< draft-simpson-isis-ppp-unique-01.txt   draft-simpson-isis-ppp-unique-02.txt >
INTERNET-DRAFT W A Simpson INTERNET-DRAFT W A Simpson
DayDreamer DayDreamer
Intended status: Experimental 18 May 2011 Intended status: Experimental 8 August 2011
Generation of Unique IS-IS System Identifiers Generation of Unique IS-IS System Identifiers
draft-simpson-isis-ppp-unique-01 draft-simpson-isis-ppp-unique-02
Abstract Abstract
The IS-IS routing protocol (Intermediate System to Intermediate The IS-IS routing protocol (Intermediate System to Intermediate
System, ISO 10589) requires unique System Identifiers at the link System, ISO 10589) requires unique System Identifiers at the link
layer. A common practice has been to use an existing IEEE 802 MAC layer. A common practice has been to use an existing IEEE 802 MAC
link-layer interface identifier. When no unique MAC is available, link-layer interface identifier. When no unique MAC is available,
this document specifies automatic generation of identifiers. It is this document specifies automatic generation of identifiers. It is
fully interoperable with systems that do not support this extension. fully interoperable with systems that do not support this extension.
skipping to change at page 1, line 63 skipping to change at page 1, line 63
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . 1 1. Introduction . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Terminology . . . . . . . . . . . . . . . . . . . 1 1.1 Terminology . . . . . . . . . . . . . . . . . . . 1
2. Random Generation . . . . . . . . . . . . . . . . . . . 1 2. Random Generation . . . . . . . . . . . . . . . . . . . 2
2.1 PPP Links . . . . . . . . . . . . . . . . . . . . 2 2.1 PPP Links . . . . . . . . . . . . . . . . . . . . 2
3. Resolving Conflicts . . . . . . . . . . . . . . . . . . 3 3. Resolving Conflicts . . . . . . . . . . . . . . . . . . 3
ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . 3 ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . 4
IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . 4 IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . 4
OPERATIONAL CONSIDERATIONS . . . . . . . . . . . . . . . . . . 4 OPERATIONAL CONSIDERATIONS . . . . . . . . . . . . . . . . . . 5
SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . 4 SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . 5
NORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . . 5 NORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . . 6
INFORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . 5 INFORMATIVE REFERENCES . . . . . . . . . . . . . . . . . . . . 6
CONTACTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 CONTACTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The System Identifier is 6 octets for OSI end systems, and 7 octets The System Identifier is 6 octets for OSI end systems, and 7 octets
for IS-IS routers or pseudonodes. This identifier is not required to for IS-IS routers or pseudonodes. This identifier is not required to
be the Destination or Source of any packet. (See [ISO10589], be the Destination or Source of any packet. (See [ISO10589],
[RFC1195], and [RFC5342] for further details.) [RFC1195], and [RFC5342] for further details.)
Typically, IS-IS implementations base the identifier on an existing Typically, IS-IS implementations base the identifier on an existing
Media Access Control (MAC) link-layer interface identifier. The Media Access Control (MAC) link-layer interface identifier. The
48-bit MAC is usually composed of a 24-bit Organizationally Unique 48-bit MAC is usually composed of a 24-bit Organizationally Unique
Identifier (OUI) followed by a 24-bit Network Interface Controller Identifier (OUI) followed by a 24-bit Network Interface Controller
(NIC) specific number. (NIC) specific number.
Other systems have a configured identifier that is independent of the Other systems have a configured identifier that is independent of the
interfaces. interfaces.
When no unique MAC is available, this document specifies automatic
generation of identifiers. In the presence of PPP [RFC1661] links,
the PPP Magic Number is unique with respect to its neighbors and
further reduces the potential for conflict.
This mechanism is also necessary to resolve conflicts between
multiple systems with the same System Identifier due to manufacturing
or misconfiguration.
1.1. Terminology 1.1. Terminology
The key words "MAY", "MUST, "MUST NOT", "OPTIONAL", "RECOMMENDED", The key words "MAY", "MUST, "MUST NOT", "OPTIONAL", "RECOMMENDED",
"REQUIRED", "SHOULD", and "SHOULD NOT" in this document are to be "REQUIRED", "SHOULD", and "SHOULD NOT" in this document are to be
interpreted as described in [RFC2119]. interpreted as described in [RFC2119].
2. Random Generation 2. Random Generation
Some systems have only point-to-point or other links without any Some systems have only point-to-point or other links without any
conveniently available MAC, and do not have a configured identifier. conveniently available MAC, and do not have a configured identifier.
skipping to change at page 1, line 112 skipping to change at page 2, line 21
In this case, a 48-bit System Identifier MUST be randomly generated. In this case, a 48-bit System Identifier MUST be randomly generated.
(See [RFC4086] for requirements.) (See [RFC4086] for requirements.)
To mitigate against potential assignment conflicts, this System To mitigate against potential assignment conflicts, this System
Identifier (considered as a pseudo-MAC) MUST have both the "locally- Identifier (considered as a pseudo-MAC) MUST have both the "locally-
assigned" and "broadcast/multicast" (group) bits set; that is, the assigned" and "broadcast/multicast" (group) bits set; that is, the
least significant two bits of the most significant octet are equal to least significant two bits of the most significant octet are equal to
0x3. 0x3.
The probability of conflict is reduced to a birthday attack of the The probability of conflict between these identifiers is of the order
order N/2**23; where N is the number of systems in the same IS-IS (N**2)/(2**47); where N is the number of systems in the same IS-IS
area. [Schneier] This is considerably less likely than a duplicate area. This is considerably less likely than a duplicate MAC (see
MAC (see below). below).
2.1. PPP Links 2.1. PPP Links
PPP [RFC1661] links (such as [RFC1377]) already specify negotiation PPP [RFC1661] links (such as [RFC1377]) already specify negotiation
of a randomly generated unique 32-bit Magic Number "to detect looped- of a randomly generated unique 32-bit Magic Number "to detect looped-
back links and other Data Link Layer anomalies." Although only a back links and other Data Link Layer anomalies." Although only a
single interface negotiation is described in the main document, it single interface negotiation is described in the main document, it
has long been understood [RFC1220] [Simpson1992] [Baker1992] that the has long been understood [RFC1220] [Simpson1992] [Baker1992] that the
term "unique" applies across all local system interfaces. This term "unique" applies across all local system interfaces. This
protects against patch-panel errors in addition to looped-back protects against patch-panel errors in addition to looped-back
skipping to change at page 3, line 7 skipping to change at page 3, line 13
least significant two bits of the most significant octet are equal to least significant two bits of the most significant octet are equal to
0x3. 0x3.
The probability of conflict is considerably less than the wholly The probability of conflict is considerably less than the wholly
generated pseudo-MAC (above), as the Magic Number has already been generated pseudo-MAC (above), as the Magic Number has already been
determined to be locally unique. The pseudo-OUI differentiates among determined to be locally unique. The pseudo-OUI differentiates among
PPP systems in the same IS-IS area. PPP systems in the same IS-IS area.
3. Resolving Conflicts 3. Resolving Conflicts
As multiple systems generate System Identifiers, they might not have
sufficiently divergent random bits available (especially on startup).
Resolving conflicts is REQUIRED.
Field experience has shown that IEEE 802 MAC identifiers are Field experience has shown that IEEE 802 MAC identifiers are
frequently not unique. Companies that manufacture more than 2**24 frequently not unique. Reuse is more likely to recycle a block
(16,777,214) devices will often reuse the same MAC. The probability varying only the least significant bits, increasing the probability
of conflict is defined by a birthday attack of the order N/2**16; considerably over a normal distribution.
where N is the number of systems in the same IS-IS area.
Also, many companies reuse the same MAC for different product lines, A MAC is most often reused by companies that have defective
or different speeds or types of media. Some implementations failed manufacturing processes, or manufacture more than 2**24 (16,777,214)
to correctly convert the MAC to canonical form [RFC2469], causing devices. Many companies reuse the same MAC for different product
unintentional conflicts through multi-media bridges. lines, or different speeds or types of media. Some implementations
failed to correctly convert the MAC to canonical form [RFC2469],
causing unintentional conflicts through multi-media bridges.
If a duplicated MAC is used as a System Identifier within an IS-IS If a duplicated MAC is used as a System Identifier within an IS-IS
area, this leads to the condition colloquially called "LSR War". area, this leads to the condition colloquially called "LSP War" or
Currently, IS-IS has no method to detect or resolve such conflicts. "LSR War". The Update Process will increment its LSP sequence number
repeatedly. Currently, IS-IS has no method to autonomously resolve
conflicts.
After detecting a conflicting System Identifier in a neighbor, or An implementation conforming with this specification MUST generate a
receiving 3 or more IS-IS Hellos and failing to resolve participation replacement System Identifier using one of the techniques specified
in an area within 10 seconds, an implementation conforming with this above, upon:
specification MUST generate a replacement System Identifier using one
of the techniques specified above. (a) detecting a conflicting System Identifier in
(a)(1) 1 IS-IS Hello from any neighbor, or
(a)(2) 2 consecutive LSPs and/or SNPs from the same source;
(b) failing to resolve participation in an area after
(b)(1) incrementing its Sequence Number 3 or more times, and
(b)(2) 10 seconds.
This will not usually detect conflicts between different areas that
do not affect routing within those areas. Each system participating
in two or more areas MUST maintain a distinction between System
Identifiers found in each area. Never-the-less, any replacement
System Identifier SHOULD propagate in every such area.
The system SHOULD delay generation and transmission of this The system SHOULD delay generation and transmission of this
replacement System Identifier for a random amount of time between 0 replacement System Identifier for a random amount of time between 0
and MAX_GENERATION_DELAY. Although the randomization range is and MAX_GENERATION_DELAY. Although the randomization range is
specified in units of seconds, the actual randomly-chosen value specified in units of seconds, the actual randomly-chosen value
SHOULD NOT be in units of whole seconds, but rather in units of the SHOULD NOT be in units of whole seconds, but rather in units of the
highest available timer resolution. highest available timer resolution.
This reduces the probability of synchronization with advertisements This reduces the probability of synchronization with advertisements
from other systems in the same IS-IS area. If a message is received from other systems in the same IS-IS area. If a message is received
skipping to change at page 4, line 5 skipping to change at page 4, line 31
system, the existing local System Identifier remains unchanged. system, the existing local System Identifier remains unchanged.
Acknowledgments Acknowledgments
This document parallels text originally in [RFC2153] and various This document parallels text originally in [RFC2153] and various
other drafts. other drafts.
James Carlson, Donald Eastlake, Dave Katz, and Radia Perlman provided James Carlson, Donald Eastlake, Dave Katz, and Radia Perlman provided
background information and helpful comments. background information and helpful comments.
Members of the IESG, ISIS WG, PPPext WG, and TRILL WG contributed
additional comments.
IANA Considerations IANA Considerations
This document has no IANA actions. This document has no IANA actions.
[RFC Editor: please remove this section prior to publication.] [RFC Editor: please remove this section prior to publication.]
Operational Considerations Operational Considerations
MAX_GENERATION_DELAY MAX_GENERATION_DELAY
Default: 1 second. This is based on an anticipated IS-IS Hello Default: 1 second. This is based on an anticipated IS-IS Hello
skipping to change at page 4, line 26 skipping to change at page 5, line 20
When Hellos are sent at a greater time interval, this MUST NOT be When Hellos are sent at a greater time interval, this MUST NOT be
greater than interval/2, and SHOULD NOT be greater than greater than interval/2, and SHOULD NOT be greater than
interval/4. interval/4.
