idnits 2.17.1 draft-ietf-i2rs-rib-info-model-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 441 has weird spacing: '... base load...' == Line 458 has weird spacing: '...thop-id egres...' == Line 466 has weird spacing: '...l-encap tunne...' -- The document date (May 7, 2018) is 2153 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-15) exists of draft-ietf-i2rs-rib-data-model-14 -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group N. Bahadur, Ed. 3 Internet-Draft Uber 4 Intended status: Informational S. Kini, Ed. 5 Expires: November 8, 2018 6 J. Medved 7 Cisco 8 May 7, 2018 10 Routing Information Base Info Model 11 draft-ietf-i2rs-rib-info-model-17 13 Abstract 15 Routing and routing functions in enterprise and carrier networks are 16 typically performed by network devices (routers and switches) using a 17 routing information base (RIB). Protocols and configuration push 18 data into the RIB and the RIB manager installs state into the 19 hardware for packet forwarding. This draft specifies an information 20 model for the RIB to enable defining a standardized data model, and 21 it was used by the IETF's I2RS WG to design the I2RS RIB data model. 22 It is being published to record the higher-level informational model 23 decisions for RIBs so that other developers of RIBs may benefit from 24 the design concepts. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on November 8, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 1.1. Conventions used in this document . . . . . . . . . . . . 5 62 2. RIB data . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 2.1. RIB definition . . . . . . . . . . . . . . . . . . . . . . 6 64 2.2. Routing instance . . . . . . . . . . . . . . . . . . . . . 6 65 2.3. Route . . . . . . . . . . . . . . . . . . . . . . . . . . 7 66 2.4. Nexthop . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 2.4.1. Base nexthop . . . . . . . . . . . . . . . . . . . . . 12 68 2.4.2. Derived nexthops . . . . . . . . . . . . . . . . . . . 13 69 2.4.3. Nexthop indirection . . . . . . . . . . . . . . . . . 15 70 3. Reading from the RIB . . . . . . . . . . . . . . . . . . . . . 15 71 4. Writing to the RIB . . . . . . . . . . . . . . . . . . . . . . 15 72 5. Notifications . . . . . . . . . . . . . . . . . . . . . . . . 16 73 6. RIB grammar . . . . . . . . . . . . . . . . . . . . . . . . . 16 74 6.1. Nexthop grammar explained . . . . . . . . . . . . . . . . 19 75 7. Using the RIB grammar . . . . . . . . . . . . . . . . . . . . 19 76 7.1. Using route preference . . . . . . . . . . . . . . . . . . 19 77 7.2. Using different nexthops types . . . . . . . . . . . . . . 20 78 7.2.1. Tunnel nexthops . . . . . . . . . . . . . . . . . . . 20 79 7.2.2. Replication lists . . . . . . . . . . . . . . . . . . 20 80 7.2.3. Weighted lists . . . . . . . . . . . . . . . . . . . . 21 81 7.2.4. Protection . . . . . . . . . . . . . . . . . . . . . . 21 82 7.2.5. Nexthop chains . . . . . . . . . . . . . . . . . . . . 22 83 7.2.6. Lists of lists . . . . . . . . . . . . . . . . . . . . 23 84 7.3. Performing multicast . . . . . . . . . . . . . . . . . . . 24 85 8. RIB operations at scale . . . . . . . . . . . . . . . . . . . 25 86 8.1. RIB reads . . . . . . . . . . . . . . . . . . . . . . . . 25 87 8.2. RIB writes . . . . . . . . . . . . . . . . . . . . . . . . 25 88 8.3. RIB events and notifications . . . . . . . . . . . . . . . 25 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25 90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 91 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26 92 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 93 12.1. Normative References . . . . . . . . . . . . . . . . . . . 26 94 12.2. Informative References . . . . . . . . . . . . . . . . . . 27 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 97 1. Introduction 99 Routing and routing functions in enterprise and carrier networks are 100 traditionally performed in network devices. Traditionally routers 101 run routing protocols and the routing protocols (along with static 102 configuration information) populate the Routing Information Base 103 (RIB) of the router. The RIB is managed by the RIB manager and the 104 RIB manager provides a northbound interface to its clients, i.e., the 105 routing protocols, to insert routes into the RIB. The RIB manager 106 consults the RIB and decides how to program the Forwarding 107 Information Base (FIB) of the hardware by interfacing with the FIB 108 manager. The relationship between these entities is shown in 109 Figure 1. 111 +-------------+ +-------------+ 112 |RIB client 1 | ...... |RIB client N | 113 +-------------+ +-------------+ 114 ^ ^ 115 | | 116 +----------------------+ 117 | 118 V 119 +---------------------+ 120 | RIB manager | 121 | | 122 | +--------+ | 123 | | RIB(s) | | 124 | +--------+ | 125 +---------------------+ 126 ^ 127 | 128 +---------------------------------+ 129 | | 130 V V 131 +----------------+ +----------------+ 132 | FIB manager 1 | | FIB manager M | 133 | +--------+ | .......... | +--------+ | 134 | | FIB(s) | | | | FIB(s) | | 135 | +--------+ | | +--------+ | 136 +----------------+ +----------------+ 138 Figure 1: RIB manager, RIB clients, and FIB managers 140 Routing protocols are inherently distributed in nature and each 141 router makes an independent decision based on the routing data 142 received from its peers. With the advent of newer deployment 143 paradigms and the need for specialized applications, there is an 144 emerging need to guide the router's routing function [RFC7920]. 