1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
|
Internet Engineering Task Force (IETF) R. Raszuk
Request for Comments: 6769 NTT MCL
Category: Informational J. Heitz
ISSN: 2070-1721 Ericsson
A. Lo
Arista
L. Zhang
UCLA
X. Xu
Huawei
October 2012
Simple Virtual Aggregation (S-VA)
Abstract
All BGP routers in the Default-Free Zone (DFZ) are required to carry
all routes in the Default-Free Routing Table (DFRT). This document
describes a technique, Simple Virtual Aggregation (S-VA), that allows
some BGP routers not to install all of those routes into the
Forwarding Information Base (FIB).
Some routers in an Autonomous System (AS) announce an aggregate (the
VA prefix) in addition to the routes they already announce. This
enables other routers not to install the routes covered by the VA
prefix into the FIB as long as those routes have the same next-hop as
the VA prefix.
The VA prefixes that are announced within an AS are not announced to
any other AS. The described functionality is of very low operational
complexity, as it proposes a confined BGP speaker solution without
any dependency on network-wide configuration or requirement for any
form of intra-domain tunneling.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Raszuk, et al. Informational [Page 1]
^L
RFC 6769 S-VA October 2012
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6769.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
1.1. Scope of This Document .....................................3
1.2. Requirements Notation ......................................3
1.3. Terminology ................................................3
2. Operation of S-VA ...............................................4
3. Deployment Considerations .......................................6
4. Security Considerations .........................................7
5. Acknowledgements ................................................7
6. Normative References ............................................7
7. Informative References ..........................................7
Raszuk, et al. Informational [Page 2]
^L
RFC 6769 S-VA October 2012
1. Introduction
This document describes a technique called Simple Virtual Aggregation
(S-VA). It allows some routers not to store some routes in the
Forwarding Information Base (FIB) while still advertising and
receiving the full Default-Free Routing Table (DFRT) in BGP.
A typical scenario is as follows. Core routers in the ISP maintain
the full DFRT in the FIB and Routing Information Base (RIB). Edge
routers maintain the full DFRT in the BGP Local RIB (Loc-RIB), but do
not install certain routes in the RIB and FIB. Edge routers may
install a default route to core routers, to Area Border Routers (ABR)
that are installed on the Point of Presence (POP), to core boundary
routers, or to Autonomous System Border Routers (ASBRs).
S-VA must be enabled on an edge router that needs to save its RIB and
FIB space. The core routers must announce a new prefix called
Virtual Aggregate (VA prefix).
1.1. Scope of This Document
The VA prefix is not intended to be announced from one AS into
another, only between routers of the same AS.
S-VA can be used for both IPv4 unicast and multicast address families
and IPv6 unicast and multicast address families.
S-VA does not need to operate on every router in an AS.
1.2. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.3. Terminology
RIB/FIB-Installing Router (FIR): A router that does not suppress any
routes and announces the VA prefix. Typically, a core router, a
POP to core boundary router, or an ASBR would be configured as an
FIR.
RIB/FIB-Suppressing Router (FSR): An S-VA router that installs the
VA prefix, but does not install routes that are covered by and
have the same next-hop as the VA prefix into its FIB. Typically,
an edge router would be configured as an FSR.
Raszuk, et al. Informational [Page 3]
^L
RFC 6769 S-VA October 2012
Suppress: Not to install a route that is covered by the VA prefix
into the global RIB or FIB.
Legacy Router: A router that does not run S-VA and has no knowledge
of S-VA.
Global Routing Information Base (RIB): All routing protocols in a
router install their selected routes into the RIB. The routes in
the RIB are used to resolve next-hops for other routes, to be
redistributed to other routing protocols, and to be installed into
the FIB.
Local/Protocol Routing Information Base (Loc-RIB): The Loc-RIB
contains the routes that have been selected by the local BGP
speaker's Decision Process as in [RFC4271].
NLRI: Network Layer Reachability Information [RFC4271]
2. Operation of S-VA
There are three types of routers in S-VA: FIB-Installing routers
(FIR), FIB-Suppressing routers (FSR), and, optionally, legacy
routers. While any router can be an FIR or an FSR, the simplest form
of deployment is for AS border routers to be configured as FIRs and
for customer facing edge routers to be configured as FSRs.
When a FIR announces a VA prefix, it sets the path attributes as
follows. The ORIGIN MUST be set to INCOMPLETE (value 2). The
NEXT_HOP MUST be set to the same value as that of the routes that are
intended to be covered by the VA prefix. The ATOMIC_AGGREGATE and
AGGREGATOR attributes SHOULD NOT be included. The FIR MUST attach a
NO_EXPORT community attribute [RFC1997]. The NLRI SHOULD be 0/0.
A FIR SHOULD NOT FIB-suppress any routes.
An FSR must detect the VA prefix or prefixes (including 0/0) and
install them in all of Loc-RIB, RIB, and FIB. The FSR MAY suppress
any more-specific routes that carry the same next-hop as the VA
prefix.
Generally, any more-specific route that carries the same next-hop as
the VA prefix is eligible for suppression. However, provided that
there is at least one less-specific prefix with a different next-hop
between the VA prefix and the suppressed prefixes, then those
suppressed prefixes must be reinstalled.
An example with three prefixes can be considered where the VA-prefix
(prefix 1) is the least specific and covers prefix 2 and prefix 3.
Raszuk, et al. Informational [Page 4]
^L
RFC 6769 S-VA October 2012
Prefix 2 is less specific than prefix 3 and covers the latter. If
all three have the same next-hop, then only the bigger one, i.e.,
VA-Prefix, is announced. However, if prefix 2 has a different
next-hop, then it will need to be announced separately. In this
case, it is important to also announce prefix 3 separately.
Similarly, when Internal BGP (IBGP) multipath is enabled, and when
multiple VA prefixes form a multipath, only those more-specific
prefixes of which the set of next-hops are identical to the set of
next-hops of the VA prefix multipath are subject to suppression.
The expected behavior is illustrated in Figure 1. This figure shows
an AS with a FIR, FIR1, and an FSR, FSR1. FSR1 is an ASBR and is
connected to two external ASBRs, EP1 and EP2.
+------------------------------------------+
| Autonomous System | +----+
| | |EP1 |
| /---+---| |
| To ----\ +----+ +----+ / | +----+
| Other \|FIR1|----------|FSR1|/ |
|Routers /| | | |\ |
| ----/ +----+ +----+ \ | +----+
| \---+---|EP2 |
| | | |
| | +----+
+------------------------------------------+
Figure 1
Suppose that FSR1 has been enabled to perform S-VA. Originally, it
receives all routes from FIR1 (doing next-hop-self) as well as from
EP1 and EP2. FIR1 now will advertise a VA prefix 0/0 with the next-
hop set to itself. This will cause FSR1 to suppress all routes with
the same next-hop as the VA prefix. However, FSR1 will not suppress
any routes received from EP1 and EP2, because their next-hops are
different from that of the VA prefix.
Several FIRs may announce different S-VA prefixes. For example, in a
POP, each edge router can announce into the POP an S-VA prefix that
covers the addresses of the customers it services.
Several FIRs may announce the same S-VA prefix. In this case, an FSR
must choose to install only one of them. For example, two redundant
ASBRs, both of which announce the complete DFRT, may each also
announce the default route as an S-VA prefix into the AS.
Raszuk, et al. Informational [Page 5]
^L
RFC 6769 S-VA October 2012
S-VA may be used to split traffic among redundant exit routers. For
example, suppose in Figure 1 that EP1 and EP2 are two redundant ASBRs
that announce the complete DFRT. Each may also announce two S-VA
prefixes into the AS: 0/1 and 128/1. EP1 might announce 0/1 with
higher preference and EP2 might announce 128/1 with higher
preference. FIR1 will now install into its FIB 0/1 pointing to EP1
and 128/1 pointing to EP2. If either EP1 or EP2 were to fail, then
FSR1 would switch the traffic to the other exit router with a single
FIB installation of one S-VA prefix.
3. Deployment Considerations
BGP routes may be used to resolve next-hops for static routes or
other BGP routes. Because the default route does not imply
reachability of any destination, a router can be configured to not
resolve next-hops using the default route. In this case, S-VA should
not suppress a route that may be used to resolve a next-hop for
another route from installation into the RIB. It may still suppress
it from installation into the FIB.
Selected BGP routes in the RIB may be redistributed to other
protocols. If they no longer exist in the RIB, they will not be
redistributed. This is especially important when the conditional
redistribution is taking place based on the length of the prefix,
community value, etc. In those cases where a redistribution policy
is in place, S-VA implementation should refrain from suppressing
installation into the RIB routes matching such policy. It may still
suppress them from installation into the FIB.
A router may originate a network route or an aggregate route into
BGP. Some addresses covered by such a route may not exist. If this
router were to receive a packet for an unreachable address within an
originated route, it must not send that packet to the VA prefix
route. There are several ways to achieve this. One way is to have
the FIR aggregate the routes instead of the FSR. Another way is to
install a black hole route for the nonexistent addresses on the
originating router. This issue is not specific to S-VA, but
applicable to the general use of default routes.
Like any aggregate, an S-VA prefix may include more address space
than the sum of the prefixes it covers. As such, the S-VA prefix may
provide a route for a packet for which no real destination exists.
An FSR will forward such a packet to the FIR.
If an S-VA prefix changes its next-hop or is removed, then many
routes may need to be downloaded into the FIB to achieve convergence.
Raszuk, et al. Informational [Page 6]
^L
RFC 6769 S-VA October 2012
4. Security Considerations
The authors are not aware of any new security considerations due to
S-VA. The local nature of the proposed optimization eliminates any
external exposure of the functionality. The presence of more
specifics that are used as VA prefixes is also a normal BGP behavior
in current networks.
5. Acknowledgements
The concept for Virtual Aggregation comes from Paul Francis. In this
document, the authors only simplified some aspects of its behavior to
allow simpler adoption by some operators.
The authors would like to thank Clarence Filsfils, Nick Hilliard, S.
Moonesamy, and Tom Petch for their review and valuable input.
6. Normative References
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007.
7. Informative References
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, January
2006.
Raszuk, et al. Informational [Page 7]
^L
RFC 6769 S-VA October 2012
Authors' Addresses
Robert Raszuk
NTT MCL
101 S Ellsworth Avenue Suite 350
San Mateo, CA 94401
USA
EMail: robert@raszuk.net
Jakob Heitz
Ericsson
300 Holger Way
San Jose, CA 95134
USA
EMail: jakob.heitz@ericsson.com
Alton Lo
Arista Networks
5470 Great America Parkway
Santa Clara, CA 95054
USA
EMail: altonlo@aristanetworks.com
Lixia Zhang
UCLA
3713 Boelter Hall
Los Angeles, CA 90095
USA
EMail: lixia@cs.ucla.edu
Xiaohu Xu
Huawei Technologies
Huawei Building, No.3 Xinxi Rd.,
Shang-Di Information Industry Base, Hai-Dian District
Beijing 100085
P.R. China
Phone: +86 10 82836073
EMail: xuxh@huawei.com
Raszuk, et al. Informational [Page 8]
^L
|