]> Bidirectional Forwarding Detection (BFD) Reverse Path for MPLS Label Switched Paths (LSPs) Ericsson
gregimirsky@gmail.com
NVIDIA
jefftant.ietf@gmail.com
Google
imv@google.com
Huawei
mach.chen@huawei.com
RTG mpls LSP Ping BFD Bidirectional Forwarding Detection (BFD) is expected to be able to monitor a wide variety of encapsulations of paths between systems. When a BFD session monitors an explicitly routed unidirectional path, there may be a need to direct the egress BFD peer to use a specific path for the reverse direction of the BFD session. This document describes an extension to the MPLS Label Switched Path (LSP) echo request that allows a BFD system to request that the remote BFD peer transmit BFD control packets over the specified LSP.
Introduction , , and established the Bidirectional Forwarding Detection (BFD) protocol for IP networks. and set rules for using BFD Asynchronous mode over MPLS Label Switched Paths (LSPs), while not defining means to control the path that an egress BFD system uses to send BFD control packets towards the ingress BFD system. When BFD is used to detect defects of the traffic-engineered LSP, the path of the BFD control packets transmitted by the egress BFD system toward the ingress may be disjoint from the monitored LSP in the forward direction. The fact that BFD control packets are not guaranteed to follow the same links and nodes in both forward and reverse directions may be one of the factors contributing to false positive defect notifications (i.e., false alarms) at the ingress BFD peer. Ensuring that both directions of the BFD session use co-routed paths may, in some environments, improve the determinism of the failure detection and localization. This document defines the BFD Reverse Path TLV as an extension to LSP ping and proposes that it be used to instruct the egress BFD system to use an explicit path for its BFD control packets associated with a particular BFD session. IANA has registered this TLV in the "TLVs" registry defined by (see ). As a special case, forward and reverse directions of the BFD session can form a bidirectional co-routed associated channel. The LSP ping extension described in this document was developed and implemented as a result of an operational experiment. The lessons learned from the operational experiment enabled the use of this extension between systems conforming to this specification. Further implementation is encouraged to better understand the operational impact of the mechanism described in the document.
Conventions Used in This document
Terminology
BFD:
Bidirectional Forwarding Detection
FEC:
Forwarding Equivalence Class
LSP:
Label Switched Path
LSR:
Label Switching Router
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Problem Statement When BFD is used to monitor an explicitly routed unidirectional path (e.g., MPLS-TE LSP), BFD control packets in the forward direction would be in-band using the mechanism defined in . However, the reverse direction of the BFD session would follow the shortest path route, which could be completely or partially disjoint from the forward path. This creates the potential for the failure of a disjoint resource on the reverse path to trigger a BFD failure detection, even though the forward path is unaffected. If the reverse path is congruent with the forward path, the potential for such false positives is greatly reduced. For this purpose, this specification provides a means for the egress BFD peer to be instructed to use a specific path for BFD control packets.
Control of the BFD Reverse Path To bootstrap a BFD session over an MPLS LSP, LSP ping MUST be used with the BFD Discriminator TLV . This document defines a new TLV, the BFD Reverse Path TLV, that can be used to carry information about the reverse path for the BFD session that is specified by the value in the BFD Discriminator TLV. The BFD Reverse Path TLV MAY contain zero or more sub-TLVs.
BFD Reverse Path TLV The BFD Reverse Path TLV is an optional TLV within the LSP ping . However, if used, the BFD Discriminator TLV MUST be included in an echo request message as well. If the BFD Discriminator TLV is not present when the BFD Reverse Path TLV is included, then it MUST be treated as a malformed echo request, as described in . The BFD Reverse Path TLV carries information about the path onto which the egress BFD peer of the BFD session referenced by the BFD Discriminator TLV MUST transmit BFD control packets. The format of the BFD Reverse Path TLV is presented in .
BFD Reverse Path TLV
BFD Reverse Path TLV Type:
This two-octet field has a value of 16384 (see ).
Length:
This two-octet field defines the length in octets of the Reverse Path field.
Reverse Path:
This field contains zero or more sub-TLVs. Only non-multicast Target FEC Stack sub-TLVs (already defined or to be defined in the future) for TLV Types 1, 16, and 21 in the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters" registry are permitted to be used in this field. Other sub-TLVs MUST NOT be used. (This implies that multicast Target FEC Stack sub-TLVs, e.g., the Multicast P2MP LDP FEC Stack sub-TLV and the Multicast MP2MP LDP FEC Stack sub-TLV, are not permitted in the Reverse Path field.)
If the egress LSR finds a multicast Target FEC Stack sub-TLV, it MUST send an echo reply with the received BFD Reverse Path TLV and BFD Discriminator TLV and set the Return Code to 192 ("Inappropriate Target FEC Stack sub-TLV present") (see ). The BFD Reverse Path TLV includes zero or more sub-TLVs. However, the number of sub-TLVs in the Reverse Path field MUST be limited. The default limit is 128 sub-TLV entries, but an implementation MAY be able to control that limit. An empty BFD Reverse Path TLV (i.e., a BFD Reverse Path TLV with no sub-TLVs) is used to withdraw any previously set reverse path for the BFD session identified in the BFD Discriminator TLV. If no sub-TLVs are found in the BFD Reverse Path TLV, the egress BFD peer MUST revert to using the decision based on local policy, i.e., routing over an IP network, as described in . If the egress peer LSR cannot find the path specified in the BFD Reverse Path TLV, it MUST send an echo reply with the received BFD Discriminator TLV and BFD Reverse Path TLV and set the Return Code to 193 ("Failed to establish the BFD session. The specified reverse path was not found.") (see ). If an implementation provides additional configuration options, these can control actions at the egress BFD peer, including when the path specified in the BFD Reverse Path TLV cannot be found. For example, if the egress peer LSR cannot find the path specified in the BFD Reverse Path TLV, it MAY establish the BFD session over an IP network, as defined in . Note that the Return Code required by the "MUST" clause in this paragraph does not preclude the session from being established over a different path as discussed in the "MAY" clause. The BFD Reverse Path TLV MAY be used in the process of bootstrapping the BFD session as described in . A system that supports this specification MUST support using the BFD Reverse Path TLV after the BFD session has been established. If a system that supports this specification receives an LSP ping with the BFD Discriminator TLV and no BFD Reverse Path TLV even though the reverse path for the specified BFD session was established according to the previously received BFD Reverse Path TLV, the egress BFD peer MUST transition to transmitting periodic BFD Control messages as described in . If a BFD system that received an LSP ping with the BFD Reverse Path TLV does not support this specification, it will result in an echo response with the Return Code set to 2 ("One or more of the TLVs was not understood"), as described in .
Return Codes This document defines the following Return Codes for the MPLS LSP echo reply:
"Inappropriate Target FEC Stack sub-TLV present" (192):
When a multicast Target FEC Stack sub-TLV is found in the received echo request, the egress BFD peer sends an echo reply with the Return Code set to 192 ("Inappropriate Target FEC Stack sub-TLV present") to the ingress BFD peer, as described in .
"Failed to establish the BFD session. The specified reverse path was not found." (193):
When a specified reverse path is unavailable, the egress BFD peer sends an echo reply with the Return Code set to 193 ("Failed to establish the BFD session. The specified reverse path was not found.") to the ingress BFD peer, as described in .
Failure Characterization A failure detected by a BFD session that uses the BFD Reverse Path TLV could be due to a change in the FEC used in the BFD Reverse Path TLV. Upon detection of the network failure, the ingress BFD peer MUST transmit the LSP ping echo request with the Reply Path TLV to verify whether the FEC is still valid. If the failure was caused by a change in the FEC used for the reverse direction of the BFD session, the ingress BFD peer MUST redirect the reverse path of the BFD session using another FEC in the BFD Reverse Path TLV and notify an operator.
Use Case Scenario In the network presented in , ingress LSR peer A monitors two tunnels to egress LSR peer H: A-B-C-D-G-H and A-B-E-F-G-H. To bootstrap a BFD session to monitor the first tunnel, ingress LSR peer A includes a BFD Discriminator TLV with a Discriminator value (e.g., foobar-1) . Ingress LSR peer A includes a BFD Reverse Path TLV referencing the H-G-D-C-B-A tunnel to control the path from the egress LSR. To bootstrap a BFD session to monitor the second tunnel, ingress LSR peer A includes a BFD Discriminator TLV with a different Discriminator value (e.g., foobar-2) and a BFD Reverse Path TLV that references the H-G-F-E-B-A tunnel.
Use Case for BFD Reverse Path TLV
If an operator needs egress LSR peer H to monitor a path to ingress LSR peer A, e.g., the H-G-D-C-B-A tunnel, then by looking up the list of known reverse paths, it MAY find and use the existing BFD session.
Operational Considerations When an explicit path is set as either Static or RSVP-TE LSP, corresponding sub-TLVs (defined in ) MAY be used to identify the explicit reverse path for the BFD session. If a particular set of sub-TLVs composes the Reply Path TLV and does not increase the length of the Maximum Transmission Unit for the given LSP, that set can be safely used in the BFD Reverse Path TLV. If any of the sub-TLVs defined in are used in the BFD Reverse Path TLV, then the periodic verification of the control plane against the data plane, as recommended in , MUST use the Reply Path TLV, as per , with that sub-TLV. By using the LSP ping with the Reply Path TLV, an operator monitors whether the reverse LSP is mapped to the same FEC as the BFD session at the egress BFD node. Selection and control of the rate of the LSP ping with the Reply Path TLV follows the recommendation in :
The rate of generation of these LSP Ping Echo request messages SHOULD be significantly less than the rate of generation of the BFD Control packets. An implementation MAY provide configuration options to control the rate of generation of the periodic LSP Ping Echo request messages.
Suppose an operator planned a network maintenance activity that possibly affects the FEC used in the BFD Reverse Path TLV. In that case, the operator can avoid unnecessary disruption by using the LSP ping with a new FEC in the BFD Reverse Path TLV. But in some scenarios, proactive measures cannot be taken because the frequency of LSP ping messages is lower than the defect detection time provided by the BFD session. As a result, a change in the reverse-path FEC will first be detected as the BFD session's failure. An operator will be notified as described in .
IANA Considerations
BFD Reverse Path TLV IANA has assigned the following value for the BFD Reverse Path TLV from the 16384-31739 range in the "TLVs" subregistry within the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters" registry. New BFD Reverse Path TLV
Type TLV Name Reference Sub-TLV Registry
16384 BFD Reverse Path RFC 9612 Only non-multicast sub-TLVs (already defined or to be defined in the future) in the "Sub-TLVs for TLV Types 1, 16, and 21" registry at are permitted to be used in this field. Other sub-TLVs MUST NOT be used.
Return Codes IANA has assigned the following Return Code values from the 192-247 range in the "Return Codes" subregistry within the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters" registry. New Return Codes
Value Meaning Reference
192 Inappropriate Target FEC Stack sub-TLV present RFC 9612
193 Failed to establish the BFD session. The specified reverse path was not found. RFC 9612
Security Considerations Security considerations discussed in , , , , and apply to this document. The BFD Reverse Path TLV may be exploited as an attack vector by inflating the number of included sub-TLVs. The number of sub-TLVs MUST be limited to mitigate that threat. The default limit for the number of sub-TLVs is set to 128 (see ). An implementation MAY use a mechanism to control that limit.
Normative References
Acknowledgments The authors greatly appreciate the thorough reviews and helpful comments from and . The authors much appreciate the help of , who provided information about the implementation of this specification.