summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc9612.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc9612.txt')
-rw-r--r--doc/rfc/rfc9612.txt470
1 files changed, 470 insertions, 0 deletions
diff --git a/doc/rfc/rfc9612.txt b/doc/rfc/rfc9612.txt
new file mode 100644
index 0000000..9378c8d
--- /dev/null
+++ b/doc/rfc/rfc9612.txt
@@ -0,0 +1,470 @@
+
+
+
+
+Internet Engineering Task Force (IETF) G. Mirsky
+Request for Comments: 9612 Ericsson
+Category: Experimental J. Tantsura
+ISSN: 2070-1721 NVIDIA
+ I. Varlashkin
+ Google
+ M. Chen
+ Huawei
+ July 2024
+
+
+ Bidirectional Forwarding Detection (BFD) Reverse Path for MPLS Label
+ Switched Paths (LSPs)
+
+Abstract
+
+ Bidirectional Forwarding Detection (BFD) is expected to be able to
+ monitor a wide variety of encapsulations of paths between systems.
+ When a BFD session monitors an explicitly routed unidirectional path,
+ there may be a need to direct the egress BFD peer to use a specific
+ path for the reverse direction of the BFD session. This document
+ describes an extension to the MPLS Label Switched Path (LSP) echo
+ request that allows a BFD system to request that the remote BFD peer
+ transmit BFD control packets over the specified LSP.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for examination, experimental implementation, and
+ evaluation.
+
+ This document defines an Experimental Protocol for the Internet
+ community. This document is a product of the Internet Engineering
+ Task Force (IETF). It represents the consensus of the IETF
+ community. It has received public review and has been approved for
+ publication by the Internet Engineering Steering Group (IESG). Not
+ all documents approved by the IESG are candidates for any level of
+ Internet Standard; see Section 2 of RFC 7841.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ https://www.rfc-editor.org/info/rfc9612.
+
+Copyright Notice
+
+ Copyright (c) 2024 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Revised BSD License text as described in Section 4.e of the
+ Trust Legal Provisions and are provided without warranty as described
+ in the Revised BSD License.
+
+Table of Contents
+
+ 1. Introduction
+ 1.1. Conventions Used in This document
+ 1.1.1. Terminology
+ 1.1.2. Requirements Language
+ 2. Problem Statement
+ 3. Control of the BFD Reverse Path
+ 3.1. BFD Reverse Path TLV
+ 3.2. Return Codes
+ 3.3. Failure Characterization
+ 4. Use Case Scenario
+ 5. Operational Considerations
+ 6. IANA Considerations
+ 6.1. BFD Reverse Path TLV
+ 6.2. Return Codes
+ 7. Security Considerations
+ 8. Normative References
+ Acknowledgments
+ Authors' Addresses
+
+1. Introduction
+
+ [RFC5880], [RFC5881], and [RFC5883] established the Bidirectional
+ Forwarding Detection (BFD) protocol for IP networks. [RFC5884] and
+ [RFC7726] set rules for using BFD Asynchronous mode over MPLS Label
+ Switched Paths (LSPs), while not defining means to control the path
+ that an egress BFD system uses to send BFD control packets towards
+ the ingress BFD system.
+
+ When BFD is used to detect defects of the traffic-engineered LSP, the
+ path of the BFD control packets transmitted by the egress BFD system
+ toward the ingress may be disjoint from the monitored LSP in the
+ forward direction. The fact that BFD control packets are not
+ guaranteed to follow the same links and nodes in both forward and
+ reverse directions may be one of the factors contributing to false
+ positive defect notifications (i.e., false alarms) at the ingress BFD
+ peer. Ensuring that both directions of the BFD session use co-routed
+ paths may, in some environments, improve the determinism of the
+ failure detection and localization.
+
+ This document defines the BFD Reverse Path TLV as an extension to LSP
+ ping [RFC8029] and proposes that it be used to instruct the egress
+ BFD system to use an explicit path for its BFD control packets
+ associated with a particular BFD session. IANA has registered this
+ TLV in the "TLVs" registry defined by [RFC8029] (see Section 6.1).
+ As a special case, forward and reverse directions of the BFD session
+ can form a bidirectional co-routed associated channel.
+
+ The LSP ping extension described in this document was developed and
+ implemented as a result of an operational experiment. The lessons
+ learned from the operational experiment enabled the use of this
+ extension between systems conforming to this specification. Further
+ implementation is encouraged to better understand the operational
+ impact of the mechanism described in the document.
+
+1.1. Conventions Used in This document
+
+1.1.1. Terminology
+
+ BFD: Bidirectional Forwarding Detection
+
+ FEC: Forwarding Equivalence Class
+
+ LSP: Label Switched Path
+
+ LSR: Label Switching Router
+
+1.1.2. Requirements Language
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
+ "OPTIONAL" in this document are to be interpreted as described in
+ BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
+ capitals, as shown here.
+
+2. Problem Statement
+
+ When BFD is used to monitor an explicitly routed unidirectional path
+ (e.g., MPLS-TE LSP), BFD control packets in the forward direction
+ would be in-band using the mechanism defined in [RFC5884]. However,
+ the reverse direction of the BFD session would follow the shortest
+ path route, which could be completely or partially disjoint from the
+ forward path. This creates the potential for the failure of a
+ disjoint resource on the reverse path to trigger a BFD failure
+ detection, even though the forward path is unaffected.
+
+ If the reverse path is congruent with the forward path, the potential
+ for such false positives is greatly reduced. For this purpose, this
+ specification provides a means for the egress BFD peer to be
+ instructed to use a specific path for BFD control packets.
+
+3. Control of the BFD Reverse Path
+
+ To bootstrap a BFD session over an MPLS LSP, LSP ping [RFC8029] MUST
+ be used with the BFD Discriminator TLV [RFC5884]. This document
+ defines a new TLV, the BFD Reverse Path TLV, that can be used to
+ carry information about the reverse path for the BFD session that is
+ specified by the value in the BFD Discriminator TLV. The BFD Reverse
+ Path TLV MAY contain zero or more sub-TLVs.
+
+3.1. BFD Reverse Path TLV
+
+ The BFD Reverse Path TLV is an optional TLV within the LSP ping
+ [RFC8029]. However, if used, the BFD Discriminator TLV MUST be
+ included in an echo request message as well. If the BFD
+ Discriminator TLV is not present when the BFD Reverse Path TLV is
+ included, then it MUST be treated as a malformed echo request, as
+ described in [RFC8029].
+
+ The BFD Reverse Path TLV carries information about the path onto
+ which the egress BFD peer of the BFD session referenced by the BFD
+ Discriminator TLV MUST transmit BFD control packets. The format of
+ the BFD Reverse Path TLV is presented in Figure 1.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | BFD Reverse Path TLV Type | Length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Reverse Path |
+ ~ ~
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Figure 1: BFD Reverse Path TLV
+
+ BFD Reverse Path TLV Type:
+ This two-octet field has a value of 16384 (see Section 6).
+
+ Length:
+ This two-octet field defines the length in octets of the Reverse
+ Path field.
+
+ Reverse Path:
+ This field contains zero or more sub-TLVs. Only non-multicast
+ Target FEC Stack sub-TLVs (already defined or to be defined in the
+ future) for TLV Types 1, 16, and 21 in the "Multiprotocol Label
+ Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters"
+ registry are permitted to be used in this field. Other sub-TLVs
+ MUST NOT be used. (This implies that multicast Target FEC Stack
+ sub-TLVs, e.g., the Multicast P2MP LDP FEC Stack sub-TLV and the
+ Multicast MP2MP LDP FEC Stack sub-TLV, are not permitted in the
+ Reverse Path field.)
+
+ If the egress LSR finds a multicast Target FEC Stack sub-TLV, it MUST
+ send an echo reply with the received BFD Reverse Path TLV and BFD
+ Discriminator TLV and set the Return Code to 192 ("Inappropriate
+ Target FEC Stack sub-TLV present") (see Section 3.2). The BFD
+ Reverse Path TLV includes zero or more sub-TLVs. However, the number
+ of sub-TLVs in the Reverse Path field MUST be limited. The default
+ limit is 128 sub-TLV entries, but an implementation MAY be able to
+ control that limit. An empty BFD Reverse Path TLV (i.e., a BFD
+ Reverse Path TLV with no sub-TLVs) is used to withdraw any previously
+ set reverse path for the BFD session identified in the BFD
+ Discriminator TLV. If no sub-TLVs are found in the BFD Reverse Path
+ TLV, the egress BFD peer MUST revert to using the decision based on
+ local policy, i.e., routing over an IP network, as described in
+ Section 7 of [RFC5884].
+
+ If the egress peer LSR cannot find the path specified in the BFD
+ Reverse Path TLV, it MUST send an echo reply with the received BFD
+ Discriminator TLV and BFD Reverse Path TLV and set the Return Code to
+ 193 ("Failed to establish the BFD session. The specified reverse
+ path was not found.") (see Section 3.2). If an implementation
+ provides additional configuration options, these can control actions
+ at the egress BFD peer, including when the path specified in the BFD
+ Reverse Path TLV cannot be found. For example, if the egress peer
+ LSR cannot find the path specified in the BFD Reverse Path TLV, it
+ MAY establish the BFD session over an IP network, as defined in
+ [RFC5884]. Note that the Return Code required by the "MUST" clause
+ in this paragraph does not preclude the session from being
+ established over a different path as discussed in the "MAY" clause.
+
+ The BFD Reverse Path TLV MAY be used in the process of bootstrapping
+ the BFD session as described in Section 6 of [RFC5884]. A system
+ that supports this specification MUST support using the BFD Reverse
+ Path TLV after the BFD session has been established. If a system
+ that supports this specification receives an LSP ping with the BFD
+ Discriminator TLV and no BFD Reverse Path TLV even though the reverse
+ path for the specified BFD session was established according to the
+ previously received BFD Reverse Path TLV, the egress BFD peer MUST
+ transition to transmitting periodic BFD Control messages as described
+ in Section 7 of [RFC5884]. If a BFD system that received an LSP ping
+ with the BFD Reverse Path TLV does not support this specification, it
+ will result in an echo response with the Return Code set to 2 ("One
+ or more of the TLVs was not understood"), as described in Section 3
+ of [RFC8029].
+
+3.2. Return Codes
+
+ This document defines the following Return Codes for the MPLS LSP
+ echo reply:
+
+ "Inappropriate Target FEC Stack sub-TLV present" (192):
+ When a multicast Target FEC Stack sub-TLV is found in the received
+ echo request, the egress BFD peer sends an echo reply with the
+ Return Code set to 192 ("Inappropriate Target FEC Stack sub-TLV
+ present") to the ingress BFD peer, as described in Section 3.1.
+
+ "Failed to establish the BFD session. The specified reverse path
+ was not found." (193):
+ When a specified reverse path is unavailable, the egress BFD peer
+ sends an echo reply with the Return Code set to 193 ("Failed to
+ establish the BFD session. The specified reverse path was not
+ found.") to the ingress BFD peer, as described in Section 3.1.
+
+3.3. Failure Characterization
+
+ A failure detected by a BFD session that uses the BFD Reverse Path
+ TLV could be due to a change in the FEC used in the BFD Reverse Path
+ TLV. Upon detection of the network failure, the ingress BFD peer
+ MUST transmit the LSP ping echo request with the Reply Path TLV
+ [RFC7110] to verify whether the FEC is still valid. If the failure
+ was caused by a change in the FEC used for the reverse direction of
+ the BFD session, the ingress BFD peer MUST redirect the reverse path
+ of the BFD session using another FEC in the BFD Reverse Path TLV and
+ notify an operator.
