GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc7880

Internet Engineering Task Force (IETF) C. Pignataro Request for Comments: 7880 D. Ward Updates: 5880 Cisco Category: Standards Track N. Akiya ISSN: 2070-1721 Big Switch Networks

                                                             M. Bhatia
                                                        Ionos Networks
                                                         S. Pallagatti
                                                             July 2016
        Seamless Bidirectional Forwarding Detection (S-BFD)

Abstract

 This document defines Seamless Bidirectional Forwarding Detection
 (S-BFD), a simplified mechanism for using BFD with a large proportion
 of negotiation aspects eliminated, thus providing benefits such as
 quick provisioning, as well as improved control and flexibility for
 network nodes initiating path monitoring.
 This document updates RFC 5880.

Status of This Memo

 This is an Internet Standards Track document.
 This document is a product of the Internet Engineering Task Force
 (IETF).  It represents the consensus of the IETF community.  It has
 received public review and has been approved for publication by the
 Internet Engineering Steering Group (IESG).  Further information on
 Internet Standards is available in Section 2 of RFC 7841.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 http://www.rfc-editor.org/info/rfc7880.

Pignataro, et al. Standards Track [Page 1] RFC 7880 Seamless BFD Base July 2016

Copyright Notice

 Copyright (c) 2016 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (http://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the Simplified BSD License.

Pignataro, et al. Standards Track [Page 2] RFC 7880 Seamless BFD Base July 2016

Table of Contents

 1. Introduction ....................................................4
 2. Terminology .....................................................4
 3. Seamless BFD Overview ...........................................6
 4. S-BFD Discriminators ............................................7
    4.1. S-BFD Discriminator Uniqueness .............................7
    4.2. Discriminator Pools ........................................7
 5. Reflector BFD Session ...........................................8
 6. State Variables .................................................9
    6.1. New State Variables ........................................9
    6.2. State Variable Initialization and Maintenance ..............9
 7. S-BFD Procedures ...............................................10
    7.1. Demultiplexing of S-BFD Control Packet ....................10
    7.2. Responder Procedures ......................................11
         7.2.1. Responder Demultiplexing ...........................11
         7.2.2. Transmission of S-BFD Control Packet by
                SBFDReflector ......................................11
         7.2.3. Additional SBFDReflector Behaviors .................12
    7.3. Initiator Procedures ......................................13
         7.3.1. SBFDInitiator State Machine ........................14
         7.3.2. Transmission of S-BFD Control Packet by
                SBFDInitiator ......................................15
         7.3.3. Additional SBFDInitiator Behaviors .................15
    7.4. Diagnostic Values .........................................16
    7.5. The Poll Sequence .........................................16
 8. Operational Considerations .....................................16
    8.1. Scaling Aspect ............................................17
    8.2. Congestion Considerations .................................17
 9. Co-existence with Classical BFD Sessions .......................17
 10. S-BFD Echo Function ...........................................18
 11. Security Considerations .......................................19
 12. References ....................................................20
    12.1. Normative References .....................................20
    12.2. Informative References ...................................20
 Appendix A. Loop Problem and Solution .............................22
 Acknowledgements ..................................................23
 Contributors ......................................................23
 Authors' Addresses ................................................24

Pignataro, et al. Standards Track [Page 3] RFC 7880 Seamless BFD Base July 2016

1. Introduction

 Bidirectional Forwarding Detection (BFD), as described in [RFC5880]
 and related documents, has efficiently generalized the failure
 detection mechanism for multiple protocols and applications.  There
 are some improvements that can be made to better fit existing
 technologies.  There is a possibility of evolving BFD to better fit
 new technologies.  This document focuses on several aspects of BFD in
 order to further improve efficiency, expand failure detection
 coverage, and allow BFD usage for wider scenarios.  Additional use
 cases are listed in [RFC7882].
 Specifically, this document defines Seamless Bidirectional Forwarding
 Detection (S-BFD), a simplified mechanism for using BFD with a large
 proportion of negotiation aspects eliminated, thus providing benefits
 such as quick provisioning, as well as improved control and
 flexibility for network nodes initiating path monitoring.  S-BFD
 enables cases benefiting from the use of core BFD technologies in a
 fashion that leverages existing implementations and protocol
 machinery while providing a rather simplified and largely stateless
 infrastructure for continuity testing.
 One key aspect of the mechanism described in this document eliminates
 the time between a network node wanting to perform a continuity test
 and completing the continuity test.  In traditional BFD terms, the
 initial state changes from DOWN to UP are virtually nonexistent.
 Removal of this "seam" (i.e., time delay) in BFD provides a smooth
 and continuous operational experience for applications.  Therefore,
 "Seamless BFD" (S-BFD) has been chosen as the name for this
 mechanism.