146 Traditional network-device protocol-based RIB population suffices for 147 most use cases where distributed network control is used. However 148 there are use cases that the network operators currently address by 149 configuring static routes, policies, and RIB import/export rules on 150 the routers. There is also a growing list of use cases in which a 151 network operator might want to program the RIB based on data 152 unrelated to just routing (within that network's domain). 153 Programming the RIB could be based on other information such as 154 routing data in the adjacent domain or the load on storage and 155 compute in the given domain. Or it could simply be a programmatic 156 way of creating on-demand dynamic overlays (e.g., GRE tunnels) 157 between compute hosts (without requiring the hosts to run traditional 158 routing protocols). If there was a standardized publicly-documented, 159 programmatic interface to a RIB, it would enable further networking 160 applications that address a variety of use cases [RFC7920]. 162 A programmatic interface to the RIB involves 2 types of operations - 163 reading from the RIB and writing (adding/modifying/deleting) to the 164 RIB. 166 In order to understand what is in a router's RIB, methods like per- 167 protocol SNMP MIBs and screen scraping are used. These methods are 168 not scalable, since they are client pull mechanisms and not proactive 169 push (from the router) mechanisms. Screen scraping is error prone 170 (since the output format can change) and is vendor dependent. 171 Building a RIB from per-protocol MIBs is error prone since the MIB 172 data represent protocol data and not the exact information that went 173 into the RIB. Thus, just getting read-only RIB information from a 174 router is a hard task. 176 Adding content to the RIB from a RIB client can be done today using 177 static configuration mechanisms provided by router vendors. However 178 the mix of what can be modified in the RIB varies from vendor to 179 vendor and the method of configuring it is also vendor dependent. 180 This makes it hard for a RIB client to program a multi-vendor network 181 in a consistent and vendor-independent way. 183 The purpose of this draft is to specify an information model for the 184 RIB. Using the information model, one can build a detailed data 185 model for the RIB. That data model could then be used by a RIB 186 client to program a network device. One data model that has been 187 based on this draft is the I2RS RIB data model 188 [I-D.ietf-i2rs-rib-data-model]. 190 The rest of this document is organized as follows. Section 2 goes 191 into the details of what constitutes and can be programmed in a RIB. 192 Guidelines for reading and writing the RIB are provided in Section 3 193 and Section 4 respectively. Section 5 provides a high-level view of 194 the events and notifications going from a network device to a RIB 195 client, to update the RIB client on asynchronous events. The RIB 196 grammar is specified in Section 6. Examples of using the RIB grammar 197 are shown in Section 7. Section 8 covers considerations for 198 performing RIB operations at scale. 200 1.1. Conventions used in this document 202 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 203 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 204 "OPTIONAL" in this document are to be interpreted as described in BCP 205 14 [RFC2119] [RFC8174] when, and only when, they appear in all 206 capitals, as shown here. 208 2. RIB data 210 This section describes the details of a RIB. It makes forward 211 references to objects in the RIB grammar (Section 6). A high-level 212 description of the RIB contents is as shown in Figure 2. Please note 213 that for ease of ASCII art representation this drawing shows a single 214 routing-instance, a single RIB, and a single route. Sub-sections of 215 this section describe the logical data nodes that should be contained 216 within a RIB. Section 3 and Section 4 describe the high-level read 217 and write operations. 219 network-device 220 | 221 | 0..N 222 | 223 routing-instance(s) 224 | | 225 | | 226 0..N | | 0..N 227 | | 228 interface(s) RIB(s) 229 | 230 | 231 | 0..N 232 | 233 route(s) 235 Figure 2: RIB model 237 2.1. RIB definition 239 A RIB, in the context of the RIB information model, is an entity that 240 contains routes. It is identified by its name and is contained 241 within a routing instance (Section 2.2). A network device MAY 242 contain routing instances and each routing instance MAY contain RIBs. 243 The name MUST be unique within a routing instance. All routes in a 244 given RIB MUST be of the same address family (e.g., IPv4). Each RIB 245 MUST belong to a routing instance. 247 A routing instance may contain two or more RIBs of the same address 248 family (e.g., IPv6). A typical case where this can be used is for 249 multi-topology routing ([RFC4915], [RFC5120]). 251 Each RIB MAY be associated with an ENABLE_IP_RPF_CHECK attribute that 252 enables REVERSE PATH FORWARDING (RPF) checks on all IP routes in that 253 RIB. The RPF check is used to prevent spoofing and limit malicious 254 traffic. For IP packets, the IP source address is looked up and the 255 RPF interface(s) associated with the route for that IP source address 256 is found. If the incoming IP packet's interface matches one of the 257 RPF interface(s), then the IP packet is forwarded based on its IP 258 destination address; otherwise, the IP packet is discarded. 260 2.2. Routing instance 262 A routing instance, in the context of the RIB information model, is a 263 collection of RIBs, interfaces, and routing parameters. A routing 264 instance creates a logical slice of the router. It allows different 265 logical slices across a set of routers to communicate with each 266 other. Layer 3 Virtual Private Networks (VPN), Layer 2 VPNs (L2VPN) 267 and Virtual Private Lan Service (VPLS) can be modeled as routing 268 instances. Note that modeling a Layer 2 VPN using a routing instance 269 only models the Layer-3 (RIB) aspect and does not model any layer-2 270 information (like ARP) that might be associated with the L2VPN. 272 The set of interfaces indicates which interfaces are associated with 273 this routing instance. The RIBs specify how incoming traffic is to 274 be forwarded, and the routing parameters control the information in 275 the RIBs. The intersection set of interfaces of 2 routing instances 276 MUST be the null set. In other words, an interface MUST NOT be 277 present in 2 routing instances. Thus a routing instance describes 278 the routing information and parameters across a set of interfaces. 280 A routing instance MUST contain the following mandatory fields: 282 o INSTANCE_NAME: A routing instance is identified by its name, 283 INSTANCE_NAME. This MUST be unique across all routing instances 284 in a given network device. 286 o rib-list: This is the list of RIBs associated with this routing 287 instance. Each routing instance can have multiple RIBs to 288 represent routes of different types. For example, one would put 289 IPv4 routes in one RIB and MPLS routes in another RIB. The list 290 of RIBs can be an empty list. 292 A routing instance MAY contain the following fields: 294 o interface-list: This represents the list of interfaces associated 295 with this routing instance. The interface list helps constrain 296 the boundaries of packet forwarding. Packets coming in on these 297 interfaces are directly associated with the given routing 298 instance. The interface list contains a list of identifiers, with 299 each identifier uniquely identifying an interface. 301 o ROUTER_ID: This field identifies the network device in control 302 plane interactions with other network devices. This field is to 303 be used if one wants to virtualize a physical router into multiple 304 virtual routers. Each virtual router MUST have a unique 305 ROUTER_ID. ROUTER_ID MUST be unique across all network devices in 306 a given domain. 308 A routing instance may be created purely for the purposes of packet 309 processing and may not have any interfaces associated with it. For 310 example, an incoming packet in routing instance A might have a 311 nexthop of routing instance B and after packet processing in B, the 312 nexthop might be routing instance C. Thus, routing instance B is not 313 associated with any interface. And given that this routing instance 314 does not do any control plane interaction with other network devices, 315 a ROUTER_ID is also not needed. 317 2.3. Route 319 A route is essentially a match condition and an action following the 320 match. The match condition specifies the kind of route (IPv4, MPLS, 321 etc.) and the set of fields to match on. Figure 3 represents the 322 overall contents of a route. Please note that for ease of depiction 323 in ASCII art only a single instance of the route attribute, match 324 flags, or nexthop is depicted. 326 route 327 | | | 328 +---------+ | +----------+ 329 | | | 330 0..N | | | 332 route-attribute match nexthop 333 | 334 | 335 +-------+-------+-------+--------+ 336 | | | | | 337 | | | | | 339 IPv4 IPv6 MPLS MAC Interface 341 Figure 3: Route model 343 This document specifies the following match types: 345 o IPv4: Match on destination and/or source IP address in the IPv4 346 header 348 o IPv6: Match on destination and/or source IP address in the IPv6 349 header 351 o MPLS: Match on an MPLS label at the top of the MPLS label stack 353 o MAC: Match on MAC destination addresses in the Ethernet header 355 o Interface: Match on incoming interface of the packet 357 A route MAY be matched on one or more these match types by policy as 358 either an "AND" (to restrict the number of routes) or an "OR" (to 359 combine two filters). 361 Each route MUST have associated with it the following mandatory route 362 attributes: 364 o ROUTE_PREFERENCE: This is a numerical value that allows for 365 comparing routes from different protocols. Static configuration 366 is also considered a protocol for the purpose of this field. It 367 is also known as administrative-distance. The lower the value, 368 the higher the preference. For example there can be an OSPF route 369 for 192.0.2.1/32 (or IPv6 2001:DB8::1/128) with a preference of 5. 371 If a controller programs a route for 192.0.2.1/32 (or IPv6 2001: 372 DB8::1/128) with a preference of 2, then the controller's route 373 will be preferred by the RIB manager. Preference should be used 374 to dictate behavior. For more examples of preference, see 375 Section 7.1. 377 Each route can have associated with it one or more optional route 378 attributes. 380 o route-vendor-attributes: Vendors can specify vendor-specific 381 attributes using this. The details of this attribute is outside 382 the scope of this document. 384 Each route has associated with it a nexthop. Nexthop is described in 385 Section 2.4. 387 Additional features to match multicast packets were considered (e.g., 388 TTL of the packet to limit the range of a multicast group), but these 389 were not added to this information model. Future RIB information 390 models should investigate these multicast features. 392 2.4. Nexthop 394 A nexthop represents an object resulting from a route lookup. For 395 example, if a route lookup results in sending the packet out a given 396 interface, then the nexthop represents that interface. 398 Nexthops can be fully resolved nexthops or unresolved nexthop. A 399 resolved nexthop has adequate information to send the outgoing packet 400 to the destination by forwarding it on an interface to a directly 401 connected neighbor. For example, a nexthop to a point-to-point 402 interface or a nexthop to an IP address on an Ethernet interface has 403 the nexthop resolved. An unresolved nexthop is something that 404 requires the RIB manager to determine the final resolved nexthop. 405 For example, a nexthop could be an IP address. The RIB manager would 406 resolve how to reach that IP address, e.g., is the IP address 407 reachable by regular IP forwarding or by an MPLS tunnel or by both. 408 If the RIB manager cannot resolve the nexthop, then the nexthop 409 remains in an unresolved state and is NOT a candidate for 410 installation in the FIB. Future RIB events can cause an unresolved 411 nexthop to get resolved (e.g., IP address being advertised by an IGP 412 neighbor). Conversely, resolved nexthops can also become unresolved 413 (e.g., in the case of a tunnel going down) and hence would no longer 414 be candidates to be installed in the FIB. 416 When at least one of a route's nexthops is resolved, then the route 417 can be used to forward packets. Such a route is considered eligible 418 to be installed in the FIB and is henceforth referred to as a FIB- 419 eligible route. Conversely, when all the nexthops of a route are 420 unresolved that route can no longer be used to forward packets. Such 421 a route is considered ineligible to be installed in the FIB and is 422 henceforth referred to as a FIB-ineligible route. The RIB 423 information model allows a RIB client to program routes whose 424 nexthops may be unresolved initially. Whenever an unresolved nexthop 425 gets resolved, the RIB manager will send a notification of the same 426 (see Section 5 ). 428 The overall structure and usage of a nexthop is as shown in the 429 figure below. For ease of ASCII art depiction, only a single 430 instance of any component of the nexthop is shown in Figure 4. 432 route 433 | 434 | 0..N 435 | 436 nexthop <-------------------------------+ 437 | | 438 +-------+----------------------------+-------------+ | 439 | | | | | | 440 | | | | | | 441 base load-balance protection replicate chain | 442 | | | | | | 443 | |2..N |2..N |2..N |1..N | 444 | | | | | | 445 | | V | | | 446 | +------------->+<------------+-------------+ | 447 | | | 448 | +-------------------------------------+ 449 | 450 +-------------------+ 451 | 452 | 453 | 454 | 455 +---------------+--------+--------+--------------+----------+ 456 | | | | | 457 | | | | | 458 nexthop-id egress-interface ip-address logical-tunnel | 459 | 460 | 461 +--------------------------------------+ 462 | 463 +--------------+----------+-------------+ 464 | | | | 465 | | | | 466 tunnel-encap tunnel-decap rib-name special-nexthop 468 Figure 4: Nexthop model 470 This document specifies a very generic, extensible, and recursive 471 grammar for nexthops. A nexthop can be a base nexthop or a derived 472 nexthop. Section 2.4.1 details base nexthops and Section 2.4.2 473 explains various kinds of derived nexthops. There are certain 474 special nexthops and those are described in Section 2.4.1.1. Lastly, 475 Section 2.4.3 delves into nexthop indirection and it's use. Examples 476 of when and how to use tunnel nexthops and derived nexthops are shown 477 in Section 7.2. 479 2.4.1. Base nexthop 481 At the lowest level, a nexthop can be one of: 483 o Identifier: This is an identifier returned by the network device 484 representing a nexthop. This can be used as a way of re-using a 485 nexthop when programming derived nexthops. 487 o Interface nexthops - nexthops pointing to an interface. Various 488 attributes associated with these nexthops are: 490 * EGRESS_INTERFACE: This represents a physical, logical, or 491 virtual interface on the network device. Address resolution 492 must not be required on this interface. This interface may 493 belong to any routing instance. 495 * IP address: A route lookup on this IP address is done to 496 determine the egress interface. Address resolution may be 497 required depending on the interface. 499 + An optional RIB name can also be specified to indicate the 500 RIB in which the IP address is to be looked up. One can use 501 the RIB name field to direct the packet from one domain into 502 another domain. By default the RIB will be the same as the 503 one that route belongs to. 505 These attributes can be used in combination as follows: 507 * EGRESS_INTERFACE and IP address: This can be used in cases, 508 e.g., where the IP address is a link-local address. 510 * EGRESS_INTERFACE and MAC address: The egress interface must be 511 an Ethernet interface. Address resolution is not required for 512 this nexthop. 514 o Tunnel nexthops - nexthops pointing to a tunnel. The types of 515 tunnel nexthops are: 517 * tunnel-encap: This can be an encapsulation representing an IP 518 tunnel or MPLS tunnel or others as defined in this document. 519 An optional egress interface can be chained to the tunnel-encap 520 to indicate which interface to send the packet out on. The 521 egress interface is useful when the network device contains 522 Ethernet interfaces and one needs to perform address resolution 523 for the IP packet. 