idnits 2.17.1 draft-ietf-lisp-6834bis-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 4, 2022) is 723 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-38) exists of draft-ietf-lisp-rfc6830bis-36 == Outdated reference: A later version (-31) exists of draft-ietf-lisp-rfc6833bis-30 == Outdated reference: A later version (-15) exists of draft-ietf-lisp-introduction-13 -- Obsolete informational reference (is this intentional?): RFC 6834 (Obsoleted by RFC 9302) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group L. Iannone 3 Internet-Draft Huawei Technologies France 4 Obsoletes: 6834 (if approved) D. Saucez 5 Intended status: Standards Track INRIA 6 Expires: November 5, 2022 O. Bonaventure 7 Universite catholique de Louvain 8 May 4, 2022 10 Locator/ID Separation Protocol (LISP) Map-Versioning 11 draft-ietf-lisp-6834bis-10 13 Abstract 15 This document describes the LISP (Locator/ID Separation Protocol) 16 Map-Versioning mechanism, which provides in-packet information about 17 Endpoint ID to Routing Locator (EID-to-RLOC) mappings used to 18 encapsulate LISP data packets. This approach is based on associating 19 a version number to EID-to-RLOC mappings and the transport of such a 20 version number in the LISP-specific header of LISP-encapsulated 21 packets. LISP Map-Versioning is particularly useful to inform 22 communicating Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers 23 (ETRs) about modifications of the mappings used to encapsulate 24 packets. The mechanism is optional and transparent to 25 implementations not supporting this feature, since in the LISP- 26 specific header and in the Map Records, bits used for Map-Versioning 27 can be safely ignored by ITRs and ETRs that do not support or do not 28 want to use the mechanism. 30 This document obsoletes RFC 6834 "Locator/ID Separation Protocol 31 (LISP) Map-Versioning", which is the initial experimental 32 specifications of the mechanisms updated by this document. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on November 5, 2022. 50 Copyright Notice 52 Copyright (c) 2022 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3 69 3. Definitions of Terms . . . . . . . . . . . . . . . . . . . . 4 70 4. LISP Header and Map-Version Numbers . . . . . . . . . . . . . 4 71 5. Map Record and Map-Version . . . . . . . . . . . . . . . . . 5 72 6. EID-to-RLOC Map-Version Number . . . . . . . . . . . . . . . 6 73 6.1. The Null Map-Version . . . . . . . . . . . . . . . . . . 7 74 7. Dealing with Map-Version Numbers . . . . . . . . . . . . . . 7 75 7.1. Handling Destination Map-Version Number . . . . . . . . . 8 76 7.2. Handling Source Map-Version Number . . . . . . . . . . . 9 77 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 78 9. Deployment Considerations . . . . . . . . . . . . . . . . . . 10 79 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 80 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 81 11.1. Normative References . . . . . . . . . . . . . . . . . . 11 82 11.2. Informative References . . . . . . . . . . . . . . . . . 12 83 Appendix A. Benefits and Case Studies for Map-Versioning . . . . 13 84 A.1. Map-Versioning and Unidirectional Traffic . . . . . . . . 13 85 A.2. Map-Versioning and Interworking . . . . . . . . . . . . . 13 86 A.2.1. Map-Versioning and Proxy-ITRs . . . . . . . . . . . . 13 87 A.2.2. Map-Versioning and LISP-NAT . . . . . . . . . . . . . 14 88 A.2.3. Map-Versioning and Proxy-ETRs . . . . . . . . . . . . 14 89 A.3. RLOC Shutdown/Withdraw . . . . . . . . . . . . . . . . . 15 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 92 1. Introduction 94 This document describes the Map-Versioning mechanism used to provide 95 information on changes in the EID-to-RLOC (Endpoint ID to Routing 96 Locator) mappings used in the LISP (Locator/ID Separation Protocol 97 [I-D.ietf-lisp-rfc6830bis][I-D.ietf-lisp-rfc6833bis]) context to 98 perform packet encapsulation. The mechanism is totally transparent 99 to xTRs (Ingress and Egress Tunnel Routers) not supporting or not 100 using such functionality. [I-D.ietf-lisp-introduction] describes the 101 architecture of the Locator/ID Separation Protocol. It is expected 102 that the reader is familiar with this introductory document. 104 This document obsoletes [RFC6834], which is the initial experimental 105 specifications of the mechanisms updated by this document. 