Internet Engineering Task Force (IETF) S. Hegde
Request for Comments: 7777 Juniper Networks, Inc.
Category: Standards Track R. Shakir
ISSN: 2070-1721 Jive Communications, Inc.
A. Smirnov
Cisco Systems, Inc.
Z. Li
Huawei Technologies
B. Decraene
Orange
March 2016
Internet Engineering Task Force (IETF) S. Hegde
Request for Comments: 7777 Juniper Networks, Inc.
Category: Standards Track R. Shakir
ISSN: 2070-1721 Jive Communications, Inc.
A. Smirnov
Cisco Systems, Inc.
Z. Li
Huawei Technologies
B. Decraene
Orange
March 2016
Advertising Node Administrative Tags in OSPF
OSPF中的广告节点管理标签
Abstract
摘要
This document describes an extension to the OSPF protocol to add an optional operational capability that allows tagging and grouping of the nodes in an OSPF domain. This allows simplification, ease of management and control over route and path selection based on configured policies. This document describes an extension to the OSPF protocol to advertise node administrative tags. The node tags can be used to express and apply locally defined network policies, which are a very useful operational capability. Node tags may be used by either OSPF itself or other applications consuming information propagated via OSPF.
本文档描述了对OSPF协议的扩展,以添加可选的操作功能,允许对OSPF域中的节点进行标记和分组。这使得基于配置的策略对路由和路径选择进行简化、易于管理和控制。本文档描述了OSPF协议的扩展,用于公布节点管理标记。节点标记可用于表示和应用本地定义的网络策略,这是一种非常有用的操作功能。节点标记可由OSPF本身或其他使用通过OSPF传播的信息的应用程序使用。
This document describes the protocol extensions to disseminate node administrative tags to the OSPFv2 and OSPFv3 protocol. It provides example use cases of administrative node tags.
本文档描述了向OSPFv2和OSPFv3协议分发节点管理标记的协议扩展。它提供了管理节点标记的示例用例。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7777.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7777.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. OSPF Node Admin Tag TLV . . . . . . . . . . . . . . . . . . . 3
2.1. TLV Format . . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Elements of Procedure . . . . . . . . . . . . . . . . . . 4
2.2.1. Interpretation of Node Administrative Tags . . . . . 4
2.2.2. Use of Node Administrative Tags . . . . . . . . . . . 5
2.2.3. Processing Node Administrative Tag Changes . . . . . 6
3. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Service Auto-Discovery . . . . . . . . . . . . . . . . . 6
3.2. Fast-Rerouting Policy . . . . . . . . . . . . . . . . . . 7
3.3. Controlling Remote LFA Tunnel Termination . . . . . . . . 8
3.4. Mobile Backhaul Network Service Deployment . . . . . . . 8
3.5. Explicit Routing Policy . . . . . . . . . . . . . . . . . 9
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. Operational Considerations . . . . . . . . . . . . . . . . . 11
6. Manageability Considerations . . . . . . . . . . . . . . . . 12
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . 12
8.2. Informative References . . . . . . . . . . . . . . . . . 13
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. OSPF Node Admin Tag TLV . . . . . . . . . . . . . . . . . . . 3
2.1. TLV Format . . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Elements of Procedure . . . . . . . . . . . . . . . . . . 4
2.2.1. Interpretation of Node Administrative Tags . . . . . 4
2.2.2. Use of Node Administrative Tags . . . . . . . . . . . 5
2.2.3. Processing Node Administrative Tag Changes . . . . . 6
3. Applications . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Service Auto-Discovery . . . . . . . . . . . . . . . . . 6
3.2. Fast-Rerouting Policy . . . . . . . . . . . . . . . . . . 7
3.3. Controlling Remote LFA Tunnel Termination . . . . . . . . 8
3.4. Mobile Backhaul Network Service Deployment . . . . . . . 8
3.5. Explicit Routing Policy . . . . . . . . . . . . . . . . . 9
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. Operational Considerations . . . . . . . . . . . . . . . . . 11
6. Manageability Considerations . . . . . . . . . . . . . . . . 12
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . 12
8.2. Informative References . . . . . . . . . . . . . . . . . 13
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
It is useful to assign a node administrative tag to a router in the OSPF domain and use it as an attribute associated with the node. The node administrative tag can be used in a variety of applications, for example:
将节点管理标记分配给OSPF域中的路由器并将其用作与节点关联的属性是很有用的。节点管理标记可用于各种应用程序,例如:
(a) Traffic Engineering (TE) applications to provide different path-selection criteria.
(a) 交通工程(TE)应用程序提供不同的路径选择标准。
(b) Prefer or prune certain paths in Loop-Free Alternate (LFA) backup selection via local policies as defined in [LFA-MANAGE].
(b) 通过[LFA-MANAGE]中定义的本地策略,优先选择或删减无循环备用(LFA)备份选择中的某些路径。
This document provides mechanisms to advertise node administrative tags in OSPF for route and path selection. Route and path selection functionality applies to both TE and non-TE applications; hence, a new TLV for carrying node administrative tags is included in Router Information (RI) Link State Advertisement (LSA) [RFC7770].
本文档提供了在OSPF中公布节点管理标记以进行路由和路径选择的机制。路由和路径选择功能适用于TE和非TE应用;因此,在路由器信息(RI)链路状态通告(LSA)[RFC7770]中包括用于承载节点管理标签的新TLV。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
An administrative tag is a 32-bit integer value that can be used to identify a group of nodes in the OSPF domain.
管理标记是32位整数值,可用于标识OSPF域中的一组节点。
The newly defined TLV is carried within an RI LSA for OSPFV2 and OSPFV3. RI LSA [RFC7770] can have flooding scope at the link, area, or Autonomous System (AS) level. The choice of what scope at which to flood the group tags is a matter of local policy. It is expected that node administrative tag values will not be portable across administrative domains.
新定义的TLV在OSPFV2和OSPFV3的RI LSA中携带。RI LSA[RFC7770]可以在链路、区域或自治系统(AS)级别具有泛洪范围。选择在什么范围内填充组标记是本地策略的问题。预计节点管理标记值将无法跨管理域移植。
The TLV specifies one or more administrative tag values. An OSPF node advertises the set of groups it is part of in the OSPF domain (for example, all PE nodes are configured with a certain tag value, and all P nodes are configured with a different tag value in the domain). Multiple TLVs MAY be added in same RI LSA or in a different instance of the RI LSA as defined in [RFC7770].
TLV指定一个或多个管理标记值。OSPF节点在OSPF域中播发它所属的一组组组(例如,所有PE节点都配置有特定的标记值,所有P节点在域中配置有不同的标记值)。可以将多个TLV添加到同一个RI LSA中,或者添加到[RFC7770]中定义的RI LSA的不同实例中。
[RFC7770] defines the RI LSA, which may be used to advertise properties of the originating router. The payload of the RI LSA consists of one or more nested Type/Length/Value (TLV) triplets.
[RFC7770]定义RI LSA,该LSA可用于公布发起路由器的属性。RI LSA的有效负载由一个或多个嵌套类型/长度/值(TLV)三元组组成。
Node administrative tags are advertised in the Node Admin Tag TLV. The format of the Node Admin Tag TLV is:
节点管理标记在节点管理标记TLV中公布。节点管理标记TLV的格式为:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Administrative Tag #N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: OSPF Node Admin Tag TLV
图1:OSPF节点管理标签TLV
Type: 10
类型:10
Length: A 16-bit field that indicates the length of the value portion in octets and will be a multiple of 4 octets dependent on the number of tags advertised.
长度:一个16位字段,表示值部分的长度(以八位字节为单位),是4个八位字节的倍数,具体取决于公布的标签数量。
Value: A set of administrative tags. Each tag is a 32-bit integer value. At least one tag MUST be carried if this TLV is included in the RI LSA.
值:一组管理标记。每个标记都是一个32位整数值。如果该TLV包含在RI LSA中,则必须至少携带一个标签。
The meaning of the node administrative tags is generally opaque to OSPF. Routers advertising the node administrative tag (or tags) may be configured to do so without knowing (or even without supporting processing of) the functionality implied by the tag. This section describes general rules, regulations, and guidelines for using and interpreting an administrative tag that will facilitate interoperable implementations by vendors.
节点管理标记的含义对于OSPF来说通常是不透明的。为节点管理标签(一个或多个标签)广告的路由器可以被配置为这样做,而不知道(甚至不支持处理)标签隐含的功能。本节介绍使用和解释管理标记的一般规则、规定和指南,这些管理标记将促进供应商的互操作实现。
Interpretation of tag values is specific to the administrative domain of a particular network operator; hence, tag values SHOULD NOT be propagated outside the administrative domain to which they apply. The meaning of a node administrative tag is defined by the network local policy and is controlled via the configuration. If a receiving node does not understand the tag value or does not have a local policy corresponding to the tag, it ignores the specific tag and floods the RI LSA without any change as defined in [RFC7770].
标签值的解释特定于特定网络运营商的管理域;因此,标记值不应传播到其应用的管理域之外。节点管理标记的含义由网络本地策略定义,并通过配置进行控制。如果接收节点不理解标记值或没有与标记相对应的本地策略,则会忽略特定标记并在没有任何更改的情况下淹没RI LSA,如[RFC7770]中所定义。
The semantics of the tag order has no meaning. That is, there is no implied meaning to the ordering of the tags that indicates a certain operation or set of operations that need to be performed based on the ordering.
标记顺序的语义没有任何意义。也就是说,对于指示需要基于排序执行的特定操作或操作集的标记的排序没有隐含意义。
Each tag must be treated as an independent identifier that may be used in the policy to perform a policy action. Each tag carried by the Node Admin Tag TLV should be used to indicate a characteristic of a node that is independent of the characteristics indicated by other administrative tags. The administrative-tag list within the TLV MUST be considered an unordered list. While policies may be implemented based on the presence of multiple tags (e.g., if tag A AND tag B are present), they MUST NOT be reliant upon the order of the tags (i.e., all policies should be considered commutative operations, such that tag A preceding or following tag B does not change their outcome).
必须将每个标记视为一个独立的标识符,该标识符可在策略中用于执行策略操作。节点管理标签TLV携带的每个标签都应用于指示节点的特性,该特性独立于其他管理标签指示的特性。TLV中的管理标记列表必须视为无序列表。虽然策略可以基于多个标签的存在来实现(例如,如果标签A和标签B存在),但它们不能依赖于标签的顺序(即,所有策略都应被视为交换操作,以便标签B之前或之后的标签A不会改变其结果)。
The node administrative tags are not meant to be extended by future OSPF standards. New OSPF extensions are not expected to require use of node administrative tags or define well-known tag values. Node administrative tags are for generic use and do not require IANA registration. Future OSPF extensions requiring well-known values MAY define their own data signaling tailored to the needs of the feature or MAY use the capability TLV as defined in [RFC7770].
节点管理标签不打算被未来的OSPF标准扩展。新的OSPF扩展不需要使用节点管理标记或定义已知的标记值。节点管理标记用于一般用途,不需要IANA注册。需要已知值的未来OSPF扩展可能会根据功能的需要定义自己的数据信令,或者可能会使用[RFC7770]中定义的能力TLV。
Being part of the RI LSA, the Node Admin Tag TLV must be reasonably small and stable. In particular, implementations supporting node administrative tags MUST NOT be used to convey attributes of the routing topology or associate tags with changes in the network topology (both within and outside the OSPF domain) or reachability of routes.
作为RI LSA的一部分,节点管理标签TLV必须相当小且稳定。特别是,支持节点管理标记的实现不得用于传递路由拓扑的属性,或将标记与网络拓扑(OSPF域内外)的变化或路由的可达性相关联。
Multiple Node Admin Tag TLVs MAY appear in an RI LSA or multiple Node Admin Tag TLVs MAY be contained in different instances of the RI LSA. The administrative tags associated with a node that originates tags for the purpose of any computation or processing at a receiving node SHOULD be a superset of node administrative tags from all the TLVs in all the received RI LSA instances in the Link-State Database (LSDB) advertised by the corresponding OSPF router. When an RI LSA is received that changes the set of tags applicable to any originating node, which has features depending on node administrative tags, a receiving node MUST repeat any computation or processing that is based on those administrative tags.
多个节点管理标签tlv可以出现在RI LSA中,或者多个节点管理标签tlv可以包含在RI LSA的不同实例中。与为接收节点处的任何计算或处理目的而发起标记的节点相关联的管理标记应当是来自由相应的OSPF路由器通告的链路状态数据库(LSDB)中所有接收的RI LSA实例中的所有tlv的节点管理标记的超集。当接收到更改适用于任何原始节点的标记集的RI LSA时,接收节点必须重复基于这些管理标记的任何计算或处理,该原始节点具有取决于节点管理标记的特征。
When there is a change or removal of an administrative affiliation of a node, the node MUST re-originate the RI LSA with the latest set of node administrative tags. On the receiver, when there is a change in the Node Admin Tag TLV or removal/addition of a TLV in any instance of the RI LSA, implementations MUST take appropriate measures to update their state according to the changed set of tags. The exact actions needed depend on features working with administrative tags and are outside of scope of this specification.
当更改或删除节点的管理从属关系时,该节点必须使用最新的一组节点管理标记重新发起RI LSA。在接收器上,当节点管理标签TLV发生变化或RI LSA的任何实例中TLV的删除/添加时,实现必须采取适当措施根据变化的标签集更新其状态。所需的确切操作取决于使用管理标记的功能,不在本规范的范围内。
This section lists several examples of how implementations might use the node administrative tags. These examples are given only to demonstrate the generic usefulness of the router tagging mechanism. Implementations supporting this specification are not required to implement any of these use cases. It is also worth noting that in some described use cases, routers configured to advertise tags help other routers in their calculations but do not themselves implement the same functionality.
本节列出了实现如何使用节点管理标记的几个示例。给出这些示例只是为了证明路由器标记机制的通用性。实现这些用例中的任何一个都不需要支持此规范的实现。还值得注意的是,在一些描述的用例中,配置为播发标签的路由器帮助其他路由器进行计算,但它们自己并不实现相同的功能。
Router tagging may be used to automatically discover a group of routers sharing a particular service.
路由器标记可用于自动发现共享特定服务的一组路由器。
For example, a service provider might desire to establish a full mesh of MPLS TE tunnels between all PE routers in the area of the MPLS VPN network. Marking all PE routers with a tag and configuring devices with a policy to create MPLS TE tunnels to all other devices advertising this tag will automate maintenance of the full mesh. When a new PE router is added to the area, all other PE devices will open TE tunnels to it without needing to reconfigure them.
例如,服务提供商可能希望在mplsvpn网络区域中的所有PE路由器之间建立mplste隧道的完整网格。使用标签标记所有PE路由器,并使用策略配置设备,以创建到所有其他宣传此标签的设备的MPLS TE隧道,这将自动维护整个网格。当一个新的PE路由器添加到该区域时,所有其他PE设备将打开到它的TE通道,而无需重新配置它们。
Increased deployment of Loop-Free Alternates (LFA) as defined in [RFC5286] poses operation and management challenges. [LFA-MANAGE] proposes policies which, when implemented, will ease LFA operation concerns.
[RFC5286]中定义的无回路备用(LFA)的增加部署带来了运营和管理挑战。[LFA-MANAGE]提出政策,这些政策在实施时将缓解LFA运营方面的担忧。
One of the proposed refinements is to be able to group the nodes in an IGP domain with administrative tags and engineer the LFA based on configured policies.
建议的改进之一是能够使用管理标签将IGP域中的节点分组,并根据配置的策略设计LFA。
(a) Administrative limitation of LFA scope
(a) LFA范围的行政限制
Service provider access infrastructure is frequently designed in a layered approach with each layer of devices serving different purposes and thus having different hardware capabilities and configured software features. When LFA repair paths are being computed, it may be desirable to exclude devices from being considered as LFA candidates based on their layer.
服务提供商访问基础设施通常采用分层方法设计,每层设备服务于不同的目的,因此具有不同的硬件功能和配置的软件功能。当正在计算LFA修复路径时,可能希望基于设备的层将其排除在LFA候选之外。
For example, if the access infrastructure is divided into the Access, Distribution, and Core layers, it may be desirable for a Distribution device to compute LFA only via Distribution or Core devices but not via Access devices. This may be due to features enabled on Access routers, due to capacity limitations, or due to the security requirements. Managing such a policy via configuration of the router computing LFA is cumbersome and error prone.
例如,如果接入基础设施被划分为接入层、分发层和核心层,则分发设备可能希望仅经由分发层或核心设备而不是经由接入设备来计算LFA。这可能是由于访问路由器上启用的功能、容量限制或安全要求。通过路由器计算LFA的配置来管理这样的策略既麻烦又容易出错。
With the node administrative tags, it is possible to assign a tag to each layer and implement LFA policy of computing LFA repair paths only via neighbors that advertise the Core or Distribution tag. This requires minimal per-node configuration and the network automatically adapts when new links or routers are added.
使用节点管理标记,可以将标记分配给每一层,并实现仅通过通告核心或分发标记的邻居计算LFA修复路径的LFA策略。这需要最小的每个节点配置,并且当添加新的链路或路由器时,网络会自动适应。
(b) LFA calculation optimization
(b) LFA计算优化
Calculation of LFA paths may require significant resources of the router. One execution of Dijkstra's algorithm is required for each neighbor eligible to become the next hop of repair paths. Thus, a router with a few hundred neighbors may need to execute the algorithm hundreds of times before the best (or even valid) repair path is found. Manually excluding from the calculation neighbors that are known to provide no valid LFA (such as single-connected routers) may significantly reduce the number of Dijkstra algorithm runs.
LFA路径的计算可能需要路由器的大量资源。每个有资格成为下一跳修复路径的邻居都需要执行Dijkstra算法。因此,拥有几百个邻居的路由器可能需要执行数百次算法才能找到最佳(甚至有效)修复路径。手动从计算中排除已知不提供有效LFA的邻居(如单连接路由器),可能会显著减少Dijkstra算法的运行次数。
LFA calculation policy may be configured so that routers advertising certain tag values are excluded from LFA calculation, even if they are otherwise suitable.
LFA计算策略可以被配置为使得广告特定标签值的路由器被排除在LFA计算之外,即使它们在其他方面是合适的。
[RFC7490] defined a method of tunneling traffic to extend the basic LFA coverage after connection failure of a link and defined an algorithm to find tunnel tail-end routers meeting the LFA requirement. In most cases, the proposed algorithm finds more than one candidate tail-end router. In a real-life network, it may be desirable to exclude some nodes from the list of candidates based on the local policy. This may be either due to known limitations of the node (the router does not accept the targeted LDP sessions required to implement remote LFA tunneling) or due to administrative requirements (for example, it may be desirable to choose the tail-end router among colocated devices).
[RFC7490]定义了一种隧道流量方法,以在链路连接失败后扩展基本LFA覆盖范围,并定义了一种算法来查找满足LFA要求的隧道尾端路由器。在大多数情况下,该算法可以找到多个候选的终端路由器。在现实网络中,可能需要基于本地策略从候选列表中排除一些节点。这可能是由于节点的已知限制(路由器不接受实现远程LFA隧道所需的目标LDP会话)或由于管理要求(例如,可能希望在共定位设备中选择终端路由器)。
The node administrative tag delivers a simple and scalable solution. Remote LFA can be configured with a policy to accept only routers advertising a certain tag as candidates during the tail-end router calculation. Tagging routers allows both exclusion of nodes not capable of serving as remote LFA tunnel tail ends and definition of a region from which a tail-end router must be selected.
节点管理标签提供了一个简单且可扩展的解决方案。远程LFA可以配置一个策略,在终端路由器计算期间,只接受将某个标记作为候选标记的路由器。标记路由器既可以排除不能用作远程LFA隧道尾端的节点,也可以定义必须从中选择尾端路由器的区域。
Mobile backhaul networks usually adopt a ring topology to save fibre resources; it is usually divided into the aggregate network and the access network. Cell Site Gateways (CSGs) connects the LTE Evolved NodeBs (eNodeBs) and RNC (Radio Network Controller) Site Gateways (RSGs) connects the RNCs. The mobile traffic is transported from CSGs to RSGs. The network takes a typical aggregate traffic model that more than one access ring will attach to one pair of aggregate site gateways (ASGs) and more than one aggregate ring will attach to one pair of RSGs.
移动回程网络通常采用环形拓扑以节省光纤资源;它通常分为聚合网络和接入网络。小区站点网关(CSG)连接LTE演进节点B(EnodeB),RNC(无线网络控制器)站点网关(RSG)连接RNC。移动通信量从CSG传输到RSG。该网络采用典型的聚合流量模型,即多个接入环将连接到一对聚合站点网关(ASG),多个聚合环将连接到一对RSG。
----------------
/ \
/ \
/ \
+------+ +----+ Access +----+
|eNodeB|---|CSG1| Ring 1 |ASG1|------------
+------+ +----+ +----+ \
\ / \
\ / +----+ +---+
\ +----+ |RSG1|----|RNC|
-------------| | Aggregate +----+ +---+
|ASG2| Ring |
-------------| | +----+ +---+
/ +----+ |RSG2|----|RNC|
/ \ +----+ +---+
/ \ /
+------+ +----+ Access +----+ /
|eNodeB|---|CSG2| Ring 2 |ASG3|-----------
+------+ +----+ +----+
\ /
\ /
\ /
-----------------
----------------
/ \
/ \
/ \
+------+ +----+ Access +----+
|eNodeB|---|CSG1| Ring 1 |ASG1|------------
+------+ +----+ +----+ \
\ / \
\ / +----+ +---+
\ +----+ |RSG1|----|RNC|
-------------| | Aggregate +----+ +---+
|ASG2| Ring |
-------------| | +----+ +---+
/ +----+ |RSG2|----|RNC|
/ \ +----+ +---+
/ \ /
+------+ +----+ Access +----+ /
|eNodeB|---|CSG2| Ring 2 |ASG3|-----------
+------+ +----+ +----+
\ /
\ /
\ /
-----------------
Figure 2: Mobile Backhaul Network
图2:移动回程网络
A typical mobile backhaul network with access rings and aggregate links is shown in the figure above. The mobile backhaul networks deploy traffic engineering due to strict Service Level Agreements (SLAs). The TE paths may have additional constraints to avoid passing via different access rings or to get completely disjoint backup TE paths. The mobile backhaul networks towards the access side change frequently due to the growing mobile traffic and addition of new eNodeBs. It's complex to satisfy the requirements using cost, link color, or explicit path configurations. The node administrative tag defined in this document can be effectively used to solve the problem for mobile backhaul networks. The nodes in different rings can be assigned with specific tags. TE path computation can be enhanced to consider additional constraints based on node administrative tags.
上图显示了具有接入环和聚合链路的典型移动回程网络。由于严格的服务水平协议(SLA),移动回程网络部署了流量工程。TE路径可能具有额外的约束,以避免通过不同的接入环或获得完全不相交的备份TE路径。由于不断增长的移动通信量和新的enodeb的添加,朝向接入侧的移动回程网络频繁变化。使用成本、链接颜色或显式路径配置来满足需求很复杂。本文档中定义的节点管理标签可以有效地用于解决移动回程网络的问题。不同环中的节点可以指定特定的标记。可以提高TE路径计算,以考虑基于节点管理标签的附加约束。
A partially meshed network provides multiple paths between any two nodes in the network. In a data centre environment, the topology is usually highly symmetric with many/all paths having equal cost. In a long distance network, this is usually not the case, for a variety of reasons (e.g., historic, fibre availability constraints, different
部分网状网络在网络中的任意两个节点之间提供多条路径。在数据中心环境中,拓扑结构通常高度对称,多条/所有路径的成本相等。在远程网络中,由于各种原因(例如,历史、光纤可用性限制、不同的
distances between transit nodes, and different roles). Hence, between a given source and destination, a path is typically preferred over the others, while between the same source and another destination, a different path may be preferred.
运输节点之间的距离,以及不同的角色)。因此,在给定的源和目的地之间,路径通常优先于其他路径,而在相同的源和另一个目的地之间,可能优先于不同的路径。
+----------------------+ +----------------+
| \ / |
| +-----------------+ x +---------+ |
| | \/ \/ | |
| | +-T-10-T | |
| | / | /| | |
| | / 100 / | | |
| | / | | 100 | |
| | / +-+-+ | | |
| | / / | | | |
| | / / R-18-R | |
| | 10 10 /\ /\ | |
| | / / / \ / \ | |
| | / / / x \ | |
| | / / 10 10 \ \ | |
| | / / / / 10 10 | |
| | / / / / \ \ | |
| | A-25-A A-25-A A-25-A | |
| | | | \ \ / / | |
| | | | 201 201 201 201 | |
| | | | \ \ / / | |
| | 201 201 \ x / | |
| | | | \ / \ / | |
| | | | \/ \/ | |
| | I-24-I I-24-I 100 100
| | / / | | | |
| +-+ / | +-----------+ |
+---------+ +---------------------+
+----------------------+ +----------------+
| \ / |
| +-----------------+ x +---------+ |
| | \/ \/ | |
| | +-T-10-T | |
| | / | /| | |
| | / 100 / | | |
| | / | | 100 | |
| | / +-+-+ | | |
| | / / | | | |
| | / / R-18-R | |
| | 10 10 /\ /\ | |
| | / / / \ / \ | |
| | / / / x \ | |
| | / / 10 10 \ \ | |
| | / / / / 10 10 | |
| | / / / / \ \ | |
| | A-25-A A-25-A A-25-A | |
| | | | \ \ / / | |
| | | | 201 201 201 201 | |
| | | | \ \ / / | |
| | 201 201 \ x / | |
| | | | \ / \ / | |
| | | | \/ \/ | |
| | I-24-I I-24-I 100 100
| | / / | | | |
| +-+ / | +-----------+ |
+---------+ +---------------------+
Figure 3: Explicit Routing topology
图3:显式路由拓扑
In the above topology, an operator may want to enforce the following high-level explicit routing policies:
在上述拓扑中,运营商可能希望强制执行以下高级显式路由策略:
o Traffic from A nodes to A nodes should preferably go through R or T nodes (rather than through I nodes);
o 从A节点到A节点的业务量最好通过R或T节点(而不是通过I节点);
o Traffic from A nodes to I nodes must not go through R and T nodes.
o 从A节点到I节点的流量不得通过R和T节点。
With node admin tags, tag A (resp. I, R, T) can be configured on all A (resp. I, R, T) nodes to advertise their role. The first policy is about preferring one path over another. Given the chosen metrics, it is achieved with regular SPF routing. The second policy is about
使用节点管理标签,可以在所有A(resp.I,R,T)节点上配置标签A(resp.I,R,T),以公布其角色。第一个策略是优先选择一条路径而不是另一条路径。给定选定的度量,它是通过常规SPF路由实现的。第二项政策是关于
prohibiting (pruning) some paths. It requires an explicit routing policy. With the use of node tags, this may be achieved with a generic Constrained Shortest Path First (CSPF) policy configured on A nodes: for destination nodes, having the tag "A" runs a CSPF with the exclusion of nodes having the tag "I".
禁止(修剪)某些路径。它需要一个明确的路由策略。通过使用节点标记,这可以通过在节点上配置的通用约束最短路径优先(CSPF)策略来实现:对于目标节点,具有标记“a”的节点运行CSPF,而不包括具有标记“I”的节点。
Node administrative tags may be used by operators to indicate geographical location or other sensitive information. As indicated in [RFC2328] and [RFC5340], OSPF authentication mechanisms do not provide confidentiality and the information carried in node administrative tags could be leaked to an IGP snooper. Confidentiality for the OSPF control packets can be achieved by either running OSPF on top of IP Security (IPsec) tunnels or by applying IPsec-based security mechanisms as described in [RFC4552].
操作员可使用节点管理标签指示地理位置或其他敏感信息。如[RFC2328]和[RFC5340]所述,OSPF身份验证机制不提供机密性,节点管理标签中携带的信息可能会泄漏给IGP窥探者。OSPF控制数据包的机密性可以通过在IP安全(IPsec)隧道上运行OSPF或通过应用[RFC4552]中所述的基于IPsec的安全机制来实现。
Advertisement of tag values for one administrative domain into another risks misinterpretation of the tag values (if the two domains have assigned different meanings to the same values), which may have undesirable and unanticipated side effects.
将一个管理域的标签值公布到另一个管理域中有可能导致标签值的误解(如果两个域对相同的值赋予了不同的含义),这可能会产生不良和意外的副作用。
[RFC4593] and [RFC6863] discuss the generic threats to routing protocols and OSPF, respectively. These security threats are also applicable to the mechanisms described in this document. OSPF authentication described in [RFC2328] and [RFC5340] or extended authentication mechanisms described in [RFC7474] or [RFC7166] SHOULD be used in deployments where attackers have access to the physical networks and nodes included in the OSPF domain are vulnerable.
[RFC4593]和[RFC6863]分别讨论了路由协议和OSPF的一般威胁。这些安全威胁也适用于本文件中描述的机制。[RFC2328]和[RFC5340]中描述的OSPF身份验证或[RFC7474]或[RFC7166]中描述的扩展身份验证机制应用于攻击者可以访问物理网络且OSPF域中包含的节点易受攻击的部署中。
Operators can assign meaning to the node administrative tags, which are local to the operator's administrative domain. The operational use of node administrative tags is analogical to the IS-IS prefix tags [RFC5130] and BGP communities [RFC1997]. Operational discipline and procedures followed in configuring and using BGP communities and IS-IS prefix tags is also applicable to the usage of node administrative tags.
操作员可以为节点管理标记分配意义,这些标记是操作员管理域的本地标记。节点管理标记的操作使用类似于is-is前缀标记[RFC5130]和BGP社区[RFC1997]。配置和使用BGP社区和IS-IS前缀标记时遵循的操作规程和程序也适用于节点管理标记的使用。
Defining language for local policies is outside the scope of this document. As is the case of other policy applications, the pruning policies can cause the path to be completely removed from forwarding plane, and hence have the potential for more severe operational impact (e.g., node unreachability due to path removal) by comparison to preference policies that only affect path selection.
定义本地策略的语言不在本文档的范围内。与其他策略应用程序的情况一样,修剪策略可导致路径从转发平面完全移除,因此与仅影响路径选择的首选策略相比,可能会产生更严重的操作影响(例如,由于路径移除而导致节点无法访问)。
Node administrative tags are configured and managed using routing policy enhancements. The YANG data definition language is the latest model to describe and define configuration for network devices. The OSPF YANG data model is described in [OSPF-YANG] and the routing policy configuration model is described in [RTG-POLICY]. These two documents will be enhanced to include the configurations related to the node administrative tag.
使用路由策略增强功能配置和管理节点管理标记。YANG数据定义语言是描述和定义网络设备配置的最新模型。OSPF-YANG数据模型在[OSPF-YANG]中描述,路由策略配置模型在[RTG-policy]中描述。这两个文档将得到增强,以包括与节点管理标记相关的配置。
This specification updates the "OSPF Router Information (RI) TLVs" registry. IANA has registered the following value:
本规范更新“OSPF路由器信息(RI)TLV”注册表。IANA已注册以下值:
Node Admin Tag TLV - 10
节点管理标签TLV-10
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, <http://www.rfc-editor.org/info/rfc2328>.
[RFC2328]Moy,J.,“OSPF版本2”,STD 54,RFC 2328,DOI 10.17487/RFC2328,1998年4月<http://www.rfc-editor.org/info/rfc2328>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, <http://www.rfc-editor.org/info/rfc5340>.
[RFC5340]Coltun,R.,Ferguson,D.,Moy,J.,和A.Lindem,“IPv6的OSPF”,RFC 5340,DOI 10.17487/RFC5340,2008年7月<http://www.rfc-editor.org/info/rfc5340>.
[RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", RFC 7490, DOI 10.17487/RFC7490, April 2015, <http://www.rfc-editor.org/info/rfc7490>.
[RFC7490]Bryant,S.,Filsfils,C.,Previdi,S.,Shand,M.,和N.So,“远程无环路备用(LFA)快速重路由(FRR)”,RFC 7490,DOI 10.17487/RFC74902015年4月<http://www.rfc-editor.org/info/rfc7490>.
[RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and S. Shaffer, "Extensions to OSPF for Advertising Optional Router Capabilities", RFC 7770, DOI 10.17487/RFC7770, February 2016, <http://www.rfc-editor.org/info/rfc7770>.
[RFC7770]Lindem,A.,Ed.,Shen,N.,Vasseur,JP.,Aggarwal,R.,和S.Shaffer,“用于宣传可选路由器功能的OSPF扩展”,RFC 7770,DOI 10.17487/RFC7770,2016年2月<http://www.rfc-editor.org/info/rfc7770>.
[LFA-MANAGE] Litkowski, S., Decraene, B., Filsfils, C., Raza, K., Horneffer, M., and P. Sarkar, "Operational management of Loop Free Alternates", Work in Progress, draft-ietf-rtgwg-lfa-manageability-11, June 2015.
[LFA-MANAGE]Litkowski,S.,DeClaene,B.,Filsfils,C.,Raza,K.,Horneffer,M.,和P.Sarkar,“无回路备用电源的运行管理”,在建工程,草案-ietf-rtgwg-LFA-MANAGABILITY-112015年6月。
[OSPF-YANG] Yeung, D., Qu, Y., Zhang, J., Bogdanovic, D., and K. Koushik, "Yang Data Model for OSPF Protocol", Work in Progress, draft-ietf-ospf-yang-03, October 2015.
[OSPF-YANG]杨,D.,曲,Y.,张,J.,Bogdanovic,D.,和K.Koushik,“OSPF协议的YANG数据模型”,正在进行的工作,草案-ietf-OSPF-YANG-032015年10月。
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, <http://www.rfc-editor.org/info/rfc1997>.
[RFC1997]Chandra,R.,Traina,P.,和T.Li,“BGP社区属性”,RFC 1997,DOI 10.17487/RFC1997,1996年8月<http://www.rfc-editor.org/info/rfc1997>.
[RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, <http://www.rfc-editor.org/info/rfc4552>.
[RFC4552]Gupta,M.和N.Melam,“OSPFv3的认证/保密”,RFC 4552,DOI 10.17487/RFC4552,2006年6月<http://www.rfc-editor.org/info/rfc4552>.
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to Routing Protocols", RFC 4593, DOI 10.17487/RFC4593, October 2006, <http://www.rfc-editor.org/info/rfc4593>.
[RFC4593]Barbir,A.,Murphy,S.,和Y.Yang,“路由协议的一般威胁”,RFC 4593,DOI 10.17487/RFC4593,2006年10月<http://www.rfc-editor.org/info/rfc4593>.
[RFC5130] Previdi, S., Shand, M., Ed., and C. Martin, "A Policy Control Mechanism in IS-IS Using Administrative Tags", RFC 5130, DOI 10.17487/RFC5130, February 2008, <http://www.rfc-editor.org/info/rfc5130>.
[RFC5130]Previdi,S.,Shand,M.,Ed.,和C.Martin,“IS-IS中使用管理标签的策略控制机制”,RFC 5130,DOI 10.17487/RFC5130,2008年2月<http://www.rfc-editor.org/info/rfc5130>.
[RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for IP Fast Reroute: Loop-Free Alternates", RFC 5286, DOI 10.17487/RFC5286, September 2008, <http://www.rfc-editor.org/info/rfc5286>.
[RFC5286]Atlas,A.,Ed.和A.Zinin,Ed.,“IP快速重路由的基本规范:无环路交替”,RFC 5286,DOI 10.17487/RFC5286,2008年9月<http://www.rfc-editor.org/info/rfc5286>.
[RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6863, DOI 10.17487/RFC6863, March 2013, <http://www.rfc-editor.org/info/rfc6863>.
[RFC6863]Hartman,S.和D.Zhang,“根据路由协议键控和认证(KARP)设计指南分析OSPF安全性”,RFC 6863,DOI 10.17487/RFC6863,2013年3月<http://www.rfc-editor.org/info/rfc6863>.
[RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting Authentication Trailer for OSPFv3", RFC 7166, DOI 10.17487/RFC7166, March 2014, <http://www.rfc-editor.org/info/rfc7166>.
[RFC7166]Bhatia,M.,Manral,V.,和A.Lindem,“OSPFv3的支持认证拖车”,RFC 7166,DOI 10.17487/RFC7166,2014年3月<http://www.rfc-editor.org/info/rfc7166>.
[RFC7474] Bhatia, M., Hartman, S., Zhang, D., and A. Lindem, Ed., "Security Extension for OSPFv2 When Using Manual Key Management", RFC 7474, DOI 10.17487/RFC7474, April 2015, <http://www.rfc-editor.org/info/rfc7474>.
[RFC7474]Bhatia,M.,Hartman,S.,Zhang,D.,和A.Lindem,Ed.,“使用手动密钥管理时OSPFv2的安全扩展”,RFC 7474,DOI 10.17487/RFC7474,2015年4月<http://www.rfc-editor.org/info/rfc7474>.
[RTG-POLICY] Shaikh, A., Shakir, R., D'Souza, K., and C. Chase, "Routing Policy Configuration Model for Service Provider Networks", Work in Progress, draft-ietf-rtgwg-policy-model-00, September 2015.
[RTG-POLICY]Shaikh,A.,Shakir,R.,D'Souza,K.,和C.Chase,“服务提供商网络的路由策略配置模型”,正在进行的工作,草稿-ietf-rtgwg-POLICY-Model-00,2015年9月。
Contributors
贡献者
Thanks to Hannes Gredler for his substantial review, guidance, and editing of this document. Thanks to Harish Raguveer for his contributions to initial draft versions of this document.
感谢Hannes Gredler对本文件的实质性审查、指导和编辑。感谢Harish Raguveer对本文件初稿的贡献。
Acknowledgements
致谢
Thanks to Bharath R, Pushpasis Sarakar, and Dhruv Dhody for useful input. Thanks to Chris Bowers for providing useful input to remove ambiguity related to tag ordering. Thanks to Les Ginsberg and Acee Lindem for the input. Thanks to David Black for careful review and valuable suggestions for the document, especially for the operations section.
感谢Bharath R、Pushpasis Sarakar和Dhruv Dhody提供了有用的输入。感谢Chris Bowers提供有用的输入,以消除与标记排序相关的歧义。感谢Les Ginsberg和Acee Lindem的投入。感谢David Black对该文件的仔细审查和宝贵建议,尤其是对运营部分。
Authors' Addresses
作者地址
Shraddha Hegde Juniper Networks, Inc. Embassy Business Park Bangalore, KA 560093 India
印度卡州班加罗尔大使馆商业园Shraddha Hegde Juniper Networks,Inc.560093
Email: shraddha@juniper.net
Email: shraddha@juniper.net
Rob Shakir Jive Communications, Inc. 1275 W 1600 N, Suite 100 Orem, UT 84057 United States
Rob Shakir Jive通信公司,美国犹他州奥勒姆100号套房,邮编:1275 W 1600 N,邮编:84057
Email: rjs@rob.sh
Email: rjs@rob.sh
Anton Smirnov Cisco Systems, Inc. De Kleetlaan 6a Diegem 1831 Belgium
安东·斯米尔诺夫思科系统公司,德克莱兰6a Diegem 1831比利时
Email: as@cisco.com
Email: as@cisco.com
Li zhenbin Huawei Technologies Huawei Bld. No.156 Beiqing Rd Beijing 100095 China
李振斌华为技术有限公司。中国北京市北青路156号,邮编100095
Email: lizhenbin@huawei.com
Email: lizhenbin@huawei.com
Bruno Decraene Orange
布鲁诺橙
Email: bruno.decraene@orange.com
Email: bruno.decraene@orange.com