idnits 2.17.1 draft-ietf-bier-mld-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (5 January 2022) is 840 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-08) exists of draft-ietf-pim-igmp-mld-extension-05 == Outdated reference: A later version (-16) exists of draft-ietf-bier-path-mtu-discovery-11 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Pfister 3 Internet-Draft IJ. Wijnands 4 Intended status: Standards Track S. Venaas 5 Expires: 9 July 2022 Cisco Systems 6 C. Wang 8 Z. Zhang 9 ZTE Corporation 10 M. Stenberg 11 5 January 2022 13 BIER Ingress Multicast Flow Overlay using Multicast Listener Discovery 14 Protocols 15 draft-ietf-bier-mld-06 17 Abstract 19 This document specifies the ingress part of a multicast flow overlay 20 for BIER networks. Using existing multicast listener discovery 21 protocols, it enables multicast membership information sharing from 22 egress routers, acting as listeners, toward ingress routers, acting 23 as queriers. Ingress routers keep per-egress-router state, used to 24 construct the BIER bit mask associated with IP multicast packets 25 entering the BIER domain. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on 9 July 2022. 44 Copyright Notice 46 Copyright (c) 2022 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. Code Components 54 extracted from this document must include Revised BSD License text as 55 described in Section 4.e of the Trust Legal Provisions and are 56 provided without warranty as described in the Revised BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 4. Applicability Statement . . . . . . . . . . . . . . . . . . . 4 64 5. Querier and Listener Specifications . . . . . . . . . . . . . 5 65 5.1. Configuration Parameters . . . . . . . . . . . . . . . . 5 66 5.2. MLDv2 instances. . . . . . . . . . . . . . . . . . . . . 6 67 5.2.1. Sending Queries . . . . . . . . . . . . . . . . . . . 6 68 5.2.2. Sending Reports . . . . . . . . . . . . . . . . . . . 7 69 5.2.3. Receiving Queries . . . . . . . . . . . . . . . . . . 8 70 5.2.4. Receiving Reports . . . . . . . . . . . . . . . . . . 8 71 5.3. Packet Forwarding . . . . . . . . . . . . . . . . . . . . 8 72 6. BIER MLD/IGMP Extension Type . . . . . . . . . . . . . . . . 9 73 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 74 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 75 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 76 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 77 10.1. Normative References . . . . . . . . . . . . . . . . . . 11 78 10.2. Informative References . . . . . . . . . . . . . . . . . 11 79 Appendix A. BIER Use Case in Data Centers . . . . . . . . . . . 13 80 A.1. Convention and Terminology . . . . . . . . . . . . . . . 14 81 A.2. BIER in data centers . . . . . . . . . . . . . . . . . . 15 82 A.3. A BIER MLD solution for Virtual Network information . . . 15 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 85 1. Introduction 87 The Bit Index Explicit Replication (BIER - [RFC8279]) forwarding 88 technique enables IP multicast transport across a BIER domain. When 89 receiving or originating a packet, ingress routers have to construct 90 a bit mask indicating which BIER egress routers located within the 91 same BIER domain will receive the packet. A stateless approach would 92 consist of forwarding all incoming packets toward all egress routers, 93 which would in turn make a forwarding decision based on local 94 information. But any more efficient approach would require ingress 95 routers to keep some state about egress routers multicast membership 96 information, hence requiring state sharing from egress routers toward 97 ingress routers. 99 This document specifies how to use the Multicast Listener Discovery 100 protocol version 2 [RFC3810] (resp. the Internet Group Management 101 protocol version 3 [RFC3376]) as the ingress part of a BIER multicast 102 flow overlay (BIER layering is described in [RFC8279]) for IPv6 103 (resp. IPv4). It enables multicast membership information sharing 104 from egress routers, acting as listeners, toward ingress routers, 105 acting as queriers. Ingress routers keep per-egress-router state, 106 used to construct the BIER bit mask associated with IP multicast 107 packets entering the BIER domain. 109 This document defines an MLDv2 and IGMPv3 extension type, using the 110 extension scheme defined in [I-D.ietf-pim-igmp-mld-extension], that 111 is used to provide BIER specific information about the message 112 originator. 114 This specification is applicable to both IP version 4 and version 6. 115 It therefore specifies two separate mechanisms operating 116 independently. For the sake of simplicity, the rest of this document 117 uses IPv6 terminology. It can be applied to IPv4 by replacing 118 'MLDv2' with 'IGMPv3', and following specific requirements when 119 explicitly stated. 121 2. Terminology 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 125 "OPTIONAL" in this document are to be interpreted as described in BCP 126 14 [RFC2119] [RFC8174] when, and only when, they appear in all 127 capitals, as shown here. 129 The terms "Bit-Forwarding Router" (BFR), "Bit-Forwarding Egress 130 Router" (BFER), "Bit-Forwarding Ingress Router" (BFIR), "BFR-id" and 131 "BFR-Prefix" are to be interpreted as described in [RFC8279]. 133 Additionally, the following definitions are used: 135 BIER Multicast Listener Discovery (BMLD): The modified version of 136 MLD specified in this document. 138 BMLD Querier: A BFR implementing the Querier part of this 139 specification. A BMLD Node MAY be both a Querier and a Listener. 141 BMLD Listener: A BFR implementing the Listener part of this 142 specification. A BMLD Node MAY be both a Querier and a Listener. 144 3. Overview 146 This document proposes to use the mechanisms described in MLDv2 in 147 order to enable multicast membership information sharing from BFERs 148 toward BFIRs within a given BIER domain. BMLD queries (resp. 149 reports) are sent over BIER toward all BMLD Nodes (resp. BMLD 150 Queriers) using modified MLDv2 messages which IP destination is set 151 to a configured 'all BMLD Nodes' (resp. 'all BMLD Queriers') IP 152 multicast address. 154 By running MLDv2 instances with per-listener explicit tracking, BMLD 155 Queriers are able to map BMLD Listeners with MLDv2 membership states. 156 This state is then used to construct the set of BFERs associated with 157 each incoming IP multicast data packet. 159 4. Applicability Statement 161 BMLD runs on top of a BIER Layer and provides the ingress part of a 162 BIER multicast flow overlay, i.e, it specifies how BFIRs construct 163 the set of BFERs for each ingress IP multicast data packet. The BFER 164 part of the Multicast Flow Overlay is out of scope of this document. 166 The BIER Layer MUST be able to transport BMLD messages toward all 167 BMLD Queriers and Listeners. Such packets are IP multicast packets 168 with a BFR-Prefix as source address, a multicast destination address, 169 and containing a MLDv2 message. 171 BMLD only requires state to be kept by Queriers, and is therefore 172 more scalable than PIMv2 [RFC7761] in terms of overall state, but is 173 also likely to be less scalable than PIMv2 in terms of the amount of 174 control traffic and the size of the state that is kept by individual 175 routers. 177 This specification is applicable to both IP version 4 and version 6. 178 It therefore specifies two separate mechanisms operating 179 independently. For the sake of simplicity, this document uses IPv6 180 terminology. It can be applied to IPv4 by replacing 'MLDv2' with 181 'IGMPv3', and following specific requirements when explicitly stated. 183 If multiple BFIRs have connectivity to the same source, a mechanism 184 is needed to determine which BFIR should be the forwarder, that is 185 not specified in this document. As a special case, if BIER is used 186 end-to-end such that sources would be directly connected to the 187 BFIRs, then an election mechanism is needed if there are multiple 188 BFIRs on the same link as the source. One option is to utilize PIM 189 DR Election where the DR is the BIER forwarder, but other election 190 mechanisms could be used. In order to allow quick failover, the 191 BFIRs that are not forwarders should still track BFER interest so 192 that they have the correct state in case they become forwarders. 194 5. Querier and Listener Specifications 196 Routers desiring to receive IP multicast traffic (e.g., for their own 197 use, or for forwarding) MUST behave as BMLD Listeners. Routers 198 receiving IP multicast traffic from outside the BIER domain, or 199 originating multicast traffic, MUST behave as BMLD Queriers. 201 BMLD Queriers (resp. BMLD Listeners) MUST act as MLDv2 Queriers 202 (resp. MLDv2 Listeners) as specified in [RFC3810] unless stated 203 otherwise in this section. 205 5.1. Configuration Parameters 207 Both Queriers and Listeners MUST operate as BFIRs and BFERs within 208 the BIER domain in order to send and receive BMLD messages. They 209 MUST therefore be configured accordingly, as specified in [RFC8279]. 211 All Listeners MUST be configured with an 'all BMLD Queriers' 212 multicast address and the BFR-ids of all the BMLD Queriers. This is 213 used by Listeners to send BMLD reports over BIER toward all Queriers. 214 All Queriers MUST be configured to accept BMLD reports sent to this 215 address. 217 All Queriers MUST be configured with an 'all BMLD Nodes' multicast 218 address and the BFR-ids of all the Queriers and Listeners. This 219 information is used by Queriers to send BMLD queries over BIER toward 220 all BMLD Nodes. All BMLD Nodes MUST be configured to accept BMLD 221 queries sent to this address. 223 It may be cumbersone to configure the exact set of BFR-ids for 224 Queriers and Listeners. One MAY configure the set of BFR-ids to 225 contain any potentially used BFR-id, perhaps having all bit positions 226 set. There is no harm in configuring unused BFR-ids. Configuring 227 the BFR-ids of additional routers would in most cases cause no harm, 228 as a router would drop the BMLD message unless it is configured as a 229 Querier or a Listener. 231 Note that BMLD (unlike MLDv2) makes use of per-instance configured 232 multicast group addresses rather than well-known addresses so that 233 multiple instances of BMLD (using different group addresses) can be 234 run simultaneously within the same BIER domain. Configured group 235 addresses MAY be obtained from allocated IP prefixes using [RFC3306]. 236 One MAY choose to use the well-known MLDv2 addresses in one instance, 237 but different instances MUST use different addresses. 239 IP packets coming from outside of the BIER domain and having a 240 destination address set to the configured 'all BMLD Queriers' or the 241 'all BMLD Nodes' group address MUST be dropped. It is RECOMMENDED 242 that these configured addresses have a limited scope, enforcing this 243 behavior by scope-based filtering on BIER domain's egress interfaces. 245 5.2. MLDv2 instances. 247 BMLD Queriers MUST run a MLDv2 Querier instance with per-host 248 tracking, which means they keep track of the MLDv2 state associated 249 with each BMLD Listener. For that purpose, Listeners are identified 250 by their respective BFR-Prefix, used as IP source address in all BMLD 251 reports. 253 BMLD Listeners MUST run a MLDv2 Listener instance expressing their 254 interest in the multicast traffic they are supposed to receive for 255 local use or forwarding. 257 BMLD Listeners and Queriers MUST NOT run the MLDv1 (IGMPv2 and IGMPv1 258 for IPv4) backward compatibility procedures. 260 5.2.1. Sending Queries 262 BMLD Queries are IP packets sent over BIER by BMLD Queriers: 264 * Toward all BMLD Nodes (i.e., providing to the BIER Layer the BFR- 265 ids of all BMLD Nodes). 267 * Without the IPv6 router alert option [RFC2711] in the hop-by-hop 268 extension header [RFC8200] (or the IPv4 router alert option 269 [RFC2113] for IPv4). 271 * With the IP destination address set to the 'all BMLD Nodes' group 272 address. 274 * With a deterministic IP source address. It is RECOMMENDED that 275 the address is a BFR-Prefix of the sender, but it MAY be another 276 value. This address is only used for querier election. 278 * With a TTL value large enough such that the packet can be received 279 by all BMLD Nodes, depending on the underlying BIER layer (whether 280 it decrements the IP TTL or not) and the size of the network. The 281 default value is 64. 283 * The extension type defined in Section 6 MUST be included once, 284 specifying the Sub-domain-id, BFR-id and BFR-Prefix of the sender. 285 This information may be useful for logging and debugging. 287 5.2.2. Sending Reports 289 BMLD Reports are IP packets sent over BIER by BMLD Listeners: 291 * Toward all BMLD Queriers (i.e., providing to the BIER layer the 292 BFR-ids of all BMLD Queriers). 294 * Without the IPv6 router alert option [RFC2711] in the hop-by-hop 295 extension header [RFC8200] (or the IPv4 router alert option 296 [RFC2113] for IPv4). 298 * With the IP destination address set to the 'all BMLD Queriers' 299 group address. 301 * With a deterministic IP source address. It is RECOMMENDED that 302 the address is a BFR-Prefix of the sender. 304 * With a TTL value large enough such that the packet can be received 305 by all BMLD Queriers, depending on the underlying BIER layer 306 (whether it decrements the IP TTL or not) and the size of the 307 network. The default value is 64. 309 * The extension type defined in Section 6 MUST be included once, 310 specifying the Sub-domain-id, BFR-id and BFR-Prefix of the sender. 311 This information is used to create the necessary forwarding state 312 for requested flows, and may be useful for logging and debugging. 314 Since the reports may contain a large number of records, they may 315 become larger than the maximum BIER payload that can be delivered to 316 all the BMLD Queriers. Hence an implementation will need to either 317 use a small default maximum size, allow configuration of a maximum 318 size, or rely on MTU discovery. MTU discovery may be done for a sub- 319 domain using BIER MTU Discovery [I-D.ietf-bier-mtud] or for the set 320 of BMLD Queriers using Path MTU Discovery 321 [I-D.ietf-bier-path-mtu-discovery]. 323 5.2.3. Receiving Queries 325 BMLD Queriers and Listeners MUST check the destination address of all 326 the IP packets that are received or forwarded over BIER whenever 327 their own BIER bit is set in the packet. If the destination address 328 is equal to the 'all BMLD Nodes' group address the packet is 329 processed as specified in this section. 331 If the IPv6 (resp. IPv4) packet contains an ICMPv6 (resp. IGMP) 332 message of type 'Multicast Listener Query' (resp. of type 'Membership 333 Query'), and include the extension defined in Section 6), it is 334 processed by the MLDv2 (resp. IGMPv3) instance run by the BMLD 335 Querier. It MUST be dropped otherwise. 337 During the MLDv2 processing, the packet MUST NOT be checked against 338 the MLDv2 consistency conditions (i.e., the presence of the router 339 alert option, the TTL equaling 1 and, for IPv6 only, the source 340 address being link-local). 342 5.2.4. Receiving Reports 344 BMLD Queriers MUST check the destination address of all the IP 345 packets that are received or forwarded over BIER whenever their own 346 BIER bit is set. If the destination address is equal to the 'all 347 BMLD Queriers' the packet is processed as specified in this section. 349 If the IPv6 (resp. IPv4) packet contains an ICMPv6 (resp. IGMP) 350 message of type 'Multicast Listener Report Message v2' (resp. 351 'Version 3 Membership Report'), and include the extension defined in 352 Section 6), it is processed by the MLDv2 (resp. IGMPv3) instance run 353 by the BMLD Querier. It MUST be dropped otherwise. 355 During the MLDv2 processing, the packet MUST NOT be checked against 356 the MLDv2 consistency conditions (i.e., the presence of the router 357 alert option, the TTL equaling 1 and, for IPv6 only, the source 358 address being link-local). 360 5.3. Packet Forwarding 362 BMLD Queriers configure the BIER Layer using the information obtained 363 using BMLD, and the extension Section 6), to track membership state, 364 including the Sub-domain-id, BFR-id and BFR-Prefix of the members. 366 More specifically, the membership state associated with each BMLD 367 Listener is provided to the BIER layer such that whenever a multicast 368 packet enters the BIER domain, if that packet matches the membership 369 information from a BMLD Listener, its Sub-domain-id and BFR-id is 370 added to the set of Sub-domains and BFR-ids the packet should be 371 forwarded to by the BIER-Layer. 373 6. BIER MLD/IGMP Extension Type 375 A new MLD/IGMP extension type adds BIER specific information to IGMP/ 376 MLD messages, using the extension scheme defined in 377 [I-D.ietf-pim-igmp-mld-extension]). The BIER specific information is 378 the same as the PTA tunnel identifier in [RFC8556] and is shown in 379 Figure 1. Note that, as defined in the MLD (resp. IGMP), existing 380 implementations are supposed to ignore this additional data. 382 0 1 2 3 383 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 385 | Ext Type TBD | Extension Length | 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | Sub-domain ID | Reserved | BFR-ID | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | BFR-Prefix 1 | 390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 ~ ~ 392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 393 | BFR-Prefix n | 394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 Figure 1: MLD/IGMP Extension Type for BIER 398 * Ext Type: Assigned by IANA, identifying this BIER extension. 400 * Extension Length: The length in octets of the data after this 401 field. If there are n IPv4 prefixes, the length would be 4 + 4 * 402 n, if there are n IPv6 prefixes, the length would be 4 + 16 * n. 404 * Sub-domain-id: A single octet containing a BIER sub-domain-id (see 405 [[RFC8279]]). This indicates the BIER sub-domain of the router 406 originating the message. 408 * Reserved: A single octect, MUST be set to 0 when sending and 409 ignored when receiving. 411 * BFR-id: A two-octet field containing the BFR-id, in the specified 412 sub-domain, of the router originating the message. 414 * BFR-prefix: The BFR-prefix (see [[RFC8279]]) of the router that is 415 originating the message. The BFR-prefix will either be a /32 IPv4 416 address or a /128 IPv6 address. 418 This extension type MUST be present once in all IGMP and MLD messages 419 when originated with a BIER header to identify the BIER originator. 420 It is expected that any BIER router originating IGMP/MLD messages in 421 BIER supports this specification. Any IGMP/MLD messages that do not 422 contain the extension Section 6) MUST be dropped by the decapsulating 423 router with no processing other than potentially logging or 424 debugging. It is expected that any BIER router processing IGMP/MLD 425 messages with BIER encapsulation supports this specification. If 426 they do not, they will likely ignore the report since they cannot 427 identify the BIER receiver, but they may be able to derive some of 428 the receiver information from the BIER header. 430 7. Security Considerations 432 BMLD makes use of IGMPv3/MLDv2 messages transported over BIER in 433 order to configure the BIER Layer of BFIRs. BMLD messages MUST be 434 secured, either by relying on physical or link-layer security, by 435 securing the IP packets (e.g., using IPSec [RFC4301]), or by relying 436 on security features provided by the BIER Layer. 438 By spoofing the IP source address, an attacker could become the IGMP/ 439 MLD querier. Once one becomes the querier, several attack vectors 440 are possible. This is similar to regular IGMP/MLD without BIER 441 encapsulation. 443 An attacker could send reports with the BIER IGMP/MLD extension 444 Section 6) specifying a BFR-ID and BIER prefix identifying another 445 router. This would allow the attacker to: 447 * Redirect undesired traffic toward the spoofed router by 448 subscribing to undesired multicast traffic. 450 * Prevent desired multicast traffic from reaching the spoofed router 451 by unsubscribing to some desired multicast traffic. 453 8. IANA Considerations 455 This document requests that IANA assigns a new type called BIER 456 information in the registry defined in 457 [I-D.ietf-pim-igmp-mld-extension]. 459 9. Acknowledgements 461 Comments concerning this document are very welcome. 463 10. References 465 10.1. Normative References 467 [RFC2113] Katz, D., "IP Router Alert Option", RFC 2113, 468 DOI 10.17487/RFC2113, February 1997, 469 . 471 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 472 Requirement Levels", BCP 14, RFC 2119, 473 DOI 10.17487/RFC2119, March 1997, 474 . 476 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 477 Thyagarajan, "Internet Group Management Protocol, Version 478 3", RFC 3376, DOI 10.17487/RFC3376, October 2002, 479 . 481 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 482 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 483 DOI 10.17487/RFC3810, June 2004, 484 . 486 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 487 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 488 May 2017, . 490 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 491 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 492 Explicit Replication (BIER)", RFC 8279, 493 DOI 10.17487/RFC8279, November 2017, 494 . 496 [I-D.ietf-pim-igmp-mld-extension] 497 Sivakumar, M., Venaas, S., Zhang, Z., and H. Asaeda, 498 "Internet Group Management Protocol version 3 (IGMPv3) and 499 Multicast Listener Discovery version 2 (MLDv2) Message 500 Extension", Work in Progress, Internet-Draft, draft-ietf- 501 pim-igmp-mld-extension-05, 7 November 2021, 502 . 505 10.2. Informative References 507 [RFC2711] Partridge, C. and A. Jackson, "IPv6 Router Alert Option", 508 RFC 2711, DOI 10.17487/RFC2711, October 1999, 509 . 511 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 512 Multicast Addresses", RFC 3306, DOI 10.17487/RFC3306, 513 August 2002, . 515 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 516 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 517 December 2005, . 519 [RFC5015] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, 520 "Bidirectional Protocol Independent Multicast (BIDIR- 521 PIM)", RFC 5015, DOI 10.17487/RFC5015, October 2007, 522 . 524 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 525 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 526 eXtensible Local Area Network (VXLAN): A Framework for 527 Overlaying Virtualized Layer 2 Networks over Layer 3 528 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 529 . 531 [RFC7365] Lasserre, M., Balus, F., Morin, T., Bitar, N., and Y. 532 Rekhter, "Framework for Data Center (DC) Network 533 Virtualization", RFC 7365, DOI 10.17487/RFC7365, October 534 2014, . 536 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 537 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 538 Multicast - Sparse Mode (PIM-SM): Protocol Specification 539 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 540 2016, . 542 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 543 (IPv6) Specification", STD 86, RFC 8200, 544 DOI 10.17487/RFC8200, July 2017, 545 . 547 [RFC8556] Rosen, E., Ed., Sivakumar, M., Przygienda, T., Aldrin, S., 548 and A. Dolganow, "Multicast VPN Using Bit Index Explicit 549 Replication (BIER)", RFC 8556, DOI 10.17487/RFC8556, April 550 2019, . 552 [I-D.ietf-bier-mtud] 553 Venaas, S., Wijnands, I., Ginsberg, L., and M. Sivakumar, 554 "BIER MTU Discovery", Work in Progress, Internet-Draft, 555 draft-ietf-bier-mtud-00, 27 February 2019, 556 . 559 [I-D.ietf-bier-path-mtu-discovery] 560 Mirsky, G., Przygienda, T., and A. Dolganow, "Path Maximum 561 Transmission Unit Discovery (PMTUD) for Bit Index Explicit 562 Replication (BIER) Layer", Work in Progress, Internet- 563 Draft, draft-ietf-bier-path-mtu-discovery-11, 4 October 564 2021, . 567 Appendix A. BIER Use Case in Data Centers 569 In current data center virtualization, virtual eXtensible Local Area 570 Network (VXLAN) [RFC7348] is a kind of network virtualization overlay 571 technology which is overlaid between NVEs and is intended for multi- 572 tenancy data center networks, whose reference architecture is 573 illustrated as per Figure 2. 575 +--------+ +--------+ 576 | Tenant +--+ +----| Tenant | 577 | System | | (') | System | 578 +--------+ | ................ ( ) +--------+ 579 | +-+--+ . . +--+-+ (_) 580 | | NVE|--. .--| NVE| | 581 +--| | . . | |---+ 582 +-+--+ . . +--+-+ 583 / . . 584 / . L3 Overlay . +--+-++--------+ 585 +--------+ / . Network . | NVE|| Tenant | 586 | Tenant +--+ . .--| || System | 587 | System | . . +--+-++--------+ 588 +--------+ ................ 590 Figure 2: NVO3 Architecture 592 And there are two kinds of most common methods about how to forward 593 BUM packets in this virtualization overlay network. One is using PIM 594 as underlay multicast routing protocol to build explicit multicast 595 distribution tree, such as PIM-SM [RFC7761] or PIM-BIDIR [RFC5015] 596 multicast routing protocol. Then, when BUM packets arrive at NVE, it 597 requires NVE to have a mapping between the VXLAN Network Identifier 598 and the IP multicast group. According to the mapping, NVE can 599 encapsulate BUM packets in a multicast packet which group address is 600 the mapping IP multicast group address and steer them through 601 explicit multicast distribution tree to the destination NVEs. This 602 method has two serious drawbacks. It need the underlay network 603 supports complicated multicast routing protocol and maintains 604 multicast related per-flow state in every transit nodes. What is 605 more, how to configure the ratio of the mapping between VNI and IP 606 multicast group is also an issue. If the ratio is 1:1, there should 607 be 16M multicast groups in the underlay network at maximum to map to 608 the 16M VNIs, which is really a significant challenge for the data 609 center devices. If the ratio is n:1, it would result in inefficiency 610 bandwidth utilization which is not optimal in data center networks. 612 The other method is using ingress replication to require each NVE to 613 create a mapping between the VXLAN Network Identifier and the remote 614 addresses of NVEs which belong to the same virtual network. When NVE 615 receives BUM traffic from the attached tenant, NVE can encapsulate 616 these BUM packets in unicast packets and replicate them and tunnel 617 them to different remote NVEs respectively. Although this method can 618 eliminate the burden of running multicast protocol in the underlay 619 network, it has a significant disadvantage: large waste of bandwidth, 620 especially in big-sized data center where there are many receivers. 622 BIER [RFC8279] is an architecture that provides optimal multicast 623 forwarding through a "BIER domain" without requiring intermediate 624 routers to maintain any multicast related per-flow state. BIER also 625 does not require any explicit tree-building protocol for its 626 operation. A multicast data packet enters a BIER domain at a "Bit- 627 Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one 628 or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router 629 adds a BIER header to the packet. The BIER header contains a bit- 630 string in which each bit represents exactly one BFER to forward the 631 packet to. The set of BFERs to which the multicast packet needs to 632 be forwarded is expressed by setting the bits that correspond to 633 those routers in the BIER header. Specifically, for BIER-TE, the 634 BIER header may also contain a bit-string in which each bit indicates 635 the link the flow passes through. 637 The following sub-sections try to propose how to take full advantage 638 of overlay multicast protocol to carry virtual network information, 639 and create a mapping between the virtual network information and the 640 bit-string to implement BUM services in data centers. 642 A.1. Convention and Terminology 644 The terms about NVO3 are defined in [RFC7365]. The most common 645 terminology used in this appendix is listed below. 647 NVE: Network Virtualization Edge, which is the entity that 648 implements the overlay functionality. An NVE resides at the 649 boundary between a Tenant System and the overlay network. 651 VXLAN: Virtual eXtensible Local Area Network 653 VNI: VXLAN Network Identifier 655 Virtal Network Context Identifier: Field in an overlay encapsulation 656 header that identifies the specific VN the packet belongs to. 658 A.2. BIER in data centers 660 This section tries to describe how to use BIER as an optimal scheme 661 to forward the broadcast, unknown and multicast (BUM) packets when 662 they arrive at the ingress NVE in data centers. 664 The principle of using BIER to forward BUM traffic is that: firstly, 665 it requires each ingress NVE to have a mapping between the Virtual 666 Network Context Identifier and the bit-string in which each bit 667 represents exactly one egress NVE to forward the packet to. And 668 then, when receiving the BUM traffic, the BFIR/Ingree NVE maps the 669 receiving BUM traffic to the mapping bit-string, encapsulates the 670 BIER header, and forwards the encapsulated BUM traffic into the BIER 671 domain to the other BFERs/Egress NVEs indicated by the bit-string. 673 Furthermore, as for how each ingress NVE knows the other egress NVEs 674 that belong to the same virtual network and creates the mapping is 675 the main issue discussed below. Basically, BIER Multicast Listener 676 Discovery is an overlay solution to support ingress routers to keep 677 per-egress-router state to construct the BIER bit-string associated 678 with IP multicast packets entering the BIER domain. The following 679 section tries to extend BIER MLD to carry virtual network 680 information(such as Virtual Network Context identifier), and 681 advertise them between NVEs. When each NVE receive these 682 information, they create the mapping between the virtual network 683 information and the bit-string representing the other NVEs belonged 684 to the same virtual network. 686 A.3. A BIER MLD solution for Virtual Network information 688 The BIER MLD solution allows having multiple MLD instances by having 689 unique pairs of BMLD Nodes and BMLD Querier addresses for each 690 instance. Assume for now that we have a unique instance per VNI and 691 that all BMLD routers are using the same mapping between VNIs and 692 BMLD address pairs. Also for each VNI there is a multicast group 693 used for encapsulation of BUM traffic over BIER. This group may 694 potentially be shared by some or all of the VNIs. 696 Each NVE acquires the Virtual Network information, and advertises 697 this Virtual Network information to other NVEs through the MLD 698 messages. For a given VNI it sends BMLD reports to the BMLD nodes 699 address used for that VNI, for the group used for delivering BUM 700 traffic for that VNI. This allows all NVE routers to know which 701 other NVE routers have interest in BUM traffic for a particular VNI. 702 If one attached virtual network is migrated, the NVE will withdraw 703 the Virtual Network information by sending an unsolicited BMLD 704 report. Note that NVEs also respond to periodic queries to BMLD 705 Nodes addresses corresponding to VNIs for which they have interest. 707 When ingress NVE receives the Virtual Network information 708 advertisement message, it builds a mapping between the receiving 709 Virtual Network Context Identifier in this message and the bit-string 710 in which each bit represents one egress NVE who sends the same 711 Virtual Network information. Subsequently, once this ingress NVE 712 receives some other MLD advertisements which include the same Virtual 713 Network information from some other NVEs , it updates the bit-string 714 in the mapping and adds the corresponding sending NVE to the updated 715 bit-string. Once the ingress NVE removes one virtual network, it 716 will delete the mapping corresponding to this virtual network as well 717 as send withdraw message to other NVEs. 719 After finishing the above interaction of MLD messages, each ingress 720 NVE knows where the other egress NVEs are in the same virtual 721 network. When receiving BUM traffic from the attached virtual 722 network, each ingress NVE knows exactly how to encapsulate this 723 traffic and where to forward them to. 725 This can be used in both IPv4 network and IPv6 network. In IPv4, 726 IGMP protocol does the similar extension for carrying Virtual Network 727 information TLV in Version 2 membership report message. 729 Note that it is possible to have multiple VNIs map to the same pair 730 of BMLD addresses. Provided VNIs that map to the same BMLD address 731 uses different multicast groups for encapsulation, this is not a 732 problem, because each instance is tracking interest for each 733 multicast group separately. If multiple VNIs map to the same pair 734 and the multicast group used is not unique, some NVEs may receive BUM 735 traffic for which they are not interested. An NVE would drop packets 736 for an unknown VNI, but it means wasting some bandwidth and 737 processing. This is similar to the non-BIER case where there is not 738 a unique multicast group for encapsulation. The improvement offered 739 by using BMLD is by using multiple instance, hence reducing the 740 problems caused by using the same transport group for multiple VNIs. 742 Authors' Addresses 743 Pierre Pfister 744 Cisco Systems 745 Paris 746 France 748 Email: pierre.pfister@darou.fr 750 IJsbrand Wijnands 751 Cisco Systems 752 De Kleetlaan 6a 753 1831 Diegem 754 Belgium 756 Email: ice@cisco.com 758 Stig Venaas 759 Cisco Systems 760 Tasman Drive 761 San Jose, CA 95134 762 United States of America 764 Email: stig@cisco.com 766 Cui(Linda) Wang 768 Email: lindawangjoy@gmail.com 770 Zheng(Sandy) Zhang 771 ZTE Corporation 772 No.50 Software Avenue, Yuhuatai District 773 Nanjing 774 CA, 775 China 777 Email: zhang.zheng@zte.com.cn 779 Markus Stenberg 780 FI-00930 Helsinki 781 Finland 783 Email: markus.stenberg@iki.fi