7881
PROPOSED STANDARD
Seamless Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6, and MPLS
Authors: C. Pignataro, D. Ward, N. Akiya
Date: July 2016
Area: rtg
Working Group: bfd
Stream: IETF
Abstract
This document defines procedures for using Seamless Bidirectional Forwarding Detection (S-BFD) in IPv4, IPv6, and MPLS environments.
RFC 7881
PROPOSED STANDARD
Internet Engineering Task Force (IETF) C. Pignataro
Request for Comments: 7881 D. Ward
Category: Standards Track Cisco
ISSN: 2070-1721 N. Akiya
Big Switch Networks
July 2016
<span class="h1">Seamless Bidirectional Forwarding Detection (S-BFD)</span>
<span class="h1">for IPv4, IPv6, and MPLS</span>
Abstract
This document defines procedures for using Seamless Bidirectional
Forwarding Detection (S-BFD) in IPv4, IPv6, and MPLS environments.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc7841#section-2">Section 2 of RFC 7841</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="https://www.rfc-editor.org/info/rfc7881">http://www.rfc-editor.org/info/rfc7881</a>.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Pignataro, et al. Standards Track [Page 1]</span><span id="page-2" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-2">2</a>. S-BFD UDP Port ..................................................<a href="#page-2">2</a>
<a href="#section-3">3</a>. S-BFD Echo UDP Port .............................................<a href="#page-3">3</a>
<a href="#section-4">4</a>. S-BFD Control Packet Demultiplexing .............................<a href="#page-3">3</a>
<a href="#section-5">5</a>. Initiator Procedures ............................................<a href="#page-3">3</a>
<a href="#section-5.1">5.1</a>. Details of S-BFD Control Packets Sent by SBFDInitiator .....<a href="#page-4">4</a>
<a href="#section-5.1.1">5.1.1</a>. Target versus Remote Entity (S-BFD Discriminator) ...<a href="#page-4">4</a>
<a href="#section-6">6</a>. Responder Procedures ............................................<a href="#page-5">5</a>
<a href="#section-6.1">6.1</a>. Details of S-BFD Control Packets Sent by SBFDReflector .....<a href="#page-5">5</a>
<a href="#section-7">7</a>. Security Considerations .........................................<a href="#page-6">6</a>
<a href="#section-8">8</a>. IANA Considerations .............................................<a href="#page-6">6</a>
<a href="#section-9">9</a>. References ......................................................<a href="#page-7">7</a>
<a href="#section-9.1">9.1</a>. Normative References .......................................<a href="#page-7">7</a>
<a href="#section-9.2">9.2</a>. Informative References .....................................<a href="#page-7">7</a>
Acknowledgements ...................................................<a href="#page-8">8</a>
Contributors .......................................................<a href="#page-8">8</a>
Authors' Addresses .................................................<a href="#page-8">8</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Seamless Bidirectional Forwarding Detection (S-BFD) [<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>] defines
a generalized mechanism to allow network nodes to seamlessly perform
continuity checks to remote entities. This document defines
necessary procedures for using S-BFD in IPv4, IPv6, and MPLS
environments.
The reader is expected to be familiar with the IP [<a href="./rfc791" title=""Internet Protocol"">RFC791</a>] [<a href="./rfc2460" title=""Internet Protocol, Version 6 (IPv6) Specification"">RFC2460</a>],
BFD [<a href="./rfc5880" title=""Bidirectional Forwarding Detection (BFD)"">RFC5880</a>], MPLS BFD [<a href="./rfc5884" title=""Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)"">RFC5884</a>], and S-BFD [<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>] terms and
protocol constructs.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <a href="./rfc2119">RFC 2119</a> [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. S-BFD UDP Port</span>
A new UDP port is defined for use by S-BFD in IPv4, IPv6, and MPLS
environments: 7784.
