Anything In Anything

Last updated May 20, 2024

Anything In Anything (AYIYA) is a computer networking protocol for managing IP tunneling protocols in use between separated Internet Protocol networks. It is most often used to provide IPv6 transit over an IPv4 network link when network address translation masquerades a private network with a single IP address that may change frequently because of DHCP provisioning by Internet service providers.

Features

The protocol has the following features:^[1]

Tunneling of networking protocols within another IP protocol
Network security is provided by preventing tunneled packets from being spoofable or replayable
Transparent handling of network address translation
The endpoint of at least one of the two tunnel endpoints should be able to change to provide mobility features.

Tunnel brokers

Many consumer networks are provisioned by Internet service providers using network address translation (NAT) which precludes^[2]^[3]^[4] the usage of IP protocol 41 tunnels (IPv6 tunnelled in IPv4, either RFC 4213 or RFC 3056) unless they manually reconfigure their NAT setup. In some cases, this is impossible as the NAT cannot be configured to forward protocol 41 to a specific host. There might also be cases when multiple endpoints are behind the same NAT, when multiple NATs are used, or when the user has no control at all over the NAT setup. This is an undesired situation as it limits the deployment of IPv6, which was meant to solve the problem of the disturbance in end to end communications caused by NATs, which were created because of limited address space in the first place.

This problem can be solved by tunneling the IPv6 packets over either User Datagram Protocol (UDP), Transmission Control Protocol (TCP) or the Stream Control Transmission Protocol (SCTP). Taking into consideration that multiple separate endpoints could be behind the same NAT or that the public endpoint receives a new IP address, there is a need to identify the endpoint that certain packets are coming from and endpoints need to be able to change e.g. source addresses of the transporting protocol on the fly while still being identifiable as the same endpoint. The protocol described in this document is independent of the transport and payload's protocol. An example is IPv6-in-UDP-in-IPv4, which is a typical setup that can be used by IPv6 tunnel brokers.

Mobility

AYIYA may be used to provision mobile hosts by tunneling traffic from the Home Address to the Home Agent over an underlying network. Any remote host that the mobile host communicates with does not need AYIYA support. When the remote host does support AYIYA, it could also directly set up a tunnel with the mobile host establishing a direct tunnel. The remote host can determine whether a host supports AYIYA by querying for Domain Name System records and use a public/private key algorithm to authenticate the packets.

+-------------+             +------------+         ,--------.         +-------------+ | Mobile Host | <--AYIYA--> | Home Agent | <----> { Internet } <----> | Remote Host | +-------------+             +------------+         '--------'         +-------------+

Using AYIYA to provide IPv6 for a host is in effect already providing mobility for that end point as it can use its IPv6 address regardless of geographic location.

Packet format

	Bits 0 - 3	4 - 7	8 - 11	12 - 15	16 - 19	20 - 23	24 - 31
0	Identity Length	Identity Type	Signature Length	Hash Method	Authentication Method	Operation Code	Next Header
32	Epoch Time
	Identity
	Signature

For IPv6 over IPv4-UDP operation, as in the most common use scenario, the identity is the IPv6 Address of the endpoint (16 bytes) and the signature is an SHA1 hash (20 bytes). The header has a total of 8 + 16 + 20 = 44 bytes. Encapsulated in UDP and IPv4 the tunnel overhead is 44 + 8 + 20 = 72 bytes. Over Ethernet this allows an MTU of 1428 bytes.

Implementations

The AYIYA protocol has been implemented in AICCU.

Related Research Articles

An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface identification, and location addressing.

Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.

Mobile IP is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile device users to move from one network to another while maintaining a permanent IP address. Mobile IP for IPv4 is described in IETF RFC 5944, and extensions are defined in IETF RFC 4721. Mobile IPv6, the IP mobility implementation for the next generation of the Internet Protocol, IPv6, is described in RFC 6275.

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Unlike similar protocols such as 6to4, it can perform its function even from behind network address translation (NAT) devices such as home routers.

In the context of computer networking, a tunnel broker is a service which provides a network tunnel. These tunnels can provide encapsulated connectivity over existing infrastructure to another infrastructure.

6in4 is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of RFC 4213. The IP protocol number for 6in4 is 41, per IANA reservation.

In computer networking, the Tunnel Setup Protocol (TSP) is an experimental networking control protocol used to negotiate IP tunnel setup parameters between a tunnel client host and a tunnel broker server, the tunnel end-points. A major use of TSP is in IPv6 transition mechanisms.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

Locator/ID Separation Protocol (LISP) is a "map-and-encapsulate" protocol which is developed by the Internet Engineering Task Force LISP Working Group. The basic idea behind the separation is that the Internet architecture combines two functions, routing locators and identifiers in one number space: the IP address. LISP supports the separation of the IPv4 and IPv6 address space following a network-based map-and-encapsulate scheme. In LISP, both identifiers and locators can be IP addresses or arbitrary elements like a set of GPS coordinates or a MAC address.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the protocol provides the message-oriented feature of the User Datagram Protocol (UDP), while ensuring reliable, in-sequence transport of messages with congestion control like the Transmission Control Protocol (TCP). Unlike UDP and TCP, the protocol supports multihoming and redundant paths to increase resilience and reliability.

IPv4 Residual Deployment (4rd) is an IPv6 transition mechanism for Internet service providers for deployment of Internet Protocol version 6 (IPv6), while maintaining IPv4 service to customers. The protocol and sample applications are specified in RFC 7600.

Port Control Protocol (PCP) is a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translation (NAT) or packet filtering. By allowing hosts to create explicit port forwarding rules, handling of the network traffic can be easily configured to make hosts placed behind NATs or firewalls reachable from the rest of the Internet, which is a requirement for many applications.

References

↑ Massar, J. "AYIYA: Anything In Anything". Ietf Datatracker. IETF. (Internet draft)
↑ RFC 2993: T. Hain (November 2000). "Architectural Implications of NAT". IETF. doi:10.17487/RFC2993.{{cite journal}}: Cite journal requires |journal= (help)
↑ "Anything In Anything (AYIYA)". SixXS.
↑ RFC 4891: R. Graveman; M. Parthasarathy; P. Savola; H. Tschofenig (May 2007). "Using IPsec to Secure IPv6-in-IPv4 Tunnels". IETF. doi:10.17487/RFC4891.{{cite journal}}: Cite journal requires |journal= (help)

External links

SixXS

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[ayiya-draft-ietf-1] Massar, J. "AYIYA: Anything In Anything". Ietf Datatracker. IETF. (Internet draft)

[rfc2993-2] RFC 2993: T. Hain (November 2000). "Architectural Implications of NAT". IETF. doi:10.17487/RFC2993.{{cite journal}}: Cite journal requires |journal= (help)

[ayiya-sixxs-3] "Anything In Anything (AYIYA)". SixXS.

[rfc4891-4] RFC 4891: R. Graveman; M. Parthasarathy; P. Savola; H. Tschofenig (May 2007). "Using IPsec to Secure IPv6-in-IPv4 Tunnels". IETF. doi:10.17487/RFC4891.{{cite journal}}: Cite journal requires |journal= (help)

[1]

[2]

[3]

[4]