[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 RFC 5613

Network Working Group                                           A. Zinin
Internet-Draft                                                   Alcatel
Intended status: Standards Track                                  A. Roy
Expires: October 22, 2008                                      L. Nguyen
                                                           Cisco Systems
                                                             B. Friedman
                                                        Redback Networks
                                                                D. Young
                                                           Cisco Systems
                                                          April 20, 2008


                       OSPF Link-local Signaling
                       draft-ietf-ospf-lls-05.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on October 22, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2008).








Zinin, et al.           Expires October 22, 2008                [Page 1]

Internet-Draft          OSPF Link-local Signaling             April 2008


Abstract

   OSPF is a link-state intra-domain routing protocol.  OSPF routers
   exchange information on a link using packets that follow a well-
   defined fixed format.  The format is not flexible enough to enable
   new features which need to exchange arbitrary data.  This document
   describes a backward-compatible technique to perform link-local
   signaling, i.e., exchange arbitrary data on a link.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Requirements notation  . . . . . . . . . . . . . . . . . .  3
   2.  Proposed solution  . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Options Field  . . . . . . . . . . . . . . . . . . . . . .  5
     2.2.  LLS Data Block . . . . . . . . . . . . . . . . . . . . . .  5
     2.3.  LLS TLVs . . . . . . . . . . . . . . . . . . . . . . . . .  6
     2.4.  Extended Options TLV . . . . . . . . . . . . . . . . . . .  6
     2.5.  Cryptographic Authentication TLV (OSPFv2 ONLY) . . . . . .  7
     2.6.  Private and Experimental TLVs  . . . . . . . . . . . . . .  8
   3.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
   4.  Compatibility Issues . . . . . . . . . . . . . . . . . . . . . 10
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     6.1.  Normative References . . . . . . . . . . . . . . . . . . . 12
     6.2.  Informative References . . . . . . . . . . . . . . . . . . 12
   Appendix A.  Acknowledgements  . . . . . . . . . . . . . . . . . . 13
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
   Intellectual Property and Copyright Statements . . . . . . . . . . 15





















Zinin, et al.           Expires October 22, 2008                [Page 2]

Internet-Draft          OSPF Link-local Signaling             April 2008


1.  Introduction

   This document describes an extension to OSPFv2 [OSPFV2] and OSPFv3
   [OSPFV3] allowing additional information to be exchanged between
   routers on the same link.  OSPFv2 and OSPFv3 packet formats are fixed
   and do not allow for extension.  This document proposes appending an
   optional data block composed of Type/Length/Value (TLV) triplets to
   existing OSPFv2 and OSPFv3 packets to carry this additional
   information.  Throughout this document, OSPF will be used when the
   specification is applicable to both OSPFv2 and OSPFv3.  Similarly,
   OSPFv2 or OSPFv3 will be used when the text is protocol specific.

   One potential way of solving this task could be introducing a new
   packet type.  However, that would mean introducing extra packets on
   the network which may not be desirable and may cause backward
   compatibility issues.  This document describes how to exchange data
   using standard OSPF packet types.

1.1.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [KEY].




























Zinin, et al.           Expires October 22, 2008                [Page 3]

Internet-Draft          OSPF Link-local Signaling             April 2008


2.  Proposed solution

   To perform link-local signaling (LLS), OSPF routers add a special
   data block to the end of OSPF packets or right after the
   authentication data block when cryptographic authentication is used.
   The length of the LLS block is not included into the length of OSPF
   packet, but is included in the IPv4/IPv6 packet length.  Figure 1
   illustrates how the LLS data block is attached.

   +---------------------+ --              --  +---------------------+
   | IP Header           | ^               ^   | IPv6 Header         |
   | Length = HL+X+Y+Z   | | Header Length |   | Length = HL+X+Y     |
   |                     | v               v   |                     |
   +---------------------+ --              --  +---------------------+
   | OSPF Header         | ^               ^   | OSPFv3 Header       |
   | Length = X          | |               |   | Length = X          |
   |.....................| | X             | X |.....................|
   |                     | |               |   |                     |
   | OSPFv2 Data         | |               |   | OSPFv3 Data         |
   |                     | v               v   |                     |
   +---------------------+ --              --  +---------------------+
   |                     | ^               ^   |                     |
   | Authentication Data | | Y             | Y |  LLS Data           |
   |                     | v               v   |                     |
   +---------------------+ --              --  +---------------------+
   |                     | ^
   |  LLS Data           | | Z
   |                     | v
   +---------------------+ --


                Figure 1: LLS Data Block in OSPFv2 and OSPFv3

   The LLS data block MAY be attached to OSPF Hello and DD packets.  The
   data included in LLS block attached to a Hello packet MAY be used for
   dynamic signaling since Hello packets may be sent at any time in
   time.  However, delivery of LLS data in Hello packets is not
   guaranteed.  The data sent with DD packets is guaranteed to be
   delivered as part of the adjacency forming process.

   This document does not specify how the data transmitted by the LLS
   mechanism should be interpreted by OSPF routers.  As routers that do
   not understand LLS may receive these packets, changes made due to LLS
   block TLV's do not affect the basic routing when interacting with
   non-LLS routers.






