Open Shortest Path First IGP                                    S. Hegde
Internet-Draft                                    Juniper Networks, Inc.
Intended status: Standards Track                               R. Shakir
Expires: April 18, 2016                                       Individual
                                                              A. Smirnov
                                                     Cisco Systems, Inc.
                                                                   Z. Li
                                                     Huawei Technologies
                                                             B. Decraene
                                                                  Orange
                                                        October 16, 2015


            Advertising per-node administrative tags in OSPF
                   draft-ietf-ospf-node-admin-tag-08

Abstract

   This document describes an extension to the OSPF protocol to add an
   optional operational capability, that allows tagging and grouping of
   the nodes in an OSPF domain.  This allows simplification, ease of
   management and control over route and path selection based on
   configured policies.  This document describes an extension to the
   OSPF protocol to advertise per-node administrative tags.  The node-
   tags can be used to express and apply locally-defined network
   policies which is a very useful operational capability.  Node tags
   may be used either by OSPF itself or by other applications consuming
   information propagated via OSPF.

   This document describes the protocol extensions to disseminate per-
   node administrative tags to the OSPFv2 and OSPFv3 protocol.  It
   provides example use cases of administrative node tags.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.



Hegde, et al.            Expires April 18, 2016                 [Page 1]


Internet-Draft            OSPF node admin tags              October 2015


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 18, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Administrative Tag TLV  . . . . . . . . . . . . . . . . . . .   3
   3.  OSPF per-node administrative tag TLV  . . . . . . . . . . . .   3
     3.1.  TLV format  . . . . . . . . . . . . . . . . . . . . . . .   3
     3.2.  Elements of procedure . . . . . . . . . . . . . . . . . .   4
       3.2.1.  Interpretation of Node Administrative Tags  . . . . .   4
       3.2.2.  Use of Node Administrative Tags . . . . . . . . . . .   5
       3.2.3.  Processing Node Administrative Tag changes  . . . . .   6
   4.  Applications  . . . . . . . . . . . . . . . . . . . . . . . .   6
     4.1.  Service auto-discovery  . . . . . . . . . . . . . . . . .   6
     4.2.  Fast-Re-routing policy  . . . . . . . . . . . . . . . . .   7
     4.3.  Controlling Remote LFA tunnel termination . . . . . . . .   8
     4.4.  Mobile back-haul network service deployment . . . . . . .   8
     4.5.  Explicit routing policy . . . . . . . . . . . . . . . . .   9
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   6.  Operational Considerations  . . . . . . . . . . . . . . . . .  11
   7.  Manageability Considerations  . . . . . . . . . . . . . . . .  12
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   9.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  12
   10. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  12
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     11.2.  Informative References . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  14



Hegde, et al.            Expires April 18, 2016                 [Page 2]


Internet-Draft            OSPF node admin tags              October 2015


1.  Introduction

   It is useful to assign a per-node administrative tag to a router in
   the OSPF domain and use it as an attribute associated with the node.
   The per-node administrative tag can be used in variety of
   applications, for example:

   (a)  Traffic-engineering applications to provide different path-
       selection criteria.

   (b)  Prefer or prune certain paths in Loop Free Alternate (LFA)
       backup selection via local policies as defined in
       [I-D.ietf-rtgwg-lfa-manageability].

   This document provides mechanisms to advertise per-node
   administrative tags in OSPF for route and path selection.  Route and
   path selection functionality applies to both to TE and non Traffic
   Engineering (TE) applications and hence new TLV for carrying per-node
   administrative tags is included in Router Information (RI) Link State
   Advertisement (LSA) [I-D.ietf-ospf-rfc4970bis].

2.  Administrative Tag TLV

   An administrative Tag is a 32-bit integer value that can be used to
   identify a group of nodes in the OSPF domain.

