< draft-ietf-ospf-node-admin-tag-07.txt | draft-ietf-ospf-node-admin-tag-08.txt > | |||
---|---|---|---|---|
Open Shortest Path First IGP S. Hegde | Open Shortest Path First IGP S. Hegde | |||
Internet-Draft Juniper Networks, Inc. | Internet-Draft Juniper Networks, Inc. | |||
Intended status: Standards Track R. Shakir | Intended status: Standards Track R. Shakir | |||
Expires: April 11, 2016 Individual | Expires: April 13, 2016 Individual | |||
A. Smirnov | A. Smirnov | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Z. Li | Z. Li | |||
Huawei Technologies | Huawei Technologies | |||
B. Decraene | B. Decraene | |||
Orange | Orange | |||
October 9, 2015 | October 11, 2015 | |||
Advertising per-node administrative tags in OSPF | Advertising per-node administrative tags in OSPF | |||
draft-ietf-ospf-node-admin-tag-07 | draft-ietf-ospf-node-admin-tag-08 | |||
Abstract | Abstract | |||
This document describes an extension to OSPF protocol to add an | This document describes an extension to OSPF protocol to add an | |||
optional operational capability, that allows tagging and grouping of | optional operational capability, that allows tagging and grouping of | |||
the nodes in an OSPF domain. This allows simplification, ease of | the nodes in an OSPF domain. This allows simplification, ease of | |||
management and control over route and path selection based on | management and control over route and path selection based on | |||
configured policies. This document describes an extension to OSPF | configured policies. This document describes an extension to OSPF | |||
protocol to advertise per-node administrative tags. The node-tags | protocol to advertise per-node administrative tags. The node-tags | |||
can be used to express and apply locally-defined network policies | can be used to express and apply locally-defined network policies | |||
skipping to change at page 2, line 10 | skipping to change at page 2, line 10 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on April 11, 2016. | This Internet-Draft will expire on April 13, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 43 | skipping to change at page 2, line 43 | |||
3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 | 3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 | |||
4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 | 4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 | |||
4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 6 | 4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 6 | |||
4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7 | 4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7 | |||
4.4. Mobile back-haul network service deployment . . . . . . . 8 | 4.4. Mobile back-haul network service deployment . . . . . . . 8 | |||
4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 | 4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 | |||
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
6. Operational Considerations . . . . . . . . . . . . . . . . . 11 | 6. Operational Considerations . . . . . . . . . . . . . . . . . 11 | |||
7. Manageability Considerations . . . . . . . . . . . . . . . . 11 | 7. Manageability Considerations . . . . . . . . . . . . . . . . 11 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 | 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 | |||
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
11.2. Informative References . . . . . . . . . . . . . . . . . 13 | 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
1. Introduction | 1. Introduction | |||
It is useful to assign a per-node administrative tag to a router in | It is useful to assign a per-node administrative tag to a router in | |||
the OSPF domain and use it as an attribute associated with the node. | the OSPF domain and use it as an attribute associated with the node. | |||
The per-node administrative tag can be used in variety of | The per-node administrative tag can be used in variety of | |||
applications, for ex: - Traffic-engineering applications to provide | applications, for ex: - Traffic-engineering applications to provide | |||
different path-selection criteria, - Prefer or prune certain paths in | different path-selection criteria, - Prefer or prune certain paths in | |||
Loop Free Alternate (LFA) backup selection via local policies. | Loop Free Alternate (LFA) backup selection via local policies. | |||
skipping to change at page 4, line 35 | skipping to change at page 4, line 35 | |||
of tags advertised. | of tags advertised. | |||
Value: A sequence of multiple 4 octets defining the administrative | Value: A sequence of multiple 4 octets defining the administrative | |||
tags. At least one tag MUST be carried if this TLV is included in | tags. At least one tag MUST be carried if this TLV is included in | |||
the RI-LSA. | the RI-LSA. | |||
3.2. Elements of procedure | 3.2. Elements of procedure | |||
Meaning of the Node administrative tags is generally opaque to OSPF. | Meaning of the Node administrative tags is generally opaque to OSPF. | |||
Router advertising the per-node administrative tag (or tags) may be | Router advertising the per-node administrative tag (or tags) may be | |||
configured to do so without knowing (or even explicitly supporting) | configured to do so without knowing (or even without supporting | |||
functionality implied by the tag. | processing of) functionality implied by the tag. | |||
Interpretation of tag values is specific to the administrative domain | Interpretation of tag values is specific to the administrative domain | |||
of a particular network operator, and hence tag values SHOULD NOT be | of a particular network operator, and hence tag values SHOULD NOT be | |||
propagated outside the administrative domain to which they apply. | propagated outside the administrative domain to which they apply. | |||
The meaning of a per-node administrative tag is defined by the | The meaning of a per-node administrative tag is defined by the | |||
network local policy and is controlled via the configuration. If a | network local policy and is controlled via the configuration. If a | |||
receiving node does not understand the tag value or does not have a | receiving node does not understand the tag value or does not have a | |||
local policy corresponding to the tag, it ignores the specific tag | local policy corresponding to the tag, it ignores the specific tag | |||
and floods the RI LSA without any change as defined in [RFC4970]. | and floods the RI LSA without any change as defined in [RFC4970]. | |||
skipping to change at page 5, line 21 | skipping to change at page 5, line 21 | |||
AND tag B are present), they MUST NOT be reliant upon the order of | AND tag B are present), they MUST NOT be reliant upon the order of | |||
the tags (i.e., all policies should be considered commutative | the tags (i.e., all policies should be considered commutative | |||
operations, such that tag A preceding or following tag B does not | operations, such that tag A preceding or following tag B does not | |||
change their outcome). | change their outcome). | |||
To avoid incomplete or inconsistent interpretations of the per-node | To avoid incomplete or inconsistent interpretations of the per-node | |||
administrative tags the same tag value MUST NOT be advertised by a | administrative tags the same tag value MUST NOT be advertised by a | |||
router in RI LSAs of different scopes. The same tag MAY be | router in RI LSAs of different scopes. The same tag MAY be | |||
advertised in multiple RI LSAs of the same scope, for example, OSPF | advertised in multiple RI LSAs of the same scope, for example, OSPF | |||
Area Border Router (ABR) may advertise the same tag in area-scope RI | Area Border Router (ABR) may advertise the same tag in area-scope RI | |||
LSAs in multiple areas connected to the ABR. | LSAs in multiple areas connected to the ABR. If a node | |||
administrative tag is received in different scopes, the conflicting | ||||
tag SHOULD not be used and this situation SHOULD be logged as an | ||||
error including the tag with conflicting scopes and the | ||||
originator(s). | ||||
The per-node administrative tags are not meant to be extended by the | The per-node administrative tags are not meant to be extended by the | |||
future OSPF standards. The new OSPF extensions MUST NOT require use | future OSPF standards. The new OSPF extensions MUST NOT require use | |||
of per-node administrative tags or define well-known tag values. | of per-node administrative tags or define well-known tag values. | |||
Node administrative tags are for generic use and do not require IANA | Node administrative tags are for generic use and do not require IANA | |||
registry. The future OSPF extensions requiring well known values MAY | registry. The future OSPF extensions requiring well known values MAY | |||
define their own data signalling tailored to the needs of the feature | define their own data signalling tailored to the needs of the feature | |||
or MAY use capability TLV as defined in [RFC4970]. | or MAY use capability TLV as defined in [RFC4970]. | |||
Being part of the RI LSA, the per-node administrative tag TLV must be | Being part of the RI LSA, the per-node administrative tag TLV must be | |||
skipping to change at page 11, line 20 | skipping to change at page 11, line 20 | |||
geographical location or other sensitive information. As indicated | geographical location or other sensitive information. As indicated | |||
in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not | in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not | |||
provide confidentiality and the information carried in node | provide confidentiality and the information carried in node | |||
administrative tags could be leaked to an IGP snooper. | administrative tags could be leaked to an IGP snooper. | |||
Advertisement of tag values for one administrative domain into | Advertisement of tag values for one administrative domain into | |||
