Network Working Group L. Berger Request for Comment: 5523 LabN Consulting, LLC Category: Experimental April 2009
Network Working Group L. Berger Request for Comment: 5523 LabN Consulting, LLC Category: Experimental April 2009
OSPFv3-Based Layer 1 VPN Auto-Discovery
基于OSPFv3的第1层VPN自动发现
Status of This Memo
关于下段备忘
This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.
这份备忘录为互联网社区定义了一个实验性协议。它没有规定任何类型的互联网标准。要求进行讨论并提出改进建议。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Abstract
摘要
This document defines an OSPFv3-based (Open Shortest Path First version 3) Layer 1 Virtual Private Network (L1VPN) auto-discovery mechanism. This document parallels the existing OSPF version 2 L1VPN auto-discovery mechanism. The notable functional difference is the support of IPv6.
本文档定义了基于OSPFv3(开放最短路径第一版3)的第1层虚拟专用网络(L1VPN)自动发现机制。本文档与现有的OSPF版本2 L1VPN自动发现机制并行。显著的功能差异是对IPv6的支持。
Table of Contents
目录
1. Introduction ....................................................2 1.1. Terminology ................................................2 1.2. Conventions Used in This Document ..........................3 1.3. Overview ...................................................3 2. OSPFv3 L1VPN LSA and Its TLVs ...................................5 2.1. OSPFv3 L1VPN LSA ...........................................5 2.2. L1VPN IPv6 INFO TLV ........................................7 3. OSPFv3 L1VPN LSA Advertising and Processing .....................8 4. Backward Compatibility ..........................................9 5. Manageability Considerations ....................................9 5.1. Coexistence with and Migration from OSPFv2 .................9 6. Security Considerations ........................................10 7. IANA Considerations ............................................11 8. Acknowledgment .................................................11 9. References .....................................................11 9.1. Normative References ......................................11 9.2. Informative References ....................................12
1. Introduction ....................................................2 1.1. Terminology ................................................2 1.2. Conventions Used in This Document ..........................3 1.3. Overview ...................................................3 2. OSPFv3 L1VPN LSA and Its TLVs ...................................5 2.1. OSPFv3 L1VPN LSA ...........................................5 2.2. L1VPN IPv6 INFO TLV ........................................7 3. OSPFv3 L1VPN LSA Advertising and Processing .....................8 4. Backward Compatibility ..........................................9 5. Manageability Considerations ....................................9 5.1. Coexistence with and Migration from OSPFv2 .................9 6. Security Considerations ........................................10 7. IANA Considerations ............................................11 8. Acknowledgment .................................................11 9. References .....................................................11 9.1. Normative References ......................................11 9.2. Informative References ....................................12
This document defines an OSPFv3-based (Open Shortest Path First version 3) Layer 1 Virtual Private Network (L1VPN) auto-discovery mechanism. This document parallels the existing OSPF version 2 L1VPN auto-discovery mechanism. The notable functional difference is the support of IPv6.
本文档定义了基于OSPFv3(开放最短路径第一版3)的第1层虚拟专用网络(L1VPN)自动发现机制。本文档与现有的OSPF版本2 L1VPN自动发现机制并行。显著的功能差异是对IPv6的支持。
The reader of this document should be familiar with the terms used in [RFC4847] and [RFC5251]. The reader of this document should also be familiar with [RFC5340], [RFC5329], and [RFC5252]. In particular, the following terms:
本文件的读者应熟悉[RFC4847]和[RFC5251]中使用的术语。本文件的读者还应熟悉[RFC5340]、[RFC5329]和[RFC5252]。特别是以下术语:
L1VPN Layer 1 Virtual Private Network
L1VPN第1层虚拟专用网络
CE Customer (edge) network element directly connected to the Provider network (terminates one or more links to one or more PEs); it is also connected to one or more Cs and/or other CEs.
直接连接到提供商网络的CE客户(边缘)网元(终止到一个或多个PE的一个或多个链路);它还连接到一个或多个Cs和/或其他CE。
C Customer network element that is not connected to the Provider network but is connected to one or more other Cs and/or CEs.
C未连接到提供商网络但连接到一个或多个其他Cs和/或CE的客户网元。
PE Provider (edge) network element directly connected to one or more Customer networks (terminates one or more links to one or more CEs associated with the same or different L1VPNs); it is also connected to one or more Ps and/or other PEs.
直接连接到一个或多个客户网络的PE提供商(边缘)网元(终止到与相同或不同L1VPN关联的一个或多个CE的一个或多个链路);它还连接到一个或多个Ps和/或其他PE。
P Provider (core) network element that is not directly connected to any of Customer networks; P is connected to one or more other Ps and/or PEs.
P未直接连接到任何客户网络的提供商(核心)网元;P连接到一个或多个其他Ps和/或PE。
LSA OSPF Link State Advertisement.
LSA OSPF链路状态广告。
LSDB Link State Database: a data structure supported by an IGP speaker.
LSDB链路状态数据库:IGP扬声器支持的数据结构。
PIT Port Information Table.
PIT端口信息表。
CPI Customer Port Identifier.
CPI客户端口标识符。
PPI Provider Port Identifier.
PPI提供程序端口标识符。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
The framework for Layer 1 VPNs is described in [RFC4847]. Basic mode operation is further defined in [RFC5251]. [RFC5251] identifies the information that is necessary to map customer information (port identifiers) to provider information (identifiers). It also states that this mapping information may be provided via provisioning or via an auto-discovery mechanism. [RFC5252] provides such an auto-discovery mechanism using Open Shortest Path First (OSPF) version 2. This document provides the same functionality using OSPF version 3 and adds support for IPv6.
[RFC4847]中描述了第1层VPN的框架。[RFC5251]中进一步定义了基本模式操作。[RFC5251]标识将客户信息(端口标识符)映射到提供商信息(标识符)所需的信息。它还指出,可以通过供应或自动发现机制提供此映射信息。[RFC5252]使用开放式最短路径优先(OSPF)版本2提供了这种自动发现机制。本文档使用OSPF版本3提供了相同的功能,并添加了对IPv6的支持。
Figure 1 shows the L1VPN basic service being supported using OSPF-based L1VPN auto-discovery. This figure shows two PE routers interconnected over a GMPLS backbone. Each PE is attached to three CE devices belonging to three different Layer 1 VPNs. In this network, OSPF is used to provide the VPN membership, port mapping, and related information required to support basic mode operation.
图1显示了使用基于OSPF的L1VPN自动发现支持的L1VPN基本服务。此图显示了通过GMPLS主干互连的两个PE路由器。每个PE连接到属于三个不同的第1层VPN的三个CE设备。在该网络中,OSPF用于提供支持基本模式操作所需的VPN成员资格、端口映射和相关信息。
PE PE +---------+ +--------------+ +--------+ | +------+| | +----------+ | +--------+ | VPN-A | | |VPN-A || | | VPN-A | | | VPN-A | | CE1 |--| |PIT || OSPF LSAs | | PIT | |-| CE2 | +--------+ | | ||<----------->| | | | +--------+ | +------+| Distribution| +----------+ | | | | | +--------+ | +------+| | +----------+ | +--------+ | VPN-B | | |VPN-B || ------- | | VPN-B | | | VPN-B | | CE1 |--| |PIT ||--( GMPLS )--| | PIT | |-| CE2 | +--------+ | | || (Backbone) | | | | +--------+ | +------+| -------- | +----------+ | | | | | +--------+ | +-----+ | | +----------+ | +--------+ | VPN-C | | |VPN-C| | | | VPN-C | | | VPN-C | | CE1 |--| |PIT | | | | PIT | |-| CE2 | +--------+ | | | | | | | | +--------+ | +-----+ | | +----------+ | +---------+ +--------------+
PE PE +---------+ +--------------+ +--------+ | +------+| | +----------+ | +--------+ | VPN-A | | |VPN-A || | | VPN-A | | | VPN-A | | CE1 |--| |PIT || OSPF LSAs | | PIT | |-| CE2 | +--------+ | | ||<----------->| | | | +--------+ | +------+| Distribution| +----------+ | | | | | +--------+ | +------+| | +----------+ | +--------+ | VPN-B | | |VPN-B || ------- | | VPN-B | | | VPN-B | | CE1 |--| |PIT ||--( GMPLS )--| | PIT | |-| CE2 | +--------+ | | || (Backbone) | | | | +--------+ | +------+| -------- | +----------+ | | | | | +--------+ | +-----+ | | +----------+ | +--------+ | VPN-C | | |VPN-C| | | | VPN-C | | | VPN-C | | CE1 |--| |PIT | | | | PIT | |-| CE2 | +--------+ | | | | | | | | +--------+ | +-----+ | | +----------+ | +---------+ +--------------+
Figure 1: OSPF Auto-Discovery for L1VPNs
图1:L1VPN的OSPF自动发现
The approach used in this document to provide OSPFv3-based L1VPN auto-discovery uses a new type of Link State Advertisement (LSA), which is referred to as an OSPFv3 L1VPN LSA. The OSPFv3 L1VPN LSA carries information in TLV (type, length, value) structures. An L1VPN-specific TLV is defined below to propagate VPN membership and port information. This TLV is referred to as the L1VPN Info TLV.
本文档中用于提供基于OSPFv3的L1VPN自动发现的方法使用了一种新型的链路状态公告(LSA),称为OSPFv3 L1VPN LSA。OSPFv3 L1VPN LSA以TLV(类型、长度、值)结构承载信息。下面定义了L1VPN特定的TLV,以传播VPN成员资格和端口信息。此TLV称为L1VPN信息TLV。
The OSPFv3 L1VPN LSA may also carry Traffic Engineering (TE) TLVs; see [RFC3630], [RFC4203], and [RFC5329].
OSPFv3 L1VPN LSA还可以承载流量工程(TE)TLV;参见[RFC3630]、[RFC4203]和[RFC5329]。
This section defines the OSPFv3 L1VPN LSA and its TLVs.
本节定义了OSPFv3 L1VPN LSA及其TLV。
The format of a OSPFv3 L1VPN LSA is as follows:
OSPFv3 L1VPN LSA的格式如下:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | LS type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS sequence number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN Info TLV | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TE Link TLV | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS age | LS type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS sequence number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS checksum | length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN Info TLV | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TE Link TLV | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
LS age
老化时间
As defined in [RFC5340].
如[RFC5340]中所定义。
LS type
状态类型
As defined in [RFC5340]. The U-bit MUST be set to 1, and the S1 and S2 bits MUST be set to indicate either area or Autonomous System (AS) scoping. The LSA Function Code portion of this field MUST be set to 14, i.e., the OSPFv3 L1VPN LSA.
如[RFC5340]中所定义。U位必须设置为1,S1和S2位必须设置为指示区域或自治系统(AS)范围。此字段的LSA功能代码部分必须设置为14,即OSPFv3 L1VPN LSA。
Advertising Router
公告路由器
As defined in [RFC5340].
如[RFC5340]中所定义。
LS Sequence Number
LS序列号
As defined in [RFC5340].
如[RFC5340]中所定义。
LS checksum
LS校验和
As defined in [RFC5340].
如[RFC5340]中所定义。
Length
长
As defined in [RFC5340].
如[RFC5340]中所定义。
L1VPN Info TLV
L1VPN信息TLV
A single L1VPN Info TLV, as defined in Section 2.2 of [RFC5252] or Section 2.2 of this document, MUST be present. If more than one L1VPN Info TLV is present, only the first TLV is processed and the others MUST be ignored on receipt. If no L1VPN Info TLV is present, the LSA is processed (and flooded) as normal, but the L1VPN PIT table MUST NOT be modified in any way.
必须提供[RFC5252]第2.2节或本文件第2.2节中定义的单个L1VPN信息TLV。如果存在多个L1VPN信息TLV,则仅处理第一个TLV,其他TLV在收到时必须忽略。如果L1VPN Info TLV不存在,则LSA将正常处理(并被淹没),但不得以任何方式修改L1VPN PIT表。
TE Link TLV
TE链路TLV
A single TE Link TLV MAY be included in an OSPFv3 L1VPN LSA. When an L1VPN IPv4 Info TLV is present, a single TE Link TLV as defined in [RFC3630] and [RFC4203] MAY be included. When an L1VPN IPv6 Info TLV is present, a single TE Link TLV as defined in [RFC5329] MAY be included.
