Internet-Draft | 1st nibble | June 2024 |
Kompella, et al. | Expires 14 December 2024 | [Page] |
The goal of this memo is to create a new IANA registry (called the Post-stack First Nibble registry) for the first nibble (4-bit field) immediately following an MPLS label stack. The memo offers a rationale for such a registry, describes how the registry should be managed, and provides some initial entries. Furthermore, this memo sets out some documentation requirements for registering new values. Finally, it provides some recommendations that make processing MPLS packets easier and more robust.¶
The relationship between the IANA IP Version Numbers (RFC 2780) and the Post-stack First Nibble registry is described in this document.¶
This memo, if published, would update RFC 4928.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 14 December 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
An MPLS packet consists of a label stack, an optional "post-stack header" (PSH) and an optional embedded packet (in that order). By PSH, we mean existing artifacts such as Control Words, BIER headers and the like, as well as new types of PSH being discussed by the MPLS Working Group. However, in the data plane, there are scant clues regarding the PSH, and no clue as to the type of embedded packet; this information is communicated via other means, such as the routing protocols that signal the labels in the stack. Nonetheless, in order to better handle an MPLS packet in the data plane, it is common practice for network equipment to "guess" the type of embedded packet. Such equipment may also need to process the PSH. Both of these require parsing the data after the label stack. To do this, the "first nibble" (the top four bits of the first octet following the label stack) is often used. Although some existing network devices may use such a method, it needs to be stressed that the correct interpretation of the Post-stack First Nibble (PFN) in a PSH can be made only in the context of the Label Stack Element (LSE) or group of LSEs in the preceding label stack that characterize the type of the PSH, and that any attempt to rely on the value in any other context is unreliable.¶
The semantics and usage of the first nibble are not well documented, nor are the assignments of values. This memo serves four purposes:¶
This memo introduces a requirement and a recommendation, the first building on the Section 2.1.1; the second deprecating the use of the heuristic in Section 2.1.1.1. The intent of both of these is that legacy routers continue to operate as they have, with no new problems introduced as a result of this memo. However, new implementations SHOULD follow these recommendations for a more robust operation.¶
This document, if published, would update [RFC4928] by deprecating the heuristic method for identifying the type of packet encapsulated in MPLS. This document clearly states that the type of encapsulated packet cannot be determined based on the PFN alone.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
one whose Layer 2 header declares the type to be MPLS. For Ethernet, that means the Ethertype is 0x8847 or 0x8848.¶
(of an MPLS packet) all labels (four-octet fields) after the Layer 2 header, up to and including the label with the BoS bit set ([RFC3032]).¶
the most significant four bits of the first octet following the label stack.¶
all data after the label stack, including the PFN, an optional post-stack header, and the embedded packet.¶
optional field of interest to the egress LSR (and possibly to transit LSRs). Examples include a control word or an associated channel. The PSH MUST indicate its length, so that a parser knows where the embedded packet starts.¶
all octets beyond the PSH (if any). That could be an IPv4 or IPv6 packet , an Ethernet packet (for VPLS ([RFC4761], [RFC4762]) or EVPN [RFC7432]), or some other type of Layer 2 frame [RFC4446].¶
regardless of how the deprecation is understood in other IETF documents, the interpretation in this document is that if a practice has been deprecated, that practice should not be included in the new implementations or deployed in deployments.¶
Figure 1 shows an MPLS packet with Layer 2 header X and a label stack Y ending with Label-n. Then, there are three examples of an MPLS payload. The complete MPLS packet thus would consist of [X Y A], or [X Y B], or [X Y C].¶
A. The first payload is a bare IP packet, i.e., no PSH. The PFN in this case overlaps with the IP version number.¶
B. The next payload is a bare non-IP packet; again, no PSH. The PFN here is the first nibble of the payload, whatever it happens to be.¶
C. The last example is an MPLS Payload that starts with a PSH followed by the embedded packet. Here, the embedded packet could be IP or non-IP.¶
An MPLS packet can contain many types of embedded packets. The most common types are:¶
Many other packet types are possible; in principle, any Layer 2 embedded packet is permissible. Indeed, in the past, packets of Point-to-Point Protocol, Frame Relay, and Asynchronous Transfer Mode protocols were reasonably common.¶
In addition, there may be a PSH ahead of the embedded packet, and it needs to be parsed. The PFN is currently used for both of these purposes.¶
There are four common ways to load balance an MPLS packet:¶
Load balancing based on just the top label means that all packets with that top label will go the same way -- this is far from ideal. Load balancing based on the entire label stack (not including SPLs) is better, but it may still be uneven. If, however, the embedded packet is an IP packet, then the combination of (<source IP address>, <dest IP address>, <transport protocol>, <source port>, and <dest port>) from the IP header of the embedded packet forms an excellent basis for load-balancing. This is what is typically used for load balancing IP packets.¶
An MPLS packet doesn't, however, carry a payload type identifier. There is a simple (but dangerous) heuristic that is commonly used to guess the type of the embedded packet. The first nibble, i.e., the four most significant bits of the first octet, of an IP header contains the IP version number. That, in turn, indicates where to find the relevant fields for load-balancing. The heuristic goes roughly as follows:¶
This heuristic has been implemented in many (legacy) routers, and performs well in the case of Figure 2, A. However, this heuristic can work very badly for Figure 2, B. For example, if payload B is an Ethernet frame, then the PFN is the first nibble of the OUI of the destination MAC address, which can be 0x4 or 0x6, and if so would lead to very bad load-balancing. This behavior can happen to other types of non-IP payloads as well.¶
That, in turn, led to the idea of inserting a PSH (e.g., a pseudowire control word [RFC4385], a DetNet control word [RFC8964] or a BIER header [RFC8296]) where the PFN is not 0x4 or 0x6, to explicitly prevent forwarding engines from confusing the MPLS payload with an IP packet. [RFC8469] recommends the use of a control word when the embedded packet is an Ethernet frame. RFC 8469 was published at the request of the operator community and the IEEE Registration Authority Committee as a result of operational difficulties with pseudowires that did not contain the control word.¶
It is RECOMMENDED that where load-balancing of MPLS packets is desired, the load-balancing mechanism uses the value of a dedicated label, for example, either an Entropy Label [RFC6790] or a FAT Pseudowire Label [RFC6391]. Furthermore, the heuristic of guessing the type of the embedded packet, as discussed above, SHOULD NOT be used.¶
A consequence of that heuristic approach is that while legacy routers may look for a PFN of 0x4 [RFC0791] or 0x6 [RFC8200], no router will look for any other PFN, regardless of what future IP version numbers will be, for load-balancing purposes. This means that the values 0x4 and 0x6 are used to (sometimes incorrectly) identify IPv4 and IPv6 packets, but no other First Nibble values will be used to identify IP packets.¶
This document creates a new PFN Registry for all 16 possible values.¶
Paragraph 3 in Section 3 of RFC 4928 [RFC4928] states that:¶
OLD TEXT¶
It is REQUIRED, however, that applications dependent upon in-order packet delivery restrict the first nibble values to 0x0 and 0x1. This will ensure that their traffic flows will not be affected if some future routing equipment does similar snooping on some future version(s) of IP.¶
END¶
The text in RFC 4928 [RFC4928] concerning the first nibble after the MPLS Label Stack has been updated by [I-D.ietf-mpls-1stnibble] and the heuristic for snooping this nibble has been deprecated. RFC 4928 is now updated as follows:¶
NEW TEXT:¶
Network equipment that complies with [I-D.ietf-mpls-1stnibble] MUST use a PSH (Post-Stack Header) with a PFN (Post-stack First Nibble) value that is neither 0x4 nor 0x6 in all cases when the MPLS payload is not an IP packet.¶
END¶
The recommendation (see Section 2.1.1.1) replaces the paragraph 4 in Section 3 of RFC 4928 [RFC4928] as follows:¶
OLD TEXT:¶
This behavior implies that if in the future an IP version is defined with a version number of 0x0 or 0x1, then equipment complying with this BCP would be unable to look past one or more MPLS headers, and load-split traffic from a single LSP across multiple paths based on a hash of specific fields in the IPv0 or IPv1 headers. That is, IP traffic employing these version numbers would be safe from disturbances caused by inappropriate load-splitting, but would also not be able to get the performance benefits.¶
NEW TEXT:¶
[I-D.ietf-mpls-1stnibble] deprecated the practice of deducing the payload type to avoid inaccurate load balancing based on the PFN value. This means that older implementations and deployments can continue to use that heuristic, while it must not be part of new implementations or deployments. The deprecation also means that concerns about load balancing for future IP versions with a version number of 0x0 or 0x1 are now moot.¶
At the time of this document, it was planned to obsolete MPLS encapsulations without PSH of non-IP payload when sufficient evidence exists that there are no marketed or deployed implementations using the heuristic practice.¶
END¶
Furthermore, the following text is appended to Section 1.1 of RFC 4928 [RFC4928]:¶
NEW TEXT:¶
PSH: Post-Stack Header¶
PFN: Post-stack First Nibble¶
END¶
The MPLS WG is currently engaged in updating the MPLS architecture; part of this work may involve the use of PSHs. That might be more challenging if PSH values are allocated on an ad hoc basis, and their parsing and semantics are ill-specified. Consider that the PFN value of 0x0 has two different formats, depending on whether the PSH is a pseudowire control word or a DetNet control word; disambiguation requires the context of the service label. This was a considered decision; documenting this would be helpful to future implementors.¶
With a registry, PSHs become easier to parse; not needing means outside the data plane to interpret them correctly; and their semantics and usage are documented.¶
The use of the PFN stemmed from the desire to heuristically identify IP packets for load-balancing purposes. It was then discovered that non-IP packets, misidentified as IP when the heuristic failed, were being badly load balanced, leading to [RFC4928]. This situation may confuse some as to the relationship between the Post-stack First Nibble Registry and the IP Version Numbers registry. These registries are quite different:¶
The only intersection points between the two registries is for values 0x4 and 0x6 (for backward compatibility). There is no need to track future IP version number allocations in the Post-stack First Nibble registry.¶
This memo requests IANA to create a registry group called “Post-Stack First Nibble Registry” that consists of a single registry called "Post-Stack First Nibble Registry". The registry should be created as shown in Table 1. The assignment policy for the registry is Standards Action.¶
Protocol | Value | Description | Reference |
---|---|---|---|
DetNet | 0x0 | DetNet Control Word | RFC 8964 |
NSH | 0x0 | NSH Base Header, payload | RFC 8300 |
PW | 0x0 | PW Control Word | RFC 4385 |
DetNet | 0x1 | DetNet Associated Channel | RFC 9546 |
MPLS | 0x1 | MPLS G-ACh | RFC 5586 |
PW | 0x1 | PW Associated Channel | RFC 4385 |
NSH | 0x2 | NSH Base Header, OAM | RFC 8300 |
0x3 | Unassigned | ||
0x4 | Reserved, not to be assigned | ||
BIER | 0x5 | BIER Header | RFC 8296 |
0x6 | Reserved, not to be assigned | ||
0x7 - 0xF | Unassigned |
This document creates a new IANA registry for and specifies changes to the treatment in the data plane of packets based on the first nibble of data beyond the MPLS label stack. One intent of this is to reduce or eliminate errors in determining whether a packet being transported by MPLS is IP or not. While such errors have primarily caused unbalanced and, thus, inefficient multi-pathing, they have the potential to cause more severe security problems.¶
For general MPLS label stack security considerations, see [RFC3032].¶
The authors express their appreciation and gratitude to Donald E. Eastlake 3rd for the review, insightful questions, and helpful comments. Also, the authors are gateful to Amanda Baber for helping organize the IANA registry in clear and consise manner.¶