BIER support via ISIS

Bit Index Explicit Replication (BIER) defines an architecture where all intended multicast receivers are encoded as bitmask in the Multicast packet header within different encapsulations such as . A router that receives such a packet will forward the packet based on the Bit Position in the packet header towards the receiver(s), following a precomputed tree for each of the bits in the packet. Each receiver is represented by a unique bit in the bitmask. This document presents necessary extensions to the currently deployed ISIS for IP protocol to support distribution of information necessary for operation of BIER domains and sub-domains. This document defines a new TLV to be advertised by every router participating in BIER signaling. This document defines support for MPLS encapsulation as specified in . Support for other encapsulation types is outside the scope of this document. The use of multiple encapsulation types is outside the scope of this document.

Some of the terminology specified in is replicated here and extended by necessary definitions: Bit Index Explicit Replication (The overall architecture of forwarding multicast using a Bit Position). BIER Overlay Signaling. (The method for the BFIR to learn about BFER's). Bit Forwarding Router (A router that participates in Bit Index Multipoint Forwarding). A BFR is identified by a unique BFR-prefix in a BIER domain. Bit Forwarding Ingress Router (The ingress border router that inserts the BM into the packet). Each BFIR must have a valid BFR-id assigned. Bit Forwarding Egress Router. A router that participates in Bit Index Forwarding as leaf. Each BFER must be a BFR. Each BFER must have a valid BFR-id assigned. Bit Forwarding Tree used to reach all BFERs in a domain. A further distinction within a BIER domain identified by its unique sub-domain identifier. A BIER sub-domain can support multiple BitString Lengths. An optional, unique identifier for a BFR within a BIER sub-domain. Unassigned BFR-id. The special value 0 is reserved for this purpose. BIER Algorithm. Used to calculate underlay next hops. IGP Algorithm. May be used to modify, enhance or replace the calculation of underlay paths as defined by the BAR value Shortest Path First routing calculation based on IGP link metric

This document adds the following new sub-TLV to the registry of Sub-TLVs for TLVs 135, 235, 236, and 237. Value: 32 (suggested - to be assigned by IANA) Name: BIER Info This document also introduces a new registry for sub-sub-TLVs for the BIER Info sub-TLV added above. The registration policy is Expert Review as defined in . This registry is part of the "IS-IS TLV Codepoints" registry. The name of the registry is "sub-sub-TLVs for BIER Info sub-TLV". The defined values are:

IANA is requested to set up a registry called "BIER Algorithm Registry" under category "Bit Index Explicit Replication". The registration policies for this registry are: "Standards Action" for values 0-127 “Specification Required” for values 128-240 "Experimental Use" for values 240-254" The initial values in the BIER Algorithm Registry are: 0: No BIER specific algorithm is used 1-254: Unassigned 255: Reserved

An ISIS signalled BIER domain is aligned with the scope of distribution of BFR-prefixes that identify the BFRs within ISIS. ISIS acts in such a case as the supporting BIER underlay. Within such a domain, the extensions defined in this document advertise BIER information for one or more BIER sub-domains. Each sub-domain is uniquely identified by a subdomain-id (SD). Each subdomain is associated with a single ISIS topology (MT) , which may be any of the topologies supported by ISIS. Local configuration controls which <MT,SD> pairs are supported by a router. The mapping of sub-domains to topologies MUST be consistent within the IS-IS flooding domain used to advertise BIER information. Each BIER sub-domain has as its unique attributes the encapsulation used and the type of tree it is using to forward BIER frames (currently always SPF). Additionally, per supported bitstring length in the sub-domain, each router will advertise the necessary label ranges to support it.

BIER information advertisements are associated with a new sub-TLV in the extended reachability TLVs. BIER information is always associated with a host prefix which MUST be a node address for the advertising node. If this is not the case the advertisement MUST be ignored. Therefore the following restrictions apply: Prefix length MUST be 32 for an IPv4 prefix or 128 for an IPv6 prefix When the Prefix Attributes Flags sub-TLV is present N flag MUST be set and R flag MUST NOT be set. BIER sub-TLVs MUST be included when a prefix reachability advertisement is leaked between levels.

A given sub-domain is supported within one and only one topology. All routers in the flooding scope of the BIER sub-TLVs MUST advertise the same sub-domain within the same multi-topology. A router receiving an <MT,SD> advertisement which does not match the locally configured pair MUST report a misconfiguration of the received <MT,SD> pair. All received BIER advertisements associated with the conflicting <MT,SD> pair MUST be ignored. Note that in the presence of such a misconfiguration this will lead to partitioning of the sub-domian. Example: The following combination of advertisements are valid: <0,0> <0,1> <2,2>. The following combination of advertisements are invalid: <0,0> <0,1> <2,0>. Advertisements associated with <0,0> and <2,0> must be ignored.

