One document matched: draft-ietf-bfd-seamless-base-07.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="std" docName="draft-ietf-bfd-seamless-base-07" ipr="trust200902" updates="5880">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
they will automatically be output with "(if approved)" -->
<!-- ***** FRONT MATTER ***** -->
<front>
<title abbrev="Seamless BFD Base">
Seamless Bidirectional Forwarding Detection (S-BFD)
</title>
<!-- add 'role="editor"' below for the editors if appropriate -->
<!-- Another author who claims to be an editor -->
<author fullname="Nobo Akiya" initials="N."
surname="Akiya">
<organization>Big Switch Networks</organization>
<address>
<email>nobo.akiya.dev@gmail.com</email>
</address>
</author>
<author fullname="Carlos Pignataro" initials="C."
surname="Pignataro">
<organization>Cisco Systems</organization>
<address>
<email>cpignata@cisco.com</email>
</address>
</author>
<author fullname="Dave Ward" initials="D."
surname="Ward">
<organization>Cisco Systems</organization>
<address>
<email>wardd@cisco.com</email>
</address>
</author>
<author fullname="Manav Bhatia" initials="M."
surname="Bhatia">
<organization>Ionos Networks</organization>
<address>
<email>manav@ionosnetworks.com</email>
</address>
</author>
<author fullname="Santosh Pallagatti" initials="S."
surname="Pallagatti">
<organization></organization>
<address>
<email>santosh.pallagatti@gmail.com</email>
</address>
</author>
<date />
<area>BFD Working Group</area>
<workgroup>Internet Engineering Task Force</workgroup>
<!-- WG name at the upperleft corner of the doc,
IETF is fine for individual submissions.
If this element is not present, the default is "Network Working Group",
which is used by the RFC Editor as a nod to the history of the IETF. -->
<keyword>BFD</keyword>
<keyword>seamless BFD</keyword>
<keyword>negotiation free</keyword>
<keyword>segment routing</keyword>
<keyword>IP</keyword>
<!-- Keywords will be incorporated into HTML output
files in a meta tag but they have no effect on text or nroff
output. If you submit your draft to the RFC Editor, the
keywords will be used for the search engine. -->
<abstract>
<t>This document defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring.</t>
<t>This document updates RFC5880.</t>
</abstract>
<note title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target="RFC2119">RFC 2119</xref>.</t>
</note>
</front>
<middle>
<section title="Introduction" anchor="Intro">
<t>Bidirectional Forwarding Detection (BFD), <xref target="RFC5880" /> and related documents, has efficiently generalized the failure detection mechanism for multiple protocols and applications. There are some improvements which can be made to better fit existing technologies. There is a possibility of evolving BFD to better fit new technologies. This document focuses on several aspects of BFD in order to further improve efficiency, to expand failure detection coverage and to allow BFD usage for wider scenarios.
Additional use cases are listed in <xref target="I-D.ietf-bfd-seamless-use-case" />.
</t><t>
Specifically,
this document defines
Seamless Bidirectional Forwarding Detection (S-BFD)
a simplified mechanism to use Bidirectional
Forwarding Detection (BFD) with large portions of negotiation aspects
eliminated, thus providing benefits such as quick provisioning as
well as improved control and flexibility to network nodes initiating
the path monitoring.
S-BFD enables cases benefiting from the use of core BFD technologies in
a fashion that leverages existing implementations and protocol machinery
while providing a rather simplified and largely stateless infrastructure for
continuity testing.
</t>
<t>One key aspect of the mechanism described in this document eliminates the time between a network node wanting to perform a continuity test and completing the continuity test. In traditional BFD terms, the initial state changes from DOWN to UP are virtually nonexistent. Removal of this seam (i.e., time delay) in BFD provides applications a smooth and continuous operational experience. Therefore, "Seamless BFD" (S-BFD) has been chosen as the name for this mechanism.</t>
</section>
<section title="Terminology">
<t>The reader is expected to be familiar with the BFD <xref target="RFC5880" />, IP
<xref target="RFC0791" /> <xref target="RFC2460" /> and MPLS <xref target="RFC3031" /> terminologies and protocol constructs. This section describes several new terminologies introduced by S-BFD.
