idnits 2.17.1 draft-ietf-softwire-mesh-multicast-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 424: '... defined in [RFC4291], and MUST be set to zero; "suffix" field is...' RFC 2119 keyword, line 425: '...e extensions and SHOULD be set to zero...' RFC 2119 keyword, line 458: '... [RFC5565], AFBRs MUST be able to transport and encode/decode BGP...' RFC 2119 keyword, line 559: '... MUST follow the format specified...' RFC 2119 keyword, line 569: '...urces that support mesh multicast MUST...' (4 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 380 has weird spacing: '... |group addre...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 22, 2015) is 3380 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4601 (Obsoleted by RFC 7761) ** Downref: Normative reference to an Informational RFC: RFC 4925 == Outdated reference: A later version (-06) exists of draft-ietf-mboned-64-multicast-address-format-05 Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group M. Xu 2 Internet-Draft Y. Cui 3 Expires: July 26, 2015 J. Wu 4 S. Yang 5 Tsinghua University 6 C. Metz 7 G. Shepherd 8 Cisco Systems 9 January 22, 2015 11 Softwire Mesh Multicast 12 draft-ietf-softwire-mesh-multicast-09 14 Abstract 16 The Internet needs to support IPv4 and IPv6 packets. Both address 17 families and their related protocol suites support multicast of the 18 single-source and any-source varieties. As part of the transition to 19 IPv6, there will be scenarios where a backbone network running one IP 20 address family internally (referred to as internal IP or I-IP) will 21 provide transit services to attached client networks running another 22 IP address family (referred to as external IP or E-IP). It is 23 expected that the I-IP backbone will offer unicast and multicast 24 transit services to the client E-IP networks. 26 Softwire Mesh is a solution to E-IP unicast and multicast support 27 across an I-IP backbone. This document describes the mechanisms for 28 supporting Internet-style multicast across a set of E-IP and I-IP 29 networks supporting softwire mesh. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on July 26, 2015. 48 Copyright Notice 50 Copyright (c) 2015 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 This document may contain material from IETF Documents or IETF 64 Contributions published or made publicly available before November 65 10, 2008. The person(s) controlling the copyright in some of this 66 material may not have granted the IETF Trust the right to allow 67 modifications of such material outside the IETF Standards Process. 68 Without obtaining an adequate license from the person(s) controlling 69 the copyright in such materials, this document may not be modified 70 outside the IETF Standards Process, and derivative works of it may 71 not be created outside the IETF Standards Process, except to format 72 it for publication as an RFC or to translate it into languages other 73 than English. 75 Table of Contents 77 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 78 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 79 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 6 80 3.1. IPv4-over-IPv6 . . . . . . . . . . . . . . . . . . . . . 6 81 3.2. IPv6-over-IPv4 . . . . . . . . . . . . . . . . . . . . . 7 82 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . 9 83 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 9 84 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 9 85 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . 10 86 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 11 87 5. IPv6-over-IPv4 Mechanism . . . . . . . . . . . . . . . . . . 12 88 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 12 89 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 12 90 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . 12 91 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 13 92 6. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 14 93 6.1. E-IP (*,G) State Maintenance . . . . . . . . . . . . . . 14 94 6.2. E-IP (S,G) State Maintenance . . . . . . . . . . . . . . 14 95 6.3. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 14 96 6.4. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 15 97 6.5. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 15 98 6.6. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 17 99 6.7. Other PIM Message Types . . . . . . . . . . . . . . . . . 17 100 6.8. Other PIM States Maintenance . . . . . . . . . . . . . . 17 101 7. Data Plane Functions of AFBR . . . . . . . . . . . . . . . . 17 102 7.1. Process and Forward Multicast Data . . . . . . . . . . . 17 103 7.2. Selecting a Tunneling Technology . . . . . . . . . . . . 18 104 7.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 105 7.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 18 106 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 107 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 108 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 109 10.1. Normative References . . . . . . . . . . . . . . . . . . 19 110 10.2. Informative References . . . . . . . . . . . . . . . . . 19 111 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 19 112 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 114 1. Introduction 116 The Internet needs to support IPv4 and IPv6 packets. Both address 117 families and their related protocol suites support multicast of the 118 single-source and any-source varieties. As part of the transition to 119 IPv6, there will be scenarios where a backbone network running one IP 120 address family internally (referred to as internal IP or I-IP) will 121 provide transit services to attached client networks running another 122 IP address family (referred to as external IP or E-IP). 124 The preferred solution is to leverage the multicast functions 125 inherent in the I-IP backbone, to efficiently and scalably forward 126 client E-IP multicast packets inside an I-IP core tree, which roots 127 at one or more ingress AFBR nodes and branches out to one or more 128 egress AFBR leaf nodes. 130 [RFC4925] outlines the requirements for the softwires mesh scenario 131 including the multicast. It is straightforward to envisage that 132 client E-IP multicast sources and receivers will reside in different 133 client E-IP networks connected to an I-IP backbone network. This 134 requires that the client E-IP source-rooted or shared tree should 135 traverse the I-IP backbone network. 137 One method to accomplish this is to re-use the multicast VPN approach 138 outlined in [RFC6513]. MVPN-like schemes can support the softwire 139 mesh scenario and achieve a "many-to-one" mapping between the E-IP 140 client multicast trees and the transit core multicast trees. The 141 advantage of this approach is that the number of trees in the I-IP 142 backbone network scales less than linearly with the number of E-IP 143 client trees. Corporate enterprise networks and by extension 144 multicast VPNs have been known to run applications that create too 145 many (S,G) states. Aggregation at the edge contains the (S,G) states 146 that need to be maintained by the network operator supporting the 147 customer VPNs. The disadvantage of this approach is the possible 148 inefficient bandwidth and resource utilization when multicast packets 149 are delivered to a receiver AFBR with no attached E-IP receivers. 151 Internet-style multicast is somewhat different in that the trees are 152 relatively sparse and source-rooted. The need for multicast 153 aggregation at the edge (where many customer multicast trees are 154 mapped into a few or one backbone multicast trees) does not exist and 155 to date has not been identified. Thus the need for a basic or closer 156 alignment with E-IP and I-IP multicast procedures emerges. 158 A framework on how to support such methods is described in [RFC5565]. 159 In this document, a more detailed discussion supporting the "one-to- 160 one" mapping schemes for the IPv6 over IPv4 and IPv4 over IPv6 161 scenarios will be discussed. 163 2. Terminology 165 An example of a softwire mesh network supporting multicast is 166 illustrated in Figure 1. A multicast source S is located in one E-IP 167 client network, while candidate E-IP group receivers are located in 168 the same or different E-IP client networks that all share a common 169 I-IP transit network. When E-IP sources and receivers are not local 170 to each other, they can only communicate with each other through the 171 I-IP core. There may be several E-IP sources for some multicast 172 group residing in different client E-IP networks. In the case of 173 shared trees, the E-IP sources, receivers and RPs might be located in 174 different client E-IP networks. In a simple case the resources of 175 the I-IP core are managed by a single operator although the inter- 176 provider case is not precluded. 178 ._._._._. ._._._._. 179 | | | | -------- 180 | E-IP | | E-IP |--|Source S| 181 | network | | network | -------- 182 ._._._._. ._._._._. 183 | | 184 AFBR upstream AFBR 185 | | 186 __+____________________+__ 187 / : : : : \ 188 | : : : : | E-IP Multicast 189 | : I-IP transit core : | packets should 190 | : : : : | get across the 191 | : : : : | I-IP transit core 192 \_._._._._._._._._._._._._./ 193 + + 194 downstream AFBR downstream AFBR 195 | | 196 ._._._._ ._._._._ 197 -------- | | | | -------- 198 |Receiver|-- | E-IP | | E-IP |--|Receiver| 199 -------- |network | |network | -------- 200 ._._._._ ._._._._ 202 Figure 1: Softwire Mesh Multicast Framework 204 Terminology used in this document: 206 o Address Family Border Router (AFBR) - A dual-stack router 207 interconnecting two or more networks using different IP address 208 families. In the context of softwire mesh multicast, the AFBR runs 209 E-IP and I-IP control planes to maintain E-IP and I-IP multicast 210 states respectively and performs the appropriate encapsulation/ 211 decapsulation of client E-IP multicast packets for transport across 212 the I-IP core. An AFBR will act as a source and/or receiver in an 213 I-IP multicast tree. 215 o Upstream AFBR: The AFBR router that is located on the upper reaches 216 of a multicast data flow. 218 o Downstream AFBR: The AFBR router that is located on the lower 219 reaches of a multicast data flow. 221 o I-IP (Internal IP): This refers to the form of IP (i.e., either 222 IPv4 or IPv6) that is supported by the core (or backbone) network. 223 An I-IPv6 core network runs IPv6 and an I-IPv4 core network runs 224 IPv4. 226 o E-IP (External IP): This refers to the form of IP (i.e. either IPv4 227 or IPv6) that is supported by the client network(s) attached to the 228 I-IP transit core. An E-IPv6 client network runs IPv6 and an E-IPv4 229 client network runs IPv4. 231 o I-IP core tree: A distribution tree rooted at one or more AFBR 232 source nodes and branched out to one or more AFBR leaf nodes. An 233 I-IP core tree is built using standard IP or MPLS multicast signaling 234 protocols operating exclusively inside the I-IP core network. An 235 I-IP core tree is used to forward E-IP multicast packets belonging to 236 E-IP trees across the I-IP core. Another name for an I-IP core tree 237 is multicast or multipoint softwire. 239 o E-IP client tree: A distribution tree rooted at one or more hosts 240 or routers located inside a client E-IP network and branched out to 241 one or more leaf nodes located in the same or different client E-IP 242 networks. 244 o uPrefix64: The /96 unicast IPv6 prefix for constructing 245 IPv4-embedded IPv6 source address. 247 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 248 PIM messages to the upstream AFBR. 250 3. Scenarios of Interest 252 This section describes the two different scenarios where softwires 253 mesh multicast will apply. 255 3.1. IPv4-over-IPv6 256 ._._._._. ._._._._. 257 | IPv4 | | IPv4 | -------- 258 | Client | | Client |--|Source S| 259 | network | | network | -------- 260 ._._._._. ._._._._. 261 | | 262 AFBR upstream AFBR 263 | | 264 __+____________________+__ 265 / : : : : \ 266 | : : : : | 267 | : IPv6 transit core : | 268 | : : : : | 269 | : : : : | 270 \_._._._._._._._._._._._._./ 271 + + 272 downstream AFBR downstream AFBR 273 | | 274 ._._._._ ._._._._ 275 -------- | IPv4 | | IPv4 | -------- 276 |Receiver|-- | Client | | Client |--|Receiver| 277 -------- | network| | network| -------- 278 ._._._._ ._._._._ 280 Figure 2: IPv4-over-IPv6 Scenario 282 In this scenario, the E-IP client networks run IPv4 and I-IP core 283 runs IPv6. This scenario is illustrated in Figure 2. 285 Because of the much larger IPv6 group address space, it will not be a 286 problem to map individual client E-IPv4 tree to a specific I-IPv6 287 core tree. This simplifies operations on the AFBR because it becomes 288 possible to algorithmically map an IPv4 group/source address to an 289 IPv6 group/source address and vice-versa. 291 The IPv4-over-IPv6 scenario is an emerging requirement as network 292 operators build out native IPv6 backbone networks. These networks 293 naturally support native IPv6 services and applications but it is 294 with near 100% certainty that legacy IPv4 networks handling unicast 295 and multicast should be accommodated. 297 3.2. IPv6-over-IPv4 298 ._._._._. ._._._._. 299 | IPv6 | | IPv6 | -------- 300 | Client | | Client |--|Source S| 301 | network | | network | -------- 302 ._._._._. ._._._._. 303 | | 304 AFBR upstream AFBR 305 | | 306 __+____________________+__ 307 / : : : : \ 308 | : : : : | 309 | : IPv4 transit core : | 310 | : : : : | 311 | : : : : | 312 \_._._._._._._._._._._._._./ 313 + + 314 downstream AFBR downstream AFBR 315 | | 316 ._._._._ ._._._._ 317 -------- | IPv6 | | IPv6 | -------- 318 |Receiver|-- | Client | | Client |--|Receiver| 319 -------- | network| | network| -------- 320 ._._._._ ._._._._ 322 Figure 3: IPv6-over-IPv4 Scenario 324 In this scenario, the E-IP Client Networks run IPv6 while the I-IP 325 core runs IPv4. This scenario is illustrated in Figure 3. 327 IPv6 multicast group addresses are longer than IPv4 multicast group 328 addresses. It will not be possible to perform an algorithmic IPv6 - 329 to - IPv4 address mapping without the risk of multiple IPv6 group 330 addresses mapped to the same IPv4 address resulting in unnecessary 331 bandwidth and resource consumption. Therefore additional efforts 332 will be required to ensure that client E-IPv6 multicast packets can 333 be injected into the correct I-IPv4 multicast trees at the AFBRs. 334 This clear mismatch in IPv6 and IPv4 group address lengths means that 335 it will not be possible to perform a one-to-one mapping between IPv6 336 and IPv4 group addresses unless the IPv6 group address is scoped. 338 As mentioned earlier, this scenario is common in the MVPN 339 environment. As native IPv6 deployments and multicast applications 340 emerge from the outer reaches of the greater public IPv4 Internet, it 341 is envisaged that the IPv6 over IPv4 softwire mesh multicast scenario 342 will be a necessary feature supported by network operators. 344 4. IPv4-over-IPv6 Mechanism 346 4.1. Mechanism Overview 348 Routers in the client E-IPv4 networks contain routes to all other 349 client E-IPv4 networks. Through the set of known and deployed 350 mechanisms, E-IPv4 hosts and routers have discovered or learnt of 351 (S,G) or (*,G) IPv4 addresses. Any I-IPv6 multicast state 352 instantiated in the core is referred to as (S',G') or (*,G') and is 353 certainly separated from E-IPv4 multicast state. 355 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 356 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 357 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 358 message with the latter being directed towards I-IP IPv6 address of 359 the upstream AFBR. When the I-IPv6 PIM message arrives at the 360 upstream AFBR, it should be translated back into an E-IPv4 PIM 361 message. The result of these actions is the construction of E-IPv4 362 trees and a corresponding I-IP tree in the I-IP network. 364 In this case it is incumbent upon the AFBR routers to perform PIM 365 message conversions in the control plane and IP group address 366 conversions or mappings in the data plane. It becomes possible to 367 devise an algorithmic one-to-one IPv4-to-IPv6 address mapping at 368 AFBRs. 370 4.2. Group Address Mapping 372 For IPv4-over-IPv6 scenario, a simple algorithmic mapping between 373 IPv4 multicast group addresses and IPv6 group addresses is supported. 374 [I-D.ietf-mboned-64-multicast-address-format] has already defined an 375 applicable format. Figure 4 is the reminder of the format: 377 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 378 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 379 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 380 | MPREFIX64 |group address | 381 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 383 Figure 4: IPv4-Embedded IPv6 Multicast Address Format 385 The MPREFIX64 for SSM mode is also defined in 386 [I-D.ietf-mboned-64-multicast-address-format] : 388 o ff3x:0:8000::/96 ('x' is any valid scope) 389 With this scheme, each IPv4 multicast address can be mapped into an 390 IPv6 multicast address (with the assigned prefix), and each IPv6 391 multicast address with the assigned prefix can be mapped into IPv4 392 multicast address. 394 4.3. Source Address Mapping 396 There are two kinds of multicast --- ASM and SSM. Considering that 397 I-IP network and E-IP network may support different kind of 398 multicast, the source address translation rules could be very complex 399 to support all possible scenarios. But since SSM can be implemented 400 with a strict subset of the PIM-SM protocol mechanisms [RFC4601], we 401 can treat I-IP core as SSM-only to make it as simple as possible, 402 then there remains only two scenarios to be discussed in detail: 404 o E-IP network supports SSM 406 One possible way to make sure that the translated I-IPv6 PIM 407 message reaches upstream AFBR is to set S' to a virtual IPv6 408 address that leads to the upstream AFBR. Figure 5 is the 409 recommended address format based on [RFC6052]: 411 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 412 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 413 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 414 | prefix |v4(32) | u | suffix |source address | 415 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 416 |<------------------uPrefix64------------------>| 418 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 420 In this address format, the "prefix" field contains a "Well-Known" 421 prefix or an ISP-defined prefix. An existing "Well-Known" prefix 422 is 64:ff9b, which is defined in [RFC6052]; "v4" field is the IP 423 address of one of upstream AFBR's E-IPv4 interfaces; "u" field is 424 defined in [RFC4291], and MUST be set to zero; "suffix" field is 425 reserved for future extensions and SHOULD be set to zero; "source 426 address" field stores the original S. We call the overall /96 427 prefix ("prefix" field and "v4" field and "u" field and "suffix" 428 field altogether) "uPrefix64". 430 o E-IP network supports ASM 431 The (S,G) source list entry and the (*,G) source list entry only 432 differ in that the latter have both the WC and RPT bits of the 433 Encoded-Source-Address set, while the former all cleared (See 434 Section 4.9.5.1 of [RFC4601]). So we can translate source list 435 entries in (*,G) messages into source list entries in (S'G') 436 messages by applying the format specified in Figure 5 and clearing 437 both the WC and RPT bits at downstream AFBRs, and translate them 438 back at upstream AFBRs vice-versa. 440 4.4. Routing Mechanism 442 In the mesh multicast scenario, routing information is required to be 443 distributed among AFBRs to make sure that PIM messages that a 444 downstream AFBR propagates reach the right upstream AFBR. 446 To make it feasible, the /32 prefix in "IPv4-Embedded IPv6 Virtual 447 Source Address Format" must be known to every AFBR, and every AFBR 448 should not only announce the IP address of one of its E-IPv4 449 interfaces presented in the "v4" field to other AFBRs by MPBGP, but 450 also announce the corresponding uPrefix64 to the I-IPv6 network. 