Internet Engineering Task Force (IETF) A. Lindem
Request for Comments: 6549 Ericsson
Updates: 2328 A. Roy
Category: Standards Track S. Mirtorabi
ISSN: 2070-1721 Cisco Systems
March 2012
Internet Engineering Task Force (IETF) A. Lindem
Request for Comments: 6549 Ericsson
Updates: 2328 A. Roy
Category: Standards Track S. Mirtorabi
ISSN: 2070-1721 Cisco Systems
March 2012
OSPFv2 Multi-Instance Extensions
OSPFv2多实例扩展
Abstract
摘要
OSPFv3 includes a mechanism to support multiple instances of the protocol running on the same interface. OSPFv2 can utilize such a mechanism in order to support multiple routing domains on the same subnet.
OSPFv3包括一种支持在同一接口上运行的协议的多个实例的机制。OSPFv2可以利用这种机制来支持同一子网上的多个路由域。
This document defines the OSPFv2 Instance ID to enable separate OSPFv2 protocol instances on the same interface. Unlike OSPFv3 where the Instance ID can be used for multiple purposes, such as putting the same interface in multiple areas, the OSPFv2 Instance ID is reserved for identifying protocol instances.
本文档定义了OSPFv2实例ID,以便在同一接口上启用单独的OSPFv2协议实例。与OSPFv3不同,在OSPFv3中,实例ID可用于多种目的,例如在多个区域中放置同一接口,OSPFv2实例ID保留用于标识协议实例。
This document updates RFC 2328.
本文档更新了RFC 2328。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6549.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6549.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................2
1.1. Requirements Notation ......................................3
2. OSPFv2 Instance Packet Encoding .................................3
3. OSPFv2 Interface Instance ID ....................................4
3.1. Sending and Receiving OSPFv2 Packets .......................4
3.2. Interface Instance ID Values ...............................4
4. State Sharing Optimizations between OSPFv2 Instances ............5
5. OSPFv2 Authentication Impacts ...................................5
6. Backward Compatibility and Deployment Considerations ............5
7. Security Considerations .........................................6
8. IANA Considerations .............................................6
9. References ......................................................7
9.1. Normative References .......................................7
9.2. Informative References .....................................7
Appendix A. Acknowledgments.... ....................................8
1. Introduction ....................................................2
1.1. Requirements Notation ......................................3
2. OSPFv2 Instance Packet Encoding .................................3
3. OSPFv2 Interface Instance ID ....................................4
3.1. Sending and Receiving OSPFv2 Packets .......................4
3.2. Interface Instance ID Values ...............................4
4. State Sharing Optimizations between OSPFv2 Instances ............5
5. OSPFv2 Authentication Impacts ...................................5
6. Backward Compatibility and Deployment Considerations ............5
7. Security Considerations .........................................6
8. IANA Considerations .............................................6
9. References ......................................................7
9.1. Normative References .......................................7
9.2. Informative References .....................................7
Appendix A. Acknowledgments.... ....................................8
OSPFv3 [OSPFV3] includes a mechanism to support multiple instances of a protocol running on the same interface. OSPFv2 [OSPFV2] can utilize such a mechanism in order to support multiple routing domains on the same subnet.
OSPFv3[OSPFv3]包括一种机制,用于支持在同一接口上运行的协议的多个实例。OSPFv2[OSPFv2]可以利用这种机制来支持同一子网上的多个路由域。
This document defines the OSPFv2 Instance ID to enable separate OSPFv2 protocol instances on the same interface. Unlike OSPFv3 where the Instance ID can be used for multiple purposes, such as putting the same interface in multiple areas, the OSPFv2 Instance ID is reserved for identifying protocol instances.
本文档定义了OSPFv2实例ID,以便在同一接口上启用单独的OSPFv2协议实例。与OSPFv3不同,在OSPFv3中,实例ID可用于多种目的,例如在多个区域中放置同一接口,OSPFv2实例ID保留用于标识协议实例。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC-关键词]中所述进行解释。
This document extends OSPFv2 with a mechanism to differentiate packets for different instances sent and received on the same interface. In support of this capability, a modified packet header format with the Authentication Type field split into an Instance ID and AuType.
本文档通过一种机制扩展了OSPFv2,以区分在同一接口上发送和接收的不同实例的数据包。为了支持此功能,一种修改的数据包头格式(带有身份验证类型字段)被拆分为实例ID和AuType。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version # | Type | Packet length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Area ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Instance ID | AuType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version # | Type | Packet length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Area ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Instance ID | AuType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The OSPFv2 Packet Header
OSPFv2数据包头
All fields are as defined in [OSPFV2] except that the Instance ID field is new, and the AuType field is reduced to 8 bits from 16 bits without any change in meaning. The Instance ID field is defined as follows:
除实例ID字段为新字段外,所有字段均如[OSPFV2]中所定义,且AuType字段从16位减少至8位,且含义没有任何变化。实例ID字段定义如下:
Instance ID Enables multiple instances of OSPFv2 to be used on a single interface. Each protocol instance would be assigned a separate Instance ID; the Instance ID has local subnet significance only. Received packets with an Instance ID not equal to one of the Instance IDs corresponding to one of the configured OSPFv2 Instances for the receiving interface MUST be discarded.
实例ID允许在单个接口上使用OSPFv2的多个实例。每个协议实例将被分配一个单独的实例ID;实例ID仅具有本地子网重要性。必须丢弃实例ID不等于与接收接口配置的OSPFv2实例之一对应的实例ID之一的接收数据包。
Section 9 of [OSPFV2] describes the conceptual interface data structure. The OSPFv2 Interface Instance ID is added to this structure. The OSPFv2 Interface Instance ID has a default value of 0. Setting it to a non-zero value may be accomplished through configuration.
[OSPFV2]第9节描述了概念接口数据结构。OSPFv2接口实例ID被添加到此结构中。OSPFv2接口实例ID的默认值为0。可通过配置将其设置为非零值。
When sending OSPFv2 packets, the OSPFv2 Interface Instance ID is set in the OSPFv2 packet header. When receiving OSPFv2 packets, the OSPFv2 Header Instance ID is used to aid in demultiplexing the packet and associating it with the correct OSPFv2 instance. Received packets with an Instance ID not equal to one of the configured OSPFv2 Instance IDs on the receiving interface MUST be discarded.
发送OSPFv2报文时,在OSPFv2报文头中设置OSPFv2接口实例ID。在接收OSPFv2数据包时,OSPFv2报头实例ID用于帮助对数据包进行解复用并将其与正确的OSPFv2实例关联。必须丢弃实例ID不等于接收接口上配置的OSPFv2实例ID之一的接收数据包。
The following OSPFv2 Instance IDs have been defined:
已定义以下OSPFv2实例ID:
0 Base IPv4 Instance - This is the default IPv4 routing instance corresponding to default IPv4 unicast routing and the attendant IPv4 routing table. Use of this Instance ID provides backward compatibility with the base OSPF specification [OSPFV2].
0基本IPv4实例-这是与默认IPv4单播路由和助理IPv4路由表相对应的默认IPv4路由实例。使用此实例ID提供了与基本OSPF规范[OSPFV2]的向后兼容性。
1 Base IPv4 Multicast Instance - This IPv4 instance corresponds to the separate IPv4 routing table used for the Reverse Path Forwarding (RPF) checking performed on IPv4 multicast traffic.
1个基本IPv4多播实例-此IPv4实例对应于用于对IPv4多播流量执行反向路径转发(RPF)检查的单独IPv4路由表。
2 Base IPv4 In-band Management Instance - This IPv4 instance corresponds to a separate IPv4 routing table used for network management applications.
2基本IPv4带内管理实例-此IPv4实例对应于用于网络管理应用程序的单独IPv4路由表。
3-127 Private Use - These Instance IDs are reserved for definition and semantics defined by the local network administrator. For example, separate Interface Instance IDs and their corresponding OSPFv2 instances could be used to support independent non-congruent topologies for different classes of IPv4 unicast traffic. The details of such deployments are beyond the scope of this document.
3-127专用-这些实例ID保留用于本地网络管理员定义的定义和语义。例如,单独的接口实例ID及其对应的OSPFv2实例可用于支持不同类别的IPv4单播流量的独立非一致拓扑。此类部署的详细信息超出了本文档的范围。
The first three Interface Instance IDs are analogous to the topology IDs defined in [RFC4915].
前三个接口实例ID类似于[RFC4915]中定义的拓扑ID。
This is beyond the scope of this document and is an area for further study.
这超出了本文件的范围,需要进一步研究。
Now that the AuType OSPFv2 header field has been reduced from 2 octets to 1 octet, OSPFv2 routers not supporting this specification will fail packet authentication for any instance other than the default (i.e., the Base IPv4 Unicast Instance). This is solely due to the difference in field definition as opposed to any explicit change to OSPFv2 authentication, as described in Appendix D of RFC 2328 [OSPFV2] and RFC 5709 [RFC5709]. However, this is exactly what is desired since OSPFv2 routers not supporting this specification should only support the default instance (refer to Section 6).
现在,AuType OSPFv2头字段已从2个八位字节减少到1个八位字节,不支持此规范的OSPFv2路由器将使除默认实例(即基本IPv4单播实例)以外的任何实例的数据包身份验证失败。这完全是由于与RFC 2328[OSPFv2]和RFC 5709[RFC5709]附录D中所述的OSPFv2认证的任何明确更改相反,字段定义的差异。然而,这正是需要的,因为不支持此规范的OSPFv2路由器应该只支持默认实例(请参阅第6节)。
When there are OSPFv2 routers that support OSPFv2 Multi-Instance extensions on the same broadcast-capable interface as OSPFv2 routers that do not, packets with non-zero OSPFv2 header Instance IDs are received by those legacy OSPFv2 routers. Since the non-zero Instance ID is included in the AuType by these legacy OSPFv2 routers, it is misinterpreted as a mismatched authentication type and the packet is dropped. This is exactly what is expected and desired.
当OSPFv2路由器与不支持OSPFv2路由器在同一广播功能接口上支持OSPFv2多实例扩展时,这些传统OSPFv2路由器将接收具有非零OSPFv2头实例ID的数据包。由于这些传统OSPFv2路由器将非零实例ID包含在AuType中,因此会将其错误地解释为不匹配的身份验证类型,并丢弃数据包。这正是人们所期望和期望的。
Previously, there was concern that certain implementations would log every single authentication type mismatch. However, discussions with implementers have led us to the conclusion that this is not as severe a problem as we'd first thought, and it will be even less of a problem by the time the mechanism described herein is standardized, implemented, and deployed. Most implementations will dampen the logging of errors. Hence, the more drastic mechanisms to avoid legacy OSPFv2 routers from receiving multicast OSPFv2 packets with non-zero Instance IDs have been removed.
以前,有人担心某些实现会记录每个身份验证类型不匹配的情况。然而,通过与实现者的讨论,我们得出了这样的结论:这并不像我们最初认为的那么严重,到本文所描述的机制被标准化、实现和部署时,问题将变得更小。大多数实现都会抑制错误的记录。因此,避免传统OSPFv2路由器接收具有非零实例ID的多播OSPFv2数据包的更激烈的机制已被移除。
If the OSPF MIB as specified in [OSPF-MIB] is implemented, even the damped generation of the ospfIfAuthFailure or ospfVirtIfAuthFailure Simple Network Management Protocol (SNMP) notifications would be undesirable in situations where legacy OSPFv2 routers are deployed on the same subnet as OSPFv2 routers supporting this specification. Consequently, it is recommended that implementations that implement this specification and the OSPF MIB also implement SNMP Notification filtering as specified in Section 6 of [RFC3413].
如果实现了[OSPF-MIB]中指定的OSPF MIB,则在传统OSPFv2路由器与支持此规范的OSPFv2路由器部署在同一子网上的情况下,即使是阻尼生成OSPFIOuthFailure或OSPFirtifAuthFailure简单网络管理协议(SNMP)通知也是不可取的。因此,建议实施本规范和OSPF MIB的实施也实施[RFC3413]第6节中规定的SNMP通知过滤。
The enhancement described herein doesn't include additional security considerations to OSPFv2. Security considerations for OSPFv2 are described in [OSPFV2].
本文描述的增强不包括OSPFv2的额外安全注意事项。[OSPFv2]中描述了OSPFv2的安全注意事项。
Given that only three OSPFv2 authentication types have been standardized, it seems reasonable to reduce the OSPFv2 packet header field to 8 bits.
考虑到只有三种OSPFv2身份验证类型已经标准化,将OSPFv2数据包头字段减少到8位似乎是合理的。
The size of the AuType field is reduced from 16 octets to 8 octets. This changes the OSPF Authentication Codes registry in that the values 256-65535 are no longer defined and are therefore deprecated. There is no backward compatibility issue since this range of values was previously defined as "Reserved and should not be assigned".
AuType字段的大小从16个八位字节减少到8个八位字节。这将更改OSPF身份验证代码注册表,因为不再定义值256-65535,因此不推荐使用。不存在向后兼容性问题,因为此值范围以前定义为“保留且不应分配”。
A new registry has been created for OSPFv2 Instance IDs. The initial allocation of OSPFv2 Instance IDs is described below. Refer to Section 3.2 for more information.
已为OSPFv2实例ID创建了一个新的注册表。OSPFv2实例ID的初始分配如下所述。有关更多信息,请参阅第3.2节。
+-------------+----------------------+--------------------+
| Value/Range | Designation | Assignment Policy |
+-------------+----------------------+--------------------+
| 0 | Base IPv4 Unicast | Assigned |
| | Instance | |
| | | |
| 1 | Base IPv4 Multicast | Assigned |
| | Instance | |
| | | |
| 2 | Base IPv4 In-band | Assigned |
| | Management Instance | |
| | | |
| 3-127 | Private Use | Reserved for local |
| | | policy assignment |
| | | |
| 128-255 | Unassigned | Standards Action |
+-------------+----------------------+--------------------+
+-------------+----------------------+--------------------+
| Value/Range | Designation | Assignment Policy |
+-------------+----------------------+--------------------+
| 0 | Base IPv4 Unicast | Assigned |
| | Instance | |
| | | |
| 1 | Base IPv4 Multicast | Assigned |
| | Instance | |
| | | |
| 2 | Base IPv4 In-band | Assigned |
| | Management Instance | |
| | | |
| 3-127 | Private Use | Reserved for local |
| | | policy assignment |
| | | |
| 128-255 | Unassigned | Standards Action |
+-------------+----------------------+--------------------+
OSPFv2 Instance ID
OSPFv2实例ID
[OSPFV2] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[OSPFV2]Moy,J.,“OSPF版本2”,STD 54,RFC 23281998年4月。
[OSPFV3] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, July 2008.
[OSPFV3]Coltun,R.,Ferguson,D.,Moy,J.,和A.Lindem,“IPv6的OSPF”,RFC 53402008年7月。
[RFC-KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC-关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[OSPF-MIB] Joyal, D., Ed., Galecki, P., Ed., Giacalone, S., Ed., Coltun, R., and F. Baker, "OSPF Version 2 Management Information Base", RFC 4750, December 2006.
[OSPF-MIB]Joyal,D.,Galecki,P.,Ed.,Giacalone,S.,Ed.,Coltun,R.,和F.Baker,“OSPF版本2管理信息库”,RFC 47502006年12月。
[RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002.
[RFC3413]Levi,D.,Meyer,P.,和B.Stewart,“简单网络管理协议(SNMP)应用”,STD 62,RFC 3413,2002年12月。
[RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", RFC 4915, June 2007.
[RFC4915]Psenak,P.,Mirtorabi,S.,Roy,A.,Nguyen,L.,和P.Pillay Esnault,“OSPF中的多拓扑(MT)路由”,RFC 4915,2007年6月。
[RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic Authentication", RFC 5709, October 2009.
[RFC5709]Bhatia,M.,Manral,V.,Fanto,M.,White,R.,Barnes,M.,Li,T.,和R.Atkinson,“OSPFv2 HMAC-SHA加密认证”,RFC 5709,2009年10月。
Thanks to Adrian Farrel for reviewing and providing some suggested improvements during the IESG review.
感谢Adrian Farrel在IESG审查期间审查并提供了一些改进建议。
Thanks to Paul Wells for commenting on the backward compatibility issues.
感谢Paul Wells对向后兼容性问题的评论。
Thanks to Paul Wells and Vladica Stanisic for commenting during the OSPF WG last call.
感谢Paul Wells和Vladica Stanisic在OSPF工作组最后一次通话中的评论。
Thanks to Manav Bhatia for comments and for being the document shepherd.
感谢Manav Bhatia的评论和作为文件守护者。
Thanks to Magnus Nystrom for comments under the auspices of the Security Directorate review.
感谢Magnus Nystrom在安全理事会审查的主持下发表评论。
Thanks to Dan Romascanu for comments during the IESG review.
感谢Dan Romascanu在IESG审查期间的评论。
Thanks to Pete McCann for comments under the auspices of the Gen-ART review.
感谢Pete McCann在Gen ART review赞助下发表的评论。
Authors' Addresses
作者地址
Acee Lindem Ericsson 102 Carric Bend Court Cary, NC 27519 USA
美国北卡罗来纳州卡里克本德法院102号,邮编27519
EMail: acee.lindem@ericsson.com
EMail: acee.lindem@ericsson.com
Abhay Roy Cisco Systems 225 West Tasman Drive San Jose, CA 95134 USA
美国加利福尼亚州圣何塞市西塔斯曼大道225号,邮编95134
EMail: akr@cisco.com
EMail: akr@cisco.com
Sina Mirtorabi Cisco Systems 3 West Plumeria Drive San Jose, CA 95134 USA
新浪Mirtorabi思科系统3西普洛玛丽亚大道圣何塞,加利福尼亚州95134
EMail: sina@cisco.com
EMail: sina@cisco.com