| draft-ietf-bfd-seamless-base-01.txt | draft-ietf-bfd-seamless-base-02.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force N. Akiya | Internet Engineering Task Force N. Akiya | |||
| Internet-Draft C. Pignataro | Internet-Draft C. Pignataro | |||
| Updates: 5880 (if approved) D. Ward | Updates: 5880 (if approved) D. Ward | |||
| Intended status: Standards Track Cisco Systems | Intended status: Standards Track Cisco Systems | |||
| Expires: December 28, 2014 M. Bhatia | Expires: February 2, 2015 M. Bhatia | |||
| Ionos Networks | Ionos Networks | |||
| P. K. Santosh | P. K. Santosh | |||
| Juniper Networks | Juniper Networks | |||
| June 26, 2014 | August 1, 2014 | |||
| Seamless Bidirectional Forwarding Detection (S-BFD) | Seamless Bidirectional Forwarding Detection (S-BFD) | |||
| draft-ietf-bfd-seamless-base-01 | draft-ietf-bfd-seamless-base-02 | |||
| Abstract | Abstract | |||
| This document defines a simplified mechanism to use Bidirectional | This document defines a simplified mechanism to use Bidirectional | |||
| Forwarding Detection (BFD) with large portions of negotiation aspects | Forwarding Detection (BFD) with large portions of negotiation aspects | |||
| eliminated, thus providing benefits such as quick provisioning as | eliminated, thus providing benefits such as quick provisioning as | |||
| well as improved control and flexibility to network nodes initiating | well as improved control and flexibility to network nodes initiating | |||
| the path monitoring. | the path monitoring. | |||
| This document updates RFC5880. | This document updates RFC5880. | |||
| skipping to change at page 1, line 47 | skipping to change at page 1, line 47 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 28, 2014. | This Internet-Draft will expire on February 2, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 25 | skipping to change at page 2, line 25 | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4 | 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. S-BFD UDP Port . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5 | 4.1. Discriminator Pools . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 6 | 4.2. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 6 | |||
| 7. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 | 5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 | 6. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.2. State Variable Initialization and Maintenance . . . . . . 7 | 6.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 7 | 6.2. State Variable Initialization and Maintenance . . . . . . 8 | |||
| 8.1. Initiator Procedures . . . . . . . . . . . . . . . . . . 7 | 7. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8.1.1. SBFDInitiator State Machine . . . . . . . . . . . . . 8 | 7.1. S-BFD Packet Demultiplexing . . . . . . . . . . . . . . . 8 | |||
| 8.1.2. Details of S-BFD Packet Sent by SBFDInitiator . . . . 9 | 7.2. Initiator Procedures . . . . . . . . . . . . . . . . . . 8 | |||
| 8.2. Responder Procedures . . . . . . . . . . . . . . . . . . 9 | 7.2.1. SBFDInitiator State Machine . . . . . . . . . . . . . 9 | |||
| 8.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 10 | 7.2.2. Details of S-BFD Packet Sent by SBFDInitiator . . . . 10 | |||
| 8.2.2. Details of S-BFD Packet Sent by SBFDReflector . . . . 10 | 7.3. Responder Procedures . . . . . . . . . . . . . . . . . . 10 | |||
| 8.3. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 10 | 7.3.1. Responder Demultiplexing . . . . . . . . . . . . . . 10 | |||
| 8.4. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 11 | 7.3.2. Details of S-BFD Packet Sent by SBFDReflector . . . . 11 | |||
| 8.5. Control Plane Independent (C) . . . . . . . . . . . . . . 11 | 7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.6. Additional SBFDInitiator Behaviors . . . . . . . . . . . 11 | 7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.7. Additional SBFDReflector Behaviors . . . . . . . . . . . 12 | 7.6. Control Plane Independent (C) . . . . . . . . . . . . . . 11 | |||
| 9. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 12 | 7.7. Additional SBFDInitiator Behaviors . . . . . . . . . . . 12 | |||
| 10. Co-existence with Traditional BFD . . . . . . . . . . . . . . 12 | 7.8. Additional SBFDReflector Behaviors . . . . . . . . . . . 12 | |||
| 11. BFD Echo . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 8. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 12. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 9. Co-existence with Classical BFD Sessions . . . . . . . . . . 13 | |||
| 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | |||
| 15. Contributing Authors . . . . . . . . . . . . . . . . . . . . 14 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 16.1. Normative References . . . . . . . . . . . . . . . . . . 15 | 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 15 | |||
| 16.2. Informative References . . . . . . . . . . . . . . . . . 15 | 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 15.1. Normative References . . . . . . . . . . . . . . . . . . 16 | ||||
| 15.2. Informative References . . . . . . . . . . . . . . . . . 16 | ||||
| Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 16 | Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 16 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 1. Introduction | 1. Introduction | |||
| Bidirectional Forwarding Detection (BFD), [RFC5880] and related | Bidirectional Forwarding Detection (BFD), [RFC5880] and related | |||
| documents, has efficiently generalized the failure detection | documents, has efficiently generalized the failure detection | |||
| mechanism for multiple protocols and applications. There are some | mechanism for multiple protocols and applications. There are some | |||
| improvements which can be made to better fit existing technologies. | improvements which can be made to better fit existing technologies. | |||
| There is a possibility of evolving BFD to better fit new | There is a possibility of evolving BFD to better fit new | |||
| technologies. This document focuses on several aspects of BFD in | technologies. This document focuses on several aspects of BFD in | |||
| order to further improve efficiency, to expand failure detection | order to further improve efficiency, to expand failure detection | |||
| coverage and to allow BFD usage for wider scenarios. This document | coverage and to allow BFD usage for wider scenarios. This document | |||
| extends BFD to provide solutions to use cases listed in | extends BFD to provide solutions to use cases listed in | |||
| [I-D.ietf-bfd-seamless-use-case]. | [I-D.ietf-bfd-seamless-use-case]. | |||
| One key aspect of the mechanism described in this document eliminates | One key aspect of the mechanism described in this document eliminates | |||
| the time between a network node wanting to perform a connectivity | the time between a network node wanting to perform a continuity test | |||
| test and completing the connectivity test. In traditional BFD terms, | and completing the continuity test. In traditional BFD terms, the | |||
| the initial state changes from DOWN to UP is virtually nonexistent. | initial state changes from DOWN to UP are virtually nonexistent. | |||
