--- 1/draft-ietf-bfd-seamless-base-05.txt 2016-02-09 12:21:29.006759328 -0800 +++ 2/draft-ietf-bfd-seamless-base-06.txt 2016-02-09 12:21:29.242765058 -0800 @@ -1,24 +1,23 @@ Internet Engineering Task Force N. Akiya Internet-Draft Big Switch Networks Updates: 5880 (if approved) C. Pignataro Intended status: Standards Track D. Ward -Expires: December 21, 2015 Cisco Systems +Expires: August 12, 2016 Cisco Systems M. Bhatia Ionos Networks S. Pallagatti - Juniper Networks - June 19, 2015 + February 9, 2016 Seamless Bidirectional Forwarding Detection (S-BFD) - draft-ietf-bfd-seamless-base-05 + draft-ietf-bfd-seamless-base-06 Abstract This document defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring. This document updates RFC5880. @@ -37,101 +36,110 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on December 21, 2015. + This Internet-Draft will expire on August 12, 2016. Copyright Notice - Copyright (c) 2015 IETF Trust and the persons identified as the + Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4 - 4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5 - 4.1. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 5 + 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 5 + 4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 6 + 4.1. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 6 4.2. Discriminator Pools . . . . . . . . . . . . . . . . . . . 6 5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 6. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 6.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 6.2. State Variable Initialization and Maintenance . . . . . . 8 7. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 8 7.1. Demultiplexing of S-BFD Control Packet . . . . . . . . . 8 - 7.2. Initiator Procedures . . . . . . . . . . . . . . . . . . 9 - 7.2.1. SBFDInitiator State Machine . . . . . . . . . . . . . 10 - 7.2.2. Transmission of S-BFD Control Packet by SBFDInitiator 10 - 7.3. Responder Procedures . . . . . . . . . . . . . . . . . . 12 - 7.3.1. Responder Demultiplexing . . . . . . . . . . . . . . 12 - 7.3.2. Transmission of S-BFD Control Packet by SBFDReflector 13 + 7.2. Responder Procedures . . . . . . . . . . . . . . . . . . 9 + 7.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 9 + 7.2.2. Transmission of S-BFD Control Packet by SBFDReflector 9 + 7.2.3. Additional SBFDReflector Behaviors . . . . . . . . . 11 + 7.3. Initiator Procedures . . . . . . . . . . . . . . . . . . 11 + 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 12 + 7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator 13 + 7.3.3. Additional SBFDInitiator Behaviors . . . . . . . . . 13 7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 14 7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 14 - 7.6. Control Plane Independent (C) . . . . . . . . . . . . . . 15 - 7.7. Additional SBFDInitiator Behaviors . . . . . . . . . . . 15 - 7.8. Additional SBFDReflector Behaviors . . . . . . . . . . . 15 - 8. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 16 - 9. Co-existence with Classical BFD Sessions . . . . . . . . . . 16 - 10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 16 - 11. Security Considerations . . . . . . . . . . . . . . . . . . . 17 - 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 - 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 - 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 18 - 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 - 15.1. Normative References . . . . . . . . . . . . . . . . . . 19 - 15.2. Informative References . . . . . . . . . . . . . . . . . 19 - Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 20 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 + 8. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 14 + 9. Co-existence with Classical BFD Sessions . . . . . . . . . . 14 + 10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 15 + 11. Security Considerations . . . . . . . . . . . . . . . . . . . 15 + 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 + 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 + 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 17 + 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 + 15.1. Normative References . . . . . . . . . . . . . . . . . . 17 + 15.2. Informative References . . . . . . . . . . . . . . . . . 17 + Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 18 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction Bidirectional Forwarding Detection (BFD), [RFC5880] and related documents, has efficiently generalized the failure detection mechanism for multiple protocols and applications. There are some improvements which can be made to better fit existing technologies. There is a possibility of evolving BFD to better fit new technologies. This document focuses on several aspects of BFD in order to further improve efficiency, to expand failure detection - coverage and to allow BFD usage for wider scenarios. This document - extends BFD to provide solutions to use cases listed in - [I-D.ietf-bfd-seamless-use-case]. + coverage and to allow BFD usage for wider scenarios. + + Specifically, this document defines Seamless Bidirectional Forwarding + Detection (S-BFD) a simplified mechanism to use Bidirectional + Forwarding Detection (BFD) with large portions of negotiation aspects + eliminated, thus providing benefits such as quick provisioning as + well as improved control and flexibility to network nodes initiating + the path monitoring. S-BFD enables cases benefiting from the use of + core BFD technologies in a fashion that leverages existing + implementations and protocol machinery while providing a rather + simplified and largely stateless infrastructure for continuity + testing. One key aspect of the mechanism described in this document eliminates the time between a network node wanting to perform a continuity test and completing the continuity test. In traditional BFD terms, the initial state changes from DOWN to UP are virtually nonexistent. Removal of this seam (i.e., time delay) in BFD provides applications a smooth and continuous operational experience. Therefore, "Seamless BFD" (S-BFD) has been chosen as the name for this mechanism. 2. Terminology - The reader is expected to be familiar with the BFD, IP and MPLS - terminologies and protocol constructs. This section describes - several new terminologies introduced by S-BFD. + The reader is expected to be familiar with the BFD [RFC5880], IP + [RFC0791] [RFC2460] and MPLS [RFC3031] terminologies and protocol + constructs. This section describes several new terminologies + introduced by S-BFD. o Classical BFD - BFD session types based on [RFC5880]. o S-BFD - Seamless BFD. o S-BFD control packet - a BFD control packet for the S-BFD mechanism. o S-BFD echo packet - a BFD echo packet for the S-BFD mechanism. @@ -180,81 +188,74 @@ Figure 1: S-BFD Terminology Relationship 3. Seamless BFD Overview An S-BFD module on each network node allocates one or more S-BFD discriminators for local entities, and creates a reflector BFD session. Allocated S-BFD discriminators may be advertised by applications (e.g., OSPF/IS-IS). Required result is that applications, on other network nodes, possess the knowledge of the - mapping from remote entities to S-BFD discriminators. The reflector - BFD session is to, upon receiving an S-BFD control packet targeted to - one of local S-BFD discriminator values, transmit a response S-BFD - control packet back to the initiator. + S-BFD discriminators allocated by a remote node to remote entities. + The reflector BFD session is to, upon receiving an S-BFD control + packet targeted to one of local S-BFD discriminator values, transmit + a response S-BFD control packet back to the initiator. - Once above setup is complete, any network nodes, having the knowledge - of the mapping from a remote entity to an S-BFD discriminator, can - quickly perform a continuity test to the remote entity by simply - sending S-BFD control packets with corresponding S-BFD discriminator - value in the "your discriminator" field. + Once above setup is complete, any network node, having the knowledge + of the S-BFD discriminator allocated toby a remote node to remote + entity/entities, it can quickly perform a continuity test to the + remote entity by simply sending S-BFD control packets with + corresponding S-BFD discriminator value in the "your discriminator" + field. For example: <------- IS-IS Network -------> +---------+ | | A---------B---------C---------D ^ ^ | | SystemID SystemID xxx yyy BFD Discrim BFD Discrim 123 456 Figure 2: S-BFD for IS-IS Network - The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator - 123, and advertises the S-BFD discriminator 123 in an IS-IS TLV. The - IS-IS with SystemID yyy (node D) allocates an S-BFD discriminator - 456, and advertises the S-BFD discriminator 456 in an IS-IS TLV. A + S-BFD module in a system IS-IS SystemID xxx (node A) allocates an + S-BFD discriminator 123, and IS-IS will advertises the S-BFD + discriminator 123 in an IS-IS TLV. S-BFD module in a system with IS- + IS SystemID yyy (node D) allocates an S-BFD discriminator 456, and + IS-IS advertises the S-BFD discriminator 456 in an IS-IS TLV. A reflector BFD session is created on both network nodes (node A and node D). When network node A wants to check the reachability to network node D, node A can send an S-BFD control packet, destined to node D, with "your discriminator" field set to 456. When the reflector BFD session on node D receives this S-BFD control packet, then response S-BFD control packet is sent back to node A, which allows node A to complete the continuity test. + The use of multiple S-BFD discriminators by a single network node is + outside the scope of this document. + 4. S-BFD Discriminators 4.1. S-BFD Discriminator Uniqueness One important characteristics of an S-BFD discriminator is that it MUST be unique within an administrative domain. If multiple network nodes allocated a same S-BFD discriminator value, then S-BFD control packets falsely terminating on a wrong network node can result in a reflector BFD session to generate a response back, due to "your - discriminator" matching. This is clearly not desirable. If only IP - based S-BFD is considered, then it is possible for the reflector BFD - session to require demultiplexing of incoming S-BFD control packets - with combination of destination IP address and "your discriminator". - Then S-BFD discriminator only has to be unique within a local node. - However, S-BFD is a generic mechanism defined to run on wide range of - environments: IP, MPLS, etc. For other transports like MPLS, because - of the need to use non-routable IP destination address, it is not - possible for reflector BFD session to demultiplex using IP - destination address. With PHP, there may not be any incoming label - stack to aid in demultiplexing either. Thus, S-BFD imposes a - requirement that S-BFD discriminators MUST be unique within an - administrative domain. + discriminator" matching. This is clearly not desirable. 4.2. Discriminator Pools This subsection describes a discriminator pool implementation technique to minimize S-BFD discriminator collisions. The result will allow an implementation to better satisfy the S-BFD discriminator uniqueness requirement defined in Section 4.1. o SBFDInitiator is to allocate a discriminator from the BFD discriminator pool. If the system also supports classical BFD @@ -319,40 +320,39 @@ 6. State Variables S-BFD introduces new state variables, and modifies the usage of existing ones. 6.1. New State Variables A new state variable is added to the base specification in support of S-BFD. - o bfd.SessionType: This is a variable introduced by - [I-D.ietf-bfd-multipoint] and describes the type of this session. + o bfd.SessionType: This is a variable introduced her and used by + [I-D.ietf-bfd-multipoint], and describes the type of this session. Allowable values for S-BFD sessions are: * SBFDInitiator - an S-BFD session on a network node that performs a continuity test to a target entity by sending S-BFD packets. * SBFDReflector - an S-BFD session on a network node that listens for incoming S-BFD control packets to local entities and generates response S-BFD control packets. bfd.SessionType variable MUST be initialized to the appropriate type when an S-BFD session is created. 6.2. State Variable Initialization and Maintenance - Some state variables defined in section 6.8.1 of the BFD base - specification need to be initialized or manipulated differently - depending on the session type. + A state variable defined in Section 6.8.1 of [RFC5880] need to be + initialized or manipulated differently depending on the session type. o bfd.DemandMode: This variable MUST be initialized to 1 for session type SBFDInitiator, and MUST be initialized to 0 for session type SBFDReflector. 7. S-BFD Procedures 7.1. Demultiplexing of S-BFD Control Packet S-BFD packet MUST be demultiplexed with lower layer information @@ -367,70 +367,178 @@ Packet MUST be looked up to locate a corresponding SBFDReflector session based on the value from the "your discriminator" field in the table describing S-BFD discriminators. Else Packet MUST be looked up to locate a corresponding SBFDInitiator session or classical BFD session based on the value from the "your discriminator" field in the table - describing BFD discriminators. + describing BFD discriminators. If no match then received + packet MUST be discarded. If session is SBFDInitiator Destination of the packet (i.e., destination IP address) SHOULD be validated to be for self. Else Packet MUST be discarded Else Procedure described in [RFC5880] MUST be applied. More details on S-BFD control packet demultiplexing are described in relevant S-BFD data plane documents. -7.2. Initiator Procedures +7.2. Responder Procedures + + A network node which receives S-BFD control packets transmitted by an + initiator is referred as responder. The responder, upon reception of + S-BFD control packets, is to perform necessary relevant validations + described in [RFC5880]. + +7.2.1. Responder Demultiplexing + + S-BFD packet MUST be demultiplexed with lower layer information + (e.g., dedicated destination UDP port, associated channel type). + Following procedure SHOULD be executed by responder: + + If "your discriminator" not one of the entry allocated for local + entities + + Packet MUST be discarded. + + Else + + Packet is determined to be handled by a reflector BFD session + responsible for that S-BFD discriminator. + + If local policy allows (e.g., administrative, security, rate- + limiter, etc) + + Chosen reflector BFD session SHOULD transmit a response BFD + control packet using procedures described in Section 7.3.2. + +7.2.2. Transmission of S-BFD Control Packet by SBFDReflector + + Contents of S-BFD control packets sent by an SBFDReflector MUST be + set as per Section 6.8.7 of [RFC5880]. There are few fields which + needs to be set differently from [RFC5880] as follows: + + State (Sta) + + Set to bfd.SessionState (either UP or ADMINDOWN only). + Clarification of reflector BFD session state is described in + Section 7.2.3. + + Demand (D) + + Set to 0. + + Detect Mult + + Value to be copied from "Detection Multiplier" filed of + received BFD packet. + + My Discriminator + + Value be copied from "your discriminator" filed of received BFD + packet. + + Your Discriminator + + Value be copied from "my discriminator" filed of received BFD + packet. + + Desired Min TX Interval + + Value be copied from "Desired Min TX Interval" filed of + received BFD packet. + + Required Min RX Interval + + Set to a bfd.RequiredMinRxInterval, value describing minimum + interval, in microseconds between received SBFD Control + packets. Further details are described in Section 7.2.3. + + Required Min Echo RX Interval + + If device supports looping back S-BFD echo packets + + Set to the minimum required Echo packet receive interval for + this session. + + Else + + Set to 0. + +7.2.3. Additional SBFDReflector Behaviors + + o S-BFD control packets transmitted by the SBFDReflector MUST have + "Required Min RX Interval" set to a value which expresses, in + microseconds, the minimum interval between incoming S-BFD control + packets this SBFDReflector can handle. The SBFDReflector can + control how fast SBFInitiators will be sending S-BFD control + packets to self by ensuring "Required Min RX Interval" indicates a + value based on the current load. + + o If the SBFDReflector wishes to communicate to some or all + SBFDInitiators that monitored local entity is "temporarily out of + service", then S-BFD control packets with "state" set to ADMINDOWN + are sent to those SBFDInitiators. The SBFDInitiators, upon + reception of such packets, MUST NOT conclude loss of reachability + to corresponding remote entity, and MUST back off packet + transmission interval for the remote entity to an interval no + faster than 1 second. If the SBFDReflector is generating a + response S-BFD control packet for a local entity that is in + service, then "state" in response BFD control packets MUST be set + to UP. + + o If an SBFDReflector receives an S-BFD control packet with Demand + (D) bit cleared, the packet MUST be discarded. + +7.3. Initiator Procedures S-BFD control packets transmitted by an SBFDInitiator MUST set "your discriminator" field to an S-BFD discriminator corresponding to the remote entity. Every SBFDInitiator MUST have a locally unique "my discriminator" allocated from the BFD discriminator pool. - Below ASCII art describes high level concept of continuity test using - S-BFD. R2 allocates XX as the S-BFD discriminator for its network - reachability purpose, and advertises XX to neighbors. ASCII art - shows R1 and R4 performing a continuity test to R2. + Below Figure 3 art describes high level concept of continuity test + using S-BFD. R2 allocates XX as the S-BFD discriminator for its + network reachability purpose, and advertises XX to neighbors. ASCII + art shows R1 and R4 performing a continuity test to R2. +--- md=50/yd=XX (ping) ----+ | | |+-- md=XX/yd=50 (pong) --+ | || | | |v | v R1 ==================== R2[*] ========= R3 ========= R4 | ^ |^ | | || | +-- md=60/yd=XX (ping) --+| | | +---- md=XX/yd=60 (pong) ---+ [*] Reflector BFD session on R2. === Links connecting network nodes. --- S-BFD control packet traversal. Figure 3: S-BFD Continuity Test -7.2.1. SBFDInitiator State Machine +7.3.1. SBFDInitiator State Machine An SBFDInitiator may be a persistent session on the initiator with a timer for S-BFD control packet transmissions (stateful SBFDInitiator). An SBFDInitiator may also be a module, a script or a tool on the initiator that transmits one or more S-BFD control packets "when needed" (stateless SBFDInitiator). For stateless SBFDInitiators, a complete BFD state machine may not be applicable. For stateful SBFDInitiators, the states and the state machine described in [RFC5880] will not function due to SBFDReflector session only sending UP and ADMINDOWN states (i.e., SBFDReflector session @@ -453,241 +561,46 @@ Figure 4: SBFDInitiator FSM Note that the above state machine is different from the base BFD specification[RFC5880]. This is because the INIT state is no longer applicable for the SBFDInitiator. Another important difference is the transition of the state machine from the DOWN state to the UP state when a packet with State UP is received by the SBFDInitiator. The definitions of the states and the events have the same meaning as in the base BFD specification [RFC5880]. -7.2.2. Transmission of S-BFD Control Packet by SBFDInitiator +7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator Contents of S-BFD control packets sent by an SBFDInitiator MUST be - set as follows: - - Version - - Set to the current version number (1). - - Diagnostic (Diag) - MAY be set to appropriate value for communicating with peer. - - State (Sta) - - Set to the value indicated by local state. - - Poll (P) - - Set to 1 if the local system is sending a Poll Sequence. - - Final (F) - - Set to 1 if the local system is responding to a Control packet - received with the Poll (P) bit set, or 0 if not. - - Control Plane Independent (C) - - Set to 1 if the local system's BFD implementation is - independent of the control plane (it can continue to function - through a disruption of the control plane.) - - Authentication Present (A) - - Set to 1 if authentication is in use on this session - (bfd.AuthType is nonzero), or 0 if not. - - Demand (D) - - MUST be set always. - - Multipoint (M) - - MUST be set to 0. - - Detect Mult - - MUST be set to a value describing locally used multiplier - value. - - Length - - Set to the appropriate length, based on the fixed header length - (24) plus any Authentication Section. - - My Discriminator - - Set to value assigned by local node. - - Your Discriminator - - Set to value corresponding to remote entity. - - Desired Min TX Interval - - MUST be set to a value describing local desired minimum - transmit interval. - - Required Min RX Interval - - MUST be set to 0. - - Required Min Echo RX Interval - - MUST be set to 0. - -7.3. Responder Procedures - - A network node which receives S-BFD control packets transmitted by an - initiator is referred as responder. The responder, upon reception of - S-BFD control packets, is to perform necessary relevant validations - described in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and - [RFC5885]. - -7.3.1. Responder Demultiplexing - - S-BFD packet MUST be demultiplexed with lower layer information - (e.g., dedicated destination UDP port, associated channel type). - Following procedure SHOULD be executed by responder: - - If "your discriminator" not one of the entry allocated for local - entities - - Packet MUST NOT be considered for this mechanism. - - Else - - Packet is determined to be handled by a reflector BFD session - responsible for that S-BFD discriminator. - - If local policy allows (e.g., administrative, security, rate- - limiter, etc) - - Chosen reflector BFD session SHOULD transmit a response BFD - control packet using procedures described in Section 7.3.2. - -7.3.2. Transmission of S-BFD Control Packet by SBFDReflector - - Contents of S-BFD control packets sent by an SBFDReflector MUST be - set as follows: - - Version - - Set to the current version number (1). - - Diagnostic (Diag) - - MAY be set to appropriate value for communicating with peer. - - State (Sta) - - MUST be set to UP or ADMINDOWN. Clarification of reflector BFD - session state is described in Section 7.8. - - Poll (P) - - Set to 1 if the local system is sending a Poll Sequence, or 0 - if not. - - Final (F) - - Set to 1 if the local system is responding to a Control packet - received with the Poll (P) bit set, or 0 if not. - - Control Plane Independent (C) - - Set to 1 if the local system's BFD implementation is - independent of the control plane (it can continue to function - through a disruption of the control plane.) - - Authentication Present (A) - - Set to 1 if authentication is in use on this session - (bfd.AuthType is nonzero), or 0 if not. + set as per Section 6.8.7 of [RFC5880]. There are few fields which + needs to be set differently from [RFC5880] as follows: Demand (D) - MUST be cleared. - - Multipoint (M) - - MUST be set to 0. - - Detect Mult - MUST be copied from received "Detection Multiplier". - - Length - - Set to the appropriate length, based on the fixed header length - (24) plus any Authentication Section. - - My Discriminator - - MUST be copied from received "your discriminator". + D bit is used to identify S-BFD packet originated from + SBFDInitiator and is always set to 1. Your Discriminator - MUST be copied from received "my discriminator". - - Desired Min TX Interval - - MUST be copied from received "Desired Min TX Interval". + Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to discriminator + value of remote entity. It MAY be learnt from routing + protocols or configured locally. Required Min RX Interval - MUST be set to a value describing how many incoming control - packets this reflector BFD session can handle. Further details - are described in Section 7.8. + Set to 0. Required Min Echo RX Interval - If device supports looping back S-BFD echo packets - - MUST set non-zero value desired by local device. - - Else - - MUST be set to 0. - -7.4. Diagnostic Values - - Diagnostic value in both directions MAY be set to a certain value, to - attempt to communicate further information to both ends. However, - details of such are outside the scope of this specification. - -7.5. The Poll Sequence - - Poll sequence MAY be used in both directions. The Poll sequence MUST - operate in accordance with [RFC5880]. An SBFDReflector MAY use the - Poll sequence to slow down that rate at which S-BFD control packets - are generated from an SBFDInitiator. This is done by the - SBFDReflector using procedures described in Section 7.8 and setting - the Poll (P) bit in the reflected S-BFD control packet. The - SBFDInitiator is to then send the next S-BFD control packet with the - Final (F) bit set. If an SBFDReflector receives an S-BFD control - packet with Poll (P) bit set, then the SBFDReflector MUST respond - with an S-BFD control packet with Poll (P) bit cleared and Final (F) - bit set. - -7.6. Control Plane Independent (C) - - Control plane independent (C) bit for an SBFDInitiator sending S-BFD - control packets to a reflector BFD session MUST work according to - [RFC5880]. Reflector BFD session also MUST work according to - [RFC5880]. Specifically, if reflector BFD session implementation - does not share fate with control plane, then response S-BFD control - packets transmitted MUST have control plane independent (C) bit set. - If reflector BFD session implementation shares fate with control - plane, then response S-BFD control packets transmitted MUST NOT have - control plane independent (C) bit set. + Set to 0. -7.7. Additional SBFDInitiator Behaviors +7.3.3. Additional SBFDInitiator Behaviors o If the SBFDInitiator receives a valid S-BFD control packet in response to transmitted S-BFD control packet to a remote entity, then the SBFDInitiator SHOULD conclude that S-BFD control packet reached the intended remote entity. o When a sufficient number of S-BFD packets have not arrived as they should, the SBFDInitiator SHOULD declare loss of reachability to the remote entity. The criteria for declaring loss of reachability and the action that would be triggered as a result @@ -697,43 +610,41 @@ implementation to understand the latency to/from the reflector BFD session on the responder. In other words, for very first S-BFD packet transmitted by the SBFDInitiator, an implementation MUST NOT expect response S-BFD packet to be received for time equivalent to sum of latencies: initiator to responder and responder back to initiator. o If the SBFDInitiator receives an S-BFD control packet with Demand (D) bit set, the packet MUST be discarded. -7.8. Additional SBFDReflector Behaviors +7.4. Diagnostic Values - o S-BFD control packets transmitted by the SBFDReflector MUST have - "Required Min RX Interval" set to a value which expresses how many - incoming S-BFD control packets this SBFDReflector can handle. The - SBFDReflector can control how fast SBFInitiators will be sending - S-BFD control packets to self by ensuring "Required Min RX - Interval" indicates a value based on the current load. + Diagnostic value in both directions MAY be set to a certain value, to + attempt to communicate further information to both ends. + Implementation MAY use already existing diagnostic values defined in + Section 4.1 of [RFC5880]. However, details of such are outside the + scope of this specification. - o If the SBFDReflector wishes to communicate to some or all - SBFDInitiators that monitored local entity is "temporarily out of - service", then S-BFD control packets with "state" set to ADMINDOWN - are sent to those SBFDInitiators. The SBFDInitiators, upon - reception of such packets, MUST NOT conclude loss of reachability - to corresponding remote entity, and MUST back off