draft-ietf-mpls-tp-li-lb-02.txt   draft-ietf-mpls-tp-li-lb-03.txt 
Network Working Group Sami Boutros (Ed.) Network Working Group Sami Boutros (Ed.)
Internet Draft Siva Sivabalan (Ed.) Internet Draft Siva Sivabalan (Ed.)
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track Cisco Systems, Inc.
Expires: December 5, 2011 Expires: February 15, 2012
Rahul Aggarwal (Ed.) Rahul Aggarwal (Ed.)
Juniper Networks, Inc. Juniper Networks, Inc.
Martin Vigoureux (Ed.) Martin Vigoureux (Ed.)
Alcatel-Lucent Alcatel-Lucent
Xuehui Dai (Ed.) Xuehui Dai (Ed.)
ZTE Corporation ZTE Corporation
June 5, 2011 August 15, 2011
MPLS Transport Profile Lock Instruct and Loopback Functions MPLS Transport Profile lock Instruct and Loopback Functions
draft-ietf-mpls-tp-li-lb-02.txt draft-ietf-mpls-tp-li-lb-03.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on December 5, 2011. This Internet-Draft will expire on February 15, 2012.
Abstract Abstract
This document specifies an extension to MPLS Operation, This document specifies one function and describes a second
administration, and Maintenance (OAM) to operate an Label Switched function which are applicable to MPLS transport networks. The first
Path (LSP), bi-directional RSVP-TE tunnels, Pseudowires (PW), or function enables an operator to lock a transport path while the
Multi-segment PWs in loopback mode for management purpose in an MPLS second enables an operator to set, in loopback, a given node along
based Transport. This extension includes mechanism to lock and a transport path. This document also defines the extension to MPLS
unlock MPLS-TP Tunnels (i.e. data and control traffic) and can be operation, administration, and maintenance (OAM) to perform the
used to loop all traffic (i.e, data and control traffic) at a lock function.
specified LSR on the path of the LSP in an MPLS based Transport
Network back to the source. However, the mechanisms are intended to
be applicable to other aspects of MPLS as well.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................2
2. Terminology....................................................5 2. Terminology....................................................4
3. Loopback/Lock Mechanism........................................5 3. Lock Message...................................................4
3.1. In-band Message Identification............................5 3.1. In-band Message Identification............................4
3.2. LI-LB Message Format......................................6 3.2. LI Message Format.........................................5
3.3. Return codes..............................................7 4. Lock Operation.................................................5
3.4. Cause codes...............................................7 4.1. UnLock Operation..........................................6
3.5. Authentication TLV........................................8 5. Loopback and maintenance operations............................6
3.6. LSP Ping Extensions.......................................9 6. Operation......................................................6
3.6.1. LI-LB Request TLV....................................9 6.1. General Procedures........................................6
3.6.2. LI-LB Response TLV...................................9 6.2. Example Topology..........................................6
4. Loopback/Lock Operations.......................................9 6.3. Locking a transport path..................................7
4.1. Lock Request.............................................10 6.4. UnLocking a transport path................................7
4.2. Unlock Request...........................................10 7. Security Considerations........................................7
4.3. Loopback Request.........................................10 8. IANA Considerations............................................8
4.4. Loopback Removal.........................................11 8.1. Pseudowire Associated Channel Type........................8
5. Data packets..................................................11 9. Acknowledgements...............................................8
6. Operation.....................................................11 10. References....................................................8
6.1. General Procedures.......................................11 10.1. Normative References.....................................8
6.2. Example Topology.........................................11 10.2. Informative References...................................9
6.3. Locking an LSP...........................................12 Author's Addresses................................................9
6.4. Unlocking an LSP.........................................13 Full Copyright Statement.........................................11
6.5. Setting an LSP into Loopback mode........................14 Intellectual Property Statement..................................11
6.6. Removing an LSP from Loopback mode.......................15
7. Security Considerations.......................................16
8. IANA Considerations...........................................16
8.1. Pseudowire Associated Channel Type.......................16
8.2. New LSP Ping TLV types...................................16
9. Acknowledgements..............................................16
10. References...................................................16
10.1. Normative References....................................16
10.2. Informative References..................................17
Author's Addresses...............................................17
Full Copyright Statement.........................................19
Intellectual Property Statement..................................19
1. Introduction 1. Introduction
In traditional transport networks, circuits are provisioned across This document specifies one function and describes another function
multiple nodes and service providers have the ability to operate the which are applicable to MPLS transport networks.
transport circuit such as T1 line in loopback mode for management
purposes, e.g., to test or verify connectivity of the circuit up to a
specific node on the path of the circuit, to test the circuit
performance with respect to delay/jitter, etc. This document provides
the same loopback capability for the bi-directional LSPs in MPLS
based Transport Networks emulating traditional transport circuits.
