Network Working Group T. Przygienda Request for Comments: 3358 Xebeo Category: Informational August 2002
Network Working Group T. Przygienda Request for Comments: 3358 Xebeo Category: Informational August 2002
Optional Checksums in Intermediate System to Intermediate System (ISIS)
中间系统到中间系统(ISIS)中的可选校验和
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
This document describes an optional extension to the Intermediate System to Intermediate System (ISIS) protocol, used today by several Internet Service Proviers (ISPs) for routing within their clouds. ISIS is an interior gateway routing protocol developed originally by OSI and used with IP extensions as Interior Gateway Protocol (IGP). ISIS originally does not provide Complete Sequence Numbers Protocol Data (CSNP) and Partial Sequence Numbers Protocol Data Unit (PSNP) checksums, relying on the underlying layers to verify the integrity of information provided. Experience with the protocol shows that this precondition does not always hold and scenarios can be imagined that impact protocol functionality. This document introduces a new optional Type, Length and Value (TLV) providing checksums.
本文档描述了中间系统到中间系统(ISIS)协议的可选扩展,目前由多个Internet服务提供商(ISP)用于在其云中进行路由。ISIS是最初由OSI开发的内部网关路由协议,与IP扩展一起用作内部网关协议(IGP)。ISIS最初不提供完整序列号协议数据(CSNP)和部分序列号协议数据单元(PSNP)校验和,依靠底层验证所提供信息的完整性。协议的经验表明,这个前提条件并不总是成立的,可以想象会影响协议功能的场景。本文档介绍了一种提供校验和的新可选类型、长度和值(TLV)。
ISIS [ISO90, Cal90a, Cal90b] CSNPs and PSNPs and IIHs can be corrupted in case of faulty implementations of L2 hardware or lack of checksuming on a specific network technology. As a particularly ugly case, corruption of length and/or TLV length fields may lead to the generation of extensive numbers of "empty" LSPs in the receiving node. Since we cannot rely on authentication as a checksum mechanism, this document proposes an optional TLV to add checksums to the elements.
ISIS[ISO90、Cal90a、Cal90b]CSNPs和PSNPs以及IIHs可能会在二级硬件的错误实现或缺乏对特定网络技术的检查时损坏。作为特别难看的情况,长度和/或TLV长度字段的损坏可能导致在接收节点中生成大量“空”lsp。由于我们不能依赖身份验证作为校验和机制,因此本文提出了一个可选的TLV来向元素添加校验和。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [Bra97].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[Bra97]中所述进行解释。
This optional TLV MAY BE included in all CSNP, PSNP and IIH packets and an implementation that implements optional checksums MUST accept PDUs if they do NOT contain the optional checksum. Implementations that receive an optional checksum TLV and support it MUST discard the PDU if the checksum is incorrect. An implementation that does NOT implement optional checksums MUST accept a PDU that contains the checksum TLV. An implementation that supports optional checksums and receives it within any other PDU than CSNP, PSNP or IIH MUST discard the PDU. Such an implementation MUST discard the PDU as well if more than one optional checksum TLVs are included within it. Additionally, any implementation supporting optional checksums MUST accept PDUs with an optional checksum with the value 0 and consider such a checksum as correct.
此可选TLV可能包含在所有CSNP、PSNP和IIH数据包中,如果实现可选校验和的实现不包含可选校验和,则必须接受PDU。如果校验和不正确,则接收可选校验和TLV并支持它的实现必须放弃PDU。未实现可选校验和的实现必须接受包含校验和TLV的PDU。支持可选校验和并在CSNP、PSNP或IIH以外的任何其他PDU中接收该校验和的实现必须放弃该PDU。如果PDU中包含多个可选校验和TLV,则这种实现也必须丢弃PDU。另外,支持可选校验和的任何实现都必须接受具有值0的可选校验和的PDU,并认为这样的校验和是正确的。
The checksum is a fletcher checksum computed according to [ISO98], Annex C over the complete PDU. To compute the correct checksum, an implementation MUST add the optional checksum TLV to the PDU with the initial checksum value of 0 and compute the checksum over such a PDU.
校验和是根据[ISO98]附录C在整个PDU上计算的fletcher校验和。要计算正确的校验和,实现必须将可选校验和TLV添加到PDU,初始校验和值为0,并在这样的PDU上计算校验和。
The implementation MUST either omit the optional checksum on an interface or send a 0 checksum value if it includes in the PDU signatures that provide equivalent or stronger functionality, such as HMAC or MD5. Otherwise an implementation that handles such signatures but does not handle the optional checksums, may fail to compute the MD5 signature on the packet. Such a failure would be caused by the fact that MD5 is computed with the checksum value set to 0 and only as a final step is the checksum value being filled in.
实现必须省略接口上的可选校验和,或者发送0校验和值(如果它包含在提供等效或更强功能的PDU签名中),如HMAC或MD5。否则,处理此类签名但不处理可选校验和的实现可能无法计算数据包上的MD5签名。这种失败可能是由于MD5是在校验和值设置为0的情况下计算的,并且只有最后一步才填写校验和值。
[Prz01] lists the according value of the TLV type and discusses issues surrounding the assignment of new TLV codepoints.
[Prz01]列出了TLV类型的相应值,并讨论了围绕新TLV代码点分配的问题。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TLV Type =12 | TLV Length =2 | Checksum (16 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TLV Type =12 | TLV Length =2 | Checksum (16 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Tony Li mentioned the original problem. Mike Shand provided comments. Somehow related problems with purging on LSP checksum errors have been observed by others before. Nischal Sheth spelled out the issues of interaction between MD5 and the optional checksums.
托尼·李提到了最初的问题。迈克·尚德发表了评论。以前,其他人曾观察到与清除LSP校验和错误相关的问题。Nischal Sheth阐述了MD5和可选校验和之间的交互问题。
ISIS security applies to the work presented. No specific security issues as to the new element are known.
ISIS安全适用于所介绍的工作。没有关于新元素的具体安全问题。
References
工具书类
[Bra97] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[Bra97]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[Cal90a] Callon, R., "OSI ISIS Intradomain Routing Protocol", RFC 1142, February 1990.
[Cal90a]Callon,R.,“OSI ISIS域内路由协议”,RFC 1142,1990年2月。
[Cal90b] Callon, R., "Use of OSI ISIS for Routing in TCP/IP and Dual Environments", RFC 1195, December 1990.
[Cal90b]Callon,R.,“在TCP/IP和双环境中使用OSI ISIS进行路由”,RFC 1195,1990年12月。
[ISO90] ISO. Information Technology - Telecommunications and Information Exchange between Systems - Intermediate System to Intermediate System Routing Exchange Protocol for Use in Conjunction with the Protocol for Providing the Connectionless-Mode Network Service. ISO, 1990.
[ISO90]ISO。信息技术.系统间远程通信和信息交换.与提供无连接模式网络服务协议一起使用的中间系统到中间系统路由交换协议。国际标准化组织,1990年。
[ISO98] ISO. Information Technology - Protocol for Providing the Connectionless-Mode Network Service: Protocol Specification. ISO, 1998.
[ISO98]ISO。信息技术.提供无连接模式网络服务的协议:协议规范。ISO,1998年。
[Prz01] Przygienda, T., "Reserved Type, Length and Value (TLV) Codepoints in Intermediate System to Intermediate System", RFC 3359, August 2002.
[Prz01]Przygienda,T.,“中间系统到中间系统中的保留类型、长度和值(TLV)码点”,RFC 3359,2002年8月。
Author's Address
作者地址
Tony Przygienda Xebeo One Cragwood Road South Plainfield, NJ 07080
新泽西州普兰菲尔德南克拉格伍德路一号托尼·普兹吉恩达·塞贝奥,邮编:07080
Phone: (908) 222 4225 Email: prz@xebeo.com
电话:(908)2224225电子邮件:prz@xebeo.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。