draft-ietf-mpls-ldp-ipv6-13.txt   draft-ietf-mpls-ldp-ipv6-14.txt 
MPLS Working Group Rajiv Asati MPLS Working Group Rajiv Asati
Internet Draft Cisco Internet Draft Carlos Pignataro
Updates: 5036 (if approved) Updates: 5036, 6720 (if approved) Kamran Raza
Intended status: Standards Track Vishwas Manral Intended status: Standards Track Cisco
Expires: January 2015 Hewlett-Packard, Inc. Expires: April 2015
Vishwas Manral
Hewlett-Packard, Inc
Rajiv Papneja Rajiv Papneja
Huawei Huawei
Carlos Pignataro October 2, 2014
Cisco
July 3, 2014
Updates to LDP for IPv6 Updates to LDP for IPv6
draft-ietf-mpls-ldp-ipv6-13 draft-ietf-mpls-ldp-ipv6-14
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2015. This Internet-Draft will expire on April 2, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 25
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Abstract Abstract
The Label Distribution Protocol (LDP) specification defines The Label Distribution Protocol (LDP) specification defines
procedures to exchange label bindings over either IPv4, or IPv6 or procedures to exchange label bindings over either IPv4, or IPv6 or
both networks. This document corrects and clarifies the LDP behavior both networks. This document corrects and clarifies the LDP behavior
when IPv6 network is used (with or without IPv4). This document when IPv6 network is used (with or without IPv4). This document
updates RFC 5036. updates RFC 5036 and RFC 6720.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Topology Scenarios for Dual-Stack Environment.............4 1.1. Topology Scenarios for Dual-stack Environment.............4
1.2. Single-hop vs. Multi-hop LDP Peering......................5 1.2. Single-hop vs. Multi-hop LDP Peering......................5
2. Specification Language.........................................6 2. Specification Language.........................................6
3. LSP Mapping....................................................6 3. LSP Mapping....................................................7
4. LDP Identifiers................................................7 4. LDP Identifiers................................................7
5. Neighbor Discovery.............................................7 5. Neighbor Discovery.............................................8
5.1. Basic Discovery Mechanism.................................8 5.1. Basic Discovery Mechanism.................................8
5.1.1. Maintaining Hello Adjacencies........................9 5.1.1. Maintaining Hello Adjacencies........................9
5.2. Extended Discovery Mechanism..............................9 5.2. Extended Discovery Mechanism..............................9
6. LDP Session Establishment and Maintenance......................9 6. LDP Session Establishment and Maintenance......................9
6.1. Transport connection establishment........................9 6.1. Transport connection establishment.......................10
6.1.1. Determining Transport connection Roles..............11 6.1.1. Determining Transport connection Roles..............11
6.2. LDP Sessions Maintenance.................................13 6.2. LDP Sessions Maintenance.................................14
7. Address Distribution..........................................14 7. Binding Distribution..........................................14
8. Label Distribution............................................14 7.1. Address Distribution.....................................15
9. LDP Identifiers and Duplicate Next Hop Addresses..............15 7.2. Label Distribution.......................................15
10. LDP TTL Security.............................................16
11. IANA Considerations..........................................16 8. LDP Identifiers and Duplicate Next Hop Addresses..............16
12. Security Considerations......................................16 9. LDP TTL Security..............................................17
13. Acknowledgments..............................................17 10. IANA Considerations..........................................18
14. Additional Contributors......................................17 11. Security Considerations......................................18
15. References...................................................18 12. Acknowledgments..............................................19
15.1. Normative References....................................18 13. Additional Contributors......................................19
15.2. Informative References..................................18 14. References...................................................20
Appendix A.......................................................20 14.1. Normative References....................................20
A.1. LDPv6 and LDPv4 Interoperability Safety Net..............20 14.2. Informative References..................................20
A.2. Why 32-bit value even for IPv6 LDP Router ID.............20 Appendix A.......................................................22
A.3. Why prohibit IPv4-mapped IPv6 addresses in LDP...........20 A.1. LDPv6 and LDPv4 Interoperability Safety Net..............22
Author's Addresses...............................................22 A.2. Accommodating Non-RFC5036-compliant implementations......22
A.3. Why prohibit IPv4-mapped IPv6 addresses in LDP...........23
A.4. Why 32-bit value even for IPv6 LDP Router ID.............23
Author's Addresses...............................................24
1. Introduction 1. Introduction
The LDP [RFC5036] specification defines procedures and messages for The LDP [RFC5036] specification defines procedures and messages for
exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g. exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g.
dual-stack) networks. Dual-stack) networks.
However, RFC5036 specification has the following deficiency (or However, RFC5036 specification has the following deficiency (or
lacks details) in regards to IPv6 usage (with or without IPv4): lacks details) in regards to IPv6 usage (with or without IPv4):
1) LSP Mapping: No rule for mapping a particular packet to a 1) LSP Mapping: No rule for mapping a particular packet to a
particular LSP that has an Address Prefix FEC element containing particular LSP that has an Address Prefix FEC element containing
IPv6 address of the egress router IPv6 address of the egress router
2) LDP Identifier: No details specific to IPv6 usage 2) LDP Identifier: No details specific to IPv6 usage
3) LDP Discovery: No details for using a particular IPv6 destination 3) LDP Discovery: No details for using a particular IPv6 destination
(multicast) address or the source address (with or without IPv4 (multicast) address or the source address
co-existence)
4) LDP Session establishment: No rule for handling both IPv4 and 4) LDP Session establishment: No rule for handling both IPv4 and
IPv6 transport address optional objects in a Hello message, and IPv6 transport address optional objects in a Hello message, and
subsequently two IPv4 and IPv6 transport connections subsequently two IPv4 and IPv6 transport connections
5) LDP Address Distribution: No rule for advertising IPv4 or/and 5) LDP Address Distribution: No rule for advertising IPv4 or/and
IPv6 FEC-Address bindings over an LDP session IPv6 Address bindings over an LDP session
6) LDP Label Distribution: No rule for advertising IPv4 or/and IPv6 6) LDP Label Distribution: No rule for advertising IPv4 or/and IPv6
FEC-label bindings over an LDP session, and for handling the co- FEC-label bindings over an LDP session, and for handling the co-
existence of IPv4 and IPv6 FEC Elements in the same FEC TLV existence of IPv4 and IPv6 FEC Elements in the same FEC TLV
7) Next Hop Address Resolution: No rule for accommodating the usage 7) Next Hop Address Resolution: No rule for accommodating the usage
of duplicate link-local IPv6 addresses of duplicate link-local IPv6 addresses
8) LDP TTL Security: No rule for built-in Generalized TTL Security 8) LDP TTL Security: No rule for built-in Generalized TTL Security
Mechanism (GTSM) in LDP with IPv6 (this is a deficiency in Mechanism (GTSM) in LDP with IPv6 (this is a deficiency in
RFC6720) RFC6720)
This document addresses the above deficiencies by specifying the This document addresses the above deficiencies by specifying the
desired behavior/rules/details for using LDP in IPv6 enabled desired behavior/rules/details for using LDP in IPv6 enabled
networks (IPv6-only or Dual-stack networks). networks (IPv6-only or Dual-stack networks).
Note that this document updates RFC5036 and RFC6720. Note that this document updates RFC5036 and RFC6720.
1.1. Topology Scenarios for Dual-Stack Environment 1.1. Topology Scenarios for Dual-stack Environment
Two LSRs may involve basic and/or extended LDP discovery in IPv6 Two LSRs may involve basic and/or extended LDP discovery in IPv6
and/or IPv4 address-families in various topology scenarios. and/or IPv4 address-families in various topology scenarios.
This document addresses the following 3 topology scenarios in which This document addresses the following 3 topology scenarios in which
the LSRs may be connected via one or more dual-stack interfaces the LSRs may be connected via one or more Dual-stack LDP enabled
(figure 1), or one or more single-stack interfaces (figure 2 and interfaces (figure 1), or one or more Single-stack LDP enabled
figure 3): interfaces (figure 2 and figure 3):
R1------------------R2 R1------------------R2
IPv4+IPv6 IPv4+IPv6
Figure 1 LSRs connected via a Dual-stack Interface Figure 1 LSRs connected via a Dual-stack Interface
IPv4 IPv4
R1=================R2 R1=================R2
IPv6 IPv6
Figure 2 LSRs connected via two single-stack Interfaces Figure 2 LSRs connected via two Single-stack Interfaces
R1------------------R2---------------R3 R1------------------R2---------------R3
IPv4 IPv6 IPv4 IPv6
Figure 3 LSRs connected via a single-stack Interface Figure 3 LSRs connected via a Single-stack Interface
Note that the topology scenario illustrated in figure 1 also covers Note that the topology scenario illustrated in figure 1 also covers
the case of a single-stack interface (IPv4, say) being converted to the case of a Single-stack LDP enabled interface (IPv4, say) being
a dual-stacked interface by enabling IPv6 routing as well as IPv6 converted to a Dual-stacked LDP enabled interface (by enabling IPv6
LDP, even though the IPv4 LDP session may already be established routing as well as IPv6 LDP), even though the LDPoIPv4 session may
between the LSRs. already be established between the LSRs.
Note that the topology scenario illustrated in figure 2 also covers Note that the topology scenario illustrated in figure 2 also covers
the case of two routers getting connected via an additional single- the case of two routers getting connected via an additional Single-
stack interface (IPv6 routing and IPv6 LDP), even though the IPv4 stack LDP enabled interface (IPv6 routing and IPv6 LDP), even though
LDP session may already be established between the LSRs over the the LDPoIPv4 session may already be established between the LSRs
existing interface(s). over the existing interface(s).
This document also addresses the scenario in which the LSRs do This document also addresses the scenario in which the LSRs do the
extended discovery in IPv6 and/or IPv4 address-families: extended discovery in IPv6 and/or IPv4 address-families:
IPv4 IPv4
R1-------------------R2 R1-------------------R2
IPv6 IPv6
Figure 4 LSRs involving IPv4 and IPv6 address-families Figure 4 LSRs involving IPv4 and IPv6 address-families
1.2. Single-hop vs. Multi-hop LDP Peering 1.2. Single-hop vs. Multi-hop LDP Peering
skipping to change at page 6, line 15 skipping to change at page 6, line 15
2. Specification Language 2. Specification Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Abbreviations: Abbreviations:
LDP - Label Distribution Protocol LDP - Label Distribution Protocol
LDPoIPv4 - LDP over IPv4 transport session LDPoIPv4 - LDP over IPv4 transport connection
LDPoIPv6 - LDP over IPv6 transport session LDPoIPv6 - LDP over IPv6 transport connection
FEC - Forwarding Equivalence Class FEC - Forwarding Equivalence Class
TLV - Type Length Value TLV - Type Length Value
LSR - Label Switching Router LSR - Label Switching Router
LSP - Label Switched Path LSP - Label Switched Path
LSPv4 - IPv4-signaled Label Switched Path [RFC4798] LSPv4 - IPv4-signaled Label Switched Path [RFC4798]
LSPv6 - IPv6-signaled Label Switched Path [RFC4798] LSPv6 - IPv6-signaled Label Switched Path [RFC4798]
AFI - Address Family Identifier AFI - Address Family Identifier
LDP Id - LDP Identifier LDP Id - LDP Identifier
Single-stack LDP - LDP supporting just one address family (for
discovery, session setup, address/label binding
exchange etc.)
Dual-stack LDP - LDP supporting two address families (for
discovery, session setup, address/label binding
exchange etc.)
Dual-stack LSR - LSR supporting Dual-stack LDP for a peer
Single-stack LSR - LSR supporting Single-stack LDP for a peer
Note that an LSR can be a Dual-stack and Single-stack LSR at the
same time for different peers. This document loosely uses the term
address family to mean IP address family.
3. LSP Mapping 3. LSP Mapping
Section 2.1 of [RFC5036] specifies the procedure for mapping a Section 2.1 of [RFC5036] specifies the procedure for mapping a
particular packet to a particular LSP using three rules. Quoting the particular packet to a particular LSP using three rules. Quoting the
3rd rule from RFC5036: 3rd rule from RFC5036:
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is a /32 address of that router, then the packet is mapped to that is a /32 address of that router, then the packet is mapped to
that LSP." that LSP."
skipping to change at page 7, line 19 skipping to change at page 7, line 30
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is an IPv4 or IPv6 address of that router, then the packet is that is an IPv4 or IPv6 address of that router, then the packet is
mapped to that LSP." mapped to that LSP."
4. LDP Identifiers 4. LDP Identifiers
In line with section 2.2.2 of [RFC5036], this document specifies the In line with section 2.2.2 of [RFC5036], this document specifies the
usage of 32-bit (unsigned non-zero integer) LSR Id on an IPv6 usage of 32-bit (unsigned non-zero integer) LSR Id on an IPv6
enabled LSR (with or without dual-stacking). enabled LSR (with or without Dual-stacking).
This document also qualifies the first sentence of last paragraph of This document also qualifies the first sentence of last paragraph of
Section 2.5.2 of [RFC5036] to be per address family and therefore Section 2.5.2 of [RFC5036] to be per address family and therefore
updates that sentence to the following: updates that sentence to the following:
"For a given address family, an LSR MUST advertise the same "For a given address family, an LSR MUST advertise the same
transport address in all Hellos that advertise the same label transport address in all Hellos that advertise the same label
space." space."
This rightly enables the per-platform label space to be shared This rightly enables the per-platform label space to be shared
between IPv4 and IPv6. between IPv4 and IPv6.
In summary, this document mandates the usage of a common LDP In summary, this document mandates the usage of a common LDP
identifier (same LSR Id aka LDP Router Id as well as a common Label identifier (same LSR Id aka LDP Router Id as well as a common Label
space id) for both IPv4 and IPv6 address families on a dual-stack space id) for both IPv4 and IPv6 address families.
LSR.
5. Neighbor Discovery 5. Neighbor Discovery
If an LSR is enabled with dual-stack LDP (e.g. LDP enabled in both If Dual-stack LDP is enabled (e.g. LDP enabled in both IPv6 and IPv4
IPv6 and IPv4 address families), then the LSR MUST advertise both address families) on an interface or for a targeted neighbor, then
IPv6 and IPv4 LDP Link or targeted Hellos and include the same LDP the LSR MUST transmit both IPv6 and IPv4 LDP (Link or targeted)
Identifier (assuming per-platform label space usage) in them. Hellos and include the same LDP Identifier (assuming per-platform
label space usage) in them.
If an LSR is enabled with single-stack LDP (e.g. LDP enabled in If Single-stack LDP is enabled (e.g. LDP enabled in either IPv6 or
either IPv6 or IPv4 address family), then the LSR MUST advertise IPv4 address family), then the LSR MUST transmit either IPv6 or IPv4
either IPv6 or IPv4 LDP Link or targeted Hellos respectively. LDP (Link or targeted) Hellos respectively.
5.1. Basic Discovery Mechanism 5.1. Basic Discovery Mechanism
Section 2.4.1 of [RFC5036] defines the Basic Discovery mechanism for Section 2.4.1 of [RFC5036] defines the Basic Discovery mechanism for
directly connected LSRs. Following this mechanism, LSRs periodically directly connected LSRs. Following this mechanism, LSRs periodically
send LDP Link Hellos destined to "all routers on this subnet" group send LDP Link Hellos destined to "all routers on this subnet" group
multicast IP address. multicast IP address.
Interesting enough, per the IPv6 addressing architecture [RFC4291], Interesting enough, per the IPv6 addressing architecture [RFC4291],
IPv6 has three "all routers on this subnet" multicast addresses: IPv6 has three "all routers on this subnet" multicast addresses:
skipping to change at page 8, line 27 skipping to change at page 8, line 39
FF02:0:0:0:0:0:0:2 = Link-local scope FF02:0:0:0:0:0:0:2 = Link-local scope
FF05:0:0:0:0:0:0:2 = Site-local scope FF05:0:0:0:0:0:0:2 = Site-local scope
[RFC5036] does not specify which particular IPv6 'all routers on [RFC5036] does not specify which particular IPv6 'all routers on
this subnet' group multicast IP address should be used by LDP Link this subnet' group multicast IP address should be used by LDP Link
Hellos. Hellos.
This document specifies the usage of link-local scope e.g. This document specifies the usage of link-local scope e.g.
FF02:0:0:0:0:0:0:2 as the destination multicast IP address in IPv6 FF02:0:0:0:0:0:0:2 as the destination multicast IP address in IPv6
LDP Link Hellos. An LDP Hello packet received on any of the other LDP Link Hellos. An LDP Link Hello packet received on any of the
destination addresses MUST be dropped. Additionally, the link-local other destination addresses MUST be dropped. Additionally, the link-
IPv6 address MUST be used as the source IP address in IPv6 LDP Link local IPv6 address MUST be used as the source IP address in IPv6 LDP
Hellos. Link Hellos.
Also, the LDP Link Hello packets MUST have their IPv6 Hop Limit set Also, the LDP Link Hello packets MUST have their IPv6 Hop Limit set
to 255, be checked for the same upon receipt (before any LDP to 255, be checked for the same upon receipt (before any LDP
specific processing) and be handled as specified in Generalized TTL specific processing) and be handled as specified in Generalized TTL
Security Mechanism (GTSM) section 3 of [RFC5082]. The built-in Security Mechanism (GTSM) section 3 of [RFC5082]. The built-in
inclusion of GTSM automatically protects IPv6 LDP from off-link inclusion of GTSM automatically protects IPv6 LDP from off-link
attacks. attacks.
More importantly, if an interface is a dual-stack LDP interface More importantly, if an interface is a Dual-stack LDP interface
(e.g. LDP enabled in both IPv6 and IPv4 address families), then the (e.g. LDP enabled in both IPv6 and IPv4 address families), then the
LSR MUST periodically send both IPv6 and IPv4 LDP Link Hellos (using LSR MUST periodically transmit both IPv6 and IPv4 LDP Link Hellos
the same LDP Identifier per section 4) on that interface and be able (using the same LDP Identifier per section 4) on that interface and
to receive them. This facilitates discovery of IPv6-only, IPv4-only be able to receive them. This facilitates discovery of IPv6-only,
and dual-stack peers on the interface's subnet and ensures IPv4-only and Dual-stack peers on the interface's subnet and ensures
successful subsequent peering using the appropriate (address family) successful subsequent peering using the appropriate (address family)
transport on a multi-access or broadcast interface. transport on a multi-access or broadcast interface.
An implementation MUST send IPv6 LDP link Hellos before sending IPv4 An implementation MUST transmit IPv6 LDP link Hellos before IPv4 LDP
LDP Link Hellos on a dual-stack interface. Link Hellos on a Dual-stack interface, particularly during the
interface coming into service or configuration time.
5.1.1. Maintaining Hello Adjacencies 5.1.1. Maintaining Hello Adjacencies
In case of dual-stack LDP interface (e.g. LDP enabled in both IPv6 In case of Dual-stack LDP enabled interface, the LSR SHOULD maintain
and IPv4 address families), the LSR SHOULD maintain link Hello link Hello adjacencies for both IPv4 and IPv6 address families. This
adjacencies for both IPv4 and IPv6 address families. This document, document, however, allows an LSR to maintain Rx-side Link Hello
however, allows an LSR to maintain Rx-side Link Hello adjacency for adjacency only for the address family that has been used for the
the address family that has been used for the establishment of the establishment of the LDP session (whether LDPoIPv4 or LDPoIPv6
LDP session (either IPv4 or IPv6). session).
5.2. Extended Discovery Mechanism 5.2. Extended Discovery Mechanism
The extended discovery mechanism (defined in section 2.4.2 of The extended discovery mechanism (defined in section 2.4.2 of
[RFC5036]), in which the targeted LDP Hellos are sent to a pre- [RFC5036]), in which the targeted LDP Hellos are sent to a unicast
configured (unicast) destination IPv6 address, requires only one IPv6 address destination, requires only one IPv6 specific
IPv6 specific consideration: the link-local IPv6 addresses MUST NOT consideration: the link-local IPv6 addresses MUST NOT be used as the
be used as the targeted LDP hello packet's source or destination targeted LDP hello packet's source or destination addresses.
addresses.
6. LDP Session Establishment and Maintenance 6. LDP Session Establishment and Maintenance
Section 2.5.1 of [RFC5036] defines a two-step process for LDP Section 2.5.1 of [RFC5036] defines a two-step process for LDP
session establishment, once the peer discovery has completed (LDP session establishment, once the neighbor discovery has completed
Hellos have been exchanged): (i.e. LDP Hellos have been exchanged):
1. Transport connection establishment 1. Transport connection establishment
2. Session initialization 2. Session initialization
The forthcoming sub-section 6.1 discusses the LDP consideration for The forthcoming sub-section 6.1 discusses the LDP consideration for
IPv6 and/or dual-stacking in the context of session establishment, IPv6 and/or Dual-stacking in the context of session establishment,
whereas sub-section 6.2 discusses the LDP consideration for IPv6 whereas sub-section 6.2 discusses the LDP consideration for IPv6
and/or dual-stacking in the context of session maintenance. and/or Dual-stacking in the context of session maintenance.
6.1. Transport connection establishment 6.1. Transport connection establishment
Section 2.5.2 of [RFC5036] specifies the use of an optional Section 2.5.2 of [RFC5036] specifies the use of an optional
transport address object (TLV) in LDP Hello message to convey the transport address object (TLV) in LDP Hello message to convey the
transport (IP) address, however, it does not specify the behavior of transport (IP) address, however, it does not specify the behavior of
LDP if both IPv4 and IPv6 transport address objects (TLV) are sent LDP if both IPv4 and IPv6 transport address objects (TLV) are sent
in a Hello message or separate Hello messages. More importantly, it in a Hello message or separate Hello messages. More importantly, it
does not specify whether both IPv4 and IPv6 transport connections does not specify whether both IPv4 and IPv6 transport connections
should be allowed, if there were both IPv4 and IPv6 Hello should be allowed, if both IPv4 and IPv6 Hello adjacencies were
adjacencies. present prior to the session establishment.
This document specifies that: This document specifies that:
1. An LSR MUST NOT send a Hello message containing both IPv4 and 1. An LSR MUST NOT send a Hello message containing both IPv4 and
IPv6 transport address optional objects. In other words, there IPv6 transport address optional objects. In other words, there
MUST be at most one optional Transport Address object in a MUST be at most one optional Transport Address object in a
Hello message. An LSR MUST include only the transport address Hello message. An LSR MUST include only the transport address
whose address family is the same as that of the IP packet whose address family is the same as that of the IP packet
carrying Hello message. carrying the Hello message.
2. An LSR SHOULD accept the Hello message that contains both IPv4 2. An LSR SHOULD accept the Hello message that contains both IPv4
and IPv6 transport address optional objects, but MUST use only and IPv6 transport address optional objects, but MUST use only
the transport address whose address family is the same as that the transport address whose address family is the same as that
of the IP packet carrying the Hello message. An LSR SHOULD of the IP packet carrying the Hello message. An LSR SHOULD
accept only the first transport object for a given Address accept only the first transport object for a given address
family in the received Hello message, and ignore the rest, if family in the received Hello message, and ignore the rest, if
the LSR receives more than one transport object. the LSR receives more than one transport object for a given
address family.
3. An LSR MUST send separate Hello messages (each containing 3. An LSR MUST send separate Hello messages (each containing
either IPv4 or IPv6 transport address optional object) for each either IPv4 or IPv6 transport address optional object) for each
IP address family, if LDP was enabled for both IP address IP address family, if Dual-stack LDP was enabled.
families.
4. An LSR MUST use a global unicast IPv6 address in IPv6 transport 4. An LSR MUST use a global unicast IPv6 address in IPv6 transport
address optional object of outgoing targeted Hellos, and check address optional object of outgoing targeted Hellos, and check
for the same in incoming targeted hellos (i.e. MUST discard the for the same in incoming targeted hellos (i.e. MUST discard the
hello, if it failed the check). targeted hello, if it failed the check).
5. An LSR MUST prefer using a global unicast IPv6 address in IPv6 5. An LSR MUST prefer using a global unicast IPv6 address in IPv6
transport address optional object of outgoing Link Hellos, if transport address optional object of outgoing Link Hellos, if
it had to choose between global unicast IPv6 address and it had to choose between global unicast IPv6 address and
unique-local or link-local IPv6 address. unique-local or link-local IPv6 address.
6. An LSR SHOULD NOT create (or honor the request for creating) a 6. A Dual-stack LSR MUST NOT initiate (or accept the request for)
TCP connection for a new LDP session with a remote LSR, if they a TCP connection for a new LDP session with a remote LSR, if
already have an LDP session (for the same LDP Identifier) they already have an LDPoIPv4 or LDPoIPv6 session (for the same
established over whatever IP version transport. LDP Identifier) established.
This means that only one transport connection is established This means that only one transport connection is established
regardless of IPv6 or/and IPv4 Hello adjacencies presence regardless of IPv6 or/and IPv4 Hello adjacencies presence
between two LSRs. between two LSRs.
7. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new 7. A Dual-stack LSR MUST prefer establishing LDPoIPv6 session with
LDP session with a remote LSR, if it is able to determine the a remote LSR by following the 'transport connection role'
IPv6 presence (e.g. IPv6 Hello adjacency), by following the determination logic in section 6.1.1.
'transport connection role' determination logic in section
6.1.1. 8. A Single-stack LSR MUST establish LDPoIPv4 or LDPoIPv6 session
with a remote LSR as per the enabled address-family.
6.1.1. Determining Transport connection Roles 6.1.1. Determining Transport connection Roles
Section 2.5.2 of [RFC5036] specifies the rules for determining Section 2.5.2 of [RFC5036] specifies the rules for determining
active/passive roles in setting up TCP connection. These rules are active/passive roles in setting up TCP connection. These rules are
clear for a single-stack (IPv4 or IPv6) LDP, but not for a dual- clear for a Single-stack LDP, but not for a Dual-stack LDP, in which
stack (IPv4 and IPv6) LDP, in which an LSR may assume different an LSR may assume different roles for different address families,
roles for different address families, causing LDP session to not get causing LDP session to not get established.
established.
To ensure deterministic transport connection (active/passive) role To ensure deterministic transport connection (active/passive) role
for dual-stack LDP peering, this document specifies that the LSR in case of Dual-stack LDP, this document specifies that the Dual-
convey its transport connection preference in every LDP Hello stack LSR convey its transport connection preference in every LDP
message. A new optional parameter, encoded as a TLV, (section 3.5.2 Hello message. This preference is encoded in a new TLV, named Dual-
of RFC5036) is defined as follows (for Hello Message): stack capability TLV, as defined below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1|0| IPv4orIPv6 Preference | Length | |1|0| Dual-stack capability | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|TR | Reserved | MBZ | |TR | Reserved | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5 IPv4 or IPv6 Transport Preference TLV Figure 5 Dual-stack capability TLV
Where: Where:
U and F bits: 1 and 0 (as specified by RFC5036) U and F bits: 1 and 0 (as specified by RFC5036)
IPv4orIPv6 Preference: TLV code point for IPv4 or IPv6 Preference Dual-stack capability: TLV code point (to be assigned by IANA).
(to be assigned by IANA).
TR, Transport Preference TR, Transport Connection Preference.
00: IPv4 This document defines the following 2 values:
01: IPv6 (default value) 0100: LDPoIPv4 connection
0110: LDPoIPv6 connection
Reserved Reserved
This field is reserved. It MUST be set to zero on This field is reserved. It MUST be set to zero on
transmission and ignored on receipt. transmission and ignored on receipt.
A dual-stack LDP enabled LSR (capable of supporting both IPv4 and A Dual-stack LSR MUST include "Dual-stack capability" TLV in all of
IPv6 transports for LDP) MUST include "IPv4orIPv6 Transport its LDP Hellos, and MUST set the "TR" field to announce its
Preference" optional parameter in all of its LDP Hellos, and MUST preference for either LDPoIPv4 or LDPoIPv6 transport connection. The
set the "TR" field to announce its preference for either IPv4 or default preference is LDPoIPv6.
IPv6 transport connection. The default preference is IPv6.
Upon receiving the hello message with this TLV, a dual-stack capable Upon receiving the hello messages from the neighbor, a Dual-stack
receiving LSR MUST do the following: LSR MUST check for the presence of "Dual-stack capability" TLV and
take appropriate actions as follows:
1. If it understands the TLV, and if neighbor's preference does 1. If "Dual-stack capability" TLV is present and remote preference
not match with the local preference, then it discards the hello does not match with the local preference, then the LSR MUST
(and no adjacency is formed) and logs an error. discard the hello message and log an error.
2. If it understands the TLV, and if neighbor's preference matches If LDP session was already in place, then LSR MUST send a fatal
with the local preference, then: Notification message with status code [Transport Connection
mismatch, IANA allocation TBD] and reset the session.
a) If TR=0 (IPv4), then determine the active/passive roles 2. If "Dual-stack capability" TLV is present, and remote
for TCP connection using IPv4 transport address as defined preference matches with the local preference, then:
in section 2.5.2 of RFC 5036.
b) If TR=1 (IPv6), then determine the active/passive roles a) If TR=0100 (LDPoIPv4), then determine the active/passive
for TCP connection by comparing the LSR Id part of the LDP roles for TCP connection using IPv4 transport address as
Identifiers of LSRs. defined in section 2.5.2 of RFC 5036.
The LSR with higher LSR Id MUST assume the active role and b) If TR=0110 (LDPoIPv6), then determine the active/passive
other LSR MUST assume the passive role for the IPv6 TCP roles for TCP connection by using IPv6 transport address
connection. as defined in section 2.5.2 of RFC 5036.
3. If it does not understand the TLV, then it MUST silently 3. If "Dual-stack capability" TLV is NOT present, and
discard this TLV and process the rest of the Hello message. a) Only IPv4 hellos are received, then the neighbor is deemed
as a legacy IPv4-only LSR (supporting Single-stack LDP),
hence, an LDPoIPv4 session SHOULD be established (similar
to that of 2a above).
If an LSR receives the hello message without the "IPv4orIPv6 However, if IPv6 hellos are also received at any time from
Transport Preference" TLV, then it MUST proceed with session that neighbor, then the neighbor is deemed as a non-
establishment using single-stack rules, as per section 2.5.2 of RFC compliant Dual-stack LSR (similar to that of 3c below),
5036. resulting in any established LDPoIPv4 session being reset
and a fatal Notification message being sent (with status
code of 'Dual-Stack Non-Compliance', IANA allocation TBD).
b) Only IPv6 hellos are received, then the neighbor is deemed
as an IPv6-only LSR (supporting Single-stack LDP) and
LDPoIPv6 session SHOULD be established (similar to that of
2b above).
However, if IPv4 hellos are also received at any time from
that neighbor, then the neighbor is deemed as a non-
compliant Dual-stack LSR (similar to that of 3c below),
resulting in any established LDPoIPv6 session being reset
and a fatal Notification message being sent (with status
code of 'Dual-Stack Non-Compliance', IANA allocation TBD).
c) Both IPv4 and IPv6 hellos are received, then the neighbor
is deemed as a non-compliant Dual-stack neighbor, and is
not allowed to have any LDP session.
An LSR MUST convey the same transport connection preference ("TR" An LSR MUST convey the same transport connection preference ("TR"
field) in all (link and targeted) Hellos that advertise the same field value) in all (link and targeted) Hellos that advertise the
label space to the same peer and/or on same interface. This ensures same label space to the same peer and/or on same interface. This
that two LSRs linked by multiple Hello adjacencies using the same ensures that two LSRs linked by multiple Hello adjacencies using the
label spaces play the same connection establishment role for each same label spaces play the same connection establishment role for
adjacency. each adjacency.
An implementation may provide an option to favor one AFI (IPv4, say) An implementation may provide an option to favor one AFI (IPv4, say)
over another AFI (IPv6, say) for the TCP transport connection, so as over another AFI (IPv6, say) for the TCP transport connection, so as
to use the favored IP version for the LDP session, and force to use the favored IP version for the LDP session, and force
deterministic active/passive roles. deterministic active/passive roles.
Note - An alternative to Capability TLV could be a new Flag value in Note - An alternative to this new Capability TLV could be a new Flag
LDP Hello message, however, it will get used even in a single-stack value in LDP Hello message, however, it will get used even in a
IPv6 scenarios and linger on forever, even though dual-stack will Single-stack IPv6 LDP networks and linger on forever, even though
not. Hence, this alternative is discarded. Dual-stack will not. Hence, this alternative is discarded.
6.2. LDP Sessions Maintenance 6.2. LDP Sessions Maintenance
This document specifies that two LSRs maintain a single LDP session This document specifies that two LSRs maintain a single LDP session
regardless of number of Link or Targeted Hello adjacencies between regardless of number of Link or Targeted Hello adjacencies between
them, as described in section 6.1. This is independent of whether: them, as described in section 6.1. This is independent of whether:
- they are connected via a dual-stack LDP enabled interface(s) or - they are connected via a Dual-stack LDP enabled interface(s) or
via two (or more) single-stack LDP enabled interfaces; via two (or more) Single-stack LDP enabled interfaces;
- a single-stack LDP enabled interface is converted to a dual-stack - a Single-stack LDP enabled interface is converted to a Dual-stack
LDP enabled interface (e.g. figure 1) on either LSR; LDP enabled interface (e.g. figure 1) on either LSR;
- an additional single-stack or dual-stack LDP enabled interface is - an additional Single-stack or Dual-stack LDP enabled interface is
added or removed between two LSRs (e.g. figure 2). added or removed between two LSRs (e.g. figure 2).
The procedures defined in section 6.1 SHOULD result in preferring The procedures defined in section 6.1 SHOULD result in setting up
LDPoIPv6 session only after the loss of an existing LDP session the LDP session in preferred AFI only after the loss of an existing
(because of link failure, node failure, reboot etc.). LDP session (because of link failure, node failure, reboot etc.).
If the last hello adjacency for a given address family goes down If the last hello adjacency for a given address family goes down
(e.g. due to dual-stack LDP enabled interfaces being converted into (e.g. due to Dual-stack LDP enabled interfaces being converted into
a single-stack LDP enabled interfaces on one LSR etc.), and that a Single-stack LDP enabled interfaces on one LSR etc.), and that
address family is the same as the one used in the transport address family is the same as the one used in the transport
connection, then the transport connection (LDP session) SHOULD be connection, then the transport connection (LDP session) MUST be
reset. Otherwise, the LDP session SHOULD stay intact. reset. Otherwise, the LDP session MUST stay intact.
If the LDP session is torn down for whatever reason (LDP disabled If the LDP session is torn down for whatever reason (LDP disabled
for the corresponding transport, hello adjacency expiry etc.), then for the corresponding transport, hello adjacency expiry, preference
the LSRs SHOULD initiate establishing a new LDP session as per the mismatch etc.), then the LSRs SHOULD initiate establishing a new LDP
procedures described in section 6.1 of this document. session as per the procedures described in section 6.1 of this
document.
7. Address Distribution 7. Binding Distribution
If an LSR is enabled with dual-stack LDP (i.e. LDP in both IPv4 and LSRs by definition can be enabled for Dual-stack LDP globally and/or
IPv6 address families) for any (discovered or targeted) peer, then per peer so as to exchange the address and label bindings for both
it MUST advertise (via ADDRESS message) its local IPv4 and IPv6 IPv4 and IPv6 address-families, independent of LDPoIPv4 or LDPoIPV6
addresses to that peer by default, independent of the transport session between them.
connection (address family) used for that peering.
If an LSR, compliant with this specification, is enabled with However, there might be some legacy LSRs that are fully compliant
single-stack LDP (i.e. LDP in either IPv6 or IPv4 address family) with RFC 5036 for IPv4, but non-compliant for IPv6 (say, section
for any (discovered or targeted) peer, then it MUST advertise (via 3.5.5.1 of RFC 5036), causing them to reset the session upon
ADDRESS message) its local IP addresses as per the enabled address receiving IPv6 address bindings or IPv6 FEC (Prefix) label bindings.
family by default, and SHOULD accept a received Address message This is somewhat undesirable, as clarified further Appendix A.1 and
containing both IPv4 and IPv6 addresses. A.2.
8. Label Distribution To help maintain backward compatibility (accommodate IPv4-only LDP
implementations that may not be compliant with RFC 5036 section
3.5.5.1), this specification requires that an LSR MUST NOT send any
IPv6 bindings to a peer if peer has been determined as a legacy LSR.
The 'Dual-stack capability' TLV, which is defined in section 6.1.1,
is also used to determine if a peer is a legacy (IPv4-only Single-
stack) LSR or not.
7.1. Address Distribution
An LSR MUST NOT advertise (via ADDRESS message) any IPv4-mapped IPv6
addresses (defined in section 2.5.5.2 of [RFC4291]), and ignore such
addresses, if ever received. Please see Appendix A.3.
If an LSR is enabled with Dual-stack LDP for a peer and
1. Is NOT able to find the Dual-stack capability TLV in the
incoming IPv4 LDP hello messages from that peer, then the LSR
MUST NOT advertise its local IPv6 Addresses to the peer.
2. Is able to find the Dual-stack capability in the incoming IPv4
(or IPv6) LDP Hello messages from that peer, then it MUST
advertise (via ADDRESS message) its local IPv4 and IPv6
addresses to that peer.
3. Is NOT able to find the Dual-stack capability in the incoming
IPv6 LDP Hello messages, then it MUST advertise (via ADDRESS
message) only its local IPv6 addresses to that peer.
The last point helps to maintain forward compatibility (no need
to require this TLV in case of IPv6 Single-stack LDP).
If an LSR is enabled with Single-stack LDP for any peer, then it
MUST advertise (via ADDRESS message) its local IP addresses as per
the enabled address family, and accept received Address messages
containing IP addresses as per the enabled address family.
7.2. Label Distribution
An LSR MUST NOT allocate and MUST NOT advertise FEC-Label bindings An LSR MUST NOT allocate and MUST NOT advertise FEC-Label bindings
for link-local or IPv4-mapped IPv6 addresses (defined in section for link-local or IPv4-mapped IPv6 addresses (defined in section
2.5.5.2 of [RFC4291]), and ignore such bindings, if ever received. 2.5.5.2 of [RFC4291]), and ignore such bindings, if ever received.
Please see Appendix A.3. Please see Appendix A.3.
Additionally, to ensure backward compatibility (and interoperability If an LSR enabled with Dual-stack LDP for a peer and
with IPv4-only LDP implementations) in light of section 3.4.1.1 of
RFC5036, as rationalized in the Appendix section A.1 later, this
document specifies that -
1. An LSR MUST NOT send a label mapping message with a FEC TLV 1. Is NOT able to find the Dual-stack capability TLV in the
containing two or more Prefix FEC Elements of different address incoming IPv4 LDP hello messages from that peer, then the LSR
families. This means that a FEC TLV in the label mapping MUST NOT advertise IPv6 FEC-label bindings to the peer.
message must contain all the Prefix FEC Elements belonging to
IPv6 address family or IPv4 address family, but not both.
If an LSR is enabled with dual-stack LDP (i.e. LDP in both IPv4 and 2. Is able to find the Dual-stack capability in the incoming IPv4
IPv6 address families) for any peer, then it MUST advertise the FEC- (or IPv6) LDP Hello messages from that peer, then it MUST
Label bindings for both IPv4 and IPv6 address families to that peer. advertise FEC-Label bindings for both IPv4 and IPv6 address
However, an LSR MAY constrain the advertisement of FEC-label families to that peer.
bindings for a particular address family by negotiating the IP
Capability for a given address family, as specified in [IPPWCap]
document. This allows an LSR pair to neither advertise nor receive
the undesired FEC-label bindings on a per address family basis.
If an LSR is configured to move an interface or peer from single- 3. Is NOT able to find the Dual-stack capability in the incoming
stack (IPv6 or IPv4 address family) to dual-stack LDP (IPv6 and IPv4 IPv6 LDP Hello messages, then it MUST advertise FEC-Label
address families), then an LSR SHOULD use Typed Wildcard FEC bindings for IPv6 address families to that peer.
procedures [RFC5918] to request the FEC-label bindings for the
enabled address family. This helps to relearn the FEC-label bindings
that may have been discarded before without resetting the peering.
9. LDP Identifiers and Duplicate Next Hop Addresses The last point helps to maintain forward compatibility (no need
to require this TLV for IPv6 Single-stack LDP).
If an LSR is enabled with Single-stack LDP for any peer, then it
MUST advertise (via ADDRESS message) FEC-Label bindings for the
enabled address family, and accept FEC-Label bindings for the
enabled address family.
An LSR MAY further constrain the advertisement of FEC-label bindings
for a particular address family by negotiating the IP Capability for
a given address family, as specified in [IPPWCap] document. This
allows an LSR pair to neither advertise nor receive the undesired
FEC-label bindings on a per address family basis to a peer.
If an LSR is configured to change an interface or peer from Single-
stack LDP to Dual-stack LDP, then an LSR SHOULD use Typed Wildcard
FEC procedures [RFC5918] to request the label bindings for the
enabled address family. This helps to relearn the label bindings
that may have been discarded before without resetting the session.
8. LDP Identifiers and Duplicate Next Hop Addresses
RFC5036 section 2.7 specifies the logic for mapping the IP routing RFC5036 section 2.7 specifies the logic for mapping the IP routing
next-hop (of a given FEC) to an LDP peer so as to find the correct next-hop (of a given FEC) to an LDP peer so as to find the correct
label entry for that FEC. The logic involves using the IP routing label entry for that FEC. The logic involves using the IP routing
next-hop address as an index into the (peer Address) database (which next-hop address as an index into the (peer Address) database (which
is populated by the Address message containing mapping between each is populated by the Address message containing mapping between each
peer's local addresses and its LDP Identifier) to determine the LDP peer's local addresses and its LDP Identifier) to determine the LDP
peer. peer.
However, this logic is insufficient to deal with duplicate IPv6 However, this logic is insufficient to deal with duplicate IPv6
skipping to change at page 15, line 33 skipping to change at page 17, line 19
Addressing Architecture [RFC4291]' allows a link-local IPv6 address Addressing Architecture [RFC4291]' allows a link-local IPv6 address
to be used on more than one links. to be used on more than one links.
Hence, this logic is extended by this specification to use not only Hence, this logic is extended by this specification to use not only
the IP routing next-hop address, but also the IP routing next-hop the IP routing next-hop address, but also the IP routing next-hop
interface to uniquely determine the LDP peer(s). The next-hop interface to uniquely determine the LDP peer(s). The next-hop
address-based LDP peer mapping is to be done through LDP peer address-based LDP peer mapping is to be done through LDP peer
address database (populated by Address messages received from the address database (populated by Address messages received from the
LDP peers), whereas next-hop interface-based LDP peer mapping is to LDP peers), whereas next-hop interface-based LDP peer mapping is to
be done through LDP hello adjacency/interface database (populated by be done through LDP hello adjacency/interface database (populated by
hello messages from the LDP peers). hello messages received from the LDP peers).
This extension solves the problem of two or more peers using the This extension solves the problem of two or more peers using the
same link-local IPv6 address (in other words, duplicate peer same link-local IPv6 address (in other words, duplicate peer
addresses) as the IP routing next-hops. addresses) as the IP routing next-hops.
Lastly, for better scale and optimization, an LSR may advertise only Lastly, for better scale and optimization, an LSR may advertise only
the link-local IPv6 addresses in the Address message, assuming that the link-local IPv6 addresses in the Address message, assuming that
the peer uses only the link-local IPv6 addresses as static and/or the peer uses only the link-local IPv6 addresses as static and/or
dynamic IP routing next-hops. dynamic IP routing next-hops.
10. LDP TTL Security 9. LDP TTL Security
This document recommends enabling Generalized TTL Security Mechanism This document recommends enabling Generalized TTL Security Mechanism
(GTSM) for LDP, as specified in [RFC6720], for the LDP/TCP transport (GTSM) for LDP, as specified in [RFC6720], for the LDP/TCP transport
connection over IPv6 (i.e. LDPoIPv6). The GTSM inclusion is intended connection over IPv6 (i.e. LDPoIPv6). The GTSM inclusion is intended
to automatically protect IPv6 LDP peering session from off-link to automatically protect IPv6 LDP peering session from off-link
attacks. attacks.
[RFC6720] allows for the implementation to statically [RFC6720] allows for the implementation to statically
(configuration) and/or dynamically override the default behavior (configuration) and/or dynamically override the default behavior
(enable/disable GTSM) on a per-peer basis. Suffice to say that such (enable/disable GTSM) on a per-peer basis. Suffice to say that such
an option could be set on either LSR (since GTSM negotiation would an option could be set on either LSR (since GTSM negotiation would
ultimately disable GTSM between LSR and its peer(s)). ultimately disable GTSM between LSR and its peer(s)).
LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255, LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
and be checked for the same upon receipt before any further and be checked for the same upon receipt before any further
processing, as per section 3 of [RFC5082]. processing, as per section 3 of [RFC5082].
11. IANA Considerations 10. IANA Considerations
This document defines a new optional parameter for the LDP Hello This document defines a new optional parameter for the LDP Hello
Message. The type code needs to be assigned by IANA. Message and two new status codes for the LDP Notification Message.
12. Security Considerations The 'Dual-Stack capability' parameter requires a code point from the
TLV Type Name Space. [RFC5036] partitions the TLV Type Name Space
into 3 regions: IETF Consensus region, First Come First Served
region, and Private Use region. The authors recommend that a code
point from the IETF Consensus range be assigned to the 'Dual-Stack
capability' TLV.
The 'Transport Connection Mismatch' status code requires a code
point from the Status Code Name Space. [RFC5036] partitions the
Status Code Name Space into 3 regions: IETF Consensus region, First
Come First Served region, and Private Use region. The authors
recommend that a code point from the IETF Consensus range be
assigned to the 'Transport Connection Mismatch ' status code.
The 'Dual-Stack Non-Compliance' status code requires a code point
from the Status Code Name Space. [RFC5036] partitions the Status
Code Name Space into 3 regions: IETF Consensus region, First Come
First Served region, and Private Use region. The authors recommend
that a code point from the IETF Consensus range be assigned to the
'Dual-Stack Non-Compliance' status code.
11. Security Considerations
The extensions defined in this document only clarify the behavior of The extensions defined in this document only clarify the behavior of
LDP, they do not define any new protocol procedures. Hence, this LDP, they do not define any new protocol procedures. Hence, this
document does not add any new security issues to LDP. document does not add any new security issues to LDP.
While the security issues relevant for the [RFC5036] are relevant While the security issues relevant for the [RFC5036] are relevant
for this document as well, this document reduces the chances of off- for this document as well, this document reduces the chances of off-
link attacks when using IPv6 transport connection by including the link attacks when using IPv6 transport connection by including the
use of GTSM procedures [RFC5082]. Please see section 9 for LDP TTL use of GTSM procedures [RFC5082]. Please see section 9 for LDP TTL
Security details. Security details.
Moreover, this document allows the use of IPsec [RFC4301] for IPv6 Moreover, this document allows the use of IPsec [RFC4301] for IPv6
protection, hence, LDP can benefit from the additional security as protection, hence, LDP can benefit from the additional security as
specified in [RFC4835] as well as [RFC5920]. specified in [RFC7321] as well as [RFC5920].
13. Acknowledgments 12. Acknowledgments
We acknowledge the authors of [RFC5036], since some text in this We acknowledge the authors of [RFC5036], since some text in this
document is borrowed from [RFC5036]. document is borrowed from [RFC5036].
Thanks to Bob Thomas for providing critical feedback to improve this Thanks to Bob Thomas for providing critical feedback to improve this
document early on. document early on.
Many thanks to Eric Rosen, Lizhong Jin, Bin Mo, Mach Chen, Shane Many thanks to Eric Rosen, Lizhong Jin, Bin Mo, Mach Chen, Shane
Amante, Pranjal Dutta, Mustapha Aissaoui, Matthew Bocci, Mark Tinka, Amante, Pranjal Dutta, Mustapha Aissaoui, Matthew Bocci, Mark Tinka,
Tom Petch, Kishore Tiruveedhula, Manoj Dutta, Vividh Siddha, Qin Wu, Tom Petch, Kishore Tiruveedhula, Manoj Dutta, Vividh Siddha, Qin Wu,
Simon Perreault, Brian E Carpenter, and Loa Andersson for thoroughly Simon Perreault, Brian E Carpenter, Santosh Esale, Danial Johari and
reviewing this document, and providing insightful comments and Loa Andersson for thoroughly reviewing this document, and providing
multiple improvements. insightful comments and multiple improvements.
This document was prepared using 2-Word-v2.0.template.dot. This document was prepared using 2-Word-v2.0.template.dot.
14. Additional Contributors 13. Additional Contributors
The following individuals contributed to this document: The following individuals contributed to this document:
Kamran Raza Kamran Raza
Cisco Systems, Inc. Cisco Systems, Inc.
2000 Innovation Drive 2000 Innovation Drive
Kanata, ON K2K-3E8, Canada Kanata, ON K2K-3E8, Canada
Email: skraza@cisco.com Email: skraza@cisco.com
Nagendra Kumar Nagendra Kumar
skipping to change at page 18, line 5 skipping to change at page 20, line 5
SEZ Unit, Cessna Business Park, SEZ Unit, Cessna Business Park,
Bangalore, KT, India Bangalore, KT, India
Email: naikumar@cisco.com Email: naikumar@cisco.com
Andre Pelletier Andre Pelletier
Cisco Systems, Inc. Cisco Systems, Inc.
2000 Innovation Drive 2000 Innovation Drive
Kanata, ON K2K-3E8, Canada Kanata, ON K2K-3E8, Canada
Email: apelleti@cisco.com Email: apelleti@cisco.com
15. References 14. References
15.1. Normative References 14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 4291, February 2006. (IPv6) Addressing Architecture", RFC 4291, February 2006.
[RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP [RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP
Specification", RFC 5036, October 2007. Specification", RFC 5036, October 2007.
[RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and [RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and
Savola, P., "The Generalized TTL Security Mechanism Savola, P., "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007. (GTSM)", RFC 5082, October 2007.
[RFC5918] Asati, R., Minei, I., and Thomas, B., "Label Distribution [RFC5918] Asati, R., Minei, I., and Thomas, B., "Label Distribution
Protocol (LDP) 'Typed Wildcard Forward Equivalence Class Protocol (LDP) 'Typed Wildcard Forward Equivalence Class
(FEC)", RFC 5918, October 2010. (FEC)", RFC 5918, October 2010.
15.2. Informative References 14.2. Informative References
[RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet [RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
[RFC4835] Manral, V., "Cryptographic Algorithm Implementation [RFC7321] Manral, V., "Cryptographic Algorithm Implementation
Requirements for Encapsulating Security Payload (ESP) and Requirements for Encapsulating Security Payload (ESP) and
Authentication Header (AH)", RFC 4835, April 2007. Authentication Header (AH)", RFC 7321, April 2007.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010. Networks", RFC 5920, July 2010.
[RFC4798] De Clercq, et al., "Connecting IPv6 Islands over IPv4 MPLS [RFC4798] De Clercq, et al., "Connecting IPv6 Islands over IPv4 MPLS
Using IPv6 Provider Edge Routers (6PE)", RFC 4798, Using IPv6 Provider Edge Routers (6PE)", RFC 4798,
February 2007. February 2007.
[IPPWCap] Raza, K., "LDP IP and PW Capability", draft-ietf-mpls-ldp- [IPPWCap] Raza, K., "LDP IP and PW Capability", draft-ietf-mpls-ldp-
ip-pw-capability, June 2011. ip-pw-capability, June 2011.
skipping to change at page 20, line 9 skipping to change at page 22, line 9
(LDP)", RFC 6720, August 2012. (LDP)", RFC 6720, August 2012.
[RFC4038] M-K. Shin, Y-G. Hong, J. Hagino, P. Savola, and E. M. [RFC4038] M-K. Shin, Y-G. Hong, J. Hagino, P. Savola, and E. M.
Castro, "Application Aspects of IPv6 Transition", RFC Castro, "Application Aspects of IPv6 Transition", RFC
4038, March 2005. 4038, March 2005.
Appendix A. Appendix A.
A.1. LDPv6 and LDPv4 Interoperability Safety Net A.1. LDPv6 and LDPv4 Interoperability Safety Net
It is naive to assume that RFC5036 compliant implementations have It is not safe to assume that RFC5036 compliant implementations have
supported IPv6 address family (IPv6 FEC processing, in particular) supported handling IPv6 address family (IPv6 FEC label) in Label
in label advertisement all along. And if that assumption turned out Mapping message all along.
to be not true, then section 3.4.1.1 of RFC5036 would cause LSRs to
abort processing the entire label mapping message and generate an If a router upgraded with this specification advertised both IPv4
error. and IPv6 FECs in the same label mapping message, then an IPv4-only
peer (not knowing how to process such a message) may abort
processing the entire label mapping message (thereby discarding even
the IPv4 label FECs), as per the section 3.4.1.1 of RFC5036.
This would result in LDPv6 to be somewhat undeployable in existing
production networks.
The change proposed in section 8 of this document provides a good
safety net and makes LDPv6 incrementally deployable without making
any such assumption on the routers' support for IPv6 FEC processing
in current production networks.
A.2. Accommodating Non-RFC5036-compliant implementations
It is not safe to assume that implementations have been RFC5036
compliant in gracefully handling IPv6 address family (IPv6 Address
List TLV) in Address message all along.
If a router upgraded with this specification advertised IPv6
addresses (with or without IPv4 addresses) in Address message, then
an IPv4-only peer (not knowing how to process such a message) may
not follow section 3.5.5.1 of RFC5036, and tear down the LDP
session.
This would result in LDPv6 to be somewhat undeployable in existing This would result in LDPv6 to be somewhat undeployable in existing
production networks. production networks.
The change proposed in section 7 of this document provides a good The change proposed in section 7 of this document provides a good
safety net and makes LDPv6 incrementally deployable without making safety net and makes LDPv6 incrementally deployable without making
any such assumption on the routers' support for IPv6 FEC processing any such assumption on the routers' support for IPv6 FEC processing
in current production networks. in current production networks.
A.2. Why 32-bit value even for IPv6 LDP Router ID A.3. Why prohibit IPv4-mapped IPv6 addresses in LDP
Per discussion with 6MAN and V6OPS working groups, the overwhelming
consensus was to not promote IPv4-mapped IPv6 addresses appear in
the routing table, as well as in LDP (address and label) databases.
Also, [RFC4038] section 4.2 suggests that IPv4-mapped IPv6 addressed
packets should never appear on the wire.
A.4. Why 32-bit value even for IPv6 LDP Router ID
The first four octets of the LDP identifier, the 32-bit LSR Id (e.g. The first four octets of the LDP identifier, the 32-bit LSR Id (e.g.
(i.e. LDP Router Id), identify the LSR and is a globally unique (i.e. LDP Router Id), identify the LSR and is a globally unique
value within the MPLS network. This is regardless of the address value within the MPLS network. This is regardless of the address
family used for the LDP session. family used for the LDP session.
Please note that 32-bit LSR Id value would not map to any IPv4- Please note that 32-bit LSR Id value would not map to any IPv4-
address in an IPv6 only LSR (i.e., single stack), nor would there be address in an IPv6 only LSR (i.e., single stack), nor would there be
an expectation of it being IP routable, nor DNS-resolvable. In IPv4 an expectation of it being IP routable, nor DNS-resolvable. In IPv4
deployments, the LSR Id is typically derived from an IPv4 address, deployments, the LSR Id is typically derived from an IPv4 address,
generally assigned to a loopback interface. In IPv6 only generally assigned to a loopback interface. In IPv6 only
deployments, this 32-bit LSR Id must be derived by some other means deployments, this 32-bit LSR Id must be derived by some other means
that guarantees global uniqueness within the MPLS network, similar that guarantees global uniqueness within the MPLS network, similar
to that of BGP Identifier [RFC6286] and OSPF router ID [RFC5340]. to that of BGP Identifier [RFC6286] and OSPF router ID [RFC5340].
This document reserves 0.0.0.0 as the LSR Id, and prohibits its This document reserves 0.0.0.0 as the LSR Id, and prohibits its
usage with IPv6, in line with OSPF router Id in OSPF version 3 usage with IPv6, in line with OSPF router Id in OSPF version 3
[RFC5340]. [RFC5340].
A.3. Why prohibit IPv4-mapped IPv6 addresses in LDP
Per discussion with 6MAN and V6OPS working groups, the overwhelming
consensus was to not promote IPv4-mapped IPv6 addresses appear in
the routing table, as well as in LDP (address and label) databases.
Also, [RFC4038] section 4.2 suggests that IPv4-mapped IPv6 addressed
packets should never appear on the wire.
Author's Addresses Author's Addresses
Vishwas Manral Vishwas Manral
Hewlet-Packard, Inc. Hewlet-Packard, Inc.
19111 Pruneridge Ave., Cupertino, CA, 95014 19111 Pruneridge Ave., Cupertino, CA, 95014
Phone: 408-447-1497 Phone: 408-447-1497
Email: vishwas.manral@hp.com Email: vishwas.manral@hp.com
Rajiv Papneja Rajiv Papneja
Huawei Technologies Huawei Technologies
 End of changes. 96 change blocks. 
240 lines changed or deleted 370 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/