<?xmlversion="1.1" encoding="US-ASCII"?>version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY RFC2119 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC8174 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC6513 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6513.xml"> <!ENTITY RFC6514 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6514.xml"> <!ENTITY RFC3618 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3618.xml"> <!ENTITY RFC7716 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7716.xml"> <!ENTITY RFC2764 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2764.xml"> ]> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc strict="no"?> <?rfc rfcedstyle="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" updates="6514" docName="draft-ietf-bess-mvpn-msdp-sa-interoperation-08"ipr="trust200902">number="9081" ipr="trust200902" obsoletes="" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 3.8.0 --> <front> <titleabbrev="mvpn-sa-msdp">MVPNabbrev="MVPN and MSDP SAInteroperation</title>Interoperation">Interoperation between Multicast Virtual Private Network (MVPN) and Multicast Source Directory Protocol (MSDP) Source-Active Routes</title> <seriesInfo name="RFC" value="9081"/> <author fullname="Zhaohui Zhang" initials="Z." surname="Zhang"> <organization>Juniper Networks</organization> <address> <email>zzhang@juniper.net</email> </address> </author> <author fullname="Lenny Giuliano" initials="L." surname="Giuliano"> <organization>Juniper Networks</organization> <address> <email>lenny@juniper.net</email> </address> </author> <dateyear="2021"/>year="2021" month="July"/> <workgroup>BESS</workgroup> <abstract> <t>This document specifies the procedures for interoperation between Multicast Virtual Private Network (MVPN)Source ActiveSource-Active (SA) routes and customer Multicast Source Discovery Protocol (MSDP)Source ActiveSA routes, which is useful for MVPN provider networks offering services to customers with an existing MSDP infrastructure. Without the procedures described in this document, VPN-specific MSDP sessions are required among thePEsProvider Edge (PE) routers that are customer MSDP peers. This document updatesRFC6514.RFC 6514. </t> </abstract><note title="Requirements Language"> <t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </note></front> <middle> <sectiontitle="Terminologies"> <t>Familiarity with MVPN <xref target="RFC6513"/> <xref target="RFC6514"/> and MSDP <xref target="RFC3618"/> protocols and procedures is assumed. Some terminologies are listed below for convenience. <list style="symbols"> <t>ASM: Any source multicast. </t> <t>SPT: Source-specific Shortest-path Tree. </t> <t>RPT: Rendezvous Point Tree. </t> <t>C-S: A multicast source address, identifying a multicast source located at a VPN customer site. </t> <t>C-G: A multicast group address used by a VPN customer. </t> <t>C-RP: A multicast Rendezvous Point for a VPN customer. </t> <t>C-Multicast: Multicast for a VPN customer. </t> <t>EC: Extended Community. </t> <t>GTM: Global Table Multicast, i.e., multicast in the default or global routing table vs. VRF table. </t> </list> </t> </section> <section title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>Section"14. Supporting<xref target="RFC6514" section="14" sectionFormat="bare"> "Supporting PIM-SM without Inter-Site SharedC-Trees"C-Trees"</xref> of[RFC6514]<xref target="RFC6514"/> specifies the procedures for MVPN PEs to discover (C-S,C-G) via MVPNSource ActiveSource-Active A-D routes and then send Source Tree Join (C-S,C-G) C-multicast routes towards the ingressPEs,PEs to establishSPTsshortest path trees (SPTs) for customerASMAny-Source Multicast (ASM) flows for which they have downstream receivers. (C-*,C-G) C-multicast routes are not sent among thePEsPEs, so inter-site shared C-Trees are notusedused, and the method is generally referred to as "spt-only" mode. </t> <t>With this mode, the MVPNSource ActiveSource-Active routes are functionally similar to MSDP Source-Active messages. For a VPN, one or more of the PEs, say PE1, either acts as a C-RP and learns of (C-S,C-G) via PIM Registermessages,messages or has MSDP sessions with some MSDP peers andlearnlearns of (C-S,C-G) via MSDP SA messages. In either case, PE1 will then originate MVPN SA routes for other PEs to learnthe(C-S,C-G). </t><t>[RFC6514]<t><xref target="RFC6514"/> only specifies that a PE receiving the MVPN SA routes, say PE2, will advertise Source Tree Join (C-S,C-G) C-multicast routes if it has corresponding (C-*,C-G) state learnt from itsCE.Customer Edge (CE). PE2 may also have MSDP sessions for the VPN with other C-RPs at its site, but[RFC6514]<xref target="RFC6514"/> does not specify that PE2 advertises MSDP SA messages to those MSDP peers for the (C-S,C-G) that it learns via MVPN SA routes. PE2 would need to have an MSDP session with PE1 (that advertised the MVPN SA messages) to learn the sources via MSDP SAmessages,messages for it to advertise the MSDP SA to its local peers. To make things worse, unless blocked by policy control, PE2 would in turn advertise MVPN SA routes because of those MSDP SA messages that it receives from PE1, which are redundant and unnecessary. Also notice that the PE1-PE2 MSDP session isVPN-specificVPN specific (i.e., only for a single VPN), while the BGP sessions over which the MVPN routes are advertised are not. </t> <t>If a PE does advertise MSDP SA messages based on received MVPN SA routes, the VPN-specific MSDP sessions with other PEs are no longer needed. Additionally, this MVPN/MSDP SA interoperation has the following inherent benefits for aBGP basedBGP-based solution.<list style="symbols"> <t>MSDP</t> <ul spacing="normal"> <li>MSDP SA refreshes are replaced with BGP hard state.</t> <t>Route Reflectors</li> <li>Route reflectors can be used instead of having peer-to-peer sessions.</t> <t>VPN Extranet</li> <li>VPN extranet <xreftarget="RFC2764"/>target="RFC2764" format="default"/> mechanisms can be used to propagate (C-S,C-G) information across VPNs with flexible policy control.</t> </list> </t></li> </ul> <t>While MSDPSource ActiveSource-Active routes contain the source,groupgroup, and RP addresses of a given multicast flow, MVPNSource ActiveSource-Active routes only contain the source and group. MSDP requires the RP address information in order to perform MSDPpeer-RPF.peer Reverse Path Forwarding (RPF). Therefore, this document describes how to convey the RP address information into the MVPNSource ActiveSource-Active route using an Extended Community so this information can be shared with an existing MSDP infrastructure. </t> <t>The procedures apply to Global Table Multicast (GTM)[RFC7716]<xref target="RFC7716" format="default"/> as well. </t> <sectiontitle="MVPNnumbered="true" toc="default"> <name>MVPN RPT-SPTMode">Mode</name> <t>For comparison, another method of supporting customer ASM is generally referred to as "rpt-spt" mode. Section"13. Switching<xref target="RFC6514" section="13" sectionFormat="bare">"Switching from a Shared C-Tree to a SourceC-Tree"C-Tree"</xref> of[RFC6514]<xref target="RFC6514"/> specifies the MVPN SA procedures for that mode, but those SA routes are a replacement for PIM-ASM assert and (s,g,rpt) prune mechanisms, not for source discovery purposes. MVPN/MSDP SA interoperation for the "rpt-spt" mode is outside the scope of this document. In the rest of the document, the "spt-only" mode is assumed. </t> </section> </section> <sectiontitle="Specification">numbered="true" toc="default"> <name>Terminology</name> <t>Familiarity with MVPN <xref target="RFC6513" format="default"/> <xref target="RFC6514" format="default"/> and MSDP <xref target="RFC3618" format="default"/> protocols and procedures is assumed. Some terminology is listed below for convenience. </t> <dl newline="false" spacing="normal" indent="14"> <dt>ASM:</dt> <dd>Any-Source Multicast</dd> <dt>SPT:</dt> <dd>source-specific Shortest Path Tree</dd> <dt>RPT:</dt> <dd>Rendezvous Point Tree</dd> <dt>C-S:</dt> <dd>a multicast source address, identifying a multicast source located at a VPN customer site</dd> <dt>C-G:</dt> <dd>a multicast group address used by a VPN customer</dd> <dt>C-RP:</dt> <dd>a multicast Rendezvous Point for a VPN customer</dd> <dt>C-multicast:</dt> <dd>a multicast for a VPN customer</dd> <dt>EC:</dt> <dd>Extended Community</dd> <dt>GTM:</dt> <dd>Global Table Multicast, i.e., a multicast in the default or global routing table vs. a VPN Routing and Forwarding (VRF) table</dd> </dl> <section> <name>Requirements Language</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here. </t> </section> </section> <section numbered="true" toc="default"> <name>Specification</name> <t>The MVPN PEs that act as customer RPs or have one or more MSDP sessions in a VPN (or the global table in case of GTM) are treated as an MSDP mesh group for that VPN (or the global table). In the rest of the document, it is referred to as the PE mesh group. This PE mesh groupMUST NOT<bcp14>MUST NOT</bcp14> include other MSDPspeakers,speakers and is integrated into the rest of the MSDP infrastructure for the VPN (or the global table) following normal MSDP rules and practices. </t> <t>When an MVPN PE advertises an MVPN SA route following procedures in[RFC6514]<xref target="RFC6514"/> for the "spt-only" mode, itMUST<bcp14>MUST</bcp14> attach an "MVPN SA RP-address Extended Community". This is a Transitive IPv4-Address-Specific Extended Community. The LocalAdministrativeAdministrator field is set tozerozero, and the GlobalAdministrativeAdministrator field is set to an RP address determined as the following:<list style="symbols"> <t>If</t> <ul spacing="normal"> <li>If the (C-S,C-G) is learnt as a result of the PIM Register mechanism, the local RP address for the C-G is used.</t> <t>If</li> <li>If the (C-S,C-G) is learnt as a result of incoming MSDP SA messages, the RP address in the selected MSDP SA message is used.</t> </list> </t></li> </ul> <t>In addition to the procedures in[RFC6514],<xref target="RFC6514"/>, an MVPN PE may be provisioned to generate MSDP SA messages from received MVPN SA routes, with or without local policy control. If a received MVPN SA route triggers an MSDP SA message, the MVPN SA route is treated as if a corresponding MSDP SA message was received from within the PE mesh group and normal MSDP procedure is followed(e.g.(e.g., an MSDP SA message is advertised to other MSDP peers outside the PE mesh group). The (S,G) information comes from the (C-S,C-G) encoding in the MVPN SANLRINetwork Layer Reachability Information (NLRI), and the RP address comes from the "MVPN SA RP-address EC" mentioned above. If the received MVPN SA route does not have the EC (this could be from a legacy PE that does not have the capability to attach the EC), the local RP address for the C-G is used. In that case, it is possible that the RP inserted into the MSDP SA message for the C-G is actually the MSDP peer to which the generated MSDP message is advertised, causing the peer to discard it due to RPF failure. To get around thatproblemproblem, the peerSHOULD<bcp14>SHOULD</bcp14> use local policy to accept the MSDP SA message. </t> <t>An MVPN PEMAY<bcp14>MAY</bcp14> treat only the best MVPN SA route selected by the BGP route selection process (instead of all MVPN SA routes) for a given (C-S,C-G) as a received MSDP SA message (and advertise the corresponding MSDP message). In that case, if the selected best MVPN SA route does not have the "MVPN SA RP-address EC" but another route for the same (C-S, C-G) does, then the next best route with the ECSHOULD<bcp14>SHOULD</bcp14> be chosen. As a result,when/ifif/when the best MVPN SA route with the EC changes, a new MSDP SA message is advertised if the RP address determined according to the newly selected MVPN SA route is different from before. The MSDP SA state associated with the previously advertised MSDP SA message with the older RP address will be timed out. </t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>RFC6514<xref target="RFC6514"/> specifies the procedure for a PE to generate an MVPN SA upon discovering a (C-S,C-G) flow(e.g.(e.g., via a received MSDP SA message) in a VPN. This document extends this capability in the reverse direction--- upon receiving an MVPN SA route in aVPNVPN, generate a corresponding MSDP SA and advertise it to MSDP peers in the same VPN. As such, the capabilities specified in this document introduce no additional security considerations beyond those already specified inRFC6514<xref target="RFC6514"/> andRFC3618.<xref target="RFC3618"/>. Moreover, the capabilities specified in this document actually eliminate the control message amplification that exists today where VPN-specific MSDP sessions are required among the PEs that are customer MSDP peers, which lead to redundant messages (MSDP SAs and MVPN SAs) being carried in parallel between PEs. </t> </section> <sectiontitle="IANA Considerations" anchor="sarpec"> <t>This document introduces a new Transitive IPv4 Address Specific Extended Community "MVPN SA RP-address Extended Community".anchor="sarpec" numbered="true" toc="default"> <name>IANA Considerations</name> <t> IANAhasregisteredsubcode 0x20the following in theTransitive"Transitive IPv4-Address-Specific Extended CommunitySub-Types registry for this EC.Sub-Typesā€¯ registry: </t> <table anchor="table_1"> <name></name> <thead> <tr> <th>Value</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>0x20</td> <td>MVPN SA RP-address Extended Community</td> </tr> </tbody> </table> </section> </middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6514.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3618.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7716.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2764.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6513.xml"/> </references> </references> <section anchor="Acknowledgements"title="Acknowledgements">numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors thankEric Rosen and Vinod Kumar<contact fullname="Eric Rosen"/>, <contact fullname="Vinod Kumar"/>, <contact fullname="Yajun Liu"/>, <contact fullname="Stig Venaas"/>, <contact fullname="Mankamana Mishra"/>, <contact fullname="Gyan Mishra"/>, <contact fullname="Qin Wu"/>, and <contact fullname="Jia He"/> for theirreview,reviews, comments,questionsquestions, and suggestions for this document.The authors also thank Yajun Liu for her review and comments.</t> </section></middle> <back> <references title="Normative References"> &RFC2119; &RFC8174; &RFC6514; &RFC3618; </references> <references title="Informative References"> &RFC7716; &RFC2764; &RFC6513; </references></back> </rfc>