MPLS Forwarding Compliance and Performance Requirements

A brief review of forwarding issues is provided in the subsections that follow. This section provides some background on why some of these requirements exist. The questions to ask of suppliers and testing is covered in the following sections, and .

Basic MPLS architecture and MPLS encapsulation, and therefore packet forwarding is defined in and . RFC3031 and RFC3032 are somewhat LDP centric. RSVP-TE supports traffic engineering (TE) and fast reroute, features that LDP lacks. The base document for RSVP-TE based MPLS is . A few RFCs update RFC3032. Those with impact on forwarding include the following. TTL processing is clarified in . The use of MPLS Explicit NULL is modified in . Differentiated Services is supported by and . The "EXP" field is renamed to "Traffic Class" in , removing any misconception that it was available for experimentation or could be ignored. ECN is supported by . The MPLS G-ACh and GAL are defined in . Other RFCs have implications to MPLS Forwarding and do not update RFC3032 or RFC3209, including: The pseudowire (PW) Associated Channel Header (ACH), defined by , later generalized by the MPLS G-ACh . The Entropy Label Indicator and Entropy Label are defined by . A few RFCs update RFC3209. Those that are listed as updating RFC3209 generally impact only RSVP-TE signaling. Forwarding is modified by major extension built upon RFC3209. RFCs which impact forwarding are discussed in the following subsections.

specifies that label values 0-15 are reserved labels with special meanings. Three values of NULL label are defined (two of which are later updated by ) and a router-alert label is defined. The original intent was that reserved labels, except the NULL labels, could be sent to the routing engine CPU rather than be processed in forwarding hardware. Hardware support is required by new RFCs such as those defining Entropy Label and OAM processed as a result of receiving a GAL. For new reserved labels, some accommodation is needed for LSR that will send the labels to a general purpose CPU. For example, ELI will only be sent to LSR which have signaled support for and high OAM packet rate must be negotiated among endpoints. reserves a label for ITU-T Y.1711, however Y.1711 does not work with multipath and its use is strongly discouraged. The current list of reserved labels can be found on the "Multiprotocol Label Switching Architecture (MPLS) Label Values" registry reachable at IANA's pages at . When an unknown reserved label is encountered or a reserved label not directly handled in forwarding hardware is encountered, the packet should be sent to a general purpose CPU by default. If this capability is supported, there must be an option to either drop or rate limit such packets on a per reserved label value basis.

deprecates the IP Type of Service (TOS) and IP Precedence (Prec) fields and replaces them with the Differentiated Services Field more commonly known as the Differentiated Services Code Point (DSCP) field. defines the Differentiated Services architecture, which in other forum is often called a Quality of Service (QoS) architecture. MPLS uses the Traffic Class (TC) field to support Differentiated Services . There are two primary documents describing how DSCP is mapped into TC. defines E-LSP and L-LSP. E-LSP use a static mapping of DSCP into TC. L-LSP use a per LSP mapping of DSCP into TC, with one PHB Scheduling Class (PSC) per L-LSP. Each PSC can use multiple Per-Hop Behavior (PHB) values. For example, the Assured Forwarding service defines three PSC, each with three PHB . defines assignment of a class-type (CT) to an LSP, where a per CT static mapping of TC to PHB is used. provides a means to support up to eight E-LSP-like mappings of DSCP to TC. To meet Differentiated Services requirements specified in , the following forwarding requirements must be met. An ingress LER MUST be able to select an LSP and then apply a per LSP map of DSCP into TC. A midpoint LSR MUST be able to apply a per LSP map of TC to PHB. The number of mappings supported will be far less than the number of LSP supported.

PTP or NTP may be carried over MPLS . Generally NTP will be carried within IP with IP carried in MPLS . Both PTP and NTP benefit from accurate time stamping of incoming packets and the ability to insert accurate time stamps in outgoing packets. Since the label stack depth may vary, hardware should allow a timestamp to be placed in an outgoing packet at any specified byte position. It may be necessary to modify layer-2 checksums or frame check sequences after insertion. PTP and NTP timestamp formats differ slightly. Accurate time synchronization in addition to being generally useful is required for MPLS-TP delay measurement (DM) OAM. See .

MPLS deployments in the early part of the prior decade (circa 2000) tended to support either LDP or RSVP-TE. LDP was favored by some for its ability to scale to a very large number of PE devices at the edge of the network, without adding deployment complexity. RSVP-TE was favored, generally in the network core, where traffic engineering and/or fast reroute were considered important. Both LDP and RSVP-TE are used simultaneously within major Service Provider networks using a technique known as "LDP over RSVP-TE Tunneling". This technique allows service providers to carry LDP tunnels, originating and terminating at PE's, inside of RSVP-TE tunnels, generally between Inter-City P routers, to take advantage of Traffic Engineering and Fast Re-Route on more expensive Inter-City and Inter-Continental Transport paths. LDP over RSVP-TE tunneling requires a minimum of two MPLS labels: one each for LDP and RSVP-TE. The use of MPLS FRR added one more label to MPLS traffic, but only when FRR protection was in use. If LDP over RSVP-TE is in use, and FRR protection is in use, then at least three MPLS labels are present on the label stack on the links through which the Bypass LSP traverses. FRR is covered in . LDP L2VPN, LDP IPVPN, BGP L2VPN, and BGP IPVPN added support for VPN services that are deployed in the vast majority of service providers. These VPN services added yet another label, bringing the label stack depth (when FRR is active) to four. Pseudowires and VPN are discussed in further detail in and .

MPLS Link Bundling was the first RFC to address the need for multiple parallel links between nodes . MPLS Link Bundling is notable in that it tried not to change MPLS forwarding, except in specifying the "All-Ones" component link. MPLS Link Bundling is seldom if ever deployed. Instead multipath techniques described in are used.