packet - transmission interval for the remote entity to an interval no - faster than 1 second. If the SBFDReflector is generating a - response S-BFD control packet for a local entity that is in - service, then "state" in response BFD control packets MUST be set - to UP. +7.5. The Poll Sequence - o If an SBFDReflector receives an S-BFD control packet with Demand - (D) bit cleared, the packet MUST be discarded. + Poll sequence MAY be used in both directions. The Poll sequence MUST + operate in accordance with [RFC5880]. An SBFDReflector MAY use the + Poll sequence to slow down that rate at which S-BFD control packets + are generated from an SBFDInitiator. This is done by the + SBFDReflector using procedures described in Section 7.2.3 and setting + the Poll (P) bit in the reflected S-BFD control packet. The + SBFDInitiator is to then send the next S-BFD control packet with the + Final (F) bit set. If an SBFDReflector receives an S-BFD control + packet with Poll (P) bit set, then the SBFDReflector MUST respond + with an S-BFD control packet with Poll (P) bit cleared and Final (F) + bit set. 8. Scaling Aspect This mechanism brings forth one noticeable difference in terms of scaling aspect: number of SBFDReflector. This specification eliminates the need for egress nodes to have fully active BFD sessions when only one side desires to perform continuity tests. With introduction of reflector BFD concept, egress no longer is required to create any active BFD session per path/LSP/function basis. Due to this, total number of BFD sessions in a network is @@ -766,88 +677,90 @@ behind this suggestion: o S-BFD control packets can verify the reachability to intended target node, which allows one to have confidence that S-BFD echo packets are u-turning on the expected target node. o S-BFD control packets can detect when the target node is going out of service (i.e., via receiving back ADMINDOWN state). The usage of the "Required Min Echo RX Interval" field is described - in Section 7.2.2 and Section 7.3.2. Because of the stateless nature + in Section 7.3.2 and Section 7.2.2. Because of the stateless nature of SBFDReflector sessions, a value specified the "Required Min Echo - RX Interval" field in both directions is not very meaningful. Thus - it is RECOMMENDED that the "Required Min Echo RX Interval" field - simply be set to zero in both directions. + RX Interval" field is not very meaningful at SBFDReflector. Thus it + is RECOMMENDED that the "Required Min Echo RX Interval" field simply + be set to zero from SBFDInitiator. SBFDReflector MAY set to + appropriate value to control the rate at which it wants to receives + SBFD echo packets. Following aspects of S-BFD Echo functions are left as implementation details, and are outside the scope of this document: o Format of the S-BFD echo packet (e.g., data beyond UDP header). o Procedures on when and how to use the S-BFD Echo function. 11. Security Considerations - Same security considerations as [RFC5880], [RFC5881], [RFC5883], - [RFC5884] and [RFC5885] apply to this document. Additionally, - implementing the following measures will strengthen security aspects - of the mechanism described by this document: + Same security considerations as [RFC5880] apply to this document. + Additionally, implementing the following measures will strengthen + security aspects of the mechanism described by this document: - o SBFDInitiator MAY pick crypto sequence number based on - authentication mode configured. + o SBFDInitiator MAY pick a sequence number to be set in "sequence + Number" in authentication section based on authentication mode + configured. o SBFDReflector MUST NOT look at the crypto sequence number before accepting the packet. - o SBFDReflector MAY look at the Key ID - [I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and - verify the authentication data. + o SBFDReflector MAY look at the Auth Key ID in the incoming packet + and verify the authentication data. o SBFDReflector MUST accept the packet if authentication is successful. o SBFDReflector MUST compute the Authentication data and MUST use the same sequence number that it received in the S-BFD control packet that it is responding to. - o SBFDInitiator MUST accept the S-BFD control packet if it either - comes with the same sequence number as it had sent or it's within - the window that it finds acceptable (described in detail in - [I-D.ietf-bfd-generic-crypto-auth]) + o SBFDInitiator SHOULD accept S-BFD control packet with sequence + number within permissible window. One potential approach is the + procedure explained in [I-D.ietf-bfd-generic-crypto-auth]. Using the above method, o SBFDReflector continue to remain stateless despite using security. o SBFDReflector are not susceptible to replay attacks as they always respond to S-BFD control packets irrespective of the sequence number carried. o An attacker cannot impersonate the responder since the SBFDInitiator will only accept S-BFD control packets that come with the sequence number that it had originally used when sending the S-BFD control packet. + Considerations about loop problems are covered in Appendix A. + 12. IANA Considerations No action is required by IANA for this document. 13. Acknowledgements - Authors would like to thank Jeffrey Haas, Greg Mirsky and Marc - Binderberger for performing thorough reviews and providing number of - suggestions. Authors would like to thank Girija Raghavendra Rao, Les - Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad - Govindan from Cisco Systems for providing valuable comments. Authors - would also like to thank John E. Drake and Pablo Frank for providing - comments and suggestions. + Authors would like to thank Jeffrey Haas, Greg Mirsky, Marc + Binderberger, and Alvaro Retana for performing thorough reviews and + providing number of suggestions. Authors would like to thank Girija + Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam + and Vengada Prasad Govindan from Cisco Systems for providing valuable + comments. Authors would also like to thank John E. Drake and Pablo + Frank for providing comments and suggestions. 14. Contributing Authors Tarek Saad Cisco Systems Email: tsaad@cisco.com Siva Sivabalan Cisco Systems Email: msiva@cisco.com @@ -862,57 +775,52 @@ Sam Aldrin Google Email: aldrin.ietf@gmail.com 15. References 15.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection - (BFD)", RFC 5880, June 2010. - - [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection - (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June - 2010. - - [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection - (BFD) for Multihop Paths", RFC 5883, June 2010. - - [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, - "Bidirectional Forwarding Detection (BFD) for MPLS Label - Switched Paths (LSPs)", RFC 5884, June 2010. + (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, + . 15.2. Informative References [I-D.ietf-bfd-generic-crypto-auth] Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, "BFD Generic Cryptographic Authentication", draft-ietf- bfd-generic-crypto-auth-06 (work in progress), April 2014. [I-D.ietf-bfd-multipoint] Katz, D., Ward, D., and J. Networks, "BFD for Multipoint - Networks", draft-ietf-bfd-multipoint-06 (work in - progress), May 2015. + Networks", draft-ietf-bfd-multipoint-07 (work in + progress), August 2015. - [I-D.ietf-bfd-seamless-use-case] - Bhatia, M., Matsushima, S., Mirsky, G., and N. Kumar, - "Seamless Bidirectional Forwarding Detection (BFD) Use - Case", draft-ietf-bfd-seamless-use-case-02 (work in - progress), April 2015. + [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, + DOI 10.17487/RFC0791, September 1981, + . - [RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding - Detection (BFD) for the Pseudowire Virtual Circuit - Connectivity Verification (VCCV)", RFC 5885, June 2010. + [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 + (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, + December 1998, . + + [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol + Label Switching Architecture", RFC 3031, + DOI 10.17487/RFC3031, January 2001, + . Appendix A. Loop Problem Consider a scenario where we have two nodes and both are S-BFD capable. Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2) | | Man in the Middle (MiM) @@ -925,21 +833,21 @@ Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When this packet reaches Node B, the reflector session on Node B will swap the discriminators and IP addresses of the received packet and reflect it back, since YourDisc of the received packet matched with reserved discriminator of Node B. The reflected packet that reached Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet - back to Node B. Since reflectors MUST set the TTL of the reflected + back to Node B. Since reflectors must set the TTL of the reflected packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM. FYI: Packet fields do not carry any direction information, i.e., if this is Ping packet or reply packet. Solutions The current proposals to avoid the loop problem are: @@ -970,20 +878,18 @@ Carlos Pignataro Cisco Systems Email: cpignata@cisco.com Dave Ward Cisco Systems Email: wardd@cisco.com - Manav Bhatia Ionos Networks Email: manav@ionosnetworks.com Santosh Pallagatti - Juniper Networks - Email: santoshpk@juniper.net + Email: santosh.pallagatti@gmail.com