RFC 5943: A Dedicated Routing Policy Specification Language Interface Identifier for Operational Testing 中文翻译

Internet Engineering Task Force (IETF)                  B. Haberman, Ed.
Request for Comments: 5943                                       JHU APL
Category: Standards Track                                    August 2010
ISSN: 2070-1721
        

Internet Engineering Task Force (IETF)                  B. Haberman, Ed.
Request for Comments: 5943                                       JHU APL
Category: Standards Track                                    August 2010
ISSN: 2070-1721
        

A Dedicated Routing Policy Specification Language Interface Identifier for Operational Testing

用于操作测试的专用路由策略规范语言接口标识符

Abstract

摘要

The deployment of new IP connectivity typically results in intermittent reachability for numerous reasons that are outside the scope of this document. In order to aid in the debugging of these persistent problems, this document proposes the creation of a new Routing Policy Specification Language attribute that allows a network to advertise an IP address that is reachable and can be used as a target for diagnostic tests (e.g., pings).

部署新的IP连接通常会导致间歇性的可达性，原因很多，超出了本文档的范围。为了帮助调试这些持久性问题，本文档建议创建一个新的路由策略规范语言属性，该属性允许网络公布可访问的IP地址，并可将其用作诊断测试（例如ping）的目标。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组（IETF）的产品。它代表了IETF社区的共识。它已经接受了公众审查，并已被互联网工程指导小组（IESG）批准出版。有关互联网标准的更多信息，请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5943.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息，请访问http://www.rfc-editor.org/info/rfc5943.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有（c）2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件，因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本，并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  RPSL Extension for Diagnostic Address . . . . . . . . . . . . . 2
   3.  Using the RPSL Pingable Attribute . . . . . . . . . . . . . . . 3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 4
   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 4
        

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  RPSL Extension for Diagnostic Address . . . . . . . . . . . . . 2
   3.  Using the RPSL Pingable Attribute . . . . . . . . . . . . . . . 3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 4
   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 4
        

1. Introduction

1. 介绍

The deployment of new IP connectivity typically results in intermittent reachability for numerous reasons that are outside the scope of this document. In order to aid in the debugging of these persistent problems, this document proposes the creation of a new Routing Policy Specification Language attribute [RFC4012] that allows a network to advertise an IP address that is reachable and can be used as a target for diagnostic tests (e.g., pings).

部署新的IP连接通常会导致间歇性的可达性，原因很多，超出了本文档的范围。为了帮助调试这些持久性问题，本文档建议创建一个新的路由策略规范语言属性[RFC4012]，该属性允许网络公布一个可访问的IP地址，该地址可作为诊断测试（例如ping）的目标。

The goal of this diagnostic address is to provide operators a means to advertise selected hosts that can be targets of tests for such common issues as reachability and Path MTU discovery.

此诊断地址的目标是为运营商提供一种方法来公布选定的主机，这些主机可能是可访问性和路径MTU发现等常见问题的测试目标。

The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中大写的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中的说明进行解释。

2. RPSL Extension for Diagnostic Address

2. 诊断地址的RPSL扩展

Network operators wishing to provide a diagnostic address for their peers, customers, etc., MAY advertise its existence via the Routing Policy Specification Language [RFC4012] [RFC2622]. The pingable attribute is a member of the route and route6 objects in the RPSL. The definition of the pingable attribute is shown in Figure 1.

希望为其对等方、客户等提供诊断地址的网络运营商可通过路由策略规范语言[RFC4012][RFC2622]公布其存在。pingable属性是RPSL中route和route6对象的成员。pingable属性的定义如图1所示。

   +-----------+-------------------+--------------+
   | Attribute |       Value       |    Type      |
   +-----------+-------------------+--------------+
   |  pingable | <ipv6-address> or |  optional,   |
   |           | <ipv4-address>    | multi-valued |
   +-----------+-------------------+--------------+
   |  ping-hdl |   <nic-handle>    |  optional,   |
   |           |                   | multi-valued |
   +-----------+-------------------+--------------+
        

   +-----------+-------------------+--------------+
   | Attribute |       Value       |    Type      |
   +-----------+-------------------+--------------+
   |  pingable | <ipv6-address> or |  optional,   |
   |           | <ipv4-address>    | multi-valued |
   +-----------+-------------------+--------------+
   |  ping-hdl |   <nic-handle>    |  optional,   |
   |           |                   | multi-valued |
   +-----------+-------------------+--------------+
        

Figure 1: Pingable Attribute Specification

图1：可ping属性规范

The exact definitions of <ipv4-address> and <nic-handle> can be found in [RFC2622], while the definition of <ipv6-address> is in [RFC4012].

<ipv4地址>和<nic句柄>的确切定义见[RFC2622]，而<ipv6地址>的定义见[RFC4012]。

The pingable attribute allows a network operator to advertise an IP address of a node that should be reachable from outside networks. This node can be used as a destination address for diagnostic tests. The address specified MUST fall within the IP address range advertised in the route/route6 object containing the pingable attribute. The ping-hdl provides a link to contact information for an entity capable of responding to queries concerning the specified IP address. An example of using the pingable attribute is shown in Figure 2.

pingable属性允许网络运营商公布应该可以从外部网络访问的节点的IP地址。此节点可用作诊断测试的目标地址。指定的地址必须在包含pingable属性的route/route6对象中公布的IP地址范围内。ping hdl为能够响应有关指定IP地址的查询的实体提供联系信息的链接。使用pingable属性的示例如图2所示。

   route6: 2001:DB8::/32
   origin: AS64500
   pingable: 2001:DB8::DEAD:BEEF
   ping-hdl: OPS4-RIPE
        

   route6: 2001:DB8::/32
   origin: AS64500
   pingable: 2001:DB8::DEAD:BEEF
   ping-hdl: OPS4-RIPE
        

Figure 2: Pingable Attribute Example

图2：可ping属性示例

3. Using the RPSL Pingable Attribute

3. 使用RPSL Pingable属性

The presence of one or more pingable attributes signals to network operators that the operator of the target network is providing the address(es) for external diagnostic testing. Tests involving the advertised address(es) SHOULD be rate limited to no more than ten probes in a five-minute window unless prior arrangements are made with the maintainer of the attribute.