MPLS hierarchy is defined in . Although RFC4206 is considered part of GMPLS, the Packet Switching Capable (PSC) portion of the MPLS hierarchy are applicable to MPLS and may be supported in an otherwise GMPLS free implementation. The MPLS PSC hierarchy remains the most likely means of providing further scaling in an RSVP-TE MPLS network, particularly where the network is designed to provide RSVP-TE connectivity to the edges. This is the case for envisioned MPLS-TP networks. The use of the MPLS PSC hierarchy can add as many as four labels to a label stack, though it is likely that only one layer of PSC will be used in the near future.

Fast reroute is defined by . Two significantly different methods are the "One-to-One Backup" method which uses the "Detour LSP" and the " Facility Backup" which uses a "bypass tunnel". These are commonly referred to as the detour and bypass methods respectively. The detour method makes use of a presignaled LSP. Hardware assistance is needed for detour FRR only if necessary to accomplish local repair of a large number of LSP within the 10s of milliseconds target. For each affected LSP a SWAP operation must be reprogrammed or otherwise switched over. The use of detour FRR doubles the number of LSP terminating at any given hop and will increase the number of LSP within a network by a factor dependent on the average detour path length. The bypass method makes use of a tunnel that is unused when no fault exists but may carry many LSP when a local repair is required. There is no presignaling indicating which working LSP will be diverted into any specific bypass LSP. The egress LSR of the bypass LSP MUST use platform label space (as defined in ) so that an LSP working path on any give interface can be backed up using a bypass LSP terminating on any other interface. Hardware assistance is needed if necessary to accomplish local repair of a large number of LSP within the 10s of milliseconds target. For each affected LSP a SWAP operation must be reprogrammed or otherwise switched over with an additional PUSH of the bypass LSP label. In addition the use of platform label space impacts the size of the LSR ILM for LSR with a very large number of interfaces.

The pseudowire (PW) architecture is defined in . A pseudowire, when carried over MPLS, adds one or more additional label entries to the MPLS label stack. A PW Control Word is defined in with motivation for defining the control word in . The PW Associated Channel defined in is used for OAM in . The PW Flow Label is defined in and is discussed further in this document in . There are numerous pseudowire encapsulations, supporting emulation of services such as Frame Relay, ATM, Ethernet, TDM, and SONET/SDH over packet switched networks (PSNs) using IP or MPLS. The pseudowire encapsulation is out of scope for this document. Pseudowire impact on MPLS forwarding at midpoint LSR is within scope. The impact on ingress MPLS PUSH and egress MPLS UHP POP are within scope. While pseudowire encapsulation is out of scope, some advice is given on sequence number support.

Pseudowire (PW) sequence number support is most important for PW payload types with a high expectation of in-order delivery. Resequencing support, rather than dropping at egress on out of order arrival, is most important for PW payload types with a high expectation of lossless delivery. For example, TDM payloads require sequence number support and require resequencing support. The same is true of ATM CBR service. ATM VBR or ABR may have somewhat relaxed requirements, but generally require ATM Early Packet Discard (EPD) or ATM Partial Packet Discard (PPD) . Though sequence number support and resequencing support are beneficial to PW packet oriented payloads such as FR and Ethernet, they are highly desirable but not as strongly required. Packet reorder should be rare except in a small number of circumstances, most of which are due to network design or equipment design errors: The most common case is where reordering occurs is rare, occurring only when a network or equipment fault forces traffic on a new path with different delay. The packet loss that accompanies a network or equipment fault is generally more disruptive than any reordering which may occur. A path change can be caused by reasons other than a network or equipment fault, such as administrative routing change. This may result in packet reordering but generally without any packet loss. If the edge is not using pseudowire control word (CW) and the core is using multipath, reordering will be far more common. If this is occurring, the best solution is to use CW on the edge, rather than try to fix the reordering using resequencing. Another avoidable case is where some core equipment has multipath and for some reason insists on periodically installing a new random number as the multipath hash seed. If supporting MPLS-TP, equipment MUST provide a means to disable periodic hash reseeding and deployments MUST disable periodic hash reseeding. Even if not supporting MPLS-TP, equipment should provide a means to disable periodic hash reseeding and deployments should disable periodic hash reseeding.

Layer-2 VPN and Layer-3 VPN add one or more label entry to the MPLS label stack. VPN encapsulations are out of scope for this document. Its impact on forwarding at midpoint LSR are within scope. Any of these services may be used on an MPLS Entropy Label enabled ingress and egress (see for discussion of Entropy Label) which would add an additional label to the MPLS label stack. The need to provide a useful Entropy Label value impacts the requirements of the VPN ingress LER but is out of scope for this document.

MPLS Multicast encapsulation is clarified in . MPLS Multicast may be signaled using RSVP-TE or LDP . defines a root initiated RSVP-TE LSP setup rather than leaf initiated join used in IP multicast. defines a leaf initiated LDP setup. Both and define point to multipoint (P2MP) LSP setup. also defined multipoint to multipoint (MP2MP) LSP setup. The P2MP LSP have a single source. An LSR may be a leaf node, an intermediate node, or a "bud" node. A bud serves as both a leaf and intermediate. At a leaf an MPLS POP is performed. The payload may be a IP Multicast packet that requires further replication. At an intermediate node a MPLS SWAP is performed. The bud requires that both a POP and SWAP be performed for the same incoming packet. One strategy to support P2MP functionality is to POP at the LSR ingress and then optionally PUSH labels at each LSR egress. A given LSR egress chip may support multiple egress interfaces, each of which requires a copy, but each with a different set of added labels and layer-2 encapsulation. Some physical interfaces may have multiple sub-interfaces (such as Ethernet VLAN or channelized interfaces) each requiring a copy. If packet replication is performed at LSR ingress, then the ingress interface performance may suffer. If the packet replication is performed within a LSR switching fabric and at LSR egress, congestion of egress interfaces cannot make use of backpressure to ingress interfaces using techniques such as virtual output queuing (VOQ). If buffering is primarily supported at egress, then the need for backpressure is minimized. There may be no good solution for high volumes of multicast traffic if VOQ is used. MP2MP LSP differ in that any branch may provide an input, including a leaf. Packets must be replicated onto all other branches. This forwarding is often implemented as multiple P2MP forwarding trees, one for each potential input.

