idnits 2.17.1 draft-ietf-i2rs-rib-info-model-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 422 has weird spacing: '... base load...' == Line 439 has weird spacing: '...thop-id egres...' == Line 447 has weird spacing: '...l-encap tunne...' -- The document date (February 13, 2018) is 2235 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group N. Bahadur, Ed. 3 Internet-Draft Uber 4 Intended status: Informational S. Kini, Ed. 5 Expires: August 17, 2018 6 J. Medved 7 Cisco 8 February 13, 2018 10 Routing Information Base Info Model 11 draft-ietf-i2rs-rib-info-model-14 13 Abstract 15 Routing and routing functions in enterprise and carrier networks are 16 typically performed by network devices (routers and switches) using a 17 routing information base (RIB). Protocols and configuration push 18 data into the RIB and the RIB manager installs state into the 19 hardware; for packet forwarding. This draft specifies an information 20 model for the RIB to enable defining a standardized data model, and 21 it was used by the IETF's I2RS WG to design the I2RS RIB data model. 22 It is being published to record the higher level informational model 23 decisions for RIBs so that other developers of RIBs may benefit from 24 the design concepts. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 17, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 1.1. Conventions used in this document . . . . . . . . . . . . 5 62 2. RIB data . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 2.1. RIB definition . . . . . . . . . . . . . . . . . . . . . . 5 64 2.2. Routing instance . . . . . . . . . . . . . . . . . . . . . 6 65 2.3. Route . . . . . . . . . . . . . . . . . . . . . . . . . . 7 66 2.4. Nexthop . . . . . . . . . . . . . . . . . . . . . . . . . 8 67 2.4.1. Base nexthop . . . . . . . . . . . . . . . . . . . . . 11 68 2.4.2. Derived nexthops . . . . . . . . . . . . . . . . . . . 12 69 2.4.3. Nexthop indirection . . . . . . . . . . . . . . . . . 13 70 3. Reading from the RIB . . . . . . . . . . . . . . . . . . . . . 14 71 4. Writing to the RIB . . . . . . . . . . . . . . . . . . . . . . 14 72 5. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 14 73 6. RIB grammar . . . . . . . . . . . . . . . . . . . . . . . . . 15 74 6.1. Nexthop grammar explained . . . . . . . . . . . . . . . . 18 75 7. Using the RIB grammar . . . . . . . . . . . . . . . . . . . . 18 76 7.1. Using route preference . . . . . . . . . . . . . . . . . . 18 77 7.2. Using different nexthops types . . . . . . . . . . . . . . 18 78 7.2.1. Tunnel nexthops . . . . . . . . . . . . . . . . . . . 18 79 7.2.2. Replication lists . . . . . . . . . . . . . . . . . . 19 80 7.2.3. Weighted lists . . . . . . . . . . . . . . . . . . . . 19 81 7.2.4. Protection . . . . . . . . . . . . . . . . . . . . . . 20 82 7.2.5. Nexthop chains . . . . . . . . . . . . . . . . . . . . 20 83 7.2.6. Lists of lists . . . . . . . . . . . . . . . . . . . . 21 84 7.3. Performing multicast . . . . . . . . . . . . . . . . . . . 22 85 8. RIB operations at scale . . . . . . . . . . . . . . . . . . . 23 86 8.1. RIB reads . . . . . . . . . . . . . . . . . . . . . . . . 23 87 8.2. RIB writes . . . . . . . . . . . . . . . . . . . . . . . . 23 88 8.3. RIB events and notifications . . . . . . . . . . . . . . . 23 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 91 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 92 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 93 12.1. Normative References . . . . . . . . . . . . . . . . . . . 24 94 12.2. Informative References . . . . . . . . . . . . . . . . . . 25 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 97 1. Introduction 99 Routing and routing functions in enterprise and carrier networks are 100 traditionally performed in network devices. Traditionally routers 101 run routing protocols and the routing protocols (along with static 102 config) populate the Routing information base (RIB) of the router. 103 The RIB is managed by the RIB manager and the RIB manager provides a 104 north-bound interface to its clients i.e. the routing protocols to 105 insert routes into the RIB. The RIB manager consults the RIB and 106 decides how to program the forwarding information base (FIB) of the 107 hardware by interfacing with the FIB manager. The relationship 108 between these entities is shown in Figure 1. 110 +-------------+ +-------------+ 111 |RIB client 1 | ...... |RIB client N | 112 +-------------+ +-------------+ 113 ^ ^ 114 | | 115 +----------------------+ 116 | 117 V 118 +---------------------+ 119 |RIB manager | 120 | | 121 | +-----+ | 122 | | RIB | | 123 | +-----+ | 124 +---------------------+ 125 ^ 126 | 127 +---------------------------------+ 128 | | 129 V V 130 +-------------+ +-------------+ 131 |FIB manager 1| |FIB manager M| 132 | +-----+ | .......... | +-----+ | 133 | | FIB | | | | FIB | | 134 | +-----+ | | +-----+ | 135 +-------------+ +-------------+ 137 Figure 1: RIB manager, RIB clients and FIB managers 139 Routing protocols are inherently distributed in nature and each 140 router makes an independent decision based on the routing data 141 received from its peers. With the advent of newer deployment 142 paradigms and the need for specialized applications, there is an 143 emerging need to guide the router's routing function [RFC7920]. 144 Traditional network-device protocol-based RIB population suffices for 145 most use cases where distributed network control is used. However 146 there are use cases which the network operators currently address by 147 configuring static routes, policies and RIB import/export rules on 148 the routers. There is also a growing list of use cases in which a 149 network operator might want to program the RIB based on data 150 unrelated to just routing (within that network's domain). 151 Programming the RIB could be based on other information such as 152 routing data in the adjacent domain or the load on storage and 153 compute in the given domain. Or it could simply be a programmatic 154 way of creating on-demand dynamic overlays (e.g. GRE tunnels) 155 between compute hosts (without requiring the hosts to run traditional 156 routing protocols). If there was a standardized publicly documented 157 programmatic interface to a RIB, it would enable further networking 158 applications that address a variety of use-cases [RFC7920]. 160 A programmatic interface to the RIB involves 2 types of operations - 161 reading from the RIB and writing (adding/modifying/deleting) to the 162 RIB. 164 In order to understand what is in a router's RIB, methods like per- 165 protocol SNMP MIBs and show output screen scraping are used. These 166 methods are not scalable, since they are client pull mechanisms and 167 not proactive push (from the router) mechanisms. Screen scraping is 168 error prone (since the output format can change) and is vendor 169 dependent. Building a RIB from per-protocol MIBs is error prone 170 since the MIB data represent protocol data and not the exact 171 information that went into the RIB. Thus, just getting read-only RIB 172 information from a router is a hard task. 174 Adding content to the RIB from an external entity can be done today 175 using static configuration mechanisms provided by router vendors. 176 However the mix of what can be modified in the RIB varies from vendor 177 to vendor and the method of configuring it is also vendor dependent. 178 This makes it hard for an external entity to program a multi-vendor 179 network in a consistent and vendor-independent way. 181 The purpose of this draft is to specify an information model for the 182 RIB. Using the information model, one can build a detailed data 183 model for the RIB. That data model could then be used by an external 184 entity to program a network device. 186 The rest of this document is organized as follows. Section 2 goes 187 into the details of what constitutes and can be programmed in a RIB. 188 Guidelines for reading and writing the RIB are provided in Section 3 189 and Section 4 respectively. Section 5 provides a high-level view of 190 the events and notifications going from a network device to an 191 external entity, to update the external entity on asynchronous 192 events. The RIB grammar is specified in Section 6. Examples of 193 using the RIB grammar are shown in Section 7. Section 8 covers 194 considerations for performing RIB operations at scale. 196 1.1. Conventions used in this document 198 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 199 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 200 document are to be interpreted as described in [RFC2119]. 202 2. RIB data 204 This section describes the details of a RIB. It makes forward 205 references to objects in the RIB grammar (Section 6). A high-level 206 description of the RIB contents is as shown in Figure 2. Please note 207 that for ease of ASCII art representation this drawing shows a single 208 routing-instance, a single, RIB, and a single route. Sub-sections of 209 this Section describe the logical data nodes that should be contained 210 within a RIB. Section 3 and Section 4 describe the high level read 211 and write operations. 213 network-device 214 | 215 | 0..N 216 | 217 routing-instance (s) 218 | | 219 | | 220 0..N | | 0..N 221 | | 222 interface(s) RIB(s) 223 | 224 | 225 | 0..N 226 | 227 route(s) 229 Figure 2: RIB model 231 2.1. RIB definition 233 A RIB is an entity that contains routes. A RIB is identified by its 234 name and a RIB is contained within a routing instance (Section 2.2). 235 There MAY be many routing instances and each routing intance MAY 236 contain 1 or more RIBs. The name MUST be unique within a routing 237 instance. All routes in a given RIB MUST be of the same rib family 238 (e.g. IPv4). Each RIB MUST belong to a routing instance. 240 A routing instance MAY have multiple RIBs. A routing instance MAY 241 even have two or more RIBs of the same rib family (e.g. IPv6). A 242 typical case where this can be used is for multi-topology routing 243 ([RFC4915], [RFC5120]). 245 Each RIB MAY be optionally associated with a ENABLE_IP_RPF_CHECK 246 attribute that enables Reverse path forwarding (RPF) checks on all IP 247 routes in that RIB. Reverse path forwarding (RPF) check is used to 248 prevent spoofing and limit malicious traffic. For IP packets, the IP 249 source address is looked up and the rpf interface(s) associated with 250 the route for that IP source address is found. If the incoming IP 251 packet's interface matches one of the rpf interface(s), then the IP 252 packet is forwarded based on its IP destination address; otherwise, 253 the IP packet is discarded. 