<list style="symbols">
<t>Classical BFD - BFD session types based on <xref target="RFC5880" />.</t>
<t>S-BFD - Seamless BFD.</t>
<t>S-BFD control packet - a BFD control packet for the S-BFD mechanism.</t>
<t>S-BFD echo packet - a BFD echo packet for the S-BFD mechanism.</t>
<t>S-BFD packet - a BFD control packet or a BFD echo packet.</t>
<t>Entity - a function on a network node that S-BFD mechanism allows remote network nodes to perform continuity test to. An entity can be abstract (e.g., reachability) or specific (e.g., IP addresses, router-IDs, functions).</t>
<t>SBFDInitiator - an S-BFD session on a network node that performs a continuity test to a remote entity by sending S-BFD packets.</t>
<t>SBFDReflector - an S-BFD session on a network node that listens for incoming S-BFD control packets to local entities and generates response S-BFD control packets.</t>
<t>Reflector BFD session - synonymous with SBFDReflector.</t>
<t>S-BFD discriminator - a BFD discriminator allocated for a local entity and is being listened by an SBFDReflector.</t>
<t>BFD discriminator - a BFD discriminator allocated for an SBFDInitiator.</t>
<t>Initiator - a network node hosting an SBFDInitiator.</t>
<t>Responder - a network node hosting an SBFDReflector.</t>
</list>
Below figure describes the relationship between S-BFD terminologies.
<figure align="left"><preamble></preamble><artwork align="left"><![CDATA[
+---------------------+ +------------------------+
| Initiator | | Responder |
| +-----------------+ | | +-----------------+ |
| | SBFDInitiator |---S-BFD ctrl pkt----->| SBFDReflector | |
| | +-------------+ |<--S-BFD ctrl pkt------| +-------------+ | |
| | | BFD discrim | | | | | |S-BFD discrim| | |
| | | | |---S-BFD echo pkt---+ | | | | |
| | +-------------+ | | | | | +----------^--+ | |
| +-----------------+<-------------------+ +------------|----+ |
| | | | |
| | | +---v----+ |
| | | | Entity | |
| | | +--------+ |
+---------------------+ +------------------------+
Figure 1: S-BFD Terminology Relationship
]]></artwork></figure>
</t>
</section>
<section title="Seamless BFD Overview">
<t>An S-BFD module on each network node allocates one or more S-BFD discriminators for local entities, and creates a reflector BFD session. Allocated S-BFD discriminators may be advertised by applications (e.g., OSPF/IS-IS). Required result is that applications, on other network nodes, possess the knowledge of the S-BFD discriminators allocated by a remote node to remote entities. The reflector BFD session is to, upon receiving an S-BFD control packet targeted to one of local S-BFD discriminator values, transmit a response S-BFD control packet back to the initiator.</t>
<t>Once above setup is complete, any network node, having the knowledge of the S-BFD discriminator allocated toby a remote node to remote entity/entities, it can quickly perform a continuity test to the remote entity by simply sending S-BFD control packets with corresponding S-BFD discriminator value in the "your discriminator" field.
<figure align="left"><preamble></preamble><artwork align="left">
For example:
<------- IS-IS Network ------->
+---------+
| |
A---------B---------C---------D
^ ^
| |
SystemID SystemID
xxx yyy
BFD Discrim BFD Discrim
123 456
Figure 2: S-BFD for IS-IS Network
</artwork></figure>
S-BFD module in a system IS-IS SystemID xxx (node A) allocates an S-BFD discriminator 123, and IS-IS will advertises the S-BFD discriminator 123 in an IS-IS TLV. S-BFD module in a system with IS-IS SystemID yyy (node D) allocates an S-BFD discriminator 456, and IS-IS advertises the S-BFD discriminator 456 in an IS-IS TLV. A reflector BFD session is created on both network nodes (node A and node D). When network node A wants to check the reachability to network node D, node A can send an S-BFD control packet, destined to node D, with "your discriminator" field set to 456. When the reflector BFD session on node D receives this S-BFD control packet, then response S-BFD control packet is sent back to node A, which allows node A to complete the continuity test.</t>
<t>
When a node allocates multiple S-BFD discriminators, how remote nodes determine which of the discriminators is associated with a specific entity is currently unspecified. The use of multiple S-BFD discriminators by a single network node is therefore discouraged until a means of learning the mapping is defined.
</t>
</section>
<section title="S-BFD Discriminators" anchor="Res_BFD_Dis">
<section title="S-BFD Discriminator Uniqueness" anchor="_SBFD_DISC_UNIQ">
<t>One important characteristics of an S-BFD discriminator is that it MUST be unique within an administrative domain. If multiple network nodes allocated a same S-BFD discriminator value, then S-BFD control packets falsely terminating on a wrong network node can result in a reflector BFD session to generate a response back, due to "your discriminator" matching. This is clearly not desirable.</t>
</section>
<section title="Discriminator Pools">
<t>This subsection describes a discriminator pool implementation technique to minimize S-BFD discriminator collisions. The result will allow an implementation to better satisfy the S-BFD discriminator uniqueness requirement defined in <xref target="_SBFD_DISC_UNIQ" />.
<list style="symbols">
<t>SBFDInitiator is to allocate a discriminator from the BFD discriminator pool. If the system also supports classical BFD that runs on <xref target="RFC5880" />, then the BFD discriminator pool SHOULD be shared by SBFDInitiator sessions and classical BFD sessions.</t>
<t>SBFDReflector is to allocate a discriminator from the S-BFD discriminator pool. The S-BFD discriminator pool SHOULD be a separate pool than the BFD discriminator pool.</t>
</list>
Remainder of this subsection describes the reasons for above suggestions.</t>
<t>Locally allocated S-BFD discriminator values for entities, listened by SBFDReflector sessions, may be arbitrary allocated or derived from values provided by applications. These values may be protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g., IP address). To avoid derived S-BFD discriminator values already being assigned to other BFD sessions (i.e., SBFDInitiator sessions and classical BFD sessions), it is RECOMMENDED that discriminator pool for SBFDReflector sessions be separate from other BFD sessions.</t>
<t>Even when following the separate discriminator pool approach, collision is still possible between one S-BFD application to another S-BFD application, that may be using different values and algorithms to derive S-BFD discriminator values. If the two applications are using S-BFD for a same purpose (e.g., network reachability), then the colliding S-BFD discriminator value can be shared. If the two applications are using S-BFD for a different purpose, then the collision must be addressed. How such collisions are addressed is outside the scope of this document.</t>
</section>
</section>
<section title="Reflector BFD Session" anchor="_REF_SESSION">
<t>Each network node creates one or more reflector BFD sessions. This reflector BFD session is a session which transmits S-BFD control packets in response to received S-BFD control packets with "your discriminator" having S-BFD discriminators allocated for local entities. Specifically, this reflector BFD session is to have following characteristics:
<list style="symbols">
<t>MUST NOT transmit any S-BFD packets based on local timer expiry.</t>
<t>MUST transmit an S-BFD control packet in response to a received S-BFD control packet having a valid S-BFD discriminator in the "your discriminator" field, unless prohibited by local policies (e.g., administrative, security, rate-limiter, etc).</t>
<t>MUST be capable of sending only two states: UP and ADMINDOWN.</t>
</list>
One reflector BFD session may be responsible for handling received S-BFD control packets targeted to all locally allocated S-BFD discriminators, or few reflector BFD sessions may each be responsible for subset of locally allocated S-BFD discriminators. This policy is a local matter, and is outside the scope of this document.
</t>
<t>Note that incoming S-BFD control packets may be IPv4, IPv6 or MPLS based. How such S-BFD control packets reach an appropriate reflector BFD session is also a local matter, and is outside the scope of this document.</t>
</section>
<section title="State Variables">
<t>S-BFD introduces new state variables, and modifies the usage of existing ones.</t>
<section title="New State Variables">
<t>A new state variable is added to the base specification in support of S-BFD.
<list style="symbols">
<t>bfd.SessionType: This is a variable introduced her and used by <xref target="I-D.ietf-bfd-multipoint" />, and describes the type of this session. Allowable values for S-BFD sessions are:
<list>
<t>SBFDInitiator - an S-BFD session on a network node that performs a continuity test to a target entity by sending S-BFD packets.</t>
<t>SBFDReflector - an S-BFD session on a network node that listens for incoming S-BFD control packets to local entities and generates response S-BFD control packets.</t>
</list>
</t>
</list>
</t>
<t>bfd.SessionType variable MUST be initialized to the appropriate type when an S-BFD session is created.</t>
</section>
<section title="State Variable Initialization and Maintenance">
<t>A state variable defined in Section 6.8.1 of <xref target="RFC5880" /> need to be initialized or manipulated differently depending on the session type.
<list style="symbols">
<t>bfd.DemandMode:
This variable MUST be initialized to 1 for session type SBFDInitiator, and MUST be initialized to 0 for session type SBFDReflector.</t>
</list>
</t>
</section>
</section>
<section title="S-BFD Procedures">
<section title="Demultiplexing of S-BFD Control Packet" anchor="_PRE_DEMUX">
<t> S-BFD packet MUST be demultiplexed with lower layer information (e.g., dedicated destination UDP port, associated channel type). Following procedure SHOULD be executed on both initiator and reflector.
<list style="empty">
<t>If S-BFD packet
<list style="empty">
<t>If S-BFD packet is for SBFDReflector
<list style="empty">
<t>Packet MUST be looked up to locate a
corresponding SBFDReflector session based on the value from the "your
discriminator" field in the table describing S-BFD discriminators.
</t>
</list>
</t>
<t>Else
<list style="empty">
<t>Packet MUST be looked up to locate a corresponding SBFDInitiator
session or classical BFD session based on the value from the "your
discriminator" field in the table describing BFD discriminators.
If no match then received packet MUST be discarded.
</t>
<t>If session is SBFDInitiator
<list style="empty">
<t>Destination of the packet (i.e., destination IP address) SHOULD
be validated to be for self.
</t>
</list>
</t>
<t>Else
<list style="empty">
<t>Packet MUST be discarded</t>
</list>
</t>
</list>
</t>
</list>
</t>
<t> Else
<list style="empty">
<t>Procedure described in <xref target="RFC5880" /> MUST be applied.</t>
</list>
</t>
</list>
</t>
<t>More details on S-BFD control packet demultiplexing are described in relevant S-BFD data plane documents.</t>
</section>
<section title="Responder Procedures">
<t>A network node which receives S-BFD control packets transmitted by an initiator is referred as responder. The responder, upon reception of S-BFD control packets, is to perform necessary relevant validations described in <xref target="RFC5880" />.</t>
<section title="Responder Demultiplexing">
<t> S-BFD packet MUST be demultiplexed with lower layer information (e.g., dedicated destination UDP port, associated channel type). Following procedure SHOULD be executed by responder:
<list style="empty">
<t>If "your discriminator" not one of the entry allocated for local entities
<list style="empty">
<t>Packet MUST be discarded.</t>
</list>
</t>
<t>Else
<list style="empty">
<t>Packet is determined to be handled by a reflector BFD session responsible for that S-BFD discriminator.</t>
<t>If local policy allows (e.g., administrative, security, rate-limiter, etc)
<list style="empty">
<t>Chosen reflector BFD session SHOULD transmit a response BFD control packet using procedures described in Section 7.3.2.</t>
</list>
</t>
</list>
</t>
</list>
</t>
</section>
<section title="Transmission of S-BFD Control Packet by SBFDReflector" anchor="_SBFD_PAK_REFLECTOR">
<t>Contents of S-BFD control packets sent by an SBFDReflector MUST be set as per Section 6.8.7 of <xref target="RFC5880" />. There are few fields which needs to be set differently from <xref target="RFC5880" /> as follows:
<list style="empty">
<t>State (Sta)
<list style="empty">
<t>Set to bfd.SessionState (either UP or ADMINDOWN only). Clarification of reflector BFD session state is described in <xref target="Add_Res_Beh" />.</t>
</list>
</t>
<t>Demand (D)
<list style="empty">
<t>Set to 0.</t>
</list>
</t>
<t>Detect Mult
<list style="empty">
<t>Value to be copied from "Detection Multiplier" filed of received BFD packet.</t>
</list>
</t>
<t>My Discriminator
<list style="empty">
<t>Value be copied from "your discriminator" filed of received BFD packet.</t>
</list>
</t>
<t>Your Discriminator
<list style="empty">
<t>Value be copied from "my discriminator" filed of received BFD packet.</t>
</list>
</t>
<t>Desired Min TX Interval
<list style="empty">
<t>Value be copied from "Desired Min TX Interval" filed of received BFD packet.</t>
</list>
</t>
<t>Required Min RX Interval
<list style="empty">
<t>Set to a bfd.RequiredMinRxInterval, value describing minimum interval, in microseconds between received SBFD Control packets. Further details are described in <xref target="Add_Res_Beh" />.</t>
</list>
</t>
<t>Required Min Echo RX Interval
<list style="empty">
<t> If device supports looping back S-BFD echo packets
<list style="empty">
<t>Set to the minimum required Echo packet receive interval for this session.</t>
</list>
</t>
<t> Else
<list style="empty">
<t>Set to 0.</t>
</list>
</t>
</list>
</t>
</list>
</t>
</section>
<section title="Additional SBFDReflector Behaviors" anchor="Add_Res_Beh">
<t>
<list style="symbols">
<t>S-BFD control packets transmitted by the SBFDReflector MUST have "Required Min RX Interval" set to a value which expresses, in microseconds, the minimum interval between incoming S-BFD control packets this SBFDReflector can handle. The SBFDReflector can control how fast SBFInitiators will be sending S-BFD control packets to self by ensuring "Required Min RX Interval" indicates a value based on the current load.</t>
<t>If the SBFDReflector wishes to communicate to some or all SBFDInitiators that monitored local entity is "temporarily out of service", then S-BFD control packets with "state" set to ADMINDOWN are sent to those SBFDInitiators. The SBFDInitiators, upon reception of such packets, MUST NOT conclude loss of reachability to corresponding remote entity, and MUST back off packet transmission interval for the remote entity to an interval no faster than 1 second. If the SBFDReflector is generating a response S-BFD control packet for a local entity that is in service, then "state" in response BFD control packets MUST be set to UP.</t>
<t>If an SBFDReflector receives an S-BFD control packet with Demand (D) bit cleared, the packet MUST be discarded.</t>
</list>
</t>
</section>
</section>
<section title="Initiator Procedures">
<t>S-BFD control packets transmitted by an SBFDInitiator MUST set "your discriminator" field to an S-BFD discriminator corresponding to the remote entity.</t>
<t>Every SBFDInitiator MUST have a locally unique "my discriminator" allocated from the BFD discriminator pool.</t>
<t>Below Figure 3 art describes high level concept of continuity test using S-BFD. R2 allocates XX as the S-BFD discriminator for its network reachability purpose, and advertises XX to neighbors. ASCII art shows R1 and R4 performing a continuity test to R2.
<figure align="left"><preamble></preamble><artwork align="left"><![CDATA[
+--- md=50/yd=XX (ping) ----+
| |
|+-- md=XX/yd=50 (pong) --+ |
|| | |
|v | v
R1 ==================== R2[*] ========= R3 ========= R4
| ^ |^
| | ||
| +-- md=60/yd=XX (ping) --+|
| |
+---- md=XX/yd=60 (pong) ---+
[*] Reflector BFD session on R2.
=== Links connecting network nodes.
--- S-BFD control packet traversal.
Figure 3: S-BFD Continuity Test
]]></artwork></figure>
</t>
<section title="SBFDInitiator State Machine">
<t>An SBFDInitiator may be a persistent session on the initiator with a timer for S-BFD control packet transmissions (stateful SBFDInitiator). An SBFDInitiator may also be a module, a script or a tool on the initiator that transmits one or more S-BFD control packets "when needed" (stateless SBFDInitiator). For stateless SBFDInitiators, a complete BFD state machine may not be applicable. For stateful SBFDInitiators, the states and the state machine described in <xref target="RFC5880" /> will not function due to SBFDReflector session only sending UP and ADMINDOWN states (i.e., SBFDReflector session does not send INIT state). The following diagram provides the RECOMMENDED state machine for stateful SBFDInitiators. The notation on each arc represents the state of the SBFDInitiator (as received in the State field in the S-BFD control packet) or indicates the expiration of the Detection Timer.
<figure align="left"><preamble></preamble><artwork align="left"><![CDATA[
+--+
ADMIN DOWN, | |
TIMER | V
+------+ UP +------+
| |-------------------->| |----+
| DOWN | | UP | | UP
| |<--------------------| |<---+
+------+ ADMIN DOWN, +------+
TIMER
Figure 4: SBFDInitiator FSM
]]></artwork></figure>
Note that the above state machine is different from the base BFD specification<xref target="RFC5880" />. This is because the INIT state is no longer applicable for the SBFDInitiator. Another important difference is the transition of the state machine from the DOWN state to the UP state when a packet with State UP is received by the SBFDInitiator. The definitions of the states and the events have the same meaning as in the base BFD specification <xref target="RFC5880" />.
</t>
</section>
<section title="Transmission of S-BFD Control Packet by SBFDInitiator" anchor="_SBFD_PAK_INITIATOR">
<t>Contents of S-BFD control packets sent by an SBFDInitiator MUST be set as per Section 6.8.7 of <xref target="RFC5880" />. There are few fields which needs to be set differently from <xref target="RFC5880" /> as follows:
<list style="empty">
<t>Demand (D)
<list style="empty">
<t>D bit is used to identify S-BFD packet originated from SBFDInitiator and is always set to 1.</t>
</list>
</t>
<t>Your Discriminator
<list style="empty">
<t>Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to discriminator value of remote entity. It MAY be learnt from routing protocols or configured locally.</t>
</list>
</t>
<t>Required Min RX Interval
<list style="empty">
<t>Set to 0.</t>
</list>
</t>
<t>Required Min Echo RX Interval
<list style="empty">
<t>Set to 0.</t>
</list>
</t>
</list>
</t>
</section>
<section title="Additional SBFDInitiator Behaviors">
<t>
<list style="symbols">
<t>If the SBFDInitiator receives a valid S-BFD control packet in response to transmitted S-BFD control packet to a remote entity, then the SBFDInitiator SHOULD conclude that S-BFD control packet reached the intended remote entity.</t>
<t>When a sufficient number of S-BFD packets have not arrived as they should, the SBFDInitiator SHOULD declare loss of reachability to the remote entity. The criteria for declaring loss of reachability and the action that would be triggered as a result are outside the scope of this document.</t>
<t>Relating to above bullet item, it is critical for an implementation to understand the latency to/from the reflector BFD session on the responder. In other words, for very first S-BFD packet transmitted by the SBFDInitiator, an implementation MUST NOT expect response S-BFD packet to be received for time equivalent to sum of latencies: initiator to responder and responder back to initiator.</t>
<t>If the SBFDInitiator receives an S-BFD control packet with Demand (D) bit set, the packet MUST be discarded.</t>
</list>
</t>
</section>
</section>
<section title="Diagnostic Values">
<t>Diagnostic value in both directions MAY be set to a certain value, to attempt to communicate further information to both ends. Implementation MAY use already existing diagnostic values defined in Section 4.1 of <xref target="RFC5880" />. However, details of such are outside the scope of this specification.</t>
</section>
<section title="The Poll Sequence">
<t>Poll sequence MAY be used in both directions. The Poll sequence MUST operate in accordance with <xref target="RFC5880" />. An SBFDReflector MAY use the Poll sequence to slow down that rate at which S-BFD control packets are generated from an SBFDInitiator. This is done by the SBFDReflector using procedures described in <xref target="Add_Res_Beh" /> and setting the Poll (P) bit in the reflected S-BFD control packet. The SBFDInitiator is to then send the next S-BFD control packet with the Final (F) bit set. If an SBFDReflector receives an S-BFD control packet with Poll (P) bit set, then the SBFDReflector MUST respond with an S-BFD control packet with Poll (P) bit cleared and Final (F) bit set.</t>
</section>
</section>
<section title="Scaling Aspect">
<t>This mechanism brings forth one noticeable difference in terms of scaling aspect: number of SBFDReflector. This specification eliminates the need for egress nodes to have fully active BFD sessions when only one side desires to perform continuity tests. With introduction of reflector BFD concept, egress no longer is required to create any active BFD session per path/LSP/function basis. Due to this, total number of BFD sessions in a network is reduced.</t>
