1 / 9

Validation of AS-scope Opaque LSAs

Fixing the issue in RFC2370 by proposing a solution to validate AS-scope Opaque LSAs received outside of the LSA originator area, using the mechanism for validation of AS external route LSAs.

fcastaneda
Télécharger la présentation

Validation of AS-scope Opaque LSAs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AS-scope (type 11) Opaque LSA Validation(draft-bryskin-ospf-lsa-type11-validation-00.txt) Igor Bryskin (Movaz Networks) : ibryskin@movaz.com Alex Zinin (Alcatel) : zinin@psg.com Lou Berger (LabN Consulting, LLC) : lberger@labn.net

  2. Purpose of the document • Fix issue in RFC2370 • There is no way to validate AS-scope (type 11) Opaque LSAs received outside of the LSA originator area • Proposed solution reuses the mechanism for validation of AS external route (type 5) LSAs

  3. The Problem • [RFC2370] introduces a mechanism for the distribution of application specific information using the OSPF protocol via opaque LSAs. The distribution of opaque LSA could be limited to: • only immediate neighbors of the originator (LSAs type-9) • only OSPF nodes located within the originator's OSPF area (LSAs type-10) • all OSPF nodes within the originator's OSPF domain/AS (LSAs type-11) • There is no way for OSPF nodes in remote areas to check availability of a type -11 LSA originator • As there is with AS external route (type-5)

  4. Validation of type-5 LSAs • AS external route (type-5) LSAs have also the AS-scope, hence there is a similar problem with their validation • The problem is addressed via use of area-scope ASBR-summary (type-4) LSAs originated by ABRs for every known ASBR

  5. Proposed Solution • Apply the same approach used for validation of AS external route (type-5) LSAs as used to validate AS-scope (type-11) opaque LSAs • Some details: • AS-scope opaque LSAs originators must act as ASBRs • To trigger ASBR-summary (type-4) LSAs originated by ABRs (without ABR modification) • Uses current E-bit • Set by OSPF nodes that originate AS-scope opaque LSAs • In the Options field of Hello packets and LSAs • Node validate received AS-scope (type-11) opaque LSAs via type-4 LSAs • As with type-5 LSAs, type-11 LSAs only processed if advertising router (ASBR) has a routing table entry

  6. None Backward Compatibility issues

  7. The suggested solution reuses the ASBR tracking mechanism that is already employed in basic OSPF for type-5 LSAs. Applying it to type-11 Opaque LSAs does not create any threats that are not already known for type-5 LSAs . Security Considerations

  8. Type-11 Opaque LSAs flooding rules are unchanged The suggested solution does not apply for stub-areas We propose to make this draft a WG document Notes/Next Steps

  9. Thank You

More Related