Computer NetworksIPv6

Extension Headers

LevelIntermediate

Duration75 mins

TopicIPv6

2 / 5

Hop-by-Hop Options Header

The Exception That Proves the Rule

In our previous examination of IPv6 extension headers, we established a fundamental principle: extension headers are processed only by the destination, not by intermediate routers. This architectural decision enables high-speed router forwarding by keeping optional processing out of the critical path.

But there's one critical exception: the Hop-by-Hop Options header.

This extension header breaks the rule deliberately. Some functionality simply cannot wait until the destination—it must be examined and acted upon by every router along the path. Flow control signals, resource reservation, jumbo packet handling, and router alerts all require in-path processing.

The Hop-by-Hop Options header exists precisely to carry this class of time-critical, path-sensitive information. Its design, placement, and encoding reflect the unique demands of per-hop processing.

What You Will Learn

By the end of this page, you will understand: (1) Why certain options require hop-by-hop processing, (2) The precise binary structure of the Hop-by-Hop Options header, (3) The TLV encoding scheme for individual options, (4) All major option types including Pad1, PadN, Router Alert, Jumbo Payload, and CALIPSO, (5) The processing algorithm routers must implement, and (6) Performance and security implications of hop-by-hop processing.

Why Hop-by-Hop Processing?

Not all network functionality can be deferred to the destination. Some operations are inherently path-dependent—they require action from intermediate nodes as packets traverse the network. Understanding these use cases clarifies why the Hop-by-Hop Options header exists.

Categories of Hop-by-Hop Functionality:

Use Cases Requiring Hop-by-Hop Processing
Category	Example Option	Why Hop-by-Hop?	Consequence if Ignored
Oversized Packets	Jumbo Payload	Routers must know actual packet length to allocate buffers and forward correctly	Packet truncation, forwarding failure
Resource Signaling	Router Alert	Routers must intercept packets for local protocol processing (RSVP, MLD)	QoS reservations fail, multicast groups break
Security Classification	CALIPSO	Each router must verify security label authorization for its network segment	Classified data may leak to unauthorized networks
Congestion Feedback	Quick-Start	Each router must approve or modify requested rate	Congestion collapse, unfair bandwidth allocation

The Jumbo Payload Case Study:

The IPv6 main header's Payload Length field is 16 bits, limiting standard payload to 65,535 bytes. But some high-performance networks (supercomputer interconnects, data center fabrics) can benefit from much larger packets—reducing per-packet overhead for bulk transfers.

The Jumbo Payload option enables packets up to 4,294,967,295 bytes (2³² - 1). But here's the critical insight: every router on the path must know the true packet length, not just the destination. Routers need this to:

Allocate sufficient buffer memory
Check against interface MTU
Correctly decrement Hop Limit at packet boundaries
Account for the traffic in queue management

If the Jumbo Payload option were in a Destination Options header (processed only at the destination), routers would see Payload Length = 0 and have no idea how large the packet actually is. They'd allocate minimal buffers, try to forward a truncated packet, and cause catastrophic failures.

This is why Hop-by-Hop exists: some information is path-essential, not just destination-relevant.

The Router Alert Insight

Router Alert is particularly elegant: rather than forcing routers to deeply inspect every packet looking for RSVP or MLD messages, the sender simply sets the Router Alert option. Routers check one field to determine if the packet needs local protocol processing, avoiding expensive deep packet inspection in the fast path.

Header Structure and Format

The Hop-by-Hop Options header follows the standard extension header format but carries Type-Length-Value (TLV) encoded options. Its structure is optimized for efficient sequential parsing.

Binary Format:

hop_by_hop_header_format.txt
Hop-by-Hop Options Header Structure
════════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Next Header  |  Hdr Ext Len  |                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
.                                                               .
.                         Options                               .
.                                                               .
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
┌─────────────────────────────────────────────────────────────────────────┐
│ FIELD DEFINITIONS                                                       │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│ Next Header (8 bits)                                                    │
│   Identifies the type of header immediately following the Hop-by-Hop   │
│   Options header. Uses the same values as the IPv6 Next Header field.  │
│   Common values:                                                        │
│     - 6   = TCP                                                         │
│     - 17  = UDP                                                         │
│     - 43  = Routing Header                                              │
│     - 58  = ICMPv6                                                      │
│     - 60  = Destination Options                                         │
│                                                                         │
│ Hdr Ext Len (8 bits)                                                    │
│   Length of the Hop-by-Hop Options header in 8-octet units,            │
│   NOT including the first 8 octets.                                     │
│                                                                         │
│   Total Header Length = (Hdr Ext Len + 1) × 8 bytes                     │
│                                                                         │
│   Examples:                                                             │
│     - Hdr Ext Len = 0  → Total length = 8 bytes  (minimum)              │
│     - Hdr Ext Len = 1  → Total length = 16 bytes                        │
│     - Hdr Ext Len = 2  → Total length = 24 bytes                        │
│     - Hdr Ext Len = 255 → Total length = 2048 bytes (maximum)           │
│                                                                         │
│ Options (variable)                                                      │
│   One or more TLV-encoded options, padded to 8-octet boundary.          │
│   Options are parsed sequentially from start to end.                    │
│   The header MUST be padded to a multiple of 8 octets.                  │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘
 
Example: Minimum Hop-by-Hop Header (8 bytes, just padding)
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      6        |       0       |      1        |      4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0        |       0       |       0       |      0        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Decoded:
- Next Header: 6 (TCP follows)
- Hdr Ext Len: 0 (total length = 8 bytes)
- Options: PadN with length 4, then 4 bytes of zero padding

Mandatory Positioning

The Hop-by-Hop Options header MUST appear immediately after the IPv6 header—never in any other position. The IPv6 header's Next Header field must be 0 to indicate Hop-by-Hop follows. This positioning enables the critical optimization: routers check one field (Next Header in IPv6 header) to determine if any hop-by-hop processing is needed.

TLV Option Encoding

Options within the Hop-by-Hop Options header use Type-Length-Value (TLV) encoding. This flexible format allows multiple options of varying sizes to be packed into a single header while maintaining backward compatibility as new options are defined.

Standard TLV Format:

tlv_option_format.txt
Standard TLV Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|  Option Type  |  Opt Data Len |    Option Data (variable)     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|<--- 8 bits -->|<--- 8 bits -->|<---- Opt Data Len bytes ----->|
 
 
Option Type Field Encoding (8 bits)
═══════════════════════════════════════════════════════════════════════════
 
The Option Type byte contains encoded processing directives:
 
     0   1   2   3   4   5   6   7
   +---+---+---+---+---+---+---+---+
   | act |chg|     Option Number   |
   +---+---+---+---+---+---+---+---+
 
act (bits 0-1): Action if option type is unrecognized
═══════════════════════════════════════════════════════════════════════════
  00 = Skip over this option and continue processing
  01 = Discard the packet silently
  10 = Discard and send ICMP Parameter Problem (all destinations)
  11 = Discard and send ICMP Parameter Problem (only if not multicast)
 
chg (bit 2): Change flag
═══════════════════════════════════════════════════════════════════════════
  0 = Option data does NOT change en route
  1 = Option data MAY change en route
      (critical for authentication: changed options cannot be authenticated)
 
Option Number (bits 3-7): The specific option type within this class
 
 
Decoding Examples:
═══════════════════════════════════════════════════════════════════════════
 
Option Type = 0x00 (binary: 00 0 00000) = Pad1
  - act=00: skip if unknown
  - chg=0: does not change
  - number=0: padding option 1
 
Option Type = 0x01 (binary: 00 0 00001) = PadN  
  - act=00: skip if unknown
  - chg=0: does not change
  - number=1: padding option N
 
Option Type = 0x05 (binary: 00 0 00101) = Router Alert
  - act=00: skip if unknown (but routers SHOULD recognize this)
  - chg=0: does not change
  - number=5: router alert
 
Option Type = 0xC2 (binary: 11 0 00010) = Jumbo Payload
  - act=11: discard + ICMP if unknown (unless multicast)
  - chg=0: does not change
  - number=2: jumbo payload

The Action Bits Rationale:

The two-bit action field enables graduated responses to unrecognized options:

00 (skip): Used for options where ignoring them doesn't break functionality—padding, optional hints
01 (silently discard): Used when processing failure is a security concern but no feedback should be given
10 (discard + ICMP): Used when the sender needs to know the option wasn't processed
11 (discard + ICMP, not multicast): Like 10, but avoids ICMP storms from multicast destinations

The Change Flag and IPsec

The 'chg' bit is critical for IPsec Authentication Header (AH) operation. AH computes an integrity check over the entire packet, including extension headers. But if an option value may legitimately change en route (like Hop Count in an experimental option), AH must exclude it from the integrity computation. Options with chg=1 are zeroed before AH computation and restored after verification.

