NSSA summarization

Ajay Thakur <tajay@NETD.COM> Tue, 16 August 2005 04:49 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4tO3-0000Lx-Bj for ospf-archive@megatron.ietf.org; Tue, 16 Aug 2005 00:49:19 -0400
Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA06255 for <ospf-archive@LISTS.IETF.ORG>; Tue, 16 Aug 2005 00:49:16 -0400 (EDT)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <16.010CD3C5@cherry.ease.lsoft.com>; Tue, 16 Aug 2005 0:49:17 -0400
Received: by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 14.4) with spool id 82690851 for OSPF@PEACH.EASE.LSOFT.COM; Tue, 16 Aug 2005 00:49:16 -0400
Received: from 203.196.196.71 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0m) with TCP; Tue, 16 Aug 2005 00:49:15 -0400
Received: from netd.com ([10.91.0.5]) (authenticated bits=0) by BLR-MAIL.NETD.COM (8.12.8/8.12.8) with ESMTP id j7G4oXuw019265; Tue, 16 Aug 2005 10:20:35 +0530
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
X-Accept-Language: en-us, en
MIME-Version: 1.0
References: <BB6D74C75CC76A419B6D6FA7C38317B290E932@sinett-sbs.SiNett.LAN>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NetD-India-MailScanner-Information: Please contact the NetD-India Sysadmin for more information
X-NetD-India-MailScanner: Found to be clean
X-MailScanner-From: tajay@netd.com
Message-ID: <43016ECA.2070204@netd.com>
Date: Tue, 16 Aug 2005 10:12:50 +0530
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Ajay Thakur <tajay@NETD.COM>
Subject: NSSA summarization
To: OSPF@PEACH.EASE.LSOFT.COM
In-Reply-To: <BB6D74C75CC76A419B6D6FA7C38317B290E932@sinett-sbs.SiNett.LAN>
Precedence: list
Content-Transfer-Encoding: 7bit

Hi all,
I have some more queries in OSPF  - NSSA area.

Suppose I am summarizing type-7 LSAs.  In this case while generating 
type-5 lsa we follow section 4.1 of rfc 1587,

e.g.
1>  If none of the LSA's  LS-Id matches to my summary-address range but 
LS-Id falls under configured summary address range, then we generate 
type-5 as per  rfc 1587 -section 4.1 (2)
and

2> If my LSA has LS-Id equal to summary address range then  we  generate 
type-5 lsa as per rfc 1587 section-4.1(1)

Now my question is ,
What happens if ospf database has one LSA with LS-Id matches to my 
summary-address range and some LSAs with LS-Id falling under 
summary-address range.  Then in this case what type of metric or 
path-type we should set in the type-5 lsa?
Need your help,
Thanks,
with regards
ajay




Vishwas Manral wrote:

>Hi Acee,
>
>  
>
>>Acee: In practice, for OSPFv2 the sequence numbers are not monotically
>>increasing; Usage of router's clock for cryptographic sequence number 
>>generation reduces the chance for replay attacks across restarts. 
>>?: OSPF spec does not say it ...
>>    
>>
>Acee, what I meant was that although the OSPF spec does not state that
>we need to use clocks. 
>
>I think the vulnerabilities draft is the right place to state the
>problems that can happen if we do not use a clock (or something
>equivalent which increments even when a system goes down).
>
>Another issue is that even if the sender uses clock for the "sequence
>number" and goes down, all the packets of a previous session can still
>be replayed by another router. So the chance of replay attacks is still
>there.
>
>Thanks,
>Vishwas
>-----Original Message-----
>From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM] On Behalf Of Acee
>Lindem
>Sent: Monday, August 15, 2005 7:50 PM
>To: OSPF@PEACH.EASE.LSOFT.COM
>Subject: OSPF WG Minutes
>
>Attached are the minutes from the Paris OSPF WG meeting. Thanks to
>Dimitri for taking them.
>
>Acee
>
>  
>