Internet-Draft Unaffiliated BFD Echo August 2022
Cheng, et al. Expires 2 February 2023 [Page]
Workgroup:
BFD Working Group
Internet-Draft:
draft-ietf-bfd-unaffiliated-echo-05
Updates:
5880 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
W. Cheng
China Mobile
R. Wang
China Mobile
X. Min, Ed.
ZTE Corp.
R. Rahman
Individual
R. Boddireddy
Juniper Networks

Unaffiliated BFD Echo

Abstract

Bidirectional Forwarding Detection (BFD) is a fault detection protocol that can quickly determine a communication failure between two forwarding engines. This document proposes a use of the BFD Echo where the local system supports BFD but the neighboring system does not support BFD.

This document updates RFC 5880.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 February 2023.

Table of Contents

1. Introduction

To minimize the impact of device/link faults on services and improve network availability, a network device must be able to quickly detect faults in communication with adjacent devices. Measures can then be taken to promptly rectify the faults to ensure service continuity.

BFD [RFC5880] is a low-overhead, short-duration method to detect faults on the communication path between adjacent forwarding engines. The faults can be on interfaces, data link(s), and even the forwarding engines. It is a single, unified mechanism to monitor any media and protocol layers in real time.

BFD defines Asynchronous and Demand modes to satisfy various deployment scenarios. It also supports an Echo function to reduce the device requirement for BFD. When the Echo function is activated, the local system sends BFD Echo packets and the remote system loops back the received Echo packets through the forwarding path. If several consecutive BFD Echo packets are not received by the local system, then the BFD session is declared to be Down.

When using BFD Echo function, there are two typical scenarios as below:

The latter scenario is referred to as Unaffiliated BFD Echo in this document.

Section 6.2.2 of [BBF-TR-146] describes one use case of the Unaffiliated BFD Echo. Section 2 of [I-D.wang-bfd-one-arm-use-case] describes another use case of the Unaffiliated BFD Echo.

This document describes the use of the Unaffiliated BFD Echo over IPv4 and IPv6 for single IP hop.

1.1. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2. Updates to RFC 5880

The Unaffiliated BFD Echo described in this document reuses the BFD Echo function as described in [RFC5880] and [RFC5881], but does not require BFD Asynchronous or Demand mode. When using the Unaffiliated BFD Echo, only the local system has the BFD protocol enabled; the remote system just loops back the received BFD Echo packets as regular data packets.

This document updates [RFC5880] with respect to its descriptions on the BFD Echo function as follows.

The 4th paragraph of Section 3.2 of [RFC5880] is updated as below:

The 3rd and 9th paragraphs of Section 6.1 of [RFC5880] are updated as below:

The 2nd paragraph of Section 6.4 of [RFC5880] is updated as below:

The 2nd paragraph of Section 6.8 of [RFC5880] is updated as below:

The 7th paragraph of Section 6.8.3 of [RFC5880] is updated as below:

The 1st and 2nd paragraphs of Section 6.8.9 of [RFC5880] are updated as below:

3. Unaffiliated BFD Echo Procedures

Device A                                  Device B

BFD Enabled                               BFD Echo packets loopback
+--------+        BFD Echo session        +--------+
|   A    |--------------------------------|   B    |
|        |Interface 1          Interface 1|        |
+--------+                                +--------+
BFD is supported.               BFD is not supported.
Figure 1: Unaffiliated BFD Echo diagram

As shown in Figure 1, device A supports BFD, whereas device B does not support BFD. Device A would send BFD Echo packets, and after receiving the BFD Echo packets sent from device A, the one-hop-away BFD peer device B immediately loops them back by normal IP forwarding, this allows device A to rapidly detect a connectivity loss to device B. Note that device B would not intercept any received BFD Echo packet or parse any BFD protocol field within the BFD Echo packet.

To rapidly detect any IP forwarding faults between device A and device B, a BFD Echo session MUST be created at device A, and the BFD Echo session MUST follow the BFD state machine defined in Section 6.2 of [RFC5880], except that the received state is not sent but echoed from the remote system, and AdminDown state is ruled out because AdminDown effectively means removal of BFD Echo session. In this case, although BFD Echo packets are transmitted with destination UDP port 3785 as defined in [RFC5881], the BFD Echo packets sent by device A are BFD Control packets too, the looped BFD Echo packets back from device B would drive BFD state change at device A, substituting the BFD Control packets sent from the BFD peer. Also note that when device A receives looped BFD Control packets, the validation procedures of [RFC5880] are used.

Once a BFD Echo session is created at device A, it starts sending BFD Echo packets, which MUST include BFD Echo session demultiplexing fields, such as BFD "Your Discriminator" defined in [RFC5880] (BFD "My Discriminator" can be set to 0 to avoid confusion), except for BFD "Your Discriminator", device A can also use IP source address or UDP source port to demultiplex BFD Echo session, or there is only one BFD Echo session running at device A. Device A would send BFD Echo packets with IP destination address destined for itself, such as the IP address of interface 1 of device A. All BFD Echo packets for the session MUST be sent with a Time to Live (TTL) or Hop Limit value of 255.

Within the BFD Echo packet, the "Desired Min TX Interval" and "Required Min RX Interval" defined in [RFC5880] may be populated with one second, which however has no real application and would be ignored by the receiver.

Considering that the BFD peer device B wouldn't advertise "Required Min Echo RX Interval" as defined in [RFC5880], the transmission interval for sending BFD Echo packets MUST be provisioned at device A, how to make sure the BFD peer device B is willing and able to loop back BFD Echo packets sent with the provisioned transmission interval is outside the scope of this document. Similar to what's specified in [RFC5880], the BFD Echo session begins with the periodic, slow transmission of BFD Echo packets, the slow transmission rate SHOULD be no less then one second per packet, until the session is Up, after that the provisioned transmission interval is applied, and reverting back to the slow rate once the session goes Down. Considering that the BFD peer wouldn't advertise "Detect Mult" as defined in [RFC5880], the "Detect Mult" for calculating the Detection Time MUST be provisioned at device A, the Detection Time at device A is equal to the provisioned "Detect Mult" multiplied by the provisioned transmission interval.

4. Unaffiliated BFD Echo Applicability

Some devices that would benefit from the use of BFD may be unable to support the full BFD protocol. Examples of such devices include servers running virtual machines, or Internet of Things (IoT) devices. The Unaffiliated BFD Echo can be used when two devices are connected and only one of them supports the BFD protocol, and the other is capable of looping BFD Echo packets.

5. Security Considerations

All Security Considerations from [RFC5880] and [RFC5881] apply.

Note that the Unaffiliated BFD Echo prevents the use of Unicast Reverse Path Forwarding (URPF) [RFC3704] [RFC8704] in strict mode.

As specified in Section 5 of [RFC5880], since BFD Echo packets may be spoofed, some form of authentication SHOULD be included. Considering the BFD Echo packets in this document are also BFD Control packets, the "Authentication Section" as defined in [RFC5880] for BFD Control packet is RECOMMENDED to be included within the BFD Echo packet.

In order to mitigate the potential reflector attack by the remote attackers, or infinite loop of the BFD Echo packets, it's RECOMMENDED to put two requirements on the device looping BFD Echo packets, the first one is that a packet SHOULD NOT be looped unless it has a TTL or Hop Limit value of 255, and the second one is that a packet being looped MUST NOT reset the TTL or Hop Limit value to 255, and MUST use a TTL or Hop Limit value of 254.

6. IANA Considerations

This document has no IANA action requested.

7. Acknowledgements

The authors would like to acknowledge Ketan Talaulikar, Greg Mirsky and Santosh Pallagatti for their careful review and very helpful comments.

The authors would like to acknowledge Jeff Haas for his insightful review and very helpful comments.

8. Contributors

Liu Aihua
ZTE
Email: liu.aihua@zte.com.cn

Qian Xin
ZTE
Email: qian.xin2@zte.com.cn

Zhao Yanhua
ZTE
Email: zhao.yanhua3@zte.com.cn

9. References

9.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", DOI 10.17487/RFC2119, BCP 14, RFC 2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5880]
Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10.17487/RFC5880, , <https://www.rfc-editor.org/info/rfc5880>.
[RFC5881]
Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, DOI 10.17487/RFC5881, , <https://www.rfc-editor.org/info/rfc5881>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", DOI 10.17487/RFC8174, RFC 8174, BCP 14, , <https://www.rfc-editor.org/info/rfc8174>.

9.2. Informative References

[BBF-TR-146]
Broadband Forum, "BBF Technical Report - Subscriber Sessions Issue 1", , <https://www.broadband-forum.org/technical/download/TR-146.pdf>.
[I-D.wang-bfd-one-arm-use-case]
Wang, R., Cheng, W., Zhao, Y., and A. Liu, "Using One-Arm BFD in Cloud Network", Work in Progress, Internet-Draft, draft-wang-bfd-one-arm-use-case-00, , <https://www.ietf.org/archive/id/draft-wang-bfd-one-arm-use-case-00.txt>.
[RFC3704]
Baker, F. and P. Savola, "Ingress Filtering for Multihomed Networks", BCP 84, RFC 3704, DOI 10.17487/RFC3704, , <https://www.rfc-editor.org/info/rfc3704>.
[RFC8704]
Sriram, K., Montgomery, D., and J. Haas, "Enhanced Feasible-Path Unicast Reverse Path Forwarding", BCP 84, RFC 8704, DOI 10.17487/RFC8704, , <https://www.rfc-editor.org/info/rfc8704>.

Authors' Addresses

Weiqiang Cheng
China Mobile
Beijing
China
Ruixue Wang
China Mobile
Beijing
China
Xiao Min (editor)
ZTE Corp.
Nanjing
China
Reshad Rahman
Individual
Kanata
Canada
Raj Chetan Boddireddy
Juniper Networks