Network Working Group H. Chen Internet-Draft Futurewei Intended status: Standards Track W. Cheng Expires: 4 August 2024 China Mobile A. Wang China Telecom G. Mishra Verizon Inc. Y. Fan Casa Systems X. Liu Alef Edge 1 February 2024 IGP Extensions for Intra-Domain SAV draft-chen-savnet-lsr-intra-02 Abstract This document specifies extensions to OSPF and IS-IS for Source Address Validation in Intra-domain. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 4 August 2024. Chen, et al. Expires 4 August 2024 [Page 1] Internet-Draft IGP for Intra SAV February 2024 Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Overview of Intra-Domain SAV . . . . . . . . . . . . . . . . 3 2.1. SAV Table and its Usage . . . . . . . . . . . . . . . . . 3 2.2. Intra-Area SAV . . . . . . . . . . . . . . . . . . . . . 4 2.3. Inter-Area SAV . . . . . . . . . . . . . . . . . . . . . 5 3. Extensions to IGP . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Extensions to OSPFv2 . . . . . . . . . . . . . . . . . . 6 3.1.1. Indicating Prefixes to be Validated . . . . . . . . . 7 3.1.2. Path Cost from Prefix to ABR . . . . . . . . . . . . 7 3.2. Extensions to OSPFv3 . . . . . . . . . . . . . . . . . . 7 3.2.1. Indicating Prefixes to be Validated . . . . . . . . . 7 3.2.2. Path Cost from Prefix to ABR . . . . . . . . . . . . 8 3.3. Extensions to IS-IS . . . . . . . . . . . . . . . . . . . 8 3.3.1. Indicating Prefixes to be Validated . . . . . . . . . 8 3.3.2. Path Cost from Prefix to ABR . . . . . . . . . . . . 8 4. Security Considerations . . . . . . . . . . . . . . . . . . . 9 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5.1. OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.3. IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.1. Normative References . . . . . . . . . . . . . . . . . . 10 7.2. Informative References . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction Requirements for intra-domain Source Address Validation (SAV) Mechanisms are described in [I-D.ietf-savnet-intra-domain-problem-statement]. The most important requirements include: Chen, et al. Expires 4 August 2024 [Page 2] Internet-Draft IGP for Intra SAV February 2024 * Accurate Validation, * Fast Convergence of SAV table/rules on dynamic routing changes, and * Backward Compatible (i.e., Working in Incremental/Partial Deployment). This document proposes IGP (i.e., OSPF and IS-IS) extensions for Intra-Domain SAV to meet these requirements. 2. Overview of Intra-Domain SAV This section briefs SAV table and its usage, and then introduces one area (i.e., intra-area) SAV and multiple areas (i.e., inter-area) SAV. 2.1. SAV Table and its Usage Every node (i.e., IGP control plane on the node) in a Autonomous System (AS) builds and maintains its own Source Address Validation (SAV) Table based on its Link-State Database (LSDB). The format of a SAV table is shown in Figure 1. +==========+============+ +===========+================+ |Source |Incoming | |Destination|Outgoing | |Prefix |Interface | |Prefix |Interface | +==========+============+ +===========+================+ |S-prefix-1|Interface-a | |D-prefix-1 |Out-interface-a | +----------+------------+ +-----------+----------------+ ==> |S-prefix-2|Interface-b | ==> |D-prefix-2 |Out-interface-b | ==> ^ +----------+------------+ ^ +-----------+----------------+ ^ | ... | ... | | +----------+------------+ | +-----------+----------------+ | | |S-prefix-n|Interface-x | | |D-prefix-n |Out-interface-x | | | +----------+------------+ | +-----------+----------------+ | | Format of SAV Table | FIB | | | | Packet in forward Packet Packet out if source address and receiving interface of Packet in SAV Table Figure 1: Format of SAV Table and FIB When there is a shortest path from source prefix S-prefix-i to a destination through node N and interface Interface-j of node N, the SAV table of node N has a row containing S-prefix-i as Source Prefix and Interface-j as Incoming Interface. For example, the first row in Chen, et al. Expires 4 August 2024 [Page 3] Internet-Draft IGP for Intra SAV February 2024 the SAV table of node N contains S-prefix-1 as Source Address and Interface-a as Incoming Interface. This row indicates that there is a shortest path from S-prefix-1 to a destination through node N and Interface-a of node N. The SAV table is sent to the data plane and used to validate the source address of a packet. When receiving a packet from an interface, the node validates the packet using its SAV table. If the source address of the packet and the receiving/incoming interface are in the SAV table (i.e., there is one row in the SAV table containing the source address and the receiving/incoming interface), the packet is forwarded according to the FIB and destination address of the packet as shown in the figure; otherwise (i.e., there is no row in the SAV table containing the source address and the receiving/incoming interface), the packet is blocked or dropped. 2.2. Intra-Area SAV This section introduces a method for a node to build its SAV table in a special case where an AS has only one area or SAV is for only one area. When every routing/forwarding path in an AS is symmetric (i.e., every path has the same cost in both directions), every node in the AS builds and maintains its SAV table using its RIB/FIB. The node can determine whether every path is symmetric by checking its LSDB. If every link in its LSDB is symmetric (i.e., has the same metric or cost in both directions), then every path is symmetric; otherwise (i.e., there is an asymmetric link, its metric/cost in one direction is different from the one in the other/reverse direction), there are some asymmetric paths. The node builds its SAV table using the RIB/FIB by including a row in its SAV table for each prefix with a next hop interface in its RIB/ FIB. The row contains the prefix and the interface in the Source Prefix and Incoming Interface columns respectively. When there is a routing/forwarding path which is not symmetric, every node X builds its SAV table in the following steps: 1. Builds reverse shortest path tree (RSPT). Node X computes/builds a shortest path tree from node X to the other nodes using the link metric or cost of each link in the reverse direction. Chen, et al. Expires 4 August 2024 [Page 4] Internet-Draft IGP for Intra SAV February 2024 2. Builds reverse routing table (RRT) using RSPT. When node X finds a shortest path from node X to node Y with a next hop interface in its RSPT, node X adds an entry for each prefix attached to Y into its RRT. The entry has the prefix as the destination and the next hop interface as the next hop. 3. Builds SAV table using RRT. Node X includes a row in its SAV table for each prefix with a next hop interface in its RRT. The row contains the prefix and the interface in the Source Prefix and Incoming Interface columns respectively. There are a few options below for the scope of the prefixes to be validated. Option 1: The prefixes attached to every node. Option 2: The prefixes attached to each ASBR and ABR. Option 3: The prefixes indicated/configured on any node. The method above builds the SAV table for option 1. For option 2, we consider only ASBR and ABR Y in step 2. Thus the RRT contains only the prefixes attached to ASBRs and ABRs. So does the SAV table. For option 3, we consider only the prefixes attached to node Y and indicated/configured by node Y in step 2. Thus the RRT contains only these prefixes. So does the SAV table. 2.3. Inter-Area SAV This section introduces a method for a node to build its SAV table in a general case where an AS has multiple areas and SAV is for all the areas. The method is based on the one described in Section 2.2. For any area A, every node X in A builds its SAV table using the following steps: 1. Gets area shortest path tree (ASPT). The ASPT is a tree from node X as root to all the other nodes in area A. If every link in area A is symmetric, the ASPT is the SPT built by node X for its RIB, which is reused; otherwise (i.e., there is asymmetric link in area A), the ASPT is a RSPT from node X as root to all the other nodes in area A. Node X computes/builds the RSPT as described in Section 2.2. Chen, et al. Expires 4 August 2024 [Page 5] Internet-Draft IGP for Intra SAV February 2024 2. Extends ASPT. For each leaf node L of ASPT, node X attaches node L of ASPT every prefix of node L if the cost from the prefix to L is minimal. If every link in area A is symmetric and every path between any ABR and a summary prefix/address from the ABR is symmetric, the extended ASPT is the SPT with the prefixes of each node in area A built by node X for its RIB, which is reused. 3. Builds reverse routing table (RRT) using extended ASPT. When node X finds a shortest path from node X to node Y with a next hop interface in its extended ASPT, node X adds an entry for each prefix attached to Y into its RRT. The entry has the prefix as the destination and the next hop interface as the next hop. 4. Builds SAV table using RRT. Node X includes a row in its SAV table for each prefix with a next hop interface in its RRT. The row contains the prefix and the interface in the Source Prefix and Incoming Interface columns respectively. The method above builds the SAV table for option 1. For option 2, we consider only ASBR and ABR Y in step 3. Thus the RRT contains only the prefixes attached to ASBRs and ABRs. So does the SAV table. For option 3, we consider only the prefixes attached to node Y and indicated/configured by node Y in step 3. Thus the RRT contains only these prefixes. So does the SAV table. 3. Extensions to IGP This section describes extensions to OSPFv2, OSPFv3 and IS-IS for SAV. The extensions include: * A new S-Flag (SAV Prefix Flag) of 1 bit indicating a prefix to be validated when option 3 described in Section 2.2 is selected. * A new Sub-TLV, called Reverse Cost to Prefix Sub-TLV, for ABR to advertise the cost of the shortest path from the prefix to the ABR when the path between the ABR and the prefix is not symmetric (i.e., the cost of the shortest path from the ABR to the prefix is different from that of the path from the prefix to the ABR). 3.1. Extensions to OSPFv2 Chen, et al. Expires 4 August 2024 [Page 6] Internet-Draft IGP for Intra SAV February 2024 3.1.1. Indicating Prefixes to be Validated [RFC7684] defines the OSPFv2 Extended Prefix TLV to advertise additional attributes associated with the prefix. A new flag of one bit in Flags field of the TLV is defined below: 0x20 - S-Flag (SAV Prefix Flag): Set when the prefix is configured for SAV (i.e., to be validated as a Source Address of a packet). 3.1.2. Path Cost from Prefix to ABR [RFC7684] defines the OSPFv2 Extended Prefix TLV. A new OSPFv2 Reverse Cost to Prefix Sub-TLV is defined to be included in this TLV with Route Type 3 (Inter-Area). It has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (TBD1) | Length (4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cost from Prefix to ABR | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: OSPFv2 Reverse Cost to Prefix Sub-TLV 3.2. Extensions to OSPFv3 3.2.1. Indicating Prefixes to be Validated [RFC8362] defines Intra-Area-Prefix TLV and External-Prefix TLV to advertise additional attributes associated with the prefix. A new Sub-TLV called Prefix Attribute Flags Sub-TLV is defined to be included in these two TLVs. It has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (TBD2) | Length (4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Prefix Attribute Flags |S| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: OSPFv3 Prefix Attribute Flags Sub-TLV One flag of 1-bit in Prefix Attribute Flags field is defined below: 0x01 - S-Flag (SAV Prefix Flag): Set when the prefix is configured Chen, et al. Expires 4 August 2024 [Page 7] Internet-Draft IGP for Intra SAV February 2024 for SAV (i.e., to be validated as a Source Address of a packet). 3.2.2. Path Cost from Prefix to ABR [RFC8362] defines the Intra-Area-Prefix TLV. A new OSPFv3 Reverse Cost to Prefix Sub-TLV is defined to be included in this TLV. It has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (TBD3) | Length (4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cost from Prefix to ABR | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: OSPFv3 Reverse Cost to Prefix Sub-TLV 3.3. Extensions to IS-IS 3.3.1. Indicating Prefixes to be Validated [RFC7794] defines the Prefix Attribute Flags Sub-TLV to advertise additional IPv4 and IPv6 prefix attributes in TLV 135 (Extended IP Reachability), 235 (MT IP Reach), 236 (IPv6 IP Reach) and 237 (MT IPv6 IP Reach). A new one bit flag in the Sub-TLV is defined below: Bit 5 - SAV Prefix Flag (S-flag): Set when the prefix is configured for SAV (i.e., to be validated as a Source Address of a packet). 3.3.2. Path Cost from Prefix to ABR A new IS-IS Reverse Cost to Prefix Sub-TLV is defined for an ABR (i. e., level 2/1 router) to include it in TLV 135, 235, 236 and 237 for the prefix. It has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (TBD4) | Length (4) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cost from Prefix to ABR | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: IS-IS Reverse Cost to Prefix Sub-TLV Chen, et al. Expires 4 August 2024 [Page 8] Internet-Draft IGP for Intra SAV February 2024 4. Security Considerations TBD. 5. IANA Considerations 5.1. OSPFv2 Under "OSPFv2 Extended Prefix TLV Flags registry", IANA is requested to assign a codepoint for SAV Prefix Flag as follows: +=======+==========================+=============+ | Value | Description |Reference | +=======+==========================+=============+ | 0x10 | S-Flag (SAV Prefix Flag) |This document| +-------+--------------------------+-------------+ Under "OSPFv2 Extended Prefix TLV Sub-TLVs registry" as defined in [RFC7684], IANA is requested to assign a registry value for Link Number Sub-TLV as follows: +===========+=========================+==================+ | Value | Description | Reference | +===========+=========================+==================+ | TBD1 | Reverse Cost to Prefix | This document | +-----------+-------------------------+------------------+ 5.2. OSPFv3 Under "OSPFv3 Extended-LSA Sub-TLVs registry" as defined in [RFC8362], IANA is requested to assign a registry value for Reverse Cost to Prefix Sub-TLV as follows: +===========+=========================+==================+ | Value | Description | Reference | +===========+=========================+==================+ | TBD2 | Prefix Attribute Flags | This document | +-----------+-------------------------+------------------+ | TBD3 | Reverse Cost to Prefix | This document | +-----------+-------------------------+------------------+ 5.3. IS-IS Under "IS-IS Bit Values for Prefix Attribute Flags Sub-TLV", IANA is requested to assign a codepoint for SAV Prefix Flag as follows: Chen, et al. Expires 4 August 2024 [Page 9] Internet-Draft IGP for Intra SAV February 2024 +=====+========================+=============+ |Bit #|Name |Reference | +=====+========================+=============+ | 5 |SAV Prefix Flag (S-flag)|This document| +-----+------------------------+-------------+ Under "IS-IS Sub-TLVs for TLVs Advertising Prefix Reachability", IANA is requested to assign a codepoint for Reverse Cost to Prefix Sub-TLV as follows: +===========================+==+===+===+===+===+===+===+=============+ |Type|Description |27|126|127|135|235|236|237|reference | +====+======================+==+===+===+===+===+===+===+=============+ |TBD3|Reverse Cost to Prefix|n | n | n | y | y | y | y |This document| +----+----------------------+--+---+---+---+---+---+---+-------------+ 6. Acknowledgements The authors would like to thank Joel Halpern for the valuable comments and suggestions on this draft.. 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/RFC2328, April 1998, . [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs)", RFC 5120, DOI 10.17487/RFC5120, February 2008, . [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", RFC 5226, DOI 10.17487/RFC5226, May 2008, . [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic Engineering", RFC 5305, DOI 10.17487/RFC5305, October 2008, . Chen, et al. Expires 4 August 2024 [Page 10] Internet-Draft IGP for Intra SAV February 2024 [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 2015, . [RFC7794] Ginsberg, L., Ed., Decraene, B., Previdi, S., Xu, X., and U. Chunduri, "IS-IS Prefix Attributes for Extended IPv4 and IPv6 Reachability", RFC 7794, DOI 10.17487/RFC7794, March 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and F. Baker, "OSPFv3 Link State Advertisement (LSA) Extensibility", RFC 8362, DOI 10.17487/RFC8362, April 2018, . 7.2. Informative References [I-D.ietf-savnet-intra-domain-problem-statement] Li, D., Wu, J., Qin, L., Huang, M., and N. Geng, "Source Address Validation in Intra-domain Networks Gap Analysis, Problem Statement, and Requirements", Work in Progress, Internet-Draft, draft-ietf-savnet-intra-domain-problem- statement-02, 17 August 2023, . [RFC5250] Berger, L., Bryskin, I., Zinin, A., and R. Coltun, "The OSPF Opaque LSA Option", RFC 5250, DOI 10.17487/RFC5250, July 2008, . Authors' Addresses Huaimo Chen Futurewei Boston, MA, United States of America Email: hchen.ietf@gmail.com Weiqiang Cheng China Mobile China Email: chengweiqiang@chinamobile.com Chen, et al. Expires 4 August 2024 [Page 11] Internet-Draft IGP for Intra SAV February 2024 Aijun Wang China Telecom Beiqijia Town, Changping District Beijing 102209 China Email: wangaj3@chinatelecom.cn Gyan S. Mishra Verizon Inc. 13101 Columbia Pike Silver Spring, MD 20904 United States of America Phone: 301 502-1347 Email: gyan.s.mishra@verizon.com Yanhe Fan Casa Systems United States of America Email: yfan@casa-systems.com Xufeng Liu Alef Edge United States of America Email: xufeng.liu.ietf@gmail.com Chen, et al. Expires 4 August 2024 [Page 12]