draft-ietf-rolc-nhrp-13.txt   draft-ietf-rolc-nhrp-14.txt 
Routing over Large Clouds Working Group James V. Luciani Routing over Large Clouds Working Group James V. Luciani
INTERNET-DRAFT (Bay Networks) INTERNET-DRAFT (Bay Networks)
<draft-ietf-rolc-nhrp-13.txt> Dave Katz <draft-ietf-rolc-nhrp-14.txt> Dave Katz
(cisco Systems) (cisco Systems)
David Piscitello David Piscitello
(Core Competence, Inc.) (Core Competence, Inc.)
Bruce Cole Bruce Cole
(Juniper Networks) (Juniper Networks)
Naganand Doraswamy
(Bay Networks)
NBMA Next Hop Resolution Protocol (NHRP) NBMA Next Hop Resolution Protocol (NHRP)
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.'' material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim). Rim).
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [15].
Abstract Abstract
This document describes the NBMA Next Hop Resolution Protocol (NHRP). This document describes the NBMA Next Hop Resolution Protocol (NHRP).
NHRP can be used by a source station (host or router) connected to a NHRP can be used by a source station (host or router) connected to a
Non-Broadcast, Multi-Access (NBMA) subnetwork to determine the Non-Broadcast, Multi-Access (NBMA) subnetwork to determine the
internetworking layer address and NBMA subnetwork addresses of the internetworking layer address and NBMA subnetwork addresses of the
"NBMA next hop" towards a destination station. If the destination is ''NBMA next hop'' towards a destination station. If the destination is
connected to the NBMA subnetwork, then the NBMA next hop is the connected to the NBMA subnetwork, then the NBMA next hop is the
destination station itself. Otherwise, the NBMA next hop is the destination station itself. Otherwise, the NBMA next hop is the
egress router from the NBMA subnetwork that is "nearest" to the egress router from the NBMA subnetwork that is ''nearest'' to the
destination station. NHRP is intended for use in a multiprotocol destination station. NHRP is intended for use in a multiprotocol
internetworking layer environment over NBMA subnetworks. internetworking layer environment over NBMA subnetworks.
Note that while this protocol was developed for use with NBMA Note that while this protocol was developed for use with NBMA
subnetworks, it is possible, if not likely, that it will be applied subnetworks, it is possible, if not likely, that it will be applied
to BMA subnetworks as well. However, this usage of NHRP is for to BMA subnetworks as well. However, this usage of NHRP is for
further study. further study.
This document is intended to be a functional superset of the NBMA This document is intended to be a functional superset of the NBMA
Address Resolution Protocol (NARP) documented in [1]. Address Resolution Protocol (NARP) documented in [1].
Operation of NHRP as a means of establishing a transit path across an Operation of NHRP as a means of establishing a transit path across an
NBMA subnetwork between two routers will be addressed in a separate NBMA subnetwork between two routers will be addressed in a separate
document (see [13]). document (see [13]).
1. Introduction 1. Introduction
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [15].
The NBMA Next Hop Resolution Protocol (NHRP) allows a source station The NBMA Next Hop Resolution Protocol (NHRP) allows a source station
(a host or router), wishing to communicate over a Non-Broadcast, (a host or router), wishing to communicate over a Non-Broadcast,
Multi-Access (NBMA) subnetwork, to determine the internetworking Multi-Access (NBMA) subnetwork, to determine the internetworking
layer addresses and NBMA addresses of suitable "NBMA next hops" layer addresses and NBMA addresses of suitable "NBMA next hops"
toward a destination station. A subnetwork can be non-broadcast toward a destination station. A subnetwork can be non-broadcast
either because it technically doesn't support broadcasting (e.g., an either because it technically doesn't support broadcasting (e.g., an
X.25 subnetwork) or because broadcasting is not feasible for one X.25 subnetwork) or because broadcasting is not feasible for one
reason or another (e.g., an SMDS multicast group or an extended reason or another (e.g., an SMDS multicast group or an extended
Ethernet would be too large). If the destination is connected to the Ethernet would be too large). If the destination is connected to the
NBMA subnetwork, then the NBMA next hop is the destination station NBMA subnetwork, then the NBMA next hop is the destination station
skipping to change at page 43, line 19 skipping to change at line 1993
the hash does not match, then an "abnormal event" has occurred. the hash does not match, then an "abnormal event" has occurred.
5.3.4.4 Security Considerations 5.3.4.4 Security Considerations
It is important that the keys chosen are strong as the security of It is important that the keys chosen are strong as the security of
the entire system depends on the keys being chosen properly and the the entire system depends on the keys being chosen properly and the
correct implementation of the algorithms. correct implementation of the algorithms.
The security is performed on a hop by hop basis. The data received The security is performed on a hop by hop basis. The data received
can be trusted only so much as one trusts all the entities in the can be trusted only so much as one trusts all the entities in the
path traversed. path traversed. A chain of trust is established amongst NHRP entities
in the path of the NHRP Message . If the security in an NHRP entity
is compromised, then security in the entire NHRP domain is
compromised.
Data integrity covers the entire NHRP payload. This guarantees that
the message was not modified and the source is authenticated as well.
If authentication extension is not used or if the security is
compromised, then NHRP entities are liable to both spoofing attacks,
active attacks and passive attacks.
There is no mechanism to encrypt the messages. It is assumed that a
standard layer 3 confidentiality mechanism will be used to encrypt
and decrypt messages. It is recommended to use an Internet standard
key management protocol to negotiate the keys between the neighbors.
Transmitting the keys in clear text, if other methods of negotiation
is used, compromises the security completely.
5.3.5 NHRP Vendor-Private Extension 5.3.5 NHRP Vendor-Private Extension
Compulsory = 0 Compulsory = 0
Type = 8 Type = 8
Length = variable Length = variable
The NHRP Vendor-Private Extension is carried in NHRP packets to The NHRP Vendor-Private Extension is carried in NHRP packets to
convey vendor-private information or NHRP extensions between NHRP convey vendor-private information or NHRP extensions between NHRP
speakers. speakers.
skipping to change at page 50, line 27 skipping to change at line 2340
comments and suggestions that improved this work substantially. We comments and suggestions that improved this work substantially. We
would also like to thank the members of the ION working group of the would also like to thank the members of the ION working group of the
IETF, whose review and discussion of this document have been IETF, whose review and discussion of this document have been
invaluable. invaluable.
Authors' Addresses Authors' Addresses
James V. Luciani Dave Katz James V. Luciani Dave Katz
Bay Networks cisco Systems Bay Networks cisco Systems
3 Federal Street 170 W. Tasman Dr. 3 Federal Street 170 W. Tasman Dr.
Mail Stop: BL3-04 San Jose, CA 95134 USA Mail Stop: BL3-03 San Jose, CA 95134 USA
Billerica, MA 01821 Phone: +1 408 526 8284 Billerica, MA 01821 Phone: +1 408 526 8284
Phone: +1 508 916 4734 Email: dkatz@cisco.com Phone: +1 978 916 4734 Email: dkatz@cisco.com
Email: luciani@baynetworks.com Email: luciani@baynetworks.com
David Piscitello Bruce Cole David Piscitello Bruce Cole
Core Competence Juniper Networks Core Competence Juniper Networks
1620 Tuckerstown Road 3260 Jay St. 1620 Tuckerstown Road 3260 Jay St.
Dresher, PA 19025 USA Santa Clara, CA 95054 Dresher, PA 19025 USA Santa Clara, CA 95054
Phone: +1 215 830 0692 Phone: +1 408 327 1900 Phone: +1 215 830 0692 Phone: +1 408 327 1900
Email: dave@corecom.com Email: bcole@jnx.com Email: dave@corecom.com Email: bcole@jnx.com
Naganand Doraswamy
Bay Networks, Inc.
3 Federal Street
Mail Stop: Bl3-03
Billerica, MA 01821
Phone: +1 978 916 1323
Email: naganand@baynetworks.com
 End of changes. 10 change blocks. 
10 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/