idnits 2.17.1 draft-ietf-softwire-mesh-multicast-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 321 has weird spacing: '... |group addre...' == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHALL not' in this paragraph: Choosing tunneling technology depends on the policies configured on AFBRs. It is REQUIRED that all AFBRs use the same technology, otherwise some AFBRs SHALL not be able to decapsulate encapsulated packets from other AFBRs that use a different tunneling technology. -- The document date (January 10, 2017) is 2664 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC4301' is defined on line 708, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4925 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire WG M. Xu 3 Internet-Draft Y. Cui 4 Intended status: Standards Track J. Wu 5 Expires: July 14, 2017 S. Yang 6 Tsinghua University 7 C. Metz 8 G. Shepherd 9 Cisco Systems 10 January 10, 2017 12 Softwire Mesh Multicast 13 draft-ietf-softwire-mesh-multicast-15 15 Abstract 17 The Internet needs to support IPv4 and IPv6 packets. Both address 18 families and their related protocol suites support multicast of the 19 single-source and any-source varieties. During IPv6 transition, 20 there will be scenarios where a backbone network running one IP 21 address family internally (referred to as internal IP or I-IP) will 22 provide transit services to attached client networks running another 23 IP address family (referred to as external IP or E-IP). It is 24 expected that the I-IP backbone will offer unicast and multicast 25 transit services to the client E-IP networks. 27 Softwire Mesh is a solution providing E-IP unicast and multicast 28 support across an I-IP backbone. This document describes the 29 mechanism for supporting Internet-style multicast across a set of 30 E-IP and I-IP networks supporting softwire mesh. We focus on IPv4- 31 over-IPv6 scenario in this document, due to lack of real-world use 32 cases for IPv6-over-IPv4 scenario. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on July 14, 2017. 50 Copyright Notice 52 Copyright (c) 2017 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 68 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 69 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. Scenarios of Interest . . . . . . . . . . . . . . . . . . . . 6 71 4. IPv4-over-IPv6 Mechanism . . . . . . . . . . . . . . . . . . 7 72 4.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 8 73 4.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 8 74 4.3. Source Address Mapping . . . . . . . . . . . . . . . . . 9 75 4.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 10 76 5. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 11 77 5.1. E-IP (*,G) State Maintenance . . . . . . . . . . . . . . 11 78 5.2. E-IP (S,G) State Maintenance . . . . . . . . . . . . . . 11 79 5.3. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 11 80 5.4. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 11 81 5.5. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 11 82 5.6. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 14 83 5.7. Other PIM Message Types . . . . . . . . . . . . . . . . . 14 84 5.8. Other PIM States Maintenance . . . . . . . . . . . . . . 14 85 6. Data Plane Functions of the AFBR . . . . . . . . . . . . . . 14 86 6.1. Process and Forward Multicast Data . . . . . . . . . . . 14 87 6.2. Selecting a Tunneling Technology . . . . . . . . . . . . 15 88 6.3. TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 89 6.4. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 15 90 7. Packet Format and Translation . . . . . . . . . . . . . . . . 15 91 8. Softwire Mesh Multicast Encapsulation . . . . . . . . . . . . 16 92 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17 93 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 94 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 95 11.1. Normative References . . . . . . . . . . . . . . . . . . 17 96 11.2. Informative References . . . . . . . . . . . . . . . . . 18 97 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 18 98 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 100 1. Introduction 102 The Internet needs to support IPv4 and IPv6 packets. Both address 103 families and their related protocol suites support multicast of the 104 single-source and any-source varieties. During IPv6 transition, 105 there will be scenarios where a backbone network running one IP 106 address family internally (referred to as internal IP or I-IP) will 107 provide transit services to attached client networks running another 108 IP address family (referred to as external IP or E-IP). 110 One solution is to leverage the multicast functions inherent in the 111 I-IP backbone, to efficiently forward client E-IP multicast packets 112 inside an I-IP core tree, which is rooted at one or more ingress AFBR 113 nodes and branches out to one or more egress AFBR leaf nodes. 115 [RFC4925] outlines the requirements for the softwires mesh scenario 116 and includes support for multicast traffic. It is likely that client 117 E-IP multicast sources and receivers will reside in different client 118 E-IP networks connected to an I-IP backbone network. This requires 119 the client E-IP source-rooted or shared tree to traverse the I-IP 120 backbone network. 122 One method of accomplishing this is to re-use the multicast VPN 123 approach outlined in [RFC6513]. MVPN-like schemes can support the 124 softwire mesh scenario and achieve a "many-to-one" mapping between 125 the E-IP client multicast trees and the transit core multicast trees. 126 The advantage of this approach is that the number of trees in the 127 I-IP backbone network scales less than linearly with the number of 128 E-IP client trees. Corporate enterprise networks and by extension 129 multicast VPNs have been known to run applications that create too 130 many (S,G) states. Aggregation at the edge contains the (S,G) states 131 for customer's VPNs and these need to be maintained by the network 132 operator. The disadvantage of this approach is the possibility of 133 inefficient bandwidth and resource utilization when multicast packets 134 are delivered to a receiving AFBR with no attached E-IP receivers. 136 Internet-style multicast is somewhat different in that the trees are 137 source-rooted and relatively sparse. The need for multicast 138 aggregation at the edge (where many customer multicast trees are 139 mapped into one or more backbone multicast trees) does not exist and 140 to date has not been identified. Thus the need for a basic or closer 141 alignment with E-IP and I-IP multicast procedures emerges. 143 [RFC5565] describes the "Softwire Mesh Framework". This document 144 provides a more detailed description of how one-to-one mapping 145 schemes ([RFC5565], Section 11.1) for IPv4 over IPv6 can be achieved. 146 We focus on IPv4-over-IPv6 scenario in this document, due to lack of 147 real-world use cases for IPv6-over-IPv4 scenario. 149 1.1. Requirements Language 151 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 152 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 153 document are to be interpreted as described in [RFC2119]. 155 2. Terminology 157 Figure 1 shows an example of how a softwire mesh network can support 158 multicast traffic. A multicast source S is located in one E-IP 159 client network, while candidate E-IP group receivers are located in 160 the same or different E-IP client networks that all share a common 161 I-IP transit network. When E-IP sources and receivers are not local 162 to each other, they can only communicate with each other through the 163 I-IP core. There may be several E-IP sources for a single multicast 164 group residing in different client E-IP networks. In the case of 165 shared trees, the E-IP sources, receivers and RPs might be located in 166 different client E-IP networks. In the simplest case, a single 167 operator manages the resources of the I-IP core, although the inter- 168 operator case is also possible and so not precluded. 170 ._._._._. ._._._._. 171 | | | | -------- 172 | E-IP | | E-IP |--|Source S| 173 | network | | network | -------- 174 ._._._._. ._._._._. 175 | | 176 AFBR upstream AFBR 177 | | 178 __+____________________+__ 179 / : : : : \ 180 | : : : : | E-IP Multicast 181 | : I-IP transit core : | packets are forwarded 182 | : : : : | across the I-IP 183 | : : : : | transit core 184 \_._._._._._._._._._._._._./ 185 + + 186 downstream AFBR downstream AFBR 187 | | 188 ._._._._ ._._._._ 189 -------- | | | | -------- 190 |Receiver|-- | E-IP | | E-IP |--|Receiver| 191 -------- |network | |network | -------- 192 ._._._._ ._._._._ 194 Figure 1: Softwire Mesh Multicast Framework 196 Terminology used in this document: 198 o Address Family Border Router (AFBR) - A router interconnecting two 199 or more networks using different IP address families. In the context 200 of softwire mesh multicast, the AFBR runs E-IP and I-IP control 201 planes to maintain E-IP and I-IP multicast states respectively and 202 performs the appropriate encapsulation/decapsulation of client E-IP 203 multicast packets for transport across the I-IP core. An AFBR will 204 act as a source and/or receiver in an I-IP multicast tree. 206 o Upstream AFBR: The AFBR router that is located on the upper reaches 207 of a multicast data flow. 209 o Downstream AFBR: The AFBR router that is located on the lower 210 reaches of a multicast data flow. 212 o I-IP (Internal IP): This refers to IP address family (i.e., either 213 IPv4 or IPv6) that is supported by the core (or backbone) network. 215 o E-IP (External IP): This refers to the IP address family (i.e. 216 either IPv4 or IPv6) that is supported by the client network(s) 217 attached to the I-IP transit core. 219 o I-IP core tree: A distribution tree rooted at one or more AFBR 220 source nodes and branched out to one or more AFBR leaf nodes. An 221 I-IP core tree is built using standard IP or MPLS multicast signaling 222 protocols operating exclusively inside the I-IP core network. An 223 I-IP core tree is used to forward E-IP multicast packets belonging to 224 E-IP trees across the I-IP core. Another name for an I-IP core tree 225 is multicast or multipoint softwire. 227 o E-IP client tree: A distribution tree rooted at one or more hosts 228 or routers located inside a client E-IP network and branched out to 229 one or more leaf nodes located in the same or different client E-IP 230 networks. 232 o uPrefix46: The /96 unicast IPv6 prefix for constructing an 233 IPv4-embedded IPv6 source address in IPv4-over-IPv6 scenario. 235 o mPrefix46: The /96 multicast IPv6 prefix for constructing an 236 IPv4-embedded IPv6 multicast address in IPv4-over-IPv6 scenario. 238 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 239 PIM messages to the upstream AFBR. 241 3. Scenarios of Interest 243 This document focus on IPv4-over-IPv6 scenario, however, the 244 following mechanism offers a reference for IPv6-over-IPv4 scenario if 245 needed. 247 ._._._._. ._._._._. 248 | IPv4 | | IPv4 | -------- 249 | Client | | Client |--|Source S| 250 | network | | network | -------- 251 ._._._._. ._._._._. 252 | | 253 AFBR upstream AFBR 254 | | 255 __+____________________+__ 256 / : : : : \ 257 | : : : : | 258 | : IPv6 transit core : | 259 | : : : : | 260 | : : : : | 261 \_._._._._._._._._._._._._./ 262 + + 263 downstream AFBR downstream AFBR 264 | | 265 ._._._._ ._._._._ 266 -------- | IPv4 | | IPv4 | -------- 267 |Receiver|-- | Client | | Client |--|Receiver| 268 -------- | network| | network| -------- 269 ._._._._ ._._._._ 271 Figure 2: IPv4-over-IPv6 Scenario 273 In Figure 2, the E-IP client networks run IPv4 and the I-IP core runs 274 IPv6. 276 Because of the much larger IPv6 group address space, the client 277 E-IPv4 tree can be mapped to a specific I-IPv6 core tree. This 278 simplifies operations on the AFBR because it becomes possible to 279 algorithmically map an IPv4 group/source address to an IPv6 group/ 280 source address and vice-versa. 282 The IPv4-over-IPv6 scenario is an emerging requirement as network 283 operators build out native IPv6 backbone networks. These networks 284 support native IPv6 services and applications but in many cases, 285 support for legacy IPv4 unicast and multicast services will also need 286 to be accomodated. 288 4. IPv4-over-IPv6 Mechanism 289 4.1. Mechanism Overview 291 Routers in the client E-IPv4 networks have routes to all other client 292 E-IPv4 networks. Through PIM messages, E-IPv4 hosts and routers have 293 discovered or learnt of (S,G) or (*,G) IPv4 addresses. Any I-IPv6 294 multicast state instantiated in the core is referred to as (S',G') or 295 (*,G') and is certainly separated from E-IPv4 multicast state. 297 Suppose a downstream AFBR receives an E-IPv4 PIM Join/Prune message 298 from the E-IPv4 network for either an (S,G) tree or a (*,G) tree. 299 The AFBR can translate the E-IPv4 PIM message into an I-IPv6 PIM 300 message with the latter being directed towards the I-IP IPv6 address 301 of the upstream AFBR. When the I-IPv6 PIM message arrives at the 302 upstream AFBR, it MUST be translated back into an E-IPv4 PIM message. 303 The result of these actions is the construction of E-IPv4 trees and a 304 corresponding I-IP tree in the I-IP network. An example of the 305 packet format and traslation is provided in Section 8. 307 In this case, it is incumbent upon the AFBR routers to perform PIM 308 message conversions in the control plane and IP group address 309 conversions or mappings in the data plane. The AFBRs perform an 310 algorithmic, one-to-one mapping of IPv4-to-IPv6. 312 4.2. Group Address Mapping 314 For the IPv4-over-IPv6 scenario, a simple algorithmic mapping between 315 IPv4 multicast group addresses and IPv6 group addresses is performed. 316 Figure 4 shows the reminder of the format: 318 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 319 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 320 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 321 | mPrefix46 |group address | 322 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 324 Figure 4: IPv4-Embedded IPv6 Multicast Address Format 326 An IPv6 multicast prefix (mPrefix46) is assigned to each AFBR. AFBRs 327 will prepend the prefix to an IPv4 multicast group address when 328 translating it to an IPv6 multicast group address. 330 The mPrefix46 for SSM mode is also defined in Section 4.1 of 331 [RFC7371] 333 With this scheme, each IPv4 multicast address can be mapped into an 334 IPv6 multicast address (with the assigned prefix), and each IPv6 335 multicast address with the assigned prefix can be mapped into an IPv4 336 multicast address. 338 4.3. Source Address Mapping 340 There are two kinds of multicast: ASM and SSM. Considering that I-IP 341 network and E-IP network may support different kinds of multicast, 342 the source address translation rules needed to support all possible 343 scenarios may become very complex. But since SSM can be implemented 344 with a strict subset of the PIM-SM protocol mechanisms [RFC7761], we 345 can treat the I-IP core as SSM-only to make it as simple as possible. 346 There then remain only two scenarios to be discussed in detail: 348 o E-IP network supports SSM 350 One possible way to make sure that the translated I-IPv6 PIM 351 message reaches upstream AFBR is to set S' to a virtual IPv6 352 address that leads to the upstream AFBR. Figure 5 is the 353 recommended address format based on [RFC6052]: 355 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 356 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 357 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 358 | prefix |v4(32) | u | suffix |source address | 359 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 360 |<------------------uPrefix46------------------>| 362 Figure 5: IPv4-Embedded IPv6 Virtual Source Address Format 364 In this address format, 366 * The "prefix" field contains a "Well-Known" prefix or an ISP- 367 defined prefix. An existing "Well-Known" prefix is 64:ff9b, 368 which is defined in [RFC6052]; 370 * The "v4" field is the IP address of one of upstream AFBR's 371 E-IPv4 interfaces; 373 * The "u" field is defined in [RFC4291], and MUST be set to zero; 375 * The "suffix" field is reserved for future extensions and SHOULD 376 be set to zero; 378 * The "source address" field stores the original S. 380 We call the overall /96 prefix ("prefix" field and "v4" field and 381 "u" field and "suffix" field altogether) "uPrefix46". 383 o E-IP network supports ASM 385 The (S,G) source list entry and the (*,G) source list entry only 386 differ in that the latter has both the WC and RPT bits of the 387 Encoded-Source-Address set, while the former is all cleared (See 388 Section 4.9.5.1 of [RFC7761]). So we can translate source list 389 entries in (*,G) messages into source list entries in (S'G') 390 messages by applying the format specified in Figure 5 and clearing 391 both the WC and RPT bits at downstream AFBRs, and vice-versa for 392 the reverse translation at upstream AFBRs. 394 4.4. Routing Mechanism 396 In the mesh multicast scenario, routing information is REQUIRED to be 397 distributed among AFBRs to make sure that the PIM messages that a 398 downstream AFBR propagates reach the right upstream AFBR. 400 Every AFBR MUST know the /32 prefix in "IPv4-Embedded IPv6 Virtual 401 Source Address Format". To achieve this, every AFBR should announce 402 one of its E-IPv4 interfaces in the "v4" field, and the corresponding 403 uPrefix46. The announcement SHOULD be sent to the other AFBRs 404 through MBGP. Since every IP address of upstream AFBR's E-IPv4 405 interface is different from each other, every uPrefix46 that AFBR 406 announces MUST be different, and uniquely identifies each AFBR. 407 "uPrefix46" is an IPv6 prefix, and the distribution mechanism is the 408 same as the traditional mesh unicast scenario. But "v4" field is an 409 E-IPv4 address, and BGP messages are NOT tunneled through softwires 410 or any other mechanism specified in [RFC5565], AFBRs MUST be able to 411 transport and encode/decode BGP messages that are carried over 412 I-IPv6, whose NLRI and NH are of E-IPv4 address family. 414 In this way, when a downstream AFBR receives an E-IPv4 PIM (S,G) 415 message, it can translate this message into (S',G') by looking up the 416 IP address of the corresponding AFBR's E-IPv4 interface. Since the 417 uPrefix46 of S' is unique, and is known to every router in the I-IPv6 418 network, the translated message will be forwarded to the 419 corresponding upstream AFBR, and the upstream AFBR can translate the 420 message back to (S,G). When a downstream AFBR receives an E-IPv4 PIM 421 (*,G) message, S' can be generated according to the format specified 422 in Figure 4, with "source address" field set to *(the IPv4 address of 423 RP). The translated message will be forwarded to the corresponding 424 upstream AFBR. Since every PIM router within a PIM domain MUST be 425 able to map a particular multicast group address to the same RP (see 426 Section 4.7 of [RFC7761]), when the upstream AFBR checks the "source 427 address" field of the message, it finds the IPv4 address of the RP, 428 and assertains that this is originally a (*,G) message. This is then 429 translated back to the (*,G) message and processed. 431 5. Control Plane Functions of AFBR 433 AFBRs are responsible for the following functions: 435 5.1. E-IP (*,G) State Maintenance 437 When an AFBR wishes to propagate a Join/Prune(*,G) message to an I-IP 438 upstream router, the AFBR MUST translate Join/Prune(*,G) messages 439 into Join/Prune(S',G') messages following the rules specified above, 440 then send the latter. 442 5.2. E-IP (S,G) State Maintenance 444 When an AFBR wishes to propagate a Join/Prune(S,G) message to an I-IP 445 upstream router, the AFBR MUST translate Join/Prune(S,G) messages 446 into Join/Prune(S',G') messages following the rules specified above, 447 then send the latter. 449 5.3. I-IP (S',G') State Maintenance 451 It is possible that the I-IP transit core runs another non-transit 452 I-IP PIM-SSM instance. Since the translated source address starts 453 with the unique "Well-Known" prefix or the ISP-defined prefix that 454 SHOULD NOT be used by other service provider, mesh multicast will not 455 influence non-transit PIM-SSM multicast at all. When an AFBR 456 receives an I-IP (S',G') message, it MUST check S'. If S' starts 457 with the unique prefix, then the message is actually a translated 458 E-IP (S,G) or (*,G) message, and the AFBR MUST translate this message 459 back to E-IP PIM message and process it. 461 5.4. E-IP (S,G,rpt) State Maintenance 463 When an AFBR wishes to propagate a Join/Prune(S,G,rpt) message to an 464 I-IP upstream router, the AFBR MUST operate as specified in 465 Section 6.5 and Section 6.6. 467 5.5. Inter-AFBR Signaling 469 Assume that one downstream AFBR has joined a RPT of (*,G) and a SPT 470 of (S,G), and decide to perform a SPT switchover. According to 471 [RFC7761], it SHOULD propagate a Prune(S,G,rpt) message along with 472 the periodical Join(*,G) message upstream towards RP. However, 473 routers in the I-IP transit core do not process (S,G,rpt) messages 474 since the I-IP transit core is treated as SSM-only. As a result, the 475 downstream AFBR is unable to prune S from this RPT, so it will 476 receive two copies of the same data of (S,G). In order to solve this 477 problem, we introduce a new mechanism for downstream AFBRs to inform 478 upstream AFBRs of pruning any given S from an RPT. 480 When a downstream AFBR wishes to propagate a (S,G,rpt) message 481 upstream, it SHOULD encapsulate the (S,G,rpt) message, then send the 482 encapsulated unicast message to the corresponding upstream AFBR, 483 which we call "RP'". 485 When RP' receives this encapsulated message, it SHOULD decapsulate 486 the message as in the unicast scenario, and retrieve the original 487 (S,G,rpt) message. The incoming interface of this message may be 488 different to the outgoing interface which propagates multicast data 489 to the corresponding downstream AFBR, and there may be other 490 downstream AFBRs that need to receive multicast data of (S,G) from 491 this incoming interface, so RP' SHOULD NOT simply process this 492 message as specified in [RFC7761] on the incoming interface. 494 To solve this problem as simply as possible, we introduce an 495 "interface agent" to process all the encapsulated (S,G,rpt) messages 496 the upstream AFBR receives, and prune S from the RPT of group G when 497 no downstream AFBR is subscribed to receive multicast data of (S,G) 498 along the RPT. In this way, we ensure that downstream AFBRs will not 499 miss any multicast data that they need, at the cost of duplicated 500 multicast data of (S,G) along the RPT received by SPT-switched-over 501 downstream AFBRs, if at least one downstream AFBR exists that has not 502 yet sent Prune(S,G,rpt) messages to the upstream AFBR. The following 503 diagram shows an example of how an "interface agent" MAY be 504 implemented: 506 +----------------------------------------+ 507 | | 508 | +-----------+----------+ | 509 | | PIM-SM | UDP | | 510 | +-----------+----------+ | 511 | ^ | | 512 | | | | 513 | | v | 514 | +----------------------+ | 515 | | I/F Agent | | 516 | +----------------------+ | 517 | PIM ^ | multicast | 518 | messages | | data | 519 | | +-------------+---+ | 520 | +--+--|-----------+ | | 521 | | v | v | 522 | +--------- + +----------+ | 523 | | I-IP I/F | | I-IP I/F | | 524 | +----------+ +----------+ | 525 | ^ | ^ | | 526 | | | | | | 527 +--------|-----|----------|-----|--------+ 528 | v | v 530 Figure 7: Interface Agent Implementation Example 532 Figure 7 shows an example of interface agent implementation using UDP 533 encapsulation. The interface agent has two responsibilities: In the 534 control plane, it SHOULD work as a real interface that has joined 535 (*,G), representing of all the I-IP interfaces which are outgoing 536 interfaces of the (*,G) state machine, and process the (S,G,rpt) 537 messages received from all the I-IP interfaces. The interface agent 538 maintains downstream (S,G,rpt) state machines of every downstream 539 AFBR, and submits Prune (S,G,rpt) messages to the PIM-SM module only 540 when every (S,G,rpt) state machine is at Prune(P) or PruneTmp(P') 541 state, which means that no downstream AFBR is subscribed to receive 542 multicast data of (S,G) along the RPT of G. Once a (S,G,rpt) state 543 machine changes to NoInfo(NI) state, which means that the 544 corresponding downstream AFBR has switched to receive multicast data 545 of (S,G) along the RPT again, the interface agent SHOULD send a Join 546 (S,G,rpt) to the PIM-SM module immediately; In the data plane, upon 547 receiving a multicast data packet, the interface agent SHOULD 548 encapsulate it at first, then propagate the encapsulated packet from 549 every I-IP interface. 551 NOTICE: It is possible that an E-IP neighbor of RP' that has joined 552 the RPT of G, so the per-interface state machine for receiving E-IP 553 Join/Prune (S,G,rpt) messages SHOULD keep alive. 555 5.6. SPT Switchover 557 After a new AFBR expresses its interest in receiving traffic destined 558 for a multicast group, it will receive all the data from the RPT at 559 first. At this time, every downstream AFBR will receive multicast 560 data from any source from this RPT, in spite of whether they have 561 switched over to an SPT of some source(s) or not. 563 To minimize this redundancy, it is recommended that every AFBR's 564 SwitchToSptDesired(S,G) function employs the "switch on first packet" 565 policy. In this way, the delay in switchover to SPT is kept as small 566 as possible, and after the moment that every AFBR has performed the 567 SPT switchover for every S of group G, no data will be forwarded in 568 the RPT of G, thus no more redundancy will be produced. 570 5.7. Other PIM Message Types 572 Apart from Join or Prune, other message types exist, including 573 Register, Register-Stop, Hello and Assert. Register and Register- 574 Stop messages are sent by unicast, while Hello and Assert messages 575 are only used between directly linked routers to negotiate with each 576 other. It is not necessary to translate these for forwarding, thus 577 the processing of these messages is out of scope for this document. 579 5.8. Other PIM States Maintenance 581 Apart from states mentioned above, other states exist, including 582 (*,*,RP) and I-IP (*,G') state. Since we treat the I-IP core as SSM- 583 only, the maintenance of these states is out of scope for this 584 document. 586 6. Data Plane Functions of the AFBR 588 6.1. Process and Forward Multicast Data 590 On receiving multicast data from upstream routers, the AFBR checks 591 its forwarding table to find the IP address of each outgoing 592 interface. If there is at least one outgoing interface whose IP 593 address family is different from the incoming interface, the AFBR 594 MUST encapsulate/decapsulate this packet and forward it via the 595 outgoing interface(s), then forward the data via other outgoing 596 interfaces without encapsulation/decapsulation. 598 When a downstream AFBR that has already switched over to the SPT of S 599 receives an encapsulated multicast data packet of (S,G) along the 600 RPT, it SHOULD silently drop this packet. 602 6.2. Selecting a Tunneling Technology 604 Choosing tunneling technology depends on the policies configured on 605 AFBRs. It is REQUIRED that all AFBRs use the same technology, 606 otherwise some AFBRs SHALL not be able to decapsulate encapsulated 607 packets from other AFBRs that use a different tunneling technology. 609 6.3. TTL 611 Processing of TTL depends on the tunneling technology, and it is out 612 of scope of this document. 614 6.4. Fragmentation 616 The encapsulation performed by an upstream AFBR will increase the 617 size of packets. As a result, the outgoing I-IP link MTU may not 618 accommodate the larger packet size. As it is not always possible for 619 core operators to increase the MTU of every link. Fragmentation 620 after encapsulation and reassembling of encapsulated packets MUST be 621 supported by AFBRs [RFC5565]. 623 7. Packet Format and Translation 625 Because the PIM-SM Specification is independent of the underlying 626 unicast routing protocol, the packet format in Section 4.9 of 627 [RFC7761] remains the same, except that the group address and source 628 address MUST be translated when traversing AFBR. 630 For example, Figure 8 shows the register-stop message format in IPv4 631 and IPv6 address family. 633 0 1 2 3 634 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 635 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 636 |PIM Ver| Type | Reserved | Checksum | 637 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 638 | IPv4 Group Address (Encoded-Group format) | 639 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 640 | IPv4 Source Address (Encoded-Unicast format) | 641 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 (1). IPv4 Register-Stop Message Format 644 0 1 2 3 645 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 646 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 647 |PIM Ver| Type | Reserved | Checksum | 648 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 649 | IPv6 Group Address (Encoded-Group format) | 650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 | IPv6 Source Address (Encoded-Unicast format) | 652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 (2). IPv6 Register-Stop Message Format 655 Figure 8: Register-Stop Message Format 657 In Figure 8, the semantics of fields "PIM Ver", "Type", "Reserved", 658 and "Checksum" remain the same. 660 IPv4 Group Address (Encoded-Group format): The encoded-group format 661 of the IPv4 group address described in Section 4.2. 663 IPv4 Source Address (Encoded-Group format): The encoded-unicast 664 format of the IPv4 source address described in Section 4.3. 666 IPv6 Group Address (Encoded-Group format): The encoded-group format 667 of the IPv6 group address described in Section 4.2. 669 IPv6 Source Address (Encoded-Group format): The encoded-unicast 670 format of the IPv6 source address described in Section 4.3. 672 8. Softwire Mesh Multicast Encapsulation 674 Softwire mesh multicast encapsulation does not require the use of any 675 one particular encapsulation mechanism. Rather, it MUST accommodate 676 a variety of different encapsulation mechanisms, and allow the use of 677 encapsulation mechanisms mentioned in [RFC4925]. Additionally, all 678 of the AFBRs attached to the I-IP network MUST implement the same 679 encapsulation mechanism. 681 9. Security Considerations 683 The security concerns raised in [RFC4925] and [RFC7761] are 684 applicable here. In addition, the additional workload associated 685 with some schemes could be exploited by an attacker to perform a out 686 DDoS attack. Compared with [RFC4925], the security concerns SHOULD 687 be considered more carefully: an attacker could potentially set up 688 many multicast trees in the edge networks, causing too many multicast 689 states in the core network. 691 10. IANA Considerations 693 This document includes no request to IANA. 695 11. References 697 11.1. Normative References 699 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 700 Requirement Levels", BCP 14, RFC 2119, 701 DOI 10.17487/RFC2119, March 1997, 702 . 704 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 705 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 706 2006, . 708 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 709 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 710 December 2005, . 712 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 713 Durand, Ed., "Softwire Problem Statement", RFC 4925, 714 DOI 10.17487/RFC4925, July 2007, 715 . 717 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 718 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 719 . 721 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 722 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 723 DOI 10.17487/RFC6052, October 2010, 724 . 726 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 727 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 728 2012, . 730 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 731 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 732 Multicast - Sparse Mode (PIM-SM): Protocol Specification 733 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 734 2016, . 736 11.2. Informative References 738 [RFC7371] Boucadair, M. and S. Venaas, "Updates to the IPv6 739 Multicast Addressing Architecture", RFC 7371, 740 DOI 10.17487/RFC7371, September 2014, 741 . 743 Appendix A. Acknowledgements 745 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 746 Venaas provided useful input into this document. 748 Authors' Addresses 750 Mingwei Xu 751 Tsinghua University 752 Department of Computer Science, Tsinghua University 753 Beijing 100084 754 P.R. China 756 Phone: +86-10-6278-5822 757 Email: xmw@cernet.edu.cn 759 Yong Cui 760 Tsinghua University 761 Department of Computer Science, Tsinghua University 762 Beijing 100084 763 P.R. China 765 Phone: +86-10-6278-5822 766 Email: cuiyong@tsinghua.edu.cn 768 Jianping Wu 769 Tsinghua University 770 Department of Computer Science, Tsinghua University 771 Beijing 100084 772 P.R. China 774 Phone: +86-10-6278-5983 775 Email: jianping@cernet.edu.cn 776 Shu Yang 777 Tsinghua University 778 Graduate School at Shenzhen 779 Shenzhen 518055 780 P.R. China 782 Phone: +86-10-6278-5822 783 Email: yangshu@csnet1.cs.tsinghua.edu.cn 785 Chris Metz 786 Cisco Systems 787 170 West Tasman Drive 788 San Jose, CA 95134 789 USA 791 Phone: +1-408-525-3275 792 Email: chmetz@cisco.com 794 Greg Shepherd 795 Cisco Systems 796 170 West Tasman Drive 797 San Jose, CA 95134 798 USA 800 Phone: +1-541-912-9758 801 Email: shep@cisco.com