2. Terminology

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
 document are to be interpreted as described in RFC 2119 [RFC2119].
 The reader is expected to be familiar with the BFD [RFC5880], IP
 [RFC791] [RFC2460], and MPLS [RFC3031] terms and protocol constructs.
 The remainder of this section describes several new terms introduced
 by S-BFD.
 o  Classical BFD - BFD session types based on [RFC5880].
 o  S-BFD - Seamless BFD.
 o  S-BFD Control packet - a BFD Control packet for the S-BFD
    mechanism.

Pignataro, et al. Standards Track [Page 4] RFC 7880 Seamless BFD Base July 2016

 o  S-BFD Echo packet - a BFD Echo packet for the S-BFD mechanism.
 o  S-BFD packet - a BFD Control packet or a BFD Echo packet.
 o  Entity - a function on a network node to which the S-BFD mechanism
    allows remote network nodes to perform continuity tests.  An
    entity can be abstract (e.g., reachability) or specific (e.g., IP
    addresses, Router-IDs, functions).
 o  SBFDInitiator - an S-BFD session on a network node that performs a
    continuity test to a remote entity by sending S-BFD packets.
 o  SBFDReflector - an S-BFD session on a network node that listens
    for incoming S-BFD Control packets to local entities and generates
    response S-BFD Control packets.
 o  Reflector BFD session - synonymous with SBFDReflector.
 o  S-BFD Discriminator - a BFD Discriminator allocated for a local
    entity.  An SBFDReflector listens for S-BFD Discriminators.
 o  BFD Discriminator - a BFD Discriminator allocated for an
    SBFDInitiator.
 o  Initiator - a network node hosting an SBFDInitiator.
 o  Responder - a network node hosting an SBFDReflector.
 Figure 1 describes the relationship between S-BFD terms.
  +---------------------+                +------------------------+
  |      Initiator      |                |         Responder      |
  | +-----------------+ |                |    +-----------------+ |
  | |  SBFDInitiator  |---S-BFD Ctrl pkt----->|  SBFDReflector  | |
  | | +-------------+ |<--S-BFD Ctrl pkt------| +-------------+ | |
  | | | BFD Discrim | | |                |    | |S-BFD Discrim| | |
  | | |             | |---S-BFD Echo pkt---+  | |             | | |
  | | +-------------+ | |                | |  | +----------^--+ | |
  | +-----------------+<-------------------+  +------------|----+ |
  |                     |                |                 |      |
  |                     |                |             +---v----+ |
  |                     |                |             | Entity | |
  |                     |                |             +--------+ |
  +---------------------+                +------------------------+
               Figure 1: S-BFD Terminology Relationship

Pignataro, et al. Standards Track [Page 5] RFC 7880 Seamless BFD Base July 2016

3. Seamless BFD Overview

 An S-BFD module on each network node allocates one or more S-BFD
 Discriminators for local entities and creates a Reflector BFD
 session.  Allocated S-BFD Discriminators may be advertised by
 applications (e.g., OSPF/IS-IS).  The required result is that
 applications on other network nodes will know about the S-BFD
 Discriminators allocated by a remote node to remote entities.  The
 Reflector BFD session, upon receiving an S-BFD Control packet
 targeted to one of the local S-BFD Discriminator values, is to
 transmit a response S-BFD Control packet back to the initiator.
 Once the above setup is complete, any network node that knows about
 the S-BFD Discriminator allocated by a remote node to a remote entity
 or entities can quickly perform a continuity test to the remote
 entity by simply sending S-BFD Control packets with a corresponding
 S-BFD Discriminator value in the Your Discriminator field.
 This is exemplified in Figure 2.
                   <------- IS-IS Network ------->
                             +---------+
                             |         |
                   A---------B---------C---------D
                   ^                             ^
                   |                             |
               System-ID                      System-ID
                  xxx                            yyy
              BFD Discrim                    BFD Discrim
                  123                            456
                   Figure 2: S-BFD for IS-IS Network
 An S-BFD module in a system with IS-IS System-ID xxx (Node A)
 allocates an S-BFD Discriminator 123, and IS-IS advertises the S-BFD
 Discriminator 123 in an IS-IS TLV.  An S-BFD module in a system with
 IS-IS System-ID yyy (Node D) allocates an S-BFD Discriminator 456,
 and IS-IS advertises the S-BFD Discriminator 456 in an IS-IS TLV.  A
 Reflector BFD session is created on both network nodes (Node A and
 Node D).  When Node A wants to check the reachability of Node D,
 Node A can send an S-BFD Control packet destined to Node D with the
 Your Discriminator field set to 456.  When the Reflector BFD session
 on Node D receives this S-BFD Control packet, then a response S-BFD
 Control packet is sent back to Node A, which allows Node A to
 complete the continuity test.

