idnits 2.17.1 draft-ietf-ospf-segment-routing-msd-23.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 12, 2018) is 2023 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-idr-bgp-ls-segment-routing-msd-02 == Outdated reference: A later version (-15) exists of draft-ietf-ospf-mpls-elc-07 == Outdated reference: A later version (-16) exists of draft-ietf-pce-segment-routing-12 -- Obsolete informational reference (is this intentional?): RFC 7752 (Obsoleted by RFC 9552) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OSPF Working Group J. Tantsura 3 Internet-Draft Apstra, Inc. 4 Intended status: Standards Track U. Chunduri 5 Expires: April 15, 2019 Huawei Technologies 6 S. Aldrin 7 Google, Inc 8 P. Psenak 9 Cisco Systems 10 October 12, 2018 12 Signaling MSD (Maximum SID Depth) using OSPF 13 draft-ietf-ospf-segment-routing-msd-23 15 Abstract 17 This document defines a way for an Open Shortest Path First (OSPF) 18 Router to advertise multiple types of supported Maximum SID(Segment 19 Identifier) Depths (MSDs) at node and/or link granularity. Such 20 advertisements allow entities (e.g., centralized controllers) to 21 determine whether a particular SID stack can be supported in a given 22 network. This document defines only one type of MSD, but defines an 23 encoding that can support other MSD types. Here the term OSPF means 24 both OSPFv2 and OSPFv3. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on April 15, 2019. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 62 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 4 63 2. Node MSD Advertisement . . . . . . . . . . . . . . . . . . . 4 64 3. Link MSD sub-TLV . . . . . . . . . . . . . . . . . . . . . . 5 65 4. Procedures for Defining and Using Node and Link MSD 66 Advertisements . . . . . . . . . . . . . . . . . . . . . . . 6 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 69 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 70 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 73 9.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 76 1. Introduction 78 When Segment Routing (SR) paths are computed by a centralized 79 controller, it is critical that the controller learns the Maximum SID 80 (Segment Identifier) Depth (MSD) that can be imposed at each node/ 81 link on a given SR path to ensure that the Segment Identifier (SID) 82 stack depth of a computed path doesn't exceed the number of SIDs the 83 node is capable of imposing. 85 [I-D.ietf-pce-segment-routing] defines how to signal MSD in the Path 86 Computation Element communication Protocol (PCEP). However, if PCEP 87 is not supported/configured on the head-end of an SR tunnel or a 88 Binding-SID anchor node and controller does not participate in IGP 89 routing, it has no way to learn the MSD of nodes and links. BGP-LS 90 (Distribution of Link-State and TE Information using Border Gateway 91 Protocol) [RFC7752] defines a way to expose topology and associated 92 attributes and capabilities of the nodes in that topology to a 93 centralized controller. MSD signaling by BGP-LS has been defined in 94 [I-D.ietf-idr-bgp-ls-segment-routing-msd]. Typically, BGP-LS is 95 configured on a small number of nodes that do not necessarily act as 96 head-ends. In order for BGP-LS to signal MSD for all the nodes and 97 links in the network MSD is relevant, MSD capabilities SHOULD be 98 advertised by every OSPF router in the network. 100 Other types of MSD are known to be useful. For example, 101 [I-D.ietf-ospf-mpls-elc] defines Readable Label Depth Capability 102 (RLDC) that is used by a head-end to insert an Entropy Label (EL) at 103 a depth that could be read by transit nodes. 105 This document defines an extension to OSPF used to advertise one or 106 more types of MSD at node and/or link granularity. In the future it 107 is expected, that new MSD-types will be defined to signal additional 108 capabilities e.g., entropy labels, SIDs that can be imposed through 109 recirculation, or SIDs associated with another dataplane e.g., IPv6. 111 MSD advertisements MAY be useful even if Segment Routing itself is 112 not enabled. For example, in a non-SR MPLS network, MSD defines the 113 maximum label depth. 115 1.1. Terminology 117 This memo makes use of the terms defined in [RFC7770] 119 BGP-LS: Distribution of Link-State and TE Information using Border 120 Gateway Protocol 122 OSPF: Open Shortest Path First 124 MSD: Maximum SID Depth - the number of SIDs supported by a node or a 125 link on a node 127 SID: Segment Identifier as defined in [RFC8402] 129 Label Imposition: Imposition is the act of modifying and/or adding 130 labels to the outgoing label stack associated with a packet. This 131 includes: 133 o replacing the label at the top of the label stack with a new label 135 o pushing one or more new labels onto the label stack 137 The number of labels imposed is then the sum of the number of labels 138 which are replaced and the number of labels which are pushed. See 139 [RFC3031] for further details. 141 PCC: Path Computation Client 143 PCE: Path Computation Element 144 PCEP: Path Computation Element Protocol 146 SR: Segment Routing 148 SID: Segment Identifier 150 LSA: Link state advertisement 152 RI: OSPF Router Information LSA 154 1.2. Requirements Language 156 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 157 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 158 "OPTIONAL" in this document are to be interpreted as described in BCP 159 14 [RFC2119] [RFC8174] when, and only when, they appear in all 160 capitals, as shown here. 162 2. Node MSD Advertisement 164 The node MSD TLV within the body of the OSPF RI Opaque LSA [RFC7770] 165 is defined to carry the provisioned SID depth of the router 166 originating the RI LSA. Node MSD is the smallest MSD supported by 167 the node on the set of interfaces configured for use by the 168 advertising IGP instance. MSD values may be learned via a hardware 169 API or may be provisioned. 171 0 1 2 3 172 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 | Type | Length | 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 | MSD-Type | MSD-Value | MSD-Type... | MSD-Value... | 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 Figure 1: Node MSD TLV 182 Type: TBD1 184 Length: variable (multiple of 2 octets) and represents the total 185 length of value field in octets. 187 Value: consists of one or more pairs of a 1 octet MSD-type and 1 188 octet MSD-Value. 190 MSD-Type: one of the values defined in the IGP MSD Types registry 191 defined in [I-D.ietf-isis-segment-routing-msd]. 193 MSD-Value: a number in the range of 0-255. For all MSD-Types, 0 194 represents lack of the ability to impose MSD stack of any depth; any 195 other value represents that of the node. This value MUST represent 196 the lowest value supported by any link configured for use by the 197 advertising OSPF instance. 199 This TLV is applicable to OSPFv2 and to OSPFv3 and is optional. The 200 scope of the advertisement is specific to the deployment. 202 When multiple Node MSD TLVs are received from a given router, the 203 receiver MUST use the first occurrence of the TLV in the Router 204 Information LSA. If the Node MSD TLV appears in multiple Router 205 Information LSAs that have different flooding scopes, the Node MSD 206 TLV in the Router Information LSA with the area-scoped flooding scope 207 MUST be used. If the Node MSD TLV appears in multiple Router 208 Information LSAs that have the same flooding scope, the Node MSD TLV 209 in the Router Information (RI) LSA with the numerically smallest 210 Instance ID MUST be used and other instances of the Node MSD TLV MUST 211 be ignored. The RI LSA can be advertised at any of the defined 212 opaque flooding scopes (link, area, or Autonomous System (AS)). For 213 the purpose of Node MSD TLV advertisement, area-scoped flooding is 214 RECOMMENDED. 216 3. Link MSD sub-TLV 218 The link sub-TLV is defined to carry the MSD of the interface 219 associated with the link. MSD values may be learned via a hardware 220 API or may be provisioned. 222 0 1 2 3 223 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | Type | Length | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | MSD-Type | MSD-Value | MSD-Type... | MSD-Value... | 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 Figure 2: Link MSD Sub-TLV 233 Type: 235 For OSPFv2, the Link level MSD-Value is advertised as an optional 236 Sub-TLV of the OSPFv2 Extended Link TLV as defined in [RFC7684], and 237 has a type of TBD2. 239 For OSPFv3, the Link level MSD-Value is advertised as an optional 240 Sub-TLV of the E-Router-LSA TLV as defined in [RFC8362], and has a 241 type of TBD3. 243 Length: variable and same as defined in Section 2. 245 Value: consists of one or more pairs of a 1 octet MSD-type and 1 246 octet MSD-Value. 248 MSD-Type: one of the values defined in the MSD Types registry defined 249 in [I-D.ietf-isis-segment-routing-msd]. 251 MSD-Value field contains Link MSD of the router originating the 252 corresponding LSA as specified for OSPFv2 and OSPFv3. Link MSD is a 253 number in the range of 0-255. For all MSD-Types, 0 represents lack 254 of the ability to impose MSD stack of any depth; any other value 255 represents that of the particular link when used as an outgoing 256 interface. 258 If this sub-TLV is advertised multiple times in the same OSPFv2 259 Extended Link Opaque LSA/E-Router-LSA, only the first instance of the 260 TLV MUST be used by receiving OSPF routers. This situation SHOULD be 261 logged as an error. 263 If this sub-TLV is advertised multiple times for the same link in 264 different OSPF Extended Link Opaque LSAs/E-Router-LSAs originated by 265 the same OSPF router, the OSPFv2 Extended Link TLV in the OSPFv2 266 Extended Link Opaque LSA with the smallest Opaque ID or in the OSPFv3 267 E-Router-LSA with the smallest Link State ID MUST be used by 268 receiving OSPF routers. This situation MAY be logged as a warning. 270 4. Procedures for Defining and Using Node and Link MSD Advertisements 272 When Link MSD is present for a given MSD-type, the value of the Link 273 MSD MUST take precedence over the Node MSD. When a Link MSD-type is 274 not signaled but the Node MSD-type is, then the Node MSD-type value 275 MUST be considered as the MSD value for that link. 277 In order to increase flooding efficiency, it is RECOMMENDED that 278 routers with homogenous link MSD values advertise just the Node MSD 279 value. 281 The meaning of the absence of both Node and Link MSD advertisements 282 for a given MSD-type is specific to the MSD-type. Generally it can 283 only be inferred that the advertising node does not support 284 advertisement of that MSD-type. However, in some cases the lack of 285 advertisement might imply that the functionality associated with the 286 MSD-type is not supported. The correct interpretation MUST be 287 specified when an MSD-type is defined in 288 [I-D.ietf-isis-segment-routing-msd]. 290 5. IANA Considerations 292 This document requests IANA to allocate TLV type (TBD1) from the OSPF 293 Router Information (RI) TLVs Registry as defined by [RFC7770]. IANA 294 has allocated the value 12 through the early assignment process. 296 Value Description Reference 297 ----- --------------- ------------- 298 12 Node MSD This document 300 Figure 3: RI Node MSD 302 Also, this document requests IANA to allocate a sub-TLV type (TBD2) 303 from the OSPFv2 Extended Link TLV Sub-TLVs registry. IANA has 304 allocated the value 6 through the early assignment process. 306 Value Description Reference 307 ----- --------------- ------------- 308 6 OSPFv2 Link MSD This document 310 Figure 4: OSPFv2 Link MSD 312 Finally, this document requests IANA to allocate a sub-TLV type 313 (TBD3) from the OSPFv3 Extended-LSA Sub-TLV registry. 315 Value Description Reference 316 ----- --------------- ------------- 317 TBD3 OSPFv3 Link MSD This document 319 Figure 5: OSPFv3 Link MSD 321 6. Security Considerations 323 Security concerns for OSPF are addressed in [RFC7474], [RFC4552] and 324 [RFC7166]. Further security analysis for OSPF protocol is done in 325 [RFC6863]. Security considerations, as specified by [RFC7770], 326 [RFC7684] and [RFC8362] are applicable to this document. 328 Implementations MUST assure that malformed TLV and Sub-TLV defined in 329 this document are detected and do not provide a vulnerability for 330 attackers to crash the OSPF router or routing process. Reception of 331 malformed TLV or Sub-TLV SHOULD be counted and/or logged for further 332 analysis. Logging of malformed TLVs and Sub-TLVs SHOULD be rate- 333 limited to prevent a Denial of Service (DoS) attack (distributed or 334 otherwise) from overloading the OSPF control plane. 336 Advertisement of an incorrect MSD value may have negative 337 consequences. If the value is smaller than supported, path 338 computation may fail to compute a viable path. If the value is 339 larger than supported, an attempt to instantiate a path that can't be 340 supported by the head-end (the node performing the SID imposition) 341 may occur. 343 The presence of this information also may inform an attacker of how 344 to induce any of the aforementioned conditions. 346 There's no Denial of Service risk specific to this extension, and it 347 is not vulnerable to replay attacks. 349 7. Contributors 351 The following people contributed to this document: 353 Les Ginsberg 355 Email: ginsberg@cisco.com 357 8. Acknowledgments 359 The authors would like to thank Acee Lindem, Ketan Talaulikar, Tal 360 Mizrahi, Stephane Litkowski and Bruno Decraene for their reviews and 361 valuable comments. 363 9. References 364 9.1. Normative References 366 [I-D.ietf-isis-segment-routing-msd] 367 Tantsura, J., Chunduri, U., Aldrin, S., and L. Ginsberg, 368 "Signaling MSD (Maximum SID Depth) using IS-IS", draft- 369 ietf-isis-segment-routing-msd-19 (work in progress), 370 October 2018. 372 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 373 Requirement Levels", BCP 14, RFC 2119, 374 DOI 10.17487/RFC2119, March 1997, 375 . 377 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 378 Label Switching Architecture", RFC 3031, 379 DOI 10.17487/RFC3031, January 2001, 380 . 382 [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., 383 Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute 384 Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 385 2015, . 387 [RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and 388 S. Shaffer, "Extensions to OSPF for Advertising Optional 389 Router Capabilities", RFC 7770, DOI 10.17487/RFC7770, 390 February 2016, . 392 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 393 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 394 May 2017, . 396 [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and 397 F. Baker, "OSPFv3 Link State Advertisement (LSA) 398 Extensibility", RFC 8362, DOI 10.17487/RFC8362, April 399 2018, . 401 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 402 Decraene, B., Litkowski, S., and R. Shakir, "Segment 403 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 404 July 2018, . 406 9.2. Informative References 408 [I-D.ietf-idr-bgp-ls-segment-routing-msd] 409 Tantsura, J., Chunduri, U., Mirsky, G., and S. Sivabalan, 410 "Signaling MSD (Maximum SID Depth) using Border Gateway 411 Protocol Link-State", draft-ietf-idr-bgp-ls-segment- 412 routing-msd-02 (work in progress), August 2018. 414 [I-D.ietf-ospf-mpls-elc] 415 Xu, X., Kini, S., Sivabalan, S., Filsfils, C., and S. 416 Litkowski, "Signaling Entropy Label Capability and Entropy 417 Readable Label-stack Depth Using OSPF", draft-ietf-ospf- 418 mpls-elc-07 (work in progress), September 2018. 420 [I-D.ietf-pce-segment-routing] 421 Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 422 and J. Hardwick, "PCEP Extensions for Segment Routing", 423 draft-ietf-pce-segment-routing-12 (work in progress), June 424 2018. 426 [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality 427 for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, 428 . 430 [RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security 431 According to the Keying and Authentication for Routing 432 Protocols (KARP) Design Guide", RFC 6863, 433 DOI 10.17487/RFC6863, March 2013, 434 . 436 [RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting 437 Authentication Trailer for OSPFv3", RFC 7166, 438 DOI 10.17487/RFC7166, March 2014, 439 . 441 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., 442 "Security Extension for OSPFv2 When Using Manual Key 443 Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, 444 . 446 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 447 S. Ray, "North-Bound Distribution of Link-State and 448 Traffic Engineering (TE) Information Using BGP", RFC 7752, 449 DOI 10.17487/RFC7752, March 2016, 450 . 452 Authors' Addresses 454 Jeff Tantsura 455 Apstra, Inc. 457 Email: jefftant.ietf@gmail.com 459 Uma Chunduri 460 Huawei Technologies 462 Email: uma.chunduri@huawei.com 464 Sam Aldrin 465 Google, Inc 467 Email: aldrin.ietf@gmail.com 469 Peter Psenak 470 Cisco Systems 472 Email: ppsenak@cisco.com