的情形
若数据包不包含路由报头,则目的选项报头只能出现在上层协议头部之前,并仅作用于终点处理。
为何设计两次出现 ?
IPv6 的源路由机制需要支持路径中多个节点的独特需求:
- 中间节点控制:首次出现的目的选项报头为途经节点提供配置依据,例如网络管理策略中的特定 QoS 设置或流量标记。
- 最终节点差异化处理:第二次出现则专用于优化或约束数据包在目的地的交付逻辑,避免与路径中的操作冲突。
此分层设计通过“多阶段选项”实现了对长距离传输、动态路由和复杂网络策略的精准支持,提升了协议的灵活性。
IPv6 基础知识总结
yyyyyyyuande 于 2018-07-27 20:13:01 发布
近期在 Linux 平台上开展与 IPv6 相关的工作,主要涉及 IPv6 协议栈处理以及报文转发等内容。在开展此项工作之前,对 IPv6 的了解几乎为零,且日常使用频率极低。通过多种途径收集了大量资料,现提取其中关键要点进行记录。本文内容较为基础,主要分为三个部分。
1. IPv6 首部格式
2. IPv6 地址分类
3. IPv6 地址格式
一、IPv6 首部格式
IPv6 首部的固定长度为 40 字节,包含 8 个字段,具体如下:
- version:版本号,其值固定为 6,占用 4 个比特位。
- Traffic Class:通信量类,与 IPv4 首部的 ToS 字段功能等效。由于该字段从未被广泛应用,最终这个 8 位长的字段被划分为两个部分。前 6 位被称为区分服务字段(DS 字段),后 2 位是显示拥塞通知(ECN)字段或指示位。这些字段用于数据报转发时的特殊处理。
- Flow Label:流标识。用于标识该数据包属于源节点和目标节点之间的一个特定数据包序列,该字段长度为 20 位。例如,同一连接的 IPv6 数据流的流标识应保持相同。
- Payload Length:负载长度。该长度不包含 IPv6 首部的长度,指的是扩展首部和数据的长度之和。
- Next Header:指出下一个扩展首部的类型,若不存在扩展首部,则该字段表示传输层的协议类型,如 TCP/UDP。关于扩展首部的详细内容,可参考之前的相关博客。
- Hop Limit:跳数限制,该字段与 IPv4 首部中的 TTL 类似。在传输过程中,每经过一个节点,该字段的值递减 1,当值为 0 时,数据包将被丢弃。
- Source Address:源地址,长度为 128 位(16 字节)。
- Destination Address:目的地址,长度为 128 位(16 字节)。
IPv4 首部定义了 11 个字段,而 IPv6 首部仅有 8 个字段,这种设计有助于加快路由器处理报文的速度。此外,在扩展首部的实现方面,IPv6 也表现出色。扩展首部与 IPv6 固定首部以级联的方式构成,如下图所示:
扩展首部包括逐跳首部、目的地首部、路由首部、分片首部等,并且扩展首部之间存在一定的顺序,数量上也有相应限制。这部分内容属于扩展知识,之前的几篇博客已对扩展头部进行了专门讲解,本文仅阐述基础部分。
二、IPv6 地址分类
IPv4 地址分为单播地址、组播地址和广播地址。在 IPv6 中,取消了广播地址,并新增了任播地址,即 IPv6 地址分为单播地址、组播地址和任播地址。
- 单播地址:用于标识一个接口,发往该目的地址的报文将被送达被标识的接口。
- 组播地址:用于标识多个接口,发往该目的地址的报文将被发送到被标识的所有接口。
- 任播地址:用于标识多个接口,发往该目的地址的报文将被发送到被标识的所有接口中距离最近的一个接口。这里的“最近”可理解为从下标数起,数值最小的那个。任播地址与单播地址使用同一个地址空间,即由路由器决定该数据包是进行任播转发还是单播转发。
单播地址可进一步细分为以下几类:
- 未指定地址:::/128,即地址全部为 0。
- 环回地址:::1/128,相当于 IPv4 中的 127.0.0.1。
- 全球单播地址:类似于 IPv4 中的公网地址。
- 内嵌 IPv4 地址的 IPv6 地址:例如 ::ffff:192.168.10.1。当需要建立 IPv4 单播地址与 IPv6 全球单播地址之间的联系时,通常使用这种地址,可分为两种类型:
- IPv4 兼容 IPv6 地址:构成形式为 96 位 0 加上 32 位 IPv4 地址,如 ::192.168.1.1。这种地址最初用于 IPv4 和 IPv6 之间的过渡计划,但目前已不再使用。
- IPv4 映射 IPv6 地址:构成形式为 80 位 0 加上 16 位 1,再加上 IPv4 地址,如::ffff:192.168.1.1。
- 本地链路地址:前缀固定为 fe80::/64,如 fe80::e0:f726:4e68。凡是源地址或目的地址包含本地链路地址的报文,路由器不应进行转发,此类报文仅能在 LAN 中进行互通。
- 本地站点地址:前缀为 fec0::/10,紧接着是 54 位子网 ID,其作用类似于 IPv4 中的私网地址,如 fec0::e0:f726:4e68。该地址仅能在本站内使用,不能在公网上使用。
组播地址如下图所示:
其中,最重要的字段是最后的组 ID(Group-ID)字段。该字段长度为 112 位,用于标识组播组。已知 112 位最多可生成 2 112 2^{112} 2112 个组 ID。目前,RFC2373 并未将所有的 112 位都定义为组标识,而是建议仅使用该 112 位的最低 32 位作为组 ID,其余 80 位均设置为 0。
任播地址:
这是 IPv6 特有的地址类型,用于标识一组网络接口(通常属于不同的节点)。目标地址为任播地址的数据包将被发送到其中在路由意义上距离最近的一个网络接口。适用于 “One-to-One-of-Many”(一对组中的一个)的通讯场景。接收方只需是一组接口中的一个即可,例如移动用户上网时,需要根据地理位置的不同,接入离用户最近的一个接收站,这样可以使移动用户在地理位置上不受过多限制。
任播地址从单播地址空间中进行分配,使用单播地址的任何格式。因此,从语法上看,任播地址与单播地址并无区别。被分配任播地址的节点必须进行明确配置,以便知晓该地址为任播地址。目前,任播地址仅用作目标地址,且仅分配给路由器。
3. IPv6 地址格式
IPv6 地址有 3 种格式,分别为首选格式、压缩格式和内嵌 IPv4 地址的 IPv6 地址格式。
- 首选格式:
IPv6 的 128 位地址按照每 16 位划分为一段,每段转换为一个 4 位十六进制数,并用冒号隔开。这种表示方法即为首选格式,在首选格式后面加上前缀长度,就构成了一个完整的 IPv6 地址格式,例如:2001:0410:0000:0001:0000:0000:0000:45ff / 64。 - 压缩格式:
当存在一个或多个连续的 16 比特为 0 的字符时,为缩短地址长度,可用::(两个冒号)表示。但在一个 IPv6 地址中仅允许出现一个::(若出现多个::,则无法判断每个::到底省略了多少个全 0 段)。因此,2001:0410:0000:0001:0000:0000:0000:45ff 又可表示为:2001:410:0:1::45ff。在某些情况下(如表示一个包含地址的 URL 时),IPv6 地址中的冒号分隔符可能与其他分隔符产生混淆,例如 IP 地址和端口号之间使用的冒号。此时,需用括号字符 [和 ] 将 IPv6 地址包围起来,例如 URL:http://[2001:0db8:85a3::7344]:443/ 。此外,还有一些规则:- 前导的零必须压缩(例如,2001:0db8::0022 应变为 2001:db8::22)。
- :: 只能用于能产生最大压缩效果的地方(即压缩最多的零),但并非针对 16 位的块,若多个块中包含等长度的零,则顺序靠前的块将被替换为::。
- a 到 f 的十六进制数字应使用小写表示。
- 内嵌 IPv4 地址的 IPv6 地址格式:可分为以下两种:
- IPv4 兼容的 IPv6 地址:0:0:0:0:0:0:192.168.1.2 或者::192.168.1.2。
- IPv4 映射的 IPv6 地址:0:0:0:0:0:ffff:192.168.1.2 或者::ffff:192.168.1.2。
IPv6 的基本内容如上所述,另外,48 位 MAC 地址转换为 64 位 IPv6 网络 ID 的方式如下:
一、将 48 位的 MAC 地址从中间分开,插入一个固定数值 FFFE。
例如:0050:3EE4:4C00 --> 0050:3EFF:FEE4:4C00。
二、将首字节第 7 个比特位取反,即若原来是 0,则变为 1;若原来是 1,则变为 0。
例如:0050:3EFF:FEE4:4C00 --> 0250:3EFF:FEE4:4C00。
参考资料:
- 《TCP/IP 详解 - 卷一:协议》W.Richard Stevens。原书第二版。5.3.3 节。
- RFC2460 : https://tools.ietf.org/html/rfc2460
IPv6 扩展头部:扩展头部格式、类型与扩展选项
yyyyyyyuande 已于 2023-12-21 16:48:11 修改
本文将介绍 IPv6 扩展头部以及扩展选项的相关内容,探讨在已有扩展头部的情况下为何还需要扩展选项,以及扩展选项的具体用途。
IPv6 扩展头部
在 IPv6 中,由 IPv4 选项提供的特殊功能,通过在 IPv6 头部之后添加扩展头部来实现。IPv4 的路由和时间戳功能均采用了这种方式,而其他功能(如分片和超大分组)在 IPv6 中很少使用(但仍有需求),因此未在 IPv6 头部分配相应的位。基于这种设计,IPv6 头部固定为 40 字节,扩展头部仅在需要时添加。在确定 IPv6 头部为固定大小时,规定扩展头部仅由终端主机处理(存在一个例外情况)。IPv6 设计者通过这种方式简化了高性能路由器的设计和实现,因为 IPv6 路由器处理分组所需的命令比 IPv4 更为简单。实际上,分组处理性能受到多种因素的影响,包括协议复杂性、路由器硬件和软件功能以及流量负载等。
扩展头部和更高层协议(如 TCP/UDP)头部与 IPv6 头部链接起来,形成级联的头部结构,如下图所示:
IPv6 头部使用下一个头部字段形成一个链,链中的头部可以是 IPv6 扩展头部或传输层头部。IPv6 头部位于数据报的开头,且长度始终为 40 字节。
IPv6 下一个头部字段值可能表示扩展头部或其他协议头部,在适当的情况下,它与 IPv4 协议字段使用相同的值。
通过上表可以看出,IPv6 扩展头部机制对一些功能(如路由和分片)与选项进行了区分。需要注意的是,选项并非扩展头部,关于选项的内容将在下文介绍。
除了 “逐跳选项” 的位置是强制性的之外,扩展头部的顺序是建议性的,因此 IPv6 的实现必须按照接收的顺序处理扩展头部。只有 “目的地选项” 头部可以使用两次,第一次用于指出包含在 IPv6 头部中的目的 IPv6 地址,第二次(位置 8)用于表示数据报的最终目的地。在某些情况下(如使用路由头部),当数据报被转发到最终目的地时,IPv6 头部中的目的 IP 地址字段将会发生改变。
IPv6 选项
相较于 IPv4,IPv6 提供了一种更为灵活和可扩展的方式,将扩展和选项相结合。由于 IPv4 头部空间的限制(最大 60 字节),来自 IPv4 的选项已不再使用。而 IPv6 可变长度的扩展头部或编码在特殊扩展头部中的选项能够适应如今规模更大的 Internet。若存在选项,可将其放入逐跳选项(与数据报传输路径上的每个路由器相关)或目的地选项(仅与接收方相关)中。逐跳选项(称为 HOPOPT)是唯一由分组经过的每个路由器处理的选项。逐跳选项和目的地选项的编码格式相同,这些选项被编码为类型 - 长度 - 值(TLV)集合,如下图所示:
逐跳选项和目的地选项编码为 TLV 集合,第一个字节给出了选项类型,其中包括一些子字段,用于指示在选项未被识别时 IPv6 节点的动作,以及在数据报转发时选项数据是否发生改变。选项数据长度字段给出了选项数据的字节长度。
TLV 结构如上图所示,其长度为 2 字节,后面是可变长度的数据字节。第一字节表示选项类型,其中包括 3 个子字段。当 5 位的类型子字段无法被选项识别时,第一个子字段给出了 IPv6 节点尝试执行的动作,如下图所示:
如果一个发往组播目的地的数据报中包含一个未知选项,可能会导致大量节点生成返回源节点的流量。为避免这种情况,可将动作子字段设置为 11。动作子字段的灵活性在开发新的选项时具有重要作用。当选项数据可能在数据报转发过程中发生改变时,改变位字段(Chg)设置为 1。一些已定义的选项如下:
IPv6 选项携带在逐跳(H)选项或者目的地(D)选项扩展头部中,即其他扩展头部(如分片头部)不携带选项。选项类型字段包含来自 “类型” 列以及动作和改变子字段中的二进制值。“长度” 列包含选项数据长度字节中的值,填充 1 是唯一没有该字节的选项。
为了更深入地理解,我们来看一个实际的报文示例。以下是一个带有逐跳选项扩展首部的 ICMPv6 报文,其中包含两个选项,分别是路由器警告选项和填充 N 选项。在介绍这两个选项的具体含义之前,我们先关注它们的结构,即 TLV 结构(类型 - 长度 - 值)。其中类型选项又分为三个字段:动作、Chg 和类型子字段,这与上述介绍的内容一致。
接下来介绍具体的选项含义:
- 填充 1 和填充 N:
由于 IPv6 选项需要与 8 字节的偏移量对齐,因此较小的选项需用 0 填充至 8 字节。这里有两个填充选项,分别为填充 1 和填充 N。填充 1 选项(类型 0)是唯一缺少长度字段和值字段的选项,它仅有一个字节长,取值为 0。填充 N 选项(类型 1)用于向头部的选项区域填充 2 字节或更多字节。对于 n 个填充字节,选项数据长度字段包含的值为 (n - 2)。
下图展示了包含两个填充 1 选项的情况:
-
路由器警告:
路由器警告选项表明数据报包含需要路由器处理的信息,其目的与 IPv4 的路由器警告选项相同。该选项在实际应用中使用频率较低,我们只需了解其定义和格式即可。在上图所示的报文中,可观察到该选项。 -
IPv6 超大有效载荷:
在某些 TCP/IP 网络中,例如用于互联超级计算机的网络,由于正常的 64KB 的 IP 数据报大小限制,在传输大量数据时会产生不必要的开销。IPv6 超大有效载荷选项用于指定有效载荷大于 65535 字节的 IPv6 数据报,这类数据报称为超大报文。该选项无法在 MTU 小于 64KB 的链路连接的节点上实现。超大有效载荷选项提供了一个 32 位的字段,用于承载有效载荷在 65535 - 4294967295(4 GB)字节之间的数据报。
当生成用于传输的超大报文时,其正常 IPv6 固定首部中的负载长度字段将被设置为 0。
除上述选项外,还有隧道封装限制、快速启动等其他选项,但这些选项在实际应用中较为少见。因此,建议先掌握常用选项,对于其他选项可在实际开发工作中遇到时再深入学习。例如在当前的 IPv6 工作中,通常不会涉及选项处理内容,当然这也与具体的应用场景相关。
参考资料:
- 《TCP/IP 详解 - 卷一:协议》W.Richard Stevens。原书第二版。5.3 节。
IPv6 扩展头部:路由头部 Routing Header for IPv6
yyyyyyyuande 于 2018-07-19 23:47:27 发布
IPv6 在我国的发展起步较早,网络上相关资源丰富,但涉及实际应用的内容相对较少。随着国家对 IPv6 投入的增加,预计在未来一段时间内,IPv6 将成为研究和应用的热点。在学校教育中,该部分内容讲解较少,日常工作中接触也不多。近期因项目开发需要,产品需支持 IPv6 协议,因此对相关知识进行了学习,现将学习成果分享如下,如有错误,欢迎指正。
本文主要介绍 IPv6 扩展头部中的路由头部,并结合报文具体分析其作用,主要内容包括:
- 路由头部作用。
- 路由头部格式。
IPv6 路由头部为发送方提供了一种控制 IPv6 数据报通过网络路径的机制(至少实现部分控制)。目前,路由扩展头部有两个不同版本,分别为类型 0(RH0)和类型 2(RH2)。出于安全考虑,RH0 已被废弃[RFC5095],RH2 则被定义为与移动 IP 协同使用。为更好地理解路由头部,本文先对 RH0 进行讨论,再分析其被废弃的原因以及它与 RH2 的差异(实际上二者差异较小)。RH0 规定了数据包转发时可“访问”的一个或多个 IPv6 节点,其头部格式如下图所示:
该头部包含一个 8 位的路由类型标识符和一个 8 位的剩余部分字段。对于 RH0,IPv6 地址类型标识符为 0;对于 RH2,该标识符为 2。剩余部分字段用于指示还有多少段路由需要处理,即到达目的地之前还需访问的中间结点数量。紧接着是从 32 位的保留字段开始的地址块,由发送方设置为 0,接收方将忽略该字段。在数据报转发过程中,这些地址并非可访问的组播 IPv6 地址。
IPv6 路由头部在转发过程中不会被处理,直至数据报到达目的 IP 地址字段所包含地址的节点。此时,剩余部分字段用于确定地址向量中的下一跳地址,并将该地址与 IPv6 头部中的目的 IP 地址进行交换。因此,在数据报转发过程中,剩余部分字段的值会逐渐减小,头部中的地址列表将反映转发数据报的节点地址。通过下图所示的示例,可更清晰地理解这一转发过程:
在上图中,展示了中间节点对路由头部的处理方式。发送方(S)使用目的地址 R1 以及包含地址 R2、R3 和 D 的路由头部(类型 0,RH0)构造数据报,数据报的最终目的地址为列表中的最后一个地址 D。剩余部分字段(图中的 Left 字段)初始值为 3。数据报由 S 和 R0 自动转发至 R1,由于 R0 的地址未在数据报中出现,因此 R0 不会修改路由头部或地址。当数据报到达 R1 时,将基本头部的目的地址与路由头部的第一个地址进行交换,并将剩余部分字段的值递减 1。
在数据报转发过程中,重复上述将目的地址与路由头部地址列表中下一个地址交换的过程,直至到达路由头部中的最后一个目的地址。
以下是几个实际的含有路由头部的 IPv6 报文示例:
从报文中可看到路由头部包含的以下字段:
- Next header:指示路由头部后面的头部类型,本示例中为 icmpv6。
- Length:表示当前路由头部的总长度,单位为 8 字节。示例中显示值为 2,即 16 字节,实际计算时需加 1,应为 24 字节。这是因为存在 0 值的情况,同时需注意扩展头部通常按 8 字节对齐。
- Type:路由类型标识,此处值为 0,即 RH0,目前该值已不再使用,取而代之的是 RH2。
- Left Segments:剩余字段。
- 保留字段:4 字节,全部为 0。
- Address:IPv6 地址,长度为 16 字节。
计算路由头部的总长度:Next header(1 字节) + Length(1 字节) + Left Segments(1 字节) + Type(1 字节) + 保留字段 32 位(4 字节) + IPv6 地址(16 字节) = 24 字节,与 length 字段的值相符。
最后解释 RH0 被废弃的原因[RFC5095]:主要是出于安全考虑。由于 RH0 可被用于增强 DoS 攻击的效果,其问题在于允许在路由头部的多个位置指定相同地址,这可能导致流量在特定路径上的两台或多台路由器或主机之间重复转发,从而在网络中沿特定路径产生大量流量负载,与相同路径上的其他流量竞争带宽,造成网络干扰。因此,RH0 目前已不再使用,IPv6 唯一支持的路由头部是 RH2。RH2 与 RH0 基本相似,区别在于 RH2 仅能容纳一个地址,且在路由类型字段中使用的值不同。
关于路由头部的介绍至此结束。
参考资料:
- 《TCP/IP 详解 - 卷一:协议》W.Richard Stevens。原书第二版。5.3.2 节。
IPv6 扩展头部:分片头部 Fragment Header for IPv6
yyyyyyyuande 于 2018-07-21 16:12:43 发布
上一篇博客介绍了 IPv6 扩展头部中的路由头部类型,本文将介绍更为常见的扩展头部分片头部。
分片头部用于 IPv6 源节点向目的节点发送大于路径 MTU 的数据报。关于路径 MTU 及其确定方法,将在后续合适的时机进行讨论。整个网络中针对 IPv6 定义的链路层最小 MTU 为 1280 字节(详见[RFC2460]的第五节),而在 IPv4 中,该值可能为 576 字节。在 IPv4 中,若数据报大小超过下一跳 MTU,任何主机或路由器均可对该数据报进行分片,IPv4 头部中第二个 32 位字段用于标识分片信息,如下图所示:
在 IPv6 中,仅数据报的发送者可以执行分片操作。这意味着中间路由器或主机无需再处理分片报文,从而提高了分片报文的处理效率,因为分片报文的重组和分片操作均会消耗大量 CPU 资源。在此情况下,需要添加一个分片头部。
分片头部包含的信息与 IPv4 头部中的类似,不同之处在于标识符字段扩展为 32 位,而 IPv4 采用的是 16 位。这一更大的字段使得网络能够容纳更多的分片。下图展示了分片头部的格式(源自书籍配图):
IPv6 分片头部包含一个 32 位的标识符字段(是 IPv4 中标识符字段长度的两倍)。M 位字段用于指示该分片是否为原始数据报的最后一个分片。与 IPv4 相同,分片偏移字段表示有效载荷在原始数据报中以 8 字节为单位的偏移量。
在上图中,保留字段和 2 位的 Res 字段值均为 0,且会被接收方忽略。分片偏移字段表示数据以 8 字节为单位的偏移量,该偏移量是相对于原始 IPv6 数据报的“可分片部分”,放置在分片头部之后。如果 M 字段设置为 1,表示数据报中还有更多分片;如果该值为 0,则表示该分片是原始数据报的最后一个分片。
在分片过程中,输入的数据报称为“原始数据报”,它由两部分组成:“不可分片部分”和“可分片部分”。不可分片部分包括 IPv6 头部和任何在到达目的地之前需要由中间节点处理的扩展头部(即包括路由头部之前的所有头部,若存在逐跳选项扩展头部,则为该头部之前的所有头部)。可分片部分包括数据报的其余部分(即目的选项头部、上层头部和有效载荷数据)。简而言之,部分扩展头部不允许分片,每个分片报文都必须携带不可分片的部分。
当原始数据报被分片后,会产生多个分片,每个分片都包含原始数据报中不可分片部分的副本,但需要修改每个 IPv6 头部的负载长度字段,以反映该分片报文的实际大小。在不可分片部分之后,每个新的分片都包含一个分片头部,其中包含相应的分片偏移字段(例如第一个分片的偏移量为 0),以及原始分组标识符字段的副本。最后一个分片的 M(更多分片)位字段设置为 0。
以下通过一个示例演示 IPv6 源节点对数据报的分片过程。在此示例中,一个 3960 字节的有效载荷被分片,且每个分片的大小均不超过 1500 字节(典型的以太网 MTU),分片数据的大小为 8 字节的倍数。
在该示例中,一个 3960 字节的有效载荷被分为 3 个 1448 字节或更小的分片。每个分片都包含一个具有相同标识符字段的分片头部。除最后一个分片外,所有分片的更多分片(M)字段均设置为 1。偏移量以 8 字节为单位,例如最后一个分片包含的数据是从原始数据起始位置偏移 (362×8)=2896 字节处开始的。该方案与 IPv4 中的分片方式类似。
在上图中,可以看到较大的原始数据报被划分为 3 个较小的分片,每个分片都包含一个分片头部。IPv6 头部的负载长度字段已被修改,以反映数据和新生成的分片头部的大小。每个分片中的分片头部包含一个公共标识符字段,以确保在网络中,不同的原始数据报在其生命周期内不会被分配相同的标识符字段,接收端将依据相同的标识符对报文进行重组。
分片头部中的偏移量字段以 8 字节为单位,因此分片操作需在 8 字节的边界处进行。这就是第一个和第二个分片包含 1448 字节,而非 1452 字节的原因。除最后一个分片外(最后一个分片也可能是 8 字节的倍数),所有分片的大小均为 8 字节的倍数。接收方在对分片进行重组之前,必须确保已接收到原始数据报的所有分片。重组过程需要将所有分片聚合,以还原成原始数据报。与 IPv4 分片类似,分片可能不会按顺序到达接收方,但在重组时需要按照正确顺序组合成一个数据报,以便交付给高层的其他协议进行处理。
在 win10 系统中,可使用以下命令构造一个分片报文:
ping -l 3952 (IPv6 网关)
关于 IPv6 扩展首部分片首部的介绍至此结束。
参考资料:
- 《TCP/IP 详解 - 卷一:协议》W.Richard Stevens。原书第二版。5.3.3 节。
- RFC2460 : https://tools.ietf.org/html/rfc2460
- IPv6 技术课件 https://wenku.baidu.com/view/17627f53581b6bd97f19eae6
RFC 8200: Internet Protocol, Version 6 (IPv6) Specification
Internet Engineering Task Force (IETF) S. Deering
Request for Comments: 8200 Retired
STD: 86 R. Hinden
Obsoletes: 2460 Check Point Software
Category: Standards Track July 2017
ISSN: 2070-1721
Internet Protocol, Version 6 (IPv6) Specification
互联网协议,版本 6(IPv6)规范
Abstract
摘要
This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460.
本文档指定了 Internet 协议(IPv6)的版本 6。它淘汰了 RFC2460。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了 IETF 社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见 RFC 7841 第 2 节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8200.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问 http://www.rfc-editor.org/info/rfc8200.
Copyright Notice
版权公告
Copyright © 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2017 IETF 信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info ) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受 BCP 78 和 IETF 信托有关 IETF 文件的法律规定的约束 (http://trustee.ietf.org/license-info ) 自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第 4.e 节中所述的简化 BSD 许可证文本,并提供简化 BSD 许可证中所述的无担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person (s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person (s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含 2008 年 11 月 10 日之前发布或公开的 IETF 文件或 IETF 贡献中的材料。控制某些材料版权的人员可能未授予 IETF 信托允许在 IETF 标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在 IETF 标准流程之外修改本文件,也不得在 IETF 标准流程之外创建其衍生作品,除了将其格式化以 RFC 形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. IPv6 Header Format . . . . . . . . . . . . . . . . . . . . 6
4. IPv6 Extension Headers . . . . . . . . . . . . . . . . . . 7
4.1. Extension Header Order . . . . . . . . . . . . . . . . 10
4.2. Options . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.3. Hop-by-Hop Options Header . . . . . . . . . . . . . . . . 13
4.4. Routing Header . . . . . . . . . . . . . . . . . . . . 14
4.5. Fragment Header . . . . . . . . . . . . . . . . . . . . 15
4.6. Destination Options Header . . . . . . . . . . . . . . . 23
4.7. No Next Header . . . . . . . . . . . . . . . . . . . . 24
4.8. Defining New Extension Headers and Options . . . . . . . 24
5. Packet Size Issues . . . . . . . . . . . . . . . . . . . . 25
6. Flow Labels . . . . . . . . . . . . . . . . . . . . . . . . . 26
7. Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . 26
8. Upper-Layer Protocol Issues . . . . . . . . . . . . . . . . . 27
8.1. Upper-Layer Checksums . . . . . . . . . . . . . . . . . 27
8.2. Maximum Packet Lifetime . . . . . . . . . . . . . . . . . 28
8.3. Maximum Upper-Layer Payload Size . . . . . . . . . . . . 29
8.4. Responding to Packets Carrying Routing Headers . . . . . 29
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
10. Security Considerations . . . . . . . . . . . . . . . . . . . 30
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 32
11.1. Normative References . . . . . . . . . . . . . . . . . . 32
11.2. Informative References . . . . . . . . . . . . . . . . . 33
Appendix A. Formatting Guidelines for Options . . . . . . . . . 36
Appendix B. Changes Since RFC 2460 . . . . . . . . . . . . . . . 39
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 42
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42
1. Introduction
介绍
IP version 6 (IPv6) is a new version of the Internet Protocol (IP), designed as the successor to IP version 4 (IPv4) [RFC791]. The changes from IPv4 to IPv6 fall primarily into the following categories:
IP 版本 6(IPv6)是 Internet 协议(IP)的新版本,设计为 IP 版本 4(IPv4)的继承版本 [RFC791]。从 IPv4 到 IPv6 的变化主要分为以下几类:
- Expanded Addressing Capabilities
扩展的寻址能力
IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler autoconfiguration of addresses. The scalability of multicast routing is improved by adding a “scope” field to multicast addresses. And a new type of address called an “anycast address” is defined; it is used to send a packet to any one of a group of nodes.
IPv6 将 IP 地址大小从 32 位增加到 128 位,以支持更高级别的寻址层次结构、更多的可寻址节点以及更简单的地址自动配置。通过在多播地址中添加 “scope” 字段,提高了多播路由的可扩展性。定义了一种称为 “选播地址” 的新型地址;它用于向一组节点中的任何一个发送数据包。
- Header Format Simplification
报头格式简化
Some IPv4 header fields have been dropped or made optional, to reduce the common-case processing cost of packet handling and to limit the bandwidth cost of the IPv6 header.
一些 IPv4 报头字段已被删除或成为可选字段,以降低数据包处理的常见情况处理成本并限制 IPv6 报头的带宽成本。
- Improved Support for Extensions and Options
改进了对扩展和选项的支持
Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.
IP 报头选项编码方式的改变允许更高效的转发,对选项长度的限制不那么严格,并且在将来引入新选项时具有更大的灵活性。
- Flow Labeling Capability
流标记能力
A new capability is added to enable the labeling of sequences of packets that the sender requests to be treated in the network as a single flow.
增加了一项新功能,可以对发送方请求在网络中作为单个流处理的数据包序列进行标记。
- Authentication and Privacy Capabilities
身份验证和隐私功能
Extensions to support authentication, data integrity, and (optional) data confidentiality are specified for IPv6.
为 IPv6 指定了支持身份验证、数据完整性和(可选)数据机密性的扩展。
This document specifies the basic IPv6 header and the initially defined IPv6 extension headers and options. It also discusses packet size issues, the semantics of flow labels and traffic classes, and the effects of IPv6 on upper-layer protocols. The format and semantics of IPv6 addresses are specified separately in [RFC4291]. The IPv6 version of ICMP, which all IPv6 implementations are required to include, is specified in [RFC4443].
本文档指定基本 IPv6 标头以及最初定义的 IPv6 扩展标头和选项。它还讨论了数据包大小问题、流标签和流量类的语义,以及 IPv6 对上层协议的影响。[RFC4291] 中分别规定了 IPv6 地址的格式和语义。[RFC4443] 中规定了 ICMP 的 IPv6 版本,所有 IPv6 实现都需要包括该版本。
The data transmission order for IPv6 is the same as for IPv4 as defined in Appendix B of [RFC791].
IPv6 的数据传输顺序与 [RFC791] 附录 B 中定义的 IPv4 的数据传输顺序相同。
Note: As this document obsoletes [RFC2460], any document referenced in this document that includes pointers to RFC 2460 should be interpreted as referencing this document.
注:由于本文件淘汰了 [RFC2460],本文件中引用的任何文件,包括指向 RFC 2460 的指针,应解释为引用本文件。
2. Terminology
术语
-
node a device that implements IPv6.
节点实现 IPv6 的设备。 -
router a node that forwards IPv6 packets not explicitly addressed to itself. (See Note below.)
路由器转发未显式寻址到自身的 IPv6 数据包的节点。(见下文注释。) -
host any node that is not a router. (See Note below.)
托管不是路由器的任何节点。(见下文注释。) -
upper layer a protocol layer immediately above IPv6. Examples are transport protocols such as TCP and UDP, control protocols such as ICMP, routing protocols such as OSPF, and internet-layer or lower-layer protocols being “tunneled” over (i.e., encapsulated in) IPv6 such as Internetwork Packet Exchange (IPX), AppleTalk, or IPv6 itself.
上层 IPv6 之上的协议层。例如,传输协议(如 TCP 和 UDP)、控制协议(如 ICMP)、路由协议(如 OSPF)以及通过(即封装在)IPv6(如互联网数据包交换(IPX)、AppleTalk 或 IPv6 本身)“隧道” 的互联网层或较低层协议。 -
link a communication facility or medium over which nodes can communicate at the link layer, i.e., the layer immediately below IPv6. Examples are Ethernets (simple or bridged); PPP links; X.25, Frame Relay, or ATM networks; and internet-layer or higher-layer “tunnels”, such as tunnels over IPv4 or IPv6 itself.
链路节点可在链路层(即 IPv6 正下方的层)上进行通信的通信设施或介质。例如以太网络(简单或桥接);PPP 链接;X.25、帧中继或 ATM 网络;互联网层或更高层的 “隧道”,如 IPv4 或 IPv6 本身上的隧道。 -
neighbors nodes attached to the same link.
连接到同一链路的邻居节点。 -
interface a node’s attachment to a link.
将节点的附件连接到链接。 -
address an IPv6-layer identifier for an interface or a set of interfaces.
寻址一个或一组接口的 IPv6 层标识符。 -
packet an IPv6 header plus payload.
数据包包含 IPv6 标头和有效负载。 -
link MTU the maximum transmission unit, i.e., maximum packet size in octets, that can be conveyed over a link.
链路 MTU—— 可通过链路传输的最大传输单元,即以八位字节为单位的最大数据包大小。 -
path MTU the minimum link MTU of all the links in a path between a source node and a destination node.
路径 MTU 源节点和目标节点之间路径中所有链路的最小链路 MTU。
Note: it is possible for a device with multiple interfaces to be configured to forward non-self-destined packets arriving from some set (fewer than all) of its interfaces and to discard non-self-destined packets arriving from its other interfaces. Such a device must obey the protocol requirements for routers when receiving packets from, and interacting with neighbors over, the former (forwarding) interfaces. It must obey the protocol requirements for hosts when receiving packets from, and interacting with neighbors over, the latter (non-forwarding) interfaces.
注意:对于具有多个接口的设备,可以配置为转发从其某一组(少于所有)接口到达的非自定目的数据包,并丢弃从其其他接口到达的非自定目的数据包。当从前(转发)接口接收数据包并通过前(转发)接口与邻居交互时,此类设备必须遵守路由器的协议要求。当从邻居(非转发)接口接收数据包并通过邻居(非转发)接口与邻居交互时,它必须遵守主机的协议要求。
3. IPv6 Header Format
IPv6 标头格式
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Version 4-bit Internet Protocol version number = 6.
版本 4 位互联网协议版本号 = 6。 -
Traffic Class 8-bit Traffic Class field. See Section 7.
流量等级 8 位流量等级字段。见第 7 节。 -
Flow Label 20-bit flow label. See Section 6.
流量标签 20 位流量标签。见第 6 节。 -
Payload Length 16-bit unsigned integer. Length of the IPv6 payload, i.e., the rest of the packet following this IPv6 header, in octets. (Note that any extension headers (see Section 4) present are considered part of the payload, i.e., included in the length count.)
有效负载长度 16 位无符号整数。IPv6 有效负载的长度,即该 IPv6 报头之后的数据包的剩余部分,以八位字节为单位。(请注意,存在的任何扩展标头(见第 4 节)都被视为有效载荷的一部分,即包含在长度计数中。) -
Next Header 8-bit selector. Identifies the type of header immediately following the IPv6 header. Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识紧跟在 IPv6 标头之后的标头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. When forwarding, the packet is discarded if Hop Limit was zero when received or is decremented to zero. A node that is the destination of a packet should not discard a packet with Hop Limit equal to zero; it should process the packet normally.
跃点限制 8 位无符号整数。转发数据包的每个节点递减 1。转发时,如果接收到的跃点限制为零或减小到零,则丢弃数据包。作为数据包目的地的节点不应丢弃跳数限制等于零的数据包;它应该正常处理数据包。 -
Source Address 128-bit address of the originator of the packet. See [RFC4291].
源地址数据包发起方的 128 位地址。见 [RFC4291]。 -
Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient, if a Routing header is present). See [RFC4291] and Section 4.4.
目标地址数据包的预期收件人的 128 位地址(如果存在路由报头,则可能不是最终收件人)。参见 [RFC4291] 和第 4.4 节。
4. IPv6 Extension Headers
IPv6 扩展头
In IPv6, optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper-layer header in a packet. There is a small number of such extension headers, each one identified by a distinct Next Header value.
在 IPv6 中,可选的 internet 层信息编码在单独的报头中,这些报头可以放在数据包中的 IPv6 报头和上层报头之间。有少量这样的扩展头,每个扩展头由一个不同的下一个头值标识。
Extension headers are numbered from IANA IP Protocol Numbers [IANA-PN], the same values used for IPv4 and IPv6. When processing a sequence of Next Header values in a packet, the first one that is not an extension header [IANA-EH] indicates that the next item in the packet is the corresponding upper-layer header. A special “No Next Header” value is used if there is no upper-layer header.
扩展头根据 IANA IP 协议编号 [IANA-PN] 进行编号,这些编号与 IPv4 和 IPv6 使用的值相同。当处理分组中的下一个报头值序列时,不是扩展报头 [IANA-EH] 的第一个报头指示分组中的下一项是对应的上层报头。如果没有上层标头,则使用特殊的 “无下一个标头” 值。
As illustrated in these examples, an IPv6 packet may carry zero, one, or more extension headers, each identified by the Next Header field of the preceding header:
如这些示例中所示,IPv6 数据包可携带零个、一个或多个扩展报头,每个扩展报头由前一报头的下一报头字段标识:
+---------------+------------------------
| IPv6 header | TCP header + data
| |
| Next Header = |
| TCP |
+---------------+------------------------
Extension headers (except for the Hop-by-Hop Options header) are not processed, inserted, or deleted by any node along a packet’s delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header.
扩展标头(逐跳选项标头除外)不会由任何节点沿数据包的传递路径进行处理、插入或删除,直到数据包到达 IPv6 标头的目标地址字段中标识的节点(或多播情况下的每个节点集)。
The Hop-by-Hop Options header is not inserted or deleted, but may be examined or processed by any node along a packet’s delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header. The Hop-by-Hop Options header, when present, must immediately follow the IPv6 header. Its presence is indicated by the value zero in the Next Header field of the IPv6 header.
逐跳选项报头不被插入或删除,但可由沿分组的递送路径的任何节点检查或处理,直到分组到达在 IPv6 报头的目的地地址字段中标识的节点(或在多播的情况下,每组节点)为止。“逐跳选项” 标头(如果存在)必须紧跟在 IPv6 标头之后。它的存在由 IPv6 标头的下一个标头字段中的值零表示。
NOTE: While [RFC2460] required that all nodes must examine and process the Hop-by-Hop Options header, it is now expected that nodes along a packet’s delivery path only examine and process the Hop-by-Hop Options header if explicitly configured to do so.
注意:虽然 [RFC2460] 要求所有节点必须检查和处理逐跳选项报头,但现在可以预期,如果明确配置为这样做,则沿着数据包传递路径的节点仅检查和处理逐跳选项报头。
At the destination node, normal demultiplexing on the Next Header field of the IPv6 header invokes the module to process the first extension header, or the upper-layer header if no extension header is present. The contents and semantics of each extension header determine whether or not to proceed to the next header. Therefore, extension headers must be processed strictly in the order they appear in the packet; a receiver must not, for example, scan through a packet looking for a particular kind of extension header and process that header prior to processing all preceding ones.
在目标节点,IPv6 报头的下一个报头字段上的正常解复用调用模块来处理第一个扩展报头,如果不存在扩展报头,则调用上层报头。每个扩展头的内容和语义决定是否继续下一个头。因此,必须严格按照扩展头在数据包中出现的顺序进行处理;例如,接收方不得扫描数据包寻找特定类型的扩展报头,并在处理之前处理该报头。
If, as a result of processing a header, the destination node is required to proceed to the next header but the Next Header value in the current header is unrecognized by the node, it should discard the packet and send an ICMP Parameter Problem message to the source of the packet, with an ICMP Code value of 1 (“unrecognized Next Header type encountered”) and the ICMP Pointer field containing the offset of the unrecognized value within the original packet. The same action should be taken if a node encounters a Next Header value of zero in any header other than an IPv6 header.
如果作为处理报头的结果,目标节点需要继续处理下一个报头,但节点无法识别当前报头中的下一个报头值,则它应丢弃该数据包,并向数据包源发送 ICMP 参数问题消息,ICMP 代码值为 1 (“遇到无法识别的下一个标头类型”)和包含原始数据包中无法识别值的偏移量的 ICMP 指针字段。如果节点在除 IPv6 标头以外的任何标头中遇到下一个标头值为零,则应采取相同的操作。
Each extension header is an integer multiple of 8 octets long, in order to retain 8-octet alignment for subsequent headers. Multi-octet fields within each extension header are aligned on their natural boundaries, i.e., fields of width n octets are placed at an integer multiple of n octets from the start of the header, for n = 1, 2, 4, or 8.
每个扩展头是 8 个八位字节的整数倍,以便为后续头保留 8 个八位字节的对齐。每个扩展标头内的多个八位元字段在其自然边界上对齐,即,宽度为 n 个八位元的字段从标头开始以 n 个八位元的整数倍放置,n=1、2、4 或 8。
A full implementation of IPv6 includes implementation of the following extension headers:
IPv6 的完整实现包括以下扩展头的实现:
- Hop-by-Hop Options
逐跳选项 - Fragment
片段 - Destination Options
目的地选项 - Routing
路由 - Authentication
身份验证 - Encapsulating Security Payload
封装安全负载
The first four are specified in this document; the last two are specified in [RFC4302] and [RFC4303], respectively. The current list of IPv6 extension headers can be found at [IANA-EH].
前四项在本文件中规定;最后两个分别在 [RFC4302] 和 [RFC4303] 中指定。IPv6 扩展头的当前列表可在 [IANA-EH] 中找到。
4.1. Extension Header Order
扩展标题顺序
When more than one extension header is used in the same packet, it is recommended that those headers appear in the following order:
当在同一数据包中使用多个扩展标头时,建议这些标头按以下顺序显示:
-
IPv6 header
IPv6 标头 -
Hop-by-Hop Options header
逐跳选项标头 -
Destination Options header (note 1)
目的地选项标头(注 1) -
Routing header
路由标头 -
Fragment header
片段标头 -
Authentication header (note 2)
身份验证标头(注 2) -
Encapsulating Security Payload header (note 2)
封装安全有效负载标头(注 2) -
Destination Options header (note 3)
目的地选项标头(注 3) -
Upper-Layer header
上层标头
note 1: for options to be processed by the first destination that appears in the IPv6 Destination Address field plus subsequent destinations listed in the Routing header.
