Internet-Draft IS-IS Database Fingerprinting July 2026
Westphal & Przygienda Expires 2 January 2027 [Page]
Workgroup:
Network Working Group
Published:
Intended Status:
Standards Track
Expires:
Authors:
R. Westphal
NetDEF
T. Przygienda
HPE Juniper Networking

IS-IS Database Fingerprinting

Abstract

In large IS-IS networks it is useful to quickly verify whether the link-state databases on all routers have synchronized properly and to derive a rough metric of flooding diffusion behavior. This document proposes a lightweight database fingerprinting mechanism for IS-IS along with YANG model extensions providing easy access to such information.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 January 2027.

Table of Contents

1. Introduction

In large IS-IS networks in stable state it is useful to observe whether all databases have synchronized properly and derive the delays involved in the propagation of information across the network.

This document defines a database fingerprinting mechanism that allows for quick validation of database synchronization across all nodes. A node implementing this specification computes a fingerprint over all fragments per level. The fingerprint includes the time difference from the last fingerprint change which facilitates measurement of flooding behavior across the network.

Aged out LSPs are excluded from the fingerprint calculation.

A reference checksum algorithm for a fragment is given in Appendix A. The overall fingerprint is the XOR of all fragment checksums.

2. Yang Extensions for Database Fingerprint

2.1. Tree for the YANG Data Model

This document uses the graphical representation of data models per [RFC8340].

The following shows the tree diagram of the module:

      module: ietf-isis-database-checksumming

        augment /rt:routing/rt:control-plane-protocols
                  /rt:control-plane-protocol/isis:isis
                  /isis:database/isis:levels:
          +--rw fingerprint
             +--rw value?         uint64
             +--rw last-update?   uint32

2.2. YANG Data Model

The following is the YANG module:

<CODE BEGINS> file "ietf-isis-database-checksumming@2026-06-26.yang"

module ietf-isis-database-checksumming {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-isis-database-checksumming";
  prefix isis-db-csum;

  import ietf-routing {
    prefix rt;
    reference
      "RFC 8349: A YANG Data Model for Routing
       Management (NMDA Version)";
  }
  import ietf-isis {
    prefix isis;
    reference
      "RFC 9130: YANG Data Model for the IS-IS Protocol";
  }

  organization
    "IETF LSR - LSR Working Group";
  contact
    "WG Web:   <https://datatracker.ietf.org/wg/lsr>
     WG List:  <mailto:mpls@ietf.org>

     Author:    Renato Westphal
               <renato@netdef.org>
     Author:    Tony Przygienda
               <mailto:antoni.przygienda@hpe.com>
     Author:    Colby Barth
               <mailto:colby.barth@hpe.com>
    ";
  description
    "The YANG module augments the base IS-IS YANG data model with
     operational state related to IS-IS LSDB fingerprinting.

     Copyright (c) 2026 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
     for full legal notices.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.";
  reference
    "RFC XXXX: IS-IS Database Fingerprinting";

  revision 2026-06-26 {
    description
      "Initial Version";
    reference
      "RFC XXXX: IS-IS Database Fingerprinting";
  }

  /* LSDB fingerprint */

  augment "/rt:routing/rt:control-plane-protocols/"
        + "rt:control-plane-protocol/isis:isis/isis:database/"
        + "isis:levels" {
    when "derived-from-or-self(../../../rt:type, 'isis:isis')" {
      description
        "This augment ISIS routing protocol when used";
    }
    container fingerprint {
      description
        "Information about the LSDB fingerprint for this level.";
      leaf value {
        type uint64;
        description
          "A 64-bit fingerprint derived from the set of LSPs at this
           level.

           The fingerprint is computed by XOR-combining a per-LSP
           component value for each LSP whose remaining lifetime is
           non-zero. The per-LSP component value is derived from the
           LSP identifier, the LSP checksum, and the LSP length, as
           specified in Appendix A of RFC XXXX.

           The fingerprint is intended for detecting potential LSDB
           synchronization differences. Different values indicate
           different LSDB contents; identical values do not guarantee
           equivalence due to possible collisions.";
      }
      leaf last-update {
        type uint32;
        units "seconds";
        description
          "Time elapsed since the fingerprint for this level's LSDB
           was last updated.";
      }
    }
  }
}

<CODE ENDS>

3. Security Considerations

The fingerprint mechanism defined in this document is purely informational and does not influence protocol behavior. It does not introduce new attack vectors beyond those inherent in IS-IS itself. The fingerprint value is derived from information already present in the LSDB and does not leak additional data.

4. Acknowledgments

TBD

5. Normative References

[RFC8340]
Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, , <https://www.rfc-editor.org/info/rfc8340>.

6. Informative References

Appendix A. Checksum Reference Algorithm

<CODE BEGINS>
    pub(crate) fn lsdb_fingerprint_component(&self) -> u64 {
        let mut result: u64 = 0;
        let system_id: &[u8] = self.lsp_id.system_id.as_ref();
        for i in system_id.iter().chain(&[self.lsp_id.pseudonode]) {
            result <<= 8;
            result ^= *i as u64;
        }
        // fragment checksum
        result ^= (self.cksum as u64) << 48;
        // This is equal to the PDU length advertised by the fragment
        result ^= (self.raw.len() as u64) << 32;
        result
    }
<CODE ENDS>
Figure 1

Authors' Addresses

Renato Westphal
NetDEF
Tony Przygienda
HPE Juniper Networking