Network Working Group P. Droz
Request for Comments: 2843 IBM
Category: Informational T. Przygienda
Siara
May 2000
Network Working Group P. Droz
Request for Comments: 2843 IBM
Category: Informational T. Przygienda
Siara
May 2000
Proxy-PAR
代理票面价值
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
Proxy-PAR is a minimal version of PAR (PNNI Augmented Routing) that gives ATM-attached devices the ability to interact with PNNI devices without the necessity to fully support PAR. Proxy-PAR is designed as a client/server interaction, of which the client side is much simpler than the server side to allow fast implementation and deployment.
代理PAR是PAR(PNNI增强路由)的最小版本,它赋予ATM附加设备与PNNI设备交互的能力,而不必完全支持PAR。Proxy PAR设计为客户机/服务器交互,其中客户机端比服务器端简单得多,以允许快速实现和部署。
The purpose of Proxy-PAR is to allow non-ATM devices to use the flooding mechanisms provided by PNNI for registration and automatic discovery of services offered by ATM attached devices. The first version of PAR primarily addresses protocols available in IPv4. But it also contains a generic interface to access the flooding of PNNI. In addition, Proxy-PAR-capable servers provide filtering based on VPN IDs [1], IP protocols and address prefixes. This enables, for instance, routers in a certain VPN running OSPF to find OSPF neighbors on the same subnet. The protocol is built using a registration/query approach where devices can register their services and query for services and protocols registered by other clients.
代理PAR的目的是允许非ATM设备使用PNNI提供的泛洪机制来注册和自动发现ATM连接设备提供的服务。PAR的第一个版本主要解决IPv4中可用的协议。但它也包含一个通用接口来访问PNNI的泛滥。此外,支持代理PAR的服务器提供基于VPN ID[1]、IP协议和地址前缀的过滤。例如,这使运行OSPF的特定VPN中的路由器能够在同一子网上找到OSPF邻居。该协议使用注册/查询方法构建,设备可以注册其服务并查询其他客户端注册的服务和协议。
1 Introduction
1导言
In June of 1996, the ATM Forum accepted the "Proxy-PAR contribution as minimal subset of PAR" as a work item of the Routing and Addressing (RA) working group, which was previously called the PNNI working group [2]. The PAR [3] specification provides a detailed description of the protocol including state machines and packet formats.
1996年6月,ATM论坛将“代理PAR贡献作为PAR的最小子集”作为路由和寻址(RA)工作组的一个工作项目,该工作组以前称为PNNI工作组[2]。PAR〔3〕规范提供了包括状态机和分组格式的协议的详细描述。
The intention of this document is to provide general information about Proxy-PAR. For the detailed protocol description we refer the reader to [3].
本文件旨在提供有关代理PAR的一般信息。有关详细的协议描述,请读者参考[3]。
Proxy-PAR is a protocol that allows various ATM-attached devices (ATM and non-ATM devices) to interact with PAR-capable switches to exchange information about non-ATM services without executing PAR themselves. The client side is much simpler in terms of implementation complexity and memory requirements than a complete PAR instance. This should allow an easy implementation on existing IP devices such as IP routers. Additionally, clients can use Proxy-PAR to register various non-ATM services and the protocols they support. The protocol has deliberately been omitted from ILMI [4] because of the complexity of PAR information passed in the protocol and the fact that it is intended for the integration of non-ATM protocols and services only. A device executing Proxy-PAR does not necessarily need to execute ILMI or UNI signalling, although this will normally be the case.
代理PAR是一种协议,允许各种ATM附加设备(ATM和非ATM设备)与PAR有能力交换机交互,以在不执行PAR的情况下交换关于非ATM服务的信息。客户端在实现复杂度和内存需求方面比完整的PAR实例要简单得多。这将允许在现有IP设备(如IP路由器)上轻松实现。此外,客户端可以使用代理PAR注册各种非ATM服务及其支持的协议。由于协议中传递的PAR信息的复杂性和仅用于非ATM协议和服务的集成的事实,该协议故意忽略了ILMI〔4〕。执行代理PAR的设备不一定需要执行ILMI或UNI信令,尽管通常情况下是这样。
The protocol does not specify how a client should make use of the obtained information to establish connectivity. For example, OSPF routers finding themselves through Proxy-PAR could establish a full mesh of P2P VCs by means of RFC2225 [5], or use RFC1793 [6] to interact with each other. LANE [7] or MARS [8] could be used for the same purpose. It is expected that the guidelines defining how a certain protocol can make use of Proxy-PAR should be produced by the appropriate working group or standardization body responsible for the particular protocol. An additional RFC [9] describing how to run OSPF together with Proxy-PAR is published together with this document.
