ISIS Protocol Extensions for Boundary Node Discovery (BND)

This document defines extensions to IS-IS to allow a boundary node in an IS-IS routing domain to advertise its location, along with domain information. Generic capability advertisement mechanisms for IS-IS are defined in . These allow a router to advertise its capabilities within an IS-IS area or an entire IS-IS routing domain. This document leverages this generic capability advertisement mechanism to fully satisfy the dynamic BN discovery. This document defines a new sub-TLV (named the BN Discovery (BND))to be carried within the IS-IS Router Capability TLV (). The BN information advertised is detailed in . Protocol extensions and procedures are defined in and . A detailed description about the need for auto discovery of Boundary Nodes (BN) and thier domains is also provided in this document. The IS-IS extensions defined in this document allow for BN discovery within an IS-IS routing domain. Boundary Node can be an ABR or ASBR. This document defines a set of sub-TLVs that are nested within each other. When the degree of nesting TLVs is 2 (a TLV is carried within another TLV) the TLV carried within a TLV is called a sub-TLV. Strictly speaking, when the degree of nesting is 3, a sub-sub-TLV is carried within a sub-TLV that is itself carried within a TLV. For the sake of terminology simplicity, a TLV carried within another TLV is called a sub-TLV regardless of the degree of nesting.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

The following terminology is used in this document. IS-IS Area Border Router. Routers used to connect two IGP areas. Autonomous System. Autonomous System Border Router. Router used to connect together ASes of the same or different service providers via one or more inter-AS links A boundary node is either an ABR in the context of inter-area Traffic Engineering or an ASBR in the context of inter-AS Traffic Engineering. Boundary Node Discovery Backward Recursive Path Computation Any collection of network elements within a common sphere of address management or path computational responsibility. Examples of domains include Interior Gateway Protocol (IGP) areas and Autonomous Systems (ASs). Hierarchical PCE. Interior Gateway Protocol. Either of the two routing protocols, Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS). Link State Advertisement. Intermediate System to Intermediate System. Path Computation Element. An entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. Type-Length-Variable data encoding.

The BN discovery information is composed of: The BN location: an IPv4 and/or IPv6 address that is used to reach the BN. It is RECOMMENDED to use an address that is always reachable from all connected domains; The set of two or more Domain(s) into which the BN has connectivity; Changes in BN discovery information may occur as a result of BN configuration update or domain status change.

The flooding scope for BN information advertised through IS-IS can be a single L1 area, an L1 area and the L2 sub-domain, or the entire IS-IS routing domain.

BRPC procedure as defined in , requires Path Computation Element (PCE) to be aware of the BNs for the inter-domain path computation. This information would be either statically configured at PCE or learned via some mechanism, as listed in . In case of static configuration, as shown in the , incase of ISIS Backbone area(L2), configuration of BNs at PCE5 is extensive. BRPC procedure guarantees a best path only if BNs are selected correctly, any change in BNs at run time may lead to sub-optimal path. Also Administrator need to configure ABR / ASBR ID in such a way that it is reachable from all the domains, BND Tlv can take care of this automatically.

The problems with existing mechanism to discover Boundary nodes are listed in the next section.

As specified in ABR/ASBR can be identified but not their domain information. As stated in , Selection of correct BN is based on domain and thus it is ineffective. Selection of ABR/ASBR based on ISIS Database is not a good idea, first it requires PCE to look into ISIS Database thus adding to coupling, second it MAY require BGP routes to be redistributed into ISIS which is also not a good network design principle.

specifies how to advertise TE properties of inter-AS links; through which ASBR and remote AS can be discovered, but ABR and their domain information cannot be discovered via above RFC. AS is made up of multiple Area, there maybe a need to clearly identify a BN by combination of both AS number and Area-id. Refer Section 3.5 of .

To uniquely identify an ISIS L1 area, an unique area Id MUST be assigned. There is no other way to learn this information. BND can be used to advertise this information.

Section 4 of specifies each child PCE should know the identity of the domains that neighbor its own domain and advertises the same to the parent PCE. No method exist to find the neighbor domain which need to be carried in NEIG-PCE-DOMAIN Sub-TLV and BN discovery along with neighbor domain information can help in generating NEIG-PCE-DOMAIN Sub-TLV.

A simple solution would be to configure BNs [ABR and ASBR] at PCE(s) along with their domain information. As this information is fairly static this could work in simple situations. But as PCE are being used in bigger and multiple domains, any sort of static configurations would put extra effort on the system administrator. Selection of correct BNs is the core of the BRPC procedure, we feel this information should be dynamically learned and maintained.

There are methods to learn BNs dynamically from IGP, but the knowledge of neighboring-domains is not possible to obtain. Without this the correct BN based on the domain-path can't be selected. mentions: "Note that PCE(i) only considers the entry BNs of domain(i), i.e., only the BNs that provide connectivity from domain(i-1). In other words, the set BN-en(k,i) is only made of those BNs that provide connectivity from domain (i-1) to domain(i). " This selection of correct BNs providing connectivity between correct domains cannot be made by the information obtained from IGP. Without the correct selection we would not be following .

provides a standard representation of Domain Sequence in all deployment scenarios. The Domain Information carried in the BN-DOMAIN sub-tlv is same as the sub-objects inside the domain sequence.

The IS-IS BND sub-TLV contains a non-ordered set of sub-TLVs. The format of the IS-IS BND sub-TLV and its sub-TLVs is identical to the TLV format used by the Traffic Engineering Extensions to IS-IS . That is, the TLV is comprised of 1 octet for the type, 1 octet specifying the TLV length, and a value field. The Length field defines the length of the value portion in octets. The IS-IS BND sub-TLV has the following format:

The BN-ADDRESS and BN-DOMAIN sub-TLVs MUST always be present within the BND sub-TLV. Any unrecognized sub-TLV MUST be silently ignored. The BND sub-TLV is carried within an IS-IS CAPABILITY TLV defined in . The following sub-sections describe the sub-TLVs.

The BN-ADDRESS sub-TLV specifies an IP address that can be used to reach the BN. It is RECOMMENDED to make use of an address that is always reachable, provided the BN is alive and reachable. The BN-ADDRESS sub-TLV is mandatory; it MUST be present within the BND sub-TLV. It MAY appear twice, when the BN has both an IPv4 and IPv6 address. It MUST NOT appear more than once for the same address type. If it appears more than once for the same address type, only the first occurrence is processed and any others MUST be ignored. The BN-ADDRESS sub-TLV has the following format:

The BN-DOMAIN sub-TLV specifies a BN-Domain (area and/or AS) where the BN has topology connectivity. The BN-DOMAIN sub-TLV is mandatory; it MUST be present within the BND TLV. A BND sub-TLV MUST include two or more BN-DOMAIN sub-TLVs as the BN has connectivity into multiple BN-Domains. The BN-DOMAIN sub-TLV has the following format:

The Area ID is the area address as defined in . When the AS number is coded in two octets, the AS Number field MUST have its first two octets set to 0.

The BND sub-TLV is advertised within an IS-IS Router Capability TLV defined in . As such, elements of procedures are inherited from those defined in . The flooding scope is controlled by the S flag in the IS-IS Router Capability TLV (see ). When the scope of the BND sub-TLV is area local, it MUST be carried within an IS-IS Router Capability TLV having the S bit cleared. When the scope of the BND sub-TLV is the entire IS-IS routing domain, it MUST be carried within an IS-IS Router Capability TLV having the S bit set. Note that an L1L2 node may include a BND TLV in a Router Capability TLV with the S bit cleared in both in its L1 and L2 LSPs. This allows the flooding scope to be restricted to the L1 area and the L2 sub-domain. When the BN function is deactivated, the IS-IS speaker MUST originate a new IS-IS LSP that no longer includes the corresponding BND TLV. The BN address (i.e., the address indicated within the BN-ADDRESS sub-TLV) SHOULD be reachable via some prefixes advertised by IS-IS. The BND sub-TLV information regarding a specific BN is only considered current and useable when the router advertising this information is itself reachable via IS-IS calculated paths at the level of the LSP in which the BND sub-TLV appears. A change in the state of a BN (activate, deactivate, domain change) MUST result in a corresponding change in the BND sub-TLV information advertised by an IS-IS router (inserted, removed, updated) in its LSP. The way BNs determine the information they advertise, and how that information is made available to IS-IS, is out of the scope of this document. Some information may be configured and other information may be automatically determined by ISIS. A change in information in the BND sub-TLV MUST NOT trigger any SPF computation at a receiving router.

The BND TLV defined in this document does not introduce any interoperability issues. An IS-IS router not supporting the BND sub-TLV will just silently ignore the sub-TLV as specified in .

The routers acting as BNs will originate LSP with BND Tlv; As there are only few BNs exist in the network, the performance impact in flooding is very less.

IANA has defined a registry for the sub-TLVs carried in the IS-IS Router Capability TLV defined in . IANA has assigned a new sub-TLV codepoint for the BND sub-TLV carried within the Router Capability TLV.

This document defines IS-IS extensions for BN discovery within an administrative domain. Hence the security of the BN discovery relies on the security of IS-IS. Mechanisms defined to ensure authenticity and integrity of IS-IS LSPs and their TLVs, can be used to secure the BND sub-TLV as well. IS-IS provides no encryption mechanism for protecting the privacy of LSPs and, in particular, the privacy of the BN discovery information.

TBD

We would like to thank Quintin Zhao, Daniel King, Adrian Ferral, Suresh babu, Pradeep Shastry, Saravana Kumar and Srinivasan for their useful comments and suggestions.