107 The basic mechanism is to associate a Map-Version number to each LISP 108 EID-to-RLOC mapping and transport such a version number in the LISP- 109 specific header. When a mapping changes, a new version number is 110 assigned to the updated mapping. A change in an EID-to-RLOC mapping 111 can be a modification in the RLOCs set such as addition, removal, or 112 change in priority or weight of one or more RLOCs. 114 When Map-Versioning is used, LISP-encapsulated data packets contain 115 the version number of the two mappings used to select the RLOCs in 116 the outer header (i.e., both source and destination RLOCs). This 117 operation is two-fold. On the one hand, it enables the ETR (Egress 118 Tunnel Router) receiving the packet to know if the ITR (Ingress 119 Tunnel Router) is using the latest mapping version for the 120 destination EID. If this is not the case, the ETR can directly send 121 a Map-Request containing the updated mapping to the ETR, to notify it 122 of the latest version. The ETR can also solicit the ITR to trigger a 123 Map-Request to obtain the latest mapping by sending it a Solicit Map- 124 Request (SMR) message. Both cases are defined in 125 [I-D.ietf-lisp-rfc6833bis]. On the other hand, it enables an ETR 126 receiving such a packet to know if it has in its EID-to-RLOC Map- 127 Cache the latest mapping for the source EID. If this is not the 128 case, a Map-Request can be sent. 130 Considerations about the deployment of LISP Map-Versioning are 131 discussed in Section 9. 133 2. Requirements Notation 135 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 136 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 137 "OPTIONAL" in this document are to be interpreted as described in BCP 138 14 [RFC2119] [RFC8174] when, and only when, they appear in all 139 capitals, as shown here. 141 3. Definitions of Terms 143 This document uses terms already defined in the main LISP 144 specification ([I-D.ietf-lisp-rfc6830bis], 145 [I-D.ietf-lisp-rfc6833bis]). Here, we define the terms that are 146 specific to the Map-Versioning mechanism. Throughout the whole 147 document, Big Endian bit ordering is used. 149 Map-Version number: An unsigned 12-bit integer is assigned to an 150 EID-to-RLOC mapping, indicating its version number (Section 6). 152 Null Map-Version: A Map-Version number with a value of 0x000 (zero), 153 used to signal that the Map-Version feature is not used and no Map- 154 Version number is assigned to the EID-to-RLOC mapping 155 (Section 6.1). 157 Dest Map-Version number: Map-Version of the mapping in the EID-to- 158 RLOC Map-Cache used by the ITR to select the RLOC present in the 159 "Destination Routing Locator" field of the outer IP header of LISP- 160 encapsulated packets (Section 7.1). 162 Source Map-Version number: Map-Version of the mapping in the EID-to- 163 RLOC Database used by the ITR to select the RLOC present in the 164 "Source Routing Locator" field of the outer IP header of LISP- 165 encapsulated packets (Section 7.2). 167 4. LISP Header and Map-Version Numbers 169 In order for the versioning approach to work, the LISP-specific 170 header has to carry both the Source Map-Version number and Dest Map- 171 Version number. This is done by setting the V-bit in the LISP- 172 specific header as specified in [I-D.ietf-lisp-rfc6830bis] and shown 173 in the example in Figure 1. All permissible combinations of the 174 flags when the V-bit is set to 1 are described in 175 [I-D.ietf-lisp-rfc6830bis]. Not all of the LISP-encapsulated packets 176 need to carry version numbers. When the V-bit is set, the LISP 177 header has the following encoding: 179 0 1 2 3 180 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 |N|L|E|V|I|R|K|K| Source Map-Version | Dest Map-Version | 183 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 | Instance ID/Locator-Status-Bits | 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 Figure 1: LISP-Specific header example when Map-Versioning is in use. 189 Source Map-Version number (12 bits): Map-Version of the mapping in 190 the EID-to-RLOC Database used by the ITR to select the RLOC present 191 in the "Source Routing Locator" field of the outer IP header of 192 LISP-encapsulated packets. Section 7.2 describes how to set this 193 value on transmission and handle it on reception. 195 Dest Map-Version number (12 bits): Map-Version of the mapping in the 196 EID-to-RLOC Map-Cache used by the ITR to select the RLOC present in 197 the "Destination Routing Locator" field of the outer IP header of 198 LISP-encapsulated packets. Section 7.1 describes how to set this 199 value on transmission and handle it on reception. 201 5. Map Record and Map-Version 203 To accommodate the mechanism, the Map Records that are transported in 204 Map-Request/Map-Reply/Map-Register messages need to carry the Map- 205 Version number as well. For reference, the Map Record (specified in 206 [I-D.ietf-lisp-rfc6833bis]) is reported here as an example in 207 Figure 2. 209 0 1 2 3 210 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 211 +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 | | Record TTL | 213 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 R | Locator Count | EID mask-len | ACT |A| Reserved | 215 e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 c | Rsvd | Map-Version Number | EID-Prefix-AFI | 217 o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 r | EID-Prefix | 219 d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | /| Priority | Weight | M Priority | M Weight | 221 | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | o | Unused Flags |L|p|R| Loc-AFI | 223 | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | \| Locator | 225 +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 Figure 2: Map-Record format example. 229 Map-Version Number: Map-Version of the mapping contained in the 230 Record. As explained in Section 6.1, this field can be zero (0), 231 meaning that no Map-Version is associated to the mapping. 233 This packet format is backward compatible with xTRs that do not 234 support Map-Versioning, since they can simply ignore those bits. 236 6. EID-to-RLOC Map-Version Number 238 The EID-to-RLOC Map-Version number consists of an unsigned 12-bit 239 integer. The version number is assigned on a per-mapping basis, 240 meaning that different mappings have a different version number, 241 which is also updated independently. An update in the version number 242 (i.e., a newer version) consists of incrementing by one the older 243 version number (only exception is for the Null Map-Version as 244 explained in at the end of Section 6.1). 246 The space of version numbers has a circular order where half of the 247 version numbers are greater (i.e., newer) than the current Map- 248 Version number and the other half of the version numbers are smaller 249 (i.e., older) than the current Map-Version number. In a more formal 250 way, assuming that we have two version numbers V1 and V2 and that the 251 numbers are expressed on N bits, the following steps MUST be 252 performed (in the same order as shown below) to strictly define their 253 order: 255 1. V1 = V2 : The Map-Version numbers are the same. 257 2. V2 > V1 : if and only if 259 V2 > V1 AND (V2 - V1) <= 2**(N-1) 261 OR 263 V1 > V2 AND (V1 - V2) > 2**(N-1) 265 3. V1 > V2 : otherwise. 267 Using 12 bits, as defined in this document, and assuming a Map- 268 Version value of 69, Map-Version numbers in the range [70; 69 + 2048] 269 are greater than 69, while Map-Version numbers in the range [69 + 270 2049; (69 + 4096) mod 4096] are smaller than 69. 272 The initial Map-Version number of a new EID-to-RLOC mapping SHOULD be 273 assigned randomly, but it MUST NOT be set to the Null Map-Version 274 value (0x000), because the Null Map-Version number has a special 275 meaning (see Section 6.1). Optionally, the initial Map-version 276 number may be configured. 278 Upon reboot, an ETR will use mappings configured in its EID-to-RLOC 279 Database. If those mappings have a Map-Version number, it will be 280 used according to the mechanisms described in this document. ETRs 281 MUST NOT automatically generate and assign Map-Version numbers to 282 mappings in the EID-to-RLOC Database. 284 6.1. The Null Map-Version 286 The value 0x000 (zero) is a special Map-Version number indicating 287 that there is actually no version number associated to the EID-to- 288 RLOC mapping. Such a value is used for special purposes and is named 289 the Null Map-Version number. 291 Map Records that have a Null Map-Version number indicate that there 292 is no Map-Version number associated with the mapping. This means 293 that LISP-encapsulated packets destined to the EID-Prefix referred to 294 by the Map Record MUST NOT contain any Map-Version numbers (V bit set 295 to 0). If an ETR receives LISP-encapsulated packets with the V-bit 296 set, when the original mapping in the EID-to-RLOC Database has the 297 version number set to the Null Map-Version value, then those packets 298 MUST be silently dropped. 