idnits 2.17.1 draft-ietf-mpls-lsp-ping-relay-reply-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4379, updated by this document, for RFC5378 checks: 2002-03-27) -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 2, 2014) is 3670 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4379 (Obsoleted by RFC 8029) == Outdated reference: A later version (-07) exists of draft-ietf-mpls-seamless-mpls-06 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Luo, Ed. 3 Internet-Draft ZTE 4 Updates: 4379 (if approved) L. Jin, Ed. 5 Intended status: Standards Track 6 Expires: October 4, 2014 T. Nadeau, Ed. 7 Lucidvision 8 G. Swallow, Ed. 9 Cisco 10 April 2, 2014 12 Relayed Echo Reply mechanism for LSP Ping 13 draft-ietf-mpls-lsp-ping-relay-reply-03 15 Abstract 17 In some inter autonomous system (AS) and inter-area deployment 18 scenarios for RFC 4379 "Label Switched Path (LSP) Ping and 19 Traceroute", a replying LSR may not have the available route to the 20 initiator, and the Echo Reply message sent to the initiator would be 21 discarded resulting in false negatives or complete failure of 22 operation of LSP Ping and Traceroute. This document describes 23 extensions to LSP Ping mechanism to enable the replying Label 24 Switching Router (LSR) to have the capability to relay the Echo 25 Response by a set of routable intermediate nodes to the initiator. 26 This document updates RFC 4379. 28 Status of this Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on October 4, 2014. 45 Copyright Notice 47 Copyright (c) 2014 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 This document may contain material from IETF Documents or IETF 61 Contributions published or made publicly available before November 62 10, 2008. The person(s) controlling the copyright in some of this 63 material may not have granted the IETF Trust the right to allow 64 modifications of such material outside the IETF Standards Process. 65 Without obtaining an adequate license from the person(s) controlling 66 the copyright in such materials, this document may not be modified 67 outside the IETF Standards Process, and derivative works of it may 68 not be created outside the IETF Standards Process, except to format 69 it for publication as an RFC or to translate it into languages other 70 than English. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 75 1.1. Conventions Used in This Document . . . . . . . . . . . . 4 76 2. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 4 77 3. Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 6 78 3.1. Relayed Echo Reply message . . . . . . . . . . . . . . . . 6 79 3.2. Relay Node Address Stack . . . . . . . . . . . . . . . . . 6 80 3.3. New Return Code . . . . . . . . . . . . . . . . . . . . . 8 81 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 8 82 4.1. Sending an Echo Request . . . . . . . . . . . . . . . . . 8 83 4.2. Receiving an Echo Request . . . . . . . . . . . . . . . . 8 84 4.3. Originating an Relayed Echo Reply . . . . . . . . . . . . 9 85 4.4. Relaying an Relayed Echo Reply . . . . . . . . . . . . . . 9 86 4.5. Sending an Echo Reply . . . . . . . . . . . . . . . . . . 10 87 4.6. Receiving an Echo Reply . . . . . . . . . . . . . . . . . 10 88 5. LSP Ping Relayed Echo Reply Example . . . . . . . . . . . . . 10 89 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 90 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . . 12 91 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 92 8.1. New Message Type . . . . . . . . . . . . . . . . . . . . . 13 93 8.2. New TLV . . . . . . . . . . . . . . . . . . . . . . . . . 13 94 8.3. New Return Code . . . . . . . . . . . . . . . . . . . . . 13 95 9. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 14 96 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14 97 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 98 11.1. Normative References . . . . . . . . . . . . . . . . . . . 14 99 11.2. Informative References . . . . . . . . . . . . . . . . . . 14 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 102 1. Introduction 104 This document describes the extensions to the Label Switched Path 105 (LSP) Ping as specified in [RFC4379], by adding a relayed echo reply 106 mechanism which could be used to detect data plane failures for the 107 inter autonomous system (AS) and inter-area LSPs. The extensions are 108 to update the [RFC4379]. Without these extensions, the ping 109 functionality provided by [RFC4379] would fail in many deployed 110 inter-AS scenarios, since the replying LSR in one AS may not have the 111 available route to the initiator in the other AS. The mechanism in 112 this document defines a new message type referred as "Relayed Echo 113 Reply message", and a new TLV referred as "Relay Node Address Stack 114 TLV". 116 1.1. Conventions Used in This Document 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 120 document are to be interpreted as described in [RFC2119]. 122 2. Motivation 124 LSP Ping [RFC4379] defines a mechanism to detect the data plane 125 failures and localize faults. The mechanism specifies that the Echo 126 Reply should be sent back to the initiator using an UDP packet with 127 the IPv4/ IPv6 address of the originating LSR. This works in 128 administrative domains where IP addresses reachability are allowed 129 among LSRs, and every LSR is able to route back to the originating 130 LSR. However, in practice, this is often not the case due to intra- 131 provider routing policy, route hiding, and network address 132 translation at autonomous system border routers (ASBR). In fact, it 133 is almost uniformly the case that in inter-AS scenarios, it is not 134 allowed the distribution or direct routing to the IP addresses of any 135 of the nodes other than the ASBR in another AS. 137 Figure 1 demonstrates a case where one LSP is set up between PE1 and 138 PE2. If private addresses were in use within AS1, a traceroute from 139 PE1 directed to PE2 could fail if the fault exists somewhere between 140 ASBR2 and PE2. Because P2 cannot forward packets back to PE1 given 141 that it is a private address within AS1. In this case, PE1 would 142 detect a path break, as the Echo Reply messages would not be 143 received. Then localization of the actual fault would not be 144 possible. 146 +-------+ +-------+ +------+ +------+ +------+ +------+ 147 | | | | | | | | | | | | 148 | PE1 +---+ P1 +---+ ASBR1+---+ ASBR2+---+ P2 +---+ PE2 | 149 | | | | | | | | | | | | 150 +-------+ +-------+ +------+ +------+ +------+ +------+ 151 <---------------AS1-------------><---------------AS2------------> 152 <---------------------------- LSP ------------------------------> 154 Figure 1: Simple Inter-AS LSP Configuration 156 A second example that illustrates how [RFC4379] would be insufficient 157 would be the inter-area situation in a seamless MPLS architecture 158 [I-D.ietf-mpls-seamless-mpls] as shown below in Figure 2. In this 159 example LSRs in the core network would not have IP reachable route to 160 any of the ANs. When tracing an LSP from one AN to the remote AN, 161 the LSR1/LSR2 node could not make a response to the Echo Request 162 either, like the P2 node in the inter-AS scenario in Figure 1. 164 +-------+ +-------+ +------+ +------+ 165 | | | | | | | | 166 +--+ AGN11 +---+ AGN21 +---+ ABR1 +---+ LSR1 +--> to AGN 167 / | | /| | | | | | 168 +----+/ +-------+\/ +-------+ +------+ /+------+ 169 | AN | /\ \/ 170 +----+\ +-------+ \+-------+ +------+/\ +------+ 171 \ | | | | | | \| | 172 +--+ AGN12 +---+ AGN22 +---+ ABR2 +---+ LSR2 +--> to AGN 173 | | | | | | | | 174 +-------+ +-------+ +------+ +------+ 175 static route ISIS L1 LDP ISIS L2 LDP 176 <-Access-><--Aggregation Domain--><---------Core---------> 178 Figure 2: Seamless MPLS Architecture 180 This document describes extensions to the LSP Ping mechanism to 181 facilitate a response from the replying LSR, by defining a simple 182 mechanism that uses a relay node (e.g, ASBR) to relay the message 183 back to the initiator. Every designated or learned relay node must 184 have an IP route to the next relay node or to the initiator. Using a 185 recursive approach, relay node could relay the message to the next 186 relay node until the initiator is reached. 188 3. Extensions 190 [RFC4379] describes the basic MPLS LSP Ping mechanism, which defines 191 two message types, Echo Request and Echo Reply message. This 192 document defines a new message, Relayed Echo Reply message. This new 193 message is used to replace Echo Reply message which is sent from the 194 replying LSR to a relay node or from a relay node to another relay 195 node. 197 A new TLV named Relay Node Address Stack TLV is defined in this 198 document, to carry the IP addresses of the possible relay nodes for 199 the replying LSR. 201 In addition, a new Return Code is defined to notify the initiator 202 that the packet length is exceeded unexpected by the Relay Node 203 Address Stack TLV. 205 It should be noted that this document focuses only on detecting the 206 LSP which is set up using a uniform IP address family type. That is, 207 all hops between the source and destination node use the same address 208 family type for their LSP ping control planes. This does not 209 preclude nodes that support both IPv6 and IPv4 addresses 210 simultaneously, but the entire path must be addressable using only 211 one address family type. Supporting for mixed IPv4-only and IPv6- 212 only is beyond the scope of this document. 214 3.1. Relayed Echo Reply message 216 The Relayed Echo Reply message is a UDP packet, and the UDP payload 217 has the same format with Echo Request/Reply message. A new message 218 type is requested from IANA. 220 New Message Type: 221 Value Meaning 222 ----- ------- 223 TBD MPLS Relayed Echo Reply 225 The use of TCP and UDP port number 3503 is described in [RFC4379] and 226 has been allocated by IANA for LSP Ping messages. The Relayed Echo 227 Reply message will use the same port number. 229 3.2. Relay Node Address Stack 231 The Relay Node Address Stack TLV is an optional TLV. It MUST be 232 carried in the Echo Request, Echo Reply and Relayed Echo Reply 233 messages if the echo reply relayed mechanism described in this 234 document is required. Figure 3 illustrates the TLV format. 236 0 1 2 3 237 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 | Type | Length | 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 | Initiator Source Port | Number of Relayed Addresses | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | | 244 ~ Stack of Relayed Addresses ~ 245 | | 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 Figure 3: Relay Node Address Stack TLV 250 - Type: to be assigned by IANA. A value should be assigned from 251 32768-49161 as suggested by [RFC4379] Section 3. 253 - Length: the length of the value field in octets. 255 - Initiator Source Port: the source UDP port that the initiator 256 sends the Echo Request message, and also the port that is expected 257 to receive the Echo Reply message. 259 - Number of Relayed Addresses: an integer indicating the number of 260 relayed addresses in the stack. 262 - Stack of Relayed Addresses: a list of relay node addresses. 264 The format of each relay node address is as below: 266 0 1 2 3 267 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 268 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 269 | Address Type | Address Length| Reserved |K| 270 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 ~ Relayed Address (0, 4, or 16 octects) ~ 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 274 Type# Address Type Address Length 275 ---- ------------ ------------ 276 0 Unspecified 0 277 1 IPv4 4 278 2 IPv6 16 280 Reserved: This field is reserved and MUST be set to zero. 282 K bit: if the K bit is set to 1, then this sub-TLV MUST be kept in 283 Relay Node Address Stack during TLV compress process described in 284 section 4.2. The K bit may be set by ASBRs whose address would be 285 kept in the stack if necessary. 287 Relayed Address: this field specifies the node address, either IPv4 288 or IPv6. 290 3.3. New Return Code 292 A new Return Code is used by the replying LSR to notify the initiator 293 that the packet length is exceeded unexpected by the Relay Node 294 Address Stack TLV. 296 New Return Code: 297 Value Meaning 298 ----- ------- 299 TBD Response Packet length was exceeded by the Relay Node 300 Address Stack TLV unexpected 302 4. Procedures 304 4.1. Sending an Echo Request 306 In addition to the procedures described in section 4.3 of [RFC4379], 307 a Relay Node Address Stack TLV MUST be carried in the Echo Request 308 message to facilitate the relay functionality. 310 When the Echo Request is first sent by the initiator, a Relay Node 311 Address Stack TLV with the initiator address in the stack and its 312 source UDP port MUST be included. That will ensure that the first 313 relay node address in the stack will always be the initiator address. 315 For the subsequent Echo Request messages, the initiator would copy 316 the Relay Node Address Stack TLV from the received Echo Reply 317 message. 319 4.2. Receiving an Echo Request 321 In addition to the processes in section 4.4 of [RFC4379], the 322 procedures of the Relay Node Address Stack TLV are defined here. 324 Upon receiving a Relay Node Address Stack TLV of the Echo Request 325 message, the receiver MUST check the addresses of the stack in 326 sequence from top to bottom (the first address in the stack will be 327 the first one to be checked), to find out the first public routable 328 IP address. Those address entries behind of the first routable IP 329 address in the address list with K bit set to 0 MUST be deleted, and 330 the address entry of the replying LSR MUST be added at the bottom of 331 the stack. Those address entries with K bit set to 1 MUST be kept in 332 the stack. The updated Relay Node Address Stack TLV MUST be carried 333 in the response message. 335 If the replying LSR is configured to hide its routable address 336 information, the address entry added in the stack SHOULD be a blank 337 entry with Address Type set to unspecified. The blank address entry 338 in the receiving Echo Request SHOULD be treated as an unroutable 339 address entry. 341 If the packet length was exceeded unexpectedly by the Relay Node 342 Address Stack TLV, the TLV SHOULD be returned back unchanged in the 343 Echo Reply message. And the new return code in section 3.3 SHOULD be 344 used to notify the initiator of the situation. 346 If the first routable IP address is the first address in the stack, 347 the replying LSR SHOULD respond an Echo Reply message to the 348 initiator. 350 If the first routable IP address is an intermediate node, other than 351 the first address in the stack, the replying LSR SHOULD send a 352 Relayed Echo Reply instead of an Echo Reply as a response. 354 An LSR not recognize the Relay Node Address Stack TLV, SHOULD ignore 355 it according to section 3 of [RFC4379]. 357 4.3. Originating an Relayed Echo Reply 359 When the replying LSR receives an Echo Request with the first IP 360 address in the Relay Node Address Stack TLV is IP unroutable, the 361 replying LSR SHOULD send a Relayed Echo Reply message to the first 362 routable intermediate node. The processing of Relayed Echo Reply is 363 the same with the procedure of the Echo Reply described in Section 364 4.5 of [RFC4379], except the destination IP address and the 365 destination UDP port. The destination IP address of the Relayed Echo 366 Reply is set to the first routable IP address from the Relay Node 367 Address Stack TLV, and both the source and destination UDP port is 368 set to 3503. 370 4.4. Relaying an Relayed Echo Reply 372 Upon receiving an Relayed Echo Reply message with its own address as 373 the destination address in the IP header, the relay node SHOULD check 374 the address items in Relay Node Address Stack TLV in sequence from 375 top to down, and find the first routable node address. 377 If the first routable address is the top one of the address list, 378 e.g, the initiator address, the relay node SHOULD send an Echo Reply 379 message to the initiator containing the same payload with the Relayed 380 Echo Reply message received. See section 4.5 for detail. 382 If the first routable address is not the top one of the address list, 383 e.g, another intermediate relay node, the relay node SHOULD send an 384 Relayed Echo Reply message to this relay node with the payload 385 unchanged. 387 Note, the replying LSR SHOULD send a Relayed Echo Reply message to 388 the first relay node found in Relay Node Address Stack TLV that is 389 routable by the router. The routable address MUST be located before 390 the source IP address of the received Relayed Echo Reply which must 391 be also in the stack, otherwise the Relayed Echo Reply should not be 392 sent, so as to avoid potential loop. 394 4.5. Sending an Echo Reply 396 The Echo Reply is sent in two cases: 398 1. When the replying LSR receives an Echo Request with the first IP 399 address in the Relay Node Address Stack TLV IP routable, the replying 400 LSR would send an Echo Reply to the initiator. In addition to the 401 procedure of the Echo Reply described in Section 4.5 of [RFC4379], 402 the Relay Node Address Stack TLV would be carried in the Echo Reply. 404 2. When the intermediate relay node receives a Relayed Echo Reply 405 with the first IP address in the Relay Node Address Stack TLV IP 406 routable, the intermediate relay node would send the Echo Reply to 407 the initiator with the UDP payload unchanged other than the Message 408 Type field (change from type of Relayed Echo Reply to Echo Reply). 409 The destination IP address of the Echo Reply is set to the first IP 410 address in the stack, and the destination UDP port would be copied 411 from the Initiator Source Port field of the Relay Node Address Stack 412 TLV. The source UDP port should be 3503. 414 4.6. Receiving an Echo Reply 416 In addition to the processes in Section 4.6 of [RFC4379], the 417 initiator would copy the Relay Node Address Stack TLV received in the 418 Echo Reply to the next Echo Request. 420 5. LSP Ping Relayed Echo Reply Example 422 Considering the inter-AS scenario in Figure 4 below. 424 +-------+ +-------+ +------+ +------+ +------+ +------+ 425 | | | | | | | | | | | | 426 | PE1 +---+ P1 +---+ ASBR1+---+ ASBR2+---+ P2 +---+ PE2 | 427 | | | | | | | | | | | | 428 +-------+ +-------+ +------+ +------+ +------+ +------+ 429 <---------------AS1-------------><---------------AS2------------> 430 <--------------------------- LSP -------------------------------> 432 Figure 4: Example Inter-AS LSP 434 In the example, an LSP has been created between PE1 to PE2. When 435 performing LSP traceroute on the LSP, the first Echo Request sent by 436 PE1 with outer-most label TTL=1, contains the Relay Node Address 437 Stack TLV with PE1's address. 439 After processed by P1, P1's address will be added in the Relay Node 440 Address Stack TLV address list following PE1's address in the Echo 441 Reply. 443 PE1 copies the Relay Node Address Stack TLV into the next Echo 444 Request when receiving the Echo Reply. 446 Upon receiving the Echo Request, ASBR1 checks the address list in the 447 Relay Node Address Stack TLV in sequence, and finds out that PE1's 448 address is routable. Then deletes P1's address, and adds its own 449 address following PE1 address. As a result, there would be PE1's 450 address followed by ASBR1's address in the Relay Node Address Stack 451 TLV of the Echo Reply sent by ASBR1. 453 PE1 then sends an Echo Request with outer-most label TTL=3, 454 containing the Relay Node Address Stack TLV copied from the received 455 Echo Reply message. Upon receiving the Echo Request message, ASBR2 456 checks the address list in the Relay Node Address Stack TLV in 457 sequence, and finds out that PE1's address is IP route unreachable, 458 and ASBR1's address is the first routable one in the Relay Node 459 Address Stack TLV. ASBR2 adds its address as the last address item 460 following ASBR1's address in Relay Node Address Stack TLV, sets 461 ASBR1's address as the destination address of the Relayed Echo Reply, 462 and sends the Relayed Echo Reply to ASBR1. 464 Upon receiving the Relayed Echo Reply from ASBR2, ASBR1 checks the 465 address list in the Relay Node Address Stack TLV in sequence, and 466 finds out that PE1's address is first routable one in the address 467 list. Then ASBR1 sends an Echo Reply to PE1 with the payload of the 468 received Relayed Echo Reply no changes other than the Message Type 469 field. 471 For the Echo Request with outer-most label TTL=4, P2 checks the 472 address list in the Relay Node Address Stack TLV in sequence, and 473 finds out that both PE1's and ASBR1's addresses are not IP routable, 474 and ASBR2's address is the first routable address. Then P2 sends an 475 Relayed Echo Reply to ASBR2 with the Relay Node Address Stack TLV 476 containing four addresses, PE1's, ASBR1's, ASBR2's and P2's address 477 in sequence. 479 Then according to the process described in section 4.4, ASBR2 sends 480 the Relayed Echo Reply to ASBR1. Upon receiving the Relayed Echo 481 Reply, ASBR1 sends an Echo Reply to PE1 which is routable. And as 482 relayed by ASBR2 and ASBR1, the Echo Reply would finally be sent to 483 the initiator PE1. 485 For the Echo Request with outer-most label TTL=5, the Echo Reply 486 would relayed to PE1 by ASBR2 and ASBR1, similar to the case of 487 TTL=4. 489 The Echo Reply from the replying node which has no IP reachable route 490 to the initiator is finally transmitted to the initiator by multiple 491 relay nodes. 493 6. Security Considerations 495 The Relayed Echo Reply mechanism for LSP Ping creates an increased 496 risk of DoS by putting the IP address of a target router in the Relay 497 Node Address Stack. These messages then could be used to attack the 498 control plane of an LSR by overwhelming it with these packets. A 499 rate limiter SHOULD be applied to the well-known UDP port on the 500 relay node as suggested in [RFC4379]. The node which acts as a relay 501 node SHOULD validate the relay reply against a set of valid source 502 addresses and discard packets from untrusted border router addresses. 503 An implementation SHOULD provide such filtering capabilities. 505 If an operator wants to obscure their nodes, it is RECOMMENDED that 506 they may replace the replying node address that originated the Echo 507 Reply with blank address in Relay Node Address Stack TLV. 509 Other security considerations discussed in [RFC4379], are also 510 applicable to this document. 512 7. Backward Compatibility 514 When one of the nodes along the LSP does not support the mechanism 515 specified in this document, the node will ignore the Relay Node 516 Address Stack TLV as described in section 4.2. Then the initiator 517 may not receive the Relay Node Address Stack TLV in Echo Reply 518 message from that node. In this case, an indication should be 519 reported to the operator, and the Relay Node Address Stack TLV in the 520 next Echo Request message should be copied from the previous Echo 521 Request, and continue the ping process. If the node described above 522 is located between the initiator and the first relay node, the ping 523 process could continue without interruption. 525 8. IANA Considerations 527 IANA is requested to assign one new Message Type, one new TLV and one 528 new Return Code. 530 8.1. New Message Type 532 This document requires allocation of one new message type from 533 "Multi-Protocol Label Switching (MPLS) Label Switched Paths (LSPs) 534 Ping Parameters" registry, the "Message Type" registry: 536 Value Meaning 537 ----- ------- 538 TBD MPLS Relayed Echo Reply 540 The value should be assigned from the "Standards Action" range 541 (0-191), and using the lowest free value within this range. 543 8.2. New TLV 545 This document requires allocation of one new TLV from "Multi-Protocol 546 Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters" 547 registry, the "TLVs" registry: 549 Type Meaning 550 ---- -------- 551 TBD Relay Node Address Stack TLV 553 A suggested value should be assigned from "Standards Action" range 554 (32768-49161) as suggested by [RFC4379] Section 3, using the first 555 free value within this range. 557 8.3. New Return Code 559 This document requires allocation of one new return code from "Multi- 560 Protocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping 561 Parameters" registry, the "Return Codes" registry: 563 Value Meaning 564 ----- ------- 565 TBD Response Packet length was exceeded unexpected by the Relay 566 Node Address Stack TLV unexpected 568 The value should be assigned from the "Standards Action" range 569 (0-191), and using the lowest free value within this range. 571 9. Acknowledgement 573 The authors would like to thank Carlos Pignataro, Xinwen Jiao, Manuel 574 Paul, Loa Andersson, Wim Henderickx, Mach Chen, Thomas Morin and 575 Gregory Mirsky for their valuable comments and suggestions. 577 10. Contributors 579 Ryan Zheng 580 JSPTPD 581 371, Zhongshan South Road 582 Nanjing, 210006, China 583 Email: ryan.zhi.zheng@gmail.com 585 11. References 587 11.1. Normative References 589 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 590 Requirement Levels", BCP 14, RFC 2119, March 1997. 592 [RFC4379] Kompella, K. and G. Swallow, "Detecting Multi-Protocol 593 Label Switched (MPLS) Data Plane Failures", RFC 4379, 594 February 2006. 596 11.2. Informative References 598 [I-D.ietf-mpls-seamless-mpls] 599 Leymann, N., Decraene, B., Filsfils, C., Konstantynowicz, 600 M., and D. Steinberg, "Seamless MPLS Architecture", 601 draft-ietf-mpls-seamless-mpls-06 (work in progress), 602 February 2014. 604 Authors' Addresses 606 Jian Luo (editor) 607 ZTE 608 50, Ruanjian Avenue 609 Nanjing, 210012, China 611 Email: luo.jian@zte.com.cn 613 Lizhong Jin (editor) 614 Shanghai, China 616 Email: lizho.jin@gmail.com 618 Thomas Nadeau (editor) 619 Lucidvision 621 Email: tnadeau@lucidvision.com 623 George Swallow (editor) 624 Cisco 625 300 Beaver Brook Road 626 Boxborough , MASSACHUSETTS 01719, USA 628 Email: swallow@cisco.com