Internet DRAFT - draft-ietf-ospf-multi-instance

draft-ietf-ospf-multi-instance






Network Working Group                                          A. Lindem
Internet-Draft                                                  Ericsson
Updates: 2328 (if approved)                                       A. Roy
Intended status: Standards Track                            S. Mirtorabi
Expires: July 22, 2012                                     Cisco Systems
                                                        January 19, 2012


                    OSPFv2 Multi-Instance Extensions
                 draft-ietf-ospf-multi-instance-09.txt

Abstract

   OSPFv3 includes a mechanism to support multiple instances of the
   protocol running on the same interface.  OSPFv2 can utilize such a
   mechanism in order to support multiple routing domains on the same
   subnet.

   This document defines the OSPFv2 instance ID to enable separate
   OSPFv2 protocol instances on the same interface.  Unlike OSPFv3 where
   the instance ID can be used for multiple purposes, such as putting
   the same interface in multiple areas, the OSPFv2 instance ID is
   reserved for identifying protocol instances.

   This document updates RFC 2328.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 22, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Lindem, et al.            Expires July 22, 2012                 [Page 1]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Requirements notation  . . . . . . . . . . . . . . . . . .  3
   2.  OSPFv2 Instance Packet Encoding  . . . . . . . . . . . . . . .  4
   3.  OSPFv2 Interface Instance ID . . . . . . . . . . . . . . . . .  5
     3.1.  Sending and Receiving OSPFv2 packets . . . . . . . . . . .  5
     3.2.  Interface Instance ID Values . . . . . . . . . . . . . . .  5
   4.  State Sharing Optimizations between OSPFv2 instances . . . . .  6
   5.  OSPFv2 Authentication Impacts  . . . . . . . . . . . . . . . .  7
   6.  Backward Compatibility and Deployment Considerations . . . . .  8
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 11
   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13






















Lindem, et al.            Expires July 22, 2012                 [Page 2]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


1.  Introduction

   OSPFv3 [OSPFV3] includes a mechanism to support multiple instances of
   the protocol running on the same interface.  OSPFv2 [OSPFV2] can
   utilize such a mechanism in order to support multiple routing domains
   on the same subnet.

   This document defines the OSPFv2 instance ID to enable separate
   OSPFv2 protocol instances on the same interface.  Unlike OSPFv3 where
   the instance ID can be used for multiple purposes, such as putting
   the same interface in multiple areas, the OSPFv2 instance ID is
   reserved for identifying protocol instances.

1.1.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC-KEYWORDS].

































Lindem, et al.            Expires July 22, 2012                 [Page 3]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


2.  OSPFv2 Instance Packet Encoding

   This document extends OSPFv2 with a mechanism to differentiate
   packets for different instances sent and received on the same
   interface.  In support of this capability, a modified packet header
   format with the Authentication Type field split into an Instance ID
   and AuType.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Version #   |     Type      |         Packet length         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Router ID                             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                          Area ID                              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Checksum             |  Instance ID  |  AuType       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         The OSPFv2 Packet Header

   All fields are as defined in [OSPFV2] except that the Instance ID
   field is new, and the AuType field is reduced to 8 bits from 16 bits
   without any change in meaning.  The Instance ID field is defined as
   follows:


   Instance ID
      Enables multiple instances of OSPFv2 to be used on a single
      interface.  Each protocol instance would be assigned a separate
      Instance ID; the Instance ID has local subnet significance only.
      Received packets with an Instance ID not equal to one of the
      Instance IDs corresponding to one of the configured OSPFv2
      Instances for the receiving interface MUST be discarded.











Lindem, et al.            Expires July 22, 2012                 [Page 4]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


3.  OSPFv2 Interface Instance ID

   [OSPFV2] describes the conceptual interface data structure in section
   9.  The OSPFv2 Interface Instance ID is added to this structure.  The
   OSPFv2 Interface Instance ID has a default value of 0.  Its setting
   to a non-zero value may be accomplished through configuration.

3.1.  Sending and Receiving OSPFv2 packets

   When sending OSPFv2 packets, the OSPFv2 Interface Instance ID is set
   in the OSPFv2 packet header.  When receiving OSPFv2 packets, the
   OSPFv2 Header Instance ID is used to aid in demultiplexing the packet
   and routing it to the correct OSPFv2 instance.  Received packets with
   an Instance ID not equal to one of the configured OSPFv2 Instance IDs
   on the receiving interface MUST be discarded.

3.2.  Interface Instance ID Values

   The following OSPFv2 Instance IDs have been defined:


   0
      Base IPv4 Instance - This is the default IPv4 routing instance
      corresponding to default IPv4 unicast routing and the attendant
      IPv4 routing table.  Use of this instance ID provides backward
      compatibility with the base OSPF specification [OSPFV2].

   1
      Base IPv4 Multicast Instance - This IPv4 instance corresponds to
      the separate IPv4 routing table used for the Reverse Path
      Forwarding (RPF) checking performed on IPv4 multicast traffic.

   2
      Base IPv4 In-band Management Instance - This IPv4 instance
      corresponds to a separate IPv4 routing table used for network
      management applications.

   3-127
      Private Use - These Instance IDs are reserved for definition and
      semantics defined by the local network administrator.  For
      example, separate Interface Instance IDs and their corresponding
      OSPFv2 instances could be used to support independent non-
      congruent topologies for different classes of IPv4 unicast
      traffic.  The details of such deployments are beyond the scope of
      this document.

   The first three Interface Instance IDs are analogous to the topology
   IDs defined in [RFC4915].



Lindem, et al.            Expires July 22, 2012                 [Page 5]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


4.  State Sharing Optimizations between OSPFv2 instances

   This is beyond the scope of this draft and is an area for further
   study.















































Lindem, et al.            Expires July 22, 2012                 [Page 6]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


5.  OSPFv2 Authentication Impacts

   Now that the AuType OSPFv2 header field has been reduced from 2
   octets to 1 octet, OSPFv2 routers not supporting this specification
   will fail packet authentication for any instance other than the
   default (i.e., the Base IPv4 Unicast Instance).  This is solely due
   to the difference in field definition as opposed to any explicit
   change to OSPFv2 authentication as described in Appendix D of RFC
   2328 [OSPFV2] and RFC 5709 [RFC5709].  However, this is exactly what
   is desired since OSPFv2 routers not supporting this specification
   should only support the default instance (Refer to Section 6).








































Lindem, et al.            Expires July 22, 2012                 [Page 7]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


6.  Backward Compatibility and Deployment Considerations

   When there are OSPFv2 routers that support OSPFv2 Multi-Instance
   extensions on the same broadcast capable interface as OSPFv2 routers
   that do not, packets with non-zero OSPFv2 header Instance IDs are
   received by those legacy OSPFv2 routers.  Since the non-zero Instance
   ID is included in the AuType by these legacy OSPFv2 routers, it is
   misinterpreted as a mismatched authentication type and the packet is
   dropped.  This is exactly what is expected and desired.

   Previously, there was concern that certain implementations would log
   every single authentication type mismatch.  However, discussions with
   implementers have led us to the conclusion that this is not as severe
   a problem as we'd first thought and it will be even less of a problem
   by the time the mechanism in this draft is standardized, implemented,
   and deployed.  Most implementations will dampen the logging of
   errors.  Hence, the more drastic mechanisms to avoid legacy OSPFv2
   routers from receiving multicast OSPFv2 packets with non-zero
   Instance IDs have been removed.

   If the OSPF MIB as specified in [OSPF-MIB] is implemented, even the
   damped generation of the ospfIfAuthFailure or ospfVirtIfAuthFailure
   SNMP notifications would be undesirable in situations where legacy
   OSPFv2 routers are deployed on the same subnet as OSPFv2 routers
   supporting this specification.  Consequently, it is recommended that
   implementations that implement this specification and the OSPF MIB
   also implement SNMP Notification filtering as specified in section 6
   of [RFC3413].























Lindem, et al.            Expires July 22, 2012                 [Page 8]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


7.  Security Considerations

   The enhancement described herein doesn't add any additional security
   considerations to OSPFv2.  Security considerations for OSPFv2 are
   described in [OSPFV2].

   Given that only three OSPFv2 authentication types have been
   standardized, it seems reasonable to reduce the OSPFv2 packet header
   field to 8 bits.










































Lindem, et al.            Expires July 22, 2012                 [Page 9]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


8.  IANA Considerations

   The size of the AuType field is reduced from 16 octets to 8 octets.
   This changes the OSPF Authentication Codes registry in that the
   values 256-65535 are no longer defined.  There is no backward
   compatibility issue since this range of values was previously defined
   as "Reserved and should not be assigned".

   A new registry is added for OSPFv2 Instance IDs.  The allocation of
   OSPFv2 Instance IDs is described below.  Refer to Section 3.2 for
   more information.

            +-------------+----------------------+--------------------+
            | Value/Range | Designation          | Assignment Policy  |
            +-------------+----------------------+--------------------+
            | 0           | Base IPv4 Unicast    | Assigned           |
            |             | Instance             |                    |
            |             |                      |                    |
            | 1           | Base IPv4 Multicast  | Assigned           |
            |             | Instance             |                    |
            |             |                      |                    |
            | 2           | Base IPv4 In-band    | Assigned           |
            |             | Management Instance  |                    |
            |             |                      |                    |
            | 3-127       | Private Use          | Reserved for local |
            |             |                      | policy assignment  |
            |             |                      |                    |
            | 128-255     | Unassigned           | Standards Action   |
            +-------------+----------------------+--------------------+

                            OSPFv2 Instance ID




















Lindem, et al.            Expires July 22, 2012                [Page 10]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


9.  References

9.1.  Normative References

   [OSPFV2]   Moy, J., "OSPF Version 2", RFC 2328, April 1998.

   [OSPFV3]   Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, July 2008.

   [RFC-KEYWORDS]
              Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", RFC 2119, March 1997.

9.2.  Informative References

   [OSPF-MIB]
              Joyal, D., Galecki, P., Giacalone, S., Baker, F., and R.
              Coltun, "OSPF Version 2 Management Information Base",
              RFC 4750, December 2006.

   [RFC3413]  Levi, D., Meyer, P., and B. Stewart, "Simple Network
              Management Protocol (SNMP) Applications", STD 62,
              RFC 3413, December 2002.

   [RFC4915]  Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
              Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF",
              RFC 4915, June 2007.

   [RFC5709]  Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
              Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
              Authentication", RFC 5709, October 2009.




















Lindem, et al.            Expires July 22, 2012                [Page 11]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


Appendix A.  Acknowledgments

   The RFC text was produced using Marshall Rose's xml2rfc tool.

   Thanks to Adrian Farrel for review and providing some suggested
   improvements during the IESG review.

   Thanks to Paul Wells for commenting on the backward compatibility
   issues.

   Thanks to Paul Wells and Vladica Stanisic for commenting during the
   OSPF WG last call.

   Thanks to Manav Bhatia for comments and being the document shepherd.

   Thanks to Magnus Nystrom for comments under the auspices of the
   Security Directorate review.

   Thanks to Dan Romascanu for comments during the IESG review.

   Thanks to Pete McCann for comments under the auspices of the Gen-ART
   review.





























Lindem, et al.            Expires July 22, 2012                [Page 12]

Internet-Draft      OSPFv2 Multi-Instance Extensions        January 2012


Authors' Addresses

   Acee Lindem
   Ericsson
   102 Carric Bend Court
   Cary, NC  27519
   USA

   Email: acee.lindem@ericsson.com


   Abhay Roy
   Cisco Systems
   225 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: akr@cisco.com


   Sina Mirtorabi
   Cisco Systems
   3 West Plumeria Drive
   San Jose, CA  95134
   USA

   Email: sina@cisco.com
























Lindem, et al.            Expires July 22, 2012                [Page 13]