idnits 2.17.1 draft-ietf-ospf-node-admin-tag-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 27, 2015) is 3158 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4970 (Obsoleted by RFC 7770) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Open Shortest Path First IGP S. Hegde 3 Internet-Draft Juniper Networks, Inc. 4 Intended status: Standards Track H. Raghuveer 5 Expires: February 28, 2016 6 H. Gredler 7 Juniper Networks, Inc. 8 R. Shakir 9 British Telecom 10 A. Smirnov 11 Cisco Systems, Inc. 12 Z. Li 13 Huawei Technologies 14 B. Decraene 15 Orange 16 August 27, 2015 18 Advertising per-node administrative tags in OSPF 19 draft-ietf-ospf-node-admin-tag-03 21 Abstract 23 This document describes an extension to OSPF protocol to add an 24 optional operational capability, that allows tagging and grouping of 25 the nodes in an OSPF domain. This allows simplification, ease of 26 management and control over route and path selection based on 27 configured policies. This document describes an extension to OSPF 28 protocol to advertise per-node administrative tags. This optional 29 operational capability allows to express and act upon locally-defined 30 network policy which considers node properties conveyed by tags. 31 Node tags may be used either by OSPF itself or by other applications 32 consuming information propagated via OSPF. 34 This document describes the protocol extensions to disseminate per- 35 node administrative-tags to the OSPFv2 and OSPFv3 protocol. It 36 provides example use cases of administrative node tags. 38 Requirements Language 40 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 41 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 42 document are to be interpreted as described in RFC 2119 [RFC2119]. 44 Status of This Memo 46 This Internet-Draft is submitted in full conformance with the 47 provisions of BCP 78 and BCP 79. 49 Internet-Drafts are working documents of the Internet Engineering 50 Task Force (IETF). Note that other groups may also distribute 51 working documents as Internet-Drafts. The list of current Internet- 52 Drafts is at http://datatracker.ietf.org/drafts/current/. 54 Internet-Drafts are draft documents valid for a maximum of six months 55 and may be updated, replaced, or obsoleted by other documents at any 56 time. It is inappropriate to use Internet-Drafts as reference 57 material or to cite them other than as "work in progress." 59 This Internet-Draft will expire on February 28, 2016. 61 Copyright Notice 63 Copyright (c) 2015 IETF Trust and the persons identified as the 64 document authors. All rights reserved. 66 This document is subject to BCP 78 and the IETF Trust's Legal 67 Provisions Relating to IETF Documents 68 (http://trustee.ietf.org/license-info) in effect on the date of 69 publication of this document. Please review these documents 70 carefully, as they describe your rights and restrictions with respect 71 to this document. Code Components extracted from this document must 72 include Simplified BSD License text as described in Section 4.e of 73 the Trust Legal Provisions and are provided without warranty as 74 described in the Simplified BSD License. 76 Table of Contents 78 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 79 2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3 80 3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3 81 3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3 82 3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 83 4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 5 84 4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 85 4.2. Fast-Rerouting policy . . . . . . . . . . . . . . . . . . 6 86 4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7 87 4.4. Mobile backhaul network service deployment . . . . . . . 7 88 4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 89 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 90 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 91 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 92 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 93 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 94 8.2. Informative References . . . . . . . . . . . . . . . . . 11 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 97 1. Introduction 99 It is useful to assign a per-node administrative tag to a router in 100 the OSPF domain and use it as an attribute associated with the node. 101 The per-node administrative tag can be used in variety of 102 applications, for ex: - Traffic-engineering applications to provide 103 different path-selection criteria, - Prefer or prune certain paths in 104 Loop Free Alternate (LFA) backup selection via local policies. 106 This document provides mechanisms to advertise per-node 107 administrative tags in the OSPF. Path selection is a functional set 108 which applies both to TE and non-TE applications and hence new TLV 109 for carrying per-node administrative tags is included in Router 110 Information LSA [RFC4970] . 112 2. Administrative Tag TLV 114 An administrative Tag is a 32-bit integer value that can be used to 115 identify a group of nodes in the OSPF domain. 117 The new TLV defined will be carried within an RI LSA for OSPFV2 and 118 OSPFV3. Router information LSA [RFC4970] can have link, area or AS 119 level flooding scope. Choosing the flooding scope to flood the group 120 tags are defined by the policies and is a local matter. 122 The TLV specifies one or more administrative tag values. An OSPF 123 node advertises the set of groups it is part of in the OSPF domain. 124 (for example, all PE-nodes are configured with certain tag value, all 125 P-nodes are configured with a different tag value in a domain). 126 Multiple TLVs MAY be added in same RI-LSA or in different instance of 127 the RI LSA as defined in [I-D.acee-ospf-rfc4970bis]. 129 3. OSPF per-node administrative tag TLV 131 3.1. TLV format 133 [RFC4970], defines Router Information (RI) LSA which may be used to 134 advertise properties of the originating router. Payload of the RI 135 LSA consists of one or more nested Type/Length/Value (TLV) triplets. 136 Node administrative tags are advertised in the Node Administrative 137 Tag TLV. The format of Node Administrative Tag TLV is: 139 0 1 2 3 140 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 | Type | Length | 143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 | Administrative Tag #1 | 145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 146 | Administrative Tag #2 | 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 148 // // 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 | Administrative Tag #N | 151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 Figure 1: OSPF per-node Administrative Tag TLV 155 Type : TBA, Suggested value 10 157 Length: A 16-bit field that indicates the length of the value portion 158 in octets and will be a multiple of 4 octets dependent on the number 159 of tags advertised. 161 Value: A sequence of multiple 4 octets defining the administrative 162 tags. At least one tag MUST be carried if this TLV is included in 163 the RI-LSA. 165 3.2. Elements of procedure 167 Meaning of the Node administrative tags is generally opaque to OSPF. 168 Router advertising the per-node administrative tag (or tags) may be 169 configured to do so without knowing (or even explicitly supporting) 170 functionality implied by the tag. 172 Interpretation of tag values is specific to the administrative domain 173 of a particular network operator. The meaning of a per-node 174 administrative tag is defined by the network local policy and is 175 controlled via the configuration. If a receiving node does not 176 understand the tag value, it ignores the specific tag and floods the 177 RI LSA without any change as defined in [RFC4970]. 179 The semantics of the tag order has no meaning. That is, there is no 180 implied meaning to the ordering of the tags that indicates a certain 181 operation or set of operations that need to be performed based on the 182 ordering. 184 Each tag SHOULD be treated as an independent identifier that MAY be 185 used in policy to perform a policy action. Tags carried by the 186 administrative tag TLV SHOULD be used to indicate independent 187 characteristics of a node. The TLV SHOULD be considered an unordered 188 list. Whilst policies may be implemented based on the presence of 189 multiple tags (e.g., if tag A AND tag B are present), they MUST NOT 190 be reliant upon the order of the tags (i.e., all policies should be 191 considered commutative operations, such that tag A preceding or 192 following tag B does not change their outcome). 194 To avoid incomplete or inconsistent interpretations of the per-node 195 administrative tags the same tag value MUST NOT be advertised by a 196 router in RI LSAs of different scopes. The same tag MAY be 197 advertised in multiple RI LSAs of the same scope, for example, OSPF 198 Area Border Router (ABR) may advertise the same tag in area-scope RI 199 LSAs in multiple areas connected to the ABR. 201 The per-node administrative tags are not meant to be extended by the 202 future OSPF standards. The new OSPF extensions MUST NOT require use 203 of per-node administrative tags or define well-known tag values. 204 Node administrative tags are for generic use and do not require IANA 205 registry. The future OSPF extensions requiring well known values MAY 206 define their own data signalling tailored to the needs of the feature 207 or MAY use capability TLV as defined in [RFC4970]. 209 Being part of the RI LSA, the per-node administrative tag TLV must be 210 reasonably small and stable. In particular, but not limited to, 211 implementations supporting the per-node administrative tags MUST NOT 212 tie advertised tags to changes in the network topology (both within 213 and outside the OSPF domain) or reachability of routes. 215 Multiple node administrative tag TLVs MAY appear in an RI LSA or 216 multiple node administrative tag TLVs MAY be contained in different 217 instances of the RI LSA. The node administrative tags associated 218 with a node for the purpose of any computation or processing SHOULD 219 be a superset of node administrative tags from all the TLVs in all 220 instances of the RI LSA originated by that node. 222 When there is a change in the node administrative tag TLV or removal/ 223 addition of a TLV in any instance of the RI-LSA, implementations MUST 224 take appropriate measures to update its state according to the 225 changed set of tags. Exact actions depend on features working with 226 administrative tags and is outside of scope of this specification. 228 4. Applications 230 This section lists several examples of how implementations might use 231 the Node administrative tags. These examples are given only to 232 demonstrate generic usefulness of the router tagging mechanism. 233 Implementation supporting this specification is not required to 234 implement any of the use cases. It is also worth noting that in some 235 described use cases routers configured to advertise tags help other 236 routers in their calculations but do not themselves implement the 237 same functionality. 239 4.1. Service auto-discovery 241 Router tagging may be used to automatically discover group of routers 242 sharing a particular service. 244 For example, service provider might desire to establish full mesh of 245 MPLS TE tunnels between all PE routers in the area of MPLS VPN 246 network. Marking all PE routers with a tag and configuring devices 247 with a policy to create MPLS TE tunnels to all other devices 248 advertising this tag will automate maintenance of the full mesh. 249 When new PE router is added to the area, all other PE devices will 250 open TE tunnels to it without the need of reconfiguring them. 252 4.2. Fast-Rerouting policy 254 Increased deployment of Loop Free Alternates (LFA) as defined in 255 [RFC5286] poses operation and management challenges. 256 [I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when 257 implemented, will ease LFA operation concerns. 259 One of the proposed refinements is to be able to group the nodes in 260 IGP domain with administrative tags and engineer the LFA based on 261 configured policies. 263 (a) Administrative limitation of LFA scope 265 Service provider access infrastructure is frequently designed in 266 layered approach with each layer of devices serving different 267 purposes and thus having different hardware capabilities and 268 configured software features. When LFA repair paths are being 269 computed, it may be desirable to exclude devices from being 270 considered as LFA candidates based on their layer. 272 For example, if the access infrastructure is divided into the 273 Access, Distribution and Core layers it may be desirable for a 274 Distribution device to compute LFA only via Distribution or Core 275 devices but not via Access devices. This may be due to features 276 enabled on Access routers; due to capacity limitations or due to 277 the security requirements. Managing such a policy via 278 configuration of the router computing LFA is cumbersome and error 279 prone. 281 With the Node administrative tags it is possible to assign a tag 282 to each layer and implement LFA policy of computing LFA repair 283 paths only via neighbors which advertise the Core or Distribution 284 tag. This requires minimal per-node configuration and network 285 automatically adapts when new links or routers are added. 287 (b) LFA calculation optimization 289 Calculation of LFA paths may require significant resources of the 290 router. One execution of Dijkstra algorithm is required for each 291 neighbor eligible to become next hop of repair paths. Thus a 292 router with a few hundreds of neighbors may need to execute the 293 algorithm hundreds of times before the best (or even valid) 294 repair path is found. Manually excluding from the calculation 295 neighbors which are known to provide no valid LFA (such as 296 single-connected routers) may significantly reduce number of 297 Dijkstra algorithm runs. 299 LFA calculation policy may be configured so that routers 300 advertising certain tag value are excluded from LFA calculation 301 even if they are otherwise suitable. 303 4.3. Controlling Remote LFA tunnel termination 305 [RFC7490] proposed method of tunneling traffic after connected link 306 failure to extend the basic LFA coverage and algorithm to find tunnel 307 tail-end routers fitting LFA requirement. In most cases proposed 308 algorithm finds more than one candidate tail-end router. In real 309 life network it may be desirable to exclude some nodes from the list 310 of candidates based on the local policy. This may be either due to 311 known limitations of the node (the router does not accept targeted 312 LDP sessions required to implement Remote LFA tunnelling) or due to 313 administrative requirements (for example, it may be desirable to 314 choose tail-end router among co-located devices). 316 The Node administrative tag delivers simple and scalable solution. 317 Remote LFA can be configured with a policy to accept during the tail- 318 end router calculation as candidates only routers advertising certain 319 tag. Tagging routers allows to both exclude nodes not capable of 320 serving as Remote LFA tunnel tail-ends and to define a region from 321 which tail-end router must be selected. 323 4.4. Mobile backhaul network service deployment 325 The topology of mobile back-haul network usually adopts ring topology 326 to save fibre resource and it is divided into the aggregate network 327 and the access network. Cell Site Gateways(CSGs) connects the 328 eNodeBs and RNC(Radio Network Controller) Site Gateways(RSGs) 329 connects the RNCs. The mobile traffic is transported from CSGs to 330 RSGs. The network takes a typical aggregate traffic model that more 331 than one access rings will attach to one pair of aggregate site 332 gateways(ASGs) and more than one aggregate rings will attach to one 333 pair of RSGs. 335 ---------------- 336 / \ 337 / \ 338 / \ 339 +------+ +----+ Access +----+ 340 |eNodeB|---|CSG1| Ring 1 |ASG1|------------ 341 +------+ +----+ +----+ \ 342 \ / \ 343 \ / +----+ +---+ 344 \ +----+ |RSG1|----|RNC| 345 -------------| | Aggregate +----+ +---+ 346 |ASG2| Ring | 347 -------------| | +----+ +---+ 348 / +----+ |RSG2|----|RNC| 349 / \ +----+ +---+ 350 / \ / 351 +------+ +----+ Access +----+ / 352 |eNodeB|---|CSG2| Ring 2 |ASG3|----------- 353 +------+ +----+ +----+ 354 \ / 355 \ / 356 \ / 357 ----------------- 359 Figure 2: Mobile Backhaul Network 361 A typical mobile back-haul network with access rings and aggregate 362 links is shown in figure above. The mobile back-haul networks deploy 363 traffic engineering due to the strict Service Level Agreements(SLA). 364 The TE paths may have additional constraints to avoid passing via 365 different access rings or to get completely disjoint backup TE paths. 366 The mobile back-haul networks towards the access side change 367 frequently due to the growing mobile traffic and addition of new 368 eNodeBs. It's complex to satisfy the requirements using cost, link 369 color or explicit path configurations. The node administrative tag 370 defined in this document can be effectively used to solve the problem 371 for mobile back-haul networks. The nodes in different rings can be 372 assigned with specific tags. TE path computation can be enhanced to 373 consider additional constraints based on node administrative tags. 375 4.5. Explicit routing policy 377 Partially meshed network provides multiple paths between any two 378 nodes in the network. In a data centre environment, the topology is 379 usually highly symmetric with many/all paths having equal cost. In a 380 long distance network, this is usually less the case for a variety of 381 reasons (e.g. historic, fibre availability constraints, different 382 distances between transit nodes, different roles ...). Hence between 383 a given source and destination, a path is typically preferred over 384 the others, while between the same source and another destination, a 385 different path may be preferred. 387 +--------------------+ 388 | | 389 | +----------+ | 390 | | | | 391 T-10-T | | 392 /| /| | | 393 / | / | | | 394 --+ | | | | | 395 / +--+-+ 100 | | 396 / / | | | | 397 / / R-18-R | | 398 / / /\ /\ | | 399 / | / \ / \ | | 400 / | / x \ | | 401 A-25-A 10 10 \ \ | | 402 / / 10 10 | | 403 / / \ \ | | 404 A-25-A A-25-A | | 405 \ \ / / | | 406 201 201 201 201 | | 407 \ \ / / | | 408 \ x / | | 409 \ / \ / | | 410 \/ \/ | | 411 I-24-I 100 100 412 | | | | 413 | +-----------+ | 414 | | 415 +---------------------+ 417 Figure 3: Explicit Routing topology 419 In the above topology, operator may want to enforce the following 420 high level explicitly routed policies: 422 - Traffic from A nodes to A nodes must not go through I nodes 424 - Traffic from A nodes to I nodes must not go through R and T 425 nodes 427 With node admin tags, tag A (resp. I, R, T) can be configured on all 428 A (resp. I, R, T) nodes to advertise their role. Then a generic 429 CSPF policy can be configured on all A nodes to enforce the above 430 explicit routing objectives. (e.g. CSPF to destinations A exclude 431 node with tags I). 433 5. Security Considerations 435 This document does not introduce any further security issues other 436 than those discussed in [RFC2328] and [RFC5340]. 438 6. IANA Considerations 440 This specification updates one OSPF registry: OSPF Router Information 441 (RI) TLVs Registry 443 i) TBD - Node Admin tag TLV 445 7. Acknowledgments 447 Thanks to Bharath R, Pushpasis Sarakar and Dhruv Dhody for useful 448 inputs. Thanks to Chris Bowers for providing useful inputs to remove 449 ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee 450 Lindem for the inputs. 452 8. References 454 8.1. Normative References 456 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 457 Requirement Levels", BCP 14, RFC 2119, 458 DOI 10.17487/RFC2119, March 1997, 459 . 461 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 462 DOI 10.17487/RFC2328, April 1998, 463 . 465 [RFC4970] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and 466 S. Shaffer, "Extensions to OSPF for Advertising Optional 467 Router Capabilities", RFC 4970, DOI 10.17487/RFC4970, July 468 2007, . 470 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 471 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 472 . 474 [RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. 475 So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", 476 RFC 7490, DOI 10.17487/RFC7490, April 2015, 477 . 479 8.2. Informative References 481 [I-D.acee-ospf-rfc4970bis] 482 Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S. 483 Shaffer, "Extensions to OSPF for Advertising Optional 484 Router Capabilities", draft-acee-ospf-rfc4970bis-00 (work 485 in progress), July 2014. 487 [I-D.ietf-rtgwg-lfa-manageability] 488 Litkowski, S., Decraene, B., Filsfils, C., Raza, K., 489 Horneffer, M., and P. Sarkar, "Operational management of 490 Loop Free Alternates", draft-ietf-rtgwg-lfa- 491 manageability-11 (work in progress), June 2015. 493 [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for 494 IP Fast Reroute: Loop-Free Alternates", RFC 5286, 495 DOI 10.17487/RFC5286, September 2008, 496 . 498 Authors' Addresses 500 Shraddha Hegde 501 Juniper Networks, Inc. 502 Embassy Business Park 503 Bangalore, KA 560093 504 India 506 Email: shraddha@juniper.net 508 Harish Raghuveer 510 Email: harish.r.prabhu@gmail.com 511 Hannes Gredler 512 Juniper Networks, Inc. 513 1194 N. Mathilda Ave. 514 Sunnyvale, CA 94089 515 US 517 Email: hannes@juniper.net 519 Rob Shakir 520 British Telecom 522 Email: rob.shakir@bt.com 524 Anton Smirnov 525 Cisco Systems, Inc. 526 De Kleetlaan 6a 527 Diegem 1831 528 Belgium 530 Email: as@cisco.com 532 Li zhenbin 533 Huawei Technologies 534 Huawei Bld. No.156 Beiqing Rd 535 Beijing 100095 536 China 538 Email: lizhenbin@huawei.com 540 Bruno Decraene 541 Orange 543 Email: bruno.decraene@orange.com