Advertising Node Administrative Tags in OSPF
RFC 7777
| Document | Type | RFC - Proposed Standard (March 2016) | |
|---|---|---|---|
| Authors | Shraddha Hegde , Rob Shakir , Anton Smirnov , Zhenbin Li , Bruno Decraene | ||
| Last updated | 2018-12-20 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| IESG | Responsible AD | Alia Atlas | |
| Send notices to | (None) |
RFC 7777
----------------
/ \
/ \
/ \
+------+ +----+ Access +----+
|eNodeB|---|CSG1| Ring 1 |ASG1|------------
+------+ +----+ +----+ \
\ / \
\ / +----+ +---+
\ +----+ |RSG1|----|RNC|
-------------| | Aggregate +----+ +---+
|ASG2| Ring |
-------------| | +----+ +---+
/ +----+ |RSG2|----|RNC|
/ \ +----+ +---+
/ \ /
+------+ +----+ Access +----+ /
|eNodeB|---|CSG2| Ring 2 |ASG3|-----------
+------+ +----+ +----+
\ /
\ /
\ /
-----------------
Figure 2: Mobile Backhaul Network
A typical mobile backhaul network with access rings and aggregate
links is shown in the figure above. The mobile backhaul networks
deploy traffic engineering due to strict Service Level Agreements
(SLAs). The TE paths may have additional constraints to avoid
passing via different access rings or to get completely disjoint
backup TE paths. The mobile backhaul networks towards the access
side change frequently due to the growing mobile traffic and addition
of new eNodeBs. It's complex to satisfy the requirements using cost,
link color, or explicit path configurations. The node administrative
tag defined in this document can be effectively used to solve the
problem for mobile backhaul networks. The nodes in different rings
can be assigned with specific tags. TE path computation can be
enhanced to consider additional constraints based on node
administrative tags.
3.5. Explicit Routing Policy
A partially meshed network provides multiple paths between any two
nodes in the network. In a data centre environment, the topology is
usually highly symmetric with many/all paths having equal cost. In a
long distance network, this is usually not the case, for a variety of
reasons (e.g., historic, fibre availability constraints, different
Hegde, et al. Standards Track [Page 9]
RFC 7777 OSPF Node Admin Tags March 2016
distances between transit nodes, and different roles). Hence,
between a given source and destination, a path is typically preferred
over the others, while between the same source and another
destination, a different path may be preferred.
+----------------------+ +----------------+
| \ / |
| +-----------------+ x +---------+ |
| | \/ \/ | |
| | +-T-10-T | |
| | / | /| | |
| | / 100 / | | |
| | / | | 100 | |
| | / +-+-+ | | |
| | / / | | | |
| | / / R-18-R | |
| | 10 10 /\ /\ | |
| | / / / \ / \ | |
| | / / / x \ | |
| | / / 10 10 \ \ | |
| | / / / / 10 10 | |
| | / / / / \ \ | |
| | A-25-A A-25-A A-25-A | |
| | | | \ \ / / | |
| | | | 201 201 201 201 | |
| | | | \ \ / / | |
| | 201 201 \ x / | |
| | | | \ / \ / | |
| | | | \/ \/ | |
| | I-24-I I-24-I 100 100
| | / / | | | |
| +-+ / | +-----------+ |
+---------+ +---------------------+
Figure 3: Explicit Routing topology
In the above topology, an operator may want to enforce the following
high-level explicit routing policies:
o Traffic from A nodes to A nodes should preferably go through R or
T nodes (rather than through I nodes);
o Traffic from A nodes to I nodes must not go through R and T nodes.
With node admin tags, tag A (resp. I, R, T) can be configured on all
A (resp. I, R, T) nodes to advertise their role. The first policy
is about preferring one path over another. Given the chosen metrics,
it is achieved with regular SPF routing. The second policy is about
Hegde, et al. Standards Track [Page 10]
RFC 7777 OSPF Node Admin Tags March 2016
prohibiting (pruning) some paths. It requires an explicit routing
policy. With the use of node tags, this may be achieved with a
generic Constrained Shortest Path First (CSPF) policy configured on A
nodes: for destination nodes, having the tag "A" runs a CSPF with the
exclusion of nodes having the tag "I".
4. Security Considerations
Node administrative tags may be used by operators to indicate
geographical location or other sensitive information. As indicated
in [RFC2328] and [RFC5340], OSPF authentication mechanisms do not
provide confidentiality and the information carried in node
administrative tags could be leaked to an IGP snooper.
Confidentiality for the OSPF control packets can be achieved by
either running OSPF on top of IP Security (IPsec) tunnels or by
applying IPsec-based security mechanisms as described in [RFC4552].
Advertisement of tag values for one administrative domain into
another risks misinterpretation of the tag values (if the two domains
have assigned different meanings to the same values), which may have
undesirable and unanticipated side effects.
[RFC4593] and [RFC6863] discuss the generic threats to routing
protocols and OSPF, respectively. These security threats are also
applicable to the mechanisms described in this document. OSPF
authentication described in [RFC2328] and [RFC5340] or extended
authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD
be used in deployments where attackers have access to the physical
networks and nodes included in the OSPF domain are vulnerable.
5. Operational Considerations
Operators can assign meaning to the node administrative tags, which
are local to the operator's administrative domain. The operational
use of node administrative tags is analogical to the IS-IS prefix
tags [RFC5130] and BGP communities [RFC1997]. Operational discipline
and procedures followed in configuring and using BGP communities and
IS-IS prefix tags is also applicable to the usage of node
administrative tags.
Defining language for local policies is outside the scope of this
document. As is the case of other policy applications, the pruning
policies can cause the path to be completely removed from forwarding
plane, and hence have the potential for more severe operational
impact (e.g., node unreachability due to path removal) by comparison
to preference policies that only affect path selection.
Hegde, et al. Standards Track [Page 11]
RFC 7777 OSPF Node Admin Tags March 2016
6. Manageability Considerations
Node administrative tags are configured and managed using routing
policy enhancements. The YANG data definition language is the latest
model to describe and define configuration for network devices. The
OSPF YANG data model is described in [OSPF-YANG] and the routing
policy configuration model is described in [RTG-POLICY]. These two
documents will be enhanced to include the configurations related to
the node administrative tag.
7. IANA Considerations
This specification updates the "OSPF Router Information (RI) TLVs"
registry. IANA has registered the following value:
Node Admin Tag TLV - 10
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<http://www.rfc-editor.org/info/rfc2328>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<http://www.rfc-editor.org/info/rfc5340>.
[RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N.
So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)",
RFC 7490, DOI 10.17487/RFC7490, April 2015,
<http://www.rfc-editor.org/info/rfc7490>.
[RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and
S. Shaffer, "Extensions to OSPF for Advertising Optional
Router Capabilities", RFC 7770, DOI 10.17487/RFC7770,
February 2016, <http://www.rfc-editor.org/info/rfc7770>.
Hegde, et al. Standards Track [Page 12]
RFC 7777 OSPF Node Admin Tags March 2016
8.2. Informative References
[LFA-MANAGE]
Litkowski, S., Decraene, B., Filsfils, C., Raza, K.,
Horneffer, M., and P. Sarkar, "Operational management of
Loop Free Alternates", Work in Progress, draft-ietf-rtgwg-
lfa-manageability-11, June 2015.
[OSPF-YANG]
Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K.
Koushik, "Yang Data Model for OSPF Protocol", Work in
Progress, draft-ietf-ospf-yang-03, October 2015.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<http://www.rfc-editor.org/info/rfc1997>.
[RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality
for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006,
<http://www.rfc-editor.org/info/rfc4552>.
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to
Routing Protocols", RFC 4593, DOI 10.17487/RFC4593,
October 2006, <http://www.rfc-editor.org/info/rfc4593>.
[RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy
Control Mechanism in IS-IS Using Administrative Tags",
RFC 5130, DOI 10.17487/RFC5130, February 2008,
<http://www.rfc-editor.org/info/rfc5130>.
[RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for
IP Fast Reroute: Loop-Free Alternates", RFC 5286,
DOI 10.17487/RFC5286, September 2008,
<http://www.rfc-editor.org/info/rfc5286>.
[RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security
According to the Keying and Authentication for Routing
Protocols (KARP) Design Guide", RFC 6863,
DOI 10.17487/RFC6863, March 2013,
<http://www.rfc-editor.org/info/rfc6863>.
[RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting
Authentication Trailer for OSPFv3", RFC 7166,
DOI 10.17487/RFC7166, March 2014,
<http://www.rfc-editor.org/info/rfc7166>.
Hegde, et al. Standards Track [Page 13]
RFC 7777 OSPF Node Admin Tags March 2016
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed.,
"Security Extension for OSPFv2 When Using Manual Key
Management", RFC 7474, DOI 10.17487/RFC7474, April 2015,
<http://www.rfc-editor.org/info/rfc7474>.
[RTG-POLICY]
Shaikh, A., Shakir, R., D'Souza, K., and C. Chase,
"Routing Policy Configuration Model for Service Provider
Networks", Work in Progress, draft-ietf-rtgwg-policy-
model-00, September 2015.
Contributors
Thanks to Hannes Gredler for his substantial review, guidance, and
editing of this document. Thanks to Harish Raguveer for his
contributions to initial draft versions of this document.
Acknowledgements
Thanks to Bharath R, Pushpasis Sarakar, and Dhruv Dhody for useful
input. Thanks to Chris Bowers for providing useful input to remove
ambiguity related to tag ordering. Thanks to Les Ginsberg and Acee
Lindem for the input. Thanks to David Black for careful review and
valuable suggestions for the document, especially for the operations
section.
Hegde, et al. Standards Track [Page 14]
RFC 7777 OSPF Node Admin Tags March 2016
Authors' Addresses
Shraddha Hegde
Juniper Networks, Inc.
Embassy Business Park
Bangalore, KA 560093
India
Email: shraddha@juniper.net
Rob Shakir
Jive Communications, Inc.
1275 W 1600 N, Suite 100
Orem, UT 84057
United States
Email: rjs@rob.sh
Anton Smirnov
Cisco Systems, Inc.
De Kleetlaan 6a
Diegem 1831
Belgium
Email: as@cisco.com
Li zhenbin
Huawei Technologies
Huawei Bld. No.156 Beiqing Rd
Beijing 100095
China
Email: lizhenbin@huawei.com
Bruno Decraene
Orange
Email: bruno.decraene@orange.com
Hegde, et al. Standards Track [Page 15]