Internet Engineering Task Force                         L. Ginsberg, Ed.
Internet-Draft                                             Cisco Systems
Intended status: Standards Track                           A. Przygienda
Expires: October 1, 2018                                Juniper Networks
                                                               S. Aldrin
                                                                  Google
                                                                J. Zhang
                                                  Juniper Networks, Inc.
                                                          March 30, 2018


                         BIER support via ISIS
                   draft-ietf-bier-isis-extensions-11

Abstract

   This document defines ISIS extensions to support multicast forwarding
   using the Bit Index Explicit Replication (BIER) architecture.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 1, 2018.








Ginsberg, et al.         Expires October 1, 2018                [Page 1]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   4.  Concepts  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  BIER Domains and Sub-Domains  . . . . . . . . . . . . . .   5
     4.2.  Advertising BIER Information  . . . . . . . . . . . . . .   5
   5.  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Multi Topology and Sub-Domain . . . . . . . . . . . . . .   5
     5.2.  BFR-id Advertisements . . . . . . . . . . . . . . . . . .   6
     5.3.  Logging Misconfiguration  . . . . . . . . . . . . . . . .   6
     5.4.  Flooding Reduction  . . . . . . . . . . . . . . . . . . .   6
   6.  Packet Formats  . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  BIER Info sub-TLV . . . . . . . . . . . . . . . . . . . .   7
     6.2.  BIER MPLS Encapsulation sub-sub-TLV . . . . . . . . . . .   8
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   9
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     9.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   Bit Index Explicit Replication (BIER) [RFC8279] defines an
   architecture where all intended multicast receivers are encoded as
   bitmask in the Multicast packet header within different
   encapsulations such as [RFC8296].  A router that receives such a
   packet will forward the packet based on the Bit Position in the
   packet header towards the receiver(s), following a precomputed tree
   for each of the bits in the packet.  Each receiver is represented by
   a unique bit in the bitmask.



Ginsberg, et al.         Expires October 1, 2018                [Page 2]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   This document presents necessary extensions to the currently deployed
   ISIS for IP [RFC1195] protocol to support distribution of information
   necessary for operation of BIER domains and sub-domains.  This
   document defines a new TLV to be advertised by every router
   participating in BIER signaling.

   This document defines support for MPLS encapsulation as specified in
   [RFC8296].  Support for other encapsulation types is outside the
   scope of this document.  The use of multiple encapsulation types is
   outside the scope of this document.

2.  Terminology

   Some of the terminology specified in [RFC8279] is replicated here and
   extended by necessary definitions:

   BIER:  Bit Index Explicit Replication (The overall architecture of
      forwarding multicast using a Bit Position).

   BIER-OL:  BIER Overlay Signaling.  (The method for the BFIR to learn
      about BFER's).

   BFR:  Bit Forwarding Router (A router that participates in Bit Index
      Multipoint Forwarding).  A BFR is identified by a unique BFR-
      prefix in a BIER domain.

   BFIR:  Bit Forwarding Ingress Router (The ingress border router that
      inserts the BM into the packet).  Each BFIR must have a valid BFR-
      id assigned.

   BFER:  Bit Forwarding Egress Router.  A router that participates in
      Bit Index Forwarding as leaf.  Each BFER must be a BFR.  Each BFER
      must have a valid BFR-id assigned.

   BFT:  Bit Forwarding Tree used to reach all BFERs in a domain.

   BIER sub-domain:  A further distinction within a BIER domain
      identified by its unique sub-domain identifier.  A BIER sub-domain
      can support multiple BitString Lengths.

   BFR-id:  An optional, unique identifier for a BFR within a BIER sub-
      domain.

   Invalid BFR-id:  Unassigned BFR-id.  The special value 0 is reserved
      for this purpose.

   BAR  BIER Algorithm.  Used to calculate underlay next hops.




Ginsberg, et al.         Expires October 1, 2018                [Page 3]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   IPA  IGP Algorithm.  May be used to modify, enhance or replace the
      calculation of underlay paths as defined by the BAR value

   SPF  Shortest Path First routing calculation based on IGP link metric

3.  IANA Considerations

   This document adds the following new sub-TLV to the registry of Sub-
   TLVs for TLVs 135, 235, 236, and 237.

