Internet Engineering Task Force N. Akiya
Internet-Draft C. Pignataro
Intended status: Standards Track D. Ward
Expires: January 05, 2014 Cisco Systems
July 04, 2013
Seamless Bidirectional Forwarding Detection (S-BFD) Alert Discriminator
and BFD Path Tracing
draft-akiya-bfd-seamless-alert-discrim-00
Abstract
This specification defines a concept of alert discriminator which
operates over Seamless Bidirectional Forwarding Detection (S-BFD).
New diagnostic codes, solely to be used together with alert
discriminators, are also defined in this specification.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 05, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Akiya, et al. Expires January 05, 2014 [Page 1]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Alert Discriminator . . . . . . . . . . . . . . . . . . . . . 3
4. Reflector BFD Session . . . . . . . . . . . . . . . . . . . . 4
5. Alert Discriminator Diagnostic Code . . . . . . . . . . . . . 4
6. BFD Path Trace: Alert Discriminator Diagnostic Code 31 . . . 5
6.1. Initiator Procedures . . . . . . . . . . . . . . . . . . 5
6.1.1. Transmission S-BFD Control Packets . . . . . . . . . 5
6.1.2. Reception of S-BFD Control Packets . . . . . . . . . 6
6.2. Responder Procedures . . . . . . . . . . . . . . . . . . 6
6.2.1. Reception of S-BFD Control Packets . . . . . . . . . 6
6.2.2. Transmission of S-BFD Control Packets . . . . . . . . 7
6.3. Possible Use Cases . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 8
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
11.1. Normative References . . . . . . . . . . . . . . . . . . 8
11.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
[RFC5880] defines the use of Bidirectional Forwarding Detection (BFD)
protocol as a fast failure detection mechanism between nodes which
are adjacent to each other or multiple hops away. [RFC5881] defines
single hop BFD. Specifications such as [RFC5883] and [RFC5884]
define multihop BFD.
When multihop BFD, IP based or MPLS based, declares a failure,
responsibility of identifying the problematic point in the paths is
often left to operators. ICMP echo request/reply (IP ping) [RFC0792]
and LSP echo request/reply (LSP ping) [RFC4379] allow for tracing of
hops to a specific target, and these are often used, manually or
automatically, to attempt to isolate faults. However, when it comes
to identifying the problematic point that caused BFD failure, there
are couple of issues.
Akiya, et al. Expires January 05, 2014 [Page 2]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
o Usage of non-BFD packets can result in them being load balanced
differently along the paths, causing those packets to traverse
different paths than BFD packets to the target.
o BFD is designed with simplicity and low-overhead as goals. Thus
implementations often provide more preferable scale/performance
capacities over IP/LSP ping, allowing for increased probability to
identify short-lived transient issues.
Above points produced the desire to use BFD to trace hops to a
specific target.
This specification defines a generic concept of alert discriminator
which operates over Seamless Bidirectional Forwarding Detection
(S-BFD) [I-D.akiya-bfd-seamless-base]. New diagnostic codes, solely
to be used together with alert discriminators, are also defined in
this specification. Finally, BFD path tracing is described as one of
the use cases of defined mechanism.
It is worth noting that this specification does not reserve specific
BFD discriminator value as the alert discriminator, but only defines
the concept of alert discriminators.
2. Overview
A group of network nodes reserves a same BFD discriminator value as
the alert discriminator. Alert discriminator operates as a BFD
target identifier of alert type (3). A reflector BFD session is then
responsible for monitoring incoming BFD control packets with alert
discriminator as "your discriminator". Reflector BFD session, upon
reception of BFD control packets with alert discriminator as "your
discriminator", would examine BFD diagnostic code. Diagnostic code
instructs how reflector BFD session is to behave. A network node is
able to transmit S-BFD control packets with "your discriminator" as
this alert discriminator and well known diagnostic code, to a
particular target, and expect reflector BFD session on the target
network node to behave accordingly.
3. Alert Discriminator
Alert discriminator is a BFD target identifier of type (3).
Value BFD Target Identifier Type
------ --------------------------
3 Alert Discriminator
Akiya, et al. Expires January 05, 2014 [Page 3]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
Uniqueness of alert discriminator is that same BFD discriminator
value is reserved on group of network nodes as the alert
discriminator.
For example, there are 4 network nodes in a network: A, B, C, D.
0x7F7F7F7F is chosen as the alert discriminator for this network.
Nodes A, B, C and D will each reserve 0x7F7F7F7F as BFD target
identifier type 3.
How alert discriminator value is to be chosen is outside the scope of
this document.
4. Reflector BFD Session
One or more reflector BFD session(s) MUST be created on each network
node which has reserved alert discriminator(s). Reflector BFD
session MUST listen for incoming S-BFD control packets with "your
discriminator" of BFD target identifier type 3, alert discriminators.
Further procedures for a reflector BFD session processing incoming
S-BFD control packets for BFD target identifier type 3 depends on
specified BFD diagnostic code. Definition of BFD diagnostic code for
alert discriminator usage and required reflector BFD session behavior
for each are described in Section 5.
5. Alert Discriminator Diagnostic Code
[RFC5880] defines a field to describe diagnostic code in a BFD
control packet, and defines set of diagnostic codes. This
specification defines a new set of diagnostic codes to be used solely
for S-BFD control packets using alert discriminators. New diagnostic
codes specified in this document are only meaningful when used
together with alert discriminators.
o S-BFD control packets transmitted and received, destined for BFD
target identifier of type 3, MUST NOT use diagnostic codes defined
in [RFC5880] and MUST use diagnostic codes defined in this
document.
o [S-]BFD control packets transmitted and received, not destined for
BFD target identifier of type 3, MUST use diagnostic codes defined
in [RFC5880] and MUST NOT use diagnostic codes defined in this
document.
Note that BFD diagnostic codes for alert discriminators are defined
from highest possible values. Any future documents claiming alert
discriminator diagnostic codes MUST use next available highest values
from the reserved range. Alert discriminator diagnostic codes are
defined as follow:
Akiya, et al. Expires January 05, 2014 [Page 4]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
Value Alert Discriminator Diagnostic Code Name
------ ----------------------------------------
0-30 Reserved for future use
31 BFD path trace
When transmitted BFD control packet is targeted to a BFD target
identifier of type 3, then BFD diagnostic code MUST NOT be zero.
When receiving BFD control packet is targeted to a BFD target
identifier of type 3, then packet with BFD diagnostic code of zero
MUST be dropped.
Note that primary purpose of alert discriminator diagnostic codes are
to provide hints to responder on why initiator is sending alert
discriminator S-BFD packets.
6. BFD Path Trace: Alert Discriminator Diagnostic Code 31
BFD path trace, aka BFD traceroute, is performed through making use
of the alert discriminator with alert discriminator diagnostic code
31.
6.1. Initiator Procedures
When a network node desires to trace hops to a BFD target, S-BFD
control packets are transmitted with following contents.
6.1.1. Transmission S-BFD Control Packets
o IP destination address or MPLS label stack MUST be set to describe
the target.
o "your discriminator" MUST be set to an alert discriminator.
o BFD diagnostic code MUST be set to 31 (BFD path trace).
o Poll (P) bit MUST be set.
o Incrementing or decrementing IP/MPLS TTL.
o Remaining packet contents are as per described in
[I-D.akiya-bfd-seamless-ip].
When incrementing TTL is used towards the BFD target, TTL SHOULD
start at value of 1. Completion of BFD path trace is reached when
locally determined so (ex: no response from one of the nodes) or when
one of following conditions are hit, and initiator MUST NOT transmit
BFD path trace packets to further downstream network nodes:
Akiya, et al. Expires January 05, 2014 [Page 5]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
o Response S-BFD control packet has been received from intended BFD
target.
o In case IP address(es) of intended BFD target is unknown, two
consecutive response S-BFD control packets (TTL+n and TTL+(n+1))
contain same IP source address.
When decrementing TTL is used, BFD path trace SHOULD start from the
BFD target using TTL=N. How value of N is determined is outside the
scope of this document. Completion of BFD path trace is reached when
locally determined so or after performing BFD path trace operation to
TTL=1.
Because there are no sequence numbers included in transmitted and
received S-BFD control packets (without use of Authentication) for
BFD path tracing, initiator SHOULD allow some delay between multiple
BFD path tracing operations for a same target, if same "my
discriminator" value is used on them. This is to ensure responses
from multiple BFD path tracing operations do not conflict with each
other, resulting in incorrectly recorded hops.
6.1.2. Reception of S-BFD Control Packets
If response S-BFD control packets do not contain "my discriminator"
of alert discriminator, then packet MUST NOT be considered as
response for BFD path tracing.
If response S-BFD control packets do not have Final (F) bit set, then
packet MUST NOT be considered as response for BFD path tracing.
If response S-BFD control packets do not contain BFD diagnostic code
31, then packet MUST NOT be considered as response for BFD path
tracing.
IP source address of valid response S-BFD control packets are
recorded to form trace hops to the BFD target.
6.2. Responder Procedures
Reflector BFD session at the responder network node MUST operate with
procedures described in [I-D.akiya-bfd-seamless-ip].
6.2.1. Reception of S-BFD Control Packets
Following conditions MUST be met for received S-BFD control packets
targeted to BFD target identifier of type 3 to be considered for BFD
path tracing:
Akiya, et al. Expires January 05, 2014 [Page 6]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
o BFD diagnostic code is 31 (BFD path trace).
o Poll (P) bit is set.
6.2.2. Transmission of S-BFD Control Packets
Following procedures MUST be followed when transmitting a response
S-BFD control packet for BFD path tracing:
o BFD diagnostic code in response S-BFD packet MUST be set to 31
(BFD path trace).
o Final (F) bit MUST be set.
6.3. Possible Use Cases
BFD path tracing may be desirable for following occasions.
o When a BFD session is determined to have lost reachability to the
target (ex: state transitions from UP to DOWN), immediately
trigger BFD path trace to the target to attempt to isolate the
fault.
o While a particular BFD session is in UP state, occasionally
trigger BFD path trace in the background to record the paths.
Compare recorded paths to see how frequently paths are changing.
If determined to be more frequent than expected, then log a
warning to indicate potential network instability.
o Just trigger BFD path trace, manually or automatically, as needed
basis.
7. Security Considerations
Alert discriminator selected for a network should be kept from being
disclosed to anybody or anything external to the network. This will
prevent attacks from knowing the exact value for the alert
discriminator. It is still possible for attacks to scan a range of
BFD discriminator values to identify alert discriminator being used.
Therefore, as described in [I-D.akiya-bfd-seamless-base],
implementations MUST provide filtering capability based on source IP
addresses.
In addition, same security considerations as [RFC5880], [RFC5881],
[RFC5883], [RFC5884], [I-D.akiya-bfd-seamless-base] and
[I-D.akiya-bfd-seamless-ip] apply to this document.
Akiya, et al. Expires January 05, 2014 [Page 7]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
8. IANA Considerations
BFD Target Identifier types:
Value BFD Target Identifier Type
------ --------------------------
3 Alert Discriminator
Alert Discriminator Diagnostic Code:
Value Alert Discriminator Diagnostic Code Name
------ ----------------------------------------
0-30 Reserved for future use
31 BFD path trace
9. Acknowledgements
TBD
10. Contributing Authors
Nagendra Kumar
Cisco Systems
Email: naikumar@cisco.com
Mallik Mudigonda
Cisco Systems
Email: mmudigon@cisco.com
Aswatnarayan Raghuram
AT&T
Email: ar2521@att.com
Glenward D. Hayden
AT&T
Email: gh1691@att.com
11. References
11.1. Normative References
[I-D.akiya-bfd-seamless-base]
Akiya, N., Pignataro, C., and D. Ward, "Seamless
Bidirectional Forwarding Detection (BFD) with MPLS Label
Verification Extension", draft-akiya-bfd-seamless-base-00
(work in progress), June 2013.
Akiya, et al. Expires January 05, 2014 [Page 8]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
[I-D.akiya-bfd-seamless-ip]
Akiya, N., Pignataro, C., and D. Ward, "Seamless
Bidirectional Forwarding Detection (BFD) for IP", draft-
akiya-bfd-seamless-ip-00 (work in progress), June 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, June 2010.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June
2010.
[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for Multihop Paths", RFC 5883, June 2010.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", RFC 5884, June 2010.
11.2. Informative References
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, September 1981.
[RFC4379] Kompella, K. and G. Swallow, "Detecting Multi-Protocol
Label Switched (MPLS) Data Plane Failures", RFC 4379,
February 2006.
Authors' Addresses
Nobo Akiya
Cisco Systems
Email: nobo@cisco.com
Carlos Pignataro
Cisco Systems
Email: cpignata@cisco.com
Akiya, et al. Expires January 05, 2014 [Page 9]
Internet-Draft S-BFD Alert Discrim & Path Trace July 2013
Dave Ward
Cisco Systems
Email: wardd@cisco.com
Akiya, et al. Expires January 05, 2014 [Page 10]