Network Working Group Pradosh Mohapatra Internet Draft Cisco Systems, Inc. Expiration Date: August 2007 Eric Rosen Cisco Systems, Inc. February 2007 BGP Encapsulation SAFI and BGP Tunnel Encapsulation Attribute draft-pmohapat-idr-info-safi-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document specifies a new BGP SAFI, Encapsulation SAFI. A BGP update message of this SAFI contains an NLRI which uniquely identifies the BGP speaker that originated the update. The purpose of such an update is to carry attributes that define how encapsulated packets need to be delivered to the sender. For instance, if one BGP speaker needs to use an IP-based encapsulation in order to deliver traffic to a second, the second BGP speaker can use this SAFI to specify information about the encapsulation header that it expects. A BGP tunnel encapsulation attribute is specified for this purpose. Mohapatra & Rosen [Page 1] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 Other attributes, including communities and/or extended communities, can also be included. Table of Contents 1 Specification of requirements ...................... 2 2 Introduction ....................................... 2 3 Encapsulation NLRI Format .......................... 3 4 Tunnel Encapsulation Attribute ..................... 4 4.1 Encapsulation sub-TLV .............................. 6 4.2 Protocol Type sub-TLV .............................. 7 4.3 Tunnel Type Selection .............................. 7 5 Capability advertisement ........................... 8 6 Security Considerations ............................ 8 7 IANA Considerations ................................ 8 8 Acknowledgements ................................... 9 9 Normative References ............................... 9 10 Informative References ............................. 9 11 Authors' Addresses ................................. 9 12 Full Copyright Statement ........................... 10 13 Intellectual Property .............................. 10 1. Specification of requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Introduction This document specifies a new BGP SAFI, Encapsulation SAFI. A BGP update message of this SAFI contains an NLRI which uniquely identifies the BGP speaker that originated the update. The purpose of such an update is to carry attributes that define how encapsulated packets need to be delivered to the sender. For instance, if one BGP speaker needs to use an IP-based encapsulation in order to deliver traffic to a second, the second BGP speaker can use this SAFI to specify information about the encapsulation header that it expects. A BGP tunnel encapsulation attribute is specified for this purpose. Other attributes, including communities and/or extended communities, Mohapatra & Rosen [Page 2] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 can also be included. The tunnel attribute is especially useful for multipoint-to-point tunnels to signal information from the receiving speaker to transmitting speakers. One application of the SAFI and the tunnel encapsulation attribute is [SOFTWIRE] that specifies a requirement to connect IPv4 networks across IPv6 core and IPv6 networks across IPv4 core. The motivation behind introducing the new SAFI to send information about the speaker is to advertise such information once, or as and when it changes as opposed to attaching this information with each and every prefix. That would require advertising redundant information, and also, when the information changes, the speaker would require to send all the prefixes again resulting in a network- wide control plane churn. The advantage of using the same SAFI to distribute encapsulation information of different tunneling technologies is that the route reflectors need not be upgraded each time there is a new encapsulation protocol deployed in the network and also the edge routers can send or receive encapsulation parameters for multiple types over one BGP session. The tunnel encapsulation attribute is optional transitive, thus a BGP speaker can transparently pass on the information even if it does not support it. 3. Encapsulation NLRI Format The BGP speaker identification is advertised in BGP UPDATE messages using MP_REACH_NLRI and MP_UNREACH_NLRI attributes [RFC4760]. The Encapsulation SAFI (value to be assigned by IANA) is set as the SAFI value in these UPDATE messages. The AFI is set to be one of the address family identifier values as defined in [IANA-AF] (refer to the Address Family Numbers section). The NLRI in the MP_REACH_NLRI or MP_UNREACH_NLRI is a variable length field encoded in a format as defined in section 5 of [RFC4760] (a 2- tuple of the form ). The value field is structured as follows: Mohapatra & Rosen [Page 3] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 +-----------------------------------------------+ | Endpoint address (Variable) | +-----------------------------------------------+ - Endpoint Address: This field identifies the BGP speaker originating the update. It is typically one of the interface addresses configured at the router. The length of the