| Removal of this seam (i.e. time delay) in BFD provides applications a | Removal of this seam (i.e. time delay) in BFD provides applications a | |||
| smooth and continuous operational experience. Therefore, "Seamless | smooth and continuous operational experience. Therefore, "Seamless | |||
| BFD" (S-BFD) has been chosen as the name for this mechanism. | BFD" (S-BFD) has been chosen as the name for this mechanism. | |||
| 2. Terminology | 2. Terminology | |||
| The reader is expected to be familiar with the BFD, IP and MPLS | The reader is expected to be familiar with the BFD, IP and MPLS | |||
| terminologies and protocol constructs. This section describes | terminologies and protocol constructs. This section describes | |||
| several new terminologies introduced by S-BFD. | several new terminologies introduced by S-BFD. | |||
| o Classical BFD - BFD session types based on [RFC5880]. | ||||
| o S-BFD - Seamless BFD. | o S-BFD - Seamless BFD. | |||
| o S-BFD packet - a BFD control packet on the well-known S-BFD port. | o S-BFD packet - a BFD control packet destined to or sourced from | |||
| the well-known S-BFD port. | ||||
| o Entity - a function on a network node that S-BFD mechanism allows | o Entity - a function on a network node that S-BFD mechanism allows | |||
| remote network nodes to perform connectivity test to. An entity | remote network nodes to perform continuity test to. An entity can | |||
| can be abstract (ex: reachability) or specific (ex: IP addresses, | be abstract (ex: reachability) or specific (ex: IP addresses, | |||
| router-IDs, functions). | router-IDs, functions). | |||
| o SBFDInitiator - an S-BFD session on a network node that performs a | o SBFDInitiator - an S-BFD session on a network node that performs a | |||
| connectivity test to a remote entity by sending S-BFD packets. | continuity test to a remote entity by sending S-BFD packets. | |||
| o SBFDReflector - an S-BFD session on a network node that listens | o SBFDReflector - an S-BFD session on a network node that listens | |||
| for incoming S-BFD packets to local entities and generates | for incoming S-BFD packets to local entities and generates | |||
| response S-BFD packets. | response S-BFD packets. | |||
| o Reflector BFD session - synonymous with SBFDReflector. | o Reflector BFD session - synonymous with SBFDReflector. | |||
| o S-BFD discriminator - a BFD discriminator allocated for a local | o S-BFD discriminator - a BFD discriminator allocated for a local | |||
| entity and is being listened by an SBFDReflector. | entity and is being listened by an SBFDReflector. | |||
| skipping to change at page 4, line 47 | skipping to change at page 5, line 4 | |||
| session. Allocated S-BFD discriminators may be advertised by | session. Allocated S-BFD discriminators may be advertised by | |||
| applications (ex: OSPF/IS-IS). Required result is that applications, | applications (ex: OSPF/IS-IS). Required result is that applications, | |||
| on other network nodes, possess the knowledge of the mapping from | on other network nodes, possess the knowledge of the mapping from | |||
| remote entities to S-BFD discriminators. The reflector BFD session | remote entities to S-BFD discriminators. The reflector BFD session | |||
| is to, upon receiving an S-BFD packet targeted to one of local S-BFD | is to, upon receiving an S-BFD packet targeted to one of local S-BFD | |||
| discriminator values, transmit a response S-BFD packet back to the | discriminator values, transmit a response S-BFD packet back to the | |||
| initiator. | initiator. | |||
| Once above setup is complete, any network nodes, having the knowledge | Once above setup is complete, any network nodes, having the knowledge | |||
| of the mapping from a remote entity to an S-BFD discriminator, can | of the mapping from a remote entity to an S-BFD discriminator, can | |||
| quickly perform a connectivity test to the remote entity by simply | quickly perform a continuity test to the remote entity by simply | |||
| sending S-BFD packets with corresponding S-BFD discriminator value in | sending S-BFD packets with corresponding S-BFD discriminator value in | |||
| the "your discriminator" field. | the "your discriminator" field. | |||
| For example: | For example: | |||
| <------- IS-IS Network -------> | <------- IS-IS Network -------> | |||
| +---------+ | +---------+ | |||
| | | | | | | |||
| A---------B---------C---------D | A---------B---------C---------D | |||
| skipping to change at page 5, line 26 | skipping to change at page 5, line 29 | |||
| BFD Discrim BFD Discrim | BFD Discrim BFD Discrim | |||
| 123 456 | 123 456 | |||
| Figure 2: S-BFD for IS-IS Network | Figure 2: S-BFD for IS-IS Network | |||
| The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator | The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator | |||
| 123, and advertises the S-BFD discriminator 123 in an IS-IS TLV. The | 123, and advertises the S-BFD discriminator 123 in an IS-IS TLV. The | |||
| IS-IS with SystemID yyy (node D) allocates an S-BFD discriminator | IS-IS with SystemID yyy (node D) allocates an S-BFD discriminator | |||
| 456, and advertises the S-BFD discriminator 456 in an IS-IS TLV. A | 456, and advertises the S-BFD discriminator 456 in an IS-IS TLV. A | |||
| reflector BFD session is created on both network nodes (node A and | reflector BFD session is created on both network nodes (node A and | |||
| node D). When network node A wants to check the connectivity to | node D). When network node A wants to check the reachability to | |||
| network node D, node A can send an S-BFD packet, destined to node D, | network node D, node A can send an S-BFD packet, destined to node D, | |||
| with "your discriminator" field set to 456. When the reflector BFD | with "your discriminator" field set to 456. When the reflector BFD | |||
| session on node D receives this S-BFD packet, then response S-BFD | session on node D receives this S-BFD packet, then response S-BFD | |||
| packet is sent back to node A, which allows node A to complete the | packet is sent back to node A, which allows node A to complete the | |||
| connectivity test. | continuity test. | |||
| 4. S-BFD UDP Port | 4. S-BFD Discriminators | |||
| S-BFD functions on a well-known UDP port: TBD1. | 4.1. Discriminator Pools | |||
| 5. S-BFD Discriminators | This document defines following suggestions for discriminator | |||
| management on SBFDInitiator and SBFDReflector sessions, to minimize | ||||
| the collision between required S-BFD discriminators on a local | ||||
| device. | ||||
| Locally allocated S-BFD discriminator values for entities may be | o SBFDInitiator is to allocate a discriminator from the BFD | |||
| arbitrary allocated or derived from values provided by applications. | discriminator pool. If the system also supports classical BFD | |||
| These values may be protocol IDs (ex: System-ID, Router-ID) or | that runs on [RFC5880], then the BFD discriminator pool SHOULD be | |||
| network targets (ex: IP address). To minimize the collision of | shared by SBFDInitiator sessions and classical BFD sessions. | |||
| discriminator values between BFD and S-BFD, it is RECOMMENDED that | ||||
| discriminator pool be separate for BFD and S-BFD. Even when | o SBFDReflector is to allocate a discriminator from the S-BFD | |||
| employing the separate discriminator pool approach, collision is | discriminator pool. The S-BFD discriminator pool SHOULD be a | |||
| still possible between one S-BFD application to another S-BFD | separate pool than the BFD discriminator pool. | |||
| application, that may be using different values and algorithms to | ||||
| derive S-BFD discriminator values. If the two applications are using | Remainder of this subsection describes the reasons for above | |||
| S-BFD for a same purpose (ex: network reachability), then the | suggestions. | |||
| Locally allocated S-BFD discriminator values for entities, listened | ||||
| by SBFDReflector sessions, may be arbitrary allocated or derived from | ||||
| values provided by applications. These values may be protocol IDs | ||||
| (ex: System-ID, Router-ID) or network targets (ex: IP address). To | ||||
| avoid derived S-BFD discriminator values already being assigned to | ||||
| other BFD sessions (i.e. SBFDInitiator sessions and classical BFD | ||||
| sessions), it is RECOMMENDED that discriminator pool for | ||||
| SBFDReflector sessions be separate from other BFD sessions. | ||||
| Even when following the separate discriminator pool approach, | ||||
| collision is still possible between one S-BFD application to another | ||||
| S-BFD application, that may be using different values and algorithms | ||||
| to derive S-BFD discriminator values. If the two applications are | ||||
| using S-BFD for a same purpose (ex: network reachability), then the | ||||
| colliding S-BFD discriminator value can be shared. If the two | colliding S-BFD discriminator value can be shared. If the two | |||
| applications are using S-BFD for a different purpose, then the | applications are using S-BFD for a different purpose, then the | |||
| collision must be addressed. How such collisions are addressed is | collision must be addressed. How such collisions are addressed is | |||
| outside the scope of this document. | outside the scope of this document. | |||
| 4.2. S-BFD Discriminator Uniqueness | ||||
| One important characteristics of an S-BFD discriminator is that it | One important characteristics of an S-BFD discriminator is that it | |||
| MUST be unique within an administrative domain. If multiple network | MUST be unique within an administrative domain. If multiple network | |||
| nodes allocated a same S-BFD discriminator value, then S-BFD packets | nodes allocated a same S-BFD discriminator value, then S-BFD packets | |||
| falsely terminating on a wrong network node can result in a reflector | falsely terminating on a wrong network node can result in a reflector | |||
| BFD session to generate a response back, due to "your discriminator" | BFD session to generate a response back, due to "your discriminator" | |||
| matching. This is clearly not desirable. If only IP based S-BFD is | matching. This is clearly not desirable. If only IP based S-BFD is | |||
| considered, then it is possible for the reflector BFD session to | considered, then it is possible for the reflector BFD session to | |||
| require demultiplexing of incoming S-BFD packets with combination of | require demultiplexing of incoming S-BFD packets with combination of | |||
| destination IP address and "your discriminator". Then S-BFD | destination IP address and "your discriminator". Then S-BFD | |||
| discriminator only has to be unique within a local node. However, | discriminator only has to be unique within a local node. However, | |||
| S-BFD is a generic mechanism defined to run on wide range of | S-BFD is a generic mechanism defined to run on wide range of | |||
| environments: IP, MPLS, etc. For other transports like MPLS, because | environments: IP, MPLS, etc. For other transports like MPLS, because | |||
| of the need to use non-routable IP destination address, it is not | of the need to use non-routable IP destination address, it is not | |||
| possible for reflector BFD session to demultiplex using IP | possible for reflector BFD session to demultiplex using IP | |||
| destination address. With PHP, there may not be any incoming label | destination address. With PHP, there may not be any incoming label | |||
| stack to aid in demultiplexing either. Thus, S-BFD imposes a | stack to aid in demultiplexing either. Thus, S-BFD imposes a | |||
| requirement that S-BFD discriminators MUST be unique within an | requirement that S-BFD discriminators MUST be unique within an | |||
| administrative domain. | administrative domain. | |||
| 6. Reflector BFD Session | 5. Reflector BFD Session | |||
| Each network node creates one or more reflector BFD sessions. This | Each network node creates one or more reflector BFD sessions. This | |||
| reflector BFD session is a session which transmits S-BFD packets in | reflector BFD session is a session which transmits S-BFD packets in | |||
| response to received S-BFD packets with "your discriminator" having | response to received S-BFD packets with "your discriminator" having | |||
| S-BFD discriminators allocated for local entities. Specifically, | S-BFD discriminators allocated for local entities. Specifically, | |||
| this reflector BFD session is to have following characteristics: | this reflector BFD session is to have following characteristics: | |||
| o MUST NOT transmit any S-BFD packets based on local timer expiry. | o MUST NOT transmit any S-BFD packets based on local timer expiry. | |||
| o MUST transmit an S-BFD packet in response to a received S-BFD | o MUST transmit an S-BFD packet in response to a received S-BFD | |||
| skipping to change at page 7, line 5 | skipping to change at page 7, line 32 | |||
| One reflector BFD session may be responsible for handling received | One reflector BFD session may be responsible for handling received | |||
| S-BFD packets targeted to all locally allocated S-BFD discriminators, | S-BFD packets targeted to all locally allocated S-BFD discriminators, | |||
| or few reflector BFD sessions may each be responsible for subset of | or few reflector BFD sessions may each be responsible for subset of | |||
| locally allocated S-BFD discriminators. This policy is a local | locally allocated S-BFD discriminators. This policy is a local | |||
| matter, and is outside the scope of this document. | matter, and is outside the scope of this document. | |||
| Note that incoming S-BFD packets may be IPv4, IPv6 or MPLS based. | Note that incoming S-BFD packets may be IPv4, IPv6 or MPLS based. | |||
| How such S-BFD packets reach an appropriate reflector BFD session is | How such S-BFD packets reach an appropriate reflector BFD session is | |||
| also a local matter, and is outside the scope of this document. | also a local matter, and is outside the scope of this document. | |||
| 7. State Variables | 6. State Variables | |||
| S-BFD introduces new state variables, and modifies the usage of | S-BFD introduces new state variables, and modifies the usage of | |||
| existing ones. | existing ones. | |||
| 7.1. New State Variables | 6.1. New State Variables | |||
| A new state variable is added to the base specification in support of | A new state variable is added to the base specification in support of | |||