While average packet size of Internet traffic may be large, long sequences of small packets have both been predicted in theory and observed in practice. Traffic compression and TCP ACK compression can conspire to create long sequences of packets of 40-44 bytes in payload length. If carried over Ethernet, the 64 byte minimum payload applies, yielding a packet rate of approximately 150 Mpps (million packets per second) for the duration of the burst on a nominal 100 Gb/s link. The peak rate is higher for other encapsulations can be as high as 250 Mpps (for example IP or MPLS encapsulated using GFP over OTN ODU4). It is also possible that the packet rates for a minimum payload size, such as 64 byte (64B) payload for Ethernet, is acceptable, but the rate declines for other packet sizes, such as 65B payload. There are other packet rates of interest besides TCP ACK. For example, a TCP ACK carried over an Ethernet PW over MPLS over Ethernet may occupy 82B or 82B plus an increment of 4B if additional MPLS labels are present. A graph of packet rate vs. packet size often displays a sawtooth. The sawtooth is commonly due to a memory bottleneck and memory widths, sometimes internal cache, but often a very wide external buffer memory interface. In some cases it may be due to a fabric transfer width. A fine packing, rounding up to the nearest 8B or 16B will result in a fine sawtooth with small degradation for 65B, and even less for 82B packets. A course packing, rounding up to 64B can yield a sharper drop in performance for 65B packets, or perhaps more important, a larger drop for 82B packets. The loss of some TCP ACK packets are not the primary concern when such a burst occurs. When a burst occurs, any other packets, regardless of packet length and packet QoS are dropped once on-chip input buffers prior to the decision engine are exceeded. Buffers in front of the packet decision engine are often very small or non-existent (less than one packet of buffer) causing significant QoS agnostic packet drop. Internet service providers and content providers generally specify full rate forwarding with 40 byte payload packets as a requirement. This requirement often can be waived if the provider can be convinced that when long sequence of short packets occur no packets will be dropped. Many equipment suppliers have pointed out that the extra cost in designing hardware capable of processing the minimum size packets at full line rate is significant for very high speed interfaces. If hardware is not capable of processing the minimum size packets are full line rate, then that hardware MUST be capable of handling large burst of small packets, a condition which is often observed. This level of performance is necessary to meet Differentiated Services requirements for without it, packets are lost prior to inspection of the IP DSCP field or MPLS TC field . With adequate on-chip buffers before the packet decision engine, an LSR can absorb a long sequence of short packets. Even if the output is slowed to the point where light congestion occurs, the packets, having cleared the decision process, can make use of larger VOQ or output side buffers and be dealt with according to configured QoS treatment, rather than dropped completely at random. These on-chip buffers need not contribute significant delay since they are only used when the packet decision engine is unable to keep up, not in response to congestion, plus these buffers are quite small. For example, an on-chip buffer capable of handling 4K packets of 64 bytes in length, or 256KB, corresponds to 2 msec on a 10 Mb/s link and 0.2 usec on a 100 Gb/s link. If the packet decision engine is capable of handling packets at 90% of the full rate for small packets, then the maximum added delay is 0.2 msec and 20 nsec respectively, and this delay only applies if a 4K burst of short packets occurs. When no burst of short packets was being processed, no delay is added. Packet rate requirements apply regardless of which network tier equipment is deployed in. Whether deployed in the network core or near the network edges, one of the two conditions MUST be met: Packets must be processed at full line rate with minimum sized packets. -OR- Packets must be processed at a rate well under generally accepted average packet sizes, with sufficient buffering prior to the packet decision engine to accommodate long bursts of small packets.

In any large provider, service providers and content providers, hash based multipath techniques are used in the core and in the edge. In many of these providers hash based multipath is also used in the larger metro networks. The most common multipath techniques are ECMP applied at the IP forwarding level, Ethernet LAG with inspection of the IP payload, and multipath on links carrying both IP and MPLS, where the IP header is inspected below the MPLS label stack. In most core networks, the vast majority of traffic is MPLS encapsulated. In order to support an adequately balanced load distribution across multiple links, IP header information must be used. Common practice today is to reinspect the IP headers at each LSR and use the label stack and IP header information in a hash performed at each LSR. Further details are provided in . The use of this technique is so ubiquitous in provider networks that lack of support for multipath makes any product unsuitable for use in large core networks. This will continue to be the case in the near future, even as deployment of MPLS Entropy Label begins to relax the core LSR multipath performance requirements given the existing deployed base of edge equipment without the ability to add an Entropy Label. A generation of edge equipment supporting the ability to add an MPLS Entropy Label is needed before the performance requirements for core LSR can be relaxed. However, it is likely that two generations of deployment in the future will allow core LSR to support full packet rate only when a relatively small number of MPLS labels need to be inspected before hashing. For now, don't count on it. Common practice today is to reinspect the packet at each LSR and use the label stack and use the IP header field as input to a hash algorithm performed on each packet at each LSR in the network combined with a hash seed that is selected by each LSR. Where flow labels or entropy labels are used, a hash seed must be used.

