Internet Engineering Task Force (IETF) U. Chunduri Request for Comments: 7602 W. Lu Category: Standards Track A. Tian ISSN: 2070-1721 Ericsson Inc. N. Shen Cisco Systems, Inc. July 2015
Internet Engineering Task Force (IETF) U. Chunduri Request for Comments: 7602 W. Lu Category: Standards Track A. Tian ISSN: 2070-1721 Ericsson Inc. N. Shen Cisco Systems, Inc. July 2015
IS-IS Extended Sequence Number TLV
IS-IS扩展序列号TLV
Abstract
摘要
This document defines the Extended Sequence Number TLV to protect Intermediate System to Intermediate System (IS-IS) PDUs from replay attacks.
本文档定义了扩展序列号TLV,以保护中间系统到中间系统(IS-IS)PDU免受重播攻击。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7602.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7602.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Replay Attacks and Impact on IS-IS Networks . . . . . . . . . 4 2.1. IIHs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. SNPs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Extended Sequence Number TLV . . . . . . . . . . . . . . . . 4 3.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . . 5 4. Mechanism and Packet Encoding . . . . . . . . . . . . . . . . 5 4.1. IIHs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.2. SNPs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Backward Compatibility and Deployment . . . . . . . . . . . . 6 5.1. IIHs and SNPs . . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 8 Appendix A. ESSN Encoding Mechanisms . . . . . . . . . . . . . . 10 A.1. Using Timestamps . . . . . . . . . . . . . . . . . . . . 10 A.2. Using Non-volatile Storage . . . . . . . . . . . . . . . 10 Appendix B. Operational/Implementation Considerations . . . . . 11 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 11 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Replay Attacks and Impact on IS-IS Networks . . . . . . . . . 4 2.1. IIHs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. SNPs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Extended Sequence Number TLV . . . . . . . . . . . . . . . . 4 3.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . . 5 4. Mechanism and Packet Encoding . . . . . . . . . . . . . . . . 5 4.1. IIHs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.2. SNPs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Backward Compatibility and Deployment . . . . . . . . . . . . 6 5.1. IIHs and SNPs . . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 8 Appendix A. ESSN Encoding Mechanisms . . . . . . . . . . . . . . 10 A.1. Using Timestamps . . . . . . . . . . . . . . . . . . . . 10 A.2. Using Non-volatile Storage . . . . . . . . . . . . . . . 10 Appendix B. Operational/Implementation Considerations . . . . . 11 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 11 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
Intermediate System to Intermediate System (IS-IS) [ISO10589] has been adopted widely in various Layer 2 / Layer 3 routing and switching deployments of data centers and for critical business operations. Its flexibility and scalability make it well suited for the rapid development of new data center infrastructures. Also, while technologies such as Software-Defined Networking (SDN) may improve network management and enable new applications, their use has an effect on the security requirements of the routing infrastructure.
中间系统到中间系统(IS-IS)[ISO10589]已广泛应用于数据中心和关键业务运营的各种第2层/第3层路由和交换部署中。它的灵活性和可扩展性使其非常适合快速开发新的数据中心基础架构。此外,虽然软件定义网络(SDN)等技术可以改进网络管理并启用新的应用程序,但它们的使用会影响路由基础设施的安全要求。
A replayed IS-IS PDU can potentially cause many problems in IS-IS networks, including bouncing adjacencies, blackholing, and even some form of Denial-of-Service (DoS) attacks as explained in Section 2. This problem is also discussed in the Security Considerations section, in the context of cryptographic authentication work as described in [RFC5304] and [RFC5310].
重放的IS-IS PDU可能会在IS-IS网络中造成许多问题,包括反弹邻接、黑洞,甚至第2节中解释的某种形式的拒绝服务(DoS)攻击。在[RFC5304]和[RFC5310]中描述的加密身份验证工作的上下文中,安全注意事项部分也讨论了此问题。
Currently, there is no mechanism to protect IS-IS Hello (IIH) PDUs and Sequence Number PDUs (SNPs) from replay attacks. However, Link State PDUs (LSPs) have a sequence number in the LSP header as defined in [ISO10589], with which they can effectively mitigate intra-session replay attacks. But, LSPs are still susceptible to inter-session replay attacks.