该协议未指定客户端应如何利用获得的信息建立连接。例如,通过代理PAR发现自己的OSPF路由器可以通过RFC2225[5]建立P2P VC的完整网格,或者使用RFC1793[6]彼此交互。车道[7]或火星[8]也可用于同样的目的。预计负责特定协议的适当工作组或标准化机构应制定指导方针,规定特定协议如何使用代理PAR。另一个RFC[9]描述了如何与代理PAR一起运行OSPF,并与本文档一起发布。
The protocol has the ability to provide ATM address resolution for IP-attached devices, but such resolutions can also be achieved by other protocols under specification in the IETF, e.g. [10]. Again, the main purpose of the protocol is to allow the automatic detection of devices over an ATM cloud in a distributed fashion, omitting the usual pitfalls of server-based solutions. Last but not least, it should be mentioned here as well that the protocol complements and coexists with the work done in the IETF on server detection via ILMI extensions [11,12,13].
该协议能够为IP连接设备提供ATM地址解析,但此类解析也可以通过IETF规范下的其他协议实现,例如[10]。同样,该协议的主要目的是允许以分布式方式自动检测ATM云上的设备,而忽略了基于服务器的解决方案的常见缺陷。最后但并非最不重要的一点是,这里还应该提到,该协议补充并与IETF中通过ILMI扩展进行的服务器检测工作共存[11,12,13]。
2 Proxy-PAR Operation and Interaction with PNNI
2代理PAR操作和与PNNI的交互
The protocol is asymmetric and consists of a discovery and query/registration part. The discovery is very similar to the existing PNNI Hello protocol and is used to initiate and maintain communication between adjacent clients and servers. The registration and update part execute after a Proxy-PAR adjacency has been established. The client can register its own services by sending
该协议是不对称的,由发现和查询/注册部分组成。该发现与现有的PNNI Hello协议非常相似,用于启动和维护相邻客户端和服务器之间的通信。注册和更新部分在建立代理PAR邻接后执行。客户端可以通过发送
registration messages to the server. The client obtains information it is interested in by sending query messages to the server. When the client needs to change its set of registered protocols, it has to re-register with the server. The client can withdraw all registered services by registering a null set of services. It is important to note that the server side does not push new information to the client, neither does the server keep any state describing which information the client received. It is the responsibility of the client to update and refresh its information and to discover new clients or update its stored information about other clients by issuing queries and registrations at appropriate time intervals. This simplifies the protocol, but assumes that the client will not store and request large amounts of data. The main responsibility of the server is to flood the registered information through the PNNI cloud such that potential clients can discover each other. The Proxy-PAR server side also provides filtering functions to support VPNs and IP subnetting. It is assumed that services advertised by Proxy-PAR will be advertised by a relatively small number of clients and be fairly stable, so that polling and refreshing intervals can be relatively long.
向服务器发送注册消息。客户端通过向服务器发送查询消息来获取感兴趣的信息。当客户端需要更改其已注册的协议集时,它必须向服务器重新注册。客户端可以通过注册一组空的服务来撤消所有已注册的服务。需要注意的是,服务器端不会将新信息推送到客户端,服务器也不会保留任何状态来描述客户端接收到的信息。客户有责任更新和刷新其信息,并通过在适当的时间间隔发出查询和注册来发现新客户或更新其存储的有关其他客户的信息。这简化了协议,但假定客户端不会存储和请求大量数据。服务器的主要职责是通过PNNI云大量传输注册信息,以便潜在客户可以相互发现。代理PAR服务器端还提供过滤功能,以支持VPN和IP子网。假设代理PAR发布的服务将由相对较少的客户端发布,并且相当稳定,因此轮询和刷新间隔可能相对较长。
The Proxy-PAR extensions rely on appropriate flooding of information by the PNNI protocol. When the client side registers or re-registers a new service through Proxy-PAR, it associates an abstract membership scope with the service. The server side maps this membership scope into a PNNI routing level that restricts the flooding. This allows changes of the PNNI routing level without reconfiguration of the client. In addition, the server can set up the mapping table such that a client can flood information only to a certain level. Nodes within the PNNI network take into account the associated scope of the information when it is flooded. It is thus possible to exploit the PNNI routing hierarchy by announcing different protocols on different levels of the hierarchy, e.g. OSPF could be run inside certain peer groups, whereas BGP could be run between the set of peer -groups running OSPF. Such an alignment or mapping of non-ATM protocols to the PNNI hierarchy can drastically enhance the scalability and flexibility of Proxy-PAR service. Figure 1 helps visualize such a scenario. For this topology the following registrations are issued:
代理PAR扩展依赖于PNNI协议适当的信息洪泛。当客户端通过代理PAR注册或重新注册新服务时,它将抽象成员范围与服务关联。服务器端将此成员资格范围映射到限制泛洪的PNNI路由级别。这允许在不重新配置客户端的情况下更改PNNI路由级别。此外,服务器可以设置映射表,以便客户端只能将信息洪泛到某个级别。当信息被淹没时,PNNI网络内的节点会考虑相关的信息范围。因此,可以通过在层次结构的不同级别上宣布不同的协议来利用PNNI路由层次结构,例如,OSPF可以在某些对等组内运行,而BGP可以在运行OSPF的对等组之间运行。非ATM协议与PNNI层次结构的这种对齐或映射可以极大地增强代理PAR服务的可伸缩性和灵活性。图1有助于可视化这样的场景。对于此拓扑,将发布以下注册:
+-+
| | PNNI peer group # PPAR capable @ PNNI capable * Router
+-+ switch switch
+-+
| | PNNI peer group # PPAR capable @ PNNI capable * Router
+-+ switch switch
Level 40
+---------------------------+
| |
| |
| @ ---- @ ---- @ |
| | | |
+----- | ----------- | -----+
| |
Level 60 | |
+------------- | ---+ +-- | --------------+
| | | | | |
R1* ------#-P1------@ | | @---------P3-#------- * R3
| | | | | |
R2* ------#-P2------+ | | +---------P4-#------- * R4
| | | |
+-------------------+ +-------------------+
Level 40
+---------------------------+
| |
| |
| @ ---- @ ---- @ |
| | | |
+----- | ----------- | -----+
| |
Level 60 | |
+------------- | ---+ +-- | --------------+
| | | | | |
R1* ------#-P1------@ | | @---------P3-#------- * R3
| | | | | |
R2* ------#-P2------+ | | +---------P4-#------- * R4
| | | |
+-------------------+ +-------------------+
Figure 1: OSPF and BGP scalability with Proxy-PAR autodetection (ATM topology).
图1:具有代理PAR自动检测(ATM拓扑)的OSPF和BGP可扩展性。
1. R1 registers OSPF protocol as running on the IP interface 1.1.1.1 and subnet 1.1.1/24 with scope 60
1. R1将OSPF协议注册为在IP接口1.1.1.1和子网1.1.1/24上运行,作用域为60
2. R2 registers OSPF protocol as running on the IP interface 1.1.1.2 and subnet 1.1.1/24 with scope 60
2. R2将OSPF协议注册为在IP接口1.1.1.2和子网1.1.1/24上运行,作用域为60
3. R3 registers OSPF protocol as running on the IP interface 1.1.2.1 and subnet 1.1.2/24 with scope 60
3. R3将OSPF协议注册为在IP接口1.1.2.1和子网1.1.2/24上运行,作用域为60
4. R4 registers OSPF protocol as running on the IP interface 1.1.2.2 and subnet 1.1.2/24 with scope 60
4. R4将OSPF协议注册为在IP接口1.1.2.2和子网1.1.2/24上运行,作用域为60
and
和
1. R1 registers BGP4 protocol as running on the IP interface 1.1.3.1 and subnet 1.1/16 with scope 40 within AS101
1. R1将BGP4协议注册为在AS101中范围为40的IP接口1.1.3.1和子网1.1/16上运行
2. R3 registers BGP4 protocol as running on the IP interface 1.1.3.2 and subnet 1.1/16 with scope 40 within AS100
2. R3将BGP4协议注册为在IP接口1.1.3.2和子网1.1/16上运行,范围为AS100中的40
For simplicity the real PNNI routing level have been specified, which are 60 and 40. Instead of these two values the clients would use an abstract membership scope "local" and "local+1". In addition, all registered information would be part of the same VPN ID.
