idnits 2.17.1 draft-ietf-bier-ospf-bier-extensions-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC2328], [RFC8296]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 3, 2018) is 2208 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC7474' is mentioned on line 321, but not defined Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OSPF P. Psenak, Ed. 3 Internet-Draft N. Kumar 4 Intended status: Standards Track IJ. Wijnands 5 Expires: October 5, 2018 Cisco 6 A. Dolganow 7 Nokia 8 T. Przygienda 9 J. Zhang 10 Juniper Networks, Inc. 11 S. Aldrin 12 Google, Inc. 13 April 3, 2018 15 OSPFv2 Extensions for BIER 16 draft-ietf-bier-ospf-bier-extensions-17.txt 18 Abstract 20 Bit Index Explicit Replication (BIER) is an architecture that 21 provides multicast forwarding through a "BIER domain" without 22 requiring intermediate routers to maintain multicast related per-flow 23 state. Neither does BIER require an explicit tree-building protocol 24 for its operation. A multicast data packet enters a BIER domain at a 25 "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at 26 one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router 27 adds a BIER header to the packet. Such header contains a bit-string 28 in which each bit represents exactly one BFER to forward the packet 29 to. The set of BFERs to which the multicast packet needs to be 30 forwarded is expressed by the according set of bits set in BIER 31 packet header. 33 This document describes the OSPF [RFC2328] protocol extension 34 required for BIER with MPLS encapsulation [RFC8296]. Support for 35 other encapsulation types is outside thescope of this document. The 36 use of multiple encapsulation types is outside the scope of this 37 document. 39 Status of This Memo 41 This Internet-Draft is submitted in full conformance with the 42 provisions of BCP 78 and BCP 79. 44 Internet-Drafts are working documents of the Internet Engineering 45 Task Force (IETF). Note that other groups may also distribute 46 working documents as Internet-Drafts. The list of current Internet- 47 Drafts is at https://datatracker.ietf.org/drafts/current/. 49 Internet-Drafts are draft documents valid for a maximum of six months 50 and may be updated, replaced, or obsoleted by other documents at any 51 time. It is inappropriate to use Internet-Drafts as reference 52 material or to cite them other than as "work in progress." 54 This Internet-Draft will expire on October 5, 2018. 56 Copyright Notice 58 Copyright (c) 2018 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (https://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the Simplified BSD License. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 74 2. Flooding of the BIER Information in OSPF . . . . . . . . . . 3 75 2.1. BIER Sub-TLV . . . . . . . . . . . . . . . . . . . . . . 3 76 2.2. BIER MPLS Encapsulation Sub-TLV . . . . . . . . . . . . . 5 77 2.3. Flooding scope of BIER Information . . . . . . . . . . . 6 78 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 79 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 80 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 81 6. Normative References . . . . . . . . . . . . . . . . . . . . 8 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 84 1. Introduction 86 Bit Index Explicit Replication (BIER) is an architecture that 87 provides optimal multicast forwarding through a "BIER domain" without 88 requiring intermediate routers to maintain any multicast related per- 89 flow state. Neither does BIER explicitly require a tree-building 90 protocol for its operation. A multicast data packet enters a BIER 91 domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the 92 BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). 93 The BFIR router adds a BIER header to the packet. The BIER header 94 contains a bit-string in which each bit represents exactly one BFER 95 to forward the packet to. The set of BFERs to which the multicast 96 packet needs to be forwarded is expressed by setting the bits that 97 correspond to those routers in the BIER header. 99 BIER architecture requires routers participating in BIER to exchange 100 BIER related information within a given domain. BIER architecture 101 permits link-state routing protocols to perform distribution of such 102 information. This document describes extensions to OSPF necessary to 103 advertise BIER specific information in the case where BIER uses MPLS 104 encapsulation as described in [RFC8296]. 