Re: [OSPF] Supporting Authentication Trailer for OSPFv3

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Fri, 18 February 2011 06:58 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EF943A6CDA for <ospf@core3.amsl.com>; Thu, 17 Feb 2011 22:58:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.49
X-Spam-Level:
X-Spam-Status: No, score=-5.49 tagged_above=-999 required=5 tests=[AWL=-1.192, BAYES_00=-2.599, HTML_MESSAGE=0.001, MANGLED_PILL=2.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUZZ25bRIq2T for <ospf@core3.amsl.com>; Thu, 17 Feb 2011 22:58:29 -0800 (PST)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by core3.amsl.com (Postfix) with ESMTP id 2D17D3A68DD for <ospf@ietf.org>; Thu, 17 Feb 2011 22:58:28 -0800 (PST)
Received: from inbansmailrelay2.in.alcatel-lucent.com (h135-250-11-33.lucent.com [135.250.11.33]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id p1I6wnWm027735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 18 Feb 2011 00:58:53 -0600 (CST)
Received: from INBANSXCHHUB02.in.alcatel-lucent.com (inbansxchhub02.in.alcatel-lucent.com [135.250.12.35]) by inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p1I6qu4j019723 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Fri, 18 Feb 2011 12:28:47 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB02.in.alcatel-lucent.com ([135.250.12.35]) with mapi; Fri, 18 Feb 2011 12:28:28 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Srinivasan K L <klsrini@huawei.com>, 'Acee Lindem' <acee@lindem.com>, 'Alan Davey' <Alan.Davey@metaswitch.com>
Date: Fri, 18 Feb 2011 12:28:25 +0530
Thread-Topic: [OSPF] Supporting Authentication Trailer for OSPFv3
Thread-Index: AcvO0TJxDm690Z5ES8S9ezbjS8aDkQAZjvJgAABagXA=
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFC91BCD2@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <11DE3EEC54A8A44EAD99D8C0D3FD7207A350F93D92@ENFIMBOX1.ad.datcon.co.uk> <09B0ED0C-FCA4-4E8E-AF5D-9F0A1A95F56C@lindem.com> <D8FBB66DAB8448CABD833F528AD40279@china.huawei.com>
In-Reply-To: <D8FBB66DAB8448CABD833F528AD40279@china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7C362EEF9C7896468B36C9B79200D8350CFC91BCD2INBANSXCHMBSA_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2011 06:58:45 -0000

Hi Srini,

In OSPFv3 the Options field is present only in the Hellos and the DD packets, hence you cannot set the AT bit in the LS Update packet containing the Grace LSAs. The helping router would know that AT has been negotiated with the restarting router and MUST hence look for the AT block.

Cheers, Manav

________________________________
From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Srinivasan K L
Sent: Friday, February 18, 2011 12.21 PM
To: 'Acee Lindem'; 'Alan Davey'
Cc: ospf@ietf.org
Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3

Hi Acee,

I am a little confused here. Quoting from the draft:

2.1.  AT-Bit in Options Field



   A new AT-bit (AT stands for Authentication Trailer) is introduced

   into the OSPFv3 Options field.  OSPFv3 routers MUST set the AT-bit in

   OSPFv3 Hello and Database Description packets to indicate that the

   OSPFv3 router will include the authentication trailer in all OSPFv3

   packets on the link.  For OSPFv3 Hello and Database Description

   packets, the AT-bit indicates the AT is present.  For other OSPFv3

   packet types, the OSPFv3 AT bit setting is preserved from the OSPFv3

   Hello/Database Description setting.



The last line above says that the bit setting must be preserved from the hello/dd. Does this not mean that the bit will be set in the LS Update containing the Grace LSA? I do understand that the restarting router must remember that AT was used or not before and then set/clear it accordingly.

Regards,
Srini.

________________________________
From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem
Sent: Friday, February 18, 2011 12:03 AM
To: Alan Davey
Cc: ospf@ietf.org
Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3

Hi Alan,

On Feb 17, 2011, at 6:50 AM, Alan Davey wrote:


Folks

I have read draft-ietf-ospf-auth-trailer-ospfv3-02 and have a few minor nits as follows.

-           After an unplanned graceful restart, a router may send Grace-LSAs in an LS Update packet before any Hello packets.  Unless I am missing something, the draft should include such LS Update packets in the list of those that MUST have the AT-bit set.

The options are not included in the LS Update packet. However, if the restarting router was using the authentication restart before the restart, it should use it afterwards and the helping neighbor adjacencies should reflect this fact.



-          In Figure 1, for the packet on the left hand side, the IP Header Length HL = PL + LL (not PL + AL).

Right - this will be included in the 03 version.


-          In section 4.1 Authentication Trailer, in the Auth type bullet, the following wording be clearer; "At present, the only value defined is 1, to denote ..."?

Ok - I'll reword this in the 03 version as well.

Thanks,
Acee




Regards
Alan Davey

Software Engineer, Network Technologies Division
Metaswitch Networks
alan.davey@metaswitch.com<mailto:alan.davey@metaswitch.com>
+44 (0) 20 8366 1177
www.metaswitch.com<http://www.metaswitch.com/>


_______________________________________________
OSPF mailing list
OSPF@ietf.org<mailto:OSPF@ietf.org>
https://www.ietf.org/mailman/listinfo/ospf