Internet Engineering Task Force (IETF) B. Liu, Ed.
Request for Comments: 8196 Huawei Technologies
Category: Standards Track L. Ginsberg
ISSN: 2070-1721 Cisco Systems
B. Decraene
Orange
I. Farrer
Deutsche Telekom AG
M. Abrahamsson
T-Systems
July 2017
Internet Engineering Task Force (IETF) B. Liu, Ed.
Request for Comments: 8196 Huawei Technologies
Category: Standards Track L. Ginsberg
ISSN: 2070-1721 Cisco Systems
B. Decraene
Orange
I. Farrer
Deutsche Telekom AG
M. Abrahamsson
T-Systems
July 2017
IS-IS Autoconfiguration
IS-IS自动配置
Abstract
摘要
This document specifies IS-IS autoconfiguration mechanisms. The key components are IS-IS System ID self-generation, duplication detection, and duplication resolution. These mechanisms provide limited IS-IS functions and are therefore suitable for networks where plug-and-play configuration is expected.
本文档指定IS-IS自动配置机制。关键组件是IS-IS系统ID自动生成、重复检测和重复解析。这些机制提供有限的IS-IS功能,因此适用于需要即插即用配置的网络。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8196.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc8196.
Copyright Notice
版权公告
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Specification . . . . . . . . . . . . . . . . . . . 4
3.1. IS-IS Default Configuration . . . . . . . . . . . . . . . 4
3.2. IS-IS NET Generation . . . . . . . . . . . . . . . . . . 4
3.3. Router-Fingerprint TLV . . . . . . . . . . . . . . . . . 6
3.4. Protocol Operation . . . . . . . . . . . . . . . . . . . 7
3.4.1. Startup Mode . . . . . . . . . . . . . . . . . . . . 7
3.4.2. Adjacency Formation . . . . . . . . . . . . . . . . . 8
3.4.3. IS-IS System ID Duplication Detection . . . . . . . . 8
3.4.4. Duplicate System ID Resolution Procedures . . . . . . 8
3.4.5. System ID and Router-Fingerprint Generation
Considerations . . . . . . . . . . . . . . . . . . . 9
3.4.6. Duplication of Both System ID and Router-Fingerprint 10
3.5. Additional IS-IS TLVs Usage Guidelines . . . . . . . . . 12
3.5.1. Authentication TLV . . . . . . . . . . . . . . . . . 12
3.5.2. Metric Used in Reachability TLVs . . . . . . . . . . 12
3.5.3. Dynamic Name TLV . . . . . . . . . . . . . . . . . . 12
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . 14
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Specification . . . . . . . . . . . . . . . . . . . 4
3.1. IS-IS Default Configuration . . . . . . . . . . . . . . . 4
3.2. IS-IS NET Generation . . . . . . . . . . . . . . . . . . 4
3.3. Router-Fingerprint TLV . . . . . . . . . . . . . . . . . 6
3.4. Protocol Operation . . . . . . . . . . . . . . . . . . . 7
3.4.1. Startup Mode . . . . . . . . . . . . . . . . . . . . 7
3.4.2. Adjacency Formation . . . . . . . . . . . . . . . . . 8
3.4.3. IS-IS System ID Duplication Detection . . . . . . . . 8
3.4.4. Duplicate System ID Resolution Procedures . . . . . . 8
3.4.5. System ID and Router-Fingerprint Generation
Considerations . . . . . . . . . . . . . . . . . . . 9
3.4.6. Duplication of Both System ID and Router-Fingerprint 10
3.5. Additional IS-IS TLVs Usage Guidelines . . . . . . . . . 12
3.5.1. Authentication TLV . . . . . . . . . . . . . . . . . 12
3.5.2. Metric Used in Reachability TLVs . . . . . . . . . . 12
3.5.3. Dynamic Name TLV . . . . . . . . . . . . . . . . . . 12
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . 14
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
This document specifies mechanisms for IS-IS [RFC1195] [ISO_IEC10589] [RFC5308] to be autoconfiguring. Such mechanisms could reduce the management burden for configuring a network, especially where plug-and-play device configuration is required.
