Network Working Group R. Coltun Request for Comments: 2370 FORE Systems See Also: 2328 July 1998 Category: Standards Track
Network Working Group R. Coltun Request for Comments: 2370 FORE Systems See Also: 2328 July 1998 Category: Standards Track
The OSPF Opaque LSA Option
OSPF不透明LSA选项
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Table Of Contents
目录
1.0 Abstract ................................................. 1 2.0 Overview ................................................. 2 2.1 Organization Of This Document ............................ 2 2.2 Acknowledgments .......................................... 3 3.0 The Opaque LSA ........................................... 3 3.1 Flooding Opaque LSAs ..................................... 4 3.2 Modifications To The Neighbor State Machine .............. 5 4.0 Protocol Data Structures ................................. 6 4.1 Additions To The OSPF Neighbor Structure ................. 6 5.0 Management Considerations ................................ 7 6.0 Security Considerations .................................. 9 7.0 IANA Considerations ...................................... 10 8.0 References ............................................... 10 9.0 Author's Information ..................................... 11 Appendix A: OSPF Data Formats ................................ 12 A.1 The Options Field ........................................ 12 A.2 The Opaque LSA ........................................... 13 Appendix B: Full Copyright Statment .......................... 15
1.0 Abstract ................................................. 1 2.0 Overview ................................................. 2 2.1 Organization Of This Document ............................ 2 2.2 Acknowledgments .......................................... 3 3.0 The Opaque LSA ........................................... 3 3.1 Flooding Opaque LSAs ..................................... 4 3.2 Modifications To The Neighbor State Machine .............. 5 4.0 Protocol Data Structures ................................. 6 4.1 Additions To The OSPF Neighbor Structure ................. 6 5.0 Management Considerations ................................ 7 6.0 Security Considerations .................................. 9 7.0 IANA Considerations ...................................... 10 8.0 References ............................................... 10 9.0 Author's Information ..................................... 11 Appendix A: OSPF Data Formats ................................ 12 A.1 The Options Field ........................................ 12 A.2 The Opaque LSA ........................................... 13 Appendix B: Full Copyright Statment .......................... 15
This memo defines enhancements to the OSPF protocol to support a new class of link-state advertisements (LSA) called Opaque LSAs. Opaque LSAs provide a generalized mechanism to allow for the future extensibility of OSPF. Opaque LSAs consist of a standard LSA header followed by application-specific information. The information field
此备忘录定义了OSPF协议的增强功能,以支持一种称为不透明LSA的新型链路状态播发(LSA)。不透明LSA提供了一种通用机制,以允许OSPF未来的扩展性。不透明LSA由标准LSA头和应用程序特定信息组成。信息领域
may be used directly by OSPF or by other applications. Standard OSPF link-state database flooding mechanisms are used to distribute Opaque LSAs to all or some limited portion of the OSPF topology.
可直接由OSPF或其他应用程序使用。标准OSPF链路状态数据库泛洪机制用于将不透明LSA分发到OSPF拓扑的所有或某些有限部分。
Over the last several years the OSPF routing protocol [OSPF] has been widely deployed throughout the Internet. As a result of this deployment and the evolution of networking technology, OSPF has been extended to support many options; this evolution will obviously continue.
在过去的几年中,OSPF路由协议[OSPF]已经在整个互联网上广泛部署。由于这种部署和网络技术的发展,OSPF已经扩展到支持许多选项;这种演变显然将继续下去。
This memo defines enhancements to the OSPF protocol to support a new class of link-state advertisements (LSA) called Opaque LSAs. Opaque LSAs provide a generalized mechanism to allow for the future extensibility of OSPF. The information contained in Opaque LSAs may be used directly by OSPF or indirectly by some application wishing to distribute information throughout the OSPF domain. For example, the OSPF LSA may be used by routers to distribute IP to link-layer address resolution information (see [ARA] for more information). The exact use of Opaque LSAs is beyond the scope of this memo.
此备忘录定义了OSPF协议的增强功能,以支持一种称为不透明LSA的新型链路状态播发(LSA)。不透明LSA提供了一种通用机制,以允许OSPF未来的扩展性。不透明LSA中包含的信息可由OSPF直接使用,或由希望在整个OSPF域中分发信息的某些应用程序间接使用。例如,路由器可以使用OSPF LSA来分发IP到链路层地址解析信息(更多信息参见[ARA])。不透明LSA的准确使用超出了本备忘录的范围。
Opaque LSAs consist of a standard LSA header followed by a 32-bit qaligned application-specific information field. Like any other LSA, the Opaque LSA uses the link-state database distribution mechanism for flooding this information throughout the topology. The link-state type field of the Opaque LSA identifies the LSA's range of topological distribution. This range is referred to as the Flooding Scope.
不透明LSA由一个标准LSA头和一个32位qaligned应用程序特定信息字段组成。与任何其他LSA一样,不透明LSA使用链路状态数据库分发机制在整个拓扑中传播此信息。不透明LSA的链接状态类型字段标识LSA的拓扑分布范围。该范围称为泛洪范围。
It is envisioned that an implementation of the Opaque option provides an application interface for 1) encapsulating application-specific information in a specific Opaque type, 2) sending and receiving application-specific information, and 3) if required, informing the application of the change in validity of previously received information when topological changes are detected.