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 2. Flooding of the BIER Information in OSPF 112 All BIER specific information that a Bit-Forwarding Router (BFR) 113 needs to advertise to other BFRs is associated with a BFR-Prefix. A 114 BFR prefix is a unique (within a given BIER domain) routable IP 115 address that is assigned to each BFR as described in more detail in 116 section 2 of [RFC8279]. 118 Given that BIER information must be associated with a BFR prefix, the 119 OSPF Extended Prefix Opaque LSA [RFC7684] has been chosen for 120 advertisement. 122 2.1. BIER Sub-TLV 124 A Sub-TLV of the Extended Prefix TLV (defined in [RFC7684]) is 125 defined for distributing BIER information. The Sub-TLV is called the 126 BIER Sub-TLV. Multiple BIER Sub-TLVs may be included in the Extended 127 Prefix TLV. 129 The BIER Sub-TLV has the following format: 131 0 1 2 3 132 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 134 | Type | Length | 135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 136 | Sub-domain-ID | MT-ID | BFR-id | 137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 138 | BAR | IPA | Reserved | 139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 140 | Sub-TLVs (variable) | 141 +- -+ 142 | | 143 Type: 9 145 Length: Variable, dependent on sub-TLVs. 147 Sub-domain-ID: Unique value identifying the BIER sub-domain within 148 the BIER domain, as described in section 1 of [RFC8279]. 150 MT-ID: Multi-Topology ID (as defined in [RFC4915]) that identifies 151 the topology that is associated with the BIER sub-domain. 153 BFR-id: A 2 octet field encoding the BFR-id, as documented in 154 section 2 of [RFC8279]. If the BFR is not locally configured with 155 a valid BFR-id, the value of this field is set to 0, which is 156 defined as illegal in [RFC8279]. 158 BAR: Single octet BIER specific algorithm used to calculate 159 underlay paths to reach other BFRs. Values are allocated from the 160 "BIER Algorithm Registry" which is defined in 161 [I-D.ietf-bier-isis-extensions]. 163 IPA: Single octet IGP algorithm to either modify, enhance or 164 replace the calculation of underlay paths to reach other BFRs as 165 defined by the BAR value. Values are defined in the "IGP 166 Algorithm Types" registry. 168 Each BFR sub-domain MUST be associated with one and only one OSPF 169 topology that is identified by the MT-ID. If the association between 170 BIER sub-domain and OSPF topology advertised in the BIER sub-TLV by 171 other BFRs is in conflict with the association locally configured on 172 the receiving router, the BIER Sub-TLV MUST be ignored. 174 If the MT-ID value is outside of the values specified in [RFC4915], 175 the BIER Sub-TLV MUST be ignored. 177 If a BFR advertises the same Sub-domain-ID in multiple BIER sub-TLVs, 178 the BFR MUST be treated as if it did not advertise a BIER sub-TLV for 179 such sub-domain. 181 All BFRs MUST detect advertisement of duplicate valid BFR-IDs for a 182 given MT-ID and Sub-domain-ID. When such duplication is detected by 183 the BFR, it MUST behave as described in section 5 of [RFC8279]. 185 The supported BAR and IPA algorithms MUST be consistent for all 186 routers supporting a given BFR sub-domain. A router receiving BIER 187 Sub-TLV advertisement with a value in BAR or IPA fields which does 188 not match the locally configured value for a given BFR sub-domain, 189 MUST report a misconfiguration for such BIER sub-domain and MUST 190 ignore such BIER sub-TLV. 192 The use of non-zero values in either the BAR field or the IPA field 193 is outside the scope of this document. 195 2.2. BIER MPLS Encapsulation Sub-TLV 197 The BIER MPLS Encapsulation Sub-TLV is a Sub-TLV of the BIER Sub-TLV. 198 The BIER MPLS Encapsulation Sub-TLV is used in order to advertise 199 MPLS specific information used for BIER. It MAY appear multiple 200 times in the BIER Sub-TLV. 202 The BIER MPLS Encapsulation Sub-TLV has the following format: 204 0 1 2 3 205 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | Type | Length | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 | Max SI | Label | 210 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 |BS Len | Reserved | 212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 Type: 10 216 Length: 8 octets 218 Max SI : A 1 octet field encoding the maximum Set Identifier 219 (section 1 of [RFC8279]), used in the encapsulation for this BIER 220 sub-domain for this bitstring length. 222 Label: A 3 octet field, where the 20 rightmost bits represent the 223 first label in the label range. The 4 leftmost bits MUST be 224 ignored. 226 Bit String Length: A 4 bits field encoding the supported BitString 227 length associated with this BFR-prefix. The values allowed in 228 this field are specified in section 2 of [RFC8296]. 230 Reserved: SHOULD be set to 0 on transmission and MUST be ignored 231 on reception. 233 The "label range" is the set of labels beginning with the Label 234 and ending with (Label + (Max SI)). A unique label range is 235 allocated for each BitStream length and Sub-domain-ID. These 236 labels are used for BIER forwarding as described in [RFC8279] and 237 [RFC8296]. 239 The size of the label range is determined by the number of Set 240 Identifiers (SI) (section 1 of [RFC8279]) that are used in the 241 network. Each SI maps to a single label in the label range. The 242 first label is for SI=0, the second label is for SI=1, etc. 244 If the label associated with the Maximum Set Identifier exceeds the 245 20 bit range, the BIER MPLS Encapsulation Sub-TLV MUST be ignored. 247 If the BS length is set to a value that does not match any of the 248 allowed values specified in [RFC8296], the BIER MPLS Encapsulation 249 Sub-TLV MUST be ignored. 251 If same BS length is repeated in multiple BIER MPLS Encapsulation 252 Sub-TLV inside the same BIER Sub-TLV, the BIER sub-TLV MUST be 253 ignored. 255 Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised 256 by the same BFR MUST NOT overlap. If the overlap is detected, the 257 advertising router MUST be treated as if it did not advertise any 258 BIER sub-TLVs. 260 2.3. Flooding scope of BIER Information 262 The flooding scope of the OSPF Extended Prefix Opaque LSA [RFC7684] 263 that is used for advertising the BIER Sub-TLV is set to area-local. 264 To allow BIER deployment in a multi-area environment, OSPF must 265 propagate BIER information between areas. 267 ( ) ( ) ( ) 268 ( ) ( ) ( ) 269 R1 Area 1 R2 Area 0 R3 Area 2 R4 270 ( ) ( ) ( ) 271 ( ) ( ) ( ) 273 Figure 1: BIER propagation between areas 275 The following procedure is used in order to propagate BIER related 276 information between areas: 278 When an OSPF Area Border Router (ABR) advertises a Type-3 Summary 279 LSA from an intra-area or inter-area prefix to all its attached 280 areas, it will also originate an Extended Prefix Opaque LSA, as 281 described in [RFC7684]. The flooding scope of the Extended Prefix 282 Opaque LSA type will be set to area-local. The route-type in the 283 OSPF Extended Prefix TLV is set to inter-area. When determining 284 whether a BIER Sub-TLV should be included in this LSA, an OSPF ABR 285 will: 287 - Examine its best path to the prefix in the source area and 288 find the advertising router associated with the best path to 289 that prefix. 291 - Determine if such advertising router advertised a BIER Sub- 292 TLV for the prefix. If yes, the ABR will copy the information 293 from such BIER Sub-TLV when advertising BIER Sub-TLV to each 294 attached area. 296 In the Figure 1, R1 advertises a prefix 192.0.2.1/32 in Area 1. 297 It also advertises Extended Prefix Opaque LSA for prefix 298 192.0.2.1/32 and includes BIER Sub-TLV in it. Area Border Router 299 (ABR) R2 calculates the reachability for prefix 192.0.2.1/32 300 inside Area 1 and propagates it to Area 0. When doing so, it 301 copies the entire BIER Sub-TLV (including all its Sub-TLVs) it 302 received from R1 in Area 1 and includes it in the Extended Prefix 303 Opaque LSA it generates for 192.0.2.1/32 in Area 0. ABR R3 304 calculates the reachability for prefix 192.0.2.1/32 inside Area 0 305 and propagates it to Area 2. When doing so, it copies the entire 306 BIER Sub-TLV (including all its Sub-TLVs) it received from R2 in 307 Area 0 and includes it in the Extended Prefix Opaque LSA it 308 generates for 192.0.2.1/32 in Area 2. 310 3. Security Considerations 312 This document introduces new sub-TLVs for existing OSPF Extended 313 Prefix TLV. It does not introduce any new security risks to OSPF. 314 Existing security extensions as described in [RFC2328] and [RFC7684] 315 apply. 317 It is assumed that both BIER and OSPF layer is under a single 318 administrative domain. There can be deployments where potential 319 attackers have access to one or more networks in the OSPF routing 320 domain. In these deployments, stronger authentication mechanisms 321 such as those specified in [RFC7474] SHOULD be used. 323 The Security Considerations section of [RFC8279] discusses the 324 possibility of performing a Denial of Service (DoS) attack by setting 325 too many bits in the BitString of a BIER-encapsulated packet. 