idnits 2.17.1 draft-ietf-mpls-tp-li-lb-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 24, 2011) is 4539 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 6371 (ref. '6') Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Sami Boutros (Ed.) 3 Internet Draft Siva Sivabalan (Ed.) 4 Intended status: Standards Track Cisco Systems, Inc. 5 Updates: 6371 (if approved) 6 Expires: April 24, 2012 Rahul Aggarwal (Ed.) 7 Arktan, Inc. 9 Martin Vigoureux (Ed.) 10 Alcatel-Lucent 12 Xuehui Dai (Ed.) 13 ZTE Corporation 15 October 24, 2011 17 MPLS Transport Profile lock Instruct and Loopback Functions 18 draft-ietf-mpls-tp-li-lb-08.txt 20 Abstract 22 Two useful Operations, Administration, and Maintenance (OAM) 23 functions in a transport network are "lock" and "loopback". The lock 24 function enables an operator to lock a transport path such that it 25 does not carry client traffic, but can continue to carry OAM messages 26 and may carry test traffic. The loopback function allows an operator 27 to set a specific node on the transport path into loopback mode such 28 that it returns all received data. 30 This document specifies the lock function for MPLS networks and 31 describes how the loopback function operates in MPLS networks. 33 This document updates RFC 6371 section 7.1.1 and 7.1.2. 35 Status of this Memo 37 This Internet-Draft is submitted to IETF in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF), its areas, and its working groups. Note that 42 other groups may also distribute working documents as Internet- 43 Drafts. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 50 The list of current Internet-Drafts can be accessed at 51 http://www.ietf.org/ietf/1id-abstracts.txt 52 The list of Internet-Draft Shadow Directories can be accessed at 53 http://www.ietf.org/shadow.html 55 Copyright Notice 57 Copyright (c) 2011 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents 62 (http://trustee.ietf.org/license-info) in effect on the date of 63 publication of this document. Please review these documents 64 carefully, as they describe your rights and restrictions with respect 65 to this document. Code Components extracted from this document must 66 include Simplified BSD License text as described in Section 4.e of 67 the Trust Legal Provisions and are provided without warranty as 68 described in the Simplified BSD License. 70 1. Introduction 72 Two useful Operations, Administration, and Maintenance (OAM) 73 functions in a transport network are "lock" and "loopback". This 74 document discusses these functions in the context of MPLS networks. 76 - The lock function enables an operator to lock a transport path such 77 that it does not carry client traffic. As per RFC 5860 [1], lock is 78 an administrative state in which it is expected that no client 79 traffic may be carried. However, test traffic and OAM messages can 80 still be mapped onto the locked transport path. The lock function 81 may be applied to to Label Switched Paths (LSPs), Pseudowires (PWs) 82 (including multi-segment Pseudowires) (MS-PWs), and bidirectional 83 MPLS Sections as defined in RFC 5960 [9]). 85 - The loopback function allows an operator to set a specific node on 86 a transport path into loopback mode such that it returns all 87 received data. Loopback can be applied at a Maintenance Entity 88 Group End Point (MEP) or a Maintenance Entity Group Intermediate 89 Point (MIP) on a co-routed bidirectional LSP, on a PW, or on an 90 bidirectional MPLS Section. It can also be applied at a MEP on an 91 associated bidirectional LSP. 93 Loopback is used to test the integrity of the transport path to and 94 from the node that is performing loopback. It requires that the 95 transport is locked and that a MEP on the transport path sends test 96 data which it also validates on receipt. 98 This document specifies the lock function for MPLS networks and 99 describes how the loopback function operates in MPLS networks. 101 This document updates RFC 6371 section 7.1.1 [6]. 103 1.1. Updates RFC 6371 105 This document updates section 7.1.1 and 7.1.2 of RFC 6371 [6]. 107 That framework makes the assumption that the Lock Instruct message is 108 used to independently enable locking and requires a response message. 110 The mechanism defined in this document requires that a lock 111 instruction is sent by management to both ends of the locked 112 transport path and that the Lock Instruct message does not require a 113 response. 115 2. Terminology and Conventions 117 2.1. Conventions Used in This Document 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC-2119 [2]. 123 2.2. Acronyms and Terms 125 ACH: Associated Channel Header 127 MEG: Maintenance Entity Group 129 MEP: Maintenance Entity Group End Point 131 MIP: Maintenance Entity Group Intermediate Point 133 MPLS-TP: MPLS Transport Profile 135 MPLS-TP LSP: Bidirectional Label Switch Path 137 TLV: Type Length Value 139 TTL: Time To Live 141 LI: Lock Instruct 143 NMS: Network Management System 145 Transport path: MPLS-TP LSP or MPLS PW 147 3. Lock Function 149 Lock is used to request a MEP to take a transport path out of service 150 for administrative reasons. For example, Lock can be used to allow 151 some form of maintenance to be done for a transport path. Lock is 152 also a prerequisite of the Loopback function described in Section 4. 154 The NMS or a management process initiates a Lock by sending a Lock 155 command to a MEP. The MEP takes the transport path out of service, 156 that is, it stops injecting or forwarding traffic onto the transport 157 path. 159 To properly lock a transport path (for example, to ensure that a 160 loopback test can be performed), both directions of the transport 161 path must be taken out of service so a Lock command is sent to the 162 MEPs at both ends of the path. This ensures that no traffic is sent 163 in either direction. Thus, the Lock function can be realized entirely 164 using the management plane. 166 However, dispatch of messages in the management plane to the two MEPs 167 may present coordination challenges. It is desirable that the lock be 168 achieved in a coordinated way within a tight window, and this may be 169 difficult with a busy management plane. In order to provide 170 additional coordination, an LI OAM message can additionally be sent. 171 A MEP locks a transport path when it receives a command from a 172 management process or when it receives an LI message as described in 173 Section 6. 175 This document defines an LI message for MPLS OAM. The LI message is 176 based on a new ACH Type as well as an existing TLV. This is a common 177 mechanism applicable to lock LSPs, PWs, and bidirectional MPLS 178 Sections. 180 4. Loopback Function 182 This section provides a description of the Loopback function within 183 an MPLS network. This function is achieved through management 184 commands and so there is no protocol specification necessary. 185 However, the Loopback function is dependent on the Lock function and 186 so it is appropriate to describe it in this document. 188 The Loopback function is used to test the integrity of a transport 189 path from a MEP up any other node in the same MEG. This is achieved 190 by setting the target node into loopback mode, and transmitting a 191 pattern of test data from the MEP. The target node loops all received 192 data back toward the originator, and the MEP extracts the test data 193 and compares it with what it sent. 195 Loopback is a function that enables a receiving MEP or MIP to return 196 traffic to the sending MEP when in the loopback state. This state 197 corresponds to the situation where, at a given node, a forwarding 198 plane loop is configured and the incoming direction of a transport 199 path is cross-connected to the outgoing reverse direction. Therefore, 200 except in the case of early TTL expiry, traffic sent by the source 201 will be received by that source. 203 Data plane loopback is an out-of-service function, as required in 204 section 2.2.5 of RFC 5860 [1]. This function loops back all traffic 205 (including user data and OAM). The traffic can be originated from one 206 internal point at the ingress of a transport path within an interface 207 or inserted from input port of an interface using an external test 208 equipment. The traffic is looped back unmodified (other than normal 209 per hop processing such as TTL decrement) in the direction of the 210 point of origin by an interface at either an intermediate node or a 211 terminating node. 213 It should be noted that data plane loopback function itself is 214 applied to data plane loopback points residing on different 215 interfaces from MIPs/MEPs. All traffic (including both payload and 216 OAM) received on the looped back interface is sent on the reverse 217 direction of the transport path. 219 For data plane loopback at an intermediate point in a transport 220 path, the loopback needs to be configured to occur at either the 221 ingress or egress interface. This is done using management. 223 The management plane can be used to configure the Loopback function. 224 The management plane must ensure that the two MEPs are locked before 225 it requests setting MEP or MIP in the loopback state. 227 The nature of test data and the use of loopback traffic to measure 228 packet loss, delay, and delay variation is outside the scope of this 229 document. 231 4.1. Operational Prerequisites 233 Obviously, for the Loopback function to operate, there are several 234 prerequisites: 236 - There must be a return path, so transport path under test must be 237 bidirectional. 239 - The node in loopback mode must be on both the forward and return 240 paths. This is possible for all MEPs and MIPs on a co-routed 241 bidirectional LSP, on a PW, or on a bidirectional MPLS Section, but 242 is only possible on for MEPs on associated bidirectional LSPs. 244 - The transport path cannot deliver client data when one of its nodes 245 is in loopback mode, so it is important that the transport path is 246 locked before loopback is enabled. 248 - Management plane coordination between the node in loopback mode and 249 the MEP sending test data is required. The MEP must not send test 250 data until loopback has been properly configured because this would 251 result in the test data continuing toward the destination. 253 - The TTL of the test packets must be set sufficiently large to 254 account for both directions of the transport path under test 255 otherwise the packets will not be returned to the originating MEP. 257 - OAM messages intended for delivery to nodes along the transport 258 path under test can be delivered by correct TTL expiry. However, 259 OAM messages cannot be delivered to points beyond the loopback node 260 until the loopback condition is lifted. 262 5. Lock Instruct Message 264 5.1. Message Identification 266 The Lock Instruct Message is carried in the Associated Channel Header 267 (ACh) described in [4]. it is identified by a new PW ACh Type of 0xHH 268 (to be assigned by IANA). 270 5.2. LI Message Format 272 The format of an LI Message is shown below. 274 0 1 2 3 275 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 277 | Vers | Reserved | Refresh Timer | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | MEP Source ID TLV | 280 ~ ~ 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 Figure 1: MPLS Lock Instruct Message Format 285 Version: The Version Number is currently 1. (Note: the version 286 number is to be incremented whenever a change is made that affects 287 the ability of an implementation to correctly parse or process the 288 message. These changes include any syntactic or semantic changes made 289 to any of the fixed fields, or to any Type-Length-Value (TLV) or sub- 290 TLV assignment or format that is defined at a certain version number. 291 The version number may not need to be changed if an optional TLV or 292 sub-TLV is added.) 294 Reserved: The reserved field MUST be set to zero on transmission and 295 SHOULD be ignored on receipt. 297 Refresh Timer: The maximum time between successive LI messages 298 specified in seconds. The default value is 1. The value 0 is not 299 permitted. When a lock is applied, a refresh timer is chosen. This 300 value MUST NOT be changed for the duration of that lock. A node 301 receiving a LI message with a changed refresh timer MAY ignore the 302 new value and continue to apply the old value. 304 MEP Source ID TLV: This is one of the three MEP Source ID TLVs 305 defined in [3] and identifies the MEP that originated the LI message. 307 6. Operation of the Lock Function 309 6.1. Locking a Transport Path 311 When a MEP receives a Lock command from an NMS or through some other 312 management process, it MUST take the transport path out of service. 313 That is, it MUST stop injecting or forwarding traffic onto the LSP, 314 PW, or bidirectional Section that has been locked. 316 As soon as the transport path has been locked, the MEP MUST send an 317 LI message targeting the MEP at the other end of the locked transport 318 path. The source MEP MUST set the Refresh Timer value in the LI 319 message and MUST retransmit the LI message at the frequency indicated 320 by the value set. 322 When locking a transport path, the NMS or management process is 323 required to send a Lock command to both ends of the transport path. 324 Thus a MEP may receive either the management command or an LI message 325 first. A MEP MUST take the transport path out of service immediately 326 in either case, but only sends LI messages itself after it has 327 received a management lock command. Thus, a MEP is locked if either 328 Lock was requested by management (and, as a result, the MEP is 329 sending LI messages), or it is receiving LI messages from the remote 330 MEP. 332 Note that a MEP that receives an LI message MUST identify the correct 333 transport path and validate the message. The label stack on the 334 received message is used to identify the transport path to be locked: 336 - If no matching label binding exists then there is no corresponding 337 transport path and the received LI message is in error. 339 - If the transport path can be identified, but there is no return 340 path (for example, the transport path was unidirectional) then the 341 lock cannot be applied by the receiving MEP. 343 - If the transport path is suitable for locking but the source MEP-ID 344 identifies an unexpected MEP for the MEG to which the receiving MEP 345 belongs, the received LI message is in error. 347 When an errored LI message is received, the receiving MEP MUST NOT 348 apply a lock. A MEP receiving errored LI messages SHOULD perform 349 local diagnostic actions (such as counting the messages) and MAY 350 log the messages. 352 A MEP keeps a transport path locked as long as it is either receiving 353 the periodic LI messages or has an in-force Lock command from 354 management. (see Section 6.2 for an explanation of unlocking a MEP). 355 Note that in some scenarios (such as the use of loopback as described 356 in Section 4) LI messages will not continue to be delivered on a 357 locked transport path. This is why a transport path is considered 358 locked while there is an in-force Lock command from a management 359 process regardless of whether LI messages are being received. 361 6.2. UnLocking a Transport Path 363 Unlock is used to request a MEP to bring the previously locked 364 transport path back in service. 366 When a MEP receives an Unlocked command from a management process it 367 MUST cease sending LI messages. However, as described in Section 6.1, 368 if the MEP is still receiving LI messages, the transport path MUST 369 remain out of service. Thus, to unlock a transport path, the 370 management process has to send an Unlock command to the MEPs at 371 both ends. 373 When a MEP has been unlocked and has not received an LI message for a 374 multiple of 3.5 times the Refresh Timer on the LI message (or has 375 never received an LI message), the MEP unlocks the transport path and 376 puts it back into service. 378 7. Security Considerations 380 MPLS-TP is a subset of MPLS and so builds upon many of the aspects of 381 the security model of MPLS. MPLS networks make the assumption that it 382 is very hard to inject traffic into a network, and equally hard to 383 cause traffic to be directed outside the network. For more 384 information on the generic aspects of MPLS security, see [7]. 386 This document describes a protocol carried in the G-ACh [4], and so 387 is dependent on the security of the G-ACh, itself. The G-ACh is a 388 generalization of the Associated Channel defined in [8]. Thus, this 389 document relies heavily on the security mechanisms provided for the 390 Associated Channel and described in [4] and [8]. 392 A specific concern for the G-ACh is that is can be used to provide a 393 covert channel. This problem is wider than the scope of this 394 document and does not need to be addressed here, but it should be 395 noted that the channel provides end-to-end connectivity and SHOULD 396 NOT be policed by transit nodes. Thus, there is no simple way of 397 preventing any traffic being carried in the G-ACh between consenting 398 nodes. 400 A good discussion of the data plane security of an associated channel 401 may be found in [5]. That document also describes some mitigation 402 techniques. 404 It should be noted that the G-ACh is essentially connection-oriented 405 so injection or modification of control messages specified in this 406 document require the subversion of a transit node. Such subversion is 407 generally considered hard in MPLS networks, and impossible to protect 408 against at the protocol level. Management level techniques are more 409 appropriate. 411 8. IANA Considerations 413 8.1. Pseudowire Associated Channel Type 415 LI OAM requires a unique Associated Channel Type which is assigned by 416 IANA from the Pseudowire Associated Channel Types Registry. 418 Registry: 419 Value Description TLV Follows Reference 420 ----------- ----------------------- ----------- --------- 421 0xHH LI No [This.I-D] 423 9. Acknowledgements 425 The authors would like to thank Loa Andersson, Yoshinori Koike, 426 Alessandro D'Alessandro Gerardo, Shahram Davari, Greg Mirsky, Yaacov 427 Weingarten, Liu Guoman, Matthew Bocci, and Adrian Farrel for their 428 valuable comments. 430 10. References 432 10.1. Normative References 434 [1] Vigoureux, M., Ward, D., and M. Betts, "Requirements for 435 Operations, Administration, and Maintenance (OAM) in MPLS 436 Transport Networks", RFC 5860, May 2010. 438 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 439 Levels", BCP 14, RFC 2119, March 1997. 441 [3] D. Allan, et. al., Proactive Connectivity Verification, 442 Continuity Check and Remote Defect indication for MPLS 443 Transport Profile draft-ietf-mpls-tp-cc-cv-rdi-06, work in 444 progress, June 2010 446 [4] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic 447 Associated Channel", RFC 5586, June 2009. 449 [5] T. Nadeau, C. Pignataro, "Pseudowire Virtual Circuit 450 Connectivity Verification (VCCV): A Control Channel for 451 Pseudowires", RFC 5085, Dec 2007. 453 [6] Busi, I. and Allan, D., "Operations, Administration, and 454 Maintenance Framework for MPLS-Based Transport Networks", 455 RFC 6371, September 2011 457 10.2. Informative References 459 [7] L. Fang, "Security Framework for MPLS and GMPLS Networks", RFC 460 5920, July 2010. 462 [8] S. Bryant, G. Swallow, L. Martini "Pseudowire Emulation Edge- 463 to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC 464 4385, Feb 2006. 466 [9] Frost, D., Ed., Bryant, S., Ed., and M. Bocci, Ed., "MPLS 467 Transport Profile Data Plane Architecture", RFC 5960, August 468 2010. 470 Editors' Addresses 472 Sami Boutros 473 Cisco Systems, Inc. 474 Email: sboutros@cisco.com 476 Siva Sivabalan 477 Cisco Systems, Inc. 478 Email: msiva@cisco.com 480 Rahul Aggarwal 481 Arktan, Inc 482 EMail: raggarwa_1@yahoo.com 484 Martin Vigoureux 485 Alcatel-Lucent. 486 Email: martin.vigoureux@alcatel-lucent.com 488 Xuehui Dai 489 ZTE Corporation. 490 Email: dai.xuehui@zte.com.cn 492 Contributing Authors 494 George Swallow 495 Cisco Systems, Inc. 496 Email: swallow@cisco.com 498 David Ward 499 Juniper Networks. 500 Email: dward@juniper.net 502 Stewart Bryant 503 Cisco Systems, Inc. 504 Email: stbryant@cisco.com 506 Carlos Pignataro 507 Cisco Systems, Inc. 508 Email: cpignata@cisco.com 510 Eric Osborne 511 Cisco Systems, Inc. 512 Email: eosborne@cisco.com 514 Nabil Bitar 515 Verizon. 516 Email: nabil.bitar@verizon.com 518 Italo Busi 519 Alcatel-Lucent. 520 Email: italo.busi@alcatel-lucent.com 522 Lieven Levrau 523 Alcatel-Lucent. 524 Email: lieven.levrau@alcatel-lucent.com 526 Laurent Ciavaglia 527 Alcatel-Lucent. 528 Email: laurent.ciavaglia@alcatel-lucent.com 530 Bo Wu 531 ZTE Corporation. 532 Email: wu.bo@zte.com.cn 534 Jian Yang 535 ZTE Corporation. 536 Email: yang_jian@zte.com.cn