The mechanisms in this document apply to co-routed bidirectional
paths as defined in [7], which include LSPs, bi-directional RSVP-TE
tunnels, Pseudowires (PW), and Multi-segment PWs in MPLS based
Transport Networks. However, the mechanisms are intended to be
applicable to other aspects of MPLS as well.
This document specifies how to operate the Lock and Loopback
functions over both the Generic Associated Channel (GACh) and over
LSP-Ping. LSP-Ping itself can run either over the GACh or using
native IP addressing; the manner in which LSP-Ping is transported in
an MPLS-TP network is out of the scope of this document.
This document uses a sample topology to describe the lock instruct
and loopback functions. This sample topology comprises four MPLS-TP
nodes [A---B---C---D]. There is an LSP from A to D, and thus A and D
are MEPs and B and C are MIPs. Unless otherwise specified, the
operator desires to lock the LSP (this is done on A and D, by
definition) and loop the LSP at C.
That is, the desired behavior is that all packets transmitted by A on
this locked and looped LSP arrive at C from B and are encapsulated in
the D->A direction by C such that these packets reach A.
Locking and looping an LSP is a two-step process. The first step is The first function enables an operator to lock a transport path. The
to lock the LSP so that it is not made available to carry user second function enables an operator to set that transport path in
traffic. The locking of an LSP is managed by the two MEPs of an LSP - loopback at a specified node along the path. This document also
in this example, A and D. Locking is controlled by one of the MEPs; defines the extensions to the MPLS operation, administration and
this example uses A. A sends a Lock request message to D along the maintenance (OAM) to perform the lock function.
LSP, either in the GACh or in LSP-Ping. This message will be
received by D as it is the far-end MEP for that LSP. D responds to
the lock request with an ACK or NACK; the ACK indicates that D has
taken the LSP out of service (i.e. Locked the LSP) and the NACK
indicates that D cannot comply with the Lock request. In general, if
a message (e.g. Lock request, Loopback request) cannot be complied
with, the node which received the request replies with a NACK and a
cause code; the details of error message processing are discussed
later in this document.
Once A has received the ACK to its Lock request, A is then allowed to The Lock function is operated from MEP to MEP on bidirectional
put the LSP in Loopback mode. In order to set the LSP in Loopback (associated and co-routed) Label Switched Paths (LSPs), Pseudowires
mode, A sends a Loopback request message to the MIP or MEP where A (including multi-segment Pseudowires). As per RFC 5860 [1], lock is
desired the loopback to be enabled. In this example, A desires to an administrative state in which it is expected that only test
set the loopback at C, although note that it is possible to A to set traffic and control traffic (such as OAM messages dedicated to the
the loopback at any node downstream of A (e.g. B, C, D). The TTL on transport path) can be mapped on that transport path.
the Loopback request message is set by A such that the TTL expires
when it reaches the node where A wants the loopback to be set (in
this case, C). C responds to the Loopback request with a reply
message (ACK/NACK) back to A to indicate whether it has successfully
set the LSP into the Loopback mode.
If A receives an ACK from its Loopback request, the LSP is now in The Lock function can be performed using an extension to the MPLS OAM
Loopback mode. A is free to send any test packets down this LSP as as described in the next sections. This is a common mechanism to lock
it sees fit. These packets MUST NOT be forwared towards D. As the PWs and LSPs.
LSP is locked, D MUST NOT transmit any traffic on the LSP in the
reverse direction (that is, D->A). Any traffic received by C from
the reverse direction MUST be dropped and MAY be logged, as the
receipt of traffic by C in the D->A direction indicates an error.
When A desires to remove the LSP from Loopback state, it begins to The Lock function can as well be realized using a management plane.
reverse the Loopback and Lock. This is a two-step process; first A
removes the Loopback from C, then A removes the Lock from D. This
process is similar to the process of establishing Lock and Loopback
in the first place. A sends a Loopback Remove message to C using the
TTL method described above, and C ACKs or NACKs the Loopback Remove.
Once A receives the Loopback Remove ACK from C, A sends a Lock Remove
message to D. D must ACK or NACK this message. Once A receives the
Lock Remove ACK from D, the LSP is brought back into normal
operation.
The proposed mechanism is based on a new set of messages and TLVs The Loopback function is operated from MEP to MEP on bidirectional
which can be transported using one of the following methods: (associated and co-routed) Label Switched Paths (LSPs), Pseudowires
(including multi-segment Pseudowires). The Loopback function is
additionally operated from MEP to MIP on co-routed bidirectional
LSPs, and on multi-segment Pseudowires. The Loopback is a function
that enables a MEP to request a MEP or a MIP to enter a loopback
state. This state corresponds to the situation where, at a given
node, a forwarding plane loop is configured and the incoming
direction of a transport path is cross-connected to the outgoing
reverse direction. Therefore, except in the case of early TTL expiry,
traffic sent by the source will be received by that source.
Note that before setting a given node in Loopback for a specific
transport path, this transport path MUST be locked.
(1) An in-band MPLS message transported using a new ACH code point, The Loopback can be performed using a management plane. Management
the message will have different types to perform the loopback plane MUST insure that the two MEPs are locked before performing the
request/remove and Lock/unlock functions, and may carry new set of loopback function.
TLVs.
(2) A new set of TLVs which can be transported using LSP-Ping The Lock function is based on a new G-ACH message using a new channel
extensions defined in [4], and in compliance to specifications [5]. type as well as an existing TLV.
Method (1) and (2) are referred to as "in-band option" and "LSP-Ping When an LSP is locked, the management or control function is expected
option" respectively in the rest of the document. to lock both ends. The purpose of the Lock message is to ensure the
tight coordination of locking and unlocking the two ends. Lock
Instruct messages may be lost during looping or maintenance
operations, thus locking both ends is required, before such
operations occur.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [3]. document are to be interpreted as described in RFC-2119 [2].
2. Terminology 2. Terminology
ACH: Associated Channel Header ACH: Associated Channel Header
LSR: Label Switching Router LSR: Label Switching Router
MEP: Maintenance Entity Group End Point MEP: Maintenance Entity Group End Point
MIP: Maintenance Entity Group Intermediate Point. MIP: Maintenance Entity Group Intermediate Point.
MPLS-TP: MPLS Transport Profile MPLS-TP: MPLS Transport Profile
MPLS-OAM: MPLS Operations, Administration and Maintenance MPLS-OAM: MPLS Operations, Administration and Maintenance
MPLS-TP LSP: Bidirectional Label Switch Path representing a circuit MPLS-TP LSP: Bidirectional Label Switch Path
NMS: Network Management System NMS: Network Management System
TLV: Type Length Value TLV: Type Length Value
TTL: Time To Live TTL: Time To Live
LI-LB: Lock instruct-Loopback LI: Lock Instruct
3. Loopback/Lock Mechanism Transport path: MPLS-TP LSP or MPLS Pseudowire.
For the in-band option, the proposed mechanism uses a new code point 3. Lock Message
in the Associated Channel Header (ACH) described in [6].
3.1. In-band Message Identification 3.1. In-band Message Identification
In the in-band option, the LI-LB channel is identified by the ACH as The proposed mechanism uses a new code point in the Associated
defined in RFC 5586 [6] with the Channel Type set to the LI-LB code Channel Header (ACH) described in [4].
In the in-band option, the LI channel is identified by the ACH as
defined in RFC 5586 [4] with the Channel Type set to the LI code
point = 0xHH. [HH to be assigned by IANA from the PW Associated point = 0xHH. [HH to be assigned by IANA from the PW Associated
Channel Type registry] The LI-LB Channel does not use ACH TLVs and Channel Type registry] The LI Channel does not use ACH TLVs and MUST
MUST not include the ACH TLV header. The LI-LB ACH NOT include the ACH TLV header. The LI ACH Channel is shown below.
Channel is shown below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 1|Version|Reserved | 0xHH (LI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 1|Version|Reserved | 0xHH ( LI-LB) | +-+-
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: ACH Indication of LI-LB Figure 1: ACH Indication of LI
The LI-LB Channel is 0xHH (to be assigned by IANA) The LI Channel is 0xHH (to be assigned by IANA)
3.2. LI-LB Message Format 3.2. LI Message Format
The format of an LI-LB Message is shown below. The format of an LI Message is shown below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Message Type | Operation | Reserved | | Vers | Reserved | Refresh Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Return Code | Cause Code | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender's Handle |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV's | | MEP Source ID TLV |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: MPLS LI-LB Message Format Figure 2: MPLS LI Message Format
Version: The Version Number is currently 1. (Note: the version Version: The Version Number is currently 1. (Note: the version
number is to be incremented whenever a change is made that affects number is to be incremented whenever a change is made that affects
the ability of an implementation to correctly parse or process the the ability of an implementation to correctly parse or process the
request/response message. These changes include any syntactic or message. These changes include any syntactic or semantic changes made
semantic changes made to any of the fixed fields, or to any Type- to any of the fixed fields, or to any Type-Length-Value (TLV) or sub-
Length-Value (TLV) or sub-TLV assignment or format that is defined at TLV assignment or format that is defined at a certain version number.
a certain version number. The version number may not need to be The version number may not need to be changed if an optional TLV or
changed if an optional TLV or sub-TLV is added.) sub-TLV is added.)
Message Type
Two message types are defined as shown below.
Message Type Description
------------ -------------
0x0 LI-LB request
0x1 LI-LB response
Operation
Four operations are defined as shown below. The operations can appear
in a Request or Response message.
Operation Description
--------- -------------
0x1 Lock
0x2 Unlock
0x3 Set_Loopback
0x4 Unset_Loopback
Message Length
The total length of any included TLVs.
Sender's Handle
The Sender's Handle is filled in by the sender, and MUST be copied
unchanged by the receiver in the MPLS response message (if any).
There are no semantics associated with this handle, although a sender
may find this useful for matching up requests with replies.
Message ID
The Message ID is set by the sender of an MPLS request message. It
MUST be copied unchanged by the receiver in the MPLS response message
(if any). A sender SHOULD increment this value on each new message.
A retransmitted message SHOULD leave the value unchanged.
The Return code and Cause code only have meaning in a Response
message. In a request message the Return code and Cause code must be
set to zero and ignored on receipt. Return codes and cause codes are
described in the following Sections.
3.3. Return codes
Value Meaning
----- -------
0 Informational
1 Success
2 Failure
3.4. Cause codes
Value Meaning
----- -------
0 Success
1 Fail to match target MIP/MEP ID
2 Malformed LI-LB request received
3 One or more of the TLVs is/are unknown
4 Authentication failed
5 LSP/PW already locked
6 LSP/PW already unlocked
7 Fail to lock LSP/PW
8 Fail to unlock LSP/PW
9 LSP/PW already in loopback mode
10 LSP/PW is not in loopback mode
11 Fail to set LSP/PW in loopback mode
12 Fail to remove LSP/PW from loopback mode
13 No label binding for received message
14 Authentication required but not received.
Note that in the case of cause code 3, the unknown TLV can also be
optionally included in the response. For failure responses with multiple
causes only the first cause code can be included.
3.5. Authentication TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| type = TBD | Length = 0xx |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Variable Length Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The PPP CHAP described in [9] will be used to authenticate the LI-LB
request.
The variable length value carried in the optional authentication TLV,
will include the Packet Format described in section 3.2 of [9].
The optional authentication TLV can be included in the MPLS OAM LSP
Ping echo messages containing a LI-LB request TLV or in the inband
LI-LB Message. When an authentication TLV is present in the Request
message the CHAP procedures described in section 3.2 of [9] MUST be
followed.
The CHAP packets will be transmitted by the authenticator using LI-LB
Request or response messages, responses to the authentication
protocol messages will be transmitted using LI-LB request or response
messages.
If the CHAP negotiation results in a failure, the authenticator or
the sender of the request message MUST stop requesting the LI-LB
function.
A receiver of an LI-LB request, MAY send an error "Authentication
required but not received", if the optional authentication TLV is not
included in the LI-LB request.
3.6. LSP Ping Extensions
3.6.1. LI-LB Request TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| type = TBD | length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Operation |
+-+-+-+-+-+-+
Operation Description
--------- -------------
0x1 Lock
0x2 Unlock
0x3 Set_Loopback
0x4 Unset_Loopback
A MEP includes a LI-LB Request TLV in the MPLS LSP Ping echo request
message to request the MEP on the other side of the LSP toperform
Lock/Unlock and Set/Unset Loopback operations. Only one LI-LB request
TLV can be present in an LSP Ping Echo request message.
3.6.2. LI-LB Response TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| type = TBD | Length = 0x3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Operation | ReturnCode | CauseCode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Only one LI-LB response TLV can be present in an LSP Ping Echo
request message.
4. Loopback/Lock Operations
When performing a Lock or Loopback function, the reply to a message Refresh Timer: The maximum time between successive LI messages
MUST use the same method as the original message. That is, if a node specified in seconds. The default value is 1. The value 0 is not
requests lock or loopback using LSP Ping then any replies to that permitted. When a lock is applied, a refresh timer is chosen. This
request must also use LSP Ping; if a node requests lock or loopback value MUST NOT be changed for the duration of that lock.
using in-band, any replies to that request must use in-band. It is
permissible to use different methods for the lock and the loopback
functions on a given LSP. For example, a node can lock an LSP using
the LSP Ping method and then can loop the LSP using the in-band
method, or vice versa.
An ACK response of a request will be a response message with return MEP Source ID TLV: This is the "CC/CV MEP ID TLV" defined in [3].
code 1 (success) and cause code 0, while a NACK response will have a
return code 2 (failure) and the corresponding cause code.
4.1. Lock Request 4. Lock Operation
Lock Request is used to request a MEP to take an LSP out of service lock is used to request a MEP to take a transport path out of service
so that some form of maintenance can be done. so that some form of maintenance can be done.
The receiver MEP MUST send either an ACK or a NAK response to the When performing a lock, a sender MEP in response to a management
sender MEP. Until the sender MEP receives an ACK, it MUST NOT assume system request MUST take the transport path out of service and MUST
that the receiver MEP has taken the LSP out of service. A receiver send LI messages periodically to the target MEP at the end of the
MEP sends an ACK only if it can successfully lock the LSP. Otherwise, transport path. LI messages will be sent once every refresh time
it sends a NAK. interval.
The receiver MEP once locked, MUST discard all received traffic.
4.2. Unlock Request
The Unlock Request is sent from the MEP which has previously sent
lock request. Upon receiving the unlock request message, the receiver
MEP brings the LSP back in service.
The receiver MEP MUST send either an ACK or a NAK response to the The receiver MEP, will lock the transport path as long as it is
sender MEP. Until the sender MEP receives an ACK, it MUST NOT assume receiving the periodic LI messages.
that the LSP has been put back in service. A receiver MEP sends an
ACK only if the LSP has been unlocked, and unlock operation is
successful. Otherwise, it sends a NAK.
4.3. Loopback Request The receiver MEP once locked, MUST take the transport path out of
service.
When a MEP wants to put an LSP in loopback mode, it sends a Loopback 4.1. UnLock Operation
request message. The message can be intercepted by either a MIP or a
MEP depending on the MPLS TTL value. The receiver puts in
corresponding LSP in loopback mode.
The receiver MEP or MIP MUST send either an ACK or NAK response to Unlock is used to request a MEP to bring the previously locked
the sender MEP. An ACK response is sent if the LSP is successfully transport path back in service.
put in loopback mode. Otherwise, a NAK response is sent. Until an ACK
response is received, the sender MEP MUST NOT assume that the LSP can
operate in loopback mode.
4.4. Loopback Removal When a MEP is unlocked via management or control it MUST cease
sending LI messages. Further, it must have stopped receiving LI
messages for a period of 3.5 times the previously received refresh
timer before it brings the transport path back in service.
When loopback mode operation of an LSP is no longer required, the MEP A MEP would unlock transport path and put it back to service if and
that previously sent the Loopback request message sends another only if there is no management request to lock the path and it is not
Loopback Removal message. The receiver MEP changes the LSP from receiving in-band LI messages.
loopback mode to normal mode of operation.
The receiver MEP or MIP MUST send either an ACK or NAK response to 5. Loopback and maintenance operations
the sender MEP. An ACK response is sent if the LSP is already in
loopback mode, and if the LSP is successfully put back in normal
operation mode. Otherwise, a NAK response is sent. Until an ACK
response is received, the sender MEP MUST NOT assume that the LSP is
put back in normal operation mode.
5. Data packets When an LSP is locked, the management or control function is expected
to lock both ends. The purpose of the LI message is to ensure the
tight coordination of locking and unlocking the two ends. LI
messages may be lost during looping or maintenance operations, thus
locking both ends is required, before such operations occur.
Data packets sent from the sender MEP will be looped back to that When a transport path is put in loopback, traffic sent from the
sender MEP. OAM packets not intercepted by TTL expiry will as well be sender MEP will be looped back to that sender MEP. OAM packets not
looped back. The use of data packets to measure packet loss, delay intercepted by TTL expiry will as well be looped back. The use of
and delay variation is outside the scope of this document. traffic to measure packet loss, delay and delay variation is outside
the scope of this document.
6. Operation 6. Operation
6.1. General Procedures 6.1. General Procedures
When placing an LSP into Loopback mode, the operation MUST first be When taking a transport path out of service, the operation MUST first
preceded by a Lock operation. be preceded by a lock operation.
When sending Loopback Request/Removal using LSP Ping or in-Band
messages the TTL of the topmost label is set as follows:-
If the target node is a MIP, the TTL MUST be set to the exact number
of hops required to reach that MIP.
If the target node is a MEP, the value MUST be set to at least the
number of hops required to reach that MEP. For most operations where
the target is a MEP, the TTL MAY be set to 255.
However, to remove a MEP from Loopback mode, the sending MEP MUST set
the TTL to the exact number of hops required to reach the MEP (if the
TTL were set higher, the Loopback removal message would be looped
back toward the sender).
6.2. Example Topology 6.2. Example Topology
The next four sections discuss the procedures for Locking, Unlocking, The next sections discuss the procedures for locking, Unlocking a
setting an LSP into loopback, and removing the loopback. The transport path. Assume a transport path traverses nodes A <--> B <--
description is worded using an example. Assume an LSP traverses nodes > C <--> D. We will refer to the Maintenance Entities involved as
A <--> B <--> C <--> D. We will refer to the Maintenance Entities MEP-A, MIP-B, MIP-C, and MEP-D respectively. Suppose a maintenance
involved as MEP-A, MIP-B, MIP-C, and MEP-D respectively. Suppose a operation invoked at MEP-A requires to lock the transport path.
maintenance operation invoked at MEP-A requires a loopback be set at
MIP-C. To invoke Loopack mode at MIP-C, A would first need to lock
the LSP. Then it may proceed to set the loopback at C. Following the
loopback operation, A would need to remove the loopback at C and
finally unlock the LSP.
The following sections describe MEP-A setting and unsetting a lock at The following sections describe MEP-A setting and unsetting a lock at
MEP-D and then setting and removing a loopback at MIP-C. MEP-D.
6.3. Locking an LSP
1. MEP-A sends an MPLS LSP Ping Echo request message with the Lock
TLV or an in-Band Lock request Message. Optionally, an authentication
TLV MAY be included.
2. Upon receiving the request message, D uses the received label
stack and the Target Stack FEC TLV as per [5]/source MEP-ID to
identify the LSP. If no label binding exists or there is no
associated LSP back to the originator, the event is logged.
Processing ceases. Otherwise the message is delivered to the target
MEP.
a. if the source MEP-ID does not match, the event is logged and
processing ceases.
b. if the target MEP-ID does not match, MEP-D sends a failure
response with cause code 1.
MEP-D then examines the message, and:
c. if the message is malformed, it sends a failure response with
cause code 2 back to MEP-A.
d. if message authentication fails, it MAY send a failure response
with cause code 4 back to MEP-A.
e. if any of the TLVs is not known, it sends a failure response with
cause code 3 back to MEP-A. It may also include the unknown TLVs.
f. if the LSP is already locked, it sends a response with
cause code 5 back to MEP-A.
g. if the LSP is not already locked and cannot be locked, it sends a
failure response with cause code 7 back to A.
h. if the LSP is successfully locked, it sends a success response
with cause code 0 (Success) back to MEP-A.
The response is sent using an MPLS LSP Ping echo reply with a
response TLV or an in-Band Lock response message. An authentication
TLV MAY be included.
MEP-D will lock the LSP, resulting in that all traffic from D to A,
including all OAM traffic, stops.
a. MEP-A will detect a discontinuation in the OAM traffic, e.g. cv
and cc packets, but since it has been informed that the LSP will
be locked it will take no action(s).
b. When MEP-A receives the LI ACK, MEP-A discontinues sending
other OAM traffic, e.g. cv and cc packets. MEP-D will detect
this, but since it is in Locked state it will take no action.
6.4. Unlocking an LSP
1. MEP-A sends an MPLS Echo request message with the unLock TLV or an
in-Band unLock request Message. Optionally, an authentication TLV MAY
be included.
2. Upon receiving the unLock request message, D uses the received
label stack and target FEC/source MEP-ID as per [5] to identify the
LSP. If no label binding exists or there is no associated LSP back to
the originator, the event is logged. Processing ceases. Otherwise the
message is delivered to the target MEP.
a. if the source MEP-ID does not match, the event is logged and
processing ceases.
b. if the target MEP-ID does not match, MEP-D sends a failure
response with cause code 1.
MEP-D then examines the message, and:
c. if the message is malformed, it sends a failure response with
cause code 2 back to MEP-A.
d. if message authentication fails, it MAY send a failure response
with cause code 4 back to MEP-A.
e. if any of the TLVs is not known, it sends a failure response with
cause code 3 back to MEP-A. It may also include the unknown TLVs.
f. if the LSP is already unlocked, it sends a response with
cause code 6 back to MEP-A.
g. if the LSP is locked and cannot be unlocked, it sends a response
with cause code 8 back to MEP-A.
h. if the LSP is successfully unlocked, it sends a success response
with cause code 0 (Success) back to MEP-A.
The response is sent using an MPLS LSP Ping echo reply with a
response TLV or an in-Band unlock response message. An authentication
TLV MAY be included.
6.5. Setting an LSP into Loopback mode
1. MEP-A sends an MPLS LSP Ping Echo request message with the
loopback TLV or an in-Band Loopback request message. Optionally, an
authentication TLV MAY be included.
2. Upon intercepting the MPLS Loopback message via TTL expiration, C
uses the received label stack and target FEC/source MEP-ID as per [5]
to identify the LSP.
If no label binding exists or there is no associated LSP back to the
originator, the event is logged. Processing ceases.
Otherwise the message is delivered to the target MIP/MEP - in this
case MIP-C.
a. if the source MEP-ID does not match, the event is logged and
processing ceases.
b. if the target MIP-ID does not match, MIP-C sends a failure
response with cause code 1.
MIP-C then examines the message, and:
c. if the message is malformed, it sends a failure response with
cause code 2 back to MEP-A.
d. if the message authentication fails, it sends a failure response
with cause code 4 back to MEP-A.
e. if any of the TLV is not known, C sends a failure response with
cause code 3 back to MEP-A. It may also include the unknown TLVs.
f. if the LSP is already in the requested loopback mode, it sends a
failure response with cause code 9 back to MEP-A.
g. if the LSP is not already in the requested loopback mode and that
loopback mode cannot be set, it sends a failure response with cause
code 11 back to MEP-A.
h. if the LSP is successfully programmed into the requested loopback
mode, it sends a success response with cause code 0 (Success) back to
MEP-A.
The response is sent using an MPLS LSP Ping echo reply with a
response TLV or an in-Band Loopback response message. An
authentication TLV MAY be included.
6.6. Removing an LSP from Loopback mode
1. MEP-A sends a MPLS LSP Ping Echo request message with the Loopback
removal TLV or an in-Band Loopback removal request message.
Optionally, an authentication TLV MAY be included.
2. Upon intercepting the MPLS Loopback removal message via TTL
expiration, C uses the received label stack and the target FEC/source
MEP-ID as per [5] to identify the LSP.
If no label binding exists or there is no associated LSP back to
the originator, the event is logged. Processing ceases.
Otherwise the message is delivered to the target MIP/MEP - in this
case MIP-C.
a. if the source MEP-ID does not match, the event is logged and 6.3. Locking a transport path
processing ceases.
b. if the target MIP-ID does not match, MIP-C sends a failure 1. MEP-A sends an in-band LI Message in response to a Management
response with cause code 1 back to MEP-A. system request to lock the transport path. The message will include
the source MEP-ID TLV.
MIP-C then examines the message, and: 2. Upon receiving the LI message, D uses the received label stack and
the source MEP-ID as per [3] to identify the transport path. If no
label binding exists or there is no associated transport path back to
the originator, or if the source MEP-ID does not match, the event is
logged. Processing ceases. Otherwise the message is processed.
c. if the message is malformed, it sends a failure response with 6.4. UnLocking a transport path
cause code 2 back to MEP-A.
d. if the message authentication fails, it sends a failure response 1. In response to a Management system request to unlock the transport
with cause code 4 back to MEP-A. path MEP-A stops sending LI Messages.
e. if any of the TLV is not known, C sends a failure response with 2. After 3.5 times the refresh timer, both sender MEP A and receive
cause code 3 back to MEP-A. It may also include the unknown TLVs. MEP D unlock the transport path and put the transport path back in
service.
f. if the LSP is not in loopback mode, it sends a failure response 7. Security Considerations
with cause code 10 back to MEP-A.
g. if the LSP loopback cannot be removed, it sends a failure response MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
with cause code 12 back to MEP-A. the security model of MPLS. MPLS networks make the assumption that it
is very hard to inject traffic into a network, and equally hard to
cause traffic to be directed outside the network. The control plane
protocols utilize hop-by-hop security, and assume a "chain-of-trust"
model such that end-to-end control plane security is not used. For
more information on the generic aspects of MPLS security, see [5].
h. if the LSP is successfully changed from loopback mode to normal This document describes a protocol carried in the G-ACh [4], and so
mode of operation, it sends a reply with cause code 0 (Success ) back is dependent on the security of the G-ACh, itself. The G-ACh is a
to MEP-A. generalization of the Associated Channel defined in [6]. Thus, this
document relies heavily on the security mechanisms provided for the
Associated Channel and described in those two documents.
The response is sent using an MPLS LSP Ping echo reply with a A specific concern for the G-ACh is that is can be used to provide a
response TLV or an in-Band Loopback removal response message. An covert channel. This problem is wider than the scope of this
authentication TLV MAY be included. document and does not need to be addressed here, but it should be
noted that the channel provides end-to-end connectivity and SHOULD
NOT be policed by transit nodes. Thus, there is no simple way of
preventing any traffic being carried between in the G-ACh consenting
nodes.
7. Security Considerations A good discussion of the data plane security of an associated channel
may be found in [7]. That document also describes some mitigation
techniques.
Security is addressed through the use of authentication TLV and the It should be noted that the G-ACh is essentially connection-oriented
the Challenge-Handshake Authentication protocol procedures described so injection or modification of control messages specified in this
in section [9]. document require the subversion of a transit node. Such subversion is
generally considered hard in MPLS networks, and impossible to protect
against at the protocol level. Management level techniques are more
appropriate.
8. IANA Considerations 8. IANA Considerations
8.1. Pseudowire Associated Channel Type 8.1. Pseudowire Associated Channel Type
LI-LB OAM requires a unique Associated Channel Type which is assigned LI OAM requires a unique Associated Channel Type which is assigned by
by IANA from the Pseudowire Associated Channel Types Registry. IANA from the Pseudowire Associated Channel Types Registry.
Registry: Registry:
Value Description TLV Follows Reference Value Description TLV Follows Reference
----------- ----------------------- ----------- --------- ----------- ----------------------- ----------- ---------
0xHHHH LI-LB No (Section 3.1) 0xHHHH LI No (Section 3.1)
8.2. New LSP Ping TLV types
IANA is requested to assign TLV type values to the following TLVs
from the "Multiprotocol Label Switching Architecture (MPLS) Label
Switched Paths (LSPs) Parameters - TLVs" registry, "TLVs and sub-
TLVs" sub-registry.
1. LI-LB Request TLV (See section 3.3.1)
2. LI-LB Response TLV (See section 3.3.2)
3. Authentication TLV (See section 3.3.3)
9. Acknowledgements 9. Acknowledgements
The authors would like to thank Loa Andersson for his valuable The authors would like to thank Loa Andersson for his valuable
comments. comments.
10. References 10. References
10.1. Normative References 10.1. Normative References
[1] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N., and [1] Vigoureux, M., Ward, D., and M. Betts, "Requirements for
S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654,
September 2009.
[2] Vigoureux, M., Ward, D., and M. Betts, "Requirements for
Operations, Administration, and Maintenance (OAM) in MPLS Operations, Administration, and Maintenance (OAM) in MPLS
Transport Networks", RFC 5860, May 2010. Transport Networks", RFC 5860, May 2010.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[4] K. Kompella, G. Swallow, "Detecting Multi-Protocol Label [3] D. Allan, et. al., Proactive Connectivity Verification,
Switched (MPLS) Data Plane Failures", RFC 4379, February 2006. Continuity Check and Remote Defect indication for MPLS
Transport Profile draft-ietf-mpls-tp-cc-cv-rdi-06, work in
[5] N. Bahadur, et. al., "MPLS on-demand Connectivity Verification, progress, June 2010
Route Tracing and Adjacency Verification", draft-ietf-mpls-tp-
on-demand-cv-00, work in progress, June 2010
[6] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic [4] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", RFC 5586, June 2009. Associated Channel", RFC 5586, June 2009.
[7] Bocci, M. and G. Swallow, "MPLS-TP Identifiers", draft-ietf- [5] L. Fang, "Security Framework for MPLS and GMPLS Networks", RFC
mpls-tp-identifiers-01 (work in progress), June 2010. 5920, July 2010.
[8] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N., and [6] S. Bryant, G. Swallow, L. Martini "Pseudowire Emulation Edge-
S.Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC
September 2009. 4385, Feb 2006.
[9] B. Lloyd, L&A, and W. Simpson, "PPP Authentication Protocols", [7] T. Nadeau, C. Pignataro, "Pseudowire Virtual Circuit
October 1992. Connectivity Verification (VCCV): A Control Channel for
Pseudowires", RFC 5085, Dec 2007.
10.2. Informative References 10.2. Informative References
[10] Nabil Bitar, et. al, "Requirements for Multi-Segment Pseudowire [1] Bocci, M. and G. Swallow, "MPLS-TP Identifiers", draft-ietf-
Emulation Edge-to-Edge (PWE3) ", RFC5254, October 2008. mpls-tp-identifiers-07 (work in progress), June 2010.
[2] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N., and
S.Ueno, "Requirements of an MPLS Transport Profile", RFC 5654,
September 2009.
[3] Nabil Bitar, et. al, "Requirements for Multi-Segment Pseudowire
Emulation Edge-to-Edge (PWE3) ", RFC 5254, October 2008.
Author's Addresses Author's Addresses
Sami Boutros Sami Boutros
Cisco Systems, Inc. Cisco Systems, Inc.
Email: sboutros@cisco.com Email: sboutros@cisco.com
Siva Sivabalan Siva Sivabalan
Cisco Systems, Inc. Cisco Systems, Inc.
Email: msiva@cisco.com Email: msiva@cisco.com
skipping to change at page 19, line 10 skipping to change at page 11, line 10
Bo Wu Bo Wu
ZTE Corporation. ZTE Corporation.
Email: wu.bo@zte.com.cn Email: wu.bo@zte.com.cn
Jian Yang Jian Yang
ZTE Corporation. ZTE Corporation.
Email: yang_jian@zte.com.cn Email: yang_jian@zte.com.cn
Full Copyright Statement Full Copyright Statement
Copyright (c) 2008 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 20, line 15 skipping to change at page 12, line 17
The definitive version of an IETF Document is that published by, or The definitive version of an IETF Document is that published by, or
under the auspices of, the IETF. Versions of IETF Documents that are under the auspices of, the IETF. Versions of IETF Documents that are
published by third parties, including those that are translated into published by third parties, including those that are translated into
other languages, should not be considered to be definitive versions other languages, should not be considered to be definitive versions
of IETF Documents. The definitive version of these Legal Provisions of IETF Documents. The definitive version of these Legal Provisions
is that published by, or under the auspices of, the IETF. Versions of is that published by, or under the auspices of, the IETF. Versions of
these Legal Provisions that are published by third parties, including these Legal Provisions that are published by third parties, including
those that are translated into other languages, should not be those that are translated into other languages, should not be
considered to be definitive versions of these Legal Provions. considered to be definitive versions of these Legal Provions.
For the avoindance od doubt, each Contributor to the UETF Standards For the avoidance of doubt, each Contributor to the UETF Standards
Process licenses each Contribution that he or she makes as part of Process licenses each Contribution that he or she makes as part of
the IETF Standards Process to the IETF Trust pursuant to the the IETF Standards Process to the IETF Trust pursuant to the
provisions of RFC 5378. No language to the contrary, or terms, provisions of RFC 5378. No language to the contrary, or terms,
conditions or rights that differ from or are inconsistent with the conditions or rights that differ from or are inconsistent with the
rights and licenses granted under RFC 5378, shall have any effect and rights and licenses granted under RFC 5378, shall have any effect and
shall be null and void, whether published or posted by such shall be null and void, whether published or posted by such
Contributor, or included with or in such Contribution. Contributor, or included with or in such Contribution.
Acknowledgment Acknowledgment
 End of changes. 74 change blocks. 
621 lines changed or deleted 221 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/