< draft-ietf-ospf-node-admin-tag-07.txt | draft-ietf-ospf-node-admin-tag-08.txt > | |||
---|---|---|---|---|
Open Shortest Path First IGP S. Hegde | Open Shortest Path First IGP S. Hegde | |||
Internet-Draft Juniper Networks, Inc. | Internet-Draft Juniper Networks, Inc. | |||
Intended status: Standards Track R. Shakir | Intended status: Standards Track R. Shakir | |||
Expires: April 11, 2016 Individual | Expires: April 18, 2016 Individual | |||
A. Smirnov | A. Smirnov | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Z. Li | Z. Li | |||
Huawei Technologies | Huawei Technologies | |||
B. Decraene | B. Decraene | |||
Orange | Orange | |||
October 9, 2015 | October 16, 2015 | |||
Advertising per-node administrative tags in OSPF | Advertising per-node administrative tags in OSPF | |||
draft-ietf-ospf-node-admin-tag-07 | draft-ietf-ospf-node-admin-tag-08 | |||
Abstract | Abstract | |||
This document describes an extension to OSPF protocol to add an | This document describes an extension to the OSPF protocol to add an | |||
optional operational capability, that allows tagging and grouping of | optional operational capability, that allows tagging and grouping of | |||
the nodes in an OSPF domain. This allows simplification, ease of | the nodes in an OSPF domain. This allows simplification, ease of | |||
management and control over route and path selection based on | management and control over route and path selection based on | |||
configured policies. This document describes an extension to OSPF | configured policies. This document describes an extension to the | |||
protocol to advertise per-node administrative tags. The node-tags | OSPF protocol to advertise per-node administrative tags. The node- | |||
can be used to express and apply locally-defined network policies | tags can be used to express and apply locally-defined network | |||
which is a very useful operational capability. Node tags may be used | policies which is a very useful operational capability. Node tags | |||
either by OSPF itself or by other applications consuming information | may be used either by OSPF itself or by other applications consuming | |||
propagated via OSPF. | information propagated via OSPF. | |||
This document describes the protocol extensions to disseminate per- | This document describes the protocol extensions to disseminate per- | |||
node administrative-tags to the OSPFv2 and OSPFv3 protocol. It | node administrative tags to the OSPFv2 and OSPFv3 protocol. It | |||
provides example use cases of administrative node tags. | provides example use cases of administrative node tags. | |||
Requirements Language | Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
Status of This Memo | Status of This Memo | |||
skipping to change at page 2, line 10 | skipping to change at page 2, line 10 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on April 11, 2016. | This Internet-Draft will expire on April 18, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 34 | skipping to change at page 2, line 34 | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3 | 2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3 | |||
3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3 | 3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3 | |||
3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 | 3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 | |||
3.2.1. Interpretation of Node Administrative Tags . . . . . 4 | ||||
3.2.2. Use of Node Administrative Tags . . . . . . . . . . . 5 | ||||
3.2.3. Processing Node Administrative Tag changes . . . . . 6 | ||||
4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 | 4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 | |||
4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 6 | 4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 7 | |||
4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7 | 4.3. Controlling Remote LFA tunnel termination . . . . . . . . 8 | |||
4.4. Mobile back-haul network service deployment . . . . . . . 8 | 4.4. Mobile back-haul network service deployment . . . . . . . 8 | |||
4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 | 4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 | |||
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
6. Operational Considerations . . . . . . . . . . . . . . . . . 11 | 6. Operational Considerations . . . . . . . . . . . . . . . . . 11 | |||
7. Manageability Considerations . . . . . . . . . . . . . . . . 11 | 7. Manageability Considerations . . . . . . . . . . . . . . . . 12 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 | 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | |||
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
11.2. Informative References . . . . . . . . . . . . . . . . . 13 | 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
1. Introduction | 1. Introduction | |||
It is useful to assign a per-node administrative tag to a router in | It is useful to assign a per-node administrative tag to a router in | |||
the OSPF domain and use it as an attribute associated with the node. | the OSPF domain and use it as an attribute associated with the node. | |||
The per-node administrative tag can be used in variety of | The per-node administrative tag can be used in variety of | |||
applications, for ex: - Traffic-engineering applications to provide | applications, for example: | |||
different path-selection criteria, - Prefer or prune certain paths in | ||||
Loop Free Alternate (LFA) backup selection via local policies. | (a) Traffic-engineering applications to provide different path- | |||
selection criteria. | ||||
(b) Prefer or prune certain paths in Loop Free Alternate (LFA) | ||||
backup selection via local policies as defined in | ||||
[I-D.ietf-rtgwg-lfa-manageability]. | ||||
This document provides mechanisms to advertise per-node | This document provides mechanisms to advertise per-node | |||
administrative tags in OSPF for route and path selection. Route and | administrative tags in OSPF for route and path selection. Route and | |||
path selection functionality applies to both to TE and non-TE | path selection functionality applies to both to TE and non Traffic | |||
applications and hence new TLV for carrying per-node administrative | Engineering (TE) applications and hence new TLV for carrying per-node | |||
tags is included in Router Information LSA [RFC4970] . | administrative tags is included in Router Information (RI) Link State | |||
Advertisement (LSA) [I-D.ietf-ospf-rfc4970bis]. | ||||
2. Administrative Tag TLV | 2. Administrative Tag TLV | |||
An administrative Tag is a 32-bit integer value that can be used to | An administrative Tag is a 32-bit integer value that can be used to | |||
identify a group of nodes in the OSPF domain. | identify a group of nodes in the OSPF domain. | |||
The new TLV defined will be carried within an RI LSA for OSPFV2 and | The new TLV defined will be carried within an RI LSA for OSPFV2 and | |||
OSPFV3. Router information LSA [RFC4970] can have link, area or AS | OSPFV3. Router information (RI)LSA [I-D.ietf-ospf-rfc4970bis] can | |||
level flooding scope. Choosing the flooding scope to flood the group | have link-, area- or Autonomous Sytem (AS) level flooding scope. The | |||
tags are defined by the policies and is a local matter. | choice of what scope at which to flood the group tags is a matter of | |||
local policy.It is expected that node administrative tag values will | ||||
not be portable across administrative domains. | ||||
The TLV specifies one or more administrative tag values. An OSPF | The TLV specifies one or more administrative tag values. An OSPF | |||
node advertises the set of groups it is part of in the OSPF domain. | node advertises the set of groups it is part of in the OSPF domain | |||
(for example, all PE-nodes are configured with certain tag value, all | (for example, all PE-nodes are configured with certain tag value, all | |||
P-nodes are configured with a different tag value in the domain). | P-nodes are configured with a different tag value in the domain). | |||
Multiple TLVs MAY be added in same RI-LSA or in a different instance | Multiple TLVs MAY be added in same RI-LSA or in a different instance | |||
of the RI LSA as defined in [I-D.acee-ospf-rfc4970bis]. | of the RI LSA as defined in [I-D.ietf-ospf-rfc4970bis]. | |||
3. OSPF per-node administrative tag TLV | 3. OSPF per-node administrative tag TLV | |||
3.1. TLV format | 3.1. TLV format | |||
[RFC4970], defines Router Information (RI) LSA which may be used to | [I-D.ietf-ospf-rfc4970bis], defines Router Information (RI) LSA which | |||
advertise properties of the originating router. Payload of the RI | may be used to advertise properties of the originating router. The | |||
LSA consists of one or more nested Type/Length/Value (TLV) triplets. | payload of the RI LSA consists of one or more nested Type/Length/ | |||
Node administrative tags are advertised in the Node Administrative | Value (TLV) triplets. Node administrative tags are advertised in the | |||
Tag TLV. The format of Node Administrative Tag TLV is: | Node Administrative Tag TLV. The format of the Node Administrative | |||
Tag TLV is: | ||||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Length | | | Type | Length | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Administrative Tag #1 | | | Administrative Tag #1 | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Administrative Tag #2 | | | Administrative Tag #2 | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
// // | // // | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Administrative Tag #N | | | Administrative Tag #N | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 1: OSPF per-node Administrative Tag TLV | Figure 1: OSPF per-node Administrative Tag TLV | |||
Type : TBA, Suggested value 10 | Type : TBA, Suggested value 10 | |||
Length: A 16-bit field that indicates the length of the value portion | Length: A 16-bit field that indicates the length of the value portion | |||
in octets and will be a multiple of 4 octets dependent on the number | in octets and will be a multiple of 4 octets dependent on the number | |||
of tags advertised. | of tags advertised. | |||
Value: A sequence of multiple 4 octets defining the administrative | Value: A sequence of multiple four octets defining the administrative | |||
tags. At least one tag MUST be carried if this TLV is included in | tags. At least one tag MUST be carried if this TLV is included in | |||
the RI-LSA. | the RI-LSA. | |||
3.2. Elements of procedure | 3.2. Elements of procedure | |||
Meaning of the Node administrative tags is generally opaque to OSPF. | 3.2.1. Interpretation of Node Administrative Tags | |||
Router advertising the per-node administrative tag (or tags) may be | ||||
configured to do so without knowing (or even explicitly supporting) | The meaning of the Node administrative tags is generally opaque to | |||
functionality implied by the tag. | OSPF. Routers advertising the per-node administrative tag (or tags) | |||
