Host Router Support for OSPFv2Arrcuskeyur@arrcus.comPPE Consultingpadma.ietf@gmail.comCisco Systems170 W. Tasman DriveSan JoseCA95134United States of Americamanbhard@cisco.comCisco Systems170 W. Tasman DriveSan JoseCA95134United States of Americaserpil@cisco.comnon-transit
The Open Shortest Path First Version 2 (OSPFv2) protocol does not
have a mechanism for a node to repel transit traffic if it is on the
shortest path. This document defines a bit called the Host-bit (H-bit). This bit enables a
router to advertise that it is a non-transit router. This document also
describes the changes needed to support the H-bit in the domain. In
addition, this document updates RFC 6987 to advertise Type 2 External
and Not-So-Stubby Area (NSSA) Link State Advertisements (LSAs)
(RFC 3101) with a high cost in order to repel traffic effectively.Introduction
The OSPFv2 protocol specifies a Shortest Path First (SPF) algorithm
that identifies transit vertices based on their adjacencies.
Therefore, OSPFv2 does not have a mechanism to prevent traffic
transiting a participating node if it is a transit vertex in the only
existing or shortest path to the destination. The use of metrics to
make the node undesirable can help to repel traffic only if an
alternative better route exists.
A mechanism to move traffic away from the shortest path is
particularly useful for a number of use cases:
Graceful isolation of a router, to avoid blackhole scenarios when
there is a reload and possible long reconvergence times.
Closet switches that are not usually used for transit traffic but need
to participate in the topology.
Overloaded routers that could use such a capability to temporarily
repel traffic until they stabilize.
BGP route reflectors, known as virtual Route Reflectors,
that are not in the forwarding path but are in central locations
such as data centers. Such route reflectors are typically used
for route distribution and are not capable of forwarding transit
traffic. However, they need to learn the OSPF topology to
perform SPF computation for optimal routes and reachability
resolution for their clients
.
This document describes the functionality provided by the Host-bit (H-bit);
this functionality prevents other OSPFv2 routers from using the host router by excluding
it in path calculations for transit traffic in OSPFv2 routing
domains. If the H-bit is set, then the calculation of the
shortest-path tree for an area, as described in , is
modified by including a check to verify that transit vertices DO NOT
have the H-bit set (see ). Furthermore, in order to repel
traffic effectively, this document updates so that Type 2 External and Not-So-Stubby Area (NSSA)
Link State Advertisements (LSAs)
are advertised with a high cost (see ). OSPFv3 defines an
option bit, known as the R-bit, for router-LSAs; the H-bit supports similar functionality.Requirements LanguageThe key words "MUST", "MUST NOT",
"REQUIRED", "SHALL",
"SHALL NOT", "SHOULD",
"SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document
are to be interpreted as described in BCP 14
when, and only
when, they appear in all capitals, as shown here.Host-Bit Support
This document defines a new router-LSA bit, known as the Host-bit or
the H-bit. An OSPFv2 router advertising a router-LSA with the H-bit
set indicates that it MUST NOT be used as a transit router (see
) by other OSPFv2 routers in the
area that support the H-bit functionality.
If the H-bit is not set, then backward compatibility is achieved, as
the behavior will be the same as in .Bit H is the high-order bit of the OSPF flags, as shown below.
When the H-bit is set, the OSPFv2 router is a host (non-transit)
router and is incapable of forwarding transit traffic. In this mode,
the other OSPFv2 routers in the area MUST NOT use the host router for
transit traffic but may send traffic to its local destinations.
An OSPFv2 router originating a router-LSA with the H-bit set MUST
advertise all its non-stub links with a link cost of MaxLinkMetric
.
When the H-bit is set, an Area Border Router (ABR) MUST advertise the
same H-bit setting in its self-originated router-LSAs for all
attached areas. The consistency of the setting will prevent
inter&nbhy;area traffic transiting through the router by suppressing
advertisements of prefixes from other routers in the area in its
summary-LSAs. Only IPv4 prefixes associated with its local
interfaces MUST be advertised in summary-LSAs to provide reachability
to end hosts attached to a router with the H-bit set.
When the H-bit is set, the host router cannot act as an Autonomous System
Border Router (ASBR). Indeed, ASBRs are transit routers to prefixes that are
typically imported through redistribution of prefixes from other
routing protocols. Therefore, non-local IPv4 prefixes, e.g., those
imported from other routing protocols, SHOULD NOT be advertised in
AS-external-LSAs if the H-bit is set. Some use cases, such as an
overloaded router or a router being gracefully isolated, may benefit
from continued advertisements of non-local prefixes. In these cases,
the Type 2 metric in AS-external-LSAs MUST be set to
LSInfinity to
repel traffic (see of this document).SPF Modifications
The SPF calculation described in is
modified to ensure that the routers originating router-LSAs with the
H-bit set will not be used for transit traffic. Step (2) is
modified to include a check on the H-bit, as shown below. (Please note
that all of the sub-procedures of Step (2) remain unchanged and are not included in
the excerpt below.)
(2)
Call the vertex just added to the
tree "vertex V". Examine the LSA
associated with vertex V. This is
a lookup in Area A's link state
database based on the Vertex ID. If
this is a router-LSA, and the H-bit
of the router-LSA is set, and
vertex V is not the root, then the
router should not be used for transit
and Step (3) should be executed
immediately. If this is a router-LSA
and bit V of the router-LSA (see
Appendix A.4.2) is set, set Area A's
TransitCapability to TRUE. In any case,
each link described by the LSA gives
the cost to an adjacent vertex. For
each described link (say it joins
vertex V to vertex W):
Autodiscovery and Backward Compatibility
To reduce the possibility of any routing loops due to partial
deployment, this document defines an OSPF Router Information (RI) LSA
capability bit . See
().
The RI LSA MUST be area-scoped.
Autodiscovery via announcement of the OSPF Host Router capability
()
ensures that the H-bit functionality and its associated SPF changes
MUST only take effect if all the routers in a given OSPF area support
this functionality.
In normal operation, it is possible that the RI LSA will fail to
reach all routers in an area in a timely manner. For example, if a
new router without H-bit support joins an area that previously had
only H-bit-capable routers with the H-bit set, then it may take some time
for the RI LSA to propagate to all routers. While it is propagating, the
routers in the area will gradually detect the presence of a router
that does not support the capability and will revert back to the normal SPF
calculation. During the propagation time, the area as a whole is
unsure of the status of the new router; this type of situation can cause temporary
transient loops.
The following recommendations will mitigate transient routing loops:
Implementations are RECOMMENDED to provide a configuration
parameter to manually override enforcement of the H-bit
functionality in partial deployments where the topology guarantees
that OSPFv2 routers not supporting the H-bit do not compute routes
resulting in routing loops.
All routers with the H-bit set MUST advertise all of the router's
non-stub links with a metric equal to MaxLinkMetric in
its LSAs in order to prevent OSPFv2 routers (unless a last-resort path)
that do not support the H-bit from attempting to use the non-stub links for transit
traffic.
All routers supporting the H-bit MUST check the RI LSAs of all
nodes in the area to verify that all nodes support the H-bit
before actively using the H-bit feature. If any router does not
advertise the OSPF Host Router capability (), then the SPF
modifications described in MUST NOT be used in the area.
OSPF AS-External-LSAs / NSSA-LSAs with Type 2 Metrics
When calculating the path to a prefix in an OSPF AS-external-LSA or
NSSA-LSA with a Type 2 metric, the advertised Type 2 metric
is taken as more significant than the OSPF intra-area or inter-area
path. Hence, advertising the links with MaxLinkMetric as specified
in does not discourage transit
traffic when calculating AS-external or NSSA routes with Type 2 metrics.
Consequently, this document updates so that the Type 2 metric in any
self-originated AS-external-LSAs or NSSA-LSAs is advertised as
LSInfinity-1 .
If the H-bit is set, then the Type 2 metric
MUST be set to LSInfinity.IANA Considerations
IANA has registered the following value in the
"OSPFv2 Router Properties Registry".
H-Bit
Value
Description
Reference
0x80
Host (H-bit)
RFC 8770
IANA has registered the following in the "OSPF Router
Informational Capability Bits" registry.
OSPF Host Router Capability Bit
Bit Number
Capability Name
Reference
7
OSPF Host Router
RFC 8770
Security Considerations
This document introduces the H-bit, which is a capability feature that
restricts the use of a router for transit, while only its local
destinations are reachable. This is a subset of the operations of a
normal router and therefore should not introduce new security
considerations beyond those already known in OSPFv2 . The
feature introduces the advertisement of host router capability
information to all OSPFv2 routers in an area. This information can
be leveraged for discovery and verification that all routers in the
area support the capability before the feature is turned on. In the
event that a rogue or buggy router incorrectly advertises its
capability, possible scenarios are as follows:
The router does not have the capability but sends the H-bit set in
its LSAs. In this case, a routing loop is possible.
However, this is mitigated by the fact that this router should be
avoided anyway. Moreover, the link metrics cost (MaxLinkMetric)
of this router will mitigate this situation. In any case, a
router advertising the H-bit capability without its link metrics cost
equal to MaxLinkMetric could be a rogue
router and should be avoided.
The router has the capability but sends the H-bit clear in its
LSAs. In this case, the router merely prevents the support of other
H-bit routers in the area and prevents all the routers from running the modified
SPF. Any impacts are also mitigated in this scenario, as other H-bit routers in the
area also advertise the MaxLinkMetric cost, so they will still be
avoided unless they are the last&nbhy;resort path.
The rogue router is on the only transit path for some destinations
and sends the H-bit set (for no good/valid reason) in its LSAs, and
effectively partitions the network. This case is indistinguishable
from the normal case where an operator may consciously decide to
set the H-bit to perform maintenance on a router that is on the
only transit path. The OSPF protocol will continue to function
within the partitioned domains.
ReferencesNormative ReferencesInformative ReferencesBGP Optimal Route Reflection (BGP-ORR)Acknowledgements
The authors would like to acknowledge for discovering
the limitation in , and , , , , and for their comments.