rfc1504.txt

来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,548 行 · 第 1/5 页

   You can implement many of these optional features on routers that use
   either AURP or RTMP (Routing Table Maintenance Protocol) for
   routing-information propagation.

   Figure 1-1 shows how the three major components of AURP interact.

                 <<Figure 1-1  Major components of AURP>>

   Wide Area Routing Enhancements Provided by AURP

   AURP provides AppleTalk Phase 2-compatible routing for large wide
   area networks (WANs). Key wide area routing enhancements provided by
   AURP include:

      tunneling through TCP/IP internets and other foreign network
      systems

      point-to-point tunneling

      basic security-including device hiding and network hiding

      remapping of remote network numbers to resolve numbering conflicts





Oppenheimer                                                     [Page 6]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993


      internet clustering to minimize routing traffic and routing-
      information storage requirements

      hop-count reduction to allow the creation of larger internets
      improved use of alternate paths through hop-count weighting and
      the designation of backup paths

2.  WIDE AREA APPLETALK CONNECTIVITY

   This chapter describes the wide area connectivity capabilities
   provided by the AppleTalk Update-based Routing Protocol (AURP),
   including:

      AppleTalk tunneling

      tunneling through TCP/IP internets

      tunneling over point-to-point links

   AppleTalk Tunneling

   Tunneling allows a network administrator to connect two or more
   native internets through a foreign network system to form a large
   wide area network (WAN). For example, an AppleTalk WAN might consist
   of two or more native AppleTalk internets connected through a tunnel
   built on a TCP/IP internet. In such an AppleTalk WAN, native
   internets use AppleTalk protocols, while the foreign network system
   uses a different protocol family.

   A tunnel connecting AppleTalk internets functions as a single,
   virtual data link between the internets. A tunnel can be either a
   foreign network system or a point-to-point link. Figure 2-1 shows an
   AppleTalk tunnel.

                     <<Figure 2-1  AppleTalk tunnel>>

   There are two types of tunnels:

      dual-endpoint tunnels, which have only two routers on a tunnel-for
      example, point-to-point tunnels

      multiple-endpoint tunnels-herein referred to as multipoint tunnels-
      which have two or more routers on a tunnel

   AURP implements multipoint tunneling by providing mechanisms for data
   encapsulation and the propagation of routing information to specific
   routers.




Oppenheimer                                                     [Page 7]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993


   Exterior Routers

   An AppleTalk router with a port that connects an AppleTalk internet
   to a tunnel is an exterior router. An exterior router always sends
   split-horizoned routing information to the other exterior routers on
   a multipoint tunnel. That is, an exterior router on a multipoint
   tunnel sends routing information for only its local internet to other
   exterior routers on that tunnel. An exterior router never exports
   routing information obtained from other exterior routers on the
   tunnel, because the exterior routers communicate their own routing
   information to one another.

   As shown in Figure 2-2, the absence or presence of redundant paths,
   or loops, across a tunnel changes the way an exterior router defines
   its local internet. For more information about redundant paths, see
   the section "Redundant Paths" in Chapter 4. If no loops exist across
   a tunnel, an exterior router's local internet comprises all networks
   connected directly or indirectly to other ports on the exterior
   router.  When loops exist across a tunnel, an exterior router's local
   internet comprises only those networks for which the next internet
   router is not across a tunnel. Using this definition of a local
   internet, two exterior routers' local internets might overlap if
   loops existed across a tunnel.  For more information about routing
   loops, see the section "Routing Loops" in Chapter 4.

            <<Figure 2-2  An exterior router's local internet>>

   An exterior router functions as an AppleTalk router within its local
   internet and as an end node in the foreign network system connecting
   AppleTalk internets. An exterior router uses RTMP to communicate
   routing information to its local internet, and uses AURP and the
   network-layer protocol of the tunnel's underlying foreign network
   system to communicate with other exterior routers connected to the
   tunnel. An exterior router encapsulates AppleTalk data packets using
   the headers required by the foreign network system, then forwards the
   packets to another exterior router connected to the tunnel.

   FORWARDING DATA: When forwarding AppleTalk data packets across a
   multipoint tunnel, an exterior router

      encapsulates the AppleTalk data packets in the packets of the
      tunnel's underlying foreign network system by adding the headers
      required by that network system

      adds an AURP-specific header-called a domain header-immediately
      preceding each AppleTalk data packet





Oppenheimer                                                     [Page 8]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993


   A domain header contains additional addressing information-including
   a source domain identifier and destination domain identifier. For
   more information about domain headers, see the sections "AppleTalk
   Data-Packet Format" and "AppleTalk Data-Packet Format for IP
   Tunneling" later in this chapter. For detailed information about
   domain identifiers, see the section "Domain Identifiers" later in
   this chapter.

   Before forwarding a data packet to a network in another exterior
   router's local internet, an exterior router must obtain the foreign-
   protocol address of the exterior router that is the next internet
   router in the path to the packet's destination network. The exterior
   router then sends the packet to that exterior router's foreign-
   protocol address using the network-layer protocol of the foreign
   network system. The exterior router need not know anything further
   about how the packet traverses this virtual data link.

   Once the destination exterior router receives the packet, it removes
   the headers required by the foreign network system and the domain
   header, then forwards the packet to its destination in the local
   AppleTalk internet.

   If the length of an AppleTalk data packet in bytes is greater than
   that of the data field of a foreign-protocol packet, a forwarding
   exterior router must fragment the AppleTalk data packet into multiple
   foreign-protocol packets, then forward these packets to their
   destination. Once the destination exterior router receives all of the
   fragments that make up the AppleTalk data packet, it reassembles the
   packet.

   CONNECTING MULTIPLE TUNNELS TO AN EXTERIOR ROUTER: An exterior router
   can also connect two or more multipoint tunnels. As shown in Figure
   2-3, when an exterior router connects more than one multipoint
   tunnel, the tunnels can be built on any of the following:

      the same foreign network system

      different foreign network systems

      similar, but distinct foreign network systems

     <<Figure 2-3  Connecting multiple tunnels to an exterior router>>

   Whether the tunnels connected to an exterior router are built on
   similar or different foreign network systems, each tunnel acts as an
   independent, virtual data link. As shown in Figure 2-4, an exterior
   router connected to multiple tunnels functions logically as though it
   were two or more exterior routers connected to the same AppleTalk



Oppenheimer                                                     [Page 9]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993


   network, with each exterior router connected to a different tunnel.

     <<Figure 2-4  An exterior router connected to multiple tunnels>>

   Fully Connected and Partially Connected Tunnels

   An AppleTalk multipoint tunnel functions as a virtual data link. AURP
   assumes full connectivity across a multipoint tunnel-that is, all
   exterior routers on such a tunnel can communicate with one another.
   An exterior router always sends split-horizoned routing information
   to other exterior routers on a multipoint tunnel. That is, an
   exterior router on a multipoint tunnel sends routing information for
   only its local internet to other exterior routers on that tunnel. An
   exterior router never exports routing information obtained from other
   exterior routers on the tunnel, because exterior routers communicate
   their routing information to one another.

   If all exterior routers connected to a multipoint tunnel are aware of
   and can send packets to one another, that tunnel is fully connected.
   If some of the exterior routers on a multipoint tunnel are not aware
   of one another, the tunnel is only partially connected. Figure 2-5
   shows examples of a fully connected tunnel, a partially connected
   tunnel, and two fully connected tunnels.

      <<Figure 2-5  Fully connected and partially connected tunnels>>

   In the second example shown in Figure 2-5, the network administrator
   may have connected the tunnel partially for one of these reasons:

      to prevent the local internets connected to exterior routers A and
      C from communicating with one another, while providing full
      connectivity between the local internets connected to exterior
      router

      B and the local internets connected to both exterior routers A and
      C

      because local internets connected to exterior routers A and C need
      access only to local internets connected to exterior router B-not
      to each other's local internets

      because exterior routers A and C-which should be aware of one
      another-were misconfigured

   Generally, an exterior router cannot determine whether a multipoint
   tunnel is fully connected or partially connected. In the second
   example in Figure 2-5, exterior router B does not know whether
   exterior routers A and C are aware of one another. However, exterior



Oppenheimer                                                    [Page 10]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993


   router B must assume that the tunnel is fully connected, and that
   exterior routers A and C can exchange routing information. An
   exterior router should never forward routing information received
   from other exterior routers back across the tunnel. It should always
   send split-horizoned routing information to other exterior routers.

   If connecting exterior routers A and C directly would be either
   expensive or slow, a network administrator could instead establish
   two independent multipoint tunnels-one connecting exterior routers A
   and B, another connecting exterior routers B and C-as shown in the
   third example in Figure 2-5. Exterior routers A and C could then
   establish connectivity by routing all data packets forwarded by one
   to the other through exterior router B.

   Hiding Local Networks From Tunnels

   When configuring a tunneling port on an exterior router, a network
   administrator can provide network-level security to a network in the
   exterior router's local internet by hiding that network. Hiding a
   specific network in the exterior router's local internet prevents
   internets across a multipoint tunnel from becoming aware of the
   presence of that network. When the exterior router exchanges routing
   information with other exterior routers connected to the tunnel, it
   exports no information about any hidden networks to the exterior
   routers from which the networks are hidden.

   An administrator can specify that certain networks in the exterior
   router's local internet be hidden from a specific exterior router
   connected to the tunnel or from all exterior routers on the tunnel.

   Nodes on the local internet of an exterior router from which a
   network is hidden cannot access that network. Neither the zones on a
   hidden network nor the names of devices in those zones appear in the
   Chooser on computers connected to such an internet. When a network is
   hidden, its nodes are also unable to access internets from which the
   network is hidden. If a node on a hidden network sends a packet
   across a tunnel to a node on an internet from which it is hidden,
   even if the packet arrives at its destination, the receiving node
   cannot respond. The exterior router connected to the receiving node's
   internet does not know the return path to the node on the hidden
   network. Thus, it appears to the node on the hidden network that the
   node to which it sent the packet is inaccessible.

   ADVANTAGES AND DISADVANTAGES OF NETWORK HIDING: Network hiding
   provides the following advantages:

      On large, global WANs, a network administrator can configure
      network-level security for an organization's internets.



Oppenheimer                                                    [Page 11]

RFC 1504        Appletalk Update-Based Routing Protocol      August 1993