may be configured to do so without knowing (or even without | ||||
supporting processing of) the functionality implied by the tag. This | ||||
section describes general rules/ regulations and guidelines for using | ||||
and interpreting an administrative tag which will facilitate | ||||
interoperable implementations by vendors. | ||||
Interpretation of tag values is specific to the administrative domain | Interpretation of tag values is specific to the administrative domain | |||
of a particular network operator, and hence tag values SHOULD NOT be | of a particular network operator, and hence tag values SHOULD NOT be | |||
propagated outside the administrative domain to which they apply. | propagated outside the administrative domain to which they apply. | |||
The meaning of a per-node administrative tag is defined by the | The meaning of a per-node administrative tag is defined by the | |||
network local policy and is controlled via the configuration. If a | network local policy and is controlled via the configuration. If a | |||
receiving node does not understand the tag value or does not have a | receiving node does not understand the tag value or does not have a | |||
local policy corresponding to the tag, it ignores the specific tag | local policy corresponding to the tag, it ignores the specific tag | |||
and floods the RI LSA without any change as defined in [RFC4970]. | and floods the RI LSA without any change as defined in | |||
[I-D.ietf-ospf-rfc4970bis]. | ||||
The semantics of the tag order has no meaning. That is, there is no | The semantics of the tag order has no meaning. That is, there is no | |||
implied meaning to the ordering of the tags that indicates a certain | implied meaning to the ordering of the tags that indicates a certain | |||
operation or set of operations that need to be performed based on the | operation or set of operations that need to be performed based on the | |||
ordering. | ordering. | |||
Each tag MUST be treated as an independent identifier that MAY be | Each tag must be treated as an independent identifier that may be | |||
used in policy to perform a policy action. Tags carried by the | used in policy to perform a policy action. Each tag carried by the | |||
administrative tag TLV SHOULD be used to indicate independent | administrative tag TLV should be used to indicate a characteristic of | |||
characteristics of a node. The administrative tag list within the | a node that is independent of the characteristics indicated by other | |||
TLV MUST be considered an unordered list. Whilst policies may be | administrative tags. The administrative tag list within the TLV MUST | |||
implemented based on the presence of multiple tags (e.g., if tag A | be considered an unordered list. Whilst policies may be implemented | |||
AND tag B are present), they MUST NOT be reliant upon the order of | based on the presence of multiple tags (e.g., if tag A AND tag B are | |||
the tags (i.e., all policies should be considered commutative | present), they MUST NOT be reliant upon the order of the tags (i.e., | |||
operations, such that tag A preceding or following tag B does not | all policies should be considered commutative operations, such that | |||
change their outcome). | tag A preceding or following tag B does not change their outcome). | |||
To avoid incomplete or inconsistent interpretations of the per-node | To avoid incomplete or inconsistent interpretations of the per-node | |||
administrative tags the same tag value MUST NOT be advertised by a | administrative tags the same tag value MUST NOT be advertised by a | |||
router in RI LSAs of different scopes. The same tag MAY be | router in RI LSAs of different scopes. The same tag MAY be | |||
advertised in multiple RI LSAs of the same scope, for example, OSPF | advertised in multiple RI LSAs of the same scope, for example, OSPF | |||
Area Border Router (ABR) may advertise the same tag in area-scope RI | Area Border Router (ABR) may advertise the same tag in area-scope RI | |||
LSAs in multiple areas connected to the ABR. | LSAs in multiple areas connected to the ABR. If a node | |||
administrative tag is received in different scopes, the conflicting | ||||
tag SHOULD not be used and this situation SHOULD be logged as an | ||||
error including the tag with conflicting scopes and the | ||||
originator(s). An ABR in a stub or NSSA area MAY originate AS scoped | ||||
RI LSAs and flood them into non-stub/NSSA areas and MAY originate | ||||
area scoped RI LSAs into the stub/NSSA areas as the AS scoped LSAs | ||||
are not flooded into stub/NSSA areas. | ||||
The per-node administrative tags are not meant to be extended by the | 3.2.2. Use of Node Administrative Tags | |||
future OSPF standards. The new OSPF extensions MUST NOT require use | ||||
of per-node administrative tags or define well-known tag values. | The per-node administrative tags are not meant to be extended by | |||
Node administrative tags are for generic use and do not require IANA | future OSPF standards. New OSPF extensions are not expected to | |||
registry. The future OSPF extensions requiring well known values MAY | require use of per-node administrative tags or define well-known tag | |||
define their own data signalling tailored to the needs of the feature | values. Node administrative tags are for generic use and do not | |||
or MAY use capability TLV as defined in [RFC4970]. | require IANA registry. Future OSPF extensions requiring well known | |||
values MAY define their own data signalling tailored to the needs of | ||||
the feature or MAY use the capability TLV as defined in | ||||
[I-D.ietf-ospf-rfc4970bis]. | ||||
Being part of the RI LSA, the per-node administrative tag TLV must be | Being part of the RI LSA, the per-node administrative tag TLV must be | |||
reasonably small and stable. In particular, but not limited to, | reasonably small and stable. In particular, implementations | |||
implementations supporting the per-node administrative tags MUST NOT | supporting per-node administrative tags MUST NOT be used to convey | |||
tie advertised tags to changes in the network topology (both within | attributes of the routing topology or associate tags with changes in | |||
and outside the OSPF domain) or reachability of routes. | the network topology (both within and outside the OSPF domain) or | |||
reachability of routes. | ||||
3.2.3. Processing Node Administrative Tag changes | ||||
Multiple node administrative tag TLVs MAY appear in an RI LSA or | Multiple node administrative tag TLVs MAY appear in an RI LSA or | |||
multiple node administrative tag TLVs MAY be contained in different | multiple node administrative tag TLVs MAY be contained in different | |||
instances of the RI LSA. The node administrative tags associated | instances of the RI LSA. The node administrative tags associated | |||
with a node that originates tags for the purpose of any computation | with a node that originates tags for the purpose of any computation | |||
or processing at a receiving node SHOULD be a superset of node | or processing at a receiving node SHOULD be a superset of node | |||
administrative tags from all the TLVs in all the received RI LSA | administrative tags from all the TLVs in all the received RI LSA | |||
instances originated by that node.When an RI LSA is received that | instances in the Link-State Database (LSDB) advertised by the | |||
changes the set of tags applicable to any originating node, a | corresponding OSPF router. When an RI LSA is received that changes | |||
receiving node MUST repeat any computation or processing that is | the set of tags applicable to any originating node, which has | |||
based on those administrative tags. | features depending on node administrative tags , a receiving node | |||
MUST repeat any computation or processing that is based on those | ||||
administrative tags. | ||||
When there is a change or removal of an administrative affiliation of | When there is a change or removal of an administrative affiliation of | |||
a node, the node MUST re-originate the RI LSA with the latest set of | a node, the node MUST re-originate the RI LSA with the latest set of | |||
node administrative tags. On the receiver, When there is a change in | node administrative tags. On the receiver, When there is a change in | |||
the node administrative tag TLV or removal/ addition of a TLV in any | the node administrative tag TLV or removal/ addition of a TLV in any | |||
instance of the RI-LSA, implementations MUST take appropriate | instance of the RI-LSA, implementations MUST take appropriate | |||
measures to update its state according to the changed set of tags. | measures to update their state according to the changed set of tags. | |||
Exact actions depend on features working with administrative tags and | The exact actions needed depend on features working with | |||
is outside of scope of this specification. | administrative tags and is outside of scope of this specification. | |||
4. Applications | 4. Applications | |||
This section lists several examples of how implementations might use | This section lists several examples of how implementations might use | |||
the Node administrative tags. These examples are given only to | the per-node administrative tags. These examples are given only to | |||
demonstrate generic usefulness of the router tagging mechanism. | demonstrate the generic usefulness of the router tagging mechanism. | |||
Implementation supporting this specification is not required to | Implementations supporting this specification are not required to | |||
implement any of the use cases. It is also worth noting that in some | implement any of these use cases. It is also worth noting that in | |||
described use cases routers configured to advertise tags help other | some described use cases routers configured to advertise tags help | |||
routers in their calculations but do not themselves implement the | other routers in their calculations but do not themselves implement | |||
same functionality. | the same functionality. | |||
4.1. Service auto-discovery | 4.1. Service auto-discovery | |||
Router tagging may be used to automatically discover group of routers | Router tagging may be used to automatically discover a group of | |||
sharing a particular service. | routers sharing a particular service. | |||
For example, service provider might desire to establish full mesh of | For example, a service provider might desire to establish a full mesh | |||
MPLS TE tunnels between all PE routers in the area of MPLS VPN | of MPLS TE tunnels between all PE routers in the area of the MPLS VPN | |||
network. Marking all PE routers with a tag and configuring devices | network. Marking all PE routers with a tag and configuring devices | |||
with a policy to create MPLS TE tunnels to all other devices | with a policy to create MPLS TE tunnels to all other devices | |||
advertising this tag will automate maintenance of the full mesh. | advertising this tag will automate maintenance of the full mesh. | |||
When new PE router is added to the area, all other PE devices will | When new PE router is added to the area, all other PE devices will | |||
open TE tunnels to it without the need of reconfiguring them. | open TE tunnels to it without the need of reconfiguring them. | |||
4.2. Fast-Re-routing policy | 4.2. Fast-Re-routing policy | |||
Increased deployment of Loop Free Alternates (LFA) as defined in | Increased deployment of Loop Free Alternates (LFA) as defined in | |||
[RFC5286] poses operation and management challenges. | [RFC5286] poses operation and management challenges. | |||
[I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when | [I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when | |||
implemented, will ease LFA operation concerns. | implemented, will ease LFA operation concerns. | |||
One of the proposed refinements is to be able to group the nodes in | One of the proposed refinements is to be able to group the nodes in | |||
IGP domain with administrative tags and engineer the LFA based on | an IGP domain with administrative tags and engineer the LFA based on | |||
configured policies. | configured policies. | |||
(a) Administrative limitation of LFA scope | (a) Administrative limitation of LFA scope | |||
Service provider access infrastructure is frequently designed in | Service provider access infrastructure is frequently designed in | |||
layered approach with each layer of devices serving different | a layered approach with each layer of devices serving different | |||
purposes and thus having different hardware capabilities and | purposes and thus having different hardware capabilities and | |||
configured software features. When LFA repair paths are being | configured software features. When LFA repair paths are being | |||
computed, it may be desirable to exclude devices from being | computed, it may be desirable to exclude devices from being | |||
considered as LFA candidates based on their layer. | considered as LFA candidates based on their layer. | |||
For example, if the access infrastructure is divided into the | For example, if the access infrastructure is divided into the | |||
Access, Distribution and Core layers it may be desirable for a | Access, Distribution and Core layers it may be desirable for a | |||
Distribution device to compute LFA only via Distribution or Core | Distribution device to compute LFA only via Distribution or Core | |||
devices but not via Access devices. This may be due to features | devices but not via Access devices. This may be due to features | |||
enabled on Access routers; due to capacity limitations or due to | enabled on Access routers, due to capacity limitations or due to | |||
the security requirements. Managing such a policy via | the security requirements. Managing such a policy via | |||
configuration of the router computing LFA is cumbersome and error | configuration of the router computing LFA is cumbersome and error | |||
prone. | prone. | |||
With the Node administrative tags it is possible to assign a tag | With the Node administrative tags it is possible to assign a tag | |||
to each layer and implement LFA policy of computing LFA repair | to each layer and implement LFA policy of computing LFA repair | |||
paths only via neighbors which advertise the Core or Distribution | paths only via neighbors which advertise the Core or Distribution | |||
tag. This requires minimal per-node configuration and network | tag. This requires minimal per-node configuration and the | |||
automatically adapts when new links or routers are added. | network automatically adapts when new links or routers are added. | |||
(b) LFA calculation optimization | (b) LFA calculation optimization | |||
Calculation of LFA paths may require significant resources of the | Calculation of LFA paths may require significant resources of the | |||
router. One execution of Dijkstra algorithm is required for each | router. One execution of Dijkstra's algorithm is required for | |||
neighbor eligible to become next hop of repair paths. Thus a | each neighbor eligible to become the next hop of repair paths. | |||
router with a few hundreds of neighbors may need to execute the | ||||
algorithm hundreds of times before the best (or even valid) | Thus, a router with a few hundreds of neighbors may need to | |||
repair path is found. Manually excluding from the calculation | execute the algorithm hundreds of times before the best (or even | |||
neighbors which are known to provide no valid LFA (such as | valid) repair path is found. Manually excluding from the | |||
single-connected routers) may significantly reduce number of | calculation neighbors that are known to provide no valid LFA | |||
Dijkstra algorithm runs. | (such as single-connected routers) may significantly reduce | |||
number of Dijkstra algorithm runs. | ||||
LFA calculation policy may be configured so that routers | LFA calculation policy may be configured so that routers | |||
advertising certain tag value are excluded from LFA calculation | advertising certain tag value are excluded from LFA calculation | |||
even if they are otherwise suitable. | even if they are otherwise suitable. | |||
4.3. Controlling Remote LFA tunnel termination | 4.3. Controlling Remote LFA tunnel termination | |||
[RFC7490] defined a method of tunnelling traffic after connected link | [RFC7490] defined a method of tunnelling traffic after connected link | |||
failure to extend the basic LFA coverage and algorithm to find tunnel | failure to extend the basic LFA coverage and an algorithm to find | |||
tail-end routers fitting LFA requirement. In most cases proposed | tunnel tail-end routers fitting LFA requirement. In most cases the | |||
algorithm finds more than one candidate tail-end router. In real | proposed algorithm finds more than one candidate tail-end router. In | |||
life network it may be desirable to exclude some nodes from the list | real-life network it may be desirable to exclude some nodes from the | |||
of candidates based on the local policy. This may be either due to | list of candidates based on the local policy. This may be either due | |||
known limitations of the node (the router does not accept targeted | to known limitations of the node (the router does not accept the | |||
LDP sessions required to implement Remote LFA tunnelling) or due to | targeted LDP sessions required to implement Remote LFA tunnelling) or | |||
administrative requirements (for example, it may be desirable to | due to administrative requirements (for example, it may be desirable | |||
choose tail-end router among co-located devices). | to choose the tail-end router among co-located devices). | |||
The Node administrative tag delivers simple and scalable solution. | The Node administrative tag delivers a simple and scalable solution. | |||
Remote LFA can be configured with a policy to accept during the tail- | Remote LFA can be configured with a policy to accept during the tail- | |||
end router calculation as candidates only routers advertising certain | end router calculation as candidates only routers advertising a | |||
tag. Tagging routers allows to both exclude nodes not capable of | certain tag. Tagging routers allows to both exclude nodes not | |||
serving as Remote LFA tunnel tail-ends and to define a region from | capable of serving as Remote LFA tunnel tail-ends and to define a | |||
which tail-end router must be selected. | region from which tail-end router must be selected. | |||
4.4. Mobile back-haul network service deployment | 4.4. Mobile back-haul network service deployment | |||
The topology of mobile back-haul network usually adopts ring topology | Mobile back-haul networks usually adopt a ring topology to save fibre | |||
to save fibre resource and it is divided into the aggregate network | resources; it is usually divided into the aggregate network and the | |||
and the access network. Cell Site Gateways(CSGs) connects the | access network. Cell Site Gateways(CSGs) connects the eNodeBs and | |||
eNodeBs and RNC(Radio Network Controller) Site Gateways(RSGs) | RNC(Radio Network Controller) Site Gateways(RSGs) connects the RNCs. | |||
connects the RNCs. The mobile traffic is transported from CSGs to | The mobile traffic is transported from CSGs to RSGs. The network | |||
RSGs. The network takes a typical aggregate traffic model that more | takes a typical aggregate traffic model that more than one access | |||
than one access rings will attach to one pair of aggregate site | rings will attach to one pair of aggregate site gateways(ASGs) and | |||
gateways(ASGs) and more than one aggregate rings will attach to one | more than one aggregate rings will attach to one pair of RSGs. | |||
pair of RSGs. | ||||
---------------- | ---------------- | |||
/ \ | / \ | |||
/ \ | / \ | |||
/ \ | / \ | |||
+------+ +----+ Access +----+ | +------+ +----+ Access +----+ | |||
|eNodeB|---|CSG1| Ring 1 |ASG1|------------ | |eNodeB|---|CSG1| Ring 1 |ASG1|------------ | |||
+------+ +----+ +----+ \ | +------+ +----+ +----+ \ | |||
\ / \ | \ / \ | |||
\ / +----+ +---+ | \ / +----+ +---+ | |||
skipping to change at page 8, line 47 | skipping to change at page 9, line 33 | |||
+------+ +----+ +----+ | +------+ +----+ +----+ | |||
\ / | \ / | |||
\ / | \ / | |||
\ / | \ / | |||
----------------- | ----------------- | |||
Figure 2: Mobile Backhaul Network | Figure 2: Mobile Backhaul Network | |||
A typical mobile back-haul network with access rings and aggregate | A typical mobile back-haul network with access rings and aggregate | |||
links is shown in figure above. The mobile back-haul networks deploy | links is shown in figure above. The mobile back-haul networks deploy | |||
traffic engineering due to the strict Service Level Agreements(SLA). | traffic engineering due to strict Service Level Agreements(SLA). The | |||
The TE paths may have additional constraints to avoid passing via | Traffic Engineering(TE) paths may have additional constraints to | |||
different access rings or to get completely disjoint backup TE paths. | avoid passing via different access rings or to get completely | |||
The mobile back-haul networks towards the access side change | disjoint backup TE paths. The mobile back-haul networks towards the | |||
frequently due to the growing mobile traffic and addition of new LTE | access side change frequently due to the growing mobile traffic and | |||
Evolved NodeBs (eNodeB). It's complex to satisfy the requirements | addition of new LTE Evolved NodeBs (eNodeB). It's complex to satisfy | |||
using cost, link color or explicit path configurations. The node | the requirements using cost, link color or explicit path | |||
administrative tag defined in this document can be effectively used | configurations. The node administrative tag defined in this document | |||
to solve the problem for mobile back-haul networks. The nodes in | can be effectively used to solve the problem for mobile back-haul | |||
different rings can be assigned with specific tags. TE path | networks. The nodes in different rings can be assigned with specific | |||
computation can be enhanced to consider additional constraints based | tags. TE path computation can be enhanced to consider additional | |||
on node administrative tags. | constraints based on node administrative tags. | |||
4.5. Explicit routing policy | 4.5. Explicit routing policy | |||
Partially meshed network provides multiple paths between any two | A partially meshed network provides multiple paths between any two | |||
nodes in the network. In a data centre environment, the topology is | nodes in the network. In a data centre environment, the topology is | |||
usually highly symmetric with many/all paths having equal cost. In a | usually highly symmetric with many/all paths having equal cost. In a | |||
long distance network, this is usually less the case for a variety of | long distance network, this is usually less the case, for a variety | |||
reasons (e.g. historic, fibre availability constraints, different | of reasons (e.g. historic, fibre availability constraints, different | |||
distances between transit nodes, different roles ...). Hence between | distances between transit nodes, different roles ...). Hence between | |||
a given source and destination, a path is typically preferred over | a given source and destination, a path is typically preferred over | |||
the others, while between the same source and another destination, a | the others, while between the same source and another destination, a | |||
different path may be preferred. | different path may be preferred. | |||
+--------------------+ | +----------------------+ +----------------+ | |||
| | | | \ / | | |||
| +----------+ | | | +-----------------+ x +---------+ | | |||
| | | | | | | \/ \/ | | | |||
+-T-10-T | | | | | +-T-10-T | | | |||
/ | /| | | | | | / | /| | | | |||
/ 100 / | | | | | | / 100 / | | | | |||
/ | | 100 | | | | | / | | 100 | | | |||
/ +-+-+ | | | | | | / +-+-+ | | | | |||
/ / | | | | | | | / / | | | | | |||
/ / R-18-R | | | | | / / R-18-R | | | |||
10 10 /\ /\ | | | | | 10 10 /\ /\ | | | |||
/ / / \ / \ | | | | | / / / \ / \ | | | |||
/ | / x \ | | | | | / / / x \ | | | |||
A-25-A 10 10 \ \ | | | | | / / 10 10 \ \ | | | |||
/ / 10 10 | | | | | / / / / 10 10 | | | |||
/ / \ \ | | | | | / / / / \ \ | | | |||
A-25-A A-25-A | | | | | A-25-A A-25-A A-25-A | | | |||
\ \ / / | | | | | | | \ \ / / | | | |||
201 201 201 201 | | | | | | | 201 201 201 201 | | | |||
\ \ / / | | | | | | | \ \ / / | | | |||
\ x / | | | | | 201 201 \ x / | | | |||
\ / \ / | | | | | | | \ / \ / | | | |||
\/ \/ | | | | | | | \/ \/ | | | |||
I-24-I 100 100 | | | I-24-I I-24-I 100 100 | |||
| | | | | | | / / | | | | | |||
| +-----------+ | | | +-+ / | +-----------+ | | |||
| | | +---------+ +---------------------+ | |||
+---------------------+ | ||||
Figure 3: Explicit Routing topology | Figure 3: Explicit Routing topology | |||
In the above topology, operator may want to enforce the following | In the above topology, operator may want to enforce the following | |||
high level explicit routing policies: | high level explicit routing policies: | |||
- Traffic from A nodes to A nodes should preferably go through R | - Traffic from A nodes to A nodes should preferably go through R | |||
or T nodes (rather than through I nodes); | or T nodes (rather than through I nodes); | |||
- Traffic from A nodes to I nodes must not go through R and T | - Traffic from A nodes to I nodes must not go through R and T | |||
skipping to change at page 11, line 14 | skipping to change at page 11, line 22 | |||
having the tag "A" runs a CSPF with the exclusion of nodes having the | having the tag "A" runs a CSPF with the exclusion of nodes having the | |||
tag "I". | tag "I". | |||
5. Security Considerations | 5. Security Considerations | |||
Node administrative tags may be used by operators to indicate | Node administrative tags may be used by operators to indicate | |||
geographical location or other sensitive information. As indicated | geographical location or other sensitive information. As indicated | |||
in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not | in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not | |||
provide confidentiality and the information carried in node | provide confidentiality and the information carried in node | |||
administrative tags could be leaked to an IGP snooper. | administrative tags could be leaked to an IGP snooper. | |||
Confidentiality for the OSPF control packets can be achieved by | ||||
either running OSPF on top of IP Security (IPSEC) tunnels or by | ||||
applying IPSEC based security mechanisms as described in [RFC4552]. | ||||
Advertisement of tag values for one administrative domain into | Advertisement of tag values for one administrative domain into | |||
another risks misinterpretation of the tag values (if the two domains | another risks misinterpretation of the tag values (if the two domains | |||
have assigned different meanings to the same values), which may have | have assigned different meanings to the same values), which may have | |||
undesirable and unanticipated side effects. | undesirable and unanticipated side effects. | |||
[RFC4593] and [RFC6863] discuss the generic threats to routing | ||||
protocols and OSPF respectively. These security threats are also | ||||
applicable to the mechanisms described in this document.OSPF | ||||
authentication described in [RFC2328] and [RFC5340] or extended | ||||
authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD | ||||
be used in deployments where attackers have access to the physical | ||||
networks and nodes included in the OSPF domain are vulnerable. | ||||
6. Operational Considerations | 6. Operational Considerations | |||
Operators can assign meaning to the node administrative tags which is | Operators can assign meaning to the node administrative tags which is | |||
local to the operator's administrative domain. The operational use | local to the operator's administrative domain. The operational use | |||
of node administrative tags is analogical to the IS-IS prefix tags | of node administrative tags is analogical to the IS-IS prefix tags | |||
[RFC5130] and BGP communities [RFC1997]. Operational discipline and | [RFC5130] and BGP communities [RFC1997]. Operational discipline and | |||
procedures followed in configuring and using BGP communities and ISIS | procedures followed in configuring and using BGP communities and ISIS | |||
Prefix tags is also applicable to the usage of node administrative | Prefix tags is also applicable to the usage of node administrative | |||
tags. | tags. | |||
skipping to change at page 12, line 28 | skipping to change at page 12, line 46 | |||
inputs. Thanks to Chris Bowers for providing useful inputs to remove | inputs. Thanks to Chris Bowers for providing useful inputs to remove | |||
ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee | ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee | |||
Lindem for the inputs. Thanks to David Black for careful review and | Lindem for the inputs. Thanks to David Black for careful review and | |||
valuable suggestions for the document especially for the operations | valuable suggestions for the document especially for the operations | |||
section. | section. | |||
11. References | 11. References | |||
11.1. Normative References | 11.1. Normative References | |||
[I-D.acee-ospf-rfc4970bis] | [I-D.ietf-ospf-rfc4970bis] | |||
Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S. | Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S. | |||
Shaffer, "Extensions to OSPF for Advertising Optional | Shaffer, "Extensions to OSPF for Advertising Optional | |||
Router Capabilities", draft-acee-ospf-rfc4970bis-00 (work | Router Capabilities", draft-ietf-ospf-rfc4970bis-07 (work | |||
in progress), July 2014. | in progress), October 2015. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | |||
DOI 10.17487/RFC2328, April 1998, | DOI 10.17487/RFC2328, April 1998, | |||
<http://www.rfc-editor.org/info/rfc2328>. | <http://www.rfc-editor.org/info/rfc2328>. | |||
skipping to change at page 13, line 33 | skipping to change at page 14, line 5 | |||
[I-D.ietf-rtgwg-policy-model] | [I-D.ietf-rtgwg-policy-model] | |||
Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, | Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, | |||
"Routing Policy Configuration Model for Service Provider | "Routing Policy Configuration Model for Service Provider | |||
Networks", draft-ietf-rtgwg-policy-model-00 (work in | Networks", draft-ietf-rtgwg-policy-model-00 (work in | |||
progress), September 2015. | progress), September 2015. | |||
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | |||
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | |||
<http://www.rfc-editor.org/info/rfc1997>. | <http://www.rfc-editor.org/info/rfc1997>. | |||
[RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality | ||||
for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, | ||||
<http://www.rfc-editor.org/info/rfc4552>. | ||||
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to | ||||
Routing Protocols", RFC 4593, DOI 10.17487/RFC4593, | ||||
October 2006, <http://www.rfc-editor.org/info/rfc4593>. | ||||
[RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | |||
Control Mechanism in IS-IS Using Administrative Tags", | Control Mechanism in IS-IS Using Administrative Tags", | |||
RFC 5130, DOI 10.17487/RFC5130, February 2008, | RFC 5130, DOI 10.17487/RFC5130, February 2008, | |||
<http://www.rfc-editor.org/info/rfc5130>. | <http://www.rfc-editor.org/info/rfc5130>. | |||
[RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for | [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for | |||
IP Fast Reroute: Loop-Free Alternates", RFC 5286, | IP Fast Reroute: Loop-Free Alternates", RFC 5286, | |||
DOI 10.17487/RFC5286, September 2008, | DOI 10.17487/RFC5286, September 2008, | |||
<http://www.rfc-editor.org/info/rfc5286>. | <http://www.rfc-editor.org/info/rfc5286>. | |||
[RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security | ||||
According to the Keying and Authentication for Routing | ||||
Protocols (KARP) Design Guide", RFC 6863, | ||||
DOI 10.17487/RFC6863, March 2013, | ||||
<http://www.rfc-editor.org/info/rfc6863>. | ||||
[RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting | ||||
Authentication Trailer for OSPFv3", RFC 7166, | ||||
DOI 10.17487/RFC7166, March 2014, | ||||
<http://www.rfc-editor.org/info/rfc7166>. | ||||
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., | ||||
"Security Extension for OSPFv2 When Using Manual Key | ||||
Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, | ||||
<http://www.rfc-editor.org/info/rfc7474>. | ||||
Authors' Addresses | Authors' Addresses | |||
Shraddha Hegde | Shraddha Hegde | |||
Juniper Networks, Inc. | Juniper Networks, Inc. | |||
Embassy Business Park | Embassy Business Park | |||
Bangalore, KA 560093 | Bangalore, KA 560093 | |||
India | India | |||
Email: shraddha@juniper.net | Email: shraddha@juniper.net | |||
Rob Shakir | Rob Shakir | |||
End of changes. 49 change blocks. | ||||
163 lines changed or deleted | 230 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |