Tree Engineering for Bit Index Explicit Replication (BIER-TE)Futurewei Technologies Inc.2330 Central ExpySanta Clara95050CAUnited States of Americatte@cs.fau.deUniversity of TuebingenGermanymenth@uni-tuebingen.deKOEVOOFrancegregory@koevoo.tech
rtg
bierBIERBIER-TEcontrollerECMPforwardingtraffic-engineeringmulticastpseudocoderoutingtraffic-steeringtree-steering This memo describes per-packet stateless strict and loose path
steered replication and forwarding for "Bit Index Explicit Replication" (BIER) packets (RFC 8279); it is called "Tree Engineering for Bit Index Explicit Replication" (BIER-TE) and is intended to be used as the path steering mechanism for Traffic Engineering
with BIER.BIER-TE introduces a new semantic for "bit positions" (BPs). These BPs indicate adjacencies
of the network topology, as opposed to (non-TE) BIER in which BPs indicate
"Bit-Forwarding Egress Routers" (BFERs). A BIER-TE "packets BitString" therefore indicates the
edges of the (loop-free) tree across which the packets are forwarded by BIER-TE.
BIER-TE can leverage BIER forwarding engines with little changes.
Co-existence of BIER and BIER-TE forwarding in the same domain is possible -- for example, by using
separate BIER "subdomains" (SDs). Except for the optional routed adjacencies, BIER-TE does not
require a BIER routing underlay and can therefore operate without depending
on a routing protocol such as the "Interior Gateway Protocol" (IGP).Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
. Overview
. Introduction
. Requirements Language
. Basic Examples
. BIER-TE Topology and Adjacencies
. Relationship to BIER
. Accelerated Hardware Forwarding Comparison
. Components
. The Multicast Flow Overlay
. The BIER-TE Control Plane
. The BIER-TE Controller
. BIER-TE Topology Discovery and Creation
. Engineered Trees via BitStrings
. Changes in the Network Topology
. Link/Node Failures and Recovery
. The BIER-TE Forwarding Plane
. The Routing Underlay
. Traffic Engineering Considerations
. BIER-TE Forwarding
. The BIER-TE Bit Index Forwarding Table (BIFT)
. Adjacency Types
. Forward Connected
. Forward Routed
. ECMP
. Local Decap(sulation)
. Encapsulation / Co-existence with BIER
. BIER-TE Forwarding Pseudocode
. BFR Requirements for BIER-TE Forwarding
. BIER-TE Controller Operational Considerations
. Bit Position Assignments
. P2P Links
. BFERs
. Leaf BFERs
. LANs
. Hub and Spoke
. Rings
. Equal-Cost Multipath (ECMP)
. Forward Routed Adjacencies
. Reducing Bit Positions
. Supporting Nodes without BIER-TE
. Reuse of Bit Positions (without DNC)
. Summary of BP Optimizations
. Avoiding Duplicates and Loops
. Loops
. Duplicates
. Managing SIs, Subdomains, and BFR-ids
. Why SIs and Subdomains?
. Assigning Bits for the BIER-TE Topology
. Assigning BFR-ids with BIER-TE
. Mapping from BFRs to BitStrings with BIER-TE
. Assigning BFR-ids for BIER-TE
. Example Bit Allocations
. With BIER
. With BIER-TE
. Summary
. Security Considerations
. IANA Considerations
. References
. Normative References
. Informative References
. BIER-TE and Segment Routing (SR)
Acknowledgements
Authors' Addresses
Overview"Tree Engineering for Bit Index Explicit Replication" (BIER-TE) is based on the (non-TE) BIER architecture, terminology, and packet formats as described
in and .
This document describes BIER-TE, with the expectation that the reader is familiar
with these two documents.BIER-TE introduces a new semantic for "bit positions" (BPs). These BPs indicate adjacencies
of the network topology, as opposed to (non-TE) BIER in which BPs indicate
"Bit-Forwarding Egress Routers" (BFERs). A BIER-TE "packets BitString" therefore indicates the
edges of the (loop-free) tree across which the packets are forwarded by BIER-TE.
With BIER-TE, the "Bit Index Forwarding Table" (BIFT) of each "Bit-Forwarding Router" (BFR)
is only populated with BPs that are adjacent to the BFR
in the BIER-TE topology. Other BPs are empty in the BIFT. The BFR replicates
and forwards BIER packets to adjacent BPs that are set in the packets.
BPs are normally also cleared upon forwarding to avoid duplicates and loops.
BIER-TE can leverage BIER forwarding engines with little or no changes.
It can also co-exist with BIER forwarding in the same domain -- for example, by using
separate BIER subdomains. Except for the optional routed adjacencies, BIER-TE does not
require a BIER routing underlay and can therefore operate without depending
on a routing protocol such as the "Interior Gateway Protocol" (IGP).This document is structured as follows:
introduces BIER-TE with two
forwarding examples, followed by an introduction to the new concepts of the BIER-TE
(overlay) topology, and finally a summary of the relationship between BIER and BIER-TE and a discussion of accelerated hardware forwarding.
describes the components of the BIER-TE architecture: the multicast
flow overlay, the BIER-TE layer with the BIER-TE control plane (including the BIER-TE controller), the BIER-TE forwarding plane, and the routing underlay.
specifies the behavior of the BIER-TE forwarding plane with the different types of adjacencies and possible variations of BIER-TE forwarding pseudocode, and finally the mandatory and optional requirements.
describes operational considerations for the BIER-TE controller, primarily how the BIER-TE controller can optimize the use of BPs by using specific types of BIER-TE adjacencies for different types of topological situations. It also describes how to assign bits to avoid loops and duplicates (which, in BIER-TE, does not come "for free"). Finally, it discusses how "Set Identifiers" (SIs), "subdomains" (SDs), and BFR-ids can be managed by a BIER-TE controller; examples and a summary are provided.
concludes this document; details regarding the relationship between BIER-TE and "Segment Routing" (SR) are discussed.
Note that related work
uses Bloom filters to represent leaves or edges of the intended delivery tree. Bloom filters
in general can support larger trees/topologies with fewer addressing bits than explicit BitStrings,
but they introduce the heuristic risk of false positives and cannot clear bits in
the BitStrings during forwarding to avoid loops. For these reasons, BIER-TE, like BIER,
uses explicit BitStrings. Explicit BitStrings as used by BIER-TE can also
be seen as a special type of Bloom filter, and this is how other related work
describes it.IntroductionRequirements LanguageThe key words "MUST", "MUST NOT",
"REQUIRED", "SHALL",
"SHALL NOT", "SHOULD",
"SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document
are to be interpreted as described in BCP 14
when, and only
when, they appear in all capitals, as shown here.Basic ExamplesBIER-TE forwarding is best introduced with simple examples. These examples
use formal terms defined later in this document ( in ),
including forward_connected(), forward_routed(), and local_decap().
Consider the simple network in the BIER-TE overview example shown in
, with six BFRs. p1...p15 are the bit positions used. All BFRs can act as
a "Bit-Forwarding Ingress Router" (BFIR); BFR1, BFR3, BFR4, and
BFR6 can also be BFERs. "Forward_connected()" is the name used for
adjacencies that represent subnet adjacencies of the network.
"Local_decap()" is the name used for the adjacency that decapsulates BIER-TE packets and
passes their payload to higher-layer processing.
Assume that a packet from BFR1 should be sent via BFR4 to BFR6. This requires
a BitString (p2,p8,p10,p12,p15). When this packet is examined by BIER-TE
on BFR1, the only bit position from the BitString that is also set in
the BIFT is p2. This will cause BFR1 to send the only copy of the packet
to BFR2. Similarly, BFR2 will forward to BFR4 because of p8, BFR4 to BFR5
because of p10, and BFR5 to BFR6 because of p12. p15 finally makes BFR6 receive
and decapsulate the packet.
To send a copy to BFR6 via BFR4 and also a copy to BFR3, the BitString needs
to be (p2,p5,p8,p10,p12,p13,p15). When this packet is examined by
BFR2, p5 causes one copy to be sent to BFR3 and p8 one copy to BFR4.
When BFR3 receives the packet, p13 will cause it to receive and decapsulate
the packet.
If instead the BitString was (p2,p6,p8,p10,p12,p13,p15), the packet
would be copied by BFR5 towards BFR3 because of p6 instead of being copied by
BFR2 to BFR3 because of p5 in the prior case. This demonstrates the ability of the
BIER-TE topology, as shown in , to make the traffic pass across any possible path and be
replicated where desired.
BIER-TE has various options for minimizing BP assignments,
many of which are based on out-of-band knowledge about the required multicast traffic
paths and bandwidth consumption in the network, e.g., from predeployment planning. shows a modified example, in which Rtr2 and Rtr5 are
assumed not to support BIER-TE, so traffic has to be unicast encapsulated across
them. To explicitly distinguish routed/tunneled forwarding of BIER-TE packets
from Layer 2 forwarding (forward_connected()), these adjacencies are called "forward_routed()" adjacencies. Otherwise, there is no difference
in their processing over the aforementioned forward_connected() adjacencies.In addition, bits are saved in the following example by assuming that BFR1 only
needs to be a BFIR -- not a BFER or a transit BFR.To send a BIER-TE packet from BFR1 via BFR3 to be received by BFR6,
the BitString is (p1,p5,p9). A packet from BFR1 via BFR4 to be received by BFR6 uses the BitString (p2,p6,p9). A packet from BFR1 to be received by BFR3,BFR4
and from BFR3 to be received by BFR6 uses (p1,p2,p3,p4,p5,p9). A packet
from BFR1 to be received by BFR3,BFR4 and from BFR4 to be received by BFR6
uses (p1,p2,p3,p4,p6,p9). A
packet from BFR1 to be received by BFR4, then from BFR4 to be
received by BFR6, and finally from BFR6 to be received by BFR3, uses
(p2,p3,p4,p6,p7,p9). A packet from BFR1 to be received by BFR3,
then from BFR3 to be received by BFR6, and finally from BFR6 to be
received by BFR4, uses (p1,p3,p4,p5,p8,p9).
BIER-TE Topology and AdjacenciesThe key new component in BIER-TE compared to (non-TE) BIER is the BIER-TE topology
as introduced through the two examples in .
It is used to control where replication can or should happen and how to
minimize the required number of BPs for adjacencies.
The BIER-TE topology consists of the BIFTs of all the BFRs and
can also be expressed as a directed graph where the edges are the adjacencies
between the BFRs labeled with the BP used for the adjacency. Adjacencies are
naturally unidirectional. A BP can be reused across multiple adjacencies as long as this does not
lead to undesired duplicates or loops, as explained in .