451 Since every IP address of upstream AFBR's E-IPv4 interface is 452 different from each other, every uPrefix64 that AFBR announces should 453 be different either, and uniquely identifies each AFBR. "uPrefix64" 454 is an IPv6 prefix, and the distribution of it is the same as the 455 distribution in the traditional mesh unicast scenario. But since 456 "v4" field is an E-IPv4 address, and BGP messages are NOT tunneled 457 through softwires or through any other mechanism as specified in 458 [RFC5565], AFBRs MUST be able to transport and encode/decode BGP 459 messages that are carried over I-IPv6, whose NLRI and NH are of 460 E-IPv4 address family. 462 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 463 message, it can translate this message into (S',G') by looking up the 464 IP address of the corresponding AFBR's E-IPv4 interface. Since the 465 uPrefix64 of S' is unique, and is known to every router in the I-IPv6 466 network, the translated message will eventually arrive at the 467 corresponding upstream AFBR, and the upstream AFBR can translate the 468 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 469 (*,G) message, S' can be generated according to the format specified 470 in Figure 4, with "source address" field set to *(the IPv4 address of 471 RP). The translated message will eventually arrive at the 472 corresponding upstream AFBR. Since every PIM router within a PIM 473 domain must be able to map a particular multicast group address to 474 the same RP (see Section 4.7 of [RFC4601]), when this upstream AFBR 475 checks the "source address" field of the message, it'll find the IPv4 476 address of RP, so this upstream AFBR judges that this is originally a 477 (*,G) message, then it translates the message back to the (*,G) 478 message and processes it. 480 5. IPv6-over-IPv4 Mechanism 482 5.1. Mechanism Overview 484 Routers in the client E-IPv6 networks contain routes to all other 485 client E-IPv6 networks. Through the set of known and deployed 486 mechanisms, E-IPv6 hosts and routers have discovered or learnt of 487 (S,G) or (*,G) IPv6 addresses. Any I-IP multicast state instantiated 488 in the core is referred to as (S',G') or (*,G') and is certainly 489 separated from E-IP multicast state. 491 This particular scenario introduces unique challenges. Unlike the 492 IPv4-over-IPv6 scenario, it's impossible to map all of the IPv6 493 multicast address space into the IPv4 address space to address the 494 one-to-one Softwire Multicast requirement. To coordinate with the 495 "IPv4-over-IPv6" scenario and keep the solution as simple as 496 possible, one possible solution to this problem is to limit the scope 497 of the E-IPv6 source addresses for mapping, such as applying a "Well- 498 Known" prefix or an ISP-defined prefix. 500 5.2. Group Address Mapping 502 To keep one-to-one group address mapping simple, the group address 503 range of E-IP IPv6 can be reduced in a number of ways to limit the 504 scope of addresses that need to be mapped into the I-IP IPv4 space. 506 A recommended multicast address format is defined in 507 [I-D.ietf-mboned-64-multicast-address-format]. The high order bits 508 of the E-IPv6 address range will be fixed for mapping purposes. With 509 this scheme, each IPv4 multicast address can be mapped into an IPv6 510 multicast address(with the assigned prefix), and each IPv6 multicast 511 address with the assigned prefix can be mapped into IPv4 multicast 512 address. 514 5.3. Source Address Mapping 516 There are two kinds of multicast --- ASM and SSM. Considering that 517 I-IP network and E-IP network may support different kind of 518 multicast, the source address translation rules could be very complex 519 to support all possible scenarios. But since SSM can be implemented 520 with a strict subset of the PIM-SM protocol mechanisms [RFC4601], we 521 can treat I-IP core as SSM-only to make it as simple as possible, 522 then there remains only two scenarios to be discussed in detail: 524 o E-IP network supports SSM 525 To make sure that the translated I-IPv4 PIM message reaches the 526 upstream AFBR, we need to set S' to an IPv4 address that leads to 527 the upstream AFBR. But due to the non-"one-to-one" mapping of 528 E-IPv6 to I-IPv4 unicast address, the upstream AFBR is unable to 529 remap the I-IPv4 source address to the original E-IPv6 source 530 address without any constraints. 532 We apply a fixed IPv6 prefix and static mapping to solve this 533 problem. A recommended source address format is defined in 534 [RFC6052]. Figure 6 is the reminder of the format: 536 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 537 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 538 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 539 | uPrefix64 |source address | 540 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 542 Figure 6: IPv4-Embedded IPv6 Source Address Format 544 In this address format, the "uPrefix64" field starts with a "Well- 545 Known" prefix or an ISP-defined prefix. An existing "Well-Known" 546 prefix is 64:ff9b/32, which is defined in [RFC6052]; "source 547 address" field is the corresponding I-IPv4 source address. 549 o E-IP network supports ASM 551 The (S,G) source list entry and the (*,G) source list entry only 552 differ in that the latter have both the WC and RPT bits of the 553 Encoded-Source-Address set, while the former all cleared (See 554 Section 4.9.5.1 of [RFC4601]). So we can translate source list 555 entries in (*,G) messages into source list entries in (S',G') 556 messages by applying the format specified in Figure 5 and setting 557 both the WC and RPT bits at downstream AFBRs, and translate them 558 back at upstream AFBRs vice-versa. Here, the E-IPv6 address of RP 559 MUST follow the format specified in Figure 6. RP' is the upstream 560 AFBR that locates between RP and the downstream AFBR. 562 5.4. Routing Mechanism 564 In the mesh multicast scenario, routing information is required to be 565 distributed among AFBRs to make sure that PIM messages that a 566 downstream AFBR propagates reach the right upstream AFBR. 568 To make it feasible, the /96 uPrefix64 must be known to every AFBR, 569 every E-IPv6 address of sources that support mesh multicast MUST 570 follow the format specified in Figure 6, and the corresponding 571 upstream AFBR of this source should announce the I-IPv4 address in 572 "source address" field of this source's IPv6 address to the I-IPv4 573 network. Since uPrefix64 is static and unique in IPv6-over-IPv4 574 scenario, there is no need to distribute it using BGP. The 575 distribution of "source address" field of multicast source addresses 576 is a pure I-IPv4 process and no more specification is needed. 578 In this way, when a downstream AFBR receives a (S,G) message, it can 579 translate the message into (S',G') by simply taking off the prefix in 580 S. Since S' is known to every router in I-IPv4 network, the 581 translated message will eventually arrive at the corresponding 582 upstream AFBR, and the upstream AFBR can translate the message back 583 to (S,G) by appending the prefix to S'. When a downstream AFBR 584 receives a (*,G) message, it can translate it into (S',G') by simply 585 taking off the prefix in *(the E-IPv6 address of RP). Since S' is 586 known to every router in I-IPv4 network, the translated message will 587 eventually arrive at RP'. And since every PIM router within a PIM 588 domain must be able to map a particular multicast group address to 589 the same RP (see Section 4.7 of [RFC4601]), RP' knows that S' is the 590 mapped I-IPv4 address of RP, so RP' will translate the message back 591 to (*,G) by appending the prefix to S' and propagate it towards RP. 593 6. Control Plane Functions of AFBR 595 The AFBRs are responsible for the following functions: 597 6.1. E-IP (*,G) State Maintenance 599 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 600 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 601 into Join/Prune(S',G') messages following the rules specified above, 602 then send the latter. 604 6.2. E-IP (S,G) State Maintenance 606 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 607 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 608 into Join/Prune(S',G') messages following the rules specified above, 609 then send the latter. 611 6.3. I-IP (S',G') State Maintenance 613 It is possible that there runs a non-transit I-IP PIM-SSM in the I-IP 614 transit core. Since the translated source address starts with the 615 unique "Well-Known" prefix or the ISP-defined prefix that should not 616 be used otherwise, mesh multicast won't influence non-transit PIM-SM 617 multicast at all. When one AFBR receives an I-IP (S',G') message, it 618 should check S'. If S' starts with the unique prefix, it means that 619 this message is actually a translated E-IP (S,G) or (*,G) message, 620 then the AFBR should translate this message back to E-IP PIM message 621 and process it. 623 6.4. E-IP (S,G,rpt) State Maintenance 625 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 626 I-IP upstream router, the AFBR MUST do as specified in Section 6.5 627 and Section 6.6. 629 6.5. Inter-AFBR Signaling 631 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 632 of (S,G), and decide to perform a SPT switchover. According to 633 [RFC4601], it should propagate a Prune(S,G,rpt) message along with 634 the periodical Join(*,G) message upstream towards RP. Unfortunately, 635 routers in I-IP transit core are not supposed to understand (S,G,rpt) 636 messages since I-IP transit core is treated as SSM-only. As a 637 result, this downstream AFBR is unable to prune S from this RPT, then 638 it will receive two copies of the same data of (S,G). In order to 639 solve this problem, we introduce a new mechanism for downstream AFBRs 640 to inform upstream AFBRs of pruning any given S from RPT. 642 When a downstream AFBR wishes to propagate a (S,G,rpt) message 643 upstream, it should encapsulate the (S,G,rpt) message, then unicast 644 the encapsulated message to the corresponding upstream AFBR, which we 645 call "RP'". 647 When RP' receives this encapsulated message, it should decapsulate 648 this message as what it does in the unicast scenario, and get the 649 original (S,G,rpt) message. The incoming interface of this message 650 may be different from the outgoing interface which propagates 651 multicast data to the corresponding downstream AFBR, and there may be 652 other downstream AFBRs that need to receive multicast data of (S,G) 653 from this incoming interface, so RP' should not simply process this 654 message as specified in [RFC4601] on the incoming interface. 656 To solve this problem, and keep the solution as simple as possible, 657 we introduce an "interface agent" to process all the encapsulated 658 (S,G,rpt) messages the upstream AFBR receives, and prune S from the 659 RPT of group G when no downstream AFBR wants to receive multicast 660 data of (S,G) along the RPT. In this way, we do insure that 661 downstream AFBRs won't miss any multicast data that they needs, at 662 the cost of duplicated multicast data of (S,G) along the RPT received 663 by SPT-switched-over downstream AFBRs, if there exists at least one 664 downstream AFBR that hasn't yet sent Prune(S,G,rpt) messages to the 665 upstream AFBR. The following diagram shows an example of how an 666 "interface agent" may be implemented: 668 +----------------------------------------+ 669 | | 670 | +-----------+----------+ | 671 | | PIM-SM | UDP | | 672 | +-----------+----------+ | 673 | ^ | | 674 | | | | 675 | | v | 676 | +----------------------+ | 677 | | I/F Agent | | 678 | +----------------------+ | 679 | PIM ^ | multicast | 680 | messages | | data | 681 | | +-------------+---+ | 682 | +--+--|-----------+ | | 683 | | v | v | 684 | +--------- + +----------+ | 685 | | I-IP I/F | | I-IP I/F | | 686 | +----------+ +----------+ | 687 | ^ | ^ | | 688 | | | | | | 689 +--------|-----|----------|-----|--------+ 690 | v | v 692 Figure 7: Interface Agent Implementation Example 694 In this example, the interface agent has two responsibilities: In the 695 control plane, it should work as a real interface that has joined 696 (*,G) in representative of all the I-IP interfaces who should have 697 been outgoing interfaces of (*,G) state machine, and process the 698 (S,G,rpt) messages received from all the I-IP interfaces. The 699 interface agent maintains downstream (S,G,rpt) state machines of 700 every downstream AFBR, and submits Prune(S,G,rpt) messages to the 701 PIM-SM module only when every (S,G,rpt) state machine is at Prune(P) 702 or PruneTmp(P') state, which means that no downstream AFBR wants to 703 receive multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) 704 state machine changes to NoInfo(NI) state, which means that the 705 corresponding downstream AFBR has changed it mind to receive 706 multicast data of (S,G) along the RPT again, the interface agent 707 should send a Join(S,G,rpt) to PIM-SM module immediately; In the data 708 plane, upon receiving a multicast data packet, the interface agent 709 should encapsulate it at first, then propagate the encapsulated 710 packet onto every I-IP interface. 712 NOTICE: There may exist an E-IP neighbor of RP' that has joined the 713 RPT of G, so the per-interface state machine for receiving E-IP Join/ 714 Prune(S,G,rpt) messages should still take effect. 716 6.6. SPT Switchover 718 After a new AFBR expresses its interest in receiving traffic destined 719 for a multicast group, it will receive all the data from the RPT at 720 first. At this time, every downstream AFBR will receive multicast 721 data from any source from this RPT, in spit of whether they have 722 switched over to SPT of some source(s) or not. 724 To minimize this redundancy, it's recommended that every AFBR's 725 SwitchToSptDesired(S,G) function employs the "switch on first packet" 726 policy. In this way, the delay of switchover to SPT is kept as 727 little as possible, and after the moment that every AFBR has 728 performed the SPT switchover for every S of group G, no data will be 729 forwarded in the RPT of G, thus no more redundancy will be produced. 731 6.7. Other PIM Message Types 733 Apart from Join or Prune, there exists other message types including 734 Register, Register-Stop, Hello and Assert. Register and Register- 735 Stop messages are sent by unicast, while Hello and Assert messages 736 are only used between dierctly linked routers to negotiate with each 737 other. It's not necessary to translate them for forwarding, thus the 738 process of these messages is out of scope for this document. 740 6.8. Other PIM States Maintenance 742 Apart from states mentioned above, there exists other states 743 including (*,*,RP) and I-IP (*,G') state. Since we treat I-IP core 744 as SSM-only, the maintenance of these states is out of scope for this 745 document. 747 7. Data Plane Functions of AFBR 749 7.1. Process and Forward Multicast Data 751 On receiving multicast data from upstream routers, the AFBR looks up 752 its forwarding table to check the IP address of each outgoing 753 interface. If there exists at least one outgoing interface whose IP 754 address family is different from the incoming interface, the AFBR 755 should encapsulate/decapsulate this packet and forward it to such 756 outgoing interface(s), then forward the data to other outgoing 757 interfaces without encapsulation/decapsulation. 759 When a downstream AFBR that has already switched over to SPT of S 760 receives an encapsulated multicast data packet of (S,G) along the 761 RPT, it should silently drop this packet. 763 7.2. Selecting a Tunneling Technology 765 Choosing tunneling technology depends on the policies configured at 766 AFBRs. It's recommended that all AFBRs use the same technology, 767 otherwise some AFBRs may not be able to decapsulate encapsulated 768 packets from other AFBRs that use a different tunneling technology. 770 7.3. TTL 772 Processing of TTL depends on the tunneling technology, and is out of 773 scope of this document. 775 7.4. Fragmentation 777 The encapsulation performed by upstream AFBR will increase the size 778 of packets. As a result, the outgoing I-IP link MTU may not 779 accommodate the extra size. As it's not always possible for core 780 operators to increase the MTU of every link. Fragmentation and 781 reassembling of encapsulated packets MUST be supported by AFBRs. 783 8. Security Considerations 785 The AFBR routers could maintain secure communications within Security 786 Architecture for the Internet Protocol as described in [RFC4301] . To 787 protect against unwanted forged PIM protocol messages, the PIM 788 messages can be authenticated using IPsec as described in [RFC4601] . 790 But some schemes, which will cause heavy burden on routers, may be 791 used by attackers as a tool when they carry out DDoS attack. 792 Compared with [RFC4301] , the security concerns should be more 793 carefully considered. The attackers can set up many multicast trees 794 in the edge networks, causing too many multicast states in the core 795 network. 797 9. IANA Considerations 799 When AFBRs perform address mapping, they should follow some 800 predefined rules, especially the IPv6 prefix for source address 801 mapping should be predefined, such that ingress AFBRs and egress 802 AFBRs can complete the mapping procedure correctly. The IPv6 prefix 803 for translation can be unified within only the transit core, or 804 within global area. In the later condition, the prefix should be 805 assigned by IANA. 807 10. References 809 10.1. Normative References 811 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 812 Architecture", RFC 4291, February 2006. 814 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 815 Internet Protocol", RFC 4301, December 2005. 817 [RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 818 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 819 Protocol Specification (Revised)", RFC 4601, August 2006. 821 [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire 822 Problem Statement", RFC 4925, July 2007. 824 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 825 Framework", RFC 5565, June 2009. 827 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 828 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 829 October 2010. 831 [RFC6513] Rosen, E. and R. Aggarwal, "Multicast in MPLS/BGP IP 832 VPNs", RFC 6513, February 2012. 834 10.2. Informative References 836 [I-D.ietf-mboned-64-multicast-address-format] 837 Boucadair, M., Qin, J., Lee, Y., Venaas, S., Li, X., and 838 M. Xu, "IPv6 Multicast Address With Embedded IPv4 839 Multicast Address", draft-ietf-mboned-64-multicast- 840 address-format-05 (work in progress), April 2013. 842 Appendix A. Acknowledgements 844 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 845 Venaas provided useful input into this document. 847 Authors' Addresses 848 Mingwei Xu 849 Tsinghua University 850 Department of Computer Science, Tsinghua University 851 Beijing 100084 852 P.R. China 854 Phone: +86-10-6278-5822 855 Email: xmw@cernet.edu.cn 857 Yong Cui 858 Tsinghua University 859 Department of Computer Science, Tsinghua University 860 Beijing 100084 861 P.R. China 863 Phone: +86-10-6278-5822 864 Email: cuiyong@tsinghua.edu.cn 866 Jianping Wu 867 Tsinghua University 868 Department of Computer Science, Tsinghua University 869 Beijing 100084 870 P.R. China 872 Phone: +86-10-6278-5983 873 Email: jianping@cernet.edu.cn 875 Shu Yang 876 Tsinghua University 877 Department of Computer Science, Tsinghua University 878 Beijing 100084 879 P.R. China 881 Phone: +86-10-6278-5822 882 Email: yangshu@csnet1.cs.tsinghua.edu.cn 884 Chris Metz 885 Cisco Systems 886 170 West Tasman Drive 887 San Jose, CA 95134 888 USA 890 Phone: +1-408-525-3275 891 Email: chmetz@cisco.com 892 Greg Shepherd 893 Cisco Systems 894 170 West Tasman Drive 895 San Jose, CA 95134 896 USA 898 Phone: +1-541-912-9758 899 Email: shep@cisco.com