idnits 2.17.1 draft-ietf-softwire-mesh-multicast-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 426: '... defined in [RFC4291], and MUST be set to zero; "suffix" field is...' RFC 2119 keyword, line 427: '...e extensions and SHOULD be set to zero...' RFC 2119 keyword, line 460: '... [RFC5565], AFBRs MUST be able to transport and encode/decode BGP...' RFC 2119 keyword, line 561: '... MUST follow the format specified...' RFC 2119 keyword, line 571: '...urces that support mesh multicast MUST...' (4 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 382 has weird spacing: '... |group addre...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 15, 2014) is 3754 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4601 (Obsoleted by RFC 7761) ** Downref: Normative reference to an Informational RFC: RFC 4925 == Outdated reference: A later version (-06) exists of draft-ietf-mboned-64-multicast-address-format-05 Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Xu 3 Internet-Draft Y. Cui 4 Expires: July 19, 2014 J. Wu 5 S. Yang 6 Tsinghua University 7 C. Metz 8 G. Shepherd 9 Cisco Systems 10 January 15, 2014 12 Softwire Mesh Multicast 13 draft-ietf-softwire-mesh-multicast-06 15 Abstract 17 The Internet needs to support IPv4 and IPv6 packets. Both address 18 families and their attendant protocol suites support multicast of the 19 single-source and any-source varieties. As part of the transition to 20 IPv6, there will be scenarios where a backbone network running one IP 21 address family internally (referred to as internal IP or I-IP) will 22 provide transit services to attached client networks running another 23 IP address family (referred to as external IP or E-IP). It is 24 expected that the I-IP backbone will offer unicast and multicast 25 transit services to the client E-IP networks. 27 Softwire Mesh is a solution to E-IP unicast and multicast support 28 across an I-IP backbone. This document describes the mechanisms for 29 supporting Internet-style multicast across a set of E-IP and I-IP 30 networks supporting softwire mesh. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on July 19, 2014. 49 Copyright Notice 51 Copyright (c) 2014 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 This document may contain material from IETF Documents or IETF 65 Contributions published or made publicly available before November 66 10, 2008. The person(s) controlling the copyright in some of this 67 material may not have granted the IETF Trust the right to allow 68 modifications of such material outside the IETF Standards Process. 69 Without obtaining an adequate license from the person(s) controlling 70 the copyright in such materials, this document may not be modified 71 outside the IETF Standards Process, and derivative works of it may 72 not be created outside the IETF Standards Process, except to format 73 it for publication as an RFC or to translate it into languages other 74 than English. 76 Table of Contents 78 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 79 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 80 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 6 81 3.1. IPv4-over-IPv6 . . . . . . . . . . . . . . . . . . . . . 6 82 3.2. IPv6-over-IPv4 . . . . . . . . . . . . . . . . . . . . . 7 83 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . 9 84 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 9 85 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 9 86 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . 10 87 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 11 88 5. IPv6-over-IPv4 Mechanism . . . . . . . . . . . . . . . . . . 12 89 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 12 90 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 12 91 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . 12 92 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 13 93 6. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 14 94 6.1. E-IP (*,G) State Maintenance . . . . . . . . . . . . . . 14 95 6.2. E-IP (S,G) State Maintenance . . . . . . . . . . . . . . 14 96 6.3. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 14 97 6.4. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 15 98 6.5. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 15 99 6.6. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 17 100 6.7. Other PIM Message Types . . . . . . . . . . . . . . . . . 17 101 6.8. Other PIM States Maintenance . . . . . . . . . . . . . . 17 102 7. Data Plane Functions of AFBR . . . . . . . . . . . . . . . . 17 103 7.1. Process and Forward Multicast Data . . . . . . . . . . . 17 104 7.2. Selecting a Tunneling Technology . . . . . . . . . . . . 18 105 7.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 106 7.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 18 107 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 108 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 109 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 110 10.1. Normative References . . . . . . . . . . . . . . . . . . 19 111 10.2. Informative References . . . . . . . . . . . . . . . . . 19 112 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 19 113 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 115 1. Introduction 117 The Internet needs to support IPv4 and IPv6 packets. Both address 118 families and their attendant protocol suites support multicast of the 119 single-source and any-source varieties. As part of the transition to 120 IPv6, there will be scenarios where a backbone network running one IP 121 address family internally (referred to as internal IP or I-IP) will 122 provide transit services to attached client networks running another 123 IP address family (referred to as external IP or E-IP). 125 The preferred solution is to leverage the multicast functions 126 inherent in the I-IP backbone, to efficiently and scalably forward 127 client E-IP multicast packets inside an I-IP core tree, which roots 128 at one or more ingress AFBR nodes and branches out to one or more 129 egress AFBR leaf nodes. 131 [RFC4925] outlines the requirements for the softwires mesh scenario 132 including the multicast. It is straightforward to envisage that 133 client E-IP multicast sources and receivers will reside in different 134 client E-IP networks connected to an I-IP backbone network. This 135 requires that the client E-IP source-rooted or shared tree should 136 traverse the I-IP backbone network. 138 One method to accomplish this is to re-use the multicast VPN approach 139 outlined in [RFC6513]. MVPN-like schemes can support the softwire 140 mesh scenario and achieve a "many-to-one" mapping between the E-IP 141 client multicast trees and the transit core multicast trees. The 142 advantage of this approach is that the number of trees in the I-IP 143 backbone network scales less than linearly with the number of E-IP 144 client trees. Corporate enterprise networks and by extension 145 multicast VPNs have been known to run applications that create a 146 large amount of (S,G) states. Aggregation at the edge contains the 147 (S,G) states that need to be maintained by the network operator 148 supporting the customer VPNs. The disadvantage of this approach is 149 the possible inefficient bandwidth and resource utilization when 150 multicast packets are delivered to a receiver AFBR with no attached 151 E-IP receivers. 153 Internet-style multicast is somewhat different in that the trees tend 154 to be relatively sparse and source-rooted. The need for multicast 155 aggregation at the edge (where many customer multicast trees are 156 mapped into a few or one backbone multicast trees) does not exist and 157 to date has not been identified. Thus the need for a basic or closer 158 alignment with E-IP and I-IP multicast procedures emerges. 160 A framework on how to support such methods is described in [RFC5565]. 161 In this document, a more detailed discussion supporting the "one-to- 162 one" mapping schemes for the IPv6 over IPv4 and IPv4 over IPv6 163 scenarios will be discussed. 165 2. Terminology 167 An example of a softwire mesh network supporting multicast is 168 illustrated in Figure 1. A multicast source S is located in one E-IP 169 client network, while candidate E-IP group receivers are located in 170 the same or different E-IP client networks that all share a common 171 I-IP transit network. When E-IP sources and receivers are not local 172 to each other, they can only communicate with each other through the 173 I-IP core. There may be several E-IP sources for some multicast 174 group residing in different client E-IP networks. In the case of 175 shared trees, the E-IP sources, receivers and RPs might be located in 176 different client E-IP networks. In a simple case the resources of 177 the I-IP core are managed by a single operator although the inter- 178 provider case is not precluded. 180 ._._._._. ._._._._. 181 | | | | -------- 182 | E-IP | | E-IP |--|Source S| 183 | network | | network | -------- 184 ._._._._. ._._._._. 185 | | 186 AFBR upstream AFBR 187 | | 188 __+____________________+__ 189 / : : : : \ 190 | : : : : | E-IP Multicast 191 | : I-IP transit core : | packets should 192 | : : : : | get across the 193 | : : : : | I-IP transit core 194 \_._._._._._._._._._._._._./ 195 + + 196 downstream AFBR downstream AFBR 197 | | 198 ._._._._ ._._._._ 199 -------- | | | | -------- 200 |Receiver|-- | E-IP | | E-IP |--|Receiver| 201 -------- |network | |network | -------- 202 ._._._._ ._._._._ 204 Figure 1: Softwire Mesh Multicast Framework 206 Terminology used in this document: 208 o Address Family Border Router (AFBR) - A dual-stack router 209 interconnecting two or more networks using different IP address 210 families. In the context of softwire mesh multicast, the AFBR runs 211 E-IP and I-IP control planes to maintain E-IP and I-IP multicast 212 states respectively and performs the appropriate encapsulation/ 213 decapsulation of client E-IP multicast packets for transport across 214 the I-IP core. An AFBR will act as a source and/or receiver in an 215 I-IP multicast tree. 217 o Upstream AFBR: The AFBR router that is located on the upper reaches 218 of a multicast data flow. 220 o Downstream AFBR: The AFBR router that is located on the lower 221 reaches of a multicast data flow. 223 o I-IP (Internal IP): This refers to the form of IP (i.e., either 224 IPv4 or IPv6) that is supported by the core (or backbone) network. 225 An I-IPv6 core network runs IPv6 and an I-IPv4 core network runs 226 IPv4. 228 o E-IP (External IP): This refers to the form of IP (i.e. either IPv4 229 or IPv6) that is supported by the client network(s) attached to the 230 I-IP transit core. An E-IPv6 client network runs IPv6 and an E-IPv4 231 client network runs IPv4. 233 o I-IP core tree: A distribution tree rooted at one or more AFBR 234 source nodes and branched out to one or more AFBR leaf nodes. An 235 I-IP core tree is built using standard IP or MPLS multicast signaling 236 protocols operating exclusively inside the I-IP core network. An 237 I-IP core tree is used to forward E-IP multicast packets belonging to 238 E-IP trees across the I-IP core. Another name for an I-IP core tree 239 is multicast or multipoint softwire. 241 o E-IP client tree: A distribution tree rooted at one or more hosts 242 or routers located inside a client E-IP network and branched out to 243 one or more leaf nodes located in the same or different client E-IP 244 networks. 246 o uPrefix64: The /96 unicast IPv6 prefix for constructing 247 IPv4-embedded IPv6 source address. 249 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 250 PIM messages to the upstream AFBR. 252 3. Scenarios of Interest 254 This section describes the two different scenarios where softwires 255 mesh multicast will apply. 257 3.1. IPv4-over-IPv6 258 ._._._._. ._._._._. 259 | IPv4 | | IPv4 | -------- 260 | Client | | Client |--|Source S| 261 | network | | network | -------- 262 ._._._._. ._._._._. 263 | | 264 AFBR upstream AFBR 265 | | 266 __+____________________+__ 267 / : : : : \ 268 | : : : : | 269 | : IPv6 transit core : | 270 | : : : : | 271 | : : : : | 272 \_._._._._._._._._._._._._./ 273 + + 274 downstream AFBR downstream AFBR 275 | | 276 ._._._._ ._._._._ 277 -------- | IPv4 | | IPv4 | -------- 278 |Receiver|-- | Client | | Client |--|Receiver| 279 -------- | network| | network| -------- 280 ._._._._ ._._._._ 282 Figure 2: IPv4-over-IPv6 Scenario 284 In this scenario, the E-IP client networks run IPv4 and I-IP core 285 runs IPv6. This scenario is illustrated in Figure 2. 287 Because of the much larger IPv6 group address space, it will not be a 288 problem to map individual client E-IPv4 tree to a specific I-IPv6 289 core tree. This simplifies operations on the AFBR because it becomes 290 possible to algorithmically map an IPv4 group/source address to an 291 IPv6 group/source address and vice-versa. 293 The IPv4-over-IPv6 scenario is an emerging requirement as network 294 operators build out native IPv6 backbone networks. These networks 295 naturally support native IPv6 services and applications but it is 296 with near 100% certainty that legacy IPv4 networks handling unicast 297 and multicast should be accommodated. 299 3.2. IPv6-over-IPv4 300 ._._._._. ._._._._. 301 | IPv6 | | IPv6 | -------- 302 | Client | | Client |--|Source S| 303 | network | | network | -------- 304 ._._._._. ._._._._. 305 | | 306 AFBR upstream AFBR 307 | | 308 __+____________________+__ 309 / : : : : \ 310 | : : : : | 311 | : IPv4 transit core : | 312 | : : : : | 313 | : : : : | 314 \_._._._._._._._._._._._._./ 315 + + 316 downstream AFBR downstream AFBR 317 | | 318 ._._._._ ._._._._ 319 -------- | IPv6 | | IPv6 | -------- 320 |Receiver|-- | Client | | Client |--|Receiver| 321 -------- | network| | network| -------- 322 ._._._._ ._._._._ 324 Figure 3: IPv6-over-IPv4 Scenario 326 In this scenario, the E-IP Client Networks run IPv6 while the I-IP 327 core runs IPv4. This scenario is illustrated in Figure 3. 329 IPv6 multicast group addresses are longer than IPv4 multicast group 330 addresses. It will not be possible to perform an algorithmic IPv6 - 331 to - IPv4 address mapping without the risk of multiple IPv6 group 332 addresses mapped to the same IPv4 address resulting in unnecessary 333 bandwidth and resource consumption. Therefore additional efforts 334 will be required to ensure that client E-IPv6 multicast packets can 335 be injected into the correct I-IPv4 multicast trees at the AFBRs. 336 This clear mismatch in IPv6 and IPv4 group address lengths means that 337 it will not be possible to perform a one-to-one mapping between IPv6 338 and IPv4 group addresses unless the IPv6 group address is scoped. 340 As mentioned earlier, this scenario is common in the MVPN 341 environment. As native IPv6 deployments and multicast applications 342 emerge from the outer reaches of the greater public IPv4 Internet, it 343 is envisaged that the IPv6 over IPv4 softwire mesh multicast scenario 344 will be a necessary feature supported by network operators. 346 4. IPv4-over-IPv6 Mechanism 348 4.1. Mechanism Overview 350 Routers in the client E-IPv4 networks contain routes to all other 351 client E-IPv4 networks. Through the set of known and deployed 352 mechanisms, E-IPv4 hosts and routers have discovered or learnt of 353 (S,G) or (*,G) IPv4 addresses. Any I-IPv6 multicast state 354 instantiated in the core is referred to as (S',G') or (*,G') and is 355 certainly separated from E-IPv4 multicast state. 357 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 358 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 359 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 360 message with the latter being directed towards I-IP IPv6 address of 361 the upstream AFBR. When the I-IPv6 PIM message arrives at the 362 upstream AFBR, it should be translated back into an E-IPv4 PIM 363 message. The result of these actions is the construction of E-IPv4 364 trees and a corresponding I-IP tree in the I-IP network. 366 In this case it is incumbent upon the AFBR routers to perform PIM 367 message conversions in the control plane and IP group address 368 conversions or mappings in the data plane. It becomes possible to 369 devise an algorithmic one-to-one IPv4-to-IPv6 address mapping at 370 AFBRs. 372 4.2. Group Address Mapping 374 For IPv4-over-IPv6 scenario, a simple algorithmic mapping between 375 IPv4 multicast group addresses and IPv6 group addresses is supported. 376 [I-D.ietf-mboned-64-multicast-address-format] has already defined an 377 applicable format. Figure 4 is the reminder of the format: 379 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 380 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 381 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 382 | MPREFIX64 |group address | 383 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 385 Figure 4: IPv4-Embedded IPv6 Multicast Address Format 387 The MPREFIX64 for SSM mode is also defined in 388 [I-D.ietf-mboned-64-multicast-address-format] : 390 o ff3x:0:8000::/96 ('x' is any valid scope) 391 With this scheme, each IPv4 multicast address can be mapped into an 392 IPv6 multicast address (with the assigned prefix), and each IPv6 393 multicast address with the assigned prefix can be mapped into IPv4 394 multicast address. 396 4.3. Source Address Mapping 398 There are two kinds of multicast --- ASM and SSM. Considering that 399 I-IP network and E-IP network may support different kind of 400 multicast, the source address translation rules could be very complex 401 to support all possible scenarios. But since SSM can be implemented 402 with a strict subset of the PIM-SM protocol mechanisms [RFC4601], we 403 can treat I-IP core as SSM-only to make it as simple as possible, 404 then there remains only two scenarios to be discussed in detail: 406 o E-IP network supports SSM 408 One possible way to make sure that the translated I-IPv6 PIM 409 message reaches upstream AFBR is to set S' to a virtual IPv6 410 address that leads to the upstream AFBR. Figure 5 is the 411 recommended address format based on [RFC6052]: 413 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 414 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 415 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 416 | prefix |v4(32) | u | suffix |source address | 417 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 418 |<------------------uPrefix64------------------>| 420 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 422 In this address format, the "prefix" field contains a "Well-Known" 423 prefix or an ISP-defined prefix. An existing "Well-Known" prefix 424 is 64:ff9b, which is defined in [RFC6052]; "v4" field is the IP 425 address of one of upstream AFBR's E-IPv4 interfaces; "u" field is 426 defined in [RFC4291], and MUST be set to zero; "suffix" field is 427 reserved for future extensions and SHOULD be set to zero; "source 428 address" field stores the original S. We call the overall /96 429 prefix ("prefix" field and "v4" field and "u" field and "suffix" 430 field altogether) "uPrefix64". 432 o E-IP network supports ASM 433 The (S,G) source list entry and the (*,G) source list entry only 434 differ in that the latter have both the WC and RPT bits of the 435 Encoded-Source-Address set, while the former all cleared (See 436 Section 4.9.5.1 of [RFC4601]). So we can translate source list 437 entries in (*,G) messages into source list entries in (S'G') 438 messages by applying the format specified in Figure 5 and clearing 439 both the WC and RPT bits at downstream AFBRs, and translate them 440 back at upstream AFBRs vice-versa. 442 4.4. Routing Mechanism 444 In the mesh multicast scenario, routing information is required to be 445 distributed among AFBRs to make sure that PIM messages that a 446 downstream AFBR propagates reach the right upstream AFBR. 448 To make it feasible, the /32 prefix in "IPv4-Embedded IPv6 Virtual 449 Source Address Format" must be known to every AFBR, and every AFBR 450 should not only announce the IP address of one of its E-IPv4 451 interfaces presented in the "v4" field to other AFBRs by MPBGP, but 452 also announce the corresponding uPrefix64 to the I-IPv6 network. 453 Since every IP address of upstream AFBR's E-IPv4 interface is 454 different from each other, every uPrefix64 that AFBR announces should 455 be different either, and uniquely identifies each AFBR. "uPrefix64" 456 is an IPv6 prefix, and the distribution of it is the same as the 457 distribution in the traditional mesh unicast scenario. But since 458 "v4" field is an E-IPv4 address, and BGP messages are NOT tunneled 459 through softwires or through any other mechanism as specified in 460 [RFC5565], AFBRs MUST be able to transport and encode/decode BGP 461 messages that are carried over I-IPv6, whose NLRI and NH are of 462 E-IPv4 address family. 464 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 465 message, it can translate this message into (S',G') by looking up the 466 IP address of the corresponding AFBR's E-IPv4 interface. Since the 467 uPrefix64 of S' is unique, and is known to every router in the I-IPv6 468 network, the translated message will eventually arrive at the 469 corresponding upstream AFBR, and the upstream AFBR can translate the 470 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 471 (*,G) message, S' can be generated according to the format specified 472 in Figure 4, with "source address" field set to *(the IPv4 address of 473 RP). The translated message will eventually arrive at the 474 corresponding upstream AFBR. Since every PIM router within a PIM 475 domain must be able to map a particular multicast group address to 476 the same RP (see Section 4.7 of [RFC4601]), when this upstream AFBR 477 checks the "source address" field of the message, it'll find the IPv4 478 address of RP, so this upstream AFBR judges that this is originally a 479 (*,G) message, then it translates the message back to the (*,G) 480 message and processes it. 482 5. IPv6-over-IPv4 Mechanism 484 5.1. Mechanism Overview 486 Routers in the client E-IPv6 networks contain routes to all other 487 client E-IPv6 networks. Through the set of known and deployed 488 mechanisms, E-IPv6 hosts and routers have discovered or learnt of 489 (S,G) or (*,G) IPv6 addresses. Any I-IP multicast state instantiated 490 in the core is referred to as (S',G') or (*,G') and is certainly 491 separated from E-IP multicast state. 493 This particular scenario introduces unique challenges. Unlike the 494 IPv4-over-IPv6 scenario, it's impossible to map all of the IPv6 495 multicast address space into the IPv4 address space to address the 496 one-to-one Softwire Multicast requirement. To coordinate with the 497 "IPv4-over-IPv6" scenario and keep the solution as simple as 498 possible, one possible solution to this problem is to limit the scope 499 of the E-IPv6 source addresses for mapping, such as applying a "Well- 500 Known" prefix or an ISP-defined prefix. 502 5.2. Group Address Mapping 504 To keep one-to-one group address mapping simple, the group address 505 range of E-IP IPv6 can be reduced in a number of ways to limit the 506 scope of addresses that need to be mapped into the I-IP IPv4 space. 508 A recommended multicast address format is defined in 509 [I-D.ietf-mboned-64-multicast-address-format]. The high order bits 510 of the E-IPv6 address range will be fixed for mapping purposes. With 511 this scheme, each IPv4 multicast address can be mapped into an IPv6 512 multicast address(with the assigned prefix), and each IPv6 multicast 513 address with the assigned prefix can be mapped into IPv4 multicast 514 address. 516 5.3. Source Address Mapping 518 There are two kinds of multicast --- ASM and SSM. Considering that 519 I-IP network and E-IP network may support different kind of 520 multicast, the source address translation rules could be very complex 521 to support all possible scenarios. But since SSM can be implemented 522 with a strict subset of the PIM-SM protocol mechanisms [RFC4601], we 523 can treat I-IP core as SSM-only to make it as simple as possible, 524 then there remains only two scenarios to be discussed in detail: 526 o E-IP network supports SSM 527 To make sure that the translated I-IPv4 PIM message reaches the 528 upstream AFBR, we need to set S' to an IPv4 address that leads to 529 the upstream AFBR. But due to the non-"one-to-one" mapping of 530 E-IPv6 to I-IPv4 unicast address, the upstream AFBR is unable to 531 remap the I-IPv4 source address to the original E-IPv6 source 532 address without any constraints. 534 We apply a fixed IPv6 prefix and static mapping to solve this 535 problem. A recommended source address format is defined in 536 [RFC6052]. Figure 6 is the reminder of the format: 538 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 539 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 540 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 541 | uPrefix64 |source address | 542 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 544 Figure 6: IPv4-Embedded IPv6 Source Address Format 546 In this address format, the "uPrefix64" field starts with a "Well- 547 Known" prefix or an ISP-defined prefix. An existing "Well-Known" 548 prefix is 64:ff9b/32, which is defined in [RFC6052]; "source 549 address" field is the corresponding I-IPv4 source address. 551 o E-IP network supports ASM 553 The (S,G) source list entry and the (*,G) source list entry only 554 differ in that the latter have both the WC and RPT bits of the 555 Encoded-Source-Address set, while the former all cleared (See 556 Section 4.9.5.1 of [RFC4601]). So we can translate source list 557 entries in (*,G) messages into source list entries in (S',G') 558 messages by applying the format specified in Figure 5 and setting 559 both the WC and RPT bits at downstream AFBRs, and translate them 560 back at upstream AFBRs vice-versa. Here, the E-IPv6 address of RP 561 MUST follow the format specified in Figure 6. RP' is the upstream 562 AFBR that locates between RP and the downstream AFBR. 564 5.4. Routing Mechanism 566 In the mesh multicast scenario, routing information is required to be 567 distributed among AFBRs to make sure that PIM messages that a 568 downstream AFBR propagates reach the right upstream AFBR. 570 To make it feasible, the /96 uPrefix64 must be known to every AFBR, 571 every E-IPv6 address of sources that support mesh multicast MUST 572 follow the format specified in Figure 6, and the corresponding 573 upstream AFBR of this source should announce the I-IPv4 address in 574 "source address" field of this source's IPv6 address to the I-IPv4 575 network. Since uPrefix64 is static and unique in IPv6-over-IPv4 576 scenario, there is no need to distribute it using BGP. The 577 distribution of "source address" field of multicast source addresses 578 is a pure I-IPv4 process and no more specification is needed. 580 In this way, when a downstream AFBR receives a (S,G) message, it can 581 translate the message into (S',G') by simply taking off the prefix in 582 S. Since S' is known to every router in I-IPv4 network, the 583 translated message will eventually arrive at the corresponding 584 upstream AFBR, and the upstream AFBR can translate the message back 585 to (S,G) by appending the prefix to S'. When a downstream AFBR 586 receives a (*,G) message, it can translate it into (S',G') by simply 587 taking off the prefix in *(the E-IPv6 address of RP). Since S' is 588 known to every router in I-IPv4 network, the translated message will 589 eventually arrive at RP'. And since every PIM router within a PIM 590 domain must be able to map a particular multicast group address to 591 the same RP (see Section 4.7 of [RFC4601]), RP' knows that S' is the 592 mapped I-IPv4 address of RP, so RP' will translate the message back 593 to (*,G) by appending the prefix to S' and propagate it towards RP. 595 6. Control Plane Functions of AFBR 597 The AFBRs are responsible for the following functions: 599 6.1. E-IP (*,G) State Maintenance 601 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 602 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 603 into Join/Prune(S',G') messages following the rules specified above, 604 then send the latter. 606 6.2. E-IP (S,G) State Maintenance 608 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 609 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 610 into Join/Prune(S',G') messages following the rules specified above, 611 then send the latter. 613 6.3. I-IP (S',G') State Maintenance 615 It is possible that there runs a non-transit I-IP PIM-SSM in the I-IP 616 transit core. Since the translated source address starts with the 617 unique "Well-Known" prefix or the ISP-defined prefix that should not 618 be used otherwise, mesh multicast won't influence non-transit PIM-SM 619 multicast at all. When one AFBR receives an I-IP (S',G') message, it 620 should check S'. If S' starts with the unique prefix, it means that 621 this message is actually a translated E-IP (S,G) or (*,G) message, 622 then the AFBR should translate this message back to E-IP PIM message 623 and process it. 625 6.4. E-IP (S,G,rpt) State Maintenance 627 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 628 I-IP upstream router, the AFBR MUST do as specified in Section 6.5 629 and Section 6.6. 631 6.5. Inter-AFBR Signaling 633 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 634 of (S,G), and decide to perform a SPT switchover. According to 635 [RFC4601], it should propagate a Prune(S,G,rpt) message along with 636 the periodical Join(*,G) message upstream towards RP. Unfortunately, 637 routers in I-IP transit core are not supposed to understand (S,G,rpt) 638 messages since I-IP transit core is treated as SSM-only. As a 639 result, this downstream AFBR is unable to prune S from this RPT, then 640 it will receive two copies of the same data of (S,G). In order to 641 solve this problem, we introduce a new mechanism for downstream AFBRs 642 to inform upstream AFBRs of pruning any given S from RPT. 644 When a downstream AFBR wishes to propagate a (S,G,rpt) message 645 upstream, it should encapsulate the (S,G,rpt) message, then unicast 646 the encapsulated message to the corresponding upstream AFBR, which we 647 call "RP'". 649 When RP' receives this encapsulated message, it should decapsulate 650 this message as what it does in the unicast scenario, and get the 651 original (S,G,rpt) message. The incoming interface of this message 652 may be different from the outgoing interface which propagates 653 multicast data to the corresponding downstream AFBR, and there may be 654 other downstream AFBRs that need to receive multicast data of (S,G) 655 from this incoming interface, so RP' should not simply process this 656 message as specified in [RFC4601] on the incoming interface. 658 To solve this problem, and keep the solution as simple as possible, 659 we introduce an "interface agent" to process all the encapsulated 660 (S,G,rpt) messages the upstream AFBR receives, and prune S from the 661 RPT of group G when no downstream AFBR wants to receive multicast 662 data of (S,G) along the RPT. In this way, we do insure that 663 downstream AFBRs won't miss any multicast data that they needs, at 664 the cost of duplicated multicast data of (S,G) along the RPT received 665 by SPT-switched-over downstream AFBRs, if there exists at least one 666 downstream AFBR that hasn't yet sent Prune(S,G,rpt) messages to the 667 upstream AFBR. The following diagram shows an example of how an 668 "interface agent" may be implemented: 670 +----------------------------------------+ 671 | | 672 | +-----------+----------+ | 673 | | PIM-SM | UDP | | 674 | +-----------+----------+ | 675 | ^ | | 676 | | | | 677 | | v | 678 | +----------------------+ | 679 | | I/F Agent | | 680 | +----------------------+ | 681 | PIM ^ | multicast | 682 | messages | | data | 683 | | +-------------+---+ | 684 | +--+--|-----------+ | | 685 | | v | v | 686 | +--------- + +----------+ | 687 | | I-IP I/F | | I-IP I/F | | 688 | +----------+ +----------+ | 689 | ^ | ^ | | 690 | | | | | | 691 +--------|-----|----------|-----|--------+ 692 | v | v 694 Figure 7: Interface Agent Implementation Example 696 In this example, the interface agent has two responsibilities: In the 697 control plane, it should work as a real interface that has joined 698 (*,G) in representative of all the I-IP interfaces who should have 699 been outgoing interfaces of (*,G) state machine, and process the 700 (S,G,rpt) messages received from all the I-IP interfaces. The 701 interface agent maintains downstream (S,G,rpt) state machines of 702 every downstream AFBR, and submits Prune(S,G,rpt) messages to the 703 PIM-SM module only when every (S,G,rpt) state machine is at Prune(P) 704 or PruneTmp(P') state, which means that no downstream AFBR wants to 705 receive multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) 706 state machine changes to NoInfo(NI) state, which means that the 707 corresponding downstream AFBR has changed it mind to receive 708 multicast data of (S,G) along the RPT again, the interface agent 709 should send a Join(S,G,rpt) to PIM-SM module immediately; In the data 710 plane, upon receiving a multicast data packet, the interface agent 711 should encapsulate it at first, then propagate the encapsulated 712 packet onto every I-IP interface. 714 NOTICE: There may exist an E-IP neighbor of RP' that has joined the 715 RPT of G, so the per-interface state machine for receiving E-IP Join/ 716 Prune(S,G,rpt) messages should still take effect. 718 6.6. SPT Switchover 720 After a new AFBR expresses its interest in receiving traffic destined 721 for a multicast group, it will receive all the data from the RPT at 722 first. At this time, every downstream AFBR will receive multicast 723 data from any source from this RPT, in spit of whether they have 724 switched over to SPT of some source(s) or not. 726 To minimize this redundancy, it's recommended that every AFBR's 727 SwitchToSptDesired(S,G) function employs the "switch on first packet" 728 policy. In this way, the delay of switchover to SPT is kept as 729 little as possible, and after the moment that every AFBR has 730 performed the SPT switchover for every S of group G, no data will be 731 forwarded in the RPT of G, thus no more redundancy will be produced. 733 6.7. Other PIM Message Types 735 Apart from Join or Prune, there exists other message types including 736 Register, Register-Stop, Hello and Assert. Register and Register- 737 Stop messages are sent by unicast, while Hello and Assert messages 738 are only used between dierctly linked routers to negotiate with each 739 other. It's not necessary to translate them for forwarding, thus the 740 process of these messages is out of scope for this document. 742 6.8. Other PIM States Maintenance 744 Apart from states mentioned above, there exists other states 745 including (*,*,RP) and I-IP (*,G') state. Since we treat I-IP core 746 as SSM-only, the maintenance of these states is out of scope for this 747 document. 749 7. Data Plane Functions of AFBR 751 7.1. Process and Forward Multicast Data 753 On receiving multicast data from upstream routers, the AFBR looks up 754 its forwarding table to check the IP address of each outgoing 755 interface. If there exists at least one outgoing interface whose IP 756 address family is different from the incoming interface, the AFBR 757 should encapsulate/decapsulate this packet and forward it to such 758 outgoing interface(s), then forward the data to other outgoing 759 interfaces without encapsulation/decapsulation. 761 When a downstream AFBR that has already switched over to SPT of S 762 receives an encapsulated multicast data packet of (S,G) along the 763 RPT, it should silently drop this packet. 765 7.2. Selecting a Tunneling Technology 767 Choosing tunneling technology depends on the policies configured at 768 AFBRs. It's recommended that all AFBRs use the same technology, 769 otherwise some AFBRs may not be able to decapsulate encapsulated 770 packets from other AFBRs that use a different tunneling technology. 772 7.3. TTL 774 Processing of TTL depends on the tunneling technology, and is out of 775 scope of this document. 777 7.4. Fragmentation 779 The encapsulation performed by upstream AFBR will increase the size 780 of packets. As a result, the outgoing I-IP link MTU may not 781 accommodate the extra size. As it's not always possible for core 782 operators to increase the MTU of every link. Fragmentation and 783 reassembling of encapsulated packets MUST be supported by AFBRs. 785 8. Security Considerations 787 The AFBR routers could maintain secure communications within Security 788 Architecture for the Internet Protocol as described in [RFC4301]. To 789 protect against unwanted forged PIM protocol messages, the PIM 790 messages can be authenticated using IPsec as described in [RFC4601]. 792 But when adopting some schemes that will cause heavy burden on 793 routers, some attacker may use it as a tool for DDoS attack. 794 Compared with [RFC4301], the security concerns should be more 795 carefully considered. The attackers can set up many multicast trees 796 in the edge networks, causing too many multicast trees to get set up 797 in the core network. 799 9. IANA Considerations 801 When AFBRs perform address mapping, they should follow some 802 predefined rules, especially the IPv6 prefix for source address 803 mapping should be predefined, such that ingress AFBRs and egress 804 AFBRs can finish the mapping procedure correctly. The IPv6 prefix 805 for translation can be unified within only the transit core, or 806 within global area. In the later condition, the prefix should be 807 assigned by IANA. 809 10. References 811 10.1. Normative References 813 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 814 Architecture", RFC 4291, February 2006. 816 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 817 Internet Protocol", RFC 4301, December 2005. 819 [RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 820 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 821 Protocol Specification (Revised)", RFC 4601, August 2006. 823 [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire 824 Problem Statement", RFC 4925, July 2007. 826 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 827 Framework", RFC 5565, June 2009. 829 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 830 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 831 October 2010. 833 [RFC6513] Rosen, E. and R. Aggarwal, "Multicast in MPLS/BGP IP 834 VPNs", RFC 6513, February 2012. 836 10.2. Informative References 838 [I-D.ietf-mboned-64-multicast-address-format] 839 Boucadair, M., Qin, J., Lee, Y., Venaas, S., Li, X., and 840 M. Xu, "IPv6 Multicast Address With Embedded IPv4 841 Multicast Address", draft-ietf-mboned-64-multicast- 842 address-format-05 (work in progress), April 2013. 844 Appendix A. Acknowledgements 846 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 847 Venaas provided useful input into this document. 849 Authors' Addresses 850 Mingwei Xu 851 Tsinghua University 852 Department of Computer Science, Tsinghua University 853 Beijing 100084 854 P.R. China 856 Phone: +86-10-6278-5822 857 Email: xmw@cernet.edu.cn 859 Yong Cui 860 Tsinghua University 861 Department of Computer Science, Tsinghua University 862 Beijing 100084 863 P.R. China 865 Phone: +86-10-6278-5822 866 Email: cuiyong@tsinghua.edu.cn 868 Jianping Wu 869 Tsinghua University 870 Department of Computer Science, Tsinghua University 871 Beijing 100084 872 P.R. China 874 Phone: +86-10-6278-5983 875 Email: jianping@cernet.edu.cn 877 Shu Yang 878 Tsinghua University 879 Department of Computer Science, Tsinghua University 880 Beijing 100084 881 P.R. China 883 Phone: +86-10-6278-5822 884 Email: yangshu@csnet1.cs.tsinghua.edu.cn 886 Chris Metz 887 Cisco Systems 888 170 West Tasman Drive 889 San Jose, CA 95134 890 USA 892 Phone: +1-408-525-3275 893 Email: chmetz@cisco.com 894 Greg Shepherd 895 Cisco Systems 896 170 West Tasman Drive 897 San Jose, CA 95134 898 USA 900 Phone: +1-541-912-9758 901 Email: shep@cisco.com