单个TE链路TLV可包括在OSPFv3 L1VPN LSA中。当L1VPN IPv4信息TLV存在时,可包括[RFC3630]和[RFC4203]中定义的单个TE链路TLV。当L1VPN IPv6信息TLV存在时,可包括[RFC5329]中定义的单个TE链路TLV。
The following TLV is introduced:
介绍了以下TLV:
Name: L1VPN IPv6 Info Type: 32768 Length: Variable
名称:L1VPN IPv6信息类型:32768长度:变量
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN TLV Type | L1VPN TLV Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN Globally Unique Identifier | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PE TE Address | | ... | | ... | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link-Local Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | | L1VPN Auto-Discovery Information | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | .| Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN TLV Type | L1VPN TLV Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | L1VPN Globally Unique Identifier | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PE TE Address | | ... | | ... | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link-Local Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | | L1VPN Auto-Discovery Information | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | .| Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
L1VPN TLV Type
L1VPN TLV类型
The type of the TLV (see above).
TLV的类型(见上文)。
TLV Length
TLV长度
The length of the TLV in bytes, excluding the four (4) bytes of the TLV header and, if present, the length of the Padding field.
TLV的长度(以字节为单位),不包括TLV标头的四(4)个字节以及填充字段的长度(如果存在)。
L1VPN Globally Unique Identifier
L1VPN全局唯一标识符
As defined in [RFC5251].
如[RFC5251]中所定义。
PE TE Address
PE TE地址
This field MUST carry an address that has been advertised by the LSA originator per [RFC5329] and is either the Router IPv6 Address TLV or Local Interface IPv6 Address link sub-TLV. It will typically carry the TE Router Address.
此字段必须包含LSA发起者根据[RFC5329]公布的地址,并且是路由器IPv6地址TLV或本地接口IPv6地址链路子TLV。它通常携带TE路由器地址。
Link-Local Identifier
链路本地标识符
This field is used to support unnumbered links. When an unnumbered PE TE link is represented, this field MUST contain a value advertised by the LSA originator per [RFC5340] in a Router LSA. When a numbered link is represented, this field MUST be set to zero (0).
此字段用于支持未编号的链接。当表示未编号的PE TE链路时,此字段必须包含LSA发起人根据路由器LSA中的[RFC5340]公布的值。表示编号链接时,此字段必须设置为零(0)。
L1VPN Auto-Discovery Information
L1VPN自动发现信息
As defined in [RFC5251].
如[RFC5251]中所定义。
Padding
衬料
A field of variable length and of sufficient size to ensure that the TLV is aligned on a 4-byte boundary. This field is only required when the L1VPN Auto-Discovery Information field is not 4-byte aligned. This field MUST be less than 4 bytes long, and MUST NOT be present when the size of L1VPN Auto-Discovery Information field is 4-byte aligned.
长度可变且大小足够的字段,以确保TLV在4字节边界上对齐。仅当L1VPN自动发现信息字段未对齐4字节时,才需要此字段。此字段的长度必须小于4字节,并且当L1VPN自动发现信息字段的大小为4字节对齐时,此字段不得出现。
PEs advertise local <CPI, PPI> tuples in OSPFv3 L1VPN LSAs containing L1VPN Info TLVs. Each PE MUST originate a separate OSPFv3 L1VPN LSA with area or AS flooding scope, based on configuration, for each local CE-PE link. The LSA MUST be originated each time a PE restarts and every time there is a change in the PIT entry associated with a local CE-PE link. The LSA MUST include a single L1VPN Info TLV and MAY include a single TE Link TLV. The TE Link TLV carries TE attributes of the associated CE-PE link. Note that because CEs are outside of the provider TE domain, the attributes of CE-PE links are not advertised via normal OSPF-TE procedures as described in [RFC5329]. If more than one L1VPN Info TLVs and/or TE Link TLVs are found in the LSA, the subsequent TLVs SHOULD be ignored by the receiving PEs.
PE在包含L1VPN信息TLV的OSPFv3 L1VPN LSA中公布本地<CPI,PPI>元组。每个PE必须根据配置为每个本地CE-PE链路创建一个单独的OSPFv3 L1VPN LSA,其面积或泛洪范围取决于配置。每次PE重新启动时,以及每次与本地CE-PE链路相关的PIT入口发生变化时,都必须发起LSA。LSA必须包括单个L1VPN信息TLV,并且可能包括单个TE链路TLV。TE链路TLV携带相关CE-PE链路的TE属性。请注意,由于CE位于提供商TE域之外,CE-PE链路的属性不会通过[RFC5329]中所述的正常OSPF-TE过程公布。如果在LSA中发现多个L1VPN信息TLV和/或TE链路TLV,则接收PE应忽略后续TLV。
Every time a PE receives a new, removed, or modified OSPFv3 L1VPN LSA, the PE MUST check whether it maintains a PIT associated with the L1VPN specified in the L1VPN Globally Unique Identifier field. If this is the case (the appropriate PIT will be found if one or more local CE-PE links that belong to the L1VPN are configured), the PE SHOULD add, remove, or modify the PIT entry associated with each of the advertised CE-PE links accordingly. (An implementation MAY choose to not remove or modify the PIT according to local policy or management directives.) Thus, in the normal steady-state case, all PEs associated with a particular L1VPN will have identical local PITs for an L1VPN.
每次PE收到新的、删除的或修改的OSPFv3 L1VPN LSA时,PE必须检查是否维护与L1VPN全局唯一标识符字段中指定的L1VPN相关的PIT。如果是这种情况(如果配置了属于L1VPN的一个或多个本地CE-PE链路,将找到相应的PIT),则PE应相应地添加、删除或修改与每个播发的CE-PE链路关联的PIT条目。(实施可能会根据本地策略或管理指令选择不删除或修改PIT。)因此,在正常稳态情况下,与特定L1VPN相关的所有PE将具有与L1VPN相同的本地PIT。
Neither the TLV nor the LSA introduced in this document present any interoperability issues. Per [RFC5340], and due to the U-bit being set, OSPFv3 speakers that do not support the OSPFv3 L1VPN LSA (Ps for example) just participate in the LSA's flooding process but should ignore the LSA's contents.
本文件中介绍的TLV和LSA均不存在任何互操作性问题。根据[RFC5340],由于设置了U位,不支持OSPFv3 L1VPN LSA(例如Ps)的OSPFv3扬声器只参与LSA的泛洪过程,但应忽略LSA的内容。
The principal concern in operating an auto-discovery mechanism for an L1VPN is that the PE needs to be configured with information about which VPNs it supports. This information can be discovered from the CEs using some form of membership negotiation, but is more likely to be directly configured by the operator as described in [RFC4847], [RFC5251], and [RFC5253]. No standardized mechanisms to configure this information have been defined, and it is a matter for individual implementations with input from operator policy how a PE is told which L1VPNs it supports. It is probable that configuration of this information is closely tied to the configuration of CE-facing ports on the PE, which in turn causes PITs to be established in the PE.
为L1VPN运行自动发现机制的主要问题是,PE需要配置有关其支持哪些VPN的信息。该信息可以使用某种形式的成员协商从CEs中发现,但更可能由操作员直接配置,如[RFC4847]、[RFC5251]和[RFC5253]中所述。尚未定义配置此信息的标准化机制,如何告知PE支持哪些L1VPN是运营商策略输入的单个实现的问题。该信息的配置很可能与PE上面向CE的端口的配置密切相关,这反过来会导致PE中建立PIT。
Additionally, it may be of value to an operator to view the L1VPN membership information that has been learned by a PE. An implementation may supply this information through a proprietary interface, or may allow it to be inspected through the OSPFv3 MIB module [OSPFv3-MIB] or the Traffic Engineering Database MIB [TED-MIB].
此外,对于运营商来说,查看已由PE学习的L1VPN成员信息可能是有价值的。实现可通过专有接口提供该信息,或允许通过OSPFv3 MIB模块[OSPFv3 MIB]或流量工程数据库MIB[TED-MIB]对其进行检查。
Note that the operation of the control plane has no impact on IP network traffic because all of the user data is in Layer 1, while the control plane is necessarily out of band in a Data Communications Network (DCN).
注意,控制平面的操作对IP网络流量没有影响,因为所有用户数据都在层1中,而控制平面在数据通信网络(DCN)中必然在带外。
It is expected that only a single routing protocol instance will be used to operate auto-discovery within an L1VPN at any time. Thus, coexistence issues only apply to the migration from OSPFv2 to OSPFv3 and can be expected to be transient.
