--- 1/draft-ietf-bfd-seamless-base-09.txt 2016-05-04 13:16:12.015404494 -0700 +++ 2/draft-ietf-bfd-seamless-base-10.txt 2016-05-04 13:16:12.055405504 -0700 @@ -1,23 +1,23 @@ Internet Engineering Task Force N. Akiya Internet-Draft Big Switch Networks Updates: 5880 (if approved) C. Pignataro Intended status: Standards Track D. Ward -Expires: October 15, 2016 Cisco Systems +Expires: November 5, 2016 Cisco M. Bhatia Ionos Networks S. Pallagatti - April 13, 2016 + May 4, 2016 Seamless Bidirectional Forwarding Detection (S-BFD) - draft-ietf-bfd-seamless-base-09 + draft-ietf-bfd-seamless-base-10 Abstract This document defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring. This document updates RFC5880. @@ -36,21 +36,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 15, 2016. + This Internet-Draft will expire on November 5, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -64,46 +64,46 @@ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 5 4. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 6 4.1. S-BFD Discriminator Uniqueness . . . . . . . . . . . . . 6 4.2. Discriminator Pools . . . . . . . . . . . . . . . . . . . 7 5. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 6. State Variables . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. New State Variables . . . . . . . . . . . . . . . . . . . 8 - 6.2. State Variable Initialization and Maintenance . . . . . . 8 + 6.2. State Variable Initialization and Maintenance . . . . . . 9 7. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Demultiplexing of S-BFD Control Packet . . . . . . . . . 9 7.2. Responder Procedures . . . . . . . . . . . . . . . . . . 10 7.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 10 7.2.2. Transmission of S-BFD Control Packet by SBFDReflector 10 7.2.3. Additional SBFDReflector Behaviors . . . . . . . . . 11 7.3. Initiator Procedures . . . . . . . . . . . . . . . . . . 12 - 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 13 + 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 12 7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator 13 7.3.3. Additional SBFDInitiator Behaviors . . . . . . . . . 14 7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 14 7.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 15 8. Operational Considerations . . . . . . . . . . . . . . . . . 15 8.1. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . 15 - 8.2. Congestion Considerations . . . . . . . . . . . . . . . . 15 + 8.2. Congestion Considerations . . . . . . . . . . . . . . . . 16 9. Co-existence with Classical BFD Sessions . . . . . . . . . . 16 10. S-BFD Echo Function . . . . . . . . . . . . . . . . . . . . . 16 11. Security Considerations . . . . . . . . . . . . . . . . . . . 17 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 - 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 18 - 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 - 15.1. Normative References . . . . . . . . . . . . . . . . . . 18 + 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 + 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 + 15.1. Normative References . . . . . . . . . . . . . . . . . . 19 15.2. Informative References . . . . . . . . . . . . . . . . . 19 - Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 19 + Appendix A. Loop Problem and Solution . . . . . . . . . . . . . 20 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 1. Introduction Bidirectional Forwarding Detection (BFD), [RFC5880] and related documents, has efficiently generalized the failure detection mechanism for multiple protocols and applications. There are some improvements which can be made to better fit existing technologies. There is a possibility of evolving BFD to better fit new technologies. This document focuses on several aspects of BFD in @@ -196,23 +196,23 @@ An S-BFD module on each network node allocates one or more S-BFD discriminators for local entities, and creates a reflector BFD session. Allocated S-BFD discriminators may be advertised by applications (e.g., OSPF/IS-IS). Required result is that applications, on other network nodes, possess the knowledge of the S-BFD discriminators allocated by a remote node to remote entities. The reflector BFD session is to, upon receiving an S-BFD control packet targeted to one of local S-BFD discriminator values, transmit a response S-BFD control packet back to the initiator. - Once above setup is complete, any network node, having the knowledge - of the S-BFD discriminator allocated to by a remote node to remote - entity/entities, it can quickly perform a continuity test to the + Once the above setup is complete, any network node, having the + knowledge of the S-BFD discriminator allocated to by a remote node to + remote entity/entities, can quickly perform a continuity test to the remote entity by simply sending S-BFD control packets with corresponding S-BFD discriminator value in the "your discriminator" field. For example: <------- IS-IS Network -------> +---------+ | | @@ -220,95 +220,96 @@ ^ ^ | | SystemID SystemID xxx yyy BFD Discrim BFD Discrim 123 456 Figure 2: S-BFD for IS-IS Network S-BFD module in a system IS-IS SystemID xxx (node A) allocates an - S-BFD discriminator 123, and IS-IS will advertises the S-BFD - discriminator 123 in an IS-IS TLV. S-BFD module in a system with IS- - IS SystemID yyy (node D) allocates an S-BFD discriminator 456, and - IS-IS advertises the S-BFD discriminator 456 in an IS-IS TLV. A - reflector BFD session is created on both network nodes (node A and - node D). When network node A wants to check the reachability to - network node D, node A can send an S-BFD control packet, destined to - node D, with "your discriminator" field set to 456. When the - reflector BFD session on node D receives this S-BFD control packet, - then response S-BFD control packet is sent back to node A, which - allows node A to complete the continuity test. + S-BFD discriminator 123, and IS-IS advertises the S-BFD discriminator + 123 in an IS-IS TLV. S-BFD module in a system with IS-IS SystemID + yyy (node D) allocates an S-BFD discriminator 456, and IS-IS + advertises the S-BFD discriminator 456 in an IS-IS TLV. A reflector + BFD session is created on both network nodes (node A and node D). + When network node A wants to check the reachability to network node + D, node A can send an S-BFD control packet, destined to node D, with + "your discriminator" field set to 456. When the reflector BFD + session on node D receives this S-BFD control packet, then a response + S-BFD control packet is sent back to node A, which allows node A to + complete the continuity test. When a node allocates multiple S-BFD discriminators, how remote nodes determine which of the discriminators is associated with a specific entity is currently unspecified. The use of multiple S-BFD discriminators by a single network node is therefore discouraged until a means of learning the mapping is defined. 4. S-BFD Discriminators 4.1. S-BFD Discriminator Uniqueness One important characteristics of an S-BFD discriminator is that it MUST be unique within an administrative domain. If multiple network - nodes allocated a same S-BFD discriminator value, then S-BFD control - packets falsely terminating on a wrong network node can result in a - reflector BFD session to generate a response back, due to "your - discriminator" matching. This is clearly not desirable. + nodes allocated the same S-BFD discriminator value, then S-BFD + control packets falsely terminating on a wrong network node can + result in a reflector BFD session to generate a response back, due to + "your discriminator" matching. This is clearly not desirable. 4.2. Discriminator Pools This subsection describes a discriminator pool implementation technique to minimize S-BFD discriminator collisions. The result will allow an implementation to better satisfy the S-BFD discriminator uniqueness requirement defined in Section 4.1. o SBFDInitiator is to allocate a discriminator from the BFD discriminator pool. If the system also supports classical BFD that runs on [RFC5880], then the BFD discriminator pool SHOULD be shared by SBFDInitiator sessions and classical BFD sessions. o SBFDReflector is to allocate a discriminator from the S-BFD discriminator pool. The S-BFD discriminator pool SHOULD be a separate pool than the BFD discriminator pool. - Remainder of this subsection describes the reasons for above - suggestions. + The remainder of this subsection describes the reasons for the + suggestions above. Locally allocated S-BFD discriminator values for entities, listened by SBFDReflector sessions, may be arbitrary allocated or derived from values provided by applications. These values may be protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g., IP address). To avoid derived S-BFD discriminator values already being assigned to other BFD sessions (i.e., SBFDInitiator sessions and classical BFD - sessions), it is RECOMMENDED that discriminator pool for + sessions), it is RECOMMENDED that the discriminator pool for SBFDReflector sessions be separate from other BFD sessions. Even when following the separate discriminator pool approach, collision is still possible between one S-BFD application to another S-BFD application, that may be using different values and algorithms to derive S-BFD discriminator values. If the two applications are - using S-BFD for a same purpose (e.g., network reachability), then the - colliding S-BFD discriminator value can be shared. If the two + using S-BFD for the same purpose (e.g., network reachability), then + the colliding S-BFD discriminator value can be shared. If the two applications are using S-BFD for a different purpose, then the - collision must be addressed. How such collisions are addressed is - outside the scope of this document. + collision must be addressed. The use of multiple S-BFD + discriminators by a single network node, however, is discouraged (see + Section 3). 5. Reflector BFD Session Each network node creates one or more reflector BFD sessions. This reflector BFD session is a session which transmits S-BFD control packets in response to received S-BFD control packets with "your discriminator" having S-BFD discriminators allocated for local - entities. Specifically, this reflector BFD session is to have - following characteristics: + entities. Specifically, this reflector BFD session has the following + characteristics: o MUST NOT transmit any S-BFD packets based on local timer expiry. o MUST transmit an S-BFD control packet in response to a received S-BFD control packet having a valid S-BFD discriminator in the "your discriminator" field, unless prohibited by local policies (e.g., administrative, security, rate-limiter, etc). o MUST be capable of sending only two states: UP and ADMINDOWN. @@ -348,30 +349,30 @@ bfd.SessionType variable MUST be initialized to the appropriate type when an S-BFD session is created. 6.2. State Variable Initialization and Maintenance A state variable defined in Section 6.8.1 of [RFC5880] need to be initialized or manipulated differently depending on the session type. o bfd.DemandMode: This variable MUST be initialized to 1 for session type SBFDInitiator, and MUST be initialized to 0 for session type - SBFDReflector. + SBFDReflector. This is done to prevent loops (see Appendix A). 7. S-BFD Procedures 7.1. Demultiplexing of S-BFD Control Packet S-BFD packet MUST be demultiplexed with lower layer information - (e.g., dedicated destination UDP port, associated channel type). - Following procedure SHOULD be executed on both initiator and - reflector. + (e.g., dedicated destination UDP port [I-D.ietf-bfd-seamless-ip], + associated channel type [I-D.ietf-pals-seamless-vccv]). Following + procedure SHOULD be executed on both initiator and reflector. If S-BFD packet If S-BFD packet is for SBFDReflector Packet MUST be looked up to locate a corresponding SBFDReflector session based on the value from the "your discriminator" field in the table describing S-BFD discriminators. @@ -401,22 +402,21 @@ 7.2. Responder Procedures A network node which receives S-BFD control packets transmitted by an initiator is referred as responder. The responder, upon reception of S-BFD control packets, is to perform necessary relevant validations described in [RFC5880]. 7.2.1. Responder Demultiplexing - S-BFD packet MUST be demultiplexed with lower layer information - (e.g., dedicated destination UDP port, associated channel type). + S-BFD packet MUST be demultiplexed with lower layer information. Following procedure SHOULD be executed by responder: If "your discriminator" not one of the entry allocated for local entities Packet MUST be discarded. Else Packet is determined to be handled by a reflector BFD session @@ -435,23 +435,25 @@ needs to be set differently from [RFC5880] as follows: State (Sta) Set to bfd.SessionState (either UP or ADMINDOWN only). Clarification of reflector BFD session state is described in Section 7.2.3. Demand (D) - Set to 0. + Set to 0, to identify the S-BFD packet is sent by the + SBFDReflector. Detect Mult + Value to be copied from "Detection Multiplier" filed of received BFD packet. My Discriminator Value be copied from "your discriminator" filed of received