Network Working Group D. McPherson
Request for Comments: 3277 TCB
Category: Informational April 2002
Intermediate System to Intermediate System (IS-IS)
Transient Blackhole Avoidance
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document describes a simple, interoperable mechanism that can be
employed in Intermediate System to Intermediate System (IS-IS)
networks in order to decrease the data loss associated with
deterministic blackholing of packets during transient network
conditions. The mechanism proposed here requires no IS-IS protocol
changes and is completely interoperable with the existing IS-IS
specification.
1. Introduction
When an IS-IS router that was previously a transit router becomes
unavailable as a result of some transient condition such as a reboot,
other routers within the routing domain must select an alternative
path to reach destinations which have previously transited the failed
router. Presumably, the newly selected router(s) comprising the path
have been available for some time and, as a result, have complete
forwarding information bases (FIBs) which contain a full set of
reachability information for both internal and external (e.g., BGP)
destination networks.
When the previously failed router becomes available again, it is only
seconds before the paths that had previously transited the router are
again selected as the optimal path by the IGP. As a result,
forwarding tables are updated and packets are once again forwarded
along the path. Unfortunately, external destination reachability
information (e.g., learned via BGP) is not yet available to the
router, and as a result, packets bound for destinations not learned
via the IGP are unnecessarily discarded.
McPherson Informational [Page 1]
RFC 3277 IS-IS Transient Blackhole Avoidance April 2002
A simple interoperable mechanism to alleviate the offshoot associated
with this deterministic behavior is discussed below.
2. Discussion
This document describes a simple, interoperable mechanism that can be
employed in IS-IS [1, 2] networks in order to avoid transition to a
newly available path until other associated routing protocols such as
BGP have had sufficient time to converge.
The benefits of such a mechanism can be realized when considering the
following scenario depicted in Figure 1.
D.1
|
+-------+
| RtrD |
+-------+
/ \
/ \
+-------+ +-------+
| RtrB | | RtrC |
+-------+ +-------+
\ /
\ /
+-------+
| RtrA |
+-------+
|
S.1
Figure 1: Example Network Topology
Host S.1 is transmitting data to destination D.1 via a primary path
of RtrA->RtrB->RtrD. Routers A, B and C learn of reachability to
destination D.1 via BGP from RtrD. RtrA's primary path to D.1 is
selected because when calculating the path to BGP NEXT_HOP of RtrD,
the sum of the IS-IS link metrics on the RtrA-RtrB-RtrD path is less
than the sum of the metrics of the RtrA-RtrC-RtrD path.
Assume RtrB becomes unavailable and as a result the RtrC path to RtrD
is used. Once RtrA's FIB is updated and it begins forwarding packets
to RtrC, everything should behave properly as RtrC has existing
forwarding information regarding destination D.1's availability via
BGP NEXT_HOP RtrD.
McPherson Informational [Page 2]
RFC 3277 IS-IS Transient Blackhole Avoidance April 2002
Assume now that RtrB comes back online. In only a few seconds, IS-IS
neighbor state has been established with RtrA and RtrD and database
synchronization has occurred. RtrA now realizes that the best path
to destination D.1 is via RtrB, and therefore updates it FIB
appropriately. RtrA begins to forward packets destined to D.1 to
RtrB. Though, because RtrB has yet to establish and synchronize its
BGP neighbor relationship and routing information with RtrD, RtrB has
no knowledge regarding reachability of destination D.1, and therefore
discards the packets received from RtrA destined to D.1.
If RtrB were to temporarily set its LSP Overload bit while
synchronizing BGP tables with its neighbors, RtrA would continue to
use the working RtrA->RtrC->RtrD path, and the LSP should only be
used to obtain reachability to locally connected networks (rather
than for calculating transit paths through the router, as defined in
[1]).
However, it should be noted that when RtrB goes away, its LSP is
still present in the IS-IS databases of all other routers in the
routing domain. When RtrB comes back it establishes adjacencies. As
soon as its neighbors have an adjacency with RtrB, they will
advertise their new adjacency in their new LSP. The result is that
all the other routers will receive new LSPs from RtrA and RtrD
containing the RtrB adjacency, even though RtrB is still completing
its synchronization and therefore has not yet sent its new LSP.
At this time SPF is computed and everyone will include RtrB in their
tree since they will use the old version of RtrB LSP (the new one has
not yet arrived). Once RtrB has finished establishing all its
adjacencies, it will then regenerate its LSP and flood it. Then all
other routers within the domain will finally compute SPF with the
correct information. Only at that time will the Overload bit be
taken into account.
As such, it is recommended that each time a router establishes an
adjacency, it will update its LSP and flood it immediately, even
before beginning database synchronization. This will allow for the
Overload bit setting to propagate immediately, and remove the
potential for an older version of the reloaded routers LSP to be
used.
After synchronization of BGP tables with neighboring routers (or
expiry of some other timer or trigger), RtrB would generate a new
LSP, clearing the Overload bit, and RtrA could again begin using the
optimal path via RtrB.
McPherson Informational [Page 3]
RFC 3277 IS-IS Transient Blackhole Avoidance April 2002
Typically, in service provider networks IBGP connections are done via
peerings with 'loopback' addresses. As such, the newly available
router must advertise its own loopback (or similar) IP address, as
well as associated adjacencies, in order to make the loopbacks
accessible to other routers within the routing domain. It is because
of this that simply flooding an empty LSP is not sufficient.
3. Deployment Considerations
Such a mechanism increases overall network availability and allows
network operators to alleviate the deterministic blackholing behavior
introduced in this scenario. Similar mechanisms [3] have been
defined for OSPF, though only after realizing the usefulness obtained
from that of the IS-IS Overload bit technique.
This mechanism has been deployed in several large IS-IS networks for
a number of years.
Triggers for setting the Overload bit as described are left to the
implementer. Some potential triggers could perhaps include "N
seconds after booting", or "N number of BGP prefixes in the BGP Loc-
RIB".
Unlike similar mechanisms employed in [3], if the Overload bit is set
in a router's LSP, NO transit paths are calculated through the
router. As such, if no alternative paths are available to the
destination network, employing such a mechanism may actually have a
negative impact on convergence (i.e., the router maintains the only
available path to reach downstream routers, but the Overload bit
disallows other nodes in the network from calculating paths via the
router, and as such, no feasible path exists to the routers).
Finally, if all systems within an IS-IS routing domain haven't
implemented the Overload bit correctly, forwarding loops may occur.
4. Potential Alternatives
Alternatively, it may be considered more appealing to employ
something more akin to [3] for this purpose. With this model, during
transient conditions a node advertises excessively high link metrics
to serve as an indication, to other nodes in the network that paths
transiting the router are "less desirable" than existing paths.
The advantage of a metric-based mechanism over the Overload bit
mechanism model proposed here is that transit paths may still be
calculated through the router. Another advantage is that a metric-
based mechanism does not require that all nodes in the IS-IS domain
correctly implement the Overload bit.
McPherson Informational [Page 4]
RFC 3277 IS-IS Transient Blackhole Avoidance April 2002
However, as currently deployed, IS-IS provides for only 6 bits of
space for link metric allocation, and 10 bits aggregate path metric.
Though extensions proposed in [4] remove this limitation, they have
not yet been widely deployed. As such, there's currently little
flexibility when using link metrics for this purpose. Of course,
both methods proposed in this document are backwards-compatible.
5. Security Considerations
The mechanisms specified in this memo introduces no new security
issues to IS-IS.
6. Acknowledgements
The author of this document makes no claim to the originality of the
idea. Thanks to Stefano Previdi for valuable feedback on the
mechanism discussed in this document.
7. References
[1] ISO, "Intermediate system to Intermediate system routing
information exchange protocol for use in conjunction with the
Protocol for providing the Connectionless-mode Network Service
(ISO 8473)," ISO/IEC 10589:1992.
[2] Callon, R., "OSI IS-IS for IP and Dual Environment," RFC 1195,
December 1990.
[3] Retana, A., Nguyen, L., White, R., Zinin, A. and D. McPherson,
"OSPF Stub Router Advertisement", RFC 3137, June 2001.
[4] Li, T. and H. Smit, "IS-IS extensions for Traffic Engineering",
Work in Progress.
8. Author's Address
Danny McPherson
TCB
Phone: 303.470.9257
EMail: danny@tcb.net
McPherson Informational [Page 5]
RFC 3277 IS-IS Transient Blackhole Avoidance April 2002
9. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
McPherson Informational [Page 6]