   Value: 32 (suggested - to be assigned by IANA)

   Name: BIER Info

   This document also introduces a new registry for sub-sub-TLVs for the
   BIER Info sub-TLV added above.  The registration policy is Expert
   Review as defined in [RFC8126].  This registry is part of the "IS-IS
   TLV Codepoints" registry.  The name of the registry is "sub-sub-TLVs
   for BIER Info sub-TLV".  The defined values are:

     Type    Name
     ----    ----
     1       BIER MPLS Encapsulation


   IANA is requested to set up a registry called "BIER Algorithm
   Registry" under category "Bit Index Explicit Replication".  The
   registration policies [RFC8126] for this registry are:

      "Standards Action" for values 0-127

      "Specification Required" for values 128-240

      "Experimental Use" for values 240-254"

   The initial values in the BIER Algorithm Registry are:

      0: No BIER specific algorithm is used

      1-254: Unassigned

      255: Reserved

4.  Concepts







Ginsberg, et al.         Expires October 1, 2018                [Page 4]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


4.1.  BIER Domains and Sub-Domains

   An ISIS signalled BIER domain is aligned with the scope of
   distribution of BFR-prefixes that identify the BFRs within ISIS.
   ISIS acts in such a case as the supporting BIER underlay.

   Within such a domain, the extensions defined in this document
   advertise BIER information for one or more BIER sub-domains.  Each
   sub-domain is uniquely identified by a subdomain-id (SD).  Each
   subdomain is associated with a single ISIS topology (MT) [RFC5120],
   which may be any of the topologies supported by ISIS.  Local
   configuration controls which <MT,SD> pairs are supported by a router.
   The mapping of sub-domains to topologies MUST be consistent within
   the IS-IS flooding domain used to advertise BIER information.

   Each BIER sub-domain has as its unique attributes the encapsulation
   used and the type of tree it is using to forward BIER frames
   (currently always SPF).  Additionally, per supported bitstring length
   in the sub-domain, each router will advertise the necessary label
   ranges to support it.

4.2.  Advertising BIER Information

   BIER information advertisements are associated with a new sub-TLV in
   the extended reachability TLVs.  BIER information is always
   associated with a host prefix which MUST be a node address for the
   advertising node.  If this is not the case the advertisement MUST be
   ignored.  Therefore the following restrictions apply:

   o  Prefix length MUST be 32 for an IPv4 prefix or 128 for an IPv6
      prefix

   o  When the Prefix Attributes Flags sub-TLV is present N flag MUST be
      set and R flag MUST NOT be set.  [RFC7794]

   o  BIER sub-TLVs MUST be included when a prefix reachability
      advertisement is leaked between levels.

5.  Procedures

5.1.  Multi Topology and Sub-Domain

   A given sub-domain is supported within one and only one topology.
   All routers in the flooding scope of the BIER sub-TLVs MUST advertise
   the same sub-domain within the same multi-topology.  A router
   receiving an <MT,SD> advertisement which does not match the locally
   configured pair MUST report a misconfiguration of the received
   <MT,SD> pair.  All received BIER advertisements associated with the



Ginsberg, et al.         Expires October 1, 2018                [Page 5]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   conflicting <MT,SD> pair MUST be ignored.  Note that in the presence
   of such a misconfiguration this will lead to partitioning of the sub-
   domian.

   Example:

   The following combination of advertisements are valid: <0,0> <0,1>
   <2,2>.

   The following combination of advertisements are invalid: <0,0> <0,1>
   <2,0>.  Advertisements associated with <0,0> and <2,0> must be
   ignored.

5.2.  BFR-id Advertisements

   If a BFER/BFIR is configured with a BFR-id then it advertises this
   value in its BIER advertisements.  If no BFR-id is configured then
   the value "Invalid BFR-id" is advertised.  A valid BFR-id MUST be
   unique within the flooding scope of the BIER advertisements.  All
   BFERs/BFIRs MUST detect advertisement of duplicate valid BFR-IDs for
   a given <MT, SD>.  When such duplication is detected all of the
   routers advertising duplicates MUST be treated as if they did not
   advertise a valid BFR-id.  This implies they cannot act as BFER or
   BFIR in that <MT,SD>.

5.3.  Logging Misconfiguration

   Whenever an advertisement is received which violates any of the
   constraints defined in this document the receiving router MUST
   support logging this occurrence.  Logging SHOULD be dampened to avoid
   excessive output.

5.4.  Flooding Reduction

   It is expected that changes in BIER domain information which is
   advertised by IS-IS occur infrequently.  If this expectation is not
   met for an extended period of time (more than a few seconds of
   burstiness) changes will increase the number of Link State PDU (LSP)
   updates and negatively impact performance in the network.
   Implementations SHOULD protect against this possibility e.g., by
   dampening updates if they occur over an extended period of time.

6.  Packet Formats

   All ISIS BIER information is carried within the TLVs 235, 237
   [RFC5120] or TLVs 135 [RFC5305], or TLV 236 [RFC5308].





Ginsberg, et al.         Expires October 1, 2018                [Page 6]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


6.1.  BIER Info sub-TLV

   This sub-TLV carries the information for the BIER sub-domains that
   the router participates in as BFR.  This sub-TLV MAY appear multiple
   times in a given prefix-reachability TLV - once for each sub-domain
   supported in the associated topology.

   The sub-TLV advertises a single <MT,SD> combination followed by
   optional sub-sub-TLVs as described in the following sections.


        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    Type       |   Length      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |   BAR         |    IPA        | subdomain-id  |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |     BFR-id                    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  sub-sub-TLVs (variable)                                      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type:  as indicated in IANA section.

   Length:  variable

   BAR  BIER Algorithm.  Specifies a BIER specific algorithm used to
      calculate underlay paths to reach BFERs.  Values are allocated
      from the BIER Algorithm Registry. 1 octet

   IPA  IGP algorithm.  Specifies an IGP Algorithm to either modify,
      enhance or replace the calculation of underlay paths to reach
      BFERs as defined by the BAR value.  Values are from the IGP
      Algorithm registry. 1 octet

   subdomain-id:  Unique value identifying the BIER sub-domain. 1 octet

   BFR-id:  A 2 octet field encoding the BFR-id, as documented in
      [RFC8279].  If no BFR-id has been assigned the value of this field
      is set to "Invalid BFR-id", which is defined as illegal in
      [RFC8279] .

   The use of non-zero values in either the BAR field or the IPA field
   is outside the scope of this document.  If an implementation does not
   support the use of non-zero values in these fields, but receives a
   BIER Info sub-TLV containing non-zero values in these fields, it



Ginsberg, et al.         Expires October 1, 2018                [Page 7]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   SHOULD treat the advertising router as incapable of supporting BIER
   (one way of handling incapable routers is documented in section 6.9
   of [RFC8279] and additional methods may be defined in the future).

6.2.  BIER MPLS Encapsulation sub-sub-TLV

   This sub-sub-TLV carries the information for the BIER MPLS
   encapsulation including the label range for a specific bitstring
   length for a certain <MT,SD>.  It is advertised within the BIER Info
   sub-TLV (Section 6.1) . This sub-sub-TLV MAY appear multiple times
   within a single BIER info sub-TLV.

   If the same Bitstring length is repeated in multiple sub-sub-TLVs
   inside the same BIER Info Sub-TLV, the BIER Info sub-TLV MUST be
   ignored.

   Label ranges within all BIER MPLS Encapsulation sub-sub-TLVs across
   all BIER Info sub-TLVs advertised by the same BFR MUST NOT overlap.
   If overlap is detected, the advertising router MUST be treated as if
   it did not advertise any BIER sub-TLVs.

   Label values MUST NOT match any of the reserved values defined in
   [RFC3032]


        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    Type       |   Length      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |   Max SI      |BS Len |                    Label              |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type:  value of 1 indicating MPLS encapsulation.

   Length:  4

   Max SI  Maximum Set Identifier (section 1 of [RFC8279]) used in the
      encapsulation for this BIER sub-domain for this bitstring length,
      1 octet.  Each SI maps to a single label in the label range.  The
      first label is for SI=0, the second label is for SI=1, etc.  If
      the label associated with the Maximum Set Identifier exceeds the
      20 bit range the sub-sub-TLV MUST be ignored.

   Local BitString Length (BS Len):  Encoded bitstring length as per
      [RFC8296]. 4 bits.




Ginsberg, et al.         Expires October 1, 2018                [Page 8]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   Label:  First label of the range, 20 bits.  The labels are as defined
      in [RFC8296].

7.  Security Considerations

   Security concerns for IS-IS are addressed in [RFC5304] and [RFC5310].

   The Security Considerations section of [RFC8279] discusses the
   possibility of performing a Denial of Service (DoS) attack by setting
   too many bits in the BitString of a BIER-encapsulated packet.
   However, this sort of DoS attack cannot be initiated by modifying the
   ISIS BIER advertisements specified in this document.  A BFIR decides
   which systems are to receive a BIER-encapsulated packet.  In making
   this decision, it is not influenced by the ISIS control messages.
   When creating the encapsulation, the BFIR sets one bit in the
   encapsulation for each destination system.  The information in the
   ISIS BIER advertisements is used to construct the forwarding tables
   that map each bit in the encapsulation into a set of next hops for
   the host that is identified by that bit, but is not used by the BFIR
   to decide which bits to set.  Hence an attack on the ISIS control
   plane cannot be used to cause this sort of DoS attack.

   While a BIER-encapsulated packet is traversing the network, a BFR
   that receives a BIER-encapsulated packet with n bits set in its
   BitString may have to replicate the packet and forward multiple
   copies.  However, a given bit will only be set in one copy of the
   packet.  That means that each transmitted replica of a received
   packet has fewer bits set (i.e., is targeted to fewer destinations)
   than the received packet.  This is an essential property of the BIER
   forwarding process as defined in [RFC8279].  While a failure of this
   process might cause a DoS attack (as discussed in the Security
   Considerations of [RFC8279]), such a failure cannot be caused by an
   attack on the ISIS control plane.

   Further discussion of BIER specific security considerations can be
   found in [RFC8279].

8.  Acknowledgements

   The RFC is aligned with the [I-D.ietf-bier-ospf-bier-extensions]
   draft as far as the protocol mechanisms overlap.

   Many thanks for comments from (in no particular order) Hannes
   Gredler, Ijsbrand Wijnands, Peter Psenak and Chris Bowers.

   Special thanks to Eric Rosen.





Ginsberg, et al.         Expires October 1, 2018                [Page 9]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


9.  References

9.1.  Normative References

   [RFC1195]  Callon, R., "Use of OSI IS-IS for routing in TCP/IP and
              dual environments", RFC 1195, DOI 10.17487/RFC1195,
              December 1990, <https://www.rfc-editor.org/info/rfc1195>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC3032]  Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
              Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
              Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
              <https://www.rfc-editor.org/info/rfc3032>.

   [RFC5120]  Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi
              Topology (MT) Routing in Intermediate System to
              Intermediate Systems (IS-ISs)", RFC 5120,
              DOI 10.17487/RFC5120, February 2008,
              <https://www.rfc-editor.org/info/rfc5120>.

   [RFC5304]  Li, T. and R. Atkinson, "IS-IS Cryptographic
              Authentication", RFC 5304, DOI 10.17487/RFC5304, October
              2008, <https://www.rfc-editor.org/info/rfc5304>.

   [RFC5305]  Li, T. and H. Smit, "IS-IS Extensions for Traffic
              Engineering", RFC 5305, DOI 10.17487/RFC5305, October
              2008, <https://www.rfc-editor.org/info/rfc5305>.

   [RFC5308]  Hopps, C., "Routing IPv6 with IS-IS", RFC 5308,
              DOI 10.17487/RFC5308, October 2008,
              <https://www.rfc-editor.org/info/rfc5308>.

   [RFC5310]  Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
              and M. Fanto, "IS-IS Generic Cryptographic
              Authentication", RFC 5310, DOI 10.17487/RFC5310, February
              2009, <https://www.rfc-editor.org/info/rfc5310>.

   [RFC7794]  Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and
              U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4
              and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794,
              March 2016, <https://www.rfc-editor.org/info/rfc7794>.






Ginsberg, et al.         Expires October 1, 2018               [Page 10]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8279]  Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
              Przygienda, T., and S. Aldrin, "Multicast Using Bit Index
              Explicit Replication (BIER)", RFC 8279,
              DOI 10.17487/RFC8279, November 2017,
              <https://www.rfc-editor.org/info/rfc8279>.

   [RFC8296]  Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
              Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation
              for Bit Index Explicit Replication (BIER) in MPLS and Non-
              MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January
              2018, <https://www.rfc-editor.org/info/rfc8296>.

9.2.  Informative References

   [I-D.ietf-bier-ospf-bier-extensions]
              Psenak, P., Kumar, N., Wijnands, I., Dolganow, A.,
              Przygienda, T., Zhang, Z., and S. Aldrin, "OSPFv2
              Extensions for BIER", draft-ietf-bier-ospf-bier-
              extensions-16 (work in progress), March 2018.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

Authors' Addresses

   Les Ginsberg (editor)
   Cisco Systems
   510 McCarthy Blvd.
   Milpitas, CA  95035
   USA

   Email: ginsberg@cisco.com


   Tony Przygienda
   Juniper Networks

   Email: prz@juniper.net







Ginsberg, et al.         Expires October 1, 2018               [Page 11]


Internet-Draft       draft-ietf-bier-isis-extensions          March 2018


   Sam Aldrin
   Google
   1600 Amphitheatre Parkway
   Mountain View, CA
   USA

   Email: aldrin.ietf@gmail.com


   Jeffrey (Zhaohui) Zhang
   Juniper Networks, Inc.
   10 Technology Park Drive
   Westford, MA  01886
   USA

   Email: zzhang@juniper.net



































Ginsberg, et al.         Expires October 1, 2018               [Page 12]