525 * tunnel-decap: This is to specify decapsulating a tunnel header. 526 After decapsulation, further lookup on the packet can be done 527 via chaining it with another nexthop. The packet can also be 528 sent out via an EGRESS_INTERFACE directly. 530 * logical-tunnel: This can be an MPLS LSP or a GRE tunnel (or 531 others as defined in this document), that is represented by a 532 unique identifier (e.g., name). 534 o RIB_NAME: A nexthop pointing to a RIB. This indicates that the 535 route lookup needs to continue in the specified RIB. This is a 536 way to perform chained lookups. 538 Tunnel nexthops allow a RIB client to program static tunnel headers. 539 There can be cases where the remote tunnel endpoint does not support 540 dynamic signaling (e.g., no LDP support on a host) and in those cases 541 the RIB client might want to program the tunnel header on both ends 542 of the tunnel. The tunnel nexthop is kept generic with 543 specifications provided for some commonly used tunnels. It is 544 expected that the data-model will model these tunnel types with 545 complete accuracy. 547 2.4.1.1. Special nexthops 549 Special nexthops are for performing specific well-defined functions 550 (e.g., discard). The purpose of each of them is explained below: 552 o DISCARD: This indicates that the network device should drop the 553 packet and increment a drop counter. 555 o DISCARD_WITH_ERROR: This indicates that the network device should 556 drop the packet, increment a drop counter and send back an 557 appropriate error message (like ICMP error). 559 o RECEIVE: This indicates that that the traffic is destined for the 560 network device. For example, protocol packets or OAM packets. 561 All locally destined traffic SHOULD be throttled to avoid a denial 562 of service attack on the router's control plane. An optional 563 rate-limiter can be specified to indicate how to throttle traffic 564 destined for the control plane. The description of the rate- 565 limiter is outside the scope of this document. 567 2.4.2. Derived nexthops 569 Derived nexthops can be: 571 o Weighted lists - for load-balancing 573 o Preference lists - for protection using primary and backup 574 o Replication lists - list of nexthops to which to replicate a 575 packet 577 o Nexthop chains - for chaining multiple operations or attaching 578 multiple headers 580 o Lists of lists - recursive application of the above 582 Nexthop chains (See Section 7.2.5 for usage) are a way to perform 583 multiple operations on a packet by logically combining them. For 584 example, one can chain together "decapsulate MPLS header" and "send 585 it out a specific EGRESS_INTERFACE". Chains can be used to specify 586 multiple headers over a packet before a packet is forwarded. One 587 simple example is that of MPLS over GRE, wherein the packet has an 588 inner MPLS header followed by a GRE header followed by an IP header. 589 The outermost IP header is decided by the network device whereas the 590 MPLS header or GRE header are specified by the controller. Not every 591 network device will be able to support all kinds of nexthop chains 592 and an arbitrary number of headers chained together. The RIB data- 593 model SHOULD provide a way to expose nexthop chaining capability 594 supported by a given network device. 596 It is expected that all network devices will have a limit on how many 597 levels of lookup can be performed and not all hardware will be able 598 to support all kinds of nexthops. RIB capability negotiation becomes 599 very important for this reason and a RIB data-model MUST specify a 600 way for a RIB client to learn about the network device's 601 capabilities. 603 2.4.2.1. Nexthop list attributes 605 For nexthops that are of the form of a list(s), attributes can be 606 associated with each member of the list to indicate the role of an 607 individual member of the list. Two attributes are specified: 609 o NEXTHOP_PREFERENCE: This is used for protection schemes. It is an 610 integer value between 1 and 99. A lower value indicates higher 611 preference. To download a primary/standby pair to the FIB, the 612 nexthops that are resolved and have the two highest preferences 613 are selected. Each should have a unique 614 value within a (Section 6). 616 o NEXTHOP_LB_WEIGHT: This is used for load-balancing. Each list 617 member MUST be assigned a weight between 1 and 99. The weight 618 determines the proportion of traffic to be sent over a nexthop 619 used for forwarding as a ratio of the weight of this nexthop 620 divided by the weights of all the nexthops of this route that are 621 used for forwarding. To perform equal load-balancing, one MAY 622 specify a weight of "0" for all the member nexthops. The value 623 "0" is reserved for equal load-balancing and if applied, MUST be 624 applied to all member nexthops. Note: A weight of 0 is special 625 because of historical reasons. 627 2.4.3. Nexthop indirection 629 Nexthops can be identified by an identifier to create a level of 630 indirection. The identifier is set by the RIB manager and returned 631 to the RIB client on request. 633 One example of usage of indirection is a nexthop that points to 634 another network device (Eg. BGP peer). The returned nexthop 635 identifier can then be used for programming routes to point to the 636 this nexthop. Given that the RIB manager has created an indirection 637 using the nexthop identifier, if the transport path to the network 638 device (BGP peer) changes, that change in path will be seamless to 639 the RIB client and all routes that point to that network device will 640 automatically start going over the new transport path. Nexthop 641 indirection using identifiers could be applied to not just unicast 642 nexthops, but even to nexthops that contain chains and nested 643 nexthops. See (Section 2.4.2) for examples. 645 3. Reading from the RIB 647 A RIB data-model MUST allow a RIB client to read entries for RIBs 648 created by that entity. The network device administrator MAY allow 649 reading of other RIBs by a RIB client through access lists on the 650 network device. The details of access lists are outside the scope of 651 this document. 653 The data-model MUST support a full read of the RIB and subsequent 654 incremental reads of changes to the RIB. When sending data to a RIB 655 client, the RIB manager SHOULD try to send all dependencies of an 656 object prior to sending that object. 658 4. Writing to the RIB 660 A RIB data-model MUST allow a RIB client to write entries for RIBs 661 created by that entity. The network device administrator MAY allow 662 writes to other RIBs by a RIB client through access lists on the 663 network device. The details of access lists are outside the scope of 664 this document. 666 When writing an object to a RIB, the RIB client SHOULD try to write 667 all dependencies of the object prior to sending that object. The 668 data-model SHOULD support requesting identifiers for nexthops and 669 collecting the identifiers back in the response. 671 Route programming in the RIB MUST result in a return code that 672 contains the following attributes: 674 o Installed - Yes/No (Indicates whether the route got installed in 675 the FIB) 677 o Active - Yes/No (Indicates whether a route is fully resolved and 678 is a candidate for selection) 680 o Reason - e.g., Not authorized 682 The data-model MUST specify which objects can be modified. An object 683 that can be modified is one whose contents can be changed without 684 having to change objects that depend on it and without affecting any 685 data forwarding. To change a non-modifiable object, one will need to 686 create a new object and delete the old one. For example, routes that 687 use a nexthop that is identified by a nexthop identifier should be 688 unaffected when the contents of that nexthop changes. 690 5. Notifications 692 Asynchronous notifications are sent by the network device's RIB 693 manager to a RIB client when some event occurs on the network device. 694 A RIB data-model MUST support sending asynchronous notifications. A 695 brief list of suggested notifications is as below: 697 o Route change notification, with return code as specified in 698 Section 4 700 o Nexthop resolution status (resolved/unresolved) notification 702 6. RIB grammar 704 This section specifies the RIB information model in Routing Backus- 705 Naur Form [RFC5511]. This grammar is intended to help the reader 706 better understand Section 2 in order to derive a data model. 708 ::= 709 [] 710 [] 712 ::= ( ...) 713 ::= ( ...) 714 ::= 715 [ ... ] 716 [ENABLE_IP_RPF_CHECK] 717 ::= | | 718 | 720 ::= 721 [] 722 [] 724 ::= | | 725 | | 726 727 ::= | | | | 729 ::= 730 ( | | 731 ( )) 732 ::= 733 ::= 734 ::= 736 ::= 737 ( | | 738 ( )) 739 ::= 740 ::= 741 ::= 742 ::= | | 744 ::= [] 745 [] 747 ::= | 748 | 749 750 ::= <> 751 ::= <> 752 ::= <> 753 ::= <> 754 ::= | 755 ( ) | 756 ( ) | 757 ( ) | 758 760 ::= | 761 | 762 | 763 | | 764 ( 765 ( | )) | 766 ( ) | 767 | | 768 | 769 ) 771 ::= 773 ::= | | 774 ( []) 776 ::= 777 ( = 780 ( )... 782 ::= ... 784 ::= ... 786 ::= 787 ::= | | | | | 789 ::= ( ) | 790 ( ) | 791 ( ) | 792 ( ) | 793 ( ) | 794 ( ) 796 ::= 797 [] [] 799 ::= 800 [] 801 [] [] 803 ::= ( ...) 804 ::= ( [] 805 [] []) | 806 ( 807 []) 809 ::= [] 810 ::= ( | ) 811 [] 812 ::= ( | ) 813 814 [] 816 ::= (( []) | 817 ( []) | 818 ( [])) 820 Figure 5: RIB rBNF grammar 822 6.1. Nexthop grammar explained 824 A nexthop is used to specify the next network element to forward the 825 traffic to. It is also used to specify how the traffic should be 826 load-balanced, protected using preference, or multicast using 827 replication. This is explicitly specified in the grammar. The 828 nexthop has recursion built-in to address complex use cases like the 829 one defined in Section 7.2.6. 831 7. Using the RIB grammar 833 The RIB grammar is very generic and covers a variety of features. 834 This section provides examples on using objects in the RIB grammar 835 and examples to program certain use cases. 837 7.1. Using route preference 839 Using route preference a client can pre-install alternate paths in 840 the network. For example, if OSPF has a route preference of 10, then 841 another client can install a route with route preference of 20 to the 842 same destination. The OSPF route will get precedence and will get 843 installed in the FIB. When the OSPF route is withdrawn, the 844 alternate path will get installed in the FIB. 846 Route preference can also be used to prevent denial of service 847 attacks by installing routes with the best preference, which either 848 drops the offending traffic or routes it to some monitoring/analysis 849 station. Since the routes are installed with the best preference, 850 they will supersede any route installed by any other protocol. 852 7.2. Using different nexthops types 854 The RIB grammar allows one to create a variety of nexthops. This 855 section describes uses for certain types of nexthops. 857 7.2.1. Tunnel nexthops 859 A tunnel nexthop points to a tunnel of some kind. Traffic that goes 860 over the tunnel gets encapsulated with the tunnel-encap. Tunnel 861 nexthops are useful for abstracting out details of the network, by 862 having the traffic seamlessly route between network edges. At the 863 end of a tunnel, the tunnel will get decapsulated. Thus the grammar 864 supports two kinds of operations, one for encapsulation and another 865 for decapsulation. 867 7.2.2. Replication lists 869 One can create a replication list for replicating traffic to multiple 870 destinations. The destinations, in turn, could be derived nexthops 871 in themselves - at a level supported by the network device. Point to 872 multipoint and broadcast are examples that involve replication. 874 A replication list (at the simplest level) can be represented as: 876 ::= [ ... ] 878 The above can be derived from the grammar as follows: 880 ::= 881 ::= ... 883 7.2.3. Weighted lists 885 A weighted list is used to load-balance traffic among a set of 886 nexthops. From a modeling perspective, a weighted list is very 887 similar to a replication list, with the difference that each member 888 nexthop MUST have a NEXTHOP_LB_WEIGHT associated with it. 890 A weighted list (at the simplest level) can be represented as: 892 ::= ( ) 893 [( )... ] 895 The above can be derived from the grammar as follows: 897 ::= 898 ::= 899 900 ( ) ... 901 ::= ( ) 902 ( ) ... 904 7.2.4. Protection 906 A primary/backup protection can be represented as: 908 ::= <1> 909 <2> ) 911 The above can be derived from the grammar as follows: 913 ::= 914 ::= ( 915 ( )...) 916 ::= ( 917 ( )) 918 ::= (( 919 ( )) 920 ::= (<1> 921 (<2> )) 923 Traffic can be load-balanced among multiple primary nexthops and a 924 single backup. In such a case, the nexthop will look like: 926 ::= (<1> 927 ( 928 ( 929 ( ) ...)) 930 <2> ) 932 A backup can also have another backup. In such a case, the list will 933 look like: 935 ::= (<1> 936 <2> (<1> <2> )) 938 7.2.5. Nexthop chains 940 A nexthop chain is a way to perform multiple operations on a packet 941 by logically combining them. For example, when a VPN packet comes on 942 the WAN interface and has to be forwarded to the correct VPN 943 interface, one needs to POP the VPN label before sending the packet 944 out. Using a nexthop chain, one can chain together "pop MPLS header" 945 and "send it out a specific EGRESS_INTERFACE". 947 The above example can be derived from the grammar as follows: 949 ::= 950 ::= 951 ::= 952 ::= ( ) 954 Elements in a nexthop-chain are evaluated left to right. 956 A nexthop chain can also be used to put one or more headers on an 957 outgoing packet. One example is a Pseudowire - which is MPLS over 958 some transport (MPLS or GRE for instance). Another example is VxLAN 959 over IP. A nexthop chain thus allows a RIB client to break up the 960 programming of the nexthop into independent pieces - one per 961 encapsulation. 963 A simple example of MPLS over GRE can be represented as: 965 ::= ( ) ( ) 966 968 The above can be derived from the grammar as follows: 970 ::= 971 ::= 972 ::= 973 ::= ( ) ( ) 974 976 7.2.6. Lists of lists 978 Lists of lists is a derived construct. One example of usage of such 979 a construct is to replicate traffic to multiple destinations, with 980 load balancing. In other words for each branch of the replication 981 tree, there are multiple interfaces on which traffic needs to be 982 load-balanced on. So the outer list is a replication list for 983 multicast and the inner lists are weighted lists for load balancing. 984 Let's take an example of a network element has to replicate traffic 985 to two other network elements. Traffic to the first network element 986 should be load balanced equally over two interfaces outgoing-1-1 and 987 outgoing-1-2. Traffic to the second network element should be load 988 balanced over three interfaces outgoing-2-1, outgoing-2-2 and 989 outgoing-2-3 in the ratio 20:20:60. 991 This can be derived from the grammar as follows: 993 ::= 994 ::= ( ...) 995 ::= ( ) 996 ::= (( ) 997 ( )) 998 ::= (( 999 ( 1000 ( ) ...)) 1001 (( 1002 ( 1003 ( ) ...)) 1004 ::= (( 1005 ( 1006 ( ))) 1007 (( 1008 ( 1009 ( ) 1010 ( ))) 1011 ::= (( 1012 ( ) 1013 ( ))) 1014 (( 1015 ( ) 1016 ( ) 1017 ( ))) 1018 ::= 1019 (( 1020 (50 ) 1021 (50 ))) 1022 (( 1023 (20 ) 1024 (20 ) 1025 (60 ))) 1027 7.3. Performing multicast 1029 IP multicast involves matching a packet on (S, G) or (*, G), where 1030 both S (source) and G (group) are IP prefixes. Following the match, 1031 the packet is replicated to one or more recipients. How the 1032 recipients subscribe to the multicast group is outside the scope of 1033 this document. 1035 In PIM-based multicast, the packets are IP forwarded on an IP 1036 multicast tree. The downstream nodes on each point in the multicast 1037 tree is one or more IP addresses. These can be represented as a 1038 replication list ( Section 7.2.2 ). 1040 In MPLS-based multicast, the packets are forwarded on a point to 1041 multipoint (P2MP) label-switched path (LSP). The nexthop for a P2MP 1042 LSP can be represented in the nexthop grammar as a 1043 (P2MP LSP identifier) or a replication list ( Section 7.2.2) of 1044 , with each tunnel encap representing a single mpls 1045 downstream nexthop. 1047 8. RIB operations at scale 1049 This section discusses the scale requirements for a RIB data-model. 1050 The RIB data-model should be able to handle large scale of operations 1051 to enable deployment of RIB applications in large networks. 1053 8.1. RIB reads 1055 Bulking (grouping of multiple objects in a single message) MUST be 1056 supported when a network device sends RIB data to a RIB client. 1057 Similarly the data model MUST enable a RIB client to request data in 1058 bulk from a network device. 1060 8.2. RIB writes 1062 Bulking (grouping of multiple write operations in a single message) 1063 MUST be supported when a RIB client wants to write to the RIB. The 1064 response from the network device MUST include a return-code for each 1065 write operation in the bulk message. 1067 8.3. RIB events and notifications 1069 There can be cases where a single network event results in multiple 1070 events and/or notifications from the network device to a RIB client. 1071 On the other hand, due to timing of multiple things happening at the 1072 same time, a network device might have to send multiple events and/or 1073 notifications to a RIB client. The network device originated event/ 1074 notification message MUST support bulking of multiple events and 1075 notifications in a single message. 1077 9. Security Considerations 1079 The Informational module specified in this document defines a schema 1080 for data models that are designed to be accessed via network 1081 management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. 1082 The lowest NETCONF layer is the secure transport layer, and the 1083 mandatory-to-implement secure transport is Secure Shell (SSH) 1085 [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to- 1086 implement secure transport is TLS [RFC5246]. 1088 The NETCONF access control model [RFC8341] provides the means to 1089 restrict access for particular NETCONF or RESTCONF users to a 1090 preconfigured subset of all available NETCONF or RESTCONF protocol 1091 operations and content. 1093 The RIB info model specifies read and write operations to network 1094 devices. These network devices might be considered sensitive or 1095 vulnerable in some network environments. Write operations to these 1096 network devices without proper protection can have a negative effect 1097 on network operations. Due to this factor, it is recommended that 1098 data models also consider the following in their design: 1100 o Require utilization of the authentication and authorization 1101 features of the NETCONF or RESTCONF suite of protocols. 1103 o Augment the limits on how much data can be written or updated by a 1104 remote entity built to include enough protection for a RIB model. 1106 o Expose the specific RIB model implemented via NETCONF/RESTCONF 1107 data models. 1109 10. IANA Considerations 1111 This document does not generate any considerations for IANA. 1113 11. Acknowledgements 1115 The authors would like to thank Ron Folkes, Jeffrey Zhang, the 1116 working group co-chairs, and reviewers for their comments and 1117 suggestions on this draft. The following people contributed to the 1118 design of the RIB model as part of the I2RS Interim meeting in April 1119 2013 - Wes George, Chris Liljenstolpe, Jeff Tantsura, Susan Hares, 1120 and Fabian Schneider. 1122 12. References 1124 12.1. Normative References 1126 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1127 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1128 RFC2119, March 1997, 1129 . 1131 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1132 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1133 May 2017, . 1135 12.2. Informative References 1137 [I-D.ietf-i2rs-rib-data-model] 1138 Wang, L., Chen, M., Dass, A., Ananthakrishnan, H., Kini, 1139 S., and N. Bahadur, "A YANG Data Model for Routing 1140 Information Base (RIB)", draft-ietf-i2rs-rib-data-model-14 1141 (work in progress), May 2018. 1143 [RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P. 1144 Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF", 1145 RFC 4915, DOI 10.17487/RFC4915, June 2007, 1146 . 1148 [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi 1149 Topology (MT) Routing in Intermediate System to 1150 Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/ 1151 RFC5120, February 2008, 1152 . 1154 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1155 (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ 1156 RFC5246, August 2008, 1157 . 1159 [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax 1160 Used to Form Encoding Rules in Various Routing Protocol 1161 Specifications", RFC 5511, DOI 10.17487/RFC5511, 1162 April 2009, . 1164 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1165 and A. Bierman, Ed., "Network Configuration Protocol 1166 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1167 . 1169 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1170 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1171 . 1173 [RFC7920] Atlas, A., Ed., Nadeau, T., Ed., and D. Ward, "Problem 1174 Statement for the Interface to the Routing System", 1175 RFC 7920, DOI 10.17487/RFC7920, June 2016, 1176 . 1178 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1179 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1180 . 1182 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1183 Access Control Model", STD 91, RFC 8341, DOI 10.17487/ 1184 RFC8341, March 2018, 1185 . 1187 Authors' Addresses 1189 Nitin Bahadur (editor) 1190 Uber 1191 900 Arastradero Rd 1192 Palo Alto, CA 94304 1193 US 1195 Email: nitin_bahadur@yahoo.com 1197 Sriganesh Kini (editor) 1199 Email: sriganeshkini@gmail.com 1201 Jan Medved 1202 Cisco 1204 Email: jmedved@cisco.com