</section>
<section title="Co-existence with Classical BFD Sessions">
<t>Initial packet demultiplexing requirement is described in <xref target="_PRE_DEMUX" />. Because of this, S-BFD mechanism can co-exist with classical BFD sessions.</t>
</section>
<section title="S-BFD Echo Function">
<t>The concept of the S-BFD Echo function is similar to the BFD Echo function described in <xref target="RFC5880" />. S-BFD echo packets have the destination of self, thus S-BFD echo packets are self-generated and self-terminated after traversing a link/path. S-BFD echo packets are expected to u-turn on the target node in the data plane and MUST NOT be processed by any reflector BFD sessions on the target node.</t>
<t>When using the S-BFD Echo function, it is RECOMMENDED that:
<list style="symbols">
<t>Both S-BFD control packets and S-BFD echo packets be sent.</t>
<t>Both S-BFD control packets and S-BFD echo packets have the same semantics in the forward direction to reach the target node.</t>
</list>
In other words, it is not preferable to send just S-BFD echo packets without also sending S-BFD control packets. There are two reasons behind this suggestion:
<list style="symbols">
<t>S-BFD control packets can verify the reachability to intended target node, which allows one to have confidence that S-BFD echo packets are u-turning on the expected target node.</t>
<t>S-BFD control packets can detect when the target node is going out of service (i.e., via receiving back ADMINDOWN state).</t>
</list>
The usage of the "Required Min Echo RX Interval" field is described in <xref target="_SBFD_PAK_INITIATOR" /> and <xref target="_SBFD_PAK_REFLECTOR" />. Because of the stateless nature of SBFDReflector sessions, a value specified the "Required Min Echo RX Interval" field is not very meaningful at SBFDReflector. Thus it is RECOMMENDED that the "Required Min Echo RX Interval" field simply be set to zero from SBFDInitiator. SBFDReflector MAY set to appropriate value to control the rate at which it wants to receives SBFD echo packets.</t>
<t>Following aspects of S-BFD Echo functions are left as implementation details, and are outside the scope of this document:
<list style="symbols">
<t>Format of the S-BFD echo packet (e.g., data beyond UDP header).</t>
<t>Procedures on when and how to use the S-BFD Echo function.</t>
</list>
</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>Same security considerations as <xref target="RFC5880" /> apply to this document. Additionally, implementing the following measures will strengthen security aspects of the mechanism described by this document:
<list style="symbols">
<t>SBFDInitiator MAY pick a sequence number to be set in "sequence Number" in authentication section based on authentication mode configured.</t>
<t>SBFDReflector MUST NOT look at the crypto sequence number before accepting the packet.</t>
<t>SBFDReflector MAY look at the Auth Key ID in the incoming packet and verify the authentication data.</t>
<t>SBFDReflector MUST accept the packet if authentication is successful.</t>
<t>SBFDReflector MUST compute the Authentication data and MUST use the same sequence number that it received in the S-BFD control packet that it is responding to. </t>
<t>SBFDInitiator SHOULD accept S-BFD control packet with sequence number within permissible window. One potential approach is the procedure explained in <xref target="I-D.ietf-bfd-generic-crypto-auth" />.</t>
</list>
</t>
<t>Using the above method,
<list style="symbols">
<t>SBFDReflector continue to remain stateless despite using security.</t>
<t>SBFDReflector are not susceptible to replay attacks as they always respond to S-BFD control packets irrespective of the sequence number carried.</t>
<t>An attacker cannot impersonate the responder since the SBFDInitiator will only accept S-BFD control packets that come with the sequence number that it had originally used when sending the S-BFD control packet.</t>
</list>
</t>
<t>
Considerations about loop problems are covered in <xref target="loop" />.
</t>
</section>
<section title="IANA Considerations">
<t>No action is required by IANA for this document.</t>
</section>
<section title="Acknowledgements">
<t>Authors would like to thank Jeffrey Haas, Greg Mirsky, Marc Binderberger, and Alvaro Retana for performing thorough reviews and providing number of suggestions. Authors would like to thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from Cisco Systems for providing valuable comments. Authors would also like to thank John E. Drake and Pablo Frank for providing comments and suggestions.</t>
</section>
<section title="Contributing Authors">
<t>Tarek Saad
<vspace blankLines="0" />
Cisco Systems
<vspace blankLines="0" />
Email: tsaad@cisco.com</t>
<t>Siva Sivabalan
<vspace blankLines="0" />
Cisco Systems
<vspace blankLines="0" />
Email: msiva@cisco.com</t>
<t>Nagendra Kumar
<vspace blankLines="0" />
Cisco Systems
<vspace blankLines="0" />
Email: naikumar@cisco.com</t>
<t>Mallik Mudigonda
<vspace blankLines="0" />
Cisco Systems
<vspace blankLines="0" />
Email: mmudigon@cisco.com</t>
<t>Sam Aldrin
<vspace blankLines="0" />
Google
<vspace blankLines="0" />
Email: aldrin.ietf@gmail.com</t>
</section>
</middle>
<!-- *****BACK MATTER ***** -->
<back>
<!-- References split into informative and normative -->
<references title="Normative References">
<?rfc include="reference.RFC.2119"?>
<?rfc include="reference.RFC.5880"?>
</references>
<references title="Informative References">
<!--
<?rfc include="reference.RFC.5881"?>
<?rfc include="reference.RFC.5883"?>
<?rfc include="reference.RFC.5884"?>
<?rfc include="reference.RFC.5885"?>
-->
<?rfc include="reference.RFC.2460"?>
<?rfc include="reference.RFC.0791"?>
<?rfc include="reference.RFC.3031"?>
<?rfc include="reference.I-D.ietf-bfd-seamless-use-case"?>
<?rfc include="reference.I-D.ietf-bfd-generic-crypto-auth"?>
<?rfc include="reference.I-D.ietf-bfd-multipoint"?>
</references>
<section title="Loop Problem" anchor="loop">
<t>Consider a scenario where we have two nodes and both are S-BFD capable.</t>
<figure align="left"><preamble></preamble><artwork align="left"><![CDATA[
Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2)
|
|
Man in the Middle (MiM)
]]></artwork></figure>
<t>Assume node A reserved a discriminator 0x01010101 for target identifier 192.0.2.1 and has a reflector session in listening mode. Similarly node B reserved a discriminator 0x02020202 for its target identifier 192.0.2.2 and also has a reflector session in listening mode.</t>
<t>Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When this packet reaches Node B, the reflector session on Node B will swap the discriminators and IP addresses of the received packet and reflect it back, since YourDisc of the received packet matched with reserved discriminator of Node B. The reflected packet that reached Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet back to Node B. Since reflectors must set the TTL of the reflected packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM.</t>
<t>FYI: Packet fields do not carry any direction information, i.e., if this is Ping packet or reply packet.
</t>
<t>Solutions</t>
<t>The current proposals to avoid the loop problem are:
<list style="symbols">
<t>Overload "D" bit (Demand mode bit):
Initiator always sets the 'D' bit and reflector clears it. This way we can identify if a received packet was a reflected packet and avoid reflecting it back. However this changes the interpretation of 'D' bit.</t>
<t>Use of State field in the BFD control packets:
Initiator will always send packets with State set to DOWN and reflector will send back packets with state field set to UP. Reflectors will never reflect any received packets with state as UP. However the only issue is the use of state field differently i.e., state in the S-BFD control packet from initiator does not reflect the local state which is anyway not significant at reflector.</t>
<t>Use of local discriminator as My Disc at reflector:
Reflector will always fill in My Discriminator with a locally allocated discriminator value (not reserved discriminators) and will not copy it from the received packet.</t>
</list>
</t>
</section>
<!-- Change Log
v00-a 2013-05-20 Nobo: Initial version
v00-b 2013-05-24 Nobo: Included comments from Carlos/Nagendra
v00-c 2013-05-27 Nobo: Incorporated comments from Marc
v03-c 2014-04-08 Mallik: Included the D bit implementation details for loop prevention. Added additional notes in Security section.
-->
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 10:50:16 |