Networking Working Group                                 S. Previdi, Ed.
Internet-Draft                                               L. Ginsberg
Intended status: Standards Track                                M. Shand
Expires: September 12, 2011                                       A. Roy
                                                           Cisco Systems
                                                                 D. Ward
                                                        Juniper Networks
                                                          March 11, 2011


                          IS-IS Multi-Instance
                       draft-ietf-isis-mi-04.txt

Abstract

   This draft describes a mechanism that allows a single router to share
   one or more links among multiple Intermediate System To Intermediate
   System (IS-IS) routing protocol instances.

   Multiple instances allow the isolation of resources associated with
   each instance.  Routers will form instance specific adjacencies,
   exchange instance specific routing updates and compute paths
   utilizing instance specific Link State Database (LSDB) information.
   Each Protocol Data Unit (PDU) will contain a new Type Length Value
   (TLV) identifying the instance to which the PDU belongs.  This allows
   a network operator to deploy multiple IS-IS instances in parallel,
   using the same set of links when required and still have the
   capability of computing instance specific paths.  This draft does not
   address the forwarding paradigm that needs to be used in order to
   ensure data PDUs are forwarded according to the paths computed by a
   specific instance.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.




Previdi, et al.        Expires September 12, 2011               [Page 1]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 12, 2011.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.


















Previdi, et al.        Expires September 12, 2011               [Page 2]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 4
   2.  Elements Of Procedure . . . . . . . . . . . . . . . . . . . . . 4
     2.1.  Instance Identifier . . . . . . . . . . . . . . . . . . . . 5
     2.2.  Instance Membership . . . . . . . . . . . . . . . . . . . . 5
     2.3.  Use of Authentication . . . . . . . . . . . . . . . . . . . 5
     2.4.  Adjacency Establishment . . . . . . . . . . . . . . . . . . 6
       2.4.1.  Point-to-Point Adjacencies  . . . . . . . . . . . . . . 6
       2.4.2.  Multi-Access Adjacencies  . . . . . . . . . . . . . . . 6
     2.5.  Interoperability Considerations . . . . . . . . . . . . . . 6
       2.5.1.  Interoperability Issues on Broadcast Networks . . . . . 7
       2.5.2.  Interoperability using point-to-point networks  . . . . 7
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 8
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 8
   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 9

































Previdi, et al.        Expires September 12, 2011               [Page 3]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


1.  Introduction

   An existing limitation of the protocol defined by [IS-IS] is that
   only one instance of the protocol can operate on a given link.  This
   document defines an extension to IS-IS to remove this restriction.
   The extension is referred to as "Multi-instance IS-IS" (MI-IS-IS).

   Routers which support this extension are referred to as "Multi-
   instance capable routers" (MI-RTR).

   The use of multiple instances enhances the ability to isolate the
   resources associated with a given instance both within a router and
   across the network.  Instance specific prioritization for processing
   PDUs and performing routing calculations within a router may be
   specified.  Instance specific flooding parameters may also be defined
   so as to allow different instances to consume network wide resources
   at different rates.

   MI-IS-IS might be used to support IS-IS for multiple topologies.
   When used for this purpose it is an alternative to [RFC5120].

   MI-IS-IS might also be used to support an instance which advertises
   information on behalf of applications.  The advertisement of
   information not directly related to the operation of the IS-IS
   protocol can therefore be done in a manner which minimizes its impact
   on the operation of routing.

   The above are examples of how MI-IS-IS might be used.  The
   specification of uses of MI-IS-IS is outside the scope of this
   document.


2.  Elements Of Procedure

   The protocol extension uses a new TLV called the Instance Identifier
   (IID) that is included in each IS-IS PDU originated by an MI-RTR.
   MI-RTRs form instance specific adjacencies and exchange instance
   specific routing updates only for the instance IDs which are
   supported both by the MI-RTR and its neighbor.

   This also implies an instance specific flooding scheme, instance
   specific LSDBs and instance specific routing calculations.  It MAY
   also imply instance specific routing and forwarding tables.  However,
   this aspect is outside the scope of this specification.  When
   multiple instances share the same link each instance will have a
   separate set of adjacencies.  Each IS-IS PDU is associated with only
   one IS-IS instance.




Previdi, et al.        Expires September 12, 2011               [Page 4]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


   The mechanisms used to implement support for the separation of IS-IS
   instances within a router are outside the scope of this
   specification.

2.1.  Instance Identifier

   A new TLV is defined in order to convey an instance identifier (IID).
   The purpose of the IID is to identify the PDUs associated with each
   IS-IS instance using a unique 16-bit number.  The IID TLV is carried
   in all IS-IS PDUs (Intermediate System to Intermediate System Hello
   (IIH), Sequence Number PDU (SNP) and Link State PDU (LSP) packets)
   originated by the router.

   Multiple instances of IS-IS may co-exist on the same network and on
   the same physical router.  IIDs MUST be unique within the same
   routing domain.

   Instance identifier #0 is reserved for the standard instance
   supported by legacy systems.  The following format is used for the
   IID:

     Type:   7
     Length: 2
     Value:  Instance Identifier (0 to 65535)

   When an LSP purge is initiated, the Instance Identifier TLV, if
   present, MUST be retained but the remainder of the body of the LSP
   SHOULD be removed.  Purge procedure is described in [PURGE] and
   [PURGE-ID].

2.2.  Instance Membership

   Each router is configured to be participating in one or more
   instances of IS-IS.  For each instance in which it participates, a
   router marks all IS-IS PDUs (IIHs, LSPs or SNPs) generated pertaining
   to that instance by including the IID TLV with the appropriate
   instance identifier.  Note that this applies to the standard instance
   (instance identifier #0).  A PDU MUST NOT be generated with multiple
   IID TLVs.  PDUs received with multiple IID TLVs MUST be ignored.  A
   PDU without an IID TLV is assumed to belong to the standard instance
   (#0).

2.3.  Use of Authentication

   When authentication is in use, the Instance Identifier TLV, if
   present, is first used to select the authentication configuration
   which is applicable.  The authentication check is then performed as
   normal.



Previdi, et al.        Expires September 12, 2011               [Page 5]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


2.4.  Adjacency Establishment

   In order to establish adjacencies, IS-IS routers exchange IIH PDUs.
   Two types of adjacencies exist in IS-IS: point-to-point and
   broadcast.  The following sub-sections describe the additional rules
   an MI-RTR MUST follow when establishing adjacencies.

2.4.1.  Point-to-Point Adjacencies

   MI-RTRs include the IID TLV in the point-to-point hello PDUs they
   originate.  Upon reception of an IIH, an MI-RTR inspects the received
   IID TLV and if it matches any of the IIDs which the router supports
   on that link, normal adjacency establishment procedures are used to
   establish an instance specific adjacency.  Note that the absence of
   the IID TLV implies instance ID #0.

   This extension allows an MI-RTR to establish multiple adjacencies to
   the same physical neighbor over a point-to-point link.  However, as
   the instances are logically independent, the normal expectation of at
   most one neighbor on a given point-to-point link still applies.

2.4.2.  Multi-Access Adjacencies

   Multi-Access (broadcast) networks behave differently than point-to-
   point in that PDUs sent by one router are visible to all routers and
   all routers must agree on the election of a Designated Intermediate
   System (DIS).

   MI-RTRs will establish adjacencies and elect a DIS per IS-IS
   instance.  Each MI-RTR will form adjacencies only with routers which
   advertise support for the instances which the local router has been
   configured to support on that link.  Since an MI-RTR is not required
   to support all possible instances on a LAN, it's possible to elect a
   different DIS for different instances.

2.5.  Interoperability Considerations

   [IS-IS] requires that any TLV that is not understood is silently
   ignored without compromising the processing of the whole IS-IS PDU
   (IIH, LSP, SNP).

   To a router not implementing this extension, all IS-IS PDUs received
   will appear to be associated with the standard instance regardless of
   whether an IID TLV is present in those PDUs.  This can cause
   interoperability issues unless the mechanisms and procedures
   discussed below are followed.





Previdi, et al.        Expires September 12, 2011               [Page 6]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


2.5.1.  Interoperability Issues on Broadcast Networks

   In order for routers to correctly interoperate with routers not
   implementing this extension and in order not to cause disruption, a
   specific and dedicated Media Access Control (MAC) address is used for
   multicasting IS-IS PDUs with any non-zero IID.  Each level will use a
   specific layer 2 multicast address.  Such an address allows MI-RTRs
   to exchange IS-IS PDUs with non-zero IIDs without these PDUs being
   processed by legacy routers and therefore no disruption is caused.

   An MI-RTR will use the AllL1IS and AllL2IS ISIS MAC layer addresses
   (as defined in [IS-IS]) when sending ISIS PDUs for the standard
   instance (IID #0).  An MI-RTR will use two new (TBD) dedicated layer
   2 multicast addresses (one for each level) when sending IS-IS PDUs
   for any non-zero IID.

   MI-RTRs MUST discard IS-IS PDUs received if either of the following
   is true:

   o  The destination multicast address is AllL1IS or AllL2IS and the
      PDU contains an IID TLV with non-zero value

   o  The destination multicast address is one of the two new addresses
      and the PDU contains an IID TLV with a zero value or has no IID
      TLV.

   NOTE: If the multicast addresses AllL1IS and/or AllL2IS are
   improperly used to send IS-IS PDUs for non-zero IIDs, legacy systems
   will interpret these PDUs as being associated with IID #0.  This will
   cause inconsistencies in the LSDB in those routers, may incorrectly
   maintain adjacencies, and may lead to inconsistent DIS election.

2.5.2.  Interoperability using point-to-point networks

   In order for an MI-RTR to interoperate over a point-to-point link
   with a router which does NOT support this extension, the MI-RTR MUST
   NOT send IS-IS PDUs for instances other than IID #0 over the point-
   to-point link as these PDUs may affect the state of IID #0 in the
   neighbor.

   The presence/absence of the IID TLV in an IIH indicates that the
   neighbor does/does not support this extension.  Once it is determined
   that the neighbor does not support this extension, an MI-RTR MUST NOT
   send PDUs (including IIHs) for instances other than IID #0.

   Until an IIH is received from a neighbor, an MI-RTR MAY send IIHs for
   a non-zero instance.  However, once an IIH with no IID TLV has been
   received - indicating that the neighbor is not an MI-RTR - the MI-RTR



Previdi, et al.        Expires September 12, 2011               [Page 7]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


   MUST NOT send IIHs for a non-zero instance.  The temporary relaxation
   of the restriction on sending IIHs for non-zero instances allows a
   non-zero instance adjacency to be established on an interface on
   which an MI-RTR does NOT support instance #0.

   Point-to-point adjacency setup MUST be done through the use of three-
   way handshaking procedure as defined in [RFC5303] in order to prevent
   a non-MI capable neighbor from bringing up an adjacency prematurely
   based on reception of an IIH w an IID TLV for a non-zero instance.


3.  IANA Considerations

   This document requires the definition a new ISIS TLV that needs to be
   reflected in the ISIS TLV code-point registry:

    Type  Description  IIH  LSP  SNP  Purge
    ----  -----------  ---  ---  ---  -----
    TBA   MI-MT IID     y    y    y     y


4.  Security Considerations

   Security concerns for IS-IS are addressed in [IS-IS], [RFC5304], and
   [RFC5310].

   Use of the extensions defined here with authentication as defined in
   [RFC5304] or [RFC5310] will result in the discarding of purges by
   legacy systems which are in strict conformance with either of those
   RFCs.  To avoid this issue an MI-RTR MAY omit the IID TLV in purges
   for the standard instance (IID #0) until such time as all ISs in the
   network have been upgraded to support [PURGE].


5.  Acknowledgements

   The authors would like to acknowledge contributions made by Dino
   Farinacci and Tony Li.


6.  Normative References

   [IS-IS]    "Intermediate system to Intermediate system intra-domain
              routeing information exchange protocol for use in
              conjunction with the protocol for providing the
              connectionless-mode Network Service (ISO 8473), ISO/IEC
              10589:2002, Second Edition.", Nov 2002.




Previdi, et al.        Expires September 12, 2011               [Page 8]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


   [PURGE]    Ginsberg, L. and T. Li, "IS-IS Registry Extension for
              Purges", draft-ietf-isis-reg-purge (work in progress),
              September 2010.

   [PURGE-ID]
              Wei, F., Qin, Y., Li, Z., Li, T., and J. Dong, "Purge
              Originator Identification TLV for IS-IS",
              draft-ietf-isis-purge-tlv (work in progress),
              October 2010.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5120]  Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi
              Topology (MT) Routing in Intermediate System to
              Intermediate Systems (IS-ISs)", RFC 5120, February 2008.

   [RFC5303]  Katz, D., Saluja, R., and D. Eastlake, "Three-Way
              Handshake for IS-IS Point-to-Point Adjacencies", RFC 5303,
              October 2008.

   [RFC5304]  Li, T. and R. Atkinson, "IS-IS Cryptographic
              Authentication", RFC 5304, October 2008.

   [RFC5310]  Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
              and M. Fanto, "IS-IS Generic Cryptographic
              Authentication", RFC 5310, February 2009.


Authors' Addresses

   Stefano Previdi (editor)
   Cisco Systems
   Via Del Serafico 200
   Rome  0144
   Italy

   Email: sprevidi@cisco.com


   Les Ginsberg
   Cisco Systems
   510, McCarthy Blvd.
   Milpitas, CA  95035
   USA

   Email: ginsberg@cisco.com




Previdi, et al.        Expires September 12, 2011               [Page 9]


Internet-Draft          draft-ietf-isis-mi-04.txt             March 2011


   Mike Shand
   Cisco Systems
   250 Longwater Avenue
   Reading, Berkshire  RG2 6GB
   UK

   Email: mshand@cisco.com


   Abhay Roy
   Cisco Systems
   170 W. Tasman Dr.
   San Jose, CA  95134
   USA

   Email: akr@cisco.com


   Dave Ward
   Juniper Networks
   1194 N. Mathilda Ave.
   Sunnyvale, CA  94089-1206
   USA

   Email: dward@juniper.net


























Previdi, et al.        Expires September 12, 2011              [Page 10]