Advertising Node Administrative Tags in OSPF
RFC 7777
Document | Type | RFC - Proposed Standard (March 2016) | |
---|---|---|---|
Authors | Shraddha Hegde , Rob Shakir , Anton Smirnov , Zhenbin Li , Bruno Decraene | ||
Last updated | 2018-12-20 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Alia Atlas | |
Send notices to | (None) |
RFC 7777
---------------- / \ / \ / \ +------+ +----+ Access +----+ |eNodeB|---|CSG1| Ring 1 |ASG1|------------ +------+ +----+ +----+ \ \ / \ \ / +----+ +---+ \ +----+ |RSG1|----|RNC| -------------| | Aggregate +----+ +---+ |ASG2| Ring | -------------| | +----+ +---+ / +----+ |RSG2|----|RNC| / \ +----+ +---+ / \ / +------+ +----+ Access +----+ / |eNodeB|---|CSG2| Ring 2 |ASG3|----------- +------+ +----+ +----+ \ / \ / \ / ----------------- Figure 2: Mobile Backhaul Network A typical mobile backhaul network with access rings and aggregate links is shown in the figure above. The mobile backhaul networks deploy traffic engineering due to strict Service Level Agreements (SLAs). The TE paths may have additional constraints to avoid passing via different access rings or to get completely disjoint backup TE paths. The mobile backhaul networks towards the access side change frequently due to the growing mobile traffic and addition of new eNodeBs. It's complex to satisfy the requirements using cost, link color, or explicit path configurations. The node administrative tag defined in this document can be effectively used to solve the problem for mobile backhaul networks. The nodes in different rings can be assigned with specific tags. TE path computation can be enhanced to consider additional constraints based on node administrative tags. 3.5. Explicit Routing Policy A partially meshed network provides multiple paths between any two nodes in the network. In a data centre environment, the topology is usually highly symmetric with many/all paths having equal cost. In a long distance network, this is usually not the case, for a variety of reasons (e.g., historic, fibre availability constraints, different Hegde, et al. Standards Track [Page 9] RFC 7777 OSPF Node Admin Tags March 2016 distances between transit nodes, and different roles). Hence, between a given source and destination, a path is typically preferred over the others, while between the same source and another destination, a different path may be preferred. +----------------------+ +----------------+ | \ / | | +-----------------+ x +---------+ | | | \/ \/ | | | | +-T-10-T | | | | / | /| | | | | / 100 / | | | | | / | | 100 | | | | / +-+-+ | | | | | / / | | | | | | / / R-18-R | | | | 10 10 /\ /\ | | | | / / / \ / \ | | | | / / / x \ | | | | / / 10 10 \ \ | | | | / / / / 10 10 | | | | / / / / \ \ | | | | A-25-A A-25-A A-25-A | | | | | | \ \ / / | | | | | | 201 201 201 201 | | | | | | \ \ / / | | | | 201 201 \ x / | | | | | | \ / \ / | | | | | | \/ \/ | | | | I-24-I I-24-I 100 100 | | / / | | | | | +-+ / | +-----------+ | +---------+ +---------------------+ Figure 3: Explicit Routing topology In the above topology, an operator may want to enforce the following high-level explicit routing policies: o Traffic from A nodes to A nodes should preferably go through R or T nodes (rather than through I nodes); o Traffic from A nodes to I nodes must not go through R and T nodes. With node admin tags, tag A (resp. I, R, T) can be configured on all A (resp. I, R, T) nodes to advertise their role. The first policy is about preferring one path over another. Given the chosen metrics, it is achieved with regular SPF routing. The second policy is about Hegde, et al. Standards Track [Page 10] RFC 7777 OSPF Node Admin Tags March 2016 prohibiting (pruning) some paths. It requires an explicit routing policy. With the use of node tags, this may be achieved with a generic Constrained Shortest Path First (CSPF) policy configured on A nodes: for destination nodes, having the tag "A" runs a CSPF with the exclusion of nodes having the tag "I". 4. Security Considerations Node administrative tags may be used by operators to indicate geographical location or other sensitive information. As indicated in [RFC2328] and [RFC5340], OSPF authentication mechanisms do not provide confidentiality and the information carried in node administrative tags could be leaked to an IGP snooper. Confidentiality for the OSPF control packets can be achieved by either running OSPF on top of IP Security (IPsec) tunnels or by applying IPsec-based security mechanisms as described in [RFC4552]. Advertisement of tag values for one administrative domain into another risks misinterpretation of the tag values (if the two domains have assigned different meanings to the same values), which may have undesirable and unanticipated side effects. [RFC4593] and [RFC6863] discuss the generic threats to routing protocols and OSPF, respectively. These security threats are also applicable to the mechanisms described in this document. OSPF authentication described in [RFC2328] and [RFC5340] or extended authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD be used in deployments where attackers have access to the physical networks and nodes included in the OSPF domain are vulnerable. 5. Operational Considerations Operators can assign meaning to the node administrative tags, which are local to the operator's administrative domain. The operational use of node administrative tags is analogical to the IS-IS prefix tags [RFC5130] and BGP communities [RFC1997]. Operational discipline and procedures followed in configuring and using BGP communities and IS-IS prefix tags is also applicable to the usage of node administrative tags. Defining language for local policies is outside the scope of this document. As is the case of other policy applications, the pruning policies can cause the path to be completely removed from forwarding plane, and hence have the potential for more severe operational impact (e.g., node unreachability due to path removal) by comparison to preference policies that only affect path selection. Hegde, et al. Standards Track [Page 11] RFC 7777 OSPF Node Admin Tags March 2016 6. Manageability Considerations Node administrative tags are configured and managed using routing policy enhancements. The YANG data definition language is the latest model to describe and define configuration for network devices. The OSPF YANG data model is described in [OSPF-YANG] and the routing policy configuration model is described in [RTG-POLICY]. These two documents will be enhanced to include the configurations related to the node administrative tag. 7. IANA Considerations This specification updates the "OSPF Router Information (RI) TLVs" registry. IANA has registered the following value: Node Admin Tag TLV - 10 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, <http://www.rfc-editor.org/info/rfc2328>. [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, <http://www.rfc-editor.org/info/rfc5340>. [RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", RFC 7490, DOI 10.17487/RFC7490, April 2015, <http://www.rfc-editor.org/info/rfc7490>. [RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and S. Shaffer, "Extensions to OSPF for Advertising Optional Router Capabilities", RFC 7770, DOI 10.17487/RFC7770, February 2016, <http://www.rfc-editor.org/info/rfc7770>. Hegde, et al. Standards Track [Page 12] RFC 7777 OSPF Node Admin Tags March 2016 8.2. Informative References [LFA-MANAGE] Litkowski, S., Decraene, B., Filsfils, C., Raza, K., Horneffer, M., and P. Sarkar, "Operational management of Loop Free Alternates", Work in Progress, draft-ietf-rtgwg- lfa-manageability-11, June 2015. [OSPF-YANG] Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K. Koushik, "Yang Data Model for OSPF Protocol", Work in Progress, draft-ietf-ospf-yang-03, October 2015. [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, <http://www.rfc-editor.org/info/rfc1997>. [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, <http://www.rfc-editor.org/info/rfc4552>. [RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to Routing Protocols", RFC 4593, DOI 10.17487/RFC4593, October 2006, <http://www.rfc-editor.org/info/rfc4593>. [RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy Control Mechanism in IS-IS Using Administrative Tags", RFC 5130, DOI 10.17487/RFC5130, February 2008, <http://www.rfc-editor.org/info/rfc5130>. [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for IP Fast Reroute: Loop-Free Alternates", RFC 5286, DOI 10.17487/RFC5286, September 2008, <http://www.rfc-editor.org/info/rfc5286>. [RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6863, DOI 10.17487/RFC6863, March 2013, <http://www.rfc-editor.org/info/rfc6863>. [RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting Authentication Trailer for OSPFv3", RFC 7166, DOI 10.17487/RFC7166, March 2014, <http://www.rfc-editor.org/info/rfc7166>. Hegde, et al. Standards Track [Page 13] RFC 7777 OSPF Node Admin Tags March 2016 [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., "Security Extension for OSPFv2 When Using Manual Key Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, <http://www.rfc-editor.org/info/rfc7474>. [RTG-POLICY] Shaikh, A., Shakir, R., D'Souza, K., and C. Chase, "Routing Policy Configuration Model for Service Provider Networks", Work in Progress, draft-ietf-rtgwg-policy- model-00, September 2015. Contributors Thanks to Hannes Gredler for his substantial review, guidance, and editing of this document. Thanks to Harish Raguveer for his contributions to initial draft versions of this document. Acknowledgements Thanks to Bharath R, Pushpasis Sarakar, and Dhruv Dhody for useful input. Thanks to Chris Bowers for providing useful input to remove ambiguity related to tag ordering. Thanks to Les Ginsberg and Acee Lindem for the input. Thanks to David Black for careful review and valuable suggestions for the document, especially for the operations section. Hegde, et al. Standards Track [Page 14] RFC 7777 OSPF Node Admin Tags March 2016 Authors' Addresses Shraddha Hegde Juniper Networks, Inc. Embassy Business Park Bangalore, KA 560093 India Email: shraddha@juniper.net Rob Shakir Jive Communications, Inc. 1275 W 1600 N, Suite 100 Orem, UT 84057 United States Email: rjs@rob.sh Anton Smirnov Cisco Systems, Inc. De Kleetlaan 6a Diegem 1831 Belgium Email: as@cisco.com Li zhenbin Huawei Technologies Huawei Bld. No.156 Beiqing Rd Beijing 100095 China Email: lizhenbin@huawei.com Bruno Decraene Orange Email: bruno.decraene@orange.com Hegde, et al. Standards Track [Page 15]