Cisco Systems, Inc.

India ketant.ietf@gmail.com

Cisco Systems, Inc.

Apollo Business Center Mlynske nivy 43 Bratislava 821 09 Slovakia ppsenak@cisco.com

AT&T Labs

United States of America hugh.johnston@att.com

rtg lsr IGP OSPF This document specifies the extensions to OSPF that enable a router to use Link-Local Signaling (LLS) to signal the metric that receiving OSPF neighbor(s) should use for a link to the signaling router. When used on the link to the signaling router, the signaling of this reverse metric (RM) allows a router to influence the amount of traffic flowing towards itself. In certain use cases, this enables routers to maintain symmetric metrics on both sides of a link between them.

Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

Table of Contents

• .  Introduction
  • .  Requirements Language
• .  Use Cases
  • .  Link Maintenance
  • .  Adaptive Metric Signaling
• .  Solution
• .  LLS Reverse Metric TLV
• .  LLS Reverse TE Metric TLV
• .  Procedures
• .  Operational Guidelines
• .  Backward Compatibility
• .  IANA Considerations
• . Security Considerations
• . References
  • .  Normative References
  • .  Informative References
• Acknowledgements
• Authors' Addresses

Introduction A router running the OSPFv2 or OSPFv3 routing protocols originates a Router-LSA (Link State Advertisement) that describes all its links to its neighbors and includes a metric that indicates its "cost" to reach the neighbor over that link. Consider two routers, R1 and R2, that are connected via a link. In the direction R1->R2, the metric for this link is configured on R1. In the direction R2->R1, the metric for this link is configured on R2. Thus, the configuration on R1 influences the traffic that it forwards towards R2, but does not influence the traffic that it may receive from R2 on that same link. This document describes certain use cases where a router is required to signal what we call the "reverse metric" (RM) to its neighbor to adjust the routing metric in the inbound direction. When R1 signals its RM on its link to R2, R2 advertises this value as its metric to R1 in its Router-LSA instead of its locally configured value. Once this information is part of the topology, all other routers do their computation using this value. This may result in the desired change in the traffic distribution that R1 wanted to achieve towards itself over the link from R2. This document describes extensions to OSPF LLS to signal OSPF RMs. specifies the LLS Reverse Metric TLV and specifies the LLS Reverse TE Metric TLV. The related procedures are specified in .

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Use Cases This section describes certain use cases that are addressed by the OSPF RM. The usage of the OSPF RM need not be limited to these cases; it is intended to be a generic mechanism.

Reference Dual Hub-and-Spoke Topology Core Network ^ ^ | | V v +----------+ +----------+ | AGGR1 | | AGGR2 | +----------+ +----------+ ^ ^ ^ ^ | | | | | +-----------+ | | | | | | +--------+ | | v v v v +-----------+ +-----------+ | R1 | | RN | | Router | ... | Router | +-----------+ +-----------+

Consider a deployment scenario, such as the one shown in , where routers R1 through RN are dual-home connected to AGGR1 and AGGR2 that are aggregating their traffic towards a core network.

Link Maintenance Before network maintenance events are performed on individual links, operators substantially increase (to maximum value) the OSPF metric simultaneously on both routers attached to the same link. In doing so, the routers generate new Router LSAs that are flooded throughout the network and cause all routers to shift traffic onto alternate paths (where available) with limited disruption (depending on the network topology) to in-flight communications by applications or end users. When performed successfully, this allows the operator to perform disruptive augmentation, fault diagnosis, or repairs on a link in a production network. In deployments such as a hub-and-spoke topology (as shown in ), it is quite common to have routers with several hundred interfaces and individual interfaces that move anywhere from several hundred gigabits to terabits per second of traffic. The challenge in such conditions is that the operator must accurately identify the same point-to-point (P2P) link on two separate devices to increase (and afterward decrease) the OSPF metric appropriately and to do so in a coordinated manner. When considering maintenance for PE-CE links when many Customer Edge (CE) routers connect to a Provider Edge (PE) router, an additional challenge related to coordinating access to the CE routers may arise when the CEs are not managed by the provider. The OSPF RM mechanism helps address these challenges. The operator can set the link on one of the routers (generally the hub, like AGGR1 or a PE) to a "maintenance mode". This causes the router to advertise the maximum metric for that link and to signal its neighbor on the same link to advertise maximum metric via the reverse metric signaling mechanism. Once the link maintenance is completed and the "maintenance mode" is turned off, the router returns to using its provisioned metric for the link and stops the signaling of RM on that link, resulting in its neighbor also reverting to its provisioned metric for that link.

Adaptive Metric Signaling In , consider that at some point in time (T), AGGR1 loses some of its capacity towards the core. This may result in a congestion issue towards the core on AGGR1 that it needs to mitigate by redirecting some of its traffic load to transit via AGGR2, which is not experiencing a similar issue. Altering its link metric towards the R1-RN routers would influence the traffic from the core towards R1-RN, but not the other way around as desired. In such a scenario, the AGGR1 router could signal an incremental OSPF RM to some or all the R1-RN routers. When the R1-RN routers add this signaled RM offset to the provisioned metric on their links towards AGGR1, the path via AGGR2 becomes a better path. This causes traffic towards the core to be diverted away from AGGR1. Note that the RM mechanism allows such adaptive metric changes to be applied on the AGGR1 as opposed to being provisioned on a possibly large number of R1-RN routers. The RM mechanism may be similarly applied between spine and leaf nodes in a Clos network topology deployment.

Solution To address the use cases described earlier and to allow an OSPF router to indicate its RM for a specific link to its neighbor(s), this document proposes to extend OSPF link-local signaling to signal the Reverse Metric TLV in OSPF Hello packets. This ensures that the RM signaling is scoped only to a specific link. The router continues to include the Reverse Metric TLV in its Hello packets on the link for as long as it needs its neighbor to use that metric value towards itself. Further details of the procedures involved are specified in . The RM mechanism specified in this document applies only to P2P, Point-to-Multipoint (P2MP), and hybrid-broadcast-P2MP () links. It is not applicable for broadcast or Non-Broadcast Multi-Access (NBMA) links since the same objective is achieved there using the OSPF Two-Part Metric mechanism for OSPFv2. The OSPFv3 solution for broadcast or NBMA links is outside the scope of this document.

LLS Reverse Metric TLV The Reverse Metric TLV is a new LLS TLV. It has following format:

Reverse Metric TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MTID | Flags |O|H| Reverse Metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

where:

Type:

19

Length:

4 octets

MTID:

The multi-topology identifier of the link ().

Flags:

1 octet. The following flags are defined currently and the rest MUST be set to 0 on transmission and ignored on reception:

H (0x1):

Indicates that the neighbor should use the value only if it is higher than its provisioned metric value for the link.

O (0x2):

Indicates that the RM value provided is an offset that is to be added to the provisioned metric.

Reverse Metric:

Unsigned integer of 2 octets that carries the value or offset of RM to replace or be added to the provisioned link metric.

LLS Reverse TE Metric TLV The Reverse TE Metric TLV is a new LLS TLV. It has the following format:

Reverse TE Metric TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |O|H| RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reverse TE Metric | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

where:

Type:

20

Length:

4 octets

Flags:

1 octet. The following flags are defined currently and the rest MUST be set to 0 on transmission and ignored on reception:

H (0x1):

Indicates that the neighbor should use the value only if it is higher than its provisioned TE metric value for the link.

O (0x2):

Indicates that the reverse TE metric value provided is an offset that is to be added to the provisioned TE metric.

RESERVED:

24-bit field. MUST be set to 0 on transmission and MUST be ignored on receipt.

Reverse TE Metric:

Unsigned integer of 4 octets that carries the value or offset of reverse traffic engineering metric to replace or to be added to the provisioned TE metric of the link.

Procedures When a router needs to signal an RM value that its neighbor(s) should use for a link towards the router, it includes the Reverse Metric TLV in the LLS block of its Hello packets sent on that link and continues to include this TLV for as long as the router needs its neighbor to use this value. The mechanisms used to determine the value to be used for the RM is specific to the implementation and use case, and is outside the scope of this document. For example, the RM value may be derived based on the router's link bandwidth with respect to a reference bandwidth. A router receiving a Hello packet from its neighbor that contains the Reverse Metric TLV on a link MUST use the RM value to derive the metric for the link to the advertising router in its Router-LSA when the RM feature is enabled (refer to for details on enablement of RM). When the O flag is set, the metric value to be advertised is derived by adding the value in the TLV to the provisioned metric for the link. The metric value 0xffff (maximum interface cost) is advertised when the sum exceeds the maximum interface cost. When the O flag is clear, the metric value to be advertised is copied directly from the value in the TLV. When the H flag is set and the O flag is clear, the metric value to be advertised is copied directly from the value in the TLV only when the RM value signaled is higher than the provisioned metric for the link. The H and O flags are mutually exclusive; the H flag is ignored when the O flag is set. A router stops including the Reverse Metric TLV in its Hello packets when it needs its neighbors to go back to using their own provisioned metric values. When this happens, a router that has modified its metric in response to receiving a Reverse Metric TLV from its neighbor MUST revert to using its provisioned metric value. In certain scenarios, two or more routers may start the RM signaling on the same link. This could create collision scenarios. The following guidelines are RECOMMENDED for adoption to ensure that there is no instability in the network due to churn in their metric caused by the signaling of RM:

• The RM value that is signaled by a router to its neighbor should not be derived from the RM being signaled by any of its neighbors on any of its links.
• The RM value that is signaled by a router to its neighbor should not be derived from the RM being signaled by any of its neighbors on any of its links. RM signaling from other routers can affect the router's metric advertised in its Router-LSA. When deriving the RM values that a router signals to its neighbors, it should use its provisioned local metric values not influenced by any RM signaling.

Based on these guidelines, a router would not start, stop, or change its RM signaling based on the RM signaling initiated by some other routers. Based on the local configuration policy, each router would end up accepting the RM value signaled by its neighbor and there would be no churn of metrics on the link or the network on account of RM signaling. In certain use cases when symmetrical metrics are desired (e.g., when metrics are derived based on link bandwidth), the RM signaling can be enabled on routers on either end of a link. In other use cases (as described in ), RM signaling may need to be enabled only on the router at one end of a link. When using multi-topology routing with OSPF , a router MAY include multiple instances of the Reverse Metric TLV in the LLS block of its Hello packet (one for each of the topologies for which it desires to signal the RM). A router MUST NOT include more than one instance of this TLV per MTID. If more than a single instance of this TLV per MTID is present, the receiving router MUST only use the value from the first instance and ignore the others. In certain scenarios, the OSPF router may also require the modification of the TE metric being advertised by its neighbor router towards itself in the inbound direction. Using similar procedures to those described above, the Reverse TE Metric TLV MAY be used to signal the reverse TE metric for router links. The neighbor MUST use the reverse TE metric value to derive the TE metric advertised in the TE Metric sub-TLV of the Link TLV in its TE Opaque LSA when the reverse metric feature is enabled (refer for details on enablement of RM). The rules for doing so are analogous to those given above for the Router-LSA.

Operational Guidelines The signaled RM does not alter the OSPF metric parameters stored in a receiving router's persistent provisioning database. Routers that receive an RM advertisement SHOULD log an event to notify system administration. This will assist in rapidly identifying the node in the network that is advertising an OSPF metric or TE metric different from what is configured locally on the device. When the link TE metric is raised to the maximum value, either due to the RM mechanism or by explicit user configuration, this SHOULD immediately trigger the CSPF (Constrained Shortest Path First) recalculation to move the TE traffic away from that link. An implementation MUST NOT signal RM to neighbors by default and MUST provide a configuration option to enable the signaling of RM on specific links. An implementation MUST NOT accept the RM from its neighbors by default. An implementation MAY provide configuration to accept the RM globally on the device, or per area, but an implementation MUST support configuration to enable/disable acceptance of the RM from neighbors on specific links. This is to safeguard against inadvertent use of RM. For the use case in , it is RECOMMENDED that the network operator limit the period of enablement of the reverse metric mechanism to be only the duration of a network maintenance window. specifies the base OSPF YANG data model. The required configuration and operational elements for this feature are expected to be introduced as an augmentation to this base OSPF YANG data model.

Backward Compatibility The signaling specified in this document happens at a link-local level between routers on that link. A router that does not support this specification would ignore the Reverse Metric and Reverse TE Metric LLS TLVs and not update its metric(s) in the other LSAs. As a result, the behavior would be the same as prior to this specification. Therefore, there are no backward compatibility related issues or considerations that need to be taken care of when implementing this specification.

IANA Considerations IANA has registered code points from the "Link Local Signalling TLV Identifiers (LLS Types)" registry in the "Open Shortest Path First (OSPF) Link Local Signalling (LLS) - Type/Length/Value Identifiers (TLV)" registry group for the TLVs introduced in this document as follows:

• 19 - Reverse Metric TLV
• 20 - Reverse TE Metric TLV

Security Considerations The security considerations for "OSPF Link-Local Signaling" also apply to the extension described in this document. The purpose of using the reverse metric TLVs is to alter the metrics used by routers on the link and influence the flow and routing of traffic over the network. Hence, modification of the Reverse Metric and Reverse TE Metric TLVs may result in traffic being misrouted. If authentication is being used in the OSPFv2 routing domain , then the Cryptographic Authentication TLV MUST also be used to protect the contents of the LLS block. A router that is misbehaving or misconfigured may end up signaling varying values of RMs or toggle the state of RM. This can result in a neighbor router having to frequently update its Router LSA, causing network churn and instability despite existing OSPF protocol mechanisms (e.g., MinLSInterval, and ). It is RECOMMENDED that implementations support the detection of frequent changes in RM signaling and ignore the RM (i.e., revert to using their provisioned metric value) during such conditions. The reception of malformed LLS TLVs or sub-TLVs SHOULD be logged, but such logging MUST be rate-limited to prevent Denial of Service (DoS) attacks.

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This memo documents version 2 of the OSPF protocol. OSPF is a link- state routing protocol. [STANDARDS-TRACK] This document describes extensions to the OSPF protocol version 2 to support intra-area Traffic Engineering (TE), using Opaque Link State Advertisements. This document describes the modifications to OSPF to support version 6 of the Internet Protocol (IPv6). The fundamental mechanisms of OSPF (flooding, Designated Router (DR) election, area support, Short Path First (SPF) calculations, etc.) remain unchanged. However, some changes have been necessary, either due to changes in protocol semantics between IPv4 and IPv6, or simply to handle the increased address size of IPv6. These modifications will necessitate incrementing the protocol version from version 2 to version 3. OSPF for IPv6 is also referred to as OSPF version 3 (OSPFv3). Changes between OSPF for IPv4, OSPF Version 2, and OSPF for IPv6 as described herein include the following. Addressing semantics have been removed from OSPF packets and the basic Link State Advertisements (LSAs). New LSAs have been created to carry IPv6 addresses and prefixes. OSPF now runs on a per-link basis rather than on a per-IP-subnet basis. Flooding scope for LSAs has been generalized. Authentication has been removed from the OSPF protocol and instead relies on IPv6's Authentication Header and Encapsulating Security Payload (ESP). Even with larger IPv6 addresses, most packets in OSPF for IPv6 are almost as compact as those in OSPF for IPv4. Most fields and packet- size limitations present in OSPF for IPv4 have been relaxed. In addition, option handling has been made more flexible. All of OSPF for IPv4's optional capabilities, including demand circuit support and Not-So-Stubby Areas (NSSAs), are also supported in OSPF for IPv6. [STANDARDS-TRACK] OSPF is a link-state intra-domain routing protocol. OSPF routers exchange information on a link using packets that follow a well-defined fixed format. The format is not flexible enough to enable new features that need to exchange arbitrary data. This document describes a backward-compatible technique to perform link-local signaling, i.e., exchange arbitrary data on a link. This document replaces the experimental specification published in RFC 4813 to bring it on the Standards Track. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References The Bell System Technical Journal, Vol. 32, Issue 2 This document describes an extension to Open Shortest Path First (OSPF) in order to define independent IP topologies called Multi- Topologies (MTs). The Multi-Topologies extension can be used for computing different paths for unicast traffic, multicast traffic, different classes of service based on flexible criteria, or an in- band network management topology. An optional extension to exclude selected links from the default topology is also described. [STANDARDS-TRACK] This document describes how the National Institute of Standards and Technology (NIST) Secure Hash Standard family of algorithms can be used with OSPF version 2's built-in, cryptographic authentication mechanism. This updates, but does not supercede, the cryptographic authentication mechanism specified in RFC 2328. [STANDARDS-TRACK] This document describes a mechanism to model a broadcast network as a hybrid of broadcast and point-to-multipoint networks for purposes of OSPF operation. Neighbor discovery and maintenance as well as Link State Advertisement (LSA) database synchronization are performed using the broadcast model, but the network is represented using the point-to-multipoint model in the router-LSAs of the routers connected to it. This allows an accurate representation of the cost of communication between different routers on the network, while maintaining the network efficiency of broadcast operation. This approach is relatively simple and requires minimal changes to OSPF. This document updates both OSPFv2 (RFC 2328) and OSPFv3 (RFC 5340). [STANDARDS-TRACK] The current OSPFv2 cryptographic authentication mechanism as defined in RFCs 2328 and 5709 is vulnerable to both inter-session and intra- session replay attacks when using manual keying. Additionally, the existing cryptographic authentication mechanism does not cover the IP header. This omission can be exploited to carry out various types of attacks. This document defines changes to the authentication sequence number mechanism that will protect OSPFv2 from both inter-session and intra- session replay attacks when using manual keys for securing OSPFv2 protocol packets. Additionally, we also describe some changes in the cryptographic hash computation that will eliminate attacks resulting from OSPFv2 not protecting the IP header. This document specifies an optional OSPF protocol extension to represent router metrics in a multi-access network in two parts: the metric from the router to the network and the metric from the network to the router. For such networks, the router-to-router metric for OSPF route computation is the sum of the two parts. This document updates RFC 2328. This document defines a standard algorithm to temporarily postpone or "back off" link-state IGP Shortest Path First (SPF) computations. This reduces the computational load and churn on IGP nodes when multiple temporally close network events trigger multiple SPF computations. Having one standard algorithm improves interoperability by reducing the probability and/or duration of transient forwarding loops during the IGP convergence when the IGP reacts to multiple temporally close IGP events. This document describes a mechanism to allow IS-IS routing to quickly and accurately shift traffic away from either a point-to-point or multi-access LAN interface during network maintenance or other operational events. This is accomplished by signaling adjacent IS-IS neighbors with a higher reverse metric, i.e., the metric towards the signaling IS-IS router. This document defines a YANG data model that can be used to configure and manage OSPF. The model is based on YANG 1.1 as defined in RFC 7950 and conforms to the Network Management Datastore Architecture (NMDA) as described in RFC 8342.

Acknowledgements The authors would like to thank:

• for his contributions to the use cases and the review of the solution.
• , , , , , and for their review and feedback.
• for a detailed shepherd's review and comments.
• for his detailed AD review and suggestions for improvement.

The document leverages the concept of RM for IS-IS, its related use cases, and applicability aspects from .

Authors' Addresses Cisco Systems, Inc.

India ketant.ietf@gmail.com

Cisco Systems, Inc.

Apollo Business Center Mlynske nivy 43 Bratislava 821 09 Slovakia ppsenak@cisco.com

AT&T Labs

United States of America hugh.johnston@att.com