idnits 2.17.1 draft-ietf-ospf-node-admin-tag-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: To avoid incomplete or inconsistent interpretations of the per-node administrative tags the same tag value MUST NOT be advertised by a router in RI LSAs of different scopes. The same tag MAY be advertised in multiple RI LSAs of the same scope, for example, OSPF Area Border Router (ABR) may advertise the same tag in area-scope RI LSAs in multiple areas connected to the ABR. If a node administrative tag is received in different scopes, the conflicting tag SHOULD not be used and this situation SHOULD be logged as an error including the tag with conflicting scopes and the originator(s). An ABR in a stub or NSSA area MAY originate AS scoped RI LSAs and flood them into non-stub/NSSA areas and MAY originate area scoped RI LSAs into the stub/NSSA areas as the AS scoped LSAs are not flooded into stub/NSSA areas. -- The document date (October 16, 2015) is 3108 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4970' is defined on line 575, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4970 (Obsoleted by RFC 7770) == Outdated reference: A later version (-29) exists of draft-ietf-ospf-yang-02 == Outdated reference: A later version (-31) exists of draft-ietf-rtgwg-policy-model-00 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Open Shortest Path First IGP S. Hegde 3 Internet-Draft Juniper Networks, Inc. 4 Intended status: Standards Track R. Shakir 5 Expires: April 18, 2016 Individual 6 A. Smirnov 7 Cisco Systems, Inc. 8 Z. Li 9 Huawei Technologies 10 B. Decraene 11 Orange 12 October 16, 2015 14 Advertising per-node administrative tags in OSPF 15 draft-ietf-ospf-node-admin-tag-08 17 Abstract 19 This document describes an extension to the OSPF protocol to add an 20 optional operational capability, that allows tagging and grouping of 21 the nodes in an OSPF domain. This allows simplification, ease of 22 management and control over route and path selection based on 23 configured policies. This document describes an extension to the 24 OSPF protocol to advertise per-node administrative tags. The node- 25 tags can be used to express and apply locally-defined network 26 policies which is a very useful operational capability. Node tags 27 may be used either by OSPF itself or by other applications consuming 28 information propagated via OSPF. 30 This document describes the protocol extensions to disseminate per- 31 node administrative tags to the OSPFv2 and OSPFv3 protocol. It 32 provides example use cases of administrative node tags. 34 Requirements Language 36 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 37 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 38 document are to be interpreted as described in RFC 2119 [RFC2119]. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at http://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on April 18, 2016. 57 Copyright Notice 59 Copyright (c) 2015 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents 64 (http://trustee.ietf.org/license-info) in effect on the date of 65 publication of this document. Please review these documents 66 carefully, as they describe your rights and restrictions with respect 67 to this document. Code Components extracted from this document must 68 include Simplified BSD License text as described in Section 4.e of 69 the Trust Legal Provisions and are provided without warranty as 70 described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3 76 3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3 77 3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3 78 3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 79 3.2.1. Interpretation of Node Administrative Tags . . . . . 4 80 3.2.2. Use of Node Administrative Tags . . . . . . . . . . . 5 81 3.2.3. Processing Node Administrative Tag changes . . . . . 6 82 4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 83 4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 84 4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 7 85 4.3. Controlling Remote LFA tunnel termination . . . . . . . . 8 86 4.4. Mobile back-haul network service deployment . . . . . . . 8 87 4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 88 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 89 6. Operational Considerations . . . . . . . . . . . . . . . . . 11 90 7. Manageability Considerations . . . . . . . . . . . . . . . . 12 91 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 92 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 93 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 94 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 95 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 96 11.2. Informative References . . . . . . . . . . . . . . . . . 