AH是IPsec的子协议，其IANA规定的协议号码是51，头部如下：

Next Header (8 bits): 上层头类型，表示所保护的上层协议是什么，其值可能是协议数字号码对应表其中之一.
Payload Len (8 bits): The length of this Authentication Header in 4-octet units, minus 2. For example an AH value of 4 equals 3x(32-bit fixed-length AH fields) + 3x(32-bit ICV fields) – 2 and thus an AH value of 4 means 24 octets. Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This restriction does not apply to an Authentication Header carried in an IPv4 packet.
Reserved (16 bits): Reserved for future use (all zeroes until then).
Security Parameters Index (32 bits): Arbitrary value which is used (together with the destination IP address) to identify the security association of the receiving party.
Sequence Number (32 bits): A monotonic strictly increasing sequence number (incremented by 1 for every packet sent) to prevent replay attacks. When replay detection is enabled, sequence numbers are never reused, because a new security association must be renegotiated before an attempt to increment the sequence number beyond its maximum value.^[8]
Integrity Check Value (multiple of 32 bits): Variable length check value. It may contain padding to align the field to an 8-octet boundary for IPv6, or a 4-octet boundary for IPv4.