Internet Engineering Task Force (IETF) R. Raszuk Request for Comments: 6769 NTT MCL Category: Informational J. Heitz ISSN: 2070-1721 Ericsson A. Lo Arista L. Zhang UCLA X. Xu Huawei October 2012
Internet Engineering Task Force (IETF) R. Raszuk Request for Comments: 6769 NTT MCL Category: Informational J. Heitz ISSN: 2070-1721 Ericsson A. Lo Arista L. Zhang UCLA X. Xu Huawei October 2012
Simple Virtual Aggregation (S-VA)
简单虚拟聚合(S-VA)
Abstract
摘要
All BGP routers in the Default-Free Zone (DFZ) are required to carry all routes in the Default-Free Routing Table (DFRT). This document describes a technique, Simple Virtual Aggregation (S-VA), that allows some BGP routers not to install all of those routes into the Forwarding Information Base (FIB).
默认自由区(DFZ)中的所有BGP路由器都需要承载默认自由路由表(DFRT)中的所有路由。本文档描述了一种技术,即简单虚拟聚合(S-VA),它允许某些BGP路由器不将所有这些路由安装到转发信息库(FIB)中。
Some routers in an Autonomous System (AS) announce an aggregate (the VA prefix) in addition to the routes they already announce. This enables other routers not to install the routes covered by the VA prefix into the FIB as long as those routes have the same next-hop as the VA prefix.
自治系统(AS)中的一些路由器除了已经宣布的路由之外还宣布聚合(VA前缀)。这允许其他路由器不将VA前缀覆盖的路由安装到FIB中,只要这些路由具有与VA前缀相同的下一跳。
The VA prefixes that are announced within an AS are not announced to any other AS. The described functionality is of very low operational complexity, as it proposes a confined BGP speaker solution without any dependency on network-wide configuration or requirement for any form of intra-domain tunneling.
AS中宣布的VA前缀不会宣布给任何其他AS。所描述的功能具有非常低的操作复杂性,因为它提出了一种受限的BGP扬声器解决方案,而不依赖于网络范围的配置或对任何形式的域内隧道的要求。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6769.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6769.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3 1.1. Scope of This Document .....................................3 1.2. Requirements Notation ......................................3 1.3. Terminology ................................................3 2. Operation of S-VA ...............................................4 3. Deployment Considerations .......................................6 4. Security Considerations .........................................7 5. Acknowledgements ................................................7 6. Normative References ............................................7 7. Informative References ..........................................7
1. Introduction ....................................................3 1.1. Scope of This Document .....................................3 1.2. Requirements Notation ......................................3 1.3. Terminology ................................................3 2. Operation of S-VA ...............................................4 3. Deployment Considerations .......................................6 4. Security Considerations .........................................7 5. Acknowledgements ................................................7 6. Normative References ............................................7 7. Informative References ..........................................7
This document describes a technique called Simple Virtual Aggregation (S-VA). It allows some routers not to store some routes in the Forwarding Information Base (FIB) while still advertising and receiving the full Default-Free Routing Table (DFRT) in BGP.
本文档描述了一种称为简单虚拟聚合(S-VA)的技术。它允许某些路由器不在转发信息库(FIB)中存储某些路由,同时仍在BGP中播发和接收完整的默认免费路由表(DFRT)。
A typical scenario is as follows. Core routers in the ISP maintain the full DFRT in the FIB and Routing Information Base (RIB). Edge routers maintain the full DFRT in the BGP Local RIB (Loc-RIB), but do not install certain routes in the RIB and FIB. Edge routers may install a default route to core routers, to Area Border Routers (ABR) that are installed on the Point of Presence (POP), to core boundary routers, or to Autonomous System Border Routers (ASBRs).
一个典型的场景如下。ISP中的核心路由器在FIB和路由信息库(RIB)中维护完整的DFRT。边缘路由器在BGP本地RIB(Loc RIB)中保持完整的DFRT,但不在RIB和FIB中安装某些路由。边缘路由器可以安装到核心路由器、到安装在存在点(POP)上的区域边界路由器(ABR)、到核心边界路由器或到自治系统边界路由器(ASBR)的默认路由。
S-VA must be enabled on an edge router that needs to save its RIB and FIB space. The core routers must announce a new prefix called Virtual Aggregate (VA prefix).
