David,
Thanks a lot for your detailed review and comments.
Here are the details of responses. I have also attached the updated document.
---- Major issues: ----
[1] Operational considerations: There appears to be more than enough enabled
by this draft
to wreak serious operational havoc, but the draft seems to sidestep all
operational topics,
primarily by treating all usage of tags as vendor- or implementation- specific
and trusting
the vendors and operators not to foul things up. I'm not sure that's wise.
<Shraddha> Added a new "Operational Considerations" section as suggested in
other mail threads on this topic.
-----------------------------------------------------------------------------------------------------
See end of OPS-Dir review below for more on this concern.
--- Minor issues: ----
-- 3.2 Elements of procedure:
[A] I see what look like some underspecified requirements:
Each tag SHOULD be treated as an independent identifier that MAY be
used in policy to perform a policy action.
The administrative tag list within the
TLV SHOULD be considered an unordered list.
Why are those two not "MUST" requirements? What happens if either is not done?
<Shraddha> It's perfectly valid for the receiver of the node admin tag to
ignore a certain
tag or set of tags if there are no local policies. I think MUST will be too
restrictive
statement.
--------------------------------------------------------------------------------------------------------------------------
[B] Tag set completeness:
Multiple node administrative tag TLVs MAY appear in an RI LSA or
multiple node administrative tag TLVs MAY be contained in different
instances of the RI LSA. The node administrative tags associated
with a node for the purpose of any computation or processing SHOULD
be a superset of node administrative tags from all the TLVs in all
instances of the RI LSA originated by that node.
This paragraph is about processing at that node. It's easy to misread, as that
implication
is buried in the word "originated" in the last line.
Suggested change:
"for the purpose of any computation or processing SHOULD" ->
"for the purpose of any computation or processing performed
at that node SHOULD"
Also, it looks like it's acceptable for other nodes to perform such computation
or
processing based on a partial tag set for this node (e.g., when some other node
has not
received all the RI LSAs with all the tags). That should be stated.
<Shraddha> This is talking about processing at the receiver. Will update as
below.
Multiple node administrative tag TLVs MAY appear in an RI LSA or
multiple node administrative tag TLVs MAY be contained in different
instances of the RI LSA. The node administrative tags associated
with a node for the purpose of any computation or processing at the receiver
SHOULD
be a superset of node administrative tags from all the TLVs in all
instances of the RI LSA originated by that node.Receiver MAY perform the
processing on
administrative node tags when only a partial set is receieved but the receiver
node MUST
repeat the computation or processing when the complete set of node
administrative tags for
that node is received.
---------------------------------------------------------------------------------------------------------------------------------
[C] Tag change/removal:
When there is a change in the node administrative tag TLV or removal/
addition of a TLV in any instance of the RI-LSA, implementations MUST
take appropriate measures to update its state according to the
changed set of tags. Exact actions depend on features working with
administrative tags and is outside of scope of this specification.
Inability to interoperably remove a tag value (e.g., distribute the update that
tag X no
longer applies to node Q) seems like a significant omission, but I'm not a
routing expert,
so I'll defer to the WG's and ADs' judgment on the importance of this. At a
minimum, the
rationale for not specifying an interoperable tag value removal mechanism ought
to be added
to this document.
<Shraddha> Added the tag updations at the origination.
When there is a change or removal of an adminstrative affiliation of a node,
the node MUST
re-originate the RI LSA with the latest set of node administrative tags.
On the receiver, When there is a change in the node administrative tag TLV or
removal/
addition of a TLV in any instance of the RI-LSA, implementations MUST
take appropriate measures to update its state according to the
changed set of tags. Exact actions depend on features working with
administrative tags and is outside of scope of this specification.
-----------------------------------------------------------------------------------------------------------------------------------------
[D] No management support
From OPS-Dir Q&A: At a minimum, reporting of tag values ought to be defined via
an OSPF MIB
extension or analogous functionality.
<shraddha> I think this should be taken separately as part of OSPF MIB RFC
update, which
will combine multiple features which require new definitions.
Acee, How do we go about this?
-----------------------------------------------------------------------------------------------------------------------------
--- Nits/editorial comments: ----
-- 1. Introduction
The Abstract says that the tags are for "route and path selection"; the
Introduction should
also say that. Suggestion - at the end of this sentence in the first paragraph:
It is useful to assign a per-node administrative tag to a router in
the OSPF domain and use it as an attribute associated with the node.
add the text "for route and path selection". This will help with the second
sentence in
the second paragraph:
<Shraddha>Modified as per suggestion.
Path selection is a functional set
which applies both to TE and non-TE applications and hence new TLV
for carrying per-node administrative tags is included in Router
Information LSA [RFC4970] .
If "path selection" and "functional set" are specific terms with specialized
meaning in
OSPF context, that sentence is fine as-is, otherwise it would read better if it
began with:
Route and path selection functionality applies to both ...
<Shraddha> Modified as per suggestion.
This document provides mechanisms to advertise per-node administrative
tags in OSPF for route and path selection. Route and path selection
functionality applies
to
both to TE and non-TE applications and hence new TLV for carrying per-node
administrative tags is included in Router Information LSA ...
-- 3.1. TLV format
Type : TBA, Suggested value 10
Please add an RFC Editor Note asking the RFC Editor to replace this with the
actual IANA-
assigned value.
<Shraddha> Does the RFC Editor Note go as part of this document.
-- 3.2. Elements of procedure
While it's obvious that tag usage should be confined to the administrative
domain that
understands the tag, it's worth stating. At the end of this
sentence:
Interpretation of tag values is specific to the administrative domain
of a particular network operator.
I'd suggest adding:
, and hence tag values SHOULD NOT be propagated outside the
administrative domain to which they apply.
<Shraddha> Modified as per suggestion
-- 4.4. Mobile back-haul network service deployment
Please expand "eNodeB" acronym on first use.
<Shraddha> Added
-- 4.5. Explicit routing policy
In Figure 3:
- The link from the leftmost pair of A nodes to the pair of T nodes
do not have link weights.
- The link from the left R node to the left T node does not have a
link weight
- The following example of an explicitly routed policy:
- Traffic from A nodes to I nodes must not go through R and T
nodes
prevents the leftmost pair of A nodes from sending traffic to the
I nodes. Was this "black hole" intended as part of the example?
Also: "explicitly routed policies" -> "explicit routing policies"
<Shraddha> It's probably not intended.
Bruno, can you pls confirm?
But, the example in itself is very much valid, with node admin tags operators
can
have policies to drop traffic if destined towards certain prefixes.
As Rob and Bruno, this is nothing new as such an operation is possible today
with routing policies.
- 5. Security considerations
I'd add discussion that advertisement of tag values for one administrative
domain into
another risks misinterpretation of the tag values (if the two domains have
assigned
different meanings to the same values), which may have undesirable and
unanticipated side
effects.
<Shraddha> Added this point to security considerations.
In addition, injection of tag values from the outside (e.g., forge OSPF traffic
that
appears to be from a node in the domain and carries administrative tag values)
is at least
a possible denial-of-service attack vector, and could also be used for more
nefarious
purposes (e.g., reroute otherwise unobservable [to the attacker] VPN traffic
via a route
where the attacker can observe it).
<Shraddha> In the absence of authentication, such attacks are possible on
existing
OSPF implementations and I don't think it's a new risk added by
this extension.
idnits 2.13.02 did not find any nits.
---- Selected RFC 5706 Appendix A Q&A for OPS-Dir review ----
A.1.2. Has installation and initial setup been discussed?
A.1.5. Has the impact on network operation been discussed?
A.1.6. Have suggestions for verifying correct operation been discussed?
No - given the impact that these tags could have on route and path
computation, likely implementations will be powerful "guns"
with which network operators can readily shoot themselves
in far more than just their "feet." These
considerations would have to be documented based on the
specific uses made of these tags by specific implementations
and deployments. All of that appears to be outside the scope
of this draft.
A.1.7. Has management interoperability been discussed?
No - at a minimum, reporting of tag values ought to be defined
via an OSPF MIB extension or analogous functionality.
This is minor issue [D].
A.1.8. Are there fault or threshold conditions that should be reported?
Yes, but they're implementation-specific - see response to
A.1.[2,5,6] above.
A.2. Management Considerations
Do you anticipate any manageability issues with the specification?
Yes, manageability has been largely ignored.
A.3. Documentation
Is an operational considerations and/or manageability section part of
the document?
No.
Does the proposed protocol have a significant operational impact on
the Internet?
Yes, the anticipated uses will.
Is there proof of implementation and/or operational experience?
Nothing was stated in the draft or shepherd write-up.
As an OPS-Dir member, I'm concerned by the above RFC 5706 answers, and in
particular
treating all operational issues as vendor- and/or operator-specific. One
possible
alternative would be to scope the draft down to interoperably specify what's
needed for
LFA, as indicated by this answer from the Shepherd write-up:
(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?
There is consensus from the WG and others outside the WG that
this document can progress. It complements work done on LFA
manageability in the RTG Working Group.
Another alternative could be Experimental RFC status for the full tag mechanism
(e.g., to
figure out what it'll be used for in practice, how and why) rather than
Proposed Standard.
This is major issue [1].
-----Original Message-----
From: Black, David [mailto:[email protected]]
Sent: Wednesday, October 07, 2015 4:41 AM
To: Rob Shakir <[email protected]>; [email protected]; [email protected];
[email protected]; Shraddha Hegde <[email protected]>; General Area Review
Team ([email protected]) <[email protected]>; [email protected]
Cc: [email protected]; [email protected]; [email protected]; Black, David
<[email protected]>
Subject: RE: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
Rob,
I think something needs to be said on use of tags for preference in route
selection vs. prohibition on use of routes, e.g., as Section 4.5 starts out
with a discussion of preference and then supplies two example policies that are
prohibitions.
While Section 4.5 appears to need some attention, that seems to be a bit late
in the draft to cover this topic - perhaps this would be fodder for an
"Operational Considerations" section, as suggested in my reply to Bruno.
That could include a statement that route preference policies are a less risky
use of tags by comparison to route prohibition policies.
Now that I have a better idea of what this draft is intended for, please ignore
my suggestions to scope it to LFA or make it Experimental.
Thanks,
--David
> -----Original Message-----
> From: Rob Shakir [mailto:[email protected]]
> Sent: Tuesday, October 06, 2015 1:22 PM
> To: [email protected]; [email protected]; Black, David;
> [email protected]; [email protected]; General Area Review Team
> ([email protected]); [email protected]
> Cc: [email protected]; [email protected]; Black, David; [email protected]
> Subject: RE: Gen-ART and OPS-Dir review of
> draft-ietf-ospf-node-admin-tag-06
>
>
> On October 6, 2015 at 17:46:41, Black, David ([email protected]) wrote:
> > Rob,
> >
> > > Given that we are really selecting candidates from within a set of
> > > paths
> that
> > > have already been selected by OSPF as valid, and usable - then I’m
> > > not
> sure
> > > that I can understand the logic behind this sentence from your review:
> "There
> > > appears to be more than enough enabled by this draft to wreak
> > > serious operational havoc”.
> >
> > Perhaps, I'm not understanding something, but I thought I saw an
> unreachability
> > problem in the example in Section 4.5/Figure 3:
> >
> > - The following example of an explicitly routed policy:
> >
> > - Traffic from A nodes to I nodes must not go through R and T nodes
> >
> > prevents the leftmost pair of A nodes from sending traffic to the I
> > nodes. Was this "black hole" intended as part of the example?
> >
> > Was that a mistake, and at least one path from the leftmost pair of
> > A nodes to the I nodes will be selected despite that "explicitly routed
> > policy”?
>
> If the operator chooses to deny prefixes being installed in the RIB
> based on these tags, then yes, they could end up with unreachability
> problems. However, an operator can do this today with any routing
> policy (a number of implementations already have inbound route
> filtering) - we should not prevent this kind of mechanism based on the
> fact that an erroneous config might be problematic.
>
> In the case that the operator *preferences* things based on the tags,
> then this would not be an unreachability problem - OSPF would still
> correctly determine that there is a path between all nodes in the
> pictured network - and this would be installed in the RIB as per normal
> operation.
>
> (My memory is not 100% clear on whether this is intended as part of
> the example, if it is, then the text should be clarified I agree.)
>
> Kind regards,
> r.
Open Shortest Path First IGP S. Hegde
Internet-Draft Juniper Networks, Inc.
Intended status: Standards Track R. Shakir
Expires: April 9, 2016 Individual
A. Smirnov
Cisco Systems, Inc.
Z. Li
Huawei Technologies
B. Decraene
Orange
October 7, 2015
Advertising per-node administrative tags in OSPF
draft-ietf-ospf-node-admin-tag-06
Abstract
This document describes an extension to OSPF protocol to add an
optional operational capability, that allows tagging and grouping of
the nodes in an OSPF domain. This allows simplification, ease of
management and control over route and path selection based on
configured policies. This document describes an extension to OSPF
protocol to advertise per-node administrative tags. The node-tags
can be used to express and apply locally-defined network policies
which is a very useful operational capability. Node tags may be used
either by OSPF itself or by other applications consuming information
propagated via OSPF.
This document describes the protocol extensions to disseminate per-
node administrative-tags to the OSPFv2 and OSPFv3 protocol. It
provides example use cases of administrative node tags.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Hegde, et al. Expires April 9, 2016 [Page 1]
�
Internet-Draft OSPF node admin tags October 2015
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 9, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Administrative Tag TLV . . . . . . . . . . . . . . . . . . . 3
3. OSPF per-node administrative tag TLV . . . . . . . . . . . . 3
3.1. TLV format . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. Elements of procedure . . . . . . . . . . . . . . . . . . 4
4. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Service auto-discovery . . . . . . . . . . . . . . . . . 6
4.2. Fast-Re-routing policy . . . . . . . . . . . . . . . . . 6
4.3. Controlling Remote LFA tunnel termination . . . . . . . . 7
4.4. Mobile back-haul network service deployment . . . . . . . 8
4.5. Explicit routing policy . . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. Operational Considerations . . . . . . . . . . . . . . . . . 11
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 11
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
Hegde, et al. Expires April 9, 2016 [Page 2]
�
Internet-Draft OSPF node admin tags October 2015
1. Introduction
It is useful to assign a per-node administrative tag to a router in
the OSPF domain and use it as an attribute associated with the node.
The per-node administrative tag can be used in variety of
applications, for ex: - Traffic-engineering applications to provide
different path-selection criteria, - Prefer or prune certain paths in
Loop Free Alternate (LFA) backup selection via local policies.
This document provides mechanisms to advertise per-node
administrative tags in OSPF for route and path selection. Route and
path selection functionality applies to both to TE and non-TE
applications and hence new TLV for carrying per-node administrative
tags is included in Router Information LSA [RFC4970] .
2. Administrative Tag TLV
An administrative Tag is a 32-bit integer value that can be used to
identify a group of nodes in the OSPF domain.
The new TLV defined will be carried within an RI LSA for OSPFV2 and
OSPFV3. Router information LSA [RFC4970] can have link, area or AS
level flooding scope. Choosing the flooding scope to flood the group
tags are defined by the policies and is a local matter.
The TLV specifies one or more administrative tag values. An OSPF
node advertises the set of groups it is part of in the OSPF domain.
(for example, all PE-nodes are configured with certain tag value, all
P-nodes are configured with a different tag value in the domain).
Multiple TLVs MAY be added in same RI-LSA or in a different instance
of the RI LSA as defined in [I-D.acee-ospf-rfc4970bis].
3. OSPF per-node administrative tag TLV
3.1. TLV format
[RFC4970], defines Router Information (RI) LSA which may be used to
advertise properties of the originating router. Payload of the RI
LSA consists of one or more nested Type/Length/Value (TLV) triplets.
Node administrative tags are advertised in the Node Administrative
Tag TLV. The format of Node Administrative Tag TLV is:
Hegde, et al. Expires April 9, 2016 [Page 3]
�
Internet-Draft OSPF node admin tags October 2015
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: OSPF per-node Administrative Tag TLV
Type : TBA, Suggested value 10
Length: A 16-bit field that indicates the length of the value portion
in octets and will be a multiple of 4 octets dependent on the number
of tags advertised.
Value: A sequence of multiple 4 octets defining the administrative
tags. At least one tag MUST be carried if this TLV is included in
the RI-LSA.
3.2. Elements of procedure
Meaning of the Node administrative tags is generally opaque to OSPF.
Router advertising the per-node administrative tag (or tags) may be
configured to do so without knowing (or even explicitly supporting)
functionality implied by the tag.
Interpretation of tag values is specific to the administrative domain
of a particular network operator, and hence tag values SHOULD NOT be
propagated outside the administrative domain to which they apply.
The meaning of a per-node administrative tag is defined by the
network local policy and is controlled via the configuration. If a
receiving node does not understand the tag value, it ignores the
specific tag and floods the RI LSA without any change as defined in
[RFC4970].
The semantics of the tag order has no meaning. That is, there is no
implied meaning to the ordering of the tags that indicates a certain
operation or set of operations that need to be performed based on the
ordering.
Hegde, et al. Expires April 9, 2016 [Page 4]
�
Internet-Draft OSPF node admin tags October 2015
Each tag SHOULD be treated as an independent identifier that MAY be
used in policy to perform a policy action. Tags carried by the
administrative tag TLV SHOULD be used to indicate independent
characteristics of a node. The administrative tag list within the
TLV SHOULD be considered an unordered list. Whilst policies may be
implemented based on the presence of multiple tags (e.g., if tag A
AND tag B are present), they MUST NOT be reliant upon the order of
the tags (i.e., all policies should be considered commutative
operations, such that tag A preceding or following tag B does not
change their outcome).
To avoid incomplete or inconsistent interpretations of the per-node
administrative tags the same tag value MUST NOT be advertised by a
router in RI LSAs of different scopes. The same tag MAY be
advertised in multiple RI LSAs of the same scope, for example, OSPF
Area Border Router (ABR) may advertise the same tag in area-scope RI
LSAs in multiple areas connected to the ABR.
The per-node administrative tags are not meant to be extended by the
future OSPF standards. The new OSPF extensions MUST NOT require use
of per-node administrative tags or define well-known tag values.
Node administrative tags are for generic use and do not require IANA
registry. The future OSPF extensions requiring well known values MAY
define their own data signalling tailored to the needs of the feature
or MAY use capability TLV as defined in [RFC4970].
Being part of the RI LSA, the per-node administrative tag TLV must be
reasonably small and stable. In particular, but not limited to,
implementations supporting the per-node administrative tags MUST NOT
tie advertised tags to changes in the network topology (both within
and outside the OSPF domain) or reachability of routes.
Multiple node administrative tag TLVs MAY appear in an RI LSA or
multiple node administrative tag TLVs MAY be contained in different
instances of the RI LSA. The node administrative tags associated
with a node for the purpose of any computation or processing at the
receiver SHOULD be a superset of node administrative tags from all
the TLVs in all instances of the RI LSA originated by that
node.Receiver MAY perform the processing on administrative node tags
when only a partial set is received but the receiver node MUST repeat
the computation or processing when the complete set of node
administrative tags for that node is received.
When there is a change or removal of an administrative affiliation of
a node, the node MUST re-originate the RI LSA with the latest set of
node administrative tags. On the receiver, When there is a change in
the node administrative tag TLV or removal/ addition of a TLV in any
instance of the RI-LSA, implementations MUST take appropriate
Hegde, et al. Expires April 9, 2016 [Page 5]
�
Internet-Draft OSPF node admin tags October 2015
measures to update its state according to the changed set of tags.
Exact actions depend on features working with administrative tags and
is outside of scope of this specification.
4. Applications
This section lists several examples of how implementations might use
the Node administrative tags. These examples are given only to
demonstrate generic usefulness of the router tagging mechanism.
Implementation supporting this specification is not required to
implement any of the use cases. It is also worth noting that in some
described use cases routers configured to advertise tags help other
routers in their calculations but do not themselves implement the
same functionality.
4.1. Service auto-discovery
Router tagging may be used to automatically discover group of routers
sharing a particular service.
For example, service provider might desire to establish full mesh of
MPLS TE tunnels between all PE routers in the area of MPLS VPN
network. Marking all PE routers with a tag and configuring devices
with a policy to create MPLS TE tunnels to all other devices
advertising this tag will automate maintenance of the full mesh.
When new PE router is added to the area, all other PE devices will
open TE tunnels to it without the need of reconfiguring them.
4.2. Fast-Re-routing policy
Increased deployment of Loop Free Alternates (LFA) as defined in
[RFC5286] poses operation and management challenges.
[I-D.ietf-rtgwg-lfa-manageability] proposes policies which, when
implemented, will ease LFA operation concerns.
One of the proposed refinements is to be able to group the nodes in
IGP domain with administrative tags and engineer the LFA based on
configured policies.
(a) Administrative limitation of LFA scope
Service provider access infrastructure is frequently designed in
layered approach with each layer of devices serving different
purposes and thus having different hardware capabilities and
configured software features. When LFA repair paths are being
computed, it may be desirable to exclude devices from being
considered as LFA candidates based on their layer.
Hegde, et al. Expires April 9, 2016 [Page 6]
�
Internet-Draft OSPF node admin tags October 2015
For example, if the access infrastructure is divided into the
Access, Distribution and Core layers it may be desirable for a
Distribution device to compute LFA only via Distribution or Core
devices but not via Access devices. This may be due to features
enabled on Access routers; due to capacity limitations or due to
the security requirements. Managing such a policy via
configuration of the router computing LFA is cumbersome and error
prone.
With the Node administrative tags it is possible to assign a tag
to each layer and implement LFA policy of computing LFA repair
paths only via neighbors which advertise the Core or Distribution
tag. This requires minimal per-node configuration and network
automatically adapts when new links or routers are added.
(b) LFA calculation optimization
Calculation of LFA paths may require significant resources of the
router. One execution of Dijkstra algorithm is required for each
neighbor eligible to become next hop of repair paths. Thus a
router with a few hundreds of neighbors may need to execute the
algorithm hundreds of times before the best (or even valid)
repair path is found. Manually excluding from the calculation
neighbors which are known to provide no valid LFA (such as
single-connected routers) may significantly reduce number of
Dijkstra algorithm runs.
LFA calculation policy may be configured so that routers
advertising certain tag value are excluded from LFA calculation
even if they are otherwise suitable.
4.3. Controlling Remote LFA tunnel termination
[RFC7490] defined a method of tunnelling traffic after connected link
failure to extend the basic LFA coverage and algorithm to find tunnel
tail-end routers fitting LFA requirement. In most cases proposed
algorithm finds more than one candidate tail-end router. In real
life network it may be desirable to exclude some nodes from the list
of candidates based on the local policy. This may be either due to
known limitations of the node (the router does not accept targeted
LDP sessions required to implement Remote LFA tunnelling) or due to
administrative requirements (for example, it may be desirable to
choose tail-end router among co-located devices).
The Node administrative tag delivers simple and scalable solution.
Remote LFA can be configured with a policy to accept during the tail-
end router calculation as candidates only routers advertising certain
tag. Tagging routers allows to both exclude nodes not capable of
Hegde, et al. Expires April 9, 2016 [Page 7]
�
Internet-Draft OSPF node admin tags October 2015
serving as Remote LFA tunnel tail-ends and to define a region from
which tail-end router must be selected.
4.4. Mobile back-haul network service deployment
The topology of mobile back-haul network usually adopts ring topology
to save fibre resource and it is divided into the aggregate network
and the access network. Cell Site Gateways(CSGs) connects the
eNodeBs and RNC(Radio Network Controller) Site Gateways(RSGs)
connects the RNCs. The mobile traffic is transported from CSGs to
RSGs. The network takes a typical aggregate traffic model that more
than one access rings will attach to one pair of aggregate site
gateways(ASGs) and more than one aggregate rings will attach to one
pair of RSGs.
----------------
/ \
/ \
/ \
+------+ +----+ Access +----+
|eNodeB|---|CSG1| Ring 1 |ASG1|------------
+------+ +----+ +----+ \
\ / \
\ / +----+ +---+
\ +----+ |RSG1|----|RNC|
-------------| | Aggregate +----+ +---+
|ASG2| Ring |
-------------| | +----+ +---+
/ +----+ |RSG2|----|RNC|
/ \ +----+ +---+
/ \ /
+------+ +----+ Access +----+ /
|eNodeB|---|CSG2| Ring 2 |ASG3|-----------
+------+ +----+ +----+
\ /
\ /
\ /
-----------------
Figure 2: Mobile Backhaul Network
A typical mobile back-haul network with access rings and aggregate
links is shown in figure above. The mobile back-haul networks deploy
traffic engineering due to the strict Service Level Agreements(SLA).
The TE paths may have additional constraints to avoid passing via
different access rings or to get completely disjoint backup TE paths.
The mobile back-haul networks towards the access side change
Hegde, et al. Expires April 9, 2016 [Page 8]
�
Internet-Draft OSPF node admin tags October 2015
frequently due to the growing mobile traffic and addition of new
Evolved NodeBs (eNodeB). It's complex to satisfy the requirements
using cost, link color or explicit path configurations. The node
administrative tag defined in this document can be effectively used
to solve the problem for mobile back-haul networks. The nodes in
different rings can be assigned with specific tags. TE path
computation can be enhanced to consider additional constraints based
on node administrative tags.
4.5. Explicit routing policy
Partially meshed network provides multiple paths between any two
nodes in the network. In a data centre environment, the topology is
usually highly symmetric with many/all paths having equal cost. In a
long distance network, this is usually less the case for a variety of
reasons (e.g. historic, fibre availability constraints, different
distances between transit nodes, different roles ...). Hence between
a given source and destination, a path is typically preferred over
the others, while between the same source and another destination, a
different path may be preferred.
Hegde, et al. Expires April 9, 2016 [Page 9]
�
Internet-Draft OSPF node admin tags October 2015
+--------------------+
| |
| +----------+ |
| | | |
T-10-T | |
/| /| | |
/ | / | | |
--+ | | | | |
/ +--+-+ 100 | |
/ / | | | |
/ / R-18-R | |
/ / /\ /\ | |
/ | / \ / \ | |
/ | / x \ | |
A-25-A 10 10 \ \ | |
/ / 10 10 | |
/ / \ \ | |
A-25-A A-25-A | |
\ \ / / | |
201 201 201 201 | |
\ \ / / | |
\ x / | |
\ / \ / | |
\/ \/ | |
I-24-I 100 100
| | | |
| +-----------+ |
| |
+---------------------+
Figure 3: Explicit Routing topology
In the above topology, operator may want to enforce the following
high level explicitly routed policies:
- Traffic from A nodes to A nodes must not go through I nodes
- Traffic from A nodes to I nodes must not go through R and T
nodes
With node admin tags, tag A (resp. I, R, T) can be configured on all
A (resp. I, R, T) nodes to advertise their role. Then a generic
CSPF policy can be configured on all A nodes to enforce the above
explicit routing objectives. (e.g. CSPF to destinations A exclude
node with tags I).
Hegde, et al. Expires April 9, 2016 [Page 10]
�
Internet-Draft OSPF node admin tags October 2015
5. Security Considerations
Node administrative tags may be used by operators to indicate
geographical location or other sensitive information. As indicated
in [RFC2328] and [RFC5340] OSPF authentication mechanisms do not
provide confidentiality and the information carried in node
administrative tags could be leaked to an IGP snooper.
Advertisement of tag values for one administrative domain into
another risks misinterpretation of the tag values (if the two domains
have assigned different meanings to the same values), which may have
undesirable and unanticipated side effects.
6. Operational Considerations
Operators can assign meaning to the node administrative tags which is
local to the operator's administrative domain. The operational use
of node administrative tags is analogical to the IS-IS prefix tags
[RFC5130] and BGP communities [RFC1997]. Operational discipline and
procedures followed in configuring and using BGP communities and ISIS
Prefix tags is also applicable to the usage of node administrative
tags.
Defining language for local policies is outside the scope of this
document. As in case of other policy applications, the pruning
policies can cause the path to be completely removed from forwarding
plane, hence are less preferred than the preference policies.
7. IANA Considerations
This specification updates one OSPF registry: OSPF Router Information
(RI) TLVs Registry
i) Node Admin Tag TLV - Suggested value 10
8. Contributors
Thanks to Hannes Gredler for his substantial review,guidance and to
the editing of this document. Thanks to Harish Raguveer for his
contributions to initial versions of the draft.
9. Acknowledgements
Thanks to Bharath R, Pushpasis Sarakar and Dhruv Dhody for useful
inputs. Thanks to Chris Bowers for providing useful inputs to remove
ambiguity related to tag-ordering. Thanks to Les Ginsberg and Acee
Lindem for the inputs.
Hegde, et al. Expires April 9, 2016 [Page 11]
�
Internet-Draft OSPF node admin tags October 2015
10. References
10.1. Normative References
[I-D.acee-ospf-rfc4970bis]
Lindem, A., Shen, N., Vasseur, J., Aggarwal, R., and S.
Shaffer, "Extensions to OSPF for Advertising Optional
Router Capabilities", draft-acee-ospf-rfc4970bis-00 (work
in progress), July 2014.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<http://www.rfc-editor.org/info/rfc2328>.
[RFC4970] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and
S. Shaffer, "Extensions to OSPF for Advertising Optional
Router Capabilities", RFC 4970, DOI 10.17487/RFC4970, July
2007, <http://www.rfc-editor.org/info/rfc4970>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<http://www.rfc-editor.org/info/rfc5340>.
[RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N.
So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)",
RFC 7490, DOI 10.17487/RFC7490, April 2015,
<http://www.rfc-editor.org/info/rfc7490>.
10.2. Informative References
[I-D.ietf-rtgwg-lfa-manageability]
Litkowski, S., Decraene, B., Filsfils, C., Raza, K.,
Horneffer, M., and P. Sarkar, "Operational management of
Loop Free Alternates", draft-ietf-rtgwg-lfa-
manageability-11 (work in progress), June 2015.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<http://www.rfc-editor.org/info/rfc1997>.
Hegde, et al. Expires April 9, 2016 [Page 12]
�
Internet-Draft OSPF node admin tags October 2015
[RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy
Control Mechanism in IS-IS Using Administrative Tags",
RFC 5130, DOI 10.17487/RFC5130, February 2008,
<http://www.rfc-editor.org/info/rfc5130>.
[RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for
IP Fast Reroute: Loop-Free Alternates", RFC 5286,
DOI 10.17487/RFC5286, September 2008,
<http://www.rfc-editor.org/info/rfc5286>.
Authors' Addresses
Shraddha Hegde
Juniper Networks, Inc.
Embassy Business Park
Bangalore, KA 560093
India
Email: [email protected]
Rob Shakir
Individual
Email: [email protected]
Anton Smirnov
Cisco Systems, Inc.
De Kleetlaan 6a
Diegem 1831
Belgium
Email: [email protected]
Li zhenbin
Huawei Technologies
Huawei Bld. No.156 Beiqing Rd
Beijing 100095
China
Email: [email protected]
Hegde, et al. Expires April 9, 2016 [Page 13]
�
Internet-Draft OSPF node admin tags October 2015
Bruno Decraene
Orange
Email: [email protected]
Hegde, et al. Expires April 9, 2016 [Page 14]
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf
