draft-ietf-bfd-seamless-base-00.txt   draft-ietf-bfd-seamless-base-01.txt 
Internet Engineering Task Force N. Akiya Internet Engineering Task Force N. Akiya
Internet-Draft C. Pignataro Internet-Draft C. Pignataro
Updates: 5880 (if approved) D. Ward Updates: 5880 (if approved) D. Ward
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: December 14, 2014 M. Bhatia Expires: December 28, 2014 M. Bhatia
Alcatel-Lucent Ionos Networks
P. K. Santosh P. K. Santosh
Juniper Networks Juniper Networks
June 12, 2014 June 26, 2014
Seamless Bidirectional Forwarding Detection (S-BFD) Seamless Bidirectional Forwarding Detection (S-BFD)
draft-ietf-bfd-seamless-base-00 draft-ietf-bfd-seamless-base-01
Abstract Abstract
This document defines a simplified mechanism to use Bidirectional This document defines a simplified mechanism to use Bidirectional
Forwarding Detection (BFD) with large portions of negotiation aspects Forwarding Detection (BFD) with large portions of negotiation aspects
eliminated, thus providing benefits such as quick provisioning as eliminated, thus providing benefits such as quick provisioning as
well as improved control and flexibility to network nodes initiating well as improved control and flexibility to network nodes initiating
the path monitoring. the path monitoring.
This document updates RFC5880.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 45 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 14, 2014. This Internet-Draft will expire on December 28, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Seamless BFD Overview . . . . . . . . . . . . . . . . . . . . 4
4. BFD Target Identifier Types . . . . . . . . . . . . . . . . . 5 4. S-BFD UDP Port . . . . . . . . . . . . . . . . . . . . . . . 5
5. UDP Port . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5
6. S-BFD Discriminators . . . . . . . . . . . . . . . . . . . . 5 6. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 6
7. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 7 7. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7
8. State Variables . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. New State Variables . . . . . . . . . . . . . . . . . . . 7
8.1. New State Variables . . . . . . . . . . . . . . . . . . . 7 7.2. State Variable Initialization and Maintenance . . . . . . 7
8.2. State Variable Initialization and Maintenance . . . . . . 8 8. S-BFD Procedures . . . . . . . . . . . . . . . . . . . . . . 7
9. Full Reachability Validations . . . . . . . . . . . . . . . . 8 8.1. Initiator Procedures . . . . . . . . . . . . . . . . . . 7
9.1. Initiator Behavior . . . . . . . . . . . . . . . . . . . 8 8.1.1. SBFDInitiator State Machine . . . . . . . . . . . . . 8
9.1.1. Initiator State machine . . . . . . . . . . . . . . . 9 8.1.2. Details of S-BFD Packet Sent by SBFDInitiator . . . . 9
9.2. Responder Behavior . . . . . . . . . . . . . . . . . . . 10 8.2. Responder Procedures . . . . . . . . . . . . . . . . . . 9
9.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 10 8.2.1. Responder Demultiplexing . . . . . . . . . . . . . . 10
9.2.2. Reflector BFD Session Procedures . . . . . . . . . . 10 8.2.2. Details of S-BFD Packet Sent by SBFDReflector . . . . 10
9.3. Further Packet Details . . . . . . . . . . . . . . . . . 12 8.3. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 10
9.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 12 8.4. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 11
9.5. The Poll Sequence . . . . . . . . . . . . . . . . . . . . 13 8.5. Control Plane Independent (C) . . . . . . . . . . . . . . 11
9.6. Control Plane Independent (C) . . . . . . . . . . . . . . 13 8.6. Additional SBFDInitiator Behaviors . . . . . . . . . . . 11
9.7. Additional Initiator Behavior . . . . . . . . . . . . . . 13 8.7. Additional SBFDReflector Behaviors . . . . . . . . . . . 12
9.8. Additional Responder Behavior . . . . . . . . . . . . . . 13 9. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 12
10. Partial Reachability Validations . . . . . . . . . . . . . . 14 10. Co-existence with Traditional BFD . . . . . . . . . . . . . . 12
11. Scaling Aspect . . . . . . . . . . . . . . . . . . . . . . . 14 11. BFD Echo . . . . . . . . . . . . . . . . . . . . . . . . . . 12
12. Co-existence with Traditional BFD . . . . . . . . . . . . . . 15 12. Security Considerations . . . . . . . . . . . . . . . . . . . 13
13. BFD Echo . . . . . . . . . . . . . . . . . . . . . . . . . . 15 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
14. Security Considerations . . . . . . . . . . . . . . . . . . . 15 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 15. Contributing Authors . . . . . . . . . . . . . . . . . . . . 14
16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
17. Contributing Authors . . . . . . . . . . . . . . . . . . . . 16 16.1. Normative References . . . . . . . . . . . . . . . . . . 15
18. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 16.2. Informative References . . . . . . . . . . . . . . . . . 15
18.1. Normative References . . . . . . . . . . . . . . . . . . 17
18.2. Informative References . . . . . . . . . . . . . . . . . 17 Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 16
Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
Bidirectional Forwarding Detection (BFD), [RFC5880] and related Bidirectional Forwarding Detection (BFD), [RFC5880] and related
documents, has efficiently generalized the failure detection documents, has efficiently generalized the failure detection
mechanism for multiple protocols and applications. There are some mechanism for multiple protocols and applications. There are some
improvements which can be made to better fit existing technologies. improvements which can be made to better fit existing technologies.
There is a possibility of evolving BFD to better fit new There is a possibility of evolving BFD to better fit new
technologies. This document focuses on several aspects of BFD in technologies. This document focuses on several aspects of BFD in
order to further improve efficiency, to expand failure detection order to further improve efficiency, to expand failure detection
coverage and to allow BFD usage for wider scenarios. This document coverage and to allow BFD usage for wider scenarios. This document
extends BFD to provide solutions to use cases listed in extends BFD to provide solutions to use cases listed in
[I-D.ietf-bfd-seamless-use-case]. Because defined mechanism [I-D.ietf-bfd-seamless-use-case].
eliminates much of negotiation aspects of the BFD protocol, "Seamless
BFD" (S-BFD) has been chosen as the name for this mechanism.
2. Seamless BFD Overview
Each protocol instance (e.g. OSPF/IS-IS) allocates one or more BFD
discriminators on its network node, ensuring that BFD discriminators
allocated are unique within the network domain. Allocated BFD
discriminators may be advertised by the protocol. Required result is
that a protocol possess the knowledge of mapping between network
targets to BFD discriminators. Each network nodes will also create a
BFD session instance that listens for incoming BFD control packets
with "your discriminator" having protocol allocated values. The
listener BFD session instance, upon receiving a BFD control packet
targeted to one of local S-BFD discriminator values, will transmit a
response BFD control packet back to the sender.
Once above setup is complete, any network node, understanding the
mapping between network targets to BFD discriminators, can quickly
perform reachability check to these network targets by simply sending
BFD control packets with known BFD discriminator value as "your
discriminator".
For example:
<------- IS-IS Network -------> One key aspect of the mechanism described in this document eliminates
the time between a network node wanting to perform a connectivity
test and completing the connectivity test. In traditional BFD terms,
the initial state changes from DOWN to UP is virtually nonexistent.
Removal of this seam (i.e. time delay) in BFD provides applications a
smooth and continuous operational experience. Therefore, "Seamless
BFD" (S-BFD) has been chosen as the name for this mechanism.
+---------+ 2. Terminology
| |
A---------B---------C---------D
^ ^
| |
SystemID SystemID
xxx yyy
BFD Discrim BFD Discrim
123 456
Figure 1: S-BFD for IS-IS Network The reader is expected to be familiar with the BFD, IP and MPLS
terminologies and protocol constructs. This section describes
several new terminologies introduced by S-BFD.
IS-IS with SystemID xxx allocates BFD discriminator 123, and o S-BFD - Seamless BFD.
advertises the BFD discriminator 123 in IS-IS TLV. IS-IS with
SystemID yyy allocates BFD discriminator 456, and advertises the BFD
discriminator 456 IS-IS TLV. Both network nodes (node A and node D)
creates listener BFD session instance. When network node A wants to
check a reachability to network node D, node A can send a BFD control
packet, destined to node D, with "your discriminator" set as 456. If
listener BFD on node D receives this BFD control packet, then
response BFD control packet is sent back to node A, which allows node
A to complete the reachability test.
Note that a protocol may create an explicit mapping between a o S-BFD packet - a BFD control packet on the well-known S-BFD port.
protocol ID (e.g. System-ID, Router-ID) to a BFD discriminator. A
protocol may also create an explicit mapping between a network target
(e.g. IP address) to a BFD discriminator. A protocol may even
function with implicit mapping between a network target (e.g. IPv4
address) to a BFD discriminator, i.e. IPv4 address is used as BFD
discriminator value. Decisions and rules on how protocols allocate
and distribute BFD discriminators are outside the scope of this
document.
3. Terminology o Entity - a function on a network node that S-BFD mechanism allows
remote network nodes to perform connectivity test to. An entity
can be abstract (ex: reachability) or specific (ex: IP addresses,
router-IDs, functions).
The reader is expected to be familiar with the BFD, IP, MPLS and SR o SBFDInitiator - an S-BFD session on a network node that performs a
terminology and protocol constructs. This section describes several connectivity test to a remote entity by sending S-BFD packets.
new terminology introduced by Seamless BFD.
o BFD Target Identifier: Network entity that is provisioned as a o SBFDReflector - an S-BFD session on a network node that listens
target of Seamless BFD. for incoming S-BFD packets to local entities and generates
response S-BFD packets.
o BFD Target Identifier Type: Type of network entity that is o Reflector BFD session - synonymous with SBFDReflector.
provisioned as a target of Seamless BFD.
o BFD Target Identifier Table: A table containing BFD target o S-BFD discriminator - a BFD discriminator allocated for a local
identifier type, BFD target identifier and corresponding BFD entity and is being listened by an SBFDReflector.
discriminator.
o Reflector BFD Session: A BFD session listening for incoming BFD o BFD discriminator - a BFD discriminator allocated for an
control packets destined for local BFD target identifier(s). SBFDInitiator.
4. BFD Target Identifier Types o Initiator - a network node hosting an SBFDInitiator.
This document defines a generic mechanism where network nodes can o Responder - a network node hosting an SBFDReflector.
send BFD control packets to specific network targets to perform
various tasks. One task is to perform a reachability check (i.e
requesting immediate response back). Details of this task is further
defined in sections to follow. Further tasks (i.e. using BFD control
packet to request specific services from specific network nodes) may
be defined. Therefore, this document defines a code point for BFD
Target Identifier. Each locally allocated S-BFD discriminator MUST
be associated to BFD Target Identifier type, to allow demultiplexing
to a specific task or service.
BFD Target Identifier types: Below figure describes the relationship between S-BFD terminologies.
Value BFD Target Identifier Type +---------------------+ +---------------------+
------ -------------------------- | Initiator | | Responder |
0 Reserved | +-----------------+ | | +-----------------+ |
1 Network Target Discriminator | | SBFDInitiator |--- S-BFD packet -->| SBFDReflector | |
| | +-------------+ | | | | +-------------+ | |
| | | BFD discrim | | | | | |S-BFD discrim| | |
| | +-------------+ |<-- S-BFD packet ---| +----------^--+ | |
| +-----------------+ | | +------------|----+ |
| | | | |
| | | +---v----+ |
| | | | Entity | |
| | | +--------+ |
+---------------------+ +---------------------+
Procedures defined in this document are to be associated with BFD Figure 1: S-BFD Terminology Relationship
Target Identifier Type 1 (Network Target Discriminator).
Note that IP based BFD from [RFC5885] is supported by this 3. Seamless BFD Overview
specification, but non-IP based BFD is outside the scope of this
document.
Further identifier types are to be defined as needed basis. An S-BFD module on each network node allocates one or more S-BFD
discriminators for local entities, and creates a reflector BFD
session. Allocated S-BFD discriminators may be advertised by
applications (ex: OSPF/IS-IS). Required result is that applications,
on other network nodes, possess the knowledge of the mapping from
remote entities to S-BFD discriminators. The reflector BFD session
is to, upon receiving an S-BFD packet targeted to one of local S-BFD
discriminator values, transmit a response S-BFD packet back to the
initiator.
5. UDP Port Once above setup is complete, any network nodes, having the knowledge
of the mapping from a remote entity to an S-BFD discriminator, can
quickly perform a connectivity test to the remote entity by simply
sending S-BFD packets with corresponding S-BFD discriminator value in
the "your discriminator" field.
S-BFD functions on a well-known UDP port: TBD1. For example:
6. S-BFD Discriminators <------- IS-IS Network ------->
Protocols (i.e. client of S-BFD) may request an arbitrary BFD +---------+
discriminator value, or protocols may request a specific BFD | |
discriminator value. Therefore, it is RECOMMENDED for A---------B---------C---------D
implementations to create a separate discriminator pool for S-BFD ^ ^
sessions to minimize the collision between existing BFD sessions and | |
S-BFD sessions. In such case, incoming BFD control packets MUST be SystemID SystemID
demultiplexed first with UDP port to identify the discriminator table xxx yyy
to look up the session. Regardless of the approach, collision can BFD Discrim BFD Discrim
happen with following scenarios. 123 456
o Existing BFD session already using a discriminator value that Figure 2: S-BFD for IS-IS Network
collides with specific discriminator value requested for S-BFD
session.
