draft-ietf-mpls-ldp-ipv6-04.txt   draft-ietf-mpls-ldp-ipv6-05.txt 
MPLS Working Group Vishwas Manral MPLS Working Group Rajiv Asati
Internet Draft IPInfusion Inc. Internet Draft Cisco
Updates: 5036 (if approved) Updates: 5036 (if approved)
Intended status: Standards Track Rajiv Papneja Intended status: Standards Track Vishwas Manral
Expires: September 2011 Isocore Expires: February 23, 2012 Hewlett-Packard, Inc.
Rajiv Asati Rajiv Papneja
Cisco Isocore
Carlos Pignataro Carlos Pignataro
Cisco Cisco
May 17, 2011 August 23, 2011
Updates to LDP for IPv6 Updates to LDP for IPv6
draft-ietf-mpls-ldp-ipv6-04 draft-ietf-mpls-ldp-ipv6-05
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with This Internet-Draft is submitted in full conformance with the
the provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 17, 2011. This Internet-Draft will expire on February 23, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 19
The Label Distribution Protocol (LDP) specification defines The Label Distribution Protocol (LDP) specification defines
procedures to exchange label bindings over either IPv4, IPv6 or both procedures to exchange label bindings over either IPv4, IPv6 or both
networks. This document corrects and clarifies the LDP behavior when networks. This document corrects and clarifies the LDP behavior when
IPv6 network is used (with or without IPv4). This document updates IPv6 network is used (with or without IPv4). This document updates
RFC 5036. RFC 5036.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Topology Scenarios........................................3 1.1. Scope.....................................................3
2. Specification Language.........................................4 1.1.1. Topology Scenarios...................................3
1.1.2. LDP TTL Security.....................................4
2. Specification Language.........................................5
3. LSP Mapping....................................................5 3. LSP Mapping....................................................5
4. LDP Identifiers................................................6 4. LDP Identifiers................................................6
5. Peer Discovery.................................................6 5. Peer Discovery.................................................7
5.1. Basic Discovery Mechanism.................................6 5.1. Basic Discovery Mechanism.................................7
5.2. Extended Discovery Mechanism..............................7 5.2. Extended Discovery Mechanism..............................8
6. LDP Session Establishment and Maintenance......................8 6. LDP Session Establishment and Maintenance......................8
6.1. Transport connection establishment........................8 6.1. Transport connection establishment........................8
6.2. Maintaining Hello Adjacencies.............................9 6.2. Maintaining Hello Adjacencies............................10
6.3. Maintaining LDP Sessions.................................10 6.3. Maintaining LDP Sessions.................................10
7. Label Distribution............................................10 7. Label Distribution............................................10
8. IANA Considerations...........................................10 8. LDP TTL Security..............................................11
9. Security Considerations.......................................11 9. IANA Considerations...........................................12
10. Acknowledgments..............................................11 10. Security Considerations......................................12
11. References...................................................12 11. Acknowledgments..............................................12
11.1. Normative References....................................12 12. References...................................................14
11.2. Informative References..................................12 12.1. Normative References....................................14
Author's Addresses...............................................13 12.2. Informative References..................................14
Author's Addresses...............................................15
1. Introduction 1. Introduction
The LDP [RFC5036] specification defines procedures and messages for The LDP [RFC5036] specification defines procedures and messages for
exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g. exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g.
dual-stack) networks. dual-stack) networks.
