Link State Routing                                         K. Talaulikar
Internet-Draft                                                 P. Psenak
Intended status: Standards Track                     Cisco Systems, Inc.
Expires: July 9, 2020 January 1, 2021                                           A. Fu
                                                               Bloomberg
                                                               M. Rajesh
                                                        Juniper Networks
                                                         January 6,
                                                           June 30, 2020

                        OSPF Strict-Mode for BFD
                 draft-ietf-lsr-ospf-bfd-strict-mode-00
                 draft-ietf-lsr-ospf-bfd-strict-mode-01

Abstract

   This document specifies the extensions to OSPF that enables a enable an OSPF
   router
   and its neighbor to signal their intention to use the requirement for a Bidirectional Forwarding
   Detection (BFD) for their session prior to adjacency using link-local
   advertisement between them.  The signaling of formation.  Link-Local
   Signaling (LLS) is used to advertise this requirement of "strict-
   mode" of BFD enablement,
   allows the router to block and not allow the session establishment for OSPF adjacency.  If both OSPF
   neighbors advertise the "strict-mode" of BFD, adjacency with its neighbor router formation
   will be blocked until a BFD session is has been successfully established between them.  The document describes this
   OSPF "strict-mode" of BFD establishment as a prerequisite to
   adjacency formation.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.
   established.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 9, 2020. January 1, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  LLS B-bit Flag  . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Local Interface IPv4 Address TLV  . . . . . . . . . . . . . .   4   3
   4.  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  OSPFv3 IPv4 Address-Family Specifics  . . . . . . . . . .   6
     4.2.  Graceful Restart Considerations . . . . . . . . . . . . .   6
   5.  Operations & Management Considerations  . . . . . . . . . . .   6
   6.  Backward Compatibility  . . . . . . . . . . . . . . . . . . .   7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   8
     10.2.  Informative References . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   Bidirectional Forwarding Detection (BFD) [RFC5880] enables routers to
   monitor dataplane connectivity over links between them and to detect faults in the
   bidirectional path between them.  This capability  BFD is leveraged by routing
   protocols like Open Shortest Path First (OSPFv2)
   [RFC2328] OSPFv2[RFC2328] and OSPFv3 [RFC5340] to detect
   connectivity failures for
   their established adjacencies and trigger the
   rerouting of traffic around this the failure more quickly than their periodic with OSPF
   hello messaging based
   detection mechanism. packet monitoring.

   The use of BFD for monitoring routing protocols adjacencies is
   described in [RFC5882].  When BFD monitoring is enabled for OSPF
   adjacencies, the BFD session is bootstrapped based on the neighbor
   address information discovered by the exchange of OSPF hello
   messages. packets.
   Faults in the bidirectional forwarding detected via BFD then result
   in the bringing down of the OSPF adjacency. adjacency being brought down.  Note that it is possible
   in some failure scenarios for the network to be in a state such that the
   an OSPF adjacency is capable of coming up, can be established but the a BFD session cannot be established, and, more particularly, data
   cannot be forwarded.
   established and maintained.  In certain other scenarios, a degraded
   or poor quality link may result in OSPF adjacency formation to
   succeed only to result in BFD session establishment not being
   successful or flapping of the BFD session going down frequently due to its faster detection
   mechanism. session.

   To avoid such situations which result in the routing churn in the
   network, associated with these scenarios, it would
   be beneficial not to not allow OSPF to establish a
   neighbor an adjacency until the a BFD
   session is successfully established and has stabilized.  However,
   this would preclude the OSPF operation in an environment in which not
   all OSPF routers support BFD and are enabled for BFD monitoring. on the link.  A
   solution would be is to block the
   establishment of OSPF adjacencies if both systems are willing to
   establish adjacency establishment until a BFD session but
   is established as long as both neighbors advertise such a BFD session cannot be established.
   requirement.  Such a mode of BFD use by OSPF BFD usage is referred to as "strict-mode"
   wherein BFD session establishment becomes a prerequisite for OSPF
   adjacency coming up. to as
   "strict-mode".

   This document specifies the OSPF protocol extensions using link-local
   signaling (LLS) [RFC5613] for a router to indicate to its neighbor
   the willingness to establish a BFD session in the "strict-mode".  It
   also introduces an extension for OSPFv3 link-local signaling of
   interface IPv4 address when used for IPv4 address-family (AF)
   instance to enable discovery of the IPv4 addresses for BFD session
   setup.

   A similar functionality for IS-IS is specified [RFC6213].

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  LLS B-bit Flag

   A new

   This document defines the B-bit is defined in the LLS Type 1 Extended Options
   and Flags field.  This bit is defined for the LLS block included in
   Hello packets and indicates that BFD is enabled on the link and that
   the router supports requests BFD strict-mode.  Section 7 describes the
   position of
   this new the B-bit.

   A router MUST include the LLS block with the LLS Type 1 Extended
   Options and Flags TLV with the B-bit set its Hello messages when BFD
   is enabled on the link.

3.  Local Interface IPv4 Address TLV

   The Local Interface IPv4 Address TLV is a new an LLS TLV meant for OSPFv3
   protocol operations for IPv4 AF instances [RFC5838].  It has
   following format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Type             |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Local Interface IPv4 Address                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   where:

      Type: TBD, suggested value 21

      Length: 4 octet

      Local Interface IPv4 Address: The primary IPv4 address of the
      local interface.

4.  Procedures

   A router supporting BFD strict-mode advertises this capability
   through its hello messages as described in Section 2 above. 2.  When a router
   supporting BFD strict-mode, detects strict-mode discovers a new neighbor router that also
   supports BFD strict-mode, then it proceeds to will establish
   adjacency a BFD session first
   with that neighbor before bringing up the OSPF adjacency as described
   further in this section.

   This document updates the OSPF neighbor state machine as described in
   [RFC2328] specifically
   [RFC2328].  Specifically, the operations related to the Init state as
   below when BFD strict-mode is used:

   Init (without BFD strict-mode)

      In this state, an a Hello packet has recently been seen received from the
      neighbor.  However, bidirectional communication has not yet been
      established with the neighbor (i.e., the router itself did not
      appear in the neighbor's Hello packet).  All neighbors in this
      state (or higher) are listed in the Hello packets sent from the
      associated interface.

   Init (with BFD strict-mode)

      In this state, an Hello packet has recently been seen received from the
      neighbor.  However, bidirectional communication has not yet been
      established with the neighbor (i.e., the router itself did not
      appear in the neighbor's Hello packet).  A BFD session
      establishment to the neighbor is requested, if not already done
      (e.g. in the event of transition from 2-way state).  All neighbors  Neighbors in higher than
      Init state and those or higher will be listed in Init state the Hello packets
      associated with the interface if they either have a corresponding
      BFD session
      up are listed established or have not advertised "strict-mode" BFD
      in the Hello packets sent from the associated
      interface. packet LLS Extended Options and Flags.

   Whenever the neighbor state transitions to Down state, the removal of
   the BFD session associated with that neighbor SHOULD be requested by
   OSPF and the subsequent BFD session re-setup establishement SHOULD similarly be
   requested by OSPF
   after upon transitioning into Init state.  This may
   result in the deletion and creation of the BFD session respectively
   when OSPF is the only client interested in the BFD session to the
   neighbor address.

   An implementation MUST NOT wait for BFD session establishment in Init
   state unless BFD strict-mode is enabled on the router and the
   specific neighbor indicates BFD strict-mode capability via its Hello
   messages.
   LLS options.  When BFD is enabled, but the strict-mode of operation
   cannot
   has not be used, signaled by both neighbors, then an implementation SHOULD
   start the BFD session establishment only in 2-Way state or higher
   state.  This makes it possible for an OSPF router to operate a mix of
   BFD operation in strict-mode or normal mode across different
   interfaces or even different neighbors on the same multi-access LAN
   interface.

   Once the OSPF state machine has moved beyond the Init state, any
   change in the B-bit advertised in subsequent Hello messages MUST NOT
   result in any trigger in either the OSPF adjacency or the BFD session
   management (i.e. (i.e., the B-bit is considered only when in the Init
   state).  The disabling of  Disabling BFD (or BFD strict-mode) on a an OSPF router would
   result in its it not setting the B-bit in its subsequent Hello messages.
   The disabling of LLS
   options.  Disabling BFD strict-mode has no change effect on the BFD
   operations and would not result in bringing down of any established
   BFD session.
   The disabling of  Disabling BFD would result in the BFD session brought
   down due to Admin reason and hence would not bring down the OSPF
   adjacency.

   When BFD is enabled on an interface over which we already have an
   existing OSPF adjacency, it would result in the router setting the
   B-bit in its subsequent Hello messages.  If the adjacency is already
   up (i.e. (i.e., in its terminal state of Full or 2-way with non-DR routers
   on a LAN) with a neighbor that also support supports BFD strict-mode, then an
   implemantion SHOULD NOT bring this adjacency down and but instead use the
   BFD strict-mode of operations operation after the next transition into Init
   state.  However, if the adjacency is not up, then an implementation
   MAY bring such an adjacency down so it can use the BFD strict-mode
   for its bring up.

4.1.  OSPFv3 IPv4 Address-Family Specifics

   The multiple

   Multiple AF support in OSPFv3 [RFC5838] requires the use of an IPv6
   link-local address as the source address for hello packets even when
   forming adjacencies for IPv4 AF instances.  In most deployments of
   OSPFv3 IPv4 AF, it is required that BFD be is used to monitor and verify
   the IPv4 data plane connectivity between the routers on the link and
   hence and,
   hence, the BFD session is setup using IPv4 neighbor addresses.  The
   IPv4 neighbor address on the interface is learnt only later in the
   adjacency formation phase process when the neighbor's Link-LSA is received.
   This results in the setup of the BFD session either after the
   adjacency is established or much later in the adjacency formation
   sequence.

   To enable the BFD operations operation in strict-mode, it is necessary for a an OSPF
   router to learn it's neighbor's IPv4 link address during the Init
   state of adjacency formation (ideally when it receives the first
   hello).  The use of the Local Interface IPv4 Address TLV (as defined
   in Section 3) in the LLS block of the OSPFv3 Hello messages for IPv4
   AF instances makes this possible.  Implementations that support
   strict-mode of BFD operations operation for OSPFv3 IPv4 AF instances MUST
   include the Local Interface IPv4 Address TLV in the LLS block of
   their hello messages whenever the B-bit is set. also set in the LLS
   Options and Flags field.  A receiver MUST ignore the B-bit (i.e. (i.e., not
   operate in BFD strict mode) unless when the Local Interface IPv4 Address TLV
   is not present in OSPFv3 Hello message for IPv4 AF OSPFv3 instances.

4.2.  Graceful Restart Considerations

   An implementation needs to handle scenarios where both graceful
   restart (GR) and the strict-mode of BFD operations operation are deployed
   together.  The GR aspects discussed in [RFC5882] also apply with
   strict-mode of operations.  In addition to that, BFD operation.  Additionally, in strict-mode of BFD
   operation, since the OSPF adjacency formation is held up delayed until the
   BFD session establishment in
   the strict-mode of operation, establishment, the resultant delay in adajcency formation
   may affect or break the GR based GR-based recovery.  In such cases, it is
   RECOMMENDED that the GR timers are setup set such that they provide
   sufficient time to cover allow for normal BFD session establishment delays.

5.  Operations & Management Considerations

   An implementation SHOULD report the BFD session status along with the
   OSPF Init adjacency state when operating in BFD strict-mode and
   perform logging operations on state transitions to include the BFD
   events.  This allows an operator to detect scenarios where an OSPF
   adjacency may be stuck waiting for BFD session establishment.

   In network deployments with noisy links or those with packet loss,
   BFD sessions may flap frequently.  In such scenarions, OSPF strict-
   mode for BFD may be deployed in conjunction with an a BFD dampening or
   hold-down mechanism to help avoid frequent adjacency flaps due BFD
   causing that cause
   routing churn.

6.  Backward Compatibility

   An implementation MUST support OSPF adjacency formation and
   operations with a neighbor router that does not advertise the BFD
   strict-mode capability - both when that neighbor router does not
   support BFD and when it does support BFD but not in the strict-mode
   of operation as described in this document.  Implementations MAY
   provide an option to specifically enable BFD operations only in the
   strict-mode in which
   strict-mode.  In this case, an OSPF adjacency with a neighbor that
   does not support BFD strict-mode would not be established
   successfully.  Implementations MAY provide an option to disable BFD
   strict-mode which results in the router not advertising the B-bit and
   BFD operations being performed in the same way as before prior to this
   specification.

   The signaling specified in this document happens at a link-local
   level between routers on that link.  A router which that does not support
   this specification would ignore the B-bit in the LLS block of hello
   messages from its neighbors and continue to bootstrap establish BFD sessions,
   if enabled, without holding back delaying the OSPF adjacency formation.  Since the
   router which that does not support this specification would not have set
   the B-bit in the LLS block of its own hello messages, its neighbor
   routers that support this specification would not use BFD strict-mode
   with it. such OSPF routers.  As a result, the behavior would be the same
   as before this specification.  Therefore, there are no backward
   compatibility related issues or implementations considerations that need to be taken
   care of when implementing this specification. beyond what is
   specified herein.

7.  IANA Considerations

   This specification updates Link Local Signaling TLV Identifiers
   registry.

   Following values are requested for allocation:

   o B-bit from "LLS Type 1 Extended Options and Flags" registry at bit
   position 0x00000010.

   o TBD (Suggested value 21) - Local Interface IPv4 Address TLV

8.  Security Considerations

   The security considerations for "OSPF Link-Local Signaling" [RFC5613]
   also apply to the extension described in this document.
   Inappropriate use of the B-bit in the LLS block of an OSPF hello
   message could prevent an OSPF adjacency from forming or lead to
   failure to detect bidirectional forwarding failures.  If
   authentication is being used in the OSPF routing domain
   [RFC5709][RFC7474], then the Cryptographic Authentication TLV
   [RFC5613] SHOULD also be used to protect the contents of the LLS
   block.

9.  Acknowledgements

   The authors would like to acknowledge the review and inputs from Acee
   Lindem, Manish Gupta, Balaji Ganesh Gupta and Rajesh M. Balaji Ganesh.

   The authors would like to acknowledge Dylan van Oudheusden for
   highlighting the problems in using strict-mode for BFD session for
   IPv4 AF instance with OSPFv3 and Baalajee S for his suggestions on
   the approach to address it.

10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328,
              DOI 10.17487/RFC2328, April 1998,
              <https://www.rfc-editor.org/info/rfc2328>.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
              <https://www.rfc-editor.org/info/rfc5340>.

   [RFC5613]  Zinin, A., Roy, A., Nguyen, L., Friedman, B., and D.
              Yeung, "OSPF Link-Local Signaling", RFC 5613,
              DOI 10.17487/RFC5613, August 2009,
              <https://www.rfc-editor.org/info/rfc5613>.

   [RFC5838]  Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and
              R. Aggarwal, "Support of Address Families in OSPFv3",
              RFC 5838, DOI 10.17487/RFC5838, April 2010,
              <https://www.rfc-editor.org/info/rfc5838>.

   [RFC5882]  Katz, D. and D. Ward, "Generic Application of
              Bidirectional Forwarding Detection (BFD)", RFC 5882,
              DOI 10.17487/RFC5882, June 2010,
              <https://www.rfc-editor.org/info/rfc5882>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

10.2.  Informative References

   [RFC5709]  Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
              Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
              Authentication", RFC 5709, DOI 10.17487/RFC5709, October
              2009, <https://www.rfc-editor.org/info/rfc5709>.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
              (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
              <https://www.rfc-editor.org/info/rfc5880>.

   [RFC6213]  Hopps, C. and L. Ginsberg, "IS-IS BFD-Enabled TLV",
              RFC 6213, DOI 10.17487/RFC6213, April 2011,
              <https://www.rfc-editor.org/info/rfc6213>.

   [RFC7474]  Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed.,
              "Security Extension for OSPFv2 When Using Manual Key
              Management", RFC 7474, DOI 10.17487/RFC7474, April 2015,
              <https://www.rfc-editor.org/info/rfc7474>.

Authors' Addresses

   Ketan Talaulikar
   Cisco Systems, Inc.
   India

   Email: ketant@cisco.com

   Peter Psenak
   Cisco Systems, Inc.
   Apollo Business Center
   Mlynske nivy 43
   Bratislava  821 09
   Slovakia

   Email: ppsenak@cisco.com
   Albert Fu
   Bloomberg
   USA

   Email: afu14@bloomberg.net

   Rajesh M
   Juniper Networks
   India

   Email: mrajesh@juniper.net