idnits 2.17.1 draft-ietf-ospf-lls-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 20. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 443. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 454. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 461. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 467. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 12, 2008) is 5911 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2740 (ref. 'OSPFV3') (Obsoleted by RFC 5340) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Zinin 3 Internet-Draft Alcatel 4 Intended status: Standards Track A. Roy 5 Expires: August 15, 2008 L. Nguyen 6 Cisco Systems 7 B. Friedman 8 Redback Networks 9 D. Young 10 February 12, 2008 12 OSPF Link-local Signaling 13 draft-ietf-ospf-lls-04.txt 15 Status of this Memo 17 By submitting this Internet-Draft, each author represents that any 18 applicable patent or other IPR claims of which he or she is aware 19 have been or will be disclosed, and any of which he or she becomes 20 aware will be disclosed, in accordance with Section 6 of BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as Internet- 25 Drafts. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt. 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 This Internet-Draft will expire on August 15, 2008. 40 Copyright Notice 42 Copyright (C) The IETF Trust (2008). 44 Abstract 46 OSPF is a link-state intra-domain routing protocol. OSPF routers 47 exchange information on a link using packets that follow a well- 48 defined fixed format. The format is not flexible enough to enable 49 new features which need to exchange arbitrary data. This document 50 describes a backward-compatible technique to perform link-local 51 signaling, i.e., exchange arbitrary data on a link. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 57 2. Proposed solution . . . . . . . . . . . . . . . . . . . . . . 4 58 2.1. Options Field . . . . . . . . . . . . . . . . . . . . . . 5 59 2.2. LLS Data Block . . . . . . . . . . . . . . . . . . . . . . 5 60 2.3. LLS TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 2.4. Extended Options TLV . . . . . . . . . . . . . . . . . . . 6 62 2.5. Cryptographic Authentication TLV (OSPFv2 ONLY) . . . . . . 7 63 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 64 4. Compatibility Issues . . . . . . . . . . . . . . . . . . . . . 10 65 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 66 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 68 6.2. Informative References . . . . . . . . . . . . . . . . . . 12 69 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 13 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 71 Intellectual Property and Copyright Statements . . . . . . . . . . 15 73 1. Introduction 75 This document describes an extension to OSPFv2 [OSPFV2] and OSPFv3 76 [OSPFV3] allowing additional information to be exchanged between 77 routers on the same link. OSPFv2 and OSPFv3 packet formats are fixed 78 and do not allow for extension. This document proposes appending an 79 optional data block composed of Type/Length/Value (TLV) triplets to 80 existing OSPFv2 and OSPFv3 packets to carry this additional 81 information. Throughout this document, OSPF will be used when the 82 specification is applicable to both OSPFv2 and OSPFv3. Similarly, 83 OSPFv2 or OSPFv3 will be used when the text is protocol specific. 85 One potential way of solving this task could be introducing a new 86 packet type. However, that would mean introducing extra packets on 87 the network which may not be desirable and may cause backward 88 compatibility issues. This document describes how to exchange data 89 using standard OSPF packet types. 91 1.1. Requirements notation 93 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 95 document are to be interpreted as described in [KEY]. 97 2. Proposed solution 99 To perform link-local signaling (LLS), OSPF routers add a special 100 data block to the end of OSPF packets or right after the 101 authentication data block when cryptographic authentication is used. 102 The length of the LLS block is not included into the length of OSPF 103 packet, but is included in the IPv4/IPv6 packet length. Figure 1 104 illustrates how the LLS data block is attached. 106 +---------------------+ -- -- +---------------------+ 107 | IP Header | ^ ^ | IPv6 Header | 108 | Length = HL+X+Y+Z | | Header Length | | Length = HL+X+Y | 109 | | v v | | 110 +---------------------+ -- -- +---------------------+ 111 | OSPF Header | ^ ^ | OSPFv3 Header | 112 | Length = X | | | | Length = X | 113 |.....................| | X | X |.....................| 114 | | | | | | 115 | OSPFv2 Data | | | | OSPFv3 Data | 116 | | v v | | 117 +---------------------+ -- -- +---------------------+ 118 | | ^ ^ | | 119 | Authentication Data | | Y | Y | LLS Data | 120 | | v v | | 121 +---------------------+ -- -- +---------------------+ 122 | | ^ 123 | LLS Data | | Z 124 | | v 125 +---------------------+ -- 127 Figure 1: LLS Data Block in OSPFv2 and OSPFv3 129 The LLS data block MAY be attached to OSPF Hello and DD packets. The 130 data included in LLS block attached to a Hello packet MAY be used for 131 dynamic signaling since Hello packets may be sent at any time in 132 time. However, delivery of LLS data in Hello packets is not 133 guaranteed. The data sent with DD packets is guaranteed to be 134 delivered as part of the adjacency forming process. 136 This document does not specify how the data transmitted by the LLS 137 mechanism should be interpreted by OSPF routers. The interface 138 between the OSPF LLS component and its clients is implementation 139 specific. 141 2.1. Options Field 143 A new L bit (L stands for LLS) is introduced to OSPF Options field 144 (see Figure 2a/2b). Routers set the L bit in Hello and DD packets to 145 indicate that the packet contains LLS data block. In other words, 146 LLS data block is only examined if the L bit is set. 148 +---+---+---+---+---+---+---+---+ 149 | * | O | DC| L |N/P| MC| E | * | 150 +---+---+---+---+---+---+---+-+-+ 152 Figure 2a: OSPFv2 Options field 154 0 1 2 155 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+ 157 | | | | | | | | | | | | | | |L|AF|*|*|DC| R| N|MC| E|V6| 158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+ 160 Figure 2b: OSPFv3 Options field 162 The L bit is only set in Hello and DD packets. 164 2.2. LLS Data Block 166 The data block used for link-local signaling is formatted as 167 described below (see Figure 3 for illustration). 169 0 1 2 3 170 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 | Checksum | LLS Data Length | 173 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 | | 175 | LLS TLVs | 176 . . 177 . . 178 . . 179 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 Figure 3: Format of LLS Data Block 183 The Checksum field contains the standard IP checksum for the entire 184 contents of the LLS block. 186 The 16-bit LLS Data Length field contains the length (in 32-bit 187 words) of the LLS block including the header and payload. 188 Implementations MUST NOT use the Length field in the IP packet header 189 to determine the length of the LLS data block. 191 Note that if the OSPF packet is cryptographically authenticated, the 192 LLS data block MUST also be cryptographically authenticated. In this 193 case, the regular LLS checksum is not calculated and the LLS block 194 will contain a cryptographic authentication TLV (see Section 2.5). 196 The rest of the block contains a set of Type/Length/Value (TLV) 197 triplets as described in Section 2.3. All TLVs MUST be 32-bit 198 aligned (with padding if necessary). 200 2.3. LLS TLVs 202 The contents of LLS data block is constructed using TLVs. See Figure 203 4 for the TLV format. 205 The type field contains the TLV ID which is unique for each type of 206 TLVs. The Length field contains the length of the Value field (in 207 bytes). The value field is variable and contains arbitrary data. 209 0 1 2 3 210 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 | Type | Length | 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 | | 215 . . 216 . Value . 217 . . 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 Figure 4: Format of LLS TLVs 222 Note that TLVs are always padded to 32-bit boundary, but padding 223 bytes are not included in TLV Length field (though they are included 224 in the LLS Data Length field in the LLS block header). 226 2.4. Extended Options TLV 228 This subsection describes a TLV called the Extended Options (EO) TLV. 229 The format of EO-TLV is shown in Figure 5. 231 Bits in the Value field do not have any semantics from the point of 232 view of the LLS mechanism. This field MAY be used to announce some 233 OSPF capabilities that are link-specific. Also, other OSPF 234 extensions MAY allocate bits in the bit vector to perform boolean 235 link-local signaling. 237 The length of the Value field in the EO-TLV is 4 bytes. 239 The value of the type field in the EO-TLV is 1. 241 The EO-TLV MUST only appear once in the LLS data block. 243 0 1 2 3 244 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | 1 | 4 | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | Extended Options | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 Figure 5: Format of EO TLV 253 Currently, [OOB] and [RESTART] use bits in the Extended Options field 254 of the EO-TLV. 256 The Extended Options bits are defined in Section 3. 258 2.5. Cryptographic Authentication TLV (OSPFv2 ONLY) 260 This document defines a special TLV that is used for cryptographic 261 authentication (CA-TLV) of the LLS data block. This TLV MUST be 262 included in the LLS block when the cryptographic (MD5) authentication 263 is enabled on the corresponding interface. The message digest of the 264 LLS block MUST be calculated using the same key and authentication 265 algorithm as used for the OSPFv2 packet. The cryptographic sequence 266 number is included in the TLV and MUST be the same as the one in the 267 OSPFv2 authentication data for the LLS block to be considered 268 authentic. 270 The TLV is constructed as shown in Figure 6. 272 0 1 2 3 273 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | 2 | AuthLen | 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 | Sequence number | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | | 280 . . 281 . AuthData . 282 . . 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 Figure 6: Format of Cryptographic Authentication TLV 287 The value of the Type field for the CA-TLV is 2. 289 The Length field in the header contains the length of the data 290 portion of the TLV including 4 bytes for Sequence Number and the 291 length of the message digest (MD5) block for the whole LLS block in 292 bytes (this will always be 16 bytes for MD5). Hence, the AuthLen 293 field will be 20 for MD5 cryptographic authentication. 295 The Sequence Number field contains the cryptographic sequence number 296 that is used to prevent simple replay attacks. For the LLS block to 297 be considered authentic, the Sequence Number in the CA-TLV MUST match 298 the Sequence Number in the OSPFv2 packet header Authentication field. 299 In the event of Sequence Number mismatch or Authentication failure, 300 the whole LLS block MUST be ignored. 302 The AuthData contains the message digest calculated for the LLS data 303 block. 305 The CA-TLV MUST only appear once in the the LLS block. Also, when 306 present, this TLV SHOULD be the last TLV in the LLS block. 308 3. IANA Considerations 310 LLS TLV types are maintained by the IANA. Extensions to OSPF which 311 require a new LLS TLV type MUST be reviewed by an designated expert 312 from the routing area. 314 Following the policies outlined in [IANA], LLS type values in the 315 range of 0-32767 are allocated through an IETF Consensus action and 316 LLS type values in the range of 32768-65536 are reserved for private 317 and experimental use. 319 This document assigns the following LLS TLV types in OSPFv2/OSPFv3. 321 TLV Type Name Reference 322 0 Reserved 323 1 Extended Options [RFCNNNN]* 324 2 Cryptographic Authentication+ [RFCNNNN]* 325 3-32767 Reserved for assignment by the IANA 326 32768-65535 Private Use 328 *[RFCNNNN] refers to the RFC number-to-be for this document. 329 + Cryptographic Authentication TLV is only defined for OSPFv2 331 This document also assigns the following bits for the Extended 332 Options bits field in the EO-TLV outlined in Section 2.5: 334 Extended Options Bit Name Reference 335 0x00000001 LSDB Resynchronization (LR) [OOB] 336 0x00000002 Restart Signal (RS-bit) [RESTART] 338 Other Extended Options bits will be allocated through an IETF 339 consensus action. 341 4. Compatibility Issues 343 The modifications to OSPF packet formats are compatible with standard 344 OSPF since OSPF router not supporting LLS will ignore the LLS data 345 block after the OSPF packet or cryptographic message digest. 347 5. Security Considerations 349 The described technique provides the same level of security as OSPFv2 350 protocol by allowing LLS data to be authenticated using the same 351 cryptographic authentication that OSPFv2 uses (see Section 2.5 for 352 more details). 354 OSPFv3 utilizes IPSec for authentication and encryption [OSPFV3AUTH]. 355 With IPsec, the AH (Authentication Header), ESP (Encapsulating 356 Security Payload), or both are applied to the entire OSPFv3 payload 357 including the LLS block. 359 6. References 361 6.1. Normative References 363 [IANA] Narten, T. and H. Alvestrand, "Guidelines for Writing an 364 IANA Considerations Section in RFCs", RFC 2334, 365 October 1998. 367 [KEY] Bradner, S., "Key words for use in RFC's to Indicate 368 Requirement Levels", RFC 2119, March 1997. 370 [OSPFV2] Moy, J., "OSPF Version 2", RFC 2328, April 1998. 372 [OSPFV3] Coltun, R., Ferguson, D., and J. Moy, "OSPF for IPv6", 373 RFC 2740, December 1999. 375 [OSPFV3AUTH] 376 Gupta, M. and N. Melam, "Authentication/Confidentiality 377 for OSPFv3", RFC 4552, June 2006. 379 6.2. Informative References 381 [OOB] Zinin, A., Roy, A., and L. Nguyen, "OSPF Out-of-band LSDB 382 resynchronization", RFC 4811, March 2007. 384 [RESTART] Zinin, A., Roy, A., and L. Nguyen, "OSPF Restart 385 Signaling", RFC 4812, March 2007. 387 Appendix A. Acknowledgements 389 The authors would like to acknowledge Russ White and Acee Lindem for 390 their thoughtful review of this document. 392 Authors' Addresses 394 Alex Zinin 395 Alcatel 396 Sunnyvale 397 USA 399 Email: zinin@psg.com 401 Abhay Roy 402 Cisco Systems 403 170 West Tasman Drive 404 San Jose, CA 95134 405 USA 407 Email: akr@cisco.com 409 Liem Nguyen 410 Cisco Systems 411 170 West Tasman Drive 412 San Jose, CA 95134 413 USA 415 Email: lhnguyen@cisco.com 417 Barry Friedman 418 Redback Networks 419 100 Headquarters Drive 420 San Jose, CA 95134 421 USA 423 Email: friedman@redback.com 425 Derek Young 427 Email: derekmyeung@yahoo.com 429 Full Copyright Statement 431 Copyright (C) The IETF Trust (2008). 433 This document is subject to the rights, licenses and restrictions 434 contained in BCP 78, and except as set forth therein, the authors 435 retain all their rights. 437 This document and the information contained herein are provided on an 438 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 439 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 440 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 441 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 442 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 443 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 445 Intellectual Property 447 The IETF takes no position regarding the validity or scope of any 448 Intellectual Property Rights or other rights that might be claimed to 449 pertain to the implementation or use of the technology described in 450 this document or the extent to which any license under such rights 451 might or might not be available; nor does it represent that it has 452 made any independent effort to identify any such rights. Information 453 on the procedures with respect to rights in RFC documents can be 454 found in BCP 78 and BCP 79. 456 Copies of IPR disclosures made to the IETF Secretariat and any 457 assurances of licenses to be made available, or the result of an 458 attempt made to obtain a general license or permission for the use of 459 such proprietary rights by implementers or users of this 460 specification can be obtained from the IETF on-line IPR repository at 461 http://www.ietf.org/ipr. 463 The IETF invites any interested party to bring to its attention any 464 copyrights, patents or patent applications, or other proprietary 465 rights that may cover technology that may be required to implement 466 this standard. Please address the information to the IETF at 467 ietf-ipr@ietf.org. 469 Acknowledgment 471 Funding for the RFC Editor function is provided by the IETF 472 Administrative Support Activity (IASA).