idnits 2.17.1 draft-ietf-bfd-seamless-ip-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 6, 2016) is 2905 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-bfd-seamless-base-09 -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force C. Pignataro 3 Internet-Draft D. Ward 4 Intended status: Standards Track Cisco 5 Expires: November 7, 2016 N. Akiya 6 Big Switch Networks 7 May 6, 2016 9 Seamless Bidirectional Forwarding Detection (S-BFD) for 10 IPv4, IPv6 and MPLS 11 draft-ietf-bfd-seamless-ip-06 13 Abstract 15 This document defines procedures to use Seamless Bidirectional 16 Forwarding Detection (S-BFD) for IPv4, IPv6 and MPLS environments. 18 Requirements Language 20 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 21 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 22 document are to be interpreted as described in RFC 2119 [RFC2119]. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on November 7, 2016. 41 Copyright Notice 43 Copyright (c) 2016 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. S-BFD UDP Port . . . . . . . . . . . . . . . . . . . . . . . 2 60 3. S-BFD Echo UDP Port . . . . . . . . . . . . . . . . . . . . . 3 61 4. S-BFD Control Packet Demultiplexing . . . . . . . . . . . . . 3 62 5. Initiator Procedures . . . . . . . . . . . . . . . . . . . . 3 63 5.1. Details of S-BFD Control Packet Sent by SBFDInitiator . . 4 64 5.1.1. Target vs. Remote Entity (S-BFD Discriminator) . . . 4 65 6. Responder Procedures . . . . . . . . . . . . . . . . . . . . 5 66 6.1. Details of S-BFD Control Packet Sent by SBFDReflector . . 5 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 70 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 7 71 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 72 11.1. Normative References . . . . . . . . . . . . . . . . . . 7 73 11.2. Informative References . . . . . . . . . . . . . . . . . 7 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 76 1. Introduction 78 Seamless Bidirectional Forwarding Detection (S-BFD), 79 [I-D.ietf-bfd-seamless-base], defines a generalized mechanism to 80 allow network nodes to seamlessly perform continuity checks to remote 81 entities. This document defines necessary procedures to use S-BFD on 82 IPv4, IPv6 and MPLS environments. 84 The reader is expected to be familiar with the IP [RFC0791] 85 [RFC2460], BFD [RFC5880], MPLS BFD [RFC5884], and S-BFD 86 [I-D.ietf-bfd-seamless-base] terminologies and protocol constructs. 88 2. S-BFD UDP Port 90 A new UDP port is defined for the use of the S-BFD on IPv4, IPv6 and 91 MPLS environments: 7784. 93 On S-BFD control packets from the SBFDInitiator to the SBFDReflector, 94 the SBFDReflector session MUST listen for incoming S-BFD control 95 packets on the port 7784. SBFDInitiator sessions MUST transmit S-BFD 96 control packets with destination port 7784. The source port of the 97 S-BFD control packets transmitted by SBFDInitiator sessions can be 98 any but MUST NOT be 7784. The same UDP source port number MUST be 99 used for all S-BFD control packets associated with a particular 100 SBFDInitiator session. The source port number is unique among all 101 SBFDInitiator sessions on the system. 103 On S-BFD control packets from the SBFDReflecto to the SBFDInitiator, 104 the SBFDInitiator MUST listen for reflected S-BFD control packets at 105 its source port. 107 3. S-BFD Echo UDP Port 109 The BFD Echo port defined by [RFC5881], port 3785, is used for the 110 S-BFD Echo function on IPv4, IPv6 and MPLS environments. 111 SBFDInitiator sessions MUST transmit S-BFD echo packets with 112 destination port 3785. The setting of the UDP source port [RFC5881] 113 and the procedures [I-D.ietf-bfd-seamless-base] for the S-BFD Echo 114 function are outside the scope of this document. 116 4. S-BFD Control Packet Demultiplexing 118 The S-BFD Control Packet demultiplexing follows the procedure 119 specified in Section 7.1. of [I-D.ietf-bfd-seamless-base]. Received 120 S-BFD control packet MUST be demultiplexed with the destination UDP 121 port field. 123 This procedure for an S-BFD packet is executed on both the initiator 124 and the reflector. If the port is 7784 (i.e., S-BFD packet for 125 S-BFDReflector), then the packet MUST be looked up to locate a 126 corresponding SBFDReflector session based on the value from the "your 127 discriminator" field in the table describing S-BFD discriminators. 128 If the port is not 7784, but the packet is demultiplexed to be for an 129 SBFDInitiator, then the packet MUST be looked up to locate a 130 corresponding SBFDInitiator session based on the value from the "your 131 discriminator" field in the table describing BFD discriminators. In 132 that case, then the destination IP address of the packet SHOULD be 133 validated to be for itself. If the packet demultiplexes to a 134 classical BFD session, then the procedures from [RFC5880] apply. 136 5. Initiator Procedures 138 S-BFD control packets are transmitted with IP header, UDP header and 139 BFD control header ([RFC5880]). When S-BFD control packets are 140 explicitly label switched (i.e. not IP routed which happen to go over 141 an LSP, but explicitly sent on a specific LSP), the former is 142 prepended with a label stack. Note that this document does not make 143 a distinction between a single-hop S-BFD scenario and a multi-hop 144 S-BFD scenario, both scenarios are supported. 146 The necessary values in the BFD control headers are described in 147 [I-D.ietf-bfd-seamless-base]. Section 5.1 describes necessary values 148 in the MPLS header, IP header and UDP header when an SBFDInitiator on 149 the initiator is sending S-BFD control packets. 151 5.1. Details of S-BFD Control Packet Sent by SBFDInitiator 153 o Specifications common to both IP routed S-BFD control packets and 154 explicitly label switched S-BFD control packets: 156 * Source IP address field of the IP header MUST be set to a local 157 IP address that is expected to be routable by the target (i.e. 158 not IPv6 link-local address when the target is multiple hops 159 away). 161 * UDP destination port MUST be set to a well-known UDP 162 destination port assigned for S-BFD: 7784. 164 * UDP source port MUST NOT be set to 7784. 166 o Specifications for IP routed S-BFD control packets: 168 * Destination IP address field of the IP header MUST set to an IP 169 address of the target. 171 * The TTL/Hop Limit field of the IP header SHOULD be set to 255. 173 o Specifications for explicitly label switched S-BFD control 174 packets: 176 * S-BFD control packets MUST have the label stack that is 177 expected to reach the target. 179 * TTL field of the top most label SHOULD be 255. 181 * The destination IP address MUST be chosen from the 127/8 range 182 for IPv4 and from the 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6, 183 as with [RFC5884]. 185 * The TTL/Hop Limit field of the IP header MUST be set to 1. 187 5.1.1. Target vs. Remote Entity (S-BFD Discriminator) 189 Typically, an S-BFD control packet will have "your discriminator" 190 field corresponding to an S-BFD discriminator of the remote entity 191 located on the target network node defined by the destination IP 192 address or the label stack. It is, however, possible for an 193 SBFDInitiator to carefully set the "your discriminator" and TTL 194 fields to perform a continuity test in the direction towards a 195 target, but destined to a transit network node and not to the target 196 itself. 198 Section 5.1 intentionally uses the word "target", instead of "remote 199 entity", to accommodate this possible S-BFD usage through TTL expiry. 200 This also requires S-BFD control packets not be dropped by the 201 responder node due to TTL expiry. Thus implementations on the 202 responder MUST allow received S-BFD control packets taking TTL expiry 203 exception path to reach corresponding reflector BFD session. This is 204 an existing packet processing exception practice for OAM packets, 205 where the control plane further identifies the type of OAM by the 206 protocol and port numbers. 208 6. Responder Procedures 210 S-BFD control packets are IP routed back to the initiator, and will 211 have IP header, UDP header and BFD control header. If an 212 SBFDReflector receives an S-BFD control packet with UDP source port 213 as 7784, the packet MUST be discarded. Necessary values in the BFD 214 control header are described in [I-D.ietf-bfd-seamless-base]. 215 Section 6.1 describes necessary values in the IP header and UDP 216 header when an SBFDReflector on the responder is sending S-BFD 217 control packets. 219 6.1. Details of S-BFD Control Packet Sent by SBFDReflector 221 o Destination IP address field of the IP header MUST be copied from 222 source IP address field of received S-BFD control packet. 224 o Source IP address field of the IP header MUST be set to a local IP 225 address that is expected to be visible by the initiator (i.e. not 226 IPv6 link-local address when the initiator is multiple hops away). 227 The source IP address SHOULD be copied from the destination IP 228 address field of the received S-BFD control packet, except when it 229 is from the 127/8 range for IPv4 or from the 230 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6. 232 o The TTL/Hop Limit field of the IP header MUST be set to 255. 234 o UDP destination port MUST be copied from received UDP source port. 236 o UDP source port MUST be copied from received UDP destination port. 238 7. Security Considerations 240 Security considerations for S-BFD are discussed in 241 [I-D.ietf-bfd-seamless-base]. Additionally, implementing the 242 following measures will strengthen security aspects of the mechanism 243 described by this document: 245 o Implementations MUST provide filtering capability based on source 246 IP addresses of received S-BFD control packets: [RFC2827]. 248 o Implementations MUST NOT act on received S-BFD control packets 249 containing source Martian IP addresses (i.e., address that, by 250 application of the current forwarding tables, would not have its 251 return traffic routed back to the sender.) 253 o Implementations MUST ensure that response S-BFD control packets 254 generated to the initiator by the SBFDReflector have a reachable 255 target (ex: destination IP address). 257 8. IANA Considerations 259 A new value 7784 was allocated from the "Service Name and Transport 260 Protocol Port Number Registry". The allocated registry entry is: 262 Service Name (REQUIRED) 263 s-bfd 264 Transport Protocol(s) (REQUIRED) 265 udp 266 Assignee (REQUIRED) 267 IESG 268 Contact (REQUIRED) 269 BFD Chairs 270 Description (REQUIRED) 271 Seamless Bidirectional Forwarding Detection (S-BFD) 272 Reference (REQUIRED) 273 RFC.this (RFC Editor, please update at publication) 274 Port Number (OPTIONAL) 275 7784 277 9. Acknowledgements 279 The authors would like to thank the BFD WG members for helping to 280 shape the contents of this document. In particular, significant 281 contributions were made by following people: Marc Binderberger, 282 Jeffrey Haas, Santosh Pallagatti, Greg Mirsky, Sam Aldrin, Vengada 283 Prasad Govindan, Mallik Mudigonda and Srihari Raghavan. 285 10. Contributors 287 The following are key contributors to this document: 289 Tarek Saad, Cisco Systems, Inc. 290 Siva Sivabalan, Cisco Systems, Inc. 291 Nagendra Kumar, Cisco Systems, Inc. 293 11. References 295 11.1. Normative References 297 [I-D.ietf-bfd-seamless-base] 298 Akiya, N., Pignataro, C., Ward, D., Bhatia, M., and J. 299 Networks, "Seamless Bidirectional Forwarding Detection 300 (S-BFD)", draft-ietf-bfd-seamless-base-09 (work in 301 progress), April 2016. 303 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 304 Requirement Levels", BCP 14, RFC 2119, 305 DOI 10.17487/RFC2119, March 1997, 306 . 308 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 309 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 310 . 312 [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 313 (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, 314 DOI 10.17487/RFC5881, June 2010, 315 . 317 11.2. Informative References 319 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 320 DOI 10.17487/RFC0791, September 1981, 321 . 323 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 324 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 325 December 1998, . 327 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 328 Defeating Denial of Service Attacks which employ IP Source 329 Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, 330 May 2000, . 332 [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, 333 "Bidirectional Forwarding Detection (BFD) for MPLS Label 334 Switched Paths (LSPs)", RFC 5884, DOI 10.17487/RFC5884, 335 June 2010, . 337 Authors' Addresses 339 Carlos Pignataro 340 Cisco Systems, Inc. 342 Email: cpignata@cisco.com 344 Dave Ward 345 Cisco Systems, Inc. 347 Email: wardd@cisco.com 349 Nobo Akiya 350 Big Switch Networks 352 Email: nobo.akiya.dev@gmail.com