However, RFC5036 specification has the following deficiencies in However, RFC5036 specification has the following deficiencies in
regards to IPv6 usage: regards to IPv6 usage:
1) LSP mapping: No rule defined for mapping a particular packet to a 1) LSP Mapping: No rule defined for mapping a particular packet to a
particular LSP that has an Address Prefix FEC element containing particular LSP that has an Address Prefix FEC element containing
IPv6 address of the egress router IPv6 address of the egress router
2) LDP identifier: No details specific to IPv6 usage 2) LDP Identifier: No details specific to IPv6 usage
3) LDP discovery: No details for using a particular IPv6 multicast 3) LDP Discovery: No details for using a particular IPv6 multicast
address (with or without IPv4 co-existence) address (with or without IPv4 co-existence)
4) LDP Session establishment: No rule for handling both IPv4 and 4) LDP Session establishment: No rule for handling both IPv4 and
IPv6 transport address optional objects in a Hello message, and IPv6 transport address optional objects in a Hello message, and
subsequently two IPv4 and IPv6 transport connections. subsequently two IPv4 and IPv6 transport connections
5) LDP Label exchange: No rule for advertising IPv4 or/and IPv6 FEC-
label bindings over an LDP session
6) LDP TTL security: No rule for built-in Generalized TTL Security 5) LDP TTL Security: No rule for built-in Generalized TTL Security
Mechanism (GTSM) in LDP Mechanism (GTSM) in LDP
6) LDP Label Distribution: No rule for advertising IPv4 or/and IPv6
FEC-label bindings over an LDP session
This document addresses the above deficiencies by specifying the This document addresses the above deficiencies by specifying the
desired behavior/rules/details. It also clarifies the topology desired behavior/rules/details for using LDP in IPv6 enabled
scenarios in section 1.1. networks. It also clarifies the scope (section 1.1).
Note that this document updates RFC5036. Note that this document updates RFC5036.
1.1. Topology Scenarios 1.1. Scope
1.1.1. Topology Scenarios
The following scenarios in which the LSRs may be inter-connected via The following scenarios in which the LSRs may be inter-connected via
one or more dual-stack interfaces (figure 1), or two or more single- one or more dual-stack interfaces (figure 1), or two or more single-
stack interfaces (figure 2 and figure 3) become quite relevant to stack interfaces (figure 2 and figure 3) are addressed by this
consider while addressing the deficiencies highlighted in section 1. document:
R1------------------R2 R1------------------R2
IPv4+IPv6 IPv4+IPv6
Figure 1 LSRs connected via a Dual-stack Interface Figure 1 LSRs connected via a Dual-stack Interface
IPv4 IPv4
R1=================R2 R1=================R2
IPv6 IPv6
Figure 2 LSRs connected via two single-stack Interfaces Figure 2 LSRs connected via two single-stack Interfaces
R1------------------R2---------------R3 R1------------------R2---------------R3
IPv4 IPv6 IPv4 IPv6
Figure 3 LSRs connected via a single-stack Interface Figure 3 LSRs connected via a single-stack Interface
The topology scenario illustrated in figure 1 also covers the case Note that the topology scenario illustrated in figure 1 also covers
of a single-stack interface (IPv4, say) being converted to a dual- the case of a single-stack interface (IPv4, say) being converted to
stacked interface by enabling IPv6 as well as IPv6 LDP, even though a dual-stacked interface by enabling IPv6 as well as IPv6 LDP, even
the IPv4 LDP session may already be established between the LSRs. though the IPv4 LDP session may already be established between the
LSRs.
The topology scenario illustrated in figure 2 also covers the case Note that the topology scenario illustrated in figure 2 also covers
of two routers getting connected via an additional single-stack the case of two routers getting connected via an additional single-
interface (IPv6, say), even though the IPv4 LDP session may already stack interface (IPv6, say), even though the IPv4 LDP session may
be established between the LSRs over the existing interface. already be established between the LSRs over the existing interface.
1.1.2. LDP TTL Security
LDP TTL Security mechanism specified by this document applies only
to single-hop LDP peering sessions, but not to multi-hop LDP peering
sessions, in line with Section 5.5 of [RFC5082] that describes
Generalized TTL Security Mechanism (GTSM).
As a consequence, any LDP feature that relies on multi-hop LDP
peering session would not work with GTSM and will warrant
(statically or dynamically) disabling GTSM. Please see section 8.
