Network Work group P. Psenak, Ed.
Internet-Draft N. Nainar, Ed.
Intended status: Standards Track IJ. Wijnands
Expires: November 4, 2018 Cisco Systems, Inc.
May 3, 2018
OSPFv3 Extensions for BIER
draft-psenak-bier-ospfv3-extensions-01
Abstract
Bit Index Explicit Replication (BIER) is an architecture that
provides multicast forwarding through a "BIER domain" without
requiring intermediate routers to maintain multicast related per-flow
state. Neither does BIER require an explicit tree-building protocol
for its operation. A multicast data packet enters a BIER domain at a
"Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at
one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router
adds a BIER header to the packet. Such header contains a bit-string
in which each bit represents exactly one BFER to forward the packet
to. The set of BFERs to which the multicast packet needs to be
forwarded is expressed by the according set of bits set in BIER
packet header.
This document describes the OSPFv3 [RFC8362] protocol extensions
required for BIER with MPLS encapsulation [RFC8296]. Support for
other encapsulation types is outside the scope of this document. The
use of multiple encapsulation types is outside the scope of this
document.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 4, 2018.
Psenak, et al. Expires November 4, 2018 [Page 1]
Internet-Draft OSPFv3 Extensions for BIER May 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Flooding of the BIER Information in OSPFv3 . . . . . . . . . 3
2.1. BIER Sub-TLV . . . . . . . . . . . . . . . . . . . . . . 3
2.2. BIER MPLS Encapsulation Sub-TLV . . . . . . . . . . . . . 5
2.3. Flooding scope of BIER Information . . . . . . . . . . . 6
3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
6. Normative References . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
Bit Index Explicit Replication (BIER) is an architecture that
provides optimal multicast forwarding through a "BIER domain" without
requiring intermediate routers to maintain any multicast related per-
flow state. Neither does BIER explicitly require a tree-building
protocol for its operation. A multicast data packet enters a BIER
domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the
BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs).
The BFIR router adds a BIER header to the packet. The BIER header
contains a bit-string in which each bit represents exactly one BFER
to forward the packet to. The set of BFERs to which the multicast
packet needs to be forwarded is expressed by setting the bits that
correspond to those routers in the BIER header.
BIER architecture requires routers participating in BIER to exchange
BIER related information within a given domain. BIER architecture
permits link-state routing protocols to perform distribution of such
information. [I-D.ietf-bier-ospf-bier-extensions] proposes the
OSPFv2 protocol extensions to distribute BIER specific information.
Psenak, et al. Expires November 4, 2018 [Page 2]
Internet-Draft OSPFv3 Extensions for BIER May 2018
This document describes extensions to OSPFv3 necessary to advertise
BIER specific information in the case where BIER uses MPLS
encapsulation as described in [RFC8296].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. Flooding of the BIER Information in OSPFv3
All BIER specific information that a Bit-Forwarding Router (BFR)
needs to advertise to other BFRs is associated with a BFR-Prefix. A
BFR prefix is a unique (within a given BIER domain) routable IPv4 or
IPv6 address that is assigned to each BFR as described in more detail
in [RFC8279].
[RFC8362] defines the encoding of OSPFv3 LSA in TLV format that
allows to carry additional informations. This section defines the
required Sub-TLVs to carry BIER information that is associated with
the BFR-Prefix. The Sub-TLV defined in this section MAY be carried
in the below OSPFv3 Extended LSA TLVs [RFC8362]:
Intra-Area-Prefix TLV
Inter-Area-Prefix TLV
2.1. BIER Sub-TLV
A Sub-TLV of the above mentioned Prefix TLVs is defined for
distributing BIER information. The Sub-TLV is called the BIER Sub-
TLV. Multiple BIER Sub-TLVs may be included in any of the above
mentioned Prefix TLV.
The BIER Sub-TLV has the following format:
Psenak, et al. Expires November 4, 2018 [Page 3]
Internet-Draft OSPFv3 Extensions for BIER May 2018
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-domain-ID | MT-ID | BFR-id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| BAR | IPA | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-TLVs (variable) |
+- -+
| |
Type: TBD1
Length: Variable, dependent on sub-TLVs.
Sub-domain-ID: Unique value identifying the BIER sub-domain within
the BIER domain, as described in [RFC8279]
MT-ID: Multi-Topology ID (as defined in [RFC4915] that identifies
the topology that is associated with the BIER sub-domain.
BFR-id: A 2 octet field encoding the BFR-id, as documented in
section 2 of [RFC8279]. If the BFR is not locally configured with
a valid BFR-id, the value of this field is set to 0, which is
defined as illegal in [RFC8279].
BAR: Single octet BIER specific algorithm used to calculate
underlay paths to reach other BFRs. Values are allocated from the
"BIER Algorithm" registry which is defined in
[I-D.ietf-bier-isis-extensions].
IPA: Single octet IGP algorithm to either modify, enhance or
replace the calculation of underlay paths to reach other BFRs as
defined by the BAR value. Values are defined in the "IGP
Algorithm Types" registry.
Each BFR sub-domain MUST be associated with one and only one OSPF
topology that is identified by the MT-ID. If the association between
BIER sub-domain and OSPF topology advertised in the BIER sub-TLV by
other BFRs is in conflict with the association locally configured on
the receiving router, the BIER Sub-TLV MUST be ignored.
If the MT-ID value is outside of the values specified in [RFC4915],
the BIER Sub-TLV MUST be ignored.
Psenak, et al. Expires November 4, 2018 [Page 4]
Internet-Draft OSPFv3 Extensions for BIER May 2018
If a BFR advertises the same Sub-domain-ID in multiple BIER sub-TLVs,
the BFR MUST be treated as if it did not advertise a BIER sub-TLV for
such sub-domain.
All BFRs MUST detect advertisement of duplicate valid BFR-IDs for a
given MT-ID and Sub-domain-ID. When such duplication is detected by
the BFR, it MUST behave as described in section 5 of [RFC8279].
The supported BAR and IPA algorithms MUST be consistent for all
routers supporting a given BFR sub-domain. A router receiving BIER
Sub-TLV advertisement with a value in BAR or IPA fields which does
not match the locally configured value for a given BFR sub-domain,
MUST report a misconfiguration for such BIER sub-domain and MUST
ignore such BIER sub-TLV.
The use of non-zero values in either the BAR field or the IPA field
is outside the scope of this document.
2.2. BIER MPLS Encapsulation Sub-TLV
The BIER MPLS Encapsulation Sub-TLV is a Sub-TLV of the BIER Sub-TLV
defined in Section 2.1. The BIER MPLS Encapsulation Sub-TLV is used
in order to advertise MPLS specific information used for BIER. It
MAY appear multiple times in the BIER Sub-TLV.
The BIER MPLS Encapsulation Sub-TLV has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Max SI | Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|BS Len | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: Set to TBD2.
Length: 8 octets
Max SI: A 1 octet field encoding the maximum Set Identifier
(section 1 of [RFC8279]), used in the encapsulation for this BIER
sub-domain for this bitstring length.
Psenak, et al. Expires November 4, 2018 [Page 5]
Internet-Draft OSPFv3 Extensions for BIER May 2018
Label: A 3 octet field, where the 20 rightmost bits represent the
first label in the label range. The 4 leftmost bits MUST be
ignored.
Bit String Length: A 4 bits field encoding the supported BitString
length associated with this BFR-prefix. The values allowed in
this field are specified in section 2 of [RFC8296].
Reserved: SHOULD be set to 0 on transmission and MUST be ignored
on reception.
The "label range" is the set of labels beginning with the Label
and ending with (Label + (Max SI)). A unique label range is
allocated for each BitString length and Sub-domain-ID. These
labels are used for BIER forwarding as described in [RFC8279] and
[RFC8296].
The size of the label range is determined by the number of Set
Identifiers (SI) (section 1 of [RFC8279]) that are used in the
network. Each SI maps to a single label in the label range. The
first label is for SI=0, the second label is for SI=1, etc.
If the label associated with the Maximum Set Identifier exceeds the
20 bit range, the BIER MPLS Encapsulation Sub-TLV MUST be ignored.
If the BS length is set to a value that does not match any of the
allowed values specified in [RFC8296], the BIER MPLS Encapsulation
Sub-TLV MUST be ignored.
If same BS length is repeated in multiple BIER MPLS Encapsulation
Sub-TLV inside the same BIER Sub-TLV, the BIER sub-TLV MUST be
ignored.
Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised
by the same BFR MUST NOT overlap. If the overlap is detected, the
advertising router MUST be treated as if it did not advertise any
BIER sub-TLVs.
2.3. Flooding scope of BIER Information
The flooding scope of the Extended LSAs [RFC8362] that is used for
advertising the BIER Sub-TLV is area-local. To allow BIER deployment
in a multi-area environment, OSPFv3 must propagate BIER information
between areas.
Psenak, et al. Expires November 4, 2018 [Page 6]
Internet-Draft OSPFv3 Extensions for BIER May 2018
( ) ( ) ( )
( ) ( ) ( )
R1 Area 1 R2 Area 0 R3 Area 2 R4
( ) ( ) ( )
( ) ( ) ( )
Figure 1: BIER propagation between areas
The following procedure is used in order to propagate BIER related
information between areas:
When an OSPFv3 Area Border Router (ABR) advertises E-Inter-Area-
Prefix-LSA from an intra-area or inter-area prefix to all its
attached areas, it determines whether a BIER Sub-TLV should be
included in this LSA. When doing so, an OSPFv3 ABR will:
* Examine its best path to the prefix in the source area and find
the advertising router associated with the best path to that
prefix.
* Determine if such advertising router advertised a BIER Sub-TLV
for the prefix. If yes, the ABR will copy the information from
such BIER Sub-TLV when advertising BIER Sub-TLV to each
attached area.
In the Figure 1, R1 advertises a prefix 2001:db8:b1e6::1/128 in
Area 1. It also includes BIER Sub-TLV in E-Intra-Area-Prefix-LSA.
ABR R2 calculates the reachability for prefix
2001:bdb8:b1e6::1/128 inside Area 1 and propagates it to Area 0
using E-Inter-Area-Prefix-LSA. When doing so, it copies the
entire BIER Sub-TLV (including all its Sub-TLVs) it received from
R1 in Area 1 and includes it in the E-Inter-Area-Prefix-LSA it
generates for the prefix in Area 0. ABR R3 calculates the
reachability for prefix 2001:bdb8:b1e6::1/128 inside Area 0 and
propagates it to Area 2. When doing so, it copies the entire BIER
Sub-TLV (including all its Sub-TLVs) it received from R2 in Area 0
and includes it in E-Inter-Area-Prefix-LSA it generates for
2001:bdb8:b1e6::1/128 in Area 2.
3. Security Considerations
This document introduces new sub-TLVs for OSPFv3 Extended-LSAs. It
does not introduce any new security risks to OSPFv3. Existing
security concerns documented in [RFC8362] is applicable for the Sub-
TLVs defined in this document.
It is assumed that both BIER and OSPF layer is under a single
administrative domain. There can be deployments where potential
Psenak, et al. Expires November 4, 2018 [Page 7]
Internet-Draft OSPFv3 Extensions for BIER May 2018
attackers have access to one or more networks in the OSPFv3 routing
domain. In these deployments, stronger authentication mechanisms
such as those specified in [RFC4552] SHOULD be used.
The Security Considerations section of [RFC8279] discusses the
possibility of performing a Denial of Service (DoS) attack by setting
too many bits in the BitString of a BIER-encapsulated packet.
However, this sort of DoS attack cannot be initiated by modifying the
OSPF BIER advertisements specified in this document. A BFIR decides
which systems are to receive a BIER-encapsulated packet. In making
this decision, it is not influenced by the OSPF control messages.
When creating the encapsulation, the BFIR sets one bit in the
encapsulation for each destination system. The information in the
OSPF BIER advertisements is used to construct the forwarding tables
that map each bit in the encapsulation into a set of next hops for
the host that is identified by that bit, but is not used by the BFIR
to decide which bits to set. Hence an attack on the OSPF control
plane cannot be used to cause this sort of DoS attack.
While a BIER-encapsulated packet is traversing the network, a BFR
that receives a BIER-encapsulated packet with n bits set in its
BitString may have to replicate the packet and forward multiple
copies. However, a given bit will only be set in one copy of the
packet. That means that each transmitted replica of a received
packet has fewer bits set (i.e., is targeted to fewer destinations)
than the received packet. This is an essential property of the BIER
forwarding process as defined in [RFC8279]. While a failure of this
process might cause a DoS attack (as discussed in the Security
Considerations of [RFC8279]), such a failure cannot be caused by an
attack on the OSPF control plane.
Implementations MUST assure that malformed TLV and Sub-TLV defined in
this document are detected and do not provide a vulnerability for
attackers to crash the OSPFv3 router or routing process. Reception
of malformed TLV or Sub-TLV SHOULD be counted and/or logged for
further analysis. Logging of malformed TLVs and Sub-TLVs SHOULD be
rate-limited to prevent a Denial of Service (DoS) attack (distributed
or otherwise) from overloading the OSPFv3 control plane.
4. IANA Considerations
The document requests two new allocations from the OSPFv3 Extended-
LSA sub-TLV registry as defined in [RFC8362].
BIER Sub-TLV: TBD1
BIER MPLS Encapsulation Sub-TLV: TBD2
Psenak, et al. Expires November 4, 2018 [Page 8]
Internet-Draft OSPFv3 Extensions for BIER May 2018
5. Acknowledgements
TBD
6. Normative References
[I-D.ietf-bier-isis-extensions]
Ginsberg, L., Przygienda, T., Aldrin, S., and Z. Zhang,
"BIER support via ISIS", draft-ietf-bier-isis-
extensions-11 (work in progress), March 2018.
[I-D.ietf-bier-ospf-bier-extensions]
Psenak, P., Kumar, N., Wijnands, I., Dolganow, A.,
Przygienda, T., Zhang, Z., and S. Aldrin, "OSPFv2
Extensions for BIER", draft-ietf-bier-ospf-bier-
extensions-17 (work in progress), April 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality
for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006,
<https://www.rfc-editor.org/info/rfc4552>.
[RFC4915] Psenak, P., Mirtorabi, S., Roy, A., Nguyen, L., and P.
Pillay-Esnault, "Multi-Topology (MT) Routing in OSPF",
RFC 4915, DOI 10.17487/RFC4915, June 2007,
<https://www.rfc-editor.org/info/rfc4915>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<https://www.rfc-editor.org/info/rfc5340>.
[RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
Przygienda, T., and S. Aldrin, "Multicast Using Bit Index
Explicit Replication (BIER)", RFC 8279,
DOI 10.17487/RFC8279, November 2017,
<https://www.rfc-editor.org/info/rfc8279>.
[RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation
for Bit Index Explicit Replication (BIER) in MPLS and Non-
MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January
2018, <https://www.rfc-editor.org/info/rfc8296>.
Psenak, et al. Expires November 4, 2018 [Page 9]
Internet-Draft OSPFv3 Extensions for BIER May 2018
[RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and
F. Baker, "OSPFv3 Link State Advertisement (LSA)
Extensibility", RFC 8362, DOI 10.17487/RFC8362, April
2018, <https://www.rfc-editor.org/info/rfc8362>.
Authors' Addresses
Peter Psenak (editor)
Cisco Systems, Inc.
Apollo Business Center
Mlynske nivy 43, Bratislava 821 09
Slovakia
Email: ppsenak@cisco.com
Nagendra Kumar Nainar (editor)
Cisco Systems, Inc.
7200 Kit Creek Road
Research Triangle Park, NC 27709
US
Email: naikumar@cisco.com
IJsbrand Wijnands
Cisco Systems, Inc.
De Kleetlaan 6a
Diegem 1831
Belgium
Email: ice@cisco.com
Psenak, et al. Expires November 4, 2018 [Page 10]