| S-BFD. | S-BFD. | |||
| o bfd.SessionType: The type of this session. Allowable values are: | o bfd.SessionType: The type of this session. Allowable values are: | |||
| * SBFDInitiator - an S-BFD session on a network node that | * SBFDInitiator - an S-BFD session on a network node that | |||
| performs a connectivity test to a target entity by sending | performs a continuity test to a target entity by sending S-BFD | |||
| S-BFD packets. | packets. | |||
| * SBFDReflector - an S-BFD session on a network node that listens | * SBFDReflector - an S-BFD session on a network node that listens | |||
| for incoming S-BFD packets to local entities and generates | for incoming S-BFD packets to local entities and generates | |||
| response S-BFD packets. | response S-BFD packets. | |||
| bfd.SessionType variable MUST be initialized to the appropriate type | bfd.SessionType variable MUST be initialized to the appropriate type | |||
| when an S-BFD session is created. | when an S-BFD session is created. | |||
| 7.2. State Variable Initialization and Maintenance | 6.2. State Variable Initialization and Maintenance | |||
| Some state variables defined in section 6.8.1 of the BFD base | Some state variables defined in section 6.8.1 of the BFD base | |||
| specification need to be initialized or manipulated differently | specification need to be initialized or manipulated differently | |||
| depending on the session type. Ed-Note: Anything else?. | depending on the session type. | |||
| o bfd.DemandMode: This variable MUST be initialized to 1 for session | o bfd.DemandMode: This variable MUST be initialized to 1 for session | |||
| type SBFDInitiator, and MUST be initialized to 0 for session type | type SBFDInitiator, and MUST be initialized to 0 for session type | |||
| SBFDReflector. | SBFDReflector. | |||
| 8. S-BFD Procedures | 7. S-BFD Procedures | |||
| 8.1. Initiator Procedures | 7.1. S-BFD Packet Demultiplexing | |||
| Received BFD control packet MUST first be demultiplexed with | ||||
| information from the lower layer (ex: destination UDP port, | ||||
| associated channel type). If the packet is determined to be for an | ||||
| SBFDReflector, then the packet MUST be looked up to locate a | ||||
| corresponding SBFDReflector session based on the value from the "your | ||||
| discriminator" field in the table describing S-BFD discriminators. | ||||
| If the packet is determined not to be for SBFDReflector, then the | ||||
| packet MUST be looked up to locate a corresponding SBFDInitiator | ||||
| session or classical BFD session based on the value from the "your | ||||
| discriminator" field in the table describing BFD discriminators. If | ||||
| the located session is a SBFDInitiator, then destination of the | ||||
| packet (i.e. destination IP address) SHOULD be validated to be for | ||||
| self. | ||||
| Details of the initial BFD control packet demultiplexing are | ||||
| described in relevant S-BFD data plane documents. | ||||
| 7.2. Initiator Procedures | ||||
| S-BFD packets transmitted by an SBFDInitiator MUST set "your | S-BFD packets transmitted by an SBFDInitiator MUST set "your | |||
| discriminator" field to an S-BFD discriminator corresponding to the | discriminator" field to an S-BFD discriminator corresponding to the | |||
| remote entity. | remote entity. | |||
| S-BFD packets transmitted by an SBFDInitiator MUST NOT set "my | Every SBFDInitiator MUST have a locally unique "my discriminator" | |||
| discriminator" field to an S-BFD discriminator allocated for a local | allocated from the BFD discriminator pool. | |||
| entity (and is being monitored by a local SBFDReflector). This is to | ||||
| prevent incoming response S-BFD packets, from a remote SBFDReflector, | ||||
| having "your discriminator" as a S-BFD discriminator of a local | ||||
| entity. Every SBFDInitiator is to have a unique "my discriminator", | ||||
| and SHOULD be allocated from the BFD discriminator pool if the | ||||
| implementation employs the approach of having separate discriminator | ||||
| pools for BFD and S-BFD. | ||||
| Below ASCII art describes high level concept of connectivity test | Below ASCII art describes high level concept of continuity test using | |||
| using S-BFD. R2 allocates XX as the S-BFD discriminator for its | S-BFD. R2 allocates XX as the S-BFD discriminator for its network | |||
| network reachability purpose, and advertises XX to neighbors. ASCII | reachability purpose, and advertises XX to neighbors. ASCII art | |||
| art shows R1 and R4 performing a connectivity test to R2. | shows R1 and R4 performing a continuity test to R2. | |||
| +--- md=50/yd=XX (ping) ----+ | +--- md=50/yd=XX (ping) ----+ | |||
| | | | | | | |||
| |+-- md=XX/yd=50 (pong) --+ | | |+-- md=XX/yd=50 (pong) --+ | | |||
| || | | | || | | | |||
| |v | v | |v | v | |||
| R1 ==================== R2[*] ========= R3 ========= R4 | R1 ==================== R2[*] ========= R3 ========= R4 | |||
| | ^ |^ | | ^ |^ | |||
| | | || | | | || | |||
| | +-- md=60/yd=XX (ping) --+| | | +-- md=60/yd=XX (ping) --+| | |||
| | | | | | | |||
| +---- md=XX/yd=60 (pong) ---+ | +---- md=XX/yd=60 (pong) ---+ | |||
| [*] Reflector BFD session on R2. | [*] Reflector BFD session on R2. | |||
| === Links connecting network nodes. | === Links connecting network nodes. | |||
| --- S-BFD packet traversal. | --- S-BFD packet traversal. | |||
| Figure 3: S-BFD Connectivity Test | Figure 3: S-BFD Continuity Test | |||
| 8.1.1. SBFDInitiator State Machine | 7.2.1. SBFDInitiator State Machine | |||
| An SBFDInitiator may be a persistent session on the initiator with a | An SBFDInitiator may be a persistent session on the initiator with a | |||
| timer for S-BFD packet transmissions. An SBFDInitiator may also be a | timer for S-BFD packet transmissions (stateful SBFDInitiator). An | |||
| module, a script or a tool on the initiator that transmits one or | SBFDInitiator may also be a module, a script or a tool on the | |||
| more S-BFD packets "when needed". For transient SBFDInitiators, the | initiator that transmits one or more S-BFD packets "when needed" | |||
| BFD state machine described in [RFC5880] may not be applicable. For | (stateless SBFDInitiator). For stateless SBFDInitiators, a complete | |||
| persistent SBFDInitiators, the states and the state machine described | BFD state machine may not be applicable. For stateful | |||
| in [RFC5880] will function but are more than necessary. The | SBFDInitiators, the states and the state machine described in | |||
| following diagram provides an optimized state machine for persistent | [RFC5880] will not function due to SBFDReflector session only sending | |||
| SBFDInitiators. The notation on each arc represents the state of the | UP and ADMINDOWN states (i.e. SBFDReflector session does not send | |||
| SBFDInitiator (as received in the State field in the S-BFD packet) or | INIT state). The following diagram provides the RECOMMENDED state | |||
| indicates the expiration of the Detection Timer. | machine for stateful SBFDInitiators. The notation on each arc | |||
| represents the state of the SBFDInitiator (as received in the State | ||||
| field in the S-BFD packet) or indicates the expiration of the | ||||
| Detection Timer. | ||||
| +--+ | +--+ | |||
| ADMIN DOWN, | | | ADMIN DOWN, | | | |||
| TIMER | V | TIMER | V | |||
| +------+ UP +------+ | +------+ UP +------+ | |||
| | |-------------------->| |----+ | | |-------------------->| |----+ | |||
| | DOWN | | UP | | UP | | DOWN | | UP | | UP | |||
| | |<--------------------| |<---+ | | |<--------------------| |<---+ | |||
| +------+ ADMIN DOWN, +------+ | +------+ ADMIN DOWN, +------+ | |||
| TIMER | TIMER | |||
| Figure 4: SBFDInitiator FSM | Figure 4: SBFDInitiator FSM | |||
| Note that the above state machine is different from the base BFD | Note that the above state machine is different from the base BFD | |||
| specification[RFC5880]. This is because the Init state is no longer | specification[RFC5880]. This is because the INIT state is no longer | |||
| applicable for the SBFDInitiator. Another important difference is | applicable for the SBFDInitiator. Another important difference is | |||
| the transition of the state machine from the Down state to the Up | the transition of the state machine from the DOWN state to the UP | |||
| state when a packet with State Up is received by the initiator. The | state when a packet with State UP is received by the SBFDInitiator. | |||
| definitions of the states and the events have the same meaning as in | The definitions of the states and the events have the same meaning as | |||
| the base BFD specification [RFC5880]. | in the base BFD specification [RFC5880]. | |||
| 8.1.2. Details of S-BFD Packet Sent by SBFDInitiator | 7.2.2. Details of S-BFD Packet Sent by SBFDInitiator | |||
| S-BFD packets sent by an SBFDInitiator is to have following contents: | S-BFD packets sent by an SBFDInitiator is to have following contents: | |||
| o Well-known UDP destination port assigned for S-BFD. | ||||
| o UDP source port as per described in [RFC5881], [RFC5883], | ||||
| [RFC5884] and [RFC5885]. | ||||
| o "my discriminator" assigned by local node. | o "my discriminator" assigned by local node. | |||
| o "your discriminator" corresponding to a remote entity. | o "your discriminator" corresponding to a remote entity. | |||
| o "State" MUST be set to a value describing local state. | o "State" MUST be set to a value describing local state. | |||
| o "Desired Min TX Interval" MUST be set to a value describing local | o "Desired Min TX Interval" MUST be set to a value describing local | |||
| desired minimum transmit interval. | desired minimum transmit interval. | |||
| o "Required Min RX Interval" MUST be zero. | o "Required Min RX Interval" MUST be zero. | |||
| o "Required Min Echo RX Interval" SHOULD be zero. | o "Required Min Echo RX Interval" SHOULD be zero. | |||
| o "Detection Multiplier" MUST be set to a value describing locally | o "Detection Multiplier" MUST be set to a value describing locally | |||
| used multiplier value. | used multiplier value. | |||
| o Demand (D) bit MUST be set. | o Demand (D) bit MUST be set. | |||
| 8.2. Responder Procedures | 7.3. Responder Procedures | |||
| A network node which receives S-BFD packets transmitted by an | A network node which receives S-BFD packets transmitted by an | |||
| initiator is referred as responder. The responder, upon reception of | initiator is referred as responder. The responder, upon reception of | |||
| S-BFD packets, is to perform necessary relevant validations described | S-BFD packets, is to perform necessary relevant validations described | |||
| in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885]. | in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885]. | |||
| 8.2.1. Responder Demultiplexing | 7.3.1. Responder Demultiplexing | |||
| A BFD control packet received by a resonder is considered an S-BFD | When a responder receives an S-BFD packet, if the value in the "your | |||
| packet if the packet is on the well-known S-BFD port. When a | ||||
| responder receives an S-BFD packet, if the value in the "your | ||||
| discriminator" field is not one of S-BFD discriminators allocated for | discriminator" field is not one of S-BFD discriminators allocated for | |||
| local entities, then this packet MUST NOT be considered for this | local entities, then this packet MUST NOT be considered for this | |||
| mechanism. If the value in the "your discriminator" field is one of | mechanism. If the value in the "your discriminator" field is one of | |||
| S-BFD discriminators allocated for local entities, then the packet is | S-BFD discriminators allocated for local entities, then the packet is | |||
| determined to be handled by a reflector BFD session responsible for | determined to be handled by a reflector BFD session responsible for | |||
| the S-BFD discriminator. If the packet was determined to be | the S-BFD discriminator. If the packet was determined to be | |||
| processed further for this mechanism, then chosen reflector BFD | processed further for this mechanism, then chosen reflector BFD | |||
| session is to transmit a response BFD control packet using procedures | session is to transmit a response BFD control packet using procedures | |||
| described in Section 8.2.2, unless prohibited by local policies (ex: | described in Section 7.3.2, unless prohibited by local policies (ex: | |||
| administrative, security, rate-limiter, etc). | administrative, security, rate-limiter, etc). | |||
| 8.2.2. Details of S-BFD Packet Sent by SBFDReflector | 7.3.2. Details of S-BFD Packet Sent by SBFDReflector | |||
| S-BFD packets sent by an SBFDReflector is to have following contents: | S-BFD packets sent by an SBFDReflector is to have following contents: | |||
| o Well-known UDP destination port assigned for S-BFD. | ||||
| o UDP source port as described in [RFC5881], [RFC5883], [RFC5884] | ||||
| and [RFC5885]. | ||||
| o "my discriminator" MUST be copied from received "your | o "my discriminator" MUST be copied from received "your | |||
| discriminator". | discriminator". | |||
| o "your discriminator" MUST be copied from received "my | o "your discriminator" MUST be copied from received "my | |||
| discriminator". | discriminator". | |||
| o "State" MUST be UP or ADMINDOWN. Clarification of reflector BFD | o "State" MUST be UP or ADMINDOWN. Clarification of reflector BFD | |||
| session state is described in Section 8.7. | session state is described in Section 7.8. | |||
| o "Desired Min TX Interval" MUST be copied from received "Desired | o "Desired Min TX Interval" MUST be copied from received "Desired | |||
| Min TX Interval". | Min TX Interval". | |||
| o "Required Min RX Interval" MUST be set to a value describing how | o "Required Min RX Interval" MUST be set to a value describing how | |||
| many incoming control packets this reflector BFD session can | many incoming control packets this reflector BFD session can | |||
| handle. Further details are described in Section 8.7. | handle. Further details are described in Section 7.8. | |||
| o "Required Min Echo RX Interval" SHOULD be set to zero. | o "Required Min Echo RX Interval" SHOULD be set to zero. | |||
| o "Detection Multiplier" MUST be copied from received "Detection | o "Detection Multiplier" MUST be copied from received "Detection | |||
| Multiplier". | Multiplier". | |||
| o Demand (D) bit MUST be cleared. | o Demand (D) bit MUST be cleared. | |||
| 8.3. Diagnostic Values | 7.4. Diagnostic Values | |||
| Diagnostic value in both directions MAY be set to a certain value, to | Diagnostic value in both directions MAY be set to a certain value, to | |||
| attempt to communicate further information to both ends. However, | attempt to communicate further information to both ends. However, | |||
| details of such are outside the scope of this specification. | details of such are outside the scope of this specification. | |||
| 8.4. The Poll Sequence | 7.5. The Poll Sequence | |||
| Poll sequence MAY be used in both directions. The Poll sequence MUST | Poll sequence MAY be used in both directions. The Poll sequence MUST | |||
| operate in accordance with [RFC5880]. An SBFDReflector MAY use the | operate in accordance with [RFC5880]. An SBFDReflector MAY use the | |||
| Poll sequence to slow down that rate at which S-BFD packets are | Poll sequence to slow down that rate at which S-BFD packets are | |||
| generated from an SBFDInitiator. This is done by the SBFDReflector | generated from an SBFDInitiator. This is done by the SBFDReflector | |||
| using procedures described in Section 8.7 and setting the Poll (P) | using procedures described in Section 7.8 and setting the Poll (P) | |||
| bit in the reflected S-BFD packet. The SBFDInitiator is to then send | bit in the reflected S-BFD packet. The SBFDInitiator is to then send | |||
| the next S-BFD packet with the Final (F) bit set. If an | the next S-BFD packet with the Final (F) bit set. If an | |||
| SBFDReflector receives an S-BFD packet with Poll (P) bit set, then | SBFDReflector receives an S-BFD packet with Poll (P) bit set, then | |||
| the SBFDReflector MUST respond with an S-BFD packet with Poll (P) bit | the SBFDReflector MUST respond with an S-BFD packet with Poll (P) bit | |||
| cleared and Final (F) bit set. | cleared and Final (F) bit set. | |||
| 8.5. Control Plane Independent (C) | 7.6. Control Plane Independent (C) | |||
| Control plane independent (C) bit for an SBFDInitiator sending S-BFD | Control plane independent (C) bit for an SBFDInitiator sending S-BFD | |||
| packets to a reflector BFD session MUST work according to [RFC5880]. | packets to a reflector BFD session MUST work according to [RFC5880]. | |||
| Reflector BFD session also MUST work according to [RFC5880]. | Reflector BFD session also MUST work according to [RFC5880]. | |||
| Specifically, if reflector BFD session implementation does not share | Specifically, if reflector BFD session implementation does not share | |||
| fate with control plane, then response S-BFD packets transmitted MUST | fate with control plane, then response S-BFD packets transmitted MUST | |||
| have control plane independent (C) bit set. If reflector BFD session | have control plane independent (C) bit set. If reflector BFD session | |||
| implementation shares fate with control plane, then response S-BFD | implementation shares fate with control plane, then response S-BFD | |||
| packets transmitted MUST NOT have control plane independent (C) bit | packets transmitted MUST NOT have control plane independent (C) bit | |||
| set. | set. | |||
| 8.6. Additional SBFDInitiator Behaviors | 7.7. Additional SBFDInitiator Behaviors | |||
| o If the SBFDInitiator receives a valid S-BFD packet in response to | o If the SBFDInitiator receives a valid S-BFD packet in response to | |||
| transmitted S-BFD packet to a remote entity, then the | transmitted S-BFD packet to a remote entity, then the | |||
| SBFDInitiator SHOULD conclude that S-BFD packet reached the | SBFDInitiator SHOULD conclude that S-BFD packet reached the | |||
| intended remote entity. | intended remote entity. | |||
| o When a sufficient number of S-BFD packets have not arrived as they | o When a sufficient number of S-BFD packets have not arrived as they | |||
| should, the SBFDInitiator SHOULD declare loss of connectivity to | should, the SBFDInitiator SHOULD declare loss of reachability to | |||
| the remote entity. The criteria for declaring loss of | the remote entity. The criteria for declaring loss of | |||
| connectivity and the action that would be triggered as a result | reachability and the action that would be triggered as a result | |||
| are outside the scope of this document. | are outside the scope of this document. | |||
| o Relating to above bullet item, it is critical for an | o Relating to above bullet item, it is critical for an | |||
| implementation to understand the latency to/from the reflector BFD | implementation to understand the latency to/from the reflector BFD | |||
| session on the responder. In other words, for very first S-BFD | session on the responder. In other words, for very first S-BFD | |||
| packet transmitted by the SBFDInitiator, an implementation MUST | packet transmitted by the SBFDInitiator, an implementation MUST | |||
| NOT expect response S-BFD packet to be received for time | NOT expect response S-BFD packet to be received for time | |||
| equivalent to sum of latencies: initiator to responder and | equivalent to sum of latencies: initiator to responder and | |||
| responder back to initiator. | responder back to initiator. | |||
| o If the SBFDInitiator receives an S-BFD packet with Demand (D) bit | o If the SBFDInitiator receives an S-BFD packet with Demand (D) bit | |||
| set, the packet MUST be discarded. | set, the packet MUST be discarded. | |||
| 8.7. Additional SBFDReflector Behaviors | 7.8. Additional SBFDReflector Behaviors | |||
| o S-BFD packets transmitted by the SBFDReflector MUST have "Required | o S-BFD packets transmitted by the SBFDReflector MUST have "Required | |||
| Min RX Interval" set to a value which expresses how many incoming | Min RX Interval" set to a value which expresses how many incoming | |||
| S-BFD packets this SBFDReflector can handle. The SBFDReflector | S-BFD packets this SBFDReflector can handle. The SBFDReflector | |||
| can control how fast SBFInitiators will be sending S-BFD packets | can control how fast SBFInitiators will be sending S-BFD packets | |||
| to self by ensuring "Required Min RX Interval" indicates a value | to self by ensuring "Required Min RX Interval" indicates a value | |||
| based on the current load. | based on the current load. | |||
| o If the SBFDReflector wishes to communicate to some or all | o If the SBFDReflector wishes to communicate to some or all | |||
| SBFDInitiators that monitored local entity is "temporarily out of | SBFDInitiators that monitored local entity is "temporarily out of | |||
| service", then S-BFD packets with "state" set to ADMINDOWN are | service", then S-BFD packets with "state" set to ADMINDOWN are | |||
| sent to those SBFDInitiators. The SBFDInitiators, upon reception | sent to those SBFDInitiators. The SBFDInitiators, upon reception | |||
| of such packets, MUST NOT conclude loss of connectivity to | of such packets, MUST NOT conclude loss of reachability to | |||
| corresponding remote entity, and MUST back off packet transmission | corresponding remote entity, and MUST back off packet transmission | |||
| interval for the remote entity to an interval no faster than 1 | interval for the remote entity to an interval no faster than 1 | |||
| second. If the SBFDReflector is generating a response S-BFD | second. If the SBFDReflector is generating a response S-BFD | |||
| packet for a local entity that is in service, then "state" in | packet for a local entity that is in service, then "state" in | |||
| response BFD control packets MUST be set to UP. | response BFD control packets MUST be set to UP. | |||
| o If an SBFDReflector receives an S-BFD packet with Demand (D) bit | o If an SBFDReflector receives an S-BFD packet with Demand (D) bit | |||
| cleared, the packet MUST be discarded. | cleared, the packet MUST be discarded. | |||
| 9. Scaling Aspect | 8. Scaling Aspect | |||
| This mechanism brings forth one noticeable difference in terms of | This mechanism brings forth one noticeable difference in terms of | |||
| scaling aspect: number of SBFDReflector. This specification | scaling aspect: number of SBFDReflector. This specification | |||
| eliminates the need for egress nodes to have fully active BFD | eliminates the need for egress nodes to have fully active BFD | |||
| sessions when only one side desires to perform connectivity tests. | sessions when only one side desires to perform continuity tests. | |||
| With introduction of reflector BFD concept, egress no longer is | With introduction of reflector BFD concept, egress no longer is | |||
| required to create any active BFD session per path/LSP/function | required to create any active BFD session per path/LSP/function | |||
| basis. Due to this, total number of BFD sessions in a network is | basis. Due to this, total number of BFD sessions in a network is | |||
| reduced. | reduced. | |||
| 10. Co-existence with Traditional BFD | 9. Co-existence with Classical BFD Sessions | |||
| This mechanism has no issues being deployed with traditional BFDs | Initial packet demultiplexing requirement is described in | |||
| ([RFC5881], [RFC5883], [RFC5884] and [RFC5885]) because S-BFD | Section 7.1. Because of this, S-BFD mechanism can co-exist with | |||
| discriminators which allow this mechanism to function are explicitly | classical BFD sessions. | |||
| reserved and separate UDP port values are used with S-BFD. | ||||
| 11. BFD Echo | 10. S-BFD Echo Function | |||
| BFD echo is outside the scope of this document. | The concept of the S-BFD Echo function is similar to the BFD Echo | |||
| function described in [RFC5880], packets are self-generated and self- | ||||
| terminated after traversing a link/path. S-BFD echo packets are | ||||
| expected to u-turn on the target node in the data plane and MUST NOT | ||||
| be processed by any reflector BFD sessions on the target node. | ||||
| 12. Security Considerations | When using the S-BFD Echo function, it is RECOMMENDED that: | |||
| Same security considerations as [RFC5880], [RFC5881], [RFC5883], | o Both S-BFD packets (with BFD control header) and S-BFD echo | |||
| [RFC5884] and [RFC5885] apply to this document. | packets (implementation specific) be sent. | |||
| Additionally, implementing the following measures will strengthen | o Both S-BFD packets and S-BFD echo packets have the same semantics | |||
| security aspects of the mechanism described by this document. | in the forward direction to reach the target node. | |||
| o Implementations MUST provide filtering capability based on source | In other words, it is not preferable to send just S-BFD echo packets. | |||
| IP addresses of received S-BFD packets: [RFC2827]. | There are two reason behind this suggestion: | |||
| o Implementations MUST NOT act on received S-BFD packets containing | o S-BFD packets can verify reachability to intended target node, | |||
| Martian addresses as source IP addresses. | which allows one to conclude that S-BFD echo packets are u-turning | |||
| on the expected target node. | ||||
| o Implementations MUST ensure that response S-BFD packets generated | o S-BFD packets can detect when the target node is going out of | |||
| to the initiator by the SBFDReflector have a reachable target (ex: | service (i.e. via receiving back ADMINDOWN state). | |||
| destination IP address). | ||||
| Implementations MAY set "Required Min Echo RX Interval" field to | ||||
| indicate the rate which SBFDInitiator is sending S-BFD Echo packets | ||||
| (in ping) or the rate which SBFDReflector wants SBFDInitiators to | ||||
| send S-BFD Echo packets (in pong). However, this is likely more than | ||||
| necessary for the S-BFD Echo function to operate. Therefore, it is | ||||
| RECOMMENDED that "Required Min Echo RX Interval" field simply be set | ||||
| to zero in both directions. | ||||
| Additionally, following aspects are left as implementation details, | ||||
| and are outside the scope of this document: | ||||
| o Format of the S-BFD Echo packet (ex: data beyond UDP header). | ||||
| o Procedures on when and how to use the S-BFD Echo function. | ||||
| 11. Security Considerations | ||||
| Same security considerations as [RFC5880], [RFC5881], [RFC5883], | ||||
| [RFC5884] and [RFC5885] apply to this document. Additionally, | ||||
| implementing the following measures will strengthen security aspects | ||||
| of the mechanism described by this document: | ||||
| o SBFDInitiator MAY pick crypto sequence number based on | o SBFDInitiator MAY pick crypto sequence number based on | |||
| authentication mode configured. | authentication mode configured. | |||
| o SBFDReflector MUST NOT look at the crypto sequence number before | o SBFDReflector MUST NOT look at the crypto sequence number before | |||
| accepting the packet. | accepting the packet. | |||
| o SBFDReflector MAY look at the Key ID | o SBFDReflector MAY look at the Key ID | |||
| [I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and | [I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and | |||
| verify the authentication data. | verify the authentication data. | |||
| skipping to change at page 14, line 10 | skipping to change at page 15, line 14 | |||
| o SBFDReflector are not susceptible to replay attacks as they always | o SBFDReflector are not susceptible to replay attacks as they always | |||
| respond to S-BFD packets irrespective of the sequence number | respond to S-BFD packets irrespective of the sequence number | |||
| carried. | carried. | |||
| o An attacker cannot impersonate the responder since the | o An attacker cannot impersonate the responder since the | |||
| SBFDInitiator will only accept S-BFD packets that come with the | SBFDInitiator will only accept S-BFD packets that come with the | |||
| sequence number that it had originally used when sending the S-BFD | sequence number that it had originally used when sending the S-BFD | |||
| packet. | packet. | |||
| 13. IANA Considerations | 12. IANA Considerations | |||
| A new value TBD1 is requested from the "Service Name and Transport | ||||
| Protocol Port Number Registry". The requested registry entry is: | ||||
| Service Name (REQUIRED) | No action is required by IANA for this document. | |||
| s-bfd | ||||
| Transport Protocol(s) (REQUIRED) | ||||
| udp | ||||
| Assignee (REQUIRED) | ||||
| IESG <iesg@ietf.org> | ||||
| Contact (REQUIRED) | ||||
| BFD Chairs <bfd-chairs@tools.ietf.org> | ||||
| Description (REQUIRED) | ||||
| Seamless Bidirectional Forwarding Detection (S-BFD) | ||||
| Reference (REQUIRED) | ||||
| draft-ietf-bfd-seamless-base | ||||
| Port Number (OPTIONAL) | ||||
| TBD1 (Requesting 7784) | ||||
| 14. Acknowledgements | 13. Acknowledgements | |||
| Authors would like to thank Jeffrey Haas for performing thorough | Authors would like to thank Jeffrey Haas, Greg Mirsky and Marc | |||
| reviews and providing number of suggestions. Authors would like to | Binderberger for performing thorough reviews and providing number of | |||
| thank Girija Raghavendra Rao, Marc Binderberger, Les Ginsberg, | suggestions. Authors would like to thank Girija Raghavendra Rao, Les | |||
| Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from | Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad | |||
| Cisco Systems for providing valuable comments. Authors would also | Govindan from Cisco Systems for providing valuable comments. Authors | |||
| like to thank John E. Drake for providing comments and suggestions. | would also like to thank John E. Drake and Pablo Frank for providing | |||
| comments and suggestions. | ||||
| 15. Contributing Authors | 14. Contributing Authors | |||
| Tarek Saad | Tarek Saad | |||
| Cisco Systems | Cisco Systems | |||
| Email: tsaad@cisco.com | Email: tsaad@cisco.com | |||
| Siva Sivabalan | Siva Sivabalan | |||
| Cisco Systems | Cisco Systems | |||
| Email: msiva@cisco.com | Email: msiva@cisco.com | |||
| Nagendra Kumar | Nagendra Kumar | |||
| skipping to change at page 15, line 4 | skipping to change at page 15, line 41 | |||
| Cisco Systems | Cisco Systems | |||
| Email: tsaad@cisco.com | Email: tsaad@cisco.com | |||
| Siva Sivabalan | Siva Sivabalan | |||
| Cisco Systems | Cisco Systems | |||
| Email: msiva@cisco.com | Email: msiva@cisco.com | |||
| Nagendra Kumar | Nagendra Kumar | |||
| Cisco Systems | Cisco Systems | |||
| Email: naikumar@cisco.com | Email: naikumar@cisco.com | |||
| Mallik Mudigonda | Mallik Mudigonda | |||
| Cisco Systems | Cisco Systems | |||
| Email: mmudigon@cisco.com | Email: mmudigon@cisco.com | |||
| Sam Aldrin | Sam Aldrin | |||
| Huawei Technologies | Huawei Technologies | |||
| Email: aldrin.ietf@gmail.com | Email: aldrin.ietf@gmail.com | |||
| 16. References | 15. References | |||
| 16.1. Normative References | ||||
| [I-D.ietf-bfd-seamless-use-case] | 15.1. Normative References | |||
| Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N., and S. | ||||
| Matsushima, "Seamless Bidirectional Forwarding Detection | ||||
| (BFD) Use Case", draft-ietf-bfd-seamless-use-case-00 (work | ||||
| in progress), June 2014. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
| (BFD)", RFC 5880, June 2010. | (BFD)", RFC 5880, June 2010. | |||
| [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
| (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June | (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June | |||
| 2010. | 2010. | |||
| [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
| (BFD) for Multihop Paths", RFC 5883, June 2010. | (BFD) for Multihop Paths", RFC 5883, June 2010. | |||
| [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, | [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, | |||
| "Bidirectional Forwarding Detection (BFD) for MPLS Label | "Bidirectional Forwarding Detection (BFD) for MPLS Label | |||
| Switched Paths (LSPs)", RFC 5884, June 2010. | Switched Paths (LSPs)", RFC 5884, June 2010. | |||
| 16.2. Informative References | 15.2. Informative References | |||
| [I-D.ietf-bfd-generic-crypto-auth] | [I-D.ietf-bfd-generic-crypto-auth] | |||
| Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, | Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, | |||
| "BFD Generic Cryptographic Authentication", draft-ietf- | "BFD Generic Cryptographic Authentication", draft-ietf- | |||
| bfd-generic-crypto-auth-06 (work in progress), April 2014. | bfd-generic-crypto-auth-06 (work in progress), April 2014. | |||
| [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: | [I-D.ietf-bfd-seamless-use-case] | |||
| Defeating Denial of Service Attacks which employ IP Source | Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N., and S. | |||
| Address Spoofing", BCP 38, RFC 2827, May 2000. | Matsushima, "Seamless Bidirectional Forwarding Detection | |||
| (BFD) Use Case", draft-ietf-bfd-seamless-use-case-00 (work | ||||
| in progress), June 2014. | ||||
| [RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding | [RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding | |||
| Detection (BFD) for the Pseudowire Virtual Circuit | Detection (BFD) for the Pseudowire Virtual Circuit | |||
| Connectivity Verification (VCCV)", RFC 5885, June 2010. | Connectivity Verification (VCCV)", RFC 5885, June 2010. | |||
| Appendix A. Loop Problem | Appendix A. Loop Problem | |||
| Consider a scenario where we have two nodes and both are S-BFD | Consider a scenario where we have two nodes and both are S-BFD | |||
| capable. | capable. | |||
| skipping to change at page 16, line 51 | skipping to change at page 17, line 37 | |||
| Solutions | Solutions | |||
| The current proposals to avoid the loop problem are: | The current proposals to avoid the loop problem are: | |||
| o Overload "D" bit (Demand mode bit): Initiator always sets the 'D' | o Overload "D" bit (Demand mode bit): Initiator always sets the 'D' | |||
| bit and reflector clears it. This way we can identify if a | bit and reflector clears it. This way we can identify if a | |||
| received packet was a reflected packet and avoid reflecting it | received packet was a reflected packet and avoid reflecting it | |||
| back. However this changes the interpretation of 'D' bit. | back. However this changes the interpretation of 'D' bit. | |||
| o Use of State field in the BFD control packets: Initiator will | o Use of State field in the BFD control packets: Initiator will | |||
| always send packets with State set to "DOWN" and reflector will | always send packets with State set to DOWN and reflector will send | |||
| send back packets with state field set to "UP. Reflectors will | back packets with state field set to UP. Reflectors will never | |||
| never reflect any received packets with state as "UP". However | reflect any received packets with state as UP. However the only | |||
| the only issue is the use of state field differently i.e. state in | issue is the use of state field differently i.e. state in the | |||
| the S-BFD control packet from initiator does not reflect the local | S-BFD control packet from initiator does not reflect the local | |||
| state which is anyway not significant at reflector. | state which is anyway not significant at reflector. | |||
| o Use of local discriminator as My Disc at reflector: Reflector will | o Use of local discriminator as My Disc at reflector: Reflector will | |||
| always fill in My Discriminator with a locally allocated | always fill in My Discriminator with a locally allocated | |||
| discriminator value (not reserved discriminators) and will not | discriminator value (not reserved discriminators) and will not | |||
| copy it from the received packet. | copy it from the received packet. | |||
| Authors' Addresses | Authors' Addresses | |||
| Nobo Akiya | Nobo Akiya | |||
| End of changes. 76 change blocks. | ||||
| 186 lines changed or deleted | 224 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||