注 1:用于由 IPv6 目标地址字段中显示的第一个目标以及路由标头中列出的后续目标处理的选项。
note 2: additional recommendations regarding the relative order of the Authentication and Encapsulating Security Payload headers are given in [RFC4303].
注 2:[RFC4303] 中给出了有关身份验证和封装安全有效负载头的相对顺序的其他建议。
note 3: for options to be processed only by the final destination of the packet.
注 3:对于仅由数据包最终目的地处理的选项。
Each extension header should occur at most once, except for the Destination Options header, which should occur at most twice (once before a Routing header and once before the upper-layer header).
每个扩展标头最多应出现一次,但 Destination Options 标头除外,该标头最多应出现两次(一次在路由标头之前,一次在上层标头之前)。
If the upper-layer header is another IPv6 header (in the case of IPv6 being tunneled over or encapsulated in IPv6), it may be followed by its own extension headers, which are separately subject to the same ordering recommendations.
如果上层报头是另一个 IPv6 报头(在 IPv6 被隧道覆盖或封装在 IPv6 中的情况下),则其后面可能会有其自己的扩展报头,这些扩展报头分别遵循相同的排序建议。
If and when other extension headers are defined, their ordering constraints relative to the above listed headers must be specified.
如果定义了其他扩展标头,则必须指定它们相对于上面列出的标头的顺序约束。
IPv6 nodes must accept and attempt to process extension headers in any order and occurring any number of times in the same packet, except for the Hop-by-Hop Options header, which is restricted to appear immediately after an IPv6 header only. Nonetheless, it is strongly advised that sources of IPv6 packets adhere to the above recommended order until and unless subsequent specifications revise that recommendation.
IPv6 节点必须接受并尝试以任何顺序处理扩展标头,并在同一数据包中出现任意次数,但逐跳选项标头除外,该标头仅限于出现在 IPv6 标头之后。尽管如此,强烈建议 IPv6 数据包的源遵守上述建议的顺序,除非后续规范修改该建议。
4.2. Options
选项
Two of the currently defined extension headers specified in this document – the Hop-by-Hop Options header and the Destination Options header – carry a variable number of “options” that are type-length-value (TLV) encoded in the following format:
本文档中指定的两个当前定义的扩展标题(逐跳选项标题和目标选项标题)包含可变数量的 “选项”,这些选项是按以下格式编码的类型长度值(TLV):
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| Option Type | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
-
Option Type 8-bit identifier of the type of option.
类型选项类型的 8 位标识符。 -
Opt Data Len 8-bit unsigned integer. Length of the Option Data field of this option, in octets.
Opt Data Len 8 位无符号整数。此选项的选项数据字段的长度,以八位字节为单位。 -
Option Data Variable-length field. Option-Type-specific data.
选项数据可变长度字段。选项类型特定的数据。
The sequence of options within a header must be processed strictly in the order they appear in the header; a receiver must not, for example, scan through the header looking for a particular kind of option and process that option prior to processing all preceding ones.
标题中的选项序列必须严格按照它们在标题中出现的顺序进行处理;例如,接收者不得扫描报头寻找特定类型的选项,并在处理之前处理该选项。
The Option Type identifiers are internally encoded such that their highest-order 2 bits specify the action that must be taken if the processing IPv6 node does not recognize the Option Type:
选项类型标识符进行内部编码,以便其最高阶 2 位指定在处理 IPv6 节点无法识别选项类型时必须采取的操作:
-
00 - skip over this option and continue processing the header.
00 - 跳过此选项并继续处理标题。 -
01 - discard the packet.
01 - 丢弃数据包。 -
10 - discard the packet and, regardless of whether or not the packet’s Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type.
10 - 丢弃数据包,无论数据包的目标地址是否为多播地址,都将 ICMP 参数问题代码 2 消息发送到数据包的源地址,指向无法识别的选项类型。 -
11 - discard the packet and, only if the packet’s Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type.
11 - 丢弃数据包,仅当数据包的目标地址不是多播地址时,才将 ICMP 参数问题代码 2 消息发送到数据包的源地址,指向无法识别的选项类型。
The third-highest-order bit of the Option Type specifies whether or not the Option Data of that option can change en route to the packet’s final destination. When an Authentication header is present
选项类型的第三高阶位指定该选项的选项数据是否可以在到数据包最终目的地的途中更改。当存在身份验证标头时
in the packet, for any option whose data may change en route, its entire Option Data field must be treated as zero-valued octets when computing or verifying the packet’s authenticating value.
在数据包中,对于其数据可能在途中更改的任何选项,在计算或验证数据包的身份验证值时,其整个选项数据字段必须视为零值八位字节。
-
0 - Option Data does not change en route
0 - 选项数据在途中不会更改 -
1 - Option Data may change en route
1 - 选项数据可能会在途中更改
The three high-order bits described above are to be treated as part of the Option Type, not independent of the Option Type. That is, a particular option is identified by a full 8-bit Option Type, not just the low-order 5 bits of an Option Type.
上述三个高阶位将被视为选项类型的一部分,而不是独立于选项类型。也就是说,特定选项由完整的 8 位选项类型标识,而不仅仅是选项类型的低阶 5 位。
The same Option Type numbering space is used for both the Hop-by-Hop Options header and the Destination Options header. However, the specification of a particular option may restrict its use to only one of those two headers.
相同的选项类型编号空间用于逐跳选项标题和目标选项标题。但是,特定选项的规范可能会将其使用限制为这两个标题中的一个。
Individual options may have specific alignment requirements, to ensure that multi-octet values within Option Data fields fall on natural boundaries. The alignment requirement of an option is specified using the notation xn+y, meaning the Option Type must appear at an integer multiple of x octets from the start of the header, plus y octets. For example:
单个选项可能有特定的对齐要求,以确保选项数据字段中的多个八位组值位于自然边界上。选项的对齐要求使用符号 xn+y 指定,这意味着选项类型必须以从标题开始的 x 个八位字节加上 y 个八位字节的整数倍显示。例如:
- 2n means any 2-octet offset from the start of the header. 8n+2 means any 8-octet offset from the start of the header, plus 2 octets.
2n 表示从报头开始的任何 2 个八位组偏移量。8n+2 表示从报头开始的任何 8 个八位字节的偏移量加上 2 个八位字节。
There are two padding options that are used when necessary to align subsequent options and to pad out the containing header to a multiple of 8 octets in length. These padding options must be recognized by all IPv6 implementations:
有两个填充选项,用于在必要时对齐后续选项,并将包含的标题填充到 8 个八位字节的倍数。所有 IPv6 实施都必须识别这些填充选项:
- Pad1 option (alignment requirement: none)
Pad1 选项(对齐要求:无)
+-+-+-+-+-+-+-+-+
| 0 |
+-+-+-+-+-+-+-+-+
NOTE! the format of the Pad1 option is a special case – it does not have length and value fields.
笔记 Pad1 选项的格式是一种特殊情况 —— 它没有长度和值字段。
The Pad1 option is used to insert 1 octet of padding into the Options area of a header. If more than one octet of padding is required, the PadN option, described next, should be used, rather than multiple Pad1 options.
Pad1 选项用于在标头的选项区域中插入 1 个八位字节的填充。如果需要多个八位字节的填充,则应使用下面介绍的 PadN 选项,而不是多个 Pad1 选项。
- PadN option (alignment requirement: none)
PadN 选项(对齐要求:无)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| 1 | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
The PadN option is used to insert two or more octets of padding into the Options area of a header. For N octets of padding, the Opt Data Len field contains the value N-2, and the Option Data consists of N-2 zero-valued octets.
PadN 选项用于将两个或多个八位字节的填充插入标头的选项区域。对于 N 个八位字节的填充,Opt Data Len 字段包含值 N-2,选项数据由 N-2 个零值八位字节组成。
Appendix A contains formatting guidelines for designing new options.
附录 A 包含设计新选项的格式指南。
4.3. Hop-by-Hop Options Header
逐跳选项标题
The Hop-by-Hop Options header is used to carry optional information that may be examined and processed by every node along a packet’s delivery path. The Hop-by-Hop Options header is identified by a Next Header value of 0 in the IPv6 header and has the following format:
Hop-by-Hop-Options 报头用于携带可选信息,这些信息可由每个节点沿着数据包的传递路径进行检查和处理。逐跳选项标头由 IPv6 标头中的下一个标头值 0 标识,格式如下:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Next Header 8-bit selector. Identifies the type of header immediately following the Hop-by-Hop Options header. Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识紧跟在逐跳选项标头之后的标头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Hdr Ext Len 8-bit unsigned integer. Length of the Hop-by-Hop Options header in 8-octet units, not including the first 8 octets.
Hdr Ext Len 8 位无符号整数。逐跳选项标头的长度,以 8 个八位字节为单位,不包括前 8 个八位字节。 -
Options Variable-length field, of length such that the complete Hop-by-Hop Options header is an integer multiple of 8 octets long. Contains one or more TLV-encoded options, as described in Section 4.2.
Options 可变长度字段,其长度应确保完整的逐跳 Options 标头为 8 个八位字节长的整数倍。包含一个或多个 TLV 编码选项,如第 4.2 节所述。
The only hop-by-hop options defined in this document are the Pad1 and PadN options specified in Section 4.2.
本文件中定义的唯一逐跳选项是第 4.2 节中规定的 Pad1 和 PadN 选项。
4.4. Routing Header
路由报头
The Routing header is used by an IPv6 source to list one or more intermediate nodes to be “visited” on the way to a packet’s destination. This function is very similar to IPv4’s Loose Source and Record Route option. The Routing header is identified by a Next Header value of 43 in the immediately preceding header and has the following format:
IPv6 源使用路由报头列出一个或多个中间节点,这些节点将在到达数据包目的地的途中 “访问”。此功能与 IPv4 的松散源代码和记录路由选项非常相似。路由报头由前一报头中的下一报头值 43 标识,格式如下:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type | Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. .
. type-specific data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Next Header 8-bit selector. Identifies the type of header immediately following the Routing header. Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识紧接路由标头之后的标头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Hdr Ext Len 8-bit unsigned integer. Length of the Routing header in 8-octet units, not including the first 8 octets.
Hdr Ext Len 8 位无符号整数。路由头的长度,以 8 个八位字节为单位,不包括前 8 个八位字节。 -
Routing Type 8-bit identifier of a particular Routing header variant.
路由类型特定路由头变量的 8 位标识符。 -
Segments Left 8-bit unsigned integer. Number of route segments remaining, i.e., number of explicitly listed intermediate nodes still to be visited before reaching the final destination.
段左 8 位无符号整数。剩余的路由段数,即在到达最终目的地之前仍要访问的明确列出的中间节点数。 -
type-specific data Variable-length field, of format determined by the Routing Type, and of length such that the complete Routing header is an integer multiple of 8 octets long.
特定于类型的数据可变长度字段,其格式由路由类型确定,长度应确保完整的路由头是 8 个八位字节的整数倍。
If, while processing a received packet, a node encounters a Routing header with an unrecognized Routing Type value, the required behavior of the node depends on the value of the Segments Left field, as follows:
如果在处理接收到的数据包时,节点遇到具有无法识别的路由类型值的路由报头,则节点所需的行为取决于 Segments Left 字段的值,如下所示:
-
If Segments Left is zero, the node must ignore the Routing header and proceed to process the next header in the packet, whose type is identified by the Next Header field in the Routing header.
如果剩余段为零,则节点必须忽略路由报头并继续处理数据包中的下一个报头,其类型由路由报头中的下一个报头字段标识。 -
If Segments Left is non-zero, the node must discard the packet and send an ICMP Parameter Problem, Code 0, message to the packet’s Source Address, pointing to the unrecognized Routing Type.
如果剩余段不为零,则节点必须丢弃数据包,并向数据包的源地址发送 ICMP 参数问题代码 0 消息,指向无法识别的路由类型。
If, after processing a Routing header of a received packet, an intermediate node determines that the packet is to be forwarded onto a link whose link MTU is less than the size of the packet, the node must discard the packet and send an ICMP Packet Too Big message to the packet’s Source Address.
如果在处理所接收分组的路由报头之后,中间节点确定该分组将被转发到链路 MTU 小于该分组大小的链路上,则该节点必须丢弃该分组并向该分组的源地址发送 ICMP 分组过大消息。
The currently defined IPv6 Routing Headers and their status can be found at [IANA-RH]. Allocation guidelines for IPv6 Routing Headers can be found in [RFC5871].
当前定义的 IPv6 路由头及其状态可在 [IANA-RH] 中找到。IPv6 路由头的分配指南可在 [RFC5871] 中找到。
4.5. Fragment Header
4.5. 片段头
The Fragment header is used by an IPv6 source to send a packet larger than would fit in the path MTU to its destination. (Note: unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet’s delivery path – see Section 5.) The Fragment header is identified by a Next Header value of 44 in the immediately preceding header and has the following format:
IPv6 源使用片段头向其目的地发送比路径 MTU 中适合的数据包大的数据包。(注意:与 IPv4 不同,IPv6 中的分段仅由源节点执行,而不是由沿数据包传递路径的路由器执行 —— 请参见第 5 节。)分段标头由前一个标头中的下一个标头值 44 标识,格式如下:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Reserved | Fragment Offset |Res|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Next Header 8-bit selector. Identifies the initial header type of the Fragmentable Part of the original packet (defined below). Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识原始数据包(定义见下文)可分段部分的初始头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Reserved 8-bit reserved field. Initialized to zero for transmission; ignored on reception.
保留 8 位保留字段。初始化为零以便传输;接待时被忽略。 -
Fragment Offset 13-bit unsigned integer. The offset, in 8-octet units, of the data following this header, relative to the start of the Fragmentable Part of the original packet.
片段偏移量 13 位无符号整数。该报头之后的数据相对于原始数据包的可分割部分的开始的偏移量,以 8 个八位字节为单位。 -
Res 2-bit reserved field. Initialized to zero for transmission; ignored on reception.
Res 2 位保留字段。初始化为零以便传输;接待时被忽略。 -
M flag 1 = more fragments; 0 = last fragment.
M 标志 1 = 更多碎片;0 = 最后一个片段。 -
Identification 32 bits. See description below.
标识 32 位。见下面的描述。
In order to send a packet that is too large to fit in the MTU of the path to its destination, a source node may divide the packet into fragments and send each fragment as a separate packet, to be reassembled at the receiver.
为了发送太大而不适合其目的地的路径的 MTU 的分组,源节点可以将该分组分成片段,并将每个片段作为单独的分组发送,以在接收器处重新组装。
For every packet that is to be fragmented, the source node generates an Identification value. The Identification must be different than that of any other fragmented packet sent recently* with the same Source Address and Destination Address. If a Routing header is present, the Destination Address of concern is that of the final destination.
对于要分段的每个数据包,源节点生成一个标识值。该标识必须与最近发送的具有相同源地址和目标地址的任何其他碎片数据包的标识不同。如果存在路由标头,则关注的目的地地址是最终目的地的地址。
* “recently” means within the maximum likely lifetime of a packet, including transit time from source to destination and time spent awaiting reassembly with other fragments of the same packet. However, it is not required that a source node knows the maximum packet lifetime. Rather, it is assumed that the requirement can be met by implementing an algorithm that results in a low identification reuse frequency. Examples of algorithms that can meet this requirement are described in [RFC7739].
* “最近” 是指在数据包的最大可能生存期内,包括从源到目的地的传输时间以及等待与同一数据包的其他片段重新组装所花费的时间。然而,不要求源节点知道最大数据包生存期。相反,假设可以通过实现导致低识别重用频率的算法来满足需求。[RFC7739] 中描述了可满足此要求的算法示例。
The initial, large, unfragmented packet is referred to as the “original packet”, and it is considered to consist of three parts, as illustrated:
初始的、大的、未分割的数据包被称为 “原始数据包”,它被认为由三部分组成,如图所示:
original packet:
原始数据包:
+------------------+-------------------------+---//----------------+
| Per-Fragment | Extension & Upper-Layer | Fragmentable |
| Headers | Headers | Part |
+------------------+-------------------------+---//----------------+
The Per-Fragment headers must consist of the IPv6 header plus any extension headers that must be processed by nodes en route to the destination, that is, all headers up to and including the Routing header if present, else the Hop-by-Hop Options header if present, else no extension headers.
每个片段头必须由 IPv6 头加上节点在路由到目的地的过程中必须处理的任何扩展头组成,也就是说,路由头(如果存在)之前的所有头(包括路由头),否则逐跳选项头(如果存在),否则无扩展头。
The Extension headers are all other extension headers that are not included in the Per-Fragment headers part of the packet. For this purpose, the Encapsulating Security Payload (ESP) is not considered an extension header. The Upper-Layer header is the first upper-layer header that is not an IPv6 extension header. Examples of upper-layer headers include TCP, UDP, IPv4, IPv6, ICMPv6, and as noted ESP.
扩展头是数据包的每片段头部分中不包括的所有其他扩展头。为此,封装安全有效负载(ESP)不被视为扩展头。上层标头是不是 IPv6 扩展标头的第一个上层标头。上层头的示例包括 TCP、UDP、IPv4、IPv6、ICMPv6 和如前文所述的 ESP。
The Fragmentable Part consists of the rest of the packet after the upper-layer header or after any header (i.e., initial IPv6 header or extension header) that contains a Next Header value of No Next Header.
可分段部分由上层报头之后或任何报头(即初始 IPv6 报头或扩展报头)之后的数据包剩余部分组成,该报头包含无下一报头的下一报头值。
The Fragmentable Part of the original packet is divided into fragments. The lengths of the fragments must be chosen such that the resulting fragment packets fit within the MTU of the path to the packet’s destination (s). Each complete fragment, except possibly the last (“rightmost”) one, is an integer multiple of 8 octets long.
原始数据包的可分段部分被划分为多个片段。必须选择片段的长度,以使生成的片段数据包适合到数据包目的地的路径的 MTU。每个完整的片段,可能除了最后一个(“最右边的”)片段外,都是 8 个八位字节长的整数倍。
The fragments are transmitted in separate “fragment packets” as illustrated:
片段在单独的 “片段包” 中传输,如图所示:
original packet:
原始数据包:
+-----------------+-----------------+--------+--------+-//-+--------+
| Per-Fragment |Ext & Upper-Layer| first | second | | last |
| Headers | Headers |fragment|fragment|....|fragment|
+-----------------+-----------------+--------+--------+-//-+--------+
fragment packets:
片段数据包:
+------------------+---------+-------------------+----------+
| Per-Fragment |Fragment | Ext & Upper-Layer | first |
| Headers | Header | Headers | fragment |
+------------------+---------+-------------------+----------+
+------------------+--------+-------------------------------+
| Per-Fragment |Fragment| second |
| Headers | Header | fragment |
+------------------+--------+-------------------------------+
o
o
o
+------------------+--------+----------+
| Per-Fragment |Fragment| last |
| Headers | Header | fragment |
+------------------+--------+----------+
The first fragment packet is composed of:
第一个片段数据包由以下部分组成:
-
The Per-Fragment headers of the original packet, with the Payload Length of the original IPv6 header changed to contain the length of this fragment packet only (excluding the length of the IPv6 header itself), and the Next Header field of the last header of the Per-Fragment headers changed to 44.
原始数据包的每片段报头,原始 IPv6 报头的有效负载长度更改为仅包含此片段数据包的长度(不包括 IPv6 报头本身的长度),每片段报头最后一个报头的下一个报头字段更改为 44。 -
A Fragment header containing:
包含以下内容的片段标头:- The Next Header value that identifies the first header after the Per-Fragment headers of the original packet.
下一个标头值,用于标识原始数据包的每片段标头之后的第一个标头。 - A Fragment Offset containing the offset of the fragment, in 8-octet units, relative to the start of the Fragmentable Part of the original packet. The Fragment Offset of the first (“leftmost”) fragment is 0.
包含片段偏移量的片段偏移量,以 8 个八位字节为单位,相对于原始数据包的可分段部分的开始。第一个(“最左边”)片段的片段偏移量为 0。 - An M flag value of 1 as this is the first fragment.
M 标志值为 1,因为这是第一个片段。 - The Identification value generated for the original packet.
为原始数据包生成的标识值。
- The Next Header value that identifies the first header after the Per-Fragment headers of the original packet.
-
Extension headers, if any, and the Upper-Layer header. These headers must be in the first fragment. Note: This restricts the size of the headers through the Upper-Layer header to the MTU of the path to the packet’s destinations (s).
- 扩展标头(如果有)和上层标头。这些头必须在第一个片段中。注意:这限制了通过上层报头到数据包目的地路径 MTU 的报头的大小。
-
The first fragment.
第一个片段。
The subsequent fragment packets are composed of:
后续片段数据包由以下部分组成:
-
The Per-Fragment headers of the original packet, with the Payload Length of the original IPv6 header changed to contain the length of this fragment packet only (excluding the length of the IPv6 header itself), and the Next Header field of the last header of the Per-Fragment headers changed to 44.
原始数据包的每片段报头,原始 IPv6 报头的有效负载长度更改为仅包含此片段数据包的长度(不包括 IPv6 报头本身的长度),每片段报头最后一个报头的下一个报头字段更改为 44。 -
A Fragment header containing:
包含以下内容的片段标头:- The Next Header value that identifies the first header after the Per-Fragment headers of the original packet.
下一个标头值,用于标识原始数据包的每片段标头之后的第一个标头。 - A Fragment Offset containing the offset of the fragment, in 8-octet units, relative to the start of the Fragmentable Part of the original packet.
包含片段偏移量的片段偏移量,以 8 个八位字节为单位,相对于原始数据包的可分段部分的开始。 - An M flag value of 0 if the fragment is the last (“rightmost”) one, else an M flag value of 1.
如果片段是最后一个(“最右边”)片段,则 M 标志值为 0,否则 M 标志值为 1。 - The Identification value generated for the original packet.
为原始数据包生成的标识值。
- The Next Header value that identifies the first header after the Per-Fragment headers of the original packet.
-
The fragment itself.
碎片本身。
Fragments must not be created that overlap with any other fragments created from the original packet.
不得创建与从原始数据包创建的任何其他片段重叠的片段。
At the destination, fragment packets are reassembled into their original, unfragmented form, as illustrated:
在目的地,片段数据包被重新组装成其原始的未片段形式,如图所示:
reassembled original packet:
重新组装的原始数据包:
+---------------+-----------------+---------+--------+-//--+--------+
| Per-Fragment |Ext & Upper-Layer| first | second | | last |
| Headers | Headers |frag data|fragment|.....|fragment|
+---------------+-----------------+---------+--------+-//--+--------+
The following rules govern reassembly:
以下规则适用于重新组装:
-
An original packet is reassembled only from fragment packets that have the same Source Address, Destination Address, and Fragment Identification.
原始数据包仅从具有相同源地址、目标地址和片段标识的片段数据包重新组装。 -
The Per-Fragment headers of the reassembled packet consists of all headers up to, but not including, the Fragment header of the first fragment packet (that is, the packet whose Fragment Offset is zero), with the following two changes:
重新组装的数据包的每片段报头包括第一个片段数据包的片段报头(即片段偏移量为零的数据包)之前的所有报头,但不包括这些报头,其中有以下两个变化:-
The Next Header field of the last header of the Per-Fragment headers is obtained from the Next Header field of the first fragment’s Fragment header.
每个片段头的最后一个头的下一个头字段来自第一个片段的片段头的下一个头字段。 -
The Payload Length of the reassembled packet is computed from the length of the Per-Fragment headers and the length and offset of the last fragment. For example, a formula for computing the Payload Length of the reassembled original packet is:
重新组装的数据包的有效负载长度是根据每个片段头的长度以及最后一个片段的长度和偏移量来计算的。例如,用于计算重新组装的原始分组的有效载荷长度的公式为:P L . orig = P L . first − F L . first − 8 + ( 8 × F O . last ) + F L . last PL.\text{orig} = PL.\text{first} - FL.\text{first} - 8 + (8 \times FO.\text{last}) + FL.\text{last} PL.orig=PL.first−FL.first−8+(8×FO.last)+FL.last
-
PL.orig = Payload Length field of reassembled packet.
PL.orig = 重组数据包的负载长度字段。 -
PL.first = Payload Length field of first fragment packet.
PL.first = 第一个分片数据包的负载长度字段。 -
FL.first = length of fragment following Fragment header of first fragment packet.
FL.first = 第一个分片数据包的分片头之后的分片长度。 -
FO.last = Fragment Offset field of Fragment header of last fragment packet.
FO.last = 最后一个分片数据包的分片头中的分片偏移字段。 -
FL.last = length of fragment following Fragment header of last fragment packet.
FL.last = 最后一个分片数据包的分片头之后的分片长度。
-
-
-
The Fragmentable Part of the reassembled packet is constructed from the fragments following the Fragment headers in each of the fragment packets. The length of each fragment is computed by subtracting from the packet’s Payload Length the length of the headers between the IPv6 header and fragment itself; its relative position in Fragmentable Part is computed from its Fragment Offset value.
重新组装的数据包的可分段部分由每个片段数据包中片段头之后的片段构成。通过从数据包的有效负载长度中减去 IPv6 报头和片段本身之间的报头长度来计算每个片段的长度;根据碎片偏移值计算可碎片零件中的相对位置。 -
The Fragment header is not present in the final, reassembled packet.
片段头不存在于最终重新组装的数据包中。
If the fragment is a whole datagram (that is, both the Fragment Offset field and the M flag are zero), then it does not need any further reassembly and should be processed as a fully reassembled packet (i.e., updating Next Header, adjust Payload Length, removing the Fragment header, etc.). Any other fragments that match this packet (i.e., the same IPv6 Source Address, IPv6 Destination Address, and Fragment Identification) should be processed independently.
如果片段是一个完整的数据报(即,片段偏移字段和 M 标志均为零),则它不需要进一步重新组装,应作为完全重新组装的数据包进行处理(即,更新下一个报头、调整有效负载长度、移除片段报头等)。应独立处理与此数据包匹配的任何其他片段(即,相同的 IPv6 源地址、IPv6 目标地址和片段标识)。
The following error conditions may arise when reassembling fragmented packets:
重新组装碎片数据包时可能出现以下错误情况:
-
If insufficient fragments are received to complete reassembly of a packet within 60 seconds of the reception of the first-arriving fragment of that packet, reassembly of that packet must be abandoned and all the fragments that have been received for that packet must be discarded. If the first fragment (i.e., the one with a Fragment Offset of zero) has been received, an ICMP Time Exceeded – Fragment Reassembly Time Exceeded message should be sent to the source of that fragment.
如果在收到第一个到达的数据包片段后的 60 秒内没有收到足够的片段来完成数据包的重新组装,则必须放弃该数据包的重新组装,并且必须丢弃为该数据包接收的所有片段。如果已接收到第一个片段(即片段偏移量为零的片段),则应向该片段的源发送 ICMP Time EXCENDED-- 片段重组时间 EXCENDED 消息。 -
If the length of a fragment, as derived from the fragment packet’s Payload Length field, is not a multiple of 8 octets and the M flag of that fragment is 1, then that fragment must be discarded and an ICMP Parameter Problem, Code 0, message should be sent to the source of the fragment, pointing to the Payload Length field of the fragment packet.
如果从片段数据包的有效负载长度字段派生的片段长度不是 8 个八位字节的倍数,并且该片段的 M 标志为 1,则必须丢弃该片段,并且 ICMP 参数问题代码 0 消息应发送到片段源,指向片段数据包的有效负载长度字段。 -
If the length and offset of a fragment are such that the Payload Length of the packet reassembled from that fragment would exceed 65,535 octets, then that fragment must be discarded and an ICMP Parameter Problem, Code 0, message should be sent to the source of the fragment, pointing to the Fragment Offset field of the fragment packet.
如果片段的长度和偏移量使从该片段重新组装的数据包的有效负载长度超过 65535 个八位字节,则必须丢弃该片段,并将 ICMP 参数问题代码 0 消息发送到片段源,指向片段数据包的片段偏移量字段。 -
If the first fragment does not include all headers through an Upper-Layer header, then that fragment should be discarded and an ICMP Parameter Problem, Code 3, message should be sent to the source of the fragment, with the Pointer field set to zero.
如果第一个片段不包括通过上层标头的所有标头,则应丢弃该片段,并将 ICMP 参数问题(代码 3)消息发送到片段源,指针字段设置为零。 -
If any of the fragments being reassembled overlap with any other fragments being reassembled for the same packet, reassembly of that packet must be abandoned and all the fragments that have been received for that packet must be discarded, and no ICMP error messages should be sent.
如果重新组装的任何片段与为同一数据包重新组装的任何其他片段重叠,则必须放弃该数据包的重新组装,并且必须丢弃为该数据包接收的所有片段,并且不应发送 ICMP 错误消息。
It should be noted that fragments may be duplicated in the network. Instead of treating these exact duplicate fragments as overlapping fragments, an implementation may choose to detect this case and drop exact duplicate fragments while keeping the other fragments belonging to the same packet.
应该注意的是,片段可能在网络中重复。与将这些完全重复的片段视为重叠片段不同,实现可以选择检测这种情况并丢弃完全重复的片段,同时保留属于同一数据包的其他片段。
The following conditions are not expected to occur frequently but are not considered errors if they do:
以下情况预计不会频繁发生,但如果发生,则不视为错误:
-
The number and content of the headers preceding the Fragment header of different fragments of the same original packet may differ. Whatever headers are present, preceding the Fragment header in each fragment packet, are processed when the packets arrive, prior to queueing the fragments for reassembly. Only those headers in the Offset zero fragment packet are retained in the reassembled packet.
相同原始分组的不同片段的片段报头之前的报头的数量和内容可能不同。在每个片段数据包中,在片段报头之前存在的任何报头都会在数据包到达时进行处理,然后再将片段排队进行重新组装。重新组装的数据包中只保留偏移量为零的片段数据包中的那些头。 -
The Next Header values in the Fragment headers of different fragments of the same original packet may differ. Only the value from the Offset zero fragment packet is used for reassembly.
同一原始分组的不同片段的片段报头中的下一报头值可能不同。只有来自偏移量零片段数据包的值用于重新组装。 -
Other fields in the IPv6 header may also vary across the fragments being reassembled. Specifications that use these fields may provide additional instructions if the basic mechanism of using the values from the Offset zero fragment is not sufficient. For example, Section 5.3 of [RFC3168] describes how to combine the Explicit Congestion Notification (ECN) bits from different fragments to derive the ECN bits of the reassembled packet.
IPv6 标头中的其他字段也可能因重新组装的片段而异。如果使用偏移量零片段中的值的基本机制不够,则使用这些字段的规范可能会提供额外的说明。例如,[RFC3168] 的第 5.3 节描述了如何组合来自不同片段的显式拥塞通知(ECN)位,以导出重新组装的数据包的 ECN 位。
4.6. Destination Options Header
目的地选项标题
The Destination Options header is used to carry optional information that need be examined only by a packet’s destination node (s). The Destination Options header is identified by a Next Header value of 60 in the immediately preceding header and has the following format:
Destination Options 报头用于承载仅需要由数据包的目的地节点检查的可选信息。目标选项标头由前一个标头中的下一个标头值 60 标识,格式如下:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Next Header 8-bit selector. Identifies the type of header immediately following the Destination Options header. Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识紧跟在目标选项标头之后的标头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Hdr Ext Len 8-bit unsigned integer. Length of the Destination Options header in 8-octet units, not including the first 8 octets.
Hdr Ext Len 8 位无符号整数。目标选项标头的长度,以 8 个八位字节为单位,不包括前 8 个八位字节。 -
Options Variable-length field, of length such that the complete Destination Options header is an integer multiple of 8 octets long. Contains one or more TLV-encoded options, as described in Section 4.2.
Options 可变长度字段,其长度应确保完整的目标选项标头为 8 个八位字节长的整数倍。包含一个或多个 TLV 编码选项,如第 4.2 节所述。
The only destination options defined in this document are the Pad1 and PadN options specified in Section 4.2.
本文件中定义的唯一目的地选项是第 4.2 节中规定的 Pad1 和 PadN 选项。
Note that there are two possible ways to encode optional destination information in an IPv6 packet: either as an option in the Destination Options header or as a separate extension header. The Fragment header and the Authentication header are examples of the latter approach. Which approach can be used depends on what action is desired of a destination node that does not understand the optional information:
请注意,在 IPv6 数据包中编码可选目标信息有两种可能的方法:作为目标选项报头中的选项或作为单独的扩展报头。片段头和身份验证头是后一种方法的示例。可以使用哪种方法取决于不了解可选信息的目标节点需要采取什么行动:
-
If the desired action is for the destination node to discard the packet and, only if the packet’s Destination Address is not a multicast address, send an ICMP Unrecognized Type message to the packet’s Source Address, then the information may be encoded either as a separate header or as an option in the Destination Options header whose Option Type has the value 11 in its highest-order 2 bits. The choice may depend on such factors as which takes fewer octets, or which yields better alignment or more efficient parsing.
如果所需的操作是目的地节点丢弃该分组,并且仅当该分组的目的地地址不是多播地址时,才向该分组的源地址发送 ICMP 未识别类型的消息,则该信息可以被编码为单独的报头,或者作为目标选项报头中的一个选项,其选项类型在其最高顺序 2 位中的值为 11。选择可能取决于这样的因素,例如需要更少的八位字节,或者产生更好的对齐或更有效的解析。 -
If any other action is desired, the information must be encoded as an option in the Destination Options header whose Option Type has the value 00, 01, or 10 in its highest-order 2 bits, specifying the desired action (see Section 4.2).
如果需要任何其他操作,则必须将信息编码为目标选项标题中的选项,其选项类型的最高 2 位值为 00、01 或 10,指定所需操作(参见第 4.2 节)。
4.7. No Next Header
没有下一个标题
The value 59 in the Next Header field of an IPv6 header or any extension header indicates that there is nothing following that header. If the Payload Length field of the IPv6 header indicates the presence of octets past the end of a header whose Next Header field contains 59, those octets must be ignored and passed on unchanged if the packet is forwarded.
IPv6 标头或任何扩展标头的下一个标头字段中的值 59 表示该标头后面没有任何内容。如果 IPv6 报头的有效负载长度字段指示在下一个报头字段包含 59 个字节的报头末尾之后存在八位字节,则必须忽略这些八位字节,并在转发数据包时保持不变。
4.8. Defining New Extension Headers and Options
定义新的扩展标题和选项
Defining new IPv6 extension headers is not recommended, unless there are no existing IPv6 extension headers that can be used by specifying a new option for that IPv6 extension header. A proposal to specify a new IPv6 extension header must include a detailed technical explanation of why an existing IPv6 extension header cannot be used for the desired new function. See [RFC6564] for additional background information.
不建议定义新的 IPv6 扩展标头,除非通过为该 IPv6 扩展标头指定新选项,没有可使用的现有 IPv6 扩展标头。指定新 IPv6 扩展标头的提案必须包括详细的技术说明,说明现有 IPv6 扩展标头无法用于所需新功能的原因。更多背景信息,请参见 [RFC6564]。
Note: New extension headers that require hop-by-hop behavior must not be defined because, as specified in Section 4 of this document, the only extension header that has hop-by-hop behavior is the Hop-by-Hop Options header.
注意:不能定义需要逐跳行为的新扩展标头,因为如本文档第 4 节所述,具有逐跳行为的唯一扩展标头是逐跳选项标头。
New hop-by-hop options are not recommended because nodes may be configured to ignore the Hop-by-Hop Options header, drop packets containing a Hop-by-Hop Options header, or assign packets containing a Hop-by-Hop Options header to a slow processing path. Designers considering defining new hop-by-hop options need to be aware of this likely behavior. There has to be a very clear justification why any new hop-by-hop option is needed before it is standardized.
不建议使用新的逐跳选项,因为节点可能被配置为忽略逐跳选项标头,丢弃包含逐跳选项标头的数据包,或将包含逐跳选项标头的数据包分配给慢速处理路径。考虑定义新的逐跳选项的设计师需要了解这种可能的行为。在标准化之前,必须有一个非常明确的理由说明为什么需要任何新的逐跳选项。
Instead of defining new extension headers, it is recommended that the Destination Options header is used to carry optional information that must be examined only by a packet’s destination node (s), because they provide better handling and backward compatibility.
建议使用 Destination Options 报头来携带可选信息,而不是定义新的扩展报头,这些信息必须仅由数据包的目标节点检查,因为它们提供了更好的处理和向后兼容性。
If new extension headers are defined, they need to use the following format:
如果定义了新的扩展标头,则需要使用以下格式:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Header-Specific Data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
Next Header 8-bit selector. Identifies the type of header immediately following the extension header. Uses the same values as the IPv4 Protocol field [IANA-PN].
下一个标题 8 位选择器。标识紧跟在扩展标头之后的标头类型。使用与 IPv4 协议字段 [IANA-PN] 相同的值。 -
Hdr Ext Len 8-bit unsigned integer. Length of the Destination Options header in 8-octet units, not including the first 8 octets.
Hdr Ext Len 8 位无符号整数。目标选项标头的长度,以 8 个八位字节为单位,不包括前 8 个八位字节。 -
Header Specific Data Variable-length field. Fields specific to the extension header.
标题特定的数据可变长度字段。特定于扩展标题的字段。
5. Packet Size Issues
数据包大小问题
IPv6 requires that every link in the Internet have an MTU of 1280 octets or greater. This is known as the IPv6 minimum link MTU. On any link that cannot convey a 1280-octet packet in one piece, link-specific fragmentation and reassembly must be provided at a layer below IPv6.
IPv6 要求 Internet 中的每条链路都有 1280 个八位字节或更大的 MTU。这称为 IPv6 最小链路 MTU。在任何不能完整传输 1280 个八位组数据包的链路上,必须在 IPv6 下的一层提供特定于链路的分段和重组。
Links that have a configurable MTU (for example, PPP links [RFC1661]) must be configured to have an MTU of at least 1280 octets; it is recommended that they be configured with an MTU of 1500 octets or greater, to accommodate possible encapsulations (i.e., tunneling) without incurring IPv6-layer fragmentation.
具有可配置 MTU 的链路(例如,PPP 链路 [RFC1661])必须配置为具有至少 1280 个八位字节的 MTU;建议将其配置为 1500 个八位字节或更大的 MTU,以适应可能的封装(即隧道),而不会导致 IPv6 层碎片。
From each link to which a node is directly attached, the node must be able to accept packets as large as that link’s MTU.
从节点直接连接到的每个链路,节点必须能够接受与该链路的 MTU 一样大的数据包。
It is strongly recommended that IPv6 nodes implement Path MTU Discovery [RFC8201], in order to discover and take advantage of path MTUs greater than 1280 octets. However, a minimal IPv6 implementation (e.g., in a boot ROM) may simply restrict itself to sending packets no larger than 1280 octets, and omit implementation of Path MTU Discovery.
强烈建议 IPv6 节点实现路径 MTU 发现 [RFC8201],以便发现并利用大于 1280 个八位字节的路径 MTU。然而,最小 IPv6 实现(例如,在引导 ROM 中)可能仅限于发送不大于 1280 个八位字节的数据包,而忽略路径 MTU 发现的实现。
In order to send a packet larger than a path’s MTU, a node may use the IPv6 Fragment header to fragment the packet at the source and have it reassembled at the destination (s). However, the use of such fragmentation is discouraged in any application that is able to adjust its packets to fit the measured path MTU (i.e., down to 1280 octets).
为了发送大于路径 MTU 的数据包,节点可以使用 IPv6 片段头在源处对数据包进行片段化,并在目的地重新组装数据包。然而,在任何能够调整其分组以适合测量路径 MTU(即,低至 1280 个八位字节)的应用程序中,不鼓励使用这种分段。
A node must be able to accept a fragmented packet that, after reassembly, is as large as 1500 octets. A node is permitted to accept fragmented packets that reassemble to more than 1500 octets. An upper-layer protocol or application that depends on IPv6 fragmentation to send packets larger than the MTU of a path should not send packets larger than 1500 octets unless it has assurance that the destination is capable of reassembling packets of that larger size.
一个节点必须能够接受一个碎片数据包,在重新组装后,这个碎片数据包的大小可达 1500 个八位组。允许一个节点接受碎片数据包,这些碎片数据包重新组合到 1500 个八位组以上。依赖 IPv6 碎片发送大于路径 MTU 的数据包的上层协议或应用程序不应发送大于 1500 个八位字节的数据包,除非其确保目的地能够重新组合该较大的数据包。
6. Flow Labels
流标签
The 20-bit Flow Label field in the IPv6 header is used by a source to label sequences of packets to be treated in the network as a single flow.
IPv6 报头中的 20 位流标签字段由源用于标记要在网络中作为单个流处理的数据包序列。
The current definition of the IPv6 Flow Label can be found in [RFC6437].
IPv6 流标签的当前定义可在 [RFC6437] 中找到。
7. Traffic Classes
流量类别
The 8-bit Traffic Class field in the IPv6 header is used by the network for traffic management. The value of the Traffic Class bits in a received packet or fragment might be different from the value sent by the packet’s source.
IPv6 标头中的 8 位流量类别字段由网络用于流量管理。接收到的数据包或片段中的流量类位的值可能与数据包源发送的值不同。
The current use of the Traffic Class field for Differentiated Services and Explicit Congestion Notification is specified in [RFC2474] and [RFC3168].
[RFC2474] 和 [RFC3168] 中规定了区分服务和显式拥塞通知的当前使用流量类别字段。
8. Upper-Layer Protocol Issues
上层协议问题
8.1. Upper-Layer Checksums
上层校验和
Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses. In particular, the following illustration shows the TCP and UDP “pseudo-header” for IPv6:
任何在校验和计算中包含 IP 报头地址的传输协议或其他上层协议都必须进行修改,以便在 IPv6 上使用,以包含 128 位 IPv6 地址,而不是 32 位 IPv4 地址。特别是,下图显示了 IPv6 的 TCP 和 UDP “伪标头”:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Upper-Layer Packet Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero | Next Header |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
If the IPv6 packet contains a Routing header, the Destination Address used in the pseudo-header is that of the final destination. At the originating node, that address will be in the last element of the Routing header; at the recipient (s), that address will be in the Destination Address field of the IPv6 header.
