rfc2998.A Framework for Integrated Services Operation over Diffserv Networks

24端口简单网管型快速以太网交换机主要技术规范如下表：24口 10/100M 二层全网管交换机主要技术规范如下表：产品名 24口 10/100M 二层全网管交换机订货号FSM726v3网络协议和标准∙IEEE 802.3 10BASET∙IEEE 802.3u 100BASETX IEEE 802.3z 1000BASEX∙IEEE 802.3ab 1000BASET∙IEEE 802.3x flow control二层服务∙IEEE 802.1Q 静态VLAN（最大512）∙IEEE 802.1p 服务类别（CoS）∙IEEE 802.1D 生成树协议∙基于MAC地址VLAN∙Voice VLAN∙Guest VLAN∙基于IP子网VLAN∙IEEE 802.1v 协议VLAN和端口VLAN∙IEEE 802.1w 快速生成树协议∙IEEE 802.1s 多域生成树协议∙IEEE 802.3ad 链路聚合（静态，LACP）∙IGMP 查询器∙IGMP v1，v2，v3 侦听支持∙静态组播过滤∙网络风暴保护，包括广播，组播和单播流量∙粒度 1Kbps 的入端口流量控制∙Double VLAN（QInQ）∙MLDv1，v2 Snooping三层服务∙ARP缓存安全服务∙IEEE 802.1x 端口访问验证∙网络风暴保护，包括广播，组播和单播流量∙端口保护∙私有 VLAN组∙MAC 过滤∙端口安全∙DoS∙DHCP Snooping∙IP Source Guard∙动态 ARP 检测∙RADIUS（RFC 2865）∙RADIUS Accounting∙TACACS+∙Access control lists∙MAC,IP,TCP∙Diffserv QoS（RFC2998）交换机管理规范∙SNMP v1,v2c,v3 with multiple IP addresses∙RFC1157，19011910，2574，2575∙RFC768 UDP∙RFC 854859 telnet∙RFC 951 BootP∙RFC1213 MIB II∙RFC1757 RMON 组1 、2 、3和9∙RFC 1215 SNMP traps∙RFC1493 Bridge MIB∙RFC1643 以太网接口MIB∙RFC 1534 DHCP and BOOTP interoperation∙RFC 2030简单网络时间协议（SNTP）∙RFC 2131，2132 DHCP and BOOTP∙Private enterprise MIB∙端口镜像（多对一）∙CPU 流量监控∙SYSLOG∙通过 TFTP、HTTP、SCP 或本地 USB 存储进行固件升级∙端口描述∙IEEE 802.1ab Link Layer Discovery Protocol（LLDP）∙ANSI/TIA1057 LLDP Media Endpoint Discovery（LLDPMED）∙DHCP Server∙DHCP/BOOTP 中继（RFC 3046,Option 82）∙DHCP 二层中继∙DNS缓存单一IP管理（固件版本7.3以上）∙管理多达48台全网管交换机∙可以在下列型号使用该特性：∙FSM726E，FSM7226RS，FSM7250RS∙FSM7328S,FSM7352S,FSM7328PS,FSM7352PS ∙GSM7224R,GSM7248R∙GSM7328S,GSM7328FS,GSM7352S∙FSM726v3∙GSM7224v2,GSM7248v2用户界面∙通过控制台端口登录提供命令菜单界面∙通过具 Secured Sockets Layer（SSLv3）或 Transport LayerSecurity（TLSv1）的嵌入式 HTTP 服务器保护的 WEB ProSafe Control Center 管理（HTTPS）∙通过具 Secured Shell（SSH v1.5,v2）安全的 Telnet 远程登录（5sessions）指示灯∙每端口：速度、连接、活动∙每交换机：电源、风扇状态物理接口∙24个 10/100M 铜缆 RJ45 端口（所有端口均自动适应，自动上联）∙2个1000M 光电复用口（RJ45 和 SFP）∙RS232 控制口性能规范∙转发模式：存储和转发∙带宽：8.8Gbps∙包转发率：6.5Mpps∙交换延迟：64字节帧延迟不到80微秒∙系统内存：128MB∙数据包缓冲内存：1MB FLASH：32M∙MAC地址大小：8K∙VLAN数量：512（ID 14093）∙链路聚合数量：24∙QoS队列数：8∙巨帧支持：最大 9K 包大小∙组播组数量：256电源规格∙功耗：最大15瓦∙电压：100 240 V AC/5060 Hz 通用电源输入物理规格∙尺寸：440 x 205 x 43 毫米（17.32 x 8.1 x 1.7 英寸）∙重量：2.8 公斤（6.1磅）∙噪声：（ANSI－S10.12）36.6dB∙风扇转速：根据热量控制，最高 6000RPM∙散热：50 Btu/hr∙平均无故障时间：562,110小时（约64年）∙热量感应器环境规范∙工作温度：5° 50°C（23°131°F）∙存放温度：20°70°C（4°158°F）∙工作湿度：最大相对湿度90% ，无冷凝∙存放湿度：最大相对湿度95% ，无冷凝∙工作高度：最大10，000 英尺（3，000 米）∙存放高度：最大10，000 英尺（3，000 米）辐射∙CE 标志，商业，∙FCC Part 15 Class A ，∙VCCI Class A ，∙EN 55022（CISPR 22），Class A ，∙CTick电磁免疫∙EN 500821∙EN 55024安全∙CE 标志，商业∙CSA 认证（CSA 22.2 #950）∙UL 列表（UL 1950）∙CUL IEC950/EN60950∙EN 60950保修 1 年包装内容∙二层全网管交换机（FSM726v3）∙电源线∙空 Modem 线（控制线）∙用于放置桌面时使用的橡皮胶垫∙机架配件∙快速安装指南∙带用户手册的资源 CD∙ProSafe NMS100 30天试用版 CD∙支持/保修信息卡相关产品∙1000 BASESX SFP GBIC（AGM731F）∙1000 BASELX SFP GBIC（AGM732F）∙1000 BASEZX SFP GBIC（AGM733）∙NMS100 网络管理软件。

