Network Working Group Christian Martin INTERNET DRAFT Verzion Global Networks, Inc. Brad Neal Broadwing Communications Stefano Previdi May 2002 Cisco Systems A Policy Control Mechanism is IS-IS Using Administrative Tags 1. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 2. Abstract This document describes an extension to the IS-IS protocol to add operational capabilities that allow for ease of management and control over IP prefix distribution within an IS-IS domain. The IS- IS protocol is specified in [1], with extensions for supporting IPv4 specified in [2] and further enhancements for Traffic Engineering [4] in [3]. This document enhances the IS-IS protocol by extending the information that a Intermediate System (IS) [router] can place in Link State Protocol Data Units (LSPs) as specified in [2]. This Martin, Neal, Previdi [Page 1]^L INTERNET DRAFT May 2002 extension will provide operators with a mechanism to control IP prefix distribution throughout multi-level IS-IS domains. 3. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 4. Introduction As defined in [2] and extended in [3], the IS-IS protocol may be used to distribute IP prefix reachibility information throughout an IS-IS domain. The IP prefix information is encoded as TLV type 128 and 130 in [2],with additional information carried in TLV 135 as specified in [3]. In particular, the extended IP Reachabilty TLV (135) contains support for a larger metric space, an up/down bit to indicate redistribution between different levels in the hierarchy, an IP prefix, and one or more sub-TLVs that can be used to carry specific information about the prefix. As of this writing no sub-TLVs have been defined; however, this draft proposes a new sub-TLV that may be used to carry administrative information about an IP prefix. 5. Sub-TLV Additions This draft proposes a new "Administrative Tag" sub-TLV to be added to TLV 135. This TLV specifies one or more 32 bit unsigned integers that may be associated with an IP prefix. Example uses of this tag include controlling redistribution between levels and areas, different routing protocols, or multiple instances of IS-IS running on the same router. The methods for which their use is employed is beyond the scope of this document and left to the implementer and/or operator. The encoding of the sub-TLV is discussed in the following subsection. Martin, Neal, Previdi [Page 2]^L INTERNET DRAFT May 2002 5.1. Administrative Tag Sub-TLV 1 The Administrative Tag shall be encoded as one or more 4 octet unsigned integers using Sub-TLV 1 in TLV-135 [3]. The Administrative Tag Sub-TLV has following structure: 1 octet of type (value: 1) 1 octet of length (value: multiple of 4) one or more instances of 4 octets of administrative tag An implementation may consider only one of the encoded tags, in which case the first encoded tag must be considered. A tag value of zero is reserved and should be treated as "no tag". 6. A compliant IS-IS implementation: MUST be able to assign one tag to any IP prefix in TLV 135. MAY be able to assign more than one tag to any IP prefix in TLV 135. MAY be able to rewrite or remove one or more tags associated with a prefix in TLV 135. 7. Operation An administrator associates an Administrative Tag value with some interesting property. When IS-IS advertises reachability for some IP prefix that has that property, it adds the Administrative Tag to the IP reachability information TLV for that prefix, and the tag "sticks" to the prefix as it is flooded throughout the routing domian. Consider the network in figure 1. We wish to "leak" L1 prefixes [5] with some property, A, from L2 to the L1 router R1. Without policy- groups, there is no way for R2 to know property A prefixes from property B prefixes. R2--------R3--------R4 L2 / \ - - - /- - - - - - - - - - - - - - L1 / \ R1 R5----1.1.1.0/24 (A) | | 1.1.2.0/24 (B) Martin, Neal, Previdi [Page 3]^L INTERNET DRAFT May 2002 Figure 1 We associate Administrative Tag 100 with property A, and have R5 attach that value to the IP extended reachability information TLV for prefix 1.1.1.0/24. R2 has a policy in place to "match prefixes with Administrative Tag 100, and leak to L1." The previous example is rather simplistic; it seems that it would be just as easy for R2 simply to match the prefix 1.1.1.0/24. However, if there are a large number of routers that need to apply some policy according to property A and large number of "A" prefixes, this mechanism can be quite helpful. 8. Security Considerations This document raises no new security issues for IS-IS, as any annotations to IP prefixes should not pass outside the administrative control of the network operator of the IS-IS domain. Such an allowance would violate the spirit of Interior Gateway Protocols in general and IS-IS in particular. 9. IANA Considerations The authors have chosen "1" as the value of the Administrative Tag sub-TLV. This must be allocated by IANA. 10. Acknowledgments The authors would like to thank Henk Smit for clarifying the best place to describe this new information, Tony Li for useful comments on this draft, Danny McPherson for some much needed formatting assistance, and Mike Shand for useful discussions on encoding structure of the sub-TLV. Martin, Neal, Previdi [Page 4]^L INTERNET DRAFT May 2002 11. References [1] "Intermediate System to Intermediate System Intra-Domain Routeing Exchange Protocol for use in Conjunction with the Protocol for Providing the Connectionless-mode Network Service (ISO 8473)", ISO 10589. [2] Callon, R., RFC 1195, "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, December 1990. [3] Li, T., and Smit, H., "IS-IS extensions for Traffic Engineering", Internet Draft, "Work in Progress", September 2000. [4] Adwuche, D., Malcolm, J., Agogbua, M., O'Dell, M. and McManus, J., "Requirements for Traffic Engineering Over MPLS," RFC 2702, September 1999. [5] Li,T., Przygienda, T., Smit, H., "Domain-wide Prefix Distribution with Two-Level IS-IS" RFC 2966, October 2000 12. Authors' Address Christian Martin Verizon Global Networks, Inc. 1880 Campus Commons Dr Reston, VA 20191 USA Email: cmartin@gnilink.net Voice: 1 (703) 2954394 Fax: 1 (703) 2954279 Brad Neal Broadwing Communications 1835 Kramer Lane - Suite 100 Austin, TX 78758 USA Email: bneal@broadwing.com Voice: 1 (512) 7421310 Fax: 1 (512) 7421333 Stefano Previdi Cisco Systems, Inc. De Kleetlaan 6A 1831 Diegem - Belgium email: sprevidi@cisco.com Martin, Neal, Previdi [Page 5]^L