IETF Logo Mail Archive

Re: [OSPF] OSPFv3 Autoconfiguration - draft-ietf-ospf-ospfv3-autoconfig-05.txt

Curtis Villamizar <curtis@ipv6.occnc.com> Wed, 05 February 2014 20:58 UTC

Return-Path: <curtis@ipv6.occnc.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A6F61A021F for <ospf@ietfa.amsl.com>; Wed, 5 Feb 2014 12:58:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eDznrSvKgdD6 for <ospf@ietfa.amsl.com>; Wed, 5 Feb 2014 12:58:54 -0800 (PST)
Received: from maildrop2.v6ds.occnc.com (maildrop2.v6ds.occnc.com [IPv6:2001:470:88e6:3::232]) by ietfa.amsl.com (Postfix) with ESMTP id 4089B1A0214 for <ospf@ietf.org>; Wed, 5 Feb 2014 12:58:54 -0800 (PST)
Received: from harbor3.ipv6.occnc.com (harbor3.v6ds.occnc.com [IPv6:2001:470:88e6:3::239]) (authenticated bits=128) by maildrop2.v6ds.occnc.com (8.14.7/8.14.7) with ESMTP id s15KwoGH012796; Wed, 5 Feb 2014 15:58:50 -0500 (EST) (envelope-from curtis@ipv6.occnc.com)
Message-Id: <201402052058.s15KwoGH012796@maildrop2.v6ds.occnc.com>
To: Acee Lindem <acee.lindem@ericsson.com>
From: Curtis Villamizar <curtis@ipv6.occnc.com>
In-reply-to: Your message of "Wed, 05 Feb 2014 20:21:34 +0000." <CF17DD4E.2696B%acee.lindem@ericsson.com>
Date: Wed, 05 Feb 2014 15:58:50 -0500
Cc: OSPF - OSPF WG List <ospf@ietf.org>
Subject: Re: [OSPF] OSPFv3 Autoconfiguration - draft-ietf-ospf-ospfv3-autoconfig-05.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: curtis@ipv6.occnc.com
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 20:58:56 -0000

In message <CF17DD4E.2696B%acee.lindem@ericsson.com>
Acee Lindem writes:
 
> The OSPFv3 autoconfiguration draft was cloned and presented in the
> ISIS WG (http://www.ietf.org/id/draft-liu-isis-auto-conf-00.txt). In
> the ISIS WG, there was a concern that the resolution of a duplicate
> system ID did not include the amount of time the router was
> operational when determining which router would need to choose a new
> router ID. With additional complexity, we could incorporate router
> uptime into the resolution process. One way to do this would be to:
>  
>      1. Add a Router Uptime TLV to the OSPFv3 AC-LSA. It would include
>         the uptime in seconds.
>  
>      2. Use the Router Uptime TLV as the primary determinant in
>         deciding which router must choose a new OSPFv3 Router
>         ID. Router uptimes less than 3600 (MaxAge) seconds apart are
>         considered equal.
>  
>      3. When an OSPFv3 Hello is received with a different link-local
>      	source address but a different router-id, unicast the OSPFv3
>      	AC-LSA to the neighbor so that OSPFv3 duplicate router
>      	resolution can proceed as in the case where it is received
>      	through the normal flooding process. This is somewhat of a
>      	hack as the we'd also need to accept OSPF Link State Updates
>      	from a neighbor that is not in Exchange State or greater.
>  
> An alternative to #3 would be to use Link-Local Signaling (LLS) for
> signaling the contents of the OSPFv3 AC-LSA. However, you'd only want
> to send the Router-Uptime and Router Hardware Fingerprint when a
> duplicate Router-ID is detected. This requires implementing the
> resolution two ways but may be preferable since it doesn't require
> violating the flooding rules.
>  
> In any case, I'd like to get other opinions as to whether this problem
> is worth solving.
>  
> Thanks,
> Acee


Acee,

If the basis for router-id on boot up results in a fixed value, and if
a duplicate will occur on a give network, then which of two duplicate
routers gets that value may change after one of them reboots.  If
uptime is not considered, it will never change as long as one router
stays up at any given time.

We are talking about a very low probability event (a duplicate) except
if this is a DoS attack and then either using or not using uptime
won't matter since the attacker will claim an impossibly long uptime.

Curtis

v2.23.0 | Report a Bug | By Email