idnits 2.17.1 draft-acee-idr-lldp-peer-discovery-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 7, 2020) is 1208 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'IEEE-802-IANA' is mentioned on line 129, but not defined == Missing Reference: 'TCP-MD5' is mentioned on line 308, but not defined == Missing Reference: 'TCP-AO' is mentioned on line 311, but not defined == Missing Reference: 'GTSM' is mentioned on line 314, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'LLDP' -- Possible downref: Non-RFC (?) normative reference: ref. 'MACsec' -- Possible downref: Non-RFC (?) normative reference: ref. 'MKA' -- Obsolete informational reference (is this intentional?): RFC 2385 (Obsoleted by RFC 5925) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Lindem 3 Internet-Draft Cisco Systems 4 Intended status: Standards Track K. Patel 5 Expires: June 10, 2021 Arrcus, Inc 6 S. Zandi 7 LinkedIn 8 J. Haas 9 Juniper Networks, Inc 10 X. Xu 11 Alibaba 12 December 7, 2020 14 BGP Logical Link Discovery Protocol (LLDP) Peer Discovery 15 draft-acee-idr-lldp-peer-discovery-08 17 Abstract 19 Link Layer Discovery Protocol (LLDP) or IEEE Std 802.1AB is 20 implemented in networking equipment from many vendors. It is natural 21 for IETF protocols to avail this protocol for simple discovery tasks. 22 This document describes how BGP would use LLDP to discover directly 23 connected and 2-hop peers when peering is based on loopback 24 addresses. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on June 10, 2021. 43 Copyright Notice 45 Copyright (c) 2020 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 62 1.1.1. Requirements Language . . . . . . . . . . . . . . . . 3 63 2. LLDP Extensions . . . . . . . . . . . . . . . . . . . . . . . 3 64 2.1. LLDP IETF Organizationally Specific TLV Format . . . . . 3 65 2.2. BGP Config OS-TLV Format . . . . . . . . . . . . . . . . 4 66 2.2.1. BGP Config OS-TLV - Peering Address Sub-TLV . . . . . 5 67 2.2.2. BGP Config OS-TLV - BGP Local AS Sub-TLV . . . . . . 6 68 2.2.3. BGP Config OS-TLV - BGP Identifier Sub-TLV . . . . . 7 69 2.2.4. BGP Config OS-TLV - Session Group-ID Sub-TLV . . . . 8 70 2.2.5. BGP Config OS-TLV - BGP Session Capabilities Sub-TLV 9 71 2.2.6. BGP Config OS-TLV - Key Chain Sub-TLV . . . . . . . . 10 72 2.2.7. BGP Config OS-TLV - Local Address Sub-TLV . . . . . . 11 73 3. BGP LLDP Peer Discovery Operations . . . . . . . . . . . . . 12 74 3.1. Advertising BGP Speaker . . . . . . . . . . . . . . . . . 12 75 3.2. Receiving BGP Speaker . . . . . . . . . . . . . . . . . . 12 76 4. LLDP Authentication/Encryption . . . . . . . . . . . . . . . 13 77 5. Security Considerations . . . . . . . . . . . . . . . . . . . 14 78 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 79 6.1. IANA Assigned LLDP Subtype . . . . . . . . . . . . . . . 14 80 6.2. BGP Config LLDP OS-TLV Sub-TLVs . . . . . . . . . . . . . 15 81 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 16 82 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 83 8.1. Normative References . . . . . . . . . . . . . . . . . . 16 84 8.2. Informative References . . . . . . . . . . . . . . . . . 16 85 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 17 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 88 1. Introduction 90 Link Layer Discovery Protocol (LLDP) [LLDP] or IEEE Std 802.1AB is 91 implemented in networking equipment from many vendors. It is natural 92 for IETF protocols to avail this protocol for simple discovery tasks. 93 This document describes how BGP [RFC4271] would use LLDP to discover 94 directly connected and 2-hop peers when peering is based on loopback 95 addresses. 97 1.1. Requirements Notation 99 1.1.1. Requirements Language 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 103 "OPTIONAL" in this document are to be interpreted as described in BCP 104 14 [RFC2119] [RFC8174] when, and only when, they appear in all 105 capitals, as shown here. 107 2. LLDP Extensions 109 2.1. LLDP IETF Organizationally Specific TLV Format 111 The format of the LLDP IETF Organizationally Specific TLV (OS-TLV) is 112 defined in [LLDP]. It is shown below for completeness. 114 0 1 2 3 115 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 116 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 117 | Type (127) | Length | OUI (3 Octets) 00-00-5E | 118 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 119 | OUI Continued | Subtype | Value | 120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 121 | ... (Up to 507 Octets) | 123 Type IETF Organizationally Specific TLV type value, 127. 125 Length The length of the remainder of the TLV. 127 OUI IETF Organizationally unique identifier for the 128 organization's OUI. For IANA, this is value is 129 00-00-5E as specified in [IEEE-802-IANA]. 131 Subtype IETF specific subtype 133 Value Value for organizationally specific TLV. The Length of 134 the value is 4 octets less than the TLV length. 136 LLDP IETF Organizationally Specific TLV 138 The OUI for IANA was allocated in section 1.4 of [RFC7042]. This 139 document requests creation of a registry for IETF specific sub-types 140 for LLDP IETF Organizationally Specific TLVs. 142 2.2. BGP Config OS-TLV Format 144 The BGP Config IETF Organizationally Specific TLV (OS-TLV) will be 145 used to advertise BGP configuration information. The configuration 146 information will be composed of Sub-TLVs. Since the length is 147 limited to 507 octets, multiple BGP Config OS-TLVs could be included 148 in a single LLDP advertisement. 150 0 1 2 3 151 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 | Type (127) | Length | OUI (3 Octets) 00-5E-00 | 154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 |OUI Continued | 1 | BGP Config Sub-TLVs ... | 156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 | ... (Up to 507 Octets) | 159 Length The length of the BGP TLV. 161 Subtype IETF specific subtype for BGP Config OS-TLV. The 162 value shall be 1. 164 Value BGP Config Sub-TLVs each with a 1 byte Type and 165 Length. The Length will include solely the value 166 portion of the TLV and not the Type and Length 167 fields themselves. 169 2.2.1. BGP Config OS-TLV - Peering Address Sub-TLV 171 The BGP OS-TLV Peering Address Sub-TLV will be used to advertise the 172 local IP addresses used for BGP sessions and the associated address 173 families specified by AFI/SAFI tuples. The AFI/SAFI tuple, 0/0, 174 indicates to use the associated peering address for all locally 175 configured address families without an explicit peering address 176 specification. As always, the address families supported for a given 177 BGP session will be determined during capabilities negotiation 178 [RFC4760]. It is RECOMMENDED that the wildcard AFI/SAFI be used in 179 deployments with fairly homogenous address family usage. 181 The format of the BGP Peering Address Sub-TLV is shown below. 183 0 1 2 3 184 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | Type (1) | Length | Address Family| IPv4/IPv6 | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 ~ IPv4/IPv6 Peering Address ... ~ 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | AFI | SAFI | o o o 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 Type The Sub-TLV Type value shall be 1. 195 Length The Sub-TLV length in octets will be 4 for IPv4 or 16 196 for IPv6 plus 3 times the number of AFI/SAFI tuples. 198 Address IANA Address family (1 for IPv4 or 2 for IPv6) 199 Family 201 Peering An IPv4 address (4 octets) or an IPv6 address (16 octets) 202 Address 204 AFI/SAFI One or more AFI/SAFI tuples for BGP session using this 205 Pairs peering address. The AFI/SAFI tuple, 0/0, is a wildcard 206 indicating to attempt negotiation for all AFI/SAFIs. 208 2.2.2. BGP Config OS-TLV - BGP Local AS Sub-TLV 210 The BGP Config OS-TLV Local AS Sub-TLV will be used to advertise the 211 4-octet local Autonomous System (AS) number(s). For AS transitions, 212 a second local AS number may be specified. The format of the BGP 213 Local AS Sub-TLV is shown below. 215 0 1 2 3 216 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 | Type (2) |Length (4 or 8)| Local AS | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | Local AS | Optional Second Local AS | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | Optional Second Local AS | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 Type The Sub-TLV Type value shall be 2. 227 Length The Sub-TLV Length will be 4 or 8 octets. 229 Local AS Local Autonomous System (AS) 231 Second Local AS Local Autonomous System (AS) 233 2.2.3. BGP Config OS-TLV - BGP Identifier Sub-TLV 235 The BGP Config OS-TLV BGP Identifier Sub-TLV will be used to 236 advertise the 4-octet local BGP Identifier. The BGP Identifier is 237 used for debugging purposes and possibly to reduce the likelihood of 238 BGP connection collisions. The format of the BGP Identifier Sub-TLV 239 is shown below. 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type (3) | Length (4) | BGP Identifier | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | BGP Identifier | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 Type The Sub-TLV Type value shall be 3. 251 Length The Sub-TLV Length will be 4 octets. 253 BGP Identifier Local BGP Identifier (aka, BGP Router ID) 255 2.2.4. BGP Config OS-TLV - Session Group-ID Sub-TLV 257 The BGP Config OS-TLV Session Group-ID Sub-TLV is an opaque 4-octet 258 value that is used to represent a category of BGP session that is 259 supported on the interface. The format of the Session Group-ID Sub- 260 TLV is shown below. 262 0 1 2 3 263 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 264 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 265 | Type (4) | Length (4) | Session Group-ID | 266 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 267 | Session Group-ID | 268 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 270 Type The Sub-TLV Type value shall be 4. 272 Length The Sub-TLV Length will be 4 octets. 274 Session Group-ID The session group-id used to indicate a 275 class or category of BGP session supported on 276 the interface. 278 2.2.5. BGP Config OS-TLV - BGP Session Capabilities Sub-TLV 280 The BGP Config OS-TLV Session Capabilities Sub-TLV will be used to 281 advertise an 8-octet Session Capabilities field. The session 282 capabilities are represented as bit flags identifying the supported 283 BGP session capabilities. The format of the BGP Session Capabilities 284 Sub-TLV is shown below. 286 0 1 2 3 287 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 | Type (5) | Length (8) | Session Capabilities | 290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 291 | Session Capabilities | 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | Session Capabilities | 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 Type The Sub-TLV Type value shall be 5. 298 Length The Sub-TLV Length will be 8 octets. 300 Session Bit fields identify BGP session capabilities 301 Capabilities 303 The BGP Session Capabilities is an 8-octet bit field. The most 304 significant bit is the first bit (Bit 1) of the Session Capabilities. 305 The following bits are defined: 307 Bit 1: This bit indicates support for TCP MD5 308 authentication [TCP-MD5]. 310 Bit 2: This bit indicates support for TCP-AO 311 authentication [TCP-AO]. 313 Bit 3: This bit indicates support for Generalized TTL 314 Security Mechanism (GTSM) [GTSM] with a 315 configured TTL range of 254-255. 317 TCP MD5 authentication is described in [RFC2385]. The TCP 318 Authentication Option (TCP-AO) is described in [RFC5925]. The 319 Generalized TTL Security Mechanism (GTSM) is described in [RFC5082]. 320 If both TCP MD5 authentication and TCP-AO authentication are 321 specified and TCP-AO is supported, it will take precedence. 323 2.2.6. BGP Config OS-TLV - Key Chain Sub-TLV 325 The BGP Config OS-TLV Key Chain Sub-TLV is a string specifying the 326 name for the key chain used for session authentication. Key chains 327 [RFC8177] are a commonly used for protocol authentication and 328 encryption key specification. Given the limited length of all BGP 329 configuration information, the key chain name will be limited to 64 330 characters and will not include a trailing string delimiter. The 331 format of the Session Group-ID Sub-TLV is shown below. 333 0 1 2 3 334 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 336 | Type (6) |Length (1 - 64)| Key Chain Name | 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 338 | Key Chain Name (Up to 64 Octets) | 339 O 340 O 341 O 342 | Key Chain Name | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 Type The Sub-TLV Type value shall be 6. 347 Length The Sub-TLV Length will be 1 - 64 octets. 349 Key Chain Name The name of a key chain to be used for 350 MD5 or TCP-AO authentication. 352 2.2.7. BGP Config OS-TLV - Local Address Sub-TLV 354 The BGP OS-TLV Local Address Sub-TLV will be used to advertise a 355 local IP addresses used for BGP next-hops. Advertising a local 356 interface address is useful when the address family is different from 357 the advertised BGP peering address. 359 The format of the BGP Local Interface Address Sub-TLV is shown below. 361 0 1 2 3 362 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Type (7) | Length | Address Family| IPv4/IPv6 | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 ~ IPv4/IPv6 Local Address ... ~ 367 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 Type The Sub-TLV Type value shall be 7. 371 Length The Sub-TLV length in octets will be 4 for IPv4 or 16 372 for IPv6 plus 3 times the number of AFI/SAFI tuples. 374 Address IANA Address family (1 for IPv4 or 2 for IPv6) 375 Family 377 Local An IPv4 address (4 octets) or an IPv6 address (16 octets) 378 Address 380 3. BGP LLDP Peer Discovery Operations 382 The simple use case is to just use the peer address advertised in the 383 LLDP Packet Data Unit (PDU) to establish a 1-hop BGP peer session. 384 This can be used in data centers using BGP as described in [RFC7938]. 385 The use case where a loopback address or other local address is 386 advertised as the peering address is also supported. However, 387 reachabiliy to a peering address other than the interface address is 388 beyond the scope of this document. 390 3.1. Advertising BGP Speaker 392 A BGP speaker MAY advertise its BGP peering address in an LLDP PDU 393 for a link using the BGP Local Address Sub-TLV of the BGP-OS TLV. 394 This can be an IPv4 or IPv6 local address associated with the LLDP 395 link for 1-hop peering. For 2-hop peering, it could be a loopback 396 address or any other address that is local to the node but not the 397 LLDP link. As noted above, reachability to the loopback address is 398 beyond the scope of this document. 400 A BGP speaker MAY advertise its local AS number using the BGP Local 401 AS Sub-TLV of the BGP-OS TLV. During AS transitions, a second local 402 AS number may be included in the Local AS Sub-TLV. The local BGP 403 identifier may also be advertised using the BGP Identifier Sub-TLV of 404 the BGP-OS TLV. While not specifically required for session 405 establishment, the values may be used for validation, trouble- 406 shooting, and connection collision avoidance. A BGP speaker may also 407 announce a Session Group-ID indicating the class or category of 408 session(s) supported and/or mapping to a set of session parameters. 409 Additionally, a BGP speaker MAY also announce relevant capabilities 410 using BGP Session Capabilities Sub-TLV of the BGP-OS TLV. 412 If TCP MD5 authentication [RFC2385] or TCP Authentication Option 413 (TCP-AO) [RFC5925] is to be used on the session, the Key Chain Sub- 414 TLV of the BGP-OS TLV MAY be used to specify the key chain name. 416 3.2. Receiving BGP Speaker 418 A BGP speaker configured for LLDP peer discovery WILL attempt to 419 establish BGP sessions using the address in the BGP Local Address 420 Sub-TLV of BGP-OS TLV format. If the peering address is directly 421 accessible over the link on which the LLDP PDU is received, the BGP 422 speaker will attempt to establish a 1-hop BGP session with the peer. 424 If the received BGP Peering Address is not directly accessible over 425 the link, the peer must be reachable for the session to be 426 established and the mechanisms for establishing reachability are 427 beyond the scope of this specification. If the BGP speaker receives 428 the same BGP peering address in LLDP PDUs received on multiple links, 429 it will not establish multiple sessions. Rather, a single 2-hop 430 session will be established. 432 When the deployment of address families is fairly homogenous across 433 the deployment, the wildcard AFI/SAFI can be utilized to simplify 434 LLDP advertisement. When there is variance in the address families 435 supported, usage of the wildcard could result in session 436 establishment delay due to capabilities negotiation [RFC5492]. 438 A BGP speaker MAY receive a remote neighbor's local AS number(s) in 439 an LLDP PDU in the BGP Local AS Sub-TLV of the BGP-OS TLV. A BGP 440 speaker MAY use the received local AS number(s) to perform validation 441 checking of the AS received in the OPEN message. A BGP speaker MAY 442 receive a remote neighbor's BGP Identifier in the BGP Identifier Sub- 443 TLV of the BGP-OS TLV. This can be used to avoid connection 444 collisions by delaying session establishment if the remote BGP 445 Identifier is greater than the receiving speaker's BGP Identifier. 447 A BGP speaker MAY receive a Session Group-ID Sub-TLV in the LLDP BGP- 448 OS TLV. This Session Group-ID may be used for validation and/or 449 mapping the session to a particular set of session parameters. For 450 example, the Session Group-ID could be mapped to a spine, leaf, or 451 Top-of-Rack (ToR) session in a data center deployment and can be used 452 to detect cabling problems when an unexpected Session Group-ID is 453 received. 455 Additionally, A BGP speaker MAY receive a remote neighbor's 456 capabilities in LLDP in the BGP Session Capabilities Sub-TLV of the 457 BGP-OS TLV. A BGP speaker MAY use the received capabilities to 458 ensure appropriate local neighbor configuration in order to 459 facilitate session establishment. 461 If TCP MD5 authentication [RFC2385]. or TCP Authentication Option 462 (TCP-AO) [RFC5925] is to be used on the session as determined either 463 via the Session Capabilities Sub-TLV, Session Group-ID, or local 464 policy, the key chain name in the Key Chain Sub-TLV of the BGP-OS TLV 465 MAY be used to identify the correct key chain [RFC8177]. 467 4. LLDP Authentication/Encryption 469 The IEEE 802.1AE [MACsec] standard can be used for encryption and/or 470 authentication to provide privacy and integrity. MACsec utilizes the 471 Galois/Counter Mode Advanced Encryption Standard (AES-GCM) for 472 authenticated encryption and Galois Message Authentication Code 473 (GMAC) if only authentication, but not encryption is required. 475 The MACsec Key Agreement (MKA) is included as part of the IEEE 476 802.1X-20200 Port-Based Network Access Control Standard [MKA]. The 477 purpose of MKA is to provide a method for discovering MACsec peers 478 and negotiating the security keys needed to secure the link. 480 5. Security Considerations 482 This security considerations for BGP [RFC4271] apply equally to this 483 extension. 485 Additionally, BGP peering address discovery should only be done on 486 trusted links (e.g., in a data center network) since LLDP packets are 487 not authenticated or encrypted [LLDP]. 489 LLDP Authentication and/or encryption can provided as described in 490 section Section 4. 492 6. IANA Considerations 494 6.1. IANA Assigned LLDP Subtype 496 IANA is requested to create a registry for IANA assigned subtypes in 497 the IETF Organizationally Specific TLV assigned to IANA (OUI of 498 000-00-53 [RFC7042]. Assignment is requested for 1 for the BGP 499 Config OS-TLV. 501 +-------------+-----------------------------------+ 502 | Range | Assignment Policy | 503 +-------------+-----------------------------------+ 504 | 0 | Reserved (not to be assigned) | 505 | | | 506 | 1 | BGP Configuration | 507 | | | 508 | 2-127 | Unassigned (IETF Review) | 509 | | | 510 | 128-254 | Reserved (Not to be assigned now) | 511 | | | 512 | 255 | Reserved (not to be assigned) | 513 +-------------+-----------------------------------+ 515 IANA LLDP IETF Organizationally Specific TLV Sub-Types 517 o Types in the range 2-127 are to be assigned subject to IETF 518 Review. New values are assigned only through RFCs that have been 519 shepherded through the IESG as AD-Sponsored or IETF WG Documents 520 [RFC5226]. 522 o Types in the range 128-254 are reserved and not to be assigned at 523 this time. Before any assignments can be made in this range, 524 there MUST be a Standards Track RFC that specifies IANA 525 Considerations that covers the range being assigned. 527 6.2. BGP Config LLDP OS-TLV Sub-TLVs 529 IANA is requested to create a registry for Sub-TLVs of the BGP Config 530 LLDP OS-TLV. Assignment is requested for 1 for the BGP Peering 531 Address Sub-TLV. Assignment is also requested for 2 for the Local AS 532 Sub-TLV. Additionally, assignment is requested for 3 for the BGP 533 Identifier Sub-TLV, 4 for the BGP Session Group-ID, 5 for the Session 534 Capabilities Sub-TLV, and 6 for the Key Chain Name. 536 +-------------+-----------------------------------+ 537 | Range | Assignment Policy | 538 +-------------+-----------------------------------+ 539 | 0 | Reserved (not to be assigned) | 540 | | | 541 | 1 | Peering Address | 542 | | | 543 | 2 | Local AS | 544 | | | 545 | 3 | BGP Identifier | 546 | | | 547 | 4 | Session Group-ID | 548 | | | 549 | 5 | Session Capabilities | 550 | | | 551 | 6 | Key Chain Name | 552 | | | 553 | 7 | Local Address | 554 | | | 555 | 8-127 | Unassigned (IETF Review) | 556 | | | 557 | 128-254 | Reserved (Not to be assigned now) | 558 | | | 559 | 255 | Reserved (not to be assigned) | 560 +-------------+-----------------------------------+ 562 LLDP BGP Config OS-TLV Types 564 o Types in the range 8-127 are to be assigned subject to IETF 565 Review. New values are assigned only through RFCs that have been 566 shepherded through the IESG as AD-Sponsored or IETF WG Documents 567 [RFC5226]. 569 o Types in the range 128-254 are reserved and not to be assigned at 570 this time. Before any assignments can be made in this range, 571 there MUST be a Standards Track RFC that specifies IANA 572 Considerations that covers the range being assigned. 574 7. Contributors 576 Contributors' Addresses 578 8. References 580 8.1. Normative References 582 [LLDP] IEEE, "IEEE Standard for Local and metropolitan area 583 networks-- Station and Media Access Control Connectivity 584 Discovery Corrigendum 2: Technical and Editorial 585 Corrections", IEEE 802.1AB-2009/Cor 2-2015, 586 DOI 10.1109/ieeestd.2015.7056401, March 2015. 588 [MACsec] IEEE, "IEEE Standard for Local and metropolitan area 589 networks - Media Access Control (MAC) Security", 590 IEEE Standard 802.1AE-2018, September 2018. 592 [MKA] IEEE, "IEEE Standard for Local and metropolitan area 593 networks - Port Based Network Access Control", 594 IEEE Standard 802.1X-2020, January 2020. 596 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 597 Requirement Levels", BCP 14, RFC 2119, 598 DOI 10.17487/RFC2119, March 1997, 599 . 601 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 602 Border Gateway Protocol 4 (BGP-4)", RFC 4271, 603 DOI 10.17487/RFC4271, January 2006, 604 . 606 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 607 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 608 May 2017, . 610 8.2. Informative References 612 [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 613 Signature Option", RFC 2385, DOI 10.17487/RFC2385, August 614 1998, . 616 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 617 "Multiprotocol Extensions for BGP-4", RFC 4760, 618 DOI 10.17487/RFC4760, January 2007, 619 . 621 [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. 622 Pignataro, "The Generalized TTL Security Mechanism 623 (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, 624 . 626 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 627 IANA Considerations Section in RFCs", RFC 5226, 628 DOI 10.17487/RFC5226, May 2008, 629 . 631 [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement 632 with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February 633 2009, . 635 [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP 636 Authentication Option", RFC 5925, DOI 10.17487/RFC5925, 637 June 2010, . 639 [RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and 640 IETF Protocol and Documentation Usage for IEEE 802 641 Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042, 642 October 2013, . 644 [RFC7938] Lapukhov, P., Premji, A., and J. Mitchell, Ed., "Use of 645 BGP for Routing in Large-Scale Data Centers", RFC 7938, 646 DOI 10.17487/RFC7938, August 2016, 647 . 649 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 650 Zhang, "YANG Data Model for Key Chains", RFC 8177, 651 DOI 10.17487/RFC8177, June 2017, 652 . 654 Appendix A. Acknowledgments 656 Thanks to Sujay Gupta and Paul Congdon for review and comments. 658 The RFC text was produced using Marshall Rose's xml2rfc tool. 660 Authors' Addresses 661 Acee Lindem 662 Cisco Systems 663 301 Midenhall Way 664 Cary, NC 27513 665 USA 667 Email: acee@cisco.com 669 Keyur Patel 670 Arrcus, Inc 672 Email: keyur@arrcus.com 674 Shawn Zandi 675 LinkedIn 676 222 2nd Street 677 San Francisco, CA 94105 678 USA 680 Email: szandi@linkedin.com 682 Jeff Haas 683 Juniper Networks, Inc 684 1133 Innovation, Inc. 685 Sunnyvale, CA 94089 686 USA 688 Email: jhaas@juniper.net 690 Xiaohu Xu 691 Alibaba 693 Email: xiaohu.xxh@alibaba-inc.com