Internet Engineering Task Force (IETF) C. Pignataro Request for Comments: 7881 D. Ward Category: Standards Track Cisco ISSN: 2070-1721 N. Akiya Big Switch Networks July 2016
Internet Engineering Task Force (IETF) C. Pignataro Request for Comments: 7881 D. Ward Category: Standards Track Cisco ISSN: 2070-1721 N. Akiya Big Switch Networks July 2016
Seamless Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6, and MPLS
IPv4、IPv6和MPLS的无缝双向转发检测(S-BFD)
Abstract
摘要
This document defines procedures for using Seamless Bidirectional Forwarding Detection (S-BFD) in IPv4, IPv6, and MPLS environments.
本文档定义了在IPv4、IPv6和MPLS环境中使用无缝双向转发检测(S-BFD)的过程。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7881.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7881.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................2 2. S-BFD UDP Port ..................................................2 3. S-BFD Echo UDP Port .............................................3 4. S-BFD Control Packet Demultiplexing .............................3 5. Initiator Procedures ............................................3 5.1. Details of S-BFD Control Packets Sent by SBFDInitiator .....4 5.1.1. Target versus Remote Entity (S-BFD Discriminator) ...4 6. Responder Procedures ............................................5 6.1. Details of S-BFD Control Packets Sent by SBFDReflector .....5 7. Security Considerations .........................................6 8. IANA Considerations .............................................6 9. References ......................................................7 9.1. Normative References .......................................7 9.2. Informative References .....................................7 Acknowledgements ...................................................8 Contributors .......................................................8 Authors' Addresses .................................................8
1. Introduction ....................................................2 2. S-BFD UDP Port ..................................................2 3. S-BFD Echo UDP Port .............................................3 4. S-BFD Control Packet Demultiplexing .............................3 5. Initiator Procedures ............................................3 5.1. Details of S-BFD Control Packets Sent by SBFDInitiator .....4 5.1.1. Target versus Remote Entity (S-BFD Discriminator) ...4 6. Responder Procedures ............................................5 6.1. Details of S-BFD Control Packets Sent by SBFDReflector .....5 7. Security Considerations .........................................6 8. IANA Considerations .............................................6 9. References ......................................................7 9.1. Normative References .......................................7 9.2. Informative References .....................................7 Acknowledgements ...................................................8 Contributors .......................................................8 Authors' Addresses .................................................8
Seamless Bidirectional Forwarding Detection (S-BFD) [RFC7880] defines a generalized mechanism to allow network nodes to seamlessly perform continuity checks to remote entities. This document defines necessary procedures for using S-BFD in IPv4, IPv6, and MPLS environments.
无缝双向转发检测(S-BFD)[RFC7880]定义了一种通用机制,允许网络节点无缝地对远程实体执行连续性检查。本文档定义了在IPv4、IPv6和MPLS环境中使用S-BFD的必要过程。
The reader is expected to be familiar with the IP [RFC791] [RFC2460], BFD [RFC5880], MPLS BFD [RFC5884], and S-BFD [RFC7880] terms and protocol constructs.
读者应熟悉IP[RFC791][RFC2460]、BFD[RFC5880]、MPLS BFD[RFC5884]和S-BFD[RFC7880]术语和协议结构。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
A new UDP port is defined for use by S-BFD in IPv4, IPv6, and MPLS environments: 7784.
定义了一个新的UDP端口,供S-BFD在IPv4、IPv6和MPLS环境中使用:7784。
In S-BFD Control packets from the SBFDInitiator to the SBFDReflector, the SBFDReflector session MUST listen for incoming S-BFD Control packets on port 7784. SBFDInitiator sessions MUST transmit S-BFD Control packets with destination port 7784. The source port of the S-BFD Control packets transmitted by SBFDInitiator sessions can be any port, with one exception: it MUST NOT be 7784. The same UDP
在从SBFDInitiator到SBFDReflector的S-BFD控制数据包中,SBFDReflector会话必须侦听端口7784上的传入S-BFD控制数据包。SBFDInitiator会话必须使用目标端口7784传输S-BFD控制数据包。SBFDInitiator会话传输的S-BFD控制数据包的源端口可以是任何端口,但有一个例外:它不能是7784。相同的UDP
source port number MUST be used for all S-BFD Control packets associated with a particular SBFDInitiator session. The source port number is unique among all SBFDInitiator sessions on the system.
源端口号必须用于与特定SBFDInitiator会话关联的所有S-BFD控制数据包。源端口号在系统上的所有SBFDInitiator会话中是唯一的。
In S-BFD Control packets from the SBFDReflector to the SBFDInitiator, the SBFDInitiator session MUST listen for reflected S-BFD Control packets at its source port.
在从SBFDReflector到SBFDInitiator的S-BFD控制数据包中,SBFDInitiator会话必须在其源端口侦听反射的S-BFD控制数据包。
The BFD Echo port defined by [RFC5881], port 3785, is used for the S-BFD Echo function in IPv4, IPv6, and MPLS environments. SBFDInitiator sessions MUST transmit S-BFD Echo packets with destination port 3785. The setting of the UDP source port [RFC5881] and the procedures [RFC7880] for the S-BFD Echo function are outside the scope of this document.
[RFC5881]端口3785定义的BFD回显端口用于IPv4、IPv6和MPLS环境中的S-BFD回显功能。SBFDInitiator会话必须使用目标端口3785传输S-BFD回波数据包。UDP源端口[RFC5881]的设置和S-BFD回波功能的程序[RFC7880]不在本文档范围内。
S-BFD Control packet demultiplexing follows the procedure specified in Section 7.1 of [RFC7880]. A received S-BFD Control packet MUST be demultiplexed with the destination UDP port field.
S-BFD控制数据包解复用遵循[RFC7880]第7.1节规定的程序。接收到的S-BFD控制数据包必须与目标UDP端口字段解复用。
This procedure for an S-BFD packet is executed on both the initiator and the reflector. If the port is 7784 (i.e., an S-BFD packet for the SBFDReflector), then the packet MUST be looked up to locate a corresponding SBFDReflector session based on the value from the Your Discriminator field in the table describing S-BFD Discriminators. If the port is not 7784 but the packet is demultiplexed to be for an SBFDInitiator, then the packet MUST be looked up to locate a corresponding SBFDInitiator session based on the value from the Your Discriminator field in the table describing BFD Discriminators. In that case, the destination IP address of the packet SHOULD be validated to be for itself. If the packet demultiplexes to a classical BFD session, then the procedures from [RFC5880] apply.
S-BFD数据包的此过程在启动器和反射器上执行。如果端口为7784(即,SBFDReflector的S-BFD数据包),则必须根据描述S-BFD鉴别器的表中“您的鉴别器”字段的值查找该数据包以定位相应的SBFDReflector会话。如果端口不是7784,但数据包被解复用为SBFDInitiator,则必须根据描述BFD鉴别器的表中Your Discriminator字段的值查找数据包,以定位相应的SBFDInitiator会话。在这种情况下,应该验证数据包的目的地IP地址是否为其自身。如果数据包解复用到经典BFD会话,则[RFC5880]中的程序适用。
S-BFD Control packets are transmitted with an IP header, UDP header, and BFD Control packet ([RFC5880]). When S-BFD Control packets are explicitly label switched (i.e., not IP routed and forwarded over a Label Switched Path (LSP), but explicitly sent on a specific LSP), the former is prepended with a label stack. Note that this document does not make a distinction between a single-hop S-BFD scenario and a multi-hop S-BFD scenario; both scenarios are supported.
S-BFD控制数据包通过IP报头、UDP报头和BFD控制数据包([RFC5880])传输。当S-BFD控制数据包被显式标签交换(即,不是通过标签交换路径(LSP)IP路由和转发,而是在特定LSP上显式发送)时,前者被预先加上标签堆栈。请注意,本文档没有区分单跳S-BFD场景和多跳S-BFD场景;这两种方案都受支持。
The necessary values in the BFD control headers are described in [RFC7880]. Section 5.1 describes necessary values in the MPLS header, IP header, and UDP header when an SBFDInitiator on the initiator is sending S-BFD Control packets.
[RFC7880]中描述了BFD控制标题中的必要值。第5.1节描述了当启动器上的SBFD启动器发送S-BFD控制数据包时,MPLS标头、IP标头和UDP标头中的必要值。
o Specifications common to both IP-routed S-BFD Control packets and explicitly label-switched S-BFD Control packets:
o IP路由S-BFD控制数据包和明确标记交换S-BFD控制数据包的通用规范:
* The Source IP Address field of the IP header MUST be set to a local IP address that is expected to be routable by the target (i.e., not an IPv6 link-local address when the target is multiple hops away).
* IP报头的源IP地址字段必须设置为目标可路由的本地IP地址(即,当目标距离多个跃点时,不是IPv6链路本地地址)。
* The UDP destination port MUST be set to a well-known UDP destination port assigned for S-BFD, i.e., 7784.
* UDP目标端口必须设置为为S-BFD分配的众所周知的UDP目标端口,即7784。
* The UDP source port MUST NOT be set to 7784.
* UDP源端口不得设置为7784。
o Specifications for IP-routed S-BFD Control packets:
o IP路由S-BFD控制数据包规范:
* The Destination IP Address field of the IP header MUST be set to an IP address of the target.
* IP头的目标IP地址字段必须设置为目标的IP地址。
* The TTL / Hop Limit field of the IP header SHOULD be set to 255.
* IP头的TTL/Hop Limit字段应设置为255。
o Specifications for explicitly label-switched S-BFD Control packets:
o 明确标记交换S-BFD控制数据包的规范:
* S-BFD Control packets MUST have the label stack that is expected to reach the target.
* S-BFD控制数据包必须具有预期到达目标的标签堆栈。
* The TTL field of the topmost label SHOULD be 255.
* 最顶端标签的TTL字段应为255。
* The destination IP address MUST be chosen from the 127/8 range for IPv4 and from the 0:0:0:0:0:ffff:7f00:0/104 range for IPv6, as per [RFC5884].
* 根据[RFC5884],必须从IPv4的127/8范围和IPv6的0:0:0:0:ffff:7f00:0/104范围中选择目标IP地址。
* The TTL / Hop Limit field of the IP header MUST be set to 1.
* IP标头的TTL/Hop Limit字段必须设置为1。
Typically, an S-BFD Control packet will have the Your Discriminator field corresponding to an S-BFD Discriminator of the remote entity located on the target network node defined by the destination IP address or the label stack. It is, however, possible for an
通常,S-BFD控制数据包将具有与远程实体的S-BFD鉴别器相对应的Your鉴别器字段,该远程实体位于由目标IP地址或标签堆栈定义的目标网络节点上。然而,这是有可能的
SBFDInitiator to carefully set the Your Discriminator and TTL fields to perform a continuity test in the direction towards a target, but destined to a transit network node and not to the target itself.
SBFDInitiator仔细设置您的鉴别器和TTL字段,以便在朝向目标的方向上执行连续性测试,但目的地是传输网络节点,而不是目标本身。
Section 5.1 intentionally uses the word "target" instead of "remote entity" to accommodate this possible S-BFD usage through TTL expiry. This also requires that S-BFD Control packets not be dropped by the responder node due to TTL expiry. Thus, implementations on the responder MUST allow received S-BFD Control packets taking a TTL expiry exception path to reach the corresponding SBFDReflector session. This is an existing packet-processing exception practice for Operations, Administration, and Maintenance (OAM) packets, where the control plane further identifies the type of OAM by the protocol and port numbers.
第5.1节故意使用“目标”一词而不是“远程实体”,以适应TTL到期期间可能出现的S-BFD用法。这还要求响应节点不会因为TTL过期而丢弃S-BFD控制数据包。因此,响应程序上的实现必须允许接收到的S-BFD控制数据包通过TTL到期异常路径到达相应的SBFDReflector会话。这是针对操作、管理和维护(OAM)分组的现有分组处理异常实践,其中控制平面通过协议和端口号进一步标识OAM的类型。
S-BFD Control packets are IP routed back to the initiator and will have an IP header, UDP header, and BFD control header. If an SBFDReflector receives an S-BFD Control packet with a UDP source port of 7784, the packet MUST be discarded. Necessary values in the BFD control header are described in [RFC7880]. Section 6.1 describes necessary values in the IP header and UDP header when an SBFDReflector on the responder is sending S-BFD Control packets.
S-BFD控制数据包通过IP路由返回到启动器,并具有IP头、UDP头和BFD控制头。如果SBFDReflector接收到UDP源端口为7784的S-BFD控制数据包,则必须丢弃该数据包。[RFC7880]中描述了BFD控制标题中的必要值。第6.1节描述了当响应程序上的SBFDReflector发送S-BFD控制数据包时,IP报头和UDP报头中的必要值。
o The Destination IP Address field of the IP header MUST be copied from the Source IP Address field of the received S-BFD Control packet.
o IP报头的目标IP地址字段必须从接收到的S-BFD控制数据包的源IP地址字段复制。
o The Source IP Address field of the IP header MUST be set to a local IP address that the initiator expects to be visible (i.e., not an IPv6 link-local address when the initiator is multiple hops away). The source IP address SHOULD be copied from the Destination IP Address field of the received S-BFD Control packet, except when it is from the 127/8 range for IPv4 or from the 0:0:0:0:0:ffff:7f00:0/104 range for IPv6.
o IP报头的源IP地址字段必须设置为启动器期望可见的本地IP地址(即,当启动器距离多个跃点时,不是IPv6链路本地地址)。应从接收到的S-BFD控制数据包的目标IP地址字段复制源IP地址,除非它来自IPv4的127/8范围或IPv6的0:0:0:0:ffff:7f00:0/104范围。
o The TTL / Hop Limit field of the IP header MUST be set to 255.
o IP标头的TTL/Hop Limit字段必须设置为255。
o The UDP destination port MUST be copied from the received UDP source port.
o 必须从收到的UDP源端口复制UDP目标端口。
o The UDP source port MUST be copied from the received UDP destination port.
o 必须从收到的UDP目标端口复制UDP源端口。
Security considerations for S-BFD are discussed in [RFC7880]. Additionally, implementing the following measures will strengthen security aspects of the mechanism described by this document:
[RFC7880]中讨论了S-BFD的安全注意事项。此外,实施以下措施将加强本文件所述机制的安全方面:
o Implementations MUST provide filtering capability based on source IP addresses of received S-BFD Control packets; see [RFC2827].
o 实现必须提供基于接收到的S-BFD控制包的源IP地址的过滤能力;见[RFC2827]。
o Implementations MUST NOT act on received S-BFD Control packets containing source Martian IP addresses (i.e., addresses that, by application of the current forwarding tables, would not have their return traffic routed back to the sender).
o 实施不得对接收到的包含源火星IP地址的S-BFD控制数据包(即,通过应用当前转发表,不会将其返回流量路由回发送方的地址)采取行动。
o Implementations MUST ensure that response S-BFD Control packets generated by the SBFDReflector and sent to the initiator have a reachable target (e.g., destination IP address).
o 实施必须确保由SBFDReflector生成并发送给启动器的响应S-BFD控制数据包具有可到达的目标(例如,目标IP地址)。
A new port number value, 7784, was allocated from the "Service Name and Transport Protocol Port Number Registry". The allocated registry entry is:
从“服务名称和传输协议端口号注册表”中分配了一个新的端口号值7784。分配的注册表项为:
Service Name (REQUIRED) s-bfd
服务名称(必需)s-bfd
Transport Protocol(s) (REQUIRED) udp
传输协议(必需)udp
Assignee (REQUIRED) IESG <iesg@ietf.org>
受让人(必需)IESG<iesg@ietf.org>
Contact (REQUIRED) IETF Chair <chair@ietf.org>
联系(需要)IETF主席<chair@ietf.org>
Description (REQUIRED) Seamless Bidirectional Forwarding Detection (S-BFD)
说明(必需)无缝双向转发检测(S-BFD)
Reference (REQUIRED) RFC 7881
参考(必需)RFC 7881
Port Number (OPTIONAL) 7784
端口号(可选)7784
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, <http://www.rfc-editor.org/info/rfc5880>.
[RFC5880]Katz,D.和D.Ward,“双向转发检测(BFD)”,RFC 5880,DOI 10.17487/RFC5880,2010年6月<http://www.rfc-editor.org/info/rfc5880>.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, DOI 10.17487/RFC5881, June 2010, <http://www.rfc-editor.org/info/rfc5881>.
[RFC5881]Katz,D.和D.Ward,“IPv4和IPv6(单跳)的双向转发检测(BFD)”,RFC 5881,DOI 10.17487/RFC5881,2010年6月<http://www.rfc-editor.org/info/rfc5881>.
[RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. Pallagatti, "Seamless Bidirectional Forwarding Detection (S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016, <http://www.rfc-editor.org/info/rfc7880>.
[RFC7880]Pignataro,C.,Ward,D.,Akiya,N.,Bhatia,M.,和S.Pallagati,“无缝双向转发检测(S-BFD)”,RFC 7880,DOI 10.17487/RFC78802016年7月<http://www.rfc-editor.org/info/rfc7880>.
[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC791, September 1981, <http://www.rfc-editor.org/info/rfc791>.
[RFC791]Postel,J.,“互联网协议”,STD 5,RFC 791,DOI 10.17487/RFC7911981年9月<http://www.rfc-editor.org/info/rfc791>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,DOI 10.17487/RFC2460,1998年12月<http://www.rfc-editor.org/info/rfc2460>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, May 2000, <http://www.rfc-editor.org/info/rfc2827>.
[RFC2827]Ferguson,P.和D.Senie,“网络入口过滤:击败利用IP源地址欺骗的拒绝服务攻击”,BCP 38,RFC 2827,DOI 10.17487/RFC2827,2000年5月<http://www.rfc-editor.org/info/rfc2827>.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, "Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)", RFC 5884, DOI 10.17487/RFC5884, June 2010, <http://www.rfc-editor.org/info/rfc5884>.
[RFC5884]Aggarwal,R.,Kompella,K.,Nadeau,T.,和G.Swallow,“MPLS标签交换路径(LSP)的双向转发检测(BFD)”,RFC 5884,DOI 10.17487/RFC5884,2010年6月<http://www.rfc-editor.org/info/rfc5884>.
Acknowledgements
致谢
The authors would like to thank the BFD WG members for helping to shape the contents of this document. In particular, significant contributions were made by the following people: Marc Binderberger, Jeffrey Haas, Santosh Pallagatti, Greg Mirsky, Sam Aldrin, Vengada Prasad Govindan, Mallik Mudigonda, and Srihari Raghavan.
作者要感谢BFD工作组成员帮助形成本文件的内容。特别是,以下人士做出了重大贡献:马克·宾德伯格、杰弗里·哈斯、桑托什·帕拉加蒂、格雷格·米尔斯基、萨姆·奥尔德林、文加达·普拉萨德·戈文丹、马利克·穆迪贡达和斯利哈里·拉格万。
Contributors
贡献者
The following are key contributors to this document:
以下是本文件的主要贡献者:
Tarek Saad, Cisco Systems, Inc. Siva Sivabalan, Cisco Systems, Inc. Nagendra Kumar, Cisco Systems, Inc.
塔瑞克·萨阿德、思科系统公司、西瓦·西瓦巴兰、思科系统公司、纳甘德拉·库马尔、思科系统公司。
Authors' Addresses
作者地址
Carlos Pignataro Cisco Systems, Inc.
卡洛斯·皮格纳塔罗思科系统公司。
Email: cpignata@cisco.com
Email: cpignata@cisco.com
Dave Ward Cisco Systems, Inc.
戴夫·沃德思科系统公司。
Email: wardd@cisco.com
Email: wardd@cisco.com
Nobo Akiya Big Switch Networks
Nobo Akiya大交换网络
Email: nobo.akiya.dev@gmail.com
Email: nobo.akiya.dev@gmail.com