Internet Engineering Task Force (IETF) P. Psenak, Ed.
Request for Comments: 8444 N. Kumar
Category: Standards Track IJ. Wijnands
ISSN: 2070-1721 Cisco
A. Dolganow
Nokia
T. Przygienda
J. Zhang
Juniper Networks, Inc.
S. Aldrin
Google, Inc.
November 2018
Internet Engineering Task Force (IETF) P. Psenak, Ed.
Request for Comments: 8444 N. Kumar
Category: Standards Track IJ. Wijnands
ISSN: 2070-1721 Cisco
A. Dolganow
Nokia
T. Przygienda
J. Zhang
Juniper Networks, Inc.
S. Aldrin
Google, Inc.
November 2018
OSPFv2 Extensions for Bit Index Explicit Replication (BIER)
位索引显式复制(BIER)的OSPFv2扩展
Abstract
摘要
Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast-related, per-flow state. BIER also does not require an explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a Bit-Forwarding Ingress Router (BFIR) and leaves the BIER domain at one or more Bit-Forwarding Egress Routers (BFERs). The BFIR adds a BIER packet header to the packet. The BIER packet header contains a BitString in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the set of bits in the BIER packet header.
位索引显式复制(BIER)是一种通过“BIER域”提供最佳多播转发的体系结构,无需中间路由器来维护与多播相关的每流状态。BIER的操作也不需要显式的树构建协议。多播数据分组在比特转发入口路由器(BFIR)处进入BIER域,并在一个或多个比特转发出口路由器(BFER)处离开BIER域。BFIR向数据包添加BIER数据包头。BIER数据包报头包含一个位字符串,其中每一位正好代表一个要转发数据包的B。多播分组需要转发到的BFER集合由BIER分组报头中的比特集合表示。
This document describes the OSPF protocol extension (from RFC 2328) that is required for BIER with MPLS encapsulation (which is defined in RFC 8296). Support for other encapsulation types and the use of multiple encapsulation types are outside the scope of this document.
本文档描述了带MPLS封装(在RFC 8296中定义)的BIER所需的OSPF协议扩展(来自RFC 2328)。对其他封装类型的支持以及对多种封装类型的使用超出了本文档的范围。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8444.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8444.
Copyright Notice
版权公告
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3
2. Flooding of the BIER Information in OSPF ........................4
2.1. BIER Sub-TLV ...............................................4
2.2. BIER MPLS Encapsulation Sub-TLV ............................5
2.3. Flooding Scope of BIER Information .........................7
3. Security Considerations .........................................8
4. IANA Considerations .............................................9
5. References ......................................................9
5.1. Normative References .......................................9
5.2. Informative References ....................................10
Acknowledgments ...................................................11
Authors' Addresses ................................................11
1. Introduction ....................................................3
2. Flooding of the BIER Information in OSPF ........................4
2.1. BIER Sub-TLV ...............................................4
2.2. BIER MPLS Encapsulation Sub-TLV ............................5
2.3. Flooding Scope of BIER Information .........................7
3. Security Considerations .........................................8
4. IANA Considerations .............................................9
5. References ......................................................9
5.1. Normative References .......................................9
5.2. Informative References ....................................10
Acknowledgments ...................................................11
Authors' Addresses ................................................11
Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast-related, per-flow state. Neither does BIER explicitly require a tree-building protocol for its operation. A multicast data packet enters a BIER domain at a Bit-Forwarding Ingress Router (BFIR) and leaves the BIER domain at one or more Bit-Forwarding Egress Routers (BFERs). The BFIR router adds a BIER packet header to the packet. The BIER packet header contains a BitString in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the set of bits in the BIER packet header.
位索引显式复制(BIER)是一种通过“BIER域”提供最佳多播转发的体系结构,无需中间路由器维护任何多播相关的每流状态。BIER也没有明确要求其操作使用树构建协议。多播数据分组在比特转发入口路由器(BFIR)处进入BIER域,并在一个或多个比特转发出口路由器(BFER)处离开BIER域。BFIR路由器向数据包添加BIER数据包头。BIER数据包报头包含一个位字符串,其中每一位正好代表一个要转发数据包的B。多播分组需要转发到的BFER集合由BIER分组报头中的比特集合表示。
The BIER architecture requires routers participating in BIER to exchange BIER-related information within a given domain and permits link-state routing protocols to perform distribution of such information. This document describes extensions to OSPF necessary to advertise BIER-specific information in the case where BIER uses MPLS encapsulation as described in [RFC8296].
BIER体系结构要求参与BIER的路由器在给定域内交换BIER相关信息,并允许链路状态路由协议执行此类信息的分发。本文档描述了在BIER使用MPLS封装(如[RFC8296]所述)的情况下发布BIER特定信息所需的OSPF扩展。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
All BIER-specific information that a Bit-Forwarding Router (BFR) needs to advertise to other BFRs is associated with a BFR-prefix. A BFR-prefix is a unique (within a given BIER domain) routable IP address that is assigned to each BFR as described in detail in Section 2 of [RFC8279].
比特转发路由器(BFR)需要向其他BFR播发的所有BIER特定信息都与BFR前缀相关联。BFR前缀是分配给每个BFR的唯一(在给定BIER域内)可路由IP地址,详见[RFC8279]第2节。
Given that BIER information must be associated with a BFR-prefix, the OSPFv2 Extended Prefix Opaque LSA [RFC7684] has been chosen for advertisement.
鉴于BIER信息必须与BFR前缀相关联,已选择OSPFv2扩展前缀不透明LSA[RFC7684]进行广告。
A sub-TLV of the OSPFv2 Extended Prefix TLV (defined in [RFC7684]) is defined for distributing BIER information. The sub-TLV is called the BIER Sub-TLV. Multiple BIER Sub-TLVs may be included in the OSPFv2 Extended Prefix TLV.
OSPFv2扩展前缀TLV(在[RFC7684]中定义)的子TLV用于分发BIER信息。子TLV称为BIER子TLV。OSPFv2扩展前缀TLV中可包括多个BIER子TLV。
The BIER Sub-TLV has the following format:
BIER子TLV具有以下格式:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-domain-id | MT-ID | BFR-id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BAR | IPA | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-TLVs (variable) |
+- -+
| |
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-domain-id | MT-ID | BFR-id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BAR | IPA | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-TLVs (variable) |
+- -+
| |
Type: 9
类型:9
Length: Variable, dependent on sub-TLVs.
长度:可变,取决于子TLV。
sub-domain-id: Unique value identifying the BIER sub-domain within the BIER domain, as described in Section 1 of [RFC8279].
子域id:标识BIER域内BIER子域的唯一值,如[RFC8279]第1节所述。
MT-ID: Multi-Topology ID (as defined in [RFC4915]) that identifies the topology that is associated with the BIER sub-domain.
MT-ID:多拓扑ID(定义见[RFC4915]),用于标识与BIER子域关联的拓扑。
BFR-id: A 2-octet field encoding the BFR-id, as documented in Section 2 of [RFC8279]. If the BFR is not locally configured with a valid BFR-id, the value of this field is set to 0, which is defined as illegal in [RFC8279].
BFR id:编码BFR id的2个八位组字段,如[RFC8279]第2节所述。如果未使用有效的BFR id在本地配置BFR,则此字段的值设置为0,在[RFC8279]中定义为非法。
BAR: Single-octet BIER Algorithm used to calculate underlay paths to reach other BFRs. Values are allocated from the "BIER Algorithm" registry defined in [RFC8401].
BAR:用于计算到达其他BFR的参考底图路径的单八进制BIER算法。从[RFC8401]中定义的“BIER算法”注册表中分配值。
IPA: Single-octet IGP Algorithm used to either modify, enhance, or replace the calculation of underlay paths to reach other BFRs as defined by the BAR value. Values are defined in the "IGP Algorithm Types" registry [IANA-IGP].
IPA:单八位组IGP算法,用于修改、增强或替换参考底图路径的计算,以达到条形图值定义的其他BFR。值在“IGP算法类型”注册表[IANA-IGP]中定义。
Each BFR sub-domain MUST be associated with one and only one OSPF topology that is identified by the MT-ID. If the association between the BIER sub-domain and OSPF topology advertised in the BIER Sub-TLV by other BFRs is in conflict with the association locally configured on the receiving router, the BIER Sub-TLV for such conflicting sub-domains MUST be ignored.
每个BFR子域必须与MT-ID标识的一个且仅一个OSPF拓扑相关联。如果其他BFR在BIER子TLV中公布的BIER子域和OSPF拓扑之间的关联与接收路由器上本地配置的关联相冲突,必须忽略此类冲突子域的BIER子TLV。
If the MT-ID contains an invalid value as specified in [RFC4915], the BIER Sub-TLV for such subdomains with conflict MUST be ignored.
如果MT-ID包含[RFC4915]中指定的无效值,则必须忽略具有冲突的子域的BIER子TLV。
If a BFR advertises the same sub-domain-id in multiple BIER Sub-TLVs, the BFR MUST be treated as if it did not advertise a BIER Sub-TLV for such sub-domain.
如果BFR在多个BIER子TLV中播发相同的子域id,则必须将BFR视为未为该子域播发BIER子TLV。
All BFRs MUST detect advertisement of duplicate valid BFR-ids for a given MT-ID and sub-domain-id. When such duplication is detected by the BFR, it MUST behave as described in Section 5 of [RFC8279].
所有BFR必须检测给定MT-ID和子域ID的重复有效BFR ID的播发。当BFR检测到此类重复时,其行为必须符合[RFC8279]第5节的规定。
The supported BAR and IPA algorithms MUST be consistent for all routers supporting a given BFR sub-domain. If a router receives a BIER Sub-TLV advertisement with a value in the BAR or IPA fields that does not match the locally configured value for a given BFR sub-domain, the router MUST report a misconfiguration for such BIER sub-domain and MUST ignore the BIER Sub-TLV containing the error.
对于支持给定BFR子域的所有路由器,支持的BAR和IPA算法必须一致。如果路由器接收到BIER Sub TLV播发,且BAR或IPA字段中的值与给定BFR子域的本地配置值不匹配,则路由器必须报告此类BIER子域的错误配置,并且必须忽略包含错误的BIER Sub TLV。
The use of non-zero values in either the BAR field or the IPA field is outside the scope of this document.
在BAR字段或IPA字段中使用非零值超出了本文档的范围。
The BIER MPLS Encapsulation Sub-TLV is a sub-TLV of the BIER Sub-TLV. The BIER MPLS Encapsulation Sub-TLV is used in order to advertise MPLS-specific information used for BIER. It MAY appear multiple times in the BIER Sub-TLV.
BIER MPLS封装子TLV是BIER子TLV的子TLV。BIER MPLS封装子TLV用于公布用于BIER的MPLS特定信息。它可能在BIER子TLV中出现多次。
The BIER MPLS Encapsulation Sub-TLV has the following format:
BIER MPLS封装子TLV具有以下格式:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max SI | Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|BS Len | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max SI | Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|BS Len | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 10
类型:10
Length: 8 octets
长度:8个八位字节
Max SI: A 1-octet field encoding the maximum Set Identifier (SI) (see Section 1 of [RFC8279]) used in the encapsulation for this BIER sub-domain for this BitString length.
Max SI:一个1-octet字段,编码最大集合标识符(SI)(参见[RFC8279]的第1节),用于封装此比特串长度的BIER子域。
Label: A 3-octet field, where the 20 rightmost bits represent the first label in the label range. The 4 leftmost bits MUST be ignored.
标签:3个八位字段,其中最右边的20位表示标签范围内的第一个标签。必须忽略最左边的4位。
BS Len (BitString Length): A 4-bit field encoding the supported BitString length associated with this BFR-prefix. The values allowed in this field are specified in Section 2 of [RFC8296].
BS Len(位字符串长度):一个4位字段,编码与此BFR前缀关联的受支持位字符串长度。[RFC8296]第2节规定了此字段中允许的值。
Reserved: SHOULD be set to 0 on transmission and MUST be ignored on reception.
保留:传输时应设置为0,接收时必须忽略。
The "label range" is the set of labels beginning with the Label and ending with (Label + (Max SI)). A unique label range is allocated for each BitString length and sub-domain-id. These labels are used for BIER forwarding as described in [RFC8279] and [RFC8296].
