Internet Engineering Task Force (IETF) S. Krishnan
Request for Comments: 6564 Ericsson
Updates: 2460 J. Woodyatt
Category: Standards Track Apple
ISSN: 2070-1721 E. Kline
Google
J. Hoagland
Symantec
M. Bhatia
Alcatel-Lucent
April 2012
A Uniform Format for IPv6 Extension Headers
Abstract
In IPv6, optional internet-layer information is encoded in separate
headers that may be placed between the IPv6 header and the transport-
layer header. There are a small number of such extension headers
currently defined. This document describes the issues that can arise
when defining new extension headers and discusses the alternate
extension mechanisms in IPv6. It also provides a common format for
defining any new IPv6 extension headers, if they are needed.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6564.
Krishnan, et al. Standards Track [Page 1]
RFC 6564 Format for IPv6 Extension Headers April 2012
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................2
2. Conventions Used in This Document ...............................3
3. Applicability ...................................................3
4. Proposed IPv6 Extension Header Format ...........................4
5. Backward Compatibility ..........................................4
6. Future Work .....................................................5
7. Security Considerations .........................................5
8. Acknowledgements ................................................5
9. Normative References ............................................5
1. Introduction
The base IPv6 standard [RFC2460] defines extension headers as an
expansion mechanism to carry optional internet-layer information.
Extension headers, with the exception of the Hop-by-Hop Options
header, are not usually processed on intermediate nodes. However,
several existing deployed IPv6 routers and several existing deployed
IPv6 firewalls, in contradiction to [RFC2460], are capable of parsing
past or ignoring all currently defined IPv6 extension headers (e.g.,
to examine transport-layer header fields) at wire speed (e.g., by
using custom Application-specific Integrated Circuits (ASICs) for
packet processing). Hence, one must also consider that any new IPv6
extension header will break IPv6 deployments that use these existing
capabilities.
Any IPv6 header or option that has hop-by-hop behavior, and is
intended for general use in the public IPv6 Internet, could be
subverted to create an attack on IPv6 routers that process packets
containing such a header or option. Reports from the field indicate
that some IP routers deployed within the global Internet are
configured either to ignore the presence of headers with hop-by-hop
Krishnan, et al. Standards Track [Page 2]
RFC 6564 Format for IPv6 Extension Headers April 2012
behavior or to drop packets containing headers with hop-by-hop
behavior.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Applicability
The base IPv6 standard [RFC2460] allows the use of both extension
headers and destination options in order to encode optional
destination information in an IPv6 packet. The use of destination
options to encode this information provides more flexible handling
characteristics and better backward compatibility than using
extension headers. Because of this, implementations SHOULD use
destination options as the preferred mechanism for encoding optional
destination information, and use a new extension header only if
destination options do not satisfy their needs. The request for
creation of a new IPv6 extension header MUST be accompanied by a
specific explanation of why destination options could not be used to
convey this information.
The base IPv6 standard [RFC2460] defines 3 extension headers (i.e.,
Routing header, Destination Options header, Hop-by-Hop Options
header) to be used for any new IPv6 options. The same standard only
allows the creation of new extension headers in limited circumstances
([RFC2460], Section 4.6).
As noted above, the use of any option with hop-by-hop behavior can be
problematic in the global public Internet. New IPv6 extension
header(s) having hop-by-hop behavior MUST NOT be created or
specified. New options for the existing Hop-by-Hop Header SHOULD NOT
be created or specified unless no alternative solution is feasible.
Any proposal to create a new option for the existing Hop-by-Hop
Header MUST include a detailed explanation of why the hop-by-hop
behavior is absolutely essential in the document proposing the new
option with hop-by-hop behavior.
The use of IPv6 Destination Options to encode information provides
more flexible handling characteristics and better backward
compatibility than using a new extension header. Because of this,
new optional information to be sent SHOULD be encoded in a new option
for the existing IPv6 Destination Options header.
Krishnan, et al. Standards Track [Page 3]
RFC 6564 Format for IPv6 Extension Headers April 2012
Mindful of the need for compatibility with existing IPv6 deployments,
new IPv6 extension headers MUST NOT be created or specified, unless
no existing IPv6 extension header can be used by specifying a new
option for that existing IPv6 extension header. Any proposal to
create or specify a new IPv6 extension header MUST include a detailed
technical explanation of why no existing IPv6 extension header can be
used in the document proposing the new IPv6 extension header.
4. Proposed IPv6 Extension Header Format
Any IPv6 extension headers defined in the future, keeping in mind the
restrictions specified in Section 3 and also the restrictions
specified in [RFC2460], MUST use the consistent format defined in
Figure 1. This minimizes breakage in intermediate nodes that examine
these extension headers.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Header Specific Data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Next Header 8-bit selector. Identifies the type of header
immediately following the extension header.
Uses the same values as the IPv4 Protocol field
[IANA_IP_PARAM].
Hdr Ext Len 8-bit unsigned integer. Length of the extension
header in 8-octet units, not including the first
8 octets.
Header Specific Variable length. Fields specific to the
Data extension header.
Figure 1: Extension Header Layout
5. Backward Compatibility
The scheme proposed in this document is not intended to be backward
compatible with all the currently defined IPv6 extension headers. It
applies only to newly defined extension headers. Specifically, the
Krishnan, et al. Standards Track [Page 4]
RFC 6564 Format for IPv6 Extension Headers April 2012
fragment header predates this document and does not follow the format
proposed in this document.
6. Future Work
This document proposes one step in easing the inspection of extension
headers by middleboxes. There is further work required in this area.
Some issues that are left unresolved beyond this document include:
o There can be an arbitrary number of extension headers.
o Extension headers must be processed in the order they appear.
o Extension headers may alter the processing of the payload itself,
and hence the packet may not be processed properly without
knowledge of said header.
7. Security Considerations
This document proposes a standard format for the IPv6 extension
headers that minimizes breakage at intermediate nodes that inspect
but do not understand the contents of these headers. Intermediate
nodes, such as firewalls, that skip over unknown headers might end up
allowing the setup of a covert channel from the outside of the
firewall to the inside using the data field(s) of the unknown
extension headers.
8. Acknowledgements
The authors would like to thank Albert Manfredi, Bob Hinden, Brian
Carpenter, Erik Nordmark, Hemant Singh, Lars Westberg, Markku Savela,
Tatuya Jinmei, Thomas Narten, Vishwas Manral, Alfred Hoenes, Joel
Halpern, Ran Atkinson, Steven Blake, Jari Arkko, Kathleen Moriarty,
Stephen Farrell, Ralph Droms, Sean Turner, and Adrian Farrel for
their reviews and suggestions that made this document better.
9. Normative References
[IANA_IP_PARAM] IANA, "IP Parameters",
<http://www.iana.org/assignments/ip-parameters>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol,
Version 6 (IPv6) Specification", RFC 2460, December
1998.
Krishnan, et al. Standards Track [Page 5]
RFC 6564 Format for IPv6 Extension Headers April 2012
Authors' Addresses
Suresh Krishnan
Ericsson
8400 Decarie Blvd.
Town of Mount Royal, QC
Canada
Phone: +1 514 345 7900 x42871
EMail: suresh.krishnan@ericsson.com
James Woodyatt
Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
US
EMail: jhw@apple.com
Erik Kline
Google
Mori Tower 26F
Roppongi 6-10-1
Minato ku
Tokyo 106-6126
Japan
Phone: +81 3-6384-9635
EMail: ek@google.com
James Hoagland
Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
US
EMail: Jim_Hoagland@symantec.com
URI: http://symantec.com/
Manav Bhatia
Alcatel-Lucent
Bangalore
India
EMail: manav.bhatia@alcatel-lucent.com
Krishnan, et al. Standards Track [Page 6]