If the BIER-TE topology represents (a subset of) the underlying (Layer 2)
topology of the network as shown in the first example, this may be called an "underlay"
BIER-TE topology. A topology consisting only of "forward_routed()" adjacencies as
shown in the second example may be called an "overlay" BIER-TE topology.
A BIER-TE topology with both forward_connected() and forward_routed() adjacencies
may be called a "hybrid" BIER-TE topology.Relationship to BIERBIER-TE is designed so that its forwarding plane is a simple extension to the (non-TE) BIER forwarding plane, hence allowing it to be added to BIER deployments where it can be beneficial.BIER-TE is also intended as an option to expand the BIER architecture into deployments where (non-TE) BIER may not be the best fit, such as statically provisioned networks that need path steering but do not want distributed routing protocols.
BIER-TE inherits the following aspects from BIER unchanged:
The fundamental purpose of per-packet signaled replication and delivery via a BitString.
The overall architecture, which consists of three layers: the flow overlay, the BIER(-TE) layer, and the routing underlay.
The supported encapsulations .
The semantics of all BIER header elements used by the BIER-TE forwarding plane, other than the semantic of the BP in the BitString.
The BIER forwarding plane, except for how bits have to be cleared during replication.
BIER-TE has the following key changes with respect to BIER:
In BIER, bits in the BitString of a BIER packet header indicate a BFER,
and bits in the BIFT indicate the BIER control plane's calculated next hop
towards that BFER. In BIER-TE, a bit in the BitString of a BIER packet
header indicates an adjacency in the BIER-TE topology, and only the
BFR that is the upstream of that adjacency has its BP populated with
the adjacency in its BIFT.
In BIER, the implied reference options for the core part of the
BIER layer
control plane are the BIER extensions for distributed routing protocols.
These include IS-IS and OSPF extensions for BIER, as specified in
and , respectively.
The reference option for the core part of the BIER-TE control plane is
the BIER-TE controller. Nevertheless, both the BIER and BIER-TE BIFTs' forwarding
plane state could equally be populated by any mechanism.
Assuming the reference options for the control plane, BIER-TE replaces in-network autonomous path calculations with explicit paths calculated by the BIER-TE controller.
The following elements/functions described in the BIER architecture are not required by the BIER-TE architecture:
"Bit Index Routing Tables" (BIRTs) are not required on BFRs for BIER-TE when using a BIER-TE controller, because the controller can directly populate the BIFTs. In BIER, BIRTs are populated by the distributed routing protocol support for BIER, allowing BFRs to populate their BIFTs locally from their BIRTs. Other BIER-TE control plane or management plane options may introduce requirements for BIRTs for BIER-TE BFRs.
The BIER-TE layer forwarding plane does not require BFRs to have a unique BP; see . Therefore, BFRs may not have a unique BFR-id; see .
Identification of BFRs by the BIER-TE control plane is outside the scope of this specification. Whereas the BIER control plane uses BFR-ids in its BFR-to-BFR signaling, a BIER-TE controller may choose any form of identification deemed appropriate.
BIER-TE forwarding does not require the BFIR-id field of the BIER packet header.
Co-existence of BIER and BIER-TE in the same network requires the following:
The BIER/BIER-TE packet header needs to allow the addressing of both BIER and BIER-TE BIFTs. Depending on the encapsulation option, the same SD may or may not be reusable across BIER and BIER-TE. See .
In either case, a packet is always forwarded only end to end via BIER or via BIER-TE ("ships in the night" forwarding).
BIER-TE deployments will have to assign BFR-ids to BFRs and insert them into the BFIR-id field of BIER packet headers, as does BIER, whenever the deployment uses (unchanged) components developed for BIER that use BFR-ids, such as multicast flow overlays or BIER layer control plane elements. See also .
Accelerated Hardware Forwarding ComparisonBIER-TE forwarding rules, especially BitString parsing, are designed to be as close
as possible to those of BIER, with the expectation that this eases the programming of BIER-TE forwarding
code and/or BIER-TE forwarding hardware on platforms supporting BIER.
The pseudocode in shows how existing
(non-TE) BIER/BIFT forwarding can be modified to support the required BIER-TE forwarding
functionality (), by using the BIER BIFT's "Forwarding Bit Mask" (F-BM):
only the clearing of bits to avoid sending duplicate
packets to a BFR's neighbor is skipped in BIER-TE forwarding, because it is not necessary
and could not be done when using a BIER F-BM.Whether to use BIER or BIER-TE forwarding is simply a choice of the mode
of the BIFT indicated by the packet (BIER or BIER-TE BIFT). This is determined
by the BFR configuration for the encapsulation; see .ComponentsBIER-TE can be thought of as being composed of the same three
layers as BIER: the "multicast flow overlay", the "BIER layer", and
the "routing underlay". also shows how the BIER layer
is composed of the "BIER-TE forwarding plane" and the "BIER-TE control plane" as
represented by the "BIER-TE controller".
The Multicast Flow OverlayThe multicast flow overlay has the same role as that described for BIER
in . See also .When a BIER-TE controller is used, it might also be preferable that
multicast flow overlay signaling be performed through a central point of control. For BGP-based
overlay flow services such as "" , this
can be achieved by making the BIER-TE controller operate as a BGP Route
Reflector and combining it with signaling through BGP
or a different protocol for the BIER-TE controller's calculated BitStrings.
See Sections and .The BIER-TE Control PlaneIn the (non-TE) BIER architecture , the BIER layer is summarized in . This summary includes both the functions
of the BIER-layer control plane and forwarding plane, without using those terms.
Example standardized options for the BIER control plane include
IS-IS and OSPF extensions for BIER, as specified in and , respectively.For BIER-TE, the control plane includes, at a minimum, the following functionality.
BIER-TE topology control: During initial provisioning of the network and/or during modifications of its topology and/or services, the protocols and/or procedures to establish BIER-TE BIFTs:
Determine the desired BIER-TE topology for BIER-TE subdomains: the adjacencies that are assigned to BPs. Topology discovery is discussed in , and the various aspects of the BIER-TE controller's determinations regarding the topology are discussed throughout .
Determine the per-BFR BIFT from the BIER-TE topology. This is achieved by simply extracting the adjacencies of the BFR from the BIER-TE topology and populating the BFR's BIFT with them.
Optionally assign BFR-ids to BFIRs for later insertion into BIER headers on BFIRs as BFIR-ids. Alternatively, BFIR-ids in BIER packet headers may be managed solely by the flow overlay layer and/or be unused. This is discussed in .
Install/update the BIFTs into the BFRs and, optionally, BFR-ids into BFIRs. This is discussed in .
BIER-TE tree control:
During network operations, protocols and/or procedures to support creation/change/removal of overlay flows on BFIRs:
Process the BIER-TE requirements for the multicast overlay flow: BFIRs and BFERs of the flow as well as policies for the path selection of the flow. This is discussed in .
Determine the BitStrings and, optionally, entropy.
BitStrings are discussed in Sections , , and . Entropy is discussed in .
Install state on the BFIR to impose the desired BIER packet header(s) for packets of the overlay flow. Different aspects of this point, as well as the next point, are discussed throughout and in . The main component responsible for these two points is the multicast flow overlay (), which is architecturally inherited from BIER.
Install the necessary state on the BFERs to decapsulate the BIER packet header and properly dispatch its payload.
The BIER-TE ControllerThis architecture describes the
BIER-TE control plane, as shown in , as consisting of:
A BIER-TE controller.
BFR data models and protocols to communicate between the controller and BFRs
in support of BIER-TE topology control (see the list under "BIER-TE topology control"),
such as YANG/NETCONF/RESTCONF .
BFR data models and protocols to communicate between the controller and BFIRs in support of
BIER-TE tree control (see , point 2.), such as BIER-TE extensions
for .
The single, centralized BIER-TE controller is used in this document as the reference option for the BIER-TE control plane, but other options are equally feasible.
The BIER-TE control plane could equally be implemented without automated configuration/protocols,
by an operator via a CLI on the BFRs.
In that case, operator-configured local policy on the BFIR would have to
determine how to set the appropriate BIER header fields. The BIER-TE control plane could also be decentralized
and/or distributed, but this document does not consider any additional protocols and/or procedures
that would then be necessary to coordinate its (distributed/decentralized) entities to achieve the above-described functionality.BIER-TE Topology Discovery and CreationThe first item listed for BIER-TE topology control (, point 1.a.)
includes network topology discovery and BIER-TE topology creation. The latter describes
the process by which a controller determines which routers are to be configured as BFRs and the
adjacencies between them.In statically managed networks, e.g., industrial environments, both discovery and creation can be a manual/offline process.In other networks, topology discovery may rely on such protocols as those that include extending an IGP based on a link-state protocol into the BIER-TE controller itself, e.g., BGP-LS or YANG topology , as well as methods specific to BIER-TE -- for example, via . These options are non-exhaustive.Dynamic creation of the BIER-TE topology can be as easy as mapping the network topology 1:1 to the BIER-TE topology by assigning a BP for every network subnet adjacency. In larger networks, it likely involves more complex policy and optimization decisions, including how to minimize the number of BPs required and how to assign BPs across different BitStrings to minimize the number of duplicate packets across links when delivering an overlay flow to BFERs using different SIs:BitStrings. These topics are discussed in .When the BIER-TE topology has been determined, the BIER-TE controller pushes
the BPs/adjacencies to the BIFT of the BFRs. On each BFR, only those SIs:BPs
that are adjacencies to other BFRs in the BIER-TE topology are populated.Communications between the BIER-TE controller and BFRs for both BIER-TE topology
control and BIER-TE tree control are ideally via standardized protocols and data models such
as NETCONF/RESTCONF/YANG/PCEP. A vendor-specific CLI on the BFRs is also an option (as in many other "Software-Defined Network" (SDN)
solutions lacking definitions of standardized data models).Engineered Trees via BitStringsIn BIER, the same set of BFERs in a single subdomain is always encoded as the same BitString.
In BIER-TE, the BitString used to reach the same set of BFERs in the same subdomain can be
different for different overlay flows because the BitString encodes the paths towards the BFERs,
so the BitStrings from different BFIRs to the same set of BFERs will often be different. Likewise, the BitString from
the same BFIR to the same set of BFERs can be different for different
overlay flows if different policies should be applied to those overlay
flows, such as shortest path trees, Steiner
trees (minimum cost trees), diverse path trees for redundancy, and so on.
See also for an application
leveraging BIER-TE engineered trees.Changes in the Network TopologyIf the network topology changes (not failure based) so that adjacencies
that are assigned to bit positions are no longer needed, the BIER-TE controller can
reuse those bit positions for new adjacencies. First, these bit positions
need to be removed from any BFIR flow state and BFR BIFT state. Then, they
can be repopulated, first into the BIFT and then into the BFIR.Link/Node Failures and RecoveryWhen links or nodes fail or recover in the topology, BIER-TE could quickly
respond with "Fast Reroute" (FRR) procedures such as those described in , the details of which are out of scope for this document. It can also more slowly react by
recalculating the BitStrings of affected multicast flows. This reaction is
slower than the FRR procedure because the BIER-TE controller needs to receive
link/node up/down indications, recalculate the desired BitStrings, and push
them down into the BFIRs. With FRR, this is all performed locally on a BFR
receiving the adjacency up/down notification.The BIER-TE Forwarding PlaneThe BIER-TE forwarding plane consists of the following components:
On a BFIR, imposition of the BIER header for packets from overlay flows. This is driven by state established by the BIER-TE control plane, the multicast flow overlay as explained in , or a combination of both.
On BFRs (including BFIRs and BFERs), forwarding/replication of BIER packets according to their SD, SI, "BitStringLength" (BSL), BitString, and, optionally, entropy fields as explained in . Processing of other BIER header fields, such as the "Differentiated Services Code Point" (DSCP) field, is outside the scope of this document.
On BFERs, removal of the BIER header and dispatching of the payload according to state created by the BIER-TE control plane and/or overlay layer.
When the BIER-TE forwarding plane receives a packet, it simply looks
up the bit positions that are set in the BitString of the packet in the
BIFT that was populated by the BIER-TE controller.
For every BP that is set in the BitString and has one or
more adjacencies in the BIFT, a copy is made according to the types
of adjacencies for that BP in the BIFT. Before sending any copies, the
BFR clears all BPs in the BitString of the packet for which the
BFR has one or more adjacencies in the BIFT. Clearing these bits prevents
packets from looping when a BitString erroneously includes a forwarding loop.
When a forward_connected() adjacency has the "DoNotClear" (DNC) flag
set, this BP is reset for the packet copied to that adjacency.
See .The Routing UnderlayFor forward_connected() adjacencies, BIER-TE sends BIER packets to directly connected
BIER-TE neighbors as L2 (unicast) BIER packets without requiring a
routing underlay. For forward_routed() adjacencies, BIER-TE forwarding encapsulates
a copy of the BIER packet so that it can be delivered by the forwarding plane
of the routing underlay to the routable destination address indicated in the adjacency.
See for details on forward_routed() adjacencies.BIER relies on the routing underlay to calculate paths towards BFERs and derive next-hop BFR adjacencies for those paths. These two steps commonly rely on BIER-specific extensions to the routing protocols of the routing underlay but may also be established
by a controller. In BIER-TE, the next hops for a packet are determined by the BitString
through the BIER-TE controller-established adjacencies on the BFR for the BPs of the BitString.
There is thus no need for BFR-specific routing underlay extensions to forward BIER packets with
BIER-TE semantics.Encapsulation parameters can be provisioned by the BIER-TE controller into
the forward_connected() or forward_routed() adjacencies directly without relying on a routing underlay.
If the BFR intends to support FRR for BIER-TE, then the BIER-TE
forwarding plane needs to receive fast adjacency up/down notifications:
link up/down or neighbor up/down, e.g., from "Bidirectional Forwarding Detection" (BFD). Providing these notifications
is considered to be part of the routing underlay in this document.Traffic Engineering ConsiderationsTraffic Engineering
provides performance optimization of operational IP networks while utilizing
network resources economically and
reliably. The key elements needed to effect Traffic Engineering are policy, path steering,
and resource management. These elements require support at the
control/controller level and within the forwarding plane.Policy decisions are made within the BIER-TE control plane, i.e., within
BIER-TE controllers. Controllers use policy when composing BitStrings
and BFR BIFT state. The mapping of user/IP traffic to specific
BitStrings / BIER-TE flows is made based on policy. The specific details of
BIER-TE policies and how a controller uses them are out of scope for this
document.Path steering is supported via the definition of a BitString. BitStrings
used in BIER-TE are composed based on policy and resource management
considerations. For example, when composing BIER-TE BitStrings, a controller must take
into account the resources available at each BFR and for each BP
when it is providing congestion-loss-free services such as
Rate-Controlled Service Disciplines . Resource availability
could be provided, for example, via routing protocol information but
may also be obtained via a BIER-TE control protocol such as NETCONF or
any other protocol commonly used by a controller to understand the resources
of the network on which it operates. The
resource usage of the BIER-TE traffic admitted by the BIER-TE controller
can be solely tracked on the BIER-TE controller based on local accounting
as long as no forward_routed() adjacencies are used (see for the definition
of forward_routed() adjacencies). When forward_routed() adjacencies are used,
the paths selected by the underlying routing protocol need to be tracked as well.Resource management has implications for the forwarding plane beyond
the BIER-TE-defined steering of packets; this includes allocation of
buffers to guarantee the worst-case requirements for admitted RCSD traffic
and potentially policing and/or rate-shaping mechanisms, typically done
via various forms of queuing. This level of resource control,
while optional, is important in networks that wish to
support congestion management policies to control or regulate the offered
traffic to deliver different levels of service and alleviate congestion
problems, or those networks that wish to control latencies experienced by
specific traffic flows.BIER-TE ForwardingThe BIER-TE Bit Index Forwarding Table (BIFT)The BIER-TE BIFT is equivalent to the (non-TE) BIER BIFT. It
exists on every BFR running BIER-TE. For every BIER "subdomain" (SD) in use for BIER-TE,
the BIFT is constructed per the example shown in . The
BIFT in the figure assumes a BSL of 8 "bit positions" (BPs) in the packets BitString.
As in , this BSL is purely used as an example and is not a BSL supported by BIER/BIER-TE
(minimum BSL is 64).A BIER-TE BIFT is compared to a BIER BIFT as shown in as
follows.In both BIER and BIER-TE, BIFT rows/entries are indexed in their respective BIER pseudocode
() and BIER-TE pseudocode ()
by the BIFT-index derived from the packet's SI, BSL, and the one bit position of the
packets BitString (BP) addressing the BIFT row: BIFT-index = SI * BSL + BP - 1.
BPs within a BitString are numbered from 1 to BSL -- hence, the - 1 offset when converting
to a BIFT-index. This document also uses the notion "SI:BP" to indicate BIFT rows.
uses the equivalent notion "SI:BitString", where the BitString is
filled with only the BPs for the BIFT row.In BIER, each BIFT-index addresses one BFER by its BFR-id = BIFT-index + 1
and is populated on each BFR with the next-hop "BFR Neighbor" (BFR-NBR) towards that BFER.In BIER-TE, each BIFT-index and, therefore, SI:BP indicates one or, in the case of reuse of SI:BP, more than one adjacency between BFRs in the topology. The SI:BP
is populated with the adjacency on the upstream BFR of the adjacency. The BIFT entries are empty on all other BFRs.In BIER, each BIFT row also requires a "Forwarding Bit Mask" (F-BM) entry
for BIER forwarding rules. In BIER-TE forwarding, an F-BM is not required but can be used
when implementing BIER-TE on forwarding hardware, derived from BIER forwarding, that
must use an F-BM. This is discussed in the first variation of BIER-TE forwarding pseudocode shown in
.The BIFT is configured for the BIER-TE data plane of a BFR by the BIER-TE
controller through an appropriate protocol and data model. The BIFT is then
used to forward packets, according to the procedures for the BIER-TE forwarding plane as specified in .Note that a BIFT-index (SI:BP) may be populated in the BIFT of more
than one BFR to save BPs. See for an example of how a BIER-TE controller
could assign BPs to (logical) adjacencies shared across multiple BFRs,
for an example of assigning the same BP to different
adjacencies, and for general guidelines regarding the reuse of BPs across different adjacencies.{VRF} indicates the Virtual Routing and Forwarding context into which
the BIER payload is to be delivered. This is optional and depends
on the multicast flow overlay.Adjacency TypesForward ConnectedA "forward_connected()" adjacency is an adjacency towards a directly connected
BFR-NBR using an interface address of that BFR on the connecting
interface. A forward_connected() adjacency does not route packets;
only L2 forwards them to the neighbor.Packets sent to an adjacency with "DoNotClear" (DNC) set in the
BIFT MUST NOT have the bit position for that adjacency cleared when the
BFR creates a copy for it. The bit position will still be cleared for
copies of a packet made towards other adjacencies. This can be
used, for example, in ring topologies as explained in .For protection against loops caused by misconfiguration (see ),
DNC is only permissible for forward_connected() adjacencies. No need or benefit
of DNC for other types of adjacencies was identified, and associated risks were not analyzed.Forward RoutedA "forward_routed()" adjacency is an adjacency towards a BFR that
uses a (tunneling) encapsulation that will cause a packet to be
forwarded by the routing underlay towards the adjacent BFR indicated via the l3-neighbor parameter of the forward_routed() adjacency. This can
leverage any feasible encapsulation, such as MPLS or tunneling over IP/IPv6,
as long as the BIER-TE packet can be identified as a payload. This identification
can rely on either the BIER/BIER-TE co-existence mechanisms described in
or explicit support for a BIER-TE payload type
in the tunneling encapsulation.Forward_routed() adjacencies are necessary to pass BIER-TE traffic across
routers that are not BIER-TE capable or to minimize the number of required BPs by
tunneling over (BIER-TE-capable) routers on which neither replication nor
path steering is desired, or simply to leverage the routing underlay's path redundancy and FRR towards the next BFR. They may also be useful to a
multi-subnet adjacent BFR for leveraging the routing underlay ECMP
independently of BIER-TE ECMP ().ECMP(Non-TE) BIER ECMP is tied to the BIER BIFT processing semantic and is therefore
not directly usable with BIER-TE.A BIER-TE "Equal-Cost Multipath" (ECMP()) adjacency as shown in
for BIFT-index 7 has a list of two or more non-ECMP() adjacencies as parameters and an optional
seed parameter. When a BIER-TE packet is copied
onto such an ECMP() adjacency, an implementation-specific so-called hash function
will select one out of the list's adjacencies to which the packet is forwarded.
If the packet's encapsulation contains an entropy field, the entropy field SHOULD
be respected; two packets with the same value of the entropy field SHOULD be sent on
the same adjacency. The seed parameter permits the design of
hash functions that are easy to implement at high speed without running into
polarization issues across multiple consecutive ECMP hops. See
for details.Local Decap(sulation)A "local_decap()" adjacency passes a copy of the payload of
the BIER-TE packet to the protocol ("NextProto") within the BFR (IP/IPv6, Ethernet,...) responsible for
that payload according to the packet header fields.
A local_decap() adjacency turns the BFR into a BFER for matching
packets. Local_decap() adjacencies require the BFER to support
routing or switching for NextProto to determine how to further
process the packets.Encapsulation / Co-existence with BIERSpecifications for BIER-TE encapsulation are outside the scope of this document.
This section gives explanations and guidelines.The handling of "Maximum Transmission Unit" (MTU) limitations is
outside the scope of this document and is not discussed in
either. Instead, this process is part of the BIER-TE packet encapsulation and/or flow overlay; for example, see
.
It applies equally to BIER-TE and BIER.Because a BFR needs to interpret the BitString of a BIER-TE packet differently
from a (non-TE) BIER packet, it is necessary to distinguish BIER packets from BIER-TE packets.
In BIER encapsulation ,
the BIFT-id field of the packet indicates the BIFT of the packet. BIER and BIER-TE can
therefore be run simultaneously, when the BIFT-id address space is shared across
BIER BIFTs and BIER-TE BIFTs. Partitioning the BIFT-id address space is subject
to BIER-TE/BIER control plane procedures.When is used for BIER with MPLS, BIFT-id address ranges
can be dynamically allocated from MPLS label space only for the set of actually
used SD:BSL BIFTs. This also permits the allocation of non-overlapping label ranges for BIFT-ids
that are to be used with BIER-TE BIFTs.With MPLS, it is also possible to reuse the
same SD space for both BIER-TE and BIER, so that the same SD has both a
BIER BIFT with a corresponding range of BIFT-ids and disjoint BIER-TE BIFTs with a non-overlapping range of BIFT-ids.Assume that a fixed mapping from BSL, SD, and SI to a BIFT-id is used,
which does not explicitly partition the BIFT-id space between BIER
and BIER-TE -- for example, as proposed for non-MPLS forwarding with
BIER encapsulation
in .
In this case, it is necessary to allocate disjoint SDs to BIER and BIER-TE BIFTs
so that both can be addressed by the BIFT-ids. The encoding
proposed in does not statically encode the BSL or SD into the BIFT-id, but the encoding
permits a mapping and hence could provide the same freedom as when
MPLS is being used (the same SD, or different SDs for BIER/BIER-TE).
Forward_routed() requires an encapsulation that permits directing unicast encapsulated BIER-TE packets to a specific interface address on a target BFR. With MPLS encapsulation, this can
simply be done via a label stack with that address's label as the top label, followed
by the label assigned to the (BSL,SD,SI) BitString.
With non-MPLS encapsulation, some form of IP encapsulation would be required (for example, IP/GRE).
The encapsulation used for forward_routed() adjacencies can equally support
existing advanced adjacency information such as "loose source routes" via, for example, MPLS
label stacks or appropriate header extensions (e.g., for IPv6).BIER-TE Forwarding Pseudocode
The pseudocode for BIER-TE forwarding, as shown in , is based
on the (non-TE) BIER forwarding pseudocode provided in , with one modification.In step [2], the F-BM is used to clear one or more bits in PacketCopy.
This step exists in both BIER and BIER-TE, but the F-BMs need to be
populated differently for BIER-TE than for BIER for the desired clearing.In BIER, multiple bits of a BitString can have the same BFR-NBR.
When a received packets BitString has more than one of those bits set,
BIER's replication logic has to prevent more than one PacketCopy from being
sent to that BFR-NBR ([1]). Likewise, the PacketCopy sent to a BFR-NBR
must clear all bits in its BitString that are not routed across a BFR-NBR.
This prevents BIER's replication logic from creating duplicates on any possible further BFRs ([2]).To solve both [1] and [2] for BIER, the F-BM of each bit index needs to have all
bits set that this BFR wants to route across a BFR-NBR. [2] clears
all other bits in PacketCopy->BitString, and [1] clears those bits from
Packet->BitString after the first PacketCopy.In BIER-TE, a BFR-NBR in this pseudocode is an adjacency -- forward_connected(), forward_routed(),
or local_decap(). There is no need for [2] to suppress duplicates in the same way
that BIER does, because in general, different BPs would never have the same
adjacency. If a BIER-TE controller actually finds some optimization in
which this would be desirable, then the controller is also responsible for
ensuring that only one of those bits is set in any Packet->BitString, unless
the controller explicitly wants duplicates to be created.The following points describe how the F-BM for each BP is configured in the BIFT and how this impacts the BitString of the packet being processed with that BIFT:
The F-BMs of all BIFT BPs without an adjacency have all their bits clear.
This will cause [3] to skip further processing of such a BP.
All BIFT BPs with an adjacency (with the DNC flag clear) have an F-BM
that has only those BPs set for which this BFR does not have an adjacency.
This causes [2] to clear all bits from PacketCopy->BitString for which this
BFR does have an adjacency.
[1] is not performed for BIER-TE. All bit clearing required by BIER-TE
is performed by [2].
This forwarding pseudocode can support the required BIER-TE forwarding
functions (see ) -- forward_connected(),
forward_routed(), and local_decap() -- but cannot support the recommended functions (DNC flag and multiple adjacencies per bit) or the optional function (i.e., ECMP() adjacencies).
The DNC flag cannot be supported when using only [1] to mask bits.The modified and expanded forwarding pseudocode in specifies how to
support all BIER-TE forwarding functions (required, recommended, and optional):
This pseudocode eliminates per-bit F-BMs, therefore reducing the size of BIFT state by SI*BSL2 and eliminating the need for per-packet-copy BitString masking operations, except for adjacencies with the DNC flag set:
AdjacentBits[SI] are bit positions with a non-empty list of adjacencies in this BFR BIFT. This can be computed whenever the BIER-TE controller updates (adds/removes) adjacencies in the BIFT.
The BFR needs to create packet copies for these adjacent bits when they are set in the packets BitString. This set of bits is calculated in PktAdjacentBits.
All bit positions for which the BFR creates copies have to be cleared in packet copies to avoid loops. This is done by masking the BitString of the packet with ~AdjacentBits[SI]. When an adjacency has DNC set, this bit position is set again only for the packet copy towards that bit position.
BIFT entries may contain more than one adjacency in support of specific configurations, such as a hub and multiple spokes (). The code therefore includes a loop over these adjacencies.
The ECMP() adjacency is also shown in the figure. Its parameters are a seed and "ListOfAdjacencies", from which one is picked.
The forward_connected(), forward_routed(), and local_decap() adjacencies are shown with their parameters.
BFR Requirements for BIER-TE ForwardingBFRs that support BIER-TE and BIER MUST support a configuration that enables
BIER-TE instead of (non-TE) BIER forwarding rules for all BIFTs of one or more
BIER subdomains. Every BP in a BIER-TE BIFT MUST support having
zero or one adjacency. BIER-TE forwarding MUST support the adjacency types forward_connected() with the DNC flag not set, forward_routed(), and local_decap().
As explained in , these required BIER-TE forwarding functions
can be implemented via the same forwarding pseudocode as that used for BIER forwarding, except for
one modification (skipping one masking with an F-BM).BIER-TE forwarding SHOULD support forward_connected() adjacencies with the DNC flag set,
as this is very useful for saving bits in rings (see ).BIER-TE forwarding SHOULD support more than one adjacency on a bit.
This allows bits to be saved in hub-and-spoke scenarios (see ).BIER-TE forwarding MAY support ECMP() adjacencies to save bits in ECMP
scenarios; see for an example.
This is an optional requirement, because for ECMP deployments using BIER-TE
one can also leverage the routing underlay ECMP via forward_routed()
adjacencies and/or might prefer to have more explicit control of the path
chosen via explicit BPs/adjacencies for each ECMP path alternative.BIER-TE Controller Operational ConsiderationsBit Position AssignmentsThis section describes how the BIER-TE controller can use the
different BIER-TE adjacency types to define the bit positions of a BIER-TE domain.Because the size of the BitString limits the size of the
BIER-TE domain, many of the options described here exist to support larger
topologies with fewer bit positions.P2P LinksOn a "point-to-point" (P2P) link that connects two BFRs, the same bit position can be used on
both BFRs for the adjacency to the neighboring BFR. A P2P link therefore requires
only one bit position.BFERsEvery non-leaf BFER is given a unique bit position with a local_decap() adjacency.Leaf BFERsA leaf BFER is one where incoming BIER-TE packets never need to
be forwarded to another BFR but are only sent to the BFER
to exit the BIER-TE domain. For example, in networks where "Provider Edge" (PE) routers
are spokes connected to Provider (P) routers, those PEs are leaf BFERs, unless
there is a U-turn between two PEs.Consider how redundant disjoint
traffic can reach BFER1/BFER2 as shown in : when BFER1/BFER2
are non-leaf BFERs as shown on the right-hand side, one traffic
copy would be forwarded to BFER1 from BFR1, but the other one
could only reach BFER1 via BFER2, which makes BFER2 a non-leaf
BFER. Likewise, BFER1 is a non-leaf BFER when forwarding traffic to BFER2.
Note that the BFERs on the left-hand side of the figure are only guaranteed to
be leaf BFERs by correctly applying a routing configuration that prohibits transit
traffic from passing through the BFERs, which is commonly applied in these
topologies.In most situations, leaf BFERs that are to be addressed via the same BitString can share a single bit position for their local_decap() adjacency in that BitString and therefore save bit positions. On a non-leaf BFER, a received BIER-TE packet may only need to transit the BFER, or it may also need to be decapsulated. Whether or not to decapsulate the packet therefore needs to be indicated by a unique bit position populated only on the BIFT of this BFER with a local_decap() adjacency. On a leaf BFER, packets never need to pass through; any packet received is therefore usually intended to be decapsulated. This can be expressed by a single, shared bit position that is populated with a local_decap() adjacency on all leaf BFERs addressed by the BitString.The possible exceptions to this leaf BFER bit position optimization scenario can be cases where the bit position on the prior BIER-TE BFR (which created the packet copy for the leaf BFER in question) is populated with multiple adjacencies as an optimization -- for example, as described in Sections and . With either of these two optimizations, the sender of the packet could only control explicitly whether the packet was to be decapsulated on the leaf BFER in question, if the leaf BFER has a unique bit position for its local_decap() adjacency.However, if the bit position is shared across a leaf BFER and packets are therefore decapsulated -- potentially unnecessarily -- this may still be appropriate if the decapsulated payload of the BIER-TE packet indicates whether or not the packets need to be further processed/received. This is typically true, for example, if the payload is IP multicast, because IP multicast on a BFER would know the membership state of the IP multicast payload and be able to discard it if the packets were delivered unnecessarily by the BIER-TE layer. If the payload has no such membership indication and the BFIR wants to have explicit control regarding which BFERs are to receive and decapsulate a packet, then these two optimizations cannot be used together with shared bit position optimization for a leaf BFER.LANsIn a LAN, the adjacency to each neighboring BFR
is given a unique bit position. The adjacency of this bit position
is a forward_connected() adjacency towards the BFR, and this bit position
is populated into the BIFT of all the other BFRs on that LAN.If bandwidth on the LAN is not an issue and most BIER-TE traffic
should be copied to all neighbors on a LAN, then bit positions
can be saved by assigning just a single bit position to the LAN
and populating the bit position of the BIFTs of each BFR on
the LAN with a list of forward_connected() adjacencies to all other
neighbors on the LAN.This optimization does not work in the case of BFRs redundantly
connected to more than one LAN with this optimization. These
BFRs would receive duplicates and forward those duplicates into the
other LANs. Such BFRs require separate bit positions for each LAN they
connect to.Hub and SpokeIn a setup with a hub and multiple spokes connected via separate
P2P links to the hub, all P2P adjacencies from the hub to the spokes' links can share the same bit position.
The bit position on the hub's BIFT is set up with a list of
forward_connected() adjacencies, one for each spoke.This option is similar to the bit position optimization in
LANs: redundantly connected spokes need their own bit positions,
unless they are themselves leaf BFERs.This type of optimized BP could be used, for example, when all
traffic is "broadcast" traffic (very dense receiver sets),
such as live TV or many-to-many telemetry, including situational awareness.
This BP optimization can then be used to explicitly steer different traffic
flows across different ECMP paths in data-center or broadband-aggregation
networks with minimal use of BPs.RingsIn L3 rings, instead of assigning a single bit position for
every P2P link in the ring, it is possible to save bit positions by
setting the "DoNotClear" (DNC) flag on forward_connected() adjacencies.For the ring shown in , a single bit position
will suffice to forward traffic entering the ring at BFRa or BFRb
all the way up to BFR1, as follows.On BFRa, BFRb, BFR30,... BFR3, the bit position is populated with
a forward_connected() adjacency pointing to the clockwise neighbor
on the ring and with DNC set. On BFR2, the adjacency also points
to the clockwise neighbor BFR1, but without DNC set.Handling DNC this way ensures that copies forwarded from any BFRs in
the ring to a BFR outside the ring will not have the ring bit position set,
therefore minimizing the risk of creating loops.Note that this example only permits packets intended to make it all
the way around the ring to enter it at
BFRa and BFRb. Note also that packets will always travel clockwise. If
packets should be allowed to enter the ring at any of the ring's BFRs, then one
would have to use two ring bit positions, one for each direction:
clockwise and counterclockwise.Both would be set up to stop rotating on the same link, e.g., L1. When the
ring's BFIR creates the clockwise copy, it will clear the counterclockwise
bit position because the DNC bit only applies to the bit for which the
replication is done (likewise for the clockwise
bit position for the counterclockwise copy). As a result, the ring's
BFIR will send a copy in both directions, serving BFRs on either side of the
ring up to L1.Equal-Cost Multipath (ECMP)An ECMP() adjacency allows the use of just one BP to deliver packets
to one of N adjacencies instead of one BP for each adjacency.
In the common example case shown in ,
a link bundle of three links L1,L2,L3 connects BFR1 and BFR2, and
only one BP is used instead of three BPs to deliver packets from
BFR1 to BFR2.This document does not standardize any ECMP algorithm because it
is sufficient for implementations to document their freely chosen
ECMP algorithm.
shows an example ECMP algorithm
and would double as its documentation: a BIER-TE controller could
determine which adjacency is chosen based on the seed and adjacencies parameters
and on packet entropy.In the example shown in , all traffic from BFR1 towards BFR10 is
intended to be ECMP load-split equally across the topology. This
example is not meant as a likely setup; rather, it illustrates that ECMP can
be used to share BPs not only across link bundles but also across
alternative paths across different transit BFRs, and it explains
the use of the seed parameter.Note that for the following discussion of ECMP, only the BIFT ECMP()
adjacencies on BFR1, BFR2, and BFR3 are relevant. The reuse of BPs across
BFRs in this example is further explained in
below. With the ECMP setup shown in the topology above, traffic would not be
equally load-split. Instead, links L22 and L31 would see no traffic
at all: BFR2 will only see traffic from BFR1, for which the ECMP
hash in BFR1 selected the first adjacency in the list of two adjacencies
given as parameters to the ECMP: link L11-to-BFR2. BFR2 again performs
ECMP with two adjacencies on that subset of traffic using the same
seed1 and will therefore again select the first of its two adjacencies:
L21-to-BFR4. Therefore, L22 and BFR5 see no traffic (likewise for
L31 and BFR6).This issue in BFR2/BFR3 is called "polarization". It results from the
reuse of the same hash function across multiple consecutive hops in
topologies like these. To resolve this issue, the ECMP() adjacency on BFR1
can be set up with a different seed2 than the ECMP() adjacencies on BFR2/BFR3.
BFR2/BFR3 can use the same hash because packets will not sequentially
pass across both of them. Therefore, they can also use the same BP (i.e., 0:7).Note that ECMP solutions outside of BIER often hide the
seed by auto-selecting it from local entropy such as unique local or
next-hop identifiers. Allowing the BIER-TE controller to explicitly set the seed gives
the BIER-TE controller the ability to control the selection of the same path or different paths across multiple
consecutive ECMP hops.Forward Routed AdjacenciesReducing Bit PositionsForward_routed() adjacencies can reduce the number of bit positions
required when the path steering requirement is not hop-by-hop
explicit path selection but rather is loose-hop selection. Forward_routed() adjacencies
can also permit BIER-TE operation across intermediate-hop routers
that do not support BIER-TE.Assume that the requirement in is to explicitly steer
traffic flows that have arrived at BFR1 or BFR4 via a path
in the routing underlay "Network Area 1" to one of the following next three
segments: (1) BFR2 via link L1, (2) BFR2 via link L2, or (3) via BFR3 and then
not caring whether the packet is forwarded via L3 or L4.To enable this, both BFR1 and BFR4 are set up with a forward_routed()
adjacency bit position towards an address of BFR2 on link L1, another
forward_routed() bit position towards an address of BFR2 on link L2, and a third
forward_routed() bit position towards a node address LO of BFR3.Supporting Nodes without BIER-TEForward_routed() adjacencies also enable incremental deployment of BIER-TE.
Only the nodes through which BIER-TE traffic needs to be steered --
with or without replication -- need to support BIER-TE. Where
they are not directly connected to each other, forward_routed()
adjacencies are used to pass over nodes that are not BIER-TE enabled.Reuse of Bit Positions (without DNC)BPs can be reused across multiple BFRs to minimize the number
of BPs needed. This happens when adjacencies on multiple BFRs use the DNC
flag as described above, but it can also be done for non-DNC adjacencies.
This section only discusses this non-DNC case.Because a given BP is cleared when passing a BFR with an adjacency for that
BP, reusing BPs across multiple BFRs does not introduce any problems
with duplicates or loops that do not also exist when every adjacency has
a unique BP. Instead, the challenge when reusing BPs is whether the desired
Tree Engineering goals can still be achieved.A BP cannot be reused across two BFRs that would need to be passed
sequentially for some path: the first BFR will clear the BP, so those
paths cannot be built. A BP can be set across BFRs that would only occur across
(A) different paths or (B) different branches of the same tree.An example of (A) was given in ,
where BP 0:7, BP 0:8, and BP 0:9 are each reused across multiple BFRs because
a single packet/path would never be able to reach more than one BFR
sharing the same BP.Assume that the example was changed: BFR1 has no ECMP() adjacency for BP 0:6
but instead has BP 0:5 with forward_connected() to BFR2 and BP 0:6 with
forward_connected() to BFR3. Packets with both BP 0:5 and BP 0:6 would
now be able to reach both BFR2 and BFR3, and the still-existing reuse
of BP 0:7 between BFR2 and BFR3 is a case of (B) where reusing a BP
is perfect because it does not limit the set of useful path choices, as in the following example.If instead of reusing BP 0:7 BFR3 used a separate BP 0:10 for its
ECMP() adjacency, no useful additional path steering options would be enabled.
If duplicates at BFR10 were undesirable, this would be done by not
setting BP 0:5 and BP 0:6 for the same packet. If the duplicates were
desirable (e.g., resilient transmission), the additional BP 0:10
would also not render additional value.Reuse may also save BPs in larger topologies. Consider the topology
shown in .A BFIR/sender (e.g., video headend) is attached to area 1,
and the five areas 2...6 contain receivers/BFERs. Assume that each area has a distribution
ring, each with two BPs to indicate the direction (as explained before).
These two BPs could be reused across the five areas. Packets would be replicated
through other BPs from the core to the desired subset of areas, and once a packet copy
reaches the ring of the area, the two ring BPs come into play. This reuse is
a case of (B), but it limits the topology choices: packets
can only flow around the same direction in the rings of all areas. This may or may not
be acceptable based on the desired path steering options: if resilient
transmission is the path engineering goal, then it is likely a good
optimization; however, if the bandwidth of each ring were to be optimized separately,
it would not be a good limitation.Summary of BP OptimizationsIn this section, we reviewed a range of techniques by which a BIER-TE controller can create
a BIER-TE topology in a way that minimizes the number of necessary BPs.Without any optimization, a BIER-TE controller would attempt to map the network
subnet topology 1:1 into the BIER-TE topology, every adjacent
neighbor in the subnet would require a forward_connected() BP, and every BFER would require a local_decap() BP.The optimizations described in this document are then as follows:
P2P links require only one BP ().
All leaf BFERs can share a single local_decap() BP ().
A LAN with N BFRs needs at most N BPs (one for each BFR). It only needs one BP for all those BFRs that are not redundantly connected to multiple LANs ().
A hub with P2P connections to multiple non-leaf BFER spokes can share one BP with all of the spokes if traffic can be flooded to all of those spokes, e.g., because of no bandwidth concerns or dense receiver sets ().
Rings of BFRs can be built with just two BPs (one for each direction), except for BFRs with multiple ring connections -- similar to LANs ().
ECMP() adjacencies to N neighbors can replace N BPs with one BP. Multihop ECMP can avoid polarization through different seeds of the ECMP algorithm ().
Forward_routed() adjacencies permit "tunneling" across routers that are either BIER-TE capable or not BIER-TE capable where no traffic steering or replications are required ().
A BP can generally be reused across a set of nodes where it can be guaranteed that no path will
ever need to traverse more than one node of the set. Depending on the scenario, this may limit the feasible path steering options ().
Note that this list of optimizations is not exhaustive. Further optimizations of BPs are possible, especially when both the set of required path steering choices and the possible subsets of BFERs that should be able to receive traffic are limited. The hub-and-spoke optimization is a simple example of such traffic-pattern-dependent optimizations.Avoiding Duplicates and LoopsLoopsWhenever BIER-TE creates a copy of a packet, the BitString of
that copy will have all bit positions cleared that are associated
with adjacencies on the BFR. This prevents packets from looping.
The only exceptions are adjacencies with DNC set.With DNC set, looping can happen. Consider in
that link L4 from BFR3 is (inadvertently) plugged into the L1 interface of
BFRa (instead of BFR2). This creates a loop where the ring's clockwise bit position is
never cleared for copies of the packets traveling clockwise
around the ring.To inhibit looping in the face of such physical misconfiguration,
only forward_connected() adjacencies are permitted to have DNC set,
and the link layer port unique unicast destination address of the adjacency (e.g., "Media Access Control" (MAC) address)
protects against closing the loop. Link layers without port unique
link layer addresses should not be used with the DNC flag set.DuplicatesDuplicates happen when the graph expressed by a BitString is not a
tree but is redundantly connecting BFRs with each other. In ,
a BitString of p2,p3,p4,p5 would result in duplicate packets arriving on BFER4.
The BIER-TE controller must therefore ensure that only BitStrings that are trees are created.When links are incorrectly physically reconnected before the
BIER-TE controller updates BitStrings in BFIRs, duplicates can happen.
Like loops, these can be inhibited by link layer addressing
in forward_connected() adjacencies.If interface or loopback addresses used in forward_routed() adjacencies
are moved from one BFR to another, duplicates are equally likely to happen.
Such readdressing operations must be coordinated with the BIER-TE controller.Managing SIs, Subdomains, and BFR-idsWhen the number of bits required to represent the necessary hops
in the topology and BFERs exceeds the supported "BitStringLength" (BSL),
multiple SIs and/or subdomains must be used. This section discusses how this is done.BIER-TE forwarding does not require the concept of BFR-ids, but routing
underlay, flow overlay, and BIER headers may. This section also discusses
how BFR-ids can be assigned to BFIRs/BFERs for BIER-TE.Why SIs and Subdomains?For (non-TE) BIER and BIER-TE forwarding, the most important result of using multiple
SIs and/or subdomains is the same: multicast flow overlay packets that need to be sent to BFERs in
different SIs or subdomains require multiple BIER packets, each one with a
BitString for a different (SI,subdomain) combination. Each such BitString uses
one BSL-sized SI block in the BIFT of the subdomain. We call this
a BIFT:SI (block).SIs and subdomains have different purposes in the BIER architecture
and also the BIER-TE architecture. This impacts how operators manage them and
especially how flow overlays will likely use them.By default, every possible BFIR/BFER in a BIER network would likely be given
a BFR-id in subdomain 0 (unless there are > 64k BFIRs/BFERs). If there are different flow services (or service instances) requiring replication
to different subsets of BFERs, then it will likely not be possible to achieve
the best replication efficiency for all of these service instances via subdomain 0.
Ideal replication efficiency for N BFERs exists in a subdomain if they are
split over no more than ceiling(N/BitStringLength) SIs.If service instances justify additional BIER:SI state in the network, additional
subdomains will be used: BFIRs/BFERs are assigned BFR-ids in those subdomains,
and each service instance is configured to use the most appropriate subdomain.
This results in improved replication efficiency for different services.Even if creation of subdomains and assignment of BFR-ids to BFIRs/BFERs in those
subdomains is automated, it is not expected that individual
service instances can deal with BFERs in different subdomains. A service
instance may only support configuration of a single subdomain it should rely on.To be able to easily reuse (and modify as little as possible) existing
BIER procedures (including flow overlay and routing underlay), when BIER-TE
forwarding is added, we therefore reuse SIs and subdomains logically in the
same way as they are used in BIER: all necessary BFIRs/BFERs for a service use
a single BIER-TE BIFT and are split across as many SIs as necessary (see ).
Different services may use different subdomains that primarily exist to
provide more efficient replication (and, for BIER-TE, desirable path steering)
for different subsets of BFIRs/BFERs.Assigning Bits for the BIER-TE TopologyIn BIER, BitStrings only need to carry bits for BFERs; this leads to the
model where BFR-ids map 1:1 to each bit in a BitString.In BIER-TE, BitStrings need to carry bits to indicate not only the receiving
BFER but also the intermediate hops/links across which the packet must be sent.
The maximum number of BFERs that can be supported in a single BitString or BIFT:SI
depends on the number of bits necessary to represent the desired topology between
them."Desired" topology means that it depends on the physical topology and
the operator's desire to
permit explicit path steering across
every single hop (which requires more bits), or
reduce the number of required
bits by exploiting optimizations such as unicast (forward_routed()), ECMP(), or flood
(DNC) over "uninteresting" sub-parts of the topology, e.g., parts where, for path steering reasons, different trees do not need to take different paths.
The total number of bits to describe the topology vs. the number of BFERs in a BIFT:SI can
range widely based on the size of the topology and the amount of alternative paths
in it. In a BIER-TE topology crafted by a BIER-TE expert, the higher the percentage of non-BFER bits, the higher the likelihood that those topology
bits are not just BIER-TE overhead without additional benefit but instead
will allow the expression of desirable path steering alternatives.Assigning BFR-ids with BIER-TEBIER-TE forwarding does not use BFR-ids, nor does it require that
the BFIR-id field of the BIER header be set to a particular value.
However, other parts of a BIER-TE deployment may need a BFR-id -- specifically,
multicast flow overlay signaling and multicast flow overlay packet disposition;
in that case, BFRs need to also have BFR-ids for BIER-TE SDs.For example, for BIER overlay signaling, BFIRs need to have a BFR-id, because this
BFIR BFR-id is carried in the BFIR-id field of the BIER header to indicate
to the overlay signaling on the receiving BFER which BFIR originated the packet.In BIER, BFR-id = SI * BSL + BP, such that the SI and BP of a BFER
can be calculated from the BFR-id and vice versa. This also means
that every BFR with a BFR-id has a reserved BP in an SI, even if
that is not necessary for BIER forwarding, because the BFR may
never be a BFER (i.e., will only be a BFIR).In BIER-TE, for a non-leaf BFER, there is usually a single BP for that BFER with a
local_decap() adjacency on the BFER. The BFR-id for such a BFER can therefore
be determined using the same procedure as that used for (non-TE) BIER: BFR-id = SI * BSL + BP.As explained in , leaf BFERs do not need such
a unique local_decap() adjacency. Likewise, BFIRs that are not also BFERs
may not have a unique local_decap() adjacency either. For all those BFIRs
and (leaf) BFERs, the controller needs to determine unique BFR-ids that
do not collide with the BFR-ids derived from the non-leaf BFER local_decap() BPs.While this document defines no requirements on how to allocate such BFR-ids,
a simple option is to derive it from the (SI,BP) of an adjacency that is
unique to the BFR in question. For a BFIR, this can be the first adjacency that is
only populated on this BFIR; for a leaf BFER, this could be the first BP
with an adjacency towards that BFER.Mapping from BFRs to BitStrings with BIER-TEIn BIER, applications of the flow overlay on a BFIR can calculate the (SI,BP) of a
BFER from the BFR-id of the BFER and can therefore easily determine the BitStrings
for a BIER packet to a set of BFERs with known BFR-ids.In BIER-TE, this mapping needs to be equally supported for flow overlays.
This section outlines two core options, based on what type of Tree Engineering
the BIER-TE controller needs to perform for a particular application.
"Independent branches":
For a given flow overlay instance, the branches
from a BFIR to every BFER are calculated by the BIER-TE controller to be
independent of the branches to any other BFER. Shortest path trees are the most common
examples of trees with independent branches.
"Interdependent branches":
When a BFER is added to or deleted from a particular
distribution tree, the BIER-TE controller has to recalculate the branches to other BFERs,
because they may need to change. Steiner trees are examples of interdependent branch trees.
If "independent branches" are used, the BIER-TE controller
can signal to the BFIR flow overlay for every BFER an SI:BitString that
represents the branch to that BFER. The flow overlay on the BFIR can then, independently
of the controller, calculate the SI:BitString for all desired BFERs by ORing their BitStrings.
This allows flow overlay applications to operate independently of the controller
whenever they need to determine which subset of BFERs needs to receive a particular packet.If "interdependent branches" are required, an application would need to query
the SI:BitString for a given set of BFERs whenever the set changes.Note that in either case (unlike the scenario for BIER), the bits may need to
change upon link/node failure/recovery, network expansion, or network resource consumption
by other traffic as part of achieving Traffic Engineering goals (e.g., reoptimization of
lower-priority traffic flows). Interactions between such BFIR applications and the BIER-TE controller
do therefore need to support dynamic updates to the SIs:BitStrings.Communications between the BFIR flow overlay and the BIER-TE controller
require some way to identify the BFERs. If BFR-ids are used in the deployment, as
outlined in , then those are the "natural" BFR-ids. If
BFR-ids are not used, then any other unique identifier, such as a BFR's BFR-prefix
, could be used.Assigning BFR-ids for BIER-TEIt is not currently determined if a single subdomain could or should be
allowed to forward both (non-TE) BIER and BIER-TE packets. If this should be
supported, there are two options:
BIER and BIER-TE have different BFR-ids in the same subdomain. This allows higher replication efficiency for BIER because the BIER BFR-ids can be assigned
sequentially, while the BitStrings for BIER-TE will also have to assign the additional
bits for the topology adjacencies. There is no relationship between a BFR BIER BFR-id and its
BIER-TE BFR-id.
BIER and BIER-TE share the same BFR-id. The BFR-ids are assigned as explained
above for BIER-TE and simply reused for BIER. The replication efficiency for BIER will
be as low as that for BIER-TE in this approach.
Example Bit AllocationsWith BIERConsider a network setup with a BSL of 256 for a network
topology as shown in . The network has six areas, each with
170 BFERs, connecting via a core with four (core) BFRs. To address all BFERs with BIER,
four SIs are required. To send a BIER
packet to all BFERs in the network, four copies need to be sent by the BFIR. On the
BFIR, it does not matter how the BFR-ids are allocated to BFERs
in the network, but it does matter for efficiency further down in the network.With random allocation of BFR-ids to BFERs, each receiving area would (most likely)
have to receive all four copies of the BIER packet because there would be
BFR-ids for each of the four SIs in each of the areas. Only further towards each
BFER would this duplication subside -- when each of the four trees runs out of
branches.If BFR-ids are allocated intelligently, then all the BFERs in an area
would be given BFR-ids with as few different SIs as possible.
Each area would only have to forward one or two packets instead of four.Given how networks can grow over time, replication efficiency in an area
will then also go down over time when BFR-ids are only allocated sequentially, network wide.
An area that initially only has BFR-ids in one SI
might end up with many SIs over a longer period of growth. Allocating SIs
to areas that initially have sufficiently many spare bits for growth can help
alleviate this issue. Alternatively, BFERs can be renumbered after network expansion. In
this example, one may consider using six SIs and assigning one to each area.This example shows that intelligent BFR-id allocation within at least
subdomain 0 can be helpful or even necessary in BIER.With BIER-TEIn BIER-TE, one needs to determine a subset of the physical topology
and attached BFERs so that the "desired" representation of this topology
and the BFERs fit into a single BitString. This process needs to be
repeated until the whole topology is covered.Once bits/SIs are assigned to the topology and BFERs, BFR-ids are just a derived
set of identifiers from the operator / BIER-TE controller as explained above.Whenever different subtopologies have overlap, bits need to
be repeated across the BitStrings, increasing the overall amount of bits
required across all BitStrings/SIs. In the worst case, one assigns random subsets of BFERs
to different SIs. This will result in an outcome much worse than in (non-TE) BIER: it
maximizes the amount of unnecessary topology overlap across SIs and therefore
reduces the number of BFERs that can be reached across each individual SI.
Intelligent BFER-to-SI assignment and selecting specific "desired" subtopologies can
minimize this problem.To set up BIER-TE efficiently for the topology shown in , the following bit
allocation method can be used. This method can easily be expanded to
other, similarly structured larger topologies.Each area is allocated one or more SIs, depending on the number of future
expected BFERs and the number of bits required for the topology in the area.
In this example, six SIs are used, one per area.In addition, we use four bits in each SI:
bia:
(b)it (i)ngress (a)
bib:
(b)it (i)ngress (b)
bea:
(b)it (e)gress (a)
beb:
(b)it (e)gress (b)
These bits will be used to pass BIER
packets from any BFIR via any combination of ingress area a/b BFRs and egress area
a/b BFRs into a specific target area. These bits are then set up with the right
forward_routed() adjacencies on the BFIRs and area edge BFRs as follows.On all BFIRs in an area, j|j=1...6, bia in each BIFT:SI is populated with the same
forward_routed(BFRja) and bib with forward_routed(BFRjb). On all area
edge BFRs, bea in BIFT:SI=k|k=1...6 is populated with forward_routed(BFRka) and
beb in BIFT:SI=k with forward_routed(BFRkb).For BIER-TE forwarding of a packet to a subset of BFERs across all areas,
a BFIR would create at most six copies, with SI=1...SI=6. In each packet,
the BitString includes bits for one area and the BFERs in that area, plus the four bits
to indicate whether to pass this packet via the ingress area a or b border BFR
and the egress area a or b border BFR, therefore allowing path steering
for those two "unicast" legs: 1) BFIR to ingress area edge and 2) core to egress
area edge. Replication only happens inside the egress areas. For BFERs that are in the
same area as the BFIR, these four bits are not used.SummaryBIER-TE can, like BIER, support multiple SIs within a subdomain. This allows
application of the mapping BFR-id = SI * BSL + BP. This also permits the reuse of
the BIER architecture concept of BFR-ids and, therefore, minimization of BIER-TE-specific functions in possible
BIER layer control plane mechanisms with BIER-TE, including flow overlay methods and BIER header fields.The number of BFIRs/BFERs possible in a subdomain is smaller than in BIER
because BIER-TE uses additional bits for the topology.Subdomains in BIER-TE can be used as they are in BIER to create more efficient
replication to known subsets of BFERs.Assigning bits for BFERs intelligently into the right SI is more important in
BIER-TE than in BIER because of replication efficiency and the overall amount of
bits required.Security ConsiderationsIf "" is used, its security considerations also apply to BIER-TE.The security considerations of "" also apply to BIER-TE, with
the following overriding or additional considerations.BIER-TE forwarding explicitly supports unicast "tunneling" of BIER packets via forward_routed()
adjacencies. The BIER domain security model is based on a subset of interfaces on a BFR
that connect to other BFRs of the same BIER domain. For BIER-TE, this security model equally applies
to such unicast "tunneled" BIER packets. This not only includes the need to filter
received unicast "tunneled" BIER packets to prohibit the injection of such "tunneled" BIER
packets from outside the BIER domain but also the need to prohibit forward_routed() adjacencies
from leaking BIER packets from the BIER domain. It SHOULD be possible to configure
interfaces to be part of a BIER domain solely for sending and receiving unicast
"tunneled" BIER packets even if the interface cannot send/receive BIER encapsulated packets.In BIER, the standardized methods for the routing underlays are IGPs
with extensions to distribute BFR-ids and BFR-prefixes.
specifies the extensions for IS-IS, and specifies the extensions for OSPF.
Attacking the protocols for the BIER routing underlay or (non-TE) BIER layer control
plane, or the impairment of any BFRs in a domain, may lead to successful attacks
against the information that BIER-TE learns from the routing protocol (routes, next hops, BFR-ids, ...), enabling DoS attacks against
paths or the addressing (BFR-ids, BFR-prefixes) used by BIER.The reference model for the BIER-TE layer control plane is a BIER-TE controller.
When such a controller is used, the impairment of an individual BFR in a domain causes
no impairment of the BIER-TE control plane on other BFRs. If a routing
protocol is used to support forward_routed() adjacencies, then this is still an
attack vector as in BIER, but only for BIER-TE forward_routed() adjacencies and
not other adjacencies.Whereas IGP routing protocols are most often not well secured through
cryptographic authentication and confidentiality, communications between controllers and routers such as those
to be considered for the BIER-TE controller / control plane can be, and are, much more commonly
secured with those security properties -- for example, by using "Secure Shell" (SSH) for NETCONF ; or via "Transport Layer Security" (TLS), such as for PCEP or for NETCONF. BIER-TE controllers SHOULD use security equal to or better than these mechanisms.When any of these security mechanisms/protocols are used for communications
between a BIER-TE controller and BFRs, their security considerations apply to BIER-TE.
In addition, the security considerations of "" apply.The most important attack vector in BIER-TE is misconfiguration,
either on the BFRs themselves or via the BIER-TE controller.
Forwarding entries with DNC could be set up to create persistent loops, in which
packets only expire because of TTL. To minimize the impact of such attacks
(or, more likely, unintentional misconfiguration by operators and/or bad BIER-TE controller software),
the BIER-TE forwarding rules are defined to be as strict in clearing
bits as possible. The clearing of all bits with an adjacency on
a BFR prohibits a looping packet from creating additional packet amplification
through the misconfigured loop on the packet's second time or subsequent times around the
loop, because all relevant adjacency bits would have been cleared on the first round
through the loop. As a result, looping packets can occur in BIER-TE to the same degree
as is possible with unintentional or malicious loops in the routing underlay with BIER, or even with unicast traffic.Deployments where BIER-TE would likely be beneficial
may include operational models where actual configuration changes
from the controller are only required during non-production phases of
the network's life cycle, e.g., in embedded networks or in manufacturing
networks during such activities as plant reworking or repairs. In these
types of deployments, configuration changes could be locked out when the
network is in production state and could only be (re-)enabled through
reverting the network/installation to non-production state. Such
security designs would not only allow a deployment to provide additional layers
of protection against configuration attacks but would, first and foremost,
protect the active production process from such configuration attacks.IANA ConsiderationsThis document has no IANA actions.ReferencesNormative ReferencesKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.Multicast Using Bit Index Explicit Replication (BIER)This document specifies a new architecture for the forwarding of multicast data packets. It provides optimal forwarding of multicast packets through a "multicast domain". However, it does not require a protocol for explicitly building multicast distribution trees, nor does it require intermediate nodes to maintain any per-flow state. This architecture is known as "Bit Index Explicit Replication" (BIER). When a multicast data packet enters the domain, the ingress router determines the set of egress routers to which the packet needs to be sent. The ingress router then encapsulates the packet in a BIER header. The BIER header contains a bit string in which each bit represents exactly one egress router in the domain; to forward the packet to a given set of egress routers, the bits corresponding to those routers are set in the BIER header. The procedures for forwarding a packet based on its BIER header are specified in this document. Elimination of the per-flow state and the explicit tree-building protocols results in a considerable simplification.Encapsulation for Bit Index Explicit Replication (BIER) in MPLS and Non-MPLS NetworksBit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "multicast domain", without requiring intermediate routers to maintain any per-flow state or to engage in an explicit tree-building protocol. When a multicast data packet enters the domain, the ingress router determines the set of egress routers to which the packet needs to be sent. The ingress router then encapsulates the packet in a BIER header. The BIER header contains a bit string in which each bit represents exactly one egress router in the domain; to forward the packet to a given set of egress routers, the bits corresponding to those routers are set in the BIER header. The details of the encapsulation depend on the type of network used to realize the multicast domain. This document specifies a BIER encapsulation that can be used in an MPLS network or, with slight differences, in a non-MPLS network.Informative ReferencesApplicability of BIER Multicast Overlay for Adaptive Streaming ServicesHuawei Technologies Duesseldorf GmbHInterDigital Communications, LLCInterDigital Communications, LLCFuturewei Technologies Inc.Work in ProgressProtection Methods for BIER-TEHuawei USA - Futurewei Technologies Inc.Bouygues TelecomUniversity of TuebingenUniversity of TuebingenWork in ProgressA YANG data model for Tree Engineering for Bit Index Explicit Replication (BIER-TE)ZTE CorporationIndividualZTE CorporationIndividualJuniper networksChina TelecomWork in ProgressSpace/time trade-offs in hash coding with allowable errorsComm. ACM 13(7):422-6Constrained-Cast: Source-Routed Multicast for RPLUniversität Bremen TZIUniversität Bremen TZIUniversität Bremen TZIHuawei Technologies This specification defines a protocol for forwarding multicast
traffic in a constrained node network employing the RPL routing
protocol in non-storing mode.
Work in ProgressStateless multicast switching in software defined networksIEEE International Conference on Communications (ICC), Kuala Lumpur, MalaysiaAn Optional Encoding of the BIFT-id Field in the non-MPLS BIER EncapsulationWork in ProgressRate-Controlled Service DisciplinesJournal of High Speed Networks, Volume 3, Issue 4, pp. 389-412The Secure Shell (SSH) Transport Layer ProtocolThe Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol. [STANDARDS-TRACK]BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol designed for TCP/IP internets. Typically, all BGP speakers within a single AS must be fully meshed so that any external routing information must be re-distributed to all other routers within that Autonomous System (AS). This represents a serious scaling problem that has been well documented with several alternatives proposed.This document describes the use and design of a method known as "route reflection" to alleviate the need for "full mesh" Internal BGP (IBGP).This document obsoletes RFC 2796 and RFC 1966. [STANDARDS-TRACK]A Path Computation Element (PCE)-Based ArchitectureConstraint-based path computation is a fundamental building block for traffic engineering systems such as Multiprotocol Label Switching (MPLS) and Generalized Multiprotocol Label Switching (GMPLS) networks. Path computation in large, multi-domain, multi-region, or multi-layer networks is complex and may require special computational components and cooperation between the different network domains.This document specifies the architecture for a Path Computation Element (PCE)-based model to address this problem space. This document does not attempt to provide a detailed description of all the architectural components, but rather it describes a set of building blocks for the PCE architecture from which solutions may be constructed. This memo provides information for the Internet community.Path Computation Element (PCE) Communication Protocol (PCEP)This document specifies the Path Computation Element (PCE) Communication Protocol (PCEP) for communications between a Path Computation Client (PCC) and a PCE, or between two PCEs. Such interactions include path computation requests and path computation replies as well as notifications of specific states related to the use of a PCE in the context of Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering. PCEP is designed to be flexible and extensible so as to easily allow for the addition of further messages and objects, should further requirements be expressed in the future. [STANDARDS-TRACK]Network Configuration Protocol (NETCONF)The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]Using the NETCONF Protocol over Secure Shell (SSH)This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK]Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 AuthenticationThe Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. This document describes how to use the Transport Layer Security (TLS) protocol with mutual X.509 authentication to secure the exchange of NETCONF messages. This revision of RFC 5539 documents the new message framing used by NETCONF 1.1 and it obsoletes RFC 5539.North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGPIn a number of environments, a component external to a network is called upon to perform computations based on the network topology and current state of the connections within the network, including Traffic Engineering (TE) information. This is information typically distributed by IGP routing protocols within the network.This document describes a mechanism by which link-state and TE information can be collected from networks and shared with external components using the BGP routing protocol. This is achieved using a new BGP Network Layer Reachability Information (NLRI) encoding format. The mechanism is applicable to physical and virtual IGP links. The mechanism described is subject to policy control.Applications of this technique include Application-Layer Traffic Optimization (ALTO) servers and Path Computation Elements (PCEs).The YANG 1.1 Data Modeling LanguageYANG is a data modeling language used to model configuration data, state data, Remote Procedure Calls, and notifications for network management protocols. This document describes the syntax and semantics of version 1.1 of the YANG language. YANG version 1.1 is a maintenance release of the YANG language, addressing ambiguities and defects in the original specification. There are a small number of backward incompatibilities from YANG version 1. This document also specifies the YANG mappings to the Network Configuration Protocol (NETCONF).Ingress Replication Tunnels in Multicast VPNRFCs 6513, 6514, and other RFCs describe procedures by which a Service Provider may offer Multicast VPN (MVPN) service to its customers. These procedures create point-to-multipoint (P2MP) or multipoint-to-multipoint (MP2MP) trees across the Service Provider's backbone. One type of P2MP tree that may be used is known as an "Ingress Replication (IR) tunnel". In an IR tunnel, a parent node need not be directly connected to its child nodes. When a parent node has to send a multicast data packet to its n child nodes, it does not use Layer 2 multicast, IP multicast, or MPLS multicast to do so. Rather, it makes n individual copies, and then unicasts each copy, through an IP or MPLS unicast tunnel, to exactly one child node. While the prior MVPN specifications allow the use of IR tunnels, those specifications are not always very clear or explicit about how the MVPN protocol elements and procedures are applied to IR tunnels. This document updates RFCs 6513 and 6514 by adding additional details that are specific to the use of IR tunnels.RESTCONF ProtocolThis document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)The Path Computation Element Communication Protocol (PCEP) defines the mechanisms for the communication between a Path Computation Client (PCC) and a Path Computation Element (PCE), or among PCEs. This document describes PCEPS -- the usage of Transport Layer Security (TLS) to provide a secure transport for PCEP. The additional security mechanisms are provided by the transport protocol supporting PCEP; therefore, they do not affect the flexibility and extensibility of PCEP.This document updates RFC 5440 in regards to the PCEP initialization phase procedures.A YANG Data Model for Network TopologiesThis document defines an abstract (generic, or base) YANG data model for network/service topologies and inventories. The data model serves as a base model that is augmented with technology-specific details in other, more specific topology and inventory data models.Bit Index Explicit Replication (BIER) Support via IS-ISThis document defines IS-IS extensions to support multicast forwarding using the Bit Index Explicit Replication (BIER) architecture.Segment Routing ArchitectureSegment Routing (SR) leverages the source routing paradigm. A node steers a packet through an ordered list of instructions, called "segments". A segment can represent any instruction, topological or service based. A segment can have a semantic local to an SR node or global within an SR domain. SR provides a mechanism that allows a flow to be restricted to a specific topological path, while maintaining per-flow state only at the ingress node(s) to the SR domain.SR can be directly applied to the MPLS architecture with no change to the forwarding plane. A segment is encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels. The segment to process is on the top of the stack. Upon completion of a segment, the related label is popped from the stack.SR can be applied to the IPv6 architecture, with a new type of routing header. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address (DA) of the packet. The next active segment is indicated by a pointer in the new routing header.OSPFv2 Extensions for Bit Index Explicit Replication (BIER)Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast-related, per- flow state. BIER also does not require an explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a Bit-Forwarding Ingress Router (BFIR) and leaves the BIER domain at one or more Bit-Forwarding Egress Routers (BFERs). The BFIR adds a BIER packet header to the packet. The BIER packet header contains a BitString in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the set of bits in the BIER packet header.This document describes the OSPF protocol extension (from RFC 2328) that is required for BIER with MPLS encapsulation (which is defined in RFC 8296). Support for other encapsulation types and the use of multiple encapsulation types are outside the scope of this document.Multicast VPN Using Bit Index Explicit Replication (BIER)The Multicast Virtual Private Network (MVPN) specifications require the use of multicast tunnels ("P-tunnels") that traverse a service provider's backbone network. The P-tunnels are used for carrying multicast traffic across the backbone. A variety of P-tunnel types are supported. Bit Index Explicit Replication (BIER) is a new architecture that provides optimal multicast forwarding through a "multicast domain", without requiring intermediate routers to maintain any per-flow state or to engage in an explicit tree-building protocol. This document specifies the protocol and procedures that allow MVPN to use BIER as the method of carrying multicast traffic over a service provider's backbone network.Overview and Principles of Internet Traffic EngineeringWork in ProgressBIER-TE and Segment Routing (SR)SR aims to enable lightweight path steering
via loose source routing. For example, compared to its more heavyweight predecessor, RSVP-TE, SR does not require per-path signaling to each of these hops.BIER-TE supports the same design philosophy for multicast.
Like SR, BIER-TE
relies on source routing (via a BitString), and
only requires consideration of
the "hops" either (1) on which replication has to happen or (2) across which the
traffic should be steered (even without replication).
Any other hops can
be skipped via the use of routed adjacencies.BIER-TE "bit positions" (BPs) can be understood as the BIER-TE equivalent of
"forwarding segments" in SR, but they have a different scope than do forwarding
segments in SR. Whereas forwarding segments in SR are global or local, BPs in BIER-TE
have a scope that is comprised of one or more BFRs that have adjacencies for the BPs in
their BIFTs. These segments can be called "adjacency-scoped" forwarding segments.Adjacency scope could be global, but then every BFR would need an adjacency
for a given BP -- for example, a forward_routed() adjacency with encapsulation to
the global SR "Segment Identifier" (SID) of the destination. Such a BP would always result in ingress
replication, though (as in ). The first BFR encountering this BP would directly
replicate traffic on it. Only by using non-global adjacency scope for BPs can
traffic be steered and replicated on a non-BFIR.SR can naturally be combined with BIER-TE and can help optimize it. For example,
instead of defining bit positions for non-replicating hops, it is equally
possible to use SR encapsulations (e.g., SR-MPLS label stacks)
for the encapsulation of "forward_routed()" adjacencies.Note that (non-TE) BIER itself can also be seen as being similar to SR. BIER BPs act
as global destination Node-SIDs, and the BIER BitString is simply a highly optimized
mechanism to indicate multiple such SIDs and let the network take care of effectively
replicating the packet hop by hop to each destination Node-SID. BIER does not allow the
indication of intermediate hops or, in terms of SR, the ability to indicate a sequence of SIDs
to reach the destination. On the other hand, BIER-TE and its adjacency-scoped BPs provide these capabilities.AcknowledgementsThe authors would like to thank , , ,
, , , , , and for their reviews and suggestions. Special thanks to for shepherding this document. Special thanks also for IESG review/suggestions by (responsible AD/RTG), (SEC), (TSV), (TSV), (INT), (RTG), (OPS), (INT), (GEN), (SEC), (RTGDIR), (Gen-ART), (RTGDIR), and (TSV).Authors' AddressesFuturewei Technologies Inc.2330 Central ExpySanta Clara95050CAUnited States of Americatte@cs.fau.deUniversity of TuebingenGermanymenth@uni-tuebingen.deKOEVOOFrancegregory@koevoo.tech