L3VPN P. Kurapati Internet-Draft M. Rodrigues Intended status: Standards Track K. Windisch Expires: November 25, 2013 Juniper Networks S. Asif AT&T LABS May 24, 2013 Dynamic RP encodings in BGP based MVPNs draft-kurapati-dynamicrp-bgpmvpn-00.txt Abstract PIM Group-to-RP mappings are distributed dynamically using protocols such as BSR or Auto-RP. The BGP-MVPN specification provides for this information to be encapsulated in an I-PMSI or S-PMSI provider tunnel between the PEs in an MVPN environment. Since this is control information, it is desirable to signal this information in BGP between PEs, similar to carrying other customer control state such as C-Multicast routes. This document specifies the mechanisms and procedures to carry bootstrap information via BGP to provide true control and data plane separation. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 25, 2013. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Kurapati, et al. Expires November 25, 2013 [Page 1] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Unified BGP based control plane . . . . . . . . . . . . . 4 3.2. Manageability at a common provider location . . . . . . . 4 3.3. Avoiding unnecessary Provider Tunnels . . . . . . . . . . 4 4. MCAST-VPN-BSR NLRI . . . . . . . . . . . . . . . . . . . . . 5 4.1. BSR Parameters NLRI . . . . . . . . . . . . . . . . . . . 5 4.2. BSM Group Parameters NLRI . . . . . . . . . . . . . . . . 6 4.3. BSM RP Parameters NLRI . . . . . . . . . . . . . . . . . 7 4.4. BSR-BGP Path Attribute . . . . . . . . . . . . . . . . . 8 5. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 9 5.1. Handling Bootstrap messages . . . . . . . . . . . . . . . 9 5.1.1. Data for BSR Parameters Route . . . . . . . . . . . . 9 5.1.2. Fragmented BSMs . . . . . . . . . . . . . . . . . . . 10 5.1.3. Mappings arriving in different BGP UPDATES . . . . . 10 5.2. Mapping individual groups to RP . . . . . . . . . . . . . 11 5.3. Triggered BSMs by egress PE . . . . . . . . . . . . . . . 11 5.4. Reverse Path Forwarding for Dynamic RP advertisements . . 11 5.5. Interoperation with tunneled BSR . . . . . . . . . . . . 12 5.6. Route Targets for Group-to-RP mapping routes . . . . . . 13 5.7. BSR multihomed . . . . . . . . . . . . . . . . . . . . . 13 6. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 13 6.1. Originating Group-to-RP Mapping route for bootstrap messages received on a VRF . . . . . . . . . . . . . . . 13 6.2. Handling changes in BSR messages . . . . . . . . . . . . 14 Kurapati, et al. Expires November 25, 2013 [Page 2] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 6.2.1. Missing RP or Group mapping entry . . . . . . . . . . 14 6.2.2. Missing BSM . . . . . . . . . . . . . . . . . . . . . 15 6.2.3. Change of Elected BSR . . . . . . . . . . . . . . . . 16 6.3. Receiving Group-to-RP Mapping routes for BSR . . . . . . 17 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 10.1. Normative Reference . . . . . . . . . . . . . . . . . . 18 10.2. Informative Reference . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction In PIM-SM [RFC4601], the Group-to-RP mapping information is distributed dynamically through methods such as BSR [RFC5059] or Auto-RP. When multicast is deployed in an VPN environment, PEs in the provider space need to carry this information transparently across its core so that CEs in all the sites can access this RP information. MVPN specification [RFC6513] defined a mechanism in section 5.3.4 where the BSR messages can be transmitted in the provider space over PMSI tunnels. However, carrying control messages like BSR in the data tunnels is not always desirable. BGP encodings in BGP-MVPN specification [RFC6514] already define mechanisms to carry C-Multicast route information in BGP. This document specifies carrying BSR Group-to-RP mapping information through BGP. Auto-RP mechanism is out of scope for this specification. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. This document uses the following terms: "MVPN" "Multicast in MPLS/BGP IP VPNs" [RFC6513] includes two different methods, BGP and PIM, for exchanging customer's multicast control information. This document only deals with BGP for exchanging the customer multicast control information. MVPN in the following sections refers to BGP-MVPN. "C-Multicast routes" MVPN customer's multicast routing information that is carried in BGP is referred in this document as C-Multicast routes. Kurapati, et al. Expires November 25, 2013 [Page 3] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 "RP-Set" RP-Set is the Group-to-RP mapping information distributed by BSR. 3. Motivation 3.1. Unified BGP based control plane In BGP based MVPN, PE Auto Discovery and the exchange of PIM Join/ Prune state, are a part of the customer multicast control plane and are accomplished via advertisements of BGP MVPN NLRI. BSR/Auto-RP protocols also carry a type of customer multicast control information. Carrying them in BGP is not only logical but also gives a unified BGP based control plane to carry all the Customer space control messages. 3.2. Manageability at a common provider location A provider of MVPN services would be interested to know the customer's RP topology and the detailed mappings. This information will be critical for operations to troubleshoot and/or manage customer's multicast deployments. Like the C-Multicast routes, obtaining this information at a centralized location like a BGP Route-Reflector is desired. In the current MVPN specifications, if a provider wants such information, it needs to be obtained from the customer VRFs on all PE's importing these customer VRF's. More so, obtaining this information on each PE through intervals is prone to information lost between intervals, especially with soft-state control protocols like PIM. Since the RP-Set information is not a control message passed through BGP, obtaining this information is not possible through BGP Route Reflector. 3.3. Avoiding unnecessary Provider Tunnels With the current specification, the RP-Set is carried via PMSI tunnels. There may be deployments which uses only S-PMSI. Carrying BSR information through S-PMSI implies creating tunnels just to carry control information. Also, if the BSR is located at the receiver- only site, an S-PMSI tunnel needs to be created with the PE at receiver site as root. This PE needs to create an S-PMSI tunnel with bursty source just for distributing control message which was otherwise not required to be setup as it is a receiver-only PE. Kurapati, et al. Expires November 25, 2013 [Page 4] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 4. MCAST-VPN-BSR NLRI This document defines a new NLRI called the MCAST-VPN-BSR NLRI. The format of the MCAST-VPN-BSR NLRI is identical to what is defined in BGP-MVPN [RFC6514] +-------------------------------------+ | Route Type (1 octet) | +-------------------------------------+ | Length (1 octet) | +-------------------------------------+ | Route Type specific (variable) | +-------------------------------------+ The following 3 Route Types are defined for MCAST-VPN-BSR NLRI. 1 - BSR Parameters 2 - BSM Group parameters 3 - BSM RP Parameters The MCAST-VPN-BSR NLRI is carried in BGP [RFC4271] with an AFI of 1 or 2 and a SAFI of MCAST-VPN-BSR. In order for two BGP speakers to exchange MCAST-VPN-BSR NLRIs, they must use a BGP Capabilities Advertisement to ensure that they both are capable of properly processing such an NLRI. This is done as specified in [RFC4760], by using capability code 1 (multiprotocol BGP) with an AFI of 1 or 2 and a SAFI of MCAST-VPN-BSR. 4.1. BSR Parameters NLRI A BSR Parameters Route Type specific MCAST-VPN-BSR NLRI consists of the following: +-------------------------------------+ | RD (8 octets) | +-------------------------------------+ | len of BSR Address (1 octet) | +-------------------------------------+ | BSR Address (Variable length) | +-------------------------------------+ | Hash Mask Length (1 octet) | +-------------------------------------+ | BSR Priority (1 octet) | +-------------------------------------+ Kurapati, et al. Expires November 25, 2013 [Page 5] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 | Originating PE's IP Address | +-------------------------------------+ The RD is encoded as described in [RFC4364]. BSR Address defines the Elected/Candidate BSRs IP address extracted from the Bootstrap message. The field "len of BSR Address" determines whether it is IPv4 or IPv6. If the value is 32, the corresponding IP address is an IPv4 address. If the value is 128 it is an IPv6 address. BSR priority is a 1 octet value as defined in BSR specification [RFC5059]. Hash Mask Length is a 1 octet value which is used for RP selection by the routers running BSR. This value MUST be taken from the BSM and copied in to the BSR Parameters route by the originating router. Originating PE's IP Address field is set to the IP address that the PE places in the Global Administrator field of the VRF Route Import Extended Community of the VPN-IP routes advertised by the PE. For a given MVPN, a single such IP address MUST be used, and that same IP address MUST be used as the originating PE's IP address in all route types of the MCAST-VPN-BSR NLRI that the PE transmits. The usage and details of this NLRI is discussed in "Protocol Details" section. 4.2. BSM Group Parameters NLRI A BSM Group Parameters Route Type specific MCAST-VPN-BSR NLRI consists of the following: Kurapati, et al. Expires November 25, 2013 [Page 6] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 +-------------------------------------+ | RD (8 octets) | +-------------------------------------+ | len of BSR Address (1 octet) | +-------------------------------------+ | BSR Address (Variable length) | +-------------------------------------+ | len of Group Address (1 Octet) | +-------------------------------------+ | Group Prefix (Encoded Group format) | +-------------------------------------+ | Originating PE's IP Address | +-------------------------------------+ Group prefix can contain IPv6 or IPv4 address. Similar to RP Address, this can be determined by "len of Group Address" field. A value of 32 indicates IPv4 and 128 indicates IPv6 Group prefix. Note that the length only indicates the length of the Group address amd not the encoded group prefix. Encoded Group prefix format is defined in PIM-SM specification [RFC4601] and the same is extracted from the BSM message and is placed in this NLRI. Along with the group prefix, the encoded group format also contains important information such as 'BiDir' and Admin Scope zone which needs to be carried across to the egress PEs. The usage and details of this NLRI is discussed in "Protocol Details" section. 4.3. BSM RP Parameters NLRI A BSR RP Parameters Route Type specific MCAST-VPN-BSR NLRI consists of the following: +-------------------------------------+ | RD (8 octets) | +-------------------------------------+ | len of BSR Address (1 octet) | +-------------------------------------+ | BSR Address (Variable length) | +-------------------------------------+ | len of RP Address (1 octet) | +-------------------------------------+ | RP Address (Encoded unicast addr) | +-------------------------------------+ | len of Group Address (1 octet) | +-------------------------------------+ Kurapati, et al. Expires November 25, 2013 [Page 7] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 | Group Prefix(Encoded Group format)| +-------------------------------------+ | RP Hold Time (2 Octets) | +-------------------------------------+ | RP Priority (1 Octet) | +-------------------------------------+ | Originating PE's IP Address | +-------------------------------------+ RP Address is in Encoded unicast format as defined in PIM-SM specification [RFC4601] and the same is extracted from the BSM message and is placed in this NLRI. Hold Time is a 2 octet value in seconds, as defined in BSR specification [RFC5059]. It is a per RP value which is taken from the BSM and filled in the NLRI by the originating router. The usage and details of this NLRI is discussed in "Protocol Details" section. 4.4. BSR-BGP Path Attribute This document defines and uses a new BGP attribute called the "BSR- BGP attribute". This is an optional transitive BGP attribute. The format of this attribute is defined as follows: +-------------------------------------+ | Fragment Tag (2 Octets) | +-------------------------------------+ | Group Count (1 Octet) | +-------------------------------------+ | RP Count (1 Octet) | +-------------------------------------+ All MCAST-VPN-BSR NLRI route types carry the BSR-BGP Path attribute. However, based on the route-type the corresponding fields are set. Fragment Tag MUST be set by all 3 route types. The usage of Fragment Tag is discussed in the details section. BSR Parameters NLRI also sets the Group Count field indicating the number of Groups this BSM is carrying. RP Count is not used by the originator of BSR Parameters NLRI and SHOULD be ignored by the receiver of BSR Parameters NLRI. BSM Multicast Group Parameters NLRI sets the RP Count indicating the number of RPs that this Group carries. The Group Count for this NLRI Kurapati, et al. Expires November 25, 2013 [Page 8] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 is not set and SHOULD be ignored by the receiver of BSM MUlticast Group Parameters NLRI BSM RP parameters NLRI sets only the Fragment Tag. Group Count and RP Count fields are not set by the originator and SHOULD be ignored by the receiver of BSM RP Parameters NLRI. 5. Protocol Overview In this section, we will discuss the overview of the mechanism to carry BSR through BGP. The full specification will be discussed in the next section. The actual processing of BSR message is not changed by this specification for BSR messages sent/received on PE-CE links. i.e. the way BSR is elected based on BSM or RP selection procedure will continue to follow the BSR specification. This document only describes how the information carried in BSR is redistributed into BGP at the ingress PEs, and how the remote PEs redistribute this information from BGP back into BSR. The same applies when the PE itself is configured as C-RP or BSR for the given VRF. When the PE is C-RP, the RP advertisements are unicasted to the elected BSR based on the BSR specification. When the PE is configured as BSR for a specific MVPN VRF, it MUST originate the BSMs as it would normally do and send them towards CE facing interfaces. PE also originates MVPN-MCAST-BSR NLRIs from the RP-Set it created by virtue of being a BSR and advertises them to other remote PEs. 5.1. Handling Bootstrap messages BSR specification can be broadly classified into 3 stages: (a) BSR election (b) Candidate RP advertisements (c) Elected BSR (E-BSR) advertising the RP-Set information Candidate RP advertisements are unicasted and hence it is not necessary to carry them in PMSI tunnels or convert them into BGP routes. On the other hand, both the empty BSMs and the BSMs sent by the Elected BSRs (E-BSR) needs to be converted into BGP routes. 5.1.1. Data for BSR Parameters Route The Bootstrap Router (BSR) election is based on the Bootstrap Message (BSM) transmitted with BSR priority, by the candidate BSRs. Whenever a PE receives a BSM on a PE-CE link, it needs to originate a BSR Parameters Route with the BSR Address and Priority extracted from the BSM. The BSR election on the PEs is done based on BSR Parameters Kurapati, et al. Expires November 25, 2013 [Page 9] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 Route received. BSR Parameters Route also MUST contain the BSR-BGP Path Attribute with Fragment-Tag and "Group Count" fields set. "Group Count" is the number of Group prefixes this BSM is carrying. The "Group Count" field is not present in the original BSR specification and needs to be populated by the originating PE. The Fragment Tag field can be any locally generated unique value at the originating PE. The usage of this field is discussed in the next section. 5.1.2. Fragmented BSMs BSR specification also provides a way to deal with fragmentation such that, if number of group-to-rp mappings exceed the packet size, semantic fragmentation is performed. 'Fragment tag' in the BSM distinguishes the fragments of the same BSM. If the fragmentation boundary happens to be within a group prefix, the difference of "RP Count" and "Frag RP Cnt" in the BSM determines how many more RPs are to come. When the fragmentation boundary falls at the group prefix (i.e a group range is fit entirely into a BSM fragment), then there is no way to determine if more such fragments are coming in other BSMs. An originating PE SHOULD wait for all the fragmented BSMs to arrive before propagating the same in BGP, if it is known that more fragments are coming based on "Frag RP Cnt" value. Otherwise, the PE SHOULD start converting the mappings into BGP NLRIs and advertise the routes as soon as the first BSM is received. The receiving PE will start assembling the RP-Set based on the received Group-to-RP mapping routes and send the resulting BSM to the CE. In the event of originating PE receiving subsequent fragments of the same BSM, it MUST advertise "BSR Parameters" NLRI with change in BSR-BGP path attribute reflecting the modified "Group Count". However, the existing "BSM Group Parameters" and "BSM RP Parameters" routes are still considered valid and the new routes are to be treated as incremental routes by the egress PE. This is possible because the Fragment tag value is same for the new mappings in the subsequent fragment. The details of this are discussed in the next section. 5.1.3. Mappings arriving in different BGP UPDATES Even without fragmentation, all the Group-to-RP mappings may not fit a single BGP UPDATE message at the originating PE. The NLRIs can be split and sent into multiple BGP UPDATE messages. In such a situation, egress PEs can know whether all the mappings are recieved by using the "Group Count" and the "RP Count" in the "BSR-BGP" Path attributes present in the BSR Parameters and BSM Group Parameters NLRIs respectively. BGP Graceful Restart (GR) specification [RFC4724] also proposes End-Of-RIB marker that can be used for non GR purpose. PEs MAY use End-Of-RIB marker to indicate the completion of all the route updates to the peer. The peer to the ingress PE can be Kurapati, et al. Expires November 25, 2013 [Page 10] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 a BGP route reflector. If negotiated for the MCAST-MVPN-BSR family, a BGP peer SHOULD wait for the End-of-RIB from the peer before advertising it to the other clients. Egress PE SHOULD wait for the End-Of-RIB marker before considering the routes for BSM Group-to-RP mapping calculation and informing its corresponding CEs. 5.2. Mapping individual groups to RP For a router or management system to determine the RP mapping for an individual multicast stream, the "PIM Group-to-Rendezvous-Point Mapping" specification [RFC6226] requires that the following be evaluated in addition to any dynamic Group-to-RP mappings: source- specific multicast (SSM) group ranges, dense mode (DM) group-ranges, embedded-RP encoded in the IPv6 group address, and statically configured Group-to-RP mappings. This specific Group-to-RP mapping given by the algorithm in RFC6226 determines the RP that a router would use for joining PIM shared trees or sending PIM Register messages for individual streams. In addition to the dynamic RP group-range-to-RP mappings obtainable from BGP, a router or management system that needs to make these specific group-to-RP mapping decisions for individual streams is assumed to have knowledge of the same information required by RFC6226 as all the routers in the multicast domain. Specifically, it must know the source-specific multicast (SSM) group ranges, dense mode (DM) group-ranges, embedded-RP encoded in the IPv6 group address, and statically configured group-range-to-RP mappings. How it learns these is outside the scope of this document. 5.3. Triggered BSMs by egress PE Unlike the regular BSR implementations where the BSM is flooded, egress PE in this implementation is acting as a proxy and generating BSMs. An egress PE MUST generate BSMs periodically from the mapping information taken from the MCAST-VPN-BSR NLRIs. In addition to the periodic BSMs, whenever there is a change in BSM mapping, a triggered BSM MUST be generated which will then refresh the information on the CE. Ingress PE and egress PE may not be in sync with each other in terms of timing. Assume that periodic BSM is sent at t=0 and it received a change in BGP route with one RP withdrawn. In this case, an egress PE generates a new BSM without waiting for BS_Period to expire. There MUST however be a minimum of BS_Min_Interval time between each time a BSM is sent as noted in [RFC5059]. This will cause an extra BSM to be generated towards the CE whenever there is a change in Group-to-RP mapping in the egress PE. 5.4. Reverse Path Forwarding for Dynamic RP advertisements Kurapati, et al. Expires November 25, 2013 [Page 11] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 BSR relies on variations of Reverse Path Forwarding (RPF) to ensure that advertisement messages do not loop through the network. RPF delivery semantics must also be maintained across the BGP-MVPN service provider core for dynamic RP advertisements encoded in BGP. The BGP NLRI to be defined for dynamic RP advertisements includes a Originating PE's IP address field which can be used by PEs receiving advertisements via BGP to conduct RPF checks when handling these advertisements. When a PE receives the MCAST-VPN-BSR NLRI for a particular MVPN from some other PE, the PE accepts the message only if the 'Originating PE's IP address' field is the selected upstream PE for the IP address of the Bootstrap router. Otherwise, the PE simply discards the update. 5.5. Interoperation with tunneled BSR In order for this specification to be incrementally deployable in a network, PEs that implement this specification must be able to interoperate with PEs that do not. Such PEs that are not capable of advertising dynamic RP information in BGP will send tunneled BSR messages. For example, it is possible that a BSR router could be multihomed to multiple PEs, some of which advertise dynamic RP mappings in BGP and some of which encapsulate the native packets. In such a topology, it's possible that each of the PEs connecting the site of the BSR sender will forward the redundant advertisements for the same sender to the other PEs across the core via the different protocol mechanisms. Further, it is possible that different senders are connected to PEs with differing capabilities and unique advertisements will arrive from the core at PEs via different protocol mechanisms. In these scenarios in which there are non-capable PEs in the network, PEs sending dynamic RP advertisements via BGP may also choose to encapsulate the same advertisements as native BSR packets tunnel via the PMSIs of the BGP-MVPN for delivery to receiving PEs that are not capable of handling the dynamic RP advertisements from BGP. However, when it is known that ALL PEs are capable of dynamic RP advertisements in BGP, PEs should filter multicasted BSR messages such that they are not encapsulated in PMSI tunnels. PEs receiving dynamic RP advertisements from the service provider core must apply RPF rules to the received advertisements regardless of the mechanism of delivery. Propagation of native BSR encapsulated advertisements by receiving PEs enabled for dynamic RP advertisements in BGP should occur as if these advertisements were received from BGP, and as specified in this document. Kurapati, et al. Expires November 25, 2013 [Page 12] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 5.6. Route Targets for Group-to-RP mapping routes By default the Group-to-RP mapping routes SHOULD have the same Route Targets as the VPN-IP unicast routes towards BSR/Mapping Agent/C-RP carried in these routes. An implementation SHOULD allow to modify the default via configuration. With the use of Route Target Constraint [RFC4684], the distribution of these routes can be controlled to only those PEs who have the RT configured. 5.7. BSR multihomed When a BSR is multihomed, say to two PEs, both the PEs will originate the MCAST-VPN-BSR NLRIs. In such a case, egress PEs SHOULD take the NLRIs from the PE based on single forwarder selection procedure described in section 9.1.2 of [RFC6513]. 6. Protocol Details 6.1. Originating Group-to-RP Mapping route for bootstrap messages received on a VRF When a PE router receives a BSM message on its CE facing interface that is the RPF towards the BSR or configures an RP locally and is the elected BSR, the router will add the mappings to the local copy of Group-to-RP set. The PE router will then form BGP NLRIs as mentioned in the previous section based on the received BSR message. The PE router will determine if there were any previous advertisements from the same BSR and if there is any change in the BSM content. If the routes are already advertised and is not changed as a result of the BSR message, then the same is not re-advertised in BGP. Refer to section 3.4 of BSR specification [RFC5059] for forwarding the received BSR messages. Unless the BSR implementation requires a particular BSM to be blocked, BSR messages needs to be forwarded via BGP to the egress PEs. In the case where a new BSR has come up, it generates a BSM with empty content. In such a case, only a "BSR Parameters" route is generated by the PE with BSR address and priority fields filled. Even if the BSR which sent empty BSM is not a preferred BSR (the current EBSR is better), "BSR Parameters" NLRI MUST be generated with this BSR address and sent to the remote PEs in order to maintain consistency with the BSR implementation. The local BSR implementation will take care of chosing the right BSR. Kurapati, et al. Expires November 25, 2013 [Page 13] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 If a PE is rebooted or newly added, it may receive a BSM with "No- Forward" bit set or a unicasted BSM from the CE to which it formed PIM neighborship. In either case, PE MUST originate the required NLRIs from the BSM and forward the same to the remote PEs. There is no need to carry "No-Forward" bit in BGP for this scenario. As discussed in Section 5.1.2, if the BSM is fragmented and if the fragmentation boundary is at at group prefix, there is no way to tell whether more fragments will arrive. Hence, the BSR routes are advertised as soon as the BSM is received. If another BSM is received with same "Fragment Tag" field at a later time, the BSR implementation treats this as part of the same BSM that was received earlier. Hence, these BSMs are converted to the respective BSR NLRIs and advertised to the BGP peers. 6.2. Handling changes in BSR messages A PE router may need to withdraw a Group-to-RP mapping for which it has originated an advertisement based on several conditions. If a BSM is received from a CE with a holdtime of zero for the mapping, or if a local PE is BSR and an RP is unconfigured, then the advertisement MUST be withdrawn immediately. In addition, scenarios such as a BSM missing an RP mapping entry or missing BSMs entirely may necessitate withdrawal of advertised mappings. A change may also happen to a group, where a new group may get added or existing group may be removed. These needs to be propagated accordingly through BGP. 6.2.1. Missing RP or Group mapping entry Assume a scenario where a given Group prefix had 100 RPs in the received BSM from a BSR. In the next periodic update after BS_Period interval, only 99 RPs are present for that group. This can happen when an RP did not go down gracefully (i.e, it did not advertise with Hold Timer = 0). The BSR implementation on the PE will continue to keep the RP mapping until the "RP Hold Time" expires. However, this needs to be communicated via BGP. In this scenario, originating PE will continue to keep the "BSR Parameters" route unchanged. The "BSM Group Parameters" route for the respective group is re-advertised with change in the "RP Count" value in the BSR-BGP path attribute. "Fragment Tag" field in the path attribute MUST NOT be changed. Along with that, the respective "BSM RP Parameters" route (Type-3) MUST be withdrawn. Egress PE receiving a changed Type-2 route (BSM Group Parameters) MUST wait until the RP count matches before generating the BSM towards the CE with this change. In case the "End-Of-RIB" is Kurapati, et al. Expires November 25, 2013 [Page 14] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 negotiated, this check SHOULD be performed only after the "End-Of- RIB" is received. The RP will not be removed from the local group- to-rp mapping table until the RP hold time expires. BSM that is advertised towards the CE is changed to reflect the missing RP. This scenario also handles any out of sequence messages arising. For example, if Type-3 (BSM RP Parameters) withdrawal comes before the changed Type-2 (BSM Group Parameters), the RP count check would fail making the egress PE wait until the update is complete. Another scenario to consider is when a RP for a group is removed and a new RP is added. In this case, the "RP Count" remains same, but the BSM RP Parameters route (Type-3) corresponding to old RP is withdrawn, and Type-3 for new RP is advertised. Even if these two arrive in two different BGP updates, the corresponding checks at egress PE will ensure that a BSM is triggered only when the Type-3s for the group is matched with the RP count in the corresponding BSM Group Parameters route (Type-2). Consider another scenario where initially the Group Count was 100. The new BSM received has the same Group Count, but one group removed and a new group added. In this situation, an ingress PE need not generate a new "BSR Parameters" (Type-1) route since the group count did not change. For the group which was removed from the BSM, the corresponding Type-2 route and its Type-3 routes MUST be withdrawn and a new BSM Group parameters route (Type-2) route with its RP parameters route (Type-3) MUST be advertised. At the egress PE, as soon as the Type-2 withdrawal comes, all the corresponding RP entries (Type-3) are placed as inactive and MUST not be considered, irrespective of whether a withdrawal for those routes are received or not. However, PEs SHOULD keep those routes until the actual withdrawals arrive. The "Group Count" and its "RP Count" per group are to be matched before BSM is generated towards the CE. Lastly, consider a scenario where a new Group is added over the existing entries. In this case, the "BSR Parameters" route is re- advertised with modified "Group Count" value, keeping the "Fragment Tag" same. Along with that, "BSM Group Parameters" route and "BSM RP Parameters" route are generated for the new Group and RPs. Again, the egress PE MUST wait for the values to match before generating the BSM towards egress. 6.2.2. Missing BSM Like missing a particular mapping, missing an entire BSM can also happen due to several reasons. It could be that the BSR went down ungracefully or BSM is missed due to congestion. BSR specification [RFC5059] defines a timer BS_Timeout (defaults to 2*BS_Period + 10 seconds) before declaring a BSR as dead and electing a new BSR. Kurapati, et al. Expires November 25, 2013 [Page 15] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 While most of the scenarios are taken care by the local BSR implementation on the PEs, we need to handle communicating the missing BSM between the PEs through BGP. In the scenario of missing BSM, the corresponding "BSR Parameters" (Type-1) route is withdrawn, however the corresponding "BSM Group Parameters" route (Type-2) and "BSM RP Parameters" route (Type-3) entries MUST NOT be withdrawn by the ingress PE. Egress PE receiving a withdrawn "BSR Parameters" route (Type-1) MUST still keep the corresponding Type-2 and Type-3 entries. However, it MUST NOT advertise the BSM to the CE without the Type-1 route present. As soon as the Type-1 is withdrawn, BS_Timeout period has to be started at the egress and upon its expiry, all the Type-2 and Type-3 entries MUST be deleted. Say the egress has generated BSM at t=0. At t=1 BS_Period expired at ingress PE and ingress PE did not get the periodic BSM. So, it withdraws type-1 (BSR Parameters). Egress PE has already generated BSM just before the type-1 withdrawal was received. The egress PE skips the next periodic BSM towards the CE. But CE is "off" by BS_Period interval by now. Once the BS_Timeout expires, egress PE removes all the type-2 and type-3 entries. CEs connected to egress PE will remove the same, a whole BS_Period later. Hence, to avoid this issue, once the BS_Timeout expires,an egress PE MUST generate a new BSM towards CE with RP hold time set to "0" for all the type-2 and type-3 entries. This will make the CEs in sync with the the PEs. After generating the BSM, PE removes all the Type-2 and Type-3 entries as stated above. After the BSR is timed out (after BS_Timeout), when a new BSM comes from the same BSR, a new "Fragment Tag" MUST be generated by the ingress PE. 6.2.3. Change of Elected BSR As per the BSR specification [RFC5059], when a preferred BSM is received, the current 'Elected BSR' will transfer its state to 'Candidate BSR' and forward the received BSM. All the routers will also change the elected BSR based on the preferred BSM. When an originating PE's local bootstrap module elects a new BSR, all the old Group-to-RP mapping entries advertised by the previous BSR MUST be withdrawn. Kurapati, et al. Expires November 25, 2013 [Page 16] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 6.3. Receiving Group-to-RP Mapping routes for BSR The PEs receiving the BGP Group-to-RP Mapping route NLRIs will act as a proxy. First step is to check if the received routes are valid. If the "Fragment Tag" present in the "BSR Parameters" route does not match with the "BSM Group Parameters" (Type-2) and "BSM RP Parameters" (Type-3) routes, then those entries are considered invalid. Similarly, if the len of BSR/RP/Group Address field contains any value other than "0","32" or "128" it MUST be considered as a malformed message and MUST be discarded. The PE MUST also run a RPF check for the BSR IP address and see if the originating PE address is the router through which the BSR is reachable. If the preferred route to the BSR is through the core, RPF check is done as per the MVPN upstream multicast hop (UMH) selection described in MVPN specification [RFC6513]. If the advertising PE is not the PE matching UMH selection, or if the preferred route to the BSR is through one of the CE interfaces, the RPF check fails and the routes MUST be ignored. The receiving PE collects the Group-to-RP mapping routes per BSR IP address and makes an entry in its BSR Group-to-RP mapping table. From the Group-to-RP mapping per BSR, the egress PE forms a BSM message. In order to generate the BSM message, the PE need to construct certain fields such as Checksum which is not available in the advertised NLRIs. Unlike CE PIM routers, the PE receiving Group-to-RP mapping routes via BGP will not receive periodic soft-state refreshes of the mappings every BS_Period. The receiving PE MUST generate periodic BSMs every BS_Period as specified in the BSR RFC [RFC5059]. When there is a change in the corresponding Group-to-RP mapping routes, a fresh BSM MUST be triggered after the calculation of "Group Count" and "RP Count" matches. Egress PE MUST also ensure that there is a minimum period of BS_Min_Interval between each time a BSM is sent towards the CE as noted in BSR specification [RFC5059]. When a "BSR Parameters" (Type-1) route is received with "Group Count" as 0, the PE MUST treat it as an empty BSM. An empty BSM MUST be formed and sent to the CEs with other relevant fields populated. Other aspects of electing a BSR based on the BSR priority MUST be same as what is specified in the BSR specification [RFC5059]. 7. Security Considerations Since a BSR message allows semantic fragmentation, a message can be very big with lot of mappings there by leading to PE generating several Group-to-RP mapping route NLRIs. An implementation SHOULD be able to restrict the number of Groups and RP mappings allowed on a Kurapati, et al. Expires November 25, 2013 [Page 17] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 VRF or interface level so that the number of BGP routes generated for the mapping are controlled. 8. IANA Considerations This document defines a new NLRI, called MCAST-VPN-BSR, to be carried in BGP using multiprotocol extensions. It requires assignment of a new SAFI. This document defines a new BGP optional transitive attribute, called BSR-BGP. 9. Acknowledgments The authors would like to thank Huajin Jeng (AT&T), Jeffrey Haas (Juniper), Yakov Rekhter (Juniper) and Eric Rosen (Cisco) for their valuable review and feedback. 10. References 10.1. Normative Reference [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006. [RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", RFC 4601, August 2006. [RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, R., Patel, K., and J. Guichard, "Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs)", RFC 4684, November 2006. [RFC4724] Sangli, S., Chen, E., Fernando, R., Scudder, J., and Y. Rekhter, "Graceful Restart Mechanism for BGP", RFC 4724, January 2007. [RFC5015] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, "Bidirectional Protocol Independent Multicast (BIDIR- PIM)", RFC 5015, October 2007. [RFC5059] Bhaskar, N., Gall, A., Lingard, J., and S. Venaas, "Bootstrap Router (BSR) Mechanism for Protocol Independent Multicast (PIM)", RFC 5059, January 2008. Kurapati, et al. Expires November 25, 2013 [Page 18] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 [RFC6513] Rosen, E. and R. Aggarwal, "Multicast in MPLS/BGP IP VPNs", RFC 6513, February 2012. [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs", RFC 6514, February 2012. [RFC6515] Aggarwal, R. and E. Rosen, "IPv4 and IPv6 Infrastructure Addresses in BGP Updates for Multicast VPN", RFC 6515, February 2012. [RFC6226] Joshi, B., Kessler, A., and D. McWalter, "PIM Group-to- Rendezvous-Point Mapping", RFC 6226, May 2011. 10.2. Informative Reference [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Authors' Addresses Pavan Kurapati Juniper Networks 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA Email: kurapati@juniper.net URI: http://www.juniper.net/ Marco Rodrigues Juniper Networks 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA Email: mprodrigues@juniper.net URI: http://www.juniper.net/ Kurapati, et al. Expires November 25, 2013 [Page 19] Internet-Draft Dynamic RP encodings in BGPMVPN May 2013 Kurt Windisch Juniper Networks 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA Email: kurtw@juniper.net URI: http://www.juniper.net/ Saud Asif AT&T LABS 200 S Laurel Ave. Middletown, NJ 07748 USA Email: sasif@att.com URI: http://www.att.com/ Kurapati, et al. Expires November 25, 2013 [Page 20]