Section 5 of [RFC8029] and Section 4.1 of [RFC6425], which apply to this document as well. RFC8029] to discover and exercise L2 ECMP paths to determine problematic member link(s) of a LAG. These on-demand diagnostic mechanisms are used by an operator within an MPLS control domain. [RFC8029] reviews the possible attacks and approaches to mitigate possible threats when using these mechanisms. To prevent leakage of vital information to untrusted users, a responder LSR MUST only accept MPLS echo request messages from designated trusted sources via filtering the source IP address field of received MPLS echo request messages. As noted in [RFC8029], spoofing attacks only have a small window of opportunity. If an intermediate node hijacks these messages (i.e., causes non-delivery), the use of these mechanisms will determine the data plane is not working as it should. Hijacking of a responder node such that it provides a legitimate reply would involve compromising the node itself and the MPLS control domain. [RFC5920] provides additional MPLS network-wide operation recommendations to avoid attacks. Please note that source IP address filtering provides only a weak form of access control and is not, in general, a reliable security mechanism. Nonetheless, it is required here in the absence of any more robust mechanisms that might be used.
IANA-MPLS-LSP-PING]. Type TLV Name Reference ----- -------- --------- 4 LSR Capability RFC 8611 RFC8126]. IANA-MPLS-LSP-PING]. Sub-Type Sub-TLV Name Reference -------- ------------ --------- 4 Local Interface Index RFC 8611
Assignments of Interface Index Flags are via Standards Action [RFC8126]. Note that this registry is used by the Interface Index Flags field of the following sub-TLVs: o The Local Interface Index Sub-TLV, which may be present in the Downstream Detailed Mapping TLV. o The Remote Interface Index Sub-TLV, which may be present in the Downstream Detailed Mapping TLV. o The Incoming Interface Index Sub-TLV, which may be present in the Detailed Interface and Label Stack TLV. IANA-MPLS-LSP-PING]. Sub-Type Sub-TLV Name Reference -------- ------------ --------- 5 Remote Interface Index RFC 8611 IANA-MPLS-LSP-PING]. Type TLV Name Reference ----- -------- --------- 6 Detailed Interface and Label Stack RFC 8611 RFC 8029 changed the registration procedures for TLV and sub-TLV registries for LSP Ping. IANA has created a new "Sub-TLVs for TLV Type 6" subregistry under the "TLVs" registry of the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters" registry [IANA-MPLS-LSP-PING].
This registry conforms with RFC 8029. The registration procedures for this sub-TLV registry are: Range Registration Procedure Note ----- ---------------------- ----- 0-16383 Standards Action This range is for mandatory TLVs or for optional TLVs that require an error message if not recognized. 16384-31743 RFC Required This range is for mandatory TLVs or for optional TLVs that require an error message if not recognized. 31744-32767 Private Use Not to be assigned 32768-49161 Standards Action This range is for optional TLVs that can be silently dropped if not recognized. 49162-64511 RFC Required This range is for optional TLVs that can be silently dropped if not recognized. 64512-65535 Private Use Not to be assigned The initial allocations for this registry are: Sub-Type Sub-TLV Name Reference Comment -------- ------------ --------- ------- 0 Reserved RFC 8611 1 Incoming Label Stack RFC 8611 2 Incoming Interface Index RFC 8611 3-31743 Unassigned 31744-32767 RFC 8611 Reserved for Private Use 32768-64511 Unassigned 64512-65535 RFC 8611 Reserved for Private Use Note: IETF does not prescribe how the Private Use sub-TLVs are handled; however, if a packet containing a sub-TLV from a Private Use ranges is received by an LSR that does not recognize the sub-TLV, an error message MAY be returned if the sub-TLV is from the range 31744-32767, and the packet SHOULD be silently dropped if it is from the range 64511-65535.
IANA-MPLS-LSP-PING]. Note: the "DS Flags" subregistry was created by [RFC8029]. Bit number Name Reference ---------- ---------------------------------------- --------- 3 G: LAG Description Indicator RFC 8611 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., Aldrin, S., and M. Chen, "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures", RFC 8029, DOI 10.17487/RFC8029, March 2017, <https://www.rfc-editor.org/info/rfc8029>. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[IANA-MPLS-LSP-PING] IANA, "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters", <https://www.iana.org/assignments/ mpls-lsp-ping-parameters/>. [IEEE802.1AX] IEEE, "IEEE Standard for Local and metropolitan area networks - Link Aggregation", IEEE Std. 802.1AX. [RFC5920] Fang, L., Ed., "Security Framework for MPLS and GMPLS Networks", RFC 5920, DOI 10.17487/RFC5920, July 2010, <https://www.rfc-editor.org/info/rfc5920>. [RFC6425] Saxena, S., Ed., Swallow, G., Ali, Z., Farrel, A., Yasukawa, S., and T. Nadeau, "Detecting Data-Plane Failures in Point-to-Multipoint MPLS - Extensions to LSP Ping", RFC 6425, DOI 10.17487/RFC6425, November 2011, <https://www.rfc-editor.org/info/rfc6425>. [RFC7439] George, W., Ed. and C. Pignataro, Ed., "Gap Analysis for Operating IPv6-Only MPLS Networks", RFC 7439, DOI 10.17487/RFC7439, January 2015, <https://www.rfc-editor.org/info/rfc7439>.