可以设想,不透明选项的实现提供了一个应用程序接口,用于1)将特定于应用程序的信息封装在特定的不透明类型中,2)发送和接收特定于应用程序的信息,以及3)如果需要,当检测到拓扑变化时,通知应用程序先前接收信息的有效性变化。
This document first defines the three types of Opaque LSAs followed by a description of OSPF packet processing. The packet processing sections include modifications to the flooding procedure and to the neighbor state machine. Appendix A then gives the packet formats.
本文档首先定义了三种不透明LSA,然后描述了OSPF数据包处理。分组处理部分包括对泛洪过程和相邻状态机的修改。附录A给出了数据包格式。
The author would like to thank Dennis Ferguson, Acee Lindem, John Moy, Sandra Murphy, Man-Kit Yeung, Zhaohui "Jeffrey" Zhang and the rest of the OSPF Working Group for the ideas and support they have given to this project.
作者要感谢丹尼斯·弗格森、艾西·林登、约翰·莫伊、桑德拉·墨菲、杨文杰、张兆辉“杰弗里”以及OSPF工作组的其他成员,感谢他们对本项目的想法和支持。
Opaque LSAs are types 9, 10 and 11 link-state advertisements. Opaque LSAs consist of a standard LSA header followed by a 32-bit aligned application-specific information field. Standard link-state database flooding mechanisms are used for distribution of Opaque LSAs. The range of topological distribution (i.e., the flooding scope) of an Opaque LSA is identified by its link-state type. This section documents the flooding of Opaque LSAs.
不透明LSA是类型9、10和11链路状态播发。不透明LSA由一个标准LSA头和一个32位对齐的应用程序特定信息字段组成。标准链路状态数据库泛洪机制用于不透明LSA的分发。不透明LSA的拓扑分布范围(即泛洪范围)由其链路状态类型确定。本节记录了不透明LSA的泛滥情况。
The flooding scope associated with each Opaque link-state type is defined as follows.
与每个不透明链接状态类型关联的泛洪范围定义如下。
o Link-state type 9 denotes a link-local scope. Type-9 Opaque LSAs are not flooded beyond the local (sub)network.
o 链路状态类型9表示链路本地范围。9类不透明LSA不会淹没在本地(子)网络之外。
o Link-state type 10 denotes an area-local scope. Type-10 Opaque LSAs are not flooded beyond the borders of their associated area.
o 链路状态类型10表示区域本地范围。10型不透明LSA不会淹没在其相关区域的边界之外。
o Link-state type 11 denotes that the LSA is flooded throughout the Autonomous System (AS). The flooding scope of type-11 LSAs are equivalent to the flooding scope of AS-external (type-5) LSAs. Specifically type-11 Opaque LSAs are 1) flooded throughout all transit areas, 2) not flooded into stub areas from the backbone and 3) not originated by routers into their connected stub areas. As with type-5 LSAs, if a type-11 Opaque LSA is received in a stub area from a neighboring router within the stub area the LSA is rejected.
o 链路状态类型11表示LSA被淹没在整个自治系统(AS)中。11型LSA的泛洪范围相当于AS外部(5型)LSA的泛洪范围。具体而言,11型不透明LSA 1)淹没在所有传输区域,2)未淹没在主干的存根区域,3)未由路由器发起进入其连接的存根区域。与5型LSA一样,如果在存根区域中从存根区域内的相邻路由器接收到11型不透明LSA,则LSA将被拒绝。
The link-state ID of the Opaque LSA is divided into an Opaque type field (the first 8 bits) and a type-specific ID (the remaining 24 bits). The packet format of the Opaque LSA is given in Appendix A. Section 7.0 describes Opaque type allocation and assignment.
不透明LSA的链路状态ID分为不透明类型字段(前8位)和特定类型ID(剩余24位)。不透明LSA的数据包格式见附录A。第7.0节描述了不透明类型分配和分配。
The responsibility for proper handling of the Opaque LSA's flooding scope is placed on both the sender and receiver of the LSA. The receiver must always store a valid received Opaque LSA in its link-state database. The receiver must not accept Opaque LSAs that violate the flooding scope (e.g., a type-11 (domain-wide) Opaque LSA is not accepted in a stub area). The flooding scope effects both the
正确处理不透明LSA泛洪范围的责任由LSA的发送方和接收方承担。接收方必须始终在其链路状态数据库中存储有效的接收到的不透明LSA。接收方不得接受违反泛洪范围的不透明LSA(例如,存根区域不接受类型11(域范围)不透明LSA)。洪水范围影响着两个方面
synchronization of the link-state database and the flooding procedure.
链路状态数据库和泛洪过程的同步。
The following describes the modifications to these procedures that are necessary to insure conformance to the Opaque LSA's Scoping Rules.
以下描述了为确保符合不透明LSA的范围规则而对这些程序进行的必要修改。
The flooding of Opaque LSAs must follow the rules of Flooding Scope as specified in this section. Section 13 of [OSPF] describes the OSPF flooding procedure. The following describes the Opaque LSA's type-specific flooding restrictions.
