Link State Routing                                         K. Talaulikar
Internet-Draft                                                 P. Psenak
Intended status: Standards Track                     Cisco Systems, Inc.
Expires: September 25, 2021                                        A. Fu
                                                               Bloomberg
                                                               M. Rajesh
                                                        Juniper Networks
                                                          March 24, 2021


                        OSPF Strict-Mode for BFD
                 draft-ietf-lsr-ospf-bfd-strict-mode-03

Abstract

   This document specifies the extensions to OSPF that enable an OSPF
   router to signal the requirement for a Bidirectional Forwarding
   Detection (BFD) session prior to adjacency formation.  Link-Local
   Signaling (LLS) is used to advertise the requirement of strict-mode
   for BFD session establishment for OSPF adjacency.  If both OSPF
   neighbors advertise the strict-mode for BFD, adjacency formation will
   be blocked until a BFD session has been successfully established.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 25, 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of



Talaulikar, et al.     Expires September 25, 2021               [Page 1]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  LLS B-bit Flag  . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Local Interface IPv4 Address TLV  . . . . . . . . . . . . . .   4
   4.  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  OSPFv3 IPv4 Address-Family Specifics  . . . . . . . . . .   6
     4.2.  Graceful Restart Considerations . . . . . . . . . . . . .   6
   5.  Operations & Management Considerations  . . . . . . . . . . .   7
   6.  Backward Compatibility  . . . . . . . . . . . . . . . . . . .   7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   8
     10.2.  Informative References . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to
   monitor data-plane connectivity and to detect faults in the
   bidirectional path between them.  BFD is leveraged by routing
   protocols like OSPFv2 [RFC2328] and OSPFv3 [RFC5340] to detect
   connectivity failures for established adjacencies and trigger the
   rerouting of traffic around the failure faster than with OSPF hello
   packet monitoring.

   The use of BFD for monitoring routing protocols adjacencies is
   described in [RFC5882].  When BFD monitoring is enabled for OSPF
   adjacencies, the BFD session is bootstrapped based on the neighbor
   address information discovered by the exchange of OSPF Hello packets.
   Faults in the bidirectional forwarding detected via BFD then result
   in the OSPF adjacency being brought down.  Note that it is possible
   in some failure scenarios for the network to be in a state such that
   an OSPF adjacency can be established but a BFD session cannot be
   established and maintained.  In certain other scenarios, a degraded
   or poor quality link will allow OSPF adjacency formation to succeed
   but the BFD session establishment will fail or the BFD session will
   flap.  In this case, traffic that gets forwarded over such a link may



Talaulikar, et al.     Expires September 25, 2021               [Page 2]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   experience packet drops while the failure of the BFD session
   establishment would not enable fast routing convergence if the link
   were to go down or flap.

   To avoid the routing churn associated with these scenarios, it would
   be beneficial to not allow OSPF to establish an adjacency until a BFD
   session is successfully established and has stabilized.  However,
   this would preclude the OSPF operation in an environment in which not
   all OSPF routers support BFD and are enabled for BFD on the link.  A
   solution is to block OSPF adjacency establishment until a BFD session
   is established as long as both neighbors advertise such a
   requirement.  Such a mode of OSPF BFD usage is referred to as
   "strict-mode".

   This document specifies the OSPF protocol extensions using link-local
   signaling (LLS) [RFC5613] for a router to indicate to its neighbor
   the willingness to establish its adjacency using the strict-mode for
   BFD.  It also introduces an extension for OSPFv3 link-local signaling
   of the interface IPv4 address when used for an IPv4 address-family
   (AF) instance to enable discovery of the IPv4 addresses for BFD
   session setup.

   A similar functionality for IS-IS is specified [RFC6213].

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  LLS B-bit Flag

   This document defines the B-bit in the LLS Type 1 Extended Options
   and Flags field.  This bit is defined for the LLS block included in
   Hello and Database Description (DD) packets and indicates that BFD is
   enabled on the link and that the router requests strict-mode for BFD.
   Section 7 describes the position of the B-bit.

   A router MUST include the LLS block with the LLS Type 1 Extended
   Options and Flags TLV with the B-bit set in its Hello and DD packets
   when strict-mode for BFD is enabled on the link.








Talaulikar, et al.     Expires September 25, 2021               [Page 3]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


3.  Local Interface IPv4 Address TLV

   The Local Interface IPv4 Address TLV is an LLS TLV defined for OSPFv3
   IPv4 AF instance [RFC5838] protocol operation.  It has the following
   format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Type             |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Local Interface IPv4 Address                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   where:

      Type: 21

      Length: 4 octet

      Local Interface IPv4 Address: The primary IPv4 address of the
      local interface.

4.  Procedures

   A router supporting strict-mode for BFD advertises this capability
   through its Hello packets as described in Section 2.  When a router
   supporting strict-mode for BFD discovers a new neighbor router that
   also supports strict-mode for BFD, then it will establish a BFD
   session first with that neighbor before bringing up the OSPF
   adjacency as described further in this section.

   This document updates the OSPF neighbor state machine as described in
   [RFC2328].  Specifically, the operations related to the Init state as
   below when strict-mode for BFD is used:

   Init (without strict-mode for BFD)

      In this state, a Hello packet has recently been received from the
      neighbor.  However, bidirectional communication has not yet been
      established with the neighbor (i.e., the router itself did not
      appear in the neighbor's Hello packet).  All neighbors in this
      state (or higher) are listed in the Hello packets sent from the
      associated interface.

   Init (with strict-mode for BFD)





Talaulikar, et al.     Expires September 25, 2021               [Page 4]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


      In this state, a Hello packet has recently been received from the
      neighbor.  However, bidirectional communication has not yet been
      established with the neighbor (i.e., the router itself did not
      appear in the neighbor's Hello packet).  BFD session establishment
      with the neighbor is requested, if not already completed (e.g., in
      the event of transition from 2-way state).  Neighbors in Init
      state or higher will be listed in the Hello packets associated
      with the interface if they either have a corresponding BFD session
      established or have not advertised strict-mode for BFD in the
      Hello packet LLS Extended Options and Flags.

   Whenever the neighbor state transitions to Down state, the removal of
   the BFD session associated with that neighbor SHOULD be requested by
   OSPF and subsequent BFD session establishment SHOULD similarly be
   requested by OSPF upon transitioning into Init state.  This may
   result in the deletion and creation of the BFD session respectively
   when OSPF is the only client interested in the BFD session with the
   neighbor address.

   An implementation MUST NOT wait for BFD session establishment in Init
   state unless strict-mode for BFD is enabled on the router and the
   specific neighbor indicates strict-mode for BFD capability via its
   Hello LLS options.  When BFD is enabled, but the strict-mode for
   operation has not be signaled by both neighbors, then an
   implementation SHOULD start the BFD session establishment only in
   2-Way state or higher state.  This makes it possible for an OSPF
   router to support BFD operation in both strict-mode and normal mode
   across different interfaces or even different neighbors on the same
   multi-access interface.

   Once the OSPF state machine has moved beyond the Init state, any
   change in the B-bit advertised in subsequent Hello packets MUST NOT
   result in any trigger in either the OSPF adjacency or the BFD session
   management (i.e., the B-bit is considered only when in Init state).
   Disabling BFD (or strict-mode for BFD) on an OSPF router would result
   in it not setting the B-bit in its subsequent Hello LLS options.
   Disabling strict-mode for BFD has no effect on the BFD operations and
   would not result in bringing down of any established BFD session.
   Disabling BFD would result in the BFD session being brought down due
   to Admin reason [RFC5882] and hence would not bring down the OSPF
   adjacency.

   When BFD is enabled on an interface over which we already have an
   existing OSPF adjacency, it would result in the router setting the
   B-bit in its subsequent Hello packets.  If the adjacency is already
   up (i.e., in its terminal state of Full or 2-way with non-DR routers
   on a multi-access interface) with a neighbor that also supports
   strict-mode for BFD, then an implementation SHOULD NOT bring this



Talaulikar, et al.     Expires September 25, 2021               [Page 5]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   adjacency down but instead use the strict-mode for BFD operation
   after the next transition into Init state.  However, if the adjacency
   is not up, then an implementation MAY bring such an adjacency down so
   it can use the strict-mode for BFD for its adjacency establishment.

4.1.  OSPFv3 IPv4 Address-Family Specifics

   Multiple AF support in OSPFv3 [RFC5838] requires the use of an IPv6
   link-local address as the source address for Hello packets even when
   forming adjacencies for IPv4 AF instances.  In most deployments of
   OSPFv3 IPv4 AF, it is required that BFD is used to monitor and verify
   the IPv4 data plane connectivity between the routers on the link and,
   hence, the BFD session is setup using IPv4 neighbor addresses.  The
   IPv4 neighbor address on the interface is learned only later in the
   adjacency formation process when the neighbor's Link-LSA is received.
   This results in the setup of the BFD session either after the
   adjacency is established or later in the adjacency formation
   sequence.

   To enable operation in strict-mode for BFD, it is necessary for an
   OSPF router to learn its neighbor's IPv4 link address during the Init
   state of adjacency formation (ideally when it receives the first
   hello).  The use of the Local Interface IPv4 Address TLV (as defined
   in Section 3) in the LLS block of the OSPFv3 Hello packets for IPv4
   AF instances makes this possible.  Implementations that support
   strict-mode for BFD operation for OSPFv3 IPv4 AF instances MUST
   include the Local Interface IPv4 Address TLV in the LLS block of
   their Hello packets whenever the B-bit is also set in the LLS Options
   and Flags field.  A receiver MUST ignore the B-bit (i.e., not operate
   in BFD strict mode) when the Local Interface IPv4 Address TLV is not
   present in OSPFv3 Hello message for IPv4 AF OSPFv3 instances.

4.2.  Graceful Restart Considerations

   An implementation needs to handle scenarios where both graceful
   restart (GR) and the strict-mode for BFD operation are deployed
   together.  The GR aspects discussed in [RFC5882] also apply with
   strict-mode for BFD operation.  Additionally, in strict-mode for BFD
   operation, since the OSPF adjacency formation is delayed until the
   BFD session establishment, the resultant delay in adjacency formation
   may affect or break the GR-based recovery.  In such cases, it is
   RECOMMENDED that the GR timers are set such that they provide
   sufficient time to allow for normal BFD session establishment delays.








Talaulikar, et al.     Expires September 25, 2021               [Page 6]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


5.  Operations & Management Considerations

   An implementation SHOULD report the BFD session status along with the
   OSPF Init adjacency state when operating in strict-mode for BFD and
   perform logging operations on state transitions to include the BFD
   events.  This allows an operator to detect scenarios where an OSPF
   adjacency may be stuck waiting for BFD session establishment.

   In network deployments with noisy links or those with packet loss,
   BFD sessions may flap frequently.  In such scenarios, OSPF strict-
   mode for BFD may be deployed in conjunction with a BFD dampening or
   hold-down mechanism to avoid frequent adjacency flaps that cause
   routing churn.

6.  Backward Compatibility

   An implementation MUST support OSPF adjacency formation and
   operations with a neighbor router that does not advertise the strict-
   mode for BFD capability - both when that neighbor router does not
   support BFD and when it does support BFD but not in the strict-mode
   of operation as described in this document.  Implementations MAY
   provide an option to specifically enable BFD operation only in the
   strict-mode.  In this case, an OSPF adjacency with a neighbor that
   does not support strict-mode for BFD would not be established
   successfully.  Implementations MAY provide an option to disable
   strict-mode for BFD which results in the router not advertising the
   B-bit and BFD operation being performed in the same way as prior to
   this specification.

   The signaling specified in this document happens at a link-local
   level between routers on that link.  A router that does not support
   this specification would ignore the B-bit in the LLS block of Hello
   packets from its neighbors and continue to establish BFD sessions, if
   enabled, without delaying the OSPF adjacency formation.  Since the
   router that does not support this specification would not have set
   the B-bit in the LLS block of its own Hello packets, its neighbor
   routers that support this specification would not use strict-mode for
   BFD with such OSPF routers.  As a result, the behavior would be the
   same as before this specification.  Therefore, there are no backward
   compatibility issues or implementations considerations beyond what is
   specified herein.

7.  IANA Considerations

   This specification updates Link Local Signaling TLV Identifiers
   registry.

   Following values have been assigned via early allocation:



Talaulikar, et al.     Expires September 25, 2021               [Page 7]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit
   position 0x00000010.

   o Type 21 - Local Interface IPv4 Address TLV

8.  Security Considerations

   The security considerations for "OSPF Link-Local Signaling" [RFC5613]
   also apply to the extension described in this document.
   Inappropriate use of the B-bit in the LLS block of an OSPF hello
   message could prevent an OSPF adjacency from forming or lead to
   failure to detect bidirectional forwarding failures.  If
   authentication is being used in the OSPF routing domain
   [RFC5709][RFC7474], then the Cryptographic Authentication TLV
   [RFC5613] SHOULD also be used to protect the contents of the LLS
   block.

9.  Acknowledgements

   The authors would like to acknowledge the review and inputs from Acee
   Lindem, Manish Gupta and Balaji Ganesh.

   The authors would like to acknowledge Dylan van Oudheusden for
   highlighting the problems in using strict-mode for BFD session for
   IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on
   the approach to address it.

10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328,
              DOI 10.17487/RFC2328, April 1998,
              <https://www.rfc-editor.org/info/rfc2328>.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
              <https://www.rfc-editor.org/info/rfc5340>.

   [RFC5613]  Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D.
              Yeung, "OSPF Link-Local Signaling", RFC 5613,
              DOI 10.17487/RFC5613, August 2009,
              <https://www.rfc-editor.org/info/rfc5613>.



Talaulikar, et al.     Expires September 25, 2021               [Page 8]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   [RFC5838]  Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and
              R. Aggarwal, "Support of Address Families in OSPFv3",
              RFC 5838, DOI 10.17487/RFC5838, April 2010,
              <https://www.rfc-editor.org/info/rfc5838>.

   [RFC5882]  Katz, D. and D. Ward, "Generic Application of
              Bidirectional Forwarding Detection (BFD)", RFC 5882,
              DOI 10.17487/RFC5882, June 2010,
              <https://www.rfc-editor.org/info/rfc5882>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

10.2.  Informative References

   [RFC5709]  Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
              Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
              Authentication", RFC 5709, DOI 10.17487/RFC5709, October
              2009, <https://www.rfc-editor.org/info/rfc5709>.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
              (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
              <https://www.rfc-editor.org/info/rfc5880>.

   [RFC6213]  Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV",
              RFC 6213, DOI 10.17487/RFC6213, April 2011,
              <https://www.rfc-editor.org/info/rfc6213>.

   [RFC7474]  Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed.,
              "Security Extension for OSPFv2 When Using Manual Key
              Management", RFC 7474, DOI 10.17487/RFC7474, April 2015,
              <https://www.rfc-editor.org/info/rfc7474>.

Authors' Addresses

   Ketan Talaulikar
   Cisco Systems, Inc.
   India

   Email: ketant@cisco.com










Talaulikar, et al.     Expires September 25, 2021               [Page 9]


Internet-Draft          OSPF Strict-Mode for BFD              March 2021


   Peter Psenak
   Cisco Systems, Inc.
   Apollo Business Center
   Mlynske nivy 43
   Bratislava  821 09
   Slovakia

   Email: ppsenak@cisco.com


   Albert Fu
   Bloomberg
   USA

   Email: afu14@bloomberg.net


   Rajesh M
   Juniper Networks
   India

   Email: mrajesh@juniper.net





























Talaulikar, et al.     Expires September 25, 2021              [Page 10]