如果 IPv6 数据包包含路由报头,则伪报头中使用的目的地地址是最终目的地的地址。在发起节点,该地址将位于路由报头的最后一个元素中;在收件人处,该地址将位于 IPv6 标头的目标地址字段中。 -
The Next Header value in the pseudo-header identifies the upper-layer protocol (e.g., 6 for TCP or 17 for UDP). It will differ from the Next Header value in the IPv6 header if there are extension headers between the IPv6 header and the upper-layer header.
伪报头中的下一个报头值标识上层协议(例如,TCP 为 6,UDP 为 17)。如果 IPv6 标头和上层标头之间存在扩展标头,则它将不同于 IPv6 标头中的下一个标头值。 -
The Upper-Layer Packet Length in the pseudo-header is the length of the upper-layer header and data (e.g., TCP header plus TCP data). Some upper-layer protocols carry their own length information (e.g., the Length field in the UDP header); for such protocols, that is the length used in the pseudo-header. Other protocols (such as TCP) do not carry their own length information, in which case the length used in the pseudo-header is the Payload Length from the IPv6 header, minus the length of any extension headers present between the IPv6 header and the upper-layer header.
伪报头中的上层数据包长度是上层报头和数据(例如,TCP 报头加 TCP 数据)的长度。一些上层协议携带自己的长度信息(例如,UDP 报头中的长度字段);对于此类协议,这是伪报头中使用的长度。其他协议(如 TCP)不携带自己的长度信息,在这种情况下,伪报头中使用的长度是来自 IPv6 报头的有效负载长度减去 IPv6 报头和上层报头之间存在的任何扩展报头的长度。 -
Unlike IPv4, the default behavior when UDP packets are originated by an IPv6 node is that the UDP checksum is not optional. That is, whenever originating a UDP packet, an IPv6 node must compute a UDP checksum over the packet and the pseudo-header, and, if that computation yields a result of zero, it must be changed to hex FFFF for placement in the UDP header. IPv6 receivers must discard UDP packets containing a zero checksum and should log the error.
与 IPv4 不同,IPv6 节点发起 UDP 数据包时的默认行为是 UDP 校验和不是可选的。也就是说,每当发起 UDP 数据包时,IPv6 节点必须计算该数据包和伪报头上的 UDP 校验和,如果该计算结果为零,则必须将其更改为十六进制 FFFF 以放置在 UDP 报头中。IPv6 接收器必须丢弃包含零校验和的 UDP 数据包,并应记录错误。 -
As an exception to the default behavior, protocols that use UDP as a tunnel encapsulation may enable zero-checksum mode for a specific port (or set of ports) for sending and/or receiving. Any node implementing zero-checksum mode must follow the requirements specified in “Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums” [RFC6936].
作为默认行为的一个例外,使用 UDP 作为隧道封装的协议可以为发送和 / 或接收的特定端口(或一组端口)启用零校验和模式。任何实现零校验和模式的节点必须遵守 “使用零校验和的 IPv6 UDP 数据报的适用性声明”[RFC6936] 中规定的要求。
The IPv6 version of ICMP [RFC4443] includes the above pseudo-header in its checksum computation; this is a change from the IPv4 version of ICMP, which does not include a pseudo-header in its checksum. The reason for the change is to protect ICMP from misdelivery or corruption of those fields of the IPv6 header on which it depends, which, unlike IPv4, are not covered by an internet-layer checksum. The Next Header field in the pseudo-header for ICMP contains the value 58, which identifies the IPv6 version of ICMP.
IPv6 版本的 ICMP [RFC4443] 在校验和计算中包含上述伪报头;这是对 IPv4 版本 ICMP 的更改,该版本的校验和中不包含伪报头。更改的原因是保护 ICMP 不受其所依赖的 IPv6 报头字段的误发或损坏,与 IPv4 不同,这些字段不受 internet 层校验和的覆盖。ICMP 伪标头中的下一个标头字段包含值 58,该值标识 ICMP 的 IPv6 版本。
8.2. Maximum Packet Lifetime
最大数据包生存期
Unlike IPv4, IPv6 nodes are not required to enforce maximum packet lifetime. That is the reason the IPv4 “Time-to-Live” field was renamed “Hop Limit” in IPv6. In practice, very few, if any, IPv4 implementations conform to the requirement that they limit packet lifetime, so this is not a change in practice. Any upper-layer protocol that relies on the internet layer (whether IPv4 or IPv6) to limit packet lifetime ought to be upgraded to provide its own mechanisms for detecting and discarding obsolete packets.
与 IPv4 不同,IPv6 节点不需要强制执行最大数据包生存期。这就是 IPv4 “生存时间” 字段在 IPv6 中重命名为 “跃点限制” 的原因。实际上,很少有 IPv4 实现符合限制数据包生存期的要求,因此这在实践中不是一个变化。任何依赖互联网层(IPv4 或 IPv6)来限制数据包生存期的上层协议都应该升级,以提供自己的机制来检测和丢弃过时的数据包。
8.3. Maximum Upper-Layer Payload Size
最大上层有效载荷大小
When computing the maximum payload size available for upper-layer data, an upper-layer protocol must take into account the larger size of the IPv6 header relative to the IPv4 header. For example, in IPv4, TCP’s Maximum Segment Size (MSS) option is computed as the maximum packet size (a default value or a value learned through Path MTU Discovery) minus 40 octets (20 octets for the minimum-length IPv4 header and 20 octets for the minimum-length TCP header). When using TCP over IPv6, the MSS must be computed as the maximum packet size minus 60 octets, because the minimum-length IPv6 header (i.e., an IPv6 header with no extension headers) is 20 octets longer than a minimum-length IPv4 header.
在计算上层数据可用的最大有效负载大小时,上层协议必须考虑 IPv6 报头相对于 IPv4 报头的较大大小。例如,在 IPv4 中,TCP 的最大段大小(MSS)选项计算为最大数据包大小(默认值或通过路径 MTU 发现学习的值)减去 40 个八位字节(最小长度 IPv4 报头为 20 个八位字节,最小长度 TCP 报头为 20 个八位字节)。在 IPv6 上使用 TCP 时,MSS 必须计算为最大数据包大小减去 60 个八位字节,因为最小长度 IPv6 报头(即没有扩展报头的 IPv6 报头)比最小长度 IPv4 报头长 20 个八位字节。
8.4. Responding to Packets Carrying Routing Headers
响应承载路由头的数据包
When an upper-layer protocol sends one or more packets in response to a received packet that included a Routing header, the response packet (s) must not include a Routing header that was automatically derived by “reversing” the received Routing header UNLESS the integrity and authenticity of the received Source Address and Routing header have been verified (e.g., via the use of an Authentication header in the received packet). In other words, only the following kinds of packets are permitted in response to a received packet bearing a Routing header:
当上层协议发送一个或多个数据包以响应包含路由报头的接收数据包时,响应数据包不得包含通过 “反向” 自动导出的路由报头接收到的路由报头,除非已验证接收到的源地址和路由报头的完整性和真实性(例如,通过在接收到的分组中使用认证报头)。换句话说,仅允许以下类型的分组响应于承载路由报头的接收分组:
-
Response packets that do not carry Routing headers.
不携带路由头的响应数据包。 -
Response packets that carry Routing headers that were NOT derived by reversing the Routing header of the received packet (for example, a Routing header supplied by local configuration).
带有路由头的响应数据包,该路由头不是通过反转接收数据包的路由头(例如,由本地配置提供的路由头)而派生的。 -
Response packets that carry Routing headers that were derived by reversing the Routing header of the received packet IF AND ONLY IF the integrity and authenticity of the Source Address and Routing header from the received packet have been verified by the responder.
当且仅当响应者已验证来自接收数据包的源地址和路由报头的完整性和真实性时,携带路由报头的响应数据包,该路由报头通过反转接收数据包的路由报头而派生。
9. IANA Considerations
IANA 考虑
RFC 2460 is referenced in a number of IANA registries. These include:
RFC 2460 在许多 IANA 注册中引用。这些措施包括:
-
Internet Protocol Version 6 (IPv6) Parameters [IANA-6P]
互联网协议版本 6(IPv6)参数 [IANA-6P] -
Assigned Internet Protocol Numbers [IANA-PN]
分配的互联网协议编号 [IANA-PN] -
ONC RPC Network Identifiers (netids) [IANA-NI]
ONC RPC 网络标识符(NetID)[IANA-NI] -
Network Layer Protocol Identifiers (NLPIDs) of Interest [IANA-NL]
感兴趣的网络层协议标识符(NLPID)[IANA-NL] -
Protocol Registries [IANA-PR]
协议登记处 [IANA-PR]
The IANA has updated these references to point to this document.
IANA 更新了这些参考文献,以指向本文件。
10. Security Considerations
安全考虑
IPv6, from the viewpoint of the basic format and transmission of packets, has security properties that are similar to IPv4. These security issues include:
从数据包的基本格式和传输角度来看,IPv6 具有类似于 IPv4 的安全特性。这些安全问题包括:
-
Eavesdropping, where on-path elements can observe the whole packet (including both contents and metadata) of each IPv6 datagram.
窃听,其中路径元素可以观察每个 IPv6 数据报的整个数据包(包括内容和元数据)。 -
Replay, where the attacker records a sequence of packets off of the wire and plays them back to the party that originally received them.
Replay,即攻击者从线路上记录一系列数据包,并将其回放给最初接收数据包的一方。 -
Packet insertion, where the attacker forges a packet with some chosen set of properties and injects it into the network.
数据包插入,即攻击者伪造具有某些选定属性集的数据包,并将其注入网络。 -
Packet deletion, where the attacker removes a packet from the wire.
数据包删除,即攻击者从线路上删除数据包。 -
Packet modification, where the attacker removes a packet from the wire, modifies it, and reinjects it into the network.
数据包修改,即攻击者从线路上删除数据包,对其进行修改,然后将其重新注入网络。 -
Man-in-the-middle (MITM) attacks, where the attacker subverts the communication stream in order to pose as the sender to receiver and the receiver to the sender.
中间人(MITM)攻击,攻击者破坏通信流,以充当发送方对接收方和接收方对发送方的角色。 -
Denial-of-service (DoS) attacks, where the attacker sends large amounts of legitimate traffic to a destination to overwhelm it.
拒绝服务(DoS)攻击,即攻击者向目的地发送大量合法流量以压倒目的地。
IPv6 packets can be protected from eavesdropping, replay, packet insertion, packet modification, and MITM attacks by use of the “Security Architecture for the Internet Protocol” [RFC4301]. In addition, upper-layer protocols such as Transport Layer Security (TLS) or Secure Shell (SSH) can be used to protect the application-layer traffic running on top of IPv6.
通过使用 “互联网协议安全架构”[RFC4301],可以保护 IPv6 数据包免受窃听、重播、数据包插入、数据包修改和 MITM 攻击。此外,传输层安全(TLS)或安全外壳(SSH)等上层协议可用于保护在 IPv6 上运行的应用层通信。
There is not any mechanism to protect against DoS attacks. Defending against these type of attacks is outside the scope of this specification.
没有任何机制可以防止 DoS 攻击。防御此类攻击不在本规范的范围内。
IPv6 addresses are significantly larger than IPv4 addresses making it much harder to scan the address space across the Internet and even on a single network link (e.g., Local Area Network). See [RFC7707] for more information.
IPv6 地址比 IPv4 地址大得多,这使得在 Internet 上甚至在单个网络链路(例如局域网)上扫描地址空间变得更加困难。有关更多信息,请参阅 [RFC7707]。
IPv6 addresses of nodes are expected to be more visible on the Internet as compared with IPv4 since the use of address translation technology is reduced. This creates some additional privacy issues such as making it easier to distinguish endpoints. See [RFC7721] for more information.
由于减少了地址转换技术的使用,与 IPv4 相比,IPv6 节点地址在 Internet 上的可视性更高。这会产生一些额外的隐私问题,例如更容易区分端点。有关更多信息,请参阅 [RFC7721]。
The design of IPv6 extension header architecture, while adding a lot of flexibility, also creates new security challenges. As noted below, issues relating to the Fragment extension header have been resolved, but it’s clear that for any new extension header designed in the future, the security implications need to be examined thoroughly, and this needs to include how the new extension header works with existing extension headers. See [RFC7045] for more information.
IPv6 扩展头架构的设计在增加了很多灵活性的同时,也带来了新的安全挑战。如下所述,与片段扩展头相关的问题已经解决,但很明显,对于将来设计的任何新扩展头,都需要彻底检查安全性影响,这需要包括新扩展头如何与现有扩展头一起工作。有关更多信息,请参阅 [RFC7045]。
This version of the IPv6 specification resolves a number of security issues that were found with the previous version [RFC2460] of the IPv6 specification. These include:
此版本的 IPv6 规范解决了先前版本 [RFC2460] 的 IPv6 规范中发现的许多安全问题。这些措施包括:
-
Revised the text to handle the case of fragments that are whole datagrams (i.e., both the Fragment Offset field and the M flag are zero). If received, they should be processed as a reassembled packet. Any other fragments that match should be processed independently. The Fragment creation process was modified to not create whole datagram fragments (Fragment Offset field and the M flag are zero). See [RFC6946] and [RFC8021] for more information.
修改文本以处理作为完整数据报的片段(即,片段偏移量字段和 M 标志均为零)。如果收到,应将其作为重新组装的数据包进行处理。匹配的任何其他片段都应单独处理。片段创建过程被修改为不创建整个数据报片段(片段偏移字段和 M 标志为零)。有关更多信息,请参阅 [RFC6946] 和 [RFC8021]。 -
Removed the paragraph in Section 5 that required including a Fragment header to outgoing packets if an ICMP Packet Too Big message reporting a Next-Hop MTU is less than 1280. See [RFC6946] for more information.
删除了第 5 节中的段落,该段落要求在报告下一跳 MTU 小于 1280 的 ICMP 数据包过大消息时,在传出数据包中包含一个片段头。有关更多信息,请参阅 [RFC6946]。 -
Changed the text to require that IPv6 nodes must not create overlapping fragments. Also, when reassembling an IPv6 datagram, if one or more of its constituent fragments is determined to be an overlapping fragment, the entire datagram (and any constituent fragments) must be silently discarded. Includes clarification that no ICMP error message should be sent if overlapping fragments are received. See [RFC5722] for more information.
将文本更改为要求 IPv6 节点不得创建重叠片段。此外,在重新组装 IPv6 数据报时,如果确定其一个或多个组成片段是重叠片段,则必须悄悄地丢弃整个数据报(以及任何组成片段)。包括澄清,如果收到重叠片段,则不应发送 ICMP 错误消息。有关更多信息,请参阅 [RFC5722]。 -
Revised the text to require that all headers through the first upper-layer header are in the first fragment. See [RFC7112] for more information.
修改文本,要求通过第一个上层标题的所有标题都位于第一个片段中。有关更多信息,请参阅 [RFC7112]。 -
Incorporated the updates from [RFC5095] and [RFC5871] to remove the description of the Routing Header type 0 (RH0), that the allocations guidelines for Routing headers are specified in RFC 5871, and removed RH0 from the list of required extension headers.
合并了 [RFC5095] 和 [RFC5871] 的更新,以删除路由头类型 0(RH0)的描述,路由头的分配指南在 RFC 5871 中指定,并从所需扩展头列表中删除 RH0。
Security issues relating to other parts of IPv6 including addressing, ICMPv6, Path MTU Discovery, etc., are discussed in the appropriate specifications.
与 IPv6 其他部分相关的安全问题,包括寻址、ICMPv6、路径 MTU 发现等,将在相应的规范中讨论。
References
11.1 Normative References
- [RFC791] Postel, J., “Internet Protocol”, STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, http://www.rfc-editor.org/info/rfc791.
- [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers”, RFC 2474, DOI 10.17487/RFC2474, December 1998, http://www.rfc-editor.org/info/rfc2474.
- [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, “The Addition of Explicit Congestion Notification (ECN) to IP”, RFC 3168, DOI 10.17487/RFC3168, September 2001, http://www.rfc-editor.org/info/rfc3168.
- [RFC4291] Hinden, R. and S. Deering, “IP Version 6 Addressing Architecture”, RFC 4291, DOI 10.17487/RFC4291, February 2006, http://www.rfc-editor.org/info/rfc4291.
- [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., “Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification”, STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006, http://www.rfc-editor.org/info/rfc4443.
- [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, “IPv6 Flow Label Specification”, RFC 6437, DOI 10.17487/RFC6437, November 2011, http://www.rfc-editor.org/info/rfc6437.
11.2 Informative References
- [Err2541] RFC Errata, Erratum ID 2541, RFC 2460.
- [Err4279] RFC Errata, Erratum ID 4279, RFC 2460.
- [Err4657] RFC Errata, Erratum ID 4657, RFC 2460.
- [Err4662] RFC Errata, Erratum ID 4662, RFC 2460.
- [IANA-6P] IANA, “Internet Protocol Version 6 (IPv6) Parameters”, https://www.iana.org/assignments/ipv6-parameters.
- [IANA-EH] IANA, “IPv6 Extension Header Types”, https://www.iana.org/assignments/ipv6-parameters.
- [IANA-NI] IANA, “ONC RPC Network Identifiers (netids)”, https://www.iana.org/assignments/rpc-netids.
- [IANA-NL] IANA, “Network Layer Protocol Identifiers (NLPIDs) of Interest”, https://www.iana.org/assignments/nlpids.
- [IANA-PN] IANA, “Protocol Numbers”, https://www.iana.org/assignments/protocol-numbers.
- [IANA-PR] IANA, “Protocol Registries”, https://www.iana.org/ protocols>.
- [IANA-RH] IANA, “Routing Types”, https://www.iana.org/assignments/ ipv6-parameters>.
- [RFC1661] Simpson, W., Ed., “The Point-to-Point Protocol (PPP)”, STD 51, RFC 1661, DOI 10.17487/RFC1661, July 1994, http://www.rfc-editor.org/info/rfc1661.
- [RFC2460] Deering, S. and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification”, RFC 2460, DOI 10.17487/RFC2460, December 1998, http://www.rfc-editor.org/info/rfc2460.
- [RFC4301] Kent, S. and K. Seo, “Security Architecture for the Internet Protocol”, RFC 4301, DOI 10.17487/RFC4301, December 2005, http://www.rfc-editor.org/info/rfc4301.
- [RFC4302] Kent, S., “IP Authentication Header”, RFC 4302, DOI 10.17487/RFC4302, December 2005, http://www.rfc-editor.org/info/rfc4302.
- [RFC4303] Kent, S., “IP Encapsulating Security Payload (ESP)”, RFC 4303, DOI 10.17487/RFC4303, December 2005, http://www.rfc-editor.org/info/rfc4303.
- [RFC5095] Abley, J., Savola, P., and G. Neville-Neil, “Deprecation of Type 0 Routing Headers in IPv6”, RFC 5095, DOI 10.17487/RFC5095, December 2007, http://www.rfc-editor.org/info/rfc5095.
- [RFC5722] Krishnan, S., “Handling of Overlapping IPv6 Fragments”, RFC 5722, DOI 10.17487/RFC5722, December 2009, http://www.rfc-editor.org/info/rfc5722.
- [RFC5871] Arkko, J. and S. Bradner, “IANA Allocation Guidelines for the IPv6 Routing Header”, RFC 5871, DOI 10.17487/RFC5871, May 2010, http://www.rfc-editor.org/info/rfc5871.
- [RFC6564] Krishnan, S., Woodyatt, J., Kline, E., Hoagland, J., and M. Bhatia, “A Uniform Format for IPv6 Extension Headers”, RFC 6564, DOI 10.17487/RFC6564, April 2012, http://www.rfc-editor.org/info/rfc6564.
- [RFC6936] Fairhurst, G. and M. Westerlund, “Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums”, RFC 6936, DOI 10.17487/RFC6936, April 2013, http://www.rfc-editor.org/info/rfc6936.
- [RFC6946] Gont, F., “Processing of IPv6 “Atomic” Fragments”, RFC 6946, DOI 10.17487/RFC6946, May 2013, http://www.rfc-editor.org/info/rfc6946.
- [RFC7045] Carpenter, B. and S. Jiang, “Transmission and Processing of IPv6 Extension Headers”, RFC 7045, DOI 10.17487/RFC7045, December 2013, http://www.rfc-editor.org/info/rfc7045.
- [RFC7112] Gont, F., Manral, V., and R. Bonica, “Implications of Oversized IPv6 Header Chains”, RFC 7112, DOI 10.17487/RFC7112, January 2014, http://www.rfc-editor.org/info/rfc7112.
- [RFC7707] Gont, F. and T. Chown, “Network Reconnaissance in IPv6 Networks”, RFC 7707, DOI 10.17487/RFC7707, March 2016, http://www.rfc-editor.org/info/rfc7707.
- [RFC7721] Cooper, A., Gont, F., and D. Thaler, “Security and Privacy Considerations for IPv6 Address Generation Mechanisms”, RFC 7721, DOI 10.17487/RFC7721, March 2016, http://www.rfc-editor.org/info/rfc7721.
- [RFC7739] Gont, F., “Security Implications of Predictable Fragment Identification Values”, RFC 7739, DOI 10.17487/RFC7739, February 2016, http://www.rfc-editor.org/info/rfc7739.
- [RFC8021] Gont, F., Liu, W., and T. Anderson, “Generation of IPv6 Atomic Fragments Considered Harmful”, RFC 8021, DOI 10.17487/RFC8021, January 2017, http://www.rfc-editor.org/info/rfc8021.
- [RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, “Path MTU Discovery for IP version 6”, STD 87, RFC 8201, DOI 10.17487/RFC8201, July 2017, http://www.rfc-editor.org/info/rfc8201.
Appendix A. Formatting Guidelines for Options
This appendix gives some advice on how to lay out the fields when designing new options to be used in the Hop-by-Hop Options header or the Destination Options header, as described in Section 4.2. These guidelines are based on the following assumptions:
- One desirable feature is that any multi-octet fields within the Option Data area of an option be aligned on their natural boundaries, i.e., fields of width n octets should be placed at an integer multiple of n octets from the start of the Hop-by-Hop or Destination Options header, for n = 1, 2, 4, or 8.
- Another desirable feature is that the Hop-by-Hop or Destination Options header take up as little space as possible, subject to the requirement that the header be an integer multiple of 8 octets long.
- It may be assumed that, when either of the option-bearing headers are present, they carry a very small number of options, usually only one.
These assumptions suggest the following approach to laying out the fields of an option: order the fields from smallest to largest, with no interior padding, then derive the alignment requirement for the entire option based on the alignment requirement of the largest field (up to a maximum alignment of 8 octets). This approach is illustrated in the following examples:
Example 1
If an option X required two data fields, one of length 8 octets and one of length 4 octets, it would be laid out as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type=X |Opt Data Len=12| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Its alignment requirement is 8n+2, to ensure that the 8-octet field starts at a multiple-of-8 offset from the start of the enclosing header. A complete Hop-by-Hop or Destination Options header containing this one option would look as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example 2
If an option Y required three data fields, one of length 4 octets, one of length 2 octets, and one of length 1 octet, it would be laid out as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Its alignment requirement is 4n+3, to ensure that the 4-octet field starts at a multiple-of-4 offset from the start of the enclosing header. A complete Hop-by-Hop or Destination Options header containing this one option would look as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example 3
A Hop-by-Hop or Destination Options header containing both options X and Y from Examples 1 and 2 would have one of the two following formats, depending on which option appeared first:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=1 | 0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=4 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0 | 0 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Appendix B. Changes Since RFC 2460
This memo has the following changes from RFC 2460:
- Removed “IP Next Generation” from the Abstract.
- Added text in Section 1 that the data transmission order is the same as IPv4 as defined in RFC 791.
- Clarified the text in Section 3 about decrementing the Hop Limit.
- Clarified that extension headers (except for the Hop-by-Hop Options header) are not processed, inserted, or deleted by any node along a packet’s delivery path.
- Changed requirement for the Hop-by-Hop Options header to a “may”, and added a note to indicate what is expected regarding the Hop-by-Hop Options header.
- Added a paragraph to Section 4 to clarify how extension headers are numbered and which are upper-layer headers.
- Added a reference to the end of Section 4 to the “IPv6 Extension Header Types” IANA registry.
- Incorporated the updates from RFCs 5095 and 5871 to remove the description of RH0, that the allocations guidelines for routing headers are specified in RFC 5871, and removed RH0 from the list of required extension headers.
- Revised Section 4.5 on IPv6 fragmentation based on updates from RFCs 5722, 6946, 7112, and 8021. This includes:
- Revised the text to handle the case of fragments that are whole datagrams (i.e., both the Fragment Offset field and the M flag are zero). If received, they should be processed as a reassembled packet. Any other fragments that match should be processed independently. The revised Fragment creation process was modified to not create whole datagram fragments (Fragment Offset field and the M flag are zero).
- Changed the text to require that IPv6 nodes must not create overlapping fragments. Also, when reassembling an IPv6 datagram, if one or more of its constituent fragments is determined to be an overlapping fragment, the entire datagram (and any constituent fragments) must be silently discarded. Includes a clarification that no ICMP error message should be sent if overlapping fragments are received.
- Revised the text to require that all headers through the first Upper-Layer header are in the first fragment. This changed the text describing how packets are fragmented and reassembled and added a new error case.
- Added text to the Fragment header process on handling exact duplicate fragments.
- Updated the Fragmentation header text to correct the inclusion of an Authentication Header (AH) and noted No Next Header case.
- Changed terminology in the Fragment header section from “Unfragmentable Headers” to “Per-Fragment headers”.
- Removed the paragraph in Section 5 that required including a Fragment header to outgoing packets if an ICMP Packet Too Big message reports a Next-Hop MTU less than 1280.
- Changed the text to clarify MTU restriction and 8-byte restrictions, and noted the restriction on headers in the first fragment.
- In Section 4.5, added clarification noting that some fields in the IPv6 header may also vary across the fragments being reassembled, and that other specifications may provide additional instructions for how they should be reassembled. See, for example, Section 5.3 of [RFC3168].
- Incorporated the update from RFC 6564 to add a new Section 4.8 that describes recommendations for defining new extension headers and options.
- Added text to Section 5 to define “IPv6 minimum link MTU”.
- Simplified the text in Section 6 about Flow Labels and removed what was Appendix A (“Semantics and Usage of the Flow Label Field”); instead, pointed to the current specifications of the IPv6 Flow Label field in [RFC6437] and the Traffic Class field in [RFC2474] and [RFC3168].
- Incorporated the update made by RFC 6935 (“IPv6 and UDP Checksums for Tunneled Packets”) in Section 8. Added an exception to the default behavior for the handling of UDP packets with zero checksums for tunnels.
- Added instruction to Section 9, “IANA Considerations”, to change references to RFC 2460 to this document.
Acknowledgments
The authors gratefully acknowledge the many helpful suggestions of the members of the IPng Working Group, the End-to-End Protocols research group, and the Internet community at large.
The authors would also like to acknowledge the authors of the updating RFCs that were incorporated in this document to move the IPv6 specification to Internet Standard. They are Joe Abley, Shane Amante, Jari Arkko, Manav Bhatia, Ronald P. Bonica, Scott Bradner, Brian Carpenter, P.F. Chimento, Marshall Eubanks, Fernando Gont, James Hoagland, Suresh Krishnan, Vishwas Manral, George Neville-Neil, Jarno Rajahalme, Pekka Savola, Magnus Westerlund, and James Woodyatt.
Authors’ Addresses
-
Stephen E. Deering
Retired
Vancouver, British Columbia
Canada -
Robert M. Hinden
Check Point Software
959 Skyway Road
San Carlos, CA 94070
United States of AmericaEmail: bob.hinden@gmail.com
via:
-
IPv6 扩展头部 (一) 扩展头部格式、类型与扩展选项_ipv6 扩展首部 - CSDN 博客
https://blog.csdn.net/fuyuande/article/details/81146615 -
IPv6 扩展头部 (三) 路由头部 Routing Header for IPv6-CSDN 博客
https://blog.csdn.net/fuyuande/article/details/81122628 -
IPv6 扩展头部 (四) 分片头部 Fragment Header for IPv6-CSDN 博客
https://blog.csdn.net/fuyuande/article/details/81145145 -
IPv6 协议详解 - CSDN 博客
https://blog.csdn.net/fuyuande/article/details/81252936 -
RFC 8200 - Internet Protocol, Version 6 (IPv6) Specification
https://datatracker.ietf.org/doc/html/rfc8200
扫一扫
606
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
