idnits 2.17.1 draft-ietf-ospf-stdreport-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 173 instances of lines with control characters in the document. ** The abstract seems to contain references ([Ref2]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 1997) is 9836 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'Ref5' is defined on line 265, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'Ref1' ** Obsolete normative reference: RFC 1264 (ref. 'Ref2') (Obsoleted by RFC 4794) ** Obsolete normative reference: RFC 1583 (ref. 'Ref3') (Obsoleted by RFC 2178) ** Obsolete normative reference: RFC 1850 (ref. 'Ref4') (Obsoleted by RFC 4750) ** Downref: Normative reference to an Informational RFC: RFC 1245 (ref. 'Ref5') ** Downref: Normative reference to an Informational RFC: RFC 1246 (ref. 'Ref6') ** Downref: Normative reference to an Historic RFC: RFC 1745 (ref. 'Ref7') Summary: 16 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Moy 3 Internet Draft Cascade Communications Corp. 4 Expiration Date: November 1997 May 1997 5 File name: draft-ietf-ospf-stdreport-02.txt 7 OSPF Standardization Report 9 Status of this Memo 11 This document is an Internet-Draft. Internet-Drafts are working 12 documents of the Internet Engineering Task Force (IETF), its areas, 13 and its working groups. Note that other groups may also distribute 14 working documents as Internet-Drafts. 16 Internet-Drafts are draft documents valid for a maximum of six 17 months and may be updated, replaced, or obsoleted by other documents 18 at any time. It is inappropriate to use Internet- Drafts as 19 reference material or to cite them other than as "work in progress". 21 To learn the current status of any Internet-Draft, please check the 22 "1id-abstracts.txt" listing contained in the Internet- Drafts Shadow 23 Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 24 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 25 ftp.isi.edu (US West Coast). 27 Abstract 29 This memo documents how the requirements for advancing a routing 30 protocol to Full Standard, set out in [Ref2], have been met for 31 OSPFv2. 33 Please send comments to ospf@gated.cornell.edu. 35 Table of Contents 37 1 Introduction ........................................... 2 38 2 Modifications since Draft Standard status .............. 2 39 2.1 Point-to-MultiPoint interface .......................... 3 40 2.2 Cryptographic Authentication ........................... 4 41 3 Updated implementation and deployment experience ....... 4 42 4 Protocol Security ...................................... 6 43 References ............................................. 7 44 Security Considerations ................................ 8 45 Author's Address ....................................... 8 46 1. Introduction 48 OSPFv2, herein abbreviated simply as OSPF, is an IPv4 routing 49 protocol documented in [Ref1]. OSPF is a link-state routing 50 protocol. It is designed to be run internal to a single Autonomous 51 System. Each OSPF router maintains an identical database describing 52 the Autonomous System's topology. From this database, a routing 53 table is calculated by constructing a shortest-path tree. OSPF 54 features include the following: 56 o OSPF responds quickly to topology changes, expending a minimum 57 of network bandwidth in the process. 59 o Support for CIDR addressing. 61 o OSPF routing exchanges can be authenticated, providing routing 62 security. 64 o Equal-cost multipath. 66 o An area routing capability is provided, enabling an Autonomous 67 system to be split into a two level hierarchy to further reduce 68 the amount of routing protocol traffic. 70 o OSPF allows import of external routing information into the 71 Autonomous System, including a tagging feature that can be 72 exploited to exchange extra information at the AS boundaries 73 (see [Ref7]). 75 An analysis of OSPF together with a more detailed description of 76 OSPF features was originally provided in [Ref6], as a part of 77 promoting OSPF to Draft Standard status. The analysis of OSPF 78 remains unchanged. Two additional major features have been developed 79 for OSPF since the protocol achieved Draft Standard status: the 80 Point-to-MultiPoint interface and Cryptographic Authentication. 81 These features are described in Sections 2.1 and 2.2 respectively of 82 this memo. 84 The OSPF MIB is documented in [Ref4]. It is currently at Draft 85 Standard status. 87 2. Modifications since Draft Standard status 89 OSPF was last released as RFC 1583 [Ref3], which is labeled with 90 Draft Standard status. Implementations of the new specification in 91 [Ref1] are backward-compatible with RFC 1583. The differences 92 between the two documents are described in Appendix G of [Ref1]. 93 These differences are listed briefly below. Two major features were 94 also added, the Point-to-MultiPoint interface and Cryptographic 95 Authentication, which are described in separate sections. 97 o Configuration requirements for OSPF area address ranges have 98 been relaxed to allow greater flexibility in area assignment. 99 See Section G.3 of [Ref1] for details. 101 o The OSPF flooding algorithm was modified to a) improve database 102 convergence in networks with low speed links and b) resolve a 103 problem where unnecessary LSA retransmissions could occur as a 104 result of differing clock granularities. See Sections G.4 and 105 G.5 of [Ref1] for details. 107 o To resolve the long-standing confusion regarding representation 108 of point-to-point links in OSPF, the specification now 109 optionally allows advertisement of a stub link to a point-to- 110 point link's subnet, ala RIP. See Section G.6 of [Ref1]. 112 o Several problems involving advertising the same external route 113 from multiple areas were found and fixed, as described in 114 Section G.7 of [Ref1]. Without the fixes, persistent routing 115 loops could form in certain such configurations. Note that one 116 of the fixes was not backward-compatible, in that mixing routers 117 implementing the fixes with those implementing just RFC 1583 118 could cause loops not present in an RFC 1583-only configuration. 119 This caused an RFC1583Compatibility global configuration 120 parameter to be added, as described in Section C.1 of [Ref1]. 122 o In order to deal with high delay links, retransmissions of 123 initial Database Description packets no longer reset an OSPF 124 adjacency. 126 o In order to detect link MTU mismatches, which can cause problems 127 both in IP forwarding and in the OSPF routing protocol itself, 128 MTU was added to OSPF's Database Description packets. 129 Neighboring routers refuse to bring up an OSPF adjacency unless 130 they agree on their common link's MTU. 132 o The TOS routing option was deleted from OSPF. However, for 133 backward compatibility the formats of OSPF's various LSAs remain 134 unchanged, maintaining the ability to specify TOS metrics in 135 router-LSAs, summary-LSAs, ASBR-summary-LSAs, and AS-external- 136 LSAs. 138 2.1. Point-to-MultiPoint interface 140 The Point-to-MultiPoint interface was added as an alternative to 141 OSPF's NBMA interface when running OSPF over non-broadcast 142 subnets. Unlike the NBMA interface, Point-to-MultiPoint does not 143 require full mesh connectivity over the non-broadcast subnet. 144 Point-to-MultiPoint is less efficient than NBMA, but is easier 145 to configure (in fact, it can be self-configuring) and is more 146 robust than NBMA, tolerating all failures within the non- 147 broadcast subnet. For more information on the Point-to- 148 MultiPoint interface, see Section G.2 of [Ref1]. 150 There are at least six independent implementations of the 151 Point-to-MultiPoint interface. Interoperability has been 152 demonstrated between at least two pairs of implementations: 153 between 3com and Bay Networks, and between cisco and Cascade. 155 2.2. Cryptographic Authentication 157 Non-trivial authentication was added to OSPF with the 158 development of the Cryptographic Authentication type. This 159 authentication type uses any keyed message digest algorithm, 160 with explicit instructions included for the use of MD5. For more 161 information on OSPF authentication, see Section 4. 163 There are at least three independent implementations of the OSPF 164 Cryptographic authentication type. Interoperability has been 165 demonstrated between the implementations from cisco and Cascade. 167 3. Updated implementation and deployment experience 169 When OSPF was promoted to Draft Standard Status, a report was issued 170 documenting current implementation and deployment experience (see 171 [Ref6]). That report is now quite dated. In an attempt to get more 172 current data, a questionnaire was sent to OSPF mailing list in 173 January 1996. Twelve responses were received, from 11 router vendors 174 and 1 manufacturer of test equipment. These responses represented 6 175 independent implementations. A tabulation of the results are 176 presented below. 178 Table 1 indicates the implementation, interoperability and 179 deployment of the major OSPF functions. The number in each column 180 represents the number of responses in the affirmative. 182 Imple- Inter- 183 Feature mented operated Deployed 184 _______________________________________________________ 185 OSPF areas 10 10 10 186 Stub areas 10 10 9 187 Virtual links 10 9 8 188 Equal-cost multipath 10 7 8 189 NBMA support 9 8 7 190 CIDR addressing 8 5 6 191 OSPF MIB 8 5 5 192 Cryptographic auth. 3 1 1 193 Point-to-Multipoint ifc. 6 3 4 195 Table 1: Implementation of OSPF features 197 Table 2 indicates the size of the OSPF routing domains that vendors 198 have tested. For each size parameter, the number of responders and 199 the range of responses (minimum, mode, mean and maximum) are listed. 201 Parameter Responses Min Mode Mean Max 202 _________________________________________________________________ 203 Max routers in domain 7 30 240 460 1600 204 Max routers in single area 7 20 240 380 1600 205 Max areas in domain 7 1 10 16 60 206 Max AS-external-LSAs 9 50 10K 10K 30K 208 Table 2: OSPF domain sizes tested 210 Table 3 indicates the size of the OSPF routing domains that vendors 211 have deployed in real networks. For each size parameter, the number 212 of responders and the range of responses (minimum, mode, mean and 213 maximum) are listed. 215 Parameter Responses Min Mode Mean Max 216 _________________________________________________________________ 217 Max routers in domain 8 20 350 510 1000 218 Max routers in single area 8 20 100 160 350 219 Max areas in domain 7 1 15 23 60 220 Max AS-external-LSAs 6 50 1K 2K 5K 222 Table 3: OSPF domain sizes deployed 224 4. Protocol Security 226 All OSPF protocol exchanges are authenticated. OSPF supports 227 multiple types of authentication; the type of authentication in use 228 can be configured on a per network segment basis. One of OSPF's 229 authentication types, namely the Cryptographic authentication 230 option, is believed to be secure against passive attacks and provide 231 significant protection against active attacks. When using the 232 Cryptographic authentication option, each router appends a "message 233 digest" to its transmitted OSPF packets. Receivers then use the 234 shared secret key and received digest to verify that each received 235 OSPF packet is authentic. 237 The quality of the security provided by the Cryptographic 238 authentication option depends completely on the strength of the 239 message digest algorithm (MD5 is currently the only message digest 240 algorithm specified), the strength of the key being used, and the 241 correct implementation of the security mechanism in all 242 communicating OSPF implementations. It also requires that all 243 parties maintain the secrecy of the shared secret key. 245 None of the OSPF authentication types provide confidentiality. Nor 246 do they protect against traffic analysis. Key management is also not 247 addressed by the OSPF specification. 249 For more information, see Sections 8.1, 8.2, and Appendix D of 250 [Ref1]. 252 References 254 [Ref1] Moy, J., "OSPF Version 2", Internet Draft, , Cascade, April 1997. 257 [Ref2] Hinden, B., "Internet Routing Protocol Standardization 258 Criteria", RFC 1264, October 1991. 260 [Ref3] Moy, J., "OSPF Version 2", RFC 1583, March 1994. 262 [Ref4] Baker, F,, and R. Coltun, "OSPF Version 2 Management 263 Information Base", RFC 1850, November 1995. 265 [Ref5] Moy, J., "OSPF Protocol Analysis", RFC 1245, August 1991. 267 [Ref6] Moy, J., "Experience with the OSPF Protocol", RFC 1246, 268 August 1991. 270 [Ref7] Varadhan, K., S. Hares and Y. Rekhter, "BGP4/IDRP for IP--- 271 OSPF Interaction", RFC 1745, December 1994. 273 Security Considerations 275 Security considerations are addressed in Section 4 of this memo. 277 Author's Address 279 John Moy 280 Cascade Communications Corp. 281 5 Carlisle Road 282 Westford, MA 01886 284 Phone: 508-952-1367 285 Fax: 508-692-9214 286 Email: jmoy@casc.com 288 This document expires in November 1997.