Advertising Per-node Admin Tags in BGP Link-State Advertisements

Advertising Per-node Administrative Tags in Link State protocols like IS-IS and OSPF allows adding an optional operational capability, that allows tagging and grouping of the nodes in a IGP domain. This, among other applications, allows simple management and easy control over route and path selection, based on local configured policies. However per-node administrative tags advertised in IGP advertisements let network operators associate nodes within a single AS (if not a single area). This limits the use of such per-node administrative tags and applications that need to associate a subset of network devices spanning across multiple AS with a specific functionality cannot use them. To address the need for applications that require visibility into LSDB across IGP areas, or even across ASes, the BGP-LS address-family/sub-address-family have been defined that allows BGP to carry LSDB information. The BGP Network Layer Reachability Information (NLRI) encoding format for BGP-LS and a new BGP Path Attribute called BGP-LS attribute are defined in . The identifying key of each LSDB object, namely a node, a link or a prefix, is encoded in the NLRI and the properties of the object are encoded in the BGP-LS attribute. describes a typical deployment scenario. In each IGP area, one or more nodes are configured with BGP-LS. These BGP speakers form an IBGP mesh by connecting to one or more route-reflectors. This way, all BGP speakers - specifically the route-reflectors - obtain LSDB information from all IGP areas (and from other ASes from EBGP peers). An external component connects to the route-reflector to obtain this information (perhaps moderated by a policy regarding what information is sent to the external component, and what information isn't).

+------------+ | Consumer | +------------+ ^ | v +-------------------+ | BGP Speaker | +-----------+ | (Route-Reflector) | | Consumer | +-------------------+ +-----------+ ^ ^ ^ ^ | | | | +---------------+ | +-------------------+ | | | | | v v v v +-----------+ +-----------+ +-----------+ | BGP | | BGP | | BGP | | Speaker | | Speaker | . . . | Speaker | +-----------+ +-----------+ +-----------+ ^ ^ ^ | | | IGP IGP IGP For the purpose of advertising per-node administrative tags within BGP Link-State advertisements, a new Node Attribute TLV to be carried in the corresponding BGP-LS Node NLRI is proposed. For more details on the Node Attribute TLVs please refer to section 3.3.1 in

An administrative Tag is a 32-bit integer value that can be used to identify a group of nodes in the entire routing domain. The new sub-TLV specifies one or more administrative tag values. A BGP Link-State speaker that also participates in the IGP link state advertisements exchange may learn one or more per-node administrative tags advertised by another router in the same IGP domain. Such BGP-LS speaker shall encode the same set of per-node administrative tags in the corresponding Node Attribute TLV representing the network device that originated the per-node administrative tags. The per-node administrative tags advertised in IGP link state advertisements will have either per-area(or levels in IS-IS)scope or 'global' scope. Operator may choose to a set of per-node administrative tags across areas (or levels in IS-IS) and another advertise set of per-node administrative tags within the specific area (or level). But evidently two areas within the same AS or two different may use the same per-node administrative tag for different purposes. In such case applications will need to distinguish between the per-area(or level) scoped administrative tags originated from a specific node against those originated from the same node with 'global' scope. A BGP-LS router in a given AS while copying the per-node administrative tags learnt from IGP link-state advertisements, MUST also copy the scope associated with the per-node administrative tags. Refer to for how to encode the associated scope of a per-node administrative tags as well. To be able to distinguish between the significance of a per-area(or level) administrative tag learnt in one area, from that advertised in another area, or another AS, any applications receiving such a BGP-LS advertisements MUST consider the scope associated with each per-node administrative tag with 'per-area (or per-level) along with the area(or level in IS-IS) associated with corresponding IGP link state advertisement and the AS number associated with the originating node. The area(or level) associated with corresponding IGP link state advertisement and the AS number associated with the originating node can be derived from appropriate node attributes (already defined in BGP-LS) attached with the corresponding Node NLRI.

The BGP-LS NLRI can be a node NLRI, a link NLRI or a prefix NLRI. The corresponding BGP-LS attribute is a node attribute, a link attribute or a prefix attribute. BGP-LS defines the TLVs that map link-state information to BGP-LS NLRI and BGP-LS attribute. This document adds an new Node Attribute TLV called 'Node Admin Tag TLV' to encode per-node administrative tags information. defines the 'Per-node Admin Tag' sub-TLV in the Router Capability TLV (type 242) in IS-IS Link State PDUs to encode per-node administrative tags. Similarly defines the 'Per-node Administrative Tag' TLV in OSPF Router Information LSAs to encode per-node administrative tags in OSPF Link State update packets. The per-node administrative tags TLVs learnt from the IGP link state advertisements of a specific node will all be inserted in a new Node Admin Tag TLV and added to the corresponding Node are mapped to the corresponding BGP-LS Node NLRI. Per-node administrative tags from IGP advertisements are mapped to the corresponding Node Admin Tag TLV in the following way. TLV Code Point Description Length IS-IS TLV/sub-TLV OSPF LSA/TLV TBD Node Admin Tag TLV Variable 242/TBD RI-LSA/TBD

The new Node Administrative Tag TLV, like other BGP-LS Node Attribute TLVs, is formatted as Type/Length/Value (TLV)triplets. below shows the format of the new TLV.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Administrative Tag #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type : A 2-octet field specifiying code-point of the new sub-TLV type. Code-point: TBA (suggested 1040) Length: A 2-octet field that indicates the length of the value portion in octets and will be a multiple of 4 octets dependent on the number of tags advertised. Value: A 2-octet 'Flags' field, followed by a sequence of multiple 4 octets defining the administrative tags. Flags: A 2-octet field that carries flags associated with all the administrative flags encoded in this TLV. Following is the format of this field. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |L| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The following bit flags are defined: L bit : If the L bit is set (1), it signifies that all administrative flags encoded in this TLV has per-area(or level in IS-IS) scope, and should not be mixed with ones with same value but with 'global' scope (L bit reset to 0). This new type of 'Node Admin Tag' TLVs can ONLY be added to the Node Attribute associated with the Node NLRI that originates the corresponding per-node administrative tags in IGP domain. All the per-node administrative tags with 'per-area' (or per-level) scope, originated by a single node in IGP domain SHALL be re-originated in a single 'Node Admin Tag' TLV and inserted in the Node NLRI generated for the same node. Similarly, all the per-node administrative tags with 'global' scope originated by the same node in IGP domain SHALL be re-originated in another 'Node Admin Tag' TLV and inserted in the same Node NLRI generated for the originating node. Multiple instances of a TLV may be generated by the BGP-lS router for a given node in the IGP domain. This MAY happen if the original node's link state advertisement carries more than 16383 per-node administrative groups and a single TLV does not provide sufficient space. As such multiple occurence of the 'Node Admin Tag' TLVs under a single BGP LS NLRI is cumulative. While copying per-node administrative tags from IGP link-state advertisements to corresponding BGP-LS advertisements, the said BGP-LS speaker MAY run all the per-node administrative flags through a locally configured policy that selects which ones should be exported and which ones not. And then the per-node administrative tag is copied to the BGP-LS advertisement if it is permitted to do so by the said policy.

Meaning of the Per-node administrative tags is generally opaque to BGP Link-State protocol. Router advertising the per-node administrative tag (or tags) may be configured to do so without knowing (or even explicitly supporting) functionality implied by the tag. Interpretation of tag values is specific to the administrative domain of a particular network operator. The meaning of a per-node administrative tag is defined by the network local policy and is controlled via the configuration. However multiple administrative domain owners may agree on a common meaning implied by a administrative tag for mutual benefit. The semantics of the tag order has no meaning. There is no implied meaning to the ordering of the tags that indicates a certain operation or set of operations that need to be performed based on the ordering. Each tag SHOULD be treated as an independent identifier that MAY be used in policy to perform a policy action. Per-node administrative tags carried by the Node Admin Tag TLV SHOULD be used to indicate a independent characteristics of the node in IGP domain that originated it. The TLV SHOULD be considered as an unordered list. Whilst policies may be implemented based on the presence of multiple tags (e.g., if tag A AND tag B are present), they MUST NOT be reliant upon the order of the tags (i.e., all policies should be considered commutative operations, such that tag A preceding or following tag B does not change their outcome). For more details on guidance on usage of per-node administrative tags please refer to section 4 in .

and present some applications of node administrative tags. The policy-based Explicit routing use case can be extended to inter-area or inter-AS scenarios where an end to end path needs to avoid or include nodes that have particular properties. Following are some examples. Geopolitical routing : preventing traffic from country A to country B to cross country C. In this case, we may use node administrative tags to encode geographical information (country). Path computation will be required to take into account node administrative tag to permit avoidance of nodes belonging to country C. Legacy node avoidance : in some specific cases, it is interesting for service-provider to force some traffic to avoid legacy nodes in the network. For example, legacy nodes may not be carrier class (no high availability), and service provider wants to ensure that critical traffic only uses nodes that are providing high availability. In case of inter-AS Traffic-Engineering applications, different ASes SHOULD share their admin tag policies. They MAY also need to agree upon some common tagging policy for specific applications. For more details on some possible applications with per-node administrative tags please refer to section 5 in .

This document requests assigning code-points from the registry for BGP-LS attribute TLVs based on table .

This section is structured as recommended in .

Existing BGP and BGP-LS operational procedures apply. No new operation procedures are defined in this document.

This section contains the global table of all TLVs/Sub-TLVs defined in this document. TLV Code Point Description Length 1040 Node Admin Tag variable

Procedures and protocol extensions defined in this document do not affect the BGP security model. See the 'Security Considerations' section of for a discussion of BGP security. Also refer to and for analysis of security issues for BGP.

TBD.