< draft-ietf-mpls-ldp-ipv6-11.txt   draft-ietf-mpls-ldp-ipv6-12.txt >
MPLS Working Group Rajiv Asati MPLS Working Group Rajiv Asati
Internet Draft Cisco Internet Draft Cisco
Updates: 5036 (if approved) Updates: 5036 (if approved)
Intended status: Standards Track Vishwas Manral Intended status: Standards Track Vishwas Manral
Expires: June 28, 2014 Hewlett-Packard, Inc. Expires: August 2014
Hewlett-Packard, Inc.
Rajiv Papneja Rajiv Papneja
Huawei Huawei
Carlos Pignataro Carlos Pignataro
Cisco Cisco
December 28, 2013 February 5, 2014
Updates to LDP for IPv6 Updates to LDP for IPv6
draft-ietf-mpls-ldp-ipv6-11 draft-ietf-mpls-ldp-ipv6-12
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 8, 2014. This Internet-Draft will expire on August 5, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this 10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Abstract Abstract
skipping to change at page 2, line 34 skipping to change at page 2, line 35
both networks. This document corrects and clarifies the LDP behavior both networks. This document corrects and clarifies the LDP behavior
when IPv6 network is used (with or without IPv4). This document when IPv6 network is used (with or without IPv4). This document
updates RFC 5036. updates RFC 5036.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Scope.....................................................4 1.1. Scope.....................................................4
1.1.1. Topology Scenarios...................................4 1.1.1. Topology Scenarios...................................4
1.1.2. LDP TTL Security.....................................5 1.1.2. LDP TTL Security.....................................5
2. Specification Language.........................................5 2. Specification Language.........................................6
3. LSP Mapping....................................................6 3. LSP Mapping....................................................6
4. LDP Identifiers................................................6 4. LDP Identifiers................................................7
5. Peer Discovery.................................................7 5. Peer Discovery.................................................7
5.1. Basic Discovery Mechanism.................................7 5.1. Basic Discovery Mechanism.................................8
5.2. Extended Discovery Mechanism..............................8 5.1.1. Maintaining Hello Adjacencies........................9
6. LDP Session Establishment and Maintenance......................8 5.2. Extended Discovery Mechanism..............................9
6. LDP Session Establishment and Maintenance......................9
6.1. Transport connection establishment........................9 6.1. Transport connection establishment........................9
6.2. Maintaining Hello Adjacencies............................10 6.2. LDP Sessions Maintenance.................................11
6.3. Maintaining LDP Sessions.................................11
7. Label Distribution............................................12 7. Label Distribution............................................12
8. LDP Identifiers and Next Hop Addresses........................12 8. LDP Identifiers and Next Hop Addresses........................12
9. LDP TTL Security..............................................13 9. LDP TTL Security..............................................13
10. IANA Considerations..........................................13 10. IANA Considerations..........................................14
11. Security Considerations......................................14 11. Security Considerations......................................14
12. Acknowledgments..............................................14 12. Acknowledgments..............................................14
13. Additional Contributors......................................14 13. Additional Contributors......................................14
14. References...................................................16 14. References...................................................16
14.1. Normative References....................................16 14.1. Normative References....................................16
14.2. Informative References..................................16 14.2. Informative References..................................16
Appendix.........................................................17 Appendix A.......................................................18
Author's Addresses...............................................17 A.1. LDPv6 and LDPv4 Interoperability Safety Net..............18
A.2. Why 32-bit value even for IPv6 LDP Router ID.............18
Author's Addresses...............................................19
1. Introduction 1. Introduction
The LDP [RFC5036] specification defines procedures and messages for The LDP [RFC5036] specification defines procedures and messages for
exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g. exchanging FEC-label bindings over either IPv4 or IPv6 or both (e.g.
dual-stack) networks. dual-stack) networks.
However, RFC5036 specification has the following deficiencies in However, RFC5036 specification has the following deficiencies in
regards to IPv6 usage: regards to IPv6 usage:
skipping to change at page 4, line 9 skipping to change at page 4, line 18
This document addresses the above deficiencies by specifying the This document addresses the above deficiencies by specifying the
desired behavior/rules/details for using LDP in IPv6 enabled desired behavior/rules/details for using LDP in IPv6 enabled
networks (IPv6-only or Dual-stack networks). networks (IPv6-only or Dual-stack networks).
Note that this document updates RFC5036. Note that this document updates RFC5036.
1.1. Scope 1.1. Scope
1.1.1. Topology Scenarios 1.1.1. Topology Scenarios
The following scenarios in which the LSRs may be inter-connected via Two LSRs may involve basic and/or extended LDP discovery in IPv6
one or more dual-stack interfaces (figure 1), or one or more single- and/or IPv4 address-families in various topology scenarios.
stack interfaces (figure 2 and figure 3) are addressed by this
document: This document addresses the following 3 topology scenarios in which
the LSRs may be connected via one or more dual-stack interfaces
(figure 1), or one or more single-stack interfaces (figure 2 and
figure 3):
R1------------------R2 R1------------------R2
IPv4+IPv6 IPv4+IPv6
Figure 1 LSRs connected via a Dual-stack Interface Figure 1 LSRs connected via a Dual-stack Interface
IPv4 IPv4
R1=================R2 R1=================R2
IPv6 IPv6
skipping to change at page 4, line 24 skipping to change at page 5, line 4
R1------------------R2 R1------------------R2
IPv4+IPv6 IPv4+IPv6
Figure 1 LSRs connected via a Dual-stack Interface Figure 1 LSRs connected via a Dual-stack Interface
IPv4 IPv4
R1=================R2 R1=================R2
IPv6 IPv6
Figure 2 LSRs connected via two single-stack Interfaces Figure 2 LSRs connected via two single-stack Interfaces
R1------------------R2---------------R3 R1------------------R2---------------R3
IPv4 IPv6 IPv4 IPv6
Figure 3 LSRs connected via a single-stack Interface Figure 3 LSRs connected via a single-stack Interface
Note that the topology scenario illustrated in figure 1 also covers Note that the topology scenario illustrated in figure 1 also covers
the case of a single-stack interface (IPv4, say) being converted to the case of a single-stack interface (IPv4, say) being converted to
a dual-stacked interface by enabling IPv6 routing as well as IPv6 a dual-stacked interface by enabling IPv6 routing as well as IPv6
LDP, even though the IPv4 LDP session may already be established LDP, even though the IPv4 LDP session may already be established
between the LSRs. between the LSRs.
Note that the topology scenario illustrated in figure 2 also covers Note that the topology scenario illustrated in figure 2 also covers
the case of two routers getting connected via an additional single- the case of two routers getting connected via an additional single-
stack interface (IPv6 routing and IPv6 LDP), even though the IPv4 stack interface (IPv6 routing and IPv6 LDP), even though the IPv4
LDP session may already be established between the LSRs over the LDP session may already be established between the LSRs over the
existing interface(s). existing interface(s).
This document also addresses the scenario in which the LSRs do
extended discovery in IPv6 and/or IPv4 address-families:
IPv4
R1-------------------R2
IPv6
Figure 4 LSRs involving IPv4 and IPv6 address-families
1.1.2. LDP TTL Security 1.1.2. LDP TTL Security
LDP TTL Security mechanism specified by this document applies only LDP TTL Security mechanism specified by this document applies only
to single-hop LDP peering sessions, but not to multi-hop LDP peering to single-hop LDP peering sessions, but not to multi-hop LDP peering
sessions, in line with Section 5.5 of [RFC5082] that describes sessions, in line with Section 5.5 of [RFC5082] that describes
Generalized TTL Security Mechanism (GTSM). Generalized TTL Security Mechanism (GTSM).
As a consequence, any LDP feature that relies on multi-hop LDP As a consequence, any LDP feature that relies on multi-hop LDP
peering session would not work with GTSM and will warrant peering session would not work with GTSM and will warrant
(statically or dynamically) disabling GTSM. Please see section 8. (statically or dynamically) disabling GTSM. Please see section 8.
skipping to change at page 5, line 26 skipping to change at page 6, line 15
2. Specification Language 2. Specification Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Abbreviations: Abbreviations:
LDP - Label Distribution Protocol LDP - Label Distribution Protocol
LDPv4 - LDP for enabling IPv4 MPLS forwarding
LDPv6 - LDP for enabling IPv6 MPLS forwarding
LDPoIPv4 - LDP over IPv4 transport session LDPoIPv4 - LDP over IPv4 transport session
LDPoIPv6 - LDP over IPv6 transport session LDPoIPv6 - LDP over IPv6 transport session
FEC - Forwarding Equivalence Class FEC - Forwarding Equivalence Class
TLV - Type Length Value TLV - Type Length Value
LSR - Label Switch Router LSR - Label Switching Router
LSP - Label Switched Path LSP - Label Switched Path
LSPv4 - IPv4-signaled Label Switched Path [RFC4798] LSPv4 - IPv4-signaled Label Switched Path [RFC4798]
LSPv6 - IPv6-signaled Label Switched Path [RFC4798] LSPv6 - IPv6-signaled Label Switched Path [RFC4798]
AFI - Address Family Identifier AFI - Address Family Identifier
LDP Id - LDP Identifier
3. LSP Mapping 3. LSP Mapping
Section 2.1 of [RFC5036] specifies the procedure for mapping a Section 2.1 of [RFC5036] specifies the procedure for mapping a
particular packet to a particular LSP using three rules. Quoting the particular packet to a particular LSP using three rules. Quoting the
3rd rule from RFC5036: 3rd rule from RFC5036:
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is a /32 address of that router, then the packet is mapped to that is a /32 address of that router, then the packet is mapped to
that LSP." that LSP."
Suffice to say, this rule is correct for IPv4, but not for IPv6, This rule is correct for IPv4, but not for IPv6, since an IPv6
since an IPv6 router may not have any /32 address. router may even have a /64 or /96 or /128 (or whatever prefix
length) address. Hence, it is reasonable to say IPv4 or IPv6 address
This document proposes to modify this rule by also including a /128 instead of /32 or /128 addresses as shown below in the updated rule:
address (for IPv6). In fact, it should be reasonable to just say
IPv4 or IPv6 address instead of /32 or /128 addresses as shown below
in the updated rule:
"If it is known that a packet must traverse a particular egress "If it is known that a packet must traverse a particular egress
router, and there is an LSP that has an Address Prefix FEC element router, and there is an LSP that has an Address Prefix FEC element
that is an IPv4 or IPv6 address of that router, then the packet is that is an IPv4 or IPv6 address of that router, then the packet is
mapped to that LSP." mapped to that LSP."
4. LDP Identifiers 4. LDP Identifiers
Section 2.2.2 of [RFC5036] specifies formulating at least one LDP Section 2.2.2 of [RFC5036] specifies formulating at least one LDP
Identifier, however, it doesn't provide any consideration in case of Identifier, however, it doesn't provide any consideration in case of
IPv6 (with or without dual-stacking). IPv6 (with or without dual-stacking).
The first four octets of the LDP identifier, the 32-bit LSR Id (e.g. The first four octets of the LDP identifier, the 32-bit LSR Id (e.g.
(i.e. LDP Router Id), identify the LSR and is a globally unique (i.e. LDP Router Id), identify the LSR and is a globally unique
value within the MPLS network. This is regardless of the address value within the MPLS network. This is regardless of the address
family used for the LDP session. Hence, this document preserves the family used for the LDP session. Hence, this document preserves the
usage of 32-bit (unsigned non-zero integer) LSR Id on an IPv6 only usage of 32-bit (unsigned non-zero integer) LSR Id on an IPv6 only
LSR (note that BGP has also mandated using 32-bit BGP Router ID on LSR.
an IPv6 only Router [RFC6286]).
Please note that 32-bit LSR Id value would not map to any IPv4-
address in an IPv6 only LSR (i.e., single stack), nor would there
be an expectation of it being DNS-resolvable. In IPv4 deployments,
the LSR Id is typically derived from an IPv4 address, generally
assigned to a loopback interface. In IPv6 only deployments, this
32-bit LSR Id must be derived by some other means that guarantees
global uniqueness within the MPLS network, similar to that of BGP
Identifier [RFC6286].
This document qualifies the first sentence of last paragraph of This document also qualifies the first sentence of last paragraph of
Section 2.5.2 of [RFC5036] to be per address family and therefore Section 2.5.2 of [RFC5036] to be per address family and therefore
updates that sentence to the following: "For a given address family, updates that sentence to the following:
an LSR MUST advertise the same transport address in all Hellos that
advertise the same label space." This rightly enables the per-
platform label space to be shared between IPv4 and IPv6.
In summary, this document not only allows the usage of a common LDP "For a given address family, an LSR MUST advertise the same
identifier i.e. same LSR-Id (aka LDP Router-Id), but also the common transport address in all Hellos that advertise the same label
Label space id for both IPv4 and IPv6 on a dual-stack LSR. space."
This document reserves 0.0.0.0 as the LSR-Id, and prohibits its This rightly enables the per-platform label space to be shared
usage. between IPv4 and IPv6.
In summary, this document allows the usage of a common LDP
identifier (same LSR Id aka LDP Router Id as well as a common Label
space id) for both IPv4 and IPv6 on a dual-stack LSR.
5. Peer Discovery 5. Peer Discovery
If an LSR is enabled with both IPv4 and IPv6 LDP, then the LSR MUST
include the same LDP Identifier (assuming per-platform label space
usage) in both IPv6 and IPv4 LDP Link or targeted Hellos.
5.1. Basic Discovery Mechanism 5.1. Basic Discovery Mechanism
Section 2.4.1 of [RFC5036] defines the Basic Discovery mechanism for Section 2.4.1 of [RFC5036] defines the Basic Discovery mechanism for
directly connected LSRs. Following this mechanism, LSRs periodically directly connected LSRs. Following this mechanism, LSRs periodically
sends LDP Link Hellos destined to "all routers on this subnet" group send LDP Link Hellos destined to "all routers on this subnet" group
multicast IP address. multicast IP address.
Interesting enough, per the IPv6 addressing architecture [RFC4291], Interesting enough, per the IPv6 addressing architecture [RFC4291],
IPv6 has three "all routers on this subnet" multicast addresses: IPv6 has three "all routers on this subnet" multicast addresses:
FF01:0:0:0:0:0:0:2 = Interface-local scope FF01:0:0:0:0:0:0:2 = Interface-local scope
FF02:0:0:0:0:0:0:2 = Link-local scope FF02:0:0:0:0:0:0:2 = Link-local scope
FF05:0:0:0:0:0:0:2 = Site-local scope FF05:0:0:0:0:0:0:2 = Site-local scope
[RFC5036] does not specify which particular IPv6 'all routers on [RFC5036] does not specify which particular IPv6 'all routers on
this subnet' group multicast IP address should be used by LDP Link this subnet' group multicast IP address should be used by LDP Link
Hellos. Hellos.
This document specifies the usage of link-local scope e.g. This document specifies the usage of link-local scope e.g.
FF02:0:0:0:0:0:0:2 as the destination multicast IP address in IPv6 FF02:0:0:0:0:0:0:2 as the destination multicast IP address in IPv6
LDP Link Hellos. An LDP Hello packet received on any of the other LDP Link Hellos. An LDP Hello packet received on any of the other
destination addresses must be dropped. Additionally, the link-local destination addresses MUST be dropped. Additionally, the link-local
IPv6 address MUST be used as the source IP address in IPv6 LDP Link IPv6 address MUST be used as the source IP address in IPv6 LDP Link
Hellos. Hellos.
Also, the LDP Link Hello packets must have their IPv6 Hop Limit set Also, the LDP Link Hello packets MUST have their IPv6 Hop Limit set
to 255, and be checked for the same upon receipt before any further to 255, be checked for the same upon receipt (before any LDP
processing, as specified in Generalized TTL Security Mechanism specific processing) and be handled as specified in Generalized TTL
(GTSM)[RFC5082]. The built-in inclusion of GTSM automatically Security Mechanism (GTSM) section 3 of [RFC5082]. The built-in
protects IPv6 LDP from off-link attacks. inclusion of GTSM automatically protects IPv6 LDP from off-link
attacks.
More importantly, if an interface is a dual-stack LDP interface More importantly, if an interface is a dual-stack LDP interface
(e.g. enabled with both IPv6 and IPv4 LDP), then the LSR must (e.g. enabled with both IPv6 and IPv4 LDP), then the LSR MUST
periodically send both IPv6 and IPv4 LDP Link Hellos (using the same periodically send both IPv6 and IPv4 LDP Link Hellos (using the same
LDP Identifier per section 4) on that interface and be able to LDP Identifier per section 4) on that interface and be able to
receive them. This facilitates discovery of IPv6-only, IPv4-only and receive them. This facilitates discovery of IPv6-only, IPv4-only and
dual-stack peers on the interface's subnet. dual-stack peers on the interface's subnet and ensures successful
subsequent peering using the appropriate (address family) transport
on a multi-access or broadcast interface.
An implementation should prefer sending IPv6 LDP link Hellos An implementation MUST send IPv6 LDP link Hellos before sending IPv4
before sending IPv4 LDP Link Hellos on a dual-stack interface, if LDP Link Hellos on a dual-stack interface.
possible.
Lastly, the IPv6 and IPv4 LDP Link Hellos MUST carry the same LDP 5.1.1. Maintaining Hello Adjacencies
identifier (assuming per-platform label space usage).
5.2. Extended Discovery Mechanism In case of dual-stack LDP interface, the LSR SHOULD maintain link
Hello adjacencies for both IPv4 and IPv6 address families. This
document, however, allows an LSR to maintain Rx-side Link Hello
adjacency for the address family that has been used for the
establishment of the LDP session (either IPv4 or IPv6).
Suffice to say, the extended discovery mechanism (defined in section 5.2. Extended Discovery Mechanism
2.4.2 of [RFC5036]) doesn't require any additional IPv6 specific
consideration, since the targeted LDP Hellos are sent to a pre-
configured (unicast) destination IPv6 address.
The link-local IP addresses MUST NOT be used as the source or The extended discovery mechanism (defined in section 2.4.2 of
destination IPv6 addresses in extended discovery. [RFC5036]), in which the targeted LDP Hellos are sent to a pre-
configured (unicast) destination IPv6 address, requires only one
IPv6 specific consideration: the link-local IPv6 addresses MUST NOT
be used as the targeted LDP hello packet's source or destination
addresses.
6. LDP Session Establishment and Maintenance 6. LDP Session Establishment and Maintenance
Section 2.5.1 of [RFC5036] defines a two-step process for LDP Section 2.5.1 of [RFC5036] defines a two-step process for LDP
session establishment, once the peer discovery has completed (LDP session establishment, once the peer discovery has completed (LDP
Hellos have been exchanged): Hellos have been exchanged):
1. Transport connection establishment 1. Transport connection establishment
2. Session initialization 2. Session initialization
The forthcoming sub-sections discuss the LDP consideration for IPv6 The forthcoming sub-section 6.1 discusses the LDP consideration for
and/or dual-stacking in the context of session establishment and IPv6 and/or dual-stacking in the context of session establishment,
maintenance. whereas sub-section 6.2 discusses the LDP consideration for IPv6
and/or dual-stacking in the context of session maintenance.
6.1. Transport connection establishment 6.1. Transport connection establishment
Section 2.5.2 of [RFC5036] specifies the use of an optional Section 2.5.2 of [RFC5036] specifies the use of an optional
transport address object (TLV) in LDP Link Hello message to convey transport address object (TLV) in LDP Hello message to convey the
the transport (IP) address, however, it does not specify the transport (IP) address, however, it does not specify the behavior of
behavior of LDP if both IPv4 and IPv6 transport address objects LDP if both IPv4 and IPv6 transport address objects (TLV) are sent
(TLV) are sent in a Hello message or separate Hello messages. More in a Hello message or separate Hello messages. More importantly, it
importantly, it does not specify whether both IPv4 and IPv6 does not specify whether both IPv4 and IPv6 transport connections
transport connections should be allowed, if there were Hello should be allowed, if there were both IPv4 and IPv6 Hello
adjacencies for both IPv4 and IPv6 whether over a single interface adjacencies.
or multiple interfaces.
This document specifies that: This document specifies that:
1. An LSR MUST NOT send a Hello containing both IPv4 and IPv6 1. An LSR MUST NOT send a Hello message containing both IPv4 and
transport address optional objects. In other words, there MUST IPv6 transport address optional objects. In other words, there
be at most one optional Transport Address object in a Hello MUST be at most one optional Transport Address object in a
message. An LSR MUST include only the transport address whose Hello message. An LSR MUST include only the transport address
address family is the same as that of the IP packet carrying whose address family is the same as that of the IP packet
Hello. carrying Hello message.
2. An LSR SHOULD accept the Hello message that contains both IPv4 2. An LSR SHOULD accept the Hello message that contains both IPv4
and IPv6 transport address optional objects, but MUST use only and IPv6 transport address optional objects, but MUST use only
the transport address whose address family is the same as that the transport address whose address family is the same as that
of the IP packet carrying Hello. An LSR SHOULD accept only the of the IP packet carrying the Hello message. An LSR SHOULD
first transport object for a given Address family in the accept only the first transport object for a given Address
received Hello message, and ignore the rest, if the LSR family in the received Hello message, and ignore the rest, if
receives more than one transport object. the LSR receives more than one transport object.
3. An LSR MUST send separate Hellos (each containing either IPv4 3. An LSR MUST send separate Hello messages (each containing
or IPv6 transport address optional object) for each IP address either IPv4 or IPv6 transport address optional object) for each
family, if LDP was enabled for both IP address families. IP address family, if LDP was enabled for both IP address
families.
4. An LSR MUST use a global unicast IPv6 address in IPv6 transport 4. An LSR MUST use a global unicast IPv6 address in IPv6 transport
address optional object of outgoing targeted hellos, and check address optional object of outgoing targeted Hellos, and check
for the same in incoming targeted hellos (i.e. MUST discard the for the same in incoming targeted hellos (i.e. MUST discard the
hello, if it failed the check). hello, if it failed the check).
5. An LSR MUST prefer using global unicast IPv6 address for an LDP 5. An LSR MUST prefer using a global unicast IPv6 address in IPv6
session with a remote LSR, if it had to choose between global transport address optional object of outgoing Link Hellos, if
unicast IPv6 address and unique-local or link-local IPv6 it had to choose between global unicast IPv6 address and
address (pertaining to the same LDP Identifier) for the unique-local or link-local IPv6 address.
transport connection.
6. An LSR SHOULD NOT create (or honor the request for creating) a 6. An LSR SHOULD NOT create (or honor the request for creating) a
TCP connection for a new LDP session with a remote LSR, if they TCP connection for a new LDP session with a remote LSR, if they
already have an LDP session (for the same LDP Identifier) already have an LDP session (for the same LDP Identifier)
established over whatever IP version transport. established over whatever IP version transport.
This means that only one transport connection is established, This means that only one transport connection is established
regardless of one or two Hello adjacencies (one for IPv4 and regardless of IPv6 or/and IPv4 Hello adjacencies presence
another for IPv6) are created & maintained over a single between two LSRs.
interface (scenario 1 in section 1.1) or multiple interfaces
(scenario 2 in section 1.1) between two LSRs.
7. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new 7. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new
LDP session with a remote LSR, if it has both IPv4 and IPv6 LDP session with a remote LSR, if it is able to determine the
hello adjacencies for the same (peer) LDP Identifier (over a dual-stack presence (e.g. they have both IPv4 and IPv6 Hello
dual-stack interface, or two or more single-stack IPv4 and IPv6 adjacencies). This applies to the section 2.5.2 of RFC5036.
interfaces). This applies to the section 2.5.2 of RFC5036.
Each LSR, assuming an active role for whichever address Each LSR, assuming an active role for whichever address
family(s), should enforce this LDP/TCP connection over IPv6 family(s), SHOULD enforce the LDP/TCP connection over IPv6
preference for a time-period (default value is 15 seconds), preference for a time-period (default value is 5 seconds),
after which LDP/TCP connection over IPv4 should be attempted. after which LDP/TCP connection over IPv4 SHOULD be attempted.
This enforcement is independent of whether the LSR is assuming This enforcement is independent of whether the LSR is assuming
the active role for IPv4. This timer is started upon receiving the active role for IPv4. This timer is started upon receiving
the first hello from the neighbor. the first (IPv4 or IPv6) Hello from the neighbor.
8. An LSR SHOULD prefer the LDP/TCP connection over IPv6 for a new
LDP session with a remote LSR, if they attempted two TCP
connections using different transport address families (IPv4
and IPv6) simultaneously.
An implementation may provide an option to favor one AFI (IPv4, say) An implementation may provide an option to favor one AFI (IPv4, say)
over another AFI (IPv6, say) for the TCP transport connection, so as over another AFI (IPv6, say) for the TCP transport connection, so as
to use the favored IP version for the LDP session, and force to use the favored IP version for the LDP session, and force
deterministic active/passive roles. deterministic active/passive roles.
6.2. Maintaining Hello Adjacencies 6.2. LDP Sessions Maintenance
In line with the section 2.5.5 of RFC5036, this draft describes that
if an LSR has a dual-stack interface, which is enabled with both
IPv6 and IPv4 LDP, then the LSR must periodically send and receive
both IPv6 and IPv4 LDP Link Hellos.
This ensures successful LDP discovery and subsequent peering using
the appropriate (address family) transport on a multi-access or
broadcast interface (even if there are IPv6-only, IPv4-only and
dual-stack LSRs connected to that interface).
While the LSR receives both IPv4 and IPv6 LDP Link Hello messages on
the interface, this document however allows an LSR to maintain
Rx-side Link Hello adjacency for the address family that has been
used for the establishment of the LDP session (either IPv4 or IPv6),
or to maintain Rx-side Link Hellp adjacency for both IPv4 and IPv6
address families.
6.3. Maintaining LDP Sessions
Two LSRs maintain a single LDP session between them (i.e. not tear This document specifies that two LSRs maintain a single LDP session
down an existing session), as described in section 6.1, whether regardless of number of Link or Targeted Hello adjacencies between
them, as described in section 6.1. This is independent of whether:
- they are connected via a dual-stack LDP enabled interface or via - they are connected via a dual-stack LDP enabled interface or via
two single-stack LDP enabled interfaces; two single-stack LDP enabled interfaces;
- a single-stack interface is converted to a dual-stack interface - a single-stack interface is converted to a dual-stack interface
(e.g. figure 1) on either LSR; (e.g. figure 1) on either LSR;
- an additional single-stack or dual-stack interface is added or - an additional single-stack or dual-stack interface is added or
removed between two LSRs (e.g. figure 2). removed between two LSRs (e.g. figure 2).
Needless to say that the procedures defined in section 6.1 should The procedures defined in section 6.1 SHOULD result in preferring
result in preferring LDPoIPv6 session only after the loss of an LDPoIPv6 session only after the loss of an existing LDP session
existing LDP session (because of link failure, node failure, reboot (because of link failure, node failure, reboot etc.).
etc.).
If the last hello adjacency for a given address family goes down If the last hello adjacency for a given address family goes down
(e.g. due to dual-stack interfaces being converted into a single- (e.g. due to dual-stack interfaces being converted into a single-
stack interfaces on one LSR etc.), and that address family is the stack interfaces on one LSR etc.), and that address family is the
same as the one used in the transport connection, then the transport same as the one used in the transport connection, then the transport
connection (LDP session) SHOULD be reset. Otherwise, the LDP session connection (LDP session) SHOULD be reset. Otherwise, the LDP session
should stay intact. SHOULD stay intact.
If the LDP session is torn down for whatever reason (LDP disabled If the LDP session is torn down for whatever reason (LDP disabled
for the corresponding transport, hello adjacency expiry etc.), then for the corresponding transport, hello adjacency expiry etc.), then
the LSRs should initiate establishing a new LDP session as per the the LSRs SHOULD initiate establishing a new LDP session as per the
procedures described in section 6.1 of this document along with procedures described in section 6.1 of this document along with
RFC5036. RFC5036.
7. Label Distribution 7. Label Distribution
An LSR MUST NOT allocate and advertise FEC-Label bindings for link- An LSR MUST NOT allocate and MUST NOT advertise FEC-Label bindings
local IPv6 address, and ignore such bindings, if ever received. An for link-local IPv6 address, and ignore such bindings, if ever
LSR MUST treat the IPv4-mapped IPv6 address, defined in section received. An LSR MUST treat the IPv4-mapped IPv6 address, defined in
2.5.5.2 of [RFC4291], the same as that of a global IPv6 address and section 2.5.5.2 of [RFC4291], the same as that of a global IPv6
not mix it with the 'corresponding' IPv4 address. address and not mix it with the 'corresponding' IPv4 address.
Additionally, to ensure backward compatibility (and interoperability Additionally, to ensure backward compatibility (and interoperability
with IPv4-only LDP implementations) in light of section 3.4.1.1 of with IPv4-only LDP implementations) in light of section 3.4.1.1 of
RFC5036, as rationalized in the Appendix A.1, this document RFC5036, as rationalized in the Appendix section A.1 later, this
specifies that - document specifies that -
1. An LSR MUST NOT send a label mapping message with a FEC TLV 1. An LSR MUST NOT send a label mapping message with a FEC TLV
containing FEC Elements of different address family. In other containing two or more Prefix FEC Elements of different address
words, a FEC TLV in the label mapping message MUST contain the families. This means that a FEC TLV in the label mapping
FEC Elements belonging to the same address family. message must contain all the Prefix FEC Elements belonging to
2. An LSR MUST NOT send an Address message (or Address Withdraw IPv6 address family or IPv4 address family, but not both.
message) with an Address List TLV containing IP addresses of
different address family. In other words, an Address List TLV
in the Address (or Address Withdraw) message MUST contain the
addresses belonging to the same address family.
An LSR MAY constrain the advertisement of FEC-label bindings for a An LSR may constrain the advertisement of FEC-label bindings for a
particular address family by negotiating the IP Capability for a particular address family by negotiating the IP Capability for a
given AFI, as specified in [IPPWCap] document. given AFI, as specified in [IPPWCap] document. This allows an LSR
pair to neither advertise nor receive the undesired FEC-label
bindings on a per AFI basis.
8. LDP Identifiers and Next Hop Addresses 8. LDP Identifiers and Next Hop Addresses
RFC5036 section 2.7 specifies the logic for mapping the IP routing RFC5036 section 2.7 specifies the logic for mapping the IP routing
next-hop (of a given FEC) to an LDP peer so as to find the correct next-hop (of a given FEC) to an LDP peer so as to find the correct
label entry for that FEC. The logic involves using the IP routing label entry for that FEC. The logic involves using the IP routing
next-hop address as an index into the (peer Address) database (which next-hop address as an index into the (peer Address) database (which
is populated by the Address message containing mapping between each is populated by the Address message containing mapping between each
peer's local addresses and its LDP Identifier) to determine the LDP peer's local addresses and its LDP Identifier) to determine the LDP
peer. peer.
However, this logic is insufficient to deal with duplicate IPv6 However, this logic is insufficient to deal with duplicate IPv6
(link-local) next-hop addresses used by two or more peers. The (link-local) next-hop addresses used by two or more peers. The
reason is that all interior IPv6 routing protocols (can) use link- reason is that all interior IPv6 routing protocols (can) use link-
local IPv6 addresses as the IP routing next-hops, and 'IPv6 local IPv6 addresses as the IP routing next-hops, and 'IPv6
Addressing Architecture [RFC4291]' allows a link-local IPv6 address Addressing Architecture [RFC4291]' allows a link-local IPv6 address
to be used on more than one links. to be used on more than one links.
Hence, this logic is extended by this specification to involve not Hence, this logic is extended by this specification to use not only
only the IP routing next-hop address, but also the IP routing next- the IP routing next-hop address, but also the IP routing next-hop
hop interface to uniquely determine the LDP peer(s). The next-hop interface to uniquely determine the LDP peer(s). The next-hop
address-based LDP peer mapping is to be done through LDP peer address-based LDP peer mapping is to be done through LDP peer
address database (populated by Address messages received from the address database (populated by Address messages received from the
LDP peers), whereas next-hop interface-based LDP peer mapping is to LDP peers), whereas next-hop interface-based LDP peer mapping is to
be done through LDP hello adjacency/interface database (populated by be done through LDP hello adjacency/interface database (populated by
hello messages from the LDP peers). hello messages from the LDP peers).
This extension solves the problem of two or more peers using the This extension solves the problem of two or more peers using the
same link-local IPv6 address (in other words, duplicate addresses) same link-local IPv6 address (in other words, duplicate peer
as the IP routing next-hops. addresses) as the IP routing next-hops.
Lastly, for better scale and optimization, an LSR may advertise only Lastly, for better scale and optimization, an LSR may advertise only
the link-local IPv6 addresses in the Address message, assuming that the link-local IPv6 addresses in the Address message, assuming that
the peer uses only the link-local IPv6 addresses as static and/or the peer uses only the link-local IPv6 addresses as static and/or
dynamic IP routing next-hops. dynamic IP routing next-hops.
9. LDP TTL Security 9. LDP TTL Security
This document recommends enabling Generalized TTL Security Mechanism This document recommends enabling Generalized TTL Security Mechanism
(GTSM) for LDP, as specified in [RFC6720], for the LDP/TCP transport (GTSM) for LDP, as specified in [RFC6720], for the LDP/TCP transport
connection over IPv6 (i.e. LDPoIPv6). connection over IPv6 (i.e. LDPoIPv6). The GTSM inclusion is intended
to automatically protect IPv6 LDP peering session from off-link
attacks.
[RFC6720] allows for the implementation to statically [RFC6720] allows for the implementation to statically
(configuration) and/or dynamically override the default behavior (configuration) and/or dynamically override the default behavior
(enable/disable GTSM) on a per-peer basis. Suffice to say that such (enable/disable GTSM) on a per-peer basis. Suffice to say that such
an option could be set on either LSR (since GTSM negotiation would an option could be set on either LSR (since GTSM negotiation would
ultimately disable GTSM between LSR and its peer(s)). ultimately disable GTSM between LSR and its peer(s)).
The GTSM inclusion is intended to automatically protect IPv6 LDP LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
peering session from off-link attacks. and be checked for the same upon receipt before any further
processing, as per section 3 of [RFC5082].
10. IANA Considerations 10. IANA Considerations
None. None.
11. Security Considerations 11. Security Considerations
The extensions defined in this document only clarify the behavior of The extensions defined in this document only clarify the behavior of
LDP, they do not define any new protocol procedures. Hence, this LDP, they do not define any new protocol procedures. Hence, this
document does not add any new security issues to LDP. document does not add any new security issues to LDP.
While the security issues relevant for the [RFC5036] are relevant While the security issues relevant for the [RFC5036] are relevant
for this document as well, this document reduces the chances of off- for this document as well, this document reduces the chances of off-
link attacks when using IPv6 transport connection by including the link attacks when using IPv6 transport connection by including the
use of GTSM procedures [RFC5082]. use of GTSM procedures [RFC5082]. Please see section 9 for LDP TTL
Security details.
Moreover, this document allows the use of IPsec [RFC4301] for IPv6 Moreover, this document allows the use of IPsec [RFC4301] for IPv6
protection, hence, LDP can benefit from the additional security as protection, hence, LDP can benefit from the additional security as
specified in [RFC4835] as well as [RFC5920]. specified in [RFC4835] as well as [RFC5920].
12. Acknowledgments 12. Acknowledgments
We acknowledge the authors of [RFC5036], since some text in this We acknowledge the authors of [RFC5036], since some text in this
document is borrowed from [RFC5036]. document is borrowed from [RFC5036].
Thanks to Bob Thomas for providing critical feedback to improve this Thanks to Bob Thomas for providing critical feedback to improve this
document early on. document early on.
Many thanks to Eric Rosen, Lizhong Jin, Bin Mo, Mach Chen, Shane Many thanks to Eric Rosen, Lizhong Jin, Bin Mo, Mach Chen, Shane
Amante, Pranjal Dutta, Mustapha Aissaoui, Matthew Bocci, Mark Tinka, Amante, Pranjal Dutta, Mustapha Aissaoui, Matthew Bocci, Mark Tinka,
Tom Petch, Kishore Tiruveedhula, Manoj Dutta, Vividh Siddha, Qin Wu, Tom Petch, Kishore Tiruveedhula, Manoj Dutta, Vividh Siddha, Qin Wu,
and Loa Andersson for thoroughly reviewing this document, and and Loa Andersson for thoroughly reviewing this document, and
providing insightful comments and multiple improvements. providing insightful comments and multiple improvements.
Also, thanks to Andre Pelletier (who brought up the issue about This document was prepared using 2-Word-v2.0.template.dot.
active/passive determination, and helped us craft the appropriate
solutions).
13. Additional Contributors 13. Additional Contributors
The following individuals contributed to this document: The following individuals contributed to this document:
Kamran Raza Kamran Raza
Cisco Systems, Inc. Cisco Systems, Inc.
2000 Innovation Drive 2000 Innovation Drive
Kanata, ON K2K-3E8, Canada Kanata, ON K2K-3E8, Canada
Email: skraza@cisco.com Email: skraza@cisco.com
skipping to change at page 15, line 4 skipping to change at page 15, line 10
13. Additional Contributors 13. Additional Contributors
The following individuals contributed to this document: The following individuals contributed to this document:
Kamran Raza Kamran Raza
Cisco Systems, Inc. Cisco Systems, Inc.
2000 Innovation Drive 2000 Innovation Drive
Kanata, ON K2K-3E8, Canada Kanata, ON K2K-3E8, Canada
Email: skraza@cisco.com Email: skraza@cisco.com
Nagendra Kumar Nagendra Kumar
Cisco Systems, Inc. Cisco Systems, Inc.
SEZ Unit, Cessna Business Park, SEZ Unit, Cessna Business Park,
Bangalore, KT, India Bangalore, KT, India
Email: naikumar@cisco.com Email: naikumar@cisco.com
Andre Pelletier Andre Pelletier
Cisco Systems, Inc.
2000 Innovation Drive
Kanata, ON K2K-3E8, Canada
Email: apelleti@cisco.com Email: apelleti@cisco.com
14. References 14. References
14.1. Normative References 14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC4291] Hinden, R. and S. Deering, "Internet Protocol Version 6
skipping to change at page 16, line 38 skipping to change at page 16, line 38
Requirements for Encapsulating Security Payload (ESP) and Requirements for Encapsulating Security Payload (ESP) and
Authentication Header (AH)", RFC 4835, April 2007. Authentication Header (AH)", RFC 4835, April 2007.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010. Networks", RFC 5920, July 2010.
[RFC4798] De Clercq, et al., "Connecting IPv6 Islands over IPv4 MPLS [RFC4798] De Clercq, et al., "Connecting IPv6 Islands over IPv4 MPLS
Using IPv6 Provider Edge Routers (6PE)", RFC 4798, Using IPv6 Provider Edge Routers (6PE)", RFC 4798,
February 2007. February 2007.
[RFC6720] Pignataro, C. and R. Asati, "The Generalized TTL Security [IPPWCap] Raza, K., "LDP IP and PW Capability", draft-ietf-mpls-ldp-
Mechanism (GTSM) for the Label Distribution Protocol ip-pw-capability, June 2011.
(LDP)", RFC 6720, August 2012
[RFC6286] Chen, E. and J. Yuan, "Autonomous-System-Wide Unique BGP [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, July 2008.
[RFC6286] E. Chen, and J. Yuan, "Autonomous-System-Wide Unique BGP
Identifier for BGP-4", RFC 6286, June 2011. Identifier for BGP-4", RFC 6286, June 2011.
[IPPWCap] Raza, K., "LDP IP and PW Capability", draft-ietf-mpls-ldp- [RFC6720] R. Asati, and C. Pignataro, "The Generalized TTL Security
ip-pw-capability, June 2011. Mechanism (GTSM) for the Label Distribution Protocol
(LDP)", RFC 6720, August 2012.
Appendix Appendix A.
A.1. LDPv6 and LDPv4 Interoperability Safety Net
It is naive to assume that RFC5036 compliant implementations have It is naive to assume that RFC5036 compliant implementations have
supported IPv6 address family (IPv6 FEC processing, in particular) supported IPv6 address family (IPv6 FEC processing, in particular)
in label advertisement all along. And if that assumption turned out in label advertisement all along. And if that assumption turned out
to be not true, then section 3.4.1.1 of RFC5036 would cause LSRs to to be not true, then section 3.4.1.1 of RFC5036 would cause LSRs to
abort processing the entire label mapping message and generate an abort processing the entire label mapping message and generate an
error. error.
This would result in LDPv6 to be somewhat undeployable in existing This would result in LDPv6 to be somewhat undeployable in existing
production networks. production networks.
The change proposed in section 7 of this document provides a good The change proposed in section 7 of this document provides a good
safety net and makes LDPv6 incrementally deployable without making safety net and makes LDPv6 incrementally deployable without making
any such assumption on the routers' support for IPv6 FEC processing any such assumption on the routers' support for IPv6 FEC processing
in current production networks. in current production networks.
A.2. Why 32-bit value even for IPv6 LDP Router ID
Please note that 32-bit LSR Id value would not map to any IPv4-
address in an IPv6 only LSR (i.e., single stack), nor would there be
an expectation of it being IP routable, nor DNS-resolvable. In IPv4
deployments, the LSR Id is typically derived from an IPv4 address,
generally assigned to a loopback interface. In IPv6 only
deployments, this 32-bit LSR Id must be derived by some other means
that guarantees global uniqueness within the MPLS network, similar
to that of BGP Identifier [RFC6286] and OSPF router ID [RFC5340].
This document reserves 0.0.0.0 as the LSR Id, and prohibits its
usage with IPv6, in line with OSPF router Id in OSPF version 3
[RFC5340].
Author's Addresses Author's Addresses
Vishwas Manral Vishwas Manral
Hewlet-Packard, Inc. Hewlet-Packard, Inc.
19111 Pruneridge Ave., Cupertino, CA, 95014 19111 Pruneridge Ave., Cupertino, CA, 95014
Phone: 408-447-1497 Phone: 408-447-1497
Email: vishwas.manral@hp.com Email: vishwas.manral@hp.com
Rajiv Papneja Rajiv Papneja
Huawei Technologies Huawei Technologies
 End of changes. 69 change blocks. 
187 lines changed or deleted 194 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/