Zinin, et al.           Expires October 22, 2008                [Page 4]

Internet-Draft          OSPF Link-local Signaling             April 2008


2.1.  Options Field

   A new L bit (L stands for LLS) is introduced to OSPF Options field
   (see Figure 2a/2b).  Routers set the L bit in Hello and DD packets to
   indicate that the packet contains LLS data block.  In other words,
   LLS data block is only examined if the L bit is set.

              +---+---+---+---+---+---+---+---+
              | * | O | DC| L |N/P| MC| E | * |
              +---+---+---+---+---+---+---+-+-+

               Figure 2a: OSPFv2 Options field


    0                   1                       2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4  5 6 7  8  9  0  1  2  3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+
   | | | | | | | | | | | | | | |L|AF|*|*|DC| R| N|MC| E|V6|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+--+--+--+--+--+--+

               Figure 2b: OSPFv3 Options field

   The L bit is only set in Hello and DD packets.

2.2.  LLS Data Block

   The data block used for link-local signaling is formatted as
   described below (see Figure 3 for illustration).


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Checksum           |       LLS Data Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                           LLS TLVs                            |
   .                                                               .
   .                                                               .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Figure 3: Format of LLS Data Block


   The Checksum field contains the standard IP checksum for the entire
   contents of the LLS block.




Zinin, et al.           Expires October 22, 2008                [Page 5]

Internet-Draft          OSPF Link-local Signaling             April 2008


   The 16-bit LLS Data Length field contains the length (in 32-bit
   words) of the LLS block including the header and payload.
   Implementations MUST NOT use the Length field in the IP packet header
   to determine the length of the LLS data block.

   Note that if the OSPF packet is cryptographically authenticated, the
   LLS data block MUST also be cryptographically authenticated.  In this
   case, the regular LLS checksum is not calculated and the LLS block
   will contain a cryptographic authentication TLV (see Section 2.5).

   The rest of the block contains a set of Type/Length/Value (TLV)
   triplets as described in Section 2.3.  All TLVs MUST be 32-bit
   aligned (with padding if necessary).

2.3.  LLS TLVs

   The contents of LLS data block is constructed using TLVs.  See Figure
   4 for the TLV format.

   The type field contains the TLV ID which is unique for each type of
   TLVs.  The Length field contains the length of the Value field (in
   bytes).  The value field is variable and contains arbitrary data.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Type               |           Length              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                                                               .
   .                             Value                             .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 4: Format of LLS TLVs

   Note that TLVs are always padded to 32-bit boundary, but padding
   bytes are not included in TLV Length field (though they are included
   in the LLS Data Length field in the LLS block header).  Unrecognized
   TLV types are ignored.

2.4.  Extended Options TLV

   This subsection describes a TLV called the Extended Options (EO) TLV.
   The format of EO-TLV is shown in Figure 5.

   Bits in the Value field do not have any semantics from the point of
   view of the LLS mechanism.  This field MAY be used to announce some



Zinin, et al.           Expires October 22, 2008                [Page 6]

Internet-Draft          OSPF Link-local Signaling             April 2008


   OSPF capabilities that are link-specific.  Also, other OSPF
   extensions MAY allocate bits in the bit vector to perform boolean
   link-local signaling.

   The length of the Value field in the EO-TLV is 4 bytes.

   The value of the type field in the EO-TLV is 1.

   The EO-TLV MUST only appear once in the LLS data block.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             1                 |            4                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Extended Options                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Figure 5: Format of EO TLV

   Currently, [OOB] and [RESTART] use bits in the Extended Options field
   of the EO-TLV.

   The Extended Options bits are defined in Section 3.

2.5.  Cryptographic Authentication TLV (OSPFv2 ONLY)

   This document defines a special TLV that is used for cryptographic
   authentication (CA-TLV) of the LLS data block.  This TLV MUST be
   included in the LLS block when the cryptographic authentication is
   enabled on the corresponding interface.  The message digest of the
   LLS block MUST be calculated using the same key and authentication
   algorithm as used for the OSPFv2 packet.  The cryptographic sequence
   number is included in the TLV and MUST be the same as the one in the
   OSPFv2 authentication data for the LLS block to be considered
   authentic.

   The TLV is constructed as shown in Figure 6.













Zinin, et al.           Expires October 22, 2008                [Page 7]

Internet-Draft          OSPF Link-local Signaling             April 2008


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              2                |         AuthLen               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Sequence number                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                                                               .
   .                           AuthData                            .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

          Figure 6: Format of Cryptographic Authentication TLV

   The value of the Type field for the CA-TLV is 2.

   The Length field in the header contains the length of the data
   portion of the TLV including 4 bytes for Sequence Number and the
   length of the message digest block for the whole LLS block in bytes.

   The Sequence Number field contains the cryptographic sequence number
   that is used to prevent simple replay attacks.  For the LLS block to
   be considered authentic, the Sequence Number in the CA-TLV MUST match
   the Sequence Number in the OSPFv2 packet header Authentication field.
   In the event of Sequence Number mismatch or Authentication failure,
   the whole LLS block MUST be ignored.

   The AuthData contains the message digest calculated for the LLS data
   block.

   The CA-TLV MUST only appear once in the the LLS block.  Also, when
   present, this TLV SHOULD be the last TLV in the LLS block.

2.6.  Private and Experimental TLVs

   LLS type values in the range of 32768-65536 are reserved for private
   and experimental use.  The first four octets of the Value field MUST
   be the private enterprise code [ENTNUM].  This allows multiple vendor
   private extensions to coexist in a network.











Zinin, et al.           Expires October 22, 2008                [Page 8]

Internet-Draft          OSPF Link-local Signaling             April 2008


3.  IANA Considerations

   LLS TLV types are maintained by the IANA.  Extensions to OSPF which
   require a new LLS TLV type MUST be reviewed by an designated expert
   from the routing area.

   Following the policies outlined in [IANA], LLS type values in the
   range of 0-32767 are allocated through an IETF Consensus action and
   LLS type values in the range of 32768-65536 are reserved for private
   and experimental use.

   This document assigns the following LLS TLV types in OSPFv2/OSPFv3.

   TLV Type    Name                                      Reference
   0           Reserved
   1           Extended Options                          [RFCNNNN]*
   2           Cryptographic Authentication+             [RFCNNNN]*
   3-32767     Reserved for assignment by the IANA
   32768-65535 Private Use

   *[RFCNNNN] refers to the RFC number-to-be for this document.
   + Cryptographic Authentication TLV is only defined for OSPFv2

   This document also assigns the following bits for the Extended
   Options bits field in the EO-TLV outlined in Section 2.5:

   Extended Options Bit    Name                        Reference
   0x00000001              LSDB Resynchronization (LR) [OOB]
   0x00000002              Restart Signal (RS-bit)     [RESTART]

   Other Extended Options bits will be allocated through an IETF
   consensus action.



















Zinin, et al.           Expires October 22, 2008                [Page 9]

Internet-Draft          OSPF Link-local Signaling             April 2008


4.  Compatibility Issues

   The modifications to OSPF packet formats are compatible with standard
   OSPF since OSPF router not supporting LLS will ignore the LLS data
   block after the OSPF packet or cryptographic message digest.














































Zinin, et al.           Expires October 22, 2008               [Page 10]

Internet-Draft          OSPF Link-local Signaling             April 2008


5.  Security Considerations

   The described technique provides the same level of security as OSPFv2
   protocol by allowing LLS data to be authenticated using the same
   cryptographic authentication that OSPFv2 uses (see Section 2.5 for
   more details).

   OSPFv3 utilizes IPSec for authentication and encryption [OSPFV3AUTH].
   With IPsec, the AH (Authentication Header), ESP (Encapsulating
   Security Payload), or both are applied to the entire OSPFv3 payload
   including the LLS block.








































Zinin, et al.           Expires October 22, 2008               [Page 11]

Internet-Draft          OSPF Link-local Signaling             April 2008


6.  References

6.1.  Normative References

   [IANA]     Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", RFC 2334,
              October 1998.

   [KEY]      Bradner, S., "Key words for use in RFC's to Indicate
              Requirement Levels", RFC 2119, March 1997.

   [OSPFV2]   Moy, J., "OSPF Version 2", RFC 2328, April 1998.

   [OSPFV3]   Coltun, R., Ferguson, D., and J. Moy, "OSPF for IPv6",
              RFC 2740, December 1999.

   [OSPFV3AUTH]
              Gupta, M. and N. Melam, "Authentication/Confidentiality
              for OSPFv3", RFC 4552, June 2006.

6.2.  Informative References

   [ENTNUM]   IANA,
              "http://www.iana.org/assignments/enterprise-numbers".

   [OOB]      Zinin, A., Roy, A., and L. Nguyen, "OSPF Out-of-band LSDB
              resynchronization", RFC 4811, March 2007.

   [RESTART]  Zinin, A., Roy, A., and L. Nguyen, "OSPF Restart
              Signaling", RFC 4812, March 2007.





















Zinin, et al.           Expires October 22, 2008               [Page 12]

Internet-Draft          OSPF Link-local Signaling             April 2008


Appendix A.  Acknowledgements

   The authors would like to acknowledge Russ White, Acee Lindem and
   Manral Vishwas for their review of this document.















































Zinin, et al.           Expires October 22, 2008               [Page 13]

Internet-Draft          OSPF Link-local Signaling             April 2008


Authors' Addresses

   Alex Zinin
   Alcatel
   Sunnyvale
   USA

   Email: zinin@psg.com


   Abhay Roy
   Cisco Systems
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: akr@cisco.com


   Liem Nguyen
   Cisco Systems
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: lhnguyen@cisco.com


   Barry Friedman
   Redback Networks
   100 Headquarters Drive
   San Jose, CA  95134
   USA

   Email: friedman@redback.com


   Derek Young
   Cisco Systems
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: myeung@cisco.com







Zinin, et al.           Expires October 22, 2008               [Page 14]

Internet-Draft          OSPF Link-local Signaling             April 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Zinin, et al.           Expires October 22, 2008               [Page 15]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/