7. Adjacency Maintenance
Adjacency forming and eliminating on non-MANET interfaces remain
unchanged. Adjacency maintenance on a MANET interface requires
changes to transitions in the neighbor state machine ([RFC2328],
Section 10.3), to deciding whether to become adjacent ([RFC2328],
Section 10.4), sending of DD packets ([RFC2328], Section 10.8), and
receiving of DD packets ([RFC2328], Section 10.6). The specification
below relates to the MANET interface only.
If full-topology adjacencies are used (AdjConnectivity = 0), the
router forms an adjacency with each bidirectional neighbor. If
adjacency reduction is used (AdjConnectivity is 1 or 2), the router
forms adjacencies with a subset of its neighbors, according to the
rules specified in Section 7.2.
An adjacency maintenance decision is made when any of the following
four events occur between a router and its neighbor. The decision is
made by executing the neighbor event AdjOK?.
(1) The neighbor state changes from Init to 2-Way.
(2) The MDR Level changes for the neighbor or for the router
(3) The neighbor is selected to be the (Backup) Parent.
(4) The neighbor selects the router to be its (Backup) Parent.
7.1. Changes to Neighbor State Machine
The following specifies new transitions in the neighbor state
New state: Depends on action routine.
Action: If the neighbor acceptance condition is satisfied (see
Section 4.3), the neighbor state transitions to Init and
the Inactivity Timer is started. Otherwise, the neighbor
remains in the Down state.
New state: 2-Way
Action: Transition to neighbor state 2-Way.
New state: Depends on action routine.
Action: Determine whether an adjacency should be formed with the
neighboring router (see Section 7.2). If not, the
neighbor state remains at 2-Way and no further action is
Otherwise, the neighbor state changes to ExStart, and the
following actions are performed. If the neighbor has a
larger Router ID than the router's own ID, and the
received packet is a DD packet with the initialize (I),
more (M), and master (MS) bits set, then execute the
event NegotiationDone, which causes the state to
transition to Exchange.
Otherwise (negotiation is not complete), the router
increments the DD sequence number in the neighbor data
structure. If this is the first time that an adjacency
has been attempted, the DD sequence number should be
assigned a unique value (like the time of day clock). It
then declares itself master (sets the master/slave bit to
master), and starts sending Database Description packets,
with the initialize (I), more (M), and master (MS) bits
set, the MDR-DD TLV included in an LLS, and the L bit
set. This Database Description packet should be
otherwise empty. This Database Description packet should
be retransmitted at intervals of RxmtInterval until the
next state is entered (see [RFC2328], Section 10.8).
State(s): ExStart or greater
New state: Depends on action routine.
Action: Determine whether the neighboring router should still be
adjacent (see Section 7.3). If yes, there is no state
change and no further action is necessary. Otherwise,
the (possibly partially formed) adjacency must be
destroyed. The neighbor state transitions to 2-Way. The
Link state retransmission list, Database summary list,
and Link state request list are cleared of LSAs.
7.2. Whether to Become Adjacent
The following defines the method to determine if an adjacency should
be formed between neighbors in state 2-Way. The following procedure
does not depend on whether AdjConnectivity is 1 or 2, but the
selection of Dependent Neighbors (by the MDR selection algorithm)
depends on AdjConnectivity.
If adjacency reduction is not used (AdjConnectivity = 0), then an
adjacency is formed with each neighbor in state 2-Way. Otherwise, an
adjacency is formed with a neighbor in state 2-Way if any of the
following conditions is true:
(1) The router is a (Backup) MDR and the neighbor is a (Backup) MDR
and is either a Dependent Neighbor or a Dependent Selector.
(2) The neighbor is a (Backup) MDR and is the router's (Backup)
(3) The router is a (Backup) MDR and the neighbor is a child.
(4) The neighbor's A-bit is 1, indicating that the neighbor is using
Otherwise, an adjacency is not established and the neighbor remains
in state 2-Way.
7.3. Whether to Eliminate an Adjacency
The following defines the method to determine if an existing
adjacency should be eliminated. An existing adjacency is maintained
if any of the following is true:
(1) The router is an MDR or Backup MDR.
(2) The neighbor is an MDR or Backup MDR.
(3) The neighbor's A-bit is 1, indicating that the neighbor is using
Otherwise, the adjacency MAY be eliminated.
7.4. Sending Database Description Packets
Sending a DD packet on a MANET interface is the same as [RFC5340],
Section 188.8.131.52, and [RFC2328], Section 10.8, with the following
additions to paragraph 3 of Section 10.8.
If the neighbor state is ExStart, the standard initialization packet
is sent with an MDR-DD TLV appended using LLS, and the L bit is set
in the DD packet's option field. The format for the MDR-DD TLV is
specified in Section A.2.4. The DR and Backup DR fields of the MDR-
DD TLV are set exactly the same as the DR and Backup DR fields of a
Hello sent on the same interface.
7.5. Receiving Database Description Packets
Processing a DD packet received on a MANET interface is the same as
[RFC2328], Section 10.6, except for the changes described in this
section. The following additional steps are performed before
processing the packet based on neighbor state in paragraph 3 of
o If the DD packet's L bit is set in the options field and an MDR-DD
TLV is appended, then the MDR-DD TLV is processed as follows.
(1) If the DR field is equal to the neighbor's Router ID:
(a) Set the MDR Level of the neighbor to MDR.
(b) Set the neighbor's Dependent Selector variable to 1.
(2) Else if the Backup DR field is equal to the neighbor's Router
(a) Set the MDR Level of the neighbor to Backup MDR.
(b) Set the neighbor's Dependent Selector variable to 1.
(a) Set the MDR Level of the neighbor to MDR Other.
(b) Set the neighbor's Dependent Neighbor variable to 0.
(4) If the DR or Backup DR field is equal to the router's own
Router ID, set the neighbor's Child variable to 1; otherwise,
set it to 0.
o If the neighbor state is Init, the neighbor event 2-WayReceived is
o If the MDR Level of the neighbor changed, the neighbor state
machine is scheduled with the event AdjOK?.
o If the neighbor's Child status has changed from 0 to 1, the
neighbor state machine is scheduled with the event AdjOK?.
o If the neighbor's neighbor state changed from less than 2-Way to
2-Way or greater, the neighbor state machine is scheduled with the
In addition, the Database Exchange optimization described in
[RFC5243] SHOULD be performed as follows. If the router accepts a
received DD packet as the next in sequence, the following additional
step should be performed for each LSA listed in the DD packet
(whether the router is master or slave). If the Database summary
list contains an instance of the LSA that is the same as or less
recent than the listed LSA, the LSA is removed from the Database
summary list. This avoids listing the LSA in a DD packet sent to the
neighbor, when the neighbor already has an instance of the LSA that
is the same or more recent. This optimization reduces overhead due
to DD packets by approximately 50% in large networks.
8. Flooding Procedure
This section specifies the changes to [RFC2328], Section 13, for
routers that support OSPF-MDR. The first part of Section 13 (before
Section 13.1) is the same except for the following three changes.
o To exploit the broadcast nature of MANETs, if the Link State
Update (LSU) packet was received on a MANET interface, then the
packet is dropped without further processing only if the sending
neighbor is in a lesser state than 2-Way. Otherwise, the LSU
packet is processed as described in this section.
o If the received LSA is the same instance as the database copy, the
following actions are performed in addition to Step 7. For each
MANET interface for which a BackupWait Neighbor List exists for
the LSA (see Section 8.1):
(a) Remove the sending neighbor from the BackupWait Neighbor List
if it belongs to the list.
(b) For each neighbor on the receiving interface that belongs to
the BNS for the sending neighbor, remove the neighbor from the
BackupWait Neighbor List if it belongs to the list.
o Step 8, which handles the case in which the database copy of the
LSA is more recent than the received LSA, is modified as follows.
If the sending neighbor is in a lesser state than Exchange, then
the router does not send the LSA back to the sending neighbor.
There are no changes to Sections 13.1, 13.2, or 13.4. The following
subsections describe the changes to Sections 13.3 (Next step in the
flooding procedure), 13.5 (Sending Link State Acknowledgments), 13.6
(Retransmitting LSAs), and 13.7 (Receiving Link State
Acknowledgments) of [RFC2328].
8.1. LSA Forwarding Procedure
When a new LSA is received, Steps 1 through 5 of [RFC2328], Section13.3, are performed without modification for each eligible (outgoing)
interface that is not of type MANET. This section specifies the
modified steps that must be performed for each eligible MANET
interface. The eligible interfaces depend on the LSA's flooding
scope as described in [RFC5340], Section 4.5.2. Whenever an LSA is
flooded out a MANET interface, it is included in an LSU packet that
is sent to the multicast address AllSPFRouters. (Retransmitted LSAs
are always unicast, as specified in Section 8.3.)
Step 1 of [RFC2328], Section 13.3, is performed for each eligible
MANET interface with the following modification, so that the new LSA
is placed on the Link State retransmission list for each appropriate
adjacent neighbor. Step 1c is replaced with the following action, so
that the LSA is not placed on the retransmission list for a neighbor
that has already acknowledged the LSA.
o If the new LSA was received from this neighbor, or a Link State
Acknowledgment (LS Ack) for the new LSA has already been received
from this neighbor, examine the next neighbor.
To determine whether an Ack for the new LSA has been received from
the neighbor, the router maintains an Acked LSA List for each
adjacent neighbor, as described in Section 8.4. When a new LSA is
received, the Acked LSA List for each neighbor, on each MANET
interface, should be updated by removing any LS Ack that is for an
older instance of the LSA than the one received.
The following description will use the notion of a "covered"
neighbor. A neighbor k is defined to be covered if the LSA was sent
as a multicast by a MANET neighbor j, and neighbor k belongs to the
Bidirectional Neighbor Set (BNS) for neighbor j. A neighbor k is
also defined to be covered if the LSA was sent to the multicast
address AllSPFRouters by a neighbor j on a broadcast interface on
which both j and k are neighbors. (Note that j must be the DR or
Backup DR for the broadcast network, since only these routers may
send LSAs to AllSPFRouters on a broadcast network.)
The following steps must be performed for each eligible MANET
interface, to determine whether the new LSA should be forwarded on
(2) If every bidirectional neighbor on the interface satisfies at
least one of the following three conditions, examine the next
interface (the LSA is not flooded out this interface).
(a) The LSA was received from the neighbor.
(b) The LSA was received on a MANET or broadcast interface and the
neighbor is covered (defined above).
(c) An Ack for the LSA has been received from the neighbor.
Condition (c) MAY be omitted (thus ignoring Acks) in order to
simplify this step. Note that the above conditions do not
assume the outgoing interface is the same as the receiving
(3) If the LSA was received on this interface, and the router is an
MDR Other for this interface, examine the next interface (the LSA
is not flooded out this interface).
(4) If the LSA was received on this interface, and the router is a
Backup MDR or a non-flooding MDR for this interface, then the
router waits BackupWaitInterval before deciding whether to flood
the LSA. To accomplish this, the router creates a BackupWait
Neighbor List for the LSA, which initially includes every
bidirectional neighbor on this interface that does not satisfy
any of the conditions in Step 2. A single-shot BackupWait Timer
associated with the LSA is started, which is set to expire after
BackupWaitInterval seconds plus a small amount of random jitter.
(The actions performed when the BackupWait Timer expires are
described below in Section 8.1.2.) Examine the next interface
(the LSA is not yet flooded out this interface).
(5) If the router is a flooding MDR for this interface, or if the LSA
was originated by the router itself, then the LSA is flooded out
the interface (whether or not the LSA was received on this
interface) and the next interface is examined.
(6) If the LSA was received on a MANET or broadcast interface that is
different from this (outgoing) interface, then the following two
steps SHOULD be performed to avoid redundant flooding.
(a) If the router has a larger value of (RtrPri, MDR Level, RID)
on the outgoing interface than every covered neighbor (defined
above) that is a neighbor on BOTH the receiving and outgoing
interfaces (or if no such neighbor exists), then the LSA is
flooded out the interface and the next interface is examined.
(b) Else, the router waits BackupWaitInterval before deciding
whether to flood the LSA on the interface, by performing the
actions in Step 4 for a Backup MDR (whether or not the router
is a Backup MDR on this interface). A separate BackupWait
Neighbor List is created for each MANET interface, but only
one BackupWait Timer is associated with the LSA. Examine the
next interface (the LSA is not yet flooded out this
(7) If this step is reached, the LSA is flooded out the interface.
8.1.1. Note on Step 6 of LSA Forwarding Procedure
Performing the optional Step 6 can greatly reduce flooding overhead
if the LSA was received on a MANET or broadcast interface. For
example, assume that the LSA was received from the DR of a broadcast
network that includes 100 routers, and 50 of the routers (not
including the DR) are also attached to a MANET. Assume that these 50
routers are neighbors of each other in the MANET and that each has a
neighbor in the MANET that is not attached to the broadcast network
(and is therefore not covered). Then by performing Step 6 of the LSA
forwarding procedure, the number of routers that forward the LSA from
the broadcast network to the MANET is reduced from 50 to just 1
(assuming that at most 1 of the 50 routers is an MDR).
8.1.2. BackupWait Timer Expiration
If the BackupWait Timer for an LSA expires, then the following steps
are performed for each (MANET) interface for which a BackupWait
Neighbor List exists for the LSA.
(1) If the BackupWait Neighbor List for the interface contains at
least one router that is currently a bidirectional neighbor, the
following actions are performed.
(a) The LSA is flooded out the interface.
(b) If the LSA is on the Ack List for the interface (i.e., is
scheduled to be included in a delayed Link State
Acknowledgment packet), then the router SHOULD remove the LSA
from the Ack List, since the flooded LSA will be treated as an
(c) If the LSA is on the Link State retransmission list for any
neighbor, the retransmission SHOULD be rescheduled to occur
after RxmtInterval seconds.
(2) The BackupWait Neighbor List is then deleted (whether or not the
LSA is flooded).
8.2. Sending Link State Acknowledgments
This section describes the procedure for sending Link State
Acknowledgments (LS Acks) on MANET interfaces. Section 13.5 of
[RFC2328] remains unchanged for non-MANET interfaces, but does not
apply to MANET interfaces. To minimize overhead due to LS Acks, and
to take advantage of the broadcast nature of MANETs, all LS Ack
packets sent on a MANET interface are multicast using the IP address
AllSPFRouters. In addition, duplicate LSAs received as a multicast
are not acknowledged.
When a router receives an LSA, it must decide whether to send a
delayed Ack, an immediate Ack, or no Ack. The interface parameter
AckInterval is the interval between LS Ack packets when only delayed
Acks need to be sent. A delayed Ack SHOULD be delayed by at least
(RxmtInterval - AckInterval - 0.5) seconds and at most (RxmtInterval
- 0.5) seconds after the LSA instance being acknowledged was first
received. If AckInterval and RxmtInterval are equal to their default
values of 1 and 7 seconds, respectively, this reduces Ack traffic by
increasing the chance that a new instance of the LSA will be received
before the delayed Ack is sent. An immediate Ack is sent immediately
in a multicast LS Ack packet, which may also include delayed Acks
that were scheduled to be sent.
The decision whether to send a delayed or immediate Ack depends on
whether the received LSA is new (i.e., is more recent than the
database copy) or a duplicate (the same instance as the database
copy), and on whether the LSA was received as a multicast or a
unicast (which indicates a retransmitted LSA). The following rules
are used to make this decision.
(1) If the received LSA is new, a delayed Ack is sent on each MANET
interface associated with the area, unless the LSA is flooded out
(2) If the LSA is a duplicate and was received as a multicast, the
LSA is not acknowledged.
(3) If the LSA is a duplicate and was received as a unicast:
(a) If the router is an MDR, or AdjConnectivity = 2 and the
router is a Backup MDR, or AdjConnectivity = 0, then an
immediate Ack is sent out the receiving interface.
(b) Otherwise, a delayed Ack is sent out the receiving interface.
The reason that (Backup) MDRs send an immediate Ack when a
retransmitted LSA is received is to try to prevent other adjacent
neighbors from retransmitting the LSA, since (Backup) MDRs usually
have a large number of adjacent neighbors. MDR Other routers do not
send an immediate Ack (unless AdjConnectivity = 0) because they have
fewer adjacent neighbors, and so the potential benefit does not
justify the additional overhead resulting from sending immediate
8.3. Retransmitting LSAs
LSAs are retransmitted according to Section 13.6 of [RFC2328]. Thus,
LSAs are retransmitted only to adjacent routers. Therefore, since
OSPF-MDR does not allow an adjacency to be formed between two MDR
Other routers, an MDR Other never retransmits an LSA to another MDR
Other, only to its Parents, which are (Backup) MDRs.
Retransmitted LSAs are included in LSU packets that are unicast
directly to an adjacent neighbor that did not acknowledge the LSA
(explicitly or implicitly). The length of time between
retransmissions is given by the configurable interface parameter
RxmtInterval, whose default is 7 seconds for a MANET interface. To
reduce overhead, several retransmitted LSAs should be included in a
single LSU packet whenever possible.
8.4. Receiving Link State Acknowledgments
A Link State Acknowledgment (LS Ack) packet that is received from an
adjacent neighbor (in state Exchange or greater) is processed as
described in Section 13.7 of [RFC2328], with the additional steps
described in this section. An LS Ack packet that is received from a
neighbor in a lesser state than Exchange is discarded.
Each router maintains an Acked LSA List for each adjacent neighbor,
to keep track of any LSA instances the neighbor has acknowledged but
that the router itself has NOT yet received. This is necessary
because (unlike [RFC2328]) each router acknowledges an LSA only the
first time it is received as a multicast.
If the neighbor from which the LS Ack packet was received is in state
Exchange or greater, then the following steps are performed for each
LS Ack in the received LS Ack packet:
(1) If the router does not have a database copy of the LSA being
acknowledged, or has a database copy that is less recent than the
one being acknowledged, the LS Ack is added to the Acked LSA List
for the sending neighbor.
(2) If the router has a database copy of the LSA being acknowledged,
which is the same as the instance being acknowledged, then the
following action is performed. For each MANET interface for
which a BackupWait Neighbor List exists for the LSA (see Section
8.1), remove the sending neighbor from the BackupWait Neighbor
List if it belongs to the list.
Unlike the DR of an OSPF broadcast network, an MDR does not originate
a network-LSA, since a network-LSA cannot be used to describe the
general topology of a MANET. Instead, each router advertises a
subset of its MANET neighbors as point-to-point links in its router-
LSA. The choice of which MANET neighbors to include in the router-
LSA is flexible. Whether or not adjacency reduction is used, the
router can originate either partial-topology or full-topology LSAs.
If adjacency reduction is used (AdjConnectivity is 1 or 2), then as a
minimum requirement each router must advertise a minimum set of
"backbone" neighbors in its router-LSA. This minimum choice
corresponds to LSAFullness = 0, and results in the minimum amount of
LSA flooding overhead, but does not provide routing along shortest
Therefore, to allow routers to calculate shortest paths, without
requiring every pair of neighboring routers along the shortest paths
to be adjacent (which would be inefficient due to requiring a large
number of adjacencies), a router-LSA may also advertise non-adjacent
neighbors that satisfy a synchronization condition described below.
To motivate this, we note that OSPF already allows a non-adjacent
neighbor to be a next hop, if both the router and the neighbor belong
to the same broadcast network (and are both adjacent to the DR). A
network-LSA for a broadcast network (which includes all routers
attached to the network) implies that any router attached to the
network can forward packets directly to any other router attached to
the network (which is why the distance from the network to all
attached routers is zero in the graph representing the link-state
Since a network-LSA cannot be used to describe the general topology
of a MANET, the only way to advertise non-adjacent neighbors that can
be used as next hops is to include them in the router-LSA. However,
to ensure that such neighbors are sufficiently synchronized, only
"routable" neighbors are allowed to be included in LSAs, and to be
used as next hops in the SPF calculation.
9.1. Routable Neighbors
If adjacency reduction is used, a bidirectional MANET neighbor
becomes routable if the SPF calculation has found a route to the
neighbor and the neighbor satisfies the routable neighbor quality
condition (defined below). Since only routable and Full neighbors
are advertised in router-LSAs, and since adjacencies are selected to
form a connected spanning subgraph, this definition implies that
there exists, or recently existed, a path of full adjacencies from
the router to the routable neighbor. The idea is that, since a
routable neighbor can be reached through an acceptable path, it makes
sense to take a "shortcut" and forward packets directly to the
This requirement does not guarantee perfect synchronization, but
simulations have shown that it performs well in mobile networks.
This requirement avoids, for example, forwarding packets to a new
neighbor that is poorly synchronized because it was not reachable
before it became a neighbor.
To avoid selecting poor-quality neighbors as routable neighbors, a
neighbor that is selected as a routable neighbor must satisfy the
routable neighbor quality condition. By default, this condition is
that the neighbor's BNS must include the router itself (indicating
that the neighbor agrees the connection is bidirectional).
Optionally, a router may impose a stricter condition. For example, a
router may require that two Hellos have been received from the
neighbor that (explicitly or implicitly) indicate that the neighbor's
BNS includes the router itself.
The single-bit neighbor variable Routable indicates whether the
neighbor is routable, and is initially set to 0. If adjacency
reduction is used, Routable is updated as follows when the state of
the neighbor changes, or the SPF calculation finds a route to the
neighbor, or a Hello is received that affects the routable neighbor
(1) If Routable is 0 for the neighbor, the state of the neighbor is
2-Way or greater, there exists a route to the neighbor, and the
routable neighbor quality condition (defined above) is satisfied,
then Routable is set to 1 for the neighbor.
(2) If Routable is 1 for the neighbor and the state of the neighbor
is less than 2-Way, Routable is set to 0 for the neighbor.
If adjacency reduction is not used (AdjConnectivity = 0), then
routable neighbors are not computed and the set of routable neighbors
9.2. Backbone Neighbors
The flexible choice for the router-LSA is made possible by defining
two types of neighbors that are included in the router-LSA: backbone
neighbors and Selected Advertised Neighbors.
If adjacency reduction is used, a bidirectional neighbor is defined
to be a backbone neighbor if and only if it satisfies the condition
for becoming adjacent (see Section 7.2). If adjacency reduction is
not used (AdjConnectivity = 0), a bidirectional neighbor is a
backbone neighbor if and only if the neighbor's A-bit is 0
(indicating that the neighbor is using adjacency reduction). This
definition allows the interoperation between routers that use
adjacency reduction and routers that do not.
If adjacency reduction is used, then a router MUST include in its
router-LSA all Full neighbors and all routable backbone neighbors. A
minimal LSA, corresponding to LSAFullness = 0, includes only these
neighbors. This choice guarantees connectivity, but does not ensure
shortest paths. However, this choice is useful in large networks to
achieve maximum scalability.
9.3. Selected Advertised Neighbors
To allow flexibility while ensuring that router-LSAs are symmetric
(i.e., router i advertises a link to router j if and only if router j
advertises a link to router i), each router maintains a Selected
Advertised Neighbor set (SANS), which consists of MANET neighbors
that the router has selected to advertise in its router-LSA, not
including backbone neighbors. Since the SANS does not include
backbone neighbors (and thus Dependent Neighbors), the SANS and DNS
are disjoint. Both of these neighbor sets are advertised in Hellos.
If LSAFullness is 0 (minimal LSAs), then the SANS is empty. At the
other extreme, if LSAFullness is 4 (full-topology LSAs), the SANS
includes all bidirectional MANET neighbors except backbone neighbors.
In between these two extremes, a router that is using adjacency
reduction may select any subset of bidirectional non-backbone
neighbors as its SANS. The resulting router-LSA is constructed as
specified in Section 9.4.
Since a router that is not using adjacency reduction typically has no
backbone neighbors (unless it has neighbors that are using adjacency
reduction), to ensure connectivity, such a router must choose its
SANS to contain the SANS corresponding to LSAFullness = 1. Thus, if
AdjConnectivity is 0 (no adjacency reduction), then LSAFullness must
be 1, 2, or 4.
If LSAFullness is 1, the router originates min-cost LSAs, which are
partial-topology LSAs that (when flooded) provide each router with
sufficient information to calculate a shortest (minimum-cost) path to
each destination. Appendix C describes the algorithm for selecting
the neighbors to include in the SANS that results in min-cost LSAs.
The input to this algorithm includes information obtained from Hellos
received from each MANET neighbor, including the neighbor's
Bidirectional Neighbor Set (BNS), Dependent Neighbor Set (DNS),
Selected Advertised Neighbor Set (SANS), and the Metric TLV. The
Metric TLV, specified in Section A.2.5, is appended to each Hello
(unless all link costs are 1) to advertise the link cost to each
If LSAFullness is 2, the SANS must be selected to be a superset of
the SANS corresponding to LSAFullness = 1. This choice provides
shortest-path routing while allowing the router to advertise
additional neighbors to provide redundant routes.
If LSAFullness is 3, each MDR originates a full-topology LSA (which
includes all Full and routable neighbors), while each non-MDR router
originates a minimal LSA. If the router has multiple MANET
interfaces, the router-LSA includes all Full and routable neighbors
on each interface for which it is an MDR, and advertises only Full
neighbors and routable backbone neighbors on its other interfaces.
This choice provides routing along nearly shortest paths with
relatively low overhead.
Although this document specifies a few choices of the SANS, which
correspond to different values of LSAFullness, it is important to
note that other choices are possible. In addition, it is not
necessary for different routers to choose the same value of
LSAFullness. The different choices are interoperable because they
all require the router-LSA to include a minimum set of neighbors, and
because the construction of the router-LSA (described below) ensures
that the router-LSAs originated by different routers are consistent.
9.4. Originating Router-LSAs
When a new router-LSA is originated, it includes a point-to-point
(type 1) link for each MANET neighbor that is advertised. The set of
neighbors to be advertised is determined as follows. If adjacency
reduction is used, the router advertises all Full neighbors, and
advertises each routable neighbor j that satisfies any of the
following three conditions. If adjacency reduction is not used
(AdjConnectivity = 0), the router advertises each Full neighbor j
that satisfies any of the following three conditions.
(1) The router's SANS (for any interface) includes j.