Padding Options: Pad1 and PadN

Every Hop-by-Hop Options header must be a multiple of 8 bytes. Additionally, many options require specific alignment within the header for efficient processing. Two special padding options enable this alignment: Pad1 and PadN.

Pad1 Option (Type = 0):

Pad1 is unique—it has NO length or value fields. The entire option is a single zero byte:

pad1_option.txt
Pad1 Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+
|       0       |   ← Entire option is just this one byte
+-+-+-+-+-+-+-+-+
 
Used to insert 1 byte of padding.
 
The absence of length/value fields is intentional:
- If Type=0 always used standard TLV, minimum would be 2 bytes (type + length)
- Pad1 saves one byte per single-byte alignment need
- Parser recognizes Type=0, consumes exactly 1 byte, continues

PadN Option (Type = 1):

PadN uses the standard TLV format to insert N bytes of padding (where N ≥ 2):

padn_option.txt
PadN Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|       1       |  Opt Data Len |       Zero Padding             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
 
Opt Data Len contains (N-2) where N is total bytes of padding desired.
 
Examples:
═══════════════════════════════════════════════════════════════════════════
 
2 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       0       |   ← PadN with data length 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
4 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       2       |       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
6 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       4       |       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Alignment Requirements

Options specify alignment requirements as xn+y, meaning the option must start at a byte offset that equals y when divided by x. For example, the Jumbo Payload option (4n+2) must start at byte 2, 6, 10, etc. within the options area. Padding options fill gaps to achieve these alignments.

Router Alert Option

The Router Alert option signals to intermediate routers that the packet requires local processing beyond simple forwarding. This enables protocols like RSVP (Resource Reservation), MLD (Multicast Listener Discovery), and specific ICMP operations without requiring routers to deeply inspect every packet.

Option Format:

router_alert_option.txt
Router Alert Option Format
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0x05     |      0x02     |      Router Alert Value       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Fields:
═══════════════════════════════════════════════════════════════════════════
Option Type:     0x05 (binary: 00 0 00101)
                 - Action: 00 = skip if unknown
                 - Change: 0 = does not change en route
                 - Number: 5 = Router Alert
 
Option Length:   0x02 (2 bytes of option data)
 
Router Alert Value (16 bits):
  0     = Datagram contains MLD message (Multicast Listener Discovery)
  1     = Datagram contains RSVP message (Resource Reservation)
  2     = Datagram contains an Active Network message
  3     = Aggregated RSVP reservation
  4     = QoS NSLP Aggregation-level 0
  5-34  = QoS NSLP Aggregation levels 1-30
  35    = NSIS NATFW NSLP
  65535 = Reserved for future expansion
  
(Complete registry maintained by IANA)

Processing Algorithm:

When a router encounters a packet with the Router Alert option:

Router Alert Processing Steps

•Detect option presence — IPv6 Next Header = 0 triggers Hop-by-Hop parsing
•Parse to Router Alert — Extract the 16-bit Router Alert Value
•Check value against supported protocols — Does router support MLD? RSVP?
•If supported: Pass packet copy to appropriate protocol handler; may also forward original
•If not supported: Forward packet normally (the skip action allows graceful degradation)

MLD and the Router Alert

Multicast Listener Discovery (MLD) messages—the IPv6 equivalent of IGMP—always include the Router Alert option. This ensures that MLD packets are processed by multicast routers even if they're addressed to a multicast group address. Without Router Alert, a router might simply forward the MLD packet without updating its multicast state.

Jumbo Payload Option

The Jumbo Payload option enables IPv6 packets larger than 65,535 bytes—the maximum expressible in the 16-bit Payload Length field. This option is essential for networks supporting "jumbograms" (extremely large packets used in high-performance computing).

When Jumbo Payload is Used:

Payload Length in IPv6 header is set to 0
Actual length is specified in the Jumbo Payload option
Maximum packet size: 4,294,967,295 bytes (2³² - 1)

Option Format:

jumbo_payload_option.txt
Jumbo Payload Option Format
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0xC2     |      0x04     |       Jumbo Payload Length    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Fields:
═══════════════════════════════════════════════════════════════════════════
Option Type:     0xC2 (binary: 11 0 00010)
                 - Action: 11 = discard + ICMP if unknown (unless multicast)
                 - Change: 0 = does not change en route
                 - Number: 2 = Jumbo Payload
 
Option Length:   0x04 (4 bytes = 32-bit length value)
 
Jumbo Payload Length (32 bits):
  - Length of the packet in bytes, excluding the IPv6 header (40 bytes)
  - Includes all extension headers, plus upper-layer data
  - MUST be greater than 65,535 (else standard Payload Length would work)
  - Maximum value: 4,294,967,295
 
Alignment:       4n+2 (must start at offset 2, 6, 10, etc.)
 
