draft-ietf-forces-interop-09.txt   rfc6984.txt 
Internet Engineering Task Force W. Wang Internet Engineering Task Force (IETF) W. Wang
Internet-Draft Zhejiang Gongshang University Request for Comments: 6984 Zhejiang Gongshang University
Updates: 6053 (if approved) K. Ogawa Updates: 6053 K. Ogawa
Intended status: Informational NTT Corporation Category: Informational NTT Corporation
Expires: December 04, 2013 E.H. Haleplidis ISSN: 2070-1721 E. Haleplidis
University of Patras University of Patras
M. Gao M. Gao
Hangzhou BAUD Networks Hangzhou BAUD Networks
J. Hadi Salim J. Hadi Salim
Mojatatu Networks Mojatatu Networks
June 02, 2013 August 2013
Interoperability Report for Forwarding and Control Element Separation Interoperability Report
(ForCES) for Forwarding and Control Element Separation (ForCES)
draft-ietf-forces-interop-09
Abstract Abstract
This document captures results of the second Forwarding and Control This document captures the results of the second Forwarding and
Element Separation (ForCES) interoperability test which took place on Control Element Separation (ForCES) interoperability test that took
February 24-25, 2011 in the Internet Technology Lab (ITL) of Zhejiang place on February 24-25, 2011, in the Internet Technology Lab (ITL)
Gongshang University, China. RFC 6053 reported the results of the at Zhejiang Gongshang University, China. The results of the first
first ForCES interoperability test, and this document updates RFC ForCES interoperability test were reported in RFC 6053, and this
6053 by providing further interoperability results. document updates RFC 6053 by providing further interoperability
results.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
This Internet-Draft will expire on December 04, 2013. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6984.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. ForCES Protocol . . . . . . . . . . . . . . . . . . . . . 3 1.1. ForCES Protocol . . . . . . . . . . . . . . . . . . . . . 3
1.2. ForCES FE Model . . . . . . . . . . . . . . . . . . . . . 4 1.2. ForCES FE Model . . . . . . . . . . . . . . . . . . . . . 4
1.3. Transport Mapping Layer . . . . . . . . . . . . . . . . . 4 1.3. Transport Mapping Layer . . . . . . . . . . . . . . . . . 4
1.4. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4 1.4. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Date, Location, and Participants . . . . . . . . . . . . 4 2.1. Date, Location, and Participants . . . . . . . . . . . . . 4
2.2. Testbed Configuration . . . . . . . . . . . . . . . . . . 5 2.2. Testbed Configuration . . . . . . . . . . . . . . . . . . 5
2.2.1. Participants Access . . . . . . . . . . . . . . . . . 5 2.2.1. Participants' Access . . . . . . . . . . . . . . . . . 5
2.2.2. Testbed Configuration . . . . . . . . . . . . . . . . 6 2.2.2. Testbed Configuration . . . . . . . . . . . . . . . . 6
3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1. Scenario 1 - LFB Operation . . . . . . . . . . . . . . . 7 3.1. Scenario 1 - LFB Operation . . . . . . . . . . . . . . . . 7
3.2. Scenario 2 - TML with IPsec . . . . . . . . . . . . . . . 8 3.2. Scenario 2 - TML with IPsec . . . . . . . . . . . . . . . 8
3.3. Scenario 3 - CE High Availability . . . . . . . . . . . . 9 3.3. Scenario 3 - CE High Availability . . . . . . . . . . . . 9
3.4. Scenario 4 - Packet forwarding . . . . . . . . . . . . . 11 3.4. Scenario 4 - Packet Forwarding . . . . . . . . . . . . . . 11
4. Test Results . . . . . . . . . . . . . . . . . . . . . . . . 13 4. Test Results . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. LFB Operation Test . . . . . . . . . . . . . . . . . . . 13 4.1. Test of LFB Operation . . . . . . . . . . . . . . . . . . 14
4.2. TML with IPsec Test . . . . . . . . . . . . . . . . . . . 19 4.2. Test of TML with IPsec . . . . . . . . . . . . . . . . . . 20
4.3. CE High Availability Test . . . . . . . . . . . . . . . . 19 4.3. Test of CE High Availability . . . . . . . . . . . . . . . 20
4.4. Packet Forwarding Test . . . . . . . . . . . . . . . . . 20 4.4. Test of Packet Forwarding . . . . . . . . . . . . . . . . 21
5. Discussions . . . . . . . . . . . . . . . . . . . . . . . . . 22 5. Discussions . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.1. On Data Encapsulation Format . . . . . . . . . . . . . . 22 5.1. On Data Encapsulation Format . . . . . . . . . . . . . . . 23
6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 7.1. Normative References . . . . . . . . . . . . . . . . . . . 26
9. Security Considerations . . . . . . . . . . . . . . . . . . . 26 7.2. Informative References . . . . . . . . . . . . . . . . . . 26
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 28
10.1. Normative References . . . . . . . . . . . . . . . . . . 26 Appendix B. Contributors . . . . . . . . . . . . . . . . . . . . 28
10.2. Informative References . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
1. Introduction 1. Introduction
This document captures results of the second interoperability test of This document captures the results of the second interoperability
the Forwarding and Control Element Separation (ForCES) which took test of the Forwarding and Control Element Separation (ForCES) that
place February 24-25, 2011 in the Internet Technology Lab (ITL) of took place on February 24-25, 2011, in the Internet Technology Lab
Zhejiang Gongshang University, China. The test involved protocol (ITL) at Zhejiang Gongshang University, China. The test involved
elements described in several documents namely: protocol elements described in several documents, namely:
- ForCES Protocol [RFC5810] - ForCES Protocol [RFC5810]
- ForCES Forwarding Element (FE) Model [RFC5812]
- ForCES Transport Mapping Layer (TML) [RFC5811] - ForCES Forwarding Element (FE) Model [RFC5812]
- ForCES Transport Mapping Layer (TML) [RFC5811]
The test also involved protocol elements described in the then- The test also involved protocol elements described in the then-
current versions of two Internet-Drafts. Although these documents current versions of two Internet-Drafts. Although these documents
have subsequently been revised and advanced, it is important to have subsequently been revised and advanced, it is important to
understand which versions of the work were used during this test. understand which versions of the work were used during this test.
The then-current Internet-Drafts are: The then-current Internet-Drafts are:
- ForCES Logical Function Block (LFB) Library - "ForCES Logical Function Block (LFB) Library" (December 2010)
[I-D.ietf-forces-lfb-lib-03]. [LFB-LIB]
- ForCES Intra-NE High Availability [I-D.ietf-forces-ceha-00].
The 'ForCES Logical Function Block (LFB) Library' document has - "ForCES Intra-NE High Availability" (October 2010) [CEHA]
advanced and been published by IETF as RFC 6956.
Note: The ForCES Logical Function Block (LFB) Library document was
published as [RFC6956].
Three independent ForCES implementations participated in the test. Three independent ForCES implementations participated in the test.
Scenarios of ForCES LFB Operation, TML with IPsec, CE High Scenarios of ForCES LFB Operation, TML with IPsec, Control Element
Availability, and Packet Forwarding were constructed. Series of High Availability (CEHA), and Packet Forwarding were constructed.
testing items for every scenario were carried out and Series of testing items for every scenario were carried out and
interoperability results were achieved. Popular packet analyzers interoperability results were achieved. The popular packet analyzers
Ethereal/Wireshark[Ethereal] and Tcpdump[Tcpdump] were used to verify Ethereal/Wireshark [Ethereal] and Tcpdump [Tcpdump] were used to
the wire results. verify the wire results.
This document is an update to RFC 6053, which captured the results of This document is an update to [RFC6053], which captured the results
the first ForCES interoperability test. The first test on ForCES was of the first ForCES interoperability test. The first test on ForCES
held in July 2008 at the University of Patras, Greece. That test was held in July 2008 at the University of Patras, Greece. That test
focused on validating the basic semantics of the ForCES protocol and focused on validating the basic semantics of the ForCES protocol and
ForCES FE model. ForCES Forwarding Element (FE) model.
1.1. ForCES Protocol 1.1. ForCES Protocol
The ForCES protocol works in a master-slave mode in which Forwarding The ForCES protocol works in a master-slave mode in which FEs are
Elements (FEs) are slaves and Control Elements (CEs) are masters. slaves and Control Elements (CEs) are masters. The protocol includes
The protocol includes commands for transport of Logical Function commands for transport of Logical Function Block (LFB) configuration
Block (LFB) configuration information, association setup, status, and information, association setup, status, event notifications, etc.
event notifications, etc. The reader is encouraged to read the The reader is encouraged to read the ForCES protocol specification
ForCES protocol specification [RFC5810] for further information. [RFC5810] for further information.
1.2. ForCES FE Model 1.2. ForCES FE Model
The ForCES Forwarding Element (FE) model [RFC5812] presents a formal The ForCES FE model [RFC5812] presents a formal way to define FE LFBs
way to define FE Logical Function Blocks (LFBs) using XML. LFB using XML. LFB configuration components, capabilities, and
configuration components, capabilities, and associated events are associated events are defined when the LFB is formally created. The
defined when the LFB is formally created. The LFBs within the FE are LFBs within the FE are accordingly controlled in a standardized way
accordingly controlled in a standardized way by the ForCES protocol. by the ForCES protocol.
1.3. Transport Mapping Layer 1.3. Transport Mapping Layer
The ForCES Transport Mapping Layer (TML) transports the ForCES The ForCES Transport Mapping Layer (TML) transports the ForCES
Protocol Layer (PL) messages. The TML is where the issues of how to protocol layer messages. The TML is where the issues of how to
achieve transport level reliability, congestion control, multicast, achieve transport-level reliability, congestion control, multicast,
ordering, etc are handled. It is expected that more than one TML ordering, etc., are handled. It is expected that more than one TML
will be standardized. RFC 5811 specifies an SCTP-Based Transport will be standardized. RFC 5811 specifies a TML that is based on the
Mapping Layer (TML) for ForCES protocol, which is a mandated TML for Stream Control Transmission Protocol (SCTP) and is a mandated TML for
ForCES. See RFC 5811 for more details. ForCES. See RFC 5811 for more details.
1.4. Definitions 1.4. Definitions
This document follows the terminology defined by ForCES related This document follows the terminology defined by ForCES-related
documents, including RFC3654, RFC3746, RFC5810, RFC5811, RFC5812, documents, including [RFC3654], [RFC3746], [RFC5810], [RFC5811],
RFC5813, etc. [RFC5812], [RFC5813], etc.
2. Overview 2. Overview
2.1. Date, Location, and Participants 2.1. Date, Location, and Participants
The second ForCES interoperability test meeting was held by IETF The second ForCES interoperability test meeting was held by the IETF
ForCES Working Group on February 24-25, 2011, and was chaired by ForCES Working Group on February 24-25, 2011, and was chaired by
Jamal Hadi Salim. Three independent ForCES implementations Jamal Hadi Salim. Three independent ForCES implementations
participated in the test: participated in the test:
o Zhejiang Gongshang University/Hangzhou BAUD Corporation of o Zhejiang Gongshang University/Hangzhou BAUD Corporation of
Information and Networks Technology (Hangzhou BAUD Networks), Information and Networks Technology (Hangzhou BAUD Networks),
China. This implementation is referred to as "ZJSU" or in some China. This implementation is referred to as "ZJSU" or "Z" in
cases "Z" in the document for the sake of brevity. this document for the sake of brevity.
o NTT Corporation, Japan. This implementation is referred to as o NTT Corporation, Japan. This implementation is referred to as
"NTT" or in some cases "N" in the document for the sake of "NTT" or "N" in this document for the sake of brevity.
brevity.
o The University of Patras, Greece. This implementation is referred o The University of Patras, Greece. This implementation is referred
to as "UoP" or in some cases "P" in the document for the sake of to as "UoP" or "P" in this document for the sake of brevity.
brevity.
Two other organizations, Mojatatu Networks and Hangzhou BAUD Networks Two other organizations, Mojatatu Networks and Hangzhou BAUD Networks
Corporation, which independently extended two different well known Corporation, which independently extended two different well-known
public domain protocol analyzers, Ethereal/Wireshark [Ethereal] and public domain protocol analyzers, Ethereal/Wireshark [Ethereal] and
Tcpdump [Tcpdump], also participated in the interop test. During the Tcpdump [Tcpdump], also participated in the interoperability test.
interoperability test, the two protocol analyzers were used to verify During the test, the two protocol analyzers were used to verify the
the validity of ForCES protocol messages and in some cases semantics. validity (and in some cases, the semantics) of ForCES protocol
messages.
Some issues related to interoperability among implementations were Some issues related to interoperability among implementations were
discovered. Most of the issues were solved on site during the test. discovered. Most of the issues were solved on site during the test.
The most contentious issue found was on the format of encapsulation The most contentious issue found was on the format of encapsulation
for protocol TLV (Refer to Section 5.1 ). for the protocol TLVs (refer to Section 5.1).
Some errata related to ForCES document were found by the Some errata related to the ForCES document were found by the
interoperability test. The errata has been reported to related IETF interoperability test. The errata found in related RFCs have also
RFCs. been reported.
At times, interoperability testing was exercised between two instead At times, interoperability testing was exercised between two instead
of all three representative implementations due to a third one of all three representative implementations because the third one
lacking a specific feature; however, in ensuing discussions, all lacked a specific feature; however, in ensuing discussions, all
implementers mentioned they would be implementing any missing implementers mentioned they would be implementing any missing
features in the future. features in the future.
2.2. Testbed Configuration 2.2. Testbed Configuration
2.2.1. Participants Access 2.2.1. Participants' Access
NTT and ZJSU physically attended on site at the Internet Technology NTT and ZJSU were physically present for the testing at the Internet
Lab (ITL) of Zhejiang Gongshang University in China. The University Technology Lab (ITL) at Zhejiang Gongshang University in China. The
of Patras implementation joined remotely from Greece. The chair, implementation team from the University of Patras joined remotely
Jamal Hadi Salim, joined remotely from Canada by using the Teamviewer from Greece. The chair, Jamal Hadi Salim, joined remotely from
as the monitoring tool[Teamviewer]. The approach is as shown in Canada by using TeamViewer as the monitoring tool [TeamViewer]. The
Figure 1. In the figure, FE/CE refers to FE or CE that the approach was as shown in Figure 1. In the figure, FE/CE refers to
implementer may act alternatively. the FE or CE that the implementer may act as alternatively.
+---------+ +----+ +----------+ +---------+ +----+ +------------+
| FE/CE | | | +---|Monitoring| | FE/CE | | | +---| Monitoring |
| ZJSU |-----| | /\/\/\/\/\ | |(TeamViewer) | ZJSU |-----| | /\/\/\/\/\ | |(TeamViewer)|
+---------+ | | \Internet/ | | Mojatatu | +---------+ | | \Internet/ | | Mojatatu |
|LAN |----/ \--| +----------+ |LAN |----/ \--| +------------+
+---------+ | | \/\/\/\/\/ | +----------+ +---------+ | | \/\/\/\/\/ | +------------+
| FE/CE |-----| | | | FE/CE | | FE/CE |-----| | | | FE/CE |
| NTT | | | +---| UoP | | NTT | | | +---| UoP |
+---------+ +----+ +----------+ +---------+ +----+ +------------+
Figure 1: Access for Participants Figure 1: Access for Participants
As specified in RFC 5811, all CEs and FEs shall implement IPsec As specified in [RFC5811], all CEs and FEs implemented IPsec in the
security in the TML. TML.
On the internet boundary, gateways used must allow for IPsec, SCTP On the Internet boundary, gateways used must allow for IPsec, the
protocol and SCTP ports as defined in the ForCES SCTP-TML [RFC5811] . SCTP protocol, and SCTP ports as defined in the ForCES SCTP-based TML
document [RFC5811].
2.2.2. Testbed Configuration 2.2.2. Testbed Configuration
CEs and FEs from ZJSU and NTT implementations were physically located The CEs and FEs from ZJSU's and NTT's implementations were physically
within the ITL Lab of Zhejiang Gongshang University and connected located within the ITL Lab at Zhejiang Gongshang University and
together using Ethernet switches. The configuration can be seen in connected together using Ethernet switches. The configuration can be
Figure 2. In the figure, the SmartBits is a third-party routing seen in Figure 2. In the figure, SmartBits [SmartBits] is a third-
protocol testing machine, which acts as a router running OSPF and RIP party routing protocol testing machine that acts as a router running
and exchanged routing protocol messages with ForCES routers in the Open Shortest Path First (OSPF) and RIP, and exchanges routing
network. Connection to the Internet was via an ADSL channel. protocol messages with ForCES routers in the network. Connection to
the Internet was via an Asymmetric Digital Subscriber Line (ADSL)
channel.
/\/\/\/\/\ /\/\/\/\/\
\Internet/ \Internet/
/ \ / \
\/\/\/\/\/ \/\/\/\/\/
| |
|(ADSL) |(ADSL)
| |
+------------------------------------------------------------------+ +-------------------------------------------------------------------+
| LAN (10.20.0.0/24) | | LAN (10.20.0.0/24) |
+------------------------------------------------------------------+ +-------------------------------------------------------------------+
| | | | | | | | | | | |
| | | | | | | | | | | |
|.222 |.230 |.221 |.179 |.231 |.220 |.222 |.230 |.221 |.179 |.231 |.220
+-----+ +-----+ +-----+ +-----+ +-----+ +---------+ +-----+ +-----+ +-----+ +-----+ +-----+ +---------+
| CE | | CE | | | | | | | | Protocol| | CE | | CE | | | | | | | | Protocol|
|ZJSU | | NTT | | FE1 |.1 .2| FE |.1 .2| FE2 | | Analyzer| |ZJSU | | NTT | | FE1 |.1 .2| FE |.1 .2| FE2 | | Analyzer|
+-----+ +-----+ |ZJSU |---------| NTT |---------|ZJSU | +---------+ +-----+ +-----+ |ZJSU |---------| NTT |---------|ZJSU | +---------+
+---------| |192.169. | | 192.168.| |------+ +---------| |192.169. | | 192.168.| |------+
| .2 +-----+ 20.0.24 +-----+ 30.0/24+-----+ .2 | | .2 +-----+ 20.0.24 +-----+ 30.0/24+-----+ .2 |
| .12| |.12 | | .12| |.12 |
| | | | | | | |
192.168.50.0/24 | |192.168.60.0/24 192.168.50.0/24 | |192.168.60.0/24
| 192.168.10.0/24 192.168.40.0/24 | | 192.168.10.0/24 192.168.40.0/24 |
.1 | |.11 |.11 |.1 .1 | |.11 |.11 |.1
+--------+ +--------------------------------------+ +--------+ +--------+ +--------------------------------------+ +--------+
|Terminal| | Smartbits | |Terminal| |Terminal| | SmartBits | |Terminal|
+--------+ +--------------------------------------+ +--------+ +--------+ +--------------------------------------+ +--------+
Figure 2: Testbed Configuration Located in ITL Lab, China Figure 2: Testbed Configuration Located in the ITL Lab, China
CE and FE from the UoP implementation were located within the The CE and FE from the UoP implementation were located within the
University of Patras, Greece, and were connected together using LAN University of Patras, Greece, and were connected together using LAN,
as shown in Figure 3. Connection to the Internet was via a VPN as shown in Figure 3. Connection to the Internet was via a VPN
channel. channel.
/\/\/\/\/\ /\/\/\/\/\
\Internet/ \Internet/
/ \ / \
\/\/\/\/\/ \/\/\/\/\/
| |
|(VPN) |(VPN)
| |
+------------------------------------+ +------------------------------------+
| LAN | | LAN |
+------------------------------------+ +------------------------------------+
| | | | | |
| | | | | |
+------+ +--------+ +------+ +------+ +--------+ +------+
| FE | |Protocol| | CE | | FE | |Protocol| | CE |
| UoP | |Analyzer| | UoP | | UoP | |Analyzer| | UoP |
+------+ +--------+ +------+ +------+ +--------+ +------+
Figure 3: Testbed Configuration Located in the University of Figure 3: Testbed Configuration
Patras,Greece Located in the University of Patras, Greece
The testbeds above were then able to satisfy requirements of all The testbeds above were then able to satisfy the requirements of all
interoperability test scenarios in this document. interoperability test scenarios in this document.
3. Scenarios 3. Scenarios
3.1. Scenario 1 - LFB Operation 3.1. Scenario 1 - LFB Operation
This scenario was to test the interoperability on LFB operations This scenario was designed to test the interoperability of LFB
among the participants. The connection diagram for the participants operations among the participants. The connection diagram for the
is as shown in Figure 4. participants is shown in Figure 4.
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
| CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE |
| ZJSU | | NTT | | ZJSU | | UoP | | NTT | | UoP | | ZJSU | | NTT | | ZJSU | | UoP | | NTT | | UoP |
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
| | | | | | | | | | | |
| | | | | | | | | | | |
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
| FE | | FE | | FE | | FE | | FE | | FE | | FE | | FE | | FE | | FE | | FE | | FE |
| NTT | | ZJSU | | UoP | | ZJSU | | UoP | | NTT | | NTT | | ZJSU | | UoP | | ZJSU | | UoP | | NTT |
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
Figure 4: Scenario for LFB Operation Figure 4: Scenario for LFB Operation
In order to make interoperability more credible, the three In order to make interoperability more credible, the three
implementers were required to carry out the test in a way acting as implementers were required to carry out the test acting as a CE or FE
CE or FE alternatively. As a result, every LFB operation was alternatively. As a result, every LFB operation was combined with
combined with 6 scenarios, as shown by Figure 4. six scenarios, as shown by Figure 4.
The test scenario was designed with the following purposes: The test scenario was designed with the following purposes.
Firstly, the scenario was designed to verify all kinds of protocol Firstly, the scenario was designed to verify all kinds of protocol
messages with their complex data formats, which were defined in RFC messages with their complex data formats, which were defined in
5810. Specially, we tried to verify the data format of a PATH-DATA [RFC5810]. Specifically, we tried to verify the data format of a
with nested PATH-DATAs, and the operation(SET, GET, DEL) of an array PATH-DATA-TLV with nested PATH-DATA-TLVs, and the operation (SET,
or an array with a nested array. GET, and DEL) of an array or an array with a nested array.
Secondly, the scenario was designed to verify the definition of Secondly, the scenario was designed to verify the definition of
ForCES LFB Library [I-D.ietf-forces-lfb-lib-03], which defined a base ForCES LFB Library [LFB-LIB], which defined a base set of ForCES LFB
set of ForCES LFB classes for typical router functions. Successful classes for typical router functions. Successful tests under this
test under this scenario would help the validity of the LFB scenario would help the validity of the LFB definitions.
definitions.
3.2. Scenario 2 - TML with IPsec 3.2. Scenario 2 - TML with IPsec
This scenario was designed to implement a TML with IPsec, which was This scenario was designed to implement a TML with IPsec, which was
the requirement by RFC 5811. TML with IPsec was not implemented and the requirement defined by RFC 5811. TML with IPsec was not
tested in the first ForCES interoperability test as reported by RFC implemented and tested in the first ForCES interoperability test, as
6053. For this reason, in this interoperability test, we reported in RFC 6053. For this reason, in this interoperability
specifically designed the test scenario to verify the TML over IPsec test, we specifically designed the test scenario to verify the TML
channel. over IPsec channel.
In this scenario, tests on LFB operations for Scenario 1 were In this scenario, tests on LFB operations for Scenario 1 were
repeated with the difference that TML was secured via IPsec. This repeated with the difference that TML was secured via IPsec. This
setup scenario allowed us to verify whether all interactions between setup scenario allowed us to verify whether all interactions between
CE and FE could be made correctly under an IPsec TML environment. the CE and FE could be made correctly under an IPsec TML environment.
The connection diagram for this scenario is shown as Figure 5. The connection diagram for this scenario is shown in Figure 5.
Because an unfortunate problem with the test system in UoP prevented Because an unfortunate problem with the test system in the UoP
the deployment of IPsec over TML, this test only took place between prevented the deployment of IPsec over TML, this test only took place
the test systems in ZJSU and NTT. between the test systems in ZJSU and NTT.
+------+ +------+ +------+ +------+
| CE | | CE | | CE | | CE |
| ZJSU | | NTT | | ZJSU | | NTT |
+------+ +------+ +------+ +------+
| | | |
|TML over IPsec |TML over IPsec |TML over IPsec |TML over IPsec
+------+ +------+ +------+ +------+
| FE | | FE | | FE | | FE |
| NTT | | ZJSU | | NTT | | ZJSU |
+------+ +------+ +------+ +------+
Figure 5: Scenario for LFB Operation with TML over IPsec Figure 5: Scenario for LFB Operation with TML over IPsec
In this scenario, ForCES TML was run over the IPsec channel. In this scenario, ForCES TML was run over the IPsec channel.
Implementers joined in this interoperability used the same third- Implementers joined in this interoperability test using the same
party software 'Racoon' [Racoon] to establish the IPsec channel. third-party software 'Racoon' [Racoon] to establish the IPsec
channel.
The Racoon in NetBSD is an IKE daemon performing the IPsec Key
Exchange (IKE) with the peers. Both IKE v1 and v2 are supported by
Racoon in linux 2.6, and the v2 was adopted in the interop test. SAD
and SPD were necessary for the test, setups of which were in the
Racoon configuration file. ESP was specified in SAD and SPD in the
Racoon configuration file.
ZJSU and NTT made a successful test with the scenario, and the
following items were realized:
o Internet Key Exchange (IKE) with certificates for endpoint The Racoon in NetBSD is an Internet Key Exchange (IKE) daemon that
authentication. performs the key exchange with the peers. Both IKEv1 and IKEv2 are
supported by Racoon in Linux 2.6, and IKEv2 was adopted in the
interop test. The Security Association Database (SAD) and Security
Policy Database (SPD) were necessary for the test, setups of which
were in the Racoon configuration file. The Encapsulating Security
Payload (ESP) was specified in the SAD and SPD in the Racoon
configuration file.
o Transport Mode Encapsulating Security Payload (ESP), HMAC-SHA1-96 ZJSU and NTT conducted a successful test with the scenario, and the
for message integrity protection. IPsec requirement items in [RFC5812] were realized.
3.3. Scenario 3 - CE High Availability 3.3. Scenario 3 - CE High Availability
CE High Availability (CEHA) was tested based on the ForCES CEHA CE High Availability (CEHA) was tested based on the ForCES CEHA
document [I-D.ietf-forces-ceha-00] document [CEHA].
The design of the setup and the scenario for the CEHA were simplified The design of the setup and the scenario for the CEHA were simplified
so as to focus mostly on the mechanics of the CEHA, which were: so as to focus mostly on the mechanics of the CEHA, which were:
o Associating with more than one CE. o Associating with more than one CE.
o Switching to backup CE on master CE failure. o Switching to a backup CE on a master CE failure.
The connection diagram for the scenario is as shown in Figure 6. The connection diagram for the scenario is shown in Figure 6.
master standby master standby master standby master standby
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
| CE | | CE | | CE | | CE | | CE | | CE | | CE | | CE |
| ZJSU | | UoP | | NTT | | UoP | | ZJSU | | UoP | | NTT | | UoP |
+------+ +------+ +------+ +------+ +------+ +------+ +------+ +------+
| | | | | | | |
+----------+ +-----------+ +----------+ +-----------+
| | | |
+------+ +------+ +------+ +------+
| FE | | FE | | FE | | FE |
| UoP | | UoP | | UoP | | UoP |
+------+ +------+ +------+ +------+
(a) (b) (a) (b)
Figure 6: Scenario for CE High Availability Figure 6: Scenario for CE High Availability
In this scenario one FE was connected and associated to a master CE In this scenario, one FE was connected and associated to a master CE
and a backup CE. In the pre-association phase, the FE would be and a backup CE. In the pre-association phase, the FE would be
configured to have ZJSU's or NTT's CE as master CE and UoP's CE as configured to have ZJSU's or NTT's CE as the master CE and the UoP's
standby CE. The CEFailoverPolicy component of the FE Protocol Object CE as the standby CE. The CEFailoverPolicy component of the FE
LFB that specified whether the FE was in High Availability mode Protocol Object LFB that specified whether the FE was in High
(value 2 or 3) would either be set in the pre-association phase by Availability mode (value 2 or 3) would be set either in the pre-
the FEM interface or in post-association phase by the master CE. association phase by the FE interface or in the post-association
phase by the master CE.
If the CEFailoverPolicy value was set to 2 or 3, the FE (in the post- If the CEFailoverPolicy value was set to 2 or 3, the FE (in the post-
association phase) would attempt to connect and associate with the association phase) would attempt to connect and associate with the
standby CE. standby CE.
When the master CE was deemed disconnected, either by a TearDown, When the master CE was deemed disconnected, either by a TearDown,
Loss of Heartbeats or physically disconnected, the FE would assume Loss of Heartbeats, or physically disconnected, the FE would assume
that the standby CE was now the master CE. The FE would then send an that the standby CE was now the master CE. The FE would then send an
Event Notification, Primary CE Down, to all associated CEs, only the Event Notification, Primary CE Down, to all associated CEs (only the
standby CE in this case, with the value of the new master CEID. The standby CE in this case) with the value of the new master Control
standby CE would then respond by sending a configuration message to Element ID (CEID). The standby CE would then respond by sending a
the CEID component of the FE Protocol Object with its own ID to configuration message to the CEID component of the FE Protocol Object
confirm that the CE considered itself as the master as well. with its own ID to confirm that the CE considered itself the master
as well.
The steps of the CEHA test scenario were as follows: The steps of the CEHA test scenario were as follows:
1. In the pre-association phase, setup of FE with master CE and 1. In the pre-association phase, the FE is set up with the master CE
backup CE and the backup CE.
2. FE connecting and associating with master CE. 2. The FE connects and associates with the master CE.
3. When CEFailoverPolicy is set to 2 or 3, the FE will connect and 3. When CEFailoverPolicy is set to 2 or 3, the FE connects and
associate with backup CE. associates with the backup CE.
4. Once the master CE is considered disconnected then the FE chooses 4. Once the master CE is considered disconnected, then the FE
the first Associated backup CE. chooses the first associated backup CE.
5. It sends an Event Notification specifying that the master CE is 5. It sends an Event Notification that specifies the master CE is
down and who is now the master CE. down and identifies the new master CE.
6. The new master CE sends a SET Configuration message to the FE 6. The new master CE sends a SET Configuration message to the FE;
setting the CEID value to who is now the new master CE completing the FE then sets the CEID value to the new master CE completing
the switch. the switch.
3.4. Scenario 4 - Packet forwarding 3.4. Scenario 4 - Packet Forwarding
This test scenario was to verify LFBs like RedirectIn, RedirectOut, This test scenario was conducted to verify LFBs like RedirectIn,
IPv4NextHop, IPv4UcastLPM defined by the ForCES LFB library document RedirectOut, IPv4NextHop, and IPv4UcastLPM, which were defined by the
[I-D.ietf-forces-lfb-lib-03], and more importantly, to verify the ForCES LFB library document [LFB-LIB], and more importantly, to
combination of the LFBs to implement IP packet forwarding. verify the combination of the LFBs to implement IP packet forwarding.
The connection diagram for this scenario is as Figure 7. The connection diagram for this scenario is shown in Figure 7.
+------+ +------+
| CE | | CE |
| NTT | | NTT |
+------+ +------+
| ^ | ^
| | OSPF | | OSPF
| +-------> | +------->
+------+ +------+ +------+ +------+
+--------+ | FE | | OSPF | +--------+ +--------+ | FE | | OSPF | +--------+
skipping to change at page 12, line 4 skipping to change at page 12, line 31
| CE | | CE |
| ZJSU | | ZJSU |
+------+ +------+
^ | ^ ^ | ^
OSPF | | | OSPF OSPF | | | OSPF
<-----+ | +-----> <-----+ | +----->
+-------+ +------+ +------+ +-------+ +------+ +------+
+--------+ | OSPF | | FE | | OSPF | +--------+ +--------+ | OSPF | | FE | | OSPF | +--------+
|Terminal|----|Router |----| NTT |-----|Router|--|Terminal| |Terminal|----|Router |----| NTT |-----|Router|--|Terminal|
+--------+ +-------+ +------+ +------+ +--------+ +--------+ +-------+ +------+ +------+ +--------+
<--------------------------------------------> <-------------------------------------------->
Packet Forwarding Packet Forwarding
(b) (b)
+------+ +------+ +------+ +------+
| CE | | CE | | CE | | CE |
| NTT | | ZJSU | | NTT | | ZJSU |
+------+ +------+ +------+ +------+
| ^ ^ | | ^ ^ |
| | OSPF | | | | OSPF | |
| +----------+ | | +----------+ |
+------+ +------+ +------+ +------+
skipping to change at page 12, line 20 skipping to change at page 12, line 46
| CE | | CE | | CE | | CE |
| NTT | | ZJSU | | NTT | | ZJSU |
+------+ +------+ +------+ +------+
| ^ ^ | | ^ ^ |
| | OSPF | | | | OSPF | |
| +----------+ | | +----------+ |
+------+ +------+ +------+ +------+
+--------+ | FE | | FE | +--------+ +--------+ | FE | | FE | +--------+
|Terminal|------| ZJSU |-------| NTT |------|Terminal| |Terminal|------| ZJSU |-------| NTT |------|Terminal|
+--------+ +------+ +------+ +--------+ +--------+ +------+ +------+ +--------+
<--------------------------------------------> <-------------------------------------------->
Packet Forwarding Packet Forwarding
(c) (c)
Figure 7: Scenario for IP Packet forwarding Figure 7: Scenario for IP Packet Forwarding
In case (a), a CE by NTT was connected to an FE by ZJSU to form a In case (a), NTT's CE was connected to ZJSU's FE to form a ForCES
ForCES router. A Smartbits test machine with its routing protocol router. A SmartBits [SmartBits] test machine equipped with routing
software were used to simulate an OSPF router and were connected with protocol software was used to simulate an OSPF router and was
the ForCES router to try to exchange OSPF hello packets and LSA connected with the ForCES router to try to exchange OSPF Hello
packets among them. Terminals were simulated by Smartbits to send packets and Link State Advertisement (LSA) packets among them.
and receive packets. As a result, the CE in the ForCES router need Terminals were simulated by SmartBits to send and receive packets.
to be configured to run and support OSPF routing protocol. As a result, the CE in the ForCES router needed to be configured to
run and support the OSPF routing protocol.
In case (b), a CE by ZJSU was connected to an FE by NTT to form a In case (b), ZJSU'S CE was connected to NTT'S FE to form a ForCES
ForCES router. Two routers running OSPF were simulated and connected router. Two routers running OSPF were simulated and connected to the
to the ForCES router to test if the ForCES router could support OSPF ForCES router to test if the ForCES router could support the OSPF
protocol and support packet forwarding. protocol and support packet forwarding.
In case (c), two ForCES routers were constructed. One was with CE by In case (c), two ForCES routers were constructed; one was with NTT's
NTT and FE by ZJSU and the other was opposite. OSPF and packet CE and ZJSU's FE, and the other was with NTT's FE and ZJSU's CE.
forwarding were tested in the environment. OSPF and packet forwarding were tested in the environment.
Testing process for this scenario is as below: The testing process for this scenario is shown below:
1. Boot terminals and routers, and set IP addresses of their 1. Boot terminals and routers, and set the IP addresses of their
interfaces. interfaces.
2. Boot CE and FE. 2. Boot the CE and FE.
3. Establish association between CE and FE, and set IP addresses of 3. Establish an association between the CE and FE, and set the IP
FEs interfaces. addresses of the FE interfaces.
4. Start OSPF among CE and routers, and set FIB on FE. 4. Start OSPF among the CE and routers, and set the Forwarding
Information Base (FIB) on the FE.
5. Send packets between terminals. 5. Send packets between terminals.
4. Test Results 4. Test Results
4.1. LFB Operation Test 4.1. Test of LFB Operation
The test result is as reported by Figure 8. For the convenience The test results are reported in Figure 8. As mentioned earlier, for
sake, as mentioned earlier, abbreviations of 'Z' in the table means convenience, the following abbreviations are used in the table: "Z"
implementation from ZJSU ,'N' implementation from NTT, and for the implementation from ZJSU, "N" for the implementation from
'P'implementation from UoP. NTT, and "P" for the implementation from the UoP.
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
|Test#| CE |FE(s)|Oper | LFB | Component | Result | |Test#| CE |FE(s)|Oper | LFB | Component | Result |
| | | | | | /Capability | | | | | | | | /Capability | |
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
| 1 | Z | N | GET | FEObject | LFBTopology | Success | | 1 | Z | N | GET | FEObject | LFBTopology | Success |
| | N | Z | | | | Success | | | N | Z | | | | Success |
| | P | Z | | | | Success | | | P | Z | | | | Success |
| | N | P | | | | Success | | | N | P | | | | Success |
| | P | N | | | | Success | | | P | N | | | | Success |
skipping to change at page 18, line 36 skipping to change at page 19, line 40
| | P | N | | | | Success | | | P | N | | | | Success |
| | | | | | | | | | | | | | | |
| 36 | Z | N | DEL | Ether | VlanOutputTable | Success | | 36 | Z | N | DEL | Ether | VlanOutputTable | Success |
| | N | Z | | Encapsulator | | Success | | | N | Z | | Encapsulator | | Success |
| | Z | P | | | | Success | | | Z | P | | | | Success |
| | P | Z | | | | Success | | | P | Z | | | | Success |
| | N | P | | | | Success | | | N | P | | | | Success |
| | P | N | | | | Success | | | P | N | | | | Success |
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
Figure 8: LFB Operation Test Results Figure 8: Test Results for LFB Operation
Note on test #1 and #2: Note on tests #1 and #2:
On the wire format of encapsulation on array, only the case of On the wire format of encapsulation on array, only the case of
FULLDATA vs SPARSEDATA was tested. FULLDATA-TLV vs. SPARSEDATA-TLV was tested.
It is very common for CE to get information of FEobject LFB in FE so When we use the ForCES protocol, it is very common for the CE to use
as to know status on all active LFBs in the FE. Hence, the two tests the FEobject LFB to get information on LFBs and their topology in the
were specifically designed. FE. Hence, the two tests were specifically made.
4.2. TML with IPsec Test 4.2. Test of TML with IPsec
In this scenario, the ForCES TML was run over IPsec. Implementers In this scenario, the ForCES TML was run over IPsec. Implementers
joined this interoperability test used the same third-party tool joined this interoperability test and used the same third-party tool
software 'Racoon' [Racoon] to establish IPsec channel. Typical LFB software 'Racoon' [Racoon] to establish the IPsec channel. Typical
operation tests as in Scenario 1 were repeated with the IPsec enabled LFB operation tests as in Scenario 1 were repeated with the
TML. IPsec-enabled TML.
As mentioned, this scenario only took place between implementers of As mentioned, this scenario only took place between implementers from
ZJSU and NTT. ZJSU and NTT.
The TML with IPsec test results are reported by Figure 9. The TML with IPsec test results are reported in Figure 9.
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
|Test#| CE |FE(s)|Oper | LFB | Component/ | Result | |Test#| CE |FE(s)|Oper | LFB | Component/ | Result |
| | | | | | Capability | | | | | | | | Capability | |
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
| 1 | Z | N | GET | FEObject | LFBTopology | Success | | 1 | Z | N | GET | FEObject | LFBTopology | Success |
| | N | Z | | | | Success | | | N | Z | | | | Success |
| | | | | | | | | | | | | | | |
| 2 | Z | N | GET | FEObject | LFBSelectors | Success | | 2 | Z | N | GET | FEObject | LFBSelectors | Success |
| | N | Z | | | | Success | | | N | Z | | | | Success |
| | | | | | | | | | | | | | | |
| 3 | Z | N | SET | Ether | VlanInputTable | Success | | 3 | Z | N | SET | Ether | VlanInputTable | Success |
| | N | Z | | Classifier | | Success | | | N | Z | | Classifier | | Success |
| | | | | | | | | | | | | | | |
| 4 | Z | N | DEL | Ether | VlanInputTable | Success | | 4 | Z | N | DEL | Ether | VlanInputTable | Success |
| | N | Z | | Classifier | | Success | | | N | Z | | Classifier | | Success |
+-----+----+-----+-----+--------------+-------------------+---------+ +-----+----+-----+-----+--------------+-------------------+---------+
Figure 9: TML with IPsec Test Results Figure 9: Test Results for TML with IPsec
4.3. CE High Availability Test 4.3. Test of CE High Availability
In this scenario, one FE connected and associated with a master CE In this scenario, one FE connected and associated with a master CE
and a backup CE. When the master CE was deemed disconnected, the FE and a backup CE. When the master CE was deemed disconnected, the FE
would attempt to find another associated CE to become the master CE. attempted to find another associated CE to become the master CE.
The CEHA scenario as was described by Scenario 3 was completed The CEHA scenario, as described in Scenario 3, was completed
successfully for both setups. successfully for both setups.
Due to a bug in one of the FEs, an interesting issue was caught: it Due to a bug in one of the FEs, an interesting issue was caught: it
was observed that the buggy FE took up to a second to failover. It was observed that the buggy FE took up to a second to failover. It
was eventually found that the issue was due to the FE's was eventually found that the issue was due to the FE's
prioritization of the different CEs. All messages from the backup CE prioritization of the different CEs. All messages from the backup CE
were being ignored unless the master CE was disconnected. were being ignored unless the master CE was disconnected.
While the bug was fixed and the CEHA scenario was completed While the bug was fixed and the CEHA scenario was completed
successfully, the authors felt it was important to capture the successfully, the authors felt it was important to capture the
implementation issue in this document. The recommended approach is implementation issue in this document. The recommended approach is
the following: the following:
o The FE should receive and handle messages first from the master CE o The FE should receive and handle messages first from the master CE
on all priority channels to maintain proper functionality and then on all priority channels to maintain proper functionality and then
receive and handle messages from the backup CEs. receive and handle messages from the backup CEs.
o Only when the FE is attempting to associate with the backup CEs, o Only when the FE is attempting to associate with the backup CEs
then the FE should receive and handle messages per priority should the FE receive and handle messages per priority channel
channel from all CEs. When all backup CEs are associated with or from all CEs. When all backup CEs are associated with or deemed
deemed unreachable, then the FE should return to receiving and unreachable, then the FE should return to receiving and handling
handling messages first from the master CE. messages first from the master CE.
4.4. Packet Forwarding Test 4.4. Test of Packet Forwarding
As described in the ForCES LFB library [I-D.ietf-forces-lfb-lib-03], As described in the ForCES LFB library [LFB-LIB], packet forwarding
packet forwarding is implemented by a set of LFB classes that compose is implemented by a set of LFB classes that compose a processing path
a processing path for packets. In this test scenario, as shown in for packets. In this test scenario, as shown in Figure 7, a ForCES
Figure 7, a ForCES router running OSPF protocol was constructed. In router running the OSPF protocol was constructed. In addition, a set
addition, a set of LFBs including RedirectIn, RedirectOut, of LFBs including RedirectIn, RedirectOut, IPv4UcastLPM, and
IPv4UcastLPM, and IPv4NextHop LFBs were used. RedirectIn and IPv4NextHop were used. RedirectIn and RedirectOut LFBs redirected
RedirectOut LFBs redirected OSPF hello and LSA packets from and to OSPF Hello and LSA packets from and to the CE. A SmartBits
CE. A Smartbits test machine was used to simulate an OSPF router and [SmartBits] test machine was used to simulate an OSPF router and
exchange the OSPF hello and LSA packets with CE in ForCES router. exchange the OSPF Hello and LSA packets with the CE in the ForCES
router.
In Figure 7, case (a) and case (b) both need a RedirectIn LFB to send In Figure 7, cases (a) and (b) both need a RedirectIn LFB to send
OSPF packets generated by CE to FE by use of ForCES packet redirect OSPF packets generated by the CE to the FE by use of ForCES packet
messages. The OSPF packets were further sent to an outside OSPF redirect messages. The OSPF packets were further sent to an outside
Router by the FE via forwarding LFBs including IPv4NextHop and OSPF router by the FE via forwarding LFBs, including IPv4NextHop and
IPv4UcastLPM LFBs. A RedirectOut LFB in the FE was used to send OSPF IPv4UcastLPM. A RedirectOut LFB in the FE was used to send OSPF
packets received from outside OSPF Router to CE by ForCES packet packets received from outside the OSPF router to the CE by ForCES
redirect messages. packet redirect messages.
By running OSPF, the CE in the ForCES router could generate new By running OSPF, the CE in the ForCES router could generate new
routes and load them to routing table in FE. The FE was then able to routes and load them to the routing table in the FE. The FE was then
forward packets according to the routing table. able to forward packets according to the routing table.
The test results are as shown in Figure 10 The test results are shown in Figure 10.
+-----+----+-----+-------------------------+--------------+---------+ +-----+----+-----+-------------------------+--------------+---------+
|Test#| CE |FE(s)| Item | LFBs Related | Result | |Test#| CE |FE(s)| Item | LFBs Related | Result |
+-----+----+-----+-------------------------+--------------+---------+ +-----+----+-----+-------------------------+--------------+---------+
| 1 | N | Z | IPv4NextHopTable SET | IPv4NextHop | Success | | 1 | N | Z | IPv4NextHopTable SET | IPv4NextHop | Success |
| | | | | | | | | | | | | |
| 2 | N | Z | IPv4PrefixTable SET | IPv4UcastLPM | Success | | 2 | N | Z | IPv4PrefixTable SET | IPv4UcastLPM | Success |
| | | | | | | | | | | | | |
| 3 | N | Z |Redirect OSPF packet from| RedirectIn | Success | | 3 | N | Z |Redirect OSPF packet from| RedirectIn | Success |
| | | | CE to SmartBits | | | | | | | CE to SmartBits | | |
skipping to change at page 22, line 8 skipping to change at page 23, line 15
| 16 | Z | N | OSPF DD exchange | RedirectOut | Failure | | 16 | Z | N | OSPF DD exchange | RedirectOut | Failure |
| | | | | RedirectIn | | | | | | | RedirectIn | |
| | | | | IPv4NextHop | | | | | | | IPv4NextHop | |
| | | | | | | | | | | | | |
| 17 | Z | N | OSPF LSA exchange | RedirectOut | Failure | | 17 | Z | N | OSPF LSA exchange | RedirectOut | Failure |
| | | | | RedirectIn | | | | | | | RedirectIn | |
| | | | | IPv4NextHop | | | | | | | IPv4NextHop | |
| | | | | IPv4UcastLPM| | | | | | | IPv4UcastLPM| |
+-----+----+-----+-------------------------+--------------+---------+ +-----+----+-----+-------------------------+--------------+---------+
Figure 10: Packet Forwarding Test Results Figure 10: Test Results for Packet Forwarding
Note on test #1 and #2:
The implementer found a multicast route pointing to localhost had to
be manually set before a redirect channel could work normally.
Note on test #3 to #9: Note on tests #3 to #9:
During the test, OSPF packets received from CE were found by Ethereal During the test, OSPF packets received from the CE were found by
/Wireshark with checksum errors in FE. Because the test time was Ethereal/Wireshark to have checksum errors in the FE. Because the
quite limited, implementer of the CE did not try to make efforts to test time was quite limited, the implementer of the CE did not make
find and solve the checksum error, instead, the FE had tried to an effort to find and solve the checksum error; instead, the FE had
correct the checksum in order not to let the Smartbits drop the tried to correct the checksum in order to not let the SmartBits drop
packets. Note that such solution does not affect the test results. the packets. Note that such a solution does not affect the test
results.
Comment on Test #16 and #17: Comment on tests #16 and #17:
The two test items failed. Note that Test #7 and #8 were identical The two test items failed. Note that tests #7 and #8 were identical
to the two tests, only with CE and FE implementers were exchanged. to tests #16 and #17, only with CE and FE implementers being
Moreover, test #12 and #13 showed that the redirect channel worked exchanged. Moreover, tests #12 and #13 showed that the redirect
well. Therefore, it can be reasonably inferred that the problem channel worked well. Therefore, it can be reasonably inferred that
caused the failure was from the implementations, rather than from the the problem caused by the failure was from the implementations,
ForCES protocol itself or from misunderstanding of implementations on rather than from the ForCES protocol itself or the misunderstanding
the protocol specification. Although the failure made the OSPF of implementations on the protocol specification. Although the
interoperability test incomplete, it did not show interoperability failure made the OSPF interoperability test incomplete, it did not
problem. More test work is needed to verify the OSPF show an interoperability problem. More test work is needed to verify
interoperability. the OSPF interoperability.
5. Discussions 5. Discussions
5.1. On Data Encapsulation Format 5.1. On Data Encapsulation Format
In the first day of the test, it was found that the LFB inter- On the first day of the test, it was found that the LFB
operations about tables all failed. It was eventually found the interoperations pertaining to tables all failed. It was eventually
failure was because that different data encapsulation methods for found that the failure occurred because different data encapsulation
ForCES protocol messages were taken by different implementations. methods for ForCES protocol messages were used by different
The issue is described in detail as below: implementations. The issue is described in detail below.
Assuming that an LFB has two components, one is a struct with ID 1 Assuming that an LFB has two components, one is a struct with ID=1
and the other an array with ID 2, further with two components of u32 and the other is an array with ID=2; in addition, both have two
both inside, as below: components of u32 inside, as shown below:
struct1: type struct, ID=1 struct1: type struct, ID=1
components are: components are:
a, type u32, ID=1 a, type u32, ID=1
b, type u32, ID=2 b, type u32, ID=2
table1: type array, ID=2 table1: type array, ID=2
components for each row are (a struct of): components for each row are (a struct of):
x, type u32, ID=1 x, type u32, ID=1
y, type u32, ID=2 y, type u32, ID=2
1. On response of PATH-DATA format 1. On Response of PATH-DATA-TLV Format
When a CE sends a config/query ForCES protocol message to an FE from When a CE sends a config/query ForCES protocol message to an FE from
a different implementer, the CE probably receives response from the a different implementer, the CE probably receives a response from the
FE with different PATH-DATA encapsulation format. For example, if a FE with a different PATH-DATA-TLV encapsulation format. For example,
CE sends a query message with a path of 1 to a third party FE to if a CE sends a query message with a path of 1 to a third-party FE to
manipulate struct 1 as defined above, the FE is probable to generate manipulate struct1 as defined above, it is probable that the FE will
response with two different PATH-DATA encapsulation format: one is generate a response with two different PATH-DATA-TLV encapsulation
the value with FULL/SPARSE-DATA and the other is the value with many formats: one is the value with FULLDATA-TLV/SPARSEDATA-TLV and the
parallel PATH-DATA TLV and nested PATH-DATA TLV, as below: other is the value with many parallel PATH-DATA-TLVs and nested
PATH-DATA-TLVs, as shown below:
format 1: format 1:
OPER = GET-RESPONSE-TLV OPER = GET-RESPONSE-TLV
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=1 IDs=1
FULLDATA-TLV containing valueof(a),valueof(b) FULLDATA-TLV containing valueof(a),valueof(b)
format 2: format 2:
OPER = GET-RESPONSE-TLV OPER = GET-RESPONSE-TLV
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=1 IDs=1
skipping to change at page 24, line 10 skipping to change at page 24, line 52
FULLDATA-TLV containing valueof(a) FULLDATA-TLV containing valueof(a)
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=2 IDs=2
FULLDATA-TLV containing valueof(b) FULLDATA-TLV containing valueof(b)
The interoperability testers witnessed that a ForCES element (CE or The interoperability testers witnessed that a ForCES element (CE or
FE) sender is free to choose whatever data structure that IETF ForCES FE) sender is free to choose whatever data structure that IETF ForCES
documents define and best suits the element, while a ForCES element documents define and best suits the element, while a ForCES element
(CE or FE) should be able to accept and process information (requests (CE or FE) should be able to accept and process information (requests
and responses) that use any legitimate structure defined by IETF and responses) that use any legitimate structure defined by IETF
ForCES documents. While in the case a ForCES element is free to ForCES documents. While in the case where a ForCES element is free
choose any legitimate data structure as a response, it is preferred to choose any legitimate data structure as a response, it is
the ForCES element responds in the same format that the request was preferred that the ForCES element responds in the same format that
made, as it is most probably the data structure is the request sender the request was made, as it is most likely the data structure that
looks forward to receive. the request sender looks to receive.
2. On operation to array 2. On Operation to Array
An array operation may also have several different data encapsulation An array operation may also have several different data encapsulation
formats. For instance, if a CE sends a config message to table 1 formats. For instance, if a CE sends a config message to table1 with
with a path of (2.1), which refers to component with ID=2, which is a path of (2.1), which refers to the component with ID=2 (an array),
an array, and the second ID is the row, so row 1, it may be and the second ID is the row, then row 1 may be encapsulated with
encapsulated with three formats as below: three formats as shown below:
format 1: format 1:
OPER = SET-TLV OPER = SET-TLV
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=2.1 IDs=2.1
FULLDATA-TLV containing valueof(x),valueof(y) FULLDATA-TLV containing valueof(x),valueof(y)
format 2: format 2:
OPER = SET-TLV OPER = SET-TLV
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=2.1 IDs=2.1
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=1 IDs=1
FULLDATA-TLV containing valueof(x) FULLDATA-TLV containing valueof(x)
PATH-DATA-TLV PATH-DATA-TLV
IDs=2 IDs=2
FULLDATA-TLV containing valueof(y) FULLDATA-TLV containing valueof(y)
Moreover, if CE is targeting the whole array, for example if the Moreover, if the CE is targeting the whole array, for example, if the
array is empty and CE wants to add the first row to the table, it array is empty and the CE wants to add the first row to the table, it
could also adopt another format: could also adopt another format:
format 3: format 3:
OPER = SET-TLV OPER = SET-TLV
PATH-DATA-TLV: PATH-DATA-TLV:
IDs=2 IDs=2
FULLDATA-TLV containing rowindex=1,valueof(x),valueof(y) FULLDATA-TLV containing rowindex=1,valueof(x),valueof(y)
The interoperability test experience has shown that format 1 and The interoperability test experience has shown that formats 1 and 3,
format 3, which take full advantage of multiple data elements which take full advantage of the multiple data elements description
description in one TLV of FULLDATA-TLV, get more efficiency, although in one TLV of FULLDATA-TLV, are more efficient, although format 2 can
format 2 can also get the same operating goal. also achieve the same operating goal.
6. Contributors 6. Security Considerations
Contributors who have made major contributions to the Developers of ForCES FEs and CEs must take the security
interoperability test are as below: considerations of the ForCES Framework [RFC3746] and ForCES Protocol
Specification [RFC5810] into account. Also, as specified in the
security considerations of SCTP-Based TML for the ForCES Protocol
[RFC5811], the transport-level security has to be ensured by IPsec.
Test results of TML with IPsec supported have been shown in
Section 4.2 in this document.
Hirofumi Yamazaki The tests described in this document used only simple password
NTT Corporation security mode. Testing using more sophisticated security is for
Tokyo future study.
Japan
Email: yamazaki.horofumi@lab.ntt.co.jp
Rong Jin Further testing using key agility is encouraged. The tests reported
Zhejiang Gongshang University here used SCTP TML running over an IPsec tunnel, which was
Hangzhou established by Racoon. Key negotiation formed part of this process,
P.R.China but we believe that the SCTP TML used does not include key agility or
Email: jinrong@zjsu.edu.cn renegotiation.
Yuta Watanabe 7. References
NTT Corporation
Tokyo
Japan
Email: yuta.watanabe@ntt-at.co.jp
Xiaochun Wu 7.1. Normative References
Zhejiang Gongshang University
Hangzhou
P.R.China
Email: spring-403@zjsu.edu.cn
7. Acknowledgements [RFC5810] Doria, A., Hadi Salim, J., Haas, R., Khosravi, H.,
Wang, W., Dong, L., Gopal, R., and J. Halpern,
"Forwarding and Control Element Separation (ForCES)
Protocol Specification", RFC 5810, March 2010.
The authors thank the following test participants: [RFC5811] Hadi Salim, J. and K. Ogawa, "SCTP-Based Transport
Mapping Layer (TML) for the Forwarding and Control
Element Separation (ForCES) Protocol", RFC 5811,
March 2010.
Chuanhuang Li, Hangzhou BAUD Networks [RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control
Ligang Dong, Zhejiang Gongshang University Element Separation (ForCES) Forwarding Element Model",
Bin Zhuge, Zhejiang Gongshang University RFC 5812, March 2010.
Jingjing Zhou, Zhejiang Gongshang University
Liaoyuan Ke, Hangzhou BAUD Networks
Kelei Jin, Hangzhou BAUD Networks
The authors also thank very much to Adrian Farrel, Joel Halpern, Ben [RFC5813] Haas, R., "Forwarding and Control Element Separation
Campbell, Nevil Brownlee, and Sean Turner for their important help in (ForCES) MIB", RFC 5813, March 2010.
the document publication process.
8. IANA Considerations 7.2. Informative References
This memo includes no request to IANA. [CEHA] Ogawa, K., Wang, W., Haleplidis, E., and J. Salim,
"ForCES Intra-NE High Availability", Work in Progress,
October 2010.
9. Security Considerations [Ethereal] Fenggen, J., "Subject: Release of a test version of
ForCES dissector based on Ethereal 0.99.0", message to
the IETF forces mailing list, 11 June 2009,
<http://www.ietf.org/mail-archive/web/forces/current/
msg03687.html>.
Developers of ForCES FEs and CEs must take the security [LFB-LIB] Wang, W., Haleplidis, E., Ogawa, K., Li, C., and J.
considerations of the ForCES Framework [RFC3746] and the ForCES Halpern, "ForCES Logical Function Block (LFB) Library",
Protocol [RFC5810] into account. Also, as specified in the security Work in Progress, December 2010.
considerations section of the SCTP-Based TML for the ForCES Protocol
[RFC5811], the transport-level security has to be ensured by IPsec.
Test results of TML with IPsec supported have been shown in
Section 4.2 in this document.
The tests described in this document used only simple password [RFC3654] Khosravi, H. and T. Anderson, "Requirements for
security mode. Testing using more sophisticated security is for Separation of IP Control and Forwarding", RFC 3654,
future study. November 2003.
Further testing using key agility is encouraged. The tests reported [RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal,
here used SCTP TML running over an IPsec tunnel which was established "Forwarding and Control Element Separation (ForCES)
by Racoon. Key negotiation formed part of this process, but we Framework", RFC 3746, April 2004.
believe that the SCTP TML used does not include key agility or
renegotiation.
10. References [RFC6053] Haleplidis, E., Ogawa, K., Wang, W., and J. Hadi Salim,
"Implementation Report for Forwarding and Control
Element Separation (ForCES)", RFC 6053, November 2010.
10.1. Normative References [RFC6956] Wang, W., Haleplidis, E., Ogawa, K., Li, C., and J.
Halpern, "Forwarding and Control Element Separation
(ForCES) Logical Function Block (LFB) Library",
RFC 6956, June 2013.
[RFC5810] Doria, A., Hadi Salim, J., Haas, R., Khosravi, H., Wang, [Racoon] The NetBSD Foundation, "How to build a remote user
W., Dong, L., Gopal, R., and J. Halpern, "Forwarding and access VPN with Racoon",
Control Element Separation (ForCES) Protocol <http://www.netbsd.org/docs/network/ipsec/rasvpn.html>.
Specification", RFC 5810, March 2010.
[RFC5811] Hadi Salim, J. and K. Ogawa, "SCTP-Based Transport Mapping [SmartBits] Spirent Inc., "The Highly-Scalable Router Performance
Layer (TML) for the Forwarding and Control Element Tester: TeraRouting Tester", 2005,
Separation (ForCES) Protocol", RFC 5811, March 2010. <http://www.spirent.com/~/media/Datasheets/Broadband/
Obsolete_SMB-TM/TeraRouting%20Tester.pdf>.
[RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control [Tcpdump] Hadi Salim, J., "Subject: tcpdump 4.1.1", message to
Element Separation (ForCES) Forwarding Element Model", RFC the IETF forces mailing list, 20 May 2010,
5812, March 2010. <http://www.ietf.org/mail-archive/web/forces/current/
msg03811.html>.
[RFC5813] Haas, R., "Forwarding and Control Element Separation [TeamViewer] TeamViewer Inc., "TeamViewer - the All-In-One Software
(ForCES) MIB", RFC 5813, March 2010. for Remote Support and Online Meetings",
<http://www.teamviewer.com/>.
10.2. Informative References Appendix A. Acknowledgements
[Ethereal] The authors thank the following test participants:
, "Ethereal, also named Wireshark, is a protocol analyzer.
The specific Ethereal that was used is an updated
Ethereal, by Fenggen Jia, that can analyze and decode the
ForCES protocol messages", http://www.ietf.org/mail-
archive/web/forces/current/msg03687.html , .
[I-D.ietf-forces-ceha-00] Chuanhuang Li, Hangzhou BAUD Networks
Ogawa, K., Wang, W., Haleplidis, E., and J. Salim, "ForCES Ligang Dong, Zhejiang Gongshang University
Intra-NE High Availability", draft-ietf-forces-ceha-00 Bin Zhuge, Zhejiang Gongshang University
(work in progress) [RFC Editor Note: This reference is Jingjing Zhou, Zhejiang Gongshang University
intended to indicate a specific version of an Internet- Liaoyuan Ke, Hangzhou BAUD Networks
Draft that was used during interop testing. Please Do NOT Kelei Jin, Hangzhou BAUD Networks
update this reference to a more recent version of the
draft or to an RFC. Please remove this note before
publication] , October 2010.
[I-D.ietf-forces-lfb-lib-03] The authors also thank very much Adrian Farrel, Joel Halpern, Ben
Wang, W., Haleplidis, E., Ogawa, K., Li, C., and J. Campbell, Nevil Brownlee, and Sean Turner for their important help in
Halpern, "ForCES Logical Function Block (LFB) Library", the document publication process.
draft-ietf-forces-lfb-lib-03 (work in progress) [RFC
Editor Note: This reference is intended to indicate a
specific version of an Internet-Draft that was used during
interop testing. Please Do NOT update this reference to a
more recent version of the draft or to an RFC. Please
remove this note before publication] , December 2010.
[RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation Appendix B. Contributors
of IP Control and Forwarding", RFC 3654, November 2003.
[RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal, Contributors who have made major contributions to the
"Forwarding and Control Element Separation (ForCES) interoperability test are listed below.
Framework", RFC 3746, April 2004.
[RFC6053] Haleplidis, E., Ogawa, K., Wang, W., and J. Hadi Salim, Hirofumi Yamazaki
"Implementation Report for Forwarding and Control Element NTT Corporation
Separation (ForCES)", RFC 6053, November 2010. Tokyo
Japan
EMail: yamazaki.horofumi@lab.ntt.co.jp
[Racoon] , "Racoon in NetBSD is a well-known IKE daemon performing Rong Jin
the IPsec Key Exchange (IKE) with the peers", Zhejiang Gongshang University
http://www.netbsd.org/docs/network/ipsec/rasvpn.html , . Hangzhou
P.R. China
EMail: jinrong@zjsu.edu.cn
[Tcpdump] , "Tcpdump is a Linux protocol analyzer. The specific Yuta Watanabe
tcpdump that was used is a modified tcpdump, by Jamal Hadi NTT Corporation
Salim, that can analyze and decode the ForCES protocol Tokyo
messages", http://www.ietf.org/mail-archive/web/forces/ Japan
current/msg03811.html , . EMail: yuta.watanabe@ntt-at.co.jp
[Teamviewer] Xiaochun Wu
, "TeamViewer connects to any PC or server around the Zhejiang Gongshang University
world within a few seconds. ", http://www.teamviewer.com/ Hangzhou
, . P.R. China
EMail: spring-403@zjsu.edu.cn
Authors' Addresses Authors' Addresses
Weiming Wang Weiming Wang
Zhejiang Gongshang University Zhejiang Gongshang University
18 Xuezheng Str., Xiasha University Town 18 Xuezheng Str., Xiasha University Town
Hangzhou 310018 Hangzhou 310018
P.R.China P.R. China
Phone: +86-571-28877721 Phone: +86-571-28877721
Email: wmwang@zjsu.edu.cn EMail: wmwang@zjsu.edu.cn
Kentaro Ogawa Kentaro Ogawa
NTT Corporation NTT Corporation
Tokyo Tokyo
Japan Japan
Email: ogawa.kentaro@lab.ntt.co.jp EMail: ogawa.kentaro@lab.ntt.co.jp
Evangelos Haleplidis Evangelos Haleplidis
University of Patras University of Patras
Department of Electrical & Computer Engineering Department of Electrical & Computer Engineering
Patras 26500 Patras 26500
Greece Greece
Email: ehalep@ece.upatras.gr EMail: ehalep@ece.upatras.gr
Ming Gao Ming Gao
Hangzhou BAUD Networks Hangzhou BAUD Networks
408 Wen-San Road 408 Wen-San Road
Hangzhou 310012 Hangzhou 310012
P.R.China P.R. China
Email: gmyyqno1@zjsu.edu.cn EMail: gaoming@mail.zjgsu.edu.cn
Jamal Hadi Salim Jamal Hadi Salim
Mojatatu Networks Mojatatu Networks
Ottawa Ottawa
Canada Canada
Email: hadi@mojatatu.com EMail: hadi@mojatatu.com
 End of changes. 163 change blocks. 
517 lines changed or deleted 507 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/