1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
|
Internet Engineering Task Force (IETF) H. Zhai
Request for Comments: 7357 F. Hu
Updates: 6325 ZTE
Category: Standards Track R. Perlman
ISSN: 2070-1721 Intel Labs
D. Eastlake 3rd
Huawei
O. Stokes
Extreme Networks
September 2014
Transparent Interconnection of Lots of Links (TRILL):
End Station Address Distribution Information (ESADI) Protocol
Abstract
The IETF TRILL (Transparent Interconnection of Lots of Links)
protocol provides least-cost pair-wise data forwarding without
configuration in multi-hop networks with arbitrary topologies and
link technologies. TRILL supports multipathing of both unicast and
multicast traffic. Devices that implement the TRILL protocol are
called TRILL switches or RBridges (Routing Bridges).
ESADI (End Station Address Distribution Information) is an optional
protocol by which a TRILL switch can communicate, in a Data Label
(VLAN or fine-grained label) scoped way, end station address and
reachability information to TRILL switches participating in ESADI for
the relevant Data Label. This document updates RFC 6325,
specifically the documentation of the ESADI protocol, and is not
backwards compatible.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7357.
Zhai, et al. Standards Track [Page 1]
^L
RFC 7357 TRILL: ESADI September 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Zhai, et al. Standards Track [Page 2]
^L
RFC 7357 TRILL: ESADI September 2014
Table of Contents
1. Introduction ....................................................4
1.1. Content and Precedence .....................................5
1.2. Terminology ................................................5
2. ESADI Protocol Overview .........................................6
2.1. ESADI Virtual Link ........................................10
2.2. ESADI Neighbor Determination ..............................10
2.3. ESADI Payloads ............................................11
3. ESADI DRB (Designated RBridge) Determination ...................11
4. ESADI PDU Processing ...........................................12
4.1. Unicasting ESADI PDUs .....................................12
4.2. General Transmission of ESADI PDUs ........................13
4.3. General Receipt of ESADI PDUs .............................14
4.4. ESADI Reliable Flooding ...................................14
5. End Station Addresses ..........................................15
5.1. Learning Confidence Level .................................15
5.2. Forgetting End Station Addresses ..........................16
5.3. Duplicate MAC Address .....................................16
6. ESADI-LSP Contents .............................................18
6.1. ESADI Parameter Data ......................................19
6.2. MAC-Reachability TLV ......................................20
6.3. Default Authentication ....................................21
7. IANA Considerations ............................................21
7.1. ESADI Participation and Capability Flags ..................22
7.2. TRILL GENINFO TLV .........................................23
8. Security Considerations ........................................24
8.1. Privacy Considerations ....................................25
9. Acknowledgements ...............................................26
10. References ....................................................26
10.1. Normative References .....................................26
10.2. Informative References ...................................28
Appendix A. Interoperability and Changes to RFC 6325 ..............29
A.1. ESADI PDU Changes .........................................29
A.2. Unicasting Changes ........................................30
A.3. Message Timing Changes and Suggestions ....................30
A.4. Duplicate Address Reachability ............................30
Zhai, et al. Standards Track [Page 3]
^L
RFC 7357 TRILL: ESADI September 2014
1. Introduction
The TRILL (Transparent Interconnection of Lots of Links) protocol
[RFC6325] provides least-cost pair-wise data forwarding without
configuration in multi-hop networks with arbitrary topologies and
link technologies, safe forwarding even during periods of temporary
loops, and support for multipathing of both unicast and multicast
traffic. TRILL accomplishes this with the IS-IS (Intermediate System
to Intermediate System) [IS-IS] [RFC1195] [RFC7176] link-state
routing protocol using a header with a hop count. The design
supports optimization of the distribution of multi-destination frames
and two types of data labeling: VLANs (Virtual Local Area Networks)
[RFC6325] and FGLs (fine-grained labels) [RFC7172]. Devices that
implement TRILL are called TRILL switches or RBridges (Routing
Bridges).
There are five ways a TRILL switch can learn end station addresses,
as described in Section 4.8 of [RFC6325]. One of these is the ESADI
(End Station Address Distribution Information) protocol, which is an
optional Data Label scoped way by which TRILL switches can
communicate with each other information such as end station addresses
and their TRILL switch of attachment. A TRILL switch that is
announcing interest in a Data Label MAY use the ESADI protocol to
announce the end station address of some or all of its attached end
stations in that Data Label to other TRILL switches that are running
ESADI for that Data Label. (In the future, ESADI may also be used
for other address and reachability information.)
By default, TRILL switches with connected end stations learn
addresses from the data plane when ingressing and egressing native
frames, although such learning can be disabled. The ESADI protocol's
potential advantages over data plane learning include the following:
1. Security advantages:
a) The ESADI protocol can be used to announce end stations with an
authenticated enrollment (for example, enrollment authenticated
by cryptographically based EAP (Extensible Authentication
Protocol) [RFC3748] methods via [802.1X]).
b) The ESADI protocol supports cryptographic authentication of its
message payloads for more secure transmission.
2. Fast update advantages: The ESADI protocol provides a fast update
of end station MAC (Media Access Control) addresses and their
TRILL switch of attachment. If an end station is unplugged from
one TRILL switch and plugged into another, ingressed frames with
that end station's MAC address as their destination can be
Zhai, et al. Standards Track [Page 4]
^L
RFC 7357 TRILL: ESADI September 2014
black-holed. That is, they can be sent just to the older egress
TRILL switch that the end station was connected to until cached
address information at some remote ingress TRILL switch times out,
possibly for tens of seconds [RFC6325].
MAC address reachability information, some ESADI parameters, and
optional authentication information are carried in ESADI packets
rather than in the TRILL IS-IS protocol. As specified below, ESADI
is, for each Data Label, a virtual logical topology overlay in the
TRILL topology. An advantage of using ESADI over using TRILL IS-IS
is that the end station attachment information is not flooded to all
TRILL switches but only to TRILL switches advertising ESADI
participation for the Data Label in which those end stations occur.
1.1. Content and Precedence
This document updates [RFC6325], the TRILL base protocol
specification, replacing the description of the TRILL ESADI protocol
(Section 4.2.5 of [RFC6325], including all subsections), providing
more detail on ESADI, updating other ESADI-related sections of
[RFC6325], and prevailing over [RFC6325] in any case where they
conflict. For this reason, familiarity with [RFC6325] is
particularly assumed. These changes include a change to the format
of ESADI-LSPs (ESADI Link State Protocol Data Units) that is not
backwards compatible; this change is justified by the substantially
increased amount of information that can be carried and in light of
the very limited, if any, deployment of RFC 6325 ESADI. These
changes are further discussed in Appendix A.
Section 2 of this document is the ESADI protocol overview. Section 3
specifies ESADI DRB (Designated RBridge) determination. Section 4
discusses the processing of ESADI PDUs. Section 5 discusses
interaction with other modes of end station address learning.
Section 6 describes the ESADI-LSP and its contents.
1.2. Terminology
This document uses the acronyms defined in [RFC6325], in addition to
the following:
Data Label: VLAN or FGL.
ESADI RBridge: An RBridge that is participating in ESADI for one
or more Data Labels.
FGL: Fine-Grained Label [RFC7172].
LSP: Link State PDU [IS-IS].
Zhai, et al. Standards Track [Page 5]
^L
RFC 7357 TRILL: ESADI September 2014
LSP number zero: A Link State PDU with fragment number equal to
zero.
PDU: Protocol Data Unit.
TRILL switch: An alternative name for an RBridge.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Capitalized IANA-related terms such as "IETF Review" are to be
interpreted as described in [RFC5226].
2. ESADI Protocol Overview
ESADI is a Data Label scoped way for TRILL switches (also known as
RBridges) to announce and learn end station addresses rapidly and
securely. An RBridge that is announcing participation in ESADI for
one or more Data Labels is called an ESADI RBridge.
ESADI is an optional protocol that is separate from the mandatory
TRILL IS-IS implemented by all RBridges in a campus. There is a
separate ESADI instance for each Data Label (VLAN or FGL) if ESADI is
being used for that Data Label. In essence, for each such Data
Label, there is a modified instance of the IS-IS reliable flooding
mechanism in which ESADI RBridges may choose to participate. (These
are not the instances specified in [RFC6822].) Multiple ESADI
instances may share implementation components within an RBridge as
long as that sharing preserves the independent operation of each
instance of the ESADI protocol. For example, the ESADI link state
database could be a single database with a field in each record
indicating the Data Label to which it applies, or it could be a
separate database per Data Label. However, the ESADI update process
operates separately for each ESADI instance and independently from
the TRILL IS-IS update process.
ESADI does no routing calculations, so there is no reason for
pseudonodes in ESADI and none are created. (Pseudonodes [IS-IS] are
a construct for optimizing routing calculations.) Furthermore, a
relatively large amount of ESADI data will have to be distributed,
under some circumstances, using ESADI mechanisms; this would require
a large number of ESADI-LSP fragments. ESADI-LSP, ESADI-CSNP, and
ESADI-PSNP (ESADI Link State PDU, Complete Sequence Number PDU, and
Partial Sequence Number PDU) payloads are therefore formatted as
Extended Level 1 Circuit Scope (E-L1CS) PDUs [RFC7356] (see also
Section 6). This allows up to 2**16 fragments but does not support
link state data associated with pseudonodes.
Zhai, et al. Standards Track [Page 6]
^L
RFC 7357 TRILL: ESADI September 2014
After the TRILL Header, ESADI packets have an inner Ethernet header
with the Inner.MacDA of "All-Egress-RBridges" (formerly called
"All-ESADI-RBridges"), an inner Data Label specifying the VLAN or FGL
of interest, and the "L2-IS-IS" Ethertype followed by the ESADI
payload, as shown in Figure 1.
+--------------------------------+
| Link Header |
+--------------------------------+
| TRILL Data Header |
+--------------------------------+
| Inner Ethernet Addresses |
+--------------------------------+
| Data Label |
+--------------------------------+
| L2-IS-IS Ethertype |
+--------------------------------+
| ESADI Payload |
+--------------------------------+
| Link Trailer |
+--------------------------------+
Figure 1: TRILL ESADI Packet Overview
Zhai, et al. Standards Track [Page 7]
^L
RFC 7357 TRILL: ESADI September 2014
TRILL ESADI packets sent on an Ethernet link are structured as shown
in Figure 2. The outer VLAN tag will not be present if it was not
included by the Ethernet port that sent the packet.
Outer Ethernet Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Hop Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Hop Destination Addr. | Sending RBridge Port MAC Addr.|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sending RBridge Port MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...Ethernet frame tagging including optional Outer.VLAN tag...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethertype = TRILL 0x22F3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TRILL Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V | R |M|Op-Length| Hop Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Egress Nickname | Ingress (Origin) Nickname |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Inner Ethernet Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| All-Egress-RBridges |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| All-Egress-RBridges (cont.) | Origin RBridge MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Origin RBridge MAC Address (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VLAN or FGL Data Label (4 or 8 bytes) [RFC7172] ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethertype = L2-IS-IS 0x22F4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ESADI Payload (formatted as IS-IS):
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IS-IS Common Header, IS-IS PDU Specific Fields, IS-IS TLVs |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Frame Check Sequence:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FCS (Frame Check Sequence) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: ESADI Ethernet Link Packet Format
The Next Hop Destination Address or Outer.MacDA is the All-RBridges
multicast address if the ESADI PDU is being multicast. If it is
being unicast, the Next Hop Destination Address is the unicast
address of the next-hop RBridge. The VLAN for the Outer.VLAN
Zhai, et al. Standards Track [Page 8]
^L
RFC 7357 TRILL: ESADI September 2014
information, if present, will be the Designated VLAN for the link on
which the packet is sent. The V and R fields will be zero while the
M bit will be one, unless the ESADI PDU was unicast, in which case
the M bit will be zero. The Data Label specified will be the VLAN or
FGL to which the ESADI packet applies. The Origin RBridge MAC
Address or Inner.MacSA MUST be a MAC address unique across the campus
owned by the RBridge originating the ESADI packet -- for example, any
of its port MAC addresses if it has any Ethernet ports -- and each
ESADI RBridge MUST use the same Inner.MacSA for all of the ESADI
packets it originates.
TRILL ESADI packets sent on a PPP link are structured as shown in
Figure 3 [RFC6361].
PPP Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PPP = TNP (TRILL Data) 0x005D |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TRILL Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V | R |M|Op-Length| Hop Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Egress Nickname | Ingress (Origin) Nickname |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Inner Ethernet Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| All-Egress-RBridges |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| All-Egress-RBridges (cont.) | Origin RBridge MAC Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Origin RBridge MAC Address (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VLAN or FGL Data Label (4 or 8 bytes) [RFC7172] ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ethertype = L2-IS-IS 0x22F4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ESADI Payload (formatted as IS-IS):
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IS-IS Common Header, IS-IS PDU Specific Fields, IS-IS TLVs |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PPP Check Sequence:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PPP Check Sequence |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: ESADI PPP Link Packet Format
Zhai, et al. Standards Track [Page 9]
^L
RFC 7357 TRILL: ESADI September 2014
2.1. ESADI Virtual Link
All RBridges forward ESADI packets as if they were ordinary TRILL
Data packets. Because of this forwarding, it appears to an instance
of the ESADI protocol at an RBridge that it is directly connected by
a multi-access virtual link to all RBridges in the campus that are
"data reachable" from it (see Section 2 of [RFC7180]) and are running
ESADI for that Data Label. No "routing" calculation (least-cost path
or distribution tree construction) ever has to be performed by ESADI.
An ESADI RBridge merely transmits the ESADI packets it originates on
this virtual link as described for TRILL Data packets in [RFC6325]
and [RFC7172]. For multicast ESADI packets, it may use any
distribution tree that it might use for an ordinary multi-destination
TRILL Data packet. RBridges that do not implement the ESADI
protocol, do not have it enabled, or are not participating in the
ESADI protocol for the Data Label of an ESADI packet do not
decapsulate or locally process the ESADI packet. Thus, ESADI packets
are transparently tunneled through transit RBridges.
2.2. ESADI Neighbor Determination
The ESADI instance for Data Label X at an RBridge RB1 determines who
its adjacent ESADI neighbors are by examining the TRILL IS-IS link
state database for RBridges that are data reachable from RB1 (see
Section 2 of [RFC7180]) and are announcing their participation in
Data Label X ESADI. When an RBridge RB2 becomes data unreachable
from RB1 or the relevant entries for RB2 are purged from the core
IS-IS link state database, it is lost as a neighbor and also dropped
from any ESADI instances from the point of view of RB1, and when RB2
is no longer announcing participation in Data Label X ESADI, it
ceases to be a neighbor for any Data Label X ESADI instance. All
these considerations are Data Label scoped. Because of these
mechanisms whereby an ESADI instance at an ESADI RBridge can
determine its ESADI adjacencies by examining the TRILL IS-IS link
state database, there are no "Hellos" sent in ESADI and no adjacency
information is carried in ESADI-LSPs.
A participation announcement in a VLAN scoped ESADI instance is
generated by setting a flag bit in the Interested VLANs sub-TLV, and
an announcement for an FGL scoped ESADI instance is generated by
setting a flag bit in the Interested Labels sub-TLV [RFC7176] (see
Section 7.1).
Zhai, et al. Standards Track [Page 10]
^L
RFC 7357 TRILL: ESADI September 2014
2.3. ESADI Payloads
TRILL ESADI packet payloads are structured like IS-IS Extended
Level 1 Circuit Scope (E-L1CS) LSP, CSNP, and PSNP PDUs [RFC7356],
except as indicated below, but are always TRILL encapsulated on the
wire as if they were TRILL Data packets. The information distributed
by the ESADI protocol includes a list of local end station MAC
addresses connected to the originating RBridge and, for each such
address, a 1-octet unsigned "Confidence" rating in the range 0-254
(see Section 6.2). It is entirely up to the originating RBridge
which locally connected MAC addresses it wishes to advertise via
ESADI and with what Confidence. It MAY advertise all, some, or none
of such addresses. In addition, some ESADI parameters of the
advertising RBridge (see Section 6.1) and, optionally, authentication
information (see Section 6.3) are included. Future uses of ESADI may
distribute other similar address and reachability information.
TRILL ESADI-LSPs MUST NOT contain a Data Label ID in their payload.
The Data Label to which the ESADI data applies is the Data Label of
the TRILL Data packet enclosing the ESADI payload. If a Data Label
ID could occur within the payload, it might conflict with that TRILL
Data packet Data Label and could conflict with any future Data Label
mapping scheme that may be adopted [VLANmapping]. If a VLAN or FGL
ID field within an ESADI-LSP PDU does include a value, that field's
contents MUST be ignored.
3. ESADI DRB (Designated RBridge) Determination
Because ESADI does no adjacency announcement or routing, the
ESADI-DRB never creates a pseudonode. However, a DRB [RFC7177] is
still needed to issue ESADI-CSNP PDUs and respond to ESADI-PSNP PDUs
for ESADI-LSP synchronization.
Generally speaking, the DRB election on the ESADI virtual link (see
Section 2.1) operates similarly to the DRB election on a TRILL IS-IS
broadcast link, as described in Section 4.2.1 ("DRB Election
Details") of [RFC7177], with the following exceptions: in the Data
Label X ESADI-DRB election at RB1 on an ESADI virtual link, the
candidates are the local ESADI instance for Data Label X and all
remote ESADI instances at RBridges that are (1) data reachable from
RB1 [RFC7180] and (2) announcing in their TRILL IS-IS LSP that they
are participating in ESADI for Data Label X. The winner is the
instance with the highest ESADI Parameter 7-bit priority field with
ties broken by the System ID, comparing fields as unsigned integers
with the larger magnitude considered higher priority. "SNPA/MAC
address" (Subnetwork Point of Attachment / MAC address) is not
considered in this tiebreaking, and there is no "Port ID".
Zhai, et al. Standards Track [Page 11]
^L
RFC 7357 TRILL: ESADI September 2014
4. ESADI PDU Processing
Data Label X ESADI neighbors are usually not connected directly by a
physical link but are always logically connected by a virtual link
(see Section 2.1). There could be hundreds or thousands of ESADI
RBridges (TRILL switches) on the virtual link. The only PDUs used in
ESADI are the ESADI-LSP, ESADI-CSNP, and ESADI-PSNP PDUs. In
particular, there are no Hello or MTU PDUs, because ESADI does not
build a topology, does not do any routing calculations, and does not
determine MTU. Instead, ESADI uses the distribution trees and the Sz
campus minimum link MTU determined by the core TRILL IS-IS (see
[RFC6325] and [RFC7180]).
4.1. Unicasting ESADI PDUs
For [IS-IS], PDU multicasting is normal on a local link and no effort
is made to optimize to unicast, because on the typical physical link
for which IS-IS was designed (commonly a piece of multi-access
Ethernet cable), any frame made the link busy for that frame time.
However, to ESADI instances, what appears to be a simple multi-access
link is generally a set of multi-hop distribution trees that may or
may not be pruned. Thus, transmitting a multicast frame on such a
tree can impose a substantially greater load than transmitting a
unicast frame. This load may be justified if there are likely to be
multiple listeners but may not be justified if there is only one
recipient of interest. For this reason, under some circumstances,
ESADI PDUs MAY be TRILL unicast if it is confirmed that the
destination RBridge supports receiving unicast ESADI PDUs (see
Section 6.1).
The format of a unicast ESADI packet is the format of a multicast
TRILL ESADI packet as described in Section 2 above, except as
follows:
o On an Ethernet link, in the outer Ethernet header the Outer.MacDA
is the unicast address of the next-hop RBridge.
o In the TRILL Header, the M bit is set to zero and the Egress
Nickname is the nickname of the destination RBridge.
Zhai, et al. Standards Track [Page 12]
^L
RFC 7357 TRILL: ESADI September 2014
To support unicasting of ESADI PDUs, Section 4.6.2.2 of [RFC6325] is
replaced with the following:
4.6.2.2. TRILL ESADI Packets
If M = 1, the egress nickname designates the distribution tree.
The packet is forwarded as described in Section 4.6.2.5. In
addition, if (1) the forwarding RBridge is interested in the
specified VLAN or fine-grained label [RFC7172], (2) the forwarding
RBridge implements the TRILL ESADI protocol, and (3) ESADI is
enabled for the specified VLAN or fine-grained label, then the
inner frame is decapsulated and provided to that local ESADI
protocol.
If M = 0 and the egress nickname is not that of the receiving
RBridge, the packet is forwarded as for known unicast TRILL Data
frames as described in Section 4.6.2.4. If M = 0 and the egress
nickname is that of the receiving RBridge, and the receiving
RBridge supports unicast ESADI PDUs, then the ESADI packet is
decapsulated and processed if it meets the three numbered
conditions in the paragraph above; otherwise, it is discarded.
The references to "4.6.2.2", "4.6.2.4", and "4.6.2.5" above refer to
those sections in [RFC6325].
4.2. General Transmission of ESADI PDUs
Following the usual [IS-IS] rules, an ESADI instance does not
transmit any ESADI PDUs if it has no ESADI adjacencies. Such
transmission would just be a waste of bandwidth.
The MTU available to ESADI payloads is at least 24 bytes less than
that available to TRILL IS-IS because of the additional fields
required ( 2(TRILL Ethertype) + 6(TRILL Header) + 6(Inner.MacDA) +
6(Inner.MacSA) + 4/8(Data Label) bytes ). Thus, the inner ESADI
payload, starting with the Intradomain Routeing Protocol
Discriminator byte, MUST NOT exceed Sz minus 24 for a VLAN ESADI
instance or Sz minus 28 for an FGL ESADI instance; however, if a
larger payload is received, it is processed normally (see [RFC6325]
and [RFC7180] for discussions of Sz and MTU).
In all cases where this document says that an ESADI PDU is multicast,
if the transmitting RBridge has only one neighbor and that neighbor
advertises support for unicast, the PDU MAY be unicast (see
Section 4.1).
Zhai, et al. Standards Track [Page 13]
^L
RFC 7357 TRILL: ESADI September 2014
A priority bit to indicate that an LSP fragment should be flooded
with high priority is provided by [RFC7356]. This bit SHOULD be set
on ESADI-LSP fragment zero because it is important that the ESADI
Parameter APPsub-TLV get through promptly. This bit SHOULD NOT be
set on other ESADI-LSP fragments to avoid giving undue priority to
less urgent PDUs.
4.3. General Receipt of ESADI PDUs
In contrast with Layer 3 IS-IS PDU acceptance tests, which check the
source inner and outer SNPA/MAC in order to verify that a PDU is from
an adjacent TRILL switch, in TRILL ESADI adjacency is based on the
system ID, so the system ID inside the PDU is all that is tested for.
If an ESADI instance believes that it has no ESADI neighbors, it
ignores any ESADI PDUs it receives.
4.4. ESADI Reliable Flooding
The IS-IS reliable flooding mechanism (the Update Process) is
modified for ESADI in the ways listed below. Except as otherwise
stated, the ESADI update process works as described in [IS-IS],
[RFC1195], and [RFC7356].
When an ESADI instance sees that it has a new ESADI neighbor, its
self-originated ESADI-LSP fragments are scheduled to be sent and MAY
be unicast to that neighbor if the neighbor is announcing in its LSP
that it supports unicast ESADI (see Section 6.1). If all the other
ESADI instances for the same Data Label send their self-originated
ESADI-LSPs immediately, there may be a surge of traffic to that new
neighbor. Therefore, the ESADI instances SHOULD wait an interval of
time before sending their ESADI-LSP(s) to a new neighbor. The
interval time value is up to the device implementation. One
suggestion is that the interval time can be assigned a random value
with a range based on the RBridge's nickname (or any one of its
nicknames, if it holds more than one), such as ( 2000 * nickname /
2**16 ) milliseconds, assuming "nickname" to be an unsigned quantity.
All the TRILL switches participating in an ESADI instance for some
Data Label appear to ESADI to be adjacent. Thus, the originator of
any active ESADI-LSP fragment always appears to be on link and, to
spread the burden of such a response, could be the RBridge to respond
to any ESADI-CSNP or PSNP request for that fragment. However, under
very rare circumstances, it could be that some version of the LSP
fragment with a higher sequence number is actually held by another
ESADI RBridge on the link, so non-originators need to be able to
respond eventually. Thus, when the receipt of a CSNP or PSNP causes
the SRMflag (Send Routing Message flag [IS-IS]) to be set for an LSP
Zhai, et al. Standards Track [Page 14]
^L
RFC 7357 TRILL: ESADI September 2014
fragment, action is as specified in [IS-IS] for the originating ESADI
RBridge of the fragment; however, at a non-originating ESADI RBridge,
when changing the SRMflag from 0 to 1, the lastSent timestamp [IS-IS]
is also set to the current time minus
minimumLSPTransmissionInterval * Random (Jitter) / 100
(where minimumLSPTransmissionInterval, Random, and Jitter are as in
[IS-IS]). This will delay and jitter the transmission of the LSP
fragment by non-originators. This gives the originator more time to
send the fragment and provides more time for such an originator-
transmitted copy to traverse the likely multi-hop path to
non-originators and clear the SRMflag for the fragment at
non-originators.
The multi-hop distribution tree method with Reverse Path Forwarding
Check used for multicast distribution by TRILL will typically be less
reliable than transmission over a single local broadcast link hop.
For LSP synchronization robustness, in addition to sending
ESADI-CSNPs as usual when it is the DRB, an ESADI RBridge SHOULD also
transmit an ESADI-CSNP for an ESADI instance if all of the following
conditions are met:
o it sees one or more ESADI neighbors for that instance, and
o it does not believe it is the DRB for the ESADI instance, and
o it has not received or sent an ESADI-CSNP PDU for the instance for
the average of the CSNP Time (see Section 6.1) of the DRB and its
CSNP Time.
5. End Station Addresses
The subsections below discuss end station address considerations in
the context of ESADI.
5.1. Learning Confidence Level
The Confidence level mechanism [RFC6325] allows an RBridge campus
manager to cause certain address learning sources to prevail over
others. MAC address information learned through a registration
protocol, such as [802.1X] with a cryptographically based EAP
[RFC3748] method, might be considered more reliable than information
learned through the mere observation of data traffic. When such
authenticated learned address information is transmitted via the
ESADI protocol, the use of authentication in the TRILL ESADI-LSP
packets could make tampering with it in transit very difficult. As a
result, it might be reasonable to announce such authenticated
Zhai, et al. Standards Track [Page 15]
^L
RFC 7357 TRILL: ESADI September 2014
information via the ESADI protocol with a high Confidence, so it
would be used in preference to any alternative learning from data
observation.
5.2. Forgetting End Station Addresses
The end station addresses learned through the TRILL ESADI protocol
should be forgotten through changes in ESADI-LSPs. The timeout of
the learned end station address is up to the originating RBridge that
decides when to remove such information from its ESADI-LSPs (or up to
ESADI protocol timeouts if the originating RBridge becomes
unreachable).
If RBridge RBn participating in the TRILL ESADI protocol for Data
Label X no longer wishes to participate in ESADI, it ceases to
participate by (1) clearing the ESADI Participation bit in the
appropriate Interested VLANs or Interested Labels sub-TLV and (2)
sending a final ESADI-LSP nulling out its ESADI-LSP information.
5.3. Duplicate MAC Address
With ESADI, it is possible to persistently see occurrences of the
same MAC address in the same Data Label being advertised as reachable
by two or more RBridges. The specification of how to handle this
situation in [RFC6325] is updated by this document, by replacing the
last sentence of the last paragraph of Section 4.2.6 of [RFC6325] as
shown below to provide better traffic-spreading while avoiding
possible address flip-flopping.
As background, assume some end station or set of end stations ESn
have two or more ports with the same MAC address in the same Data
Label with the ports connected to different RBridges (RB1, RB2, ...)
by separate links. With ESADI, some other RBridge, RB0, can
persistently see that MAC address in that Data Label connected to
multiple RBridges. When RB0 ingresses a frame, say from ES0,
destined for that MAC and label, the current [RFC6325] text permits a
wide range of behavior. In particular, [RFC6325] would permit RB0 to
use some rule, such as "always encapsulate to the egress with the
lowest System ID", which would put all of this traffic through only
one of the egress RBridges and one of the end station ports. With
that behavior, there would be no load-spreading, even if there were
multiple different ingress RBridges and/or different MAC addresses
with the same reachability. [RFC6325] would also permit RB0 to send
different traffic to different egresses by doing ECMP (Equal Cost
Multipath) at a flow level, which would likely result in return
traffic for RB0 to egress to ES0 from various of RB1, RB2, ... for
the same MAC and label. The resulting address reachability
flip-flopping perceived at RB0 could cause problems.
Zhai, et al. Standards Track [Page 16]
^L
RFC 7357 TRILL: ESADI September 2014
This update to [RFC6325] avoids these potential difficulties by
requiring that RB0 use one of the following two policies: (1) only
encapsulate to one egress RBridge for any particular MAC and label,
but select that egress pseudorandomly, based on the topology
(including MAC reachability) or (2) if RB0 will not be disturbed by
the returning TRILL Data packets showing the same MAC or by label
flip-flopping between different ingresses, RB0 may use ECMP.
Assuming multiple ingress RBridges and/or multiple MAC and label
addresses, strategy 1 should result in load-spreading without address
flip-flopping, while strategy 2 will produce better load-spreading
than strategy 1 but with address flip-flopping from the point of view
of RB0.
OLD [RFC6325] Section 4.2.6 text:
"... If confidences are also tied between the duplicates, for
consistency it is suggested that RB2 direct all such frames (or
all such frames in the same ECMP flow) toward the same egress
RBridge; however, the use of other policies will not cause a
network problem since transit RBridges do not examine the
Inner.MacDA for known unicast frames."
NEW [RFC6325] Section 4.2.6 text:
"... If confidences are also tied between the duplicates, then RB2
MUST adopt one of the following two strategies:
1. In a pseudorandom way [RFC4086], select one of the egress
RBridges that is least cost from RB2 and to which the
destination MAC appears to be attached, and send all traffic
for the destination MAC and VLAN (or FGL [RFC7172]) to that
egress. This pseudorandom choice need only be changed when
there is a change in campus topology or MAC attachment
information. Such pseudorandom selection will, over a
population of ingress RBridges, probabilistically spread
traffic over the possible egress RBridges. Reasonable inputs
to the pseudorandom selection are the ingress RBridge System ID
and/or nickname, the VLAN or FGL, the destination MAC address,
and a vector of the RBridges with connectivity to that MAC and
VLAN or FGL. There is no need for different RBridges to use
the same pseudorandom function.
Zhai, et al. Standards Track [Page 17]
^L
RFC 7357 TRILL: ESADI September 2014
As an example of such a pseudorandom function, if there are k
egress RBridges (RB0, RB1, ..., RB(k-1)) all reporting
attachment to address MACx in Data Label DLy, then an ingress
RBridge RBin could select the one to which it will send all
unicast TRILL Data packets addressed to MACx in DLy based on
the following:
FNV-32(RBin | MACx | DLy | RB0 | RB1 | ... | RB(k-1)) mod k
where the FNV (Fowler/Noll/Vo) algorithm is specified in
[FNV], RBx means the nickname for RBridge RBx, "|" means
concatenation, MACx is the destination MAC address, DLy is
the Data Label, and "mod k" means the integer division
remainder of the output of the FNV-32 function considered as
a positive integer divided by k.
2. If RB2 supports ECMP and will not be disturbed by return
traffic from the same MAC and VLAN (or FGL [RFC7172]) coming
from a variety of different RBridges, then it MAY send traffic
using ECMP at the flow level to the egress RBridges that are
least cost from RB2 and to which the destination MAC appears to
be attached."
6. ESADI-LSP Contents
The only PDUs used in ESADI are the ESADI-LSP, ESADI-CSNP, and
ESADI-PSNP PDUs. Currently, the contents of an ESADI-LSP consist of
zero or more MAC-Reachability TLVs, optionally an Authentication TLV,
and exactly one ESADI parameter APPsub-TLV. Other similar data may
be included in the future and, as in [IS-IS], an ESADI instance
ignores any TLVs or sub-TLVs it does not understand. Because these
PDUs are formatted as Extended Level 1 Circuit Scope (E-L1CS) PDUs
[RFC7356], the Type and Length fields in the TLVs are 16-bit.
This section specifies the format for the ESADI Parameter APPsub-TLV,
gives the reference for the ESADI MAC-Reachability TLV, and discusses
default authentication configuration.
For robustness, the payload for an ESADI-LSP number zero and any
ESADI-CSNP or ESADI-PSNP covering fragment zero MUST NOT exceed 1470
minus 24 bytes in length (1446 bytes) if it has an Inner.VLAN, or
1470 minus 28 bytes (1442 bytes) if it has an Inner.FGL. However, if
an ESADI-LSP number zero or such an ESADI-CSNP or ESADI-PSNP is
received that is longer, it is still processed normally. (As stated
in Section 4.3.1 of [RFC6325], 1470 bytes was chosen to make it
extremely unlikely that a TRILL control packet, even with reasonable
additional headers, tags, and/or encapsulation, would encounter MTU
problems on an inter-RBridge link.)
Zhai, et al. Standards Track [Page 18]
^L
RFC 7357 TRILL: ESADI September 2014
6.1. ESADI Parameter Data
Figure 4 presents the format of the ESADI parameter data. This
APPsub-TLV MUST be included in a TRILL GENINFO TLV in ESADI-LSP
number zero. If it is missing from ESADI-LSP number zero or if
ESADI-LSP number zero is not known, priority for the sending RBridge
defaults to 0x40 and CSNP Time defaults to 30. If there is more than
one occurrence in ESADI-LSP number zero, the first occurrence will be
used. Occurrences of the ESADI Parameter APPsub-TLV in non-zero
ESADI-LSP fragments are ignored.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R| Priority | (1 byte)
+-+-+-+-+-+-+-+-+
| CSNP Time | (1 byte)
+-+-+-+-+-+-+-+-+
| Flags | (1 byte)
+---------------+
| Reserved for expansion (variable)
+-+-+-+-...
Figure 4: ESADI Parameter APPsub-TLV
Type: Set to ESADI-PARAM sub-TLV (TRILL APPsub-TLV type 0x0001).
Two bytes, because this APPsub-TLV appears in an extended TLV
[RFC7356].
Length: Variable, with a minimum of 3, but must fit within the ESADI
packet. This field is encoded as an unsigned integer in network
byte order [RFC7356].
R: A reserved bit that MUST be sent as zero and ignored on receipt.
Priority: Gives the originating RBridge's priority for being the DRB
on the ESADI instance virtual link (see Section 3) for the Data
Label in which the PDU containing the parameter data was sent. It
is an unsigned 7-bit integer with the larger magnitude indicating
higher priority. It defaults to 0x40 for an RBridge participating
in ESADI for which it has not been configured.
