idnits 2.17.1 draft-ietf-ospf-lls-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC4813, but the abstract doesn't seem to directly say this. It does mention RFC4813 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 8, 2009) is 5435 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5226 (ref. 'IANA') (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 4813 (Obsoleted by RFC 5613) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Zinin 3 Internet-Draft Alcatel 4 Obsoletes: 4813 (if approved) A. Roy 5 Intended status: Standards Track L. Nguyen 6 Expires: December 10, 2009 Cisco Systems 7 B. Friedman 8 Redback Networks 9 D. Yeung 10 Cisco Systems 11 June 8, 2009 13 OSPF Link-local Signaling 14 draft-ietf-ospf-lls-08.txt 16 Status of this Memo 18 This Internet-Draft is submitted to IETF in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt. 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 This Internet-Draft will expire on December 10, 2009. 39 Copyright Notice 41 Copyright (c) 2009 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents in effect on the date of 46 publication of this document (http://trustee.ietf.org/license-info). 47 Please review these documents carefully, as they describe your rights 48 and restrictions with respect to this document. 50 Abstract 52 OSPF is a link-state intra-domain routing protocol. OSPF routers 53 exchange information on a link using packets that follow a well- 54 defined fixed format. The format is not flexible enough to enable 55 new features which need to exchange arbitrary data. This document 56 describes a backward-compatible technique to perform link-local 57 signaling, i.e., exchange arbitrary data on a link. This document 58 replaces the experimental specification published in RFC4813 to bring 59 it on the Standards Track. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 65 2. Proposed solution . . . . . . . . . . . . . . . . . . . . . . 4 66 2.1. L-bit in Options Field . . . . . . . . . . . . . . . . . . 5 67 2.2. LLS Data Block . . . . . . . . . . . . . . . . . . . . . . 5 68 2.3. LLS TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 6 69 2.4. Extended Options and Flags TLV . . . . . . . . . . . . . . 6 70 2.5. Cryptographic Authentication TLV (OSPFv2 ONLY) . . . . . . 7 71 2.6. Private TLVs . . . . . . . . . . . . . . . . . . . . . . . 8 72 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 73 4. Compatibility Issues . . . . . . . . . . . . . . . . . . . . . 11 74 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 75 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 76 6.1. Normative References . . . . . . . . . . . . . . . . . . . 13 77 6.2. Informative References . . . . . . . . . . . . . . . . . . 13 78 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 14 79 Appendix B. Changes from RFC 4813 . . . . . . . . . . . . . . . . 15 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 82 1. Introduction 84 This document describes an extension to OSPFv2 [OSPFV2] and OSPFv3 85 [OSPFV3] allowing additional information to be exchanged between 86 routers on the same link. OSPFv2 and OSPFv3 packet formats are fixed 87 and do not allow for extension. This document proposes appending an 88 optional data block composed of Type/Length/Value (TLV) triplets to 89 existing OSPFv2 and OSPFv3 packets to carry this additional 90 information. Throughout this document, OSPF will be used when the 91 specification is applicable to both OSPFv2 and OSPFv3. Similarly, 92 OSPFv2 or OSPFv3 will be used when the text is protocol specific. 94 One potential way of solving this task could be introducing a new 95 packet type. However, that would mean introducing extra packets on 96 the network which may not be desirable and may cause backward 97 compatibility issues. This document describes how to exchange data 98 using standard OSPF packet types. 100 1.1. Requirements notation 102 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 103 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 104 document are to be interpreted as described in [KEY]. 106 2. Proposed solution 108 To perform link-local signaling (LLS), OSPF routers add a special 109 data block to the end of OSPF packets or right after the 110 authentication data block when cryptographic authentication is used. 111 The length of the LLS block is not included into the length of OSPF 112 packet, but is included in the IPv4/IPv6 packet length. Figure 1 113 illustrates how the LLS data block is attached. 115 +---------------------+ -- -- +---------------------+ 116 | IP Header | ^ ^ | IPv6 Header | 117 | Length = HL+X+Y+Z | | Header Length | | Length = HL+X+Y | 118 | | v v | | 119 +---------------------+ -- -- +---------------------+ 120 | OSPF Header | ^ ^ | OSPFv3 Header | 121 | Length = X | | | | Length = X | 122 |.....................| | X | X |.....................| 123 | | | | | | 124 | OSPFv2 Data | | | | OSPFv3 Data | 125 | | v v | | 126 +---------------------+ -- -- +---------------------+ 127 | | ^ ^ | | 128 | Authentication Data | | Y | Y | LLS Data | 129 | | v v | | 130 +---------------------+ -- -- +---------------------+ 131 | | ^ 132 | LLS Data | | Z 133 | | v 134 +---------------------+ -- 136 Figure 1: LLS Data Block in OSPFv2 and OSPFv3 138 The LLS block MAY be attached to OSPF Hello and DD packets. LLS 139 block MUST NOT be attached to any other OSPF packet types on 140 generation and MUST be ignored on reception. 142 The data included in the LLS block attached to a Hello packet MAY be 143 used for dynamic signaling since Hello packets may be sent at any 144 time. However, delivery of LLS data in Hello packets is not 145 guaranteed. The data sent with DD packets is guaranteed to be 146 delivered as part of the adjacency forming process. 148 This document does not specify how the data transmitted by the LLS 149 mechanism should be interpreted by OSPF routers. As routers that do 150 not understand LLS may receive these packets, changes made due to LLS 151 block TLV's do not affect the basic routing when interacting with 152 non-LLS routers. 154 2.1. L-bit in Options Field 156 A new L bit (L stands for LLS) is introduced into the OSPF Options 157 field (see Figure 2a/2b). Routers set the L bit in Hello and DD 158 packets to indicate that the packet contains an LLS data block. In 159 other words, the LLS data block is only examined if the L bit is set. 161 +---+---+---+---+---+---+---+---+ 162 | * | O | DC| L |N/P| MC| E | * | 163 +---+---+---+---+---+---+---+-+-+ 165 Figure 2a: OSPFv2 Options field 167 0 1 2 168 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+ 170 | | | | | | | | | | | | | | |L|AF|*|*|DC| R| N|MC| E|V6| 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+ 173 Figure 2b: OSPFv3 Options field 175 The L bit MUST NOT be set except in Hello and DD packets that contain 176 LLS block. 178 2.2. LLS Data Block 180 The data block used for link-local signaling is formatted as 181 described below (see Figure 3 for illustration). 183 0 1 2 3 184 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | Checksum | LLS Data Length | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | | 189 | LLS TLVs | 190 . . 191 . . 192 . . 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 Figure 3: Format of LLS Data Block 197 The Checksum field contains the standard IP checksum for the entire 198 contents of the LLS block. Before computing the checksum, the 199 checksum field is set to 0. If the checksum is incorrect, the OSPF 200 packet MUST be processed, but the LLS block MUST be discarded. 202 The 16-bit LLS Data Length field contains the length (in 32-bit 203 words) of the LLS block including the header and payload. 205 Note that if the OSPF packet is cryptographically authenticated, the 206 LLS data block MUST also be cryptographically authenticated. In this 207 case, the regular LLS checksum is not calculated, but is instead set 208 to 0. 210 The rest of the block contains a set of Type/Length/Value (TLV) 211 triplets as described in Section 2.3. All TLVs MUST be 32-bit 212 aligned (with padding if necessary). 214 2.3. LLS TLVs 216 The contents of LLS data block is constructed using TLVs. See Figure 217 4 for the TLV format. 219 The type field contains the TLV ID which is unique for each type of 220 TLV. The Length field contains the length of the Value field (in 221 bytes). The value field is variable and contains arbitrary data. 223 0 1 2 3 224 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | Type | Length | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | | 229 . . 230 . Value . 231 . . 232 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 Figure 4: Format of LLS TLVs 236 Note that TLVs are always padded to 32-bit boundary, but padding 237 bytes are not included in the TLV Length field (though they are 238 included in the LLS Data Length field in the LLS block header). 239 Unrecognized TLV types are ignored. 241 2.4. Extended Options and Flags TLV 243 This subsection describes a TLV called the Extended Options and Flags 244 (EOF) TLV. The format of EOF-TLV is shown in Figure 5. 246 Bits in the Value field do not have any semantics from the point of 247 view of the LLS mechanism. Bits MAY be allocated to announce OSPF 248 link-local capabilities. Bits MAY also be allocated to perform 249 boolean link-local signaling. 251 The length of the Value field in the EOF-TLV is 4 bytes. 253 The value of the type field in the EOF-TLV is 1. 255 The EOF-TLV MUST only appear once in the LLS data block. 257 0 1 2 3 258 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 260 | 1 | 4 | 261 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 262 | Extended Options and Flags | 263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 265 Figure 5: Format of EOF-TLV 267 Currently, [OOB] and [RESTART] use bits in the Extended Options field 268 of the EOF-TLV. 270 The Extended Options and Flags bits are defined in Section 3. 272 2.5. Cryptographic Authentication TLV (OSPFv2 ONLY) 274 This document defines a special TLV that is used for cryptographic 275 authentication (CA-TLV) of the LLS data block. This TLV MUST only be 276 included in the LLS block when cryptographic authentication is 277 enabled on the corresponding interface. The message digest of the 278 LLS block MUST be calculated using the same key and authentication 279 algorithm as used for the OSPFv2 packet. The cryptographic sequence 280 number is included in the TLV and MUST be the same as the one in the 281 OSPFv2 authentication data for the LLS block to be considered 282 authentic. 284 The TLV is constructed as shown in Figure 6. 286 0 1 2 3 287 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 | 2 | AuthLen | 290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 291 | Sequence number | 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | | 294 . . 295 . AuthData . 296 . . 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 Figure 6: Format of Cryptographic Authentication TLV 301 The value of the Type field for the CA-TLV is 2. 303 The Length field in the header contains the length of the data 304 portion of the TLV including 4 bytes for Sequence Number and the 305 length of the message digest block for the whole LLS block in bytes. 307 The Sequence Number field contains the cryptographic sequence number 308 that is used to prevent simple replay attacks. For the LLS block to 309 be considered authentic, the Sequence Number in the CA-TLV MUST match 310 the Sequence Number in the OSPFv2 packet header Authentication field 311 (which MUST be present). In the event of Sequence Number mismatch or 312 Authentication failure, the whole LLS block MUST be ignored. 314 The CA-TLV MUST NOT appear more than once in the LLS block. Also, 315 when present, this TLV MUST be the last TLV in the LLS block. If it 316 appears more than once, only the first occurrence is processed and 317 any others MUST be ignored. 319 The AuthData contains the message digest calculated for the LLS data 320 block up to CA-TLV (i.e. exludes CA-TLV data). 322 The CA-TLV is not applicable to OSPFv3 and it MUST NOT be added to 323 any OSPFv3 packet. If found on reception, this TLV MUST be ignored. 325 2.6. Private TLVs 327 LLS type values in the range of 32768-65536 are reserved for private 328 use. The first four octets of the Value field MUST be the private 329 enterprise code [ENTNUM]. This allows multiple vendor private 330 extensions to coexist in a network. 332 3. IANA Considerations 334 This document uses the registry that was originally created in 335 [RFC4813]. IANA is requested to update the following registry to 336 point to this document instead: 338 o "Open Shortest Path First (OSPF) Link Local Signalling (LLS) - 339 Type/Length/Value Identifiers (TLV)" 341 IANA is requested to allocate L-bit in "OSPFv2 Options Registry" and 342 "OSPFv3 Options Registry" as per Section 2.1. 344 LLS TLV types are maintained by the IANA. Extensions to OSPF which 345 require a new LLS TLV type MUST be reviewed by an Designated Expert 346 from the routing area. 348 The criteria for allocating LLS TLVs are: 350 o LLS should not be used for information that would be better suited 351 to be advertised in a link-local LSA. 353 o LLS should be confined to signaling between direct neighbors. 355 o Discretion should be used in the volume of information signaled 356 using LLS due to the obvious MTU and performance implications. 358 Following the policies outlined in [IANA], LLS type values in the 359 range of 0-32767 are allocated through an IETF Review and LLS type 360 values in the range of 32768-65536 are reserved for private use. 362 This document assigns the following LLS TLV types in OSPFv2/OSPFv3. 364 TLV Type Name Reference 365 0 Reserved 366 1 Extended Options and Flags [RFCNNNN]* 367 2 Cryptographic Authentication+ [RFCNNNN]* 368 3-32767 Reserved for assignment by the IANA 369 32768-65535 Private Use 371 *[RFCNNNN] refers to the RFC number-to-be for this document. 372 + Cryptographic Authentication TLV is only defined for OSPFv2 374 IANA is requested to rename the sub-registry "LLS Type 1 Extended 375 Options" to "LLS Type 1 Extended Options and Flags". 377 This document also assigns the following bits in the EOF-TLV outlined 378 in Section 2.5: 380 Bit Name Reference 381 0x00000001 LSDB Resynchronization (LR) [OOB] 382 0x00000002 Restart Signal (RS-bit) [RESTART] 384 Future allocation of Extended Options and Flags bits MUST be reviewed 385 by an Designated Expert from the routing area. 387 4. Compatibility Issues 389 The modifications to OSPF packet formats are compatible with standard 390 OSPF since OSPF routers not supporting LLS will ignore the LLS data 391 block after the OSPF packet or cryptographic message digest. As of 392 this writing, there are implementations deployed with [RFC4813] 393 compliant software. Routers not implementing [RFC4813] ignore the 394 LLS data at the end of OSPF packet. 396 Careful consideration should be given to carrying additional LLS 397 data, as it may affect the OSPF adjacency bring-up time due to 398 additional propagation delay and/or processing time. 400 5. Security Considerations 402 Security Considerations inherited from OSPFv2 are described in 403 [OSPFV2]. This technique provides the same level of security as the 404 basic OSPFv2 protocol by allowing LLS data to be authenticated using 405 the same cryptographic authentication that OSPFv2 uses (see 406 Section 2.5 for more details). 408 Security considerations inherited from OSPFv3 are described in 409 [OSPFV3] and [OSPFV3AUTH]. OSPFv3 utilizes IPSec for authentication 410 and encryption. With IPsec, the AH (Authentication Header), ESP 411 (Encapsulating Security Payload), or both are applied to the entire 412 OSPFv3 payload including the LLS block. 414 6. References 416 6.1. Normative References 418 [IANA] Narten, T. and H. Alvestrand, "Guidelines for Writing an 419 IANA Considerations Section in RFCs", RFC 5226, May 2008. 421 [KEY] Bradner, S., "Key words for use in RFC's to Indicate 422 Requirement Levels", RFC 2119, March 1997. 424 [OSPFV2] Moy, J., "OSPF Version 2", RFC 2328, April 1998. 426 [OSPFV3] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 427 for IPv6", RFC 5340, July 2008. 429 [OSPFV3AUTH] 430 Gupta, M. and N. Melam, "Authentication/Confidentiality 431 for OSPFv3", RFC 4552, June 2006. 433 6.2. Informative References 435 [ENTNUM] IANA, 436 "http://www.iana.org/assignments/enterprise-numbers". 438 [OOB] Zinin, A., Roy, A., and L. Nguyen, "OSPF Out-of-band LSDB 439 resynchronization", RFC 4811, March 2007. 441 [RESTART] Zinin, A., Roy, A., and L. Nguyen, "OSPF Restart 442 Signaling", RFC 4812, March 2007. 444 [RFC4813] Friedman, B., Nguyen, L., Roy, A., Yeung, D., and A. 445 Zinin, "OSPF Link-Local Signaling", RFC 4813, March 2007. 447 Appendix A. Acknowledgements 449 The authors would like to acknowledge Russ White, Acee Lindem and 450 Manral Vishwas for their review of this document. 452 Appendix B. Changes from RFC 4813 454 This section describes the substantive change from [RFC4813]. 456 o Added OSPFv3 support 458 o Private TLVs MUST use private enterprise code 460 o Clarified requirement levels at several places 462 o Changed from Experimental to Standards Track 464 Authors' Addresses 466 Alex Zinin 467 Alcatel 468 Sunnyvale 469 USA 471 Email: zinin@psg.com 473 Abhay Roy 474 Cisco Systems 475 170 West Tasman Drive 476 San Jose, CA 95134 477 USA 479 Email: akr@cisco.com 481 Liem Nguyen 482 Cisco Systems 483 170 West Tasman Drive 484 San Jose, CA 95134 485 USA 487 Email: lhnguyen@cisco.com 489 Barry Friedman 490 Redback Networks 491 100 Headquarters Drive 492 San Jose, CA 95134 493 USA 495 Email: friedman@redback.com 497 Derek Yeung 498 Cisco Systems 499 170 West Tasman Drive 500 San Jose, CA 95134 501 USA 503 Email: myeung@cisco.com