不透明LSA的泛光必须遵循本节规定的泛光范围规则。[OSPF]第13节描述了OSPF注水程序。下面介绍不透明LSA的特定类型泛洪限制。
o If the Opaque LSA is type 9 (the flooding scope is link-local) and the interface that the LSA was received on is not the same as the target interface (e.g., the interface associated with a particular target neighbor), the Opaque LSA must not be flooded out that interface (or to that neighbor). An implementation should keepk track of the IP interface associated with each Opaque LSA having a link-local flooding scope.
o 如果不透明LSA为类型9(泛洪作用域为链路本地),且接收LSA的接口与目标接口(例如,与特定目标邻居关联的接口)不同,则不透明LSA不得泛洪出该接口(或该邻居)。实现应该跟踪与具有链路本地泛洪作用域的每个不透明LSA关联的IP接口。
o If the Opaque LSA is type 10 (the flooding scope is area-local) and the area associated with Opaque LSA (upon reception) is not the same as the area associated with the target interface, the Opaque LSA must not be flooded out the interface. An implementation should keep track of the OSPF area associated with each Opaque LSA having an area-local flooding scope.
o 如果不透明LSA为类型10(泛洪范围为区域局部),且与不透明LSA相关的区域(接收时)与与目标接口相关的区域不相同,则不透明LSA不得泛洪出接口。实施应跟踪与具有区域局部泛洪范围的每个不透明LSA相关联的OSPF区域。
o If the Opaque LSA is type 11 (the LSA is flooded throughout the AS) and the target interface is associated with a stub area the Opaque LSA must not be flooded out the interface. A type-11 Opaque LSA that is received on an interface associated with a stub area must be discarded and not acknowledged (the neighboring router has flooded the LSA in error).
o 如果不透明LSA为类型11(LSA在整个AS中被淹没),且目标接口与存根区域关联,则不透明LSA不得淹没接口。在与存根区域相关联的接口上接收到的11型不透明LSA必须丢弃且不被确认(相邻路由器错误地淹没了LSA)。
When opaque-capable routers and non-opaque-capable OSPF routers are mixed together in a routing domain, the Opaque LSAs are not flooded to the non-opaque-capable routers. As a general design principle, optional OSPF advertisements are only flooded to those routers that understand them.
当在路由域中将具有不透明能力的路由器和具有非不透明能力的OSPF路由器混合在一起时,不透明LSA不会淹没到具有非不透明能力的路由器。作为一般的设计原则,可选的OSPF广告只会大量出现在理解它们的路由器上。
An opaque-capable router learns of its neighbor's opaque capability at the beginning of the "Database Exchange Process" (see Section 10.6 of [OSPF], receiving Database Description packets from a neighbor in state ExStart). A neighbor is opaque-capable if and only if it sets the O-bit in the Options field of its Database Description packets; the O-bit is not set in packets other than Database Description
具有不透明能力的路由器在“数据库交换过程”开始时了解其邻居的不透明能力(参见[OSPF]第10.6节,从处于ExStart状态的邻居接收数据库描述数据包)。当且仅当邻居在其数据库描述数据包的选项字段中设置O位时,该邻居才具有不透明能力;除数据库描述外,未在数据包中设置O位
packets. Then, in the next step of the Database Exchange process, Opaque LSAs are included in the Database summary list that is sent to the neighbor (see Sections 3.2 below and 10.3 of [OSPF]) if and only if the neighbor is opaque capable.
小包。然后,在数据库交换过程的下一步中,只有当且仅当邻居具有不透明能力时,不透明LSA才会包含在发送给邻居的数据库摘要列表中(请参见下文第3.2节和[OSPF]第10.3节)。
When flooding Opaque-LSAs to adjacent neighbors, a opaque-capable router looks at the neighbor's opaque capability. Opaque LSAs are only flooded to opaque-capable neighbors. To be more precise, in Section 13.3 of [OSPF], Opaque LSAs are only placed on the link-state retransmission lists of opaque-capable neighbors. However, when send ing Link State Update packets as multicasts, a non-opaque-capable neighbor may (inadvertently) receive Opaque LSAs. The non-opaque-capable router will then simply discard the LSA (see Section 13 of [OSPF], receiving LSAs having unknown LS types).
将不透明LSA泛洪到相邻邻居时,具有不透明功能的路由器会查看邻居的不透明功能。不透明LSA仅被淹没到具有不透明功能的邻居。更准确地说,在[OSPF]的第13.3节中,不透明LSA仅放在不透明邻居的链路状态重传列表中。然而,当将链路状态更新包作为多播发送时,具有非不透明能力的邻居可能(无意中)接收不透明LSA。非不透明路由器随后将简单地丢弃LSA(参见[OSPF]第13节,接收具有未知LS类型的LSA)。
The state machine as it exists in section 10.3 of [OSPF] remains unchanged except for the action associated with State: ExStart, Event: NegotiationDone which is where the Database summary list is built. To incorporate the Opaque LSA in OSPF this action is changed to the following.
[OSPF]第10.3节中存在的状态机保持不变,但与state:ExStart、Event:NegotiationDone相关的操作除外,该操作是构建数据库摘要列表的地方。要将不透明LSA合并到OSPF中,此操作更改为以下内容。
State(s): ExStart
国家:ExStart
Event: NegotiationDone
事件:协商完成
New state: Exchange
新国家:交易所
Action: The router must list the contents of its entire area link-state database in the neighbor Database summary list. The area link-state database consists of the Router LSAs, Network LSAs, Summary LSAs and types 9 and 10 Opaque LSAs contained in the area structure, along with AS External and type-11 Opaque LSAs contained in the global structure. AS External and type-11 Opaque LSAs are omitted from a virtual neighbor's Database summary list. AS External LSAs and type-11 Opaque LSAs are omitted from the Database summary list if the area has been configured as a stub area (see Section 3.6 of [OSPF]).