   The new TLV defined will be carried within an RI LSA for OSPFV2 and
   OSPFV3.  Router information (RI)LSA [I-D.ietf-ospf-rfc4970bis] can
   have link-, area- or Autonomous Sytem (AS) level flooding scope.  The
   choice of what scope at which to flood the group tags is a matter of
   local policy.It is expected that node administrative tag values will
   not be portable across administrative domains.

   The TLV specifies one or more administrative tag values.  An OSPF
   node advertises the set of groups it is part of in the OSPF domain
   (for example, all PE-nodes are configured with certain tag value, all
   P-nodes are configured with a different tag value in the domain).
   Multiple TLVs MAY be added in same RI-LSA or in a different instance
   of the RI LSA as defined in [I-D.ietf-ospf-rfc4970bis].

3.  OSPF per-node administrative tag TLV

3.1.  TLV format

   [I-D.ietf-ospf-rfc4970bis], defines Router Information (RI) LSA which
   may be used to advertise properties of the originating router.  The
   payload of the RI LSA consists of one or more nested Type/Length/
   Value (TLV) triplets.  Node administrative tags are advertised in the



Hegde, et al.            Expires April 18, 2016                 [Page 3]


Internet-Draft            OSPF node admin tags              October 2015


   Node Administrative Tag TLV.  The format of the Node Administrative
   Tag TLV is:



   0               1             2             3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type                          | Length                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Administrative Tag #1                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Administrative Tag #2                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   //                                                             //
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  Administrative Tag #N                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 1: OSPF per-node Administrative Tag TLV


   Type : TBA, Suggested value 10

   Length: A 16-bit field that indicates the length of the value portion
   in octets and will be a multiple of 4 octets dependent on the number
   of tags advertised.

   Value: A sequence of multiple four octets defining the administrative
   tags.  At least one tag MUST be carried if this TLV is included in
   the RI-LSA.

3.2.  Elements of procedure

3.2.1.  Interpretation of Node Administrative Tags

   The meaning of the Node administrative tags is generally opaque to
   OSPF.  Routers advertising the per-node administrative tag (or tags)
   may be configured to do so without knowing (or even without
   supporting processing of) the functionality implied by the tag.  This
   section describes general rules/ regulations and guidelines for using
   and interpreting an administrative tag which will facilitate
   interoperable implementations by vendors.

   Interpretation of tag values is specific to the administrative domain
   of a particular network operator, and hence tag values SHOULD NOT be
   propagated outside the administrative domain to which they apply.
   The meaning of a per-node administrative tag is defined by the



Hegde, et al.            Expires April 18, 2016                 [Page 4]


Internet-Draft            OSPF node admin tags              October 2015


   network local policy and is controlled via the configuration.  If a
   receiving node does not understand the tag value or does not have a
   local policy corresponding to the tag, it ignores the specific tag
   and floods the RI LSA without any change as defined in
   [I-D.ietf-ospf-rfc4970bis].

   The semantics of the tag order has no meaning.  That is, there is no
   implied meaning to the ordering of the tags that indicates a certain
   operation or set of operations that need to be performed based on the
   ordering.

   Each tag must be treated as an independent identifier that may be
   used in policy to perform a policy action.  Each tag carried by the
   administrative tag TLV should be used to indicate a characteristic of
   a node that is independent of the characteristics indicated by other
   administrative tags.  The administrative tag list within the TLV MUST
   be considered an unordered list.  Whilst policies may be implemented
   based on the presence of multiple tags (e.g., if tag A AND tag B are
   present), they MUST NOT be reliant upon the order of the tags (i.e.,
   all policies should be considered commutative operations, such that
   tag A preceding or following tag B does not change their outcome).

   To avoid incomplete or inconsistent interpretations of the per-node
   administrative tags the same tag value MUST NOT be advertised by a
   router in RI LSAs of different scopes.  The same tag MAY be
   advertised in multiple RI LSAs of the same scope, for example, OSPF
   Area Border Router (ABR) may advertise the same tag in area-scope RI
   LSAs in multiple areas connected to the ABR.  If a node
   administrative tag is received in different scopes, the conflicting
   tag SHOULD not be used and this situation SHOULD be logged as an
   error including the tag with conflicting scopes and the
   originator(s).  An ABR in a stub or NSSA area MAY originate AS scoped
   RI LSAs and flood them into non-stub/NSSA areas and MAY originate
   area scoped RI LSAs into the stub/NSSA areas as the AS scoped LSAs
   are not flooded into stub/NSSA areas.

3.2.2.  Use of Node Administrative Tags

   The per-node administrative tags are not meant to be extended by
   future OSPF standards.  New OSPF extensions are not expected to
   require use of per-node administrative tags or define well-known tag
   values.  Node administrative tags are for generic use and do not
   require IANA registry.  Future OSPF extensions requiring well known
   values MAY define their own data signalling tailored to the needs of
   the feature or MAY use the capability TLV as defined in
   [I-D.ietf-ospf-rfc4970bis].





Hegde, et al.            Expires April 18, 2016                 [Page 5]


Internet-Draft            OSPF node admin tags              October 2015


   Being part of the RI LSA, the per-node administrative tag TLV must be
   reasonably small and stable.  In particular, implementations
   supporting per-node administrative tags MUST NOT be used to convey
   attributes of the routing topology or associate tags with changes in
   the network topology (both within and outside the OSPF domain) or
   reachability of routes.

3.2.3.  Processing Node Administrative Tag changes

   Multiple node administrative tag TLVs MAY appear in an RI LSA or
   multiple node administrative tag TLVs MAY be contained in different
   instances of the RI LSA.  The node administrative tags associated
   with a node that originates tags for the purpose of any computation
   or processing at a receiving node SHOULD be a superset of node
   administrative tags from all the TLVs in all the received RI LSA
   instances in the Link-State Database (LSDB) advertised by the
   corresponding OSPF router.  When an RI LSA is received that changes
   the set of tags applicable to any originating node, which has
   features depending on node administrative tags , a receiving node
   MUST repeat any computation or processing that is based on those
   administrative tags.

   When there is a change or removal of an administrative affiliation of
   a node, the node MUST re-originate the RI LSA with the latest set of
   node administrative tags.  On the receiver, When there is a change in
   the node administrative tag TLV or removal/ addition of a TLV in any
   instance of the RI-LSA, implementations MUST take appropriate
   measures to update their state according to the changed set of tags.
   The exact actions needed depend on features working with
   administrative tags and is outside of scope of this specification.

4.  Applications

   This section lists several examples of how implementations might use
   the per-node administrative tags.  These examples are given only to
   demonstrate the generic usefulness of the router tagging mechanism.
   Implementations supporting this specification are not required to
   implement any of these use cases.  It is also worth noting that in
   some described use cases routers configured to advertise tags help
   other routers in their calculations but do not themselves implement
   the same functionality.

4.1.  Service auto-discovery

   Router tagging may be used to automatically discover a group of
   routers sharing a particular service.





Hegde, et al.            Expires April 18, 2016                 [Page 6]


Internet-Draft            OSPF node admin tags              October 2015


   For example, a service provider might desire to establish a full mesh
   of MPLS TE tunnels between all PE routers in the area of the MPLS VPN
   network.  Marking all PE routers with a tag and configuring devices
   with a policy to create MPLS TE tunnels to all other devices
   advertising this tag will automate maintenance of the full mesh.
   When new PE router is added to the area, all other PE devices will
   open TE tunnels to it without the need of reconfiguring them.

4.2.  Fast-Re-routing policy

   Increased deployment of Loop Free Alternates (LFA) as defined in
   [RFC5286] poses operation and management challenges.
   [I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when
   implemented, will ease LFA operation concerns.

   One of the proposed refinements is to be able to group the nodes in
   an IGP domain with administrative tags and engineer the LFA based on
   configured policies.