目前,没有保护is-is Hello(IIH)PDU和序列号PDU(SNP)免受重播攻击的机制。然而,链路状态PDU(LSP)在LSP报头中有一个序列号,如[ISO10589]中所定义,使用该序列号可以有效地缓解会话内重播攻击。但是,LSP仍然容易受到会话间重播攻击。
This document defines the Extended Sequence Number (ESN) TLV to protect IS-IS PDUs from replay attacks.
本文档定义了扩展序列号(ESN)TLV,以保护IS-IS PDU免受重播攻击。
The new ESN TLV defined here thwarts these threats and can be deployed with the authentication mechanisms specified in [RFC5304] and [RFC5310] for a more secure network.
此处定义的新ESN TLV可抵御这些威胁,并可使用[RFC5304]和[RFC5310]中指定的身份验证机制部署,以实现更安全的网络。
Replay attacks can be effectively mitigated by deploying a group key management protocol (being developed as defined in [GROUP-IKEv2] and [MRKMP]) with a frequent key change policy. Currently, there is no such mechanism defined for IS-IS. Even if such a mechanism is defined, usage of this TLV can be helpful to avoid replays before the keys are changed.
通过部署具有频繁密钥更改策略的组密钥管理协议(按照[group-IKEv2]和[MRKMP]中的定义开发),可以有效缓解重播攻击。目前,没有为is-is定义此类机制。即使定义了这样的机制,使用此TLV也有助于避免在更改密钥之前重播。
Also, it is believed that, even when such a key management system is deployed, there always will be some systems based on manual keying that coexist with systems based on key management protocols. The ESN TLV defined in this document is helpful for such deployments.
此外,人们相信,即使部署了这样的密钥管理系统,也总会有一些基于手动密钥的系统与基于密钥管理协议的系统共存。本文档中定义的ESN TLV有助于此类部署。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
CSNP - Complete Sequence Number PDU
CSNP-完整序列号PDU
ESN - Extended Sequence Number
扩展序列号
IIH - IS-IS Hello
你好
IS - Intermediate System
IS-中间系统
LSP - IS-IS Link State PDU
LSP-IS-IS链路状态PDU
PDU - Protocol Data Unit
协议数据单元
PSNP - Partial Sequence Number PDU
PSNP-部分序列号PDU
SNP - Sequence Number PDU
SNP-序列号PDU
Replaying a captured protocol packet to cause damage is a common threat for any protocol. Securing the packet with cryptographic authentication information alone cannot mitigate this threat completely. This section explains the replay attacks and their applicability to each IS-IS PDU.
重放捕获的协议数据包以造成损坏是任何协议的常见威胁。仅使用加密身份验证信息保护数据包无法完全缓解此威胁。本节解释重播攻击及其对每个IS-IS PDU的适用性。
When an adjacency is brought up, an IS sends an IIH packet with an empty neighbor list (TLV 6); it can be sent with or without authentication information. Packets can be replayed later on the broadcast network, and this may cause all ISs to bounce the adjacency, thus churning the network. Note that mitigating replay is only possible when authentication information is present.
当出现邻接时,is发送具有空邻居列表的IIH分组(tlv6);它可以在有或没有身份验证信息的情况下发送。数据包可以稍后在广播网络上重播,这可能会导致所有ISs在相邻位置反弹,从而扰乱网络。请注意,只有在存在身份验证信息的情况下才可能进行重播。
Normal operation of the IS-IS update process as specified in [ISO10589] provides timely recovery from all LSP replay attacks. Therefore, the use of the extensions defined in this document is prohibited in LSPs. Further discussion of the vulnerability of LSPs to replay attacks can be found in [ISIS-ANALYSIS].
[ISO10589]中规定的IS-IS更新过程的正常运行可从所有LSP重播攻击中及时恢复。因此,LSP中禁止使用本文件中定义的扩展。有关LSP对重放攻击的脆弱性的进一步讨论,请参见[ISIS-ANALYSIS]。
A replayed CSNP can result in the sending of unnecessary PSNPs on a given link. A replayed CSNP or PSNP can result in unnecessary LSP flooding on the link.
重播的CSNP可能导致在给定链路上发送不必要的PSNP。重播的CSNP或PSNP可能导致链路上不必要的LSP洪泛。
The Extended Sequence Number (ESN) TLV is composed of 1 octet for the Type, 1 octet that specifies the number of bytes in the Value field, and a 12-byte Value field. This TLV is defined only for IIH and SNP PDUs.
扩展序列号(ESN)TLV由类型的1个八位字节、指定值字段中字节数的1个八位字节和12字节值字段组成。该TLV仅适用于IIH和SNP PDU。
Code - 11.
代码-11。
Length - total length of the value field, which is 12 bytes.
Length—值字段的总长度,为12字节。
Value - 64-bit Extended Session Sequence Number (ESSN), which is followed by a 32-bit, monotonically increasing, per-packet sequence number.
值-64位扩展会话序列号(ESSN),每个数据包序列号后跟一个32位单调递增的序列号。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+ | Type | +-+-+-+-+-+-+-+-+ | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Extended Session Sequence Number (High-Order 32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Extended Session Sequence Number (Low-Order 32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet Sequence Number (32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+ | Type | +-+-+-+-+-+-+-+-+ | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Extended Session Sequence Number (High-Order 32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Extended Session Sequence Number (Low-Order 32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet Sequence Number (32 Bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Extended Sequence Number (ESN) TLV
图1:扩展序列号(ESN)TLV
The ESN TLV defined here is optional. Though this is an optional TLV, it can be mandatory on a link when 'verify' mode is enabled as specified in Section 5.1. The ESN TLV MAY be present only in IIH PDUs and SNPs. A PDU with multiple ESN TLVs is invalid and MUST be discarded on receipt.
此处定义的ESN TLV是可选的。尽管这是一个可选TLV,但当按照第5.1节的规定启用“验证”模式时,它在链路上可能是强制性的。ESN TLV可能仅存在于IIH PDU和SNP中。具有多个ESN TLV的PDU无效,必须在收到时丢弃。
The 64-bit ESSN MUST be nonzero and MUST contain a number that is increased whenever it is changed due any situation, as specified in Section 3.1. Encoding the 64-bit unsigned integer ESSN value is a local matter, and implementations MAY use one of the alternatives provided in Appendix A. Effectively, for each PDU that contains the ESN TLV, the 96-bit unsigned integer value consisting of the 64-bit ESSN and 32-bit Packet Sequence Number (PSN) -- where the ESSN is the higher-order 64 bits -- MUST be greater than the most recently received value in a PDU of the same type originated by the same IS.
64位ESSN必须为非零,并且必须包含一个因任何情况而改变的数字,如第3.1节所述。编码64位无符号整数ESSN值是一个局部问题,实现可以使用附录a中提供的备选方案之一。实际上,对于包含ESN TLV的每个PDU,由64位ESSN和32位数据包序列号(PSN)组成的96位无符号整数值--其中ESSN是高阶64位--必须大于由相同is发起的相同类型PDU中最近接收的值。
If the 32-bit Packet Sequence Number in the ESN TLV wraps or the router performs a cold restart, the 64-bit ESSN value MUST be set higher than the previous value. IS-IS implementations MAY use the guidelines provided in Appendix A for accomplishing this.
如果ESN TLV包装中的32位数据包序列号或路由器执行冷重启,则64位ESSN值必须设置为高于先前的值。IS-IS实施可使用附录A中提供的指南来实现这一点。
The encoding of the ESN TLV in each applicable IS-IS PDU is detailed below. Please refer to Section 5 for appropriate operations on how to interoperate with legacy node(s) that do not support the
每个适用IS-IS PDU中ESN TLV的编码如下所述。有关如何与不支持的旧节点进行互操作的适当操作,请参阅第5节
extensions defined in this document. If the received PDU with the ESN TLV is accepted, then the stored value for the corresponding originator and PDU type MUST be updated with the latest value received. Please note that level information is included in the PDU type.
本文档中定义的扩展。如果接收到的带有ESN TLV的PDU被接受,则必须使用接收到的最新值更新相应发起人和PDU类型的存储值。请注意,级别信息包含在PDU类型中。
ESN TLV information is maintained for each type of IIH PDU being sent on a given circuit. The procedures for encoding, verification, and sequence number wrapping are explained in Section 3.
ESN TLV信息针对在给定电路上发送的每种类型的IIH PDU进行维护。第3节解释了编码、验证和序列号包装的过程。
Separate CSNP/PSNP ESN TLV information is maintained per PDU type, per originator, and per link. The procedures for encoding, verification, and sequence number wrapping are explained in Section 3.
每个PDU类型、每个发起人和每个链路维护单独的CSNP/PSNP ESN TLV信息。第3节解释了编码、验证和序列号包装的过程。
The implementation and deployment of the ESN TLV can be done to support backward compatibility and gradual deployment in the network without requiring a flag day. This feature can also be deployed for the links in a certain area of the network where the maximum security mechanism is needed, or it can be deployed for the entire network.
ESN TLV的实施和部署可以支持向后兼容性和网络中的逐步部署,而无需国旗日。此功能还可以部署在需要最大安全机制的网络特定区域的链路上,也可以部署在整个网络上。
The implementation SHOULD allow the configuration of ESN TLV features on each IS-IS link level. The implementation SHOULD also allow operators to control the configuration of the 'send' and/or 'verify' feature of IS-IS PDUs for the links and for the node. In this document, the 'send' mode is to include the ESN TLV in its own IS-IS PDUs, and the 'verify' mode is to process the ESN TLV in the receiving IS-IS PDUs from neighbors.
实施应允许在每个IS-IS链路级别上配置ESN TLV功能。实施还应允许操作员控制链路和节点IS-IS PDU的“发送”和/或“验证”功能的配置。在本文档中,“发送”模式将ESN TLV包括在其自身is-is PDU中,“验证”模式将处理来自邻居的接收is-is PDU中的ESN TLV。
When an adversary is actively attacking, it is possible to have inconsistent data views in the network, if there is a considerable delay in enabling the 'verify' mode where nodes were configured to the 'send' mode, e.g., from the first to the last node or all nodes of a particular LAN segment. This happens primarily because replay PDUs can potentially be accepted by the nodes where the 'verify' mode is still not provisioned at the time of the attack. To minimize such a window, it is recommended that provisioning of 'verify' SHOULD be done in a timely fashion by the network operators.
当对手主动攻击时,如果启用“验证”模式(节点配置为“发送”模式,例如从第一个节点到最后一个节点或特定LAN段的所有节点)时存在相当大的延迟,则网络中可能存在不一致的数据视图。发生这种情况的主要原因是重播PDU可能会被攻击时仍未设置“验证”模式的节点接受。为尽量减少此类窗口,建议网络运营商及时提供“验证”。
On the link level, the ESN TLV involves the IIH PDUs and SNPs (both CSNP and PSNP). The 'send' and 'verify' modes described above can be set independently on each link and, in the case of a broadcast network, independently on each level.
在链路级别,ESN TLV涉及IIH PDU和SNP(CSNP和PSNP)。上述“发送”和“验证”模式可以在每个链路上独立设置,如果是广播网络,则可以在每个级别上独立设置。
To introduce ESN support without disrupting operations, ISs on a given interface are first configured to operate in 'send' mode. Once all routers operating on an interface are operating in 'send' mode, 'verify' mode can be enabled on each IS. Once 'verify' mode is set for an interface, all the IIH PDUs and SNPs being sent on that interface MUST contain the ESN TLV. Any such PDU received without an ESN TLV MUST be discarded when 'verify' mode is enabled. Similarly, to safely disable ESN support on a link, 'verify' mode is disabled on all ISs on the link. Once 'verify' mode is disabled on all routers operating on an interface, 'send' mode can be disabled on each IS. Please refer to Section 5 for considerations on enabling or disabling 'verify' mode on all ISs on a link.
为了在不中断操作的情况下引入ESN支持,首先将给定接口上的ISs配置为在“发送”模式下运行。一旦在一个接口上运行的所有路由器都在“发送”模式下运行,就可以在每个IS上启用“验证”模式。为接口设置“验证”模式后,在该接口上发送的所有IIH PDU和SNP必须包含ESN TLV。当启用“验证”模式时,必须丢弃未使用ESN TLV接收的任何此类PDU。同样,为了安全地禁用链路上的ESN支持,在链路上的所有ISs上禁用“验证”模式。一旦在一个接口上运行的所有路由器上禁用“验证”模式,就可以在每个is上禁用“发送”模式。有关在链路上的所有ISs上启用或禁用“验证”模式的注意事项,请参阅第5节。
A new TLV codepoint, as defined in this document, has been assigned by IANA from the "IS-IS TLV Codepoints" registry. It is referred to as the Extended Sequence Number TLV and has the following attributes:
IANA已从“IS-IS TLV代码点”注册表中分配了本文件中定义的新TLV代码点。它被称为扩展序列号TLV,具有以下属性:
Value Name IIH LSP SNP Purge ----- --------------------- --- --- --- ----- 11 ESN TLV y n y n
Value Name IIH LSP SNP Purge ----- --------------------- --- --- --- ----- 11 ESN TLV y n y n
This document describes a mechanism to mitigate the replay attack threat as discussed in the Security Considerations sections of [RFC5304] and [RFC5310]. If an adversary interferes either by not forwarding packets or by delaying messages as described in Section 3.3 of [RFC6862], the mechanism specified in this document cannot mitigate those threats. Also, some of the threats described in Section 2.3 of [ISIS-ANALYSIS] are not addressable with the ESN TLV as specified in this document. This document does not introduce any new security concerns to IS-IS or any other specifications referenced.
本文件描述了一种缓解重播攻击威胁的机制,如[RFC5304]和[RFC5310]的安全注意事项部分所述。如果敌方通过不转发数据包或延迟[RFC6862]第3.3节所述的消息进行干扰,则本文件中规定的机制无法缓解这些威胁。此外,[ISIS-ANALYSIS]第2.3节中描述的一些威胁无法通过本文件中规定的ESN TLV解决。本文件不向IS-IS或任何其他参考规范引入任何新的安全问题。
[ISO10589] International Organization for Standardization, "Intermediate system to intermediate system intra-domain-routing routine information exchange protocol for use in conjunction with the protocol for providing the connectionless-mode Network Service (ISO 8473)", ISO/IEC 10589:2002, Second Edition, Nov. 2002.
[ISO10589]国际标准化组织,“与提供无连接模式网络服务协议一起使用的中间系统到中间系统域内路由例程信息交换协议(ISO 8473)”,ISO/IEC 10589:2002,第二版,2002年11月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, <http://www.rfc-editor.org/info/rfc5905>.
[RFC5905]Mills,D.,Martin,J.,Ed.,Burbank,J.,和W.Kasch,“网络时间协议版本4:协议和算法规范”,RFC 5905,DOI 10.17487/RFC59052010年6月<http://www.rfc-editor.org/info/rfc5905>.
[MRKMP] Hartman, S., Zhang, D., and G. Lebovitz, "Multicast Router Key Management Protocol (MaRK)", Work in Progress, draft-hartman-karp-mrkmp-05, September 2012.
[MRKMP]Hartman,S.,Zhang,D.,和G.Lebovitz,“多播路由器密钥管理协议(MaRK)”,正在进行的工作,草稿-Hartman-karp-MRKMP-052012年9月。
[ISIS-ANALYSIS] Chunduri, U., Tian, A., and W. Lu, "KARP IS-IS security analysis", Work in Progress, draft-ietf-karp-isis-analysis-07, July 2015.
[ISIS-ANALYSIS]Chunduri,U.,Tian,A.,和W.Lu,“KARP IS-IS安全分析”,正在进行的工作,草案-ietf-KARP-ISIS-ANALYSIS-072015年7月。
[GROUP-IKEv2] Rowles, S., Yeung, A., Ed., Tran, P., and Y. Nir, "Group Key Management using IKEv2", Work in Progress, draft-yeung-g-ikev2-08, October 2014.
[GROUP-IKEv2]Rowles,S.,Yeung,A.,Ed.,Tran,P.,和Y.Nir,“使用IKEv2的集团密钥管理”,正在进行的工作,草稿-Yeung-g-IKEv2-082014年10月。
[RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic Authentication", RFC 5304, DOI 10.17487/RFC5304, October 2008, <http://www.rfc-editor.org/info/rfc5304>.
[RFC5304]Li,T.和R.Atkinson,“IS-IS加密认证”,RFC 5304,DOI 10.17487/RFC5304,2008年10月<http://www.rfc-editor.org/info/rfc5304>.
[RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., and M. Fanto, "IS-IS Generic Cryptographic Authentication", RFC 5310, DOI 10.17487/RFC5310, February 2009, <http://www.rfc-editor.org/info/rfc5310>.
[RFC5310]Bhatia,M.,Manral,V.,Li,T.,Atkinson,R.,White,R.,和M.Fanto,“IS-IS通用密码认证”,RFC 5310,DOI 10.17487/RFC5310,2009年2月<http://www.rfc-editor.org/info/rfc5310>.
[RFC6862] Lebovitz, G., Bhatia, M., and B. Weis, "Keying and Authentication for Routing Protocols (KARP) Overview, Threats, and Requirements", RFC 6862, DOI 10.17487/RFC6862, March 2013, <http://www.rfc-editor.org/info/rfc6862>.
[RFC6862]Lebovitz,G.,Bhatia,M.和B.Weis,“路由协议(KARP)的键控和认证概述,威胁和要求”,RFC 6862,DOI 10.17487/RFC6862,2013年3月<http://www.rfc-editor.org/info/rfc6862>.
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., "Security Extension for OSPFv2 When Using Manual Key Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, <http://www.rfc-editor.org/info/rfc7474>.
[RFC7474]Bhatia,M.,Hartman,S.,Zhang,D.,和A.Lindem,Ed.,“使用手动密钥管理时OSPFv2的安全扩展”,RFC 7474,DOI 10.17487/RFC7474,2015年4月<http://www.rfc-editor.org/info/rfc7474>.
IS-IS nodes implementing this specification SHOULD use available mechanisms to preserve the 64-bit Extended Session Sequence Number's strictly increasing property, whenever it is changed for the deployed life of the IS-IS node (including cold restarts).
实现此规范的IS-IS节点应使用可用的机制来保留64位扩展会话序列号的严格递增属性,无论何时在IS-IS节点的部署生命周期内(包括冷重启)对其进行更改。
This appendix provides guidelines for maintaining the strictly increasing property of the 64-bit ESSN in the ESN TLV, and implementations can resort to any similar method as long as this property is maintained.
本附录提供了在ESN TLV中维护64位ESSN严格递增属性的指南,只要维护此属性,实现可以采用任何类似的方法。
One mechanism for accomplishing this is by encoding the 64-bit ESSN as the system time represented by a 64-bit unsigned integer value. This MAY be similar to the system timestamp encoding for the NTP long format as defined in Appendix A.4 of [RFC5905]. The new current time MAY be used when the IS-IS node loses its sequence number state including when the Packet Sequence Number wraps.
实现这一点的一种机制是将64位ESSN编码为由64位无符号整数值表示的系统时间。这可能类似于[RFC5905]附录A.4中定义的NTP长格式的系统时间戳编码。当IS-IS节点丢失其序列号状态时,包括当分组序列号换行时,可以使用新的当前时间。
Implementations MUST make sure while encoding the 64-bit ESN value with the current system time that it does not default to any previous value or some default node time of the system, especially after cold restarts or any other similar events. In general, system time must be preserved across cold restarts in order for this mechanism to be feasible. One example of such implementation is to use a battery backed real-time clock (RTC).
在使用当前系统时间编码64位ESN值时,实现必须确保它不会默认为系统的任何先前值或某些默认节点时间,特别是在冷重启或任何其他类似事件之后。通常,为了使该机制可行,必须在冷重启期间保留系统时间。这种实现的一个例子是使用电池供电的实时时钟(RTC)。
One other mechanism for accomplishing this is similar to the one specified in [RFC7474] -- use the 64-bit ESSN as a wrap/boot count stored in non-volatile storage. This value is incremented anytime the IS-IS node loses its sequence number state, including when the Packet Sequence Number wraps.
实现这一点的另一种机制类似于[RFC7474]中指定的机制——使用64位ESSN作为非易失性存储器中存储的wrap/boot计数。每当is-is节点丢失其序列号状态时(包括数据包序列号换行时),该值都会增加。
There is a drawback to this approach, which is described as follows in Section 8 of [RFC7474]. It requires the IS-IS implementation to be able to save its boot count in non-volatile storage. If the non-volatile storage is ever repaired or router hardware is upgraded such that the contents are lost, keys MUST be changed to prevent replay attacks.
这种方法有一个缺点,在[RFC7474]第8节中描述如下。它要求IS-IS实现能够将其引导计数保存在非易失性存储器中。如果非易失性存储被修复或路由器硬件升级,导致内容丢失,则必须更改密钥以防止重播攻击。
Appendix B. Operational/Implementation Considerations
附录B.操作/实施注意事项
Since the ESN is maintained per PDU type, per originator, and per link, this scheme can be useful for monitoring the health of the IS-IS adjacency. A Packet Sequence Number skip that occurs upon receiving an IIH can be recorded by the neighbors and can be used later to correlate adjacency state changes over the interface. For instance, in multi-access media, completely different issues on the network may be indicated when all neighbors record skips from the same IIH sender versus when only one neighbor records skips. For operational issues, effective usage of the TLV defined in this document MAY also need more system information before making concrete conclusions; defining all that information is beyond the scope of this document.
由于每个PDU类型、每个发起者和每个链路维护ESN,因此该方案可用于监控is-is邻接的健康状况。在接收到IIH时发生的数据包序列号跳过可由邻居记录,并可在稍后用于关联接口上的邻接状态变化。例如,在多址介质中,当所有邻居记录从同一IIH发送方跳过时,与仅一个邻居记录跳过时,网络上可能指示完全不同的问题。对于操作问题,在做出具体结论之前,有效使用本文件中定义的TLV可能还需要更多的系统信息;定义所有这些信息超出了本文档的范围。
Acknowledgements
致谢
As some sort of sequence number mechanism to thwart protocol replays is a old concept, the authors of this document do not make any claims on the originality of the overall protection idea described. The authors are thankful for the review and the valuable feedback provided by Acee Lindem and Joel Halpern. Thanks to Alia Atlas, Chris Hopps, Nevil Brownlee, and Adam W. Montville for their reviews and suggestions during IESG directorate review. The authors also thank Christer Holmberg, Ben Campbell, Barry Leiba, Stephen Farrell, and Alvaro Retana for their reviews of this document.
由于阻止协议重播的某种序列号机制是一个古老的概念,本文件的作者没有对所描述的整体保护思想的独创性提出任何主张。作者感谢Acee Lindem和Joel Halpern提供的评论和宝贵反馈。感谢Alia Atlas、Chris Hopps、Nevil Brownlee和Adam W.Montville在IESG董事会审查期间的审查和建议。作者还感谢Christer Holmberg、Ben Campbell、Barry Leiba、Stephen Farrell和Alvaro Retana对本文件的评论。
Contributors
贡献者
The authors would like to thank Les Ginsberg for his significant contribution in detailed reviews and suggestions.
作者要感谢Les Ginsberg在详细评论和建议方面做出的重大贡献。
Authors' Addresses
作者地址
Uma Chunduri Ericsson Inc. 300 Holger Way, San Jose, California 95134 United States
Uma Chunduri Ericsson Inc.美国加利福尼亚州圣何塞市霍尔格路300号,邮编95134
Phone: 408 750-5678 Email: uma.chunduri@ericsson.com
电话:408750-5678电子邮件:uma。chunduri@ericsson.com
Wenhu Lu Ericsson Inc. 300 Holger Way, San Jose, California 95134 United States
美国加利福尼亚州圣何塞市霍尔格路300号文虎路爱立信公司,邮编:95134
Email: wenhu.lu@ericsson.com
Email: wenhu.lu@ericsson.com
Albert Tian Ericsson Inc. 300 Holger Way, San Jose, California 95134 United States
Albert Tian Ericsson Inc.美国加利福尼亚州圣何塞市霍尔格路300号,邮编:95134
Phone: 408 750-5210 Email: albert.tian@ericsson.com
电话:408750-5210电子邮件:阿尔伯特。tian@ericsson.com
Naiming Shen Cisco Systems, Inc. 225 West Tasman Drive, San Jose, California 95134 United States
沈乃明思科系统有限公司,美国加利福尼亚州圣何塞市西塔斯曼大道225号,邮编:95134
Email: naiming@cisco.com
Email: naiming@cisco.com