为简单起见,已指定实际PNNI路由级别,即60和40。客户机将使用抽象成员范围“local”和“local+1”,而不是这两个值。此外,所有注册信息都将是同一VPN ID的一部分。
Table 1 describes the resulting distribution and visibility of registrations and whether the routers not only see but also utilize the received information. After convergence of protocols and the building of necessary adjacencies and sessions, the overlying IP topology is illustrated in Figure 2.
表1描述了注册的结果分布和可见性,以及路由器是否不仅看到而且利用了接收到的信息。在协议聚合并建立必要的邻接和会话之后,图2显示了覆盖的IP拓扑。
AS101 DMZ AS100
######### ##########
# #
| # | # |
+-- R1 ---------+ # R4 --+
| # | # |
| # | BGP4 on # OSPF on |
| OSPF on # | subnet # subnet |
| subnet # | 1.1/16 # 1.1.2/24 |
| 1.1.1/24 # | # |
| # +------------------- R3 --+
+-- R2 # | # |
| # #
######### ##########
AS101 DMZ AS100
######### ##########
# #
| # | # |
+-- R1 ---------+ # R4 --+
| # | # |
| # | BGP4 on # OSPF on |
| OSPF on # | subnet # subnet |
| subnet # | 1.1/16 # 1.1.2/24 |
| 1.1.1/24 # | # |
| # +------------------- R3 --+
+-- R2 # | # |
| # #
######### ##########
Figure 2: OSPF and BGP scalability with Proxy-PAR autodetection (IP topology).
图2:具有代理PAR自动检测(IP拓扑)的OSPF和BGP可伸缩性。
Expressing the above statements differently, one can say that if the scope of the Proxy-PAR information indicates that a distribution beyond the boundaries of the peer group is necessary, the leader of a peer group collects such information and propagates it into a higher layer of the PNNI hierarchy. As no assumptions except scope values can normally be made about the information distributed (e.g. IP addresses bound to AESAs are not assumed to be aligned with them in any respect), such information cannot be summarized. This makes a careful handling of scopes necessary to preserve the scalability of the approach as described above.
以不同的方式表达上述陈述,可以说,如果代理PAR信息的范围表明需要超出对等组边界的分布,则对等组的领导人收集此类信息并将其传播到PNNI层次结构的更高层。由于除了范围值之外,通常无法对所分发的信息进行任何假设(例如,绑定到AESA的IP地址在任何方面都不会与之对齐),因此无法对此类信息进行总结。这使得仔细处理范围成为必要,以保持上述方法的可伸缩性。
Reg# 1. 2. 3. 4. 5. 6.
Router#
-----------------------------
R1 R U R U
R2 U R Q Q
R3 R U R U
R4 U R Q Q
Reg# 1. 2. 3. 4. 5. 6.
Router#
-----------------------------
R1 R U R U
R2 U R Q Q
R3 R U R U
R4 U R Q Q
R registered Q seen through query U used (implies Q)
R通过使用的查询U看到的注册Q(暗示Q)
Table 1: Flooding scopes of Proxy-PAR registrations.
表1:代理PAR注册的泛洪范围。
3 Proxy-PAR Protocols
3代理PAR协议
The Proxy-PAR Hello Protocol is closely related to the Hello protocol specified in [2]. It uses the same packet header and version negotiation methods. For the sake of simplicity, states that are irrelevant to Proxy-PAR have been removed from the original PNNI Hello protocol. The purpose of the Proxy-PAR Hello protocol is to establish and maintain a Proxy-PAR adjacency between the client and server that supports the exchange of registration and query messages. If the protocol is executed across multiple, parallel links between the same server and client pair, individual registration and query sessions are associated with a specific link. It is the responsibility of the client and server to assign registration and query sessions to the various communication instances. Proxy-PAR can be run in the same granularity as ILMI [4] to support virtual links and VP tunnels.
代理PAR Hello协议与[2]中指定的Hello协议密切相关。它使用相同的包头和版本协商方法。为了简单起见,与代理PAR无关的状态已从原始PNNI Hello协议中删除。代理PAR Hello协议的目的是在客户端和服务器之间建立和维护代理PAR邻接,以支持注册和查询消息的交换。如果协议在同一服务器和客户端对之间的多个并行链路上执行,则单个注册和查询会话与特定链路相关联。客户端和服务器负责为各种通信实例分配注册和查询会话。代理PAR可以与ILMI[4]以相同的粒度运行,以支持虚拟链路和VP隧道。
In addition to the PNNI Hello, the Proxy-PAR Hellos travelling from the server to the client inform the client about the lifetime the server assigns to registered information. The client has to retrieve this interval from the Hello packet and set its refresh interval to a value below the obtained time interval in order to avoid the aging out of registered information by the server.
除了PNNI Hello之外,从服务器到客户机的代理PAR Hello会通知客户机服务器分配给注册信息的生存期。客户端必须从Hello数据包中检索此间隔,并将其刷新间隔设置为低于获得的时间间隔的值,以避免服务器对已注册信息的老化。
The registration and query protocols enable the client to announce and learn about protocols supported by the clients. All query/register operations are initiated by the clients. The server never tries to push information to the client. It is the client's responsibility to register and refresh the set of protocols supported
注册和查询协议使客户机能够宣布和了解客户机支持的协议。所有查询/注册操作都由客户端启动。服务器从不尝试将信息推送到客户端。客户端负责注册和刷新支持的协议集
and to re-register them when changes occur. In the same sense, the client must query the information from the server at appropriate time intervals if it wishes to obtain the latest information. It is important to note that neither client nor server is supposed to cache any state information about the information stored by the other side.
并在发生更改时重新注册。同样,如果客户机希望获得最新信息,则必须在适当的时间间隔从服务器查询信息。需要注意的是,客户端和服务器都不应该缓存关于另一方存储的信息的任何状态信息。
Registered information is associated with an ATM address and scope inside the PNNI hierarchy. From the IP point of view, all information is associated with a VPN ID, IP address, subnet mask, and IP protocol family. In this context, each VPN refers to a completely separated IP address space. For example <A, 194.194.1.01, 255.255.255.0, OSPF> describes an OSPF interface in VPN A. In addition to the IP scope further parameters can be registered that contain more detailed information about the protocol itself. In the above example this would be OSPF-specific information such as the area ID or router priority. However, Proxy-PAR server takes only the ATM and IP-specific information into account when retrieving information that was queried. Protocol specific information is never looked at by a Proxy-PAR server.
注册信息与PNNI层次结构内的ATM地址和作用域相关联。从IP的角度来看,所有信息都与VPN ID、IP地址、子网掩码和IP协议系列相关联。在此上下文中,每个VPN都指一个完全分离的IP地址空间。例如<A,194.194.1.01,255.255.255.0,OSPF>描述了VPN A中的OSPF接口。除了IP作用域之外,还可以注册包含协议本身更详细信息的其他参数。在上述示例中,这将是特定于OSPF的信息,例如区域ID或路由器优先级。但是,在检索查询的信息时,代理PAR服务器只考虑ATM和IP特定的信息。代理服务器从不查看特定于协议的信息。
The registration protocol enables a client to register the protocols and services it supports. All protocols are associated with a specific AESA and membership scope in the PNNI hierarchy. As the default scope, implementations should choose the local scope of the PNNI peer group. In this way, manual configuration can be avoided unless information has to cross PNNI peer group boundaries. PNNI is responsible for the correct flooding either in the local peer group or across the hierarchy.
注册协议使客户端能够注册其支持的协议和服务。所有协议都与PNNI层次结构中的特定AESA和成员范围相关联。作为默认范围,实现应选择PNNI对等组的本地范围。这样,可以避免手动配置,除非信息必须跨越PNNI对等组边界。PNNI负责本地对等组或整个层次结构中的正确泛洪。
The registration protocol is aligned with the standard initial topology database exchange protocol used in link-state routing protocols as far as possible. It uses a window size of one. A single information element is registered at a time and must be acknowledged before a new registration packet can be sent. The protocol uses ' initialization' and 'more' bits in the same manner PNNI and OSPF do. Any registration on a link unconditionally overwrites all registration data previously received on the same link. By means of a return code the server indicates to the client whether the registration was successful.
注册协议尽可能与链路状态路由协议中使用的标准初始拓扑数据库交换协议保持一致。它使用的窗口大小为1。一次只注册一个信息元素,在发送新的注册数据包之前,必须确认该信息元素。该协议以与PNNI和OSPF相同的方式使用“初始化”和“更多”位。链路上的任何注册都将无条件覆盖以前在同一链路上接收到的所有注册数据。服务器通过返回代码向客户端指示注册是否成功。
Apart form the IP-related information, the protocol also offers a generic interface to the PNNI flooding. By means of so-called System Capabilities Information Groups other information can be distributed that can be used for proprietary or experimental implementations.
除了与IP相关的信息外,该协议还为PNNI泛洪提供了通用接口。通过所谓的系统功能信息组,可以分发其他信息,这些信息可用于专有或实验性实现。
The client uses the query protocol to obtain information about services registered by other clients. The client requests services registered within a specific membership scope, VPN and IP address prefix. It is always the client's task to request information, the server never makes an attempt to push information to the client. If the client needs to filter the returned data based on service-specific information, such as BGP AS, it must parse and interpret the received information. The server never looks beyond the IP scope.
客户机使用查询协议获取有关其他客户机注册的服务的信息。客户端请求在特定成员范围、VPN和IP地址前缀内注册的服务。请求信息始终是客户机的任务,服务器从不尝试将信息推送到客户机。如果客户端需要根据特定于服务的信息(如BGP as)过滤返回的数据,则必须解析和解释接收到的信息。服务器从不超出IP范围。
The more generic interface to the flooding is supported in a similar manner as the registration protocol.
泛洪的更通用接口以与注册协议类似的方式得到支持。
4 Supported Protocols
4支持的协议
Currently the protocols indicated in Table 2 have been included. Furthermore, for protocols marked 'yes', additional information has been specified that is beneficial for their operation. Many of the protocols do not need additional information; it is sufficient to know they are supported and to which addresses they are bound.
目前已包括表2中所示的协议。此外,对于标记为“是”的协议,已指定有利于其操作的附加信息。许多协议不需要额外的信息;知道它们受支持以及它们绑定到哪个地址就足够了。
To include other information in an experimental manner the generic information element can be used to carry such information.
为了以实验方式包含其他信息,可以使用通用信息元素来携带此类信息。
5 VPN Support
5 VPN支持
To implement virtual private networks all information distributed via PAR can be scoped under a VPN ID [1]. Based on this ID, individual VPNs can be separated. Inside a certain VPN further distinctions can be made according to IP-address-related information and/or protocol type.
为了实现虚拟专用网络,通过PAR分发的所有信息可以在VPN ID(1)下进行范围化。基于此ID,可以分离各个VPN。在特定VPN内,可根据IP地址相关信息和/或协议类型进行进一步区分。
In most cases the best VPN support can be provided when Proxy-PAR is used between the client and server because in this way it is possible to hide the real PNNI topology from the client. The PAR capable server translates from the abstract membership scope into the real PNNI routing level. In this way the real PNNI topology is hidden from the client and the server can apply restrictions in the PNNI scope. The server can for instance have a mapping such that the membership scope "global" is mapped to the highest level peer group to which a particular VPN has access. Thus the membership scopes can be seen as hierarchical structuring inside a certain VPN. With such mappings a network provider can also change the mapping without having to reconfigure the clients.
在大多数情况下,当在客户端和服务器之间使用代理PAR时,可以提供最佳VPN支持,因为通过这种方式可以对客户端隐藏真实的PNNI拓扑。PAR有能力的服务器从抽象的成员范围转换为真正的PNNI路由级别。通过这种方式,真实的PNNI拓扑对客户端隐藏,服务器可以在PNNI范围内应用限制。例如,服务器可以具有映射,使得成员范围“全局”映射到特定VPN可以访问的最高级别对等组。因此,可以将成员范围视为特定VPN内的分层结构。通过这种映射,网络提供商也可以更改映射,而无需重新配置客户端。
For more secure VPN implementations it will also be necessary to implement VPN ID filters on the server side. In this way a client can be restricted to a certain set (typically one) of VPN IDs. The server will then allow queries and registrations only from the clients that are in the allowed VPNs. In this way it is possible to avoid an attached client from finding devices that are outside of its own VPN. There is even room for further restriction in terms of not allowing wildcard queries by a client. In terms of security, some of the protocols have their own methods, so PAR is only used for the discovery of the counterparts. For instance OSPF has an authentication that can be used during the OSPF operation. Hence even in the case where two wrong partners find each other, they will not communicate because they will not be able to authenticate each other.
