draft-ietf-bfd-unsolicited-00.txt   draft-ietf-bfd-unsolicited-01.txt 
Network Working Group E. Chen Network Working Group E. Chen
Internet-Draft N. Shen Internet-Draft N. Shen
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: August 29, 2019 R. Raszuk Expires: December 30, 2019 R. Raszuk
Bloomberg LP Bloomberg LP
R. Rahman R. Rahman
Cisco Systems Cisco Systems
February 25, 2019 June 28, 2019
Unsolicited BFD for Sessionless Applications Unsolicited BFD for Sessionless Applications
draft-ietf-bfd-unsolicited-00 draft-ietf-bfd-unsolicited-01
Abstract Abstract
For operational simplification of "sessionless" applications using For operational simplification of "sessionless" applications using
BFD, in this document we present procedures for "unsolicited BFD" BFD, in this document we present procedures for "unsolicited BFD"
that allow a BFD session to be initiated by only one side, and be that allow a BFD session to be initiated by only one side, and be
established without explicit per-session configuration or established without explicit per-session configuration or
registration by the other side (subject to certain per-interface or registration by the other side (subject to certain per-interface or
per-router policies). per-router policies).
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
be interpreted as described in [RFC2119] only when they appear in all "OPTIONAL" in this document are to be interpreted as described in BCP
upper case. They may also appear in lower or mixed case as English 14 [RFC2119] [RFC8174] when, and only when, they appear in all
words, without normative meaning. capitals, as shown here.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 29, 2019. This Internet-Draft will expire on December 30, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Procedures for Unsolicited BFD . . . . . . . . . . . . . . . 3 2. Procedures for Unsolicited BFD . . . . . . . . . . . . . . . 3
3. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 4 3. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Unsolicited BFD Hierarchy . . . . . . . . . . . . . . . . 4 3.1. Unsolicited BFD Hierarchy . . . . . . . . . . . . . . . . 4
3.2. Unsolicited BFD Module . . . . . . . . . . . . . . . . . 5 3.2. Unsolicited BFD Module . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1. BFD Protocol Security Considerations . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . 9 5.2. YANG Module Security Considerations . . . . . . . . . . . 9
6.2. Informative References . . . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10
6.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
The current implementation and deployment practice for BFD ([RFC5880] The current implementation and deployment practice for BFD ([RFC5880]
and [RFC5881]) usually requires BFD sessions be explicitly configured and [RFC5881]) usually requires BFD sessions be explicitly configured
or registered on both sides. This requirement is not an issue when or registered on both sides. This requirement is not an issue when
an application like BGP [RFC4271] has the concept of a "session" that an application like BGP [RFC4271] has the concept of a "session" that
involves both sides for its establishment. However, this requirement involves both sides for its establishment. However, this requirement
can be operationally challenging when the prerequisite "session" does can be operationally challenging when the prerequisite "session" does
not naturally exist between two endpoints in an application. not naturally exist between two endpoints in an application.
skipping to change at page 5, line 6 skipping to change at page 5, line 6
registered client for the BFD session. registered client for the BFD session.
3. YANG Data Model 3. YANG Data Model
This section extends the YANG data model for BFD [I-D.ietf-bfd-yang] This section extends the YANG data model for BFD [I-D.ietf-bfd-yang]
to cover the unsolicited BFD. to cover the unsolicited BFD.
3.1. Unsolicited BFD Hierarchy 3.1. Unsolicited BFD Hierarchy
module: ietf-bfd-unsolicited module: ietf-bfd-unsolicited
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/bfd:bfd: /rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh:
+--rw unsolicited {bfd-unsol:unsolicited-params-global}? +--rw unsolicited {bfd-unsol:unsolicited-params-global}?
+--rw allow? boolean +--rw enable? boolean
+--rw local-multiplier? multiplier +--rw local-multiplier? multiplier
+--rw (interval-config-type)? +--rw (interval-config-type)?
+--:(tx-rx-intervals) +--:(tx-rx-intervals)
| +--rw desired-min-tx-interval? uint32 | +--rw desired-min-tx-interval? uint32
| +--rw required-min-rx-interval? uint32 | +--rw required-min-rx-interval? uint32
+--:(single-interval) {single-minimum-interval}? +--:(single-interval) {single-minimum-interval}?
+--rw min-interval? uint32 +--rw min-interval? uint32
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh /rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh
/bfd-ip-sh:interfaces: /bfd-ip-sh:interfaces:
+--rw unsolicited {bfd-unsol:unsolicited-params-per-interface}? +--rw unsolicited {bfd-unsol:unsolicited-params-per-interface}?
+--rw allow? boolean +--rw enable? boolean
+--rw local-multiplier? multiplier +--rw local-multiplier? multiplier
+--rw (interval-config-type)? +--rw (interval-config-type)?
+--:(tx-rx-intervals) +--:(tx-rx-intervals)
| +--rw desired-min-tx-interval? uint32 | +--rw desired-min-tx-interval? uint32
| +--rw required-min-rx-interval? uint32 | +--rw required-min-rx-interval? uint32
+--:(single-interval) {single-minimum-interval}? +--:(single-interval) {single-minimum-interval}?
+--rw min-interval? uint32 +--rw min-interval? uint32
augment /rt:routing/rt:control-plane-protocols augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh /rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh
/bfd-ip-sh:sessions/bfd-ip-sh:session: /bfd-ip-sh:sessions/bfd-ip-sh:session:
+--ro unsolicited +--ro unsolicited
+--ro role? bfd-unsol:unsolicited-role +--ro role? bfd-unsol:unsolicited-role
3.2. Unsolicited BFD Module 3.2. Unsolicited BFD Module
<CODE BEGINS> file "ietf-bfd-unsolicited@ 2018-10-27.yang" <CODE BEGINS> file "ietf-bfd-unsolicited@2019-06-26.yang"
module ietf-bfd-unsolicited { module ietf-bfd-unsolicited {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-bfd-unsolicited"; namespace "urn:ietf:params:xml:ns:yang:ietf-bfd-unsolicited";
prefix "bfd-unsol"; prefix "bfd-unsol";
// RFC Ed.: replace occurences of XXXX/YYYY with actual RFC numbers // RFC Ed.: replace occurences of XXXX/YYYY with actual RFC numbers
skipping to change at page 7, line 7 skipping to change at page 7, line 7
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
reference "RFC YYYY"; reference "RFC YYYY";
revision 2018-10-27 { revision 2019-06-26 {
description "Initial revision."; description "Initial revision.";
reference "RFC YYYY: A YANG data model for BFD unsolicited"; reference "RFC YYYY: A YANG data model for BFD unsolicited";
} }
/* /*
* Feature definitions * Feature definitions
*/ */
feature unsolicited-params-global { feature unsolicited-params-global {
description description
"This feature indicates that the server supports global "This feature indicates that the server supports global
skipping to change at page 7, line 46 skipping to change at page 7, line 46
description "Passive role"; description "Passive role";
} }
} }
description "Unsolicited role"; description "Unsolicited role";
} }
/* /*
* Augments * Augments
*/ */
augment "/rt:routing/rt:control-plane-protocols/" augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/bfd:bfd" { + "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh" {
description description
"Augmentation for BFD unsolicited parameters"; "Augmentation for BFD unsolicited parameters";
container unsolicited { container unsolicited {
if-feature bfd-unsol:unsolicited-params-global; if-feature bfd-unsol:unsolicited-params-global;
description description
"BFD unsolicited top level container"; "BFD unsolicited top level container";
leaf allow { leaf enable {
type boolean; type boolean;
default false; default false;
description "Allow BFD unsolicited globally."; description
"Enable BFD unsolicited globally for IP single-hop.";
} }
uses bfd-types:base-cfg-parms; uses bfd-types:base-cfg-parms;
} }
} }
augment "/rt:routing/rt:control-plane-protocols/" augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" + "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/"
+ "bfd-ip-sh:interfaces" { + "bfd-ip-sh:interfaces" {
description description
"Augmentation for BFD unsolicited on IP single-hop interface"; "Augmentation for BFD unsolicited on IP single-hop interface";
container unsolicited { container unsolicited {
if-feature bfd-unsol:unsolicited-params-per-interface; if-feature bfd-unsol:unsolicited-params-per-interface;
description description
"BFD IP single-hop interface unsolicited top level container"; "BFD IP single-hop interface unsolicited top level container";
leaf allow { leaf enable {
type boolean; type boolean;
default false; default false;
description "Allow BFD unsolicited on this interface."; description "Enable BFD unsolicited on this interface.";
} }
uses bfd-types:base-cfg-parms; uses bfd-types:base-cfg-parms;
} }
} }
augment "/rt:routing/rt:control-plane-protocols/" augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" + "rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/"
+ "bfd-ip-sh:sessions/bfd-ip-sh:session" { + "bfd-ip-sh:sessions/bfd-ip-sh:session" {
description description
"Augmentation for BFD unsolicited on IP single-hop session"; "Augmentation for BFD unsolicited on IP single-hop session";
skipping to change at page 9, line 11 skipping to change at page 9, line 11
} }
<CODE ENDS> <CODE ENDS>
4. IANA Considerations 4. IANA Considerations
This documents makes no IANA requests. This documents makes no IANA requests.
5. Security Considerations 5. Security Considerations
5.1. BFD Protocol Security Considerations
The same security considerations as those described in [RFC5880] and The same security considerations as those described in [RFC5880] and
[RFC5881] apply to this document. With "unsolicited BFD" there is [RFC5881] apply to this document. With "unsolicited BFD" there is
potential risk for excessive resource usage by BFD from "unexpected" potential risk for excessive resource usage by BFD from "unexpected"
remote systems. To mitigate such risks, the following measures are remote systems. To mitigate such risks, the following measures are
RECOMMENDED: RECOMMENDED:
o Limit the feature to specific interfaces, and to a single-hop BFD o Limit the feature to specific interfaces, and to a single-hop BFD
with "TTL=255" [RFC5082]. In addition make sure the source with "TTL=255" [RFC5082]. In addition make sure the source
address of an incoming BFD packet belongs to the subnet of the address of an incoming BFD packet belongs to the subnet of the
interface from which the BFD packet is received. interface from which the BFD packet is received.
o Apply "access control" to allow BFD packets only from certain o Apply "access control" to allow BFD packets only from certain
subnets or hosts. subnets or hosts.
o Deploy the feature only in certain "trustworthy" environment, o Deploy the feature only in certain "trustworthy" environment,
e.g., at an IXP, or between a provider and its customers. e.g., at an IXP, or between a provider and its customers.
o Adjust BFD parameters as needed for the particular deployment and o Adjust BFD parameters as needed for the particular deployment and
scale. scale.
o Use BFD authentication. o Use BFD authentication.
5.2. YANG Module Security Considerations
The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC5246].
The NETCONF access control model [RFC6536] provides the means to
restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
/routing/control-plane-protocols/control-plane-protocol/bfd/ip-sh
/unsolicited:
o data node "enable" enables creation of unsolicited BFD IP single-
hop sessions globally, i.e. on all interfaces. See Section 5.1.
o data nodes local-multiplier, desired-min-tx-interval, required-
min-rx-interval and min-interval all impact the parameters of the
unsolicited BFD IP single-hop sessions.
/routing/control-plane-protocols/control-plane-protocol/bfd/ip-sh
/interfaces/interface/unsolicited:
o data node "enable" enables creation of unsolicited BFD IP single-
hop sessions on a specific interface. See Section 5.1.
o data nodes local-multiplier, desired-min-tx-interval, required-
min-rx-interval and min-interval all impact the parameters of the
unsolicited BFD IP single-hop sessions on the interface.
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
/routing/control-plane-protocols/control-plane-protocol/bfd/ip-sh
/sessions/session/unsolicited: access to this information discloses
the role of the local system in the creation of the unsolicited BFD
session.
6. References 6. References
6.1. Normative References 6.1. Normative References
[I-D.ietf-bfd-yang] [I-D.ietf-bfd-yang]
Rahman, R., Zheng, L., Jethanandani, M., Networks, J., and Rahman, R., Zheng, L., Jethanandani, M., Networks, J., and
G. Mirsky, "YANG Data Model for Bidirectional Forwarding G. Mirsky, "YANG Data Model for Bidirectional Forwarding
Detection (BFD)", draft-ietf-bfd-yang-17 (work in Detection (BFD)", draft-ietf-bfd-yang-17 (work in
progress), August 2018. progress), August 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
Pignataro, "The Generalized TTL Security Mechanism Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007,
<https://www.rfc-editor.org/info/rfc5082>. <https://www.rfc-editor.org/info/rfc5082>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>. <https://www.rfc-editor.org/info/rfc5880>.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881,
DOI 10.17487/RFC5881, June 2010, DOI 10.17487/RFC5881, June 2010,
<https://www.rfc-editor.org/info/rfc5881>. <https://www.rfc-editor.org/info/rfc5881>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536,
DOI 10.17487/RFC6536, March 2012,
<https://www.rfc-editor.org/info/rfc6536>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
6.2. Informative References 6.2. Informative References
[I-D.ietf-idr-rs-bfd] [I-D.ietf-idr-rs-bfd]
Bush, R., Haas, J., Scudder, J., Nipper, A., and C. Bush, R., Haas, J., Scudder, J., Nipper, A., and C.
Dietzel, "Making Route Servers Aware of Data Link Failures Dietzel, "Making Route Servers Aware of Data Link Failures
at IXPs", draft-ietf-idr-rs-bfd-06 (work in progress), at IXPs", draft-ietf-idr-rs-bfd-07 (work in progress),
October 2018. March 2019.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>. <https://www.rfc-editor.org/info/rfc4271>.
[RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. [RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S.
Pallagatti, "Seamless Bidirectional Forwarding Detection Pallagatti, "Seamless Bidirectional Forwarding Detection
(S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016, (S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016,
<https://www.rfc-editor.org/info/rfc7880>. <https://www.rfc-editor.org/info/rfc7880>.
 End of changes. 21 change blocks. 
24 lines changed or deleted 108 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/