idnits 2.17.1 draft-ketant-lsr-ospf-bfd-strict-mode-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 1, 2019) is 1630 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Link State Routing K. Talaulikar 3 Internet-Draft P. Psenak 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: May 4, 2020 A. Fu 6 Bloomberg 7 M. Rajesh 8 Juniper Networks 9 November 1, 2019 11 OSPF Strict-Mode for BFD 12 draft-ketant-lsr-ospf-bfd-strict-mode-03 14 Abstract 16 This document specifies the extensions to OSPF that enables a router 17 and its neighbor to signal their intention to use Bidirectional 18 Forwarding Detection (BFD) for their adjacency using link-local 19 advertisement between them. The signaling of this BFD enablement, 20 allows the router to block and not allow the establishment of 21 adjacency with its neighbor router until a BFD session is 22 successfully established between them. The document describes this 23 OSPF "strict-mode" of BFD establishment as a prerequisite to 24 adjacency formation. 26 Requirements Language 28 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 29 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 30 "OPTIONAL" in this document are to be interpreted as described in BCP 31 14 [RFC2119] [RFC8174] when, and only when, they appear in all 32 capitals, as shown here. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on May 4, 2020. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. LLS B-bit Flag . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Local Interface IPv4 Address TLV . . . . . . . . . . . . . . 4 70 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 4 71 4.1. OSPFv3 IPv4 Address-Family Specifics . . . . . . . . . . 6 72 4.2. Graceful Restart Considerations . . . . . . . . . . . . . 6 73 5. Operations & Management Considerations . . . . . . . . . . . 6 74 6. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 75 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 76 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 77 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 78 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 79 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 80 10.2. Informative References . . . . . . . . . . . . . . . . . 9 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 83 1. Introduction 85 Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to 86 monitor dataplane connectivity over links between them and to detect 87 faults in the bidirectional path between them. This capability is 88 leveraged by routing protocols like Open Shortest Path First (OSPFv2) 89 [RFC2328] and OSPFv3 [RFC5340] to detect connectivity failures for 90 their adjacencies and trigger the rerouting of traffic around this 91 failure more quickly than their periodic hello messaging based 92 detection mechanism. 94 The use of BFD for monitoring routing protocols adjacencies is 95 described in [RFC5882]. When BFD monitoring is enabled for OSPF 96 adjacencies, the BFD session is bootstrapped based on the neighbor 97 address information discovered by the exchange of OSPF hello 98 messages. Faults in the bidirectional forwarding detected via BFD 99 then result in the bringing down of the OSPF adjacency. Note that it 100 is possible in some failure scenarios for the network to be in a 101 state such that the OSPF adjacency is capable of coming up, but the 102 BFD session cannot be established, and, more particularly, data 103 cannot be forwarded. In certain other scenarios, a degraded or poor 104 quality link may result in OSPF adjacency formation to succeed only 105 to result in BFD session establishment not being successful or the 106 BFD session going down frequently due to its faster detection 107 mechanism. 109 To avoid such situations which result in routing churn in the 110 network, it would be beneficial not to allow OSPF to establish a 111 neighbor adjacency until the BFD session is successfully established 112 and stabilized. However, this would preclude the OSPF operation in 113 an environment in which not all OSPF routers support BFD and are 114 enabled for BFD monitoring. A solution would be to block the 115 establishment of OSPF adjacencies if both systems are willing to 116 establish a BFD session but a BFD session cannot be established. 