BFD StabilityAalyria Technologiesashesh@aalyria.comKloud ServicesCAUSAmjethanandani@gmail.comCiena Corporation3939 North 1st StreetSan JoseCA95134USAankurpsaxena@gmail.comwww.ciena.comVMwareBangaloreKarnataka560103Indiasantosh.pallagatti@gmail.comHuaweimach.chen@huawei.comThis document describes extensions to the Bidirectional Forwarding
Detection (BFD) protocol to measure BFD stability. Specifically, it
describes a mechanism for detection of BFD packet loss.The Bidirectional Forwarding Detection (BFD) protocol operates by transmitting and
receiving BFD control packets, generally at high frequency, over the
datapath being monitored. In order to prevent significant data loss due
to a datapath failure, BFD session detection time as defined in BFD is set to the smallest feasible value.This document proposes a mechanism to detect lost packets in a BFD
session in addition to the datapath fault detection mechanisms of BFD.
Such a mechanism presents significant value to measure the stability of
BFD sessions and provides data to the operators for the cause of a BFD
failure.This document does not propose any BFD extension to measure data
traffic loss or delay on a link or tunnel and the scope is limited to
BFD packets.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC
8174.The reader is expected to be familiar with the BFD , Optimizing BFD
Authentication and Meticulous Keyed
ISAAC for BFD Authentication.Bidirectional Forwarding Detection as defined in BFD cannot detect any BFD packet loss if the
loss does not last for detection time. This document proposes a method
to detect a dropped packet on the receiver. For example, if the receiver
receives BFD control packet k at time t but receives packet k+3 at time
t+10ms, and never receives packet k+1 and/or k+2, then it has
experienced a drop.This proposal enables BFD implementations to generate diagnostic
information on the health of each BFD session that could be used to
preempt a failure on a datapath that BFD was monitoring by allowing time
for a corrective action to be taken.In a faulty datapath scenario, an operator can use BFD health
information to trigger delay and loss measurement OAM protocol
(Connectivity Fault Management (CFM) or Loss Measurement (LM)-Delay
Measurement (DM)) to further isolate the issue.
The functionality proposed for BFD stability measurement is
achieved by configuring the 'stability' flag in the attached
YANG model in conjunction with any BFD Meticulous Authentication.
The NULL Authentication Type, defined here, can be used to provide a
meticulously increasing sequence number for stability measurement. It
provides none of the protections desired for authentication and is used
only to provide BFD stability services to BFD sessions that otherwise have
no authentication in use.If the Authentication Present (A) bit is set in the header, and the
Authentication Type field contains TBD, the Authentication section has the
following format:
where:
Auth Type: The Authentication Type, which in this case is TBD
(NULL, to be assigned by IANA, with a suggested value of 6).
Auth Len: The length of the NULL Auth Type, in bytes; i.e. 8 bytesAuth Key ID: The authentication key ID in use for this packet. Must
be set to zero and ignored on receipt.Reserved: This byte MUST be set to zero on transmit and ignored on
receipt.Sequence Number: The sequence number for this packet. This value is
incremented for each successive packet transmitted for a session.
Implementations will use sequence numbers (bfd.XmitAuthSeq) as defined in
BFD.If bfd.AuthSeqKnown is 0, bfd.AuthSeqKnown is set to 1, and
bfd.RcvAuthSeq is set to the value of the received Sequence Number
field.If bfd.AuthSeqKnown is 1, and the received Sequence Number field is not
equal to bfd.RcvAuthSeq + 1 (in a circular number space), then the loss
count is incremented by one and bfd.RcvAuthSeq is set to the received
Sequence Number.Unlike other authentication mechanisms defined for BFD that provide an
Auth Key/Digest field, when bfd.AuthSeqKnown is 1, the received Sequence
Number MUST NOT be compared vs. bfd.RcvAuthSeq for purposes of discarding
the BFD packets.
This mechanism allows operators to measure the loss of BFD
control packets.
When using MD5 or SHA authentication, BFD MUST use an
authentication type (bfd.AuthType) that is of type meticulous.
Other authentication types that provide for meticulously increasing
sequence numbers can also be used. This includes the NULL
authentication mechanism defined in this document or
Meticulous Keyed
ISAAC for BFD Authentication.
Loss measurement counts the number of BFD control packets
missed at the receiver during any Detection Time period. The
loss is detected by comparing the Sequence Number field in
successive BFD control packets. The Sequence Number in each
successive control packet generated on a BFD session by the
transmitter is incremented by one. This loss count can then
be exposed using the YANG module defined in the subsequent
section.
The first BFD authentication section with a non-zero
sequence number, in a valid BFD control packet, processed by
the receiver is used for bootstrapping the logic.
Some transmission mechanisms - for example, Link Aggregate Groups
(LAG), or Equal Cost Multipath (ECMP) - can result in out of order
packet delivery. In circumstances where BFD packets are not lost, but
are delivered out of order, strict comparison of increasing sequence
numbers may result in classifying the out of order packets as packet
loss.
Implementations MAY provide mechanisms wherein all expected packets
received across an expected interval but delivered out of order are
not considered lost packets.
This YANG module augments the "ietf-bfd" module to add a
flag 'stability' to enable this feature. The feature
statement 'stability' needs to be enabled to indicate that
BFD Stability is supported by the implementation. In
addition, a loss count per-session or lsp for BFD packets
that are lost has also been added in this model.
This YANG module imports Common YANG
Types, A YANG Data Model for
Routing, and YANG Data Model
for Bidirectional Forwading Detection (BFD).
file "ietf-bfd-stability@2024-10-07.yang"
module ietf-bfd-stability {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-bfd-stability";
prefix "bfds";
import ietf-yang-types {
prefix "yang";
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-routing {
prefix "rt";
reference
"RFC 8349: A YANG Data Model for Routing Management
(NMDA version)";
}
import ietf-bfd {
prefix bfd;
reference
"RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection.";
}
import ietf-bfd-ip-sh {
prefix bfd-ip-sh;
reference
"RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection.";
}
import ietf-bfd-ip-mh {
prefix bfd-ip-mh;
reference
"RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection.";
}
import ietf-bfd-lag {
prefix bfd-lag;
reference
"RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection.";
}
import ietf-bfd-mpls {
prefix bfd-mpls;
reference
"RFC 9314: YANG Data Model for Bidirectional
Forwarding Detection.";
}
import ietf-key-chain {
prefix key-chain;
reference
"RFC 8177: YANG Key Chain.";
}
organization
"IETF BFD Working Group";
contact
"WG Web:
WG List:
Authors: Mahesh Jethanandani (mjethanandani@gmail.com)
Ashesh Mishra (mishra.ashesh@gmail.com)
Ankur Saxena (ankurpsaxena@gmail.com)
Santosh Pallagatti (santosh.pallagati@gmail.com)
Mach Chen (mach.chen@huawei.com).";
description
"This YANG module augments the base BFD YANG model to add
attributes related to BFD Stability. In particular it adds a
a per session count for BFD packets that are lost.
Copyright (c) 2024 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
revision "2024-10-07" {
description
"Initial Version.";
reference
"RFC XXXX: BFD Stability.";
}
feature stability {
description
"If supported, the feature allows for BFD sessions to be
monitored for frames lost.";
}
identity null-auth {
base key-chain:crypto-algorithm;
description
"BFD Null Auth type defined in this draft.";
reference
"RFC XXXX: BFD Stability.";
}
grouping lost-packet-count {
leaf lost-packet-count {
if-feature "stability";
type yang:counter64;
description
"Number of BFD packets that were lost without bringing the
session down. This counter should be present only if
stability is configured.";
}
description
"Grouping of statistics related to BFD stability.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" +
"bfd-ip-sh:sessions/bfd-ip-sh:session" {
leaf stability {
if-feature "stability";
type boolean;
must "../bfd-ip-sh:authentication/bfd-ip-sh:meticulous = " +
"'true'";
default false;
description
"If set to true, this enables the BFD session to monitor
for stability; i.e., to watch how many frames are getting
dropped.";
}
description
"Augment the 'bfd' container to add attributes related to BFD
stability for IP Single Hop Sessions.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/" +
"bfd-ip-mh:session-groups/bfd-ip-mh:session-group" {
leaf stability {
if-feature "stability";
type boolean;
must "../bfd-ip-mh:authentication/bfd-ip-mh:meticulous = " +
"'true'";
default false;
description
"If set to true, this enables the BFD session to monitor
for stability; i.e., to watch how many frames are getting
dropped.";
}
description
"Augment the 'bfd' container to add attributes related to BFD
stability for Multi Hop Sessions.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" +
"bfd-lag:sessions/bfd-lag:session" {
leaf stability {
if-feature "stability";
type boolean;
must "../bfd-lag:authentication/bfd-lag:meticulous = " +
"'true'";
default false;
description
"If set to true, this enables the BFD session to monitor
for stability; i.e., to watch how many frames are getting
dropped.";
}
description
"Augment the 'bfd' container to add attributes related to BFD
stability for LAG session.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/" +
"bfd-mpls:session-groups/bfd-mpls:session-group" {
leaf stability {
if-feature "stability";
type boolean;
must "../bfd-mpls:authentication/bfd-mpls:meticulous = " +
"'true'";
default false;
description
"If set to true, this enables the BFD session to monitor
for stability; i.e., to watch how many frames are getting
dropped.";
}
description
"Augment the 'bfd' container to add attributes related to BFD
stability for MPLS.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh/" +
"bfd-ip-sh:sessions/bfd-ip-sh:session/" +
"bfd-ip-sh:session-statistics" {
uses lost-packet-count;
description
"Augment the 'bfd' container to add statistics related to BFD
stability for IP Single Hop Sessions.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-ip-mh:ip-mh/" +
"bfd-ip-mh:session-groups/bfd-ip-mh:session-group/" +
"bfd-ip-mh:sessions/bfd-ip-mh:session-statistics" {
uses lost-packet-count;
description
"Augment the 'bfd' container to add statistics related to BFD
stability for IP Multi Hop Sessions.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" +
"bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/" +
"bfd-lag:micro-bfd-ipv4/bfd-lag:session-statistics" {
uses lost-packet-count;
description
"Augment the 'bfd' container to add statistics related to BFD
stability for Micro BFD sessions for IPv4.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-lag:lag/" +
"bfd-lag:sessions/bfd-lag:session/bfd-lag:member-links/" +
"bfd-lag:micro-bfd-ipv6/bfd-lag:session-statistics" {
uses lost-packet-count;
description
"Augment the 'bfd' container to add statistics related to BFD
stability for Micro BFD sessions for IPv6.";
}
augment "/rt:routing/rt:control-plane-protocols/" +
"rt:control-plane-protocol/bfd:bfd/bfd-mpls:mpls/" +
"bfd-mpls:session-groups/bfd-mpls:session-group/" +
"bfd-mpls:sessions/bfd-mpls:session-statistics" {
uses lost-packet-count;
description
"Augment the 'bfd' container to add statistics related to BFD
stability for MPLS sessions.";
}
}
]]>
This document requests one new authentication type and
registers one URIs in the "ns" subregistry of the "IETF XML"
registry .
This document requests an update to the registry titled "BFD
Authentication Types". IANA is requested to assign a new
BFD AuthType:
NULL Auth Type, with a suggested value of 6.
Following the format in , the following
registrations are requested:This document registers one YANG modules in the "YANG Module Names"
registry . Following the format in , the following registrations are requested:The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such as
NETCONF or RESTCONF. The lowest NETCONF layer is the secure
transport layer, and the mandatory-to-implement secure transport is
Secure Shell (SSH). The lowest RESTCONF
layer is HTTPS, and the mandatory-to-implement secure transport is TLS. The NETCONF Access
Control Model (NACM) provides the means to restrict access for
particular NETCONF or RESTCONF users to a preconfigured subset of all
available NETCONF or RESTCONF protocol operations and content.
The YANG module does not define any
writeable/creatable/deletable data nodes that can have an
adverse impact on a BFD session.
The only readable data nodes in YANG module may be considered
sensitive or vulnerable in some network environments. It is
thus important to control read access (e.g., via get,
get-config, or notification) to these data nodes.
The model defines a read-only node to indicate the number of
packets that were lost. Access to this information may allow
a malicious user information on which links are experiencing
issues. In addition, and as stated in Out of Order Packets,
on links such as LAG or ECMP, there is a possibility of
packets being delivered out of order. A strict comparison of
increasing sequence numbers may result in classifying those
out of order packets as packet loss.
The YANG module does not define any RPC operations.Use of a BFD authentication mechanism that protects the BFD packets
is RECOMMENDED.The Security Considerations of for
unauthenticated BFD all apply to the new NULL authentication type.
The NULL Authentication type, defined in this document, provides none
of the properties desired for authenticating BFD packets. It is
intended to provide BFD sessions that otherwise would not use
authentication a sequence number that can be used for purposes of
detecting lost packets.The lack of a computed AuthKey/Digest over the BFD packet but the
presence of a Sequence Number makes this authentication type susceptible
to injection attacks. BFD without authentication is vulnerable to
session resets; the NULL Auth type does not change this.
When the NULL Authentication type is used for BFD Stability
purposes, maliciously injected packets that do not reset the
BFD session can resemble high packet loss. Sessions such as,
multi-hop routed paths, tunnels without authentication, or
MPLS LSP, therefore, have security guarantees that are
identical to situations where BFD is run without
authentication.
The authors of this document would like to acknowledge Jeff
Haas as a contributor to this document. Jeff played a role not
only as a shepherd but also actively contributed to the
improvement of the document. In addition, Manav Bhatia and
Peng Fang contributed to this document.
Authors would like to thank Nobo Akiya, Dileep Singh, Basil
Saji, Sagar Soni, Albert Fu and Mallik Mudigonda who also
contributed to this document.
This section tries to show some examples in how the model can
be configured for stability.
This example demonstrates how a Single Hop BFD session can
be configured to enable monitoring of a session for
stability.
bfd-stability-config"An example for BFD Stabalized configuration."
552017-01-01T00:00:00Z2017-02-01T00:00:00Z2016-12-31T23:59:55Z2017-02-01T00:00:05Zkc:sha-1eth0if-type:ethernetCsmacdbfd-types:bfdv1name:BFDeth02001:db8:0:113::10110000
10000
truebfd-stability-configtrue
]]>
This example demonstrates how to configure NULL Auth
to enable monitoring of a session for stability.
bfd-stability-config"An example for BFD Stability configuration."
552017-01-01T00:00:00Z2017-02-01T00:00:00Z2016-12-31T23:59:55Z2017-02-01T00:00:05Zstability:null-autheth0if-type:ethernetCsmacdbfd-types:bfdv1name:BFDeth02001:db8:0:113::10110000
10000
truebfd-stability-configtrue
]]>