一个或多个可ping属性的存在向网络运营商发出信号，表明目标网络的运营商正在为外部诊断测试提供地址。涉及公布地址的测试应限制在五分钟内不超过十个探针，除非事先与属性的维护者进行了安排。

4. Security Considerations

4. 安全考虑

The use of routing registries based on RPSL requires a significant level of security. In-depth discussion of the authentication and authorization capabilities and weaknesses within RPSL is in [RFC2725]. The application of authentication in RPSL is key considering the vulnerabilities that may arise from the abuse of the pingable attribute by nefarious actors. Additional RPSL security issues are discussed in the Security Considerations sections of [RFC2622] and [RFC4012].

基于RPSL的路由注册表的使用需要相当高的安全级别。[RFC2725]中深入讨论了RPSL中的身份验证和授权功能以及弱点。考虑到恶意参与者滥用pingable属性可能产生的漏洞，在RPSL中应用身份验证是关键。[RFC2622]和[RFC4012]的安全注意事项部分讨论了其他RPSL安全问题。

The publication of this attribute only explicitly signals the availability of an ICMP Echo Request/Echo Response service on the specified IP address. The operator, at his/her discretion, MAY deploy other services at the same IP address. These services may be impacted by the ping service, given its publicity via the RPSL.

此属性的发布仅明确表示指定IP地址上ICMP回显请求/回显响应服务的可用性。运营商可自行决定在同一IP地址部署其他服务。鉴于ping服务通过RPSL进行宣传，这些服务可能会受到影响。

While this document specifies that external users of the pingable attribute rate limit their probes, there is no guarantee that they will do so. Operators publicizing a pingable attribute are encouraged to deploy their own rate limiting for the advertised IP address in order to reduce the risk of a denial-of-service attack. Services, protocols, and ports on the advertised IP address should be filtered if they are not intended for external users.

虽然本文档指定pingable属性速率的外部用户限制他们的探测，但不能保证他们会这样做。鼓励公布可ping属性的运营商为公布的IP地址部署自己的速率限制，以降低拒绝服务攻击的风险。如果播发IP地址上的服务、协议和端口不是供外部用户使用的，则应对其进行筛选。

5. Acknowledgements

5. 致谢

Randy Bush and David Farmer provided the original concept for the pingable attribute and useful comments on preliminary versions of this document. Joe Abley provided comments that justified moving the attribute to the route/route6 object and the inclusion of a point of contact. Larry Blunk, Tony Tauber, David Harrington, Nicolas Williams, Sean Turner, and Peter Saint-Andre provided useful comments to improve the document.

Randy Bush和David Farmer提供了pingable属性的原始概念，并对本文档的初步版本提供了有用的注释。Joe Abley提供的注释证明了将属性移动到route/route6对象以及包含接触点的合理性。拉里·布伦克、托尼·陶伯、大卫·哈林顿、尼古拉斯·威廉姆斯、肖恩·特纳和彼得·圣安德烈为改进该文件提供了有用的意见。

6. Normative References

6. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner，S.，“RFC中用于表示需求水平的关键词”，BCP 14，RFC 2119，1997年3月。

[RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra, "Routing Policy Specification Language (RPSL)", RFC 2622, June 1999.

[RFC2622]Alaettinoglu，C.，Villamizar，C.，Gerich，E.，Kessens，D.，Meyer，D.，Bates，T.，Karrenberg，D.，和M.Terpstra，“路由策略规范语言（RPSL）”，RFC 26221999年6月。

[RFC2725] Villamizar, C., Alaettinoglu, C., Meyer, D., and S. Murphy, "Routing Policy System Security", RFC 2725, December 1999.

[RFC2725]Villamizar，C.，Alaettinoglu，C.，Meyer，D.，和S.Murphy，“路由策略系统安全”，RFC 27251999年12月。

[RFC4012] Blunk, L., Damas, J., Parent, F., and A. Robachevsky, "Routing Policy Specification Language next generation (RPSLng)", RFC 4012, March 2005.

[RFC4012]Blunk，L.，Damas，J.，Parent，F.，和A.Robachevsky，“下一代路由策略规范语言（RPSLng）”，RFC4012，2005年3月。

Author's Address

作者地址

Brian Haberman (editor) Johns Hopkins University Applied Physics Lab 11100 Johns Hopkins Road Laurel, MD 20723-6099 US

布莱恩·哈伯曼（编辑）约翰·霍普金斯大学应用物理实验室美国马里兰州劳雷尔市约翰·霍普金斯路11100号20723-6099

   Phone: +1 443 778 1319
   EMail: brian@innovationslab.net
        

   Phone: +1 443 778 1319
   EMail: brian@innovationslab.net