BIER WG                                                         Z. Zhang
Internet-Draft                                                 G. Mirsky
Intended status: Informational                                  Q. Xiong
Expires: January 14, 2021                                ZTE Corporation
                                                                  Y. Liu
                                                            China Mobile
                                                           July 13, 2020


                         BIER Source Protection
                 draft-zhang-bier-source-protection-01

Abstract

   This document describes the multicast source protection functions in
   Bit Index Explicit Replication BIER domain.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 14, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Zhang, et al.           Expires January 14, 2021                [Page 1]


Internet-Draft           BIER Source Protection                July 2020


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The Source Protection analysis  . . . . . . . . . . . . . . .   3
     2.1.  Node failure monitoring . . . . . . . . . . . . . . . . .   4
     2.2.  Monitoring of the Working Path for a Failure  . . . . . .   4
   3.  BFD and Ping  . . . . . . . . . . . . . . . . . . . . . . . .   6
     3.1.  BIER Ping . . . . . . . . . . . . . . . . . . . . . . . .   6
     3.2.  BIER BFD  . . . . . . . . . . . . . . . . . . . . . . . .   7
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   5.  Informative References  . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   Bit Index Explicit Replication (BIER) [RFC8279] is an architecture
   that provides multicast forwarding through a "BIER domain" without
   requiring intermediate routers to maintain any multicast related per-
   flow state.  BIER also does not require any explicit tree-building
   protocol for its operation.  A multicast data packet enters a BIER
   domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the
   BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs).

   Source Protection is not specific to the BIER environment.  Source
   Protection means that to protect the multicast source node, two or
   more ingress routers, in BIER environment, ingress routers are BFIRs,
   may be used to connect the multicast source node.  Generally, only
   one ingress router (BFIR) is selected to forward flows from multicast
   source node to egress routers, in BIER environment, egress routers
   are BFERs.  The selected BFIR may be chosen based on local policies,
   BFERs that receiving the same multicast flow may elect to use the
   same or different BFIR.  The BFIR and the path in use are referred to
   as working while all alternative available BFIRs and paths that can
   be used to receive the same multicast flow are referred to as
   protection.

   For a BFER, when either the working BFIR or the working path fails,
   the BFER can select one of protecting BFIRs to get the multicast
   flow.  The shorter the detection time is, the faster the flow
   recovers.

   This document discusses the functions that can be used in failure
   detection for multicast source protection.








Zhang, et al.           Expires January 14, 2021                [Page 2]


Internet-Draft           BIER Source Protection                July 2020


2.  The Source Protection analysis

   According to BIER architecture [RFC8279], BIER overlay protocols,
   which include MVPN [RFC8556], MLD [I-D.ietf-bier-mld], PIM
   [I-D.ietf-bier-pim-signaling], etc., are used to exchange the
   multicast flow information, so the BFER selects the UMH (Upstream
   Multicast Hop) BFIR as the ingress router, the BFIR collects the
   BFERs which want to receive the multicast flow.  BIER transport is
   used to deliver the multicast packet to the destination BFERs.  To
   ensure that the source flow protection is uninterrupted, the
   detection of a defect is at the BIER transport layer.  The switchover
   is performed at the BIER overlay layer.  When BFIR failure is
   detected, BIER overlay advertisement for BFIR re-select may be
   triggered.

   As [I-D.ietf-bess-mvpn-fast-failover] describes, the root standby
   functions defined in section 4.2 can also be used in the BIER
   environment.  About Cold Standby, Warm Standby, Hot Standby, more
   details will be added in future version.

   The most important items in source detection are failure detection
   and switchover.  Note that the failure detection includes node and
   working path failure monitoring.  Similarly, BFIR switching and BFER
   switching are included in the switchover scenario.

   The selected BFIR is referred to as Selected BFIR (S-BFIR) and the
   backup BFIR - as Backup BFIR (B-BFIR).  For simplicity, only one
   B-BFIR is considered in the following case.

                            +--------+S1+-------+
                            |                   |
                         +--v----+          +---v---+
                  +------+ BFIR1 |..........| BFIR2 +-------+
                  .      +-------+          +-------+       .
                  .                                         .
                  .                 ......                  .
                  .                                         .
                  . +-------+      +-------+      +-------+ .
                  +--|BFER1|-......-|BFER2|-......-|BFER3|--+
                    +--+----+      +---+---+      +--+----+
                       |               |             |
                       v               v             v
                       R1              R2            R3

           Figure 1: An Example of the Source Protection in BIER

   In Figure 1, a multicast source S1 is connected to BFIR1 and BFIR2.
   In some deployments, only BFIR1 advertises S1 flow information to



Zhang, et al.           Expires January 14, 2021                [Page 3]


Internet-Draft           BIER Source Protection                July 2020


   BFERs by BIER overlay protocols, such as BGP(MVPN), MLD, PIM, etc.
   All the BFERs which want to receive the S1 flow will select BFIR1 as
   the S-BFIR, BFIR2 is the B-BFIR.  In some other deployments, BFIR1
   and BFIR2 both advertise S1 flows to BFERs by BIER overlay protocols,
   and some BFERs may select BFIR1 as S-BFIR, other BFERs may select
   BFIR2 as S-BFIR, BFIR1 and BFIR2 in charge of different BFERs, and
   they are complementary B-BFIR for the BFERs.  We do not distinguish
   these two cases strictly.

2.1.  Node failure monitoring

   For example, if S1 connects BFIR1 and BFIR2 by a shared media, BFIR1
   is the selected BFIR for multicast flow forwarding that comes from
   S1, BFIR2 can monitor BFIR1 node failing by BFD session [RFC5880]
   built on the shared media.  Also, ping methods, include IPv4 ping
   [RFC0792] (when IPv4 prefix is used), LSP-Ping [RFC8029] (when mpls
   forwarding plane is built), IPv6 ping [RFC4443] (when IPv6 prefix is
   used), BIER ping [I-D.ietf-bier-ping] can also be used.  In case
   there is no shared media among S1, BFIR1 and BFIR2, BFIR2 may monitor
   BFIR1 by BFD session or any type of ping methods across the BIER
   domain, in case there is no direct connection between BFIR1 and
   BFIR2, multiple hops will be traversed.

2.2.  Monitoring of the Working Path for a Failure



























Zhang, et al.           Expires January 14, 2021                [Page 4]


Internet-Draft           BIER Source Protection                July 2020


                          +--------+S1+-------+
                          |                   |
                       +--v----+          +---v---+
                +------+ BFIR1 |..........| BFIR2 +-------+
                |      +-----+-+ <------> +-------+       |
                |            |     bfd                    |
                |         +--v---+        +------+        |
                |         | BFR1 |        | BFR2 |        |
                |       +-+---+--+-       +------+        |
                |       |     |   ......                  |
                |       |     +-----+                     |
                |       |           |                     |
                |    +--v---+     +-v----+   +------+     |
                |    | BFRx |     | BFRy |   | BFRz |     |
                |    ++-----+     ++--+--+   +------+     |
                |     |            |  |                   |
                |     |            |  +------------+      |
                |     |            |               |      |
                | +---v---+      +-v-----+      +--v----+ |
                +--|BFER1||......||BFER2||......||BFER3|--+
                  +--+----+      +---+---+      +--+----+
                     |               |             |
                     v               v             v
                     R1              R2            R3

        Figure 2: An Example of the Monitoring of the Working Path

   In the case of a node failure detection, the path between B-BFIR and
   S-BFIR may not be the same as the path traversed by the data flow.
   For example, in Figure 2, the path from BFIR1 (S-BFIR) to all the
   BFERs is different from the path between BFIR1 and BFIR2 (B-BFIR).
   If the path between BFIR2 and BFIR1 is broken, BFIR2 will detect the
   failure and consider that BFIR1 is down.  As a result, BFIR2 will
   take on the role of S-BFIR.  But the path from BFIR1 to all of the
   BFERs may be working well and is not affected by the defect between
   BFIR1 and BFIR2.  In this situation, the B-BFIR switches to S-BFIR
   unnecessarily, and potential packet loss will occur.

   There are two options to monitor the working multicast distribution
   tree in BIER:

   o  S-BFIR monitors all the BFERs;

   o  each BFER monitors the S-BFIR.

   In BIER transport environment, the monitor should be based on BIER
   forwarding.




Zhang, et al.           Expires January 14, 2021                [Page 5]


Internet-Draft           BIER Source Protection                July 2020


   When S-BFIR monitors all the related BFERs, multiple BFD sessions may
   be built between S-BFIR and each BFER.  BIER ping
   [I-D.ietf-bier-ping] can also be used.  Once S-BFIR finds that one
   BFER is lost by BFD session timeout or ping fail, S-BFIR should
   notify B-BFIR to take charge of flow forwarding for the lost BFER.

   When BFER monitors the S-BFIR, multiple BFD sessions may be built
   between S-BFIR and each BFER.  Or BIER ping [I-D.ietf-bier-ping] can
   also be used.  Once BFER finds that the S-BFIR is lost, the BFER
   should select the B-BFIR as S-BFIR as soon as possible, and the BFER
   should advertisement the UMH selection to B-BFIR as soon as possible.

   When MVPN is used as BIER overlay protocol, BFD discriminator defined
   section 3.1.6 in [I-D.ietf-bess-mvpn-fast-failover] can also be used
   to build the multipoint BFD among BFIR and BFERs.

   BIER BFD [I-D.hu-bier-bfd] can be used to reduce the number of BFD
   sessions between S-BFIR and each of BFERs.  If BIER BFD is used, only
   one multipoint BFD session will be built among S-BFIR and all the
   BFERs.

3.  BFD and Ping

   BFD and Ping can all be used in failure detection, but there are
   differences between them.  A network administrator can select the
   appropriate mechanism according to the actual network.

3.1.  BIER Ping

   [I-D.ietf-bier-ping] describes the mechanism and basic BIER OAM
   packet format that can be used to perform failure detection and
   isolation on BIER data plane without any dependency on other layers
   like the IP layer.

   In the example of Figure 1, BFER can monitor the status of BFIR and
   the path status between BFER and BFIR.  BFER1 sends the BIER Ping
   packet to BFIR1.  If BFER1 does not receive responses from BFIR1 in
   an expected period of time (may be multiplied average round-trip
   time), BFER1 will treat BFIR1 as a failed UMH, and BFER1 will select
   BFIR2 as the UMH and signal to BFIR2 to get multicast flow.

   In this example, BFER1, BFER2, and BFER3 send BIER ping packet to
   BFIR1 separately.  The timeout period MAY be set to different values
   depending on the local performance requirement on each BFER.

   In the general case of more complex BIER topology, it cannot be
   guaranteed that the path used from BFIR1 to BFER1 is the same as in
   the reverse direction, i.e., from BFER1 to BFIR1.  If that is not



Zhang, et al.           Expires January 14, 2021                [Page 6]


Internet-Draft           BIER Source Protection                July 2020


   guaranteed and the paths are not co-routed, then this method may
   produce false results, both false negative and false positive.  The
   former is when ping fails while the multicast path and flow are OK.
   The latter is when the multicast path has a defect, but ping works.
   Thus, to improve the consistency of this method of detecting a
   failure in multicast flow transport, the path that the echo request
   from BFER1 traverses to BFIR1 must be co-routed with the path that
   the monitored multicast flow traverses through the BIER domain from
   BFIR1 to BFER1.

3.2.  BIER BFD

   [I-D.hu-bier-bfd] describes the application of P2MP BFD in a BIER
   network.  And it describes the procedures for using such mode of BFD
   protocol to verify multipoint or multicast connectivity between a
   sender (BFIR) and one or more receivers (BFERs).

   In the same example, BFIR1 sends the BIER Echo request packet to
   BFERs to bootstrap a p2mp BFD session.  After BFER1, BFER2 and BFER3
   receive the Echo request packet with BFD Discriminator and the Target
   SI-Bitstring TLVs, BFERs creates the BFD session of type
   MultipointTail [RFC8562] to monitor the status of BFIR1 and the
   working path.  If BFERs have not received BFD packet from BFER1 for
   the Detection Time [RFC8562], BFER1 will treat BFIR1 as a failed UMH,
   and signal to BFIR2 to get the multicast flow.

   The timeout period on each BFER MAY be set to a different value
   depending on the local performance requirement on each BFER.  BFER
   monitors BFIR separately and selects its UMH independently from
   selections reached by other BFERs.

4.  Security Considerations

   Security considerations discussed in [RFC8279], [RFC8562],
   [I-D.ietf-bier-ping], [I-D.ietf-bess-mvpn-fast-failover] and
   [I-D.hu-bier-bfd] apply to this document.

5.  Informative References

   [I-D.hu-bier-bfd]
              Xiong, Q., Mirsky, G., hu, f., and C. Liu, "BIER BFD",
              draft-hu-bier-bfd-07 (work in progress), July 2020.

   [I-D.ietf-bess-mvpn-fast-failover]
              Morin, T., Kebler, R., and G. Mirsky, "Multicast VPN fast
              upstream failover", draft-ietf-bess-mvpn-fast-failover-10
              (work in progress), February 2020.




Zhang, et al.           Expires January 14, 2021                [Page 7]


Internet-Draft           BIER Source Protection                July 2020


   [I-D.ietf-bier-mld]
              Pfister, P., Wijnands, I., Venaas, S., Wang, C., Zhang,
              Z., and M. Stenberg, "BIER Ingress Multicast Flow Overlay
              using Multicast Listener Discovery Protocols", draft-ietf-
              bier-mld-04 (work in progress), March 2020.

   [I-D.ietf-bier-pim-signaling]
              Bidgoli, H., Xu, F., Kotalwar, J., Wijnands, I., mishra,
              m., and Z. Zhang, "PIM Signaling Through BIER Core",
              draft-ietf-bier-pim-signaling-09 (work in progress), July
              2020.

   [I-D.ietf-bier-ping]
              Nainar, N., Pignataro, C., Akiya, N., Zheng, L., Chen, M.,
              and G. Mirsky, "BIER Ping and Trace", draft-ietf-bier-
              ping-07 (work in progress), May 2020.

   [RFC0792]  Postel, J., "Internet Control Message Protocol", STD 5,
              RFC 792, DOI 10.17487/RFC0792, September 1981,
              <https://www.rfc-editor.org/info/rfc792>.

   [RFC4443]  Conta, A., Deering, S., and M. Gupta, Ed., "Internet
              Control Message Protocol (ICMPv6) for the Internet
              Protocol Version 6 (IPv6) Specification", STD 89,
              RFC 4443, DOI 10.17487/RFC4443, March 2006,
              <https://www.rfc-editor.org/info/rfc4443>.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding Detection
              (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
              <https://www.rfc-editor.org/info/rfc5880>.

   [RFC8029]  Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N.,
              Aldrin, S., and M. Chen, "Detecting Multiprotocol Label
              Switched (MPLS) Data-Plane Failures", RFC 8029,
              DOI 10.17487/RFC8029, March 2017,
              <https://www.rfc-editor.org/info/rfc8029>.

   [RFC8279]  Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A.,
              Przygienda, T., and S. Aldrin, "Multicast Using Bit Index
              Explicit Replication (BIER)", RFC 8279,
              DOI 10.17487/RFC8279, November 2017,
              <https://www.rfc-editor.org/info/rfc8279>.

   [RFC8556]  Rosen, E., Ed., Sivakumar, M., Przygienda, T., Aldrin, S.,
              and A. Dolganow, "Multicast VPN Using Bit Index Explicit
              Replication (BIER)", RFC 8556, DOI 10.17487/RFC8556, April
              2019, <https://www.rfc-editor.org/info/rfc8556>.




Zhang, et al.           Expires January 14, 2021                [Page 8]


Internet-Draft           BIER Source Protection                July 2020


   [RFC8562]  Katz, D., Ward, D., Pallagatti, S., Ed., and G. Mirsky,
              Ed., "Bidirectional Forwarding Detection (BFD) for
              Multipoint Networks", RFC 8562, DOI 10.17487/RFC8562,
              April 2019, <https://www.rfc-editor.org/info/rfc8562>.

Authors' Addresses

   Zheng Zhang
   ZTE Corporation

   Email: zzhang_ietf@hotmail.com


   Greg Mirsky
   ZTE Corporation

   Email: gregimirsky@gmail.com


   Quan Xiong
   ZTE Corporation

   Email: xiong.quan@zte.com.cn


   Yisong Liu
   China Mobile

   Email: liuyisong@chinamobile.com






















Zhang, et al.           Expires January 14, 2021                [Page 9]