+
+4. Use Case Scenario
+
+ In the network presented in Figure 2, ingress LSR peer A monitors two
+ tunnels to egress LSR peer H: A-B-C-D-G-H and A-B-E-F-G-H. To
+ bootstrap a BFD session to monitor the first tunnel, ingress LSR peer
+ A includes a BFD Discriminator TLV with a Discriminator value (e.g.,
+ foobar-1) [RFC7726]. Ingress LSR peer A includes a BFD Reverse Path
+ TLV referencing the H-G-D-C-B-A tunnel to control the path from the
+ egress LSR. To bootstrap a BFD session to monitor the second tunnel,
+ ingress LSR peer A includes a BFD Discriminator TLV with a different
+ Discriminator value (e.g., foobar-2) and a BFD Reverse Path TLV that
+ references the H-G-F-E-B-A tunnel.
+
+ C---------D
+ | |
+ A-------B G-----H
+ | |
+ E---------F
+
+ Figure 2: Use Case for BFD Reverse Path TLV
+
+ If an operator needs egress LSR peer H to monitor a path to ingress
+ LSR peer A, e.g., the H-G-D-C-B-A tunnel, then by looking up the list
+ of known reverse paths, it MAY find and use the existing BFD session.
+
+5. Operational Considerations
+
+ When an explicit path is set as either Static or RSVP-TE LSP,
+ corresponding sub-TLVs (defined in [RFC7110]) MAY be used to identify
+ the explicit reverse path for the BFD session. If a particular set
+ of sub-TLVs composes the Reply Path TLV [RFC7110] and does not
+ increase the length of the Maximum Transmission Unit for the given
+ LSP, that set can be safely used in the BFD Reverse Path TLV. If any
+ of the sub-TLVs defined in [RFC7110] are used in the BFD Reverse Path
+ TLV, then the periodic verification of the control plane against the
+ data plane, as recommended in Section 4 of [RFC5884], MUST use the
+ Reply Path TLV, as per [RFC7110], with that sub-TLV. By using the
+ LSP ping with the Reply Path TLV, an operator monitors whether the
+ reverse LSP is mapped to the same FEC as the BFD session at the
+ egress BFD node. Selection and control of the rate of the LSP ping
+ with the Reply Path TLV follows the recommendation in [RFC5884]:
+
+ | The rate of generation of these LSP Ping Echo request messages
+ | SHOULD be significantly less than the rate of generation of the
+ | BFD Control packets. An implementation MAY provide configuration
+ | options to control the rate of generation of the periodic LSP Ping
+ | Echo request messages.
+
+ Suppose an operator planned a network maintenance activity that
+ possibly affects the FEC used in the BFD Reverse Path TLV. In that
+ case, the operator can avoid unnecessary disruption by using the LSP
+ ping with a new FEC in the BFD Reverse Path TLV. But in some
+ scenarios, proactive measures cannot be taken because the frequency
+ of LSP ping messages is lower than the defect detection time provided
+ by the BFD session. As a result, a change in the reverse-path FEC
+ will first be detected as the BFD session's failure. An operator
+ will be notified as described in Section 3.3.
+
+6. IANA Considerations
+
+6.1. BFD Reverse Path TLV
+
+ IANA has assigned the following value for the BFD Reverse Path TLV
+ from the 16384-31739 range in the "TLVs" subregistry within the
+ "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs)
+ Ping Parameters" registry.
+
+ +=======+=========+===========+====================================+
+ | Type | TLV | Reference | Sub-TLV Registry |
+ | | Name | | |
+ +=======+=========+===========+====================================+
+ | 16384 | BFD | RFC 9612 | Only non-multicast sub-TLVs |
+ | | Reverse | | (already defined or to be defined |
+ | | Path | | in the future) in the "Sub-TLVs |
+ | | | | for TLV Types 1, 16, and 21" |
+ | | | | registry at |
+ | | | | <https://www.iana.org/assignments/ |
+ | | | | mpls-lsp-ping-parameters/mpls-lsp- |
+ | | | | ping-parameters.xml#sub-tlv- |
+ | | | | 1-16-21> are permitted to be used |
+ | | | | in this field. Other sub-TLVs |
+ | | | | MUST NOT be used. |
+ +-------+---------+-----------+------------------------------------+
+
+ Table 1: New BFD Reverse Path TLV
+
+6.2. Return Codes
+
+ IANA has assigned the following Return Code values from the 192-247
+ range in the "Return Codes" subregistry within the "Multiprotocol
+ Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters"
+ registry.
