idnits 2.17.1 draft-ietf-softwire-mesh-multicast-25.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 8, 2019) is 1777 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4925 Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire WG M. Xu 3 Internet-Draft Y. Cui 4 Intended status: Standards Track J. Wu 5 Expires: December 10, 2019 Tsinghua University 6 S. Yang 7 Shenzhen University 8 C. Metz 9 Cisco Systems 10 June 8, 2019 12 IPv4 Multicast over an IPv6 Multicast in Softwire Mesh Network 13 draft-ietf-softwire-mesh-multicast-25 15 Abstract 17 During the transition to IPv6, there will be scenarios where a 18 backbone network internally running one IP address family (referred 19 to as the internal IP or I-IP family), connects client networks 20 running another IP address family (referred to as the external IP or 21 E-IP family). In such cases, the I-IP backbone needs to offer both 22 unicast and multicast transit services to the client E-IP networks. 24 This document describes a mechanism for supporting multicast across 25 backbone networks where the I-IP and E-IP protocol families differ. 26 The document focuses on IPv4-over-IPv6 scenario, due to lack of real- 27 world use cases for IPv6-over-IPv4 scenario. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on December 10, 2019. 46 Copyright Notice 48 Copyright (c) 2019 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 64 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 65 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 4. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 5. Mesh Multicast Mechanism . . . . . . . . . . . . . . . . . . 7 68 5.1. Mechanism Overview . . . . . . . . . . . . . . . . . . . 8 69 5.2. Group Address Mapping . . . . . . . . . . . . . . . . . . 8 70 5.3. Source Address Mapping . . . . . . . . . . . . . . . . . 9 71 5.4. Routing Mechanism . . . . . . . . . . . . . . . . . . . . 9 72 6. Control Plane Functions of AFBR . . . . . . . . . . . . . . . 10 73 6.1. E-IP (*,G) and (S,G) State Maintenance . . . . . . . . . 10 74 6.2. I-IP (S',G') State Maintenance . . . . . . . . . . . . . 10 75 6.3. E-IP (S,G,rpt) State Maintenance . . . . . . . . . . . . 11 76 6.4. Inter-AFBR Signaling . . . . . . . . . . . . . . . . . . 11 77 6.5. SPT Switchover . . . . . . . . . . . . . . . . . . . . . 13 78 6.6. Other PIM Message Types . . . . . . . . . . . . . . . . . 13 79 6.7. Other PIM States Maintenance . . . . . . . . . . . . . . 13 80 7. Data Plane Functions of the AFBR . . . . . . . . . . . . . . 14 81 7.1. Process and Forward Multicast Data . . . . . . . . . . . 14 82 7.2. TTL or Hop Count . . . . . . . . . . . . . . . . . . . . 14 83 7.3. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 14 84 8. Packet Format and Translation . . . . . . . . . . . . . . . . 14 85 9. Softwire Mesh Multicast Encapsulation . . . . . . . . . . . . 15 86 10. Security Considerations . . . . . . . . . . . . . . . . . . . 16 87 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 88 12. Normative References . . . . . . . . . . . . . . . . . . . . 16 89 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 18 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 92 1. Introduction 94 During the transition to IPv6, there will be scenarios where a 95 backbone network internally running one IP address family (referred 96 to as the internal IP or I-IP family), connects client networks 97 running another IP address family (referred to as the external IP or 98 E-IP family). 100 One solution is to leverage the multicast functions inherent in the 101 I-IP backbone to efficiently forward client E-IP multicast packets 102 inside an I-IP core tree. The I-IP tree is rooted at one or more 103 ingress Address Family Border Routers (AFBRs) [RFC5565] and branches 104 out to one or more egress AFBRs. 106 [RFC4925] outlines the requirements for the softwire mesh scenario 107 and includes support for multicast traffic. It is likely that client 108 E-IP multicast sources and receivers will reside in different client 109 E-IP networks connected to an I-IP backbone network. This requires 110 the client E-IP source-rooted or shared tree to traverse the I-IP 111 backbone network. 113 This could be accomplished by re-using the multicast VPN approach 114 outlined in [RFC6513]. MVPN-like schemes can support the softwire 115 mesh scenario and achieve a "many-to-one" mapping between the E-IP 116 client multicast trees and the transit core multicast trees. The 117 advantage of this approach is that the number of trees in the I-IP 118 backbone network scales less than linearly with the number of E-IP 119 client trees. Corporate enterprise networks, and by extension 120 multicast VPNs, have been known to run applications that create too 121 many (S,G) states, which is source specific states related with a 122 specified multicast group [RFC7761][RFC7899]. Aggregation at the 123 edge contains the (S,G) states for customer's VPNs and these need to 124 be maintained by the network operator. The disadvantage of this 125 approach is the possibility of inefficient bandwidth and resource 126 utilization when multicast packets are delivered to a receiving AFBR 127 with no attached E-IP receivers. 129 [RFC8114] provides a solution for delivering IPv4 multicast services 130 over an IPv6 network. But it mainly focuses on the DS-lite [RFC6333] 131 scenario, where IPv4 addresses assigned by a broadband service 132 provider are shared among customers. This document describes a 133 detailed solution for the IPv4-over-IPv6 softwire mesh scenario, 134 where client networks run IPv4 and the backbone network runs IPv6. 136 Internet-style multicast is somewhat different to the [RFC8114] 137 scenario in that the trees are source-rooted and relatively sparse. 138 The need for multicast aggregation at the edge (where many customer 139 multicast trees are mapped into one or more backbone multicast trees) 140 does not exist and to date has not been identified. Thus the need 141 for alignment between the E-IP and I-IP multicast mechanisms emerges. 143 [RFC5565] describes the "Softwire Mesh Framework". This document 144 provides a more detailed description of how one-to-one mapping 145 schemes ([RFC5565], Section 11.1) for IPv4-over-IPv6 multicast can be 146 achieved. 148 Figure 1 shows an example of how a softwire mesh network can support 149 multicast traffic. A multicast source S is located in one E-IP 150 client network, while candidate E-IP group receivers are located in 151 the same or different E-IP client networks that all share a common 152 I-IP transit network. When E-IP sources and receivers are not local 153 to each other, they can only communicate with each other through the 154 I-IP core. There may be several E-IP sources for a single multicast 155 group residing in different client E-IP networks. In the case of 156 shared trees, the E-IP sources, receivers and rendezvous points (RPs) 157 might be located in different client E-IP networks. In the simplest 158 case, a single operator manages the resources of the I-IP core, 159 although the inter-operator case is also possible and so not 160 precluded. 162 +---------+ +---------+ 163 | | | | +--------+ 164 | E-IP | | E-IP +--+Source S| 165 | network | | network | +--------+ 166 +---+-----+ +--+------+ 167 | | 168 +-+--------+ +-------+--+ 169 | | | upstream | 170 +-| AFBR +--+ AFBR |-+ 171 | +----------+ +----------+ | 172 | | E-IP Multicast 173 | I-IP transit core | packets are forwarded 174 | | across the I-IP 175 | +----------+ +----------+ | transit core 176 +-|dowstream | |downstream|-+ 177 | AFBR |--| AFBR | 178 +--+-------+ +--------+-+ 179 | | 180 +---+----+ +---+----+ 181 +--------+ | | | | +--------+ 182 |Receiver+---+ E-IP | | E-IP +--+Receiver| 183 +--------+ |network | |network | +--------+ 184 +--------+ +--------+ 186 Figure 1: Softwire Mesh Multicast Framework 188 2. Requirements Language 190 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 191 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 192 "OPTIONAL" in this document are to be interpreted as described in BCP 193 14 [RFC2119] [RFC8174] when, and only when, they appear in all 194 capitals, as shown here. 196 3. Terminology 198 Terminology used in this document: 200 o Address Family Border Router (AFBR) - A router interconnecting two 201 or more networks using different IP address families. Additionally, 202 in the context of softwire mesh multicast, the AFBR runs E-IP and 203 I-IP control planes to maintain E-IP and I-IP multicast states 204 respectively and performs the appropriate encapsulation/decapsulation 205 of client E-IP multicast packets for transport across the I-IP core. 206 An AFBR will act as a source and/or receiver in an I-IP multicast 207 tree. 209 o Upstream AFBR: An AFBR that is closer to the source of a multicast 210 data flow. 212 o Downstream AFBR: An AFBR that is closer to a receiver of a 213 multicast data flow. 215 o I-IP (Internal IP): This refers to IP address family that is 216 supported by the core network. In this document, the I-IP is IPv6. 218 o E-IP (External IP): This refers to the IP address family that is 219 supported by the client network(s) attached to the I-IP transit core. 220 In this document, the E-IP is IPv4. 222 o I-IP core tree: A distribution tree rooted at one or more AFBR 223 source nodes and branched out to one or more AFBR leaf nodes. An 224 I-IP core tree is built using standard IP or MPLS multicast signaling 225 protocols (in this document, we focus on IP multicast) operating 226 exclusively inside the I-IP core network. An I-IP core tree is used 227 to forward E-IP multicast packets belonging to E-IP trees across the 228 I-IP core. Another name for an I-IP core tree is multicast or 229 multipoint softwire. 231 o E-IP client tree: A distribution tree rooted at one or more hosts 232 or routers located inside a client E-IP network and branched out to 233 one or more leaf nodes located in the same or different client E-IP 234 networks. 236 o uPrefix64: The /96 unicast IPv6 prefix for constructing an 237 IPv4-embedded IPv6 unicast address [RFC8114]. 239 o mPrefix64: The /96 multicast IPv6 prefix for constructing an 240 IPv4-embedded IPv6 multicast address [RFC8114]. 242 o PIMv4, PIMv6: refer to [RFC8114]. 244 o Inter-AFBR signaling: A mechanism used by downstream AFBRs to send 245 PIMv6 messages to the upstream AFBR. 247 4. Scope 249 This document focuses on the IPv4-over-IPv6 scenario, as shown in the 250 following diagram: 252 +---------+ +---------+ 253 | IPv4 | | IPv4 | +--------+ 254 | Client | | Client |--+Source S| 255 | Network | | Network | +--------+ 256 +----+----+ +----+----+ 257 | | 258 +--+-------+ +-------+--+ 259 | | | Upstream | 260 +-+ AFBR +--+ AFBR |-+ 261 | +----------+ +----------+ | 262 | | 263 | IPv6 transit core | 264 | | 265 | +----------+ +----------+ | 266 +-+Downstream+--+Downstream+-+ 267 | AFBR | | AFBR | 268 +--+-------+ +-------+--+ 269 | | 270 +----+----+ +----+----+ 271 +--------+ | IPv4 | | IPv4 | +--------+ 272 |Receiver+--+ Client | | Client +--+Receiver| 273 +--------+ | Network | | Network | +--------+ 274 +---------+ +---------+ 276 Figure 2: IPv4-over-IPv6 Scenario 278 In Figure 2, the E-IP client networks run IPv4 and the I-IP core runs 279 IPv6. 281 Because of the much larger IPv6 group address space, the client E-IP 282 tree can be mapped to a specific I-IP core tree. This simplifies 283 operations on the AFBR because it becomes possible to algorithmically 284 map an IPv4 group/source address to an IPv6 group/source address and 285 vice-versa. 287 The IPv4-over-IPv6 scenario is an emerging requirement as network 288 operators build out native IPv6 backbone networks. These networks 289 support native IPv6 services and applications but in many cases, 290 support for legacy IPv4 unicast and multicast services will also need 291 to be accommodated. 293 5. Mesh Multicast Mechanism 294 5.1. Mechanism Overview 296 Routers in the client E-IP networks have routes to all other client 297 E-IP networks. Through PIMv4 messages, E-IP hosts and routers have 298 discovered or learnt of (S,G) or (*,G)[RFC7761] IPv4 addresses. Any 299 I-IP multicast state instantiated in the core is referred to as 300 (S',G') or (*,G') and is separated from E-IP multicast state. 302 Suppose a downstream AFBR receives an E-IP PIM Join/Prune message 303 from the E-IP network for either an (S,G) tree or a (*,G) tree. The 304 AFBR translates the PIMv4 message into an PIMv6 message with the 305 latter being directed towards the I-IP IPv6 address of the upstream 306 AFBR. When the PIMv6 message arrives at the upstream AFBR, it is 307 translated back into an PIMv4 message. The result of these actions 308 is the construction of E-IP trees and a corresponding I-IP tree in 309 the I-IP network. An example of the packet format and translation is 310 provided in Section 8. 312 In this case, it is incumbent upon the AFBRs to perform PIM message 313 conversions in the control plane and IP group address conversions or 314 mappings in the data plane. The AFBRs perform an algorithmic, one- 315 to-one mapping of IPv4-to-IPv6. 317 5.2. Group Address Mapping 319 A simple algorithmic mapping between IPv4 multicast group addresses 320 and IPv6 group addresses is performed. Figure 3 is provided as a 321 reminder of the format: 323 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 324 | 0-------------32--40--48--56--64--72--80--88--96-----------127| 325 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 326 | mPrefix64 | group address | 327 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 329 Figure 3: IPv4-Embedded IPv6 Multicast Address Format 331 An IPv6 multicast prefix (mPrefix64) is provisioned on each AFBR. 332 AFBRs will prepend the prefix to an IPv4 multicast group address when 333 translating it to an IPv6 multicast group address. 335 The construction of the mPrefix64 for Source-Specific Multicast (SSM) 336 is the same as the construction of the mPrefix64 described in 337 Section 5 of [RFC8114]. 339 With this scheme, each IPv4 multicast address can be mapped into an 340 IPv6 multicast address (with the assigned prefix), and each IPv6 341 multicast address with the assigned prefix can be mapped into an IPv4 342 multicast address. The group address translation algorithm can be 343 referred in Section 5.2 of [RFC8114]. 345 5.3. Source Address Mapping 347 There are two kinds of multicast: Any-Source Multicast (ASM) and SSM. 348 Considering that the I-IP network and E-IP network may support 349 different kinds of multicast, the source address translation rules 350 needed to support all possible scenarios may become very complex. 351 But since SSM can be implemented with a strict subset of the PIM-SM 352 protocol mechanisms [RFC7761], we can treat the I-IP core as SSM-only 353 to make it as simple as possible. There then remain only two 354 scenarios to be discussed in detail: 356 o E-IP network supports SSM 358 One possible way to make sure that the translated PIMv6 message 359 reaches upstream AFBR is to set S' to a virtual IPv6 address that 360 leads to the upstream AFBR. The unicast adddress translation 361 should be achieved according to [RFC6052] 363 o E-IP network supports ASM 365 The (S,G) source list entry and the (*,G) source list entry differ 366 only in that the latter has both the WildCard (WC) and RPT bits of 367 the Encoded-Source-Address set, while with the former, the bits 368 are cleared (See Section 4.9.5.1 of [RFC7761]). As a result, the 369 source list entries in (*,G) messages can be translated into 370 source list entries in (S',G') messages by clearing both the WC 371 and RPT bits at downstream AFBRs, and vice-versa for the reverse 372 translation at upstream AFBRs. 374 5.4. Routing Mechanism 376 With mesh multicast, PIMv6 messages originating from a downstream 377 AFBR need to be propogated to the correct upstream AFBR, and every 378 AFBR needs the /96 prefix in "IPv4-Embedded IPv6 Source Address 379 Format" [RFC6052]. 381 To achieve this, every AFBR MUST announce the address of one of its 382 E-IPv4 interfaces in the "v4" field [RFC6052] alongside the 383 corresponding uPreifx46. The announcement MUST be sent to the other 384 AFBRs through MBGP [RFC4760]. Every uPrefix64 that an AFBR announces 385 MUST be unique. "uPrefix64" is an IPv6 prefix, and the distribution 386 mechanism is the same as the traditional mesh unicast scenario. 388 As the "v4" field is an E-IP address, and BGP messages are not 389 tunneled through softwires or any other mechanism specified in 390 [RFC5565], AFBRs MUST be able to transport and encode/decode BGP 391 messages that are carried over the I-IP, and whose NLRI and NH are of 392 the E-IP address family. 394 In this way, when a downstream AFBR receives an E-IP PIM (S,G) 395 message, it can translate this message into (S',G') by looking up the 396 IP address of the corresponding AFBR's E-IP interface. Since the 397 uPrefix64 of S' is unique, and is known to every router in the I-IP 398 network, the translated message will be forwarded to the 399 corresponding upstream AFBR, and the upstream AFBR can translate the 400 message back to (S,G). 402 When a downstream AFBR receives an E-IP PIM (*,G) message, S' can be 403 generated with the "source address" field set to * (wildcard value). 404 The translated message will be forwarded to the corresponding 405 upstream AFBR. Since every PIM router within a PIM domain MUST be 406 able to map a particular multicast group address to the same RP when 407 the source address is set to wildcard value (see Section 4.7 of 408 [RFC7761]), when the upstream AFBR checks the "source address" field 409 of the message, it finds the IPv4 address of the RP, and ascertains 410 that this is originally a (*,G) message. This is then translated 411 back to the (*,G) message and processed. 413 6. Control Plane Functions of AFBR 415 AFBRs are responsible for the following functions: 417 6.1. E-IP (*,G) and (S,G) State Maintenance 419 E-IP (*,G) and (S,G) state maintenance for an AFBR is the same as 420 E-IP (*,G) and (S,G) state maintenance for an mAFTR described in 421 Section 7.2 of [RFC8114] 423 6.2. I-IP (S',G') State Maintenance 425 It is possible that the I-IP transit core runs another, non-transit, 426 I-IP PIM-SSM instance. Since the translated source address starts 427 with the unique "Well-Known" prefix or the ISP-defined prefix that 428 MUST NOT be used by another service provider, mesh multicast will not 429 influence non-transit PIM-SSM multicast at all. When an AFBR 430 receives an I-IP (S',G') message, it MUST check S'. If S' starts 431 with the unique prefix, then the message is actually a translated 432 E-IP (S,G) or (*,G) message, and the AFBR translate this message back 433 to a PIMv4 message and process it. 435 6.3. E-IP (S,G,rpt) State Maintenance 437 When an AFBR wishes to propagate a Join/Prune(S,G,rpt)[RFC7761] 438 message to an I-IP upstream router, the AFBR MUST operate as 439 specified in Section 6.5 and Section 6.6. 441 6.4. Inter-AFBR Signaling 443 Assume that one downstream AFBR has joined an RPT of (*,G) and an SPT 444 of (S,G), and decided to perform an SPT switchover (see Section 4.2.1 445 of [RFC7761]). According to [RFC7761], it should propagate a 446 Prune(S,G,rpt) message along with the periodical Join(*,G) message 447 upstream towards the RP. However, routers in the I-IP transit core 448 do not process (S,G,rpt) messages since the I-IP transit core is 449 treated as SSM-only. As a result, the downstream AFBR is unable to 450 prune S from this RPT, so it will receive two copies of the same data 451 for (S,G). In order to solve this problem, we introduce a new 452 mechanism for downstream AFBRs to inform upstream AFBRs of pruning 453 any given S from an RPT. 455 When a downstream AFBR wishes to propagate an (S,G,rpt) message 456 upstream, it SHOULD encapsulate the (S,G,rpt) message, then send the 457 encapsulated unicast message to the corresponding upstream AFBR, 458 which we call "RP'". 460 When RP' receives this encapsulated message, it MUST decapsulate the 461 message as in the unicast scenario, and retrieve the original 462 (S,G,rpt) message. The incoming interface of this message may be 463 different to the outgoing interface which propagates multicast data 464 to the corresponding downstream AFBR, and there may be other 465 downstream AFBRs that need to receive multicast data of (S,G) from 466 this incoming interface, so RP' should not simply process this 467 message as specified in [RFC7761] on the incoming interface. 469 To solve this problem, we introduce an "interface agent" to process 470 all the encapsulated (S,G,rpt) messages the upstream AFBR receives. 471 The interface agent's RP' should prune S from the RPT of group G when 472 no downstream AFBR is subscribed to receive multicast data of (S,G) 473 along the RPT. 475 In this way, we ensure that downstream AFBRs will not miss any 476 multicast data that they need. The cost of this is that multicast 477 data for (S,G) will be duplicated along the RPT received by AFBRs 478 affected by the SPT switch over, if at least one downstream AFBR 479 exists that has not yet sent Prune(S,G,rpt) messages to the upstream 480 AFBR. 482 In certain deployment scenarios (e.g. if there is only a single 483 downstream router), the interface agent function is not required. 485 The mechanism used to achieve this is left to the implementation. 486 The following diagram provides one possible solution for an 487 "interface agent" implementation: 489 +----------------------------------------+ 490 | | 491 | +-----------+----------+ | 492 | | PIM-SM | UDP | | 493 | +-----------+----------+ | 494 | ^ | | 495 | | | | 496 | | v | 497 | +----------------------+ | 498 | | I/F Agent | | 499 | +----------------------+ | 500 | PIM ^ | multicast | 501 | messages | | data | 502 | | +-------------+---+ | 503 | +--+--|-----------+ | | 504 | | v | v | 505 | +--------- + +----------+ | 506 | | I-IP I/F | | I-IP I/F | | 507 | +----------+ +----------+ | 508 | ^ | ^ | | 509 | | | | | | 510 +--------|-----|----------|-----|--------+ 511 | v | v 513 Figure 4: Interface Agent Implementation Example 515 Figure 4 shows an example of an interface agent implementation using 516 UDP encapsulation. The interface agent has two responsibilities: In 517 the control plane, it should work as a real interface that has joined 518 (*,G), representing of all the I-IP interfaces which are outgoing 519 interfaces of the (*,G) state machine, and process the (S,G,rpt) 520 messages received from all the I-IP interfaces. 522 The interface agent maintains downstream (S,G,rpt) state machines for 523 every downstream AFBR, and submits Prune (S,G,rpt) messages to the 524 PIM-SM module only when every (S,G,rpt) state machine is in the 525 Prune(P) or PruneTmp(P') state, which means that no downstream AFBR 526 is subscribed to receive multicast data for (S,G) along the RPT of G. 527 Once a (S,G,rpt) state machine changes to NoInfo(NI) state, which 528 means that the corresponding downstream AFBR has switched to receive 529 multicast data of (S,G) along the RPT again, the interface agent MUST 530 send a Join (S,G,rpt) to the PIM-SM module immediately. 532 In the data plane, upon receiving a multicast data packet, the 533 interface agent MUST encapsulate it at first, then propagate the 534 encapsulated packet from every I-IP interface. 536 NOTICE: It is possible that an E-IP neighbor of RP' has joined the 537 RPT of G, so the per-interface state machine for receiving E-IP Join/ 538 Prune (S,G,rpt) messages should be preserved. 540 6.5. SPT Switchover 542 After a new AFBR requests the receipt of traffic destined for a 543 multicast group, it will receive all the data from the RPT at first. 544 At this time, every downstream AFBR will receive multicast data from 545 any source from this RPT, in spite of whether they have switched over 546 to an SPT or not. 548 To minimize this redundancy, it is recommended that every AFBR's 549 SwitchToSptDesired(S,G) function employs the "switch on first packet" 550 policy. In this way, the delay in switchover to SPT is kept as small 551 as possible, and after the moment that every AFBR has performed the 552 SPT switchover for every S of group G, no data will be forwarded in 553 the RPT of G, thus no more unnecessary duplication will be produced. 555 6.6. Other PIM Message Types 557 In addition to Join or Prune, other message types exist, including 558 Register, Register-Stop, Hello and Assert. Register and Register- 559 Stop messages are sent by unicast, while Hello and Assert messages 560 are only used between directly linked routers to negotiate with each 561 other. It is not necessary to translate these for forwarding, thus 562 the processing of these messages is out of scope for this document. 564 6.7. Other PIM States Maintenance 566 In addition to states mentioned above, other states exist, including 567 (*,*,RP) and I-IP (*,G') state. Since we treat the I-IP core as SSM- 568 only, the maintenance of these states is out of scope for this 569 document. 571 7. Data Plane Functions of the AFBR 573 7.1. Process and Forward Multicast Data 575 Refer to Section 7.4 of [RFC8114]. If there is at least one outgoing 576 interface whose IP address family is different from the incoming 577 interface, the AFBR MUST encapsulate this packet with 578 mPrefix64-derived and uPrefix64-derived IPv6 address to form an IPv6 579 multicast packet. 581 7.2. TTL or Hop Count 583 Upon encapsulation, the TTL and hop account in the outer header 584 SHOULD be set by policy. Upon decapsulation, the TTL and hop count 585 in the inner header SHOULD be modified by policy, it MUST NOT be 586 incremented and it MAY be decremented to reflect the cost of tunnel 587 forwarding. Besides, processing of TTL and hop count information in 588 protocol headers depends on the tunneling technology, which is out of 589 scope of this document. 591 7.3. Fragmentation 593 The encapsulation performed by an upstream AFBR will increase the 594 size of packets. As a result, the outgoing I-IP link MTU may not 595 accommodate the larger packet size. It is not always possible for 596 core operators to increase the MTU of every link, thus source 597 fragmentation after encapsulation and reassembling of encapsulated 598 packets MUST be supported by AFBRs [RFC5565]. PMTUD [RFC8201] SHOULD 599 be enabled and ICMPv6 packets MUST NOT be filtered in the I-IP 600 network. Fragmentation and tunnel configuration considerations are 601 provided in Section 8 of [RFC5565]. The detailed procedure can be 602 referred in Section 7.2 of [RFC2473]. 604 8. Packet Format and Translation 606 Because the PIM-SM Specification is independent of the underlying 607 unicast routing protocol, the packet format in Section 4.9 of 608 [RFC7761] remains the same, except that the group address and source 609 address MUST be translated when traversing an AFBR. 611 For example, Figure 5 shows the register-stop message format in the 612 IPv4 and IPv6 address families. 614 0 1 2 3 615 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 |PIM Ver| Type | Reserved | Checksum | 618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 | IPv4 Group Address (Encoded-Group format) | 620 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 621 | IPv4 Source Address (Encoded-Unicast format) | 622 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 623 (1). IPv4 Register-Stop Message Format 625 0 1 2 3 626 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 628 |PIM Ver| Type | Reserved | Checksum | 629 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 630 | IPv6 Group Address (Encoded-Group format) | 631 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 632 | IPv6 Source Address (Encoded-Unicast format) | 633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 634 (2). IPv6 Register-Stop Message Format 636 Figure 5: Register-Stop Message Format 638 In Figure 5, the semantics of fields "PIM Ver", "Type", "Reserved", 639 and "Checksum" can be referred in Section 4.9 of [RFC7761]. 641 IPv4 Group Address (Encoded-Group format): The encoded-group format 642 of the IPv4 group address described in Section 4.9.1 of [RFC7761] 644 IPv4 Source Address (Encoded-Group format): The encoded-unicast 645 format of the IPv4 source address described in Section 4.9.1 of 646 [RFC7761] 648 IPv6 Group Address (Encoded-Group format): The encoded-group format 649 of the IPv6 group address described in Section 5.2. 651 IPv6 Source Address (Encoded-Group format): The encoded-unicast 652 format of the IPv6 source address described in Section 5.3. 654 9. Softwire Mesh Multicast Encapsulation 656 Softwire mesh multicast encapsulation does not require the use of any 657 one particular encapsulation mechanism. Rather, it MUST accommodate 658 a variety of different encapsulation mechanisms, and allow the use of 659 encapsulation mechanisms mentioned in [RFC4925]. Additionally, all 660 of the AFBRs attached to the I-IP network MUST implement the same 661 encapsulation mechanism, and follow the requirements mentioned in 662 Section 8 of [RFC5565]. 664 10. Security Considerations 666 The security concerns raised in [RFC4925] and [RFC7761] are 667 applicable here. 669 The additional workload associated with some schemes, such as 670 interface agents, could be exploited by an attacker to perform a DDoS 671 attack. 673 Compared with [RFC4925], the security concerns should be considered 674 more carefully: an attacker could potentially set up many multicast 675 trees in the edge networks, causing too many multicast states in the 676 core network. To defend against these attacks, BGP policies SHOULD 677 be carefully configured, e.g., AFBRs only accept Well-Known prefix 678 advertisements from trusted peers. Besides, cryptographic methods 679 for authenticating BGP sessions [RFC7454] could be used. 681 11. IANA Considerations 683 This document includes no request to IANA. 685 12. Normative References 687 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 688 Requirement Levels", BCP 14, RFC 2119, 689 DOI 10.17487/RFC2119, March 1997, 690 . 692 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 693 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 694 December 1998, . 696 [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, 697 "Multiprotocol Extensions for BGP-4", RFC 4760, 698 DOI 10.17487/RFC4760, January 2007, 699 . 701 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 702 Durand, Ed., "Softwire Problem Statement", RFC 4925, 703 DOI 10.17487/RFC4925, July 2007, 704 . 706 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 707 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 708 . 710 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 711 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 712 DOI 10.17487/RFC6052, October 2010, 713 . 715 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 716 Stack Lite Broadband Deployments Following IPv4 717 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 718 . 720 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 721 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 722 2012, . 724 [RFC7454] Durand, J., Pepelnjak, I., and G. Doering, "BGP Operations 725 and Security", BCP 194, RFC 7454, DOI 10.17487/RFC7454, 726 February 2015, . 728 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 729 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 730 Multicast - Sparse Mode (PIM-SM): Protocol Specification 731 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 732 2016, . 734 [RFC7899] Morin, T., Ed., Litkowski, S., Patel, K., Zhang, Z., 735 Kebler, R., and J. Haas, "Multicast VPN State Damping", 736 RFC 7899, DOI 10.17487/RFC7899, June 2016, 737 . 739 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 740 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 741 over an IPv6 Multicast Network", RFC 8114, 742 DOI 10.17487/RFC8114, March 2017, 743 . 745 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 746 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 747 May 2017, . 749 [RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed., 750 "Path MTU Discovery for IP version 6", STD 87, RFC 8201, 751 DOI 10.17487/RFC8201, July 2017, 752 . 754 Appendix A. Acknowledgements 756 Wenlong Chen, Xuan Chen, Alain Durand, Yiu Lee, Jacni Qin and Stig 757 Venaas provided useful input into this document. 759 Authors' Addresses 761 Mingwei Xu 762 Tsinghua University 763 Department of Computer Science, Tsinghua University 764 Beijing 100084 765 P.R. China 767 Phone: +86-10-6278-5822 768 Email: xumw@tsinghua.edu.cn 770 Yong Cui 771 Tsinghua University 772 Department of Computer Science, Tsinghua University 773 Beijing 100084 774 P.R. China 776 Phone: +86-10-6278-5822 777 Email: cuiyong@tsinghua.edu.cn 779 Jianping Wu 780 Tsinghua University 781 Department of Computer Science, Tsinghua University 782 Beijing 100084 783 P.R. China 785 Phone: +86-10-6278-5983 786 Email: jianping@cernet.edu.cn 788 Shu Yang 789 Shenzhen University 790 South Campus, Shenzhen University 791 Shenzhen 518060 792 P.R. China 794 Phone: +86-755-2653-4078 795 Email: yang.shu@szu.edu.cn 796 Chris Metz 797 Cisco Systems 798 170 West Tasman Drive 799 San Jose, CA 95134 800 USA 802 Phone: +1-408-525-3275 803 Email: chmetz@cisco.com