   (a)  Administrative limitation of LFA scope

       Service provider access infrastructure is frequently designed in
       a layered approach with each layer of devices serving different
       purposes and thus having different hardware capabilities and
       configured software features.  When LFA repair paths are being
       computed, it may be desirable to exclude devices from being
       considered as LFA candidates based on their layer.

       For example, if the access infrastructure is divided into the
       Access, Distribution and Core layers it may be desirable for a
       Distribution device to compute LFA only via Distribution or Core
       devices but not via Access devices.  This may be due to features
       enabled on Access routers, due to capacity limitations or due to
       the security requirements.  Managing such a policy via
       configuration of the router computing LFA is cumbersome and error
       prone.

       With the Node administrative tags it is possible to assign a tag
       to each layer and implement LFA policy of computing LFA repair
       paths only via neighbors which advertise the Core or Distribution
       tag.  This requires minimal per-node configuration and the
       network automatically adapts when new links or routers are added.

   (b)  LFA calculation optimization

       Calculation of LFA paths may require significant resources of the
       router.  One execution of Dijkstra's algorithm is required for
       each neighbor eligible to become the next hop of repair paths.



Hegde, et al.            Expires April 18, 2016                 [Page 7]


Internet-Draft            OSPF node admin tags              October 2015


       Thus, a router with a few hundreds of neighbors may need to
       execute the algorithm hundreds of times before the best (or even
       valid) repair path is found.  Manually excluding from the
       calculation neighbors that are known to provide no valid LFA
       (such as single-connected routers) may significantly reduce
       number of Dijkstra algorithm runs.

       LFA calculation policy may be configured so that routers
       advertising certain tag value are excluded from LFA calculation
       even if they are otherwise suitable.

4.3.  Controlling Remote LFA tunnel termination

   [RFC7490] defined a method of tunnelling traffic after connected link
   failure to extend the basic LFA coverage and an algorithm to find
   tunnel tail-end routers fitting LFA requirement.  In most cases the
   proposed algorithm finds more than one candidate tail-end router.  In
   real-life network it may be desirable to exclude some nodes from the
   list of candidates based on the local policy.  This may be either due
   to known limitations of the node (the router does not accept the
   targeted LDP sessions required to implement Remote LFA tunnelling) or
   due to administrative requirements (for example, it may be desirable
   to choose the tail-end router among co-located devices).

   The Node administrative tag delivers a simple and scalable solution.
   Remote LFA can be configured with a policy to accept during the tail-
   end router calculation as candidates only routers advertising a
   certain tag.  Tagging routers allows to both exclude nodes not
   capable of serving as Remote LFA tunnel tail-ends and to define a
   region from which tail-end router must be selected.

4.4.  Mobile back-haul network service deployment

   Mobile back-haul networks usually adopt a ring topology to save fibre
   resources; it is usually divided into the aggregate network and the
   access network.  Cell Site Gateways(CSGs) connects the eNodeBs and
   RNC(Radio Network Controller) Site Gateways(RSGs) connects the RNCs.
   The mobile traffic is transported from CSGs to RSGs.  The network
   takes a typical aggregate traffic model that more than one access
   rings will attach to one pair of aggregate site gateways(ASGs) and
   more than one aggregate rings will attach to one pair of RSGs.










Hegde, et al.            Expires April 18, 2016                 [Page 8]


Internet-Draft            OSPF node admin tags              October 2015


                     ----------------
                    /                \
                   /                  \
                  /                    \
     +------+   +----+    Access     +----+
     |eNodeB|---|CSG1|    Ring 1     |ASG1|------------
     +------+   +----+               +----+            \
                  \                    /                \
                   \                  /                  +----+    +---+
                    \             +----+                 |RSG1|----|RNC|
                     -------------|    |    Aggregate    +----+    +---+
                                  |ASG2|      Ring         |
                     -------------|    |                 +----+    +---+
                    /             +----+                 |RSG2|----|RNC|
                   /                  \                  +----+    +---+
                  /                    \                /
     +------+   +----+     Access     +----+           /
     |eNodeB|---|CSG2|     Ring 2     |ASG3|-----------
     +------+   +----+                +----+
                 \                     /
                  \                   /
                   \                 /
                    -----------------

                     Figure 2: Mobile Backhaul Network

   A typical mobile back-haul network with access rings and aggregate
   links is shown in figure above.  The mobile back-haul networks deploy
   traffic engineering due to strict Service Level Agreements(SLA).  The
   Traffic Engineering(TE) paths may have additional constraints to
   avoid passing via different access rings or to get completely
   disjoint backup TE paths.  The mobile back-haul networks towards the
   access side change frequently due to the growing mobile traffic and
   addition of new LTE Evolved NodeBs (eNodeB).  It's complex to satisfy
   the requirements using cost, link color or explicit path
   configurations.  The node administrative tag defined in this document
   can be effectively used to solve the problem for mobile back-haul
   networks.  The nodes in different rings can be assigned with specific
   tags.  TE path computation can be enhanced to consider additional
   constraints based on node administrative tags.

4.5.  Explicit routing policy

   A partially meshed network provides multiple paths between any two
   nodes in the network.  In a data centre environment, the topology is
   usually highly symmetric with many/all paths having equal cost.  In a
   long distance network, this is usually less the case, for a variety
   of reasons (e.g. historic, fibre availability constraints, different



Hegde, et al.            Expires April 18, 2016                 [Page 9]


Internet-Draft            OSPF node admin tags              October 2015


   distances between transit nodes, different roles ...).  Hence between
   a given source and destination, a path is typically preferred over
   the others, while between the same source and another destination, a
   different path may be preferred.



        +----------------------+   +----------------+
            |                       \ /                 |
        |   +-----------------+  x   +---------+    |
        |   |                  \/  \/          |    |
        |   |                +-T-10-T          |    |
        |   |               /  |   /|          |    |
        |   |              /  100 / |          |    |
        |   |             /    | | 100         |    |
        |   |            /   +-+-+  |          |    |
        |   |           /   /  |    |          |    |
        |   |          /   /   R-18-R          |    |
        |   |        10   10  /\   /\          |    |
        |   |        /   /   /  \ /  \         |    |
        |   |       /   /   /    x    \        |    |
        |   |      /   /   10  10 \    \       |    |
        |   |     /   /   /    /   10   10     |    |
        |   |    /   /   /    /     \    \     |    |
        |   |   A-25-A  A-25-A       A-25-A    |    |
        |   |   |    |   \    \     /    /     |    |
        |   |   |    |   201  201  201 201     |    |
        |   |   |    |     \    \ /    /       |    |
        |   |  201  201     \    x    /        |    |
        |   |   |    |       \  / \  /         |    |
        |   |   |    |        \/   \/          |    |
        |   |   I-24-I        I-24-I          100  100
        |   |  /    /         |    |           |    |
        |   +-+    /          |    +-----------+    |
        +---------+           +---------------------+

                    Figure 3: Explicit Routing topology

   In the above topology, operator may want to enforce the following
   high level explicit routing policies:

      - Traffic from A nodes to A nodes should preferably go through R
      or T nodes (rather than through I nodes);

      - Traffic from A nodes to I nodes must not go through R and T
      nodes.





Hegde, et al.            Expires April 18, 2016                [Page 10]


Internet-Draft            OSPF node admin tags              October 2015


   With node admin tags, tag A (resp.  I, R, T) can be configured on all
   A (resp.  I, R, T) nodes to advertise their role.  The first policy
   is about preferring one path over another.  Given the chosen metrics,
   it is achieved with regular SPF routing.  The second policy is about
   prohibiting (pruning) some paths.  It requires an explicit routing
   policy.  With the use of node tags, this may be achieved with a
   generic CSPF policy configured on A nodes: for destination nodes
   having the tag "A" runs a CSPF with the exclusion of nodes having the
   tag "I".

5.  Security Considerations

   Node administrative tags may be used by operators to indicate
   geographical location or other sensitive information.  As indicated
   in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not
   provide confidentiality and the information carried in node
   administrative tags could be leaked to an IGP snooper.
   Confidentiality for the OSPF control packets can be achieved by
   either running OSPF on top of IP Security (IPSEC) tunnels or by
   applying IPSEC based security mechanisms as described in [RFC4552].

   Advertisement of tag values for one administrative domain into
   another risks misinterpretation of the tag values (if the two domains
   have assigned different meanings to the same values), which may have
   undesirable and unanticipated side effects.

   [RFC4593] and [RFC6863]  discuss the generic threats to routing
   protocols and OSPF respectively.  These security threats are also
   applicable to the mechanisms described in this document.OSPF
   authentication described in [RFC2328] and [RFC5340] or extended
   authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD
   be used in deployments where attackers have access to the physical
   networks and nodes included in the OSPF domain are vulnerable.

6.  Operational Considerations

   Operators can assign meaning to the node administrative tags which is
   local to the operator's administrative domain.  The operational use
   of node administrative tags is analogical to the IS-IS prefix tags
   [RFC5130] and BGP communities [RFC1997].  Operational discipline and
   procedures followed in configuring and using BGP communities and ISIS
   Prefix tags is also applicable to the usage of node administrative
   tags.

   Defining language for local policies is outside the scope of this
   document.  As in case of other policy applications, the pruning
   policies can cause the path to be completely removed from forwarding
   plane, and hence have the potential for more severe operational



Hegde, et al.            Expires April 18, 2016                [Page 11]


Internet-Draft            OSPF node admin tags              October 2015


   impact (e.g., node unreachability due to path removal) by comparison
   to preference policies that only affect path selection.

7.  Manageability Considerations

   Node administrative tags are configured and managed using routing
   policy enhancements.  YANG data definition language is the latest
   model to describe and define configuration for network devices.  OSPF
   YANG data model is described in [I-D.ietf-ospf-yang] and routing
   policy configuration model is described in
   [I-D.ietf-rtgwg-policy-model].  These two documents will be enhanced
   to include the node administrative tag related configurations.

8.  IANA Considerations

   This specification updates one OSPF registry: OSPF Router Information
   (RI) TLVs Registry

   i) Node Admin Tag TLV - Suggested value 10

   ** RFC Editor**: Please replace above suggested value with the IANA-
   assigned value.

9.  Contributors

   Thanks to Hannes Gredler for his substantial review,guidance and to
   the editing of this document.  Thanks to Harish Raguveer for his
   contributions to initial versions of the draft.

10.  Acknowledgements

   Thanks to Bharath R, Pushpasis Sarakar and Dhruv Dhody for useful
   inputs.  Thanks to Chris Bowers for providing useful inputs to remove
   ambiguity related to tag-ordering.  Thanks to Les Ginsberg and Acee
   Lindem for the inputs.  Thanks to David Black for careful review and
   valuable suggestions for the document especially for the operations
   section.

11.  References

11.1.  Normative References

   [I-D.ietf-ospf-rfc4970bis]
              Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S.
              Shaffer, "Extensions to OSPF for Advertising Optional
              Router Capabilities", draft-ietf-ospf-rfc4970bis-07 (work
              in progress), October 2015.




Hegde, et al.            Expires April 18, 2016                [Page 12]


Internet-Draft            OSPF node admin tags              October 2015


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328,
              DOI 10.17487/RFC2328, April 1998,
              <http://www.rfc-editor.org/info/rfc2328>.

   [RFC4970]  Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and
              S. Shaffer, "Extensions to OSPF for Advertising Optional
              Router Capabilities", RFC 4970, DOI 10.17487/RFC4970, July
              2007, <http://www.rfc-editor.org/info/rfc4970>.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
              <http://www.rfc-editor.org/info/rfc5340>.

   [RFC7490]  Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N.
              So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)",
              RFC 7490, DOI 10.17487/RFC7490, April 2015,
              <http://www.rfc-editor.org/info/rfc7490>.

11.2.  Informative References

   [I-D.ietf-ospf-yang]
              Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K.
              Koushik, "Yang Data Model for OSPF Protocol", draft-ietf-
              ospf-yang-02 (work in progress), September 2015.

   [I-D.ietf-rtgwg-lfa-manageability]
              Litkowski, S., Decraene, B., Filsfils, C., Raza, K.,
              Horneffer, M., and P. Sarkar, "Operational management of
              Loop Free Alternates", draft-ietf-rtgwg-lfa-
              manageability-11 (work in progress), June 2015.

   [I-D.ietf-rtgwg-policy-model]
              Shaikh, A., rjs@rob.sh, r., D'Souza, K., and C. Chase,
              "Routing Policy Configuration Model for Service Provider
              Networks", draft-ietf-rtgwg-policy-model-00 (work in
              progress), September 2015.

   [RFC1997]  Chandra, R., Traina, P., and T. Li, "BGP Communities
              Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
              <http://www.rfc-editor.org/info/rfc1997>.






Hegde, et al.            Expires April 18, 2016                [Page 13]


Internet-Draft            OSPF node admin tags              October 2015


   [RFC4552]  Gupta, M. and N. Melam, "Authentication/Confidentiality
              for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006,
              <http://www.rfc-editor.org/info/rfc4552>.

   [RFC4593]  Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to
              Routing Protocols", RFC 4593, DOI 10.17487/RFC4593,
              October 2006, <http://www.rfc-editor.org/info/rfc4593>.

   [RFC5130]  Previdi, S., Shand, M., Ed., and C. Martin, "A Policy
              Control Mechanism in IS-IS Using Administrative Tags",
              RFC 5130, DOI 10.17487/RFC5130, February 2008,
              <http://www.rfc-editor.org/info/rfc5130>.

   [RFC5286]  Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for
              IP Fast Reroute: Loop-Free Alternates", RFC 5286,
              DOI 10.17487/RFC5286, September 2008,
              <http://www.rfc-editor.org/info/rfc5286>.

   [RFC6863]  Hartman, S. and D. Zhang, "Analysis of OSPF Security
              According to the Keying and Authentication for Routing
              Protocols (KARP) Design Guide", RFC 6863,
              DOI 10.17487/RFC6863, March 2013,
              <http://www.rfc-editor.org/info/rfc6863>.

   [RFC7166]  Bhatia, M., Manral, V., and A. Lindem, "Supporting
              Authentication Trailer for OSPFv3", RFC 7166,
              DOI 10.17487/RFC7166, March 2014,
              <http://www.rfc-editor.org/info/rfc7166>.

   [RFC7474]  Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed.,
              "Security Extension for OSPFv2 When Using Manual Key
              Management", RFC 7474, DOI 10.17487/RFC7474, April 2015,
              <http://www.rfc-editor.org/info/rfc7474>.

Authors' Addresses

   Shraddha Hegde
   Juniper Networks, Inc.
   Embassy Business Park
   Bangalore, KA  560093
   India

   Email: shraddha@juniper.net








Hegde, et al.            Expires April 18, 2016                [Page 14]


Internet-Draft            OSPF node admin tags              October 2015


   Rob Shakir
   Individual

   Email: rjs@rob.sh


   Anton Smirnov
   Cisco Systems, Inc.
   De Kleetlaan 6a
   Diegem  1831
   Belgium

   Email: as@cisco.com


   Li zhenbin
   Huawei Technologies
   Huawei Bld. No.156 Beiqing Rd
   Beijing  100095
   China

   Email: lizhenbin@huawei.com


   Bruno Decraene
   Orange

   Email: bruno.decraene@orange.com























Hegde, et al.            Expires April 18, 2016                [Page 15]