Internet-Draft | RAO-less LSP Ping | October 2023 |
Kompella, et al. | Expires 20 April 2024 | [Page] |
The MPLS echo request and MPLS echo response messages, defined in RFC 8029 "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures" (usually referred to as LSP ping messages), are encapsulated in IP headers that include a Router Alert Option (RAO). The rationale for using an RAO as the exception mechanism is questionable. Furthermore, RFC 6398 identifies security vulnerabilities associated with the RAO in non-controlled environments, e.g., the case of using the MPLS echo request/reply as inter-area OAM, and recommends against its use outside of controlled environments.¶
Therefore, this document removes the RAO from LSP ping message encapsulations. It updates RFCs 7506 and 8029.¶
This document also recommends the use of an IPv6 loopback address (::1/128) and discourages the use of an IPv4 loopback address mapped to IPv6.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 20 April 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
RFC 8029 - "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures" (usually referred to as LSP Ping) [RFC8029] detects data-plane failures in MPLS Label Switched Paths (LSPs). It can operate in "ping mode" or "traceroute mode". When operating in ping mode, it checks LSP connectivity. When operating in traceroute mode, it can trace an LSP and localize failures to a particular node along an LSP.¶
The reader is assumed be familiar with [RFC8029] and its terminology.¶
LSP ping defines a probe message called the "MPLS echo request". It also defines a response message called the "MPLS echo reply". Both messages are encapsulated in UDP and IP. The MPLS echo request message is further encapsulated in an MPLS label stack, except when all of the FECs in the stack correspond to Implicit Null labels.¶
When operating in ping mode, LSP ping sends a single MPLS echo request message, with the MPLS TTL set to 255. This message is intended to reach the egress Label Switching Router (LSR). When operating in traceroute mode, MPLS ping sends multiple MPLS echo request messages as defined in Section 4.3 of [RFC8029]. It manipulates the MPLS TTL so that the first message expires on the first LSR along the path and subsequent messages expire on subsequent LSRs.¶
The IP header that encapsulates an MPLS echo request message must include a Router Alert Option (RAO), while the IP header that encapsulates an MPLS echo reply message must include an RAO if the value of the Reply Mode in the corresponding MPLS echo request message is "Reply via an IPv4/IPv6 UDP packet with Router Alert". In both cases, the rationale for including an RAO is questionable. Furthermore, [RFC6398] identifies security vulnerabilities associated with the RAO in non-controlled environments, e.g., the case of using the MPLS echo request/reply as inter-domain OAM over the public Internet, and recommends against its use outside of controlled environments, e.g., outside a single administrative domain.¶
Therefore, this document removes the RAO from both LSP ping message encapsulations. It updates RFCs 7506 [RFC7506] and 8029 [RFC8029].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
While the MPLS echo request message must traverse every node in the LSP under test, it must not traverse any other node. Specifically, the message must not be forwarded beyond the egress Label Switching Router (LSR).To achieve this, a set of the mechanisms that are used concurrently to prevent leaking MPLS echo request messages has been defined in [RFC8029]:¶
Currently, ALL of these are required. However, any one is sufficient to prevent forwarding the packet beyond the egress LSR.¶
Therefore, this document changes RFC 8029 in that Requirement 3 is removed.¶
The authors are not aware of any implementation that relies on the RAO to prevent packets from being forwarded beyond the egress LSR.¶
An LSP ping replies to the MPLS echo request message with an MPLS echo reply message. Four reply modes are defined in [RFC8029]:¶
The rationale for mode 3 is questionable, if not wholly misguided. According to RFC 8029, "If the normal IP return path is deemed unreliable, one may use 3 (Reply via an IPv4/IPv6 UDP packet with Router Alert)."¶
However, it is not clear that the use of the RAO increases the reliability of the return path. In fact, one can argue it decreases the reliability in many instances, due to the additional burden of processing the RAO. This document changes RFC 8029 [RFC8029] in that mode 3 are removed.¶
The authors are not aware of any implementations of mode 3.¶
RFC 7506 defines the IPv6 Router Alert Option for MPLS Operations, Administration, and Management. This document reclassifies RFC 7506 as Historic.¶
[RFC8029] requires that the IPv6 Destination Address used in IP/UDP encapsulation of an MPLS echo request packet is selected from the IPv4 loopback address range mapped to IPv6. Such packets do not have the same behavior as prescribed in [RFC1122] for an IPv4 loopback addressed packet.¶
[RFC4291] defines ::1/128 as the single IPv6 loopback address. Considering that this specification updates Section 2.1 of [RFC8029] regarding the selection of an IPv6 destination address for an MPLS echo request message:¶
LSP Ping implementations SHOULD ignore RAO options when they arrive on incoming MPLS echo request and MPLS echo reply messages.¶
LSP Ping implementations SHOULD ignore RAO options when they arrive on incoming MPLS echo request and MPLS echo reply messages.¶
This document requests that the IPv6 RAO value for MPLS OAM (69) in [IANA-IPV6-RAO] is marked as "Deprecated". It also requests that the Reply Mode 3 ("Reply via an IPv4/IPv6 UDP packet with Router Alert") in [IANA-LSP-PING] is marked as "Deprecated".¶
We interpret "DEPRECATED" in this context to mean that the deprecated values should not be used in new implementations, and that deployed implementations that use these values continue to work seamlessly.¶
If this document is approved, mark the IPv6 RAO value of MPLS OAM (69) in [IANA-IPV6-RAO] as "Deprecated". [RFC8126] offers a formal description of the word "Deprecated".¶
Also, mark Reply Mode 3 ("Reply via an IPv4/IPv6 UDP packet with Router Alert") in [IANA-LSP-PING] as "Deprecated".¶
The recommendations this document makes do not compromise security. In case of using IPv6 loopback address ::1/128 strengthens security for LSP Ping by using the standardized loopback address with well-defined behavior.¶
The authors express their appreciation to Adrian Farrel and Gyan Mishra for for their suggestions that improved the readability of the document.¶