The Tunnel Encapsulations OSPF Router InformationHuaweixuxiaohu@huawei.comOrangebruno.decraene@orange.comBloomberg LProbert@raszuk.netTelefonica I+Dluismiguel.contrerasmurillo@telefonica.comVerizonluay.jalil@verizon.com
Routing Area
OSPF Working GroupNetworks use tunnels for a variety of reasons. A large variety of
tunnel types are defined and the tunnel encapsulator router needs to select a
type of tunnel which is supported by the tunnel decapsulator router. This document
defines how to advertise, in OSPF Router Information Link State Advertisement (LSAs),
the list of tunnel encapsulations supported by the tunnel decapsulator.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.Networks use tunnels for a variety of reasons, such as:Partial deployment of IPv6 in IPv4 networks or IPv4 in IPv6
networks as described in , where IPvx
tunnels are used between IPvx-enabled routers so as to traverse
non-IPvx routers.Remote Loop-Free Alternate (RLFA) repair tunnels as described in
, where tunnels are used between the Point
of Local Repair and the selected PQ node.The tunnel encapsulator router needs to select a type of tunnel which is
supported by the tunnel decapsulator router. This document
defines how to advertise, in OSPF Router Information Link State Advertisement (LSAs),
the list of tunnel encapsulations supported by the tunnel decapsulator.
In this document, OSPF refers to both OSPFv2
and OSPFv3 .This memo makes use of the terms defined in .Routers advertise their supported tunnel encapsulation type(s) by
advertising a new TLV of the OSPF Router Information (RI) Opaque LSA
, referred to as the Tunnel Encapsulations TLV.
This TLV is applicable to both OSPFv2 and OSPFv3.The Type code of the Tunnel Encapsulations is TBD1, the
Length value is variable, and the Value field contains one or more
Tunnel Sub-TLVs as defined in .
Each Tunnel Sub-TLV indicates a particular encapsulation
format that the advertising router supports along with the parameters
corresponding to the tunnel type.The Tunnel Encapsulations TLV MAY appear more than once
within a given OSPF Router Information (RI) Opaque LSA. If the Tunnel
Encapsulations TLV appears more than once in an OSPF Router
Information LSA, the set of all Tunnel Sub-TLVs from all Tunnel Encapsulations TLV SHOULD be considered. The scope of the advertisement depends on the
application but it is recommended that it SHOULD be domain-wide.The Tunnel Sub-TLV is structured as follows:Tunnel Type (2 octets): Identifies the type of tunneling
technology signaled. Tunnel types are shared with the BGP
extension and hence are
defined in the IANA registry "BGP Tunnel Encapsulation Attribute
Tunnel Types". Unknown Tunnel types are to be ignored upon
receipt.Length (2 octets): Unsigned 16-bit integer indicating the total
number of octets of the value field.Value (variable): Zero or more Tunnel Parameter
Sub-TLVs as defined in .If a Tunnel Sub-TLV is invalid, it MUST be ignored and skipped. However,
other Tunnel Sub-TLVs MUST be consideredA Tunnel Parameter Sub-TLV is structured as follows:Tunnel Parameter Sub-Type (2 octets): Each sub-type defines a
parameter of the Tunnel Sub-TLV. Sub-Types are
registered in the IANA registry "OSPF Tunnel Parameter Sub-TLVs" .Tunnel Parameter Length (2 octets): Unsigned 16-bit integer indicating the
total number of octets of the Tunnel Parameter Value field.Tunnel Parameter Value (variable): Encodings of the value field depend on
the Sub-TLV type as enumerated above. The following sub-sections
define the encoding in detail.Any unknown Tunnel Parameter Sub-Type MUST be ignored and skipped upon receipt. When a reserved
value (See ) is seen in an LSA, it
MUST be treated as an invalid Tunnel Parameter Sub-TLV. When a Tunnel Parameter Value has an incorrect syntax or semantic, it MUST be treated as an invalid Tunnel Parameter Sub-TLV. If a Tunnel Parameter Sub-TLV is invalid, its
Tunnel Sub-TLV MUST be ignored. However,
other Tunnel Sub-TLVs MUST be considered.This Sub-TLV type is 1. The syntax, semantic, and usage of its value field are defined in Section 3.2 "Encapsulation
Sub-TLVs for Particular Tunnel Types" of .This Sub-TLV type is 2. The syntax, semantic, and usage of its value field are defined in Section 3.4.1 "Protocol Type
sub-TLV" of .This Sub-TLV type is 3. It MUST be present once and only once in a given Tunnel Sub-TLV. The value field contain two sub-fields:
a two-octet Address Family sub-fieldan Address sub-field, whose length depends upon the Address Family.The Address Family subfield contains a value from IANA's "Address
Family Numbers" registry. In this document, we assume that the
Address Family is either IPv4 or IPv6; use of other address families
is outside the scope of this document.If the Address Family subfield contains the value for IPv4, the
address subfield MUST contain an IPv4 address (a /32 IPv4 prefix).
In this case, the length field of Remote Endpoint sub-TLV MUST contain the value 6.If the Address Family subfield contains the value for IPv6, the
address sub-field MUST contain an IPv6 address (a /128 IPv6 prefix).
In this case, the length field of Remote Endpoint sub-TLV MUST
contain the value 18 (0x12). IPv6 link local addresses are not valid
values of the IP address field.This Sub-TLV type is 4. It may appear zero or more time in a given Tunnel Sub-TLV. The value field is a 4-octet opaque unsigned
integer.The color value is user-defined and configured locally on the
advertising routers. It may be used by service providers to define
policies on the tunnel encapsulator routers, for example, to control the
selection of the tunnel to use.This color value can be referenced by BGP routes carrying Color
Extended Community . If the
tunnel is used to reach the BGP Next-Hop of BGP routes, then attaching
a Color Extended Community to those routes express the
willingness of the BGP speaker to use a tunnel of the same color.This Sub-TLV type is 5. The syntax, semantic, and usage of its value field are defined in .This Sub-TLV type is 6. The syntax, semantic, and usage of its value field are defined in Section 3.3.1 "IPv4 DS Field"
of .This Sub-TLV type is 7. The syntax, semantic, and usage of its value field are defined in Section 3.3.2 "UDP Destination
Port" of .The advertisement of a Tunnel Encapsulations Sub-TLV indicates that the advertising router
supports a particular tunnel decapsulation along with the parameters to
be used for the tunnel. The decision to use that tunnel is driven by the
capability of the tunnel encapsulator router to support the encapsulation type and
the policy on the tunnel encapsulator router. The Color Sub-TLV (See ) may be used as an input to this policy. Note that
some tunnel types may require the execution of an explicit tunnel setup
protocol before they can be used to transit data. A tunnel MUST NOT be
used if there is no route toward the IP address specified in the
Endpoint Sub-TLV (See ) or if the route is
not advertised in the same OSPF domain.This document requests IANA to allocate a new code point from the
OSPF Router Information (RI) registry.
This document requests IANA to create, under "Open Shortest Path First (OSPF) Parameters", a new registry "OSPF Tunnel
Parameter Sub-TLVs" with the following registration procedure:The values in the range 1-34999 are to be allocated using the
"Standards Action" registration procedure as defined in .The values in the range 35000-65499 are to be allocated using the
"First Come, First Served" registration procedure.Security considerations applicable to softwires can be found in the
mesh framework . In general, security issues of
the tunnel protocols signaled through this OSPF capability extension are
inherited.If a third-party is able to modify any of the information that is
used to form encapsulation headers, to choose a tunnel type, or to
choose a particular tunnel for a particular payload type, user data
packets may end up getting misrouted, mis-delivered, and/or dropped.
However, since an OSPF routing domain is usually a well-controlled network
under a single administrative domain, the possibility of the above attack is very low.We note that the last paragraph of forbid the establishment of a tunnel toward arbitrary destinations. It prohibits a destination outside of the OSPF domain. This avoid that a third-party gaining access to an OSPF router be able to send the traffic to other destinations, e.g., for inspection purposes.Security considerations for the base OSPF protocol are covered in
and .This document is partially inspired by .The authors would like to thank Greg Mirsky, John E Drake, Carlos
Pignataro and Karsten Thomann for their valuable comments on this
document. Special thanks should be given to Acee Lindem for his multiple
detailed reviews of this document and help. The authors would like to
thank Pete Resnick, Joe Touch, David Mandelberg, Sabrina Tanamal, Tim
Wicinski, Amanda Baber for their Last Call reviews and thank Spencer
Dawkins, Mirja Kuehlewind, Ben Campbell, Benoit Claise, Alvaro
Retana, Adam Roach and Suresh Krishnan for their AD reviews.