Internet Engineering Task Force | N. Akiya |
Internet-Draft | C. Pignataro |
Updates: 5880 (if approved) | D. Ward |
Intended status: Standards Track | Cisco Systems |
Expires: December 28, 2014 | M. Bhatia |
Ionos Networks | |
P. K. Santosh | |
Juniper Networks | |
June 26, 2014 |
Seamless Bidirectional Forwarding Detection (S-BFD)
draft-ietf-bfd-seamless-base-01
This document defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring.
This document updates RFC5880.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 28, 2014.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Bidirectional Forwarding Detection (BFD), [RFC5880] and related documents, has efficiently generalized the failure detection mechanism for multiple protocols and applications. There are some improvements which can be made to better fit existing technologies. There is a possibility of evolving BFD to better fit new technologies. This document focuses on several aspects of BFD in order to further improve efficiency, to expand failure detection coverage and to allow BFD usage for wider scenarios. This document extends BFD to provide solutions to use cases listed in [I-D.ietf-bfd-seamless-use-case].
One key aspect of the mechanism described in this document eliminates the time between a network node wanting to perform a connectivity test and completing the connectivity test. In traditional BFD terms, the initial state changes from DOWN to UP is virtually nonexistent. Removal of this seam (i.e. time delay) in BFD provides applications a smooth and continuous operational experience. Therefore, "Seamless BFD" (S-BFD) has been chosen as the name for this mechanism.
The reader is expected to be familiar with the BFD, IP and MPLS terminologies and protocol constructs. This section describes several new terminologies introduced by S-BFD.
Below figure describes the relationship between S-BFD terminologies.
+---------------------+ +---------------------+ | Initiator | | Responder | | +-----------------+ | | +-----------------+ | | | SBFDInitiator |--- S-BFD packet -->| SBFDReflector | | | | +-------------+ | | | | +-------------+ | | | | | BFD discrim | | | | | |S-BFD discrim| | | | | +-------------+ |<-- S-BFD packet ---| +----------^--+ | | | +-----------------+ | | +------------|----+ | | | | | | | | | +---v----+ | | | | | Entity | | | | | +--------+ | +---------------------+ +---------------------+ Figure 1: S-BFD Terminology Relationship
An S-BFD module on each network node allocates one or more S-BFD discriminators for local entities, and creates a reflector BFD session. Allocated S-BFD discriminators may be advertised by applications (ex: OSPF/IS-IS). Required result is that applications, on other network nodes, possess the knowledge of the mapping from remote entities to S-BFD discriminators. The reflector BFD session is to, upon receiving an S-BFD packet targeted to one of local S-BFD discriminator values, transmit a response S-BFD packet back to the initiator.
Once above setup is complete, any network nodes, having the knowledge of the mapping from a remote entity to an S-BFD discriminator, can quickly perform a connectivity test to the remote entity by simply sending S-BFD packets with corresponding S-BFD discriminator value in the "your discriminator" field.
For example: <------- IS-IS Network -------> +---------+ | | A---------B---------C---------D ^ ^ | | SystemID SystemID xxx yyy BFD Discrim BFD Discrim 123 456 Figure 2: S-BFD for IS-IS Network
S-BFD functions on a well-known UDP port: TBD1.
Locally allocated S-BFD discriminator values for entities may be arbitrary allocated or derived from values provided by applications. These values may be protocol IDs (ex: System-ID, Router-ID) or network targets (ex: IP address). To minimize the collision of discriminator values between BFD and S-BFD, it is RECOMMENDED that discriminator pool be separate for BFD and S-BFD. Even when employing the separate discriminator pool approach, collision is still possible between one S-BFD application to another S-BFD application, that may be using different values and algorithms to derive S-BFD discriminator values. If the two applications are using S-BFD for a same purpose (ex: network reachability), then the colliding S-BFD discriminator value can be shared. If the two applications are using S-BFD for a different purpose, then the collision must be addressed. How such collisions are addressed is outside the scope of this document.
One important characteristics of an S-BFD discriminator is that it MUST be unique within an administrative domain. If multiple network nodes allocated a same S-BFD discriminator value, then S-BFD packets falsely terminating on a wrong network node can result in a reflector BFD session to generate a response back, due to "your discriminator" matching. This is clearly not desirable. If only IP based S-BFD is considered, then it is possible for the reflector BFD session to require demultiplexing of incoming S-BFD packets with combination of destination IP address and "your discriminator". Then S-BFD discriminator only has to be unique within a local node. However, S-BFD is a generic mechanism defined to run on wide range of environments: IP, MPLS, etc. For other transports like MPLS, because of the need to use non-routable IP destination address, it is not possible for reflector BFD session to demultiplex using IP destination address. With PHP, there may not be any incoming label stack to aid in demultiplexing either. Thus, S-BFD imposes a requirement that S-BFD discriminators MUST be unique within an administrative domain.
