idnits 2.17.1 draft-ietf-mpls-tp-mip-mep-map-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 30, 2013) is 3892 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Farrel 3 Internet-Draft Juniper Networks 4 Intended status: Informational H. Endo 5 Expires: March 3, 2014 Hitachi, Ltd. 6 R. Winter 7 NEC 8 Y. Koike 9 NTT 10 M. Paul 11 Deutsche Telekom 12 August 30, 2013 14 Per-Interface MIP Addressing Requirements and Design Considerations 15 draft-ietf-mpls-tp-mip-mep-map-09 17 Abstract 19 The Framework for Operations, Administration and Maintenance (OAM) 20 within the MPLS Transport Profile (MPLS-TP) describes how Maintenance 21 Entity Group Intermediate Points (MIPs) may be situated within 22 network nodes at the incoming and outgoing interfaces. 24 This document elaborates on important considerations for internal MIP 25 addressing. More precisely it describes important restrictions for 26 any mechanism that specifies a way of forming OAM messages so that 27 they can be targeted at MIPs on incoming or MIPs on outgoing 28 interfaces and forwarded correctly through the forwarding engine. 29 Furthermore, the document includes considerations for node 30 implementations where there is no distinction between the incoming 31 and outgoing MIP. 33 Status of this Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at http://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on March 3, 2014. 50 Copyright Notice 52 Copyright (c) 2013 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Summary of the Problem Statement . . . . . . . . . . . . . . . 3 70 4. Requirements and Design Considerations for Internal-MIP 71 Adressing . . . . . . . . . . . . . . . . . . . . . . . . . . 6 72 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 73 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 74 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 75 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 76 8.1. Normative References . . . . . . . . . . . . . . . . . . . 11 77 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 80 1. Introduction 82 The Framework for Operations, Administration and Maintenance (OAM) 83 within the MPLS Transport Profile (MPLS-TP)(the MPLS-TP OAM 84 Framework, [RFC6371]) distinguishes two configurations for 85 Maintenance Entity Group Intermediate Points (MIPs) on a node. It 86 defines per-node MIPs and per-interface MIPs, where a per-node MIP is 87 a single MIP per node in an unspecified location within the node and 88 per-interface MIPs are two (or more) MIPs per node on each side of 89 the forwarding engine. 91 In-band OAM messages are sent using the Generic Associated Channel 92 (G-ACh) [RFC5586]. OAM messages for the transit points of 93 pseudowires (PWs) or Label Switched Paths (LSPs) are delivered using 94 the expiration of the MPLS shim header time-to-live (TTL) field. OAM 95 messages for the end points of PWs and LSPs are simply delivered as 96 normal. 98 OAM messages delivered to end points or transit points are 99 distinguished from other (data) packets so that they can be processed 100 as OAM. In LSPs, the mechanism used is the presence of the Generic 101 Associated Channel Label (GAL) in the Label Stack Entry (LSE) under 102 the top LSE [RFC5586]. In PWs, the mechanism used is the presence of 103 the PW Associated Channel Header (PWACH) [RFC4385] or the presence of 104 a GAL [RFC6423]. 106 In case multiple MIPs are present on a single node, these mechanisms 107 alone provide no way to address one particular MIP out of the set of 108 MIPs. A mechanism that addresses this shortcoming has to obey a few 109 important design considerations which are discussed in this document. 111 Note that the acronym "OAM" is used in conformance with [RFC6291]. 113 2. Terminology 115 In this document we use the term in-MIP (incoming MIP) to refer to 116 the MIP which processes OAM messages before they pass through the 117 forwarding engine of a node. An out-MIP (outgoing MIP) processes OAM 118 messages after they have passed the forwarding engine of the node. 119 The two together are referred to as internal MIPs. The term 120 "forwarding engine" is used as defined in [RFC6371]. 122 3. Summary of the Problem Statement 124 Figure 1 shows an abstract functional representation of an MPLS-TP 125 node. It is decomposed as an incoming interface, a forwarding engine 126 (FW), and an outgoing interface. As per the discussion in [RFC6371], 127 MIPs may be placed in each of the functional interface components. 129 ------------------------ 130 |----- -----| 131 | MIP | | MIP | 132 | | ---- | | 133 ----->-| In |->-| FW |->-| Out |->---- 134 | i/f | ---- | i/f | 135 |----- -----| 136 ------------------------ 138 Figure 1: Abstract Functional Representation of an MPLS-TP Node 140 Several distinct OAM functions are required within this architectural 141 model for both PWs and LSPs such as: 143 o Connectivity Verification (CV) between a MEP and a MIP 144 o traceroute over an MPLS-TP LSP and/or an MPLS-TP PW containing 145 MIPs 146 o data-plane loopback configuration at a MIP 147 o diagnostic tests 149 The MIPs in these OAM functions may equally be the MIPs at the 150 incoming or outgoing interfaces. 152 Per-interface MIPs have the advantage that they enable a more 153 accurate localization and identification of faults and diagnostic 154 tests. In particular, the identification of whether a problem is 155 located between nodes or on a particular node and where on that node 156 is greatly enhanced. For obvious reasons, it is important to narrow 157 the cause of a fault down quickly to initiate a timely, and well- 158 directed maintenance action to resume normal network operation. 160 The following two figures illustrate the fundamental difference of 161 using per-node and per-interface MEPs and MIPs for OAM. Figure 2 162 depicts OAM using per-node MIPs and MEPs. For reasons of exposition 163 we pick a location for the MIPs on the nodes but the standard does 164 not mandate the exact location for the per-node model. In the figure 165 a bi-directional LSP is depicted where in the forward (FWD) direction 166 MEP1, MIP1, and MEP2 are located on the ingress interface (IF). In 167 the backward (BWD) direction MEP1', MIP1' and MEP2' are located on 168 the egress IF, i.e. the same interfaces. S1 in the figure denotes 169 the segment from PE1 In to P1 In and S2 denotes the segment from PE1 170 In to P2 In. Figure 3 on the other hand shows the same basic network 171 but for OAM operations per-interface maintenance points are 172 configured. Note that these figures are merely examples. It is 173 important to note that per-interface MEPs or per-interface MIPs must 174 logically be placed at a point before (for in-MIP) or after (for out- 175 MIP) passing the forwarding engine as defined in [RFC6371]. All 176 traffic associated with the MEP/MIP must pass through or be 177 terminated at that point. 179 Customer| Operator's administrative | Customer 180 Domain | Domain | Domain 181 ------> |<--------------------------------------->| <------ 182 CE1 | T-PE/PE1 S-PE/P1 T-PE/PE2 | CE2 183 | <--------> <--------> <--------> | 184 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 185 | | | | | | | | | | | | | | | | | | | | | | | | 186 | | | | | | | | | | | | | | | | | | | | | | | | 187 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 188 | In FW Out In FW Out In FW Out | 189 | | 190 FWD PW/LSP | o-------------------------- > | 191 | V-------------*-------------V | 192 | MEP1 MIP1 MEP2 | 193 BWD PW/LSP | <---------------------------o | 194 | V-------------*-------------V | 195 | MEP1' MIP1' MEP2'| 196 (S1)<============> 197 (S2)<==========================> 199 Figure 2: Example of OAM relying on per-node MIPs and MEPs 201 To illustrate the difference between these two modes of operation, we 202 use fault detection as an example. Consider the case where the 203 client traffic between CE1 and CE2 experiences a fault. Also assume 204 that an on-demand CV test between PE1 and PE2 was successful. The 205 scenario in Figure 2 therefore leaves the forwarding engine (FW) of 206 PE2, the out-going interface of PE2, the transmission line between 207 PE2 and CE2 or CE2 itself as a potential location of the fault as on- 208 demand CV can only be performed on segment S2. Note that in this 209 scenario, the PWs or LSPs are to be understood as two examples (not 210 one). I.e. the figures do not show the layer structure of PWs and 211 LSPs. 213 The per-interface model in Figure 3 allows more fine-grained OAM 214 operations to be performed. At first, CV on segment S'4 and in 215 addition CV on segment S'5 can help to rule out e.g. the forwarding 216 engine of PE2. This is of course only a single example, and other 217 OAM functions and scenarios are trivially conceivable. The basic 218 message is that with the per-interface OAM model, an operator can 219 configure smaller segments on a transport path to which OAM 220 operations apply. This enables a more fine-grained scoping of OAM 221 operations such as fault localization and performance monitoring 222 which gives operators better information to deal with adverse 223 networking conditions. 225 Customer Operator's administrative Customer 226 Domain Domain Domain 227 ------->|<--------------------------------------->|<------ 228 CE1 | T-PE/PE1 S-PE/P1 T-PE/PE2 | CE2 229 | <--------> <--------> <--------> | 230 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 231 | | | | | | | | | | | | | | | | | | | | | | | | 232 | | | | | | | | | | | | | | | | | | | | | | | | 233 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 234 | In FW Out In FW Out In FW Out | 235 | | 236 FWD PW/LSP | o-----------------------------------> | 237 | V-------*------*------*-----*-------V | 238 | MEP1 MIP1 MIP2 MIP3 MIP4 MEP2| 239 | | 240 BWD PW/LSP | <-----------------------------------o | 241 | MEP1' MIP1' MIP2' MIP3' MIP4' MEP2'| 242 (S'1)<======> 243 (S'2)<=============> 244 (S'3)<====================> 245 (S'4)<==========================> 246 (S'5)<==================================> 248 Figure 3: Example of OAM relying on per-interface MIPs and MEPs 250 4. Requirements and Design Considerations for Internal-MIP Adressing 252 OAM messages for transit points of PWs or LSPs are delivered using 253 the expiration of the time-to-live (TTL) field in the top LSE of the 254 MPLS packet header. OAM messages for the end points of PWs and LSPs 255 are simply delivered as normal. These messages are distinguished 256 from other (data) packets so that they can be processed as OAM. In 257 LSPs, the mechanism used is the presence of the Generic Associated 258 Channel Label (GAL) in the LSE under the top LSE [RFC5586]. In PWs, 259 the mechanism used is the presence of the PW Associated Channel 260 Header [RFC4385] or the presence of a GAL [RFC6423]. In addition, 261 two sets of identifiers exist that can be used to address MIPs which 262 are defined in [RFC6370] and [RFC6923] 263 Any solution for sending OAM messages to the in and out-MIPs must fit 264 within these existing models of handling OAM. 266 Additionally, many MPLS-TP nodes are implemented in a way that all 267 queuing and the forwarding function is performed at the incoming 268 interface. The abstract functional representation of such a node is 269 shown in Figure 4. As shown in the figure, the outgoing interfaces 270 are minimal and for this reason it may not be possible to include MIP 271 functions on those interfaces. This is in particular the case for 272 existing deployed implementations. 274 Any solution that attempts to send OAM messages to the outgoing 275 interface of an MPLS-TP node must not cause any problems when such 276 implementations are present (such as leaking OAM packets with a TTL 277 of 0). 279 --------------------- 280 |------------ | 281 | MIP | | 282 | ---- | | 283 ----->-| In | FW | |-->-Out-|->--- 284 | i/f ---- | i/f | 285 |------------ | 286 --------------------- 288 Figure 4: Abstract Functional Representation of Some Existing MPLS-TP 289 Nodes 291 OAM must operate on MPLS-TP nodes that are branch points on point-to- 292 multipoint (P2MP) trees. That means that it must be possible to 293 target individual outgoing MIPs as well as all outgoing MIPs in the 294 abstract functional representation shown in Figure 5, as well as to 295 handle the P2MP node implementations as shown in Figure 6 without 296 causing problems. 298 -------------------------- 299 | -----| 300 | | MIP | 301 | ->-| |->---- 302 | | | Out | 303 | | | i/f | 304 | | -----| 305 |----- | -----| 306 | MIP | ---- | | MIP | 307 | | | |- | | 308 ----->-| In |->-| FW |--->-| Out |->---- 309 | i/f | | |- | i/f | 310 |----- ---- | -----| 311 | | -----| 312 | | | MIP | 313 | | | | 314 | ->-| Out |->---- 315 | | i/f | 316 | -----| 317 -------------------------- 319 Figure 5: Abstract Functional Representation of an MPLS-TP Node 320 Supporting P2MP 322 ---------------------- 323 | ->-Out-|->---- 324 | | i/f | 325 |------------ | | 326 | | | | 327 | MIP ---- | | | 328 | | | |- | 329 ----->-| In | FW | |--->-Out-|->---- 330 | i/f | | |- i/f | 331 | ---- | | | 332 | | | | 333 |------------ | | 334 | | Out | 335 | ->-i/f-|->---- 336 ---------------------- 338 Figure 6: Abstract Functional Representation of Some Existing MPLS-TP 339 Nodes Supporting P2MP 341 In summary, the solution for OAM message delivery must behave as 342 follows: 344 o Delivery of OAM messages to the correct MPLS-TP node. 345 o Delivery of OAM instructions to the correct MIP within an MPLS-TP 346 node. 347 o Forwarding of OAM packets exactly as data packets. 348 o Packet inspection at the incoming and outgoing interfaces must be 349 minimized. 351 The first and second bullet point are obvious. The third bullet 352 point however is also vital. To illustrate the importance, a 353 rejected solution is depicted in Figure 7. In the figure, all data 354 and non-local OAM is handled as normal. Local OAM is intercepted at 355 the incoming interface and delivered to the MIP at the incoming 356 interface. If the OAM is intended for the incoming MIP it is handled 357 there with no issue. If the OAM is intended for the outgoing MIP it 358 is forwarded to that MIP using some internal messaging system that is 359 implementation-specific. 361 ------------------------ 362 |----- -----| 363 local OAM ----->-| MIP |----->------| MIP | 364 | | ---- | | 365 data =====>=| In |=>=| FW |=>=| Out |=>==== data 366 non-local OAM ~~~~~>~| i/f |~>~| |~>~| i/f |~>~~~~ non-local OAM 367 |----- ---- -----| 368 ------------------------ 370 Figure 7: OAM Control Message Delivery Bypassing the Forwarding 371 Engine 373 This solution is fully functional for the incoming MIP. It also 374 supports control of data loopback for the outgoing MIP, and can 375 adequately perform some OAM features such as interface identity 376 reporting at the outgoing MIP. 378 However, because the OAM message is not forwarded through the 379 forwarding engine, this solution cannot correctly perform OAM 380 loopback, connectivity verification, LSP tracing, or performance 381 measurement. 383 The last bullet point is also an important requirement for any 384 solution to the internal-MIP addressing problem. Since OAM packets 385 that target an out-MIP need to be sent through the forwarding engine 386 and treated exactly as regular data packets, the determination of 387 whether to forward the packet or process it at the incoming MIP needs 388 to be fast and therefore the processing overhead must be kept to a 389 minimum. In addition, there are a few OAM procedures that operate at 390 line rate such as OAM loopback. This adds to the requirement of 391 minimal processing overhead for both the in-MIP and out-MIP. 393 Most of the above superficially appears to be an implementation 394 matter local to an individual node, the format of the message needs 395 to be standardised so that: 397 o A MEP can correctly target the outgoing MIP of a specific MPLS-TP 398 node. 399 o A node can correctly filter out any OAM messages that were 400 intended for its upstream neighbor's outgoing MIP, but which were 401 not handled there because the upstream neighbor is an 402 implementation as shown in Figure 4 or Figure 6. 404 Note that the last bullet point describes a safety net and an 405 implementation should avoid that this situation ever arises. 407 5. Security Considerations 409 OAM security is discussed in [RFC6371] and security aspects specific 410 to MPLS-TP in general are outlined in [RFC6941]. 412 OAM can provide useful information for detecting and tracing security 413 attacks. 415 OAM can also be used to illicitly gather information or for denial of 416 service attacks and other types of attack. Implementations therefore 417 are required to offer security mechanisms for OAM. Deployments are 418 strongly advised to use such mechanisms. 420 Mixing of per-node and per-interface OAM on a single node is not 421 advised as OAM message leakage could be the result. 423 6. IANA Considerations 425 This revision of this document does not make any requests of IANA. 427 7. Acknowledgments 429 The authors gratefully acknowledge the substantial contributions of 430 Zhenlong Cui. We would also like to thank Eric Gray, Sami Boutros and 431 Shahram Davari for interesting input to this document through 432 discussions. 434 8. References 435 8.1. Normative References 437 [RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson, 438 "Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for 439 Use over an MPLS PSN", RFC 4385, February 2006. 441 [RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic 442 Associated Channel", RFC 5586, June 2009. 444 [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport 445 Profile (MPLS-TP) Identifiers", RFC 6370, September 2011. 447 [RFC6371] Busi, I. and D. Allan, "Operations, Administration, and 448 Maintenance Framework for MPLS-Based Transport Networks", 449 RFC 6371, September 2011. 451 [RFC6423] Li, H., Martini, L., He, J., and F. Huang, "Using the 452 Generic Associated Channel Label for Pseudowire in the 453 MPLS Transport Profile (MPLS-TP)", RFC 6423, 454 November 2011. 456 [RFC6923] Winter, R., Gray, E., van Helvoort, H., and M. Betts, 457 "MPLS Transport Profile (MPLS-TP) Identifiers Following 458 ITU-T Conventions", RFC 6923, May 2013. 460 8.2. Informative References 462 [RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu, 463 D., and S. Mansfield, "Guidelines for the Use of the "OAM" 464 Acronym in the IETF", BCP 161, RFC 6291, June 2011. 466 [RFC6941] Fang, L., Niven-Jenkins, B., Mansfield, S., and R. 467 Graveman, "MPLS Transport Profile (MPLS-TP) Security 468 Framework", RFC 6941, April 2013. 470 Authors' Addresses 472 Adrian Farrel 473 Juniper Networks 475 Email: adrian@olddog.co.uk 476 Hideki Endo 477 Hitachi, Ltd. 479 Email: hideki.endo.es@hitachi.com 481 Rolf Winter 482 NEC 484 Email: rolf.winter@neclab.eu 486 Yoshinori Koike 487 NTT 489 Email: koike.yoshinori@lab.ntt.co.jp 491 Manuel Paul 492 Deutsche Telekom 494 Email: Manuel.Paul@telekom.de