OSPF                                                      P. Psenak, Ed.
Internet-Draft                                                  N. Kumar
Intended status: Standards Track                            IJ. Wijnands
Expires: October 5, 2018                                           Cisco
                                                             A. Dolganow
                                                                   Nokia
                                                           T. Przygienda
                                                                J. Zhang
                                                  Juniper Networks, Inc.
                                                               S. Aldrin
                                                            Google, Inc.
                                                           April 3, 2018


                       OSPFv2 Extensions for BIER
              draft-ietf-bier-ospf-bier-extensions-17.txt

Abstract

   Bit Index Explicit Replication (BIER) is an architecture that
   provides multicast forwarding through a "BIER domain" without
   requiring intermediate routers to maintain multicast related per-flow
   state.  Neither does BIER require an explicit tree-building protocol
   for its operation.  A multicast data packet enters a BIER domain at a
   "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at
   one or more "Bit-Forwarding Egress Routers" (BFERs).  The BFIR router
   adds a BIER header to the packet.  Such header contains a bit-string
   in which each bit represents exactly one BFER to forward the packet
   to.  The set of BFERs to which the multicast packet needs to be
   forwarded is expressed by the according set of bits set in BIER
   packet header.

   This document describes the OSPF [RFC2328] protocol extension
   required for BIER with MPLS encapsulation [RFC8296].  Support for
   other encapsulation types is outside thescope of this document.  The
   use of multiple encapsulation types is outside the scope of this
   document.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.




Psenak, et al.           Expires October 5, 2018                [Page 1]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 5, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Flooding of the BIER Information in OSPF  . . . . . . . . . .   3
     2.1.  BIER Sub-TLV  . . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  BIER MPLS Encapsulation Sub-TLV . . . . . . . . . . . . .   5
     2.3.  Flooding scope of BIER Information  . . . . . . . . . . .   6
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   5.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   8
   6.  Normative References  . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   Bit Index Explicit Replication (BIER) is an architecture that
   provides optimal multicast forwarding through a "BIER domain" without
   requiring intermediate routers to maintain any multicast related per-
   flow state.  Neither does BIER explicitly require a tree-building
   protocol for its operation.  A multicast data packet enters a BIER
   domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the
   BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs).
   The BFIR router adds a BIER header to the packet.  The BIER header
   contains a bit-string in which each bit represents exactly one BFER
   to forward the packet to.  The set of BFERs to which the multicast




Psenak, et al.           Expires October 5, 2018                [Page 2]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   packet needs to be forwarded is expressed by setting the bits that
   correspond to those routers in the BIER header.

   BIER architecture requires routers participating in BIER to exchange
   BIER related information within a given domain.  BIER architecture
   permits link-state routing protocols to perform distribution of such
   information.  This document describes extensions to OSPF necessary to
   advertise BIER specific information in the case where BIER uses MPLS
   encapsulation as described in [RFC8296].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.  Flooding of the BIER Information in OSPF

   All BIER specific information that a Bit-Forwarding Router (BFR)
   needs to advertise to other BFRs is associated with a BFR-Prefix.  A
   BFR prefix is a unique (within a given BIER domain) routable IP
   address that is assigned to each BFR as described in more detail in
   section 2 of [RFC8279].

   Given that BIER information must be associated with a BFR prefix, the
   OSPF Extended Prefix Opaque LSA [RFC7684] has been chosen for
   advertisement.

2.1.  BIER Sub-TLV

   A Sub-TLV of the Extended Prefix TLV (defined in [RFC7684]) is
   defined for distributing BIER information.  The Sub-TLV is called the
   BIER Sub-TLV.  Multiple BIER Sub-TLVs may be included in the Extended
   Prefix TLV.

   The BIER Sub-TLV has the following format:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Type             |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Sub-domain-ID |     MT-ID     |              BFR-id           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    BAR        |    IPA        |            Reserved           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Sub-TLVs (variable)                      |
   +-                                                             -+
   |                                                               |




Psenak, et al.           Expires October 5, 2018                [Page 3]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


      Type: 9

      Length: Variable, dependent on sub-TLVs.

      Sub-domain-ID: Unique value identifying the BIER sub-domain within
      the BIER domain, as described in section 1 of [RFC8279].

      MT-ID: Multi-Topology ID (as defined in [RFC4915]) that identifies
      the topology that is associated with the BIER sub-domain.

      BFR-id: A 2 octet field encoding the BFR-id, as documented in
      section 2 of [RFC8279].  If the BFR is not locally configured with
      a valid BFR-id, the value of this field is set to 0, which is
      defined as illegal in [RFC8279].

      BAR: Single octet BIER specific algorithm used to calculate
      underlay paths to reach other BFRs.  Values are allocated from the
      "BIER Algorithm Registry" which is defined in
      [I-D.ietf-bier-isis-extensions].

      IPA: Single octet IGP algorithm to either modify, enhance or
      replace the calculation of underlay paths to reach other BFRs as
      defined by the BAR value.  Values are defined in the "IGP
      Algorithm Types" registry.

   Each BFR sub-domain MUST be associated with one and only one OSPF
   topology that is identified by the MT-ID.  If the association between
   BIER sub-domain and OSPF topology advertised in the BIER sub-TLV by
   other BFRs is in conflict with the association locally configured on
   the receiving router, the BIER Sub-TLV MUST be ignored.

   If the MT-ID value is outside of the values specified in [RFC4915],
   the BIER Sub-TLV MUST be ignored.

   If a BFR advertises the same Sub-domain-ID in multiple BIER sub-TLVs,
   the BFR MUST be treated as if it did not advertise a BIER sub-TLV for
   such sub-domain.

   All BFRs MUST detect advertisement of duplicate valid BFR-IDs for a
   given MT-ID and Sub-domain-ID.  When such duplication is detected by
   the BFR, it MUST behave as described in section 5 of [RFC8279].

   The supported BAR and IPA algorithms MUST be consistent for all
   routers supporting a given BFR sub-domain.  A router receiving BIER
   Sub-TLV advertisement with a value in BAR or IPA fields which does
   not match the locally configured value for a given BFR sub-domain,
   MUST report a misconfiguration for such BIER sub-domain and MUST
   ignore such BIER sub-TLV.



Psenak, et al.           Expires October 5, 2018                [Page 4]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   The use of non-zero values in either the BAR field or the IPA field
   is outside the scope of this document.

2.2.  BIER MPLS Encapsulation Sub-TLV

   The BIER MPLS Encapsulation Sub-TLV is a Sub-TLV of the BIER Sub-TLV.
   The BIER MPLS Encapsulation Sub-TLV is used in order to advertise
   MPLS specific information used for BIER.  It MAY appear multiple
   times in the BIER Sub-TLV.

   The BIER MPLS Encapsulation Sub-TLV has the following format:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Type             |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Max SI    |                     Label                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |BS Len |                     Reserved                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type: 10

      Length: 8 octets

      Max SI : A 1 octet field encoding the maximum Set Identifier
      (section 1 of [RFC8279]), used in the encapsulation for this BIER
      sub-domain for this bitstring length.

      Label: A 3 octet field, where the 20 rightmost bits represent the
      first label in the label range.  The 4 leftmost bits MUST be
      ignored.

      Bit String Length: A 4 bits field encoding the supported BitString
      length associated with this BFR-prefix.  The values allowed in
      this field are specified in section 2 of [RFC8296].

      Reserved: SHOULD be set to 0 on transmission and MUST be ignored
      on reception.

      The "label range" is the set of labels beginning with the Label
      and ending with (Label + (Max SI)).  A unique label range is
      allocated for each BitStream length and Sub-domain-ID.  These
      labels are used for BIER forwarding as described in [RFC8279] and
      [RFC8296].





Psenak, et al.           Expires October 5, 2018                [Page 5]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


      The size of the label range is determined by the number of Set
      Identifiers (SI) (section 1 of [RFC8279]) that are used in the
      network.  Each SI maps to a single label in the label range.  The
      first label is for SI=0, the second label is for SI=1, etc.

   If the label associated with the Maximum Set Identifier exceeds the
   20 bit range, the BIER MPLS Encapsulation Sub-TLV MUST be ignored.

   If the BS length is set to a value that does not match any of the
   allowed values specified in [RFC8296], the BIER MPLS Encapsulation
   Sub-TLV MUST be ignored.

   If same BS length is repeated in multiple BIER MPLS Encapsulation
   Sub-TLV inside the same BIER Sub-TLV, the BIER sub-TLV MUST be
   ignored.

   Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised
   by the same BFR MUST NOT overlap.  If the overlap is detected, the
   advertising router MUST be treated as if it did not advertise any
   BIER sub-TLVs.

2.3.  Flooding scope of BIER Information

   The flooding scope of the OSPF Extended Prefix Opaque LSA [RFC7684]
   that is used for advertising the BIER Sub-TLV is set to area-local.
   To allow BIER deployment in a multi-area environment, OSPF must
   propagate BIER information between areas.


                 (  )         (  )         (  )
               (      )     (      )     (      )
            R1  Area 1   R2  Area 0   R3  Area 2  R4
               (      )     (      )     (      )
                 (  )         (  )         (  )

               Figure 1: BIER propagation between areas


   The following procedure is used in order to propagate BIER related
   information between areas:

      When an OSPF Area Border Router (ABR) advertises a Type-3 Summary
      LSA from an intra-area or inter-area prefix to all its attached
      areas, it will also originate an Extended Prefix Opaque LSA, as
      described in [RFC7684].  The flooding scope of the Extended Prefix
      Opaque LSA type will be set to area-local.  The route-type in the
      OSPF Extended Prefix TLV is set to inter-area.  When determining




Psenak, et al.           Expires October 5, 2018                [Page 6]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


      whether a BIER Sub-TLV should be included in this LSA, an OSPF ABR
      will:

         - Examine its best path to the prefix in the source area and
         find the advertising router associated with the best path to
         that prefix.

         - Determine if such advertising router advertised a BIER Sub-
         TLV for the prefix.  If yes, the ABR will copy the information
         from such BIER Sub-TLV when advertising BIER Sub-TLV to each
         attached area.

      In the Figure 1, R1 advertises a prefix 192.0.2.1/32 in Area 1.
      It also advertises Extended Prefix Opaque LSA for prefix
      192.0.2.1/32 and includes BIER Sub-TLV in it.  Area Border Router
      (ABR) R2 calculates the reachability for prefix 192.0.2.1/32
      inside Area 1 and propagates it to Area 0.  When doing so, it
      copies the entire BIER Sub-TLV (including all its Sub-TLVs) it
      received from R1 in Area 1 and includes it in the Extended Prefix
      Opaque LSA it generates for 192.0.2.1/32 in Area 0.  ABR R3
      calculates the reachability for prefix 192.0.2.1/32 inside Area 0
      and propagates it to Area 2.  When doing so, it copies the entire
      BIER Sub-TLV (including all its Sub-TLVs) it received from R2 in
      Area 0 and includes it in the Extended Prefix Opaque LSA it
      generates for 192.0.2.1/32 in Area 2.

3.  Security Considerations

   This document introduces new sub-TLVs for existing OSPF Extended
   Prefix TLV.  It does not introduce any new security risks to OSPF.
   Existing security extensions as described in [RFC2328] and [RFC7684]
   apply.

   It is assumed that both BIER and OSPF layer is under a single
   administrative domain.  There can be deployments where potential
   attackers have access to one or more networks in the OSPF routing
   domain.  In these deployments, stronger authentication mechanisms
   such as those specified in [RFC7474] SHOULD be used.

   The Security Considerations section of [RFC8279] discusses the
   possibility of performing a Denial of Service (DoS) attack by setting
   too many bits in the BitString of a BIER-encapsulated packet.
   However, this sort of DoS attack cannot be initiated by modifying the
   OSPF BIER advertisements specified in this document.  A BFIR decides
   which systems are to receive a BIER-encapsulated packet.  In making
   this decision, it is not influenced by the OSPF control messages.
   When creating the encapsulation, the BFIR sets one bit in the
   encapsulation for each destination system.  The information in the



Psenak, et al.           Expires October 5, 2018                [Page 7]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   OSPF BIER advertisements is used to construct the forwarding tables
   that map each bit in the encapsulation into a set of next hops for
   the host that is identified by that bit, but is not used by the BFIR
   to decide which bits to set.  Hence an attack on the OSPF control
   plane cannot be used to cause this sort of DoS attack.

   While a BIER-encapsulated packet is traversing the network, a BFR
   that receives a BIER-encapsulated packet with n bits set in its
   BitString may have to replicate the packet and forward multiple
   copies.  However, a given bit will only be set in one copy of the
   packet.  That means that each transmitted replica of a received
   packet has fewer bits set (i.e., is targeted to fewer destinations)
   than the received packet.  This is an essential property of the BIER
   forwarding process as defined in [RFC8279].  While a failure of this
   process might cause a DoS attack (as discussed in the Security
   Considerations of [RFC8279]), such a failure cannot be caused by an
   attack on the OSPF control plane.

   Implementations MUST assure that malformed TLV and Sub-TLV defined in
   this document are detected and do not provide a vulnerability for
   attackers to crash the OSPF router or routing process.  Reception of
   malformed TLV or Sub-TLV SHOULD be counted and/or logged for further
   analysis.  Logging of malformed TLVs and Sub-TLVs SHOULD be rate-
   limited to prevent a Denial of Service (DoS) attack (distributed or
   otherwise) from overloading the OSPF control plane.

4.  IANA Considerations

   The document requests three new allocations from the OSPF Extended
   Prefix sub-TLV registry as defined in [RFC7684].

      BIER Sub-TLV: 9

      BIER MPLS Encapsulation Sub-TLV: 10

5.  Acknowledgments

   The authors would like to thank Rajiv Asati, Christian Martin, Greg
   Shepherd and Eric Rosen for their contribution.

6.  Normative References

   [I-D.ietf-bier-isis-extensions]
              Ginsberg, L., Przygienda, T., Aldrin, S., and Z. Zhang,
              "BIER support via ISIS", draft-ietf-bier-isis-
              extensions-11 (work in progress), March 2018.





Psenak, et al.           Expires October 5, 2018                [Page 8]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328,
              DOI 10.17487/RFC2328, April 1998,
              <https://www.rfc-editor.org/info/rfc2328>.

   [RFC4915]  Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
              Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF",
              RFC 4915, DOI 10.17487/RFC4915, June 2007,
              <https://www.rfc-editor.org/info/rfc4915>.

   [RFC7684]  Psenak, P., Gredler, H., Shakir, R., Henderickx, W.,
              Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute
              Advertisement", RFC 7684, DOI 10.17487/RFC7684, November
              2015, <https://www.rfc-editor.org/info/rfc7684>.

   [RFC8279]  Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
              Przygienda, T., and S. Aldrin, "Multicast Using Bit Index
              Explicit Replication (BIER)", RFC 8279,
              DOI 10.17487/RFC8279, November 2017,
              <https://www.rfc-editor.org/info/rfc8279>.

   [RFC8296]  Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
              Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation
              for Bit Index Explicit Replication (BIER) in MPLS and Non-
              MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January
              2018, <https://www.rfc-editor.org/info/rfc8296>.

Authors' Addresses

   Peter Psenak (editor)
   Cisco
   Apollo Business Center
   Mlynske nivy 43
   Bratislava  821 09
   Slovakia

   Email: ppsenak@cisco.com










Psenak, et al.           Expires October 5, 2018                [Page 9]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   Nagendra Kumar
   Cisco
   7200 Kit Creek Road
   Research Triangle Park, NC  27709
   US

   Email: naikumar@cisco.com


   IJsbrand Wijnands
   Cisco
   De Kleetlaan 6a
   Diegem  1831
   Belgium

   Email: ice@cisco.com


   Andrew Dolganow
   Nokia
   750 Chai Chee Rd
   06-06 Viva Business Park
   Singapore  469004

   Email: andrew.dolganow@nokia.com


   Tony Przygienda
   Juniper Networks, Inc.
   10 Technology Park Drive
   Westford, MA  01886
   USA

   Email: prz@juniper.net


   Jeffrey Zhang
   Juniper Networks, Inc.
   10 Technology Park Drive
   Westford, MA  01886
   USA

   Email: zzhang@juniper.net








Psenak, et al.           Expires October 5, 2018               [Page 10]


Internet-Draft         OSPFv2 Extensions for BIER             April 2018


   Sam Aldrin
   Google, Inc.
   1600 Amphitheatre Parkway
   Mountain View, CA
   USA

   Email: aldrin.ietf@gmail.com












































Psenak, et al.           Expires October 5, 2018               [Page 11]