Each network node creates one or more reflector BFD sessions. This reflector BFD session is a session which transmits S-BFD packets in response to received S-BFD packets with "your discriminator" having S-BFD discriminators allocated for local entities. Specifically, this reflector BFD session is to have following characteristics:
One reflector BFD session may be responsible for handling received S-BFD packets targeted to all locally allocated S-BFD discriminators, or few reflector BFD sessions may each be responsible for subset of locally allocated S-BFD discriminators. This policy is a local matter, and is outside the scope of this document.
Note that incoming S-BFD packets may be IPv4, IPv6 or MPLS based. How such S-BFD packets reach an appropriate reflector BFD session is also a local matter, and is outside the scope of this document.
S-BFD introduces new state variables, and modifies the usage of existing ones.
A new state variable is added to the base specification in support of S-BFD.
bfd.SessionType variable MUST be initialized to the appropriate type when an S-BFD session is created.
Some state variables defined in section 6.8.1 of the BFD base specification need to be initialized or manipulated differently depending on the session type. Ed-Note: Anything else?.
S-BFD packets transmitted by an SBFDInitiator MUST set "your discriminator" field to an S-BFD discriminator corresponding to the remote entity.
S-BFD packets transmitted by an SBFDInitiator MUST NOT set "my discriminator" field to an S-BFD discriminator allocated for a local entity (and is being monitored by a local SBFDReflector). This is to prevent incoming response S-BFD packets, from a remote SBFDReflector, having "your discriminator" as a S-BFD discriminator of a local entity. Every SBFDInitiator is to have a unique "my discriminator", and SHOULD be allocated from the BFD discriminator pool if the implementation employs the approach of having separate discriminator pools for BFD and S-BFD.
Below ASCII art describes high level concept of connectivity test using S-BFD. R2 allocates XX as the S-BFD discriminator for its network reachability purpose, and advertises XX to neighbors. ASCII art shows R1 and R4 performing a connectivity test to R2.
+--- md=50/yd=XX (ping) ----+ | | |+-- md=XX/yd=50 (pong) --+ | || | | |v | v R1 ==================== R2[*] ========= R3 ========= R4 | ^ |^ | | || | +-- md=60/yd=XX (ping) --+| | | +---- md=XX/yd=60 (pong) ---+ [*] Reflector BFD session on R2. === Links connecting network nodes. --- S-BFD packet traversal. Figure 3: S-BFD Connectivity Test
An SBFDInitiator may be a persistent session on the initiator with a timer for S-BFD packet transmissions. An SBFDInitiator may also be a module, a script or a tool on the initiator that transmits one or more S-BFD packets "when needed". For transient SBFDInitiators, the BFD state machine described in [RFC5880] may not be applicable. For persistent SBFDInitiators, the states and the state machine described in [RFC5880] will function but are more than necessary. The following diagram provides an optimized state machine for persistent SBFDInitiators. The notation on each arc represents the state of the SBFDInitiator (as received in the State field in the S-BFD packet) or indicates the expiration of the Detection Timer.
+--+ ADMIN DOWN, | | TIMER | V +------+ UP +------+ | |-------------------->| |----+ | DOWN | | UP | | UP | |<--------------------| |<---+ +------+ ADMIN DOWN, +------+ TIMER Figure 4: SBFDInitiator FSM
S-BFD packets sent by an SBFDInitiator is to have following contents:
A network node which receives S-BFD packets transmitted by an initiator is referred as responder. The responder, upon reception of S-BFD packets, is to perform necessary relevant validations described in [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885].
A BFD control packet received by a resonder is considered an S-BFD packet if the packet is on the well-known S-BFD port. When a responder receives an S-BFD packet, if the value in the "your discriminator" field is not one of S-BFD discriminators allocated for local entities, then this packet MUST NOT be considered for this mechanism. If the value in the "your discriminator" field is one of S-BFD discriminators allocated for local entities, then the packet is determined to be handled by a reflector BFD session responsible for the S-BFD discriminator. If the packet was determined to be processed further for this mechanism, then chosen reflector BFD session is to transmit a response BFD control packet using procedures described in Section 8.2.2, unless prohibited by local policies (ex: administrative, security, rate-limiter, etc).
S-BFD packets sent by an SBFDReflector is to have following contents:
Diagnostic value in both directions MAY be set to a certain value, to attempt to communicate further information to both ends. However, details of such are outside the scope of this specification.
Poll sequence MAY be used in both directions. The Poll sequence MUST operate in accordance with [RFC5880]. An SBFDReflector MAY use the Poll sequence to slow down that rate at which S-BFD packets are generated from an SBFDInitiator. This is done by the SBFDReflector using procedures described in Section 8.7 and setting the Poll (P) bit in the reflected S-BFD packet. The SBFDInitiator is to then send the next S-BFD packet with the Final (F) bit set. If an SBFDReflector receives an S-BFD packet with Poll (P) bit set, then the SBFDReflector MUST respond with an S-BFD packet with Poll (P) bit cleared and Final (F) bit set.
Control plane independent (C) bit for an SBFDInitiator sending S-BFD packets to a reflector BFD session MUST work according to [RFC5880]. Reflector BFD session also MUST work according to [RFC5880]. Specifically, if reflector BFD session implementation does not share fate with control plane, then response S-BFD packets transmitted MUST have control plane independent (C) bit set. If reflector BFD session implementation shares fate with control plane, then response S-BFD packets transmitted MUST NOT have control plane independent (C) bit set.
This mechanism brings forth one noticeable difference in terms of scaling aspect: number of SBFDReflector. This specification eliminates the need for egress nodes to have fully active BFD sessions when only one side desires to perform connectivity tests. With introduction of reflector BFD concept, egress no longer is required to create any active BFD session per path/LSP/function basis. Due to this, total number of BFD sessions in a network is reduced.
This mechanism has no issues being deployed with traditional BFDs ([RFC5881], [RFC5883], [RFC5884] and [RFC5885]) because S-BFD discriminators which allow this mechanism to function are explicitly reserved and separate UDP port values are used with S-BFD.
BFD echo is outside the scope of this document.
Same security considerations as [RFC5880], [RFC5881], [RFC5883], [RFC5884] and [RFC5885] apply to this document.
Additionally, implementing the following measures will strengthen security aspects of the mechanism described by this document.
Using the above method,
A new value TBD1 is requested from the "Service Name and Transport Protocol Port Number Registry". The requested registry entry is:
Service Name (REQUIRED) s-bfd Transport Protocol(s) (REQUIRED) udp Assignee (REQUIRED) IESG <iesg@ietf.org> Contact (REQUIRED) BFD Chairs <bfd-chairs@tools.ietf.org> Description (REQUIRED) Seamless Bidirectional Forwarding Detection (S-BFD) Reference (REQUIRED) draft-ietf-bfd-seamless-base Port Number (OPTIONAL) TBD1 (Requesting 7784)
Authors would like to thank Jeffrey Haas for performing thorough reviews and providing number of suggestions. Authors would like to thank Girija Raghavendra Rao, Marc Binderberger, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from Cisco Systems for providing valuable comments. Authors would also like to thank John E. Drake for providing comments and suggestions.
Tarek Saad
Cisco Systems
Email: tsaad@cisco.com
Siva Sivabalan
Cisco Systems
Email: msiva@cisco.com
Nagendra Kumar
Cisco Systems
Email: naikumar@cisco.com
Mallik Mudigonda
Cisco Systems
Email: mmudigon@cisco.com
Sam Aldrin
Huawei Technologies
Email: aldrin.ietf@gmail.com
[I-D.ietf-bfd-seamless-use-case] | Aldrin, S., Bhatia, M., Mirsky, G., Kumar, N. and S. Matsushima, "Seamless Bidirectional Forwarding Detection (BFD) Use Case", Internet-Draft draft-ietf-bfd-seamless-use-case-00, June 2014. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC5880] | Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, June 2010. |
[RFC5881] | Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 2010. |
[RFC5883] | Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for Multihop Paths", RFC 5883, June 2010. |
[RFC5884] | Aggarwal, R., Kompella, K., Nadeau, T. and G. Swallow, "Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)", RFC 5884, June 2010. |
[I-D.ietf-bfd-generic-crypto-auth] | Bhatia, M., Manral, V., Zhang, D. and M. Jethanandani, "BFD Generic Cryptographic Authentication", Internet-Draft draft-ietf-bfd-generic-crypto-auth-06, April 2014. |
[RFC2827] | Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000. |
[RFC5885] | Nadeau, T. and C. Pignataro, "Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)", RFC 5885, June 2010. |
Consider a scenario where we have two nodes and both are S-BFD capable.
Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2) | | Man in the Middle (MiM)
Assume node A reserved a discriminator 0x01010101 for target identifier 192.0.2.1 and has a reflector session in listening mode. Similarly node B reserved a discriminator 0x02020202 for its target identifier 192.0.2.2 and also has a reflector session in listening mode.
Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When this packet reaches Node B, the reflector session on Node B will swap the discriminators and IP addresses of the received packet and reflect it back, since YourDisc of the received packet matched with reserved discriminator of Node B. The reflected packet that reached Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet back to Node B. Since reflectors MUST set the TTL of the reflected packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM.
FYI: Packet fields do not carry any direction information, i.e., if this is Ping packet or reply packet.
Solutions
The current proposals to avoid the loop problem are: