idnits 2.17.1 draft-zhang-bier-source-protection-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 256: '...e timeout period MAY be set to differe...' RFC 2119 keyword, line 288: '...iod on each BFER MAY be set to a diffe...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 13, 2020) is 1384 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-15) exists of draft-ietf-bess-mvpn-fast-failover-10 == Outdated reference: A later version (-08) exists of draft-ietf-bier-mld-04 == Outdated reference: A later version (-12) exists of draft-ietf-bier-pim-signaling-09 == Outdated reference: A later version (-13) exists of draft-ietf-bier-ping-07 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BIER WG Z. Zhang 3 Internet-Draft G. Mirsky 4 Intended status: Informational Q. Xiong 5 Expires: January 14, 2021 ZTE Corporation 6 Y. Liu 7 China Mobile 8 July 13, 2020 10 BIER Source Protection 11 draft-zhang-bier-source-protection-01 13 Abstract 15 This document describes the multicast source protection functions in 16 Bit Index Explicit Replication BIER domain. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on January 14, 2021. 35 Copyright Notice 37 Copyright (c) 2020 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. The Source Protection analysis . . . . . . . . . . . . . . . 3 54 2.1. Node failure monitoring . . . . . . . . . . . . . . . . . 4 55 2.2. Monitoring of the Working Path for a Failure . . . . . . 4 56 3. BFD and Ping . . . . . . . . . . . . . . . . . . . . . . . . 6 57 3.1. BIER Ping . . . . . . . . . . . . . . . . . . . . . . . . 6 58 3.2. BIER BFD . . . . . . . . . . . . . . . . . . . . . . . . 7 59 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 60 5. Informative References . . . . . . . . . . . . . . . . . . . 7 61 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 63 1. Introduction 65 Bit Index Explicit Replication (BIER) [RFC8279] is an architecture 66 that provides multicast forwarding through a "BIER domain" without 67 requiring intermediate routers to maintain any multicast related per- 68 flow state. BIER also does not require any explicit tree-building 69 protocol for its operation. A multicast data packet enters a BIER 70 domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the 71 BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). 73 Source Protection is not specific to the BIER environment. Source 74 Protection means that to protect the multicast source node, two or 75 more ingress routers, in BIER environment, ingress routers are BFIRs, 76 may be used to connect the multicast source node. Generally, only 77 one ingress router (BFIR) is selected to forward flows from multicast 78 source node to egress routers, in BIER environment, egress routers 79 are BFERs. The selected BFIR may be chosen based on local policies, 80 BFERs that receiving the same multicast flow may elect to use the 81 same or different BFIR. The BFIR and the path in use are referred to 82 as working while all alternative available BFIRs and paths that can 83 be used to receive the same multicast flow are referred to as 84 protection. 86 For a BFER, when either the working BFIR or the working path fails, 87 the BFER can select one of protecting BFIRs to get the multicast 88 flow. The shorter the detection time is, the faster the flow 89 recovers. 91 This document discusses the functions that can be used in failure 92 detection for multicast source protection. 94 2. The Source Protection analysis 96 According to BIER architecture [RFC8279], BIER overlay protocols, 97 which include MVPN [RFC8556], MLD [I-D.ietf-bier-mld], PIM 98 [I-D.ietf-bier-pim-signaling], etc., are used to exchange the 99 multicast flow information, so the BFER selects the UMH (Upstream 100 Multicast Hop) BFIR as the ingress router, the BFIR collects the 101 BFERs which want to receive the multicast flow. BIER transport is 102 used to deliver the multicast packet to the destination BFERs. To 103 ensure that the source flow protection is uninterrupted, the 104 detection of a defect is at the BIER transport layer. The switchover 105 is performed at the BIER overlay layer. When BFIR failure is 106 detected, BIER overlay advertisement for BFIR re-select may be 107 triggered. 109 As [I-D.ietf-bess-mvpn-fast-failover] describes, the root standby 110 functions defined in section 4.2 can also be used in the BIER 111 environment. About Cold Standby, Warm Standby, Hot Standby, more 112 details will be added in future version. 114 The most important items in source detection are failure detection 115 and switchover. Note that the failure detection includes node and 116 working path failure monitoring. Similarly, BFIR switching and BFER 117 switching are included in the switchover scenario. 119 The selected BFIR is referred to as Selected BFIR (S-BFIR) and the 120 backup BFIR - as Backup BFIR (B-BFIR). For simplicity, only one 121 B-BFIR is considered in the following case. 123 +--------+S1+-------+ 124 | | 125 +--v----+ +---v---+ 126 +------+ BFIR1 |..........| BFIR2 +-------+ 127 . +-------+ +-------+ . 128 . . 129 . ...... . 130 . . 131 . +-------+ +-------+ +-------+ . 132 +--|BFER1|-......-|BFER2|-......-|BFER3|--+ 133 +--+----+ +---+---+ +--+----+ 134 | | | 135 v v v 136 R1 R2 R3 138 Figure 1: An Example of the Source Protection in BIER 140 In Figure 1, a multicast source S1 is connected to BFIR1 and BFIR2. 141 In some deployments, only BFIR1 advertises S1 flow information to 142 BFERs by BIER overlay protocols, such as BGP(MVPN), MLD, PIM, etc. 143 All the BFERs which want to receive the S1 flow will select BFIR1 as 144 the S-BFIR, BFIR2 is the B-BFIR. In some other deployments, BFIR1 145 and BFIR2 both advertise S1 flows to BFERs by BIER overlay protocols, 146 and some BFERs may select BFIR1 as S-BFIR, other BFERs may select 147 BFIR2 as S-BFIR, BFIR1 and BFIR2 in charge of different BFERs, and 148 they are complementary B-BFIR for the BFERs. We do not distinguish 149 these two cases strictly. 151 2.1. Node failure monitoring 153 For example, if S1 connects BFIR1 and BFIR2 by a shared media, BFIR1 154 is the selected BFIR for multicast flow forwarding that comes from 155 S1, BFIR2 can monitor BFIR1 node failing by BFD session [RFC5880] 156 built on the shared media. Also, ping methods, include IPv4 ping 157 [RFC0792] (when IPv4 prefix is used), LSP-Ping [RFC8029] (when mpls 158 forwarding plane is built), IPv6 ping [RFC4443] (when IPv6 prefix is 159 used), BIER ping [I-D.ietf-bier-ping] can also be used. In case 160 there is no shared media among S1, BFIR1 and BFIR2, BFIR2 may monitor 161 BFIR1 by BFD session or any type of ping methods across the BIER 162 domain, in case there is no direct connection between BFIR1 and 163 BFIR2, multiple hops will be traversed. 165 2.2. Monitoring of the Working Path for a Failure 166 +--------+S1+-------+ 167 | | 168 +--v----+ +---v---+ 169 +------+ BFIR1 |..........| BFIR2 +-------+ 170 | +-----+-+ <------> +-------+ | 171 | | bfd | 172 | +--v---+ +------+ | 173 | | BFR1 | | BFR2 | | 174 | +-+---+--+- +------+ | 175 | | | ...... | 176 | | +-----+ | 177 | | | | 178 | +--v---+ +-v----+ +------+ | 179 | | BFRx | | BFRy | | BFRz | | 180 | ++-----+ ++--+--+ +------+ | 181 | | | | | 182 | | | +------------+ | 183 | | | | | 184 | +---v---+ +-v-----+ +--v----+ | 185 +--|BFER1||......||BFER2||......||BFER3|--+ 186 +--+----+ +---+---+ +--+----+ 187 | | | 188 v v v 189 R1 R2 R3 191 Figure 2: An Example of the Monitoring of the Working Path 193 In the case of a node failure detection, the path between B-BFIR and 194 S-BFIR may not be the same as the path traversed by the data flow. 195 For example, in Figure 2, the path from BFIR1 (S-BFIR) to all the 196 BFERs is different from the path between BFIR1 and BFIR2 (B-BFIR). 197 If the path between BFIR2 and BFIR1 is broken, BFIR2 will detect the 198 failure and consider that BFIR1 is down. As a result, BFIR2 will 199 take on the role of S-BFIR. But the path from BFIR1 to all of the 200 BFERs may be working well and is not affected by the defect between 201 BFIR1 and BFIR2. In this situation, the B-BFIR switches to S-BFIR 202 unnecessarily, and potential packet loss will occur. 204 There are two options to monitor the working multicast distribution 205 tree in BIER: 207 o S-BFIR monitors all the BFERs; 209 o each BFER monitors the S-BFIR. 211 In BIER transport environment, the monitor should be based on BIER 212 forwarding. 214 When S-BFIR monitors all the related BFERs, multiple BFD sessions may 215 be built between S-BFIR and each BFER. BIER ping 216 [I-D.ietf-bier-ping] can also be used. Once S-BFIR finds that one 217 BFER is lost by BFD session timeout or ping fail, S-BFIR should 218 notify B-BFIR to take charge of flow forwarding for the lost BFER. 220 When BFER monitors the S-BFIR, multiple BFD sessions may be built 221 between S-BFIR and each BFER. Or BIER ping [I-D.ietf-bier-ping] can 222 also be used. Once BFER finds that the S-BFIR is lost, the BFER 223 should select the B-BFIR as S-BFIR as soon as possible, and the BFER 224 should advertisement the UMH selection to B-BFIR as soon as possible. 226 When MVPN is used as BIER overlay protocol, BFD discriminator defined 227 section 3.1.6 in [I-D.ietf-bess-mvpn-fast-failover] can also be used 228 to build the multipoint BFD among BFIR and BFERs. 230 BIER BFD [I-D.hu-bier-bfd] can be used to reduce the number of BFD 231 sessions between S-BFIR and each of BFERs. If BIER BFD is used, only 232 one multipoint BFD session will be built among S-BFIR and all the 233 BFERs. 235 3. BFD and Ping 237 BFD and Ping can all be used in failure detection, but there are 238 differences between them. A network administrator can select the 239 appropriate mechanism according to the actual network. 241 3.1. BIER Ping 243 [I-D.ietf-bier-ping] describes the mechanism and basic BIER OAM 244 packet format that can be used to perform failure detection and 245 isolation on BIER data plane without any dependency on other layers 246 like the IP layer. 248 In the example of Figure 1, BFER can monitor the status of BFIR and 249 the path status between BFER and BFIR. BFER1 sends the BIER Ping 250 packet to BFIR1. If BFER1 does not receive responses from BFIR1 in 251 an expected period of time (may be multiplied average round-trip 252 time), BFER1 will treat BFIR1 as a failed UMH, and BFER1 will select 253 BFIR2 as the UMH and signal to BFIR2 to get multicast flow. 255 In this example, BFER1, BFER2, and BFER3 send BIER ping packet to 256 BFIR1 separately. The timeout period MAY be set to different values 257 depending on the local performance requirement on each BFER. 259 In the general case of more complex BIER topology, it cannot be 260 guaranteed that the path used from BFIR1 to BFER1 is the same as in 261 the reverse direction, i.e., from BFER1 to BFIR1. If that is not 262 guaranteed and the paths are not co-routed, then this method may 263 produce false results, both false negative and false positive. The 264 former is when ping fails while the multicast path and flow are OK. 265 The latter is when the multicast path has a defect, but ping works. 266 Thus, to improve the consistency of this method of detecting a 267 failure in multicast flow transport, the path that the echo request 268 from BFER1 traverses to BFIR1 must be co-routed with the path that 269 the monitored multicast flow traverses through the BIER domain from 270 BFIR1 to BFER1. 272 3.2. BIER BFD 274 [I-D.hu-bier-bfd] describes the application of P2MP BFD in a BIER 275 network. And it describes the procedures for using such mode of BFD 276 protocol to verify multipoint or multicast connectivity between a 277 sender (BFIR) and one or more receivers (BFERs). 279 In the same example, BFIR1 sends the BIER Echo request packet to 280 BFERs to bootstrap a p2mp BFD session. After BFER1, BFER2 and BFER3 281 receive the Echo request packet with BFD Discriminator and the Target 282 SI-Bitstring TLVs, BFERs creates the BFD session of type 283 MultipointTail [RFC8562] to monitor the status of BFIR1 and the 284 working path. If BFERs have not received BFD packet from BFER1 for 285 the Detection Time [RFC8562], BFER1 will treat BFIR1 as a failed UMH, 286 and signal to BFIR2 to get the multicast flow. 288 The timeout period on each BFER MAY be set to a different value 289 depending on the local performance requirement on each BFER. BFER 290 monitors BFIR separately and selects its UMH independently from 291 selections reached by other BFERs. 293 4. Security Considerations 295 Security considerations discussed in [RFC8279], [RFC8562], 296 [I-D.ietf-bier-ping], [I-D.ietf-bess-mvpn-fast-failover] and 297 [I-D.hu-bier-bfd] apply to this document. 299 5. Informative References 301 [I-D.hu-bier-bfd] 302 Xiong, Q., Mirsky, G., hu, f., and C. Liu, "BIER BFD", 303 draft-hu-bier-bfd-07 (work in progress), July 2020. 305 [I-D.ietf-bess-mvpn-fast-failover] 306 Morin, T., Kebler, R., and G. Mirsky, "Multicast VPN fast 307 upstream failover", draft-ietf-bess-mvpn-fast-failover-10 308 (work in progress), February 2020. 310 [I-D.ietf-bier-mld] 311 Pfister, P., Wijnands, I., Venaas, S., Wang, C., Zhang, 312 Z., and M. Stenberg, "BIER Ingress Multicast Flow Overlay 313 using Multicast Listener Discovery Protocols", draft-ietf- 314 bier-mld-04 (work in progress), March 2020. 316 [I-D.ietf-bier-pim-signaling] 317 Bidgoli, H., Xu, F., Kotalwar, J., Wijnands, I., mishra, 318 m., and Z. Zhang, "PIM Signaling Through BIER Core", 319 draft-ietf-bier-pim-signaling-09 (work in progress), July 320 2020. 322 [I-D.ietf-bier-ping] 323 Nainar, N., Pignataro, C., Akiya, N., Zheng, L., Chen, M., 324 and G. Mirsky, "BIER Ping and Trace", draft-ietf-bier- 325 ping-07 (work in progress), May 2020. 327 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 328 RFC 792, DOI 10.17487/RFC0792, September 1981, 329 . 331 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 332 Control Message Protocol (ICMPv6) for the Internet 333 Protocol Version 6 (IPv6) Specification", STD 89, 334 RFC 4443, DOI 10.17487/RFC4443, March 2006, 335 . 337 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 338 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 339 . 341 [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., 342 Aldrin, S., and M. Chen, "Detecting Multiprotocol Label 343 Switched (MPLS) Data-Plane Failures", RFC 8029, 344 DOI 10.17487/RFC8029, March 2017, 345 . 347 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 348 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 349 Explicit Replication (BIER)", RFC 8279, 350 DOI 10.17487/RFC8279, November 2017, 351 . 353 [RFC8556] Rosen, E., Ed., Sivakumar, M., Przygienda, T., Aldrin, S., 354 and A. Dolganow, "Multicast VPN Using Bit Index Explicit 355 Replication (BIER)", RFC 8556, DOI 10.17487/RFC8556, April 356 2019, . 358 [RFC8562] Katz, D., Ward, D., Pallagatti, S., Ed., and G. Mirsky, 359 Ed., "Bidirectional Forwarding Detection (BFD) for 360 Multipoint Networks", RFC 8562, DOI 10.17487/RFC8562, 361 April 2019, . 363 Authors' Addresses 365 Zheng Zhang 366 ZTE Corporation 368 Email: zzhang_ietf@hotmail.com 370 Greg Mirsky 371 ZTE Corporation 373 Email: gregimirsky@gmail.com 375 Quan Xiong 376 ZTE Corporation 378 Email: xiong.quan@zte.com.cn 380 Yisong Liu 381 China Mobile 383 Email: liuyisong@chinamobile.com