If a BFER/BFIR is configured with a BFR-id then it advertises this value in its BIER advertisements. If no BFR-id is configured then the value "Invalid BFR-id" is advertised. A valid BFR-id MUST be unique within the flooding scope of the BIER advertisements. All BFERs/BFIRs MUST detect advertisement of duplicate valid BFR-IDs for a given <MT, SD>. When such duplication is detected all of the routers advertising duplicates MUST be treated as if they did not advertise a valid BFR-id. This implies they cannot act as BFER or BFIR in that <MT,SD>.

Whenever an advertisement is received which violates any of the constraints defined in this document the receiving router MUST support logging this occurrence. Logging SHOULD be dampened to avoid excessive output.

It is expected that changes in BIER domain information which is advertised by IS-IS occur infrequently. If this expectation is not met for an extended period of time (more than a few seconds of burstiness) changes will increase the number of Link State PDU (LSP) updates and negatively impact performance in the network. Implementations SHOULD protect against this possibility e.g., by dampening updates if they occur over an extended period of time.

All ISIS BIER information is carried within the TLVs 235, 237 or TLVs 135 , or TLV 236.

This sub-TLV carries the information for the BIER sub-domains that the router participates in as BFR. This sub-TLV MAY appear multiple times in a given prefix-reachability TLV - once for each sub-domain supported in the associated topology. The sub-TLV advertises a single <MT,SD> combination followed by optional sub-sub-TLVs as described in the following sections.

as indicated in IANA section. variable BIER Algorithm. Specifies a BIER specific algorithm used to calculate underlay paths to reach BFERs. Values are allocated from the BIER Algorithm Registry. 1 octet IGP algorithm. Specifies an IGP Algorithm to either modify, enhance or replace the calculation of underlay paths to reach BFERs as defined by the BAR value. Values are from the IGP Algorithm registry. 1 octet Unique value identifying the BIER sub-domain. 1 octet A 2 octet field encoding the BFR-id, as documented in . If no BFR-id has been assigned the value of this field is set to "Invalid BFR-id", which is defined as illegal in . The use of non-zero values in either the BAR field or the IPA field is outside the scope of this document. If an implementation does not support the use of non-zero values in these fields, but receives a BIER Info sub-TLV containing non-zero values in these fields, it SHOULD treat the advertising router as incapable of supporting BIER (one way of handling incapable routers is documented in section 6.9 of and additional methods may be defined in the future).

This sub-sub-TLV carries the information for the BIER MPLS encapsulation including the label range for a specific bitstring length for a certain <MT,SD>. It is advertised within the BIER Info sub-TLV ( ) . This sub-sub-TLV MAY appear multiple times within a single BIER info sub-TLV. If the same Bitstring length is repeated in multiple sub-sub-TLVs inside the same BIER Info Sub-TLV, the BIER Info sub-TLV MUST be ignored. Label ranges within all BIER MPLS Encapsulation sub-sub-TLVs across all BIER Info sub-TLVs advertised by the same BFR MUST NOT overlap. If overlap is detected, the advertising router MUST be treated as if it did not advertise any BIER sub-TLVs. Label values MUST NOT match any of the reserved values defined in

value of 1 indicating MPLS encapsulation. 4 Maximum Set Identifier (section 1 of [RFC8279]) used in the encapsulation for this BIER sub-domain for this bitstring length, 1 octet. Each SI maps to a single label in the label range. The first label is for SI=0, the second label is for SI=1, etc. If the label associated with the Maximum Set Identifier exceeds the 20 bit range the sub-sub-TLV MUST be ignored. Encoded bitstring length as per . 4 bits. First label of the range, 20 bits. The labels are as defined in .

Security concerns for IS-IS are addressed in and . The Security Considerations section of discusses the possibility of performing a Denial of Service (DoS) attack by setting too many bits in the BitString of a BIER-encapsulated packet. However, this sort of DoS attack cannot be initiated by modifying the ISIS BIER advertisements specified in this document. A BFIR decides which systems are to receive a BIER-encapsulated packet. In making this decision, it is not influenced by the ISIS control messages. When creating the encapsulation, the BFIR sets one bit in the encapsulation for each destination system. The information in the ISIS BIER advertisements is used to construct the forwarding tables that map each bit in the encapsulation into a set of next hops for the host that is identified by that bit, but is not used by the BFIR to decide which bits to set. Hence an attack on the ISIS control plane cannot be used to cause this sort of DoS attack. While a BIER-encapsulated packet is traversing the network, a BFR that receives a BIER-encapsulated packet with n bits set in its BitString may have to replicate the packet and forward multiple copies. However, a given bit will only be set in one copy of the packet. That means that each transmitted replica of a received packet has fewer bits set (i.e., is targeted to fewer destinations) than the received packet. This is an essential property of the BIER forwarding process as defined in . While a failure of this process might cause a DoS attack (as discussed in the Security Considerations of ), such a failure cannot be caused by an attack on the ISIS control plane. Further discussion of BIER specific security considerations can be found in .

The RFC is aligned with the draft as far as the protocol mechanisms overlap. Many thanks for comments from (in no particular order) Hannes Gredler, Ijsbrand Wijnands, Peter Psenak and Chris Bowers. Special thanks to Eric Rosen.