BFD packet. Your Discriminator @@ -483,34 +485,29 @@ 7.2.3. Additional SBFDReflector Behaviors o S-BFD control packets transmitted by the SBFDReflector MUST have "Required Min RX Interval" set to a value which expresses, in microseconds, the minimum interval between incoming S-BFD control packets this SBFDReflector can handle. The SBFDReflector can control how fast SBFInitiators will be sending S-BFD control packets to self by ensuring "Required Min RX Interval" indicates a value based on the current load. - o If the SBFDReflector wishes to communicate to some or all - SBFDInitiators that monitored local entity is "temporarily out of - service", then S-BFD control packets with "state" set to ADMINDOWN - are sent to those SBFDInitiators. The SBFDInitiators, upon - reception of such packets, MUST NOT conclude loss of reachability - to corresponding remote entity, and MUST back off packet - transmission interval for the remote entity to an interval no - faster than 1 second. If the SBFDReflector is generating a - response S-BFD control packet for a local entity that is in - service, then "state" in response BFD control packets MUST be set - to UP. + o When the SBFDReflector receives an S-BFD control packet from an + SBFDInitiator, then the SBFDReflector needs to determine what + "state" to send in the response S-BFD control packet. If the + monitored local entity is in service, then the "state" MUST be set + to UP. If the monitored local entity is "temporarily out of + service", then the "state" SHOULD be set to ADMINDOWN. o If an SBFDReflector receives an S-BFD control packet with Demand - (D) bit cleared, the packet MUST be discarded. + (D) bit cleared, the packet MUST be discarded (see Appendix A). 7.3. Initiator Procedures S-BFD control packets transmitted by an SBFDInitiator MUST set "your discriminator" field to an S-BFD discriminator corresponding to the remote entity. Every SBFDInitiator MUST have a locally unique "my discriminator" allocated from the BFD discriminator pool. @@ -599,36 +596,43 @@ Set to 0. 7.3.3. Additional SBFDInitiator Behaviors o If the SBFDInitiator receives a valid S-BFD control packet in response to transmitted S-BFD control packet to a remote entity, then the SBFDInitiator SHOULD conclude that S-BFD control packet reached the intended remote entity. + o When an SBFDInitiator receives a response S-BFD control packet, if + the state specified is ADMINDOWN, the SBFDInitiator MUST NOT + conclude loss of reachability to the corresponding remote entity, + and MUST back off packet transmission interval for the remote + entity to an interval no faster than 1 second. + o When a sufficient number of S-BFD packets have not arrived as they should, the SBFDInitiator SHOULD declare loss of reachability to the remote entity. The criteria for declaring loss of reachability and the action that would be triggered as a result - are outside the scope of this document. + are outside the scope of this document; the action MAY include + logging an error. o Relating to above bullet item, it is critical for an implementation to understand the latency to/from the reflector BFD session on the responder. In other words, for very first S-BFD packet transmitted by the SBFDInitiator, an implementation MUST NOT expect response S-BFD packet to be received for time equivalent to sum of latencies: initiator to responder and responder back to initiator. o If the SBFDInitiator receives an S-BFD control packet with Demand - (D) bit set, the packet MUST be discarded. + (D) bit set, the packet MUST be discarded (see Appendix A). 7.4. Diagnostic Values Diagnostic value in both directions MAY be set to a certain value, to attempt to communicate further information to both ends. Implementation MAY use already existing diagnostic values defined in Section 4.1 of [RFC5880]. However, details of such are outside the scope of this specification. 7.5. The Poll Sequence @@ -640,24 +644,40 @@ SBFDReflector using procedures described in Section 7.2.3 and setting the Poll (P) bit in the reflected S-BFD control packet. The SBFDInitiator is to then send the next S-BFD control packet with the Final (F) bit set. If an SBFDReflector receives an S-BFD control packet with Poll (P) bit set, then the SBFDReflector MUST respond with an S-BFD control packet with Poll (P) bit cleared and Final (F) bit set. 8. Operational Considerations - S-BFD provides a smooth and continuous operational experience as a - failure detection mechanism. This is achieved by providing a - simplified mechanism with large portions of negotiation aspects - eliminated, resulting in a faster and simpler provisioning. + S-BFD provides a smooth and continuous (i.e., seamless) operational + experience as an Operations, Administration, and Maintenance (OAM) + mechanism for connectivity check and connection verification. This + is achieved by providing a simplified mechanism with large portions + of negotiation aspects eliminated, resulting in a faster and simpler + provisioning. + + Because of this simplified mechanism, due to a misconfiguration, an + SBFDInitiator could send S-BFD control packets to a target that does + not exist or that is outside the S-BFD administrative domain. As + explained in Section 7.3.1, an SBFDInitiator can be a "persistent" + initiator or a "when needed" one. When an S-BFD "persistent" + SBFDInitiator is used, it SHOULD be controlled that S-BFD control + packet do not propagate for an extended period of time outside of the + administrative domain that uses it. Further, operational measures + SHOULD be taken to identify if S-BFD packets are not responded to for + an extended period of time, and remediate the situation. These + potential concerns are largely mitigated by dynamic advertisement + mechanisms for S-BFD, and with automation checks before applying + configurations. 8.1. Scaling Aspect This mechanism brings forth one noticeable difference in terms of scaling aspect: number of SBFDReflector. This specification eliminates the need for egress nodes to have fully active BFD sessions when only one side desires to perform continuity tests. With introduction of reflector BFD concept, egress no longer is required to create any active BFD session per path/LSP/function basis. Due to this, total number of BFD sessions in a network is @@ -737,25 +757,29 @@ 11. Security Considerations Same security considerations as [RFC5880] apply to this document. Additionally, implementing the following measures will strengthen security aspects of the mechanism described by this document: o SBFDInitiator MAY pick a sequence number to be set in "sequence Number" in authentication section based on authentication mode configured. - o SBFDReflector MUST NOT look at the crypto sequence number before - accepting the packet. + o SBFDReflector MUST NOT use the crypto sequence number to make a + decision about accepting the packet. This is because the + SBFDReflector does not maintain S-BFD peer state, and because the + SBFDReflector can receive S-BFD packets from multiple + SBFDInitiators. Consequently, BFD authentication can be used but + not the sequence number. - o SBFDReflector MAY look at the Auth Key ID in the incoming packet - and verify the authentication data. + o SBFDReflector MAY use the Auth Key ID in the incoming packet to + verify the authentication data. o SBFDReflector MUST accept the packet if authentication is successful. o SBFDReflector MUST compute the Authentication data and MUST use the same sequence number that it received in the S-BFD control packet that it is responding to. o SBFDInitiator SHOULD accept S-BFD control packet with sequence number within permissible window. One potential approach is the @@ -767,57 +791,52 @@ o SBFDReflector are not susceptible to replay attacks as they always respond to S-BFD control packets irrespective of the sequence number carried. o An attacker cannot impersonate the responder since the SBFDInitiator will only accept S-BFD control packets that come with the sequence number that it had originally used when sending the S-BFD control packet. + Additionally, the use of strong forms of authentication is strongly + encouraged for S-BFD. The use of Simple Password authentication + potentially puts other services at risk, if S-BFD packets can be + intercepted and if those password values are reused for other + services. + Considerations about loop problems are covered in Appendix A. 12. IANA Considerations No action is required by IANA for this document. 13. Acknowledgements Authors would like to thank Jeffrey Haas, Greg Mirsky, Marc Binderberger, and Alvaro Retana for performing thorough reviews and providing number of suggestions. Authors would like to thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from Cisco Systems for providing valuable comments. Authors would also like to thank John E. Drake and Pablo Frank for providing comments and suggestions. -14. Contributing Authors - - Tarek Saad - Cisco Systems - Email: tsaad@cisco.com - - Siva Sivabalan - Cisco Systems - Email: msiva@cisco.com +14. Contributors - Nagendra Kumar - Cisco Systems - Email: naikumar@cisco.com + The following are key contributors to this document: - Mallik Mudigonda - Cisco Systems - Email: mmudigon@cisco.com + Tarek Saad, Cisco Systems, Inc. - Sam Aldrin - Google - Email: aldrin.ietf@gmail.com + Siva Sivabalan, Cisco Systems, Inc. + Nagendra Kumar, Cisco Systems, Inc. + Mallik Mudigonda, Cisco Systems, Inc. + Sam Aldrin, Google 15. References 15.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . @@ -828,43 +847,48 @@ 15.2. Informative References [I-D.ietf-bfd-generic-crypto-auth] Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, "BFD Generic Cryptographic Authentication", draft-ietf- bfd-generic-crypto-auth-06 (work in progress), April 2014. [I-D.ietf-bfd-seamless-ip] Akiya, N., Pignataro, C., and D. Ward, "Seamless Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6 - and MPLS", draft-ietf-bfd-seamless-ip-03 (work in - progress), February 2016. + and MPLS", draft-ietf-bfd-seamless-ip-04 (work in + progress), April 2016. [I-D.ietf-bfd-seamless-use-case] - Aldrin, S., Bhatia, M., Matsushima, S., Mirsky, G., and N. - Kumar, "Seamless Bidirectional Forwarding Detection (BFD) - Use Case", draft-ietf-bfd-seamless-use-case-04 (work in - progress), March 2016. + Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar, + "Seamless Bidirectional Forwarding Detection (S-BFD) Use + Cases", draft-ietf-bfd-seamless-use-case-06 (work in + progress), April 2016. + + [I-D.ietf-pals-seamless-vccv] + Govindan, V. and C. Pignataro, "Seamless BFD for VCCV", + draft-ietf-pals-seamless-vccv-03 (work in progress), April + 2016. [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, . [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, DOI 10.17487/RFC3031, January 2001, . -Appendix A. Loop Problem +Appendix A. Loop Problem and Solution Consider a scenario where we have two nodes and both are S-BFD capable. Node A (IP 2001:db8::1) ----------------- Node B (IP 2001:db8::2) | | Man in the Middle (MiM) Assume node A reserved a discriminator 0x01010101 for target @@ -879,58 +903,38 @@ swap the discriminators and IP addresses of the received packet and reflect it back, since YourDisc of the received packet matched with reserved discriminator of Node B. The reflected packet that reached Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet back to Node B. Since reflectors must set the TTL of the reflected packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM. - FYI: Packet fields do not carry any direction information, i.e., if - this is Ping packet or reply packet. - - Solutions - - The current proposals to avoid the loop problem are: - - o Overload "D" bit (Demand mode bit): Initiator always sets the 'D' - bit and reflector clears it. This way we can identify if a - received packet was a reflected packet and avoid reflecting it - back. However this changes the interpretation of 'D' bit. - - o Use of State field in the BFD control packets: Initiator will - always send packets with State set to DOWN and reflector will send - back packets with state field set to UP. Reflectors will never - reflect any received packets with state as UP. However the only - issue is the use of state field differently i.e., state in the - S-BFD control packet from initiator does not reflect the local - state which is anyway not significant at reflector. - - o Use of local discriminator as My Disc at reflector: Reflector will - always fill in My Discriminator with a locally allocated - discriminator value (not reserved discriminators) and will not - copy it from the received packet. + The solution to avoid the loop problem uses the "D" bit (Demand mode + bit). The Initiator always sets the 'D' bit and the reflector always + clears it. This way we can identify if a received packet was a + reflected packet and avoid reflecting it back. Authors' Addresses - Nobo Akiya Big Switch Networks Email: nobo.akiya.dev@gmail.com + Carlos Pignataro - Cisco Systems + Cisco Systems, Inc. Email: cpignata@cisco.com Dave Ward - Cisco Systems + Cisco Systems, Inc. Email: wardd@cisco.com Manav Bhatia Ionos Networks Email: manav@ionosnetworks.com Santosh Pallagatti