Re: [OSPF] Suresh Krishnan's Discuss on draft-ietf-ospf-transition-to-ospfv3-10: (with DISCUSS and COMMENT)

"Acee Lindem (acee)" <> Wed, 29 June 2016 13:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7485C12D880; Wed, 29 Jun 2016 06:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v_ohH3ME_24C; Wed, 29 Jun 2016 06:49:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1DF1C12B008; Wed, 29 Jun 2016 06:49:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=7210; q=dns/txt; s=iport; t=1467208154; x=1468417754; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=cjHwMJ+C0vRmdfW6E5TUcfPuSi211Qcw32FLpjRzoIY=; b=OEtmAebNbRuT6VuUxauXgvVnSsrSxmQ6Kzy/PBzu9+BLKziug+R/Ru/G 1IwW1Pc1CMRLP0T8iC+kco1PS5en0RYMcSl5R/cL+3FlqmB5Rp4P6XbRl EdDDozPGGEXlqEqAMwXdX+9mN5wjl9Eqs2ZE0dB1he9Z8b4JLdeDHLTvZ k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.26,546,1459814400"; d="scan'208";a="118513116"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Jun 2016 13:49:13 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u5TDnCYv006196 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 29 Jun 2016 13:49:12 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 29 Jun 2016 09:49:11 -0400
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Wed, 29 Jun 2016 09:49:11 -0400
From: "Acee Lindem (acee)" <>
To: Suresh Krishnan <>, The IESG <>
Thread-Topic: Suresh Krishnan's Discuss on draft-ietf-ospf-transition-to-ospfv3-10: (with DISCUSS and COMMENT)
Thread-Index: AQHR0bgcH1JJhVjnJkCZhri87TpVs6AAdpSA
Date: Wed, 29 Jun 2016 13:49:11 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, "" <>, "" <>, "" <>
Subject: Re: [OSPF] Suresh Krishnan's Discuss on draft-ietf-ospf-transition-to-ospfv3-10: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Jun 2016 13:49:16 -0000

Hi Suresh, 

On 6/28/16, 11:41 PM, "Suresh Krishnan" <>

>Suresh Krishnan has entered the following ballot position for
>draft-ietf-ospf-transition-to-ospfv3-10: Discuss
>When responding, please keep the subject line intact and reply to all
>email addresses included in the To and CC lines. (Feel free to cut this
>introductory paragraph, however.)
>Please refer to
>for more information about IESG DISCUSS and COMMENT positions.
>The document, along with other ballot positions, can be found here:
>I do think this is a good mechanism to transition from IPv4-only OSPFv2
>to dual-stack capable OSPFv3 and I intend to switch to a Yes once my
>discuss points are addressed.
>* The calculation for the checksum field in the OSPFv3 packet is not
>specified in this document. The RFC5340 checksum calculation uses the
>IPv6 pseudo-header mechanism for upper layer checksums as specified in
>Section 8.1 of RFC2460. Since that obviously won't work here (as there
>are no source and dest IPv6 addresses) some different mechanism needs to
>be specified here.

Agreed. We will add this - not sure how we missed it. Many IPv4 protocols
(including OSPFv2 as described in RFC 2328) exclude the pseudo-header from
the standard checksum calculation. Since we have it in OSPFv3 over IPv6
with the RFC 2460 pseudo header, I feel we should retain it here lest we
open up OSPFv3 to a documented OSPFv3 vulnerably when authentication is
not used. 

I propose we just use a variant of the UDP pseudo header as described in
RFC 768. 

For IPv4 transport, the pseudo-header used in the checksum calculation
contain the IPv4 source and destination addresses, the OSPFv3 protocol ID,
and the OSPFv3 length from the OSPFv3 header (Appendix A.3.1 [RFC5340]).
The format is similar to the UDP pseudo-header as described in [RFC768].

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|                       Source Address                          |
|                    Destination Address                        |
|     0         | Protocol (89) |     OSPFv3 Packet Length      |

>* (based on the above) Why doesn't this document update RFC5340?

It could. However, RFC 5340 solely describes OSPFv3 with IPv6 transport.
Whether or not an enhancement that doesn’t change an existing
specification but augments it has always been a debate. We usually err on
the side of updating. What is the IESG take on this?

>I do have one question that I am curious about. Can this mechanism be run
>alongside OSPFv2 on the same router? If so, how does the demultiplexing
>take place to dispatch the packet to either the OSPFv2 or the
>OSPFv3-over-IPv4 implementation (as the endpoints are potentially the
>same and the IP proto number 89 is usually dispatched to OSPFv2)? Does it
>require inserting some sort of shim in the OSPFv2 implementation to
>further dispatch on the version number octet?

No shim is necessary since both OSPFv2 and OSPFv3 will check the version
number in the first octet of the OSPF(v3) packet header. Commercial
implementations normally would normally drop the packet before this stage
unless one has both OSPFv2 and OSPFv3 running on the same interface.
However, I think this should be discussed in a “Management Considerations”

 5.0 Management Considerations
 5.1 Coexistence with OSPFv2

 Since OSPFv2 [RFC2328] and OSPFv3 over IPv4 as described herein use
 exactly the same protocol and IPv4 addresses, OSPFv2 packets may be
 delivered to the OSPFv3 process and vice versa. When this occurs, the
 mismatched protocol packets will be dropped due to validation of the
 version in the first octet of the OSPFv2/OSPFv3 protocol header. Note
 that this will not prevent the packets from being delivered to the
 correct protocol process as standard socket implementations will
 deliver a copy to each socket matching the selectors.

 Implementations of OSPFv3 over IPv4 transport SHOULD implement
 separate counters for a protocol mismatch and SHOULD provide
 means to suppress the ospfIfRxBadPacket and ospfVirtIfRxBadPacket
 SNMP notifications as described in [RFC4750] and the
 ospfv3IfRxBadPacket and ospv3VirtIfRxBadPacket SNMP notifications
 as described in [RFC5643] when an OSPFv2 packet is received by
 the OSPFv3 process or vice versa.