<?xmlversion="1.0" encoding="US-ASCII"?> <!DOCTYPE rfc SYSTEM "rfc2629.dtd">version='1.0' encoding='utf-8'?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="std" consensus="true" docName="draft-ietf-lisp-rfc6833bis-31" indexInclude="true" ipr="trust200902"docName="draft-ietf-lisp-rfc6833bis-30"number="9301" obsoletes="6830,6833"> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <?rfc toc="yes" ?> <?rfc symrefs="yes" ?> <?rfc sortrefs="yes"?> <?rfc iprnotified="no" ?> <?rfc compact="yes" ?> <?rfc subcompact="no"?> <?rfc rfcedstyle="yes"?>6833" prepTime="2022-10-18T16:01:20" scripts="Common,Latin" sortRefs="true" submissionType="IETF" symRefs="true" tocDepth="3" tocInclude="true" xml:lang="en"> <link href="https://datatracker.ietf.org/doc/draft-ietf-lisp-rfc6833bis-31" rel="prev"/> <link href="https://dx.doi.org/10.17487/rfc9301" rel="alternate"/> <link href="urn:issn:2070-1721" rel="alternate"/> <front> <title abbrev="LISPControl-Plane">Locator/IDControl Plane">Locator/ID Separation Protocol (LISP)Control-Plane</title>Control Plane</title> <seriesInfo name="RFC" value="9301" stream="IETF"/> <authorinitials='D'initials="D" surname="Farinacci"fullname='Dino Farinacci'> <organization>lispers.net</organization>fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> <address> <postal> <city>San Jose</city> <region>CA</region> <country>United States of America</country> </postal> <email>farinacci@gmail.com</email> </address> </author> <authorinitials='F'initials="F" surname="Maino"fullname='Fabio Maino'> <organization>Ciscofullname="Fabio Maino"> <organization showOnFrontPage="true">Cisco Systems</organization> <address> <postal> <city>San Jose</city> <region>CA</region> <country>United States of America</country> </postal> <email>fmaino@cisco.com</email> </address> </author> <authorinitials='V'initials="V" surname="Fuller"fullname='Vince Fuller'> <organization>vaf.netfullname="Vince Fuller"> <organization showOnFrontPage="true">vaf.net Internet Consulting</organization> <address><email>vaf@vaf.net</email><email>vince.fuller@gmail.com</email> </address> </author> <authorinitials='A' surname="Cabellos (Ed.)" fullname='Albert Cabellos'> <organization>UPC/BarcelonaTech</organization> <address><postal> <street>Campus Nord, C.initials="A" surname="Cabellos" fullname="Albert Cabellos" role="editor"> <organization showOnFrontPage="true">Universitat Politecnica de Catalunya</organization> <address> <postal> <street>c/ Jordi Girona1-3</street>s/n</street> <city>Barcelona</city><region>Catalunya</region><country>Spain</country> <code>08034</code> </postal><email>acabello@ac.upc.edu</email></address><email>acabello@ac.upc.edu</email> </address> </author> <date/> <abstract> <t>month="10" year="2022"/> <abstract pn="section-abstract"> <t indent="0" pn="section-abstract-1"> This document describes theControl-Planecontrol plane and Mapping Service for the Locator/ID Separation Protocol (LISP), implemented by two types of LISP-speaking devices -- the LISP Map-Resolver and LISP Map-Server -- thatprovidesprovide a simplified "front end" for one or more EndpointIDIDs (EIDs) to Routing Locator mapping databases.</t><t>By<t indent="0" pn="section-abstract-2">By using thisControl-Planecontrol plane service interface and communicating with Map-Resolvers and Map-Servers, LISP Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers (ETRs) are not dependent on the details of mapping databasesystems, whichsystems; this behavior facilitates modularity with different database designs. Since these devices implement the "edge" of the LISPControl-Planecontrol plane infrastructure, connecting EID addressable nodes of a LISP site,itthe implementation and operational complexity of the overall cost and effort of deployingLISP.</t> <t>ThisLISP is reduced.</t> <t indent="0" pn="section-abstract-3">This document obsoletesRFCRFCs 6830 andRFC6833.</t> </abstract> <boilerplate> <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.1"> <name slugifiedName="name-status-of-this-memo">Status of This Memo</name> <t indent="0" pn="section-boilerplate.1-1"> This is an Internet Standards Track document. </t> <t indent="0" pn="section-boilerplate.1-2"> This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. </t> <t indent="0" pn="section-boilerplate.1-3"> Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at <eref target="https://www.rfc-editor.org/info/rfc9301" brackets="none"/>. </t> </section> <section anchor="copyright" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.2"> <name slugifiedName="name-copyright-notice">Copyright Notice</name> <t indent="0" pn="section-boilerplate.2-1"> Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. </t> <t indent="0" pn="section-boilerplate.2-2"> This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<eref target="https://trustee.ietf.org/license-info" brackets="none"/>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. </t> </section> </boilerplate> <toc> <section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" pn="section-toc.1"> <name slugifiedName="name-table-of-contents">Table of Contents</name> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1"> <li pn="section-toc.1-1.1"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent="1" format="counter" sectionFormat="of" target="section-1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-introduction">Introduction</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.1.2"> <li pn="section-toc.1-1.1.2.1"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.1.2.1.1"><xref derivedContent="1.1" format="counter" sectionFormat="of" target="section-1.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-scope-of-applicability">Scope of Applicability</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.2"> <t indent="0" keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent="2" format="counter" sectionFormat="of" target="section-2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-requirements-notation">Requirements Notation</xref></t> </li> <li pn="section-toc.1-1.3"> <t indent="0" pn="section-toc.1-1.3.1"><xref derivedContent="3" format="counter" sectionFormat="of" target="section-3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-definitions-of-terms">Definitions of Terms</xref></t> </li> <li pn="section-toc.1-1.4"> <t indent="0" pn="section-toc.1-1.4.1"><xref derivedContent="4" format="counter" sectionFormat="of" target="section-4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-basic-overview">Basic Overview</xref></t> </li> <li pn="section-toc.1-1.5"> <t indent="0" pn="section-toc.1-1.5.1"><xref derivedContent="5" format="counter" sectionFormat="of" target="section-5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-ipv4-and-ipv6-control-">LISP IPv4 and IPv6 Control Plane Packet Formats</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.5.2"> <li pn="section-toc.1-1.5.2.1"> <t indent="0" pn="section-toc.1-1.5.2.1.1"><xref derivedContent="5.1" format="counter" sectionFormat="of" target="section-5.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-control-packet-type-al">LISP Control Packet Type Allocations</xref></t> </li> <li pn="section-toc.1-1.5.2.2"> <t indent="0" pn="section-toc.1-1.5.2.2.1"><xref derivedContent="5.2" format="counter" sectionFormat="of" target="section-5.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-request-message-format">Map-Request Message Format</xref></t> </li> <li pn="section-toc.1-1.5.2.3"> <t indent="0" pn="section-toc.1-1.5.2.3.1"><xref derivedContent="5.3" format="counter" sectionFormat="of" target="section-5.3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-eid-to-rloc-udp-map-request">EID-to-RLOC UDP Map-Request Message</xref></t> </li> <li pn="section-toc.1-1.5.2.4"> <t indent="0" pn="section-toc.1-1.5.2.4.1"><xref derivedContent="5.4" format="counter" sectionFormat="of" target="section-5.4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-reply-message-format">Map-Reply Message Format</xref></t> </li> <li pn="section-toc.1-1.5.2.5"> <t indent="0" pn="section-toc.1-1.5.2.5.1"><xref derivedContent="5.5" format="counter" sectionFormat="of" target="section-5.5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-eid-to-rloc-udp-map-reply-m">EID-to-RLOC UDP Map-Reply Message</xref></t> </li> <li pn="section-toc.1-1.5.2.6"> <t indent="0" pn="section-toc.1-1.5.2.6.1"><xref derivedContent="5.6" format="counter" sectionFormat="of" target="section-5.6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-register-message-format">Map-Register Message Format</xref></t> </li> <li pn="section-toc.1-1.5.2.7"> <t indent="0" pn="section-toc.1-1.5.2.7.1"><xref derivedContent="5.7" format="counter" sectionFormat="of" target="section-5.7"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-notify-and-map-notify-a">Map-Notify and Map-Notify-Ack Message Formats</xref></t> </li> <li pn="section-toc.1-1.5.2.8"> <t indent="0" pn="section-toc.1-1.5.2.8.1"><xref derivedContent="5.8" format="counter" sectionFormat="of" target="section-5.8"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-encapsulated-control-messag">Encapsulated Control Message Format</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.6"> <t indent="0" pn="section-toc.1-1.6.1"><xref derivedContent="6" format="counter" sectionFormat="of" target="section-6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-changing-the-contents-of-ei">Changing the Contents of EID-to-RLOC Mappings</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.6.2"> <li pn="section-toc.1-1.6.2.1"> <t indent="0" pn="section-toc.1-1.6.2.1.1"><xref derivedContent="6.1" format="counter" sectionFormat="of" target="section-6.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-solicit-map-request-smr">Solicit-Map-Request (SMR)</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.7"> <t indent="0" pn="section-toc.1-1.7.1"><xref derivedContent="7" format="counter" sectionFormat="of" target="section-7"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-routing-locator-reachabilit">Routing Locator Reachability</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.7.2"> <li pn="section-toc.1-1.7.2.1"> <t indent="0" pn="section-toc.1-1.7.2.1.1"><xref derivedContent="7.1" format="counter" sectionFormat="of" target="section-7.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-rloc-probing-algorithm">RLOC-Probing Algorithm</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.8"> <t indent="0" pn="section-toc.1-1.8.1"><xref derivedContent="8" format="counter" sectionFormat="of" target="section-8"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-interactions-with-other-lis">Interactions with Other LISP Components</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.8.2"> <li pn="section-toc.1-1.8.2.1"> <t indent="0" pn="section-toc.1-1.8.2.1.1"><xref derivedContent="8.1" format="counter" sectionFormat="of" target="section-8.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-itr-eid-to-rloc-mapping-res">ITR EID-to-RLOC Mapping Resolution</xref></t> </li> <li pn="section-toc.1-1.8.2.2"> <t indent="0" pn="section-toc.1-1.8.2.2.1"><xref derivedContent="8.2" format="counter" sectionFormat="of" target="section-8.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-eid-prefix-configuration-an">EID-Prefix Configuration and ETR Registration</xref></t> </li> <li pn="section-toc.1-1.8.2.3"> <t indent="0" pn="section-toc.1-1.8.2.3.1"><xref derivedContent="8.3" format="counter" sectionFormat="of" target="section-8.3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-server-processing">Map-Server Processing</xref></t> </li> <li pn="section-toc.1-1.8.2.4"> <t indent="0" pn="section-toc.1-1.8.2.4.1"><xref derivedContent="8.4" format="counter" sectionFormat="of" target="section-8.4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-map-resolver-processing">Map-Resolver Processing</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.8.2.4.2"> <li pn="section-toc.1-1.8.2.4.2.1"> <t indent="0" pn="section-toc.1-1.8.2.4.2.1.1"><xref derivedContent="8.4.1" format="counter" sectionFormat="of" target="section-8.4.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-anycast-operation">Anycast Operation</xref></t> </li> </ul> </li> </ul> </li> <li pn="section-toc.1-1.9"> <t indent="0" pn="section-toc.1-1.9.1"><xref derivedContent="9" format="counter" sectionFormat="of" target="section-9"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-security-considerations">Security Considerations</xref></t> </li> <li pn="section-toc.1-1.10"> <t indent="0" pn="section-toc.1-1.10.1"><xref derivedContent="10" format="counter" sectionFormat="of" target="section-10"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-privacy-considerations">Privacy Considerations</xref></t> </li> <li pn="section-toc.1-1.11"> <t indent="0" pn="section-toc.1-1.11.1"><xref derivedContent="11" format="counter" sectionFormat="of" target="section-11"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-changes-related-to-rfcs-683">Changes Related to RFCs 6830 and 6833</xref></t> </li> <li pn="section-toc.1-1.12"> <t indent="0" pn="section-toc.1-1.12.1"><xref derivedContent="12" format="counter" sectionFormat="of" target="section-12"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-iana-considerations">IANA Considerations</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.12.2"> <li pn="section-toc.1-1.12.2.1"> <t indent="0" pn="section-toc.1-1.12.2.1.1"><xref derivedContent="12.1" format="counter" sectionFormat="of" target="section-12.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-udp-port-numbers">LISP UDP Port Numbers</xref></t> </li> <li pn="section-toc.1-1.12.2.2"> <t indent="0" pn="section-toc.1-1.12.2.2.1"><xref derivedContent="12.2" format="counter" sectionFormat="of" target="section-12.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-packet-type-codes">LISP Packet Type Codes</xref></t> </li> <li pn="section-toc.1-1.12.2.3"> <t indent="0" pn="section-toc.1-1.12.2.3.1"><xref derivedContent="12.3" format="counter" sectionFormat="of" target="section-12.3"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-map-reply-eid-record-a">LISP Map-Reply EID-Record Action Codes</xref></t> </li> <li pn="section-toc.1-1.12.2.4"> <t indent="0" pn="section-toc.1-1.12.2.4.1"><xref derivedContent="12.4" format="counter" sectionFormat="of" target="section-12.4"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-address-type-codes">LISP Address Type Codes</xref></t> </li> <li pn="section-toc.1-1.12.2.5"> <t indent="0" pn="section-toc.1-1.12.2.5.1"><xref derivedContent="12.5" format="counter" sectionFormat="of" target="section-12.5"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-algorithm-id-numbers">LISP Algorithm ID Numbers</xref></t> </li> <li pn="section-toc.1-1.12.2.6"> <t indent="0" pn="section-toc.1-1.12.2.6.1"><xref derivedContent="12.6" format="counter" sectionFormat="of" target="section-12.6"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-lisp-bit-flags">LISP Bit Flags</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.13"> <t indent="0" pn="section-toc.1-1.13.1"><xref derivedContent="13" format="counter" sectionFormat="of" target="section-13"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-references">References</xref></t> <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1.13.2"> <li pn="section-toc.1-1.13.2.1"> <t indent="0" pn="section-toc.1-1.13.2.1.1"><xref derivedContent="13.1" format="counter" sectionFormat="of" target="section-13.1"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-normative-references">Normative References</xref></t> </li> <li pn="section-toc.1-1.13.2.2"> <t indent="0" pn="section-toc.1-1.13.2.2.1"><xref derivedContent="13.2" format="counter" sectionFormat="of" target="section-13.2"/>. <xref derivedContent="" format="title" sectionFormat="of" target="name-informative-references">Informative References</xref></t> </li> </ul> </li> <li pn="section-toc.1-1.14"> <t indent="0" pn="section-toc.1-1.14.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.a"/><xref derivedContent="" format="title" sectionFormat="of" target="name-acknowledgments">Acknowledgments</xref></t> </li> <li pn="section-toc.1-1.15"> <t indent="0" pn="section-toc.1-1.15.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.b"/><xref derivedContent="" format="title" sectionFormat="of" target="name-authors-addresses">Authors' Addresses</xref></t> </li> </ul> </section> </toc> </front> <middle> <sectiontitle="Introduction"> <t>Thenumbered="true" toc="include" removeInRFC="false" pn="section-1"> <name slugifiedName="name-introduction">Introduction</name> <t indent="0" pn="section-1-1">The Locator/ID Separation Protocol <xreftarget="I-D.ietf-lisp-rfc6830bis"/>target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/> (see also <xreftarget="I-D.ietf-lisp-introduction"/>)target="RFC9299" format="default" sectionFormat="of" derivedContent="RFC9299"/>) specifies an architecture and mechanism for dynamic tunneling by logically separating the addresses currently used by IP in two separatename spaces:namespaces: Endpoint IDs (EIDs), used within sites; and Routing Locators (RLOCs), used on the transit networks that make up the Internet infrastructure. To achieve this separation, LISP defines protocol mechanisms for mapping from EIDs to RLOCs. In addition, LISP assumes the existence of a database to store and propagate those mappings acrossmapping systemMapping System nodes. Several such databases have been proposed; among them are the Content distribution Overlay Network Service for LISP-NERD (a Not-so-novel EID-to-RLOC Database) <xref target="RFC6837"/>,format="default" sectionFormat="of" derivedContent="RFC6837"/>, LISP Alternative Logical Topology (LISP-ALT) <xref target="RFC6836"/>,format="default" sectionFormat="of" derivedContent="RFC6836"/>, and LISP Delegated Database Tree (LISP-DDT) <xreftarget="RFC8111"/>.</t> <t>target="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/>.</t> <t indent="0" pn="section-1-2"> The LISP Mapping Service defines two types of LISP-speaking devices: the Map-Resolver, which accepts Map-Requests from an Ingress Tunnel Router (ITR) and "resolves" the EID-to-RLOC mapping using a mapping database; and the Map-Server, which learns authoritative EID-to-RLOC mappings from an Egress Tunnel Router (ETR) and publishes them in a database.</t><t><t indent="0" pn="section-1-3"> This LISPControl-Planecontrol plane and Mapping Service can be used by many different encapsulation-based or translation-basedData-Planes which includedata planes, including butarenot limited tothe onesthose defined in LISPRFC 6830bis<xreftarget="I-D.ietf-lisp-rfc6830bis"/>, LISP-GPEtarget="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/>, the LISP Generic Protocol Extension (LISP-GPE) <xreftarget="I-D.ietf-lisp-gpe"/>, VXLANtarget="RFC9305" format="default" sectionFormat="of" derivedContent="RFC9305"/>, Virtual eXtensible Local Area Networks (VXLANs) <xref target="RFC7348"/>,format="default" sectionFormat="of" derivedContent="RFC7348"/>, VXLAN-GPE <xreftarget="I-D.ietf-nvo3-vxlan-gpe"/>,target="NVO3-VXLAN-GPE" format="default" sectionFormat="of" derivedContent="NVO3-VXLAN-GPE"/>, GRE <xreftarget="RFC2890"/>, GTP <xref target="GTP-3GPP"/>, ILAtarget="RFC2890" format="default" sectionFormat="of" derivedContent="RFC2890"/>, the GPRS Tunneling Protocol (GTP) <xreftarget="I-D.herbert-intarea-ila"/>,target="GTP-3GPP" format="default" sectionFormat="of" derivedContent="GTP-3GPP"/>, Identifier-Locator Addressing (ILA) <xref target="I-D.herbert-intarea-ila" format="default" sectionFormat="of" derivedContent="INTAREA-ILA"/>, and Segment Routing (SRv6) <xreftarget="RFC8402"/>.</t> <t>target="RFC8402" format="default" sectionFormat="of" derivedContent="RFC8402"/>.</t> <t indent="0" pn="section-1-4"> Conceptually, LISP Map-Servers share some of the same basic configuration and maintenance properties as Domain Name System (DNS) servers <xref target="RFC1035"/> servers;format="default" sectionFormat="of" derivedContent="RFC1035"/>; likewise, Map-Resolvers are conceptually similar to DNS caching resolvers. With this in mind, this specification borrows familiar terminology (resolver and server) from the DNS specifications.</t><t><t indent="0" pn="section-1-5"> Note that this document doesn't assume any particular database mapping infrastructure to illustrate certain aspects of Map-Server and Map-Resolveroperation.operations. The Mapping Service interface can (and likely will) be used by ITRs and ETRs to access other mapping database systems as the LISP infrastructure evolves.</t><t>LISP<t indent="0" pn="section-1-6">LISP is not intended to address problems of connectivity and scaling on behalf of arbitrary communicating parties. Relevant situations are described inthe scoping section of the introduction to<xreftarget="I-D.ietf-lisp-rfc6830bis"/>.</t> <t>Thistarget="RFC9300" sectionFormat="of" section="1.1" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9300#section-1.1" derivedContent="RFC9300"/>.</t> <t indent="0" pn="section-1-7">This document obsoletesRFC 6830<xref target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/> and6833.</t><xref target="RFC6833" format="default" sectionFormat="of" derivedContent="RFC6833"/>.</t> <sectiontitle="Scopeanchor="soa" numbered="true" toc="include" removeInRFC="false" pn="section-1.1"> <name slugifiedName="name-scope-of-applicability">Scope ofApplicability" anchor="soa"> <t>LISPApplicability</name> <t indent="0" pn="section-1.1-1">LISP was originally developed to address the Internet-wide route scaling problem <xreftarget="RFC4984"/>.target="RFC4984" format="default" sectionFormat="of" derivedContent="RFC4984"/>. While there are a number of approaches of interest for that problem, as LISPashas been developed and refined, a large number of otherLISPuses for LISP have been found and are beingused.implemented. As such, the design and development of LISPhashave changed so as to focus on these use cases. The common property of these uses is a large set of cooperating entities seeking to communicate over the public Internet or other large underlay IPinfrastructures,infrastructures while keeping the addressing and topology of the cooperating entities separate from the underlay and Internet topology, routing, and addressing.</t><t>When<t indent="0" pn="section-1.1-2">When communicating over the public Internet, deployersMUST<bcp14>MUST</bcp14> consider the following guidelines:</t><t><list style="numbers"> <t>LISP-SEC MUST<ol spacing="normal" type="1" indent="adaptive" start="1" pn="section-1.1-3"> <li pn="section-1.1-3.1" derivedCounter="1.">LISP Security (LISP-SEC) <bcp14>MUST</bcp14> be implemented <xreftarget="I-D.ietf-lisp-sec"/>.target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/>. This means that the S-bitMUST<bcp14>MUST</bcp14> be set in the Map-Reply (<xreftarget="MR-FORMAT"/>),target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>), Map-Register (<xreftarget="MAPREG"/>)target="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/>), and Encapsulated ControlmessagesMessages (ECMs) (<xreftarget="encap-mr"/>).</t> <t>Implementations SHOULDtarget="encap-mr" format="default" sectionFormat="of" derivedContent="Section 5.8"/>).</li> <li pn="section-1.1-3.2" derivedCounter="2.">Implementations <bcp14>SHOULD</bcp14> usethe'HMAC-SHA256-128+HKDF-SHA256' as the Algorithm ID (<xreftarget="KEYS"/>)target="KEYS" format="default" sectionFormat="of" derivedContent="Section 12.5"/>) in the Map-Register message (<xreftarget="MAPREG"/>),target="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/>) andMUST NOT<bcp14>MUST NOT</bcp14> use 'None' or 'HMAC-SHA-1-96-None' as the Algorithm ID (<xreftarget="KEYS"/>)target="KEYS" format="default" sectionFormat="of" derivedContent="Section 12.5"/>) in the Map-Register message (<xreftarget="MAPREG"/>)</t> </list></t>target="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/>).</li> </ol> </section> </section> <sectiontitle="Requirements Notation"> <t>Thenumbered="true" toc="include" removeInRFC="false" pn="section-2"> <name slugifiedName="name-requirements-notation">Requirements Notation</name> <t indent="0" pn="section-2-1"> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14 <xref target="RFC2119"/>BCP 14 <xreftarget="RFC8174"/>target="RFC2119" format="default" sectionFormat="of" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFormat="of" derivedContent="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectiontitle="Definition of Terms"> <t><list style="hanging"> <t hangText="Map-Server: ">Anumbered="true" toc="include" removeInRFC="false" pn="section-3"> <name slugifiedName="name-definitions-of-terms">Definitions of Terms</name> <dl newline="false" spacing="normal" indent="3" pn="section-3-1"> <dt pn="section-3-1.1">Map-Server: </dt> <dd pn="section-3-1.2">A network infrastructure component that learns of EID-Prefix mapping entries from an ETR, via the registration mechanism described below, or some other authoritative source if one exists. A Map-Server publishes these EID-Prefixes in a mappingdatabase.</t> <t hangText="Map-Request: ">A LISP Map-Request is a Control-Planedatabase.</dd> <dt pn="section-3-1.3">Map-Request: </dt> <dd pn="section-3-1.4">A control plane messageto querythat queries themapping systemMapping System to resolve an EID. A LISP Map-Request can also be sent to an RLOC to test for reachability and to exchange security keys between an encapsulator and a decapsulator. This type of Map-Request is also known as an RLOC-ProbeRequest.</t> <t hangText="Map-Reply: ">A LISP Map-Reply is a Control-PlaneRequest.</dd> <dt pn="section-3-1.5">Map-Reply: </dt> <dd pn="section-3-1.6">A control plane message returned in response to a Map-Request sent to themapping systemMapping System when resolving an EID. A LISP Map-Reply can also be returned by a decapsulator in response to a Map-Request sent by an encapsulator to test for reachability. This type of Map-Reply is known asaan RLOC-ProbeReply.</t> <t hangText="EncapsulatedReply.</dd> <dt pn="section-3-1.7">Encapsulated Map-Request:">A</dt> <dd pn="section-3-1.8">A LISP Map-Request carried within anEncapsulated Control Message (ECM), whichECM. This Map-Request has an additional LISP header prepended. Sent to UDP destination port 4342. The "outer" addresses are routable IP addresses, also known as RLOCs. Used by an ITR when sending to a Map-Resolver and by a Map-Server when forwarding a Map-Request to anETR.</t> <t hangText="Map-Resolver: ">AETR.</dd> <dt pn="section-3-1.9">Map-Resolver: </dt> <dd pn="section-3-1.10">A network infrastructure component that accepts LISP Encapsulated (ECM) Map-Requests, typically from an ITR, and determines whether or not the destination IP address is part of the EID namespace; if it is not, a Negative Map-Reply is returned. Otherwise, the Map-Resolver finds the appropriate EID-to-RLOC mapping by consulting a mapping databasesystem.</t> <t hangText="Negativesystem.</dd> <dt pn="section-3-1.11">Negative Map-Reply:">A</dt> <dd pn="section-3-1.12">A LISP Map-Reply that contains an empty Locator-Set. Returned in response to a Map-Request if the destination EID is not registered in themapping system,Mapping System, ispolicy deniedpolicy-denied, or failsauthentication.</t> <t hangText="Map-Registerauthentication.</dd> <dt pn="section-3-1.13">Map-Register message:">A</dt> <dd pn="section-3-1.14">A LISP message sent by an ETR to a Map-Server to register its associated EID-Prefixes. In addition to the set of EID-Prefixes to register, the message includes one or more RLOCs to reach ETR(s). The Map-Server uses these RLOCs when forwarding Map-Requests(re-formatted(reformatted as Encapsulated Map-Requests). An ETRMAY<bcp14>MAY</bcp14> request that the Map-Server answer Map-Requests on its behalf by setting the "proxy Map-Reply" flag (P-bit) in themessage.</t> <t hangText="Map-Notifymessage.</dd> <dt pn="section-3-1.15">Map-Notify message:">A</dt> <dd pn="section-3-1.16">A LISP message sent by a Map-Server to an ETR to confirm that a Map-Register has been received and processed. An ETR requests that a Map-Notify be returned by setting the "want-map-notify" flag (M-bit) in the Map-Register message. Unlike a Map-Reply, a Map-Notify uses UDP port 4342 for both source and destination. Map-Notify messages are also sent to ITRs by Map-Servers when there areRLOC-set changes.</t> </list></t> <t>ForRLOC-Set changes.</dd> </dl> <t indent="0" pn="section-3-2">For definitions of other terms, notably Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), and Re-encapsulating Tunnel Router (RTR), refer to the LISPData-Planedata plane specification <xreftarget="I-D.ietf-lisp-rfc6830bis" />.</t>target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/>.</t> </section> <sectiontitle="Basic Overview" anchor="OVERVIEW"> <t>anchor="OVERVIEW" numbered="true" toc="include" removeInRFC="false" pn="section-4"> <name slugifiedName="name-basic-overview">Basic Overview</name> <t indent="0" pn="section-4-1"> A Map-Server is a device that publishes EID-Prefixes in a LISP mapping database on behalf of a set of ETRs. When it receives aMap RequestMap-Request (typically originating from an ITR), it consults the mapping database to find an ETR that can answer with the set of RLOCs for an EID-Prefix. To publish its EID-Prefixes, an ETR periodically sends Map-Register messages to the Map-Server. A Map-Register message contains a list of EID-Prefixes plus a set of RLOCs that can be used to reach the ETRs.</t><t><t indent="0" pn="section-4-2"> When LISP-ALT <xreftarget="RFC6836"/>target="RFC6836" format="default" sectionFormat="of" derivedContent="RFC6836"/> is used as the mapping database, a Map-Server connects to the ALT network and acts as a "last-hop" ALT-Router. Intermediate ALT-Routers forward Map-Requests to the Map-Server that advertises a particular EID-Prefix, and the Map-Server forwards them to the owning ETR, which responds with Map-Reply messages.</t><t><t indent="0" pn="section-4-3"> When LISP-DDT <xreftarget="RFC8111"/>target="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/> is used as the mapping database, a Map-Server sends the final Map-Referral messages from the Delegated Database Tree.</t><t><t indent="0" pn="section-4-4"> A Map-Resolver receives Encapsulated Map-Requests from its client ITRs and uses a mapping database system to find the appropriate ETR to answer those requests. On a LISP-ALT network, a Map-Resolver acts as a "first-hop" ALT-Router. It has Generic Routing Encapsulation (GRE) tunnels configured to other ALT-Routers and uses BGP to learn paths to ETRs for different prefixes in the LISP-ALT database. The Map-Resolver uses this path information to forward Map-Requests over the ALT to the correct ETRs. On a LISP-DDT network <xreftarget="RFC8111"/>,target="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/>, a Map-Resolver maintains areferral-cachereferral cache and acts as a "first-hop"DDT-node.DDT node. The Map-Resolver uses the referral information to forward Map-Requests.</t><t><t indent="0" pn="section-4-5"> Note that while it is conceivable that a Map-Resolver could cache responses to improve performance, issues surrounding cache management would need to be resolved so that doing sowillwould be reliable and practical. In this specification, Map-Resolvers will operate only in a non-caching mode, decapsulating and forwarding EncapsulatedMap RequestsMap-Requests received from ITRs. Any specification of caching functionality is out of scope for this document.</t><t><t indent="0" pn="section-4-6"> Note that a single device can implement the functions of both a Map-Server and a Map-Resolver, and in manycasescases, the functions will be co-located in that way. Also, there can be ALT-only nodes and DDT-only nodes, when LISP-ALT and LISP-DDT are used, respectively,toconnecting Map-Resolvers and Map-Servers together to make up the Mapping System.</t><t><vspace blankLines='50' /></t></section> <sectiontitle="LISPanchor="lispcp" numbered="true" toc="include" removeInRFC="false" pn="section-5"> <name slugifiedName="name-lisp-ipv4-and-ipv6-control-">LISP IPv4 and IPv6Control-PlaneControl Plane PacketFormats" anchor="lispcp"> <t>TheFormats</name> <t indent="0" pn="section-5-1">The following UDP packet formats are used by the LISP control plane.</t> <figuretitle="IPv4align="left" suppress-title="false" pn="figure-1"> <name slugifiedName="name-ipv4-udp-lisp-control-messa">IPv4 UDP LISP ControlMessage"> <artwork><![CDATA[Message</name> <artwork name="" type="" align="left" alt="" pn="section-5-2.1"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol = 17 | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port | Dest Port | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | LISP Message | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork></artwork> </figure> <figuretitle="IPv6align="left" suppress-title="false" pn="figure-2"> <name slugifiedName="name-ipv6-udp-lisp-control-messa">IPv6 UDP LISP ControlMessage"> <artwork><![CDATA[Message</name> <artwork name="" type="" align="left" alt="" pn="section-5-3.1"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header=17| Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Routing Locator + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Routing Locator + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port | Dest Port | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | LISP Message | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork></artwork> </figure><t>When<t indent="0" pn="section-5-4">When a UDP Map-Request, Map-Register, or Map-Notify (when used as a notification message)areis sent, the UDP source port is chosen by the sender and the destination UDP port number is set to 4342. When a UDP Map-Reply, Map-Notify (when used as anacknowledgementacknowledgment to a Map-Register), or Map-Notify-Ackareis sent, the source UDP port number is set to 4342 and the destination UDP port number is copied from the source port of either the Map-Request or the invoking data packet. ImplementationsMUST<bcp14>MUST</bcp14> be prepared to accept packets when either the source port or destination UDP port is set to 4342 due to NATs changing port number values.</t><t>The<t indent="0" pn="section-5-5">The 'UDP Length' field will reflect the length of the UDP header and the LISP Message payload. LISP is expected to be deployed by cooperating entities communicating over underlays. Deployers are expected to set the MTU according to the specific deployment guidelines to prevent fragmentation of either the inner packet or the outer encapsulated packet. For deployments not aware of the underlay restrictions on the path MTU, the message sizeMUST<bcp14>MUST</bcp14> be limited to 576 bytes for IPv4 or 1280 bytes for IPv6-considering-- considering the entire IPpacket-packet -- as outlined in <xreftarget="RFC8085"/>.</t> <t>Thetarget="RFC8085" format="default" sectionFormat="of" derivedContent="RFC8085"/>.</t> <t indent="0" pn="section-5-6">The UDP checksum is computed and set to non-zero for all messages sent to or from port 4342. ItMUST<bcp14>MUST</bcp14> be checked on receipt, and if the checksum fails, the control messageMUST<bcp14>MUST</bcp14> be dropped <xreftarget="RFC1071"/>.</t> <t>Thetarget="RFC1071" format="default" sectionFormat="of" derivedContent="RFC1071"/>.</t> <t indent="0" pn="section-5-7">The format of control messages includes the UDP header so the checksum and length fields can be used to protect and delimit message boundaries.</t><t><vspace blankLines='50' /></t><sectiontitle="LISPnumbered="true" toc="include" removeInRFC="false" pn="section-5.1"> <name slugifiedName="name-lisp-control-packet-type-al">LISP Control Packet TypeAllocations"> <t>ThisAllocations</name> <t indent="0" pn="section-5.1-1">This section defines the LISP control message formats and summarizes for IANA the LISP Type codes assigned by this document. For completeness, the summary below includes the LISP Shared Extension Message assigned by <xreftarget="I-D.ietf-lisp-rfc8113bis"/>.target="RFC9304" format="default" sectionFormat="of" derivedContent="RFC9304"/>. Message type definitions are:</t><figure> <artwork><![CDATA[ Reserved: 0 b'0000' LISP Map-Request: 1 b'0001' LISP Map-Reply: 2 b'0010' LISP Map-Register: 3 b'0011' LISP Map-Notify: 4 b'0100' LISP Map-Notify-Ack: 5 b'0101' LISP Map-Referral: 6 b'0110' Unassigned 7 b'0111' LISP<table align="center" pn="table-1"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Message</th> <th align="left" colspan="1" rowspan="1">Code</th> <th align="left" colspan="1" rowspan="1">Codepoint</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">Reserved</td> <td align="left" colspan="1" rowspan="1">0</td> <td align="left" colspan="1" rowspan="1">b'0000'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Request</td> <td align="left" colspan="1" rowspan="1">1</td> <td align="left" colspan="1" rowspan="1">b'0001'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Reply</td> <td align="left" colspan="1" rowspan="1">2</td> <td align="left" colspan="1" rowspan="1">b'0010'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Register</td> <td align="left" colspan="1" rowspan="1">3</td> <td align="left" colspan="1" rowspan="1">b'0011'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Notify</td> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">b'0100'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Notify-Ack</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">b'0101'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP DDT Map-Referral</td> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">b'0110'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">Unassigned</td> <td align="left" colspan="1" rowspan="1">7</td> <td align="left" colspan="1" rowspan="1">b'0111'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Encapsulated ControlMessage: 8 b'1000' Unassigned 9-14 b'1001'- b'1110' LISPMessage</td> <td align="left" colspan="1" rowspan="1">8</td> <td align="left" colspan="1" rowspan="1">b'1000'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">Unassigned</td> <td align="left" colspan="1" rowspan="1">9-14</td> <td align="left" colspan="1" rowspan="1">b'1001'- b'1110'</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">LISP Shared ExtensionMessage: 15 b'1111' ]]></artwork> </figure> <t>ProtocolMessage</td> <td align="left" colspan="1" rowspan="1">15</td> <td align="left" colspan="1" rowspan="1">b'1111'</td> </tr> </tbody> </table> <t indent="0" pn="section-5.1-3">Protocol designers experimenting with new message formats are recommended to use the LISP Shared Extension Message Type described in <xreftarget="I-D.ietf-lisp-rfc8113bis"/>.</t> <t>Alltarget="RFC9304" format="default" sectionFormat="of" derivedContent="RFC9304"/>.</t> <t indent="0" pn="section-5.1-4">All LISPControl-Planecontrol plane messages use Address Family Identifiers(AFI)(AFIs) <xreftarget="AFI"/>target="AFN" format="default" sectionFormat="of" derivedContent="AFN"/> or LISP Canonical Address Format (LCAF) entries <xreftarget="RFC8060"/> formatstarget="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/> to encode eitherfixedfixed-length orvariable lengthvariable-length addresses. This includes explicit fields in each control message or part ofEID-recordsEID-Records orRLOC-recordsRLOC-Records in commonly formatted messages. LISPcontrol-planecontrol plane messages that include an unrecognized AFIMUST<bcp14>MUST</bcp14> bedroppeddropped, and the eventMUST<bcp14>MUST</bcp14> be logged.</t><t>The<t indent="0" pn="section-5.1-5">The LISPcontrol-planecontrol plane describes how otherdata-planesdata planes can encode messages to support theSolicitingsoliciting of Map-Requests as well asRLOC-probingRLOC-Probing procedures.</t><t><vspace blankLines='50' /></t></section> <sectiontitle="Map-Requestanchor="NONCE" numbered="true" toc="include" removeInRFC="false" pn="section-5.2"> <name slugifiedName="name-map-request-message-format">Map-Request MessageFormat" anchor="NONCE"> <figure> <artwork><![CDATA[Format</name> <artwork name="" type="" align="left" alt="" pn="section-5.2-1"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=1 |A|M|P|S|p|s|R|R| Rsvd |L|D| IRC | Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source-EID-AFI | Source EID Address ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ITR-RLOC-AFI 1 | ITR-RLOC Address 1 ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ITR-RLOC-AFI n | ITR-RLOC Address n ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Reserved | EID mask-len | EID-Prefix-AFI | Rec +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | EID-Prefix ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Map-Reply Record ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t>Packet</artwork> <t indent="0" pn="section-5.2-2">Packet field descriptions:</t><t><list style="hanging"> <t hangText="Type: ">1 (Map-Request)</t> <t hangText="A:"> This<dl newline="false" spacing="normal" indent="3" pn="section-5.2-3"> <dt pn="section-5.2-3.1">Type: </dt> <dd pn="section-5.2-3.2">1 (Map-Request)</dd> <dt pn="section-5.2-3.3">A:</dt> <dd pn="section-5.2-3.4">This is an authoritativebit, itbit. It is set to 1 when an ITR wants the destination site to return the Map-Reply rather than the mapping database system returning aMap-Reply,Map-Reply and is set to 0otherwise.</t> <t hangText="M:"> Thisotherwise.</dd> <dt pn="section-5.2-3.5">M:</dt> <dd pn="section-5.2-3.6">This is the map-data-present bit. When set, it indicates that a Map-Reply Record segment is included in theMap-Request.</t> <t hangText="P:"> ThisMap-Request.</dd> <dt pn="section-5.2-3.7">P:</dt> <dd pn="section-5.2-3.8">This is the probe-bit, which indicates that a Map-RequestMUST<bcp14>MUST</bcp14> be treated as a Locator reachability probe. The receiverMUST<bcp14>MUST</bcp14> respond with a Map-Reply with the probe-bit set, indicating that the Map-Reply is a Locator reachability probe reply, with the nonce copied from the Map-Request. SeeRLOC-Probing <xref target="rloc-probe"/>"<xref target="rloc-probe" format="title" sectionFormat="of" derivedContent="RLOC-Probing Algorithm"/>" (<xref target="rloc-probe" format="default" sectionFormat="of" derivedContent="Section 7.1"/>) for more details. ThisRLOC-probeRLOC-Probe Map-RequestMUST NOT<bcp14>MUST NOT</bcp14> be sent to themapping system.Mapping System. If a Map-Resolver or Map-Server receives a Map-Request with the probe-bit set, itMUST<bcp14>MUST</bcp14> drop themessage.</t> <t hangText="S:">message.</dd> <dt pn="section-5.2-3.9">S:</dt> <dd pn="section-5.2-3.10"> This is the Solicit-Map-Request (SMR) bit. SeeSolicit-Map-Request (SMRs) <xref target="SMR"/> for details.</t> <t hangText="p:">"<xref target="SMR" format="title" sectionFormat="of" derivedContent="Solicit-Map-Request (SMR)"/>" (<xref target="SMR" format="default" sectionFormat="of" derivedContent="Section 6.1"/>) for details.</dd> <dt pn="section-5.2-3.11">p:</dt> <dd pn="section-5.2-3.12"> This is thePITRProxy Ingress Tunnel Router (PITR) bit. This bit is set to 1 when a PITR sends a Map-Request. The use of this bit isdeployment-specific.</t> <t hangText="s:">deployment specific.</dd> <dt pn="section-5.2-3.13">s:</dt> <dd pn="section-5.2-3.14"> This is the SMR-invoked bit. This bit is set to 1 when an xTR is sending a Map-Request in response to a received SMR-basedMap-Request.</t> <t hangText="R:">ThisMap-Request.</dd> <dt pn="section-5.2-3.15">R:</dt> <dd pn="section-5.2-3.16">This reserved and unassigned bitMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t hangText="Rsvd:">Thisreceipt.</dd> <dt pn="section-5.2-3.17">Rsvd:</dt> <dd pn="section-5.2-3.18">This fieldMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t hangText="L:">receipt.</dd> <dt pn="section-5.2-3.19">L:</dt> <dd pn="section-5.2-3.20"> This is the local-xtr bit. It is used by an xTR in a LISP site to tell other xTRs in the same site that it is part of theRLOC-setRLOC-Set for the LISP site. The L-bit is set to 1 when the RLOC is the sender's IPaddress.</t> <t hangText="D:">address.</dd> <dt pn="section-5.2-3.21">D:</dt> <dd pn="section-5.2-3.22"> This is the dont-map-reply bit. It is used in the SMR procedure described in <xreftarget="SMR"/>.target="SMR" format="default" sectionFormat="of" derivedContent="Section 6.1"/>. When an xTR sends an SMR message, it doesn't need a Map-Reply returned. When this bit is set, the receiver of the Map-Request does not return aMap-Reply.</t> <t hangText="IRC:">Map-Reply.</dd> <dt pn="section-5.2-3.23">IRC:</dt> <dd pn="section-5.2-3.24"> This 5-bit field is the ITR-RLOC Count, which encodes the additional number of ('ITR-RLOC-AFI', 'ITR-RLOC Address') fields present in this message. At least one (ITR-RLOC-AFI,ITR-RLOC-Address)ITR-RLOC Address) pairMUST<bcp14>MUST</bcp14> be encoded. Multiple 'ITR-RLOC Address' fields are used, so a Map-Replier can select which destination address to use for a Map-Reply. The IRC value ranges from 0 to 31. For a value of 0, there is 1 ITR-RLOC address encoded; for a value of 1, there are 2 ITR-RLOC addresses encoded, and so on up to 31, which encodes a total of 32 ITR-RLOCaddresses.</t> <t hangText="Record Count:">addresses.</dd> <dt pn="section-5.2-3.25">Record Count:</dt> <dd pn="section-5.2-3.26"> This is the number of records in this Map-Request message. A record is comprised of the portion of the packet that is labeled 'Rec' above and occurs the number of times equal to Record Count. For this version of the protocol, a receiverMUST<bcp14>MUST</bcp14> accept and process Map-Requests that contain one or more records, but a senderMUST<bcp14>MUST</bcp14> only send Map-Requests containing onerecord.</t> <t hangText="Nonce:">record.</dd> <dt pn="section-5.2-3.27">Nonce:</dt> <dd pn="section-5.2-3.28"> This is an 8-octet random value created by the sender of the Map-Request. This nonce will be returned in the Map-Reply. The nonce is used as an index to identify the corresponding Map-Request when a Map-Reply message is received. The nonceMUST<bcp14>MUST</bcp14> be generated by a properly seeded pseudo-randomsource,source; for example, seeas an example<xref target="RFC4086"/>.</t> <t hangText="Source-EID-AFI:">format="default" sectionFormat="of" derivedContent="RFC4086"/>.</dd> <dt pn="section-5.2-3.29">Source-EID-AFI:</dt> <dd pn="section-5.2-3.30"> This is the address family of the 'Source EID Address'field.</t> <t hangText="Sourcefield.</dd> <dt pn="section-5.2-3.31">Source EIDAddress:">Address:</dt> <dd pn="section-5.2-3.32"> This is the EID of the source host that originated the packet that caused the Map-Request. When Map-Requests are used for refreshing a Map-Cache entry or for RLOC-Probing, an AFI value of 0 isusedused, and this field is of zerolength.</t> <t hangText="ITR-RLOC-AFI:">length.</dd> <dt pn="section-5.2-3.33">ITR-RLOC-AFI:</dt> <dd pn="section-5.2-3.34"> This is the address family of the 'ITR-RLOC Address' field that follows thisfield.</t> <t hangText="ITR-RLOC Address:">field.</dd> <dt pn="section-5.2-3.35">ITR-RLOC Address:</dt> <dd pn="section-5.2-3.36"> This is used to give the ETR the option of selecting the destination address from any address family for the Map-Reply message. This addressMUST<bcp14>MUST</bcp14> be a routable RLOC address of the sender of the Map-Requestmessage.</t> <t hangText="EID mask-len:">message.</dd> <dt pn="section-5.2-3.37">EID mask-len:</dt> <dd pn="section-5.2-3.38"> This is the mask length for theEID-Prefix.</t> <t hangText="EID-Prefix-AFI:">EID-Prefix.</dd> <dt pn="section-5.2-3.39">EID-Prefix-AFI:</dt> <dd pn="section-5.2-3.40"> This is the address family of the EID-Prefix according to <xreftarget="AFI" />target="AFN" format="default" sectionFormat="of" derivedContent="AFN"/> and <xreftarget="RFC8060"/>.</t> <t hangText="EID-Prefix:">target="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/>.</dd> <dt pn="section-5.2-3.41">EID-Prefix:</dt> <dd pn="section-5.2-3.42"> This prefix address length is 4 octets for an IPv4 address family and 16 octets for an IPv6 address family when the EID-Prefix-AFI is 1 or 2, respectively. For other AFIs <xreftarget="AFI"/>,target="AFN" format="default" sectionFormat="of" derivedContent="AFN"/>, the address lengthvariesvaries, and for the LCAFAFIAFI, the format is defined in <xreftarget="RFC8060"/>.target="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/>. When a Map-Request is sent by an ITR because a data packet is received for a destination where there is no mapping entry, the EID-Prefix is set to the destination IP address of the data packet, and the 'EID mask-len' field is set to 32 or 128 for IPv4 or IPv6, respectively. When an xTR wants to query a site about the status of a mapping it already has cached, the EID-Prefix used in the Map-Request has the samemask-lengthmask length as the EID-Prefix returned from the site when it sent a Map-Replymessage.</t> <t hangText="Map-Reply Record:">message.</dd> <dt pn="section-5.2-3.43">Map-Reply Record:</dt> <dd pn="section-5.2-3.44"> When the M-bit is set, this field is the size of a single "Record" in the Map-Reply format. This Map-Reply record contains the EID-to-RLOC mapping entry associated with theSourcesource EID. This allows the ETR that will receive this Map-Request to cache the data if it chooses to do so. It is important to note that this mapping has not been validated by the MappingSystem.</t> </list></t>System.</dd> </dl> </section> <sectiontitle="EID-to-RLOCanchor="MAPREQ" numbered="true" toc="include" removeInRFC="false" pn="section-5.3"> <name slugifiedName="name-eid-to-rloc-udp-map-request">EID-to-RLOC UDP Map-RequestMessage" anchor="MAPREQ"> <t>AMessage</name> <t indent="0" pn="section-5.3-1">A Map-Request is sent from an ITR when it needs a mapping for an EID, wants to test an RLOC for reachability, or wants to refresh a mapping beforeTTLTime to Live (TTL) expiration. For the initial case, the destination IP address used for the Map-Request is the data packet's destination address (i.e., the destination EID) that had a mapping cache lookup failure. For the latter two cases, the destination IP address used for the Map-Request is one of the RLOC addresses from the Locator-Set of the Map-Cache entry. The source address is either an IPv4 or IPv6 RLOC address, depending on whether the Map-Request is using an IPv4 or IPv6 header, respectively. In all cases, the UDP source port number for the Map-Request message is a 16-bit value selected by the ITR/PITR, and the UDP destination port number is set to the well-known destination port number 4342. A successful Map-Reply, which is one that has a nonce that matches an outstanding Map-Request nonce, will update the cached set of RLOCs associated with the EID-Prefix range.</t><t>One<t indent="0" pn="section-5.3-2">One or more Map-Request ('ITR-RLOC-AFI','ITR-RLOC-Address')'ITR-RLOC Address') fieldsMUST<bcp14>MUST</bcp14> be filled in by the ITR. The number of fields (minus 1) encodedMUST<bcp14>MUST</bcp14> be placed in the 'IRC' field. The ITRMAY<bcp14>MAY</bcp14> include all locally configured Locators in this list or just provide onelocator addressRouting Locator Address from each address family it supports. If the ITR erroneously provides no ITR-RLOC addresses, the Map-ReplierMUST<bcp14>MUST</bcp14> drop the Map-Request.</t><t>Map-Requests<t indent="0" pn="section-5.3-3">Map-Requests can also be LISP encapsulated using UDP destinationport 4342port 4342 with a LISP Type value set to "Encapsulated Control Message", when sent from an ITR to a Map-Resolver. Likewise, Map-Requests are LISP encapsulated the same way from a Map-Server to an ETR. Details on Encapsulated Map-Requests and Map-Resolvers can be found in <xref target="encap-mr"/>.</t> <t>Map-Requests MUSTformat="default" sectionFormat="of" derivedContent="Section 5.8"/>.</t> <t indent="0" pn="section-5.3-4">Map-Requests <bcp14>MUST</bcp14> berate-limitedrate limited to 1 per second perEID-prefix.EID-Prefix. After 10 retransmits without receiving the correspondingMap-ReplyMap-Reply, the senderMUST<bcp14>MUST</bcp14> wait 30 seconds.</t><t>An<t indent="0" pn="section-5.3-5">An ITR that is configured with mapping database information (i.e., it is also an ETR)MAY<bcp14>MAY</bcp14> optionally include those mappings in a Map-Request. When an ETR configured to accept and verify such "piggybacked" mapping data receives such a Map-Request and it does not have this mapping in the Map-Cache, itMUST<bcp14>MUST</bcp14> originate a "verifying Map-Request" through the mapping database to validatethgethe "piggybacked" mapping data.</t><t><vspace blankLines='50' /></t></section> <sectiontitle="Map-Replyanchor="MR-FORMAT" numbered="true" toc="include" removeInRFC="false" pn="section-5.4"> <name slugifiedName="name-map-reply-message-format">Map-Reply MessageFormat" anchor="MR-FORMAT"> <figure> <artwork><![CDATA[Format</name> <artwork name="" type="" align="left" alt="" pn="section-5.4-1"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=2 |P|E|S| Reserved | Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce |+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Record TTL | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R | Locator Count | EID mask-len | ACT |A| Reserved | e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c | Rsvd | Map-Version Number | EID-Prefix-AFI | o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ r | EID-Prefix | d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | /| Priority | Weight | M Priority | M Weight | | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | o | Unused Flags |L|p|R| Loc-AFI | | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | \| Locator |+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t>Packet</artwork> <t indent="0" pn="section-5.4-2">Packet field descriptions:</t><t><list style="hanging"> <t hangText="Type: ">2 (Map-Reply)</t> <t hangText="P:"><dl newline="false" spacing="normal" indent="3" pn="section-5.4-3"> <dt pn="section-5.4-3.1">Type: </dt> <dd pn="section-5.4-3.2">2 (Map-Reply)</dd> <dt pn="section-5.4-3.3">P:</dt> <dd pn="section-5.4-3.4"> This is the probe-bit, which indicates that the Map-Reply is in response to a Locator reachability probe Map-Request. The 'Nonce' field must contain a copy of the nonce value from the original Map-Request. SeeRLOC-probing <xref target="rloc-probe"/>"<xref target="rloc-probe" format="title" sectionFormat="of" derivedContent="RLOC-Probing Algorithm"/>" (<xref target="rloc-probe" format="default" sectionFormat="of" derivedContent="Section 7.1"/>) for more details. When the probe-bit is set to 1 in a Map-Reply message, the A-bit in eachEID-recordEID-Record included in the messageMUST<bcp14>MUST</bcp14> be set to1, otherwise MUST1; otherwise, it <bcp14>MUST</bcp14> be silentlydiscarded.</t> <t hangText="E:">discarded.</dd> <dt pn="section-5.4-3.5">E:</dt> <dd pn="section-5.4-3.6"> This bit indicates that the ETR that sends this Map-Reply message is advertising that the site is enabled for the Echo-Nonce Locator reachability algorithm. SeeEcho-NonceSection <xref target="RFC9300" section="10.1" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9300#section-10.1" derivedContent="RFC9300">"Echo-Nonce Algorithm"</xref> of <xreftarget="I-D.ietf-lisp-rfc6830bis" />target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/> for moredetails.</t> <t hangText="S:">details.</dd> <dt pn="section-5.4-3.7">S:</dt> <dd pn="section-5.4-3.8"> This is the Security bit. When set to 1, the following authentication information will be appended to the end of the Map-Reply.The detailsDetails can be found in <xreftarget="I-D.ietf-lisp-sec"/>.</t> </list></t> <figure> <artwork><![CDATA[target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/>.</dd> </dl> <artwork name="" type="" align="left" alt="" pn="section-5.4-4"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AD Type | Authentication Data Content . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t><list style="hanging"> <t hangText="Reserved:"></artwork> <dl newline="false" spacing="normal" indent="3" pn="section-5.4-5"> <dt pn="section-5.4-5.1">Reserved:</dt> <dd pn="section-5.4-5.2"> This unassigned fieldMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t hangText="Record Count:">receipt.</dd> <dt pn="section-5.4-5.3">Record Count:</dt> <dd pn="section-5.4-5.4"> This is the number of records in this reply message. A record is comprised of that portion of the packet labeled 'Record' above and occurs the number of times equal to Record Count. Note that the reply count can be larger than the requested count, forinstanceinstance, whenmore-specificsmore-specific prefixes arepresent.</t> <t hangText="Nonce:">present.</dd> <dt pn="section-5.4-5.5">Nonce:</dt> <dd pn="section-5.4-5.6"> This 64-bit value from the Map-Request is echoed in this 'Nonce' field of theMap-Reply.</t> <t hangText="Record TTL:">Map-Reply.</dd> <dt pn="section-5.4-5.7">Record TTL:</dt> <dd pn="section-5.4-5.8"> This is the time in minutes the recipient of the Map-Reply can store the mapping. If the TTL is 0, the entryMUST<bcp14>MUST</bcp14> be removed from the cache immediately. If the value is 0xffffffff, the recipient can decide locally how long to store themapping.</t> <t hangText="Locator Count:">mapping.</dd> <dt pn="section-5.4-5.9">Locator Count:</dt> <dd pn="section-5.4-5.10"> This is the number of Locator entries in the given Record. A Locator entry comprises what is labeled above as'Loc'.'Loc'. The Locator count can be 0, indicating that there are no Locators for theEID-Prefix.</t> <t hangText="EID mask-len:">EID-Prefix.</dd> <dt pn="section-5.4-5.11">EID mask-len:</dt> <dd pn="section-5.4-5.12"> This is the mask length for theEID-Prefix.</t>EID-Prefix.</dd> <dt pn="section-5.4-5.13">ACT:</dt> <dd pn="section-5.4-5.14"> <thangText="ACT:"> Thisindent="0" pn="section-5.4-5.14.1">This 3-bit field describes Negative Map-Reply actions. In any other message type, these bits are set to 0 and ignored on receipt. These bits are used only when the 'Locator Count' field is set to 0. The action bits are encoded only in Map-Reply messages. They are used to tell an ITR or PITR whyaan emptylocator-setLocator-Set was returned from themapping systemMapping System and how it stores themap-cacheMap-Cache entry. See <xreftarget="act-iana"/>target="act-iana" format="default" sectionFormat="of" derivedContent="Section 12.3"/> for additional information.</t><t><list style="hanging" hangIndent="4"> <t hangText="(0) No-Action:">The<dl newline="false" spacing="normal" indent="4" pn="section-5.4-5.14.2"> <dt pn="section-5.4-5.14.2.1">(0) No-Action:</dt> <dd pn="section-5.4-5.14.2.2">The Map-Cache is kept alive, and no packet encapsulationoccurs.</t> <t hangText="(1) Natively-Forward:">Theoccurs.</dd> <dt pn="section-5.4-5.14.2.3">(1) Natively-Forward:</dt> <dd pn="section-5.4-5.14.2.4">The packet is not encapsulated or dropped but nativelyforwarded.</t> <t hangText="(2) Send-Map-Request:">Theforwarded.</dd> <dt pn="section-5.4-5.14.2.5">(2) Send-Map-Request:</dt> <dd pn="section-5.4-5.14.2.6">The Map-Cache entry is created and flagged so that any packet matching this entry invokes sending aMap-Request.</t> <t hangText="(3) Drop/No-Reason:">AMap-Request.</dd> <dt pn="section-5.4-5.14.2.7">(3) Drop/No-Reason:</dt> <dd pn="section-5.4-5.14.2.8">A packet that matches this Map-Cache entry is dropped. An ICMP Destination Unreachable messageSHOULD<bcp14>SHOULD</bcp14> besent.</t> <t hangText="(4) Drop/Policy-Denied:">Asent.</dd> <dt pn="section-5.4-5.14.2.9">(4) Drop/Policy-Denied:</dt> <dd pn="section-5.4-5.14.2.10">A packet that matches this Map-Cache entry is dropped. The reason for the Drop action is that a Map-Request for thetarget-EIDtarget EID is beingpolicy deniedpolicy-denied by either an xTR or themapping system.</t> <t hangText="(5) Drop/Authentication-Failure:">AMapping System.</dd> <dt pn="section-5.4-5.14.2.11">(5) Drop/Auth-Failure:</dt> <dd pn="section-5.4-5.14.2.12">A packet that matches this Map-Cache entry is dropped. The reason for the Drop action is that a Map-Request for thetarget-EIDtarget EID fails an authenticationverification-checkverification check by either an xTR or themapping system.</t> </list></t> <t hangText="A:">Mapping System.</dd> </dl> </dd> <dt pn="section-5.4-5.15">A:</dt> <dd pn="section-5.4-5.16"> The Authoritative bitMAY<bcp14>MAY</bcp14> only be set to 1 by an ETR. A Map-Server generating Map-Reply messages as a proxyMUST NOT<bcp14>MUST NOT</bcp14> set the A-bit to 1. This bit indicates to the requesting ITRs if the Map-Reply was originated by a LISP node managed at the site that owns theEID-Prefix.</t> <t hangText="Map-Version Number:">EID-Prefix.</dd> <dt pn="section-5.4-5.17">Map-Version Number:</dt> <dd pn="section-5.4-5.18"> When this 12-bit valueis non-zero, thein an EID-Record of a Map-Replysendermessage isinforming the ITR what the version numbernon-zero, see <xref target="RFC9302" format="default" sectionFormat="of" derivedContent="RFC9302"/> for details.</dd> <dt pn="section-5.4-5.19">EID-Prefix-AFI:</dt> <dd pn="section-5.4-5.20">This isfortheEID record contained in the Map-Reply. The ETR can allocate this number internally but MUST coordinate this value with other ETRs for the site. When this value is 0, there is no versioning information conveyed. The Map-Version Number can be included in Map-Request and Map-Register messages. See Map-Versioning <xref target="I-D.ietf-lisp-6834bis" /> for more details.</t> <t hangText="EID-Prefix-AFI:"> Addressaddress family of the EID-Prefix according to <xreftarget="AFI" />target="AFN" format="default" sectionFormat="of" derivedContent="AFN"/> and <xreftarget="RFC8060"/>.</t> <t hangText="EID-Prefix:">target="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/>.</dd> <dt pn="section-5.4-5.21">EID-Prefix:</dt> <dd pn="section-5.4-5.22"> This prefix is 4 octets for an IPv4 address family and 16 octets for an IPv6 addressfamily.</t> <t hangText="Priority:">family.</dd> <dt pn="section-5.4-5.23">Priority:</dt> <dd pn="section-5.4-5.24"> Each RLOC is assigned a unicast Priority. Lower values aremorepreferable. When multiple RLOCs have the same Priority, they may be used in a load-split fashion. A value of 255 means the RLOCMUST NOT<bcp14>MUST NOT</bcp14> be used for unicastforwarding.</t> <t hangText="Weight:">forwarding.</dd> <dt pn="section-5.4-5.25">Weight:</dt> <dd pn="section-5.4-5.26"> When priorities are the same for multiple RLOCs, the Weight indicates how to balance unicast traffic between them. Weight is encoded as a relative weight of total unicast packets that match the mapping entry. For example, if there are 4 Locators in a Locator-Set, where the Weights assigned are 30, 20, 20, and 10, the first Locator will get 37.5% of the traffic, the2ndsecond and3rdthird Locators will each get 25% of the traffic, and the4thfourth Locator will get 12.5% of the traffic. If all Weights for a Locator-Set are equal, the receiver of the Map-Reply will decide how to load-split the traffic. SeeRLOC-hashingSection <xref target="RFC9300" section="12" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9300#section-12" derivedContent="RFC9300">"Routing Locator Hashing"</xref> of <xreftarget="I-D.ietf-lisp-rfc6830bis" />target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/> for a suggested hash algorithm to distribute the load across Locators with the same Priority and equal Weightvalues.</t> <t hangText="M Priority:">values.</dd> <dt pn="section-5.4-5.27">M Priority:</dt> <dd pn="section-5.4-5.28"> Each RLOC is assigned a multicast Priority used by an ETR in a receiver multicast site to select an ITR in a source multicast site for building multicast distribution trees. A value of 255 means the RLOCMUST NOT<bcp14>MUST NOT</bcp14> be used for joining a multicast distribution tree. For more details, see <xref target="RFC6831"/>.</t> <t hangText="M Weight:">Whenformat="default" sectionFormat="of" derivedContent="RFC6831"/>.</dd> <dt pn="section-5.4-5.29">M Weight:</dt> <dd pn="section-5.4-5.30">When priorities are the same for multiple RLOCs, the Weight indicates how to balance building multicast distribution trees across multiple ITRs. The Weight is encoded as a relative weight (similar to the unicast Weights) of the total number of trees built to the source site identified by the EID-Prefix. If all Weights for a Locator-Set are equal, the receiver of the Map-Reply will decide how to distribute multicast state across ITRs. For more details, see <xref target="RFC6831"/>.</t> <t hangText="Unused Flags:">Theseformat="default" sectionFormat="of" derivedContent="RFC6831"/>.</dd> <dt pn="section-5.4-5.31">Unused Flags:</dt> <dd pn="section-5.4-5.32">These are set to 0 when sending and ignored onreceipt.</t> <t hangText="L:">Whenreceipt.</dd> <dt pn="section-5.4-5.33">L:</dt> <dd pn="section-5.4-5.34">When this bit is set, the Locator is flagged as a local Locator to the ETR that is sending the Map-Reply. When a Map-Server is doing proxy Map-Replying for a LISP site, the L-bit is set to 0 for all Locators in thisLocator-Set.</t> <t hangText="p:">WhenLocator-Set.</dd> <dt pn="section-5.4-5.35">p:</dt> <dd pn="section-5.4-5.36">When this bit is set, an ETR informs the RLOC-Probing ITR that thelocator addressRouting Locator Address for which this bit is set is the one beingRLOC-probedRLOC-Probed and may be different from the source address of the Map-Reply. An ITR thatRLOC-probesRLOC-Probes a particular LocatorMUST<bcp14>MUST</bcp14> use this Locator for retrieving the data structure used to store the fact that the Locator is reachable. The p-bit is set for a single Locator in the same Locator-Set. If an implementation sets more than one p-bit erroneously, the receiver of the Map-ReplyMUST<bcp14>MUST</bcp14> select the first set p-bit Locator. The p-bitMUST NOT<bcp14>MUST NOT</bcp14> be set for Locator-Set records sent in Map-Request and Map-Registermessages.</t> <t hangText="R:">Thismessages.</dd> <dt pn="section-5.4-5.37">R:</dt> <dd pn="section-5.4-5.38">This is set when the sender of a Map-Reply has a route to the Locator in the Locator data record. This receiver may find this useful to know if the Locator is up but not necessarily reachable from the receiver's point ofview.</t> <t hangText="Locator:">Thisview.</dd> <dt pn="section-5.4-5.39">Locator:</dt> <dd pn="section-5.4-5.40">This is an IPv4 or IPv6 address (as encoded by the 'Loc-AFI' field) assigned to an ETR and used by an ITR as a destination RLOC address in the outer header of a LISP encapsulated packet. Note that the destination RLOC address of a LISP encapsulated packetMAY<bcp14>MAY</bcp14> be an anycast address. A source RLOC of a LISP encapsulated packet can be an anycast address as well. The source or destination RLOCMUST NOT<bcp14>MUST NOT</bcp14> be the broadcast address (255.255.255.255 or any subnet broadcast address known to the router) andMUST NOT<bcp14>MUST NOT</bcp14> be a link-local multicast address. The source RLOCMUST NOT<bcp14>MUST NOT</bcp14> be a multicast address. The destination RLOCSHOULD<bcp14>SHOULD</bcp14> be a multicast address if it is being mapped from a multicast destinationEID.</t> </list></t> <t>Map-Reply MUSTEID.</dd> </dl> <t indent="0" pn="section-5.4-6">Map-Replies <bcp14>MUST</bcp14> berate-limited, itrate limited. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that a Map-Reply for the same destination RLOC be sent to no more than onepackets perpacket every 3 seconds.</t><t>The<t indent="0" pn="section-5.4-7">The Record format, as defined here, is used both in the Map-Reply and Map-Registermessages,messages; this includes all the field definitions. </t> </section> <sectiontitle="EID-to-RLOCanchor="MR" numbered="true" toc="include" removeInRFC="false" pn="section-5.5"> <name slugifiedName="name-eid-to-rloc-udp-map-reply-m">EID-to-RLOC UDP Map-ReplyMessage" anchor="MR"> <t>AMessage</name> <t indent="0" pn="section-5.5-1">A Map-Reply returns an EID-Prefix with amask-lengthmask length that is less than or equal to the EID being requested. The EID being requested is either from the destination field of an IP header of a Data-Probe or the EID of a record of a Map-Request. The RLOCs in the Map-Reply are routable IP addresses of all ETRs for the LISP site. Each RLOC conveys status reachability but does not convey path reachability from a requester's perspective. Separate testing of path reachability is required. SeeRLOC-reachability <xref"<xref target="rloc-probe"/>format="title" sectionFormat="of" derivedContent="RLOC-Probing Algorithm"/>" (<xref target="rloc-probe" format="default" sectionFormat="of" derivedContent="Section 7.1"/>) for details.</t><t>Note<t indent="0" pn="section-5.5-2">Note that a Map-ReplyMAY<bcp14>MAY</bcp14> contain different EID-Prefix granularity (prefix +mask-length)mask length) than the Map-Request that triggers it. This might occur if a Map-Request were for a prefix that had been returned by an earlier Map-Reply. In such a case, the requester updates its cache with the new prefix information and granularity. For example, a requester with two cached EID-Prefixes that are covered by a Map-Reply containing one less-specific prefix replaces the entry with the less-specific EID-Prefix. Note that the reverse, replacement of one less-specific prefix with multiple more-specific prefixes, can also occur, not by removing the less-specific prefix but rather by adding the more-specific prefixes that, during a lookup, will override the less-specific prefix.</t><t>When<t indent="0" pn="section-5.5-3">When an EID moves out of a LISP site <xreftarget="I-D.ietf-lisp-eid-mobility"/>,target="EID-MOBILITY" format="default" sectionFormat="of" derivedContent="EID-MOBILITY"/>, the databasemapping systemMapping System may have overlappingEID-prefixes.EID-Prefixes. Or when a LISP site is configured with multiple sets of ETRs that support differentEID-prefix mask-lengths,EID-Prefix mask lengths, the databasemapping systemMapping System may have overlappingEID-prefixes.EID-Prefixes. When overlappingEID-prefixesEID-Prefixes exist, a Map-Request with an EID that best matches any EID-PrefixMUST<bcp14>MUST</bcp14> be returned in a single Map-Reply message. For instance, if an ETR had database mapping entries for EID-Prefixes:</t><figure> <artwork><![CDATA[<artwork name="" type="" align="left" alt="" pn="section-5.5-4"> 2001:db8::/32 2001:db8:1::/48 2001:db8:1:1::/64 2001:db8:1:2::/64]]></artwork></figure> <t>A</artwork> <t indent="0" pn="section-5.5-5">A Map-Request for EID 2001:db8:1:1::1 would cause a Map-Reply with a record count of 1 to be returned with a mapping record EID-Prefix of 2001:db8:1:1::/64.</t><t>A<t indent="0" pn="section-5.5-6">A Map-Request for EID 2001:db8:1:5::5 would cause a Map-Reply with a record count of 3 to be returned with mapping records for EID-Prefixes 2001:db8:1::/48, 2001:db8:1:1::/64, and 2001:db8:1:2::/64, filling out the /48 withmore-specificsmore-specific prefixes that exist in themapping system.</t> <t>NoteMapping System.</t> <t indent="0" pn="section-5.5-7">Note that not all overlapping EID-Prefixes need to be returned but only the more-specific entries (notethatin the second example above that 2001:db8::/32 was not returned for requesting EID 2001:db8:1:5::5) for the matching EID-Prefix of the requesting EID. When more than one EID-Prefix is returned, allSHOULD<bcp14>SHOULD</bcp14> use the sameTime to LiveTTL value so they can all time out at the same time. When a more-specific EID-Prefix is received later, itsTime to LiveTTL value in the Map-Reply record can be stored even when other less-specific entries exist. When a less-specific EID-Prefix is received later, its Map-Cache expiration timeSHOULD<bcp14>SHOULD</bcp14> be set to the minimum expiration time of any more-specific EID-Prefix in the Map-Cache. This is done so the integrity of the EID-Prefix set is wholly maintained and so no more-specific entries are removed from the Map-Cache while keeping less-specific entries.</t><t>For<t indent="0" pn="section-5.5-8">For scalability, it is expected that aggregation of EID addresses into EID-Prefixes will allow one Map-Reply to satisfy a mapping for the EID addresses in the prefix range, thereby reducing the number of Map-Request messages.</t><t>Map-Reply<t indent="0" pn="section-5.5-9">Map-Reply records can have an empty Locator-Set. A Negative Map-Reply is a Map-Reply with an empty Locator-Set. Negative Map-Replies convey special actions by the Map-Reply sender to the ITR or PITR that have solicited the Map-Reply. There are two primary applications for Negative Map-Replies. The first is for a Map-Resolver to instruct an ITR or PITR when a destination is for a LISP site versus a non-LISP site, and the other is to source quench Map-Requests that are sent for non-allocated EIDs.</t><t>For<t indent="0" pn="section-5.5-10">For each Map-Reply record, the list of Locators in a Locator-SetMUST<bcp14>MUST</bcp14> be sorted in order of ascending IP address where an IPv4locator addressRouting Locator Address is considered numerically'less than'"less than" an IPv6locator address.</t> <t>WhenRouting Locator Address.</t> <t indent="0" pn="section-5.5-11">When sending a Map-Reply message, the destination address is copied from one of the 'ITR-RLOC' fields from the Map-Request. The ETR can choose alocator addressRouting Locator Address from one of the address families it supports. For Data-Probes, the destination address of the Map-Reply is copied from the source address of the Data-Probe message that is invoking the reply. The source address of the Map-Reply is one of the chosen local IPaddresses chosen, to allowaddresses; this allows Unicast Reverse Path Forwarding (uRPF) checks to succeed in the upstream service provider. The destination port of a Map-Reply message is copied from the source port of the Map-Request or Data-Probe, and the source port of the Map-Reply message is set to the well-known UDP port 4342.</t><t><vspace blankLines='50' /></t></section> <sectiontitle="Map-Registeranchor="MAPREG" numbered="true" toc="include" removeInRFC="false" pn="section-5.6"> <name slugifiedName="name-map-register-message-format">Map-Register MessageFormat" anchor="MAPREG"> <t>ThisFormat</name> <t indent="0" pn="section-5.6-1">This section specifies the encoding format for the Map-Register message. The message is sent in UDP with a destination UDP port of 4342 and a randomly selected UDP source port number.</t><t>The<t indent="0" pn="section-5.6-2">The fields below are used in multiple control messages. They are defined for Map-Register,Map-NotifyMap-Notify, and Map-Notify-Ack message types.</t><t>The<t indent="0" pn="section-5.6-3">The Map-Register message format is:</t><figure> <artwork><![CDATA[<artwork name="" type="" align="left" alt="" pn="section-5.6-4"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=3 |P|S|I| Reserved |E|T|a|R|M| Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ID | Algorithm ID | Authentication Data Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Authentication Data ~+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Record TTL | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R | Locator Count | EID mask-len | ACT |A| Reserved | e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c | Rsvd | Map-Version Number | EID-Prefix-AFI | o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ r | EID-Prefix | d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | /| Priority | Weight | M Priority | M Weight | | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | o | Unused Flags |L|p|R| Loc-AFI | | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | \| Locator |+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t>Packet</artwork> <t indent="0" pn="section-5.6-5">Packet field descriptions:</t><t><list style="hanging"> <t hangText="Type: ">3 (Map-Register)</t> <t hangText="P:">This<dl newline="false" spacing="normal" indent="3" pn="section-5.6-6"> <dt pn="section-5.6-6.1">Type: </dt> <dd pn="section-5.6-6.2">3 (Map-Register)</dd> <dt pn="section-5.6-6.3">P:</dt> <dd pn="section-5.6-6.4">This is the proxy Map-Reply bit. When set to 1, the ETR sending the Map-Register message is requesting the Map-Server to proxy a Map-Reply. The Map-Server will send non-authoritative Map-Replies on behalf of theETR.</t> <t hangText="S:">ThisETR.</dd> <dt pn="section-5.6-6.5">S:</dt> <dd pn="section-5.6-6.6">This is the security-capable bit. When set, the procedures from <xreftarget="I-D.ietf-lisp-sec"/> are supported.</t> <t hangText="I:">Thistarget="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/> are supported.</dd> <dt pn="section-5.6-6.7">I:</dt> <dd pn="section-5.6-6.8">This is the ID-present bit. This bit is set to 1 to indicate that a128 bit xTR-ID128-bit 'xTR-ID' field and a64 bit Site-ID fields64-bit 'Site-ID' field are present at the end of the Map-Register message. If an xTR is configured with an xTR-ID and Site-ID, itMUST<bcp14>MUST</bcp14> set theI bitI-bit to 1 and include its xTR-ID and Site-ID in the Map-Register messages it generates. The combination of Site-ID plus xTR-ID uniquely identifies an xTR in a LISP domain and serves to track its last seennonce.</t> <t hangText="Reserved:">Thisnonce.</dd> <dt pn="section-5.6-6.9">Reserved:</dt> <dd pn="section-5.6-6.10">This unassigned fieldMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t hangText="E:">Thisreceipt.</dd> <dt pn="section-5.6-6.11">E:</dt> <dd pn="section-5.6-6.12">This is the Map-Register EID-notify bit. This is used by aFirst-Hop-Router (FHR) whichFirst-Hop Router that discovers adynamic-EID.dynamic EID. ThisEID-notify basedEID-notify-based Map-Register is sent by theFHRFirst-Hop Router to a same site xTR thatpropogatespropagates the Map-Register to themapping system.Mapping System. The site xTR keeps state to later Map-Notify theFHRFirst-Hop Router after the EID hasmovesmoved away. See <xreftarget="I-D.ietf-lisp-eid-mobility"/>target="EID-MOBILITY" format="default" sectionFormat="of" derivedContent="EID-MOBILITY"/> for a detaileduse-case.</t> <t hangText="T:">Thisuse case.</dd> <dt pn="section-5.6-6.13">T:</dt> <dd pn="section-5.6-6.14">This is theuse-TTLuse TTL for timeout bit. When set to 1, the xTR wants the Map-Server to time out registrations based on the value in the"Record TTL"'Record TTL' field of this message. Otherwise, the default timeout described in <xreftarget="reg"/> is used.</t> <t hangText="a:">Thistarget="reg" format="default" sectionFormat="of" derivedContent="Section 8.2"/> is used.</dd> <dt pn="section-5.6-6.15">a:</dt> <dd pn="section-5.6-6.16">This is the merge-request bit. When set to 1, the xTR requests to mergeRLOC-recordsRLOC-Records from different xTRs registering the sameEID-record.EID-Record. Seesignal-free multicastSignal-Free Multicast <xreftarget="RFC8378"/>target="RFC8378" format="default" sectionFormat="of" derivedContent="RFC8378"/> for oneuse case example.</t> <t hangText="R:">Thisuse-case example.</dd> <dt pn="section-5.6-6.17">R:</dt> <dd pn="section-5.6-6.18">This reserved and unassigned bitMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t hangText="M:">Thisreceipt.</dd> <dt pn="section-5.6-6.19">M:</dt> <dd pn="section-5.6-6.20">This is the want-map-notify bit. When set to 1, an ETR is requesting a Map-Notify message to be returned in response to sending a Map-Register message. The Map-Notify message sent by a Map-Server is used to acknowledge receipt of a Map-Registermessage.</t> <t hangText="Record Count:">message.</dd> <dt pn="section-5.6-6.21">Record Count:</dt> <dd pn="section-5.6-6.22"> This is the number of records in this Map-Register message. A record is comprised of that portion of the packet labeled 'Record' above and occurs the number of times equal to RecordCount.</t> <t hangText="Nonce:">Count.</dd> <dt pn="section-5.6-6.23">Nonce:</dt> <dd pn="section-5.6-6.24"> This 8-octet 'Nonce' field is incremented each time a Map-Register message is sent. When a Map-Registeracknowledgementacknowledgment is requested, the nonce is returned by Map-Servers in Map-Notify messages. Since the entire Map-Register message is authenticated, the 'Nonce' field serves to protect against Map-Register replay attacks. An ETR that registers to themapping system SHOULDMapping System <bcp14>SHOULD</bcp14> store the last nonce sent in persistentstoragestorage, so when itrestartsrestarts, it can continue using an incrementing nonce. If the ETR cannot support saving the nonce, then when itrestartsrestarts, itMUST<bcp14>MUST</bcp14> use a new authentication key to register to themapping system.Mapping System. A Map-ServerMUST<bcp14>MUST</bcp14> track and save in persistent storage the last nonce received for each ETR xTR-ID and key pair. If a Map-Register is received with a nonce value that is not greater than the saved nonce, itMUST<bcp14>MUST</bcp14> drop the Map-Register message andSHOULD<bcp14>SHOULD</bcp14> log the fact that a replay attack could haveoccurred.</t> <t hangText="Key ID:"> Aoccurred.</dd> <dt pn="section-5.6-6.25">Key ID:</dt> <dd pn="section-5.6-6.26">This is a key-id value that identifies a pre-shared secret between an ETR and a Map-Server. Per-message keys are derived from the pre-shared secret to authenticate the origin and protect the integrity of the Map-Register. The Key ID allowsto rotaterotating between multiple pre-shared secrets in anon disruptivenondisruptive way. The pre-shared secretMUST<bcp14>MUST</bcp14> be unique per each LISP"Site-ID" </t> <t hangText="Algorithm ID:">Site-ID.</dd> <dt pn="section-5.6-6.27">Algorithm ID:</dt> <dd pn="section-5.6-6.28"> This field identifies the Key Derivation Function (KDF) and Message Authentication Code (MAC) algorithms used to derive the key and to compute the Authentication Data of a Map-Register. This 8-bit field identifies the KDF and MAC algorithm pair. See <xref target="KEYS"/>format="default" sectionFormat="of" derivedContent="Section 12.5"/> for codepointassignments.</t> <t hangText="Authenticationassignments.</dd> <dt pn="section-5.6-6.29">Authentication DataLength:">Length:</dt> <dd pn="section-5.6-6.30"> This is the length in octets of the 'Authentication Data' field that follows this field. The length of the 'Authentication Data' field is dependent on the MAC algorithm used. The length field allows a device that doesn't know the MAC algorithm to correctly parse thepacket.</t>packet.</dd> <dt pn="section-5.6-6.31">Authentication Data:</dt> <dd pn="section-5.6-6.32"> <thangText="Authentication Data:">Thisindent="0" pn="section-5.6-6.32.1">This is the output of the MAC algorithm placed in this field after the MAC computation. The MAC output is computed as follows:</t><t><list style="hanging" hangIndent="4"> <t hangText="1:">The<ol spacing="normal" type="1" indent="adaptive" start="1" pn="section-5.6-6.32.2"> <li pn="section-5.6-6.32.2.1" derivedCounter="1.">The KDF algorithm is identified by thefield'Algorithm ID' field according to the table in <xreftarget="KEYS"/>.target="KEYS" format="default" sectionFormat="of" derivedContent="Section 12.5"/>. Implementations of this specificationMUST<bcp14>MUST</bcp14> implement HMAC-SHA-256-128 <xreftarget="RFC4868"/>target="RFC4868" format="default" sectionFormat="of" derivedContent="RFC4868"/> andSHOULD<bcp14>SHOULD</bcp14> implement HMAC-SHA-256-128+HKDF-SHA256 <xreftarget="RFC5869"/> .</t> <t hangText="2:">Thetarget="RFC5869" format="default" sectionFormat="of" derivedContent="RFC5869"/>.</li> <li pn="section-5.6-6.32.2.2" derivedCounter="2.">The MAC algorithm is identified by thefield'Algorithm ID' field according to the table in <xref target="KEYS"/>.</t> <t hangText="3:">Theformat="default" sectionFormat="of" derivedContent="Section 12.5"/>.</li> <li pn="section-5.6-6.32.2.3" derivedCounter="3.">The pre-shared secret used to derive the per-message key is represented by PSK[Key ID], thatisis, the pre-shared secret identified by the'Key ID'.</t> <t hangText="4:">TheKey ID.</li> <li pn="section-5.6-6.32.2.4" derivedCounter="4.">The derived per-message key is computed as: per-msg-key=KDF(nonce+PSK[Key ID],s). Where the nonce is the value in theNonce'Nonce' field of the Map-Register,'+'"+" denotes concatenation and's'"s" (the salt) is a string that corresponds to the message type being authenticated. For Map-Register messages, it is equal to "Map-Register Authentication". Similarly, for Map-Notify and Map-Notify-Ack messages, it is "Map-Notify Authentication" and "Map-Notify-Ack Authentication", respectively. For those Algorithm IDs defined in <xreftarget="KEYS"/>target="KEYS" format="default" sectionFormat="of" derivedContent="Section 12.5"/> that specify a 'none' KDF, the per-message key is computed as: per-msg-key = PSK[Key ID]. This means that the same key is used across multiple protocolmessages.</t> <t hangText="5:">Themessages.</li> <li pn="section-5.6-6.32.2.5" derivedCounter="5.">The MAC output is computed using the MAC algorithm and the per-msg-key over the entire Map-Register payload (from and including the LISP message type field through the end of the lastRLOC record)RLOC-Record) with the authenticated data field preset to0.</t> </list></t> </list></t> <t>The0.</li> </ol> </dd> </dl> <t indent="0" pn="section-5.6-7">The definition of the rest of the Map-Register can be found inEID-recordthe EID-Record description in <xreftarget="MR-FORMAT"/>.target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>. When the I-bit is set, the following fields are added to the end of the Map-Register message:</t><t><list style="hanging"> <t hangText="xTR-ID:">xTR-ID<dl newline="false" spacing="normal" indent="3" pn="section-5.6-8"> <dt pn="section-5.6-8.1">xTR-ID:</dt> <dd pn="section-5.6-8.2">'xTR-ID' is a128 bit128-bit field at the end of the Map-Register message, starting after the final Record in the message. The xTR-ID is used to uniquely identifyaan xTR. The same xTR-ID valueMUST NOT<bcp14>MUST NOT</bcp14> be used in two different xTRs in the scope of theSite-ID.</t> <t hangText="Site-ID:">Site-IDSite-ID.</dd> <dt pn="section-5.6-8.3">Site-ID:</dt> <dd pn="section-5.6-8.4">'Site-ID' is a64 bit64-bit field at the end of theMap- RegisterMap-Register message, following the xTR-ID. The Site-ID is used to uniquely identify to which site the xTR that sent the message belongs. This document does not specify a strict meaning for theSite-ID'Site-ID' field.InformallyInformally, it provides an indication that a group of xTRs have somerelation,relationship, either administratively,topologicallytopologically, orotherwise.</t> </list></t> <t><vspace blankLines='50' /></t>otherwise.</dd> </dl> </section> <sectiontitle="Map-Notify/Map-Notify-Ackanchor="MAP-NOTIF-MAP-NOTIF-ACK" numbered="true" toc="include" removeInRFC="false" pn="section-5.7"> <name slugifiedName="name-map-notify-and-map-notify-a">Map-Notify and Map-Notify-Ack MessageFormat"> <t>ThisFormats</name> <t indent="0" pn="section-5.7-1">This section specifies the encoding format for the Map-Notify and Map-Notify-Ack messages. The messages are sent inside a UDP packet with source and destination UDP ports equal to 4342.</t><t>The<t indent="0" pn="section-5.7-2">The Map-Notify and Map-Notify-Ack message formats are:</t><figure> <artwork><![CDATA[<artwork name="" type="" align="left" alt="" pn="section-5.7-3"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=4/5| Reserved | Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . . . Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ID | Algorithm ID | Authentication Data Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Authentication Data ~+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Record TTL | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R | Locator Count | EID mask-len | ACT |A| Reserved | e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c | Rsvd | Map-Version Number | EID-Prefix-AFI | o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ r | EID-Prefix | d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | /| Priority | Weight | M Priority | M Weight | | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | o | Unused Flags |L|p|R| Loc-AFI | | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | \| Locator |+->+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t>Packet</artwork> <t indent="0" pn="section-5.7-4">Packet field descriptions:</t><t><list style="hanging"><dl newline="false" spacing="normal" indent="3" pn="section-5.7-5"> <dt pn="section-5.7-5.1">Type: </dt> <dd pn="section-5.7-5.2">4/5 (Map-Notify/Map-Notify-Ack)</dd> </dl> <thangText="Type: ">4/5 (Map-Notify/Map-Notify-Ack)</t> </list></t> <t>Theindent="0" pn="section-5.7-6">The Map-Notify message has the same contents as a Map-Register message. Seethe Map-Register section"<xref target="MAPREG" format="title" sectionFormat="of" derivedContent="Map-Register Message Format"/>" (<xref target="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/>) for field descriptions andthe Map-Reply section"<xref target="MR-FORMAT" format="title" sectionFormat="of" derivedContent="Map-Reply Message Format"/>" (<xref target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>) forEID-recordEID-Record andRLOC-recordRLOC-Record descriptions.</t><t>The<t indent="0" pn="section-5.7-7">The fields of the Map-Notify are copied from the corresponding Map-Register to acknowledge its correct processing. In theMap-Notfiy,Map-Notify, the 'Authentication Data' field is recomputed using the corresponding per-message key and according to the procedure defined in the previous section. The Map-Notify message can alsoused, outside the scope of this specification,be used in an unsolicitedmanner, such asmanner. This topic isspecified inout of scope for this document. See <xreftarget="I-D.ietf-lisp-pubsub"/>.</t> <t>Aftertarget="I-D.ietf-lisp-pubsub" format="default" sectionFormat="of" derivedContent="LISP-PUBSUB"/> for details.</t> <t indent="0" pn="section-5.7-8">After sending a Map-Register, if a Map-Notify is not received after 1secondsecond, the transmitterMUST re-transmit<bcp14>MUST</bcp14> retransmit the original Map-Register with an exponential backoff (base of 2, that is, the next backoff timeout interval isdoubled),doubled); the maximum backoff is 1 minute. Map-Notify messages are only transmitted upon the reception of a Map-Register with the M-bitset,set; Map-Notify messages are not retransmitted. The onlyexeptionexception to this is for unsolicited Map-Notifymessages,messages; see below.</t><t>A<t indent="0" pn="section-5.7-9">A Map-Server sends an unsolicited Map-Notify message (one that is not used as an acknowledgment to a Map-Register message) only in conformance withthe CongestionSection <xref target="RFC8085" section="3.1" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8085#section-3.1" derivedContent="RFC8085">"Congestion ControlAnd Relability Guideline sectionsGuidelines"</xref> of <xreftarget="RFC8085"/>.target="RFC8085" format="default" sectionFormat="of" derivedContent="RFC8085"/> and Section <xref target="RFC8085" section="3.3" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc8085#section-3.3" derivedContent="RFC8085">"Reliability Guidelines"</xref> of <xref target="RFC8085" format="default" sectionFormat="of" derivedContent="RFC8085"/>. A Map-Notify is retransmitted until a Map-Notify-Ack is received by the Map-Server with the same nonce used in the Map-Notify message. An implementationSHOULD<bcp14>SHOULD</bcp14> retransmit up to 3 times at3 second3-second retransmission intervals, after which time the retransmission interval is exponentiallybacked-offbacked off (base of 2, that is, the next backoff timeout interval is doubled) for another 3 retransmission attempts. Map-Notify-Ack messages are only transmitted upon the reception of an unsolicitedMap-Notify,Map-Notify; Map-Notify-Ack messages are not retransmitted.</t><t>The<t indent="0" pn="section-5.7-10">The Map-Notify-Ack message has the same contents as a Map-Notify message. It is used to acknowledge the receipt of an unsolicited Map-Notify and, once thethe authentication dataAuthentication Data is validated, allowsforthe sender to stop retransmitting a Map-Notify with the same nonce andthe authentication data validates.(validated) Authentication Data. The fields of the Map-Notify-Ack are copied from the corresponding Map-Notify message to acknowledge its correct processing. The 'Authentication Data' field is recomputed using the corresponding per-message key and according to the procedure defined in the previous section.</t><t>Upon<t indent="0" pn="section-5.7-11">Upon reception of a Map-Register,Map-NotifyMap-Notify, orMap-Notifiy-Ack,Map-Notify-Ack, the receiver verifies theauthentication data.Authentication Data. If theauthentication dataAuthentication Data fails to validate, the message is dropped without further processing.</t><t><vspace blankLines='50' /></t></section> <sectiontitle="Encapsulatedanchor="encap-mr" numbered="true" toc="include" removeInRFC="false" pn="section-5.8"> <name slugifiedName="name-encapsulated-control-messag">Encapsulated Control MessageFormat" anchor="encap-mr"> <t>AnFormat</name> <t indent="0" pn="section-5.8-1">An Encapsulated Control Message (ECM) is used to encapsulate control packets sent between xTRs and the mapping database system or internal to the mapping database system.</t><figure> <artwork><![CDATA[<artwork name="" type="" align="left" alt="" pn="section-5.8-2"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | IPv4 or IPv6 Header | OH | (uses RLOC addresses) | \ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4342 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LISP |Type=8 |S|D|R|R| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | IPv4 or IPv6 Header | IH | (uses RLOC or EID addresses) | \ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = yyyy | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LCM | LISP Control Message | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t>Packet</artwork> <t indent="0" pn="section-5.8-3">Packet header descriptions:</t><t><list style="hanging" hangIndent="6"> <t hangText="OH:">The<dl newline="false" spacing="normal" indent="6" pn="section-5.8-4"> <dt pn="section-5.8-4.1">OH:</dt> <dd pn="section-5.8-4.2">This is the outer IPv4 or IPv6 header, which uses RLOC addresses in the source and destination header addressfields.</t> <t hangText="UDP:">Thefields.</dd> <dt pn="section-5.8-4.3">UDP:</dt> <dd pn="section-5.8-4.4">This is the outer UDP header with destination port 4342. The source port is randomly allocated. The checksum fieldMUST<bcp14>MUST</bcp14> benon-zero.</t> <t hangText="LISP:">Typenon-zero.</dd> <dt pn="section-5.8-4.5">LISP:</dt> <dd pn="section-5.8-4.6">Type 8 is defined to be a "LISP Encapsulated Control Message", and what follows is either an IPv4 or IPv6headerheader, as encoded by the first 4 bits after the 'Reserved' field, or theAuthentication Data'Authentication Data' field <xreftarget="I-D.ietf-lisp-sec"/>target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/> if the S-bit (see below) isset.</t> <t hangText="Type: ">8set.</dd> <dt pn="section-5.8-4.7">Type: </dt> <dd pn="section-5.8-4.8">8 (Encapsulated Control Message(ECM))</t> <t hangText="S:">This(ECM))</dd> <dt pn="section-5.8-4.9">S:</dt> <dd pn="section-5.8-4.10">This is the Security bit. When set to 1, the field following the 'Reserved' field will have the following Authentication Data format and follow the procedures from <xreftarget="I-D.ietf-lisp-sec"/>.</t> </list></t> <figure> <artwork><![CDATA[target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/>.</dd> </dl> <artwork name="" type="" align="left" alt="" pn="section-5.8-5"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AD Type | Authentication Data Content . . . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t><list style="hanging" hangIndent="6"> <t hangText="D:">This</artwork> <dl newline="false" spacing="normal" indent="6" pn="section-5.8-6"> <dt pn="section-5.8-6.1">D:</dt> <dd pn="section-5.8-6.2">This is the DDT-bit. When set to 1, the sender is requesting a Map-Referral message to be returned.The details ofDetails regarding this procedure are described in <xreftarget="RFC8111"/>.</t> <t hangText="R:">Thistarget="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/>.</dd> <dt pn="section-5.8-6.3">R:</dt> <dd pn="section-5.8-6.4">This reserved and unassigned bitMUST<bcp14>MUST</bcp14> be set to 0 on transmit andMUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> </list></t> <t><list style="hanging" hangIndent="6"> <t hangText="IH:">Thereceipt.</dd> </dl> <dl newline="false" spacing="normal" indent="6" pn="section-5.8-7"> <dt pn="section-5.8-7.1">IH:</dt> <dd pn="section-5.8-7.2">This is the inner IPv4 or IPv6 header, which can use either RLOC or EID addresses in the header address fields. When a Map-Request is encapsulated in this packet format, the destination address in this header is anEID.</t> <t hangText="UDP:">TheEID.</dd> <dt pn="section-5.8-7.3">UDP:</dt> <dd pn="section-5.8-7.4">This is the inner UDP header, where the port assignments depend on the control packet being encapsulated. When the control packet is a Map-Request or Map-Register, the source port is selected by the ITR/PITR and the destination port is 4342. When the control packet is a Map-Reply, the source port is 4342 and the destination port is assigned from the source port of the invoking Map-Request. Port number 4341MUST NOT<bcp14>MUST NOT</bcp14> be assigned to either port. The checksum fieldMUST<bcp14>MUST</bcp14> benon-zero.</t> <t hangText="LCM:">Thenon-zero.</dd> <dt pn="section-5.8-7.5">LCM:</dt> <dd pn="section-5.8-7.6">The format is one of the control message formats described in <xreftarget="lispcp"/>.target="lispcp" format="default" sectionFormat="of" derivedContent="Section 5"/>. Map-Request messages are allowed to beControl-Planecontrol plane (ECM) encapsulated. When Map-Requests are sent for RLOC-Probing purposes(i.e.(i.e., the probe-bit is set), theyMUST NOT<bcp14>MUST NOT</bcp14> be sent inside Encapsulated Control Messages. PIM Join/Prune messages <xref target="RFC6831"/>format="default" sectionFormat="of" derivedContent="RFC6831"/> are also allowed to beControl-Planecontrol plane (ECM)encapsulated.</t> </list></t> <t><vspace blankLines='50' /></t>encapsulated.</dd> </dl> </section> </section> <sectiontitle="Changingnumbered="true" toc="include" removeInRFC="false" pn="section-6"> <name slugifiedName="name-changing-the-contents-of-ei">Changing the Contents of EID-to-RLOCMappings"> <t>InMappings</name> <t indent="0" pn="section-6-1">In the LISParchitecturearchitecture, ITRs/PITRs use a local Map-Cache to store EID-to-RLOC mappings for forwarding. When an ETR updates amappingmapping, a mechanism is required to inform ITRs/PITRs that are using such mappings.</t><t>The<t indent="0" pn="section-6-2">The LISPData-Planedata plane defines severalmechanismmechanisms to update mappings <xreftarget="I-D.ietf-lisp-rfc6830bis" />.target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/>. This document specifies theSolicit-Map RequestSolicit-Map-Request (SMR), aControl-Planecontrol plane push-based mechanism. An additionalControl-Planecontrol plane mechanism based on thePublish/subscribePublish/Subscribe paradigm is specified in <xreftarget="I-D.ietf-lisp-pubsub"/>.</t>target="I-D.ietf-lisp-pubsub" format="default" sectionFormat="of" derivedContent="LISP-PUBSUB"/>.</t> <sectiontitle="Solicit-Map-Request (SMR)" anchor="SMR"> <t>Solicitinganchor="SMR" numbered="true" toc="include" removeInRFC="false" pn="section-6.1"> <name slugifiedName="name-solicit-map-request-smr">Solicit-Map-Request (SMR)</name> <t indent="0" pn="section-6.1-1">Soliciting a Map-Request is a selective way for ETRs, at the site where mappings change, to control the rate they receive requests for Map-Reply messages. SMRs are also used to tell remote ITRs to update the mappings they have cached.</t><t>Since<t indent="0" pn="section-6.1-2">Since ETRs are not required to keep track of remote ITRs that have cached their mappings, they do not know which ITRs need to have their mappings updated. As a result, an ETR will solicit Map-Requests to those sites to which it has been sending LISP encapsulated data packets for the lastminute. As a result,minute, and when an ETR is also acting as an ITR, it will send an SMR to an ITR to which it has recently sent encapsulated data.</t><t>An<t indent="0" pn="section-6.1-3">An SMR message is simply a bit set in a Map-Request message. An ITR or PITR will send a Map-Request (SMR-invoked Map-Request) whenthey receiveit receives an SMR message. While the SMR message is sent through thedata-plane,data plane, the SMR-invoked Map-RequestMUST<bcp14>MUST</bcp14> be sent through the Mapping System (not directly).</t><t>Both<t indent="0" pn="section-6.1-4">Both the SMR sender and the SMR responderMUST rate-limit<bcp14>MUST</bcp14> rate limit these messages. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that the SMR senderrate-limitsrate limit a Map-Request for the same destination RLOC to no more than one packetperevery 3 seconds. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that the SMR responderrate-limitsrate limit a Map-Request for the same EID-Prefix to no more than onceperevery 3 seconds.</t><t>When<t indent="0" pn="section-6.1-5">When an ITR receives an SMR message for which it does not have a cached mapping for the EID in the SMR message, itSHOULD NOT<bcp14>SHOULD NOT</bcp14> send an SMR-invoked Map-Request. This scenario can occur when an ETR sends SMR messages to all Locators in the Locator-Set it has stored in its Map-Cache but the remote ITRs that receive the SMR may not be sending packets to the site. There is no point in updating the ITRs until they need to send, in which case they will send Map-Requests to obtain a Map-Cache entry.</t> </section> </section> <sectiontitle="Routingnumbered="true" toc="include" removeInRFC="false" pn="section-7"> <name slugifiedName="name-routing-locator-reachabilit">Routing LocatorReachability"> <t>ThisReachability</name> <t indent="0" pn="section-7-1">This document defines severalControl-Planecontrol plane mechanisms for determining RLOC reachability. Please note that additionalData-Planedata plane reachability mechanisms are defined in <xreftarget="I-D.ietf-lisp-rfc6830bis" />.</t> <t><list style="numbers"> <t>Antarget="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/>.</t> <ol spacing="normal" type="1" indent="adaptive" start="1" pn="section-7-2"> <li pn="section-7-2.1" derivedCounter="1.">An ITR may receive an ICMP Network Unreachable or Host Unreachable message for an RLOC it is using. This indicates that the RLOC is likely down. Note that trusting ICMP messages may not be desirable, but neither is ignoring them completely. Implementations are encouraged to follow current best practices in treating these conditions <xreftarget="I-D.ietf-opsec-icmp-filtering"/>.</t> <t>Whentarget="I-D.ietf-opsec-icmp-filtering" format="default" sectionFormat="of" derivedContent="OPSEC-ICMP-FILTER"/>.</li> <li pn="section-7-2.2" derivedCounter="2.">When an ITR participates in the routing protocol that operates in the underlay routing system, it can determine that an RLOC is down when no Routing Information Base (RIB) entry exists that matches the RLOC IPaddress.</t> <t>Anaddress.</li> <li pn="section-7-2.3" derivedCounter="3.">An ITR may receive an ICMP Port Unreachable message from a destination host. This occurs if an ITR attempts to use interworking <xref target="RFC6832"/>format="default" sectionFormat="of" derivedContent="RFC6832"/> and LISP-encapsulated data is sent to a non-LISP-capablesite.</t> <t>Ansite.</li> <li pn="section-7-2.4" derivedCounter="4.">An ITR may receive a Map-Reply from an ETR in response to a previously sent Map-Request. The RLOC source of the Map-Reply is likely up, since the ETR was able to send the Map-Reply to the ITR. Please note that in some scenarios the RLOC-from-- from the outerheader-header -- can beana spoofablefield.</t> <t>Anfield.</li> <li pn="section-7-2.5" derivedCounter="5.">An ITR/ETR pair can use the 'RLOC-Probing' mechanism describedbelow.</t> </list></t> <t>Whenbelow.</li> </ol> <t indent="0" pn="section-7-3">When ITRs receive ICMP Network Unreachable or Host Unreachable messages as a method to determine unreachability, they will refrain from using Locators that are described in Locator lists of Map-Replies. However, using this approach is unreliable because many network operators turn off generation of ICMP Destination Unreachable messages.</t><t>If<t indent="0" pn="section-7-4">If an ITR does receive an ICMP Network Unreachable or Host Unreachable message, itMAY<bcp14>MAY</bcp14> originate its own ICMP Destination Unreachable message destined for the host that originated the data packet the ITR encapsulated.</t><t>This<t indent="0" pn="section-7-5">This assumption does create a dependency: Locator unreachability is detected by the receipt of ICMP Host Unreachable messages. When a Locator has been determined to be unreachable, it is not used for active traffic; this is the same as if it were listed in a Map-Reply with Priority 255.</t><t>The<t indent="0" pn="section-7-6">The ITR can test the reachability of the unreachable Locator by sending periodic Map-Requests. Both Map-Requests and Map-RepliesMUST<bcp14>MUST</bcp14> berate-limited,rate limited; see<xref target="MAPREQ"/>Sections <xref target="MAPREQ" format="counter" sectionFormat="of" derivedContent="5.3"/> and <xreftarget="MR-FORMAT"/>target="MR-FORMAT" format="counter" sectionFormat="of" derivedContent="5.4"/> for information aboutrate-limiting.rate limiting. Locator reachability testing is never done with data packets, since that increases the risk of packet loss for end-to-end sessions.</t> <section anchor="rloc-probe"title="RLOC-Probing Algorithm"> <t>RLOC-Probingnumbered="true" toc="include" removeInRFC="false" pn="section-7.1"> <name slugifiedName="name-rloc-probing-algorithm">RLOC-Probing Algorithm</name> <t indent="0" pn="section-7.1-1">RLOC-Probing is a method that an ITR or PITR can use to determine the reachability status of one or more Locators that it has cached in a Map-Cache entry. The probe-bit of the Map-Request and Map-Reply messages is used for RLOC-Probing.</t><t>RLOC-Probing<t indent="0" pn="section-7.1-2">RLOC-Probing is done in the control plane on a timer basis, where an ITR or PITR will originate a Map-Request destined to alocator addressRouting Locator Address from one of its ownlocator addresses.Routing Locator Addresses. A Map-Request used as anRLOC-probeRLOC-Probe is NOT encapsulated and NOT sent to a Map-Server or to the mapping database system as one would when requesting mapping data. TheEID recordEID-Record encoded in the Map-Request is the EID-Prefix of the Map-Cache entry cached by the ITR or PITR. The ITRMAY<bcp14>MAY</bcp14> include a mapping data record for its own database mapping information that contains the local EID-Prefixes and RLOCs for its site.RLOC-probesRLOC-Probes are sent periodically using a jittered timer interval. </t><t>When<t indent="0" pn="section-7.1-3">When an ETR receives a Map-Request message with the probe-bit set, it returns a Map-Reply with the probe-bit set. The source address of the Map-Reply is set to the IP address of the outgoing interface the Map-Reply destination address routes to. The Map-ReplySHOULD<bcp14>SHOULD</bcp14> contain mapping data for the EID-Prefix contained in the Map-Request. This provides the opportunity for the ITR or PITR that sent theRLOC-probeRLOC-Probe to get mapping updates if there were changes to the ETR's database mapping entries.</t><t>There<t indent="0" pn="section-7.1-4">There are advantages and disadvantages of RLOC-Probing. The main benefit of RLOC-Probing is that it can handle many failurescenariosscenarios, allowing the ITR to determine when the path to a specific Locator is reachable or has become unreachable, thus providing a robust mechanism for switching to using another Locator from the cached Locator. RLOC-Probing can also provide rough Round-Trip Time (RTT) estimates between a pair of Locators, which can be useful for network management purposes as well as for selectinglow delaylow-delay paths. The major disadvantage of RLOC-Probing is in the number of control messages required and the amount of bandwidth used to obtain those benefits, especially if the requirement for failure detection times is very small.</t> </section> </section> <sectiontitle="Interactionsnumbered="true" toc="include" removeInRFC="false" pn="section-8"> <name slugifiedName="name-interactions-with-other-lis">Interactions with Other LISPComponents">Components</name> <sectiontitle="ITRnumbered="true" toc="include" removeInRFC="false" pn="section-8.1"> <name slugifiedName="name-itr-eid-to-rloc-mapping-res">ITR EID-to-RLOC MappingResolution"> <t>AnResolution</name> <t indent="0" pn="section-8.1-1">An ITR is configured with one or more Map-Resolver addresses. These addresses are "Locators" (or RLOCs) andMUST<bcp14>MUST</bcp14> be routable on the underlying core network; theyMUST NOT<bcp14>MUST NOT</bcp14> need to be resolved through LISP EID-to-RLOC mapping, as that would introduce a circular dependency. When using a Map-Resolver, an ITR does not need to connect to any other databasemapping system.</t> <t>Mapping System.</t> <t indent="0" pn="section-8.1-2"> An ITR sends an Encapsulated Map-Request to a configured Map-Resolver when it needs an EID-to-RLOC mapping that is not found in its local Map-Cache. Using the Map-Resolver greatly reduces both the complexity of the ITR implementation and the costs associated with its operation.</t><t><t indent="0" pn="section-8.1-3"> In response to an Encapsulated Map-Request, the ITR can expect one of the following:</t><t><list style="symbols"> <t><ul spacing="normal" bare="false" empty="false" indent="3" pn="section-8.1-4"> <li pn="section-8.1-4.1"> An immediate Negative Map-Reply (with action codeof "Natively-Forward","Natively-Forward" and a 15-minuteTime to Live (TTL))TTL) from the Map-Resolver if the Map-Resolver can determine that the requested EID does not exist. The ITR saves the EID-Prefix returned in the Map-Reply in its cache, marks it as non-LISP-capable, and knows not to attempt LISP encapsulation for destinations matchingit.</t> <t>it.</li> <li pn="section-8.1-4.2"> A NegativeMap-Reply, withMap-Reply (with action codeof "Natively-Forward","Natively-Forward") from a Map-Server that is authoritative (within the LISP deployment<xref(<xref target="soa"/>)format="default" sectionFormat="of" derivedContent="Section 1.1"/>)) for an EID-Prefix that matches the requested EID but that does not have an actively registered, more-specificEID-prefix.EID-Prefix. In this case, the requested EID is said to match a "hole" in the authoritative EID-Prefix. If the requested EID matches a more-specific EID-Prefix that has been delegated by the Map-Server but for which no ETRs are currently registered, a 1-minute TTL is returned. If the requested EID matches a non-delegated part of the authoritative EID-Prefix, then it is not a LISP EID and a 15-minute TTL is returned. See <xreftarget="reg"/>target="reg" format="default" sectionFormat="of" derivedContent="Section 8.2"/> for a discussion of aggregate EID-Prefixes and detailsofregarding Map-Server EID-Prefixmatching.</t> <t>matching.</li> <li pn="section-8.1-4.3"> A LISP Map-Reply from the ETR that owns the EID-to-RLOC mapping or possibly from a Map-Server answering on behalf of the ETR. See <xref target="mr-processing"/>format="default" sectionFormat="of" derivedContent="Section 8.4"/> for more details on Map-Resolver messageprocessing.</t> </list></t> <t>processing.</li> </ul> <t indent="0" pn="section-8.1-5"> Note that an ITR may be configured to both use a Map-Resolver andtoparticipate in a LISP-ALT logical network. In such a situation, the ITRSHOULD<bcp14>SHOULD</bcp14> send Map-Requests through the ALT network for any EID-Prefix learned via ALT BGP. Such a configuration is expected to be very rare, since there is little benefit to using a Map-Resolver if an ITR is already using LISP-ALT. There would be, for example, no need for such an ITR to send a Map-Request to a possibly non-existent EID (and rely on Negative Map-Replies) if it can consult the ALT database to verify that an EID-Prefix is present before sending that Map-Request.</t> </section> <sectiontitle="EID-Prefixanchor="reg" numbered="true" toc="include" removeInRFC="false" pn="section-8.2"> <name slugifiedName="name-eid-prefix-configuration-an">EID-Prefix Configuration and ETRRegistration" anchor="reg"> <t>Registration</name> <t indent="0" pn="section-8.2-1"> An ETR publishes its EID-Prefixes on a Map-Server by sending LISP Map-Register messages. A Map-Register message includesauthentication data,Authentication Data, so prior to sending a Map-Register message, the ETR and Map-ServerMUST<bcp14>MUST</bcp14> be configured with a pre-shared secret used to derive Map-Register authentication keys. A Map-Server's configurationSHOULD<bcp14>SHOULD</bcp14> also include a list of the EID-Prefixes for which each ETR is authoritative. Upon receipt of a Map-Register from an ETR, a Map-Server accepts only EID-Prefixes that are configured for that ETR. Failure to implement such a check would leave themapping systemMapping System vulnerable to trivial EID-Prefix hijacking attacks.</t><t><t indent="0" pn="section-8.2-2"> In addition to the set of EID-Prefixes defined for each ETR that may register, a Map-Server is typically also configured with one or more aggregate prefixes that define the part of the EID numbering space assigned to it. When LISP-ALT is the database in use, aggregate EID-Prefixes are implemented as discard routes and advertised into ALT BGP. The existence of aggregate EID-Prefixes in a Map-Server's database means that it may receiveMap RequestsMap-Requests for EID-Prefixes that match an aggregate but do not match a registered prefix; <xref target="ms-processing"/>format="default" sectionFormat="of" derivedContent="Section 8.3"/> describes how this is handled.</t><t><t indent="0" pn="section-8.2-3"> Map-Register messages are sent periodically from an ETR to a Map-Server with a suggested interval between messages of one minute. A Map-ServerSHOULD<bcp14>SHOULD</bcp14> time out and remove an ETR's registration if it has not received a valid Map-Register message within the pastthree minutes.three minutes. When first contacting a Map-Server after restart or changes to its EID-to-RLOC database mappings, an ETRMAY<bcp14>MAY</bcp14> initially send Map-Register messages at an increased frequency, up to one every 20 seconds. This "quick registration" period is limited tofive minutesfive minutes in duration.</t><t><t indent="0" pn="section-8.2-4"> An ETRMAY<bcp14>MAY</bcp14> request that a Map-Server explicitly acknowledge receipt and processing of a Map-Register message by setting the "want-map-notify" (M-bit) flag. A Map-Server that receives a Map-Register with this flag set will respond with a Map-Notify message. Typical use of this flag by an ETR would be to set it for Map-Register messages sent during the initial "quick registration" with a Map-Server but then set it only occasionally during steady-state maintenance of its association with that Map-Server. Note that the Map-Notify message is sent to UDP destination port 4342, not to the source port specified in the original Map-Register message.</t><t><t indent="0" pn="section-8.2-5"> Note that a one-minute minimum registration interval during maintenance of an ETR-Map-Server association places a lower bound on how quickly and how frequently a mapping database entry can be updated. This may have implications for what sorts of mobility can be supported directly by themapping system;Mapping System; shorter registration intervals or other mechanisms might be needed to support faster mobility in some cases. For a discussion on one way that faster mobility may be implemented for individual devices, please see <xreftarget="I-D.ietf-lisp-mn"/>.</t> <t>target="I-D.ietf-lisp-mn" format="default" sectionFormat="of" derivedContent="LISP-MN"/>.</t> <t indent="0" pn="section-8.2-6"> An ETRMAY<bcp14>MAY</bcp14> also request, by setting the "proxy Map-Reply" flag (P-bit) in the Map-Register message, that a Map-Server answer Map-Requests instead of forwarding them to the ETR. See <xreftarget="rloc-probe"/>target="rloc-probe" format="default" sectionFormat="of" derivedContent="Section 7.1"/> for details on how the Map-Server sets certain flags (such as those indicating whether the message is authoritative and how returned LocatorsSHOULD<bcp14>SHOULD</bcp14> be treated) when sending a Map-Reply on behalf of an ETR. When an ETR requests proxy reply service, itSHOULD<bcp14>SHOULD</bcp14> include all RLOCs for all ETRs for the EID-Prefix being registered, along with the routable flag ("R-bit") setting for each RLOC. The Map-Server includes all of this information in Map-Reply messages that it sends on behalf of the ETR. This differs from a non-proxy registration, since the latter need only provide one or more RLOCs for a Map-Server to use for forwarding Map-Requests; the registration information is not used in Map-Replies, so it being incomplete is not incorrect.</t><t><t indent="0" pn="section-8.2-7"> An ETR that uses a Map-Server to publish its EID-to-RLOC mappings does not need to participate further in the mapping database protocol(s). When using a LISP-ALT mapping database, for example, this means that the ETR does not need to implement GRE or BGP, which greatly simplifies its configuration and reduces its cost of operation.</t><t><t indent="0" pn="section-8.2-8"> Note that use of a Map-Server does not preclude an ETR from also connecting to the mapping database (i.e., it could also connect to the LISP-ALT network), but doing so doesn't seem particularly useful, as the whole purpose of using a Map-Server is to avoid the complexity of the mapping database protocols.</t> </section> <sectiontitle="Map-Server Processing" anchor="ms-processing"> <t>anchor="ms-processing" numbered="true" toc="include" removeInRFC="false" pn="section-8.3"> <name slugifiedName="name-map-server-processing">Map-Server Processing</name> <t indent="0" pn="section-8.3-1"> Once a Map-Server has EID-Prefixes registered by its client ETRs, it can accept and process Map-Requests for them.</t><t><t indent="0" pn="section-8.3-2"> In response to a Map-Request, the Map-Server first checks to see if the destination EID matches a configured EID-Prefix. If there is no match, the Map-Server returns a Negative Map-Reply with action code "Natively-Forward" and a 15-minute TTL. This can occur if aMap RequestMap-Request is received for a configured aggregate EID-Prefix for which no more-specific EID-Prefix exists; it indicates the presence of a non-LISP "hole" in the aggregate EID-Prefix.</t><t>Next,<t indent="0" pn="section-8.3-3">Next, the Map-Server checks to see if any ETRs have registered the matching EID-Prefix. If none are found, then the Map-Server returns a Negative Map-Reply with action code "Natively-Forward" and a 1-minute TTL.</t><t>If<t indent="0" pn="section-8.3-4">If theEID-prefixEID-Prefix is either registered or not registered to themapping systemMapping System and there is a policy in the Map-Server to have therequestorrequester drop packets for the matchingEID-prefix,EID-Prefix, then a Drop/Policy-Denied action is returned. If theEID-prefixEID-Prefix is registered or not registered and there isaan authentication failure, then aDrop/Authentication- failureDrop/Auth-Failure action is returned. If either of these actionsresultresults as a temporary state in policy orauthenticationauthentication, then a Send-Map-Request action with a 1-minute TTLMAY<bcp14>MAY</bcp14> be returned to allow therequestorrequester to retry the Map-Request.</t><t><t indent="0" pn="section-8.3-5"> If any of the registered ETRs for the EID-Prefix have requested proxy reply service, then the Map-Server answers the request instead of forwarding it. It returns a Map-Reply with the EID-Prefix, RLOCs, and other information learned through the registration process.</t><t><t indent="0" pn="section-8.3-6"> If none of the ETRs have requested proxy reply service, then the Map-Server re-encapsulates and forwards the resulting Encapsulated Map-Request to one of the registered ETRs. It does not otherwise alter the Map-Request, so any Map-Reply sent by the ETR is returned to the RLOC in the Map-Request, not to the Map-Server. Unless also acting as a Map-Resolver, a Map-Server should never receive Map-Replies; any such messagesSHOULD<bcp14>SHOULD</bcp14> be discarded without response, perhaps accompanied by the logging of a diagnostic message if the rate of Map-Replies is suggestive of malicious traffic.</t> </section> <sectiontitle="Map-Resolver Processing" anchor="mr-processing"> <t>anchor="mr-processing" numbered="true" toc="include" removeInRFC="false" pn="section-8.4"> <name slugifiedName="name-map-resolver-processing">Map-Resolver Processing</name> <t indent="0" pn="section-8.4-1"> Upon receipt of an Encapsulated Map-Request, a Map-Resolver decapsulates the enclosed message and then searches for the requested EID in its local database of mapping entries (statically configured or learned from associated ETRs if the Map-Resolver is also a Map-Server offering proxy reply service). If it finds a matching entry, it returns a LISP Map-Reply with the known mapping.</t><t><t indent="0" pn="section-8.4-2"> If the Map-Resolver does not have the mapping entry and if it can determine that the EID is not in the mapping database (for example, if LISP-ALT is used, the Map-Resolver will have an ALT forwarding table that covers the full EID space), it immediately returns anegative LISP Map-Reply,Negative Map-Reply with action code "Natively-Forward" and a15&nbhy;minute15‑minute TTL. To minimize the number of negative cache entries needed by an ITR, the Map-ResolverSHOULD<bcp14>SHOULD</bcp14> return the least-specific prefix that both matches the original query and does not match any EID-Prefix known to exist in the LISP-capable infrastructure.</t><t><t indent="0" pn="section-8.4-3"> If the Map-Resolver does not have sufficient information to know whether the EID exists, it needs to forward the Map-Request to another device that has more information about the EID being requested. To do this, it forwards the unencapsulated Map-Request, with the original ITR RLOC as the source, to the mapping database system. Using LISP-ALT, the Map-Resolver is connected to the ALT network and sends the Map-Request to the next ALT hop learned from its ALT BGP neighbors. The Map-Resolver does not send any response to the ITR; since the source RLOC is that of the ITR, the ETR or Map-Server that receives the Map-Request over the ALT and responds will do so directly to the ITR.</t> <sectiontitle="Anycast Operation"> <t>numbered="true" toc="include" removeInRFC="false" pn="section-8.4.1"> <name slugifiedName="name-anycast-operation">Anycast Operation</name> <t indent="0" pn="section-8.4.1-1"> A Map-Resolver can be set up to use "anycast", where the same address is assigned to multiple Map-Resolvers and is propagated through IGP routing, to facilitate the use of a topologically close Map-Resolver by each ITR.</t><t><t indent="0" pn="section-8.4.1-2"> ETRsMAY<bcp14>MAY</bcp14> have anycast RLOC addresseswhichthat are registered as part of theirRLOC-setRLOC-Set to themapping system.Mapping System. However, registrationsMUST<bcp14>MUST</bcp14> use their unique RLOC addresses, distinct authenticationkeyskeys, or differentXTR-IDsxTR-IDs to identify security associations with the Map-Servers.</t> </section> </section> </section> <sectiontitle="Security Considerations"> <t>Anumbered="true" toc="include" removeInRFC="false" pn="section-9"> <name slugifiedName="name-security-considerations">Security Considerations</name> <t indent="0" pn="section-9-1">A LISP threat analysis can be found in <xreftarget="RFC7835"/>. In what followstarget="RFC7835" format="default" sectionFormat="of" derivedContent="RFC7835"/>. Here, we highlight security considerations that apply when LISP is deployed in environments such as those specified in <xreftarget="soa"/>,target="soa" format="default" sectionFormat="of" derivedContent="Section 1.1"/>, where the following assumptions hold:</t><t><list style="numbers"> <t>The<ol spacing="normal" type="1" indent="adaptive" start="1" pn="section-9-2"> <li pn="section-9-2.1" derivedCounter="1.">The Mapping System is secure and trusted, and for the purpose ofthisthese securityconsiderationsconsiderations, the Mapping System is considered as one trustedelement.</t> <t>Theelement.</li> <li pn="section-9-2.2" derivedCounter="2.">The ETRs have apre-configuredpreconfigured trust relationship with the Mapping System,which includesincluding some form of sharedsecret, and thesecret. The Mapping System is aware of which EIDs an ETR can advertise. How those keys and mappingsgetsare established is out ofthescopeoffor thisdocument.</t> <t>LISP-SEC <xref target="I-D.ietf-lisp-sec"/> MUSTdocument.</li> <li pn="section-9-2.3" derivedCounter="3.">LISP-SEC <xref target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/> <bcp14>MUST</bcp14> be implemented. Network operators should carefullyweightweigh how the LISP-SEC threat model applies to their particular use case or deployment. If they decide to ignore a particular recommendation, they should make sure the risk associated with the corresponding threats is wellunderstood.</t> </list></t> <t>Theunderstood.</li> </ol> <t indent="0" pn="section-9-3">The Map-Request/Map-Reply message exchange can be exploited by an attacker to mount DoS and/or amplification attacks. Attackers can send Map-Requests at high rates to overload LISP nodes and increase the state maintained by such nodes or consume CPU cycles. Such threats can be mitigated by systematically applying filters and rate limiters.</t><t>The<t indent="0" pn="section-9-4">The Map-Request/Map-Reply message exchange can also be exploited to inject forged mappings directlyininto the ITR EID-to-RLOCmap-cache.Map-Cache. This can lead to traffic being redirected to theattacker,attacker; see further details in <xreftarget="RFC7835"/>.target="RFC7835" format="default" sectionFormat="of" derivedContent="RFC7835"/>. In addition, valid ETRs in the system can perform overclaiming attacks. In this case, attackers can claim to own anEID-prefixEID-Prefix that is larger than the prefix owned by the ETR. Such attacks can be addressed by using LISP-SEC <xreftarget="I-D.ietf-lisp-sec"/>.target="RFC9303" format="default" sectionFormat="of" derivedContent="RFC9303"/>. The LISP-SEC protocol defines a mechanism for providing origin authentication, integrity protection, and prevention of'man-in-the-middle''man-in-the-middle' and'prefix overclaiming''prefix overclaiming' attacks on the Map-Request/Map-Reply exchange. Inadditionaddition, and while beyond the scope of securing an individual Map-Server or Map-Resolver, it should be noted that LISP-SEC can be complemented by additional security mechanisms defined by the Mapping SystemInfrastructure.infrastructure. For instance, BGP-based LISP-ALT <xreftarget="RFC6836"/>target="RFC6836" format="default" sectionFormat="of" derivedContent="RFC6836"/> can take advantage of standards work on adding security toBGPBGP, while LISP-DDT <xreftarget="RFC8111"/>target="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/> defines its own additional security mechanisms.</t><t>To<t indent="0" pn="section-9-5">To publish an authoritative EID-to-RLOC mapping with a Map-Server using the Map-Register message, an ETR includesauthentication dataAuthentication Data that is a MAC of the entire message using a key derived from the pre-shared secret. An implementationSHOULD<bcp14>SHOULD</bcp14> support HMAC-SHA256-128+HKDF-SHA256 <xreftarget="RFC5869"/>.target="RFC5869" format="default" sectionFormat="of" derivedContent="RFC5869"/>. The Map-Register message includes protectionforagainst replay attacks by aman-in-the-middle.man in the middle. However, there is a potential attack where a compromised ETR could overclaim the prefix it owns and successfully register it on its corresponding Map-Server. To mitigatethis andthis, as noted in <xreftarget="reg"/>,target="reg" format="default" sectionFormat="of" derivedContent="Section 8.2"/>, a Map-ServerMUST<bcp14>MUST</bcp14> verify that all EID-Prefixes registered by an ETR match the configuration stored on the Map-Server.</t><t>Deployments<t indent="0" pn="section-9-6">Deployments concerned about manipulations of Map-Request and Map-Replymessages,messages and malicious ETREID prefixEID-Prefix overclaimingMUST<bcp14>MUST</bcp14> drop LISPControl Planecontrol plane messages that do not contain LISP-SEC material (S-bit, EID-AD, OTK-AD,PKT-AD).</t> <t>MechanismsPKT-AD). See <xref target="RFC9303" sectionFormat="of" section="3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9303#section-3" derivedContent="RFC9303"/> for definitions of "EID-AD", "OTK-AD", and "PKT-AD".</t> <t indent="0" pn="section-9-7">Mechanisms to encrypt, support privacy, and prevent eavesdropping and packet tampering for messages exchanged between xTRs, between xTRs and themapping system,Mapping System, and between nodes that make up themapping system, SHOULDMapping System <bcp14>SHOULD</bcp14> be deployed. Examples of this are DTLS <xreftarget="RFC6347"/> or LISP-crypto <xref target="RFC8061"/>.</t>target="RFC9147" format="default" sectionFormat="of" derivedContent="RFC9147"/> or "lisp-crypto" <xref target="RFC8061" format="default" sectionFormat="of" derivedContent="RFC8061"/>.</t> </section> <sectiontitle="Privacy Considerations"> <t>Asnumbered="true" toc="include" removeInRFC="false" pn="section-10"> <name slugifiedName="name-privacy-considerations">Privacy Considerations</name> <t indent="0" pn="section-10-1">As noted by <xreftarget="RFC6973"/>target="RFC6973" format="default" sectionFormat="of" derivedContent="RFC6973"/>, privacy is a complex issue that greatly depends on the specific protocoluse-caseuse case and deployment. As noted insection 1.1 of<xreftarget="I-D.ietf-lisp-rfc6830bis"/>target="RFC9300" sectionFormat="of" section="1.1" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9300#section-1.1" derivedContent="RFC9300"/>, LISP focuses onuse-casesuse cases where entities communicate over the public Internet while keeping separate addressing and topology.In what followsHere, we detail the privacy threats introduced by the LISPControl Plane,control plane; the analysis is based on the guidelines detailed in <xreftarget="RFC6973"/>.</t> <t>LISPtarget="RFC6973" format="default" sectionFormat="of" derivedContent="RFC6973"/>.</t> <t indent="0" pn="section-10-2">LISP can use long-lived identifiers (EIDs) that survive mobility events. Such identifiers bind to the RLOCs of thenodes, which representsnodes. The RLOCs represent the topological location with respect to the specific LISP deployments. In addition, EID-to-RLOC mappings are typically considered public information within the LISP deployment whencontrol-planecontrol plane messages are notencrypted,encrypted and can be eavesdropped while Map-Request messages are sent to the corresponding Map-Resolvers or Map-Register messages to Map-Servers.</t><t>In<t indent="0" pn="section-10-3">In this context, attackers can correlate the EID with the RLOC and track the corresponding user topological location and/or mobility. This can be achieved by off-path attackers, if they are authenticated, by querying themapping system.Mapping System. Deployments concerned about this threat can use accesscontrol-listscontrol lists or stronger authentication mechanisms <xreftarget="I-D.ietf-lisp-ecdsa-auth"/>target="I-D.ietf-lisp-ecdsa-auth" format="default" sectionFormat="of" derivedContent="ECDSA-AUTH"/> in themapping systemMapping System to make sure that only authorized users can access this information (data minimization). Use of ephemeral EIDs <xreftarget="I-D.ietf-lisp-eid-anonymity"/>target="I-D.ietf-lisp-eid-anonymity" format="default" sectionFormat="of" derivedContent="EID-ANONYMITY"/> to achieve anonymity is another mechanism to lessen persistency and identity tracking.</t> </section> <sectiontitle="Changes since RFC 6833"> <t>Fornumbered="true" toc="include" removeInRFC="false" pn="section-11"> <name slugifiedName="name-changes-related-to-rfcs-683">Changes Related to RFCs 6830 and 6833</name> <t indent="0" pn="section-11-1">For implementation considerations, the following major changes have been made to this document sinceRFC 6833 was<xref target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/> and <xref target="RFC6833" format="default" sectionFormat="of" derivedContent="RFC6833"/> were published:</t><t><list style="symbols"> <t>A<ul spacing="normal" bare="false" empty="false" indent="3" pn="section-11-2"> <li pn="section-11-2.1">The 16-bit 'Key ID' field of the Map-Register and Map-Notify messages as defined in <xref target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/> has been split into an 8-bit 'Key ID' field and an 8-bit 'Algorithm ID' field. Note that this change also applies to the Map-Notify-Ack messageis added indefined by this document. See Sections <xref target="MAPREG" format="counter" sectionFormat="of" derivedContent="5.6"/> and <xref target="MAP-NOTIF-MAP-NOTIF-ACK" format="counter" sectionFormat="of" derivedContent="5.7"/>.</li> <li pn="section-11-2.2">This document defines a Map-Notify-Ack message to provide reliability for Map-Notify messages. Any receiver of a Map-Notify message must respond with a Map-Notify-Ack message. Map-Servers who are senders of Map-Notifymessages,messages must queue the Map-Notify contents until they receive a Map-Notify-Ack with the nonce used in the Map-Notify message. Note that implementations for Map-Notify-Ack support already exist and predate thisdocument.</t> <t>Thisdocument.</li> <li pn="section-11-2.3">This documentis incorporatinghas incorporated the codepoint for the Map-Referral message from the LISP-DDT specification <xreftarget="RFC8111"/>target="RFC8111" format="default" sectionFormat="of" derivedContent="RFC8111"/> to indicate that a Map-Server must send the final Map-Referral message when it participates in the LISP-DDTmapping system procedures.</t> <t>The L"Mapping System procedures.</li> <li pn="section-11-2.4">Bits L and"D" bits areD have been added to the Map-Request message. See <xreftarget="MAPREQ"/> for details.</t> <t>The "S", "I", "E", "T", "a", "R",target="MAPREQ" format="default" sectionFormat="of" derivedContent="Section 5.3"/> for details.</li> <li pn="section-11-2.5">Bits S, I, E, T, a, R, and"M" bits areM have been added to the Map-Register message. See <xreftarget="MAPREG"/> for details.</t> <t>The 16-bit Key-ID field of the Map-Register message has been split into a 8-bit Key-ID field and a 8-bit Algorithm-ID field.</t> <t>Thetarget="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/> for details.</li> <li pn="section-11-2.6">The nonce and theauthentication dataAuthentication Data in the Map-Register messagehave a different behaviour,each behave differently; see <xreftarget="MAPREG"/> for details.</t> <t>Thistarget="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/> for details.</li> <li pn="section-11-2.7">This document adds two newActionaction values that are in anEID-recordEID-Record thatappearappears in Map-Reply, Map-Register, Map-Notify, and Map-Notify-Ack messages.The Drop/Policy-Denied and Drop/Auth-Failure are the descriptions for the twoThese new actionvalues.values are Drop/Policy-Denied and Drop/Auth-Failure. See <xreftarget="MR-FORMAT"/>target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/> fordetails.</t> </list></t>details.</li> </ul> </section> <sectiontitle="IANA Considerations"> <t>Thisnumbered="true" toc="include" removeInRFC="false" pn="section-12"> <name slugifiedName="name-iana-considerations">IANA Considerations</name> <t indent="0" pn="section-12-1">This section provides guidance tothe Internet Assigned Numbers Authority (IANA)IANA regarding registration of values related to this LISPControl-Planecontrol plane specification, in accordance withBCP 26<xref target="RFC8126"/>.</t> <t>There are three namespaces (listed in the sub-sections below) in LISP that have been registered.</t> <t><list style="symbols"> <t>LISPformat="default" sectionFormat="of" derivedContent="RFC8126">BCP 26</xref>.</t> <ul spacing="normal" bare="false" empty="false" indent="3" pn="section-12-2"> <li pn="section-12-2.1">LISP IANA registry allocations should not be made for purposes unrelated to LISP routing or transportprotocols.</t> <t>Theprotocols.</li> <li pn="section-12-2.2">The following policies are used here with the meanings defined inBCP 26:<xref target="RFC8126" format="default" sectionFormat="of" derivedContent="RFC8126">BCP 26</xref>: "Specification Required", "IETF Review", "Experimental Use", and "First Come FirstServed".</t> </list></t>Served".</li> </ul> <t indent="0" pn="section-12-3">There are three namespaces (listed in the sub-sections below) in LISP that have been registered (see <xref target="RFC9299" format="default" sectionFormat="of" derivedContent="RFC9299"/>.</t> <sectiontitle="LISPnumbered="true" toc="include" removeInRFC="false" pn="section-12.1"> <name slugifiedName="name-lisp-udp-port-numbers">LISP UDP PortNumbers"> <t>The IANA registry hasNumbers</name> <t indent="0" pn="section-12.1-1">IANA allocated UDP port number 4342 for the LISPControl-Plane.control plane. IANA has updated the description for UDP port 4342as follows:</t> <figure> <artwork><![CDATA[ Keyword Port Transport Layer Description ------- ---- --------------- ----------- lisp-control 4342 udp LISPto reflect the following:</t> <table align="center" pn="table-2"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Service Name</th> <th align="left" colspan="1" rowspan="1">Port Number</th> <th align="left" colspan="1" rowspan="1">Transport Protocol</th> <th align="left" colspan="1" rowspan="1">Description</th> <th align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">lisp-control</td> <td align="left" colspan="1" rowspan="1">4342</td> <td align="left" colspan="1" rowspan="1">udp</td> <td align="left" colspan="1" rowspan="1">LISP ControlPackets ]]></artwork> </figure>Packets</td> <td align="left" colspan="1" rowspan="1">RFC 9301</td> </tr> </tbody> </table> </section> <sectiontitle="LISPnumbered="true" toc="include" removeInRFC="false" pn="section-12.2"> <name slugifiedName="name-lisp-packet-type-codes">LISP Packet TypeCodes"> <t>ItCodes</name> <t indent="0" pn="section-12.2-1">IANA isbeing requested that the IANA benow authoritative for LISP Packet Typedefinitions and it is requested to replacedefinitions, so they have replaced the<xref target="RFC6830"/>registrymessagereferences to <xref target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/> withthe RFC number assignedreferences to this document.</t><t>Based<t indent="0" pn="section-12.2-2">Based on deployment experienceofrelated to <xreftarget="RFC6830"/>,target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/>, the Map-Notify-Ackmessage,message (message type5, was added by5) is defined in this document.This document requestsIANAto addhas registered ittoin theLISP"LISP PacketType Registry.</t> <figure> <artwork><![CDATA[ Name Number Defined in ---- ------ ----------- LISP Map-Notify-Ack 5 RFC6833bis ]]></artwork> </figure>Types" registry.</t> <table align="center" pn="table-3"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Message</th> <th align="left" colspan="1" rowspan="1">Code</th> <th align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">LISP Map-Notify-Ack</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">RFC 9301</td> </tr> </tbody> </table> </section> <sectiontitle="LISPanchor="act-iana" numbered="true" toc="include" removeInRFC="false" pn="section-12.3"> <name slugifiedName="name-lisp-map-reply-eid-record-a">LISP Map-Reply EID-Record ActionCodes" anchor="act-iana"> <t>NewCodes</name> <t indent="0" pn="section-12.3-1">New ACT values can be allocated through IETFreviewReview or IESGapproval.Approval. Four values have already been allocated by <xreftarget="RFC6830"/>.target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/>. IANAis requested to replacehas replaced the<xref target="RFC6830"/>referencefor this registry with the RFC number assignedpointing tothis document and<xreftarget="RFC6830"/>.target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/> to point to this document. This specification changes the Action name ofACT type 3value 3 from "Drop" to"Drop/No-Reason" as well as adding two"Drop/No-Reason". It also adds the following new ACTvalues, the "Drop/Policy-Denied" (type 4) and "Drop/Authentication-Failure" (type 5).</t> <texttable title="LISPvalues.</t> <table align="center" pn="table-4"> <name slugifiedName="name-lisp-map-reply-action-value">LISP Map-Reply ActionValues"> <ttcol align='left'>Value</ttcol> <ttcol align='left'>Action</ttcol> <ttcol align='left'>Description</ttcol> <ttcol align='left'>Raeference</ttcol> <c>4</c> <c>Drop/Policy-Denied</c> <c>AValues</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Value</th> <th align="left" colspan="1" rowspan="1">Action</th> <th align="left" colspan="1" rowspan="1">Description</th> <th align="left" colspan="1" rowspan="1">Reference</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">Drop/Policy-Denied</td> <td align="left" colspan="1" rowspan="1">A packet matching this Map-Cache entry is dropped because the targetEWIDEID is policy-denied by the xTR or themapping system.</c> <c>RFC6833bis</c> <c>5</c> <c>Drop/Auth-Failure</c> <c>PacketMapping System.</td> <td align="left" colspan="1" rowspan="1">RFC 9301</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">Drop/Auth-Failure</td> <td align="left" colspan="1" rowspan="1">A packet matchingthethis Map-Cache entry is droppedbeacusebecause the Map-Request for the target EID fails an authentication check by the xTR or themapping system.</c> <c>RFC6833bis</c> </texttable> <t>InMapping System.</td> <td align="left" colspan="1" rowspan="1">RFC 9301</td> </tr> </tbody> </table> <t indent="0" pn="section-12.3-3">In addition, LISP has a number of flag fields and reserved fields, such as the flags of the LISP headerflags fieldfields <xreftarget="I-D.ietf-lisp-rfc6830bis" />.target="RFC9300" format="default" sectionFormat="of" derivedContent="RFC9300"/>. New bits for flags in these fields can be implemented after IETFreviewReview or IESGapproval,Approval, but these need not be managed by IANA.</t> </section> <section anchor="IANA"title="LISPnumbered="true" toc="include" removeInRFC="false" pn="section-12.4"> <name slugifiedName="name-lisp-address-type-codes">LISP Address TypeCodes"> <t>LISPCodes</name> <t indent="0" pn="section-12.4-1">LISP Canonical Address Format (LCAF) <xreftarget="RFC8060"/> istarget="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/> has an 8-bit Type field that defines LISP-specific encodings for AFI value 16387. LCAF encodings are used for specificuse-casesuse cases where different address types forEID-recordsEID-Records andRLOC-recordsRLOC-Records are required.</t><t>The IANA registry<t indent="0" pn="section-12.4-2">The "LISP Canonical Address Format (LCAF) Types" registry is used for LCAF types. The registry for LCAF typesuseuses the Specification Required policy <xreftarget="RFC8126"/>.target="RFC8126" format="default" sectionFormat="of" derivedContent="RFC8126"/>. Initial values for the registry as well as further information can be found in <xreftarget="RFC8060"/>.</t> <t>Therefore,target="RFC8060" format="default" sectionFormat="of" derivedContent="RFC8060"/>.</t> <t indent="0" pn="section-12.4-3">Therefore, there is no longer a need for the "LISP Address Type Codes" registry requested by <xreftarget="RFC6830"/>. This document requests to remove it.</t>target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/>. Per this document, the registry has been closed.</t> </section> <sectiontitle="LISPanchor="KEYS" numbered="true" toc="include" removeInRFC="false" pn="section-12.5"> <name slugifiedName="name-lisp-algorithm-id-numbers">LISP Algorithm IDNumbers" anchor="KEYS"> <t>InNumbers</name> <t indent="0" pn="section-12.5-1">In <xreftarget="RFC6830"/>,target="RFC6830" format="default" sectionFormat="of" derivedContent="RFC6830"/>, a request for a "LISP Key ID Numbers" registry was submitted.This document renamesPer this document, IANA has renamed the registry to "LISP Algorithm ID Numbers" andrequests the IANA to makelisted this document as thename change.</t> <t>Theregistry reference.</t> <t indent="0" pn="section-12.5-2">The following Algorithm ID values are defined by thisspecificationspecification, as used in any packet type that referencesaan 'Algorithm ID' field:</t><figure> <artwork><![CDATA[ Name Number MAC KDF ------------------------------------------------------- None 0 None None HMAC-SHA-1-96-None 1 [RFC2404] None HMAC-SHA-256-128-None 2 [RFC4868] None HMAC-SHA256-128+HKDF-SHA256 3 [RFC4868] [RFC4868] ]]></artwork> </figure> <t>Number<table align="center" pn="table-5"> <thead> <tr> <th align="left" colspan="1" rowspan="1">Name</th> <th align="left" colspan="1" rowspan="1">Number</th> <th align="left" colspan="1" rowspan="1">MAC</th> <th align="left" colspan="1" rowspan="1">KDF</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">None</td> <td align="left" colspan="1" rowspan="1">0</td> <td align="left" colspan="1" rowspan="1">None</td> <td align="left" colspan="1" rowspan="1">None</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">HMAC-SHA-1-96-None</td> <td align="left" colspan="1" rowspan="1">1</td> <td align="left" colspan="1" rowspan="1"> <xref target="RFC2404" format="default" sectionFormat="of" derivedContent="RFC2404"/></td> <td align="left" colspan="1" rowspan="1">None</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">HMAC-SHA-256-128-None</td> <td align="left" colspan="1" rowspan="1">2</td> <td align="left" colspan="1" rowspan="1"> <xref target="RFC4868" format="default" sectionFormat="of" derivedContent="RFC4868"/></td> <td align="left" colspan="1" rowspan="1">None</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">HMAC-SHA256-128+HKDF-SHA256</td> <td align="left" colspan="1" rowspan="1">3</td> <td align="left" colspan="1" rowspan="1"> <xref target="RFC4868" format="default" sectionFormat="of" derivedContent="RFC4868"/></td> <td align="left" colspan="1" rowspan="1"> <xref target="RFC4868" format="default" sectionFormat="of" derivedContent="RFC4868"/></td> </tr> </tbody> </table> <t indent="0" pn="section-12.5-4">Number values are in the range of 0 to 255.The allocation of values isValues are assigned on afirst come first servedFirst Come First Served basis.</t> </section> <sectiontitle="LISPanchor="BITS" numbered="true" toc="include" removeInRFC="false" pn="section-12.6"> <name slugifiedName="name-lisp-bit-flags">LISP BitFlags" anchor="BITS"> <t>ThisFlags</name> <t indent="0" pn="section-12.6-1">This document asks IANA to create a registry for allocation of bits in several headers of the LISP control plane, namely inthe Map-Request, Map-Reply, Map-Register,Map-Request messages, Map-Reply messages, Map-Register messages, and Encapsulated ControlMessage (ECM) messages.Messages. Bit allocations are also requested forEID-recordsEID-Records andRLOC-records.RLOC-Records. The registry created should be named "LISP Control Plane Header Bits". Asub-registrysubregistry needs to be created per each message andEID-record.EID-Record. The name of eachsub-registrysubregistry is indicated below, along with its format and allocation of bits defined in this document. Any additionalbits allocation, requiresbit allocations require a specification,accordingin accordance with policies defined in <xreftarget="RFC8126"/> policies.</t> <t>Sub-Registry:target="RFC8126" format="default" sectionFormat="of" derivedContent="RFC8126"/>.</t> <t indent="0" pn="section-12.6-2">Subregistry: Map-Request Header Bits[<xref target="NONCE"/>]:</t> <figure><artwork>(<xref target="NONCE" format="default" sectionFormat="of" derivedContent="Section 5.2"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-3"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=1 |A|M|P|S|p|s|R|R| Rsvd |L|D| IRC | Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-6"> <name slugifiedName="name-lisp-map-request-header-bit">LISP Map-Request HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>A</c><c>map-request-A</c><c>4</c><c>Authoritative Bit</c> <c>M</c><c>map-request-M</c><c>5</c><c>MapBits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">A</td> <td align="left" colspan="1" rowspan="1">Map-Request-A</td> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">Authoritative Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">M</td> <td align="left" colspan="1" rowspan="1">Map-Request-M</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">Map Data PresentBit</c> <c>P</c><c>map-request-P</c><c>6</c><c>RLOC-ProbeBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">P</td> <td align="left" colspan="1" rowspan="1">Map-Request-P</td> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">RLOC-Probe RequestBit</c> <c>S</c><c>map-request-S</c><c>7</c><c>SolicitBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">S</td> <td align="left" colspan="1" rowspan="1">Map-Request-S</td> <td align="left" colspan="1" rowspan="1">7</td> <td align="left" colspan="1" rowspan="1">Solicit Map-Request (SMR)Bit</c> <c>p</c><c>map-request-p</c><c>8</c><c>Proxy-ITR Bit</c> <c>s</c><c>map-request-s</c><c>9</c><c>SolicitBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">p</td> <td align="left" colspan="1" rowspan="1">Map-Request-p</td> <td align="left" colspan="1" rowspan="1">8</td> <td align="left" colspan="1" rowspan="1">Proxy-ITR Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">s</td> <td align="left" colspan="1" rowspan="1">Map-Request-s</td> <td align="left" colspan="1" rowspan="1">9</td> <td align="left" colspan="1" rowspan="1">Solicit Map-Request InvokedBit</c> <c>L</c><c>map-request-L</c><c>17</c><c>LocalBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">L</td> <td align="left" colspan="1" rowspan="1">Map-Request-L</td> <td align="left" colspan="1" rowspan="1">17</td> <td align="left" colspan="1" rowspan="1">Local xTRBit</c> <c>D</c><c>map-request-D</c><c>18</c><c>Don't Map-Reply Bit</c> </texttable> <t>Sub-Registry:Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">D</td> <td align="left" colspan="1" rowspan="1">Map-Request-D</td> <td align="left" colspan="1" rowspan="1">18</td> <td align="left" colspan="1" rowspan="1">Don't Map-Reply Bit</td> </tr> </tbody> </table> <t indent="0" pn="section-12.6-5">Subregistry: Map-Reply Header Bits[<xref target="MR-FORMAT"/>]:</t> <figure><artwork>(<xref target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-6"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=2 |P|E|S| Reserved | Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-7"> <name slugifiedName="name-lisp-map-reply-header-bits">LISP Map-Reply HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>P</c><c>map-reply-P</c><c>4</c><c>RLOC-Probe Bit</c> <c>E</c><c>map-reply-E</c><c>5</c><c>Echo NonceBits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">P</td> <td align="left" colspan="1" rowspan="1">Map-Reply-P</td> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">RLOC-Probe Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">E</td> <td align="left" colspan="1" rowspan="1">Map-Reply-E</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">Echo-Nonce CapableBit</c> <c>S</c><c>map-reply-S</c><c>6</c><c>Security Bit</c> </texttable> <t>Sub-Registry:Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">S</td> <td align="left" colspan="1" rowspan="1">Map-Reply-S</td> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">Security Bit</td> </tr> </tbody> </table> <t indent="0" pn="section-12.6-8">Subregistry: Map-Register Header Bits[<xref target="MAPREG"/>]:</t> <figure><artwork>(<xref target="MAPREG" format="default" sectionFormat="of" derivedContent="Section 5.6"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-9"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=3 |P|S|I| Reserved |E|T|a|R|M| Record Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-8"> <name slugifiedName="name-lisp-map-register-header-bi">LISP Map-Register HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>P</c><c>map-register-P</c><c>4</c><c>Proxy Map-Reply Bit</c> <c>S</c><c>map-register-S</c><c>5</c><c>LISP-SECBits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">P</td> <td align="left" colspan="1" rowspan="1">Map-Register-P</td> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">Proxy Map-Reply Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">S</td> <td align="left" colspan="1" rowspan="1">Map-Register-S</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">LISP-SEC CapableBit</c> <c>I</c><c>map-register-I</c><c>6</c><c>xTR-ID present flag</c> </texttable> <t>Sub-Registry:Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">I</td> <td align="left" colspan="1" rowspan="1">Map-Register-I</td> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">xTR-ID Present Bit</td> </tr> </tbody> </table> <t indent="0" pn="section-12.6-11">Subregistry: Encapsulated Control Message (ECM) Header Bits[<xref target="encap-mr"/>]:</t> <figure><artwork>(<xref target="encap-mr" format="default" sectionFormat="of" derivedContent="Section 5.8"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-12"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=8 |S|D|E|M| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-9"> <name slugifiedName="name-lisp-encapsulated-control-m">LISP Encapsulated Control Message (ECM) HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>S</c><c>ecm-S</c><c>4</c><c>Security Bit</c> <c>D</c><c>ecm-D</c><c>5</c><c>LISP-DDT Bit</c> <c>E</c><c>ecm-E</c><c>6</c><c>Forward to ETR Bit</c> <c>M</c><c>ecm-M</c><c>7</c><c>Destined to Map-Server Bit</c> </texttable> <t>Sub-Registry:Bits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">S</td> <td align="left" colspan="1" rowspan="1">ECM-S</td> <td align="left" colspan="1" rowspan="1">4</td> <td align="left" colspan="1" rowspan="1">Security Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">D</td> <td align="left" colspan="1" rowspan="1">ECM-D</td> <td align="left" colspan="1" rowspan="1">5</td> <td align="left" colspan="1" rowspan="1">LISP-DDT Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">E</td> <td align="left" colspan="1" rowspan="1">ECM-E</td> <td align="left" colspan="1" rowspan="1">6</td> <td align="left" colspan="1" rowspan="1">Forward to ETR Bit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">M</td> <td align="left" colspan="1" rowspan="1">ECM-M</td> <td align="left" colspan="1" rowspan="1">7</td> <td align="left" colspan="1" rowspan="1">Destined to Map-Server Bit</td> </tr> </tbody> </table> <t indent="0" pn="section-12.6-14">Subregistry: EID-Record Header Bits[<xref target="MR-FORMAT"/>]:</t> <figure><artwork>(<xref target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-15"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Locator Count | EID mask-len | ACT |A| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-10"> <name slugifiedName="name-lisp-eid-record-header-bits">LISP EID-Record HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>A</c><c>eid-record-A</c><c>19</c><c>Authoritative Bit</c> </texttable> <t>Sub-Registry:Bits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">A</td> <td align="left" colspan="1" rowspan="1">EID-Record-A</td> <td align="left" colspan="1" rowspan="1">19</td> <td align="left" colspan="1" rowspan="1">Authoritative Bit</td> </tr> </tbody> </table> <t indent="0" pn="section-12.6-17">Subregistry: RLOC-Record Header Bits[<xref target="MR-FORMAT"/>]:</t> <figure><artwork>(<xref target="MR-FORMAT" format="default" sectionFormat="of" derivedContent="Section 5.4"/>):</t> <artwork name="" type="" align="left" alt="" pn="section-12.6-18"> 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Unused Flags |L|p|R| Loc-AFI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork></figure> <texttable title="LISP</artwork> <table align="center" pn="table-11"> <name slugifiedName="name-lisp-rloc-record-header-bit">LISP RLOC-Record HeaderBits"> <ttcol align='left'>Spec Name</ttcol> <ttcol align='left'>IANA Name</ttcol> <ttcol align='left'>Bit Position</ttcol> <ttcol align='left'>Description</ttcol> <c>L</c><c>rloc-record-L</c><c>13</c><c>LocalBits</name> <thead> <tr> <th align="left" colspan="1" rowspan="1">Spec Name</th> <th align="left" colspan="1" rowspan="1">IANA Name</th> <th align="left" colspan="1" rowspan="1">Bit Position</th> <th align="left" colspan="1" rowspan="1">Description</th> </tr> </thead> <tbody> <tr> <td align="left" colspan="1" rowspan="1">L</td> <td align="left" colspan="1" rowspan="1">RLOC-Record-L</td> <td align="left" colspan="1" rowspan="1">13</td> <td align="left" colspan="1" rowspan="1">Local RLOCBit</c> <c>p</c><c>rloc-record-p</c><c>19</c><c>RLOC-ProbeBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">p</td> <td align="left" colspan="1" rowspan="1">RLOC-Record-p</td> <td align="left" colspan="1" rowspan="1">14</td> <td align="left" colspan="1" rowspan="1">RLOC-Probe ReplyBit</c> <c>R</c><c>rloc-record-R</c><c>19</c><c>RLOCBit</td> </tr> <tr> <td align="left" colspan="1" rowspan="1">R</td> <td align="left" colspan="1" rowspan="1">RLOC-Record-R</td> <td align="left" colspan="1" rowspan="1">15</td> <td align="left" colspan="1" rowspan="1">RLOC ReachableBit</c> </texttable>Bit</td> </tr> </tbody> </table> </section> </section> </middle> <back> <displayreference target="I-D.ietf-lisp-eid-anonymity" to="EID-ANONYMITY"/> <displayreference target="I-D.ietf-lisp-ecdsa-auth" to="ECDSA-AUTH"/> <displayreference target="I-D.ietf-lisp-mn" to="LISP-MN"/> <displayreference target="I-D.ietf-lisp-pubsub" to="LISP-PUBSUB"/> <displayreference target="I-D.ietf-opsec-icmp-filtering" to="OPSEC-ICMP-FILTER"/> <displayreference target="I-D.herbert-intarea-ila" to="INTAREA-ILA"/> <referencestitle='Normative References'> <?rfc include="reference.RFC.2119'?> <?rfc include="reference.RFC.8174'?> <?rfc include="reference.RFC.8126'?> <?rfc include="reference.RFC.8085'?> <?rfc include="reference.RFC.4086'?> <?rfc include="reference.RFC.2404'?> <?rfc include="reference.RFC.4868'?> <?rfc include="reference.RFC.5869'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-rfc6830bis.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-6834bis.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-sec.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-rfc8113bis.xml'?> </references>pn="section-13"> <name slugifiedName="name-references">References</name> <referencestitle='Informative References'> <?rfc include="reference.RFC.4984'?> <?rfc include="reference.RFC.6973'?> <?rfc include="reference.RFC.8111'?> <?rfc include="reference.RFC.6347'?> <?rfc include="reference.RFC.6836'?> <?rfc include="reference.RFC.8378'?> <?rfc include="reference.RFC.8060'?> <?rfc include="reference.RFC.8061'?> <?rfc include="reference.RFC.6837'?> <?rfc include="reference.RFC.6831'?> <?rfc include="reference.RFC.6830'?> <?rfc include="reference.RFC.1071'?> <?rfc include="reference.RFC.1035'?> <?rfc include="reference.RFC.2104'?> <?rfc include="reference.RFC.6234'?> <?rfc include="reference.RFC.6832'?> <?rfc include="reference.RFC.7348'?> <?rfc include="reference.RFC.7835'?> <?rfc include="reference.RFC.2890'?> <?rfc include="reference.RFC.8402'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-eid-anonymity'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-ecdsa-auth.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-mn.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-eid-mobility.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-gpe.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-nvo3-vxlan-gpe.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-introduction.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-lisp-pubsub'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-opsec-icmp-filtering.xml'?> <?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.herbert-intarea-ila.xml'?>pn="section-13.1"> <name slugifiedName="name-normative-references">Normative References</name> <referenceanchor="AFI">anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" quoteTitle="true" derivedAnchor="RFC2119"> <front><title>Address Family Identifier (AFIs)</title><title>Key words for use in RFCs to Indicate Requirement Levels</title> <authorsurname="IANA"> <organization /> </author>fullname="S. Bradner" initials="S." surname="Bradner"/> <datemonth="Febuary" year="2007" />month="March" year="1997"/> <abstract> <t indent="0">In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfoname="ADDRESS FAMILY NUMBERS" value="http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml?"/>name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <referenceanchor="GTP-3GPP">anchor="RFC2404" target="https://www.rfc-editor.org/info/rfc2404" quoteTitle="true" derivedAnchor="RFC2404"> <front><title>General Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U)</title><title>The Use of HMAC-SHA-1-96 within ESP and AH</title> <authorsurname="3GPP"> <organization /> </author>fullname="C. Madson" initials="C." surname="Madson"/> <author fullname="R. Glenn" initials="R." surname="Glenn"/> <datemonth="January" year="2015"/>month="November" year="1998"/> <abstract> <t indent="0">This memo describes the use of the HMAC algorithm in conjunction with the SHA-1 algorithm as an authentication mechanism within the revised IPSEC Encapsulating Security Payload and the revised IPSEC Authentication Header. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfoname="TS.29.281" value="https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1699"/>name="RFC" value="2404"/> <seriesInfo name="DOI" value="10.17487/RFC2404"/> </reference></references> <section title="Acknowledgments"> <t>The original authors would like to thank Greg Schudel, Darrel Lewis, John Zwiebel, Andrew Partan, Dave Meyer, Isidor Kouvelas, Jesper Skriver, Fabio Maino, and members of the lisp@ietf.org mailing list<reference anchor="RFC4086" target="https://www.rfc-editor.org/info/rfc4086" quoteTitle="true" derivedAnchor="RFC4086"> <front> <title>Randomness Requirements fortheir feedback and helpful suggestions.</t> <t> Special thanksSecurity</title> <author fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"/> <author fullname="J. Schiller" initials="J." surname="Schiller"/> <author fullname="S. Crocker" initials="S." surname="Crocker"/> <date month="June" year="2005"/> <abstract> <t indent="0">Security systems aredue to Noel Chiappabuilt on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities forhis extensive workpasswords, cryptographic keys, andthought about caching in Map-Resolvers.</t> <t>The current authors would likesimilar quantities. The use of pseudo-random processes togive a sincere thank yougenerate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce thepeople who help put LISP on standards track inenvironment that produced theIETF. They include Joel Halpern, Luigi Iannone, Deborah Brungard, Fabio Maino, Scott Bradner, Kyle Rose, Takeshi Takahashi, Sarah Banks, Pete Resnick, Colin Perkins, Mirja Kuhlewind, Francis Dupont, Benjamin Kaduk, Eric Rescorla, Alvaro Retana, Alexey Melnikov, Alissa Cooper, Suresh Krishnan, Alberto Rodriguez-Natal, Vina Ermagen, Mohamed Boucadair, Brian Trammell, Sabrina Tanamal,secret quantities andJohn Drake. The contributions they offered greatly addedto search thesecurity, scale, and robustnessresulting small set of possibilities than to locate theLISP architecturequantities in the whole of the potential number space.</t> <t indent="0">Choosing random quantities to foil a resourceful andprotocols.</t> </section> <section title="Document Change Log"> <t>[RFC Editor: Please delete this sectionmotivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware onpublication as RFC.]</t> <section title="Changesmany systems can be used for this purpose. It provides suggestions todraft-ietf-lisp-rfc6833bis-26"> <t><list style="symbols"> <t>Posted November 2019.</t> <t>Fixedameliorate therequired (MUST implement) authentcation algorithms.</t> <t>Fixedproblem when alarge set of minor commentshardware solution is not available, andedits.</t> </list></t> </section> <section title="Changesit gives examples of how large such quantities need todraft-ietf-lisp-rfc6833bis-25"> <t><list style="symbols"> <t>Posted June 2019.</t> <t>Added change requested by Mirja describing Record Count inbe for some applications. This document specifies anEID-record.</t> <t>Fixed Requirements Notation section per Pete.</t> <t>Added KDFInternet Best Current Practices forshared-secret</t> <t>Specified several rate-limitersthe Internet Community, and requests discussion and suggestions forcontrol messages</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-24"> <t><list style="symbols"> <t>Posted February 2019.</t> <t>Added suggested text from Albert that Benjamin Kaduk agreed with.</t> <t>Added suggested editorial comments from Alvaro's rewview.</t> <t>Ran document through IDnits. Fixed bugs found.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-23"> <t><list style="symbols"> <t>Posted December 2018.</t> <t>Added to Security Considerations section that deployments that care about prefix over claiming shouldimprovements.</t> </abstract> </front> <seriesInfo name="BCP" value="106"/> <seriesInfo name="RFC" value="4086"/> <seriesInfo name="DOI" value="10.17487/RFC4086"/> </reference> <reference anchor="RFC4868" target="https://www.rfc-editor.org/info/rfc4868" quoteTitle="true" derivedAnchor="RFC4868"> <front> <title>Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec</title> <author fullname="S. Kelly" initials="S." surname="Kelly"/> <author fullname="S. Frankel" initials="S." surname="Frankel"/> <date month="May" year="2007"/> <abstract> <t indent="0">This specification describes the useLISP-SEC.</t> <t>Added to Security Considerations section that DTLS or LISP-cryptoof Hashed Message Authentication Mode (HMAC) in conjunction with the SHA-256, SHA-384, and SHA-512 algorithms in IPsec. These algorithms may be used as the basis forcontrol-plane privacy.</t> <t>Make LISP-SEC a normative reference.</t> <t>Make it more clear where field descriptionsdata origin authentication and integrity verification mechanisms for the Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange Protocol (IKE), and IKEv2 protocols, and also as Pseudo-Random Functions (PRFs) for IKE and IKEv2. Truncated output lengths arespec'ed when referencing tospecified for thesame fieldsauthentication-related variants, with the corresponding algorithms designated as HMAC-SHA-256-128, HMAC-SHA-384-192, and HMAC-SHA-512-256. The PRF variants are not truncated, and are called PRF-HMAC-SHA-256, PRF-HMAC-SHA-384, and PRF-HMAC-SHA-512. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4868"/> <seriesInfo name="DOI" value="10.17487/RFC4868"/> </reference> <reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5869" quoteTitle="true" derivedAnchor="RFC5869"> <front> <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/> <author fullname="P. Eronen" initials="P." surname="Eronen"/> <date month="May" year="2010"/> <abstract> <t indent="0">This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block inother packet types.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-22"> <t><list style="symbols"> <t>Posted week after IETF November 2018.</t> <t>No longer need to use IPSEC for replay attacks.</t> </list></t> </section> <section title="Changesvarious protocols and applications. The key derivation function (KDF) is intended todraft-ietf-lisp-rfc6833bis-21"> <t><list style="symbols"> <t>Posted early November 2018.</t> <t>Added I-bit backsupport a wide range of applications and requirements, and is conservative inbecauseitsnecessary touse of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published forMap-Register replay attack scenarios. Theinformational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="5869"/> <seriesInfo name="DOI" value="10.17487/RFC5869"/> </reference> <reference anchor="RFC6833" target="https://www.rfc-editor.org/info/rfc6833" quoteTitle="true" derivedAnchor="RFC6833"> <front> <title>Locator/ID Separation Protocol (LISP) Map-ServertracksInterface</title> <author fullname="V. Fuller" initials="V." surname="Fuller"/> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <date month="January" year="2013"/> <abstract> <t indent="0">This document describes thenonce per xTR-ID to detect duplicateMapping Service for the Locator/ID Separation Protocol (LISP), implemented by two new types of LISP- speaking devices -- the LISP Map-Resolver and LISP Map-Server -- that provides a simplified "front end" for one orreplayed Map-Register messages.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-20"> <t><list style="symbols"> <t>Posted late October 2018.</t> <t>Changed description about "reserved" bitsmore Endpoint ID tostate "reservedRouting Locator mapping databases.</t> <t indent="0">By using this service interface andunassigned".</t> <t>Make it more clear how Map-Register nonce processing is performed in an ETRcommunicating with Map-Resolvers andMap-Server.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-19"> <t><list style="symbols"> <t>Posted mid October 2018.</t> <t>Added Fabio text toMap-Servers, LISP Ingress Tunnel Routers and Egress Tunnel Routers are not dependent on theSecurity Considerations section.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-18"> <t><list style="symbols"> <t>Posted mid October 2018.</t> <t>Fixed comments from Eric after more email clarity.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-17"> <t><list style="symbols"> <t>Posted early October 2018.</t> <t>Changesdetails of mapping database systems, which facilitates experimentation with different database designs. Since these devices implement the "edge" of the LISP infrastructure, connect directly toreflect comments from Sep 27th Telechat.</t> <t>Added all flag bit definitions as request for allocation in IANA Considersations section.</t> <t>AddedLISP-capable Internet end sites, and comprise the bulk of LISP-speaking devices, reducing their implementation and operational complexity should also reduce the overall cost and effort of deploying LISP. This document defines anapplicability statement in section 1 to address security concerns from Telechat.</t> <t>Moved m-bit descriptionExperimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6833"/> <seriesInfo name="DOI" value="10.17487/RFC6833"/> </reference> <reference anchor="RFC8085" target="https://www.rfc-editor.org/info/rfc8085" quoteTitle="true" derivedAnchor="RFC8085"> <front> <title>UDP Usage Guidelines</title> <author fullname="L. Eggert" initials="L." surname="Eggert"/> <author fullname="G. Fairhurst" initials="G." surname="Fairhurst"/> <author fullname="G. Shepherd" initials="G." surname="Shepherd"/> <date month="March" year="2017"/> <abstract> <t indent="0">The User Datagram Protocol (UDP) provides a minimal message-passing transport that has no inherent congestion control mechanisms. This document provides guidelines on the use of UDP for the designers of applications, tunnels, andIANA request to draft-ietf-lisp-mn.</t> <t>Moved I-bit descriptionother protocols that use UDP. Congestion control guidelines are a primary focus, but the document also provides guidance on other topics, including message sizes, reliability, checksums, middlebox traversal, the use of Explicit Congestion Notification (ECN), Differentiated Services Code Points (DSCPs), andIANA request to draft-ietf-lisp-pubsub.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-16"> <t><list style="symbols"> <t>Posted Late-September 2018.</t> <t>Re-wrote Security Considerations section. Thanks Albert.</t> <t>Added Alvaro textports.</t> <t indent="0">Because congestion control is critical tobe more clear about IANA actions.</t> </list></t> </section> <section title="Changesthe stable operation of the Internet, applications and other protocols that choose todraft-ietf-lisp-rfc6833bis-15"> <t><list style="symbols"> <t>Posted mid-September 2018.</t> <t>Changesuse UDP as an Internet transport must employ mechanisms toreflect comments from Colinprevent congestion collapse andMirja.</t> </list></t> </section> <section title="Changestodraft-ietf-lisp-rfc6833bis-14"> <t><list style="symbols"> <t>Posted September 2018.</t> <t>Changesestablish some degree of fairness with concurrent traffic. They may also need toreflect comments from Genart, RTGarea, and Secdir reviews.</t> </list></t> </section> <section title="Changesimplement additional mechanisms, depending on how they use UDP.</t> <t indent="0">Some guidance is also applicable todraft-ietf-lisp-rfc6833bis-13"> <t><list style="symbols"> <t>Posted August 2018.</t> <t>Final editorial changes beforethe design of other protocols (e.g., protocols layered directly on IP or via IP-based tunnels), especially when these protocols do not themselves provide congestion control.</t> <t indent="0">This document obsoletes RFCsubmission5405 and adds guidelines forProposed Standard.</t> <t>Added section "Changes since RFC 6833" so implementators are informedmulticast UDP usage.</t> </abstract> </front> <seriesInfo name="BCP" value="145"/> <seriesInfo name="RFC" value="8085"/> <seriesInfo name="DOI" value="10.17487/RFC8085"/> </reference> <reference anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8126" quoteTitle="true" derivedAnchor="RFC8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <author fullname="M. Cotton" initials="M." surname="Cotton"/> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <author fullname="T. Narten" initials="T." surname="Narten"/> <date month="June" year="2017"/> <abstract> <t indent="0">Many protocols make use ofany changes since the last RFC publication.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-12"> <t><list style="symbols"> <t>Posted late July 2018.</t> <t>Moved RFC6830bis and RFC6834bis to Normative References.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-11"> <t><list style="symbols"> <t>Posted July 2018.</t> <t>Fixed Luigi editorial commentspoints of extensibility that use constants toready draft for RFC statusidentify various protocol parameters. To ensure that the values in these fields do not have conflicting uses andran through IDNITs again.</t> </list></t> </section> <section title="Changestodraft-ietf-lisp-rfc6833bis-10"> <t><list style="symbols"> <t>Posted after LISP WG atpromote interoperability, their allocations are often coordinated by a central record keeper. For IETFweek March.</t> <t>Move AD field encoding after S-bit inprotocols, that role is filled by theECM packet format description section.</t> <t>Say more about whenInternet Assigned Numbers Authority (IANA).</t> <t indent="0">To make assignments in a given registry prudently, guidance describing the conditions under which newDrop actionsvalues should besent.</t> </list></t> </section> <section title="Changesassigned, as well as when and how modifications todraft-ietf-lisp-rfc6833bis-09"> <t><list style="symbols"> <t>Posted March IETF week 2018.</t> <t>Fixed editorial comments submitted byexisting values can be made, is needed. This documentshepherd Luigi Iannone.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-08"> <t><list style="symbols"> <t>Posted March 2018.</t> <t>Added RLOC-probing algorithm.</t> <t>Added Solicit-Map Request algorithm.</t> <t>Added several mechanisms (from 6830bis) regarding Routing Locator Reachability.</t> <t>Added port 4342defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerationssection.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-07"> <t><list style="symbols"> <t>Posted December 2017.</t> <t>Make it moreis clear and addresses the various issues that are likely in the operation of acoupleregistry.</t> <t indent="0">This is the third edition ofplacesthis document; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference> <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" quoteTitle="true" derivedAnchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <date month="May" year="2017"/> <abstract> <t indent="0">RFC 2119 specifies common key words thatRLOCs aremay be used in protocol specifications. This document aims tolocate ETRs more so than for Map-Server Map-Request forwarding.</t> <t>Make it clearreduce the ambiguity by clarifying that"encapsualted"only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC9300" target="https://www.rfc-editor.org/info/rfc9300" quoteTitle="true" derivedAnchor="RFC9300"> <front> <title>The Locator/ID Separation Protocol (LISP)</title> <author initials="D" surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true"/> </author> <author initials="V" surname="Fuller" fullname="Vince Fuller"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Meyer" fullname="David Meyer"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Lewis" fullname="Darrel Lewis"> <organization showOnFrontPage="true"/> </author> <author initials="A" surname="Cabellos" fullname="Albert Cabellos" role="editor"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9300"/> <seriesInfo name="DOI" value="10.17487/RFC9300"/> </reference> <reference anchor="RFC9302" target="https://www.rfc-editor.org/info/rfc9302" quoteTitle="true" derivedAnchor="RFC9302"> <front> <title>Locator/ID Separation Protocol (LISP) Map-Versioning</title> <author initials="L" surname="Iannone" fullname="Luigi Iannone"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Saucez" fullname="Damien Saucez"> <organization showOnFrontPage="true"/> </author> <author initials="O" surname="Bonaventure" fullname="Olivier Bonaventure"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9302"/> <seriesInfo name="DOI" value="10.17487/RFC9302"/> </reference> <reference anchor="RFC9303" target="https://www.rfc-editor.org/info/rfc9303" quoteTitle="true" derivedAnchor="RFC9303"> <front> <title>Locator/ID Separation Protocol Security (LISP-SEC)</title> <author initials="F" surname="Maino" fullname="Fabio Maino"> <organization showOnFrontPage="true"/> </author> <author initials="V" surname="Ermagan" fullname="Vina Ermagan"> <organization showOnFrontPage="true"/> </author> <author initials="A" surname="Cabellos" fullname="Albert Cabellos"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Saucez" fullname="Damien Saucez"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9303"/> <seriesInfo name="DOI" value="10.17487/RFC9303"/> </reference> <reference anchor="RFC9304" target="https://www.rfc-editor.org/info/rfc9304" quoteTitle="true" derivedAnchor="RFC9304"> <front> <title>Locator/ID Separation Protocol (LISP): Shared Extension Message and IANA Registry for Packet Type Allocations</title> <author initials="M" surname="Boucadair" fullname="Mohamed Boucadair"> <organization showOnFrontPage="true"/> </author> <author initials="C" surname="Jacquenet" fullname="Christian Jacquenet"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9304"/> <seriesInfo name="DOI" value="10.17487/RFC9304"/> </reference> </references> <references pn="section-13.2"> <name slugifiedName="name-informative-references">Informative References</name> <reference anchor="AFN" target="http://www.iana.org/assignments/address-family-numbers/" quoteTitle="true" derivedAnchor="AFN"> <front> <title>Address Family Numbers</title> <author> <organization showOnFrontPage="true">IANA</organization> </author> </front> </reference> <reference anchor="I-D.ietf-lisp-ecdsa-auth" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-lisp-ecdsa-auth-09" derivedAnchor="ECDSA-AUTH"> <front> <title>LISP Control-Plane ECDSA Authentication and Authorization</title> <author initials="D." surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> </author> <author initials="E." surname="Nordmark" fullname="Erik Nordmark"> <organization showOnFrontPage="true">Zededa</organization> </author> <date month="September" day="11" year="2022"/> <abstract> <t indent="0"> This draft describes how LISP control-plane messages can be individually authenticated and authorized without acontrol messagea priori shared- key configuration. Public-key cryptography isan ECM based message.</t> <t>Make it more clear what messagesused with no new PKI infrastructure required. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lisp-ecdsa-auth-09"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-lisp-ecdsa-auth-09.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="I-D.ietf-lisp-eid-anonymity" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-lisp-eid-anonymity-13" derivedAnchor="EID-ANONYMITY"> <front> <title>LISP EID Anonymity</title> <author initials="D." surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> </author> <author initials="P." surname="Pillay-Esnault" fullname="Padma Pillay-Esnault"> <organization showOnFrontPage="true">Independent</organization> </author> <author initials="W." surname="Haddad" fullname="Wassim Haddad"> <organization showOnFrontPage="true">Ericsson</organization> </author> <date month="September" day="11" year="2022"/> <abstract> <t indent="0"> This specification will describe how ephemeral LISP EIDs can be used to create source anonymity. The idea makes usesource-port 4342of frequently changing EIDs much like how a credit-card system uses a different credit-card numbers for each transaction. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lisp-eid-anonymity-13"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-lisp-eid-anonymity-13.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="EID-MOBILITY" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-lisp-eid-mobility-10" derivedAnchor="EID-MOBILITY"> <front> <title>LISP L2/L3 EID Mobility Using a Unified Control Plane</title> <author initials="M" surname="Portoles" fullname="Marc Portoles Comeras"> <organization showOnFrontPage="true">Cisco Systems</organization> </author> <author initials="V" surname="Ashtaputre" fullname="Vrushali Ashtaputre"> <organization showOnFrontPage="true">Cisco Systems</organization> </author> <author initials="F" surname="Maino" fullname="Fabio Maino"> <organization showOnFrontPage="true">Cisco Systems</organization> </author> <author initials="V" surname="Moreno" fullname="Victor Moreno"> <organization showOnFrontPage="true">Google LLC</organization> </author> <author initials="D" surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> </author> <date month="July" day="10" year="2022"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lisp-eid-mobility-10"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="GTP-3GPP" target="https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1699" quoteTitle="true" derivedAnchor="GTP-3GPP"> <front> <title>General Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U)</title> <author> <organization showOnFrontPage="true">3GPP</organization> </author> <date month="June" year="2022"/> </front> <refcontent>TS.29.281</refcontent> </reference> <reference anchor="I-D.herbert-intarea-ila" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-herbert-intarea-ila-01" derivedAnchor="INTAREA-ILA"> <front> <title>Identifier-locator addressing for IPv6</title> <author initials="T." surname="Herbert" fullname="Tom Herbert"> <organization showOnFrontPage="true">Quantonium</organization> </author> <author initials="P." surname="Lapukhov" fullname="Petr Lapukhov"> <organization showOnFrontPage="true">Facebook</organization> </author> <date month="March" day="5" year="2018"/> <abstract> <t indent="0"> This specification describes identifier-locator addressing (ILA) for IPv6. Identifier-locator addressing differentiates between location and identity of a network node. Part of an address expresses the immutable identity of the node, and another part indicates the location of the node whichonescan be dynamic. Identifier-locator addressing can be used to efficiently implement overlay networks for network virtualization as well as solutions for usedestinatino-port 4342.</t> <t>Don't make DDT references when the mapping transport systemcases in mobility. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-herbert-intarea-ila-01"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-herbert-intarea-ila-01.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="I-D.ietf-lisp-mn" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-lisp-mn-12" derivedAnchor="LISP-MN"> <front> <title>LISP Mobile Node</title> <author initials="D." surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> </author> <author initials="D." surname="Lewis" fullname="Darrel Lewis"> <organization showOnFrontPage="true">cisco Systems</organization> </author> <author initials="D." surname="Meyer" fullname="David Meyer"> <organization showOnFrontPage="true">1-4-5.net</organization> </author> <author initials="C." surname="White" fullname="Chris White"> <organization showOnFrontPage="true">Logical Elegance</organization> </author> <date month="July" day="24" year="2022"/> <abstract> <t indent="0"> This document describes how a lightweight version of LISP's ITR/ETR functionality can be used to provide seamless mobility to a mobile node. The LISP Mobile Node design described in this document uses standard LISP functionality to provide scalable mobility for LISP mobile nodes. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lisp-mn-12"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-lisp-mn-12.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="I-D.ietf-lisp-pubsub" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-lisp-pubsub-09" derivedAnchor="LISP-PUBSUB"> <front> <title>Publish/Subscribe Functionality for LISP</title> <author initials="A." surname="Rodriguez-Natal" fullname="Alberto Rodriguez-Natal"> <organization showOnFrontPage="true">Cisco</organization> </author> <author initials="V." surname="Ermagan" fullname="Vina Ermagan"> <organization showOnFrontPage="true">Google</organization> </author> <author initials="A." surname="Cabellos-Aparicio" fullname="Albert Cabellos-Aparicio"> <organization showOnFrontPage="true">UPC/BarcelonaTech</organization> </author> <author initials="S." surname="Barkai" fullname="Sharon Barkai"> <organization showOnFrontPage="true">Nexar</organization> </author> <author initials="M." surname="Boucadair" fullname="Mohamed Boucadair"> <organization showOnFrontPage="true">Orange</organization> </author> <date month="June" day="28" year="2021"/> <abstract> <t indent="0"> This document specifies an extension to the Request/Reply based LISP Control Plane to enable Publish/Subscribe (PubSub) operation. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lisp-pubsub-09"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-lisp-pubsub-09.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="NVO3-VXLAN-GPE" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-nvo3-vxlan-gpe-12" derivedAnchor="NVO3-VXLAN-GPE"> <front> <title>Generic Protocol Extension for VXLAN (VXLAN-GPE)</title> <author initials="F" surname="Maino" fullname="Fabio Maino" role="editor"> <organization showOnFrontPage="true"/> </author> <author initials="L" surname="Kreeger" fullname="Larry Kreeger" role="editor"> <organization showOnFrontPage="true"/> </author> <author initials="U" surname="Elzur" fullname="Uri Elzur" role="editor"> <organization showOnFrontPage="true"/> </author> <date month="September" day="22" year="2021"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-nvo3-vxlan-gpe-12"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="I-D.ietf-opsec-icmp-filtering" quoteTitle="true" target="https://datatracker.ietf.org/doc/html/draft-ietf-opsec-icmp-filtering-04" derivedAnchor="OPSEC-ICMP-FILTER"> <front> <title>Recommendations for filtering ICMP messages</title> <author initials="F." surname="Gont" fullname="Fernando Gont"> <organization showOnFrontPage="true">UTN/FRH</organization> </author> <author initials="G." surname="Gont" fullname="Guillermo Gont"> <organization showOnFrontPage="true">SI6 Networks</organization> </author> <author initials="C." surname="Pignataro" fullname="Carlos Pignataro"> <organization showOnFrontPage="true">Cisco</organization> </author> <date month="July" day="3" year="2013"/> <abstract> <t indent="0"> This document document provides advice on the filtering ofany typeICMPv4 and ICMPv6 messages. Additionaly, it discusses thereferneced textoperational and interoperability implications of such filtering. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-opsec-icmp-filtering-04"/> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-opsec-icmp-filtering-04.txt"/> <refcontent>Work in Progress</refcontent> </reference> <reference anchor="RFC1035" target="https://www.rfc-editor.org/info/rfc1035" quoteTitle="true" derivedAnchor="RFC1035"> <front> <title>Domain names - implementation and specification</title> <author fullname="P. Mockapetris" initials="P." surname="Mockapetris"/> <date month="November" year="1987"/> <abstract> <t indent="0">This RFC isgeneral to it.</t> <t>Generalize text when referring tothe revised specification of the protocol and format used in the implementation ofan EID-prefix. Can use othe AFIs then IPv4the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication.</t> </abstract> </front> <seriesInfo name="STD" value="13"/> <seriesInfo name="RFC" value="1035"/> <seriesInfo name="DOI" value="10.17487/RFC1035"/> </reference> <reference anchor="RFC1071" target="https://www.rfc-editor.org/info/rfc1071" quoteTitle="true" derivedAnchor="RFC1071"> <front> <title>Computing the Internet checksum</title> <author fullname="R.T. Braden" initials="R.T." surname="Braden"/> <author fullname="D.A. Borman" initials="D.A." surname="Borman"/> <author fullname="C. Partridge" initials="C." surname="Partridge"/> <date month="September" year="1988"/> <abstract> <t indent="0">This RFC summarizes techniques andIPv6.</t> <t>Many editorial changes to clarify text.</t> <t>Changed some "must", "should",algorithms for efficiently computing the Internet checksum. It is not a standard, but a set of useful implementation techniques.</t> </abstract> </front> <seriesInfo name="RFC" value="1071"/> <seriesInfo name="DOI" value="10.17487/RFC1071"/> </reference> <reference anchor="RFC2890" target="https://www.rfc-editor.org/info/rfc2890" quoteTitle="true" derivedAnchor="RFC2890"> <front> <title>Key and"may"Sequence Number Extensions tocapitalized.</t> <t>Added definitions for Map-RequestGRE</title> <author fullname="G. Dommety" initials="G." surname="Dommety"/> <date month="September" year="2000"/> <abstract> <t indent="0">This document describes extensions by which two fields, Key andMap-Reply messages.</t> <t>RanSequence Number, can be optionally carried in the GRE Header. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="2890"/> <seriesInfo name="DOI" value="10.17487/RFC2890"/> </reference> <reference anchor="RFC4984" target="https://www.rfc-editor.org/info/rfc4984" quoteTitle="true" derivedAnchor="RFC4984"> <front> <title>Report from the IAB Workshop on Routing and Addressing</title> <author fullname="D. Meyer" initials="D." role="editor" surname="Meyer"/> <author fullname="L. Zhang" initials="L." role="editor" surname="Zhang"/> <author fullname="K. Fall" initials="K." role="editor" surname="Fall"/> <date month="September" year="2007"/> <abstract> <t indent="0">This documentthrough IDNITs.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-06"> <t><list style="symbols"> <t>Postedreports the outcome of the Routing and Addressing Workshop that was held by the Internet Architecture Board (IAB) on October2017.</t> <t>Spec18-19, 2006, in Amsterdam, Netherlands. The primary goal of theI-bitworkshop was to develop a shared understanding of the problems that the large backbone operators are facing regarding the scalability of today's Internet routing system. The key workshop findings include an analysis of thexTR-IDmajor factors that are driving routing table growth, constraints ina Map-Request messagerouter technology, and the limitations of today's Internet addressing architecture. It is hoped that these findings will serve as input tobe consistent withtheMap-Register messageIETF community andto anticipatehelp identify next steps towards effective solutions.</t> <t indent="0">Note that this document is a report on theintroductionproceedings ofpubsub functionalitythe workshop. The views and positions documented in this report are those of the workshop participants and not of the IAB. Furthermore, note that work on issues related toallow Map-Requeststhis workshop report is continuing, and this document does not intend tosubscribereflect the increased understanding of issues nor toRLOC-set changes.</t> <t>Updated references for individual submissionsdiscuss the range of potential solutions thatbecame working group documents.</t> <t>Updated referencesmay be the outcome of this ongoing work. This memo provides information forworking group documentsthe Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="4984"/> <seriesInfo name="DOI" value="10.17487/RFC4984"/> </reference> <reference anchor="RFC6830" target="https://www.rfc-editor.org/info/rfc6830" quoteTitle="true" derivedAnchor="RFC6830"> <front> <title>The Locator/ID Separation Protocol (LISP)</title> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="V. Fuller" initials="V." surname="Fuller"/> <author fullname="D. Meyer" initials="D." surname="Meyer"/> <author fullname="D. Lewis" initials="D." surname="Lewis"/> <date month="January" year="2013"/> <abstract> <t indent="0">This document describes a network-layer-based protocol thatbecame RFCs.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-05"> <t><list style="symbols"> <t>Posted May 2017.</t> <t>Update IANA Considerations section based onenables separation of IP addresses into two newrequests from this documentnumbering spaces: Endpoint Identifiers (EIDs) and Routing Locators (RLOCs). No changesfrom what was requested in <xref target="RFC6830"/>.</t> </list></t> </section> <section title="Changesare required to either host protocol stacks or todraft-ietf-lisp-rfc6833bis-04"> <t><list style="symbols"> <t>Posted May 2017.</t> <t>Clarify howtheKey-ID field is used in Map-Register and Map-Notify messages. Break"core" of the16-bit field intoInternet infrastructure. The Locator/ID Separation Protocol (LISP) can be incrementally deployed, without a8-bit Key-ID field"flag day", anda 8-bit Algorithm-ID field.</t> <t>Move the Control-Plane codepoints from the IANA Considerations section of RFC6830bisoffers Traffic Engineering, multihoming, and mobility benefits tothe IANA Considerations sectionearly adopters, even when there are relatively few LISP-capable sites.</t> <t indent="0">Design and development ofthis document.</t> <t>InLISP was largely motivated by the"LISP Control Packet Type Allocations" section, indicate how message Types are IANA allocatedproblem statement produced by the October 2006 IAB Routing and Addressing Workshop. This document defines an Experimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6830"/> <seriesInfo name="DOI" value="10.17487/RFC6830"/> </reference> <reference anchor="RFC6831" target="https://www.rfc-editor.org/info/rfc6831" quoteTitle="true" derivedAnchor="RFC6831"> <front> <title>The Locator/ID Separation Protocol (LISP) for Multicast Environments</title> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="D. Meyer" initials="D." surname="Meyer"/> <author fullname="J. Zwiebel" initials="J." surname="Zwiebel"/> <author fullname="S. Venaas" initials="S." surname="Venaas"/> <date month="January" year="2013"/> <abstract> <t indent="0">This document describes howexperimental RFC8113 sub-types should be requested.</t> </list></t> </section> <section title="Changes to draft-ietf-lisp-rfc6833bis-03"> <t><list style="symbols"> <t>Posted April 2017.</t> <t>Add types 9-14inter-domain multicast routing will function in an environment where Locator/ID Separation is deployed using the Locator/ID Separation Protocol (LISP) architecture. This document defines an Experimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6831"/> <seriesInfo name="DOI" value="10.17487/RFC6831"/> </reference> <reference anchor="RFC6832" target="https://www.rfc-editor.org/info/rfc6832" quoteTitle="true" derivedAnchor="RFC6832"> <front> <title>Interworking between Locator/ID Separation Protocol (LISP) andspecify theyNon-LISP Sites</title> <author fullname="D. Lewis" initials="D." surname="Lewis"/> <author fullname="D. Meyer" initials="D." surname="Meyer"/> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="V. Fuller" initials="V." surname="Fuller"/> <date month="January" year="2013"/> <abstract> <t indent="0">This document describes techniques for allowing sites running the Locator/ID Separation Protocol (LISP) to interoperate with Internet sites that may be using either IPv4, IPv6, or both but that are notassigned.</t> <t>Addrunning LISP. A fundamental property of LISP-speaking sites is that they use Endpoint Identifiers (EIDs), rather than traditional IP addresses, in the"LISP Shared Extension Message" typesource andpointdestination fields of all traffic they emit or receive. While EIDs are syntactically identical toRFC8113.</t> </list></t> </section> <section title="ChangesIPv4 or IPv6 addresses, normally routes todraft-ietf-lisp-rfc6833bis-02"> <t><list style="symbols"> <t>Posted April 2017.</t> <t>Clarify thatthem are not carried in the global routing system, so an interoperability mechanism is needed for non- LISP-speaking sites to exchange traffic with LISP-speaking sites. This document introduces three such mechanisms. The first uses a new network element, the LISPControl-PlaneProxy Ingress Tunnel Router (Proxy-ITR), to act as an intermediate LISP Ingress Tunnel Router (ITR) for non-LISP- speaking hosts. Second, this documentdefines howadds Network Address Translation (NAT) functionality to LISP ITRs and LISP Egress Tunnel Routers (ETRs) to substitute routable IP addresses for non-routable EIDs. Finally, this document introduces the Proxy Egress Tunnel Router (Proxy-ETR) to handle cases where a LISPData-Plane uses Map-Requests with eitherITR cannot send packets to non-LISP sites without encapsulation. This document defines an Experimental Protocol for theSMR-bit setInternet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6832"/> <seriesInfo name="DOI" value="10.17487/RFC6832"/> </reference> <reference anchor="RFC6836" target="https://www.rfc-editor.org/info/rfc6836" quoteTitle="true" derivedAnchor="RFC6836"> <front> <title>Locator/ID Separation Protocol Alternative Logical Topology (LISP+ALT)</title> <author fullname="V. Fuller" initials="V." surname="Fuller"/> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="D. Meyer" initials="D." surname="Meyer"/> <author fullname="D. Lewis" initials="D." surname="Lewis"/> <date month="January" year="2013"/> <abstract> <t indent="0">This document describes a simple distributed index system to be used by a Locator/ID Separation Protocol (LISP) Ingress Tunnel Router (ITR) or Map-Resolver (MR) to find theP-bit set supporting mapping updates and RLOC-probing. IndicatingEgress Tunnel Router (ETR) thatother Data-Planes can useholds thesame mechanisms or their own defined mechanismsmapping information for a particular Endpoint Identifier (EID). The MR can then query that ETR toachieveobtain thesame functionality.</t> </list></t> </section> <section title="Changesactual mapping information, which consists of a list of Routing Locators (RLOCs) for the EID. Termed the Alternative Logical Topology (ALT), the index is built as an overlay network on the public Internet using the Border Gateway Protocol (BGP) and Generic Routing Encapsulation (GRE). This document defines an Experimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6836"/> <seriesInfo name="DOI" value="10.17487/RFC6836"/> </reference> <reference anchor="RFC6837" target="https://www.rfc-editor.org/info/rfc6837" quoteTitle="true" derivedAnchor="RFC6837"> <front> <title>NERD: A Not-so-novel Endpoint ID (EID) todraft-ietf-lisp-rfc6833bis-01"> <t><list style="symbols"> <t>Posted March 2017.</t> <t>Include referencesRouting Locator (RLOC) Database</title> <author fullname="E. Lear" initials="E." surname="Lear"/> <date month="January" year="2013"/> <abstract> <t indent="0">The Locator/ID Separation Protocol (LISP) is a protocol tonew RFCs published.</t> <t>Remove referencesencapsulate IP packets in order toself.</t> <t>Change references from RFC6830allow end sites toRFC6830bis.</t> <t>Add two new action/reasonsroute to one another without injecting routes from one end of the Internet to another. This memo presents an experimental database and aMap-Reply has posteddiscussion of methods to transport theLISP WG mailing list.</t> <t>In intro section, add refernece to I-D.ietf-lisp-introduction.</t> <t>Removed Open Issues section and referencesmapping of Endpoint IDs (EIDs) to"experimental".</t> </list></t> </section> <section title="ChangesRouting Locators (RLOCs) todraft-ietf-lisp-rfc6833bis-00"> <t><list style="symbols"> <t>Posted December 2016.</t> <t>Created working group document from draft-farinacci-lisp -rfc6833-00 individual submission. No other changes made.</t> </list></t> </section> <section title="Changesrouters in a reliable, scalable, and secure manner. Our analysis concludes that transport of all EID-to- RLOC mappings scales well todraft-farinacci-lisp-rfc6833bis-00"> <t><list style="symbols"> <t>Posted November 2016.</t> <t>This isat least 10^8 entries. This document defines an Experimental Protocol for theinitial draftInternet community.</t> </abstract> </front> <seriesInfo name="RFC" value="6837"/> <seriesInfo name="DOI" value="10.17487/RFC6837"/> </reference> <reference anchor="RFC6973" target="https://www.rfc-editor.org/info/rfc6973" quoteTitle="true" derivedAnchor="RFC6973"> <front> <title>Privacy Considerations for Internet Protocols</title> <author fullname="A. Cooper" initials="A." surname="Cooper"/> <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/> <author fullname="B. Aboba" initials="B." surname="Aboba"/> <author fullname="J. Peterson" initials="J." surname="Peterson"/> <author fullname="J. Morris" initials="J." surname="Morris"/> <author fullname="M. Hansen" initials="M." surname="Hansen"/> <author fullname="R. Smith" initials="R." surname="Smith"/> <date month="July" year="2013"/> <abstract> <t indent="0">This document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims toturn RFC 6833 intomake designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC6833bis.</t> <t>Thewarrants a specific privacy considerations section will depend on the document's content.</t> </abstract> </front> <seriesInfo name="RFC" value="6973"/> <seriesInfo name="DOI" value="10.17487/RFC6973"/> </reference> <reference anchor="RFC7348" target="https://www.rfc-editor.org/info/rfc7348" quoteTitle="true" derivedAnchor="RFC7348"> <front> <title>Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks</title> <author fullname="M. Mahalingam" initials="M." surname="Mahalingam"/> <author fullname="D. Dutt" initials="D." surname="Dutt"/> <author fullname="K. Duda" initials="K." surname="Duda"/> <author fullname="P. Agarwal" initials="P." surname="Agarwal"/> <author fullname="L. Kreeger" initials="L." surname="Kreeger"/> <author fullname="T. Sridhar" initials="T." surname="Sridhar"/> <author fullname="M. Bursell" initials="M." surname="Bursell"/> <author fullname="C. Wright" initials="C." surname="Wright"/> <date month="August" year="2014"/> <abstract> <t indent="0">This documentname has changed fromdescribes Virtual eXtensible Local Area Network (VXLAN), which is used to address the need for overlay networks within virtualized data centers accommodating multiple tenants. The scheme and the related protocols can be used in networks for cloud service providers and enterprise data centers. This memo documents the"Locator/IDdeployed VXLAN protocol for the benefit of the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="7348"/> <seriesInfo name="DOI" value="10.17487/RFC7348"/> </reference> <reference anchor="RFC7835" target="https://www.rfc-editor.org/info/rfc7835" quoteTitle="true" derivedAnchor="RFC7835"> <front> <title>Locator/ID Separation Protocol (LISP)Map-Server Interface" toThreat Analysis</title> <author fullname="D. Saucez" initials="D." surname="Saucez"/> <author fullname="L. Iannone" initials="L." surname="Iannone"/> <author fullname="O. Bonaventure" initials="O." surname="Bonaventure"/> <date month="April" year="2016"/> <abstract> <t indent="0">This document provides a threat analysis of the"Locator/IDLocator/ID Separation Protocol (LISP).</t> </abstract> </front> <seriesInfo name="RFC" value="7835"/> <seriesInfo name="DOI" value="10.17487/RFC7835"/> </reference> <reference anchor="RFC8060" target="https://www.rfc-editor.org/info/rfc8060" quoteTitle="true" derivedAnchor="RFC8060"> <front> <title>LISP Canonical Address Format (LCAF)</title> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="D. Meyer" initials="D." surname="Meyer"/> <author fullname="J. Snijders" initials="J." surname="Snijders"/> <date month="February" year="2017"/> <abstract> <t indent="0">This document defines a canonical address format encoding used in Locator/ID Separation Protocol (LISP)Control-Plane".</t> <t>The fundamental change was to move the Control-Planecontrol messagesfrom RFC 6830 to this documentand inan effort so any IETF developed or industry createdthe encoding of lookup keys for the LISP Mapping Database System.</t> </abstract> </front> <seriesInfo name="RFC" value="8060"/> <seriesInfo name="DOI" value="10.17487/RFC8060"/> </reference> <reference anchor="RFC8061" target="https://www.rfc-editor.org/info/rfc8061" quoteTitle="true" derivedAnchor="RFC8061"> <front> <title>Locator/ID Separation Protocol (LISP) Data-Planecould useConfidentiality</title> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <author fullname="B. Weis" initials="B." surname="Weis"/> <date month="February" year="2017"/> <abstract> <t indent="0">This document describes a mechanism for encrypting traffic encapsulated using the Locator/ID Separation Protocol (LISP). The design describes how key exchange is achieved using existing LISPmapping system and Control-Plane.</t> <t>Update Control-Plane messagescontrol-plane mechanisms as well as how toincorporate what has been implemented in products duringsecure theearly phaseLISP data plane from third-party surveillance attacks.</t> </abstract> </front> <seriesInfo name="RFC" value="8061"/> <seriesInfo name="DOI" value="10.17487/RFC8061"/> </reference> <reference anchor="RFC8111" target="https://www.rfc-editor.org/info/rfc8111" quoteTitle="true" derivedAnchor="RFC8111"> <front> <title>Locator/ID Separation Protocol Delegated Database Tree (LISP-DDT)</title> <author fullname="V. Fuller" initials="V." surname="Fuller"/> <author fullname="D. Lewis" initials="D." surname="Lewis"/> <author fullname="V. Ermagan" initials="V." surname="Ermagan"/> <author fullname="A. Jain" initials="A." surname="Jain"/> <author fullname="A. Smirnov" initials="A." surname="Smirnov"/> <date month="May" year="2017"/> <abstract> <t indent="0">This document describes the Locator/ID Separation Protocol Delegated Database Tree (LISP-DDT), a hierarchical distributed database that embodies the delegation of authority to provide mappings from LISPdevelopment but wasn't ableEndpoint Identifiers (EIDs) tomake it into RFC6830Routing Locators (RLOCs). It is a statically defined distribution of the EID namespace among a set of LISP-speaking servers called "DDT nodes". Each DDT node is configured as "authoritative" for one or more EID-prefixes, along with the set of RLOCs for Map-Servers or "child" DDT nodes to which more-specific EID-prefixes are delegated.</t> </abstract> </front> <seriesInfo name="RFC" value="8111"/> <seriesInfo name="DOI" value="10.17487/RFC8111"/> </reference> <reference anchor="RFC8378" target="https://www.rfc-editor.org/info/rfc8378" quoteTitle="true" derivedAnchor="RFC8378"> <front> <title>Signal-Free Locator/ID Separation Protocol (LISP) Multicast</title> <author fullname="V. Moreno" initials="V." surname="Moreno"/> <author fullname="D. Farinacci" initials="D." surname="Farinacci"/> <date month="May" year="2018"/> <abstract> <t indent="0">When multicast sources andRFC6833receivers are active at Locator/ID Separation Protocol (LISP) sites, the core network is required tomakeuse native multicast so packets can be delivered from sources to group members. When multicast is not available to connect theExperimental RFC deadline.</t> <t>Indicate there maymulticast sites together, a signal-free mechanism can benodesused to allow traffic to flow between sites. The mechanism described in this document uses unicast replication and encapsulation over the core network for the data plane and uses the LISP mapping database systemthat are not MRsso encapsulators at the source LISP multicast site can find decapsulators at the receiver LISP multicast sites.</t> </abstract> </front> <seriesInfo name="RFC" value="8378"/> <seriesInfo name="DOI" value="10.17487/RFC8378"/> </reference> <reference anchor="RFC8402" target="https://www.rfc-editor.org/info/rfc8402" quoteTitle="true" derivedAnchor="RFC8402"> <front> <title>Segment Routing Architecture</title> <author fullname="C. Filsfils" initials="C." role="editor" surname="Filsfils"/> <author fullname="S. Previdi" initials="S." role="editor" surname="Previdi"/> <author fullname="L. Ginsberg" initials="L." surname="Ginsberg"/> <author fullname="B. Decraene" initials="B." surname="Decraene"/> <author fullname="S. Litkowski" initials="S." surname="Litkowski"/> <author fullname="R. Shakir" initials="R." surname="Shakir"/> <date month="July" year="2018"/> <abstract> <t indent="0">Segment Routing (SR) leverages the source routing paradigm. A node steers a packet through an ordered list of instructions, called "segments". A segment can represent any instruction, topological or service based. A segment can have a semantic local to an SR node orMSs,global within an SR domain. SR provides a mechanism that allows a flow to be restricted to a specific topological path, while maintaining per-flow state only at the ingress node(s) to the SR domain.</t> <t indent="0">SR can be directly applied to the MPLS architecture with no change to the forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is encoded as aALT-node orstack of labels. The segment to process is on the top of the stack. Upon completion of aDDT-node.</t> <t>Include LISP-DDTsegment, the related label is popped from the stack.</t> <t indent="0">SR can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses inMap-Resolver section and explain how they maintainthe routing header. The active segment is indicated by the Destination Address (DA) of the packet. The next active segment is indicated by areferral-cache.</t> <t>Removed open issue about additional statepointer inMap-Servers. With <xref target="RFC8111"/>, Map-Servers havethesame registration statenew routing header.</t> </abstract> </front> <seriesInfo name="RFC" value="8402"/> <seriesInfo name="DOI" value="10.17487/RFC8402"/> </reference> <reference anchor="RFC9147" target="https://www.rfc-editor.org/info/rfc9147" quoteTitle="true" derivedAnchor="RFC9147"> <front> <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title> <author fullname="E. Rescorla" initials="E." surname="Rescorla"/> <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/> <author fullname="N. Modadugu" initials="N." surname="Modadugu"/> <date month="April" year="2022"/> <abstract> <t indent="0">This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, andcanmessage forgery.</t> <t indent="0">The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t> <t indent="0">This document obsoletes RFC 6347.</t> </abstract> </front> <seriesInfo name="RFC" value="9147"/> <seriesInfo name="DOI" value="10.17487/RFC9147"/> </reference> <reference anchor="RFC9299" target="https://www.rfc-editor.org/info/rfc9299" quoteTitle="true" derivedAnchor="RFC9299"> <front> <title>An Architectural Introduction to the Locator/ID Separation Protocol (LISP)</title> <author initials="A" surname="Cabellos" fullname="Albert Cabellos"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Saucez" fullname="Damien Saucez" role="editor"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9299"/> <seriesInfo name="DOI" value="10.17487/RFC9299"/> </reference> <reference anchor="RFC9305" target="https://www.rfc-editor.org/info/rfc9305" quoteTitle="true" derivedAnchor="RFC9305"> <front> <title>Locator/ID Separation Protocol (LISP) Generic Protocol Extension</title> <author initials="F" surname="Maino" fullname="Fabio Maino" role="editor"> <organization showOnFrontPage="true"/> </author> <author initials="J" surname="Lemon" fullname="Jennifer Lemon"> <organization showOnFrontPage="true"/> </author> <author initials="P" surname="Agarwal" fullname="Puneet Agarwal"> <organization showOnFrontPage="true"/> </author> <author initials="D" surname="Lewis" fullname="Darrel Lewis"> <organization showOnFrontPage="true"/> </author> <author initials="M" surname="Smith" fullname="Michael Smith"> <organization showOnFrontPage="true"/> </author> <date month="October" year="2022"/> </front> <seriesInfo name="RFC" value="9305"/> <seriesInfo name="DOI" value="10.17487/RFC9305"/> </reference> </references> </references> <section numbered="false" toc="include" removeInRFC="false" pn="section-appendix.a"> <name slugifiedName="name-acknowledgments">Acknowledgments</name> <t indent="0" pn="section-appendix.a-1">The original authors would like to thank <contact fullname="Greg Schudel"/>, <contact fullname="Darrel Lewis"/>, <contact fullname="John Zwiebel"/>, <contact fullname="Andrew Partan"/>, <contact fullname="Dave Meyer"/>, <contact fullname="Isidor Kouvelas"/>, <contact fullname="Jesper Skriver"/>, and members of the lisp@ietf.org mailing list for their feedback and helpful suggestions.</t> <t indent="0" pn="section-appendix.a-2"> Special thanks are due to <contact fullname="Noel Chiappa"/> for his extensive work and thought about caching in Map-Resolvers.</t> <t indent="0" pn="section-appendix.a-3">The current authors would like to giveMap-Resolvers complete informationa sincere thank you to the people who help put LISP on the Standards Track inms-ack Map-Referral messages.</t> <t>Make referencethe IETF. They include <contact fullname="Joel Halpern"/>, <contact fullname="Luigi Iannone"/>, <contact fullname="Deborah Brungard"/>, <contact fullname="Fabio Maino"/>, <contact fullname="Scott Bradner"/>, <contact fullname="Kyle Rose"/>, <contact fullname="Takeshi Takahashi"/>, <contact fullname="Sarah Banks"/>, <contact fullname="Pete Resnick"/>, <contact fullname="Colin Perkins"/>, <contact fullname="Mirja Kühlewind"/>, <contact fullname="Francis Dupont"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="Eric Rescorla"/>, <contact fullname="Alvaro Retana"/>, <contact fullname="Alexey Melnikov"/>, <contact fullname="Alissa Cooper"/>, <contact fullname="Suresh Krishnan"/>, <contact fullname="Alberto Rodriguez-Natal"/>, <contact fullname="Vina Ermagan"/>, <contact fullname="Mohamed Boucadair"/>, <contact fullname="Brian Trammell"/>, <contact fullname="Sabrina Tanamal"/>, and <contact fullname="John Drake"/>. The contributions they offered greatly added to the security, scale, and robustness of the LISPThreats Analysis RFC <xref target="RFC7835"/>.</t> </list></t>architecture and protocols.</t> </section> <section anchor="authors-addresses" numbered="false" removeInRFC="false" toc="include" pn="section-appendix.b"> <name slugifiedName="name-authors-addresses">Authors' Addresses</name> <author initials="D" surname="Farinacci" fullname="Dino Farinacci"> <organization showOnFrontPage="true">lispers.net</organization> <address> <postal> <city>San Jose</city> <region>CA</region> <country>United States of America</country> </postal> <email>farinacci@gmail.com</email> </address> </author> <author initials="F" surname="Maino" fullname="Fabio Maino"> <organization showOnFrontPage="true">Cisco Systems</organization> <address> <postal> <city>San Jose</city> <region>CA</region> <country>United States of America</country> </postal> <email>fmaino@cisco.com</email> </address> </author> <author initials="V" surname="Fuller" fullname="Vince Fuller"> <organization showOnFrontPage="true">vaf.net Internet Consulting</organization> <address> <email>vince.fuller@gmail.com</email> </address> </author> <author initials="A" surname="Cabellos" fullname="Albert Cabellos" role="editor"> <organization showOnFrontPage="true">Universitat Politecnica de Catalunya</organization> <address> <postal> <street>c/ Jordi Girona s/n</street> <city>Barcelona</city> <country>Spain</country> <code>08034</code> </postal> <email>acabello@ac.upc.edu</email> </address> </author> </section> </back> </rfc>