255 2.2. Routing instance 257 A routing instance, in the context of the RIB information model, is a 258 collection of RIBs, interfaces, and routing parameters. A routing 259 instance creates a logical slice of the router. It allows different 260 logical slices; across a set of routers; to communicate with each 261 other. Layer 3 Virtual Private Networks (VPN), Layer 2 VPNs (L2VPN) 262 and Virtual Private Lan Service (VPLS) can be modeled as routing 263 instances. Note that modeling a Layer 2 VPN using a routing instance 264 only models the Layer-3 (RIB) aspect and does not model any layer-2 265 information (like ARP) that might be associated with the L2VPN. 267 The set of interfaces indicates which interfaces are associated with 268 this routing instance. The RIBs specify how incoming traffic is to 269 be forwarded. And the routing parameters control the information in 270 the RIBs. The intersection set of interfaces of 2 routing instances 271 MUST be the null set. In other words, an interface MUST NOT be 272 present in 2 routing instances. Thus a routing instance describes 273 the routing information and parameters across a set of interfaces. 275 A routing instance MUST contain the following mandatory fields. 276 o INSTANCE_NAME: A routing instance is identified by its name, 277 INSTANCE_NAME. This MUST be unique across all routing instances 278 in a given network device. 279 o rib-list: This is the list of RIBs associated with this routing 280 instance. Each routing instance can have multiple RIBs to 281 represent routes of different types. For example, one would put 282 IPv4 routes in one RIB and MPLS routes in another RIB. 284 A routing instance MAY contain the following optional fields. 285 o interface-list: This represents the list of interfaces associated 286 with this routing instance. The interface list helps constrain 287 the boundaries of packet forwarding. Packets coming on these 288 interfaces are directly associated with the given routing 289 instance. The interface list contains a list of identifiers, with 290 each identifier uniquely identifying an interface. 291 o ROUTER_ID: The router-id field identifies the network device in 292 control plane interactions with other network devices. This field 293 is to be used if one wants to virtualize a physical router into 294 multiple virtual routers. Each virtual router MUST have a unique 295 router-id. ROUTER_ID MUST be unique across all network devices in 296 a given domain. 297 A routing instance may be created purely for the purposes of packet 298 processing and may not have any interfaces associated with it. For 299 example, an incoming packet in routing instance A might have a 300 nexthop of routing instance B and after packet processing in B, the 301 nexthop might be routing instance C. Thus, routing instance B is not 302 associated with any interface. And given that this routing instance 303 does not do any control plane interaction with other network devices, 304 a ROUTER_ID is also not needed. 306 2.3. Route 308 A route is essentially a match condition and an action following the 309 match. The match condition specifies the kind of route (IPv4, MPLS, 310 etc.) and the set of fields to match on. Figure 3 represents the 311 overall contents of a route. Please note that for ease of depiction 312 in ASCII art only a single instance of the route attribute, match 313 flags, or nexthop is depicted. 315 route 316 | | | 317 +---------+ | +----------+ 318 | | | 319 0..N | | | 321 route-attribute match nexthop 322 | 323 | 324 +-------+-------+-------+--------+ 325 | | | | | 326 | | | | | 328 IPv4 IPv6 MPLS MAC Interface 330 Figure 3: Route model 332 This document specifies the following match types: 333 o IPv4: Match on destination and/or source IP address in the IPv4 334 header 335 o IPv6: Match on destination and/or source IP address in the IPv6 336 header 337 o MPLS: Match on a MPLS label at the top of the MPLS label stack 338 o MAC: Match on MAC destination addresses in the ethernet header 339 o Interface: Match on incoming interface of the packet 341 A route MAY be matched on one or more these match types by policy as 342 either an "AND" (to restrict the number of routes) or an "OR" (to 343 combine two filters). 345 Each route MUST have associated with it the following mandatory route 346 attributes. 347 o ROUTE_PREFERENCE: This is a numerical value that allows for 348 comparing routes from different protocols. Static configuration 349 is also considered a protocol for the purpose of this field. It 350 is also known as administrative-distance. The lower the value, 351 the higher the preference. For example there can be an OSPF route 352 for 192.0.2.1/32 (or IPv6 2001:DB8::1/32) with a preference of 5. 353 If a controller programs a route for 192.0.2.1/32 (or IPv6 2001: 354 DB8::1/32) with a preference of 2, then the controller's route 355 will be preferred by the RIB manager. Preference should be used 356 to dictate behavior. For more examples of preference, see 357 Section 7.1. 359 Each route can have associated with it one or more optional route 360 attributes. 361 o route-vendor-attributes: Vendors can specify vendor-specific 362 attributes using this. The details of this attribute is outside 363 the scope of this document. 365 Each route has associated with it a Nexthop. Nexthop is described in 366 Section 2.4. 368 Additional features to match multicast packets were considered (E.g. 369 TTL of the packet to limit the range of a multicast group), but these 370 were not added to this information model. Future RIB information 371 models should investigate these multicast features. 373 2.4. Nexthop 375 A nexthop represents an object resulting from a route lookup. For 376 example, if a route lookup results in sending the packet out a given 377 interface, then the nexthop represents that interface. 379 Nexthops can be fully resolved nexthops or unresolved nexthop. A 380 resolved nexthop has adequate information to send the outgoing packet 381 to the destination by forwarding it on an interface to a directly 382 connected neighbor. For example, a nexthop to a point-to-point 383 interface or a nexthop to an IP address on an Ethernet interface has 384 the nexthop resolved. An unresolved nexthop is something that 385 requires the RIB manager to determine the final resolved nexthop. 386 For example, a nexthop could be an IP address. The RIB manager would 387 resolve how to reach that IP address, e.g. is the IP address 388 reachable by regular IP forwarding or by a MPLS tunnel or by both. 389 If the RIB manager cannot resolve the nexthop, then the nexthop 390 remains in an unresolved state and is NOT a candidate for 391 installation in the FIB. Future RIB events can cause an unresolved 392 nexthop to get resolved (like that IP address being advertised by an 393 IGP neighbor). Conversely resolved nexthops can also become 394 unresolved (e.g. in case of a tunnel going down) and hence would no 395 longer be candidates to be installed in the FIB. 397 When at least one of a route's nexthops is resolved, then the route 398 can be used to forward packets. Such a route is considered eligible 399 to be installed in the FIB and is henceforth referred to as a FIB- 400 eligible route. Conversely, when all the nexthops of a route are 401 unresolved that route can no longer be used to forward packets. Such 402 a route is considered ineligible to be installed in the FIB and is 403 henceforth referred to as a FIB-ineligible route. The RIB 404 information model allows an external entity to program routes whose 405 nexthops may be unresolved initially. Whenever an unresolved nexthop 406 gets resolved, the RIB manager will send a notification of the same 407 (see Section 5 ). 409 The overall structure and usage of a nexthop is as shown in the 410 figure below. For ease of ASCII art depiction, only a single 411 instance of any component of the nexthop is shown in Figure 4. 413 route 414 | 415 | 0..N 416 | 417 nexthop <-------------------------------+ 418 | | 419 +-------+----------------------------+-------------+ | 420 | | | | | | 421 | | | | | | 422 base load-balance protection replicate chain | 423 | | | | | | 424 | |2..N |2..N |2..N |1..N | 425 | | | | | | 426 | | V | | | 427 | +------------->+<------------+-------------+ | 428 | | | 429 | +-------------------------------------+ 430 | 431 +-------------------+ 432 | 433 | 434 | 435 | 436 +---------------+--------+--------+--------------+----------+ 437 | | | | | 438 | | | | | 439 nexthop-id egress-interface ip-address logical-tunnel | 440 | 441 | 442 +--------------------------------------+ 443 | 444 +--------------+----------+-------------+ 445 | | | | 446 | | | | 447 tunnel-encap tunnel-decap rib-name special-nexthop 449 Figure 4: Nexthop model 451 This document specifies a very generic, extensible and recursive 452 grammar for nexthops. A nexthop can be a base nexthop or a derived 453 nexthop. Section 2.4.1 details base nexthops and Section 2.4.2 454 explains various kinds of derived nexthops. There are certain 455 special nexthops and those are described in Section 2.4.1.1. Lastly, 456 Section 2.4.3 delves into nexthop indirection and it's use. Examples 457 of when and how to use tunnel nexthops and derived nexthops are shown 458 in Section 7.2. 460 2.4.1. Base nexthop 462 At the lowest level, a nexthop can be one of: 463 o Identifier: This is an identifier returned by the network device 464 representing a nexthop. This can be used as a way of re-using a 465 nexthop when programming derived nexthops. 466 o Interface nexthops - nexthops pointing to an interface. Various 467 attributes associated with these nexthops are: 468 * EGRESS_INTERFACE: This represents a physical, logical or 469 virtual interface on the network device. Address resolution 470 must not be required on this interface. This interface may 471 belong to any routing instance. 472 * IP address: A route lookup on this IP address is done to 473 determine the egress interface. Address resolution may be 474 required depending on the interface. 475 + An optional RIB name can also be specified to indicate the 476 RIB in which the IP address is to be looked up. One can use 477 the RIB name field to direct the packet from one domain into 478 another domain. By default the RIB will be the same as the 479 one that route belongs to. 480 These attributes can be used in combination as follows: 481 * EGRESS_INTERFACE and IP address: This can be used in cases e.g. 482 where the IP address is a link-local address. 483 * EGRESS_INTERFACE and MAC address: The egress interface must be 484 an ethernet interface. Address resolution is not required for 485 this nexthop. 486 o Tunnel nexthops - nexthops pointing to a tunnel. Various types of 487 tunnel nexthops are: 488 * tunnel encap: This can be an encap representing an IP tunnel or 489 MPLS tunnel or others as defined in this document. An optional 490 egress interface can be chained to the tunnel encap to indicate 491 which interface to send the packet out on. The egress 492 interface is useful when the network device contains Ethernet 493 interfaces and one needs to perform address resolution for the 494 IP packet. 495 * tunnel decap: This is to specify decapsulating a tunnel header. 496 After decap, further lookup on the packet can be done via 497 chaining it with another nexthop. The packet can also be sent 498 out via a EGRESS_INTERFACE directly. 499 * logical tunnel: This can be a MPLS LSP or a GRE tunnel (or 500 others as defined in this document), that is represented by a 501 unique identifier (E.g. name). 502 o RIB_NAME: A nexthop pointing to a RIB. This indicates that the 503 route lookup needs to continue in the specified RIB. This is a 504 way to perform chained lookups. 506 Tunnel nexthops allow an external entity to program static tunnel 507 headers. There can be cases where the remote tunnel end-point does 508 not support dynamic signaling (e.g. no LDP support on a host) and in 509 those cases the external entity might want to program the tunnel 510 header on both ends of the tunnel. The tunnel nexthop is kept 511 generic with specifications provided for some commonly used tunnels. 512 It is expected that the data-model will model these tunnel types with 513 complete accuracy. 515 2.4.1.1. Special nexthops 517 Special nexthops are for performing specific well-defined functions 518 (e.g. drop). The purpose of each of them is explained below: 519 o DISCARD: This indicates that the network device should drop the 520 packet and increment a drop counter. 521 o DISCARD_WITH_ERROR: This indicates that the network device should 522 drop the packet, increment a drop counter and send back an 523 appropriate error message (like ICMP error). 524 o RECEIVE: This indicates that that the traffic is destined for the 525 network device. For example, protocol packets or OAM packets. 526 All locally destined traffic SHOULD be throttled to avoid a denial 527 of service attack on the router's control plane. An optional 528 rate-limiter can be specified to indicate how to throttle traffic 529 destined for the control plane. The description of the rate- 530 limiter is outside the scope of this document. 532 2.4.2. Derived nexthops 534 Derived nexthops can be: 535 o Weighted lists - for load-balancing 536 o Preference lists - for protection using primary and backup 537 o Replication lists - list of nexthops to which to replicate a 538 packet 539 o Nexthop chains - for chaining multiple operations or attaching 540 multiple headers 541 o Lists of lists - recursive application of the above 543 Nexthop chains (See Section 7.2.5 for usage), is a way to perform 544 multiple operations on a packet by logically combining them. For 545 example, one can chain together "decapsulate MPLS header" and "send 546 it out a specific EGRESS_INTERFACE". Chains can be used to specify 547 multiple headers over a packet, before a packet is forwarded. One 548 simple example is that of MPLS over GRE, wherein the packet has an 549 inner MPLS header followed by a GRE header followed by an IP header. 550 The outermost IP header is decided by the network device whereas the 551 MPLS header and GRE header are specified by the controller. Not 552 every network device will be able to support all kinds of nexthop 553 chains and an arbitrary number of header chained together. The RIB 554 data-model SHOULD provide a way to expose nexthop chaining capability 555 supported by a given network device. 557 It is expected that all network devices will have a limit on how many 558 levels of lookup can be performed and not all hardware will be able 559 to support all kinds of nexthops. RIB capability negotiation becomes 560 very important for this reason and a RIB data-model MUST specify a 561 way for an external entity to learn about the network device's 562 capabilities. 564 2.4.2.1. Nexthop list attributes 566 For nexthops that are of the form of a list(s), attributes can be 567 associated with each member of the list to indicate the role of an 568 individual member of the list. Two attributes are specified: 569 o NEXTHOP_PREFERENCE: This is used for protection schemes. It is an 570 integer value between 1 and 99. A lower value indicates higher 571 preference. To download a primary/standby pair to the FIB, the 572 nexthops that are resolved and have two highest preferences are 573 selected. Each should have a unique value 574 within a 575 * 576 (Section 6). 577 o NEXTHOP_LB_WEIGHT: This is used for load-balancing. Each list 578 member MUST be assigned a weight between 1 and 99. The weight 579 determines the proportion of traffic to be sent over a nexthop 580 used for forwarding as a ratio of the weight of this nexthop 581 divided by the weights of all the nexthops of this route that are 582 used for forwarding. To perform equal load-balancing, one MAY 583 specify a weight of "0" for all the member nexthops. The value 584 "0" is reserved for equal load-balancing and if applied, MUST be 585 applied to all member nexthops. 587 2.4.3. Nexthop indirection 589 Nexthops can be identified by an identifier to create a level of 590 indirection. The identifier is set by the RIB manager and returned 591 to the external entity on request. 593 One example of usage of indirection is a nexthop that points to 594 another network device (Eg. BGP peer). The returned nexthop 595 identifier can then be used for programming routes to point to the 596 this nexthop. Given that the RIB manager has created an indirection 597 using the nexthop identifier, if the transport path to the network 598 device (BGP peer) changes, that change in path will be seamless to 599 the external entity and all routes that point to that network device 600 will automatically start going over the new transport path. Nexthop 601 indirection using identifiers could be applied to not just unicast 602 nexthops, but even to nexthops that contain chains and nested 603 nexthops. See (Section 2.4.2) for examples. 605 3. Reading from the RIB 607 A RIB data-model MUST allow an external entity to read entries, for 608 RIBs created by that entity. The network device administrator MAY 609 allow reading of other RIBs by an external entity through access 610 lists on the network device. The details of access lists are outside 611 the scope of this document. 613 The data-model MUST support a full read of the RIB and subsequent 614 incremental reads of changes to the RIB. An external agent SHOULD be 615 able to request a full read at any time in the lifecycle of the 616 connection. When sending data to an external entity, the RIB manager 617 SHOULD try to send all dependencies of an object prior to sending 618 that object. 620 4. Writing to the RIB 622 A RIB data-model MUST allow an external entity to write entries, for 623 RIBs created by that entity. The network device administrator MAY 624 allow writes to other RIBs by an external entity through access lists 625 on the network device. The details of access lists are outside the 626 scope of this document. 628 When writing an object to a RIB, the external entity SHOULD try to 629 write all dependencies of the object prior to sending that object. 630 The data-model SHOULD support requesting identifiers for nexthops and 631 collecting the identifiers back in the response. 633 Route programming in the RIB MUST result in a return code that 634 contains the following attributes: 635 o Installed - Yes/No (Indicates whether the route got installed in 636 the FIB) 637 o Active - Yes/No (Indicates whether a route is fully resolved and 638 is a candidate for selection) 639 o Reason - E.g. Not authorized 640 The data-model MUST specify which objects can be modified. An object 641 that can be modified is one whose contents can be changed without 642 having to change objects that depend on it and without affecting any 643 data forwarding. To change a non-modifiable object, one will need to 644 create a new object and delete the old one. For example, routes that 645 use a nexthop that is identified by a nexthop identifier should be 646 unaffected when the contents of that nexthop changes. 648 5. Notifications 650 Asynchronous notifications are sent by the network device's RIB 651 manager to an external entity when some event occurs on the network 652 device. A RIB data-model MUST support sending asynchronous 653 notifications. A brief list of suggested notifications is as below: 654 o Route change notification, with return code as specified in 655 Section 4 656 o Nexthop resolution status (resolved/unresolved) notification 658 6. RIB grammar 660 This section specifies the RIB information model in Routing Backus- 661 Naur Form [RFC5511]. This grammar is intended to help the reader 662 better understand Section 2 in order to derive a data model. 664 ::= 665 [] 666 [] 668 ::= ( ...) 670 ::= ( ...) 671 ::= 672 [ ... ] 673 [ENABLE_IP_RPF_CHECK] 674 ::= | | 675 | 677 ::= 678 [] 679 [] 681 ::= | | 682 | | 683 684 ::= | | | | 686 ::= 687 ( | | 688 ( )) 689 ::= 690 ::= 691 ::= 692 ::= 693 ( | | 694 ( )) 695 ::= 696 ::= 697 ::= 698 ::= | | 700 ::= [] 701 [] 703 ::= | 704 | 705 706 ::= <> 707 ::= <> 708 ::= <> 709 ::= <> 711 ::= | 712 ( ) | 713 ( ) | 714 ( ) | 715 717 ::= | 718 | 719 | 720 | | 721 ( 722 ( | )) | 723 ( ) | 724 | | 725 | 726 ) 728 ::= 730 ::= | | 731 ( []) 733 ::= 734 ( = 737 ( )... 739 ::= ... 741 ::= ... 743 ::= 744 ::= | | | | | 746 ::= ( ) | 747 ( ) | 748 ( ) | 749 ( ) | 750 ( ) | 751 ( ) 753 ::= 754 [] [] 756 ::= 757 [] 758 [] [] 760 ::= ( ...) 761 ::= ( [] 762 [] []) | 763 ( 764 []) 766 ::= [] 767 ::= ( | ) 768 [] 769 ::= ( | ) 770 771 [] 773 ::= (( []) | 774 ( []) | 775 ( [])) 777 Figure 5: RIB rBNF grammar 779 6.1. Nexthop grammar explained 781 A nexthop is used to specify the next network element to forward the 782 traffic to. It is also used to specify how the traffic should be 783 load-balanced, protected using preference or multicasted using 784 replication. This is explicitly specified in the grammar. The 785 nexthop has recursion built-in to address complex use-cases like the 786 one defined in Section 7.2.6. 788 7. Using the RIB grammar 790 The RIB grammar is very generic and covers a variety of features. 791 This section provides examples on using objects in the RIB grammar 792 and examples to program certain use cases. 794 7.1. Using route preference 796 Using route preference a client can pre-install alternate paths in 797 the network. For example, if OSPF has a route preference of 10, then 798 another client can install a route with route preference of 20 to the 799 same destination. The OSPF route will get precedence and will get 800 installed in the FIB. When the OSPF route is withdrawn, the 801 alternate path will get installed in the FIB. 803 Route preference can also be used to prevent denial of service 804 attacks by installing routes with the best preference, which either 805 drops the offending traffic or routes it to some monitoring/analysis 806 station. Since the routes are installed with the best preference, 807 they will supersede any route installed by any other protocol. 809 7.2. Using different nexthops types 811 The RIB grammar allows one to create a variety of nexthops. This 812 section describes uses for certain types of nexthops. 814 7.2.1. Tunnel nexthops 816 A tunnel nexthop points to a tunnel of some kind. Traffic that goes 817 over the tunnel gets encapsulated with the tunnel encap. Tunnel 818 nexthops are useful for abstracting out details of the network, by 819 having the traffic seamlessly route between network edges. At the 820 end of a tunnel, the tunnel will get decapsulated. Thus the grammar 821 supports two kinds of operations, one for encap and another for 822 decap. 824 7.2.2. Replication lists 826 One can create a replication list for replicating traffic to multiple 827 destinations. The destinations, in turn, could be derived nexthops 828 in themselves - at a level supported by the network device. Point to 829 multipoint and broadcast are examples that involve replication. 831 A replication list (at the simplest level) can be represented as: 833 ::= [ ... ] 835 The above can be derived from the grammar as follows: 837 ::= 838 ::= ... 840 7.2.3. Weighted lists 842 A weighted list is used to load-balance traffic among a set of 843 nexthops. From a modeling perspective, a weighted list is very 844 similar to a replication list, with the difference that each member 845 nexthop MUST have a NEXTHOP_LB_WEIGHT associated with it. 847 A weighted list (at the simplest level) can be represented as: 849 ::= ( ) 850 [( )... ] 852 The above can be derived from the grammar as follows: 854 ::= 855 ::= 856 857 ( ) ... 858 ::= ( ) 859 ( ) ... 861 7.2.4. Protection 863 A primary/backup protection can be represented as: 865 ::= <1> 866 <2> ) 868 The above can be derived from the grammar as follows: 870 ::= 871 ::= ( 872 ( )...) 873 ::= ( 874 ( )) 875 ::= (( 876 ( )) 877 ::= (<1> 878 (<2> )) 880 Traffic can be load-balanced among multiple primary nexthops and a 881 single backup. In such a case, the nexthop will look like: 883 ::= (<1> 884 ( 885 ( 886 ( ) ...)) 887 <2> ) 889 A backup can also have another backup. In such a case, the list will 890 look like: 892 ::= (<1> 893 <2> (<1> <2> )) 895 7.2.5. Nexthop chains 897 A nexthop chain is a way to perform multiple operations on a packet 898 by logically combining them. For example, when a VPN packet comes on 899 the WAN interface and has to be forwarded to the correct VPN 900 interface, one needs to POP the VPN label before sending the packet 901 out. Using a nexthop chain, one can chain together "pop MPLS header" 902 and "send it out a specific EGRESS_INTERFACE". 904 The above example can be derived from the grammar as follows: 906 ::= 907 ::= 908 ::= 909 ::= ( ) 911 Elements in a nexthop-chain are evaluated left to right. 913 A nexthop chain can also be used to put one or more headers on an 914 outgoing packet. One example is a Pseudowire - which is MPLS over 915 some transport (MPLS or GRE for instance). Another example is VxLAN 916 over IP. A nexthop chain thus allows an external entity to break up 917 the programming of the nexthop into independent pieces - one per 918 encapsulation. 920 A simple example of MPLS over GRE can be represented as: 922 ::= ( ) ( ) 923 925 The above can be derived from the grammar as follows: 927 ::= 928 ::= 929 ::= 930 ::= ( ) ( ) 931 933 7.2.6. Lists of lists 935 Lists of lists is a derived construct. One example of usage of such 936 a construct is to replicate traffic to multiple destinations, with 937 load balancing. In other words, for each branch of the replication 938 tree, there are multiple interfaces on which traffic needs to be 939 load-balanced on. So the outer list is a replication list for 940 multicast and the inner lists are weighted lists for load balancing. 941 Lets take an example of a network element has to replicate traffic to 942 two other network elements. Traffic to the first network element 943 should be load balanced equally over two interfaces outgoing-1-1 and 944 outgoing-1-2. Traffic to the second network element should be load 945 balanced over three interfaces outgoing-2-1, outgoing-2-2 and 946 outgoing-2-3 in the ratio 20:20:60. 948 This can be derived from the grammar as follows: 950 ::= 951 ::= ( ...) 952 ::= ( ) 953 ::= (( ) 954 ( )) 955 ::= (( 956 ( 957 ( ) ...)) 958 (( 959 ( 960 ( ) ...)) 961 ::= (( 962 ( 963 ( ))) 964 (( 965 ( 966 ( ) 967 ( ))) 968 ::= (( 969 ( ) 970 ( ))) 971 (( 972 ( ) 973 ( ) 974 ( ))) 975 ::= 976 (( 977 (50 ) 978 (50 ))) 979 (( 980 (20 ) 981 (20 ) 982 (60 ))) 984 7.3. Performing multicast 986 IP multicast involves matching a packet on (S, G) or (*, G), where 987 both S (source) and G (group) are IP prefixes. Following the match, 988 the packet is replicated to one or more recipients. How the 989 recipients subscribe to the multicast group is outside the scope of 990 this document. 992 In PIM-based multicast, the packets are IP forwarded on an IP 993 multicast tree. The downstream nodes on each point in the multicast 994 tree is one or more IP addresses. These can be represented as a 995 replication list ( Section 7.2.2 ). 997 In MPLS-based multicast, the packets are forwarded on a point to 998 multipoint (P2MP) label-switched path (LSP). The nexthop for a P2MP 999 LSP can be represented in the nexthop grammar as a 1000 (P2MP LSP identifier) or a replication list ( Section 7.2.2) of 1001 , with each tunnel encap representing a single mpls 1002 downstream nexthop. 1004 8. RIB operations at scale 1006 This section discusses the scale requirements for a RIB data-model. 1007 The RIB data-model should be able to handle large scale of 1008 operations, to enable deployment of RIB applications in large 1009 networks. 1011 8.1. RIB reads 1013 Bulking (grouping of multiple objects in a single message) MUST be 1014 supported when a network device sends RIB data to an external entity. 1015 Similarly the data model MUST enable a RIB client to request data in 1016 bulk from a network device. 1018 8.2. RIB writes 1020 Bulking (grouping of multiple write operations in a single message) 1021 MUST be supported when an external entity wants to write to the RIB. 1022 The response from the network device MUST include a return-code for 1023 each write operation in the bulk message. 1025 8.3. RIB events and notifications 1027 There can be cases where a single network event results in multiple 1028 events and/or notifications from the network device to an external 1029 entity. On the other hand, due to timing of multiple things 1030 happening at the same time, a network device might have to send 1031 multiple events and/or notifications to an external entity. The 1032 network device originated event/notification message MUST support 1033 bulking of multiple events and notifications in a single message. 1035 9. Security Considerations 1037 The Informational module specified in this document defines a schema 1038 for data models that are designed to be accessed via network 1039 management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. 1040 The lowest NETCONF layer is the secure transport layer, and the 1041 mandatory-to-implement secure transport is Secure Shell (SSH) 1042 [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to- 1043 implement secure transport is TLS [RFC5246]. 1045 The NETCONF access control model [RFC6536] provides the means to 1046 restrict access for particular NETCONF or RESTCONF users to a 1047 preconfigured subset of all available NETCONF or RESTCONF protocol 1048 operations and content. 1050 The RIB info model specifies read and write operations to network 1051 devices. These network devices might be considered sensitive or 1052 vulnerable in some network environments. Write operations to these 1053 network devices without proper protection can have a negative effect 1054 on network operations. Due to this factor, it is recommended that 1055 data models also consider the following in their design: 1057 o Require utilization of the authentication and authorization 1058 features of the NETCONF or RESTCONF suite of protocols. 1059 o Augment the limits on how much data can be written or updated by a 1060 remote entity built to include enough protection for a RIB model. 1061 o Expose the specific RIB model implemented via NETCONF/RESTCONF 1062 data models. 1064 10. IANA Considerations 1066 This document does not generate any considerations for IANA. 1068 11. Acknowledgements 1070 The authors would like to thank Ron Folkes, Jeffrey Zhang, the 1071 working group co-chairs and reviewers on their comments and 1072 suggestions on this draft. The following people contributed to the 1073 design of the RIB model as part of the I2RS Interim meeting in April 1074 2013 - Wes George, Chris Liljenstolpe, Jeff Tantsura, Susan Hares and 1075 Fabian Schneider. 1077 12. References 1079 12.1. Normative References 1081 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1082 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1083 RFC2119, March 1997, 1084 . 1086 12.2. Informative References 1088 [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. 1089 Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", 1090 RFC 4915, DOI 10.17487/RFC4915, June 2007, 1091 . 1093 [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi 1094 Topology (MT) Routing in Intermediate System to 1095 Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/ 1096 RFC5120, February 2008, 1097 . 1099 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1100 (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ 1101 RFC5246, August 2008, 1102 . 1104 [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax 1105 Used to Form Encoding Rules in Various Routing Protocol 1106 Specifications", RFC 5511, DOI 10.17487/RFC5511, 1107 April 2009, . 1109 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1110 and A. Bierman, Ed., "Network Configuration Protocol 1111 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1112 . 1114 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1115 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1116 . 1118 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1119 Protocol (NETCONF) Access Control Model", RFC 6536, 1120 DOI 10.17487/RFC6536, March 2012, 1121 . 1123 [RFC7920] Atlas, A., Ed., Nadeau, T., Ed., and D. Ward, "Problem 1124 Statement for the Interface to the Routing System", 1125 RFC 7920, DOI 10.17487/RFC7920, June 2016, 1126 . 1128 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1129 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1130 . 1132 Authors' Addresses 1134 Nitin Bahadur (editor) 1135 Uber 1136 900 Arastradero Rd 1137 Palo Alto, CA 94304 1138 US 1140 Email: nitin_bahadur@yahoo.com 1142 Sriganesh Kini (editor) 1144 Email: sriganeshkini@gmail.com 1146 Jan Medved 1147 Cisco 1149 Email: jmedved@cisco.com