本文件规定了自动配置IS-IS[RFC1195][ISO_IEC10589][RFC5308]的机制。这种机制可以减少配置网络的管理负担,特别是在需要即插即用设备配置的情况下。
IS-IS autoconfiguration is comprised of the following functions:
IS-IS自动配置由以下功能组成:
1. IS-IS default configuration
1. IS-IS默认配置
2. IS-IS System ID self-generation
2. IS-IS系统ID自动生成
3. System ID duplication detection and resolution
3. 系统ID重复检测和解析
4. IS-IS TLV utilization (authentication TLV, metrics in reachability advertisements, and Dynamic Name TLV)
4. IS-IS TLV利用率(认证TLV、可达性广告中的指标和动态名称TLV)
This document also defines mechanisms to prevent the unintentional interoperation of autoconfigured routers with non-autoconfigured routers. See Section 3.3.
本文档还定义了防止自动配置路由器与非自动配置路由器无意间互操作的机制。见第3.3节。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. When these words are not in ALL CAPS (such as "should" or "Should"), they have their usual English meanings and are not to be interpreted as [RFC2119] key words.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。当这些词不在所有大写字母中时(如“应该”或“应该”),它们具有通常的英语含义,不应解释为[RFC2119]关键词。
The autoconfiguration mechanisms support both IPv4 and IPv6 deployments.
自动配置机制支持IPv4和IPv6部署。
These autoconfiguration mechanisms aim to cover simple deployment cases. The following important features are not supported:
这些自动配置机制旨在覆盖简单的部署情况。不支持以下重要功能:
o multiple IS-IS instances
o 多个IS-IS实例
o multi-area and level-2 routing
o 多区域和二级布线
o interworking with other routing protocols
o 与其他路由协议互通
IS-IS autoconfiguration is primarily intended for use in small (i.e., 10s of devices) and unmanaged deployments. It allows IS-IS to be used without the need for any configuration by the user. It is not recommended for larger deployments.
IS-IS自动配置主要用于小型(即10秒的设备)和非托管部署。它允许使用IS-IS,而无需用户进行任何配置。不建议将其用于较大的部署。
This section defines the default configuration for an autoconfigured router.
本节定义自动配置路由器的默认配置。
o IS-IS interfaces MUST be autoconfigured to an interface type corresponding to their Layer 2 capability. For example, Ethernet interfaces will be autoconfigured as broadcast networks and Point-to-Point Protocol (PPP) interfaces will be autoconfigured as Point-to-Point interfaces.
o IS-IS接口必须自动配置为与其第2层功能相对应的接口类型。例如,以太网接口将自动配置为广播网络,点对点协议(PPP)接口将自动配置为点对点接口。
o IS-IS autoconfiguration instances MUST be configured as level-1 so that the interfaces operate as level-1 only.
o IS-IS自动配置实例必须配置为1级,以便接口只能作为1级运行。
o originatingLSPBufferSize is set to 512.
o originatingLSPBufferSize设置为512。
o MaxAreaAddresses is set to 3.
o MaxAreaAddresses设置为3。
o Extended IS reachability (TLV 22) and IP reachability (TLV 135) TLVs [RFC5305] MUST be used, i.e., a router operating in autoconfiguration mode MUST NOT use any of the following TLVs:
o 必须使用扩展IS可达性(TLV 22)和IP可达性(TLV 135)TLV[RFC5305],即在自动配置模式下运行的路由器不得使用以下任何TLV:
* IIS Neighbors (TLV 2)
* IIS邻居(TLV 2)
* IP Int. Reach (TLV 128)
* IP内部到达(TLV 128)
* IP Ext. Address (TLV 130)
* IP外部地址(TLV 130)
The TLVs listed above MUST be ignored on receipt.
上述TLV在收到时必须忽略。
In IS-IS, a router (known as an Intermediate System) is identified by a Network Entity Title (NET), which is a type of Network Service Access Point (NSAP). The NET is the address of an instance of the IS-IS protocol running on an IS.
在IS-IS中,路由器(称为中间系统)由网络实体名称(NET)标识,网络实体名称是一种网络服务接入点(NSAP)。网络是在is上运行的is-is协议实例的地址。
The autoconfiguration mechanism generates the IS-IS NET as the following:
自动配置机制生成IS-IS网络,如下所示:
o Area address
o 区域地址
In IS-IS autoconfiguration, this field MUST be 13 octets long and set to all 0s.
在IS-IS自动配置中,此字段的长度必须为13个八位字节,并设置为所有0。
o System ID
o 系统ID
This field follows the area address field and is 6 octets in length. There are two basic requirements for the System ID generation:
该字段位于区域地址字段之后,长度为6个八位字节。系统ID生成有两个基本要求:
- As specified by the IS-IS protocol, this field must be unique among all routers in the same area.
- 根据IS-IS协议的规定,该字段在同一区域的所有路由器中必须是唯一的。
- After its initial generation, the System ID SHOULD remain stable. Changes such as interface enable/disable, interface connect/disconnect, device reboot, firmware update, or configuration changes SHOULD NOT cause the System ID to change. System ID change as part of the System ID collision resolution process MUST be supported. Implementations SHOULD allow the System ID to be cleared by a user-initiated system reset.
- 初始生成后,系统ID应保持稳定。接口启用/禁用、接口连接/断开连接、设备重新启动、固件更新或配置更改等更改不应导致系统ID更改。必须支持将系统ID更改作为系统ID冲突解决过程的一部分。实现应允许通过用户启动的系统重置清除系统ID。
More specific considerations for System ID generation are described in Section 3.4.5.
第3.4.5节描述了系统ID生成的更多具体注意事项。
The Router-Fingerprint TLV is similar to the Router-Hardware-Fingerprint TLV defined in [RFC7503]. However, the TLV defined here includes a Flags field to support indicating that the router is in startup mode and is operating in autoconfiguration mode.
路由器指纹TLV类似于[RFC7503]中定义的路由器硬件指纹TLV。但是,此处定义的TLV包含一个标志字段,以支持指示路由器处于启动模式且在自动配置模式下运行。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | |
+-+-+-+-+-+-+-+-+ Router-Fingerprint (Variable) .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | |
+-+-+-+-+-+-+-+-+ Router-Fingerprint (Variable) .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 15.
类型:15。
Length: The length, in octets, of the "Flags" and "Router-Fingerprint" fields.
长度:“标志”和“路由器指纹”字段的长度(以八位字节为单位)。
Flags: 1 octet.
标志:1个八位组。
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|S|A| Reserved |
+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|S|A| Reserved |
+-+-+-+-+-+-+-+-+
S flag: When set, indicates the router is in "startup" mode.
S标志:设置后,表示路由器处于“启动”模式。
A flag: When set, indicates that the router is operating in autoconfiguration mode. The purpose of the flag is so that two routers can identify if they are both using autoconfiguration. If the A flag setting does not match in hellos, then no adjacency should be formed.
标志:设置后,表示路由器正在自动配置模式下运行。该标志的目的是使两个路由器能够识别它们是否都在使用自动配置。如果hellos中的A标志设置不匹配,则不应形成邻接。
Reserved: These flags MUST be set to zero and MUST be ignored by the receiver.
保留:这些标志必须设置为零,并且必须被接收器忽略。
Router-Fingerprint: 32 or more octets.
路由器指纹:32个或更多八位字节。
More specific considerations for Router-Fingerprint are described in Section 3.4.5.
第3.4.5节描述了路由器指纹的更多具体注意事项。
The Router-Fingerprint TLV with the A flag set MUST be included in IS-IS Hellos (IIHs) originated by a router operating in autoconfiguration mode. An autoconfiguration mode router MUST ignore IIHs that don't contain the Router-Fingerprint TLV with the A flag set.
带有标志集的路由器指纹TLV必须包含在由在自动配置模式下运行的路由器发起的IS-IS Hellos(IIHs)中。自动配置模式路由器必须忽略不包含设置了标志的路由器指纹TLV的IIH。
The Router-Fingerprint TLV with the A flag set MUST be included in Link State PDU (LSP) #0 originated by a router operating in autoconfiguration mode. If an LSP #0 is received by a router operating in autoconfiguration mode and the LSP either does NOT contain a Router-Fingerprint TLV or it does contain a Router-Fingerprint TLV but the A flag is NOT set, then the LSP is flooded as normal, but the entire LSP set originated by the sending router MUST be ignored when running the Decision Process.
具有标志集的路由器指纹TLV必须包含在由在自动配置模式下运行的路由器发起的链路状态PDU(LSP)#0中。如果在自动配置模式下运行的路由器接收到LSP#0,并且LSP不包含路由器指纹TLV,或者它确实包含路由器指纹TLV,但未设置a标志,则LSP将正常泛洪,但在运行决策过程时必须忽略由发送路由器发起的整个LSP集。
The Router-Fingerprint TLV MUST NOT be included in an LSP with a non-zero number and when received MUST be ignored.
路由器指纹TLV不得包含在具有非零编号的LSP中,并且在收到时必须忽略。
This section describes the operation of a router supporting autoconfiguration mode.
本节介绍支持自动配置模式的路由器的操作。
When a router starts operation in autoconfiguration mode, both the S and A flags MUST be set in the Router-Fingerprint TLV included in both hellos and LSP #0. During this mode, only LSP #0 is generated and IS or IP/IPv6 reachability TLVs MUST NOT be included in LSP #0. A router remains in startup mode for a minimum period of time (recommended to be 1 minute). This time should be sufficient to bring up adjacencies to all expected neighbors. A router leaves startup mode once the minimum time has elapsed and full LSP database synchronization is achieved with all neighbors in the UP state.
当路由器在自动配置模式下开始运行时,必须在hellos和LSP#0中包含的路由器指纹TLV中设置S和a标志。在此模式下,仅生成LSP#0,并且LSP#0中不得包含is或IP/IPv6可达性TLV。路由器在启动模式下保持最短时间(建议为1分钟)。这段时间应该足以产生所有预期邻居的邻接。路由器在经过最短时间后离开启动模式,并与处于UP状态的所有邻居实现完全LSP数据库同步。
When a router exits startup mode, it clears the S flag in Router-Fingerprint TLVs that it sends in hellos and LSP #0. The router MAY now advertise the IS neighbor and IP/IPv6 prefix reachability in its LSPs and MAY generate LSPs with a non-zero number.
当路由器退出启动模式时,它会清除它在hellos和LSP#0中发送的路由器指纹TLV中的S标志。路由器现在可以在其LSP中通告IS邻居和IP/IPv6前缀可达性,并且可以生成具有非零数的LSP。
The purpose of startup mode is to minimize the occurrence of System ID changes for a router once it has become fully operational. Any System ID change during startup mode will have minimal impact on a running network because, while in startup mode, the router is not yet being used for forwarding traffic.
启动模式的目的是在路由器完全运行后,将系统ID更改的发生降至最低。启动模式期间的任何系统ID更改对正在运行的网络的影响最小,因为在启动模式下,路由器尚未用于转发流量。
Routers operating in autoconfiguration mode MUST NOT form adjacencies with routers that are NOT operating in autoconfiguration mode. The presence of the Router-Fingerprint TLV with the A flag set indicates the router is operating in autoconfiguration mode.
在自动配置模式下运行的路由器不得与未在自动配置模式下运行的路由器相邻。带有标志集的路由器指纹TLV的存在表明路由器正在自动配置模式下运行。
NOTE: The use of the special area address of all 0s makes it unlikely that a router that is not operating in autoconfiguration mode will be in the same area as a router operating in autoconfiguration mode. However, the check for the Router-Fingerprint TLV with the A flag set provides additional protection.
注意:使用所有0的特殊区域地址,不在自动配置模式下运行的路由器不太可能与在自动配置模式下运行的路由器位于同一区域。然而,使用标志集检查路由器指纹TLV提供了额外的保护。
The System ID of each node MUST be unique. As described in Section 3.4.5, the System ID is generated based on entropies (e.g., Media Access Control (MAC) address) that are generally expected to be unique. However, since there may be limitations to the available entropies, there is still the possibility of System ID duplication. This section defines how IS-IS detects and resolves System ID duplication. A duplicate system ID may occur between neighbors or between routers in the same area that are not neighbors.
每个节点的系统ID必须是唯一的。如第3.4.5节所述,系统ID是基于通常预期唯一的熵(例如,媒体访问控制(MAC)地址)生成的。然而,由于可用熵可能存在限制,因此仍然存在系统ID重复的可能性。本节定义IS-IS如何检测和解决系统ID重复。重复的系统ID可能发生在邻居之间,或者发生在同一区域中非邻居的路由器之间。
A duplicate system ID with a neighbor is detected when the System ID received in an IIH is identical to the local System ID and the Router-Fingerprint in the received Router-Fingerprint TLV does NOT match the locally generated Router-Fingerprint.
当IIH中接收到的系统ID与本地系统ID相同且接收到的路由器指纹TLV中的路由器指纹与本地生成的路由器指纹不匹配时,检测到与邻居的重复系统ID。
A duplicate system ID with a non-neighbor is detected when an LSP #0 is received, the System ID of the originator is identical to the local System ID, and the Router-Fingerprint in the Router-Fingerprint TLV does NOT match the locally generated Router-Fingerprint.
当接收到LSP#0时,检测到具有非邻居的重复系统ID,发起者的系统ID与本地系统ID相同,并且路由器指纹TLV中的路由器指纹与本地生成的路由器指纹不匹配。
When a duplicate system ID is detected, one of the systems MUST assign itself a different System ID and perform a protocol restart. The resolution procedure attempts to minimize disruption to a running network by choosing, whenever possible, to restart a router that is in startup mode.
当检测到重复的系统ID时,其中一个系统必须为自己分配不同的系统ID并执行协议重启。解决过程试图尽可能选择重新启动处于启动模式的路由器,以尽量减少对正在运行的网络的中断。
The contents of the Router-Fingerprint TLVs for the two routers with duplicate system IDs are compared.
比较了具有重复系统ID的两个路由器的路由器指纹TLV的内容。
If one TLV has the S flag set (the router is in startup mode) and one TLV has the S flag clear (the router is NOT in startup mode), the router in startup mode MUST generate a new System ID and restart the protocol.
如果一个TLV设置了S标志(路由器处于启动模式)并且一个TLV清除了S标志(路由器未处于启动模式),则处于启动模式的路由器必须生成新的系统ID并重新启动协议。
If both TLVs have the S flag set (both routers are in startup mode) or both TLVs have the S flag clear (neither router is in startup mode), then the router with the numerically smaller Router-Fingerprint MUST generate a new System ID and restart the protocol.
如果两个TLV都设置了S标志(两个路由器都处于启动模式)或两个TLV都清除了S标志(两个路由器都未处于启动模式),则具有较小路由器指纹的路由器必须生成新的系统ID并重新启动协议。
Fingerprint comparison is performed octet by octet starting from the first received octet until a difference is detected. If the fingerprints have different lengths and all octets up to the shortest length are identical, then the fingerprint with smaller length is considered smaller on the whole.
指纹比较从第一个接收的八位字节开始逐八位字节执行,直到检测到差异。如果指纹具有不同的长度,并且所有长度最短的八位字节都相同,则长度较小的指纹总体上被认为较小。
If the fingerprints are identical in both content and length (and the state of the S flag is identical), and the duplication is detected in hellos, then both routers MUST generate a new System ID and restart the protocol.
如果指纹的内容和长度相同(并且S标志的状态相同),并且在hellos中检测到重复,则两个路由器必须生成新的系统ID并重新启动协议。
If fingerprints are identical in both content and length, and the duplication is detected in LSP #0, then the procedures defined in Section 3.4.6 MUST be followed.
如果指纹的内容和长度相同,并且在LSP#0中检测到重复,则必须遵循第3.4.6节中规定的程序。
As specified in this document, there are two distinguishing items that need to be self-generated: the System ID and Router-Fingerprint. In a network device, normally there are some resources that can provide an extremely high probability of uniqueness (some examples listed below). These resources can be used as seeds to derive identifiers:
如本文件所述,有两个区别项目需要自行生成:系统ID和路由器指纹。在网络设备中,通常有一些资源可以提供极高的唯一性概率(下面列出了一些示例)。这些资源可用作派生标识符的种子:
o MAC address(es)
o MAC地址
o Configured IP address(es)
o 配置的IP地址
o Hardware IDs (e.g., CPU ID)
o 硬件ID(例如CPU ID)
o Device serial number(s)
o 设备序列号
o System clock at a certain, specific time
o 特定时间的系统时钟
o Arbitrary received packet(s) on an interface(s)
o 接口上任意接收的数据包
This document recommends the use of an IEEE 802 48-bit MAC address associated with the router as the initial System ID. This document does not specify a specific method to regenerate the System ID when duplication happens.
本文档建议使用与路由器关联的IEEE 802 48位MAC地址作为初始系统ID。本文档未指定在发生复制时重新生成系统ID的特定方法。
This document also does not specify a method to generate the Router-Fingerprint.
本文档也未指定生成路由器指纹的方法。
There is an important concern that the seeds listed above (except MAC address) might not be available in some small devices such as home routers. This is because of hardware/software limitations and the lack of sufficient communication packets at the initial stage in home routers when doing IS-IS autoconfiguration. In this case, this document suggests using the MAC address as the System ID and generating a pseudorandom number based on another seed (such as the memory address of a certain variable in the program) as the Router-Fingerprint. The pseudorandom number might not have a very high probability of uniqueness in this solution but should be sufficient in home network scenarios.
有一个重要的问题是,上面列出的种子(MAC地址除外)可能在一些小型设备(如家庭路由器)中不可用。这是因为在进行is-is自动配置时,在家庭路由器的初始阶段,硬件/软件限制以及缺乏足够的通信数据包。在这种情况下,本文档建议使用MAC地址作为系统ID,并基于另一种子(例如程序中某个变量的内存地址)生成伪随机数作为路由器指纹。在此解决方案中,伪随机数可能不具有很高的唯一性概率,但在家庭网络场景中应该足够了。
The considerations surrounding System ID stability described in Section 3.2 also need to be applied.
还需要应用第3.2节中所述的有关系统ID稳定性的注意事项。
As described above, the resources for generating a System ID / Router-Fingerprint might be very constrained during the initial stages. Hence, the duplication of both System ID and Router-Fingerprint need to be considered. In such a case, it is possible that a router will receive an LSP with a System ID and Router-Fingerprint identical to the local values, but the LSP is NOT identical to the locally generated copy, i.e., the sequence number is newer or the sequence number is the same, but the LSP has a valid checksum that does not match. The term DD-LSP (Duplication Detection LSP) is used to describe such an LSP.
如上所述,用于生成系统ID/路由器指纹的资源在初始阶段可能非常受限。因此,需要考虑系统ID和路由器指纹的重复。在这种情况下,路由器可能接收到系统ID和路由器指纹与本地值相同的LSP,但是LSP与本地生成的副本不相同,即序列号较新或序列号相同,但是LSP具有不匹配的有效校验和。术语DD-LSP(重复检测LSP)用于描述这样的LSP。
In a benign case, this will occur if a router restarts and it receives copies of its own LSPs from its previous incarnation. This benign case needs to be distinguished from the pathological case where there are two different routers with the same System ID and the same Router-Fingerprint.
在良性情况下,如果路由器重新启动并从其前一个版本接收其自身LSP的副本,则会发生这种情况。这一良性病例需要与病理病例区分,病理病例中有两个具有相同系统ID和相同路由器指纹的不同路由器。
In the benign case, the restarting router will generate a new version of its own LSP with a higher sequence number and flood the new LSP version. This will cause other routers in the network to update their LSP Database (LSPDB) and synchronization will be achieved.
在良性情况下,重新启动的路由器将生成具有更高序列号的自己的LSP的新版本,并淹没新的LSP版本。这将导致网络中的其他路由器更新其LSP数据库(LSPDB),并实现同步。
In the pathological case, the generation of a new version of an LSP by one of the "twins" will cause the other twin to generate the same LSP with a higher sequence number -- and oscillation will continue without achieving LSPDB synchronization.
在病理情况下,其中一个“双胞胎”生成新版本的LSP将导致另一个双胞胎生成具有更高序列号的相同LSP,并且振荡将继续,而不会实现LSPDB同步。
Note that a comparison of the S flag in the Router-Fingerprint TLV cannot be performed, as in the benign case it is expected that the S flag will be clear. Also note that the conditions for detecting a duplicate system ID will NOT be satisfied because both the System ID and the Router-Fingerprint will be identical.
请注意,无法对路由器指纹TLV中的S标志进行比较,因为在良性情况下,预计S标志将被清除。还要注意,检测重复系统ID的条件将不满足,因为系统ID和路由器指纹将是相同的。
The following procedure is defined:
定义了以下程序:
DD-state is a boolean that indicates if a DD-LSP #0 has been received. DD-count is the count of the number of occurrences of reception of a DD-LSP. DD-timer is a timer associated with reception of DD-LSPs; the recommended value is 60 seconds. DD-max is the maximum number of DD-LSPs allowed to be received in DD-timer interval; the recommended value is 3.
DD状态是一个布尔值,表示是否已收到DD-LSP#0。DD count是接收DD-LSP的发生次数的计数。DD定时器是与DD lsp的接收相关联的定时器;建议值为60秒。DD max是在DD定时器间隔内允许接收的DD LSP的最大数量;建议值为3。
When a DD-LSP is received:
当收到DD-LSP时:
If DD-state is FALSE: DD-state is set to TRUE. DD-timer is started. DD-count is initialized to 1.
如果DD状态为FALSE:DD状态设置为TRUE。DD定时器启动。DD计数初始化为1。
If DD-state is TRUE: DD-count is incremented. If DD-count is >= DD-max: The local system MUST generate a new System ID and Router-Fingerprint and restart the protocol. DD-state is (re)initialized to FALSE and DD-timer is canceled.
如果DD状态为TRUE:DD计数将递增。如果DD count>=DD max:本地系统必须生成新的系统ID和路由器指纹,并重新启动协议。DD状态(重新)初始化为FALSE,DD计时器被取消。
If DD-timer expires: DD-state is set to FALSE.
如果DD计时器过期:DD状态设置为FALSE。
Note that to minimize the likelihood of duplication of both System ID and Router-Fingerprint reoccurring, routers SHOULD have more entropies available. One simple way to achieve this is to add the LSP sequence number of the next LSP it will send to the Router-Fingerprint.
请注意,为了尽可能减少系统ID和路由器指纹重复出现的可能性,路由器应具有更多可用的熵。实现这一点的一个简单方法是添加它将发送到路由器指纹的下一个LSP的LSP序列号。
This section describes the behavior of selected TLVs when used by a router supporting IS-IS autoconfiguration.
本节描述支持IS-IS自动配置的路由器使用选定TLV时的行为。
It is RECOMMENDED that IS-IS routers supporting this specification offer an option to explicitly configure a single password for HMAC-MD5 authentication as specified in [RFC5304].
建议支持此规范的is-is路由器提供一个选项,按照[RFC5304]中的规定,为HMAC-MD5身份验证显式配置单个密码。
It is RECOMMENDED that IS-IS autoconfiguration routers use a high metric value (e.g., 100000) as default in order to allow manually configured adjacencies to be preferred over autoconfigured.
建议is-is自动配置路由器使用高度量值(例如100000)作为默认值,以便允许手动配置的邻接优先于自动配置。
IS-IS autoconfiguration routers MAY advertise their Dynamic Name TLV (TLV 137 [RFC5301]). The hostname could be provisioned by an IT system or just use the name of vendor, device type, or serial number, etc.
IS-IS自动配置路由器可公布其动态名称TLV(TLV 137[RFC5301])。主机名可以由IT系统设置,也可以只使用供应商名称、设备类型或序列号等。
To guarantee the uniqueness of the hostname, the System ID SHOULD be appended as a suffix in the names.
为了保证主机名的唯一性,应该在名称中添加系统ID作为后缀。
In the absence of cryptographic authentication, it is possible for an attacker to inject a PDU falsely indicating there is a duplicate system ID. This may trigger automatic restart of the protocol using the duplicate-id resolution procedures defined in this document.
在没有加密身份验证的情况下,攻击者可能会错误地注入PDU,指示存在重复的系统ID。这可能会触发使用本文档中定义的重复ID解析过程自动重新启动协议。
Note that the use of authentication is incompatible with autoconfiguration as it requires some manual configuration.
请注意,身份验证的使用与自动配置不兼容,因为它需要一些手动配置。
For wired deployment, the wired connection itself could be considered as an implicit authentication in that unwanted routers are usually not able to connect (i.e., there is some kind of physical security in place preventing the connection of rogue devices); for wireless deployment, the authentication could be achieved at the lower wireless link layer.
对于有线部署,有线连接本身可被视为隐式身份验证,因为不需要的路由器通常无法连接(即,存在某种物理安全,防止恶意设备的连接);对于无线部署,认证可以在较低的无线链路层实现。
This document details a new IS-IS TLV reflected in the "IS-IS TLV Codepoints" registry:
本文件详细说明了“IS-IS TLV代码点”注册表中反映的新IS-IS TLV:
Value Name IIH LSP SNP Purge
---- ------------ --- --- --- -----
15 Router-Fingerprint Y Y N Y
Value Name IIH LSP SNP Purge
---- ------------ --- --- --- -----
15 Router-Fingerprint Y Y N Y
[ISO_IEC10589] International Organization for Standardization, "Information technology -- Telecommunications and information exchange between systems -- Intermediate System to Intermediate System intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless-mode network service (ISO 8473)", ISO/IEC 10589:2002, Second Edition, November 2002.
[ISO_IEC10589]国际标准化组织,“信息技术——系统间电信和信息交换——与提供无连接模式网络服务的协议一起使用的中间系统到中间系统域内路由信息交换协议(ISO 8473)”,ISO/IEC 10589:2002,第二版,2002年11月。
[RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, DOI 10.17487/RFC1195, December 1990, <http://www.rfc-editor.org/info/rfc1195>.
[RFC1195]Callon,R.“OSI IS-IS在TCP/IP和双环境中的路由使用”,RFC 1195,DOI 10.17487/RFC1195,1990年12月<http://www.rfc-editor.org/info/rfc1195>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC5301] McPherson, D. and N. Shen, "Dynamic Hostname Exchange Mechanism for IS-IS", RFC 5301, DOI 10.17487/RFC5301, October 2008, <http://www.rfc-editor.org/info/rfc5301>.
[RFC5301]McPherson,D.和N.Shen,“IS-IS的动态主机名交换机制”,RFC 5301,DOI 10.17487/RFC5301,2008年10月<http://www.rfc-editor.org/info/rfc5301>.
[RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic Authentication", RFC 5304, DOI 10.17487/RFC5304, October 2008, <http://www.rfc-editor.org/info/rfc5304>.
[RFC5304]Li,T.和R.Atkinson,“IS-IS加密认证”,RFC 5304,DOI 10.17487/RFC5304,2008年10月<http://www.rfc-editor.org/info/rfc5304>.
[RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic Engineering", RFC 5305, DOI 10.17487/RFC5305, October 2008, <http://www.rfc-editor.org/info/rfc5305>.
[RFC5305]Li,T.和H.Smit,“交通工程的IS-IS扩展”,RFC 5305,DOI 10.17487/RFC5305,2008年10月<http://www.rfc-editor.org/info/rfc5305>.
[RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, DOI 10.17487/RFC5308, October 2008, <http://www.rfc-editor.org/info/rfc5308>.
[RFC5308]Hopps,C.,“使用IS-IS路由IPv6”,RFC 5308,DOI 10.17487/RFC5308,2008年10月<http://www.rfc-editor.org/info/rfc5308>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <http://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<http://www.rfc-editor.org/info/rfc8174>.
[RFC7503] Lindem, A. and J. Arkko, "OSPFv3 Autoconfiguration", RFC 7503, DOI 10.17487/RFC7503, April 2015, <http://www.rfc-editor.org/info/rfc7503>.
[RFC7503]Lindem,A.和J.Arkko,“OSPFv3自动配置”,RFC 7503,DOI 10.17487/RFC7503,2015年4月<http://www.rfc-editor.org/info/rfc7503>.
Acknowledgements
致谢
This document was heavily inspired by [RFC7503].
本文件深受[RFC7503]的启发。
Martin Winter, Christian Franke, and David Lamparter gave essential feedback to improve the technical design based on their implementation experience.
Martin Winter、Christian Franke和David Lamparter根据他们的实现经验提供了必要的反馈,以改进技术设计。
Many useful comments were made by Acee Lindem, Karsten Thomann, Hannes Gredler, Peter Lothberg, Uma Chundury, Qin Wu, Sheng Jiang, and Nan Wu, etc.
Acee Lindem、Karsten Thomann、Hannes Gredler、Peter Lothberg、Uma Chundury、秦武、盛江和南武等发表了许多有用的评论。
Authors' Addresses
作者地址
Bing Liu (editor) Huawei Technologies Q10, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095 P.R. China
刘兵(编辑)中国北京市海淀区北青路156号华为校园华为技术Q10,邮编:100095
Email: leo.liubing@huawei.com
Email: leo.liubing@huawei.com
Les Ginsberg Cisco Systems 821 Alder Drive Milpitas CA 95035 United States of America
美国加利福尼亚州米尔皮塔斯阿尔德大道821号莱斯金斯堡思科系统公司95035
Email: ginsberg@cisco.com
Email: ginsberg@cisco.com
Bruno Decraene Orange France
布鲁诺·德雷恩橙法国
Email: bruno.decraene@orange.com
Email: bruno.decraene@orange.com
Ian Farrer Deutsche Telekom AG Bonn Germany
伊恩·法雷尔德国波恩电信公司
Email: ian.farrer@telekom.de
Email: ian.farrer@telekom.de
Mikael Abrahamsson T-Systems Stockholm Sweden
瑞典斯德哥尔摩T-Systems公司的Mikael Abrahamsson
Email: mikael.abrahamsson@t-systems.se
Email: mikael.abrahamsson@t-systems.se