Network Working Group J. Moy
Request for Comments: 2329 Ascend Communications, Inc.
Category: Informational April 1998
Network Working Group J. Moy
Request for Comments: 2329 Ascend Communications, Inc.
Category: Informational April 1998
OSPF Standardization Report
OSPF标准化报告
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This memo documents how the requirements for advancing a routing protocol to Full Standard, set out in [Ref2], have been met for OSPFv2.
本备忘录记录了OSPFv2如何满足[Ref2]中规定的将路由协议提升至完全标准的要求。
Please send comments to ospf@gated.cornell.edu.
请将意见发送至ospf@gated.cornell.edu.
Table of Contents
目录
1 Introduction ........................................... 2
2 Modifications since Draft Standard status .............. 3
2.1 Point-to-MultiPoint interface .......................... 4
2.2 Cryptographic Authentication ........................... 5
3 Updated implementation and deployment experience ....... 5
4 Protocol Security ...................................... 7
References ............................................. 8
Security Considerations ................................ 8
Author's Address ....................................... 8
Full Copyright Statement ............................... 9
1 Introduction ........................................... 2
2 Modifications since Draft Standard status .............. 3
2.1 Point-to-MultiPoint interface .......................... 4
2.2 Cryptographic Authentication ........................... 5
3 Updated implementation and deployment experience ....... 5
4 Protocol Security ...................................... 7
References ............................................. 8
Security Considerations ................................ 8
Author's Address ....................................... 8
Full Copyright Statement ............................... 9
OSPFv2, herein abbreviated simply as OSPF, is an IPv4 routing protocol documented in [Ref8]. OSPF is a link-state routing protocol. It is designed to be run internal to a single Autonomous System. Each OSPF router maintains an identical database describing the Autonomous System's topology. From this database, a routing table is calculated by constructing a shortest-path tree. OSPF features include the following:
OSPFv2,在本文中简称为OSPF,是一种IPv4路由协议,如参考文献8所述。OSPF是一种链路状态路由协议。它被设计为在单个自治系统内部运行。每个OSPF路由器维护一个描述自治系统拓扑的相同数据库。根据该数据库,通过构造最短路径树来计算路由表。OSPF的功能包括:
o OSPF responds quickly to topology changes, expending a minimum of network bandwidth in the process.
o OSPF能够快速响应拓扑变化,在这个过程中消耗最少的网络带宽。
o Support for CIDR addressing.
o 支持CIDR寻址。
o OSPF routing exchanges can be authenticated, providing routing security.
o OSPF路由交换可以通过身份验证,提供路由安全性。
o Equal-cost multipath.
o 等成本多路传输。
o An area routing capability is provided, enabling an Autonomous system to be split into a two level hierarchy to further reduce the amount of routing protocol traffic.
o 提供区域路由能力,使自治系统能够被划分为两级层次结构,以进一步减少路由协议通信量。
o OSPF allows import of external routing information into the Autonomous System, including a tagging feature that can be exploited to exchange extra information at the AS boundary (see [Ref7]).
o OSPF允许将外部路由信息导入自治系统,包括一个标签功能,可以利用该功能在AS边界交换额外信息(参见[Ref7])。
An analysis of OSPF together with a more detailed description of OSPF features was originally provided in [Ref6], as a part of promoting OSPF to Draft Standard status. The analysis of OSPF remains unchanged. Two additional major features have been developed for OSPF since the protocol achieved Draft Standard status: the Point-to-MultiPoint interface and Cryptographic Authentication. These features are described in Sections 2.1 and 2.2 respectively of this memo.
[参考文献6]最初提供了对OSPF的分析以及对OSPF特性的更详细描述,作为促进OSPF起草标准状态的一部分。OSPF的分析保持不变。自从协议达到标准草案状态以来,OSPF还开发了两个主要特性:点对多点接口和加密认证。本备忘录第2.1节和第2.2节分别描述了这些特征。
The OSPF MIB is documented in [Ref4]. It is currently at Draft Standard status.