another risks misinterpretation of the tag values (if the two domains | another risks misinterpretation of the tag values (if the two domains | |||
have assigned different meanings to the same values), which may have | have assigned different meanings to the same values), which may have | |||
undesirable and unanticipated side effects. | undesirable and unanticipated side effects. | |||
[RFC4593] and [RFC6863] discuss the generic threats to routing | ||||
protocols and OSPF respectively. These security threats are also | ||||
applicable to the mechanisms described in this document.OSPF | ||||
authentication described in [RFC2328] and [RFC5340] or extended | ||||
authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD | ||||
be used in deployments where attackers have access to the physical | ||||
networks and nodes included in the OSPF domain are vulnerable. | ||||
6. Operational Considerations | 6. Operational Considerations | |||
Operators can assign meaning to the node administrative tags which is | Operators can assign meaning to the node administrative tags which is | |||
local to the operator's administrative domain. The operational use | local to the operator's administrative domain. The operational use | |||
of node administrative tags is analogical to the IS-IS prefix tags | of node administrative tags is analogical to the IS-IS prefix tags | |||
[RFC5130] and BGP communities [RFC1997]. Operational discipline and | [RFC5130] and BGP communities [RFC1997]. Operational discipline and | |||
procedures followed in configuring and using BGP communities and ISIS | procedures followed in configuring and using BGP communities and ISIS | |||
Prefix tags is also applicable to the usage of node administrative | Prefix tags is also applicable to the usage of node administrative | |||
tags. | tags. | |||
skipping to change at page 13, line 33 | skipping to change at page 13, line 42 | |||
[I-D.ietf-rtgwg-policy-model] | [I-D.ietf-rtgwg-policy-model] | |||
Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, | Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, | |||
"Routing Policy Configuration Model for Service Provider | "Routing Policy Configuration Model for Service Provider | |||
Networks", draft-ietf-rtgwg-policy-model-00 (work in | Networks", draft-ietf-rtgwg-policy-model-00 (work in | |||
progress), September 2015. | progress), September 2015. | |||
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | |||
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | |||
<http://www.rfc-editor.org/info/rfc1997>. | <http://www.rfc-editor.org/info/rfc1997>. | |||
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to | ||||
Routing Protocols", RFC 4593, DOI 10.17487/RFC4593, | ||||
October 2006, <http://www.rfc-editor.org/info/rfc4593>. | ||||
[RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy | |||
Control Mechanism in IS-IS Using Administrative Tags", | Control Mechanism in IS-IS Using Administrative Tags", | |||
RFC 5130, DOI 10.17487/RFC5130, February 2008, | RFC 5130, DOI 10.17487/RFC5130, February 2008, | |||
<http://www.rfc-editor.org/info/rfc5130>. | <http://www.rfc-editor.org/info/rfc5130>. | |||
[RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for | [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for | |||
IP Fast Reroute: Loop-Free Alternates", RFC 5286, | IP Fast Reroute: Loop-Free Alternates", RFC 5286, | |||
DOI 10.17487/RFC5286, September 2008, | DOI 10.17487/RFC5286, September 2008, | |||
<http://www.rfc-editor.org/info/rfc5286>. | <http://www.rfc-editor.org/info/rfc5286>. | |||
[RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security | ||||
According to the Keying and Authentication for Routing | ||||
Protocols (KARP) Design Guide", RFC 6863, | ||||
DOI 10.17487/RFC6863, March 2013, | ||||
<http://www.rfc-editor.org/info/rfc6863>. | ||||
[RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting | ||||
Authentication Trailer for OSPFv3", RFC 7166, | ||||
DOI 10.17487/RFC7166, March 2014, | ||||
<http://www.rfc-editor.org/info/rfc7166>. | ||||
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., | ||||
"Security Extension for OSPFv2 When Using Manual Key | ||||
Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, | ||||
<http://www.rfc-editor.org/info/rfc7474>. | ||||
Authors' Addresses | Authors' Addresses | |||
Shraddha Hegde | Shraddha Hegde | |||
Juniper Networks, Inc. | Juniper Networks, Inc. | |||
Embassy Business Park | Embassy Business Park | |||
Bangalore, KA 560093 | Bangalore, KA 560093 | |||
India | India | |||
Email: shraddha@juniper.net | Email: shraddha@juniper.net | |||
Rob Shakir | Rob Shakir | |||
Individual | Individual | |||
Email: rjs@rob.sh | Email: rjs@rob.sh | |||
Anton Smirnov | Anton Smirnov | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
De Kleetlaan 6a | De Kleetlaan 6a | |||
Diegem 1831 | Diegem 1831 | |||
Belgium | Belgium | |||
End of changes. 12 change blocks. | ||||
9 lines changed or deleted | 42 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |