draft-ietf-mpls-tp-li-lb-06.txt   draft-ietf-mpls-tp-li-lb-07.txt 
Network Working Group Sami Boutros (Ed.) Network Working Group Sami Boutros (Ed.)
Internet Draft Siva Sivabalan (Ed.) Internet Draft Siva Sivabalan (Ed.)
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track Cisco Systems, Inc.
Updates: 6371 (if approved) Updates: 6371 (if approved)
Expires: March 29, 2012 Expires: April 3, 2012 Rahul Aggarwal (Ed.)
Rahul Aggarwal (Ed.) Arktan, Inc.
Arktan, Inc.
Martin Vigoureux (Ed.) Martin Vigoureux (Ed.)
Alcatel-Lucent Alcatel-Lucent
Xuehui Dai (Ed.) Xuehui Dai (Ed.)
ZTE Corporation ZTE Corporation
September 29, 2011 October 3, 2011
MPLS Transport Profile lock Instruct and Loopback Functions MPLS Transport Profile lock Instruct and Loopback Functions
draft-ietf-mpls-tp-li-lb-06.txt draft-ietf-mpls-tp-li-lb-07.txt
Abstract
Two useful Operations, Administration, and Maintenance (OAM)
functions in a transport network are "lock" and "loopback". The lock
function enables an operator to lock a transport path such that it
does not carry client traffic, but can continue to carry OAM messages
and may carry test traffic. The loopback function allows an operator
to set a specific node on the transport path into loopback mode such
that it returns all received data.
This document specifies the lock function for MPLS networks and
describes how the loopback function operates in MPLS networks.
This document updates RFC 6371 section 7.1.1.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 39 skipping to change at page 2, line 4
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on March 29, 2012. Copyright Notice
Abstract
This document specifies one function and describes a second function
which are applicable to MPLS transport networks. The first function
enables an operator to lock a transport path while the second enables
an operator to set, in loopback, a given node along a transport path.
This document also defines the extension to MPLS operation,
administration, and maintenance (OAM) to perform the lock function.
This document updates RFC 6371 section 7.1.1.
Table of Contents Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
1. Introduction...................................................2 This document is subject to BCP 78 and the IETF Trust's Legal
1.1. Updates RFC 6371..........................................5 Provisions Relating to IETF Documents
2. Terminology....................................................5 (http://trustee.ietf.org/license-info) in effect on the date of
3. Lock Message...................................................5 publication of this document. Please review these documents
3.1. Message Identification....................................5 carefully, as they describe your rights and restrictions with respect
3.2. LI Message Format.........................................6 to this document. Code Components extracted from this document must
4. Lock, Loopback and maintenance operations......................6 include Simplified BSD License text as described in Section 4.e of
5. Operation......................................................7 the Trust Legal Provisions and are provided without warranty as
5.1. Lock Operation............................................7 described in the Simplified BSD License.
5.2. UnLock Operation..........................................7
5.3. General Procedures........................................7
5.4. Example Topology..........................................8
5.5. Locking a transport path..................................8
5.6. UnLocking a transport path................................8
6. Security Considerations........................................8
7. IANA Considerations............................................9
7.1. Pseudowire Associated Channel Type........................9
8. Acknowledgements...............................................9
9. References.....................................................9
9.1. Normative References......................................9
9.2. Informative References...................................10
Author's Addresses...............................................10
Full Copyright Statement.........................................12
Intellectual Property Statement..................................12
1. Introduction 1. Introduction
This document specifies one function and describes another function Two useful Operations, Administration, and Maintenance (OAM)
which are applicable to MPLS transport networks. functions in a transport network are "lock" and "loopback". This
document discusses these functions in the context of MPLS networks.
The first function enables an operator to lock a transport path. The - The lock function enables an operator to lock a transport path such
second function enables an operator to set that transport path in that it does not carry client traffic. As per RFC 5860 [1], lock is
loopback at a specified node along the path. This document also an administrative state in which it is expected that no client
specifies the extensions to the MPLS operation, administration and traffic may be carried. However, test traffic and OAM messages can
maintenance (OAM) to perform the lock function. still be mapped onto the locked transport path. The lock function
may be applied to to Label Switched Paths (LSPs), Pseudowires (PWs)
(including multi-segment Pseudowires) (MS-PWs), and MPLS Sections
as defined in RFC 5960 [9]).
The Lock function pertains to Label Switched Paths (LSPs), - The loopback function allows an operator to set a specific node on
Pseudowires (including multi-segment Pseudowires) and Sections. As a transport path into loopback mode such that it returns all
per RFC 5860 [1], lock is an administrative state in which it is received data. Loopback can be applied at a Maintenance Entity
expected that no client traffic may be carried. However, test traffic Group End Point (MEP) or a Maintenance Entity Group Intermediate
and OAM messages can be mapped on the locked transport path. Point (MIP) on a co-routed bidirectional LSP, PW or MPLS
Section. It can also be applied at a MEP on an associated
bidirectional LSP, PW or MPLS Section.
Taking the example of an LSP, lock is initiated by an operator. Loopback is used to test the integrity of the transport path to and
Typically when an LSP is locked, both ends of the LSP are from the node that is performing loopback. It requires that the
independently locked by the operator. It is often difficult to transport is locked and that a MEP on the transport path sends test
coordinate these lock operations within a tight window. This document data which it also validates on receipt.
defines a new OAM message, Lock Instruct (LI) in order to provide the
desired timely coordination.
When an endpoint of an LSP or PW is locked by an operator, the MEP This document specifies the lock function for MPLS networks and
sends LI messages to its peer MEP. An endpoint considers the LSP to describes how the loopback function operates in MPLS networks.
be locked when either it receives an external operator command or
when it receives an LI message.
The Lock function can be performed using an extension to the MPLS OAM This document updates RFC 6371 section 7.1.1 [6].
as described in the next sections. This is a common mechanism to lock
PWs, LSPs and Sections.
The Lock function can as well be realized using a management plane. 1.1. Updates RFC 6371
The Loopback function is operated by management from MEP to MEP on This document updates section 7.1.1 of RFC 6371 [6].
bidirectional (associated and co-routed) Label Switched Paths (LSPs),
Pseudowires (including multi-segment Pseudowires) and Sections.
The Loopback function is additionally operated from MEP to MIP on That framework makes the assumption that the Lock Instruct message is
co-routed bidirectional LSPs, on multi-segment Pseudowires and used to independently enable locking and requires a response message.
Sections.
Loopback is a function that enables a receiving MEP to return The mechanism defined in this document requires that a lock
traffic to the sending MEP when in the loopback state. This state instruction is sent by management to both ends of the locked
corresponds to the situation where, at a given node, a forwarding transport path and that the Lock Instruct message does not require a
plane loop is configured and the incoming direction of a transport response.
path is cross-connected to the outgoing reverse direction. Therefore,
except in the case of early TTL expiry, traffic sent by the source
will be received by that source.
Note that before setting a given node in Loopback for a specific 2. Terminology and Conventions
transport path, this transport path MUST be locked.
2.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [2].
2.2. Acronyms and Terms
ACH: Associated Channel Header
MEG: Maintenance Entity Group
MEP: Maintenance Entity Group End Point
MIP: Maintenance Entity Group Intermediate Point
MPLS-TP: MPLS Transport Profile
MPLS-TP LSP: Bidirectional Label Switch Path
TLV: Type Length Value
TTL: Time To Live
LI: Lock Instruct
Transport path: MPLS-TP LSP or MPLS PW
3. Lock Function
Lock is used to request a MEP to take a transport path out of service
for administrative reasons. For example, Lock can be used to allow
some form of maintenance to be done for a transport path. Lock is
also a prerequisite of the Loopback function described in Section 4.
The NMS or a management process initiates a Lock by sending a Lock
command to a MEP. The MEP takes the transport path out of service,
that is, it stops injecting or forwarding traffic onto the transport
path.
To properly lock a transport path (for example, to ensure that a
loopback test can be performed), both directions of the transport
path must be taken out of service so a Lock command is sent to the
MEPs at both ends of the path. This ensures that no traffic is sent
in either direction. Thus, the Lock function can be realized entirely
using the management plane.
However, despatch of messages in the management plane to the two MEPs
may present coordination challenges. It is desirable that the lock be
achieved in a coordinated way within a tight window, and this may be
difficult with a busy management plane. In order to provide
additional coordination, an LI OAM message can additionally be sent.
A MEP locks a transport path when it receives a command from a
management process or when it receives an LI message as described in
Section 6.
This document defines an LI message for MPLS OAM. The LI message is
based on a new ACH Type as well as an existing TLV. This is a common
mechanism applicable to lock LSPs, PW, and MPLS Sections.
4. Loopback Function
This section provides a description of the Loopback function within
an MPLS network. This function is achieved through management
commands and so there is no protocol specification necessary.
However, the Loopback function is dependent on the Lock function and
so it is appropriate to describe it in this document.
The Loopback function is used to test the integrity of a transport
path from a MEP up any other node in the same MEG. This is achieved
by setting the target node into loopback mode, and transmitting a
pattern of test data from the MEP. The target node loops all received
data back toward the originator, and the MEP extracts the test data
and compares it with what it sent.
Loopback is a function that enables a receiving MEP to return traffic
to the sending MEP when in the loopback state. This state corresponds
to the situation where, at a given node, a forwarding plane loop is
configured and the incoming direction of a transport path is cross-
connected to the outgoing reverse direction. Therefore, except in the
case of early TTL expiry, traffic sent by the source will be received
by that source.
Data plane loopback is an out-of-service function, as required in Data plane loopback is an out-of-service function, as required in
section 2.2.5 of RFC 5860 [1]. This function loops back all traffic section 2.2.5 of RFC 5860 [1]. This function loops back all traffic
(including user data and OAM). The traffic can be originated from one (including user data and OAM). The traffic can be originated from one
internal point at the ingress of a transport path within an interface internal point at the ingress of a transport path within an interface
or inserted from input port of an interface using an external test or inserted from input port of an interface using an external test
equipment. The traffic is looped back unmodified (other than normal equipment. The traffic is looped back unmodified (other than normal
per hop processing such as TTL decrement) in the direction of the per hop processing such as TTL decrement) in the direction of the
point of origin by an interface at either an intermediate node or a point of origin by an interface at either an intermediate node or a
terminating node. terminating node.
skipping to change at page 4, line 26 skipping to change at page 5, line 26
applied to data plane loopback points residing on different applied to data plane loopback points residing on different
interfaces from MIPs/MEPs. All traffic (including both payload and interfaces from MIPs/MEPs. All traffic (including both payload and
OAM) received on the looped back interface is sent on the reverse OAM) received on the looped back interface is sent on the reverse
direction of the transport path. direction of the transport path.
For data plane loopback at an intermediate point in a transport For data plane loopback at an intermediate point in a transport
path, the loopback needs to be configured to occur at either the path, the loopback needs to be configured to occur at either the
ingress or egress interface. This is done using management. ingress or egress interface. This is done using management.
The Loopback can be performed using a management plane. Management The Loopback can be performed using a management plane. Management
plane MUST ensure that the two MEPs are locked before performing the plane must ensure that the two MEPs are locked before performing the
loopback function. loopback function.
The Lock function is based on a new G-ACH message using a new
channel type as well as an existing TLV.
When an LSP is locked, the management or control function is expected
to lock both ends. The purpose of the Lock instruct LI message is to
ensure the timely coordination of locking and unlocking the two ends.
Lock Instruct messages may be lost during looping or maintenance
operations, thus locking both ends is required, before such
operations occur.
This document updates RFC 6371 section 7.1.1.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The nature of test data and the use of loopback traffic to measure
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this packet loss, delay, and delay variation is outside the scope of this
document are to be interpreted as described in RFC-2119 [2]. document.
1.1. Updates RFC 6371
This document updates section 7.1.1 of RFC 6371. The mechanism
proposed to send the LI OAM message requires the LI OAM message to be
sent periodically and doesn't require a reply to the LI message.
2. Terminology
ACH: Associated Channel Header
LSR: Label Switching Router
MEP: Maintenance Entity Group End Point
MIP: Maintenance Entity Group Intermediate Point.
MPLS-TP: MPLS Transport Profile
MPLS-OAM: MPLS Operations, Administration and Maintenance
MPLS-TP LSP: Bidirectional Label Switch Path
NMS: Network Management System
TLV: Type Length Value 4.1. Operational Prerequisites
TTL: Time To Live Obviously, for the Loopback function to operate, there are several
prerequisites:
LI: Lock Instruct - There must be a return path, so transport path under test must e
bidirectional.
Transport path: MPLS-TP LSP or MPLS Pseudowire. - The node in loopback mode must be on both the forward and return
paths. This possible for all MEPs and MIPs on a co-routed
bidirectional LSP, PW, or MPLS Section, but is only
possible on for MEPs on associated bidirectional LSPs, PW,
or MPLS Sections.
3. Lock Message - The transport path cannot deliver client data when one of its nodes
is in loopback mode, so it is important that the transport path is
locked before loopback is enabled.
3.1. Message Identification - Management plane coordination between the node in loopback mode and
the MEP sending test data is required. The MEP must not send test
data until loopback has been properly configured because this would
result in the test data continuing toward the destination.
The proposed mechanism uses a new code point in the Associated - The TTL of the test packets must be set sufficiently large to
Channel Header (ACH) described in [4]. account for both directions of the transport path under test
otherwise the packets will not be returned to the originating MEP.
The LI channel is identified by the ACH as defined in RFC 5586 [4] - OAM messages intended for delivery to nodes along the transport
with the Channel Type set to the LI code point = 0xHH. [HH to be path under test can be delivered by correct TTL expiry. However,
assigned by IANA from the PW Associated Channel Type registry] The OAM messages cannot be delivered to points beyond the loopback node
LI Channel does not use ACH TLVs and MUST NOT include the ACH TLV until the loopback condition is lifted.
header. The LI ACH Channel is shown below.
0 1 2 3 5. Lock Instruct Message
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 1|Version|Reserved | 0xHH (LI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: ACH Indication of LI 5.1. Message Identification
The LI Channel is 0xHH (to be assigned by IANA) The Lock Instruct Message is carried in the Associated Channel Header
(ACh) described in [4]. it is identified by a new PW ACh Type of 0xHH
(to be assigned by IANA).
3.2. LI Message Format 5.2. LI Message Format
The format of an LI Message is shown below. The format of an LI Message is shown below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vers | Reserved | Refresh Timer | | Vers | Reserved | Refresh Timer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MEP Source ID TLV | | MEP Source ID TLV |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: MPLS LI Message Format Figure 1: MPLS Lock Instruct Message Format
Version: The Version Number is currently 1. (Note: the version Version: The Version Number is currently 1. (Note: the version
number is to be incremented whenever a change is made that affects number is to be incremented whenever a change is made that affects
the ability of an implementation to correctly parse or process the the ability of an implementation to correctly parse or process the
message. These changes include any syntactic or semantic changes made message. These changes include any syntactic or semantic changes made
to any of the fixed fields, or to any Type-Length-Value (TLV) or sub- to any of the fixed fields, or to any Type-Length-Value (TLV) or sub-
TLV assignment or format that is defined at a certain version number. TLV assignment or format that is defined at a certain version number.
The version number may not need to be changed if an optional TLV or The version number may not need to be changed if an optional TLV or
sub-TLV is added.) sub-TLV is added.)
Reserved: The reserved field MUST be set to zero on transmission and
SHOULD be ignored on receipt.
Refresh Timer: The maximum time between successive LI messages Refresh Timer: The maximum time between successive LI messages
specified in seconds. The default value is 1. The value 0 is not specified in seconds. The default value is 1. The value 0 is not
permitted. When a lock is applied, a refresh timer is chosen. This permitted. When a lock is applied, a refresh timer is chosen. This
value MUST NOT be changed for the duration of that lock. value MUST NOT be changed for the duration of that lock. A node
receiving a LI message with a changed refresh timer MAY ignore the
new value and continue to apply the old value.
MEP Source ID TLV: This is the "CC/CV MEP ID TLV" defined in [3]. MEP Source ID TLV: This is one of the three MEP Source ID TLVs
defined in [3] and identifies the MEP that originated the LI message.
4. Lock, Loopback and maintenance operations 6. Operation of the Lock Function
When an LSP is locked, the management or control function is expected 6.1. Locking a Transport Path
to lock both ends. The purpose of the LI message is to ensure the
timely coordination of locking and unlocking the two ends. LI
messages may be lost during looping or maintenance operations, thus
locking both ends is required, before such operations occur.
When a transport path is put in loopback, traffic sent from the When a MEP receives a Lock command from an NMS or through some other
sending MEP will be looped back to that sending MEP. OAM packets not management process, it MUST take the transport path out of service.
intercepted by TTL expiry will as well be looped back. The use of That is, it MUST stop injecting or forwarding traffic onto the LSP,
traffic to measure packet loss, delay and delay variation is outside PW, or Section that has been locked.
the scope of this document.
5. Operation As soon as the transport path has been locked, the MEP MUST send an
LI message targeting the MEP at the other end of the locked transport
path. The source MEP MUST set the Refresh Timer value in the LI
message and MUST retransmit the LI message at the frequency indicated
by the value set.
5.1. Lock Operation When locking a transport path, the NMS or management process is
required to send a Lock command to both ends of the transport path.
Thus a MEP may receive either the management command or an LI message
first. A MEP MUST take the transport path out of service immediately
in either case, but only sends LI messages itself after it has
received a management lock command. Thus, a MEP is locked if either
Lock was requested by management (and, as a result, the MEP is
sending LI messages), or it is receiving LI messages from the remote
MEP.
Lock is used to request a MEP to take a transport path out of service Note that a MEP that receives an LI message MUST identify the correct
for administrative reasons. For example, Lock can be used to allow transport path and validate the message. The label stack on the
some form of maintenance to be done for a transport path. received message is used to identify the transport path to be locked:
When performing Lock, in response to a management request, the MEP - If no matching label binding exists then there is no corresponding
MUST take the transport path out of service and MUST begin sending LI transport path and the received LI message is in error.
messages periodically to the remote MEP at the remote end of the
transport path.
The receiver MEP once locked, MUST take the transport path out of - If the transport path can be identified, but there is no return
service. path (for example, the transport path was unidirectional) then the
lock cannot be applied by the receiving MEP.
The receiver MEP, will lock the transport path as long as it is - If the transport path is suitable for locking but the source MEP-ID
receiving the periodic LI messages. identifies an unexpected MEP for the MEG to which the receiving MEP
belongs, the received LI message is in error.
A MEP is locked either Lock was requested by management (and - as a When an errored LI message is received, the receiving MEP MUST NOT
result it is sending LI messages), or it is receiving LI messages apply a lock. A MEP receiving errored LI messages SHOULD perform
from the remote MEP. local diagnostic actions (such as counting the messages) and MAY
log the messages.
5.2. UnLock Operation A MEP keeps a transport path locked as long as it is either receiving
the periodic LI messages or has an in-force Lock command from
management. (see Section 6.2 for an explanation of unlocking a MEP).
Note that in some scenarios (such as the use of loopback as described
in Section 4) LI messages will not continue to be delivered on a
locked transport path. This is why a transport path is considered
locked while there is an in-force Lock command from a management
process regardless of whether LI messages are being received.
6.2. UnLocking a Transport Path
Unlock is used to request a MEP to bring the previously locked Unlock is used to request a MEP to bring the previously locked
transport path back in service. transport path back in service.
When a MEP is unlocked via management or control it MUST cease When a MEP receives an Unlocked command from a management process it
sending LI messages. Further, it must have stopped receiving LI MUST cease sending LI messages. However, as described in Section 6.1,
messages for a period of 3.5 times the previously received refresh if the MEP is still receiving LI messages, the transport path MUST
timer before it brings the transport path back in service. remain out of service. Thus, to unlock a transport path, the
management process has to send an Unlock command to the MEPs at
A MEP would unlock transport path and put it back to service if and either end.
only if there is no management request to lock the path and it is not
receiving in-band LI messages.
A MEP is unlocked when there is no management request to Lock and no
LI OAM messages are received.
5.3. General Procedures
When taking a transport path out of service, the operation MUST be
preceded by a lock operation.
5.4. Example Topology
The next sections discuss the procedures for locking, Unlocking a
transport path. Assume a transport path traverses nodes A <--> B <--
> C <--> D. We will refer to the Maintenance Entities involved as
MEP-A, MIP-B, MIP-C, and MEP-D respectively. Suppose a maintenance
operation invoked at MEP-A requires to lock the transport path.
The following sections describe MEP-A setting and unsetting a lock at
MEP-D.
5.5. Locking a transport path
1. MEP-A sends an in-band LI Message in response to a management
request to lock the transport path. The message will include the
source MEP-ID TLV.
2. Upon receiving the LI message, D uses the received label stack and
the source MEP-ID as per [3] to identify the transport path. If no
label binding exists or there is no associated transport path back to
the originator, or if the source MEP-ID does not match, the event is
logged and processing of the LI message ceases.
5.6. UnLocking a transport path
1. In response to a management request to unlock the transport path
MEP-A stops sending LI Messages.
2. After both MEP A and MEP D have not received an LI message in at When a MEP has been unlocked and has not received an LI message for a
least 3.5 times the refresh timer, and each MEP has not received a multiple of 3.5 times the Refresh Timer on the LI message (or has
new management request to Lock the transport path, both MEPs SHALL never received an LI message), the MEP unlocks the transport path and
put the transport path back in service. puts it back into service.
6. Security Considerations 7. Security Considerations
MPLS-TP is a subset of MPLS and so builds upon many of the aspects of MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
the security model of MPLS. MPLS networks make the assumption that it the security model of MPLS. MPLS networks make the assumption that it
is very hard to inject traffic into a network, and equally hard to is very hard to inject traffic into a network, and equally hard to
cause traffic to be directed outside the network. The control plane cause traffic to be directed outside the network. For more
protocols utilize hop-by-hop security, and assume a "chain-of-trust" information on the generic aspects of MPLS security, see [7].
model such that end-to-end control plane security is not used. For
more information on the generic aspects of MPLS security, see [6].
This document describes a protocol carried in the G-ACh [4], and so This document describes a protocol carried in the G-ACh [4], and so
is dependent on the security of the G-ACh, itself. The G-ACh is a is dependent on the security of the G-ACh, itself. The G-ACh is a
generalization of the Associated Channel defined in [7]. Thus, this generalization of the Associated Channel defined in [8]. Thus, this
document relies heavily on the security mechanisms provided for the document relies heavily on the security mechanisms provided for the
Associated Channel and described in [4] and [7]. Associated Channel and described in [4] and [8].
A specific concern for the G-ACh is that is can be used to provide a A specific concern for the G-ACh is that is can be used to provide a
covert channel. This problem is wider than the scope of this covert channel. This problem is wider than the scope of this
document and does not need to be addressed here, but it should be document and does not need to be addressed here, but it should be
noted that the channel provides end-to-end connectivity and SHOULD noted that the channel provides end-to-end connectivity and SHOULD
NOT be policed by transit nodes. Thus, there is no simple way of NOT be policed by transit nodes. Thus, there is no simple way of
preventing any traffic being carried between in the G-ACh consenting preventing any traffic being carried in the G-ACh between consenting
nodes. nodes.
A good discussion of the data plane security of an associated channel A good discussion of the data plane security of an associated channel
may be found in [5]. That document also describes some mitigation may be found in [5]. That document also describes some mitigation
techniques. techniques.
It should be noted that the G-ACh is essentially connection-oriented It should be noted that the G-ACh is essentially connection-oriented
so injection or modification of control messages specified in this so injection or modification of control messages specified in this
document require the subversion of a transit node. Such subversion is document require the subversion of a transit node. Such subversion is
generally considered hard in MPLS networks, and impossible to protect generally considered hard in MPLS networks, and impossible to protect
against at the protocol level. Management level techniques are more against at the protocol level. Management level techniques are more
appropriate. appropriate.
7. IANA Considerations 8. IANA Considerations
7.1. Pseudowire Associated Channel Type 8.1. Pseudowire Associated Channel Type
LI OAM requires a unique Associated Channel Type which is assigned by LI OAM requires a unique Associated Channel Type which is assigned by
IANA from the Pseudowire Associated Channel Types Registry. IANA from the Pseudowire Associated Channel Types Registry.
Registry: Registry:
Value Description TLV Follows Reference Value Description TLV Follows Reference
----------- ----------------------- ----------- --------- ----------- ----------------------- ----------- ---------
0xHH LI No (Section 3.1) 0xHH LI No [This.I-D]
8. Acknowledgements 9. Acknowledgements
The authors would like to thank Loa Andersson, Yoshinori Koike, The authors would like to thank Loa Andersson, Yoshinori Koike,
D'Alessandro Alessandro Gerardo, Shahram Davari, Greg Mirsky, Yaacov Alessandro D'Alessandro Gerardo, Shahram Davari, Greg Mirsky, Yaacov
Weingarten, Liu Guoman, Matthew Bocci, Stewart Bryant and Adrian Weingarten, Liu Guoman, Matthew Bocci, and Adrian Farrel for their
Farrel for their valuable comments. valuable comments.
9. References 10. References
9.1. Normative References 10.1. Normative References
[1] Vigoureux, M., Ward, D., and M. Betts, "Requirements for [1] Vigoureux, M., Ward, D., and M. Betts, "Requirements for
Operations, Administration, and Maintenance (OAM) in MPLS Operations, Administration, and Maintenance (OAM) in MPLS
Transport Networks", RFC 5860, May 2010. Transport Networks", RFC 5860, May 2010.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[3] D. Allan, et. al., Proactive Connectivity Verification, [3] D. Allan, et. al., Proactive Connectivity Verification,
Continuity Check and Remote Defect indication for MPLS Continuity Check and Remote Defect indication for MPLS
Transport Profile draft-ietf-mpls-tp-cc-cv-rdi-06, work in Transport Profile draft-ietf-mpls-tp-cc-cv-rdi-06, work in
progress, June 2010 progress, June 2010
[4] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic [4] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", RFC 5586, June 2009. Associated Channel", RFC 5586, June 2009.
[5] T. Nadeau, C. Pignataro, "Pseudowire Virtual Circuit [5] T. Nadeau, C. Pignataro, "Pseudowire Virtual Circuit
Connectivity Verification (VCCV): A Control Channel for Connectivity Verification (VCCV): A Control Channel for
Pseudowires", RFC 5085, Dec 2007. Pseudowires", RFC 5085, Dec 2007.
9.2. Informative References [6] Busi, I. and Allan, D., "Operations, Administration, and
Maintenance Framework for MPLS-Based Transport Networks",
RFC 6371, September 2011
[6] L. Fang, "Security Framework for MPLS and GMPLS Networks", RFC 10.2. Informative References
[7] L. Fang, "Security Framework for MPLS and GMPLS Networks", RFC
5920, July 2010. 5920, July 2010.
[7] S. Bryant, G. Swallow, L. Martini "Pseudowire Emulation Edge- [8] S. Bryant, G. Swallow, L. Martini "Pseudowire Emulation Edge-
to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC
4385, Feb 2006. 4385, Feb 2006.
Author's Addresses [9] Frost, D., Ed., Bryant, S., Ed., and M. Bocci, Ed., "MPLS
Transport Profile Data Plane Architecture", RFC 5960, August
2010.
Sami Boutros Editors' Addresses
Sami Boutros
Cisco Systems, Inc. Cisco Systems, Inc.
Email: sboutros@cisco.com Email: sboutros@cisco.com
Siva Sivabalan Siva Sivabalan
Cisco Systems, Inc. Cisco Systems, Inc.
Email: msiva@cisco.com Email: msiva@cisco.com
Rahul Aggarwal Rahul Aggarwal
Arktan, Inc Arktan, Inc
EMail: raggarwa_1@yahoo.com EMail: raggarwa_1@yahoo.com
skipping to change at page 11, line 4 skipping to change at page 10, line 51
Rahul Aggarwal Rahul Aggarwal
Arktan, Inc Arktan, Inc
EMail: raggarwa_1@yahoo.com EMail: raggarwa_1@yahoo.com
Martin Vigoureux Martin Vigoureux
Alcatel-Lucent. Alcatel-Lucent.
Email: martin.vigoureux@alcatel-lucent.com Email: martin.vigoureux@alcatel-lucent.com
Xuehui Dai Xuehui Dai
ZTE Corporation. ZTE Corporation.
Email: dai.xuehui@zte.com.cn Email: dai.xuehui@zte.com.cn
Contributing Authors
George Swallow George Swallow
Cisco Systems, Inc. Cisco Systems, Inc.
Email: swallow@cisco.com Email: swallow@cisco.com
David Ward David Ward
Juniper Networks. Juniper Networks.
Email: dward@juniper.net Email: dward@juniper.net
Stewart Bryant Stewart Bryant
Cisco Systems, Inc. Cisco Systems, Inc.
skipping to change at page 12, line 4 skipping to change at page 11, line 46
Alcatel-Lucent. Alcatel-Lucent.
Email: lieven.levrau@alcatel-lucent.com Email: lieven.levrau@alcatel-lucent.com
Laurent Ciavaglia Laurent Ciavaglia
Alcatel-Lucent. Alcatel-Lucent.
Email: laurent.ciavaglia@alcatel-lucent.com Email: laurent.ciavaglia@alcatel-lucent.com
Bo Wu Bo Wu
ZTE Corporation. ZTE Corporation.
Email: wu.bo@zte.com.cn Email: wu.bo@zte.com.cn
Jian Yang Jian Yang
ZTE Corporation. ZTE Corporation.
Email: yang_jian@zte.com.cn Email: yang_jian@zte.com.cn
Full Copyright Statement
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
All IETF Documents and the information contained therein are provided
on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE
ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights.
Copies of Intellectual Property disclosures made to the IETF
Secretariat and any assurances of licenses to be made available, or
the result of an attempt made to obtain a general license or
permission for the use of such proprietary rights by implementers or
users of this specification can be obtained from the IETF on-line IPR
repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
any standard or specification contained in an IETF Document. Please
address the information to the IETF at ietf-ipr@ietf.org.
The definitive version of an IETF Document is that published by, or
under the auspices of, the IETF. Versions of IETF Documents that are
published by third parties, including those that are translated into
other languages, should not be considered to be definitive versions
of IETF Documents. The definitive version of these Legal Provisions
is that published by, or under the auspices of, the IETF. Versions of
these Legal Provisions that are published by third parties, including
those that are translated into other languages, should not be
considered to be definitive versions of these Legal Provions.
For the avoidance of doubt, each Contributor to the UETF Standards
Process licenses each Contribution that he or she makes as part of
the IETF Standards Process to the IETF Trust pursuant to the
provisions of RFC 5378. No language to the contrary, or terms,
conditions or rights that differ from or are inconsistent with the
rights and licenses granted under RFC 5378, shall have any effect and
shall be null and void, whether published or posted by such
Contributor, or included with or in such Contribution.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 74 change blocks. 
252 lines changed or deleted 283 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/