<?xml version="1.0"encoding="US-ASCII"?> <!-- This template is for creating an Internet Draft using xml2rfc, which is available here: http://xml.resource.org. -->encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd"> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <!-- used by XSLT processors --> <!-- For a complete list and description of processing instructions (PIs), please see http://xml.resource.org/authoring/README.html. --> <!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use. (Here they are set differently than their defaults in xml2rfc v1.32) --> <?rfc strict="yes" ?> <!-- give errors regarding ID-nits and DTD validation --> <!-- control the table of contents (ToC) --> <?rfc toc="yes"?> <!-- generate a ToC --> <?rfc tocdepth="4"?> <!-- the number of levels of subsections in ToC. default: 3 --> <!-- control references --> <?rfc symrefs="yes"?> <!-- use symbolic references tags, i.e, [RFC2119] instead of [1] --> <?rfc sortrefs="yes" ?> <!-- sort the reference entries alphabetically --> <!-- control vertical white space (using these PIs as follows is recommended by the RFC Editor) --> <?rfc compact="yes" ?> <!-- do not start each main section on a new page --> <?rfc subcompact="no" ?> <!-- keep one blank line between list items --> <!-- end of list of popular I-D processing instructions -->"rfc2629-xhtml.ent"> <rfccategory="std"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-lsr-isis-invalid-tlv-03" number="8918" ipr="trust200902" updates="53056232">6232" obsoletes="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 2.47.0 --> <front> <titleabbrev="draft-ietf-lsr-isis-invalid-tlv">Invalidabbrev="Invalid TLV Handling in IS-IS">Invalid TLV Handling in IS-IS</title> <seriesInfo name="RFC" value="8918"/> <author fullname="Les Ginsberg" initials="L." surname="Ginsberg"> <organization>Cisco Systems</organization> <address> <email>ginsberg@cisco.com</email> </address> </author> <author fullname="Paul Wells" initials="P." surname="Wells"> <organization>Cisco Systems</organization> <address> <postal> <street/> <city/> <region/> <code/> <country/> </postal> <phone/><facsimile/><email>pauwells@cisco.com</email> <uri/> </address> </author> <author fullname="Tony Li" initials="T" surname="Li"> <organization>Arista Networks</organization> <address> <postal> <street>5453 Great America Parkway</street> <city>Santa Clara</city><region>California</region><region>CA</region> <code>95054</code><country>USA</country><country>United States of America</country> </postal> <phone/><facsimile/><email>tony.li@tony.li</email> <uri/> </address> </author> <author fullname="Tony Przygienda" initials="T" surname="Przygienda"> <organization>Juniper Networks, Inc.</organization> <address> <postal> <street>1194 N. Matilda Ave</street> <city>Sunnyvale</city><region>California</region><region>CA</region> <code>94089</code><country>USA</country><country>United States of America</country> </postal> <phone/><facsimile/><email>prz@juniper.net</email> <uri/> </address> </author> <author fullname="Shraddha Hegde" initials="S" surname="Hegde"> <organization>Juniper Networks, Inc.</organization> <address> <postal> <street>Embassy Business Park</street> <city>Bangalore</city> <region>KA</region> <code>560093</code> <country>India</country> </postal> <phone/><facsimile/><email>shraddha@juniper.net</email> <uri/> </address> </author> <dateyear="2020"/>year="2020" month="September"/> <area>Routing</area> <workgroup>LSR Working Group</workgroup><keyword>Internet-Draft</keyword><keyword>TLV</keyword> <keyword>IS-IS</keyword> <abstract><t>Key<t>The key to the extensibility of the Intermediate System to Intermediate System (IS-IS) protocol has been the handling of unsupported and/or invalidType/Length/ValueType-Length-Value (TLV) tuples. Although there are explicit statements in existing specifications, deployment experience has shown that there are inconsistencies in the behavior when a TLVwhichthat is disallowed in a particular Protocol Data Unit (PDU) is received.</t> <t>This document discusses such cases and makes the correct behavior explicit in order to ensure that interoperability is maximized.</t> <t>This document updatesRFC5305RFCs 5305 andRFC6232.</t>6232.</t> </abstract><note title="Requirements Language"> <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </note></front> <middle> <sectiontitle="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>The Intermediate System to Intermediate System (IS-IS) protocol <xreftarget="ISO10589"/>target="ISO10589" format="default"/> utilizesType/Length/ValueType-Length-Value (TLV) encoding for all content in the body of Protocol Data Units (PDUs). New extensions to the protocol are supported by defining new TLVs. In order to allow protocol extensions to be deployed in a backwards compatiblewayway, an implementation is required to ignore TLVs that it does not understand. This behavior is also applied to sub-TLVs <xreftarget="RFC5305"/>,target="RFC5305" format="default"/>, which are contained within TLVs.</t> <t>Also essential to the correct operation of the protocol is having the validation of PDUs be independent from the validation of the TLVs contained in the PDU. PDUswhichthat are valid must be accepted <xreftarget="ISO10589"/>target="ISO10589" format="default"/> even if an individual TLV contained within that PDU is not understood or is invalid in some way (e.g., incorrect syntax, data value out of range, etc.).</t> <t>The set of TLVs (and sub-TLVs)whichthat are allowed in each PDU type is documented in theTLV"TLV CodepointsRegistryRegistry" established by <xreftarget="RFC3563"/>target="RFC3563" format="default"/> and updated by <xreftarget="RFC6233"/>target="RFC6233" format="default"/> and <xreftarget="RFC7356"/>.</t>target="RFC7356" format="default"/>.</t> <t>This document is intended to clarify some aspects of existing specificationsand therebyand, thereby, reduce the occurrence of non-conformant behavior seen inreal worldreal-world deployments. Although behaviors specified in existing protocol specifications are not changed, the clarifications contained in this document serve as updates toRFC 5305<xref target="RFC5305"/> (seeSection 3.3)<xref target="app-sub-tlv" format="default"/>) andRFC 6232<xref target="RFC6232" format="default"/> (seeSection 3.4).</t><xref target="correct-poi"/>).</t> <section numbered="true" toc="default"> <name>Requirements Language</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </section> </section> <sectiontitle="TLVnumbered="true" toc="default"> <name>TLV CodepointsRegistry">Registry</name> <t><xreftarget="RFC3563"/>target="RFC3563" format="default"/> established the IANA-managedIS-IS"IS-IS TLV CodepointsRegistryRegistry" for recording assigned TLVcode pointscodepoints <xreftarget="TLV_CODEPOINTS"/>.target="TLV_CODEPOINTS" format="default"/>. The initial contents of this registry were based on <xreftarget="RFC3359"/>.</t>target="RFC3359" format="default"/>.</t> <t>The registry includes a set of columns indicating in which PDU types a given TLV is allowed:</t><t>IIH - TLV<dl newline="false" spacing="normal" indent="8"> <dt>IIH</dt> <dd>TLV is allowed in Intermediate System to Intermediate System Hello (IIH) PDUs (Point-to-point andLAN)</t> <t>LSP - TLVLAN)</dd> <dt>LSP</dt> <dd>TLV is allowed in Link State PDUs(LSP)</t> <t>SNP - TLV(LSPs)</dd> <dt>SNP</dt> <dd>TLV is allowed in Sequence Number PDUs(SNP)(SNPs) (Partial Sequence Number PDUs(PSNP)(PSNPs) and Complete Sequence NumberPDUS (CSNP))</t> <t>Purge - TLVPDUs (CSNPs))</dd> <dt>Purge</dt> <dd>TLV is allowed in LSP Purges <xreftarget="RFC6233"/></t>target="RFC6233" format="default"/></dd> </dl> <t>If "Y" is entered in acolumncolumn, it means the TLV is allowed in the corresponding PDU type.</t> <t>If "N" is entered in acolumncolumn, it means the TLV is not allowed in the corresponding PDU type.</t> </section> <section anchor="TLV-Acceptance"title="TLVnumbered="true" toc="default"> <name>TLV Acceptance inPDUs ">PDUs</name> <t>This section describes the correct behavior when a PDUis received whichthat contains a TLVwhichthat is specified as disallowed in theTLV"TLV CodepointsRegistry.</t>Registry" is received.</t> <sectiontitle="Handlingnumbered="true" toc="default"> <name>Handling of Disallowed TLVs in Received PDUsother thanOther Than LSPPurges">Purges</name> <t><xreftarget="ISO10589"/>target="ISO10589" format="default"/> defines the behavior required when a PDU is received containing a TLVwhichthat is "not recognised". It states (see Sections 9.5 - 9.13):</t><t><figure> <artwork><![CDATA[ "Any<blockquote> Any codes in a received PDU that are not recognised shall beignored."]]></artwork> </figure></t>ignored. </blockquote> <t>This is the model to be followed when a TLV that isreceived whichdisallowed isdisallowed. Thereforereceived. Therefore, TLVs in a PDU (other than LSP purges)whichthat are disallowedMUST<bcp14>MUST</bcp14> be ignored andMUST NOT<bcp14>MUST NOT</bcp14> cause the PDU itself to be rejected by the receiving IS.</t> </section> <sectiontitle="Specialnumbered="true" toc="default"> <name>Special Handling of Disallowed TLVs in Received LSPPurges">Purges</name> <t>When purging LSPs, <xreftarget="ISO10589"/>target="ISO10589" format="default"/> recommends (but does not require) the body of the LSP (i.e., all TLVs) be removed before generating the purge. LSP purgeswhichthat have TLVs in the body areacceptedaccepted, though any TLVswhichthat are present are ignored.</t> <t>When cryptographic authentication <xreftarget="RFC5304"/>target="RFC5304" format="default"/> was introduced, this looseness when processing received purges had to be addressed in order to prevent attackers from being able to initiate a purge without having access to the authentication key. Therefore, <xreftarget="RFC5304"/> thereforetarget="RFC5304" format="default"/> imposed strict requirements on what TLVs were allowed in a purge (authentication only) and specified that:</t><t><figure> <artwork><![CDATA[ "ISes MUST NOT<blockquote> ISes <bcp14>MUST NOT</bcp14> accept purges that contain TLVs other than the authenticationTLV".]]></artwork> </figure></t>TLV. </blockquote> <t>This behavior was extended by <xreftarget="RFC6232"/>target="RFC6232" format="default"/>, which introduced the Purge Originator Identification (POI)TLVTLV, and <xreftarget="RFC6233"/>target="RFC6233" format="default"/>, which added the "Purge" column to theTLV"TLV CodepointsregistryRegistry" to identify all the TLVswhichthat are allowed in purges.</t> <t>The behavior specified in <xreftarget="RFC5304"/>target="RFC5304" format="default"/> is not backwards compatible with the behavior defined by <xreftarget="ISO10589"/> and thereforetarget="ISO10589" format="default"/>; therefore, it can only be safely enabled when all nodes support cryptographic authentication. Similarly, the extensions defined by <xreftarget="RFC6232"/>target="RFC6232" format="default"/> are not compatible with the behavior defined in <xreftarget="RFC5304"/>, thereforetarget="RFC5304" format="default"/>; therefore, they can only be safely enabled when all nodes support the extensions.</t> <t>When new protocol behaviors are specified that are not backwards compatible, it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that implementations provide controls for their enablement. This serves to prevent interoperability issues and allow for non-disruptive introduction of the new functionality into an existing network.</t> </section> <sectiontitle="Applicabilityanchor="app-sub-tlv" numbered="true" toc="default"> <name>Applicability tosub-TLVs">Sub-TLVs</name> <t><xreftarget="RFC5305"/>target="RFC5305" format="default"/> introduced sub-TLVs, which are TLV tuples advertised within the body of a parent TLV. Registries associated with sub-TLVs are associated with theTLV"TLV CodepointsRegistryRegistry" and specify in which TLVs a given sub-TLV is allowed.Section 2 of<xreftarget="RFC5305"/>target="RFC5305" sectionFormat="of" section="2"/> is updated by the following sentence:</t><t><figure> <artwork><![CDATA[ "As<blockquote> As with TLVs, it is required that sub-TLVswhichthat are disallowedMUST<bcp14>MUST</bcp14> be ignored onreceipt.".]]></artwork> </figure></t>receipt. </blockquote> <t>The existing sentence inSection 2 of<xreftarget="RFC5305"/> :</t> <t><figure> <artwork><![CDATA[ "Unknowntarget="RFC5305" sectionFormat="of" section="2"/>:</t> <blockquote> Unknown sub-TLVs are to be ignored and skipped uponreceipt."]]></artwork> </figure></t>receipt. </blockquote> <t>is replaced by:</t><t><figure> <artwork><![CDATA[ "Unknown<blockquote> Unknown sub-TLVsMUST<bcp14>MUST</bcp14> be ignored and skipped uponreceipt."]]></artwork> </figure></t>receipt. </blockquote> </section> <sectiontitle="Correctionanchor="correct-poi" numbered="true" toc="default"> <name>Correction to POITLV Registry Entry">"TLV Codepoints Registry" Entry</name> <t>An error was introduced by <xreftarget="RFC6232"/>target="RFC6232" format="default"/> when specifying in which PDUs the POI TLV is allowed.Section 3 of<xreftarget="RFC6232"/> stated:</t> <t><figure> <artwork><![CDATA[ "Thetarget="RFC6232" sectionFormat="of" section="3"/> states:</t> <blockquote> The POI TLVSHOULD<bcp14>SHOULD</bcp14> be found in all purges andMUST NOT<bcp14>MUST NOT</bcp14> be found in LSPs with a non-zero RemainingLifetime."]]></artwork> </figure></t>Lifetime. </blockquote> <t>However, the IANA section of the same documentstated:</t> <t><figure> <artwork><![CDATA[ "Thestates:</t> <blockquote> The additional values for this TLV should be IIH:n, LSP:y, SNP:n, andPurge:y."]]></artwork> </figure></t>Purge:y. </blockquote> <t>The correct setting for "LSP" is "n". This document updates <xreftarget="RFC6232"/>target="RFC6232" format="default"/> by correcting that error.</t> <t>This document also updates the previously quoted text fromSection 3 of<xreftarget="RFC6232"/>target="RFC6232" sectionFormat="of" section="3"/> to be:</t><t><figure> <artwork><![CDATA[ "The<blockquote> The POI TLVSHOULD<bcp14>SHOULD</bcp14> be sent in all purges andMUST NOT<bcp14>MUST NOT</bcp14> be sent in LSPs with a non-zero RemainingLifetime."]]></artwork> </figure></t>Lifetime. </blockquote> </section> </section> <section anchor="LSP_ACCEPTANCE"title="TLVnumbered="true" toc="default"> <name>TLV Validation and LSPAcceptance ">Acceptance</name> <t>The correct format of a TLV and its associated sub-TLVs, if applicable,areis defined in the document(s)which introducethat introduces each codepoint. The definitionMUST<bcp14>MUST</bcp14> include what action to take when the format/content of the TLV does not conform to the specification (e.g.,"MUST"<bcp14>MUST</bcp14> be ignored on receipt"). When making use of the information encoded in a given TLV (orsub-TLV)sub-TLV), receiving nodesMUST<bcp14>MUST</bcp14> verify that the TLV conforms to the standard definition. This includes cases where the length of a TLV/sub-TLV is incorrect and/or cases where the value field does not conform to the defined restrictions.</t> <t>However, the unit of flooding for the IS-IS Update process is an LSP. The presence of a TLV (or sub-TLV) with contentwhichthat does not conform to the relevant specificationMUST NOT<bcp14>MUST NOT</bcp14> cause the LSP itself to be rejected. Failure to follow this requirement will result in inconsistent LSP Databases on different nodes in the networkwhichthat will compromise the correct operation of the protocol.</t> <t>LSP Acceptance rules are specified in <xreftarget="ISO10589"/> .target="ISO10589" format="default"/>. Acceptance rules for LSP purges are extended by <xreftarget="RFC5304"/> <xref target="RFC5310">target="RFC5304" format="default"/> and</xref><xref target="RFC5310" format="default"/> and are further extended by <xreftarget="RFC6233"/>.</t>target="RFC6233" format="default"/>.</t> <t><xreftarget="ISO10589"/>target="ISO10589" format="default"/> also specifies the behavior when an LSP is not accepted. This behavior isNOT*not* altered by extensions to the LSP Acceptancerulesrules, i.e., regardless of the reason for the rejection of anLSPLSP, the Update process on the receiving router takes the same action.</t> </section> <section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>IANAis requested to addhas added this document as a reference for theTLV"TLV CodepointsRegistry.</t>Registry".</t> <t>IANAishas alsorequested to modifymodified the entry for the Purge Originator Identification TLV in theTLV"TLV CodepointsRegistryRegistry" tobe:</t> <t>IIH:n,be IIH:n, LSP:n, SNP:n, and Purge:y.</t> <t>The reference fieldshould beof the Purge Originator Identification TLV has been updated to point to this document.</t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>As this document makes no changes to theprotocolprotocol, there are no new security issues introduced.</t> <t>The clarifications discussed in this document are intended to make it less likely that implementations will incorrectly process received LSPs, thereby also making it less likely that a bad actor could exploit a faulty implementation.</t> <t>Security concerns for IS-IS are discussed in <xreftarget="ISO10589"/>,target="ISO10589" format="default"/>, <xreftarget="RFC5304"/>,target="RFC5304" format="default"/>, and <xreftarget="RFC5310"/>.</t> </section> <section anchor="Acknowledgements" title="Acknowledgements"> <t>The authors would like to thank Alvaro Retana.</t> <!---->target="RFC5310" format="default"/>.</t> </section> </middle> <back><references title="Normative References"><references> <name>References</name> <references> <name>Normative References</name> <reference anchor="ISO10589"> <front><title>Intermediate system<title>Information technology -- Telecommunications and information exchange between systems -- Intermediate System to IntermediatesystemSystem intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless-modeNetwork Servicenetwork service (ISO 8473)</title> <seriesInfo name="ISO/IEC" value="10589:2002, Second Edition"/> <author> <organization abbrev="ISO">International Organization for Standardization</organization> </author> <datemonth="Nov"month="November" year="2002"/> </front><seriesInfo name="ISO/IEC" value="10589:2002, Second Edition"/></reference><?rfc include="reference.RFC.2119"?> <?rfc include="reference.RFC.3563"?> <?rfc include="reference.RFC.5304"?> <?rfc include="reference.RFC.5305"?> <?rfc include="reference.RFC.5310"?> <?rfc include="reference.RFC.6232"?> <?rfc include="reference.RFC.6233"?> <?rfc include="reference.RFC.8174"?><xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3563.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5304.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5305.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5310.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6232.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6233.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <referenceanchor="TLV_CODEPOINTS">anchor="TLV_CODEPOINTS" target="https://www.iana.org/assignments/isis-tlv-codepoints/"> <front> <title>IS-IS TLVCodepoints web page (https://www.iana.org/assignments/isis-tlv-codepoints/isis-tlv-codepoints.xhtml)</title>Codepoints</title> <author> <organization>IANA</organization> </author><date/></front> </reference> </references><references title="Informative References"> <?rfc include="reference.RFC.3359"?> <?rfc include="reference.RFC.7356"?> <?rfc ?><references> <name>Informative References</name> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3359.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7356.xml"/> </references> </references> <section anchor="Acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank <contact fullname="Alvaro Retana"/>.</t> </section> </back> </rfc>