117 Such a mode of BFD use by OSPF is referred to as "strict-mode" 118 wherein BFD session establishment becomes a prerequisite for OSPF 119 adjacency coming up. 121 This document specifies the OSPF protocol extensions using link-local 122 signaling (LLS) [RFC5613] for a router to indicate to its neighbor 123 the willingness to establish a BFD session in the "strict-mode". It 124 also introduces an extension for OSPFv3 link-local signaling of 125 interface IPv4 address when used for IPv4 address-family (AF) 126 instance to enable discovery of the IPv4 addresses for BFD session 127 setup. 129 A similar functionality for IS-IS is specified [RFC6213]. 131 2. LLS B-bit Flag 133 A new B-bit is defined in the LLS Type 1 Extended Options and Flags 134 field. This bit is defined for the LLS block included in Hello 135 packets and indicates that BFD is enabled on the link and that the 136 router supports BFD strict-mode. Section 7 describes the position of 137 this new B-bit. 139 A router MUST include the LLS block with the LLS Type 1 Extended 140 Options and Flags TLV with the B-bit set its Hello messages when BFD 141 is enabled on the link. 143 3. Local Interface IPv4 Address TLV 145 The Local Interface IPv4 Address TLV is a new LLS TLV meant for 146 OSPFv3 protocol operations for IPv4 AF instances [RFC5838]. It has 147 following format: 149 0 1 2 3 150 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 152 | Type | Length | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 154 | Local Interface IPv4 Address | 155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 where: 159 Type: TBD, suggested value 21 161 Length: 4 octet 163 Local Interface IPv4 Address: The primary IPv4 address of the 164 local interface. 166 4. Procedures 168 A router supporting BFD strict-mode advertises this capability 169 through its hello messages as described in Section 2 above. When a 170 router supporting BFD strict-mode, detects a new neighbor router that 171 also supports BFD strict-mode, then it proceeds to establish 172 adjacency with that neighbor as described further in this section. 174 This document updates the OSPF neighbor state machine as described in 175 [RFC2328] specifically the operations related to the Init state as 176 below when BFD strict-mode is used: 178 Init (without BFD strict-mode) 180 In this state, an Hello packet has recently been seen from the 181 neighbor. However, bidirectional communication has not yet been 182 established with the neighbor (i.e., the router itself did not 183 appear in the neighbor's Hello packet). All neighbors in this 184 state (or higher) are listed in the Hello packets sent from the 185 associated interface. 187 Init (with BFD strict-mode) 189 In this state, an Hello packet has recently been seen from the 190 neighbor. However, bidirectional communication has not yet been 191 established with the neighbor (i.e., the router itself did not 192 appear in the neighbor's Hello packet). A BFD session 193 establishment to the neighbor is requested, if not already done 194 (e.g. in the event of transition from 2-way state). All neighbors 195 in higher than Init state and those in Init state with BFD session 196 up are listed in the Hello packets sent from the associated 197 interface. 199 Whenever the neighbor state transitions to Down state, the removal of 200 the BFD session associated with that neighbor SHOULD be requested by 201 OSPF and the session re-setup SHOULD similarly be requested by OSPF 202 after transitioning into Init state. This may result in the deletion 203 and creation of BFD session respectively when OSPF is the only client 204 interested in BFD session to the neighbor address. 206 An implementation MUST NOT wait for BFD session establishment in Init 207 state unless BFD strict-mode is enabled on the router and the 208 specific neighbor indicates BFD strict-mode capability via its Hello 209 messages. When BFD is enabled, but the strict-mode of operation 210 cannot be used, then an implementation SHOULD start the BFD session 211 establishment only in 2-Way or higher state. This makes it possible 212 for router to operate a mix of BFD operation in strict-mode or normal 213 mode across different interfaces or even different neighbors on the 214 same multi-access LAN interface. 216 Once the OSPF state machine has moved beyond the Init state, any 217 change in the B-bit advertised in subsequent Hello messages MUST NOT 218 result in any trigger in either the OSPF adjacency or the BFD session 219 management (i.e. the B-bit is considered only when in the Init 220 state). The disabling of BFD (or BFD strict-mode) on a router would 221 result in its not setting the B-bit in its subsequent Hello messages. 222 The disabling of BFD strict-mode has no change on the BFD operations 223 and would not result in bringing down of any established BFD session. 224 The disabling of BFD would result in the BFD session brought down due 225 to Admin reason and hence would not bring down the OSPF adjacency. 227 When BFD is enabled on an interface over which we already have an 228 existing OSPF adjacency, it would result in the router setting the 229 B-bit in its subsequent Hello messages. If the adjacency is already 230 up (i.e. in its terminal state of Full or 2-way with non-DR routers 231 on a LAN) with a neighbor that also support BFD strict-mode, then an 232 implemantion SHOULD NOT bring this adjacency down and instead use the 233 BFD strict-mode of operations after the next transition into Init 234 state. However, if the adjacency is not up, then an implementation 235 MAY bring such an adjacency down so it can use the BFD strict-mode 236 for its bring up. 238 4.1. OSPFv3 IPv4 Address-Family Specifics 240 The multiple AF support in OSPFv3 [RFC5838] requires the use of IPv6 241 link-local address as source address for hello packets even when 242 forming adjacencies for IPv4 AF instances. In most deployments of 243 OSPFv3 IPv4 AF, it is required that BFD be used to monitor and verify 244 the IPv4 data plane connectivity between the routers on the link and 245 hence the BFD session is setup using IPv4 neighbor addresses. The 246 IPv4 neighbor address on the interface is learnt only later in the 247 adjacency formation phase when the neighbor's Link-LSA is received. 248 This results in the setup of the BFD session either after the 249 adjacency is established or much later in the adjacency formation 250 sequence. 252 To enable the BFD operations in strict-mode, it is necessary for a 253 router to learn it's neighbor's IPv4 link address during the Init 254 state of adjacency formation (ideally when it receives the first 255 hello). The use of the Local Interface IPv4 Address TLV (as defined 256 in Section 3) in the LLS block of the OSPFv3 Hello messages for IPv4 257 AF instances makes this possible. Implementations that support 258 strict-mode of BFD operations for OSPFv3 IPv4 AF instances MUST 259 include the Local Interface IPv4 Address TLV in the LLS block of 260 their hello messages whenever the B-bit is set. A receiver MUST 261 ignore the B-bit (i.e. not operate in BFD strict mode) unless the 262 Local Interface IPv4 Address TLV is present in OSPFv3 Hello message 263 for IPv4 AF instances. 265 4.2. Graceful Restart Considerations 267 An implementation needs to handle scenarios where both graceful 268 restart (GR) and the strict-mode of BFD operations are deployed 269 together. The GR aspects discussed in [RFC5882] also apply with 270 strict-mode of operations. In addition to that, since the OSPF 271 adjacency formation is held up until the BFD session establishment in 272 the strict-mode of operation, the resultant delay in adajcency 273 formation may affect or break the GR based recovery. In such cases, 274 it is RECOMMENDED that the GR timers are setup such that they provide 275 sufficient time to cover for normal BFD session establishment delays. 277 5. Operations & Management Considerations 279 An implementation SHOULD report the BFD session status along with the 280 OSPF Init adjacency state when operating in BFD strict-mode and 281 perform logging operations on state transitions to include the BFD 282 events. This allows an operator to detect scenarios where an OSPF 283 adjacency may be stuck waiting for BFD session establishment. 285 In network deployments with noisy links or those with packet loss, 286 BFD sessions may flap frequently. In such scenarions, OSPF strict- 287 mode for BFD may be deployed in conjunction with an BFD dampening or 288 hold-down mechanism to help avoid frequent adjacency flaps due BFD 289 causing routing churn. 291 6. Backward Compatibility 293 An implementation MUST support OSPF adjacency formation and 294 operations with a neighbor router that does not advertise the BFD 295 strict-mode capability - both when that neighbor router does not 296 support BFD and when it does support BFD but not in the strict-mode 297 of operation as described in this document. Implementations MAY 298 provide an option to specifically enable BFD operations only in the 299 strict-mode in which case, OSPF adjacency with a neighbor that does 300 not support BFD strict-mode would not be established successfully. 301 Implementations MAY provide an option to disable BFD strict-mode 302 which results in the router not advertising the B-bit and BFD 303 operations being performed in the same way as before this 304 specification. 306 The signaling specified in this document happens at a link-local 307 level between routers on that link. A router which does not support 308 this specification would ignore the B-bit in the LLS block of hello 309 messages from its neighbors and continue to bootstrap BFD sessions, 310 if enabled, without holding back the OSPF adjacency formation. Since 311 the router which does not support this specification would not have 312 set the B-bit in the LLS block of its own hello messages, its 313 neighbor routers that support this specification would not use BFD 314 strict-mode with it. As a result, the behavior would be the same as 315 before this specification. Therefore, there are no backward 316 compatibility related issues or considerations that need to be taken 317 care of when implementing this specification. 319 7. IANA Considerations 321 This specification updates Link Local Signaling TLV Identifiers 322 registry. 324 Following values are requested for allocation: 326 o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit 327 position 0x00000010. 329 o TBD (Suggested value 21) - Local Interface IPv4 Address TLV 331 8. Security Considerations 333 The security considerations for "OSPF Link-Local Signaling" [RFC5613] 334 also apply to the extension described in this document. 335 Inappropriate use of the B-bit in the LLS block of an OSPF hello 336 message could prevent an OSPF adjacency from forming or lead to 337 failure to detect bidirectional forwarding failures. If 338 authentication is being used in the OSPF routing domain 339 [RFC5709][RFC7474], then the Cryptographic Authentication TLV 340 [RFC5613] SHOULD also be used to protect the contents of the LLS 341 block. 343 9. Acknowledgements 345 The authors would like to acknowledge the review and inputs from Acee 346 Lindem, Manish Gupta, Balaji Ganesh and Rajesh M. 348 The authors would like to acknowledge Dylan van Oudheusden for 349 highlighting the problems in using strict-mode for BFD session for 350 IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on 351 the approach to address it. 353 10. References 355 10.1. Normative References 357 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 358 Requirement Levels", BCP 14, RFC 2119, 359 DOI 10.17487/RFC2119, March 1997, 360 . 362 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 363 DOI 10.17487/RFC2328, April 1998, 364 . 366 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 367 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 368 . 370 [RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D. 371 Yeung, "OSPF Link-Local Signaling", RFC 5613, 372 DOI 10.17487/RFC5613, August 2009, 373 . 375 [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and 376 R. Aggarwal, "Support of Address Families in OSPFv3", 377 RFC 5838, DOI 10.17487/RFC5838, April 2010, 378 . 380 [RFC5882] Katz, D. and D. Ward, "Generic Application of 381 Bidirectional Forwarding Detection (BFD)", RFC 5882, 382 DOI 10.17487/RFC5882, June 2010, 383 . 385 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 386 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 387 May 2017, . 389 10.2. Informative References 391 [RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., 392 Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic 393 Authentication", RFC 5709, DOI 10.17487/RFC5709, October 394 2009, . 396 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 397 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 398 . 400 [RFC6213] Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV", 401 RFC 6213, DOI 10.17487/RFC6213, April 2011, 402 . 404 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., 405 "Security Extension for OSPFv2 When Using Manual Key 406 Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, 407 . 409 Authors' Addresses 411 Ketan Talaulikar 412 Cisco Systems, Inc. 413 India 415 Email: ketant@cisco.com 417 Peter Psenak 418 Cisco Systems, Inc. 419 Apollo Business Center 420 Mlynske nivy 43 421 Bratislava 821 09 422 Slovakia 424 Email: ppsenak@cisco.com 425 Albert Fu 426 Bloomberg 427 USA 429 Email: afu14@bloomberg.net 431 Rajesh M 432 Juniper Networks 433 India 435 Email: mrajesh@juniper.net