Callon Page i Use of OSI IS-IS for Routing in TCP/IP and DualEnvironmentsStatus of this MemoThis RFC specifies a protocol on the IAB Standards Track for the internet community, and re-quests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distri-bution of this memo is unlimited.AbstractThis RFC specifies an integrated routing protocol, based on the OSI Intra-Domain IS-IS Routing Protocol, which may be used as an interior gateway protocol (IGP) to support TCP/IP as well as OSI. This allows a single routing protocol to be used to support pure IP environments, pure OSI environments, and dual environments. This specification was developed by the IS-IS working group of the Internet Engineering Task Force.The OSI IS-IS protocol has reached a mature state, and is ready for implementation and opera-tional use. The most recent version of the OSI IS-IS protocol is contained in ISO DP 10589 [1].The proposed standard for using IS-IS for dual routing will therefore make use of this version (with a minor bug correction, as discussed in Annex B). We expect that future versions of this proposed standard will upgrade to the final International Standard version of IS-IS when avail-able.Comments should be sent to “isis@”.Contents1Introduction: Overview of the Protocol (1)1.1What the Integrated IS−IS offers .......................................................................................................11.2Overview of the ISO IS−IS Protocol .................................................................................................21.3Overview of the Integrated IS−IS ......................................................................................................51.4Support of Mixed Routing Domains..................................................................................................7Ross W. Callon Digital Equipment CorporationDecember, 1990Network Working GroupRequest for Comments: 11951.5Advantages of Using Integrated IS−IS (7)2Symbols and Abbreviations (9)3Subnetwork Independent Functions (10)3.1Exchange of Routing Information (10)3.2Hierarchical Abbreviation of IP Reachability Information (11)3.3Addressing Routers in IS−IS Packets (14)3.4External Links (16)3.5Type of Service Routing (17)3.6Multiple LSPs and SNPs (17)3.7IP−Only Operation (18)3.8Encapsulation (18)3.9Authentication (19)3.10Order of Preference of Routes / Dijkstra Computation (19)4Subnetwork Dependent Functions (22)4.1Link Demultiplexing (22)4.2Multiple IP Addresses per Interface (23)4.3LANs, Designated Routers, and Pseudonodes (23)4.4Maintaining Router Adjacencies (24)4.5Forwarding to Incompatible Routers (25)5Structure and Encoding of PDUs (25)5.1Overview of IS−IS PDUs (25)5.2Overview of IP−Specific Information for IS−IS (26)5.3Encoding of IP−Specific Fields in IS−IS PDUs (28)6Security Considerations (38)7Author’s Address (39)8References (39)A Inter-Domain Routing Protocol Information (40)A.1Inter-Domain Information Type (40)A.2Encoding (40)B Encoding of Sequence Number Packets (42)Callon Page iiB.1Level 1 Complete Sequence Numbers PDU (43)B.2Level 2 Complete Sequence Numbers PDU (45)B.3Level 1 Partial Sequence Numbers PDU (47)B.4Level 2 Partial Sequence Numbers PDU (49)C Dijkstra Calculation and Forwarding (51)C.1SPF Algorithm for IP and Dual Use (51)C.2Forwarding of IP packets (57)D Use of the Authentication Field (62)D.1Authentication Field in IS-IS packets (62)D.2Authentication Type 1 - Simple Password (62)E Interaction of the Integrated IS-IS with Brouters (64)E.1The Problem (64)E.2Possible Solutions (65)Figures1ISO Hierarchical Address Structure (3)2An Example (13)3Encoding of Variable Length Fields (27)Callon Page iii1 Introduction: Overview of the ProtocolThe TCP/IP protocol suite has been growing in importance as a multi-vendor communications architecture. With the anticipated emergence of OSI, we expect coexistence of TCP/IP and OSI to continue for an extended period of time. There is a critical need for routers to support both IP traffic and OSI traffic in parallel.There are two main methods that are available for routing protocols to support dual OSI and IP routers. One method, known as “Ships in the Night”, makes use of completely independent rout-ing protocols for each of the two protocol suites. This specification presents an alternate ap-proach, which makes use of a single integrated protocol for interior routing (i.e., for calculating routes within a routing domain) for both protocol suites.This integrated protocol design is based on the OSI Intra-domain IS-IS routing protocol [1], with IP-specific functions added. This RFC is considered a companion to the OSI IS-IS Routing spec, and will only describe the required additional features.By supporting both IP and OSI traffic, this integrated protocol design supports traffic to IP hosts, OSI end systems, and dual end systems. This approach is “integrated” in the sense that the IS-IS protocol can be used to support pure-IP environments, pure-OSI environments, and dual environ-ments. In addition, this approach allows interconnection of dual (IP and OSI) routing domains with other dual domains, with IP-only domains, and with OSI-only domains.The protocol specified here is based on the work of the IETF IS-IS working group.1.1 What the Integrated IS-IS offersThe integrated IS-IS provides a single routing protocol which will simultaneously provide an effi-cient routing protocol for TCP/IP, and for OSI. This design makes use of the OSI IS-IS routing protocol, augmented with IP-specific information. This design provides explicit support for IP subnetting, variable subnet masks, TOS-based routing, and external routing. There is provision for authentication information, including the use of passwords or other mechanisms. The precise form of authentication mechanisms (other than passwords) is outside of the scope of this docu-ment.Both OSI and IP packets are forwarded “as is” — i.e., they are transmitted directly over the un-derlying link layer services without the need for mutual encapsulation. The integrated IS-IS is a dynamic routing protocol, based on the SPF (Dijkstra) routing algorithm.The protocol described in this specification allows for mixing of IP-only, OSI-only, and dual (IP and OSI) routers, as defined below.An IP-only IS-IS router (or “IP-only” router) is defined to be a router which: (i) Uses IS-IS as the routing protocol for IP, as specified in this report; and (ii) Does not otherwise support OSI proto-cols. For example, such routers would not be able to forward OSI CLNP packets.Callon Page 1An OSI-only router is defined to be a router which uses IS-IS as the routing protocol for OSI, as specified in [1]. Generally, OSI-only routers may be expected to conform to OSI standards, and may be implemented independent of this specification.A dual IS-IS router (or “dual” router) is defined to be a router which uses IS-IS as a single inte-grated routing protocol for both IP and OSI, as specified in this report.This approach does not change the way that IP packets are handled. IP-only and dual routers are required to conform to the requirements of Internet Gateways [4]. The integrated IS-IS protocol described in this report outlines an Interior Gateway Protocol (IGP) which will provide routing within a TCP/IP routing domain (i.e., autonomous system). Other aspects of router functionality (e.g., operation of ICMP, ARP, EGP, etc.) are not affected by this proposal.Similarly, this approach does not change the way that OSI packets are handled. There will be no change at all to the contents nor to the handling of ISO 8473 Data packets and Error Reports, nor to ISO 9542 Redirects and ES Hellos. ISO 9542 IS Hellos transmitted on LANs are similarly unchanged. ISO 9542 IS Hellos transmitted on point-to-point links are unchanged except for the addition of IP-related information. Similarly, other OSI packets (specifically those involved in the IS-IS intra-domain routing protocol) remain unchanged except for the addition of IP-related information.This approach makes use of the existing IS-IS packets, with IP-specific fields added. Specifically: (i) authentication information may be added to all IS-IS packets; (ii) the protocols supported by each router, as well as each router’s IP addresses, are specified in ISO 9542 IS Hello, IS-IS Hello and Link State Packets; (iii) internally reachable IP addresses are specified in all Link State Pack-ets; and (iv) externally reachable IP addresses, and external routing protocol information, may be specified in level 2 Link State Packets. The detailed encoding and interpretation of this informa-tion is specified in sections 3, 4, and 5 of this RFC.The protocol described in this report may be used to provide routing in an IP-only routing do-main, in which all routers are IP-only. Similarly, this protocol may be used to provide routing in a pure dual domain, in which all routers are dual. Finally, this protocol may be used to provide routing in a mixed domain, in which some routers are IP-only, some routers are OSI-only, and some routers are dual. The specific topological restrictions which apply in this latter case are de-scribed in detail in section 1.4 (“Support of Mixed Routing Domains”). The use of IS-IS for sup-port of pure OSI domains is specified in [1].This protocol specification does not constrain which network management protocol(s) may be used to manage IS-IS-based routers. Management information bases (MIBs) for managing IP-only, OSI-only, and dual routers, compatible with CMIP, CMOT, and/or SNMP, are the subject of a separate, companion document [8].1.2 Overview of the ISO IS-IS ProtocolThe IS-IS Routing Protocol has been developed in ISO to provide routing for pure OSI environ-ments. In particular, IS-IS is designed to work in conjunction with ISO 8473 (The ISO Connec-tionless Network Layer Protocol [2]), and ISO 9542 (The ISO End System to Intermediate Sys-Callon Page 2tem Protocol [3]). This section briefly describes the manner in which IS-IS is used to support pure OSI environments. Enhancements for support of IP and dual environments are specified elsewhere in this report.In IS-IS, the network is partitioned into “routing domains”. The boundaries of routing domains are defined by network management, by setting some links to be “exterior links”. If a link is marked as “exterior”, no IS-IS routing messages are sent on that link.Currently, ISO does not have a standard for inter-domain routing (i.e., for routing between sepa-rate autonomous routing domains). Instead, manual configuration is used. The link is statically configured with the set of address prefixes reachable via that link, and with the method by which they can be reached (such as the DTE address to be dialed to reach that address, or the fact that the DTE address should be extracted from the IDP portion of the ISO address).OSI IS-IS routing makes use of two-level hierarchical routing. A routing domain is partitioned into “areas”. Level 1 routers know the topology in their area, including all routers and end sys-tems in their area. However, level 1 routers do not know the identity of routers or destinations outside of their area. Level 1 routers forward all traffic for destinations outside of their area to a level 2 router in their area. Similarly, level 2 routers know the level 2 topology, and know which addresses are reachable via each level 2 router. However, level 2 routers do not need to know the topology within any level 1 area, except to the extent that a level 2 router may also be a level 1 router within a single area. Only level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains.As illustrated in figure 1, ISO addresses are subdivided into the Initial Domain Part (IDP), and the Domain Specific Part (DSP). The IDP is the part which is standardized by ISO, and specifies the format and authority responsible for assigning the rest of the address. The DSP is assigned by whatever addressing authority is specified by the IDP. The DSP is further subdivided into a “High Order Part of DSP” (HO-DSP), a system identifier (ID), and an NSAP selector (SEL). The HO-DSP may use any format desired by the authority which is identified by the IDP. Together, the combination of [IDP, HO-DSP] identify both the routing domain and the area within the rout-ing domain. The combination of [IDP,HO-DSP] may therefore be referred to as the “Area Ad-dress”.Callon Page 3Usually, all nodes in an area have the same area address. However, sometimes an area might have multiple addresses. Motivations for allowing this are:-It might be desirable to change the address of an area. The most graceful way of changing an area from having address A to having address B is to first allow it to have both addresses A and B, and then after all nodes in the area have been modified to recognize both addresses, then one by one the nodes can be modified to “forget” address A.-It might be desirable to merge areas A and B into one area. The method for accomplishing this is to, one by one, add knowledge of address B into the A partition, and similarly add knowledge of address A into the B partition.-It might be desirable to partition an area C into two areas, A and B (where “A” might equal “C”, in which case this example becomes one of removing a portion of an area). This would be accomplished by first introducing knowledge of address A into the appropriate nodes (those destined to become area A), and knowledge of address B into the appropriate nodes, and then one by one removing knowledge of address C.Since OSI addressing explicitly identifies the area, it is very easy for level 1 routers to identify packets going to destinations outside of their area, which need to be forwarded to level 2 routers. In IS-IS, there are two types of routers:-Level 1 intermediate systems — these nodes route based on the ID portion of the ISO ad-dress. They route within an area. They recognize, based on the destination address in a packet, whether the destination is within the area. If so, they route towards the destination. If not, they route to the nearest level 2 router.