rfc6549









Internet Engineering Task Force (IETF)                         A. Lindem
Request for Comments: 6549                                      Ericsson
Updates: 2328                                                     A. Roy
Category: Standards Track                                   S. Mirtorabi
ISSN: 2070-1721                                            Cisco Systems
                                                              March 2012


                    OSPFv2 Multi-Instance Extensions

Abstract

   OSPFv3 includes a mechanism to support multiple instances of the
   protocol running on the same interface.  OSPFv2 can utilize such a
   mechanism in order to support multiple routing domains on the same
   subnet.

   This document defines the OSPFv2 Instance ID to enable separate
   OSPFv2 protocol instances on the same interface.  Unlike OSPFv3 where
   the Instance ID can be used for multiple purposes, such as putting
   the same interface in multiple areas, the OSPFv2 Instance ID is
   reserved for identifying protocol instances.

   This document updates RFC 2328.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by
   the Internet Engineering Steering Group (IESG).  Further
   information on Internet Standards is available in Section 2 of
   RFC 5741.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6549.












Lindem, et al.               Standards Track                    [Page 1]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................2
      1.1. Requirements Notation ......................................3
   2. OSPFv2 Instance Packet Encoding .................................3
   3. OSPFv2 Interface Instance ID ....................................4
      3.1. Sending and Receiving OSPFv2 Packets .......................4
      3.2. Interface Instance ID Values ...............................4
   4. State Sharing Optimizations between OSPFv2 Instances ............5
   5. OSPFv2 Authentication Impacts ...................................5
   6. Backward Compatibility and Deployment Considerations ............5
   7. Security Considerations .........................................6
   8. IANA Considerations .............................................6
   9. References ......................................................7
      9.1. Normative References .......................................7
      9.2. Informative References .....................................7
   Appendix A. Acknowledgments.... ....................................8

1.  Introduction

   OSPFv3 [OSPFV3] includes a mechanism to support multiple instances of
   a protocol running on the same interface.  OSPFv2 [OSPFV2] can
   utilize such a mechanism in order to support multiple routing domains
   on the same subnet.

   This document defines the OSPFv2 Instance ID to enable separate
   OSPFv2 protocol instances on the same interface.  Unlike OSPFv3 where
   the Instance ID can be used for multiple purposes, such as putting
   the same interface in multiple areas, the OSPFv2 Instance ID is
   reserved for identifying protocol instances.






Lindem, et al.               Standards Track                    [Page 2]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


1.1.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC-KEYWORDS].

2.  OSPFv2 Instance Packet Encoding

   This document extends OSPFv2 with a mechanism to differentiate
   packets for different instances sent and received on the same
   interface.  In support of this capability, a modified packet header
   format with the Authentication Type field split into an Instance ID
   and AuType.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Version #   |     Type      |         Packet length         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Router ID                             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                          Area ID                              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Checksum             |  Instance ID  |  AuType       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Authentication                            |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                           The OSPFv2 Packet Header

   All fields are as defined in [OSPFV2] except that the Instance ID
   field is new, and the AuType field is reduced to 8 bits from 16 bits
   without any change in meaning.  The Instance ID field is defined as
   follows:

   Instance ID
      Enables multiple instances of OSPFv2 to be used on a single
      interface.  Each protocol instance would be assigned a separate
      Instance ID; the Instance ID has local subnet significance only.
      Received packets with an Instance ID not equal to one of the
      Instance IDs corresponding to one of the configured OSPFv2
      Instances for the receiving interface MUST be discarded.







Lindem, et al.               Standards Track                    [Page 3]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


3.  OSPFv2 Interface Instance ID

   Section 9 of [OSPFV2] describes the conceptual interface data
   structure.  The OSPFv2 Interface Instance ID is added to this
   structure.  The OSPFv2 Interface Instance ID has a default value of
   0.  Setting it to a non-zero value may be accomplished through
   configuration.

3.1.  Sending and Receiving OSPFv2 Packets

   When sending OSPFv2 packets, the OSPFv2 Interface Instance ID is set
   in the OSPFv2 packet header.  When receiving OSPFv2 packets, the
   OSPFv2 Header Instance ID is used to aid in demultiplexing the packet
   and associating it with the correct OSPFv2 instance.  Received
   packets with an Instance ID not equal to one of the configured OSPFv2
   Instance IDs on the receiving interface MUST be discarded.

3.2.  Interface Instance ID Values

   The following OSPFv2 Instance IDs have been defined:

   0      Base IPv4 Instance - This is the default IPv4 routing instance
          corresponding to default IPv4 unicast routing and the
          attendant IPv4 routing table.  Use of this Instance ID
          provides backward compatibility with the base OSPF
          specification [OSPFV2].

   1      Base IPv4 Multicast Instance - This IPv4 instance corresponds
          to the separate IPv4 routing table used for the Reverse Path
          Forwarding (RPF) checking performed on IPv4 multicast traffic.

   2      Base IPv4 In-band Management Instance - This IPv4 instance
          corresponds to a separate IPv4 routing table used for network
          management applications.

   3-127  Private Use - These Instance IDs are reserved for definition
          and semantics defined by the local network administrator.  For
          example, separate Interface Instance IDs and their
          corresponding OSPFv2 instances could be used to support
          independent non-congruent topologies for different classes of
          IPv4 unicast traffic.  The details of such deployments are
          beyond the scope of this document.

   The first three Interface Instance IDs are analogous to the topology
   IDs defined in [RFC4915].






Lindem, et al.               Standards Track                    [Page 4]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


4.  State-Sharing Optimizations between OSPFv2 Instances

   This is beyond the scope of this document and is an area for further
   study.

5.  OSPFv2 Authentication Impacts

   Now that the AuType OSPFv2 header field has been reduced from 2
   octets to 1 octet, OSPFv2 routers not supporting this specification
   will fail packet authentication for any instance other than the
   default (i.e., the Base IPv4 Unicast Instance).  This is solely due
   to the difference in field definition as opposed to any explicit
   change to OSPFv2 authentication, as described in Appendix D of RFC
   2328 [OSPFV2] and RFC 5709 [RFC5709].  However, this is exactly what
   is desired since OSPFv2 routers not supporting this specification
   should only support the default instance (refer to Section 6).

6.  Backward Compatibility and Deployment Considerations

   When there are OSPFv2 routers that support OSPFv2 Multi-Instance
   extensions on the same broadcast-capable interface as OSPFv2 routers
   that do not, packets with non-zero OSPFv2 header Instance IDs are
   received by those legacy OSPFv2 routers.  Since the non-zero Instance
   ID is included in the AuType by these legacy OSPFv2 routers, it is
   misinterpreted as a mismatched authentication type and the packet is
   dropped.  This is exactly what is expected and desired.

   Previously, there was concern that certain implementations would log
   every single authentication type mismatch.  However, discussions with
   implementers have led us to the conclusion that this is not as severe
   a problem as we'd first thought, and it will be even less of a
   problem by the time the mechanism described herein is standardized,
   implemented, and deployed.  Most implementations will dampen the
   logging of errors.  Hence, the more drastic mechanisms to avoid
   legacy OSPFv2 routers from receiving multicast OSPFv2 packets with
   non-zero Instance IDs have been removed.

   If the OSPF MIB as specified in [OSPF-MIB] is implemented, even the
   damped generation of the ospfIfAuthFailure or ospfVirtIfAuthFailure
   Simple Network Management Protocol (SNMP) notifications would be
   undesirable in situations where legacy OSPFv2 routers are deployed on
   the same subnet as OSPFv2 routers supporting this specification.
   Consequently, it is recommended that implementations that implement
   this specification and the OSPF MIB also implement SNMP Notification
   filtering as specified in Section 6 of [RFC3413].






Lindem, et al.               Standards Track                    [Page 5]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


7.  Security Considerations

   The enhancement described herein doesn't include additional security
   considerations to OSPFv2.  Security considerations for OSPFv2 are
   described in [OSPFV2].

   Given that only three OSPFv2 authentication types have been
   standardized, it seems reasonable to reduce the OSPFv2 packet header
   field to 8 bits.

8.  IANA Considerations

   The size of the AuType field is reduced from 16 octets to 8 octets.
   This changes the OSPF Authentication Codes registry in that the
   values 256-65535 are no longer defined and are therefore deprecated.
   There is no backward compatibility issue since this range of values
   was previously defined as "Reserved and should not be assigned".

   A new registry has been created for OSPFv2 Instance IDs.  The initial
   allocation of OSPFv2 Instance IDs is described below.  Refer to
   Section 3.2 for more information.

      +-------------+----------------------+--------------------+
      | Value/Range | Designation          | Assignment Policy  |
      +-------------+----------------------+--------------------+
      | 0           | Base IPv4 Unicast    | Assigned           |
      |             | Instance             |                    |
      |             |                      |                    |
      | 1           | Base IPv4 Multicast  | Assigned           |
      |             | Instance             |                    |
      |             |                      |                    |
      | 2           | Base IPv4 In-band    | Assigned           |
      |             | Management Instance  |                    |
      |             |                      |                    |
      | 3-127       | Private Use          | Reserved for local |
      |             |                      | policy assignment  |
      |             |                      |                    |
      | 128-255     | Unassigned           | Standards Action   |
      +-------------+----------------------+--------------------+

                      OSPFv2 Instance ID










Lindem, et al.               Standards Track                    [Page 6]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


9.  References

9.1.  Normative References

   [OSPFV2]   Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.

   [OSPFV3]   Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, July 2008.

   [RFC-KEYWORDS]
              Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

9.2.  Informative References

   [OSPF-MIB] Joyal, D., Ed., Galecki, P., Ed., Giacalone, S., Ed.,
              Coltun, R., and F. Baker, "OSPF Version 2 Management
              Information Base", RFC 4750, December 2006.

   [RFC3413]  Levi, D., Meyer, P., and B. Stewart, "Simple Network
              Management Protocol (SNMP) Applications", STD 62, RFC
              3413, December 2002.

   [RFC4915]  Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
              Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", RFC
              4915, June 2007.

   [RFC5709]  Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
              Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
              Authentication", RFC 5709, October 2009.





















Lindem, et al.               Standards Track                    [Page 7]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


Appendix A.  Acknowledgments

   Thanks to Adrian Farrel for reviewing and providing some suggested
   improvements during the IESG review.

   Thanks to Paul Wells for commenting on the backward compatibility
   issues.

   Thanks to Paul Wells and Vladica Stanisic for commenting during the
   OSPF WG last call.

   Thanks to Manav Bhatia for comments and for being the document
   shepherd.

   Thanks to Magnus Nystrom for comments under the auspices of the
   Security Directorate review.

   Thanks to Dan Romascanu for comments during the IESG review.

   Thanks to Pete McCann for comments under the auspices of the Gen-ART
   review.






























Lindem, et al.               Standards Track                    [Page 8]

RFC 6549            OSPFv2 Multi-Instance Extensions          March 2012


Authors' Addresses

   Acee Lindem
   Ericsson
   102 Carric Bend Court
   Cary, NC 27519
   USA

   EMail: acee.lindem@ericsson.com


   Abhay Roy
   Cisco Systems
   225 West Tasman Drive
   San Jose, CA 95134
   USA

   EMail: akr@cisco.com


   Sina Mirtorabi
   Cisco Systems
   3 West Plumeria Drive
   San Jose, CA 95134
   USA

   EMail: sina@cisco.com
























Lindem, et al.               Standards Track                    [Page 9]



ERRATA