idnits 2.17.1 draft-ietf-i2rs-rib-info-model-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 403 has weird spacing: '... base load...' == Line 420 has weird spacing: '...thop-id egres...' == Line 428 has weird spacing: '...l-encap tunne...' -- The document date (November 22, 2017) is 2346 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group N. Bahadur, Ed. 3 Internet-Draft Bracket Computing 4 Intended status: Informational S. Kini, Ed. 5 Expires: May 26, 2018 6 J. Medved 7 Cisco 8 November 22, 2017 10 Routing Information Base Info Model 11 draft-ietf-i2rs-rib-info-model-12 13 Abstract 15 Routing and routing functions in enterprise and carrier networks are 16 typically performed by network devices (routers and switches) using a 17 routing information base (RIB). Protocols and configuration push 18 data into the RIB and the RIB manager installs state into the 19 hardware; for packet forwarding. This draft specifies a information 20 model for the RIB to enable defining a standardized data model. Such 21 a data model can be used to define an interface to the RIB from an 22 entity that may even be external to the network device. This 23 interface can be used to support new use-cases being defined by the 24 IETF I2RS WG. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on May 26, 2018. 43 Copyright Notice 45 Copyright (c) 2017 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 1.1. Conventions used in this document . . . . . . . . . . . . 6 62 2. RIB data . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 63 2.1. RIB definition . . . . . . . . . . . . . . . . . . . . . . 6 64 2.2. Routing instance . . . . . . . . . . . . . . . . . . . . . 7 65 2.3. Route . . . . . . . . . . . . . . . . . . . . . . . . . . 8 66 2.4. Nexthop . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 2.4.1. Nexthop types . . . . . . . . . . . . . . . . . . . . 12 68 2.4.2. Nexthop list attributes . . . . . . . . . . . . . . . 13 69 2.4.3. Nexthop content . . . . . . . . . . . . . . . . . . . 13 70 2.4.4. Special nexthops . . . . . . . . . . . . . . . . . . . 14 71 3. Reading from the RIB . . . . . . . . . . . . . . . . . . . . . 14 72 4. Writing to the RIB . . . . . . . . . . . . . . . . . . . . . . 15 73 5. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 15 74 6. RIB grammar . . . . . . . . . . . . . . . . . . . . . . . . . 16 75 6.1. Nexthop grammar explained . . . . . . . . . . . . . . . . 18 76 7. Using the RIB grammar . . . . . . . . . . . . . . . . . . . . 19 77 7.1. Using route preference . . . . . . . . . . . . . . . . . . 19 78 7.2. Using different nexthops types . . . . . . . . . . . . . . 19 79 7.2.1. Tunnel nexthops . . . . . . . . . . . . . . . . . . . 19 80 7.2.2. Replication lists . . . . . . . . . . . . . . . . . . 19 81 7.2.3. Weighted lists . . . . . . . . . . . . . . . . . . . . 20 82 7.2.4. Protection . . . . . . . . . . . . . . . . . . . . . . 20 83 7.2.5. Nexthop chains . . . . . . . . . . . . . . . . . . . . 21 84 7.2.6. Lists of lists . . . . . . . . . . . . . . . . . . . . 22 85 7.3. Performing multicast . . . . . . . . . . . . . . . . . . . 23 86 8. RIB operations at scale . . . . . . . . . . . . . . . . . . . 24 87 8.1. RIB reads . . . . . . . . . . . . . . . . . . . . . . . . 24 88 8.2. RIB writes . . . . . . . . . . . . . . . . . . . . . . . . 24 89 8.3. RIB events and notifications . . . . . . . . . . . . . . . 24 90 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 91 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 92 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 25 93 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 94 12.1. Normative References . . . . . . . . . . . . . . . . . . . 25 95 12.2. Informative References . . . . . . . . . . . . . . . . . . 25 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 99 1. Introduction 101 Routing and routing functions in enterprise and carrier networks are 102 traditionally performed in network devices. Traditionally routers 103 run routing protocols and the routing protocols (along with static 104 config) populate the Routing information base (RIB) of the router. 105 The RIB is managed by the RIB manager and the RIB manager provides a 106 north-bound interface to its clients i.e. the routing protocols to 107 insert routes into the RIB. The RIB manager consults the RIB and 108 decides how to program the forwarding information base (FIB) of the 109 hardware by interfacing with the FIB manager. The relationship 110 between these entities is shown in Figure 1. 112 +-------------+ +-------------+ 113 |RIB client 1 | ...... |RIB client N | 114 +-------------+ +-------------+ 115 ^ ^ 116 | | 117 +----------------------+ 118 | 119 V 120 +---------------------+ 121 |RIB manager | 122 | | 123 | +-----+ | 124 | | RIB | | 125 | +-----+ | 126 +---------------------+ 127 ^ 128 | 129 +---------------------------------+ 130 | | 131 V V 132 +-------------+ +-------------+ 133 |FIB manager 1| |FIB manager M| 134 | +-----+ | .......... | +-----+ | 135 | | FIB | | | | FIB | | 136 | +-----+ | | +-----+ | 137 +-------------+ +-------------+ 139 Figure 1: RIB manager, RIB clients and FIB managers 141 Routing protocols are inherently distributed in nature and each 142 router makes an independent decision based on the routing data 143 received from its peers. With the advent of newer deployment 144 paradigms and the need for specialized applications, there is an 145 emerging need to guide the router's routing function [RFC7920]. 146 Traditional network-device protocol-based RIB population suffices for 147 most use cases where distributed network control is used. However 148 there are use cases which the network operators currently address by 149 configuring static routes, policies and RIB import/export rules on 150 the routers. There is also a growing list of use cases 151 [I-D.white-i2rs-use-case], [I-D.hares-i2rs-use-case-vn-vc] in which a 152 network operator might want to program the RIB based on data 153 unrelated to just routing (within that network's domain). 154 Programming the RIB could be based on other information such as 155 routing data in the adjacent domain or the load on storage and 156 compute in the given domain. Or it could simply be a programmatic 157 way of creating on-demand dynamic overlays (e.g. GRE tunnels) 158 between compute hosts (without requiring the hosts to run traditional 159 routing protocols). If there was a standardized publicly documented 160 programmatic interface to a RIB, it would enable further networking 161 applications that address a variety of use-cases [RFC7920]. 163 A programmatic interface to the RIB involves 2 types of operations - 164 reading from the RIB and writing (adding/modifying/deleting) to the 165 RIB. [I-D.white-i2rs-use-case] lists various use-cases which require 166 read and/or write manipulation of the RIB. 168 In order to understand what is in a router's RIB, methods like per- 169 protocol SNMP MIBs and show output screen scraping are used. These 170 methods are not scalable, since they are client pull mechanisms and 171 not proactive push (from the router) mechanisms. Screen scraping is 172 error prone (since the output format can change) and is vendor 173 dependent. Building a RIB from per-protocol MIBs is error prone 174 since the MIB data represent protocol data and not the exact 175 information that went into the RIB. Thus, just getting read-only RIB 176 information from a router is a hard task. 178 Adding content to the RIB from an external entity can be done today 179 using static configuration mechanisms provided by router vendors. 180 However the mix of what can be modified in the RIB varies from vendor 181 to vendor and the method of configuring it is also vendor dependent. 182 This makes it hard for an external entity to program a multi-vendor 183 network in a consistent and vendor-independent way. 185 The purpose of this draft is to specify an information model for the 186 RIB. Using the information model, one can build a detailed data 187 model for the RIB. That data model could then be used by an external 188 entity to program a network device. 190 The rest of this document is organized as follows. Section 2 goes 191 into the details of what constitutes and can be programmed in a RIB. 192 Guidelines for reading and writing the RIB are provided in Section 3 193 and Section 4 respectively. Section 5 provides a high-level view of 194 the events and notifications going from a network device to an 195 external entity, to update the external entity on asynchronous 196 events. The RIB grammar is specified in Section 6. Examples of 197 using the RIB grammar are shown in Section 7. Section 8 covers 198 considerations for performing RIB operations at scale. 200 1.1. Conventions used in this document 202 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 203 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 204 document are to be interpreted as described in [RFC2119]. 206 2. RIB data 208 This section describes the details of a RIB. It makes forward 209 references to objects in the RIB grammar (Section 6). A high-level 210 description of the RIB contents is as shown below. 212 routing-instance 213 | | 214 | | 215 0..N | | 1..N 216 | | 217 interface(s) RIB(s) 218 | 219 | 220 | 0..N 221 | 222 route(s) 224 Figure 2: RIB model 226 2.1. RIB definition 228 A RIB is an entity that contains routes. A RIB is identified by its 229 name and a RIB is contained within a routing instance (Section 2.2). 230 The name MUST be unique within a routing instance. All routes in a 231 given RIB MUST be of the same rib family (e.g. IPv4). Each RIB MUST 232 belong to a routing instance. 234 A routing instance can have multiple RIBs. A routing instance can 235 even have two or more RIBs of the same rib family (e.g. IPv6). A 236 typical case where this can be used is for multi-topology routing 237 ([RFC4915], [RFC5120]). 239 Each RIB can be optionally associated with a ENABLE_IP_RPF_CHECK 240 attribute that enables Reverse path forwarding (RPF) checks on all IP 241 routes in that RIB. Reverse path forwarding (RPF) check is used to 242 prevent spoofing and limit malicious traffic. For IP packets, the IP 243 source address is looked up and the rpf interface(s) associated with 244 the route for that IP source address is found. If the incoming IP 245 packet's interface matches one of the rpf interface(s), then the IP 246 packet is forwarded based on its IP destination address; otherwise, 247 the IP packet is discarded. 249 2.2. Routing instance 251 A routing instance, in the context of the RIB information model, is a 252 collection of RIBs, interfaces, and routing parameters. A routing 253 instance creates a logical slice of the router. It allows different 254 logical slices; across a set of routers; to communicate with each 255 other. Layer 3 Virtual Private Networks (VPN), Layer 2 VPNs (L2VPN) 256 and Virtual Private Lan Service (VPLS) can be modeled as routing 257 instances. Note that modeling a Layer 2 VPN using a routing instance 258 only models the Layer-3 (RIB) aspect and does not model any layer-2 259 information (like ARP) that might be associated with the L2VPN. 261 The set of interfaces indicates which interfaces are associated with 262 this routing instance. The RIBs specify how incoming traffic is to 263 be forwarded. And the routing parameters control the information in 264 the RIBs. The intersection set of interfaces of 2 routing instances 265 MUST be the null set. In other words, an interface MUST NOT be 266 present in 2 routing instances. Thus a routing instance describes 267 the routing information and parameters across a set of interfaces. 269 A routing instance MUST contain the following mandatory fields. 270 o INSTANCE_NAME: A routing instance is identified by its name, 271 INSTANCE_NAME. This MUST be unique across all routing instances 272 in a given network device. 273 o rib-list: This is the list of RIBs associated with this routing 274 instance. Each routing instance can have multiple RIBs to 275 represent routes of different types. For example, one would put 276 IPv4 routes in one RIB and MPLS routes in another RIB. 278 A routing instance MAY contain the following optional fields. 279 o interface-list: This represents the list of interfaces associated 280 with this routing instance. The interface list helps constrain 281 the boundaries of packet forwarding. Packets coming on these 282 interfaces are directly associated with the given routing 283 instance. The interface list contains a list of identifiers, with 284 each identifier uniquely identifying an interface. 285 o ROUTER_ID: The router-id field identifies the network device in 286 control plane interactions with other network devices. This field 287 is to be used if one wants to virtualize a physical router into 288 multiple virtual routers. Each virtual router MUST have a unique 289 router-id. ROUTER_ID MUST be unique across all network devices in 290 a given domain. 291 A routing instance may be created purely for the purposes of packet 292 processing and may not have any interfaces associated with it. For 293 example, an incoming packet in routing instance A might have a 294 nexthop of routing instance B and after packet processing in B, the 295 nexthop might be routing instance C. Thus, routing instance B is not 296 associated with any interface. And given that this routing instance 297 does not do any control plane interaction with other network devices, 298 a ROUTER_ID is also not needed. 300 2.3. Route 302 A route is essentially a match condition and an action following the 303 match. The match condition specifies the kind of route (IPv4, MPLS, 304 etc.) and the set of fields to match on. Figure 3 represents the 305 overall contents of a route. 307 route 308 | | | 309 +---------+ | +----------+ 310 | | | 311 0..N | | | 313 route-attribute match nexthop 314 | 315 | 316 +-------+-------+-------+--------+ 317 | | | | | 318 | | | | | 320 IPv4 IPv6 MPLS MAC Interface 322 Figure 3: Route model 324 This document specifies the following match types: 325 o IPv4: Match on destination and/or source IP address in the IPv4 326 header 327 o IPv6: Match on destination and/or source IP address in the IPv6 328 header 329 o MPLS: Match on a MPLS label at the top of the MPLS label stack 330 o MAC: Match on MAC destination addresses in the ethernet header 331 o Interface: Match on incoming interface of the packet 332 o IP multicast: Match on (S, G) or (*, G), where S and G are IP 333 addresses 335 Each route MUST have associated with it the following mandatory route 336 attributes. 337 o ROUTE_PREFERENCE: This is a numerical value that allows for 338 comparing routes from different protocols. Static configuration 339 is also considered a protocol for the purpose of this field. It 340 is also known as administrative-distance. The lower the value, 341 the higher the preference. For example there can be an OSPF route 342 for 192.0.2.1/32 (or IPv6 2001:DB8::1/32) with a preference of 5. 343 If a controller programs a route for 192.0.2.1/32 (or IPv6 2001: 344 DB8::1/32) with a preference of 2, then the controller's route 345 will be preferred by the RIB manager. Preference should be used 346 to dictate behavior. For more examples of preference, see 347 Section 7.1. 349 Each route can have associated with it one or more optional route 350 attributes. 351 o route-vendor-attributes: Vendors can specify vendor-specific 352 attributes using this. The details of this attribute is outside 353 the scope of this document. 355 2.4. Nexthop 357 A nexthop represents an object resulting from a route lookup. For 358 example, if a route lookup results in sending the packet out a given 359 interface, then the nexthop represents that interface. 361 Nexthops can be fully resolved nexthops or unresolved nexthop. A 362 resolved nexthop has adequate information to send the outgoing packet 363 to the destination by forwarding it on an interface to a directly 364 connected neighbor. For example, a nexthop to a point-to-point 365 interface or a nexthop to an IP address on an Ethernet interface has 366 the nexthop resolved. An unresolved nexthop is something that 367 requires the RIB manager to determine the final resolved nexthop. 368 For example, a nexthop could be an IP address. The RIB manager would 369 resolve how to reach that IP address, e.g. is the IP address 370 reachable by regular IP forwarding or by a MPLS tunnel or by both. 371 If the RIB manager cannot resolve the nexthop, then the nexthop 372 remains in an unresolved state and is NOT a candidate for 373 installation in the FIB. Future RIB events can cause an unresolved 374 nexthop to get resolved (like that IP address being advertised by an 375 IGP neighbor). Conversely resolved nexthops can also become 376 unresolved (e.g. in case of a tunnel going down) and hence would no 377 longer be candidates to be installed in the FIB. 379 When at least one of a route's nexthops is resolved, then the route 380 can be used to forward packets. Such a route is considered eligible 381 to be installed in the FIB and is henceforth referred to as a FIB- 382 eligible route. Conversely, when all the nexthops of a route are 383 unresolved that route can no longer be used to forward packets. Such 384 a route is considered ineligible to be installed in the FIB and is 385 henceforth referred to as a FIB-ineligible route. The RIB 386 information model allows an external entity to program routes whose 387 nexthops may be unresolved initially. Whenever an unresolved nexthop 388 gets resolved, the RIB manager will send a notification of the same 389 (see Section 5 ). 391 The overall structure and usage of a nexthop is as shown in the 392 figure below. 394 route 395 | 396 | 0..N 397 | 398 nexthop <-------------------------------+ 399 | | 400 +-------+----------------------------+-------------+ | 401 | | | | | | 402 | | | | | | 403 base load-balance protection replicate chain | 404 | | | | | | 405 | |2..N |2..N |2..N |1..N | 406 | | | | | | 407 | | V | | | 408 | +------------->+<------------+-------------+ | 409 | | | 410 | +-------------------------------------+ 411 | 412 +-------------------+ 413 | 414 | 415 | 416 | 417 +---------------+--------+--------+--------------+ 418 | | | | 419 | | | | 420 nexthop-id egress-interface logical-tunnel | 421 | 422 | 423 +---------------------------+ 424 | 425 +--------------+-----------+ 426 | | | 427 | | | 428 tunnel-encap tunnel-decap special-nexthop 430 Figure 4: Nexthop model 432 Nexthops can be identified by an identifier to create a level of 433 indirection. The identifier is set by the RIB manager and returned 434 to the external entity on request. The RIB data-model SHOULD support 435 a way to optionally receive a nexthop identifier for a given nexthop. 436 For example, one can create a nexthop that points to a BGP peer. The 437 returned nexthop identifier can then be used for programming routes 438 to point to the same nexthop. Given that the RIB manager has created 439 an indirection for that BGP peer using the nexthop identifier, if the 440 transport path to the BGP peer changes, that change in path will be 441 seamless to the external entity and all routes that point to that BGP 442 peer will automatically start going over the new transport path. 443 Nexthop indirection using identifiers could be applied to not just 444 unicast nexthops, but even to nexthops that contain chains and nested 445 nexthops (Section 2.4.1). 447 2.4.1. Nexthop types 449 This document specifies a very generic, extensible and recursive 450 grammar for nexthops. Nexthops can be 451 o Interface nexthops - pointing to an interface 452 o Tunnel nexthops - pointing to a tunnel 453 o Replication lists - list of nexthops to which to replicate a 454 packet 455 o Weighted lists - for load-balancing 456 o Preference lists - for protection using primary and backup 457 o Nexthop chains - for chaining multiple operations or attaching 458 multiple headers 459 o Lists of lists - recursive application of the above 460 o Indirect nexthops - pointing to a nexthop identifier 461 o Special nexthops - for performing specific well-defined functions 462 (e.g. drop) 463 It is expected that all network devices will have a limit on how many 464 levels of lookup can be performed and not all hardware will be able 465 to support all kinds of nexthops. RIB capability negotiation becomes 466 very important for this reason and a RIB data-model MUST specify a 467 way for an external entity to learn about the network device's 468 capabilities. Examples of when and how to use various kinds of 469 nexthops are shown in Section 7.2. 471 Tunnel nexthops allow an external entity to program static tunnel 472 headers. There can be cases where the remote tunnel end-point does 473 not support dynamic signaling (e.g. no LDP support on a host) and in 474 those cases the external entity might want to program the tunnel 475 header on both ends of the tunnel. The tunnel nexthop is kept 476 generic with specifications provided for some commonly used tunnels. 477 It is expected that the data-model will model these tunnel types with 478 complete accuracy. 480 Nexthop chains Section 7.2.5, is a way to perform multiple operations 481 on a packet by logically combining them. For example, one can chain 482 together "decapsulate MPLS header" and "send it out a specific 483 EGRESS_INTERFACE". Chains can be used to specify multiple headers 484 over a packet, before a packet is forwarded. One simple example is 485 that of MPLS over GRE, wherein the packet has an inner MPLS header 486 followed by a GRE header followed by an IP header. The outermost IP 487 header is decided by the network device whereas the MPLS header and 488 GRE header are specified by the controller. Not every network device 489 will be able to support all kinds of nexthop chains and an arbitrary 490 number of header chained together. The RIB data-model SHOULD provide 491 a way to expose nexthop chaining capability supported by a given 492 network device. 494 2.4.2. Nexthop list attributes 496 For nexthops that are of the form of a list(s), attributes can be 497 associated with each member of the list to indicate the role of an 498 individual member of the list. Two attributes are specified: 499 o NEXTHOP_PREFERENCE: This is used for protection schemes. It is an 500 integer value between 1 and 99. A lower value indicates higher 501 preference. To download a primary/standby pair to the FIB, the 502 nexthops that are resolved and have two highest preferences are 503 selected. Each should have a unique value 504 within a 505 * 506 (Section 6). 507 o NEXTHOP_LB_WEIGHT: This is used for load-balancing. Each list 508 member MUST be assigned a weight between 1 and 99. The weight 509 determines the proportion of traffic to be sent over a nexthop 510 used for forwarding as a ratio of the weight of this nexthop 511 divided by the weights of all the nexthops of this route that are 512 used for forwarding. To perform equal load-balancing, one MAY 513 specify a weight of "0" for all the member nexthops. The value 514 "0" is reserved for equal load-balancing and if applied, MUST be 515 applied to all member nexthops. 517 2.4.3. Nexthop content 519 At the lowest level, a nexthop can be one of: 520 o identifier: This is an identifier returned by the network device 521 representing a nexthop. This can be used as a way of re-using a 522 nexthop when programming complex nexthops. 523 o EGRESS_INTERFACE: This represents a physical, logical or virtual 524 interface on the network device. Address resolution must not be 525 required on this interface. This interface may belong to any 526 routing instance. 527 o IP address: A route lookup on this IP address is done to determine 528 the egress interface. Address resolution may be required 529 depending on the interface. 530 * An optional RIB name can also be specified to indicate the RIB 531 in which the IP address is to be looked up. One can use the 532 RIB name field to direct the packet from one domain into 533 another domain. By default the RIB will be the same as the one 534 that route belongs to. 535 o EGRESS_INTERFACE and IP address: This can be used in cases e.g. 536 where the IP address is a link-local address. 538 o EGRESS_INTERFACE and MAC address: The egress interface must be an 539 ethernet interface. Address resolution is not required for this 540 nexthop. 541 o tunnel encap: This can be an encap representing an IP tunnel or 542 MPLS tunnel or others as defined in this document. An optional 543 egress interface can be chained to the tunnel encap to indicate 544 which interface to send the packet out on. The egress interface 545 is useful when the network device contains Ethernet interfaces and 546 one needs to perform address resolution for the IP packet. 547 o tunnel decap: This is to specify decapsulating a tunnel header. 548 After decap, further lookup on the packet can be done via chaining 549 it with another nexthop. The packet can also be sent out via a 550 EGRESS_INTERFACE directly. 551 o logical tunnel: This can be a MPLS LSP or a GRE tunnel (or others 552 as defined in this document), that is represented by a unique 553 identifier (E.g. name). 554 o RIB_NAME: A nexthop pointing to a RIB indicates that the route 555 lookup needs to continue in the specified RIB. This is a way to 556 perform chained lookups. 558 2.4.4. Special nexthops 560 This document specifies certain special nexthops. The purpose of 561 each of them is explained below: 562 o DISCARD: This indicates that the network device should drop the 563 packet and increment a drop counter. 564 o DISCARD_WITH_ERROR: This indicates that the network device should 565 drop the packet, increment a drop counter and send back an 566 appropriate error message (like ICMP error). 567 o RECEIVE: This indicates that that the traffic is destined for the 568 network device. For example, protocol packets or OAM packets. 569 All locally destined traffic SHOULD be throttled to avoid a denial 570 of service attack on the router's control plane. An optional 571 rate-limiter can be specified to indicate how to throttle traffic 572 destined for the control plane. The description of the rate- 573 limiter is outside the scope of this document. 575 3. Reading from the RIB 577 A RIB data-model MUST allow an external entity to read entries, for 578 RIBs created by that entity. The network device administrator MAY 579 allow reading of other RIBs by an external entity through access 580 lists on the network device. The details of access lists are outside 581 the scope of this document. 583 The data-model MUST support a full read of the RIB and subsequent 584 incremental reads of changes to the RIB. An external agent SHOULD be 585 able to request a full read at any time in the lifecycle of the 586 connection. When sending data to an external entity, the RIB manager 587 SHOULD try to send all dependencies of an object prior to sending 588 that object. 590 4. Writing to the RIB 592 A RIB data-model MUST allow an external entity to write entries, for 593 RIBs created by that entity. The network device administrator MAY 594 allow writes to other RIBs by an external entity through access lists 595 on the network device. The details of access lists are outside the 596 scope of this document. 598 When writing an object to a RIB, the external entity SHOULD try to 599 write all dependencies of the object prior to sending that object. 600 The data-model SHOULD support requesting identifiers for nexthops and 601 collecting the identifiers back in the response. 603 Route programming in the RIB MUST result in a return code that 604 contains the following attributes: 605 o Installed - Yes/No (Indicates whether the route got installed in 606 the FIB) 607 o Active - Yes/No (Indicates whether a route is fully resolved and 608 is a candidate for selection) 609 o Reason - E.g. Not authorized 610 The data-model MUST specify which objects are modify-able objects. A 611 modify-able object is one whose contents can be changed without 612 having to change objects that depend on it and without affecting any 613 data forwarding. To change a non-modifiable object, one will need to 614 create a new object and delete the old one. For example, routes that 615 use a nexthop that is identified by a nexthop identifier should be 616 unaffected when the contents of that nexthop changes. 618 5. Notifications 620 Asynchronous notifications are sent by the network device's RIB 621 manager to an external entity when some event occurs on the network 622 device. A RIB data-model MUST support sending asynchronous 623 notifications. A brief list of suggested notifications is as below: 624 o Route change notification, with return code as specified in 625 Section 4 626 o Nexthop resolution status (resolved/unresolved) notification 628 6. RIB grammar 630 This section specifies the RIB information model in Routing Backus- 631 Naur Form [RFC5511]. This grammar is intended to help the reader 632 better understand the english text description in order to derive a 633 data model. However it may not provide all the detail provided by 634 the english text. When there is a lack of clarity in the grammar the 635 english text will take precedence. 637 ::= 638 [] 639 [] 641 ::= ( ...) 643 ::= ( ...) 644 ::= 645 [ ... ] 646 [ENABLE_IP_RPF_CHECK] 647 ::= | | 648 | 650 ::= 651 [] 652 [] 654 ::= | | 655 | | 656 657 ::= | | | | 659 ::= 660 ( | | 661 ( )) 662 ::= 663 ::= 664 ::= 666 ::= 667 ( | | 668 ( )) 669 ::= 670 ::= 671 ::= 672 ::= | | 674 ::= [] 675 [] 677 ::= | 678 | 679 680 ::= <> 681 ::= <> 682 ::= <> 683 ::= <> 685 ::= | 686 ( ) | 687 ( ) | 688 ( ) | 689 691 ::= | 692 | 693 | 694 | | 695 ( 696 ( | )) | 697 ( ) | 698 | | 699 | 700 ) 702 ::= 704 ::= | | 705 ( []) 707 ::= 708 ( = 711 ( )... 713 ::= ... 715 ::= ... 717 ::= 718 ::= | | | | | 720 ::= ( ) | 721 ( ) | 722 ( ) | 723 ( ) | 724 ( ) | 725 ( ) 727 ::= 728 [] [] 730 ::= 731 [] 732 [] [] 734 ::= ( ...) 735 ::= ( [] 736 [] []) | 737 ( 738 []) 740 ::= [] 741 ::= ( | ) 742 [] 743 ::= ( | ) 744 745 [] 747 ::= (( []) | 748 ( []) | 749 ( [])) 751 Figure 5: RIB rBNF grammar 753 6.1. Nexthop grammar explained 755 A nexthop is used to specify the next network element to forward the 756 traffic to. It is also used to specify how the traffic should be 757 load-balanced, protected using preference or multicasted using 758 replication. This is explicitly specified in the grammar. The 759 nexthop has recursion built-in to address complex use-cases like the 760 one defined in Section 7.2.6. 762 7. Using the RIB grammar 764 The RIB grammar is very generic and covers a variety of features. 765 This section provides examples on using objects in the RIB grammar 766 and examples to program certain use cases. 768 7.1. Using route preference 770 Using route preference a client can pre-install alternate paths in 771 the network. For example, if OSPF has a route preference of 10, then 772 another client can install a route with route preference of 20 to the 773 same destination. The OSPF route will get precedence and will get 774 installed in the FIB. When the OSPF route is withdrawn, the 775 alternate path will get installed in the FIB. 777 Route preference can also be used to prevent denial of service 778 attacks by installing routes with the best preference, which either 779 drops the offending traffic or routes it to some monitoring/analysis 780 station. Since the routes are installed with the best preference, 781 they will supersede any route installed by any other protocol. 783 7.2. Using different nexthops types 785 The RIB grammar allows one to create a variety of nexthops. This 786 section describes uses for certain types of nexthops. 788 7.2.1. Tunnel nexthops 790 A tunnel nexthop points to a tunnel of some kind. Traffic that goes 791 over the tunnel gets encapsulated with the tunnel encap. Tunnel 792 nexthops are useful for abstracting out details of the network, by 793 having the traffic seamlessly route between network edges. At the 794 end of a tunnel, the tunnel will get decapsulated. Thus the grammar 795 supports two kinds of operations, one for encap and another for 796 decap. 798 7.2.2. Replication lists 800 One can create a replication list for replicating traffic to multiple 801 destinations. The destinations, in turn, could be complex nexthops 802 in themselves - at a level supported by the network device. Point to 803 multipoint and broadcast are examples that involve replication. 805 A replication list (at the simplest level) can be represented as: 807 ::= [ ... ] 809 The above can be derived from the grammar as follows: 811 ::= 812 ::= ... 814 7.2.3. Weighted lists 816 A weighted list is used to load-balance traffic among a set of 817 nexthops. From a modeling perspective, a weighted list is very 818 similar to a replication list, with the difference that each member 819 nexthop MUST have a NEXTHOP_LB_WEIGHT associated with it. 821 A weighted list (at the simplest level) can be represented as: 823 ::= ( ) 824 [( )... ] 826 The above can be derived from the grammar as follows: 828 ::= 829 ::= 830 831 ( ) ... 832 ::= ( ) 833 ( ) ... 835 7.2.4. Protection 837 A primary/backup protection can be represented as: 839 ::= <1> 840 <2> ) 842 The above can be derived from the grammar as follows: 844 ::= 845 ::= ( 846 ( )...) 847 ::= ( 848 ( )) 849 ::= (( 850 ( )) 851 ::= (<1> 852 (<2> )) 854 Traffic can be load-balanced among multiple primary nexthops and a 855 single backup. In such a case, the nexthop will look like: 857 ::= (<1> 858 ( 859 ( 860 ( ) ...)) 861 <2> ) 863 A backup can also have another backup. In such a case, the list will 864 look like: 866 ::= (<1> 867 <2> (<1> <2> )) 869 7.2.5. Nexthop chains 871 A nexthop chain is a way to perform multiple operations on a packet 872 by logically combining them. For example, when a VPN packet comes on 873 the WAN interface and has to be forwarded to the correct VPN 874 interface, one needs to POP the VPN label before sending the packet 875 out. Using a nexthop chain, one can chain together "pop MPLS header" 876 and "send it out a specific EGRESS_INTERFACE". 878 The above example can be derived from the grammar as follows: 880 ::= 881 ::= 882 ::= 883 ::= ( ) 885 Elements in a nexthop-chain are evaluated left to right. 887 A nexthop chain can also be used to put one or more headers on an 888 outgoing packet. One example is a Pseudowire - which is MPLS over 889 some transport (MPLS or GRE for instance). Another example is VxLAN 890 over IP. A nexthop chain thus allows an external entity to break up 891 the programming of the nexthop into independent pieces - one per 892 encapsulation. 894 A simple example of MPLS over GRE can be represented as: 896 ::= ( ) ( ) 897 899 The above can be derived from the grammar as follows: 901 ::= 902 ::= 903 ::= 904 ::= ( ) ( ) 905 907 7.2.6. Lists of lists 909 Lists of lists is a complex construct. One example of usage of such 910 a construct is to replicate traffic to multiple destinations, with 911 load balancing. In other words, for each branch of the replication 912 tree, there are multiple interfaces on which traffic needs to be 913 load-balanced on. So the outer list is a replication list for 914 multicast and the inner lists are weighted lists for load balancing. 915 Lets take an example of a network element has to replicate traffic to 916 two other network elements. Traffic to the first network element 917 should be load balanced equally over two interfaces outgoing-1-1 and 918 outgoing-1-2. Traffic to the second network element should be load 919 balanced over three interfaces outgoing-2-1, outgoing-2-2 and 920 outgoing-2-3 in the ratio 20:20:60. 922 This can be derived from the grammar as follows: 924 ::= 925 ::= ( ...) 926 ::= ( ) 927 ::= (( ) 928 ( )) 929 ::= (( 930 ( 931 ( ) ...)) 932 (( 933 ( 934 ( ) ...)) 935 ::= (( 936 ( 937 ( ))) 938 (( 939 ( 940 ( ) 941 ( ))) 942 ::= (( 943 ( ) 944 ( ))) 945 (( 946 ( ) 947 ( ) 948 ( ))) 949 ::= 950 (( 951 (50 ) 952 (50 ))) 953 (( 954 (20 ) 955 (20 ) 956 (60 ))) 958 7.3. Performing multicast 960 IP multicast involves matching a packet on (S, G) or (*, G), where 961 both S (source) and G (group) are IP prefixes. Following the match, 962 the packet is replicated to one or more recipients. How the 963 recipients subscribe to the multicast group is outside the scope of 964 this document. 966 In PIM-based multicast, the packets are IP forwarded on an IP 967 multicast tree. The downstream nodes on each point in the multicast 968 tree is one or more IP addresses. These can be represented as a 969 replication list ( Section 7.2.2 ). 971 In MPLS-based multicast, the packets are forwarded on a point to 972 multipoint (P2MP) label-switched path (LSP). The nexthop for a P2MP 973 LSP can be represented in the nexthop grammar as a 974 (P2MP LSP identifier) or a replication list ( Section 7.2.2) of 975 , with each tunnel encap representing a single mpls 976 downstream nexthop. 978 8. RIB operations at scale 980 This section discusses the scale requirements for a RIB data-model. 981 The RIB data-model should be able to handle large scale of 982 operations, to enable deployment of RIB applications in large 983 networks. 985 8.1. RIB reads 987 Bulking (grouping of multiple objects in a single message) MUST be 988 supported when a network device sends RIB data to an external entity. 989 Similarly the data model MUST enable a RIB client to request data in 990 bulk from a network device. 992 8.2. RIB writes 994 Bulking (grouping of multiple write operations in a single message) 995 MUST be supported when an external entity wants to write to the RIB. 996 The response from the network device MUST include a return-code for 997 each write operation in the bulk message. 999 8.3. RIB events and notifications 1001 There can be cases where a single network event results in multiple 1002 events and/or notifications from the network device to an external 1003 entity. On the other hand, due to timing of multiple things 1004 happening at the same time, a network device might have to send 1005 multiple events and/or notifications to an external entity. The 1006 network device originated event/notification message MUST support 1007 bulking of multiple events and notifications in a single message. 1009 9. Security Considerations 1011 All interactions between a RIB manager and an external entity MUST be 1012 authenticated and authorized. The RIB manager MUST protect itself 1013 against a denial of service attack by a rogue external entity, by 1014 throttling request processing. A RIB manager MUST enforce limits on 1015 how much data can be programmed by an external entity and return 1016 error when such a limit is reached. 1018 The RIB manager MUST expose a data-model that it implements. An 1019 external agent MUST send requests to the RIB manager that comply with 1020 the supported data-model. The data-model MUST specify the behavior 1021 of the RIB manager on handling of unsupported data requests. 1023 10. IANA Considerations 1025 This document does not generate any considerations for IANA. 1027 11. Acknowledgements 1029 The authors would like to thank Ron Folkes, Jeffrey Zhang, the 1030 working group co-chairs and reviewers on their comments and 1031 suggestions on this draft. The following people contributed to the 1032 design of the RIB model as part of the I2RS Interim meeting in April 1033 2013 - Wes George, Chris Liljenstolpe, Jeff Tantsura, Susan Hares and 1034 Fabian Schneider. 1036 12. References 1038 12.1. Normative References 1040 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1041 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1042 RFC2119, March 1997, 1043 . 1045 12.2. Informative References 1047 [I-D.hares-i2rs-use-case-vn-vc] 1048 Hares, S. and M. Chen, "Use Cases for Virtual Connections 1049 on Demand (VCoD) and Virtual Network on Demand (VNoD) 1050 using Interface to Routing System", 1051 draft-hares-i2rs-use-case-vn-vc-03 (work in progress), 1052 July 2014. 1054 [I-D.white-i2rs-use-case] 1055 White, R., Hares, S., and A. Retana, "Protocol Independent 1056 Use Cases for an Interface to the Routing System", 1057 draft-white-i2rs-use-case-06 (work in progress), 1058 July 2014. 1060 [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. 1061 Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", 1062 RFC 4915, DOI 10.17487/RFC4915, June 2007, 1063 . 1065 [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi 1066 Topology (MT) Routing in Intermediate System to 1067 Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/ 1068 RFC5120, February 2008, 1069 . 1071 [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax 1072 Used to Form Encoding Rules in Various Routing Protocol 1073 Specifications", RFC 5511, DOI 10.17487/RFC5511, 1074 April 2009, . 1076 [RFC7920] Atlas, A., Ed., Nadeau, T., Ed., and D. Ward, "Problem 1077 Statement for the Interface to the Routing System", 1078 RFC 7920, DOI 10.17487/RFC7920, June 2016, 1079 . 1081 Authors' Addresses 1083 Nitin Bahadur (editor) 1084 Bracket Computing 1085 150 West Evelyn Ave, Suite 200 1086 Mountain View, CA 94041 1087 US 1089 Email: nitin_bahadur@yahoo.com 1091 Sriganesh Kini (editor) 1093 Email: sriganeshkini@gmail.com 1095 Jan Medved 1096 Cisco 1098 Email: jmedved@cisco.com