13 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 99 1. Introduction 101 It is useful to assign a per-node administrative tag to a router in 102 the OSPF domain and use it as an attribute associated with the node. 103 The per-node administrative tag can be used in variety of 104 applications, for example: 106 (a) Traffic-engineering applications to provide different path- 107 selection criteria. 109 (b) Prefer or prune certain paths in Loop Free Alternate (LFA) 110 backup selection via local policies as defined in 111 [I-D.ietf-rtgwg-lfa-manageability]. 113 This document provides mechanisms to advertise per-node 114 administrative tags in OSPF for route and path selection. Route and 115 path selection functionality applies to both to TE and non Traffic 116 Engineering (TE) applications and hence new TLV for carrying per-node 117 administrative tags is included in Router Information (RI) Link State 118 Advertisement (LSA) [I-D.ietf-ospf-rfc4970bis]. 120 2. Administrative Tag TLV 122 An administrative Tag is a 32-bit integer value that can be used to 123 identify a group of nodes in the OSPF domain. 125 The new TLV defined will be carried within an RI LSA for OSPFV2 and 126 OSPFV3. Router information (RI)LSA [I-D.ietf-ospf-rfc4970bis] can 127 have link-, area- or Autonomous Sytem (AS) level flooding scope. The 128 choice of what scope at which to flood the group tags is a matter of 129 local policy.It is expected that node administrative tag values will 130 not be portable across administrative domains. 132 The TLV specifies one or more administrative tag values. An OSPF 133 node advertises the set of groups it is part of in the OSPF domain 134 (for example, all PE-nodes are configured with certain tag value, all 135 P-nodes are configured with a different tag value in the domain). 136 Multiple TLVs MAY be added in same RI-LSA or in a different instance 137 of the RI LSA as defined in [I-D.ietf-ospf-rfc4970bis]. 139 3. OSPF per-node administrative tag TLV 141 3.1. TLV format 143 [I-D.ietf-ospf-rfc4970bis], defines Router Information (RI) LSA which 144 may be used to advertise properties of the originating router. The 145 payload of the RI LSA consists of one or more nested Type/Length/ 146 Value (TLV) triplets. Node administrative tags are advertised in the 147 Node Administrative Tag TLV. The format of the Node Administrative 148 Tag TLV is: 150 0 1 2 3 151 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 | Type | Length | 154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 | Administrative Tag #1 | 156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 | Administrative Tag #2 | 158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 // // 160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 | Administrative Tag #N | 162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 Figure 1: OSPF per-node Administrative Tag TLV 166 Type : TBA, Suggested value 10 168 Length: A 16-bit field that indicates the length of the value portion 169 in octets and will be a multiple of 4 octets dependent on the number 170 of tags advertised. 172 Value: A sequence of multiple four octets defining the administrative 173 tags. At least one tag MUST be carried if this TLV is included in 174 the RI-LSA. 176 3.2. Elements of procedure 178 3.2.1. Interpretation of Node Administrative Tags 180 The meaning of the Node administrative tags is generally opaque to 181 OSPF. Routers advertising the per-node administrative tag (or tags) 182 may be configured to do so without knowing (or even without 183 supporting processing of) the functionality implied by the tag. This 184 section describes general rules/ regulations and guidelines for using 185 and interpreting an administrative tag which will facilitate 186 interoperable implementations by vendors. 188 Interpretation of tag values is specific to the administrative domain 189 of a particular network operator, and hence tag values SHOULD NOT be 190 propagated outside the administrative domain to which they apply. 191 The meaning of a per-node administrative tag is defined by the 192 network local policy and is controlled via the configuration. If a 193 receiving node does not understand the tag value or does not have a 194 local policy corresponding to the tag, it ignores the specific tag 195 and floods the RI LSA without any change as defined in 196 [I-D.ietf-ospf-rfc4970bis]. 198 The semantics of the tag order has no meaning. That is, there is no 199 implied meaning to the ordering of the tags that indicates a certain 200 operation or set of operations that need to be performed based on the 201 ordering. 203 Each tag must be treated as an independent identifier that may be 204 used in policy to perform a policy action. Each tag carried by the 205 administrative tag TLV should be used to indicate a characteristic of 206 a node that is independent of the characteristics indicated by other 207 administrative tags. The administrative tag list within the TLV MUST 208 be considered an unordered list. Whilst policies may be implemented 209 based on the presence of multiple tags (e.g., if tag A AND tag B are 210 present), they MUST NOT be reliant upon the order of the tags (i.e., 211 all policies should be considered commutative operations, such that 212 tag A preceding or following tag B does not change their outcome). 214 To avoid incomplete or inconsistent interpretations of the per-node 215 administrative tags the same tag value MUST NOT be advertised by a 216 router in RI LSAs of different scopes. The same tag MAY be 217 advertised in multiple RI LSAs of the same scope, for example, OSPF 218 Area Border Router (ABR) may advertise the same tag in area-scope RI 219 LSAs in multiple areas connected to the ABR. If a node 220 administrative tag is received in different scopes, the conflicting 221 tag SHOULD not be used and this situation SHOULD be logged as an 222 error including the tag with conflicting scopes and the 223 originator(s). An ABR in a stub or NSSA area MAY originate AS scoped 224 RI LSAs and flood them into non-stub/NSSA areas and MAY originate 225 area scoped RI LSAs into the stub/NSSA areas as the AS scoped LSAs 226 are not flooded into stub/NSSA areas. 228 3.2.2. Use of Node Administrative Tags 230 The per-node administrative tags are not meant to be extended by 231 future OSPF standards. New OSPF extensions are not expected to 232 require use of per-node administrative tags or define well-known tag 233 values. Node administrative tags are for generic use and do not 234 require IANA registry. Future OSPF extensions requiring well known 235 values MAY define their own data signalling tailored to the needs of 236 the feature or MAY use the capability TLV as defined in 237 [I-D.ietf-ospf-rfc4970bis]. 239 Being part of the RI LSA, the per-node administrative tag TLV must be 240 reasonably small and stable. In particular, implementations 241 supporting per-node administrative tags MUST NOT be used to convey 242 attributes of the routing topology or associate tags with changes in 243 the network topology (both within and outside the OSPF domain) or 244 reachability of routes. 246 3.2.3. Processing Node Administrative Tag changes 248 Multiple node administrative tag TLVs MAY appear in an RI LSA or 249 multiple node administrative tag TLVs MAY be contained in different 250 instances of the RI LSA. The node administrative tags associated 251 with a node that originates tags for the purpose of any computation 252 or processing at a receiving node SHOULD be a superset of node 253 administrative tags from all the TLVs in all the received RI LSA 254 instances in the Link-State Database (LSDB) advertised by the 255 corresponding OSPF router. When an RI LSA is received that changes 256 the set of tags applicable to any originating node, which has 257 features depending on node administrative tags , a receiving node 258 MUST repeat any computation or processing that is based on those 259 administrative tags. 261 When there is a change or removal of an administrative affiliation of 262 a node, the node MUST re-originate the RI LSA with the latest set of 263 node administrative tags. On the receiver, When there is a change in 264 the node administrative tag TLV or removal/ addition of a TLV in any 265 instance of the RI-LSA, implementations MUST take appropriate 266 measures to update their state according to the changed set of tags. 267 The exact actions needed depend on features working with 268 administrative tags and is outside of scope of this specification. 270 4. Applications 272 This section lists several examples of how implementations might use 273 the per-node administrative tags. These examples are given only to 274 demonstrate the generic usefulness of the router tagging mechanism. 275 Implementations supporting this specification are not required to 276 implement any of these use cases. It is also worth noting that in 277 some described use cases routers configured to advertise tags help 278 other routers in their calculations but do not themselves implement 279 the same functionality. 281 4.1. Service auto-discovery 283 Router tagging may be used to automatically discover a group of 284 routers sharing a particular service. 286 For example, a service provider might desire to establish a full mesh 287 of MPLS TE tunnels between all PE routers in the area of the MPLS VPN 288 network. Marking all PE routers with a tag and configuring devices 289 with a policy to create MPLS TE tunnels to all other devices 290 advertising this tag will automate maintenance of the full mesh. 291 When new PE router is added to the area, all other PE devices will 292 open TE tunnels to it without the need of reconfiguring them. 294 4.2. Fast-Re-routing policy 296 Increased deployment of Loop Free Alternates (LFA) as defined in 297 [RFC5286] poses operation and management challenges. 298 [I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when 299 implemented, will ease LFA operation concerns. 301 One of the proposed refinements is to be able to group the nodes in 302 an IGP domain with administrative tags and engineer the LFA based on 303 configured policies. 305 (a) Administrative limitation of LFA scope 307 Service provider access infrastructure is frequently designed in 308 a layered approach with each layer of devices serving different 309 purposes and thus having different hardware capabilities and 310 configured software features. When LFA repair paths are being 311 computed, it may be desirable to exclude devices from being 312 considered as LFA candidates based on their layer. 314 For example, if the access infrastructure is divided into the 315 Access, Distribution and Core layers it may be desirable for a 316 Distribution device to compute LFA only via Distribution or Core 317 devices but not via Access devices. This may be due to features 318 enabled on Access routers, due to capacity limitations or due to 319 the security requirements. Managing such a policy via 320 configuration of the router computing LFA is cumbersome and error 321 prone. 323 With the Node administrative tags it is possible to assign a tag 324 to each layer and implement LFA policy of computing LFA repair 325 paths only via neighbors which advertise the Core or Distribution 326 tag. This requires minimal per-node configuration and the 327 network automatically adapts when new links or routers are added. 329 (b) LFA calculation optimization 331 Calculation of LFA paths may require significant resources of the 332 router. One execution of Dijkstra's algorithm is required for 333 each neighbor eligible to become the next hop of repair paths. 335 Thus, a router with a few hundreds of neighbors may need to 336 execute the algorithm hundreds of times before the best (or even 337 valid) repair path is found. Manually excluding from the 338 calculation neighbors that are known to provide no valid LFA 339 (such as single-connected routers) may significantly reduce 340 number of Dijkstra algorithm runs. 342 LFA calculation policy may be configured so that routers 343 advertising certain tag value are excluded from LFA calculation 344 even if they are otherwise suitable. 346 4.3. Controlling Remote LFA tunnel termination 348 [RFC7490] defined a method of tunnelling traffic after connected link 349 failure to extend the basic LFA coverage and an algorithm to find 350 tunnel tail-end routers fitting LFA requirement. In most cases the 351 proposed algorithm finds more than one candidate tail-end router. In 352 real-life network it may be desirable to exclude some nodes from the 353 list of candidates based on the local policy. This may be either due 354 to known limitations of the node (the router does not accept the 355 targeted LDP sessions required to implement Remote LFA tunnelling) or 356 due to administrative requirements (for example, it may be desirable 357 to choose the tail-end router among co-located devices). 359 The Node administrative tag delivers a simple and scalable solution. 360 Remote LFA can be configured with a policy to accept during the tail- 361 end router calculation as candidates only routers advertising a 362 certain tag. Tagging routers allows to both exclude nodes not 363 capable of serving as Remote LFA tunnel tail-ends and to define a 364 region from which tail-end router must be selected. 366 4.4. Mobile back-haul network service deployment 368 Mobile back-haul networks usually adopt a ring topology to save fibre 369 resources; it is usually divided into the aggregate network and the 370 access network. Cell Site Gateways(CSGs) connects the eNodeBs and 371 RNC(Radio Network Controller) Site Gateways(RSGs) connects the RNCs. 372 The mobile traffic is transported from CSGs to RSGs. The network 373 takes a typical aggregate traffic model that more than one access 374 rings will attach to one pair of aggregate site gateways(ASGs) and 375 more than one aggregate rings will attach to one pair of RSGs. 377 ---------------- 378 / \ 379 / \ 380 / \ 381 +------+ +----+ Access +----+ 382 |eNodeB|---|CSG1| Ring 1 |ASG1|------------ 383 +------+ +----+ +----+ \ 384 \ / \ 385 \ / +----+ +---+ 386 \ +----+ |RSG1|----|RNC| 387 -------------| | Aggregate +----+ +---+ 388 |ASG2| Ring | 389 -------------| | +----+ +---+ 390 / +----+ |RSG2|----|RNC| 391 / \ +----+ +---+ 392 / \ / 393 +------+ +----+ Access +----+ / 394 |eNodeB|---|CSG2| Ring 2 |ASG3|----------- 395 +------+ +----+ +----+ 396 \ / 397 \ / 398 \ / 399 ----------------- 401 Figure 2: Mobile Backhaul Network 403 A typical mobile back-haul network with access rings and aggregate 404 links is shown in figure above. The mobile back-haul networks deploy 405 traffic engineering due to strict Service Level Agreements(SLA). The 406 Traffic Engineering(TE) paths may have additional constraints to 407 avoid passing via different access rings or to get completely 408 disjoint backup TE paths. The mobile back-haul networks towards the 409 access side change frequently due to the growing mobile traffic and 410 addition of new LTE Evolved NodeBs (eNodeB). It's complex to satisfy 411 the requirements using cost, link color or explicit path 412 configurations. The node administrative tag defined in this document 413 can be effectively used to solve the problem for mobile back-haul 414 networks. The nodes in different rings can be assigned with specific 415 tags. TE path computation can be enhanced to consider additional 416 constraints based on node administrative tags. 418 4.5. Explicit routing policy 420 A partially meshed network provides multiple paths between any two 421 nodes in the network. In a data centre environment, the topology is 422 usually highly symmetric with many/all paths having equal cost. In a 423 long distance network, this is usually less the case, for a variety 424 of reasons (e.g. historic, fibre availability constraints, different 425 distances between transit nodes, different roles ...). Hence between 426 a given source and destination, a path is typically preferred over 427 the others, while between the same source and another destination, a 428 different path may be preferred. 430 +----------------------+ +----------------+ 431 | \ / | 432 | +-----------------+ x +---------+ | 433 | | \/ \/ | | 434 | | +-T-10-T | | 435 | | / | /| | | 436 | | / 100 / | | | 437 | | / | | 100 | | 438 | | / +-+-+ | | | 439 | | / / | | | | 440 | | / / R-18-R | | 441 | | 10 10 /\ /\ | | 442 | | / / / \ / \ | | 443 | | / / / x \ | | 444 | | / / 10 10 \ \ | | 445 | | / / / / 10 10 | | 446 | | / / / / \ \ | | 447 | | A-25-A A-25-A A-25-A | | 448 | | | | \ \ / / | | 449 | | | | 201 201 201 201 | | 450 | | | | \ \ / / | | 451 | | 201 201 \ x / | | 452 | | | | \ / \ / | | 453 | | | | \/ \/ | | 454 | | I-24-I I-24-I 100 100 455 | | / / | | | | 456 | +-+ / | +-----------+ | 457 +---------+ +---------------------+ 459 Figure 3: Explicit Routing topology 461 In the above topology, operator may want to enforce the following 462 high level explicit routing policies: 464 - Traffic from A nodes to A nodes should preferably go through R 465 or T nodes (rather than through I nodes); 467 - Traffic from A nodes to I nodes must not go through R and T 468 nodes. 470 With node admin tags, tag A (resp. I, R, T) can be configured on all 471 A (resp. I, R, T) nodes to advertise their role. The first policy 472 is about preferring one path over another. Given the chosen metrics, 473 it is achieved with regular SPF routing. The second policy is about 474 prohibiting (pruning) some paths. It requires an explicit routing 475 policy. With the use of node tags, this may be achieved with a 476 generic CSPF policy configured on A nodes: for destination nodes 477 having the tag "A" runs a CSPF with the exclusion of nodes having the 478 tag "I". 480 5. Security Considerations 482 Node administrative tags may be used by operators to indicate 483 geographical location or other sensitive information. As indicated 484 in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not 485 provide confidentiality and the information carried in node 486 administrative tags could be leaked to an IGP snooper. 487 Confidentiality for the OSPF control packets can be achieved by 488 either running OSPF on top of IP Security (IPSEC) tunnels or by 489 applying IPSEC based security mechanisms as described in [RFC4552]. 491 Advertisement of tag values for one administrative domain into 492 another risks misinterpretation of the tag values (if the two domains 493 have assigned different meanings to the same values), which may have 494 undesirable and unanticipated side effects. 496 [RFC4593] and [RFC6863] discuss the generic threats to routing 497 protocols and OSPF respectively. These security threats are also 498 applicable to the mechanisms described in this document.OSPF 499 authentication described in [RFC2328] and [RFC5340] or extended 500 authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD 501 be used in deployments where attackers have access to the physical 502 networks and nodes included in the OSPF domain are vulnerable. 504 6. Operational Considerations 506 Operators can assign meaning to the node administrative tags which is 507 local to the operator's administrative domain. The operational use 508 of node administrative tags is analogical to the IS-IS prefix tags 509 [RFC5130] and BGP communities [RFC1997]. Operational discipline and 510 procedures followed in configuring and using BGP communities and ISIS 511 Prefix tags is also applicable to the usage of node administrative 512 tags. 514 Defining language for local policies is outside the scope of this 515 document. As in case of other policy applications, the pruning 516 policies can cause the path to be completely removed from forwarding 517 plane, and hence have the potential for more severe operational 518 impact (e.g., node unreachability due to path removal) by comparison 519 to preference policies that only affect path selection. 521 7. Manageability Considerations 523 Node administrative tags are configured and managed using routing 524 policy enhancements. YANG data definition language is the latest 525 model to describe and define configuration for network devices. OSPF 526 YANG data model is described in [I-D.ietf-ospf-yang] and routing 527 policy configuration model is described in 528 [I-D.ietf-rtgwg-policy-model]. These two documents will be enhanced 529 to include the node administrative tag related configurations. 531 8. IANA Considerations 533 This specification updates one OSPF registry: OSPF Router Information 534 (RI) TLVs Registry 536 i) Node Admin Tag TLV - Suggested value 10 538 ** RFC Editor**: Please replace above suggested value with the IANA- 539 assigned value. 541 9. Contributors 543 Thanks to Hannes Gredler for his substantial review,guidance and to 544 the editing of this document. Thanks to Harish Raguveer for his 545 contributions to initial versions of the draft. 547 10. Acknowledgements 549 Thanks to Bharath R, Pushpasis Sarakar and Dhruv Dhody for useful 550 inputs. Thanks to Chris Bowers for providing useful inputs to remove 551 ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee 552 Lindem for the inputs. Thanks to David Black for careful review and 553 valuable suggestions for the document especially for the operations 554 section. 556 11. References 558 11.1. Normative References 560 [I-D.ietf-ospf-rfc4970bis] 561 Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S. 562 Shaffer, "Extensions to OSPF for Advertising Optional 563 Router Capabilities", draft-ietf-ospf-rfc4970bis-07 (work 564 in progress), October 2015. 566 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 567 Requirement Levels", BCP 14, RFC 2119, 568 DOI 10.17487/RFC2119, March 1997, 569 . 571 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 572 DOI 10.17487/RFC2328, April 1998, 573 . 575 [RFC4970] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and 576 S. Shaffer, "Extensions to OSPF for Advertising Optional 577 Router Capabilities", RFC 4970, DOI 10.17487/RFC4970, July 578 2007, . 580 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 581 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 582 . 584 [RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. 585 So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", 586 RFC 7490, DOI 10.17487/RFC7490, April 2015, 587 . 589 11.2. Informative References 591 [I-D.ietf-ospf-yang] 592 Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K. 593 Koushik, "Yang Data Model for OSPF Protocol", draft-ietf- 594 ospf-yang-02 (work in progress), September 2015. 596 [I-D.ietf-rtgwg-lfa-manageability] 597 Litkowski, S., Decraene, B., Filsfils, C., Raza, K., 598 Horneffer, M., and P. Sarkar, "Operational management of 599 Loop Free Alternates", draft-ietf-rtgwg-lfa- 600 manageability-11 (work in progress), June 2015. 602 [I-D.ietf-rtgwg-policy-model] 603 Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, 604 "Routing Policy Configuration Model for Service Provider 605 Networks", draft-ietf-rtgwg-policy-model-00 (work in 606 progress), September 2015. 608 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 609 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 610 . 612 [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality 613 for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, 614 . 616 [RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to 617 Routing Protocols", RFC 4593, DOI 10.17487/RFC4593, 618 October 2006, . 620 [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy 621 Control Mechanism in IS-IS Using Administrative Tags", 622 RFC 5130, DOI 10.17487/RFC5130, February 2008, 623 . 625 [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for 626 IP Fast Reroute: Loop-Free Alternates", RFC 5286, 627 DOI 10.17487/RFC5286, September 2008, 628 . 630 [RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security 631 According to the Keying and Authentication for Routing 632 Protocols (KARP) Design Guide", RFC 6863, 633 DOI 10.17487/RFC6863, March 2013, 634 . 636 [RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting 637 Authentication Trailer for OSPFv3", RFC 7166, 638 DOI 10.17487/RFC7166, March 2014, 639 . 641 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., 642 "Security Extension for OSPFv2 When Using Manual Key 643 Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, 644 . 646 Authors' Addresses 648 Shraddha Hegde 649 Juniper Networks, Inc. 650 Embassy Business Park 651 Bangalore, KA 560093 652 India 654 Email: shraddha@juniper.net 655 Rob Shakir 656 Individual 658 Email: rjs@rob.sh 660 Anton Smirnov 661 Cisco Systems, Inc. 662 De Kleetlaan 6a 663 Diegem 1831 664 Belgium 666 Email: as@cisco.com 668 Li zhenbin 669 Huawei Technologies 670 Huawei Bld. No.156 Beiqing Rd 671 Beijing 100095 672 China 674 Email: lizhenbin@huawei.com 676 Bruno Decraene 677 Orange 679 Email: bruno.decraene@orange.com