]> Deprecating the Use of Router Alert in LSP Ping Juniper Networks
1133 Innovation Way Sunnyvale CA 94089 United States kireeti.ietf@gmail.com
Juniper Networks
1133 Innovation Way Sunnyvale CA 94089 United States rbonica@juniper.net
Ericsson
gregimirsky@gmail.com
Routing MPLS WG LSP ping, router alert The MPLS echo request and MPLS echo response messages, defined in RFC 8029 "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures" (usually referred to as LSP ping messages), are encapsulated in IP headers that include a Router Alert Option (RAO). The rationale for using an RAO as the exception mechanism is questionable. Furthermore, RFC 6398 identifies security vulnerabilities associated with the RAO in non-controlled environments, e.g., the case of using the MPLS echo request/reply as inter-area OAM, and recommends against its use outside of controlled environments. Therefore, this document retires the RAO for MPLS Operations, Administration, and Maintenance (OAM). It reclassifies RFC 7506 as Historic and updates RFC 8029 to remove the RAO from LSP ping message encapsulations. This document also recommends the use of an IPv6 loopback address (::1/128) and not the use of an IPv4 loopback address mapped to IPv6.
Introduction RFC 8029 - "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures" (usually referred to as LSP Ping) detects data-plane failures in MPLS Label Switched Paths (LSPs). It can operate in "ping mode" or "traceroute mode". When operating in ping mode, it checks LSP connectivity. When operating in traceroute mode, it can trace an LSP and localize failures to a particular node along an LSP. The reader is assumed be familiar with and its terminology. LSP ping defines a probe message called the "MPLS echo request". It also defines a response message called the "MPLS echo reply". Both messages are encapsulated in UDP and IP. The MPLS echo request message is further encapsulated in an MPLS label stack, except when all of the Forwarding Equivalency Classes in the stack correspond to Implicit Null labels. When operating in ping mode, LSP ping sends a single MPLS echo request message, with the MPLS TTL set to 255. This message is intended to reach the egress Label Switching Router (LSR). When operating in traceroute mode, MPLS ping sends multiple MPLS echo request messages as defined in Section 4.3 of . It manipulates the MPLS TTL so that the first message expires on the first LSR along the path and subsequent messages expire on subsequent LSRs. According to , the IP header that encapsulates an MPLS echo request message must include a Router Alert Option (RAO). Furthermore, also says that the IP header that encapsulates an MPLS echo reply message must include an RAO if the value of the Reply Mode in the corresponding MPLS echo request message is "Reply via an IPv4/IPv6 UDP packet with Router Alert". In both cases, the rationale for including an RAO is questionable. Furthermore, identifies security vulnerabilities associated with the RAO in non-controlled environments, e.g., the case of using the MPLS echo request/reply as inter-domain OAM over the public Internet, and recommends against its use outside of controlled environments, e.g., outside a single administrative domain. Therefore, this document updates RFC 8029 to retire the RAO from both LSP ping message encapsulations and reclassifies RFC 7506 as Historic.
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Router Alert for LSP Ping (RFC 8029)
MPLS Echo Request While the MPLS echo request message must traverse every node in the LSP under test, it must not traverse any other node. Specifically, the message must not be forwarded beyond the egress Label Switching Router (LSR). To achieve this, a set of the mechanisms that are used concurrently to prevent leaking MPLS echo request messages has been defined in :
  1. When the MPLS echo request message is encapsulated in IPv4, the IPv4 destination address must be chosen from the subnet 127/8. When the MPLS echo request message is encapsulated in IPv6, the IPv6 destination address must be chosen from the subnet 0:0:0:0:0:FFFF:7F00:0/104.
  2. When the MPLS echo request message is encapsulated in IPv4, the IPv4 TTL must be equal to 1. When the MPLS echo request message is encapsulated in IPv6, the IPv6 Hop Limit must be equal to 1. For further information on the encoding of the TTL/Hop Limit in an MPLS echo request message, see Section 4.3 of .
  3. When the MPLS echo request message is encapsulated in IPv4, the IPv4 header must include an RAO with the option value set to "Router shall examine packet" . When the MPLS echo request message is encapsulated in IPv6, the IPv6 header chain must include a Hop-by-hop extension header and the Hop-by-hop extension header must include an RAO with the option value set to MPLS OAM .
Currently, ALL of these are required. However, any one is sufficient to prevent forwarding the packet beyond the egress LSR. Therefore, this document changes RFC 8029 in that Requirement 3 is removed. No implementation that relies on the RAO to prevent packets from being forwarded beyond the egress LSR have been reported to the MPLS working group.
MPLS Echo Reply An LSP ping replies to the MPLS echo request message with an MPLS echo reply message. Four reply modes are defined in :
  1. Do not reply
  2. Reply via an IPv4/IPv6 UDP packet
  3. Reply via an IPv4/IPv6 UDP packet with Router Alert
  4. Reply via application-level control channel
The rationale for mode 3 is questionable, if not wholly misguided. According to RFC 8029, "If the normal IP return path is deemed unreliable, one may use 3 (Reply via an IPv4/IPv6 UDP packet with Router Alert)." However, it is not clear that the use of the RAO increases the reliability of the return path. In fact, one can argue it decreases the reliability in many instances, due to the additional burden of processing the RAO. This document changes RFC 8029 in that mode 3 is removed. No implementations of mode 3 have been reported to the MPLS working group.
Update to RFC 7506 RFC 7506 defines the IPv6 Router Alert Option for MPLS Operations, Administration, and Management. This document reclassifies RFC 7506 as Historic.
Update to RFC 8029 requires that the IPv6 Destination Address used in IP/UDP encapsulation of an MPLS echo request packet is selected from the IPv4 loopback address range mapped to IPv6. Such packets do not have the same behavior as prescribed in for an IPv4 loopback addressed packet. defines ::1/128 as the single IPv6 loopback address. Considering that, this specification updates Section 2.1 of regarding the selection of an IPv6 destination address for an MPLS echo request message as follows: OLD The 127/8 range for IPv4 and that same range embedded in an IPv4-mapped IPv6 address for IPv6 was chosen for a number of reasons. RFC 1122 allocates the 127/8 as the "Internal host loopback address" and states: "Addresses of this form MUST NOT appear outside a host." Thus, the default behavior of hosts is to discard such packets. This helps to ensure that if a diagnostic packet is misdirected to a host, it will be silently discarded. RFC 1812 states:
  • A router SHOULD NOT forward, except over a loopback interface, any packet that has a destination address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks.
This helps to ensure that diagnostic packets are never IP forwarded. The 127/8 address range provides 16M addresses allowing wide flexibility in varying addresses to exercise ECMP paths. Finally, as an implementation optimization, the 127/8 range provides an easy means of identifying possible LSP packets. NEW The 127/8 range for IPv4 was chosen for a number of reasons. RFC 1122 allocates the 127/8 as the "Internal host loopback address" and states: "Addresses of this form MUST NOT appear outside a host." Thus, the default behavior of hosts is to discard such packets. This helps to ensure that if a diagnostic packet is misdirected to a host, it will be silently discarded. RFC 1812 states:
  • A router SHOULD NOT forward, except over a loopback interface, any packet that has a destination address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks.
This helps to ensure that diagnostic packets are never IP forwarded. The 127/8 address range provides 16M addresses allowing wide flexibility in varying addresses to exercise ECMP paths. Finally, as an implementation optimization, the 127/8 range provides an easy means of identifying possible LSP packets. The IPv6 destination address for an MPLS echo request message is selected as follows:
  • For IPv6, the IPv6 loopback address ::1/128 SHOULD be used.
  • The sender of an MPLS echo request MAY select the IPv6 destination address from the 0:0:0:0:0:FFFF:7F00/104 range.
  • To exercise all paths in an ECMP environment, the entropy other than the IP destination address SHOULD be used.
END Additionally, this specification updates Section 2.2 of to replace the whole of the section with the following text: LSP Ping implementations SHOULD ignore RAO options when they arrive on incoming MPLS echo request and MPLS echo reply messages.
Backwards Compatibility LSP Ping implementations that conform to this specification SHOULD ignore RAO options when they arrive on incoming MPLS echo request and MPLS echo reply messages. However, this will not harm backwards compatibility because other mechanisms will also be in use by all legacy implementations in the messages they send and receive. of this document deprecates the IPv6 RAO value for MPLS OAM (69) in and the Reply Mode 3 ("Reply via an IPv4/IPv6 UDP packet with Router Alert") in . offers a formal description of the word "Deprecated". In this context, "Deprecated" means that the deprecated values SHOULD NOT be used in new implementations, and that deployed implementations that already use these values continue to work seamlessly.
IANA Considerations IANA is requested to mark the IPv6 RAO value of MPLS OAM (69) in as "Deprecated". IANA is also requested to mark Reply Mode 3 ("Reply via an IPv4/IPv6 UDP packet with Router Alert") in as "Deprecated".
Security Considerations The recommendations this document makes do not compromise security. In case of using IPv6 loopback address ::1/128 strengthens security for LSP Ping by using the standardized loopback address with well-defined behavior.
Acknowledgments The authors express their appreciation to Adrian Farrel and Gyan Mishra for for their suggestions that improved the readability of the document.
Normative References IPv6 Router Alert Option Values IANA n.d. Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters IANA n.d. Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures This document describes a simple and efficient mechanism to detect data-plane failures in Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs). It defines a probe message called an "MPLS echo request" and a response message called an "MPLS echo reply" for returning the result of the probe. The MPLS echo request is intended to contain sufficient information to check correct operation of the data plane and to verify the data plane against the control plane, thereby localizing faults. This document obsoletes RFCs 4379, 6424, 6829, and 7537, and updates RFC 1122. IP Router Alert Considerations and Usage The IP Router Alert Option is an IP option that alerts transit routers to more closely examine the contents of an IP packet. The Resource reSerVation Protocol (RSVP), Pragmatic General Multicast (PGM), the Internet Group Management Protocol (IGMP), Multicast Listener Discovery (MLD), Multicast Router Discovery (MRD), and General Internet Signaling Transport (GIST) are some of the protocols that make use of the IP Router Alert Option. This document discusses security aspects and usage guidelines around the use of the current IP Router Alert Option, thereby updating RFC 2113 and RFC 2711. Specifically, it provides recommendations against using the Router Alert in the end-to-end open Internet and identifies controlled environments where protocols depending on Router Alert can be used safely. It also provides recommendations about protection approaches for service providers. Finally, it provides brief guidelines for Router Alert implementation on routers. This memo documents an Internet Best Current Practice. IPv6 Router Alert Option for MPLS Operations, Administration, and Maintenance (OAM) RFC 4379 defines the MPLS Label Switched Path (LSP) Ping/Traceroute mechanism in which the Router Alert Option (RAO) MUST be set in the IP header of the MPLS Echo Request messages and may conditionally be set in the IP header of the MPLS Echo Reply messages depending on the Reply Mode used. While a generic "Router shall examine packet" Option Value is used for the IPv4 RAO, there is no generic RAO value defined for IPv6 that can be used. This document allocates a new, generic IPv6 RAO value that can be used by MPLS Operations, Administration, and Maintenance (OAM) tools, including the MPLS Echo Request and MPLS Echo Reply messages for MPLS in IPv6 environments. Consequently, it updates RFC 4379. The initial motivation to request an IPv6 RAO value for MPLS OAM comes from the MPLS LSP Ping/Traceroute. However, this value is applicable to all MPLS OAM and not limited to MPLS LSP Ping/ Traceroute. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. IP Version 6 Addressing Architecture This specification defines the addressing architecture of the IP Version 6 (IPv6) protocol. The document includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses. This document obsoletes RFC 3513, "IP Version 6 Addressing Architecture". [STANDARDS-TRACK] Requirements for Internet Hosts - Communication Layers This RFC is an official specification for the Internet community. It incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to hosts. [STANDARDS-TRACK] Guidelines for Writing an IANA Considerations Section in RFCs Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226.