为了实现更安全的VPN,还需要在服务器端实现VPN ID过滤器。通过这种方式,客户机可以被限制为一组特定的VPN ID(通常是一个)。然后,服务器将只允许来自允许的VPN中的客户端的查询和注册。通过这种方式,可以避免连接的客户端查找其自身VPN之外的设备。在不允许客户端进行通配符查询方面,甚至还有进一步限制的余地。在安全性方面,有些协议有自己的方法,所以PAR只用于发现对等体。例如,OSPF具有可在OSPF操作期间使用的身份验证。因此,即使在两个错误的合作伙伴找到对方的情况下,他们也不会通信,因为他们无法相互验证。
Protocol Additional Info
协议附加信息
-------------------------------
OSPF yes
RIP
RIPv2
BGP3
BGP4 yes
EGP
IDPR
MOSPF yes
DVMRP
CBT
PIM-SM
IGRP
IS-IS
ES-IS
ICMP
GGP
BBN SPF IGP
PIM-DM
MARS
NHRP
ATMARP
DHCP
DNS yes
-------------------------------
OSPF yes
RIP
RIPv2
BGP3
BGP4 yes
EGP
IDPR
MOSPF yes
DVMRP
CBT
PIM-SM
IGRP
IS-IS
ES-IS
ICMP
GGP
BBN SPF IGP
PIM-DM
MARS
NHRP
ATMARP
DHCP
DNS yes
Table 2: Additional protocol information carried in PAR and PPAR.
表2:PAR和PPAR中附加的协议信息。
The VPN ID used by PAR and Proxy-PAR is aligned with the VPN ID used by other protocols from the ATM Forum and IETF. The VPN ID is structured into two parts, namely the 3-byte-long OUI plus a 4-byte index.
由PAR和代理PAR使用的VPN ID与ATM论坛和IETF中其他协议使用的VPN ID相一致。VPN ID分为两部分,即3字节长的OUI加上4字节索引。
6 Interoperation with ILMI based Server Discovery
6与基于ILMI的服务器发现的互操作
PAR can be used to complement the server discovery via ILMI as specified in [11,12,13]. It can be used to provide the flooding of information across the PNNI network. For this purpose a server has to register with a PAR-capable device. This can be achieved via Proxy-PAR or a direct PAR interaction. Manual configuration would also be possible. For instance the ATMARP server could register its service via Proxy-PAR. A direct interaction with PAR will be required in order to provide an appropriate flooding scope.
PAR可以用来通过ILMI来补充服务器发现,如在[11],[12],[13]中指定的。它可用于在PNNI网络上提供大量信息。为此,服务器必须向支持PAR的设备注册。这可以通过代理PAR或直接PAR交互来实现。手动配置也是可能的。例如,ATMARP服务器可以通过代理PAR注册其服务。为了提供适当的洪泛范围,将需要与PAR直接交互。
A PAR-capable device that has the additional MIB variables in the Service Registry MIB can set these variables when getting information via PAR. All required information is either contained in PAR or is static, such as the IP version.
在服务注册表MIB中具有附加MIB变量的PAR有能力的设备可以通过PAR获取信息时设置这些变量。所有需要的信息要么包含在PAR中,要么是静态的,例如IP版本。
7 Security Consideration
7安全考虑
The Proxy-PAR protocol itself does not have its own security concepts. As PAR is an extension of PNNI, it has all the security features that come with PNNI. In addition, the protocol is mainly used for automatic discovery of peers for certain protocols. After the discovery process the security concepts of the individual protocol are used for the bring-up. As explained in the section about VPN support, the only security considerations are on the server side, where access filters for VPN IDs can be implemented and restrictive membership scope mappings can be configured.
代理PAR协议本身没有自己的安全概念。由于PAR是PNNI的扩展,它具有PNNI所带来的所有安全特性。此外,该协议主要用于自动发现某些协议的对等点。在发现过程之后,将使用各个协议的安全概念进行启动。正如在关于VPN支持的部分中所解释的,唯一的安全注意事项是在服务器端,在服务器端可以实现VPN ID的访问过滤器,并且可以配置限制性的成员范围映射。
8 Conclusion
8结论
This document describes the basic functions of Proxy-PAR, which has been specified within the ATM Forum body. The main purpose of the protocol is to provide automatic detection and configuration of non-ATM devices over an ATM cloud.