Within the core of a network some form of multipath is almost certain to be used. Multipath techniques deployed today are likely to be looking beneath the label stack for an opportunity to hash on IP addresses. A pseudowire encapsulated at a network edge must have a means to prevent reordering within the core if the pseudowire will be crossing a network core, or any part of a network topology where multipath is used (see and ). Not supporting the ability to encapsulate a pseudowire with a control word may lock a product out from consideration. A pseudowire capability without control word support might be sufficient for applications that are strictly both intra-metro and low bandwidth. However a provider with other applications will very likely not tolerate having equipment which can only support a subset of their pseudowire needs.

Where multipath makes use of a simple hash and simple load balance such as modulo or other fixed allocation (see ) the presence of large microflows that each consumes 10% of the capacity of a component link of a potentially congested composite link, one such microflow can upset the traffic balance and more than one can in effect reduce the effective capacity of the entire composite link by more than 10%. When even a very small number of large microflows are present, there is a significant probability that more than one of these large microflows could fall on the same component link. If the traffic contribution from large microflows is small, the probability for three or more large microflows on the same component link drops significantly. Therefore in a network where a significant number of parallel 10 Gb/s links exists, even a 1 Gb/s pseudowire or other large microflow that could not otherwise be subdivided into smaller flows should carry a flow label or entropy label if possible. Active management of the hash space to better accommodate large microflows has been implemented and deployed in the past, however such techniques are out of scope for this document.

Unlike a pseudowire control word, a pseudowire flow label , is required only for relatively large capacity pseudowires. There are many cases where a pseudowire flow label makes sense. Any service such as a VPN which carries IP traffic within a pseudowire can make use of a pseudowire flow label. Any pseudowire carried over MPLS which makes use of the pseudowire control word and does not carry a flow label is in effect a single microflow (in terms).

The MPLS Entropy Label simplifies flow group identification in the network core. Prior to the MPLS Entropy Label core LSR needed to inspect the entire label stack and often the IP headers to provide an adequate distribution of traffic when using multipath techniques (see ). With the use of MPLS Entropy Label, a hash can be performed closer to network edges, placed in the label stack, and used within the network core. The MPLS Entropy Label is capable of avoiding full label stack and payload inspection within the core where performance levels are most difficult to achieve (see ). The label stack inspection can be terminated as soon as the first Entropy Label is encountered, which is generally after a small number of labels are inspected. In order to provide these benefits in the core, LSR closer to the edge must be capable of adding an entropy label. This support may not be required in the access tier, the tier closest to the customer, but is likely to be required in the edge or the border to the network core. LSR peering with external networks will also need to be able to add an Entropy Label.

The most common multipath techniques are based on a hash over a set of fields. Regardless of whether a hash is used or some other method is used, the there are a limited set of fields which can safely be used for multipath.

If the "outer" or "first" layer of encapsulation is MPLS, then label stack entries are used in the hash. Within a finite amount of time (and for small packets arriving at high speed that time can quite limited) only a finite number of label entries can be inspected. Pipelined or parallel architectures improve this, but the limit is still finite. The following guidelines are provided for use of MPLS fields in multipath load balancing. Only the 20 bit label field SHOULD be used. The TTL field SHOULD NOT be used. The S bit MUST NOT be used. The TC field (formerly EXP) MUST NOT be used. See below this list for reasons. If an ELI label is found, then if the LSR supports Entropy Label, the EL label field in the next label entry (the EL) SHOULD be used and label entries below that label SHOULD NOT be used and the MPLS payload SHOULD NOT be used. See below this list for reasons. Reserved labels (label values 0-15) MUST NOT be used. In particular, GAL and RA MUST NOT be used so that OAM traffic follows the same path as payload packets with the same label stack. The most entropy is generally found in the label stack entries near the bottom of the label stack (innermost label, closest to S=1 bit). If the entire label stack cannot be used (or entire stack up to an EL), then it is better to use as many labels as possible closest to the bottom of stack. If no ELI is encountered, and the first nibble of payload contains a 4 (IPv4) or 6 (IPv6), an implementation SHOULD support the ability to interpret the payload as IPv4 or IPv6 and extract and use appropriate fields from the IP headers. This feature is considered a hard requirement by many service providers. If supported, there MUST be a way to disable it (if, for example, PW without CW are used). This ability to disable this feature is considered a hard requirement by many service providers. Therefore an implementation has a very strong incentive to support both options. A label which is popped at egress (UHP POP) SHOULD NOT be used. A label which is popped at the penultimate hop (PHP POP) SHOULD be used. Apparently some chips have made use of the TC (formerly EXP) bits as a source of entropy. This is very harmful since it will reorder Assured Forwarding (AF) traffic when a subset does not conform to the configured rates and is remarked but not dropped at a prior LSR. Traffic which uses MPLS ECN can also be reordered if TC is used for entropy. Therefore, as stated in the guidelines above, the TC field (formerly EXP) MUST NOT be used in multipath load balancing as it violates Differentiated Services Ordered Aggregate (OA) requirements in these two instances. Use of the MPLS label entry S bit would result in putting OAM traffic on a different path if the addition of a GAL at the bottom of stack removed the S bit from the prior label. If an ELI label is found, then if the LSR supports Entropy Label, the EL label field in the next label entry (the EL) SHOULD be used and the search for additional entropy within the packet SHOULD be terminated. Failure to terminate the search will impact client MPLS-TP LSP carried within server MPLS LSP. A network operator has the option to use administrative attributes as a means to identify LSR which do not terminate the entropy search at the first EL. Administrative attributes are defined in . Some configuration is required to support this. If the PHP POP label is not used, then for any PW for which CW is used, there is no basis for multipath load split. In some networks it is infeasible to put all PW traffic on one component link. Any PW which does not use CW will be improperly split regardless of whether the PHP POP label is used.

Inspecting the IP payload provides the most entropy in provider networks. The practice of looking past the bottom of stack label for an IP payload is well accepted and documented in and in other RFCs. Where IP is mentioned in the document, both IPv4 and IPv6 apply. All LSRs MUST fully support IPv6. When information in the IP header is used, the following guidelines apply: Both the IP source address and IP destination address SHOULD be used. There MAY be an option to reverse the order of these address, improving the ability to provide symmetric paths in some cases. Many service providers require that both addresses be used. Implementations SHOULD allow inspection of the IP protocol field and use of the UDP or TCP port numbers. For many service providers this feature is considered manditory, particularly for enterprise, data center, or edge equipment. If this feature is provided, it SHOULD be possible to disable use of TCP and UDP ports. Many service providers consider it a hard requirement that use of UDP and TCP ports can be disabled. Therefore there is a stong incentive for implementations to provide both options. Equipment suppliers MUST NOT make assumptions that because the IP version field is equal to 4 (an IPv4 packet) that the IP protocol will either be TCP (IP protocol 6) or UDP (IP protocol 17) and blindly fetch the data at the offset where the TCP or UDP ports would be found. With IPv6, TCP and UDP port numbers are not at fixed offsets. With IPv4 packets carrying IP options, TCP and UDP port numbers are not at fixed offsets. The IPv6 header flow field SHOULD be used. This is the explicit purpose of the IPv6 flow field, however observed flow fields rarely contains a non-zero value. Some uses af the flow field have been defined such as . In the absense of MPLS encapsulation, the IPv6 flow field can serve a role equivalent to Entropy Label. Support other protocols that share a common Layer-4 header such as RTP, UDP-lite, SCTP and DCCP SHOULD be provided, particularly for edge or access equipment where additional entropy may be needed. Equipment SHOULD also use RTP, UDP-lite, SCTP and DCCP headers when creating an Entropy Label. Similar to avoiding TC in MPLS, the IP DSCP, and ECN bits MUST NOT be used. The IPv4 TTL or IPv6 Hop Count SHOULD NOT be used. Note that the IP TOS field was deprecated ( was updated by ). No part of the IP DSCP (formerly IP PREC and IP TOS bits) field can be used. Some IP encapsulations support tunneling, such as IP-in-IP, GRE, L2TPv3, and IPSEC. These provide a greater source of entropy which some provider networks carrying large amounts of tunneled traffic may need. The use of tunneling header information is out of scope for this document. This document makes the following recommendations. These recommendations are not required to claim compliance to any existing RFC therefoer implementors are free to ignore them, but due to service provider requirements may be doing so at their own peril. The use of IP addresses MUST be supported and TCP and UDP ports (conditional on the protocol field and properly located) MUST be supported. The ability to disable use of UDP and TCP ports MUST be available. Though potentially very useful in some networks, it is uncommon to support using payloads of tunneling protocols carried over IP. Though the use of tunneling protocol header information is out of scope for this document, it is not discouraged.

The ingress to a pseudowire (PW) can extract information from the payload being encapsulated to create a flow label. references IP carried in Ethernet as an example. The Native Service Processing (NSP) function defined in differs with pseudowire type. It is in the NSP function where information for a specific type of PW can be extracted for use in a flow label. Which fields to use for any given PW NSP is out of scope for this document.

An entropy label is added at the ingress to an LSP. The payload being encapsulated is most often MPLS, a PW, or IP. The payload type is identified by the layer-2 encapsulation (Ethernet, GFP, POS, etc). If the payload is MPLS, then the information used to create an entropy label is the same information used for local load balancing (see ). This information MUST be extracted for use in generating an entropy label even if the LSR local egress interface is not a multipath. Of the non-MPLS payload types, only payloads that are forwarded are of interest. For example, ARP is not forwarded and CNLP (used only for ISIS) is not forwarded. The non-MPLS payload type of greatest interest are IPv4 and IPv6. The guidelines in apply to fields used to create and entropy label. The IP tunneling protocols mentioned in may be more applicable to generation of an entropy label at edge or access where deep packet inspection is practical due to lower interface speeds than in the core where deep packet inspection may be impractical.

MPLS-TP introduces forwarding demands that will be extremely difficult to meet in a core network. Most troublesome is the requirement for Ultimate Hop Popping (UHP, the opposite of Penultimate Hop Popping or PHP). Using UHP opens the possibility of one or more MPLS POP operation plus an MPLS SWAP operation for each packet. The potential for multiple lookups and multiple counter instances per packet exists. As networks grow and tunneling of LDP LSPs into RSVP-TE LSPs is used, and/or RSVP-TE hierarchy is used, the requirement to perform one or two or more MPLS POP operations plus a MPLS SWAP operation (and possibly a PUSH or two) increases. If MPLS-TP LM (link monitoring) OAM is enabled at each layer, then a packet and byte count MUST be maintained for each POP and SWAP operation so as to offer OAM for each layer.

Denial of service (DoS) protection is an area requiring hardware support that is often overlooked or inadequately considered. Hardware assist is also needed for OAM, particularly the more demanding MPLS-TP OAM.

Modern equipment supports a number of control plane and management plane protocols. Generally no single means of protecting network equipment from denial of service (DoS) attacks is sufficient, particularly for high speed interfaces. This problem is not specific to MPLS, but is a topic that cannot be ignored when implementing or evaluating MPLS implementations. Two types of protections are often cited as primary means of protecting against attacks of all kinds. Control and Management traffic can be carried out-of-band (OOB), meaning not intermixed with payload. For MPLS use of G-ACh and GAL to carry control and management traffic provides a means of isolation from potentially malicious payload. Used along, the compromise of a single node, including a small computer at a network operations center, could compromise an entire network. Implementations which send all G-ACh/GAL traffic directly to a routing engine CPU are subject to DoS attack as a result of such a compromise. Cryptographic authentication can very effectively prevent malicious injection of control or management traffic. Cryptographic authentication can is some circumstances be subject to DoS attack by overwhelming the capacity of the decryption with a high volume of malicious traffic. For very low speed interfaces cryptographic authentication can be performed by the general purpose CPU used as a routing engine. For all other cases, cryptographic hardware may be needed. For very high speed interfaces, even cryptographic hardware can be overwhelmed. Some control and management protocols are often carried with payload traffic. This is commonly the case with BGP, T-LDP, and SNMP. It is often the case with RSVP-TE. Even when carried over G-ACh/GAL additional measures can reduce the potential for a minor breach to be leveraged to a full network attack. Some of the additional protections are supported by hardware packet filtering. defines a mechanism that uses the IPv4 TTL or IPv6 Hop Limit fields to insure control traffic that can only originate from an immediate neighbor is not forged and originating from a distant source. GTSM can be applies to many control protocols which are routable, for example LDP . At the very minimum, packet filtering plus classification and use of multiple queues supporting rate limiting is needed for traffic that could potentially be sent to a general purpose CPU used as a routing engine. The first level of filtering only allows connections to be initiated from specific IP prefixes to specific destination ports and then preferably passes traffic directly to a cryptographic engine and/or rate limits. The second level of filtering passes connected traffic, such as TCP connections having received at least one authenticated SYN or having been locally initiated. The second level of filtering only passes traffic to specific address and port pairs to be checked for cryptographic authentication. The cryptographic authentication is generally the last resort in DoS attack mitigation. If a packet must be first sent to a general purpose CPU, then sent to a cryptographic engine, a DoS attack is possible on high speed interfaces. Only where hardware can identify a signature and the portion of packet covered by the signature is cryptographic authentication highly beneficial in protecting against DoS attacks. For chips supporting multiple 100 Gb/s interfaces, only a very large number of parallel cryptographic engines can provide the processing capacity to handle a large scale DoS or distributed DoS (DDoS) attack. For many forwarding chips this much processing power requires significant chip real estate and power, and therefore reduces system space and power density. For this reason, cryptographic authentication is not considered a viable first line of defense. For some networks the first line of defense is some means of supporting OOB control and management traffic. In the past this OOB channel migh make use of overhead bits in SONET or OTN or a dedicated DWDM wavelength. G-ACh and GAL provide an alternative OOB mechanism which is independent of underlying layers. In other networks, including most IP/MPLS networks, perimeter filtering serves a similar purpose, though less effective without extreme vigalence. A second line of defense is filtering, including GTSM. For protocols such as EBGP, GTSM and other filtering is often the first line of defense. Cryptographic authentication is usually the last line of defense and insufficient by itself to mitigate DoS or DDoS attacks.

defines requirements for MPLS OAM that predate MPLS-TP. defines what is commonly referred to as LSP Ping and LSP Traceroute. is updated by supporting MPLS tunnels and stitched LSP and P2MP LSP. is updated by supporting P2MP LSP. is updated by to support MPLS-TP connectivity verification (CV) and route tracing. extends the ICMP format to support TTL expiration that may occur when using IP traceroute within an MPLS tunnel. The ICMP message generation can be implemented in forwarding hardware, but if sent to a general purpose CPU must be rate limited to avoid a potential denial or service (DoS) attack. defines Bidirectional Forwarding Detection (BFD), a protocol intended to detect faults in the bidirectional path between two forwarding engines. and define BFD for MPLS. BFD can provide failure detection on any kind of path between systems, including direct physical links, virtual circuits, tunnels, MPLS Label Switched Paths (LSPs), multihop routed paths, and unidirectional links as long as there is some return path. The processing requirements for BFD are less than for LSP Ping, making BFD somewhat better suited for relatively high rate proactive monitoring. BFD does not verify that the data plane against the control plane, where LSP Ping does. LSP Ping somewhat better suited for on-demand monitoring including relatively low rate periodic verification of data plane and as a diagnostic tool. Both BFD and LSP Ping MUST be recognized by hardware and at the very minimum forwarded to the main CPU. Hardware assistance for BFD is often provided and is considered necessary for relatively high rate proactive monitoring. Both BFD and LSP Ping MUST be recognized in any filtering prior to passing traffic to a general purpose CPU and appropriate DoS protection applied (see . Failure to recognize BFD and LSP Ping and at least rate limit creates the potential for misconfiguration to cause outages rather than cause errors in the misconfigured OAM.

Pseudowire OAM makes use of the control channel provided by Virtual Circuit Connectivity Verification (VCCV) . VCCV makes use of the Pseudowire Control Word. BFD support over VCCV is defined by . is updated by in support of static pseudowires. is updated by supporting LSP Ping for Pseudowire FEC advertised over IPv6. G-ACh/GAL (defined in ) is the preferred MPLS-TP OAM control channel and applies to any MPLS-TP end points, including Pseudowire. See for an overview of MPLS-TP OAM.

summarizes the MPLS-TP OAM toolset, the set of protocols supporting the MPLS-TP OAM requirements specified in and supported by the MPLS-TP OAM framework defined in . The MPLS-TP OAM toolset includes: defines BFD extensions to support proactive CC-CV applications. provides LSP ping extensions that are used to implement on-demand connectivity verification. Remote Defect Indication (RDI) is triggered by failure of proactive CC-CV, which is BFD based. For fast RDI initiation, RDI SHOULD be initiated and handled by hardware if BFD is handled in forwarding hardware. provides an extension for BFD that includes the RDI indication in the BFD format and a specification of how this indication is to be used. specifies that the LSP ping enhancements for MPLS-TP on-demand connectivity verification include information on the use of LSP ping for route tracing of an MPLS-TP path. describes the details of a new protocol supporting Alarm Indication Signal, Link Down Indication, and fault management. This functionality SHOULD be supported in forwarding hardware on high speed interfaces. Lock instruct is initiated on-demand and therefore need not be implemented in forwarding hardware. defines a lock instruct protocol. covers lock reporting. Lock reporting need not be implemented in forwarding hardware. defines protocol support for loopback. Loopback initiation is on-demand and therefore need not be implemented in forwarding hardware. Loopback of packet traffic SHOULD be implemented in forwarding hardware on high speed interfaces. and define a protocol and profile for packet loss measurement (LM) and delay measurement (DM). LM requires a very accurate capture and insertion of packet and byte counters when a packet is transmitted and capture of packet and byte counters when a packet is received. This capture and insertion MUST be implemented in forwarding hardware for LM OAM to be sufficiently accurate. DM requires very accurate capture and insertion of a timestamp on transmission and capture of timestamp when a packet is received. This timestamp capture and insertion MUST be implemented in forwarding hardware for DM OAM to be sufficiently accurate. See for discussion of hardware support necessary for BFD and LSP Ping. CC-CV and alarm reporting is tied to protection and therefore SHOULD be supported in forwarding hardware in order to provide protection for a large number of affected LSP within target response intervals. Since CC-CV is supported by BFD, for MPLS-TP, BFD SHOULD be supported in forwarding hardware.

provides the reasons for selecting a single MPLS-TP OAM solution and examines the consequences were ITU-T to develop a second OAM solution that is based on Ethernet encodings and mechanisms. and specifies the mapping of defect states between many types of hardware Attachment Circuits (ACs) and associated Pseudowires (PWs). This functionality SHOULD be supported in forwarding hardware. An MPLS OAM implementation SHOULD interwork with the underlying server layer and provide a means to interwork with a client layer. Where MPLS hierarchy is used both the client and server layer may be MPLS or MPLS-TP. Where the server layer is a Layer-2, such as Ethernet, PPP over SONET/SDH, or GFP over OTN, interwork among layers is also required. For high speed interfaces, this interworking SHOULD be supported in forwarding hardware.

Some OAM functionality must be supported in forwarding hardware while other OAM functionality must be entirely implemented in forwarding hardware. Where possible, implementation in forwarding hardware should be in programmable hardware such that if standards are later changed or extended these changes are likely to be accommodated with hardware reprogramming rather than replacement. Some functions must be implemented in dedicated forwarding hardware. Examples include packet and byte counters needed for LM OAM as well as needed for management protocols. Similarly the capture and insertion of packet and byte counts or timestamps needed for transmitted LM or DM or time synchronization packets MUST be implemented in forwarding hardware to support accurate OAM. Some functions must be supported in forwarding hardware but may make use of an external general purpose processor if performance criteria can be met. For example origination of AIS to client layers may be triggered by CC-CV server layer hardware but expansion to a large number of client LSP may occur in a general purpose processor. Some forwarding hardware supports one or more on-chip general purpose processors which may be well suited for such a role. The customer (system supplier or provider) should not dictate design, but should independently validate target functionality and performance. However, it is not uncommon for service providers and system implementors to insist on reviewing design details (under NDA) due to past experiences with suppliers and to reject suppliers who are unwilling to provide details.

Service provider networks may carry up to hundreds of millions of flows on 10 Gb/s links. Most flows are very short lived, many under a second. A subset of the flows are low capacity and somewhat long lived. When Internet traffic dominates capacity a very small subset of flows are high capacity and/or very long lived. Two types of limitations with regard to number and size of flows have been observed. Some hardware cannot handle some very large flows because of internal paths which are limited, such as per packet backplane paths or paths internal or external to chips such as buffer memory paths. Such designs can handle aggregates of smaller flows. Some hardware with acknowledged limitations has been successfully deployed but may be increasingly problematic if the capacity of large microflows in deployed networks continues to grow. Some hardware approaches cannot handle a large number of flows, or a large number of large flows due to attempting to count per flow, rather than deal with aggregates of flows. Hash techniques scale with regard to number of flows due to a fixed hash size with many flows falling into the same hash bucket. Techniques that identify individual flows have been implemented but have never successfully deployed for Internet traffic.

Packet rate performance of equipment supporting a large number of 10 Gb/s or 100 Gb/s links is not possible using desktop computers or workstations. The use of high end workstations as a source of test traffic was barely viable 20 years ago, but is no longer at all viable. Though custom microcode has been used on specialized router forwarding cards to serve the purpose of generating test traffic and measuring it, for the most part performance testing will require specialized test equipment. There are multiple sources of suitable equipment. The set of tests listed here do not correspond one-to-one to the set of questions in . The same categorization is used and these tests largely serve to validate answers provided to the prior questions, and can also provide answers where a supplier is unwilling to disclose compliance or performance. Performance testing is the domain of the IETF Benchmark Methodology Working Group (BMWG). Below are brief descriptions of conformance and performance tests. Some very basic tests are specified in which partially cover only the basic performance test T#3. The following tests should be performed by the systems designer, or deployer, or performed by the supplier on their behalf if it is not practical for the potential customer to perform the tests directly. These tests are grouped into broad categories. Test forwarding at a high rate for packets with varying number of label entries. While packets with more than a dozen label entries are unlikely to be used in any practical scenario today, it is useful to know if limitations exists. For each of the questions listed under "Basic Compliance" in , verify the claimed compliance. For any functionality considered critical to a deployment, where applicable performance using each capability under load should be verified in addition to basic compliance. Test packet forwarding at full line rate with small packets. See . The most likely case to fail is the smallest packet size. Also test with packet sizes in four byte increments ranging from payload sizes or 40 to 128 bytes. If the prior tests did not succeed for all packet sizes, then perform the following tests. Increase the packet size by 4 bytes until a size is found that can be forwarded at full rate. Inject bursts of consecutive small packets into a stream of larger packets. Allow some time for recovery between bursts. Increase the number of packets in the burst until packets are dropped. Send test traffic where a SWAP operation is required. Also set up multiple LSP carried over other LSP where the device under test (DUT) is the egress of these LSP. Create test packets such that the SWAP operation is performed after POP operations, increasing the number of POP operations until forwarding of small packets at full line rate can no longer be supported. Also check to see how many POP operations can be supported before the full set of counters can no longer be maintained. This requirement is particularly relevant for MPLS-TP. Send all traffic on one LSP and see if the counters become inaccurate. Often counters on silicon are much smaller than the 64 bit packet and byte counters in IETF MIB. System developers should consider what counter polling rate is necessary to maintain accurate counters and whether those polling rates are practical. Relevant MIBs for MPLS are discussed in and . Multipath capabilities do not apply to MPLS-TP but apply to MPLS and apply if MPLS-TP is carried in MPLS. Send traffic at a rate well exceeding the capacity of a single multipath component link, and where entropy exists only below the top of stack. If only the top label is used this test will fail immediately. Move the labels with entropy down in the stack until either the full forwarding rate can no longer be supported or most or all packets try to use the same component link. Repeat the two tests above with the entropy contained in IP headers or IP payload fields below the label stack rather than in the label stack. Test with the set of IP headers or IP payload fields considered relevant to the deployment or to the target market. Determine whether traffic that contains a pseudowire control word is interpreted as IP traffic. Information in the payload MUST NOT be used in the load balancing if the first nibble of the packet is not 4 or 6 (IPv4 or IPv6). Determine whether reserved labels are excluded from the label stack hash. They MUST be excluded. Perform testing in the presence of combinations of: Very large microflows. Relatively short lived high capacity flows. Extremely large numbers of flows. Very short lived small flows. Ensure that pseudowire can be set up with a pseudowire label and pseudowire control word added at ingress and the pseudowire label and pseudowire control word removed at egress. For pseudowire that contains variable length payload packets, repeat performance tests listed under "Basic Performance" for pseudowire ingress and egress functions. Repeat pseudowire performance tests with and without a pseudowire control word. Determine whether pseudowire can be set up with a pseudowire label, flow label, and pseudowire control word added at ingress and the pseudowire label, flow label, and pseudowire control word removed at egress. Determine which payload fields are used to create the flow label and whether the set of fields and algorithm provide sufficient entropy for load balancing. Repeat pseudowire performance tests with flow labels included. Determine whether entropy labels can be added at ingress and removed at egress. Determine which fields are used to create an entropy label. Labels further down in the stack, including entropy labels further down and IP headers or IP payload fields where applicable should be used. Determine whether the set of fields and algorithm provide sufficient entropy for load balancing. Repeat performance tests under "Basic Performance" when entropy labels are used, where ingress or egress is the device under test (DUT). Determine whether an ELI is detected when acting as a midpoint LSR and whether the search for further information on which to base the load balancing is used. Information below the entropy label SHOULD NOT be used. Ensure that the Entropy Label Indicator and Entropy Label (ELI and EI) are removed from the label stack during UHP and PHP operations. Insure that operations on the TC field when adding and removing Entropy Label are correctly carried out. If TC is changed during a SWAP operation, the ability to transfer that change MUST be provided. The ability to suppress the transfer of TC MUST also be provided. See "pipe", "short pipe", and "uniform" models in . Repeat performance tests for midpoint LSR with entropy labels found at various label stack depths. Actively attack LSR under high protocol churn load and determine control plane performance impact or successful DoS under test conditions. Specifically test for the following. TCP SYN attack against control plane and management plane protocols using TCP, including CLI access (typically SSH protected login), NETCONF, etc. High traffic volume attack against control plane and management plane protocols not using TCP. Attacks which can be performed from a compromised management subnet computer, but not one with authentication keys. Attacks which can be performed from a compromised peer within the control plane (internal domain and external domain). Assume that per peering keys and per router ID keys rather than network wide keys are in use. See . Determine maximum sustainable rates of BFD traffic. If BFD requires CPU intervention, determine both maximum rates and CPU loading when multiple interfaces are active. Verify LSP Ping and LSP Traceroute capability. Determine maximum rates of MPLS-TP CC-CV traffic. If CC-CV requires CPU intervention, determine both maximum rates and CPU loading when multiple interfaces are active. Determine MPLS-TP DM precision. Determine MPLS-TP LM accuracy. Verify MPLS-TP AIS/RDI and PSC functionality, protection speed, and AIS/RDI notification speed when a large number of Management Entities (ME) must be notified with AIS/RDI. The tests in the "Basic Performance" section of the above list should be repeated under various conditions to retest basic performance when critical capabilities are enabled. Complete repetition of the performance tests enabling each capability and combinations of capabilities would be very time intensive, therefore a reduced set of performance tests can be used to gauge the impact of enabling specific capabilities.