1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
<pre>Internet Engineering Task Force (IETF) A. Lindem
Request for Comments: 6549 Ericsson
Updates: <a href="./rfc2328">2328</a> A. Roy
Category: Standards Track S. Mirtorabi
ISSN: 2070-1721 Cisco Systems
March 2012
<span class="h1">OSPFv2 Multi-Instance Extensions</span>
Abstract
OSPFv3 includes a mechanism to support multiple instances of the
protocol running on the same interface. OSPFv2 can utilize such a
mechanism in order to support multiple routing domains on the same
subnet.
This document defines the OSPFv2 Instance ID to enable separate
OSPFv2 protocol instances on the same interface. Unlike OSPFv3 where
the Instance ID can be used for multiple purposes, such as putting
the same interface in multiple areas, the OSPFv2 Instance ID is
reserved for identifying protocol instances.
This document updates <a href="./rfc2328">RFC 2328</a>.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of
RFC 5741</a>.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6549">http://www.rfc-editor.org/info/rfc6549</a>.
<span class="grey">Lindem, et al. Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-1.1">1.1</a>. Requirements Notation ......................................<a href="#page-3">3</a>
<a href="#section-2">2</a>. OSPFv2 Instance Packet Encoding .................................<a href="#page-3">3</a>
<a href="#section-3">3</a>. OSPFv2 Interface Instance ID ....................................<a href="#page-4">4</a>
<a href="#section-3.1">3.1</a>. Sending and Receiving OSPFv2 Packets .......................<a href="#page-4">4</a>
<a href="#section-3.2">3.2</a>. Interface Instance ID Values ...............................<a href="#page-4">4</a>
<a href="#section-4">4</a>. State Sharing Optimizations between OSPFv2 Instances ............<a href="#page-5">5</a>
<a href="#section-5">5</a>. OSPFv2 Authentication Impacts ...................................<a href="#page-5">5</a>
<a href="#section-6">6</a>. Backward Compatibility and Deployment Considerations ............<a href="#page-5">5</a>
<a href="#section-7">7</a>. Security Considerations .........................................<a href="#page-6">6</a>
<a href="#section-8">8</a>. IANA Considerations .............................................<a href="#page-6">6</a>
<a href="#section-9">9</a>. References ......................................................<a href="#page-7">7</a>
<a href="#section-9.1">9.1</a>. Normative References .......................................<a href="#page-7">7</a>
<a href="#section-9.2">9.2</a>. Informative References .....................................<a href="#page-7">7</a>
<a href="#appendix-A">Appendix A</a>. Acknowledgments.... ....................................<a href="#page-8">8</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
OSPFv3 [<a href="#ref-OSPFV3" title=""OSPF for IPv6"">OSPFV3</a>] includes a mechanism to support multiple instances of
a protocol running on the same interface. OSPFv2 [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>] can
utilize such a mechanism in order to support multiple routing domains
on the same subnet.
This document defines the OSPFv2 Instance ID to enable separate
OSPFv2 protocol instances on the same interface. Unlike OSPFv3 where
the Instance ID can be used for multiple purposes, such as putting
the same interface in multiple areas, the OSPFv2 Instance ID is
reserved for identifying protocol instances.
<span class="grey">Lindem, et al. Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Requirements Notation</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="#ref-RFC-KEYWORDS">RFC-KEYWORDS</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. OSPFv2 Instance Packet Encoding</span>
This document extends OSPFv2 with a mechanism to differentiate
packets for different instances sent and received on the same
interface. In support of this capability, a modified packet header
format with the Authentication Type field split into an Instance ID
and AuType.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version # | Type | Packet length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Area ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Instance ID | AuType |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authentication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The OSPFv2 Packet Header
All fields are as defined in [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>] except that the Instance ID
field is new, and the AuType field is reduced to 8 bits from 16 bits
without any change in meaning. The Instance ID field is defined as
follows:
Instance ID
Enables multiple instances of OSPFv2 to be used on a single
interface. Each protocol instance would be assigned a separate
Instance ID; the Instance ID has local subnet significance only.
Received packets with an Instance ID not equal to one of the
Instance IDs corresponding to one of the configured OSPFv2
Instances for the receiving interface MUST be discarded.
<span class="grey">Lindem, et al. Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. OSPFv2 Interface Instance ID</span>
Section 9 of [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>] describes the conceptual interface data
structure. The OSPFv2 Interface Instance ID is added to this
structure. The OSPFv2 Interface Instance ID has a default value of
0. Setting it to a non-zero value may be accomplished through
configuration.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Sending and Receiving OSPFv2 Packets</span>
When sending OSPFv2 packets, the OSPFv2 Interface Instance ID is set
in the OSPFv2 packet header. When receiving OSPFv2 packets, the
OSPFv2 Header Instance ID is used to aid in demultiplexing the packet
and associating it with the correct OSPFv2 instance. Received
packets with an Instance ID not equal to one of the configured OSPFv2
Instance IDs on the receiving interface MUST be discarded.
<span class="h3"><a class="selflink" id="section-3.2" href="#section-3.2">3.2</a>. Interface Instance ID Values</span>
The following OSPFv2 Instance IDs have been defined:
0 Base IPv4 Instance - This is the default IPv4 routing instance
corresponding to default IPv4 unicast routing and the
attendant IPv4 routing table. Use of this Instance ID
provides backward compatibility with the base OSPF
specification [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>].
1 Base IPv4 Multicast Instance - This IPv4 instance corresponds
to the separate IPv4 routing table used for the Reverse Path
Forwarding (RPF) checking performed on IPv4 multicast traffic.
2 Base IPv4 In-band Management Instance - This IPv4 instance
corresponds to a separate IPv4 routing table used for network
management applications.
3-127 Private Use - These Instance IDs are reserved for definition
and semantics defined by the local network administrator. For
example, separate Interface Instance IDs and their
corresponding OSPFv2 instances could be used to support
independent non-congruent topologies for different classes of
IPv4 unicast traffic. The details of such deployments are
beyond the scope of this document.
The first three Interface Instance IDs are analogous to the topology
IDs defined in [<a href="./rfc4915" title=""Multi-Topology (MT) Routing in OSPF"">RFC4915</a>].
<span class="grey">Lindem, et al. Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. State-Sharing Optimizations between OSPFv2 Instances</span>
This is beyond the scope of this document and is an area for further
study.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. OSPFv2 Authentication Impacts</span>
Now that the AuType OSPFv2 header field has been reduced from 2
octets to 1 octet, OSPFv2 routers not supporting this specification
will fail packet authentication for any instance other than the
default (i.e., the Base IPv4 Unicast Instance). This is solely due
to the difference in field definition as opposed to any explicit
change to OSPFv2 authentication, as described in <a href="#appendix-D">Appendix D</a> of <a href="./rfc2328">RFC</a>
<a href="./rfc2328">2328</a> [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>] and <a href="./rfc5709">RFC 5709</a> [<a href="./rfc5709" title=""OSPFv2 HMAC-SHA Cryptographic Authentication"">RFC5709</a>]. However, this is exactly what
is desired since OSPFv2 routers not supporting this specification
should only support the default instance (refer to <a href="#section-6">Section 6</a>).
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Backward Compatibility and Deployment Considerations</span>
When there are OSPFv2 routers that support OSPFv2 Multi-Instance
extensions on the same broadcast-capable interface as OSPFv2 routers
that do not, packets with non-zero OSPFv2 header Instance IDs are
received by those legacy OSPFv2 routers. Since the non-zero Instance
ID is included in the AuType by these legacy OSPFv2 routers, it is
misinterpreted as a mismatched authentication type and the packet is
dropped. This is exactly what is expected and desired.
Previously, there was concern that certain implementations would log
every single authentication type mismatch. However, discussions with
implementers have led us to the conclusion that this is not as severe
a problem as we'd first thought, and it will be even less of a
problem by the time the mechanism described herein is standardized,
implemented, and deployed. Most implementations will dampen the
logging of errors. Hence, the more drastic mechanisms to avoid
legacy OSPFv2 routers from receiving multicast OSPFv2 packets with
non-zero Instance IDs have been removed.
If the OSPF MIB as specified in [<a href="#ref-OSPF-MIB" title=""OSPF Version 2 Management Information Base"">OSPF-MIB</a>] is implemented, even the
damped generation of the ospfIfAuthFailure or ospfVirtIfAuthFailure
Simple Network Management Protocol (SNMP) notifications would be
undesirable in situations where legacy OSPFv2 routers are deployed on
the same subnet as OSPFv2 routers supporting this specification.
Consequently, it is recommended that implementations that implement
this specification and the OSPF MIB also implement SNMP Notification
filtering as specified in <a href="./rfc3413#section-6">Section 6 of [RFC3413]</a>.
<span class="grey">Lindem, et al. Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
The enhancement described herein doesn't include additional security
considerations to OSPFv2. Security considerations for OSPFv2 are
described in [<a href="#ref-OSPFV2" title=""OSPF Version 2"">OSPFV2</a>].
Given that only three OSPFv2 authentication types have been
standardized, it seems reasonable to reduce the OSPFv2 packet header
field to 8 bits.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. IANA Considerations</span>
The size of the AuType field is reduced from 16 octets to 8 octets.
This changes the OSPF Authentication Codes registry in that the
values 256-65535 are no longer defined and are therefore deprecated.
There is no backward compatibility issue since this range of values
was previously defined as "Reserved and should not be assigned".
A new registry has been created for OSPFv2 Instance IDs. The initial
allocation of OSPFv2 Instance IDs is described below. Refer to
<a href="#section-3.2">Section 3.2</a> for more information.
+-------------+----------------------+--------------------+
| Value/Range | Designation | Assignment Policy |
+-------------+----------------------+--------------------+
| 0 | Base IPv4 Unicast | Assigned |
| | Instance | |
| | | |
| 1 | Base IPv4 Multicast | Assigned |
| | Instance | |
| | | |
| 2 | Base IPv4 In-band | Assigned |
| | Management Instance | |
| | | |
| 3-127 | Private Use | Reserved for local |
| | | policy assignment |
| | | |
| 128-255 | Unassigned | Standards Action |
+-------------+----------------------+--------------------+
OSPFv2 Instance ID
<span class="grey">Lindem, et al. Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. References</span>
<span class="h3"><a class="selflink" id="section-9.1" href="#section-9.1">9.1</a>. Normative References</span>
[<a id="ref-OSPFV2">OSPFV2</a>] Moy, J., "OSPF Version 2", STD 54, <a href="./rfc2328">RFC 2328</a>, April 1998.
[<a id="ref-OSPFV3">OSPFV3</a>] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", <a href="./rfc5340">RFC 5340</a>, July 2008.
[<a id="ref-RFC-KEYWORDS">RFC-KEYWORDS</a>]
Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
<span class="h3"><a class="selflink" id="section-9.2" href="#section-9.2">9.2</a>. Informative References</span>
[<a id="ref-OSPF-MIB">OSPF-MIB</a>] Joyal, D., Ed., Galecki, P., Ed., Giacalone, S., Ed.,
Coltun, R., and F. Baker, "OSPF Version 2 Management
Information Base", <a href="./rfc4750">RFC 4750</a>, December 2006.
[<a id="ref-RFC3413">RFC3413</a>] Levi, D., Meyer, P., and B. Stewart, "Simple Network
Management Protocol (SNMP) Applications", STD 62, <a href="./rfc3413">RFC</a>
<a href="./rfc3413">3413</a>, December 2002.
[<a id="ref-RFC4915">RFC4915</a>] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", <a href="./rfc4915">RFC</a>
<a href="./rfc4915">4915</a>, June 2007.
[<a id="ref-RFC5709">RFC5709</a>] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
Authentication", <a href="./rfc5709">RFC 5709</a>, October 2009.
<span class="grey">Lindem, et al. Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Acknowledgments</span>
Thanks to Adrian Farrel for reviewing and providing some suggested
improvements during the IESG review.
Thanks to Paul Wells for commenting on the backward compatibility
issues.
Thanks to Paul Wells and Vladica Stanisic for commenting during the
OSPF WG last call.
Thanks to Manav Bhatia for comments and for being the document
shepherd.
Thanks to Magnus Nystrom for comments under the auspices of the
Security Directorate review.
Thanks to Dan Romascanu for comments during the IESG review.
Thanks to Pete McCann for comments under the auspices of the Gen-ART
review.
<span class="grey">Lindem, et al. Standards Track [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc6549">RFC 6549</a> OSPFv2 Multi-Instance Extensions March 2012</span>
Authors' Addresses
Acee Lindem
Ericsson
102 Carric Bend Court
Cary, NC 27519
USA
EMail: acee.lindem@ericsson.com
Abhay Roy
Cisco Systems
225 West Tasman Drive
San Jose, CA 95134
USA
EMail: akr@cisco.com
Sina Mirtorabi
Cisco Systems
3 West Plumeria Drive
San Jose, CA 95134
USA
EMail: sina@cisco.com
Lindem, et al. Standards Track [Page 9]
</pre>
|
