idnits 2.17.1 draft-ietf-mpls-ldp-dod-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 16 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 25, 2013) is 4079 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I1' is mentioned on line 791, but not defined == Missing Reference: 'I' is mentioned on line 791, but not defined == Missing Reference: 'V' is mentioned on line 798, but not defined == Missing Reference: 'U2' is mentioned on line 798, but not defined == Missing Reference: 'Y' is mentioned on line 798, but not defined == Missing Reference: 'U' is mentioned on line 798, but not defined == Unused Reference: 'RFC4446' is defined on line 1429, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-mpls-ldp-ipv6-07 == Outdated reference: A later version (-07) exists of draft-ietf-mpls-seamless-mpls-02 -- Obsolete informational reference (is this intentional?): RFC 3107 (Obsoleted by RFC 8277) -- Obsolete informational reference (is this intentional?): RFC 4447 (Obsoleted by RFC 8077) Summary: 1 error (**), 0 flaws (~~), 10 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Beckhaus 3 Internet-Draft Deutsche Telekom AG 4 Intended status: Standards Track B. Decraene 5 Expires: August 29, 2013 France Telecom 6 K. Tiruveedhula 7 Juniper Networks 8 M. Konstantynowicz 9 L. Martini 10 Cisco Systems, Inc. 11 February 25, 2013 13 LDP Downstream-on-Demand in Seamless MPLS 14 draft-ietf-mpls-ldp-dod-05 16 Abstract 18 Seamless MPLS design enables a single IP/MPLS network to scale over 19 core, metro and access parts of a large packet network infrastructure 20 using standardized IP/MPLS protocols. One of the key goals of 21 Seamless MPLS is to meet requirements specific to access, including 22 high number of devices, their position in network topology and their 23 compute and memory constraints that limit the amount of state access 24 devices can hold.This can be achieved with LDP Downstream-on-Demand 25 (LDP DoD) label advertisement. This document describes LDP DoD use 26 cases and lists required LDP DoD procedures in the context of 27 Seamless MPLS design. 29 In addition, a new optional TLV type in the LDP label request message 30 is defined for fast-up convergence. 32 Requirements Language 34 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 35 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 36 document are to be interpreted as described in RFC2119 [RFC2119]. 38 Status of this Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at http://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on August 29, 2013. 55 Copyright Notice 57 Copyright (c) 2013 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents 62 (http://trustee.ietf.org/license-info) in effect on the date of 63 publication of this document. Please review these documents 64 carefully, as they describe your rights and restrictions with respect 65 to this document. Code Components extracted from this document must 66 include Simplified BSD License text as described in Section 4.e of 67 the Trust Legal Provisions and are provided without warranty as 68 described in the Simplified BSD License. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 2. Reference Topologies . . . . . . . . . . . . . . . . . . . . . 5 74 2.1. Access Topologies with Static Routing . . . . . . . . . . 6 75 2.2. Access Topologies with Access IGP . . . . . . . . . . . . 8 76 3. LDP DoD Use Cases . . . . . . . . . . . . . . . . . . . . . . 10 77 3.1. Initial Network Setup . . . . . . . . . . . . . . . . . . 10 78 3.1.1. AN with Static Routing . . . . . . . . . . . . . . . . 10 79 3.1.2. AN with Access IGP . . . . . . . . . . . . . . . . . . 12 80 3.2. Service Provisioning and Activation . . . . . . . . . . . 12 81 3.3. Service Changes and Decommissioning . . . . . . . . . . . 15 82 3.4. Service Failure . . . . . . . . . . . . . . . . . . . . . 15 83 3.5. Network Transport Failure . . . . . . . . . . . . . . . . 16 84 3.5.1. General Notes . . . . . . . . . . . . . . . . . . . . 16 85 3.5.2. AN Node Failure . . . . . . . . . . . . . . . . . . . 16 86 3.5.3. AN/AGN Link Failure . . . . . . . . . . . . . . . . . 17 87 3.5.4. AGN Node Failure . . . . . . . . . . . . . . . . . . . 18 88 3.5.5. AGN Network-side Reachability Failure . . . . . . . . 18 89 4. LDP DoD Procedures . . . . . . . . . . . . . . . . . . . . . . 19 90 4.1. LDP Label Distribution Control and Retention Modes . . . . 19 91 4.2. IPv6 Support . . . . . . . . . . . . . . . . . . . . . . . 21 92 4.3. LDP DoD Session Negotiation . . . . . . . . . . . . . . . 21 93 4.4. Label Request Procedures . . . . . . . . . . . . . . . . . 22 94 4.4.1. Access LSR/ABR Label Request . . . . . . . . . . . . . 22 95 4.4.2. Label Request Retry . . . . . . . . . . . . . . . . . 23 96 4.4.3. Label Request with Fast-Up Convergence . . . . . . . . 23 97 4.5. Label Withdraw . . . . . . . . . . . . . . . . . . . . . . 25 98 4.6. Label Release . . . . . . . . . . . . . . . . . . . . . . 26 99 4.7. Local Repair . . . . . . . . . . . . . . . . . . . . . . . 27 100 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 101 5.1. LDP TLV TYPE . . . . . . . . . . . . . . . . . . . . . . . 27 102 6. Security Considerations . . . . . . . . . . . . . . . . . . . 27 103 6.1. Security and LDP DoD . . . . . . . . . . . . . . . . . . . 28 104 6.1.1. Access to network packet flow direction . . . . . . . 28 105 6.1.2. Network to access packet flow direction . . . . . . . 28 106 6.2. Data Plane Security . . . . . . . . . . . . . . . . . . . 29 107 6.3. Control Plane Security . . . . . . . . . . . . . . . . . . 30 108 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 31 109 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 110 8.1. Normative References . . . . . . . . . . . . . . . . . . . 31 111 8.2. Informative References . . . . . . . . . . . . . . . . . . 31 112 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32 114 1. Introduction 116 Seamless MPLS design [I-D.ietf-mpls-seamless-mpls] enables a single 117 IP/MPLS network to scale over core, metro and access parts of a large 118 packet network infrastructure using standardized IP/MPLS protocols. 119 One of the key goals of Seamless MPLS is to meet requirements 120 specific to access, including high number of devices, their position 121 in network topology and their compute and memory constraints that 122 limit the amount of state access devices can hold. 124 In general MPLS Label Switching Routers implement either LDP or RSVP 125 for MPLS label distribution. 127 The focus of this document is on LDP, as Seamless MPLS design does 128 not include a requirement for general purpose explicit traffic 129 engineering and bandwidth reservation. Document concentrates on the 130 unicast connectivity only. Multicast connectivity is subject for 131 further study. 133 In Seamless MPLS design [I-D.ietf-mpls-seamless-mpls], IP/MPLS 134 protocol optimization is possible due to a relatively simple access 135 network topologies. Examples of such topologies involving access 136 nodes (AN) and aggregation nodes (AGN) include: 138 a. A single AN homed to a single AGN. 140 b. A single AN dual-homed to two AGNs. 142 c. Multiple ANs daisy-chained via a hub-AN to a single AGN. 144 d. Multiple ANs daisy-chained via a hub-AN to two AGNs. 146 e. Two ANs dual-homed to two AGNs. 148 f. Multiple ANs chained in a ring and dual-homed to two AGNs. 150 The amount of IP RIB and FIB state on ANs can be easily controlled in 151 the listed access topologies by using simple IP routing configuration 152 with either static routes or dedicated access IGP. Note that in all 153 of the above topologies AGNs act as the access border routers (access 154 ABRs) connecting the access topology to the rest of the network. 155 Hence in many cases it is sufficient for ANs to have a default route 156 pointing towards AGNs in order to achieve complete network 157 connectivity from ANs to the network. 159 The amount of MPLS forwarding state however requires additional 160 consideration. In general MPLS routers implement LDP Downstream 161 Unsolicited (LDP DU) label advertisement [RFC5036] and advertise MPLS 162 labels for all valid routes in their RIB. This is seen as an 163 inadequate approach for ANs, which requires a small subset of the 164 total routes (and associated labels) based on the required 165 connectivity for the provisioned services. And although filters can 166 be applied to those LDP DU labels advertisements, it is not seen as a 167 suitable tool to facilitate any-to-any AN-driven connectivity between 168 access and the rest of the MPLS network. 170 This document describes an access node driven "subscription model" 171 for label distribution in the access. The approach relies on the 172 standard LDP Downstream-on-Demand (LDP DoD) label advertisements as 173 specified in [RFC5036]. LDP DoD enables on-demand label distribution 174 ensuring that only required labels are requested, provided and 175 installed. 177 The following sections describe a set of reference access topologies 178 considered for LDP DoD usage and their associated IP routing 179 configurations, followed by LDP DoD use cases and LDP DoD procedures 180 in the context of Seamless MPLS design. 182 2. Reference Topologies 184 LDP DoD use cases are described in the context of a generic reference 185 end-to-end network topology based on Seamless MPLS design 186 [I-D.ietf-mpls-seamless-mpls] shown in Figure 1 188 +-------+ +-------+ +------+ +------+ 189 ---+ AGN11 +--+ AGN21 +--+ ABR1 +--+ LSR1 +--> to LSR/AGN 190 +--------+/ +-------+ +-------+ +------+ +------+ 191 | Access | \/ \/ 192 | Network| /\ /\ 193 +--------+ +-------+ +-------+ +------+ +------+ 194 \---+ AGN12 +--+ AGN22 +--+ ABR2 +--+ LSR2 +--> to LSR/AGN 195 +-------+ +-------+ +------+ +------+ 197 static routes 198 or access IGP ISIS L1 ISIS L2 199 <----Access----><--Aggregation Domain--><----Core-----> 200 <------------------------- MPLS ----------------------> 202 Figure 1: Seamless MPLS end-to-end reference network topology. 204 The access network is either single or dual homed to AGN1x, with 205 either a single or multiple parallel links to AGN1x. 207 Seamless MPLS access network topologies can range from a single- or 208 dual-homed access node to a chain or ring of access nodes, and use 209 either static routing or access IGP. The following sections describe 210 reference access topologies in more detail. 212 2.1. Access Topologies with Static Routing 214 In most cases access nodes connect to the rest of the network using 215 very simple topologies. Here static routing is sufficient to provide 216 the required IP connectivity. The following topologies are 217 considered for use with static routing and LDP DoD: 219 a. [I1] topology - a single AN homed to a single AGN. 221 b. [I] topology - multiple ANs daisy-chained to a single AGN. 223 c. [V] topology - a single AN dual-homed to two AGNs. 225 d. [U2] topology - two ANs dual-homed to two AGNs. 227 e. [Y] topology - multiple ANs daisy-chained to two AGNs. 229 The reference static routing and LDP configuration for [V] access 230 topology is shown in Figure 2. The same static routing and LDP 231 configuration also applies to [I1] topology. 233 +----+ +-------+ 234 |AN1 +------------------------+ AGN11 +------- 235 | +-------\ /-----------+ +-\ / 236 +----+ \ / +-------+ \ / 237 \/ \/ 238 /\ /\ 239 +----+ / \ +-------+ / \ 240 |AN2 +-------/ \-----------+ AGN12 +-/ \ 241 | +------------------------+ +------- 242 +----+ +-------+ 244 --(u)-> <-(d)-- 246 <----- static routing -------> <--- ISIS ---> 247 <-- LDP DU --> 248 <--------- LDP DoD ----------> <-- BGP LU --> 250 (u) static routes: 0/0 default, (optional) /32 or /128 destinations 251 (d) static routes: /32 or /128 AN loopbacks 253 Figure 2: [V] access topology with static routes. 255 In line with the Seamless MPLS design, static routes configured on 256 AGN1x and pointing towards the access network are redistributed in 257 either ISIS or BGP labeled unicast (BGP-LU) [RFC3107]. 259 The reference static routing and LDP configuration for [U2] access 260 topology is shown in Figure 3. 262 +----+ +-------+ 263 (d1) |AN1 +------------------------+ AGN11 +------- 264 | | + + +-\ / 265 v +-+--+ +-------+ \ / 266 | \/ 267 | /\ 268 ^ +-+--+ +-------+ / \ 269 | |AN2 + + AGN12 +-/ \ 270 (d2) | +------------------------+ +------- 271 +----+ +-------+ 273 --(u)-> <-(d)-- 275 <------- static routing --------> <--- ISIS ---> 276 <-- LDP DU --> 277 <----------- LDP DoD -----------> <-- BGP LU --> 279 (u) static route 0/0 default (/32 or /128 destinations optional) 280 (d) static route for /32 or /128 AN loopbacks 281 (d1) static route for /32 or /128 AN2 loopback and 0/0 default with lower preference 282 (d2) static route for /32 or /128 AN1 loopback and 0/0 default with lower preference 284 Figure 3: [U2] access topology with static routes. 286 The reference static routing and LDP configuration for [Y] access 287 topology is shown in Figure 4. The same static routing and LDP 288 configuration also applies to [I] topology. 290 +-------+ 291 | |---/ 292 /----+ AGN11 | 293 +----+ +----+ +----+ / | |---\ 294 | | | | | +----/ +-------+ 295 |ANn +...|AN2 +---+AN1 | 296 | | | | | +----\ +-------+ 297 +----+ +----+ +----+ \ | |---/ 298 \----+ AGN12 | 299 <-(d2)-- <-(d1)-- | |---\ 300 --(u)-> --(u)-> --(u)-> +-------+ 301 <-(d)-- 303 <------- static routing -------> <--- ISIS ---> 304 <-- LDP DU --> 305 <---------- LDP DoD -----------> <-- BGP LU --> 307 (u) static routes: 0/0 default, (optional) /32 or /128 destinations 308 (d) static routes: /32 or /128 AN loopbacks [1..n] 309 (d1) static routes: /32 or /128 AN loopbacks [2..n] 310 (d2) static routes: /32 or /128 AN loopbacks [3..n] 312 Figure 4: [Y] access topology with static routes. 314 Note that in all of the above topologies parallel ECMP (or L2 LAG) 315 links can be used between the nodes. 317 ANs support Inter-area LDP [RFC5283] in order to use the IP default 318 route to match the LDP FEC advertised by AGN1x and other ANs. 320 2.2. Access Topologies with Access IGP 322 A dedicated access IGP instance is used in the access network to 323 perform the internal routing between AGN1x and connected AN devices. 324 Example of such IGP could be ISIS, OSPFv2&v3, RIPv2&RIPng. This 325 access IGP instance is distinct from the IGP of the aggegation 326 domain. 328 The following topologies are considered for use with access IGP 329 routing and LDP DoD: 331 a. [U] topology - multiple ANs chained in an open ring and dual- 332 homed to two AGNs. 334 b. [Y] topology - multiple ANs daisy-chained via a hub-AN to two 335 AGNs. 337 The reference access IGP and LDP configuration for [U] access 338 topology is shown in Figure 5. 340 +-------+ 341 +-----+ +-----+ +----+ | +---/ 342 | AN3 |---| AN2 |---|AN1 +-----+ AGN11 | 343 +-----+ +-----+ +----+ | +---\ 344 . +-------+ 345 . 346 . +-------+ 347 +-----+ +-----+ +----+ | +---/ 348 |ANn-2|---|ANn-1|---|ANn +-----+ AGN12 | 349 +-----+ +-----+ +----+ | +---\ 350 +-------+ 352 <---------- access IGP ------------> <--- ISIS ---> 353 <-- LDP DU --> 354 <------------ LDP DoD -------------> <-- BGP LU --> 356 Figure 5: [U] access topology with access IGP. 358 The reference access IGP and LDP configuration for [Y] access 359 topology is shown in Figure 6. 361 +-------+ 362 | |---/ 363 /----+ AGN11 |2 364 +----+ +----+ +----+ / | |---\ 365 | | | | | +----/ +-------+ 366 |ANn +...|AN2 +---+AN1 | 367 | | | | | +----\ +-------+ 368 +----+ +----+ +----+ \ | |---/ 369 \----+ AGN12 | 370 | |---\ 371 +-------+ 373 <---------- access IGP ------------> <--- ISIS ---> 374 <-- LDP DU --> 375 <------------ LDP DoD -------------> <-- BGP LU --> 377 Figure 6: [Y] access topology with access IGP. 379 Note that in all of the above topologies parallel ECMP (or L2 LAG) 380 links can be used between the nodes. 382 In both of the above topologies, ANs (ANn ... AN1) and AGN1x share 383 the access IGP and advertise their IPv4 and IPv6 loopbacks and link 384 addresses. AGN1x advertise a default route into the access IGP. 386 ANs support Inter-area LDP [RFC5283] in order to use the IP default 387 route for matching the LDP FECs advertised by AGN1x or other ANs. 389 3. LDP DoD Use Cases 391 LDP DoD operation is driven by Seamless MPLS use cases. This section 392 illustrates these use cases focusing on services provisioned on the 393 access nodes and clarifies expected LDP DoD operation on the AN and 394 AGN1x devices. Two representative service types are used to 395 illustrate the service use cases: MPLS PWE3 [RFC4447] and BGP/MPLS 396 IPVPN [RFC4364]. 398 Described LDP DoD operations apply equally to all reference access 399 topologies described in Section 2. Operations that are specific to 400 certain access topologies are called out explicitly. 402 References to upstream and downstream nodes are made in line with the 403 definition of upstream and downstream LSR [RFC3031]. 405 This document is focusing on IPv4 LDP DoD procedures. Similar 406 procedures will apply to IPv6 LDP DoD [I-D.ietf-mpls-ldp-ipv6]. 408 3.1. Initial Network Setup 410 An access node is commissioned without any services provisioned on 411 it. The AN may request labels for loopback addresses of any AN, AGN 412 or other nodes within Seamless MPLS network for operational and 413 management purposes. It is assumed that AGN1x has required IP/MPLS 414 configuration for network-side connectivity in line with Seamless 415 MPLS design [I-D.ietf-mpls-seamless-mpls]. 417 LDP sessions are configured between adjacent ANs and AGN1x using 418 their respective loopback addresses. 420 3.1.1. AN with Static Routing 422 If access static routing is used, ANs are provisioned with the 423 following static IP routing entries (topology references from 424 Section 2 are listed in square brackets): 426 a. [I1, V, U2] - Static default route 0/0 pointing to links 427 connected to AGN1x. Requires support for Inter-area LDP 428 [RFC5283]. 430 b. [U2] - Static /32 or /128 routes pointing to the other AN. Lower 431 preference static default route 0/0 pointing to links connected 432 to the other AN. Requires support for Inter-area LDP [RFC5283]. 434 c. [I, Y] - Static default route 0/0 pointing to links leading 435 towards AGN1x. Requires support for Inter-area LDP [RFC5283]. 437 d. [I, Y] - Static /32 or /128 routes to all ANs in the daisy-chain 438 pointing to links towards those ANs. 440 e. [I1, V, U2] - Optional - Static /32 or /128 routes for specific 441 nodes within Seamless MPLS network, pointing to links connected 442 to AGN1x. 444 f. [I, Y] - Optional - Static /32 or /128 routes for specific nodes 445 within the Seamless MPLS network, pointing to links leading 446 towards AGN1x. 448 Upstream AN/AGN1x should request labels over LDP DoD session(s) from 449 downstream AN/AGN1x for configured static routes if those static 450 routes are configured with LDP DoD request policy and if they are 451 pointing to a next-hop selected by routing. It is expected that all 452 configured /32 and /128 static routes to be used for LDP DoD are 453 configured with such policy on AN/AGN1x. 455 Downstream AN/AGN1x should respond to the label request from the 456 upstream AN/AGN1x with a label mapping if requested route is present 457 in its RIB, and there is a valid label binding from its downstream or 458 it is the egress node. In such case downstream AN/AGN1x must install 459 the advertised label as an incoming label in its label table (LIB) 460 and its forwarding table (LFIB). Upstream AN/AGN1x must also install 461 the received label as an outgoing label in their LIB and LFIB. If 462 the downstream AN/AGN1x does have the route present in its RIB, but 463 does not have a valid label binding from its downstream, it should 464 forward the request to its downstream. 466 In order to facilitate ECMP and IPFRR LFA local-repair, the upstream 467 AN/AGN1x must also send LDP DoD label requests to alternate next-hops 468 per its RIB, and install received labels as alternate entries in its 469 LIB and LFIB. 471 AGN1x node on the network side may use BGP labeled unicast [RFC3107] 472 in line with the Seamless MPLS design [I-D.ietf-mpls-seamless-mpls]. 473 In such a case AGN1x will be redistributing its static routes 474 pointing to local ANs into BGP labeled unicast to facilitate network- 475 to-access traffic flows. Likewise, to facilitate access-to-network 476 traffic flows, AGN1x will be responding to access-originated LDP DoD 477 label requests with label mappings based on its BGP labeled unicast 478 reachability for requested FECs. 480 3.1.2. AN with Access IGP 482 If access IGP is used, AN(s) advertise their loopbacks over the 483 access IGP with configured metrics. AGN1x advertise a default route 484 over the access IGP. 486 Routers request labels over LDP DoD session(s) according to their 487 needs for MPLS connectivity (LSPs). In particular if AGNs, as per 488 Seamless MPLS design [I-D.ietf-mpls-seamless-mpls], redistribute 489 routes from the IGP into BGP labeled unicast [RFC3107], they should 490 request labels over LDP DoD session(s) for those routes. 492 Identically to the static route case, downstream AN/AGN1x should 493 respond to the label request from the upstream AN/AGN1x with a label 494 mapping (if the requested route is present in its RIB, and there is a 495 valid label binding from its downstream), and must install the 496 advertised label as an incoming label in its LIB and LFIB. Upstream 497 AN/AGN1x must also install the received label as an outgoing label in 498 their LIB and LFIB. 500 Identically to the static route case, in order to facilitate ECMP and 501 IPFRR LFA local-repair, upstream AN/AGN1x must also send LDP DoD 502 label requests to alternate next-hops per its RIB, and install 503 received labels as alternate entries in its LIB and LFIB. 505 AGN1x node on the network side may use BGP labeled unicast [RFC3107] 506 in line with Seamless MPLS design [I-D.ietf-mpls-seamless-mpls]. In 507 such case AGN1x will be redistributing routes received over the 508 access IGP (and pointing to local ANs), into BGP labeled unicast to 509 facilitate network-to-access traffic flows. Likewise, to facilitate 510 access-to-network traffic flows AGN1x will be responding to access 511 originated LDP DoD label requests with label mappings based on its 512 BGP labeled unicast reachability for requested FECs. 514 3.2. Service Provisioning and Activation 516 Following the initial setup phase described in Section 3.1, a 517 specific access node, referred to as AN*, is provisioned with a 518 network service. AN* relies on LDP DoD to request the required MPLS 519 LSP(s) label(s) from downstream AN/AGN1x node(s). Note that LDP DoD 520 operations are service agnostic, that is, they are the same 521 independently of the services provisioned on the AN*. 523 For illustration purposes two service types are described: MPLS PWE3 524 [RFC4447] service and BGP/MPLS IPVPN [RFC4364]. 526 MPLS PWE3 service - for description simplicity it is assumed that a 527 single segment pseudowire is signaled using targeted LDP FEC128 528 (0x80), and it is provisioned with the pseudowire ID and the loopback 529 IPv4 address of the destination node. The following IP/MPLS 530 operations need to be completed on the AN* to successfully establish 531 such PWE3 service: 533 a. LSP labels for destination /32 FEC (outgoing label) and the local 534 /32 loopback (incoming label) need to be signaled using LDP DoD. 536 b. Targeted LDP session over an associated TCP/IP connection needs 537 to be established to the PWE3 destination PE. This is triggered 538 by either an explicit targeted LDP session configuration on the 539 AN* or automatically at the time of provisioning the PWE3 540 instance. 542 c. Local and remote PWE3 labels for specific FEC128 PW ID need to be 543 signaled using targeted LDP and PWE3 signaling procedures 544 [RFC4447]. 546 d. Upon successful completion of the above operations, AN* programs 547 its RIB/LIB and LFIB tables, and activates the MPLS PWE3 service. 549 Note - only minimum operations applicable to service connectivity 550 have been listed. Other non IP/MPLS connectivity operations that may 551 be required for successful service provisioning and activation are 552 out of scope in this document. 554 BGP/MPLS IPVPN service - for description simplicity it is assumed 555 that AN* is provisioned with a unicast IPv4 IPVPN service (VPNv4 for 556 short) [RFC4364]. The following IP/MPLS operations need to be 557 completed on the AN* to successfully establish VPNv4 service: 559 a. BGP peering sessions with associated TCP/IP connections need to 560 be established with the remote destination VPNv4 PEs or Route 561 Reflectors. 563 b. Based on configured BGP policies, VPNv4 BGP NLRIs need to be 564 exchanged between AN* and its BGP peers. 566 c. Based on configured BGP policies, VPNv4 routes need to be 567 installed in the AN* VRF RIB and FIB, with corresponding BGP 568 next-hops. 570 d. LSP labels for destination BGP next-hop /32 FEC (outgoing label) 571 and the local /32 loopback (incoming label) need to be signaled 572 using LDP DoD. 574 e. Upon successful completion of above operations, AN* programs its 575 RIB/LIB and LFIB tables, and activates the BGP/MPLS IPVPN 576 service. 578 Note - only minimum operations applicable to service connectivity 579 have been listed. Other non IP/MPLS connectivity operations that may 580 be required for successful service provisioning are out of scope in 581 this document. 583 To establish an LSP for destination /32 FEC for any of the above 584 services, AN* looks up its local routing table for a matching route, 585 selects the best next-hop(s) and associated outgoing link(s). 587 If a label for this /32 FEC is not already installed based on the 588 configured static route with LDP DoD request policy or access IGP RIB 589 entry, AN* must send an LDP DoD label mapping request. Downstream 590 AN/AGN1x LSR(s) checks its RIB for presence of the requested /32 and 591 associated valid outgoing label binding, and if both are present, 592 replies with its label for this FEC and installs this label as 593 incoming in its LIB and LFIB. Upon receiving the label mapping the 594 AN* must accept this label based on the exact route match of 595 advertised FEC and route entry in its RIB or based on the longest 596 match in line with Inter-area LDP [RFC5283]. If the AN* accepts the 597 label it must install it as an outgoing label in its LIB and LFIB. 599 In access topologies [V] and [Y], if AN* is dual homed to two AGN1x 600 and routing entries for these AGN1x are configured as equal cost 601 paths, AN* must send LDP DoD label requests to both AGN1x devices and 602 install all received labels in its LIB and LFIB. 604 In order for AN* to implement IPFRR LFA local-repair, AN* must also 605 send LDP DoD label requests to alternate next-hops per its RIB, and 606 install received labels as alternate entries in its LIB and LFIB. 608 When forwarding PWE3 or VPNv4 packets AN* chooses the LSP label based 609 on the locally configured static /32 or default route, or default 610 route signaled via access IGP. If a route is reachable via multiple 611 interfaces to AGN1x nodes and the route has multiple equal cost 612 paths, AN* must implement Equal Cost Multi-Path (ECMP) functionality. 613 This involves AN* using hash-based load-balancing mechanism and 614 sending the PWE3 or VPNv4 packets in a flow-aware manner with 615 appropriate LSP labels via all equal cost links. 617 ECMP mechanism is applicable in an equal manner to parallel links 618 between two network elements and multiple paths towards the 619 destination. The traffic demand is distributed over the available 620 paths. 622 AGN1x node on the network side may use BGP labeled unicast [RFC3107] 623 in line with Seamless MPLS design [I-D.ietf-mpls-seamless-mpls]. In 624 such case AGN1x will be redistributing its static routes (or routes 625 received from the access IGP) pointing to local ANs into BGP labeled 626 unicast to facilitate network-to-access traffic flows. Likewise, to 627 facilitate access-to-network traffic flows AGN1x will be responding 628 to access originated LDP DoD label requests with label mappings based 629 on its BGP labeled unicast reachability for requested FECs. 631 3.3. Service Changes and Decommissioning 633 Whenever AN* service gets decommissioned or changed and connectivity 634 to specific destination is not longer required, the associated MPLS 635 LSP label resources should be released on AN*. 637 MPLS PWE3 service - if the PWE3 service gets decommissioned and it is 638 the last PWE3 to a specific destination node, the targeted LDP 639 session is not longer needed and should be terminated (automatically 640 or by configuration). The MPLS LSP(s) to that destination is no 641 longer needed either. 643 BGP/MPLS IPVPN service - deletion of a specific VPNv4 (VRF) instance, 644 local or remote re-configuration may result in specific BGP next- 645 hop(s) being no longer needed. The MPLS LSP(s) to that destination 646 is no longer needed either. 648 In all of the above cases the following LDP DoD related operations 649 apply: 651 o If the /32 FEC label for the aforementioned destination node was 652 originally requested based on either tLDP session configuration 653 and default route or required BGP next-hop and default route, AN* 654 should delete the label from its LIB and LFIB, and release it from 655 downstream AN/AGN1x by using LDP DoD procedures. 657 o If the /32 FEC label was originally requested based on the static 658 /32 route configuration with LDP DoD request policy, the label 659 must be retained by AN*. 661 3.4. Service Failure 663 A service instance may stop being operational due to a local or 664 remote service failure event. 666 In general, unless the service failure event modifies required MPLS 667 connectivity, there should be no impact on the LDP DoD operation. 669 If the service failure event does modify the required MPLS 670 connectivity, LDP DoD operations apply as described in Section 3.2 671 and Section 3.3. 673 3.5. Network Transport Failure 675 A number of different network events can impact services on AN*. The 676 following sections describe network event types that impact LDP DoD 677 operation on AN and AGN1x nodes. 679 3.5.1. General Notes 681 If service on any of the ANs is affected by any network failure and 682 there is no network redundancy, the service must go into a failure 683 state. When the network failure is recovered from, the service must 684 be re-established automatically. 686 The following additional LDP-related functions should be supported to 687 comply with Seamless MPLS [I-D.ietf-mpls-seamless-mpls] fast service 688 restoration requirements as follows: 690 a. Local-repair - AN and AGN1x should support local-repair for 691 adjacent link or node failure for access-to-network, network-to- 692 access and access-to-access traffic flows. Local-repair should 693 be implemented by using either IPFRR LDP LFA, simple ECMP or 694 primary/backup switchover upon failure detection. 696 b. LDP session protection - LDP sessions should be configured with 697 LDP session protection to avoid delay upon the recovery from link 698 failure. LDP session protection ensures that FEC label binding 699 is maintained in the control plane as long as LDP session stays 700 up. 702 c. IGP-LDP synchronization - If access IGP is used, LDP sessions 703 between ANs, and between ANs and AGN1x, should be configured with 704 IGP-LDP synchronization to avoid unnecessary traffic loss in case 705 the access IGP converged before LDP and there is no LDP label 706 binding to the downstream best next-hop. 708 3.5.2. AN Node Failure 710 AN node fails and all links to adjacent nodes go down. 712 Adjacent AN/AGN1x nodes remove all routes pointing to the failed 713 link(s) from their RIB tables (including /32 loopback belonging to 714 the failed AN and any other routes reachable via the failed AN). 715 This in turn triggers the removal of associated outgoing /32 FEC 716 labels from their LIB and LFIB tables. 718 If access IGP is used, the AN node failure will be propagated via IGP 719 link updates across the access topology. 721 If a specific /32 FEC(s) is not reachable anymore from those AN/ 722 AGN1x, they must also send LDP label withdraw to their upstream LSRs 723 to notify about the failure, and remove the associated incoming 724 label(s) from their LIB and LFIB tables. Upstream LSRs upon 725 receiving label withdraw should remove the signaled labels from their 726 LIB/LFIB tables, and propagate LDP label withdraw across their 727 upstream LDP DoD sessions. 729 In [U] topology there may be an alternative path to routes previously 730 reachable via the failed AN node. In this case adjacent AN/AGN1x 731 should invoke local-repair (IPFRR LFA, ECMP) and switchover to 732 alternate next-hop to reach those routes. 734 AGN1x gets notified about the AN failure via either access IGP (if 735 used) and/or cascaded LDP DoD label withdraw(s). AGN1x must 736 implement all relevant global-repair IP/MPLS procedures to propagate 737 the AN failure towards the core network. This should involve 738 removing associated routes (in access IGP case) and labels from its 739 LIB and LFIB tables, and propagating the failure on the network side 740 using BGP-LU and/or core IGP/LDP-DU procedures. 742 Upon AN coming back up, adjacent AN/AGN1x nodes automatically add 743 routes pointing to recovered links based on the configured static 744 routes or access IGP adjacency and link state updates. This should 745 be then followed by LDP DoD label signaling and subsequent binding 746 and installation of labels in LIB and LFIB tables. 748 3.5.3. AN/AGN Link Failure 750 Depending on the access topology and the failed link location 751 different cases apply to the network operation after AN link failure 752 (topology references from Section 2 in square brackets): 754 a. [all] - link failed, but at least one ECMP parallel link remains 755 - nodes on both sides of the failed link must stop using the 756 failed link immediately (local-repair), and keep using the 757 remaining ECMP parallel links. 759 b. [I1, I, Y] - link failed, and there are no ECMP or alternative 760 links and paths - nodes on both sides of the failed link must 761 remove routes pointing to the failed link immediately from the 762 RIB, remove associated labels from their LIB and LFIB tabels, and 763 must send LDP label withdraw(s) to their upstream LSRs. 765 c. [U2, U, V, Y] - link failed, but at least one ECMP or alternate 766 path remains - AN/AGN1x node must stop using the failed link and 767 immediately switchover (local-repair) to the remaining ECMP path 768 or alternate path. AN/AGN1x must remove affected next-hops and 769 labels from its tables and invoke LDP label withdraw as per point 770 (a) above. If there is an AGN1x node terminating the failed 771 link, it must remove routes pointing to the failed link 772 immediately from the RIB, remove associated labels from their LIB 773 and LFIB tabels, and must propagate the failure on the network 774 side using BGP-LU and/or core IGP procedures. 776 If access IGP is used AN/AGN1x link failure will be propagated via 777 IGP link updates across the access topology. 779 LDP DoD will also propagate the link failure by sending label 780 withdraws to upstream AN/AGN1x nodes, and label release messages 781 downstream AN/AGN1x nodes. 783 3.5.4. AGN Node Failure 785 AGN1x fails and all links to adjacent access nodes go down. 787 Depending on the access topology, following cases apply to the 788 network operation after AGN1x node failure (topology references from 789 Section 2 in square brackets): 791 a. [I1, I] - ANs are isolated from the network - AN adjacent to the 792 failure must remove routes pointing to the failed AGN1x node 793 immediately from the RIB, remove associated labels from their LIB 794 and LFIB tabels, and must send LDP label withdraw(s) to their 795 upstream LSRs. If access IGP is used, an IGP link update should 796 be sent. 798 b. [U2, U, V, Y] - at least one ECMP or alternate path remains - AN 799 adjacent to failed AGN1x must stop using the failed link and 800 immediately switchover (local-repair) to the remaining ECMP path 801 or alternate path. AN must remove affected routes and labels 802 from its tables and invoke LDP label withdraw as per point (a) 803 above. 805 Network side procedures for handling AGN1x node failure have been 806 described in Seamless MPLS [I-D.ietf-mpls-seamless-mpls]. 808 3.5.5. AGN Network-side Reachability Failure 810 AGN1x loses network reachability to a specific destination or set of 811 network-side destinations. 813 In such event AGN1x must send LDP Label Withdraw messages to its 814 upstream ANs, withdrawing labels for all affected /32 FECs. Upon 815 receiving those messages ANs must remove those labels from their LIB 816 and LFIB tables, and use alternative LSPs instead if available as 817 part of global-repair. In turn ANs should also sent Label Withdraw 818 messages for affected /32 FECs to their upstream ANs. 820 If access IGP is used, and AGN1x gets completely isolated from the 821 core network, it should stop advertising the default route 0/0 into 822 the access IGP. 824 4. LDP DoD Procedures 826 Label Distribution Protocol is specified in [RFC5036], and all LDP 827 Downstream-on-Demand implementations MUST follow [RFC5036] 828 specification. 830 In the MPLS architecture [RFC3031], network traffic flows from 831 upstream to downstream LSR. The use cases in this document rely on 832 the downstream assignment of labels, where labels are assigned by the 833 downstream LSR and signaled to the upstream LSR as shown in Figure 7. 835 +----------+ +------------+ 836 | upstream | | downstream | 837 ------+ LSR +------+ LSR +---- 838 traffic | | | | address 839 source +----------+ +------------+ (/32 for IPv4) 840 traffic 841 label distribution for IPv4 FEC destination 842 <------------------------- 844 traffic flow 845 -------------------------> 847 Figure 7: LDP label assignment direction 849 4.1. LDP Label Distribution Control and Retention Modes 851 LDP protocol specification [RFC5036] defines two modes for label 852 distribution control, following the definitions in MPLS architecture 853 [RFC3031]: 855 o Independent mode - an LSR recognizes a particular FEC and makes a 856 decision to bind a label to the FEC independently from 857 distributing that label binding to its label distribution peers. 858 A new FEC is recognized whenever a new route becomes valid on the 859 LSR. 861 o Ordered mode - an LSR needs to bind a label to a particular FEC if 862 it knows how to forward packets for that FEC ( i.e. it has a route 863 corresponding to that FEC ) and if it has already received at 864 least one label request message from an upstream LSR. 866 Using independent label distribution control with LDP DoD and access 867 static routing would prevent the access LSRs from propagating label 868 binding failure along the access topology, making it impossible for 869 upstream LSR to be notified about the downstream failure and for an 870 application using the LSP to switchover to an alternate path, even if 871 such a path exists. 873 LDP protocol specification [RFC5036] defines two modes for label 874 retention, following the definitions in MPLS architecture [RFC3031]: 876 o Conservative mode - If operating in Downstream on Demand mode, an 877 LSR will request label mappings only from the next hop LSR 878 according to routing. The main advantage of the conservative mode 879 is that only the labels that are required for the forwarding of 880 data are allocated and maintained. This is particularly important 881 in LSRs where the label space is inherently limited, such as in an 882 ATM switch. A disadvantage of the conservative mode is that if 883 routing changes the next hop for a given destination, a new label 884 must be obtained from the new next hop before labeled packets can 885 be forwarded. 887 o Liberal mode - When operating in Downstream on Demand mode with 888 Liberal Label retention, an LSR might choose to request label 889 mappings for all known prefixes from all peer LSRs. The main 890 advantage of the Liberal Label retention mode is that reaction to 891 routing changes can be quick because labels already exist. The 892 main disadvantage of the liberal mode is that unneeded label 893 mappings are distributed and maintained. 895 Note that the conservative label retention mode would prevent LSRs 896 from requesting and maintaining label mappings for any backup routes 897 that are not used for forwarding. This in turn would prevent the 898 access LSRs (AN and AGN1x nodes) from implementing any local 899 protection schemes that rely on using alternate next-hops in case of 900 the primary next-hop failure. Such schemes include IPFRR LFA if 901 access IGP is used, or a primary and backup static route 902 configuration. Using LDP DoD in combination with liberal retention 903 mode allows the LSR to request labels for the specific FEC from 904 primary next-hop LSR(s) and the alternate next-hop LSR(s) for this 905 FEC. 907 Note that even though LDP DoD operates in a liberal retention mode, 908 if used with access IGP and if no LFA exists, the LDP DoD will 909 introduce additional delay in traffic restoration as the labels for 910 the new next-hop will get requested only after the access IGP 911 convergence. 913 Adhering to the overall design goals of Seamless MPLS 914 [I-D.ietf-mpls-seamless-mpls], specifically achieving a large network 915 scale without compromising fast service restoration, all access LSRs 916 (AN and AGN1x nodes) MUST use LDP DoD advertisement mode with: 918 o Ordered label distribution control - enables propagation of label 919 binding failure within the access topology. 921 o Liberal label retention - enables pre-programming of alternate 922 next-hops with associated FEC labels. 924 In Seamless MPLS [I-D.ietf-mpls-seamless-mpls] AGN1x node acts as an 925 access ABR connecting access and metro domains. To enable failure 926 propagation between those domains, access ABR MUST implement ordered 927 label distribution control when redistributing routes/FEC between the 928 access-side (using LDP DoD and static or access IGP) and the network- 929 side ( using BGP labeled unicast [RFC3107] or core IGP with LDP 930 Downstream Unsolicited label advertisement. 932 4.2. IPv6 Support 934 Current LDP protocol specification [RFC5036] defines procedures and 935 messages for exchanging FEC-label bindings over IPv4 and/or IPv6 936 networks. However number of IPv6 usage areas are not clearly 937 specified including: packet to LSP mapping for IPv6 destination 938 router, no IPv6 specific LSP identifier, no LDP discovery using IPv6 939 multicast address, separate LSPs for IPv4 and IPv6, and others. 941 All of these issues and more are being addressed by 942 [I-D.ietf-mpls-ldp-ipv6] that will update LDP protocol specification 943 [RFC5036] in respect to the IPv6 usage. For the future deployment, 944 LDP DoD use case and procedures described in this document SHOULD 945 also support IPv6 for transport and services. 947 4.3. LDP DoD Session Negotiation 949 Access LSR/ABR should propose the Downstream-on-Demand label 950 advertisement by setting "A" value to 1 in the Common Session 951 Parameters TLV of the Initialization message. The rules for 952 negotiating the label advertisement mode are specified in LDP 953 protocol specification [RFC5036]. 955 To establish a Downstream-on-Demand session between the two access 956 LSR/ABRs, both should propose the Downstream-on-Demand label 957 advertisement mode in the Initialization message. If the access LSR 958 only supports LDP DoD and the access ABR proposes Downstream 959 Unsolicited mode, the access LSR SHOULD send a Notification message 960 with status "Session Rejected/Parameters Advertisement Mode" and then 961 close the LDP session as specified in LDP protocol specification 962 [RFC5036]. 964 If an access LSR is acting in an active role, it should re-attempt 965 the LDP session immediately. If the access LSR receives the same 966 Downstream Unsolicited mode again, it should follow the exponential 967 backoff algorithm as defined in the LDP protocol specification 968 [RFC5036] with delay of 15 seconds and subsequent delays growing to a 969 maximum delay of 2 minutes. 971 In case a PWE3 service is required between the adjacent access LSR/ 972 ABR, and LDP DoD has been negotiated for IPv4 and IPv6 FECs, the same 973 LDP session should be used for PWE3 FECs. Even if LDP DoD label 974 advertisement has been negotiated for IPv4 and IPv6 LDP FECs as 975 described earlier, LDP session should use Downstream Unsolicited 976 label advertisement for PWE3 FECs as specified in PWE3 LDP [RFC4447]. 978 4.4. Label Request Procedures 980 4.4.1. Access LSR/ABR Label Request 982 Upstream access LSR/ABR will request label bindings from adjacent 983 downstream access LSR/ABR based on the following trigger events: 985 a. Access LSR/ABR is configured with /32 static route with LDP DoD 986 label request policy in line with initial network setup use case 987 described in Section 3.1. 989 b. Access LSR/ABR is configured with a service in line with service 990 use cases described in Section 3.2 and Section 3.3. 992 c. Configuration with access static routes - Access LSR/ABR link to 993 adjacent node comes up and LDP DoD session is established. In 994 this case access LSR should send label request messages for all 995 /32 static routes configured with LDP DoD policy and all /32 996 routes related to provisioned services that are covered by 997 default route. 999 d. Configuration with access IGP - Access LSR/ABR link to adjacent 1000 node comes up and LDP DoD session is established. In this case 1001 access LSR should send label request messages for all /32 routes 1002 learned over the access IGP and all /32 routes related to 1003 provisioned services that are covered by access IGP routes. 1005 e. In all above cases requests MUST be sent to next-hop LSR(s) and 1006 alternate LSR(s). 1008 Downstream access LSR/ABR will respond with label mapping message 1009 with a non-null label if any of the below conditions are met: 1011 a. Downstream access LSR/ABR - requested FEC is an IGP or static 1012 route and there is an LDP label already learnt from the next- 1013 next-hop downstream LSR (by LDP DoD or LDP DU). If there is no 1014 label for the requested FEC and there is an LDP DoD session to 1015 the next-next-hop downstream LSR, downstream LSR MUST send a 1016 label request message for the same FEC to the next-next-hop 1017 downstream LSR. In such case downstream LSR will respond back to 1018 the requesting upstream access LSR only after getting a label 1019 from the next-next-hop downstream LSR peer. 1021 b. Downstream access ABR only - requested FEC is a BGP labelled 1022 unicast route [RFC3107] and this BGP route is the best selected 1023 for this FEC. 1025 Downstream access LSR/ABR may respond with a label mapping with 1026 explicit-null or implicit-null label if it is acting as an egress for 1027 the requested FEC, or it may respond with "No Route" notification if 1028 no route exists. 1030 4.4.2. Label Request Retry 1032 If an access LSR/ABR receives a "No route" Notification in response 1033 to its label request message, it should retry using an exponential 1034 backoff algorithm similar to the backoff algoritm mentioned in the 1035 LDP session negotiation described in Section 4.3. 1037 If there is no response to the sent label request message, the LDP 1038 specification [RFC5036] (section A.1.1, page# 100) states that the 1039 LSR should not send another request for the same label to the peer 1040 and mandates that a duplicate label request is considered a protocol 1041 error and should be dropped by the receiving LSR by sending a 1042 Notification message. 1044 Thus, if there is no response from the downstream peer, the access 1045 LSR/ABR should not send a duplicate label request message again. 1047 If the static route corresponding to the FEC gets deleted or if the 1048 DoD request policy is modified to reject the FEC before receiving the 1049 label mapping message, then the access LSR/ABR should send a Label 1050 Abort message to the downstream LSR. 1052 4.4.3. Label Request with Fast-Up Convergence 1054 In some conditions, the exponential backoff algorithm usage described 1055 in Section 4.4.2 may result in a longer than desired wait time to get 1056 a successful LDP label to route mapping. An example is when a 1057 specific route is unavailable on the downstream LSR when the label 1058 mapping request from the upstream is received, but later comes back. 1059 In such case using the exponential backoff algorithm may result in a 1060 max delay wait time before the upstream LSR sends another LDP label 1061 request. 1063 Fast-up convergence can be addressed with a minor extension to the 1064 LDP DoD procedure, as described in this section. The downstream and 1065 upstream LSRs SHOULD implement this extension if up convergence 1066 improvement is desired. 1068 The extension consists of the upstream LSR indicating to the 1069 downstream LSR that the label request should be queued on the 1070 downstream LSR until the requested route is available. 1072 To implement this behavior, a new Optional Parameter is defined for 1073 use in the Label Request message: 1075 Optional Parameter Length Value 1076 Queue Request TLV 0 see below 1078 0 1 2 3 1079 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1080 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1081 |1|0| Queue Request (0x????) | Length (0x00) | 1082 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1084 U-bit = 1 1085 Unknown TLV bit is set to 1. If this optional TLV is unknown, 1086 it should be ignored without sending "no route" notification. 1087 Ensures backward compatibility. 1089 F-bit = 0 1090 Forward unknown TLV bit is set to 0. The unknown TLV is not 1091 forwarded. 1093 Type 1094 Queue Request Type value to be allocated by IANA. 1096 Length = 0x00 1097 Specifies the length of the Value field in octets. 1099 The operation is as follows. 1101 To benefit from the fast-up convergence improvement, the upstream LSR 1102 sends a Label Request message with a Queue Request TLV. 1104 If the downstream LSR supports the Queue Request TLV, it verifies if 1105 route is available and if so it replies with label mapping as per 1106 existing LDP procedures. 1108 If the route is not available, the downstream LSR queues the request 1109 and replies as soon as the route becomes available. In the meantime, 1110 it does not send a "no route" notification back. When sending a 1111 label request with the Queue Request TLV, the upstream LSR does not 1112 retry the Label Request message if it does not receive a reply from 1113 its downstream peer 1115 If the upstream LSR wants to abort an outstanding label request while 1116 the Label Request is queued in the downstream LSR, the upstream LSR 1117 sends a Label Abort Request message, making the downstream LSR to 1118 remove the original request from the queue and send back a 1119 notification Label Request Aborted [RFC5036]. 1121 If the downstream LSR does not support the Queue Request TLV, it will 1122 silently ignores it, and sends a "no route" notification back. In 1123 this case the upstream LSR invokes the exponential backoff algorithm 1124 described in Section 4.4.2. 1126 This described procedure ensures backward compatitibility. 1128 4.5. Label Withdraw 1130 If an MPLS label on the downstream access LSR/ABR is no longer valid, 1131 the downstream access LSR/ABR withdraws this FEC/label binding from 1132 the upstream access LSR/ABR with the Label Withdraw Message [RFC5036] 1133 with a specified label TLV or with an empty label TLV. 1135 Downstream access LSR/ABR SHOULD withdraw a label for specific FEC in 1136 the following cases: 1138 a. If LDP DoD ingress label is associated with an outgoing label 1139 assigned by BGP labelled unicast route, and this route is 1140 withdrawn. 1142 b. If LDP DoD ingress label is associated with an outgoing label 1143 assigned by LDP (DoD or DU) and the IGP route is withdrawn from 1144 the RIB or downstream LDP session is lost. 1146 c. If LDP DoD ingress label is associated with an outgoing label 1147 assigned by LDP (DoD or DU) and the outgoing label is withdrawn 1148 by the downstream LSR. 1150 d. If LDP DoD ingress label is associated with an outgoing label 1151 assigned by LDP (DoD or DU), route next-hop changed and 1152 * there is no LDP session to the new next-hop. To minimize 1153 probability of this, the access LSR/ABR should implement LDP- 1154 IGP synchronization procedures as specified in [RFC5443]. 1156 * there is an LDP session but no label from downstream LSR. See 1157 note below. 1159 e. If access LSR/ABR is configured with a policy to reject exporting 1160 label mappings to upstream LSR. 1162 The upstream access LSR/ABR responds to the Label Withdraw Message 1163 with the Label Release Message [RFC5036]. 1165 After sending label release message to downstream access LSR/ABR, the 1166 upstream access LSR/ABR should resend label request message, assuming 1167 upstream access LSR/ABR still requires the label. 1169 Downstream access LSR/ABR should withdraw a label if the local route 1170 configuration (e.g. /32 loopback) is deleted. 1172 Note: For any events inducing next hop change, downstream access LSR/ 1173 ABR should attempt to converge the LSP locally before withdrawing the 1174 label from an upstream access LSR/ABR. For example if the next-hop 1175 changes for a particular FEC and if the new next-hop allocates labels 1176 by LDP DoD session, then the downstream access LSR/ABR must send a 1177 label request on the new next-hop session. If downstream access LSR/ 1178 ABR doesn't get label mapping for some duration, then and only then 1179 downstream access LSR/ABR must withdraw the upstream label. 1181 4.6. Label Release 1183 If an access LSR/ABR does not need any longer a label for a FEC, it 1184 sends a Label Release Message [RFC5036] to the downstream access LSR/ 1185 ABR with or without the label TLV. 1187 If upstream access LSR/ABR receives an unsolicited label mapping on 1188 DoD session, they should release the label by sending label release 1189 message. 1191 Access LSR/ABR should send a label release message to the downstream 1192 LSR in the following cases: 1194 a. If it receives a label withdraw from the downstream access LSR/ 1195 ABR. 1197 b. If the /32 static route with LDP DoD label request policy is 1198 deleted. 1200 c. If the service gets decommissioned and there is no corresponding 1201 /32 static route with LDP DoD label request policy configured. 1203 d. If the route next-hop changed, and the label does not point to 1204 the best or alternate next-hop. 1206 e. If it receives a label withdraw from a downstream DoD session. 1208 4.7. Local Repair 1210 To support local-repair with ECMP and IPFRR LFA, access LSR/ABR MUST 1211 request labels on both the best next-hop and the alternate next-hop 1212 LDP DoD sessions, as specified in the label request procedures in 1213 Section 4.4. If remote LFA is enabled, access LSR/ABR needs a label 1214 from its alternate next-hop toward the PQ node and needs a label from 1215 the remote PQ node toward its FEC/destination. If access LSR/ABR 1216 doesn't already know those labels, it MUST request them. 1218 This will enable access LSR/ABR to pre-program the alternate 1219 forwarding path with the alternate label(s), and invoke IPFRR LFA 1220 switch-over procedure if the primary next-hop link fails. 1222 5. IANA Considerations 1224 5.1. LDP TLV TYPE 1226 This document uses a new a new Optional Parameter Queue Request TLV 1227 in the Label Request message defined in Section 4.4.3. IANA already 1228 maintains a registry of name LDP "TLV TYPE NAME SPACE" defined by 1229 RFC5036. The following value is suggested for assignment: 1231 TLV type Description 1232 0x0971 Queue Request TLV 1234 6. Security Considerations 1236 MPLS LDP Downstream on Demand deployment in the access network is 1237 subject to similar security threats as any MPLS LDP deployment. It 1238 is recommended that baseline security measures are considered as 1239 described in the LDP specification [RFC5036] including ensuring 1240 authenticity and integrity of LDP messages, as well as protection 1241 against spoofing and Denial of Service attacks. 1243 Some deployments may require increased measures of network security 1244 if a subset of Access Nodes are placed in locations with lower levels 1245 of physical security e.g. street cabinets (common practice for VDSL 1246 access). In such cases it is the responsibility of the system 1247 designer to take into account the physical security measures 1248 (environmental design, mechanical or electronic access control, 1249 intrusion detection), as well as monitoring and auditing measures 1250 (configuration and Operating System changes, reloads, routes 1251 advertisements). 1253 But even with all this in mind, the designer still should consider 1254 network security risks and adequate measures arising from the lower 1255 level of physical security of those locations. 1257 6.1. Security and LDP DoD 1259 6.1.1. Access to network packet flow direction 1261 An important property of MPLS LDP Downstream on Demand operation is 1262 that the upstream LSR (requesting LSR) accepts only mappings it sent 1263 a request for (in other words the ones it is interested in), and does 1264 not accept any unsolicited label mappings by design. 1266 This limits the potential of an unauthorized third party fiddling 1267 with label mappings operations on the wire. It also enables ABR LSR 1268 to monitor behaviour of any Access LSR in case the latter gets 1269 compromised and attempts to get access to an unauthorized FEC or 1270 remote LSR. Note that ABR LSR is effectively acting as a gateway to 1271 the MPLS network, and any label mapping requests made by any Access 1272 LSR are processed and can be monitored on this ABR LSR. 1274 6.1.2. Network to access packet flow direction 1276 Another important property of MPLS LDP DoD operation in the access is 1277 that the number of access nodes and associated MPLS FECs per ABR LSR 1278 is not large in number, and they are all known at the deployment 1279 time. Hence any changes of the access MPLS FECs can be easily 1280 controlled and monitored on the ABR LSR. 1282 And then, even in the event when Access LSR manages to advertise a 1283 FEC that belongs to another LSR (e.g. in order to 'steal' third party 1284 data flows, or breach a privacy of VPN), such Access LSR will have to 1285 influence the routing decision for affected FEC on the ABR LSR. 1286 Following measures SHOULD be considered to prevent such event from 1287 occurring: 1289 a. ABR LSR - access side with static routes - this is not possible 1290 for Access LSR. Access LSR has no way to influence ABR LSR 1291 routing decisions due to static nature of routing configuration 1292 here. 1294 b. ABR LSR - access side with IGP - this is still not possible if 1295 the compromised Access LSR is a leaf in the access topology (leaf 1296 node in topologies I1, I, V, Y described earlier in this 1297 document), due to the leaf metrics being configured on the ABR 1298 LSR. If the compromised Access LSR is a transit LSR in the 1299 access topology (transit node in topologies I, Y, U), it is 1300 possible for this Access LSR to attract to itself traffic 1301 destined to the nodes upstream from it. However elaborate such 1302 'man in the middle attack' is possible, but can be quickly 1303 detected by upstream Access LSRs not receiving traffic, and 1304 legitimate traffic from them getting dropped. 1306 c. ABR LSR - network side - designer SHOULD consider giving a higher 1307 administrative preference to the labeled unicast BGP routes vs. 1308 access IGP routes. 1310 In summary MPLS in access design with LDP DoD has number of native 1311 properties that prevent number of security attacks and make their 1312 detection quick and straightforward. 1314 Following two sections describe other security considerations 1315 applicable to general MPLS deployments in the access. 1317 6.2. Data Plane Security 1319 Data plane security risks applicable to the access MPLS network are 1320 listed below (a non-exhaustive list): 1322 a. packets from a specific access node flow to an altered transport 1323 layer or service layer destination. 1325 b. packets belonging to undefined services flow to and from the 1326 access network. 1328 c. unlabelled packets destined to remote network nodes. 1330 Following mechanisms should be considered to address listed data 1331 plane security risks: 1333 1. addressing (a) - Access and ABR LSRs SHOULD NOT accept labeled 1334 packets over a particular data link, unless from the Access or 1335 ABR LSR perspective this data link is known to attach to a 1336 trusted system based on employed authentication mechanism(s), and 1337 the top label has been distributed to the upstream neighbour by 1338 the receiving Access or ABR LSR. 1340 2. addressing (a) - ABR LSR MAY restrict network reachability for 1341 access devices to a subset of remote network LSR, based on 1342 authentication or other network security technologies employed 1343 towards Access LSRs. Restricted reachability can be enforced on 1344 the ABR LSR using local routing policies, and can be distributed 1345 towards the core MPLS network using routing policies associated 1346 with access MPLS FECs. 1348 3. addressing (b) - labeled service routes (e.g. MPLS/VPN, tLDP) 1349 are not accepted from unreliable routing peers. Detection of 1350 unreliable routing peers is achieved by engaging routing protocol 1351 detection and alarm mechanisms, and is out of scope of this 1352 document. 1354 4. addressing (a) and (b) - no successful attacks have been mounted 1355 on the control plane and has been detected. 1357 5. addressing (c) - ABR LSR MAY restrict IP network reachability to 1358 and from the access LSR. 1360 6.3. Control Plane Security 1362 Similarly to Inter-AS MPLS/VPN deployments [RFC4364], the data plane 1363 security depends on the security of the control plane. 1365 To ensure control plane security access LDP DoD connections MUST only 1366 be made with LDP peers that are considered trusted from the local LSR 1367 perspective, meaning they are reachable over a data link that is 1368 known to attach to a trusted system based on employed authentication 1369 mechanism(s) on the local LSR. 1371 The TCP/IP MD5 authentication option [RFC5925] should be used with 1372 LDP as described in LDP specification [RFC5036]. If TCP/IP MD5 1373 authentication is considered not secure enough, the designer may 1374 consider using a more elaborate and advanced TCP Authentication 1375 Option (TCP-AO RFC 5925) for LDP session authentication. 1377 Access IGP (if used) and any routing protocols used in access network 1378 for signalling service routes SHOULD also be secured in a similar 1379 manner. 1381 For increased level of authentication in the control plane security 1382 for a subset of access locations with lower physical security, 1383 designer could also consider using: 1385 o different crypto keys for use in authentication procedures for 1386 these locations. 1388 o stricter network protection mechanisms including DoS protection, 1389 interface and session flap dampening. 1391 7. Acknowledgements 1393 The authors would like to thank Nischal Sheth, Nitin Bahadur, Nicolai 1394 Leymann, Geraldine Calvignac, Ina Minei, Eric Gray and Lizhong Jin 1395 for their suggestions and review. 1397 8. References 1399 8.1. Normative References 1401 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1402 Requirement Levels", BCP 14, RFC 2119, March 1997. 1404 [RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP 1405 Specification", RFC 5036, October 2007. 1407 8.2. Informative References 1409 [I-D.ietf-mpls-ldp-ipv6] 1410 Asati, R., Manral, V., Papneja, R., and C. Pignataro, 1411 "Updates to LDP for IPv6", draft-ietf-mpls-ldp-ipv6-07 1412 (work in progress), June 2012. 1414 [I-D.ietf-mpls-seamless-mpls] 1415 Leymann, N., Decraene, B., Filsfils, C., Konstantynowicz, 1416 M., and D. Steinberg, "Seamless MPLS Architecture", 1417 draft-ietf-mpls-seamless-mpls-02 (work in progress), 1418 October 2012. 1420 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 1421 Label Switching Architecture", RFC 3031, January 2001. 1423 [RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in 1424 BGP-4", RFC 3107, May 2001. 1426 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1427 Networks (VPNs)", RFC 4364, February 2006. 1429 [RFC4446] Martini, L., "IANA Allocations for Pseudowire Edge to Edge 1430 Emulation (PWE3)", BCP 116, RFC 4446, April 2006. 1432 [RFC4447] Martini, L., Rosen, E., El-Aawar, N., Smith, T., and G. 1433 Heron, "Pseudowire Setup and Maintenance Using the Label 1434 Distribution Protocol (LDP)", RFC 4447, April 2006. 1436 [RFC5283] Decraene, B., Le Roux, JL., and I. Minei, "LDP Extension 1437 for Inter-Area Label Switched Paths (LSPs)", RFC 5283, 1438 July 2008. 1440 [RFC5443] Jork, M., Atlas, A., and L. Fang, "LDP IGP 1441 Synchronization", RFC 5443, March 2009. 1443 [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP 1444 Authentication Option", RFC 5925, June 2010. 1446 Authors' Addresses 1448 Thomas Beckhaus 1449 Deutsche Telekom AG 1450 Heinrich-Hertz-Strasse 3-7 1451 Darmstadt 64307 1452 Germany 1454 Phone: +49 6151 58 12825 1455 Email: thomas.beckhaus@telekom.de 1457 Bruno Decraene 1458 France Telecom 1459 38-40 rue du General Leclerc 1460 Issy Moulineaux cedex 9 92794 1461 France 1463 Email: bruno.decraene@orange.com 1465 Kishore Tiruveedhula 1466 Juniper Networks 1467 10 Technology Park Drive 1468 Westford, Massachusetts 01886 1469 USA 1471 Phone: 1-(978)-589-8861 1472 Email: kishoret@juniper.net 1474 Maciek Konstantynowicz 1475 Cisco Systems, Inc. 1476 10 New Square Park, Bedfont Lakes 1477 London 1478 United Kingdom 1480 Email: maciek@cisco.com 1481 Luca Martini 1482 Cisco Systems, Inc. 1483 9155 East Nichols Avenue, Suite 400 1484 Englewood, CO 80112 1485 USA 1487 Email: lmartini@cisco.com