Pignataro, et al. Standards Track [Page 6] RFC 7880 Seamless BFD Base July 2016

 When a node allocates multiple S-BFD Discriminators, how remote nodes
 determine which of the discriminators is associated with a specific
 entity is currently unspecified.  The use of multiple S-BFD
 Discriminators by a single network node is therefore discouraged
 until a means of learning the mapping is defined.

4. S-BFD Discriminators

4.1. S-BFD Discriminator Uniqueness

 One important characteristic of an S-BFD Discriminator is that it
 MUST be unique within an administrative domain.  If multiple network
 nodes allocate the same S-BFD Discriminator value, then S-BFD Control
 packets falsely terminating on a wrong network node can result in a
 Reflector BFD session generating a response back because of a
 matching Your Discriminator value.  This is clearly not desirable.

4.2. Discriminator Pools

 This subsection describes a discriminator pool implementation
 technique to minimize S-BFD Discriminator collisions.  This technique
 will allow an implementation to better satisfy the S-BFD
 Discriminator uniqueness requirement defined in Section 4.1.
 o  An SBFDInitiator is to allocate a discriminator from the BFD
    Discriminator pool.  If the system also supports classical BFD
    (i.e., implements [RFC5880]), then the BFD Discriminator pool
    SHOULD be shared by SBFDInitiator sessions and classical BFD
    sessions.
 o  An SBFDReflector is to allocate a discriminator from the S-BFD
    Discriminator pool.  The S-BFD Discriminator pool SHOULD be a
    separate pool from the BFD Discriminator pool.
 The remainder of this subsection describes the reasons for the
 suggestions above.
 Locally allocated S-BFD Discriminator values for entities that
 SBFDReflector sessions are listening for may be arbitrarily allocated
 or derived from values provided by applications.  These values may be
 protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g.,
 IP address).  To avoid derived S-BFD Discriminator values already
 being assigned to other BFD sessions (i.e., SBFDInitiator sessions
 and classical BFD sessions), it is RECOMMENDED that the discriminator
 pool for SBFDReflector sessions be separate from other BFD sessions.

Pignataro, et al. Standards Track [Page 7] RFC 7880 Seamless BFD Base July 2016

 Even when following the "separate discriminator pool" approach, a
 collision is still possible between different S-BFD applications that
 may be using different values and algorithms to derive S-BFD
 Discriminator values.  If two applications are using S-BFD for the
 same purpose (e.g., network reachability), then the colliding S-BFD
 Discriminator value can be shared.  If the two applications are using
 S-BFD for a different purpose, then the collision must be addressed.
 The use of multiple S-BFD Discriminators by a single network node,
 however, is discouraged (see Section 3).

5. Reflector BFD Session

 Each network node creates one or more Reflector BFD sessions.  This
 Reflector BFD session is a session that transmits S-BFD Control
 packets in response to received S-BFD Control packets with the
 Your Discriminator field having S-BFD Discriminators allocated for
 local entities.  Specifically, this Reflector BFD session has the
 following characteristics:
 o  MUST NOT transmit any S-BFD packets based on local timer expiry.
 o  MUST transmit an S-BFD Control packet in response to a received
    S-BFD Control packet having a valid S-BFD Discriminator in the
    Your Discriminator field, unless prohibited by local policies
    (e.g., administrative, security, rate-limiter).
 o  MUST be capable of sending only two states: UP and AdminDown.
 One Reflector BFD session may be responsible for handling received
 S-BFD Control packets targeted to all locally allocated S-BFD
 Discriminators, or a few Reflector BFD sessions may each be
 responsible for a subset of locally allocated S-BFD Discriminators.
 This policy is a local matter and is outside the scope of this
 document.
 Note that incoming S-BFD Control packets may be based on IPv4, IPv6,
 or MPLS [RFC7881].  Note also that other options are possible and may
 be defined in future documents.  How such S-BFD Control packets reach
 an appropriate Reflector BFD session is also a local matter and is
 outside the scope of this document.

Pignataro, et al. Standards Track [Page 8] RFC 7880 Seamless BFD Base July 2016

6. State Variables

 S-BFD introduces new state variables and modifies the usage of
 existing ones.

6.1. New State Variables

 A new state variable is added to the base specification in support
 of S-BFD.
 o  bfd.SessionType: This is a new state variable that describes
    the type of a particular session.  Allowable values for S-BFD
    sessions are:
  • SBFDInitiator - an S-BFD session on a network node that

performs a continuity test to a target entity by sending S-BFD

       packets.
  • SBFDReflector - an S-BFD session on a network node that listens

for incoming S-BFD Control packets to local entities and

       generates response S-BFD Control packets.
 The bfd.SessionType variable MUST be initialized to the appropriate
 type when an S-BFD session is created.

