Network Working Group A. Lindem Internet-Draft LabN Consulting LLC Intended status: Standards Track K. Patel Expires: 6 January 2024 Arrcus, Inc S. Zandi LinkedIn J. Haas Juniper Networks, Inc X. Xu China Mobile 5 July 2023 BGP Logical Link Discovery Protocol (LLDP) Peer Discovery draft-acee-idr-lldp-peer-discovery-16 Abstract Link Layer Discovery Protocol (LLDP) or IEEE Std 802.1AB is implemented in networking equipment from many vendors. It is natural for IETF protocols to avail this protocol for simple discovery tasks. This document describes how BGP would use LLDP to discover directly connected and 2-hop peers when peering is based on loopback addresses. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 6 January 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. Lindem, et al. Expires 6 January 2024 [Page 1] Internet-Draft BGP LLDP Peer Discovery July 2023 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 1.1.1. Requirements Language . . . . . . . . . . . . . . . . 3 2. LLDP Extensions . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. LLDP IETF Organizationally Specific TLV Format . . . . . 3 2.2. BGP Config OS-TLV Format . . . . . . . . . . . . . . . . 4 2.2.1. BGP Config OS-TLV - Peering Address Sub-TLV . . . . . 4 2.2.2. BGP Config OS-TLV - BGP Local AS Sub-TLV . . . . . . 5 2.2.3. BGP Config OS-TLV - BGP Identifier Sub-TLV . . . . . 6 2.2.4. BGP Config OS-TLV - Session Group-ID Sub-TLV . . . . 7 2.2.5. BGP Config OS-TLV - BGP Session Capabilities Sub-TLV . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.6. BGP Config OS-TLV - Key Chain Sub-TLV . . . . . . . . 8 2.2.7. BGP Config OS-TLV - Local Address Sub-TLV . . . . . . 9 2.2.8. BGP Config OS-TLV - BGP State Version Sub-TLV . . . . 10 3. BGP LLDP Peer Discovery Operations . . . . . . . . . . . . . 11 3.1. Advertising BGP Speaker . . . . . . . . . . . . . . . . . 11 3.2. Receiving BGP Speaker . . . . . . . . . . . . . . . . . . 12 3.3. Updating or Deleting Auto-Discovery Parameters . . . . . 13 4. LLDP Authentication/Encryption . . . . . . . . . . . . . . . 14 5. Security Considerations . . . . . . . . . . . . . . . . . . . 14 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 6.1. IANA Assigned LLDP Subtype . . . . . . . . . . . . . . . 14 6.2. BGP Config LLDP OS-TLV Sub-TLVs . . . . . . . . . . . . . 14 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 15 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.1. Normative References . . . . . . . . . . . . . . . . . . 15 8.2. Informative References . . . . . . . . . . . . . . . . . 16 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 Lindem, et al. Expires 6 January 2024 [Page 2] Internet-Draft BGP LLDP Peer Discovery July 2023 1. Introduction Link Layer Discovery Protocol (LLDP) [LLDP] or IEEE Std 802.1AB is implemented in networking equipment from many vendors. It is natural for IETF protocols to avail this protocol for simple discovery tasks. This document describes how BGP [RFC4271] would use LLDP to discover directly connected and 2-hop peers when peering is based on loopback addresses. 1.1. Requirements Notation 1.1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. LLDP Extensions 2.1. LLDP IETF Organizationally Specific TLV Format The format of the LLDP IETF Organizationally Specific TLV (OS-TLV) is defined in [LLDP]. It is shown below for completeness. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (127) | Length | OUI (3 Octets) 00-00-5E | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OUI Continued | Subtype | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... (Up to 507 Octets) | Type IETF Organizationally Specific TLV type value, 127. Length The length of the remainder of the TLV. OUI IETF Organizationally unique identifier for the organization's OUI. For IANA, this is value is 00-00-5E as specified in [IEEE-802-IANA]. Subtype IETF specific subtype Value Value for organizationally specific TLV. The Length of the value is 4 octets less than the TLV length. Lindem, et al. Expires 6 January 2024 [Page 3] Internet-Draft BGP LLDP Peer Discovery July 2023 Figure 1: LLDP IETF Organizationally Specific TLV The OUI for IANA was allocated in section 1.4 of [RFC7042]. This document requests creation of a registry for IETF specific sub-types for LLDP IETF Organizationally Specific TLVs. 2.2. BGP Config OS-TLV Format The BGP Config IETF Organizationally Specific TLV (OS-TLV) will be used to advertise BGP configuration information. The configuration information will be composed of Sub-TLVs. Since the length is limited to 507 octets, multiple BGP Config OS-TLVs could be included in a single LLDP advertisement. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (127) | Length | OUI (3 Octets) 00-00-5E | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |OUI Continued | TBD | BGP Config Sub-TLVs ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... (Up to 507 Octets) | Length The length of the BGP TLV. Subtype IETF specific subtype for BGP Config OS-TLV. The value shall be TBD. Value BGP Config Sub-TLVs each with a 1 byte Type and Length. The Length will include solely the value portion of the TLV and not the Type and Length fields themselves. 2.2.1. BGP Config OS-TLV - Peering Address Sub-TLV The BGP OS-TLV Peering Address Sub-TLV will be used to advertise the local IP addresses used for BGP sessions and the associated address families specified by AFI/SAFI tuples. The AFI/SAFI tuple, 0/0, indicates to use the associated peering address for all locally configured address families without an explicit peering address specification. As always, the address families supported for a given BGP session will be determined during capabilities negotiation [RFC4760]. It is RECOMMENDED that the wildcard AFI/SAFI be used in deployments with fairly homogenous address family usage. Lindem, et al. Expires 6 January 2024 [Page 4] Internet-Draft BGP LLDP Peer Discovery July 2023 The format of the BGP Peering Address Sub-TLV is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (1) | Length | Address Family| IPv4/IPv6 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ IPv4/IPv6 Peering Address ... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AFI | SAFI | o o o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 1. Length The Sub-TLV length in octets will be 4 for IPv4 or 16 for IPv6 plus 3 times the number of AFI/SAFI tuples. Address IANA Address family (1 for IPv4 or 2 for IPv6) Family Peering An IPv4 address (4 octets) or an IPv6 address (16 octets) Address AFI/SAFI One or more AFI/SAFI tuples for BGP session using this Pairs peering address. The AFI/SAFI tuple, 0/0, is a wildcard indicating to attempt negotiation for all AFI/SAFIs. 2.2.2. BGP Config OS-TLV - BGP Local AS Sub-TLV The BGP Config OS-TLV Local AS Sub-TLV will be used to advertise the 4-octet local Autonomous System (AS) number(s). For AS transitions, a second local AS number may be specified. The format of the BGP Local AS Sub-TLV is shown below. Lindem, et al. Expires 6 January 2024 [Page 5] Internet-Draft BGP LLDP Peer Discovery July 2023 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (2) |Length (4 or 8)| Local AS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Local AS | Optional Second Local AS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Optional Second Local AS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 2. Length The Sub-TLV Length will be 4 or 8 octets. Local AS Local Autonomous System (AS) Second Local AS Local Autonomous System (AS) 2.2.3. BGP Config OS-TLV - BGP Identifier Sub-TLV The BGP Config OS-TLV BGP Identifier Sub-TLV will be used to advertise the 4-octet local BGP Identifier. The BGP Identifier is used for debugging purposes and possibly to reduce the likelihood of BGP connection collisions. The format of the BGP Identifier Sub-TLV is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (3) | Length (4) | BGP Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 3. Length The Sub-TLV Length will be 4 octets. BGP Identifier Local BGP Identifier (aka, BGP Router ID) Lindem, et al. Expires 6 January 2024 [Page 6] Internet-Draft BGP LLDP Peer Discovery July 2023 2.2.4. BGP Config OS-TLV - Session Group-ID Sub-TLV The BGP Config OS-TLV Session Group-ID Sub-TLV is an opaque 4-octet value that is used to represent a category of BGP session that is supported on the interface. The format of the Session Group-ID Sub- TLV is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (4) | Length (4) | Session Group-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session Group-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 4. Length The Sub-TLV Length will be 4 octets. Session Group-ID The session group-id used to indicate a class or category of BGP session supported on the interface. 2.2.5. BGP Config OS-TLV - BGP Session Capabilities Sub-TLV The BGP Config OS-TLV Session Capabilities Sub-TLV will be used to advertise an 8-octet Session Capabilities field. The session capabilities are represented as bit flags identifying the supported BGP session capabilities. The format of the BGP Session Capabilities Sub-TLV is shown below. Lindem, et al. Expires 6 January 2024 [Page 7] Internet-Draft BGP LLDP Peer Discovery July 2023 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (5) | Length (8) | Session Capabilities | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session Capabilities | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session Capabilities | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 5. Length The Sub-TLV Length will be 8 octets. Session Bit fields identify BGP session capabilities Capabilities The BGP Session Capabilities is an 8-octet bit field. The most significant bit is the first bit (Bit 1) of the Session Capabilities. The following bits are defined: Bit 1: This bit indicates support for TCP MD5 authentication [TCP-MD5]. Bit 2: This bit indicates support for TCP-AO authentication [TCP-AO]. Bit 3: This bit indicates support for Generalized TTL Security Mechanism (GTSM) [GTSM] with a configured TTL range of 254-255. TCP MD5 authentication is described in [RFC2385]. The TCP Authentication Option (TCP-AO) is described in [RFC5925]. The Generalized TTL Security Mechanism (GTSM) is described in [RFC5082]. If both TCP MD5 authentication and TCP-AO authentication are specified and TCP-AO is supported, it will take precedence. 2.2.6. BGP Config OS-TLV - Key Chain Sub-TLV The BGP Config OS-TLV Key Chain Sub-TLV is a string specifying the name for the key chain used for session authentication. Key chains [RFC8177] are a commonly used for protocol authentication and encryption key specification. Given the limited length of all BGP configuration information, the key chain name will be limited to 64 characters and will not include a trailing string delimiter. The format of the Session Group-ID Sub-TLV is shown below. Lindem, et al. Expires 6 January 2024 [Page 8] Internet-Draft BGP LLDP Peer Discovery July 2023 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (6) |Length (1 - 64)| Key Chain Name | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Chain Name (Up to 64 Octets) | O O O | O | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 6. Length The Sub-TLV Length will be 1 - 64 octets. Key Chain Name The name of a key chain to be used for MD5 or TCP-AO authentication. 2.2.7. BGP Config OS-TLV - Local Address Sub-TLV The BGP OS-TLV Local Address Sub-TLV will be used to advertise a local IP addresses used for BGP next-hops. Advertising a local interface address is useful when the address family is different from the advertised BGP peering address. The format of the BGP Local Interface Address Sub-TLV is shown below. Lindem, et al. Expires 6 January 2024 [Page 9] Internet-Draft BGP LLDP Peer Discovery July 2023 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (7) | Length | Address Family| IPv4/IPv6 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ IPv4/IPv6 Local Address ... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 7. Length The Sub-TLV length in octets will be 4 for IPv4 or 16 for IPv6 plus 3 times the number of AFI/SAFI tuples. Address IANA Address family (1 for IPv4 or 2 for IPv6) Family Local An IPv4 address (4 octets) or an IPv6 address (16 octets) Address 2.2.8. BGP Config OS-TLV - BGP State Version Sub-TLV The BGP OS-TLV Version Sub-TLV will be used to advertise a monotonically increasing version. This version will indicate if any local BGP state that may impact BGP session establishment has changed. Changes can range from anything as obvious a change in local peering address to more indirect changes such as the modification of the key-chain being advertised. The format of the BGP State Version Sub-TLV is shown below. Lindem, et al. Expires 6 January 2024 [Page 10] Internet-Draft BGP LLDP Peer Discovery July 2023 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (3) | Length (4) | BGP State Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP State Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The Sub-TLV Type value shall be 8. Length The Sub-TLV Length will be 4 octets. BGP State Version BGP State Version - Monotonically increasing version number indicating if any local state that may effect BGP session establishment has changed. 3. BGP LLDP Peer Discovery Operations The simple use case is to just use the peer address advertised in the LLDP Packet Data Unit (PDU) to establish a 1-hop BGP peer session. This can be used in data centers using BGP as described in [RFC7938]. The use case where a loopback address or other local address is advertised as the peering address is also supported. However, reachabiliy to a peering address other than the interface address is beyond the scope of this document. 3.1. Advertising BGP Speaker A BGP speaker MAY advertise its BGP peering address in an LLDP PDU for a link using the BGP Local Address Sub-TLV of the BGP-OS TLV. This can be an IPv4 or IPv6 local address associated with the LLDP link for 1-hop peering. For 2-hop peering, it could be a loopback address or any other address that is local to the node but not the LLDP link. As noted above, reachability to the loopback address is beyond the scope of this document. A BGP speaker MAY advertise its local AS number using the BGP Local AS Sub-TLV of the BGP-OS TLV. During AS transitions, a second local AS number may be included in the Local AS Sub-TLV. The local BGP identifier may also be advertised using the BGP Identifier Sub-TLV of the BGP-OS TLV. While not specifically required for session establishment, the values may be used for validation, trouble- shooting, and connection collision avoidance. A BGP speaker may also announce a Session Group-ID indicating the class or category of Lindem, et al. Expires 6 January 2024 [Page 11] Internet-Draft BGP LLDP Peer Discovery July 2023 session(s) supported and/or mapping to a set of session parameters. Additionally, a BGP speaker MAY also announce relevant capabilities using BGP Session Capabilities Sub-TLV of the BGP-OS TLV. If TCP MD5 authentication [RFC2385] or TCP Authentication Option (TCP-AO) [RFC5925] is to be used on the session, the Key Chain Sub- TLV of the BGP-OS TLV MAY be used to specify the key chain name. 3.2. Receiving BGP Speaker A BGP speaker configured for LLDP peer discovery WILL attempt to establish BGP sessions using the address in the BGP Local Address Sub-TLV of BGP-OS TLV format. If the peering address is directly accessible over the link on which the LLDP PDU is received, the BGP speaker will attempt to establish a 1-hop BGP session with the peer. If the received BGP Peering Address is not directly accessible over the link, the peer must be reachable for the session to be established and the mechanisms for establishing reachability are beyond the scope of this specification. If the BGP speaker receives the same BGP peering address in LLDP PDUs received on multiple links, it will not establish multiple sessions. Rather, a single 2-hop session will be established. When the deployment of address families is fairly homogenous across the deployment, the wildcard AFI/SAFI can be utilized to simplify LLDP advertisement. When there is variance in the address families supported, usage of the wildcard could result in session establishment delay due to capabilities negotiation [RFC5492]. A BGP speaker MAY receive a remote neighbor's local AS number(s) in an LLDP PDU in the BGP Local AS Sub-TLV of the BGP-OS TLV. A BGP speaker MAY use the received local AS number(s) to perform validation checking of the AS received in the OPEN message. A BGP speaker MAY receive a remote neighbor's BGP Identifier in the BGP Identifier Sub- TLV of the BGP-OS TLV. This can be used to avoid connection collisions by delaying session establishment if the remote BGP Identifier is greater than the receiving speaker's BGP Identifier. A BGP speaker MAY receive a Session Group-ID Sub-TLV in the LLDP BGP- OS TLV. This Session Group-ID may be used for validation and/or mapping the session to a particular set of session parameters. For example, the Session Group-ID could be mapped to a spine, leaf, or Top-of-Rack (ToR) session in a data center deployment and can be used to detect cabling problems when an unexpected Session Group-ID is received. Lindem, et al. Expires 6 January 2024 [Page 12] Internet-Draft BGP LLDP Peer Discovery July 2023 Additionally, A BGP speaker MAY receive a remote neighbor's capabilities in LLDP in the BGP Session Capabilities Sub-TLV of the BGP-OS TLV. A BGP speaker MAY use the received capabilities to ensure appropriate local neighbor configuration in order to facilitate session establishment. If TCP MD5 authentication [RFC2385]. or TCP Authentication Option (TCP-AO) [RFC5925] is to be used on the session as determined either via the Session Capabilities Sub-TLV, Session Group-ID, or local policy, the key chain name in the Key Chain Sub-TLV of the BGP-OS TLV MAY be used to identify the correct key chain [RFC8177]. The BGP State Version associated with the LLDP peer SHOULD be retained to determine whether anything impacting BGP session establishment has changed. When session establishment fails, this can be used to avoid back-off on attempting to establish a BGP session when nothing has changed on the peer or locally. 3.3. Updating or Deleting Auto-Discovery Parameters A BGP speaker MAY change or delete any BGP LLDP auto-discovery parameter by simply updating or removing the corresponding Sub-TLV previously advertised in the BGP-OS TLV. Additionally, the BGP State Version Sub-TLV should be advertised with the version incremented from the previous version. The BGP speaker(s) receiving the advertisement will update or delete the changed or deleted auto- discovery parameters. However, there will be no change to existing BGP sessions with the advertising BGP Speaker. Changes to existing BGP sessions are the purview of the BGP protocol and are beyond the scope of this document. Since LLDP information is cumulative, reception of an LLDP PDU without the BGP-OS TLV indicates that BGP LLDP auto-discovery has been disabled for the BGP speaker and all parameters learnt during BGP LLDP auto-discovery SHOULD be deleted. As above, changes to existing BGP sessions are beyond the scope of this document. The LLDP Multi-Frame extension [LLDP-MULTIFRAME] removes the limit on a LLDP PDU being fitting in a single layer 2 frame. This will increase the number of TLVs which can be contained in LLDP PDU and the applicablity of LLDP as a BGP discovery protocol. The specificaiton of the LLDP API for BGP and other applications is beyond the scope of this document. However, it is RECOMMENDED that the LLDP BGP TLVs only be delivered to BGP when a complete LLDP PDU is received. Lindem, et al. Expires 6 January 2024 [Page 13] Internet-Draft BGP LLDP Peer Discovery July 2023 4. LLDP Authentication/Encryption The IEEE 802.1AE [MACsec] standard can be used for encryption and/or authentication to provide privacy and integrity. MACsec utilizes the Galois/Counter Mode Advanced Encryption Standard (AES-GCM) for authenticated encryption and Galois Message Authentication Code (GMAC) if only authentication, but not encryption is required. The MACsec Key Agreement (MKA) is included as part of the IEEE 802.1X-20200 Port-Based Network Access Control Standard [MKA]. The purpose of MKA is to provide a method for discovering MACsec peers and negotiating the security keys needed to secure the link. 5. Security Considerations This security considerations for BGP [RFC4271] apply equally to this extension. Additionally, BGP peering address discovery should only be done on trusted links (e.g., in a data center network) since LLDP packets are not authenticated or encrypted [LLDP]. LLDP Authentication and/or encryption can provided as described in section Section 4. 6. IANA Considerations 6.1. IANA Assigned LLDP Subtype IANA is requested to assign a code point in the IANA Link Layer Discovery Protocol (LLDP) TLV Sub-Types Registry for BGP configuration. The value is TBD. 6.2. BGP Config LLDP OS-TLV Sub-TLVs IANA is requested to create a registry for Sub-TLVs of the BGP Config LLDP OS-TLV. Assignments are requested as specified in the table below. Lindem, et al. Expires 6 January 2024 [Page 14] Internet-Draft BGP LLDP Peer Discovery July 2023 +-------------+-----------------------------------+ | Range | Assignment Policy | +-------------+-----------------------------------+ | 0 | Reserved (not to be assigned) | | | | | 1 | Peering Address | | | | | 2 | Local AS | | | | | 3 | BGP Identifier | | | | | 4 | Session Group-ID | | | | | 5 | Session Capabilities | | | | | 6 | Key Chain Name | | | | | 7 | Local Address | | | | | 8 | BGP State Version | | | | | 9-127 | Unassigned (IETF Review) | | | | | 128-254 | Reserved (Not to be assigned now) | | | | | 255 | Reserved (not to be assigned) | +-------------+-----------------------------------+ Figure 2: LLDP BGP Config OS-TLV Types * Types in the range 9-127 are to be assigned subject to IETF Review. New values are assigned only through RFCs that have been shepherded through the IESG as AD-Sponsored or IETF WG Documents [RFC5226]. * Types in the range 128-254 are reserved and not to be assigned at this time. Before any assignments can be made in this range, there MUST be a Standards Track RFC that specifies IANA Considerations that covers the range being assigned. 7. Contributors Contributors' Addresses 8. References 8.1. Normative References Lindem, et al. Expires 6 January 2024 [Page 15] Internet-Draft BGP LLDP Peer Discovery July 2023 [LLDP] IEEE, "IEEE Standard for Local and metropolitan area networks-- Station and Media Access Control Connectivity Discovery Corrigendum 2: Technical and Editorial Corrections", IEEE 802.1AB-2009/Cor 2-2015, DOI 10.1109/ieeestd.2015.7056401, 9 March 2015, . [LLDP-MULTIFRAME] IEEE, "IEEE Standard for Local and metropolitan area networks-- Station and Media Access Control Connectivity Discovery Amendment 2: Support for Multiframe Protocol Data Units", IEEE 802.1ABdh-2021, DOI 10.1109/IEEESTD.2022.9760302, 19 April 2022, . [MACsec] IEEE, "IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Security", IEEE Standard 802.1AE-2018, 27 September 2018. [MKA] IEEE, "IEEE Standard for Local and metropolitan area networks - Port Based Network Access Control", IEEE Standard 802.1X-2020, 30 January 2020. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 8.2. Informative References [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 Signature Option", RFC 2385, DOI 10.17487/RFC2385, August 1998, . [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, DOI 10.17487/RFC4760, January 2007, . Lindem, et al. Expires 6 January 2024 [Page 16] Internet-Draft BGP LLDP Peer Discovery July 2023 [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. Pignataro, "The Generalized TTL Security Mechanism (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, . [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", RFC 5226, DOI 10.17487/RFC5226, May 2008, . [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement with BGP-4", RFC 5492, DOI 10.17487/RFC5492, February 2009, . [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, . [RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and IETF Protocol and Documentation Usage for IEEE 802 Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042, October 2013, . [RFC7938] Lapukhov, P., Premji, A., and J. Mitchell, Ed., "Use of BGP for Routing in Large-Scale Data Centers", RFC 7938, DOI 10.17487/RFC7938, August 2016, . [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. Zhang, "YANG Data Model for Key Chains", RFC 8177, DOI 10.17487/RFC8177, June 2017, . Appendix A. Acknowledgments Thanks to Sujay Gupta and Paul Congdon for review and comments. Thanks to Donald Eastlake for guidance on IANA LLDP TLV Subtype assignment. Thanks to Dan Romascanu for review of the IANA considerations. Authors' Addresses Acee Lindem LabN Consulting LLC 301 Midenhall Way Cary, NC 27513 United States of America Lindem, et al. Expires 6 January 2024 [Page 17] Internet-Draft BGP LLDP Peer Discovery July 2023 Email: acee.ietf@gmail.com Keyur Patel Arrcus, Inc Email: keyur@arrcus.com Shawn Zandi LinkedIn 222 2nd Street San Francisco, CA 94105 United States of America Email: szandi@linkedin.com Jeff Haas Juniper Networks, Inc 1133 Innovation, Inc. Sunnyvale, CA 94089 United States of America Email: jhaas@juniper.net Xiaohu Xu China Mobile Email: 13910161692@qq.com Lindem, et al. Expires 6 January 2024 [Page 18]