idnits 2.17.1 draft-nguyen-ospf-lls-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC2328' is mentioned on line 71, but not defined == Missing Reference: 'IANA' is mentioned on line 291, but not defined == Unused Reference: 'OSPF' is defined on line 338, but no explicit reference was found in the text Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Alex Zinin (Alcatel) 2 Internet Draft Barry Friedman (Cisco Systems) 3 Expiration Date: March 2005 Abhay Roy (Cisco Systems) 4 File name: draft-nguyen-ospf-lls-05.txt Liem Nguyen (Cisco Systems) 5 Derek Yeung (Cisco Systems) 7 OSPF Link-local Signaling 9 draft-nguyen-ospf-lls-05.txt 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other groups 18 may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference material 23 or to cite them other than as ``work in progress.'' 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 Abstract 33 OSPF is a link-state intra-domain routing protocol used in IP networks. 34 OSPF routers exchange information on a link using packets that follow a 35 well-defined format. The format of OSPF packets is not flexible enough 36 to enable applications exchange arbitrary data, which may be necessary 37 in certain situations. This memo describes a vendor specific, 38 backward-compatible technique to perform link-local signaling, i.e., 39 exchange arbitrary data on a link. 41 1. Motivation 43 OSPF is a link-state intra-domain routing protocol used in IP 44 networks. OSPF routers exchange information on a link using packets 45 that follow a well-defined format. The format of OSPF packets is not 46 flexible enough to enable applications exchange arbitrary data, which 47 may be necessary in certain situations. This memo describes a vendor 48 specific, backward-compatible technique to perform link-local 49 signaling, i.e., exchange arbitrary data on a link. Formats of OSPF 50 [RFC2328] packets are not very flexible to provide an acceptable 51 mechanism for opaque data transfer. However, this appears to be very 52 useful to allow OSPF routers to do so. An example where such a 53 technique could be used is exchanging some capabilities on a link 54 (standard OSPF utilizes Options field in Hello and Exchange packets, 55 but there are not so many bits left in it). 57 One potential way of solving this task could be introducing a new 58 packet type. However, that would mean introducing extra packets on 59 the network which may not be desirable, so this document describes 60 how to exchange data using existing, standard OSPF packet types. 62 2. The LLS solution 64 OSPF is a link-state intra-domain routing protocol used in IP 65 networks. OSPF routers exchange information on a link using packets 66 that follow a well-defined format. The format of OSPF packets is not 67 flexible enough to enable applications exchange arbitrary data, which 68 may be necessary in certain situations. This memo describes a vendor 69 specific, backward-compatible technique to perform link-local 70 signaling, i.e., exchange arbitrary data on a link. Formats of OSPF 71 [RFC2328] packets are not very flexible to provide an acceptable 72 mechanism for opaque data transfer. However, this appears to be very 73 useful to allow OSPF routers to do so. An example where such a 74 technique could be used is exchanging some capabilities on a link 75 (standard OSPF utilizes Options field in Hello and Exchange packets, 76 but there are not so many bits left in it). 78 One potential way of solving this task could be introducing a new 79 packet type. However, in some situations it may not be desirable, so 80 this document describes how to exchange data using standard OSPF 81 packet types. To perform link-local signaling (LLS), OSPF routers 82 add a special data block at the end of OSPF packets or right after 83 the authentication data block when cryptographic authentication is 84 used. Like with OSPF cryptographic authentication, the length of the 85 LLS- block is not included into the length of OSPF packet, but is 86 included in the IP packet length. Figure 1 illustrates how the LLS 87 data block is attached. 89 +---------------------+ -- 90 | IP Header | ^ 91 | Length = HL+X+Y+Z | | Header Length 92 | | v 93 +---------------------+ -- 94 | OSPF Header | ^ 95 | Length = X | | 96 |.....................| | X 97 | | | 98 | OSPF Data | | 99 | | v 100 +---------------------+ -- 101 | | ^ 102 | Authentication Data | | Y 103 | | v 104 +---------------------+ -- 105 | | ^ 106 | LLS Data | | Z 107 | | v 108 +---------------------+ -- 110 Figure 1: Attaching LLS Data Block 112 The LLS data block may be attached to OSPF packets of two types--- 113 type 1 (OSPF Hello), and type-2 (OSPF DBD). The data included in LLS 114 block attached to a Hello packet may be used for dynamic signaling, 115 since Hello packets may be sent at any moment in time. However, 116 delivery of LLS data in Hello packets is not guaranteed. The data 117 sent with DBD packets is guaranteed to be delivered as part of the 118 adjacency forming process. 120 This memo does not specify how the data transmitted by the LLS 121 mechanism should be interpreted by OSPF routers. The interface 122 between OSPF LLS component and its clients is implementation- 123 specific. 125 2.1. Options Field 127 A new bit, called L (L stands for LLS) is introduced to OSPF Options 128 field (see Figure 2). The value of the bit is 0x10. Routers set L 129 bit in Hello and DBD packets to indicate that the packet contains LLS 130 data block. 132 +---+---+---+---+---+---+---+---+ 133 | * | O | DC| L |N/P| MC| E | * | 134 +---+---+---+---+---+---+---+-+-+ 136 Figure 2: The Options field 138 The L-bit is set only in Hello and DBD packets. It is not set in OSPF 139 LSAs and may be used in them for different purposes. 141 2.2. LLS Data Block 143 The data block used for link-local signaling is formatted as 144 described below (see Figure 3 for illustration). 146 0 1 2 3 147 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 | Checksum | LLS Data Length | 150 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 151 | | 152 | LLS TLVs | 153 . . 154 . . 155 . . 156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 158 Figure 3: Format of LLS Data Block 160 The Checksum field contains the standard IP checksum of the entire 161 contents of the LLS block. 163 The 16-bit LLS Data Length field contains the length (in 32-bit 164 words) of the LLS block including the header and payload. 165 Implementations should not use the Length field in the IP packet 166 header to determine the length of the LLS data block. 168 Note that if the OSPF packet is cryptographically authenticated, the 169 LLS data block must also be cryptographically authenticated. In this 170 case the regular LLS checksum is not calculated and the LLS block 171 will contain a cryptographic authentication TLV (see Section 2.4.2). 173 The rest of the block contains a set of Type/Length/Value (TLV) 174 triplets as described in Section 2.3. All TLVs must be 32-bit 175 aligned (with padding if necessary). 177 2.3. LLS TLVs 179 The contents of LLS data block is constructed using TLVs. See Figure 180 4 for the TLV format. 182 The type field contains the TLV ID which is unique for each type of 183 TLVs. The Length field contains the length of the Value field (in 184 bytes) that is variable and contains arbitrary data. 186 0 1 2 3 187 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 | Type | Length | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 | | 192 . . 193 . Value . 194 . . 195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 Figure 4: Format of LLS TLVs 199 Note that TLVs are always padded to 32-bit boundary, but padding 200 bytes are not included in TLV Length field (though it is included in 201 the LLS Data Length field of the LLS block header). 203 2.4. Predefined TLV 205 2.4.1. Extended Options TLV 207 This subsection describes a TLV called Extended Options (EO) TLV. 208 The format of EO-TLV is shown in Figure 5. 210 Bits in the Value field do not have any semantics from the point of 211 view of LLS mechanism. This field may be used to announce some OSPF 212 capabilities that are link-specific. Also, other OSPF extensions may 213 allocate bits in the bit vector to perform boolean link-local 214 signaling. 216 The length of the Value field in EO-TLV is 4 bytes. 218 The value of the type field in EO-TLV is TBD (temporarily used value 219 is 1). 221 EO-TLV should only appear once in the LLS data block. 223 0 1 2 3 224 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | 1 | Length | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | Extended Options | 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 Figure 5: Format of EO TLV 233 Currently, [OOB] and [RESTART] use bits in the Extended Options field 234 of the EO-TLV. The Extended Options bits are also defined in Section 235 3. 237 2.4.2. Cryptographic Authentication TLV 239 This document defines a special TLV that is used for cryptographic 240 authentication (CA-TLV) of the LLS data block. This TLV should be 241 included in the LLS block when the cryptographic (MD5) authentication 242 is enabled on the corresponding interface. The message digest of the 243 LLS block should be calculated using the same key as that used for 244 the main OSPF packet. The cryptographic sequence number is included 245 in the TLV and must be the same as the one in the main OSPF packet 246 for the LLS block to be considered authentic. 248 The TLV is constructed as shown Figure 6. 250 0 1 2 3 251 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 | 2 | AuthLen | 254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 | Sequence number | 256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 257 | | 258 . . 259 . AuthData . 260 . . 261 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 Figure 6: Format of Cryptographic Authentication TLV 265 The value of the Type field for CA-TLV is TBD. Temporary used value 266 is 2. 268 The Length field in the header contains the length of the data 269 portion of the TLV that includes 4 bytes for the Sequence Number and 270 the length of the message digest (MD5) block for the whole LLS block 271 in bytes (this will always be 16 bytes for MD5). So AuthLen field 272 will have value of 20. 274 The Sequence Number field contains the cryptographic sequence number 275 that is used to prevent simple replay attacks. For the LLS block to 276 be considered authentic, the Sequence Number in the CA-TLV must match 277 the Sequence Number in the OSPF packet. 279 The AuthData contains the message digest calculated for the LLS data 280 block. 282 The CA-TLV may appear in the LLS block only once. Also, when present, 283 this TLV should be the last in the LLS block. 285 3. IANA Considerations 287 LLS TLV types are maintained by the IANA. Extensions to OSPF which 288 require a new LLS TLV type must be reviewed by an designated expert 289 from the routing area. 291 Following the policies outlined in [IANA], LLS type values in the 292 range of 0-32767 are allocated through an IETF Consensus action and 293 LLS type values in the range of 32768-65536 are reserved for private 294 and experimental use. 296 This document assigns LLS types 1 and 2, as follows: 298 LLS Type Name Reference 299 0 Reserved 300 1 Extended Options [RFCNNNN]* 301 2 Cryptographic Authentication [RFCNNNN]* 302 3-32767 Reserved for assignment by the IANA 303 32768-65535 Private Use 304 65535 Reserved 306 *[RFCNNNN] refers to the RFC number-to-be for this document. 308 This document also assigns the following bits for the Extended 309 Options bits field in the EO-TLV outlined in Section 2.4.1: 311 Extended Options Bit Name Reference 312 0x00000001 LSDB Resynchronization (LR) [OOB] 313 0x00000002 Restart Signal (RS-bit) [RESTART] 315 Other Extended Options bits will be allocated through an IETF 316 consensus action. 318 4. Compatibility Issues 320 The modifications to OSPF packet formats are compatible with standard 321 OSPF because LLS-incapable routers will not consider the extra data 322 after the packet; i.e., the LLS data block will be ignored by routers 323 which do not support the LLS extension. 325 5. Security Considerations 327 The described technique provides the same level of security as OSPF 328 protocol by allowing LLS data to be authenticated (see Section 2.4.2 329 for more details). 331 6. Acknowledgements 333 The authors would like to acknowledge Russ White for his review of 334 this document. 336 7. Normative References 338 [OSPF] Moy, J., "OSPF Version 2", RFC 2328, April 1998. 340 8. Informative References 342 [OOB] Zinin, A., Roy, A. and L. Nguyen, 343 "OSPF Out-of-band LSDB resynchronization", Work in progress, 344 September 2004. 346 [RESTART] Zinin, A., Roy, A. and L. Nguyen, 347 "OSPF Restart Signaling", Work in progress, 348 September 2004. 350 9. Author Information 352 Alex Zinin 353 Alcatel 354 Sunnyvale, CA 355 USA 356 E-mail: zinin@psg.com 358 Barry Friedman 359 Cisco Systems 360 170 W. Tasman Dr. 361 San Jose,CA 95134 362 USA 363 E-mail: friedman@cisco.com 365 Liem Nguyen 366 7025 Kit Creek Rd. 367 Research Triangle Park, NC 27709 368 USA 369 E-mail: lhnguyen@cisco.com 371 Abhay Roy 372 Cisco Systems 373 170 W. Tasman Dr. 374 San Jose,CA 95134 375 USA 376 E-mail: akr@cisco.com 378 Derek M. Yeung 379 Cisco Systems 380 170 W. Tasman Dr. 381 San Jose,CA 95134 382 USA 383 E-mail: myeung@cisco.com