措施:路由器必须在邻居数据库摘要列表中列出其整个区域链路状态数据库的内容。区域链路状态数据库包括路由器LSA、网络LSA、摘要LSA以及区域结构中包含的9型和10型不透明LSA,以及全局结构中包含的AS外部和11型不透明LSA。因为外部和11型不透明LSA从虚拟邻居的数据库摘要列表中被省略。由于外部LSA和11型不透明LSA已从数据库摘要列表中删除,如果该区域已配置为存根区域(见[OSPF]第3.6节)。
Type-9 Opaque LSAs are omitted from the Database summary list if the interface associated with the neighbor is not the interface associated with the Opaque LSA (as noted upon reception).
如果与邻居关联的接口不是与不透明LSA关联的接口(如接收时所述),则从数据库摘要列表中省略类型9不透明LSA。
Any advertisement whose age is equal to MaxAge is omitted from the Database summary list. It is instead added to the neighbor's link-state retransmission list. A summary of the Database summary list will be sent to the neighbor in Database Description packets. Each Database Description Packet has a DD sequence number, and is explicitly acknowledged. Only one Database Description Packet is allowed to be outstanding at any one time. For more detail on the sending and receiving of Database Description packets, see Sections 10.6 and 10.8 of [OSPF].
年龄等于MaxAge的任何广告都将从数据库摘要列表中忽略。而是将其添加到邻居的链路状态重传列表中。数据库摘要列表的摘要将在数据库描述数据包中发送给邻居。每个数据库描述数据包都有一个DD序列号,并被明确确认。一次只允许有一个数据库描述数据包未完成。有关发送和接收数据库描述数据包的更多详细信息,请参阅[OSPF]第10.6节和第10.8节。
The Opaque option is described herein in terms of its operation on various protocol data structures. These data structures are included for explanatory uses only, and are not intended to constrain an implementation. In addition to the data structures listed below, this specification references the various data structures (e.g., OSPF neighbors) defined in [OSPF].
本文描述了不透明选项在各种协议数据结构上的操作。这些数据结构仅用于解释用途,不用于约束实现。除了下面列出的数据结构外,本规范还引用了[OSPF]中定义的各种数据结构(例如,OSPF邻居)。
In an OSPF router, the following item is added to the list of global OSPF data structures described in Section 5 of [OSPF]:
在OSPF路由器中,以下项目添加到[OSPF]第5节中描述的全局OSPF数据结构列表中:
o Opaque capability. Indicates whether the router is running the Opaque option (i.e., capable of storing Opaque LSAs). Such a router will continue to inter-operate with non-opaque-capable OSPF routers.
o 不透明能力。指示路由器是否正在运行不透明选项(即,能够存储不透明LSA)。这种路由器将继续与具有非不透明能力的OSPF路由器相互操作。
The OSPF neighbor structure is defined in Section 10 of [OSPF]. In an opaque-capable router, the following items are added to the OSPF neighbor structure:
[OSPF]第10节定义了OSPF邻居结构。在具有不透明功能的路由器中,将以下项目添加到OSPF邻居结构中:
o Neighbor Options. This field was already defined in the OSPF specification. However, in opaque-capable routers there is a new option which indicates the neighbor's Opaque capability. This new option is learned in the Database Exchange process through reception of the neighbor's Database Description packets, and determines whether Opaque LSAs are flooded to the neighbor. For a more detailed explanation of the flooding of the Opaque LSA see section 3 of this document.
o 邻居选择。此字段已在OSPF规范中定义。然而,在具有不透明功能的路由器中,有一个新选项指示邻居的不透明功能。在数据库交换过程中,通过接收邻居的数据库描述数据包来学习这个新选项,并确定不透明LSA是否被淹没到邻居。有关不透明LSA泛洪的更详细解释,请参阅本文件第3节。
This section identifies the current OSPF MIB [OSPFMIB] capabilities that are applicable to the Opaque option and lists the additional management information which is required for its support.
本节确定了适用于不透明选项的当前OSPF MIB[OSPFMIB]功能,并列出了支持该选项所需的其他管理信息。
Opaque LSAs are types 9, 10 and 11 link-state advertisements. The link-state ID of the Opaque LSA is divided into an Opaque type field (the first 8 bits) and a type-specific ID (the remaining 24 bits). The packet format of the Opaque LSA is given in Appendix A. The range of topological distribution (i.e., the flooding scope) of an Opaque LSA is identified by its link-state type.