+
+ +=======+===========================================+===========+
+ | Value | Meaning | Reference |
+ +=======+===========================================+===========+
+ | 192 | Inappropriate Target FEC Stack sub-TLV | RFC 9612 |
+ | | present | |
+ +-------+-------------------------------------------+-----------+
+ | 193 | Failed to establish the BFD session. The | RFC 9612 |
+ | | specified reverse path was not found. | |
+ +-------+-------------------------------------------+-----------+
+
+ Table 2: New Return Codes
+
+7. Security Considerations
+
+ Security considerations discussed in [RFC5880], [RFC5884], [RFC7726],
+ [RFC8029], and [RFC7110] apply to this document.
+
+ The BFD Reverse Path TLV may be exploited as an attack vector by
+ inflating the number of included sub-TLVs. The number of sub-TLVs
+ MUST be limited to mitigate that threat. The default limit for the
+ number of sub-TLVs is set to 128 (see Section 3.1). An
+ implementation MAY use a mechanism to control that limit.
+
+8. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
+ (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
+ <https://www.rfc-editor.org/info/rfc5880>.
+
+ [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
+ (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881,
+ DOI 10.17487/RFC5881, June 2010,
+ <https://www.rfc-editor.org/info/rfc5881>.
+
+ [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
+ (BFD) for Multihop Paths", RFC 5883, DOI 10.17487/RFC5883,
+ June 2010, <https://www.rfc-editor.org/info/rfc5883>.
+
+ [RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
+ "Bidirectional Forwarding Detection (BFD) for MPLS Label
+ Switched Paths (LSPs)", RFC 5884, DOI 10.17487/RFC5884,
+ June 2010, <https://www.rfc-editor.org/info/rfc5884>.
+
+ [RFC7110] Chen, M., Cao, W., Ning, S., Jounay, F., and S. Delord,
+ "Return Path Specified Label Switched Path (LSP) Ping",
+ RFC 7110, DOI 10.17487/RFC7110, January 2014,
+ <https://www.rfc-editor.org/info/rfc7110>.
+
+ [RFC7726] Govindan, V., Rajaraman, K., Mirsky, G., Akiya, N., and S.
+ Aldrin, "Clarifying Procedures for Establishing BFD
+ Sessions for MPLS Label Switched Paths (LSPs)", RFC 7726,
+ DOI 10.17487/RFC7726, January 2016,
+ <https://www.rfc-editor.org/info/rfc7726>.
+
+ [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N.,
+ Aldrin, S., and M. Chen, "Detecting Multiprotocol Label
+ Switched (MPLS) Data-Plane Failures", RFC 8029,
+ DOI 10.17487/RFC8029, March 2017,
+ <https://www.rfc-editor.org/info/rfc8029>.
+
+ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
+ 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
+ May 2017, <https://www.rfc-editor.org/info/rfc8174>.
+
+Acknowledgments
+
+ The authors greatly appreciate the thorough reviews and helpful
+ comments from Eric Gray and Carlos Pignataro. The authors much
+ appreciate the help of Qian Xin, who provided information about the
+ implementation of this specification.
+
+Authors' Addresses
+
+ Greg Mirsky
+ Ericsson
+ Email: gregimirsky@gmail.com
+
+
+ Jeff Tantsura
+ NVIDIA
+ Email: jefftant.ietf@gmail.com
+
+
+ Ilya Varlashkin
+ Google
+ Email: imv@google.com
+
+
+ Mach(Guoyi) Chen
+ Huawei
+ Email: mach.chen@huawei.com