* Implementation SHOULD allow migrating existing BFD sessions to The IS-IS with SystemID xxx (node A) allocates an S-BFD discriminator
free up the discriminator to accommodate specific discriminator 123, and advertises the S-BFD discriminator 123 in an IS-IS TLV. The
value requested for S-BFD session. IS-IS with SystemID yyy (node D) allocates an S-BFD discriminator
456, and advertises the S-BFD discriminator 456 in an IS-IS TLV. A
reflector BFD session is created on both network nodes (node A and
node D). When network node A wants to check the connectivity to
network node D, node A can send an S-BFD packet, destined to node D,
with "your discriminator" field set to 456. When the reflector BFD
session on node D receives this S-BFD packet, then response S-BFD
packet is sent back to node A, which allows node A to complete the
connectivity test.
o S-BFD session already using a discriminator value, arbitrarily 4. S-BFD UDP Port
allocated, that collides with specific discriminator value
requested for S-BFD session. The two S-BFD sessions are of
different BFD Target Identifier type.
* Protocol requesting arbitrary discriminator value MUST support S-BFD functions on a well-known UDP port: TBD1.
migrating to another discriminator value, and implementations
MUST allow migrating existing S-BFD sessions to free up the
discriminator to accommodate specific discriminator value
requested for S-BFD session.
o S-BFD session already using a discriminator value, arbitrary 5. S-BFD Discriminators
allocated, that collides with specific discriminator value
requested for S-BFD session. The two S-BFD sessions are of same
BFD Target Identifier type.
* No action is required, as the two can share the discriminator. Locally allocated S-BFD discriminator values for entities may be
arbitrary allocated or derived from values provided by applications.
These values may be protocol IDs (ex: System-ID, Router-ID) or
network targets (ex: IP address). To minimize the collision of
discriminator values between BFD and S-BFD, it is RECOMMENDED that
discriminator pool be separate for BFD and S-BFD. Even when
employing the separate discriminator pool approach, collision is
still possible between one S-BFD application to another S-BFD
application, that may be using different values and algorithms to
derive S-BFD discriminator values. If the two applications are using
S-BFD for a same purpose (ex: network reachability), then the
colliding S-BFD discriminator value can be shared. If the two
applications are using S-BFD for a different purpose, then the
collision must be addressed. How such collisions are addressed is
outside the scope of this document.
One important characteristics of S-BFD discriminator is that it MUST One important characteristics of an S-BFD discriminator is that it
be network wide unique. If multiple network nodes allocated same MUST be unique within an administrative domain. If multiple network
S-BFD discriminator value, then S-BFD control packets falsely nodes allocated a same S-BFD discriminator value, then S-BFD packets
terminating on a wrong network node can result in reflector BFD falsely terminating on a wrong network node can result in a reflector
session (described in Section 7) to generate a response back, due to BFD session to generate a response back, due to "your discriminator"
"your discriminator" matching. This is clearly not desirable. If matching. This is clearly not desirable. If only IP based S-BFD is
only IP based S-BFD is concerned, then it is possible for S-BFD considered, then it is possible for the reflector BFD session to
reflector session to require demultiplexing of incoming S-BFD control require demultiplexing of incoming S-BFD packets with combination of
packet with combination of destination IP address and "your destination IP address and "your discriminator". Then S-BFD
discriminator". Then S-BFD discriminator only has to be unique discriminator only has to be unique within a local node. However,
within a local node. However, S-BFD is a generic mechanism defined S-BFD is a generic mechanism defined to run on wide range of
to run on wide range of environments: IP, MPLS, Segment Routing environments: IP, MPLS, etc. For other transports like MPLS, because
([I-D.previdi-filsfils-isis-segment-routing]), etc. For other of the need to use non-routable IP destination address, it is not
transports like MPLS, because of the need to use non-routable IP possible for reflector BFD session to demultiplex using IP
destination address, it is not possible for S-BFD reflector session destination address. With PHP, there may not be any incoming label
to demultiplex using IP destination address. With PHP, there may not stack to aid in demultiplexing either. Thus, S-BFD imposes a
be any incoming label stack to aid in demultiplexing either. Thus, requirement that S-BFD discriminators MUST be unique within an
S-BFD imposes a requirement that S-BFD discriminators MUST be network administrative domain.
wide unique.
7. Reflector BFD Session 6. Reflector BFD Session
Each network node MUST create one or more reflector BFD sessions. Each network node creates one or more reflector BFD sessions. This
This reflector BFD session is a session which transmits BFD control reflector BFD session is a session which transmits S-BFD packets in
packets in response to received valid locally destined BFD control response to received S-BFD packets with "your discriminator" having
packets. Specifically, this reflector BFD session is to have S-BFD discriminators allocated for local entities. Specifically,
following characteristics: this reflector BFD session is to have following characteristics:
o MUST NOT transmit any BFD control packets based on local timer o MUST NOT transmit any S-BFD packets based on local timer expiry.
expiry.
o MUST transmit BFD control packet in response to a received valid o MUST transmit an S-BFD packet in response to a received S-BFD
locally destined BFD control packet. packet having a valid S-BFD discriminator in the "your
discriminator" field, unless prohibited by local policies (ex:
administrative, security, rate-limiter, etc).
o MUST be capable of sending only two states: UP and ADMINDOWN. o MUST be capable of sending only two states: UP and ADMINDOWN.
One reflector BFD session MAY be responsible for handling received One reflector BFD session may be responsible for handling received
BFD control packets targeted to all local BFD target identifiers, or S-BFD packets targeted to all locally allocated S-BFD discriminators,
few reflector BFD sessions MAY each be responsible for subset of or few reflector BFD sessions may each be responsible for subset of
local BFD target identifiers. This policy is a local matter, and is locally allocated S-BFD discriminators. This policy is a local
outside the scope of this document. matter, and is outside the scope of this document.
Note that incoming BFD control packets destined to BFD target Note that incoming S-BFD packets may be IPv4, IPv6 or MPLS based.
identifier types may be IPv4, IPv6 or MPLS based. For those BFD How such S-BFD packets reach an appropriate reflector BFD session is
target identifier types, implementations MAY either allow the same also a local matter, and is outside the scope of this document.
reflector BFD session to handle all incoming BFD control packets in
address family agnostic fashion, or setup multiple reflector BFD
sessions to handle incoming BFD control packets with different
address families. This policy is again a local matter, and is
outside the scope of this document.
8. State Variables 7. State Variables
S-BFD introduces some new state variables, and modifies the usage of S-BFD introduces new state variables, and modifies the usage of
existing ones. existing ones.
8.1. New State Variables 7.1. New State Variables
A new state variable is added to the base specification in support of A new state variable is added to the base specification in support of
S-BFD. S-BFD.
o bfd.SessionType: The type of this session. Allowable values are: o bfd.SessionType: The type of this session. Allowable values are:
* SBFDInitiator: Any session on a network node that attempts to * SBFDInitiator - an S-BFD session on a network node that
perform a path monitoring to any BFD target identifier on other performs a connectivity test to a target entity by sending
network nodes. S-BFD packets.
* SBFDReflector: Any session on a network node, which receives * SBFDReflector - an S-BFD session on a network node that listens
BFD control packets transmitted by an initiator and responds for incoming S-BFD packets to local entities and generates
back to initiator is referred as responder. response S-BFD packets.
This variable MUST be initialized to the appropriate type when the bfd.SessionType variable MUST be initialized to the appropriate type
session is created, according to the rules in section TBD. when an S-BFD session is created.
8.2. State Variable Initialization and Maintenance 7.2. State Variable Initialization and Maintenance
Some state variables defined in section 6.8.1 of the BFD base Some state variables defined in section 6.8.1 of the BFD base
specification need to be initialized or manipulated differently specification need to be initialized or manipulated differently
depending on the session type. depending on the session type. Ed-Note: Anything else?.
o bfd.DemandMode: This variable MUST be initialized to 1 for session o bfd.DemandMode: This variable MUST be initialized to 1 for session
type SBFDInitiator, and MUST be initialized to 0 for session type type SBFDInitiator, and MUST be initialized to 0 for session type
SBFDReflector. SBFDReflector.
9. Full Reachability Validations 8. S-BFD Procedures
9.1. Initiator Behavior
Any network node can attempt to perform a full reachability
validation to any BFD target identifier on other network nodes, as
long as destination BFD target identifier is provisioned to use this
mechanism. BFD control packets transmitted by the initiator is to
have "your discriminator" corresponding to destination BFD target
identifier.
A node that initiates a BFD control packet MAY create an active BFD 8.1. Initiator Procedures
session to periodically send BFD control packets to a target, or a
BFD control packet MAY be crafted and sent out on "as needed basis"
(ex: BFD ping) without any session presence. In both cases, a BFD
instance MUST have a unique "my discriminator" value assigned. If a
node is to create multiple BFD instances to the same BFD target
identifier, then each instance MUST have separate "my discriminator"
values assigned. A BFD instance MUST NOT use a discriminator
corresponding to one of local BFD target identifiers as "my
discriminator". This is to prevent incoming response BFD control
packets ("pong" packets) having "your discriminator" as a
discriminator corresponding to the local BFD target identifier.
Below ASCII art describes high level concept of full reachability S-BFD packets transmitted by an SBFDInitiator MUST set "your
validations using this mechanism. R2 reserves value XX as BFD discriminator" field to an S-BFD discriminator corresponding to the
discriminator for its BFD target identifier. ASCII art shows that R1 remote entity.
and R4 performing full reachability validation to XX on R2.
-- md=50/yd=XX (BFD ping) --> S-BFD packets transmitted by an SBFDInitiator MUST NOT set "my
<-- md=XX/yd=50 (BFD pong) -- discriminator" field to an S-BFD discriminator allocated for a local
entity (and is being monitored by a local SBFDReflector). This is to
prevent incoming response S-BFD packets, from a remote SBFDReflector,
having "your discriminator" as a S-BFD discriminator of a local
entity. Every SBFDInitiator is to have a unique "my discriminator",
and SHOULD be allocated from the BFD discriminator pool if the
implementation employs the approach of having separate discriminator
pools for BFD and S-BFD.
[*] Below ASCII art describes high level concept of connectivity test
R1 ---------------------- R2 ----------- R3 ----------- R4 using S-BFD. R2 allocates XX as the S-BFD discriminator for its
network reachability purpose, and advertises XX to neighbors. ASCII
art shows R1 and R4 performing a connectivity test to R2.
| ^ +--- md=50/yd=XX (ping) ----+
| | | |
| + - md=60/yd=XX (BFD ping) -- |+-- md=XX/yd=50 (pong) --+ |
+ - - -md=XX/yd=60 (BFD pong) --> || | |
|v | v
R1 ==================== R2[*] ========= R3 ========= R4
| ^ |^
| | ||
| +-- md=60/yd=XX (ping) --+|
| |
+---- md=XX/yd=60 (pong) ---+
[*] Reflector BFD session on R2. [*] Reflector BFD session on R2.
=== Links connecting network nodes.
--- S-BFD packet traversal.
Figure 2: S-BFD path monitoring Figure 3: S-BFD Connectivity Test
If BFD control packet is to be sent via IP path, then:
o Destination IP address MUST be an IP address corresponding to
target identifier.
o Source IP address MUST be a local IP address.
o IP TTL MUST be 255 for full reachability validations. Partial
reachability validations MAY use smaller TTL value (see
Section 10).
o Well-known UDP destination port(s) for IP based S-BFD.
If BFD control packet response is determined to explicitly be label
switched, then:
o BFD control packet MUST get imposed with a label stack that is
expected to reach the target node.
o MPLS TTL MUST be 255 for full reachability validations. Partial
reachability validations MAY use smaller TTL value (see
Section 10).
o Destination IP address MUST be 127/8 for IPv4 and
0:0:0:0:0:FFFF:7F00/104 for IPv6.
o Source IP address MUST be a local IP address.
o IP TTL=1.
o Well-known UDP destination port(s) for MPLS based S-BFD
9.1.1. Initiator State machine 8.1.1. SBFDInitiator State Machine
The following diagram provides an overview of the initiator state An SBFDInitiator may be a persistent session on the initiator with a
machine. The notation on each arc represents the state of the remote timer for S-BFD packet transmissions. An SBFDInitiator may also be a
system (as received in the State field in the BFD Control packet) or module, a script or a tool on the initiator that transmits one or
more S-BFD packets "when needed". For transient SBFDInitiators, the
BFD state machine described in [RFC5880] may not be applicable. For
persistent SBFDInitiators, the states and the state machine described
in [RFC5880] will function but are more than necessary. The
following diagram provides an optimized state machine for persistent
SBFDInitiators. The notation on each arc represents the state of the
SBFDInitiator (as received in the State field in the S-BFD packet) or
indicates the expiration of the Detection Timer. indicates the expiration of the Detection Timer.
+--+ +--+
ADMIN DOWN, | | ADMIN DOWN, | |
TIMER | V TIMER | V
+------+ UP +------+ +------+ UP +------+
| |-------------------->| |----+ | |-------------------->| |----+
| DOWN | | UP | | UP | DOWN | | UP | | UP
| |<--------------------| |<---+ | |<--------------------| |<---+
+------+ ADMIN DOWN, +------+ +------+ ADMIN DOWN, +------+
TIMER TIMER
Figure 3: S-BFD Initiator FSM Figure 4: SBFDInitiator FSM
Note that the above state machine is different from the base BFD Note that the above state machine is different from the base BFD
specification[RFC5880]. This is because the Init state is no longer specification[RFC5880]. This is because the Init state is no longer
applicable for the initiator of the S-BFD session. Another important applicable for the SBFDInitiator. Another important difference is
difference is the transition of the state machine from the Down state the transition of the state machine from the Down state to the Up
to the Up state when a packet with State Up is received by the state when a packet with State Up is received by the initiator. The
initiator. The definitions of the states and the events have the definitions of the states and the events have the same meaning as in
same meaning as in the base BFD specification [RFC5880]. the base BFD specification [RFC5880].
9.2. Responder Behavior
A network node which receives BFD control packets transmitted by an
initiator is referred as responder. Responder, upon reception of BFD
control packets, is to perform necessary relevant validations
described in [RFC5880]/[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885].
9.2.1. Responder Demultiplexing
When responder receives a BFD control packet, if "your discriminator"
value is not one of local entries in the BFD target identifier table,
then this packet MUST NOT be considered for this mechanism. If "your
discriminator" value is one of local entries in the BFD target
identifier table, then the packet is determined to be handled by a
reflector BFD session responsible for specified BFD targeted
identifier. If the packet was determined to be processed further for
this mechanism, then chosen reflector BFD session is to transmit a
response BFD control packet using procedures described in
Section 9.2.2, unless prohibited by local administrative or local
policy reasons.
9.2.2. Reflector BFD Session Procedures
BFD target identifier type MUST be used to determine further
information on how to reach back to the initiator.
In addition, destination IP address of received BFD control packet
MUST be examined to determine how to construct response BFD control
packet to send back to the initiator.
If destination IP address of received BFD control packet is not 127/8
for IPv4 or 0:0:0:0:0:FFFF:7F00/104 for IPv6, then:
o Destination IP address MUST be copied from received source IP
address.
o Source IP address MUST be copied from received destination IP
address if received destination IP address is a local address.
Otherwise local IP address MUST be used.
o IP TTL MUST be 255.
Response BFD control packet SHOULD be IP routed back, but MAY
explicitly be label switched.
If BFD control packet response is determined to be IP routed, then:
o Destination IP address MUST be copied from received source IP
address.
o Source IP address MUST be a local address.
o IP TTL MUST be 255.
If BFD control packet response is determined to explicitly be label
switched, then:
o BFD control packet MUST get label switched back to the initiator.
Determining the label stack to be imposed on a response BFD
control packet is outside the scope of this document.
o MPLS TTL MUST be 255.
o Destination IP address MUST be 127/8 for IPv4 and
0:0:0:0:0:FFFF:7F00/104 for IPv6.
o Source IP address MUST be a local IP address.
o IP TTL MUST be 1.
Regardless of the response type, BFD control packet being sent by the
responder MUST perform following procedures:
o Copy "my discriminator" from received "your discriminator", and
"your discriminator" from received "my discriminator".
o UDP destination port MUST be same as received UDP destination
port.
9.3. Further Packet Details 8.1.2. Details of S-BFD Packet Sent by SBFDInitiator
Further details of BFD control packets sent by initiator (ex: active S-BFD packets sent by an SBFDInitiator is to have following contents:
BFD session):
o Well-known UDP destination port assigned for S-BFD. o Well-known UDP destination port assigned for S-BFD.
o UDP source port as per described in o UDP source port as per described in [RFC5881], [RFC5883],
[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885]. [RFC5884] and [RFC5885].
o "my discriminator" assigned by local node. o "my discriminator" assigned by local node.
o "your discriminator" corresponding to an identifier of target o "your discriminator" corresponding to a remote entity.
node. o "State" MUST be set to a value describing local state.
o "State" MUST be set to a value reflecting local state. o "Desired Min TX Interval" MUST be set to a value describing local
o "Desired Min TX Interval" MUST be set to a value reflecting local
desired minimum transmit interval. desired minimum transmit interval.
o "Required Min RX Interval" MUST be zero. o "Required Min RX Interval" MUST be zero.
o "Required Min Echo RX Interval" SHOULD be zero. o "Required Min Echo RX Interval" SHOULD be zero.
o "Detection Multiplier" MUST be set to a value reflecting locally o "Detection Multiplier" MUST be set to a value describing locally
used multiplier value. used multiplier value.
o "Demand bit (D)" MUST be set by the initiator. o Demand (D) bit MUST be set.
Further details of BFD control packets sent by responder (reflector 8.2. Responder Procedures
BFD session):
A network node which receives S-BFD packets transmitted by an
initiator is referred as responder. The responder, upon reception of
S-BFD packets, is to perform necessary relevant validations described
in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885].
8.2.1. Responder Demultiplexing
A BFD control packet received by a resonder is considered an S-BFD
packet if the packet is on the well-known S-BFD port. When a
responder receives an S-BFD packet, if the value in the "your
discriminator" field is not one of S-BFD discriminators allocated for
local entities, then this packet MUST NOT be considered for this
mechanism. If the value in the "your discriminator" field is one of
S-BFD discriminators allocated for local entities, then the packet is
determined to be handled by a reflector BFD session responsible for
the S-BFD discriminator. If the packet was determined to be
processed further for this mechanism, then chosen reflector BFD
session is to transmit a response BFD control packet using procedures
described in Section 8.2.2, unless prohibited by local policies (ex:
administrative, security, rate-limiter, etc).
8.2.2. Details of S-BFD Packet Sent by SBFDReflector
S-BFD packets sent by an SBFDReflector is to have following contents:
o Well-known UDP destination port assigned for S-BFD. o Well-known UDP destination port assigned for S-BFD.
o UDP source port as described in o UDP source port as described in [RFC5881], [RFC5883], [RFC5884]
[RFC5881]/[RFC5883]/[RFC5884]/[RFC5885]. and [RFC5885].
o "my discriminator" MUST be copied from received "your o "my discriminator" MUST be copied from received "your
discriminator". discriminator".
o "your discriminator" MUST be copied from received "my o "your discriminator" MUST be copied from received "my
discriminator". discriminator".
o "State" MUST be UP or ADMINDOWN. Clarification of reflector BFD o "State" MUST be UP or ADMINDOWN. Clarification of reflector BFD
session state is described in Section 9.8. session state is described in Section 8.7.
o "Desired Min TX Interval" MUST be copied from received "Desired o "Desired Min TX Interval" MUST be copied from received "Desired
Min TX Interval". Min TX Interval".
o "Required Min RX Interval" MUST be set to a value reflecting how o "Required Min RX Interval" MUST be set to a value describing how
many incoming control packets this reflector BFD session can many incoming control packets this reflector BFD session can
handle. handle. Further details are described in Section 8.7.
o "Required Min Echo RX Interval" SHOULD be set to zero. o "Required Min Echo RX Interval" SHOULD be set to zero.
o "Detection Multiplier" MUST be copied from received "Detection o "Detection Multiplier" MUST be copied from received "Detection
Multiplier". Multiplier".
o "Demand bit (D)" MUST be cleared by the reflector. o Demand (D) bit MUST be cleared.
9.4. Diagnostic Values 8.3. Diagnostic Values
Diagnostic value in both directions MAY be set to a certain value, to Diagnostic value in both directions MAY be set to a certain value, to
attempt to communicate further information to both ends. However, attempt to communicate further information to both ends. However,
details of such are outside the scope of this specification. details of such are outside the scope of this specification.
9.5. The Poll Sequence 8.4. The Poll Sequence
The Poll sequence MUST operate in accordance with [RFC5880]. Poll sequence MAY be used in both directions. The Poll sequence MUST
operate in accordance with [RFC5880]. An SBFDReflector MAY use the
Poll sequence to slow down that rate at which S-BFD packets are
generated from an SBFDInitiator. This is done by the SBFDReflector
using procedures described in Section 8.7 and setting the Poll (P)
bit in the reflected S-BFD packet. The SBFDInitiator is to then send
the next S-BFD packet with the Final (F) bit set. If an
SBFDReflector receives an S-BFD packet with Poll (P) bit set, then
the SBFDReflector MUST respond with an S-BFD packet with Poll (P) bit
cleared and Final (F) bit set.
9.6. Control Plane Independent (C) 8.5. Control Plane Independent (C)
Control plane independent (C) bit for BFD instances speaking to a Control plane independent (C) bit for an SBFDInitiator sending S-BFD
reflector BFD session MUST work according to [RFC5880]. Reflector packets to a reflector BFD session MUST work according to [RFC5880].
BFD session also MUST work according to [RFC5880]. Specifically, if Reflector BFD session also MUST work according to [RFC5880].
reflector BFD session implementation does not share fate with control Specifically, if reflector BFD session implementation does not share
plane, then response BFD control packets transmitted MUST have fate with control plane, then response S-BFD packets transmitted MUST
control plane independent (C) bit set. If reflector BFD session have control plane independent (C) bit set. If reflector BFD session
implementation shares fate with control plane, then response BFD implementation shares fate with control plane, then response S-BFD
control packets transmitted MUST NOT have control plane independent packets transmitted MUST NOT have control plane independent (C) bit
(C) bit set. set.
9.7. Additional Initiator Behavior 8.6. Additional SBFDInitiator Behaviors
o If initiator receives valid BFD control packet in response to o If the SBFDInitiator receives a valid S-BFD packet in response to
transmitted BFD control packet, then initiator SHOULD conclude transmitted S-BFD packet to a remote entity, then the
that packet reached intended target. SBFDInitiator SHOULD conclude that S-BFD packet reached the
intended remote entity.
o When a sufficient number of BFD control packets have not arrived o When a sufficient number of S-BFD packets have not arrived as they
as they should, the initiator could declare loss of reachability. should, the SBFDInitiator SHOULD declare loss of connectivity to
The criteria for declaring loss of reachability and the action the remote entity. The criteria for declaring loss of
that would be triggered as a result are outside the scope of this connectivity and the action that would be triggered as a result
specification. are outside the scope of this document.
o Relating to above bullet item, it is critical for an o Relating to above bullet item, it is critical for an
implementation to understand the latency to/from reflector BFD implementation to understand the latency to/from the reflector BFD
session on target node. In other words, for very first BFD session on the responder. In other words, for very first S-BFD
control packet transmitted, an implementation MUST NOT expect packet transmitted by the SBFDInitiator, an implementation MUST
response BFD control packet to be received for time equivalent to NOT expect response S-BFD packet to be received for time
sum of latencies: initiator node to target node and target node equivalent to sum of latencies: initiator to responder and
back to initiator node. responder back to initiator.
o If initiator receives a packet with D bit set, the packet MUST be
discarded.
9.8. Additional Responder Behavior
o BFD control packets transmitted by a reflector BFD session MUST
have "Required Min RX Interval" set to a value which reflects how
many incoming control packets this reflector BFD session can
handle. Responder can control how fast initiators will be sending
BFD control packets to self by ensuring "Required Min RX Interval"
reflects a value based on current load.
o If a reflector BFD session wishes to communicate to some or all
initiators that monitored BFD target identifier is "temporarily
out of service", then BFD control packets with "state" set to
ADMINDOWN are sent to those initiators. Initiators, upon
reception of such packets, MUST NOT conclude loss of reachability
to corresponding BFD target identifier, and MUST back off packet
transmission interval to corresponding BFD target identifier an
interval no faster than 1 second. If a reflector BFD session is
generating a response BFD control packet for BFD target identifier
that is in service, then "state" in response BFD control packets
MUST be set to UP.
o If a reflector receives a packet with D bit cleared, the packet
MUST be discarded.
10. Partial Reachability Validations o If the SBFDInitiator receives an S-BFD packet with Demand (D) bit
set, the packet MUST be discarded.
Same mechanism as described in "Full Reachability Validations" 8.7. Additional SBFDReflector Behaviors
section will be applied with exception of following differences on
initiator.
o When initiator wishes to perform a partial reachability validation o S-BFD packets transmitted by the SBFDReflector MUST have "Required
towards identifier X upto identifier Y, number of hops to Min RX Interval" set to a value which expresses how many incoming
identifier Y is calculated. S-BFD packets this SBFDReflector can handle. The SBFDReflector
can control how fast SBFInitiators will be sending S-BFD packets
to self by ensuring "Required Min RX Interval" indicates a value
based on the current load.
o TTL value based on this calculation is used as the IP TTL or MPLS o If the SBFDReflector wishes to communicate to some or all
TTL on top most label, and "your discriminator" of transmitted BFD SBFDInitiators that monitored local entity is "temporarily out of
control packet will carry BFD discriminator corresponding to service", then S-BFD packets with "state" set to ADMINDOWN are
target transit identifier Y. sent to those SBFDInitiators. The SBFDInitiators, upon reception
of such packets, MUST NOT conclude loss of connectivity to
corresponding remote entity, and MUST back off packet transmission
interval for the remote entity to an interval no faster than 1
second. If the SBFDReflector is generating a response S-BFD
packet for a local entity that is in service, then "state" in
response BFD control packets MUST be set to UP.
o Imposed label stack or IP destination address will continue to be o If an SBFDReflector receives an S-BFD packet with Demand (D) bit
of identifier X. cleared, the packet MUST be discarded.