In S-BFD Control packets from the SBFDInitiator to the SBFDReflector,
the SBFDReflector session MUST listen for incoming S-BFD Control
packets on port 7784. SBFDInitiator sessions MUST transmit S-BFD
Control packets with destination port 7784. The source port of the
S-BFD Control packets transmitted by SBFDInitiator sessions can be
any port, with one exception: it MUST NOT be 7784. The same UDP
<span class="grey">Pignataro, et al. Standards Track [Page 2]</span><span id="page-3" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
source port number MUST be used for all S-BFD Control packets
associated with a particular SBFDInitiator session. The source port
number is unique among all SBFDInitiator sessions on the system.
In S-BFD Control packets from the SBFDReflector to the SBFDInitiator,
the SBFDInitiator session MUST listen for reflected S-BFD Control
packets at its source port.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. S-BFD Echo UDP Port</span>
The BFD Echo port defined by [<a href="./rfc5881" title=""Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)"">RFC5881</a>], port 3785, is used for the
S-BFD Echo function in IPv4, IPv6, and MPLS environments.
SBFDInitiator sessions MUST transmit S-BFD Echo packets with
destination port 3785. The setting of the UDP source port [<a href="./rfc5881" title=""Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)"">RFC5881</a>]
and the procedures [<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>] for the S-BFD Echo function are outside
the scope of this document.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. S-BFD Control Packet Demultiplexing</span>
S-BFD Control packet demultiplexing follows the procedure specified
in <a href="./rfc7880#section-7.1">Section 7.1 of [RFC7880]</a>. A received S-BFD Control packet MUST be
demultiplexed with the destination UDP port field.
This procedure for an S-BFD packet is executed on both the initiator
and the reflector. If the port is 7784 (i.e., an S-BFD packet for
the SBFDReflector), then the packet MUST be looked up to locate a
corresponding SBFDReflector session based on the value from the
Your Discriminator field in the table describing S-BFD
Discriminators. If the port is not 7784 but the packet is
demultiplexed to be for an SBFDInitiator, then the packet MUST be
looked up to locate a corresponding SBFDInitiator session based on
the value from the Your Discriminator field in the table describing
BFD Discriminators. In that case, the destination IP address of the
packet SHOULD be validated to be for itself. If the packet
demultiplexes to a classical BFD session, then the procedures from
[<a href="./rfc5880" title=""Bidirectional Forwarding Detection (BFD)"">RFC5880</a>] apply.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Initiator Procedures</span>
S-BFD Control packets are transmitted with an IP header, UDP header,
and BFD Control packet ([<a href="./rfc5880" title=""Bidirectional Forwarding Detection (BFD)"">RFC5880</a>]). When S-BFD Control packets are
explicitly label switched (i.e., not IP routed and forwarded over a
Label Switched Path (LSP), but explicitly sent on a specific LSP),
the former is prepended with a label stack. Note that this document
does not make a distinction between a single-hop S-BFD scenario and a
multi-hop S-BFD scenario; both scenarios are supported.
<span class="grey">Pignataro, et al. Standards Track [Page 3]</span><span id="page-4" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
The necessary values in the BFD control headers are described in
[<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>]. <a href="#section-5.1">Section 5.1</a> describes necessary values in the MPLS
header, IP header, and UDP header when an SBFDInitiator on the
initiator is sending S-BFD Control packets.
<span class="h3"><a class="selflink" id="section-5.1" href="#section-5.1">5.1</a>. Details of S-BFD Control Packets Sent by SBFDInitiator</span>
o Specifications common to both IP-routed S-BFD Control packets and
explicitly label-switched S-BFD Control packets:
* The Source IP Address field of the IP header MUST be set to a
local IP address that is expected to be routable by the target
(i.e., not an IPv6 link-local address when the target is
multiple hops away).
* The UDP destination port MUST be set to a well-known UDP
destination port assigned for S-BFD, i.e., 7784.
* The UDP source port MUST NOT be set to 7784.
o Specifications for IP-routed S-BFD Control packets:
* The Destination IP Address field of the IP header MUST be set
to an IP address of the target.
* The TTL / Hop Limit field of the IP header SHOULD be set
to 255.
o Specifications for explicitly label-switched S-BFD Control
packets:
* S-BFD Control packets MUST have the label stack that is
expected to reach the target.
* The TTL field of the topmost label SHOULD be 255.
* The destination IP address MUST be chosen from the 127/8 range
for IPv4 and from the 0:0:0:0:0:ffff:7f00:0/104 range for IPv6,
as per [<a href="./rfc5884" title=""Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)"">RFC5884</a>].
* The TTL / Hop Limit field of the IP header MUST be set to 1.
<span class="h4"><a class="selflink" id="section-5.1.1" href="#section-5.1.1">5.1.1</a>. Target versus Remote Entity (S-BFD Discriminator)</span>
Typically, an S-BFD Control packet will have the Your Discriminator
field corresponding to an S-BFD Discriminator of the remote entity
located on the target network node defined by the destination IP
address or the label stack. It is, however, possible for an
<span class="grey">Pignataro, et al. Standards Track [Page 4]</span><span id="page-5" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
SBFDInitiator to carefully set the Your Discriminator and TTL fields
to perform a continuity test in the direction towards a target, but
destined to a transit network node and not to the target itself.
<a href="#section-5.1">Section 5.1</a> intentionally uses the word "target" instead of "remote
entity" to accommodate this possible S-BFD usage through TTL expiry.
This also requires that S-BFD Control packets not be dropped by the
responder node due to TTL expiry. Thus, implementations on the
responder MUST allow received S-BFD Control packets taking a TTL
expiry exception path to reach the corresponding SBFDReflector
session. This is an existing packet-processing exception practice
for Operations, Administration, and Maintenance (OAM) packets, where
the control plane further identifies the type of OAM by the protocol
and port numbers.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Responder Procedures</span>
S-BFD Control packets are IP routed back to the initiator and will
have an IP header, UDP header, and BFD control header. If an
SBFDReflector receives an S-BFD Control packet with a UDP source port
of 7784, the packet MUST be discarded. Necessary values in the BFD
control header are described in [<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>]. <a href="#section-6.1">Section 6.1</a> describes
necessary values in the IP header and UDP header when an
SBFDReflector on the responder is sending S-BFD Control packets.
<span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. Details of S-BFD Control Packets Sent by SBFDReflector</span>
o The Destination IP Address field of the IP header MUST be copied
from the Source IP Address field of the received S-BFD Control
packet.
o The Source IP Address field of the IP header MUST be set to a
local IP address that the initiator expects to be visible (i.e.,
not an IPv6 link-local address when the initiator is multiple hops
away). The source IP address SHOULD be copied from the
Destination IP Address field of the received S-BFD Control packet,
except when it is from the 127/8 range for IPv4 or from the
0:0:0:0:0:ffff:7f00:0/104 range for IPv6.
o The TTL / Hop Limit field of the IP header MUST be set to 255.
o The UDP destination port MUST be copied from the received UDP
source port.
o The UDP source port MUST be copied from the received UDP
destination port.
<span class="grey">Pignataro, et al. Standards Track [Page 5]</span><span id="page-6" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
Security considerations for S-BFD are discussed in [<a href="./rfc7880" title=""Seamless Bidirectional Forwarding Detection (S-BFD)"">RFC7880</a>].
Additionally, implementing the following measures will strengthen
security aspects of the mechanism described by this document:
o Implementations MUST provide filtering capability based on source
IP addresses of received S-BFD Control packets; see [<a href="./rfc2827" title=""Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"">RFC2827</a>].
o Implementations MUST NOT act on received S-BFD Control packets
containing source Martian IP addresses (i.e., addresses that, by
application of the current forwarding tables, would not have their
return traffic routed back to the sender).
o Implementations MUST ensure that response S-BFD Control packets
generated by the SBFDReflector and sent to the initiator have a
reachable target (e.g., destination IP address).
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. IANA Considerations</span>
A new port number value, 7784, was allocated from the "Service Name
and Transport Protocol Port Number Registry". The allocated registry
entry is:
Service Name (REQUIRED)
s-bfd
Transport Protocol(s) (REQUIRED)
udp
Assignee (REQUIRED)
IESG <iesg@ietf.org>
Contact (REQUIRED)
IETF Chair <chair@ietf.org>
Description (REQUIRED)
Seamless Bidirectional Forwarding Detection (S-BFD)
Reference (REQUIRED)
<a href="./rfc7881">RFC 7881</a>
Port Number (OPTIONAL)
7784
<span class="grey">Pignataro, et al. Standards Track [Page 6]</span><span id="page-7" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. References</span>
<span class="h3"><a class="selflink" id="section-9.1" href="#section-9.1">9.1</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>,
DOI 10.17487/RFC2119, March 1997,
<<a href="https://www.rfc-editor.org/info/rfc2119">http://www.rfc-editor.org/info/rfc2119</a>>.
[<a id="ref-RFC5880">RFC5880</a>] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", <a href="./rfc5880">RFC 5880</a>, DOI 10.17487/RFC5880, June 2010,
<<a href="https://www.rfc-editor.org/info/rfc5880">http://www.rfc-editor.org/info/rfc5880</a>>.
[<a id="ref-RFC5881">RFC5881</a>] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", <a href="./rfc5881">RFC 5881</a>,
DOI 10.17487/RFC5881, June 2010,
<<a href="https://www.rfc-editor.org/info/rfc5881">http://www.rfc-editor.org/info/rfc5881</a>>.
[<a id="ref-RFC7880">RFC7880</a>] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S.
Pallagatti, "Seamless Bidirectional Forwarding Detection
(S-BFD)", <a href="./rfc7880">RFC 7880</a>, DOI 10.17487/RFC7880, July 2016,
<<a href="https://www.rfc-editor.org/info/rfc7880">http://www.rfc-editor.org/info/rfc7880</a>>.
<span class="h3"><a class="selflink" id="section-9.2" href="#section-9.2">9.2</a>. Informative References</span>
[<a id="ref-RFC791">RFC791</a>] Postel, J., "Internet Protocol", STD 5, <a href="./rfc791">RFC 791</a>,
DOI 10.17487/RFC791, September 1981,
<<a href="https://www.rfc-editor.org/info/rfc791">http://www.rfc-editor.org/info/rfc791</a>>.
[<a id="ref-RFC2460">RFC2460</a>] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", <a href="./rfc2460">RFC 2460</a>, DOI 10.17487/RFC2460,
December 1998, <<a href="https://www.rfc-editor.org/info/rfc2460">http://www.rfc-editor.org/info/rfc2460</a>>.
[<a id="ref-RFC2827">RFC2827</a>] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", <a href="https://www.rfc-editor.org/bcp/bcp38">BCP 38</a>, <a href="./rfc2827">RFC 2827</a>, DOI 10.17487/RFC2827,
May 2000, <<a href="https://www.rfc-editor.org/info/rfc2827">http://www.rfc-editor.org/info/rfc2827</a>>.
[<a id="ref-RFC5884">RFC5884</a>] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", <a href="./rfc5884">RFC 5884</a>, DOI 10.17487/RFC5884,
June 2010, <<a href="https://www.rfc-editor.org/info/rfc5884">http://www.rfc-editor.org/info/rfc5884</a>>.
<span class="grey">Pignataro, et al. Standards Track [Page 7]</span><span id="page-8" ></span>
<span class="grey"><a href="./rfc7881">RFC 7881</a> Seamless BFD for IPv4, IPv6, and MPLS July 2016</span>
Acknowledgements
The authors would like to thank the BFD WG members for helping to
shape the contents of this document. In particular, significant
contributions were made by the following people: Marc Binderberger,
Jeffrey Haas, Santosh Pallagatti, Greg Mirsky, Sam Aldrin, Vengada
Prasad Govindan, Mallik Mudigonda, and Srihari Raghavan.
Contributors
The following are key contributors to this document:
Tarek Saad, Cisco Systems, Inc.
Siva Sivabalan, Cisco Systems, Inc.
Nagendra Kumar, Cisco Systems, Inc.
Authors' Addresses
Carlos Pignataro
Cisco Systems, Inc.
Email: [email protected]
Dave Ward
Cisco Systems, Inc.
Email: [email protected]
Nobo Akiya
Big Switch Networks
Email: [email protected]
Pignataro, et al. Standards Track [Page 8]
Annotations
Select text to annotate