“标签范围”是一组标签,以标签开始,以(标签+(最大SI))结束。为每个位字符串长度和子域id分配唯一的标签范围。这些标签用于BIER转发,如[RFC8279]和[RFC8296]所述。
The size of the label range is determined by the number of SIs (Section 1 of [RFC8279]) that are used in the network. Each SI maps to a single label in the label range: the first label is for SI=0, the second label is for SI=1, etc.
标签范围的大小由网络中使用的SIs数量(RFC8279第1节)决定。每个SI映射到标签范围内的单个标签:第一个标签表示SI=0,第二个标签表示SI=1,以此类推。
If the label associated with the Maximum Set Identifier exceeds the 20-bit range, the BIER MPLS Encapsulation Sub-TLV containing the error MUST be ignored.
如果与最大集合标识符关联的标签超过20位范围,则必须忽略包含错误的BIER MPLS封装子TLV。
If the BitString length is set to a value that does not match any of the allowed values specified in [RFC8296], the BIER MPLS Encapsulation Sub-TLV containing the error MUST be ignored.
如果位字符串长度设置为与[RFC8296]中指定的任何允许值不匹配的值,则必须忽略包含错误的BIER MPLS封装子TLV。
If the same BitString length is repeated in multiple BIER MPLS Encapsulation Sub-TLVs inside the same BIER Sub-TLV, the whole BIER Sub-TLV containing the conflicts MUST be ignored.
如果在同一BIER子TLV内的多个BIER MPLS封装子TLV中重复相同的位字符串长度,则必须忽略包含冲突的整个BIER子TLV。
Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised by the same BFR MUST NOT overlap. If an overlap is detected, all BIER sub-TLVs advertised by such a router MUST be ignored.
同一BFR公布的所有BIER MPLS封装子TLV内的标签范围不得重叠。如果检测到重叠,则必须忽略此类路由器公布的所有BIER子TLV。
The flooding scope of the OSPFv2 Extended Prefix Opaque LSA [RFC7684] that is used for advertising the BIER Sub-TLV is set to area-local. To allow BIER deployment in a multi-area environment, OSPF must propagate BIER information between areas.
用于宣传BIER子TLV的OSPFv2扩展前缀不透明LSA[RFC7684]的泛洪范围设置为区域本地。为了允许在多区域环境中部署BIER,OSPF必须在区域之间传播BIER信息。
( ) ( ) ( ) ( ) ( ) ( ) R1 Area 1 R2 Area 0 R3 Area 2 R4 ( ) ( ) ( ) ( ) ( ) ( )
()R1区1 R2区0 R3区2 R4()()()
Figure 1: BIER Propagation between Areas
图1:区域之间的BIER传播
The following procedure is used in order to propagate BIER-related information between areas:
以下程序用于在区域之间传播BIER相关信息:
When an OSPF Area Border Router (ABR) advertises a Type-3 Summary LSA from an intra-area or inter-area prefix to all its attached areas, it will also originate an OSPFv2 Extended Prefix Opaque LSA, as described in [RFC7684]. The flooding scope of the OSPFv2 Extended Prefix Opaque LSA type will be set to area-local. The route-type in the OSPFv2 Extended Prefix TLV is set to inter-area. When determining whether a BIER Sub-TLV should be included in this LSA, an OSPF ABR will:
当OSPF区域边界路由器(ABR)从区域内或区域间前缀向其所有连接区域播发类型3摘要LSA时,它还将发起OSPFv2扩展前缀不透明LSA,如[RFC7684]中所述。OSPFv2扩展前缀不透明LSA类型的泛洪范围将设置为区域本地。OSPFv2扩展前缀TLV中的路由类型设置为inter area。在确定本LSA中是否应包括BIER子TLV时,OSPF ABR将:
* Examine its best path to the prefix in the source area and find the advertising router associated with the best path to that prefix.
* 在源区域中检查其指向前缀的最佳路径,并找到与指向该前缀的最佳路径关联的广告路由器。
* Determine if the advertising router advertised a BIER Sub-TLV for the prefix. If yes, the ABR will copy the information from that BIER Sub-TLV when advertising the BIER Sub-TLV to each attached area.
* 确定播发路由器是否为前缀播发BIER子TLV。如果是,ABR将在向每个连接区域宣传BIER子TLV时,从该BIER子TLV复制信息。
In Figure 1, R1 advertises a prefix 192.0.2.1/32 in Area 1. It also advertises an OSPFv2 Extended Prefix Opaque LSA for prefix 192.0.2.1/32 and includes a BIER Sub-TLV in it. ABR R2 calculates the reachability for prefix 192.0.2.1/32 inside Area 1 and
在图1中,R1在区域1中播发前缀192.0.2.1/32。它还宣传前缀192.0.2.1/32的OSPFv2扩展前缀不透明LSA,并在其中包含BIER子TLV。ABR R2计算区域1和区域1内前缀192.0.2.1/32的可达性
propagates it to Area 0. When doing so, it copies the entire BIER Sub-TLV (including all of its Sub-TLVs) that it received from R1 in Area 1 and includes it in the OSPFv2 Extended Prefix Opaque LSA it generates for 192.0.2.1/32 in Area 0. ABR R3 calculates the reachability for prefix 192.0.2.1/32 inside Area 0 and propagates it to Area 2. When doing so, it copies the entire BIER Sub-TLV (including all of its sub-TLVs) that it received from R2 in Area 0 and includes it in the OSPFv2 Extended Prefix Opaque LSA it generates for 192.0.2.1/32 in Area 2.
将其传播到区域0。执行此操作时,它复制从区域1中的R1接收的整个BIER子TLV(包括其所有子TLV),并将其包含在为区域0中的192.0.2.1/32生成的OSPFv2扩展前缀不透明LSA中。ABR R3计算区域0内前缀192.0.2.1/32的可达性,并将其传播到区域2。执行此操作时,它复制从区域0中的R2接收的整个BIER子TLV(包括其所有子TLV),并将其包含在为区域2中的192.0.2.1/32生成的OSPFv2扩展前缀不透明LSA中。
This document introduces new sub-TLVs for the existing OSPFv2 Extended Prefix TLV. It does not introduce any new security risks to OSPF. Existing security extensions as described in [RFC2328] and [RFC7684] apply.
本文档介绍了现有OSPFv2扩展前缀TLV的新子TLV。它不会给OSPF带来任何新的安全风险。[RFC2328]和[RFC7684]中描述的现有安全扩展适用。
It is assumed that both the BIER and OSPF layers are under a single administrative domain. There can be deployments where potential attackers have access to one or more networks in the OSPF routing domain. In these deployments, stronger authentication mechanisms such as those specified in [RFC7474] SHOULD be used.
假定BIER层和OSPF层都在一个管理域下。在某些部署中,潜在攻击者可以访问OSPF路由域中的一个或多个网络。在这些部署中,应使用更强的身份验证机制,如[RFC7474]中指定的机制。
The Security Considerations section of [RFC8279] discusses the possibility of performing a Denial-of-Service (DoS) attack by setting too many bits in the BitString of a BIER-encapsulated packet. However, this sort of DoS attack cannot be initiated by modifying the OSPF BIER advertisements specified in this document. A BFIR decides which systems are to receive a BIER-encapsulated packet. In making this decision, it is not influenced by the OSPF control messages. When creating the encapsulation, the BFIR sets one bit in the encapsulation for each destination system. The information in the OSPF BIER advertisements is used to construct the forwarding tables that map each bit in the encapsulation into a set of next hops for the host that is identified by that bit, but the information is not used by the BFIR to decide which bits to set. Hence, an attack on the OSPF control plane cannot be used to cause this sort of DoS attack.
[RFC8279]的安全注意事项部分讨论了通过在BIER封装数据包的位字符串中设置过多位来执行拒绝服务(DoS)攻击的可能性。但是,这种DoS攻击不能通过修改本文档中指定的OSPF BIER播发来发起。BFIR决定哪些系统接收BIER封装的数据包。在作出此决定时,它不受OSPF控制消息的影响。创建封装时,BFIR为每个目标系统在封装中设置一位。OSPF BIER播发中的信息用于构造转发表,该转发表将封装中的每个位映射到由该位标识的主机的一组下一跳,但BFIR不使用该信息来决定要设置的位。因此,对OSPF控制平面的攻击不能用于导致此类DoS攻击。
While a BIER-encapsulated packet is traversing the network, a BFR that receives a BIER-encapsulated packet with n bits set in its BitString may have to replicate the packet and forward multiple copies. However, a given bit will only be set in one copy of the packet. This means that each transmitted replica of a received packet has fewer bits set (i.e., is targeted to fewer destinations) than the received packet. This is an essential property of the BIER forwarding process as defined in [RFC8279]. While a failure of this
当BIER封装的数据包穿越网络时,接收BIER封装数据包且其位字符串中设置了n位的BFR可能必须复制该数据包并转发多个副本。但是,给定的位将仅在数据包的一个副本中设置。这意味着接收到的分组的每个传输副本具有比接收到的分组更少的比特集(即,针对更少的目的地)。这是[RFC8279]中定义的BIER转发过程的基本属性。而这是一个失败
process might cause a DoS attack (as discussed in the Security Considerations section of [RFC8279]), such a failure cannot be caused by an attack on the OSPF control plane.
进程可能导致DoS攻击(如[RFC8279]的“安全注意事项”部分所述),此类故障不能由对OSPF控制平面的攻击引起。
Implementations MUST ensure that malformed BIER and BIER MPLS Encapsulation Sub-TLVs as defined in this document are detected and that they do not provide a vulnerability for attackers to crash the OSPF router or routing process. Reception of malformed TLVs or sub-TLVs SHOULD be counted and/or logged for further analysis. Logging of malformed TLVs and sub-TLVs SHOULD be rate-limited to prevent a DoS attack (distributed or otherwise) from overloading the OSPF control plane.
实施必须确保检测到本文档中定义的格式错误的BIER和BIER MPLS封装子TLV,并且它们不会为攻击者提供使OSPF路由器或路由进程崩溃的漏洞。应统计和/或记录错误TLV或子TLV的接收情况,以便进一步分析。格式错误的TLV和子TLV的日志记录应具有速率限制,以防止DoS攻击(分布式或其他)使OSPF控制平面过载。
IANA has allocated the following from the "OSPFv2 Extended Prefix TLV Sub-TLVs" registry defined in [RFC7684].
IANA已从[RFC7684]中定义的“OSPFv2扩展前缀TLV子TLV”注册表中分配以下内容。
BIER Sub-TLV: 9
BIER分接头TLV:9
BIER MPLS Encapsulation Sub-TLV: 10
BIER MPLS封装子TLV:10
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, <https://www.rfc-editor.org/info/rfc2328>.
[RFC2328]Moy,J.,“OSPF版本2”,STD 54,RFC 2328,DOI 10.17487/RFC2328,1998年4月<https://www.rfc-editor.org/info/rfc2328>.
[RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", RFC 4915, DOI 10.17487/RFC4915, June 2007, <https://www.rfc-editor.org/info/rfc4915>.
[RFC4915]Psenak,P.,Mirtorabi,S.,Roy,A.,Nguyen,L.,和P.Pillay Esnault,“OSPF中的多拓扑(MT)路由”,RFC 4915,DOI 10.17487/RFC4915,2007年6月<https://www.rfc-editor.org/info/rfc4915>.
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., "Security Extension for OSPFv2 When Using Manual Key Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, <https://www.rfc-editor.org/info/rfc7474>.
[RFC7474]Bhatia,M.,Hartman,S.,Zhang,D.,和A.Lindem,Ed.,“使用手动密钥管理时OSPFv2的安全扩展”,RFC 7474,DOI 10.17487/RFC7474,2015年4月<https://www.rfc-editor.org/info/rfc7474>.
[RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 2015, <https://www.rfc-editor.org/info/rfc7684>.
[RFC7684]Psenak,P.,Gredler,H.,Shakir,R.,Henderickx,W.,Tantsura,J.,和A.Lindem,“OSPFv2前缀/链接属性广告”,RFC 7684,DOI 10.17487/RFC7684,2015年11月<https://www.rfc-editor.org/info/rfc7684>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Przygienda, T., and S. Aldrin, "Multicast Using Bit Index Explicit Replication (BIER)", RFC 8279, DOI 10.17487/RFC8279, November 2017, <https://www.rfc-editor.org/info/rfc8279>.
[RFC8279]Wijnands,IJ.,Ed.,Rosen,E.,Ed.,Dolganow,A.,Przygienda,T.,和S.Aldrin,“使用位索引显式复制(BIER)的多播”,RFC 8279,DOI 10.17487/RFC8279,2017年11月<https://www.rfc-editor.org/info/rfc8279>.
[RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation for Bit Index Explicit Replication (BIER) in MPLS and Non-MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January 2018, <https://www.rfc-editor.org/info/rfc8296>.
[RFC8296]Wijnands,IJ.,Ed.,Rosen,E.,Ed.,Dolganow,A.,Tantsura,J.,Aldrin,S.,和I.Meilik,“MPLS和非MPLS网络中位索引显式复制(BIER)的封装”,RFC 8296,DOI 10.17487/RFC8296,2018年1月<https://www.rfc-editor.org/info/rfc8296>.
[RFC8401] Ginsberg, L., Ed., Przygienda, T., Aldrin, S., and Z. Zhang, "Bit Index Explicit Replication (BIER) Support via IS-IS", RFC 8401, DOI 10.17487/RFC8401, June 2018, <https://www.rfc-editor.org/info/rfc8401>.
[RFC8401]Ginsberg,L.,Ed.,Przygienda,T.,Aldrin,S.,和Z.Zhang,“通过IS-IS的位索引显式复制(BIER)支持”,RFC 8401,DOI 10.17487/RFC8401,2018年6月<https://www.rfc-editor.org/info/rfc8401>.
[IANA-IGP] IANA, "IGP Algorithm Types", <https://www.iana.org/assignments/igp-parameters/>.
[IANA-IGP]IANA,“IGP算法类型”<https://www.iana.org/assignments/igp-parameters/>.
Acknowledgments
致谢
The authors would like to thank Rajiv Asati, Christian Martin, Greg Shepherd, and Eric Rosen for their contributions.
作者要感谢Rajiv Asati、Christian Martin、Greg Shepherd和Eric Rosen的贡献。
Authors' Addresses
作者地址
Peter Psenak (editor) Cisco Apollo Business Center Mlynske nivy 43 Bratislava 821 09 Slovakia
Peter Psenak(编辑)思科阿波罗商业中心Mlynske nivy 43布拉迪斯拉发821 09斯洛伐克
Email: ppsenak@cisco.com
Email: ppsenak@cisco.com
Nagendra Kumar Cisco 7200 Kit Creek Road Research Triangle Park, NC 27709 United States of America
美国北卡罗来纳州Kit Creek Road研究三角公园Nagendra Kumar Cisco 7200号,邮编:27709
Email: naikumar@cisco.com
Email: naikumar@cisco.com
IJsbrand Wijnands Cisco De Kleetlaan 6a Diegem 1831 Belgium
IJsbrand Wijnands Cisco De Kleetlaan 6a Diegem 1831比利时
Email: ice@cisco.com
Email: ice@cisco.com
Andrew Dolganow Nokia 750 Chai Chee Rd 06-06 Viva Business Park Singapore 469004 Singapore
Andrew Dolganow诺基亚750柴子路06-06新加坡万岁商业园新加坡469004
Email: andrew.dolganow@nokia.com
Email: andrew.dolganow@nokia.com
Tony Przygienda Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 United States of America
美国马萨诸塞州韦斯特福德科技园大道10号Tony Przygienda Juniper Networks,Inc.01886
Email: prz@juniper.net
Email: prz@juniper.net
Jeffrey Zhang Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 United States of America
Jeffrey Zhang Juniper Networks,Inc.美国马萨诸塞州韦斯特福德科技园大道10号01886
Email: zzhang@juniper.net
Email: zzhang@juniper.net
Sam Aldrin Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA United States of America
Sam Aldrin Google,Inc.美国加利福尼亚州山景大道1600圆形剧场
Email: aldrin.ietf@gmail.com
Email: aldrin.ietf@gmail.com