idnits 2.17.1 draft-ietf-softwire-mesh-multicast-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 383 has weird spacing: '... |group addre...' -- The document date (May 22, 2016) is 2888 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4301' is defined on line 875, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4925 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire WG M. Xu 3 Internet-Draft Y. Cui 4 Intended status: Standards Track J. Wu 5 Expires: November 23, 2016 S. Yang 6 Tsinghua University 7 C. Metz 8 G. Shepherd 9 Cisco Systems 10 May 22, 2016 12 Softwire Mesh Multicast 13 draft-ietf-softwire-mesh-multicast-13 15 Abstract 17 The Internet needs to support IPv4 and IPv6 packets. Both address 18 families and their related protocol suites support multicast of the 19 single-source and any-source varieties. During IPv6 transition, 20 there will be scenarios where a backbone network running one IP 21 address family internally (referred to as internal IP or I-IP) will 22 provide transit services to attached client networks running another 23 IP address family (referred to as external IP or E-IP). It is 24 expected that the I-IP backbone will offer unicast and multicast 25 transit services to the client E-IP networks. 27 Softwire Mesh is a solution to E-IP unicast and multicast support 28 across an I-IP backbone. This document describes the mechanism for 29 supporting Internet-style multicast across a set of E-IP and I-IP 30 networks supporting softwire mesh. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on November 23, 2016. 49 Copyright Notice 51 Copyright (c) 2016 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 6 70 3.1. IPv4-over-IPv6 . . . . . . . . . . . . . . . . . . . . . 6 71 3.2. IPv6-over-IPv4 . . . . . . . . . . . . . . . . . . . . . 7 72 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . 9 73 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 9 74 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 9 75 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . 10 76 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 11 77 5. IPv6-over-IPv4 Mechanism . . . . . . . . . . . . . . . . . . 12 78 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 12 79 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 12 80 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . 12 81 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 13 82 6. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 14 83 6.1. E-IP (*,G) State Maintenance . . . . . . . . . . . . . . 14 84 6.2. E-IP (S,G) State Maintenance . . . . . . . . . . . . . . 14 85 6.3. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 14 86 6.4. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 15 87 6.5. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 15 88 6.6. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 17 89 6.7. Other PIM Message Types . . . . . . . . . . . . . . . . . 17 90 6.8. Other PIM States Maintenance . . . . . . . . . . . . . . 17 91 7. Data Plane Functions of AFBR . . . . . . . . . . . . . . . . 17 92 7.1. Process and Forward Multicast Data . . . . . . . . . . . 17 93 7.2. Selecting a Tunneling Technology . . . . . . . . . . . . 18 94 7.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 95 7.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 18 96 8. Packet Format and Translation . . . . . . . . . . . . . . . . 18 97 9. Softwire Mesh Multicast Encapsulation . . . . . . . . . . . . 19 98 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 99 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 100 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 101 12.1. Normative References . . . . . . . . . . . . . . . . . . 20 102 12.2. Informative References . . . . . . . . . . . . . . . . . 21 103 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 21 104 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 106 1. Introduction 108 The Internet needs to support IPv4 and IPv6 packets. Both address 109 families and their related protocol suites support multicast of the 110 single-source and any-source varieties. During IPv6 transition, 111 there will be scenarios where a backbone network running one IP 112 address family internally (referred to as internal IP or I-IP) will 113 provide transit services to attached client networks running another 114 IP address family (referred to as external IP or E-IP). 116 The preferred solution is to leverage the multicast functions 117 inherent in the I-IP backbone, to efficiently forward client E-IP 118 multicast packets inside an I-IP core tree, which roots at one or 119 more ingress AFBR nodes and branches out to one or more egress AFBR 120 leaf nodes. 122 [RFC4925] outlines the requirements for the softwires mesh scenario 123 including the multicast. It is straightforward to envisage that 124 client E-IP multicast sources and receivers will reside in different 125 client E-IP networks connected to an I-IP backbone network. This 126 requires that the client E-IP source-rooted or shared tree should 127 traverse the I-IP backbone network. 