idnits 2.17.1 draft-acee-ospf-ospfv3-autoconfig-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 9, 2012) is 4307 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6506 (ref. 'OSPFV3-AUTH-TRAILER') (Obsoleted by RFC 7166) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Lindem 3 Internet-Draft J. Arkko 4 Intended status: Standards Track Ericsson 5 Expires: January 10, 2013 July 9, 2012 7 OSPFv3 Auto-Configuration 8 draft-acee-ospf-ospfv3-autoconfig-03.txt 10 Abstract 12 OSPFv3 is a candidate for deployments in environments where auto- 13 configuration is a requirement. One such environment is the IPv6 14 home network where users expect to simply plug in a router and have 15 it automatically use OSPFv3 for intra-domain routing. This document 16 describes the necessary mechanisms for OSPFv3 to be self-configuring. 18 Status of this Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on January 10, 2013. 35 Copyright Notice 37 Copyright (c) 2012 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 This document may contain material from IETF Documents or IETF 51 Contributions published or made publicly available before November 52 10, 2008. The person(s) controlling the copyright in some of this 53 material may not have granted the IETF Trust the right to allow 54 modifications of such material outside the IETF Standards Process. 55 Without obtaining an adequate license from the person(s) controlling 56 the copyright in such materials, this document may not be modified 57 outside the IETF Standards Process, and derivative works of it may 58 not be created outside the IETF Standards Process, except to format 59 it for publication as an RFC or to translate it into languages other 60 than English. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 66 1.2. Acknowledgments . . . . . . . . . . . . . . . . . . . . . 3 67 2. OSPFv3 Default Configuration . . . . . . . . . . . . . . . . . 4 68 3. OSPFv3 Router ID Selection . . . . . . . . . . . . . . . . . . 5 69 4. OSPFv3 Adjacency Formation . . . . . . . . . . . . . . . . . . 6 70 5. OSPFv3 Duplicate Router-ID Detection and Resolution . . . . . 7 71 5.1. Duplicate Router-ID Detection for Neighbors . . . . . . . 7 72 5.2. Duplicate Router-ID Detection for OSPFv3 Routers that 73 are not Neighbors . . . . . . . . . . . . . . . . . . . . 7 74 5.2.1. OSPFv3 Router Auto-Configuration LSA . . . . . . . . . 7 75 5.2.2. Router-Hardware-Fingerprint TLV . . . . . . . . . . . 9 76 5.3. Duplicate Router-ID Resolution . . . . . . . . . . . . . . 9 77 5.4. Change to Received Self-Originated LSA Processing . . . . 10 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 79 7. Management Considerations . . . . . . . . . . . . . . . . . . 12 80 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 81 9. Normative References . . . . . . . . . . . . . . . . . . . . . 14 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 84 1. Introduction 86 OSPFv3 [OSPFV3] is a candidate for deployments in environments where 87 auto-configuration is a requirement. Its operation is largely 88 unchanged from the base OSPFv3 protocol specification [OSPFV3]. 90 The following aspects of OSPFv3 auto-configuration are described: 92 1. Default OSPFv3 Configuration 94 2. Unique OSPFv3 Router-ID generation 96 3. OSPFv3 Adjacency Formation 98 4. Duplicate OSPFv3 Router-ID Resolution 100 1.1. Requirements notation 102 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 103 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 104 document are to be interpreted as described in [RFC-KEYWORDS]. 106 1.2. Acknowledgments 108 This specification was inspired by the work presented in the Homenet 109 working group meeting in October 2011 in Philadelphia, Pennsylvania. 110 In particular, we would like to thank Fred Baker, Lorenzo Colitti, 111 Ole Troan, Mark Townsley, and Michael Richardson. 113 Arthur Dimitrelis and Aidan Williams did prior work in OSPFv3 auto- 114 configuration in the expired "Autoconfiguration of routers using a 115 link state routing protocol" IETF Draft. There are many similarities 116 between the concepts and techniques in this document. 118 Thanks for Abhay Roy and Manav Bhatia for comments regarding 119 duplicate router-id processing. 121 Thanks for Alvaro Retana and Michael Barnes for comments regarding 122 OSPFv3 Instance ID auto-configuration. 124 The RFC text was produced using Marshall Rose's xml2rfc tool. 126 2. OSPFv3 Default Configuration 128 For complete auto-configuration, OSPFv3 will need to choose suitable 129 configuration defaults. These include: 131 1. Area 0 Only - All auto-configured OSPFv3 interfaces MUST be in 132 area 0. 