LSR Working Group A. Wang Internet-Draft China Telecom Intended status: Standards Track Z. Hu Expires: April 24, 2021 Huawei Technologies G. Mishra Verizon Inc. October 21, 2020 Passive Interface Attribute draft-wang-lsr-passive-interface-attribute-05 Abstract This document describes the mechanism that can be used to differentiate the passive interfaces from the normal interfaces within ISIS or OSPF domain. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 24, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Wang, et al. Expires April 24, 2021 [Page 1] Internet-Draft PIA October 2020 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions used in this document . . . . . . . . . . . . . . 3 3. Consideration for flagging passive interface . . . . . . . . 3 4. Prefix Attribute for Passive Interface . . . . . . . . . . . 3 4.1. ISIS Prefix Attribute for Passive Interface . . . . . . . 3 4.2. OSPF Prefix Attribute for Passive Interface . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 5 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 8.2. Informative References . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction Passive interfaces are used commonly within an operators enterprise or service provider networks. One of the most common use cases for passive interface is in a data center Layer 2 and Layer 3 TOR(Top of Rack) switch where the inter connected links between the TOR switches and uplinks to the Core switch are only a few links and a majority of the links are Layer 3 VLAN Switched Virtual Interface Default Gateways trunked between the TOR switches serving Layer 2 broadcast domains. In this scenario all the VLANs are made passive as it is recommended to limit the number of network LSAs between routers and switches to avoid unnecessary hello processing overhead. Another common use case is an inter-as routing scenario where the same routing protocol but different IGP instance is running between the adjacent BGP domains. Using passive interface on the inter-as tiepoint connections can ensure that prefixes contained within a domain are only reachable within the domain itself and not allow the link state database to be merged between domain which could result in undesirable consequences. For operator which runs different IGP domains that interconnect with each other via the passive interfaces, there is desire to obtain the inter-as topology information as described in [I-D.ietf-idr-bgpls-inter-as-topology-ext]. If the router that runs BGP-LS within one IGP domain can distinguish passive interfaces from other normal interfaces, it is then easy for the router to report these passive links using BGP-LS to centralized PCE controller. Wang, et al. Expires April 24, 2021 [Page 2] Internet-Draft PIA October 2020 On the other hand, passive interfaces are normally the boundary of one IGP domain, knowing them can facilitate the operators to apply various policies on such interfaces, for example, to secure their networks, or filtering the incoming traffic with scrutiny. But OSPF and ISIS have no position to flag such passive interface now. This document defines the protocol extension for OSPF and ISIS to indicate the prefix that comes from passive interface. 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] . 3. Consideration for flagging passive interface ISIS [RFC5029] defines the Link-Attributes Sub-TLV to carry the link attribute information, but this Sub-TLV can only be carried within the TLV 22, which is used to described the attached neighbor. For passive interface, there is no ISIS neighbor, then it is not appropriate to use this Sub-TLV to indicate the passive attribute of the interface. OSPFv2[RFC2328] defines link type field within Router LSA, the type 3 for connections to a stub network can be used to identified the passive interface. But in OSPFv3 [RFC5340], type 3 within the Router-LSA has been reserved. The information that associated with stub network has been put in the Intra-Area-Prefix-LSAs. It is necessary for ISIS and OSPF to extend the protocol to flag the passive interface then. 4. Prefix Attribute for Passive Interface Considering there is no IGP neighbor for the passive interface, we select to define the attribute of the prefix that associated with the passive interface, similar as the treatment of stub link type in OSPF v3. 4.1. ISIS Prefix Attribute for Passive Interface [RFC7794] defines the "IPv4/IPv6 Extended Reachability Attribute Flags" sub-TLV to advertise the additional flags associated with a given prefix advertisement. We propose new bit(Bit 5 is desired) to Wang, et al. Expires April 24, 2021 [Page 3] Internet-Draft PIA October 2020 be assigned by the IANA for the passive interface attribute, as illustrated in Figure 2: 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |X|R|N|E|A|U| | | +-+-+-+-+-+-+-+-+ Figure 2: Prefix Attribute Flags U-flag: Unactive Flag(Bit 5) Set for local interface that is configured as passive interface. When the interfaces on one router be configured as passive interface, the U-flag bit will be set in the "IPv4/IPv6 Extended Reachability Attribute Flags" sub-TLV. This sub-TLV will be included in the TLV 135, TLV 235, TLV 236 and TLV 237 as necessary and be flooded within the ISIS domain. 4.2. OSPF Prefix Attribute for Passive Interface [RFC5340] defines the "Prefix Option field" in "Intra-Area-Prefix- LSAs" to describe the prefix capabilities. The bits in this field can be defined to flag the prefix coming from the passive interface. We propose new bit(Bit 0 is desired) to be assigned by the IANA for the passive interface, as illustrated in Figure 3: 0 1 2 3 4 5 6 7 +--+--+--+--+--+-+--+--+ | U| E| N|DN| P|x|LA|NU| +--+--+--+--+--+-+--+--+ Figure 3: The Prefix Options Field U-flag: Unactive Flag(Bit 0) Set for local interface that is configured as passive interface. When the interfaces on one router is configured as passive interface, the U-flag bit will be set in the "Prefix Option field" of Intra- Area-Prefix-LSAs. The router that receives such advertisement can then easily distinguish the passive interfaces from the normal interface, and reports them to the PCE controller if it runs the BGP-LS protocol. Wang, et al. Expires April 24, 2021 [Page 4] Internet-Draft PIA October 2020 5. Security Considerations Security concerns for ISIS are addressed in [RFC5304] and[RFC5310] Security concern for OSPFv3 is addressed in [RFC4552] Advertisement of the additional information defined in this document introduces no new security concerns. 6. IANA Considerations IANA is requested to allocate the U-bit (Bit position 5 is desired) from the "Bit Values for Prefix Attribute Flags Sub-TLV" registry of ISIS TLV codepoint. IANA is requested to allocate the U-bit(Bit position 0 is desired) from the "OSPFv3 Prefix Options" registry of OSPFv3 Parameters codepoint. 7. Acknowledgement Thanks Shunwan Zhang, Tony Li, Les Ginsberg, Acee Lindem, Peter Psenak, Dhruv Dhody, Jeff Tantsura and Robert Raszuk for their suggestions and comments on this idea. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, . [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, . [RFC5029] Vasseur, JP. and S. Previdi, "Definition of an IS-IS Link Attribute Sub-TLV", RFC 5029, DOI 10.17487/RFC5029, September 2007, . Wang, et al. Expires April 24, 2021 [Page 5] Internet-Draft PIA October 2020 [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic Authentication", RFC 5304, DOI 10.17487/RFC5304, October 2008, . [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., and M. Fanto, "IS-IS Generic Cryptographic Authentication", RFC 5310, DOI 10.17487/RFC5310, February 2009, . [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, . [RFC7794] Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794, March 2016, . 8.2. Informative References [I-D.ietf-idr-bgpls-inter-as-topology-ext] Wang, A., Chen, H., Talaulikar, K., and S. Zhuang, "BGP-LS Extension for Inter-AS Topology Retrieval", draft-ietf- idr-bgpls-inter-as-topology-ext-09 (work in progress), September 2020. Authors' Addresses Aijun Wang China Telecom Beiqijia Town, Changping District Beijing 102209 China Email: wangaj3@chinatelecom.cn Zhibo Hu Huawei Technologies Huawei Bld., No.156 Beiqing Rd. Beijing 100095 China Email: huzhibo@huawei.com Wang, et al. Expires April 24, 2021 [Page 6] Internet-Draft PIA October 2020 Gyan S. Mishra Verizon Inc. 13101 Columbia Pike Silver Spring MD 20904 United States of America Email: gyan.s.mishra@verizon.com Wang, et al. Expires April 24, 2021 [Page 7]