idnits 2.17.00 (12 Aug 2021) /tmp/idnits16740/draft-ietf-bess-mvpn-msdp-sa-interoperation-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC6514, updated by this document, for RFC5378 checks: 2006-08-01) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 24, 2021) is 355 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Experimental RFC: RFC 3618 Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BESS Z. Zhang 3 Internet-Draft L. Giuliano 4 Updates: 6514 (if approved) Juniper Networks 5 Intended status: Standards Track May 24, 2021 6 Expires: November 25, 2021 8 MVPN and MSDP SA Interoperation 9 draft-ietf-bess-mvpn-msdp-sa-interoperation-08 11 Abstract 13 This document specifies the procedures for interoperation between 14 Multicast Virtual Private Network (MVPN) Source Active routes and 15 customer Multicast Source Discovery Protocol (MSDP) Source Active 16 routes, which is useful for MVPN provider networks offering services 17 to customers with an existing MSDP infrastructure. Without the 18 procedures described in this document, VPN-specific MSDP sessions are 19 required among the PEs that are customer MSDP peers. This document 20 updates RFC6514. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 26 "OPTIONAL" in this document are to be interpreted as described in BCP 27 14 [RFC2119] [RFC8174] when, and only when, they appear in all 28 capitals, as shown here. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on November 25, 2021. 47 Copyright Notice 49 Copyright (c) 2021 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2.1. MVPN RPT-SPT Mode . . . . . . . . . . . . . . . . . . . . 4 67 3. Specification . . . . . . . . . . . . . . . . . . . . . . . . 4 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 69 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 70 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 71 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 72 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 73 7.2. Informative References . . . . . . . . . . . . . . . . . 6 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 76 1. Terminologies 78 Familiarity with MVPN [RFC6513] [RFC6514] and MSDP [RFC3618] 79 protocols and procedures is assumed. Some terminologies are listed 80 below for convenience. 82 o ASM: Any source multicast. 84 o SPT: Source-specific Shortest-path Tree. 86 o RPT: Rendezvous Point Tree. 88 o C-S: A multicast source address, identifying a multicast source 89 located at a VPN customer site. 91 o C-G: A multicast group address used by a VPN customer. 93 o C-RP: A multicast Rendezvous Point for a VPN customer. 95 o C-Multicast: Multicast for a VPN customer. 97 o EC: Extended Community. 99 o GTM: Global Table Multicast, i.e., multicast in the default or 100 global routing table vs. VRF table. 102 2. Introduction 104 Section "14. Supporting PIM-SM without Inter-Site Shared C-Trees" of 105 [RFC6514] specifies the procedures for MVPN PEs to discover (C-S,C-G) 106 via MVPN Source Active A-D routes and then send Source Tree Join 107 (C-S,C-G) C-multicast routes towards the ingress PEs, to establish 108 SPTs for customer ASM flows for which they have downstream receivers. 109 (C-*,C-G) C-multicast routes are not sent among the PEs so inter-site 110 shared C-Trees are not used and the method is generally referred to 111 as "spt-only" mode. 113 With this mode, the MVPN Source Active routes are functionally 114 similar to MSDP Source-Active messages. For a VPN, one or more of 115 the PEs, say PE1, either acts as a C-RP and learns of (C-S,C-G) via 116 PIM Register messages, or has MSDP sessions with some MSDP peers and 117 learn (C-S,C-G) via MSDP SA messages. In either case, PE1 will then 118 originate MVPN SA routes for other PEs to learn the (C-S,C-G). 120 [RFC6514] only specifies that a PE receiving the MVPN SA routes, say 121 PE2, will advertise Source Tree Join (C-S,C-G) C-multicast routes if 122 it has corresponding (C-*,C-G) state learnt from its CE. PE2 may 123 also have MSDP sessions for the VPN with other C-RPs at its site, but 124 [RFC6514] does not specify that PE2 advertises MSDP SA messages to 125 those MSDP peers for the (C-S,C-G) that it learns via MVPN SA routes. 126 PE2 would need to have an MSDP session with PE1 (that advertised the 127 MVPN SA messages) to learn the sources via MSDP SA messages, for it 128 to advertise the MSDP SA to its local peers. To make things worse, 129 unless blocked by policy control, PE2 would in turn advertise MVPN SA 130 routes because of those MSDP SA messages that it receives from PE1, 131 which are redundant and unnecessary. Also notice that the PE1-PE2 132 MSDP session is VPN-specific (i.e., only for a single VPN), while the 133 BGP sessions over which the MVPN routes are advertised are not. 135 If a PE does advertise MSDP SA messages based on received MVPN SA 136 routes, the VPN-specific MSDP sessions with other PEs are no longer 137 needed. Additionally, this MVPN/MSDP SA interoperation has the 138 following inherent benefits for a BGP based solution. 140 o MSDP SA refreshes are replaced with BGP hard state. 142 o Route Reflectors can be used instead of having peer-to-peer 143 sessions. 145 o VPN Extranet [RFC2764] mechanisms can be used to propagate 146 (C-S,C-G) information across VPNs with flexible policy control. 148 While MSDP Source Active routes contain the source, group and RP 149 addresses of a given multicast flow, MVPN Source Active routes only 150 contain the source and group. MSDP requires the RP address 151 information in order to perform MSDP peer-RPF. Therefore, this 152 document describes how to convey the RP address information into the 153 MVPN Source Active route using an Extended Community so this 154 information can be shared with an existing MSDP infrastructure. 156 The procedures apply to Global Table Multicast (GTM) [RFC7716] as 157 well. 159 2.1. MVPN RPT-SPT Mode 161 For comparison, another method of supporting customer ASM is 162 generally referred to as "rpt-spt" mode. Section "13. Switching 163 from a Shared C-Tree to a Source C-Tree" of [RFC6514] specifies the 164 MVPN SA procedures for that mode, but those SA routes are a 165 replacement for PIM-ASM assert and (s,g,rpt) prune mechanisms, not 166 for source discovery purposes. MVPN/MSDP SA interoperation for the 167 "rpt-spt" mode is outside the scope of this document. In the rest of 168 the document, the "spt-only" mode is assumed. 170 3. Specification 172 The MVPN PEs that act as customer RPs or have one or more MSDP 173 sessions in a VPN (or the global table in case of GTM) are treated as 174 an MSDP mesh group for that VPN (or the global table). In the rest 175 of the document, it is referred to as the PE mesh group. This PE 176 mesh group MUST NOT include other MSDP speakers, and is integrated 177 into the rest of MSDP infrastructure for the VPN (or the global 178 table) following normal MSDP rules and practices. 180 When an MVPN PE advertises an MVPN SA route following procedures in 181 [RFC6514] for the "spt-only" mode, it MUST attach an "MVPN SA RP- 182 address Extended Community". This is a Transitive IPv4-Address- 183 Specific Extended Community. The Local Administrative field is set 184 to zero and the Global Administrative field is set to an RP address 185 determined as the following: 187 o If the (C-S,C-G) is learnt as result of PIM Register mechanism, 188 the local RP address for the C-G is used. 190 o If the (C-S,C-G) is learnt as result of incoming MSDP SA messages, 191 the RP address in the selected MSDP SA message is used. 193 In addition to procedures in [RFC6514], an MVPN PE may be provisioned 194 to generate MSDP SA messages from received MVPN SA routes, with or 195 without local policy control. If a received MVPN SA route triggers 196 an MSDP SA message, the MVPN SA route is treated as if a 197 corresponding MSDP SA message was received from within the PE mesh 198 group and normal MSDP procedure is followed (e.g. an MSDP SA message 199 is advertised to other MSDP peers outside the PE mesh group). The 200 (S,G) information comes from the (C-S,C-G) encoding in the MVPN SA 201 NLRI and the RP address comes from the "MVPN SA RP-address EC" 202 mentioned above. If the received MVPN SA route does not have the EC 203 (this could be from a legacy PE that does not have the capability to 204 attach the EC), the local RP address for the C-G is used. In that 205 case, it is possible that the RP inserted into the MSDP SA message 206 for the C-G is actually the MSDP peer to which the generated MSDP 207 message is advertised, causing the peer to discard it due to RPF 208 failure. To get around that problem the peer SHOULD use local policy 209 to accept the MSDP SA message. 211 An MVPN PE MAY treat only the best MVPN SA route selected by the BGP 212 route selection process (instead of all MVPN SA routes) for a given 213 (C-S,C-G) as a received MSDP SA message (and advertise the 214 corresponding MSDP message). In that case, if the selected best MVPN 215 SA route does not have the "MVPN SA RP-address EC" but another route 216 for the same (C-S, C-G) does, then the next best route with the EC 217 SHOULD be chosen. As a result, when/if the best MVPN SA route with 218 the EC changes, a new MSDP SA message is advertised if the RP address 219 determined according to the newly selected MVPN SA route is different 220 from before. The MSDP SA state associated with the previously 221 advertised MSDP SA message with the older RP address will be timed 222 out. 224 4. Security Considerations 226 RFC6514 specifies the procedure for a PE to generate an MVPN SA upon 227 discovering a (C-S,C-G) flow (e.g. via a received MSDP SA message) in 228 a VPN. This document extends this capability in the reverse 229 direction - upon receiving an MVPN SA route in a VPN generate a 230 corresponding MSDP SA and advertise it to MSDP peers in the same VPN. 231 As such, the capabilities specified in this document introduce no 232 additional security considerations beyond those already specified in 233 RFC6514 and RFC3618. Moreover, the capabilities specified in this 234 document actually eliminate the control message amplification that 235 exists today where VPN-specific MSDP sessions are required among the 236 PEs that are customer MSDP peers, which lead to redundant messages 237 (MSDP SAs and MVPN SAs) being carried in parallel between PEs. 239 5. IANA Considerations 241 This document introduces a new Transitive IPv4 Address Specific 242 Extended Community "MVPN SA RP-address Extended Community". IANA has 243 registered subcode 0x20 in the Transitive IPv4-Address-Specific 244 Extended Community Sub-Types registry for this EC. 246 6. Acknowledgements 248 The authors thank Eric Rosen and Vinod Kumar for their review, 249 comments, questions and suggestions for this document. The authors 250 also thank Yajun Liu for her review and comments. 252 7. References 254 7.1. Normative References 256 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 257 Requirement Levels", BCP 14, RFC 2119, 258 DOI 10.17487/RFC2119, March 1997, 259 . 261 [RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source 262 Discovery Protocol (MSDP)", RFC 3618, 263 DOI 10.17487/RFC3618, October 2003, 264 . 266 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 267 Encodings and Procedures for Multicast in MPLS/BGP IP 268 VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, 269 . 271 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 272 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 273 May 2017, . 275 7.2. Informative References 277 [RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A. 278 Malis, "A Framework for IP Based Virtual Private 279 Networks", RFC 2764, DOI 10.17487/RFC2764, February 2000, 280 . 282 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 283 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 284 2012, . 286 [RFC7716] Zhang, J., Giuliano, L., Rosen, E., Ed., Subramanian, K., 287 and D. Pacella, "Global Table Multicast with BGP Multicast 288 VPN (BGP-MVPN) Procedures", RFC 7716, 289 DOI 10.17487/RFC7716, December 2015, 290 . 292 Authors' Addresses 294 Zhaohui Zhang 295 Juniper Networks 297 EMail: zzhang@juniper.net 299 Lenny Giuliano 300 Juniper Networks 302 EMail: lenny@juniper.net