Network Working Group | C. Franke |
Internet-Draft | NetDEF |
Intended status: Standards Track | October 19, 2015 |
Expires: April 21, 2016 |
IS-IS over IPv6
draft-franke-isis-over-ipv6-01
In this draft, a method to transmit IS-IS PDUs as IPv6 packets is described. While the default encapsulation of IS-IS is specified directly on top of the link-layer, making it necessary for IS-IS to be specified for each link-layer it should be used on, the proposed method allows for IS-IS to run on any link-layers supporting IPv6.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2016.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The original specification of IS-IS [ISO.10589.2002] defines that PDUs are transmitted directly on the link-layer. With this design comes the problem that specification work is required each time a new link-layer should be supported by IS-IS. By transmitting IS-IS PDUs as IPv6 packets, this specification work can be avoided and any link-layer supporting IPv6 can be used. Among other things, this allows to route IPv6 with IS-IS [RFC5308] on any link supporting IPv6.
This specification does not make changes to the general operation of IS-IS and any existing mechanisms should be kept as-is. The only change made by this draft is the format of IS-IS PDUs on the wire.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
Link-local IPv6 addresses are used to transmit and receive IS-IS PDUs. Routers SHALL set the source address of transmitted PDUs to the link-local address of the outgoing interface.
IPv6 link-local multicast is used as destination for the packets. The PDUs that would be sent to ALL-L1-IS when sending them directly on top of the link-layer MUST be sent to the IPv6 multicast group <TBD1> instead. Respectively, PDUs that would be sent to ALL-L2-IS MUST be sent to the multicast group <TBD2>.
The packets SHOULD be transmitted with type of service set to Internetwork control.
To transmit IS-IS PDUs over IPv6, they are encapsulated as IPv6 payload without any transport layer protocol. For that purpose, protocol number 124 is used. That number was assigned by IANA for IS-IS over IPv4. [I-D.ietf-isis-wg-over-ip] The PDUs are transmitted as IPv6 payload starting at the NLPI.
Using the ethernet MAC address as SNPA on LAN links is not practical for this application since the goal of this extension is to become independent from specific link-layer properties.
Therefore, treat the whole 16 byte of the IPv6 address as SNPA. Since the SNPA is only used internally to each router and not put into any IS-IS PDUs, no protocol datastructures need to be modified for this, but implemenations need to deal with this new SNPA length internally.
Hello PDUs that are subject to padding SHALL be padded so that the total IPv6 packet size matches the MTU of the link they are transmitted over. Fragmentation SHALL NOT be used on hellos, and a system receiving an IPv6 encapsulated SHALL verify that the hello has not been subject to fragmentation.
Other transmitted PDUs MAY be fragmented to allow the transport of LSPs that result in larger packets than the IPv6 MTU.
IS-IS implementations supporting IS-IS over IPv6 SHOULD provide a method that allows to choose between [ISO.10589.2002] and IS-IS over IPv6 encapsulation for each interface. Implementations MUST NOT transmit or process ISO 10589:2002 PDUs on interfaces running in IS-IS over IPv6 mode and they MUST NOT transmit or process IS-IS over IPv6 PDUs on interfaces running in ISO 10589:2002 mode.
There has been previous work to specify operation of IS-IS over IPv4 [I-D.ietf-isis-wg-over-ip] which has been used as a reference for this work.
For this protocol, IANA should assign two IPv6 multicast group IDs <TBD1> and <TBD2> in the IPv6 Multicast Address Space Registry. [RFC3307] Also, IANA should change the name of protocol 124 in the Internet Protocol Number registry [RFC5237] from "ISIS over IPv4" to "ISIS".
Routers implementing this encapsulation of IS-IS over IPv6 can be susceptible to receiving and processing IS-IS over IPv6 packets that have not been originated by a router that is on-link. For example, someone with malicious intent could send IS-IS over IPv6 packets to a global unicast address of a router via multiple hops.
For this reason, routers implementing IS-IS over IPv6 need to verify that the origin of each received IS-IS over IPv6 packet is indeed on-link.
To do this, routers implementing IS-IS over IPv6 SHALL implement generalized TTL security as described in [RFC5082]. Since ttl security is mandatory for IS-IS over IPv6, any packet received with a TTL differing from 255 can be classified as "Dangerous" and SHALL be dropped.
[ISO.10589.2002] | International Organization for Standardization, "Intermediate system to intermediate system intra-domain-routing routine information exchange protocol for use in conjunction with the protocol for providing the connectionless-mode Network Service (ISO 8473)", ISO Standard 10589, 2002. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC5082] | Gill, V., Heasley, J., Meyer, D., Savola, P. and C. Pignataro, "The Generalized TTL Security Mechanism (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007. |
[RFC5308] | Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, DOI 10.17487/RFC5308, October 2008. |
[I-D.ietf-isis-wg-over-ip] | Przygienda, T., Patel, A. and A. Bansal, "IS-IS over IPv4", Internet-Draft draft-ietf-isis-wg-over-ip-02, October 1999. |
[RFC3307] | Haberman, B., "Allocation Guidelines for IPv6 Multicast Addresses", RFC 3307, DOI 10.17487/RFC3307, August 2002. |
[RFC5237] | Arkko, J. and S. Bradner, "IANA Allocation Guidelines for the Protocol Field", BCP 37, RFC 5237, DOI 10.17487/RFC5237, February 2008. |