134 2. OSPFv3 SHOULD be auto-configured on for IPv6 on all interfaces 135 intended as general IPv6-capable routers. Optionally, an 136 interface MAY be excluded if it is clear that running OSPFv3 on 137 the interface is not required. For example, if manual 138 configuration or an other condition indicates that an interface 139 is connected to an Internet Service Provider (ISP), there is 140 typically no need to employ OSPFv3. However, note that in many 141 environments it can be useful to test whether an OSPFv3 adjacency 142 can be established. In home networking environments, an 143 interface where no OSPFv3 neighbors are found but a DHCP prefix 144 can be acquired may be considered as an ISP interface. 146 3. OSPFv3 interfaces will be auto-configured to an interface type 147 corresponding to their layer-2 capability. For example, Ethernet 148 interfaces will be auto-configured as broadcast networks and 149 Point-to-Point Protocol (PPP) interfaces will be auto-configured 150 as Point-to-Point interfaces. Most extant OSPFv3 implementations 151 do this already. 153 4. OSPFv3 interfaces MUST auto-configure the default HelloInterval 154 and RouterDeadInterval as specified in [OSPFV3]. 156 5. All OSPFv3 interfaces SHOULD be auto-configured to use an 157 Interface Instance ID of 0 that corresponds to the base IPv6 158 unicast address family instance ID as defined in [OSPFV3-AF]. 159 Similarly, if IPv4 unicast addresses are advertised in a separate 160 auto-configured OSPFv3 instance, the base IPv4 unicast address 161 family instance ID value, i.e., 64, SHOULD be auto-configured as 162 the Interface Instance ID for all interfaces corresponding to the 163 OSPFv3 instance [OSPFV3-AF]. 165 3. OSPFv3 Router ID Selection 167 As OSPFv3 Router implementing this specification must select a unique 168 Router-ID. A pseudo-random number SHOULD be used for the OSPFv3 169 Router-ID. The generation should be seeded with a variable that is 170 likely to be unique in that environment. A good choice of seed would 171 be some portion or hash of the Route-Hardware-Fingerprint as 172 described in Section 5.2.2. 174 Since there is a possibility of a Router ID collision, duplicate 175 Router ID detection and resolution are required as described in 176 Section 5 and Section 5.3. 178 4. OSPFv3 Adjacency Formation 180 Since OSPFv3 uses IPv6 link-local addresses for all protocol messages 181 other than message sent on virtual links (which are not applicable to 182 auto-configuration), OSPFv3 adjacency formation can proceed as soon 183 as a Router-ID has been selected and the IPv6 link-local address has 184 completed Duplicate Address Detection (DAD) as specified in IPv6 185 Stateless Address Autoconfiguration [SLAAC]. Otherwise, there is no 186 change to the OSPFv3 base specification except with respect to 187 duplicate Router-ID detection and resolution as described in 188 Section 5 and Section 5.3. 190 5. OSPFv3 Duplicate Router-ID Detection and Resolution 192 There are two cases of duplicate OSPFv3 Router-ID detection. One 193 where the OSPFv3 router with the duplicate Router-ID is directly 194 connected and one where it is not. In both cases, the resolution is 195 for one of the routers with the duplicate OSPFv3 Router-ID to select 196 a new one. 198 5.1. Duplicate Router-ID Detection for Neighbors 200 In this case, a duplicate Router-ID is detected if any valid OSPFv3 201 packet is received with the same OSPFv3 Router-ID but a different 202 IPv6 link-local source address. Once that occurs, the OSPFv3 router 203 with the numerically smaller IPv6 link-local address will need to 204 select a new Router-ID as described in Section 5.3. Note that the 205 fact that the OSPFv3 router is a neighbor on a non-virtual interface 206 implies that the router is directly connected. An OSPFv3 router 207 implementing this specification should assure that the inadvertent 208 connection of multiple router interfaces to the same physical link in 209 not misconstrued as detection of a different OSPFv3 router with a 210 duplicate Router-ID. 212 5.2. Duplicate Router-ID Detection for OSPFv3 Routers that are not 213 Neighbors 215 OSPFv3 Routers implementing auto-configuration, as specified herein, 216 MUST originate an Auto-Config (AC) Link State Advertisement (LSA) 217 including the Router-Hardware-Fingerprint Type-Length-Value (TLV). 218 The Router-Hardware-Fingerprint TLV contains a variable length value 219 that has a very high probability of uniquely identifying the 220 advertising OSPFv3 router. An OSPFv3 router implementing this 221 specification MUST compare a received self-originated Auto-Config 222 LSA's Router-Hardware-Fingerprint TLV against its own router hardware 223 fingerprint. If the fingerprints are not equal, there is a Router-ID 224 conflict and the OSPFv3 Router with the numerically smaller router 225 hardware fingerprint MUST select a new Router-ID as described in 226 Section 5.3. 228 This new LSA is designated for information related to OSPFv3 Auto- 229 configuration and, in the future, could be used other auto- 230 configuration information, e.g., global IPv6 prefixes. However, this 231 is beyond the scope of this document. 233 5.2.1. OSPFv3 Router Auto-Configuration LSA 235 The OSPFv3 Auto-Configuration (AC) LSA has a function code of TBD and 236 the S1/S2 bits set to B'01' indicating Area Flooding Scope. The U 237 bit will be set indicating that the OSPFv3 AC LSA should be flooded 238 even if it is not understood. The Link State ID (LSID) value will be 239 a integer index used to discriminate between multiple AC LSAs 240 originated by the same OSPF Router. This specification only 241 describes the contents of an AC LSA with a Link State ID (LSID) of 0. 243 0 1 2 3 244 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | LS age |1|0|1| TBD | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | Link State ID | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | Advertising Router | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 252 | LS sequence number | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | LS checksum | Length | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 256 | | 257 +- TLVs -+ 258 | ... | 260 OSPFv3 Auto-Configuration (AC) LSA 262 The format of the TLVs within the body of an AC LSA is the same as 263 the format used by the Traffic Engineering Extensions to OSPF [TE]. 264 The LSA payload consists of one or more nested Type/Length/Value 265 (TLV) triplets. The format of each TLV is: 267 0 1 2 3 268 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 270 | Type | Length | 271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 272 | Value... | 273 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 TLV Format 277 The Length field defines the length of the value portion in octets 278 (thus a TLV with no value portion would have a length of 0). The TLV 279 is padded to 4-octet alignment; padding is not included in the length 280 field (so a 3-octet value would have a length of 3, but the total 281 size of the TLV would be 8 octets). Nested TLVs are also 32-bit 282 aligned. For example, a 1-byte value would have the length field set 283 to 1, and 3 octets of padding would be added to the end of the value 284 portion of the TLV. Unrecognized types are ignored. 286 The new LSA is designated for information related to OSPFv3 Auto- 287 configuration and, in the future, can be used other auto- 288 configuration information, e.g., global IPv6 prefixes. 290 5.2.2. Router-Hardware-Fingerprint TLV 292 The Router-Hardware-Fingerprint TLV is the first TLV defined for the 293 OSPFv3 Auto-Configuration (AC) LSA. It will have type 1 and MUST be 294 advertised in the LSID OSPFv3 AC LSA with an LSID of 0. It SHOULD 295 occur, at most, once and the first instance of the TLV will take 296 precedence over preceding TLV instances. The length of the Router- 297 Hardware-Fingerprint is variable but must be 32 bytes or greater. 299 The contents of the hardware fingerprint should be some combination 300 of MAC addresses, CPU ID, or serial number(s) that provides an 301 extremely high probability of uniqueness. It MUST be based on 302 hardware attributes that will not change across hard and soft 303 restarts. 305 0 1 2 3 306 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | 1 | >32 | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Router Hardware Fingerprint | 311 o 312 o 313 o 314 | | 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 Router-Hardware-Fingerprint TLV Format 319 5.3. Duplicate Router-ID Resolution 321 The OSPFv3 Router selected to resolve the duplicate OSPFv3 Router-ID 322 condition must select a new OSPFv3 Router-ID. After selecting a new 323 Router-ID, the Router-LSA with the prior duplicate Router-ID MUST be 324 purged. all self-originated LSAs MUST be reoriginated, and any OSPFv3 325 neighbor adjacencies MUST be reestablished. 327 5.4. Change to Received Self-Originated LSA Processing 329 RFC 2328 [OSPFV2], Section 13.4, describes the processing of received 330 self-originated LSAs. If the received LSA doesn't exist, the 331 receiving router will purge it from the OSPF routing domain. If the 332 LSA is newer than the version in the Link State Database (LSDB), the 333 receiving router will originate a newer version by advancing the LSA 334 sequence number and reflooding. Since it is possible for an auto- 335 configured OSPFv3 router to choose a duplicate OSPFv3 Router-ID, 336 OSPFv3 routers implementing this specification should detect when 337 multiple instances of the same self-originated LSA are purged or 338 reoriginated since this is indicative of an OSPFv3 router with a 339 duplicate Router-ID in the OSPFv3 routing domain. When this 340 condition is detected, the OSPFv3 Router SHOULD delay self-originated 341 LSA processing for LSAs that have recently been purged or reflooded. 342 This specification recommends 10 seconds as the interval defining 343 recent self-originated LSA processing and an exponential back off of 344 1 to 8 seconds for the processing delay. 346 6. Security Considerations 348 A unique OSPFv3 Interface Instance ID is used for auto-configuration 349 to prevent inadvertent OSPFv3 adjacency formation, see Section 2 351 The goals of security and complete OSPFv3 auto-configuration are 352 somewhat contradictory. When no explicit security configuration 353 takes place, auto-configuration implies that additional devices 354 placed in the network are automatically adopted as a part of the 355 network. However, auto-configuration can also be combined with 356 password configuration (see below) or future extensions for automatic 357 pairing between devices. These mechanisms can help provide an 358 automatically configured, securely routed network. 360 It is RECOMMENDED that OSPFv3 routers supporting this specification 361 also offer an option to explicitly configure a password for HMAC- SHA 362 authentication as described in [OSPFV3-AUTH-TRAILER]. When 363 configured, the password will be used on all auto-configured 364 interfaces with the Security Association Identifier (SA ID) set to 1 365 and HMAC-SHA-256 will be used as the authentication algorithm. 367 7. Management Considerations 369 It is RECOMMENDED that OSPFv3 routers supporting this specification 370 also allow explicit configuration of OSPFv3 parameters as specified 371 in Appendix C of [OSPFV3]. This is in addition to the authentication 372 key configuration recommended in Section 6. However, it is 373 acknowledged that there may be some deployment scenarios where manual 374 configuration is not required. 376 8. IANA Considerations 378 This specification allocates a new OSPFv3 LSA, OSPFv3 Auto- 379 Configuration (AC) LSA, TBD, as described in Section 5.2.1. 381 This specification also creates a registry for OSPFv3 Auto- 382 Configuration (AC) LSA TLVs. This registry should be placed in the 383 existing OSPFv3 IANA registry, and new values can be allocated via 384 IETF Consensus or IESG Approval. 386 Three initial values are allocated: 388 o 0 is marked as reserved. 390 o 1 is Router-Hardware-Fingerprint TLV (Section 5.2.2). 392 o 65535 is an Auto-configuration-Experiment-TLV, a common value that 393 can be used for experimental purposes. 395 9. Normative References 397 [OSPFV2] Moy, J., "OSPF Version 2", RFC 2328, April 1998. 399 [OSPFV3] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 400 for IPv6", RFC 5340, July 2008. 402 [OSPFV3-AF] 403 Lindem, A., Mirtorabi, S., Roy, A., Barnes, M., and R. 404 Aggarwal, "Support of Address Families in OSPFv3", 405 RFC 5838, April 2010. 407 [OSPFV3-AUTH-TRAILER] 408 Bhatia, M., Manral, V., and A. Lindem, "Supporting 409 Authentication Trailer for OSPFv3", RFC 6506, 410 February 2012. 412 [RFC-KEYWORDS] 413 Bradner, S., "Key words for use in RFCs to Indicate 414 Requirement Levels", RFC 2119, March 1997. 416 [SLAAC] Thomson, S., Narten, T., and J. Tatuya, "IPv6 Stateless 417 Address Autoconfiguration", RFC 4862, September 2007. 419 [TE] Katz, D., Yeung, D., and K. Kompella, "Traffic Engineering 420 Extensions to OSPF", RFC 3630, September 2003. 422 Authors' Addresses 424 Acee Lindem 425 Ericsson 426 102 Carric Bend Court 427 Cary, NC 27519 428 USA 430 Email: acee.lindem@ericsson.com 432 Jari Arkko 433 Ericsson 434 Jorvas, 02420 435 Finland 437 Email: jari.arkko@piuha.net