Configurable System Identifier Configurable System Identifier
Default 0 (off). Although the probability of conflict with Default 0 (off). Although the probability of conflict with
another System Identifier is minuscule, some implementations might another System Identifier is minuscule, some implementations might
not have a sufficient source of randomness, and could repeatedly not have a sufficient source of randomness, and could repeatedly
select conflicting values. An implementation conforming with this select conflicting values. An implementation conforming with this
specification SHOULD have the capability to manually re-configure specification SHOULD have the capability of manually configuring
the System Identifier, preventing random generation of a the System Identifier, preventing random generation of a
replacement System Identifier. replacement System Identifier.
To mitigate against potential assignment conflicts, this System To mitigate against potential assignment conflicts, this System
Identifier (considered as a pseudo-MAC) MUST have the "locally- Identifier (considered as a pseudo-MAC) MUST have the "locally-
assigned" bit set and "broadcast/multicast" (group) bit clear; assigned" bit set and "broadcast/multicast" (group) bit clear;
that is, the least significant two bits of the most significant that is, the least significant two bits of the most significant
octet are equal to 0x2. octet are equal to 0x2.
Remote Management
Additional options have been suggested to configure other actions
taken upon detecting a conflicting System Identifier. For
example, the system might send an alert to a remote management
facility and disable IS-IS until remote management updates the
configuration. Such remote management configuration options are
beyond the scope of this specification.
Security Considerations Security Considerations
These mechanisms provide protection against compromised, These mechanisms provide protection against compromised,
malfunctioning, or misconfigured systems [RFC4593]; spoofing attacks malfunctioning, or misconfigured systems [RFC4593]; spoofing attacks
are thwarted by quickly renegotiating a replacement System are thwarted by quickly renegotiating a replacement System
Identifier. Identifier.
Never-the-less, [RFC5304] increases protection against maliciously Never-the-less, [RFC5304] increases protection against maliciously
configured conflicting System Identifiers. configured conflicting System Identifiers.
skipping to change at page 6, line 11 skipping to change at page 7, line 11
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to [RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to
Routing Protocols", October 2006. Routing Protocols", October 2006.
[RFC5304] Li, T., and R. Atkinson, "IS-IS Cryptographic [RFC5304] Li, T., and R. Atkinson, "IS-IS Cryptographic
Authentication", October 2008. Authentication", October 2008.
[RFC5342] Eastlake 3rd, D., "IANA Considerations and IETF Protocol [RFC5342] Eastlake 3rd, D., "IANA Considerations and IETF Protocol
Usage for IEEE 802 Parameters", BCP 141, September 2008. Usage for IEEE 802 Parameters", BCP 141, September 2008.
[Schneier] Schneier, B., "Applied Cryptography", John Wiley & Sons,
1996. ISBN 0-471-11709-9.
[Simpson1992] [Simpson1992]
Simpson, W., "where are we?", Message to IESG and others, Simpson, W., "where are we?", Message to IESG and others,
April 17, 1992. Message-Id: April 17, 1992. Message-Id:
<269.bsimpson@vela.acs.oakland.edu> <269.bsimpson@vela.acs.oakland.edu>
[Simpson1993] [Simpson1993]
Simpson, W., "Re: Simple Multilink Proceedure for PPP - Simpson, W., "Re: Simple Multilink Proceedure for PPP -
the document", Message to ietf-ppp and iplpdn mailing the document", Message to ietf-ppp and iplpdn mailing
lists, February 21, 1993. Message-Id: lists, February 21, 1993. Message-Id:
<988.bill.simpson@um.cc.umich.edu> <988.bill.simpson@um.cc.umich.edu>
 End of changes. 16 change blocks. 
32 lines changed or deleted 72 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/