| draft-ietf-bfd-v4v6-1hop-07.txt | draft-ietf-bfd-v4v6-1hop-08.txt | |||
|---|---|---|---|---|
| Network Working Group D. Katz | Network Working Group D. Katz | |||
| Internet Draft Juniper Networks | Internet Draft Juniper Networks | |||
| D. Ward | D. Ward | |||
| Cisco Systems | Cisco Systems | |||
| Expires: July, 2008 January, 2008 | Expires: September, 2008 March, 2008 | |||
| BFD for IPv4 and IPv6 (Single Hop) | BFD for IPv4 and IPv6 (Single Hop) | |||
| draft-ietf-bfd-v4v6-1hop-07.txt | draft-ietf-bfd-v4v6-1hop-08.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 2, line 26 | skipping to change at page 2, line 26 | |||
| to monitor router-host connectivity, among other applications. | to monitor router-host connectivity, among other applications. | |||
| This document describes the particulars necessary to use BFD in this | This document describes the particulars necessary to use BFD in this | |||
| environment. Interactions between BFD and other protocols and system | environment. Interactions between BFD and other protocols and system | |||
| functions are described in the BFD Generic Applications document | functions are described in the BFD Generic Applications document | |||
| [BFD-GENERIC]. | [BFD-GENERIC]. | |||
| 2. Applications and Limitations | 2. Applications and Limitations | |||
| This application of BFD can be used by any pair of systems | This application of BFD can be used by any pair of systems | |||
| communicating via IPv4 and/or IPv6 across a single IP hop that can be | communicating via IPv4 and/or IPv6 across a single IP hop that is | |||
| associated with an incoming interface. This includes, but is not | associated with an incoming interface. This includes, but is not | |||
| limited to, physical media, virtual circuits, and tunnels. | limited to, physical media, virtual circuits, and tunnels. | |||
| Each BFD session between a pair of systems MUST traverse a separate | Each BFD session between a pair of systems MUST traverse a separate | |||
| path in both directions. | path in both directions. | |||
| If BFD is to be used in conjunction with both IPv4 and IPv6 on a | If BFD is to be used in conjunction with both IPv4 and IPv6 on a | |||
| particular link, a separate BFD session MUST be established for each | particular link, a separate BFD session MUST be established for each | |||
| protocol (and thus encapsulated by that protocol) over that link. | protocol (and thus encapsulated by that protocol) over that link. | |||
| skipping to change at page 3, line 40 | skipping to change at page 3, line 40 | |||
| demultiplexing incoming BFD Control packets, but ultimately the | demultiplexing incoming BFD Control packets, but ultimately the | |||
| mechanisms in [BFD] MUST be used to demultiplex incoming packets to | mechanisms in [BFD] MUST be used to demultiplex incoming packets to | |||
| the proper session. | the proper session. | |||
| BFD Echo packets MUST be transmitted in UDP packets with destination | BFD Echo packets MUST be transmitted in UDP packets with destination | |||
| UDP port 3785 in an IPv4 packet. The setting of the UDP source port | UDP port 3785 in an IPv4 packet. The setting of the UDP source port | |||
| is outside the scope of this specification. The destination address | is outside the scope of this specification. The destination address | |||
| MUST be chosen in such a way as to cause the remote system to forward | MUST be chosen in such a way as to cause the remote system to forward | |||
| the packet back to the local system. The source address MUST be | the packet back to the local system. The source address MUST be | |||
| chosen in such a way as to preclude the remote system from generating | chosen in such a way as to preclude the remote system from generating | |||
| ICMP Redirect messages. In particular, the source address MUST NOT | ICMP Redirect messages. In particular, the source address SHOULD NOT | |||
| be part of the subnet bound to the interface over which the BFD Echo | be part of the subnet bound to the interface over which the BFD Echo | |||
| packet is being transmitted. | packet is being transmitted, unless it is known by other means that | |||
| the remote system will not send Redirects. | ||||
| 4.2. BFD for IPv6 | 4.2. BFD for IPv6 | |||
| In the case of IPv6, BFD Control packets MUST be transmitted in UDP | In the case of IPv6, BFD Control packets MUST be transmitted in UDP | |||
| packets with destination port 3784, within an IPv6 packet. The | packets with destination port 3784, within an IPv6 packet. The | |||
| source port MUST be in the range 49152 through 65535. The same UDP | source port MUST be in the range 49152 through 65535. The same UDP | |||
| source port number MUST be used for all BFD Control packets | source port number MUST be used for all BFD Control packets | |||
| associated with a particular session. The source port number SHOULD | associated with a particular session. The source port number SHOULD | |||
| be unique among all BFD sessions on the system. If more than 16384 | be unique among all BFD sessions on the system. If more than 16384 | |||
| BFD sessions are simultaneously active, UDP source port numbers MAY | BFD sessions are simultaneously active, UDP source port numbers MAY | |||
| skipping to change at page 4, line 21 | skipping to change at page 4, line 28 | |||
| mechanisms in [BFD] MUST be used to demultiplex incoming packets to | mechanisms in [BFD] MUST be used to demultiplex incoming packets to | |||
| the proper session. | the proper session. | |||
| BFD Echo packets MUST be transmitted in UDP packets with destination | BFD Echo packets MUST be transmitted in UDP packets with destination | |||
| UDP port 3785 in an IPv6 packet. The setting of the UDP source port | UDP port 3785 in an IPv6 packet. The setting of the UDP source port | |||
| is outside the scope of this specification. The source and | is outside the scope of this specification. The source and | |||
| destination addresses MUST both be associated with the local system. | destination addresses MUST both be associated with the local system. | |||
| The destination address MUST be chosen in such a way as to cause the | The destination address MUST be chosen in such a way as to cause the | |||
| remote system to forward the packet back to the local system. | remote system to forward the packet back to the local system. | |||
| 5. TTL/Hop Count Issues | 5. TTL/Hop Limit Issues | |||
| If BFD authentication is not in use on a session, all BFD Control | If BFD authentication is not in use on a session, all BFD Control | |||
| packets for the session MUST be sent with a TTL or Hop Count value of | packets for the session MUST be sent with a TTL or Hop Limit value of | |||
| 255. All received BFD Control packets that are demultiplexed to the | 255. All received BFD Control packets that are demultiplexed to the | |||
| session MUST be discarded if the received TTL or Hop Count is not | session MUST be discarded if the received TTL or Hop Limit is not | |||
| equal to 255. A discussion of this mechanism can be found in [GTSM]. | equal to 255. A discussion of this mechanism can be found in [GTSM]. | |||
| If BFD authentication is in use on a session, all BFD Control packets | If BFD authentication is in use on a session, all BFD Control packets | |||
| MUST be sent with a TTL or Hop Count value of 255. All received BFD | MUST be sent with a TTL or Hop Limit value of 255. All received BFD | |||
| Control packets that are demultiplexed the session MAY be discarded | Control packets that are demultiplexed the session MAY be discarded | |||
| if the received TTL or Hop Count is not equal to 255. | if the received TTL or Hop Limit is not equal to 255. | |||
| In the context of this section, "authentication in use" means that | In the context of this section, "authentication in use" means that | |||
| the system is sending BFD control packets with the Authentication bit | the system is sending BFD control packets with the Authentication bit | |||
| set and with the Authentication Section included, and that all | set and with the Authentication Section included, and that all | |||
| unauthenticated packets demultiplexed to the session are discarded, | unauthenticated packets demultiplexed to the session are discarded, | |||
| per the BFD base specification. | per the BFD base specification. | |||
| 6. Addressing Issues | 6. Addressing Issues | |||
| On a subnetted network, BFD Control packets MUST be transmitted with | Implementations MUST ensure that all BFD Control packets are | |||
| source and destination addresses that are part of the subnet | transmitted over the one-hop path being protected by BFD. | |||
| (addressed from and to interfaces on the subnet.) | ||||
| On an addressed but unsubnetted point-to-point link, BFD Control | On a multiaccess network, BFD Control packets MUST be transmitted | |||
| packets MUST be transmitted with source and destination addresses | with source and destination addresses that are part of the subnet | |||
| that match the addresses configured on that link. | (addressed from and to interfaces on the subnet.) | |||
| On an unnumbered point-to-point link, the source address of a BFD | On a point-to-point link, the source address of a BFD Control packet | |||
| Control packet MUST NOT be used to identify the session. This means | MUST NOT be used to identify the session. This means that the | |||
| that the initial BFD packet MUST be accepted with any source address, | initial BFD packet MUST be accepted with any source address, and that | |||
| and that subsequent BFD packets MUST be demultiplexed solely by the | subsequent BFD packets MUST be demultiplexed solely by the Your | |||
| My Discriminator field (as is always the case.) This allows the | Discriminator field (as is always the case.) This allows the source | |||
| source address to change if necessary. If the received source | address to change if necessary. If the received source address | |||
| address changes, the local system MUST NOT use that address as the | changes, the local system MUST NOT use that address as the | |||
| destination in outgoing BFD Control packets; rather it MUST continue | destination in outgoing BFD Control packets; rather it MUST continue | |||
| to use the address configured at session creation. An implementation | to use the address configured at session creation. An implementation | |||
| MAY notify the application that the neighbor's source address has | MAY notify the application that the neighbor's source address has | |||
| changed, so that the application might choose to change the | changed, so that the application might choose to change the | |||
| destination address or take some other action. Note that the TTL/Hop | destination address or take some other action. Note that the TTL/Hop | |||
| Count check described in section 5 (or the use of authentication) | Limit check described in section 5 (or the use of authentication) | |||
| precludes the BFD packets from having come from any source other than | precludes the BFD packets from having come from any source other than | |||
| the immediate neighbor. | the immediate neighbor. | |||
| 7. BFD for use with Tunnels | 7. BFD for use with Tunnels | |||
| A number of mechanisms are available to tunnel IPv4 and IPv6 over | A number of mechanisms are available to tunnel IPv4 and IPv6 over | |||
| arbitrary topologies. If the tunnel mechanism does not decrement the | arbitrary topologies. If the tunnel mechanism does not decrement the | |||
| TTL or hop count of the network protocol carried within, the | TTL or Hop Limit of the network protocol carried within, the | |||
| mechanism described in this document may be used to provide liveness | mechanism described in this document may be used to provide liveness | |||
| detection for the tunnel. The BFD Authentication mechanism SHOULD be | detection for the tunnel. The BFD Authentication mechanism SHOULD be | |||
| used and is strongly encouraged. | used and is strongly encouraged. | |||
| Normative References | Normative References | |||
| [BFD] Katz, D., and Ward, D., "Bidirectional Forwarding Detection", | [BFD] Katz, D., and Ward, D., "Bidirectional Forwarding Detection", | |||
| draft-ietf-bfd-base-07.txt, January, 2008. | draft-ietf-bfd-base-07.txt, January, 2008. | |||
| [BFD-GENERIC] Katz, D., and Ward, D., "Generic Application of BFD", | [BFD-GENERIC] Katz, D., and Ward, D., "Generic Application of BFD", | |||
| draft-ietf-bfd-generic-04.txt, January, 2008. | draft-ietf-bfd-generic-04.txt, January, 2008. | |||
| [GTSM] Gill, V., et al, "The Generalized TTL Security Mechanism | [GTSM] Gill, V., et al, "The Generalized TTL Security Mechanism | |||
| (GTSM)", RFC 5082, October, 2007. | (GTSM)", RFC 5082, October, 2007. | |||
| [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate | [KEYWORD] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC 2119, March 1997. | Requirement Levels", RFC 2119, March 1997. | |||
| Security Considerations | Security Considerations | |||
| In this application, the use of TTL=255 on transmit and receive is | In this application, the use of TTL=255 on transmit and receive, | |||
| viewed as supplying equivalent security characteristics to other | coupled with an association to an incoming interface, is viewed as | |||
| protocols used in the infrastructure, as it is not trivially | supplying equivalent security characteristics to other protocols used | |||
| spoofable. The security implications of this mechanism are further | in the infrastructure, as it is not trivially spoofable. The | |||
| discussed in [GTSM]. | security implications of this mechanism are further discussed in | |||
| [GTSM]. | ||||
| The security implications of the use of BFD Authentication are | The security implications of the use of BFD Authentication are | |||
| discussed in [BFD]. | discussed in [BFD]. | |||
| The use of the TTL=255 check simultaneously with BFD Authentication | The use of the TTL=255 check simultaneously with BFD Authentication | |||
| provides a low overhead mechanism for discarding a class of | provides a low overhead mechanism for discarding a class of | |||
| unauthorized packets and may be useful in implementations in which | unauthorized packets and may be useful in implementations in which | |||
| cryptographic checksum use is susceptable to denial of service | cryptographic checksum use is susceptable to denial of service | |||
| attacks. The use or non-use of this mechanism does not impact | attacks. The use or non-use of this mechanism does not impact | |||
| interoperability. | interoperability. | |||
| skipping to change at page 7, line 23 | skipping to change at page 7, line 27 | |||
| Dave Ward | Dave Ward | |||
| Cisco Systems | Cisco Systems | |||
| 170 W. Tasman Dr. | 170 W. Tasman Dr. | |||
| San Jose, CA 95134 USA | San Jose, CA 95134 USA | |||
| Phone: +1-408-526-4000 | Phone: +1-408-526-4000 | |||
| Email: dward@cisco.com | Email: dward@cisco.com | |||
| Changes from the previous draft | Changes from the previous draft | |||
| This is a reissue of the previous version. There are only minor | Section 6 was changed to lump all point-to-point link types together. | |||
| editorial changes. | Otherwise, only minor editorial changes were made. | |||
| IPR Disclaimer | IPR Disclaimer | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
| made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
| on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
| skipping to change at page 8, line 26 | skipping to change at page 8, line 32 | |||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
| THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Acknowledgement | Acknowledgement | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| This document expires in July, 2008. | This document expires in September, 2008. | |||
| End of changes. 18 change blocks. | ||||
| 32 lines changed or deleted | 33 lines changed or added | |||
This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||