CURRENT_MEETING_REPORT_ Reported by John Moy/Cascade Communications Minutes of the Open Shortest Path First IGP Working Group (OSPF) The OSPF Working Group met on Tuesday, 4 April, at the Danvers IETF. Proposed Changes to the Base OSPF Specification John Moy gave an overview of the proposed changes to the base OSPF specification. It is intended that these be the last changes made before the document is submitted for Standard status. The changes are: o Changes to OSPF authentication, including addition of the new Cryptographic authentication option (MD5). o Addition of the Point-to-MultiPoint interface. o Support for overlapping area ranges. o The flooding modification specified in the OSPF Demand Circuits document (Section 2.4). o Changing the minimum time between reception of new LSA instances from five seconds to one. o Allowing point-to-point links to be advertised as subnets. Concerning the Point-to-MultiPoint interface, a question came up concerning fragmentation of LSAs. Apparently, some Frame Relay networks are being designed with a hub router supporting hundreds of neighbors, causing the size of the hub router's router-LSA to exceed the interface MTU. John responded that the representation of Point-to-Multipoint interfaces are as compact as they can be, and that routers with hundreds of neighbors are just going to have to rely on IP fragmentation. John promised to publish the updated OSPF specification as an Internet-Draft in the next couple of weeks. Work on OSPF for IPv6 John presented Rob Coltun's work on OSPF for IPv6. This has essentially remained unchanged since the last meeting. The outstanding issues were as follows: o Should OSPF for IPv6 be capable of distributing both IPv6 and IPv4 information? The current draft does, proposing that areas can be IPv4-only, IPv6-only, or a mix. However, given the current IPv6 transition plan, it was decided that OSPF for IPv6 would carry only IPv6 information, and that SIN (which matches the dual stack transition strategy) be employed when both IPv6 and IPv4 routing are needed. Curtis said that if this was to be the case, then he wanted an Opaque-LSA for IPv4. o Should OSPF for IPv6 have support for fragmenting LSAs? This was the same question that was asked earlier in the Point-to-MultiPoint discussion. However, it is even more of an issue for IPv6, since the addresses are four times larger. We could just rely on IPv6 fragmentation, as we do for IPv4. Alternatively, Rob has specified a way for OSPF to fragment router-LSAs (by using the Link State ID as the fragment number), although his approach does not work for network-LSAs. This issue remained open. o Format and use of Opaque-LSAs. Rob proposes to use the top 32 bits of the Opaque-LSA's Link State ID as a ``subtype'' field, indicating the kind of Opaque information carried. This seemed ok with the working group. It was mentioned that Opaque-LSAs should be ``scoped,'' as some information will want to be carried across area boundaries, and others will not. Possibly two separate LS types could be defined to achieve this. Also, there was a question whether the IDR Working Group would be happy with the Opaque-LSA, or whether they needed a separate LSA to carry BGP path information (Reporter's note: Yakov Rekhter, IDR co-Chair, later said that using the Opaque-LSA is fine, but he wants the format and overflow behavior defined when used for BGP path information). Pending Documents Fred Baker gave a quick summary of three pending documents: the OSPF MIB, the CIDR routing table MIB and the latest Cryptographic Authentication (MD5) document. The only comment was that the Cryptographic Authentication document should describe how to invalidate a key. How OSPF Might Be Used to Solve the ROLC Problem Doug Williams gave a presentation on how OSPF might be used to solve the ROLC problem. Curtis Villamizar responded that he was working on a different solution, employing BGP and using OSPF to carry BGP attributes. There was some question whether these proposals were redundant, or whether they addressed different problem spaces. Doug and Curtis then took the discussion off-line. OSPF Testing Session John said that he would like to hold an OSPF testing session this summer. Possible items to test are: Point-to-MultiPoint interfaces, MD5 authentication, OSPF over demand circuits and MOSPF. Exact date and location are still TBD. Interested parties should contact John directly. Signing Individual LSAs Sandy Murphy gave a presentation on how you could enhance the security of OSPF by signing individual LSAs. This proposal is documented in the Internet-Draft, draft-murphy-ospf-signature-00.txt. It was generally agreed that this proposal guards against certain errors happening inside routers, such as mistakenly setting other people's LSAs to MaxAge, while the standard OSPF authentication only guards against errors (malicious or otherwise) in the transmission medium. Some people questioned how often such internal router errors happen in practice, and whether the cost of the proposal was too high. Dennis Ferguson noted that other errors that can happen in routers, such as faulty routing table calculations, were not protected against. He reasoned that in a hop-by-hop forwarding technology such as IP, the hop-by-hop authentication currently provided by OSPF packet authentication is almost as powerful as signing LSAs. However, he said that this work on signing LSAs may be useful for circuit-oriented technologies (such as ATM).