idnits 2.17.1 draft-ietf-bier-mld-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 4, 2019) is 1627 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-16) exists of draft-ietf-bier-path-mtu-discovery-06 ** Downref: Normative reference to an Experimental draft: draft-venaas-bier-mtud (ref. 'I-D.venaas-bier-mtud') == Outdated reference: A later version (-01) exists of draft-venaas-pim-igmp-mld-extension-00 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Pfister 3 Internet-Draft IJ. Wijnands 4 Intended status: Standards Track S. Venaas 5 Expires: May 7, 2020 Cisco Systems 6 C. Wang 8 Z. Zhang 9 ZTE Corporation 10 M. Stenberg 11 November 4, 2019 13 BIER Ingress Multicast Flow Overlay using Multicast Listener Discovery 14 Protocols 15 draft-ietf-bier-mld-03 17 Abstract 19 This document specifies the ingress part of a multicast flow overlay 20 for BIER networks. Using existing multicast listener discovery 21 protocols, it enables multicast membership information sharing from 22 egress routers, acting as listeners, toward ingress routers, acting 23 as queriers. Ingress routers keep per-egress-router state, used to 24 construct the BIER bit mask associated with IP multicast packets 25 entering the BIER domain. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on May 7, 2020. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 4. Applicability Statement . . . . . . . . . . . . . . . . . . . 4 65 5. Querier and Listener Specifications . . . . . . . . . . . . . 4 66 5.1. Configuration Parameters . . . . . . . . . . . . . . . . 5 67 5.2. MLDv2 instances. . . . . . . . . . . . . . . . . . . . . 6 68 5.2.1. Sending Queries . . . . . . . . . . . . . . . . . . . 6 69 5.2.2. Sending Reports . . . . . . . . . . . . . . . . . . . 6 70 5.2.3. Receiving Queries . . . . . . . . . . . . . . . . . . 7 71 5.2.4. Receiving Reports . . . . . . . . . . . . . . . . . . 8 72 5.3. Packet Forwarding . . . . . . . . . . . . . . . . . . . . 8 73 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 74 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 75 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 77 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 78 9.2. Informative References . . . . . . . . . . . . . . . . . 10 79 Appendix A. BIER Use Case in Data Centers . . . . . . . . . . . 11 80 A.1. Convention and Terminology . . . . . . . . . . . . . . . 12 81 A.2. BIER in data centers . . . . . . . . . . . . . . . . . . 13 82 A.3. A BIER MLD solution for Virtual Network information . . . 13 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 85 1. Introduction 87 The Bit Index Explicit Replication (BIER - [RFC8279]) forwarding 88 technique enables IP multicast transport across a BIER domain. When 89 receiving or originating a packet, ingress routers have to construct 90 a bit mask indicating which BIER egress routers located within the 91 same BIER domain will receive the packet. A stateless approach would 92 consist of forwarding all incoming packets toward all egress routers, 93 which would in turn make a forwarding decision based on local 94 information. But any more efficient approach would require ingress 95 routers to keep some state about egress routers multicast membership 96 information, hence requiring state sharing from egress routers toward 97 ingress routers. 99 This document specifies how to use the Multicast Listener Discovery 100 protocol version 2 [RFC3810] (resp. the Internet Group Management 101 protocol version 3 [RFC3376]) as the ingress part of a BIER multicast 102 flow overlay (BIER layering is described in [RFC8279]) for IPv6 103 (resp. IPv4). It enables multicast membership information sharing 104 from egress routers, acting as listeners, toward ingress routers, 105 acting as queriers. Ingress routers keep per-egress-router state, 106 used to construct the BIER bit mask associated with IP multicast 107 packets entering the BIER domain. 109 This document makes use of an extension to MLDv2 and IGMPv3 specified 110 in [I-D.venaas-pim-igmp-mld-extension] that allows for providing BIER 111 specific information about the message originator. 113 This specification is applicable to both IP version 4 and version 6. 114 It therefore specifies two separate mechanisms operating 115 independently. For the sake of simplicity, the rest of this document 116 uses IPv6 terminology. It can be applied to IPv4 by replacing 117 'MLDv2' with 'IGMPv3', and following specific requirements when 118 explicitly stated. 120 2. Terminology 122 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 123 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 124 "OPTIONAL" in this document are to be interpreted as described in BCP 125 14 [RFC2119] [RFC8174] when, and only when, they appear in all 126 capitals, as shown here. 128 The terms "Bit-Forwarding Router" (BFR), "Bit-Forwarding Egress 129 Router" (BFER), "Bit-Forwarding Ingress Router" (BFIR), "BFR-id" and 130 "BFR-Prefix" are to be interpreted as described in [RFC8279]. 132 Additionally, the following definitions are used: 134 BIER Multicast Listener Discovery (BMLD): The modified version of 135 MLD specified in this document. 137 BMLD Querier: A BFR implementing the Querier part of this 138 specification. A BMLD Node MAY be both a Querier and a Listener. 140 BMLD Listener: A BFR implementing the Listener part of this 141 specification. A BMLD Node MAY be both a Querier and a Listener. 143 3. Overview 145 This document proposes to use the mechanisms described in MLDv2 in 146 order to enable multicast membership information sharing from BFERs 147 toward BFIRs within a given BIER domain. BMLD queries (resp. 148 reports) are sent over BIER toward all BMLD Nodes (resp. BMLD 149 Queriers) using modified MLDv2 messages which IP destination is set 150 to a configured 'all BMLD Nodes' (resp. 'all BMLD Queriers') IP 151 multicast address. 153 By running MLDv2 instances with per-listener explicit tracking, BMLD 154 Queriers are able to map BMLD Listeners with MLDv2 membership states. 155 This state is then used to construct the set of BFERs associated with 156 each incoming IP multicast data packet. 158 4. Applicability Statement 160 BMLD runs on top of a BIER Layer and provides the ingress part of a 161 BIER multicast flow overlay, i.e, it specifies how BFIRs construct 162 the set of BFERs for each ingress IP multicast data packet. The BFER 163 part of the Multicast Flow Overlay is out of scope of this document. 165 The BIER Layer MUST be able to transport BMLD messages toward all 166 BMLD Queriers and Listeners. Such packets are IP multicast packets 167 with a BFR-Prefix as source address, a multicast destination address, 168 and containing a MLDv2 message. 170 BMLD only requires state to be kept by Queriers, and is therefore 171 more scalable than PIMv2 [RFC7761] in terms of overall state, but is 172 also likely to be less scalable than PIMv2 in terms of the amount of 173 control traffic and the size of the state that is kept by individual 174 routers. 176 This specification is applicable to both IP version 4 and version 6. 177 It therefore specifies two separate mechanisms operating 178 independently. For the sake of simplicity, this document uses IPv6 179 terminology. It can be applied to IPv4 by replacing 'MLDv2' with 180 'IGMPv3', and following specific requirements when explicitly stated. 182 5. Querier and Listener Specifications 184 Routers desiring to receive IP multicast traffic (e.g., for their own 185 use, or for forwarding) MUST behave as BMLD Listeners. Routers 186 receiving IP multicast traffic from outside the BIER domain, or 187 originating multicast traffic, MUST behave as BMLD Queriers. 189 BMLD Queriers (resp. BMLD Listeners) MUST act as MLDv2 Queriers 190 (resp. MLDv2 Listeners) as specified in [RFC3810] unless stated 191 otherwise in this section. 193 5.1. Configuration Parameters 195 Both Queriers and Listeners MUST operate as BFIRs and BFERs within 196 the BIER domain in order to send and receive BMLD messages. They 197 MUST therefore be configured accordingly, as specified in [RFC8279]. 199 All Listeners MUST be configured with an 'all BMLD Queriers' 200 multicast address and the BFR-ids of all the BMLD Queriers. This is 201 used by Listeners to send BMLD reports over BIER toward all Queriers. 202 All Queriers MUST be configured to accept BMLD reports sent to this 203 address. 205 All Queriers MUST be configured with an 'all BMLD Nodes' multicast 206 address and the BFR-ids of all the Queriers and Listeners. This 207 information is used by Queriers to send BMLD queries over BIER toward 208 all BMLD Nodes. All BMLD Nodes MUST be configured to accept BMLD 209 queries sent to this address. 211 It may be cumbersone to configure the exact set of BFR-ids for 212 Queriers and Listeners. One MAY configure the set of BFR-ids to 213 contain any potentially used BFR-id, perhaps having all bit positions 214 set. There is no harm in configuring unused BFR-ids. Configuring 215 the BFR-ids of additional routers would in most cases cause no harm, 216 as a router would drop the BMLD message unless it is configured as a 217 Querier or a Listener. 219 Note that BMLD (unlike MLDv2) makes use of per-instance configured 220 multicast group addresses rather than well-known addresses so that 221 multiple instances of BMLD (using different group addresses) can be 222 run simultaneously within the same BIER domain. Configured group 223 addresses MAY be obtained from allocated IP prefixes using [RFC3306]. 224 One MAY choose to use the well-known MLDv2 addresses in one instance, 225 but different instances MUST use different addresses. 227 IP packets coming from outside of the BIER domain and having a 228 destination address set to the configured 'all BMLD Queriers' or the 229 'all BMLD Nodes' group address MUST be dropped. It is RECOMMENDED 230 that these configured addresses have a limited scope, enforcing this 231 behavior by scope-based filtering on BIER domain's egress interfaces. 233 5.2. MLDv2 instances. 235 BMLD Queriers MUST run a MLDv2 Querier instance with per-host 236 tracking, which means they keep track of the MLDv2 state associated 237 with each BMLD Listener. For that purpose, Listeners are identified 238 by their respective BFR-Prefix, used as IP source address in all BMLD 239 reports. 241 BMLD Listeners MUST run a MLDv2 Listener instance expressing their 242 interest in the multicast traffic they are supposed to receive for 243 local use or forwarding. 245 BMLD Listeners and Queriers MUST NOT run the MLDv1 (IGMPv2 and IGMPv1 246 for IPv4) backward compatibility procedures. 248 5.2.1. Sending Queries 250 BMLD Queries are IP packets sent over BIER by BMLD Queriers: 252 o Toward all BMLD Nodes (i.e., providing to the BIER Layer the BFR- 253 ids of all BMLD Nodes). 255 o Without the IPv6 router alert option [RFC2711] in the hop-by-hop 256 extension header [RFC8200] (or the IPv4 router alert option 257 [RFC2113] for IPv4). 259 o With the IP destination address set to the 'all BMLD Nodes' group 260 address. 262 o With the IP source address set to the BFR-Prefix of the sender. 264 o With a TTL value large enough such that the packet can be received 265 by all BMLD Nodes, depending on the underlying BIER layer (whether 266 it decrements the IP TTL or not) and the size of the network. The 267 default value is 64. 269 o The extension defined in [I-D.venaas-pim-igmp-mld-extension] MUST 270 be included, specifying the Sub-domain-id, BFR-id and BFR-Prefix 271 of the sender. This information may be useful for logging and 272 debugging. 274 5.2.2. Sending Reports 276 BMLD Reports are IP packets sent over BIER by BMLD Listeners: 278 o Toward all BMLD Queriers (i.e., providing to the BIER layer the 279 BFR-ids of all BMLD Queriers). 281 o Without the IPv6 router alert option [RFC2711] in the hop-by-hop 282 extension header [RFC8200] (or the IPv4 router alert option 283 [RFC2113] for IPv4). 285 o With the IP destination address set to the 'all BMLD Queriers' 286 group address. 288 o With the IP source address set to the BFR-Prefix of the sender. 290 o With a TTL value large enough such that the packet can be received 291 by all BMLD Queriers, depending on the underlying BIER layer 292 (whether it decrements the IP TTL or not) and the size of the 293 network. The default value is 64. 295 o The extension defined in [I-D.venaas-pim-igmp-mld-extension] MUST 296 be included, specifying the Sub-domain-id, BFR-id and BFR-Prefix 297 of the sender. This information is used to create the necessary 298 forwarding state for requested flows, and may be useful for 299 logging and debugging. 301 Since the reports may contain a large number of records, they may 302 become larger than the maximum BIER payload that can be delivered to 303 all the BMLD Queriers. Hence an implementation will need to either 304 use a small default maximum size, allow configuration of a maximum 305 size, or rely on MTU discovery. MTU discovery may be done for a sub- 306 domain using BIER MTU Discovery [I-D.venaas-bier-mtud] or for the set 307 of BMLD Queriers using Path MTU Discovery 308 [I-D.ietf-bier-path-mtu-discovery]. 310 5.2.3. Receiving Queries 312 BMLD Queriers and Listeners MUST check the destination address of all 313 the IP packets that are received or forwarded over BIER whenever 314 their own BIER bit is set in the packet. If the destination address 315 is equal to the 'all BMLD Nodes' group address the packet is 316 processed as specified in this section. 318 If the IPv6 (resp. IPv4) packet contains an ICMPv6 (resp. IGMP) 319 message of type 'Multicast Listener Query' (resp. of type 'Membership 320 Query'), and include the extension defined in 321 [I-D.venaas-pim-igmp-mld-extension]), it is processed by the MLDv2 322 (resp. IGMPv3) instance run by the BMLD Querier. It MUST be dropped 323 otherwise. 325 During the MLDv2 processing, the packet MUST NOT be checked against 326 the MLDv2 consistency conditions (i.e., the presence of the router 327 alert option, the TTL equaling 1 and, for IPv6 only, the source 328 address being link-local). 330 5.2.4. Receiving Reports 332 BMLD Queriers MUST check the destination address of all the IP 333 packets that are received or forwarded over BIER whenever their own 334 BIER bit is set. If the destination address is equal to the 'all 335 BMLD Queriers' the packet is processed as specified in this section. 337 If the IPv6 (resp. IPv4) packet contains an ICMPv6 (resp. IGMP) 338 message of type 'Multicast Listener Report Message v2' (resp. 339 'Version 3 Membership Report'), and include the extension defined in 340 [I-D.venaas-pim-igmp-mld-extension]), it is processed by the MLDv2 341 (resp. IGMPv3) instance run by the BMLD Querier. It MUST be dropped 342 otherwise. 344 During the MLDv2 processing, the packet MUST NOT be checked against 345 the MLDv2 consistency conditions (i.e., the presence of the router 346 alert option, the TTL equaling 1 and, for IPv6 only, the source 347 address being link-local). 349 5.3. Packet Forwarding 351 BMLD Queriers configure the BIER Layer using the information obtained 352 using BMLD, and the extension [I-D.venaas-pim-igmp-mld-extension]), 353 to track membership state, including the Sub-domain-id, BFR-id and 354 BFR-Prefix of the members. 356 More specifically, the membership state associated with each BMLD 357 Listener is provided to the BIER layer such that whenever a multicast 358 packet enters the BIER domain, if that packet matches the membership 359 information from a BMLD Listener, its Sub-domain-id and BFR-id is 360 added to the set of Sub-domains and BFR-ids the packet should be 361 forwarded to by the BIER-Layer. 363 6. Security Considerations 365 BMLD makes use of IP MLDv2 messages transported over BIER in order to 366 configure the BIER Layer of BFIRs. BMLD messages MUST be secured, 367 either by relying on physical or link-layer security, by securing the 368 IP packets (e.g., using IPSec [RFC4301]), or by relying on security 369 features provided by the BIER Layer. 371 Whenever an attacker would be able to spoof the identity of a router, 372 it could: 374 o Redirect undesired traffic toward the spoofed router by 375 subscribing to undesired multicast traffic. 377 o Prevent desired multicast traffic from reaching the spoofed router 378 by unsubscribing to some desired multicast traffic. 380 7. IANA Considerations 382 This specification does not require any action from IANA. 384 8. Acknowledgements 386 Comments concerning this document are very welcome. 388 9. References 390 9.1. Normative References 392 [I-D.ietf-bier-path-mtu-discovery] 393 Mirsky, G., Przygienda, T., and A. Dolganow, "Path Maximum 394 Transmission Unit Discovery (PMTUD) for Bit Index Explicit 395 Replication (BIER) Layer", draft-ietf-bier-path-mtu- 396 discovery-06 (work in progress), June 2019. 398 [I-D.venaas-bier-mtud] 399 Venaas, S., Wijnands, I., Ginsberg, L., and M. Sivakumar, 400 "BIER MTU Discovery", draft-venaas-bier-mtud-02 (work in 401 progress), October 2018. 403 [I-D.venaas-pim-igmp-mld-extension] 404 Sivakumar, M., Venaas, S., and Z. Zhang, "IGMPv3/MLDv2 405 Message Extension", draft-venaas-pim-igmp-mld-extension-00 406 (work in progress), November 2019. 408 [RFC2113] Katz, D., "IP Router Alert Option", RFC 2113, 409 DOI 10.17487/RFC2113, February 1997, 410 . 412 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 413 Requirement Levels", BCP 14, RFC 2119, 414 DOI 10.17487/RFC2119, March 1997, 415 . 417 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 418 Thyagarajan, "Internet Group Management Protocol, Version 419 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 420 . 422 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 423 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 424 DOI 10.17487/RFC3810, June 2004, 425 . 427 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 428 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 429 May 2017, . 431 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 432 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 433 Explicit Replication (BIER)", RFC 8279, 434 DOI 10.17487/RFC8279, November 2017, 435 . 437 9.2. Informative References 439 [RFC2711] Partridge, C. and A. Jackson, "IPv6 Router Alert Option", 440 RFC 2711, DOI 10.17487/RFC2711, October 1999, 441 . 443 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 444 Multicast Addresses", RFC 3306, DOI 10.17487/RFC3306, 445 August 2002, . 447 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 448 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 449 December 2005, . 451 [RFC5015] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, 452 "Bidirectional Protocol Independent Multicast (BIDIR- 453 PIM)", RFC 5015, DOI 10.17487/RFC5015, October 2007, 454 . 456 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 457 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 458 eXtensible Local Area Network (VXLAN): A Framework for 459 Overlaying Virtualized Layer 2 Networks over Layer 3 460 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 461 . 463 [RFC7365] Lasserre, M., Balus, F., Morin, T., Bitar, N., and Y. 464 Rekhter, "Framework for Data Center (DC) Network 465 Virtualization", RFC 7365, DOI 10.17487/RFC7365, October 466 2014, . 468 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 469 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 470 Multicast - Sparse Mode (PIM-SM): Protocol Specification 471 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 472 2016, . 474 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 475 (IPv6) Specification", STD 86, RFC 8200, 476 DOI 10.17487/RFC8200, July 2017, 477 . 479 Appendix A. BIER Use Case in Data Centers 481 In current data center virtualization, virtual eXtensible Local Area 482 Network (VXLAN) [RFC7348] is a kind of network virtualization overlay 483 technology which is overlaid between NVEs and is intended for multi- 484 tenancy data center networks, whose reference architecture is 485 illustrated as per Figure 1. 487 +--------+ +--------+ 488 | Tenant +--+ +----| Tenant | 489 | System | | (') | System | 490 +--------+ | ................ ( ) +--------+ 491 | +-+--+ . . +--+-+ (_) 492 | | NVE|--. .--| NVE| | 493 +--| | . . | |---+ 494 +-+--+ . . +--+-+ 495 / . . 496 / . L3 Overlay . +--+-++--------+ 497 +--------+ / . Network . | NVE|| Tenant | 498 | Tenant +--+ . .--| || System | 499 | System | . . +--+-++--------+ 500 +--------+ ................ 502 Figure 1: NVO3 Architecture 504 And there are two kinds of most common methods about how to forward 505 BUM packets in this virtualization overlay network. One is using PIM 506 as underlay multicast routing protocol to build explicit multicast 507 distribution tree, such as PIM-SM [RFC7761] or PIM-BIDIR [RFC5015] 508 multicast routing protocol. Then, when BUM packets arrive at NVE, it 509 requires NVE to have a mapping between the VXLAN Network Identifier 510 and the IP multicast group. According to the mapping, NVE can 511 encapsulate BUM packets in a multicast packet which group address is 512 the mapping IP multicast group address and steer them through 513 explicit multicast distribution tree to the destination NVEs. This 514 method has two serious drawbacks. It need the underlay network 515 supports complicated multicast routing protocol and maintains 516 multicast related per-flow state in every transit nodes. What is 517 more, how to configure the ratio of the mapping between VNI and IP 518 multicast group is also an issue. If the ratio is 1:1, there should 519 be 16M multicast groups in the underlay network at maximum to map to 520 the 16M VNIs, which is really a significant challenge for the data 521 center devices. If the ratio is n:1, it would result in inefficiency 522 bandwidth utilization which is not optimal in data center networks. 524 The other method is using ingress replication to require each NVE to 525 create a mapping between the VXLAN Network Identifier and the remote 526 addresses of NVEs which belong to the same virtual network. When NVE 527 receives BUM traffic from the attached tenant, NVE can encapsulate 528 these BUM packets in unicast packets and replicate them and tunnel 529 them to different remote NVEs respectively. Although this method can 530 eliminate the burden of running multicast protocol in the underlay 531 network, it has a significant disadvantage: large waste of bandwidth, 532 especially in big-sized data center where there are many receivers. 534 BIER [RFC8279] is an architecture that provides optimal multicast 535 forwarding through a "BIER domain" without requiring intermediate 536 routers to maintain any multicast related per-flow state. BIER also 537 does not require any explicit tree-building protocol for its 538 operation. A multicast data packet enters a BIER domain at a "Bit- 539 Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one 540 or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router 541 adds a BIER header to the packet. The BIER header contains a bit- 542 string in which each bit represents exactly one BFER to forward the 543 packet to. The set of BFERs to which the multicast packet needs to 544 be forwarded is expressed by setting the bits that correspond to 545 those routers in the BIER header. Specifically, for BIER-TE, the 546 BIER header may also contain a bit-string in which each bit indicates 547 the link the flow passes through. 549 The following sub-sections try to propose how to take full advantage 550 of overlay multicast protocol to carry virtual network information, 551 and create a mapping between the virtual network information and the 552 bit-string to implement BUM services in data centers. 554 A.1. Convention and Terminology 556 The terms about NVO3 are defined in [RFC7365]. The most common 557 terminology used in this appendix is listed below. 559 NVE: Network Virtualization Edge, which is the entity that 560 implements the overlay functionality. An NVE resides at the 561 boundary between a Tenant System and the overlay network. 563 VXLAN: Virtual eXtensible Local Area Network 564 VNI: VXLAN Network Identifier 566 Virtal Network Context Identifier: Field in an overlay encapsulation 567 header that identifies the specific VN the packet belongs to. 569 A.2. BIER in data centers 571 This section tries to describe how to use BIER as an optimal scheme 572 to forward the broadcast, unknown and multicast (BUM) packets when 573 they arrive at the ingress NVE in data centers. 575 The principle of using BIER to forward BUM traffic is that: firstly, 576 it requires each ingress NVE to have a mapping between the Virtual 577 Network Context Identifier and the bit-string in which each bit 578 represents exactly one egress NVE to forward the packet to. And 579 then, when receiving the BUM traffic, the BFIR/Ingree NVE maps the 580 receiving BUM traffic to the mapping bit-string, encapsulates the 581 BIER header, and forwards the encapsulated BUM traffic into the BIER 582 domain to the other BFERs/Egress NVEs indicated by the bit-string. 584 Furthermore, as for how each ingress NVE knows the other egress NVEs 585 that belong to the same virtual network and creates the mapping is 586 the main issue discussed below. Basically, BIER Multicast Listener 587 Discovery is an overlay solution to support ingress routers to keep 588 per-egress-router state to construct the BIER bit-string associated 589 with IP multicast packets entering the BIER domain. The following 590 section tries to extend BIER MLD to carry virtual network 591 information(such as Virtual Network Context identifier), and 592 advertise them between NVEs. When each NVE receive these 593 information, they create the mapping between the virtual network 594 information and the bit-string representing the other NVEs belonged 595 to the same virtual network. 