idnits 2.17.1 draft-ietf-lsr-ospf-bfd-strict-mode-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 30, 2020) is 1206 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Link State Routing K. Talaulikar 3 Internet-Draft P. Psenak 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: July 3, 2021 A. Fu 6 Bloomberg 7 M. Rajesh 8 Juniper Networks 9 December 30, 2020 11 OSPF Strict-Mode for BFD 12 draft-ietf-lsr-ospf-bfd-strict-mode-02 14 Abstract 16 This document specifies the extensions to OSPF that enable an OSPF 17 router to signal the requirement for a Bidirectional Forwarding 18 Detection (BFD) session prior to adjacency formation. Link-Local 19 Signaling (LLS) is used to advertise this requirement of "strict- 20 mode" of BFD session establishment for OSPF adjacency. If both OSPF 21 neighbors advertise the "strict-mode" of BFD, adjacency formation 22 will be blocked until a BFD session has been successfully 23 established. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at https://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on July 3, 2021. 42 Copyright Notice 44 Copyright (c) 2020 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (https://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 61 2. LLS B-bit Flag . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. Local Interface IPv4 Address TLV . . . . . . . . . . . . . . 4 63 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 4.1. OSPFv3 IPv4 Address-Family Specifics . . . . . . . . . . 6 65 4.2. Graceful Restart Considerations . . . . . . . . . . . . . 6 66 5. Operations & Management Considerations . . . . . . . . . . . 7 67 6. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 68 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 69 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 70 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 71 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 10.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 76 1. Introduction 78 Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to 79 monitor dataplane connectivity and to detect faults in the 80 bidirectional path between them. BFD is leveraged by routing 81 protocols like OSPFv2[RFC2328] and OSPFv3 [RFC5340] to detect 82 connectivity failures for established adjacencies and trigger the 83 rerouting of traffic around the failure more quickly than with OSPF 84 hello packet monitoring. 86 The use of BFD for monitoring routing protocols adjacencies is 87 described in [RFC5882]. When BFD monitoring is enabled for OSPF 88 adjacencies, the BFD session is bootstrapped based on the neighbor 89 address information discovered by the exchange of OSPF hello packets. 90 Faults in the bidirectional forwarding detected via BFD then result 91 in the OSPF adjacency being brought down. Note that it is possible 92 in some failure scenarios for the network to be in a state such that 93 an OSPF adjacency can be established but a BFD session cannot be 94 established and maintained. In certain other scenarios, a degraded 95 or poor quality link may result in OSPF adjacency formation to 96 succeed only to result in BFD session establishment not being 97 successful or flapping of the BFD session. In this case, traffic 98 that gets forwarded over such a link may experience packet drops 99 while the failure of BFD session establishment would not enable fast 100 routing convergence if the link were to go down or flap. 102 To avoid the routing churn associated with these scenarios, it would 103 be beneficial to not allow OSPF to establish an adjacency until a BFD 104 session is successfully established and has stabilized. However, 105 this would preclude the OSPF operation in an environment in which not 106 all OSPF routers support BFD and are enabled for BFD on the link. A 107 solution is to block OSPF adjacency establishment until a BFD session 108 is established as long as both neighbors advertise such a 109 requirement. Such a mode of OSPF BFD usage is referred to as 110 "strict-mode". 112 This document specifies the OSPF protocol extensions using link-local 113 signaling (LLS) [RFC5613] for a router to indicate to its neighbor 114 the willingness to establish a BFD session in the "strict-mode". It 115 also introduces an extension for OSPFv3 link-local signaling of 116 interface IPv4 address when used for IPv4 address-family (AF) 117 instance to enable discovery of the IPv4 addresses for BFD session 118 setup. 120 A similar functionality for IS-IS is specified [RFC6213]. 122 1.1. Requirements Language 124 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 125 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 126 "OPTIONAL" in this document are to be interpreted as described in BCP 127 14 [RFC2119] [RFC8174] when, and only when, they appear in all 128 capitals, as shown here. 130 2. LLS B-bit Flag 132 This document defines the B-bit in the LLS Type 1 Extended Options 133 and Flags field. This bit is defined for the LLS block included in 134 Hello packets and indicates that BFD is enabled on the link and that 135 the router requests BFD strict-mode. Section 7 describes the 136 position of the B-bit. 138 A router MUST include the LLS block with the LLS Type 1 Extended 139 Options and Flags TLV with the B-bit set its Hello messages when BFD 140 is enabled on the link. 142 3. Local Interface IPv4 Address TLV 144 The Local Interface IPv4 Address TLV is an LLS TLV meant for OSPFv3 145 protocol operations for IPv4 AF instances [RFC5838]. It has 146 following format: 148 0 1 2 3 149 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 150 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 151 | Type | Length | 152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 | Local Interface IPv4 Address | 154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 156 where: 158 Type: 21 160 Length: 4 octet 162 Local Interface IPv4 Address: The primary IPv4 address of the 163 local interface. 165 4. Procedures 167 A router supporting BFD strict-mode advertises this capability 168 through its hello messages as described in Section 2. When a router 169 supporting BFD strict-mode discovers a new neighbor router that also 170 supports BFD strict-mode, then it will establish a BFD session first 171 with that neighbor before bringing up the OSPF adjacency as described 172 further in this section. 174 This document updates the OSPF neighbor state machine as described in 175 [RFC2328]. Specifically, the operations related to the Init state as 176 below when BFD strict-mode is used: 178 Init (without BFD strict-mode) 180 In this state, a Hello packet has recently been received from the 181 neighbor. However, bidirectional communication has not yet been 182 established with the neighbor (i.e., the router itself did not 183 appear in the neighbor's Hello packet). All neighbors in this 184 state (or higher) are listed in the Hello packets sent from the 185 associated interface. 187 Init (with BFD strict-mode) 188 In this state, an Hello packet has recently been received from the 189 neighbor. However, bidirectional communication has not yet been 190 established with the neighbor (i.e., the router itself did not 191 appear in the neighbor's Hello packet). A BFD session 192 establishment to the neighbor is requested, if not already done 193 (e.g. in the event of transition from 2-way state). Neighbors in 194 Init state or higher will be listed in the Hello packets 195 associated with the interface if they either have a corresponding 196 BFD session established or have not advertised "strict-mode" BFD 197 in the Hello packet LLS Extended Options and Flags. 199 Whenever the neighbor state transitions to Down state, the removal of 200 the BFD session associated with that neighbor SHOULD be requested by 201 OSPF and subsequent BFD session establishment SHOULD similarly be 202 requested by OSPF upon transitioning into Init state. This may 203 result in the deletion and creation of the BFD session respectively 204 when OSPF is the only client interested in the BFD session to the 205 neighbor address. 207 An implementation MUST NOT wait for BFD session establishment in Init 208 state unless BFD strict-mode is enabled on the router and the 209 specific neighbor indicates BFD strict-mode capability via its Hello 210 LLS options. When BFD is enabled, but the strict-mode of operation 211 has not be signaled by both neighbors, then an implementation SHOULD 212 start the BFD session establishment only in 2-Way state or higher 213 state. This makes it possible for an OSPF router to operate a mix of 214 BFD operation in strict-mode or normal mode across different 215 interfaces or even different neighbors on the same multi-access LAN 216 interface. 218 Once the OSPF state machine has moved beyond the Init state, any 219 change in the B-bit advertised in subsequent Hello messages MUST NOT 220 result in any trigger in either the OSPF adjacency or the BFD session 221 management (i.e., the B-bit is considered only when in the Init 222 state). Disabling BFD (or BFD strict-mode) on an OSPF router would 223 result in it not setting the B-bit in its subsequent Hello LLS 224 options. Disabling BFD strict-mode has no effect on the BFD 225 operations and would not result in bringing down of any established 226 BFD session. Disabling BFD would result in the BFD session brought 227 down due to Admin reason and hence would not bring down the OSPF 228 adjacency. 230 When BFD is enabled on an interface over which we already have an 231 existing OSPF adjacency, it would result in the router setting the 232 B-bit in its subsequent Hello messages. If the adjacency is already 233 up (i.e., in its terminal state of Full or 2-way with non-DR routers 234 on a LAN) with a neighbor that also supports BFD strict-mode, then an 235 implemantion SHOULD NOT bring this adjacency down but instead use the 236 BFD strict-mode of operation after the next transition into Init 237 state. However, if the adjacency is not up, then an implementation 238 MAY bring such an adjacency down so it can use the BFD strict-mode 239 for its bring up. 241 4.1. OSPFv3 IPv4 Address-Family Specifics 243 Multiple AF support in OSPFv3 [RFC5838] requires the use of an IPv6 244 link-local address as the source address for hello packets even when 245 forming adjacencies for IPv4 AF instances. In most deployments of 246 OSPFv3 IPv4 AF, it is required that BFD is used to monitor and verify 247 the IPv4 data plane connectivity between the routers on the link and, 248 hence, the BFD session is setup using IPv4 neighbor addresses. The 249 IPv4 neighbor address on the interface is learnt only later in the 250 adjacency formation process when the neighbor's Link-LSA is received. 251 This results in the setup of the BFD session either after the 252 adjacency is established or later in the adjacency formation 253 sequence. 255 To enable BFD operation in strict-mode, it is necessary for an OSPF 256 router to learned it's neighbor's IPv4 link address during the Init 257 state of adjacency formation (ideally when it receives the first 258 hello). The use of the Local Interface IPv4 Address TLV (as defined 259 in Section 3) in the LLS block of the OSPFv3 Hello messages for IPv4 260 AF instances makes this possible. Implementations that support 261 strict-mode of BFD operation for OSPFv3 IPv4 AF instances MUST 262 include the Local Interface IPv4 Address TLV in the LLS block of 263 their hello messages whenever the B-bit is also set in the LLS 264 Options and Flags field. A receiver MUST ignore the B-bit (i.e., not 265 operate in BFD strict mode) when the Local Interface IPv4 Address TLV 266 is not present in OSPFv3 Hello message for IPv4 AF OSPFv3 instances. 268 4.2. Graceful Restart Considerations 270 An implementation needs to handle scenarios where both graceful 271 restart (GR) and the strict-mode of BFD operation are deployed 272 together. The GR aspects discussed in [RFC5882] also apply with 273 strict-mode of BFD operation. Additionally, in strict-mode of BFD 274 operation, since the OSPF adjacency formation is delayed until the 275 BFD session establishment, the resultant delay in adjacency formation 276 may affect or break the GR-based recovery. In such cases, it is 277 RECOMMENDED that the GR timers are set such that they provide 278 sufficient time to allow for normal BFD session establishment delays. 280 5. Operations & Management Considerations 282 An implementation SHOULD report the BFD session status along with the 283 OSPF Init adjacency state when operating in BFD strict-mode and 284 perform logging operations on state transitions to include the BFD 285 events. This allows an operator to detect scenarios where an OSPF 286 adjacency may be stuck waiting for BFD session establishment. 288 In network deployments with noisy links or those with packet loss, 289 BFD sessions may flap frequently. In such scenarios, OSPF strict- 290 mode for BFD may be deployed in conjunction with a BFD dampening or 291 hold-down mechanism to help avoid frequent adjacency flaps that cause 292 routing churn. 294 6. Backward Compatibility 296 An implementation MUST support OSPF adjacency formation and 297 operations with a neighbor router that does not advertise the BFD 298 strict-mode capability - both when that neighbor router does not 299 support BFD and when it does support BFD but not in the strict-mode 300 of operation as described in this document. Implementations MAY 301 provide an option to specifically enable BFD operations only in the 302 strict-mode. In this case, an OSPF adjacency with a neighbor that 303 does not support BFD strict-mode would not be established 304 successfully. Implementations MAY provide an option to disable BFD 305 strict-mode which results in the router not advertising the B-bit and 306 BFD operations being performed in the same way as prior to this 307 specification. 309 The signaling specified in this document happens at a link-local 310 level between routers on that link. A router that does not support 311 this specification would ignore the B-bit in the LLS block of hello 312 messages from its neighbors and continue to establish BFD sessions, 313 if enabled, without delaying the OSPF adjacency formation. Since the 314 router that does not support this specification would not have set 315 the B-bit in the LLS block of its own hello messages, its neighbor 316 routers that support this specification would not use BFD strict-mode 317 with such OSPF routers. As a result, the behavior would be the same 318 as before this specification. Therefore, there are no backward 319 compatibility issues or implementations considerations beyond what is 320 specified herein. 322 7. IANA Considerations 324 This specification updates Link Local Signaling TLV Identifiers 325 registry. 327 Following values have been assigned via early allocation: 329 o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit 330 position 0x00000010. 332 o Type 21 - Local Interface IPv4 Address TLV 334 8. Security Considerations 336 The security considerations for "OSPF Link-Local Signaling" [RFC5613] 337 also apply to the extension described in this document. 338 Inappropriate use of the B-bit in the LLS block of an OSPF hello 339 message could prevent an OSPF adjacency from forming or lead to 340 failure to detect bidirectional forwarding failures. If 341 authentication is being used in the OSPF routing domain 342 [RFC5709][RFC7474], then the Cryptographic Authentication TLV 343 [RFC5613] SHOULD also be used to protect the contents of the LLS 344 block. 346 9. Acknowledgements 348 The authors would like to acknowledge the review and inputs from Acee 349 Lindem, Manish Gupta and Balaji Ganesh. 351 The authors would like to acknowledge Dylan van Oudheusden for 352 highlighting the problems in using strict-mode for BFD session for 353 IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on 354 the approach to address it. 356 10. References 358 10.1. Normative References 360 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 361 Requirement Levels", BCP 14, RFC 2119, 362 DOI 10.17487/RFC2119, March 1997, 363 . 365 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 366 DOI 10.17487/RFC2328, April 1998, 367 . 369 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 370 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 371 . 373 [RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D. 374 Yeung, "OSPF Link-Local Signaling", RFC 5613, 375 DOI 10.17487/RFC5613, August 2009, 376 . 378 [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and 379 R. Aggarwal, "Support of Address Families in OSPFv3", 380 RFC 5838, DOI 10.17487/RFC5838, April 2010, 381 . 383 [RFC5882] Katz, D. and D. Ward, "Generic Application of 384 Bidirectional Forwarding Detection (BFD)", RFC 5882, 385 DOI 10.17487/RFC5882, June 2010, 386 . 388 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 389 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 390 May 2017, . 392 10.2. Informative References 394 [RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., 395 Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic 396 Authentication", RFC 5709, DOI 10.17487/RFC5709, October 397 2009, . 399 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 400 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 401 . 403 [RFC6213] Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV", 404 RFC 6213, DOI 10.17487/RFC6213, April 2011, 405 . 407 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., 408 "Security Extension for OSPFv2 When Using Manual Key 409 Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, 410 . 412 Authors' Addresses 414 Ketan Talaulikar 415 Cisco Systems, Inc. 416 India 418 Email: ketant@cisco.com 419 Peter Psenak 420 Cisco Systems, Inc. 421 Apollo Business Center 422 Mlynske nivy 43 423 Bratislava 821 09 424 Slovakia 426 Email: ppsenak@cisco.com 428 Albert Fu 429 Bloomberg 430 USA 432 Email: afu14@bloomberg.net 434 Rajesh M 435 Juniper Networks 436 India 438 Email: mrajesh@juniper.net