必须在需要节省RIB和FIB空间的边缘路由器上启用S-VA。核心路由器必须宣布一个称为虚拟聚合(VA前缀)的新前缀。
The VA prefix is not intended to be announced from one AS into another, only between routers of the same AS.
VA前缀不打算从一个AS通知到另一个AS,只在相同AS的路由器之间通知。
S-VA can be used for both IPv4 unicast and multicast address families and IPv6 unicast and multicast address families.
S-VA可用于IPv4单播和多播地址系列以及IPv6单播和多播地址系列。
S-VA does not need to operate on every router in an AS.
S-VA不需要在AS中的每个路由器上运行。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
RIB/FIB-Installing Router (FIR): A router that does not suppress any routes and announces the VA prefix. Typically, a core router, a POP to core boundary router, or an ASBR would be configured as an FIR.
RIB/FIB安装路由器(FIR):不抑制任何路由并宣布VA前缀的路由器。通常,核心路由器、POP到核心边界路由器或ASBR将配置为FIR。
RIB/FIB-Suppressing Router (FSR): An S-VA router that installs the VA prefix, but does not install routes that are covered by and have the same next-hop as the VA prefix into its FIB. Typically, an edge router would be configured as an FSR.
RIB/FIB抑制路由器(FSR):一种S-VA路由器,安装VA前缀,但不在其FIB中安装与VA前缀覆盖且具有相同下一跳的路由。通常,边缘路由器将配置为FSR。
Suppress: Not to install a route that is covered by the VA prefix into the global RIB or FIB.
抑制:不将VA前缀覆盖的管线安装到全局加强筋或FIB中。
Legacy Router: A router that does not run S-VA and has no knowledge of S-VA.
传统路由器:不运行S-VA且不了解S-VA的路由器。
Global Routing Information Base (RIB): All routing protocols in a router install their selected routes into the RIB. The routes in the RIB are used to resolve next-hops for other routes, to be redistributed to other routing protocols, and to be installed into the FIB.
全局路由信息库(RIB):路由器中的所有路由协议将其选定的路由安装到RIB中。RIB中的路由用于解析其他路由的下一跳,重新分配到其他路由协议,并安装到FIB中。
Local/Protocol Routing Information Base (Loc-RIB): The Loc-RIB contains the routes that have been selected by the local BGP speaker's Decision Process as in [RFC4271].
本地/协议路由信息库(Loc RIB):Loc RIB包含由本地BGP演讲者决策过程选择的路由,如[RFC4271]所示。
NLRI: Network Layer Reachability Information [RFC4271]
NLRI:网络层可达性信息[RFC4271]
There are three types of routers in S-VA: FIB-Installing routers (FIR), FIB-Suppressing routers (FSR), and, optionally, legacy routers. While any router can be an FIR or an FSR, the simplest form of deployment is for AS border routers to be configured as FIRs and for customer facing edge routers to be configured as FSRs.
S-VA中有三种类型的路由器:FIB安装路由器(FIR)、FIB抑制路由器(FSR)和传统路由器(可选)。虽然任何路由器都可以是FIR或FSR,但最简单的部署形式是将AS边界路由器配置为FIR,将面向客户的边缘路由器配置为FSR。
When a FIR announces a VA prefix, it sets the path attributes as follows. The ORIGIN MUST be set to INCOMPLETE (value 2). The NEXT_HOP MUST be set to the same value as that of the routes that are intended to be covered by the VA prefix. The ATOMIC_AGGREGATE and AGGREGATOR attributes SHOULD NOT be included. The FIR MUST attach a NO_EXPORT community attribute [RFC1997]. The NLRI SHOULD be 0/0.
当FIR宣布VA前缀时,它将如下设置路径属性。原点必须设置为“不完整”(值2)。下一跳必须设置为与VA前缀覆盖的路由相同的值。不应包括原子聚合和聚合器属性。FIR必须附加NO_导出社区属性[RFC1997]。NLRI应为0/0。
A FIR SHOULD NOT FIB-suppress any routes.
