idnits 2.17.1 draft-decraene-lsr-lag-indication-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (31 January 2022) is 815 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-lsr-dynamic-flooding-10 ** Downref: Normative reference to an Experimental draft: draft-ietf-lsr-dynamic-flooding (ref. 'I-D.ietf-lsr-dynamic-flooding') Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Decraene 3 Internet-Draft Orange 4 Intended status: Standards Track S. Hegde 5 Expires: 4 August 2022 Juniper Networks Inc. 6 J. Halpern 7 Ericsson 8 31 January 2022 10 LAG indication 11 draft-decraene-lsr-lag-indication-02 13 Abstract 15 This document defines a new link flag to advertise that a layer-three 16 link is composed of multiple layer-two sub-links, such as when this 17 link is a Link Aggregation Group (LAG). This allows a large single 18 flow (an elephant flow) to be aware that the link capacity will be 19 lower than expected as this single flow is not load-balanced across 20 the multiple layer-two sub-links. A path computation logic may use 21 that information to route that elephant flow along a different path. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on 4 August 2022. 40 Copyright Notice 42 Copyright (c) 2022 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 47 license-info) in effect on the date of publication of this document. 48 Please review these documents carefully, as they describe your rights 49 and restrictions with respect to this document. Code Components 50 extracted from this document must include Revised BSD License text as 51 described in Section 4.e of the Trust Legal Provisions and are 52 provided without warranty as described in the Revised BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 58 2. Protocol extensions . . . . . . . . . . . . . . . . . . . . . 3 59 2.1. IS-IS extension . . . . . . . . . . . . . . . . . . . . . 3 60 2.2. OSPF extension . . . . . . . . . . . . . . . . . . . . . 3 61 3. Operational considerations . . . . . . . . . . . . . . . . . 3 62 3.1. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 64 4.1. IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 4.2. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . 4 66 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 67 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 68 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 70 7.2. Informative References . . . . . . . . . . . . . . . . . 6 71 Appendix A. Changes / Author Notes . . . . . . . . . . . . . . . 6 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 74 1. Introduction 76 An IP link may be composed a multiple layer two sub-links not visible 77 to the IGP routing topology. When traffic crossing that IP link is 78 load-balanced on a per flow basis, a large elephant flow will only 79 benefit from the capacity of a single sub-link. This is an issue for 80 the routing logic which only see the aggregated bandwidth of the IP 81 link, and hence may incorrectly route a large flow over a link which 82 is incapable of transporting that flow. 84 This document defines a new link flag to signal that an IP link is a 85 Link Aggregate Group composed of multiple layer two sub-links. This 86 flag may be automatically be set by routing nodes connected to such 87 links, without requiring manual tagging by the network operator. A 88 path computation logic such as a PCE or a CSPF computation on the 89 ingress, may use that information to avoid such links for elephant 90 flows. 92 1.1. Requirements Language 94 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 96 "OPTIONAL" in this document are to be interpreted as described in BCP 97 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when, they 98 appear in all capitals, as shown here. 100 2. Protocol extensions 102 2.1. IS-IS extension 104 To advertise that a layer-three link is composed of multiple layer- 105 two sub-components this document defines a new bit in the IS-IS link- 106 attribute sub-TLV RFC 5029 [RFC5029]. 108 L2 LAG (Link Aggregation Group) TBD1. When set, this layer-three 109 link is composed of multiple layer-two sub-components performing per 110 flow load balancing. 112 2.2. OSPF extension 114 To advertise that a layer-three link is composed of multiple layer- 115 two sub-components this document defines a new bit in the OSPF Link 116 Attributes Bits TLV [I-D.ietf-lsr-dynamic-flooding]. 118 L2 LAG (Link Aggregation Group) TBD2. When set, this layer-three 119 link is composed of multiple layer-two sub-components performing per 120 flow load balancing. 122 3. Operational considerations 124 A node supporting this extension SHOULD automatically advertise the 125 L2 LAG flag for IP links composed of multiple layer-two sub- 126 components. Configuration knob MAY be provided to override this 127 default. 129 In order to handle nodes not supporting this extension, network 130 operator may need to use an admin group (color) [RFC5305] [RFC7308] 131 in order to flag those links on legacy nodes. 133 3.1. Usage 135 The information provided by this flag can be used in several 136 different ways, depending upon the technology choices and needs of 137 the operator. 139 If the operator's usage of LAGs is fairly consistent, one could have 140 a variation on a bandwidth limited flex-algo that specifies minimum 141 bandwidth and the LAG flag not being set. This could then be 142 selected by encapsulating head ends for streams which are judged to 143 need to avoid the LAGs. Likely this would be coupled with a 144 configured value representing the likely limit of LAG components for 145 selecting when to use this flex-algo instance. Note that extending 146 flex-algo requires every node to upgrade. 148 Another option is if the operator is using traffic engineering 149 (either with a PCE or the head end doing the path selection). The 150 path selector can select points in e.g. a segment routed path so as 151 to avoid links marked as being LAGs for elephant flows. This can be 152 coupled with a more flexible heuristic for limits than the above. 153 The path selector can look at the advertised link bandwidth, and the 154 presence of the LAG flag, and frequently reliably infer the LAG 155 component size. Thus, it would only need to avoid LAGs where the 156 component is expected to be too small for the large flow being 157 placed. 159 [Editor's note: This does suggest a possible extension if the working 160 group is interested. We could add a new sub-TLV indicating the 161 lowest bandwidth of the LAG components of a given LAG. This is 162 additional complexity and the question is whether the use cases where 163 this would give noticeably more accurate path estimates and better 164 elephant flow placement are likely.] 166 4. IANA Considerations 168 4.1. IS-IS 170 IANA is requested to allocate one bit value from the registry: link- 171 attribute bit values for sub-TLV 19 of TLV 22 (Extended IS 172 reachability TLV). 174 Value Name 175 ---- -------------------------------- 176 TBD1 L2 LAG (Link Aggregation Group) 178 Figure 1 180 4.2. OSPF 182 IANA is requested to allocate one bit number from the registry: OSPF 183 Link Attributes Sub-TLV Bit Values. 185 Bit Number Description 186 ---------- -------------------------------- 187 TBD2 L2 LAG (Link Aggregation Group) 189 Figure 2 191 5. Security Considerations 193 This extension advertises additional information and capabilities 194 about a link. 196 An attacker having access to this information would gain knowledge 197 that this link has sub components and that sending a large amount of 198 traffic via a single flow (hence not a DOS) is more likely to 199 overload that sub-component. On the other hand, this overloading 200 would be limited to this specific sub-component and hence not affect 201 other sub-component. 203 An attacker been capable of adding this information may gain ability 204 to change the routing of some flow crossing the links, typically 205 large elephant flows specifically configured to avoid such link. 207 An attacker been capable of removing this information may gain the 208 ability to change the routing and direct a large elephant flow on 209 this link, which would overload a sub component of this link and 210 likely create packet drop for this specific flow. 212 However, in those two cases, the attacker would equally have the 213 capability to change other routing information such as the link 214 metric, link usability and any link characteristics. Hence this new 215 information does not add new security considerations. Besides, as 216 with others TLV advertisements, the use of a cryptographic 217 authentication as defined in [RFC5304] or [RFC5310] allows the 218 authentication of the peer and the integrity of the message and 219 remove the ability for an attacker to modify such information. 221 . 223 6. Acknowledgments 225 TBD. 227 7. References 229 7.1. Normative References 231 [I-D.ietf-lsr-dynamic-flooding] 232 Li, T., Przygienda, T., Psenak, P., Ginsberg, L., Chen, 233 H., Cooper, D., Jalil, L., Dontula, S., and G. S. Mishra, 234 "Dynamic Flooding on Dense Graphs", Work in Progress, 235 Internet-Draft, draft-ietf-lsr-dynamic-flooding-10, 7 236 December 2021, . 239 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 240 Requirement Levels", BCP 14, RFC 2119, 241 DOI 10.17487/RFC2119, March 1997, 242 . 244 [RFC5029] Vasseur, JP. and S. Previdi, "Definition of an IS-IS Link 245 Attribute Sub-TLV", RFC 5029, DOI 10.17487/RFC5029, 246 September 2007, . 248 [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic 249 Authentication", RFC 5304, DOI 10.17487/RFC5304, October 250 2008, . 252 [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., 253 and M. Fanto, "IS-IS Generic Cryptographic 254 Authentication", RFC 5310, DOI 10.17487/RFC5310, February 255 2009, . 257 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 258 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 259 May 2017, . 261 7.2. Informative References 263 [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic 264 Engineering", RFC 5305, DOI 10.17487/RFC5305, October 265 2008, . 267 [RFC7308] Osborne, E., "Extended Administrative Groups in MPLS 268 Traffic Engineering (MPLS-TE)", RFC 7308, 269 DOI 10.17487/RFC7308, July 2014, 270 . 272 Appendix A. Changes / Author Notes 274 [RFC Editor: Please remove this section before publication] 276 00: Initial version. 278 01: Refresh. 280 Authors' Addresses 282 Bruno Decraene 283 Orange 285 Email: bruno.decraene@orange.com 287 Shraddha Hegde 288 Juniper Networks Inc. 289 Exora Business Park 290 Bangalore 560103 291 KA 292 India 294 Email: shraddha@juniper.net 296 Joel Halpern 297 Ericsson 299 Email: joel.halpern@ericsson.com