Network Working Group                                         F.J. Baker
Internet-Draft                                             Cisco Systems
Intended status: Standards Track                       February 17, 2013
Expires: August 21, 2013

              IPv6 Source/Destination Routing using IS-IS


   This note describes the changes necessary for IS-IS to route classes
   of IPv6 traffic that are defined by a source prefix and a destination
   prefix.  This implies not routing "to a destination", but "traffic
   matching a classification tuple".  The obvious application is egress
   routing - routing traffic using a given prefix to an upstream network
   that will not drop traffic using that prefix using BCP 38 filters.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 21, 2013.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Baker                   Expires August 21, 2013                 [Page 1]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Theory of Routing . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Dealing with ambiguity  . . . . . . . . . . . . . . . . .   3
   3.  Extensions necessary for IS-IS/IPv6 . . . . . . . . . . . . .   4
     3.1.  Source Prefix sub-TLV . . . . . . . . . . . . . . . . . .   4
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   5
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   8.  Change Log  . . . . . . . . . . . . . . . . . . . . . . . . .   5
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     9.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Use case: Egress Routing . . . . . . . . . . . . . .   6
   Appendix B.  FIB Design . . . . . . . . . . . . . . . . . . . . .   7
     B.1.  Linux Source-Address Forwarding . . . . . . . . . . . . .   7
       B.1.1.  One FIB per source prefix . . . . . . . . . . . . . .   7
       B.1.2.  One FIB per source prefix plus a general FIB  . . . .   8
     B.2.  PATRICIA  . . . . . . . . . . . . . . . . . . . . . . . .   9
       B.2.1.  Virtual Bit String  . . . . . . . . . . . . . . . . .   9
       B.2.2.  Tree Construction . . . . . . . . . . . . . . . . . .   9
       B.2.3.  Tree Lookup . . . . . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   This specification builds on the extensible TLV defined in [RFC5308].
   It adds to the existing Reachability TLV the (obviously optional)
   sub-TLV for an IPv6 Source Prefix, to define routes defined by a
   source and a destination prefix.  Note that ::/0, "any IPv6 Address",
   is a prefix, so this may be used for default routes as well as more
   specific routes.

   IS-IS TLVs that specify only a destination prefix remain legal.  They
   may be understood as identifying a route to a destination prefix from

Baker                   Expires August 21, 2013                 [Page 2]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   "any" source, which is a very useful class of traffic to compactly

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

2.  Theory of Routing

   Both IS-IS and OSPF perform their calculations by building a lattice
   of routers and routes from the router performing the calculation to
   each router, and then use those routes to get to destinations that
   those routes advertise connectivity to.  Following the SPF algorithm,
   calculation starts by selecting a starting point (typically the
   router doing the calculation), and successively adding {link, router)
   pairs until one has calculated a route to every router in the
   network.  As each router is added, including the original router,
   destinations that it is directly connected to are turned into routes
   in the route table: "to get to 2001:db8::/32, route traffic to
   {interface, list of next hop routers}".  For immediate neighbors to
   the originating router, of course, there is no next hop router;
   traffic is handled locally.

   IS-IS [ISO.10589.1992] represents those destinations as a type-
   length-value field that identifies an address.  For CLNS, it was
   designed to the ISO NSAP; by various extensions, it also handles IPv4
   and IPv6 prefixes and their counterparts for other protocols.  Adding
   a new class of traffic to route is as simple as adding a new tuple
   type and the supporting method routines for that class of traffic.

2.1.  Dealing with ambiguity

   In any routing protocol, there is the possibility of ambiguity.  An
   area border router might, for example, summarize the routes to other
   areas into a small set of relatively short prefixes, which have more
   specific routes within the area.  Traditionally, we have dealt with
   that using a "longest match first" rule.  If the same datagram
   matches more than one destination prefix advertised within the area,
   we follow the route to the longest matching prefix.

   When routing a class of traffic, we follow an analogous "most
   specific match" rule; we follow the route for the most specific
   matching tuple.  In cases of simple overlap, such as routing to
   2001:db8::/32 or 2001:db8:1::/48, that is exactly analogous; we
   choose one of the two routes.

