idnits 2.17.1 draft-ietf-detnet-mpls-over-tsn-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 13, 2020) is 1229 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-16) exists of draft-ietf-detnet-security-12 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DetNet B. Varga, Ed. 3 Internet-Draft J. Farkas 4 Intended status: Informational Ericsson 5 Expires: June 16, 2021 A. Malis 6 Malis Consulting 7 S. Bryant 8 Futurewei Technologies 9 December 13, 2020 11 DetNet Data Plane: MPLS over IEEE 802.1 Time Sensitive Networking (TSN) 12 draft-ietf-detnet-mpls-over-tsn-05 14 Abstract 16 This document specifies the Deterministic Networking MPLS data plane 17 when operating over a TSN sub-network. This document does not define 18 new procedures or processes. Whenever this document makes 19 requirements statements or recommendations, these are taken from 20 normative text in the referenced RFCs. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on June 16, 2021. 39 Copyright Notice 41 Copyright (c) 2020 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Terms Used in This Document . . . . . . . . . . . . . . . 3 59 2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 60 3. DetNet MPLS Data Plane Overview . . . . . . . . . . . . . . . 3 61 4. DetNet MPLS Operation Over IEEE 802.1 TSN Sub-Networks . . . 4 62 4.1. Functions for DetNet Flow to TSN Stream Mapping . . . . . 6 63 4.2. TSN requirements of MPLS DetNet nodes . . . . . . . . . . 6 64 4.3. Service protection within the TSN sub-network . . . . . . 8 65 4.4. Aggregation during DetNet flow to TSN Stream mapping . . 8 66 5. Management and Control Implications . . . . . . . . . . . . . 8 67 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 68 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 69 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 70 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 71 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 72 9.2. Informative References . . . . . . . . . . . . . . . . . 11 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 75 1. Introduction 77 Deterministic Networking (DetNet) is a service that can be offered by 78 a network to DetNet flows. DetNet provides these flows with a low 79 packet loss rates and assured maximum end-to-end delivery latency. 80 General background and concepts of DetNet can be found in [RFC8655]. 82 The DetNet Architecture decomposes the DetNet related data plane 83 functions into two sub-layers: a service sub-layer and a forwarding 84 sub-layer. The service sub-layer is used to provide DetNet service 85 protection and reordering. The forwarding sub-layer is used to 86 provides congestion protection (low loss, assured latency, and 87 limited reordering) leveraging MPLS Traffic Engineering mechanisms. 89 [I-D.ietf-detnet-mpls] specifies the DetNet data plane operation for 90 MPLS-based Packet Switched Network (PSN). MPLS encapsulated DetNet 91 flows can be carried over network technologies that can provide the 92 DetNet required level of service. This document focuses on the 93 scenario where MPLS (DetNet) nodes are interconnected by a IEEE 802.1 94 TSN sub-network. 96 2. Terminology 98 2.1. Terms Used in This Document 100 This document uses the terminology established in the DetNet 101 architecture [RFC8655] and [I-D.ietf-detnet-mpls], and the reader is 102 assumed to be familiar with that document and its terminology. 104 2.2. Abbreviations 106 The following abbreviations are used in this document: 108 CW Control Word. 110 DetNet Deterministic Networking. 112 DF DetNet Flow. 114 FRER Frame Replication and Elimination for Redundancy (TSN 115 function). 117 L2 Layer 2. 119 L3 Layer 3. 121 LSR Label Switching Router. 123 MPLS Multiprotocol Label Switching. 125 PE Provider Edge. 127 PREOF Packet Replication, Elimination and Ordering Functions. 129 PSN Packet Switched Network. 131 PW PseudoWire. 133 S-PE Switching Provider Edge. 135 T-PE Terminating Provider Edge. 137 TSN Time-Sensitive Network. 139 3. DetNet MPLS Data Plane Overview 141 The basic approach defined in [I-D.ietf-detnet-mpls] supports the 142 DetNet service sub-layer based on existing pseudowire (PW) 143 encapsulations and mechanisms, and supports the DetNet forwarding 144 sub-layer based on existing MPLS Traffic Engineering encapsulations 145 and mechanisms. 147 A node operating on a DetNet flow in the Detnet service sub-layer, 148 i.e. a node processing a DetNet packet which has the S-Label as top 149 of stack uses the local context associated with that S-Label, for 150 example a received F-Label, to determine what local DetNet 151 operation(s) are applied to that packet. An S-Label may be unique 152 when taken from the platform label space [RFC3031], which would 153 enable correct DetNet flow identification regardless of which input 154 interface or LSP the packet arrives on. The service sub-layer 155 functions (i.e., PREOF) use a DetNet control word (d-CW). 157 The DetNet MPLS data plane builds on MPLS Traffic Engineering 158 encapsulations and mechanisms to provide a forwarding sub-layer that 159 is responsible for providing resource allocation and explicit routes. 160 The forwarding sub-layer is supported by one or more forwarding 161 labels (F-Labels). 163 DetNet edge/relay nodes are DetNet service sub-layer aware, 164 understand the particular needs of DetNet flows and provide both 165 DetNet service and forwarding sub-layer functions. They add, remove 166 and process d-CWs, S-Labels and F-labels as needed. MPLS DetNet 167 nodes and transit nodes include DetNet forwarding sub-layer 168 functions, support for notably explicit routes, and resources 169 allocation to eliminate (or reduce) congestion loss and jitter. 170 Unlike other DetNet node types, transit nodes provide no service sub- 171 layer processing. 173 MPLS (DetNet) nodes and transit nodes interconnected by a TSN sub- 174 network are the primary focus of this document. The mapping of 175 DetNet MPLS flows to TSN streams and TSN protection mechanisms are 176 covered in Section 4. 178 4. DetNet MPLS Operation Over IEEE 802.1 TSN Sub-Networks 180 The DetNet WG collaborates with IEEE 802.1 TSN in order to define a 181 common architecture for both Layer 2 and Layer 3, what maintains 182 consistency across diverse networks. Both DetNet MPLS and TSN use 183 the same techniques to provide their deterministic service: 185 o Service protection. 187 o Resource allocation. 189 o Explicit routes. 191 As described in the DetNet architecture [RFC8655] a sub-network 192 provides from MPLS perspective a single hop connection between MPLS 193 (DetNet) nodes. Functions used for resource allocation and explicit 194 routes are treated as domain internal functions and does not require 195 function interworking across the DetNet MPLS network and the TSN sub- 196 network. 198 In case of the service protection function due to the similarities of 199 the DetNet PREOF and TSN FRER functions some level of interworking is 200 possible. However, such interworking is out-of-scope in this 201 document and left for further study. 203 Figure 1 illustrates a scenario, where two MPLS (DetNet) nodes are 204 interconnected by a TSN sub-network. Node-1 is single homed and 205 Node-2 is dual-homed to the TSN sub-network. 207 MPLS (DetNet) MPLS (DetNet) 208 Node-1 Node-2 210 +----------+ +----------+ 211 <--| Service* |-- DetNet flow ---| Service* |--> 212 +----------+ +----------+ 213 |Forwarding| |Forwarding| 214 +--------.-+ <-TSN Str-> +-.-----.--+ 215 \ ,-------. / / 216 +----[ TSN-Sub ]---+ / 217 [ Network ]--------+ 218 `-------' 219 <---------------- DetNet MPLS ---------------> 221 Note: * no service sub-layer required for transit nodes 223 Figure 1: DetNet Enabled MPLS Network Over a TSN Sub-Network 225 The Time-Sensitive Networking (TSN) Task Group of the IEEE 802.1 226 Working Group have defined (and are defining) a number of amendments 227 to IEEE 802.1Q [IEEE8021Q] that provide zero congestion loss and 228 bounded latency in bridged networks. Furthermore IEEE 802.1CB 229 [IEEE8021CB] defines frame replication and elimination functions for 230 reliability that should prove both compatible with and useful to, 231 DetNet networks. All these functions have to identify flows those 232 require TSN treatment. 234 TSN capabilities of the TSN sub-network are made available for MPLS 235 (DetNet) flows via the protocol interworking function defined in 236 Annex C.5 of IEEE 802.1CB [IEEE8021CB]. For example, applied on the 237 TSN edge port it can convert an ingress unicast MPLS (DetNet) flow to 238 use a specific Layer-2 multicast destination MAC address and a VLAN, 239 in order to direct the packet through a specific path inside the 240 bridged network. A similar interworking function pair at the other 241 end of the TSN sub-network would restore the packet to its original 242 Layer-2 destination MAC address and VLAN. 244 Placement of TSN functions depends on the TSN capabilities of nodes. 245 MPLS (DetNet) Nodes may or may not support TSN functions. For a 246 given TSN Stream (i.e., DetNet flow) an MPLS (DetNet) node is treated 247 as a Talker or a Listener inside the TSN sub-network. 249 4.1. Functions for DetNet Flow to TSN Stream Mapping 251 Mapping of a DetNet MPLS flow to a TSN Stream is provided via the 252 combination of a passive and an active stream identification function 253 that operate at the frame level. The passive stream identification 254 function is used to catch the MPLS label(s) of a DetNet MPLS flow and 255 the active stream identification function is used to modify the 256 Ethernet header according to the ID of the mapped TSN Stream. 258 Clause 6.8 of IEEE P802.1CBdb [IEEEP8021CBdb] defines a Mask-and- 259 Match Stream identification function that can be used as a passive 260 function for MPLS DetNet flows. 262 Clause 6.6 of IEEE 802.1CB [IEEE8021CB] defines an Active Destination 263 MAC and VLAN Stream identification function, what can replace some 264 Ethernet header fields namely (1) the destination MAC-address, (2) 265 the VLAN-ID and (3) priority parameters with alternate values. 266 Replacement is provided for the frame passed down the stack from the 267 upper layers or up the stack from the lower layers. 269 Active Destination MAC and VLAN Stream identification can be used 270 within a Talker to set flow identity or a Listener to recover the 271 original addressing information. It can be used also in a TSN bridge 272 that is providing translation as a proxy service for an End System. 274 4.2. TSN requirements of MPLS DetNet nodes 276 This section covers required behavior of a TSN-aware MPLS (DetNet) 277 node using a TSN sub-network. The implementation of TSN packet 278 processing functions must be compliant with the relevant IEEE 802.1 279 standards. 281 From the TSN sub-network perspective MPLS (DetNet) nodes are treated 282 as Talker or Listener, that may be (1) TSN-unaware or (2) TSN-aware. 284 In cases of TSN-unaware MPLS DetNet nodes the TSN relay nodes within 285 the TSN sub-network must modify the Ethernet encapsulation of the 286 DetNet MPLS flow (e.g., MAC translation, VLAN-ID setting, Sequence 287 number addition, etc.) to allow proper TSN specific handling inside 288 the sub-network. There are no requirements defined for TSN-unaware 289 MPLS DetNet nodes in this document. 291 MPLS (DetNet) nodes being TSN-aware can be treated as a combination 292 of a TSN-unaware Talker/Listener and a TSN-Relay, as shown in 293 Figure 2. In such cases the MPLS (DetNet) node must provide the TSN 294 sub-network specific Ethernet encapsulation over the link(s) towards 295 the sub-network. 297 MPLS (DetNet) 298 Node 299 <----------------------------------> 301 +----------+ 302 <--| Service* |-- DetNet flow ------------------ 303 +----------+ 304 |Forwarding| 305 +----------+ +---------------+ 306 | L2 | | L2 Relay with |<--- TSN --- 307 | | | TSN function | Stream 308 +-----.----+ +--.------.---.-+ 309 \__________/ \ \______ 310 \_________ 311 TSN-unaware 312 Talker / TSN-Bridge 313 Listener Relay 314 <----- TSN Sub-network ----- 315 <------- TSN-aware Tlk/Lstn -------> 317 Note: * no service sub-layer required for transit nodes 319 Figure 2: MPLS (DetNet) Node with TSN Functions 321 A TSN-aware MPLS (DetNet) node impementations must support the Stream 322 Identification TSN component for recognizing flows. 324 A Stream identification component must be able to instantiate the 325 following functions (1) Active Destination MAC and VLAN Stream 326 identification function, (2) Mask-and-Match Stream identification 327 function and (3) the related managed objects in Clause 9 of IEEE 328 802.1CB [IEEE8021CB] and IEEE P802.1CBdb [IEEEP8021CBdb]. 330 A TSN-aware MPLS (DetNet) node implementations must support the 331 Sequencing function and the Sequence encode/decode function as 332 defined in Clause 7.4 and 7.6 of IEEE 802.1CB [IEEE8021CB] if FRER is 333 used inside the TSN sub-network. 335 The Sequence encode/decode function must support the Redundancy tag 336 (R-TAG) format as per Clause 7.8 of IEEE 802.1CB [IEEE8021CB]. 338 A TSN-aware MPLS (DetNet) node implementations must support the 339 Stream splitting function and the Individual recovery function as 340 defined in Clause 7.7 and 7.5 of IEEE 802.1CB [IEEE8021CB] when the 341 node is a replication or elimination point for FRER. 343 4.3. Service protection within the TSN sub-network 345 TSN Streams supporting DetNet flows may use Frame Replication and 346 Elimination for Redundancy (FRER) as defined in Clause 8. of IEEE 347 802.1CB [IEEE8021CB] based on the loss service requirements of the 348 TSN Stream, which is derived from the DetNet service requirements of 349 the DetNet mapped flow. The specific operation of FRER is not 350 modified by the use of DetNet and follows IEEE 802.1CB [IEEE8021CB]. 352 FRER function and the provided service recovery is available only 353 within the TSN sub-network as the TSN Stream-ID and the TSN sequence 354 number are not valid outside the sub-network. An MPLS (DetNet) node 355 represents a L3 border and as such it terminates all related 356 information elements encoded in the L2 frames. 358 As the Stream-ID and the TSN sequence number are paired with the 359 similar MPLS flow parameters, FRER can be combined with PREOF 360 functions. Such service protection interworking scenarios may 361 require to move sequence number fields among TSN (L2) and PW (MPLS) 362 encapsulations and they are left for further study. 364 4.4. Aggregation during DetNet flow to TSN Stream mapping 366 Implementations of this document shall use management and control 367 information to map a DetNet flow to a TSN Stream. N:1 mapping 368 (aggregating DetNet flows in a single TSN Stream) shall be supported. 369 The management or control function that provisions flow mapping shall 370 ensure that adequate resources are allocated and configured to 371 provide proper service requirements of the mapped flows. 373 5. Management and Control Implications 375 DetNet flow and TSN Stream mapping related information are required 376 only for TSN-aware MPLS (DetNet) nodes. From the Data Plane 377 perspective there is no practical difference based on the origin of 378 flow mapping related information (management plane or control plane). 380 The following summarizes the set of information that is needed to 381 configure DetNet MPLS over TSN: 383 o DetNet MPLS related configuration information according to the 384 DetNet role of the DetNet MPLS node, as per 385 [I-D.ietf-detnet-mpls]. 387 o TSN related configuration information according to the TSN role of 388 the DetNet MPLS node, as per [IEEE8021Q], [IEEE8021CB] and 389 [IEEEP8021CBdb]. 391 o Mapping between DetNet MPLS flow(s) (label information: A-labels, 392 S-labels and F-labels as defined in [I-D.ietf-detnet-mpls]) and 393 TSN Stream(s) (as stream identification information defined in 394 [IEEEP8021CBdb]). Note, that managed objects for TSN Stream 395 identification can be found in [IEEEP8021CBcv]. 397 This information must be provisioned per DetNet flow. 399 Mappings between DetNet and TSN management and control planes are out 400 of scope of the document. Some of the challanges are highligthed 401 below. 403 TSN-aware MPLS DetNet nodes are member of both the DetNet domain and 404 the TSN sub-network. Within the TSN sub-network the TSN-aware MPLS 405 (DetNet) node has a TSN-aware Talker/Listener role, so TSN specific 406 management and control plane functionalities must be implemented. 407 There are many similarities in the management plane techniques used 408 in DetNet and TSN, but that is not the case for the control plane 409 protocols. For example, RSVP-TE and MSRP behaves differently. 410 Therefore management and control plane design is an important aspect 411 of scenarios, where mapping between DetNet and TSN is required. 413 In order to use a TSN sub-network between DetNet nodes, DetNet 414 specific information must be converted to TSN sub-network specific 415 ones. DetNet flow ID and flow related parameters/requirements must 416 be converted to a TSN Stream ID and stream related parameters/ 417 requirements. Note that, as the TSN sub-network is just a portion of 418 the end2end DetNet path (i.e., single hop from MPLS perspective), 419 some parameters (e.g., delay) may differ significantly. Other 420 parameters (like bandwidth) also may have to be tuned due to the L2 421 encapsulation used within the TSN sub-network. 423 In some case it may be challenging to determine some TSN Stream 424 related information. For example, on a TSN-aware MPLS (DetNet) node 425 that acts as a Talker, it is quite obvious which DetNet node is the 426 Listener of the mapped TSN stream (i.e., the MPLS Next-Hop). However 427 it may be not trivial to locate the point/interface where that 428 Listener is connected to the TSN sub-network. Such attributes may 429 require interaction between control and management plane functions 430 and between DetNet and TSN domains. 432 Mapping between DetNet flow identifiers and TSN Stream identifiers, 433 if not provided explicitly, can be done by a TSN-aware MPLS (DetNet) 434 node locally based on information provided for configuration of the 435 TSN Stream identification functions (Mask-and-match Stream 436 identification and Active Stream identification function). 438 Triggering the setup/modification of a TSN Stream in the TSN sub- 439 network is an example where management and/or control plane 440 interactions are required between the DetNet and TSN sub-network. 441 TSN-unaware MPLS (DetNet) nodes make such a triggering even more 442 complicated as they are fully unaware of the sub-network and run 443 independently. 445 Configuration of TSN specific functions (e.g., FRER) inside the TSN 446 sub-network is a TSN domain specific decision and may not be visible 447 in the DetNet domain. Service protection interworking scenarios are 448 left for further study. 450 6. Security Considerations 452 Security considerations for DetNet are described in detail in 453 [I-D.ietf-detnet-security]. General security considerations are 454 described in [RFC8655]. DetNet MPLS data plane specific 455 considerations are summarized in [I-D.ietf-detnet-mpls]. This 456 section considers exclusively security considerations which are 457 specific to the DetNet MPLS over TSN sub-network scenario. 459 The sub-network between DetNet nodes needs to be subject to 460 appropriate confidentiality. Additionally, knowledge of what DetNet/ 461 TSN services are provided by a sub-network may supply information 462 that can be used in a variety of security attacks. The ability to 463 modify information exchanges between connected DetNet nodes may 464 result in bogus operations. Therefore, it is important that the 465 interface between DetNet nodes and TSN sub-network are subject to 466 authorization, authentication, and encryption. 468 The TSN sub-network operates at Layer-2 so various security 469 mechanisms defined by IEEE can be used to secure the connection 470 between the DetNet nodes (e.g., encryption may be provided using 471 MACSec [IEEE802.1AE-2018]). 473 7. IANA Considerations 475 This document makes no IANA requests. 477 8. Acknowledgements 479 The authors wish to thank Norman Finn, Lou Berger, Craig Gunther, 480 Christophe Mangin and Jouni Korhonen for their various contributions 481 to this work. 483 9. References 485 9.1. Normative References 487 [I-D.ietf-detnet-mpls] 488 Varga, B., Farkas, J., Berger, L., Malis, A., Bryant, S., 489 and J. Korhonen, "DetNet Data Plane: MPLS", draft-ietf- 490 detnet-mpls-13 (work in progress), October 2020. 492 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 493 Label Switching Architecture", RFC 3031, 494 DOI 10.17487/RFC3031, January 2001, 495 . 497 9.2. Informative References 499 [I-D.ietf-detnet-security] 500 Grossman, E., Mizrahi, T., and A. Hacker, "Deterministic 501 Networking (DetNet) Security Considerations", draft-ietf- 502 detnet-security-12 (work in progress), October 2020. 504 [IEEE802.1AE-2018] 505 IEEE Standards Association, "IEEE Std 802.1AE-2018 MAC 506 Security (MACsec)", 2018, 507 . 509 [IEEE8021CB] 510 IEEE 802.1, "Standard for Local and metropolitan area 511 networks - Frame Replication and Elimination for 512 Reliability (IEEE Std 802.1CB-2017)", 2017, 513 . 515 [IEEE8021Q] 516 IEEE 802.1, "Standard for Local and metropolitan area 517 networks--Bridges and Bridged Networks (IEEE Std 802.1Q- 518 2018)", 2018, . 520 [IEEEP8021CBcv] 521 Kehrer, S., "FRER YANG Data Model and Management 522 Information Base Module", IEEE P802.1CBcv 523 /D0.4 P802.1CBcv, August 2020, 524 . 527 [IEEEP8021CBdb] 528 Mangin, C., "Extended Stream identification functions", 529 IEEE P802.1CBdb /D1.0 P802.1CBdb, September 2020, 530 . 533 [RFC8655] Finn, N., Thubert, P., Varga, B., and J. Farkas, 534 "Deterministic Networking Architecture", RFC 8655, 535 DOI 10.17487/RFC8655, October 2019, 536 . 538 Authors' Addresses 540 Balazs Varga (editor) 541 Ericsson 542 Magyar Tudosok krt. 11. 543 Budapest 1117 544 Hungary 546 Email: balazs.a.varga@ericsson.com 548 Janos Farkas 549 Ericsson 550 Magyar Tudosok krt. 11. 551 Budapest 1117 552 Hungary 554 Email: janos.farkas@ericsson.com 556 Andrew G. Malis 557 Malis Consulting 559 Email: agmalis@gmail.com 561 Stewart Bryant 562 Futurewei Technologies 564 Email: stewart.bryant@gmail.com