Independent Submission W. Zhou Request for Comments: 7910 Cisco Systems Category: Informational June 2016 ISSN: 2070-1721
Independent Submission W. Zhou Request for Comments: 7910 Cisco Systems Category: Informational June 2016 ISSN: 2070-1721
Interoperability between the Virtual Router Redundancy Protocol and PIM
虚拟路由器冗余协议与PIM之间的互操作性
Abstract
摘要
This document introduces VRRP-aware PIM, a redundancy mechanism for the Protocol Independent Multicast (PIM) to interoperate with the Virtual Router Redundancy Protocol (VRRP). It allows PIM to track VRRP state and to preserve multicast traffic upon failover in a redundant network with virtual routing groups enabled. The mechanism described in this document is based on Cisco IOS software implementation.
本文介绍了支持VRRP的PIM,这是一种协议独立多播(PIM)的冗余机制,用于与虚拟路由器冗余协议(VRRP)进行互操作。它允许PIM跟踪VRRP状态,并在启用虚拟路由组的冗余网络中进行故障切换时保留多播流量。本文档中描述的机制基于Cisco IOS软件实现。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 7841.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7910.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7910.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Tracking and Failover . . . . . . . . . . . . . . . . . . . . 3 3. PIM Assert Metric Auto-Adjustment . . . . . . . . . . . . . . 4 4. DF Election for BiDir Group . . . . . . . . . . . . . . . . . 4 5. Tracking Multiple VRRP Groups on an Interface . . . . . . . . 5 6. Support of HSRP . . . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Informative References . . . . . . . . . . . . . . . . . . . 6 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Tracking and Failover . . . . . . . . . . . . . . . . . . . . 3 3. PIM Assert Metric Auto-Adjustment . . . . . . . . . . . . . . 4 4. DF Election for BiDir Group . . . . . . . . . . . . . . . . . 4 5. Tracking Multiple VRRP Groups on an Interface . . . . . . . . 5 6. Support of HSRP . . . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Informative References . . . . . . . . . . . . . . . . . . . 6 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
The Virtual Router Redundancy Protocol (VRRP) [RFC5798] is a redundancy protocol for establishing a fault-tolerant default router. The protocol establishes a framework between network devices in order to achieve default device failover if the primary devices become inaccessible.
虚拟路由器冗余协议(VRRP)[RFC5798]是用于建立容错默认路由器的冗余协议。该协议在网络设备之间建立了一个框架,以便在主设备无法访问时实现默认设备故障切换。
Protocol Independent Multicast (PIM) [RFC7761] has no inherent redundancy capabilities and its operation is completely independent of VRRP group states. As a result, IP multicast traffic is not necessarily forwarded by the same device that is elected by VRRP. The VRRP-aware PIM feature provides consistent IP multicast forwarding in a redundant network with virtual routing groups enabled.
协议独立多播(PIM)[RFC7761]没有固有的冗余能力,其操作完全独立于VRRP组状态。因此,IP多播流量不一定由VRRP选择的同一设备转发。VRRP感知PIM功能在启用虚拟路由组的冗余网络中提供一致的IP多播转发。
In a multi-access segment (such as LAN), the elected PIM designated router (DR) is unaware of the redundancy configuration, and the elected DR and VRRP master router (MR) may not be the same. In order to ensure that the PIM DR is always able to forward a PIM Join/Prune (J/P) message towards Rendezvous Point (RP) or first-hop router, the VRRP MR becomes the PIM DR (if there is only one VRRP group). PIM is responsible for adjusting the DR priority based on the group state. When a failover occurs, multicast states are created on the new MR elected by the VRRP group and the MR assumes responsibility for the routing and forwarding of all the traffic addressed to the VRRP virtual IP address (vIP). This ensures that the PIM DR runs on the same router as the VRRP MR and maintains multicast routing (mroute) states. It enables multicast traffic to be forwarded through the VRRP MR, allowing PIM to leverage VRRP redundancy, avoid potential duplicate traffic, and enable failover, depending on the VRRP states in the router.
在多址段(如LAN)中,选择的PIM指定路由器(DR)不知道冗余配置,并且选择的DR和VRRP主路由器(MR)可能不同。为了确保PIM DR始终能够向集合点(RP)或第一跳路由器转发PIM加入/删减(J/P)消息,VRRP MR成为PIM DR(如果只有一个VRRP组)。PIM负责根据组状态调整灾难恢复优先级。当发生故障转移时,将在VRRP组选择的新MR上创建多播状态,并且MR将负责路由和转发寻址到VRRP虚拟IP地址(vIP)的所有流量。这确保PIM DR与VRRP MR在同一路由器上运行,并保持多播路由(mroute)状态。它支持通过VRRP MR转发多播流量,允许PIM利用VRRP冗余,避免潜在的重复流量,并根据路由器中的VRRP状态启用故障切换。
This mechanism can be safely deployed into a PIM network without changing the behavior of other routers. When only a specific set of routers enable this feature, a user can configure PIM interfaces to track state-change events of desired VRRP group(s). When a router becomes the VRRP MR, the PIM component applies the user-defined DR priority value to the interface in order to make it PIM DR. Other routers will not break the functionality of this feature, as long as their configured DR priority does not conflict with the participating routers. When deployed in a PIM transit network, downstream routers should configure the static route to use vIP as the next-hop address for PIM J/P messages in order to take advantage of this feature. If dynamic routing is used and the next-hop address is selected by unicast routing information as described in [RFC5294], then these routes cannot leverage the VRRP redundancy and failover mechanism. These downstream routers, however, do not have to support this new feature and there is no additional configuration or coordination required from a manageability point of view. This mechanism does not change any bit on the wire, and it has been implemented on Cisco IOS software.
这种机制可以安全地部署到PIM网络中,而无需改变其他路由器的行为。当只有一组特定的路由器启用此功能时,用户可以配置PIM接口来跟踪所需VRRP组的状态更改事件。当路由器成为VRRP MR时,PIM组件将用户定义的DR优先级值应用于接口,以使其成为PIM DR。其他路由器不会破坏此功能,只要其配置的DR优先级不与参与路由器冲突。当部署在PIM传输网络中时,下游路由器应将静态路由配置为使用vIP作为PIM J/P消息的下一跳地址,以便利用此功能。如果使用动态路由,并且按照[RFC5294]中所述的单播路由信息选择下一跳地址,则这些路由无法利用VRRP冗余和故障切换机制。然而,这些下游路由器不必支持这一新功能,并且从可管理性的角度来看,不需要额外的配置或协调。该机制不会改变线路上的任何位,并且已在Cisco IOS软件上实现。
Without the mechanisms described in this document, a PIM component will send PIM J/P messages with the DR's IP address to upstream routers. A GenID (Generation Identifier) in a PIM Hello message is randomly selected when the router boots and remains the same as long as the router is up. A PIM neighbor reboot can easily be detected if its GenID is different from before; in this case, the PIM J/P and RP-Set information can be redistributed to the rebooted neighbor. With the VRRP-aware PIM mechanism enabled, the PIM component listens to the state-change notifications from VRRP and automatically adjusts the priority of the PIM DR based on the VRRP state and ensures the VRRP MR (if there is only one VRRP group) becomes the DR of the LAN. If there are multiple VRRP groups, the DR is determined by the user-configured priority value.
如果没有本文档中描述的机制,PIM组件将向上游路由器发送带有DR IP地址的PIM J/P消息。PIM Hello消息中的GenID(生成标识符)在路由器引导时随机选择,并且在路由器启动时保持不变。如果PIM邻居的GenID与以前不同,则可以很容易地检测到它的重新启动;在这种情况下,PIM J/P和RP集合信息可以重新分配给重新启动的邻居。启用VRRP感知PIM机制后,PIM组件将侦听来自VRRP的状态更改通知,并根据VRRP状态自动调整PIM DR的优先级,并确保VRRP MR(如果只有一个VRRP组)成为LAN的DR。如果存在多个VRRP组,则DR由用户配置的优先级值确定。
Upon failover, the PIM component triggers communication between upstream and downstream routers in order to create mroute states on the new VRRP MR. The PIM component sends an additional PIM Hello message using the VRRP vIP as the source address for each active VRRP group when a router becomes the VRRP MR. The PIM Hello message with a new GenID will trigger other routers to respond to the VRRP failover event in the same way as the PIM neighbor reboot event as described in [RFC5294]. Specifically, when a downstream router receives this PIM Hello message, it will add the source IP address (in this case the VRRP vIP) into its PIM neighbor list and immediately send triggered PIM J/P messages towards vIP. Upstream routers will process PIM J/P messages based on the VRRP group state.
故障切换时,PIM组件触发上游和下游路由器之间的通信,以便在新VRRP MR上创建mroute状态。当路由器成为VRRP MR时,PIM组件使用VRRP vIP作为每个活动VRRP组的源地址发送额外的PIM Hello消息。将触发带有新GenID的PIM Hello消息其他路由器响应VRRP故障转移事件的方式与[RFC5294]中描述的PIM邻居重新启动事件相同。具体而言,当下游路由器收到此PIM Hello消息时,它将把源IP地址(在本例中为VRRP vIP)添加到其PIM邻居列表中,并立即向vIP发送触发的PIM J/P消息。上游路由器将根据VRRP组状态处理PIM J/P消息。
If the PIM J/P next-hop address matches the VRRP vIP, only the current VRRP MR will process the PIM J/P messages. This allows all PIM J/P messages to reach the VRRP group vIP and minimizes changes and configurations at the downstream routers.
如果PIM J/P下一跳地址与VRRP vIP匹配,则只有当前VRRP MR将处理PIM J/P消息。这允许所有PIM J/P消息到达VRRP组vIP,并最小化下游路由器的更改和配置。
Alternatively, the implementation can choose to have all VRRP passive routers maintain mroute states and record the GenID of the current MR. When a passive router becomes the MR, it uses the existing mroute states and the recorded MR GenID in its PIM Hello message. This will avoid resending PIM J/P messages upon failover and will eliminate the requirement of an additional PIM Hello with vIP. There is no change in on-the-wire behavior or in the PIM and VRRP message format.
或者,实现可以选择让所有VRRP被动路由器保持mroute状态并记录当前MR的GenID。当被动路由器成为MR时,它在其PIM Hello消息中使用现有mroute状态和记录的MR GenID。这将避免在故障切换时重新发送PIM J/P消息,并将消除vIP附加PIM Hello的要求。在线行为或PIM和VRRP消息格式没有变化。
It is possible that, after the VRRP MR switches from router A to B, A would still forward multicast traffic, which will result in duplicate traffic. The PIM Assert mechanism will kick in because PIM Assert with redundancy is enabled.
在VRRP MR从路由器A切换到B后,A仍可能转发多播流量,这将导致重复流量。PIM断言机制将启动,因为启用了带冗余的PIM断言。
o If there is only one VRRP group, passive routers will send an arbitrary penalty metric preference (PIM_ASSERT_INFINITY - 1) and make MR the Assert winner.
o 如果只有一个VRRP组,被动路由器将发送任意惩罚度量偏好(PIM_ASSERT_INFINITY-1),并使MR成为ASSERT赢家。
o If there are multiples VRRP groups configured on an interface, the Assert metric preference will be (PIM_ASSERT_INFINITY - 1) if and only if all VRRP groups are in Passive state.
o 如果在一个接口上配置了多个VRRP组,当且仅当所有VRRP组处于被动状态时,断言度量首选项将为(PIM_Assert_INFINITY-1)。
o If there is at least one VRRP group in Active state, then the original Assert metric preference will be used. That is, the winner will be selected between routers using their real Assert metric preference with at least one active VRRP Group, as if no VRRP is involved.
o 如果至少有一个VRRP组处于活动状态,则将使用原始的断言度量首选项。也就是说,赢家将在路由器之间选择,使用他们的真实断言度量偏好和至少一个活动VRRP组,就好像不涉及VRRP一样。
Change to Designated Forwarder (DF) offer/winner metric is handled similarly to PIM Assert handling with VRRP.
指定货代(DF)报价/中标人指标的变更处理方式与VRRP的PIM断言处理方式类似。
o If there is only one VRRP group, passive routers will send a large penalty metric preference in an offer (PIM_BIDIR_INFINITY_PREF- 1) and make MR the DF winner.
o 如果只有一个VRRP组,被动路由器将在报价(PIM_BIDIR_INFINITY_PREF-1)中发送一个较大的惩罚度量偏好,并使MR成为DF赢家。
o If there are multiples VRRP groups configured on an interface, the offer metric preference will be (PIM_BIDIR_INFINITY_PREF- 1) if and only if all VRRP groups are in Passive state.
o 如果在一个接口上配置了多个VRRP组,则当且仅当所有VRRP组处于被动状态时,报价度量首选项将为(PIM_BIDIR_INFINITY_PREF-1)。
o If there is at least one VRRP group in Active state, then the original offer metric preference to RP will be used. That is, the winner will be selected between routers using their real offer metric, as if no VRRP is involved.
o 如果至少有一个VRRP组处于活动状态,则将使用对RP的原始报价度量偏好。也就是说,赢家将在路由器之间选择使用他们的实际报价指标,好像没有涉及VRRP。
A user can configure a PIM component to track more than one VRRP groups on an interface. This allows other applications to exploit PIM/VRRP interoperability to achieve various goals (e.g., load balancing). Since each VRRP group that is configured on an interface could be in different states at any moment, the DR priority is adjusted. The PIM Assert metric and PIM BiDir DF metric should be adjusted if and only if all VRRP groups that are configured on an interface are in Passive (non-Active) states to ensure that interfaces with all-passive VRRP groups do not win DR, Assert, and DF election. In other words, the DR, Assert, and DF winners will be elected among the interfaces with at least one active VRRP group.
用户可以配置PIM组件来跟踪接口上的多个VRRP组。这允许其他应用程序利用PIM/VRRP互操作性来实现各种目标(例如,负载平衡)。由于在接口上配置的每个VRRP组在任何时候都可能处于不同的状态,因此会调整DR优先级。当且仅当接口上配置的所有VRRP组处于被动(非主动)状态时,应调整PIM Assert度量和PIM BiDir DF度量,以确保所有被动VRRP组的接口不会赢得DR、Assert和DF选举。换句话说,DR、Assert和DF获奖者将在至少有一个活动VRRP组的接口中选出。
Although there are differences between VRRP and the Hot Standby Router Protocol (HSRP) [RFC2281] -- including the number of backup (standby) routers, virtual IP address, and timer intervals -- the proposed scheme can also enable HSRP-aware PIM with similar failover and the tracking mechanism described in this document.
尽管VRRP和热备用路由器协议(HSRP)[RFC2281]之间存在差异,包括备份(备用)路由器的数量、虚拟IP地址和计时器间隔,但提议的方案还可以启用具有类似故障切换和本文档中描述的跟踪机制的HSRP感知PIM。
The proposed tracking mechanism does not discuss adding authentication to the protocols and introduces no new negative impact or threats on security to PIM in either SSM (Source-Specific Multicast) or ASM (Any-Source Multicast) mode. Note that VRRP messages from malicious nodes could cause unexpected behaviors such as multiple MRs and PIM DRs, which are associated with VRRP-specific security issues. To mitigate the vulnerability of frequent VRRP and PIM DR state change from malicious attack, an implementation can choose to enable VRRP preemption such that a higher-priority VRRP backup router does not take over for a lower-priority MR; this will reduce the state-change notifications to a PIM component and subsequent mroute state changes. Detailed analysis of PIM and VRRP security is provided in [RFC5294] and [RFC5798].
建议的跟踪机制没有讨论向协议添加身份验证,也没有在SSM(源特定多播)或ASM(任何源多播)模式下对PIM的安全性带来新的负面影响或威胁。请注意,来自恶意节点的VRRP消息可能会导致意外行为,例如多个MRs和PIM DRs,这与VRRP特定的安全问题有关。为了缓解恶意攻击导致的频繁VRRP和PIM DR状态变化的漏洞,实现可以选择启用VRRP抢占,以便高优先级VRRP备份路由器不会接管低优先级MR;这将减少对PIM组件的状态更改通知以及随后的mroute状态更改。[RFC5294]和[RFC5798]中提供了PIM和VRRP安全性的详细分析。
[RFC2281] Li, T., Cole, B., Morton, P., and D. Li, "Cisco Hot Standby Router Protocol (HSRP)", RFC 2281, DOI 10.17487/RFC2281, March 1998, <http://www.rfc-editor.org/info/rfc2281>.
[RFC2281]Li,T.,Cole,B.,Morton,P.,和D.Li,“思科热备用路由器协议(HSRP)”,RFC 2281,DOI 10.17487/RFC2281,1998年3月<http://www.rfc-editor.org/info/rfc2281>.
[RFC5294] Savola, P. and J. Lingard, "Host Threats to Protocol Independent Multicast (PIM)", RFC 5294, DOI 10.17487/RFC5294, August 2008, <http://www.rfc-editor.org/info/rfc5294>.
[RFC5294]Savola,P.和J.Lingard,“协议独立多播(PIM)的主机威胁”,RFC 5294,DOI 10.17487/RFC5294,2008年8月<http://www.rfc-editor.org/info/rfc5294>.
[RFC5798] Nadas, S., Ed., "Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6", RFC 5798, DOI 10.17487/RFC5798, March 2010, <http://www.rfc-editor.org/info/rfc5798>.
[RFC5798]Nadas,S.,Ed.,“IPv4和IPv6的虚拟路由器冗余协议(VRRP)第3版”,RFC 5798,DOI 10.17487/RFC5798,2010年3月<http://www.rfc-editor.org/info/rfc5798>.
[RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 2016, <http://www.rfc-editor.org/info/rfc7761>.
[RFC7761]Fenner,B.,Handley,M.,Holbrook,H.,Kouvelas,I.,Parekh,R.,Zhang,Z.,和L.Zheng,“协议独立多播-稀疏模式(PIM-SM):协议规范(修订版)”,STD 83,RFC 7761,DOI 10.17487/RFC7761,2016年3月<http://www.rfc-editor.org/info/rfc7761>.
Acknowledgments
致谢
I would like to give a special thank you and appreciation to Stig Venaas for his ideas and comments in this document.
我要特别感谢并感谢斯蒂格·维纳斯在本文件中提出的想法和评论。
Author's Address
作者地址
Wei Zhou Cisco Systems Tasman Drive San Jose, CA 95134 United States
美国加利福尼亚州圣何塞市塔斯曼大道,邮编95134
Email: zhouweiisu@gmail.com
Email: zhouweiisu@gmail.com