OSPF MIB记录在[参考文献4]中。它目前处于标准草案状态。
OSPF became a Draft Standard with the release of RFC 1583 [Ref3]. Implementations of the new specification in [Ref8] are backward-compatible with RFC 1583. The differences between the two documents are described in the Appendix Gs of [Ref1] and [Ref8]. These differences are listed briefly below. Two major features were also added, the Point-to-MultiPoint interface and Cryptographic Authentication, which are described in separate sections.
随着RFC 1583的发布,OSPF成为一项标准草案[参考文献3]。参考文献8中新规范的实现与RFC 1583向后兼容。参考文献1和参考文献8的附录Gs中描述了这两个文件之间的差异。下面简要列出了这些差异。另外还添加了两个主要功能,即点对多点接口和加密身份验证,这两个功能将在单独的章节中介绍。
o Configuration requirements for OSPF area address ranges have been relaxed to allow greater flexibility in area assignment. See Section G.3 of [Ref1] for details.
o OSPF区域地址范围的配置要求已经放宽,以便在区域分配方面具有更大的灵活性。详见[参考文献1]第G.3节。
o The OSPF flooding algorithm was modified to a) improve database convergence in networks with low speed links b) resolve a problem where unnecessary LSA retransmissions could occur as a result of differing clock granularities, c) remove race conditions between the flooding of MaxAge LSAs and the Database Exchange process, d) clarify the use of the MinLSArrival constant, and e) rate-limit the response to less recent LSAs received via flooding. See Sections G.4 and G.5 of [Ref1] and Section G.1 of [Ref8] for details.
o 对OSPF洪泛算法进行了修改,以a)改进具有低速链路的网络中的数据库收敛b)解决由于不同的时钟粒度可能导致不必要的LSA重传的问题,c)消除MaxAge LSA洪泛和数据库交换进程之间的争用条件,d)澄清最小到达常数的使用,以及e)速率限制对通过洪水接收的较新LSA的响应。详见[参考文献1]第G.4节和第G.5节以及[参考文献8]第G.1节。
o To resolve the long-standing confusion regarding representation of point-to-point links in OSPF, the specification now optionally allows advertisement of a stub link to a point-to-point link's subnet, ala RIP. See Section G.6 of [Ref1].
o 为了解决关于OSPF中点到点链路表示的长期困惑,该规范现在可以选择允许向点到点链路的子网ala RIP发布存根链路。见[参考文献1]第G.6节。
o Several problems involving advertising the same external route from multiple areas were found and fixed, as described in Section G.7 of [Ref1] and Section G.2 of [Ref8]. Without the fixes, persistent routing loops could form in certain such configurations. Note that one of the fixes was not backward-compatible, in that mixing routers implementing the fixes with those implementing just RFC 1583 could cause loops not present in an RFC 1583-only configuration. This caused an RFC1583Compatibility global configuration parameter to be added, as described in Section C.1 of [Ref1].
o 如[参考文献1]第G.7节和[参考文献8]第G.2节所述,发现并解决了涉及从多个区域发布相同外部路线广告的几个问题。如果没有修复,在某些这样的配置中可能会形成持久路由循环。请注意,其中一个修复程序不向后兼容,因为将实现修复程序的路由器与仅实现RFC 1583的路由器混合使用可能会导致仅在RFC 1583配置中不存在循环。这导致添加RFC1583兼容性全局配置参数,如[Ref1]第C.1节所述。
o In order to deal with high delay links, retransmissions of initial Database Description packets no longer reset an OSPF adjacency.
o 为了处理高延迟链路,初始数据库描述数据包的重传不再重置OSPF邻接。
o In order to detect link MTU mismatches, which can cause problems both in IP forwarding and in the OSPF routing protocol itself, MTU was added to OSPF's Database Description packets. Neighboring routers refuse to bring up an OSPF adjacency unless they agree on their common link's MTU.
o 为了检测链路MTU不匹配(这可能导致IP转发和OSPF路由协议本身出现问题),将MTU添加到OSPF的数据库描述数据包中。相邻路由器拒绝提出OSPF邻接,除非它们同意其公共链路的MTU。
o The TOS routing option was deleted from OSPF. However, for backward compatibility the formats of OSPF's various LSAs remain unchanged, maintaining the ability to specify TOS metrics in router-LSAs, summary-LSAs, ASBR-summary-LSAs, and AS-external-LSAs.
o 已从OSPF中删除TOS路由选项。但是,为了向后兼容,OSPF的各种LSA的格式保持不变,保持在路由器LSA、摘要LSA、ASBR摘要LSA和外部LSA中指定TOS度量的能力。
o OSPF's routing table lookup algorithm was changed to reflect current practice. The "best match" routing table entry is now always selected to be the one providing the most specific (longest) match. See Section G.4 of [Ref8] for details.
o OSPF的路由表查找算法已更改,以反映当前的实践。“最佳匹配”路由表条目现在总是被选择为提供最具体(最长)匹配的条目。详见[参考文献8]第G.4节。
2.1. Point-to-MultiPoint interface
2.1. 点对多点接口
The Point-to-MultiPoint interface was added as an alternative to OSPF's NBMA interface when running OSPF over non-broadcast subnets. Unlike the NBMA interface, Point-to-MultiPoint does not require full mesh connectivity over the non-broadcast subnet. Point-to-MultiPoint is less efficient than NBMA, but is easier to configure (in fact, it can be self-configuring) and is more robust than NBMA, tolerating all failures within the non-broadcast subnet. For more information on the Point-to-MultiPoint interface, see Section G.2 of [Ref1].
在非广播子网上运行OSPF时,添加了点对多点接口,作为OSPF NBMA接口的替代。与NBMA接口不同,点对多点不需要在非广播子网上进行完全网状连接。点对多点的效率低于NBMA,但更易于配置(事实上,它可以自我配置),并且比NBMA更健壮,能够容忍非广播子网内的所有故障。有关点对多点接口的更多信息,请参见[参考文献1]的G.2节。
There are at least six independent implementations of the Point-to-MultiPoint interface. Interoperability has been demonstrated between at least two pairs of implementations: between 3com and Bay Networks, and between cisco and Cascade.
点对多点接口至少有六种独立的实现。至少有两对实现之间的互操作性已经得到证明:3com和Bay网络之间,以及cisco和Cascade之间。
2.2. Cryptographic Authentication
2.2. 密码认证
Non-trivial authentication was added to OSPF with the development of the Cryptographic Authentication type. This authentication type uses any keyed message digest algorithm, with explicit instructions included for the use of MD5. For more information on OSPF authentication, see Section 4.
随着加密身份验证类型的发展,非平凡身份验证被添加到OSPF中。此身份验证类型使用任何键控消息摘要算法,并包含用于使用MD5的显式指令。有关OSPF身份验证的更多信息,请参阅第4节。
There are at least three independent implementations of the OSPF Cryptographic authentication type. Interoperability has been demonstrated between the implementations from cisco and Cascade.
OSPF加密身份验证类型至少有三种独立的实现。cisco和Cascade的实现之间的互操作性已得到证明。
When OSPF was promoted to Draft Standard Status, a report was issued documenting current implementation and deployment experience (see [Ref6]). That report is now quite dated. In an attempt to get more current data, a questionnaire was sent to OSPF mailing list in January 1996. Twelve responses were received, from 11 router vendors and 1 manufacturer of test equipment. These responses represented 6 independent implementations. A tabulation of the results are presented below.
当OSPF被提升为标准草案状态时,发布了一份报告,记录了当前的实施和部署经验(参见[Ref6])。那份报告现在已经过时了。为了获得更多的最新数据,1996年1月向OSPF邮寄名单发送了一份调查问卷。收到了来自11家路由器供应商和1家测试设备制造商的12份回复。这些回答代表了6个独立的实现。结果列表如下所示。
Table 1 indicates the implementation, interoperability and deployment of the major OSPF functions. The number in each column represents the number of responses in the affirmative.
表1显示了OSPF主要功能的实施、互操作性和部署。每列中的数字表示肯定回答的数量。
Imple- Inter-
Feature mented operated Deployed
_______________________________________________________
OSPF areas 10 10 10
Stub areas 10 10 9
Virtual links 10 9 8
Equal-cost multipath 10 7 8
NBMA support 9 8 7
CIDR addressing 8 5 6
OSPF MIB 8 5 5
Cryptographic auth. 3 2 1
Point-to-Multipoint ifc. 6 3 4
Imple- Inter-
Feature mented operated Deployed
_______________________________________________________
OSPF areas 10 10 10
Stub areas 10 10 9
Virtual links 10 9 8
Equal-cost multipath 10 7 8
NBMA support 9 8 7
CIDR addressing 8 5 6
OSPF MIB 8 5 5
Cryptographic auth. 3 2 1
Point-to-Multipoint ifc. 6 3 4
Table 1: Implementation of OSPF features
表1:OSPF功能的实现
Table 2 indicates the size of the OSPF routing domains that vendors have tested. For each size parameter, the number of responders and the range of responses (minimum, mode, mean and maximum) are listed.
表2显示了供应商测试的OSPF路由域的大小。对于每个尺寸参数,列出了响应者的数量和响应范围(最小值、模式、平均值和最大值)。
Parameter Responses Min Mode Mean Max
_________________________________________________________________
Max routers in domain 7 30 240 460 1600
Max routers in single area 7 20 240 380 1600
Max areas in domain 7 1 10 16 60
Max AS-external-LSAs 9 50 10K 10K 30K
Parameter Responses Min Mode Mean Max
_________________________________________________________________
Max routers in domain 7 30 240 460 1600
Max routers in single area 7 20 240 380 1600
Max areas in domain 7 1 10 16 60
Max AS-external-LSAs 9 50 10K 10K 30K
Table 2: OSPF domain sizes tested
表2:测试的OSPF域大小
Table 3 indicates the size of the OSPF routing domains that vendors have deployed in real networks. For each size parameter, the number of responders and the range of responses (minimum, mode, mean and maximum) are listed.
表3显示了供应商在实际网络中部署的OSPF路由域的大小。对于每个尺寸参数,列出了响应者的数量和响应范围(最小值、模式、平均值和最大值)。
Parameter Responses Min Mode Mean Max
_________________________________________________________________
Max routers in domain 8 20 350 510 1000
Max routers in single area 8 20 100 160 350
Max areas in domain 7 1 15 23 60
Max AS-external-LSAs 6 50 1K 2K 5K
Parameter Responses Min Mode Mean Max
_________________________________________________________________
Max routers in domain 8 20 350 510 1000
Max routers in single area 8 20 100 160 350
Max areas in domain 7 1 15 23 60
Max AS-external-LSAs 6 50 1K 2K 5K
Table 3: OSPF domain sizes deployed
表3:部署的OSPF域大小
In an attempt to ascertain the extent to which OSPF is currently deployed, vendors were also asked in January 1998 to provide deployment estimates. Four vendors of OSPF routers responded, with a total estimate of 182,000 OSPF routers in service, organized into 4300 separate OSPF routing domains.
为了确定目前部署OSPF的程度,1998年1月还要求供应商提供部署估计数。四家OSPF路由器供应商作出了回应,估计总共有182000台OSPF路由器在使用中,分为4300个单独的OSPF路由域。
All OSPF protocol exchanges are authenticated. OSPF supports multiple types of authentication; the type of authentication in use can be configured on a per network segment basis. One of OSPF's authentication types, namely the Cryptographic authentication option, is believed to be secure against passive attacks and provide significant protection against active attacks. When using the Cryptographic authentication option, each router appends a "message digest" to its transmitted OSPF packets. Receivers then use the shared secret key and received digest to verify that each received OSPF packet is authentic.
所有OSPF协议交换都经过身份验证。OSPF支持多种类型的认证;可以基于每个网段配置使用中的身份验证类型。OSPF的一种身份验证类型,即加密身份验证选项,被认为对被动攻击是安全的,并对主动攻击提供重要保护。当使用加密身份验证选项时,每个路由器在其传输的OSPF数据包中附加一个“消息摘要”。然后,接收器使用共享密钥和接收摘要来验证每个接收到的OSPF数据包是真实的。
The quality of the security provided by the Cryptographic authentication option depends completely on the strength of the message digest algorithm (MD5 is currently the only message digest algorithm specified), the strength of the key being used, and the correct implementation of the security mechanism in all communicating OSPF implementations. It also requires that all parties maintain the secrecy of the shared secret key.
加密身份验证选项提供的安全性质量完全取决于消息摘要算法的强度(MD5目前是唯一指定的消息摘要算法)、所用密钥的强度以及所有通信OSPF实现中安全机制的正确实现。它还要求各方维护共享密钥的保密性。
None of the OSPF authentication types provide confidentiality. Nor do they protect against traffic analysis. Key management is also not addressed by the OSPF specification.
OSPF身份验证类型都不提供机密性。它们也不能防止流量分析。OSPF规范也没有涉及密钥管理。
For more information, see Sections 8.1, 8.2, and Appendix D of [Ref1].
有关更多信息,请参见[参考文献1]第8.1节、第8.2节和附录D。
References
工具书类
[Ref1] Moy, J., "OSPF Version 2", RFC 2178, July 1997.
[参考文献1]莫伊,J.,“OSPF版本2”,RFC2178,1997年7月。
[Ref2] Hinden, B., "Internet Routing Protocol Standardization Criteria", RFC 1264, October 1991.
[参考文献2]Hinden,B.,“互联网路由协议标准化标准”,RFC 1264,1991年10月。
[Ref3] Moy, J., "OSPF Version 2", RFC 1583, March 1994.
[参考文献3]莫伊,J.,“OSPF版本2”,RFC1583,1994年3月。
[Ref4] Baker, F., and R. Coltun, "OSPF Version 2 Management Information Base", RFC 1850, November 1995.
[Ref4]Baker,F.和R.Coltun,“OSPF版本2管理信息库”,RFC 1850,1995年11月。
[Ref5] Moy, J., "OSPF Protocol Analysis", RFC 1245, August 1991.
[参考文献5]莫伊,J.,“OSPF协议分析”,RFC1245,1991年8月。
[Ref6] Moy, J., "Experience with the OSPF Protocol", RFC 1246, August 1991.
[参考文献6]Moy,J.,“OSPF协议的经验”,RFC 1246,1991年8月。
[Ref7] Varadhan, K., Hares S., and Y. Rekhter, "BGP4/IDRP for IP-- -OSPF Interaction", RFC 1745, December 1994.
[参考文献7]Varadhan,K.,Hares S.,和Y.Rekhter,“用于IP的BGP4/IDRP--OSPF交互”,RFC 17451994年12月。
[Ref8] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[参考文献8]莫伊,J.,“OSPF版本2”,STD 54,RFC 23281998年4月。
Security Considerations
安全考虑
Security considerations are addressed in Section 4 of this memo.
本备忘录第4节阐述了安全注意事项。
Author's Address
作者地址
John Moy Ascend Communications, Inc. 1 Robbins Road Westford, MA 01886
马萨诸塞州韦斯特福德罗宾斯路1号John Moy Ascend Communications,Inc.01886
Phone: 978-952-1367 Fax: 978-392-2075 EMail: jmoy@casc.com
电话:978-952-1367传真:978-392-2075电子邮件:jmoy@casc.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。