Internet Engineering Task Force                               T. Przygienda
INTERNET DRAFT                                                         Redback
                                                                     1 Jul 2000
                          Optional Checksums in ISIS
                  <draft-ietf-isis-wg-snp-checksum-02.txt>



Status of This Memo

    This document is an Internet-Draft and is in full conformance with
    all provisions of Section 10 of RFC2026.  Internet-Drafts are working
    documents of the Internet Engineering Task Force (IETF), its areas,
    and its working groups.  Note that other groups may also distribute
    working documents as Internet-Drafts.

    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at
    any time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at
    http://www.ietf.org/ietf/1id-abstracts.txt

    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.



Abstract

    This draft describes an optional extension to IS-IS [ISO90 , Cal90a ,
    Cal90b], used today by several ISPs for routing within their clouds.
    IS-IS is an interior gateway routing protocol developed originally
    by OSI and used with IP extensions as IGP. IS-IS originally doesn't
    provide CSNP adn PSNP checksums, relying on the underlying layers
    to verify the integrity of information provided.  Experience with
    the protocol shows that this precondition does not always hold and
    scenarios can be imagined that impact protocol functionality.  This
    document introduces a new optional TLV providing checksums.



.  Introduction

    IS-IS CSNPs and PSNPs and IIHs can be corrupted in case of faulty
    implementations of L2 hardware or lack of checksuming on a specific
    network technology.  As a particularly ugly case, corruption of
    length and/or TLV length fields may lead to generation of extensive

Przygienda et al.                Expires 1 Feb 2001                [Page 1]

Internet Draft                    SNP Checksums                     1 Jul 2000

    numbers of "empty" LSPs in the receiving node.  Since we cannot rely
    on authentication as checksum mechanism, this document proposes an
    optional TLV to add checksums to the elements.



.  TLV Description

    The optional TLV MAY BE included in all CSNP, PSNP and IIH packets
    and an implementation that implements optional checksums MUST accept
    PDUs if they do NOT contain the optional checksum.  Implementations
    that receive optional checksum TLV and support it MUST discard the
    PDU if the checksum is incorrect.  An implementation that does NOT
    implement optional checksums MAY accept a PDU that contains the
    checksum TLV. An implementation that supports optional checksums
    and receives it within any other PDU than CSNP, PSNP or IIH MUST
    discard the PDU. Such an implementation MUST discard the PDU as well
    if more than one optional checksum TLVs are included within it.
    Additionally, any implementation supporting optional checksums MUST
    accept PDUs with an optional checksum with the value 0 and consider
    such a checksum as correct.



.  Checksum Computation

    The checksum is a fletcher checksum computed according to iso 8473
    Annex C over the complete PDU.



.  Interaction with TLVs using PDU Data to Compute Signatures

    The implementation MUST either omit the optional checksum on an
    interface or send a 0 checksum value if it includes in the PDU
    signatures that provide equivalent or stronger functionality, such as
    HMAC or MD5, otherwise an implementation that handles such signatures
    but not the optional checksums, may fail to compute the MD5 signature
    on the packet due to the fact that MD5 is computed with checksum
    value set to 0 and only as final step the checksum value is being
    filled in.



.  TLV Format

                   0 1 2 3 4 5 6 7 8 0 1 2 3 4 5 6 7 8
                  +-----------------+-----------------+
                  | TLV Type = 12    |  TLV Length = 2 |
                  +-----------------+-----------------+
                  |        TLV Checksum (16 bits)       |

Przygienda et al.                Expires 1 Feb 2001                  [Page 2]

Internet Draft                    SNP Checksums                     1 Jul 2000

                  +-----------------------------------+



.  Acknowledgments

    Tony Li mentioned the original problem.  Mike Shand provided
    comments.  Somehow related problems with purging on LSP checksum
    errors have been observed by others before.  Nischal Sheth spelled
    out the issues of interaction between MD5 and the optional checksums.



.  Security Consideration

    ISIS security applies to the work presented.  No specific security
    issues as to the new element are known.
References

    [Cal90a]  R. Callon.  OSI ISIS Intradomain Routing Protocol.
              INTERNET-RFC, Internet Engineering Task Force, February
              1990.


    [Cal90b]  R. Callon.  Use of OSI ISIS for Routing in TCP/IP and Dual
              Environments.  INTERNET-RFC, Internet Engineering Task
              Force, December 1990.


    [ISO90]   ISO.  Information Technology - Telecommunications and
              Information Exchange between Systems - Intermediate System
              to Intermediate System Routing Exchange Protocol for
              Use in Conjunction with the Protocol for Providing the
              Connectionless-Mode Network Service.  ISO, 1990.



Authors' Addresses



Tony Przygienda
Redback
 Holger Way
San Jose, CA 95134-1362
(408) 548 9416
prz@redback.com


Przygienda et al.                Expires 1 Feb 2001                  [Page 3]