BIER WG Z. Zhang Internet-Draft G. Mirsky Intended status: Informational Q. Xiong Expires: January 14, 2021 ZTE Corporation Y. Liu China Mobile July 13, 2020 BIER Source Protection draft-zhang-bier-source-protection-01 Abstract This document describes the multicast source protection functions in Bit Index Explicit Replication BIER domain. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 14, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Zhang, et al. Expires January 14, 2021 [Page 1] Internet-Draft BIER Source Protection July 2020 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Source Protection analysis . . . . . . . . . . . . . . . 3 2.1. Node failure monitoring . . . . . . . . . . . . . . . . . 4 2.2. Monitoring of the Working Path for a Failure . . . . . . 4 3. BFD and Ping . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. BIER Ping . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2. BIER BFD . . . . . . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Informative References . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Bit Index Explicit Replication (BIER) [RFC8279] is an architecture that provides multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). Source Protection is not specific to the BIER environment. Source Protection means that to protect the multicast source node, two or more ingress routers, in BIER environment, ingress routers are BFIRs, may be used to connect the multicast source node. Generally, only one ingress router (BFIR) is selected to forward flows from multicast source node to egress routers, in BIER environment, egress routers are BFERs. The selected BFIR may be chosen based on local policies, BFERs that receiving the same multicast flow may elect to use the same or different BFIR. The BFIR and the path in use are referred to as working while all alternative available BFIRs and paths that can be used to receive the same multicast flow are referred to as protection. For a BFER, when either the working BFIR or the working path fails, the BFER can select one of protecting BFIRs to get the multicast flow. The shorter the detection time is, the faster the flow recovers. This document discusses the functions that can be used in failure detection for multicast source protection. Zhang, et al. Expires January 14, 2021 [Page 2] Internet-Draft BIER Source Protection July 2020 2. The Source Protection analysis According to BIER architecture [RFC8279], BIER overlay protocols, which include MVPN [RFC8556], MLD [I-D.ietf-bier-mld], PIM [I-D.ietf-bier-pim-signaling], etc., are used to exchange the multicast flow information, so the BFER selects the UMH (Upstream Multicast Hop) BFIR as the ingress router, the BFIR collects the BFERs which want to receive the multicast flow. BIER transport is used to deliver the multicast packet to the destination BFERs. To ensure that the source flow protection is uninterrupted, the detection of a defect is at the BIER transport layer. The switchover is performed at the BIER overlay layer. When BFIR failure is detected, BIER overlay advertisement for BFIR re-select may be triggered. As [I-D.ietf-bess-mvpn-fast-failover] describes, the root standby functions defined in section 4.2 can also be used in the BIER environment. About Cold Standby, Warm Standby, Hot Standby, more details will be added in future version. The most important items in source detection are failure detection and switchover. Note that the failure detection includes node and working path failure monitoring. Similarly, BFIR switching and BFER switching are included in the switchover scenario. The selected BFIR is referred to as Selected BFIR (S-BFIR) and the backup BFIR - as Backup BFIR (B-BFIR). For simplicity, only one B-BFIR is considered in the following case. +--------+S1+-------+ | | +--v----+ +---v---+ +------+ BFIR1 |..........| BFIR2 +-------+ . +-------+ +-------+ . . . . ...... . . . . +-------+ +-------+ +-------+ . +--|BFER1|-......-|BFER2|-......-|BFER3|--+ +--+----+ +---+---+ +--+----+ | | | v v v R1 R2 R3 Figure 1: An Example of the Source Protection in BIER In Figure 1, a multicast source S1 is connected to BFIR1 and BFIR2. In some deployments, only BFIR1 advertises S1 flow information to Zhang, et al. Expires January 14, 2021 [Page 3] Internet-Draft BIER Source Protection July 2020 BFERs by BIER overlay protocols, such as BGP(MVPN), MLD, PIM, etc. All the BFERs which want to receive the S1 flow will select BFIR1 as the S-BFIR, BFIR2 is the B-BFIR. In some other deployments, BFIR1 and BFIR2 both advertise S1 flows to BFERs by BIER overlay protocols, and some BFERs may select BFIR1 as S-BFIR, other BFERs may select BFIR2 as S-BFIR, BFIR1 and BFIR2 in charge of different BFERs, and they are complementary B-BFIR for the BFERs. We do not distinguish these two cases strictly. 2.1. Node failure monitoring For example, if S1 connects BFIR1 and BFIR2 by a shared media, BFIR1 is the selected BFIR for multicast flow forwarding that comes from S1, BFIR2 can monitor BFIR1 node failing by BFD session [RFC5880] built on the shared media. Also, ping methods, include IPv4 ping [RFC0792] (when IPv4 prefix is used), LSP-Ping [RFC8029] (when mpls forwarding plane is built), IPv6 ping [RFC4443] (when IPv6 prefix is used), BIER ping [I-D.ietf-bier-ping] can also be used. In case there is no shared media among S1, BFIR1 and BFIR2, BFIR2 may monitor BFIR1 by BFD session or any type of ping methods across the BIER domain, in case there is no direct connection between BFIR1 and BFIR2, multiple hops will be traversed. 2.2. Monitoring of the Working Path for a Failure Zhang, et al. Expires January 14, 2021 [Page 4] Internet-Draft BIER Source Protection July 2020 +--------+S1+-------+ | | +--v----+ +---v---+ +------+ BFIR1 |..........| BFIR2 +-------+ | +-----+-+ <------> +-------+ | | | bfd | | +--v---+ +------+ | | | BFR1 | | BFR2 | | | +-+---+--+- +------+ | | | | ...... | | | +-----+ | | | | | | +--v---+ +-v----+ +------+ | | | BFRx | | BFRy | | BFRz | | | ++-----+ ++--+--+ +------+ | | | | | | | | | +------------+ | | | | | | | +---v---+ +-v-----+ +--v----+ | +--|BFER1||......||BFER2||......||BFER3|--+ +--+----+ +---+---+ +--+----+ | | | v v v R1 R2 R3 Figure 2: An Example of the Monitoring of the Working Path In the case of a node failure detection, the path between B-BFIR and S-BFIR may not be the same as the path traversed by the data flow. For example, in Figure 2, the path from BFIR1 (S-BFIR) to all the BFERs is different from the path between BFIR1 and BFIR2 (B-BFIR). If the path between BFIR2 and BFIR1 is broken, BFIR2 will detect the failure and consider that BFIR1 is down. As a result, BFIR2 will take on the role of S-BFIR. But the path from BFIR1 to all of the BFERs may be working well and is not affected by the defect between BFIR1 and BFIR2. In this situation, the B-BFIR switches to S-BFIR unnecessarily, and potential packet loss will occur. There are two options to monitor the working multicast distribution tree in BIER: o S-BFIR monitors all the BFERs; o each BFER monitors the S-BFIR. In BIER transport environment, the monitor should be based on BIER forwarding. Zhang, et al. Expires January 14, 2021 [Page 5] Internet-Draft BIER Source Protection July 2020 When S-BFIR monitors all the related BFERs, multiple BFD sessions may be built between S-BFIR and each BFER. BIER ping [I-D.ietf-bier-ping] can also be used. Once S-BFIR finds that one BFER is lost by BFD session timeout or ping fail, S-BFIR should notify B-BFIR to take charge of flow forwarding for the lost BFER. When BFER monitors the S-BFIR, multiple BFD sessions may be built between S-BFIR and each BFER. Or BIER ping [I-D.ietf-bier-ping] can also be used. Once BFER finds that the S-BFIR is lost, the BFER should select the B-BFIR as S-BFIR as soon as possible, and the BFER should advertisement the UMH selection to B-BFIR as soon as possible. When MVPN is used as BIER overlay protocol, BFD discriminator defined section 3.1.6 in [I-D.ietf-bess-mvpn-fast-failover] can also be used to build the multipoint BFD among BFIR and BFERs. BIER BFD [I-D.hu-bier-bfd] can be used to reduce the number of BFD sessions between S-BFIR and each of BFERs. If BIER BFD is used, only one multipoint BFD session will be built among S-BFIR and all the BFERs. 3. BFD and Ping BFD and Ping can all be used in failure detection, but there are differences between them. A network administrator can select the appropriate mechanism according to the actual network. 3.1. BIER Ping [I-D.ietf-bier-ping] describes the mechanism and basic BIER OAM packet format that can be used to perform failure detection and isolation on BIER data plane without any dependency on other layers like the IP layer. In the example of Figure 1, BFER can monitor the status of BFIR and the path status between BFER and BFIR. BFER1 sends the BIER Ping packet to BFIR1. If BFER1 does not receive responses from BFIR1 in an expected period of time (may be multiplied average round-trip time), BFER1 will treat BFIR1 as a failed UMH, and BFER1 will select BFIR2 as the UMH and signal to BFIR2 to get multicast flow. In this example, BFER1, BFER2, and BFER3 send BIER ping packet to BFIR1 separately. The timeout period MAY be set to different values depending on the local performance requirement on each BFER. In the general case of more complex BIER topology, it cannot be guaranteed that the path used from BFIR1 to BFER1 is the same as in the reverse direction, i.e., from BFER1 to BFIR1. If that is not Zhang, et al. Expires January 14, 2021 [Page 6] Internet-Draft BIER Source Protection July 2020 guaranteed and the paths are not co-routed, then this method may produce false results, both false negative and false positive. The former is when ping fails while the multicast path and flow are OK. The latter is when the multicast path has a defect, but ping works. Thus, to improve the consistency of this method of detecting a failure in multicast flow transport, the path that the echo request from BFER1 traverses to BFIR1 must be co-routed with the path that the monitored multicast flow traverses through the BIER domain from BFIR1 to BFER1. 3.2. BIER BFD [I-D.hu-bier-bfd] describes the application of P2MP BFD in a BIER network. And it describes the procedures for using such mode of BFD protocol to verify multipoint or multicast connectivity between a sender (BFIR) and one or more receivers (BFERs). In the same example, BFIR1 sends the BIER Echo request packet to BFERs to bootstrap a p2mp BFD session. After BFER1, BFER2 and BFER3 receive the Echo request packet with BFD Discriminator and the Target SI-Bitstring TLVs, BFERs creates the BFD session of type MultipointTail [RFC8562] to monitor the status of BFIR1 and the working path. If BFERs have not received BFD packet from BFER1 for the Detection Time [RFC8562], BFER1 will treat BFIR1 as a failed UMH, and signal to BFIR2 to get the multicast flow. The timeout period on each BFER MAY be set to a different value depending on the local performance requirement on each BFER. BFER monitors BFIR separately and selects its UMH independently from selections reached by other BFERs. 4. Security Considerations Security considerations discussed in [RFC8279], [RFC8562], [I-D.ietf-bier-ping], [I-D.ietf-bess-mvpn-fast-failover] and [I-D.hu-bier-bfd] apply to this document. 5. Informative References [I-D.hu-bier-bfd] Xiong, Q., Mirsky, G., hu, f., and C. Liu, "BIER BFD", draft-hu-bier-bfd-07 (work in progress), July 2020. [I-D.ietf-bess-mvpn-fast-failover] Morin, T., Kebler, R., and G. Mirsky, "Multicast VPN fast upstream failover", draft-ietf-bess-mvpn-fast-failover-10 (work in progress), February 2020. Zhang, et al. Expires January 14, 2021 [Page 7] Internet-Draft BIER Source Protection July 2020 [I-D.ietf-bier-mld] Pfister, P., Wijnands, I., Venaas, S., Wang, C., Zhang, Z., and M. Stenberg, "BIER Ingress Multicast Flow Overlay using Multicast Listener Discovery Protocols", draft-ietf- bier-mld-04 (work in progress), March 2020. [I-D.ietf-bier-pim-signaling] Bidgoli, H., Xu, F., Kotalwar, J., Wijnands, I., mishra, m., and Z. Zhang, "PIM Signaling Through BIER Core", draft-ietf-bier-pim-signaling-09 (work in progress), July 2020. [I-D.ietf-bier-ping] Nainar, N., Pignataro, C., Akiya, N., Zheng, L., Chen, M., and G. Mirsky, "BIER Ping and Trace", draft-ietf-bier- ping-07 (work in progress), May 2020. [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September 1981, . [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006, . [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, . [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., Aldrin, S., and M. Chen, "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures", RFC 8029, DOI 10.17487/RFC8029, March 2017, . [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Przygienda, T., and S. Aldrin, "Multicast Using Bit Index Explicit Replication (BIER)", RFC 8279, DOI 10.17487/RFC8279, November 2017, . [RFC8556] Rosen, E., Ed., Sivakumar, M., Przygienda, T., Aldrin, S., and A. Dolganow, "Multicast VPN Using Bit Index Explicit Replication (BIER)", RFC 8556, DOI 10.17487/RFC8556, April 2019, . Zhang, et al. Expires January 14, 2021 [Page 8] Internet-Draft BIER Source Protection July 2020 [RFC8562] Katz, D., Ward, D., Pallagatti, S., Ed., and G. Mirsky, Ed., "Bidirectional Forwarding Detection (BFD) for Multipoint Networks", RFC 8562, DOI 10.17487/RFC8562, April 2019, . Authors' Addresses Zheng Zhang ZTE Corporation Email: zzhang_ietf@hotmail.com Greg Mirsky ZTE Corporation Email: gregimirsky@gmail.com Quan Xiong ZTE Corporation Email: xiong.quan@zte.com.cn Yisong Liu China Mobile Email: liuyisong@chinamobile.com Zhang, et al. Expires January 14, 2021 [Page 9]