(2) Neighbor j's SANS includes the router (to ensure symmetry).
(3) Neighbor j is a backbone neighbor.
Note that backbone neighbors and neighbors in the SANS need not be
routable or Full, but only routable and Full neighbors may be
included in the router-LSA. This is done so that the SANS, which is
advertised in Hellos, does not depend on routability.
The events that cause a new router-LSA to be originated are the same
as in [RFC2328] and [RFC5340] except that a MANET neighbor changing
to/from the Full state does not always cause a new router-LSA to be
originated. Instead, a new router-LSA is originated whenever a
change occurs that causes any of the following three conditions to
o There exists a MANET neighbor j that satisfies the above
conditions for inclusion in the router-LSA, but is not included in
the current router-LSA.
o The current router-LSA includes a MANET neighbor that is no longer
o The link metric has changed for a MANET neighbor that is included
in the current router-LSA.
The above conditions may be checked periodically just before sending
each Hello, instead of checking them every time one of the neighbor
sets changes. The following implementation was found to work well.
Just before sending each Hello, and whenever a bidirectional neighbor
transitions to less than 2-Way, the router runs the MDR selection
algorithm; updates its adjacencies, routable neighbors, and Selected
Advertised Neighbors; then checks the above conditions to see if a
new router-LSA should be originated. In addition, if a neighbor
becomes bidirectional or Full, the router updates its routable
neighbors and checks the above conditions.
10. Calculating the Routing Table
The routing table calculation is the same as specified in [RFC2328],
except for the following changes to Section 16.1 (Calculating the
shortest-path tree for an area). If full-topology adjacencies and
full-topology LSAs are used (AdjConnectivity = 0 and LSAFullness =
4), there is no change to Section 16.1.
If adjacency reduction is used (AdjConnectivity is 1 or 2), then
Section 16.1 is modified as follows. Recall from Section 9 that a
router can use any routable neighbor as a next hop to a destination,
whether or not the neighbor is advertised in the router-LSA. This is
accomplished by modifying Step 2 so that the router-LSA associated
with the root vertex is replaced with a dummy router-LSA that
includes links to all Full neighbors and all routable MANET
neighbors. In addition, Step 2b (checking for a link from W back to
V) MUST be skipped when V is the root vertex and W is a routable
MANET neighbor. However, Step 2b must still be executed when V is
not the root vertex, to ensure compatibility with OSPFv3.
If LSAFullness is 0 (minimal LSAs), then the calculated paths need
not be shortest paths. In this case, the path actually taken by a
packet can be shorter than the calculated path, since intermediate
routers may have routable neighbors that are not advertised in any
If full-topology adjacencies and partial-topology LSAs are used, then
Section 16.1 is modified as follows. Step 2 is modified so that the
router-LSA associated with the root vertex is replaced with a dummy
router-LSA that includes links to all Full neighbors. In addition,
Step 2b MUST be skipped when V is the root vertex and W is a Full
MANET neighbor. (This is necessary since the neighbor's router-LSA
need not contain a link back to the router.)
If adjacency reduction is used with partial-topology LSAs, then the
set of routable neighbors can change without causing the contents of
the router-LSA to change. This could happen, for example, if a
routable neighbor that was not included in the router-LSA transitions
to the Down or Init state. Therefore, if the set of routable
neighbors changes, the shortest-path tree must be recalculated, even
if the router-LSA does not change.
After the shortest-path tree and routing table are calculated, the
set of routable neighbors must be updated, since a route to a non-
routable neighbor may have been discovered. If the set of routable
neighbors changes, then the shortest-path tree and routing table must
be calculated a second time. The second calculation will not change
the set of routable neighbors again, so two calculations are
sufficient. If the set of routable neighbors is updated periodically
every HelloInterval seconds, then it is not necessary to update the
set of routable neighbors immediately after the routing table is
11. Security Considerations
As with OSPFv3 [RFC5340], OSPF-MDR can use the IPv6 Authentication
Header (AH) [RFC4302] and/or the IPv6 Encapsulation Security Payload
(ESP) [RFC4303] to provide authentication, integrity, and/or
confidentiality. The use of AH and ESP for OSPFv3 is described in
Generic threats to routing protocols are described and categorized in
[RFC4593]. The mechanisms described in [RFC4552] provide protection
against many of these threats, but not all of them. In particular,
as mentioned in [RFC5340], these mechanisms do not provide protection
against compromised, malfunctioning, or misconfigured routers (also
called Byzantine routers); this is true for both OSPFv3 and OSPF-MDR.
The extension of OSPFv3 to include MANET routers does not introduce
any new security threats. However, the use of a wireless medium and
lack of infrastructure, inherent with MANET routers, may render some
of the attacks described in [RFC4593] easier to mount. Depending on
the network context, these increased vulnerabilities may increase the
need to provide authentication, integrity, and/or confidentiality, as
well as anti-replay service.
For example, sniffing of routing information and traffic analysis are
easier tasks with wireless routers than with wired routers, since the
attacker only needs to be within the radio range of a router. The
use of confidentiality (encryption) provides protection against
sniffing but not traffic analysis.
Similarly, interference attacks are also easier to mount against
MANET routers due to their wireless nature. Such attacks can be
mounted even if OSPF packets are protected by authentication and
confidentiality, e.g., by transmitting noise or replaying outdated
OSPF packets. As discussed below, an anti-replay service (provided
by both ESP and AH) can be used to protect against the latter attack.
The following threat actions are also easier with MANET routers:
spoofing (assuming the identify of a legitimate router),
falsification (sending false routing information), and overloading
(sending or triggering an excessive amount of routing updates).
These attacks are only possible if authentication is not used, or the
attacker takes control of a router or is able to forge legitimacy
(e.g., by discovering the cryptographic key).
[RFC4552] mandates the use of manual keying when current IPsec
protocols are used with OSPFv3. Routers are required to use manually
configured keys with the same security association (SA) parameters
for both inbound and outbound traffic. For MANET routers, this
implies that all routers attached to the same MANET must use the same
key for multicasting packets. This is required in order to achieve
scalability and feasibility, as explained in [RFC4552]. Future
specifications can explore the use of automated key management
protocols that may be suitable for MANETs.
As discussed in [RFC4552], the use of manual keys can increase
vulnerability. For example, manual keys are usually long lived, thus
giving an attacker more time to discover the keys. In addition, the
use of the same key on all routers attached to the same MANET leaves
all routers insecure against impersonation attacks if any one of the
routers is compromised.
Although [RFC4302] and [RFC4303] state that implementations of AH and
ESP SHOULD NOT provide anti-replay service in conjunction with SAs
that are manually keyed, it is important to note that such service is
allowed if the sequence number counter at the sender is correctly
maintained across local reboots until the key is replaced.
Therefore, it may be possible for MANET routers to make use of the
anti-replay service provided by AH and ESP.
When an OSPF routing domain includes both MANET networks and fixed
networks, the frequency of OSPF updates either due to actual topology
changes or malfeasance could result in instability in the fixed
networks. In situations where this is a concern, it is recommended
that the border routers segregate the MANET networks from the fixed
networks with either separate OSPF areas or, in cases where legacy
routers are very sensitive to OSPF update frequency, separate OSPF
instances. With separate OSPF areas, the 5-second MinLSInterval will
dampen the frequency of changes originated in the MANET networks.
Additionally, OSPF ranges can be configured to aggregate prefixes for
the areas supporting MANET networks. With separate OSPF instances,
more conservative local policies can be employed to limit the volume
of updates emanating from the MANET networks.
12. IANA Considerations
This document defines three new LLS TLV types: MDR-Hello TLV (14),
MDR-Metric TLV (16), and MDR-DD TLV (15) (see Section A.2).
Thanks to Aniket Desai for helpful discussions and comments,
including the suggestion that Router Priority should come before MDR
Level in the lexicographical comparison of (RtrPri, MDR Level, RID)
when selecting MDRs and BMDRs, and that the MDR calculation should be
repeated if it causes the MDR Level to change. Thanks also to Tom
Henderson, Acee Lindem, and Emmanuel Baccelli for helpful discussions
14. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302, December
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
4303, December 2005.
[RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality
for OSPFv3", RFC 4552, June 2006.
[RFC5243] Ogier, R., "OSPF Database Exchange Summary List
Optimization", RFC 5243, May 2008.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, July 2008.
[RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D.
Yeung, "OSPF Link-Local Signaling", RFC 5613, August
15. Informative References
[Lawler] Lawler, E., "Combinatorial Optimization: Networks and
Matroids", Holt, Rinehart, and Winston, New York, 1976.
[Suurballe] Suurballe, J.W. and R.E. Tarjan, "A Quick Method for
Finding Shortest Pairs of Disjoint Paths", Networks, Vol.
14, pp. 325-336, 1984.
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to
Routing Protocols", RFC 4593, October 2006.