-Level 2 intermediate systems — these nodes route based on the area address (i.e., on the combination of [IDP, HO-DSP]). They route towards areas, without regard to the internal structure of an area. A level 2 IS may also be a level 1 IS in one area.A level 1 router will have the area portion of its address manually configured. It will refuse to become a neighbor with a node whose area addresses do not overlap its area addresses. However, if level 1 router has area addresses A, B, and C, and a neighbor has area addressesB and D, then the level 1 router will accept the other node as a neighbor.A level 2 router will accept another level 2 router as a neighbor, regardless of area address. How-ever, if the area addresses do not overlap, the link would be considered by both routers to be “level 2 only”, and only level 2 LSPs would flow on the link. External links (to other routing domains) must be from level 2 routers.IS-IS provides an optional partition repair function. In the unlikely case that a level 1 area be-come partitioned, this function, if implemented, allows the partition to be repaired via use of level 2 routes.IS-IS requires that the set of level 2 routers be connected. Should the level 2 backbone become partitioned, there is no provision for use of level 1 links to repair a level 2 partition.Callon Page 4In unusual cases, a single level 2 router may lose connectivity to the level 2 backbone. In this case the level 2 router will indicate in its level 1 LSPs that it is not “attached”, thereby allowing level 1 routers in the area to route traffic for outside of the domain to a different level 2 router. Level 1 routers therefore route traffic to destinations outside of their area only to level 2 routers which indicate in their level 1 LSPs that they are “attached”.An end system may autoconfigure the area portion of its address by extracting the area portion of a neighboring router’s address. If this is the case, then an endnode will always accept a router as a neighbor. Since the standard does not specify that the end system MUST autoconfigure its area address, an end system may be configured with an area address. In this case the end system would ignore router neighbors with non-matching area addresses.Special treatment is necessary for broadcast subnetworks, such as LANs. This solves two sets of issues: (i) In the absence of special treatment, each router on the subnetwork would announce a link to every other router on the subnetwork, resulting in n-squared links reported; (ii) Again, in the absence of special treatment, each router on the LAN would report the same identical list of end systems on the LAN, resulting in substantial duplication.These problems are avoided by use of a “pseudonode”, which represents the LAN. Each router on the LAN reports that it has a link to the pseudonode (rather than reporting a link to every other router on the LAN). One of the routers on the LAN is elected “designated router”. The designated router then sends out an LSP on behalf of the pseudonode, reporting links to all of the routers on the LAN. This reduces the potential n-squared links to n links. In addition, only the pseudonode LSP includes the list of end systems on the LAN, thereby eliminating the potential duplication (for further information on designated routers and pseudonodes, see [1]).The IS-IS provides for optional Quality of Service (QOS) routing, based on throughput (the de-fault metric), delay, expense, or residual error probability. This is described in greater detail in section 3.5, and in [1].1.3 Overview of the Integrated IS-ISThe integrated IS-IS allows a single routing protocol to be used to route both IP and OSI packets. This implies that the same two-level hierarchy will be used for both IP and OSI routing. Each area will be specified to be either IP-only (only IP traffic can be routed in that particular area), OSI-only (only OSI traffic can be routed in that area), or dual (both IP and OSI traffic can be routed in the area).This proposal does not allow for partial overlap of OSI and IP areas. For example, if one area is OSI-only, and another area is IP-only, then it is not permissible to have some routers be in both areas. Similarly, a single backbone is used for the routing domain. There is no provision for inde-pendent OSI and IP backbones.Similarly, within an IP-only or dual area, the amount of knowledge maintained by routers about specific IP destinations will be as similar as possible as for OSI. For example, IP-capable level 1 routers will maintain the topology within the area, and will be able to route directly to IP destina-tions within the area. However, IP-capable level 1 routers will not maintain information aboutCallon Page 5destinations outside of the area. Just as in normal OSI routing, traffic to destinations outside of the area will be forwarded to the nearest level 2 router. Since IP routes to subnets, rather than to specific end systems, IP routers will not need to keep nor distribute lists of IP host identifiers (note that routes to hosts can be announced by using a subnet mask of all ones).The IP address structure allows networks to be partitioned into subnets, and allows subnets to be recursively subdivided into smaller subnets. However, it is undesireable to require any specific relationship between IP subnet addresses and IS-IS areas. For example, in many cases, the dual routers may be installed into existing environments, which already have assigned IP and/or OSI addresses. In addition, even if IP addresses are not already pre-assigned, the address limitations of IP constrain what addresses may be assigned. We therefore will not require any specific rela-tionship between IP addresses and the area structure. The IP addresses can be assigned com-pletely independently of the OSI addresses and IS-IS area structure. As will be described in sec-tion 3.2 (“Hierarchical Abbreviation of IP Reachability Information”), greater efficiency and scaling of the routing algorithm can be achieved if there is some correspondence between the IP address assignment structure and the area structure.Within an area, level 1 routers exchange link state packets which identify the IP addresses reach-able by each router. Specifically, zero or more [IP address, subnet mask, metric] combinations may be included in each Link State Packet. Each level 1 router is manually configured with the [IP address, subnet mask, metric] combinations which are reachable on each interface. A level 1 router routes as follows:-If a specified destination address matches an [IP address, subnet mask, metric] reachable within the area, the packet is routed via level 1 routing.-If a specified destination address does not match any [IP address, subnet mask, metric] com-bination listed as reachable within the area, the packet is routed towards the nearest level 2 router.Flexible use of the limited IP address space is important in order to cope with the anticipated growth of IP environments. Thus an area (and by implication a routing domain) may simultane-ously make use of a variety of different address masks for different subnets in the area (or do-main). Generally, if a specified destination address matches more than one [IP address, subnet mask] pair, the more specific address is the one routed towards (the one with more "1" bits in the mask — this is known as "best match" routing).Level 2 routers include in their level 2 LSPs a complete list of [IP address, subnet mask, metric] specifying all IP addresses reachable in their area. As described in section 3, this information may be obtained from a combination of the level 1 LSPs (obtained from level 1 routers in the same area), and/or by manual configuration. In addition, Level 2 routers may report external reachabil-ity information, corresponding to addresses which can be reached via routers in other routing do-mains (autonomous systems)Default routes may be announced by use of a subnet mask containing all zeroes. Default routes should be used with great care, since they can result in “black holes”. Default routes are permit-Callon Page 6ted only at level 2 as external routes (i.e., included in the "IP External Reachability Information" field, as explained in sections 3 and 5). Default routes are not permitted at level 1.The integrated IS-IS provides optional Type of Service (TOS) routing, through use of the QOS feature from IS-IS.1.4 Support of Mixed Routing DomainsThe integrated IS-IS proposal specifically allows for three types of routing domains:-Pure IP-Pure OSI-DualIn a pure IP routing domain, all routers must be IP-capable. IP-only routers may be freely mixed with dual routers. Some fields specifically related to OSI operation may be included by dual rout-ers, and will be ignored by IP-only routers. Only IP traffic will be routed in an pure IP domain. Any OSI traffic may be discarded (except for the IS-IS packets necessary for operation of the routing protocol).In a pure OSI routing domain, all routers must be OSI-capable. OSI-only routers may be freely mixed with dual routers. Some fields specifically related to IP operation may be included by dual routers, and will be ignored by OSI-only routers. Only OSI traffic will be routed in a pure OSI domain. Any IP traffic may be discarded.In a dual routing domain, IP-only, OSI-only, and dual routers may be mixed on a per-area basis. Specifically, each area may itself be defined to be pure IP, pure OSI, or dual.In a pure IP area within a dual domain, IP-only and dual routers may be freely mixed. Only IP traffic can be routed by level 1 routing within a pure-IP area.In a pure-OSI area within a dual domain, OSI-only and dual routers may be freely mixed. Only OSI traffic can be routed by level 1 routing within a pure OSI area.In a dual area within a dual routing domain only dual routers may be used. Both IP and OSI traf-fic can be routed within a dual area.Within a dual domain, if both IP and OSI traffic are to be routed between areas then all level 2 routers must be dual.1.5 Advantages of Using Integrated IS-ISUse of the integrated IS-IS protocol, as a single protocol for routing both IP and OSI packets in a dual environment, has significant advantages over using separate protocols for independently routing IP and OSI traffic.Callon Page 7An alternative approach is known as “Ships In the Night” (S.I.N.). With the S.I.N. approach, completely separate routing protocols are used for IP and for OSI. For example, OSPF [5] may be used for routing IP traffic, and IS-IS [1] may be used for routing OSI traffic. With S.I.N., the two routing protocols operate more or less independently. However, dual routers will need to imple-ment both routing protocols, and therefore there will be some degree of competition for re-sources.Note that S.I.N. and the integrated IS-IS approach are not really completely separate options. In particular, if the integrated IS-IS is used within a routing domain for routing of IP and OSI traffic, it is still possible to use other independent routing protocols for routing other protocol suites.In the future, optional extensions to IS-IS may be defined for routing other common protocol suites. However, such future options are outside of the scope of this document. This section will compare integrated IS-IS and S.I.N. for routing of IP and OSI only.A primary advantage of the integrated IS-IS relates to the network management effort required. Since the integrated IS-IS provides a single routing protocol, within a single coordinated routing domain using a single backbone,, this implies that there is less information to configure. This combined with a single coordinated MIB simplifies network management.Note that the operation of two routing protocols with the S.I.N. approach are not really independ-ent, since they must share common resources. However, with the integrated IS-IS, the interac-tions are explicit, whereas with S.I.N., the interactions are implicit. Since the interactions are ex-plicit, again it may be easier to manage and debug dual routers.Another advantage of the integrated IS-IS is that, since it requires only one routing protocol, it uses fewer resources. In particular, less implementation resources are needed (since only one pro-tocol needs to be implemented), less CPU and memory resources are used in the router (since only one protocol needs to be run), and less network resources are used (since only one set of routing packets need to be transmitted). Primarily this translates into a financial savings, since each of these three types of resources cost money. This implies that dual routers based on the integrated IS-IS should be less expensive to purchase and operate than dual routers based on S.I.N.Note that the operation of two routing protocols with the S.I.N. approach are not really independ-ent, since they must share common resources. For example, if one routing protocol becomes un-stable and starts to use excessive resources, the other protocol is likely to suffer. A bug in one protocol could crash the other. However, with the integrated IS-IS, the interactions are explicit and are defined into the protocol and software interactions. With S.I.N., the interactions are im-plicit.The use of a single integrated routing protocol similarly reduces the likely frequency of software upgrades. Specifically, if you have two different routing protocols in your router, then you have to upgrade the software any time EITHER of the protocols change. If you make use of a single integrated routing protocol, then software changes are still likely to be needed, but less fre-quently.Callon Page 8。

学习网络常用的RFC文档的名称双语RFC --RFC中英文对照版rfc1050中文版-远程过程调用协议规范rfc1055中文版-在串行线路上传输IP数据报的非标准协议rfc1057中文版-RFC:远程过程调用协议说明第二版rfc1058中文版-路由信息协议（Routing Information Protocol）rfc1073中文版-RFC1073 Telnet窗口尺寸选项rfc1075中文版-远距离矢量多播选路协议rfc1088中文版-在NetBIOS网络上传输IP数据报的标准rfc1090中文版-SMTP在X.25上rfc1091中文版-TELNET终端类型选项rfc1094中文版-RFC1094 网络文件系统协议rfc1096中文版-Telnet X显示定位选项rfc1097中文版-Telnet潜意识-信息选项rfc1112中文版-主机扩展用于IP多点传送rfc1113中文版-Internet电子邮件保密增强：Part1-消息编码和鉴别过程rfc1132中文版-802．2分组在IPX网络上传输的标准rfc1144中文版-低速串行链路上的TCP/IP头部压缩rfc1155中文版-基于TCP/IP网络的管理结构和标记rfc1191中文版-RFC1191 路径MTU发现rfc1332中文版-RFC1332 端对端协议网间协议控制协议（IPCP）rfc1333中文版-PPP 链路质量监控rfc1334中文版-PPP 身份验证协议rfc1387中文版-RIP（版本2）协议分析rfc1388中文版-RIP协议版本2rfc1433中文版-直接ARPrfc1445中文版-SNMPv2的管理模型rfc1582中文版-扩展RIP以支持按需链路rfc1618中文版-ISDN上的PPP(点对点)协议rfc1661中文版-RFC1661 PPP协议rfc1723中文版-路由信息协议（版本2）rfc1738中文版-统一资源定位器（URL）rfc1769中文版-简单网络时间协议( SNTP)rfc1771中文版-边界网关协议版本4（BGP-4）rfc1827中文版-IP封装安全载荷（ESP）rfc1883中文版-Internet协议，版本6（IPv6）说明书rfc1939中文版-POP3协议rfc1945中文版-超文本传输协议 -- HTTP/1.0rfc1994中文版-PPP挑战握手认证协议(CHAP)rfc1997中文版-RFC1997 BGP团体属性rfc2002中文版-IP移动性支持rfc204中文版-利用报路rfc2105中文版-Cisco 系统的标签交换体系结构纵览rfc2281中文版-Cisco热备份路由协议（）rfc2283中文版-BGP-4的多协议扩展rfc2326中文版-实时流协议(RTSP)rfc2328中文版-OSPF版本2rfc2516中文版-在以太网上传输PPP的方法（PPPoE）rfc2526中文版-IPv6保留的子网任意传送地址rfc2547中文版-BGP/MPLS VPNsrfc2616中文版-超文本传输协议——HTTP/1.1rfc2702中文版-基于MPLS的流量工程要求rfc2706中文版-RFC2706—电子商务域名标准rfc2756中文版-超文本缓存协议(HTCP/0.0)rfc2764中文版-IP VPN的框架体系rfc2773中文版-使用KEA和SKIPJACK加密rfc2774中文版-HTTP扩展框架rfc2781中文版-UTF-16, 一种ISO 10646的编码方式rfc2784中文版-通用路由封装rfc2793中文版-用于文本交谈的RTP负载rfc2796中文版-BGP路由反射rfc2917中文版-核心 MPLSIP VPN 体系结构rfc2918中文版-BGP-4（边界网关协议）的路由刷新功能rfc2923中文版-TCP的路径MTU发现问题rfc3003中文版-Audio/mpeg 媒体类型rfc3005中文版-IETF 讨论列表许可证rfc3007中文版-安全的域名系统动态更新rfc3018中文版-统一内存空间协议规范rfc3022中文版-传统IP网络地址转换（传统NAT）rfc3032中文版-RFC3032 MPLS标记栈编码rfc3033中文版-用于Internet协议的信息域和协议标识符在Q.2941类属标识符和Q.2957 User-to-user信令中的分配rfc3034中文版-标签转换在帧中继网络说明书中的使用rfc3037中文版-RFC3037 标记分配协议的适用范围（RFC3037 LDP Applicability）rfc3058中文版-IDEA加密算法在CMS上的使用rfc3059中文版-服务定位协议的属性列表扩展rfc3061中文版-对象标识符的一种URN姓名空间rfc3062中文版-LDAP口令修改扩展操作rfc3063中文版-MPLS（多协议标签交换）环路预防机制rfc3066中文版-语言鉴定标签rfc3067中文版-事件对象描述和转换格式要求rfc3069中文版-VLAN聚合实现IP地址有效分配rfc3070中文版-基于帧中继的第二层隧道协议rfc3072中文版-结构化数据交换格式rfc3074中文版-DHCP 负载平衡算法rfc3078中文版-RFC3078微软点到点加密(MPPE)协议rfc3081中文版-将区块扩展交换协议（BEEP）核心映射到传输控制协议（TCP）rfc3083中文版-遵循DOCSIS的Cable Modem和CMTS的PBI 的管理信息数据库rfc3085中文版-新闻型标记语言（NewsML）资源的URN名字空间rfc3090中文版-域名系统在区域状况下的安全扩展声明rfc3091中文版-Pi数字生成协议rfc3093中文版-防火墙增强协议rfc3550中文版-RTP：实时应用程序传输协议rfc457中文版-TIPUGrfc697中文版-FTP的CWD命令rfc698中文版-TELNET扩展ASCII选项rfc775中文版-面向目录的 FTP 命令rfc779中文版-TELNET的SEND-LOCATION选项rfc792中文版-RFC792- Internet控制信息协议（ICMP）rfc821中文版-RFC821 简单邮件传输协议（SMTP）rfc826中文版-以太网地址转换协议或转换网络协议地址为48比特以太网地址用于在以太网硬件上传输rfc854中文版-TELNET协议规范rfc855中文版-TELNET选项规范rfc856中文版-RFC856 TELNET二进制传输rfc857中文版-RFC 857 TELNET ECHO选项rfc858中文版-RFC 858 TELNET SUPPRESS GO AHEAD选项rfc859中文版-RFC 859 TELNET的STATUS选项rfc860中文版-RFC 860 TELNET TIMING MARK选项rfc861中文版-RFC 861 TELNET扩展选项-LISTrfc862中文版-RFC 862 Echo 协议rfc868中文版-RFC868 时间协议rfc894中文版-IP 数据包通过以太网网络传输标准rfc903中文版-反向地址转换协议rfc930中文版-Telnet终端类型选项（RFC930——T elnet Terminal Type Option）rfc932中文版-子网地址分配方案rfc937中文版-邮局协议 (版本2)rfc948中文版-IP数据报通过IEEE802.3网络传输的两种方法rfc949中文版-FTP 未公开的独特命令rfc951中文版-引导协议(BOOTP)rfc962中文版-TCP-4 的最初rfc974中文版-邮件路由与域名系统rfc975中文版-自治联邦。

CS-SD考试参考c 1. （单选）为了解决技术问题而引发的软件补丁实施操作，应该选择以下哪类SR TypeA. RFC-Software UpdateB. RFC-Software UpgradeC. RFC-Solution ImplementationD. CS- Technical Requestabcd 2. （多选）技术审批环节，审批人员需从技术角度对实施方案进行评审，重点关注：（）A. 方案与客户网络是否匹配B. 实施步骤是否合理C. 倒回措施是否完备D. 操作时间是否合理及操作风险abcd 3. （多选）以下场景建议不进行网络变更操作：（）A. 同一局点、同一时间已计划了其他网络变更操作B. 近期发生重大事故C. 客户网络所在地有重大政治/国际会议召开D. 市场部有重大合同签订abcdeg 4. （多选）对于软件更新实施SR，在创建SR时，以下哪些信息是必填的A. 客户组织B. ProductC. RevisionD. RFC Target RevisionE. SR OwnerF. SR GroupG. RFC Plan End Datec 5. （单选）从哪里可以下载流程文件和指导书？A. Support网站B. 3MS-DocumentC. W3-PDMCD. iLearningf 6. （判断）软件更新实施流程范围包含了为解决现网问题而进行的补丁安装操作对错abd 7. （多选）值守方案需至少包含以下几个关键内容：（）A. XX产品值守checklistB. 网络应急预案C. 客户责任人值班表D. 值守管理要求a 8. （单选）对于RFC-Application任务，任务Owner应该将任务分派给A. 运营经理/CS经理B. TDC. NSED. PSEb 9. （单选）系统自动创建的RFC Task默认的Owner为A. RFC SR OwnerB. RFC SR创建人C. TLD. ODd 10. （单选）对于整改，责任人需要根据整改实施计划，统计整改所需的人力及物料并通过（）进行整改物料的申请。

网络安全管理（中级）习题库（含答案）一、单选题（共80题，每题1分，共80分）1、在支持分布式对象访问的桩/框架（Stub/Skeleton）结构中，桩/框架主要是依据（）生成的。

A、构件的接口B、服务端代码C、客户端代码D、分布式对象自身正确答案：A2、快速以太网是由（）标准定义的。

A、IEEE802.4B、IEEE802.3uC、IEEE802.3iD、IEEE802.1q正确答案：B3、组成双机热备的方案中，（）方式主要通过磁盘阵列提供切换后，对数据完整性和连续性的保障。

A、共享存储方式B、数据同步方式C、数据异步方式正确答案：B4、负责安全系统的部门的重要资产不包括（）A、人员B、部门人员使用的工具C、运行在安全系统中的应用D、部门人员搭建的web服务器正确答案：B5、《信息系统安全等级保护基本要求》中技术要求不包括（）。

A、主机安全B、物理安全C、网络安全D、系统安全正确答案：D6、根据《中国南方电网有限责任公司信息运维服务体系（2015年）》，（）是对信息系统运行方式的统一规划，对信息运维资源的统筹管理与统一分配，并对运行方式有较大影响的运维操作方案的统一管理。

A、调度管理B、服务管理C、运行方式管理D、运维管理正确答案：C7、计算机机房的安全分为（）。

A、A类、B类B、A类、B类、C类C、A类、B类、C类、D类D、以上都不是正确答案：B8、口令攻击的主要目的是（）A、获取口令破坏系统B、仅获取口令没有用途C、获取口令进入系统正确答案：C9、黑客扫描某台服务器，发现服务器开放了4489、80、22等端口，telnet连接 22端口，返回Servu信息，猜测此台服务器安装（）类型操作系统。

A、WinDows操作系统B、Linux操作系统C、UNIX操作系统D、MAC OS X操作系统正确答案：A10、下列哪项不属于“三中心容灾”的内容（）。

A、信息中心B、生产中心C、同城灾备中心D、异地灾备中心正确答案：A11、信息系统的运行维护工作应由（）负责，重要信息系统和网络、机房等需提供主、备岗位。

Network Working Group J. Rosenberg Request for Comments: 3858 dynamicsoft Category: Standards Track August 2004 An Extensible Markup Language (XML) Based Format for WatcherInformationStatus of this MemoThis document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions forimprovements. Please refer to the current edition of the "InternetOfficial Protocol Standards" (STD 1) for the standardization stateand status of this protocol. Distribution of this memo is unlimited. Copyright NoticeCopyright (C) The Internet Society (2004).AbstractWatchers are defined as entities that request (i.e., subscribe to)information about a resource. There is fairly complex stateassociated with these subscriptions. The union of the state for all subscriptions to a particular resource is called the watcherinformation for that resource. This state is dynamic, changing assubscribers come and go. As a result, it is possible, and indeeduseful, to subscribe to the watcher information for a particularresource. In order to enable this, a format is needed to describethe state of watchers on a resource. This specification describes an Extensible Markup Language (XML) document format for such state.Table of Contents1. Introduction (2)2. Terminology (2)3. Structure of Watcher Information (2)4. Computing Watcher Lists from the Document (5)5. Example (6)6. XML Schema (6)7. Security Considerations (8)8. IANA Considerations (9)8.1. application/watcherinfo+xml MIME Registration (9)8.2. URN Sub-Namespace Registration forurn:ietf:params:xml:ns:watcherinfo (10)9. Normative References (10)10. Informative References (11)Rosenberg Standards Track [Page 1]11. Acknowledgements (11)12. Contributors (12)13. Author’s Address (13)14. Full Copyright Statement (14)1. IntroductionWatchers are defined as entities that request (i.e., subscribe to)information about a resource, using the SIP event framework, RFC 3265 [1]. There is fairly complex state associated with thesesubscriptions. This state includes the identity of the subscriber,the state of the subscription, and so on. The union of the state for all subscriptions to a particular resource is called the watcherinformation for that resource. This state is dynamic, changing assubscribers come and go. As a result, it is possible, and indeeduseful, to subscribe to the watcher information for a particularresource. An important application of this is the ability for a user to find out the set of subscribers to their presentity [11]. Thiswould allow the user to provide an authorization decision for thesubscription.To support subscriptions to watcher information, two components areneeded. The first is the definition of a SIP event template-package for watcher information. The other is the definition of a dataformat to represent watcher information. The former is specified in [2], and the latter is specified here.2. TerminologyIn this document, the key words "MUST", "MUST NOT", "REQUIRED","SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [3] and indicate requirement levels for compliant implementations.This document also uses the terms subscriber, watcher, subscription, notification, watcherinfo subscription, watcherinfo subscriber, andwatcherinfo notification with the meanings described in [2].3. Structure of Watcher InformationWatcher information is an XML document [4] that MUST be well-formedand SHOULD be valid. Watcher information documents MUST be based on XML 1.0 and MUST be encoded using UTF-8. This specification makesuse of XML namespaces for identifying watcherinfo documents anddocument fragments. The namespace URI for elements defined by thisspecification is a URN [5], using the namespace identifier ’ietf’defined by [6] and extended by [7]. This URN is:Rosenberg Standards Track [Page 2]urn:ietf:params:xml:ns:watcherinfoA watcher information document begins with the root element tag"watcherinfo". It consists of any number of "watcher-list" sub-elements, each of which is a list of watchers for a particularresource. Other elements from different namespaces MAY be presentfor the purposes of extensibility; elements or attributes fromunknown namespaces MUST be ignored. There are two attributesassociated with the "watcherinfo" element, both of which MUST bepresent:version: This attribute allows the recipient of watcherinfo documents to properly order them. Versions start at 0, and increment by one for each new document sent to a watcherinfo subscriber. Versions are scoped within a watcherinfo subscription. Versions MUST berepresentable using a 32 bit integer. However, versions do notwrap.state: This attribute indicates whether the document containsthe full watcherinfo state, or whether it contains onlyinformation on those watchers which have changed since theprevious document (partial).Each "watcher-list" element contains a list of "watcher" elements,each of which describes a watcher on a particular resource. Otherelements from different namespaces MAY be present for the purposes of extensibility; elements or attributes from unknown namespaces MUST be ignored. There are two attributes associated with the "watcher-list" element, both of which MUST be present:resource: This attribute contains a URI for the resource beingwatched by that list of watchers. It is mandatory.package: This attribute contains a token indicating the eventpackage for which watcher information on that resource is beingprovided. It is mandatory.The "watcher" element describes a watcher in the watcher list. Thevalue of the "watcher" element is a URI for the watcher. This URISHOULD be the authenticated identity of the watcher as determined by the server processing the subscription. As such, this URI willusually be an address-of-record (for example, sip:joe@) as opposed to a device address (for example, sip:joe@192.0.2.3). There are three mandatory attributes which MUST be present:Rosenberg Standards Track [Page 3]id: A unique identifier for the subscription described by thewatcher element. The id MUST be representable using the grammarfor token as specified by RFC 3261 [8]. It MUST be unique across all other watchers reported in documents sent in notifications for a particular watcherinfo subscription.status: The status of the subscription. The meaning of thevarious statuses are defined in the watcher information eventpackage [2].event: The event which caused the transition to the currentstatus. The events are defined in the watcher information eventpackage [2].There are also some optional, informative attributes of the watcherelement. These are:display-name: A textual representation of the name of thesubscriber.expiration: The amount of time, in seconds from the currenttime, that the subscription will expire.duration-subscribed: The amount of time, expressed in seconds,between the time the SUBSCRIBE which created the subscription was received, and the current time.The xml:lang attribute MAY be used with the "watcher" element tospecify the language of the "display-name".The number of watchers present for each resource, and the set ofresources listed, depends on the type of data being provided, and to whom.For example, consider a presence system using watcher information. In one scenario, a user, A, subscribes to the presence of another user, B. A would like to find out about the status of their subscription. To do so, A subscribes to the watcher information for B’s presence.A does not have authorization to learn the status of all watchers for B’s presence. As a result, the watcher information sent to A willcontain only one watcher - A themself.In another scenario, a user, B, wishes to learn the set of people who have subscribed to B’s presence. To do this, B subscribes to thewatcher information for B’s presence. Here, B is authorized to seeall the watchers of B’s presence. As a result, the watcherinformation sent to B will contain all watchers of B’s presence. Rosenberg Standards Track [Page 4]In the case where an administrator wishes to learn the current status in the system, the watcher information could contain all watchers for all resources.4. Computing Watcher Lists from the DocumentTypically, the watcherinfo NOTIFY will only contain information about those watchers whose state has changed. To construct a coherent view of the total state of all watchers, a watcherinfo subscriber willneed to combine NOTIFYs received over time. The watcherinfosubscriber maintains a table for each watcher list it receivesinformation about. Each watcher list is uniquely identified by theURI in the "resource" attribute of the "watcher-list" element. Each table contains a row for each watcher in that watcher list. Each row is indexed by the unique ID for that watcher. It is conveyed in the "id" attribute of the "watcher" element. The contents of each rowcontain the state of that watcher as conveyed in the "watcher"element. The tables are also associated with a version number. The version number MUST be initialized with the value of the "version"attribute from the "watcherinfo" element in the first documentreceived. Each time a new document is received, the value of thelocal version number, and the "version" attribute in the newdocument, are compared. If the value in the new document is onehigher than the local version number, the local version number isincreased by one, and the document is processed. If the value in the document is more than one higher than the local version number, thelocal version number is set to the value in the new document, thedocument is processed, and the watcherinfo subscriber SHOULD generate a refresh request to trigger a full state notification. If the value in the document is less than the local version, the document isdiscarded without processing.The processing of the watcherinfo document depends on whether itcontains full or partial state. If it contains full state, indicated by the value of the "state" attribute in the "watcherinfo" element,the contents of all tables associated with this watcherinfosubscription are flushed. They are re-populated from the document.A new table is created for each "watcher-list" element, and a new row in each table is created for each "watcher" element. If thewatcherinfo contains partial state, as indicated by the value of the "state" attribute in the "watcherinfo" element, the document is used to update the existing tables. For each "watcher-list" element, the watcherinfo subscriber checks to see if a table exists for that list. This check is done by comparing the URI in the "resource" attributeof the "watcher-list" element with the URI associated with the table. If a table doesn’t exist for that list, one is created. For each"watcher" element in the list, the watcherinfo subscriber checks tosee whether a row exists for that watcher. This check is done by Rosenberg Standards Track [Page 5]comparing the ID in the "id" attribute of the "watcher" element with the ID associated with the row. If the watcher doesn’t exist in the table, a row is added, and its state is set to the information fromthat "watcher" element. If the watcher does exist, its state isupdated to be the information from that "watcher" element. If a row is updated or created, such that its state is now terminated, thatentry MAY be removed from the table at any time.5. ExampleThe following is an example of watcher information for a presentity, who is a professor. There are two watchers, userA and userB.<?xml version="1.0"?><watcherinfo xmlns="urn:ietf:params:xml:ns:watcherinfo"version="0" state="full"><watcher-list resource="sip:professor@" package="presence"> <watcher status="active"id="8ajksjda7s"duration-subscribed="509"event="approved" >sip:userA@</watcher><watcher status="pending"id="hh8juja87s997-ass7"display-name="Mr. Subscriber"event="subscribe">sip:userB@</watcher></watcher-list></watcherinfo>6. XML SchemaThe following is the schema definition of the watcherinfo documentformat:<xs:schema xmlns:xs="/2001/XMLSchema"targetNamespace="urn:ietf:params:xml:ns:watcherinfo"xmlns:tns="urn:ietf:params:xml:ns:watcherinfo" ><!-- This import brings in the XML language attribute xml:lang--><xs:import namespace="/XML/1998/namespace"schemaLocation="/2001/03/xml.xsd" /><xs:element name="watcherinfo"><xs:complexType><xs:sequence><xs:element ref="tns:watcher-list" minOccurs="0"maxOccurs="unbounded"/><xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/></xs:sequence><xs:attribute name="version" type="xs:nonNegativeInteger" Rosenberg Standards Track [Page 6]use="required"/><xs:attribute name="state" use="required"><xs:simpleType><xs:restriction base="xs:string"><xs:enumeration value="full"/><xs:enumeration value="partial"/></xs:restriction></xs:simpleType></xs:attribute></xs:complexType></xs:element><xs:element name="watcher-list"><xs:complexType><xs:sequence><xs:element ref="tns:watcher" minOccurs="0" maxOccurs="unbounded"/><xs:any namespace="##other" processContents="lax"minOccurs="0" maxOccurs="unbounded"/></xs:sequence><xs:attribute name="resource" type="xs:anyURI" use="required"/><xs:attribute name="package" type="xs:string" use="required"/></xs:complexType></xs:element><xs:element name="watcher"><xs:complexType><xs:simpleContent><xs:extension base="xs:anyURI"><xs:attribute name="display-name" type="xs:string"/><xs:attribute name="status" use="required"><xs:simpleType><xs:restriction base="xs:string"><xs:enumeration value="pending"/><xs:enumeration value="active"/><xs:enumeration value="waiting"/><xs:enumeration value="terminated"/></xs:restriction></xs:simpleType></xs:attribute><xs:attribute name="event" use="required"><xs:simpleType><xs:restriction base="xs:string"><xs:enumeration value="subscribe"/><xs:enumeration value="approved"/><xs:enumeration value="deactivated"/><xs:enumeration value="probation"/><xs:enumeration value="rejected"/><xs:enumeration value="timeout"/><xs:enumeration value="giveup"/>Rosenberg Standards Track [Page 7]<xs:enumeration value="noresource"/></xs:restriction></xs:simpleType></xs:attribute><xs:attribute name="expiration" type="xs:unsignedLong"/><xs:attribute name="id" type="xs:string" use="required"/><xs:attribute name="duration-subscribed"type="xs:unsignedLong"/><xs:attribute ref="xml:lang"/></xs:extension></xs:simpleContent></xs:complexType></xs:element></xs:schema>7. Security ConsiderationsWatcher information is sensitive information. The protocol used todistribute it SHOULD ensure privacy, message integrity, andauthentication. Furthermore, the protocol should provide accesscontrols which restrict who can see who elses watcher information.8. IANA ConsiderationsThis document registers a new MIME type, application/watcherinfo+xml, and registers a new XML namespace.8.1. application/watcherinfo+xml MIME RegistrationMIME media type name: applicationMIME subtype name: watcherinfo+xmlMandatory parameters: noneOptional parameters: Same as charset parameter application/xmlas specified in RFC 3023 [9].Encoding considerations: Same as encoding considerations ofapplication/xml as specified in RFC 3023 [9].Security considerations: See Section 10 of RFC 3023 [9] andSection 7 of this specification.Interoperability considerations: none.Published specification: This document.Rosenberg Standards Track [Page 8]Applications which use this media type: This document type hasbeen used to support subscriber authorization functions forSIP-based presence [10] [2].Additional Information:Magic Number: NoneFile Extension: .wif or .xmlMacintosh file type code: "TEXT"Personal and email address for further information: JonathanRosenberg, <jdrosen@>Intended usage: COMMONAuthor/Change controller: The IETF.8.2. URN Sub-Namespace Registration forurn:ietf:params:xml:ns:watcherinfoThis section registers a new XML namespace, as per the guidelines in [7].URI: The URI for this namespace isurn:ietf:params:xml:ns:watcherinfo.Registrant Contact: IETF, SIMPLE working group,<simple@>, Jonathan Rosenberg<jdrosen@>.XML:BEGIN<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN""/TR/xhtml-basic/xhtml-basic10.dtd"><html xmlns="/1999/xhtml"><head><meta http-equiv="content-type"content="text/html;charset=iso-8859-1"/><title>Watcher Information Namespace</title></head><body><h1>Namespace for Watcher Information</h1><h2>urn:ietf:params:xml:ns:watcherinfo</h2><p>See <a href="ftp:///in-notes/rfc3858.txt"> RFC3858</a>.</p>Rosenberg Standards Track [Page 9]</body></html>END9. Normative References[1] Roach, A. B., "Session Initiation Protocol (SIP)-Specific Event Notification", RFC 3265, June 2002.[2] Rosenberg, J., "A Watcher Information Event Template-Package for the Session Initiation Protocol (SIP)", RFC 3857, August 2004.[3] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.[4] T. Bray, J. Paoli, and C. M. Sperberg-McQueen, "ExtensibleMarkup language (XML) 1.0 (second edition)," W3C Recommendation REC-xml-20001006, World Wide Web Consortium (W3C), Oct. 2000.Available at /XML/.[5] Moats, R., "URN Syntax", RFC 2141, May 1997.[6] Moats, R., "A URN Namespace for IETF Documents", RFC 2648,August 1999.[7] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.[8] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:Session Initiation Protocol", RFC 3261, June 2002.[9] Murata, M., Laurent, S., and D. Kohn, "XML Media Types", RFC3023, January 2001.[10] Rosenberg, J., "A Presence Event Package for the SessionInitiation Protocol (SIP)", RFC 3856, August 2004.10. Informative References[11] Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence and Instant Messaging", RFC 2778, February 2000.11. AcknowledgementsThe authors would like to thank Sean Olson, Steve Donovan, and Cullen Jennings for their detailed comments and assistance with the XMLschema.Rosenberg Standards Track [Page 10]12. ContributorsThe following people were part of the original design team thatdeveloped the first version of this specification:Dean Willisdynamicsoft5100 Tennyson Parkway, Suite 1200Plano, Texas 75024EMail: dwillis@Robert Sparksdynamicsoft5100 Tennyson Parkway, Suite 1200Plano, Texas 75024EMail: rsparks@Ben CampbellEMail: ben@Henning SchulzrinneColumbia UniversityM/S 04011214 Amsterdam Ave.New York, NY 10027-7003EMail: schulzrinne@Jonathan LennoxColumbia UniversityM/S 04011214 Amsterdam Ave.New York, NY 10027-7003EMail: lennox@Christian HuitemaMicrosoft CorporationOne Microsoft WayRedmond, WA 98052-6399EMail: huitema@Rosenberg Standards Track [Page 11]Bernard AbobaMicrosoft CorporationOne Microsoft WayRedmond, WA 98052-6399EMail: bernarda@David GurleReuters CorporationEMail: David.Gurle@Jonathan Lennox contributed the text for the DTD and its usage thatwere part of earlier versions of this specification.13. Author’s AddressJonathan Rosenbergdynamicsoft600 Lanidex PlazaParsippany, NJ 07054EMail: jdrosen@Rosenberg Standards Track [Page 12]14. Full Copyright StatementCopyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, andexcept as set forth therein, the authors retain all their rights.This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNETENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THEINFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIEDWARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual PropertyThe IETF takes no position regarding the validity or scope of anyIntellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described inthis document or the extent to which any license under such rightsmight or might not be available; nor does it represent that it hasmade any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can befound in BCP 78 and BCP 79.Copies of IPR disclosures made to the IETF Secretariat and anyassurances of licenses to be made available, or the result of anattempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of thisspecification can be obtained from the IETF on-line IPR repository at /ipr.The IETF invites any interested party to bring to its attention anycopyrights, patents or patent applications, or other proprietaryrights that may cover technology that may be required to implementthis standard. Please address the information to the IETF at ietf-ipr@.AcknowledgementFunding for the RFC Editor function is currently provided by theInternet Society.Rosenberg Standards Track [Page 13]。

Network Working Group J. Salowey Request for Comments: 5288 A. Choudhury Category: Standards Track D. McGrew Cisco Systems, Inc. August 2008 AES Galois Counter Mode (GCM) Cipher Suites for TLSStatus of This MemoThis document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions forimprovements. Please refer to the current edition of the "InternetOfficial Protocol Standards" (STD 1) for the standardization stateand status of this protocol. Distribution of this memo is unlimited.AbstractThis memo describes the use of the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) as a Transport Layer Security (TLS)authenticated encryption operation. GCM provides bothconfidentiality and data origin authentication, can be efficientlyimplemented in hardware for speeds of 10 gigabits per second andabove, and is also well-suited to software implementations. Thismemo defines TLS cipher suites that use AES-GCM with RSA, DSA, andDiffie-Hellman-based key exchange mechanisms.Table of Contents1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 22. Conventions Used in This Document . . . . . . . . . . . . . . . 23. AES-GCM Cipher Suites . . . . . . . . . . . . . . . . . . . . . 24. TLS Versions . . . . . . . . . . . . . . . . . . . . . . . . . 35. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 46. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6.1. Counter Reuse . . . . . . . . . . . . . . . . . . . . . . . 46.2. Recommendations for Multiple Encryption Processors . . . . 47. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 58. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.1. Normative References . . . . . . . . . . . . . . . . . . . 6 8.2. Informative References . . . . . . . . . . . . . . . . . . 6 Salowey, et al. Standards Track [Page 1]1. IntroductionThis document describes the use of AES [AES] in Galois Counter Mode(GCM) [GCM] (AES-GCM) with various key exchange mechanisms as acipher suite for TLS. AES-GCM is an authenticated encryption withassociated data (AEAD) cipher (as defined in TLS 1.2 [RFC5246])providing both confidentiality and data origin authentication. Thefollowing sections define cipher suites based on RSA, DSA, andDiffie-Hellman key exchanges; ECC-based (Elliptic Curve Cryptography) cipher suites are defined in a separate document [RFC5289].AES-GCM is not only efficient and secure, but hardwareimplementations can achieve high speeds with low cost and lowlatency, because the mode can be pipelined. Applications thatrequire high data throughput can benefit from these high-speedimplementations. AES-GCM has been specified as a mode that can beused with IPsec ESP [RFC4106] and 802.1AE Media Access Control (MAC) Security [IEEE8021AE].2. Conventions Used in This DocumentThe key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].3. AES-GCM Cipher SuitesThe following cipher suites use the new authenticated encryptionmodes defined in TLS 1.2 with AES in Galois Counter Mode (GCM) [GCM]: CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C}CipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9D}CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E}CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9F}CipherSuite TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0xA0}CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0xA1}CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA2}CipherSuite TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA3}CipherSuite TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA4}CipherSuite TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA5}CipherSuite TLS_DH_anon_WITH_AES_128_GCM_SHA256 = {0x00,0xA6}CipherSuite TLS_DH_anon_WITH_AES_256_GCM_SHA384 = {0x00,0xA7}These cipher suites use the AES-GCM authenticated encryption withassociated data (AEAD) algorithms AEAD_AES_128_GCM andAEAD_AES_256_GCM described in [RFC5116]. Note that each of theseAEAD algorithms uses a 128-bit authentication tag with GCM (inparticular, as described in Section 3.5 of [RFC4366], theSalowey, et al. Standards Track [Page 2]"truncated_hmac" extension does not have an effect on cipher suitesthat do not use HMAC). The "nonce" SHALL be 12 bytes long consisting of two parts as follows: (this is an example of a "partiallyexplicit" nonce; see Section 3.2.1 in [RFC5116]).struct {opaque salt[4];opaque nonce_explicit[8];} GCMNonce;The salt is the "implicit" part of the nonce and is not sent in thepacket. Instead, the salt is generated as part of the handshakeprocess: it is either the client_write_IV (when the client issending) or the server_write_IV (when the server is sending). Thesalt length (SecurityParameters.fixed_iv_length) is 4 octets.The nonce_explicit is the "explicit" part of the nonce. It is chosen by the sender and is carried in each TLS record in theGenericAEADCipher.nonce_explicit field. The nonce_explicit length(SecurityParameters.record_iv_length) is 8 octets.Each value of the nonce_explicit MUST be distinct for each distinctinvocation of the GCM encrypt function for any fixed key. Failure to meet this uniqueness requirement can significantly degrade security. The nonce_explicit MAY be the 64-bit sequence number.The RSA, DHE_RSA, DH_RSA, DHE_DSS, DH_DSS, and DH_anon key exchanges are performed as defined in [RFC5246].The Pseudo Random Function (PRF) algorithms SHALL be as follows:For cipher suites ending with _SHA256, the PRF is the TLS PRF[RFC5246] with SHA-256 as the hash function.For cipher suites ending with _SHA384, the PRF is the TLS PRF[RFC5246] with SHA-384 as the hash function.Implementations MUST send TLS Alert bad_record_mac for all types offailures encountered in processing the AES-GCM algorithm.4. TLS VersionsThese cipher suites make use of the authenticated encryption withadditional data defined in TLS 1.2 [RFC5246]. They MUST NOT benegotiated in older versions of TLS. Clients MUST NOT offer thesecipher suites if they do not offer TLS 1.2 or later. Servers thatselect an earlier version of TLS MUST NOT select one of these cipher suites. Because TLS has no way for the client to indicate that it Salowey, et al. Standards Track [Page 3]supports TLS 1.2 but not earlier, a non-compliant server mightpotentially negotiate TLS 1.1 or earlier and select one of the cipher suites in this document. Clients MUST check the TLS version andgenerate a fatal "illegal_parameter" alert if they detect anincorrect version.5. IANA ConsiderationsIANA has assigned the following values for the cipher suites defined in this document:CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C}CipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9D}CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E}CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9F}CipherSuite TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0xA0}CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0xA1}CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA2}CipherSuite TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA3}CipherSuite TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA4}CipherSuite TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA5}CipherSuite TLS_DH_anon_WITH_AES_128_GCM_SHA256 = {0x00,0xA6}CipherSuite TLS_DH_anon_WITH_AES_256_GCM_SHA384 = {0x00,0xA7}6. Security ConsiderationsThe security considerations in [RFC5246] apply to this document aswell. The remainder of this section describes securityconsiderations specific to the cipher suites described in thisdocument.6.1. Counter ReuseAES-GCM security requires that the counter is never reused. The IVconstruction in Section 3 is designed to prevent counter reuse.Implementers should also understand the practical considerations ofIV handling outlined in Section 9 of [GCM].6.2. Recommendations for Multiple Encryption ProcessorsIf multiple cryptographic processors are in use by the sender, thenthe sender MUST ensure that, for a particular key, each value of the nonce_explicit used with that key is distinct. In this case, eachencryption processor SHOULD include, in the nonce_explicit, a fixedvalue that is distinct for each processor. The recommended format is nonce_explicit = FixedDistinct || VariableSalowey, et al. Standards Track [Page 4]where the FixedDistinct field is distinct for each encryptionprocessor, but is fixed for a given processor, and the Variable field is distinct for each distinct nonce used by a particular encryptionprocessor. When this method is used, the FixedDistinct fields usedby the different processors MUST have the same length.In the terms of Figure 2 in [RFC5116], the Salt is the Fixed-Commonpart of the nonce (it is fixed, and it is common across allencryption processors), the FixedDistinct field exactly correspondsto the Fixed-Distinct field, the Variable field corresponds to theCounter field, and the explicit part exactly corresponds to thenonce_explicit.For clarity, we provide an example for TLS in which there are twodistinct encryption processors, each of which uses a one-byteFixedDistinct field:Salt = eedc68dcFixedDistinct = 01 (for the first encryption processor) FixedDistinct = 02 (for the second encryption processor)The GCMnonces generated by the first encryption processor, and their corresponding nonce_explicit, are:GCMNonce nonce_explicit------------------------ ----------------------------eedc68dc0100000000000000 0100000000000000eedc68dc0100000000000001 0100000000000001eedc68dc0100000000000002 0100000000000002...The GCMnonces generated by the second encryption processor, and their corresponding nonce_explicit, areGCMNonce nonce_explicit------------------------ ----------------------------eedc68dc0200000000000000 0200000000000000eedc68dc0200000000000001 0200000000000001eedc68dc0200000000000002 0200000000000002...7. AcknowledgementsThis document borrows heavily from [RFC5289]. The authors would like to thank Alex Lam, Simon Josefsson, and Pasi Eronen for providinguseful comments during the review of this document.Salowey, et al. Standards Track [Page 5]8. References8.1. Normative References[AES] National Institute of Standards and Technology,"Advanced Encryption Standard (AES)", FIPS 197,November 2001.[GCM] Dworkin, M., "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC",National Institute of Standards and Technology SP 800- 38D, November 2007.[RFC2119] Bradner, S., "Key words for use in RFCs to IndicateRequirement Levels", BCP 14, RFC 2119, March 1997.[RFC5116] McGrew, D., "An Interface and Algorithms forAuthenticated Encryption", RFC 5116, January 2008.[RFC5246] Dierks, T. and E. Rescorla, "The Transport LayerSecurity (TLS) Protocol Version 1.2", RFC 5246,August 2008.8.2. Informative References[IEEE8021AE] Institute of Electrical and Electronics Engineers,"Media Access Control Security", IEEE Standard 802.1AE, August 2006.[RFC4106] Viega, J. and D. McGrew, "The Use of Galois/CounterMode (GCM) in IPsec Encapsulating Security Payload(ESP)", RFC 4106, June 2005.[RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and T. Wright, "Transport Layer Security (TLS)Extensions", RFC 4366, April 2006.[RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites withSHA-256/384 and AES Galois Counter Mode", RFC 5289,August 2008.Salowey, et al. Standards Track [Page 6]Authors’ AddressesJoseph SaloweyCisco Systems, Inc.2901 3rd. AveSeattle, WA 98121USAEMail: jsalowey@Abhijit ChoudhuryCisco Systems, Inc.3625 Cisco WaySan Jose, CA 95134USAEMail: abhijitc@David McGrewCisco Systems, Inc.170 W Tasman DriveSan Jose, CA 95134USAEMail: mcgrew@Salowey, et al. Standards Track [Page 7]Full Copyright StatementCopyright (C) The IETF Trust (2008).This document is subject to the rights, licenses and restrictionscontained in BCP 78, and except as set forth therein, the authorsretain all their rights.This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIEDWARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual PropertyThe IETF takes no position regarding the validity or scope of anyIntellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described inthis document or the extent to which any license under such rightsmight or might not be available; nor does it represent that it hasmade any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can befound in BCP 78 and BCP 79.Copies of IPR disclosures made to the IETF Secretariat and anyassurances of licenses to be made available, or the result of anattempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of thisspecification can be obtained from the IETF on-line IPR repository at /ipr.The IETF invites any interested party to bring to its attention anycopyrights, patents or patent applications, or other proprietaryrights that may cover technology that may be required to implementthis standard. Please address the information to the IETF atietf-ipr@.Salowey, et al. Standards Track [Page 8]。

rfc中常用的测试协议摘要：1.RFC 简介2.RFC 中常用的测试协议a.网络协议测试1.网络数据包抓取和分析2.网络仿真和测试工具b.应用层协议测试1.HTTP 和HTTPS 测试2.FTP 和FTPS 测试3.SMTP 和SMTPS 测试c.安全协议测试1.TLS 和SSL 测试2.IPsec 测试d.传输协议测试1.TCP 和UDP 测试e.无线网络协议测试1.802.11 无线网络测试正文：RFC（Request for Comments）是一个用于讨论和记录互联网协议的标准文档系列。

在RFC 中，有许多常用的测试协议，这些协议用于确保互联网协议在实际应用中能够正常工作。

本文将详细介绍这些测试协议。

首先，RFC 中包含了大量的网络协议测试。

网络数据包抓取和分析是网络协议测试的基础，这对于诊断网络问题和优化网络性能至关重要。

此外，网络仿真和测试工具也是必不可少的，例如，网络模拟器（如NS-3）和测试平台（如Ixia）可以帮助工程师在实验室环境中模拟实际网络状况，从而对协议进行更严格的测试。

其次，应用层协议测试在RFC 中也占据重要地位。

HTTP 和HTTPS 是Web 应用中最常用的协议，有许多测试工具可以对它们的性能和安全性进行测试，例如，JMeter 和Locust 等负载测试工具。

此外，FTP 和FTPS、SMTP 和SMTPS 等传输协议也是常用的测试对象。

在安全协议方面，RFC 中包含了TLS 和SSL、IPsec 等协议的测试方法。

这些协议对于保护互联网数据传输的安全至关重要，因此需要进行严格的测试以确保其性能和安全性。

传输协议方面，TCP 和UDP 是互联网中最常用的传输协议，它们的测试方法也是RFC 中的重要内容。

TCP 测试关注可靠性和流量控制等方面，而UDP 测试则更注重数据传输速率和丢包率等指标。

最后，无线网络协议测试在RFC 中也有一定的比重。

例如，802.11 无线网络测试是评估无线局域网性能的关键。

RFC1058 Routing Information Protocol1. 简介该文档描述了基于Bellman-Ford(距离向量)算法的一系列路由协议的一种协议。

从早期的ARPANET开始，该算法已经在计算机网络中用于路由计算。

本文描述的特定包格式和协议都基于程序”Routed”，该程序包含在Unix 的伯克利分发中。

”routed”已经成为事实的标准，用于在主机和网关间交换路由信息。

它被大多数商业IP网关的提供者实现。

然而，请注意，这些提供者中的很多都有自己的协议，用于自己的网关。

该协议常常被用作内部网关协议。

在一个国际级的网络，如当前的因特网，没有一个单个路由协议作为整个网络的协议使用。

网络被组织成很多的自治系统。

一个自治系统通常被一个管理实体，或者至少有一些技术或者管理控制。

这些在不同的自治系统间是不同的。

用在自治系统内部的协议叫做内部网关协议，或者“IGP”。

在自治系统间采用独立的协议。

最早的这种协议，依然在网络上使用，叫做外部网关协议“EGP”。

这种协议用作AS间的路由协议。

RIP设计工作在中等规模的网络，适用于很多校园或者区域网络的IGP。

RIP协议并不打算应用在更复杂的缓急国内下。

RIP是距离向量算法中的一个。

最早描述该算法的是作者Ford和Fulkerson。

因为这些，这个也叫做Ford-Fulkerson算法。

术语Bellman-Ford 也在使用。

它来源于事实，这个算法基于Bellman等式，动态编程的基础。

RIP用于基于IP的网络。

1.1.协议限制该协议并没有解决每一个路由问题。

如上所述，RIP的主要目的是用在IGP，适当的网络规模。

初次之外，下面的限制要注意：●该协议限制在网络最长距离15跳。

设计者相信这个基本的协议不适应大型的网络。

●协议依靠“计数到无限”来解决特定不常用的情况。

如果网络系统包含几百个网络，路由环回会形成。

环回的解决需要大量时间（如果路由更新频率受限），或者带宽（当检测到更新发送更新变化）。

目录1 绪论1.1 协议概述1.2 常用术语的定义1.3 连接状态路由技术的简要历史1.4 本文档的结构1.5 感2 连接状态数据库：组织和计算2.1 路由器和网络的表示方法2.1.1 非广播网络的表示方法2.1.2 一个连接状态数据库的示例2.2 最短路径树2.3 使用外部路由信息2.4 等值多路径3 将自制系统划分为区域3.1 自制系统的骨干区域3.2 区域间路由3.3 路由器的分类3.4 一个简单区域配置3.5 IP子网化支持3.6 支持存根区域3.7 区域的划分4 功能摘要4.1 区域间路由4.2 自制系统外部路由4.3 路由协议包4.4 根本实现的需求4.5 OSPF可选项5 协议数据结构6 区域数据结构7 形成邻接7.1 Hello协议7.2 数据库同步7.3 指定路由器7.4 备份指定路由器7.5 邻接图8 协议包处理8.1 发送协议包8.2 接收协议包9 接口数据结构9.1 接口状态9.2 引起接口状态改变的事件9.3 接口状态机9.4 选举指定路由器9.5 发送Hello包9.5.1 在NBMA网络上发送Hello包10 邻居数据结构10.1 邻居状态10.2 引起邻居状态改变的事件1 / 11910.3 邻居状态机10.4 是否形成邻接10.5 接收到Hello包10.6 接收到数据库描述包10.7 接收到连接状态请求包10.8 发送数据库描述包10.9 发送连接状态请求包10.10 示例11 路由表结构11.1 查找路由表11.2 路由表示例，无区域11.3 路由表示例，有区域12 连接状态宣告〔LSA〕12.1 LSA头部12.1.1 连接状态时限12.1.2 选项12.1.3 连接状态类型12.1.4 连接状态标识12.1.5 宣告路由器12.1.6 连接状态序号12.1.7 连接状态校验和12.2 连接状态数据库12.3 TOS表现12.4 生成LSA12.4.1 Router-LSA12.4.1.1 描述点对点接口12.4.1.2 描述广播和NBMA接口12.4.1.3 描述虚拟通道12.4.1.4 描述点对多点接口12.4.1.5 Router-LSA示例12.4.2 Network-LSA12.4.2.1 Network-LSA示例12.4.3 Summary-LSA12.4.3.1 向存根区域生成Summary-LSA 12.4.3.2 Summary-LSA示例12.4.4 AS-external-LSA12.4.4.1 AS-external-LSA示例13 洪泛过程13.1 判定较新的LSA13.2 将LSA参加数据库13.3 洪泛过程的下一步操作13.4 接收自生成的LSA13.5 发送连接状态确认包〔LSAck包〕13.6 重传LSA13.7 接收连接状态确认包〔LSAck包〕14 老化连接状态数据库14.1 提前老化LSA15 虚拟通道16 计算路由表16.1 计算一个区域的最短路径树16.1.1 计算下一跳16.2 计算区域间路径16.3 查看传输区域的Summary-LSA16.4 计算AS外部路径16.4.1 外部路径参数16.5 增量更新——Summary-LSA16.6 增量更新——AS-external-LSA16.7 路由表改变引起的事件16.8 等值多路径脚注引用A OSPF数据格式A.1 OSPF包的封装A.2 选项域A.3 OSPF包格式A.3.1 OSPFA.3.2 Hello包A.3.3 数据库描述包〔DD包〕A.3.4 连接状态请求包〔LSR包〕A.3.5 连接状态更新包〔LSU包〕A.3.6 连接状态确认包〔LSAck包〕A.4 LSA格式A.4.1 LSA头部A.4.2 Router-LSAA.4.3 Network-LSAA.4.4 Summary-LSAA.4.5 AS-external-LSAB 结构常量C 可配置变量C.1 全局参数C.2 区域参数C.3 路由器接口参数C.4 虚拟通道参数C.5 NBMA网络参数C.6 点对多点网络参数C.7 主机路径参数D 验证D.1 空验证D.2 简单口令验证D.3 密码验证D.4 信息生成D.4.1 生成空验证D.4.2 生成简单口令验证D.4.3 生成密码验证D.5 信息校验D.5.1 校验空验证D.5.2 校验简单口令验证D.5.3 校验密码验证E 设定LS标识的一种算法F 多接口接入同一网络/子网G 与RFC 2178的不同3 / 119G.1 洪泛过程的修改G.2 外部路径优先级的改变G.3 解决不完整的虚拟下一跳G.4 路由表查找安全性考虑作者的地址完整的声明1. 绪论本文档描述了开放最短路径优先/Open Shortest Path First〔OSPF〕TCP/IP网际路由协议。