wdiff draft-ietf-lsr-ospf-bfd-strict-mode-00.txt draft-ietf-lsr-ospf-bfd-strict-mode-01.txt

Link State Routing K. Talaulikar
Internet-Draft P. Psenak
Intended status: Standards Track Cisco Systems, Inc.
Expires: July 9, 2020 January 1, 2021 A. Fu
Bloomberg
M. Rajesh
Juniper Networks
January 6,
June 30, 2020

OSPF Strict-Mode for BFD
draft-ietf-lsr-ospf-bfd-strict-mode-00
draft-ietf-lsr-ospf-bfd-strict-mode-01

Abstract

This document specifies the extensions to OSPF that enables a enable an OSPF
router
and its neighbor to signal their intention to use the requirement for a Bidirectional Forwarding
Detection (BFD) for their session prior to adjacency using link-local
advertisement between them. The signaling of formation. Link-Local
Signaling (LLS) is used to advertise this requirement of "strict-
mode" of BFD enablement,
allows the router to block and not allow the session establishment for OSPF adjacency. If both OSPF
neighbors advertise the "strict-mode" of BFD, adjacency with its neighbor router formation
will be blocked until a BFD session is has been successfully established between them. The document describes this
OSPF "strict-mode" of BFD establishment as a prerequisite to
adjacency formation.

Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
established.

Status of This Memo

This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

This Internet-Draft will expire on July 9, 2020. January 1, 2021.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. LLS B-bit Flag . . . . . . . . . . . . . . . . . . . . . . . 3
3. Local Interface IPv4 Address TLV . . . . . . . . . . . . . . 4 3
4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. OSPFv3 IPv4 Address-Family Specifics . . . . . . . . . . 6
4.2. Graceful Restart Considerations . . . . . . . . . . . . . 6
5. Operations & Management Considerations . . . . . . . . . . . 6
6. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
10.1. Normative References . . . . . . . . . . . . . . . . . . 8
10.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9

1. Introduction

Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to
monitor dataplane connectivity over links between them and to detect faults in the
bidirectional path between them. This capability BFD is leveraged by routing
protocols like Open Shortest Path First (OSPFv2)
[RFC2328] OSPFv2[RFC2328] and OSPFv3 [RFC5340] to detect
connectivity failures for
their established adjacencies and trigger the
rerouting of traffic around this the failure more quickly than their periodic with OSPF
hello messaging based
detection mechanism. packet monitoring.

The use of BFD for monitoring routing protocols adjacencies is
described in [RFC5882]. When BFD monitoring is enabled for OSPF
adjacencies, the BFD session is bootstrapped based on the neighbor
address information discovered by the exchange of OSPF hello
messages. packets.
Faults in the bidirectional forwarding detected via BFD then result
in the bringing down of the OSPF adjacency. adjacency being brought down. Note that it is possible
in some failure scenarios for the network to be in a state such that the
an OSPF adjacency is capable of coming up, can be established but the a BFD session cannot be established, and, more particularly, data
cannot be forwarded.
established and maintained. In certain other scenarios, a degraded
or poor quality link may result in OSPF adjacency formation to
succeed only to result in BFD session establishment not being
successful or flapping of the BFD session going down frequently due to its faster detection
mechanism. session.

To avoid such situations which result in the routing churn in the
network, associated with these scenarios, it would
be beneficial not to not allow OSPF to establish a
neighbor an adjacency until the a BFD
session is successfully established and has stabilized. However,
this would preclude the OSPF operation in an environment in which not
all OSPF routers support BFD and are enabled for BFD monitoring. on the link. A
solution would be is to block the
establishment of OSPF adjacencies if both systems are willing to
establish adjacency establishment until a BFD session but
is established as long as both neighbors advertise such a BFD session cannot be established.
requirement. Such a mode of BFD use by OSPF BFD usage is referred to as "strict-mode"
wherein BFD session establishment becomes a prerequisite for OSPF
adjacency coming up. to as
"strict-mode".

This document specifies the OSPF protocol extensions using link-local
signaling (LLS) [RFC5613] for a router to indicate to its neighbor
the willingness to establish a BFD session in the "strict-mode". It
also introduces an extension for OSPFv3 link-local signaling of
interface IPv4 address when used for IPv4 address-family (AF)
instance to enable discovery of the IPv4 addresses for BFD session
setup.

A similar functionality for IS-IS is specified [RFC6213].

1.1. Requirements Language

2. LLS B-bit Flag

A new

This document defines the B-bit is defined in the LLS Type 1 Extended Options
and Flags field. This bit is defined for the LLS block included in
Hello packets and indicates that BFD is enabled on the link and that
the router supports requests BFD strict-mode. Section 7 describes the
position of
this new the B-bit.

A router MUST include the LLS block with the LLS Type 1 Extended
Options and Flags TLV with the B-bit set its Hello messages when BFD
is enabled on the link.

3. Local Interface IPv4 Address TLV

The Local Interface IPv4 Address TLV is a new an LLS TLV meant for OSPFv3
protocol operations for IPv4 AF instances [RFC5838]. It has
following format:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Local Interface IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

where:

Type: TBD, suggested value 21

Length: 4 octet

Local Interface IPv4 Address: The primary IPv4 address of the
local interface.

4. Procedures

A router supporting BFD strict-mode advertises this capability
through its hello messages as described in Section 2 above. 2. When a router
supporting BFD strict-mode, detects strict-mode discovers a new neighbor router that also
supports BFD strict-mode, then it proceeds to will establish
adjacency a BFD session first
with that neighbor before bringing up the OSPF adjacency as described
further in this section.

This document updates the OSPF neighbor state machine as described in
[RFC2328] specifically
[RFC2328]. Specifically, the operations related to the Init state as
below when BFD strict-mode is used:

Init (without BFD strict-mode)

In this state, an a Hello packet has recently been seen received from the
neighbor. However, bidirectional communication has not yet been
established with the neighbor (i.e., the router itself did not
appear in the neighbor's Hello packet). All neighbors in this
state (or higher) are listed in the Hello packets sent from the
associated interface.

Init (with BFD strict-mode)

In this state, an Hello packet has recently been seen received from the
neighbor. However, bidirectional communication has not yet been
established with the neighbor (i.e., the router itself did not
appear in the neighbor's Hello packet). A BFD session
establishment to the neighbor is requested, if not already done
(e.g. in the event of transition from 2-way state). All neighbors Neighbors in higher than
Init state and those or higher will be listed in Init state the Hello packets
associated with the interface if they either have a corresponding
BFD session
up are listed established or have not advertised "strict-mode" BFD
in the Hello packets sent from the associated
interface. packet LLS Extended Options and Flags.

Whenever the neighbor state transitions to Down state, the removal of
the BFD session associated with that neighbor SHOULD be requested by
OSPF and the subsequent BFD session re-setup establishement SHOULD similarly be
requested by OSPF
after upon transitioning into Init state. This may
result in the deletion and creation of the BFD session respectively
when OSPF is the only client interested in the BFD session to the
neighbor address.

An implementation MUST NOT wait for BFD session establishment in Init
state unless BFD strict-mode is enabled on the router and the
specific neighbor indicates BFD strict-mode capability via its Hello
messages.
LLS options. When BFD is enabled, but the strict-mode of operation
cannot
has not be used, signaled by both neighbors, then an implementation SHOULD
start the BFD session establishment only in 2-Way state or higher
state. This makes it possible for an OSPF router to operate a mix of
BFD operation in strict-mode or normal mode across different
interfaces or even different neighbors on the same multi-access LAN
interface.

Once the OSPF state machine has moved beyond the Init state, any
change in the B-bit advertised in subsequent Hello messages MUST NOT
result in any trigger in either the OSPF adjacency or the BFD session
management (i.e. (i.e., the B-bit is considered only when in the Init
state). The disabling of Disabling BFD (or BFD strict-mode) on a an OSPF router would
result in its it not setting the B-bit in its subsequent Hello messages.
The disabling of LLS
options. Disabling BFD strict-mode has no change effect on the BFD
operations and would not result in bringing down of any established
BFD session.
The disabling of Disabling BFD would result in the BFD session brought
down due to Admin reason and hence would not bring down the OSPF
adjacency.

When BFD is enabled on an interface over which we already have an
existing OSPF adjacency, it would result in the router setting the
B-bit in its subsequent Hello messages. If the adjacency is already
up (i.e. (i.e., in its terminal state of Full or 2-way with non-DR routers
on a LAN) with a neighbor that also support supports BFD strict-mode, then an
implemantion SHOULD NOT bring this adjacency down and but instead use the
BFD strict-mode of operations operation after the next transition into Init
state. However, if the adjacency is not up, then an implementation
MAY bring such an adjacency down so it can use the BFD strict-mode
for its bring up.

4.1. OSPFv3 IPv4 Address-Family Specifics

The multiple

Multiple AF support in OSPFv3 [RFC5838] requires the use of an IPv6
link-local address as the source address for hello packets even when
forming adjacencies for IPv4 AF instances. In most deployments of
OSPFv3 IPv4 AF, it is required that BFD be is used to monitor and verify
the IPv4 data plane connectivity between the routers on the link and
hence and,
hence, the BFD session is setup using IPv4 neighbor addresses. The
IPv4 neighbor address on the interface is learnt only later in the
adjacency formation phase process when the neighbor's Link-LSA is received.
This results in the setup of the BFD session either after the
adjacency is established or much later in the adjacency formation
sequence.

To enable the BFD operations operation in strict-mode, it is necessary for a an OSPF
router to learn it's neighbor's IPv4 link address during the Init
state of adjacency formation (ideally when it receives the first
hello). The use of the Local Interface IPv4 Address TLV (as defined
in Section 3) in the LLS block of the OSPFv3 Hello messages for IPv4
AF instances makes this possible. Implementations that support
strict-mode of BFD operations operation for OSPFv3 IPv4 AF instances MUST
include the Local Interface IPv4 Address TLV in the LLS block of
their hello messages whenever the B-bit is set. also set in the LLS
Options and Flags field. A receiver MUST ignore the B-bit (i.e. (i.e., not
operate in BFD strict mode) unless when the Local Interface IPv4 Address TLV
is not present in OSPFv3 Hello message for IPv4 AF OSPFv3 instances.

4.2. Graceful Restart Considerations

An implementation needs to handle scenarios where both graceful
restart (GR) and the strict-mode of BFD operations operation are deployed
together. The GR aspects discussed in [RFC5882] also apply with
strict-mode of operations. In addition to that, BFD operation. Additionally, in strict-mode of BFD
operation, since the OSPF adjacency formation is held up delayed until the
BFD session establishment in
the strict-mode of operation, establishment, the resultant delay in adajcency formation
may affect or break the GR based GR-based recovery. In such cases, it is
RECOMMENDED that the GR timers are setup set such that they provide
sufficient time to cover allow for normal BFD session establishment delays.

5. Operations & Management Considerations

An implementation SHOULD report the BFD session status along with the
OSPF Init adjacency state when operating in BFD strict-mode and
perform logging operations on state transitions to include the BFD
events. This allows an operator to detect scenarios where an OSPF
adjacency may be stuck waiting for BFD session establishment.

In network deployments with noisy links or those with packet loss,
BFD sessions may flap frequently. In such scenarions, OSPF strict-
mode for BFD may be deployed in conjunction with an a BFD dampening or
hold-down mechanism to help avoid frequent adjacency flaps due BFD
causing that cause
routing churn.

6. Backward Compatibility

An implementation MUST support OSPF adjacency formation and
operations with a neighbor router that does not advertise the BFD
strict-mode capability - both when that neighbor router does not
support BFD and when it does support BFD but not in the strict-mode
of operation as described in this document. Implementations MAY
provide an option to specifically enable BFD operations only in the
strict-mode in which
strict-mode. In this case, an OSPF adjacency with a neighbor that
does not support BFD strict-mode would not be established
successfully. Implementations MAY provide an option to disable BFD
strict-mode which results in the router not advertising the B-bit and
BFD operations being performed in the same way as before prior to this
specification.

The signaling specified in this document happens at a link-local
level between routers on that link. A router which that does not support
this specification would ignore the B-bit in the LLS block of hello
messages from its neighbors and continue to bootstrap establish BFD sessions,
if enabled, without holding back delaying the OSPF adjacency formation. Since the
router which that does not support this specification would not have set
the B-bit in the LLS block of its own hello messages, its neighbor
routers that support this specification would not use BFD strict-mode
with it. such OSPF routers. As a result, the behavior would be the same
as before this specification. Therefore, there are no backward
compatibility related issues or implementations considerations that need to be taken
care of when implementing this specification. beyond what is
specified herein.

7. IANA Considerations

This specification updates Link Local Signaling TLV Identifiers
registry.

Following values are requested for allocation:

o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit
position 0x00000010.

o TBD (Suggested value 21) - Local Interface IPv4 Address TLV

8. Security Considerations

The security considerations for "OSPF Link-Local Signaling" [RFC5613]
also apply to the extension described in this document.
Inappropriate use of the B-bit in the LLS block of an OSPF hello
message could prevent an OSPF adjacency from forming or lead to
failure to detect bidirectional forwarding failures. If
authentication is being used in the OSPF routing domain
[RFC5709][RFC7474], then the Cryptographic Authentication TLV
[RFC5613] SHOULD also be used to protect the contents of the LLS
block.

9. Acknowledgements

The authors would like to acknowledge the review and inputs from Acee
Lindem, Manish Gupta, Balaji Ganesh Gupta and Rajesh M. Balaji Ganesh.

The authors would like to acknowledge Dylan van Oudheusden for
highlighting the problems in using strict-mode for BFD session for
IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on
the approach to address it.

10. References

10.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.

[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<https://www.rfc-editor.org/info/rfc2328>.

[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<https://www.rfc-editor.org/info/rfc5340>.

[RFC5613] Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D.
Yeung, "OSPF Link-Local Signaling", RFC 5613,
DOI 10.17487/RFC5613, August 2009,
<https://www.rfc-editor.org/info/rfc5613>.

[RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and
R. Aggarwal, "Support of Address Families in OSPFv3",
RFC 5838, DOI 10.17487/RFC5838, April 2010,
<https://www.rfc-editor.org/info/rfc5838>.

[RFC5882] Katz, D. and D. Ward, "Generic Application of
Bidirectional Forwarding Detection (BFD)", RFC 5882,
DOI 10.17487/RFC5882, June 2010,
<https://www.rfc-editor.org/info/rfc5882>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.

10.2. Informative References

[RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
Authentication", RFC 5709, DOI 10.17487/RFC5709, October
2009, <https://www.rfc-editor.org/info/rfc5709>.

[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.

[RFC6213] Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV",
RFC 6213, DOI 10.17487/RFC6213, April 2011,
<https://www.rfc-editor.org/info/rfc6213>.

[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed.,
"Security Extension for OSPFv2 When Using Manual Key
Management", RFC 7474, DOI 10.17487/RFC7474, April 2015,
<https://www.rfc-editor.org/info/rfc7474>.

Authors' Addresses

Ketan Talaulikar
Cisco Systems, Inc.
India

Email: ketant@cisco.com

Peter Psenak
Cisco Systems, Inc.
Apollo Business Center
Mlynske nivy 43
Bratislava 821 09
Slovakia

Email: ppsenak@cisco.com
Albert Fu
Bloomberg
USA

Email: afu14@bloomberg.net

Rajesh M
Juniper Networks
India

Email: mrajesh@juniper.net