In general, an SWVC conveys IP Packets without modifying the contents; however, there are some exceptions which are captured in the following requirements:

[R4] If an Ingress IPv4 Data Packet is mapped to an SWVC and delivered as a Egress IPv4 Data Packet, and the packet has not been fragmented as described in RFC 791 [5], the Egress IPv4 Data Packet MUST be identical to the Ingress IPv4 Data Packet except that the following fields in the IPv4 header can be changed:

    • The TTL field (RFC 791 [5])
    • The DS (RFC 3260 [11]) and ECN (RFC 3168 [10]) fields
    • The Loose Source and Record Route option, the Strict Source and Record Route option, and the Record Route option, if present in the packet (RFC 791 [5])

The Destination Address field, if the Loose Source and Record Route option or the Strict Source and Record Route option are present in the packet (RFC 791 [5])

    • The Header Checksum field (RFC 791 [5])
    • Any other field(s), subject to agreement between the Subscriber and the Service Provider

[R5] If an Ingress IPv4 Data Packet is mapped to an SWVC and is fragmented by the Service Provider as described in RFC 791 [5] resulting in a number of corresponding IPv4 Packets that are delivered as Egress IPv4 Packets, the Egress IPv4 Data Packets MUST be such that reassembly as described in RFC 791 [5] results in an IP Packet that is identical to the Ingress IPv4 Data Packet except that the following fields in the IPv4 header can be changed:

    • The TTL field (RFC 791 [5])
    • The DS (RFC 3260 [11]) and ECN (RFC 3168 [10]) fields
    • The Loose Source and Record Route option, the Strict Source and Record Route option, and the Record Route option, if present in the packet (RFC 791 [5])

The Destination Address field, if the Loose Source and Record Route option or the Strict Source and Record Route option are present in the packet (RFC 791 [5])

    • The Header Checksum field (RFC 791 [5])
    • Any other field(s), subject to agreement between the Subscriber and the Service Provider

[R6] If an Ingress IPv6 Data Packet is mapped to an SWVC and delivered as an Egress IPv6 Data Packet, the Egress IPv6 Data Packet MUST be identical to the Ingress IPv6 Data Packet except that the following fields in the IPv6 header can be changed:

    • The Hop Limit field (RFC 8200 [17])
    • The DS (RFC 3260 [11]) and ECN (RFC 3168 [10]) fields
    • The value of any options within a Hop-by-Hop Options header (if present) that have the third high-order bit in the option type field set (RFC 8200 [17])
    • Any other field(s), subject to agreement between the Subscriber and the Service Provider

The use of the Loose Source and Record Route option, the Strict Source and Record Route option, and the Record Route option in IPv4 packets can cause problems due to the additional processing needed at each hop along the path. In addition, the Loose Source and Record Route option and the Strict Source and Record Route option open up a number of potential security risks as documented in RFC 6274, which outweigh any legitimate use.

[O1] A Service Provider MAY discard Ingress IPv4 Packets that contain the Loose Source and Record Route option, the Strict Source and Record Route option, or the Record Route option.




Status

PUBLISHED


Study Requirement

MEF-SDCP Exam Study Requirement

Source(s) and Reference(s)

MEF 70 - SD-WAN Service Attributes and Services Definition

RFC 791

RFC 3168

RFC 3260

RFC 6274

RFC 8200

Related and Further Reading

 

Project Lead

Kirby Russell

Reviewers/Conttributors

MEF-SMEs

Basil Najem

Sholy Augustine

Ryan Hoffman

MEF Staff

Daniel Bar-Lev


  • No labels