Internet-Draft | PIM Join Attributes for LISP Mcast | September 2024 |
Govindan & Venaas | Expires 30 March 2025 | [Page] |
This document specifies an update to the PIM Receiver RLOC Join/Prune attribute that supports the construction of multicast distribution trees where the source and receivers are located in different Locator/ID Separation Protocol (LISP) sites and are connected using underlay IP Multicast. This attribute allows the receiver site to signal the underlay multicast group to the control plane of the root Ingress Tunnel Router (ITR). This document updates RFC 8059.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 30 March 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The construction of multicast distribution trees where the root and receivers are located in different LISP sites [RFC9300] is defined in [RFC6831].¶
[RFC6831] specifies that (root-EID, G) data packets are to be LISP- encapsulated into (root-RLOC, G) multicast packets. [RFC8059] defines PIM Join/Prune attribute extensions to construct multicast distribution trees. Please refer to Section 3 of [RFC6831] for the definition of the terms EID and RLOC. We use the term root-EID or root-RLOC to refer to the source of the multicast tree rooted at the EID or RLOC. This document extends the Receiver ETR RLOC PIM Join/Prune attribute [RFC8059] to facilitate the construction of underlay multicast trees for (root-RLOC, G).¶
Specifically, the assignment of the underlay multicast group needs to be done in consonance with the downstream xTR nodes needed to avoid unnecessary replication or traffic hairpinning.¶
Since the Receiver RLOC Attribute defined in [RFC8059] only addresses the Ingress Replication case, an extension of the scope of that PIM Join/Prune attribute is defined by this draft to include scenarios where the underlay uses Multicast transport. The scope extension proposed here complies with the base specification [RFC5384].¶
This document uses terminology defined in [RFC9300], such as EID, RLOC, ITR, and ETR.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
When LISP based Multicast trees are constructed using IP Multicast in the underlay, the mapping between the overlay group address and the underlay group address becomes a crucial engineering decision:¶
Three distinct types of overlay to underlay group mappings are possible: Many to one mapping: Many (root-EID, G) flows originating from an RLOC can be mapped to a single underlay multicast (root-RLOC, G-u) flow. One to many mapping: Conversely a single same overlay flow can be mapped to two or more flows, e.g., (root-RLOC, G-u1) and (root-RLOC, G-u2) to cater to the requirements of downstream xTR nodes. One to one mapping: Every (root-EID, G) flow is mapped to a unique (root-RLOC, G-u) flow.¶
Under certain conditions, different subsets of xTRs subscribing to the same overlay multicast stream may be constrained to use distinct underlay multicast mapping ranges.¶
This introduces a trade-off between replication overhead and the flexibility of address range assignment, which may be necessary in specific use-cases like Proxy Tunnel Routers or when using boxes with limited hardware resources as explained below:¶
No changes are proposed to the syntax or semantics of the Transport Attribute defined in RFC 8059 [RFC8059].¶
The scope of the updates to RFC 8059 [RFC8059] is limited to the case where the "Transport" field of the Transport Attribute is set to zero (Multicast) only.¶
The definition of the "Receiver RLOC" field of the Receiver ETR RLOC attribute RFC 8059 [RFC8059] is updated as follows:¶
The definitions of the other fields of the Receiver ETR RLOC Attribute remain unchanged.¶
When the ITR needs to track the list of ETRs from which the PIM joins are received, the ITR MUST use the source IP address field of the incoming PIM Join/Prune message. The source IP of the PIM Join/Prune MUST be an ETR RLOC IP address.¶
When the ETR determines to use the multicast underlay:¶
When the ITR receives a PIM Join/Prune message:¶
The authors would like to thank Dino Farinacci, Victor Moreno, Alvaro Retana, Aswin Kuppusami, Joe Clarke and Peter Yee for their valuable comments. The authors also thank Sankaralingam T and Amit Kumar for their contributions to the document. The authors thank Gunter van de Velde for his valuable comments.¶
No new requests to IANA.¶
An attack vector arises where an attacker sends numerous PIM Join messages with different group addresses. This could interfere with legitimate multicast traffic if the group addresses overlap. Additionally, resource exhaustion may occur if replication is requested for a large number of groups, potentially resulting in significant resource consumption. To mitigate these risks, PIM authentication mechanisms RFC 5796 [RFC5796] could be employed to validate join requests. Furthermore, implementations may consider explicit tracking mechanisms to manage joins more effectively. Configurable controls could be introduced, allowing for a maximum permissible number of groups for each ETR RLOC used as the source of overlay joins. These controls would limit the impact of such attacks and ensure that resource allocation is managed appropriately.¶