draft-ietf-bfd-seamless-base-05.txt | draft-ietf-bfd-seamless-base-06.txt | |||
---|---|---|---|---|
Internet Engineering Task Force N. Akiya | Internet Engineering Task Force N. Akiya | |||
Internet-Draft Big Switch Networks | Internet-Draft Big Switch Networks | |||
Updates: 5880 (if approved) C. Pignataro | Updates: 5880 (if approved) C. Pignataro | |||
Intended status: Standards Track D. Ward | Intended status: Standards Track D. Ward | |||
Expires: December 21, 2015 Cisco Systems | Expires: August 12, 2016 Cisco Systems | |||
M. Bhatia | M. Bhatia | |||
Ionos Networks | Ionos Networks | |||
S. Pallagatti | S. Pallagatti | |||
Juniper Networks | February 9, 2016 | |||
June 19, 2015 | ||||
Seamless Bidirectional Forwarding Detection (S-BFD) | Seamless Bidirectional Forwarding Detection (S-BFD) | |||
draft-ietf-bfd-seamless-base-05 | draft-ietf-bfd-seamless-base-06 | |||
Abstract | Abstract | |||
This document defines a simplified mechanism to use Bidirectional | This document defines a simplified mechanism to use Bidirectional | |||
Forwarding Detection (BFD) with large portions of negotiation aspects | Forwarding Detection (BFD) with large portions of negotiation aspects | |||
eliminated, thus providing benefits such as quick provisioning as | eliminated, thus providing benefits such as quick provisioning as | |||
well as improved control and flexibility to network nodes initiating | well as improved control and flexibility to network nodes initiating | |||
the path monitoring. | the path monitoring. | |||
This document updates RFC5880. | This document updates RFC5880. | |||
skipping to change at page 1, line 48 | skipping to change at page 1, line 47 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on December 21, 2015. | This Internet-Draft will expire on August 12, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4 | 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 5 | |||
4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5 | 4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 6 | |||
4.1. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 5 | 4.1. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 6 | |||
4.2. Discriminator Pools . . . . . . . . . . . . . . . . . . . 6 | 4.2. Discriminator Pools . . . . . . . . . . . . . . . . . . . 6 | |||
5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 | 5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 | |||
6. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 | 6. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
6.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 | 6.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 | |||
6.2. State Variable Initialization and Maintenance . . . . . . 8 | 6.2. State Variable Initialization and Maintenance . . . . . . 8 | |||
7. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 8 | 7. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 8 | |||
7.1. Demultiplexing of S-BFD Control Packet . . . . . . . . . 8 | 7.1. Demultiplexing of S-BFD Control Packet . . . . . . . . . 8 | |||
7.2. Initiator Procedures . . . . . . . . . . . . . . . . . . 9 | 7.2. Responder Procedures . . . . . . . . . . . . . . . . . . 9 | |||
7.2.1. SBFDInitiator State Machine . . . . . . . . . . . . . 10 | 7.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 9 | |||
7.2.2. Transmission of S-BFD Control Packet by SBFDInitiator 10 | 7.2.2. Transmission of S-BFD Control Packet by SBFDReflector 9 | |||
7.3. Responder Procedures . . . . . . . . . . . . . . . . . . 12 | 7.2.3. Additional SBFDReflector Behaviors . . . . . . . . . 11 | |||
7.3.1. Responder Demultiplexing . . . . . . . . . . . . . . 12 | 7.3. Initiator Procedures . . . . . . . . . . . . . . . . . . 11 | |||
7.3.2. Transmission of S-BFD Control Packet by SBFDReflector 13 | 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 12 | |||
7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator 13 | ||||
7.3.3. Additional SBFDInitiator Behaviors . . . . . . . . . 13 | ||||
7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 14 | 7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 14 | |||
7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 14 | 7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 14 | |||
7.6. Control Plane Independent (C) . . . . . . . . . . . . . . 15 | 8. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
7.7. Additional SBFDInitiator Behaviors . . . . . . . . . . . 15 | 9. Co-existence with Classical BFD Sessions . . . . . . . . . . 14 | |||
7.8. Additional SBFDReflector Behaviors . . . . . . . . . . . 15 | 10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 15 | |||
8. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 16 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | |||
9. Co-existence with Classical BFD Sessions . . . . . . . . . . 16 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | |||
10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 16 | 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 | |||
11. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 17 | |||
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 | 15.1. Normative References . . . . . . . . . . . . . . . . . . 17 | |||
14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 18 | 15.2. Informative References . . . . . . . . . . . . . . . . . 17 | |||
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 18 | |||
15.1. Normative References . . . . . . . . . . . . . . . . . . 19 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
15.2. Informative References . . . . . . . . . . . . . . . . . 19 | ||||
Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 20 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 | ||||
1. Introduction | 1. Introduction | |||
Bidirectional Forwarding Detection (BFD), [RFC5880] and related | Bidirectional Forwarding Detection (BFD), [RFC5880] and related | |||
documents, has efficiently generalized the failure detection | documents, has efficiently generalized the failure detection | |||
mechanism for multiple protocols and applications. There are some | mechanism for multiple protocols and applications. There are some | |||
improvements which can be made to better fit existing technologies. | improvements which can be made to better fit existing technologies. | |||
There is a possibility of evolving BFD to better fit new | There is a possibility of evolving BFD to better fit new | |||
technologies. This document focuses on several aspects of BFD in | technologies. This document focuses on several aspects of BFD in | |||
order to further improve efficiency, to expand failure detection | order to further improve efficiency, to expand failure detection | |||
coverage and to allow BFD usage for wider scenarios. This document | coverage and to allow BFD usage for wider scenarios. | |||
extends BFD to provide solutions to use cases listed in | ||||
[I-D.ietf-bfd-seamless-use-case]. | Specifically, this document defines Seamless Bidirectional Forwarding | |||
Detection (S-BFD) a simplified mechanism to use Bidirectional | ||||
Forwarding Detection (BFD) with large portions of negotiation aspects | ||||
eliminated, thus providing benefits such as quick provisioning as | ||||
well as improved control and flexibility to network nodes initiating | ||||
the path monitoring. S-BFD enables cases benefiting from the use of | ||||
core BFD technologies in a fashion that leverages existing | ||||
implementations and protocol machinery while providing a rather | ||||
simplified and largely stateless infrastructure for continuity | ||||
testing. | ||||
One key aspect of the mechanism described in this document eliminates | One key aspect of the mechanism described in this document eliminates | |||
the time between a network node wanting to perform a continuity test | the time between a network node wanting to perform a continuity test | |||
and completing the continuity test. In traditional BFD terms, the | and completing the continuity test. In traditional BFD terms, the | |||
initial state changes from DOWN to UP are virtually nonexistent. | initial state changes from DOWN to UP are virtually nonexistent. | |||
Removal of this seam (i.e., time delay) in BFD provides applications | Removal of this seam (i.e., time delay) in BFD provides applications | |||
a smooth and continuous operational experience. Therefore, "Seamless | a smooth and continuous operational experience. Therefore, "Seamless | |||
BFD" (S-BFD) has been chosen as the name for this mechanism. | BFD" (S-BFD) has been chosen as the name for this mechanism. | |||
2. Terminology | 2. Terminology | |||
The reader is expected to be familiar with the BFD, IP and MPLS | The reader is expected to be familiar with the BFD [RFC5880], IP | |||
terminologies and protocol constructs. This section describes | [RFC0791] [RFC2460] and MPLS [RFC3031] terminologies and protocol | |||
several new terminologies introduced by S-BFD. | constructs. This section describes several new terminologies | |||
introduced by S-BFD. | ||||
o Classical BFD - BFD session types based on [RFC5880]. | o Classical BFD - BFD session types based on [RFC5880]. | |||
o S-BFD - Seamless BFD. | o S-BFD - Seamless BFD. | |||
o S-BFD control packet - a BFD control packet for the S-BFD | o S-BFD control packet - a BFD control packet for the S-BFD | |||
mechanism. | mechanism. | |||
o S-BFD echo packet - a BFD echo packet for the S-BFD mechanism. | o S-BFD echo packet - a BFD echo packet for the S-BFD mechanism. | |||
skipping to change at page 4, line 50 | skipping to change at page 5, line 12 | |||
Figure 1: S-BFD Terminology Relationship | Figure 1: S-BFD Terminology Relationship | |||
3. Seamless BFD Overview | 3. Seamless BFD Overview | |||
An S-BFD module on each network node allocates one or more S-BFD | An S-BFD module on each network node allocates one or more S-BFD | |||
discriminators for local entities, and creates a reflector BFD | discriminators for local entities, and creates a reflector BFD | |||
session. Allocated S-BFD discriminators may be advertised by | session. Allocated S-BFD discriminators may be advertised by | |||
applications (e.g., OSPF/IS-IS). Required result is that | applications (e.g., OSPF/IS-IS). Required result is that | |||
applications, on other network nodes, possess the knowledge of the | applications, on other network nodes, possess the knowledge of the | |||
mapping from remote entities to S-BFD discriminators. The reflector | S-BFD discriminators allocated by a remote node to remote entities. | |||
BFD session is to, upon receiving an S-BFD control packet targeted to | The reflector BFD session is to, upon receiving an S-BFD control | |||
one of local S-BFD discriminator values, transmit a response S-BFD | packet targeted to one of local S-BFD discriminator values, transmit | |||
control packet back to the initiator. | a response S-BFD control packet back to the initiator. | |||
Once above setup is complete, any network nodes, having the knowledge | Once above setup is complete, any network node, having the knowledge | |||
of the mapping from a remote entity to an S-BFD discriminator, can | of the S-BFD discriminator allocated toby a remote node to remote | |||
quickly perform a continuity test to the remote entity by simply | entity/entities, it can quickly perform a continuity test to the | |||
sending S-BFD control packets with corresponding S-BFD discriminator | remote entity by simply sending S-BFD control packets with | |||
value in the "your discriminator" field. | corresponding S-BFD discriminator value in the "your discriminator" | |||
field. | ||||
For example: | For example: | |||
<------- IS-IS Network -------> | <------- IS-IS Network -------> | |||
+---------+ | +---------+ | |||
| | | | | | |||
A---------B---------C---------D | A---------B---------C---------D | |||
^ ^ | ^ ^ | |||
| | | | | | |||
SystemID SystemID | SystemID SystemID | |||
xxx yyy | xxx yyy | |||
BFD Discrim BFD Discrim | BFD Discrim BFD Discrim | |||
123 456 | 123 456 | |||
Figure 2: S-BFD for IS-IS Network | Figure 2: S-BFD for IS-IS Network | |||
The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator | S-BFD module in a system IS-IS SystemID xxx (node A) allocates an | |||
123, and advertises the S-BFD discriminator 123 in an IS-IS TLV. The | S-BFD discriminator 123, and IS-IS will advertises the S-BFD | |||
IS-IS with SystemID yyy (node D) allocates an S-BFD discriminator | discriminator 123 in an IS-IS TLV. S-BFD module in a system with IS- | |||
456, and advertises the S-BFD discriminator 456 in an IS-IS TLV. A | IS SystemID yyy (node D) allocates an S-BFD discriminator 456, and | |||
IS-IS advertises the S-BFD discriminator 456 in an IS-IS TLV. A | ||||
reflector BFD session is created on both network nodes (node A and | reflector BFD session is created on both network nodes (node A and | |||
node D). When network node A wants to check the reachability to | node D). When network node A wants to check the reachability to | |||
network node D, node A can send an S-BFD control packet, destined to | network node D, node A can send an S-BFD control packet, destined to | |||
node D, with "your discriminator" field set to 456. When the | node D, with "your discriminator" field set to 456. When the | |||
reflector BFD session on node D receives this S-BFD control packet, | reflector BFD session on node D receives this S-BFD control packet, | |||
then response S-BFD control packet is sent back to node A, which | then response S-BFD control packet is sent back to node A, which | |||
allows node A to complete the continuity test. | allows node A to complete the continuity test. | |||
The use of multiple S-BFD discriminators by a single network node is | ||||
outside the scope of this document. | ||||
4. S-BFD Discriminators | 4. S-BFD Discriminators | |||
4.1. S-BFD Discriminator Uniqueness | 4.1. S-BFD Discriminator Uniqueness | |||
One important characteristics of an S-BFD discriminator is that it | One important characteristics of an S-BFD discriminator is that it | |||
MUST be unique within an administrative domain. If multiple network | MUST be unique within an administrative domain. If multiple network | |||
nodes allocated a same S-BFD discriminator value, then S-BFD control | nodes allocated a same S-BFD discriminator value, then S-BFD control | |||
packets falsely terminating on a wrong network node can result in a | packets falsely terminating on a wrong network node can result in a | |||
reflector BFD session to generate a response back, due to "your | reflector BFD session to generate a response back, due to "your | |||
discriminator" matching. This is clearly not desirable. If only IP | discriminator" matching. This is clearly not desirable. | |||
based S-BFD is considered, then it is possible for the reflector BFD | ||||
session to require demultiplexing of incoming S-BFD control packets | ||||
with combination of destination IP address and "your discriminator". | ||||
Then S-BFD discriminator only has to be unique within a local node. | ||||
However, S-BFD is a generic mechanism defined to run on wide range of | ||||
environments: IP, MPLS, etc. For other transports like MPLS, because | ||||
of the need to use non-routable IP destination address, it is not | ||||
possible for reflector BFD session to demultiplex using IP | ||||
destination address. With PHP, there may not be any incoming label | ||||
stack to aid in demultiplexing either. Thus, S-BFD imposes a | ||||
requirement that S-BFD discriminators MUST be unique within an | ||||
administrative domain. | ||||
4.2. Discriminator Pools | 4.2. Discriminator Pools | |||
This subsection describes a discriminator pool implementation | This subsection describes a discriminator pool implementation | |||
technique to minimize S-BFD discriminator collisions. The result | technique to minimize S-BFD discriminator collisions. The result | |||
will allow an implementation to better satisfy the S-BFD | will allow an implementation to better satisfy the S-BFD | |||
discriminator uniqueness requirement defined in Section 4.1. | discriminator uniqueness requirement defined in Section 4.1. | |||
o SBFDInitiator is to allocate a discriminator from the BFD | o SBFDInitiator is to allocate a discriminator from the BFD | |||
discriminator pool. If the system also supports classical BFD | discriminator pool. If the system also supports classical BFD | |||
skipping to change at page 7, line 46 | skipping to change at page 7, line 47 | |||
6. State Variables | 6. State Variables | |||
S-BFD introduces new state variables, and modifies the usage of | S-BFD introduces new state variables, and modifies the usage of | |||
existing ones. | existing ones. | |||
6.1. New State Variables | 6.1. New State Variables | |||
A new state variable is added to the base specification in support of | A new state variable is added to the base specification in support of | |||
S-BFD. | S-BFD. | |||
o bfd.SessionType: This is a variable introduced by | o bfd.SessionType: This is a variable introduced her and used by | |||
[I-D.ietf-bfd-multipoint] and describes the type of this session. | [I-D.ietf-bfd-multipoint], and describes the type of this session. | |||
Allowable values for S-BFD sessions are: | Allowable values for S-BFD sessions are: | |||
* SBFDInitiator - an S-BFD session on a network node that | * SBFDInitiator - an S-BFD session on a network node that | |||
performs a continuity test to a target entity by sending S-BFD | performs a continuity test to a target entity by sending S-BFD | |||
packets. | packets. | |||
* SBFDReflector - an S-BFD session on a network node that listens | * SBFDReflector - an S-BFD session on a network node that listens | |||
for incoming S-BFD control packets to local entities and | for incoming S-BFD control packets to local entities and | |||
generates response S-BFD control packets. | generates response S-BFD control packets. | |||
bfd.SessionType variable MUST be initialized to the appropriate type | bfd.SessionType variable MUST be initialized to the appropriate type | |||
when an S-BFD session is created. | when an S-BFD session is created. | |||
6.2. State Variable Initialization and Maintenance | 6.2. State Variable Initialization and Maintenance | |||
Some state variables defined in section 6.8.1 of the BFD base | A state variable defined in Section 6.8.1 of [RFC5880] need to be | |||
specification need to be initialized or manipulated differently | initialized or manipulated differently depending on the session type. | |||
depending on the session type. | ||||
o bfd.DemandMode: This variable MUST be initialized to 1 for session | o bfd.DemandMode: This variable MUST be initialized to 1 for session | |||
type SBFDInitiator, and MUST be initialized to 0 for session type | type SBFDInitiator, and MUST be initialized to 0 for session type | |||
SBFDReflector. | SBFDReflector. | |||
7. S-BFD Procedures | 7. S-BFD Procedures | |||
7.1. Demultiplexing of S-BFD Control Packet | 7.1. Demultiplexing of S-BFD Control Packet | |||
S-BFD packet MUST be demultiplexed with lower layer information | S-BFD packet MUST be demultiplexed with lower layer information | |||
skipping to change at page 8, line 49 | skipping to change at page 8, line 48 | |||
Packet MUST be looked up to locate a corresponding | Packet MUST be looked up to locate a corresponding | |||
SBFDReflector session based on the value from the "your | SBFDReflector session based on the value from the "your | |||
discriminator" field in the table describing S-BFD | discriminator" field in the table describing S-BFD | |||
discriminators. | discriminators. | |||
Else | Else | |||
Packet MUST be looked up to locate a corresponding | Packet MUST be looked up to locate a corresponding | |||
SBFDInitiator session or classical BFD session based on the | SBFDInitiator session or classical BFD session based on the | |||
value from the "your discriminator" field in the table | value from the "your discriminator" field in the table | |||
describing BFD discriminators. | describing BFD discriminators. If no match then received | |||
packet MUST be discarded. | ||||
If session is SBFDInitiator | If session is SBFDInitiator | |||
Destination of the packet (i.e., destination IP address) | Destination of the packet (i.e., destination IP address) | |||
SHOULD be validated to be for self. | SHOULD be validated to be for self. | |||
Else | Else | |||
Packet MUST be discarded | Packet MUST be discarded | |||
Else | Else | |||
Procedure described in [RFC5880] MUST be applied. | Procedure described in [RFC5880] MUST be applied. | |||
More details on S-BFD control packet demultiplexing are described in | More details on S-BFD control packet demultiplexing are described in | |||
relevant S-BFD data plane documents. | relevant S-BFD data plane documents. | |||
7.2. Initiator Procedures | 7.2. Responder Procedures | |||
A network node which receives S-BFD control packets transmitted by an | ||||
initiator is referred as responder. The responder, upon reception of | ||||
S-BFD control packets, is to perform necessary relevant validations | ||||
described in [RFC5880]. | ||||
7.2.1. Responder Demultiplexing | ||||
S-BFD packet MUST be demultiplexed with lower layer information | ||||
(e.g., dedicated destination UDP port, associated channel type). | ||||
Following procedure SHOULD be executed by responder: | ||||
If "your discriminator" not one of the entry allocated for local | ||||
entities | ||||
Packet MUST be discarded. | ||||
Else | ||||
Packet is determined to be handled by a reflector BFD session | ||||
responsible for that S-BFD discriminator. | ||||
If local policy allows (e.g., administrative, security, rate- | ||||
limiter, etc) | ||||
Chosen reflector BFD session SHOULD transmit a response BFD | ||||
control packet using procedures described in Section 7.3.2. | ||||
7.2.2. Transmission of S-BFD Control Packet by SBFDReflector | ||||
Contents of S-BFD control packets sent by an SBFDReflector MUST be | ||||
set as per Section 6.8.7 of [RFC5880]. There are few fields which | ||||
needs to be set differently from [RFC5880] as follows: | ||||
State (Sta) | ||||
Set to bfd.SessionState (either UP or ADMINDOWN only). | ||||
Clarification of reflector BFD session state is described in | ||||
Section 7.2.3. | ||||
Demand (D) | ||||
Set to 0. | ||||
Detect Mult | ||||
Value to be copied from "Detection Multiplier" filed of | ||||
received BFD packet. | ||||
My Discriminator | ||||
Value be copied from "your discriminator" filed of received BFD | ||||
packet. | ||||
Your Discriminator | ||||
Value be copied from "my discriminator" filed of received BFD | ||||
packet. | ||||
Desired Min TX Interval | ||||
Value be copied from "Desired Min TX Interval" filed of | ||||
received BFD packet. | ||||
Required Min RX Interval | ||||
Set to a bfd.RequiredMinRxInterval, value describing minimum | ||||
interval, in microseconds between received SBFD Control | ||||
packets. Further details are described in Section 7.2.3. | ||||
Required Min Echo RX Interval | ||||
If device supports looping back S-BFD echo packets | ||||
Set to the minimum required Echo packet receive interval for | ||||
this session. | ||||
Else | ||||
Set to 0. | ||||
7.2.3. Additional SBFDReflector Behaviors | ||||
o S-BFD control packets transmitted by the SBFDReflector MUST have | ||||
"Required Min RX Interval" set to a value which expresses, in | ||||
microseconds, the minimum interval between incoming S-BFD control | ||||
packets this SBFDReflector can handle. The SBFDReflector can | ||||
control how fast SBFInitiators will be sending S-BFD control | ||||
packets to self by ensuring "Required Min RX Interval" indicates a | ||||
value based on the current load. | ||||
o If the SBFDReflector wishes to communicate to some or all | ||||
SBFDInitiators that monitored local entity is "temporarily out of | ||||
service", then S-BFD control packets with "state" set to ADMINDOWN | ||||
are sent to those SBFDInitiators. The SBFDInitiators, upon | ||||
reception of such packets, MUST NOT conclude loss of reachability | ||||
to corresponding remote entity, and MUST back off packet | ||||
transmission interval for the remote entity to an interval no | ||||
faster than 1 second. If the SBFDReflector is generating a | ||||
response S-BFD control packet for a local entity that is in | ||||
service, then "state" in response BFD control packets MUST be set | ||||
to UP. | ||||
o If an SBFDReflector receives an S-BFD control packet with Demand | ||||
(D) bit cleared, the packet MUST be discarded. | ||||
7.3. Initiator Procedures | ||||
S-BFD control packets transmitted by an SBFDInitiator MUST set "your | S-BFD control packets transmitted by an SBFDInitiator MUST set "your | |||
discriminator" field to an S-BFD discriminator corresponding to the | discriminator" field to an S-BFD discriminator corresponding to the | |||
remote entity. | remote entity. | |||
Every SBFDInitiator MUST have a locally unique "my discriminator" | Every SBFDInitiator MUST have a locally unique "my discriminator" | |||
allocated from the BFD discriminator pool. | allocated from the BFD discriminator pool. | |||
Below ASCII art describes high level concept of continuity test using | Below Figure 3 art describes high level concept of continuity test | |||
S-BFD. R2 allocates XX as the S-BFD discriminator for its network | using S-BFD. R2 allocates XX as the S-BFD discriminator for its | |||
reachability purpose, and advertises XX to neighbors. ASCII art | network reachability purpose, and advertises XX to neighbors. ASCII | |||
shows R1 and R4 performing a continuity test to R2. | art shows R1 and R4 performing a continuity test to R2. | |||
+--- md=50/yd=XX (ping) ----+ | +--- md=50/yd=XX (ping) ----+ | |||
| | | | | | |||
|+-- md=XX/yd=50 (pong) --+ | | |+-- md=XX/yd=50 (pong) --+ | | |||
|| | | | || | | | |||
|v | v | |v | v | |||
R1 ==================== R2[*] ========= R3 ========= R4 | R1 ==================== R2[*] ========= R3 ========= R4 | |||
| ^ |^ | | ^ |^ | |||
| | || | | | || | |||
| +-- md=60/yd=XX (ping) --+| | | +-- md=60/yd=XX (ping) --+| | |||
| | | | | | |||
+---- md=XX/yd=60 (pong) ---+ | +---- md=XX/yd=60 (pong) ---+ | |||
[*] Reflector BFD session on R2. | [*] Reflector BFD session on R2. | |||
=== Links connecting network nodes. | === Links connecting network nodes. | |||
--- S-BFD control packet traversal. | --- S-BFD control packet traversal. | |||
Figure 3: S-BFD Continuity Test | Figure 3: S-BFD Continuity Test | |||
7.2.1. SBFDInitiator State Machine | 7.3.1. SBFDInitiator State Machine | |||
An SBFDInitiator may be a persistent session on the initiator with a | An SBFDInitiator may be a persistent session on the initiator with a | |||
timer for S-BFD control packet transmissions (stateful | timer for S-BFD control packet transmissions (stateful | |||
SBFDInitiator). An SBFDInitiator may also be a module, a script or a | SBFDInitiator). An SBFDInitiator may also be a module, a script or a | |||
tool on the initiator that transmits one or more S-BFD control | tool on the initiator that transmits one or more S-BFD control | |||
packets "when needed" (stateless SBFDInitiator). For stateless | packets "when needed" (stateless SBFDInitiator). For stateless | |||
SBFDInitiators, a complete BFD state machine may not be applicable. | SBFDInitiators, a complete BFD state machine may not be applicable. | |||
For stateful SBFDInitiators, the states and the state machine | For stateful SBFDInitiators, the states and the state machine | |||
described in [RFC5880] will not function due to SBFDReflector session | described in [RFC5880] will not function due to SBFDReflector session | |||
only sending UP and ADMINDOWN states (i.e., SBFDReflector session | only sending UP and ADMINDOWN states (i.e., SBFDReflector session | |||
skipping to change at page 10, line 42 | skipping to change at page 13, line 13 | |||
Figure 4: SBFDInitiator FSM | Figure 4: SBFDInitiator FSM | |||
Note that the above state machine is different from the base BFD | Note that the above state machine is different from the base BFD | |||
specification[RFC5880]. This is because the INIT state is no longer | specification[RFC5880]. This is because the INIT state is no longer | |||
applicable for the SBFDInitiator. Another important difference is | applicable for the SBFDInitiator. Another important difference is | |||
the transition of the state machine from the DOWN state to the UP | the transition of the state machine from the DOWN state to the UP | |||
state when a packet with State UP is received by the SBFDInitiator. | state when a packet with State UP is received by the SBFDInitiator. | |||
The definitions of the states and the events have the same meaning as | The definitions of the states and the events have the same meaning as | |||
in the base BFD specification [RFC5880]. | in the base BFD specification [RFC5880]. | |||
7.2.2. Transmission of S-BFD Control Packet by SBFDInitiator | 7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator | |||
Contents of S-BFD control packets sent by an SBFDInitiator MUST be | Contents of S-BFD control packets sent by an SBFDInitiator MUST be | |||
set as follows: | set as per Section 6.8.7 of [RFC5880]. There are few fields which | |||
needs to be set differently from [RFC5880] as follows: | ||||
Version | ||||
Set to the current version number (1). | ||||
Diagnostic (Diag) | ||||
MAY be set to appropriate value for communicating with peer. | ||||
State (Sta) | ||||
Set to the value indicated by local state. | ||||
Poll (P) | ||||
Set to 1 if the local system is sending a Poll Sequence. | ||||
Final (F) | ||||
Set to 1 if the local system is responding to a Control packet | ||||
received with the Poll (P) bit set, or 0 if not. | ||||
Control Plane Independent (C) | ||||
Set to 1 if the local system's BFD implementation is | ||||
independent of the control plane (it can continue to function | ||||
through a disruption of the control plane.) | ||||
Authentication Present (A) | ||||
Set to 1 if authentication is in use on this session | ||||
(bfd.AuthType is nonzero), or 0 if not. | ||||
Demand (D) | ||||
MUST be set always. | ||||
Multipoint (M) | ||||
MUST be set to 0. | ||||
Detect Mult | ||||
MUST be set to a value describing locally used multiplier | ||||
value. | ||||
Length | ||||
Set to the appropriate length, based on the fixed header length | ||||
(24) plus any Authentication Section. | ||||
My Discriminator | ||||
Set to value assigned by local node. | ||||
Your Discriminator | ||||
Set to value corresponding to remote entity. | ||||
Desired Min TX Interval | ||||
MUST be set to a value describing local desired minimum | ||||
transmit interval. | ||||
Required Min RX Interval | ||||
MUST be set to 0. | ||||
Required Min Echo RX Interval | ||||
MUST be set to 0. | ||||
7.3. Responder Procedures | ||||
A network node which receives S-BFD control packets transmitted by an | ||||
initiator is referred as responder. The responder, upon reception of | ||||
S-BFD control packets, is to perform necessary relevant validations | ||||
described in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and | ||||
[RFC5885]. | ||||
7.3.1. Responder Demultiplexing | ||||
S-BFD packet MUST be demultiplexed with lower layer information | ||||
(e.g., dedicated destination UDP port, associated channel type). | ||||
Following procedure SHOULD be executed by responder: | ||||
If "your discriminator" not one of the entry allocated for local | ||||
entities | ||||
Packet MUST NOT be considered for this mechanism. | ||||
Else | ||||
Packet is determined to be handled by a reflector BFD session | ||||
responsible for that S-BFD discriminator. | ||||
If local policy allows (e.g., administrative, security, rate- | ||||
limiter, etc) | ||||
Chosen reflector BFD session SHOULD transmit a response BFD | ||||
control packet using procedures described in Section 7.3.2. | ||||
7.3.2. Transmission of S-BFD Control Packet by SBFDReflector | ||||
Contents of S-BFD control packets sent by an SBFDReflector MUST be | ||||
set as follows: | ||||
Version | ||||
Set to the current version number (1). | ||||
Diagnostic (Diag) | ||||
MAY be set to appropriate value for communicating with peer. | ||||
State (Sta) | ||||
MUST be set to UP or ADMINDOWN. Clarification of reflector BFD | ||||
session state is described in Section 7.8. | ||||
Poll (P) | ||||
Set to 1 if the local system is sending a Poll Sequence, or 0 | ||||
if not. | ||||
Final (F) | ||||
Set to 1 if the local system is responding to a Control packet | ||||
received with the Poll (P) bit set, or 0 if not. | ||||
Control Plane Independent (C) | ||||
Set to 1 if the local system's BFD implementation is | ||||
independent of the control plane (it can continue to function | ||||
through a disruption of the control plane.) | ||||
Authentication Present (A) | ||||
Set to 1 if authentication is in use on this session | ||||
(bfd.AuthType is nonzero), or 0 if not. | ||||
Demand (D) | Demand (D) | |||
MUST be cleared. | D bit is used to identify S-BFD packet originated from | |||
SBFDInitiator and is always set to 1. | ||||
Multipoint (M) | ||||
MUST be set to 0. | ||||
Detect Mult | ||||
MUST be copied from received "Detection Multiplier". | ||||
Length | ||||
Set to the appropriate length, based on the fixed header length | ||||
(24) plus any Authentication Section. | ||||
My Discriminator | ||||
MUST be copied from received "your discriminator". | ||||
Your Discriminator | Your Discriminator | |||
MUST be copied from received "my discriminator". | Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to discriminator | |||
value of remote entity. It MAY be learnt from routing | ||||
Desired Min TX Interval | protocols or configured locally. | |||
MUST be copied from received "Desired Min TX Interval". | ||||
Required Min RX Interval | Required Min RX Interval | |||
MUST be set to a value describing how many incoming control | Set to 0. | |||
packets this reflector BFD session can handle. Further details | ||||
are described in Section 7.8. | ||||
Required Min Echo RX Interval | Required Min Echo RX Interval | |||
If device supports looping back S-BFD echo packets | Set to 0. | |||
MUST set non-zero value desired by local device. | ||||
Else | ||||
MUST be set to 0. | ||||
7.4. Diagnostic Values | ||||
Diagnostic value in both directions MAY be set to a certain value, to | ||||
attempt to communicate further information to both ends. However, | ||||
details of such are outside the scope of this specification. | ||||
7.5. The Poll Sequence | ||||
Poll sequence MAY be used in both directions. The Poll sequence MUST | ||||
operate in accordance with [RFC5880]. An SBFDReflector MAY use the | ||||
Poll sequence to slow down that rate at which S-BFD control packets | ||||
are generated from an SBFDInitiator. This is done by the | ||||
SBFDReflector using procedures described in Section 7.8 and setting | ||||
the Poll (P) bit in the reflected S-BFD control packet. The | ||||
SBFDInitiator is to then send the next S-BFD control packet with the | ||||
Final (F) bit set. If an SBFDReflector receives an S-BFD control | ||||
packet with Poll (P) bit set, then the SBFDReflector MUST respond | ||||
with an S-BFD control packet with Poll (P) bit cleared and Final (F) | ||||
bit set. | ||||
7.6. Control Plane Independent (C) | ||||
Control plane independent (C) bit for an SBFDInitiator sending S-BFD | ||||
control packets to a reflector BFD session MUST work according to | ||||
[RFC5880]. Reflector BFD session also MUST work according to | ||||
[RFC5880]. Specifically, if reflector BFD session implementation | ||||
does not share fate with control plane, then response S-BFD control | ||||
packets transmitted MUST have control plane independent (C) bit set. | ||||
If reflector BFD session implementation shares fate with control | ||||
plane, then response S-BFD control packets transmitted MUST NOT have | ||||
control plane independent (C) bit set. | ||||
7.7. Additional SBFDInitiator Behaviors | 7.3.3. Additional SBFDInitiator Behaviors | |||
o If the SBFDInitiator receives a valid S-BFD control packet in | o If the SBFDInitiator receives a valid S-BFD control packet in | |||
response to transmitted S-BFD control packet to a remote entity, | response to transmitted S-BFD control packet to a remote entity, | |||
then the SBFDInitiator SHOULD conclude that S-BFD control packet | then the SBFDInitiator SHOULD conclude that S-BFD control packet | |||
reached the intended remote entity. | reached the intended remote entity. | |||
o When a sufficient number of S-BFD packets have not arrived as they | o When a sufficient number of S-BFD packets have not arrived as they | |||
should, the SBFDInitiator SHOULD declare loss of reachability to | should, the SBFDInitiator SHOULD declare loss of reachability to | |||
the remote entity. The criteria for declaring loss of | the remote entity. The criteria for declaring loss of | |||
reachability and the action that would be triggered as a result | reachability and the action that would be triggered as a result | |||
skipping to change at page 15, line 47 | skipping to change at page 14, line 13 | |||
implementation to understand the latency to/from the reflector BFD | implementation to understand the latency to/from the reflector BFD | |||
session on the responder. In other words, for very first S-BFD | session on the responder. In other words, for very first S-BFD | |||
packet transmitted by the SBFDInitiator, an implementation MUST | packet transmitted by the SBFDInitiator, an implementation MUST | |||
NOT expect response S-BFD packet to be received for time | NOT expect response S-BFD packet to be received for time | |||
equivalent to sum of latencies: initiator to responder and | equivalent to sum of latencies: initiator to responder and | |||
responder back to initiator. | responder back to initiator. | |||
o If the SBFDInitiator receives an S-BFD control packet with Demand | o If the SBFDInitiator receives an S-BFD control packet with Demand | |||
(D) bit set, the packet MUST be discarded. | (D) bit set, the packet MUST be discarded. | |||
7.8. Additional SBFDReflector Behaviors | 7.4. Diagnostic Values | |||
o S-BFD control packets transmitted by the SBFDReflector MUST have | Diagnostic value in both directions MAY be set to a certain value, to | |||
"Required Min RX Interval" set to a value which expresses how many | attempt to communicate further information to both ends. | |||
incoming S-BFD control packets this SBFDReflector can handle. The | Implementation MAY use already existing diagnostic values defined in | |||
SBFDReflector can control how fast SBFInitiators will be sending | Section 4.1 of [RFC5880]. However, details of such are outside the | |||
S-BFD control packets to self by ensuring "Required Min RX | scope of this specification. | |||
Interval" indicates a value based on the current load. | ||||
o If the SBFDReflector wishes to communicate to some or all | 7.5. The Poll Sequence | |||
SBFDInitiators that monitored local entity is "temporarily out of | ||||
service", then S-BFD control packets with "state" set to ADMINDOWN | ||||
are sent to those SBFDInitiators. The SBFDInitiators, upon | ||||
reception of such packets, MUST NOT conclude loss of reachability | ||||
to corresponding remote entity, and MUST back off packet | ||||
transmission interval for the remote entity to an interval no | ||||
faster than 1 second. If the SBFDReflector is generating a | ||||
response S-BFD control packet for a local entity that is in | ||||
service, then "state" in response BFD control packets MUST be set | ||||
to UP. | ||||
o If an SBFDReflector receives an S-BFD control packet with Demand | Poll sequence MAY be used in both directions. The Poll sequence MUST | |||
(D) bit cleared, the packet MUST be discarded. | operate in accordance with [RFC5880]. An SBFDReflector MAY use the | |||
Poll sequence to slow down that rate at which S-BFD control packets | ||||
are generated from an SBFDInitiator. This is done by the | ||||
SBFDReflector using procedures described in Section 7.2.3 and setting | ||||
the Poll (P) bit in the reflected S-BFD control packet. The | ||||
SBFDInitiator is to then send the next S-BFD control packet with the | ||||
Final (F) bit set. If an SBFDReflector receives an S-BFD control | ||||
packet with Poll (P) bit set, then the SBFDReflector MUST respond | ||||
with an S-BFD control packet with Poll (P) bit cleared and Final (F) | ||||
bit set. | ||||
8. Scaling Aspect | 8. Scaling Aspect | |||
This mechanism brings forth one noticeable difference in terms of | This mechanism brings forth one noticeable difference in terms of | |||
scaling aspect: number of SBFDReflector. This specification | scaling aspect: number of SBFDReflector. This specification | |||
eliminates the need for egress nodes to have fully active BFD | eliminates the need for egress nodes to have fully active BFD | |||
sessions when only one side desires to perform continuity tests. | sessions when only one side desires to perform continuity tests. | |||
With introduction of reflector BFD concept, egress no longer is | With introduction of reflector BFD concept, egress no longer is | |||
required to create any active BFD session per path/LSP/function | required to create any active BFD session per path/LSP/function | |||
basis. Due to this, total number of BFD sessions in a network is | basis. Due to this, total number of BFD sessions in a network is | |||
skipping to change at page 17, line 20 | skipping to change at page 15, line 33 | |||
behind this suggestion: | behind this suggestion: | |||
o S-BFD control packets can verify the reachability to intended | o S-BFD control packets can verify the reachability to intended | |||
target node, which allows one to have confidence that S-BFD echo | target node, which allows one to have confidence that S-BFD echo | |||
packets are u-turning on the expected target node. | packets are u-turning on the expected target node. | |||
o S-BFD control packets can detect when the target node is going out | o S-BFD control packets can detect when the target node is going out | |||
of service (i.e., via receiving back ADMINDOWN state). | of service (i.e., via receiving back ADMINDOWN state). | |||
The usage of the "Required Min Echo RX Interval" field is described | The usage of the "Required Min Echo RX Interval" field is described | |||
in Section 7.2.2 and Section 7.3.2. Because of the stateless nature | in Section 7.3.2 and Section 7.2.2. Because of the stateless nature | |||
of SBFDReflector sessions, a value specified the "Required Min Echo | of SBFDReflector sessions, a value specified the "Required Min Echo | |||
RX Interval" field in both directions is not very meaningful. Thus | RX Interval" field is not very meaningful at SBFDReflector. Thus it | |||
it is RECOMMENDED that the "Required Min Echo RX Interval" field | is RECOMMENDED that the "Required Min Echo RX Interval" field simply | |||
simply be set to zero in both directions. | be set to zero from SBFDInitiator. SBFDReflector MAY set to | |||
appropriate value to control the rate at which it wants to receives | ||||
SBFD echo packets. | ||||
Following aspects of S-BFD Echo functions are left as implementation | Following aspects of S-BFD Echo functions are left as implementation | |||
details, and are outside the scope of this document: | details, and are outside the scope of this document: | |||
o Format of the S-BFD echo packet (e.g., data beyond UDP header). | o Format of the S-BFD echo packet (e.g., data beyond UDP header). | |||
o Procedures on when and how to use the S-BFD Echo function. | o Procedures on when and how to use the S-BFD Echo function. | |||
11. Security Considerations | 11. Security Considerations | |||
Same security considerations as [RFC5880], [RFC5881], [RFC5883], | Same security considerations as [RFC5880] apply to this document. | |||
[RFC5884] and [RFC5885] apply to this document. Additionally, | Additionally, implementing the following measures will strengthen | |||
implementing the following measures will strengthen security aspects | security aspects of the mechanism described by this document: | |||
of the mechanism described by this document: | ||||
o SBFDInitiator MAY pick crypto sequence number based on | o SBFDInitiator MAY pick a sequence number to be set in "sequence | |||
authentication mode configured. | Number" in authentication section based on authentication mode | |||
configured. | ||||
o SBFDReflector MUST NOT look at the crypto sequence number before | o SBFDReflector MUST NOT look at the crypto sequence number before | |||
accepting the packet. | accepting the packet. | |||
o SBFDReflector MAY look at the Key ID | o SBFDReflector MAY look at the Auth Key ID in the incoming packet | |||
[I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and | and verify the authentication data. | |||
verify the authentication data. | ||||
o SBFDReflector MUST accept the packet if authentication is | o SBFDReflector MUST accept the packet if authentication is | |||
successful. | successful. | |||
o SBFDReflector MUST compute the Authentication data and MUST use | o SBFDReflector MUST compute the Authentication data and MUST use | |||
the same sequence number that it received in the S-BFD control | the same sequence number that it received in the S-BFD control | |||
packet that it is responding to. | packet that it is responding to. | |||
o SBFDInitiator MUST accept the S-BFD control packet if it either | o SBFDInitiator SHOULD accept S-BFD control packet with sequence | |||
comes with the same sequence number as it had sent or it's within | number within permissible window. One potential approach is the | |||
the window that it finds acceptable (described in detail in | procedure explained in [I-D.ietf-bfd-generic-crypto-auth]. | |||
[I-D.ietf-bfd-generic-crypto-auth]) | ||||
Using the above method, | Using the above method, | |||
o SBFDReflector continue to remain stateless despite using security. | o SBFDReflector continue to remain stateless despite using security. | |||
o SBFDReflector are not susceptible to replay attacks as they always | o SBFDReflector are not susceptible to replay attacks as they always | |||
respond to S-BFD control packets irrespective of the sequence | respond to S-BFD control packets irrespective of the sequence | |||
number carried. | number carried. | |||
o An attacker cannot impersonate the responder since the | o An attacker cannot impersonate the responder since the | |||
SBFDInitiator will only accept S-BFD control packets that come | SBFDInitiator will only accept S-BFD control packets that come | |||
with the sequence number that it had originally used when sending | with the sequence number that it had originally used when sending | |||
the S-BFD control packet. | the S-BFD control packet. | |||
Considerations about loop problems are covered in Appendix A. | ||||
12. IANA Considerations | 12. IANA Considerations | |||
No action is required by IANA for this document. | No action is required by IANA for this document. | |||
13. Acknowledgements | 13. Acknowledgements | |||
Authors would like to thank Jeffrey Haas, Greg Mirsky and Marc | Authors would like to thank Jeffrey Haas, Greg Mirsky, Marc | |||
Binderberger for performing thorough reviews and providing number of | Binderberger, and Alvaro Retana for performing thorough reviews and | |||
suggestions. Authors would like to thank Girija Raghavendra Rao, Les | providing number of suggestions. Authors would like to thank Girija | |||
Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad | Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam | |||
Govindan from Cisco Systems for providing valuable comments. Authors | and Vengada Prasad Govindan from Cisco Systems for providing valuable | |||
would also like to thank John E. Drake and Pablo Frank for providing | comments. Authors would also like to thank John E. Drake and Pablo | |||
comments and suggestions. | Frank for providing comments and suggestions. | |||
14. Contributing Authors | 14. Contributing Authors | |||
Tarek Saad | Tarek Saad | |||
Cisco Systems | Cisco Systems | |||
Email: tsaad@cisco.com | Email: tsaad@cisco.com | |||
Siva Sivabalan | Siva Sivabalan | |||
Cisco Systems | Cisco Systems | |||
Email: msiva@cisco.com | Email: msiva@cisco.com | |||
skipping to change at page 19, line 19 | skipping to change at page 17, line 34 | |||
Sam Aldrin | Sam Aldrin | |||
Email: aldrin.ietf@gmail.com | Email: aldrin.ietf@gmail.com | |||
15. References | 15. References | |||
15.1. Normative References | 15.1. Normative References | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | ||||
<http://www.rfc-editor.org/info/rfc2119>. | ||||
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
(BFD)", RFC 5880, June 2010. | (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | |||
<http://www.rfc-editor.org/info/rfc5880>. | ||||
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | ||||
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June | ||||
2010. | ||||
[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | ||||
(BFD) for Multihop Paths", RFC 5883, June 2010. | ||||
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, | ||||
"Bidirectional Forwarding Detection (BFD) for MPLS Label | ||||
Switched Paths (LSPs)", RFC 5884, June 2010. | ||||
15.2. Informative References | 15.2. Informative References | |||
[I-D.ietf-bfd-generic-crypto-auth] | [I-D.ietf-bfd-generic-crypto-auth] | |||
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, | Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, | |||
"BFD Generic Cryptographic Authentication", draft-ietf- | "BFD Generic Cryptographic Authentication", draft-ietf- | |||
bfd-generic-crypto-auth-06 (work in progress), April 2014. | bfd-generic-crypto-auth-06 (work in progress), April 2014. | |||
[I-D.ietf-bfd-multipoint] | [I-D.ietf-bfd-multipoint] | |||
Katz, D., Ward, D., and J. Networks, "BFD for Multipoint | Katz, D., Ward, D., and J. Networks, "BFD for Multipoint | |||
Networks", draft-ietf-bfd-multipoint-06 (work in | Networks", draft-ietf-bfd-multipoint-07 (work in | |||
progress), May 2015. | progress), August 2015. | |||
[I-D.ietf-bfd-seamless-use-case] | [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, | |||
Bhatia, M., Matsushima, S., Mirsky, G., and N. Kumar, | DOI 10.17487/RFC0791, September 1981, | |||
"Seamless Bidirectional Forwarding Detection (BFD) Use | <http://www.rfc-editor.org/info/rfc791>. | |||
Case", draft-ietf-bfd-seamless-use-case-02 (work in | ||||
progress), April 2015. | ||||
[RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding | [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 | |||
Detection (BFD) for the Pseudowire Virtual Circuit | (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, | |||
Connectivity Verification (VCCV)", RFC 5885, June 2010. | December 1998, <http://www.rfc-editor.org/info/rfc2460>. | |||
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol | ||||
Label Switching Architecture", RFC 3031, | ||||
DOI 10.17487/RFC3031, January 2001, | ||||
<http://www.rfc-editor.org/info/rfc3031>. | ||||
Appendix A. Loop Problem | Appendix A. Loop Problem | |||
Consider a scenario where we have two nodes and both are S-BFD | Consider a scenario where we have two nodes and both are S-BFD | |||
capable. | capable. | |||
Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2) | Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2) | |||
| | | | |||
| | | | |||
Man in the Middle (MiM) | Man in the Middle (MiM) | |||
skipping to change at page 20, line 34 | skipping to change at page 18, line 48 | |||
Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc | Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc | |||
= 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When | = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When | |||
this packet reaches Node B, the reflector session on Node B will swap | this packet reaches Node B, the reflector session on Node B will swap | |||
the discriminators and IP addresses of the received packet and | the discriminators and IP addresses of the received packet and | |||
reflect it back, since YourDisc of the received packet matched with | reflect it back, since YourDisc of the received packet matched with | |||
reserved discriminator of Node B. The reflected packet that reached | reserved discriminator of Node B. The reflected packet that reached | |||
Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since | Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since | |||
YourDisc of the received packet matched the reserved discriminator of | YourDisc of the received packet matched the reserved discriminator of | |||
Node A, Node A will swap the discriminators and reflects the packet | Node A, Node A will swap the discriminators and reflects the packet | |||
back to Node B. Since reflectors MUST set the TTL of the reflected | back to Node B. Since reflectors must set the TTL of the reflected | |||
packets to 255, the above scenario will result in an infinite loop | packets to 255, the above scenario will result in an infinite loop | |||
with just one malicious packet injected from MiM. | with just one malicious packet injected from MiM. | |||
FYI: Packet fields do not carry any direction information, i.e., if | FYI: Packet fields do not carry any direction information, i.e., if | |||
this is Ping packet or reply packet. | this is Ping packet or reply packet. | |||
Solutions | Solutions | |||
The current proposals to avoid the loop problem are: | The current proposals to avoid the loop problem are: | |||
skipping to change at page 21, line 30 | skipping to change at page 20, line 4 | |||
Carlos Pignataro | Carlos Pignataro | |||
Cisco Systems | Cisco Systems | |||
Email: cpignata@cisco.com | Email: cpignata@cisco.com | |||
Dave Ward | Dave Ward | |||
Cisco Systems | Cisco Systems | |||
Email: wardd@cisco.com | Email: wardd@cisco.com | |||
Manav Bhatia | Manav Bhatia | |||
Ionos Networks | Ionos Networks | |||
Email: manav@ionosnetworks.com | Email: manav@ionosnetworks.com | |||
Santosh Pallagatti | Santosh Pallagatti | |||
Juniper Networks | ||||
Email: santoshpk@juniper.net | Email: santosh.pallagatti@gmail.com | |||
End of changes. 49 change blocks. | ||||
350 lines changed or deleted | 256 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |