1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
|
Internet Engineering Task Force (IETF) C. Pignataro
Request for Comments: 7880 D. Ward
Updates: 5880 Cisco
Category: Standards Track N. Akiya
ISSN: 2070-1721 Big Switch Networks
M. Bhatia
Ionos Networks
S. Pallagatti
July 2016
Seamless Bidirectional Forwarding Detection (S-BFD)
Abstract
This document defines Seamless Bidirectional Forwarding Detection
(S-BFD), a simplified mechanism for using BFD with a large proportion
of negotiation aspects eliminated, thus providing benefits such as
quick provisioning, as well as improved control and flexibility for
network nodes initiating path monitoring.
This document updates RFC 5880.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7880.
Pignataro, et al. Standards Track [Page 1]
^L
RFC 7880 Seamless BFD Base July 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Pignataro, et al. Standards Track [Page 2]
^L
RFC 7880 Seamless BFD Base July 2016
Table of Contents
1. Introduction ....................................................4
2. Terminology .....................................................4
3. Seamless BFD Overview ...........................................6
4. S-BFD Discriminators ............................................7
4.1. S-BFD Discriminator Uniqueness .............................7
4.2. Discriminator Pools ........................................7
5. Reflector BFD Session ...........................................8
6. State Variables .................................................9
6.1. New State Variables ........................................9
6.2. State Variable Initialization and Maintenance ..............9
7. S-BFD Procedures ...............................................10
7.1. Demultiplexing of S-BFD Control Packet ....................10
7.2. Responder Procedures ......................................11
7.2.1. Responder Demultiplexing ...........................11
7.2.2. Transmission of S-BFD Control Packet by
SBFDReflector ......................................11
7.2.3. Additional SBFDReflector Behaviors .................12
7.3. Initiator Procedures ......................................13
7.3.1. SBFDInitiator State Machine ........................14
7.3.2. Transmission of S-BFD Control Packet by
SBFDInitiator ......................................15
7.3.3. Additional SBFDInitiator Behaviors .................15
7.4. Diagnostic Values .........................................16
7.5. The Poll Sequence .........................................16
8. Operational Considerations .....................................16
8.1. Scaling Aspect ............................................17
8.2. Congestion Considerations .................................17
9. Co-existence with Classical BFD Sessions .......................17
10. S-BFD Echo Function ...........................................18
11. Security Considerations .......................................19
12. References ....................................................20
12.1. Normative References .....................................20
12.2. Informative References ...................................20
Appendix A. Loop Problem and Solution .............................22
Acknowledgements ..................................................23
Contributors ......................................................23
Authors' Addresses ................................................24
Pignataro, et al. Standards Track [Page 3]
^L
RFC 7880 Seamless BFD Base July 2016
1. Introduction
Bidirectional Forwarding Detection (BFD), as described in [RFC5880]
and related documents, has efficiently generalized the failure
detection mechanism for multiple protocols and applications. There
are some improvements that can be made to better fit existing
technologies. There is a possibility of evolving BFD to better fit
new technologies. This document focuses on several aspects of BFD in
order to further improve efficiency, expand failure detection
coverage, and allow BFD usage for wider scenarios. Additional use
cases are listed in [RFC7882].
Specifically, this document defines Seamless Bidirectional Forwarding
Detection (S-BFD), a simplified mechanism for using BFD with a large
proportion of negotiation aspects eliminated, thus providing benefits
such as quick provisioning, as well as improved control and
flexibility for network nodes initiating path monitoring. S-BFD
enables cases benefiting from the use of core BFD technologies in a
fashion that leverages existing implementations and protocol
machinery while providing a rather simplified and largely stateless
infrastructure for continuity testing.
One key aspect of the mechanism described in this document eliminates
the time between a network node wanting to perform a continuity test
and completing the continuity test. In traditional BFD terms, the
initial state changes from DOWN to UP are virtually nonexistent.
Removal of this "seam" (i.e., time delay) in BFD provides a smooth
and continuous operational experience for applications. Therefore,
"Seamless BFD" (S-BFD) has been chosen as the name for this
mechanism.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
The reader is expected to be familiar with the BFD [RFC5880], IP
[RFC791] [RFC2460], and MPLS [RFC3031] terms and protocol constructs.
The remainder of this section describes several new terms introduced
by S-BFD.
o Classical BFD - BFD session types based on [RFC5880].
o S-BFD - Seamless BFD.
o S-BFD Control packet - a BFD Control packet for the S-BFD
mechanism.
Pignataro, et al. Standards Track [Page 4]
^L
RFC 7880 Seamless BFD Base July 2016
o S-BFD Echo packet - a BFD Echo packet for the S-BFD mechanism.
o S-BFD packet - a BFD Control packet or a BFD Echo packet.
o Entity - a function on a network node to which the S-BFD mechanism
allows remote network nodes to perform continuity tests. An
entity can be abstract (e.g., reachability) or specific (e.g., IP
addresses, Router-IDs, functions).
o SBFDInitiator - an S-BFD session on a network node that performs a
continuity test to a remote entity by sending S-BFD packets.
o SBFDReflector - an S-BFD session on a network node that listens
for incoming S-BFD Control packets to local entities and generates
response S-BFD Control packets.
o Reflector BFD session - synonymous with SBFDReflector.
o S-BFD Discriminator - a BFD Discriminator allocated for a local
entity. An SBFDReflector listens for S-BFD Discriminators.
o BFD Discriminator - a BFD Discriminator allocated for an
SBFDInitiator.
o Initiator - a network node hosting an SBFDInitiator.
o Responder - a network node hosting an SBFDReflector.
Figure 1 describes the relationship between S-BFD terms.
+---------------------+ +------------------------+
| Initiator | | Responder |
| +-----------------+ | | +-----------------+ |
| | SBFDInitiator |---S-BFD Ctrl pkt----->| SBFDReflector | |
| | +-------------+ |<--S-BFD Ctrl pkt------| +-------------+ | |
| | | BFD Discrim | | | | | |S-BFD Discrim| | |
| | | | |---S-BFD Echo pkt---+ | | | | |
| | +-------------+ | | | | | +----------^--+ | |
| +-----------------+<-------------------+ +------------|----+ |
| | | | |
| | | +---v----+ |
| | | | Entity | |
| | | +--------+ |
+---------------------+ +------------------------+
Figure 1: S-BFD Terminology Relationship
Pignataro, et al. Standards Track [Page 5]
^L
RFC 7880 Seamless BFD Base July 2016
3. Seamless BFD Overview
An S-BFD module on each network node allocates one or more S-BFD
Discriminators for local entities and creates a Reflector BFD
session. Allocated S-BFD Discriminators may be advertised by
applications (e.g., OSPF/IS-IS). The required result is that
applications on other network nodes will know about the S-BFD
Discriminators allocated by a remote node to remote entities. The
Reflector BFD session, upon receiving an S-BFD Control packet
targeted to one of the local S-BFD Discriminator values, is to
transmit a response S-BFD Control packet back to the initiator.
Once the above setup is complete, any network node that knows about
the S-BFD Discriminator allocated by a remote node to a remote entity
or entities can quickly perform a continuity test to the remote
entity by simply sending S-BFD Control packets with a corresponding
S-BFD Discriminator value in the Your Discriminator field.
This is exemplified in Figure 2.
<------- IS-IS Network ------->
+---------+
| |
A---------B---------C---------D
^ ^
| |
System-ID System-ID
xxx yyy
BFD Discrim BFD Discrim
123 456
Figure 2: S-BFD for IS-IS Network
An S-BFD module in a system with IS-IS System-ID xxx (Node A)
allocates an S-BFD Discriminator 123, and IS-IS advertises the S-BFD
Discriminator 123 in an IS-IS TLV. An S-BFD module in a system with
IS-IS System-ID yyy (Node D) allocates an S-BFD Discriminator 456,
and IS-IS advertises the S-BFD Discriminator 456 in an IS-IS TLV. A
Reflector BFD session is created on both network nodes (Node A and
Node D). When Node A wants to check the reachability of Node D,
Node A can send an S-BFD Control packet destined to Node D with the
Your Discriminator field set to 456. When the Reflector BFD session
on Node D receives this S-BFD Control packet, then a response S-BFD
Control packet is sent back to Node A, which allows Node A to
complete the continuity test.
Pignataro, et al. Standards Track [Page 6]
^L
RFC 7880 Seamless BFD Base July 2016
When a node allocates multiple S-BFD Discriminators, how remote nodes
determine which of the discriminators is associated with a specific
entity is currently unspecified. The use of multiple S-BFD
Discriminators by a single network node is therefore discouraged
until a means of learning the mapping is defined.
