idnits 2.17.1 draft-ietf-bier-ospfv3-extensions-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC8362], [RFC8296]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 11, 2019) is 1810 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC5340' is defined on line 384, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Work group P. Psenak, Ed. 3 Internet-Draft N. Nainar, Ed. 4 Intended status: Standards Track IJ. Wijnands 5 Expires: November 12, 2019 Cisco Systems, Inc. 6 May 11, 2019 8 OSPFv3 Extensions for BIER 9 draft-ietf-bier-ospfv3-extensions-00 11 Abstract 13 Bit Index Explicit Replication (BIER) is an architecture that 14 provides multicast forwarding through a "BIER domain" without 15 requiring intermediate routers to maintain multicast related per-flow 16 state. Neither does BIER require an explicit tree-building protocol 17 for its operation. A multicast data packet enters a BIER domain at a 18 "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at 19 one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router 20 adds a BIER header to the packet. Such header contains a bit-string 21 in which each bit represents exactly one BFER to forward the packet 22 to. The set of BFERs to which the multicast packet needs to be 23 forwarded is expressed by the according set of bits set in BIER 24 packet header. 26 This document describes the OSPFv3 [RFC8362] protocol extensions 27 required for BIER with MPLS encapsulation [RFC8296]. Support for 28 other encapsulation types is outside the scope of this document. The 29 use of multiple encapsulation types is outside the scope of this 30 document. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at https://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on November 12, 2019. 49 Copyright Notice 51 Copyright (c) 2019 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (https://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Flooding of the BIER Information in OSPFv3 . . . . . . . . . 3 68 2.1. BIER Sub-TLV . . . . . . . . . . . . . . . . . . . . . . 3 69 2.2. BIER MPLS Encapsulation Sub-TLV . . . . . . . . . . . . . 5 70 2.3. Flooding scope of BIER Information . . . . . . . . . . . 6 71 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 72 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 73 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 74 6. Normative References . . . . . . . . . . . . . . . . . . . . 9 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 77 1. Introduction 79 Bit Index Explicit Replication (BIER) is an architecture that 80 provides optimal multicast forwarding through a "BIER domain" without 81 requiring intermediate routers to maintain any multicast related per- 82 flow state. Neither does BIER explicitly require a tree-building 83 protocol for its operation. A multicast data packet enters a BIER 84 domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the 85 BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). 86 The BFIR router adds a BIER header to the packet. The BIER header 87 contains a bit-string in which each bit represents exactly one BFER 88 to forward the packet to. The set of BFERs to which the multicast 89 packet needs to be forwarded is expressed by setting the bits that 90 correspond to those routers in the BIER header. 92 BIER architecture requires routers participating in BIER to exchange 93 BIER related information within a given domain. BIER architecture 94 permits link-state routing protocols to perform distribution of such 95 information. [RFC8444] proposes the OSPFv2 protocol extensions to 96 distribute BIER specific information. This document describes 97 extensions to OSPFv3 necessary to advertise BIER specific information 98 in the case where BIER uses MPLS encapsulation as described in 99 [RFC8296]. 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 103 document are to be interpreted as described in [RFC2119]. 105 2. Flooding of the BIER Information in OSPFv3 107 All BIER specific information that a Bit-Forwarding Router (BFR) 108 needs to advertise to other BFRs is associated with a BFR-Prefix. A 109 BFR prefix is a unique (within a given BIER domain) routable IPv4 or 110 IPv6 address that is assigned to each BFR as described in more detail 111 in [RFC8279]. 113 [RFC8362] defines the encoding of OSPFv3 LSA in TLV format that 114 allows to carry additional informations. This section defines the 115 required Sub-TLVs to carry BIER information that is associated with 116 the BFR-Prefix. The Sub-TLV defined in this section MAY be carried 117 in the below OSPFv3 Extended LSA TLVs [RFC8362]: 119 Intra-Area-Prefix TLV 121 Inter-Area-Prefix TLV 123 2.1. BIER Sub-TLV 125 A Sub-TLV of the above mentioned Prefix TLVs is defined for 126 distributing BIER information. The Sub-TLV is called the BIER Sub- 127 TLV. Multiple BIER Sub-TLVs may be included in any of the above 128 mentioned Prefix TLV. 130 The BIER Sub-TLV has the following format: 132 0 1 2 3 133 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 | Type | Length | 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 | Sub-domain-ID | MT-ID | BFR-id | 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 | BAR | IPA | Reserved | 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 | Sub-TLVs (variable) | 142 +- -+ 143 | | 145 Type: TBD1 147 Length: Variable, dependent on sub-TLVs. 149 Sub-domain-ID: Unique value identifying the BIER sub-domain within 150 the BIER domain, as described in [RFC8279] 152 MT-ID: Multi-Topology ID (as defined in [RFC4915] that identifies 153 the topology that is associated with the BIER sub-domain. 155 BFR-id: A 2 octet field encoding the BFR-id, as documented in 156 section 2 of [RFC8279]. If the BFR is not locally configured with 157 a valid BFR-id, the value of this field is set to 0, which is 158 defined as illegal in [RFC8279]. 160 BAR: Single octet BIER specific algorithm used to calculate 161 underlay paths to reach other BFRs. Values are allocated from the 162 "BIER Algorithm" registry which is defined in [RFC8401]. 164 IPA: Single octet IGP algorithm to either modify, enhance or 165 replace the calculation of underlay paths to reach other BFRs as 166 defined by the BAR value. Values are defined in the "IGP 167 Algorithm Types" registry. 169 Each BFR sub-domain MUST be associated with one and only one OSPF 170 topology that is identified by the MT-ID. If the association between 171 BIER sub-domain and OSPF topology advertised in the BIER sub-TLV by 172 other BFRs is in conflict with the association locally configured on 173 the receiving router, the BIER Sub-TLV MUST be ignored. 175 If the MT-ID value is outside of the values specified in [RFC4915], 176 the BIER Sub-TLV MUST be ignored. 178 If a BFR advertises the same Sub-domain-ID in multiple BIER sub-TLVs, 179 the BFR MUST be treated as if it did not advertise a BIER sub-TLV for 180 such sub-domain. 182 All BFRs MUST detect advertisement of duplicate valid BFR-IDs for a 183 given MT-ID and Sub-domain-ID. When such duplication is detected by 184 the BFR, it MUST behave as described in section 5 of [RFC8279]. 186 The supported BAR and IPA algorithms MUST be consistent for all 187 routers supporting a given BFR sub-domain. A router receiving BIER 188 Sub-TLV advertisement with a value in BAR or IPA fields which does 189 not match the locally configured value for a given BFR sub-domain, 190 MUST report a misconfiguration for such BIER sub-domain and MUST 191 ignore such BIER sub-TLV. 193 The use of non-zero values in either the BAR field or the IPA field 194 is outside the scope of this document. 196 2.2. BIER MPLS Encapsulation Sub-TLV 198 The BIER MPLS Encapsulation Sub-TLV is a Sub-TLV of the BIER Sub-TLV 199 defined in Section 2.1. The BIER MPLS Encapsulation Sub-TLV is used 200 in order to advertise MPLS specific information used for BIER. It 201 MAY appear multiple times in the BIER Sub-TLV. 203 The BIER MPLS Encapsulation Sub-TLV has the following format: 205 0 1 2 3 206 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 208 | Type | Length | 209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 | Max SI | Label | 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 |BS Len | Reserved | 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 215 Type: Set to TBD2. 217 Length: 8 octets 219 Max SI: A 1 octet field encoding the maximum Set Identifier 220 (section 1 of [RFC8279]), used in the encapsulation for this BIER 221 sub-domain for this bitstring length. 223 Label: A 3 octet field, where the 20 rightmost bits represent the 224 first label in the label range. The 4 leftmost bits MUST be 225 ignored. 227 Bit String Length: A 4 bits field encoding the supported BitString 228 length associated with this BFR-prefix. The values allowed in 229 this field are specified in section 2 of [RFC8296]. 231 Reserved: SHOULD be set to 0 on transmission and MUST be ignored 232 on reception. 234 The "label range" is the set of labels beginning with the Label 235 and ending with (Label + (Max SI)). A unique label range is 236 allocated for each BitString length and Sub-domain-ID. These 237 labels are used for BIER forwarding as described in [RFC8279] and 238 [RFC8296]. 240 The size of the label range is determined by the number of Set 241 Identifiers (SI) (section 1 of [RFC8279]) that are used in the 242 network. Each SI maps to a single label in the label range. The 243 first label is for SI=0, the second label is for SI=1, etc. 245 If the label associated with the Maximum Set Identifier exceeds the 246 20 bit range, the BIER MPLS Encapsulation Sub-TLV MUST be ignored. 248 If the BS length is set to a value that does not match any of the 249 allowed values specified in [RFC8296], the BIER MPLS Encapsulation 250 Sub-TLV MUST be ignored. 252 If same BS length is repeated in multiple BIER MPLS Encapsulation 253 Sub-TLV inside the same BIER Sub-TLV, the BIER sub-TLV MUST be 254 ignored. 256 Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised 257 by the same BFR MUST NOT overlap. If the overlap is detected, the 258 advertising router MUST be treated as if it did not advertise any 259 BIER sub-TLVs. 261 2.3. Flooding scope of BIER Information 263 The flooding scope of the Extended LSAs [RFC8362] that is used for 264 advertising the BIER Sub-TLV is area-local. To allow BIER deployment 265 in a multi-area environment, OSPFv3 must propagate BIER information 266 between areas. 268 ( ) ( ) ( ) 269 ( ) ( ) ( ) 270 R1 Area 1 R2 Area 0 R3 Area 2 R4 271 ( ) ( ) ( ) 272 ( ) ( ) ( ) 274 Figure 1: BIER propagation between areas 276 The following procedure is used in order to propagate BIER related 277 information between areas: 279 When an OSPFv3 Area Border Router (ABR) advertises E-Inter-Area- 280 Prefix-LSA from an intra-area or inter-area prefix to all its 281 attached areas, it determines whether a BIER Sub-TLV should be 282 included in this LSA. When doing so, an OSPFv3 ABR will: 284 * Examine its best path to the prefix in the source area and find 285 the advertising router associated with the best path to that 286 prefix. 288 * Determine if such advertising router advertised a BIER Sub-TLV 289 for the prefix. If yes, the ABR will copy the information from 290 such BIER Sub-TLV when advertising BIER Sub-TLV to each 291 attached area. 293 In the Figure 1, R1 advertises a prefix 2001:db8:b1e6::1/128 in 294 Area 1. It also includes BIER Sub-TLV in E-Intra-Area-Prefix-LSA. 295 ABR R2 calculates the reachability for prefix 296 2001:bdb8:b1e6::1/128 inside Area 1 and propagates it to Area 0 297 using E-Inter-Area-Prefix-LSA. When doing so, it copies the 298 entire BIER Sub-TLV (including all its Sub-TLVs) it received from 299 R1 in Area 1 and includes it in the E-Inter-Area-Prefix-LSA it 300 generates for the prefix in Area 0. ABR R3 calculates the 301 reachability for prefix 2001:bdb8:b1e6::1/128 inside Area 0 and 302 propagates it to Area 2. When doing so, it copies the entire BIER 303 Sub-TLV (including all its Sub-TLVs) it received from R2 in Area 0 304 and includes it in E-Inter-Area-Prefix-LSA it generates for 305 2001:bdb8:b1e6::1/128 in Area 2. 307 3. Security Considerations 309 This document introduces new sub-TLVs for OSPFv3 Extended-LSAs. It 310 does not introduce any new security risks to OSPFv3. Existing 311 security concerns documented in [RFC8362] is applicable for the Sub- 312 TLVs defined in this document. 314 It is assumed that both BIER and OSPF layer is under a single 315 administrative domain. There can be deployments where potential 316 attackers have access to one or more networks in the OSPFv3 routing 317 domain. In these deployments, stronger authentication mechanisms 318 such as those specified in [RFC4552] SHOULD be used. 320 The Security Considerations section of [RFC8279] discusses the 321 possibility of performing a Denial of Service (DoS) attack by setting 322 too many bits in the BitString of a BIER-encapsulated packet. 323 However, this sort of DoS attack cannot be initiated by modifying the 324 OSPF BIER advertisements specified in this document. A BFIR decides 325 which systems are to receive a BIER-encapsulated packet. In making 326 this decision, it is not influenced by the OSPF control messages. 327 When creating the encapsulation, the BFIR sets one bit in the 328 encapsulation for each destination system. The information in the 329 OSPF BIER advertisements is used to construct the forwarding tables 330 that map each bit in the encapsulation into a set of next hops for 331 the host that is identified by that bit, but is not used by the BFIR 332 to decide which bits to set. Hence an attack on the OSPF control 333 plane cannot be used to cause this sort of DoS attack. 335 While a BIER-encapsulated packet is traversing the network, a BFR 336 that receives a BIER-encapsulated packet with n bits set in its 337 BitString may have to replicate the packet and forward multiple 338 copies. However, a given bit will only be set in one copy of the 339 packet. That means that each transmitted replica of a received 340 packet has fewer bits set (i.e., is targeted to fewer destinations) 341 than the received packet. This is an essential property of the BIER 342 forwarding process as defined in [RFC8279]. While a failure of this 343 process might cause a DoS attack (as discussed in the Security 344 Considerations of [RFC8279]), such a failure cannot be caused by an 345 attack on the OSPF control plane. 347 Implementations MUST assure that malformed TLV and Sub-TLV defined in 348 this document are detected and do not provide a vulnerability for 349 attackers to crash the OSPFv3 router or routing process. Reception 350 of malformed TLV or Sub-TLV SHOULD be counted and/or logged for 351 further analysis. Logging of malformed TLVs and Sub-TLVs SHOULD be 352 rate-limited to prevent a Denial of Service (DoS) attack (distributed 353 or otherwise) from overloading the OSPFv3 control plane. 355 4. IANA Considerations 357 The document requests two new allocations from the OSPFv3 Extended- 358 LSA sub-TLV registry as defined in [RFC8362]. 360 BIER Sub-TLV: TBD1 362 BIER MPLS Encapsulation Sub-TLV: TBD2 364 5. Acknowledgements 366 TBD 368 6. Normative References 370 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 371 Requirement Levels", BCP 14, RFC 2119, 372 DOI 10.17487/RFC2119, March 1997, 373 . 375 [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality 376 for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, 377 . 379 [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. 380 Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", 381 RFC 4915, DOI 10.17487/RFC4915, June 2007, 382 . 384 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 385 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 386 . 388 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 389 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 390 Explicit Replication (BIER)", RFC 8279, 391 DOI 10.17487/RFC8279, November 2017, 392 . 394 [RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 395 Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation 396 for Bit Index Explicit Replication (BIER) in MPLS and Non- 397 MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January 398 2018, . 400 [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and 401 F. Baker, "OSPFv3 Link State Advertisement (LSA) 402 Extensibility", RFC 8362, DOI 10.17487/RFC8362, April 403 2018, . 405 [RFC8401] Ginsberg, L., Ed., Przygienda, T., Aldrin, S., and Z. 406 Zhang, "Bit Index Explicit Replication (BIER) Support via 407 IS-IS", RFC 8401, DOI 10.17487/RFC8401, June 2018, 408 . 410 [RFC8444] Psenak, P., Ed., Kumar, N., Wijnands, IJ., Dolganow, A., 411 Przygienda, T., Zhang, J., and S. Aldrin, "OSPFv2 412 Extensions for Bit Index Explicit Replication (BIER)", 413 RFC 8444, DOI 10.17487/RFC8444, November 2018, 414 . 416 Authors' Addresses 418 Peter Psenak (editor) 419 Cisco Systems, Inc. 420 Apollo Business Center 421 Mlynske nivy 43, Bratislava 821 09 422 Slovakia 424 Email: ppsenak@cisco.com 426 Nagendra Kumar Nainar (editor) 427 Cisco Systems, Inc. 428 7200 Kit Creek Road 429 Research Triangle Park, NC 27709 430 US 432 Email: naikumar@cisco.com 434 IJsbrand Wijnands 435 Cisco Systems, Inc. 436 De Kleetlaan 6a 437 Diegem 1831 438 Belgium 440 Email: ice@cisco.com