From b5fb52d76c25f63527b3116f5e86a429187cb87a Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Wed, 17 Apr 2019 10:39:04 -0700 Subject: [PATCH] NEWKEY PDU added --- draft-ietf-lsvr-l3dl.xml | 194 +++++++++++++++++++++++++-------------- 1 file changed, 126 insertions(+), 68 deletions(-) diff --git a/draft-ietf-lsvr-l3dl.xml b/draft-ietf-lsvr-l3dl.xml index 1be22f5..b675d8b 100644 --- a/draft-ietf-lsvr-l3dl.xml +++ b/draft-ietf-lsvr-l3dl.xml @@ -171,6 +171,8 @@ Shortest Path First, an algorithm for finding the shortest paths between nodes in a graph; AKA Dijkstra's algorithm. + An eight octet ISO System + Identifier a la System ID Top Of Rack switch, aggregates the servers in a rack and connects to aggregation layers of the Clos tree, AKA the Clos spine. @@ -267,58 +269,7 @@ -
- - L3DL discovers neighbors on logical links and establishes - sessions between the two ends of all consenting discovered logical - links. A logical link is described by a pair of Logical Link - Endpoint Identifiers, LLEIs. - - An L3DL deployment will choose and define an LLEI which suits - their needs, simple or complex. Two extremes are as follows: - - A simplistic view of a link between two devices is two ports, - identified by unique MAC addresses, carrying a layer 3 protocol - conversation. In this case, the MAC addresses might suffice for the - LLEIs. - - Unfortunately, things can get more complex. Multiple VLANs can - run between those two MACS addresses. In practice, real devices use - the same MAC address on multiple ports and/or sub-interfaces. - - Therefore, in extreme circumstances, a fully described LLEI might - be as follows: - -
- - 0 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| ifIndex | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| System MAC | -+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| | VLAN ID | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - -
- - ifIndex is the SNMP identifier of the (sub-)interface, see . This uniquely identifies the port. - - System MAC is an identifier unique in the entore operational - space. Routers and switches have internal system MACs which can be - used. If none exists on a device, the local L3DL configuration - SHOULD create and assign a unique one by configuration. - - The VLAN ID is the 802.1Q identifier of the virtual link's VLAN - if a VLAN is configured, otherwise zero. - -
- -
+
@@ -335,7 +286,7 @@ i.e. the same AFI/SAFI and the same subnet, the link is announced via the BGP-LS API. -
+
The HELLO, , is a priming message. It is a small L3DL PDU encapsulated in an Ethernet multicast frame with @@ -358,7 +309,7 @@ |<----------------------------| | | | | -| OPEN | Session Open LLEIs +| OPEN | MACs, IDs, and Capabilities |---------------------------->| | OPEN | Mandatory |<----------------------------| @@ -532,7 +483,6 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
-
The basic L3DL application layer PDU is a typical TLV (Type @@ -592,8 +542,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) the underlying Datagram cheksums may be sufficient for integrity, if not for authentication. - Sig Type 1 is specified in a companion document [ref - later]. + Sig Type 1, aimed at Trust On First Use, AKA TOFU, is specified + in a companion document [ref later]. Other Sig Types may be defined in other documents. @@ -609,6 +559,65 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+
+ + L3DL discovers neighbors on logical links and establishes + sessions between the two ends of all consenting discovered logical + links. A logical link is described by a pair of Logical Link + Endpoint Identifiers, LLEIs. + + An LLEI is a variable lenth descriptor which could be an ASN, a + classic RouterID, a catenation of the two, an eight octet ISO System + Identifier , or any other identifier unique + to a single logical link endpoint in the topology. + + An L3DL deployment will choose and define an LLEI which suits + their needs, simple or complex. Two extremes are as follows: + + A simplistic view of a link between two devices is two ports, + identified by unique MAC addresses, carrying a layer 3 protocol + conversation. In this case, the MAC addresses might suffice for the + LLEIs. + + Unfortunately, things can get more complex. Multiple VLANs can + run between those two MACS addresses. In practice, real devices use + the same MAC address on multiple ports and/or sub-interfaces. + + Therefore, in the general circumstance, a fully described LLEI + might be as follows: + +
+ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| | ++ System Identifier + +| | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| ifIndex | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +
+ + System Identifier, a la , is an eight + octet identifier unique in the entire operational space. Routers + and switches usually have internal MAC Addresses which can be padded + and used if no System ID exists on the device. If no unique + identifier is burned into a device, the local L3DL configuration + SHOULD create and assign a unique one by configuration. + + ifIndex is the SNMP identifier of the (sub-)interface, see . This uniquely identifies the port. + + For a layer 3 tagged sub-interface or a VLAN/SVI interface, + Ifindex is that of the logical sub-interface, so no further + disambiguation is needed. + +
+
The HELLO PDU is unique in that it is encapsulated in a multicast @@ -676,7 +685,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) Ethernet frames.
@@ -686,10 +696,10 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 1 | Payload Length | ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Nonce | ID Length | +| Nonce | LLEI Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ ~ -~ My ID ~ +~ My LLEI ~ ~ ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AttrCount | Attribute List ... | @@ -714,11 +724,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) prevent session closure due to a repeated OPEN caused by a race or a dropped or delayed ACK. - My ID is the sending LLEI, see . It can be - an ASN with high order bits zero, a classic RouterID with high order - bits zero, a catenation of the two, a 80-bit ISO System-ID, or any - other identifier unique to a single logical link endpoint in the - topology. IDs are big-endian. + My LLEI is the sender's LLEI, see . LLEIs + are big-endian. AttrCount is the number of attributes in the Attribute List. Attributes are single octets whose semantics are user-defined. @@ -1215,6 +1222,56 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+
+ + Modern key management allows for agility in 'rolling' to a new + key or even algorithm in case of key compromise or merely prudence. + Declaring a new key with an L3DL OPEN PDU would cause serious churn + in topology as a new OPEN causes a withdraw of previously announced + encapsulations. Therefore, a gentler rekeying is needed. + + + +
+ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| Type = 8 | Payload Length | New Auth Type | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| New Auth Length | ~ ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ +~ New Authentication Data ... | Old Sig Type | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| Old Signature Length | ~ ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ +~ Old Signature ... | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +
+ + The New Auth Type, New Auth Length, and New Authentication Data + fields declare the replacement algorithm and key. + + The NEWKEY PDU is signed using the current (soon to be old) + algorithm and key. + + To avoid possible race conditions, the receiver SHOULD accept + signatures using either the new or old key for a configurable time + (default 30 seconds). This is intended to accommodate situations + such as senders with high peer out-degree and a single per-device + asymmetric key. + + If the sender does not receive an ACK in the normal window, + including retransmission, then the sender MAY choose to allow a + session reset by either issuing a new OPEN or by letting the + receiver eventually have a signature failure (error code 3) on a + PDU. + +
+
Layer 2 liveness may be continuously tested by KEEPALIVE PDUs, @@ -1410,7 +1467,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) 5 IPv6 Announce / Withdraw 6 MPLS IPv4 Announce / Withdraw 7 MPLS IPv6 Announce / Withdraw - 8-254 Reserved + 8 NEWKEY + 9-254 Reserved 255 VENDOR @@ -1426,8 +1484,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) Number Name ------ ------------------- 0 Null - 1 TOFU - Trust On First Use - 2-255 Reserved + 1-255 Reserved @@ -1488,6 +1545,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n) +