4. S-BFD Discriminators
4.1. S-BFD Discriminator Uniqueness
One important characteristic of an S-BFD Discriminator is that it
MUST be unique within an administrative domain. If multiple network
nodes allocate the same S-BFD Discriminator value, then S-BFD Control
packets falsely terminating on a wrong network node can result in a
Reflector BFD session generating a response back because of a
matching Your Discriminator value. This is clearly not desirable.
4.2. Discriminator Pools
This subsection describes a discriminator pool implementation
technique to minimize S-BFD Discriminator collisions. This technique
will allow an implementation to better satisfy the S-BFD
Discriminator uniqueness requirement defined in Section 4.1.
o An SBFDInitiator is to allocate a discriminator from the BFD
Discriminator pool. If the system also supports classical BFD
(i.e., implements [RFC5880]), then the BFD Discriminator pool
SHOULD be shared by SBFDInitiator sessions and classical BFD
sessions.
o An SBFDReflector is to allocate a discriminator from the S-BFD
Discriminator pool. The S-BFD Discriminator pool SHOULD be a
separate pool from the BFD Discriminator pool.
The remainder of this subsection describes the reasons for the
suggestions above.
Locally allocated S-BFD Discriminator values for entities that
SBFDReflector sessions are listening for may be arbitrarily allocated
or derived from values provided by applications. These values may be
protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g.,
IP address). To avoid derived S-BFD Discriminator values already
being assigned to other BFD sessions (i.e., SBFDInitiator sessions
and classical BFD sessions), it is RECOMMENDED that the discriminator
pool for SBFDReflector sessions be separate from other BFD sessions.
Pignataro, et al. Standards Track [Page 7]
^L
RFC 7880 Seamless BFD Base July 2016
Even when following the "separate discriminator pool" approach, a
collision is still possible between different S-BFD applications that
may be using different values and algorithms to derive S-BFD
Discriminator values. If two applications are using S-BFD for the
same purpose (e.g., network reachability), then the colliding S-BFD
Discriminator value can be shared. If the two applications are using
S-BFD for a different purpose, then the collision must be addressed.
The use of multiple S-BFD Discriminators by a single network node,
however, is discouraged (see Section 3).
5. Reflector BFD Session
Each network node creates one or more Reflector BFD sessions. This
Reflector BFD session is a session that transmits S-BFD Control
packets in response to received S-BFD Control packets with the
Your Discriminator field having S-BFD Discriminators allocated for
local entities. Specifically, this Reflector BFD session has the
following characteristics:
o MUST NOT transmit any S-BFD packets based on local timer expiry.
o MUST transmit an S-BFD Control packet in response to a received
S-BFD Control packet having a valid S-BFD Discriminator in the
Your Discriminator field, unless prohibited by local policies
(e.g., administrative, security, rate-limiter).
o MUST be capable of sending only two states: UP and AdminDown.
One Reflector BFD session may be responsible for handling received
S-BFD Control packets targeted to all locally allocated S-BFD
Discriminators, or a few Reflector BFD sessions may each be
responsible for a subset of locally allocated S-BFD Discriminators.
This policy is a local matter and is outside the scope of this
document.
Note that incoming S-BFD Control packets may be based on IPv4, IPv6,
or MPLS [RFC7881]. Note also that other options are possible and may
be defined in future documents. How such S-BFD Control packets reach
an appropriate Reflector BFD session is also a local matter and is
outside the scope of this document.
Pignataro, et al. Standards Track [Page 8]
^L
RFC 7880 Seamless BFD Base July 2016
6. State Variables
S-BFD introduces new state variables and modifies the usage of
existing ones.
6.1. New State Variables
A new state variable is added to the base specification in support
of S-BFD.
o bfd.SessionType: This is a new state variable that describes
the type of a particular session. Allowable values for S-BFD
sessions are:
* SBFDInitiator - an S-BFD session on a network node that
performs a continuity test to a target entity by sending S-BFD
packets.
* SBFDReflector - an S-BFD session on a network node that listens
for incoming S-BFD Control packets to local entities and
generates response S-BFD Control packets.
The bfd.SessionType variable MUST be initialized to the appropriate
type when an S-BFD session is created.
6.2. State Variable Initialization and Maintenance
State variables (defined in Section 6.8.1 of [RFC5880]) need to
be initialized or manipulated differently, depending on the
session type.
o bfd.DemandMode: This variable MUST be initialized to 1 for session
type SBFDInitiator and MUST be initialized to 0 for session type
SBFDReflector. This is done to prevent loops (see Appendix A).
Pignataro, et al. Standards Track [Page 9]
^L
RFC 7880 Seamless BFD Base July 2016
7. S-BFD Procedures
7.1. Demultiplexing of S-BFD Control Packet
An S-BFD packet MUST be demultiplexed with lower-layer information
(e.g., dedicated destination UDP port [RFC7881], associated Channel
Type [RFC7885]). The following procedure SHOULD be executed on both
initiator and reflector:
If the packet is an S-BFD packet
If the S-BFD packet is for an SBFDReflector
The packet MUST be looked up to locate a corresponding
SBFDReflector session based on the value from the
Your Discriminator field in the table describing S-BFD
Discriminators.
Else
The packet MUST be looked up to locate a corresponding
SBFDInitiator session or classical BFD session based on the
value from the Your Discriminator field in the table
describing BFD Discriminators. If no match, then the
received packet MUST be discarded.
If the session is an SBFDInitiator session
The destination of the packet (i.e., the destination IP
address) SHOULD be verified as being for itself.
Else
The packet MUST be discarded.
Else
The procedure described in Section 6.8.6 of [RFC5880] MUST be
applied.
More details on S-BFD Control packet demultiplexing are provided in
relevant S-BFD data-plane documents.
Pignataro, et al. Standards Track [Page 10]
^L
RFC 7880 Seamless BFD Base July 2016
7.2. Responder Procedures
A network node that receives S-BFD Control packets transmitted by an
initiator is referred to as the responder. The responder, upon
reception of S-BFD Control packets, is to verify the validity of the
packets, as described in [RFC5880].
7.2.1. Responder Demultiplexing
An S-BFD packet MUST be demultiplexed with lower-layer information.
The following procedure SHOULD be executed by the responder:
If the Your Discriminator field is not one of the entries
allocated for local entities
The packet MUST be discarded.
Else
The packet is determined to be handled by a Reflector BFD
session responsible for that S-BFD Discriminator.
If allowable per local policy (e.g., administrative, security,
rate-limiter)
The chosen Reflector BFD session SHOULD transmit a response
BFD Control packet using the procedures described in
Section 7.2.2.
7.2.2. Transmission of S-BFD Control Packet by SBFDReflector
The contents of S-BFD Control packets sent by an SBFDReflector MUST
be set as per Section 6.8.7 of [RFC5880]. There are a few fields
that need to be set differently from [RFC5880], as follows:
State (Sta)
Set to bfd.SessionState (either UP or AdminDown only).
Clarification of Reflector BFD session state is described in
Section 7.2.3.
Demand (D)
Set to 0, to indicate that the S-BFD packet is sent by the
SBFDReflector.
Pignataro, et al. Standards Track [Page 11]
^L
RFC 7880 Seamless BFD Base July 2016
Detect Mult
Value to be copied from the Detection Multiplier field of the
received BFD packet.
My Discriminator
Value to be copied from the Your Discriminator field of the
received BFD packet.
Your Discriminator
Value to be copied from the My Discriminator field of the
received BFD packet.
Desired Min TX Interval
Value to be copied from the Desired Min TX Interval field of
the received BFD packet.
Required Min RX Interval
Set to bfd.RequiredMinRxInterval. Value indicating the minimum
interval, in microseconds, between received S-BFD Control
packets. Further details are provided in Section 7.2.3.
Required Min Echo RX Interval
If the device supports looping back S-BFD Echo packets
Set to the minimum required S-BFD Echo packet receive
interval for this session.
Else
Set to 0.
7.2.3. Additional SBFDReflector Behaviors
o S-BFD Control packets transmitted by the SBFDReflector MUST have
Required Min RX Interval set to a value that expresses, in
microseconds, the minimum interval between incoming S-BFD Control
packets that this SBFDReflector can handle. The SBFDReflector can
control how fast SBFDInitiators will be sending S-BFD Control
packets to themselves by ensuring that Required Min RX Interval
indicates a value based on the current load.
Pignataro, et al. Standards Track [Page 12]
^L
RFC 7880 Seamless BFD Base July 2016
o When the SBFDReflector receives an S-BFD Control packet from an
SBFDInitiator, then the SBFDReflector needs to determine what
"state" to send in the response S-BFD Control packet. If the
monitored local entity is in service, then the state MUST be set
to UP. If the monitored local entity is "temporarily out of
service", then the state SHOULD be set to AdminDown.
o If an SBFDReflector receives an S-BFD Control packet with the
Demand (D) bit cleared, the packet MUST be discarded (see
Appendix A).
7.3. Initiator Procedures
S-BFD Control packets transmitted by an SBFDInitiator MUST set the
Your Discriminator field to an S-BFD Discriminator corresponding to
the remote entity.
Every SBFDInitiator MUST have a locally unique My Discriminator value
allocated from the BFD Discriminator pool.
Figure 3 describes the high-level concept of continuity testing using
S-BFD. R2 allocates XX as the S-BFD Discriminator for network
reachability purposes and advertises XX to neighbors. Figure 3 shows
R1 and R4 performing a continuity test to R2.
+--- md=50/yd=XX (ping) ----+
| |
|+-- md=XX/yd=50 (pong) --+ |
|| | |
|v | v
R1 ==================== R2[*] ========= R3 ========= R4
| ^ |^
| | ||
| +-- md=60/yd=XX (ping) --+|
| |
+---- md=XX/yd=60 (pong) ---+
[*] Reflector BFD session on R2.
=== Links connecting network nodes.
--- S-BFD Control packet traversal.
Figure 3: S-BFD Continuity Test
Pignataro, et al. Standards Track [Page 13]
^L
RFC 7880 Seamless BFD Base July 2016
7.3.1. SBFDInitiator State Machine
An SBFDInitiator may be a "persistent" session on the initiator with
a timer for S-BFD Control packet transmissions (stateful
SBFDInitiator). An SBFDInitiator may also be a module, a script, or
a tool on the initiator that transmits one or more S-BFD Control
packets "when needed" (stateless SBFDInitiator). For stateless
SBFDInitiators, a complete BFD state machine may not be applicable.
For stateful SBFDInitiators, the states and the state machine
described in [RFC5880] will not function due to the SBFDReflector
session only sending the UP and AdminDown states (i.e., the
SBFDReflector session does not send the INIT state). The following
diagram provides the RECOMMENDED state machine for stateful
SBFDInitiators. The notation on each arc represents the state of the
SBFDInitiator (as received in the State field in the S-BFD Control
packet) or indicates the expiration of the Detection Timer. See
Figure 4.
+--+
ADMIN DOWN, | |
TIMER | V
+------+ UP +------+
| |-------------------->| |----+
| DOWN | | UP | | UP
| |<--------------------| |<---+
+------+ ADMIN DOWN, +------+
TIMER
Figure 4: SBFDInitiator Finite State Machine
Note that the above state machine is different from the base BFD
specification [RFC5880]. This is because the INIT state is no longer
applicable for the SBFDInitiator. Another important difference is
the transition of the state machine from the DOWN state to the UP
state when a packet with an UP state setting is received by the
SBFDInitiator. The definitions of the states and events have the
same meanings as those defined in the base BFD specification
[RFC5880].
Pignataro, et al. Standards Track [Page 14]
^L
RFC 7880 Seamless BFD Base July 2016
7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator
The contents of S-BFD Control packets sent by an SBFDInitiator MUST
be set as per Section 6.8.7 of [RFC5880]. There are a few fields
that need to be set differently from [RFC5880], as follows:
Demand (D)
Used to indicate that the S-BFD packet originated from the
SBFDInitiator. Always set to 1.
Your Discriminator
Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to the
Discriminator value of the remote entity. It MAY be learnt
from routing protocols or configured locally.
Required Min RX Interval
Set to 0.
Required Min Echo RX Interval
Set to 0.
7.3.3. Additional SBFDInitiator Behaviors
o If the SBFDInitiator receives a valid S-BFD Control packet in
response to a transmitted S-BFD Control packet to a remote entity,
then the SBFDInitiator SHOULD conclude that the S-BFD Control
packet reached the intended remote entity.
o When an SBFDInitiator receives a response S-BFD Control packet, if
the state specified is AdminDown, the SBFDInitiator MUST NOT
conclude that the reachability of the corresponding remote entity
is lost and MUST back off the packet transmission interval for the
remote entity to an interval no faster than 1 second.
o When a sufficient number of S-BFD packets have not arrived as they
should, the SBFDInitiator SHOULD declare loss of reachability to
the remote entity. The criteria for declaring loss of
reachability and the action that would be triggered as a result
are outside the scope of this document; the action MAY include
logging an error.
Pignataro, et al. Standards Track [Page 15]
^L
RFC 7880 Seamless BFD Base July 2016
o Regarding the third bullet item, it is critical for an
implementation to understand the latency to/from the Reflector BFD
session on the responder. In other words, for the very first
S-BFD packet transmitted by the SBFDInitiator, an implementation
MUST NOT expect a response S-BFD packet to be received for a time
equivalent to the sum of the latencies: initiator to responder and
responder back to initiator.
o If the SBFDInitiator receives an S-BFD Control packet with the
Demand (D) bit set, the packet MUST be discarded (see Appendix A).
7.4. Diagnostic Values
The diagnostic value in both directions MAY be set to a certain
value, to attempt to communicate further information to both ends.
Implementations MAY use the already-existing diagnostic values
defined in Section 4.1 of [RFC5880]. However, details regarding this
topic are outside the scope of this specification.
7.5. The Poll Sequence
The Poll Sequence MAY be used in both directions. The Poll Sequence
MUST operate in accordance with [RFC5880]. An SBFDReflector MAY use
the Poll Sequence to slow down the rate at which S-BFD Control
packets are generated from an SBFDInitiator. This is done by the
SBFDReflector, using the procedures described in Section 7.2.3 and
setting the Poll (P) bit in the reflected S-BFD Control packet. The
SBFDInitiator is to then send the next S-BFD Control packet with the
Final (F) bit set. If an SBFDReflector receives an S-BFD Control
packet with the P bit set, then the SBFDReflector MUST respond with
an S-BFD Control packet with the P bit cleared and the F bit set.
8. Operational Considerations
S-BFD provides a smooth and continuous (i.e., seamless) operational
experience as an Operations, Administration, and Maintenance (OAM)
mechanism for connectivity checking and connection verification.
This is achieved by providing a simplified mechanism with a large
proportion of negotiation aspects eliminated, resulting in faster and
simpler provisioning.
Because of this simplified mechanism, due to a misconfiguration an
SBFDInitiator could send S-BFD Control packets to a target that does
not exist or that is outside the S-BFD administrative domain. As
explained in Section 7.3.1, an SBFDInitiator can be a persistent
initiator or a "when needed" one. When an S-BFD persistent
SBFDInitiator is used, a deployment SHOULD ensure that S-BFD Control
packets do not propagate for an extended period of time outside of
Pignataro, et al. Standards Track [Page 16]
^L
RFC 7880 Seamless BFD Base July 2016
the administrative domain that uses it. Further, operational
measures SHOULD be taken to determine if responses to S-BFD packets
are not sent for an extended period of time and then remediate the
situation. These potential concerns are largely mitigated by dynamic
advertisement mechanisms for S-BFD and with automation checks before
applying configurations.
8.1. Scaling Aspect
This mechanism brings forth one noticeable difference in terms of the
scaling aspect: the number of SBFDReflectors. This specification
eliminates the need for egress nodes to have fully active BFD
sessions when only one side desires to perform continuity tests.
With the introduction of the Reflector BFD concept, egress is no
longer required to create any active BFD sessions on a per-path/LSP/
function basis. Because of this, the total number of BFD sessions in
a network is reduced.
8.2. Congestion Considerations
When S-BFD performs failure detection, it consumes resources,
including bandwidth and CPU processing. To avoid congestion, it is
therefore imperative that operators correctly provision the rates at
which S-BFD packets are transmitted. When BFD is used across
multiple hops, a congestion control mechanism MUST be implemented,
and when congestion is detected, the BFD implementation MUST reduce
the amount of traffic it generates. The exact mechanism used to
detect congestion is outside the scope of this specification but may
include the detection of lost BFD Control packets or other means.
The SBFDReflector can limit the rate at which SBFDInitiators will be
sending S-BFD Control packets by utilizing Required Min RX Interval,
but at the expense of detection time (i.e., detection time will
increase).
9. Co-existence with Classical BFD Sessions
Demultiplexing requirements for the initial packet are described in
Section 7.1. Because of this, the S-BFD mechanism can co-exist with
classical BFD sessions.
Pignataro, et al. Standards Track [Page 17]
^L
RFC 7880 Seamless BFD Base July 2016
10. S-BFD Echo Function
The concept of the S-BFD Echo function is similar to the BFD Echo
function described in [RFC5880]. S-BFD Echo packets have the
destination of "self"; thus, S-BFD Echo packets are self-generated
and self-terminated after traversing a link/path. S-BFD Echo packets
are expected to U-turn on the target node in the data plane and
MUST NOT be processed by any Reflector BFD sessions on the
target node.
When using the S-BFD Echo function, it is RECOMMENDED that:
o Both S-BFD Control packets and S-BFD Echo packets be sent.
o Both S-BFD Control packets and S-BFD Echo packets have the same
semantics in the forward direction to reach the target node.
In other words, it is not preferable to send just S-BFD Echo packets
without also sending S-BFD Control packets. There are two reasons
behind this suggestion:
o S-BFD Control packets can verify the reachability of the intended
target node; this allows one to have confidence that S-BFD Echo
packets are U-turning on the expected target node.
o S-BFD Control packets can detect when the target node is going out
of service (i.e., by receiving AdminDown state).
S-BFD Echo packets can be spoofed and can U-turn in a transit node
before reaching the expected target node. When the S-BFD Echo
function is used, it is RECOMMENDED in this specification that both
S-BFD Control packets and S-BFD Echo packets be sent. While the
additional use of S-BFD Control packets alleviates these two
concerns, some form of authentication MAY still be included.
The usage of the Required Min Echo RX Interval field is described in
Sections 7.2.2 and 7.3.2. Because of the stateless nature of
SBFDReflector sessions, a value specified in the Required Min Echo RX
Interval field is not very meaningful to the SBFDReflector. Thus, it
is RECOMMENDED that the Required Min Echo RX Interval field simply be
set to zero by the SBFDInitiator. The SBFDReflector MAY set the
Required Min Echo RX Interval field to an appropriate value to
control the rate at which it wants to receive S-BFD Echo packets.
Pignataro, et al. Standards Track [Page 18]
^L
RFC 7880 Seamless BFD Base July 2016
The following aspects of S-BFD Echo functions are left as
implementation details and are outside the scope of this document:
o Format of the S-BFD Echo packet (e.g., data beyond UDP header).
o Procedures on when and how to use the S-BFD Echo function.
11. Security Considerations
The same security considerations as those described in [RFC5880]
apply to this document. Additionally, implementing the following
measures will strengthen security aspects of the mechanism described
by this document:
o The SBFDInitiator MAY pick a sequence number to be set in
"sequence number" in the Authentication Section, based on the
configured authentication mode.
o The SBFDReflector MUST NOT use the crypto sequence number to make
a decision about accepting the packet. This is because the
SBFDReflector does not maintain S-BFD peer state and because the
SBFDReflector can receive S-BFD packets from multiple
SBFDInitiators. Consequently, BFD authentication can be used, but
not the sequence number.
o The SBFDReflector MAY use the Auth Key ID in the incoming packet
to verify the Authentication Data.
o The SBFDReflector MUST accept the packet if authentication is
successful.
o The SBFDReflector MUST compute the Authentication Data and MUST
use the same sequence number that it received in the S-BFD Control
packet to which it is responding.
o The SBFDInitiator SHOULD accept an S-BFD Control packet with a
sequence number within the permissible range. One potential
approach is the procedure explained in [BFD-GEN-AUTH].
Using the above method,
o SBFDReflectors continue to remain stateless, despite using
security.
o SBFDReflectors are not susceptible to replay attacks, as they
always respond to S-BFD Control packets irrespective of the
sequence number carried.
Pignataro, et al. Standards Track [Page 19]
^L
RFC 7880 Seamless BFD Base July 2016
o An attacker cannot impersonate the responder, since the
SBFDInitiator will only accept S-BFD Control packets that come
with the sequence number that it had originally used when sending
the S-BFD Control packet.
Additionally, the use of strong forms of authentication is strongly
encouraged for S-BFD. The use of Simple Password authentication
[RFC5880] potentially puts other services at risk if S-BFD packets
can be intercepted and those password values are reused for other
services.
Considerations related to loop problems are covered in Appendix A.
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<http://www.rfc-editor.org/info/rfc5880>.
12.2. Informative References
[BFD-GEN-AUTH]
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
"BFD Generic Cryptographic Authentication", Work in
Progress, draft-ietf-bfd-generic-crypto-auth-06,
April 2014.
[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC791, September 1981,
<http://www.rfc-editor.org/info/rfc791>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031,
DOI 10.17487/RFC3031, January 2001,
<http://www.rfc-editor.org/info/rfc3031>.
Pignataro, et al. Standards Track [Page 20]
^L
RFC 7880 Seamless BFD Base July 2016
[RFC7881] Pignataro, C., Ward, D., and N. Akiya, "Seamless
Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6,
and MPLS", RFC 7881, DOI 10.17487/RFC7881, July 2016,
<http://www.rfc-editor.org/info/rfc7881>.
[RFC7882] Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar,
"Seamless Bidirectional Forwarding Detection (S-BFD) Use
Cases", RFC 7882, DOI 10.17487/RFC7882, July 2016,
<http://www.rfc-editor.org/info/rfc7882>.
[RFC7885] Govindan, V. and C. Pignataro, "Seamless Bidirectional
Forwarding Detection (S-BFD) for Virtual Circuit
Connectivity Verification (VCCV)", RFC 7885,
DOI 10.17487/RFC7885, July 2016,
<http://www.rfc-editor.org/info/rfc7885>.
Pignataro, et al. Standards Track [Page 21]
^L
RFC 7880 Seamless BFD Base July 2016
Appendix A. Loop Problem and Solution
Consider a scenario where we have two nodes and both are S-BFD
capable.
Node A (IP 2001:db8::1) ----------------- Node B (IP 2001:db8::2)
|
|
Man in the Middle (MITM)
Assume that Node A reserved a discriminator 0x01010101 for target
identifier 2001:db8::1 and has a reflector session in listening mode.
Similarly, Node B reserved a discriminator 0x02020202 for its target
identifier 2001:db8::2 and also has a reflector session in
listening mode.
Suppose that a MITM sends a spoofed packet with My Discriminator =
0x01010101, Your Discriminator = 0x02020202, source IP as
2001:db8::1, and destination IP as 2001:db8::2. When this packet
reaches Node B, the reflector session on Node B will swap the
discriminators and IP addresses of the received packet and reflect it
back, since the Your Discriminator value of the received packet
matches the reserved discriminator of Node B. The reflected packet
that reached Node A will have My Discriminator = 0x02020202 and
Your Discriminator = 0x01010101. Since the Your Discriminator value
of the received packet matches the reserved discriminator of Node A,
Node A will swap the discriminators and reflect the packet back to
Node B. Since the reflectors must set the TTL of the reflected
packets to 255, the above scenario will result in an infinite loop
because of just one malicious packet injected from the MITM.
The solution is to avoid the loop problem by using the D bit (Demand
mode bit). The initiator always sets the D bit, and the reflector
always clears it. This way, we can determine if a received packet
was a reflected packet and avoid reflecting it back.
Pignataro, et al. Standards Track [Page 22]
^L
RFC 7880 Seamless BFD Base July 2016
Acknowledgements
The authors would like to thank Jeffrey Haas, Greg Mirsky, Marc
Binderberger, and Alvaro Retana for performing thorough reviews and
providing a number of suggestions. The authors would also like to
thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha
Neelamegam, and Vengada Prasad Govindan from Cisco Systems for
providing valuable comments. Finally, the authors would also like to
thank John E. Drake and Pablo Frank for providing comments and
suggestions.
Contributors
The following are key contributors to this document:
Tarek Saad, Cisco Systems, Inc.
Siva Sivabalan, Cisco Systems, Inc.
Nagendra Kumar, Cisco Systems, Inc.
Mallik Mudigonda, Cisco Systems, Inc.
Sam Aldrin, Google
Pignataro, et al. Standards Track [Page 23]
^L
RFC 7880 Seamless BFD Base July 2016
Authors' Addresses
Carlos Pignataro
Cisco Systems, Inc.
Email: cpignata@cisco.com
Dave Ward
Cisco Systems, Inc.
Email: wardd@cisco.com
Nobo Akiya
Big Switch Networks
Email: nobo.akiya.dev@gmail.com
Manav Bhatia
Ionos Networks
Email: manav@ionosnetworks.com
Santosh Pallagatti
Email: santosh.pallagatti@gmail.com
Pignataro, et al. Standards Track [Page 24]
^L
|