Zhai, et al. Standards Track [Page 19]
^L
RFC 7357 TRILL: ESADI September 2014
CSNP Time: An unsigned byte that gives the amount of time in seconds
during which the originating RBridge, if it is the DRB on the
ESADI virtual link, will send at least three ESADI-CSNP PDUs. It
defaults to 30 seconds for an RBridge participating in ESADI for
which it has not been configured.
Flags: A byte of flags associated with the originating ESADI
instance, as follows:
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| UN| RESV |
+---+---+---+---+---+---+---+---+
The UN flag indicates that the RBridge originating the ESADI-LSP,
including this ESADI parameter data, will accept and properly
process ESADI PDUs sent by TRILL unicast (see Section 4.1). The
remaining RESV bits are reserved for future use and MUST be sent
as zero and ignored on receipt.
Reserved for future expansion: Future versions of the ESADI Parameter
APPsub-TLV may have additional information. A receiving ESADI
RBridge ignores any additional data here, unless it implements
such future expansion(s).
6.2. MAC-Reachability TLV
The primary information in TRILL ESADI-LSP PDUs consists of
MAC-Reachability (MAC-RI) TLVs specified in [RFC6165]. These TLVs
contain one or more unicast MAC addresses of end stations that are
both on a port and in a VLAN for which the originating RBridge is
Appointed Forwarder, along with the 1-octet unsigned Confidence in
this information with a value in the range 0-254. If such a TLV is
received containing a Confidence of 255, it is treated as if the
Confidence was 254. (This is to assure that any received address
information can be overridden by local address information statically
configured with a Confidence of 255.)
The TLVs in TRILL ESADI PDUs, including the MAC-RI TLV, MUST NOT
contain the Data Label ID. If a Data Label ID is present in the
MAC-RI TLV, it is ignored. In the ESADI PDU, only the Inner.VLAN or
Inner.FGL tag indicates the Data Label to which the ESADI-LSP
applies.
Zhai, et al. Standards Track [Page 20]
^L
RFC 7357 TRILL: ESADI September 2014
6.3. Default Authentication
The Authentication TLV may be included in ESADI PDUs [RFC5310]
[IS-IS]. The default for ESADI PDU authentication is based on the
state of TRILL IS-IS shared secret authentication for TRILL IS-IS LSP
PDUs. If TRILL IS-IS authentication and ESADI are implemented at a
TRILL switch, then ESADI MUST be able to use the authentication
algorithms implemented for TRILL IS-IS and implement the keying
material derivation function given below. If ESADI authentication
has been manually configured, that configuration is not restricted by
the configuration of TRILL IS-IS security.
If TRILL IS-IS authentication is not in effect for LSP PDUs
originated by a TRILL switch, then ESADI PDUs originated by that
TRILL switch are by default also unsecured.
If such IS-IS LSP PDU authentication is in effect at a TRILL switch,
then, unless configured otherwise, ESADI PDUs sent by that switch
MUST use the same algorithm in their Authentication TLVs. The ESADI
authentication keying material used is derived from the IS-IS LSP
shared secret keying material as detailed below. However, such
authentication MAY be configured to use some other keying material.
HMAC-SHA256 ( "TRILL ESADI", IS-IS-LSP-shared-key )
In the algorithm above, HMAC-SHA256 is as described in [FIPS180] and
[RFC6234], and "TRILL ESADI" is the 11-byte US ASCII [ASCII] string
indicated. IS-IS-LSP-shared-key is secret keying material being used
by the originating TRILL switch for IS-IS LSP authentication.
7. IANA Considerations
IANA allocation and registry considerations are given below. Three
new sub-registries have been created in the "Transparent
Interconnection of Lots of Links (TRILL) Parameters" registry located
at <http://www.iana.org/assignments/trill-parameters> -- two in
Section 7.1 and one in Section 7.2 -- and various code points have
been assigned.
Zhai, et al. Standards Track [Page 21]
^L
RFC 7357 TRILL: ESADI September 2014
7.1. ESADI Participation and Capability Flags
IANA Action 1:
IANA has created the following new sub-registry called "Interested
VLANs Flag Bits" in the "Transparent Interconnection of Lots of
Links (TRILL) Parameters" registry.
Sub-registry: Interested VLANs Flag Bits
Registration Procedures: IETF Review
Note: These bits appear in the Interested VLANs record within
the Interested VLANs and Spanning Tree Roots Sub-TLV (INT-VLAN)
specified in [RFC7176].
References: [RFC7176], [RFC7357]
Bit Mnemonic Description Reference
--- -------- ----------- ---------
0 M4 IPv4 Multicast Router Attached [RFC7176]
1 M6 IPv6 Multicast Router Attached [RFC7176]
2 - Unassigned
3 ES ESADI Participation [RFC7357]
4-15 - (used for a VLAN ID) [RFC7176]
16-19 - Unassigned
20-31 - (used for a VLAN ID) [RFC7176]
The creation of this sub-registry (as immediately above) assigned
bit 3 as the ESADI Participation bit in the Interested VLANs and
Spanning Tree Roots sub-TLV. If The ESADI Participation bit is a
one, it indicates that the originating RBridge is participating in
ESADI for the indicated Data Label(s).
IANA Action 2:
IANA has created the following new sub-registry called "Interested
Labels Flag Bits" in the "Transparent Interconnection of Lots of
Links (TRILL) Parameters" registry.
Sub-registry: Interested Labels Flag Bits
Registration Procedures: IETF Review
Note: These bits appear in the Interested Labels record within
the Interested Labels and Spanning Tree Roots Sub-TLV
(INT-LABEL) specified in [RFC7176].
Zhai, et al. Standards Track [Page 22]
^L
RFC 7357 TRILL: ESADI September 2014
References: [RFC7176], [RFC7357]
Bit Mnemonic Description Reference
--- -------- ----------- ---------
0 M4 IPv4 Multicast Router Attached [RFC7176]
1 M6 IPv6 Multicast Router Attached [RFC7176]
2 BM Bit Map [RFC7176]
3 ES ESADI Participation [RFC7357]
4-7 - Unassigned
The creation of this sub-registry (as immediately above) assigned
bit 3 as the ESADI Participation bit in the Interested Labels and
Spanning Tree Roots sub-TLV. If The ESADI Participation bit is a
one, it indicates that the originating RBridge is participating in
ESADI for the indicated Data Label(s).
7.2. TRILL GENINFO TLV
IANA Action 3:
IANA has allocated the IS-IS Application Identifier 1 under the
Generic Information TLV (#251) [RFC6823] for TRILL.
IANA Action 4:
IANA has created a sub-registry in the "Transparent
Interconnection of Lots of Links (TRILL) Parameters" registry as
follows:
Sub-registry: TRILL APPsub-TLV Types under IS-IS TLV 251
Application Identifier 1
Registration Procedures: IETF Review with additional
requirements on the documentation of the use being
registered as specified in Section 7.2 of [RFC7357].
Note: Types greater than 255 are only usable in contexts
permitting a type larger than one byte, such as extended TLVs
[RFC7356].
Reference: [RFC7357]
Zhai, et al. Standards Track [Page 23]
^L
RFC 7357 TRILL: ESADI September 2014
Type Name Reference
---------- -------- -----------
0 Reserved [RFC7357]
1 ESADI-PARAM [RFC7357]
2-254 Unassigned [RFC7357]
255 Reserved [RFC7357]
256-65534 Unassigned [RFC7357]
65535 Reserved [RFC7357]
TRILL APPsub-TLV Types 2 through 254 and 256 through 65534 are
available for assignment by IETF Review. The RFC causing such an
assignment will also include a discussion of security issues and
of the rate of change of the information being advertised. TRILL
APPsub-TLVs MUST NOT alter basic IS-IS protocol operation
including the establishment of adjacencies, the update process,
and the decision process for TRILL IS-IS [IS-IS] [RFC1195]
[RFC7177]. The TRILL Generic Information TLV MUST NOT be used in
an IS-IS instance zero [RFC6822] LSP but may be used in Flooding
Scoped LSPs (FS-LSPs) [RFC7356].
The V, I, D, and S flags in the initial flags byte of a TRILL Generic
Information TLV have the meanings specified in [RFC6823] but are not
currently used, as TRILL operates as a Level 1 IS-IS area and no
semantics are hereby assigned to the inclusion of an IPv4 and/or IPv6
address via the I and V flags. Thus, these I and V flags MUST be
zero; however, if either or both are one, the space that should be
taken by an IPv4 and/or IPv6 address, respectively, is skipped over
and ignored. Furthermore, the use of multilevel IS-IS is an obvious
extension for TRILL [MultiLevel], and future IETF Standards Actions
may update or obsolete this specification to provide for the use of
any or all of these flags in the TRILL GENINFO TLV.
The ESADI Parameters information, for which TRILL APPsub-TLV 1 is
hereby assigned, is compact and slow changing (see Section 6.1).
For security considerations related to ESADI and the ESADI Parameter
APPsub-TLV, see Section 8.
8. Security Considerations
ESADI PDUs can be authenticated through the inclusion of the
Authentication TLV [RFC5310]. Defaults for such authentication are
described in Section 6.3.
The ESADI-LSP data primarily announces MAC address reachability
within a Data Label. Such reachability can, in some cases, be an
authenticated registration (for example, a Layer 2 authenticated
registration using cryptographically based EAP (Extensible
Zhai, et al. Standards Track [Page 24]
^L
RFC 7357 TRILL: ESADI September 2014
Authentication Protocol [RFC3748]) methods via [802.1X]). The
combination of these techniques can cause ESADI MAC reachability
information to be substantially more trustworthy than MAC
reachability learned from observation of the data plane.
Nevertheless, ESADI still involves trusting all other RBridges in the
TRILL campus, at least those that have the keying material necessary
to construct a valid Authentication TLV.
However, there may be cases where authenticated registration is used
for end stations, because of a significant threat of forged packets
on end station links, but it is not necessary to authenticate ESADI
PDUs because that threat is not present for inter-RBridge trunks.
For example, a TRILL campus with secure RBridges and inter-RBridge
links configured as trunks but with some end stations connected via
IEEE 802.11 wireless access links might use 802.11 authentication for
the connection of such end stations but might not necessarily
authenticate ESADI PDUs. Note that if the IS-IS LSPs in a TRILL
campus are authenticated, perhaps due to a concern about forged
packets, the ESADI PDUs will be authenticated by default as provided
in Section 6.3.
MAC reachability learned from the data plane (the TRILL default) is
overwritten by any future learning of the same type. ESADI
advertisements are represented in the Data Label scoped link state
database. Thus, ESADI makes visible any multiple attachments of the
same MAC address within a Data Label to different RBridges (see
Section 5.3). This may or may not be an error or misconfiguration,
but ESADI at least makes it explicitly and persistently visible,
which would not be the case with data plane learning.
For general TRILL security considerations, see [RFC6325].
8.1. Privacy Considerations
The address reachability information distributed by ESADI has
substantial privacy considerations under many, but not all,
circumstances.
For example, if ESADI were used in a TRILL campus with independent
user end stations at the edge, the MAC addresses of such end stations
could uniquely identify the users of those end stations. Their
reachability would be sensitive information and, particularly if
logged, could reveal such user information. On the other hand, if
TRILL is being used to implement an Internet Exchange Point (IXP) to
connect Internet Service Providers (ISPs), the MAC addresses being
advertised in ESADI would typically be those of the ISP's directly
connected IP router ports, since Layer 3 routers bound the TRILL
campus, for which there would be few privacy concerns.
Zhai, et al. Standards Track [Page 25]
^L
RFC 7357 TRILL: ESADI September 2014
However, records of MAC attachment that include a modest amount of
history, perhaps a few days' worth, can be useful in managing a
network and troubleshooting network problems. It might, in some
cases, also be legally required, or required for billing purposes or
the like.
Network operators should seek a reasonable balance between these
competing considerations, customized for the circumstances of their
particular networks where ESADI is in use. They should not maintain
logs of MAC reachability information for any longer than is clearly
required.
9. Acknowledgements
The authors thank the following, listed in alphabetic order, for
their suggestions and contributions:
David Black, Somnath Chatterjee, Adrian Farrel, Stephen Farrell,
Sujay Gupta, Russ Housley, Pearl Liang, Kathleen Moriarty, Thomas
Narten, Erik Nordmark, and Mingui Zhang.
10. References
10.1. Normative References
[ASCII] American National Standards Institute (formerly United
States of America Standards Institute), "USA Code for
Information Interchange", ANSI X3.4-1968, 1968.
ANSI X3.4-1968 has been replaced by newer versions with
slight modifications, but the 1968 version remains
definitive for the Internet.
[FIPS180] "Secure Hash Standard (SHS)", National Institute of
Standards and Technology, Federal Information Processing
Standard (FIPS) 180-4, March 2012, <http://csrc.nist.gov/
publications/fips/fips180-4/fips-180-4.pdf>.
[IS-IS] ISO/IEC 10589:2002, Second Edition, "Information
technology -- Telecommunications and information exchange
between systems -- Intermediate System to Intermediate
System intra-domain routeing information exchange protocol
for use in conjunction with the protocol for providing the
connectionless-mode network service (ISO 8473)", 2002.
[RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and
dual environments", RFC 1195, December 1990.
Zhai, et al. Standards Track [Page 26]
^L
RFC 7357 TRILL: ESADI September 2014
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086,
June 2005.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
and M. Fanto, "IS-IS Generic Cryptographic
Authentication", RFC 5310, February 2009.
[RFC6165] Banerjee, A. and D. Ward, "Extensions to IS-IS for Layer-2
Systems", RFC 6165, April 2011.
[RFC6325] Perlman, R., Eastlake 3rd, D., Dutt, D., Gai, S., and A.
Ghanwani, "Routing Bridges (RBridges): Base Protocol
Specification", RFC 6325, July 2011.
[RFC6361] Carlson, J. and D. Eastlake 3rd, "PPP Transparent
Interconnection of Lots of Links (TRILL) Protocol Control
Protocol", RFC 6361, August 2011.
[RFC6823] Ginsberg, L., Previdi, S., and M. Shand, "Advertising
Generic Information in IS-IS", RFC 6823, December 2012.
[RFC7172] Eastlake 3rd, D., Zhang, M., Agarwal, P., Perlman, R., and
D. Dutt, "Transparent Interconnection of Lots of Links
(TRILL): Fine-Grained Labeling", RFC 7172, May 2014.
[RFC7176] Eastlake 3rd, D., Senevirathne, T., Ghanwani, A., Dutt,
D., and A. Banerjee, "Transparent Interconnection of Lots
of Links (TRILL) Use of IS-IS", RFC 7176, May 2014.
[RFC7177] Eastlake 3rd, D., Perlman, R., Ghanwani, A., Yang, H., and
V. Manral, "Transparent Interconnection of Lots of Links
(TRILL): Adjacency", RFC 7177, May 2014.
Zhai, et al. Standards Track [Page 27]
^L
RFC 7357 TRILL: ESADI September 2014
[RFC7180] Eastlake 3rd, D., Zhang, M., Ghanwani, A., Manral, V., and
A. Banerjee, "Transparent Interconnection of Lots of Links
(TRILL): Clarifications, Corrections, and Updates",
RFC 7180, May 2014.
[RFC7356] Ginsberg, L., Previdi, S., and Y. Yang, "IS-IS Flooding
Scope Link State PDUs (LSPs)", RFC 7356, September 2014.
10.2. Informative References
[802.1X] IEEE 802.1, "IEEE Standard for Local and metropolitan area
networks--Port-Based Network Access Control", IEEE
Standard 802.1X-2010, February 2010.
[FNV] Fowler, G., Noll, L., Vo, K., and D. Eastlake 3rd, "The
FNV Non-Cryptographic Hash Algorithm", Work in Progress,
April 2014.
[MultiLevel]
Perlman, R., Eastlake 3rd, D., Ghanwani, A., and H. Zhai,
"Flexible Multilevel TRILL (Transparent Interconnection of
Lots of Links)", Work in Progress, June 2014.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, Ed., "Extensible Authentication Protocol
(EAP)", RFC 3748, June 2004.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.
[RFC6822] Previdi, S., Ed., Ginsberg, L., Shand, M., Roy, A., and D.
Ward, "IS-IS Multi-Instance", RFC 6822, December 2012.
[VLANmapping]
Perlman, R., Rijhsinghani, A., Eastlake 3rd, D., Banerjee,
A., and D. Dutt, "TRILL: Campus Label and Priority
Regions", Work in Progress, January 2014.
Zhai, et al. Standards Track [Page 28]
^L
RFC 7357 TRILL: ESADI September 2014
Appendix A. Interoperability and Changes to RFC 6325
This appendix summarizes the significant changes this document makes
to the TRILL base protocol specification [RFC6325]. Although
simultaneous use of [RFC6325] ESADI and ESADI as specified in this
document in a TRILL campus is very unlikely due to non-deployment of
[RFC6325] ESADI, this appendix also discusses, for each change, the
interoperability considerations should such simultaneous use occur.
A.1. ESADI PDU Changes
The format of ESADI-LSP, ESADI-CSNP, and ESADI-PSNP PDU payloads is
changed from the IS-IS Level 1 format [IS-IS] to the Extended Level 1
Circuit Scope format (E-L1CS) specified in [RFC7356]. This change is
not backwards compatible with [RFC6325]. It is made in light of the
information-carrying capacity of the E-L1CS format, which is
256 times greater than that of the base IS-IS format. It is
anticipated that this greater information-carrying capacity will be
needed, under some circumstances, to carry end station addressing
information or other similar address and reachability information
when it is added to ESADI in the future.
The PDU numbers used for the ESADI LSP, CSNP, and PSNP PDUs in
[RFC6325] are 18, 24, and 26 [IS-IS]. With this document, the format
changes, and the PDU numbers change to 10, 11, and 12 [RFC7356]. The
use of different PDU numbers assures that a PDU will not be
mis-parsed. Because of this, implementations of this document and
implementations of [RFC6325] ESADI will discard each other's PDUs.
Thus, address reachability or other information distributed through
either type of ESADI implementation will only be communicated to
other implementations of the same type, and the two communities will
not communicate any information with each other.
Note that RBridges can use the TRILL mandatory-to-implement,
enabled-by-default data plane address learning in addition to ESADI.
(Section 5 of this document and the material it references explain
how to handle conflicts between different sources of address
reachability information.) Simply leaving data plane address
learning enabled would enable smooth incremental migration from
[RFC6325] ESADI to the ESADI specification in this document, should
that be necessary. The data plane address learning would fill in any
gaps due to non-communication between the two types of ESADI
implementations, although without the speed or security advantages
of ESADI.
Zhai, et al. Standards Track [Page 29]
^L
RFC 7357 TRILL: ESADI September 2014
A.2. Unicasting Changes
Unicasting of ESADI PDUs is optionally supported, including replacing
Section 4.6.2.2 of [RFC6325] with the new text given in Section 4.1
of this document. This unicast support is backwards compatible
because it is only used when the recipient RBridge signals its
support.
A.3. Message Timing Changes and Suggestions
The following timing-related ESADI message changes and suggestions
are included in this document:
1. Provide for staggered delay for non-originators of ESADI-LSP
fragments in response to requests for such fragments by CSNP and
PSNP messages.
2. Suggest staggered timing of unicast ESADI-LSPs when a new ESADI
RBridge appears on the ESADI virtual link.
These relate only to the timing of messages for congestion
minimization. Should a message be lost, due to congestion or
otherwise, it will be later retransmitted as a normal part of the
robust flooding mechanism used by ESADI.
A.4. Duplicate Address Reachability
The handling of persistent reachability of the same MAC within the
same Data Label from two or more RBridges is substantially modified,
including the explicit replacement of some text in Section 4.2.6 of
[RFC6325] (see Section 5.3 of this document). There is no problem
with a mixture of ESADI implementations in a TRILL campus, some
conforming to [RFC6325] and some conforming to this document, for
handling this condition. The more implementations conform to the
improved behavior specified in this document for this condition, the
better the traffic-spreading will be, and the less likely address
flip-flopping problems will be.
Zhai, et al. Standards Track [Page 30]
^L
RFC 7357 TRILL: ESADI September 2014
Authors' Addresses
Hongjun Zhai
ZTE Corporation
68 Zijinghua Road
Nanjing 200012
China
Phone: +86-25-52877345
EMail: zhai.hongjun@zte.com.cn
Fangwei Hu
ZTE Corporation
889 Bibo Road
Shanghai 201203
China
Phone: +86-21-68896273
EMail: hu.fangwei@zte.com.cn
Radia Perlman
EMC
2010 256th Ave. NE, #200
Bellevue, WA 98007
USA
EMail: Radia@alum.mit.edu
Donald Eastlake 3rd
Huawei Technologies
155 Beaver Street
Milford, MA 01757
USA
Phone: +1-508-333-2270
EMail: d3e3e3@gmail.com
Olen Stokes
Extreme Networks
2121 RDU Center Drive, Suite 300
Morrisville, NC 27560
USA
EMail: ostokes@extremenetworks.com
Zhai, et al. Standards Track [Page 31]
^L
|