在L1VPN中,任何时候都只能使用一个路由协议实例来操作自动发现。因此,共存问题仅适用于从OSPFv2到OSPFv3的迁移,并且可能是暂时的。
Migration from OSPFv2 to OSPFv3 would be a once-only event for any network and would probably depend on the migration of the routing protocol used within the network for normal GMPLS procedures. The migration process would not be any different from the process used to migrate the normal GMPLS routing protocol. The steps to follow are
从OSPFv2到OSPFv3的迁移对于任何网络来说都是一次性事件,并且可能取决于正常GMPLS过程中网络内使用的路由协议的迁移。迁移过程与用于迁移正常GMPLS路由协议的过程没有任何不同。接下来的步骤是
clearly a matter for the operator of the network and are not a matter for standardization, but the following sequence is provided to illustrate the potential actions:
显然,这是网络运营商的问题,不是标准化问题,但提供以下顺序来说明潜在的行动:
1. Assign IPv6 addresses to all control plane and data plane resources.
1. 为所有控制平面和数据平面资源分配IPv6地址。
2. Install and enable OSPFv3 on all controllers.
2. 在所有控制器上安装并启用OSPFv3。
3. Use OSPFv3 to advertise IPv4 and IPv6 resource identifiers.
3. 使用OSPFv3公布IPv4和IPv6资源标识符。
4. Manually verify the advertised membership and topology information from the OSPFv2 and OSPFv3 databases.
4. 从OSPFv2和OSPFv3数据库手动验证播发的成员资格和拓扑信息。
5. Start a maintenance window where data continues to flow, but no L1VPN connections can be changed.
5. 启动一个维护窗口,在该窗口中数据继续流动,但无法更改L1VPN连接。
6. Cut over to the OSPFv3 membership and topology information.
6. 切换到OSPFv3成员资格和拓扑信息。
7. Close the maintenance window.
7. 关闭维护窗口。
8. Turn off OSPFv2.
8. 关闭OSPFv2。
9. Remove/disable the IPv4 address for all control plane and data plane resources.
9. 删除/禁用所有控制平面和数据平面资源的IPv4地址。
The approach presented in this document describes how PEs dynamically learn L1VPN specific information. Mechanisms to deliver the VPN membership information to CEs are explicitly out of scope of this document. Therefore, the security issues raised in this document are limited to within the OSPF domain.
本文介绍的方法描述了PEs如何动态学习L1VPN特定信息。将VPN成员资格信息传递给CEs的机制明显超出了本文档的范围。因此,本文件中提出的安全问题仅限于OSPF域内。
This defined approach reuses mechanisms defined in [RFC5340]. Therefore, the same security approaches and considerations apply to this approach. OSPF provides several security mechanisms that can be applied. Specifically, OSPF supports multiple types of authentication, limits the frequency of LSA origination and acceptance, and provides techniques to avoid and limit the impact of database overflow. In cases were end-to-end authentication is desired, OSPF's neighbor-to-neighbor authentication approach can be augmented with an approach similar to the experimental extension to OSPF, see [RFC2154], which supports the signing and authentication of LSAs.
This defined approach reuses mechanisms defined in [RFC5340]. Therefore, the same security approaches and considerations apply to this approach. OSPF provides several security mechanisms that can be applied. Specifically, OSPF supports multiple types of authentication, limits the frequency of LSA origination and acceptance, and provides techniques to avoid and limit the impact of database overflow. In cases were end-to-end authentication is desired, OSPF's neighbor-to-neighbor authentication approach can be augmented with an approach similar to the experimental extension to OSPF, see [RFC2154], which supports the signing and authentication of LSAs.translate error, please retry
IANA has assigned an OSPFv3 LSA Function Code as described in Section 2.1 of this document. IANA has made an assignment in the form:
IANA已分配了本文件第2.1节所述的OSPFv3 LSA功能代码。IANA已以以下形式进行了转让:
Value OSPFv3 LSA type function Type Reference ------- ----------------------------- --------- 14 OSPFv3 L1VPN LSA [RFC5523]
Value OSPFv3 LSA type function Type Reference ------- ----------------------------- --------- 14 OSPFv3 L1VPN LSA [RFC5523]
This document was created at the request of Pasi Eronen. Adrian Farrel and Acee Lindem provided valuable reviews of this document. Adrian also provided the text for Section 5.
本文件是应Pasi Eronen的要求创建的。Adrian Farrel和Acee Lindem对本文件进行了有价值的评论。阿德里安还提供了第5节的文本。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, July 2008.
[RFC5340]Coltun,R.,Ferguson,D.,Moy,J.,和A.Lindem,“IPv6的OSPF”,RFC 53402008年7月。
[RFC3630] Katz, D., Kompella, K., and D. Yeung, "Traffic Engineering (TE) Extensions to OSPF Version 2", RFC 3630, September 2003.
[RFC3630]Katz,D.,Kompella,K.,和D.Yeung,“OSPF版本2的交通工程(TE)扩展”,RFC 3630,2003年9月。
[RFC4203] Kompella, K., Ed., and Y. Rekhter, Ed., "OSPF Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS)", RFC 4203, October 2005.
[RFC4203]Kompella,K.,Ed.,和Y.Rekhter,Ed.,“支持通用多协议标签交换(GMPLS)的OSPF扩展”,RFC 4203,2005年10月。
[RFC5251] Fedyk, D., Ed., Rekhter, Y., Ed., Papadimitriou, D., Rabbat, R., and L. Berger, "Layer 1 VPN Basic Mode", RFC 5251, July 2008.
[RFC5251]Fedyk,D.,Ed.,Rekhter,Y.,Ed.,Papadimitriou,D.,Rabbat,R.,和L.Berger,“第1层VPN基本模式”,RFC 52512008年7月。
[RFC5252] Bryskin, I. and L. Berger, "OSPF-Based Layer 1 VPN Auto-Discovery", RFC 5252, July 2008.
[RFC5252]Bryskin,I.和L.Berger,“基于OSPF的第1层VPN自动发现”,RFC 5252,2008年7月。
[RFC5329] Ishiguro, K., Manral, V., Davey, A., and A. Lindem, Ed., "Traffic Engineering Extensions to OSPF Version 3", RFC 5329, September 2008.
[RFC5329]Ishiguro,K.,Manral,V.,Davey,A.,和A.Lindem,Ed.,“OSPF版本3的流量工程扩展”,RFC 53292008年9月。
[OSPFv3-MIB] Joyal, D., Ed. and V. Manral, Ed., "Management Information Base for OSPFv3", Work in Progress, November 2008.
[OSPFv3-MIB] Joyal, D., Ed. and V. Manral, Ed., "Management Information Base for OSPFv3", Work in Progress, November 2008.translate error, please retry
[RFC2154] Murphy, S., Badger, M., and B. Wellington, "OSPF with Digital Signatures", RFC 2154, June 1997.
[RFC2154]Murphy,S.,Badger,M.,和B.Wellington,“具有数字签名的OSPF”,RFC 2154,1997年6月。
[RFC4847] Takeda, T., Ed., "Framework and Requirements for Layer 1 Virtual Private Networks", RFC 4847, April 2007.
[RFC4847]武田,T.,编辑,“第1层虚拟专用网络的框架和要求”,RFC 4847,2007年4月。
[RFC5253] Takeda, T., Ed., "Applicability Statement for Layer 1 Virtual Private Network (L1VPN) Basic Mode", RFC 5253, July 2008.
[RFC5253]武田,T.,编辑,“第1层虚拟专用网络(L1VPN)基本模式的适用性声明”,RFC 5253,2008年7月。
[TED-MIB] Miyazawa, M., Otani, T., Nadeau, T., and K. Kumaki, "Traffic Engineering Database Management Information Base in support of MPLS-TE/GMPLS", Work in Progress, January 2009.
[TED-MIB]Miyazawa,M.,Otani,T.,Nadeau,T.,和K.Kumaki,“支持MPLS-TE/GMPLS的交通工程数据库管理信息库”,正在进行的工作,2009年1月。
Author's Address
作者地址
Lou Berger LabN Consulting, LLC EMail: lberger@labn.net
Lou Berger LabN Consulting,LLC电子邮件:lberger@labn.net