326 However, this sort of DoS attack cannot be initiated by modifying the 327 OSPF BIER advertisements specified in this document. A BFIR decides 328 which systems are to receive a BIER-encapsulated packet. In making 329 this decision, it is not influenced by the OSPF control messages. 330 When creating the encapsulation, the BFIR sets one bit in the 331 encapsulation for each destination system. The information in the 332 OSPF BIER advertisements is used to construct the forwarding tables 333 that map each bit in the encapsulation into a set of next hops for 334 the host that is identified by that bit, but is not used by the BFIR 335 to decide which bits to set. Hence an attack on the OSPF control 336 plane cannot be used to cause this sort of DoS attack. 338 While a BIER-encapsulated packet is traversing the network, a BFR 339 that receives a BIER-encapsulated packet with n bits set in its 340 BitString may have to replicate the packet and forward multiple 341 copies. However, a given bit will only be set in one copy of the 342 packet. That means that each transmitted replica of a received 343 packet has fewer bits set (i.e., is targeted to fewer destinations) 344 than the received packet. This is an essential property of the BIER 345 forwarding process as defined in [RFC8279]. While a failure of this 346 process might cause a DoS attack (as discussed in the Security 347 Considerations of [RFC8279]), such a failure cannot be caused by an 348 attack on the OSPF control plane. 350 Implementations MUST assure that malformed TLV and Sub-TLV defined in 351 this document are detected and do not provide a vulnerability for 352 attackers to crash the OSPF router or routing process. Reception of 353 malformed TLV or Sub-TLV SHOULD be counted and/or logged for further 354 analysis. Logging of malformed TLVs and Sub-TLVs SHOULD be rate- 355 limited to prevent a Denial of Service (DoS) attack (distributed or 356 otherwise) from overloading the OSPF control plane. 358 4. IANA Considerations 360 The document requests three new allocations from the OSPF Extended 361 Prefix sub-TLV registry as defined in [RFC7684]. 363 BIER Sub-TLV: 9 365 BIER MPLS Encapsulation Sub-TLV: 10 367 5. Acknowledgments 369 The authors would like to thank Rajiv Asati, Christian Martin, Greg 370 Shepherd and Eric Rosen for their contribution. 372 6. Normative References 374 [I-D.ietf-bier-isis-extensions] 375 Ginsberg, L., Przygienda, T., Aldrin, S., and Z. Zhang, 376 "BIER support via ISIS", draft-ietf-bier-isis- 377 extensions-11 (work in progress), March 2018. 379 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 380 Requirement Levels", BCP 14, RFC 2119, 381 DOI 10.17487/RFC2119, March 1997, 382 . 384 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 385 DOI 10.17487/RFC2328, April 1998, 386 . 388 [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. 389 Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", 390 RFC 4915, DOI 10.17487/RFC4915, June 2007, 391 . 393 [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., 394 Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute 395 Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 396 2015, . 398 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 399 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 400 Explicit Replication (BIER)", RFC 8279, 401 DOI 10.17487/RFC8279, November 2017, 402 . 404 [RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 405 Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation 406 for Bit Index Explicit Replication (BIER) in MPLS and Non- 407 MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January 408 2018, . 410 Authors' Addresses 412 Peter Psenak (editor) 413 Cisco 414 Apollo Business Center 415 Mlynske nivy 43 416 Bratislava 821 09 417 Slovakia 419 Email: ppsenak@cisco.com 420 Nagendra Kumar 421 Cisco 422 7200 Kit Creek Road 423 Research Triangle Park, NC 27709 424 US 426 Email: naikumar@cisco.com 428 IJsbrand Wijnands 429 Cisco 430 De Kleetlaan 6a 431 Diegem 1831 432 Belgium 434 Email: ice@cisco.com 436 Andrew Dolganow 437 Nokia 438 750 Chai Chee Rd 439 06-06 Viva Business Park 440 Singapore 469004 442 Email: andrew.dolganow@nokia.com 444 Tony Przygienda 445 Juniper Networks, Inc. 446 10 Technology Park Drive 447 Westford, MA 01886 448 USA 450 Email: prz@juniper.net 452 Jeffrey Zhang 453 Juniper Networks, Inc. 454 10 Technology Park Drive 455 Westford, MA 01886 456 USA 458 Email: zzhang@juniper.net 459 Sam Aldrin 460 Google, Inc. 461 1600 Amphitheatre Parkway 462 Mountain View, CA 463 USA 465 Email: aldrin.ietf@gmail.com