11. Scaling Aspect 9. Scaling Aspect
This mechanism brings forth one noticeable difference in terms of This mechanism brings forth one noticeable difference in terms of
scaling aspect: number of BFD sessions. This specification scaling aspect: number of SBFDReflector. This specification
eliminates the need for egress nodes to have fully active BFD eliminates the need for egress nodes to have fully active BFD
sessions when only one side desires to perform reachability sessions when only one side desires to perform connectivity tests.
validations. With introduction of reflector BFD concept, egress no With introduction of reflector BFD concept, egress no longer is
longer is required to create any active BFD session per path/LSP required to create any active BFD session per path/LSP/function
basis. Due to this, total number of BFD sessions in a network is basis. Due to this, total number of BFD sessions in a network is
reduced. reduced.
If traditional BFD technology was used on a network comprised of N 10. Co-existence with Traditional BFD
nodes, and each node monitored M unidirectional paths/LSPs, then
total number of BFD sessions in such network will be:
(((N - 1) x M) x 2)
Assuming that each network node creates one reflector BFD session to
handle all local BFD target identifiers, then total number of BFD
sessions in same scenario will be:
(((N - 1) x M) + N)
12. Co-existence with Traditional BFD
This mechanism has no issues being deployed with traditional BFDs This mechanism has no issues being deployed with traditional BFDs
([RFC5881]/[RFC5883]/[RFC5884]/[RFC5885]) because BFD discriminators ([RFC5881], [RFC5883], [RFC5884] and [RFC5885]) because S-BFD
which allow this mechanism to function are explicitly reserved and discriminators which allow this mechanism to function are explicitly
separate UDP port values are used with S-BFD. reserved and separate UDP port values are used with S-BFD.
13. BFD Echo 11. BFD Echo
BFD echo is outside the scope of this document. BFD echo is outside the scope of this document.
14. Security Considerations 12. Security Considerations
Same security considerations as [RFC5880], [RFC5881], [RFC5883], Same security considerations as [RFC5880], [RFC5881], [RFC5883],
[RFC5884] and [RFC5885] apply to this document. [RFC5884] and [RFC5885] apply to this document.
Additionally, implementing the following measures will strengthen Additionally, implementing the following measures will strengthen
security aspects of the mechanism described by this document. security aspects of the mechanism described by this document.
o Implementations MUST provide filtering capability based on source o Implementations MUST provide filtering capability based on source
IP addresses or source node segment IDs of received BFD control IP addresses of received S-BFD packets: [RFC2827].
packets: [RFC2827].
o Implementations MUST NOT act on received BFD control packets o Implementations MUST NOT act on received S-BFD packets containing
containing Martian addresses as source IP addresses. Martian addresses as source IP addresses.
o Implementations MUST ensure response target IP addresses or node o Implementations MUST ensure that response S-BFD packets generated
segment IDs are reachable. to the initiator by the SBFDReflector have a reachable target (ex:
destination IP address).
o Initiator MAY pick crypto sequence number based on authentication o SBFDInitiator MAY pick crypto sequence number based on
mode configured. authentication mode configured.
o The reflector MUST NOT look at the crypto sequence number before o SBFDReflector MUST NOT look at the crypto sequence number before
accepting the packet. accepting the packet.
o Reflector MAY look at the Key ID o SBFDReflector MAY look at the Key ID
[I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and [I-D.ietf-bfd-generic-crypto-auth] in the incoming packet and
verify the authentication data. verify the authentication data.
o Reflector MUST accept the packet if authentication is successful. o SBFDReflector MUST accept the packet if authentication is
successful.
o Reflector MUST compute the Authentication data and MUST use the o SBFDReflector MUST compute the Authentication data and MUST use
same sequence number that it received in the S-BFD packet that it the same sequence number that it received in the S-BFD packet that
is responding to. it is responding to.
o Initiator MUST accept the S-BFD packet if it either comes with the o SBFDInitiator MUST accept the S-BFD packet if it either comes with
same sequence number as it had sent or its within the window that the same sequence number as it had sent or it's within the window
it finds acceptable (described in detail in that it finds acceptable (described in detail in
[I-D.ietf-bfd-generic-crypto-auth]) [I-D.ietf-bfd-generic-crypto-auth])
Using the above method, Using the above method,
o Reflectors continue to remain stateless despite using security. o SBFDReflector continue to remain stateless despite using security.
o Reflectors are not susceptible to replay attacks as they always o SBFDReflector are not susceptible to replay attacks as they always
respond to S-BFD packets irrespective of the sequence number respond to S-BFD packets irrespective of the sequence number
carried. carried.
o An attacker cannot impersonate the Reflector since the Initiator o An attacker cannot impersonate the responder since the
will only accept S-BFD packets that come with the sequence number SBFDInitiator will only accept S-BFD packets that come with the
that it had originally used when sending the S-BFD packet. sequence number that it had originally used when sending the S-BFD
packet.
15. IANA Considerations
BFD Target Identifier types: 13. IANA Considerations
Value BFD Target Identifier Type A new value TBD1 is requested from the "Service Name and Transport
------ -------------------------- Protocol Port Number Registry". The requested registry entry is:
0 Reserved
1 Network Target Discriminator
New UDP port number, TBD1, will be requested for S-BFD. Service Name (REQUIRED)
s-bfd
Transport Protocol(s) (REQUIRED)
udp
Assignee (REQUIRED)
IESG <iesg@ietf.org>
Contact (REQUIRED)
BFD Chairs <bfd-chairs@tools.ietf.org>
Description (REQUIRED)
Seamless Bidirectional Forwarding Detection (S-BFD)
Reference (REQUIRED)
draft-ietf-bfd-seamless-base
Port Number (OPTIONAL)
TBD1 (Requesting 7784)
16. Acknowledgements 14. Acknowledgements
Authors would like to thank Jeffrey Haas for performing thorough Authors would like to thank Jeffrey Haas for performing thorough
reviews and providing number of suggestions. Authors would like to reviews and providing number of suggestions. Authors would like to
thank Girija Raghavendra Rao, Marc Binderberger, Les Ginsberg, thank Girija Raghavendra Rao, Marc Binderberger, Les Ginsberg,
Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from
Cisco Systems for providing valuable comments. Cisco Systems for providing valuable comments. Authors would also
like to thank John E. Drake for providing comments and suggestions.
17. Contributing Authors 15. Contributing Authors
Tarek Saad Tarek Saad
Cisco Systems Cisco Systems
Email: tsaad@cisco.com Email: tsaad@cisco.com
Siva Sivabalan Siva Sivabalan
Cisco Systems Cisco Systems
Email: msiva@cisco.com Email: msiva@cisco.com
Nagendra Kumar Nagendra Kumar
skipping to change at page 17, line 9 skipping to change at page 15, line 4
Cisco Systems Cisco Systems
Email: tsaad@cisco.com Email: tsaad@cisco.com
Siva Sivabalan Siva Sivabalan
Cisco Systems Cisco Systems
Email: msiva@cisco.com Email: msiva@cisco.com
Nagendra Kumar Nagendra Kumar
Cisco Systems Cisco Systems
Email: naikumar@cisco.com Email: naikumar@cisco.com
Mallik Mudigonda Mallik Mudigonda
Cisco Systems Cisco Systems
Email: mmudigon@cisco.com Email: mmudigon@cisco.com
Sam Aldrin Sam Aldrin
Huawei Technologies Huawei Technologies
Email: aldrin.ietf@gmail.com Email: aldrin.ietf@gmail.com
18. References 16. References
18.1. Normative References 16.1. Normative References
[I-D.ietf-bfd-seamless-use-case] [I-D.ietf-bfd-seamless-use-case]
Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N., and S. Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N., and S.
Matsushima, "Seamless Bidirectional Forwarding Detection Matsushima, "Seamless Bidirectional Forwarding Detection
(BFD) Use Case", draft-ietf-bfd-seamless-use-case-00 (work (BFD) Use Case", draft-ietf-bfd-seamless-use-case-00 (work
in progress), June 2014. in progress), June 2014.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 17, line 45 skipping to change at page 15, line 39
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June
2010. 2010.
[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for Multihop Paths", RFC 5883, June 2010. (BFD) for Multihop Paths", RFC 5883, June 2010.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label "Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", RFC 5884, June 2010. Switched Paths (LSPs)", RFC 5884, June 2010.
18.2. Informative References 16.2. Informative References
[I-D.ietf-bfd-generic-crypto-auth] [I-D.ietf-bfd-generic-crypto-auth]
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
"BFD Generic Cryptographic Authentication", draft-ietf- "BFD Generic Cryptographic Authentication", draft-ietf-
bfd-generic-crypto-auth-06 (work in progress), April 2014. bfd-generic-crypto-auth-06 (work in progress), April 2014.
[I-D.previdi-filsfils-isis-segment-routing]
Previdi, S., Filsfils, C., Bashandy, A., Horneffer, M.,
Decraene, B., Litkowski, S., Milojevic, I., Shakir, R.,
Ytti, S., Henderickx, W., and J. Tantsura, "Segment
Routing with IS-IS Routing Protocol", draft-previdi-
filsfils-isis-segment-routing-02 (work in progress), March
2013.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000. Address Spoofing", BCP 38, RFC 2827, May 2000.
[RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding [RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding
Detection (BFD) for the Pseudowire Virtual Circuit Detection (BFD) for the Pseudowire Virtual Circuit
Connectivity Verification (VCCV)", RFC 5885, June 2010. Connectivity Verification (VCCV)", RFC 5885, June 2010.
Appendix A. Loop Problem Appendix A. Loop Problem
Consider a scenario where we have two nodes and both are S-BFD Consider a scenario where we have two nodes and both are S-BFD
capable. capable.
Node A (IP 1.1.1.1) ---------------- Node B (IP 2.2.2.2) Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2)
| |
| |
Man in the Middle (MiM) Man in the Middle (MiM)
Assume node A reserved a discriminator 0x01010101 for target Assume node A reserved a discriminator 0x01010101 for target
identifier 1.1.1.1 and has a reflector session in listening mode. identifier 192.0.2.1 and has a reflector session in listening mode.
Similarly node B reserved a discriminator 0x02020202 for its target Similarly node B reserved a discriminator 0x02020202 for its target
identifier 2.2.2.2 and also has a reflector session in listening identifier 192.0.2.2 and also has a reflector session in listening
mode. mode.
Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc
= 0x02020202, source IP as 1.1.1.1 and dest IP as 2.2.2.2. When this = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When
packet reaches Node B, the reflector session on Node B will swap the this packet reaches Node B, the reflector session on Node B will swap
discriminators and IP addresses of the received packet and reflect it the discriminators and IP addresses of the received packet and
back, since YourDisc of the received packet matched with reserved reflect it back, since YourDisc of the received packet matched with
discriminator of Node B. The reflected packet that reached Node A reserved discriminator of Node B. The reflected packet that reached
will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since
of the received packet matched the reserved discriminator of Node A, YourDisc of the received packet matched the reserved discriminator of
Node A will swap the discriminators and reflects the packet back to Node A, Node A will swap the discriminators and reflects the packet
Node B. Since reflectors MUST set the TTL of the reflected packets back to Node B. Since reflectors MUST set the TTL of the reflected
to 255, the above scenario will result in an infinite loop with just packets to 255, the above scenario will result in an infinite loop
one malicious packet injected from MiM. with just one malicious packet injected from MiM.
FYI: Packet fields do not carry any direction information, i.e., if FYI: Packet fields do not carry any direction information, i.e., if
this is Ping packet or reply packet. this is Ping packet or reply packet.
Solutions Solutions
The current proposals to avoid the loop problem are: The current proposals to avoid the loop problem are:
o Overload "D" bit (Demand mode bit): Initiator always sets the 'D' o Overload "D" bit (Demand mode bit): Initiator always sets the 'D'
bit and reflector clears it. This way we can identify if a bit and reflector clears it. This way we can identify if a
skipping to change at page 19, line 45 skipping to change at page 17, line 32
Cisco Systems Cisco Systems
Email: cpignata@cisco.com Email: cpignata@cisco.com
Dave Ward Dave Ward
Cisco Systems Cisco Systems
Email: wardd@cisco.com Email: wardd@cisco.com
Manav Bhatia Manav Bhatia
Alcatel-Lucent Ionos Networks
Email: manav@ionosnetworks.com
Email: manav.bhatia@alcatel-lucent.com
Santosh Santosh
Juniper Networks Juniper Networks
Email: santoshpk@juniper.net Email: santoshpk@juniper.net
 End of changes. 125 change blocks. 
527 lines changed or deleted 417 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/