endpoint address is dependent on the AFI being advertised. For example, if the AFI is set to IPv4 (1), the the endpoint address is a 4-octet IPv4 address whereas if the AFI is set to IPv6 (2), the endpoint address is a 16-octet IPv6 address. An update message that carries the MP_REACH_NLRI or MP_UNREACH_NLRI with Encapsulation SAFI MUST also carry the BGP mandatory attributes: ORIGIN, AS_PATH, and LOCAL_PREF (for IBGP neighbors) as defined in [RFC4271]. In addition, such an update message can also contain any of the BGP optional attributes, like Community or Extended Community attribute to influence an action on the receiving speaker. When a BGP speaker advertises the Encapsulation NLRI via BGP, it uses its own address as the BGP nexthop in the MP_REACH_NLRI or MP_UNREACH_NLRI attribute. The nexthop address is set based on the AFI in the attribute. For example, if the AFI is set to IPv4 (1), the nexthop is encoded as a 4-byte IPv4 address. If the AFI is set to IPv6 (2), the nexthop is encoded as a 16-byte IPv6 address of the router. On the receiving router, the BGP nexthop of such an update message is validated by performing a recursive route lookup operation in the routing table. Bestpath selection of Encapsulation NLRIs is governed by the decision process outlined in section 9.1 of [RFC4271]. The encapsulation data carried through other attributes in the message are to be used by the receiving router only if the NLRI has a bestpath. 4. Tunnel Encapsulation Attribute Tunnel Encapsulation attribute is an optional transitive attribute that is composed of a set of TLVs. The type code of the attribute is to be assigned by IANA. Each TLV contains information corresponding to a particular tunnel technology. The TLV is structured as follows: Mohapatra & Rosen [Page 4] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tunnel Type (2 Octets) | Length (2 Octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Value | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Tunnel Type (2 octets): It identifies the type of the tunneling technology being signaled. This document defines the following types: - L2TPv3: Tunnel Type = 1 - GRE: Tunnel Type = 2 Unknown types are to be ignored and skipped upon receipt. Length (2 octets): the total number of octets of the Value field. Value (variable): The value is comprised of multiple sub-TLV's. Each sub-TLV consists of three fields: a one-octet type, one-octet length, and zero or more octets of value. The sub-TLV is structured as follows: +-----------------------------------+ | Sub-TLV Type (1 Octet) | +-----------------------------------+ | Sub-TLV Length (1 Octet) | +-----------------------------------+ | Sub-TLV Value (Variable) | | | +-----------------------------------+ Sub-TLV Type (1 octet): Each sub-TLV type defines a certain property about the tunnel TLV that contains this sub-TLV. The following are the types defined in this document: - Encapsulation: sub-TLV type = 1 - Protocol type: sub-TLV type = 2 Unknown sub-TLV types are to be ignored and skipped upon receipt. Sub-TLV Length (1 octet): the total number of octets of the sub-TLV value field. Mohapatra & Rosen [Page 5] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 Sub-TLV Value (variable): Encodings of the value field depend on the sub-TLV type as enumerated above. The following sub-sections define the encoding in detail. 4.1. Encapsulation sub-TLV The syntax and semantics of the encapsulation sub-TLV is determined by the tunnel type of the TLV that contains this sub-TLV. When the tunnel type of the TLV is L2TPv3, the following is the structure of the value field of the encapsulation sub-TLV: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Cookie (Variable) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * Session ID: a 4-octet value locally assigned by the advertising router that serves as a lookup key in the incoming packet's context. * Cookie: an optional, variable length (0 to 64 bits) value used by L2TPv3 to check the association of a received data message with the session identified by the Session ID. The Cookie value is tightly coupled with the Session ID. The length of the cookie is not encoded explicitly, but can be calculated as: (sub-TLV length - 4) When the tunnel type of the TLV is GRE, the following is the structure of the value field of the encapsulation sub-TLV: Mohapatra & Rosen [Page 6] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | GRE Key (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * GRE Key: A 4 Octet field that is generated by the advertising router. The actual method by which the key is obtained is beyond the scope of the document. The key is inserted into the GRE encapsulation header of the payload packets sent by ingress routers to the advertising router. It is intended to be used for identifying extra context information about the received payload. Note that the key is optional. Unless a key value is being advertised, the GRE encapsulation sub-TLV MUST NOT be present. 4.2. Protocol Type sub-TLV The protocol type sub-TLV encodes the type of the payload packets that will be encapsulated with the tunnel parameters being signaled in the TLV. The value field of the sub-TLV contains a 2-octet protocol type that is one of the types defined in [IANA-AF] as ETHER TYPEs. As an example, if we want to use three L2TPv3 sessions, one carrying IPv4 packets, one carrying IPv6 packets, and one carrying MPLS packets, the egress router will include three TLVs of L2TPv3 encapsulation type, each specifying a different session id and a different payload type. The protocol type sub-TLV for these will be IPv4 (protocol type = 0x0800), IPv6 (protocol type = 0x86dd), and MPLS (protocol type = 0x8847) respectively. This informs the ingress routers of the appropriate encapsulation information to use with each of the given protocol types. Insertion of the specified session id at the ingress routers allows the egress to process the incoming packets correctly, according to their protocol type. 4.3. Tunnel Type Selection A BGP speaker may include multiple tunnel TLVs in the tunnel attribute. The receiving speaker MAY have local policies defined to choose different tunnel types for different sets/types of payload prefixes received from the same BGP speaker. For instance, if a BGP speaker includes both L2TPv3 and GRE tunnel types in the tunnel attribute and it also advertises IPv4 and IPv6 prefixes, the ingress router may have local policy defined to choose L2TPv3 for IPv4 Mohapatra & Rosen [Page 7] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 prefixes (provided the protocol type received in the tunnel attribute matches) and GRE for IPv6 prefixes. Additionally, the Encapsulation SAFI UPDATE message can contain a community or extended-community as a way to color the corresponding tunnel TLV(s). The same community or extended community can then be attached to the UPDATE messages that contain payload prefixes. This way, the BGP speaker can express the fact that it expects the packets corresponding to these payload prefixes to be received with a particular tunnel encapsulation header. In a multi-vendor deployment that has routers supporting different tunneling technologies, attaching community and/or extended-community to the Encapsulation SAFI UPDATE message can serve as a classification mechanism (for example, set A of routers for GRE and set B of routers for L2TPv3). The ingress router can then choose the encapsulation data appropriately while sending packets to an egress router. These communities/extended communities, if used, will be user defined and configured locally on the routers. 5. Capability advertisement A BGP speaker that wishes to exchange tunnel endpoint information must use the Multiprotocol Extensions Capability Code as defined in [RFC4760], to advertise the corresponding (AFI, SAFI) pair. 6. Security Considerations If a third party is able to modify any of the information that is used to form encapsulation headers, or to choose a tunnel type, or to choose a particular tunnel for a particular payload type, user data packets may end up getting misrouted, misdelivered, and/or dropped. 7. IANA Considerations This document defines a new NLRI format, called Encapsulation NLRI, to be carried in BGP using multiprotocol extensions. It is to be assigned its own SAFI. This document defines a new BGP optional transitive attribute, called Tunnel attribute. This document introduces Tunnel TLVs and sub-TLVs. The type space for Mohapatra & Rosen [Page 8] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 both of these should be set up by IANA as a registry of 2-octet tunnel types and 1-octet sub-TLV types. These should be assigned on a first-come- first-serve basis. 8. Acknowledgements This specification builds on prior work by Gargi Nalawade, Ruchi Kapoor, Dan Tappan, David Ward, Scott Wainner, Simon Barber, and Chris Metz. The current authors wish to thank all these authors for their contribution. The authors would like to thank John Scudder, Robert Raszuk, Keyur Patel, and Chris Metz for their valuable comments and suggestions. 9. Normative References [RFC4271] Rekhter, Y., Li T., and Hares S.(editors), "A Border Gateway Protocol 4 (BGP-4)," RFC 4271, January 2006. [RFC4760] Bates et al, "Multiprotocol Extensions for BGP-4," RFC 4760, January 2007. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels," March 1997. [IANA-AF] "Address Family Numbers," Reachable from http://www.iana.org/numbers.html 10. Informative References [SOFTWIRE] Dawkins S. (editor), "Softwire Problem Statement," draft- ietf-softwire-problem-statement-02.txt, May 2006. 11. Authors' Addresses Pradosh Mohapatra Cisco Systems, Inc. 170 Tasman Drive San Jose, CA, 95134 Email: pmohapat@cisco.com Mohapatra & Rosen [Page 9] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 Eric Rosen Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA, 01719 E-mail: erosen@cisco.com 12. Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 13. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- Mohapatra & Rosen [Page 10] Internet Draft draft-pmohapat-idr-info-safi-01.txt February 2007 ipr@ietf.org. Mohapatra & Rosen [Page 11]