\
[Search] [txt|pdfized|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]
Versions: (draft-iannone-6834bis) 00 01 02 03 04         Standards Track
          05 06 07 08 09 10 11 12 13 14                                 
Network Working Group                                         L. Iannone
Internet-Draft                                Huawei Technologies France
Obsoletes: 6834 (if approved)                                  D. Saucez
Intended status: Standards Track                                   INRIA
Expires: November 5, 2022                                 O. Bonaventure
                                        Universite catholique de Louvain
                                                             May 4, 2022


          Locator/ID Separation Protocol (LISP) Map-Versioning
                       draft-ietf-lisp-6834bis-10

Abstract

   This document describes the LISP (Locator/ID Separation Protocol)
   Map-Versioning mechanism, which provides in-packet information about
   Endpoint ID to Routing Locator (EID-to-RLOC) mappings used to
   encapsulate LISP data packets.  This approach is based on associating
   a version number to EID-to-RLOC mappings and the transport of such a
   version number in the LISP-specific header of LISP-encapsulated
   packets.  LISP Map-Versioning is particularly useful to inform
   communicating Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers
   (ETRs) about modifications of the mappings used to encapsulate
   packets.  The mechanism is optional and transparent to
   implementations not supporting this feature, since in the LISP-
   specific header and in the Map Records, bits used for Map-Versioning
   can be safely ignored by ITRs and ETRs that do not support or do not
   want to use the mechanism.

   This document obsoletes RFC 6834 "Locator/ID Separation Protocol
   (LISP) Map-Versioning", which is the initial experimental
   specifications of the mechanisms updated by this document.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."




Iannone, et al.         Expires November 5, 2022                [Page 1]


Internet-Draft             LISP Map-Versioning                  May 2022


   This Internet-Draft will expire on November 5, 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Requirements Notation . . . . . . . . . . . . . . . . . . . .   3
   3.  Definitions of Terms  . . . . . . . . . . . . . . . . . . . .   4
   4.  LISP Header and Map-Version Numbers . . . . . . . . . . . . .   4
   5.  Map Record and Map-Version  . . . . . . . . . . . . . . . . .   5
   6.  EID-to-RLOC Map-Version Number  . . . . . . . . . . . . . . .   6
     6.1.  The Null Map-Version  . . . . . . . . . . . . . . . . . .   7
   7.  Dealing with Map-Version Numbers  . . . . . . . . . . . . . .   7
     7.1.  Handling Destination Map-Version Number . . . . . . . . .   8
     7.2.  Handling Source Map-Version Number  . . . . . . . . . . .   9
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   9.  Deployment Considerations . . . . . . . . . . . . . . . . . .  10
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  11
     11.2.  Informative References . . . . . . . . . . . . . . . . .  12
   Appendix A.  Benefits and Case Studies for Map-Versioning . . . .  13
     A.1.  Map-Versioning and Unidirectional Traffic . . . . . . . .  13
     A.2.  Map-Versioning and Interworking . . . . . . . . . . . . .  13
       A.2.1.  Map-Versioning and Proxy-ITRs . . . . . . . . . . . .  13
       A.2.2.  Map-Versioning and LISP-NAT . . . . . . . . . . . . .  14
       A.2.3.  Map-Versioning and Proxy-ETRs . . . . . . . . . . . .  14
     A.3.  RLOC Shutdown/Withdraw  . . . . . . . . . . . . . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  15








Iannone, et al.         Expires November 5, 2022                [Page 2]


Internet-Draft             LISP Map-Versioning                  May 2022


1.  Introduction

   This document describes the Map-Versioning mechanism used to provide
   information on changes in the EID-to-RLOC (Endpoint ID to Routing
   Locator) mappings used in the LISP (Locator/ID Separation Protocol
   [I-D.ietf-lisp-rfc6830bis][I-D.ietf-lisp-rfc6833bis]) context to
   perform packet encapsulation.  The mechanism is totally transparent
   to xTRs (Ingress and Egress Tunnel Routers) not supporting or not
   using such functionality.  [I-D.ietf-lisp-introduction] describes the
   architecture of the Locator/ID Separation Protocol.  It is expected
   that the reader is familiar with this introductory document.

   This document obsoletes [RFC6834], which is the initial experimental
   specifications of the mechanisms updated by this document.

   The basic mechanism is to associate a Map-Version number to each LISP
   EID-to-RLOC mapping and transport such a version number in the LISP-
   specific header.  When a mapping changes, a new version number is
   assigned to the updated mapping.  A change in an EID-to-RLOC mapping
   can be a modification in the RLOCs set such as addition, removal, or
   change in priority or weight of one or more RLOCs.

   When Map-Versioning is used, LISP-encapsulated data packets contain
   the version number of the two mappings used to select the RLOCs in
   the outer header (i.e., both source and destination RLOCs).  This
   operation is two-fold.  On the one hand, it enables the ETR (Egress
   Tunnel Router) receiving the packet to know if the ITR (Ingress
   Tunnel Router) is using the latest mapping version for the
   destination EID.  If this is not the case, the ETR can directly send
   a Map-Request containing the updated mapping to the ETR, to notify it
   of the latest version.  The ETR can also solicit the ITR to trigger a
   Map-Request to obtain the latest mapping by sending it a Solicit Map-
   Request (SMR) message.  Both cases are defined in
   [I-D.ietf-lisp-rfc6833bis].  On the other hand, it enables an ETR
   receiving such a packet to know if it has in its EID-to-RLOC Map-
   Cache the latest mapping for the source EID.  If this is not the
   case, a Map-Request can be sent.

   Considerations about the deployment of LISP Map-Versioning are
   discussed in Section 9.

2.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.



Iannone, et al.         Expires November 5, 2022                [Page 3]


Internet-Draft             LISP Map-Versioning                  May 2022


3.  Definitions of Terms

   This document uses terms already defined in the main LISP
   specification ([I-D.ietf-lisp-rfc6830bis],
   [I-D.ietf-lisp-rfc6833bis]).  Here, we define the terms that are
   specific to the Map-Versioning mechanism.  Throughout the whole
   document, Big Endian bit ordering is used.

   Map-Version number:  An unsigned 12-bit integer is assigned to an
     EID-to-RLOC mapping, indicating its version number (Section 6).

   Null Map-Version:  A Map-Version number with a value of 0x000 (zero),
     used to signal that the Map-Version feature is not used and no Map-
     Version number is assigned to the EID-to-RLOC mapping
     (Section 6.1).

   Dest Map-Version number:  Map-Version of the mapping in the EID-to-
     RLOC Map-Cache used by the ITR to select the RLOC present in the
     "Destination Routing Locator" field of the outer IP header of LISP-
     encapsulated packets (Section 7.1).

   Source Map-Version number:  Map-Version of the mapping in the EID-to-
     RLOC Database used by the ITR to select the RLOC present in the
     "Source Routing Locator" field of the outer IP header of LISP-
     encapsulated packets (Section 7.2).

4.  LISP Header and Map-Version Numbers

   In order for the versioning approach to work, the LISP-specific
   header has to carry both the Source Map-Version number and Dest Map-
   Version number.  This is done by setting the V-bit in the LISP-
   specific header as specified in [I-D.ietf-lisp-rfc6830bis] and shown
   in the example in Figure 1.  All permissible combinations of the
   flags when the V-bit is set to 1 are described in
   [I-D.ietf-lisp-rfc6830bis].  Not all of the LISP-encapsulated packets
   need to carry version numbers.  When the V-bit is set, the LISP
   header has the following encoding:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |N|L|E|V|I|R|K|K|  Source Map-Version   |   Dest Map-Version    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Instance ID/Locator-Status-Bits               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 1: LISP-Specific header example when Map-Versioning is in use.




Iannone, et al.         Expires November 5, 2022                [Page 4]


Internet-Draft             LISP Map-Versioning                  May 2022


   Source Map-Version number (12 bits):  Map-Version of the mapping in
     the EID-to-RLOC Database used by the ITR to select the RLOC present
     in the "Source Routing Locator" field of the outer IP header of
     LISP-encapsulated packets.  Section 7.2 describes how to set this
     value on transmission and handle it on reception.

   Dest Map-Version number (12 bits):  Map-Version of the mapping in the
     EID-to-RLOC Map-Cache used by the ITR to select the RLOC present in
     the "Destination Routing Locator" field of the outer IP header of
     LISP-encapsulated packets.  Section 7.1 describes how to set this
     value on transmission and handle it on reception.

5.  Map Record and Map-Version

   To accommodate the mechanism, the Map Records that are transported in
   Map-Request/Map-Reply/Map-Register messages need to carry the Map-
   Version number as well.  For reference, the Map Record (specified in
   [I-D.ietf-lisp-rfc6833bis]) is reported here as an example in
   Figure 2.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   |                          Record TTL                           |
   |   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   R   | Locator Count | EID mask-len  | ACT |A|      Reserved         |
   e   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   c   | Rsvd  |  Map-Version Number   |       EID-Prefix-AFI          |
   o   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   r   |                          EID-Prefix                           |
   d   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  /|    Priority   |    Weight     |  M Priority   |   M Weight    |
   | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | o |        Unused Flags     |L|p|R|           Loc-AFI             |
   | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  \|                             Locator                           |
   +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 2: Map-Record format example.

   Map-Version Number:  Map-Version of the mapping contained in the
     Record.  As explained in Section 6.1, this field can be zero (0),
     meaning that no Map-Version is associated to the mapping.

   This packet format is backward compatible with xTRs that do not
   support Map-Versioning, since they can simply ignore those bits.





Iannone, et al.         Expires November 5, 2022                [Page 5]


Internet-Draft             LISP Map-Versioning                  May 2022


6.  EID-to-RLOC Map-Version Number

   The EID-to-RLOC Map-Version number consists of an unsigned 12-bit
   integer.  The version number is assigned on a per-mapping basis,
   meaning that different mappings have a different version number,
   which is also updated independently.  An update in the version number
   (i.e., a newer version) consists of incrementing by one the older
   version number (only exception is for the Null Map-Version as
   explained in at the end of Section 6.1).

   The space of version numbers has a circular order where half of the
   version numbers are greater (i.e., newer) than the current Map-
   Version number and the other half of the version numbers are smaller
   (i.e., older) than the current Map-Version number.  In a more formal
   way, assuming that we have two version numbers V1 and V2 and that the
   numbers are expressed on N bits, the following steps MUST be
   performed (in the same order as shown below) to strictly define their
   order:

   1.  V1 = V2 : The Map-Version numbers are the same.

   2.  V2 > V1 : if and only if

         V2 > V1 AND (V2 - V1) <= 2**(N-1)

         OR

         V1 > V2 AND (V1 - V2) > 2**(N-1)

   3.  V1 > V2 : otherwise.

   Using 12 bits, as defined in this document, and assuming a Map-
   Version value of 69, Map-Version numbers in the range [70; 69 + 2048]
   are greater than 69, while Map-Version numbers in the range [69 +
   2049; (69 + 4096) mod 4096] are smaller than 69.

   The initial Map-Version number of a new EID-to-RLOC mapping SHOULD be
   assigned randomly, but it MUST NOT be set to the Null Map-Version
   value (0x000), because the Null Map-Version number has a special
   meaning (see Section 6.1).  Optionally, the initial Map-version
   number may be configured.

   Upon reboot, an ETR will use mappings configured in its EID-to-RLOC
   Database.  If those mappings have a Map-Version number, it will be
   used according to the mechanisms described in this document.  ETRs
   MUST NOT automatically generate and assign Map-Version numbers to
   mappings in the EID-to-RLOC Database.




Iannone, et al.         Expires November 5, 2022                [Page 6]


Internet-Draft             LISP Map-Versioning                  May 2022


6.1.  The Null Map-Version

   The value 0x000 (zero) is a special Map-Version number indicating
   that there is actually no version number associated to the EID-to-
   RLOC mapping.  Such a value is used for special purposes and is named
   the Null Map-Version number.

   Map Records that have a Null Map-Version number indicate that there
   is no Map-Version number associated with the mapping.  This means
   that LISP-encapsulated packets destined to the EID-Prefix referred to
   by the Map Record MUST NOT contain any Map-Version numbers (V bit set
   to 0).  If an ETR receives LISP-encapsulated packets with the V-bit
   set, when the original mapping in the EID-to-RLOC Database has the
   version number set to the Null Map-Version value, then those packets
   MUST be silently dropped.

   The Null Map-Version may appear in the LISP-specific header as a
   Source Map-Version number (Section 7.2).  When the Source Map-Version
   number is set to the Null Map-Version value, it means that no map
   version information is conveyed for the source site.  This means that
   if a mapping exists for the source EID in the EID-to-RLOC Map-Cache,
   then the ETR MUST NOT compare the received Null Map-Version with the
   content of the EID-to-RLOC Map-Cache (Section 7.2).

   The fact that the 0 value has a special meaning for the Map-Version
   number implies that, when updating a Map-Version number because of a
   change in the mapping, if the next value is 0, then the Map-Version
   number MUST be incremented by 2 (i.e., set to 1 (0x001), which is the
   next valid value).

7.  Dealing with Map-Version Numbers

   The main idea of using Map-Version numbers is that whenever there is
   a change in the mapping (e.g., adding/removing RLOCs, a change in the
   weights due to Traffic Engineering policies, or a change in the
   priorities) or a LISP site realizes that one or more of its own RLOCs
   are not reachable anymore from a local perspective (e.g., through
   IGP, or policy changes) the LISP site updates the mapping, also
   assigning a new Map-Version number.

   An ETR receiving a LISP packet with Map-Version numbers SHOULD check
   the following predicates:

   1.  The ITR that has sent the packet has an up-to-date mapping in its
       EID-to-RLOC Map-Cache for the destination EID and is performing
       encapsulation correctly.





Iannone, et al.         Expires November 5, 2022                [Page 7]


Internet-Draft             LISP Map-Versioning                  May 2022


   2.  In the case of bidirectional traffic, the mapping in the local
       ETR EID-to-RLOC Map-Cache for the source EID is up to date.

   If one or both of the above predicates do not hold, the ETR SHOULD
   send a Map-Request either to make the ITR aware that a new mapping is
   available (see Section 7.1) or to update the mapping in the local
   EID-to-RLOC Map-Cache (see Section 7.2).

7.1.  Handling Destination Map-Version Number

   When an ETR receives a packet, the Dest Map-Version number relates to
   the mapping for the destination EID for which the ETR is an RLOC.
   This mapping is part of the ETR EID-to-RLOC Database.  Since the ETR
   is authoritative for the mapping, it has the correct and up-to-date
   Dest Map-Version number.  A check on this version number SHOULD be
   done, where the following cases can arise:

   1.  The packet arrives with the same Dest Map-Version number stored
       in the EID-to-RLOC Database.  This is the regular case.  The ITR
       sending the packet has in its EID-to-RLOC Map-Cache an up-to-date
       mapping.  No further actions are needed.

   2.  The packet arrives with a Dest Map-Version number greater (i.e.,
       newer) than the one stored in the EID-to-RLOC Database.  Since
       the ETR is authoritative on the mapping, meaning that the Map-
       Version number of its mapping is the correct one, this implies
       that someone is not behaving correctly with respect to the
       specifications.  In this case, the packet carries a version
       number that is not valid and packet MUST be silently dropped.

   3.  The packets arrive with a Dest Map-Version number smaller (i.e.,
       older) than the one stored in the EID-to-RLOC Database.  This
       means that the ITR sending the packet has an old mapping in its
       EID-to-RLOC Map-Cache containing stale information.  The ETR MAY
       choose to normally process the encapsulated datagram according to
       [I-D.ietf-lisp-rfc6830bis]; however, the ITR sending the packet
       SHOULD be informed that a newer mapping is available.  This is
       done with a Map-Request message sent back to the ITR, as
       specified in [I-D.ietf-lisp-rfc6833bis].  One feature introduced
       by Map-Version numbers is the possibility of blocking traffic not
       using the latest mapping.  This is because either the ITR is
       refusing to use the mapping for which the ETR is authoritative,
       or (worse) it might be some form of attack.  According to rate
       limitation policy defined in [I-D.ietf-lisp-rfc6833bis] for Map-
       Request messages, after 10 retries Map-Requests are sent every 30
       seconds, if in the meantime the Dest Map-Version number in the
       packets is not updated, the ETR SHOULD drop packets with a stale
       Map-Version number, unless the traffic is considered safe (e.g.



Iannone, et al.         Expires November 5, 2022                [Page 8]


Internet-Draft             LISP Map-Versioning                  May 2022


       in private deployments this can indicate an issue in the ITR, but
       not malicious traffic).

   The rule in the third case may be more restrictive.  If the Record
   TTL of the previous mapping has already expired, all packets arriving
   with an old Map-Version SHOULD be silently dropped right away without
   issuing any Map-Request, unless the traffic is considered safe (e.g.
   private deployment).  Such action is permitted because if the new
   mapping with the updated version number has been unchanged for at
   least the same time as the Record TTL of the older mapping, all the
   entries in the EID-to-RLOC Map-Caches of ITRs must have expired.
   Hence, all ITRs sending traffic should have refreshed the mapping
   according to [I-D.ietf-lisp-rfc6833bis].  If packets with old Map-
   Version numbers are still received, then either someone has not
   respected the Record TTL or it is a form of spoof/attack.  In both
   cases, this is not valid behavior with respect to the specifications.

   LISP-encapsulated packets cannot transport a Dest Map-Version number
   equal to the Null Map-Version number, because in this case the ETR is
   signaling that Map-Version numbers are not used for the mapping of
   the destination EID (see Section 6.1).

7.2.  Handling Source Map-Version Number

   When an ETR receives a packet, the Source Map-Version number relates
   to the mapping for the source EID for which the ITR that sent the
   packet is authoritative.  If the ETR has an entry in its EID-to-RLOC
   Map-Cache for the source EID, then a check SHOULD be performed and
   the following cases can arise:

   1.  The packet arrives with the same Source Map-Version number as
       that stored in the EID-to-RLOC Map-Cache.  This is the regular
       case.  The ETR has in its EID-to-RLOC Map-Cache an up-to-date
       copy of the mapping.  No further actions are needed.

   2.  The packet arrives with a Source Map-Version number greater
       (i.e., newer) than the one stored in the local EID-to-RLOC Map-
       Cache.  This means that the ETR has in its EID-to-RLOC Map-Cache
       a mapping that is stale and needs to be updated.  A Map-Request
       SHOULD be sent to get the new mapping for the source EID,
       respecting rate-limitation policies described in
       [I-D.ietf-lisp-rfc6833bis].

   3.  The packet arrives with a Source Map-Version number smaller
       (i.e., older) than the one stored in the local EID-to-RLOC Map-
       Cache.  Such a case is not valid with respect to the
       specifications.  Indeed, if the mapping is already present in the
       EID-to-RLOC Map-Cache, this means that an explicit Map-Request



Iannone, et al.         Expires November 5, 2022                [Page 9]


Internet-Draft             LISP Map-Versioning                  May 2022


       has been sent and a Map-Reply has been received from an
       authoritative source.  In this situation, the packet SHOULD be
       silently dropped, unless considered safe to accept the traffic
       (e.g. private deployments, where it can indicate a
       misconfiguration).

   If the ETR does not have an entry in the EID-to-RLOC Map-Cache for
   the source EID, then the Source Map-Version number MUST be ignored.

8.  Security Considerations

   Attackers can try to trigger a large number of Map-Requests by simply
   forging packets with random Map-Versions.  The Map-Requests are rate-
   limited as described in [I-D.ietf-lisp-rfc6833bis].  With Map-
   Versioning it is possible to filter packet carrying invalid version
   numbers before triggering a Map-Request, thus helping to reduce the
   effects of DoS attacks.  However, it might not be enough to really
   protect from a DDoS attack.

   This document builds on the specification and operation of the LISP
   control and data planes.  The Security Considerations of
   [I-D.ietf-lisp-rfc6830bis] and [I-D.ietf-lisp-rfc6833bis] apply.  A
   thorough security analysis of LISP is documented in [RFC7835].

   Map-Versioning MUST NOT be used over the public Internet and SHOULD
   only be used in trusted and closed deployments.

9.  Deployment Considerations

   LISP requires ETRs to provide the same mapping for the same EID-
   Prefix to a requester.  Map-Versioning does not require additional
   synchronization mechanisms.  Clearly, all the ETRs have to reply with
   the same mapping including same Map-Version number; otherwise, there
   can be an inconsistency that creates additional control traffic,
   instabilities, and traffic disruptions.

   There are two ways Map-Versioning is helpful with respect to
   synchronization.  On the one hand, assigning version numbers to
   mappings helps in debugging, since quick checks on the consistency of
   the mappings on different ETRs can be done by looking at the Map-
   Version number.  On the other hand, Map-Versioning can be used to
   control the traffic toward ETRs that announce the latest mapping.

   As an example, let's consider the topology of Figure 3 where ITR A.1
   of Domain A is sending unidirectional traffic to Domain B, while A.2
   of Domain A exchanges bidirectional traffic with Domain B.  In
   particular, ITR A.2 sends traffic to ETR B, and ETR A.2 receives
   traffic from ITR B.



Iannone, et al.         Expires November 5, 2022               [Page 10]


Internet-Draft             LISP Map-Versioning                  May 2022


    +-----------------+              +-----------------+
    | Domain A        |              | Domain B        |
    |       +---------+              |                 |
    |       | ITR A.1 |---           |                 |
    |       +---------+    \         +---------+       |
    |                 |      ------->| ETR B   |       |
    |                 |      ------->|         |       |
    |       +---------+    /         |         |       |
    |       | ITR A.2 |---      -----| ITR B   |       |
    |       |         |       /      +---------+       |
    |       | ETR A.2 |<-----        |                 |
    |       +---------+              |                 |
    |                 |              |                 |
    +-----------------+              +-----------------+

                        Figure 3: Example topology.

   Obviously, in the case of Map-Versioning, both ITR A.1 and ITR A.2 of
   Domain A must use the same value; otherwise, the ETR of Domain B will
   start to send Map-Requests.

   The same problem can, however, arise without Map-Versioning, for
   instance, if the two ITRs of Domain A send different Locator-Status-
   Bits.  In this case, either the traffic is disrupted if ETR B does
   not verify reachability, or if ETR B will start sending Map-Requests
   to confirm each change in reachability.

   So far, LISP does not provide any specific synchronization mechanism
   but assumes that synchronization is provided by configuring the
   different xTRs consistently.  The same applies for Map-Versioning.
   If in the future any synchronization mechanism is provided, Map-
   Versioning will take advantage of it automatically, since it is
   included in the Map Record format, as described in Section 5.

10.  IANA Considerations

   This document includes no request to IANA.

11.  References

11.1.  Normative References

   [I-D.ietf-lisp-rfc6830bis]
              Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.
              Cabellos-Aparicio, "The Locator/ID Separation Protocol
              (LISP)", draft-ietf-lisp-rfc6830bis-36 (work in progress),
              November 2020.




Iannone, et al.         Expires November 5, 2022               [Page 11]


Internet-Draft             LISP Map-Versioning                  May 2022


   [I-D.ietf-lisp-rfc6833bis]
              Farinacci, D., Maino, F., Fuller, V., and A. Cabellos-
              Aparicio, "Locator/ID Separation Protocol (LISP) Control-
              Plane", draft-ietf-lisp-rfc6833bis-30 (work in progress),
              November 2020.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

11.2.  Informative References

   [I-D.ietf-lisp-introduction]
              Cabellos-Aparicio, A. and D. Saucez, "An Architectural
              Introduction to the Locator/ID Separation Protocol
              (LISP)", draft-ietf-lisp-introduction-13 (work in
              progress), April 2015.

   [RFC6832]  Lewis, D., Meyer, D., Farinacci, D., and V. Fuller,
              "Interworking between Locator/ID Separation Protocol
              (LISP) and Non-LISP Sites", RFC 6832,
              DOI 10.17487/RFC6832, January 2013,
              <https://www.rfc-editor.org/info/rfc6832>.

   [RFC6834]  Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Map-Versioning", RFC 6834,
              DOI 10.17487/RFC6834, January 2013,
              <https://www.rfc-editor.org/info/rfc6834>.

   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              <https://www.rfc-editor.org/info/rfc7835>.













Iannone, et al.         Expires November 5, 2022               [Page 12]


Internet-Draft             LISP Map-Versioning                  May 2022


Appendix A.  Benefits and Case Studies for Map-Versioning

   In the following sections, we provide more discussion on various
   aspects and uses of Map-Versioning.  Security observations are
   grouped in Section 8.

A.1.  Map-Versioning and Unidirectional Traffic

   When using Map-Versioning, the LISP-specific header carries two Map-
   Version numbers, for both source and destination mappings.  This can
   raise the question on what will happen in the case of unidirectional
   flows, for instance, in the case presented in Figure 4, since the
   LISP specifications do not mandate that the ETR have a mapping from
   the source EID.

    +-----------------+            +-----------------+
    | Domain A        |            | Domain B        |
    |       +---------+            +---------+       |
    |       | ITR A   |----------->| ETR B   |       |
    |       +---------+            +---------+       |
    |                 |            |                 |
    +-----------------+            +-----------------+

          Figure 4: Unidirectional traffic between LISP domains.

   An ITR is able to put both the source and destination version numbers
   in the LISP header since the Source Map-Version number is in its
   database while the Destination Map-Version number is in its cache.

   The ETR checks only the Dest Map-Version number as described in
   Section 7, ignoring the Source Map-Version number.

A.2.  Map-Versioning and Interworking

   Map-Versioning is compatible with the LISP interworking between LISP
   and non-LISP sites as defined in [RFC6832].  LISP interworking
   defines three techniques to make LISP sites and non-LISP sites,
   namely Proxy-ITR, LISP-NAT, and Proxy-ETR.  The following text
   describes how Map-Versioning relates to these three mechanisms.

A.2.1.  Map-Versioning and Proxy-ITRs

   The purpose of the Proxy-ITR (PITR) is to encapsulate traffic
   originating in a non-LISP site in order to deliver the packet to one
   of the ETRs of the LISP site (cf.  Figure 5).  This case is very
   similar to the unidirectional traffic case described in Appendix A.1;
   hence, similar rules apply.




Iannone, et al.         Expires November 5, 2022               [Page 13]


Internet-Draft             LISP Map-Versioning                  May 2022


    +----------+                             +-------------+
    | LISP     |                             | non-LISP    |
    | Domain A |                             | Domain B    |
    |  +-------+        +-----------+        |             |
    |  | ETR A |<-------| Proxy ITR |<-------|             |
    |  +-------+        +-----------+        |             |
    |          |                             |             |
    +----------+                             +-------------+

   Figure 5: Unidirectional traffic from non-LISP domain to LISP domain.

   The main difference is that a Proxy-ITR does not have any mapping,
   since it just encapsulates packets arriving from the non-LISP site,
   and thus cannot provide a Source Map-Version.  In this case, the
   proxy-ITR will just put the Null Map-Version value as the Source Map-
   Version number, while the receiving ETR will ignore the field.

   With this setup, LISP Domain A is able to check whether or not the
   PITR is using the latest mapping.

A.2.2.  Map-Versioning and LISP-NAT

   The LISP-NAT mechanism is based on address translation from non-
   routable EIDs to routable EIDs and does not involve any form of
   encapsulation.  As such, Map-Versioning does not apply in this case.

A.2.3.  Map-Versioning and Proxy-ETRs

   The purpose of the Proxy-ETR (PETR) is to decapsulate traffic
   originating in a LISP site in order to deliver the packet to the non-
   LISP site (cf.  Figure 6).  One of the main reasons to deploy PETRs
   is to bypass uRPF (Unicast Reverse Path Forwarding) checks on the
   provider edge.

    +----------+                             +-------------+
    | LISP     |                             | non-LISP    |
    | Domain A |                             | Domain B    |
    |  +-------+        +-----------+        |             |
    |  | ITR A |------->| Proxy ETR |------->|             |
    |  +-------+        +-----------+        |             |
    |          |                             |             |
    +----------+                             +-------------+

   Figure 6: Unidirectional traffic from LISP domain to non-LISP domain.

   A Proxy-ETR does not have any mapping, since it just decapsulates
   packets arriving from the LISP site.  In this case, the ITR can
   interchangeably put a Map-Version value or the Null Map-Version value



Iannone, et al.         Expires November 5, 2022               [Page 14]


Internet-Draft             LISP Map-Versioning                  May 2022


   as the Dest Map-Version number since the receiving Proxy-ETR will
   ignore the field.

   With this setup, the Proxy-ETR is able to check whether or not the
   mapping has changed.

A.3.  RLOC Shutdown/Withdraw

   Map-Versioning can also be used to perform a graceful shutdown or
   withdraw of a specific RLOC.  This is achieved by simply issuing a
   new mapping, with an updated Map-Version number where the specific
   RLOC to be shut down is withdrawn or announced as unreachable (via
   the R bit in the Map Record; see [I-D.ietf-lisp-rfc6833bis]), but
   without actually turning it off.

   Once no more traffic is received by the RLOC, it can be shut down
   gracefully, because all sites actively using the mapping have updated
   it.

Authors' Addresses

   Luigi Iannone
   Huawei Technologies France

   EMail: luigi.iannone@huawei.com


   Damien Saucez
   INRIA

   EMail: damien.saucez@inria.fr


   Olivier Bonaventure
   Universite catholique de Louvain

   EMail: olivier.bonaventure@uclouvain.be














Iannone, et al.         Expires November 5, 2022               [Page 15]