 
Complete Hop-by-Hop Header with Jumbo Payload:
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header=6 | Hdr Ext Len=0 |      0xC2     |      0x04     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Jumbo Payload Length                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
This 8-byte Hop-by-Hop header specifies a jumbogram; TCP data follows.

Critical Processing Rules:

Jumbo Payload Validation Rules

•Payload Length MUST be 0 — If IPv6 header Payload Length ≠ 0 but Jumbo Payload is present, send ICMP Parameter Problem
•Value MUST exceed 65,535 — Jumbo Payload Length ≤ 65,535 is an error (should use standard Payload Length)
•Must appear first — Jumbo Payload must be the first option in Hop-by-Hop header (after Next Header and Hdr Ext Len)
•No fragmentation possible — Jumbograms cannot use the Fragment extension header
•UDP checksum required — UDP packets in jumbograms MUST include checksum (can't be zero)

Practical Jumbogram Deployment

Jumbograms are rarely used on the public Internet—most paths have MTU limits well below 65,535 bytes. They're primarily found in specialized environments: supercomputer interconnects (InfiniBand bridging), high-speed research networks, and data center fabrics where end-to-end MTU can be guaranteed.

Other Hop-by-Hop Options

Beyond Router Alert and Jumbo Payload, several other options are defined for the Hop-by-Hop Options header. While less commonly encountered, understanding them completes the picture of hop-by-hop functionality.

CALIPSO (Common Architecture Label IPv6 Security Option):

CALIPSO Option Structure
Field	Size	Description
Domain of Interpretation	32 bits	Identifies the security policy domain
Compartment Length	8 bits	Length of compartment bitmap in 32-bit words
Sensitivity Level	8 bits	Hierarchical classification level
Compartment Bitmap	Variable	Non-hierarchical category markings

CALIPSO is used in Multi-Level Secure (MLS) networks—environments where traffic at different classification levels (Unclassified, Secret, Top Secret) must traverse shared infrastructure while maintaining separation. Each router verifies that incoming traffic's security label is authorized for its network segment.

RPL Option (Routing Protocol for Low-Power and Lossy Networks):

The RPL Option carries routing state for constrained networks (IoT, sensor networks):

rpl_option.txt
RPL Option (Type = 0x63)
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0x63     |  Opt Data Len |O|R|F|   0   |   RPLInstanceID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          SenderRank           |  (sub-TLVs if O=1)            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
 
O = Down flag (packet moving toward root or away)
R = Rank-Error flag (inconsistent rank detected)
F = Forwarding-Error flag (forwarding problem)
RPLInstanceID = Identifies the RPL routing instance
SenderRank = Rank of sending node in the RPL DAG

SMF_DPD (Simplified Multicast Forwarding Duplicate Packet Detection):

This option supports multicast forwarding in networks without full multicast routing protocols:

•Purpose: Prevent infinite loops when flooding multicast packets
•Mechanism: Each packet carries a sequence number; routers track seen sequences
•Use case: Emergency/ad-hoc networks where traditional multicast setup is impractical

IANA Registry

The complete list of assigned Hop-by-Hop Option Types is maintained by IANA. New options can be registered following the procedures in RFC 2780, allowing the protocol to evolve without changing the fundamental architecture.

Performance and Security Implications

The Hop-by-Hop Options header's requirement for per-hop processing creates both performance and security considerations that network operators must understand.

Performance Impact:

Hop-by-Hop Processing Overhead

•Slow-path processing — Packets with Hop-by-Hop headers often leave the router's hardware fast-path, entering software processing
•Per-hop parsing cost — Every router must parse the options, even if none are recognized/actionable
•Queue priority — Some implementations deprioritize Hop-by-Hop packets to protect fast-path traffic
•Rate limiting — Routers may limit Hop-by-Hop packet processing rate to prevent CPU exhaustion

The Middlebox Reality:

Empirical studies (notably RFC 7872) found that packets with Hop-by-Hop Options headers experience significantly higher drop rates across the Internet:

Up to 40% of paths drop packets with Hop-by-Hop headers
Some networks intentionally drop these packets as a performance/security measure
Drop rates vary significantly by geography and network type

This creates a deployment challenge: legitimate uses of Hop-by-Hop Options (like MLD) may not work across all network paths.

Security Considerations:

Security Risks of Hop-by-Hop Processing

•CPU exhaustion attacks — Attackers can craft packets with complex option chains, forcing expensive router processing
•State exhaustion — Some options (like RPL) require routers to maintain state, enabling memory exhaustion attacks
•Parsing vulnerabilities — Options parsing code may have bugs; rarely-used options receive less testing
•Evasion techniques — Attackers may use extension headers to hide malicious payloads from simple inspection

Operational Recommendation

RFC 8200 notes that routers SHOULD be configurable to ignore the Hop-by-Hop Options header in some deployments—treating packets as if the option weren't present. This acknowledges the reality that security and performance concerns sometimes outweigh protocol compliance, though it may break legitimate functionality like MLD.

Summary: Hop-by-Hop Options Header

We've completed an exhaustive examination of the Hop-by-Hop Options header—the singular extension header that demands per-hop processing. Let's consolidate the essential knowledge:

Key Takeaways

•The sole exception — Hop-by-Hop Options is the only extension header processed by every node, not just the destination
•Mandatory positioning — Must appear immediately after the IPv6 header; IPv6 Next Header = 0 signals its presence
•TLV encoding — Options use Type-Length-Value format with embedded action/change flags in the type byte
•Padding options — Pad1 (1 byte) and PadN (2+ bytes) achieve 8-byte alignment
•Router Alert — Enables efficient interception of protocol-specific packets (MLD, RSVP) without deep inspection
•Jumbo Payload — Enables packets up to 4GB for high-performance network fabrics
•Performance tradeoffs — Per-hop processing has real costs; many networks rate-limit or drop these packets
•Operational reality — Deployment challenges exist; packets with Hop-by-Hop headers may not traverse all paths

What's Next:

The next page examines the Routing Header—the extension header that enables source routing, segment routing, and path control. Unlike Hop-by-Hop, Routing Headers are processed only at destinations, but their impact on packet forwarding is profound.

Hop-by-Hop Mastery Achieved

You now possess comprehensive understanding of the Hop-by-Hop Options header—from its architectural necessity through its binary encoding to its operational implications. This knowledge is fundamental for understanding IPv6's extension header ecosystem.

2 / 5

Loading learning content...

Computer NetworksIPv6

Extension Headers

LevelIntermediate

Duration75 mins

TopicIPv6

2 / 5

Hop-by-Hop Options Header

The Exception That Proves the Rule

But there's one critical exception: the Hop-by-Hop Options header.

The Hop-by-Hop Options header exists precisely to carry this class of time-critical, path-sensitive information. Its design, placement, and encoding reflect the unique demands of per-hop processing.

What You Will Learn

Why Hop-by-Hop Processing?

Categories of Hop-by-Hop Functionality:

Use Cases Requiring Hop-by-Hop Processing
Category	Example Option	Why Hop-by-Hop?	Consequence if Ignored
Oversized Packets	Jumbo Payload	Routers must know actual packet length to allocate buffers and forward correctly	Packet truncation, forwarding failure
Resource Signaling	Router Alert	Routers must intercept packets for local protocol processing (RSVP, MLD)	QoS reservations fail, multicast groups break
Security Classification	CALIPSO	Each router must verify security label authorization for its network segment	Classified data may leak to unauthorized networks
Congestion Feedback	Quick-Start	Each router must approve or modify requested rate	Congestion collapse, unfair bandwidth allocation

The Jumbo Payload Case Study:

Allocate sufficient buffer memory
Check against interface MTU
Correctly decrement Hop Limit at packet boundaries
Account for the traffic in queue management

This is why Hop-by-Hop exists: some information is path-essential, not just destination-relevant.

The Router Alert Insight

Header Structure and Format

The Hop-by-Hop Options header follows the standard extension header format but carries Type-Length-Value (TLV) encoded options. Its structure is optimized for efficient sequential parsing.

Binary Format:

hop_by_hop_header_format.txt
Hop-by-Hop Options Header Structure
════════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Next Header  |  Hdr Ext Len  |                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
.                                                               .
.                         Options                               .
.                                                               .
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
┌─────────────────────────────────────────────────────────────────────────┐
│ FIELD DEFINITIONS                                                       │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│ Next Header (8 bits)                                                    │
│   Identifies the type of header immediately following the Hop-by-Hop   │
│   Options header. Uses the same values as the IPv6 Next Header field.  │
│   Common values:                                                        │
│     - 6   = TCP                                                         │
│     - 17  = UDP                                                         │
│     - 43  = Routing Header                                              │
│     - 58  = ICMPv6                                                      │
│     - 60  = Destination Options                                         │
│                                                                         │
│ Hdr Ext Len (8 bits)                                                    │
│   Length of the Hop-by-Hop Options header in 8-octet units,            │
│   NOT including the first 8 octets.                                     │
│                                                                         │
│   Total Header Length = (Hdr Ext Len + 1) × 8 bytes                     │
│                                                                         │
│   Examples:                                                             │
│     - Hdr Ext Len = 0  → Total length = 8 bytes  (minimum)              │
│     - Hdr Ext Len = 1  → Total length = 16 bytes                        │
│     - Hdr Ext Len = 2  → Total length = 24 bytes                        │
│     - Hdr Ext Len = 255 → Total length = 2048 bytes (maximum)           │
│                                                                         │
│ Options (variable)                                                      │
│   One or more TLV-encoded options, padded to 8-octet boundary.          │
│   Options are parsed sequentially from start to end.                    │
│   The header MUST be padded to a multiple of 8 octets.                  │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘
 
Example: Minimum Hop-by-Hop Header (8 bytes, just padding)
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      6        |       0       |      1        |      4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0        |       0       |       0       |      0        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Decoded:
- Next Header: 6 (TCP follows)
- Hdr Ext Len: 0 (total length = 8 bytes)
- Options: PadN with length 4, then 4 bytes of zero padding

Mandatory Positioning

TLV Option Encoding

Standard TLV Format:

tlv_option_format.txt
Standard TLV Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|  Option Type  |  Opt Data Len |    Option Data (variable)     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|<--- 8 bits -->|<--- 8 bits -->|<---- Opt Data Len bytes ----->|
 
 
Option Type Field Encoding (8 bits)
═══════════════════════════════════════════════════════════════════════════
 
The Option Type byte contains encoded processing directives:
 
     0   1   2   3   4   5   6   7
   +---+---+---+---+---+---+---+---+
   | act |chg|     Option Number   |
   +---+---+---+---+---+---+---+---+
 
act (bits 0-1): Action if option type is unrecognized
═══════════════════════════════════════════════════════════════════════════
  00 = Skip over this option and continue processing
  01 = Discard the packet silently
  10 = Discard and send ICMP Parameter Problem (all destinations)
  11 = Discard and send ICMP Parameter Problem (only if not multicast)
 
chg (bit 2): Change flag
═══════════════════════════════════════════════════════════════════════════
  0 = Option data does NOT change en route
  1 = Option data MAY change en route
      (critical for authentication: changed options cannot be authenticated)
 
Option Number (bits 3-7): The specific option type within this class
 
 
Decoding Examples:
═══════════════════════════════════════════════════════════════════════════
 
Option Type = 0x00 (binary: 00 0 00000) = Pad1
  - act=00: skip if unknown
  - chg=0: does not change
  - number=0: padding option 1
 
Option Type = 0x01 (binary: 00 0 00001) = PadN  
  - act=00: skip if unknown
  - chg=0: does not change
  - number=1: padding option N
 
Option Type = 0x05 (binary: 00 0 00101) = Router Alert
  - act=00: skip if unknown (but routers SHOULD recognize this)
  - chg=0: does not change
  - number=5: router alert
 
Option Type = 0xC2 (binary: 11 0 00010) = Jumbo Payload
  - act=11: discard + ICMP if unknown (unless multicast)
  - chg=0: does not change
  - number=2: jumbo payload

The Action Bits Rationale:

The two-bit action field enables graduated responses to unrecognized options:

00 (skip): Used for options where ignoring them doesn't break functionality—padding, optional hints
01 (silently discard): Used when processing failure is a security concern but no feedback should be given
10 (discard + ICMP): Used when the sender needs to know the option wasn't processed
11 (discard + ICMP, not multicast): Like 10, but avoids ICMP storms from multicast destinations

The Change Flag and IPsec

Padding Options: Pad1 and PadN

Pad1 Option (Type = 0):

Pad1 is unique—it has NO length or value fields. The entire option is a single zero byte:

pad1_option.txt
Pad1 Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+
|       0       |   ← Entire option is just this one byte
+-+-+-+-+-+-+-+-+
 
Used to insert 1 byte of padding.
 
The absence of length/value fields is intentional:
- If Type=0 always used standard TLV, minimum would be 2 bytes (type + length)
- Pad1 saves one byte per single-byte alignment need
- Parser recognizes Type=0, consumes exactly 1 byte, continues

PadN Option (Type = 1):

PadN uses the standard TLV format to insert N bytes of padding (where N ≥ 2):

padn_option.txt
PadN Option Format
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
|       1       |  Opt Data Len |       Zero Padding             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
 
Opt Data Len contains (N-2) where N is total bytes of padding desired.
 
Examples:
═══════════════════════════════════════════════════════════════════════════
 
2 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       0       |   ← PadN with data length 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
4 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       2       |       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
6 bytes of padding:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       1       |       4       |       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       0       |       0       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Alignment Requirements

Router Alert Option

Option Format:

router_alert_option.txt
Router Alert Option Format
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0x05     |      0x02     |      Router Alert Value       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Fields:
═══════════════════════════════════════════════════════════════════════════
Option Type:     0x05 (binary: 00 0 00101)
                 - Action: 00 = skip if unknown
                 - Change: 0 = does not change en route
                 - Number: 5 = Router Alert
 
Option Length:   0x02 (2 bytes of option data)
 
Router Alert Value (16 bits):
  0     = Datagram contains MLD message (Multicast Listener Discovery)
  1     = Datagram contains RSVP message (Resource Reservation)
  2     = Datagram contains an Active Network message
  3     = Aggregated RSVP reservation
  4     = QoS NSLP Aggregation-level 0
  5-34  = QoS NSLP Aggregation levels 1-30
  35    = NSIS NATFW NSLP
  65535 = Reserved for future expansion
  
(Complete registry maintained by IANA)

Processing Algorithm:

When a router encounters a packet with the Router Alert option:

Router Alert Processing Steps

•Detect option presence — IPv6 Next Header = 0 triggers Hop-by-Hop parsing
•Parse to Router Alert — Extract the 16-bit Router Alert Value
•Check value against supported protocols — Does router support MLD? RSVP?
•If supported: Pass packet copy to appropriate protocol handler; may also forward original
•If not supported: Forward packet normally (the skip action allows graceful degradation)

MLD and the Router Alert

Jumbo Payload Option

When Jumbo Payload is Used:

Payload Length in IPv6 header is set to 0
Actual length is specified in the Jumbo Payload option
Maximum packet size: 4,294,967,295 bytes (2³² - 1)

Option Format:

jumbo_payload_option.txt
Jumbo Payload Option Format
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0xC2     |      0x04     |       Jumbo Payload Length    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Fields:
═══════════════════════════════════════════════════════════════════════════
Option Type:     0xC2 (binary: 11 0 00010)
                 - Action: 11 = discard + ICMP if unknown (unless multicast)
                 - Change: 0 = does not change en route
                 - Number: 2 = Jumbo Payload
 
Option Length:   0x04 (4 bytes = 32-bit length value)
 
Jumbo Payload Length (32 bits):
  - Length of the packet in bytes, excluding the IPv6 header (40 bytes)
  - Includes all extension headers, plus upper-layer data
  - MUST be greater than 65,535 (else standard Payload Length would work)
  - Maximum value: 4,294,967,295
 
Alignment:       4n+2 (must start at offset 2, 6, 10, etc.)
 
 
Complete Hop-by-Hop Header with Jumbo Payload:
═══════════════════════════════════════════════════════════════════════════
 
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header=6 | Hdr Ext Len=0 |      0xC2     |      0x04     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Jumbo Payload Length                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
This 8-byte Hop-by-Hop header specifies a jumbogram; TCP data follows.

Critical Processing Rules:

Jumbo Payload Validation Rules

•Payload Length MUST be 0 — If IPv6 header Payload Length ≠ 0 but Jumbo Payload is present, send ICMP Parameter Problem
•Value MUST exceed 65,535 — Jumbo Payload Length ≤ 65,535 is an error (should use standard Payload Length)
•Must appear first — Jumbo Payload must be the first option in Hop-by-Hop header (after Next Header and Hdr Ext Len)
•No fragmentation possible — Jumbograms cannot use the Fragment extension header
•UDP checksum required — UDP packets in jumbograms MUST include checksum (can't be zero)

Practical Jumbogram Deployment

Other Hop-by-Hop Options

CALIPSO (Common Architecture Label IPv6 Security Option):

CALIPSO Option Structure
Field	Size	Description
Domain of Interpretation	32 bits	Identifies the security policy domain
Compartment Length	8 bits	Length of compartment bitmap in 32-bit words
Sensitivity Level	8 bits	Hierarchical classification level
Compartment Bitmap	Variable	Non-hierarchical category markings

RPL Option (Routing Protocol for Low-Power and Lossy Networks):

The RPL Option carries routing state for constrained networks (IoT, sensor networks):

rpl_option.txt
RPL Option (Type = 0x63)
═══════════════════════════════════════════════════════════════════════════
 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0x63     |  Opt Data Len |O|R|F|   0   |   RPLInstanceID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          SenderRank           |  (sub-TLVs if O=1)            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - - - - - - - -+
 
O = Down flag (packet moving toward root or away)
R = Rank-Error flag (inconsistent rank detected)
F = Forwarding-Error flag (forwarding problem)
RPLInstanceID = Identifies the RPL routing instance
SenderRank = Rank of sending node in the RPL DAG

SMF_DPD (Simplified Multicast Forwarding Duplicate Packet Detection):

This option supports multicast forwarding in networks without full multicast routing protocols:

•Purpose: Prevent infinite loops when flooding multicast packets
•Mechanism: Each packet carries a sequence number; routers track seen sequences
•Use case: Emergency/ad-hoc networks where traditional multicast setup is impractical

IANA Registry

Performance and Security Implications

The Hop-by-Hop Options header's requirement for per-hop processing creates both performance and security considerations that network operators must understand.

Performance Impact:

Hop-by-Hop Processing Overhead

•Slow-path processing — Packets with Hop-by-Hop headers often leave the router's hardware fast-path, entering software processing
•Per-hop parsing cost — Every router must parse the options, even if none are recognized/actionable
•Queue priority — Some implementations deprioritize Hop-by-Hop packets to protect fast-path traffic
•Rate limiting — Routers may limit Hop-by-Hop packet processing rate to prevent CPU exhaustion

The Middlebox Reality:

Empirical studies (notably RFC 7872) found that packets with Hop-by-Hop Options headers experience significantly higher drop rates across the Internet:

Up to 40% of paths drop packets with Hop-by-Hop headers
Some networks intentionally drop these packets as a performance/security measure
Drop rates vary significantly by geography and network type

This creates a deployment challenge: legitimate uses of Hop-by-Hop Options (like MLD) may not work across all network paths.

Security Considerations:

Security Risks of Hop-by-Hop Processing

•CPU exhaustion attacks — Attackers can craft packets with complex option chains, forcing expensive router processing
•State exhaustion — Some options (like RPL) require routers to maintain state, enabling memory exhaustion attacks
•Parsing vulnerabilities — Options parsing code may have bugs; rarely-used options receive less testing
•Evasion techniques — Attackers may use extension headers to hide malicious payloads from simple inspection

Operational Recommendation

Summary: Hop-by-Hop Options Header

We've completed an exhaustive examination of the Hop-by-Hop Options header—the singular extension header that demands per-hop processing. Let's consolidate the essential knowledge:

Key Takeaways

•The sole exception — Hop-by-Hop Options is the only extension header processed by every node, not just the destination
•Mandatory positioning — Must appear immediately after the IPv6 header; IPv6 Next Header = 0 signals its presence
•TLV encoding — Options use Type-Length-Value format with embedded action/change flags in the type byte
•Padding options — Pad1 (1 byte) and PadN (2+ bytes) achieve 8-byte alignment
•Router Alert — Enables efficient interception of protocol-specific packets (MLD, RSVP) without deep inspection
•Jumbo Payload — Enables packets up to 4GB for high-performance network fabrics
•Performance tradeoffs — Per-hop processing has real costs; many networks rate-limit or drop these packets
•Operational reality — Deployment challenges exist; packets with Hop-by-Hop headers may not traverse all paths

What's Next:

Hop-by-Hop Mastery Achieved

2 / 5

Extension Headers - Page 2 of 5 | OneNoughtOne