Index: draft-ietf-bfd-seamless-base-10.txt =================================================================== --- draft-ietf-bfd-seamless-base-10.txt (revision 3541) +++ draft-ietf-bfd-seamless-base-10.txt (working copy) @@ -92,7 +92,7 @@ 7.2.2. Transmission of S-BFD Control Packet by SBFDReflector 10 7.2.3. Additional SBFDReflector Behaviors . . . . . . . . . 11 7.3. Initiator Procedures . . . . . . . . . . . . . . . . . . 12 - 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 13 + 7.3.1. SBFDInitiator State Machine . . . . . . . . . . . . . 12 7.3.2. Transmission of S-BFD Control Packet by SBFDInitiator 13 7.3.3. Additional SBFDInitiator Behaviors . . . . . . . . . 14 7.4. Diagnostic Values . . . . . . . . . . . . . . . . . . . . 14 @@ -117,7 +117,7 @@ 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 15.1. Normative References . . . . . . . . . . . . . . . . . . 18 15.2. Informative References . . . . . . . . . . . . . . . . . 18 - Appendix A. Loop Problem . . . . . . . . . . . . . . . . . . . . 19 + Appendix A. Loop Problem and Solution . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 1. Introduction @@ -457,7 +457,7 @@ o bfd.DemandMode: This variable MUST be initialized to 1 for session type SBFDInitiator, and MUST be initialized to 0 for session type - SBFDReflector. + SBFDReflector. This is done to prevent loops (see Appendix A). 7. S-BFD Procedures @@ -464,9 +464,9 @@ 7.1. Demultiplexing of S-BFD Control Packet S-BFD packet MUST be demultiplexed with lower layer information - (e.g., dedicated destination UDP port, associated channel type). - Following procedure SHOULD be executed on both initiator and - reflector. + (e.g., dedicated destination UDP port [I-D.ietf-bfd-seamless-ip], + associated channel type [I-D.ietf-pals-seamless-vccv]). Following + procedure SHOULD be executed on both initiator and reflector. If S-BFD packet @@ -518,8 +518,7 @@ 7.2.1. Responder Demultiplexing - S-BFD packet MUST be demultiplexed with lower layer information - (e.g., dedicated destination UDP port, associated channel type). + S-BFD packet MUST be demultiplexed with lower layer information. Following procedure SHOULD be executed by responder: If "your discriminator" not one of the entry allocated for local @@ -552,7 +551,8 @@ Demand (D) - Set to 0. + Set to 0, to identify the S-BFD packet is sent by the + SBFDReflector. @@ -618,20 +618,15 @@ Internet-Draft Seamless BFD Base May 2016 - o If the SBFDReflector wishes to communicate to some or all - SBFDInitiators that monitored local entity is "temporarily out of - service", then S-BFD control packets with "state" set to ADMINDOWN - are sent to those SBFDInitiators. The SBFDInitiators, upon - reception of such packets, MUST NOT conclude loss of reachability - to corresponding remote entity, and MUST back off packet - transmission interval for the remote entity to an interval no - faster than 1 second. If the SBFDReflector is generating a - response S-BFD control packet for a local entity that is in - service, then "state" in response BFD control packets MUST be set - to UP. + o When the SBFDReflector receives an S-BFD control packet from an + SBFDInitiator, then the SBFDReflector needs to determine what + "state" to send in the response S-BFD control packet. If the + monitored local entity is in service, then the "state" MUST be set + to UP. If the monitored local entity is "temporarily out of + service", then the "state" SHOULD be set to ADMINDOWN. o If an SBFDReflector receives an S-BFD control packet with Demand - (D) bit cleared, the packet MUST be discarded. + (D) bit cleared, the packet MUST be discarded (see Appendix A). 7.3. Initiator Procedures @@ -665,7 +660,12 @@ Figure 3: S-BFD Continuity Test +7.3.1. SBFDInitiator State Machine + An SBFDInitiator may be a persistent session on the initiator with a + timer for S-BFD control packet transmissions (stateful + SBFDInitiator). An SBFDInitiator may also be a module, a script or a + tool on the initiator that transmits one or more S-BFD control @@ -674,12 +674,6 @@ Internet-Draft Seamless BFD Base May 2016 -7.3.1. SBFDInitiator State Machine - - An SBFDInitiator may be a persistent session on the initiator with a - timer for S-BFD control packet transmissions (stateful - SBFDInitiator). An SBFDInitiator may also be a module, a script or a - tool on the initiator that transmits one or more S-BFD control packets "when needed" (stateless SBFDInitiator). For stateless SBFDInitiators, a complete BFD state machine may not be applicable. For stateful SBFDInitiators, the states and the state machine @@ -722,20 +716,20 @@ D bit is used to identify S-BFD packet originated from SBFDInitiator and is always set to 1. + Your Discriminator + Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to discriminator + value of remote entity. It MAY be learnt from routing + protocols or configured locally. + + Akiya, et al. Expires November 3, 2016 [Page 13] Internet-Draft Seamless BFD Base May 2016 - Your Discriminator - - Set to bfd.RemoteDiscr. bfd.RemoteDiscr is set to discriminator - value of remote entity. It MAY be learnt from routing - protocols or configured locally. - Required Min RX Interval Set to 0. @@ -751,6 +745,12 @@ then the SBFDInitiator SHOULD conclude that S-BFD control packet reached the intended remote entity. + o When an SBFDInitiator receives a response S-BFD control packet, if + the state specified is ADMINDOWN, the SBFDInitiator MUST NOT + conclude loss of reachability to the corresponding remote entity, + and MUST back off packet transmission interval for the remote + entity to an interval no faster than 1 second. + o When a sufficient number of S-BFD packets have not arrived as they should, the SBFDInitiator SHOULD declare loss of reachability to the remote entity. The criteria for declaring loss of @@ -766,7 +766,7 @@ responder back to initiator. o If the SBFDInitiator receives an S-BFD control packet with Demand - (D) bit set, the packet MUST be discarded. + (D) bit set, the packet MUST be discarded (see Appendix A). 7.4. Diagnostic Values @@ -1022,6 +1022,11 @@ Cases", draft-ietf-bfd-seamless-use-case-06 (work in progress), April 2016. + [I-D.ietf-pals-seamless-vccv] + Govindan, V. and C. Pignataro, "Seamless BFD for VCCV", + draft-ietf-pals-seamless-vccv-03 (work in progress), April + 2016. + [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . @@ -1035,7 +1040,7 @@ DOI 10.17487/RFC3031, January 2001, . -Appendix A. Loop Problem +Appendix A. Loop Problem and Solution Consider a scenario where we have two nodes and both are S-BFD capable. @@ -1053,11 +1058,6 @@ Suppose MiM sends a spoofed packet with MyDisc = 0x01010101, YourDisc = 0x02020202, source IP as 2001:db8::1 and dest IP as 2001:db8::2. - When this packet reaches Node B, the reflector session on Node B will - swap the discriminators and IP addresses of the received packet and - reflect it back, since YourDisc of the received packet matched with - reserved discriminator of Node B. The reflected packet that reached - Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since @@ -1066,6 +1066,11 @@ Internet-Draft Seamless BFD Base May 2016 + When this packet reaches Node B, the reflector session on Node B will + swap the discriminators and IP addresses of the received packet and + reflect it back, since YourDisc of the received packet matched with + reserved discriminator of Node B. The reflected packet that reached + Node A will have MyDdisc=0x02020202 and YourDisc=0x01010101. Since YourDisc of the received packet matched the reserved discriminator of Node A, Node A will swap the discriminators and reflects the packet back to Node B. Since reflectors must set the TTL of the reflected @@ -1072,31 +1077,11 @@ packets to 255, the above scenario will result in an infinite loop with just one malicious packet injected from MiM. - FYI: Packet fields do not carry any direction information, i.e., if - this is Ping packet or reply packet. + The solution to avoid the loop problem uses the "D" bit (Demand mode + bit). The Initiator always sets the 'D' bit and the reflector always + clears it. This way we can identify if a received packet was a + reflected packet and avoid reflecting it back. - Solutions - - The current proposals to avoid the loop problem are: - - o Overload "D" bit (Demand mode bit): Initiator always sets the 'D' - bit and reflector clears it. This way we can identify if a - received packet was a reflected packet and avoid reflecting it - back. However this changes the interpretation of 'D' bit. - - o Use of State field in the BFD control packets: Initiator will - always send packets with State set to DOWN and reflector will send - back packets with state field set to UP. Reflectors will never - reflect any received packets with state as UP. However the only - issue is the use of state field differently i.e., state in the - S-BFD control packet from initiator does not reflect the local - state which is anyway not significant at reflector. - - o Use of local discriminator as My Disc at reflector: Reflector will - always fill in My Discriminator with a locally allocated - discriminator value (not reserved discriminators) and will not - copy it from the received packet. - Authors' Addresses Nobo Akiya @@ -1111,17 +1096,6 @@ Email: cpignata@cisco.com - - - - - - -Akiya, et al. Expires November 3, 2016 [Page 20] - -Internet-Draft Seamless BFD Base May 2016 - - Dave Ward Cisco Systems, Inc. @@ -1143,34 +1117,4 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Akiya, et al. Expires November 3, 2016 [Page 21] +Akiya, et al. Expires November 3, 2016 [Page 20]