wdiff draft-ietf-bfd-seamless-base-00.txt draft-ietf-bfd-seamless-base-01.txt

Internet Engineering Task Force N. Akiya
Internet-Draft C. Pignataro
Updates: 5880 (if approved) D. Ward
Intended status: Standards Track Cisco Systems
Expires: December 14, 28, 2014 M. Bhatia
Alcatel-Lucent
Ionos Networks
P. K. Santosh
Juniper Networks
June 12, 26, 2014

Seamless Bidirectional Forwarding Detection (S-BFD)
draft-ietf-bfd-seamless-base-00
draft-ietf-bfd-seamless-base-01

Abstract

This document defines a simplified mechanism to use Bidirectional
Forwarding Detection (BFD) with large portions of negotiation aspects
eliminated, thus providing benefits such as quick provisioning as
well as improved control and flexibility to network nodes initiating
the path monitoring.

This document updates RFC5880.

Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].

Status of This Memo

This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

This Internet-Draft will expire on December 14, 28, 2014.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Seamless BFD Overview Terminology . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . 3
3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4
4. BFD Target Identifier Types . . . . . . . . . . . . . . . . . 5
5. S-BFD UDP Port . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.
5. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5
7.
6. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7
8. 6
7. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7
8.1.
7.1. New State Variables . . . . . . . . . . . . . . . . . . . 7
8.2.
7.2. State Variable Initialization and Maintenance . . . . . . 8
9. Full Reachability Validations . . . . 7
8. S-BFD Procedures . . . . . . . . . . . . 8
9.1. Initiator Behavior . . . . . . . . . . 7
8.1. Initiator Procedures . . . . . . . . . 8
9.1.1. Initiator State machine . . . . . . . . . 7
8.1.1. SBFDInitiator State Machine . . . . . . 9
9.2. Responder Behavior . . . . . . . 8
8.1.2. Details of S-BFD Packet Sent by SBFDInitiator . . . . 9
8.2. Responder Procedures . . . . . . . . 10
9.2.1. Responder Demultiplexing . . . . . . . . . . 9
8.2.1. Responder Demultiplexing . . . . 10
9.2.2. Reflector BFD Session Procedures . . . . . . . . . . 10
9.3. Further Packet
8.2.2. Details of S-BFD Packet Sent by SBFDReflector . . . . . . . . . . . . . . . . . 12
9.4. 10
8.3. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 12
9.5. 10
8.4. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 13
9.6. 11
8.5. Control Plane Independent (C) . . . . . . . . . . . . . . 13
9.7. 11
8.6. Additional Initiator Behavior . . . SBFDInitiator Behaviors . . . . . . . . . . . 13
9.8. 11
8.7. Additional Responder Behavior . . SBFDReflector Behaviors . . . . . . . . . . . . 13
10. Partial Reachability Validations . . . . . . . . . . . . . . 14
11. 12
9. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 14
12. 12
10. Co-existence with Traditional BFD . . . . . . . . . . . . . . 15
13. 12
11. BFD Echo . . . . . . . . . . . . . . . . . . . . . . . . . . 15
14. 12
12. Security Considerations . . . . . . . . . . . . . . . . . . . 15
15. 13
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
16. 14
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16
17. 14
15. Contributing Authors . . . . . . . . . . . . . . . . . . . . 16
18. 14
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
18.1. 15
16.1. Normative References . . . . . . . . . . . . . . . . . . 17
18.2. 15
16.2. Informative References . . . . . . . . . . . . . . . . . 17 15

Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 18 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 17

1. Introduction

Bidirectional Forwarding Detection (BFD), [RFC5880] and related
documents, has efficiently generalized the failure detection
mechanism for multiple protocols and applications. There are some
improvements which can be made to better fit existing technologies.
There is a possibility of evolving BFD to better fit new
technologies. This document focuses on several aspects of BFD in
order to further improve efficiency, to expand failure detection
coverage and to allow BFD usage for wider scenarios. This document
extends BFD to provide solutions to use cases listed in
[I-D.ietf-bfd-seamless-use-case]. Because defined

One key aspect of the mechanism described in this document eliminates much of negotiation aspects of
the time between a network node wanting to perform a connectivity
test and completing the connectivity test. In traditional BFD terms,
the initial state changes from DOWN to UP is virtually nonexistent.
Removal of this seam (i.e. time delay) in BFD protocol, provides applications a
smooth and continuous operational experience. Therefore, "Seamless
BFD" (S-BFD) has been chosen as the name for this mechanism.

2. Seamless BFD Overview

Each Terminology

The reader is expected to be familiar with the BFD, IP and MPLS
terminologies and protocol instance (e.g. OSPF/IS-IS) allocates one or more BFD
discriminators on its network node, ensuring that constructs. This section describes
several new terminologies introduced by S-BFD.

o S-BFD - Seamless BFD.

o S-BFD packet - a BFD discriminators
allocated are unique within control packet on the well-known S-BFD port.

o Entity - a function on a network domain. Allocated BFD
discriminators may be advertised by the protocol. Required result is node that a protocol possess the knowledge of mapping between S-BFD mechanism allows
remote network
targets nodes to BFD discriminators. Each perform connectivity test to. An entity
can be abstract (ex: reachability) or specific (ex: IP addresses,
router-IDs, functions).

o SBFDInitiator - an S-BFD session on a network nodes will also create node that performs a
BFD
connectivity test to a remote entity by sending S-BFD packets.

o SBFDReflector - an S-BFD session instance on a network node that listens
for incoming BFD control S-BFD packets
with "your discriminator" having protocol allocated values. The
listener BFD session instance, upon receiving a BFD control packet
targeted to one of local entities and generates
response S-BFD packets.

o Reflector BFD session - synonymous with SBFDReflector.

o S-BFD discriminator values, will transmit - a
response BFD control packet back to the sender.

Once above setup discriminator allocated for a local
entity and is complete, any network node, understanding the
mapping between network targets to BFD discriminators, can quickly
perform reachability check to these network targets being listened by simply sending an SBFDReflector.

o BFD control packets with known discriminator - a BFD discriminator value as "your
discriminator".

For example:

<------- IS-IS Network ------->

+---------+ allocated for an
SBFDInitiator.

o Initiator - a network node hosting an SBFDInitiator.

o Responder - a network node hosting an SBFDReflector.

Below figure describes the relationship between S-BFD terminologies.

+---------------------+ +---------------------+
| Initiator |
A---------B---------C---------D
^ ^ | Responder |
SystemID SystemID
xxx yyy
BFD Discrim BFD Discrim
123 456

IS-IS with packet -->| SBFDReflector | |
| | +-------------+ | | | | +-------------+ | |
| | | BFD discrim | | | | | |S-BFD discrim| | |
| | +-------------+ |<-- S-BFD packet ---| +----------^--+ | |
| +-----------------+ | | +------------|----+ |
| | | | |
| | | +---v----+ |
| | | | Entity | |
| | | +--------+ |
+---------------------+ +---------------------+

Figure 1: S-BFD Terminology Relationship

3. Seamless BFD Overview

An S-BFD module on each network node allocates one or more S-BFD
discriminators for local entities, and creates a reflector BFD
session. Allocated S-BFD discriminators may be advertised by
applications (ex: OSPF/IS-IS). Required result is that applications,
on other network nodes, possess the knowledge of the mapping from
remote entities to S-BFD discriminators. The reflector BFD session
is to, upon receiving an S-BFD packet targeted to one of local S-BFD
discriminator values, transmit a response S-BFD packet back to the
initiator.

Once above setup is complete, any network nodes, having the knowledge
of the mapping from a remote entity to an S-BFD discriminator, can
quickly perform a connectivity test to the remote entity by simply
sending S-BFD packets with corresponding S-BFD discriminator value in
the "your discriminator" field.

For example:

<------- IS-IS Network ------->

+---------+
| |
A---------B---------C---------D
^ ^
| |
SystemID SystemID
xxx allocates yyy
BFD Discrim BFD Discrim
123 456

Figure 2: S-BFD for IS-IS Network

The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator
123, and advertises the BFD S-BFD discriminator 123 in an IS-IS TLV. The
IS-IS with SystemID yyy (node D) allocates BFD an S-BFD discriminator
456, and advertises the BFD S-BFD discriminator 456 in an IS-IS TLV. Both A
reflector BFD session is created on both network nodes (node A and
node D)
creates listener BFD session instance. D). When network node A wants to check a reachability the connectivity to
network node D, node A can send a BFD control an S-BFD packet, destined to node D,
with "your discriminator" field set as to 456. If
listener When the reflector BFD
session on node D receives this BFD control S-BFD packet, then response BFD control S-BFD
packet is sent back to node A, which allows node A to complete the reachability
connectivity test.

Note that

4. S-BFD UDP Port

S-BFD functions on a protocol well-known UDP port: TBD1.

5. S-BFD Discriminators

Locally allocated S-BFD discriminator values for entities may create an explicit mapping between a be
arbitrary allocated or derived from values provided by applications.
These values may be protocol ID (e.g. IDs (ex: System-ID, Router-ID) to a BFD discriminator. A
protocol may also create an explicit mapping between a or
network target
(e.g. targets (ex: IP address) to a BFD discriminator. A protocol may even
function with implicit mapping address). To minimize the collision of
discriminator values between a network target (e.g. IPv4
address) to a BFD discriminator, i.e. IPv4 address and S-BFD, it is used as BFD RECOMMENDED that
discriminator value. Decisions pool be separate for BFD and rules on how protocols allocate S-BFD. Even when
employing the separate discriminator pool approach, collision is
still possible between one S-BFD application to another S-BFD
application, that may be using different values and distribute BFD discriminators algorithms to
derive S-BFD discriminator values. If the two applications are using
S-BFD for a same purpose (ex: network reachability), then the
colliding S-BFD discriminator value can be shared. If the two
applications are using S-BFD for a different purpose, then the
collision must be addressed. How such collisions are addressed is
outside the scope of this document.

3. Terminology

The reader

One important characteristics of an S-BFD discriminator is expected to be familiar with the BFD, IP, MPLS and SR
terminology and protocol constructs. This section describes several
new terminology introduced by Seamless BFD.

o BFD Target Identifier: Network entity that is provisioned as it
MUST be unique within an administrative domain. If multiple network
nodes allocated a
target of Seamless BFD.

o BFD Target Identifier Type: Type of same S-BFD discriminator value, then S-BFD packets
falsely terminating on a wrong network entity that is
provisioned as node can result in a target of Seamless BFD.

o BFD Target Identifier Table: A table containing BFD target
identifier type, BFD target identifier and corresponding BFD
discriminator.

o Reflector BFD Session: A reflector
BFD session listening to generate a response back, due to "your discriminator"
matching. This is clearly not desirable. If only IP based S-BFD is
considered, then it is possible for incoming the reflector BFD
control session to
require demultiplexing of incoming S-BFD packets destined for with combination of
destination IP address and "your discriminator". Then S-BFD
discriminator only has to be unique within a local BFD target identifier(s).

4. BFD Target Identifier Types

This document defines node. However,
S-BFD is a generic mechanism where network nodes can
send BFD control packets to specific network targets to perform
various tasks. One task is defined to perform a reachability check (i.e
requesting immediate response back). Details run on wide range of this task is further
defined in sections
environments: IP, MPLS, etc. For other transports like MPLS, because
of the need to follow. Further tasks (i.e. using use non-routable IP destination address, it is not
possible for reflector BFD control
packet session to request specific services from specific network nodes) demultiplex using IP
destination address. With PHP, there may not be defined. Therefore, this document defines any incoming label
stack to aid in demultiplexing either. Thus, S-BFD imposes a code point for BFD
Target Identifier. Each locally allocated
requirement that S-BFD discriminator discriminators MUST be associated to unique within an
administrative domain.

6. Reflector BFD Target Identifier type, to allow demultiplexing
to a specific task Session

Each network node creates one or service. more reflector BFD Target Identifier types:

Value BFD Target Identifier Type
------ --------------------------
0 Reserved
1 Network Target Discriminator

Procedures defined sessions. This
reflector BFD session is a session which transmits S-BFD packets in this document are
response to be associated received S-BFD packets with BFD
Target Identifier Type 1 (Network Target Discriminator).

Note that IP based BFD from [RFC5885] is supported by "your discriminator" having
S-BFD discriminators allocated for local entities. Specifically,
this
specification, but non-IP based reflector BFD session is outside the scope of this
document.

Further identifier types are to be defined as needed basis.

5. UDP Port have following characteristics:

o MUST NOT transmit any S-BFD functions packets based on a well-known UDP port: TBD1.

6. S-BFD Discriminators

Protocols (i.e. client of S-BFD) may request local timer expiry.

o MUST transmit an arbitrary BFD
discriminator value, or protocols may request a specific BFD
discriminator value. Therefore, it is RECOMMENDED for
implementations S-BFD packet in response to create a separate discriminator pool for received S-BFD
sessions to minimize the collision between existing BFD sessions and
packet having a valid S-BFD sessions. In such case, incoming BFD control packets MUST be
demultiplexed first with UDP port to identify the discriminator table
to look up the session. Regardless of in the approach, collision can
happen with following scenarios. "your
discriminator" field, unless prohibited by local policies (ex:
administrative, security, rate-limiter, etc).

o Existing MUST be capable of sending only two states: UP and ADMINDOWN.

One reflector BFD session already using a discriminator value that
collides with specific discriminator value requested may be responsible for handling received
S-BFD
session.

* Implementation SHOULD allow migrating existing packets targeted to all locally allocated S-BFD discriminators,
or few reflector BFD sessions to
free up the discriminator to accommodate specific discriminator
value requested may each be responsible for subset of
locally allocated S-BFD session.

o S-BFD session already using discriminators. This policy is a discriminator value, arbitrarily
allocated, local
matter, and is outside the scope of this document.

Note that collides with specific discriminator value
requested for incoming S-BFD session. The two packets may be IPv4, IPv6 or MPLS based.
How such S-BFD sessions are of
different packets reach an appropriate reflector BFD Target Identifier type.

* Protocol requesting arbitrary discriminator value MUST support
migrating to another discriminator value, session is
also a local matter, and implementations
MUST allow migrating existing S-BFD sessions to free up is outside the
discriminator to accommodate specific discriminator value
requested for S-BFD session.

o S-BFD session already using a discriminator value, arbitrary
allocated, that collides with specific discriminator value
requested for S-BFD session. The two scope of this document.

7. State Variables

S-BFD sessions are introduces new state variables, and modifies the usage of same
BFD Target Identifier type.

* No action
existing ones.

7.1. New State Variables

A new state variable is required, as the two can share added to the discriminator.

One important characteristics base specification in support of
S-BFD.

o bfd.SessionType: The type of this session. Allowable values are:

* SBFDInitiator - an S-BFD discriminator is that it MUST
be network wide unique. If multiple network nodes allocated same
S-BFD discriminator value, then S-BFD control packets falsely
terminating session on a wrong network node can result in reflector BFD
session (described in Section 7) to generate that
performs a response back, due connectivity test to
"your discriminator" matching. This is clearly not desirable. If
only IP based a target entity by sending
S-BFD is concerned, then it is possible for packets.

* SBFDReflector - an S-BFD
reflector session to require demultiplexing of on a network node that listens
for incoming S-BFD control
packet with combination of destination IP address packets to local entities and "your
discriminator". Then generates
response S-BFD discriminator only has to packets.

bfd.SessionType variable MUST be unique
within a local node. However, initialized to the appropriate type
when an S-BFD session is a generic mechanism created.

7.2. State Variable Initialization and Maintenance

Some state variables defined
to run on wide range of environments: IP, MPLS, Segment Routing
([I-D.previdi-filsfils-isis-segment-routing]), etc. For other
transports like MPLS, because in section 6.8.1 of the BFD base
specification need to use non-routable IP
destination address, it is not possible for S-BFD reflector be initialized or manipulated differently
depending on the session
to demultiplex using IP destination address. With PHP, there may not type. Ed-Note: Anything else?.

o bfd.DemandMode: This variable MUST be any incoming label stack initialized to aid in demultiplexing either. Thus,
S-BFD imposes a requirement that S-BFD discriminators 1 for session
type SBFDInitiator, and MUST be network
wide unique.

7. Reflector BFD Session

Each network node MUST create one or more reflector BFD sessions.
This reflector BFD session is a initialized to 0 for session which transmits BFD control type
SBFDReflector.

8. S-BFD Procedures

8.1. Initiator Procedures

S-BFD packets in response transmitted by an SBFDInitiator MUST set "your
discriminator" field to received valid locally destined BFD control
packets. Specifically, this reflector BFD session is an S-BFD discriminator corresponding to have
following characteristics:

o MUST NOT transmit any BFD control the
remote entity.

S-BFD packets based on local timer
expiry.

o transmitted by an SBFDInitiator MUST transmit BFD control packet in response NOT set "my
discriminator" field to a received valid
locally destined BFD control packet.

o MUST be capable of sending only two states: UP and ADMINDOWN.

One reflector BFD session MAY be responsible an S-BFD discriminator allocated for handling received
BFD control packets targeted to all a local BFD target identifiers, or
few reflector BFD sessions MAY each be responsible for subset of
entity (and is being monitored by a local BFD target identifiers. SBFDReflector). This policy is to
prevent incoming response S-BFD packets, from a remote SBFDReflector,
having "your discriminator" as a S-BFD discriminator of a local matter, and
entity. Every SBFDInitiator is
outside the scope of this document.

Note that incoming BFD control packets destined to BFD target
identifier types may have a unique "my discriminator",
and SHOULD be IPv4, IPv6 or MPLS based. For those allocated from the BFD
target identifier types, implementations MAY either allow discriminator pool if the same
reflector BFD session to handle all incoming BFD control packets in
address family agnostic fashion, or setup multiple reflector BFD
sessions to handle incoming BFD control packets with different
address families. This policy is again a local matter, and is
outside
implementation employs the scope approach of this document.

8. State Variables

S-BFD introduces some new state variables, having separate discriminator
pools for BFD and modifies the usage of
existing ones.

8.1. New State Variables

A new state variable is added to the base specification in support of S-BFD.

o bfd.SessionType: The type

Below ASCII art describes high level concept of this session. Allowable values are:

* SBFDInitiator: Any session on a connectivity test
using S-BFD. R2 allocates XX as the S-BFD discriminator for its
network node that attempts reachability purpose, and advertises XX to
perform neighbors. ASCII
art shows R1 and R4 performing a path monitoring connectivity test to any R2.

+--- md=50/yd=XX (ping) ----+
| |
|+-- md=XX/yd=50 (pong) --+ |
|| | |
|v | v
R1 ==================== R2[*] ========= R3 ========= R4
| ^ |^
| | ||
| +-- md=60/yd=XX (ping) --+|
| |
+---- md=XX/yd=60 (pong) ---+

[*] Reflector BFD target identifier session on other R2.
=== Links connecting network nodes.

* SBFDReflector: Any
--- S-BFD packet traversal.

Figure 3: S-BFD Connectivity Test

8.1.1. SBFDInitiator State Machine

An SBFDInitiator may be a persistent session on a network node, which receives
BFD control packets transmitted by an initiator and responds
back to the initiator is referred as responder.

This variable MUST with a
timer for S-BFD packet transmissions. An SBFDInitiator may also be initialized to the appropriate type when a
module, a script or a tool on the
session is created, according to initiator that transmits one or
more S-BFD packets "when needed". For transient SBFDInitiators, the rules
BFD state machine described in section TBD.

8.2. State Variable Initialization [RFC5880] may not be applicable. For
persistent SBFDInitiators, the states and Maintenance

Some the state variables defined machine described
in section 6.8.1 of the BFD base
specification need to be initialized or manipulated differently
depending on the session type.

o bfd.DemandMode: This variable MUST be initialized to 1 for session
type SBFDInitiator, and MUST be initialized to 0 for session type
SBFDReflector.

9. Full Reachability Validations

9.1. Initiator Behavior

Any network node can attempt to perform a full reachability
validation to any BFD target identifier on other network nodes, as
long as destination BFD target identifier is provisioned to use this
mechanism. BFD control packets transmitted by the initiator is to
have "your discriminator" corresponding to destination BFD target
identifier.

A node that initiates a BFD control packet MAY create an active BFD
session to periodically send BFD control packets to a target, or a
BFD control packet MAY be crafted and sent out on "as needed basis"
(ex: BFD ping) without any session presence. In both cases, a BFD
instance MUST have a unique "my discriminator" value assigned. If a
node is to create multiple BFD instances to the same BFD target
identifier, then each instance MUST have separate "my discriminator"
values assigned. A BFD instance MUST NOT use a discriminator
corresponding to one of local BFD target identifiers as "my
discriminator". This is to prevent incoming response BFD control
packets ("pong" packets) having "your discriminator" as a
discriminator corresponding to the local BFD target identifier.

Below ASCII art describes high level concept of full reachability
validations using this mechanism. R2 reserves value XX as BFD
discriminator for its BFD target identifier. ASCII art shows that R1
and R4 performing full reachability validation to XX on R2.

-- md=50/yd=XX (BFD ping) -->
<-- md=XX/yd=50 (BFD pong) --

[*]
R1 ---------------------- R2 ----------- R3 ----------- R4

| ^
| |
| + - md=60/yd=XX (BFD ping) --
+ - - -md=XX/yd=60 (BFD pong) -->

[*] Reflector BFD session on R2.

Figure 2: S-BFD path monitoring

If BFD control packet is to be sent via IP path, then:

o Destination IP address MUST be an IP address corresponding to
target identifier.
o Source IP address MUST be a local IP address.
o IP TTL MUST be 255 for full reachability validations. Partial
reachability validations MAY use smaller TTL value (see
Section 10).
o Well-known UDP destination port(s) for IP based S-BFD.

If BFD control packet response is determined to explicitly be label
switched, then:

o BFD control packet MUST get imposed with a label stack that is
expected to reach the target node.
o MPLS TTL MUST be 255 for full reachability validations. Partial
reachability validations MAY use smaller TTL value (see
Section 10).
o Destination IP address MUST be 127/8 for IPv4 and
0:0:0:0:0:FFFF:7F00/104 for IPv6.
o Source IP address MUST be a local IP address.
o IP TTL=1.
o Well-known UDP destination port(s) for MPLS based S-BFD

9.1.1. Initiator State machine

The following diagram provides an overview of the initiator state
machine. The notation on each arc represents the state of the remote
system (as received in the State field in the BFD Control packet) or
indicates the expiration of the Detection Timer.

+--+
ADMIN DOWN, | |
TIMER | V
+------+ UP +------+
| |-------------------->| |----+
| DOWN | | UP | | UP
| |<--------------------| |<---+
+------+ ADMIN DOWN, +------+
TIMER

Figure 3: S-BFD Initiator FSM

Note that the above [RFC5880] will function but are more than necessary. The
following diagram provides an optimized state machine is different from the base BFD
specification[RFC5880]. This is because the Init state is no longer
applicable for the initiator of the S-BFD session. Another important
difference is the transition of the state machine from the Down state
to the Up state when a packet with State Up is received by the
initiator. persistent
SBFDInitiators. The definitions of the states and the events have the
same meaning as in the base BFD specification [RFC5880].

9.2. Responder Behavior

A network node which receives BFD control packets transmitted by an
initiator is referred as responder. Responder, upon reception of BFD
control packets, is to perform necessary relevant validations
described in [RFC5880]/[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885].

9.2.1. Responder Demultiplexing

When responder receives a BFD control packet, if "your discriminator"
value is not one of local entries in the BFD target identifier table,
then this packet MUST NOT be considered for this mechanism. If "your
discriminator" value is one of local entries in the BFD target
identifier table, then the packet is determined to be handled by a
reflector BFD session responsible for specified BFD targeted
identifier. If the packet was determined to be processed further for
this mechanism, then chosen reflector BFD session is to transmit a
response BFD control packet using procedures described in
Section 9.2.2, unless prohibited by local administrative or local
policy reasons.

9.2.2. Reflector BFD Session Procedures

BFD target identifier type MUST be used to determine further
information notation on how to reach back to each arc represents the initiator.

In addition, destination IP address state of received BFD control packet
MUST be examined to determine how to construct response BFD control
packet to send back to the initiator.

If destination IP address of
SBFDInitiator (as received BFD control packet is not 127/8
for IPv4 in the State field in the S-BFD packet) or 0:0:0:0:0:FFFF:7F00/104 for IPv6, then:

o Destination IP address MUST be copied from received source IP
address.
o Source IP address MUST be copied from received destination IP
address if received destination IP address is a local address.
Otherwise local IP address MUST be used.
o IP TTL MUST be 255.

Response BFD control packet SHOULD be IP routed back, but MAY
explicitly be label switched.

If BFD control packet response is determined to be IP routed, then:

o Destination IP address MUST be copied from received source IP
address.
o Source IP address MUST be a local address.
o IP TTL MUST be 255.

If BFD control packet response is determined to explicitly be label
switched, then:

o BFD control packet MUST get label switched back to
indicates the initiator.
Determining expiration of the label stack to be imposed on a response BFD
control packet Detection Timer.

+--+
ADMIN DOWN, | |
TIMER | V
+------+ UP +------+
| |-------------------->| |----+
| DOWN | | UP | | UP
| |<--------------------| |<---+
+------+ ADMIN DOWN, +------+
TIMER

Figure 4: SBFDInitiator FSM

Note that the above state machine is outside different from the scope of this document.
o MPLS TTL MUST be 255.
o Destination IP address MUST be 127/8 for IPv4 and
0:0:0:0:0:FFFF:7F00/104 for IPv6.
o Source IP address MUST be a local IP address.
o IP TTL MUST be 1.

Regardless base BFD
specification[RFC5880]. This is because the Init state is no longer
applicable for the SBFDInitiator. Another important difference is
the transition of the response type, BFD control state machine from the Down state to the Up
state when a packet being sent with State Up is received by the
responder MUST perform following procedures:

o Copy "my discriminator" from received "your discriminator", initiator. The
definitions of the states and
"your discriminator" from received "my discriminator".
o UDP destination port MUST be the events have the same meaning as received UDP destination
port.

9.3. Further Packet in
the base BFD specification [RFC5880].

8.1.2. Details

Further details of BFD control S-BFD Packet Sent by SBFDInitiator

S-BFD packets sent by initiator (ex: active
BFD session): an SBFDInitiator is to have following contents:

o Well-known UDP destination port assigned for S-BFD.
o UDP source port as per described in
[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885]. [RFC5881], [RFC5883],
[RFC5884] and [RFC5885].
o "my discriminator" assigned by local node.
o "your discriminator" corresponding to an identifier of target
node. a remote entity.
o "State" MUST be set to a value reflecting describing local state.
o "Desired Min TX Interval" MUST be set to a value reflecting describing local
desired minimum transmit interval.
o "Required Min RX Interval" MUST be zero.
o "Required Min Echo RX Interval" SHOULD be zero.
o "Detection Multiplier" MUST be set to a value reflecting describing locally
used multiplier value.
o "Demand Demand (D) bit (D)" MUST be set set.

8.2. Responder Procedures

A network node which receives S-BFD packets transmitted by an
initiator is referred as responder. The responder, upon reception of
S-BFD packets, is to perform necessary relevant validations described
in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885].

8.2.1. Responder Demultiplexing

A BFD control packet received by a resonder is considered an S-BFD
packet if the initiator.

Further details packet is on the well-known S-BFD port. When a
responder receives an S-BFD packet, if the value in the "your
discriminator" field is not one of S-BFD discriminators allocated for
local entities, then this packet MUST NOT be considered for this
mechanism. If the value in the "your discriminator" field is one of
S-BFD discriminators allocated for local entities, then the packet is
determined to be handled by a reflector BFD session responsible for
the S-BFD discriminator. If the packet was determined to be
processed further for this mechanism, then chosen reflector BFD
session is to transmit a response BFD control packet using procedures
described in Section 8.2.2, unless prohibited by local policies (ex:
administrative, security, rate-limiter, etc).

8.2.2. Details of S-BFD Packet Sent by SBFDReflector

S-BFD packets sent by responder (reflector
BFD session): an SBFDReflector is to have following contents:

o Well-known UDP destination port assigned for S-BFD.
o UDP source port as described in
[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885]. [RFC5881], [RFC5883], [RFC5884]
and [RFC5885].
o "my discriminator" MUST be copied from received "your
discriminator".
o "your discriminator" MUST be copied from received "my
discriminator".
o "State" MUST be UP or ADMINDOWN. Clarification of reflector BFD
session state is described in Section 9.8. 8.7.
o "Desired Min TX Interval" MUST be copied from received "Desired
Min TX Interval".
o "Required Min RX Interval" MUST be set to a value reflecting describing how
many incoming control packets this reflector BFD session can
handle. Further details are described in Section 8.7.
o "Required Min Echo RX Interval" SHOULD be set to zero.
o "Detection Multiplier" MUST be copied from received "Detection
Multiplier".
o "Demand Demand (D) bit (D)" MUST be cleared by the reflector.

9.4. cleared.

8.3. Diagnostic Values

Diagnostic value in both directions MAY be set to a certain value, to
attempt to communicate further information to both ends. However,
details of such are outside the scope of this specification.

9.5.

8.4. The Poll Sequence

Poll sequence MAY be used in both directions. The Poll sequence MUST
operate in accordance with [RFC5880].

9.6. An SBFDReflector MAY use the
Poll sequence to slow down that rate at which S-BFD packets are
generated from an SBFDInitiator. This is done by the SBFDReflector
using procedures described in Section 8.7 and setting the Poll (P)
bit in the reflected S-BFD packet. The SBFDInitiator is to then send
the next S-BFD packet with the Final (F) bit set. If an
SBFDReflector receives an S-BFD packet with Poll (P) bit set, then
the SBFDReflector MUST respond with an S-BFD packet with Poll (P) bit
cleared and Final (F) bit set.

8.5. Control Plane Independent (C)

Control plane independent (C) bit for BFD instances speaking an SBFDInitiator sending S-BFD
packets to a reflector BFD session MUST work according to [RFC5880].
Reflector BFD session also MUST work according to [RFC5880].
Specifically, if reflector BFD session implementation does not share
fate with control plane, then response BFD control S-BFD packets transmitted MUST
have control plane independent (C) bit set. If reflector BFD session
implementation shares fate with control plane, then response BFD
control S-BFD
packets transmitted MUST NOT have control plane independent (C) bit
set.

9.7.

8.6. Additional Initiator Behavior SBFDInitiator Behaviors

o If initiator the SBFDInitiator receives a valid BFD control S-BFD packet in response to
transmitted BFD control packet, S-BFD packet to a remote entity, then initiator the
SBFDInitiator SHOULD conclude that S-BFD packet reached the
intended target. remote entity.

o When a sufficient number of BFD control S-BFD packets have not arrived as they
should, the initiator could SBFDInitiator SHOULD declare loss of reachability. connectivity to
the remote entity. The criteria for declaring loss of reachability
connectivity and the action that would be triggered as a result
are outside the scope of this
specification. document.

o Relating to above bullet item, it is critical for an
implementation to understand the latency to/from the reflector BFD
session on target node. the responder. In other words, for very first BFD
control S-BFD
packet transmitted, transmitted by the SBFDInitiator, an implementation MUST
NOT expect response BFD control S-BFD packet to be received for time
equivalent to sum of latencies: initiator node to target node responder and target node
responder back to initiator node. initiator.

o If initiator the SBFDInitiator receives a an S-BFD packet with D Demand (D) bit
set, the packet MUST be discarded.

9.8.

8.7. Additional Responder Behavior SBFDReflector Behaviors

o BFD control S-BFD packets transmitted by a reflector BFD session the SBFDReflector MUST have "Required
Min RX Interval" set to a value which reflects expresses how many incoming control
S-BFD packets this reflector BFD session SBFDReflector can handle. Responder The SBFDReflector
can control how fast initiators SBFInitiators will be sending
BFD control S-BFD packets
to self by ensuring "Required Min RX Interval"
reflects indicates a value
based on the current load.

o If a reflector BFD session the SBFDReflector wishes to communicate to some or all
initiators
SBFDInitiators that monitored BFD target identifier local entity is "temporarily out of
service", then BFD control S-BFD packets with "state" set to ADMINDOWN are
sent to those initiators. Initiators, SBFDInitiators. The SBFDInitiators, upon reception
of such packets, MUST NOT conclude loss of reachability connectivity to
corresponding BFD target identifier, remote entity, and MUST back off packet transmission
interval for the remote entity to corresponding BFD target identifier an interval no faster than 1
second. If a reflector BFD session the SBFDReflector is generating a response BFD control S-BFD
packet for BFD target identifier a local entity that is in service, then "state" in
response BFD control packets MUST be set to UP.

o If a reflector an SBFDReflector receives a an S-BFD packet with D Demand (D) bit
cleared, the packet MUST be discarded.

10. Partial Reachability Validations

Same mechanism as described in "Full Reachability Validations"
section will be applied with exception of following differences on
initiator.

o When initiator wishes to perform a partial reachability validation
towards identifier X upto identifier Y, number of hops to
identifier Y is calculated.

o TTL value based on this calculation is used as the IP TTL or MPLS
TTL on top most label, and "your discriminator" of transmitted BFD
control packet will carry BFD discriminator corresponding to
target transit identifier Y.

o Imposed label stack or IP destination address will continue to be
of identifier X.

11.

9. Scaling Aspect

This mechanism brings forth one noticeable difference in terms of
scaling aspect: number of BFD sessions. SBFDReflector. This specification
eliminates the need for egress nodes to have fully active BFD
sessions when only one side desires to perform reachability
validations. connectivity tests.
With introduction of reflector BFD concept, egress no longer is
required to create any active BFD session per path/LSP path/LSP/function
basis. Due to this, total number of BFD sessions in a network is
reduced.

If traditional BFD technology was used on a network comprised of N
nodes, and each node monitored M unidirectional paths/LSPs, then
total number of BFD sessions in such network will be:

(((N - 1) x M) x 2)

Assuming that each network node creates one reflector BFD session to
handle all local BFD target identifiers, then total number of BFD
sessions in same scenario will be:

(((N - 1) x M) + N)

12.

10. Co-existence with Traditional BFD

This mechanism has no issues being deployed with traditional BFDs
([RFC5881]/[RFC5883]/[RFC5884]/[RFC5885])
([RFC5881], [RFC5883], [RFC5884] and [RFC5885]) because BFD S-BFD
discriminators which allow this mechanism to function are explicitly
reserved and separate UDP port values are used with S-BFD.

13.

11. BFD Echo

BFD echo is outside the scope of this document.

14.

12. Security Considerations

Same security considerations as [RFC5880], [RFC5881], [RFC5883],
[RFC5884] and [RFC5885] apply to this document.

Additionally, implementing the following measures will strengthen
security aspects of the mechanism described by this document.

o Implementations MUST provide filtering capability based on source
IP addresses or source node segment IDs of received BFD control S-BFD packets: [RFC2827].

o Implementations MUST NOT act on received BFD control S-BFD packets containing
Martian addresses as source IP addresses.

o Implementations MUST ensure that response S-BFD packets generated
to the initiator by the SBFDReflector have a reachable target (ex:
destination IP addresses or node
segment IDs are reachable. address).

o Initiator SBFDInitiator MAY pick crypto sequence number based on
authentication mode configured.

o The reflector SBFDReflector MUST NOT look at the crypto sequence number before
accepting the packet.

o Reflector SBFDReflector MAY look at the Key ID
[I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and
verify the authentication data.

o Reflector SBFDReflector MUST accept the packet if authentication is
successful.

o Reflector SBFDReflector MUST compute the Authentication data and MUST use
the same sequence number that it received in the S-BFD packet that
it is responding to.

o Initiator SBFDInitiator MUST accept the S-BFD packet if it either comes with
the same sequence number as it had sent or its it's within the window
that it finds acceptable (described in detail in
[I-D.ietf-bfd-generic-crypto-auth])

Using the above method,

o Reflectors SBFDReflector continue to remain stateless despite using security.

o Reflectors SBFDReflector are not susceptible to replay attacks as they always
respond to S-BFD packets irrespective of the sequence number
carried.

o An attacker cannot impersonate the Reflector responder since the Initiator
SBFDInitiator will only accept S-BFD packets that come with the
sequence number that it had originally used when sending the S-BFD
packet.

15.

13. IANA Considerations

BFD Target Identifier types:

Value BFD Target Identifier Type
------ --------------------------
0 Reserved
1 Network Target Discriminator

New UDP port number, TBD1, will be

A new value TBD1 is requested for S-BFD.

16. from the "Service Name and Transport
Protocol Port Number Registry". The requested registry entry is:

Service Name (REQUIRED)
s-bfd
Transport Protocol(s) (REQUIRED)
udp
Assignee (REQUIRED)
IESG <iesg@ietf.org>
Contact (REQUIRED)
BFD Chairs <bfd-chairs@tools.ietf.org>
Description (REQUIRED)
Seamless Bidirectional Forwarding Detection (S-BFD)
Reference (REQUIRED)
draft-ietf-bfd-seamless-base
Port Number (OPTIONAL)
TBD1 (Requesting 7784)

14. Acknowledgements

Authors would like to thank Jeffrey Haas for performing thorough
reviews and providing number of suggestions. Authors would like to
thank Girija Raghavendra Rao, Marc Binderberger, Les Ginsberg,
Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from
Cisco Systems for providing valuable comments.

17. Authors would also
like to thank John E. Drake for providing comments and suggestions.

15. Contributing Authors

Tarek Saad
Cisco Systems
Email: tsaad@cisco.com

Siva Sivabalan
Cisco Systems
Email: msiva@cisco.com

Nagendra Kumar
Cisco Systems
Email: naikumar@cisco.com
Mallik Mudigonda
Cisco Systems
Email: mmudigon@cisco.com

Sam Aldrin
Huawei Technologies
Email: aldrin.ietf@gmail.com

18.

16. References

18.1.

16.1. Normative References

[I-D.ietf-bfd-seamless-use-case]
Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N., and S.
Matsushima, "Seamless Bidirectional Forwarding Detection
(BFD) Use Case", draft-ietf-bfd-seamless-use-case-00 (work
in progress), June 2014.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, June 2010.

[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June
2010.

[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for Multihop Paths", RFC 5883, June 2010.

[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", RFC 5884, June 2010.

18.2.

16.2. Informative References

[I-D.ietf-bfd-generic-crypto-auth]
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
"BFD Generic Cryptographic Authentication", draft-ietf-
bfd-generic-crypto-auth-06 (work in progress), April 2014.

[I-D.previdi-filsfils-isis-segment-routing]
Previdi, S., Filsfils, C., Bashandy, A., Horneffer, M.,
Decraene, B., Litkowski, S., Milojevic, I., Shakir, R.,
Ytti, S., Henderickx, W., and J. Tantsura, "Segment
Routing with IS-IS Routing Protocol", draft-previdi-
filsfils-isis-segment-routing-02 (work in progress), March
2013.

[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000.

[RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding
Detection (BFD) for the Pseudowire Virtual Circuit
Connectivity Verification (VCCV)", RFC 5885, June 2010.

Appendix A. Loop Problem

Consider a scenario where we have two nodes and both are S-BFD
capable.

Node A (IP 1.1.1.1) ---------------- 192.0.2.1) ----------------- Node B (IP 2.2.2.2) 192.0.2.2)
|
|
Man in the Middle (MiM)

Assume node A reserved a discriminator 0x01010101 for target
identifier 1.1.1.1 192.0.2.1 and has a reflector session in listening mode.
Similarly node B reserved a discriminator 0x02020202 for its target
identifier 2.2.2.2 192.0.2.2 and also has a reflector session in listening
mode.

Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc
= 0x02020202, source IP as 1.1.1.1 192.0.2.1 and dest IP as 2.2.2.2. 192.0.2.2. When
this packet reaches Node B, the reflector session on Node B will swap
the discriminators and IP addresses of the received packet and
reflect it back, since YourDisc of the received packet matched with
reserved discriminator of Node B. The reflected packet that reached
Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since
YourDisc of the received packet matched the reserved discriminator of
Node A, Node A will swap the discriminators and reflects the packet
back to Node B. Since reflectors MUST set the TTL of the reflected
packets to 255, the above scenario will result in an infinite loop
with just one malicious packet injected from MiM.

FYI: Packet fields do not carry any direction information, i.e., if
this is Ping packet or reply packet.

Solutions

The current proposals to avoid the loop problem are:

o Overload "D" bit (Demand mode bit): Initiator always sets the 'D'
bit and reflector clears it. This way we can identify if a
received packet was a reflected packet and avoid reflecting it
back. However this changes the interpretation of 'D' bit.

o Use of State field in the BFD control packets: Initiator will
always send packets with State set to "DOWN" and reflector will
send back packets with state field set to "UP. Reflectors will
never reflect any received packets with state as "UP". However
the only issue is the use of state field differently i.e. state in
the S-BFD control packet from initiator does not reflect the local
state which is anyway not significant at reflector.

o Use of local discriminator as My Disc at reflector: Reflector will
always fill in My Discriminator with a locally allocated
discriminator value (not reserved discriminators) and will not
copy it from the received packet.

Authors' Addresses

Nobo Akiya
Cisco Systems

Email: nobo@cisco.com

Carlos Pignataro
Cisco Systems

Email: cpignata@cisco.com

Dave Ward
Cisco Systems

Email: wardd@cisco.com

Manav Bhatia
Alcatel-Lucent
Ionos Networks

Email: manav.bhatia@alcatel-lucent.com manav@ionosnetworks.com

Santosh
Juniper Networks

Email: santoshpk@juniper.net