[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 RFC 4214

Network Working Group                                         F. Templin
Internet-Draft                                                     Nokia
Expires: August 4, 2004                                       T. Gleeson
                                                      Cisco Systems K.K.
                                                               M. Talwar
                                                               D. Thaler
                                                   Microsoft Corporation
                                                        February 4, 2004


      Internet/Site Automatic Tunnel Addressing Protocol (ISATAP)
                    draft-ietf-ngtrans-isatap-18.txt

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at http://
   www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 4, 2004.

Copyright Notice

   Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

   The Internet/Site Automatic Tunnel Addressing Protocol (ISATAP)
   connects IPv6 hosts/routers over IPv4 networks. ISATAP views the IPv4
   network as a link layer for IPv6 and views other nodes on the network
   as potential IPv6 hosts/routers. ISATAP supports automatic tunneling
   and a tunnel interface management abstraction similar to the Non-
   Broadcast, Multiple Access (NBMA) and ATM Permanent/Switched Virtual
   Circuit (PVC/SVC) models.



Templin, et al.          Expires August 4, 2004                 [Page 1]

Internet-Draft                   ISATAP                    February 2004


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   4.  ISATAP Conceptual Model  . . . . . . . . . . . . . . . . . . .  4
   5.  Node Requirements  . . . . . . . . . . . . . . . . . . . . . .  5
   6.  Addressing Requirements  . . . . . . . . . . . . . . . . . . .  5
   7.  Configuration and Management Requirements  . . . . . . . . . .  6
   8.  Automatic Tunneling  . . . . . . . . . . . . . . . . . . . . . 10
   9.  Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . . 15
   10. Other Requirements for Control Plane Signaling . . . . . . . . 18
   11. Security considerations  . . . . . . . . . . . . . . . . . . . 18
   12. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 18
   13. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 19
   14. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 20
   A.  Major Changes  . . . . . . . . . . . . . . . . . . . . . . . . 21
   B.  Example ISATAP Driver API  . . . . . . . . . . . . . . . . . . 21
   C.  The IPv6 Minimum MTU . . . . . . . . . . . . . . . . . . . . . 24
   D.  Modified EUI-64 Addresses in the IANA Ethernet Address Block . 24
   E.  Proposed ICMPv6 Code Field Types . . . . . . . . . . . . . . . 25
       Normative References . . . . . . . . . . . . . . . . . . . . . 25
       Informative References . . . . . . . . . . . . . . . . . . . . 27
       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29
       Intellectual Property and Copyright Statements . . . . . . . . 30


























Templin, et al.          Expires August 4, 2004                 [Page 2]

Internet-Draft                   ISATAP                    February 2004


1. Introduction

   This document specifies a simple mechanism called the Internet/Site
   Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6
   [RFC2460] hosts/routers over IPv4 [STD0005] networks. Dual-stack
   (IPv6/IPv4) nodes use ISATAP to automatically tunnel IPv6 packets in
   IPv4, i.e., ISATAP views the IPv4 network as a link layer for IPv6
   and views other nodes on the network as potential IPv6 hosts/routers.

   ISATAP enables automatic tunneling whether global or private IPv4
   addresses are used, and supports a tunnel interface management
   abstraction similar to the Non-Broadcast, Multiple Access (NBMA)
   [RFC2491] and ATM Permanent/Switched Virtual Circuit (PVC/SVC)
   [RFC2492] models.

   The main objectives of this document are to: 1) describe the ISATAP
   conceptual model, 2) specify addressing requirements, 3) discuss
   configuration and management requirements, 4) specify automatic
   tunneling using ISATAP, 5) specify operational aspects of IPv6
   Neighbor Discovery, and 6) discuss IANA and Security considerations.

   This document surveys all IETF v6ops WG documents current up to
   February 4, 2004.

2. Requirements

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in [BCP0014].

3. Terminology

   The terminology of [STD0003][RFC2460][RFC2461][RFC3582] applies to
   this document. The following additional terms are defined:

   ISATAP node:
      a node that implements the specifications in this document.

   ISATAP daemon:
      an ISATAP node's server application that uses an ISATAP driver API
      for control plane signaling and tunnel interface
      configuration/management.









Templin, et al.          Expires August 4, 2004                 [Page 3]

Internet-Draft                   ISATAP                    February 2004


   ISATAP driver:
      an ISATAP node's network driver module that provides an API for
      control plane signaling and tunnel interface configuration/
      management. Also provides an engine for tunneled packet
      encapsulation, decapsulation and forwarding.

   logical interface:
      an IPv6 address or a configured tunnel interface associated with
      an ISATAP interface.

   ISATAP interface:
      an ISATAP node's point-to-multipoint IPv6 interface for automatic
      IPv6-in-IPv4 tunneling. Provides a control plane interface for the
      ISATAP daemon and a user plane nexus for its associated logical
      interfaces.

   ISATAP interface identifier:
      an IPv6 interface identifier with an embedded IPv4 address
      constructed as specified in section 6.1.

   ISATAP address:
      an IPv6 unicast address assigned on an ISATAP interface with an
      on-link prefix and an ISATAP interface identifier.

   locator:
      an IPv4 address-to-interface mapping, i.e., a node's IPv4 address
      and the index for it's associated interface.

   locator set:
      a set of locators associated with a tunnel interface, where each
      locator in the set belongs to the same site.

4. ISATAP Conceptual Model

   ISATAP nodes typically act as a host on some interfaces and as a
   router on other interfaces; the distinction between host and router
   is made per advertising interface.

   ISATAP interfaces provide a point-to-multipoint abstraction for
   IPv6-in-IPv4 tunneling. They provide a user plane nexus for tunneling
   packets on behalf of their associated logical interfaces.  They also
   provide a control plane interface for tunnel configuration signaling
   between the ISATAP daemon and prospective peers (e.g., via IPv6
   Neighbor Discovery messages, DNS queries, etc.).

   The ISATAP driver sends tunneled packets via the node's IPv4 stack
   according to the sending interface's encapsulation parameters. It
   also determines the correct interface to receive each tunneled packet



Templin, et al.          Expires August 4, 2004                 [Page 4]

Internet-Draft                   ISATAP                    February 2004


   after decapsulation via a forwarding table lookup.

   The ISATAP daemon configures and manages tunnels via an ISATAP driver
   API. Each such configured tunnel provides a nexus for multiple
   applications using IPv6 addresses as application identifiers. Each
   such application identifier provides a nexus for multiple sessions.
   In summary, each configured tunnel provides a point-to-point
   connection between peers that can support multiple applications and
   multiple instances of each application.

5. Node Requirements

   ISATAP nodes implement the common functionality required by [NODEREQ]
   as well as the additional features specified in this document.

6. Addressing Requirements

6.1 ISATAP Interface Identifiers

   ISATAP interface identifiers are constructed in Modified EUI-64
   format ([ADDR], appendix A). They are formed by concatenating the
   24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a
   32-bit IPv4 address in network byte order ([AUTH], section 3.4).

   The format for ISATAP interface identifiers is given below (where 'u'
   is the IEEE univeral/local bit, 'g' is the IEEE group/individual bit,
   and the 'm' bits represent the concatenated IPv4 address):

   |0              1|1              3|3              4|4              6|
   |0              5|6              1|2              7|8              3|
   +----------------+----------------+----------------+----------------+
   |000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm|
   +----------------+----------------+----------------+----------------+

   When the IPv4 address is known to be globally unique, the 'u' bit is
   set to 1; otherwise, the 'u' bit is set to 0 ([ADDR], section 2.5.1).
   See: Appendix D for additional non-normative details.

6.2 ISATAP Addresses

   Any IPv6 unicast address ([ADDR], section 2.5) that contains an
   ISATAP interface identifier constructed as specified in section 6.1
   and an on-link prefix on an ISATAP interface is considered an ISATAP
   address.







Templin, et al.          Expires August 4, 2004                 [Page 5]

Internet-Draft                   ISATAP                    February 2004


6.3 Multicast/Anycast

   ISATAP interfaces recognize a node's required IPv6 multicast/anycast
   addresses ([ADDR], section 2.8).

   For IPv6 multicast addresses of interest to local applications,
   ISATAP nodes join the corresponding Organization-Local Scope IPv4
   multicast groups ([RFC2529], section 6) on each interface that
   appears in an ISATAP interface's locator set (see: section 7.2).

   IPv6 multicast addresses of interest include a node's required
   multicast addresses, the 'All_DHCP_Relay_Agents_and_Servers' and
   'All_DHCP_Servers' multicast addresses (i.e., if the node is
   configured as a DHCPv6 server [RFC3315][RFC3633]), multicast
   addresses discovered via MLD [RFC2710], etc.

   Considerations for IPv6 anycast appear in [ANYCAST].

6.4 Source/Target Link Layer Address Options

   Source/Target Link Layer Address Options ([RFC2461], section 4.6.1)
   for ISATAP have the following format:

    +-------+-------+-------+-------+-------+-------+-------+--------+
    | Type  |Length |   0   |   0   |        IPv4 Address            |
    +-------+-------+-------+-------+-------+-------+-------+--------+

   Type:
      1 for Source Link-layer address.  2 for Target Link-layer address.

   Length:
      1 (in units of 8 octets).

   IPv4 Address:
      A 32 bit IPv4 address, in network byte order ([AUTH], section
      3.4).

   ISATAP nodes use the specifications in ([MECH], section 3.8) that
   pertain to sending and receiving Source/Target Link Layer Address
   Options.

7. Configuration and Management Requirements

7.1 Network Management

   ISATAP nodes MAY support network management; those that do SHOULD
   support the following MIBs: [FTMIB][IPMIB][TUNMIB][TCPMIB][UDPMIB].




Templin, et al.          Expires August 4, 2004                 [Page 6]

Internet-Draft                   ISATAP                    February 2004


   This document defines no new MIB tables, nor extensions to any
   existing MIB tables. Objects found in the MIBs listed above are
   supported as described in the following subsections.

7.2 The ifRcvAddressTable

   The ISATAP driver maintains ifRcvAddressTable as a bidirectional
   association of locators with tunnel interfaces. Each locator in the
   table includes a preferred IPv4 address-to-interface mapping (i.e., a
   preferred IPv4 ipAddressEntry in the node's ipAddressTable) and a
   list of associated tunnel interfaces. Each tunnel interface in the
   table has a tunnelIfEntry and a list of associated locators, i.e., a
   "locator set".

   The ISATAP driver implements the following conceptual functions to
   manage and search the ifRcvAddressTable:

7.2.1 RcvTableAdd(locator, tunnel_interface)

   Creates a bidirectional association in the ifRcvAddressTable between
   the locator and tunnel interface, i.e., adds the locator to the
   tunnel interface's locator set and adds the tunnel interface to the
   locator's association list.

   Returns success or failure.

7.2.2 RcvTableDel(locator, tunnel_interface)

   Deletes ifRcvAddressTable entries according to the locator and tunnel
   interface calling arguments as follows:

   -  if both arguments are NULL, garbage-collects the entire table.

   -  if both arguments are non-NULL, deletes the locator from the
      tunnel interface's locator set and deletes the tunnel interface
      from the locator's association list.

   -  if the locator is non-NULL and tunnel interface is NULL, deletes
      the locator from the locator sets of all tunnel interfaces.

   -  if the locator is NULL and the tunnel interface is non-NULL,
      deletes the tunnel interface from the association lists of all
      locators.

   Returns success or failure.






Templin, et al.          Expires August 4, 2004                 [Page 7]

Internet-Draft                   ISATAP                    February 2004


7.2.3 RcvTableLocate(packet)

   Searches the ifRcvAddressTable to locate the correct tunnel interface
   to decapsulate a packet. First, determines the locator that matches
   the packet's IPv4 destination address and ifIndex for the interface
   the packet arrived on. Next, checks each tunnel interface in the
   locator's association list for an exact match of tunnelIfEncapsMethod
   with the packet's encapsulation type and an exact match of
   tunnelIfRemoteInetAddress with the packet's IPv4 source address.

   If there is no match on the packet's IPv4 source address, a tunnel
   interface with a matching tunnelIfEncapsMethod and with
   tunnelIfRemoteInetAddress set to 0.0.0.0 is selected. If there are
   multiple matches, a tunnel interface with tunnelIfLocalInetAddress
   that matches the packet's IPv4 destination address is preferred.

   Returns a pointer to a tunnel interface if a match is found; else
   NULL.

7.3 ISATAP Driver API

   The ISATAP driver implements an API for calling processes, e.g.,
   ISATAP daemons, startup scripts, manual command line entry, kernel
   processes, etc. Access MUST be restricted to privileged users and
   applications. The API provides primitives for sending/receiving
   control plane messages as well as creating, deleting, modifying, and
   otherwise managing tunnel interfaces. An example (i.e., non-
   normative) API is given in Appendix B.

7.4 ISATAP Interface Creation/Configuration

   ISATAP interfaces are created via the tunnelIfConfigTable, which
   results in simultaneous creation of a tunnelIfEntry and a companion
   ipv6InterfaceEntry. Each ISATAP interface configures a locator set,
    where each locator in the set represents an IPv4 address-to-
   interface mapping for the same site (or, represents a mapping that is
   routable on the global Internet). An ISATAP interface MUST NOT
   configure a locator set that spans multiple sites.

   ISATAP interfaces configure the following objects in tunnelIfEntry:

   -  tunnelIfEncapsMethod is set to an IANATunnelType for "isatap".

   -  tunnelIfLocalInetAddress is set to an IPv4 address from the
      interface's locator set.

   -  tunnelIfRemoteInetAddress is set to 0.0.0.0 to denote wildcard
      match for remote tunnel endpoints.



Templin, et al.          Expires August 4, 2004                 [Page 8]

Internet-Draft                   ISATAP                    February 2004


   -  other read-write objects in the tunnelIfEntry are configured as
      for any tunnel interface.

   ISATAP interfaces also configure the following objects in
   ipv6InterfaceEntry:

   -  ipv6InterfaceType is set to "tunnel".

   -  ipv6InterfacePhysicalAddress is set to an octet string of zero
      length to indicate that this IPv6 interface does not have a
      physical address.

   -  ipv6InterfaceForwarding and, if necessary, ip6Forwarding for the
      node are set to "forwarding".

   -  other read-write objects in ipv6InterfaceEntry are configured as
      for any IPv6 interface.

   Finally, an ipv6RouterAdvertEntry for the ISATAP interface is created
   in ipv6RouterAdvertTable and its ipv6RouterAdvertIfIndex object is
   set to the same value as ipv6InterfaceIfIndex. Other objects in
   ipv6RouterAdvertEntry are configured as for any IPv6 router.

7.5 Dynamic Creation of Configured Tunnels

   Configured tunnels are normally created by the ISATAP daemon in
   dynamic response to a tunnel creation request. Configured tunnel
   interfaces are configured as for ISATAP interfaces (see: section
   7.4), except that tunnelIfRemoteInetAddress is normally set to a
   specific IPv4 address for a remote node at the far end of the tunnel,
   i.e., configured tunnels are normally configured as point-to-point.
   Also, tunnelIfEncapsMethod for the new entry is set to an
   IANATunnelType appropriate for the method of encapsulation.

   Configured tunnels MAY be "bound" to an ISATAP interface such that
   they inherit the ISATAP interface's locator set, e.g., for ease of
   management and to avoid misconfigurations.

   Configured tunnels MAY also be created as independent entities and
   configure their own locator set, but (as for ISATAP interfaces) they
   MUST NOT configure a locator set that spans multiple sites.










Templin, et al.          Expires August 4, 2004                 [Page 9]

Internet-Draft                   ISATAP                    February 2004


7.6 Reconfigurations Due to IPv4 Address Changes

   When a locator becomes deprecated (e.g., when an IPv4 address is
   removed from an IPv4 interface) the locator SHOULD be removed from
   all tunnel interface associations via RcvTableDel(locator, NULL).
   Also, all tunnel interfaces that used the deprecated IPv4 address as
   tunnelIfLocalInetAddress SHOULD configure a different local IPv4
   address from their remaining locator set.

   When a new IPv4 address is added to an IPv4 interface, the node MAY
   add the corresponding new locator to the locator set for one or more
   tunnel interfaces via RcvTableAdd(locator, tunnel_interface), and MAY
   set tunnelIfLocalInetAddress for tunnel interfaces referenced by the
   updated forwarding entries to the new address.

   Methods for triggering the above changes, and for communicating IPv4
   address changes to remote nodes, are out of scope.

8. Automatic Tunneling

   ISATAP nodes use the basic tunneling mechanisms specified in [MECH].
   The following additional specifications are also used:

8.1 Encapsulation

   The ISATAP driver encapsulates IPv6 packets in IPv4 using various
   encapsulation methods, including ip-protocol-41 (e.g., 6over4
   [RFC2529], 6to4 [RFC3056], IPv6-in-IPv4 configured tunnels [MECH],
   isatap, etc.), UDP [STD0006] port 3544, and others.

   AH [RFC2402] and/or ESP [RFC2406] processing and header compression
   for the packet's inner headers are performed prior to encapsulation.

8.1.1 NAT Traversal

   Native IPv6 and/or ip-protocol-41 encapsulation provides sufficient
   functionality to support peer-to-peer communications when both peers
   reside within the same site (i.e., the same enterprise network). When
   the remote peer resides within a different site, NAT traversal via
   UDP/IPv4 encapsulation MAY be necessary.

   When an ISATAP node determines that NAT traversal is necessary to
   reach a particular peer, it encapsulates IPv6 packets using UDP/IPv4
   encapsulation with a UDP destination port of 3544. This determination
   may come through, e.g., first attempting communications via ip-
   protocol-41 then failing over to UDP/IPv4 port 3544 encapsulation,
   administrative knowledge that a NAT traversal will occur along the
   path, etc.



Templin, et al.          Expires August 4, 2004                [Page 10]

Internet-Draft                   ISATAP                    February 2004


   When UDP/IPv4 port 3544 encapsulation is used, the specifications in
   this document apply the same as for any form of encapsulation
   supported by ISATAP.

8.1.2 Multicast

   ISATAP interfaces encapsulate packets with IPv6 multicast destination
   addresses using a mapped Organization-Local Scope IPv4 multicast
   address ([RFC2529], section 6) as the destination address in the
   encapsulating IPv4 header.

8.2 Tunnel MTU and Fragmentation

   Encapsulated packets may incur host-based IPv4 fragmentation, e.g.,
   when the underlying physical link has a small IPv4 MTU [BCP0048]. In
   such cases, host-based IPv4 fragmentation is required to satisfy the
   1280 byte IPv6 minimum MTU, and is not considered harmful [FRAG]. On
   the other hand, unmitigated IPv4 fragmentation caused by the network
   can cause poor performance. For example, since the minimum IPv4
   fragment size is only 8 bytes [STD0005], network middleboxes could
   shred a 1280 byte tunneled packet into as many as 160 IPv4 fragments.

   ISATAP uses the MTU and fragmentation specifications in ([MECH],
   section 3.2) and the Maximum Reassembly Unit (MRU) specifications in
   ([MECH], section 3.6), which provide sufficient measures for avoiding
   excessive IPv4 fragmentation in certain controlled environments
   (e.g., 3GPP operator networks, enterprise networks, etc). To minimize
   IPv4 fragmentation and improve performance in general use case
   scenarios, ISATAP nodes SHOULD add the following simple
   instrumentation to the IPv4 reassembly cache:

   When the initial fragment of an encapsulated packet arrives, the
   packet's IPv4 reassembly timer is set to 1 second (i.e., the worst
   case store-and-forward delay budget for a 1280 byte packet). If an
   encapsulated packet's IPv4 reassembly timer expires:

   -  If enough contiguous leading bytes of the packet have arrived
      (see: section 8.6), reassemble the packet from all fragments
      received.  (Otherwise, garbage-collect the reassembly buffer and
      return from processing.) During reassembly, copy zero-filled or,
      heuristically-chosen replacement data bytes in place of any
      missing fragments.

