diff options
Diffstat (limited to 'doc/rfc/rfc9355.txt')
-rw-r--r-- | doc/rfc/rfc9355.txt | 484 |
1 files changed, 484 insertions, 0 deletions
diff --git a/doc/rfc/rfc9355.txt b/doc/rfc/rfc9355.txt new file mode 100644 index 0000000..af5a39f --- /dev/null +++ b/doc/rfc/rfc9355.txt @@ -0,0 +1,484 @@ + + + + +Internet Engineering Task Force (IETF) K. Talaulikar, Ed. +Request for Comments: 9355 P. Psenak +Updates: 2328 Cisco Systems, Inc. +Category: Standards Track A. Fu +ISSN: 2070-1721 Bloomberg + M. Rajesh + Juniper Networks + February 2023 + + + OSPF Bidirectional Forwarding Detection (BFD) Strict-Mode + +Abstract + + This document specifies the extensions to OSPF that enable an OSPF + router to signal the requirement for a Bidirectional Forwarding + Detection (BFD) session prior to adjacency formation. Link-Local + Signaling (LLS) is used to advertise the requirement for strict-mode + BFD session establishment for an OSPF adjacency. If both OSPF + neighbors advertise BFD strict-mode, adjacency formation will be + blocked until a BFD session has been successfully established. + + This document updates RFC 2328 by augmenting the OSPF neighbor state + machine with a check for BFD session up before progression from Init + to 2-Way state when operating in OSPF BFD strict-mode. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc9355. + +Copyright Notice + + Copyright (c) 2023 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Revised BSD License text as described in Section 4.e of the + Trust Legal Provisions and are provided without warranty as described + in the Revised BSD License. + +Table of Contents + + 1. Introduction + 1.1. Requirements Language + 2. LLS B-Bit Flag + 3. Local Interface IPv4 Address TLV + 4. Procedures + 4.1. OSPFv3 IPv4 AF Specifics + 4.2. Graceful Restart Considerations + 5. Operations and Management Considerations + 6. Backward Compatibility + 7. IANA Considerations + 8. Security Considerations + 9. References + 9.1. Normative References + 9.2. Informative References + Acknowledgements + Authors' Addresses + +1. Introduction + + Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to + monitor data plane connectivity and to detect faults in the + bidirectional path between them. BFD is leveraged by routing + protocols like OSPFv2 [RFC2328] and OSPFv3 [RFC5340] to detect + connectivity failures for established adjacencies faster than the + OSPF Hello dead timer detection and to trigger rerouting of traffic + around the failure. The use of BFD for monitoring routing protocol + adjacencies is described in [RFC5882]. + + When BFD monitoring is enabled for OSPF adjacencies by the network + operator, the BFD session is bootstrapped based on the neighbor + address information discovered by the exchange of OSPF Hello packets. + Faults in the bidirectional forwarding detected via BFD then result + in the OSPF adjacency being brought down. A degraded or poor-quality + link may result in intermittent packet drops. In such scenarios, + implementations prior to the extensions specified in this document + may still get an OSPF adjacency established over such a link; + however, given the more aggressive monitoring intervals supported by + BFD, a BFD session may not get established and/or may flap. The + traffic forwarded over such a link would experience packet drops, and + the failure of the BFD session establishment will not enable fast + routing convergence. OSPF adjacency flaps may occur over such links + when OSPF brings up the adjacency only for it to be brought down + again by BFD. + + To avoid the routing churn associated with these scenarios, it would + be beneficial not to allow OSPF to establish an adjacency until a BFD + session is successfully established and has stabilized. However, + this would preclude the OSPF operation in an environment where not + all OSPF routers support BFD and have it enabled on the link. A + solution is to block OSPF adjacency establishment until a BFD session + is established as long as both neighbors advertise such a + requirement. Such a mode of OSPF BFD usage is referred to as + "strict-mode". Strict-mode introduces signaling support in OSPF to + achieve the blocking of adjacency formation until BFD session + establishment occurs, as described in Section 4.1 of [RFC5882]. + + This document specifies the OSPF protocol extensions using Link-Local + Signaling (LLS) [RFC5613] for a router to indicate to its neighbor + the willingness to require BFD strict-mode for OSPF adjacency + establishment (refer to Section 2). It also introduces an extension + to OSPFv3 LLS of the interface IPv4 address (refer to Section 3) to + be used for the BFD session setup when OSPFv3 is used for an IPv4 + Address Family (AF) instance. + + This document updates [RFC2328] by augmenting the OSPF neighbor state + machine with a check for BFD session up before progression from Init + to 2-Way state when operating in OSPF BFD strict-mode. + + The extensions and procedures for OSPF BFD strict-mode also apply for + adjacency over virtual links using BFD multi-hop [RFC5883] + procedures. + + A similar functionality for IS-IS is specified in [RFC6213]. + +1.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +2. LLS B-Bit Flag + + This document defines the B-bit in the LLS Type 1 Extended Options + and Flags. This bit is defined for the LLS block that is included in + Hello and Database Description (DD) packets. The B-bit indicates + that BFD is enabled on the link and that the router requests OSPF BFD + strict-mode. Section 7 describes the position of the B-bit. + + A router MUST include the LLS block with the B-bit set in the LLS + Type 1 Extended Options and Flags in its Hello and DD packets when + OSPF BFD strict-mode is enabled on the link. + +3. Local Interface IPv4 Address TLV + + The Local Interface IPv4 Address TLV is an LLS TLV defined for OSPFv3 + IPv4 AF instance [RFC5838] protocol operation as described in + Section 4.1. + + It has the following format: + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Type | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Local Interface IPv4 Address | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + where: + + Type: 21 + + Length: 4 octets + + Local Interface IPv4 Address: The primary IPv4 address of the local + interface. + +4. Procedures + + A router supporting OSPF BFD strict-mode advertises this capability + through its Hello packets as described in Section 2. When a router + supporting OSPF BFD strict-mode discovers a new neighbor router that + also supports OSPF BFD strict-mode, it will establish a BFD session + with that neighbor first before bringing up the OSPF adjacency as + described further in this section. + + This document updates the OSPF neighbor state machine as described in + [RFC2328]. Specifically, the operations related to the Init state + are modified as described below when OSPF BFD strict-mode is used: + + Init (without OSPF BFD strict-mode): + In this state, a Hello packet has recently been received from the + neighbor. However, bidirectional communication has not yet been + established with the neighbor (i.e., the router itself did not + appear in the neighbor's Hello packet). All neighbors in this + state (or higher) are listed in the Hello packets sent from the + associated interface. + + Init (with OSPF BFD strict-mode): + In this state, a Hello packet has recently been received from the + neighbor. However, bidirectional communication has not yet been + established with the neighbor (i.e., the router itself did not + appear in the neighbor's Hello packet). BFD session establishment + with the neighbor is requested if it's not already completed + (e.g., in the event of transition from 2-Way state). Neighbors in + Init state or higher will be listed in Hello packets associated + with the interface if they either have a corresponding BFD session + established or have not advertised OSPF BFD strict-mode in the LLS + Type 1 Extended Options and Flags advertised in the Hello packet. + + When the neighbor state transitions to Down state, the removal of the + BFD session associated with that neighbor is requested by OSPF; + subsequent BFD session establishment is similarly requested by OSPF + upon transitioning into Init state. This may result in BFD session + deletion and creation, respectively, when OSPF is the only client + interested in the BFD session with the neighbor address. + + An implementation MUST NOT wait for BFD session establishment in Init + state unless OSPF BFD strict-mode is enabled by the operator on the + interface and the specific neighbor indicates OSPF BFD strict-mode + capability via the LLS Type 1 Extended Options and Flags advertised + in the Hello packet. When BFD is enabled, but OSPF BFD strict-mode + has not been signaled by both neighbors, an implementation SHOULD + start BFD session establishment only in 2-Way or greater state. This + makes it possible for an OSPF router to support BFD operation in both + strict-mode and normal mode across different interfaces or even + across different neighbors on the same multi-access interface. + + Once the OSPF state machine has moved beyond the Init state, any + change in the B-bit advertised in subsequent Hello packets MUST NOT + result in any trigger in either the OSPF adjacency or the BFD session + management (i.e., the B-bit is considered only when in Init state). + Disabling BFD (or OSPF BFD strict-mode) on an OSPF interface would + result in it not setting the B-bit in the LLS Type 1 Extended Options + and Flags advertised in subsequent Hello packets. Disabling OSPF BFD + strict-mode has no effect on BFD operations and would not result in + the bringing down of any established BFD sessions. Disabling BFD + would result in the BFD session being brought down due to AdminDown + State (described in Section 3.2 of [RFC5882]); hence, it would not + bring down the OSPF adjacency. + + When BFD is enabled on an interface over which we already have an + existing OSPF adjacency, it would result in the router setting the + B-bit in its subsequent Hello packets and the initiation of BFD + session establishment to the neighbor. If the adjacency is already + up (i.e., in its terminal state of Full or 2-Way with routers that + are not designated routers on a multi-access interface) with a + neighbor that also supports OSPF BFD strict-mode, then an + implementation SHOULD NOT bring this adjacency down into the Init + state to avoid disruption to routing operations and instead use the + OSPF BFD strict-mode wait only after a transition to Init state. + However, if the adjacency is not up, then an implementation MAY bring + such an adjacency down so it can use the OSPF BFD strict-mode for its + adjacency establishment. + +4.1. OSPFv3 IPv4 AF Specifics + + Support for multiple AFs in OSPFv3 [RFC5838] requires the use of an + IPv6 link-local address as the source address for Hello packets, even + when forming adjacencies for IPv4 AF instances. In most deployments + of OSPFv3 IPv4 AFs, it is required that BFD is used to monitor and + verify IPv4 data plane connectivity between the routers on the link; + hence, the BFD session is set up using IPv4 neighbor addresses. The + IPv4 neighbor address on the interface is learned only later in the + adjacency formation process when the neighbor's Link-LSA (Link State + Advertisement) is received. This results in the setup of the BFD + IPv4 session either after the adjacency is established or later in + the adjacency formation sequence. + + To operate in OSPF BFD strict-mode, it is necessary for an OSPF + router to learn its neighbor's IPv4 link address during the Init + state of adjacency formation (ideally, when it receives the first + Hello). The use of the Local Interface IPv4 Address TLV (as defined + in Section 3) in the LLS block advertised in OSPFv3 Hello packets for + IPv4 AF instances makes this possible. Implementations that support + OSPF BFD strict-mode for OSPFv3 IPv4 AF instances MUST include the + Local Interface IPv4 Address TLV in the LLS block advertised in their + Hello packets whenever the B-bit is also set in the LLS Type 1 + Extended Options and Flags. A receiver MUST ignore the B-bit (i.e., + not operate in strict-mode for BFD) when the Local Interface IPv4 + Address TLV is not present in OSPFv3 Hello messages for OSPFv3 IPv4 + AF instances. + +4.2. Graceful Restart Considerations + + An implementation needs to handle scenarios where both graceful + restart (GR) and the OSPF BFD strict-mode are deployed together. The + graceful restart aspects related to process restart scenarios + discussed in Section 3.3 of [RFC5882] also apply with OSPF BFD + strict-mode. Additionally, since the OSPF adjacency formation is + delayed until the BFD session establishment in OSPF BFD strict-mode, + the resultant delay in adjacency formation may affect or break the + GR-based recovery. In such cases, it is RECOMMENDED that the GR + timers are set such that they provide sufficient time to allow for + normal BFD session establishment delays. + +5. Operations and Management Considerations + + An implementation SHOULD report the BFD session status along with the + OSPF Init adjacency state when OSPF BFD strict-mode is enabled and + support logging operations on neighbor state transitions that include + the BFD events. This allows an operator to detect scenarios where an + OSPF adjacency may be stuck waiting for BFD session establishment. + + In network deployments with noisy or degraded links with intermittent + packet loss, BFD sessions may flap, resulting in OSPF adjacency + flaps. In turn, this may cause routing churn. The use of OSPF BFD + strict-mode along with mechanisms such as hold-down (a delay in + bringing up the initial OSPF adjacency following BFD session + establishment) and/or dampening (a delay in bringing up the OSPF + adjacency following failure detected by BFD) may help reduce the + frequency of adjacency flaps and therefore reduce the associated + routing churn. The details of these mechanisms are outside the scope + of this document. + + [RFC9129] specifies the base OSPF YANG module. The required + configuration and operational elements for this feature are expected + to be introduced as augmentation to this base OSPF YANG module. + +6. Backward Compatibility + + An implementation MUST support OSPF adjacency formation and + operations with a neighbor router that does not advertise the OSPF + BFD strict-mode capability: both when that neighbor router does not + support BFD and when it does support BFD but does not signal the OSPF + BFD strict-mode as described in this document. Implementations MAY + provide a local configuration option to force BFD operation only in + OSPF BFD strict-mode (i.e, adjacency will not come up unless BFD + session is established). In this case, an OSPF adjacency with a + neighbor that does not support OSPF BFD strict-mode would not be + established successfully. Implementations MAY provide a local + configuration option to enable BFD without the OSPF BFD strict-mode, + which results in the router not advertising the B-bit and BFD + operation being performed in the same way as prior to this + specification. + + The signaling specified in this document happens at a link-local + level between routers on that link. A router that does not support + this specification would ignore the B-bit in the LLS block advertised + in Hello packets from its neighbors and continue to establish BFD + sessions (if enabled) without delaying the OSPF adjacency formation. + Since a router that does not support this specification would not + have set the B-bit in the LLS block advertised in its own Hello + packets, its neighbor routers supporting this specification would not + use OSPF BFD strict-mode with such OSPF routers. As a result, the + behavior would be the same as without this specification. Therefore, + there are no backward compatibility issues or implementation + considerations beyond what is specified herein. + +7. IANA Considerations + + This specification makes the following updates under the "Open + Shortest Path First (OSPF) Link Local Signaling (LLS) - Type/Length/ + Value Identifiers (TLV)" parameters. + + * In the "LLS Type 1 Extended Options and Flags" registry, the B-bit + has been assigned the bit position 0x00000010. + + * In the "Link Local Signaling TLV Identifiers (LLS Types)" + registry, the Type 21 has been assigned to the Local Interface + IPv4 Address TLV. + +8. Security Considerations + + The security considerations for "OSPF Link-Local Signaling" [RFC5613] + also apply to the extension described in this document. + Inappropriate use of the B-bit in the LLS block of an OSPF Hello + message could prevent an OSPF adjacency from forming or lead to the + failure of detecting bidirectional forwarding failures. If + authentication is being used in the OSPF routing domain [RFC5709] + [RFC7474], then the Cryptographic Authentication TLV [RFC5613] MUST + also be used to protect the contents of the LLS block. + +9. References + +9.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + <https://www.rfc-editor.org/info/rfc2119>. + + [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, + DOI 10.17487/RFC2328, April 1998, + <https://www.rfc-editor.org/info/rfc2328>. + + [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF + for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, + <https://www.rfc-editor.org/info/rfc5340>. + + [RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D. + Yeung, "OSPF Link-Local Signaling", RFC 5613, + DOI 10.17487/RFC5613, August 2009, + <https://www.rfc-editor.org/info/rfc5613>. + + [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and + R. Aggarwal, "Support of Address Families in OSPFv3", + RFC 5838, DOI 10.17487/RFC5838, April 2010, + <https://www.rfc-editor.org/info/rfc5838>. + + [RFC5882] Katz, D. and D. Ward, "Generic Application of + Bidirectional Forwarding Detection (BFD)", RFC 5882, + DOI 10.17487/RFC5882, June 2010, + <https://www.rfc-editor.org/info/rfc5882>. + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, <https://www.rfc-editor.org/info/rfc8174>. + +9.2. Informative References + + [RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., + Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic + Authentication", RFC 5709, DOI 10.17487/RFC5709, October + 2009, <https://www.rfc-editor.org/info/rfc5709>. + + [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection + (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, + <https://www.rfc-editor.org/info/rfc5880>. + + [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection + (BFD) for Multihop Paths", RFC 5883, DOI 10.17487/RFC5883, + June 2010, <https://www.rfc-editor.org/info/rfc5883>. + + [RFC6213] Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV", + RFC 6213, DOI 10.17487/RFC6213, April 2011, + <https://www.rfc-editor.org/info/rfc6213>. + + [RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., + "Security Extension for OSPFv2 When Using Manual Key + Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, + <https://www.rfc-editor.org/info/rfc7474>. + + [RFC9129] Yeung, D., Qu, Y., Zhang, Z., Chen, I., and A. Lindem, + "YANG Data Model for the OSPF Protocol", RFC 9129, + DOI 10.17487/RFC9129, October 2022, + <https://www.rfc-editor.org/info/rfc9129>. + +Acknowledgements + + The authors would like to acknowledge the review and inputs from Acee + Lindem, Manish Gupta, Balaji Ganesh, Les Ginsberg, Robert Raszuk, + Gyan Mishra, Muthu Arul Mozhi Perumal, Russ Housley, and Wes + Hardaker. + + The authors would like to acknowledge Dylan van Oudheusden for + highlighting the problems in using OSPF BFD strict-mode for BFD + sessions for OSPFv3 IPv4 AF instances and Baalajee S for his + suggestions on the approach to address it. + + The authors would like to thank John Scudder for his AD review and + suggestions to improve the document. + +Authors' Addresses + + Ketan Talaulikar (editor) + Cisco Systems, Inc. + India + Email: ketant.ietf@gmail.com + + + Peter Psenak + Cisco Systems, Inc. + Apollo Business Center + Mlynske nivy 43 + 821 09 Bratislava + Slovakia + Email: ppsenak@cisco.com + + + Albert Fu + Bloomberg + United States of America + Email: afu14@bloomberg.net + + + Rajesh M + Juniper Networks + India + Email: mrajesh@juniper.net |