diff --git a/draft-ietf-lsvr-l3dl.xml b/draft-ietf-lsvr-l3dl.xml
index 1be22f5..b675d8b 100644
--- a/draft-ietf-lsvr-l3dl.xml
+++ b/draft-ietf-lsvr-l3dl.xml
@@ -171,6 +171,8 @@
Shortest Path First, an algorithm for finding
the shortest paths between nodes in a graph; AKA Dijkstra's
algorithm.
+ An eight octet ISO System
+ Identifier a la System IDTop Of Rack switch, aggregates the servers in
a rack and connects to aggregation layers of the Clos tree, AKA
the Clos spine.
@@ -267,58 +269,7 @@
-
-
- L3DL discovers neighbors on logical links and establishes
- sessions between the two ends of all consenting discovered logical
- links. A logical link is described by a pair of Logical Link
- Endpoint Identifiers, LLEIs.
-
- An L3DL deployment will choose and define an LLEI which suits
- their needs, simple or complex. Two extremes are as follows:
-
- A simplistic view of a link between two devices is two ports,
- identified by unique MAC addresses, carrying a layer 3 protocol
- conversation. In this case, the MAC addresses might suffice for the
- LLEIs.
-
- Unfortunately, things can get more complex. Multiple VLANs can
- run between those two MACS addresses. In practice, real devices use
- the same MAC address on multiple ports and/or sub-interfaces.
-
- Therefore, in extreme circumstances, a fully described LLEI might
- be as follows:
-
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| ifIndex |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| System MAC |
-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| | VLAN ID |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-
- ifIndex is the SNMP identifier of the (sub-)interface, see . This uniquely identifies the port.
-
- System MAC is an identifier unique in the entore operational
- space. Routers and switches have internal system MACs which can be
- used. If none exists on a device, the local L3DL configuration
- SHOULD create and assign a unique one by configuration.
-
- The VLAN ID is the 802.1Q identifier of the virtual link's VLAN
- if a VLAN is configured, otherwise zero.
-
-
-
-
+
@@ -335,7 +286,7 @@
i.e. the same AFI/SAFI and the same subnet, the link is announced
via the BGP-LS API.
-
+ The HELLO, , is a priming message. It is
a small L3DL PDU encapsulated in an Ethernet multicast frame with
@@ -358,7 +309,7 @@
|<----------------------------|
| |
| |
-| OPEN | Session Open LLEIs
+| OPEN | MACs, IDs, and Capabilities
|---------------------------->|
| OPEN | Mandatory
|<----------------------------|
@@ -532,7 +483,6 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
-
The basic L3DL application layer PDU is a typical TLV (Type
@@ -592,8 +542,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
the underlying Datagram cheksums may be sufficient for integrity,
if not for authentication.
- Sig Type 1 is specified in a companion document [ref
- later].
+ Sig Type 1, aimed at Trust On First Use, AKA TOFU, is specified
+ in a companion document [ref later].Other Sig Types may be defined in other documents.
@@ -609,6 +559,65 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+
+
+ L3DL discovers neighbors on logical links and establishes
+ sessions between the two ends of all consenting discovered logical
+ links. A logical link is described by a pair of Logical Link
+ Endpoint Identifiers, LLEIs.
+
+ An LLEI is a variable lenth descriptor which could be an ASN, a
+ classic RouterID, a catenation of the two, an eight octet ISO System
+ Identifier , or any other identifier unique
+ to a single logical link endpoint in the topology.
+
+ An L3DL deployment will choose and define an LLEI which suits
+ their needs, simple or complex. Two extremes are as follows:
+
+ A simplistic view of a link between two devices is two ports,
+ identified by unique MAC addresses, carrying a layer 3 protocol
+ conversation. In this case, the MAC addresses might suffice for the
+ LLEIs.
+
+ Unfortunately, things can get more complex. Multiple VLANs can
+ run between those two MACS addresses. In practice, real devices use
+ the same MAC address on multiple ports and/or sub-interfaces.
+
+ Therefore, in the general circumstance, a fully described LLEI
+ might be as follows:
+
+
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| |
++ System Identifier +
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| ifIndex |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+ System Identifier, a la , is an eight
+ octet identifier unique in the entire operational space. Routers
+ and switches usually have internal MAC Addresses which can be padded
+ and used if no System ID exists on the device. If no unique
+ identifier is burned into a device, the local L3DL configuration
+ SHOULD create and assign a unique one by configuration.
+
+ ifIndex is the SNMP identifier of the (sub-)interface, see . This uniquely identifies the port.
+
+ For a layer 3 tagged sub-interface or a VLAN/SVI interface,
+ Ifindex is that of the logical sub-interface, so no further
+ disambiguation is needed.
+
+
+
The HELLO PDU is unique in that it is encapsulated in a multicast
@@ -676,7 +685,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
Ethernet frames.
@@ -686,10 +696,10 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 1 | Payload Length | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Nonce | ID Length |
+| Nonce | LLEI Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ ~
-~ My ID ~
+~ My LLEI ~
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AttrCount | Attribute List ... |
@@ -714,11 +724,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
prevent session closure due to a repeated OPEN caused by a race or a
dropped or delayed ACK.
- My ID is the sending LLEI, see . It can be
- an ASN with high order bits zero, a classic RouterID with high order
- bits zero, a catenation of the two, a 80-bit ISO System-ID, or any
- other identifier unique to a single logical link endpoint in the
- topology. IDs are big-endian.
+ My LLEI is the sender's LLEI, see . LLEIs
+ are big-endian.AttrCount is the number of attributes in the Attribute List.
Attributes are single octets whose semantics are user-defined.
@@ -1215,6 +1222,56 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+
+
+ Modern key management allows for agility in 'rolling' to a new
+ key or even algorithm in case of key compromise or merely prudence.
+ Declaring a new key with an L3DL OPEN PDU would cause serious churn
+ in topology as a new OPEN causes a withdraw of previously announced
+ encapsulations. Therefore, a gentler rekeying is needed.
+
+
+
+
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Type = 8 | Payload Length | New Auth Type |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| New Auth Length | ~
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+~ New Authentication Data ... | Old Sig Type |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Old Signature Length | ~
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+~ Old Signature ... |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+ The New Auth Type, New Auth Length, and New Authentication Data
+ fields declare the replacement algorithm and key.
+
+ The NEWKEY PDU is signed using the current (soon to be old)
+ algorithm and key.
+
+ To avoid possible race conditions, the receiver SHOULD accept
+ signatures using either the new or old key for a configurable time
+ (default 30 seconds). This is intended to accommodate situations
+ such as senders with high peer out-degree and a single per-device
+ asymmetric key.
+
+ If the sender does not receive an ACK in the normal window,
+ including retransmission, then the sender MAY choose to allow a
+ session reset by either issuing a new OPEN or by letting the
+ receiver eventually have a signature failure (error code 3) on a
+ PDU.
+
+
+
Layer 2 liveness may be continuously tested by KEEPALIVE PDUs,
@@ -1410,7 +1467,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
5 IPv6 Announce / Withdraw
6 MPLS IPv4 Announce / Withdraw
7 MPLS IPv6 Announce / Withdraw
- 8-254 Reserved
+ 8 NEWKEY
+ 9-254 Reserved
255 VENDOR
@@ -1426,8 +1484,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
Number Name
------ -------------------
0 Null
- 1 TOFU - Trust On First Use
- 2-255 Reserved
+ 1-255 Reserved
@@ -1488,6 +1545,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+