idnits 2.17.1 draft-ietf-lsr-ospf-bfd-strict-mode-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 24, 2021) is 1123 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Link State Routing K. Talaulikar 3 Internet-Draft P. Psenak 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: September 25, 2021 A. Fu 6 Bloomberg 7 M. Rajesh 8 Juniper Networks 9 March 24, 2021 11 OSPF Strict-Mode for BFD 12 draft-ietf-lsr-ospf-bfd-strict-mode-03 14 Abstract 16 This document specifies the extensions to OSPF that enable an OSPF 17 router to signal the requirement for a Bidirectional Forwarding 18 Detection (BFD) session prior to adjacency formation. Link-Local 19 Signaling (LLS) is used to advertise the requirement of strict-mode 20 for BFD session establishment for OSPF adjacency. If both OSPF 21 neighbors advertise the strict-mode for BFD, adjacency formation will 22 be blocked until a BFD session has been successfully established. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on September 25, 2021. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 60 2. LLS B-bit Flag . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. Local Interface IPv4 Address TLV . . . . . . . . . . . . . . 4 62 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 4.1. OSPFv3 IPv4 Address-Family Specifics . . . . . . . . . . 6 64 4.2. Graceful Restart Considerations . . . . . . . . . . . . . 6 65 5. Operations & Management Considerations . . . . . . . . . . . 7 66 6. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 67 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 70 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 71 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 72 10.2. Informative References . . . . . . . . . . . . . . . . . 9 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 75 1. Introduction 77 Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to 78 monitor data-plane connectivity and to detect faults in the 79 bidirectional path between them. BFD is leveraged by routing 80 protocols like OSPFv2 [RFC2328] and OSPFv3 [RFC5340] to detect 81 connectivity failures for established adjacencies and trigger the 82 rerouting of traffic around the failure faster than with OSPF hello 83 packet monitoring. 85 The use of BFD for monitoring routing protocols adjacencies is 86 described in [RFC5882]. When BFD monitoring is enabled for OSPF 87 adjacencies, the BFD session is bootstrapped based on the neighbor 88 address information discovered by the exchange of OSPF Hello packets. 89 Faults in the bidirectional forwarding detected via BFD then result 90 in the OSPF adjacency being brought down. Note that it is possible 91 in some failure scenarios for the network to be in a state such that 92 an OSPF adjacency can be established but a BFD session cannot be 93 established and maintained. In certain other scenarios, a degraded 94 or poor quality link will allow OSPF adjacency formation to succeed 95 but the BFD session establishment will fail or the BFD session will 96 flap. In this case, traffic that gets forwarded over such a link may 97 experience packet drops while the failure of the BFD session 98 establishment would not enable fast routing convergence if the link 99 were to go down or flap. 101 To avoid the routing churn associated with these scenarios, it would 102 be beneficial to not allow OSPF to establish an adjacency until a BFD 103 session is successfully established and has stabilized. However, 104 this would preclude the OSPF operation in an environment in which not 105 all OSPF routers support BFD and are enabled for BFD on the link. A 106 solution is to block OSPF adjacency establishment until a BFD session 107 is established as long as both neighbors advertise such a 108 requirement. Such a mode of OSPF BFD usage is referred to as 109 "strict-mode". 111 This document specifies the OSPF protocol extensions using link-local 112 signaling (LLS) [RFC5613] for a router to indicate to its neighbor 113 the willingness to establish its adjacency using the strict-mode for 114 BFD. It also introduces an extension for OSPFv3 link-local signaling 115 of the interface IPv4 address when used for an IPv4 address-family 116 (AF) instance to enable discovery of the IPv4 addresses for BFD 117 session setup. 119 A similar functionality for IS-IS is specified [RFC6213]. 121 1.1. Requirements Language 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 125 "OPTIONAL" in this document are to be interpreted as described in BCP 126 14 [RFC2119] [RFC8174] when, and only when, they appear in all 127 capitals, as shown here. 129 2. LLS B-bit Flag 131 This document defines the B-bit in the LLS Type 1 Extended Options 132 and Flags field. This bit is defined for the LLS block included in 133 Hello and Database Description (DD) packets and indicates that BFD is 134 enabled on the link and that the router requests strict-mode for BFD. 135 Section 7 describes the position of the B-bit. 137 A router MUST include the LLS block with the LLS Type 1 Extended 138 Options and Flags TLV with the B-bit set in its Hello and DD packets 139 when strict-mode for BFD is enabled on the link. 141 3. Local Interface IPv4 Address TLV 143 The Local Interface IPv4 Address TLV is an LLS TLV defined for OSPFv3 144 IPv4 AF instance [RFC5838] protocol operation. It has the following 145 format: 147 0 1 2 3 148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 | Type | Length | 151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 152 | Local Interface IPv4 Address | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 where: 157 Type: 21 159 Length: 4 octet 161 Local Interface IPv4 Address: The primary IPv4 address of the 162 local interface. 164 4. Procedures 166 A router supporting strict-mode for BFD advertises this capability 167 through its Hello packets as described in Section 2. When a router 168 supporting strict-mode for BFD discovers a new neighbor router that 169 also supports strict-mode for BFD, then it will establish a BFD 170 session first with that neighbor before bringing up the OSPF 171 adjacency as described further in this section. 173 This document updates the OSPF neighbor state machine as described in 174 [RFC2328]. Specifically, the operations related to the Init state as 175 below when strict-mode for BFD is used: 177 Init (without strict-mode for BFD) 179 In this state, a Hello packet has recently been received from the 180 neighbor. However, bidirectional communication has not yet been 181 established with the neighbor (i.e., the router itself did not 182 appear in the neighbor's Hello packet). All neighbors in this 183 state (or higher) are listed in the Hello packets sent from the 184 associated interface. 186 Init (with strict-mode for BFD) 187 In this state, a Hello packet has recently been received from the 188 neighbor. However, bidirectional communication has not yet been 189 established with the neighbor (i.e., the router itself did not 190 appear in the neighbor's Hello packet). BFD session establishment 191 with the neighbor is requested, if not already completed (e.g., in 192 the event of transition from 2-way state). Neighbors in Init 193 state or higher will be listed in the Hello packets associated 194 with the interface if they either have a corresponding BFD session 195 established or have not advertised strict-mode for BFD in the 196 Hello packet LLS Extended Options and Flags. 198 Whenever the neighbor state transitions to Down state, the removal of 199 the BFD session associated with that neighbor SHOULD be requested by 200 OSPF and subsequent BFD session establishment SHOULD similarly be 201 requested by OSPF upon transitioning into Init state. This may 202 result in the deletion and creation of the BFD session respectively 203 when OSPF is the only client interested in the BFD session with the 204 neighbor address. 206 An implementation MUST NOT wait for BFD session establishment in Init 207 state unless strict-mode for BFD is enabled on the router and the 208 specific neighbor indicates strict-mode for BFD capability via its 209 Hello LLS options. When BFD is enabled, but the strict-mode for 210 operation has not be signaled by both neighbors, then an 211 implementation SHOULD start the BFD session establishment only in 212 2-Way state or higher state. This makes it possible for an OSPF 213 router to support BFD operation in both strict-mode and normal mode 214 across different interfaces or even different neighbors on the same 215 multi-access interface. 217 Once the OSPF state machine has moved beyond the Init state, any 218 change in the B-bit advertised in subsequent Hello packets MUST NOT 219 result in any trigger in either the OSPF adjacency or the BFD session 220 management (i.e., the B-bit is considered only when in Init state). 221 Disabling BFD (or strict-mode for BFD) on an OSPF router would result 222 in it not setting the B-bit in its subsequent Hello LLS options. 223 Disabling strict-mode for BFD has no effect on the BFD operations and 224 would not result in bringing down of any established BFD session. 225 Disabling BFD would result in the BFD session being brought down due 226 to Admin reason [RFC5882] and hence would not bring down the OSPF 227 adjacency. 229 When BFD is enabled on an interface over which we already have an 230 existing OSPF adjacency, it would result in the router setting the 231 B-bit in its subsequent Hello packets. If the adjacency is already 232 up (i.e., in its terminal state of Full or 2-way with non-DR routers 233 on a multi-access interface) with a neighbor that also supports 234 strict-mode for BFD, then an implementation SHOULD NOT bring this 235 adjacency down but instead use the strict-mode for BFD operation 236 after the next transition into Init state. However, if the adjacency 237 is not up, then an implementation MAY bring such an adjacency down so 238 it can use the strict-mode for BFD for its adjacency establishment. 240 4.1. OSPFv3 IPv4 Address-Family Specifics 242 Multiple AF support in OSPFv3 [RFC5838] requires the use of an IPv6 243 link-local address as the source address for Hello packets even when 244 forming adjacencies for IPv4 AF instances. In most deployments of 245 OSPFv3 IPv4 AF, it is required that BFD is used to monitor and verify 246 the IPv4 data plane connectivity between the routers on the link and, 247 hence, the BFD session is setup using IPv4 neighbor addresses. The 248 IPv4 neighbor address on the interface is learned only later in the 249 adjacency formation process when the neighbor's Link-LSA is received. 250 This results in the setup of the BFD session either after the 251 adjacency is established or later in the adjacency formation 252 sequence. 254 To enable operation in strict-mode for BFD, it is necessary for an 255 OSPF router to learn its neighbor's IPv4 link address during the Init 256 state of adjacency formation (ideally when it receives the first 257 hello). The use of the Local Interface IPv4 Address TLV (as defined 258 in Section 3) in the LLS block of the OSPFv3 Hello packets for IPv4 259 AF instances makes this possible. Implementations that support 260 strict-mode for BFD operation for OSPFv3 IPv4 AF instances MUST 261 include the Local Interface IPv4 Address TLV in the LLS block of 262 their Hello packets whenever the B-bit is also set in the LLS Options 263 and Flags field. A receiver MUST ignore the B-bit (i.e., not operate 264 in BFD strict mode) when the Local Interface IPv4 Address TLV is not 265 present in OSPFv3 Hello message for IPv4 AF OSPFv3 instances. 267 4.2. Graceful Restart Considerations 269 An implementation needs to handle scenarios where both graceful 270 restart (GR) and the strict-mode for BFD operation are deployed 271 together. The GR aspects discussed in [RFC5882] also apply with 272 strict-mode for BFD operation. Additionally, in strict-mode for BFD 273 operation, since the OSPF adjacency formation is delayed until the 274 BFD session establishment, the resultant delay in adjacency formation 275 may affect or break the GR-based recovery. In such cases, it is 276 RECOMMENDED that the GR timers are set such that they provide 277 sufficient time to allow for normal BFD session establishment delays. 279 5. Operations & Management Considerations 281 An implementation SHOULD report the BFD session status along with the 282 OSPF Init adjacency state when operating in strict-mode for BFD and 283 perform logging operations on state transitions to include the BFD 284 events. This allows an operator to detect scenarios where an OSPF 285 adjacency may be stuck waiting for BFD session establishment. 287 In network deployments with noisy links or those with packet loss, 288 BFD sessions may flap frequently. In such scenarios, OSPF strict- 289 mode for BFD may be deployed in conjunction with a BFD dampening or 290 hold-down mechanism to avoid frequent adjacency flaps that cause 291 routing churn. 293 6. Backward Compatibility 295 An implementation MUST support OSPF adjacency formation and 296 operations with a neighbor router that does not advertise the strict- 297 mode for BFD capability - both when that neighbor router does not 298 support BFD and when it does support BFD but not in the strict-mode 299 of operation as described in this document. Implementations MAY 300 provide an option to specifically enable BFD operation only in the 301 strict-mode. In this case, an OSPF adjacency with a neighbor that 302 does not support strict-mode for BFD would not be established 303 successfully. Implementations MAY provide an option to disable 304 strict-mode for BFD which results in the router not advertising the 305 B-bit and BFD operation being performed in the same way as prior to 306 this specification. 308 The signaling specified in this document happens at a link-local 309 level between routers on that link. A router that does not support 310 this specification would ignore the B-bit in the LLS block of Hello 311 packets from its neighbors and continue to establish BFD sessions, if 312 enabled, without delaying the OSPF adjacency formation. Since the 313 router that does not support this specification would not have set 314 the B-bit in the LLS block of its own Hello packets, its neighbor 315 routers that support this specification would not use strict-mode for 316 BFD with such OSPF routers. As a result, the behavior would be the 317 same as before this specification. Therefore, there are no backward 318 compatibility issues or implementations considerations beyond what is 319 specified herein. 321 7. IANA Considerations 323 This specification updates Link Local Signaling TLV Identifiers 324 registry. 326 Following values have been assigned via early allocation: 328 o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit 329 position 0x00000010. 331 o Type 21 - Local Interface IPv4 Address TLV 333 8. Security Considerations 335 The security considerations for "OSPF Link-Local Signaling" [RFC5613] 336 also apply to the extension described in this document. 337 Inappropriate use of the B-bit in the LLS block of an OSPF hello 338 message could prevent an OSPF adjacency from forming or lead to 339 failure to detect bidirectional forwarding failures. If 340 authentication is being used in the OSPF routing domain 341 [RFC5709][RFC7474], then the Cryptographic Authentication TLV 342 [RFC5613] SHOULD also be used to protect the contents of the LLS 343 block. 345 9. Acknowledgements 347 The authors would like to acknowledge the review and inputs from Acee 348 Lindem, Manish Gupta and Balaji Ganesh. 350 The authors would like to acknowledge Dylan van Oudheusden for 351 highlighting the problems in using strict-mode for BFD session for 352 IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on 353 the approach to address it. 355 10. References 357 10.1. Normative References 359 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 360 Requirement Levels", BCP 14, RFC 2119, 361 DOI 10.17487/RFC2119, March 1997, 362 . 364 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 365 DOI 10.17487/RFC2328, April 1998, 366 . 368 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 369 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 370 . 372 [RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D. 373 Yeung, "OSPF Link-Local Signaling", RFC 5613, 374 DOI 10.17487/RFC5613, August 2009, 375 . 377 [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and 378 R. Aggarwal, "Support of Address Families in OSPFv3", 379 RFC 5838, DOI 10.17487/RFC5838, April 2010, 380 . 382 [RFC5882] Katz, D. and D. Ward, "Generic Application of 383 Bidirectional Forwarding Detection (BFD)", RFC 5882, 384 DOI 10.17487/RFC5882, June 2010, 385 . 387 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 388 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 389 May 2017, . 391 10.2. Informative References 393 [RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., 394 Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic 395 Authentication", RFC 5709, DOI 10.17487/RFC5709, October 396 2009, . 398 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 399 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 400 . 402 [RFC6213] Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV", 403 RFC 6213, DOI 10.17487/RFC6213, April 2011, 404 . 406 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., 407 "Security Extension for OSPFv2 When Using Manual Key 408 Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, 409 . 411 Authors' Addresses 413 Ketan Talaulikar 414 Cisco Systems, Inc. 415 India 417 Email: ketant@cisco.com 418 Peter Psenak 419 Cisco Systems, Inc. 420 Apollo Business Center 421 Mlynske nivy 43 422 Bratislava 821 09 423 Slovakia 425 Email: ppsenak@cisco.com 427 Albert Fu 428 Bloomberg 429 USA 431 Email: afu14@bloomberg.net 433 Rajesh M 434 Juniper Networks 435 India 437 Email: mrajesh@juniper.net