draft-ietf-bfd-seamless-base-08.txt   draft-ietf-bfd-seamless-base-09.txt 
Internet Engineering Task Force N. Akiya Internet Engineering Task Force N. Akiya
Internet-Draft Big Switch Networks Internet-Draft Big Switch Networks
Updates: 5880 (if approved) C. Pignataro Updates: 5880 (if approved) C. Pignataro
Intended status: Standards Track D. Ward Intended status: Standards Track D. Ward
Expires: August 26, 2016 Cisco Systems Expires: October 15, 2016 Cisco Systems
M. Bhatia M. Bhatia
Ionos Networks Ionos Networks
S. Pallagatti S. Pallagatti
February 23, 2016 April 13, 2016
Seamless Bidirectional Forwarding Detection (S-BFD) Seamless Bidirectional Forwarding Detection (S-BFD)
draft-ietf-bfd-seamless-base-08 draft-ietf-bfd-seamless-base-09
Abstract Abstract
This document defines a simplified mechanism to use Bidirectional This document defines a simplified mechanism to use Bidirectional
Forwarding Detection (BFD) with large portions of negotiation aspects Forwarding Detection (BFD) with large portions of negotiation aspects
eliminated, thus providing benefits such as quick provisioning as eliminated, thus providing benefits such as quick provisioning as
well as improved control and flexibility to network nodes initiating well as improved control and flexibility to network nodes initiating
the path monitoring. the path monitoring.
This document updates RFC5880. This document updates RFC5880.
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 26, 2016. This Internet-Draft will expire on October 15, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 35 skipping to change at page 5, line 35
discriminators for local entities, and creates a reflector BFD discriminators for local entities, and creates a reflector BFD
session. Allocated S-BFD discriminators may be advertised by session. Allocated S-BFD discriminators may be advertised by
applications (e.g., OSPF/IS-IS). Required result is that applications (e.g., OSPF/IS-IS). Required result is that
applications, on other network nodes, possess the knowledge of the applications, on other network nodes, possess the knowledge of the
S-BFD discriminators allocated by a remote node to remote entities. S-BFD discriminators allocated by a remote node to remote entities.
The reflector BFD session is to, upon receiving an S-BFD control The reflector BFD session is to, upon receiving an S-BFD control
packet targeted to one of local S-BFD discriminator values, transmit packet targeted to one of local S-BFD discriminator values, transmit
a response S-BFD control packet back to the initiator. a response S-BFD control packet back to the initiator.
Once above setup is complete, any network node, having the knowledge Once above setup is complete, any network node, having the knowledge
of the S-BFD discriminator allocated toby a remote node to remote of the S-BFD discriminator allocated to by a remote node to remote
entity/entities, it can quickly perform a continuity test to the entity/entities, it can quickly perform a continuity test to the
remote entity by simply sending S-BFD control packets with remote entity by simply sending S-BFD control packets with
corresponding S-BFD discriminator value in the "your discriminator" corresponding S-BFD discriminator value in the "your discriminator"
field. field.
For example: For example:
<------- IS-IS Network -------> <------- IS-IS Network ------->
+---------+ +---------+
skipping to change at page 8, line 19 skipping to change at page 8, line 19
o MUST be capable of sending only two states: UP and ADMINDOWN. o MUST be capable of sending only two states: UP and ADMINDOWN.
One reflector BFD session may be responsible for handling received One reflector BFD session may be responsible for handling received
S-BFD control packets targeted to all locally allocated S-BFD S-BFD control packets targeted to all locally allocated S-BFD
discriminators, or few reflector BFD sessions may each be responsible discriminators, or few reflector BFD sessions may each be responsible
for subset of locally allocated S-BFD discriminators. This policy is for subset of locally allocated S-BFD discriminators. This policy is
a local matter, and is outside the scope of this document. a local matter, and is outside the scope of this document.
Note that incoming S-BFD control packets may be IPv4, IPv6 or MPLS Note that incoming S-BFD control packets may be IPv4, IPv6 or MPLS
based. How such S-BFD control packets reach an appropriate reflector based [I-D.ietf-bfd-seamless-ip], and other options are possible and
BFD session is also a local matter, and is outside the scope of this can be defined in future documents. How such S-BFD control packets
document. reach an appropriate reflector BFD session is also a local matter,
and is outside the scope of this document.
6. State Variables 6. State Variables
S-BFD introduces new state variables, and modifies the usage of S-BFD introduces new state variables, and modifies the usage of
existing ones. existing ones.
6.1. New State Variables 6.1. New State Variables
A new state variable is added to the base specification in support of A new state variable is added to the base specification in support of
S-BFD. S-BFD.
skipping to change at page 19, line 12 skipping to change at page 19, line 12
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<http://www.rfc-editor.org/info/rfc5880>. <http://www.rfc-editor.org/info/rfc5880>.
15.2. Informative References 15.2. Informative References
[I-D.ietf-bfd-generic-crypto-auth] [I-D.ietf-bfd-generic-crypto-auth]
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani, Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
"BFD Generic Cryptographic Authentication", draft-ietf- "BFD Generic Cryptographic Authentication", draft-ietf-
bfd-generic-crypto-auth-06 (work in progress), April 2014. bfd-generic-crypto-auth-06 (work in progress), April 2014.
[I-D.ietf-bfd-seamless-ip]
Akiya, N., Pignataro, C., and D. Ward, "Seamless
Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6
and MPLS", draft-ietf-bfd-seamless-ip-03 (work in
progress), February 2016.
[I-D.ietf-bfd-seamless-use-case] [I-D.ietf-bfd-seamless-use-case]
Aldrin, S., Bhatia, M., Matsushima, S., Mirsky, G., and N. Aldrin, S., Bhatia, M., Matsushima, S., Mirsky, G., and N.
Kumar, "Seamless Bidirectional Forwarding Detection (BFD) Kumar, "Seamless Bidirectional Forwarding Detection (BFD)
Use Case", draft-ietf-bfd-seamless-use-case-03 (work in Use Case", draft-ietf-bfd-seamless-use-case-04 (work in
progress), July 2015. progress), March 2016.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<http://www.rfc-editor.org/info/rfc791>. <http://www.rfc-editor.org/info/rfc791>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <http://www.rfc-editor.org/info/rfc2460>. December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, Label Switching Architecture", RFC 3031,
DOI 10.17487/RFC3031, January 2001, DOI 10.17487/RFC3031, January 2001,
<http://www.rfc-editor.org/info/rfc3031>. <http://www.rfc-editor.org/info/rfc3031>.
Appendix A. Loop Problem Appendix A. Loop Problem
Consider a scenario where we have two nodes and both are S-BFD Consider a scenario where we have two nodes and both are S-BFD
capable. capable.
Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2) Node A (IP 2001:db8::1) ----------------- Node B (IP 2001:db8::2)
| |
| |
Man in the Middle (MiM) Man in the Middle (MiM)
Assume node A reserved a discriminator 0x01010101 for target Assume node A reserved a discriminator 0x01010101 for target
identifier 192.0.2.1 and has a reflector session in listening mode. identifier 2001:db8::1 and has a reflector session in listening mode.
Similarly node B reserved a discriminator 0x02020202 for its target Similarly node B reserved a discriminator 0x02020202 for its target
identifier 192.0.2.2 and also has a reflector session in listening identifier 2001:db8::2 and also has a reflector session in listening
mode. mode.
Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc
= 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When = 0x02020202, source IP as 2001:db8::1 and dest IP as 2001:db8::2.
this packet reaches Node B, the reflector session on Node B will swap When this packet reaches Node B, the reflector session on Node B will
the discriminators and IP addresses of the received packet and swap the discriminators and IP addresses of the received packet and
reflect it back, since YourDisc of the received packet matched with reflect it back, since YourDisc of the received packet matched with
reserved discriminator of Node B. The reflected packet that reached reserved discriminator of Node B. The reflected packet that reached
Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since
YourDisc of the received packet matched the reserved discriminator of YourDisc of the received packet matched the reserved discriminator of
Node A, Node A will swap the discriminators and reflects the packet Node A, Node A will swap the discriminators and reflects the packet
back to Node B. Since reflectors must set the TTL of the reflected back to Node B. Since reflectors must set the TTL of the reflected
packets to 255, the above scenario will result in an infinite loop packets to 255, the above scenario will result in an infinite loop
with just one malicious packet injected from MiM. with just one malicious packet injected from MiM.
FYI: Packet fields do not carry any direction information, i.e., if FYI: Packet fields do not carry any direction information, i.e., if
 End of changes. 12 change blocks. 
16 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/