6.2. State Variable Initialization and Maintenance

 State variables (defined in Section 6.8.1 of [RFC5880]) need to
 be initialized or manipulated differently, depending on the
 session type.
 o  bfd.DemandMode: This variable MUST be initialized to 1 for session
    type SBFDInitiator and MUST be initialized to 0 for session type
    SBFDReflector.  This is done to prevent loops (see Appendix A).

Pignataro, et al. Standards Track [Page 9] RFC 7880 Seamless BFD Base July 2016

7. S-BFD Procedures

7.1. Demultiplexing of S-BFD Control Packet

 An S-BFD packet MUST be demultiplexed with lower-layer information
 (e.g., dedicated destination UDP port [RFC7881], associated Channel
 Type [RFC7885]).  The following procedure SHOULD be executed on both
 initiator and reflector:
    If the packet is an S-BFD packet
       If the S-BFD packet is for an SBFDReflector
          The packet MUST be looked up to locate a corresponding
          SBFDReflector session based on the value from the
          Your Discriminator field in the table describing S-BFD
          Discriminators.
       Else
          The packet MUST be looked up to locate a corresponding
          SBFDInitiator session or classical BFD session based on the
          value from the Your Discriminator field in the table
          describing BFD Discriminators.  If no match, then the
          received packet MUST be discarded.
          If the session is an SBFDInitiator session
             The destination of the packet (i.e., the destination IP
             address) SHOULD be verified as being for itself.
          Else
             The packet MUST be discarded.
    Else
       The procedure described in Section 6.8.6 of [RFC5880] MUST be
       applied.
 More details on S-BFD Control packet demultiplexing are provided in
 relevant S-BFD data-plane documents.

Pignataro, et al. Standards Track [Page 10] RFC 7880 Seamless BFD Base July 2016

7.2. Responder Procedures

 A network node that receives S-BFD Control packets transmitted by an
 initiator is referred to as the responder.  The responder, upon
 reception of S-BFD Control packets, is to verify the validity of the
 packets, as described in [RFC5880].

7.2.1. Responder Demultiplexing

 An S-BFD packet MUST be demultiplexed with lower-layer information.
 The following procedure SHOULD be executed by the responder:
    If the Your Discriminator field is not one of the entries
    allocated for local entities
       The packet MUST be discarded.
    Else
       The packet is determined to be handled by a Reflector BFD
       session responsible for that S-BFD Discriminator.
       If allowable per local policy (e.g., administrative, security,
       rate-limiter)
          The chosen Reflector BFD session SHOULD transmit a response
          BFD Control packet using the procedures described in
          Section 7.2.2.

7.2.2. Transmission of S-BFD Control Packet by SBFDReflector

 The contents of S-BFD Control packets sent by an SBFDReflector MUST
 be set as per Section 6.8.7 of [RFC5880].  There are a few fields
 that need to be set differently from [RFC5880], as follows:
    State (Sta)
       Set to bfd.SessionState (either UP or AdminDown only).
       Clarification of Reflector BFD session state is described in
       Section 7.2.3.
    Demand (D)
       Set to 0, to indicate that the S-BFD packet is sent by the
       SBFDReflector.

Pignataro, et al. Standards Track [Page 11] RFC 7880 Seamless BFD Base July 2016

    Detect Mult
       Value to be copied from the Detection Multiplier field of the
       received BFD packet.
    My Discriminator
       Value to be copied from the Your Discriminator field of the
       received BFD packet.
    Your Discriminator
       Value to be copied from the My Discriminator field of the
       received BFD packet.
    Desired Min TX Interval
       Value to be copied from the Desired Min TX Interval field of
       the received BFD packet.
    Required Min RX Interval
       Set to bfd.RequiredMinRxInterval.  Value indicating the minimum
       interval, in microseconds, between received S-BFD Control
       packets.  Further details are provided in Section 7.2.3.
    Required Min Echo RX Interval
       If the device supports looping back S-BFD Echo packets
          Set to the minimum required S-BFD Echo packet receive
          interval for this session.
       Else
          Set to 0.

7.2.3. Additional SBFDReflector Behaviors

 o  S-BFD Control packets transmitted by the SBFDReflector MUST have
    Required Min RX Interval set to a value that expresses, in
    microseconds, the minimum interval between incoming S-BFD Control
    packets that this SBFDReflector can handle.  The SBFDReflector can
    control how fast SBFDInitiators will be sending S-BFD Control
    packets to themselves by ensuring that Required Min RX Interval
    indicates a value based on the current load.

Pignataro, et al. Standards Track [Page 12] RFC 7880 Seamless BFD Base July 2016

 o  When the SBFDReflector receives an S-BFD Control packet from an
    SBFDInitiator, then the SBFDReflector needs to determine what
    "state" to send in the response S-BFD Control packet.  If the
    monitored local entity is in service, then the state MUST be set
    to UP.  If the monitored local entity is "temporarily out of
    service", then the state SHOULD be set to AdminDown.
 o  If an SBFDReflector receives an S-BFD Control packet with the
    Demand (D) bit cleared, the packet MUST be discarded (see
    Appendix A).

7.3. Initiator Procedures

 S-BFD Control packets transmitted by an SBFDInitiator MUST set the
 Your Discriminator field to an S-BFD Discriminator corresponding to
 the remote entity.
 Every SBFDInitiator MUST have a locally unique My Discriminator value
 allocated from the BFD Discriminator pool.
 Figure 3 describes the high-level concept of continuity testing using
 S-BFD.  R2 allocates XX as the S-BFD Discriminator for network
 reachability purposes and advertises XX to neighbors.  Figure 3 shows
 R1 and R4 performing a continuity test to R2.
        +--- md=50/yd=XX (ping) ----+
        |                           |
        |+-- md=XX/yd=50 (pong) --+ |
        ||                        | |
        |v                        | v
        R1 ==================== R2[*] ========= R3 ========= R4
                                  | ^                        |^
                                  | |                        ||
                                  | +-- md=60/yd=XX (ping) --+|
                                  |                           |
                                  +---- md=XX/yd=60 (pong) ---+
       [*] Reflector BFD session on R2.
       === Links connecting network nodes.
       --- S-BFD Control packet traversal.
                    Figure 3: S-BFD Continuity Test

Pignataro, et al. Standards Track [Page 13] RFC 7880 Seamless BFD Base July 2016

7.3.1. SBFDInitiator State Machine

 An SBFDInitiator may be a "persistent" session on the initiator with
 a timer for S-BFD Control packet transmissions (stateful
 SBFDInitiator).  An SBFDInitiator may also be a module, a script, or
 a tool on the initiator that transmits one or more S-BFD Control
 packets "when needed" (stateless SBFDInitiator).  For stateless
 SBFDInitiators, a complete BFD state machine may not be applicable.
 For stateful SBFDInitiators, the states and the state machine
 described in [RFC5880] will not function due to the SBFDReflector
 session only sending the UP and AdminDown states (i.e., the
 SBFDReflector session does not send the INIT state).  The following
 diagram provides the RECOMMENDED state machine for stateful
 SBFDInitiators.  The notation on each arc represents the state of the
 SBFDInitiator (as received in the State field in the S-BFD Control
 packet) or indicates the expiration of the Detection Timer.  See
 Figure 4.
                     +--+
        ADMIN DOWN,  |  |
        TIMER        |  V
                   +------+   UP                +------+
                   |      |-------------------->|      |----+
                   | DOWN |                     |  UP  |    | UP
                   |      |<--------------------|      |<---+
                   +------+   ADMIN DOWN,       +------+
                              TIMER
             Figure 4: SBFDInitiator Finite State Machine
 Note that the above state machine is different from the base BFD
 specification [RFC5880].  This is because the INIT state is no longer
 applicable for the SBFDInitiator.  Another important difference is
 the transition of the state machine from the DOWN state to the UP
 state when a packet with an UP state setting is received by the
 SBFDInitiator.  The definitions of the states and events have the
 same meanings as those defined in the base BFD specification
 [RFC5880].

Pignataro, et al. Standards Track [Page 14] RFC 7880 Seamless BFD Base July 2016

7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator

 The contents of S-BFD Control packets sent by an SBFDInitiator MUST
 be set as per Section 6.8.7 of [RFC5880].  There are a few fields
 that need to be set differently from [RFC5880], as follows:
    Demand (D)
       Used to indicate that the S-BFD packet originated from the
       SBFDInitiator.  Always set to 1.
    Your Discriminator
       Set to bfd.RemoteDiscr.  bfd.RemoteDiscr is set to the
       Discriminator value of the remote entity.  It MAY be learnt
       from routing protocols or configured locally.
    Required Min RX Interval
       Set to 0.
    Required Min Echo RX Interval
       Set to 0.

7.3.3. Additional SBFDInitiator Behaviors

 o  If the SBFDInitiator receives a valid S-BFD Control packet in
    response to a transmitted S-BFD Control packet to a remote entity,
    then the SBFDInitiator SHOULD conclude that the S-BFD Control
    packet reached the intended remote entity.
 o  When an SBFDInitiator receives a response S-BFD Control packet, if
    the state specified is AdminDown, the SBFDInitiator MUST NOT
    conclude that the reachability of the corresponding remote entity
    is lost and MUST back off the packet transmission interval for the
    remote entity to an interval no faster than 1 second.
 o  When a sufficient number of S-BFD packets have not arrived as they
    should, the SBFDInitiator SHOULD declare loss of reachability to
    the remote entity.  The criteria for declaring loss of
    reachability and the action that would be triggered as a result
    are outside the scope of this document; the action MAY include
    logging an error.