FIR不应FIB抑制任何路由。
An FSR must detect the VA prefix or prefixes (including 0/0) and install them in all of Loc-RIB, RIB, and FIB. The FSR MAY suppress any more-specific routes that carry the same next-hop as the VA prefix.
FSR必须检测VA前缀(包括0/0),并将其安装在所有Loc RIB、RIB和FIB中。FSR可以抑制携带与VA前缀相同的下一跳的任何更具体路由。
Generally, any more-specific route that carries the same next-hop as the VA prefix is eligible for suppression. However, provided that there is at least one less-specific prefix with a different next-hop between the VA prefix and the suppressed prefixes, then those suppressed prefixes must be reinstalled.
通常,携带与VA前缀相同的下一跳的任何更具体路由都有资格被抑制。但是,如果在VA前缀和抑制的前缀之间至少有一个具有不同下一跳的不太特定的前缀,则必须重新安装这些抑制的前缀。
An example with three prefixes can be considered where the VA-prefix (prefix 1) is the least specific and covers prefix 2 and prefix 3.
可以考虑具有三个前缀的示例,其中VA前缀(前缀1)是最不特定的,并且包括前缀2和前缀3。
Prefix 2 is less specific than prefix 3 and covers the latter. If all three have the same next-hop, then only the bigger one, i.e., VA-Prefix, is announced. However, if prefix 2 has a different next-hop, then it will need to be announced separately. In this case, it is important to also announce prefix 3 separately.
前缀2不如前缀3具体,涵盖后者。如果所有三个具有相同的下一跳,则只宣布较大的一个,即VA前缀。但是,如果前缀2具有不同的下一跳,则需要单独宣布。在这种情况下,还必须单独宣布前缀3。
Similarly, when Internal BGP (IBGP) multipath is enabled, and when multiple VA prefixes form a multipath, only those more-specific prefixes of which the set of next-hops are identical to the set of next-hops of the VA prefix multipath are subject to suppression.
类似地,当启用内部BGP(IBGP)多路径时,并且当多个VA前缀形成多路径时,只有下一跳集与VA前缀多路径的下一跳集相同的更具体的前缀才会受到抑制。
The expected behavior is illustrated in Figure 1. This figure shows an AS with a FIR, FIR1, and an FSR, FSR1. FSR1 is an ASBR and is connected to two external ASBRs, EP1 and EP2.
预期的行为如图1所示。此图显示具有FIR和FSR的AS,FSR1。FSR1是一个ASBR,连接到两个外部ASBR EP1和EP2。
+------------------------------------------+ | Autonomous System | +----+ | | |EP1 | | /---+---| | | To ----\ +----+ +----+ / | +----+ | Other \|FIR1|----------|FSR1|/ | |Routers /| | | |\ | | ----/ +----+ +----+ \ | +----+ | \---+---|EP2 | | | | | | | +----+ +------------------------------------------+
+------------------------------------------+ | Autonomous System | +----+ | | |EP1 | | /---+---| | | To ----\ +----+ +----+ / | +----+ | Other \|FIR1|----------|FSR1|/ | |Routers /| | | |\ | | ----/ +----+ +----+ \ | +----+ | \---+---|EP2 | | | | | | | +----+ +------------------------------------------+
Figure 1
图1
Suppose that FSR1 has been enabled to perform S-VA. Originally, it receives all routes from FIR1 (doing next-hop-self) as well as from EP1 and EP2. FIR1 now will advertise a VA prefix 0/0 with the next-hop set to itself. This will cause FSR1 to suppress all routes with the same next-hop as the VA prefix. However, FSR1 will not suppress any routes received from EP1 and EP2, because their next-hops are different from that of the VA prefix.
假设FSR1已启用以执行S-VA。最初,它接收来自FIR1(执行下一跳自我)以及来自EP1和EP2的所有路由。FIR1现在将公布VA前缀0/0,并将下一跳设置为自身。这将导致FSR1抑制与VA前缀具有相同下一跳的所有路由。但是,FSR1不会抑制从EP1和EP2接收到的任何路由,因为它们的下一跳与VA前缀的下一跳不同。
Several FIRs may announce different S-VA prefixes. For example, in a POP, each edge router can announce into the POP an S-VA prefix that covers the addresses of the customers it services.
一些FIR可能会宣布不同的S-VA前缀。例如,在POP中,每个边缘路由器可以在POP中宣布一个S-VA前缀,该前缀覆盖it服务客户的地址。
Several FIRs may announce the same S-VA prefix. In this case, an FSR must choose to install only one of them. For example, two redundant ASBRs, both of which announce the complete DFRT, may each also announce the default route as an S-VA prefix into the AS.
几个FIR可能会宣布相同的S-VA前缀。在这种情况下,FSR必须选择只安装其中一个。例如,两个冗余的ASBR都会宣布完整的DFRT,每个ASBR也会将默认路由作为S-VA前缀宣布到as中。
S-VA may be used to split traffic among redundant exit routers. For example, suppose in Figure 1 that EP1 and EP2 are two redundant ASBRs that announce the complete DFRT. Each may also announce two S-VA prefixes into the AS: 0/1 and 128/1. EP1 might announce 0/1 with higher preference and EP2 might announce 128/1 with higher preference. FIR1 will now install into its FIB 0/1 pointing to EP1 and 128/1 pointing to EP2. If either EP1 or EP2 were to fail, then FSR1 would switch the traffic to the other exit router with a single FIB installation of one S-VA prefix.
S-VA可用于在冗余出口路由器之间分割流量。例如,假设在图1中,EP1和EP2是两个冗余的ASBR,它们宣布完整的DFRT。每个也可以在AS中宣布两个S-VA前缀:0/1和128/1。EP1可能会以更高的首选项宣布0/1,EP2可能会以更高的首选项宣布128/1。FIR1现在将安装到指向EP1的FIB 0/1和指向EP2的128/1中。如果EP1或EP2中的任何一个失败,那么FSR1将使用一个S-VA前缀的FIB安装将流量切换到另一个出口路由器。
BGP routes may be used to resolve next-hops for static routes or other BGP routes. Because the default route does not imply reachability of any destination, a router can be configured to not resolve next-hops using the default route. In this case, S-VA should not suppress a route that may be used to resolve a next-hop for another route from installation into the RIB. It may still suppress it from installation into the FIB.
BGP路由可用于解析静态路由或其他BGP路由的下一跳。因为默认路由并不意味着任何目的地的可达性,所以可以将路由器配置为不使用默认路由解析下一跳。在这种情况下,S-VA不应抑制可用于解析从安装到肋骨的另一条路由的下一跳的路由。它仍然可能会阻止它安装到FIB中。
Selected BGP routes in the RIB may be redistributed to other protocols. If they no longer exist in the RIB, they will not be redistributed. This is especially important when the conditional redistribution is taking place based on the length of the prefix, community value, etc. In those cases where a redistribution policy is in place, S-VA implementation should refrain from suppressing installation into the RIB routes matching such policy. It may still suppress them from installation into the FIB.
RIB中选定的BGP路由可以重新分配给其他协议。如果它们不再存在于肋骨中,它们将不会被重新分配。当根据前缀长度、社区值等进行有条件的重新分配时,这一点尤为重要。在有重新分配策略的情况下,S-VA实施应避免禁止安装到与该策略匹配的RIB路由中。它仍然可能会阻止它们安装到FIB中。
A router may originate a network route or an aggregate route into BGP. Some addresses covered by such a route may not exist. If this router were to receive a packet for an unreachable address within an originated route, it must not send that packet to the VA prefix route. There are several ways to achieve this. One way is to have the FIR aggregate the routes instead of the FSR. Another way is to install a black hole route for the nonexistent addresses on the originating router. This issue is not specific to S-VA, but applicable to the general use of default routes.
路由器可以发起进入BGP的网络路由或聚合路由。这种路由覆盖的某些地址可能不存在。如果该路由器将接收一个在原始路由中不可到达地址的数据包,则它不得将该数据包发送到VA前缀路由。有几种方法可以实现这一点。一种方法是让FIR聚合路由,而不是FSR。另一种方法是为原始路由器上不存在的地址安装黑洞路由。此问题不特定于S-VA,但适用于默认路线的一般使用。
Like any aggregate, an S-VA prefix may include more address space than the sum of the prefixes it covers. As such, the S-VA prefix may provide a route for a packet for which no real destination exists. An FSR will forward such a packet to the FIR.
与任何聚合一样,S-VA前缀可能包含比其覆盖的前缀总和更多的地址空间。因此,S-VA前缀可以为不存在真实目的地的分组提供路由。FSR将把这样的数据包转发给FIR。
If an S-VA prefix changes its next-hop or is removed, then many routes may need to be downloaded into the FIB to achieve convergence.
如果S-VA前缀改变其下一跳或被删除,则可能需要将许多路由下载到FIB中以实现收敛。
The authors are not aware of any new security considerations due to S-VA. The local nature of the proposed optimization eliminates any external exposure of the functionality. The presence of more specifics that are used as VA prefixes is also a normal BGP behavior in current networks.
由于S-VA,作者没有意识到任何新的安全注意事项。建议优化的本地性质消除了功能的任何外部暴露。作为VA前缀的更多细节的存在也是当前网络中BGP的正常行为。
The concept for Virtual Aggregation comes from Paul Francis. In this document, the authors only simplified some aspects of its behavior to allow simpler adoption by some operators.
虚拟聚合的概念来自Paul Francis。在本文中,作者仅简化了其行为的某些方面,以便于某些操作员采用。
The authors would like to thank Clarence Filsfils, Nick Hilliard, S. Moonesamy, and Tom Petch for their review and valuable input.
作者要感谢Clarence Filsfils、Nick Hilliard、S.Moonesamy和Tom Petch的评论和宝贵的投入。
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, August 1996.
[RFC1997]Chandra,R.,Traina,P.,和T.Li,“BGP社区属性”,RFC 1997,1996年8月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. Pignataro, "The Generalized TTL Security Mechanism (GTSM)", RFC 5082, October 2007.
[RFC5082]Gill,V.,Heasley,J.,Meyer,D.,Savola,P.,Ed.,和C.Pignataro,“广义TTL安全机制(GTSM)”,RFC 5082,2007年10月。
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4271]Rekhter,Y.,Ed.,Li,T.,Ed.,和S.Hares,Ed.,“边境网关协议4(BGP-4)”,RFC 42712006年1月。
Authors' Addresses
作者地址
Robert Raszuk NTT MCL 101 S Ellsworth Avenue Suite 350 San Mateo, CA 94401 USA
Robert Raszuk NTT MCL 101 S Ellsworth Avenue美国加利福尼亚州圣马特奥市350号套房,邮编94401
EMail: robert@raszuk.net
EMail: robert@raszuk.net
Jakob Heitz Ericsson 300 Holger Way San Jose, CA 95134 USA
美国加利福尼亚州圣何塞霍尔格大道300号雅各布海茨爱立信95134
EMail: jakob.heitz@ericsson.com
EMail: jakob.heitz@ericsson.com
Alton Lo Arista Networks 5470 Great America Parkway Santa Clara, CA 95054 USA
Alton Lo Arista Networks 5470美国加利福尼亚州圣克拉拉大美洲公园路95054
EMail: altonlo@aristanetworks.com
EMail: altonlo@aristanetworks.com
Lixia Zhang UCLA 3713 Boelter Hall Los Angeles, CA 90095 USA
美国加利福尼亚州洛杉矶加利福尼亚大学洛杉矶分校3713 Boelter Hall Lixia Zhang 90095
EMail: lixia@cs.ucla.edu
EMail: lixia@cs.ucla.edu
Xiaohu Xu Huawei Technologies Huawei Building, No.3 Xinxi Rd., Shang-Di Information Industry Base, Hai-Dian District Beijing 100085 P.R. China
中国北京市海淀区上地信息产业基地新西路3号华为大厦Xiaohu Xu Huawei Technologies华为大厦100085
Phone: +86 10 82836073 EMail: xuxh@huawei.com
Phone: +86 10 82836073 EMail: xuxh@huawei.com