idnits 2.17.1 draft-ietf-softwire-mesh-multicast-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 423: '... in [4], and MUST be set to zero; "suffix" field is reserved for...' RFC 2119 keyword, line 424: '...e extensions and SHOULD be set to zero...' RFC 2119 keyword, line 457: '... AFBRs MUST be able to transport and...' RFC 2119 keyword, line 557: '.... Here, the E-IPv6 address of RP MUST...' RFC 2119 keyword, line 568: '...urces that support mesh multicast MUST...' (4 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 14, 2012) is 4298 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC4301' on line 779 == Unused Reference: '1' is defined on line 797, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 800, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 803, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 816, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 3991 (ref. '2') ** Obsolete normative reference: RFC 2373 (ref. '3') (Obsoleted by RFC 3513) ** Obsolete normative reference: RFC 4601 (ref. '5') (Obsoleted by RFC 7761) ** Downref: Normative reference to an Informational RFC: RFC 4925 (ref. '6') == Outdated reference: A later version (-06) exists of draft-ietf-mboned-64-multicast-address-format-02 Summary: 5 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Xu 3 Internet-Draft Y. Cui 4 Expires: January 15, 2013 J. Wu 5 S. Yang 6 Tsinghua University 7 C. Metz 8 G. Shepherd 9 Cisco Systems 10 July 14, 2012 12 Softwire Mesh Multicast 13 draft-ietf-softwire-mesh-multicast-03 15 Abstract 17 The Internet needs to support IPv4 and IPv6 packets. Both address 18 families and their attendant protocol suites support multicast of the 19 single-source and any-source varieties. As part of the transition to 20 IPv6, there will be scenarios where a backbone network running one IP 21 address family internally (referred to as internal IP or I-IP) will 22 provide transit services to attached client networks running another 23 IP address family (referred to as external IP or E-IP). It is 24 expected that the I-IP backbone will offer unicast and multicast 25 transit services to the client E-IP networks. 27 Softwire Mesh is a solution to E-IP unicast and multicast support 28 across an I-IP backbone. This document describes the mechanisms for 29 supporting Internet-style multicast across a set of E-IP and I-IP 30 networks supporting softwire mesh. 32 Status of this Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on January 15, 2013. 49 Copyright Notice 51 Copyright (c) 2012 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 This document may contain material from IETF Documents or IETF 65 Contributions published or made publicly available before November 66 10, 2008. The person(s) controlling the copyright in some of this 67 material may not have granted the IETF Trust the right to allow 68 modifications of such material outside the IETF Standards Process. 69 Without obtaining an adequate license from the person(s) controlling 70 the copyright in such materials, this document may not be modified 71 outside the IETF Standards Process, and derivative works of it may 72 not be created outside the IETF Standards Process, except to format 73 it for publication as an RFC or to translate it into languages other 74 than English. 76 Table of Contents 78 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 79 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 80 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 7 81 3.1. IPv4-over-IPv6 . . . . . . . . . . . . . . . . . . . . . . 7 82 3.2. IPv6-over-IPv4 . . . . . . . . . . . . . . . . . . . . . . 8 83 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . . 10 84 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . . 10 85 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 10 86 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . . 11 87 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 12 88 5. IPv6-over-IPv4 Mechanism . . . . . . . . . . . . . . . . . . . 14 89 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . . 14 90 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 14 91 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . . 14 92 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 15 93 6. Actions performed by AFBR . . . . . . . . . . . . . . . . . . 17 94 6.1. E-IP (*,G) state maintenance . . . . . . . . . . . . . . . 17 95 6.2. E-IP (S,G) state maintenance . . . . . . . . . . . . . . . 17 96 6.3. I-IP (S',G') state maintenance . . . . . . . . . . . . . . 17 97 6.4. E-IP (S,G,rpt) state maintenance . . . . . . . . . . . . . 17 98 6.5. Inter-AFBR signaling . . . . . . . . . . . . . . . . . . . 17 99 6.6. Process and forward multicast data . . . . . . . . . . . . 19 100 6.7. SPT switchover . . . . . . . . . . . . . . . . . . . . . . 19 101 7. Other Considerations . . . . . . . . . . . . . . . . . . . . . 21 102 7.1. Other PIM Message Types . . . . . . . . . . . . . . . . . 21 103 7.2. Selecting a Tunneling Technology . . . . . . . . . . . . . 21 104 7.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 105 7.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 21 106 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 107 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 108 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 109 10.1. Normative References . . . . . . . . . . . . . . . . . . . 24 110 10.2. Informative References . . . . . . . . . . . . . . . . . . 24 111 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 25 112 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 114 1. Introduction 116 The Internet needs to support IPv4 and IPv6 packets. Both address 117 families and their attendant protocol suites support multicast of the 118 single-source and any-source varieties. As part of the transition to 119 IPv6, there will be scenarios where a backbone network running one IP 120 address family internally (referred to as internal IP or I-IP) will 121 provide transit services to attached client networks running another 122 IP address family (referred to as external IP or E-IP). 124 The preferred solution is to leverage the multicast functions 125 inherent in the I-IP backbone, to efficiently and scalably forward 126 client E-IP multicast packets inside an I-IP core tree, which roots 127 at one or more ingress AFBR nodes and branches out to one or more 128 egress AFBR leaf nodes. 130 [6] outlines the requirements for the softwires mesh scenario 131 including the multicast. It is straightforward to envisage that 132 client E-IP multicast sources and receivers will reside in different 133 client E-IP networks connected to an I-IP backbone network. This 134 requires that the client E-IP source-rooted or shared tree should 135 traverse the I-IP backbone network. 137 One method to accomplish this is to re-use the multicast VPN approach 138 outlined in [10]. MVPN-like schemes can support the softwire mesh 139 scenario and achieve a "many-to-one" mapping between the E-IP client 140 multicast trees and the transit core multicast trees. The advantage 141 of this approach is that the number of trees in the I-IP backbone 142 network scales less than linearly with the number of E-IP client 143 trees. Corporate enterprise networks and by extension multicast VPNs 144 have been known to run applications that create a large amount of 145 (S,G) states. Aggregation at the edge contains the (S,G) states that 146 need to be maintained by the network operator supporting the customer 147 VPNs. The disadvantage of this approach is the possible inefficient 148 bandwidth and resource utilization when multicast packets are 149 delivered to a receiver AFBR with no attached E-IP receivers. 151 Internet-style multicast is somewhat different in that the trees tend 152 to be relatively sparse and source-rooted. The need for multicast 153 aggregation at the edge (where many customer multicast trees are 154 mapped into a few or one backbone multicast trees) does not exist and 155 to date has not been identified. Thus the need for a basic or closer 156 alignment with E-IP and I-IP multicast procedures emerges. 158 A framework on how to support such methods is described in [8]. In 159 this document, a more detailed discussion supporting the "one-to-one" 160 mapping schemes for the IPv6 over IPv4 and IPv4 over IPv6 scenarios 161 will be discussed. 163 2. Terminology 165 An example of a softwire mesh network supporting multicast is 166 illustrated in Figure 1. A multicast source S is located in one E-IP 167 client network, while candidate E-IP group receivers are located in 168 the same or different E-IP client networks that all share a common 169 I-IP transit network. When E-IP sources and receivers are not local 170 to each other, they can only communicate with each other through the 171 I-IP core. There may be several E-IP sources for some multicast 172 group residing in different client E-IP networks. In the case of 173 shared trees, the E-IP sources, receivers and RPs might be located in 174 different client E-IP networks. In a simple case the resources of 175 the I-IP core are managed by a single operator although the inter- 176 provider case is not precluded. 178 ._._._._. ._._._._. 179 | | | | -------- 180 | E-IP | | E-IP |--|Source S| 181 | network | | network | -------- 182 ._._._._. ._._._._. 183 | | 184 AFBR upstream AFBR 185 | | 186 __+____________________+__ 187 / : : : : \ 188 | : : : : | E-IP Multicast 189 | : I-IP transit core : | packets should 190 | : : : : | get across the 191 | : : : : | I-IP transit core 192 \_._._._._._._._._._._._._./ 193 + + 194 downstream AFBR downstream AFBR 195 | | 196 ._._._._ ._._._._ 197 -------- | | | | -------- 198 |Receiver|-- | E-IP | | E-IP |--|Receiver| 199 -------- |network | |network | -------- 200 ._._._._ ._._._._ 202 Figure 1: Softwire Mesh Multicast Framework 204 Terminology used in this document: 206 o Address Family Border Router (AFBR) - A dual-stack router 207 interconnecting two or more networks using different IP address 208 families. In the context of softwire mesh multicast, the AFBR runs 209 E-IP and I-IP control planes to maintain E-IP and I-IP multicast 210 states respectively and performs the appropriate encapsulation/ 211 decapsulation of client E-IP multicast packets for transport across 212 the I-IP core. An AFBR will act as a source and/or receiver in an 213 I-IP multicast tree. 215 o Upstream AFBR: The AFBR router that is located on the upper reaches 216 of a multicast data flow. 218 o Downstream AFBR: The AFBR router that is located on the lower 219 reaches of a multicast data flow. 221 o I-IP (Internal IP): This refers to the form of IP (i.e., either 222 IPv4 or IPv6) that is supported by the core (or backbone) network. 223 An I-IPv6 core network runs IPv6 and an I-IPv4 core network runs 224 IPv4. 226 o E-IP (External IP): This refers to the form of IP (i.e. either IPv4 227 or IPv6) that is supported by the client network(s) attached to the 228 I-IP transit core. An E-IPv6 client network runs IPv6 and an E-IPv4 229 client network runs IPv4. 231 o I-IP core tree: A distribution tree rooted at one or more AFBR 232 source nodes and branched out to one or more AFBR leaf nodes. An 233 I-IP core tree is built using standard IP or MPLS multicast signaling 234 protocols operating exclusively inside the I-IP core network. An 235 I-IP core tree is used to forward E-IP multicast packets belonging to 236 E-IP trees across the I-IP core. Another name for an I-IP core tree 237 is multicast or multipoint softwire. 239 o E-IP client tree: A distribution tree rooted at one or more hosts 240 or routers located inside a client E-IP network and branched out to 241 one or more leaf nodes located in the same or different client E-IP 242 networks. 244 o uPrefix64: The /96 unicast IPv6 prefix for constructing IPv4- 245 embedded IPv6 source address. 247 3. Scenarios of Interest 249 This section describes the two different scenarios where softwires 250 mesh multicast will apply. 252 3.1. IPv4-over-IPv6 254 ._._._._. ._._._._. 255 | IPv4 | | IPv4 | -------- 256 | Client | | Client |--|Source S| 257 | network | | network | -------- 258 ._._._._. ._._._._. 259 | | 260 AFBR upstream AFBR 261 | | 262 __+____________________+__ 263 / : : : : \ 264 | : : : : | 265 | : IPv6 transit core : | 266 | : : : : | 267 | : : : : | 268 \_._._._._._._._._._._._._./ 269 + + 270 downstream AFBR downstream AFBR 271 | | 272 ._._._._ ._._._._ 273 -------- | IPv4 | | IPv4 | -------- 274 |Receiver|-- | Client | | Client |--|Receiver| 275 -------- | network| | network| -------- 276 ._._._._ ._._._._ 278 Figure 2: IPv4-over-IPv6 Scenario 280 In this scenario, the E-IP client networks run IPv4 and I-IP core 281 runs IPv6. This scenario is illustrated in Figure 2. 283 Because of the much larger IPv6 group address space, it will not be a 284 problem to map individual client E-IPv4 tree to a specific I-IPv6 285 core tree. This simplifies operations on the AFBR because it becomes 286 possible to algorithmically map an IPv4 group/source address to an 287 IPv6 group/source address and vice-versa. 289 The IPv4-over-IPv6 scenario is an emerging requirement as network 290 operators build out native IPv6 backbone networks. These networks 291 naturally support native IPv6 services and applications but it is 292 with near 100% certainty that legacy IPv4 networks handling unicast 293 and multicast should be accommodated. 295 3.2. IPv6-over-IPv4 297 ._._._._. ._._._._. 298 | IPv6 | | IPv6 | -------- 299 | Client | | Client |--|Source S| 300 | network | | network | -------- 301 ._._._._. ._._._._. 302 | | 303 AFBR upstream AFBR 304 | | 305 __+____________________+__ 306 / : : : : \ 307 | : : : : | 308 | : IPv4 transit core : | 309 | : : : : | 310 | : : : : | 311 \_._._._._._._._._._._._._./ 312 + + 313 downstream AFBR downstream AFBR 314 | | 315 ._._._._ ._._._._ 316 -------- | IPv6 | | IPv6 | -------- 317 |Receiver|-- | Client | | Client |--|Receiver| 318 -------- | network| | network| -------- 319 ._._._._ ._._._._ 321 Figure 3: IPv6-over-IPv4 Scenario 323 In this scenario, the E-IP Client Networks run IPv6 while the I-IP 324 core runs IPv4. This scenario is illustrated in Figure 3. 326 IPv6 multicast group addresses are longer than IPv4 multicast group 327 addresses. It will not be possible to perform an algorithmic IPv6 - 328 to - IPv4 address mapping without the risk of multiple IPv6 group 329 addresses mapped to the same IPv4 address resulting in unnecessary 330 bandwidth and resource consumption. Therefore additional efforts 331 will be required to ensure that client E-IPv6 multicast packets can 332 be injected into the correct I-IPv4 multicast trees at the AFBRs. 333 This clear mismatch in IPv6 and IPv4 group address lengths means that 334 it will not be possible to perform a one-to-one mapping between IPv6 335 and IPv4 group addresses unless the IPv6 group address is scoped. 337 As mentioned earlier, this scenario is common in the MVPN 338 environment. As native IPv6 deployments and multicast applications 339 emerge from the outer reaches of the greater public IPv4 Internet, it 340 is envisaged that the IPv6 over IPv4 softwire mesh multicast scenario 341 will be a necessary feature supported by network operators. 343 4. IPv4-over-IPv6 Mechanism 345 4.1. Mechanism Overview 347 Routers in the client E-IPv4 networks contain routes to all other 348 client E-IPv4 networks. Through the set of known and deployed 349 mechanisms, E-IPv4 hosts and routers have discovered or learnt of 350 (S,G) or (*,G) IPv4 addresses. Any I-IPv6 multicast state 351 instantiated in the core is referred to as (S',G') or (*,G') and is 352 certainly separated from E-IPv4 multicast state. 354 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 355 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 356 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 357 message with the latter being directed towards I-IP IPv6 address of 358 the upstream AFBR. When the I-IPv6 PIM message arrives at the 359 upstream AFBR, it should be translated back into an E-IPv4 PIM 360 message. The result of these actions is the construction of E-IPv4 361 trees and a corresponding I-IP tree in the I-IP network. 363 In this case it is incumbent upon the AFBR routers to perform PIM 364 message conversions in the control plane and IP group address 365 conversions or mappings in the data plane. It becomes possible to 366 devise an algorithmic one-to-one IPv4-to-IPv6 address mapping at 367 AFBRs. 369 4.2. Group Address Mapping 371 For IPv4-over-IPv6 scenario, a simple algorithmic mapping between 372 IPv4 multicast group addresses and IPv6 group addresses is supported. 373 [11] has already defined an applicable format. Figure 4 is the 374 reminder of the format: 376 | 8 | 4 | 4 | 16 | 4 | 60 | 32 | 377 +--------+----+----+-----------+----+------------------+----------+ 378 |11111111|0011|scop|00.......00|64IX| sub-group-id |v4 address| 379 +--------+----+----+-----------+----+------------------+----------+ 380 +-+-+-+-+ 381 IPv4-IPv6 Interconnection bits (64IX): |M|resvd| 382 +-+-+-+-+ 383 "resvd" are reserved bits. 385 Figure 4: IPv4-Embedded IPv6 Multicast Address Format: SSM Mode 387 The high order bits of the I-IPv6 address range will be fixed for 388 mapping purposes. With this scheme, each IPv4 multicast address can 389 be mapped into an IPv6 multicast address(with the assigned prefix), 390 and each IPv6 multicast address with the assigned prefix can be 391 mapped into IPv4 multicast address. 393 4.3. Source Address Mapping 395 There are two kinds of multicast --- ASM and SSM. Considering that 396 I-IP network and E-IP network may support different kind of 397 multicast, the source address translation rules could be very complex 398 to support all possible scenarios. But since SSM can be implemented 399 with a strict subset of the PIM-SM protocol mechanisms [5], we can 400 treat I-IP core as SSM-only to make it as simple as possible, then 401 there remains only two scenarios to be discussed in detail: 403 o E-IP network supports SSM 405 One possible way to make sure that the translated I-IPv6 PIM 406 message reaches upstream AFBR is to set S' to a virtual IPv6 407 address that leads to the upstream AFBR. Figure 5 is the 408 recommended address format based on [9]: 410 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 411 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 412 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 413 | prefix |v4(32) | u | suffix |source address | 414 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 415 |<------------------uPrefix64------------------>| 417 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 419 In this address format, the "prefix" field contains a "Well-Known" 420 prefix or an ISP-defined prefix. An existing "Well-Known" prefix 421 is 64:ff9b, which is defined in [9]; "v4" field is the IP address 422 of one of upstream AFBR's E-IPv4 interfaces; "u" field is defined 423 in [4], and MUST be set to zero; "suffix" field is reserved for 424 future extensions and SHOULD be set to zero; "source address" 425 field stores the original S. We call the overall /96 prefix 426 ("prefix" field and "v4" field and "u" field and "suffix" field 427 altogether) "uPrefix64". 429 o E-IP network supports ASM 430 The (S,G) source list entry and the (*,G) source list entry only 431 differ in that the latter have both the WC and RPT bits of the 432 Encoded-Source-Address set, while the former all cleared (See 433 Section 4.9.5.1 of [5]). So we can translate source list entries 434 in (*,G) messages into source list entries in (S'G') messages by 435 applying the format specified in Figure 5 and setting both the WC 436 and RPT bits at upstream AFBRs, and translate them back at 437 upstream AFBRs vice-versa. 439 4.4. Routing Mechanism 441 In the mesh multicast scenario, routing information is required to be 442 distributed among AFBRs to make sure that PIM messages that a 443 downstream AFBR propagates reach the right upstream AFBR. 445 To make it feasible, the /32 prefix in "IPv4-Embedded IPv6 Virtual 446 Source Address Format" must be known to every AFBR, and every AFBR 447 should not only announce the IP address of one of its E-IPv4 448 interfaces presented in the "v4" field to other AFBRs by MPBGP, but 449 also announce the corresponding uPrefix64 to the I-IPv6 network. 450 Since every IP address of upstream AFBR's E-IPv4 interface is 451 different from each other, every uPrefix64 that AFBR announces should 452 be different either, and uniquely identifies each AFBR. "uPrefix64" 453 is an IPv6 prefix, and the distribution of it is the same as the 454 distribution in the traditional mesh unicast scenario. But since 455 "v4" field is an E-IPv4 address, and BGP messages are NOT tunneled 456 through softwires or through any other mechanism as specified in [8], 457 AFBRs MUST be able to transport and encode/decode BGP messages that 458 are carried over I-IPv6, whose NLRI and NH are of E-IPv4 address 459 family. 461 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 462 message, it can translate this message into (S',G') by looking up the 463 IP address of the corresponding AFBR's E-IPv4 interface. Since the 464 uPrefix64 of S' is unique, and is known to every router in the I-IPv6 465 network, the translated message will eventually arrive at the 466 corresponding upstream AFBR, and the upstream AFBR can translate the 467 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 468 (*,G) message, S' can be generated according to the format specified 469 in Figure 4, with "source address" field set to *(the IPv4 address of 470 RP). The translated message will eventually arrive at the 471 corresponding upstream AFBR. Since every PIM router within a PIM 472 domain must be able to map a particular multicast group address to 473 the same RP (see Section 4.7 of [5]), when this upstream AFBR checks 474 the "source address" field of the message, it'll find the IPv4 475 address of RP, so this upstream AFBR judges that this is originally a 476 (*,G) message, then it translates the message back to the (*,G) 477 message and processes it. 479 5. IPv6-over-IPv4 Mechanism 481 5.1. Mechanism Overview 483 Routers in the client E-IPv6 networks contain routes to all other 484 client E-IPv6 networks. Through the set of known and deployed 485 mechanisms, E-IPv6 hosts and routers have discovered or learnt of 486 (S,G) or (*,G) IPv6 addresses. Any I-IP multicast state instantiated 487 in the core is referred to as (S',G') or (*,G') and is certainly 488 separated from E-IP multicast state. 490 This particular scenario introduces unique challenges. Unlike the 491 IPv4-over-IPv6 scenario, it's impossible to map all of the IPv6 492 multicast address space into the IPv4 address space to address the 493 one-to-one Softwire Multicast requirement. To coordinate with the 494 "IPv4-over-IPv6" scenario and keep the solution as simple as 495 possible, one possible solution to this problem is to limit the scope 496 of the E-IPv6 source addresses for mapping, such as applying a "Well- 497 Known" prefix or an ISP-defined prefix. 499 5.2. Group Address Mapping 501 To keep one-to-one group address mapping simple, the group address 502 range of E-IP IPv6 can be reduced in a number of ways to limit the 503 scope of addresses that need to be mapped into the I-IP IPv4 space. 505 A recommended multicast address format is defined in [11]. The high 506 order bits of the E-IPv6 address range will be fixed for mapping 507 purposes. With this scheme, each IPv4 multicast address can be 508 mapped into an IPv6 multicast address(with the assigned prefix), and 509 each IPv6 multicast address with the assigned prefix can be mapped 510 into IPv4 multicast address. 512 5.3. Source Address Mapping 514 There are two kinds of multicast --- ASM and SSM. Considering that 515 I-IP network and E-IP network may support different kind of 516 multicast, the source address translation rules could be very complex 517 to support all possible scenarios. But since SSM can be implemented 518 with a strict subset of the PIM-SM protocol mechanisms [5], we can 519 treat I-IP core as SSM-only to make it as simple as possible, then 520 there remains only two scenarios to be discussed in detail: 522 o E-IP network supports SSM 524 To make sure that the translated I-IPv4 PIM message reaches the 525 upstream AFBR, we need to set S' to an IPv4 address that leads to 526 the upstream AFBR. But due to the non-"one-to-one" mapping of 527 E-IPv6 to I-IPv4 unicast address, the upstream AFBR is unable to 528 remap the I-IPv4 source address to the original E-IPv6 source 529 address without any constraints. 531 We apply a fixed IPv6 prefix and static mapping to solve this 532 problem. A recommended source address format is defined in [9]. 533 Figure 6 is the reminder of the format: 535 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 536 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 537 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 538 | uPrefix64 |source address | 539 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 541 Figure 6: IPv4-Embedded IPv6 Source Address Format 543 In this address format, the "uPrefix64" field starts with a "Well- 544 Known" prefix or an ISP-defined prefix. An existing "Well-Known" 545 prefix is 64:ff9b/32, which is defined in [9]; "source address" 546 field is the corresponding I-IPv4 source address. 548 o E-IP network supports ASM 550 The (S,G) source list entry and the (*,G) source list entry only 551 differ in that the latter have both the WC and RPT bits of the 552 Encoded-Source-Address set, while the former all cleared (See 553 Section 4.9.5.1 of [5]). So we can translate source list entries 554 in (*,G) messages into source list entries in (S'G') messages by 555 applying the format specified in Figure 5 and setting both the WC 556 and RPT bits at upstream AFBRs, and translate them back at 557 upstream AFBRs vice-versa. Here, the E-IPv6 address of RP MUST 558 follow the format specified in Figure 6. RP' is the upstream AFBR 559 that locates between RP and the downstream AFBR. 561 5.4. Routing Mechanism 563 In the mesh multicast scenario, routing information is required to be 564 distributed among AFBRs to make sure that PIM messages that a 565 downstream AFBR propagates reach the right upstream AFBR. 567 To make it feasible, the /96 uPrefix64 must be known to every AFBR, 568 every E-IPv6 address of sources that support mesh multicast MUST 569 follow the format specified in Figure 6, and the corresponding 570 upstream AFBR of this source should announce the I-IPv4 address in 571 "source address" field of this source's IPv6 address to the I-IPv4 572 network. Since uPrefix64 is static and unique in IPv6-over-IPv4 573 scenario, there is no need to distribute it using BGP. The 574 distribution of "source address" field of multicast source addresses 575 is a pure I-IPv4 process and no more specification is needed. 577 In this way, when a downstream AFBR receives a (S,G) message, it can 578 translate the message into (S',G') by simply taking off the prefix in 579 S. Since S' is known to every router in I-IPv4 network, the 580 translated message will eventually arrive at the corresponding 581 upstream AFBR, and the upstream AFBR can translate the message back 582 to (S,G) by appending the prefix to S'. When a downstream AFBR 583 receives a (*,G) message, it can translate it into (S',G') by simply 584 taking off the prefix in *(the E-IPv6 address of RP). Since S' is 585 known to every router in I-IPv4 network, the translated message will 586 eventually arrive at RP'. And since every PIM router within a PIM 587 domain must be able to map a particular multicast group address to 588 the same RP (see Section 4.7 of [5]), RP' knows that S' is the mapped 589 I-IPv4 address of RP, so RP' will translate the message back to (*,G) 590 by appending the prefix to S' and propagate it towards RP. 592 6. Actions performed by AFBR 594 The following actions are performed by AFBRs: 596 6.1. E-IP (*,G) state maintenance 598 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 599 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 600 into Join/Prune(S',G') messages following the rules specified above, 601 then send the latter. 603 6.2. E-IP (S,G) state maintenance 605 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 606 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 607 into Join/Prune(S',G') messages following the rules specified above, 608 then send the latter. 610 6.3. I-IP (S',G') state maintenance 612 It is possible that there runs a non-transit I-IP PIM-SSM in the I-IP 613 transit core. Since the translated source address starts with the 614 unique "Well-Known" prefix or the ISP-defined prefix that should not 615 be used otherwise, mesh multicast won't influence non-transit PIM-SM 616 multicast at all. When one AFBR receives an I-IP (S',G') message, it 617 should check S'. If S' starts with the unique prefix, it means that 618 this message is actually a translated E-IP (S,G) or (*,G) message, 619 then the AFBR should translate this message back to E-IP PIM message 620 and process it. 622 6.4. E-IP (S,G,rpt) state maintenance 624 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 625 I-IP upstream router, the AFBR MUST do as specified in Section 6.5 626 and Section 6.6. 628 6.5. Inter-AFBR signaling 630 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 631 of (S,G), and decide to perform a SPT switchover. According to [5], 632 it should propagate a Prune(S,G,rpt) message along with the 633 periodical Join(*,G) message upstream towards RP. Unfortunately, 634 routers in I-IP transit core are not supposed to understand (S,G,rpt) 635 messages since I-IP transit core is treated as SSM-only. As a 636 result, this downstream AFBR is unable to prune S from this RPT, then 637 it will receive two copies of the same data of (S,G). In order to 638 solve this problem, we introduce a new mechanism for downstream AFBRs 639 to inform upstream AFBRs of pruning any given S from RPT. 641 When a downstream AFBR wishes to propagate a (S,G,rpt) message 642 upstream router, it should encapsulate the (S,G,rpt) message, then 643 unicast the encapsulated message to the corresponding upstream AFBR, 644 which we call "RP'". 646 When RP' receives this encapsulated message, it should decapsulate 647 this message as what it does in the unicast scenario, and get the 648 original (S,G,rpt) message. The incoming interface of this message 649 may be different from the outgoing interface which propagates 650 multicast data to the corresponding downstream AFBR, and there may be 651 other downstream AFBRs that need to receive multicast data of (S,G) 652 from this incoming interface, so RP' should not simply process this 653 message as specified in [5] on the incoming interface. 655 To solve this problem, and keep the solution as simple as possible, 656 we introduce an "interface agent" to process all the encapsulated 657 (S,G,rpt) messages the upstream AFBR receives, and prune S from the 658 RPT of group G when no downstream AFBR wants to receive multicast 659 data of (S,G) along the RPT. In this way, we do insure that 660 downstream AFBRs won't miss any multicast data that they needs, at 661 the cost of duplicated multicast data of (S,G) along the RPT received 662 by SPT-switched-over downstream AFBRs, if there exists at least one 663 downstream AFBR that hasn't yet sent Prune(S,G,rpt) messages to the 664 upstream AFBR. The following diagram shows an example of how an 665 "interface agent" may be implemented: 667 +----------------------------------------+ 668 | | 669 | +-----------+----------+ | 670 | | PIM-SM | UDP | | 671 | +-----------+----------+ | 672 | ^ | | 673 | | | | 674 | | v | 675 | +----------------------+ | 676 | | I/F Agent | | 677 | +----------------------+ | 678 | PIM ^ | multicast | 679 | messages | | data | 680 | | +-------------+---+ | 681 | +--+--|-----------+ | | 682 | | v | v | 683 | +--------- + +----------+ | 684 | | I-IP I/F | | I-IP I/F | | 685 | +----------+ +----------+ | 686 | ^ | ^ | | 687 | | | | | | 688 +--------|-----|----------|-----|--------+ 689 | v | v 691 Figure 7: Interface Agent Implementation Example 693 In this example, the interface agent has two responsibilities: In the 694 control plane, it should work as a real interface that has joined 695 (*,G) in representative of all the I-IP interfaces who should have 696 been outgoing interfaces of (*,G) state machine, and process the 697 (S,G,rpt) messages received from all the I-IP interfaces. The 698 interface agent maintains downstream (S,G,rpt) state machines of 699 every downstream AFBR, and submits Prune(S,G,rpt) messages to the 700 PIM-SM module only when every (S,G,rpt) state machine is at Prune(P) 701 or PruneTmp(P') state, which means that no downstream AFBR wants to 702 receive multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) 703 state machine changes to NoInfo(NI) state, which means that the 704 corresponding downstream AFBR has changed it mind to receive 705 multicast data of (S,G) along the RPT again, the interface agent 706 should send a Join(S,G,rpt) to PIM-SM module immediately; In the data 707 plane, upon receiving a multicast data packet, the interface agent 708 should encapsulate it at first, then propagate the encapsulated 709 packet onto every I-IP interface. 711 NOTICE: There may exist an E-IP neighbor of RP' that has joined the 712 RPT of G, so the per-interface state machine for receiving E-IP Join/ 713 Prune(S,G,rpt) messages should still take effect. 715 6.6. Process and forward multicast data 717 On receiving multicast data from upstream routers, the AFBR looks up 718 its forwarding table to check the IP address of each outgoing 719 interface. If there exists at least one outgoing interface whose IP 720 address family is different from the incoming interface, the AFBR 721 should encapsulate/decapsulate this packet and forward it to such 722 outgoing interface(s), then forward the data to other outgoing 723 interfaces without encapsulation/decapsulation. 725 When a downstream AFBR that has already switched over to SPT of S 726 receives an encapsulated multicast data packet of (S,G) along the 727 RPT, it should silently drop this packet. 729 6.7. SPT switchover 731 After a new AFBR expresses its interest in receiving traffic destined 732 for a multicast group, it will receive all the data from the RPT at 733 first. At this time, every downstream AFBR will receive multicast 734 data from any source from this RPT, in spit of whether they have 735 switched over to SPT of some source(s) or not. 737 To minimize this redundancy, it's recommended that every AFBR's 738 SwitchToSptDesired(S,G) function employs the "switch on first packet" 739 policy. In this way, the delay of switchover to SPT is kept as 740 little as possible, and after the moment that every AFBR has 741 performed the SPT switchover for every S of group G, no data will be 742 forwarded in the RPT of G, thus no more redundancy will be produced. 744 7. Other Considerations 746 7.1. Other PIM Message Types 748 Apart from Join or Prune, there exists other message types including 749 Register, Register-Stop, Hello and Assert. Register and Register- 750 Stop messages are sent by unicast, while Hello and Assert messages 751 are only used between routers on a link to negotiate with each other. 752 They don't need to be translated for forwarding, thus the process of 753 these messages is out of scope for this document. 755 7.2. Selecting a Tunneling Technology 757 The choice of tunneling technology is a matter of policy configured 758 at AFBRs. It's recommended that all AFBRs use the same technology, 759 otherwise some AFBRs may not be able to decapsulate encapsulated 760 packets from other AFBRs that use a different tunneling technology. 762 7.3. TTL 764 The process of TTL depends on the tunneling technology, and is out of 765 scope for this document. 767 7.4. Fragmentation 769 The encapsulation performed by upstream AFBR will increase the size 770 of packets. As a result, the outgoing I-IP link MTU may not 771 accommodate the extra size. As it's not always possible for core 772 operators to increase every link's MTU, fragmentation and 773 reassembling of encapsulated packets MUST be supported by AFBRs. 775 8. Security Considerations 777 The AFBR routers could maintain secure communications through the use 778 of Security Architecture for the Internet Protocol as described in 779 [RFC4301]. But when adopting some schemes that will cause heavy 780 burden on routers, some attacker may use it as a tool for DDoS 781 attack. 783 9. IANA Considerations 785 When AFBRs perform address mapping, they should follow some 786 predefined rules, especially the IPv6 prefix for source address 787 mapping should be predefined, so that ingress AFBR and egress AFBR 788 can finish the mapping procedure correctly. The IPv6 prefix for 789 translation can be unified within only the transit core, or within 790 global area. In the later condition, the prefix should be assigned 791 by IANA. 793 10. References 795 10.1. Normative References 797 [1] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, 798 "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000. 800 [2] Foster, B. and F. Andreasen, "Media Gateway Control Protocol 801 (MGCP) Redirect and Reset Package", RFC 3991, February 2005. 803 [3] Hinden, R. and S. Deering, "IP Version 6 Addressing 804 Architecture", RFC 2373, July 1998. 806 [4] Hinden, R. and S. Deering, "IP Version 6 Addressing 807 Architecture", RFC 4291, February 2006. 809 [5] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 810 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 811 Protocol Specification (Revised)", RFC 4601, August 2006. 813 [6] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire Problem 814 Statement", RFC 4925, July 2007. 816 [7] Wijnands, IJ., Boers, A., and E. Rosen, "The Reverse Path 817 Forwarding (RPF) Vector TLV", RFC 5496, March 2009. 819 [8] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 820 Framework", RFC 5565, June 2009. 822 [9] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. Li, 823 "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 824 October 2010. 826 [10] Rosen, E. and R. Aggarwal, "Multicast in MPLS/BGP IP VPNs", 827 RFC 6513, February 2012. 829 10.2. Informative References 831 [11] Boucadair, M., Qin, J., Lee, Y., Venaas, S., Li, X., and M. Xu, 832 "IPv6 Multicast Address Format With Embedded IPv4 Multicast 833 Address", draft-ietf-mboned-64-multicast-address-format-02 834 (work in progress), May 2012. 836 Appendix A. Acknowledgements 838 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 839 Venaas provided useful input into this document. 841 Authors' Addresses 843 Mingwei Xu 844 Tsinghua University 845 Department of Computer Science, Tsinghua University 846 Beijing 100084 847 P.R. China 849 Phone: +86-10-6278-5822 850 Email: xmw@cernet.edu.cn 852 Yong Cui 853 Tsinghua University 854 Department of Computer Science, Tsinghua University 855 Beijing 100084 856 P.R. China 858 Phone: +86-10-6278-5822 859 Email: cuiyong@tsinghua.edu.cn 861 Jianping Wu 862 Tsinghua University 863 Department of Computer Science, Tsinghua University 864 Beijing 100084 865 P.R. China 867 Phone: +86-10-6278-5983 868 Email: jianping@cernet.edu.cn 870 Shu Yang 871 Tsinghua University 872 Department of Computer Science, Tsinghua University 873 Beijing 100084 874 P.R. China 876 Phone: +86-10-6278-5822 877 Email: yangshu@csnet1.cs.tsinghua.edu.cn 878 Chris Metz 879 Cisco Systems 880 170 West Tasman Drive 881 San Jose, CA 95134 882 USA 884 Phone: +1-408-525-3275 885 Email: chmetz@cisco.com 887 Greg Shepherd 888 Cisco Systems 889 170 West Tasman Drive 890 San Jose, CA 95134 891 USA 893 Phone: +1-541-912-9758 894 Email: shep@cisco.com