Pignataro, et al. Standards Track [Page 15] RFC 7880 Seamless BFD Base July 2016

 o  Regarding the third bullet item, it is critical for an
    implementation to understand the latency to/from the Reflector BFD
    session on the responder.  In other words, for the very first
    S-BFD packet transmitted by the SBFDInitiator, an implementation
    MUST NOT expect a response S-BFD packet to be received for a time
    equivalent to the sum of the latencies: initiator to responder and
    responder back to initiator.
 o  If the SBFDInitiator receives an S-BFD Control packet with the
    Demand (D) bit set, the packet MUST be discarded (see Appendix A).

7.4. Diagnostic Values

 The diagnostic value in both directions MAY be set to a certain
 value, to attempt to communicate further information to both ends.
 Implementations MAY use the already-existing diagnostic values
 defined in Section 4.1 of [RFC5880].  However, details regarding this
 topic are outside the scope of this specification.

7.5. The Poll Sequence

 The Poll Sequence MAY be used in both directions.  The Poll Sequence
 MUST operate in accordance with [RFC5880].  An SBFDReflector MAY use
 the Poll Sequence to slow down the rate at which S-BFD Control
 packets are generated from an SBFDInitiator.  This is done by the
 SBFDReflector, using the procedures described in Section 7.2.3 and
 setting the Poll (P) bit in the reflected S-BFD Control packet.  The
 SBFDInitiator is to then send the next S-BFD Control packet with the
 Final (F) bit set.  If an SBFDReflector receives an S-BFD Control
 packet with the P bit set, then the SBFDReflector MUST respond with
 an S-BFD Control packet with the P bit cleared and the F bit set.

8. Operational Considerations

 S-BFD provides a smooth and continuous (i.e., seamless) operational
 experience as an Operations, Administration, and Maintenance (OAM)
 mechanism for connectivity checking and connection verification.
 This is achieved by providing a simplified mechanism with a large
 proportion of negotiation aspects eliminated, resulting in faster and
 simpler provisioning.
 Because of this simplified mechanism, due to a misconfiguration an
 SBFDInitiator could send S-BFD Control packets to a target that does
 not exist or that is outside the S-BFD administrative domain.  As
 explained in Section 7.3.1, an SBFDInitiator can be a persistent
 initiator or a "when needed" one.  When an S-BFD persistent
 SBFDInitiator is used, a deployment SHOULD ensure that S-BFD Control
 packets do not propagate for an extended period of time outside of

Pignataro, et al. Standards Track [Page 16] RFC 7880 Seamless BFD Base July 2016

 the administrative domain that uses it.  Further, operational
 measures SHOULD be taken to determine if responses to S-BFD packets
 are not sent for an extended period of time and then remediate the
 situation.  These potential concerns are largely mitigated by dynamic
 advertisement mechanisms for S-BFD and with automation checks before
 applying configurations.

8.1. Scaling Aspect

 This mechanism brings forth one noticeable difference in terms of the
 scaling aspect: the number of SBFDReflectors.  This specification
 eliminates the need for egress nodes to have fully active BFD
 sessions when only one side desires to perform continuity tests.
 With the introduction of the Reflector BFD concept, egress is no
 longer required to create any active BFD sessions on a per-path/LSP/
 function basis.  Because of this, the total number of BFD sessions in
 a network is reduced.

8.2. Congestion Considerations

 When S-BFD performs failure detection, it consumes resources,
 including bandwidth and CPU processing.  To avoid congestion, it is
 therefore imperative that operators correctly provision the rates at
 which S-BFD packets are transmitted.  When BFD is used across
 multiple hops, a congestion control mechanism MUST be implemented,
 and when congestion is detected, the BFD implementation MUST reduce
 the amount of traffic it generates.  The exact mechanism used to
 detect congestion is outside the scope of this specification but may
 include the detection of lost BFD Control packets or other means.
 The SBFDReflector can limit the rate at which SBFDInitiators will be
 sending S-BFD Control packets by utilizing Required Min RX Interval,
 but at the expense of detection time (i.e., detection time will
 increase).

9. Co-existence with Classical BFD Sessions

 Demultiplexing requirements for the initial packet are described in
 Section 7.1.  Because of this, the S-BFD mechanism can co-exist with
 classical BFD sessions.

Pignataro, et al. Standards Track [Page 17] RFC 7880 Seamless BFD Base July 2016

10. S-BFD Echo Function

 The concept of the S-BFD Echo function is similar to the BFD Echo
 function described in [RFC5880].  S-BFD Echo packets have the
 destination of "self"; thus, S-BFD Echo packets are self-generated
 and self-terminated after traversing a link/path.  S-BFD Echo packets
 are expected to U-turn on the target node in the data plane and
 MUST NOT be processed by any Reflector BFD sessions on the
 target node.
 When using the S-BFD Echo function, it is RECOMMENDED that:
 o  Both S-BFD Control packets and S-BFD Echo packets be sent.
 o  Both S-BFD Control packets and S-BFD Echo packets have the same
    semantics in the forward direction to reach the target node.
 In other words, it is not preferable to send just S-BFD Echo packets
 without also sending S-BFD Control packets.  There are two reasons
 behind this suggestion:
 o  S-BFD Control packets can verify the reachability of the intended
    target node; this allows one to have confidence that S-BFD Echo
    packets are U-turning on the expected target node.
 o  S-BFD Control packets can detect when the target node is going out
    of service (i.e., by receiving AdminDown state).
 S-BFD Echo packets can be spoofed and can U-turn in a transit node
 before reaching the expected target node.  When the S-BFD Echo
 function is used, it is RECOMMENDED in this specification that both
 S-BFD Control packets and S-BFD Echo packets be sent.  While the
 additional use of S-BFD Control packets alleviates these two
 concerns, some form of authentication MAY still be included.
 The usage of the Required Min Echo RX Interval field is described in
 Sections 7.2.2 and 7.3.2.  Because of the stateless nature of
 SBFDReflector sessions, a value specified in the Required Min Echo RX
 Interval field is not very meaningful to the SBFDReflector.  Thus, it
 is RECOMMENDED that the Required Min Echo RX Interval field simply be
 set to zero by the SBFDInitiator.  The SBFDReflector MAY set the
 Required Min Echo RX Interval field to an appropriate value to
 control the rate at which it wants to receive S-BFD Echo packets.

Pignataro, et al. Standards Track [Page 18] RFC 7880 Seamless BFD Base July 2016

 The following aspects of S-BFD Echo functions are left as
 implementation details and are outside the scope of this document:
 o  Format of the S-BFD Echo packet (e.g., data beyond UDP header).
 o  Procedures on when and how to use the S-BFD Echo function.

11. Security Considerations

 The same security considerations as those described in [RFC5880]
 apply to this document.  Additionally, implementing the following
 measures will strengthen security aspects of the mechanism described
 by this document:
 o  The SBFDInitiator MAY pick a sequence number to be set in
    "sequence number" in the Authentication Section, based on the
    configured authentication mode.
 o  The SBFDReflector MUST NOT use the crypto sequence number to make
    a decision about accepting the packet.  This is because the
    SBFDReflector does not maintain S-BFD peer state and because the
    SBFDReflector can receive S-BFD packets from multiple
    SBFDInitiators.  Consequently, BFD authentication can be used, but
    not the sequence number.
 o  The SBFDReflector MAY use the Auth Key ID in the incoming packet
    to verify the Authentication Data.
 o  The SBFDReflector MUST accept the packet if authentication is
    successful.
 o  The SBFDReflector MUST compute the Authentication Data and MUST
    use the same sequence number that it received in the S-BFD Control
    packet to which it is responding.
 o  The SBFDInitiator SHOULD accept an S-BFD Control packet with a
    sequence number within the permissible range.  One potential
    approach is the procedure explained in [BFD-GEN-AUTH].
 Using the above method,
 o  SBFDReflectors continue to remain stateless, despite using
    security.
 o  SBFDReflectors are not susceptible to replay attacks, as they
    always respond to S-BFD Control packets irrespective of the
    sequence number carried.

Pignataro, et al. Standards Track [Page 19] RFC 7880 Seamless BFD Base July 2016

 o  An attacker cannot impersonate the responder, since the
    SBFDInitiator will only accept S-BFD Control packets that come
    with the sequence number that it had originally used when sending
    the S-BFD Control packet.
 Additionally, the use of strong forms of authentication is strongly
 encouraged for S-BFD.  The use of Simple Password authentication
 [RFC5880] potentially puts other services at risk if S-BFD packets
 can be intercepted and those password values are reused for other
 services.
 Considerations related to loop problems are covered in Appendix A.

12. References

12.1. Normative References

 [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
            Requirement Levels", BCP 14, RFC 2119,
            DOI 10.17487/RFC2119, March 1997,
            <http://www.rfc-editor.org/info/rfc2119>.
 [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
            (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
            <http://www.rfc-editor.org/info/rfc5880>.

12.2. Informative References

 [BFD-GEN-AUTH]
            Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
            "BFD Generic Cryptographic Authentication", Work in
            Progress, draft-ietf-bfd-generic-crypto-auth-06,
            April 2014.
 [RFC791]   Postel, J., "Internet Protocol", STD 5, RFC 791,
            DOI 10.17487/RFC791, September 1981,
            <http://www.rfc-editor.org/info/rfc791>.
 [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
            (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
            December 1998, <http://www.rfc-editor.org/info/rfc2460>.
 [RFC3031]  Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
            Label Switching Architecture", RFC 3031,
            DOI 10.17487/RFC3031, January 2001,
            <http://www.rfc-editor.org/info/rfc3031>.

Pignataro, et al. Standards Track [Page 20] RFC 7880 Seamless BFD Base July 2016

 [RFC7881]  Pignataro, C., Ward, D., and N. Akiya, "Seamless
            Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6,
            and MPLS", RFC 7881, DOI 10.17487/RFC7881, July 2016,
            <http://www.rfc-editor.org/info/rfc7881>.
 [RFC7882]  Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar,
            "Seamless Bidirectional Forwarding Detection (S-BFD) Use
            Cases", RFC 7882, DOI 10.17487/RFC7882, July 2016,
            <http://www.rfc-editor.org/info/rfc7882>.
 [RFC7885]  Govindan, V. and C. Pignataro, "Seamless Bidirectional
            Forwarding Detection (S-BFD) for Virtual Circuit
            Connectivity Verification (VCCV)", RFC 7885,
            DOI 10.17487/RFC7885, July 2016,
            <http://www.rfc-editor.org/info/rfc7885>.

Pignataro, et al. Standards Track [Page 21] RFC 7880 Seamless BFD Base July 2016

Appendix A. Loop Problem and Solution

 Consider a scenario where we have two nodes and both are S-BFD
 capable.
  Node A (IP 2001:db8::1) ----------------- Node B (IP 2001:db8::2)
                                  |
                                  |
                       Man in the Middle (MITM)
 Assume that Node A reserved a discriminator 0x01010101 for target
 identifier 2001:db8::1 and has a reflector session in listening mode.
 Similarly, Node B reserved a discriminator 0x02020202 for its target
 identifier 2001:db8::2 and also has a reflector session in
 listening mode.
 Suppose that a MITM sends a spoofed packet with My Discriminator =
 0x01010101, Your Discriminator = 0x02020202, source IP as
 2001:db8::1, and destination IP as 2001:db8::2.  When this packet
 reaches Node B, the reflector session on Node B will swap the
 discriminators and IP addresses of the received packet and reflect it
 back, since the Your Discriminator value of the received packet
 matches the reserved discriminator of Node B.  The reflected packet
 that reached Node A will have My Discriminator = 0x02020202 and
 Your Discriminator = 0x01010101.  Since the Your Discriminator value
 of the received packet matches the reserved discriminator of Node A,
 Node A will swap the discriminators and reflect the packet back to
 Node B.  Since the reflectors must set the TTL of the reflected
 packets to 255, the above scenario will result in an infinite loop
 because of just one malicious packet injected from the MITM.
 The solution is to avoid the loop problem by using the D bit (Demand
 mode bit).  The initiator always sets the D bit, and the reflector
 always clears it.  This way, we can determine if a received packet
 was a reflected packet and avoid reflecting it back.

Pignataro, et al. Standards Track [Page 22] RFC 7880 Seamless BFD Base July 2016

Acknowledgements

 The authors would like to thank Jeffrey Haas, Greg Mirsky, Marc
 Binderberger, and Alvaro Retana for performing thorough reviews and
 providing a number of suggestions.  The authors would also like to
 thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha
 Neelamegam, and Vengada Prasad Govindan from Cisco Systems for
 providing valuable comments.  Finally, the authors would also like to
 thank John E. Drake and Pablo Frank for providing comments and
 suggestions.

Contributors

 The following are key contributors to this document:
    Tarek Saad, Cisco Systems, Inc.
    Siva Sivabalan, Cisco Systems, Inc.
    Nagendra Kumar, Cisco Systems, Inc.
    Mallik Mudigonda, Cisco Systems, Inc.
    Sam Aldrin, Google

Pignataro, et al. Standards Track [Page 23] RFC 7880 Seamless BFD Base July 2016

Authors' Addresses

 Carlos Pignataro
 Cisco Systems, Inc.
 Email: cpignata@cisco.com
 Dave Ward
 Cisco Systems, Inc.
 Email: wardd@cisco.com
 Nobo Akiya
 Big Switch Networks
 Email: nobo.akiya.dev@gmail.com
 Manav Bhatia
 Ionos Networks
 Email: manav@ionosnetworks.com
 Santosh Pallagatti
 Email: santosh.pallagatti@gmail.com

Pignataro, et al. Standards Track [Page 24]

/data/webs/external/dokuwiki/data/pages/rfc/rfc7880.txt · Last modified: 2016/07/13 00:41 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki