Network Working Group P. Murphy Request for Comments: 3101 US Geological Survey Obsoletes: 1587 January 2003 Category: Standards Track
Network Working Group P. Murphy Request for Comments: 3101 US Geological Survey Obsoletes: 1587 January 2003 Category: Standards Track
The OSPF Not-So-Stubby Area (NSSA) Option
OSPF非短截图区域(NSSA)选项
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
This memo documents an optional type of Open Shortest Path First (OSPF) area that is somewhat humorously referred to as a "not-so-stubby" area (or NSSA). NSSAs are similar to the existing OSPF stub area configuration option but have the additional capability of importing AS external routes in a limited fashion.
本备忘录记录了一种可选的开放式最短路径优先(OSPF)区域,该区域被幽默地称为“不那么短的”区域(或NSSA)。NSSA与现有OSPF存根区域配置选项类似,但具有以有限方式作为外部路由导入的附加功能。
The OSPF NSSA Option was originally defined in RFC 1587. The functional differences between this memo and RFC 1587 are explained in Appendix F. All differences, while expanding capability, are backward-compatible in nature. Implementations of this memo and of RFC 1587 will interoperate.
OSPF NSSA选项最初在RFC 1587中定义。附录F解释了本备忘录与RFC 1587之间的功能差异。在扩展功能的同时,所有差异本质上都是向后兼容的。本备忘录和RFC1587的实施将互操作。
Table Of Contents
目录
1.0 Overview ................................................. 2 1.1 Motivation - Transit Networks ......................... 2 1.2 Motivation - Corporate Networks ....................... 4 1.3 Proposed Solution ..................................... 5 2.0 NSSA Intra-Area Implementation Details ................... 7 2.1 The N-bit ............................................. 7 2.2 Type-7 Address Ranges ................................. 7 2.3 Type-7 LSAs ........................................... 8 2.4 Originating Type-7 LSAs ............................... 9 2.5 Calculating Type-7 AS External Routes ................. 10 2.6 Incremental Updates ................................... 14 2.7 Optionally Importing Summary Routes ................... 14 3.0 Intra-AS Implementation Details .......................... 15 3.1 Type-7 Translator Election ............................ 15 3.2 Translating Type-7 LSAs into Type-5 LSAs .............. 16 3.3 Flushing Translated Type-7 LSAs ....................... 19 4.0 Security Considerations .................................. 20 5.0 Acknowledgements ......................................... 21 6.0 Contributors ............................................. 22 7.0 References ............................................... 22 Appendix A: The Options Field ................................ 23 Appendix B: Router-LSAs ...................................... 24 Appendix C: Type-7 LSA Packet Format ......................... 26 Appendix D: Configuration Parameters ......................... 27 Appendix E: The P-bit Policy Paradox ......................... 28 Appendix F: Differences from RFC 1587 ........................ 30 Author's Addresses ........................................... 32 Full Copyright Statement ..................................... 33
1.0 Overview ................................................. 2 1.1 Motivation - Transit Networks ......................... 2 1.2 Motivation - Corporate Networks ....................... 4 1.3 Proposed Solution ..................................... 5 2.0 NSSA Intra-Area Implementation Details ................... 7 2.1 The N-bit ............................................. 7 2.2 Type-7 Address Ranges ................................. 7 2.3 Type-7 LSAs ........................................... 8 2.4 Originating Type-7 LSAs ............................... 9 2.5 Calculating Type-7 AS External Routes ................. 10 2.6 Incremental Updates ................................... 14 2.7 Optionally Importing Summary Routes ................... 14 3.0 Intra-AS Implementation Details .......................... 15 3.1 Type-7 Translator Election ............................ 15 3.2 Translating Type-7 LSAs into Type-5 LSAs .............. 16 3.3 Flushing Translated Type-7 LSAs ....................... 19 4.0 Security Considerations .................................. 20 5.0 Acknowledgements ......................................... 21 6.0 Contributors ............................................. 22 7.0 References ............................................... 22 Appendix A: The Options Field ................................ 23 Appendix B: Router-LSAs ...................................... 24 Appendix C: Type-7 LSA Packet Format ......................... 26 Appendix D: Configuration Parameters ......................... 27 Appendix E: The P-bit Policy Paradox ......................... 28 Appendix F: Differences from RFC 1587 ........................ 30 Author's Addresses ........................................... 32 Full Copyright Statement ..................................... 33
Wide-area transit networks often have connections to moderately complex "leaf" sites. A leaf site may have multiple IP network numbers assigned to it. Typically, one of the leaf site's networks is directly connected to a router provided and administered by the transit network while the others are distributed throughout and administered by the site. From the transit network's perspective, all of the network numbers associated with the site make up a single "stub" entity. For example, BBN Planet has one site composed of a class-B network, 130.57.0.0, and a class-C network, 192.31.114.0. From BBN Planet's perspective, this configuration looks something like the diagram on the next page, where the "cloud" consists of the subnets of 130.57 and network 192.31.114, all of which are learned by RIP on router BR18.
广域运输网络通常连接到中等复杂的“叶”站点。一个叶站点可能有多个IP网络号分配给它。通常,叶站点的一个网络直接连接到由传输网络提供和管理的路由器,而其他网络则分布在整个站点并由站点管理。从公交网络的角度来看,与站点相关联的所有网络编号构成一个“存根”实体。例如,BBN Planet有一个站点由B类网络130.57.0.0和C类网络192.31.114.0组成。从BBN Planet的角度来看,此配置类似于下一页的图表,其中“云”由130.57和192.31.114的子网组成,所有这些都是通过路由器BR18上的RIP学习的。
192.31.114 | (cloud) -------------- 130.57.4 | | ------ 131.119.13 ------ |BR18|------------|BR10| ------ ------ | V to BBN Planet "core" OSPF system
192.31.114 | (cloud) -------------- 130.57.4 | | ------ 131.119.13 ------ |BR18|------------|BR10| ------ ------ | V to BBN Planet "core" OSPF system
Topologically, this cloud looks very much like an OSPF stub area. The advantages of running the cloud as an OSPF stub area are:
从拓扑结构上看,该云看起来非常像OSPF存根区域。将云作为OSPF存根区域运行的优点是:
1. External routes learned from OSPF's Type-5 AS-external-LSAs are not advertised beyond the router labeled "BR10". This is advantageous because the link between BR10 and BR18 may be a low-speed link or the router BR18 may have limited resources.
1. 从OSPF的Type-5中学习的外部路由作为外部LSA不会在标记为“BR10”的路由器之外进行广告。这是有利的,因为BR10和BR18之间的链路可能是低速链路,或者路由器BR18可能具有有限的资源。
2. The transit network is abstracted to the "leaf" router BR18 by advertising only a default route across the link between BR10 and BR18.
2. 通过在BR10和BR18之间的链路上仅公布默认路由,公交网络被抽象为“叶”路由器BR18。
3. The cloud becomes a single, manageable "leaf" with respect to the transit network.
3. 相对于公交网络,云成为一个单一的、可管理的“叶子”。
4. The cloud can become, logically, a part of the transit network's OSPF routing system.
4. 从逻辑上讲,云可以成为公交网络OSPF路由系统的一部分。
However, the original definition of the OSPF protocol (See [OSPF]) imposes topological limitations that restrict simple cloud topologies from becoming OSPF stub areas. In particular, it is illegal for a stub area to import routes external to OSPF; thus it is not possible for routers BR18 and BR10 to both be members of the stub area and to import into OSPF as Type-5 AS-external-LSAs routes learned from RIP or other IP routing protocols. In order to run OSPF out to BR18, BR18 must be a member of a non-stub area or the OSPF backbone before it can import routes other than its directly connected network(s). Since it is not acceptable for BR18 to maintain all of BBN Planet's Type-5 AS external routes, BBN Planet is forced by OSPF's topological limitations to only run OSPF out to BR10 and to run RIP between BR18 and BR10.
然而,OSPF协议的原始定义(参见[OSPF])施加了拓扑限制,限制简单的云拓扑成为OSPF存根区域。特别是,存根区输入OSPF外部的路由是非法的;因此,路由器BR18和BR10不可能既是存根区域的成员,也不可能作为从RIP或其他IP路由协议学习到的外部LSA路由类型5导入OSPF。为了将OSPF输出到BR18,BR18必须是非存根区域或OSPF主干的成员,然后才能导入其直接连接网络以外的路由。由于BR18不能将所有BBN Planet的5型线路作为外部线路进行维护,因此受OSPF拓扑限制,BBN Planet只能将OSPF输出至BR10,并在BR18和BR10之间运行RIP。
In a corporate network that supports a large corporate infrastructure it is not uncommon for its OSPF domain to have a complex non-zero area infrastructure that injects large routing tables into its Area 0 backbone. Organizations within the corporate infrastructure may routinely multi-home their non-zero OSPF areas to strategically located Area 0 backbone routers, either to provide backbone redundancy or to increase backbone connectivity or both. Because of these large routing tables, OSPF aggregation via summarization is routinely used and recommended. Stub areas are also recommended to keep the size of the routing tables of non-backbone routers small. Organizations within the corporation are administratively autonomous and compete for corporate backbone resources. They also want isolation from each other in order to protect their own network resources within the organization.
在支持大型企业基础设施的企业网络中,其OSPF域具有复杂的非零区域基础设施(将大型路由表注入其0区域主干)的情况并不少见。公司基础设施内的组织可以定期将其非零OSPF区域多址到战略位置的0区主干路由器,以提供主干冗余或增加主干连接,或两者兼而有之。由于这些大型路由表,通常使用并推荐通过摘要进行OSPF聚合。还建议使用存根区域,以保持非主干路由器路由表的大小较小。公司内部的组织在管理上是自主的,并在竞争公司骨干资源。他们还希望彼此隔离,以保护组织内自己的网络资源。
Consider the typical example configuration shown below where routers A1, B1 and A2, B2 are connected to Area 1 and Area 2 respectively, and where routers A0 and B0 are Area 0 border routers that connect to both Area 1 and Area 2. Assume the 192.168.192/20 and 192.168.208/22 clouds are subnetted with a protocol different from the corporate OSPF instance. These other protocols could be RIP, IGRP, or second and third OSPF instances separate from the corporate OSPF backbone instance.
考虑下面所示的典型示例配置,其中路由器A1、B1和A2、B2分别连接到区域1和区域2,其中路由器A0和B0是连接到区域1和区域2的区域0边界路由器。假设192.168.192/20和192.168.208/22云使用不同于公司OSPF实例的协议进行子网连接。这些其他协议可以是RIP、IGRP或与公司OSPF主干实例分离的第二和第三个OSPF实例。
Area 1 and Area 2 would like to be stub areas to minimize the size of their link state databases. It is also desirable to originate two aggregated external advertisements for the subnets of 192.168.192/20 and 192.168.208/22 in such a way that the preferred path to 192.168.192/20 is through A0 and the preferred path to 192.168.208/22 is through B0.
区域1和区域2希望成为存根区域,以最小化其链路状态数据库的大小。还希望以这样的方式为192.168.192/20和192.168.208/22的子网发起两个聚合的外部广告,即到192.168.192/20的优选路径通过A0,到192.168.208/22的优选路径通过B0。
+---A0------Area 0 cloud------B0---+ | | | | | | | | | |T1 56kbs| | 56kbs| | | |T1 | | | | | | Area 1 cloud | | | A1-----192.168.192/20-----B1 | | | +---A2 B2---+ | | | Area 2 cloud | +-----192.168.208/22------+
+---A0------Area 0 cloud------B0---+ | | | | | | | | | |T1 56kbs| | 56kbs| | | |T1 | | | | | | Area 1 cloud | | | A1-----192.168.192/20-----B1 | | | +---A2 B2---+ | | | Area 2 cloud | +-----192.168.208/22------+
The current standard OSPF stub area has no mechanism to support the redistribution of routes for the subnets of 192.168.192/20 and 192.168.208/22 within a stub area or the ability to aggregate a range of external routes in any OSPF area. Any solution to this dilemma must also honor Area 1's path of choice to 192.168.192/20 through A0 with redundancy through B0 while at the same time honoring Area 2's path of choice to 192.168.208/20 through B0 with redundancy through A0.
当前的标准OSPF存根区域没有机制支持存根区域内192.168.192/20和192.168.208/22子网的路由重新分配,也没有能力在任何OSPF区域聚合一系列外部路由。解决这一困境的任何方案还必须尊重区域1到192.168.192/20到A0的选择路径,通过B0实现冗余,同时尊重区域2到192.168.208/20到B0的选择路径,通过A0实现冗余。
This document describes a new optional type of OSPF area, somewhat humorously referred to as a "not-so-stubby" area (or NSSA), which has the capability of importing external routes in a limited fashion.
本文档描述了一种新的可选OSPF区域类型,有点幽默地称为“不那么短的”区域(或NSSA),它能够以有限的方式导入外部路由。
The OSPF specification defines two general classes of area configuration. The first allows Type-5 LSAs to be flooded throughout the area. In this configuration, Type-5 LSAs may be originated by routers internal to the area or flooded into the area by area border routers. These areas, referred to herein as Type-5 capable areas (or just plain areas in the OSPF specification), are distinguished by the fact that they can carry transit traffic. The backbone is always a Type-5 capable area. The second type of area configuration, called stub, does not allow Type-5 LSAs to be propagated into/throughout the area and instead depends on default routing to external destinations.
OSPF规范定义了两类通用的区域配置。第一种方法允许5型LSA淹没整个区域。在该配置中,类型5 lsa可由该区域内部的路由器发起,或由区域边界路由器涌入该区域。这些区域在本文中称为5类功能区域(或OSPF规范中的普通区域),其区别在于它们可以承载过境交通。主干网始终是具有5型能力的区域。第二种类型的区域配置称为存根,不允许将类型5 LSA传播到区域中或整个区域,而是取决于到外部目标的默认路由。
NSSAs are defined in much the same manner as existing stub areas. To support NSSAs, a new option bit (the "N" bit) and a new type of LSA (Type-7) are defined. The "N" bit ensures that routers belonging to an NSSA agree on its configuration. Similar to the stub area's use of the "E" bit, both NSSA neighbors must agree on the setting of the "N" bit or the OSPF neighbor adjacency will not form.
NSSA的定义方式与现有存根区域基本相同。为了支持NSSA,定义了一个新的选项位(“N”位)和一个新的LSA类型(类型7)。“N”位确保属于NSSA的路由器同意其配置。与存根区域使用“E”位类似,两个NSSA邻居必须就“N”位的设置达成一致,否则不会形成OSPF邻居邻接。
Type-7 LSAs provide for carrying external route information within an NSSA. Type-7 LSAs have virtually the same syntax as Type-5 LSAs with the obvious exception of the link-state type. (See section 2.3 for more details.) Both LSAs are considered a type of OSPF AS-external-LSA. There are two major semantic differences between Type-5 LSAs and Type-7 LSAs.
7类LSA用于在NSSA内承载外部路线信息。类型-7 LSA与类型-5 LSA的语法几乎相同,但链接状态类型明显不同。(详见第2.3节)两种LSA都被视为OSPF的一种类型,即外部LSA。第5类LSA和第7类LSA之间有两个主要的语义差异。
o Type-7 LSAs may be originated by and advertised throughout an NSSA; as with stub areas, Type-5 LSAs are not flooded into NSSAs and do not originate there.
o 7类LSA可由NSSA发起并在整个NSSA中发布;与存根区域一样,5型LSA不会淹没在NSSA中,也不会从那里产生。
o Type-7 LSAs are advertised only within a single NSSA; they are not flooded into the backbone area or any other area by border routers, though the information that they contain may be propagated into the backbone area. (See Section 3.2.)
o 7类LSA仅在单个NSSA内发布;它们不会被边界路由器淹没到主干区域或任何其他区域,尽管它们包含的信息可能会传播到主干区域。(见第3.2节。)
In order to allow limited exchange of external information across an NSSA border, NSSA border routers will translate selected Type-7 LSAs received from the NSSA into Type-5 LSAs. These Type-5 LSAs will be flooded to all Type-5 capable areas. NSSA border routers may be configured with address ranges so that multiple Type-7 LSAs may be aggregated into a single Type-5 LSA. The NSSA border routers that perform translation are configurable. In the absence of a configured translator one is elected.
为了允许跨NSSA边界有限地交换外部信息,NSSA边界路由器将从NSSA接收的选定的7类LSA转换为5类LSA。这些5型LSA将被淹没到所有5型区域。NSSA边界路由器可配置有地址范围,以便多个7型LSA可聚合为单个5型LSA。执行转换的NSSA边界路由器是可配置的。如果没有配置的转换器,则选择一个。
In addition, an NSSA border router should originate a default LSA (IP network is 0.0.0.0/0) into the NSSA. Default routes are necessary because NSSAs do not receive full routing information and must have a default route in order to route to AS-external destinations. Like stub areas, NSSAs may be connected to the Area 0 backbone at more than one NSSA border router, but may not be used as a transit area. Note that a Type-7 default LSA originated by an NSSA border router is never translated into a Type-5 LSA, however, a Type-7 default LSA originated by an NSSA internal AS boundary router (one that is not an NSSA border router) may be translated into a Type-5 LSA.
此外,NSSA边界路由器应向NSSA发起默认LSA(IP网络为0.0.0.0/0)。默认路由是必需的,因为NSSA不接收完整的路由信息,并且必须具有默认路由才能作为外部目的地路由到。与存根区域一样,NSSA可以连接到多个NSSA边界路由器上的区域0主干,但不能用作传输区域。请注意,由NSSA边界路由器发起的7型默认LSA从未转换为5型LSA,但是,由NSSA内部AS边界路由器(非NSSA边界路由器)发起的7型默认LSA可转换为5型LSA。
Like stub areas, NSSA border routers optionally import summary routes into their NSSAs as Type-3 summary-LSAs. If the import is disabled, particular care should be taken to ensure that summary routing is not obscured by an NSSA's Type-7 AS-external-LSAs. This may happen when the AS's other IGPs, like RIP and ISIS, leak routing information into the NSSA. In these cases all summary routes should be imported into the NSSA. The recommended default behavior is to import summary routes into NSSAs. Since Type-5 AS-external-LSAs are not flooded into NSSAs, NSSA border routers should not originate Type-4 summary-LSAs into their NSSAs. Also an NSSA's border routers never originate Type-4 summary-LSAs for the NSSA's AS boundary routers, since Type-7 AS-external-LSAs are never flooded beyond the NSSA's border.
与存根区域类似,NSSA边界路由器可以选择将摘要路由作为类型3摘要LSA导入其NSSA。如果禁用导入,则应特别注意确保摘要路由不会被NSSA的7型外部LSA遮挡。当AS的其他IGP(如RIP和ISIS)将路由信息泄漏到NSSA时,可能会发生这种情况。在这些情况下,应将所有汇总路线导入NSSA。建议的默认行为是将摘要路由导入NSSA。由于5型AS外部LSA不会涌入NSSA,NSSA边界路由器不应将4型摘要LSA发起到其NSSA中。此外,NSSA的边界路由器从不为NSSA的AS边界路由器生成类型4摘要LSA,因为类型7 AS外部LSA从不淹没在NSSA边界之外。
When summary routes are not imported into an NSSA, the default LSA originated into it by its border routers must be a Type-3 summary-LSA. This default summary-LSA insures intra-AS connectivity to the rest of the OSPF domain, as its default summary route is preferred over the default route of a Type-7 default LSA. Without a default summary route the OSPF domain's inter-area traffic, which is normally forwarded by summary routes, might exit the AS via the default route of a Type-7 default LSA originated by an NSSA internal router. The Type-7 default LSAs originated by NSSA internal routers and the no-summary option are mutually exclusive features. When summary routes are imported into the NSSA, the default LSA originated by a NSSA border router into the NSSA should be a Type-7 LSA.
当摘要路由未导入NSSA时,由其边界路由器发起的默认LSA必须是类型3摘要LSA。此默认摘要LSA确保与OSPF域其余部分的AS内连接,因为其默认摘要路由优于7型默认LSA的默认路由。如果没有默认摘要路由,OSPF域的区域间流量(通常由摘要路由转发)可能会通过NSSA内部路由器发起的7型默认LSA的默认路由退出AS。由NSSA内部路由器发起的7型默认LSA和“无摘要”选项是相互排斥的功能。将摘要路由导入NSSA时,NSSA边界路由器向NSSA发起的默认LSA应为7型LSA。
In our transit topology example the subnets of 130.57 and network 192.31.114 will still be learned by RIP on router BR18, but now both
在我们的传输拓扑示例中,130.57和网络192.31.114的子网仍将由路由器BR18上的RIP学习,但现在两者都学习
BR10 and BR18 can be in an NSSA and all of BBN Planet's external routes are hidden from BR18; BR10 becomes an NSSA border router and BR18 becomes an AS boundary router internal to the NSSA. BR18 will import the subnets of 130.57 and network 192.31.114 as Type-7 LSAs into the NSSA. BR10 then translates these routes into Type-5 LSAs and floods them into BBN Planet's backbone.
BR10和BR18可以在NSSA中,BBN Planet的所有外部路线都对BR18隐藏;BR10成为NSSA边界路由器,BR18成为NSSA内部的AS边界路由器。BR18将130.57和192.31.114的子网作为7类LSA导入NSSA。然后,BR10将这些路线转换为5型LSA,并将其淹没到BBN星球的主干中。
In our corporate topology example if Area 1 and Area 2 are NSSAs the external paths to the subnets of the address ranges 192.168.192/20 and 192.168.208/22 can be redistributed as Type-7 LSAs throughout Area 1 and Area 2 respectively, and then aggregated during the translation process into separate Type-5 LSAs that are flooded into Area 0. A0 may be configured as Area 1's translator even though B0 is the translator of Area 2.
在我们的公司拓扑示例中,如果区域1和区域2是NSSA,则地址范围为192.168.192/20和192.168.208/22的子网的外部路径可以分别作为7型LSA重新分布到整个区域1和区域2,然后在转换过程中聚合为单独的5型LSA,这些LSA被淹没到区域0中。A0可以配置为区域1的转换器,即使B0是区域2的转换器。
The N-bit ensures that all members of an NSSA agree on the area's configuration. Together, the N-bit and E-bit reflect an interface's (and consequently the interface's associated area) external LSA flooding capability. As explained in [OSPF] Section 10.5, if Type-5 LSAs are not flooded into/throughout the area, the E-bit must be clear in the option field of the received Hello packets. Interfaces associated with an NSSA will not send or receive Type-5 LSAs on that interface but may send and receive Type-7 LSAs. Therefore, if the N-bit is set in the options field, the E-bit must be clear.
N位确保NSSA的所有成员都同意该区域的配置。N位和E位共同反映了接口(以及接口的相关区域)的外部LSA泛洪能力。如[OSPF]第10.5节所述,如果5型LSA未淹没到该区域内/整个区域内,则接收到的Hello数据包的选项字段中必须清除E位。与NSSA关联的接口不会在该接口上发送或接收5型LSA,但可以发送和接收7型LSA。因此,如果在选项字段中设置了N位,则E位必须清除。
To support the NSSA option an additional check must be made in the function that handles the receiving of the Hello packet to verify that both the N-bit and the E-bit found in the Hello packet's option field match the area type and ExternalRoutingCapability of the area of the receiving interface. A mismatch in the options causes processing of the received Hello packet to stop and the packet to be dropped.
为了支持NSSA选项,必须在处理Hello数据包接收的函数中进行额外检查,以验证Hello数据包选项字段中的N位和E位是否与接收接口区域的区域类型和外部路由能力相匹配。选项中的不匹配会导致停止对接收到的Hello数据包的处理,并丢弃该数据包。
NSSA border routers may be configured with Type-7 address ranges. Each Type-7 address range is defined as an [address,mask] pair. Many separate Type-7 networks may fall into a single Type-7 address range, just as a subnetted network is composed of many separate subnets. NSSA border routers may aggregate Type-7 routes by advertising a single Type-5 LSA for each Type-7 address range. The Type-5 LSA resulting from a Type-7 address range match will be distributed to all Type-5 capable areas. Section 3.2 details how Type-5 LSAs are generated from Type-7 address ranges.
NSSA边界路由器可配置7类地址范围。每个Type-7地址范围定义为[address,mask]对。许多独立的7型网络可能属于单一的7型地址范围,正如子网网络由许多独立的子网组成一样。NSSA边界路由器可以通过为每个类型7地址范围发布单个类型5 LSA来聚合类型7路由。7型地址范围匹配产生的5型LSA将分配到所有5型功能区域。第3.2节详细说明了如何从7类地址范围生成5类LSA。
A Type-7 address range includes the following configurable items.
7类地址范围包括以下可配置项。
o An [address,mask] pair.
o [地址、掩码]对。
o A status indication of either Advertise or DoNotAdvertise.
o 播发或不播发的状态指示。
o An external route tag.
o 外部路由标记。
External routes are imported into NSSAs as Type-7 LSAs by NSSA AS boundary routers. An NSSA AS boundary router (ASBR) is a router that has an interface associated with the NSSA and is exchanging routing information with routers belonging to another AS. Like OSPF ASBRs, an NSSA router indicates it is an NSSA ASBR by setting the E-bit in its router-LSA. As with Type-5 LSAs a separate Type-7 LSA is originated for each destination network. To support NSSAs the link-state database must therefore be expanded to contain Type-7 LSAs.
外部路由由NSSA作为边界路由器作为7型LSA导入NSSA。NSSA AS边界路由器(ASBR)是具有与NSSA相关联的接口并与属于另一AS的路由器交换路由信息的路由器。与OSPF ASBR一样,NSSA路由器通过在其路由器LSA中设置E位来指示它是NSSA ASBR。与5型LSA一样,为每个目的地网络生成一个单独的7型LSA。为了支持NSSA,链路状态数据库必须扩展为包含7型LSA。
Type-7 LSAs are identical to Type-5 LSAs except for the following (see [OSPF] Section 12.4.4, "AS external links").
7型LSA与5型LSA相同,但以下情况除外(见[OSPF]第12.4.4节“作为外部链路”)。
1. The Type field in the LSA header is 7.
1. LSA标头中的类型字段为7。
2. Type-7 LSAs are only flooded within the originating NSSA. The flooding of Type-7 LSAs follows the same rules as the flooding of Type-1 and Type-2 LSAs.
2. 7型LSA仅在原始NSSA内淹没。7型LSA的泛洪与1型和2型LSA的泛洪遵循相同的规则。
3. Type-7 LSAs are only listed within the OSPF area data structures of their respective NSSAs, making them area specific. Type-5 LSAs, which are flooded to all Type-5 capable areas, have global scope and are listed in the OSPF protocol data structure.
3. 7类LSA仅在其各自NSSA的OSPF区域数据结构中列出,使其具有区域特定性。5型LSA覆盖所有5型区域,具有全局范围,并在OSPF协议数据结构中列出。
4. NSSA border routers select which Type-7 LSAs are translated into Type-5 LSAs and flooded into the OSPF domain's transit topology.
4. NSSA边界路由器选择将哪些7型LSA转换为5型LSA,并淹没到OSPF域的传输拓扑中。
5. Type-7 LSAs have a propagate (P) bit that, when set, tells an NSSA border router to translate a Type-7 LSA into a Type-5 LSA.
5. 7型LSA有一个传播(P)位,当设置该位时,它会告诉NSSA边界路由器将7型LSA转换为5型LSA。
6. Those Type-7 LSAs that are to be translated into Type-5 LSAs must have their forwarding address set.
6. 要转换为5型LSA的7型LSA必须设置其转发地址。
Type-5 LSAs that are translations of Type-7 LSAs copy the Type-7 LSAs' non-zero forwarding addresses. Only those Type-5 LSAs that are aggregations of Type-7 LSAs may have 0.0.0.0 as a forwarding address. (See Section 3.2 for details.) Non-zero forwarding addresses produce efficient inter-area routing to an NSSA's AS external destinations when it has multiple border routers. Also the non-zero forwarding addresses of Type-7 LSAs ease the process of their translation into Type-5 LSAs, as NSSA border routers are not required to compute them.
作为7型LSA翻译的5型LSA复制7型LSA的非零转发地址。只有属于7类LSA聚合的5类LSA才能将0.0.0.0作为转发地址。(详情请参见第3.2节。)当NSSA有多个边界路由器时,非零转发地址会产生到作为外部目的地的NSSA的有效区域间路由。此外,7型LSA的非零转发地址简化了将其转换为5型LSA的过程,因为NSSA边界路由器不需要计算它们。
Normally the next hop address of an installed AS external route learned by an NSSA ASBR from an adjacent AS points at one of the adjacent AS's gateway routers. If this address belongs to a network connected to the NSSA ASBR via one of its NSSAs' active interfaces, then the NSSA ASBR copies this next hop address into the forwarding address field of the route's Type-7 LSA that is originated into this NSSA, as is currently done with Type-5 LSAs. (See [OSPF] Section 12.4.4.1.) For an NSSA with no such network the forwarding address field may only be filled with an address from one of the its active interfaces or 0.0.0.0. If the P-bit is set, the forwarding address must be non-zero; otherwise it may be 0.0.0.0. If an NSSA requires the P-bit be set and a non-zero forwarding address is unavailable, then the route's Type-7 LSA is not originated into this NSSA.
通常,NSSA ASBR从相邻AS的网关路由器上的相邻AS点读入的已安装AS外部路由的下一跳地址。如果此地址属于通过NSSA的一个活动接口连接到NSSA ASBR的网络,则NSSA ASBR会将此下一跳地址复制到源于此NSSA的路由的7型LSA的转发地址字段中,就像当前对5型LSA所做的那样。(参见[OSPF]第12.4.4.1节。)对于无此类网络的NSSA,转发地址字段只能用来自其一个活动接口或0.0.0.0的地址填充。如果设置了P位,则转发地址必须为非零;否则,它可能是0.0.0.0。如果NSSA要求设置P位且非零转发地址不可用,则路由的7型LSA不会起源于此NSSA。
When a router is forced to pick a forwarding address for a Type-7 LSA, preference should be given first to the router's internal addresses (provided internal addressing is supported). If internal addresses are not available, preference should be given to the router's active OSPF stub network addresses. These choices avoid the possible extra hop that may happen when a transit network's address is used. When the interface whose IP address is the LSA's forwarding address transitions to a Down state (see [OSPF] Section 9.3), the router must select a new forwarding address for the LSA and then re-originate it. If one is not available the LSA should be flushed.
当路由器被迫为7型LSA选择转发地址时,应首先优先考虑路由器的内部地址(前提是支持内部寻址)。如果内部地址不可用,则应优先考虑路由器的活动OSPF存根网络地址。这些选择避免了使用公交网络地址时可能发生的额外跳数。当IP地址为LSA转发地址的接口转换为关闭状态时(参见[OSPF]第9.3节),路由器必须为LSA选择一个新的转发地址,然后重新发起该地址。如果一个不可用,则应刷新LSA。
The metrics and path types of Type-5 LSAs are directly comparable with the metrics and path types of Type-7 LSAs.
5型LSA的指标和路径类型与7型LSA的指标和路径类型直接可比。
NSSA AS boundary routers may only originate Type-7 LSAs into NSSAs. An NSSA internal AS boundary router must set the P-bit in the LSA header's option field of any Type-7 LSA whose network it wants advertised into the OSPF domain's full transit topology. The LSAs of these networks must have a valid non-zero forwarding address. If the P-bit is clear the LSA is not translated into a Type-5 LSA by NSSA border routers.
NSSA AS边界路由器只能向NSSA发起7型LSA。NSSA内部AS边界路由器必须在任何类型7 LSA的LSA报头选项字段中设置P位,其网络要播发到OSPF域的全传输拓扑中。这些网络的LSA必须具有有效的非零转发地址。如果P位清除,则NSSA边界路由器不会将LSA转换为5型LSA。
When an NSSA border router originates both a Type-5 LSA and a Type-7 LSA for the same network, then the P-bit must be clear in the Type-7 LSA so that it isn't translated into a Type-5 LSA by another NSSA border router. If the border router only originates a Type-7 LSA, it may set the P-bit so that the network may be aggregated/propagated during Type-7 translation. If an NSSA's border router originates a Type-5 LSA with a forwarding address from the NSSA, it should also originate a Type-7 LSA into the NSSA. If two NSSA routers, both reachable from one another over the NSSA, originate functionally equivalent Type-7 LSAs (i.e., same destination, cost and non-zero forwarding address), then the router having the least preferred LSA should flush its LSA. (See [OSPF] Section 12.4.4.1.) Preference between two Type-7 LSAs is determined by the following tie breaker rules:
当NSSA边界路由器为同一网络同时发起5型LSA和7型LSA时,P位必须在7型LSA中清除,以便不会被另一个NSSA边界路由器转换为5型LSA。如果边界路由器仅发起类型7 LSA,则它可以设置P位,以便在类型7转换期间聚合/传播网络。如果NSSA的边界路由器使用来自NSSA的转发地址发起一个5型LSA,那么它还应该向NSSA发起一个7型LSA。如果两个NSSA路由器(都可以通过NSSA彼此访问)发起功能等效的7类LSA(即,相同的目的地、成本和非零转发地址),则具有最不首选LSA的路由器应刷新其LSA。(参见[OSPF]第12.4.4.1节。)两个7型LSA之间的优先顺序由以下连接断路器规则决定:
1. An LSA with the P-bit set is preferred over one with the P-bit clear.
1. 具有P位设置的LSA优于具有P位清除的LSA。
2. If the P-bit settings are the same, the LSA with the higher router ID is preferred.
2. 如果P位设置相同,则首选路由器ID较高的LSA。
A Type-7 default LSA for the network 0.0.0.0/0 may be originated into the NSSA by any NSSA router. The Type-7 default LSA originated by an NSSA border router must have the P-bit clear. An NSSA ASBR that is not an NSSA border router may originate a Type-7 default LSA with the P-bit set. A Type-7 default LSA may be installed by NSSA border routers if and only if its P-bit is set. (See Appendix E.)
网络0.0.0.0/0的7型默认LSA可由任何NSSA路由器发送到NSSA。由NSSA边界路由器发起的7型默认LSA必须清除P位。非NSSA边界路由器的NSSA ASBR可使用P位集发起7型默认LSA。NSSA边界路由器可安装7型默认LSA,前提是且仅当其P位已设置。(见附录E)
NSSA border routers must originate an LSA for the default destination into all their directly attached NSSAs in order to support intra-AS routing and inter-AS routing. This default destination is advertised in either a Type-3 LSA or a Type-7 LSA, as described in Section 2.7. The default LSA's metric should be configurable. For Type-7 default LSAs, the metric type (1 or 2) should also be configurable.
NSSA边界路由器必须为其所有直接连接的NSSA发起默认目的地的LSA,以支持内部AS路由和内部AS路由。如第2.7节所述,在3型LSA或7型LSA中公布该默认目的地。默认LSA的度量应该是可配置的。对于类型7默认LSA,度量类型(1或2)也应该是可配置的。
This calculation must be run when Type-7 LSAs are processed during the AS external route calculation. This calculation may process Type-5 LSAs, but it is written that way only for comparison sake.
当AS外部路线计算期间处理7类LSA时,必须运行此计算。此计算可能会处理5型LSA,但这样编写只是为了比较。
Non-default Type-7 LSAs with the P-bit clear may be installed in the OSPF routing table of NSSA border routers. Since these LSAs are not propagated throughout the OSPF domain, traffic that originates external to an NSSA and that passes through one of the NSSA's border routers may be unexpectedly diverted into the NSSA. (See Appendix E.)
NSSA边界路由器的OSPF路由表中可以安装P位清除的非默认7型LSA。由于这些LSA不会在整个OSPF域中传播,因此从NSSA外部发起并通过NSSA边界路由器之一的流量可能会意外地转移到NSSA中。(见附录E)
An NSSA border router should examine both Type-5 LSAs and Type-7 LSAs if either Type-5 or Type-7 routes need to be updated or recalculated. This is done as part of the AS external route calculation. An NSSA internal router should examine Type-7 LSAs when Type-7 routes need to be recalculated.
如果需要更新或重新计算5型或7型路由,NSSA边界路由器应检查5型LSA和7型LSA。这是作为外部路线计算的一部分进行的。当需要重新计算7型路由时,NSSA内部路由器应检查7型LSA。
What follows is only a modest modification of [OSPF] Section 16.4. Original paragraphs are tagged with [OSPF]. Paragraphs with minor changes are tagged with ~[OSPF]. Paragraphs specific to NSSA are tagged with [NSSA].
以下仅是对[OSPF]第16.4节的适度修改。原始段落标记为[OSPF]。有细微变化的段落标记为~[OSPF]。特定于NSSA的段落标有[NSSA]。
AS external routes are calculated by examining AS-external-LSAs, be they Type-5 or Type-7. Each of the AS-external-LSAs is considered in turn. Most AS-external-LSAs describe routes to specific IP destinations. An AS-external-LSA can also describe a default route for the Autonomous System (Destination ID = DefaultDestination, network/subnet mask = 0x00000000). For each AS-external-LSA: ~[OSPF]
由于外部路线是通过检查外部LSA来计算的,因此可以是5型或7型。依次考虑每个AS外部LSA。大多数AS外部LSA描述到特定IP目的地的路由。AS外部LSA还可以描述自治系统的默认路由(目的地ID=DefaultDestination,网络/子网掩码=0x00000000)。对于每个AS外部LSA:~[OSPF]
(1) If the metric specified by the LSA is LSInfinity, or if the age of the LSA equals MaxAge, then examine the next LSA. [OSPF]
(1) 如果LSA指定的度量是LSInfinity,或者LSA的年龄等于MaxAge,则检查下一个LSA。[OSPF]
(2) If the LSA was originated by the calculating router itself, examine the next LSA. [OSPF]
(2) 如果LSA是由计算路由器本身发起的,请检查下一个LSA。[OSPF]
(3) Call the destination described by the LSA N. N's address is obtained by masking the LSA's Link State ID with the network/subnet mask contained in the body of the LSA. Look up the routing table entries that match the LSA's type for the AS boundary router (ASBR) that originated the LSA. For a Type-5 LSA, routing table entries may only be selected from each attached Type-5 capable area. Since the flooding scope of a Type-7 LSA is restricted to the originating NSSA, the routing table entry of its ASBR must be found in the originating NSSA. If no entries exist for the ASBR (i.e. the ASBR is unreachable over the transit topology for a Type-5 LSA, or, for a Type-7 LSA, it is unreachable over the LSA's originating NSSA), do nothing with this LSA and consider the next in the list. [NSSA]
(3) 呼叫LSA N描述的目的地。N的地址是通过使用LSA主体中包含的网络/子网掩码屏蔽LSA的链路状态ID获得的。查找与发起LSA的AS边界路由器(ASBR)的LSA类型匹配的路由表条目。对于5型LSA,只能从每个连接的5型功能区域中选择路由表条目。由于7型LSA的泛洪范围仅限于原始NSSA,因此其ASBR的路由表条目必须在原始NSSA中找到。如果ASBR中没有条目(即ASBR在Type -5 LSA的传输拓扑上是不可达的,或者对于7型LSA来说,在LSA发起的NSSA上是不可达的),对LSA不做任何事情,并考虑列表中的下一个。[NSSA]
Else if the destination is a Type-7 default route (destination ID = DefaultDestination) and one of the following is true, then do nothing with this LSA and consider the next in the list:
否则,如果目的地是Type -7默认路由(TestId= Debug TestDestand),下面的一个是真的,那么对LSA不做任何事情,并考虑列表中的下一个:
o The calculating router is a border router and the LSA has its P-bit clear. Appendix E describes a technique whereby an NSSA border router installs a Type-7 default LSA without propagating it.
o 计算路由器是边界路由器,LSA有其P位清除。附录E描述了NSSA边界路由器在不传播的情况下安装7型默认LSA的技术。
o The calculating router is a border router and is suppressing the import of summary routes as Type-3 summary-LSAs. [NSSA]
o 计算路由器是边界路由器,正在禁止将摘要路由作为类型3摘要LSA导入。[NSSA]
Else, this LSA describes an AS external path to destination N. Examine the forwarding address specified in the AS-external-LSA. This indicates the IP address to which packets for the destination should be forwarded. [OSPF]
否则,此LSA将描述到目标N的AS外部路径。请检查AS外部LSA中指定的转发地址。这表示目标的数据包应转发到的IP地址。[OSPF]
If the forwarding address is set to 0.0.0.0 then packets should be sent to the ASBR itself. If the LSA is Type-5, from among the multiple non-NSSA routing table entries for the ASBR (both NSSA and non-NSSA ASBR entries might exists on an NSSA border router), select the preferred entry as follows: ~[OSPF]
如果转发地址设置为0.0.0.0,则应将数据包发送至ASBR本身。如果LSA为Type-5,则从ASBR的多个非NSSA路由表条目(NSSA边界路由器上可能存在NSSA和非NSSA ASBR条目)中选择首选条目,如下所示:~[OSPF]
If RFC1583Compatibility is set to "disabled", prune the set of routing table entries for the ASBR as described in OSPF Section 16.4.1. In any case, among the remaining routing table entries, select the routing table entry with the least cost; when there are multiple least cost routing table entries the entry whose associated area has the largest OSPF Area ID (when considered as an unsigned 32-bit integer) is chosen. [OSPF]
如果RFC1583兼容性设置为“禁用”,请按照OSPF第16.4.1节中的说明修剪ASBR的路由表项集。在任何情况下,在剩余的路由表条目中,选择成本最低的路由表条目;当存在多个最低成本路由表条目时,将选择其关联区域具有最大OSPF区域ID(当被视为无符号32位整数时)的条目。[OSPF]
Since a Type-7 LSA only has area-wide flooding scope, when its forwarding address is set to 0.0.0.0, its ASBR's routing table entry must be chosen from the originating NSSA. Here no pruning is necessary since this entry always contains non-backbone intra-area paths. [NSSA]
由于7型LSA仅具有区域范围的泛洪作用域,当其转发地址设置为0.0.0.0时,其ASBR的路由表条目必须从原始NSSA中选择。这里不需要修剪,因为此条目始终包含非主干区域内路径。[NSSA]
If the forwarding address is non-zero look up the forwarding address in the routing table. For a Type-5 LSA the matching routing table entry must specify an intra-area or inter-area path through a Type-5 capable area. For a Type-7 LSA the matching routing table entry must specify an intra-area path through the LSA's originating NSSA. If no such path exists
如果转发地址非零,请在路由表中查找转发地址。对于5型LSA,匹配的路由表条目必须指定通过5型可用区域的区域内或区域间路径。对于7型LSA,匹配的路由表条目必须指定通过LSA的原始NSSA的区域内路径。如果不存在这样的路径
then do nothing with this LSA and consider the next in the list. [NSSA]
然后对这个LSA什么也不做,考虑下一个列表。[NSSA]
(4) Let X be the cost specified by the preferred routing table entry for the ASBR/forwarding address, and Y the cost specified in the LSA. X is in terms of the link state metric, and Y is a type 1 or 2 external metric. [OSPF]
(4) 设X为ASBR/转发地址的首选路由表项指定的成本,Y为LSA中指定的成本。X表示链路状态度量,Y表示类型1或2外部度量。[OSPF]
(5) Now, look up the routing table entry for the destination N. If no entry exists for N, install the AS external path to N, with the next hop equal to the list of next hops to the ASBR/forwarding address, and advertising router equal to the ASBR. If the external metric type is 1, then the path-type is set to Type-1 external and the cost is equal to X + Y. If the external metric type is 2, the path-type is set to Type-2 external, the link-state component of the route's cost is X, and the type 2 cost is Y. [OSPF]
(5) 现在,查找目的地N的路由表条目。如果不存在目的地N的条目,请将AS外部路径安装到N,下一个跃点等于ASBR/转发地址的下一个跃点列表,广告路由器等于ASBR。如果外部度量类型为1,则路径类型设置为类型1外部,成本等于X+Y。如果外部度量类型为2,则路径类型设置为类型2外部,路由成本的链路状态分量为X,类型2成本为Y。[OSPF]
(6) Otherwise compare the AS external path described by the LSA with the existing paths in N's routing table entry. If the new path is preferred, it replaces the present paths in N's routing table entry. If the new path is of equal preference, it is added to the present paths in N's routing table entry. [OSPF]
(6) 否则,将LSA描述的AS外部路径与N的路由表条目中的现有路径进行比较。如果首选新路径,它将替换N的路由表条目中的当前路径。如果新路径具有相同的首选项,则会将其添加到N的路由表条目中的当前路径中。[OSPF]
Preference is defined as follows:
优先权的定义如下:
(a) Intra-area and inter-area paths are always preferred over AS external paths. [OSPF]
(a) 区域内和区域间路径始终优先于外部路径。[OSPF]
(b) Type 1 external paths are always preferred over type 2 external paths. When all paths are type 2 external paths, the paths with the smallest advertised type 2 metric are always preferred. [OSPF]
(b) 类型1外部路径始终优于类型2外部路径。当所有路径都是类型2外部路径时,始终首选具有最小播发类型2度量的路径。[OSPF]
(c) If the new AS external path is still indistinguishable from the current paths in N's routing table entry, and RFC1583Compatibility is set to "disabled", select the preferred paths based on the intra-AS paths to the ASBR/forwarding addresses, as specified in Section 16.4.1. Here intra-NSSA paths are equivalent to the intra-area paths of non-backbone regular OSPF areas. [NSSA]
(c) 如果新的AS外部路径与N的路由表条目中的当前路径仍然无法区分,并且RFC1583兼容性设置为“禁用”,则根据ASBR/转发地址的AS内部路径选择首选路径,如第16.4.1节所述。这里,内部NSSA路径等效于非主干常规OSPF区域的区域内路径。[NSSA]
(d) If the new AS external path is still indistinguishable from the current paths in N's routing table entry, select the preferred path based on a least cost comparison. Type 1 external paths are compared by looking at the sum of the distance to the ASBR/forwarding addresses and the advertised type 1 metric (X+Y). Type 2 external paths advertising equal type 2 metrics are compared by looking at the distance to the ASBR/forwarding addresses. ~[OSPF]
(d) 如果新的AS外部路径与N的路由表条目中的当前路径仍然无法区分,请基于最小成本比较选择首选路径。通过查看到ASBR/转发地址的距离和播发的类型1度量(X+Y)的总和,比较类型1外部路径。通过查看到ASBR/转发地址的距离,比较类型2外部路径和类型2度量~[OSPF]
(e) If the current LSA is functionally the same as an installed LSA (i.e., same destination, cost and non-zero forwarding address) then apply the following priorities in deciding which LSA is preferred:
(e) 如果当前LSA在功能上与已安装的LSA相同(即,相同的目的地、成本和非零转发地址),则在决定首选哪个LSA时应用以下优先级:
1. A Type-7 LSA with the P-bit set.
1. 具有P位集的7型LSA。
2. A Type-5 LSA.
2. 5型LSA。
3. The LSA with the higher router ID.
3. 具有较高路由器ID的LSA。
[NSSA]
[NSSA]
Incremental updates for Type-7 LSAs should be treated the same as incremental updates for Type-5 LSAs (see [OSPF] Section 16.6). When a new instance of a Type-7 LSA is received it is not necessary to recalculate the entire routing table. Call the destination described by the Type-7 LSA N. N's address is obtained by masking the LSA's Link State ID with the network/subnet mask contained in the body of the LSA. If there is already an intra-area or inter-area route to the destination, no recalculation is necessary (internal routes take precedence).
7类LSA的增量更新应与5类LSA的增量更新相同(见[OSPF]第16.6节)。当收到7型LSA的新实例时,无需重新计算整个路由表。呼叫类型7 LSA N描述的目的地。N的地址是通过使用LSA主体中包含的网络/子网掩码屏蔽LSA的链路状态ID获得的。如果已存在到目的地的区域内或区域间路由,则无需重新计算(内部路由优先)。
Otherwise, the procedure in the preceding section will have to be performed but only for the external routes (Type-5 and Type-7) whose destination is N. Before this procedure is performed, the present routing table entry for N should be invalidated.
否则,必须执行上一节中的程序,但仅适用于目的地为N的外部路由(类型5和类型7)。在执行此程序之前,N的当前路由表条目应无效。
In order for OSPF's summary routing to not be obscured by an NSSA's Type-7 AS-external-LSAs, all NSSA border router implementations must support the optional import of summary routes into NSSAs as Type-3 summary-LSAs. The default behavior is to import summary routes. A new area configuration parameter, ImportSummaries, is defined in Appendix D. When ImportSummaries is set to enabled, summary routes
为了使OSPF的摘要路由不会被NSSA的7类外部LSA所掩盖,所有NSSA边界路由器实施必须支持可选地将摘要路由作为3类摘要LSA导入NSSA。默认行为是导入摘要路由。附录D中定义了一个新的区域配置参数ImportSummaries。当ImportSummaries设置为enabled时,汇总路由
are imported. When it is set to disabled, summary routes are not imported. The default setting is enabled.
都是进口的。如果将其设置为禁用,则不会导入摘要路由。默认设置已启用。
When OSPF's summary routes are not imported, the default LSA originated by an NSSA border router into the NSSA should be a Type-3 summary-LSA. This protects the NSSA from routing intra-AS traffic out the AS via the default route of a Type-7 default LSA originating from one of the NSSA's internal routers. When summary routes are imported into the NSSA, the default LSA originated by an NSSA border router must not be a Type-3 summary-LSA; otherwise its default route would be chosen over the potentially more preferred default routes of Type-7 default LSAs.
当OSPF的摘要路由未导入时,NSSA边界路由器向NSSA发起的默认LSA应为类型3摘要LSA。这可以保护NSSA不通过源自NSSA内部路由器之一的7型默认LSA的默认路由将AS内流量路由到AS外。将摘要路由导入NSSA时,NSSA边界路由器发起的默认LSA不得为3类摘要LSA;否则,将选择其默认路由,而不是可能更首选的7型默认LSA默认路由。
It is not recommended that multiple NSSA border routers perform Type-7 to Type-5 translation unless it is required to route packets efficiently through Area 0 to an NSSA partitioned by Type-7 address ranges. It is normally sufficient to have only one NSSA border router perform the translation. Excessive numbers of Type-7 translators unnecessarily increase the size of the OSPF link state data base.
不建议多个NSSA边界路由器执行类型7到类型5的转换,除非需要高效地将数据包通过区域0路由到按类型7地址范围划分的NSSA。通常只有一个NSSA边界路由器执行转换就足够了。过多的7型转换器不必要地增加了OSPF链路状态数据库的大小。
A new area configuration parameter, NSSATranslatorRole, is defined in Appendix D. It specifies whether or not an NSSA router will unconditionally translate Type-7 LSAs to Type-5 LSAs when acting as an NSSA border router. Configuring the identity of the translator can be used to bias the routing to aggregated destinations. When NSSATranslatorRole is set to Always, Type-7 LSAs are always translated regardless of the translator state of other NSSA border routers. When NSSATranslatorRole is set to Candidate an NSSA border router will participate in the translator election process described below.
附录D中定义了一个新的区域配置参数NSSATranslatorRole。该参数指定了NSSA路由器在充当NSSA边界路由器时是否会无条件地将7类LSA转换为5类LSA。配置转换器的标识可用于将路由偏向聚合目的地。当NSSATranslatorRole设置为Always时,无论其他NSSA边界路由器的转换器状态如何,类型7 LSA始终被转换。当NSSATranslatorRole设置为候选时,NSSA边界路由器将参与下面描述的转换器选择过程。
A new area parameter, NSSATranslatorState, is maintained in an NSSA's OSPF area data structure. By default all NSSA routers initialize NSSATranslatorState to disabled. When an NSSA border router's NSSATranslatorState changes from disabled to either enabled or elected, it begins translating the NSSA's Type-7 LSAs into Type-5 LSAs. When its NSSATranslatorState changes from either enabled or elected to disabled, it ceases translating the NSSA's Type-7 LSAs into Type-5 LSAs. (See paragraphs below.)
NSSA的OSPF区域数据结构中维护了一个新的区域参数NSSATTranslatorState。默认情况下,所有NSSA路由器将NSSATTranslatorState初始化为禁用。当NSSA边界路由器的NSSATTranslatorState从禁用变为启用或选择时,它开始将NSSA的7型LSA转换为5型LSA。当其NSSATTranslatorState从启用或选择更改为禁用时,它将停止将NSSA的7类LSA转换为5类LSA。(见下文各段。)
A new bit, Nt, is defined for the router-LSAs of NSSAs. (See Appendix B.) By default routers clear bit Nt when originating router-LSAs. However, when an NSSA border router has its
为NSSA的路由器LSA定义了一个新位Nt。(见附录B。)默认情况下,路由器在发起路由器LSA时清除位Nt。但是,当NSSA边界路由器具有
NSSATranslatorState enabled, it sets bit Nt in the router-LSA it originates into the NSSA. An NSSA router whose NSSATranslatorRole is set to Always should re-originate a router-LSA into the NSSA whenever its NSSATranslatorState changes.
NSSATTranslatorState已启用,它在它发起到NSSA的路由器LSA中设置位Nt。NSSATranslatorRole设置为“始终”的NSSA路由器应在其NSSATranslatorState更改时将路由器LSA重新发起到NSSA中。
When an NSSA router with the NSSA's NSSATranslatorRole set to Always attains border router status, it should change NSSATranslatorState from disabled to enabled. When it loses border router status, it should change NSSATranslatorState from enabled to disabled.
当NSSA的NSSATranslatorRole设置为“始终”的NSSA路由器达到边界路由器状态时,它应将NSSATranslatorState从禁用更改为启用。当失去边界路由器状态时,应将NSSATTranslatorState从启用更改为禁用。
All NSSA border routers must set the E-bit in the Type-1 router-LSAs of their directly attached non-stub areas, even when they are not translating. This allows other NSSA border routers to see their ASBR status across the AS's transit topology. Failure to do so may cause the election algorithm to elect unnecessary translators. Every NSSA border router is a potential translator.
所有NSSA边界路由器必须在其直接连接的非存根区域的1型路由器LSA中设置E位,即使它们不转换。这允许其他NSSA边界路由器跨AS的传输拓扑查看其ASBR状态。否则,可能会导致选择算法选择不必要的翻译人员。每个NSSA边界路由器都是一个潜在的转换器。
An NSSA border router whose NSSA's NSSATranslatorRole is set to Candidate must maintain a list of the NSSA's border routers that are reachable both over the NSSA and as ASBRs over the AS's transit topology. Any change in this list, or to the Nt bit settings of members of this list, causes the NSSA border router to reevaluate its NSSATranslatorState. If there exists another border router in this list whose router-LSA has bit Nt set or who has a higher router ID, then its NSSATranslatorState is disabled. Otherwise its NSSATranslatorState is elected.
如果NSSA的NSSATranslatorRole设置为候选,则NSSA边界路由器必须维护NSSA边界路由器的列表,这些路由器可以通过NSSA和as的传输拓扑通过as ASBR访问。此列表或此列表成员的Nt位设置的任何更改都会导致NSSA边界路由器重新评估其NSSATTranslatorState。如果此列表中存在另一个边界路由器,其路由器LSA已设置位Nt或具有更高的路由器ID,则其NSSATTranslatorState将被禁用。否则,其NSSATTranslatorState将当选。
An elected translator will continue to perform translation duties until supplanted by a reachable NSSA border router whose Nt bit is set or whose router ID is greater. Such an event may happen when an NSSA router with NSSATranslatorRole set to Always regains border router status, or when a partitioned NSSA becomes whole. If an elected translator determines its services are no longer required, it continues to perform its translation duties for the additional time interval defined by a new area configuration parameter, TranslatorStabilityInterval. This minimizes excessive flushing of translated Type-7 LSAs and provides for a more stable translator transition. The default value for the TranslatorStabilityInterval parameter has been defined as 40 seconds. (See Appendix D.)
选出的翻译人员将继续履行翻译职责,直到被设置了Nt位或路由器ID更大的可到达NSSA边界路由器取代。当NSSATranslatorRole设置为“始终”的NSSA路由器恢复边界路由器状态时,或者当分区的NSSA变为完整时,可能会发生此类事件。如果选定的翻译器确定不再需要其服务,它将在新的区域配置参数TranslatorStabilityInterval定义的额外时间间隔内继续执行其翻译职责。这最大限度地减少了翻译的7型LSA的过度刷新,并提供了更稳定的翻译转换。TranslatorStabilityInterval参数的默认值已定义为40秒。(见附录D)
This step is performed as part of the NSSA's Dijkstra calculation after Type-5 and Type-7 routes have been calculated. If the calculating router is currently not an NSSA border router translator, then this translation algorithm should be skipped. Only installed
在计算了5型和7型路线后,该步骤作为NSSA Dijkstra计算的一部分执行。如果计算路由器当前不是NSSA边界路由器转换器,则应跳过此转换算法。仅安装
Type-7 LSAs and those non-default Type-7 LSAs originated by the router itself should be examined. Locally sourced Type-7 LSAs should be processed first.
应检查7型LSA和由路由器本身发起的非默认7型LSA。应首先处理本地采购的7类LSA。
Note that it is possible for a Type-5 LSA generated by translation to supplant a Type-5 LSA originating from a local OSPF external source. Future reoriginations of the locally sourced Type-5 LSA should be suppressed until the Type-5 LSA generated by translation is flushed.
请注意,通过翻译生成的5型LSA可以取代源自本地OSPF外部源的5型LSA。在清除翻译生成的5型LSA之前,应抑制本地来源的5型LSA的未来重新排序。
A Type-7 LSA and a Type-7 address range best match one another if there does not exist a more specific Type-7 address range that contains the LSA's network. For each eligible Type-7 LSA perform the following:
如果不存在包含LSA网络的更具体的7型地址范围,则7型LSA和7型地址范围最匹配。对于每个合格的7型LSA,执行以下操作:
(1) If the Type-7 LSA has the P-bit clear, or its forwarding address is set to 0.0.0.0, or the most specific Type-7 address range that subsumes the LSA's network has DoNotAdvertise status, then do nothing with this Type-7 LSA and consider the next one in the list. Otherwise term the LSA as translatable and proceed with step (2).
(1) 如果类型-7 LSA具有P位清除,或者其转发地址被设置为0.0.0.0,或者包含LSA网络的最特定的7型地址范围已经不显示状态,则不使用该类型-7 LSA,并考虑列表中的下一个。否则,将LSA称为可翻译,并继续执行步骤(2)。
(2) If the Type-7 LSA is not contained in any explicitly configured Type-7 address range and the calculating router has the highest router ID amongst NSSA translators that have originated a functionally equivalent Type-5 LSA (i.e. same destination, cost and non-zero forwarding address) and that are reachable over area 0 and the NSSA, then a Type-5 LSA should be generated if there is currently no Type-5 LSA originating from this router corresponding to the Type-7 LSA's network, or there is an existing Type-5 LSA and either it corresponds to a local OSPF external source whose path type and metric is less preferred (see Section 2.5 step (6), parts (b) and (d)), or it doesn't and the Type-5 LSA's path type or cost(s) have changed (See Section 2.5 step (5)) or the forwarding address no longer maps to a translatable Type-7 LSA.
(2) 如果7型LSA不包含在任何明确配置的7型地址范围内,并且计算路由器在NSSA转换器中具有最高的路由器ID,该转换器已生成功能上等效的5型LSA(即相同的目的地、成本和非零转发地址),并且可通过区域0和NSSA访问,然后,如果当前没有来自该路由器的与7型LSA网络相对应的5型LSA,或者存在一个现有的5型LSA,并且它对应于路径类型和度量不太优选的本地OSPF外部源,则应生成5型LSA(参见第2.5节步骤(6),第(b)和(d)部分),或者它没有,并且Type-5 LSA的路径类型或成本已经改变(参见第2.5节步骤(5)),或者转发地址不再映射到可翻译的Type-7 LSA。
The newly originated Type-5 LSA will describe the same network and have the same network mask, path type, metric, forwarding address and external route tag as the Type-7 LSA. The advertising router field will be the router ID of this NSSA border router. The link-state ID is equal to the LSA's network address (in the case of multiple originations of Type-5 LSAs with the same network address but different mask, the link-state ID can also have one or more of the network's "host" bits set).
新推出的5型LSA将描述与7型LSA相同的网络,并具有相同的网络掩码、路径类型、度量、转发地址和外部路由标记。广告路由器字段将是此NSSA边界路由器的路由器ID。链路状态ID等于LSA的网络地址(如果5型LSA的多个发端具有相同的网络地址但掩码不同,链路状态ID还可以设置一个或多个网络“主机”位)。
(3) Else the Type-7 LSA must be aggregated by the most specific Type-7 address range that subsumes it. If this Type-7 address range has the same [address,mask] pair as the LSA's network and no other translatable Type-7 LSA with a different network best matches this range, then flag the LSA as not contained in any explicitly configured Type-7 address range and process the LSA as described in step (2). Otherwise compute the path type and metric for this Type-7 address range as described below.
(3) 否则,必须按照包含它的最具体的7型地址范围来聚合7型LSA。如果此7型地址范围与LSA的网络具有相同的[address,mask]对,并且没有其他具有不同网络的可翻译7型LSA与此范围最匹配,则将LSA标记为不包含在任何明确配置的7型地址范围中,并按照步骤(2)中所述处理LSA。否则,请按如下所述计算此type-7地址范围的路径类型和度量。
The path type and metric of the Type-7 address range is determined from the path types and metrics of those translatable Type-7 LSAs that best match the range plus any locally sourced Type-5 LSAs whose network has the same [address,mask] pair. If any of these LSAs have a path type of 2, the range's path type is 2, otherwise it is 1. If the range's path type is 1 its metric is the highest cost amongst these LSAs; if the range's path type is 2 its metric is the highest Type-2 cost + 1 amongst these LSAs. (See Section 2.5 step (5).) 1 is added to the Type-2 cost to ensure that the translated Type-5 LSA does not appear closer on the NSSA border than a translatable Type-7 LSA whose network has the same [address,mask] pair and Type-2 cost.
7型地址范围的路径类型和度量由最匹配该范围的可翻译7型LSA的路径类型和度量加上其网络具有相同[地址,掩码]对的任何本地来源的5型LSA确定。如果其中任何LSA的路径类型为2,则范围的路径类型为2,否则为1。如果范围的路径类型为1,则其度量是这些LSA中的最高成本;如果范围的路径类型为2,则其度量是这些LSA中最高的2类成本+1。(参见第2.5节第(5)步)1添加到类型2成本中,以确保翻译后的类型5 LSA不会比网络具有相同[地址、掩码]对和类型2成本的可翻译类型7 LSA更靠近NSSA边界。
A Type-5 LSA is generated from the Type-7 address range when there is currently no Type-5 LSA originated by this router whose network has the same [address,mask] pair as the range or there is but either its path type or metric has changed or its forwarding address is non-zero.
当当前没有由该路由器发起的类型5 LSA(其网络具有与该范围相同的[address,mask]对)或存在,但其路径类型或度量已更改或其转发地址非零时,从类型7地址范围生成类型5 LSA。
The newly generated Type-5 LSA will have a link-state ID equal to the Type-7 address range's address (in the case of multiple originations of Type-5 LSAs with the same network address but different mask, the link-state ID can also have one or more of the range's "host" bits set). The advertising router field will be the router ID of this area border router. The network mask and the external route tag are set to the range's configured values. The forwarding address is set to 0.0.0.0. The path type and metric are set to the range's path type and metric as defined and computed above.
新生成的5型LSA的链路状态ID将等于7型地址范围的地址(如果5型LSA的多个发端具有相同的网络地址但掩码不同,链路状态ID还可以设置一个或多个范围的“主机”位)。广告路由器字段将是此区域边界路由器的路由器ID。网络掩码和外部路由标记设置为范围的配置值。转发地址设置为0.0.0.0。路径类型和度量设置为上述定义和计算的范围的路径类型和度量。
The pending processing of other translation eligible Type-7 LSAs that best match this Type-7 address range is suppressed. Thus at most a single Type-5 LSA is originated for each Type-7 address range.
禁止对与此7型地址范围最匹配的其他符合转换条件的7型LSA进行挂起处理。因此,对于每个7型地址范围,最多只能产生一个5型LSA。
For example, given a Type-7 address range of [10.0.0.0, 255.0.0.0] that subsumes the following Type-7 routes:
例如,给定7型地址范围[10.0.0.0255.0.0.0],包含以下7型路由:
10.1.0.0/24 path type 1, cost 10 10.2.0.0/24 path type 1, cost 11 10.3.0.0/24 path type 2, type 2 cost 5
10.1.0.0/24路径类型1,成本为10.2.0.0/24路径类型1,成本为11 10.3.0.0/24路径类型2,成本为5
a Type-5 LSA would be generated with a path type of 2 and a metric 6.
将生成路径类型为2、度量为6的5型LSA。
Given a Type-7 address range of [10.0.0.0, 255.0.0.0] that subsumes the following Type-7 routes:
给定7型地址范围[10.0.0.0,255.0.0.0],包含以下7型路由:
10.1.0.0/24 path type 1, cost 10 10.2.0.0/24 path type 1, cost 11 10.3.0.0/24 path type 1, cost 5
10.1.0.0/24路径类型1,成本10 10.2.0.0/24路径类型1,成本11 10.3.0.0/24路径类型1,成本5
a Type-5 LSA will be generated with a path type of 1 and a metric 11.
将生成5类LSA,路径类型为1,度量为11。
These Type-7 address range metric and path type rules will avoid routing loops in the event that path types 1 and 2 are both used within the area.
如果在区域内同时使用路径类型1和2,这些类型7地址范围度量和路径类型规则将避免路由循环。
As with all newly originated Type-5 LSAs, a Type-5 LSA that is the result of a Type-7 LSA translation or aggregation is flooded to all attached Type-5 capable areas.
与所有新创建的5型LSA一样,7型LSA转换或聚合产生的5型LSA被淹没到所有连接的5型能力区域。
Like Type-3 address ranges, a Type-7 address range performs the dual function of setting propagation policy via its Advertise/DoNotAdvertise parameter and aggregation via its network address and mask pair. Unlike the origination of Type-3 summary-LSAs, the translation of a Type-7 LSA into a Type-5 LSA may result in more efficient routing when the forwarding address is set, as is done during step (2) of the translation procedure.
与类型3地址范围类似,类型7地址范围执行双重功能,即通过其Advertise/DoNotAdvertise参数设置传播策略,并通过其网络地址和掩码对进行聚合。与类型3摘要LSA的起源不同,当设置转发地址时,将类型7 LSA转换为类型5 LSA可能会导致更有效的路由,就像在转换过程的步骤(2)中所做的那样。
Another important feature of this translation process is that it allows a Type-7 address range to apply different properties (aggregation, forwarding address, and Advertise/DoNotAdvertise status) for the Type-7 routes it subsumes, versus those Type-7 routes subsumed by other more specific Type-7 address ranges contained in the Type-7 address range.
此转换过程的另一个重要特征是,它允许7型地址范围为其包含的7型路由应用不同的属性(聚合、转发地址和播发/完成播发状态),与7型地址范围中包含的其他更具体的7型地址范围所包含的7型路由相比。
If an NSSA border router has either translated or aggregated an installed Type-7 LSA into a Type-5 LSA that should no longer be translated or aggregated, then the Type-5 LSA should either be flushed or reoriginated as a translation or aggregation of other Type-7 LSAs.
如果NSSA边界路由器已将已安装的7型LSA转换或聚合为不应再转换或聚合的5型LSA,则应将5型LSA刷新或重新排序为其他7型LSA的转换或聚合。
If an NSSA border router is translating Type-7 LSA's into Type-5 LSA's with NSSATranslatorState set to elected and the NSSA border router has determined that its translator election status has been deposed by another NSSA border router (see Section 3.1), then, as soon as the TranslatorStabilityInterval has expired without the router reelecting itself as a translator, Type-5 LSAs that are generated by aggregating Type-7 LSAs into their best matched Type-7 address ranges (see Section 3.2, Step (3)) are flushed. Conversely Type-5 LSAs generated by translating Type-7 LSAs are not immediately flushed, but are allowed to remain in the OSPF routing domain as if the originator is still an elected translator. This minimizes the flushing and flooding impact on the transit topology of an NSSA that changes its translators frequently.
如果NSSA边界路由器正在将类型7 LSA转换为类型5 LSA,且NSSATranslatorState设置为Selected,且NSSA边界路由器已确定其转换器选择状态已被另一个NSSA边界路由器撤销(见第3.1节),则,一旦TranslatorStabilityInterval过期而路由器没有将自身重新选为转换器,通过将类型7 LSA聚合到其最佳匹配的类型7地址范围(参见第3.2节,步骤(3))生成的类型5 LSA将被刷新。相反地,通过翻译类型7 LSA生成的类型5 LSA不会立即刷新,而是允许保留在OSPF路由域中,就好像发起者仍然是一名当选的翻译人员一样。这将对频繁更改其转换器的NSSA传输拓扑的刷新和泛洪影响降至最低。
There are two types of issues that need be addressed when looking at protecting routing protocols from misconfigurations and malicious attacks. The first is authentication and certification of routing protocol information. The second is denial of service attacks resulting from repetitive origination of the same router advertisement or origination of a large number of distinct advertisements resulting in database overflow. Note that both of these concerns exist independently of a router's support for the NSSA option.
在研究如何保护路由协议免受错误配置和恶意攻击时,有两类问题需要解决。首先是路由协议信息的身份验证和认证。第二种是拒绝服务攻击,这是由于重复发起同一路由器广告或发起大量不同的广告导致数据库溢出而造成的。请注意,这两个问题都独立于路由器对NSSA选项的支持。
The OSPF protocol addresses authentication concerns by authenticating OSPF protocol exchanges. OSPF supports multiple types of authentication; the type of authentication in use can be configured on a per network segment basis. One of OSPF's authentication types, namely the Cryptographic authentication option, is believed to be secure against passive attacks and provides significant protection against active attacks. When using the Cryptographic authentication option, each router appends a "message digest" to its transmitted OSPF packets. Receivers then use the shared secret key and the received digest to verify that each received OSPF packet is authentic.
OSPF协议通过认证OSPF协议交换来解决认证问题。OSPF支持多种类型的认证;可以基于每个网段配置使用中的身份验证类型。OSPF的一种身份验证类型,即加密身份验证选项,被认为对被动攻击是安全的,并对主动攻击提供了重要的保护。当使用加密身份验证选项时,每个路由器在其传输的OSPF数据包中附加一个“消息摘要”。然后,接收器使用共享密钥和接收到的摘要来验证每个接收到的OSPF数据包是真实的。
The quality of the security provided by the Cryptographic authentication option depends completely on the strength of the message digest algorithm (MD5 is currently the only message digest algorithm specified), the strength of the key being used, and the correct implementation of the security mechanism in all communicating OSPF implementations. It also requires that all parties maintain the secrecy of the shared secret key. None of the standard OSPF authentication types provide confidentiality, nor do they protect against traffic analysis. For more information on the standard OSPF security mechanisms, see Sections 8.1, 8.2, and Appendix D of [OSPF].
加密身份验证选项提供的安全性质量完全取决于消息摘要算法的强度(MD5目前是唯一指定的消息摘要算法)、所用密钥的强度以及所有通信OSPF实现中安全机制的正确实现。它还要求各方维护共享密钥的保密性。标准的OSPF身份验证类型都不提供机密性,也不能防止流量分析。有关标准OSPF安全机制的更多信息,请参见[OSPF]第8.1、8.2节和附录D。
[DIGI] describes the extensions to OSPF required to add digital signature authentication to Link State data and to provide a certification mechanism for router data. [DIGI] also describes the added LSA processing and key management as well as a method for migration from or co-existence with standard OSPF V2.
[DIGI]描述了向链路状态数据添加数字签名认证以及为路由器数据提供认证机制所需的OSPF扩展。[DIGI]还描述了添加的LSA处理和密钥管理,以及从标准OSPF V2迁移或与标准OSPF V2共存的方法。
OSPF addresses repetitive origination of advertisements by mandating a limit on how frequent new instances of any particular LSA can be originated and accepted during the flooding procedure. The frequency at which new LSA instances may be originated is set to once every MinLSInterval seconds, whose value is 5 seconds. (See [OSPF] Section 12.4.) The frequency at which new LSA instances are accepted during flooding is once every MinLSArrival seconds, whose value is set to 1 second. (See [OSPF] Section 13, Appendix B, and G.1.)
OSPF通过强制规定在泛洪过程中发起和接受任何特定LSA的新实例的频率限制,解决了重复发起广告的问题。新LSA实例的发起频率设置为每分钟间隔秒一次,其值为5秒。(参见[OSPF]第12.4节。)泛洪期间接受新LSA实例的频率为每分钟LSA到达秒一次,其值设置为1秒。(见[OSPF]第13节附录B和G.1。)
Proper operation of the OSPF protocol requires that all OSPF routers maintain an identical copy of the OSPF link state database. However, when the size of the link state database becomes very large, some routers may be unable to keep the entire database due to resource shortages; this is termed "database overflow". When database overflow is anticipated, the routers with limited resources can be accommodated by configuring OSPF stub areas and NSSAs. [OVERFLOW] details a way of gracefully handling unanticipated database overflows.
OSPF协议的正确运行要求所有OSPF路由器维护OSPF链路状态数据库的相同副本。然而,当链路状态数据库的大小变得非常大时,一些路由器可能由于资源短缺而无法保留整个数据库;这被称为“数据库溢出”。当预期数据库溢出时,可以通过配置OSPF存根区域和NSSA来适应资源有限的路由器。[OVERFLOW]详细介绍了一种优雅地处理意外数据库溢出的方法。
This document was produced by the OSPF Working Group, chaired by John Moy.
本文件由约翰·莫伊主持的OSPF工作组编制。
In addition, the comments of the following individuals are also acknowledged:
此外,还确认以下个人的评论:
Antoni Przygienda Redback Networks, Inc Alex Zinin cisco
Antoni Przygienda Redback Networks,Inc.Alex Zinin cisco
It is also noted that comments from
还应注意的是,来自
Phani Jajjarvarpu cisco Dino Farinacci cisco Jeff Honig Cornell University Doug Williams IBM
Phani Jajjarvarpu cisco Dino Farinaci cisco Jeff Honig Cornell University Doug Williams IBM
were acknowledged in the predecessor of this document, RFC 1587.
在本文件的前身RFC 1587中确认。
This document, RFC 3101, adds new sections, features, edits, and revisions to its predecessor, RFC 1587, "The OSPF NSSA Option", authored by Rob Coltun, Movaz Networks, and Vince Fuller. Content from RFC 1587 is used throughout RFC 3101. In addition to adding new features, this document makes the NSSA specification consistent with the OSPFv2 specification, RFC 2328, authored by John Moy, Sycamore Networks, Inc. Section 2.5, Calculating Type-7 AS External Routes, and Section 2.6, Incremental Updates, rely heavily on text in RFC 2328's Section 16.4 and Section 16.6 respectively. Section 4.0, Security Considerations, is an edit of similar content in Rob Coltun's RFC 2370, "The OSPF Opaque LSA option", Section 6.0.
本文件RFC 3101为其前身RFC 1587“OSPF NSSA选项”(由Rob Coltun、Movaz Networks和Vince Fuller编写)添加了新的章节、功能、编辑和修订。RFC1587中的内容在整个RFC3101中使用。除了添加新功能外,本文件还使NSSA规范与OSPFv2规范RFC 2328保持一致,RFC 2328由Sycamore Networks,Inc.John Moy编写。第2.5节,将类型7计算为外部路由,以及第2.6节,增量更新,分别严重依赖RFC 2328第16.4节和第16.6节中的文本。第4.0节“安全注意事项”是对Rob Coltun的RFC 2370“OSPF不透明LSA选项”第6.0节中类似内容的编辑。
Acee Lindem, Redback Networks, Inc, is also recognized for the first full known implementation of this specification. Acee's implementation resulted in substantive content change.
Redback Networks,Inc.的Acee Lindem也是公认的第一个完全实现本规范的公司。Acee的实施导致了实质性的内容变化。
[DIGI] Murphy, S., Badger, M. and B. Wellington, "OSPF with Digital Signatures", RFC 2154, June 1997.
[DIGI]Murphy,S.,Badger,M.和B.Wellington,“具有数字签名的OSPF”,RFC 2154,1997年6月。
[MUEX] Moy, J., "Multicast Extensions to OSPF", RFC 1584, March 1994.
[MUEX]Moy,J.,“OSPF的多播扩展”,RFC1584,1994年3月。
[OSPF] Moy, J., "OSPF Version 2", RFC 2328, April 1998.
[OSPF]Moy,J.,“OSPF版本2”,RFC 23281998年4月。
[OPAQUE] Coltun, R., "The OSPF Opaque LSA Option", RFC 2370, July 1998.
[不透明]Coltun,R.,“OSPF不透明LSA选项”,RFC 23701998年7月。
[OVERFLOW] Moy, J., "OSPF Database Overflow", RFC 1765, March 1995.
[OVERFLOW]Moy,J.,“OSPF数据库溢出”,RFC17651995年3月。
Appendix A: The Options Field
附录A:选项字段
The OSPF options field is present in OSPF Hello packets, Database Description packets and all link state advertisements. See [OSPF] Appendix A.2 and [OPAQUE] Appendix A.1 for a description of the options field. Six bits are assigned but only two (the E-bit and the N/P bit) are described completely in this section.
OSPF选项字段出现在OSPF Hello数据包、数据库描述数据包和所有链路状态播发中。有关选项字段的说明,请参见[OSPF]附录A.2和[不透明]附录A.1。分配了六位,但在本节中仅完整描述了两位(E位和N/P位)。
-------------------------------------- | * | O | DC | EA | N/P | MC | E | * | --------------------------------------
-------------------------------------- | * | O | DC | EA | N/P | MC | E | * | --------------------------------------
The Type-7 LSA options field
类型7 LSA选项字段
E-bit: Type-5 AS-external-LSAs are not flooded into/through OSPF stub areas and NSSAs. The E-bit ensures that all members of a stub area or NSSA agree on that area configuration. The E-bit is meaningful only in OSPF Hello and Database Description packets. When the E-bit is clear in the Hello packet sent out a particular interface, it means that the router will neither send nor receive Type-5 AS-external-LSAs on that interface (in other words, the interface connects to a stub area or NSSA). Two routers will not become neighbors unless they agree on the state of the E-bit.
E-bit:5型AS外部LSA不会流入/通过OSPF存根区域和NSSA。E-bit确保存根区域或NSSA的所有成员都同意该区域配置。E位仅在OSPF Hello和数据库描述数据包中有意义。当从特定接口发送的Hello数据包中清除E位时,这意味着路由器既不会发送也不会接收该接口上作为外部LSA的Type-5(换句话说,该接口连接到存根区域或NSSA)。两个路由器不会成为邻居,除非他们就E位的状态达成一致。
N-bit: The N-bit describes the router's NSSA capability. The N-bit is used only in Hello packets and ensures that all members of an NSSA agree on that area's configuration. When the N-bit is set in the Hello packet that is sent out a particular interface, it means that the router will send and receive Type-7 LSAs on that interface. Two routers will not form an adjacency unless they agree on the state of the N-bit. If the N-bit is set in the options field, the E-bit must be clear.
N位:N位描述路由器的NSSA能力。N位仅在Hello数据包中使用,并确保NSSA的所有成员都同意该区域的配置。当在发送到特定接口的Hello数据包中设置N位时,这意味着路由器将在该接口上发送和接收Type-7 lsa。两个路由器不会形成邻接,除非它们对N位的状态达成一致。如果在选项字段中设置了N位,则E位必须清除。
P-bit: The P-bit is used only in the Type-7 LSA header. It flags the NSSA border router to translate the Type-7 LSA into a Type-5 LSA. The default setting for the P-bit is clear.
P位:P位仅在7型LSA标头中使用。它标记NSSA边界路由器,以将7型LSA转换为5型LSA。P位的默认设置是清除的。
Appendix B: Router-LSAs
附录B:路由器LSA
Router-LSAs are the Type-1 LSAs. Each router in an area originates a router-LSA. The LSA describes the state and cost of the router's links (i.e., interfaces) to the area. All of the router's links to the area must be described in a single router-LSA. For details concerning the construction of router-LSAs, see [OSPF] Section 12.4.1.
路由器LSA是1型LSA。一个区域中的每个路由器都发起一个路由器LSA。LSA描述路由器到该区域的链路(即接口)的状态和成本。必须在单个路由器LSA中描述该区域的所有路由器链接。有关路由器LSA构造的详细信息,请参见[OSPF]第12.4.1节。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | Options | 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS sequence number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0 Nt|W|V|E|B| 0 | # links | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | # TOS | TOS 0 metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TOS | 0 | metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TOS | 0 | metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... |
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | Options | 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS sequence number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0 Nt|W|V|E|B| 0 | # links | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | # TOS | TOS 0 metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TOS | 0 | metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TOS | 0 | metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... |
In router-LSAs, the Link State ID field is set to the router's OSPF Router ID. Router-LSAs are flooded throughout a single area only.
在路由器LSA中,链路状态ID字段设置为路由器的OSPF路由器ID。路由器LSA仅在单个区域内被淹没。
bit V When set, the router is an endpoint of one or more fully adjacent virtual links having the described area as their transit area (V is for virtual link endpoint).
位V设置时,路由器是一个或多个完全相邻的虚拟链路的端点,该虚拟链路具有所述区域作为其传输区域(V表示虚拟链路端点)。
bit E When set, the router is an AS boundary router (E is for external). ALL NSSA border routers set bit E in those router-LSAs originated into directly attached Type-5 capable areas. An NSSA's AS boundary routers also set bit E in their router-LSAs originated into the NSSA. (See Section 3.1 for details.)
位E设置后,路由器为AS边界路由器(E为外部路由器)。所有NSSA边界路由器在这些路由器LSA中设置位E,这些LSA起源于直接连接的5型功能区。NSSA的AS边界路由器也在其路由器LSA中设置位E,LSA起源于NSSA。(详见第3.1节。)
bit B When set, the router is an area border router (B is for border).
位B设置后,路由器为区域边界路由器(B表示边界)。
bit W When set, the router is a wild-card multicast receiver (W is for wild).
位W设置后,路由器为通配符多播接收器(W表示通配符)。
bit Nt When set, the router is an NSSA border router that is unconditionally translating Type-7 LSAs into Type-5 LSAs (Nt stands for NSSA translation). Note that such routers have their NSSATranslatorRole area configuration parameter set to Always. (See Appendix D and Section 3.1.)
位Nt设置后,路由器为NSSA边界路由器,无条件地将类型7 LSA转换为类型5 LSA(Nt代表NSSA转换)。请注意,此类路由器的NSSATranslatorRole区域配置参数设置为“始终”。(见附录D和第3.1节。)
The remainder of the router-LSAs specification is defined in [OSPF] Section A.4.2.
[OSPF]第A.4.2节定义了路由器LSAs规范的其余部分。
Appendix C: Type-7 LSA Packet Format
附录C:第7类LSA数据包格式
0 32 ------------------------------------ | | Options | 7 | | ------------------- | Link-State Header | | | ------------------------------------ | Network Mask | ------------------------------------ ______ |E| TOS | metric | . ------------------------------------ . repeated for each TOS | Forwarding Address | . ------------------------------------ . | External Route Tag | ______ ------------------------------------
0 32 ------------------------------------ | | Options | 7 | | ------------------- | Link-State Header | | | ------------------------------------ | Network Mask | ------------------------------------ ______ |E| TOS | metric | . ------------------------------------ . repeated for each TOS | Forwarding Address | . ------------------------------------ . | External Route Tag | ______ ------------------------------------
The definitions of the link-state ID, network mask, metrics and external route tag are the same as the definitions for Type-5 LSAs (See [OSPF] Appendix A.4.5), except for the forwarding address and the N/P-bit. The Options field must have the N/P bit set as described in Appendix A when the originating router desires that the external route be propagated throughout the OSPF domain.
链路状态ID、网络掩码、度量和外部路由标签的定义与第5类LSA的定义相同(见[OSPF]附录A.4.5),但转发地址和N/P位除外。当始发路由器希望外部路由在整个OSPF域中传播时,选项字段必须按照附录A中所述设置N/P位。
Forwarding address Data traffic for the advertised destination will be forwarded to this address. If the forwarding address is set to 0.0.0.0, data traffic will be forwarded to the LSA's originator (i.e., the responsible NSSA AS boundary router). Normally the next hop address of an installed AS external route learned by an NSSA ASBR from an adjacent AS points at one of the adjacent AS's gateway routers. If this address belongs to a network connected to the NSSA ASBR via one of its NSSAs' active interfaces, then it is the forwarding address for the route's Type-7 LSA originated into this NSSA. For an NSSA with no such network the forwarding address is either an address from one of its active interfaces or 0.0.0.0. If the P-bit is set, the forwarding address must be non-zero, otherwise it may be 0.0.0.0. (See Section 2.3 for details.)
转发地址播发目的地的数据通信将转发到此地址。如果转发地址设置为0.0.0.0,数据流量将转发给LSA的发起人(即作为边界路由器的责任NSSA)。通常,NSSA ASBR从相邻AS的网关路由器上的相邻AS点读入的已安装AS外部路由的下一跳地址。如果此地址属于通过NSSA的一个活动接口连接到NSSA ASBR的网络,则它是源自此NSSA的路由7型LSA的转发地址。对于没有此类网络的NSSA,转发地址要么是来自其活动接口之一的地址,要么是0.0.0.0。如果设置了P位,则转发地址必须为非零,否则可能为0.0.0.0。(详见第2.3节。)
Appendix D: Configuration Parameters
附录D:配置参数
[OSPF] Appendix C.2 lists the area configuration parameters. The area ID and the list of address ranges for Type-3 summary routes remain unchanged. Section 2.2 of this document lists the configuration parameters for Type-7 address ranges. The following area configuration parameters have been added:
[OSPF] Appendix C.2 lists the area configuration parameters. The area ID and the list of address ranges for Type-3 summary routes remain unchanged. Section 2.2 of this document lists the configuration parameters for Type-7 address ranges. The following area configuration parameters have been added:translate error, please retry
NSSATranslatorRole
NSSATranslatorole
Specifies whether or not an NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When it is set to Always, an NSSA border router always translates Type-7 LSAs into Type-5 LSAs regardless of the translator state of other NSSA border routers. When it is set to Candidate, an NSSA border router participates in the translator election process described in Section 3.1. The default setting is Candidate.
指定NSSA边界路由器是否将无条件地将类型7 LSA转换为类型5 LSA。当设置为“始终”时,NSSA边界路由器始终将类型7 LSA转换为类型5 LSA,而不考虑其他NSSA边界路由器的转换器状态。当设置为“候选”时,NSSA边界路由器将参与第3.1节所述的翻译器选择过程。默认设置为“候选”。
TranslatorStabilityInterval
翻译稳定区间
Defines the length of time an elected Type-7 translator will continue to perform its translator duties once it has determined that its translator status has been deposed by another NSSA border router translator as described in Section 3.1 and 3.3. The default setting is 40 seconds.
定义选定的7类翻译人员在确定其翻译人员身份已被另一个NSSA边界路由器翻译人员废黜后继续履行其翻译人员职责的时间长度,如第3.1节和第3.3节所述。默认设置为40秒。
ImportSummaries
进口商品
When set to enabled, OSPF's summary routes are imported into the NSSA as Type-3 summary-LSAs. When set to disabled, summary routes are not imported into the NSSA. The default setting is enabled.
当设置为enabled(启用)时,OSPF的摘要路由将作为类型3摘要LSA导入NSSA。设置为禁用时,摘要路由不会导入NSSA。默认设置已启用。
Implementations must provide a vehicle for setting the P-bit when external routes are imported into the NSSA as Type-7 LSAs. Without configuration, the default setting of the P-bit is clear. (See Section 2.3 and Appendix B.)
当外部路由作为7型LSA导入NSSA时,实施必须提供设置P位的工具。在没有配置的情况下,P位的默认设置是明确的。(见第2.3节和附录B)
For NSSAs the ExternalRoutingCapability area configuration parameter must be set to accept Type-7 external routes. Additionally there must be a way of configuring the metric of the default LSA that a border router advertises into its directly attached NSSAs. If a Type-7 default LSA is advertised, its metric type (1 or 2) should also be configurable.
对于NSSA,必须将ExternalRoutingCapability area配置参数设置为接受类型7外部路由。此外,必须有一种方法来配置边界路由器向其直接连接的NSSA播发的默认LSA的度量。如果发布了类型7默认LSA,则其度量类型(1或2)也应该是可配置的。
Appendix E: The P-bit Policy Paradox.
附录E:P-bit政策悖论。
Non-default Type-7 LSAs with the P-bit clear may be installed in the OSPF routing table of NSSA border routers. (See Section 2.5.) These LSAs are not propagated throughout the OSPF domain as translated Type-5 LSAs. (See Section 3.2.) Thus, traffic that is external to an NSSA and that passes through one of the NSSA's border routers may be hijacked into the NSSA by a route installed from a Type-7 LSA with the P-bit clear. This may be contrary to the expected path at the source of the traffic. It may also violate the routing policy intended by the Type-7 LSA's clear P-bit. A Type-7 address range that is configured with DoNotAdvertise exhibits the same paradox for any installed Type-7 LSAs it subsumes, regardless of the P-bit setting.
NSSA边界路由器的OSPF路由表中可以安装P位清除的非默认7型LSA。(见第2.5节)这些LSA不会作为翻译的5型LSA在整个OSPF域中传播。(参见第3.2节。)因此,NSSA外部以及通过NSSA边界路由器之一的流量可能会被从P位清除的7型LSA安装的路由劫持到NSSA中。这可能与流量源处的预期路径相反。它还可能违反7型LSA的清除P位所期望的路由策略。无论P位设置如何,使用DoNotAdvertise配置的7型地址范围对于任何已安装的7型LSA都显示出与其包含的相同悖论。
This paradox is best illustrated by the following example. Consider an OSPF domain (AS 1842) with connections for default Internet routing and to external AS 4156. NSSA 1 and OSPF Area 2 are partially defined in the following diagram:
下面的例子最能说明这一悖论。考虑一个OSPF域(AS 1842),它具有默认Internet路由和外部AS 4156的连接。NSSA 1和OSPF区域2的部分定义如下图所示:
AS 4156 | Area 2 | | A2 A0 Area 0 C0-----Internet | | | Default | | | | | | +-----------------B0---------------+ /\ / \ / \ Internet------------A1 B1------AS 4156 (P-bit clear) Default (P-bit set) NSSA 1
AS 4156 | Area 2 | | A2 A0 Area 0 C0-----Internet | | | Default | | | | | | +-----------------B0---------------+ /\ / \ / \ Internet------------A1 B1------AS 4156 (P-bit clear) Default (P-bit set) NSSA 1
Here A0, B0, and C0 are Area 0 routers, A1 and B1 are NSSA 1 routers, and A2 is an Area 2 router. B0 is a border router for both NSSA 1 and Area 2.
这里A0、B0和C0是区域0路由器,A1和B1是NSSA 1路由器,A2是区域2路由器。B0是NSSA 1和区域2的边界路由器。
If the Type-7 external routes imported by B1 for AS 4156 are installed on B0 so that the NSSA 1 tree below A1 can take advantage of them, then A2's traffic to AS 4156 is hijacked through B0 by B1, rather than its computed path through A0.
如果B1为AS 4156导入的7类外部路由安装在B0上,以便A1下方的NSSA 1树可以利用它们,那么A2到AS 4156的通信量将被B1通过B0劫持,而不是通过A0的计算路径。
An NSSA border router's installed Type-7 default LSAs will exhibit this paradox when it possesses a Type-7 address range [0,0] configured with DoNotAdvertise, as these LSAs are not propagated even
NSSA边界路由器安装的7型默认LSA在拥有配置了DoNotAdvertise的7型地址范围[0,0]时会出现这种矛盾,因为这些LSA甚至不会传播
though their P-bit is set. In the example above, if A1's default is installed on B0, which has a configured Type-7 address range [0,0] with DoNotAdvertise set, then A2's Internet traffic is hijacked through B0 by A1 rather than the computed path through C0.
尽管他们的P位已设置。在上面的示例中,如果A1的默认值安装在B0上,B0配置了Type-7地址范围[0,0],并设置了DoNotAdvertise,那么A2的Internet流量将被A1通过B0劫持,而不是通过C0的计算路径劫持。
Appendix F: Differences from RFC 1587
附录F:与RFC 1587的差异
This section documents the differences between this memo and RFC 1587. All differences are backward-compatible. Implementations of this memo and of RFC 1587 will interoperate.
本节记录了本备忘录与RFC 1587之间的差异。所有差异都是向后兼容的。本备忘录和RFC1587的实施将互操作。
F.1 Enhancements to the import of OSPF's summary routes.
F.1加强OSPF汇总路线的导入。
The import of OSPF's summary routes into an NSSA as Type-3 summary-LSAs is now optional. In RFC 1587 the import of summary routes was mandated in order to guarantee that inter-area summary routing was not obscured by an NSSA's Type-7 AS-external-LSAs. The current recommended default behavior is to import summary routes. When summary routes are not imported into an NSSA, the default LSA originated by its border routers must be a Type-3 summary-LSA.
将OSPF的摘要路由作为类型3摘要LSA导入NSSA现在是可选的。在RFC 1587中,强制导入摘要路由,以确保区域间摘要路由不会被NSSA的7型外部LSA所掩盖。当前建议的默认行为是导入摘要路由。当摘要路由未导入NSSA时,由其边界路由器发起的默认LSA必须是类型3摘要LSA。
See Sections 1.3 and 2.7 for details.
详见第1.3节和第2.7节。
F.2 Changes to Type-7 LSAs.
F.2对7类LSA的更改。
The setting of the forwarding address in Type-7 LSAs has been further refined.
7型LSA中转发地址的设置已进一步优化。
See Section 2.3 for details.
详见第2.3节。
F.3 Changes to the Type-7 AS external routing calculation.
F.3将7型更改为外部布线计算。
The Type-7 external route calculation has been revised. Most notably:
对7型外部路线计算进行了修订。最值得注意的是:
o The path preference defined in [OSPF] Section 16.4.1 has been included.
o 已包括[OSPF]第16.4.1节中定义的路径偏好。
o A Type-7 default route with the P-bit clear will not be installed on an NSSA border router. This protects the default routing of other OSPF Areas. (See Appendix E.)
o NSSA边界路由器上不会安装P位清除的7型默认路由。这将保护其他OSPF区域的默认路由。(见附录E)
o The LSA type of two AS-external-LSAs plays no role in determining path preference except when the LSAs are functionally the same (i.e., same destination, cost and non-zero forwarding address).
o 两个作为外部LSA的LSA类型在确定路径偏好方面不起作用,除非LSA在功能上相同(即,相同的目的地、成本和非零转发地址)。
See Section 2.5 for details.
详见第2.5节。
The translator election algorithm of RFC 1587 has been updated to close a bug that results when the translator with the highest router ID loses connectivity to the AS's transit topology. The default translator election process occurs only in the absence of an existing translator.
RFC1587的转换器选择算法已更新,以关闭当具有最高路由器ID的转换器与AS的传输拓扑失去连接时导致的错误。默认翻译器选择过程仅在现有翻译器不存在的情况下发生。
The identity of the translator is optionally configurable, with more than one allowed. This allows the network designer to choose the most cost effective intra-AS route for NSSA originated Type-5 LSA aggregations of Type-7 LSAs.
翻译器的标识是可选配置的,允许有多个翻译器。这允许网络设计者为源自NSSA的第5类LSA聚合和第7类LSA选择最经济高效的AS内路由。
Self-originated non-default Type-7 LSAs are now included in the translation process.
自创的非默认7型LSA现在包括在翻译过程中。
The translation process has been strengthened to close some of the weak points of RFC 1587.
翻译过程已得到加强,以弥补RFC1587的一些弱点。
See Sections 3.1 and 3.2 for details.
详见第3.1节和第3.2节。
An NSSA border router, which was elected by the augmented RFC 1587 translator selection process defined in Section 3.1 and which has been deposed from its translation duties by another NSSA border router, flushes its self-originated Type-5 LSAs that resulted from the aggregation of Type-7 LSAs. This prevents these obsolete aggregations from short circuiting the preferred path through the new translator(s). A deposed translator continues to maintain its self-originated Type-5 LSAs resulting from translation until they age out normally.
由第3.1节中定义的增广RFC 1587翻译器选择过程选出的NSSA边界路由器已被另一个NSSA边界路由器从其翻译职责中撤销,该路由器刷新其源于7型LSA聚合的自创5型LSA。这可以防止这些过时的聚合通过新转换器短路首选路径。被废黜的翻译人员继续保留其源于翻译的5型LSA,直到其正常老化。
See Section 3.3 for details.
详见第3.3节。
The P-bit default has been defined as clear. RFC 1587 had no default setting. (See Appendix C.)
P位默认值已定义为清除。RFC1587没有默认设置。(见附录C)
A discussion on the packet forwarding impact of installing Type-7 LSAs with the P-bit clear on NSSA border routers has been added as Appendix E.
附录E中增加了关于在NSSA边界路由器上安装P位清除的7型LSA对数据包转发影响的讨论。
Author's Addresses
作者地址
Pat Murphy US Geological Survey 345 Middlefield Road Menlo Park, California 94560
帕特·墨菲美国地质调查局加利福尼亚州门罗公园米德菲尔德路345号94560
Phone: (650) 329-4044 EMail: pmurphy@noc.usgs.net
电话:(650)329-4044电子邮件:pmurphy@noc.usgs.net
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。