Baker                   Expires August 21, 2013                 [Page 3]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   It is possible, however, to construct an ambiguous case in which
   neither class subsumes the other.  For example, presume that

   o  A is a prefix,

   o  B is a more-specific prefix within A,

   o  C is a different prefix, and

   o  D is a more-specific prefix of C.

   The two classes {A, D, *, *} and {B, C, *, *} are ambiguous: a
   datagram within {B, D, *, *} matches both classes, and it is not
   clear in the data plane what decision to make.  Solving this requires
   the addition of a third route in the FIB corresponding to the class
   {B, D, *, *}, which is more-specific than either of the first two,
   and can be given routing guidance based on metrics or other policy in
   the usual way.

3.  Extensions necessary for IS-IS/IPv6

   Section 2 of [RFC5308] defines the "IPv6 Reachability TLV", and
   carries in it destination prefix advertisements.  It has the
   capability of extension, using sub-TLVs.  The extension needed is to
   add a sub-TLV for each additional item in the tuple.  We interpret
   the lack of a given sub-TLV as "any"; by definition, S=0 implies any
   source address, any DSCP, and any flow label.  If S=1, there will be
   one or more additional sub-TLVs following the sub-TLV format
   specified there.

3.1.  Source Prefix sub-TLV

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |      Type     |    Length     |Prefix Length  |    Prefix

                           Source Prefix Sub-TLV

   Source Prefix Type:  assigned by IANA

   TLV Length:  Length of the sub-TLV in octets

   Prefix Length:  Length of the prefix in bits

   Prefix:  (source prefix length +7)/8 octets of prefix

Baker                   Expires August 21, 2013                 [Page 4]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

4.  IANA Considerations

   This section will request an identifying value for the TLV defined.
   This is deferred to the -01 version of the draft.

5.  Security Considerations

   To be considered.

6.  Privacy Considerations

   To be considered.

7.  Acknowledgements

8.  Change Log

   Initial Version:  February 2013

9.  References

9.1.  Normative References

              International Organization for Standardization,
              "Intermediate system to intermediate system intra-domain-
              routing routine information exchange protocol for use in
              conjunction with the protocol for providing the
              connectionless-mode Network Service (ISO 8473)", ISO
              Standard 10589, 1992.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.

   [RFC5308]  Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, October

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, July 2008.

9.2.  Informative References

              Baker, F., "Routing a Traffic Class", draft-baker-fun-
              routing-class-00 (work in progress), July 2011.

Baker                   Expires August 21, 2013                 [Page 5]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

              Morrison, D.R., "Practical Algorithm to Retrieve
              Information Coded in Alphanumeric", Journal of the ACM
              15(4) pp514-534, October 1968.

   [RFC0791]  Postel, J., "Internet Protocol", STD 5, RFC 791, September

   [RFC1195]  Callon, R., "Use of OSI IS-IS for routing in TCP/IP and
              dual environments", RFC 1195, December 1990.

   [RFC1247]  Moy, J., "OSPF Version 2", RFC 1247, July 1991.

   [RFC1349]  Almquist, P., "Type of Service in the Internet Protocol
              Suite", RFC 1349, July 1992.

   [RFC2460]  Deering, S.E. and R.M. Hinden, "Internet Protocol, Version
              6 (IPv6) Specification", RFC 2460, December 1998.

   [RFC2597]  Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski,
              "Assured Forwarding PHB Group", RFC 2597, June 1999.

   [RFC2827]  Ferguson, P. and D. Senie, "Network Ingress Filtering:
              Defeating Denial of Service Attacks which employ IP Source
              Address Spoofing", BCP 38, RFC 2827, May 2000.

Appendix A.  Use case: Egress Routing

   Using this technology for egress routing is straightforward.  Presume
   a multihomed edge (residential or enterprise) network with multiple
   egress points to the various ISPs.  These ISPs allocate PA prefixes
   to the network.  Due to BCP 38 [RFC2827], the network must presume
   that its upstream ISPs will filter out any traffic presented to them
   that does not use their PA prefix.

   Within the network, presume that a /64 prefix from each of those PA
   prefixes is allocated on each LAN, and that hosts generate and use
   multiple addresses on each interface.

   Within the network, we permit any host to communicate with any other.
   Hence, routing advertisements within the network use traditional
   destination routing, which is understood to be advertising the
   traffic class

      {destination, ::/0}.

   From the egresses, the firewall or its neighboring router injects a
   default route for traffic "from" its PA prefix:

Baker                   Expires August 21, 2013                 [Page 6]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

      {::/0, PA prefix}.

   Routing is calculated as normal, with the exception that traffic
   following a default route will select that route based on the source
   address.  Traffic will never be lost to BCP 38 filters, because by
   definition the only traffic sent to the ISP is using the PA prefix
   assigned by the ISP.  In addition, while hosts can use spoofed
   addresses outside of their PA prefixes to attack each other, they
   cannot send traffic using spoofed addresses to their upstream
   networks; such traffic has no route.

Appendix B.  FIB Design

   While the design of the Forwarding Information Base is not a matter
   for standardization, as it only has to work correctly, not
   interoperate with something else, the design of a FIB for this type
   of lookup may differ from approaches used in destination routing.  We
   describe one possible approach that is known to work, from the
   perspective of a proof of concept.

B.1.  Linux Source-Address Forwarding

   The University of Waikato has added to the Linux Advanced Routing &
   Traffic Control facility the ability to maintain multiple FIBS, one
   for each of a set of prefixes.  Implementing source/destination
   routing using this mechanism is not difficult.

   The router must know what source prefixes might be used in its
   domain.  This may be by configuration or, at least in concept,
   learned from the routing protocols themselves.  In whichever way that
   is done, one can imagine two fundamental FIB structures to serve N
   source prefixes; N FIBs, one per prefix, or N+1 FIBs, one per prefix
   plus one for destinations for which the source prefix is unspecified.

B.1.1.  One FIB per source prefix

   In an implementation with one FIB per source prefix, the routing
   algorithm has two possibilities.

   o  If it calculates a route to a prefix (such as a default route)
      associated with a given source prefix, it stores the route in the
      FIB for the relevant source prefix.

   o  If it calculates a route for which the source prefix is
      unspecified, it stores that route in all N FIBs.

   When forwarding a datagram, the IP forwarder looks at the source
   address of the datagram to determine which FIB it should use.  If it

Baker                   Expires August 21, 2013                 [Page 7]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   is from an address for which there is no FIB, the forwarder discards
   the datagram as containing a forged source address.  If it is from an
   address within one of the relevant prefixes, it looks up the
   destination in the indicated FIB and forwards it in the usual way.

   The argument for this approach is simplicity: there is one place to
   look in making a forwarding decision for any given datagram.  The
   argument against it is memory space; it is likely that the FIBs will
   be similar, but every destination route not associated with a source
   prefix is duplicated in each FIB.  In addition, since it
   automatically removes traffic whose source address is not among the
   configured list, it limits the possibility of user software using
   improper addresses.

B.1.2.  One FIB per source prefix plus a general FIB

   In an implementation with N+1 FIBs, the algorithm is slightly more

   o  If it calculates a route to a prefix (such as a default route)
      associated with a given source prefix, it stores the route in the
      FIB for the relevant source prefix.

   o  If it calculates a route for which the source prefix is
      unspecified, it stores that route in the FIB that is not
      associated with a source prefix.

   When forwarding a datagram, the IP forwarder looks at the source
   address of the datagram to determine which FIB it should use.  If it
   is from one of the configured prefixes, it looks the destination up
   in the indicated FIB.  In any event it also looks the destination up
   in the "unspecified source address" FIB.  If the destination is found
   in only one of the two, the indicated route is followed.  If the
   destination is found in both, the more specific route is followed.

   The argument for this approach is memory space; if a large percentage
   of routes are only in the general FIB, such as when egress routing is
   used for the default route and all other routes are internal, the
   other FIBs are likely to be very small - perhaps only a single
   default route.  The argument against this approach is complexity:
   most lookups if not all will be done in a prefix-specific FIB and in
   the general FIB.

Baker                   Expires August 21, 2013                 [Page 8]

Internet-Draft      IS-IS Source/Destination Routing       February 2013


   One approach is a [PATRICIA] Tree.  This is a relative of a Trie, but
   unlike a Trie, need not use every bit in classification, and does not
   need the bits used to be contiguous.  It depends on treating the bit
   string as a set of slices of some size, potentially of different
   sizes.  Slice width is an implementation detail; since the algorithm
   is most easily described using a slice of a single bit, that will be
   presumed in this description.

B.2.1.  Virtual Bit String

   It is quite possible to view the fields in a datagram header
   incorporated into the classification tuple as a virtual bit string
   such as is shown in Figure 1.  This bit string has various regions
   within it.  Some vary and are therefore useful in a radix tree
   lookup.  Some may be essentially constant - all global IPv6 addresses
   at this writing are within 2000::/3, for example, so while it must be
   tested to assure a match, incorporating it into the radix tree may
   not be very helpful in classification.  Others are ignored; if the
   destination is a remote /64, we really don't care what the EID is.
   In addition, due to variation in prefix length and other details, the
   widths of those fields vary among themselves.  The algorithm the FIB
   implements, therefore, must efficiently deal with the fact of a
   discontiguous lookup key.

   |Destination Prefix   |Source Prefix         |DSCP | Flow Label|
    Common|Varying|Ignored|Common|Varying|Ignored|Varying or ignored

        Figure 1: Treating a traffic class as a virtual bit string

B.2.2.  Tree Construction

   The tree is constructed by recursive slice-wise decomposition.  At
   each stage, the input is a set of classes to be classified.  At each
   stage, the result is the addition of a lookup node in the tree that
   identifies the location of its slice in the virtual bit string (which
   might be a bit number), the width of the slice to be inspected, and
   an enumerated set of results.  Each result is a similar set of
   classes, and is analyzed in a similar manner.

   The analysis is performed by enumerating which bits that have not
   already been considered are best suited to classification.  For a
   slice of N bits, one wants to select a slide that most evenly divides
   the set of classes into 2^N subsets.  If one or more bits in the
   slice is ignored in some of the classes, those classes must be

Baker                   Expires August 21, 2013                 [Page 9]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   included in every subset, as the actual classification of them will
   depend on other bits.

   Input:{2001:db8::/32, ::/0, *, *}
         {2001:db8:1::/48, ::/0, AF41, *}
         {2001:db8:1::/48, ::/0, AF42, *}
         {2001:db8:1::/48, ::/0, AF43, *}
   Common parts: Destination prefix 2001:dba, source prefix, and label
   Varying parts: DSCP and the third set of sixteen bits in the
                  destination prefix
   One possible decomposition:
   (1) slice = DSCP
       enumerated cases:
   (a) { {2001:db8::/32, ::/0, *, *}, {2001:db8:1::/48, ::/0, AF41, *} }
   (b) { {2001:db8::/32, ::/0, *, *}, {2001:db8:1::/48, ::/0, AF42, *} }
   (c) { {2001:db8::/32, ::/0, *, *}, {2001:db8:1::/48, ::/0, AF43, *} }
   (2) slice = third sixteen bit field in destination
       This divides each enumerated case into those containing 0001 and
       "everything else", which would imply 2001:db8::/32
                              (1) DSCP
                   (1a)       (1b)         (1c)
                  /    \     /    \       /    \
                /32   /48  /32   /48    /32   /48

                      Figure 2: Example PATRICIA Tree

B.2.3.  Tree Lookup

   To look something up in a PATRICIA Tree, one starts at the root of
   the tree and performs the indicated comparisons recursively walking
   down the tree until one reaches a terminal node.  When the enumerated
   subset is empty or contains only a single class, classification
   stops.  Either classification has failed (there was no matching
   class, or one has presumably found the indicated class.  At that
   point, every bit in the virtual bit string must be compared to the
   classifier; classification is accepted on a perfect match.

   In the example in Figure 2, if a packet {2001:db8:1:2:3:4:5:6,
   2001:db8:2:3:4:5:6:7, AF41, 0} arrives, we start at the root.  Since
   it is an AF41 packet, we deduce that case (1a) applies, and since the
   destination has 0001 in the third sixteen bit field of the
   destination address, we are comparing to {2001:db8:1::/48, ::/0,
   AF41, *}. Since the destination address is within 2001:db8:1::/48,
   classification as that succeeds.

Author's Address

Baker                   Expires August 21, 2013                [Page 10]

Internet-Draft      IS-IS Source/Destination Routing       February 2013

   Fred Baker
   Cisco Systems
   Santa Barbara, California  93117


Baker                   Expires August 21, 2013                [Page 11]