129 One method to accomplish this is to re-use the multicast VPN approach 130 outlined in [RFC6513]. MVPN-like schemes can support the softwire 131 mesh scenario and achieve a "many-to-one" mapping between the E-IP 132 client multicast trees and the transit core multicast trees. The 133 advantage of this approach is that the number of trees in the I-IP 134 backbone network scales less than linearly with the number of E-IP 135 client trees. Corporate enterprise networks and by extension 136 multicast VPNs have been known to run applications that create too 137 many (S,G) states. Aggregation at the edge contains the (S,G) states 138 that need to be maintained by the network operator supporting the 139 customer VPNs. The disadvantage of this approach is the possible 140 inefficient bandwidth and resource utilization when multicast packets 141 are delivered to a receiver AFBR with no attached E-IP receivers. 143 Internet-style multicast is somewhat different in that the trees are 144 relatively sparse and source-rooted. The need for multicast 145 aggregation at the edge (where many customer multicast trees are 146 mapped into a few or one backbone multicast trees) does not exist and 147 to date has not been identified. Thus the need for a basic or closer 148 alignment with E-IP and I-IP multicast procedures emerges. 150 A framework on how to support such methods is described in [RFC5565]. 151 In this document, a more detailed discussion supporting the "one-to- 152 one" mapping schemes for the IPv6 over IPv4 and IPv4 over IPv6 153 scenarios will be discussed. 155 1.1. Requirements Language 157 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 158 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 159 document are to be interpreted as described in [RFC2119]. 161 2. Terminology 163 An example of a softwire mesh network supporting multicast is 164 illustrated in Figure 1. A multicast source S is located in one E-IP 165 client network, while candidate E-IP group receivers are located in 166 the same or different E-IP client networks that all share a common 167 I-IP transit network. When E-IP sources and receivers are not local 168 to each other, they can only communicate with each other through the 169 I-IP core. There may be several E-IP sources for some multicast 170 group residing in different client E-IP networks. In the case of 171 shared trees, the E-IP sources, receivers and RPs might be located in 172 different client E-IP networks. In a simple case the resources of 173 the I-IP core are managed by a single operator although the inter- 174 provider case is not precluded. 176 ._._._._. ._._._._. 177 | | | | -------- 178 | E-IP | | E-IP |--|Source S| 179 | network | | network | -------- 180 ._._._._. ._._._._. 181 | | 182 AFBR upstream AFBR 183 | | 184 __+____________________+__ 185 / : : : : \ 186 | : : : : | E-IP Multicast 187 | : I-IP transit core : | packets MUST 188 | : : : : | get across the 189 | : : : : | I-IP transit core 190 \_._._._._._._._._._._._._./ 191 + + 192 downstream AFBR downstream AFBR 193 | | 194 ._._._._ ._._._._ 195 -------- | | | | -------- 196 |Receiver|-- | E-IP | | E-IP |--|Receiver| 197 -------- |network | |network | -------- 198 ._._._._ ._._._._ 200 Figure 1: Softwire Mesh Multicast Framework 202 Terminologies used in this document: 204 o Address Family Border Router (AFBR) - A router interconnecting two 205 or more networks using different IP address families. In the context 206 of softwire mesh multicast, the AFBR runs E-IP and I-IP control 207 planes to maintain E-IP and I-IP multicast states respectively and 208 performs the appropriate encapsulation/decapsulation of client E-IP 209 multicast packets for transport across the I-IP core. An AFBR will 210 act as a source and/or receiver in an I-IP multicast tree. 212 o Upstream AFBR: The AFBR router that is located on the upper reaches 213 of a multicast data flow. 215 o Downstream AFBR: The AFBR router that is located on the lower 216 reaches of a multicast data flow. 218 o I-IP (Internal IP): This refers to the form of IP (i.e., either 219 IPv4 or IPv6) that is supported by the core (or backbone) network. 220 An I-IPv6 core network runs IPv6 and an I-IPv4 core network runs 221 IPv4. 223 o E-IP (External IP): This refers to the form of IP (i.e. either IPv4 224 or IPv6) that is supported by the client network(s) attached to the 225 I-IP transit core. An E-IPv6 client network runs IPv6 and an E-IPv4 226 client network runs IPv4. 228 o I-IP core tree: A distribution tree rooted at one or more AFBR 229 source nodes and branched out to one or more AFBR leaf nodes. An 230 I-IP core tree is built using standard IP or MPLS multicast signaling 231 protocols operating exclusively inside the I-IP core network. An 232 I-IP core tree is used to forward E-IP multicast packets belonging to 233 E-IP trees across the I-IP core. Another name for an I-IP core tree 234 is multicast or multipoint softwire. 236 o E-IP client tree: A distribution tree rooted at one or more hosts 237 or routers located inside a client E-IP network and branched out to 238 one or more leaf nodes located in the same or different client E-IP 239 networks. 241 o uPrefix64: The /96 unicast IPv6 prefix for constructing 242 IPv4-embedded IPv6 source address in IPv6-over-IPv4 scenario. 244 o uPrefix46: The /96 unicast IPv6 prefix for constructing 245 IPv4-embedded IPv6 source address in IPv4-over-IPv6 scenario. 247 o mPrefix46: The /96 multicast IPv6 prefix for constructing 248 IPv4-embedded IPv6 multicast address in IPv4-over-IPv6 scenario. 250 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 251 PIM messages to the upstream AFBR. 253 3. Scenarios of Interest 255 This section describes the two different scenarios where softwires 256 mesh multicast will apply. 258 3.1. IPv4-over-IPv6 259 ._._._._. ._._._._. 260 | IPv4 | | IPv4 | -------- 261 | Client | | Client |--|Source S| 262 | network | | network | -------- 263 ._._._._. ._._._._. 264 | | 265 AFBR upstream AFBR 266 | | 267 __+____________________+__ 268 / : : : : \ 269 | : : : : | 270 | : IPv6 transit core : | 271 | : : : : | 272 | : : : : | 273 \_._._._._._._._._._._._._./ 274 + + 275 downstream AFBR downstream AFBR 276 | | 277 ._._._._ ._._._._ 278 -------- | IPv4 | | IPv4 | -------- 279 |Receiver|-- | Client | | Client |--|Receiver| 280 -------- | network| | network| -------- 281 ._._._._ ._._._._ 283 Figure 2: IPv4-over-IPv6 Scenario 285 In this scenario, the E-IP client networks run IPv4 and I-IP core 286 runs IPv6. This scenario is illustrated in Figure 2. 288 Because of the much larger IPv6 group address space, it will not be a 289 problem to map individual client E-IPv4 tree to a specific I-IPv6 290 core tree. This simplifies operations on the AFBR because it becomes 291 possible to algorithmically map an IPv4 group/source address to an 292 IPv6 group/source address and vice-versa. 294 The IPv4-over-IPv6 scenario is an emerging requirement as network 295 operators build out native IPv6 backbone networks. These networks 296 naturally support native IPv6 services and applications but it is 297 with near 100% certainty that legacy IPv4 networks handling unicast 298 and multicast MUST be accommodated. 300 3.2. IPv6-over-IPv4 301 ._._._._. ._._._._. 302 | IPv6 | | IPv6 | -------- 303 | Client | | Client |--|Source S| 304 | network | | network | -------- 305 ._._._._. ._._._._. 306 | | 307 AFBR upstream AFBR 308 | | 309 __+____________________+__ 310 / : : : : \ 311 | : : : : | 312 | : IPv4 transit core : | 313 | : : : : | 314 | : : : : | 315 \_._._._._._._._._._._._._./ 316 + + 317 downstream AFBR downstream AFBR 318 | | 319 ._._._._ ._._._._ 320 -------- | IPv6 | | IPv6 | -------- 321 |Receiver|-- | Client | | Client |--|Receiver| 322 -------- | network| | network| -------- 323 ._._._._ ._._._._ 325 Figure 3: IPv6-over-IPv4 Scenario 327 In this scenario, the E-IP Client Networks run IPv6 while the I-IP 328 core runs IPv4. This scenario is illustrated in Figure 3. 330 IPv6 multicast group addresses are longer than IPv4 multicast group 331 addresses. It will not be possible to perform an algorithmic IPv6 - 332 to - IPv4 address mapping without the risk of multiple IPv6 group 333 addresses mapped to the same IPv4 address resulting in unnecessary 334 bandwidth and resource consumption. Therefore additional efforts 335 will be REQUIRED to ensure that client E-IPv6 multicast packets can 336 be injected into the correct I-IPv4 multicast trees at the AFBRs. 337 This clear mismatch in IPv6 and IPv4 group address lengths means that 338 it will not be possible to perform a one-to-one mapping between IPv6 339 and IPv4 group addresses unless the IPv6 group address is scoped. 341 As mentioned earlier, this scenario is common in the MVPN 342 environment. As native IPv6 deployments and multicast applications 343 emerge from the outer reaches of the greater public IPv4 Internet, it 344 is envisaged that the IPv6 over IPv4 softwire mesh multicast scenario 345 will be a necessary feature supported by network operators. 347 4. IPv4-over-IPv6 Mechanism 349 4.1. Mechanism Overview 351 Routers in the client E-IPv4 networks contain routes to all other 352 client E-IPv4 networks. Through the set of known and deployed 353 mechanisms, E-IPv4 hosts and routers have discovered or learnt of 354 (S,G) or (*,G) IPv4 addresses. Any I-IPv6 multicast state 355 instantiated in the core is referred to as (S',G') or (*,G') and is 356 certainly separated from E-IPv4 multicast state. 358 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 359 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 360 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 361 message with the latter being directed towards I-IP IPv6 address of 362 the upstream AFBR. When the I-IPv6 PIM message arrives at the 363 upstream AFBR, it MUST be translated back into an E-IPv4 PIM message. 364 The result of these actions is the construction of E-IPv4 trees and a 365 corresponding I-IP tree in the I-IP network. 367 In this case, it is incumbent upon the AFBR routers to perform PIM 368 message conversions in the control plane and IP group address 369 conversions or mappings in the data plane. It becomes possible to 370 devise an algorithmic one-to-one IPv4-to-IPv6 address mapping at 371 AFBRs. 373 4.2. Group Address Mapping 375 For IPv4-over-IPv6 scenario, a simple algorithmic mapping between 376 IPv4 multicast group addresses and IPv6 group addresses is supported. 377 [RFC7371] has already defined an applicable format. Figure 4 is the 378 reminder of the format: 380 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 381 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 382 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 383 | mPrefix46 |group address | 384 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 386 Figure 4: IPv4-Embedded IPv6 Multicast Address Format 388 The mPrefix46 for SSM mode is also defined in Section 4.1 of 389 [RFC7371] : 391 o ff3x:0:8000::/96 ('x' is any valid scope) 392 With this scheme, each IPv4 multicast address can be mapped into an 393 IPv6 multicast address (with the assigned prefix), and each IPv6 394 multicast address with the assigned prefix can be mapped into IPv4 395 multicast address. 397 4.3. Source Address Mapping 399 There are two kinds of multicast --- ASM and SSM. Considering that 400 I-IP network and E-IP network may support different kind of 401 multicast, the source address translation rules could be very complex 402 to support all possible scenarios. But since SSM can be implemented 403 with a strict subset of the PIM-SM protocol mechanisms [RFC7761], we 404 can treat I-IP core as SSM-only to make it as simple as possible, 405 then there remains only two scenarios to be discussed in detail: 407 o E-IP network supports SSM 409 One possible way to make sure that the translated I-IPv6 PIM 410 message reaches upstream AFBR is to set S' to a virtual IPv6 411 address that leads to the upstream AFBR. Figure 5 is the 412 recommended address format based on [RFC6052]: 414 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 415 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 416 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 417 | prefix |v4(32) | u | suffix |source address | 418 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 419 |<------------------uPrefix46------------------>| 421 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 423 In this address format, the "prefix" field contains a "Well-Known" 424 prefix or an ISP-defined prefix. An existing "Well-Known" prefix 425 is 64:ff9b, which is defined in [RFC6052]; "v4" field is the IP 426 address of one of upstream AFBR's E-IPv4 interfaces; "u" field is 427 defined in [RFC4291], and MUST be set to zero; "suffix" field is 428 reserved for future extensions and SHOULD be set to zero; "source 429 address" field stores the original S. We call the overall /96 430 prefix ("prefix" field and "v4" field and "u" field and "suffix" 431 field altogether) "uPrefix46". 433 o E-IP network supports ASM 434 The (S,G) source list entry and the (*,G) source list entry only 435 differ in that the latter has both the WC and RPT bits of the 436 Encoded-Source-Address set, while the former is all cleared (See 437 Section 4.9.5.1 of [RFC7761]). So we can translate source list 438 entries in (*,G) messages into source list entries in (S'G') 439 messages by applying the format specified in Figure 5 and clearing 440 both the WC and RPT bits at downstream AFBRs, and translate them 441 back at upstream AFBRs vice-versa. 443 4.4. Routing Mechanism 445 In the mesh multicast scenario, routing information is REQUIRED to be 446 distributed among AFBRs to make sure that PIM messages that a 447 downstream AFBR propagates reach the right upstream AFBR. 449 To make it feasible, the /32 prefix in "IPv4-Embedded IPv6 Virtual 450 Source Address Format" MUST be known to every AFBR, and every AFBR 451 should not only announce the IP address of one of its E-IPv4 452 interfaces presented in the "v4" field to other AFBRs by MPBGP, but 453 also announce the corresponding uPrefix46 to the I-IPv6 network. 454 Since every IP address of upstream AFBR's E-IPv4 interface is 455 different from each other, every uPrefix46 that AFBR announces MUST 456 be different, and uniquely identifies each AFBR. "uPrefix46" is an 457 IPv6 prefix, and the distribution of it is the same as the 458 distribution in the traditional mesh unicast scenario. But since 459 "v4" field is an E-IPv4 address, and BGP messages are NOT tunneled 460 through softwires or through any other mechanism as specified in 461 [RFC5565], AFBRs MUST be able to transport and encode/decode BGP 462 messages that are carried over I-IPv6, whose NLRI and NH are of 463 E-IPv4 address family. 465 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 466 message, it can translate this message into (S',G') by looking up the 467 IP address of the corresponding AFBR's E-IPv4 interface. Since the 468 uPrefix46 of S' is unique, and is known to every router in the I-IPv6 469 network, the translated message will eventually arrive at the 470 corresponding upstream AFBR, and the upstream AFBR can translate the 471 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 472 (*,G) message, S' can be generated according to the format specified 473 in Figure 4, with "source address" field set to *(the IPv4 address of 474 RP). The translated message will eventually arrive at the 475 corresponding upstream AFBR. Since every PIM router within a PIM 476 domain MUST be able to map a particular multicast group address to 477 the same RP (see Section 4.7 of [RFC7761]), when this upstream AFBR 478 checks the "source address" field of the message, it will find the 479 IPv4 address of RP, so this upstream AFBR judges that this is 480 originally a (*,G) message, then it translates the message back to 481 the (*,G) message and processes it. 483 5. IPv6-over-IPv4 Mechanism 485 5.1. Mechanism Overview 487 Routers in the client E-IPv6 networks contain routes to all other 488 client E-IPv6 networks. Through the set of known and deployed 489 mechanisms, E-IPv6 hosts and routers have discovered or learnt of 490 (S,G) or (*,G) IPv6 addresses. Any I-IP multicast state instantiated 491 in the core is referred to as (S',G') or (*,G') and is certainly 492 separated from E-IP multicast state. 494 This particular scenario introduces unique challenges. Unlike the 495 IPv4-over-IPv6 scenario, it is impossible to map all of the IPv6 496 multicast address space into the IPv4 address space to address the 497 one-to-one Softwire Multicast requirement. To coordinate with the 498 "IPv4-over-IPv6" scenario and keep the solution as simple as 499 possible, one possible solution to this problem is to limit the scope 500 of the E-IPv6 source addresses for mapping, such as applying a "Well- 501 Known" prefix or an ISP-defined prefix. 503 5.2. Group Address Mapping 505 To keep one-to-one group address mapping simple, the group address 506 range of E-IP IPv6 can be reduced in a number of ways to limit the 507 scope of addresses that need to be mapped into the I-IP IPv4 space. 509 A recommended multicast address format is defined in [RFC7371]. The 510 high order bits of the E-IPv6 address range will be fixed for mapping 511 purposes. With this scheme, each IPv4 multicast address can be 512 mapped into an IPv6 multicast address (with the assigned prefix), and 513 each IPv6 multicast address with the assigned prefix can be mapped 514 into IPv4 multicast address. 516 5.3. Source Address Mapping 518 There are two kinds of multicast --- ASM and SSM. Considering that 519 I-IP network and E-IP network may support different kind of 520 multicast, the source address translation rules could be very complex 521 to support all possible scenarios. But since SSM can be implemented 522 with a strict subset of the PIM-SM protocol mechanisms [RFC7761], we 523 can treat I-IP core as SSM-only to make it as simple as possible, 524 then there remains only two scenarios to be discussed in detail: 526 o E-IP network supports SSM 527 To make sure that the translated I-IPv4 PIM message reaches the 528 upstream AFBR, we need to set S' to an IPv4 address that leads to 529 the upstream AFBR. But due to the non-"one-to-one" mapping of 530 E-IPv6 to I-IPv4 unicast address, the upstream AFBR is unable to 531 remap the I-IPv4 source address to the original E-IPv6 source 532 address without any constraints. 534 We apply a fixed IPv6 prefix and static mapping to solve this 535 problem. A recommended source address format is defined in 536 [RFC6052]. Figure 6 is the reminder of the format: 538 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 539 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 540 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 541 | uPrefix64 |source address | 542 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 544 Figure 6: IPv4-Embedded IPv6 Source Address Format 546 In this address format, the "uPrefix64" field starts with a "Well- 547 Known" prefix or an ISP-defined prefix. An existing "Well-Known" 548 prefix is 64:ff9b/32, which is defined in [RFC6052]; "source 549 address" field is the corresponding I-IPv4 source address. 551 o E-IP network supports ASM 553 The (S,G) source list entry and the (*,G) source list entry only 554 differ in that the latter has both the WC and RPT bits of the 555 Encoded-Source-Address set, while the former is all cleared (See 556 Section 4.9.5.1 of [RFC7761]). So we can translate source list 557 entries in (*,G) messages into source list entries in (S',G') 558 messages by applying the format specified in Figure 5 and setting 559 both the WC and RPT bits at downstream AFBRs, and translate them 560 back at upstream AFBRs vice-versa. Here, the E-IPv6 address of RP 561 MUST follow the format specified in Figure 6. RP' is the upstream 562 AFBR that locates between RP and the downstream AFBR. 564 5.4. Routing Mechanism 566 In the mesh multicast scenario, routing information is REQUIRED to be 567 distributed among AFBRs to make sure that PIM messages that a 568 downstream AFBR propagates reach the right upstream AFBR. 570 To make it feasible, the /96 uPrefix64 MUST be known to every AFBR, 571 every E-IPv6 address of sources that support mesh multicast MUST 572 follow the format specified in Figure 6, and the corresponding 573 upstream AFBR of this source MUST announce the I-IPv4 address in 574 "source address" field of this source's IPv6 address to the I-IPv4 575 network. Since uPrefix64 is static and unique in IPv6-over-IPv4 576 scenario, there is no need to distribute it using BGP. The 577 distribution of "source address" field of multicast source addresses 578 is a pure I-IPv4 process and no more specification is needed. 580 In this way, when a downstream AFBR receives a (S,G) message, it can 581 translate the message into (S',G') by simply taking off the prefix in 582 S. Since S' is known to every router in I-IPv4 network, the 583 translated message will eventually arrive at the corresponding 584 upstream AFBR, and the upstream AFBR can translate the message back 585 to (S,G) by appending the prefix to S'. When a downstream AFBR 586 receives a (*,G) message, it can translate it into (S',G') by simply 587 taking off the prefix in *(the E-IPv6 address of RP). Since S' is 588 known to every router in I-IPv4 network, the translated message will 589 eventually arrive at RP'. And since every PIM router within a PIM 590 domain MUST be able to map a particular multicast group address to 591 the same RP (see Section 4.7 of [RFC7761]), RP' knows that S' is the 592 mapped I-IPv4 address of RP, so RP' will translate the message back 593 to (*,G) by appending the prefix to S' and propagate it towards RP. 595 6. Control Plane Functions of AFBR 597 The AFBRs are responsible for the following functions: 599 6.1. E-IP (*,G) State Maintenance 601 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 602 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 603 into Join/Prune(S',G') messages following the rules specified above, 604 then send the latter. 606 6.2. E-IP (S,G) State Maintenance 608 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 609 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 610 into Join/Prune(S',G') messages following the rules specified above, 611 then send the latter. 613 6.3. I-IP (S',G') State Maintenance 615 It is possible that I-IP transit core runs other non-transit I-IP 616 PIM-SSM instance. Since the translated source address starts with 617 the unique "Well-Known" prefix or the ISP-defined prefix that SHOULD 618 NOT be used otherwise, mesh multicast will not influence non-transit 619 PIM-SSM multicast at all. When one AFBR receives an I-IP (S',G') 620 message, it MUST check S'. If S' starts with the unique prefix, it 621 means that this message is actually a translated E-IP (S,G) or (*,G) 622 message, then the AFBR MUST translate this message back to E-IP PIM 623 message and process it. 625 6.4. E-IP (S,G,rpt) State Maintenance 627 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 628 I-IP upstream router, the AFBR MUST do as specified in Section 6.5 629 and Section 6.6. 631 6.5. Inter-AFBR Signaling 633 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 634 of (S,G), and decide to perform a SPT switchover. According to 635 [RFC7761], it SHOULD propagate a Prune(S,G,rpt) message along with 636 the periodical Join(*,G) message upstream towards RP. Unfortunately, 637 routers in I-IP transit core are not supposed to understand (S,G,rpt) 638 messages since I-IP transit core is treated as SSM-only. As a 639 result, this downstream AFBR is unable to prune S from this RPT, then 640 it will receive two copies of the same data of (S,G). In order to 641 solve this problem, we introduce a new mechanism for downstream AFBRs 642 to inform upstream AFBRs of pruning any given S from RPT. 644 When a downstream AFBR wishes to propagate a (S,G,rpt) message 645 upstream, it SHOULD encapsulate the (S,G,rpt) message, then send the 646 encapsulated unicast message to the corresponding upstream AFBR, 647 which we call "RP'". 649 When RP' receives this encapsulated message, it SHOULD decapsulate 650 this message as what it does in the unicast scenario, and get the 651 original (S,G,rpt) message. The incoming interface of this message 652 may be different from the outgoing interface which propagates 653 multicast data to the corresponding downstream AFBR, and there may be 654 other downstream AFBRs that need to receive multicast data of (S,G) 655 from this incoming interface, so RP' SHOULD NOT simply process this 656 message as specified in [RFC7761] on the incoming interface. 658 To solve this problem and keep the solution as simple as possible, we 659 introduce an "interface agent" to process all the encapsulated 660 (S,G,rpt) messages the upstream AFBR receives, and prune S from the 661 RPT of group G when no downstream AFBR wants to receive multicast 662 data of (S,G) along the RPT. In this way, we do insure that 663 downstream AFBRs will not miss any multicast data that they need, at 664 the cost of duplicated multicast data of (S,G) along the RPT received 665 by SPT-switched-over downstream AFBRs, if there exists at least one 666 downstream AFBR that has not yet sent Prune(S,G,rpt) messages to the 667 upstream AFBR. The following diagram shows an example of how an 668 "interface agent" MAY be implemented: 670 +----------------------------------------+ 671 | | 672 | +-----------+----------+ | 673 | | PIM-SM | UDP | | 674 | +-----------+----------+ | 675 | ^ | | 676 | | | | 677 | | v | 678 | +----------------------+ | 679 | | I/F Agent | | 680 | +----------------------+ | 681 | PIM ^ | multicast | 682 | messages | | data | 683 | | +-------------+---+ | 684 | +--+--|-----------+ | | 685 | | v | v | 686 | +--------- + +----------+ | 687 | | I-IP I/F | | I-IP I/F | | 688 | +----------+ +----------+ | 689 | ^ | ^ | | 690 | | | | | | 691 +--------|-----|----------|-----|--------+ 692 | v | v 694 Figure 7: Interface Agent Implementation Example 696 Figure 7 shows an example of interface agent implementation where we 697 choose UDP encapsulation. The interface agent has two 698 responsibilities: In the control plane, it SHOULD work as a real 699 interface that has joined (*,G) in representative of all the I-IP 700 interfaces which are outgoing interfaces of (*,G) state machine, and 701 process the (S,G,rpt) messages received from all the I-IP interfaces. 702 The interface agent maintains downstream (S,G,rpt) state machines of 703 every downstream AFBR, and submits Prune(S,G,rpt) messages to the 704 PIM-SM module only when every (S,G,rpt) state machine is at Prune(P) 705 or PruneTmp(P') state, which means that no downstream AFBR wants to 706 receive multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) 707 state machine changes to NoInfo(NI) state, which means that the 708 corresponding downstream AFBR has changed its mind to receive 709 multicast data of (S,G) along the RPT again, the interface agent 710 SHOULD send a Join(S,G,rpt) to PIM-SM module immediately; In the data 711 plane, upon receiving a multicast data packet, the interface agent 712 SHOULD encapsulate it at first, then propagate the encapsulated 713 packet onto every I-IP interface. 715 NOTICE: There may exist an E-IP neighbor of RP' that has joined the 716 RPT of G, so the per-interface state machine for receiving E-IP Join/ 717 Prune(S,G,rpt) messages SHOULD still take effect. 719 6.6. SPT Switchover 721 After a new AFBR expresses its interest in receiving traffic destined 722 for a multicast group, it will receive all the data from the RPT at 723 first. At this time, every downstream AFBR will receive multicast 724 data from any source from this RPT, in spite of whether they have 725 switched over to SPT of some source(s) or not. 727 To minimize this redundancy, it is recommended that every AFBR's 728 SwitchToSptDesired(S,G) function employs the "switch on first packet" 729 policy. In this way, the delay of switchover to SPT is kept as 730 little as possible, and after the moment that every AFBR has 731 performed the SPT switchover for every S of group G, no data will be 732 forwarded in the RPT of G, thus no more redundancy will be produced. 734 6.7. Other PIM Message Types 736 Apart from Join or Prune, there exists other message types including 737 Register, Register-Stop, Hello and Assert. Register and Register- 738 Stop messages are sent by unicast, while Hello and Assert messages 739 are only used between directly linked routers to negotiate with each 740 other. It is not necessary to translate them for forwarding, thus 741 the process of these messages is out of scope for this document. 743 6.8. Other PIM States Maintenance 745 Apart from states mentioned above, there exists other states 746 including (*,*,RP) and I-IP (*,G') state. Since we treat I-IP core 747 as SSM-only, the maintenance of these states is out of scope for this 748 document. 750 7. Data Plane Functions of AFBR 752 7.1. Process and Forward Multicast Data 754 On receiving multicast data from upstream routers, the AFBR looks up 755 its forwarding table to check the IP address of each outgoing 756 interface. If there exists at least one outgoing interface whose IP 757 address family is different from the incoming interface, the AFBR 758 MUST encapsulate/decapsulate this packet and forward it to such 759 outgoing interface(s), then forward the data to other outgoing 760 interfaces without encapsulation/decapsulation. 762 When a downstream AFBR that has already switched over to SPT of S 763 receives an encapsulated multicast data packet of (S,G) along the 764 RPT, it SHOULD silently drop this packet. 766 7.2. Selecting a Tunneling Technology 768 Choosing tunneling technology depends on the policies configured at 769 AFBRs. It is recommended that all AFBRs use the same technology, 770 otherwise some AFBRs may not be able to decapsulate encapsulated 771 packets from other AFBRs that use a different tunneling technology. 773 7.3. TTL 775 Processing of TTL depends on the tunneling technology, and it is out 776 of scope of this document. 778 7.4. Fragmentation 780 The encapsulation performed by upstream AFBR will increase the size 781 of packets. As a result, the outgoing I-IP link MTU may not 782 accommodate the extra size. As it is not always possible for core 783 operators to increase the MTU of every link. Fragmentation and 784 reassembling of encapsulated packets MUST be supported by AFBRs. 786 8. Packet Format and Translation 788 Because PIM-SM Specification is independent of the underlying unicast 789 routing protocol, the packet format in Section 4.9 of [RFC7761] 790 remains the same, except that the group address and source address 791 MUST be translated when traversing AFBR. 793 For example, Figure 8 shows the register-stop message format in IPv4 794 and IPv6 address family. 796 0 1 2 3 797 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 798 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 799 |PIM Ver| Type | Reserved | Checksum | 800 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 801 | IPv4 Group Address (Encoded-Group format) | 802 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 803 | IPv4 Source Address (Encoded-Unicast format) | 804 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 805 (1). IPv4 Register-Stop Message Format 807 0 1 2 3 808 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 809 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 810 |PIM Ver| Type | Reserved | Checksum | 811 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 812 | IPv6 Group Address (Encoded-Group format) | 813 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 814 | IPv6 Source Address (Encoded-Unicast format) | 815 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 816 (2). IPv6 Register-Stop Message Format 818 Figure 8: Register-Stop Message Format 820 In Figure 8, the semantics of fields "PIM Ver", "Type", "Reserved", 821 "Checksum" remain the same. 823 IPv4 Group Address (Encoded-Group format): The encoded-group format 824 of the IPv4 group address mentioned in Section 4.2 and 5.2. 826 IPv4 Source Address (Encoded-Group format): The encoded-unicast 827 format of the IPv4 source address mentioned in Section 4.3 and 5.3. 829 IPv6 Group Address (Encoded-Group format): The encoded-group format 830 of the IPv6 group address mentioned in Section 4.2 and 5.2. 832 IPv6 Source Address (Encoded-Group format): The encoded-unicast 833 format of the IPv6 source address mentioned in Section 4.3 and 5.3. 835 9. Softwire Mesh Multicast Encapsulation 837 Softwire mesh multicast encapsulation does not require the use of any 838 one particular encapsulation mechanism. Rather, it MUST accommodate 839 a variety of different encapsulation mechanisms, and MUST allow the 840 use of encapsulation mechanisms mentioned in [RFC4925]. 842 10. Security Considerations 844 Some schemes will place heavy burden on routers, which can be used by 845 attackers as a tool when they carry out DDoS attack. Compared with 846 [RFC4925], the security concerns SHOULD be considered more carefully. 847 The attackers can set up many multicast trees in the edge networks, 848 causing too many multicast states in the core network. 850 Besides, this document does not introduce any new security concern in 851 addition to what is discussed in [RFC4925] and [RFC7761]. 853 11. IANA Considerations 855 When AFBRs perform address mapping, they follow some predefined 856 rules, especially the IPv6 prefix for source address mapping should 857 be predefined, such that ingress AFBRs and egress AFBRs can complete 858 the mapping procedure correctly. The IPv6 prefix for translation can 859 be unified within only the transit core, or within global area. In 860 the later condition, the prefix MUST be assigned by IANA. 862 12. References 864 12.1. Normative References 866 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 867 Requirement Levels", BCP 14, RFC 2119, 868 DOI 10.17487/RFC2119, March 1997, 869 . 871 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 872 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 873 2006, . 875 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 876 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 877 December 2005, . 879 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 880 Durand, Ed., "Softwire Problem Statement", RFC 4925, 881 DOI 10.17487/RFC4925, July 2007, 882 . 884 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 885 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 886 . 888 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 889 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 890 DOI 10.17487/RFC6052, October 2010, 891 . 893 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 894 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 895 2012, . 897 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 898 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 899 Multicast - Sparse Mode (PIM-SM): Protocol Specification 900 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 901 2016, . 903 12.2. Informative References 905 [RFC7371] Boucadair, M. and S. Venaas, "Updates to the IPv6 906 Multicast Addressing Architecture", RFC 7371, 907 DOI 10.17487/RFC7371, September 2014, 908 . 910 Appendix A. Acknowledgements 912 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 913 Venaas provided useful input into this document. 915 Authors' Addresses 917 Mingwei Xu 918 Tsinghua University 919 Department of Computer Science, Tsinghua University 920 Beijing 100084 921 P.R. China 923 Phone: +86-10-6278-5822 924 Email: xmw@cernet.edu.cn 926 Yong Cui 927 Tsinghua University 928 Department of Computer Science, Tsinghua University 929 Beijing 100084 930 P.R. China 932 Phone: +86-10-6278-5822 933 Email: cuiyong@tsinghua.edu.cn 934 Jianping Wu 935 Tsinghua University 936 Department of Computer Science, Tsinghua University 937 Beijing 100084 938 P.R. China 940 Phone: +86-10-6278-5983 941 Email: jianping@cernet.edu.cn 943 Shu Yang 944 Tsinghua University 945 Graduate School at Shenzhen 946 Shenzhen 518055 947 P.R. China 949 Phone: +86-10-6278-5822 950 Email: yangshu@csnet1.cs.tsinghua.edu.cn 952 Chris Metz 953 Cisco Systems 954 170 West Tasman Drive 955 San Jose, CA 95134 956 USA 958 Phone: +1-408-525-3275 959 Email: chmetz@cisco.com 961 Greg Shepherd 962 Cisco Systems 963 170 West Tasman Drive 964 San Jose, CA 95134 965 USA 967 Phone: +1-541-912-9758 968 Email: shep@cisco.com