本文件描述了ATM论坛机构中指定的代理PAR的基本功能。该协议的主要目的是通过ATM云提供非ATM设备的自动检测和配置。
In the future, support for further protocols and address families may be added to widen the scope of applicability of Proxy-PAR.
将来,可能会增加对进一步协议和地址族的支持,以扩大代理PAR的适用范围。
9 Bibliography
9参考书目
[1] Fox, B. and B. Gleeson, "Virtual Private Networks Identifier", RFC 2685, September 1999.
[1] Fox,B.和B.Gleeson,“虚拟专用网络标识符”,RFC 26851999年9月。
[2] ATM-Forum, "Private Network-Network Interface Specification Version 1.0." ATM Forum af-pnni-0055.000, March 1996.
[2] ATM论坛,“专用网络接口规范1.0版”,ATM论坛af-pnni-0055.000,1996年3月。
[3] ATM-Forum, "PNNI Augmented Routing (PAR) Version 1.0." ATM Forum af-ra-0104.000, January 1999.
[3] ATM论坛,“PNNI增强路由(PAR)1.0版”,ATM论坛af-ra-0104.000,1999年1月。
[4] ATM-Forum, "Interim Local Management Interface, (ILMI) Specification 4.0." ATM Forum af-ilmi-0065.000, September 1996.
[4] ATM论坛,“临时本地管理接口(ILMI)规范4.0”,ATM论坛af-ILMI-0065.000,1996年9月。
[5] Laubach, J., "Classical IP and ARP over ATM", RFC 2225, April 1998.
[5] Laubach,J.,“ATM上的经典IP和ARP”,RFC2225,1998年4月。
[6] Moy, J., "Extending OSPF to Support Demand Circuits", RFC 1793, April 1995.
[6] Moy,J.,“扩展OSPF以支持需求电路”,RFC 1793,1995年4月。
[7] ATM-Forum, "LAN Emulation over ATM 1.0." ATM Forum af-lane-0021.000, January 1995.
[7] ATM论坛,“ATM 1.0上的局域网仿真”,ATM论坛af-lane-0021.000,1995年1月。
[8] Armitage, G., "Support for Multicast over UNI 3.0/3.1 based ATM Networks", RFC 2022, November 1996.
[8] Armitage,G.“支持基于UNI 3.0/3.1的ATM网络上的多播”,RFC 2022,1996年11月。
[9] Droz, P., Haas, R. and T. Przygienda, "OSPF over ATM and Proxy PAR", RFC 2844, May 2000.
[9] Droz,P.,Haas,R.和T.Przygienda,“ATM上的OSPF和代理PAR”,RFC 2844,2000年5月。
[10] Coltun, R., "The OSPF Opaque LSA Option", RFC 2328, July 1998.
[10] Coltun,R.,“OSPF不透明LSA选项”,RFC 23281998年7月。
[11] Davison, M., "ILMI-Based Server Discovery for ATMARP", RFC 2601, June 1999.
[11] Davidson,M.,“基于ILMI的ATMARP服务器发现”,RFC 2601,1999年6月。
[12] Davison, M., "ILMI-Based Server Discovery for MARS", RFC 2602, June 1999.
[12] Davidson,M.,“基于ILMI的火星服务器发现”,RFC 26021999年6月。
[13] Davison, M., "ILMI-Based Server Discovery for NHRP", RFC 2603, June 1999.
[13] Davidson,M.,“基于ILMI的NHRP服务器发现”,RFC 26031999年6月。
Authors' Addresses
作者地址
Patrick Droz IBM Research Zurich Research Laboratory Saumerstrasse 4 8803 Ruschlikon Switzerland
Patrick Droz IBM苏黎世研究实验室Saumerstrasse 4 8803 Ruschlikon瑞士
EMail: dro@zurich.ibm.com
EMail: dro@zurich.ibm.com
Tony Przygienda Siara Systems Incorporated 1195 Borregas Avenue Sunnyvale, CA 94089 USA
Tony Przygienda Siara Systems Incorporated 1195 Borregas Avenue Sunnyvale,CA 94089美国
EMail: prz@siara.com
EMail: prz@siara.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。