2. Specification Language 2. Specification Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Abbreviations: Abbreviations:
LDP - Label Distribution Protocol LDP - Label Distribution Protocol
LDPv4 - LDP for enabling IPv4 MPLS forwarding LDPv4 - LDP for enabling IPv4 MPLS forwarding
LDPv6 - LDP for enabling IPv6 MPLS forwarding
LDPv6 - LDP for enabling IPv6 MPLS forwarding
LDPoIPv4 - LDP over IPv4 transport session LDPoIPv4 - LDP over IPv4 transport session
LDPoIPv6 - LDP over IPv6 transport session LDPoIPv6 - LDP over IPv6 transport session
FEC - Forwarding Equivalence Class FEC - Forwarding Equivalence Class
TLV - Type Length Value TLV - Type Length Value
LSR - Label Switch Router LSR - Label Switch Router
skipping to change at page 7, line 43 skipping to change at page 8, line 15
adjacency for IPv4 and IPv6 on that interface. adjacency for IPv4 and IPv6 on that interface.
Needless to say, the IPv4 and IPv6 LDP Link Hellos must carry the Needless to say, the IPv4 and IPv6 LDP Link Hellos must carry the
same LDP identifier (assuming per-platform label space usage). same LDP identifier (assuming per-platform label space usage).
5.2. Extended Discovery Mechanism 5.2. Extended Discovery Mechanism
Suffice to say, the extended discovery mechanism (defined in section Suffice to say, the extended discovery mechanism (defined in section
2.4.2 of [RFC5036]) doesn't require any additional IPv6 specific 2.4.2 of [RFC5036]) doesn't require any additional IPv6 specific
consideration, since the targeted LDP Hellos are sent to a pre- consideration, since the targeted LDP Hellos are sent to a pre-
configured destination IP address. configured destination IPv6 address.
6. LDP Session Establishment and Maintenance 6. LDP Session Establishment and Maintenance
Section 2.5.1 of [RFC5036] defines a two-step process for LDP Section 2.5.1 of [RFC5036] defines a two-step process for LDP
session establishment, once the peer discovery has completed (LDP session establishment, once the peer discovery has completed (LDP
Hellos have been exchanged): Hellos have been exchanged):
1. Transport connection establishment 1. Transport connection establishment
2. Session initialization 2. Session initialization
skipping to change at page 9, line 24 skipping to change at page 9, line 43
LDP session with a remote LSR, if it has both IPv4 and IPv6 LDP session with a remote LSR, if it has both IPv4 and IPv6
hello adjacencies for the same LDP Identifier (over a dual- hello adjacencies for the same LDP Identifier (over a dual-
stack interface, or two or more single-stack IPv4 and IPv6 stack interface, or two or more single-stack IPv4 and IPv6
interfaces). This applies to the section 2.5.2 of RFC5036. interfaces). This applies to the section 2.5.2 of RFC5036.
- An LSR should prefer the LDP/TCP connection over IPv6 for a new - An LSR should prefer the LDP/TCP connection over IPv6 for a new
LDP session with a remote LSR, if they attempted two TCP LDP session with a remote LSR, if they attempted two TCP
connections using IPv4 and IPv6 transport addresses connections using IPv4 and IPv6 transport addresses
simultaneously. simultaneously.
This document allows an implementation to provide a configuration to This document allows for the implementation to provide a
override the above stated preference from IPv6 to IPv4 on a per-peer configuration option to override the above stated preference from
basis. Suffice to say that, such preference must be set on both IPv6 to IPv4 on a per-peer basis. Suffice to say that such option
LSRs. must be set on both LSRs.
This document also specifies that the LDP/TCP transport connection
over IPv6 must follow the GTSM procedures (Section 3 of [RFC5082])
by default, if the LDP/TCP transport connection is being established
between the adjacent LSRs (using Basic Discovery, as described in
section 5.1). This means that the IP Hop Limit field is set to 255
upon sending, and checked to be 255 upon receipt. The built-in
inclusion of GTSM automatically protects IPv6 LDP peering session
from off-link attacks.
6.2. Maintaining Hello Adjacencies 6.2. Maintaining Hello Adjacencies
As outlined in section 2.5.5 of RFC5036, this draft suggests that if As outlined in section 2.5.5 of RFC5036, this draft suggests that if
an LSR has a dual-stack interface, which is enabled with both IPv4 an LSR has a dual-stack interface, which is enabled with both IPv4
and IPv6 LDP, then the LSR must periodically send both IPv4 and IPv6 and IPv6 LDP, then the LSR must periodically send both IPv4 and IPv6
LDP Link Hellos and must separately maintain the Hello adjacency for LDP Link Hellos and must separately maintain the Hello adjacency for
IPv4 and IPv6 on that interface. IPv4 and IPv6 on that interface.
This ensures successful labeled IPv4 and labeled IPv6 traffic This ensures successful labeled IPv4 and labeled IPv6 traffic
skipping to change at page 10, line 41 skipping to change at page 11, line 5
This document specifies that an LSR should advertise and receive This document specifies that an LSR should advertise and receive
both IPv4 and IPv6 label bindings from and to the peer, only if it both IPv4 and IPv6 label bindings from and to the peer, only if it
has valid IPv4 and IPv6 Hello Adjacencies for that peer, as has valid IPv4 and IPv6 Hello Adjacencies for that peer, as
specified in section 6.2. specified in section 6.2.
This means that the LSR must not advertise any IPv6 label bindings This means that the LSR must not advertise any IPv6 label bindings
to a peer over an IPv4 LDP session, if no IPv6 Hello Adjacency to a peer over an IPv4 LDP session, if no IPv6 Hello Adjacency
existed for that peer (and vice versa). existed for that peer (and vice versa).
8. IANA Considerations 8. LDP TTL Security
This document also specifies that the LDP/TCP transport connection
over IPv6 (i.e. LDPoIPv6) must follow the Generalized TTL Security
Mechanism (GTSM) procedures (Section 3 of [RFC5082]) for an LDP
session peering established between the adjacent LSRs using Basic
Discovery, by default.
In other words, GTSM is enabled by default for an IPv6 LDP peering
session using Basic Discovery. This means that the 'IP Hop Limit' in
IPv6 packet is set to 255 upon sending, and checked to be 255 upon
receipt. The IPv6 packet must be dropped failing such a check upon
receipt.
The reason GTSM is enabled for Basic Discovery by default, but not
for Extended Discovery is that the usage of Basic Discovery
typically results in a single-hop LDP peering session, whereas the
usage of Extended Discovery typically results in a multi-hop LDP
peering session. While the latter is deemed out of scope (section
1.2), in line with GTSM [RFC5082], it is worth clarifying the
following exceptions that may occur with Basic or Extended Discovery
usage:
a) Two adjacent LSRs (i.e. back-to-back PE routers) forming a
single-hop LDP peering session after doing an Extended Discovery
(for Pseudowire, say)
b) Two adjacent LSRs forming a multi-hop LDP peering session after
doing a Basic Discovery, due to the way IP routing is setup
between them (temporarily or permanently)
c) Two adjacent LSRs (i.e. back-to-back PE routers) forming a
single-hop LDP peering session after doing both Basic and
Extended Discovery
In (a), GTSM is not enabled for the LDP peering session by default,
hence, it would not do any harm or good.
In (b), GTSM is enabled by default for the LDP peering session by
default and enforced, hence, it would prohibit the LDP peering
session from getting established.
In (c), GTSM is enabled by default for Basic Discovery and enforced
on the subsequent LDP peering. However, if each LSR uses the same
IPv6 transport address object value in both Basic and Extended
discoveries, then it would result in a single LDP peering session
and that would be enabled with GTSM. Otherwise, GTSM would not be
enforced on the 2nd LDP peering session corresponding to the
Extended Discovery.
This document allows for the implementation to provide an option to
statically (configuration) and/or dynamically override the default
behavior (i.e. disable GTSM) on a per-peer basis. This would also
address the exception (b) above. Suffice to say that such an option
could be set on either LSR (since GTSM negotiation would ultimately
disable GTSM between an LSR and its peer(s)).
The built-in GTSM inclusion is intended to automatically protect
IPv6 LDP peering session from off-link attacks.
9. IANA Considerations
None. None.
9. Security Considerations 10. Security Considerations
The extensions defined in this document only clarify the behavior of The extensions defined in this document only clarify the behavior of
LDP, they do not define any new protocol procedures. Hence, this LDP, they do not define any new protocol procedures. Hence, this
document does not add any new security issues to LDP. document does not add any new security issues to LDP.
While the security issues relevant for the [RFC5036] are relevant While the security issues relevant for the [RFC5036] are relevant
for this document as well, this document reduces the chances of off- for this document as well, this document reduces the chances of off-
link attacks when using IPv6 transport connection by including the link attacks when using IPv6 transport connection by including the
use of GTSM procedures [RFC5082]. use of GTSM procedures [RFC5082].
Moreover, this document allows the use of IPsec [RFC4301] for IPv6 Moreover, this document allows the use of IPsec [RFC4301] for IPv6
protection, hence, LDP can benefit from the additional security as protection, hence, LDP can benefit from the additional security as
specified in [RFC4835] as well as [RFC5920]. specified in [RFC4835] as well as [RFC5920].
10. Acknowledgments 11. Acknowledgments
We acknowledge the authors of [RFC5036], since the text in this We acknowledge the authors of [RFC5036], since the text in this
document is borrowed from [RFC5036]. document is borrowed from [RFC5036].
Thanks to Bob Thomas for providing critical feedback to improve this Thanks to Bob Thomas for providing critical feedback to improve this
document early on. Thanks to Kamran Raza, Eric Rosen, Lizhong Jin, document early on. Thanks to Kamran Raza, Eric Rosen, Lizhong Jin,
Bin Mo, Mach Chen, and Kishore Tiruveedhula for reviewing this Bin Mo, Mach Chen, and Kishore Tiruveedhula for reviewing this
document. The authors also acknowledge the help of Manoj Dutta and document. The authors also acknowledge the help of Manoj Dutta and
Vividh Siddha. Vividh Siddha.
This document was prepared using 2-Word-v2.0.template.dot. This document was prepared using 2-Word-v2.0.template.dot.
11. References 12. References
11.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 4291, February 2006. (IPv6) Addressing Architecture", RFC 4291, February 2006.
[RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP [RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP
Specification", RFC 5036, October 2007. Specification", RFC 5036, October 2007.
[RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and [RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and
Savola, P., "The Generalized TTL Security Mechanism Savola, P., "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007. (GTSM)", RFC 5082, October 2007.
11.2. Informative References 12.2. Informative References
[RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet [RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
[RFC4835] Manral, V., "Cryptographic Algorithm Implementation [RFC4835] Manral, V., "Cryptographic Algorithm Implementation
Requirements for Encapsulating Security Payload (ESP) and Requirements for Encapsulating Security Payload (ESP) and
Authentication Header (AH)", RFC 4835, April 2007. Authentication Header (AH)", RFC 4835, April 2007.
[RFC5918] Asati, R. Minei, I., and Thomas, B., "Label Distribution [RFC5918] Asati, R. Minei, I., and Thomas, B., "Label Distribution
Protocol (LDP) 'Typed Wildcard' Forward Equivalence Class Protocol (LDP) 'Typed Wildcard' Forward Equivalence Class
(FEC)", RFC 5918, April 2010. (FEC)", RFC 5918, April 2010.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010. Networks", RFC 5920, July 2010.
Author's Addresses Author's Addresses
Vishwas Manral Vishwas Manral
IP Infusion Inc., Hewlet-Packard, Inc.
1188 E. Arques Ave, 19111 Pruneridge Ave., Cupertino, CA, 95014
Sunnyvale, CA, 94089 Phone: 408-447-1497
Email: vishwas@ipinfusion.com Email: vishwas.manral@hp.com
Rajiv Papneja Rajiv Papneja
ISOCORE ISOCORE
12359 Sunrise Valley Dr, STE 100 12359 Sunrise Valley Dr, STE 100
Reston, VA 20190 Reston, VA 20190
Email: rpapneja@isocore.com Email: rpapneja@isocore.com
Rajiv Asati Rajiv Asati
Cisco Systems, Inc. Cisco Systems, Inc.
7025 Kit Creek Road 7025 Kit Creek Road
 End of changes. 33 change blocks. 
71 lines changed or deleted 138 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/