idnits 2.17.1 draft-ietf-mpls-lsp-ping-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 19. -- Found old boilerplate from RFC 3978, Section 5.5 on line 2171. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 2180. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 2187. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 2193. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 50 longer pages, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 10 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 == There are 8 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 2006) is 6676 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'FEC-stack-depth' is mentioned on line 1698, but not defined == Unused Reference: 'BGP' is defined on line 1911, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1771 (ref. 'BGP') (Obsoleted by RFC 4271) ** Obsolete normative reference: RFC 2434 (ref. 'IANA') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2030 (ref. 'NTP') (Obsoleted by RFC 4330) ** Obsolete normative reference: RFC 1716 (ref. 'RFC1812') (Obsoleted by RFC 1812) ** Downref: Normative reference to an Informational RFC: RFC 4026 -- Obsolete informational reference (is this intentional?): RFC 3107 (ref. 'BGP-LABEL') (Obsoleted by RFC 8277) -- Obsolete informational reference (is this intentional?): RFC 3036 (ref. 'LDP') (Obsoleted by RFC 5036) == Outdated reference: A later version (-15) exists of draft-ietf-pwe3-vccv-07 == Outdated reference: A later version (-08) exists of draft-ietf-l2vpn-vpls-bgp-05 Summary: 8 errors (**), 0 flaws (~~), 9 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Kireeti Kompella 2 Internet Draft Juniper Networks, Inc. 3 Category: Standards Track 4 Expiration Date: July 2006 5 George Swallow 6 Cisco Systems, Inc. 8 January 2006 10 Detecting MPLS Data Plane Failures 12 draft-ietf-mpls-lsp-ping-13.txt 14 Status of this Memo 16 By submitting this Internet-Draft, each author represents that any 17 applicable patent or other IPR claims of which he or she is aware 18 have been or will be disclosed, and any of which he or she becomes 19 aware will be disclosed, in accordance with Section 6 of BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/1id-abstracts.html 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html 37 Abstract 39 This document describes a simple and efficient mechanism that can be 40 used to detect data plane failures in Multi-Protocol Label Switching 41 (MPLS) Label Switched Paths (LSPs). There are two parts to this 42 document: information carried in an MPLS "echo request" and "echo 43 reply" for the purposes of fault detection and isolation; and 44 mechanisms for reliably sending the echo reply. 46 Contents 48 1 Introduction .............................................. 4 49 1.1 Conventions ............................................... 4 50 1.2 Structure of this document ................................ 4 51 1.3 Contributors .............................................. 5 52 2 Motivation ................................................ 5 53 2.1 Use of address range 127/8 ................................ 6 54 3 Packet Format ............................................. 7 55 3.1 Return Codes .............................................. 12 56 3.2 Target FEC Stack .......................................... 13 57 3.2.1 LDP IPv4 Prefix ........................................... 14 58 3.2.2 LDP IPv6 Prefix ........................................... 14 59 3.2.3 RSVP IPv4 LSP ............................................. 15 60 3.2.4 RSVP IPv6 LSP ............................................. 15 61 3.2.5 VPN IPv4 Prefix ........................................... 16 62 3.2.6 VPN IPv6 Prefix ........................................... 17 63 3.2.7 L2 VPN Endpoint ........................................... 17 64 3.2.8 FEC 128 Pseudowire (Deprecated) ........................... 18 65 3.2.9 FEC 128 Pseudowire (Current) .............................. 19 66 3.2.10 FEC 129 Pseudowire ........................................ 19 67 3.2.11 BGP Labeled IPv4 Prefix ................................... 20 68 3.2.12 BGP Labeled IPv6 Prefix ................................... 21 69 3.2.13 Generic IPv4 Prefix ....................................... 21 70 3.2.14 Generic IPv6 Prefix ....................................... 22 71 3.2.15 Nil FEC ................................................... 22 72 3.3 Downstream Mapping ........................................ 23 73 3.3.1 Multipath Information Encoding ............................ 27 74 3.3.2 Downstream Router and Interface ........................... 29 75 3.4 Pad TLV ................................................... 30 76 3.5 Vendor Enterprise Number .................................. 30 77 3.6 Interface and Label Stack ................................. 31 78 3.7 Errored TLVs .............................................. 32 79 3.8 Reply TOS Byte TLV ........................................ 33 80 4 Theory of Operation ....................................... 33 81 4.1 Dealing with Equal-Cost Multi-Path (ECMP) ................. 33 82 4.2 Testing LSPs That Are Used to Carry MPLS Payloads ......... 34 83 4.3 Sending an MPLS Echo Request .............................. 35 84 4.4 Receiving an MPLS Echo Request ............................ 36 85 4.4.1 FEC Validation ............................................ 41 86 4.5 Sending an MPLS Echo Reply ................................ 42 87 4.6 Receiving an MPLS Echo Reply .............................. 43 88 4.7 Issue with VPN IPv4 and IPv6 Prefixes ..................... 44 89 4.8 Non-compliant Routers ..................................... 44 90 5 References ................................................ 44 91 6 Security Considerations ................................... 46 92 7 IANA Considerations ....................................... 47 93 7.1 Message Types, Reply Modes, Return Codes .................. 47 94 7.2 TLVs ...................................................... 48 95 8 Acknowledgments ........................................... 49 97 1. Introduction 99 This document describes a simple and efficient mechanism that can be 100 used to detect data plane failures in MPLS LSPs. There are two parts 101 to this document: information carried in an MPLS "echo request" and 102 "echo reply"; and mechanisms for transporting the echo reply. The 103 first part aims at providing enough information to check correct 104 operation of the data plane, as well as a mechanism to verify the 105 data plane against the control plane, and thereby localize faults. 106 The second part suggests two methods of reliable reply channels for 107 the echo request message, for more robust fault isolation. 109 An important consideration in this design is that MPLS echo requests 110 follow the same data path that normal MPLS packets would traverse. 111 MPLS echo requests are meant primarily to validate the data plane, 112 and secondarily to verify the data plane against the control plane. 113 Mechanisms to check the control plane are valuable, but are not cov- 114 ered in this document. 116 This document makes special use of the address range 127/8. This is 117 an exception to the behavior defined in RFC1122 [RFC1122] and updates 118 that RFC. The motivation for this change and the details of this 119 exceptional use are discussed in section 2.1 below. 121 1.1. Conventions 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 125 document are to be interpreted as described in RFC 2119 [KEYWORDS]. 127 The term "Must be Zero" (MBZ) is used in object descriptions for 128 reserved fields. These fields MUST be set to zero when sent and 129 ignored on receipt. 131 Terminology pertaining to L2 and L3 VPNs is defined in [RFC4026]. 133 1.2. Structure of this document 135 The body of this memo contains four main parts: motivation, MPLS echo 136 request/reply packet format, LSP ping operation, and a reliable 137 return path. It is suggested that first-time readers skip the actual 138 packet formats and read the Theory of Operation first; the document 139 is structured the way it is to avoid forward references. 141 1.3. Contributors 143 The following made vital contributions to all aspects of this docu- 144 ment, and much of the material came out of debate and discussion 145 among this group. 147 Ronald P. Bonica, Juniper Networks, Inc. 148 Dave Cooper, Global Crossing 149 Ping Pan, Hammerhead Systems 150 Nischal Sheth, Juniper Networks, Inc. 151 Sanjay Wadhwa, Juniper Networks, Inc. 153 2. Motivation 155 When an LSP fails to deliver user traffic, the failure cannot always 156 be detected by the MPLS control plane. There is a need to provide a 157 tool that would enable users to detect such traffic "black holes" or 158 misrouting within a reasonable period of time; and a mechanism to 159 isolate faults. 161 In this document, we describe a mechanism that accomplishes these 162 goals. This mechanism is modeled after the ping/traceroute paradigm: 163 ping (ICMP echo request [ICMP]) is used for connectivity checks, and 164 traceroute is used for hop-by-hop fault localization as well as path 165 tracing. This document specifies a "ping mode" and a "traceroute" 166 mode for testing MPLS LSPs. 168 The basic idea is to verify that packets that belong to a particular 169 Forwarding Equivalence Class (FEC) actually end their MPLS path on a 170 Label Switching Router (LSR) that is an egress for that FEC. This 171 document proposes that this test be carried out by sending a packet 172 (called an "MPLS echo request") along the same data path as other 173 packets belonging to this FEC. An MPLS echo request also carries 174 information about the FEC whose MPLS path is being verified. This 175 echo request is forwarded just like any other packet belonging to 176 that FEC. In "ping" mode (basic connectivity check), the packet 177 should reach the end of the path, at which point it is sent to the 178 control plane of the egress LSR, which then verifies whether it is 179 indeed an egress for the FEC. In "traceroute" mode (fault isola- 180 tion), the packet is sent to the control plane of each transit LSR, 181 which performs various checks that it is indeed a transit LSR for 182 this path; this LSR also returns further information that helps check 183 the control plane against the data plane, i.e., that forwarding 184 matches what the routing protocols determined as the path. 186 One way these tools can be used is to periodically ping a FEC to 187 ensure connectivity. If the ping fails, one can then initiate a 188 traceroute to determine where the fault lies. One can also periodi- 189 cally traceroute FECs to verify that forwarding matches the control 190 plane; however, this places a greater burden on transit LSRs and thus 191 should be used with caution. 193 2.1. Use of address range 127/8 195 As described above, LSP Ping is intended as a diagnostic tool. It is 196 intended to enable providers of an MPLS based service to isolate net- 197 work faults. In particular LSP Ping needs to diagnose situations 198 where the control and data planes are out of sync. It performs this 199 by routing an MPLS echo request packet based solely on its label 200 stack. That is the IP destination address is never used in a for- 201 warding decision. In fact, the sender of an MPLS echo request packet 202 may not know, a priori, the address of the router at the end of the 203 LSP. 205 Providers of MPLS based services also need the ability to trace all 206 of the possible paths that an LSP make take. Since most MPLS ser- 207 vices are based on IP unicast forwarding, these paths are subject to 208 equal cost multi-path load sharing (ECMP). 210 This leads to the following requirements: 212 1. Although the LSP in question may be broken in unknown ways, the 213 likelihood of a diagnostic packet being delivered to a user of an 214 MPLS service MUST be held to an absolute minimum. 216 2. If an LSP is broken in such a way that it prematurely terminates, 217 the diagnostic packet MUST NOT be IP forwarded. 219 3. A means of varying the diagnostic packets such that they exercise 220 all ECMP paths is thus REQUIRED. 222 Clearly using general unicast addresses satisfies neither of the 223 first two requirements. A number of other options for addresses were 224 considered, including a portion of the private address space (as 225 determined by the network operator) and the newly designated IPv4 226 link local addresses. Use of the private address space was deemed 227 ineffective since the leading MPLS based service is IPv4 Virtual Pri- 228 vate Networks (VPN). VPNs often used private addresses. 230 The IPv4 link local addresses are more attractive in that scope over 231 which they can be forwarded is limited. However, if one were to use 232 an address from this range, it would still be possible for the first 233 recipient of a diagnostic packet that "escaped" from a broken LSP to 234 have that addressed assigned to the interface on which it arrived and 235 thus could mistakenly receive such a packet. Further, the IPv4 link 236 local address range has only recently been allocated. Many deployed 237 routers would forward a packet with an address from that range toward 238 the default route. 240 The 127/8 range for IPv4 and that same range embedded in as 241 IPv4-mapped IPv6 addresses for IPv6 was chosen for a number of rea- 242 sons. 244 RFC1122 allocates the 127/8 as "Internal host loopback address" and 245 states that "Addresses of this form MUST NOT appear outside a host." 246 Thus the default behavior of hosts is to discard such packets. This 247 helps to ensure that if a diagnostic packet is mis-directed to a 248 host, it will be silently discarded. 250 RFC1812 [RFC1812] states that: 252 A router SHOULD NOT forward, except over a loopback interface, any 253 packet that has a destination address on network 127. A router 254 MAY have a switch that allows the network manager to disable these 255 checks. If such a switch is provided, it MUST default to perform- 256 ing the checks. 258 This helps to ensure that diagnostic packets are never IP forwarded. 260 The 127/8 address range provides 16M addresses allowing wide flexi- 261 bility in varying addresses to exercise ECMP paths. Finally, as an 262 implementation optimization, the 127/8 provides an easy means of 263 identifying possible LSP Packets. 265 3. Packet Format 267 An MPLS echo request is a (possibly labeled) IPv4 or IPv6 UDP packet; 268 the contents of the UDP packet have the following format: 270 0 1 2 3 271 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 | Version Number | Global Flags | 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | Message Type | Reply mode | Return Code | Return Subcode| 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 | Sender's Handle | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | Sequence Number | 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | TimeStamp Sent (seconds) | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | TimeStamp Sent (microseconds) | 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 | TimeStamp Received (seconds) | 286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 | TimeStamp Received (microseconds) | 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 | TLVs ... | 290 . . 291 . . 292 . . 293 | | 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 The Version Number is currently 1. (Note: the Version Number is to 297 be incremented whenever a change is made that affects the ability of 298 an implementation to correctly parse or process an MPLS echo 299 request/reply. These changes include any syntactic or semantic 300 changes made to any of the fixed fields, or to any TLV or sub-TLV 301 assignment or format that is defined at a certain version number. 302 The Version Number may not need to be changed if an optional TLV or 303 sub-TLV is added.) 305 The Global Flags field is a bit vector with the following format: 307 0 1 308 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | MBZ |V| 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 One flag is defined for now, the V bit; the rest MUST be set to zero 314 when sending, and ignored on receipt. 316 The V (Validate FEC Stack) flag is set to 1 if the sender wants the 317 receiver to perform FEC stack validation; if V is 0, the choice is 318 left to the receiver. 320 The Message Type is one of the following: 322 Value Meaning 323 ----- ------- 324 1 MPLS Echo Request 325 2 MPLS Echo Reply 327 The Reply Mode can take one of the following values: 329 Value Meaning 330 ----- ------- 331 1 Do not reply 332 2 Reply via an IPv4/IPv6 UDP packet 333 3 Reply via an IPv4/IPv6 UDP packet with Router Alert 334 4 Reply via application level control channel 336 An MPLS echo request with 1 (Do not reply) in the Reply Mode field 337 may be used for one-way connectivity tests; the receiving router may 338 log gaps in the sequence numbers and/or maintain delay/jitter statis- 339 tics. An MPLS echo request would normally have 2 (Reply via an 340 IPv4/IPv6 UDP packet) in the Reply Mode field. If the normal IP 341 return path is deemed unreliable, one may use 3 (Reply via an 342 IPv4/IPv6 UDP packet with Router Alert). Note that this requires 343 that all intermediate routers understand and know how to forward MPLS 344 echo replies. The echo reply uses the same IP version number as the 345 received echo request, i.e., an IPv4 encapsulated echo reply is sent 346 in response to an IPv4 encapsulated echo request. 348 Some applications support an IP control channel. One such example is 349 the associated control channel defined in Virtual Circuit Connectiv- 350 ity Verification [VCCV]. Any application which supports an IP con- 351 trol channel between its control entities may set the Reply Mode to 4 352 (Reply via application level control channel) to ensure that replies 353 use that same channel. Further definition of this codepoint is 354 application specific and thus beyond the scope of this document. 356 Return Codes and Subcodes are described in the next section. 358 the Sender's Handle is filled in by the sender, and returned 359 unchanged by the receiver in the echo reply (if any). There are no 360 semantics associated with this handle, although a sender may find 361 this useful for matching up requests with replies. 363 The Sequence Number is assigned by the sender of the MPLS echo 364 request, and can be (for example) used to detect missed replies. 366 The TimeStamp Sent is the time-of-day (in seconds and microseconds, 367 according to the sender's clock) in NTP format [NTP] when the MPLS 368 echo request is sent. The TimeStamp Received in an echo reply is the 369 time-of-day (according to the receiver's clock) in NTP format that 370 the corresponding echo request was received. 372 TLVs (Type-Length-Value tuples) have the following format: 374 0 1 2 3 375 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 | Type | Length | 378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 379 | Value | 380 . . 381 . . 382 . . 383 | | 384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 386 Types are defined below; Length is the length of the Value field in 387 octets. The Value field depends on the Type; it is zero padded to 388 align to a four-octet boundary. TLVs may be nested within other 389 TLVs, in which case the nested TLVs are called sub-TLVs. Sub-TLVs 390 have independent types and MUST also be four-octet aligned. 392 Two examples follow. The LDP IPv4 FEC sub-TLV has the following for- 393 mat: 395 0 1 2 3 396 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 | Type = 1 (LDP IPv4 FEC) | Length = 5 | 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | IPv4 prefix | 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 402 | Prefix Length | Must Be Zero | 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 The Length for this TLV is 5. A Target FEC Stack TLV which contains 406 an LDP IPv4 FEC sub-TLV and a VPN IPv4 prefix sub-TLV has the format: 408 0 1 2 3 409 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 411 | Type = 1 (FEC TLV) | Length = 12 | 412 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 413 | sub-Type = 1 (LDP IPv4 FEC) | Length = 5 | 414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 415 | IPv4 prefix | 416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 417 | Prefix Length | Must Be Zero | 418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 419 | sub-Type = 6 (VPN IPv4 prefix)| Length = 13 | 420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 421 | Route Distinguisher | 422 | (8 octets) | 423 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 424 | IPv4 prefix | 425 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 426 | Prefix Length | Must Be Zero | 427 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 429 A description of the Types and Values of the top level TLVs for LSP 430 ping are given below: 432 Type # Value Field 433 ------ ----------- 434 1 Target FEC Stack 435 2 Downstream Mapping 436 3 Pad 437 4 Not Assigned 438 5 Vendor Enterprise Number 439 6 Not Assigned 440 7 Interface and Label Stack 441 8 Not Assigned 442 9 Errored TLVs 443 10 Reply TOS Byte 445 Types less than 32768 (i.e., with the high order bit equal to 0) are 446 mandatory TLVs that MUST either be supported by an implementation or 447 result in the return code of 2 ("One or more of the TLVs was not 448 understood") being sent in the echo response. 450 Types greater than or equal to 32768 (i.e., with the high order bit 451 equal to 1) are optional TLVs that SHOULD be ignored if the implemen- 452 tation does not understand or support them. 454 3.1. Return Codes 456 The Return Code is set to zero by the sender. The receiver can set 457 it to one of the values listed below. The notation refers to 458 the Return Subcode. This field is filled in with the stack-depth for 459 those codes which specify that. For all other codes the Return Sub- 460 code MUST be set to zero. 462 Value Meaning 463 ----- ------- 465 0 No return code 467 1 Malformed echo request received 469 2 One or more of the TLVs was not understood 471 3 Replying router is an egress for the FEC at stack 472 depth 474 4 Replying router has no mapping for the FEC at stack 475 depth 477 5 Downstream Mapping Mismatch (See Note 1) 479 6 Upstream Interface Index Unknown (See Note 1) 481 7 Reserved 483 8 Label switched at stack-depth 485 9 Label switched but no MPLS forwarding at stack-depth 486 488 10 Mapping for this FEC is not the given label at stack 489 depth 491 11 No label entry at stack-depth 493 12 Protocol not associated with interface at FEC stack 494 depth 496 13 Premature termination of ping due to label stack 497 shrinking to a single label 499 Note 1 501 The Return Subcode contains the point in the label stack where pro- 502 cessing was terminated. If the RSC is 0, no labels were processed. 503 Otherwise the packet would have been label switched at depth RSC. 505 3.2. Target FEC Stack 507 A Target FEC Stack is a list of sub-TLVs. The number of elements is 508 determined by looking at the sub-TLV length fields. 510 Sub-Type Length Value Field 511 -------- ------ ----------- 512 1 5 LDP IPv4 prefix 513 2 17 LDP IPv6 prefix 514 3 20 RSVP IPv4 LSP 515 4 56 RSVP IPv6 LSP 516 5 Not Assigned 517 6 13 VPN IPv4 prefix 518 7 25 VPN IPv6 prefix 519 8 14 L2 VPN endpoint 520 9 10 "FEC 128" Pseudowire (deprecated) 521 10 14 "FEC 128" Pseudowire 522 11 16+ "FEC 129" Pseudowire 523 12 5 BGP labeled IPv4 prefix 524 13 17 BGP labeled IPv6 prefix 525 14 5 Generic IPv4 prefix 526 15 17 Generic IPv6 prefix 527 16 4 Nil FEC 529 Other FEC Types will be defined as needed. 531 Note that this TLV defines a stack of FECs, the first FEC element 532 corresponding to the top of the label stack, etc. 534 An MPLS echo request MUST have a Target FEC Stack that describes the 535 FEC stack being tested. For example, if an LSR X has an LDP mapping 536 [see LDP] for 192.168.1.1 (say label 1001), then to verify that label 537 1001 does indeed reach an egress LSR that announced this prefix via 538 LDP, X can send an MPLS echo request with a FEC Stack TLV with one 539 FEC in it, namely of type LDP IPv4 prefix, with prefix 540 192.168.1.1/32, and send the echo request with a label of 1001. 542 Say LSR X wanted to verify that a label stack of <1001, 23456> is the 543 right label stack to use to reach a VPN IPv4 prefix [see section 544 3.2.5] of 10/8 in VPN foo. Say further that LSR Y with loopback 545 address 192.168.1.1 announced prefix 10/8 with Route Distinguisher 546 RD-foo-Y (which may in general be different from the Route Distin- 547 guisher that LSR X uses in its own advertisements for VPN foo), label 548 23456 and BGP nexthop 192.168.1.1 [see BGP]. Finally, suppose that 549 LSR X receives a label binding of 1001 for 192.168.1.1 via LDP. X 550 has two choices in sending an MPLS echo request: X can send an MPLS 551 echo request with a FEC Stack TLV with a single FEC of type VPN IPv4 552 prefix with a prefix of 10/8 and a Route Distinguisher of RD-foo-Y. 553 Alternatively, X can send a FEC Stack TLV with two FECs, the first of 554 type LDP IPv4 with a prefix of 192.168.1.1/32 and the second of type 555 of IP VPN with a prefix 10/8 with Route Distinguisher of RD-foo-Y. 556 In either case, the MPLS echo request would have a label stack of 557 <1001, 23456>. (Note: in this example, 1001 is the "outer" label and 558 23456 is the "inner" label.) 560 3.2.1. LDP IPv4 Prefix 562 The IPv4 Prefix FEC is defined in [LDP]. When a LDP IPv4 prefix is 563 encoded in a label stack, the following format is used. The value 564 consists of four octets of an IPv4 prefix followed by one octet of 565 prefix length in bits; the format is given below. The IPv4 prefix is 566 in network byte order; if the prefix is shorter than 32 bits, trail- 567 ing bits SHOULD be set to zero. See [LDP] for an example of a Map- 568 ping for an IPv4 FEC. 570 0 1 2 3 571 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 573 | IPv4 prefix | 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 | Prefix Length | Must Be Zero | 576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 578 3.2.2. LDP IPv6 Prefix 580 The IPv6 Prefix FEC is defined in [LDP]. When a LDP IPv6 prefix is 581 encoded in a label stack, the following format is used. The value 582 consists of sixteen octets of an IPv6 prefix followed by one octet of 583 prefix length in bits; the format is given below. The IPv6 prefix is 584 in network byte order; if the prefix is shorter than 128 bits, the 585 trailing bits SHOULD be set to zero. See [LDP] for an example of a 586 Mapping for an IPv6 FEC. 588 0 1 2 3 589 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 590 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 591 | IPv6 prefix | 592 | (16 octets) | 593 | | 594 | | 595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 | Prefix Length | Must Be Zero | 597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 3.2.3. RSVP IPv4 LSP 601 The value has the format below. The value fields are taken from 602 RFC3209, sections 4.6.1.1 and 4.6.2.1. See [RSVP-TE]. 604 0 1 2 3 605 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 | IPv4 tunnel end point address | 608 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 609 | Must Be Zero | Tunnel ID | 610 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 611 | Extended Tunnel ID | 612 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 613 | IPv4 tunnel sender address | 614 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 615 | Must Be Zero | LSP ID | 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 618 3.2.4. RSVP IPv6 LSP 620 The value has the format below. The value fields are taken from 621 RFC3209, sections 4.6.1.2 and 4.6.2.2. See [RSVP-TE]. 623 0 1 2 3 624 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 626 | IPv6 tunnel end point address | 627 | | 628 | | 629 | | 630 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 631 | Must Be Zero | Tunnel ID | 632 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 633 | Extended Tunnel ID | 634 | | 635 | | 636 | | 637 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 638 | IPv6 tunnel sender address | 639 | | 640 | | 641 | | 642 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 643 | Must Be Zero | LSP ID | 644 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 646 3.2.5. VPN IPv4 Prefix 648 VPN-IPv4 NLRI (Network Layer Routing Information) is defined in 649 [MPLS-L3-VPN]. This document uses the term VPN IPv4 prefix for a 650 VPN-IPv4 NLRI which has been advertised with an MPLS label in BGP. 651 See [BGP-LABEL]. 653 When a VPN IPv4 prefix is encoded in a label stack, the following 654 format is used. The value field consists of the Route Distinguisher 655 advertised with the VPN IPv4 prefix, the IPv4 prefix (with trailing 0 656 bits to make 32 bits in all) and a prefix length, as follows: 658 0 1 2 3 659 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 660 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 | Route Distinguisher | 662 | (8 octets) | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 | IPv4 prefix | 665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 666 | Prefix Length | Must Be Zero | 667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 669 The Route Distinguisher (RD) is an 8-octect identifier; it does not 670 contain any inherent information. The purpose of the RD is solely to 671 allow one to create distinct routes to a common IPv4 address prefix. 672 The encoding of the RD is not important here. When matching this 673 field to the local FEC information, it is treated as an opaque value. 675 3.2.6. VPN IPv6 Prefix 677 VPN-IPv6 NLRI (Network Layer Routing Information) is defined in 678 [MPLS-L3-VPN]. This document uses the term VPN IPv6 prefix for a 679 VPN-IPv6 NLRI which has been advertised with an MPLS label in BGP. 680 See [BGP-LABEL]. 682 When a VPN IPv6 prefix is encoded in a label stack, the following 683 format is used. The value field consists of the Route Distinguisher 684 advertised with the VPN IPv6 prefix, the IPv6 prefix (with trailing 0 685 bits to make 128 bits in all) and a prefix length, as follows: 687 0 1 2 3 688 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 690 | Route Distinguisher | 691 | (8 octets) | 692 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 693 | IPv6 prefix | 694 | | 695 | | 696 | | 697 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 698 | Prefix Length | Must Be Zero | 699 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 701 The Route Distiguisher is identical to the VPN IPv4 Prefix RD, except 702 that it functions here to allow the creation of distict routes to 703 IPv6 prefixes. See section 3.2.5. When matching this field to local 704 FEC information, it is treated as an opaque value. 706 3.2.7. L2 VPN Endpoint 708 VPLS stands for Virtual Private Lan Service. The terms VPLS BGP NLRI 709 and VE ID (VPLS Edge Identifier) are defined in [VPLS-BGP]. This 710 document uses the simpler term L2 VPN endpoint when referring to a 711 VPLS BGP NLRI. The Route Distiguisher is 8-octet identifier used to 712 distinguish information about various L2 VPNs advertised by a node. 713 The VE ID is 2-octet identifier used to identify a particular node 714 which serves as the service attachment point within a VPLS. The 715 structure of these two identifiers is uninportant here; when matching 716 these fields to local FEC information, they are treated as opaque 717 values. The encapsulation type is identical to the PW Type in sec- 718 tion 3.2.8 below. 720 When an L2 VPN endpoint is encoded in a label stack, the following 721 format is used. The value field consists of a Route Distinguisher (8 722 octets), the sender (of the ping)'s VE ID (2 octets), the receiver's 723 VE ID (2 octets), and an encapsulation type (2 octets), formatted as 724 follows: 726 0 1 2 3 727 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 729 | Route Distinguisher | 730 | (8 octets) | 731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 | Sender's VE ID | Receiver's VE ID | 733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 734 | Encapsulation Type | Must Be Zero | 735 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 737 3.2.8. FEC 128 Pseudowire (Deprecated) 739 FEC 128 (0x80) is defined in [PW-CONTROL], as are the terms PW ID 740 (Pseudowire ID) and PW Type (Pseudowire Type). A PW ID is a non-zero 741 32-bit connection ID. The PW Type is a 15 bit number indicating the 742 encapsultion type. It is carried right justified in the field below 743 termed encapsulation type with the high-order bit set to zero. Both 744 of these fields are treated in this protocol as opaque values. 746 When a FEC 128 is encoded in a label stack, the following format is 747 used. The value field consists of the remote PE address (the desti- 748 nation address of the targeted LDP session), the PW ID and the encap- 749 sulation type as follows: 751 0 1 2 3 752 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 753 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 754 | Remote PE Address | 755 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 756 | PW ID | 757 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 758 | PW Type | Must Be Zero | 759 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 761 This FEC is deprecated and is retained only for backward compatibil- 762 ity. Implementations of LSP ping SHOULD accept and process this TLV, 763 but SHOULD send LSP ping echo requests with the new TLV (see next 764 section), unless explicitly configured to use the old TLV. 766 An LSR receiving this TLV SHOULD use the source IP address of the LSP 767 echo request to infer the Sender's PE Address. 769 3.2.9. FEC 128 Pseudowire (Current) 771 FEC 128 (0x80) is defined in [PW-CONTROL], as are the terms PW ID 772 (Pseudowire ID) and PW Type (Pseudowire Type). A PW ID is a non-zero 773 32-bit connection ID. The PW Type is a 15 bit number indicating the 774 encapsultion type. It is carried right justified in the field below 775 termed encapsulation type with the high-order bit set to zero. 777 Both of these fields are treated in this protocol as opaque values. 778 When matching these field to the local FEC information, the match 779 MUST be exact. 781 When a FEC 128 is encoded in a label stack, the following format is 782 used. The value field consists of the sender's PE address (the 783 source address of the targeted LDP session), the remote PE address 784 (the destination address of the targeted LDP session), the PW ID and 785 the encapsulation type as follows: 787 0 1 2 3 788 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 790 | Sender's PE Address | 791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 792 | Remote PE Address | 793 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 794 | PW ID | 795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 796 | PW Type | Must Be Zero | 797 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 799 3.2.10. FEC 129 Pseudowire 801 FEC 129 (0x81) and the terms PW Type, Attachment Group Identifier 802 (AGI), Attachment Group Identifier Type (AGI Type), Attachment Indi- 803 vidual Identifier Type (AII Type), Source Attachment Individual Iden- 804 tifier (SAII), Target Attachment Individual Identifier (TAII) are 805 defined in [PW-CONTROL]. The PW Type is a 15 bit number indicating 806 the encapsultion type. It is carried right justified in the field 807 below PW type with the high-order bit set to zero. All the other 808 fields are treated as opaque values and copied directly from the FEC 809 129 format. All of these values together uniquely define the FEC 810 with in the scope of the LDP session identified by the source and 811 remote PE addresses. 813 When a FEC 129 is encoded in a label stack, the following format is 814 used. The Length of this TLV is 16 + AGI length + SAII length + TAII 815 length. Padding is used to make the total length a multiple of 4; 816 the length of the padding is not included in the Length field. 818 0 1 2 3 819 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 821 | Sender's PE Address | 822 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 823 | Remote PE Address | 824 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 825 | PW Type | AGI Type | AGI Length | 826 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 827 ~ AGI Value ~ 828 | | 829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 830 | AII Type | SAII Length | SAII Value | 831 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 832 ~ SAII Value (continued) ~ 833 | | 834 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 835 | AII Type | TAII Length | TAII Value | 836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 837 ~ TAII Value (continued) ~ 838 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 839 | TAII (cont.) | 0-3 octets of zero padding | 840 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 842 3.2.11. BGP Labeled IPv4 Prefix 844 BGP labeled IPv4 prefixes are defined in [BGP-LABEL]. When a BGP 845 labeled IPv4 prefix is encoded in a label stack, the following format 846 is used. The value field consists the IPv4 prefix (with trailing 0 847 bits to make 32 bits in all), and the prefix length, as follows: 849 0 1 2 3 850 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 851 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 852 | IPv4 Prefix | 853 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 854 | Prefix Length | Must Be Zero | 855 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 857 3.2.12. BGP Labeled IPv6 Prefix 859 BGP labeled IPv6 prefixes are defined in [BGP-LABEL]. When a BGP 860 labeled IPv6 prefix is encoded in a label stack, the following format 861 is used. The value consists of sixteen octets of an IPv6 prefix fol- 862 lowed by one octet of prefix length in bits; the format is given 863 below. The IPv6 prefix is in network byte order; if the prefix is 864 shorter than 128 bits, the trailing bits SHOULD be set to zero. 866 0 1 2 3 867 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 868 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 869 | IPv6 prefix | 870 | (16 octets) | 871 | | 872 | | 873 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 874 | Prefix Length | Must Be Zero | 875 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 877 3.2.13. Generic IPv4 Prefix 879 The value consists of four octets of an IPv4 prefix followed by one 880 octet of prefix length in bits; the format is given below. The IPv4 881 prefix is in network byte order; if the prefix is shorter than 32 882 bits, trailing bits SHOULD be set to zero. This FEC is used if the 883 protocol advertising the label is unknown, or may change during the 884 course of the LSP. An example is an inter-AS LSP that may be sig- 885 naled by LDP in one AS, by RSVP-TE [RSVP-TE] in another AS, and by 886 BGP between the ASes, such as is common for inter-AS VPNs. 888 0 1 2 3 889 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 890 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 891 | IPv4 prefix | 892 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 893 | Prefix Length | Must Be Zero | 894 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 896 3.2.14. Generic IPv6 Prefix 898 The value consists of sixteen octets of an IPv6 prefix followed by 899 one octet of prefix length in bits; the format is given below. The 900 IPv6 prefix is in network byte order; if the prefix is shorter than 901 128 bits, the trailing bits SHOULD be set to zero. 903 0 1 2 3 904 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 | IPv6 prefix | 907 | (16 octets) | 908 | | 909 | | 910 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 911 | Prefix Length | Must Be Zero | 912 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 914 3.2.15. Nil FEC 916 At times labels from the reserved range, e.g. Router Alert and 917 Explicit-null, may be added to the label stack for various diagnostic 918 purposes such as influencing load-balancing. These labels may have 919 no explicit FEC associated with them. The Nil FEC stack is defined 920 to allow a Target FEC stack sub-TLV to be added to the target FEC 921 stack to account for such labels so that proper validation can still 922 be performed. 924 The Length is 4. Labels are 20 bit values treated as numbers. 925 stack. 927 0 1 2 3 928 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 929 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 930 | Label | MBZ | 931 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 933 Label is the actual label value inserted in the label stack; the MBZ 934 fields MUST be zero when sent, and ignored on receipt. 936 3.3. Downstream Mapping 938 The Downstream Mapping object is a TLV which MAY be included in an 939 echo request message. Only one Downstream Mapping object may appear 940 in an echo request. The presence of a Downstream Mapping object is a 941 request that Downstream Mapping objects be included in the echo 942 reply. If the replying router is the destination of the FEC, then a 943 Downstream Mapping TLV SHOULD NOT be included in the echo reply. 944 Otherwise the replying router SHOULD include a Downstream Mapping 945 object for each interface over which this FEC could be forwarded. 946 For a more precise definition of the notion of "downstream", see sec- 947 tion 3.3.2, "Downstream Router and Interface". 949 The Length is K + M + 4*N octets, where M is the Multipath Length, 950 and N is the number of Downstream Labels. Values for K are found in 951 the description of Address Type below. The Value field of a Down- 952 stream Mapping has the following format: 954 0 1 2 3 955 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 956 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 957 | MTU | Address Type | DS Flags | 958 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 959 | Downstream IP Address (4 or 16 octets) | 960 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 961 | Downstream Interface Address (4 or 16 octets) | 962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 963 | Multipath Type| Depth Limit | Multipath Length | 964 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 965 . . 966 . (Multipath Information) . 967 . . 968 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 969 | Downstream Label | Protocol | 970 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 971 . . 972 . . 973 . . 974 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 975 | Downstream Label | Protocol | 976 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 978 Maximum Transmission Unit (MTU) 980 The MTU is the size in octets of the largest MPLS frame (including 981 label stack) that fits on the interface to the Downstream LSR. 983 Address Type 985 The Address Type indicates if the interface is numbered or unnum- 986 bered. It also determines the length of the Downstream IP Address 987 and Downstream Interface fields. The resulting total for the initial 988 part of the TLV is listed in the table below as "K Octets". The 989 Address Type is set to one of the following values: 991 Type # Address Type K Octets 992 ------ ------------ -------- 993 1 IPv4 Numbered 16 994 2 IPv4 Unnumbered 16 995 3 IPv6 Numbered 40 996 4 IPv6 Unnumbered 28 998 DS Flags 1000 The DS Flags field is a bit vector with the following format: 1002 0 1 2 3 4 5 6 7 1003 +-+-+-+-+-+-+-+-+ 1004 | Rsvd(MBZ) |I|N| 1005 +-+-+-+-+-+-+-+-+ 1007 Two flags are defined currently, I and N. The remaining flags MUST 1008 be set to zero when sending, and ignored on receipt. 1010 Flag Name and Meaning 1011 ---- ---------------- 1013 I Interface and Label Stack Object Request 1015 When this flag is set, it indicates that the replying 1016 router SHOULD include an Interface and Label Stack 1017 Object in the echo reply message 1019 N Treat as a Non-IP Packet 1021 Echo request messages will be used to diagnose non-IP 1022 flows. However, these messages are carried in IP 1023 packets. For a router which alters its ECMP algorithm 1024 based on the FEC or deep packet examination, this flag 1025 requests that the router treat this as it would if the 1026 determination of an IP payload had failed. 1028 Downstream IP Address and Downstream Interface Address 1030 IPv4 addresses and and interface indices are encoded in 4 octets, 1031 IPv6 addresses are encoded in 16 octets. 1033 If the interface to the downstream LSR is numbered, then the Address 1034 Type MUST be set to IPv4 or IPv6, the Downstream IP Address MUST be 1035 set to either the downstream LSR's Router ID or the interface address 1036 of the downstream LSR, and the Downstream Interface Address MUST be 1037 set to the downstream LSR's interface address. 1039 If the interface to the downstream LSR is unnumbered, the Address 1040 Type MUST be IPv4 Unnumbered or IPv6 Unnumbered, the Downstream IP 1041 Address MUST be the downstream LSR's Router ID, and the Downstream 1042 Interface Address MUST be set to the index assigned by the upstream 1043 LSR to the interface. 1045 If an LSR does not know the IP address of its neighbor, then it MUST 1046 set the Address Type to either IPv4 Unnumbered or IPv6 Unnumbered. 1047 For IPv4 it must set the Downstream IP Address to 127.0.0.1, for IPv6 1048 the address is set to 0::1. In both cases the interface index MUST 1049 be set to 0. If an LSR receives an Echo Request packet with either 1050 of these addresses in the Downstream IP Address field, this indicates 1051 that it MUST bypass interface verification but continue with label 1052 validation. 1054 If the originator of an Echo Request packet wishes to obtain Down- 1055 stream mapping information but does not know the expected label stack 1056 then it SHOULD set the Address Type to either IPv4 Unnumbered or IPv6 1057 Unnumbered. For IPv4 it MUST set the Downstream IP Address to 1058 224.0.0.2, for IPv6 the address MUST be set to FF02::2. In both 1059 cases the interface index MUST be set to 0. If an LSR receives an 1060 Echo Request packet with the all-routers multicast address, then this 1061 indicates that it MUST bypass both interface and label stack valida- 1062 tion, but return Downstream Mapping TLVs using the information pro- 1063 vided. 1065 Multipath Type 1067 The following Multipath Types are defined: 1069 Key Type Multipath Information 1070 --- ---------------- --------------------- 1071 0 no multipath Empty (Multipath Length = 0) 1072 2 IP address IP addresses 1073 4 IP address range low/high address pairs 1074 8 Bit-masked IP IP address prefix and bit mask 1075 address set 1076 9 Bit-masked label set Label prefix and bit mask 1078 Type 0 indicates that all packets will be forwarded out this one 1079 interface. 1081 Types 2, 4, 8 and 9 specify that the supplied Multipath Information 1082 will serve to exercise this path. 1084 Depth Limit 1086 The Depth Limit is applicable only to a label stack, and is the maxi- 1087 mum number of labels considered in the hash; this SHOULD be set to 1088 zero if unspecified or unlimited. 1090 Multipath Length 1092 The length in octets of the Multipath Information. 1094 Multipath Information 1096 Address or label values encoded according to the Multipath Type. See 1097 the next section below for encoding details. 1099 Downstream Label(s) 1101 The set of labels in the label stack as it would have appeared if 1102 this router were forwarding the packet through this interface. Any 1103 Implicit Null labels are explicitly included. Labels are treated as 1104 numbers, i.e. they are right justified in the field. 1106 A Downstream Label is 24 bits, in the same format as an MPLS label 1107 minus the TTL field, i.e., the MSBit of the label is bit 0, the LSBit 1108 is bit 19, the EXP bits are bits 20-22, and bit 23 is the S bit. The 1109 replying router SHOULD fill in the EXP and S bits; the LSR receiving 1110 the echo reply MAY choose to ignore these bits. 1112 Protocol 1114 The Protocol is taken from the following table: 1116 Protocol # Signaling Protocol 1117 ---------- ------------------ 1118 0 Unknown 1119 1 Static 1120 2 BGP 1121 3 LDP 1122 4 RSVP-TE 1124 3.3.1. Multipath Information Encoding 1126 The multipath information encodes labels or addresses which will 1127 exercise this path. The multipath information depends on the multi- 1128 path type. The contents of the field are shown in the table above. 1129 IPv4 addresses are drawn from the range 127/8; IPv6 addresses are 1130 drawn from the range 0:0:0:0:0:FFFF:127/104. Labels are treated as 1131 numbers, i.e. they are right justified in the field. For Type 4, 1132 ranges indicated by Address pairs MUST NOT overlap and MUST be in 1133 ascending sequence. 1135 Type 8 allows a denser encoding of IP address. The IP prefix is for- 1136 matted as a base IP address with the non-prefix low order bits set to 1137 zero. The maximum prefix length is 27. Following the prefix is a 1138 mask of length 2^(32-prefix length) bits for IPv4 and 2^(128-prefix 1139 length) bits for IPv6. Each bit set to one represents a valid 1140 address. The address is the base IPv4 address plus the position of 1141 the bit in the mask where the bits are numbered left to right begin- 1142 ning with zero. For example the IPv4 addresses 127.2.1.0, 1143 127.2.1.5-127.2.1.15, and 127.2.1.20-127.2.1.29 would be encoded as 1144 follows: 1146 0 1 2 3 1147 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1149 |0 1 1 1 1 1 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0| 1150 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1151 |1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 0 0| 1152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1154 Those same addresses embedded in IPv6 would be encoded as follows: 1156 0 1 2 3 1157 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1159 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| 1160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1161 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| 1162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1163 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| 1164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1165 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1| 1166 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1167 |0 1 1 1 1 1 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0| 1168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1169 |1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 0 0| 1170 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1172 Type 9 allows a denser encoding of Labels. The label prefix is for- 1173 matted as a base label value with the non-prefix low order bits set 1174 to zero. The maximum prefix (including leading zeros due to encod- 1175 ing) length is 27. Following the prefix is a mask of length 1176 2^(32-prefix length) bits. Each bit set to one represents a valid 1177 Label. The label is the base label plus the position of the bit in 1178 the mask where the bits are numbered left to right beginning with 1179 zero. Label values of all the odd numbers between 1152 and 1279 1180 would be encoded as follows: 1182 0 1 2 3 1183 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1185 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0| 1186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1187 |0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1| 1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1189 |0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1| 1190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1191 |0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1| 1192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1193 |0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1| 1194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1196 If the received multipath information is non-null, the labels and IP 1197 addresses MUST be picked from the set provided. If none of these 1198 labels or addresses map to a particular downstream interface, then 1199 for that interface, the type MUST be set to 0. If the received mul- 1200 tipath information is null, (i.e. Multipath Length = 0, or for Types 1201 8 and 9 a mask of all zeroes) the receiver the type MUST be set to 0. 1203 For example, suppose LSR X at hop 10 has two downstream LSRs Y and Z 1204 for the FEC in question. The received X could return Multipath Type 1205 4, with low/high IP addresses of 127.1.1.1->127.1.1.255 for down- 1206 stream LSR Y and 127.2.1.1->127.2.1.255 for downstream LSR Z. The 1207 head end reflects this information to LSR Y. Y, which has three 1208 downstream LSRs U, V and W, computes that 127.1.1.1->127.1.1.127 1209 would go to U and 127.1.1.128-> 127.1.1.255 would go to V. Y would 1210 then respond with 3 Downstream Mappings: to U, with Multipath Type 4 1211 (127.1.1.1->127.1.1.127); to V, with Multipath Type 4 1212 (127.1.1.127->127.1.1.255); and to W, with Multipath Type 0. 1214 Note that computing multi-path information may impose a significant 1215 processing burden on the receiver. A receiver MAY thus choose to 1216 process a subset of the received prefixes. The sender, on receiving 1217 a reply to a Downstream Map with partial information, SHOULD assume 1218 that the prefixes missing in the reply were skipped by the receiver, 1219 and MAY re-request information about them in a new echo request. 1221 3.3.2. Downstream Router and Interface 1223 The notion of "downstream router" and "downstream interface" should 1224 be explained. Consider an LSR X. If a packet that was originated 1225 with TTL n>1 arrived with outermost label L and TTL=1 at LSR X, X 1226 must be able to compute which LSRs could receive the packet if it was 1227 originated with TTL=n+1, over which interface the request would 1228 arrive and what label stack those LSRs would see. (It is outside the 1229 scope of this document to specify how this computation is done.) The 1230 set of these LSRs/interfaces are the downstream routers/interfaces 1231 (and their corresponding labels) for X with respect to L. Each pair 1232 of downstream router and interface requires a separate Downstream 1233 Mapping to be added to the reply. 1235 The case where X is the LSR originating the echo request is a special 1236 case. X needs to figure out what LSRs would receive the MPLS echo 1237 request for a given FEC Stack that X originates with TTL=1. 1239 The set of downstream routers at X may be alternative paths (see the 1240 discussion below on ECMP) or simultaneous paths (e.g., for MPLS mul- 1241 ticast). In the former case, the Multipath Information is used as a 1242 hint to the sender as to how it may influence the choice of these 1243 alternatives. 1245 3.4. Pad TLV 1247 The value part of the Pad TLV contains a variable number (>= 1) of 1248 octets. The first octet takes values from the following table; all 1249 the other octets (if any) are ignored. The receiver SHOULD verify 1250 that the TLV is received in its entirety, but otherwise ignores the 1251 contents of this TLV, apart from the first octet. 1253 Value Meaning 1254 ----- ------- 1255 1 Drop Pad TLV from reply 1256 2 Copy Pad TLV to reply 1257 3-255 Reserved for future use 1259 3.5. Vendor Enterprise Number 1261 SMI Private Enterprise Numbers are maintained by IANA. The Length is 1262 always 4; the value is the SMI Private Enterprise code, in network 1263 octet order, of the vendor with a Vendor Private extension to any of 1264 the fields in the fixed part of the message, in which case this TLV 1265 MUST be present. If none of the fields in the fixed part of the mes- 1266 sage have vendor private extensions, inclusion of this this TLV in is 1267 OPTIONAL. Vendor private ranges for Message Types, Reply Modes, and 1268 Return Codes have been defined. When any of these are used the Ven- 1269 dor Enterprise Number TLV MUST be included in the message. 1271 3.6. Interface and Label Stack 1273 The Interface and Label Stack TLV MAY be included in a reply message 1274 to report the interface on which the request message was received and 1275 the label stack which was on the packet when it was received. Only 1276 one such object may appear. The purpose of the object is to allow 1277 the upstream router to obtain the exact interface and label stack 1278 information as it appears at the replying LSR. 1280 The Length is K + 4*N octets, N is the number of labels in the Label 1281 Stack. Values for K are found in the description of Address Type 1282 below. The Value field of a Downstream Mapping has the following 1283 format: 1285 0 1 2 3 1286 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1288 | Address Type | Must be Zero | 1289 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1290 | IP Address (4 or 16 octets) | 1291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1292 | Interface (4 or 16 octets) | 1293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1294 . . 1295 . . 1296 . Label Stack . 1297 . . 1298 . . 1299 . . 1300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1302 Address Type 1304 The Address Type indicates if the interface is numbered or unnum- 1305 bered. It also determines the length of the IP Address and Interface 1306 fields. The resulting total for the initial part of the TLV is 1307 listed in the table below as "K Octets". The Address Type is set to 1308 one of the following values: 1310 Type # Address Type K Octets 1311 ------ ------------ -------- 1312 1 IPv4 Numbered 12 1313 2 IPv4 Unnumbered 12 1314 3 IPv6 Numbered 36 1315 4 IPv6 Unnumbered 24 1317 IP Address and Interface 1319 IPv4 addresses and and interface indices are encoded in 4 octets, 1320 IPv6 addresses are encoded in 16 octets. 1322 If the interface upon which the echo request message was received is 1323 numbered, then the Address Type MUST be set to IPv4 or IPv6, the IP 1324 Address MUST be set to either the LSR's Router ID or the interface 1325 address, and the Interface MUST be set to the interface address. 1327 If the interface unnumbered, the Address Type MUST be either IPv4 1328 Unnumbered or IPv6 Unnumbered, the IP Address MUST be the LSR's 1329 Router ID, and the Interface MUST be set to the index assigned to the 1330 interface. 1332 Label Stack 1334 The label stack of the received echo request message. If any TTL 1335 values have been changed by this router, they SHOULD be restored. 1337 3.7. Errored TLVs 1339 The following TLV is a TLV which MAY be included in an echo reply to 1340 inform the sender of an echo request of Mandatory TLVs either not 1341 supported by an implementation, or parsed and found to be in error. 1343 The Value field contains the TLVs that were not understood, encoded 1344 as sub-TLVs. 1346 0 1 2 3 1347 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1348 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1349 | Type = 9 | Length | 1350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1351 | Value | 1352 . . 1353 . . 1354 . . 1355 | | 1356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1358 3.8. Reply TOS Byte TLV 1360 This TLV MAY be used by the originator of the echo request to 1361 request 1362 that a echo reply be sent with the IP header TOS byte set to 1363 the value specified in the TLV. This TLV has a length of 4 with 1364 the following value field. 1366 0 1 2 3 1367 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1369 | Reply-TOS Byte| Must be zero | 1370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1372 4. Theory of Operation 1374 An MPLS echo request is used to test a particular LSP. The LSP to be 1375 tested is identified by the "FEC Stack"; for example, if the LSP was 1376 set up via LDP, and is to an egress IP address of 10.1.1.1, the FEC 1377 stack contains a single element, namely, an LDP IPv4 prefix sub-TLV 1378 with value 10.1.1.1/32. If the LSP being tested is an RSVP LSP, the 1379 FEC stack consists of a single element that captures the RSVP Session 1380 and Sender Template which uniquely identifies the LSP. 1382 FEC stacks can be more complex. For example, one may wish to test a 1383 VPN IPv4 prefix of 10.1/8 that is tunneled over an LDP LSP with 1384 egress 10.10.1.1. The FEC stack would then contain two sub-TLVs, the 1385 bottom being a VPN IPv4 prefix, and the top being an LDP IPv4 prefix. 1386 If the underlying (LDP) tunnel were not known, or was considered 1387 irrelevant, the FEC stack could be a single element with just the VPN 1388 IPv4 sub-TLV. 1390 When an MPLS echo request is received, the receiver is expected to 1391 verify that the control plane and data plane are both healthy (for 1392 the FEC stack being pinged), and that the two planes are in sync. 1393 The procedures for this are in section 4.4 below. 1395 4.1. Dealing with Equal-Cost Multi-Path (ECMP) 1397 LSPs need not be simple point-to-point tunnels. Frequently, a single 1398 LSP may originate at several ingresses, and terminate at several 1399 egresses; this is very common with LDP LSPs. LSPs for a given FEC 1400 may also have multiple "next hops" at transit LSRs. At an ingress, 1401 there may also be several different LSPs to choose from to get to the 1402 desired endpoint. Finally, LSPs may have backup paths, detour paths 1403 and other alternative paths to take should the primary LSP go down. 1405 To deal with the last two first: it is assumed that the LSR sourcing 1406 MPLS echo requests can force the echo request into any desired LSP, 1407 so choosing among multiple LSPs at the ingress is not an issue. The 1408 problem of probing the various flavors of backup paths that will typ- 1409 ically not be used for forwarding data unless the primary LSP is down 1410 will not be addressed here. 1412 Since the actual LSP and path that a given packet may take may not be 1413 known a priori, it is useful if MPLS echo requests can exercise all 1414 possible paths. This, while desirable, may not be practical, because 1415 the algorithms that a given LSR uses to distribute packets over 1416 alternative paths may be proprietary. 1418 To achieve some degree of coverage of alternate paths, there is a 1419 certain latitude in choosing the destination IP address and source 1420 UDP port for an MPLS echo request. This is clearly not sufficient; 1421 in the case of traceroute, more latitude is offered by means of the 1422 Multipath Information of the Downstream Mapping TLV. This is used as 1423 follows. An ingress LSR periodically sends an MPLS traceroute mes- 1424 sage to determine whether there are multipaths for a given LSP. If 1425 so, each hop will provide some information how each of its downstream 1426 paths can be exercised. The ingress can then send MPLS echo requests 1427 that exercise these paths. If several transit LSRs have ECMP, the 1428 ingress may attempt to compose these to exercise all possible paths. 1429 However, full coverage may not be possible. 1431 4.2. Testing LSPs That Are Used to Carry MPLS Payloads 1433 To detect certain LSP breakages, it may be necessary to encapsulate 1434 an MPLS echo request packet with at least one additional label when 1435 testing LSPs that are used to carry MPLS payloads (such as LSPs used 1436 to carry L2VPN and L3VPN traffic. For example, when testing LDP or 1437 RSVP-TE LSPs, just sending an MPLS echo request packet may not detect 1438 instances where the router immediately upstream of the destination of 1439 the LSP ping may forward the MPLS echo request successfully over an 1440 interface not configured to carry MPLS payloads because of the use of 1441 penultimate hop popping. Since the receiving router has no means to 1442 differentiate whether the IP packet was sent unlabeled or implicitly 1443 labeled, the addition of labels shimmed above the MPLS echo request 1444 (using the Nil FEC) will prevent a router from forwarding such a 1445 packet out unlabeled interfaces. 1447 4.3. Sending an MPLS Echo Request 1449 An MPLS echo request is a UDP packet. The IP header is set as fol- 1450 lows: the source IP address is a routable address of the sender; the 1451 destination IP address is a (randomly chosen) IPv4 address from the 1452 range 127/8 or IPv6 address from the range 0:0:0:0:0:FFFF:127/104. 1453 the IP TTL is set to 1. The source UDP port is chosen by the sender; 1454 the destination UDP port is set to 3503 (assigned by IANA for MPLS 1455 echo requests). The Router Alert option MUST be set in the IP 1456 header. 1458 An MPlS Echo Request is sent with a label stack corresponding to the 1459 FEC stack being tested. Note that further labels could be applied 1460 if, for example, the normal route to the topmost FEC in the stack is 1461 via a Traffic Engineered Tunnel [RSVP-TE]. If all of the FECs in the 1462 stack correspond to Implicit Null Labels the MPLS echo request is 1463 considered unlabeled even if further labels will be applied in send- 1464 ing the packet. 1466 If the echo request is labeled, one MAY (depending on what is being 1467 pinged) set the TTL of the innermost label to 1, to prevent the ping 1468 request going farther than it should. Examples of where this SHOULD 1469 be done include pinging a VPN IPv4 or IPv6 prefix, an L2 VPN end 1470 point or a pseudowire. Preventing the ping request from going to far 1471 can also be accomplished by inserting a router alert label above this 1472 label; however, this may lead to the undesired side effect that MPLS 1473 echo requests take a different data path than actual data. For more 1474 information on how these mechanisms can be used for pseudowire con- 1475 nectivity verification, see [VCCV]. 1477 In "ping" mode (end-to-end connectivity check), the TTL in the outer- 1478 most label is set to 255. In "traceroute" mode (fault isolation 1479 mode), the TTL is set successively to 1, 2, .... 1481 The sender chooses a Sender's Handle, and a Sequence Number. When 1482 sending subsequent MPLS echo requests, the sender SHOULD increment 1483 the sequence number by 1. However, a sender MAY choose to send a 1484 group of echo requests with the same sequence number to improve the 1485 chance of arrival of at least one packet with that sequence number. 1487 The TimeStamp Sent is set to the time-of-day (in seconds and 1488 microseconds) that the echo request is sent. The TimeStamp Received 1489 is set to zero. 1491 An MPLS echo request MUST have a FEC Stack TLV. Also, the Reply Mode 1492 must be set to the desired reply mode; the Return Code and Subcode 1493 are set to zero. In the "traceroute" mode, the echo request SHOULD 1494 include a Downstream Mapping TLV. 1496 4.4. Receiving an MPLS Echo Request 1498 Sending An MPLS Echo Request to the control plane is triggered by 1499 one of the following packet processing exceptions: Router Alert 1500 Option, IP TTL expiration, MPLS TTL expiration, MPLS Router Alert 1501 Label, or the destination address in the 127/8 address range. The 1502 control plane further identifies it by UDP destination port 3503. 1504 For reporting purposes the bottom of stack is considered to be 1505 stack-depth of 1. This is to establish an absolute reference for 1506 the case where the actual stack may have more labels than there are 1507 FECs in the Target FEC Stack. 1509 Further, in all the error codes listed in this document a 1510 stack-depth of 0 means "no value specified". This allows 1511 compatibility with existing implementations which do not use the 1512 Return Subcode field. 1514 An LSR X that receives an MPLS Echo Request then processes it as 1515 follows. 1517 1. General packet sanity is verified. If the packet is not 1518 well-formed, LSR X SHOULD send an MPLS Echo Reply with the 1519 Return Code set to "Malformed echo request received" and the 1520 Subcode to zero. If there are any TLVs not marked as "Ignore" 1521 that LSR X does not understand, LSR X SHOULD send an MPLS "TLV 1522 not understood" (as appropriate), and the Subcode set to 1523 zero. In the latter case, the misunderstood TLVs (only) are 1524 included as sub-TLVs in an Errored TLVs TLV in the reply. The 1525 header fields Sender's Handle, Sequence Number, and Timestamp 1526 Sent are not examined, but are included in the MPLS Echo Reply 1527 message. 1529 The algorithm uses the following variables and identifiers: 1531 Interface-I: the interface on which the MPLS Echo Request was 1532 received. 1534 Stack-R: the label stack on the packet as it was 1535 received. 1537 Stack-D: the label stack carried in the Downstream 1538 Mapping TLV (not always present) 1540 Label-L: the label from the actual stack currently being 1541 examined. Requires no initialization. 1543 Label-stack-depth: the depth of label being verified. Initialized 1544 to the number of labels in the received label 1545 stack S. 1547 FEC-stack-depth: depth of the FEC in the Target FEC Stack that 1548 should be used to verify the current actual 1549 label. Requires no initialization. 1551 Best-return-code: contains the return code for the Echo Reply 1552 packet as currently best known. As algorithm 1553 progresses, this code may change depending on 1554 the results of further checks that it performs. 1556 Best-rtn-subcode: similar to Best-return-code, but for the Echo 1557 Reply Subcode. 1559 FEC-status: result value returned by the FEC Checking 1560 algorithm described in section 4.4.1. 1562 /* Save receive context information */ 1564 2. If the echo request is good, LSR X stores the interface over 1565 which the echo was received in Interface-I, and the label stack 1566 with which it came in Stack-R. 1568 /* The rest of the algorithm iterates over the labels in Stack-R, 1569 verifies validity of label values, reports associated label 1570 switching operations (for traceroute), verifies correspondence 1571 between the Stack-R and the Target FEC Stack description in the 1572 body of the Echo Request, and reports any errors. */ 1574 /* The algorithm iterates as follows. */ 1576 3. Label Validation: 1578 If Label-stack-depth is 0 { 1580 /* The LSR needs to report its being a tail-end for the LSP */ 1582 Set FEC-stack-depth to 1, set Label-L to 3 (Implicit Null). 1583 Set Best-return-code to 3 ("Replying router is an egress for 1584 the FEC at stack depth"), set Best-rtn-subcode to the 1585 value of FEC-stack-depth (1) and go to step 5 (Egress 1586 Processing). 1587 } 1588 /* This step assumes there's always an entry for well-known 1589 label values */ 1591 Set Label-L to the value extracted from Stack-R at depth 1592 Label-stack-depth. Lookup Label-L in the Incoming Label Map 1593 (ILM) to determine if the label has been allocated and an 1594 operation is associated with it. 1596 If there is no entry for L { 1598 /* Indicates a temporary or permanent label synchronization 1599 problem the LSR needs to report an error */ 1601 Set Best-return-code to 11 ("No label entry at stack-depth") 1602 and Best-rtn-subcode to Label-stack-depth. Go to step 7 1603 (Send Reply Packet). 1604 } 1606 Else { 1608 Retrieve the associated label operation from the 1609 corresponding NLFE and proceed to step 4 (Label Operation). 1610 } 1612 4. Label Operation Check 1614 If the label operation is "Pop and Continue Processing" { 1616 /* Includes Explicit Null and Router Alert label cases */ 1618 Iterate to the next label by decrementing Label-stack-depth 1619 and loop back to step 3 (Label Validation). 1620 } 1622 If the label operation is "Swap or Pop and Switch based on Popped 1623 Label" { 1625 Set Best-return-code to 8 ("Label switched at stack-depth") 1626 and Best-rtn-subcode to Label-stack-depth to report transit 1627 switching. 1629 If a Downstream Mapping TLV is present in the received Echo 1630 Request { 1632 If the IP address in the TLV is 127.0.0.1 or 0::1 { 1633 Set Best-return-code to 6 ("Upstream Interface Index 1634 Unknown"). An Interface and Label Stack TLV SHOULD be 1635 included in the reply and filled with Interface-I and 1636 Stack-R. 1637 } 1639 Else { 1641 Verify that the IP address, interface address and label 1642 stack in the Downstream Mapping TLV match Interface-I 1643 and Stack-R. If there is a mismatch, set 1644 Best-return-code to 5, "Downstream Mapping Mismatch". 1645 An Interface and Label Stack TLV SHOULD be included in 1646 the reply and filled in based on Interface-I and 1647 Stack-R. Go to step 7 (Send Reply Packet). 1648 } 1649 } 1651 For each available downstream ECMP path { 1653 Retrieve output interface from the NHLFE entry. 1655 /* Note: this return code is set even if Label-stack-depth 1656 is one */ 1658 If the output interface is not MPLS-enabled { 1660 set Best-return-code to Return Code 9, "Label switched 1661 but no MPLS forwarding at stack-depth" and set 1662 Best-rtn-subcode to Label-stack-depth and goto 1663 Send_Reply_Packet. 1664 } 1666 If a Downstream Mapping TLV is present { 1668 A Downstream mapping TLV SHOULD be included in the Echo 1669 Reply (see section 3.3) filled in with information about 1670 the current ECMP path. 1671 } 1672 } 1674 If no Downstream Mapping TLV is present, or the Downstream IP 1675 Address is set to the ALLROUTERS multicast address, 1676 Go to step 7 (Send Reply Packet). 1678 If the "Validate FEC Stack" flag is not set and the LSR is not 1679 configured to perform FEC checking by default, go to step 7 1680 (Send Reply Packet). 1682 /* Validate the Target FEC Stack in the received Echo Request. 1684 First determine FEC-stack-depth from the Downstream Mapping 1685 TLV. This is done by walking through Stack-D (the Downstream 1686 Labels) from the bottom, decrementing the number of labels 1687 for each non-Implicit Null label, while incrementing 1688 FEC-stack-depth for each label. If the Downstream Mapping TLV 1689 contains one or more Implicit Null labels, FEC-stack-depth 1690 may be greater than Label-stack-depth. To be consistent with 1691 the above stack-depths, the bottom is considered to entry 1. 1692 */ 1694 Set FEC-stack-depth to 0. Set i to Label-stack-depth. 1696 While (i > 0 ) do { 1697 ++FEC-stack-depth. 1698 if Stack-D[FEC-stack-depth] != 3 (Implicit Null) 1699 --i. 1700 } 1702 If the number of labels in the FEC stack is greater 1703 than or equal to FEC-stack-depth { 1705 Perform the FEC Checking procedure (see subsection 4.4.1 1706 below). 1708 If FEC-status is 2 set Best-return-code to 10 ("Mapping 1709 for this FEC is not the given label at stack-depth"). 1711 If the return code is 1 set Best-return-code to 1712 FEC-return-code and Best-rtn-subcode to FEC-stack-depth. 1713 } 1715 Go to step 7 (Send Reply Packet). 1716 } 1718 5. Egress Processing: 1720 /* These steps are performed by the LSR that identified itself 1721 as the tail-end LSR for an LSP. */ 1723 If received Echo Request contains no Downstream Mapping TLV, or 1724 the Downstream IP Address is set to 127.0.0.1 or 0::1 1725 Go t0 step 6 (Egress FEC Validation). 1727 Verify that the IP address, interface address and label stack in 1728 the Downstream mapping TLV match Interface-I and Stack-R. If 1729 not, set Best-return-code to 5, "Downstream Mapping 1730 Mis-match". A Received Interface and Label Stack TLV SHOULD be 1731 created for the Echo Response packet. Go to step 7 (Send Reply 1732 Packet). 1734 6. Egress FEC Validation: 1736 /* This is a loop for all entries in the Target FEC Stack 1737 starting with FEC-stack-depth. */ 1739 Perform FEC checking by following the algorithm described in 1740 subsection 4.4.1 for Label-L and the FEC at FEC-stack-depth. 1742 Set Best-return-code to FEC-code and Best-rtn-subcode to the 1743 value in FEC-stack-depth. 1745 If FEC-status (the result of the check) is 1, 1746 Go to step 7 (Send Reply Packet). 1748 /* Iterate to the next FEC entry */ 1750 ++FEC-stack-depth. 1752 If FEC-stack-depth > the number of FECs in the FEC-stack, 1753 Go to step 7 (Send Reply Packet). 1755 If FEC-status is 0 { 1756 ++Label-stack-depth. 1757 If Label-stack-depth > the number of labels in Stack-R, 1758 Go to step 7 (Send Reply Packet). 1760 Label-L = extracted label from Stack-R at depth 1761 Label-stack-depth. 1762 Loop back to step 6 (Egress FEC Validation). 1763 } 1765 7. Send Reply Packet: 1767 Send an MPLS Echo Reply with a Return Code of Best-return-code, 1768 and a Return Subcode of Best-rtn-subcode. Include any TLVs 1769 created during the above process. The procedures for sending 1770 the Echo Reply are found in subsection 4.4.1. 1772 4.4.1. FEC Validation 1774 /* This subsection describes validation of a FEC entry within the 1775 Target FEC Stack and accepts a FEC, Label-L and Interface-I. 1776 The algorithm performs the following steps. */ 1778 1. Two return values, FEC-status and FEC-return-code, are initialized 1779 to 0. 1781 2. If the FEC is the Nil FEC { 1782 If Label-L is either Explicit_Null or Router_Alert, return. 1784 Else { 1785 Set FEC-return-code to 10 ("Mapping for this FEC is not 1786 the given label at stack-depth"). 1787 Set FEC-status to 1 1788 Return. 1789 } 1790 } 1792 3. Check the FEC label mapping that describes how traffic received 1793 on the LSP is further switched or which application it is 1794 associated with. If no mapping exists, set FEC-return-code to 1795 Return 4, "Replying router has no mapping for the FEC at 1796 stack-depth". Set FEC-status to 1. Return. 1798 4. If the label mapping for FEC is Implicit Null, set FEC-status to 1799 2 and proceed to step 5. Otherwise, if the label mapping for FEC 1800 is Label-L, proceed to step 5. Otherwise, set FEC-return-code to 1801 10 ("Mapping for this FEC is not the given label at 1802 stack-depth"), set FEC-status to 1 and return. 1804 5. This is a protocol check. Check what protocol would be used to 1805 advertise FEC. If it can be determined that no protocol 1806 associated with Interface-I would have advertised a FEC of that 1807 FEC-Type, set FEC-return-code to 12 ("Protocol not associated 1808 with interface at FEC stack-depth"). Set FEC-status to 1. 1810 6. Return. 1812 4.5. Sending an MPLS Echo Reply 1814 An MPLS echo reply is a UDP packet. It MUST ONLY be sent in response 1815 to an MPLS echo request. The source IP address is a routable address 1816 of the replier; the source port is the well-known UDP port for LSP 1817 ping. The destination IP address and UDP port are copied from the 1818 source IP address and UDP port of the echo request. The IP TTL is 1819 set to 255. If the Reply Mode in the echo request is "Reply via an 1820 IPv4 UDP packet with Router Alert", then the IP header MUST contain 1821 the Router Alert IP option. If the reply is sent over an LSP, the 1822 topmost label MUST in this case be the Router Alert label (1) (see 1823 [LABEL-STACK]). 1825 The format of the echo reply is the same as the echo request. The 1826 Sender's Handle, the Sequence Number and TimeStamp Sent are copied 1827 from the echo request; the TimeStamp Received is set to the time-of- 1828 day that the echo request is received (note that this information is 1829 most useful if the time-of-day clocks on the requester and the 1830 replier are synchronized). The FEC Stack TLV from the echo request 1831 MAY be copied to the reply. 1833 The replier MUST fill in the Return Code and Subcode, as determined 1834 in the previous subsection. 1836 If the echo request contains a Pad TLV, the replier MUST interpret 1837 the first octet for instructions regarding how to reply. 1839 If the replying router is the destination of the FEC, then Downstream 1840 Mapping TLVs SHOULD NOT be included in the echo reply. 1842 If the echo request contains a Downstream Mapping TLV, and the reply- 1843 ing router is not the destination of the FEC, the replier SHOULD com- 1844 pute its downstream routers and corresponding labels for the incoming 1845 label, and add Downstream Mapping TLVs for each one to the echo reply 1846 it sends back. 1848 If the Downstream Mapping TLV contains multipath information requir- 1849 ing more processing than the receiving router is willing to perform, 1850 the responding router MAY choose to respond with only a subset of 1851 multipaths contained in the echo request Downstream Map. (Note: The 1852 originator of the echo request MAY send another echo request with the 1853 multipath information that was not included in the reply.) 1855 Except in the case of Reply Mode 4, "Reply via application level con- 1856 trol channel", Echo Replies are always sent in the context of the 1857 IP/MPLS network. 1859 4.6. Receiving an MPLS Echo Reply 1861 An LSR X should only receive an MPLS echo reply in response to an 1862 MPLS echo request that it sent. Thus, on receipt of an MPLS echo 1863 reply, X should parse the packet to assure that it is well-formed, 1864 then attempt to match up the echo reply with an echo request that it 1865 had previously sent, using the destination UDP port and the Sender's 1866 Handle. If no match is found, then X jettisons the echo reply; oth- 1867 erwise, it checks the Sequence Number to see if it matches. 1869 If the echo reply contains Downstream Mappings, and X wishes to 1870 traceroute further, it SHOULD copy the Downstream Mapping(s) into its 1871 next echo request(s) (with TTL incremented by one). 1873 4.7. Issue with VPN IPv4 and IPv6 Prefixes 1875 Typically, a LSP ping for a VPN IPv4 prefix or VPN IPv6 prefix is 1876 sent with a label stack of depth greater than 1, with the innermost 1877 label having a TTL of 1. This is to terminate the ping at the egress 1878 PE, before it gets sent to the customer device. However, under cer- 1879 tain circumstances, the label stack can shrink to a single label 1880 before the ping hits the egress PE; this will result in the ping ter- 1881 minating prematurely. One such scenario is a multi-AS Carrier's Car- 1882 rier VPN. 1884 To get around this problem, one approach is for the LSR that receives 1885 such a ping to realize that the ping terminated prematurely, and send 1886 back error code 13. In that case, the initiating LSR can retry the 1887 ping after incrementing the TTL on the VPN label. In this fashion, 1888 the ingress LSR will sequentially try TTL values until it finds one 1889 that allows the VPN ping to reach the egress PE. 1891 4.8. Non-compliant Routers 1893 If the egress for the FEC Stack being pinged does not support MPLS 1894 ping, then no reply will be sent, resulting in possible "false nega- 1895 tives". If in "traceroute" mode, a transit LSR does not support LSP 1896 ping, then no reply will be forthcoming from that LSR for some TTL, 1897 say n. The LSR originating the echo request SHOULD try sending the 1898 echo request with TTL=n+1, n+2, ..., n+k to probe LSRs further down 1899 the path. In such a case, the echo request for TTL > n SHOULD be 1900 sent with Downstream Mapping TLV "Downstream IP Address" field set to 1901 the ALLROUTERs multicast address until a reply is received with a 1902 Downstream Mapping TLV. The Label Stack MAY be omitted from the 1903 Downstream Mapping TLV. Further the "Validate FEC Stack" flag SHOULD 1904 NOT be set until an echo reply packet with a Downstream Mapping TLV 1905 is received. 1907 5. References 1909 Normative References 1911 [BGP] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 1912 (BGP-4)", RFC 1771, March 1995. 1914 [IANA] Narten, T. and H. Alvestrand, "Guidelines for IANA 1915 Considerations", BCP 26, RFC 2434, October 1998. 1917 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 1918 Requirement Levels", BCP 14, RFC 2119, March 1997. 1920 [LABEL-STACK] Rosen, E., et al, "MPLS Label Stack Encoding", 1921 RFC 3032, January 2001. 1923 [NTP] Mills, D., "Simple Network Time Protocol (SNTP) 1924 Version 4 for IPv4, IPv6 and OSI", RFC 2030, October 1925 1996. 1927 [RFC1122] Braden, R., "Requirements for Internet Hosts - 1928 Communication Layers", STD 3, RFC 1122, October 1989. 1930 [RFC1812] Almquist, P. and F. Kastenholz, "Towards Requirements 1931 for IP Routers", RFC 1716, November 1994. 1933 [RFC4026] Andersson, L. and T. Madsen, "Provider Provisioned 1934 Virtual Private Network (VPN) Terminology", RFC 4026, 1935 March 2005. 1937 Informative References 1939 [BGP-LABEL] Rekhter, Y. and E. Rosen, "Carrying Label Information 1940 in BGP-4", RFC 3107, May 2001. 1942 [ICMP] Postel, J., "Internet Control Message Protocol", 1943 RFC 792. 1945 [LDP] Andersson, L., et al, "LDP Specification", RFC 3036, 1946 January 2001. 1948 [MPLS-L3-VPN] Rekhter, Y. & Rosen, E., "BGP/MPLS IP VPNs", 1949 draft-ietf-l3vpn-rfc2547bis-03.txt, work-in-progress. 1951 [PW-CONTROL] Martini, L. et al., "Pseudowire Setup and Maintenance 1952 using the Label Distribution Protocol", 1953 draft-ietf-pwe3-control-protocol-17.txt, 1954 work-in-progress. 1956 [RSVP-TE] Awduche, D., et al., "RSVP-TE: Extensions to RSVP for 1957 LSP Tunnels", RFC 3209, December 2001. 1959 [VCCV] Nadeau, T. & Aggarwal, R., "Pseudo Wire Virtual 1960 Circuit Connectivity Verification (VCCV), 1961 draft-ietf-pwe3-vccv-07.txt, August 2005, 1962 work-in-progress. 1964 [VPLS-BGP] Kompella, K. and Rekhter, Y., "Virtual Private LAN 1965 Service", draft-ietf-l2vpn-vpls-bgp-05, 1966 work-in-progress. 1968 6. Security Considerations 1970 Overall, the security needs for LSP Ping are are similar to those of 1971 ICMP Ping. 1973 There are at least three approaches to attacking LSRs using the mech- 1974 anisms defined here. One is a Denial of Service attack, by sending 1975 MPLS echo requests/replies to LSRs and thereby increasing their work- 1976 load. The second is obfuscating the state of the MPLS data plane 1977 liveness by spoofing, hijacking, replaying or otherwise tampering 1978 with MPLS echo requests and replies. The third is an unauthorized 1979 source using an LSP Ping to obtain information about the network. 1981 To avoid potential Denial of Service attacks, it is RECOMMENDED that 1982 implementations regulate the LSP ping traffic going to the control 1983 plane. A rate limiter SHOULD be applied to the well-known UDP port 1984 defined below. 1986 Unsophisticated replay and spoofing attacks involving faking or 1987 replaying MPLS Echo Reply Messages are unlikely to be effective. 1988 These replies would have to match the the Sender's Handle and 1989 Sequence Number of an outstanding MPLS Echo Request Message. A non- 1990 matching replay would be discarded as the sequence has moved on, thus 1991 a spoof has only a small window of opportunity. However to provide a 1992 stronger defence, an implementation MAY also validate the TimeStamp 1993 Sent by requiring and exact match on this field. 1995 To protect against unauthorized sources using MPLS Echo Request mes- 1996 sages to obtain network information, it is RECOMMENDED that implemen- 1997 tations provides a means of checking the source addresses of MPLS 1998 Echo Request messages against an access list before accepting the 1999 message. 2001 It is not clear how to prevent hijacking (non-delivery) of echo 2002 requests or replies; however, if these messages are indeed hijacked, 2003 LSP ping will report that the data plane isn't working as it should. 2005 It doesn't seem vital (at this point) to secure the data carried in 2006 MPLS echo requests and replies, although knowledge of the state of 2007 the MPLS data plane may be considered confidential by some. Imple- 2008 mentations SHOULD however provide a means of filtering the addresses 2009 to which Echo Reply messages may be sent. 2011 Although this document makes special use of 127/8 address, these are 2012 used only in conjunction with the UDP port 3503. Further these pack- 2013 ets are only processed by routers. All other hosts MUST treat all 2014 packets with a destination address in the range 127/8 in accordance 2015 to RFC1122. Any packet received by a router with a destination 2016 address in the range 127/8 without a destination UDP port of 3503 2017 MUST be treated in accordance to RFC1812. In particular, the default 2018 behavior is to treat packets destined to a 127/8 address as "mar- 2019 tians". 2021 7. IANA Considerations 2023 The TCP and UDP port number 3503 has been allocated by IANA for LSP 2024 echo requests and replies. 2026 The following sections detail the new name spaces to be managed by 2027 IANA. For each of these name spaces, the space is divided into 2028 assignment ranges; the following terms are used in describing the 2029 procedures by which IANA allocates values: "Standards Action" (as 2030 defined in [IANA]); "Specification Required" and "Vendor Private 2031 Use". 2033 Values from "Specification Required" ranges MUST be registered with 2034 IANA. The request MUST be made via an Experimental RFC that 2035 describes the format and procedures for using the code point; the 2036 actual assignment is made during the IANA actions for the RFC. 2038 Values from "Vendor Private" ranges MUST NOT be registered with IANA; 2039 however, the message MUST contain an enterprise code as registered 2040 with the IANA SMI Private Network Management Private Enterprise Num- 2041 bers. For each name space that has a Vendor Private range, it must 2042 be specified where exactly the SMI Private Enterprise Number resides; 2043 see below for examples. In this way, several enterprises (vendors) 2044 can use the same code point without fear of collision. 2046 7.1. Message Types, Reply Modes, Return Codes 2048 It is requested that IANA maintain registries for Message Types, 2049 Reply Modes, and Return Codes. Each of these can take values in the 2050 range 0-255. Assignments in the range 0-191 are via Standards 2051 Action; assignments in the range 192-251 are made via "Specification 2052 Required"; values in the range 252-255 are for Vendor Private Use, 2053 and MUST NOT be allocated. 2055 If any of these fields fall in the Vendor Private range, a top-level 2056 Vendor Enterprise Number TLV MUST be present in the message. 2058 Message Types defined in this document are: 2060 Value Meaning 2061 ----- ------- 2062 1 MPLS Echo Request 2063 2 MPLS Echo Reply 2065 Reply Modes defined in this document are: 2067 Value Meaning 2068 ----- ------- 2069 1 Do not reply 2070 2 Reply via an IPv4/IPv6 UDP packet 2071 3 Reply via an IPv4/IPv6 UDP packet with Router Alert 2072 4 Reply via application level control channel 2074 Return Codes defined in this document are listed in section 3.1. 2076 7.2. TLVs 2078 It is requested that IANA maintain a registry for the Type field of 2079 top-level TLVs as well as for any associated sub-TLVs. Note the 2080 meaning of a sub-TLV is scoped by the TLV. The number spaces for the 2081 sub-TLVs of various TLVs are independent. 2083 The valid range for TLVs and sub-TLVs is 0-65535. Assignments in the 2084 range 0-16383 and 32768-49161 are made via Standards Action as 2085 defined in [IANA]; assignments in the range 16384-31743 and 2086 49162-64511 are made via "Specification Required" as defined above; 2087 values in the range 31744-32767 and 64512-65535 are for Vendor Pri- 2088 vate Use, and MUST NOT be allocated. 2090 If a TLV or sub-TLV has a Type that falls in the range for Vendor 2091 Private Use, the Length MUST be at least 4, and the first four octets 2092 MUST be that vendor's SMI Private Enterprise Number, in network octet 2093 order. The rest of the Value field is private to the vendor. 2095 TLVs and sub-TLVs defined in this document are: 2097 Type Sub-Type Value Field 2098 ---- -------- ----------- 2099 1 Target FEC Stack 2100 1 LDP IPv4 prefix 2101 2 LDP IPv6 prefix 2102 3 RSVP IPv4 LSP 2103 4 RSVP IPv6 LSP 2104 5 Not Assigned 2105 6 VPN IPv4 prefix 2106 7 VPN IPv6 prefix 2107 8 L2 VPN endpoint 2108 9 "FEC 128" Pseudowire (Deprecated) 2109 10 "FEC 128" Pseudowire 2110 11 "FEC 129" Pseudowire 2111 12 BGP labeled IPv4 prefix 2112 13 BGP labeled IPv6 prefix 2113 14 Generic IPv4 prefix 2114 15 Generic IPv6 prefix 2115 16 Nil FEC 2116 2 Downstream Mapping 2117 3 Pad 2118 4 Not Assigned 2119 5 Vendor Enterprise Number 2120 6 Not Assigned 2121 7 Interface and Label Stack 2122 8 Not Assigned 2123 9 Errored TLVs 2124 Any value The TLV not understood 2125 10 Reply TOS Byte 2127 8. Acknowledgments 2129 This document is the outcome of many discussions among many people, 2130 that include Manoj Leelanivas, Paul Traina, Yakov Rekhter, Der-Hwa 2131 Gan, Brook Bailey, Eric Rosen, Ina Minei, Shivani Aggarwal and Vanson 2132 Lim. 2134 The description of the Multipath Information sub-field of the Down- 2135 stream Mapping TLV was adapted from text suggested by Curtis Vil- 2136 lamizar. 2138 Authors' Addresses 2140 Kireeti Kompella 2141 Juniper Networks 2142 1194 N.Mathilda Ave 2143 Sunnyvale, CA 94089 2144 Email: kireeti@juniper.net 2146 George Swallow 2147 Cisco Systems 2148 1414 Massachusetts Ave, 2149 Boxborough, MA 01719 2150 Phone: +1 978 936 1398 2151 Email: swallow@cisco.com 2153 Copyright Notice 2155 Copyright (C) The Internet Society (2005). This document is subject 2156 to the rights, licenses and restrictions contained in BCP 78, and 2157 except as set forth therein, the authors retain all their rights. 2159 Expiration Date 2161 July 2006 2163 Disclaimer of Validity 2165 This document and the information contained herein are provided on an 2166 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 2167 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 2168 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 2169 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 2170 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 2171 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2173 The IETF takes no position regarding the validity or scope of any 2174 Intellectual Property Rights or other rights that might be claimed to 2175 pertain to the implementation or use of the technology described in 2176 this document or the extent to which any license under such rights 2177 might or might not be available; nor does it represent that it has 2178 made any independent effort to identify any such rights. Information 2179 on the procedures with respect to rights in RFC documents can be 2180 found in BCP 78 and BCP 79. 2182 Copies of IPR disclosures made to the IETF Secretariat and any 2183 assurances of licenses to be made available, or the result of an 2184 attempt made to obtain a general license or permission for the use of 2185 such proprietary rights by implementers or users of this 2186 specification can be obtained from the IETF on-line IPR repository at 2187 http://www.ietf.org/ipr. 2189 The IETF invites any interested party to bring to its attention any 2190 copyrights, patents or patent applications, or other proprietary 2191 rights that may cover technology that may be required to implement 2192 this standard. Please address the information to the IETF at 2193 ietf-ipr@ietf.org.