1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
|
Internetworking Over NBMA Yakov Rekhter
INTERNET-DRAFT Cisco Systems
<draft-ietf-ion-r2r-nhrp-03.txt> Joel Halpern
Expiration Date: November 1999 Institutional Venture Partners
May 1998
NHRP for Destinations off the NBMA Subnetwork
draft-ietf-ion-r2r-nhrp-03.txt
1. Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
2. Abstract
The NBMA Next Hop Resolution Protocol (NHRP) [1] specifies a
mechanism that allows a source station (e.g., a host or a router) on
an NBMA subnetwork to find the NBMA subnetwork address of a
destination station when the destination station is connected to the
NBMA subnetwork. For the case where the destination station is off
the NBMA subnetwork the mechanism described in [1] allows a node to
determine the NBMA subnetwork address of an egress router from the
NBMA subnetwork that is ``nearest'' to the destination station. If
used to locate an egress router wherein the destination station is
directly behind the egress router, the currently documented NHRP
behaviors are sufficient. However, as documented elsewhere [2],
there are cases where if used between routers for generalized
transit, NHRP can produce loops.
Joel Halpern [Page 1]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
This document describes extensions to the NBMA Next Hop Resolution
Protocol (NHRP) [1] that allow a node to acquire and maintain the
information about the egress router without constraining the
destination(s) to be directly connected to the egress router.
3. CONVENTIONS
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3].
4. NHRP Target Information
The mechanism described in this document allows a node to find an
egress router for either a single destination, or a set of
destinations (where the set is expressed as a single address prefix).
Since a single destination is just a special case of a set of
destinations, for the rest of the document we will always talk about
a set of destinations, and will refer to this set as an ``NHRP
target''.
The NHRP target is carried in the NHRP Request, Reply, and Purge
messages as an address prefix (using the Prefix Length field of the
NHRP Client Information Extension). In order to ensure correctness,
a target may be replaced by an identical target with a longer prefix
length. This replacement may be done at an intermediate or
responding NHS. Other than this increase of prefix length, no NHS
shall modify the NHRP target information in an NHRP message.
In general a router may maintain in its Forwarding Information Base
(FIB) routes whose Network Layer Reachability Information (NLRI) that
exhibits a subset relation. Such routes are called overlapping
routes. To expand upon this, entries in a FIB are often related, with
one entry being a prefix of another entry. The longer prefix
therefore covers a set of routes that are a subset of the shorter
prefix. To provide correct forwarding in the presence of such
overlapping (or nested) routes this document constrains an NHRP
target by requiring that all the destinations covered by the target
must form a subset of the NLRI of at least one route in the
Forwarding Information Base (FIB) of the router that either
originates, or propagates an NHRP Request. That is, there must be at
least one route in the FIB which is a prefix of (or equal to) the
target of the request. For the rest of the document we'll refer to
this as the ``first NHRP target constraint''. A station can
originate an NHRP Request, and a router can propagate an NHRP Request
only if the NHRP target of the Request does not violate the first
Joel Halpern [Page 2]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
NHRP target constraint.
If a received NHRP request does not meet this ``first NHRP target
constraint'' when received, the receiving router has two choices. It
may answer the request, defining itself as the egress. This is
compatible with the base NHRP specification, and preserves the
``first NHRP target constraint''. Alternatively, the router may
lengthen the received prefix until the first constraint is met. The
prefix is lengthened until the target falls within (or becomes equal
to) a FIB entry.
A route (from a local FIB) whose NLRI forms a minimal superset of all
the destinations covered by the NHRP target is called an ``NHRP
forwarding route''. This is the longest FIB entry that covers the
entire target. Observe that by definition the set of destinations
covered by an NHRP target always exhibits a subset relation to the
set of destinations covered by the NHRP forwarding route associated
with the target.
This document further constrains origination/propagation of NHRP
Requests by prohibiting the NHRP target (carried by a Request) to
form a superset of the destinations covered by any of the routes in
the local FIB. Remembering that there are nested FIB entries, this
constraint says that there must not be a FIB entry which is itself a
subset of the target of the NHRP request. If there were, there would
be some destinations within the request which would be forwarded
differently then others, preventing a single answer from being
correct. The constraint applies both to the station that originates
an NHRP Request and to the routers that propagate the Request. For
the rest of the document we'll refer to this constraint as the
``second NHRP target constraint''. A station can originate an NHRP
Request, and a router can propagate an NHRP Request only if the NHRP
target of the Request does not violate the second NHRP target
constraint. The second NHRP target constraint guarantees that
forwarding to all the destinations covered by the NHRP target would
be accomplished via a single (common) route, and this route would be
the NHRP forwarding route for the target.
Again, if a received NHRP request does not meet the ``second NHRP
target constraint'', the router may either respond to the request,
providing its own NBMA address, or it may lengthen the prefix in the
request so as to meet the second constraint.
Joel Halpern [Page 3]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
5. NHRP Requester and Terminator Processing
The issue being addressed with the behaviors being mandated in this
document is to ensure that sufficient information is present and
processed to avoid NHRP shortcuts causing packet forwarding loops.
In order to do this, the requester and responder of the request must
undertake certain work, and any "border routers" in the forwarding
path must also perform certain additional work beyond checking the
target consistency with the FIB during request processing. This
border work suffices to detect any changes that would cause the path
selection to have failed the target constraints.
The work performed by the requester and responder consists of two
kinds of work. One set is requester only work, and is required in
order to determine where the protocol boundaries are. The other set
is the route monitoring work.
5.1. NHRP IGP information
The primary cause of NHRP forwarding loops is the loss of information
at a routing protocol boundary. Normally, such boundaries are
detected by the router at the boundary. However, it is possible for
IGP boundaries to overlap. Therefore, NHRP requesting Routers MUST
include the NHRP IGP Information extension (as defined in section 9).
This extension indicates what IGP the originator of the request uses.
A requesting router must always include this extension, since it is
not possible to tell a priori whether the eventual resolution of the
request will be a host or a router.
Because the entire BGP domain is consider one routing domain, the
extension also contains an indication as to whether the originator
was a BGP speaker.
5.2. NHRP Requestor and Responder monitoring
NHRP requestors and responders are required to monitor routing to
maintain correct shortcut information.
Once a router that originates an NHRP Request acquires the shortcut
next hop information, it is essential for the router to be able to
detect any changes that would affect the correctness of this
information. The following measures are intended to provide the
correctness.
Both ends of a shortcut have to monitor the status of the route that
Joel Halpern [Page 4]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
was associated with the shortcut (the NHRP forwarding route). If the
status changes at the router that generated the NHRP Reply, this
router should send a Purge message, so that the NHRP Requester would
issue another NHRP. If the status changes at the Requester, the
Requester must issue another NHRP. This ensures that when both ends
of a shortcut are up, any changes in routing that impact forwarding
to any of the destinations in the NHRP target would result in a
revalidation (via NHRP) of the shortcut. Note that in addition to
sending purges/reverifies in response to routing changes which
directly effect the NHRP target, there is one other case.
A router MUST perform the appropriate purge/reverification process if
it receives routing updates that cause an issued NHRP request to
violate either of the target constraints defined earlier. This is
possible at an NHRP originator, and is more likely at border devices.
Once a shortcut is established, the Requester needs to have some
mechanism(s) to ensure that the other end of the shortcut is alive.
Among the possible mechanisms are: (a) indications from the Data Link
layer, (b) presence of traffic in the reverse direction that comes
with the Link Layer address of the other end, (c) keepalives sent by
the other end. This is intended to suppress black holes, when the
next hop router in the shortcut (the router that generated Reply)
goes down.
A requester should establish a shortcut only after the requester
determines that the information provided by NHRP is fairly stable.
This is necessary in order to avoid initiating shortcuts that are
based on transients in the routing information, and thus would need
to be revalidated almost immediately anyway. Thus, a router may wait
to use NHRP information if the underlying routing information has
recently changed. If the routing protocol being used has a notion of
stability, it should be used. Information in a transient or
holddown state SHOULD NOT be used, and requests which need to be
processed based on such information SHOULD be discarded.
Joel Halpern [Page 5]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
6. Border Processing of NHRP Request
Processing of an NHRP Request is covered by two sets of rules: the
first set for IGP related processing, and the second set for BGP
related processing. The rules for IGP processing relate to
determining where the IGP borders are (in particular in the case of
overlapping IGPs), and then for what must happen at said borders.
6.1. Border Determination
When a router receives a request, and determines that it is not the
NBMA exit router, it must perform a series of checks before
forwarding the request.
When a router receives such a Request, the router uses the NHRP
target and the NHRP IGP information to check whether (a) the first
and the second NHRP target constraints are satisfied, (b) the router
it is in the same routing domain as the originator of the Request,
and if yes, then whether (c) it is a border router for that domain.
When the NHRP target is checked against the forwarding database, a
determination must be made as to whether either of the target
constraints has been violated. If they are violated, then the router
MAY either
o Extend the prefix so as to meet the constraints.
o reply to the request indicating that it is the destination
o return an error indicating which constraint was violated.
If the NHRP forwarding route indicates a next hop that is not on the
same NBMA as the interface on which the Request was received, the
router sends back an NHRP Reply and terminates the query.
If a router receives a request without IGP information, then it was
originated within this domain by a host. If the router is an AS
Border Router (i.e. running BGP), and if the forwarding path exits
the AS, then it must behave as a border router for this request.
Otherwise, for requests without IGP information, the router is not a
border router.
For requests with IGP information, the router compares the forwarding
information against the IGP in the request. If the forwarding entry
indicates that the next hop is to exit the AS (an AS Border Router),
then check the BGP behaviors below.
Joel Halpern [Page 6]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
When the IGP the next hop was learned from is the same IGP as
indicated in the request, then the NHS simply forwards the request.
[Of course, as per NHRP, it is free to respond indicating it is the
termination of the shortcut, for example when the Router/NHS is a
firewall.]
When the IGP the next hop was learned from is different from that
listed in the NHRP request, then this NHS is a border router for this
request.
6.2. Border Behavior
In all cases, a border router has two choices. It MAY terminate and
respond to the request, responding with its IP and NBMA address.
Alternatively, it MAY perform border propagation.
6.2.1. Reorigination
Upon receiving an NHRP request for which the NHS is a border router,
if it chooses to propagate the request, it MUST originate a new NHRP
request. This request will have a locally generated request
identifier, and the same NHRP target information as in the received
request. The NHRP IGP Information will be the correct indication for
the outgoing interface, with BGP indication if the received request
had the BGP indication, or if this transition crosses the AS border.
All other extensions are copied from the incoming request to the new
request.
6.2.2. Response Propagation
When an NHRP response is received for a propagated request, the
information is copies from the received request, and passed on in a
new NHRP response, responding to the originally received request.
The prefix length in the received response is copied to the new
response. All extensions except the NHRP IGP Information are copied
to the new response.
In addition, the border router saves state about this information
exchange. The saved state includes the NHRP target from the
response, with the NHRP prefix length that resulted from the
exchange. It also includes the both the original requester, and the
identity of the responder. These are used to generate appropriate
reverification and purges whenever routing changes in a way that
could effect the resolution.
Joel Halpern [Page 7]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
6.3. Border Information
Sometimes the routing protocol will have provided the border router
with enough information to generate a response to an incoming NHRP
request. In particular, the border router may have information about
IP prefix to NBMA address bindings. If such information is present,
it may be used by a border router to produce an NHRP response without
actually propagating the request. In such a case, that information
must be monitored for stability to maintain the correctness of the
shortcut.
7. BGP Operation
While the NHRP mechanism described above is mostly constrained to the
routers within a single routing domain, the same mechanisms can be
used for shortcuts that span multiple domains. In doing so, one
wants to produce as little additional overhead in the BGP space as
possible.
Therefore, we will treat the space over which BGP runs as a single
routing domain. Care must be taken to propagate information across
the individual AS without error, and to indicate that one has
properly entered the BGP space.
Additional complexity in handling multi-domain shortcuts arise if
routing information gets aggregated at the border routers (which
certainly happens in practice). Since BGP is the major protocol that
is used to exchange routing information across multiple routing
domains, we'll restrict our proposal to the case where the routing
information exchange across domains' boundaries is controlled by BGP.
If both the source and the destination domains are on a common NBMA
network, and the path between these two domains is also fully within
the same NBMA network, then we have only three routing domains to
deal with: source routing domain, BGP routing domain, and destination
routing domain. If the destination domain is not on the same NBMA as
the source domain, then we need to deal only with two domains - the
source and the BGP. Note that we treat all routers that participate
in a single (common) instance of BGP as a single BGP routing domain,
even if these routers participate in different intra-domain routing
protocols, or in different instances of the same intra-domain routing
protocol. There are three aspects to consider.
(a) how a border router in the domain that the originator of
the Request is in handles the Request (crossing IGP/BGP
boundary),
Joel Halpern [Page 8]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
(b) how the Request is handled across the BGP domain, and
finally
(c) how a border router in the domain where the NHRP target is
in handles the Request (crossing BGP/IGP boundary).
7.1. Handling NHRP Request at the source domain border router
When a border router receives an NHRP Request originated from within
its own (IGP) routing domain, the border router determines the NHRP
forwarding route for the NHRP target carried by the Request. If the
router already has the shortcut information for the forwarding route,
then the router uses this information to construct a Reply to the
source of the NHRP Request. Otherwise, the router originates its own
NHRP Request. The Request contains exactly the same NHRP target, as
was carried by the original Request; The NHRP IGP Information will
indicate that the request was generated by BGP, and will indicate the
IGP of the BGP AS being entered. While it is assumed that a BGP
transit AS will generally use only one IGP, the IGP information (and
border processing) is included to allow all cases. The newly
originated Request is sent to the next hop of the NHRP forwarding
route. Once the border router receives a Reply to its own Request,
the border router uses the next hop information from the Reply to
construct its own Reply to the source of the original NHRP Request.
If the border router later on receives a Purge message for the NHRP
forwarding route, the border router treats this event as if there was
a local change in the NHRP forwarding route (even if the there was no
changes in the route).
This is exactly the same behavior as all other border cases, and is
described here for completeness.
7.2. Handling NHRP Request within the BGP domain
Routers within an AS will check the IGP, and perform appropriate
processing based on the IGP match. In general, this will result in
normal forwarding of the NHRP request.
Therefore, the significant cases occur at the BGP speaking routers.
There are two conditions to check for, early exit of the NBMA, and
reachability aggregation. Both of these conditions apply to
Autonomous systems that do not contain the NHRP target.
Joel Halpern [Page 9]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
7.2.1. NBMA exit
The BGP router in deciding where to send the NHRP request will
determine what the correct exit from the autonomous system is. It
will determine if that exit is within the NBMA. If it is not within
the NBMA, then the router MUST respond to the NHRP request,
indicating its own IP and NBMA addresses as the correct termination
of the shortcut. This is because the actual NBMA border device is
not in a position to monitor the topology properly.
BGP routers within an NBMA which are supporting R2R NHRP SHOULD be
configured to know where the NBMA border is. In the absence of such
configuration, requests from other router SHOULD be terminated at the
BGP router, since it can not tell what will be crossing the border.
A BGP router supporting R2R NHRP may be configured to assume that all
of its neighbors are within the NBMA, and therefore not perform such
early termination.
7.2.2. Reachability Aggregation
BGP routers aggregate reachability. If the router aggregates
reachability that includes the NHRP target, only this router has the
visibility to some of the topology changes that can affect the
correctness of the route. Therefore, this router is a border router
for this NHRP request.
It must originate a new request, place the correct information in the
request, receive the response, and generate the correct response
towards the requester. This aggregating router must also monitor
routing in case of changes which affect the request.
If the router later on receives a Purge message for the NHRP
forwarding route, the router treats this event as if there was a
change in the NHRP forwarding route (even if the there was no changes
in the route).
It should be noted that this conditions applies if the router COULD
aggregate relevant routing information, even if it currently does
not.
Joel Halpern [Page 10]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
7.3. Handling NHRP Request at the destination domain border router
When a border router receives an NHRP Request from a BGP speaker, and
the border router determines that all the destinations covered by the
NHRP target of the Request are within the (IGP) domain of that border
router, the border router determines the NHRP forwarding route for
the NHRP target carried by the Request. The newly formed Request
contains exactly the same NHRP target as the received Request; the
NHRP IGP Information indicates the IGP this router is using to select
the route to the destination. The newly originated Request is sent
to the next hop of the NHRP forwarding route. Once the border router
receives a Reply to its own Request, the border router uses the next
hop information from the Reply to construct its own Reply to the
source of the original NHRP Request.
If the border router later on receives a Purge message for the NHRP
forwarding route, the border router treats this event as if there was
a change in the NHRP forwarding route (even if the there was no
changes in the route).
8. More state, less messages
It should be possible to reduce the number of Purge messages and
subsequent NHRP messages (caused by the Purge messages) by
maintaining more state on the border routers at the source and
destination domains, and the BGP routers that perform aggregation
along the path from the source to the destination.
Specifically, on these routers it would be necessary to keep the
information about all the NHRP targets for which the routers maintain
the shortcut information. This way when such a router determines
that the NHRP forwarding route (for which the router maintains the
shortcut information) changes due to some local routing changes, the
router could check whether these local changes impact forwarding to
the destinations covered by the NHRP targets. For the targets that
are impacted by the changes the router would send Purge messages.
Note that this mechanism (maintaining NHRP targets) precludes the use
of Address Prefix Extension - the shortcut will be determined only
for the destinations covered by the NHRP target (so, if the target is
a single IP address, then the shortcut would be determined only for
this address).
Joel Halpern [Page 11]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
9. NHRP IGP Information Extension Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0-3 |C|u| Type = 9 | Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4-7 | flags |b| Reserved | IGP ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
C "Compulsory." If clear, and the NHS does not recognize the
type code, the extension maybe safely be ignored. For
the IGP Information extension, this bit is clear.
u Unused and must be set to zero
Type The extension type code. For the IGP Information
extension, this is 9.
Length the length in octets of the value. For this extension,
this is 4.
flags Other than the "b" flag, these are reserved, SHALL be set
to 0 on transmission, and SHALL be ignored on reception.
b This flag indicates whether the request (or a predecessor
thereof) was originated by a BGP speaker. Set (to 1) to
indicate that the BGP speaker has operated on this.
Clear (to 0) if not.
IGP ID This field indicates the IGP used by the request
originator. The currently defined values are:
1 = RIP
2 = RIPv2
3 = OSPF
4 = Dual IS-IS
Joel Halpern [Page 12]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
10. IANA Considerations
This document defines an enumerated field for identifying IGPs in
router-to-router NHRP requests. Since there may be additional IGPs
in use, a procedure is needed for allocating additional values. The
IANA shall allocate values for this field as needed. Specifically,
when requested a value shall be allocated for an IGP for any layer 3
protocol for which there is a clear and stable definition of the
protocol. An RFC is the best example of such stability. Vendor
published specifications are also acceptable. The IANA should avoid
issuing two values for the same protocol. However, it is not
incumbent upon the IANA to determine if two similar protocols are
actually the same.
11. Open issues
The mechanisms described in this document assume that certain routers
along a path taken by an NHRP Request would be required to maintain
state associated with the NHRP forwarding route associated with the
NHRP target carried by the Request. However, it is quite clear that
the router(s) may also lose this state. Further study of the impact
of losing the state is needed before advancing the use of NHRP for
establishing shortcuts among routers beyond Proposed Standard.
The mechanisms described in this document may result in a situation
where a router would be required to maintain NHRP peering with
potentially a fairly large number of other routers. Further study is
needed to understand the implications of this on the scalability of
the approach where NHRP is used to establish shortcuts among routers.
This document doesn't have a proof that the mechanisms described here
result in loop-free steady state forwarding when NHRP is used to
establish shortcuts among routers, however, a counterexample has not
yet been found. Further analysis should be done as part of advancing
beyond Proposed Standard.
Joel Halpern [Page 13]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
12. Security Considerations
Security is provided in the base NHRP protocol, using hop-by-hop
authentication. There is no change to the fundamental security
capabilities provided therein when these extensions are used. It
should be noted that the assumption of transitive trust that is the
basis of such security may well be significantly weaker in an inter-
domain environment, and administrators of border routers should take
this into consideration. The hop-by-hop security model is used by
NHRP originally because there is no end-to-end security association
between the requesting and responding NHRP entities. In this
environment there is the additional facet that intermediate NHS are
modifying the prefix length field of the CIE, thus changing the end-
to-end information.
13. References
[1] J. Luciani, D. Katz, D. Piscitello, B. Cole, N. Doraswamy.,
"NBMA Next Hop Resolution Protocol", RFC-2332, USC/Information
Sciences Institute, April 1998.
[2] D. Cansever., "NHRP Protocol Applicability Statement", RFC-2333,
USC/Information Sciences Institute, April 1998
[3] S. Bradner., "Key words for use in RFCs to Indicate Requirement
Levels", RFC-2119, USC/Information Sciences Institute, March 1997.
14. Acknowledgements
The authors wish to Thank Curtis Villamizer for his contributions
emphasizing both the importance of the looping cases, and some
examples of when loops can occur.
15. Author Information
Joel Halpern [Page 14]
�
Internet Draft draft-ietf-ion-r2r-nhrp-03.txt May 1998
Joel M. Halpern
Institutional Venture Partners
3000 Sand Hill Road
Menlo Park, CA
Phone: (650) 926-5633
email: joel@mcquillan.com
Yakov Rekhter
cisco Systems, Inc.
170 Tasman Dr.
San Jose, CA 95134
Phone: (914) 528-0090
email: yakov@cisco.com
Joel Halpern [Page 15]
�
|
