< draft-ietf-mpls-ldp-ipv6-05.txt   draft-ietf-mpls-ldp-ipv6-06.txt >
MPLS Working Group Rajiv Asati MPLS Working Group Rajiv Asati
Internet Draft Cisco Internet Draft Cisco
Updates: 5036 (if approved) Updates: 5036 (if approved)
Intended status: Standards Track Vishwas Manral Intended status: Standards Track Vishwas Manral
Expires: February 23, 2012 Hewlett-Packard, Inc. Expires: July 23, 2012 Hewlett-Packard, Inc.
Rajiv Papneja Rajiv Papneja
Isocore Huawei
Carlos Pignataro Carlos Pignataro
Cisco Cisco
August 23, 2011 January 23, 2012
Updates to LDP for IPv6 Updates to LDP for IPv6
draft-ietf-mpls-ldp-ipv6-05 draft-ietf-mpls-ldp-ipv6-06
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 23, 2012. This Internet-Draft will expire on July 23, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
skipping to change at page 2, line 19 skipping to change at page 2, line 19
The Label Distribution Protocol (LDP) specification defines The Label Distribution Protocol (LDP) specification defines
procedures to exchange label bindings over either IPv4, IPv6 or both procedures to exchange label bindings over either IPv4, IPv6 or both
networks. This document corrects and clarifies the LDP behavior when networks. This document corrects and clarifies the LDP behavior when
IPv6 network is used (with or without IPv4). This document updates IPv6 network is used (with or without IPv4). This document updates
RFC 5036. RFC 5036.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Scope.....................................................3 1.1. Scope.....................................................4
1.1.1. Topology Scenarios...................................3 1.1.1. Topology Scenarios...................................4
1.1.2. LDP TTL Security.....................................4 1.1.2. LDP TTL Security.....................................5
2. Specification Language.........................................5 2. Specification Language.........................................5
3. LSP Mapping....................................................5 3. LSP Mapping....................................................6
4. LDP Identifiers................................................6 4. LDP Identifiers................................................6
5. Peer Discovery.................................................7 5. Peer Discovery.................................................7
5.1. Basic Discovery Mechanism.................................7 5.1. Basic Discovery Mechanism.................................7
5.2. Extended Discovery Mechanism..............................8 5.2. Extended Discovery Mechanism..............................8
6. LDP Session Establishment and Maintenance......................8 6. LDP Session Establishment and Maintenance......................8
6.1. Transport connection establishment........................8 6.1. Transport connection establishment........................9
6.2. Maintaining Hello Adjacencies............................10 6.2. Maintaining Hello Adjacencies............................10
6.3. Maintaining LDP Sessions.................................10 6.3. Maintaining LDP Sessions.................................11
7. Label Distribution............................................10 7. Label Distribution............................................11
8. LDP TTL Security..............................................11 8. LDP Identifiers and Next Hop Addresses........................12
9. IANA Considerations...........................................12 9. LDP TTL Security..............................................13
10. Security Considerations......................................12 10. IANA Considerations..........................................14
11. Acknowledgments..............................................12 11. Security Considerations......................................14
12. References...................................................14 12. Acknowledgments..............................................14
12.1. Normative References....................................14 13. Additional Contributors......................................15
12.2. Informative References..................................14 14. References...................................................16
Author's Addresses...............................................15 14.1. Normative References....................................16
14.2. Informative References..................................16
Author's Addresses...............................................17
1. Introduction 1. Introduction
The LDP [RFC5036] specification defines procedures and messages for The LDP [RFC5036] specification defines procedures and messages for
exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g. exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g.
dual-stack) networks. dual-stack) networks.
However, RFC5036 specification has the following deficiencies in However, RFC5036 specification has the following deficiencies in
regards to IPv6 usage: regards to IPv6 usage:
1) LSP Mapping: No rule defined for mapping a particular packet to a 1) LSP Mapping: No rule defined for mapping a particular packet to a
particular LSP that has an Address Prefix FEC element containing particular LSP that has an Address Prefix FEC element containing
IPv6 address of the egress router IPv6 address of the egress router
2) LDP Identifier: No details specific to IPv6 usage 2) LDP Identifier: No details specific to IPv6 usage
3) LDP Discovery: No details for using a particular IPv6 multicast 3) LDP Discovery: No details for using a particular IPv6 destination
address (with or without IPv4 co-existence) (multicast) address or the source address (with or without IPv4
co-existence)
4) LDP Session establishment: No rule for handling both IPv4 and 4) LDP Session establishment: No rule for handling both IPv4 and
IPv6 transport address optional objects in a Hello message, and IPv6 transport address optional objects in a Hello message, and
subsequently two IPv4 and IPv6 transport connections subsequently two IPv4 and IPv6 transport connections
5) LDP TTL Security: No rule for built-in Generalized TTL Security 5) LDP Label Distribution: No rule for advertising IPv4 or/and IPv6
Mechanism (GTSM) in LDP FEC-label bindings over an LDP session, and denying the co-
existence of IPv4 and IPv6 FEC Elements in the same FEC TLV
6) LDP Label Distribution: No rule for advertising IPv4 or/and IPv6 6) Next Hop Address & LDP Identifier: No rule for accommodating the
FEC-label bindings over an LDP session usage of duplicate link-local IPv6 addresses
7) LDP TTL Security: No rule for built-in Generalized TTL Security
Mechanism (GTSM) in LDP
This document addresses the above deficiencies by specifying the This document addresses the above deficiencies by specifying the
desired behavior/rules/details for using LDP in IPv6 enabled desired behavior/rules/details for using LDP in IPv6 enabled
networks. It also clarifies the scope (section 1.1). networks. It also clarifies the scope (section 1.1).
Note that this document updates RFC5036. Note that this document updates RFC5036.
1.1. Scope 1.1. Scope
1.1.1. Topology Scenarios 1.1.1. Topology Scenarios
skipping to change at page 5, line 19 skipping to change at page 5, line 26
2. Specification Language 2. Specification Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Abbreviations: Abbreviations:
LDP - Label Distribution Protocol LDP - Label Distribution Protocol
LDPv4 - LDP for enabling IPv4 MPLS forwarding LDPv4 - LDP for enabling IPv4 MPLS forwarding
LDPv6 - LDP for enabling IPv6 MPLS forwarding LDPv6 - LDP for enabling IPv6 MPLS forwarding
LDPoIPv4 - LDP over IPv4 transport session LDPoIPv4 - LDP over IPv4 transport session
LDPoIPv6 - LDP over IPv6 transport session LDPoIPv6 - LDP over IPv6 transport session
FEC - Forwarding Equivalence Class FEC - Forwarding Equivalence Class
TLV - Type Length Value TLV - Type Length Value
LSR - Label Switch Router LSR - Label Switch Router
LSP - Label Switched Path LSP - Label Switched Path
LSPv4 - IPv4-signaled Label Switched Path [RFC4798]
LSPv6 - IPv6-signaled Label Switched Path [RFC4798]
3. LSP Mapping 3. LSP Mapping
Section 2.1 of [RFC5036] specifies the procedure for mapping a Section 2.1 of [RFC5036] specifies the procedure for mapping a
particular packet to a particular LSP using three rules. Quoting the particular packet to a particular LSP using three rules. Quoting the
3rd rule from RFC5036: 3rd rule from RFC5036:
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is a /32 address of that router, then the packet is mapped to that is a /32 address of that router, then the packet is mapped to
that LSP." that LSP."
skipping to change at page 6, line 15 skipping to change at page 6, line 29
This document proposes to modify this rule by also including a /128 This document proposes to modify this rule by also including a /128
address (for IPv6). In fact, it should be reasonable to just say address (for IPv6). In fact, it should be reasonable to just say
IPv4 or IPv6 address instead of /32 or /128 addresses as shown below IPv4 or IPv6 address instead of /32 or /128 addresses as shown below
in the updated rule: in the updated rule:
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is an IPv4 or IPv6 address of that router, then the packet is that is an IPv4 or IPv6 address of that router, then the packet is
mapped to that LSP." mapped to that LSP."
While the above rule mentions 'Address Prefix FEC', it is also
applicable to 'Typed WildCard prefix FEC' [RFC5918].
Additionally, it is desirable that a packet is forwarded to an LSP Additionally, it is desirable that a packet is forwarded to an LSP
of an egress router, only if LSP's address-family matches with that of an egress router, only if LSP's address-family (e.g. LSPv4 or
of the LDP hello adjacency on the next-hop interface. LSPv6) matches with that of the LDP hello adjacency on the next-hop
interface.
4. LDP Identifiers 4. LDP Identifiers
Section 2.2.2 of [RFC5036] specifies formulating at least one LDP Section 2.2.2 of [RFC5036] specifies formulating at least one LDP
Identifier, however, it doesn't provide any consideration in case of Identifier, however, it doesn't provide any consideration in case of
IPv6 (with or without dual-stacking). Additionally, section 2.5.2 of IPv6 (with or without dual-stacking). Additionally, section 2.5.2 of
[RFC5036] implicitly prohibits using the same label space for both [RFC5036] implicitly prohibits using the same label space for both
IPv4 and IPv6 FEC-label bindings. IPv4 and IPv6 FEC-label bindings.
The first four octets of the LDP identifier, the 32-bit LSR Id, The first four octets of the LDP identifier, the 32-bit LSR Id,
identify the LSR and is a globally unique value. This is regardless identify the LSR and is a globally unique value. This is regardless
of the address family used for the LDP session. In other words, this of the address family used for the LDP session. Hence, this document
document preserves the usage of 32-bit LSR Id on an IPv6 only LSR. preserves the usage of 32-bit LSR Id on an IPv6 only LSR.
Please note that 32-bit LSR Id value would not map to any IPv4- Please note that 32-bit LSR Id value would not map to any IPv4-
address in an IPv6 only LSR (i.e., single stack), nor would there address in an IPv6 only LSR (i.e., single stack), nor would there
be an expectation of it being DNS-resolvable. In IPv4 deployments, be an expectation of it being DNS-resolvable. In IPv4 deployments,
the LSR Id is typically derived from an IPv4 address, generally the LSR Id is typically derived from an IPv4 address, generally
assigned to a loopback interface. In IPv6 only deployments, this assigned to a loopback interface. In IPv6 only deployments, this
32-bit LSR Id must be derived by some other means that guarantees 32-bit LSR Id must be derived by some other means that guarantees
global uniqueness. global uniqueness.
The first sentence of last paragraph of Section 2.5.2 of [RFC5036] This document qualifies the first sentence of last paragraph of
is qualified per address family and therefore updated to the Section 2.5.2 of [RFC5036] to be per address family and therefore
following: "For a given address family over which a Hello is sent, updates that sentence to the following: "For a given address family
and a given label space, an LSR MUST advertise the same transport over which a Hello is sent, and a given label space, an LSR MUST
address." This rightly enables the per-platform label space to be advertise the same transport address." This rightly enables the per-
shared between IPv4 and IPv6. platform label space to be shared between IPv4 and IPv6.
In summary, this document not only allows the usage of a common LDP In summary, this document not only allows the usage of a common LDP
identifier i.e. same LSR-Id, but also the common Label space id for identifier i.e. same LSR-Id, but also the common Label space id for
both IPv4 and IPv6 on a dual-stack LSR. both IPv4 and IPv6 on a dual-stack LSR.
This document reserves 0.0.0.0 as the LSR-Id, and prohibits its This document reserves 0.0.0.0 as the LSR-Id, and prohibits its
usage. usage.
5. Peer Discovery 5. Peer Discovery
skipping to change at page 7, line 35 skipping to change at page 8, line 6
FF02:0:0:0:0:0:0:2 = Link-local scope FF02:0:0:0:0:0:0:2 = Link-local scope
FF05:0:0:0:0:0:0:2 = Site-local scope FF05:0:0:0:0:0:0:2 = Site-local scope
[RFC5036] does not specify which particular IPv6 'all routers on [RFC5036] does not specify which particular IPv6 'all routers on
this subnet' group multicast IP address should be used by LDP Link this subnet' group multicast IP address should be used by LDP Link
Hellos. Hellos.
This document specifies the usage of link-local scope e.g. This document specifies the usage of link-local scope e.g.
FF02:0:0:0:0:0:0:2 as the destination multicast IP address for IPv6 FF02:0:0:0:0:0:0:2 as the destination multicast IP address in IPv6
LDP Link Hellos. An LDP Hello packet received on any of the other LDP Link Hellos. An LDP Hello packet received on any of the other
addresses must be dropped. destination addresses must be dropped. Additionally, the link-local
IPv6 address MUST be used as the source IP address in IPv6 LDP Link
Hellos.
Also, the LDP Link Hello packets must have their IPv6 Hop Limit set Also, the LDP Link Hello packets must have their IPv6 Hop Limit set
to 255, and be checked for the same upon receipt before any further to 255, and be checked for the same upon receipt before any further
processing, as specified in Generalized TTL Security Mechanism processing, as specified in Generalized TTL Security Mechanism
(GTSM)[RFC5082]. The built-in inclusion of GTSM automatically (GTSM)[RFC5082]. The built-in inclusion of GTSM automatically
protects IPv6 LDP from off-link attacks. protects IPv6 LDP from off-link attacks.
More importantly, if an interface is a dual-stack LDP interface More importantly, if an interface is a dual-stack LDP interface
(e.g. enabled with both IPv4 and IPv6 LDP), then the LSR must (e.g. enabled with both IPv4 and IPv6 LDP), then the LSR must
periodically send both IPv4 and IPv6 LDP Link Hellos (using the same periodically send both IPv4 and IPv6 LDP Link Hellos (using the same
LDP Identifier per section 4) and must separately maintain the Hello LDP Identifier per section 4) and must separately maintain the Hello
adjacency for IPv4 and IPv6 on that interface. adjacency for IPv4 and IPv6 on that interface.
Needless to say, the IPv4 and IPv6 LDP Link Hellos must carry the In summary, the IPv4 and IPv6 LDP Link Hellos must carry the same
same LDP identifier (assuming per-platform label space usage). LDP identifier (assuming per-platform label space usage).
5.2. Extended Discovery Mechanism 5.2. Extended Discovery Mechanism
Suffice to say, the extended discovery mechanism (defined in section Suffice to say, the extended discovery mechanism (defined in section
2.4.2 of [RFC5036]) doesn't require any additional IPv6 specific 2.4.2 of [RFC5036]) doesn't require any additional IPv6 specific
consideration, since the targeted LDP Hellos are sent to a pre- consideration, since the targeted LDP Hellos are sent to a pre-
configured destination IPv6 address. configured (unicast) destination IPv6 address.
The link-local IP addresses MUST NOT be used as the source or
destination IPv6 addresses in extended discovery.
6. LDP Session Establishment and Maintenance 6. LDP Session Establishment and Maintenance
Section 2.5.1 of [RFC5036] defines a two-step process for LDP Section 2.5.1 of [RFC5036] defines a two-step process for LDP
session establishment, once the peer discovery has completed (LDP session establishment, once the peer discovery has completed (LDP
Hellos have been exchanged): Hellos have been exchanged):
1. Transport connection establishment 1. Transport connection establishment
2. Session initialization 2. Session initialization
skipping to change at page 9, line 5 skipping to change at page 9, line 23
the transport (IP) address, however, it does not specify the the transport (IP) address, however, it does not specify the
behavior of LDP if both IPv4 and IPv6 transport address objects behavior of LDP if both IPv4 and IPv6 transport address objects
(TLV) are sent in a Hello message or separate Hello messages. More (TLV) are sent in a Hello message or separate Hello messages. More
importantly, it does not specify whether both IPv4 and IPv6 importantly, it does not specify whether both IPv4 and IPv6
transport connections should be allowed, if there were Hello transport connections should be allowed, if there were Hello
adjacencies for both IPv4 and IPv6 whether over a single interface adjacencies for both IPv4 and IPv6 whether over a single interface
or multiple interfaces. or multiple interfaces.
This document specifies that: This document specifies that:
- An LSR should not send a Hello containing both IPv4 and IPv6 1. An LSR MUST NOT send a Hello containing both IPv4 and IPv6
transport address optional objects. In other words, there transport address optional objects. In other words, there MUST
should be at most one optional Transport Address object in a be at most one optional Transport Address object in a Hello
Hello message. An LSR should include only the transport address message. An LSR MUST include only the transport address whose
whose address family is the same as that of the IP packet address family is the same as that of the IP packet carrying
carrying Hello. Hello.
- An LSR should accept the Hello message that contains both IPv4 2. An LSR SHOULD accept the Hello message that contains both IPv4
and IPv6 transport address optional objects, but use only the and IPv6 transport address optional objects, but MUST use only
transport address whose address family is the same as that of the transport address whose address family is the same as that
the IP packet carrying Hello. of the IP packet carrying Hello.
- An LSR must send separate Hellos (each containing either IPv4 3. An LSR MUST send separate Hellos (each containing either IPv4
or IPv6 transport address optional object) for each IP address- or IPv6 transport address optional object) for each IP address-
family, if LDP was enabled for both IP address-families. family, if LDP was enabled for both IP address-families.
- An LSR should not create (or honor the request for creating) a 4. An LSR MUST use a global unicast IPv6 address in IPv6 transport
address optional object of outgoing targeted hellos, and check
for the same in incoming targeted hellos.
5. An LSR MUST prefer using global unicast IPv6 address for an LDP
session with a remote LSR, if it had to choose between global
unicast IPv6 address and link-local IPv6 address (pertaining to
the same LDP Identifier) for the transport connection.
6. An LSR SHOULD NOT create (or honor the request for creating) a
TCP connection for a new LDP session with a remote LSR, if they TCP connection for a new LDP session with a remote LSR, if they
already have an LDP session (for the same LDP Identifier) already have an LDP session (for the same LDP Identifier)
established over whatever IP version transport. This means that established over whatever IP version transport.
only one transport connection should be established, even if
there are two Hello adjacencies (one for IPv4 and another for
IPv6). This is independent of whether the Hello Adjacencies are
created over a single interface (scenarios 1 in section 1.1) or
multiple interfaces (scenario 2 in section 1.1) between two
LSRs.
- An LSR should prefer the LDP/TCP connection over IPv6 for a new This means that only one transport connection is established,
even if there are two Hello adjacencies (one for IPv4 and
another for IPv6). This is independent of whether the Hello
Adjacencies are created over a single interface (scenarios 1 in
section 1.1) or multiple interfaces (scenario 2 in section 1.1)
between two LSRs.
7. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new
LDP session with a remote LSR, if it has both IPv4 and IPv6 LDP session with a remote LSR, if it has both IPv4 and IPv6
hello adjacencies for the same LDP Identifier (over a dual- hello adjacencies for the same LDP Identifier (over a dual-
stack interface, or two or more single-stack IPv4 and IPv6 stack interface, or two or more single-stack IPv4 and IPv6
interfaces). This applies to the section 2.5.2 of RFC5036. interfaces). This applies to the section 2.5.2 of RFC5036.
- An LSR should prefer the LDP/TCP connection over IPv6 for a new 8. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new
LDP session with a remote LSR, if they attempted two TCP LDP session with a remote LSR, if they attempted two TCP
connections using IPv4 and IPv6 transport addresses connections using IPv4 and IPv6 transport addresses
simultaneously. simultaneously.
This document allows for the implementation to provide a An implementation may provide an option to favor one AFI (IPv4, say)
configuration option to override the above stated preference from over another AFI (IPv6, say) for the TCP transport connection, so as
IPv6 to IPv4 on a per-peer basis. Suffice to say that such option to use the preferred IP version for the LDP session, and derive
must be set on both LSRs. deterministic active/passive roles.
6.2. Maintaining Hello Adjacencies 6.2. Maintaining Hello Adjacencies
As outlined in section 2.5.5 of RFC5036, this draft suggests that if As outlined in section 2.5.5 of RFC5036, this draft describes that
an LSR has a dual-stack interface, which is enabled with both IPv4 if an LSR has a dual-stack interface, which is enabled with both
and IPv6 LDP, then the LSR must periodically send both IPv4 and IPv6 IPv4 and IPv6 LDP, then the LSR must periodically send both IPv4 and
LDP Link Hellos and must separately maintain the Hello adjacency for IPv6 LDP Link Hellos and must separately maintain the Hello
IPv4 and IPv6 on that interface. adjacency for IPv4 and IPv6 on that interface.
This ensures successful labeled IPv4 and labeled IPv6 traffic This ensures successful labeled IPv4 and labeled IPv6 traffic
forwarding on a dual-stacked interface, as well as successful LDP forwarding on a dual-stacked interface, as well as successful LDP
peering using the appropriate transport on a multi-access peering using the appropriate transport on a multi-access
interface (even if there are IPv4-only, IPv6-only and dual-stack interface (even if there are IPv4-only, IPv6-only and dual-stack
LSRs connected to that multi-access interface). LSRs connected to that multi-access interface).
6.3. Maintaining LDP Sessions 6.3. Maintaining LDP Sessions
Two LSRs maintain a single LDP session between them, as described in Two LSRs maintain a single LDP session between them, as described in
section 6.1, whether they are connected via a dual-stack LDP enabled section 6.1, whether they are connected via a dual-stack LDP enabled
interface or via two single-stack LDP enabled interfaces. This is interface or via two single-stack LDP enabled interfaces. This is
also true when a single-stack interface is converted to a dual-stack also true when a single-stack interface is converted to a dual-stack
interface, or when another interface is added between two LSRs. interface (e.g. figure 1), or when another interface is added
between two LSRs (e.g. figure 2).
Needless to say that the procedures defined in section 6.1 would
always result in preferring LDPoIPv6 session after the loss of an
existing LDP session (because of link failure, node failure, reboot
etc.).
On the other hand, if a dual-stack interface is converted to a On the other hand, if a dual-stack interface is converted to a
single-stack interface (by disabling IPv4 or IPv6 routing), then the single-stack interface (by disabling IPv4 or IPv6 routing), then the
LDP session should be torn down ONLY if the disabled IP version was LDP session should be torn down ONLY if the disabled IP version was
the same as that of the transport connection. Otherwise, the LDP the same as that of the transport connection. Otherwise, the LDP
session should stay intact. session should stay intact.
If the LDP session is torn down for whatever reason (LDP disabled If the LDP session is torn down for whatever reason (LDP disabled
for the corresponding transport, hello adjacency expiry etc.), then for the corresponding transport, hello adjacency expiry etc.), then
the LSRs should initiate establishing a new LDP session as per the the LSRs should initiate establishing a new LDP session as per the
procedures described in section 6.1 of this document and RFC5036. procedures described in section 6.1 of this document along with
RFC5036.
7. Label Distribution 7. Label Distribution
This document specifies that an LSR should advertise and receive An LSR MAY NOT advertise both IPv4 and IPv6 FEC-label bindings (as
both IPv4 and IPv6 label bindings from and to the peer, only if it well as interface addresses via ADDRESS message) from/to the peer
has valid IPv4 and IPv6 Hello Adjacencies for that peer, as over an LDP session (using whatever transport), unless it has valid
specified in section 6.2. IPv4 and IPv6 Hello Adjacencies for that peer, as specified in
section 6.2.
This means that the LSR must not advertise any IPv6 label bindings Another solution for getting the same result as above is by
to a peer over an IPv4 LDP session, if no IPv6 Hello Adjacency negotiating the IP Capability for a given AFI, as specified in
existed for that peer (and vice versa). [IPPWCap].
8. LDP TTL Security An LSR MUST NOT allocate and advertise FEC-Label bindings for link-
local IPv6 address, and ignore such bindings, if ever received. An
LSR MUST treat the IPv4-mapped IPv6 address, defined in section
2.5.1 of [RFC4291], the same as that of a global IPv6 address and
not mix it with the 'corresponding' IPv4 address.
Additionally, to ensure backward compatibility (and interoperability
with IPv4-only LDP implementations), this document specifies that -
1. An LSR MUST NOT send a label mapping message with a FEC TLV
containing FEC Elements of different address-family. In other
words, a FEC TLV in the label mapping message MUST contain the
FEC Elements belonging to the same address-family.
2. An LSR MUST NOT send an Address message (or Address Withdraw
message) with an Address List TLV containing IP addresses of
different address-family. In other words, an Address List TLV
in the Address (or Address Withdraw) message MUST contain the
addresses belonging to the same address-family.
8. LDP Identifiers and Next Hop Addresses
RFC5036 section 2.7 specifies logic for mapping between a peer LDP
Identifier and the peer's addresses to find the correct LIB entry
for any prefix by using a database populated by the Address message.
However, this logic is insufficient to deal with overlapping IPv6
(link-local) addresses used by two or more peers. One may note that
all interior IP routing protocols specify using link-local IPv6
addresses as the next-hops.
This document specifies that the logic is enhanced with the usage of
(Hello Adjacency) database populated by the Hello messages. This
additional database lookup is useful only if/when two or more peers
use the same link-local IPv6 address as the IP routing next-hops
(causing duplicate next-hop entries).
Specifically, this document specifies that an LSR should (continue
to) use the machinery described in RFC5036 section 2.7 to map
between a peer LDP Identifier and the peer's addresses (learned via
ADDRESS message) for any prefix. However, if this mapping fails (for
reasons such as the one described earlier), then an LSR can find the
peer LDP Identifier by checking for the particular link-local IPv6
address in the hello adjacency database.
If an LSR can't find such a mapping in either database, then LSR
should follow procedures specified in RFC5036 (e.g. not resolve the
label).
Lastly, for better scale and optimization, an LSR may advertise only
the link-local IPv6 addresses in the Address message, assuming that
the peer uses only the link-local IPv6 addresses as static and/or
dynamic IP routing next-hops.
9. LDP TTL Security
This document also specifies that the LDP/TCP transport connection This document also specifies that the LDP/TCP transport connection
over IPv6 (i.e. LDPoIPv6) must follow the Generalized TTL Security over IPv6 (i.e. LDPoIPv6) must follow the Generalized TTL Security
Mechanism (GTSM) procedures (Section 3 of [RFC5082]) for an LDP Mechanism (GTSM) procedures (Section 3 of [RFC5082]) for an LDP
session peering established between the adjacent LSRs using Basic session peering established between the adjacent LSRs using Basic
Discovery, by default. Discovery, by default.
In other words, GTSM is enabled by default for an IPv6 LDP peering In other words, GTSM is enabled by default for an IPv6 LDP peering
session using Basic Discovery. This means that the 'IP Hop Limit' in session using Basic Discovery. This means that the 'IP Hop Limit' in
IPv6 packet is set to 255 upon sending, and checked to be 255 upon IPv6 packet is set to 255 upon sending, and checked to be 255 upon
skipping to change at page 11, line 32 skipping to change at page 13, line 32
usage of Extended Discovery typically results in a multi-hop LDP usage of Extended Discovery typically results in a multi-hop LDP
peering session. While the latter is deemed out of scope (section peering session. While the latter is deemed out of scope (section
1.2), in line with GTSM [RFC5082], it is worth clarifying the 1.2), in line with GTSM [RFC5082], it is worth clarifying the
following exceptions that may occur with Basic or Extended Discovery following exceptions that may occur with Basic or Extended Discovery
usage: usage:
a) Two adjacent LSRs (i.e. back-to-back PE routers) forming a a) Two adjacent LSRs (i.e. back-to-back PE routers) forming a
single-hop LDP peering session after doing an Extended Discovery single-hop LDP peering session after doing an Extended Discovery
(for Pseudowire, say) (for Pseudowire, say)
b) Two adjacent LSRs forming a multi-hop LDP peering session after b) Two adjacent LSRs forming a multi-hop LDP peering session after
doing a Basic Discovery, due to the way IP routing is setup doing a Basic Discovery, due to the way IP routing changes
between them (temporarily or permanently) between them (temporarily (e.g. session protection) or
permanently)
c) Two adjacent LSRs (i.e. back-to-back PE routers) forming a c) Two adjacent LSRs (i.e. back-to-back PE routers) forming a
single-hop LDP peering session after doing both Basic and single-hop LDP peering session after doing both Basic and
Extended Discovery Extended Discovery
In (a), GTSM is not enabled for the LDP peering session by default, In (a), GTSM is not enabled for the LDP peering session by default,
hence, it would not do any harm or good. hence, it would not do any harm or good.
In (b), GTSM is enabled by default for the LDP peering session by In (b), GTSM is enabled by default for the LDP peering session by
default and enforced, hence, it would prohibit the LDP peering default and enforced, hence, it would prohibit the LDP peering
session from getting established. session from getting established.
skipping to change at page 12, line 7 skipping to change at page 14, line 10
In (c), GTSM is enabled by default for Basic Discovery and enforced In (c), GTSM is enabled by default for Basic Discovery and enforced
on the subsequent LDP peering. However, if each LSR uses the same on the subsequent LDP peering. However, if each LSR uses the same
IPv6 transport address object value in both Basic and Extended IPv6 transport address object value in both Basic and Extended
discoveries, then it would result in a single LDP peering session discoveries, then it would result in a single LDP peering session
and that would be enabled with GTSM. Otherwise, GTSM would not be and that would be enabled with GTSM. Otherwise, GTSM would not be
enforced on the 2nd LDP peering session corresponding to the enforced on the 2nd LDP peering session corresponding to the
Extended Discovery. Extended Discovery.
This document allows for the implementation to provide an option to This document allows for the implementation to provide an option to
statically (configuration) and/or dynamically override the default statically (configuration) and/or dynamically override the default
behavior (i.e. disable GTSM) on a per-peer basis. This would also behavior (enable/disable GTSM) on a per-peer basis. This would also
address the exception (b) above. Suffice to say that such an option address the exception (b) above. Suffice to say that such an option
could be set on either LSR (since GTSM negotiation would ultimately could be set on either LSR (since GTSM negotiation would ultimately
disable GTSM between an LSR and its peer(s)). disable GTSM between LSR and its peer(s)).
The built-in GTSM inclusion is intended to automatically protect The built-in GTSM inclusion is intended to automatically protect
IPv6 LDP peering session from off-link attacks. IPv6 LDP peering session from off-link attacks.
9. IANA Considerations 10. IANA Considerations
None. None.
10. Security Considerations 11. Security Considerations
The extensions defined in this document only clarify the behavior of The extensions defined in this document only clarify the behavior of
LDP, they do not define any new protocol procedures. Hence, this LDP, they do not define any new protocol procedures. Hence, this
document does not add any new security issues to LDP. document does not add any new security issues to LDP.
While the security issues relevant for the [RFC5036] are relevant While the security issues relevant for the [RFC5036] are relevant
for this document as well, this document reduces the chances of off- for this document as well, this document reduces the chances of off-
link attacks when using IPv6 transport connection by including the link attacks when using IPv6 transport connection by including the
use of GTSM procedures [RFC5082]. use of GTSM procedures [RFC5082].
Moreover, this document allows the use of IPsec [RFC4301] for IPv6 Moreover, this document allows the use of IPsec [RFC4301] for IPv6
protection, hence, LDP can benefit from the additional security as protection, hence, LDP can benefit from the additional security as
specified in [RFC4835] as well as [RFC5920]. specified in [RFC4835] as well as [RFC5920].
11. Acknowledgments 12. Acknowledgments
We acknowledge the authors of [RFC5036], since the text in this We acknowledge the authors of [RFC5036], since the text in this
document is borrowed from [RFC5036]. document is borrowed from [RFC5036].
Thanks to Bob Thomas for providing critical feedback to improve this Thanks to Bob Thomas for providing critical feedback to improve this
document early on. Thanks to Kamran Raza, Eric Rosen, Lizhong Jin, document early on. Thanks to Eric Rosen, Lizhong Jin, Bin Mo, Mach
Bin Mo, Mach Chen, and Kishore Tiruveedhula for reviewing this Chen, and Kishore Tiruveedhula for reviewing this document. The
document. The authors also acknowledge the help of Manoj Dutta and authors also acknowledge the help of Manoj Dutta and Vividh Siddha.
Vividh Siddha.
Also, thanks to Andre Pelletier (who brought up the issue about
active/passive determination, and helped us craft the appropriate
solutions.
This document was prepared using 2-Word-v2.0.template.dot. This document was prepared using 2-Word-v2.0.template.dot.
12. References 13. Additional Contributors
12.1. Normative References The following individuals contributed to this document:
Kamran Raza
Cisco Systems, Inc.
2000 Innovation Drive
Kanata, ON K2K-3E8, Canada
Email: skraza@cisco.com
Nagendra Kumar
Cisco Systems, Inc.
SEZ Unit, Cessna Business Park,
Bangalore, KT, India
Email: naikumar@cisco.com
14. References
14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 4291, February 2006. (IPv6) Addressing Architecture", RFC 4291, February 2006.
[RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP [RFC5036] Andersson, L., Minei, I., and Thomas, B., "LDP
Specification", RFC 5036, October 2007. Specification", RFC 5036, October 2007.
[RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and [RFC5082] Pignataro, C., Gill, V., Heasley, J., Meyer, D., and
Savola, P., "The Generalized TTL Security Mechanism Savola, P., "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007. (GTSM)", RFC 5082, October 2007.
12.2. Informative References 14.2. Informative References
[RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet [RFC4301] Kent, S. and K. Seo, "Security Architecture and Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
[RFC4835] Manral, V., "Cryptographic Algorithm Implementation [RFC4835] Manral, V., "Cryptographic Algorithm Implementation
Requirements for Encapsulating Security Payload (ESP) and Requirements for Encapsulating Security Payload (ESP) and
Authentication Header (AH)", RFC 4835, April 2007. Authentication Header (AH)", RFC 4835, April 2007.
[RFC5918] Asati, R. Minei, I., and Thomas, B., "Label Distribution
Protocol (LDP) 'Typed Wildcard' Forward Equivalence Class
(FEC)", RFC 5918, April 2010.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010. Networks", RFC 5920, July 2010.
[RFC4798] De Clercq, et al., "Connecting IPv6 Islands over IPv4 MPLS
Using IPv6 Provider Edge Routers (6PE)", RFC 4798,
February 2007.
[IPPWCap] Raza, K., "LDP IP and PW Capability", draft-ietf-mpls-ldp-
ip-pw-capability, June 2011.
Author's Addresses Author's Addresses
Vishwas Manral Vishwas Manral
Hewlet-Packard, Inc. Hewlet-Packard, Inc.
19111 Pruneridge Ave., Cupertino, CA, 95014 19111 Pruneridge Ave., Cupertino, CA, 95014
Phone: 408-447-1497 Phone: 408-447-1497
Email: vishwas.manral@hp.com Email: vishwas.manral@hp.com
Rajiv Papneja Rajiv Papneja
ISOCORE Huawei Technologies
12359 Sunrise Valley Dr, STE 100 2330 Central Expressway
Reston, VA 20190 Santa Clara, CA 95050
Email: rpapneja@isocore.com Phone: +1 571 926 8593
EMail: rajiv.papneja@huawei.com
Rajiv Asati Rajiv Asati
Cisco Systems, Inc. Cisco Systems, Inc.
7025 Kit Creek Road 7025 Kit Creek Road
Research Triangle Park, NC 27709-4987 Research Triangle Park, NC 27709-4987
Email: rajiva@cisco.com Email: rajiva@cisco.com
Carlos Pignataro Carlos Pignataro
Cisco Systems, Inc. Cisco Systems, Inc.
7200 Kit Creek Road 7200 Kit Creek Road
 End of changes. 51 change blocks. 
109 lines changed or deleted 217 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/