Network Working Group R. Bonica
Request for Comments: 3609 MCI
Category: Informational K. Kompella
Juniper Networks
D. Meyer
Sprint
September 2003
Network Working Group R. Bonica
Request for Comments: 3609 MCI
Category: Informational K. Kompella
Juniper Networks
D. Meyer
Sprint
September 2003
Tracing Requirements for Generic Tunnels
一般隧道的追踪要求
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
This document specifies requirements for a generic route-tracing application. It also specifies requirements for a protocol that will support that application. Network operators will use the generic route-tracing application to verify proper operation of the IP forwarding plane. They will also use the application to discover details regarding tunnels that support IP forwarding.
本文档规定了通用路由跟踪应用程序的要求。它还指定了支持该应用程序的协议的要求。网络运营商将使用通用路由跟踪应用程序验证IP转发平面的正确操作。他们还将使用该应用程序发现有关支持IP转发的隧道的详细信息。
The generic route-tracing application, specified herein, supports a superset of the functionality that "traceroute" currently offers. Like traceroute, the generic route-tracing application can discover the forwarding path between two interfaces that are contained by an IP network. Unlike traceroute, this application can reveal details regarding tunnels that support the IP forwarding path.
本文指定的通用路由跟踪应用程序支持“traceroute”当前提供的功能的超集。与traceroute类似,通用路由跟踪应用程序可以发现IP网络包含的两个接口之间的转发路径。与traceroute不同,此应用程序可以显示有关支持IP转发路径的隧道的详细信息。
IP networks utilize several tunneling technologies. Although these tunneling technologies provide operators with many useful features, they also present management challenges. Network operators require a generic route-tracing application that they can use to verify the correct operation of the IP forwarding plane. The generic route-tracing application must be capable of detecting tunnels and revealing tunnel details. The application also must be useful in diagnosing tunnel faults.
IP网络利用了几种隧道技术。尽管这些隧道技术为运营商提供了许多有用的功能,但它们也带来了管理挑战。网络运营商需要一个通用的路由跟踪应用程序,他们可以使用该应用程序来验证IP转发平面的正确操作。通用路线跟踪应用程序必须能够检测隧道并显示隧道细节。该应用程序在诊断隧道故障时也必须有用。
Implementors also require a new protocol that will support the generic-route tracing application. This document specifies requirements for that protocol. It specifies requirements, primarily, by detailing the desired capabilities of the generic route-tracing application. A particular version of generic route-tracing application may implement some subset of the desired capabilities. It may also implement a superset of those capabilities. However, protocol designers are not required to consider the additional capabilities when designing the new protocol.
实现者还需要支持通用路由跟踪应用程序的新协议。本文件规定了该协议的要求。它主要通过详细说明通用路由跟踪应用程序所需的功能来指定需求。通用路由跟踪应用程序的特定版本可以实现所需功能的某些子集。它还可以实现这些功能的超集。然而,在设计新协议时,协议设计者不需要考虑额外的能力。
This document also specifies a few protocol requirements, stated as such. These requirements are driven by desired characteristics of the generic route-tracing application. Whenever a protocol requirement is stated, it is mapped to the desired characteristic of the route-tracing application.
本文件还规定了一些协议要求,如下所述。这些需求由通用路由跟踪应用程序的期望特性驱动。无论何时声明协议需求,都会将其映射到路由跟踪应用程序的所需特性。
Currently, network operators use "traceroute" to trace through the forwarding path of an IP network. Section 3.4 of [RFC-2151] provides a thorough description of traceroute. Although traceroute is very reliable and very widely deployed, it is deficient with regard to tunnel tracing.
目前,网络运营商使用“跟踪路由”跟踪IP网络的转发路径。[RFC-2151]第3.4节对示踪路由进行了全面描述。尽管traceroute非常可靠且部署非常广泛,但它在隧道追踪方面存在不足。
Depending upon tunnel type, traceroute may display an entire tunnel as a single IP hop, or it may display the tunnel as a collection of IP hops, without indicating that they are part of a tunnel.
根据隧道类型,跟踪路由可以将整个隧道显示为单个IP跃点,也可以将隧道显示为IP跃点的集合,而不指示它们是隧道的一部分。
For example, assume that engineers deploy an IP tunnel in an IP network. Assume also that they configure the tunnel so that the ingress router does not copy the TTL value from the inner IP header to outer IP header. Instead, the ingress router always sets the outer TTL value to its maximum permitted value. When engineers trace through the network, traceroute will always display the tunnel as a single IP hop, hiding all components except the egress interface.
例如,假设工程师在IP网络中部署IP隧道。还假设他们配置隧道,以便入口路由器不会将TTL值从内部IP报头复制到外部IP报头。相反,入口路由器总是将外部TTL值设置为其最大允许值。当工程师通过网络进行跟踪时,traceroute将始终将隧道显示为单个IP跃点,隐藏除出口接口之外的所有组件。
Now assume that engineers deploy an MPLS LSP in an IP network. Assume also that engineers configure the MPLS LSP so that the ingress router propagates the TTL value from the IP header to the MPLS header. When engineers trace through the network, traceroute will display the LSP as a series of IP hops, without indicating that they are part of a tunnel.
现在假设工程师在IP网络中部署MPLS LSP。还假设工程师配置MPLS LSP,以便入口路由器将TTL值从IP报头传播到MPLS报头。当工程师通过网络进行跟踪时,traceroute将LSP显示为一系列IP跃点,而不指示它们是隧道的一部分。
Network operators require a new route-tracing application. The new application must support all functionality that traceroute currently offers. It also must provide enhanced tunnel tracing capabilities.
网络运营商需要新的路由跟踪应用程序。新应用程序必须支持traceroute当前提供的所有功能。它还必须提供增强的隧道跟踪功能。
The following list provides specific requirements for the new route-tracing application:
以下列表提供了新路由跟踪应用程序的具体要求:
1) Support the notion of a security token as part of the tunnel trace request. The security token identifies the tracer's privileges in tracing tunnels. Network elements will use this security token to determine whether or not to return the requested information to the tracer. In particular, appropriate privileges are required for items (2), (3), (6), (8), (10), (13), and (14).
1) 支持将安全令牌作为隧道跟踪请求的一部分的概念。安全令牌标识跟踪程序在跟踪隧道中的权限。网络元件将使用此安全令牌来确定是否将请求的信息返回给跟踪器。特别是,第(2)、(3)、(6)、(8)、(10)、(13)和(14)项需要适当的特权。
Justification: Operators may need to discover network forwarding details, while concealing those details from unauthorized parties.
理由:运营商可能需要发现网络转发详细信息,同时向未经授权方隐瞒这些详细信息。
2) Support in-line traces. An in-line trace reveals the path between the host upon which the route-tracing application executes and any interface in an IP network.
2) 支持在线跟踪。在线跟踪显示执行路由跟踪应用程序的主机与IP网络中的任何接口之间的路径。
Justification: Operators need to discover how the network would forward a datagram between any two IP interfaces.
理由:运营商需要发现网络如何在任意两个IP接口之间转发数据报。
3) Support third-party traces. A third-party trace reveals the path between any two points in an IP network. The application that initiates a third-party trace need not execute upon a host or router that is part of the traced path. Unlike existing solutions [RFC-2151] [RFC-2925], the application will not rely upon IP options or require access to the SNMP agent in order to support third-party traces.
3) 支持第三方跟踪。第三方跟踪显示IP网络中任意两点之间的路径。启动第三方跟踪的应用程序不需要在作为跟踪路径一部分的主机或路由器上执行。与现有解决方案[RFC-2151][RFC-2925]不同,应用程序不依赖IP选项,也不需要访问SNMP代理以支持第三方跟踪。
Justification: Operators need to discover how the network would forward a datagram between any two IP interfaces.
理由:运营商需要发现网络如何在任意两个IP接口之间转发数据报。
4) Support partial traces through broken paths or tunnels.
4) 通过破碎的道路或隧道支撑部分痕迹。
Justification: Operators need to identify the root cause of forwarding plane failures.
理由:操作员需要确定转发平面故障的根本原因。
5) When tracing through a tunnel, either as part of an in-line trace or a third-party trace, display the tunnel either as a single IP hop or in detail. The user's request determines how the application displays tunnels, subject to the user having permission to do this.
5) 当通过隧道进行跟踪时,作为在线跟踪或第三方跟踪的一部分,将隧道显示为单个IP跃点或详细信息。用户的请求决定了应用程序显示隧道的方式,前提是用户有权这样做。
Justification: As they discover IP forwarding details, operators may need to reveal or mask tunneling details.
理由:当他们发现IP转发细节时,运营商可能需要披露或屏蔽隧道细节。
6) When displaying a tunnel in detail, include the tunnel type (e.g., GRE, MPLS), the tunnel name (if applicable), the tunnel identifier (if applicable) and tunnel endpoint addresses. Also, include tunnel components and round trip delay across each component.
6) 详细显示隧道时,包括隧道类型(例如,GRE、MPLS)、隧道名称(如果适用)、隧道标识符(如果适用)和隧道端点地址。此外,还包括隧道组件和每个组件的往返延迟。
Justification: As they discover IP forwarding details, operators may need to reveal tunneling details.
理由:当他们发现IP转发细节时,运营商可能需要披露隧道细节。
7) Support the following tunneling technologies: GRE, MPLS, IPSEC, GMPLS, IP-in-IP, L2TP. Be easily extensible to support new tunnel technologies.
7) 支持以下隧道技术:GRE、MPLS、IPSEC、GMPLS、IP中的IP、L2TP。易于扩展以支持新的隧道技术。
Justification: Operators will use the generic route-tracing application to discover how an IP network forwards datagrams. As many tunnel types may support the IP network, the generic route-tracing application must detect and reveal details concerning multiple tunnel types.
理由:运营商将使用通用路由跟踪应用程序来发现IP网络如何转发数据报。由于许多隧道类型可能支持IP网络,因此通用路由跟踪应用程序必须检测并揭示有关多个隧道类型的详细信息。
8) Trace through nested, heterogeneous tunnels (e.g., IP-in-IP over MPLS).
8) 通过嵌套的异构隧道(例如,IP-in-IP-over-MPLS)进行跟踪。
Justification: Operators will use the generic route-tracing application to discover how an IP network forwards datagrams. As nested, heterogeneous tunnels may support the IP network, the generic route-tracing application must detect and reveal details concerning nested, heterogeneous tunnels.
理由:运营商将使用通用路由跟踪应用程序来发现IP网络如何转发数据报。由于嵌套的异构隧道可能支持IP网络,因此通用路由跟踪应用程序必须检测并揭示有关嵌套的异构隧道的详细信息。
9) At the users request, trace through the forwarding plane, the control plane or both.
9) 应用户请求,跟踪转发平面、控制平面或两者。
Justification: Operators need to identify the root cause of forwarding plane failures. Control plane information is sometimes useful in determining the cause of forwarding plane failure.
理由:操作员需要确定转发平面故障的根本原因。控制平面信息有时有助于确定转发平面故障的原因。
10) Support control plane tracing for all tunnel types. When tracing through the control plane, the hop ingress device reports hop details. The hop ingress device is the device that originates the hop.
10) 支持所有隧道类型的控制平面跟踪。当通过控制平面进行跟踪时,跃点入口设备报告跃点详细信息。跃点入口设备是发起跃点的设备。
Justification: Control plane information is available regarding all tunnel types.
对齐:控制平面信息可用于所有隧道类型。
11) Support tracing through forwarding plane for all tunnel types that implement TTL decrement (or some similar mechanism). When tracing through the forwarding plane, the hop egress device reports hop details. The hop egress device is the device that terminates the hop.
11) 支持通过转发平面跟踪所有实现TTL递减(或某些类似机制)的隧道类型。当跟踪转发平面时,跃点出口设备报告跃点详细信息。跃点出口设备是终止跃点的设备。
Justification: Forwarding plane information may not be available for tunnels that do not support TTL decrement.
理由:转发平面信息可能不适用于不支持TTL递减的隧道。
12) Support tracing through the forwarding plane for all tunnel types that implement TTL decrement, regardless of whether the tunnel engages in TTL propagation. (That is, support tunnel tracing regardless of whether the TTL value is copied from an inner header to an outer header at tunnel ingress.)
12) 支持对所有实现TTL递减的隧道类型通过转发平面进行跟踪,而不管隧道是否参与TTL传播。(也就是说,无论TTL值是否在隧道入口从内部标头复制到外部标头,都支持隧道跟踪。)
Justification: Forwarding plane information is always available, regardless of whether the tunnel engages in TTL propagation.
理由:无论隧道是否参与TTL传播,转发平面信息始终可用。
13) When tracing through the control plane, display the MTU associated with each interface that forwards datagrams through the traced path.
13) 当通过控制平面进行跟踪时,显示与通过跟踪路径转发数据报的每个接口相关联的MTU。
Justification: MTU information is sometimes useful in identifying the root cause of forwarding and control plane failures.
理由:MTU信息有时有助于确定转发和控制平面故障的根本原因。
14) When tracing through the forwarding plane, display the MTU associated with each interface that receives datagrams along the traced path.
14) 当通过转发平面进行跟踪时,显示与沿跟踪路径接收数据报的每个接口相关联的MTU。
Justification: MTU information is sometimes useful in identifying the root cause of forwarding and control plane failures.
理由:MTU信息有时有助于确定转发和控制平面故障的根本原因。
15) Support partial traces through paths containing devices that do not provide protocol support for generic route tracing. When the application encounters such a device, it should inform the user and attempt to discover details regarding the next interface downstream.
15) 支持通过包含不为通用路由跟踪提供协议支持的设备的路径进行部分跟踪。当应用程序遇到这样的设备时,它应该通知用户并尝试发现关于下游下一个接口的详细信息。
Justification: The application must provide useful information even if the supporting protocol is not universally deployed.
理由:即使支持协议没有普遍部署,应用程序也必须提供有用的信息。
Implementors require a new protocol that supports the generic route-tracing application. This protocol reveals the path between two points in an IP network. When access policy permits, the protocol also reveals tunnel details.
实现者需要支持通用路由跟踪应用程序的新协议。此协议显示IP网络中两点之间的路径。当访问策略允许时,协议也会显示隧道细节。
The protocol consists of probes and probe responses. Each probe elicits exactly one response. Each response represents a hop that contributes to the path between two interfaces. A hop can be either a top-level IP hop or lower-level hop that is contained by a tunnel.
该协议由探针和探针响应组成。每个探针只会引出一个响应。每个响应表示一个跃点,该跃点有助于两个接口之间的路径。跃点可以是隧道包含的顶级IP跃点,也可以是较低级别的跃点。
Justification: Because the generic route-tracing application must trace through broken paths, the required protocol must use a separate response message to deliver details regarding each hop. The protocol must use a separate probe to elicit each response because the alternative approach, using the single probe with the IP Router Alert Option, is unacceptable. Many networks forward datagrams that specify IP options differently than they would forward datagrams that do not specify IP options. Therefore, the introduction of IP options would cause the application to trace a forwarding path other than the path that its user intended to trace.
理由:由于通用路由跟踪应用程序必须通过断开的路径进行跟踪,因此所需的协议必须使用单独的响应消息来传递有关每个跃点的详细信息。该协议必须使用单独的探测来获取每个响应,因为使用带有IP路由器警报选项的单个探测的替代方法是不可接受的。许多网络转发指定IP选项的数据报与转发未指定IP选项的数据报不同。因此,IP选项的引入将导致应用程序跟踪转发路径,而不是其用户想要跟踪的路径。
UDP should carry all protocol messages to their destinations. Other transport mechanisms may be considered when protocol details are specified.
UDP应将所有协议消息传送到其目的地。在指定协议细节时,可以考虑其他传输机制。
Justification: Because the probe/response scheme described above is stateless, a stateless transport is required. Candidate transports included UDP over IP, IP and ICMP. ICMP was disqualified because carrying MPLS information in an ICMP datagram would constitute a layer violation. IP was disqualified in order to conserve protocol identifiers.
理由:因为上面描述的探测/响应方案是无状态的,所以需要无状态传输。候选传输包括UDP over IP、IP和ICMP。ICMP被取消资格,因为在ICMP数据报中携带MPLS信息将构成层冲突。为了保存协议标识符,IP被取消资格。
The protocol must be stateless. That is, nodes should not have to maintain state between successive traceroute messages.
协议必须是无状态的。也就是说,节点不必在连续的跟踪路由消息之间保持状态。
Justification: Statelessness is required to support scaling and to prevent denial of service attacks.
理由:无状态是支持扩展和防止拒绝服务攻击所必需的。
The device that hosts the route-tracing application must maintain an IP route to the ingress of the traced path. It must also maintain an IP route to the ingress of each tunnel for which it is requesting tunnel details. The device that hosts the tunnel tracing application need not maintain a route to any other device that supports the traced path.
承载路由跟踪应用程序的设备必须维护到跟踪路径入口的IP路由。它还必须维护到每个隧道入口的IP路由,并请求隧道详细信息。承载隧道跟踪应用程序的设备不需要维护到支持跟踪路径的任何其他设备的路由。
All of the devices to which the route-tracing application must maintain a route must maintain a route back to the route-tracing application.
路由跟踪应用程序必须维护路由的所有设备都必须维护回路由跟踪应用程序的路由。
In order for the protocol to provide tunnel details, all devices contained by a tunnel must maintain an IP route to the tunnel ingress.
为了使协议提供隧道细节,隧道包含的所有设备必须保持到隧道入口的IP路由。
Justification: The protocol must be sufficiently robust to operate when tunnel interior devices do not maintain a route back to the device that hosts the route tracing application.
理由:协议必须足够健壮,以便在隧道内部设备无法维护回承载路由跟踪应用程序的设备的路由时运行。
A configurable access control policy determines the degree to which features described herein are delivered. The access control policy requires user identification and authorization.
可配置的访问控制策略确定本文描述的功能的交付程度。访问控制策略需要用户标识和授权。
The new protocol must not introduce security holes nor consume excessive resources (e.g., CPU, bandwidth). It also must not be exploitable by those launching DoS attacks or replaying messages.
新协议不得引入安全漏洞,也不得消耗过多资源(如CPU、带宽)。它也不能被发动DoS攻击或重播消息的人利用。
[RFC-2151] Kessler, G. and S. Shepard, "A Primer On Internet and TCP/IP Tools and Utilities", FYI 30, RFC 2151, June 1997.
[RFC-2151]Kessler,G.和S.Shepard,“互联网和TCP/IP工具和实用程序入门”,FYI 30,RFC 2151,1997年6月。
[RFC-2925] White, K., "Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations", RFC 2925, September 2000.
[RFC-2925]White,K.“远程Ping、跟踪路由和查找操作的托管对象定义”,RFC 29252000年9月。
Thanks to Randy Bush and Steve Bellovin for their comments.
感谢兰迪·布什和史蒂夫·贝洛文的评论。
Ronald P. Bonica MCI 22001 Loudoun County Pkwy Ashburn, Virginia, 20147
Ronald P.Bonica MCI 22001弗吉尼亚州阿什本市劳顿县,邮编:20147
EMail: ronald.p.bonica@mci.com
EMail: ronald.p.bonica@mci.com
Kireeti Kompella Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, California 94089
Kireeti Kompella Juniper Networks,Inc.加利福尼亚州桑尼维尔市马蒂尔达大道北1194号,邮编94089
EMail: kireeti@juniper.net
EMail: kireeti@juniper.net
David Meyer
大卫·梅耶尔
EMail: dmm@maoz.com
EMail: dmm@maoz.com
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。