Internet DRAFT - draft-kouvelas-lisp-rloc-membership
draft-kouvelas-lisp-rloc-membership
Network Working Group J. Leong
Internet-Draft D. Lewis
Intended status: Experimental G. Schudel
Expires: March 13, 2020 A. Smirnov
Cisco Systems
C. Cassar
Tesla
I. Kouvelas
Arista Networks Inc.
September 10, 2019
LISP RLOC Membership Distribution
draft-kouvelas-lisp-rloc-membership-02
Abstract
The Locator/ID Separation Protocol (LISP) operation is based on EID
to RLOC mappings that are exchanged through a mapping system. The
mapping system can use the RLOCs included in mapping registrations to
construct the complete set of RLOC addresses across all xTRs that are
members of the LISP deployment. This set can then be made available
by the mapping system to all the member xTRs. An xTR can use the
RLOC set to optimise protocol operation as well as to implement new
functionality. This document describes the use of the LISP reliable
transport session between an xTR and a Map-Server to communicate the
contents of the RLOC membership set.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 13, 2020.
Leong, et al. Expires March 13, 2020 [Page 1]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 4
3. Membership Distribution Overview . . . . . . . . . . . . . . 4
4. Membership Message Format . . . . . . . . . . . . . . . . . . 4
4.1. Membership Subscribe . . . . . . . . . . . . . . . . . . 5
4.2. Membership Subscribe ACK . . . . . . . . . . . . . . . . 6
4.3. Membership Subscribe NACK . . . . . . . . . . . . . . . . 7
4.4. Membership Unsubscribe . . . . . . . . . . . . . . . . . 8
4.5. Membership Element Add . . . . . . . . . . . . . . . . . 9
4.6. Membership Element Delete . . . . . . . . . . . . . . . . 10
4.7. Membership Refresh Request . . . . . . . . . . . . . . . 10
4.8. Membership Refresh Begin . . . . . . . . . . . . . . . . 11
4.9. Membership Refresh End . . . . . . . . . . . . . . . . . 12
5. Membership Distribution Message Exchange . . . . . . . . . . 12
6. Implementation Status . . . . . . . . . . . . . . . . . . . . 14
7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
10.1. Normative References . . . . . . . . . . . . . . . . . . 15
10.2. Informative References . . . . . . . . . . . . . . . . . 15
10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction
The Locator/ID Separation Protocol (LISP) registration process
between an xTR and a Map-Server is defined in
[I-D.ietf-lisp-rfc6833bis]. In each registration message the xTR
communicates mapping records providing the list of routing locators
(RLOCs) that can be used to reach the endpoint identifier (EID) space
Leong, et al. Expires March 13, 2020 [Page 2]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
behind the xTR. By gleaning the RLOCs from all such registrations,
the map-server constructs the set of RLOCs across all the received
registrations. This set represents all the RLOCs used to encapsulate
traffic and is the complete RLOC membership of the LISP network
(limitations described below).
The gleaned RLOC membership set is communicated to the member xTRs
where it can be used to implement new functionality as well as to
optimise protocol operation. As one example in deployments where the
RLOC network provides guarantees against RLOC source address spoofing
the membership can be used as a decapsulation filter to prevent
injection of traffic by non-members. As a second example, a possible
optimisation to existing functionality can use changes to the RLOC
membership set to validate the xTR map-cache contents and trigger
updates for out-of-date mappings.
Distribution of the RLOC membership set is practical in VPN use cases
[I-D.lewis-lisp-vpns] where the number of member xTRs and their RLOCs
is bounded thus limiting both the number of membership elements that
must be distributed as well as the number of members that the set
must be distributed to. In a VPN use case the membership set is
specific to each VPN identified through the LISP Instance ID (IID).
It is reasonable to expect that all member xTRs for a specific VPN
can register against a pair of redundant Map-Servers. The complete
membership set will therefore be available on those Map-Servers.
Alternatively, registration can be across a small set of Map-Servers
that synchronise the RLOC membership set between them (outside the
scope of this document). In the general case the RLOC membership
knowledge is split across a distributed mapping system
[I-D.ietf-lisp-ddt] and its collection and distribution would hit
scale limits.
Membership gleaning at the Map-Server assumes symmetric ITR and ETR
deployments. All encapsulating ITRs also have to be configured as
ETRs registering against the Map-Servers. This is a common way of
deploying LISP xTRs. To allow members that do not own EID space
(such as exclusive ITRs and proxy routers) to be included in the
membership set the registration mechanism must be extended.
Note that automatic membership gleaning at the Map-Server through
registrations is just one mechanism that can be used to discover the
RLOC set to be distributed. This document focuses on the membership
set distribution mechanism.
The LISP extension in [I-D.kouvelas-lisp-reliable-transport]
introduces a reliable transport session between the xTR and the MS.
The membership set communication described in this document is based
on message exchange over the reliable transport.
Leong, et al. Expires March 13, 2020 [Page 3]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
2. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Membership Distribution Overview
The RLOC membership set distribution from the Map-Server to the xTR
is initiated on demand by the xTR. Unless the xTR specifically
subscribes to receive the RLOC membership set no action is taken by
the Map-Server. The granularity at which a Map-Server gleans
membership, and that an xTR can request its distribution, is per EID
address family and instance ID. This matches the VPN EID space
segmentation model allowing separate communication of the membership
of different VPNs. It also allows for each EID address family to
have a different xTR membership.
The Map-Server SHOULD only allow the distribution of the RLOC
membership set for an EID instance and address family to xTRs that
are valid members of the set being distributed. An xTR that has a
reliable transport session established with the Map-Server and is
registering EID prefixes with the Map-Server but not for the specific
instance ID and EID address family, SHOULD NOT be sent the RLOC
membership set.
The set of member RLOCs for an EID address family and instance ID is
dynamic and changes as new registrations are received by the Map-
Server and as registration state times out. When membership
distribution is initiated by the xTR, the complete RLOC set contents
is communicated. In parallel updates to the membership set begin
being communicated. The membership set updates continue for the
duration of the reliable transport session or until the xTR
unsubscribes from the membership distribution.
4. Membership Message Format
The membership distribution exchange between the xTR and Map-Server
over the reliable transport session relies on a number of new
messages defined below. The use of these messages is described in
the following sections. The table below lists the messages. All
messages carry the EID address family and instance ID for the
membership distribution. Some messages additionally carry extra
fields that are listed in the table. The new messages are:
Leong, et al. Expires March 13, 2020 [Page 4]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
+------+-----------------+-----------+---------------------+
| Type | Message | Direction | Additional fields |
+------+-----------------+-----------+---------------------+
| 22 | Subscribe | xTR -> MS | |
| | | | |
| 23 | Subscribe ACK | MS -> xTR | Subscribe ID |
| | | | |
| 24 | Subscribe NACK | MS -> xTR | Subscribe ID, Error |
| | | | |
| 25 | Unsubscribe | xTR -> MS | |
| | | | |
| 26 | Element Add | MS -> xTR | Site-ID, RLOC |
| | | | |
| 27 | Element Delete | MS -> xTR | Site-ID, RLOC |
| | | | |
| 28 | Refresh Request | xTR -> MS | |
| | | | |
| 29 | Refresh Begin | MS -> xTR | Request ID |
| | | | |
| 30 | Refresh End | MS -> xTR | Request ID |
+------+-----------------+-----------+---------------------+
Table 1: Reliable transport membership distribution TLVs
The rest of this section provides the format of each of the messages
in the table. For a description of the Type, Length, Message ID and
Message End Marker fields refer to
[I-D.kouvelas-lisp-reliable-transport].
4.1. Membership Subscribe
The Membership subscribe message is sent by the xTR to the Map-Server
to initiate RLOC membership set distribution for a specific EID AFI
and instance ID.
Leong, et al. Expires March 13, 2020 [Page 5]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 22 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership subscribe message format
o EID-AFI: EID address family for which the membership is being
requested.
o EID IID: The EID instance ID identifying the VPN for which the
membership is being requested [I-D.lewis-lisp-vpns]. Although the
IID is only 24 bits in size in the data encapsulation, it is being
defined as a 32 bit field for consistency with the LCAF Instance
ID header [I-D.ietf-lisp-lcaf].
4.2. Membership Subscribe ACK
The Membership-Subscribe-ACK message is sent by the Map-Server to the
xTR to acknowledge acceptance of a Membership-Request. This message
indicates that the Map-Server will be providing the requested
membership to the xTR.
Leong, et al. Expires March 13, 2020 [Page 6]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 23 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Subscribe message ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Subscribe-ACK message format
o Subscribe message ID: The message ID carried over from the
membership subscribe message.
4.3. Membership Subscribe NACK
The Membership-Subscribe-NACK message is sent by the Map-Server to
the xTR to reject a membership request. This message indicates that
the Map-Server will not be providing the requested membership to the
xTR. The membership subscribe NACK message can be sent at any point
following the receipt of a Membership-Subscribe message. The Map-
Server may initially acknowledge a subscription with a Membership
Subscribe ACK and later when conditions change cancel the
subscription by issuing a membership subscribe NACK message.
Leong, et al. Expires March 13, 2020 [Page 7]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 24 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Subscribe message ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Error code | ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Message End Marker |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership subscribe NACK message format
o Subscribe message ID: The message ID carried over from the
membership subscribe message.
o Error code: The error code provides a reason for which the
registration was rejected by the Map-Server. Defined values are:
1 - Not found: The EID instance and address family do not match
the Map-Server configuration.
2 - Not enabled: The Map-Server is not configured to allow
membership distribution for the requested EID instance and
address family.
3 - Not authorized: The xTR that sent the request does not have a
valid registration under the EID instance and address family.
4.4. Membership Unsubscribe
The Membership-Unsubscribe message is sent by the xTR to the Map-
Server to terminate RLOC membership set distribution for a specific
EID AFI and instance ID.
Leong, et al. Expires March 13, 2020 [Page 8]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 25 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Unsubscribe message format
4.5. Membership Element Add
The Membership-Element-Add message is sent by the Map-Server to the
xTR to communicate a single RLOC that is a member of the set for the
specified EID instance and address family.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 26 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Site ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Site ID continued ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | RLOC address AFI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RLOC address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message End Marker |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Element-Add message format
o Site ID: The 64 bit site ID value from the mapping registration
that contributed this RLOC to the membership list. The site ID
can be used by the receiving xTR to derive information about the
grouping of member RLOCs to remote sites.
Leong, et al. Expires March 13, 2020 [Page 9]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
o RLOC address AFI: Address family identifier for the RLOC address
in the following field.
o RLOC address: The actual RLOC membership set element address being
communicated. Note that the length of this field depends on the
RLOC address AFI in the preceding field.
4.6. Membership Element Delete
The Membership-Element-Delete message is sent by the Map-Server to
the xTR to communicate a single RLOC that is no longer a member of
the set for the specified EID instance and address family.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 27 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Site ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Site ID continued ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | RLOC address AFI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RLOC address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message End Marker |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Element-Delete message format
4.7. Membership Refresh Request
The Membership-Refresh-Request message is sent by the xTR to the Map-
Server to request that the Map-Server send the complete RLOC
membership set contents for the specified instance ID and AFI.
Leong, et al. Expires March 13, 2020 [Page 10]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 28 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Refresh-Request message format
4.8. Membership Refresh Begin
The Membership-Refresh-Begin message is sent by the Map-Server to the
xTR to acknowledge an earlier Membership-Refresh-Request message and
to indicate that the following membership updates are part of the
refresh.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 29 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Request message ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Refresh-Begin message format
o Request message ID: The message ID carried over from the
membership request message.
Leong, et al. Expires March 13, 2020 [Page 11]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
4.9. Membership Refresh End
The Membership-Refresh-End message is sent by the Map-Server to the
xTR to indicate that the communication of the full membership refresh
for the specified EID instance ID and AF is now complete.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 30 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID AFI | EID IID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Request message ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... | Message End Marker ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Membership-Refresh-End message format
o Request message ID: The message ID carried over from the
membership request message.
5. Membership Distribution Message Exchange
Following the reliable transport session establishment, the EID
membership communication relies on the exchange of the membership
messages defined in the previous section. The description in this
section presents the exchange from the perspective of a single xTR
and Map-Server.
Leong, et al. Expires March 13, 2020 [Page 12]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
xTR MS
| |
| ------- Subscribe ------> |
| |
| <---- Subscribe ACK ----- |
| |
| ---- Refresh request ---> |
| |
| <---- Refresh begin ----- |
| |
| <----- Element add ------ |
| <----- Element add ------ |
| <----- Element add ------ |
| |
| <----- Refresh end ------ |
| |
| <-- Element add/delete -- |
| |
| ------ Unsubscribe -----> |
Typical membership distribution message exchange
The xTR starts the exchange by issuing a Membership-Subscribe-Request
message to the Map-Server for a specific EID instance. Assuming the
Map-Server is configured to allow membership distribution and the
requesting router is authorized to receive the membership of the EID
instance, the MS will reply with a Membership-Subscribe-ACK. After
sending the ACK, the MS will start sending to the xTR Membership-
Element-Add and Membership-Element-Delete messages corresponding to
changes of the EID instance membership.
On receipt of the Membership-Subscribe-ACK message, the xTR issues a
Membership-Refresh-Request message in order to receive the complete
contents of the EID instance membership held by the MS. The MS
responds to the Membership-Refresh-Request by issuing a Membership-
Refresh-Begin message, followed by a Membership-Element-Add message
for each member of the EID instance and finally completes the refresh
by sending a Membership-Refresh-End message.
On receipt of Membership-Element-Add and Membership-Element-Delete
messages, the xTR updates its membership database for the EID
instance ID and address family by adding or deleting the entry
corresponding to the communicated RLOC address. Note that the
membership state on the xTR is Map-Server specific and the xTR has to
maintain separate RLOC membership entries received from each Map-
Server it subscribes with.
Leong, et al. Expires March 13, 2020 [Page 13]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
When the xTR receives the Membership-Refresh-End message it purges
all the stale membership entries it may have obtained during a
previous session instantiation that were not updated during the
refresh.
The MS may issue Membership-Element-Add and Membership-Element-Delete
messages corresponding to membership changes at any point after
issuing the Membership-ACK message, even during a refresh.
The xTR may request additional full refreshes of the complete
membership set at any point after having received a Membership-
Subscribe-ACK message by issuing a new Membership-Refresh-Request.
When the Map-Server determines that an xTR is no longer eligible to
receive membership updates, for example the EID instance and address
family registration state of the xTR becomes invalid, then the Map-
Server SHOULD send it a Membership-NACK message to indicate the
termination of the membership communication.
6. Implementation Status
[Note to RFC Editor: Please remove this section and the reference to
[RFC6982] before publication.]
This section records the status of known implementations of the LISP
RLOC Membership Distribution at the time of posting of this Internet-
Draft, and is based on a proposal described in [RFC6982].
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs.
Cisco has a production implementation of the RLOC membership
distribution mechanism described in this draft on IOS, IOS-XE and
IOS-XR. The RLOC membership information is used to implement the
data plane security functionality described in: LISP Data Plane
Security [1]. For additional information please contact lisp-
support@cisco.com.
7. Security Considerations
The RLOC membership distribution message communication takes place
over a LISP reliable transport connection. The security mechanisms
of the reliable transport apply to this solution.
Leong, et al. Expires March 13, 2020 [Page 14]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
8. IANA Considerations
The following message types must be assigned out of the space defined
in [I-D.kouvelas-lisp-reliable-transport].
Type Name Reference
----- ----------------------------- --------------
22 Membership Subscribe This document
23 Membership Subscribe ACK This document
24 Membership Subscribe NACK This document
25 Membership Unsubscribe This document
26 Membership Element Add This document
27 Membership Element Delete This document
28 Membership Refresh Request This document
29 Membership Refresh Begin This document
30 Membership Refresh End This document
9. Acknowledgments
The authors would like to thank Michiel Blokzijl, Selina Heimlich,
Vasileios Lakafosis, Fabio Maino, Andre Pelletier, Jesper Skriver and
Chao Yu, for their contributions to this specification.
10. References
10.1. Normative References
[I-D.ietf-lisp-rfc6833bis]
Farinacci, D., Maino, F., Fuller, V., and A. Cabellos-
Aparicio, "Locator/ID Separation Protocol (LISP) Control-
Plane", draft-ietf-lisp-rfc6833bis-25 (work in progress),
June 2019.
[I-D.kouvelas-lisp-reliable-transport]
Cassar, C., Kouvelas, I., and D. Lewis, "LISP Reliable
Transport", draft-kouvelas-lisp-reliable-transport-02
(work in progress), March 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
10.2. Informative References
Leong, et al. Expires March 13, 2020 [Page 15]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
[I-D.ietf-lisp-ddt]
Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.
Smirnov, "LISP Delegated Database Tree", draft-ietf-lisp-
ddt-09 (work in progress), January 2017.
[I-D.ietf-lisp-lcaf]
Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
Address Format (LCAF)", draft-ietf-lisp-lcaf-22 (work in
progress), November 2016.
[I-D.lewis-lisp-vpns]
Lewis, D. and G. Schudel, "LISP Virtual Private Networks
(VPNs)", draft-lewis-lisp-vpns-00 (work in progress),
February 2014.
[RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", RFC 6982,
DOI 10.17487/RFC6982, July 2013, <https://www.rfc-
editor.org/info/rfc6982>.
10.3. URIs
[1] http://www.cisco.com/c/en/us/td/docs/ios-
xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-data-
plane-sec.html
Authors' Addresses
Johnson Leong
Cisco Systems
Tasman Drive
San Jose, CA 95134
USA
Email: joleong@cisco.com
Darrel Lewis
Cisco Systems
Tasman Drive
San Jose, CA 95134
USA
Email: darlewis@cisco.com
Leong, et al. Expires March 13, 2020 [Page 16]
�
Internet-Draft LISP RLOC Membership Distribution September 2019
Gregg Schudel
Cisco Systems
Tasman Drive
San Jose, CA 95134
USA
Email: gschudel@cisco.com
Anton Smirnov
Cisco Systems
Tasman Drive
San Jose, CA 95134
USA
Email: asmirnov@cisco.com
Chris Cassar
Tesla
10 New Square Park
Bedfont Lakes, Feltham TW14 8HA
United Kingdom
Email: christiancassar@acm.org
Isidor Kouvelas
Arista Networks Inc.
5453 Great America Parkway
Santa Clara, CA 95054
USA
Email: isidor@kouvelas.net
Leong, et al. Expires March 13, 2020 [Page 17]
