Internet Engineering Task Force N. Akiya
Internet-Draft Big Switch Networks
Updates: 5880 (if approved) C. Pignataro
Intended status: Standards Track D. Ward
Expires: August 12, 2016 Cisco Systems
M. Bhatia
Ionos Networks
S. Pallagatti
February 9, 2016

Seamless Bidirectional Forwarding Detection (S-BFD)
draft-ietf-bfd-seamless-base-06

Abstract

This document defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring.

This document updates RFC5880.

Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on August 12, 2016.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Bidirectional Forwarding Detection (BFD), [RFC5880] and related documents, has efficiently generalized the failure detection mechanism for multiple protocols and applications. There are some improvements which can be made to better fit existing technologies. There is a possibility of evolving BFD to better fit new technologies. This document focuses on several aspects of BFD in order to further improve efficiency, to expand failure detection coverage and to allow BFD usage for wider scenarios.

Specifically, this document defines Seamless Bidirectional Forwarding Detection (S-BFD) a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring. S-BFD enables cases benefiting from the use of core BFD technologies in a fashion that leverages existing implementations and protocol machinery while providing a rather simplified and largely stateless infrastructure for continuity testing.

One key aspect of the mechanism described in this document eliminates the time between a network node wanting to perform a continuity test and completing the continuity test. In traditional BFD terms, the initial state changes from DOWN to UP are virtually nonexistent. Removal of this seam (i.e., time delay) in BFD provides applications a smooth and continuous operational experience. Therefore, "Seamless BFD" (S-BFD) has been chosen as the name for this mechanism.

2. Terminology

The reader is expected to be familiar with the BFD [RFC5880], IP [RFC0791] [RFC2460] and MPLS [RFC3031] terminologies and protocol constructs. This section describes several new terminologies introduced by S-BFD.

Below figure describes the relationship between S-BFD terminologies.

 +---------------------+                +------------------------+
 |      Initiator      |                |         Responder      |
 | +-----------------+ |                |    +-----------------+ |
 | |  SBFDInitiator  |---S-BFD ctrl pkt----->|  SBFDReflector  | |
 | | +-------------+ |<--S-BFD ctrl pkt------| +-------------+ | |
 | | | BFD discrim | | |                |    | |S-BFD discrim| | |
 | | |             | |---S-BFD echo pkt---+  | |             | | |
 | | +-------------+ | |                | |  | +----------^--+ | |
 | +-----------------+<-------------------+  +------------|----+ |
 |                     |                |                 |      |
 |                     |                |             +---v----+ |
 |                     |                |             | Entity | |
 |                     |                |             +--------+ |
 +---------------------+                +------------------------+

          Figure 1: S-BFD Terminology Relationship

3. Seamless BFD Overview

An S-BFD module on each network node allocates one or more S-BFD discriminators for local entities, and creates a reflector BFD session. Allocated S-BFD discriminators may be advertised by applications (e.g., OSPF/IS-IS). Required result is that applications, on other network nodes, possess the knowledge of the S-BFD discriminators allocated by a remote node to remote entities. The reflector BFD session is to, upon receiving an S-BFD control packet targeted to one of local S-BFD discriminator values, transmit a response S-BFD control packet back to the initiator.

Once above setup is complete, any network node, having the knowledge of the S-BFD discriminator allocated toby a remote node to remote entity/entities, it can quickly perform a continuity test to the remote entity by simply sending S-BFD control packets with corresponding S-BFD discriminator value in the "your discriminator" field.

For example:

   <------- IS-IS Network ------->

             +---------+
             |         |
   A---------B---------C---------D
   ^                             ^
   |                             |
SystemID                      SystemID
  xxx                           yyy
BFD Discrim                   BFD Discrim
  123                           456

          Figure 2: S-BFD for IS-IS Network

The use of multiple S-BFD discriminators by a single network node is outside the scope of this document.

4. S-BFD Discriminators

4.1. S-BFD Discriminator Uniqueness

One important characteristics of an S-BFD discriminator is that it MUST be unique within an administrative domain. If multiple network nodes allocated a same S-BFD discriminator value, then S-BFD control packets falsely terminating on a wrong network node can result in a reflector BFD session to generate a response back, due to "your discriminator" matching. This is clearly not desirable.

4.2. Discriminator Pools

This subsection describes a discriminator pool implementation technique to minimize S-BFD discriminator collisions. The result will allow an implementation to better satisfy the S-BFD discriminator uniqueness requirement defined in Section 4.1.

Remainder of this subsection describes the reasons for above suggestions.

Locally allocated S-BFD discriminator values for entities, listened by SBFDReflector sessions, may be arbitrary allocated or derived from values provided by applications. These values may be protocol IDs (e.g., System-ID, Router-ID) or network targets (e.g., IP address). To avoid derived S-BFD discriminator values already being assigned to other BFD sessions (i.e., SBFDInitiator sessions and classical BFD sessions), it is RECOMMENDED that discriminator pool for SBFDReflector sessions be separate from other BFD sessions.

Even when following the separate discriminator pool approach, collision is still possible between one S-BFD application to another S-BFD application, that may be using different values and algorithms to derive S-BFD discriminator values. If the two applications are using S-BFD for a same purpose (e.g., network reachability), then the colliding S-BFD discriminator value can be shared. If the two applications are using S-BFD for a different purpose, then the collision must be addressed. How such collisions are addressed is outside the scope of this document.

5. Reflector BFD Session

Each network node creates one or more reflector BFD sessions. This reflector BFD session is a session which transmits S-BFD control packets in response to received S-BFD control packets with "your discriminator" having S-BFD discriminators allocated for local entities. Specifically, this reflector BFD session is to have following characteristics:

One reflector BFD session may be responsible for handling received S-BFD control packets targeted to all locally allocated S-BFD discriminators, or few reflector BFD sessions may each be responsible for subset of locally allocated S-BFD discriminators. This policy is a local matter, and is outside the scope of this document.

Note that incoming S-BFD control packets may be IPv4, IPv6 or MPLS based. How such S-BFD control packets reach an appropriate reflector BFD session is also a local matter, and is outside the scope of this document.

6. State Variables

S-BFD introduces new state variables, and modifies the usage of existing ones.

6.1. New State Variables

A new state variable is added to the base specification in support of S-BFD.

bfd.SessionType variable MUST be initialized to the appropriate type when an S-BFD session is created.

6.2. State Variable Initialization and Maintenance

A state variable defined in Section 6.8.1 of [RFC5880] need to be initialized or manipulated differently depending on the session type.

7. S-BFD Procedures

7.1. Demultiplexing of S-BFD Control Packet

S-BFD packet MUST be demultiplexed with lower layer information (e.g., dedicated destination UDP port, associated channel type). Following procedure SHOULD be executed on both initiator and reflector.

More details on S-BFD control packet demultiplexing are described in relevant S-BFD data plane documents.

7.2. Responder Procedures

A network node which receives S-BFD control packets transmitted by an initiator is referred as responder. The responder, upon reception of S-BFD control packets, is to perform necessary relevant validations described in [RFC5880].

7.2.1. Responder Demultiplexing

S-BFD packet MUST be demultiplexed with lower layer information (e.g., dedicated destination UDP port, associated channel type). Following procedure SHOULD be executed by responder:

7.2.2. Transmission of S-BFD Control Packet by SBFDReflector

Contents of S-BFD control packets sent by an SBFDReflector MUST be set as per Section 6.8.7 of [RFC5880]. There are few fields which needs to be set differently from [RFC5880] as follows:

7.2.3. Additional SBFDReflector Behaviors

7.3. Initiator Procedures

S-BFD control packets transmitted by an SBFDInitiator MUST set "your discriminator" field to an S-BFD discriminator corresponding to the remote entity.

Every SBFDInitiator MUST have a locally unique "my discriminator" allocated from the BFD discriminator pool.

Below Figure 3 art describes high level concept of continuity test using S-BFD. R2 allocates XX as the S-BFD discriminator for its network reachability purpose, and advertises XX to neighbors. ASCII art shows R1 and R4 performing a continuity test to R2.

 +--- md=50/yd=XX (ping) ----+
 |                           |
 |+-- md=XX/yd=50 (pong) --+ |
 ||                        | |
 |v                        | v
 R1 ==================== R2[*] ========= R3 ========= R4
                           | ^                        |^
                           | |                        ||
                           | +-- md=60/yd=XX (ping) --+|
                           |                           |
                           +---- md=XX/yd=60 (pong) ---+

[*] Reflector BFD session on R2.
=== Links connecting network nodes.
--- S-BFD control packet traversal.

          Figure 3: S-BFD Continuity Test

7.3.1. SBFDInitiator State Machine

An SBFDInitiator may be a persistent session on the initiator with a timer for S-BFD control packet transmissions (stateful SBFDInitiator). An SBFDInitiator may also be a module, a script or a tool on the initiator that transmits one or more S-BFD control packets "when needed" (stateless SBFDInitiator). For stateless SBFDInitiators, a complete BFD state machine may not be applicable. For stateful SBFDInitiators, the states and the state machine described in [RFC5880] will not function due to SBFDReflector session only sending UP and ADMINDOWN states (i.e., SBFDReflector session does not send INIT state). The following diagram provides the RECOMMENDED state machine for stateful SBFDInitiators. The notation on each arc represents the state of the SBFDInitiator (as received in the State field in the S-BFD control packet) or indicates the expiration of the Detection Timer.

                    +--+
       ADMIN DOWN,  |  |
       TIMER        |  V
                  +------+   UP                +------+
                  |      |-------------------->|      |----+
                  | DOWN |                     |  UP  |    | UP
                  |      |<--------------------|      |<---+
                  +------+   ADMIN DOWN,       +------+
                             TIMER

          Figure 4: SBFDInitiator FSM

7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator

Contents of S-BFD control packets sent by an SBFDInitiator MUST be set as per Section 6.8.7 of [RFC5880]. There are few fields which needs to be set differently from [RFC5880] as follows:

7.3.3. Additional SBFDInitiator Behaviors

7.4. Diagnostic Values

Diagnostic value in both directions MAY be set to a certain value, to attempt to communicate further information to both ends. Implementation MAY use already existing diagnostic values defined in Section 4.1 of [RFC5880]. However, details of such are outside the scope of this specification.

7.5. The Poll Sequence

Poll sequence MAY be used in both directions. The Poll sequence MUST operate in accordance with [RFC5880]. An SBFDReflector MAY use the Poll sequence to slow down that rate at which S-BFD control packets are generated from an SBFDInitiator. This is done by the SBFDReflector using procedures described in Section 7.2.3 and setting the Poll (P) bit in the reflected S-BFD control packet. The SBFDInitiator is to then send the next S-BFD control packet with the Final (F) bit set. If an SBFDReflector receives an S-BFD control packet with Poll (P) bit set, then the SBFDReflector MUST respond with an S-BFD control packet with Poll (P) bit cleared and Final (F) bit set.

8. Scaling Aspect

This mechanism brings forth one noticeable difference in terms of scaling aspect: number of SBFDReflector. This specification eliminates the need for egress nodes to have fully active BFD sessions when only one side desires to perform continuity tests. With introduction of reflector BFD concept, egress no longer is required to create any active BFD session per path/LSP/function basis. Due to this, total number of BFD sessions in a network is reduced.

9. Co-existence with Classical BFD Sessions

Initial packet demultiplexing requirement is described in Section 7.1. Because of this, S-BFD mechanism can co-exist with classical BFD sessions.

10. S-BFD Echo Function

The concept of the S-BFD Echo function is similar to the BFD Echo function described in [RFC5880]. S-BFD echo packets have the destination of self, thus S-BFD echo packets are self-generated and self-terminated after traversing a link/path. S-BFD echo packets are expected to u-turn on the target node in the data plane and MUST NOT be processed by any reflector BFD sessions on the target node.

When using the S-BFD Echo function, it is RECOMMENDED that: Section 7.3.2 and Section 7.2.2. Because of the stateless nature of SBFDReflector sessions, a value specified the "Required Min Echo RX Interval" field is not very meaningful at SBFDReflector. Thus it is RECOMMENDED that the "Required Min Echo RX Interval" field simply be set to zero from SBFDInitiator. SBFDReflector MAY set to appropriate value to control the rate at which it wants to receives SBFD echo packets.

In other words, it is not preferable to send just S-BFD echo packets without also sending S-BFD control packets. There are two reasons behind this suggestion:

The usage of the "Required Min Echo RX Interval" field is described in

Following aspects of S-BFD Echo functions are left as implementation details, and are outside the scope of this document:

11. Security Considerations

Same security considerations as [RFC5880] apply to this document. Additionally, implementing the following measures will strengthen security aspects of the mechanism described by this document:

Using the above method,

Considerations about loop problems are covered in Appendix A.

12. IANA Considerations

No action is required by IANA for this document.

13. Acknowledgements

Authors would like to thank Jeffrey Haas, Greg Mirsky, Marc Binderberger, and Alvaro Retana for performing thorough reviews and providing number of suggestions. Authors would like to thank Girija Raghavendra Rao, Les Ginsberg, Srihari Raghavan, Vanitha Neelamegam and Vengada Prasad Govindan from Cisco Systems for providing valuable comments. Authors would also like to thank John E. Drake and Pablo Frank for providing comments and suggestions.

14. Contributing Authors

Tarek Saad
Cisco Systems
Email: tsaad@cisco.com

Siva Sivabalan
Cisco Systems
Email: msiva@cisco.com

Nagendra Kumar
Cisco Systems
Email: naikumar@cisco.com

Mallik Mudigonda
Cisco Systems
Email: mmudigon@cisco.com

Sam Aldrin
Google
Email: aldrin.ietf@gmail.com

15. References

15.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010.

15.2. Informative References

[I-D.ietf-bfd-generic-crypto-auth] Bhatia, M., Manral, V., Zhang, D. and M. Jethanandani, "BFD Generic Cryptographic Authentication", Internet-Draft draft-ietf-bfd-generic-crypto-auth-06, April 2014.
[I-D.ietf-bfd-multipoint] Katz, D., Ward, D. and J. Networks, "BFD for Multipoint Networks", Internet-Draft draft-ietf-bfd-multipoint-07, August 2015.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998.
[RFC3031] Rosen, E., Viswanathan, A. and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, DOI 10.17487/RFC3031, January 2001.

Appendix A. Loop Problem

Consider a scenario where we have two nodes and both are S-BFD capable.

   Node A (IP 192.0.2.1) ----------------- Node B (IP 192.0.2.2)
                                 |
                                 |
                      Man in the Middle (MiM)

Assume node A reserved a discriminator 0x01010101 for target identifier 192.0.2.1 and has a reflector session in listening mode. Similarly node B reserved a discriminator 0x02020202 for its target identifier 192.0.2.2 and also has a reflector session in listening mode.

Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc = 0x02020202, source IP as 192.0.2.1 and dest IP as 192.0.2.2. When this packet reaches Node B, the reflector session on Node B will swap the discriminators and IP addresses of the received packet and reflect it back, since YourDisc of the received packet matched with reserved discriminator of Node B. The reflected packet that reached Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet back to Node B. Since reflectors must set the TTL of the reflected packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM.

FYI: Packet fields do not carry any direction information, i.e., if this is Ping packet or reply packet.

Solutions

The current proposals to avoid the loop problem are:

Authors' Addresses

Nobo Akiya Big Switch Networks EMail: nobo.akiya.dev@gmail.com
Carlos Pignataro Cisco Systems EMail: cpignata@cisco.com
Dave Ward Cisco Systems EMail: wardd@cisco.com
Manav Bhatia Ionos Networks EMail: manav@ionosnetworks.com
Santosh Pallagatti EMail: santosh.pallagatti@gmail.com