| < draft-ietf-bier-ipv6-requirements-02.txt | draft-ietf-bier-ipv6-requirements-03.txt > | |||
|---|---|---|---|---|
| Network Working Group M. McBride | Network Working Group M. McBride | |||
| Internet-Draft Futurewei | Internet-Draft Futurewei | |||
| Intended status: Standards Track J. Xie | Intended status: Standards Track J. Xie | |||
| Expires: May 4, 2020 S. Dhanaraj | Expires: May 5, 2020 S. Dhanaraj | |||
| Huawei | Huawei | |||
| R. Asati | R. Asati | |||
| Cisco | Cisco | |||
| November 1, 2019 | November 2, 2019 | |||
| BIER IPv6 Requirements | BIER IPv6 Requirements | |||
| draft-ietf-bier-ipv6-requirements-02 | draft-ietf-bier-ipv6-requirements-03 | |||
| Abstract | Abstract | |||
| The BIER WG includes, in it's charter, work on developing mechanisms | The BIER WG includes, in its charter, work on developing mechanisms | |||
| to transport BIER natively in IPv6. This document is intended to | to transport BIER natively in IPv6. This document is intended to | |||
| help the WG with this effort by specifying requirements for | help the WG with this effort by specifying requirements for | |||
| transporting packets, with Bit Index Explicit Replication (BIER) | transporting packets, with Bit Index Explicit Replication (BIER) | |||
| headers, in an IPv6 environment. There will be a need to send IPv6 | headers, in an IPv6 environment. There will be a need to send IPv6 | |||
| payloads, to multiple IPv6 destinations, using BIER. There have been | payloads, to multiple IPv6 destinations, using BIER. There have been | |||
| several proposed solutions in this area. But there hasn't been a | several proposed solutions in this area. But there hasn't been a | |||
| document which describes the problem and lists the requirements. The | document which describes the problem and lists the requirements. The | |||
| goal of this document is to describe the BIER IPv6 requirements, | goal of this document is to describe the BIER IPv6 requirements, | |||
| summarize the proposed solutions, and guide the working group in | summarize the proposed solutions, and guide the working group in | |||
| understanding the benefits, and drawbacks, of the various solutions | understanding the benefits, and drawbacks, of the various solutions | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 4, 2020. | This Internet-Draft will expire on May 5, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 33 ¶ | skipping to change at page 2, line 33 ¶ | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. BIER IPv6 Scenario's . . . . . . . . . . . . . . . . . . . . 4 | 3. BIER IPv6 Scenario's . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1. BIERv6 for Access Network . . . . . . . . . . . . . . . . 4 | 3.1. BIERv6 for Access Network . . . . . . . . . . . . . . . . 4 | |||
| 3.2. BIERv6 for Data Center . . . . . . . . . . . . . . . . . 4 | 3.2. BIERv6 for Data Center . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. BIERv6 for Core Networks . . . . . . . . . . . . . . . . 5 | 3.3. BIERv6 for Core Networks . . . . . . . . . . . . . . . . 5 | |||
| 3.4. Implications for BIER in SRv6 . . . . . . . . . . . . . . 5 | 3.4. Implications for BIER in SRv6 . . . . . . . . . . . . . . 5 | |||
| 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.1. L2 Agnostic . . . . . . . . . . . . . . . . . . . . . . . 5 | 4.1. L2 Agnostic . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.2. Hop by hop SA modification . . . . . . . . . . . . . . . 5 | 4.2. Hop by hop SA or DA modification . . . . . . . . . . . . 5 | |||
| 4.3. L4 Inspection . . . . . . . . . . . . . . . . . . . . . . 6 | 4.3. L4 Inspection . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.4. Multicast address in SA field . . . . . . . . . . . . . . 6 | 4.4. Multicast address in SA field . . . . . . . . . . . . . . 7 | |||
| 4.5. Incorrect bits . . . . . . . . . . . . . . . . . . . . . 7 | 4.5. Incorrect bits . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.6. SA filtering . . . . . . . . . . . . . . . . . . . . . . 7 | 4.6. SA filtering . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.7. BIER architecture support . . . . . . . . . . . . . . . . 7 | 4.7. BIER architecture support . . . . . . . . . . . . . . . . 7 | |||
| 4.8. Simple Encapsulation . . . . . . . . . . . . . . . . . . 7 | 4.8. Simple Encapsulation . . . . . . . . . . . . . . . . . . 8 | |||
| 4.9. Hardware fast path . . . . . . . . . . . . . . . . . . . 7 | 4.9. Hardware fast path . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.10. Conform to existing IPv6 Spec . . . . . . . . . . . . . . 8 | 4.10. Conform to existing IPv6 Spec . . . . . . . . . . . . . . 8 | |||
| 4.11. Support Fragmentation . . . . . . . . . . . . . . . . . . 8 | 4.11. Support Fragmentation . . . . . . . . . . . . . . . . . . 8 | |||
| 4.12. Support IPv6 Security . . . . . . . . . . . . . . . . . . 8 | 4.12. Support IPv6 Security . . . . . . . . . . . . . . . . . . 8 | |||
| 5. Solutions Evaluation . . . . . . . . . . . . . . . . . . . . 8 | 5. Solutions Evaluation . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.1. BIER-ETH encapsulation in IPv6 networks . . . . . . . . . 8 | 5.1. BIER-ETH encapsulation in IPv6 networks . . . . . . . . . 9 | |||
| 5.2. Encode Bitstring in IPv6 destination address . . . . . . 10 | 5.2. Encode Bitstring in IPv6 destination address . . . . . . 10 | |||
| 5.3. Add BIER header into IPv6 Extension Header . . . . . . . 10 | 5.3. Add BIER header into IPv6 Extension Header . . . . . . . 10 | |||
| 5.4. Transport BIER as IPv6 payload . . . . . . . . . . . . . 11 | 5.4. Transport BIER as IPv6 payload . . . . . . . . . . . . . 11 | |||
| 5.5. Tunneling BIER in a IPv6 tunnel . . . . . . . . . . . . . 12 | 5.5. Tunneling BIER in a IPv6 tunnel . . . . . . . . . . . . . 12 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 13 | 8. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9. Normative References . . . . . . . . . . . . . . . . . . . . 13 | 9. Normative References . . . . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 1. Introduction | 1. Introduction | |||
| Bit Index Explicit Replication (BIER) [RFC8279] is an architecture | Bit Index Explicit Replication (BIER) [RFC8279] is an architecture | |||
| that provides optimal multicast forwarding, without requiring | that provides optimal multicast forwarding, without requiring | |||
| intermediate routers to maintain per-flow state, through the use of a | intermediate routers to maintain per-flow state, through the use of a | |||
| multicast-specific BIER header. [RFC8296] defines two types of BIER | multicast-specific BIER header. [RFC8296] defines two types of BIER | |||
| skipping to change at page 5, line 38 ¶ | skipping to change at page 5, line 38 ¶ | |||
| There have been several suggested requirements, on the BIER email | There have been several suggested requirements, on the BIER email | |||
| list and in meetings, which have been used to form BIER IPv6 | list and in meetings, which have been used to form BIER IPv6 | |||
| requirements used to help the wg evaluate against the proposed | requirements used to help the wg evaluate against the proposed | |||
| solutions: | solutions: | |||
| 4.1. L2 Agnostic | 4.1. L2 Agnostic | |||
| The solution should be agnostic to the underlying L2 data link type. | The solution should be agnostic to the underlying L2 data link type. | |||
| 4.2. Hop by hop SA modification | 4.2. Hop by hop SA or DA modification | |||
| The solution should not require hop-by-hop modification of the IP | The solution should not require hop-by-hop modification of the IP | |||
| source address field. | source address field. | |||
| Solutions that do not require Hop-by-hop SA modification are | Solutions that do not require Hop-by-hop SA modification are | |||
| preferred. Solutions which maintain the SA will help fast-path | preferred. Solutions which maintain the SA will help fast-path | |||
| forwarding (req 4.9 in this doc), are beneficial for receiving | forwarding (req 4.9 in this doc), are beneficial for receiving | |||
| notices from the BFIR for functions like BIER PING, TRACE and MTU | notices from the BFIR for functions like BIER PING, TRACE and MTU | |||
| notification, are beneficial for identifying an MVPN instance to help | notification, are beneficial for identifying an MVPN instance to help | |||
| remove more encapsulation such as Service Label (such as MPLS VPN | remove more encapsulation such as Service Label (such as MPLS VPN | |||
| Label or VNI in the SRv6 network), and are beneficial for SA | Label or VNI in the SRv6 network), are beneficial for SA filtering | |||
| filtering (req 4.6 in this doc). | (req 4.6 in this doc), and are beneficial for data origin | |||
| authentication if IPSEC is desired (req 4.12 in this doc). | ||||
| The solution should use a IPv6 unicast address in the DA to satisfy | ||||
| the BIER architecture without introducing additional tunnel | ||||
| encapsulation, and thus may require DA modification by each BFR hop. | ||||
| It is commonly thought that BIERv6 could use a multicast address, as | It is commonly thought that BIERv6 could use a multicast address, as | |||
| BIER is one-hop replication on each BFR in normal cases. However, as | BIER is one-hop replication on each BFR in normal cases. However, as | |||
| described in section 6.9 of [RFC8279], it is useful to support non- | described in section 6.9 of [RFC8279], it is useful to support non- | |||
| BIER routers within a BIER domain. From the wg discussion about this | BIER routers within a BIER domain. From the wg discussion about this | |||
| document, focus is on the advantages of using unicast addresses that | document, focus is on the advantages of using unicast addresses that | |||
| otherwise could not be possible by using a multicast address or | otherwise could not be possible by using a multicast address or | |||
| anycast address for two cases: replication from a BFR to other BFR(s) | anycast address for two cases: replication from a BFR to other BFR(s) | |||
| connected by Layer-3 Non-BFR router(s) without using tunneling | connected by Layer-3 Non-BFR router(s) without using tunneling | |||
| techniques, and replication from a BFR to other BFR(s) connected by | techniques, and replication from a BFR to other BFR(s) connected by | |||
| Layer-2 switch(es) without broadcasting or snooping on Layer-2 | Layer-2 switch(es) without broadcasting or snooping on Layer-2 | |||
| switch(es) in between. Based on the natural reachability of an IPv6 | switch(es) in between. Based on the natural reachability of an IPv6 | |||
| unicast address, it can support the multi-hop replication cases as | unicast address, it can support the multi-hop replication cases as | |||
| well as the one-hop replication case. | well as the one-hop replication case using one encapsulation. | |||
| This requirement may be deprecated if unicast address is prefered as | ||||
| a solution for both multi-hop replication and one-hop replication | ||||
| without using two different encapsulations. | ||||
| 4.3. L4 Inspection | 4.3. L4 Inspection | |||
| The solution should not require the BFRs to inspect layer 4 or | The solution should not require the BFRs to inspect layer 4 or | |||
| require any changes to layer 4. | require any changes to layer 4. | |||
| In fragmentation events, BIER is payload and will be fragmented. For | The proposals requiring BIER header encapsulated as part of the | |||
| instance (BIER-header + payload-1-to-1xxx bytes) in one packet, and | payload may conflict with the layers of IP protocol stack. On the | |||
| (payload-1xxx-to-2xxx) in another packet. Thus, when BFR B receives | one hand, fast-path BIER forwarding has to be based on the L4 | |||
| a packet from BFR A, BFR B has to assemble the fragmented packets | inspection of the BIER header within the payload, and on the other | |||
| before sending to BFR C and BFR D. | hand, the BIER forwarding needs to change the BitString in the BIER | |||
| header of the payload, which in turn conflicts with other L3 | ||||
| functions. Following are some examples. | ||||
| In IPSEC, the BIER header is part of the payload for confidentiality | One example is in IP fragmentation case, where a packet may need to | |||
| or integrity. The need to change the BitString in the BIER Header, | be fragmented by a BFIR, according to the BIER-MTU defined in | |||
| when forwarding BIER packets, makes it incompatible with IPSEC. | RFC8296, into one packet with BIER header and 1500 bytes of payload, | |||
| and another packet with the remaining 500 bytes of payload. When BFR | ||||
| B receives the second fragmentation packet from BFR A, BFR B can't | ||||
| forward this packet because BFR B doesn't have the BIER header in the | ||||
| second fragmentation packet. Section 4.11 describes the | ||||
| fragmentation requirements. | ||||
| In SRH, BIER is the payload, and will be reached only after the SRH | The second example is in IPSEC case, where the BIER header is part of | |||
| is processed. Thus, when BFR B receive a packet with SRH from BFR A, | the payload for confidentiality or integrity. The need to change the | |||
| BFR B has to process the SRH first, and then the Upper-layer BIER | BitString in the BIER Header, when forwarding BIER packets, makes it | |||
| header last. SRH needs to be integrated for two reasons, first is | incompatible with IPSEC. Section 4.12 describes the IPSEC | |||
| that the solution is targetted to work well in SRv6 networks as a use | requirements. | |||
| case in section 3.4 of this doc, second reason is that a few of the | ||||
| proposed solutions agree to consider SRH integration. | The third example is in the case of working in SRv6 networks, as | |||
| described in section 3.4 of this document, BIERv6 may be used with | ||||
| SRH. As BIER header is part of the payload, it will be reached only | ||||
| after the SRH is processed. That is to say, when BFR B receives a | ||||
| packet with SRH from BFR A, BFR B has to process the SRH first, and | ||||
| then the Upper-layer BIER header last. The SRH can work well based | ||||
| on the indication of the preceding IPv6 DA lookup in FIB, but for | ||||
| BIER forwarding, the BIER header part of the payload has to be deeply | ||||
| inspected on each BFR. | ||||
| 4.4. Multicast address in SA field | 4.4. Multicast address in SA field | |||
| The solution should not allow a multicast address to be put in the IP | The solution should not allow a multicast address to be put in the IP | |||
| source address field. According to [RFC1112] "A host group address | source address field. According to [RFC1112] "A host group address | |||
| must never be placed in the source address field or anywhere in a | must never be placed in the source address field or anywhere in a | |||
| source route or record route option of an outgoing IP datagram." | source route or record route option of an outgoing IP datagram." | |||
| 4.5. Incorrect bits | 4.5. Incorrect bits | |||
| skipping to change at page 7, line 32 ¶ | skipping to change at page 7, line 46 ¶ | |||
| vector that can create 64 responses to a single probe. | vector that can create 64 responses to a single probe. | |||
| 4.7. BIER architecture support | 4.7. BIER architecture support | |||
| It should be possible to use the solution to support the entire BIER | It should be possible to use the solution to support the entire BIER | |||
| architecture. The ability to bypass Non-BIER routers and L2 switches | architecture. The ability to bypass Non-BIER routers and L2 switches | |||
| is part of the BIER architecture and having this ability is a | is part of the BIER architecture and having this ability is a | |||
| mandatory requirement. | mandatory requirement. | |||
| Multiple sub-domains bound to one or many topologies or algorithms, | Multiple sub-domains bound to one or many topologies or algorithms, | |||
| multiple sets for more BFERs, BS multiple BIFTs for ECMP should be | multiple sets for more BFERs, multiple Bit String Length for | |||
| supported. | different forwarding capability, and multiple BIFTs for ECMP should | |||
| be supported. | ||||
| 4.8. Simple Encapsulation | 4.8. Simple Encapsulation | |||
| The solution should avoid requiring different encapsulation types, or | The solution should avoid requiring different encapsulation types, or | |||
| complex tunneling techniques, to support BIER as an E2E multicast | complex tunneling techniques, to support BIER as an E2E multicast | |||
| transport. | transport. | |||
| A single encapsulation should support Layer-2 switches within BFRs, | A single encapsulation should support Layer-2 switches within BFRs, | |||
| or non-BFR within a BIER domain, or inter-domain deployment of BIER. | or non-BFR within a BIER domain, or inter-domain deployment of BIER. | |||
| End of changes. 17 change blocks. | ||||
| 37 lines changed or deleted | 54 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||