Internet Engineering Task Force (IETF) L. Ginsberg, Ed.Internet-DraftRequest for Comments: 8401 Cisco SystemsIntended status:Category: Standards Track A. PrzygiendaExpires: October 1, 2018ISSN: 2070-1721 Juniper Networks S. Aldrin Google J. Zhang Juniper Networks, Inc.March 30,June 2018BIER supportBit Index Explicit Replication (BIER) Support viaISIS draft-ietf-bier-isis-extensions-11IS-IS Abstract This document definesISISIS-IS extensions to support multicast forwarding using the Bit Index Explicit Replication (BIER) architecture.Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 ofsix monthsRFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 1, 2018.https://www.rfc-editor.org/info/rfc8401. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 4. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. BIER Domains andSub-DomainsSubDomains . . . . . . . . . . . . . .5. 4 4.2. Advertising BIER Information . . . . . . . . . . . . . . 5 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 5 5.1.Multi TopologyMulti-Topology andSub-DomainSubdomain . . . . . . . . . . . . . . 5 5.2. BFR-id Advertisements . . . . . . . . . . . . . . . . . . 6 5.3. Logging Misconfiguration . . . . . . . . . . . . . . . . 6 5.4. Flooding Reduction . . . . . . . . . . . . . . . . . . . 6 6. Packet Formats . . . . . . . . . . . . . . . . . . . . . . . 6 6.1. BIER Infosub-TLVSub-TLV . . . . . . . . . . . . . . . . . . . .76 6.2. BIER MPLS Encapsulationsub-sub-TLVSub-sub-TLV . . . . . . . . . . .87 7. Security Considerations . . . . . . . . . . . . . . . . . . .98 8.AcknowledgementsReferences . . . . . . . . . . . . . . . . . . . . . . . . . 99.8.1. Normative References . . . . . . . . . . . . . . . . . . 9 8.2. Informative References . . . . . . .10 9.1. Normative References .. . . . . . . . . . 11 Acknowledgements . . . . . . .10 9.2. Informative References. . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction Bit Index Explicit Replication (BIER) [RFC8279] defines an architecture where all intended multicast receivers are encoded as a bitmask in theMulticastmulticast packet header within different encapsulations such as described in [RFC8296]. A router that receives such a packet will forward the packet based on theBit Positionbit position in the packet header towards thereceiver(s),receiver(s) following a precomputed tree for each of the bits in the packet. Each receiver is represented by a unique bit in the bitmask. This document presents necessary extensions to the currently deployedISISIS-IS for IP [RFC1195]protocolto support distribution of information necessary for operation of BIER domains andsub-domains.subdomains. This document defines a new TLV to be advertised by every router participating in BIER signaling. This document defines support for MPLS encapsulation as specified in [RFC8296]. Support for other encapsulation typesis outsideand thescope of this document. Theuse of multiple encapsulation typesisare outside the scope of this document. 2. Terminology Some of the terminology specified in [RFC8279] is replicated here and extended by necessary definitions: BIER: Bit Index ExplicitReplication (TheReplication. The overall architecture of forwarding multicast using aBit Position).bit position. BIER-OL: BIER Overlay Signaling.(TheThe method for the BFIR to learn aboutBFER's).BFERs. BFR: Bit ForwardingRouter (ARouter. A router that participates in Bit Index MultipointForwarding).Forwarding. A BFR is identified by a uniqueBFR- prefixBFR-prefix in a BIER domain. BFIR: Bit Forwarding IngressRouter (TheRouter. The ingress border router that inserts theBMBitString into thepacket).packet. Each BFIR must have a validBFR- idBFR-id assigned. BFER: Bit Forwarding Egress Router. A router that participates in Bit Index Forwarding as a leaf. Each BFER must be a BFR. Each BFER must have a valid BFR-id assigned. BFT: Bit Forwarding Tree used to reach all BFERs in a domain. BIERsub-domain:subdomain: A further distinction within a BIER domain identified by its uniquesub-domainsubdomain identifier. A BIERsub-domainsubdomain can support multiple BitString Lengths. BFR-id: An optional, unique identifier for a BFR within a BIERsub- domain.subdomain. Invalid BFR-id: Unassigned BFR-id. The special value 0 is reserved for this purpose.BARBAR: BIER Algorithm. Used to calculate underlay next hops.IPAIPA: IGP Algorithm. May be used to modify,enhanceenhance, or replace the calculation of underlay paths as defined by the BARvalue SPFvalue. SPF: Shortest Path First routing calculation based on the IGP linkmetricmetric. 2.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. IANA Considerations This document adds the followingnew sub-TLVentry to theregistry of Sub- TLVs"Sub-TLVs for TLVs 135, 235, 236, and237.237" registry. Value: 32(suggested - to be assigned by IANA)Name: BIER Info This document also introduces a new registry for sub-sub-TLVs for the BIER Infosub-TLV added above.sub-TLV. The registration policy is Expert Review as defined in [RFC8126].This registry is part ofThe "Sub-sub-TLVs for BIER Info Sub-TLV" has been created within the "IS-IS TLV Codepoints" registry. Thename of the registry is "sub-sub-TLVs for BIER Info sub-TLV". Thedefinedvalues are:value is as follows: Type Name ---- ---- 1 BIER MPLS Encapsulation IANAis requested to set up a registry calledhas created the "BIERAlgorithm Registry" under categoryAlgorithms" registry within the "Bit Index ExplicitReplication".Replication (BIER)" registry. The registration policies [RFC8126] for this registry are: "Standards Action" for values 0-127 "Specification Required" for values128-240128-239 "Experimental Use" for values240-254"240-254 The initial values in theBIER Algorithm Registry"BIER Algorithms" registry are: 0: NoBIER specificBIER-specific algorithm is used1-254: Unassigned255: Reserved 4. Concepts 4.1. BIER Domains andSub-DomainsSubDomains AnISIS signalledIS-IS-signalled BIER domain is aligned with the scope of distribution of BFR-prefixes that identify the BFRs withinISIS. ISIS acts inIS-IS. In such acasecase, IS-IS acts as the supporting BIER underlay. Within such a domain, the extensions defined in this document advertise BIER information for one or more BIERsub-domains.subdomains. Eachsub-domainsubdomain is uniquely identified by a subdomain-id (SD). Each subdomain is associated with a singleISISIS-IS topology (MT) [RFC5120], which may be any of the topologies supported byISIS.IS-IS. Local configuration controls which <MT,SD> pairs are supported by a router. The mapping ofsub-domainssubdomains to topologies MUST be consistent within the IS-IS flooding domain used to advertise BIER information. Each BIERsub-domainsubdomain has as its unique attributes the encapsulation used and the type of tree itis usinguses to forward BIER frames (currently always SPF). Additionally, per supportedbitstringBitString length in thesub-domain,subdomain, each router will advertise the necessary label ranges to support it. 4.2. Advertising BIER Information BIER information advertisements are associated with a new sub-TLV in the extended reachability TLVs. BIER information is always associated with a hostprefixprefix, which MUST be a node address for the advertising node. If this is not thecasecase, the advertisement MUST be ignored.ThereforeTherefore, the following restrictions apply: o Prefix length MUST be 32 for an IPv4 prefix or 128 for an IPv6prefixprefix. o When the Prefix Attributes Flags sub-TLV [RFC7794] ispresentpresent, the N flag MUST be set and the R flag MUST NOT be set.[RFC7794]o BIER sub-TLVs MUST be included when a prefix reachability advertisement is leaked between levels. 5. Procedures 5.1.Multi TopologyMulti-Topology andSub-DomainSubdomain A givensub-domainsubdomain is supported within one and only one topology. All routers in the flooding scope of the BIER sub-TLVs MUST advertise the samesub-domainsubdomain within the same multi-topology. A router receiving an <MT,SD> advertisementwhichthat does not match the locally configured pair MUST report a misconfiguration of the received <MT,SD> pair. All received BIER advertisements associated with the conflicting <MT,SD> pair MUST be ignored. Note that in the presence of such amisconfigurationmisconfiguration, this will lead to partitioning of thesub- domian.subdomain. Example: The following combination of advertisements are valid: <0,0><0,1><0,1>, and <2,2>. The following combination of advertisements are invalid: <0,0><0,1><0,1>, and <2,0>. Advertisements associated with <0,0> and <2,0> must be ignored. 5.2. BFR-id Advertisements If a BFER/BFIR is configured with aBFR-idBFR-id, then it advertises this value in its BIER advertisements. If no BFR-id isconfiguredconfigured, then the value "Invalid BFR-id" is advertised. A valid BFR-id MUST be unique within the flooding scope of the BIER advertisements. All BFERs/BFIRs MUST detect advertisement of duplicate valid BFR-IDs for a given<MT, SD>.<MT,SD>. When such duplication isdetecteddetected, all of the routers advertising duplicates MUST be treated as if they did not advertise a valid BFR-id. This implies they cannot act as BFER or BFIR in that <MT,SD>. 5.3. Logging Misconfiguration Whenever an advertisement is receivedwhichthat violates any of the constraints defined in thisdocumentdocument, the receiving router MUST support logging this occurrence. Logging SHOULD be dampened to avoid excessive output. 5.4. Flooding Reduction It is expected that changes in the BIER domain informationwhichthat is advertised by IS-IS occur infrequently. If this expectation is not met for an extended period of time (more than a few seconds ofburstiness)burstiness), changes will increase the number of Link State PDU (LSP) updates and negatively impact performance in the network. Implementations SHOULD protect against this possibilitye.g., byby, for example, dampening updates if they occur over an extended period of time. 6. Packet Formats AllISISIS-IS BIER information is carried within the TLVs 235,237 [RFC5120] or TLVs237, [RFC5120], 135 [RFC5305], orTLV236 [RFC5308]. 6.1. BIER Infosub-TLVSub-TLV This sub-TLV carries the information for the BIERsub-domainssubdomains that the router participates in as a BFR. This sub-TLV MAY appear multiple times in a given prefix-reachability TLV--- once for eachsub-domainsubdomain supported in the associated topology. The sub-TLV advertises a single <MT,SD> combination followed by optional sub-sub-TLVs as described in the following sections. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BAR | IPA | subdomain-id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BFR-id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | sub-sub-TLVs (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type:asAs indicated in the IANA section. Length:variable BARVariable BAR: BIER Algorithm. Specifies aBIER specificBIER-specific algorithm used to calculate underlay paths to reach BFERs. Values are allocated from theBIER Algorithm Registry."BIER Algorithms" registry. 1octet IPAoctet. IPA: IGPalgorithm.Algorithm. Specifies an IGP Algorithm to either modify,enhanceenhance, or replace the calculation of underlay paths to reach BFERs as defined by the BAR value. Values are from the IGP Algorithm registry. 1octetoctet. subdomain-id: Unique value identifying the BIERsub-domain.subdomain. 1octetoctet. BFR-id: A2 octet2-octet field encoding the BFR-id, as documented in [RFC8279]. If no BFR-id has beenassignedassigned, the value of this field is set to "Invalid BFR-id", which is defined as illegal in[RFC8279] .[RFC8279]. The use of non-zero values in either the BAR field or the IPA field is outside the scope of this document. If an implementation does not support the use of non-zero values in thesefields,fields but receives a BIER Info sub-TLV containing non-zero values in these fields, it SHOULD treat the advertising router as incapable of supporting BIER (one way of handling incapable routers is documented insectionSection 6.9 of [RFC8279] and additional methods may be defined in the future). 6.2. BIER MPLS Encapsulationsub-sub-TLVSub-sub-TLV This sub-sub-TLV carries the information for the BIER MPLS encapsulation including the label range for a specificbitstringBitString length for a certain <MT,SD>. It is advertised within the BIER Info sub-TLV (Section6.1) .6.1). This sub-sub-TLV MAY appear multiple times within a single BIERinfoInfo sub-TLV. If the sameBitstringBitString length is repeated in multiple sub-sub-TLVs inside the same BIER InfoSub-TLV,sub-TLV, the BIER Info sub-TLV MUST be ignored. Label ranges within all BIER MPLS Encapsulation sub-sub-TLVs across all BIER Info sub-TLVs advertised by the same BFR MUST NOT overlap. If overlap is detected, the advertising router MUST be treated as if it did not advertise any BIER sub-TLVs. Label values MUST NOT match any of the reserved values defined in[RFC3032][RFC3032]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Max SI |BS Len | Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type:valueValue of 1 indicating MPLS encapsulation. Length: 4 MaxSISI: Maximum Set Identifier(section(Section 1 of [RFC8279]) used in the encapsulation for this BIERsub-domainsubdomain for thisbitstringBitString length, 1 octet. Each SI maps to a single label in the label range. The first label is for SI=0, the second label is for SI=1, etc. If the label associated with the Maximum Set Identifier exceeds the20 bit range20-bit range, the sub-sub-TLV MUST be ignored. Local BitString Length (BS Len): EncodedbitstringBitString length as per [RFC8296]. 4 bits. Label: First label of the range, 20 bits. The labels are as defined in [RFC8296]. 7. Security Considerations Security concerns for IS-IS are addressed in [RFC5304] and [RFC5310]. The Security Considerations section of [RFC8279] discusses the possibility of performing aDenial of ServiceDenial-of-Service (DoS) attack by setting too many bits in the BitString of a BIER-encapsulated packet. However, this sort of DoS attack cannot be initiated by modifying theISISIS-IS BIER advertisements specified in this document. A BFIR decides which systems are to receive a BIER-encapsulated packet. In making this decision, it is not influenced by theISISIS-IS control messages. When creating the encapsulation, the BFIR sets one bit in the encapsulation for each destination system. The information in theISISIS-IS BIER advertisements is used to construct the forwarding tables that map each bit in the encapsulation into a set of next hops for the host that is identified by that bit, but it is not used by the BFIR to decide which bits to set.HenceHence, an attack on theISISIS-IS control plane cannot be used to cause this sort of DoS attack. While a BIER-encapsulated packet is traversing the network, a BFR that receives a BIER-encapsulated packet with n bits set in its BitString may have to replicate the packet and forward multiple copies. However, a given bit will only be set in one copy of the packet.ThatThis means that each transmitted replica of a received packet has fewer bits set (i.e., is targeted to fewer destinations) than the received packet. This is an essential property of theBIERBIER- forwarding process as defined in [RFC8279]. While a failure of this process might cause a DoS attack (as discussed in the Security Considerations of [RFC8279]), such a failure cannot be caused by an attack on theISISIS-IS control plane. Further discussion ofBIER specificBIER-specific security considerations can be found in [RFC8279].9.8. References9.1.8.1. Normative References [RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, DOI 10.17487/RFC1195, December 1990, <https://www.rfc-editor.org/info/rfc1195>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, <https://www.rfc-editor.org/info/rfc3032>. [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/RFC5120, February 2008, <https://www.rfc-editor.org/info/rfc5120>. [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic Authentication", RFC 5304, DOI 10.17487/RFC5304, October 2008, <https://www.rfc-editor.org/info/rfc5304>. [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic Engineering", RFC 5305, DOI 10.17487/RFC5305, October 2008, <https://www.rfc-editor.org/info/rfc5305>. [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, DOI 10.17487/RFC5308, October 2008, <https://www.rfc-editor.org/info/rfc5308>. [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., and M. Fanto, "IS-IS Generic Cryptographic Authentication", RFC 5310, DOI 10.17487/RFC5310, February 2009, <https://www.rfc-editor.org/info/rfc5310>. [RFC7794] Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794, March 2016, <https://www.rfc-editor.org/info/rfc7794>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Przygienda, T., and S. Aldrin, "Multicast Using Bit Index Explicit Replication (BIER)", RFC 8279, DOI 10.17487/RFC8279, November 2017, <https://www.rfc-editor.org/info/rfc8279>. [RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation for Bit Index Explicit Replication (BIER) in MPLS and Non- MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January 2018, <https://www.rfc-editor.org/info/rfc8296>.9.2.8.2. Informative References[I-D.ietf-bier-ospf-bier-extensions][OPSFv2BIER] Psenak, P., Kumar, N., Wijnands, I., Dolganow, A., Przygienda, T., Zhang, Z., and S. Aldrin, "OSPFv2 Extensions for BIER",draft-ietf-bier-ospf-bier- extensions-16 (workWork inprogress), MarchProgress, draft-ietf-bier- ospf-bier-extensions-17, April 2018. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.8.AcknowledgementsTheThis RFC is aligned withthe [I-D.ietf-bier-ospf-bier-extensions] draft"OSPFv2 Extensions for BIER" [OPSFv2BIER] document as far as the protocol mechanisms overlap. Many thanks for comments from (in no particular order) Hannes Gredler, Ijsbrand Wijnands, PeterPsenakPsenak, and Chris Bowers. Special thanks to Eric Rosen. Authors' Addresses Les Ginsberg (editor) Cisco Systems 510 McCarthy Blvd. Milpitas, CA 95035USAUnited States of America Email: ginsberg@cisco.com Tony Przygienda Juniper Networks Email: prz@juniper.net Sam Aldrin Google 1600 Amphitheatre Parkway Mountain View, CAUSAUnited States of America Email: aldrin.ietf@gmail.com Jeffrey (Zhaohui) Zhang Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886USAUnited States of America Email: zzhang@juniper.net