300 The Null Map-Version may appear in the LISP-specific header as a 301 Source Map-Version number (Section 7.2). When the Source Map-Version 302 number is set to the Null Map-Version value, it means that no map 303 version information is conveyed for the source site. This means that 304 if a mapping exists for the source EID in the EID-to-RLOC Map-Cache, 305 then the ETR MUST NOT compare the received Null Map-Version with the 306 content of the EID-to-RLOC Map-Cache (Section 7.2). 308 The fact that the 0 value has a special meaning for the Map-Version 309 number implies that, when updating a Map-Version number because of a 310 change in the mapping, if the next value is 0, then the Map-Version 311 number MUST be incremented by 2 (i.e., set to 1 (0x001), which is the 312 next valid value). 314 7. Dealing with Map-Version Numbers 316 The main idea of using Map-Version numbers is that whenever there is 317 a change in the mapping (e.g., adding/removing RLOCs, a change in the 318 weights due to Traffic Engineering policies, or a change in the 319 priorities) or a LISP site realizes that one or more of its own RLOCs 320 are not reachable anymore from a local perspective (e.g., through 321 IGP, or policy changes) the LISP site updates the mapping, also 322 assigning a new Map-Version number. 324 An ETR receiving a LISP packet with Map-Version numbers SHOULD check 325 the following predicates: 327 1. The ITR that has sent the packet has an up-to-date mapping in its 328 EID-to-RLOC Map-Cache for the destination EID and is performing 329 encapsulation correctly. 331 2. In the case of bidirectional traffic, the mapping in the local 332 ETR EID-to-RLOC Map-Cache for the source EID is up to date. 334 If one or both of the above predicates do not hold, the ETR SHOULD 335 send a Map-Request either to make the ITR aware that a new mapping is 336 available (see Section 7.1) or to update the mapping in the local 337 EID-to-RLOC Map-Cache (see Section 7.2). 339 7.1. Handling Destination Map-Version Number 341 When an ETR receives a packet, the Dest Map-Version number relates to 342 the mapping for the destination EID for which the ETR is an RLOC. 343 This mapping is part of the ETR EID-to-RLOC Database. Since the ETR 344 is authoritative for the mapping, it has the correct and up-to-date 345 Dest Map-Version number. A check on this version number SHOULD be 346 done, where the following cases can arise: 348 1. The packet arrives with the same Dest Map-Version number stored 349 in the EID-to-RLOC Database. This is the regular case. The ITR 350 sending the packet has in its EID-to-RLOC Map-Cache an up-to-date 351 mapping. No further actions are needed. 353 2. The packet arrives with a Dest Map-Version number greater (i.e., 354 newer) than the one stored in the EID-to-RLOC Database. Since 355 the ETR is authoritative on the mapping, meaning that the Map- 356 Version number of its mapping is the correct one, this implies 357 that someone is not behaving correctly with respect to the 358 specifications. In this case, the packet carries a version 359 number that is not valid and packet MUST be silently dropped. 361 3. The packets arrive with a Dest Map-Version number smaller (i.e., 362 older) than the one stored in the EID-to-RLOC Database. This 363 means that the ITR sending the packet has an old mapping in its 364 EID-to-RLOC Map-Cache containing stale information. The ETR MAY 365 choose to normally process the encapsulated datagram according to 366 [I-D.ietf-lisp-rfc6830bis]; however, the ITR sending the packet 367 SHOULD be informed that a newer mapping is available. This is 368 done with a Map-Request message sent back to the ITR, as 369 specified in [I-D.ietf-lisp-rfc6833bis]. One feature introduced 370 by Map-Version numbers is the possibility of blocking traffic not 371 using the latest mapping. This is because either the ITR is 372 refusing to use the mapping for which the ETR is authoritative, 373 or (worse) it might be some form of attack. According to rate 374 limitation policy defined in [I-D.ietf-lisp-rfc6833bis] for Map- 375 Request messages, after 10 retries Map-Requests are sent every 30 376 seconds, if in the meantime the Dest Map-Version number in the 377 packets is not updated, the ETR SHOULD drop packets with a stale 378 Map-Version number, unless the traffic is considered safe (e.g. 380 in private deployments this can indicate an issue in the ITR, but 381 not malicious traffic). 383 The rule in the third case may be more restrictive. If the Record 384 TTL of the previous mapping has already expired, all packets arriving 385 with an old Map-Version SHOULD be silently dropped right away without 386 issuing any Map-Request, unless the traffic is considered safe (e.g. 387 private deployment). Such action is permitted because if the new 388 mapping with the updated version number has been unchanged for at 389 least the same time as the Record TTL of the older mapping, all the 390 entries in the EID-to-RLOC Map-Caches of ITRs must have expired. 391 Hence, all ITRs sending traffic should have refreshed the mapping 392 according to [I-D.ietf-lisp-rfc6833bis]. If packets with old Map- 393 Version numbers are still received, then either someone has not 394 respected the Record TTL or it is a form of spoof/attack. In both 395 cases, this is not valid behavior with respect to the specifications. 397 LISP-encapsulated packets cannot transport a Dest Map-Version number 398 equal to the Null Map-Version number, because in this case the ETR is 399 signaling that Map-Version numbers are not used for the mapping of 400 the destination EID (see Section 6.1). 402 7.2. Handling Source Map-Version Number 404 When an ETR receives a packet, the Source Map-Version number relates 405 to the mapping for the source EID for which the ITR that sent the 406 packet is authoritative. If the ETR has an entry in its EID-to-RLOC 407 Map-Cache for the source EID, then a check SHOULD be performed and 408 the following cases can arise: 410 1. The packet arrives with the same Source Map-Version number as 411 that stored in the EID-to-RLOC Map-Cache. This is the regular 412 case. The ETR has in its EID-to-RLOC Map-Cache an up-to-date 413 copy of the mapping. No further actions are needed. 415 2. The packet arrives with a Source Map-Version number greater 416 (i.e., newer) than the one stored in the local EID-to-RLOC Map- 417 Cache. This means that the ETR has in its EID-to-RLOC Map-Cache 418 a mapping that is stale and needs to be updated. A Map-Request 419 SHOULD be sent to get the new mapping for the source EID, 420 respecting rate-limitation policies described in 421 [I-D.ietf-lisp-rfc6833bis]. 423 3. The packet arrives with a Source Map-Version number smaller 424 (i.e., older) than the one stored in the local EID-to-RLOC Map- 425 Cache. Such a case is not valid with respect to the 426 specifications. Indeed, if the mapping is already present in the 427 EID-to-RLOC Map-Cache, this means that an explicit Map-Request 428 has been sent and a Map-Reply has been received from an 429 authoritative source. In this situation, the packet SHOULD be 430 silently dropped, unless considered safe to accept the traffic 431 (e.g. private deployments, where it can indicate a 432 misconfiguration). 434 If the ETR does not have an entry in the EID-to-RLOC Map-Cache for 435 the source EID, then the Source Map-Version number MUST be ignored. 437 8. Security Considerations 439 Attackers can try to trigger a large number of Map-Requests by simply 440 forging packets with random Map-Versions. The Map-Requests are rate- 441 limited as described in [I-D.ietf-lisp-rfc6833bis]. With Map- 442 Versioning it is possible to filter packet carrying invalid version 443 numbers before triggering a Map-Request, thus helping to reduce the 444 effects of DoS attacks. However, it might not be enough to really 445 protect from a DDoS attack. 447 This document builds on the specification and operation of the LISP 448 control and data planes. The Security Considerations of 449 [I-D.ietf-lisp-rfc6830bis] and [I-D.ietf-lisp-rfc6833bis] apply. A 450 thorough security analysis of LISP is documented in [RFC7835]. 452 Map-Versioning MUST NOT be used over the public Internet and SHOULD 453 only be used in trusted and closed deployments. 455 9. Deployment Considerations 457 LISP requires ETRs to provide the same mapping for the same EID- 458 Prefix to a requester. Map-Versioning does not require additional 459 synchronization mechanisms. Clearly, all the ETRs have to reply with 460 the same mapping including same Map-Version number; otherwise, there 461 can be an inconsistency that creates additional control traffic, 462 instabilities, and traffic disruptions. 464 There are two ways Map-Versioning is helpful with respect to 465 synchronization. On the one hand, assigning version numbers to 466 mappings helps in debugging, since quick checks on the consistency of 467 the mappings on different ETRs can be done by looking at the Map- 468 Version number. On the other hand, Map-Versioning can be used to 469 control the traffic toward ETRs that announce the latest mapping. 471 As an example, let's consider the topology of Figure 3 where ITR A.1 472 of Domain A is sending unidirectional traffic to Domain B, while A.2 473 of Domain A exchanges bidirectional traffic with Domain B. In 474 particular, ITR A.2 sends traffic to ETR B, and ETR A.2 receives 475 traffic from ITR B. 477 +-----------------+ +-----------------+ 478 | Domain A | | Domain B | 479 | +---------+ | | 480 | | ITR A.1 |--- | | 481 | +---------+ \ +---------+ | 482 | | ------->| ETR B | | 483 | | ------->| | | 484 | +---------+ / | | | 485 | | ITR A.2 |--- -----| ITR B | | 486 | | | / +---------+ | 487 | | ETR A.2 |<----- | | 488 | +---------+ | | 489 | | | | 490 +-----------------+ +-----------------+ 492 Figure 3: Example topology. 494 Obviously, in the case of Map-Versioning, both ITR A.1 and ITR A.2 of 495 Domain A must use the same value; otherwise, the ETR of Domain B will 496 start to send Map-Requests. 498 The same problem can, however, arise without Map-Versioning, for 499 instance, if the two ITRs of Domain A send different Locator-Status- 500 Bits. In this case, either the traffic is disrupted if ETR B does 501 not verify reachability, or if ETR B will start sending Map-Requests 502 to confirm each change in reachability. 504 So far, LISP does not provide any specific synchronization mechanism 505 but assumes that synchronization is provided by configuring the 506 different xTRs consistently. The same applies for Map-Versioning. 507 If in the future any synchronization mechanism is provided, Map- 508 Versioning will take advantage of it automatically, since it is 509 included in the Map Record format, as described in Section 5. 511 10. IANA Considerations 513 This document includes no request to IANA. 515 11. References 517 11.1. Normative References 519 [I-D.ietf-lisp-rfc6830bis] 520 Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. 521 Cabellos-Aparicio, "The Locator/ID Separation Protocol 522 (LISP)", draft-ietf-lisp-rfc6830bis-36 (work in progress), 523 November 2020. 525 [I-D.ietf-lisp-rfc6833bis] 526 Farinacci, D., Maino, F., Fuller, V., and A. Cabellos- 527 Aparicio, "Locator/ID Separation Protocol (LISP) Control- 528 Plane", draft-ietf-lisp-rfc6833bis-30 (work in progress), 529 November 2020. 531 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 532 Requirement Levels", BCP 14, RFC 2119, 533 DOI 10.17487/RFC2119, March 1997, 534 . 536 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 537 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 538 May 2017, . 540 11.2. Informative References 542 [I-D.ietf-lisp-introduction] 543 Cabellos-Aparicio, A. and D. Saucez, "An Architectural 544 Introduction to the Locator/ID Separation Protocol 545 (LISP)", draft-ietf-lisp-introduction-13 (work in 546 progress), April 2015. 548 [RFC6832] Lewis, D., Meyer, D., Farinacci, D., and V. Fuller, 549 "Interworking between Locator/ID Separation Protocol 550 (LISP) and Non-LISP Sites", RFC 6832, 551 DOI 10.17487/RFC6832, January 2013, 552 . 554 [RFC6834] Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID 555 Separation Protocol (LISP) Map-Versioning", RFC 6834, 556 DOI 10.17487/RFC6834, January 2013, 557 . 559 [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID 560 Separation Protocol (LISP) Threat Analysis", RFC 7835, 561 DOI 10.17487/RFC7835, April 2016, 562 . 564 Appendix A. Benefits and Case Studies for Map-Versioning 566 In the following sections, we provide more discussion on various 567 aspects and uses of Map-Versioning. Security observations are 568 grouped in Section 8. 570 A.1. Map-Versioning and Unidirectional Traffic 572 When using Map-Versioning, the LISP-specific header carries two Map- 573 Version numbers, for both source and destination mappings. This can 574 raise the question on what will happen in the case of unidirectional 575 flows, for instance, in the case presented in Figure 4, since the 576 LISP specifications do not mandate that the ETR have a mapping from 577 the source EID. 579 +-----------------+ +-----------------+ 580 | Domain A | | Domain B | 581 | +---------+ +---------+ | 582 | | ITR A |----------->| ETR B | | 583 | +---------+ +---------+ | 584 | | | | 585 +-----------------+ +-----------------+ 587 Figure 4: Unidirectional traffic between LISP domains. 589 An ITR is able to put both the source and destination version numbers 590 in the LISP header since the Source Map-Version number is in its 591 database while the Destination Map-Version number is in its cache. 593 The ETR checks only the Dest Map-Version number as described in 594 Section 7, ignoring the Source Map-Version number. 596 A.2. Map-Versioning and Interworking 598 Map-Versioning is compatible with the LISP interworking between LISP 599 and non-LISP sites as defined in [RFC6832]. LISP interworking 600 defines three techniques to make LISP sites and non-LISP sites, 601 namely Proxy-ITR, LISP-NAT, and Proxy-ETR. The following text 602 describes how Map-Versioning relates to these three mechanisms. 604 A.2.1. Map-Versioning and Proxy-ITRs 606 The purpose of the Proxy-ITR (PITR) is to encapsulate traffic 607 originating in a non-LISP site in order to deliver the packet to one 608 of the ETRs of the LISP site (cf. Figure 5). This case is very 609 similar to the unidirectional traffic case described in Appendix A.1; 610 hence, similar rules apply. 612 +----------+ +-------------+ 613 | LISP | | non-LISP | 614 | Domain A | | Domain B | 615 | +-------+ +-----------+ | | 616 | | ETR A |<-------| Proxy ITR |<-------| | 617 | +-------+ +-----------+ | | 618 | | | | 619 +----------+ +-------------+ 621 Figure 5: Unidirectional traffic from non-LISP domain to LISP domain. 623 The main difference is that a Proxy-ITR does not have any mapping, 624 since it just encapsulates packets arriving from the non-LISP site, 625 and thus cannot provide a Source Map-Version. In this case, the 626 proxy-ITR will just put the Null Map-Version value as the Source Map- 627 Version number, while the receiving ETR will ignore the field. 629 With this setup, LISP Domain A is able to check whether or not the 630 PITR is using the latest mapping. 632 A.2.2. Map-Versioning and LISP-NAT 634 The LISP-NAT mechanism is based on address translation from non- 635 routable EIDs to routable EIDs and does not involve any form of 636 encapsulation. As such, Map-Versioning does not apply in this case. 638 A.2.3. Map-Versioning and Proxy-ETRs 640 The purpose of the Proxy-ETR (PETR) is to decapsulate traffic 641 originating in a LISP site in order to deliver the packet to the non- 642 LISP site (cf. Figure 6). One of the main reasons to deploy PETRs 643 is to bypass uRPF (Unicast Reverse Path Forwarding) checks on the 644 provider edge. 646 +----------+ +-------------+ 647 | LISP | | non-LISP | 648 | Domain A | | Domain B | 649 | +-------+ +-----------+ | | 650 | | ITR A |------->| Proxy ETR |------->| | 651 | +-------+ +-----------+ | | 652 | | | | 653 +----------+ +-------------+ 655 Figure 6: Unidirectional traffic from LISP domain to non-LISP domain. 657 A Proxy-ETR does not have any mapping, since it just decapsulates 658 packets arriving from the LISP site. In this case, the ITR can 659 interchangeably put a Map-Version value or the Null Map-Version value 660 as the Dest Map-Version number since the receiving Proxy-ETR will 661 ignore the field. 663 With this setup, the Proxy-ETR is able to check whether or not the 664 mapping has changed. 666 A.3. RLOC Shutdown/Withdraw 668 Map-Versioning can also be used to perform a graceful shutdown or 669 withdraw of a specific RLOC. This is achieved by simply issuing a 670 new mapping, with an updated Map-Version number where the specific 671 RLOC to be shut down is withdrawn or announced as unreachable (via 672 the R bit in the Map Record; see [I-D.ietf-lisp-rfc6833bis]), but 673 without actually turning it off. 675 Once no more traffic is received by the RLOC, it can be shut down 676 gracefully, because all sites actively using the mapping have updated 677 it. 679 Authors' Addresses 681 Luigi Iannone 682 Huawei Technologies France 684 EMail: luigi.iannone@huawei.com 686 Damien Saucez 687 INRIA 689 EMail: damien.saucez@inria.fr 691 Olivier Bonaventure 692 Universite catholique de Louvain 694 EMail: olivier.bonaventure@uclouvain.be