idnits 2.17.1 draft-ietf-bess-mvpn-msdp-sa-interoperation-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) -- The draft header indicates that this document updates RFC6514, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The MVPN PEs that act as customer RPs or have one or more MSDP sessions in a VPN (or the global table in case of GTM) are treated as an MSDP mesh group for that VPN (or the global table). In the rest of the document, it is referred to as the PE mesh group. It MUST not include other MSDP speakers, and is integrated into the rest of MSDP infrastructure for the VPN (or the global table) following normal MSDP rules and practices. (Using the creation date from RFC6514, updated by this document, for RFC5378 checks: 2006-08-01) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 28, 2019) is 1886 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2119' is defined on line 242, but no explicit reference was found in the text ** Downref: Normative reference to an Experimental RFC: RFC 3618 Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Z. Zhang 3 Internet-Draft L. Giuliano 4 Updates: 6514 (if approved) Juniper Networks 5 Intended status: Standards Track January 28, 2019 6 Expires: August 1, 2019 8 MVPN and MSDP SA Interoperation 9 draft-ietf-bess-mvpn-msdp-sa-interoperation-02 11 Abstract 13 This document specifies the procedures for interoperation between 14 MVPN Source Active routes and customer MSDP Source Active routes, 15 which is useful for MVPN provider networks offering services to 16 customers with an existing MSDP infrastructure. Without the 17 procedures described in this document, VPN-specific MSDP sessions are 18 required among the PEs that are customer MSDP peers. 20 Requirements Language 22 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 23 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 24 document are to be interpreted as described in RFC2119. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 1, 2019. 43 Copyright Notice 45 Copyright (c) 2019 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2.1. MVPN RPT-SPT Mode . . . . . . . . . . . . . . . . . . . . 4 63 3. Specification . . . . . . . . . . . . . . . . . . . . . . . . 4 64 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 65 5. IANA Assignment . . . . . . . . . . . . . . . . . . . . . . . 5 66 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 67 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 68 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 69 7.2. Informative References . . . . . . . . . . . . . . . . . 6 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 72 1. Terminologies 74 Familiarity with MVPN and MSDP protocols and procedures is assumed. 75 Some terminologies are listed below for convenience. 77 o ASM: Any source multicast. 79 o SPT: Source-specific Shortest-path Tree. 81 o C-S: A multicast source address, identifying a multicast source 82 located at a VPN customer site. 84 o C-G: A multicast group address used by a VPN customer. 86 o C-RP: A multicast Rendezvous Point for a VPN customer. 88 o EC: Extended Community. 90 2. Introduction 92 Section "14. Supporting PIM-SM without Inter-Site Shared C-Trees" of 93 [RFC6514] specifies the procedures for MVPN PEs to discover (C-S,C-G) 94 via MVPN Source Active A-D routes and then send (C-S,C-G) C-multicast 95 routes towards the ingress PEs, to establish SPTs for customer ASM 96 flows for which they have downstream receivers. (C-*,C-G) 97 C-multicast routes are not sent among the PEs so inter-site shared 98 C-Trees are not used and the method is generally referred to as "spt- 99 only" mode. 101 With this mode, the MVPN Source Active routes are functionally 102 similar to MSDP Source-Active messages [RFC3618]. One or more of the 103 PEs, say PE1, either act as a C-RP and learn of (C-S,C-G) via PIM 104 Register messages, or have MSDP sessions with some MSDP peers and 105 learn (C-S,C-G) via MSDP SA messages. In either case, PE1 will then 106 originate MVPN SA routes for other PEs to learn the (C-S,C-G). 108 [RFC6514] only specifies that a PE receiving the MVPN SA routes, say 109 PE2, will advertise (C-S,C-G) C-multicast routes if it has 110 corresponding (C-*,C-G) state learnt from its CE. PE2 may also have 111 MSDP sessions with other C-RPs at its site, but [RFC6514] does not 112 specify that it advertises MSDP SA messages to those MSDP peers for 113 the (C-S,C-G) that it learns via MVPN SA routes. PE2 would need to 114 have an MSDP session with PE1 (that advertised the MVPN SA messages) 115 to learn the sources via MSDP SA messages, for it to advertise the 116 MSDP SA to its local peers. To make things worse, unless blocked by 117 policy control, PE2 would in turn advertise MVPN SA routes because of 118 those MSDP SA messages that it receives from PE1, which are redundant 119 and unnecessary. Also notice that the PE1-PE2 MSDP session is VPN- 120 specific, while the BGP sessions over which the MVPN routes are 121 advertised are not. 123 If a PE does advertise MSDP SA messages based on received MVPN SA 124 routes, the VPN-specific MSDP sessions are no longer needed. 125 Additionally, this MVPN/MSDP SA interoperation has the following 126 inherent benefits for a BGP based solution. 128 o MSDP SA refreshes are replaced with BGP hard state. 130 o Route Reflectors can be used instead of having peer-to-peer 131 sessions. 133 o VPN extranet mechanisms can be used to propagate (C-S,C-G) 134 information across VPNs with flexible policy control. 136 While MSDP Source Active routes contain the source, group and RP 137 addresses of a given multicast flow, MVPN Source Active routes only 138 contain the source and group. MSDP requires the RP address 139 information in order to perform peer-RPF. Therefore, this document 140 describes how to convey the RP address information into the MVPN 141 Source Active route using an Extended Community so this information 142 can be shared with an existing MSDP infrastructure. 144 The procedures apply to Global Table Multicast (GTM) [RFC7716] as 145 well. 147 2.1. MVPN RPT-SPT Mode 149 For comparison, another method of supporting customer ASM is 150 generally referred to "rpt-spt" mode. Section "13. Switching from a 151 Shared C-Tree to a Source C-Tree" of [RFC6514] specifies the MVPN SA 152 procedures for that mode, but those SA routes are replacement for 153 PIM-ASM assert and (s,g,rpt) prune mechanisms, not for source 154 discovery purpose. MVPN/MSDP SA interoperation for the "rpt-spt" 155 mode is outside of the scope of this document. In the rest of the 156 document, the "spt-only" mode is assumed. 158 3. Specification 160 The MVPN PEs that act as customer RPs or have one or more MSDP 161 sessions in a VPN (or the global table in case of GTM) are treated as 162 an MSDP mesh group for that VPN (or the global table). In the rest 163 of the document, it is referred to as the PE mesh group. It MUST not 164 include other MSDP speakers, and is integrated into the rest of MSDP 165 infrastructure for the VPN (or the global table) following normal 166 MSDP rules and practices. 168 When an MVPN PE advertises an MVPN SA route following procedures in 169 [RFC6514] for the "spt-only" mode, it SHOULD attach an "MVPN SA RP- 170 address Extended Community". This is a Transitive IPv4-Address- 171 Specific Extended Community. The Local Administrative field is set 172 to zero and the Global Administrative field is set to an RP address 173 determined as the following: 175 o If the (C-S,C-G) is learnt as result of PIM Register mechanism, 176 the local RP address for the C-G is used. 178 o If the (C-S,C-G) is learnt as result of incoming MSDP SA messages, 179 the RP address in the selected MSDP SA message is used. 181 In addition to procedures in [RFC6514], an MVPN PE may be provisioned 182 to generate MSDP SA messages from received MVPN SA routes, with or 183 without fine policy control. If a received MVPN SA route is to 184 trigger MSDP SA message, it is treated as if a corresponding MSDP SA 185 message was received from within the PE mesh group and normal MSDP 186 procedure is followed (e.g. an MSDP SA message is advertised to other 187 MSDP peers outside the PE mesh group). The (S,G) information comes 188 from the (C-S,C-G) encoding in the MVPN SA NLRI and the RP address 189 comes from the "MVPN SA RP-address EC" mentioned above. If the 190 received MVPN SA route does not have the EC (this could be from a 191 legacy PE that does not have the capability to attach the EC), the 192 local RP address for the C-G is used. In that case, it is possible 193 that receiving PE's RP for the C-G is actually the MSDP peer to which 194 the generated MSDP message is advertised, causing the peer to discard 195 it due to RPF failure. To get around that problem the peer SHOULD 196 use local policy to accept the MSDP SA message. 198 An MVPN PE MAY treat only the best MVPN SA route selected by BGP 199 route selection process (instead of all MVPN SA routes) for a given 200 (C-S,C-G) as a received MSDP SA message (and advertise corresponding 201 MSDP message). In that case, if the selected best MVPN SA route does 202 not have the "MVPN SA RP-address EC" but another route for the same 203 (C-S, C-G) does, then the best route with the EC SHOULD be chosen. 204 As a result, when/if the best MVPN SA route with the EC changes, a 205 new MSDP SA message is advertised if the RP address determined 206 according to the newly selected MVPN SA route is different from 207 before. The previously advertised MSDP SA message with the older RP 208 address will be timed out. 210 4. Security Considerations 212 RFC6514 specifies the procedure for a PE to generate an MVPN SA upon 213 discovering a (C-S,C-G) flow (e.g. via a received MSDP SA message) in 214 a VPN. This document extends this capability in the reverse 215 direction - upon receiving an MVPN SA route in a VPN generate 216 corresponding MSDP SA and advertise to MSDP peers in the same VPN. 217 As such, the capabilities specified in this document introduce no 218 additional security considerations beyond those already specified in 219 RFC6514 and RFC3618. Moreover, the capabilities specified in this 220 document actually eliminate the control message amplification that 221 exists today where VPN-specific MSDP sessions are required among the 222 PEs that are customer MSDP peers, which lead to redundant messages 223 (MSDP SAs and MVPN SAs) being carried in parallel between PEs. 225 5. IANA Assignment 227 This document introduces a new Transitive IPv4 Address Specific 228 Extended Community "MVPN SA RP-address Extended Community". IANA has 229 registered subcode 0x20 in the Transitive IPv4-Address-Specific 230 Extended Community Sub-Types registry for this EC. 232 6. Acknowledgements 234 The authors thank Eric Rosen and Vinod Kumar for their review, 235 comments, questions and suggestions for this document. The authors 236 also thank Yajun Liu for her review and comments. 238 7. References 240 7.1. Normative References 242 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 243 Requirement Levels", BCP 14, RFC 2119, 244 DOI 10.17487/RFC2119, March 1997, 245 . 247 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 248 Discovery Protocol (MSDP)", RFC 3618, 249 DOI 10.17487/RFC3618, October 2003, 250 . 252 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 253 Encodings and Procedures for Multicast in MPLS/BGP IP 254 VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, 255 . 257 7.2. Informative References 259 [RFC7716] Zhang, J., Giuliano, L., Rosen, E., Ed., Subramanian, K., 260 and D. Pacella, "Global Table Multicast with BGP Multicast 261 VPN (BGP-MVPN) Procedures", RFC 7716, 262 DOI 10.17487/RFC7716, December 2015, 263 . 265 Authors' Addresses 267 Zhaohui Zhang 268 Juniper Networks 270 EMail: zzhang@juniper.net 272 Lenny Giuliano 273 Juniper Networks 275 EMail: lenny@juniper.net