   -  Mark the packet as "INCOMPLETE", and also mark it with a
      "TOTAL_BYTES" length that encodes the total number of data bytes
      in fragments that arrived.

   -  Deliver the packet to the ISATAP driver as though reassembly had



Templin, et al.          Expires August 4, 2004                [Page 11]

Internet-Draft                   ISATAP                    February 2004


      succeeded.

   -  Do not send an ICMPv4 "time exceeded" message [STD0005].

   Appendix C provides informative text on the derivation of the 1280
   byte IPv6 minimum MTU.

8.3 Handling ICMPv4 Errors

   ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4
   errors as link-specific information indicating that a path to a
   neighbor may have failed ([RFC2461], section 7.3.3).

8.4 Link-Local Addresses

   ISATAP interfaces use link local addresses constructed as specified
   in section 6.1 of this document.

8.5 Neighbor Discovery over Tunnels

   The specification in ([MECH], section 3.8) is used; the additional
   specification for neighbor discovery in section 9 of this document
   are also used.

8.6 Decapsulation/Filtering

   ISATAP nodes typically arrange for the ISATAP driver to receive all
   IPv4-encapsulated IPv6 packets that are addressed to one of the
   node's IPv4 addresses. Examples include ip-protocol-41 (e.g., 6to4,
   6over4, configured tunnels, isatap, etc.), UDP/IPv4 port 3544, and
   others.  The ISATAP driver uses the decapsulation and filtering
   specifications in ([MECH], section 3.6), and processes each packet
   according to the following steps:

   1.  Locate the correct tunnel interface to receive the packet (see:
       section 7.2.3). If not found, silently discard the packet and
       return from processing.

   2.  If the tunnel uses header compression, reconstitute headers.  If
       header reconstitution fails, silently discard the packet and
       return from processing.

   3.  Verify that the packet's IPv4 source address is correct for the
       encapsulated IPv6 source address. For packets received on a
       configured tunnel interface, verification is exactly as specified
       in ([MECH], section 3.6).





Templin, et al.          Expires August 4, 2004                [Page 12]

Internet-Draft                   ISATAP                    February 2004


       For packets received on an ISATAP interface, the IPv4 source
       address is correct if:

       -  the IPv6 source address is an ISATAP address that embeds the
          IPv4 source address in its interface identifier, or:

       -  the IPv6 source address is the address of an IPv6 neighbor on
          an ISATAP interface associated with the locator that matched
          the packet (see: section 7.2.3), or:

       -  the IPv4 source address is a member of the Potential Router
          List (see: section 9.1).

       If the IPv4 source address is incorrect, silently discard the
       packet and return from processing.

   4.  Perform IPv4 ingress filtering (optional; disabled by default)
       then decapsulate the packet. If the IPv6 source address is
       invalid (see: [MECH], section 3.6), silently discard the packet
       and return from processing.

       For UDP port 3544 packets received on an ISATAP interface, if the
       IPv6 source address is an ISATAP link local address with the 'u'
       bit set to 0 and an embedded IPv4 address that does not match the
       IPv4 source address (see: section 6), rewrite the IPv6 source
       address to inform upper layers of the sender's mapped UDP port
       number and IPv4 source address.  Specific rules for rewriting the
       IPv6 source address are established during ISATAP interface
       configuration.

       Next, discard encapsulating headers and continue processing the
       encapsulated IPv6 packet.

   5.  Perform ingress filtering on the IPv6 source address (see:
       [MECH], section 3.6). Next, determine the correct transport
       protocol listener [FLOW] if the packet is destined to the
       localhost; otherwise, perform an IPv6 forwarding table lookup and
       site border/firewall filtering (see: [UNIQUE], section 6).

       If the packet cannot be delivered, the driver SHOULD send an
       ICMPv6 Destination Unreachable message ([RFC2463], section 3.2)
       to the packet's source. The message SHOULD select as its source
       address an IPv6 address from the outgoing interface (if the
       packet was destined to the localhost) or an ingress-wise correct
       IPv6 address from the interface that would have forwarded the
       packet had it not been filtered.





Templin, et al.          Expires August 4, 2004                [Page 13]

Internet-Draft                   ISATAP                    February 2004


       The Code field of the message is set as follows:

       -  if there is no route to the destination, the Code field is set
          to 0 (see: [RFC2463], section 3.1).

       -  if communication with the destination is administratively
          prohibited, the Code field is set to 1 ([RFC2463], section
          3.1).

       -  if the packet is destined to the localhost, but the transport
          protocol has no listener, the Code field is set to 4
          ([RFC2463], section 3.1).

       -  if the packet's destination is beyond the scope of the source
          address, the Code field is set to 2 (see: IANA
          Considerations).

       -  if the packet was dropped due to ingress filtering policies,
          the Code field is set to 5 (see: IANA Considerations).

       -  if the packet is dropped due to a reject route, the Code field
          is set to 6 (see: IANA Considerations).

       -  if the packet was received on a point-to-point link and
          destined to an address within a subnet assigned to that same
          link, or if the reason for the failure to deliver cannot be
          mapped to any of the specific conditions listed above, the
          Code field is set to 3 ([RFC2463], section 3.2).

       After sending the ICMPv6 Destination Unreachable message, discard
       the packet and return from processing.

   6.  If the packet is "INCOMPLETE" (see section 8.2) send an
       authenticated, unsolicited Router Advertisement message
       ([RFC2461], section 6.2.4) to the packet's IPv6 source address
       with an MTU option that encodes "TOTAL_BYTES".

   7.  If the packet was destined to a remote host, forward the packet
       and return from processing. Otherwise, apply AH [RFC2402] or ESP
       [RFC2406] processing (if necessary), and deliver the decapsulated
       packet by placing it in a buffer for upper layers. The buffer may
       be, e.g., the IPv6 reassembly cache, an application's mapped data
       buffer [RFC3542], etc.

       If there is clear evidence that upper layer reassembly has
       stalled, an ICMPv6 Packet Too Big message [RFC1981] MAY be sent
       to the packet's source address with an MTU value indicating a
       size that is likely to incur successful reassembly. Some



Templin, et al.          Expires August 4, 2004                [Page 14]

Internet-Draft                   ISATAP                    February 2004


       applications may realize greater efficiency by accepting partial
       information from "INCOMPLETE" packets (see: section 8.2) and
       requesting selective retransmission of missing portions.

9. Neighbor Discovery for ISATAP Interfaces

   ISATAP nodes use the neighbor discovery mechanisms specified in
   [RFC2461] along with securing mechanisms (e.g., [SEND]) to create/
   change neighbor cache entries and to provide control plane signaling
   for automatic tunnel configuration. ISATAP interfaces also implement
   the following specifications:

9.1 Conceptual Model Of A Host

   To the list of Conceptual Data Structures ([RFC2461], section 5.1),
   ISATAP interfaces add:

   Potential Router List
      A set of entries about potential routers; used to support the
      mechanisms specified in  section 9.2.2.1. Each entry ("PRL(i)")
      has an associated timer ("TIMER(i)"), and an IPv4 address
      ("V4ADDR(i)") that represents a router's advertising ISATAP
      interface.

9.2 Router and Prefix Discovery

9.2.1 Router Specification

   As permitted by ([RFC2461], section 6.2.6), the ISATAP daemon SHOULD
   send unicast Router Advertisement messages to the soliciting node's
   address when the solicitation's source address is not the unspecified
   address. (Router Advertisements MAY include information delegated via
   DHCPv6 [RFC3633]).

   Routers MUST NOT send prefix options containing a preferred lifetime
   greater than the valid lifetime.

9.2.2 Host Specification

9.2.2.1 Host Variables

   To the list of host variables ([RFC2461], section 6.3.2), ISATAP
   interfaces add:








Templin, et al.          Expires August 4, 2004                [Page 15]

Internet-Draft                   ISATAP                    February 2004


   PrlRefreshInterval
      Time in seconds between successive refreshments of the PRL after
      initialization. It SHOULD be no less than 3600 seconds. The
      designated value of all 1's (0xffffffff) represents infinity.
      Default: 3600 seconds

   MinRouterSolicitInterval
      Minimum time in seconds between successive solicitations of the
      same advertising ISATAP interface. The designated value of all 1's
      (0xffffffff) represents infinity.
      Default: 900 seconds


9.2.2.2 Potential Router List Initialization

   ISATAP nodes provision an ISATAP interface's PRL with IPv4 addresses
   discovered via manual configuration, a DNS fully-qualified domain
   name (FQDN) [STD0013], a DHCPv4 option, a DHCPv4 vendor-specific
   option, or an unspecified alternate method.

   FQDNs are established via manual configuration or an unspecified
   alternate method. FQDNs are resolved into IPv4 addresses through
   lookup in a static host file, querying the DNS service, or an
   unspecified alternate method.

   When the node provisions an ISATAP interface's PRL with IPv4
   addresses, it sets a timer for the interface (e.g.,
   PrlRefreshIntervalTimer) to PrlRefreshInterval seconds. The node re-
   initializes the PRL as specified above when PrlRefreshIntervalTimer
   expires, or when an asynchronous re-initialization event occurs. When
   the node re-initializes the PRL, it resets PrlRefreshIntervalTimer to
   PrlRefreshInterval seconds.

9.2.2.3 Processing Received Router Advertisements

   The ISATAP daemon processes Router Advertisements (RAs) exactly as
   specified in ([RFC2461], section 6.3.4). The DHCPv6 specification
   [RFC3315] is the stateful mechanism associated with the M and O bits.

   When the ISATAP daemon receives a Router Advertisement with an MTU
   option from a router at the far end of a tunnel, it records the
   advertised MTU value, e.g., in the node's IPv6 routing table. If the
   MTU value is less than the MTU of the tunnel interface, the value is
   recorded in such a way that the node will perform upper layer
   fragmentation (i.e., above the IPv4 link layer) to reduce the size of
   the IPv4 encapsulated packets it sends via the router. The recorded
   value is aged as for IPv6 path MTU information [RFC1981].




Templin, et al.          Expires August 4, 2004                [Page 16]

Internet-Draft                   ISATAP                    February 2004


   For Router Advertisement messages that include prefix options, Route
   information options [DEFLT] and/or non-zero values in the Router
   Lifetime, the ISATAP daemon resets TIMER(i) to schedule the next
   solicitation event (see: section 9.2.2.4). Let "MIN_LIFETIME" be the
   minimum value in the Router Lifetime or the lifetime(s) encoded in
   options included in the RA message. Then, TIMER(i) is reset as
   follows:

      TIMER(i) = MAX((0.5 * MIN_LIFETIME), MinRouterSolicitInterval)

9.2.2.4 Sending Router Solicitations

   To the list of events after which RSs may be sent ([RFC2461], section
   6.3.2), ISATAP interfaces add:

      -  TIMER(i) for some PRL(i) expires.

   Router Solicitations MAY be sent to an ISATAP link-local address that
   embeds V4ADDR(i) for some PRL(i) instead of the All-Routers multicast
   address.

9.3 Address Resolution and Neighbor Unreachability Detection

9.3.1 Address Resolution

   The specification in ([RFC2461], section 7.2) is used. ISATAP
   addresses for which the neighbor/router's link-layer address cannot
   otherwise be determined (e.g., from a neighbor cache entry) are
   resolved to link-layer addresses by a static computation, i.e., the
   last four octets are treated as an IPv4 address.

   Hosts SHOULD perform an initial reachability confirmation by sending
   Neighbor Solicitation message(s) and receiving a Neighbor
   Advertisement message (NS messages are sent to the target's unicast
   address). Routers MAY perform this initial reachability confirmation,
   but this might not scale in all environments.

   All nodes MUST send solicited Neighbor Advertisements on ISATAP
   interfaces ([RFC2461], section 7.2.4).

9.3.2 Neighbor Unreachability Detection

   Hosts SHOULD perform Neighbor Unreachability Detection ([RFC2461],
   section 7.3). Routers MAY perform neighbor unreachability detection,
   but this might not scale in all environments.






Templin, et al.          Expires August 4, 2004                [Page 17]

Internet-Draft                   ISATAP                    February 2004


10. Other Requirements for Control Plane Signaling

10.1 Domain Name System (DNS)

   The specifications in ([MECH], section 2.2) are used. Additional
   considerations are found in [DNSOPV6].

10.2 Linklocal Multicast Name Resolution (LLMNR)

   ISATAP nodes SHOULD implement Link Local Multicast Name Resolution
   [LLMNR], since they will commonly be deployed in environments (e.g.,
   home networks, ad-hoc networks, etc.) with no DNS service.

10.3 Node Information Queries

   ISATAP nodes MAY implement Node Information Queries as specified in
   [NIQUERY], since they may help the querier discover some subset of
   the responder's addresses.

11. Security considerations

   The security considerations in the normative references apply; also:

   -  site border routers SHOULD install a black hole route for the IPv6
      prefix FC00::/7 to insure that packets with local IPv6 destination
      addresses will not be forwarded outside of the site via a default
      route.

   -  administrators MUST ensure that lists of IPv4 addresses
      representing the advertising ISATAP interfaces of PRL members are
      well maintained.

12. IANA Considerations

   The IANA is instructed to specify the format for Modified EUI-64
   address construction ([ADDR], Appendix A) in the IANA Ethernet
   Address Block. The text in Appendix D of this document is offered as
   an example specification.
   The current version of the IANA registry for Ether Types can be
   accessed at http://www.iana.org/assignments/ethernet-numbers.

   The IANA is instructed to assign the new ICMPv6 code field types
   found in Appendix E of this document for the ICMPv6 Destination
   Unreachable message. The policy for assigning new ICMPv6 code field
   types is First Come First Served, as defined in [RFC2434]. The
   current version of the IANA registry for ICMPv6 type numbers can be
   accessed at http://www.iana.org/assignments/icmpv6-parameters.




Templin, et al.          Expires August 4, 2004                [Page 18]

Internet-Draft                   ISATAP                    February 2004


13. IAB Considerations

   [RFC3424] ("IAB Considerations for UNilateral Self-Address Fixing
   (UNSAF) Across Network Address Translation") section 4 requires that
   any proposal supporting NAT traversal must explicitly address the
   following considerations:

13.1 Problem Definition

   The specific problem being solved is enabling IPv6 connectivity for
   ISATAP nodes that are unable to communicate via ip-protocol-41 or
   native IPv6.

13.2 Exit Strategy

   ISATAP nodes use UDP/IPv4 encapsulation for NAT traversal as a last
   resort. As soon as native IPv6 or ip-protocol-41 support becomes
   available, ISATAP nodes will naturally cease using UDP/IPv4
   encapsulation.

13.3 Brittleness

   UDP/IPv4 encapsulation with ISATAP introduces brittleness into the
   system in several ways: the discovery process assumes a certain
   classification of devices based on their treatment of UDP; the
   mappings need to be continuously refreshed, and addressing structure
   may cause some hosts located beyond a common NAT to be unreachable
   from each other.

   ISATAP assumes a certain classification of devices based on their
   treatment of UDP. There could be devices that would not fit into one
   of these molds, and hence would be improperly classified by ISATAP.

   The bindings allocated from the NAT need to be continuously
   refreshed.  Since the timeouts for these bindings is very
   implementation specific, the refresh interval cannot easily be
   determined.  When the binding is not being actively used to receive
   traffic, but to wait for an incoming message, the binding refresh
   will needlessly consume network bandwidth.

13.4 Requirements for a Long Term Solution

   The devices that implement the IPv4 NAT service should in the future
   also become IPv6 routers.







Templin, et al.          Expires August 4, 2004                [Page 19]

Internet-Draft                   ISATAP                    February 2004


14. Acknowledgments

   The ideas in this document are not original, and the authors
   acknowledge the original architects. Portions of this work were
   sponsored through SRI International internal projects and government
   contracts. Government sponsors include Monica Farah-Stapleton and
   Russell Langan (U.S. Army CECOM ASEO), and Dr.  Allen Moshfegh (U.S.
   Office of Naval Research). SRI International sponsors include Dr.
   Mike Frankel, J. Peter Marcotullio, Lou Rodriguez, and Dr. Ambatipudi
   Sastry.

   The following are acknowledged for providing peer review input: Jim
   Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader,
   Ole Troan, Vlad Yasevich.

   The following are acknowledged for their significant contributions:
   Alain Durand, Hannu Flinck, Jason Goldschmidt, Nathan Lutchansky,
   Karen Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Pekka
   Savola, Margaret Wasserman, Brian Zill.

   The authors acknowledge the work of Quang Nguyen on "Virtual
   Ethernet" under the guidance of Dr. Lixia Zhang that proposed very
   similar ideas to those that appear in this document. This work was
   first brought to the authors' attention on September 20, 2002.

   IAB considerations are the same as for Teredo.

   The following individuals are acknowledged for their helpful insights
   on path MTU discovery: Jari Arkko, Iljitsch van Beijnum, Jim Bound,
   Ralph Droms, Alain Durand, Jun-ichiro itojun Hagino, Brian Haberman,
   Bob Hinden, Christian Huitema, Kevin Lahey, Hakgoo Lee, Matt Mathis,
   Jeff Mogul, Erik Nordmark, Soohong Daniel Park, Chirayu Patel,
   Michael Richardson, Pekka Savola, Hesham Soliman, Mark Smith, Dave
   Thaler, Michael Welzl, Lixia Zhang and the members of the Nokia NRC/
   COM Mountain View team.

      "...and I'm one step ahead of the shoe shine,
       Two steps away from the county line,
       Just trying to keep my customers satisfied,
       Satisfi-i-ied!" - Paul Simon, 1969











Templin, et al.          Expires August 4, 2004                [Page 20]

Internet-Draft                   ISATAP                    February 2004


Appendix A. Major Changes

   Major changes from earlier versions to version 17:

   -  changed first words in title from "Intra-site" to "Internet/site"
      to more accurately represent the functionality.

   -  new section on configuration/management.

   -  new appendices on tunnel driver API; IANA considerations.

   -  expanded section on MTU and fragmentation.

   -  expanded sections on encapsulation/decapsulation.

   -  specified relation to IPv6 Node Requirements.

   -  introduced distinction between control; user planes.

   -  specified multicast mappings.

   -  revised neighbor discovery, address autoconfiguration, IANA
      considerations and security considerations sections.

Appendix B. Example ISATAP Driver API

   An ISATAP driver API should include primitives for sending and
   receiving control plane messages as well as primitives for tunnel
   configuration/management such as the following non-normative
   examples:

B.1 ISATAP_SEND, ISATAP_RECEIVE Primitives

      Description:
         Sends/Receives control plane messages via the
         ISATAP driver (e.g., via a routing socket, etc.)















Templin, et al.          Expires August 4, 2004                [Page 21]

Internet-Draft                   ISATAP                    February 2004


B.2 ISATAP_CREATE Primitive

      Description:
         Creates a new tunnel interface and an associated IP
         interface by creating a row in tunnelIfConfigTable.
         Also optionally configures read-write objects for the
         tunnel interface and adds locators to the receive address
         table via RcvTableAdd(locator, tunnel_interface).
      Required parameter:
         - tunnelIfEncapsMethod.
      Optional parameters:
         - attributes for configuring read-write objects.
         - list of locators to associate with tunnel interface.
      Returns:
         - ifIndex for the new tunnel interface, or a failure code.


B.3 ISATAP_DELETE Primitive

      Description:
         Deletes an existing tunnel interface by deleting the
         corresponding row in tunnelIfConfigTable. Also frees
         its locators via RcvTableDel(NULL, tunnel_interface).
      Required parameter:
         - ifIndex.
      Returns:
         - success or a failure code.

B.4 ISATAP_CONFIG Primitive

      Description:
         Configures attributes for an existing tunnel interface.
         Also adds new locators via RcvTableAdd(locator,
         tunnel_interface) and deletes old locators via
         RcvTableDel(locator, tunnel_interface).
      Required parameter:
         - ifIndex.
      Optional parameters:
         - read-write objects for the tunnel interface.
         - list of locators to associate with tunnel interface.
         - list of locators to delete from association.
      Returns:
         - success or a failure code.








Templin, et al.          Expires August 4, 2004                [Page 22]

Internet-Draft                   ISATAP                    February 2004


B.5 ISATAP_BIND Primitive

      Description:
         Binds (or, creates then binds) a configured tunnel interface
         to an ISATAP interface. The configured tunnel interface
         inherits the ISATAP interface's locator set and the ISATAP
         interface uses the encapsulation parameters associated with
         the bound configured tunnel interface.
      Required parameter:
         - ifIndex for the ISATAP interface.
         - ifIndex for the configured tunnel interface, or NULL.
      Conditional parameter:
         - if ifIndex for the configured tunnel is NULL,
           tunnelIfEncapsMethod.
      Optional parameters:
         - attributes for configuring read-write objects for the
           configured tunnel interface.
      Returns:
         - ifIndex for the configured tunnel, or a failure code.

B.6 ISATAP_GET Primitive

      Description:
         Copies configuration attributes from system table entries
         associated with the specified tunnel interface into a
         calling process' buffer.
      Required parameter:
         - ifIndex
         - address of a buffer in calling process's memory.
         - number of bytes available in the user's buffer.
      Returns:
         -  Number of bytes written into the calling process'
            buffer, or a failure code.


















Templin, et al.          Expires August 4, 2004                [Page 23]

Internet-Draft                   ISATAP                    February 2004


Appendix C. The IPv6 minimum MTU

   The 1280 byte IPv6 minimum MTU was proposed by Steve Deering and
   agreed through working group consensus in November 1997 discussions
   on the IPv6 mailing list. The size was chosen to allow extra room for
   link layer encapsulations without exceeding the Ethernet MTU of 1500
   bytes, i.e., the practical physical cell size of the Internet. The
   1280 byte MTU also provides a fixed upper bound for the size of IPv6
   packets/fragments with a maximum store-and-forward delay budget of ~1
   second assuming worst-case link speeds of ~10Kbps [BCP0048], thus
   providing a convenient value for use in reassembly buffer timer
   settings. Finally, the 1280 byte MTU allows transport connections
   (e.g., TCP) to configure a large-enough maximum segment size for
   improved performance even if the IPv4 interface that will send the
   tunneled packets uses a smaller MTU.

Appendix D. Modified EUI-64 Addresses in the IANA Ethernet Address Block

   Modified EUI-64 addresses ([ADDR], Appendix A) in the IANA Ethernet
   Address Block are formed as the concatenation of the 24-bit IANA OUI
   (00-00-5E) with a 40-bit extension identifier. They have the
   following appearance in memory (bits transmitted right-to-left within
   octets, octets transmitted left-to-right):

   0                       23                                        63
   |        OUI            |            extension identifier         |
   000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

   When the first two octets of the extension identifier encode the
   hexadecimal value 0xFFFE, the remainder of the extension identifier
   encodes a 24-bit vendor-supplied id as follows:

   0                       23               39                       63
   |        OUI            |     0xFFFE     |   vendor-supplied id   |
   000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx
















Templin, et al.          Expires August 4, 2004                [Page 24]

Internet-Draft                   ISATAP                    February 2004


   When the first octet of the extension identifier encodes the
   hexadecimal value 0xFE, the remainder of the extension identifier
   encodes a 32-bit IPv4 address, as specified in ([ISATAP], section
   6.1) and as follows:

   0                       23      31                                63
   |        OUI            |  0xFE |           IPv4 address          |
   000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

   Modified EUI-64 format interface identifiers are formed by inverting
   the "u" bit, i.e., the "u" bit is set to one (1) to indicate
   universal scope and it is set to zero (0) to indicate local scope
   ([ADDR], section 2.5.1).

Appendix E. Proposed ICMPv6 Code Field Types

   Three new ICMPv6 Code Field Type definitions are proposed for the
   ICMPv6 Destination Unreachable message. The first proposes a new
   definition for a currently-unassigned code type (2) in the ICMPv6
   Type Numbers registry; the others propose new definitions for code
   types (5) and (6). The code type field definition proposals appear
   below:

      Type    Name                                    Reference
      ----    -------------------------               ---------
         1    Destination Unreachable                 [RFC2463]
         Code           2 - beyond the scope of source address
                        5 - source address failed ingress policy
                        6 - reject route to destination


Normative References

[STD0003]  Braden, R., "Requirements for Internet Hosts - Communication
   Layers", STD 3, RFC 1122, October 1989.

[STD0005]  Postel, J., "Internet Protocol", STD 5, RFC 791, September
   1981.

[STD0006]  Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
   1980.

[RFC1981]  McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for
   IP version 6", RFC 1981, August 1996.

[RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
   Requirement Levels", BCP 14, RFC 2119, March 1997.




Templin, et al.          Expires August 4, 2004                [Page 25]

Internet-Draft                   ISATAP                    February 2004


[RFC2434]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
   Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

[RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
   (IPv6) Specification", RFC 2460, December 1998.

[RFC2461]  Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
   for IP Version 6 (IPv6)", RFC 2461, December 1998.

[RFC2463]  Conta, A., and S. Deering, "Internet Control Message Protocol
   (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification",
   RFC 2463, December 1998.

[RFC2529]  Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
   Domains without Explicit Tunnels", RFC 2529, March 1999.

[RFC3424]  Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
   Address Fixing (UNSAF) Across Network Address Translation", RFC 3424,
   November 2002.

[RFC3542]  Stevens, W., Thomas, M., Nordmark, E. and T.  Jinmei,
   "Advanced Sockets Application Program Interface (API) for IPv6", RFC
   3542, May 2003.

[RFC3582]  Abley, J., Black, B. and V. Gill, "Goals for IPv6 Site-
   Multihoming Architectures", RFC 3582, August 2003.

[RFC3633]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
   Configuration Protocol (DHCP) version 6", RFC 3633, December 2003.

[ADDR]     Hinden, R. and S. Deering, "IP Version 6 Addressing
   Architecture", draft-ietf-ipv6-addr-arch-v4 (work in progress),
   October 2003.

[AUTH]     Reynolds, J. and R. Braden, "Instructions to Request for
   Comments (RFC) Authors", draft-rfc-editor-rfc2223bis (work in
   progress), August 2003.

[DEFLT]    Draves, R. and D. Thaler, "Default Router Preferences and
   More-Specific Routes", draft-ietf-ipv6-router-selection (work in
   progress), December 2003.

[ISATAP]   Templin, F., Gleeson, T., Talwar, M. and D. Thaler,
   "Internet/Site Automatic Tunnel Addressing Protocol", draft-ietf-
   ngtrans-isatap (work in progress), February 2004.

[LLMNR]    Esibov, L., Aboba, B. and D. Thaler, "Linklocal Multicast
   Name Resolution", draft-ietf-dnsext-mdns (work in progress), January



Templin, et al.          Expires August 4, 2004                [Page 26]

Internet-Draft                   ISATAP                    February 2004


   2004.

[MECH]     Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms
   for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2 (work in
   progress), February 2003.

[NODEREQ]  Loughney, J., "IPv6 Node Requirements", draft-ietf-ipv6-node-
   requirements (work in progress), October 2003.

[UNIQUE]   Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
   Addresses", draft-ietf-ipv6-unique-local-addr (work in progress),
   January 2004.


Informative References

[BCP0048]  Dawkins, S., Montenegro, G., Kojo, M. and V.  Magret, "End-
   to-end Performance Implications of Slow Links", BCP 48, RFC 3150,
   July 2001.

[STD0013]  Mockapetris, P., "Domain names - implementation and
   specification", STD 13, RFC 1035, November 1987.

[RFC2402]  Kent, S. and R. Atkinson, "IP Authentication Header", RFC
   2402, November 1998.

[RFC2406]  Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
   (ESP)", RFC 2406, November 1998.

[RFC2491]  Armitage, G., Schulter, P., Jork, M. and G.  Harter, "IPv6
   over Non-Broadcast Multiple Access (NBMA) networks", RFC 2491,
   January 1999.

[RFC2492]  Armitage, G., Schulter, P. and M. Jork, "IPv6 over ATM
   Networks", RFC 2492, January 1999.

[RFC2710]  Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
   Discovery (MLD) for IPv6", RFC 2710, October 1999.

[RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains via
   IPv4 Clouds", RFC 3056, February 2001.

[RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.
   Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC
   3315, July 2003.

[ANYCAST]  Hagino, J. and K. Ettikan, "An Analysis of IPv6 Anycast",
   draft-ietf-ipngwg-ipv6-anycast-analysis (work in progress), June



Templin, et al.          Expires August 4, 2004                [Page 27]

Internet-Draft                   ISATAP                    February 2004


   2003.

[DNSOPV6]  Durand, A., Ihren, J., and Savola P., "Operational
   Considerations and Issues with IPv6 DNS", draft-ietf-dnsop-ipv6-dns-
   issues, work-in-progress, January 2004.

[FLOW]     Rajahalme, J., Conta, A., Carpenter, B. and S.  Deering,
   "IPv6 Flow Label Specification", draft-ietf-ipv6-flow-label (work in
   progress), December 2003.

[FRAG]     Mogul, J. and C. Kent, "Fragmentation Considered Harmful", In
   Proc. SIGCOMM '87 Workshop on Frontiers in Computer Communications
   Technology. August, 1987.

[FTMIB]    Haberman, B. and M. Wasserman, "IP Forwarding Table MIB",
   draft-ietf-ipv6-rfc2096-update (work in progress), August 2003.

[IPMIB]    Routhier, S., "Management Information Base for the Internet
   Protocol (IP)", draft-ietf-ipv6-rfc2011-update (work in progress),
   September 2003.

[NIQUERY]  Crawford, M., "IPv6 Node Information Queries", draft-ietf-
   ipngwg-icmp-name-lookups (work in progress), June 2003.

[SEND]     Arkko, J., Kempf, J., Sommerfield, B., Zill, B.  and P.
   Nikander, "Secure Neighbor Discovery (SEND)", draft-ietf-send-ndopt
   (work in progress), October 2003.

[TCPMIB]   Raghunarayan, R., "Management Information Base for the
   Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update
   (work in progress), November 2003.

[TUNMIB]   Thaler, D., "IP Tunnel MIB", draft-ietf-ipv6-inet-tunnel-mib
   (work in progress), January 2004.

[UDPMIB]   Raghunarayan, R., "Management Information Base for the
   Transmission Control Protocol (TCP)", draft-ietf-ipv6-rfc2012-update
   (work in progress), November 2003.













Templin, et al.          Expires August 4, 2004                [Page 28]

Internet-Draft                   ISATAP                    February 2004


Authors' Addresses

Fred L. Templin
Nokia
313 Fairchild Drive
Mountain View, CA  94110
US

Phone: +1 650 625 2331
EMail: ftemplin@iprg.nokia.com


Tim Gleeson
Cisco Systems K.K.
Shinjuku Mitsu Building
2-1-1 Nishishinjuku, Shinjuku-ku
Tokyo  163-0409
Japan

EMail: tgleeson@cisco.com


Mohit Talwar
Microsoft Corporation
One Microsoft Way
Redmond, WA  98052-6399
US

Phone: +1 425 705 3131
EMail: mohitt@microsoft.com


Dave Thaler
Microsoft Corporation
One Microsoft Way
Redmond, WA  98052-6399
US

Phone: +1 425 703 8835
EMail: dthaler@microsoft.com











Templin, et al.          Expires August 4, 2004                [Page 29]

Internet-Draft                   ISATAP                    February 2004


Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to pertain
to the implementation or use of the technology described in this
document or the extent to which any license under such rights
might or might not be available; neither does it represent that it has
made any effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11. Copies of claims of rights
made available for publication and any assurances of licenses to be made
available, or the result of an attempt made to obtain a general license
or permission for the use of such proprietary rights by implementors or
users of this specification can be obtained from the IETF Secretariat.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this
standard. Please address the information to the IETF Executive Director.

The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this document.
For more information consult the online list of claimed rights.


Full Copyright Statement

Copyright (C) The Internet Society (2004). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.










Templin, et al.          Expires August 4, 2004                [Page 30]

Internet-Draft                   ISATAP                    February 2004


The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.  This
document and the information contained herein is provided on an "AS IS"
basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE
DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.


Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society.





































Templin, et al.          Expires August 4, 2004                [Page 31]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/