Network Working Group | M. Boucadair |
Internet-Draft | C. Jacquenet |
Intended status: Experimental | France Telecom |
Expires: March 20, 2016 | September 17, 2015 |
Improving ITR Resiliency in LISP Networks
draft-boucadair-lisp-itr-failure-00
This document defines an extension to the Locator/ID Separation Protocol (LISP) to minimize LISP service disruption during ITR failure events.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 20, 2016.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Locator/ID Separation Protocol (LISP, [RFC6830] ) operation relies upon a mapping mechanism that is used by Ingress/Egress Tunnel Routers (xTR) to forward traffic over the LISP network.
A reboot of an ITR may dramatically affect the LISP-based forwarding service for hosts connected to the LISP network. Because of the purge of the mapping cache maintained by the rebooting ITR, the absence of a matching entry for packets to be forwarded over the LISP network will simply cause the dropping of such packets, even though other ITRs of the LISP domain may be "ready-to-serve".
An ITR that loses its local mapping table for some reason is very likely to drop incoming packets whose forwarding decision relies upon the entries of the local mapping table. This type of ITR failure may rarely occur, but when it does, it is likely to provoke severe service degradation.
This document proposes a solution to enhance the robustness of LISP networks during such ITR failure events (even if they are marginal). This document assumes that several (inter-domain) ITRs are available within the LISP network. The proposed solution allows for an automatic discovery of the available ITRs of a given LISP domain.
The proposed approach exclusively focuses on engineering tweaks that can be implemented within a LISP-enabled network without soliciting the help of the LISP Mapping System. A companion document will specify a procedure that is meant to rapidly populate a local mapping cache upon restart or whenever failures affect ITR operation.
The overall procedure is as follows:
+--------+ +--------+ +--------+ +--------+ | ITR1 | | ITR2 | | ITR3 | | ETR | +--------+ +--------+ +--------+ +--------+ | | | | |Map-Solicit-Request | | | | to @MCAST | | | |--------> | | | | Map-Solicit-Response| | | |<--------------------------| | | | Map-Solicit-Response| | |<-------------------------------------| | src=s_EID| | | -------->|src=RLOC_itr1 dst=RLOC_itr2| | dst=d_EID|===Encapsulated Packet====>|src=RLOC_itr2 dst=RLOC_etr|src=s_EID | Unsolicited Map-Reply |===Encapsulated Packet===>|--------> |<--------------------------| |dst=d_EID | | src=s_EID| | -------->|src=RLOC_itr1 dst=RLOC_etr|src=s_EID dst=d_EID|===================Encapsulated Packet===============>|--------> | |dst=d_EID .... src=s_EID| | -------->|src=RLOC_itr1 dst=RLOC_etr |src=s_EID dst=d_EID|===================Encapsulated Packet===============>|--------> | |dst=d_EID
Figure 1: Flow Example
The format of the Map-Solict-Request message is shown in Figure 2.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | tbd |S|D| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ID | Authentication Data Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Authentication Data ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IP Address (128 bits) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port Number | Protocol | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Map-Solicit-Request Message Format
An ITR that issues this message MUST use one of its unicast IP addresses as the source address. The destination IP address MUST be set to the @MCAST multicast address introduced in Section 2. An ITR that loses its cache MUST issue this message with a D-bit set to 0.
All ITRs of a LISP domain MUST subscribe to the multicast group defined by the aforementioned @MCAST multicast address. Upon receipt of the Map-Solicit-Request message by an ITR within the domain, it replies (unicast) with a Map-Solicit-Response. It is the responsibility of the first ITR to initiate a state synchronisation with that peer if the D-bit and S-bit are unset and if it supports the synchronisation protocol indicated in the Map-Solicit-Response.
ITRs of a LISP domain MUST send Map-Solict-Response in a regular interval (that is configured by an administrator) or upon major change in the ITR stats (e.g., loss of the mapping cache, change of the IP address). This message MUST use one of the ITR unicast IP addresses as the source address while the destination IP address MUST be set to the @MCAST.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | tbd |S|D| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ID | Authentication Data Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Authentication Data ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | IP Address (128 bits) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Port Number |Protocol |ITR List Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Peer ITR Unicast Address | | (128 bits) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Peer ITR Unicast Address | | (128 bits) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Map-Solicit-Response Message Format
The format of the Map-Solict-Response message is shown in Figure 3.
A Map-Solicit-Response can be generated by an ITR to advertise its availability to the other ITRs of the LISP domain, as per normal LISP operation.
When an ITR receives a LISP-encapsulated packet from an ITR that is present in its list of peer ITRs, it may generate an unsolicited Map-Reply that conveys the mapping entry that was used to process the encapsulated packet.
Upon failure or reboot that lead to lose the contents of its mapping cache, an ITR uses the list of peers ITRs it discovered by means of the Map-Solicit-Request message sent to @MCAST to redirect packets that do not match any entry of its local cache (which is likely to be empty).
In order to minimize the risk of overloading some ITRs, a mechanism to distribute the load among all the peer ITRs or part of them is deemed useful. Of course, other traffic load distribution policies may be enforced. The exact set of policies to be enforced are implementation- and deployment-specific.
This document does not introduce any additional security issues other than those discussed in [RFC6830].
To be completed.
This work is partly funded by ANR LISP-Lab project #ANR-13-INFR-009-X.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC4291] | Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006. |
[RFC6830] | Farinacci, D., Fuller, V., Meyer, D. and D. Lewis, "The Locator/ID Separation Protocol (LISP)", RFC 6830, DOI 10.17487/RFC6830, January 2013. |
[RFC6833] | Fuller, V. and D. Farinacci, "Locator/ID Separation Protocol (LISP) Map-Server Interface", RFC 6833, DOI 10.17487/RFC6833, January 2013. |
[I-D.boucadair-lisp-bulk] | Boucadair, M. and C. Jacquenet, "LISP Mapping Bulk Retrieval", Internet-Draft draft-boucadair-lisp-bulk-00, September 2015. |