Open Shortest Path First IGP S. Hegde Internet-Draft Juniper Networks, Inc. Intended status: Standards Track R. Shakir Expires: April 11, 2016 Individual A. Smirnov Cisco Systems, Inc. Z. Li Huawei Technologies B. Decraene Orange October 9, 2015 Advertising per-node administrative tags in OSPF draft-ietf-ospf-node-admin-tag-07 Abstract This document describes an extension to OSPF protocol to add an optional operational capability, that allows tagging and grouping of the nodes in an OSPF domain. This allows simplification, ease of management and control over route and path selection based on configured policies. This document describes an extension to OSPF protocol to advertise per-node administrative tags. The node-tags can be used to express and apply locally-defined network policies which is a very useful operational capability. Node tags may be used either by OSPF itself or by other applications consuming information propagated via OSPF. This document describes the protocol extensions to disseminate per- node administrative-tags to the OSPFv2 and OSPFv3 protocol. It provides example use cases of administrative node tags. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Hegde, et al. Expires April 11, 2016 [Page 1] Internet-Draft OSPF node admin tags October 2015 Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 11, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3 3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3 3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4 4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6 4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 6 4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7 4.4. Mobile back-haul network service deployment . . . . . . . 8 4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Operational Considerations . . . . . . . . . . . . . . . . . 11 7. Manageability Considerations . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 11.2. Informative References . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 Hegde, et al. Expires April 11, 2016 [Page 2] Internet-Draft OSPF node admin tags October 2015 1. Introduction It is useful to assign a per-node administrative tag to a router in the OSPF domain and use it as an attribute associated with the node. The per-node administrative tag can be used in variety of applications, for ex: - Traffic-engineering applications to provide different path-selection criteria, - Prefer or prune certain paths in Loop Free Alternate (LFA) backup selection via local policies. This document provides mechanisms to advertise per-node administrative tags in OSPF for route and path selection. Route and path selection functionality applies to both to TE and non-TE applications and hence new TLV for carrying per-node administrative tags is included in Router Information LSA [RFC4970] . 2. Administrative Tag TLV An administrative Tag is a 32-bit integer value that can be used to identify a group of nodes in the OSPF domain. The new TLV defined will be carried within an RI LSA for OSPFV2 and OSPFV3. Router information LSA [RFC4970] can have link, area or AS level flooding scope. Choosing the flooding scope to flood the group tags are defined by the policies and is a local matter. The TLV specifies one or more administrative tag values. An OSPF node advertises the set of groups it is part of in the OSPF domain. (for example, all PE-nodes are configured with certain tag value, all P-nodes are configured with a different tag value in the domain). Multiple TLVs MAY be added in same RI-LSA or in a different instance of the RI LSA as defined in [I-D.acee-ospf-rfc4970bis]. 3. OSPF per-node administrative tag TLV 3.1. TLV format [RFC4970], defines Router Information (RI) LSA which may be used to advertise properties of the originating router. Payload of the RI LSA consists of one or more nested Type/Length/Value (TLV) triplets. Node administrative tags are advertised in the Node Administrative Tag TLV. The format of Node Administrative Tag TLV is: Hegde, et al. Expires April 11, 2016 [Page 3] Internet-Draft OSPF node admin tags October 2015 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: OSPF per-node Administrative Tag TLV Type : TBA, Suggested value 10 Length: A 16-bit field that indicates the length of the value portion in octets and will be a multiple of 4 octets dependent on the number of tags advertised. Value: A sequence of multiple 4 octets defining the administrative tags. At least one tag MUST be carried if this TLV is included in the RI-LSA. 3.2. Elements of procedure Meaning of the Node administrative tags is generally opaque to OSPF. Router advertising the per-node administrative tag (or tags) may be configured to do so without knowing (or even explicitly supporting) functionality implied by the tag. Interpretation of tag values is specific to the administrative domain of a particular network operator, and hence tag values SHOULD NOT be propagated outside the administrative domain to which they apply. The meaning of a per-node administrative tag is defined by the network local policy and is controlled via the configuration. If a receiving node does not understand the tag value or does not have a local policy corresponding to the tag, it ignores the specific tag and floods the RI LSA without any change as defined in [RFC4970]. The semantics of the tag order has no meaning. That is, there is no implied meaning to the ordering of the tags that indicates a certain operation or set of operations that need to be performed based on the ordering. Hegde, et al. Expires April 11, 2016 [Page 4] Internet-Draft OSPF node admin tags October 2015 Each tag MUST be treated as an independent identifier that MAY be used in policy to perform a policy action. Tags carried by the administrative tag TLV SHOULD be used to indicate independent characteristics of a node. The administrative tag list within the TLV MUST be considered an unordered list. Whilst policies may be implemented based on the presence of multiple tags (e.g., if tag A AND tag B are present), they MUST NOT be reliant upon the order of the tags (i.e., all policies should be considered commutative operations, such that tag A preceding or following tag B does not change their outcome). To avoid incomplete or inconsistent interpretations of the per-node administrative tags the same tag value MUST NOT be advertised by a router in RI LSAs of different scopes. The same tag MAY be advertised in multiple RI LSAs of the same scope, for example, OSPF Area Border Router (ABR) may advertise the same tag in area-scope RI LSAs in multiple areas connected to the ABR. The per-node administrative tags are not meant to be extended by the future OSPF standards. The new OSPF extensions MUST NOT require use of per-node administrative tags or define well-known tag values. Node administrative tags are for generic use and do not require IANA registry. The future OSPF extensions requiring well known values MAY define their own data signalling tailored to the needs of the feature or MAY use capability TLV as defined in [RFC4970]. Being part of the RI LSA, the per-node administrative tag TLV must be reasonably small and stable. In particular, but not limited to, implementations supporting the per-node administrative tags MUST NOT tie advertised tags to changes in the network topology (both within and outside the OSPF domain) or reachability of routes. Multiple node administrative tag TLVs MAY appear in an RI LSA or multiple node administrative tag TLVs MAY be contained in different instances of the RI LSA. The node administrative tags associated with a node that originates tags for the purpose of any computation or processing at a receiving node SHOULD be a superset of node administrative tags from all the TLVs in all the received RI LSA instances originated by that node.When an RI LSA is received that changes the set of tags applicable to any originating node, a receiving node MUST repeat any computation or processing that is based on those administrative tags. When there is a change or removal of an administrative affiliation of a node, the node MUST re-originate the RI LSA with the latest set of node administrative tags. On the receiver, When there is a change in the node administrative tag TLV or removal/ addition of a TLV in any instance of the RI-LSA, implementations MUST take appropriate Hegde, et al. Expires April 11, 2016 [Page 5] Internet-Draft OSPF node admin tags October 2015 measures to update its state according to the changed set of tags. Exact actions depend on features working with administrative tags and is outside of scope of this specification. 4. Applications This section lists several examples of how implementations might use the Node administrative tags. These examples are given only to demonstrate generic usefulness of the router tagging mechanism. Implementation supporting this specification is not required to implement any of the use cases. It is also worth noting that in some described use cases routers configured to advertise tags help other routers in their calculations but do not themselves implement the same functionality. 4.1. Service auto-discovery Router tagging may be used to automatically discover group of routers sharing a particular service. For example, service provider might desire to establish full mesh of MPLS TE tunnels between all PE routers in the area of MPLS VPN network. Marking all PE routers with a tag and configuring devices with a policy to create MPLS TE tunnels to all other devices advertising this tag will automate maintenance of the full mesh. When new PE router is added to the area, all other PE devices will open TE tunnels to it without the need of reconfiguring them. 4.2. Fast-Re-routing policy Increased deployment of Loop Free Alternates (LFA) as defined in [RFC5286] poses operation and management challenges. [I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when implemented, will ease LFA operation concerns. One of the proposed refinements is to be able to group the nodes in IGP domain with administrative tags and engineer the LFA based on configured policies. (a) Administrative limitation of LFA scope Service provider access infrastructure is frequently designed in layered approach with each layer of devices serving different purposes and thus having different hardware capabilities and configured software features. When LFA repair paths are being computed, it may be desirable to exclude devices from being considered as LFA candidates based on their layer. Hegde, et al. Expires April 11, 2016 [Page 6] Internet-Draft OSPF node admin tags October 2015 For example, if the access infrastructure is divided into the Access, Distribution and Core layers it may be desirable for a Distribution device to compute LFA only via Distribution or Core devices but not via Access devices. This may be due to features enabled on Access routers; due to capacity limitations or due to the security requirements. Managing such a policy via configuration of the router computing LFA is cumbersome and error prone. With the Node administrative tags it is possible to assign a tag to each layer and implement LFA policy of computing LFA repair paths only via neighbors which advertise the Core or Distribution tag. This requires minimal per-node configuration and network automatically adapts when new links or routers are added. (b) LFA calculation optimization Calculation of LFA paths may require significant resources of the router. One execution of Dijkstra algorithm is required for each neighbor eligible to become next hop of repair paths. Thus a router with a few hundreds of neighbors may need to execute the algorithm hundreds of times before the best (or even valid) repair path is found. Manually excluding from the calculation neighbors which are known to provide no valid LFA (such as single-connected routers) may significantly reduce number of Dijkstra algorithm runs. LFA calculation policy may be configured so that routers advertising certain tag value are excluded from LFA calculation even if they are otherwise suitable. 4.3. Controlling Remote LFA tunnel termination [RFC7490] defined a method of tunnelling traffic after connected link failure to extend the basic LFA coverage and algorithm to find tunnel tail-end routers fitting LFA requirement. In most cases proposed algorithm finds more than one candidate tail-end router. In real life network it may be desirable to exclude some nodes from the list of candidates based on the local policy. This may be either due to known limitations of the node (the router does not accept targeted LDP sessions required to implement Remote LFA tunnelling) or due to administrative requirements (for example, it may be desirable to choose tail-end router among co-located devices). The Node administrative tag delivers simple and scalable solution. Remote LFA can be configured with a policy to accept during the tail- end router calculation as candidates only routers advertising certain tag. Tagging routers allows to both exclude nodes not capable of Hegde, et al. Expires April 11, 2016 [Page 7] Internet-Draft OSPF node admin tags October 2015 serving as Remote LFA tunnel tail-ends and to define a region from which tail-end router must be selected. 4.4. Mobile back-haul network service deployment The topology of mobile back-haul network usually adopts ring topology to save fibre resource and it is divided into the aggregate network and the access network. Cell Site Gateways(CSGs) connects the eNodeBs and RNC(Radio Network Controller) Site Gateways(RSGs) connects the RNCs. The mobile traffic is transported from CSGs to RSGs. The network takes a typical aggregate traffic model that more than one access rings will attach to one pair of aggregate site gateways(ASGs) and more than one aggregate rings will attach to one pair of RSGs. ---------------- / \ / \ / \ +------+ +----+ Access +----+ |eNodeB|---|CSG1| Ring 1 |ASG1|------------ +------+ +----+ +----+ \ \ / \ \ / +----+ +---+ \ +----+ |RSG1|----|RNC| -------------| | Aggregate +----+ +---+ |ASG2| Ring | -------------| | +----+ +---+ / +----+ |RSG2|----|RNC| / \ +----+ +---+ / \ / +------+ +----+ Access +----+ / |eNodeB|---|CSG2| Ring 2 |ASG3|----------- +------+ +----+ +----+ \ / \ / \ / ----------------- Figure 2: Mobile Backhaul Network A typical mobile back-haul network with access rings and aggregate links is shown in figure above. The mobile back-haul networks deploy traffic engineering due to the strict Service Level Agreements(SLA). The TE paths may have additional constraints to avoid passing via different access rings or to get completely disjoint backup TE paths. The mobile back-haul networks towards the access side change Hegde, et al. Expires April 11, 2016 [Page 8] Internet-Draft OSPF node admin tags October 2015 frequently due to the growing mobile traffic and addition of new LTE Evolved NodeBs (eNodeB). It's complex to satisfy the requirements using cost, link color or explicit path configurations. The node administrative tag defined in this document can be effectively used to solve the problem for mobile back-haul networks. The nodes in different rings can be assigned with specific tags. TE path computation can be enhanced to consider additional constraints based on node administrative tags. 4.5. Explicit routing policy Partially meshed network provides multiple paths between any two nodes in the network. In a data centre environment, the topology is usually highly symmetric with many/all paths having equal cost. In a long distance network, this is usually less the case for a variety of reasons (e.g. historic, fibre availability constraints, different distances between transit nodes, different roles ...). Hence between a given source and destination, a path is typically preferred over the others, while between the same source and another destination, a different path may be preferred. Hegde, et al. Expires April 11, 2016 [Page 9] Internet-Draft OSPF node admin tags October 2015 +--------------------+ | | | +----------+ | | | | | +-T-10-T | | / | /| | | / 100 / | | | / | | 100 | | / +-+-+ | | | / / | | | | / / R-18-R | | 10 10 /\ /\ | | / / / \ / \ | | / | / x \ | | A-25-A 10 10 \ \ | | / / 10 10 | | / / \ \ | | A-25-A A-25-A | | \ \ / / | | 201 201 201 201 | | \ \ / / | | \ x / | | \ / \ / | | \/ \/ | | I-24-I 100 100 | | | | | +-----------+ | | | +---------------------+ Figure 3: Explicit Routing topology In the above topology, operator may want to enforce the following high level explicit routing policies: - Traffic from A nodes to A nodes should preferably go through R or T nodes (rather than through I nodes); - Traffic from A nodes to I nodes must not go through R and T nodes. With node admin tags, tag A (resp. I, R, T) can be configured on all A (resp. I, R, T) nodes to advertise their role. The first policy is about preferring one path over another. Given the chosen metrics, it is achieved with regular SPF routing. The second policy is about prohibiting (pruning) some paths. It requires an explicit routing policy. With the use of node tags, this may be achieved with a generic CSPF policy configured on A nodes: for destination nodes Hegde, et al. Expires April 11, 2016 [Page 10] Internet-Draft OSPF node admin tags October 2015 having the tag "A" runs a CSPF with the exclusion of nodes having the tag "I". 5. Security Considerations Node administrative tags may be used by operators to indicate geographical location or other sensitive information. As indicated in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not provide confidentiality and the information carried in node administrative tags could be leaked to an IGP snooper. Advertisement of tag values for one administrative domain into another risks misinterpretation of the tag values (if the two domains have assigned different meanings to the same values), which may have undesirable and unanticipated side effects. 6. Operational Considerations Operators can assign meaning to the node administrative tags which is local to the operator's administrative domain. The operational use of node administrative tags is analogical to the IS-IS prefix tags [RFC5130] and BGP communities [RFC1997]. Operational discipline and procedures followed in configuring and using BGP communities and ISIS Prefix tags is also applicable to the usage of node administrative tags. Defining language for local policies is outside the scope of this document. As in case of other policy applications, the pruning policies can cause the path to be completely removed from forwarding plane, and hence have the potential for more severe operational impact (e.g., node unreachability due to path removal) by comparison to preference policies that only affect path selection. 7. Manageability Considerations Node administrative tags are configured and managed using routing policy enhancements. YANG data definition language is the latest model to describe and define configuration for network devices. OSPF YANG data model is described in [I-D.ietf-ospf-yang] and routing policy configuration model is described in [I-D.ietf-rtgwg-policy-model]. These two documents will be enhanced to include the node administrative tag related configurations. 8. IANA Considerations This specification updates one OSPF registry: OSPF Router Information (RI) TLVs Registry Hegde, et al. Expires April 11, 2016 [Page 11] Internet-Draft OSPF node admin tags October 2015 i) Node Admin Tag TLV - Suggested value 10 ** RFC Editor**: Please replace above suggested value with the IANA- assigned value. 9. Contributors Thanks to Hannes Gredler for his substantial review,guidance and to the editing of this document. Thanks to Harish Raguveer for his contributions to initial versions of the draft. 10. Acknowledgements Thanks to Bharath R, Pushpasis Sarakar and Dhruv Dhody for useful inputs. Thanks to Chris Bowers for providing useful inputs to remove ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee Lindem for the inputs. Thanks to David Black for careful review and valuable suggestions for the document especially for the operations section. 11. References 11.1. Normative References [I-D.acee-ospf-rfc4970bis] Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S. Shaffer, "Extensions to OSPF for Advertising Optional Router Capabilities", draft-acee-ospf-rfc4970bis-00 (work in progress), July 2014. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, . [RFC4970] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and S. Shaffer, "Extensions to OSPF for Advertising Optional Router Capabilities", RFC 4970, DOI 10.17487/RFC4970, July 2007, . [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, . Hegde, et al. Expires April 11, 2016 [Page 12] Internet-Draft OSPF node admin tags October 2015 [RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", RFC 7490, DOI 10.17487/RFC7490, April 2015, . 11.2. Informative References [I-D.ietf-ospf-yang] Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K. Koushik, "Yang Data Model for OSPF Protocol", draft-ietf- ospf-yang-02 (work in progress), September 2015. [I-D.ietf-rtgwg-lfa-manageability] Litkowski, S., Decraene, B., Filsfils, C., Raza, K., Horneffer, M., and P. Sarkar, "Operational management of Loop Free Alternates", draft-ietf-rtgwg-lfa- manageability-11 (work in progress), June 2015. [I-D.ietf-rtgwg-policy-model] Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase, "Routing Policy Configuration Model for Service Provider Networks", draft-ietf-rtgwg-policy-model-00 (work in progress), September 2015. [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, . [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy Control Mechanism in IS-IS Using Administrative Tags", RFC 5130, DOI 10.17487/RFC5130, February 2008, . [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for IP Fast Reroute: Loop-Free Alternates", RFC 5286, DOI 10.17487/RFC5286, September 2008, . Authors' Addresses Shraddha Hegde Juniper Networks, Inc. Embassy Business Park Bangalore, KA 560093 India Email: shraddha@juniper.net Hegde, et al. Expires April 11, 2016 [Page 13] Internet-Draft OSPF node admin tags October 2015 Rob Shakir Individual Email: rjs@rob.sh Anton Smirnov Cisco Systems, Inc. De Kleetlaan 6a Diegem 1831 Belgium Email: as@cisco.com Li zhenbin Huawei Technologies Huawei Bld. No.156 Beiqing Rd Beijing 100095 China Email: lizhenbin@huawei.com Bruno Decraene Orange Email: bruno.decraene@orange.com Hegde, et al. Expires April 11, 2016 [Page 14]