| draft-ietf-bfd-multihop-01.txt | draft-ietf-bfd-multihop-02.txt | |||
|---|---|---|---|---|
| Network Working Group D. Katz | Network Working Group D. Katz | |||
| Internet Draft Juniper Networks | Internet Draft Juniper Networks | |||
| D. Ward | D. Ward | |||
| Cisco Systems | Cisco Systems | |||
| Expires: August, 2005 February, 2005 | Expires: September, 2005 March, 2005 | |||
| BFD for Multihop Paths | BFD for Multihop Paths | |||
| draft-ietf-bfd-multihop-01.txt | draft-ietf-bfd-multihop-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, I certify that any applicable | By submitting this Internet-Draft, I certify that any applicable | |||
| patent or other IPR claims of which I am aware have been disclosed, | patent or other IPR claims of which I am aware have been disclosed, | |||
| or will be disclosed, and any of which I become aware will be | or will be disclosed, and any of which I become aware will be | |||
| disclosed, in accordance with RFC 3668. | disclosed, in accordance with RFC 3668. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 37 | skipping to change at page 1, line 37 | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/1id-abstracts.html | http://www.ietf.org/1id-abstracts.html | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Copyright (C) The Internet Society (2005). All Rights Reserved. | |||
| Abstract | Abstract | |||
| This document describes the use of the Bidirectional Forwarding | This document describes the use of the Bidirectional Forwarding | |||
| Detection protocol (BFD) over multihop paths, including | Detection protocol (BFD) over multihop paths, including | |||
| unidirectional links. | unidirectional links. | |||
| Conventions used in this document | Conventions used in this document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| skipping to change at page 2, line 33 | skipping to change at page 2, line 33 | |||
| BFD can also be useful on arbitrary paths between systems, which may | BFD can also be useful on arbitrary paths between systems, which may | |||
| span multiple network hops and follow unpredictable paths. | span multiple network hops and follow unpredictable paths. | |||
| Furthermore, a pair of systems may have multiple paths between them | Furthermore, a pair of systems may have multiple paths between them | |||
| that may overlap. This document describes methods for using BFD in | that may overlap. This document describes methods for using BFD in | |||
| such scenarios. | such scenarios. | |||
| 2. Issues | 2. Issues | |||
| There are two primary issues in the use of BFD for multihop paths. | There are two primary issues in the use of BFD for multihop paths. | |||
| The first is security and spoofing; the one-hop spec describes a | The first is security and spoofing; [BFD-1HOP] describes a | |||
| lightweight method of avoiding spoofing by requiring a TTL/hop limit | lightweight method of avoiding spoofing by requiring a TTL/hop limit | |||
| of 255 on both transmit and receive, but this obviously does not work | of 255 on both transmit and receive, but this obviously does not work | |||
| across multiple hops. The utilization of BFD authentication | across multiple hops. The utilization of BFD authentication | |||
| addresses this issue. | addresses this issue. | |||
| The more subtle issue is that of demultiplexing multiple BFD sessions | The more subtle issue is that of demultiplexing multiple BFD sessions | |||
| between the same pair of systems to the proper BFD session. In | between the same pair of systems to the proper BFD session. In | |||
| particular, the first BFD packet received for a session may carry a | particular, the first BFD packet received for a session may carry a | |||
| Your Discriminator value of zero, resulting in ambiguity as to which | Your Discriminator value of zero, resulting in ambiguity as to which | |||
| session the packet should be associated. Once the discriminator | session the packet should be associated. Once the discriminator | |||
| values have been exchanged, all further packets are demultiplexed to | values have been exchanged, all further packets are demultiplexed to | |||
| the proper BFD session solely by the contents of the Your | the proper BFD session solely by the contents of the Your | |||
| Discriminator field. | Discriminator field. | |||
| The one-hop specification addresses this by requiring that multiple | [BFD-1HOP] addresses this by requiring that multiple sessions | |||
| sessions traverse independent physical or logical links--the first | traverse independent physical or logical links--the first packet is | |||
| packet is demultiplexed based on the link over which it was received. | demultiplexed based on the link over which it was received. In the | |||
| In the more general case, this scheme cannot work, as two paths over | more general case, this scheme cannot work, as two paths over which | |||
| which BFD is running may overlap to an arbitrary degree (including | BFD is running may overlap to an arbitrary degree (including the | |||
| the first and/or last hop.) | first and/or last hop.) | |||
| 3. Demultiplexing Packets | 3. Demultiplexing Packets | |||
| There are a number of possibilities for addressing the demultiplexing | There are a number of possibilities for addressing the demultiplexing | |||
| issue which may be used, depending on the application. | issue which may be used, depending on the application. | |||
| 3.1. Totally Arbitrary Paths | 3.1. Totally Arbitrary Paths | |||
| It may be desired to use BFD for liveness detection over paths for | It may be desired to use BFD for liveness detection over paths for | |||
| which no part of the route is known (or if known, may not be stable.) | which no part of the route is known (or if known, may not be stable.) | |||
| skipping to change at page 5, line 8 | skipping to change at page 5, line 8 | |||
| 4. Authentication | 4. Authentication | |||
| By their nature, multihop paths expose BFD to spoofing. | By their nature, multihop paths expose BFD to spoofing. | |||
| Implementations of BFD SHOULD utilize authentication over multihop | Implementations of BFD SHOULD utilize authentication over multihop | |||
| paths to help mitigate denial-of-service attacks. | paths to help mitigate denial-of-service attacks. | |||
| Normative References | Normative References | |||
| [BFD] Katz, D., and Ward, D., "Bidirectional Forwarding Detection", | [BFD] Katz, D., and Ward, D., "Bidirectional Forwarding Detection", | |||
| draft-ietf-bfd-base-01.txt, February, 2005. | draft-ietf-bfd-base-02.txt, March, 2005. | |||
| [BFD-1HOP] Katz, D., and Ward, D., "BFD for IPv4 and IPv6 (Single | [BFD-1HOP] Katz, D., and Ward, D., "BFD for IPv4 and IPv6 (Single | |||
| Hop)", draft-ietf-bfd-v4v6-1hop-01.txt, February, 2005. | Hop)", draft-ietf-bfd-v4v6-1hop-02.txt, March, 2005. | |||
| [BFD-MPLS] Aggarwal, R., and Kompella, K., "BFD for MPLS LSPs", | [BFD-MPLS] Aggarwal, R., and Kompella, K., "BFD for MPLS LSPs", | |||
| draft-ietf-bfd-mpls-01.txt, February, 2005. | draft-ietf-bfd-mpls-01.txt, February, 2005. | |||
| [GTSM] Gill, V., et al, "The Generalized TTL Security Mechanism | ||||
| (GTSM)", RFC 3682, February 2004. | ||||
| [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate | [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC 2119, March 1997. | Requirement Levels", RFC 2119, March 1997. | |||
| [OSPFv2] Moy, J., "OSPF Version 2", RFC 2328, April 1998. | [OSPFv2] Moy, J., "OSPF Version 2", RFC 2328, April 1998. | |||
| [OSPFv3] Coltun, R., et al, "OSPF for IPv6", RFC 2740, December 1999. | [OSPFv3] Coltun, R., et al, "OSPF for IPv6", RFC 2740, December 1999. | |||
| Security Considerations | Security Considerations | |||
| No additional security issues are raised in this document beyond | No additional security issues are raised in this document beyond | |||
| skipping to change at page 6, line 7 | skipping to change at page 6, line 7 | |||
| Dave Ward | Dave Ward | |||
| Cisco Systems | Cisco Systems | |||
| 170 W. Tasman Dr. | 170 W. Tasman Dr. | |||
| San Jose, CA 95134 USA | San Jose, CA 95134 USA | |||
| Phone: +1-408-526-4000 | Phone: +1-408-526-4000 | |||
| Email: dward@cisco.com | Email: dward@cisco.com | |||
| Changes from the previous draft | Changes from the previous draft | |||
| No changes were made other than updating references and boilerplate | No changes were made other than updating references. | |||
| language. | ||||
| Full Copyright Notice | Full Copyright Notice | |||
| Copyright (C) The Internet Society (2004). This document is subject | Copyright (C) The Internet Society (2005). This document is subject | |||
| to the rights, licenses and restrictions contained in BCP 78, and | to the rights, licenses and restrictions contained in BCP 78, and | |||
| except as set forth therein, the authors retain all their rights. | except as set forth therein, the authors retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Acknowledgement | Acknowledgement | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| This document expires in August, 2005. | This document expires in September, 2005. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||