idnits 2.17.1 draft-ietf-mpls-lsp-ping-ttl-tlv-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 24, 2014) is 3678 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC2119' on line 121 -- Looks like a reference, but probably isn't: 'RFC4379' on line 258 == Unused Reference: '1' is defined on line 284, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 287, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 291, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4379 (ref. '1') (Obsoleted by RFC 8029) Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Sami Boutros 3 INTERNET-DRAFT Siva Sivabalan 4 Intended Status: Standards Track George Swallow 5 Shaleen Saxena 6 Cisco Systems 8 Vishwas Manral 9 Hewlett Packard Co. 11 Sam Aldrin 12 Huawei Technologies, Inc. 14 Expires: September 25, 2014 March 24, 2014 16 Definition of Time-to-Live TLV for LSP-Ping Mechanisms 17 draft-ietf-mpls-lsp-ping-ttl-tlv-07.txt 19 Abstract 21 LSP-Ping is a widely deployed Operation, Administration, and 22 Maintenance (OAM) mechanism in MPLS networks. However, in the present 23 form, this mechanism is inadequate to verify connectivity of a 24 segment of a Multi-Segment PseudoWire (MS-PW) from any node on the 25 path of the MS-PW. This document defines a TLV to address this 26 shortcoming. 28 Status of this Memo 30 This Internet-Draft is submitted to IETF in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF), its areas, and its working groups. Note that 35 other groups may also distribute working documents as 36 Internet-Drafts. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 The list of current Internet-Drafts can be accessed at 44 http://www.ietf.org/1id-abstracts.html 46 The list of Internet-Draft Shadow Directories can be accessed at 47 http://www.ietf.org/shadow.html 49 Copyright and License Notice 51 Copyright (c) 2014 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. Time To Live TLV . . . . . . . . . . . . . . . . . . . . . . . 4 69 3.1. TTL TLV Format . . . . . . . . . . . . . . . . . . . . . . 4 70 3.2. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 71 4. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 4.1. Traceroute mode . . . . . . . . . . . . . . . . . . . . . . 6 73 4.2. Error scenario . . . . . . . . . . . . . . . . . . . . . . 6 74 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 75 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 76 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 77 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 78 8.1 Normative References . . . . . . . . . . . . . . . . . . . 7 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 81 1. Introduction 83 A MS-PW may span across multiple service provider networks. In order 84 to allow Service Providers (SP) to verify segments of such MS-PW from 85 any node on the path of the MS-PW, any node along the path of the MS- 86 PW, should be able to originate an LSP-Ping echo request packet to 87 any another node along the path of the MS-PW and receive the 88 corresponding echo reply. If the originator of the echo request is at 89 the end of a MS-PW, the receiver of the request can send the reply 90 back to the sender without knowing the hop-count distance of the 91 originator. The reply will be intercepted by the originator 92 regardless of the TTL value on the reply packet. But, if the 93 originator is not at the end of the MS-PW, the receiver of the echo 94 request MAY need to know how many hops away the originator of the 95 echo request is so that it can set the TTL value on the MPLS header 96 for the echo reply to be intercepted at the originator node. 98 In MPLS networks, for bidirectional co-routed LSPs, if it is desired 99 to verify connectivity from any intermediate node (LSR) on the LSP to 100 the any other LSR on the LSP the receiver may need to know the TTL to 101 send the Echo reply with, so as the packet is intercepted by the 102 originator node. 104 A new optional TTL TLV is defined in this document. This TLV will be 105 added by the originator of the echo request to inform the receiver 106 how many hops away the originator is on the path of the MS-PW or 107 Bidirectional LSP. 109 This mechanism only works if the echo reply is sent down the co- 110 routed LSP, hence the scope of this TTL TLV is currently limited to 111 MS-PW or Bidirectional co-routed MPLS LSPs. The presence of the TLV 112 implies the use of the return path of the co-routed LSP, if the 113 return path is any other mechanism then the TLV in the echo request 114 MUST be ignored. 116 2. Terminology 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 120 document are to be interpreted as described in RFC 2119 [RFC2119]. 122 LSR: Label Switching Router 124 MPLS-TP: MPLS Transport Profile 126 MS-PW: Multi-Segment Pseudowire 128 PW: Pseudowire 129 TLV: Type Length Value 131 TTL: Time To Live 133 3. Time To Live TLV 135 3.1. TTL TLV Format 137 0 1 2 3 138 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 140 | Type = TBD | Length = 8 | 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 | Value | Reserved | Flags | 143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 Figure 1: Time To Live TLV format 146 The TTL TLV has the format shown in Figure 1. 148 Value 150 The value of the TTL as specified by this TLV 152 Flags 154 The Flags field is a bit vector with the following format: 156 0 1 157 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 | MBZ |R| 160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 162 One flag is defined for now, the R flag; the rest of the 163 flags are currently undefined and must be zero (MBZ) when 164 sending and ignored on receipt. 166 The R flag (Reply TTL) is set signify that the value is 167 meant to be used as the TTL for the reply packet. Other bits 168 may be defined later to enhance the scope of this TLV. 170 3.2. Usage 172 This TLV shall be included in the echo request by the originator of 173 request. The use of this TLV is optional. If a receiver does not 174 understand the TTL TLV, it will simply ignore the TLV (Type value of 175 TLV is assumed to be in the range of optional TLV's which SHOULD be 176 ignored if an implementation does not support or understand them). In 177 the absence of TTL TLV or if TTL TLV is ignored by a receiver, the 178 determination of the TTL value used in the MPLS label on the echo 179 reply is beyond the scope of this document. 181 If a receiver understands the TTL TLV, and the TTL TLV is present in 182 the echo request, and if the value field is zero, the LSP Ping Echo 183 request packet SHOULD be dropped. 185 If a receiver understands the TTL TLV, and the TTL TLV is present in 186 the echo request, the receiver MUST use the TTL value specified in 187 TLV in the MPLS header of the echo reply. In other words, if the 188 value of the TTL provided by this TLV does not match the TTL 189 determined by other means, such as Switching Point TLV in MS-PW, then 190 TTL TLV must be used. This will aid the originator of the echo 191 request in analyzing the return path. 193 4. Operation 195 In this section, we explain a use case for the TTL TLV with an MPLS 196 MS-PW. 197 <------------------MS-PW ---------------------> 199 A B C D E 200 o -------- o -------- o --------- o --------- o 201 ------Echo Request-----> 202 <-----Echo Reply-------- 204 Figure 2: Use-case with MS-PWs 206 Let us assume a MS-PW going through LSRs A, B, C, D, and E. 207 Furthermore, assume that an operator wants to perform a connectivity 208 check between B and D from B. Thus, an LSP-Ping request with the TTL 209 TLV is originated from B and sent towards D. The echo request packet 210 contains the FEC of the PW Segment between C and D. The value field 211 of the TTL TLV and the TTL field of the MPLS label are set to 2, the 212 choice of the value 2 will be based on the operator input requesting 213 the echo request or from the optional LDP switching point TLV. The 214 echo request is intercepted at D because of TTL expiry. D detects the 215 TTL TLV in the request, and use the TTL value (i.e., 2) specified in 216 the TLV on the MPLS label of the echo reply. The echo reply will be 217 intercepted by B because of TTL expiry. 219 The same operation will apply in the case a co-routed bidirectional 220 LSP and we want to check connectivity from an intermediate LSR B to 221 another LSR D, from B. 223 4.1. Traceroute mode 225 In the traceroute mode TTL value in the TLV is successively set to 1, 226 2, and so on. This is similar to the TTL values used for the label 227 set on the packet. 229 4.2. Error scenario 231 It is possible that the echo request packet was intercepted before 232 the intended destination for reason other than label TTL expiry. This 233 could be due network faults, misconfiguration or other reasons. In 234 such cases, if the return TTL is set to the value specified in the 235 TTL TLV then the echo response packet will continue beyond the 236 originating node. This becomes a security issue. 238 To prevent this, the label TTL value used in the Echo Reply packet 239 must be modified by deducting the incoming label TTL on the received 240 packet from TTL TLV value. If the echo request packet is punted to 241 the CPU before the incoming label TTL is deducted, then another 1 242 must be deducted. In other words: 244 Return TTL Value on the Echo Reply packet = (TTL TLV Value)-(Incoming 245 Label TTL) + 1 247 5. Security Considerations 249 This draft allows the setting of the TTL value in the MPLS Label of 250 an echo reply, so that it can be intercepted by an intermediate 251 device. This can cause a device to get a lot of LSP Ping packets 252 which get redirected to the CPU. 254 However the same is possible even without the changes mentioned in 255 this document. A device should rate limit the LSP ping packets 256 redirected to the CPU so that the CPU is not overwhelmed. 258 The recommendation in [RFC4379] security section applies, to check 259 the source address of the MPLS echo request, however the source 260 address can now be any node along the LSP path. 262 A faulty transit node changing the TTL TLV value could make the wrong 263 node reply to the MPLS echo request, and/or the wrong node to receive 264 the MPLS echo reply. An LSP trace may help identify the faulty 265 transit node. 267 6. IANA Considerations 268 IANA is requested to assign TLV type value to the following TLV from 269 the "Multiprotocol Label Switching Architecture (MPLS) Label Switched 270 Paths (LSPs) Parameters - TLVs" registry, "TLVs and sub-TLVs" sub- 271 registry. 273 Time To Live TLV (See Section 3). The value must be assigned from the 274 range (32768-49161) of optional TLVs. 276 7. Acknowledgements 278 The authors would like to thank Greg Mirsky for his comments. 280 8. References 282 8.1 Normative References 284 [1] K. Kompella, G. Swallow, "Detecting Multi-Protocol Label Switched 285 (MPLS) Data Plane Failures", RFC 4379, February 2006. 287 [2] T. Nadeau, et. al, "Pseudowire Virtual Circuit Connectivity 288 Verification (VCCV): A Control Channel for Pseudowires ", RFC 5085, 289 December 2007. 291 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 292 Levels", BCP 14, RFC 2119, March 1997. 294 Authors' Addresses 296 Sami Boutros 297 Cisco Systems, Inc. 298 3750 Cisco Way 299 San Jose, California 95134 300 USA 301 Email: sboutros@cisco.com 303 Siva Sivabalan 304 Cisco Systems, Inc. 305 2000 Innovation Drive 306 Kanata, Ontario, K2K 3E8 307 Canada 308 Email: msiva@cisco.com 309 George Swallow 310 Cisco Systems, Inc. 311 300 Beaver Brook Road 312 Boxborough , MASSACHUSETTS 01719 313 United States 314 Email: swallow@cisco.com 316 Shaleen Saxena 317 Cisco Systems, Inc. 318 1414 Massachusetts Avenue 319 Boxborough , MASSACHUSETTS 01719 320 United States 321 Email: ssaxena@cisco.com 323 Vishwas Manral 324 Hewlett Packard Co. 325 19111 Pruneridge Ave, 326 Cupertino, CA 95014 USA 327 United States 328 EMail: vishwas.manral@hp.com 330 Michael Wildt 331 Cisco Systems, Inc. 332 1414 Massachusetts Avenue 333 Boxborough , MASSACHUSETTS 01719 334 United States 335 Email: mwildt@cisco.com 337 Sam Aldrin 338 Huawei Technologies, Inc. 339 1188 Central Express Way, 340 Santa Clara, CA 95051 341 United States 342 Email: aldrin.ietf@gmail.com