597 A.3. A BIER MLD solution for Virtual Network information 599 The BIER MLD solution allows having multiple MLD instances by having 600 unique pairs of BMLD Nodes and BMLD Querier addresses for each 601 instance. Assume for now that we have a unique instance per VNI and 602 that all BMLD routers are using the same mapping between VNIs and 603 BMLD address pairs. Also for each VNI there is a multicast group 604 used for encapsulation of BUM traffic over BIER. This group may 605 potentially be shared by some or all of the VNIs. 607 Each NVE acquires the Virtual Network information, and advertises 608 this Virtual Network information to other NVEs through the MLD 609 messages. For a given VNI it sends BMLD reports to the BMLD nodes 610 address used for that VNI, for the group used for delivering BUM 611 traffic for that VNI. This allows all NVE routers to know which 612 other NVE routers have interest in BUM traffic for a particular VNI. 613 If one attached virtual network is migrated, the NVE will withdraw 614 the Virtual Network information by sending an unsolicited BMLD 615 report. Note that NVEs also respond to periodic queries to BMLD 616 Nodes addresses corresponding to VNIs for which they have interest. 618 When ingress NVE receives the Virtual Network information 619 advertisement message, it builds a mapping between the receiving 620 Virtual Network Context Identifier in this message and the bit-string 621 in which each bit represents one egress NVE who sends the same 622 Virtual Network information. Subsequently, once this ingress NVE 623 receives some other MLD advertisements which include the same Virtual 624 Network information from some other NVEs , it updates the bit-string 625 in the mapping and adds the corresponding sending NVE to the updated 626 bit-string. Once the ingress NVE removes one virtual network, it 627 will delete the mapping corresponding to this virtual network as well 628 as send withdraw message to other NVEs. 630 After finishing the above interaction of MLD messages, each ingress 631 NVE knows where the other egress NVEs are in the same virtual 632 network. When receiving BUM traffic from the attached virtual 633 network, each ingress NVE knows exactly how to encapsulate this 634 traffic and where to forward them to. 636 This can be used in both IPv4 network and IPv6 network. In IPv4, 637 IGMP protocol does the similar extension for carrying Virtual Network 638 information TLV in Version 2 membership report message. 640 Note that it is possible to have multiple VNIs map to the same pair 641 of BMLD addresses. Provided VNIs that map to the same BMLD address 642 uses different multicast groups for encapsulation, this is not a 643 problem, because each instance is tracking interest for each 644 multicast group separately. If multiple VNIs map to the same pair 645 and the multicast group used is not unique, some NVEs may receive BUM 646 traffic for which they are not interested. An NVE would drop packets 647 for an unknown VNI, but it means wasting some bandwidth and 648 processing. This is similar to the non-BIER case where there is not 649 a unique multicast group for encapsulation. The improvement offered 650 by using BMLD is by using multiple instance, hence reducing the 651 problems caused by using the same transport group for multiple VNIs. 653 Authors' Addresses 654 Pierre Pfister 655 Cisco Systems 656 Paris 657 France 659 Email: pierre.pfister@darou.fr 661 IJsbrand Wijnands 662 Cisco Systems 663 De Kleetlaan 6a 664 Diegem 1831 665 Belgium 667 Email: ice@cisco.com 669 Stig Venaas 670 Cisco Systems 671 Tasman Drive 672 San Jose, CA 95134 673 USA 675 Email: stig@cisco.com 677 Cui(Linda) Wang 679 Email: lindawangjoy@gmail.com 681 Zheng(Sandy) Zhang 682 ZTE Corporation 683 No.50 Software Avenue, Yuhuatai District 684 Nanjing, CA 685 China 687 Email: zhang.zheng@zte.com.cn 689 Markus Stenberg 690 Helsinki 00930 691 Finland 693 Email: markus.stenberg@iki.fi