Stream: Internet Engineering Task Force (IETF) RFC: 8994 Category: Standards Track Published: May 2021 ISSN: 2070-1721 Authors: T. Eckert, Ed. M. Behringer, Ed.S. Bjarnason Futurewei USA Arbor Networks RFC 8994 An Autonomic Control Plane (ACP) Abstract Autonomic functions need a control plane to communicate, which depends on some addressing and routing. This Autonomic Control Plane should ideally be self-managing and be as independent as possible of configuration. This document defines such a plane and calls it the "Autonomic Control Plane", with the primary use as a control plane for autonomic functions. It also serves as a "virtual out-of-band channel" for Operations, Administration, and Management (OAM) communications over a network that provides automatically configured, hop-by-hop authenticated and encrypted communications via automatically configured IPv6 even when the network is not configured or is misconfigured. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8994. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions Eckert, et al. Standards Track Page 1 RFC 8994 An Autonomic Control Plane (ACP) May 2021 with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction (Informative) 1.1. Applicability and Scope 2. Acronyms and Terminology (Informative) 3. Use Cases for an Autonomic Control Plane (Informative) 3.1. An Infrastructure for Autonomic Functions 3.2. Secure Bootstrap over an Unconfigured Network 3.3. Permanent Reachability Independent of the Data Plane 4. Requirements (Informative) 5. Overview (Informative) 6. Self-Creation of an Autonomic Control Plane (ACP) (Normative) 6.1. Requirements for the Use of Transport Layer Security (TLS) 6.2. ACP Domain, Certificate, and Network 6.2.1. ACP Certificates 6.2.2. ACP Certificate AcpNodeName 6.2.2.1. AcpNodeName ASN.1 Module 6.2.3. ACP Domain Membership Check 6.2.3.1. Realtime Clock and Time Validation 6.2.4. Trust Anchors (TA) 6.2.5. Certificate and Trust Anchor Maintenance 6.2.5.1. GRASP Objective for EST Server 6.2.5.2. Renewal 6.2.5.3. Certificate Revocation Lists (CRLs) 6.2.5.4. Lifetimes 6.2.5.5. Reenrollment 6.2.5.6. Failing Certificates 6.3. ACP Adjacency Table Eckert, et al. Standards Track Page 2 RFC 8994 An Autonomic Control Plane (ACP) May 2021 6.4. Neighbor Discovery with DULL GRASP 6.5. Candidate ACP Neighbor Selection 6.6. Channel Selection 6.7. Candidate ACP Neighbor Verification 6.8. Security Association (Secure Channel) Protocols 6.8.1. General Considerations 6.8.2. Common Requirements 6.8.3. ACP via IPsec 6.8.3.1. Native IPsec 6.8.3.1.1. RFC 8221 (IPsec/ESP) 6.8.3.1.2. RFC 8247 (IKEv2) 6.8.3.2. IPsec with GRE Encapsulation 6.8.4. ACP via DTLS 6.8.5. ACP Secure Channel Profiles 6.9. GRASP in the ACP 6.9.1. GRASP as a Core Service of the ACP 6.9.2. ACP as the Security and Transport Substrate for GRASP 6.9.2.1. Discussion 6.10. Context Separation 6.11. Addressing inside the ACP 6.11.1. Fundamental Concepts of Autonomic Addressing 6.11.2. The ACP Addressing Base Scheme 6.11.3. ACP Zone Addressing Sub-Scheme (ACP-Zone) 6.11.4. ACP Manual Addressing Sub-Scheme (ACP-Manual) 6.11.5. ACP Vlong Addressing Sub-Scheme (ACP-Vlong-8/ACP-Vlong-16) 6.11.6. Other ACP Addressing Sub-Schemes 6.11.7. ACP Registrars 6.11.7.1. Use of BRSKI or Other Mechanisms or Protocols 6.11.7.2. Unique Address/Prefix Allocation 6.11.7.3. Addressing Sub-Scheme Policies Eckert, et al. Standards Track Page 3 RFC 8994 An Autonomic Control Plane (ACP) May 2021 6.11.7.4. Address/Prefix Persistence 6.11.7.5. Further Details 6.12. Routing in the ACP 6.12.1. ACP RPL Profile 6.12.1.1. Overview 6.12.1.1.1. Single Instance 6.12.1.1.2. Reconvergence 6.12.1.2. RPL Instances 6.12.1.3. Storing vs. Non-Storing Mode 6.12.1.4. DAO Policy 6.12.1.5. Path Metrics 6.12.1.6. Objective Function 6.12.1.7. DODAG Repair 6.12.1.8. Multicast 6.12.1.9. Security 6.12.1.10. P2P Communications 6.12.1.11. IPv6 Address Configuration 6.12.1.12. Administrative Parameters 6.12.1.13. RPL Packet Information 6.12.1.14. Unknown Destinations 6.13. General ACP Considerations 6.13.1. Performance 6.13.2. Addressing of Secure Channels 6.13.3. MTU 6.13.4. Multiple Links between Nodes 6.13.5. ACP Interfaces 6.13.5.1. ACP Loopback Interfaces 6.13.5.2. ACP Virtual Interfaces 6.13.5.2.1. ACP Point-to-Point Virtual Interfaces 6.13.5.2.2. ACP Multi-Access Virtual Interfaces Eckert, et al. Standards Track Page 4 RFC 8994 An Autonomic Control Plane (ACP) May 2021 7. ACP Support on L2 Switches/Ports (Normative) 7.1. Why (Benefits of ACP on L2 Switches) 7.2. How (per L2 Port DULL GRASP) 8. Support for Non-ACP Components (Normative) 8.1. ACP Connect 8.1.1. Non-ACP Controller and/or Network Management System (NMS) 8.1.2. Software Components 8.1.3. Autoconfiguration 8.1.4. Combined ACP and Data Plane Interface (VRF Select) 8.1.5. Use of GRASP 8.2. Connecting ACP Islands over Non-ACP L3 Networks (Remote ACP Neighbors) 8.2.1. Configured Remote ACP Neighbor 8.2.2. Tunneled Remote ACP Neighbor 8.2.3. Summary 9. ACP Operations (Informative) 9.1. ACP (and BRSKI) Diagnostics 9.1.1. Secure Channel Peer Diagnostics 9.2. ACP Registrars 9.2.1. Registrar Interactions 9.2.2. Registrar Parameters 9.2.3. Certificate Renewal and Limitations 9.2.4. ACP Registrars with Sub-CA 9.2.5. Centralized Policy Control 9.3. Enabling and Disabling the ACP and/or the ANI 9.3.1. Filtering for Non-ACP/ANI Packets 9.3.2. "admin down" State 9.3.2.1. Security 9.3.2.2. Fast State Propagation and Diagnostics 9.3.2.3. Low-Level Link Diagnostics 9.3.2.4. Power Consumption Issues Eckert, et al. Standards Track Page 5 RFC 8994 An Autonomic Control Plane (ACP) May 2021 9.3.3. Enabling Interface-Level ACP and ANI 9.3.4. Which Interfaces to Auto-Enable? 9.3.5. Enabling Node-Level ACP and ANI 9.3.5.1. Brownfield Nodes 9.3.5.2. Greenfield Nodes 9.3.6. Undoing "ANI/ACP enable" 9.3.7. Summary 9.4. Partial or Incremental Adoption 9.5. Configuration and the ACP (Summary) 10. Summary: Benefits (Informative) 10.1. Self-Healing Properties 10.2. Self-Protection Properties 10.2.1. From the Outside 10.2.2. From the Inside 10.3. The Administrator View 11. Security Considerations 12. IANA Considerations 13. References 13.1. Normative References 13.2. Informative References Appendix A. Background and Future (Informative) A.1. ACP Address Space Schemes A.2. BRSKI Bootstrap (ANI) A.3. ACP Neighbor Discovery Protocol Selection A.3.1. LLDP A.3.2. mDNS and L2 Support A.3.3. Why DULL GRASP? A.4. Choice of Routing Protocol (RPL) A.5. ACP Information Distribution and Multicast A.6. CAs, Domains, and Routing Subdomains Eckert, et al. Standards Track Page 6 RFC 8994 An Autonomic Control Plane (ACP) May 2021 A.7. Intent for the ACP A.8. Adopting ACP Concepts for Other Environments A.9. Further (Future) Options A.9.1. Auto-Aggregation of Routes A.9.2. More Options for Avoiding IPv6 Data Plane Dependencies A.9.3. ACP APIs and Operational Models (YANG) A.9.4. RPL Enhancements A.9.5. Role Assignments A.9.6. Autonomic L3 Transit A.9.7. Diagnostics A.9.8. Avoiding and Dealing with Compromised ACP Nodes A.9.9. Detecting ACP Secure Channel Downgrade Attacks Acknowledgements Contributors Authors' Addresses 1. Introduction (Informative) Autonomic Networking is a concept of self-management: autonomic functions self-configure, and negotiate parameters and settings across the network. "Autonomic Networking: Definitions and Design Goals" [RFC7575] defines the fundamental ideas and design goals of Autonomic Networking. A gap analysis of Autonomic Networking is given in "General Gap Analysis for Autonomic Networking" [RFC7576]. The reference architecture for Autonomic Networking in the IETF is specified in the document "A Reference Model for Autonomic Networking" [RFC8993]. Autonomic functions need an autonomically built communications infrastructure. This infrastructure needs to be secure, resilient, and reusable by all autonomic functions. Section 5 of [RFC7575] introduces that infrastructure and calls it the Autonomic Control Plane (ACP).