不透明LSA是类型9、10和11链路状态播发。不透明LSA的链路状态ID分为不透明类型字段(前8位)和特定类型ID(剩余24位)。不透明LSA的数据包格式见附录A。不透明LSA的拓扑分布范围(即泛洪范围)由其链路状态类型确定。
o Link-State type 9 Opaque LSAs have a link-local scope. Type-9 Opaque LSAs are flooded on a single local (sub)network but are not flooded beyond the local (sub)network.
o 链接状态类型9不透明LSA具有链接本地作用域。9类不透明LSA在单个本地(子)网络上被淹没,但不会淹没在本地(子)网络之外。
o Link-state type 10 Opaque LSAs have an area-local scope. Type-10 Opaque LSAs are flooded throughout a single area but are not flooded beyond the borders of the associated area.
o 链接状态类型10不透明LSA具有区域局部作用域。10型不透明LSA在整个区域内被淹没,但不会淹没在相关区域的边界之外。
o Link-state type 11 Opaque LSAs have an Autonomous-System-wide scope. The flooding scope of type-11 LSAs are equivalent to the flooding scope of AS-external (type-5) LSAs.
o 链路状态类型11不透明LSA具有自治的系统范围。11型LSA的泛洪范围相当于AS外部(5型)LSA的泛洪范围。
The OSPF MIB provides a number of objects that can be used to manage and monitor an OSPF router's Link-State Database. The ones that are relevant to the Opaque option are as follows.
OSPF MIB提供了许多对象,可用于管理和监视OSPF路由器的链路状态数据库。与不透明选项相关的选项如下所示。
The ospfGeneralGroup defines two objects for keeping track of newly originated and newly received LSAs (ospfOriginateNewLsas and ospfRxNewLsas respectively).
ospfGeneralGroup定义了两个用于跟踪新发起和新接收的LSA的对象(分别是OSPForiginateNEWLSA和OSPFRxNewLSA)。
The OSPF MIB defines a set of optional traps. The ospfOriginateLsa trap signifies that a new LSA has been originated by a router and the ospfMaxAgeLsa trap signifies that one of the LSAs in the router's link-state database has aged to MaxAge.
OSPF MIB定义了一组可选陷阱。OSPForiginatesA陷阱表示新的LSA已由路由器发起,而ospfMaxAgeLsa陷阱表示路由器链路状态数据库中的一个LSA已老化为MaxAge。
The ospfAreaTable describes the configured parameters and cumulative statistics of the router's attached areas. This table includes a count of the number of LSAs contained in the area's link-state database (ospfAreaLsaCount), and a sum of the LSA's LS checksums contained in this area (ospfAreaLsaCksumSum). This sum can be used to determine if there has been a change in a router's link-state database, and to compare the link-state database of two routers.
ospfAreaTable描述路由器连接区域的配置参数和累积统计信息。此表包括区域链路状态数据库中包含的LSA数量计数(ospfAreaLsaCount)和该区域中包含的LSA LS校验和之和(ospfAreaLsaCksumSum)。此总和可用于确定路由器的链路状态数据库中是否有更改,以及比较两个路由器的链路状态数据库。
The ospfLsdbTable describes the OSPF Process's link-state database (excluding AS-external LSAs). Entries in this table are indexed with an Area ID, a link-state type, a link-state ID and the originating router's Router ID.
ospfLsdbTable描述OSPF进程的链路状态数据库(不包括外部LSA)。此表中的条目使用区域ID、链路状态类型、链路状态ID和发起路由器的路由器ID进行索引。
The management objects that are needed to support the Opaque option are as follows.
支持不透明选项所需的管理对象如下所示。
An Opaque-option-enabled object is needed to indicate if the Opaque option is enabled on the router.
需要一个启用不透明选项的对象来指示路由器上是否启用了不透明选项。
The origination and reception of new Opaque LSAs should be reflected in the counters ospfOriginateNewLsas and ospfRxNewLsas (inclusive for types 9, 10 and 11 Opaque LSAs).
新不透明LSA的发起和接收应反映在OSPForiginateNEWLSA和OSPFRxNewLSA(包括9、10和11型不透明LSA)的计数器中。
If the OSPF trap option is supported, the origination of new Opaque LSAs and purging of MaxAge Opaque LSAs should be reflected in the ospfOriginateLsa and ospfMaxAgeLsa traps (inclusive for types 9, 10 and 11 Opaque LSAs).
如果支持OSPF陷阱选项,新不透明LSA的发起和MaxAge不透明LSA的清除应反映在OSPForiginatesA和ospfMaxAgeLsa陷阱中(包括类型9、10和11不透明LSA)。
The number of type-10 Opaque LSAs should be reflected in ospfAreaLsaCount; the checksums of type-10 Opaque LSAs should be included in ospfAreaLsaChksumSum.
10型不透明LSA的数量应反映在ospfAreaLsaCount中;类型10不透明LSA的校验和应包含在ospfAreaLsaChksumSum中。
Type-10 Opaque LSAs should be included in the ospfLsdbTable. Note that this table does not include a method of examining the Opaque type field (in the Opaque option this is a sub-field of the link-state ID).
ospfLsdbTable中应包括类型10不透明LSA。请注意,此表不包括检查不透明类型字段的方法(在不透明选项中,这是链接状态ID的子字段)。
Up until now, LSAs have not had a link-local scope so there is no method of requesting the number of, or examining the LSAs that are associated with a specific OSPF interface. A new group of management objects are required to support type-9 Opaque LSAs. These objects should include a count of type-9 Opaque LSAs, a checksum sum and a table for displaying the link-state database for type-9 Opaque LSAs on a per-interface basis. Entries in this table should be indexed with an Area ID, interface's IP address, Opaque type, link-state ID and the originating router's Router ID.
到目前为止,LSA还没有链路本地作用域,因此没有方法请求与特定OSPF接口相关联的LSA的数量或检查LSA。需要一组新的管理对象来支持9型不透明LSA。这些对象应包括9型不透明LSA的计数、校验和和以及一个表,用于在每个接口的基础上显示9型不透明LSA的链接状态数据库。此表中的条目应使用区域ID、接口的IP地址、不透明类型、链路状态ID和发起路由器的路由器ID进行索引。
Prior to the introduction of type-11 Opaque LSAs, AS-External (type-5) LSAs have been the only link-state types which have an Autonomous-System-wide scope. A new group of objects are required to support type-11 Opaque LSAs. These objects should include a count of type-11 Opaque LSAs, a type-11 checksum sum and a table for displaying the type-11 link-state database. Entries in this table should be indexed with the Opaque type, link-state ID and the
在引入11型不透明LSA之前,AS外部(5型)LSA是唯一具有自治系统范围的链路状态类型。需要一组新对象来支持类型11不透明LSA。这些对象应包括类型11不透明LSA的计数、类型11校验和和以及用于显示类型11链路状态数据库的表。应使用不透明类型、链接状态ID和
originating router's Router ID. The type-11 link-state database table will allow type-11 LSAs to be displayed once for the router rather than once in each non-stub area.
发起路由器的路由器ID。type-11链路状态数据库表将允许type-11 LSA为路由器显示一次,而不是在每个非存根区域显示一次。
There are two types of issues that need be addressed when looking at protecting routing protocols from misconfigurations and malicious attacks. The first is authentication and certification of routing protocol information. The second is denial of service attacks resulting from repetitive origination of the same router advertisement or origination a large number of distinct advertisements resulting in database overflow. Note that both of these concerns exist independently of a router's support for the Opaque option.
在研究如何保护路由协议免受错误配置和恶意攻击时,有两类问题需要解决。首先是路由协议信息的身份验证和认证。第二种是拒绝服务攻击,其原因是重复发起相同的路由器广告或发起大量不同的广告,从而导致数据库溢出。请注意,这两个问题都独立于路由器对不透明选项的支持。
To address the authentication concerns, OSPF protocol exchanges are authenticated. OSPF supports multiple types of authentication; the type of authentication in use can be configured on a per network segment basis. One of OSPF's authentication types, namely the Cryptographic authentication option, is believed to be secure against passive attacks and provide significant protection against active attacks. When using the Cryptographic authentication option, each router appends a "message digest" to its transmitted OSPF packets. Receivers then use the shared secret key and received digest to verify that each received OSPF packet is authentic.
为了解决身份验证问题,对OSPF协议交换进行身份验证。OSPF支持多种类型的认证;可以基于每个网段配置使用中的身份验证类型。OSPF的一种身份验证类型,即加密身份验证选项,被认为对被动攻击是安全的,并对主动攻击提供重要保护。当使用加密身份验证选项时,每个路由器在其传输的OSPF数据包中附加一个“消息摘要”。然后,接收器使用共享密钥和接收摘要来验证每个接收到的OSPF数据包是真实的。
The quality of the security provided by the Cryptographic authentication option depends completely on the strength of the message digest algorithm (MD5 is currently the only message digest algorithm specified), the strength of the key being used, and the correct implementation of the security mechanism in all communicating OSPF implementations. It also requires that all parties maintain the secrecy of the shared secret key. None of the standard OSPF authentication types provide confidentiality. Nor do they protect against traffic analysis. For more information on the standard OSPF security mechanisms, see Sections 8.1, 8.2, and Appendix D of [OSPF].
加密身份验证选项提供的安全性质量完全取决于消息摘要算法的强度(MD5目前是唯一指定的消息摘要算法)、所用密钥的强度以及所有通信OSPF实现中安全机制的正确实现。它还要求各方维护共享密钥的保密性。标准的OSPF身份验证类型都不提供机密性。它们也不能防止流量分析。有关标准OSPF安全机制的更多信息,请参见[OSPF]第8.1、8.2节和附录D。
[DIGI] describes the extensions to OSPF required to add digital signature authentication to Link State data and to provide a certification mechanism for router data. [DIGI] also describes the added LSA processing and key management as well as a method for migration from, or co-existence with, standard OSPF V2.
[DIGI]描述了向链路状态数据添加数字签名认证以及为路由器数据提供认证机制所需的OSPF扩展。[DIGI]还描述了添加的LSA处理和密钥管理,以及从标准OSPF V2迁移或与标准OSPF V2共存的方法。
Repetitive origination of advertisements are addressed by OSPF by mandating a limit on the frequency that new instances of any particular LSA can be originated and accepted during the flooding procedure. The frequency at which new LSA instances may be
OSPF通过强制规定在泛洪程序期间可以发起和接受任何特定LSA的新实例的频率限制来解决广告的重复发起问题。新LSA实例可能被删除的频率
originated is set equal to once every MinLSInterval seconds, whose value is 5 seconds (see Section 12.4 of [OSPF]). The frequency at which new LSA instances are accepted during flooding is once every MinLSArrival seconds, whose value is set to 1 (see Section 13, Appendix B and G.5 of [OSPF]).
初始值设置为每分钟间隔秒一次,其值为5秒(见[OSPF]第12.4节)。泛洪期间接受新LSA实例的频率为每分钟LSA到达秒一次,其值设置为1(见[OSPF]第13节附录B和G.5)。
Proper operation of the OSPF protocol requires that all OSPF routers maintain an identical copy of the OSPF link-state database. However, when the size of the link-state database becomes very large, some routers may be unable to keep the entire database due to resource shortages; we term this "database overflow". When database overflow is anticipated, the routers with limited resources can be accommodated by configuring OSPF stub areas and NSSAs. [OVERFLOW] details a way of gracefully handling unanticipated database overflows.
OSPF协议的正确运行要求所有OSPF路由器维护OSPF链路状态数据库的相同副本。然而,当链路状态数据库的大小变得非常大时,一些路由器可能由于资源短缺而无法保留整个数据库;我们称之为“数据库溢出”。当预期数据库溢出时,可以通过配置OSPF存根区域和NSSA来适应资源有限的路由器。[OVERFLOW]详细介绍了一种优雅地处理意外数据库溢出的方法。
Opaque types are maintained by the IANA. Extensions to OSPF which require a new Opaque type must be reviewed by the OSPF working group. In the event that the OSPF working group has disbanded the review shall be performed by a recommended Designated Expert.
不透明类型由IANA维护。OSPF工作组必须审查需要新不透明类型的OSPF扩展。如果OSPF工作组解散,应由推荐的指定专家进行审查。
Following the policies outlined in [IANA], Opaque type values in the range of 0-127 are allocated through an IETF Consensus action and Opaque type values in the range of 128-255 are reserved for private and experimental use.
按照[IANA]中概述的政策,0-127范围内的不透明类型值通过IETF一致行动分配,128-255范围内的不透明类型值保留供私人和实验使用。
[ARA] Coltun, R., and J. Heinanen, "The OSPF Address Resolution Advertisement Option", Work in Progress.
[ARA]Coltun,R.和J.Heinanen,“OSPF地址解析广告选项”,正在进行中。
[DEMD] Moy, J., "Extending OSPF to Support Demand Circuits", RFC 1793, April 1995.
[DEMD]Moy,J.,“扩展OSPF以支持需求电路”,RFC 1793,1995年4月。
[DIGI] Murphy, S., Badger, M., and B. Wellington, "OSPF with Digital Signatures", RFC 2154, June 1997.
[DIGI]Murphy,S.,Badger,M.,和B.Wellington,“具有数字签名的OSPF”,RFC 2154,1997年6月。
[IANA] Narten, T., and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", Work in Progress.
[IANA]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,正在进行的工作。
[MOSPF] Moy, J., "Multicast Extensions to OSPF", RFC 1584, March 1994.
[MOSPF]Moy,J.,“OSPF的多播扩展”,RFC1584,1994年3月。
[NSSA] Coltun, R., and V. Fuller, "The OSPF NSSA Option", RFC 1587, March 1994.
[NSSA]Coltun,R.和V.Fuller,“OSPF NSSA选项”,RFC 1587,1994年3月。
[OSPF] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[OSPF]Moy,J.,“OSPF版本2”,STD 54,RFC 23281998年4月。
[OSPFMIB] Baker, F., and R. Coltun, "OSPF Version 2 Management Information Base", RFC 1850, November 1995.
[OSPFMIB]Baker,F.和R.Coltun,“OSPF版本2管理信息库”,RFC 18501995年11月。
[OVERFLOW] Moy, J., "OSPF Database Overflow", RFC 1765, March 1995.
[OVERFLOW]Moy,J.,“OSPF数据库溢出”,RFC17651995年3月。
Rob Coltun FORE Systems
Rob Coltun FORE系统
Phone: (703) 245-4543 EMail: rcoltun@fore.com
电话:(703)245-4543电子邮件:rcoltun@fore.com
Appendix A: OSPF Data formats
附录A:OSPF数据格式
This appendix describes the format of the Options Field followed by the packet format of the Opaque LSA.
本附录描述了选项字段的格式以及不透明LSA的数据包格式。
The OSPF Options field is present in OSPF Hello packets, Database Description packets and all link-state advertisements. The Options field enables OSPF routers to support (or not support) optional capabilities, and to communicate their capability level to other OSPF routers. Through this mechanism routers of differing capabilities can be mixed within an OSPF routing domain.
OSPF选项字段出现在OSPF Hello数据包、数据库描述数据包和所有链路状态播发中。选项字段使OSPF路由器能够支持(或不支持)可选功能,并将其功能级别与其他OSPF路由器进行通信。通过这种机制,不同功能的路由器可以在OSPF路由域中混合使用。
When used in Hello packets, the Options field allows a router to reject a neighbor because of a capability mismatch. Alternatively, when capabilities are exchanged in Database Description packets a router can choose not to forward certain link-state advertisements to a neighbor because of its reduced functionality. Lastly, listing capabilities in link-state advertisements allows routers to forward traffic around reduced functionality routers by excluding them from parts of the routing table calculation.
当在Hello数据包中使用时,Options字段允许路由器因为功能不匹配而拒绝邻居。或者,当在数据库描述数据包中交换功能时,路由器可以选择不将某些链路状态播发转发给邻居,因为它的功能减少了。最后,在链路状态播发中列出功能允许路由器转发功能减少的路由器周围的流量,方法是将它们排除在路由表计算的部分之外。
Six bits of the OSPF Options field have been assigned, although only the O-bit is described completely by this memo. Each bit is described briefly below. Routers should reset (i.e., clear) unrecognized bits in the Options field when sending Hello packets or Database Description packets and when originating link-state advertisements. Conversely, routers encountering unrecognized Option bits in received Hello Packets, Database Description packets or link-state advertisements should ignore the capability and process the packet/advertisement normally.
OSPF选项字段的六位已分配,尽管本备忘录仅完整描述了O位。下面简要描述每个位。在发送Hello数据包或数据库描述数据包以及发起链路状态播发时,路由器应重置(即清除)选项字段中未识别的位。相反,在收到的Hello数据包、数据库描述数据包或链路状态播发中遇到无法识别的选项位的路由器应忽略该功能,并正常处理数据包/播发。
+------------------------------------+ | * | O | DC | EA | N/P | MC | E | * | +------------------------------------+
+------------------------------------+ | * | O | DC | EA | N/P | MC | E | * | +------------------------------------+
The Options Field
选项字段
E-bit This bit describes the way AS-external-LSAs are flooded, as described in Sections 3.6, 9.5, 10.8 and 12.1.2 of [OSPF].
E位该位描述了外部LSA被淹没的方式,如[OSPF]第3.6、9.5、10.8和12.1.2节所述。
MC-bit This bit describes whether IP multicast datagrams are forwarded according to the specifications in [MOSPF].
MC位该位描述是否根据[MOSPF]中的规范转发IP多播数据报。
N/P-bit This bit describes the handling of Type-7 LSAs, as specified in [NSSA].
N/P位该位描述了[NSSA]中规定的7型LSA的处理。
DC-bit This bit describes the router's handling of demand circuits, as specified in [DEMD].
DC位该位描述了[DEMD]中规定的路由器对需求电路的处理。
EA-bit This bit describes the router's willingness to receive and forward External-Attributes-LSAs, as specified in [EAL].
EA位该位描述路由器接收和转发外部属性LSA的意愿,如[EAL]中所述。
O-bit This bit describes the router's willingness to receive and forward Opaque-LSAs as specified in this document.
O位该位描述路由器是否愿意接收和转发本文件中规定的不透明LSA。
Opaque LSAs are Type 9, 10 and 11 link-state advertisements. These advertisements may be used directly by OSPF or indirectly by some application wishing to distribute information throughout the OSPF domain. The function of the Opaque LSA option is to provide for future extensibility of OSPF.
不透明LSA是类型9、10和11链路状态广告。这些广告可以由OSPF直接使用,也可以由希望在整个OSPF域中分发信息的某些应用程序间接使用。不透明LSA选项的功能是提供OSPF未来的可扩展性。
Opaque LSAs contain some number of octets (of application-specific data) padded to 32-bit alignment. Like any other LSA, the Opaque LSA uses the link-state database distribution mechanism for flooding this information throughout the topology. However, the Opaque LSA has a flooding scope associated with it so that the scope of flooding may be link-local (type 9), area-local (type 10) or the entire OSPF routing domain (type 11). Section 3 of this document describes the flooding procedures for the Opaque LSA.
不透明LSA包含一定数量的八位字节(特定于应用程序的数据),填充为32位对齐。与任何其他LSA一样,不透明LSA使用链路状态数据库分发机制在整个拓扑中传播此信息。然而,不透明LSA具有与其相关联的泛洪范围,使得泛洪范围可以是链路本地(类型9)、区域本地(类型10)或整个OSPF路由域(类型11)。本文件第3节描述了不透明LSA的泛洪程序。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | Options | 9, 10 or 11 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Opaque Type | Opaque ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Opaque Information | + + | ... |
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | Options | 9, 10 or 11 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Opaque Type | Opaque ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Opaque Information | + + | ... |
Link-State Type
链路状态类型
The link-state type of the Opaque LSA identifies the LSA's range of topological distribution. This range is referred to as the Flooding Scope. The following explains the flooding scope of each of the link-state types.
不透明LSA的链接状态类型标识LSA的拓扑分布范围。该范围称为泛洪范围。下面解释了每种链路状态类型的泛洪范围。
o A value of 9 denotes a link-local scope. Opaque LSAs with a link-local scope are not flooded beyond the local (sub)network.
o 值9表示链接本地范围。具有链路本地作用域的不透明LSA不会淹没在本地(子)网络之外。
o A value of 10 denotes an area-local scope. Opaque LSAs with a area-local scope are not flooded beyond the area that they are originated into.
o 值10表示区域局部范围。具有区域局部范围的不透明LSA不会淹没在其发源区域之外。
o A value of 11 denotes that the LSA is flooded throughout the Autonomous System (e.g., has the same scope as type-5 LSAs). Opaque LSAs with AS-wide scope are not flooded into stub areas.
o 值11表示LSA在整个自治系统中被淹没(例如,与5型LSA具有相同的范围)。具有同样宽范围的不透明LSA不会淹没到存根区域。
Syntax Of The Opaque LSA's Link-State ID
不透明LSA的链接状态ID的语法
The link-state ID of the Opaque LSA is divided into an Opaque Type field (the first 8 bits) and an Opaque ID (the remaining 24 bits). See section 7.0 of this document for a description of Opaque type allocation and assignment.
不透明LSA的链路状态ID分为不透明类型字段(前8位)和不透明ID(其余24位)。有关不透明类型分配和分配的说明,请参见本文件第7.0节。
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。