idnits 2.17.1 draft-ietf-mpls-lsp-ping-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 5 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 8 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1212 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2004) is 7368 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'IANA' is mentioned on line 1048, but not defined == Unused Reference: 'RSVP' is defined on line 998, but no explicit reference was found in the text == Unused Reference: 'RSVP-REFRESH' is defined on line 1002, but no explicit reference was found in the text == Unused Reference: 'RSVP-TE' is defined on line 1005, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 3036 (ref. 'LDP') (Obsoleted by RFC 5036) Summary: 3 errors (**), 0 flaws (~~), 8 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group K. Kompella (Juniper) 2 Internet Draft P. Pan (Ciena) 3 draft-ietf-mpls-lsp-ping-05.txt N. Sheth (Juniper) 4 Category: Standards Track D. Cooper (Global Crossing) 5 Expires: August 2004 G. Swallow (Cisco) 6 S. Wadhwa (Juniper) 7 R. Bonica (WorldCom) 8 February 2004 10 Detecting MPLS Data Plane Failures 12 14 Status of this Memo 16 This document is an Internet-Draft and is in full conformance with 17 all provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as ``work in progress.'' 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 Copyright Notice 37 Copyright (C) The Internet Society (2004). All Rights Reserved. 39 Abstract 41 This document describes a simple and efficient mechanism that can be 42 used to detect data plane failures in Multi-Protocol Label Switching 43 (MPLS) Label Switched Paths (LSPs). There are two parts to this 44 document: information carried in an MPLS "echo request" and "echo 45 reply" for the purposes of fault detection and isolation; and 46 mechanisms for reliably sending the echo reply. 48 Changes since last revision 50 (This section to be removed before publication.) 52 *** Changed the format of an L2 circuit ID FEC. Added a sender's PE 53 address field to uniquely identify the VC ID *** 55 Further clarified that an MPLS echo request/reply can be either an 56 IPv4 or an IPv6 packet. 58 Added format pictures for LDP IPv4/IPv6 prefixes. 60 Clarified the section on Receiving an MPLS Echo Request. 62 Issues 64 (This section to be removed before publication.) 66 Need to address issues with pinging L3VPN FECs. 68 Need to add new FEC type for "type 129" L2 circuits. 70 1. Introduction 72 This document describes a simple and efficient mechanism that can be 73 used to detect data plane failures in MPLS LSPs. There are two parts 74 to this document: information carried in an MPLS "echo request" and 75 "echo reply"; and mechanisms for transporting the echo reply. The 76 first part aims at providing enough information to check correct 77 operation of the data plane, as well as a mechanism to verify the 78 data plane against the control plane, and thereby localize faults. 79 The second part suggests two methods of reliable reply channels for 80 the echo request message, for more robust fault isolation. 82 An important consideration in this design is that MPLS echo requests 83 follow the same data path that normal MPLS packets would traverse. 85 MPLS echo requests are meant primarily to validate the data plane, 86 and secondarily to verify the data plane against the control plane. 87 Mechanisms to check the control plane are valuable, but are not 88 covered in this document. 90 To avoid potential Denial of Service attacks, it is recommended to 91 regulate the MPLS ping traffic going to the control plane. A rate 92 limiter should be applied to the well-known UDP port defined below. 94 1.1. Conventions 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 98 document are to be interpreted as described in RFC 2119 [KEYWORDS]. 100 1.2. Structure of this document 102 The body of this memo contains four main parts: motivation, MPLS echo 103 request/reply packet format, MPLS ping operation, and a reliable 104 return path. It is suggested that first-time readers skip the actual 105 packet formats and read the Theory of Operation first; the document 106 is structured the way it is to avoid forward references. 108 The last section (reliable return path for RSVP LSPs) may be removed 109 in a future revision. 111 2. Motivation 113 When an LSP fails to deliver user traffic, the failure cannot always 114 be detected by the MPLS control plane. There is a need to provide a 115 tool that would enable users to detect such traffic "black holes" or 116 misrouting within a reasonable period of time; and a mechanism to 117 isolate faults. 119 In this document, we describe a mechanism that accomplishes these 120 goals. This mechanism is modeled after the ping/traceroute paradigm: 121 ping (ICMP echo request [ICMP]) is used for connectivity checks, and 122 traceroute is used for hop-by-hop fault localization as well as path 123 tracing. This document specifies a "ping mode" and a "traceroute" 124 mode for testing MPLS LSPs. 126 The basic idea is to test that packets that belong to a particular 127 Forwarding Equivalence Class (FEC) actually end their MPLS path on an 128 LSR that is an egress for that FEC. This document proposes that this 129 test be carried out by sending a packet (called an "MPLS echo 130 request") along the same data path as other packets belonging to this 131 FEC. An MPLS echo request also carries information about the FEC 132 whose MPLS path is being verified. This echo request is forwarded 133 just like any other packet belonging to that FEC. In "ping" mode 134 (basic connectivity check), the packet should reach the end of the 135 path, at which point it is sent to the control plane of the egress 136 LSR, which then verifies that it is indeed an egress for the FEC. In 137 "traceroute" mode (fault isolation), the packet is sent to the 138 control plane of each transit LSR, which performs various checks that 139 it is indeed a transit LSR for this path; this LSR also returns 140 further information that helps check the control plane against the 141 data plane, i.e., that forwarding matches what the routing protocols 142 determined as the path. 144 One way these tools can be used is to periodically ping a FEC to 145 ensure connectivity. If the ping fails, one can then initiate a 146 traceroute to determine where the fault lies. One can also 147 periodically traceroute FECs to verify that forwarding matches the 148 control plane; however, this places a greater burden on transit LSRs 149 and thus should be used with caution. 151 3. Packet Format 153 An MPLS echo request is a (possibly labelled) IPv4 or IPv6 UDP 154 packet; the contents of the UDP packet have the following format: 156 0 1 2 3 157 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 | Version Number | Must Be Zero | 160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 | Message Type | Reply mode | Return Code | Return Subcode| 162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 | Sender's Handle | 164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 | Sequence Number | 166 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 | TimeStamp Sent (seconds) | 168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 | TimeStamp Sent (microseconds) | 170 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 | TimeStamp Received (seconds) | 172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 | TimeStamp Received (microseconds) | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 | TLVs ... | 176 . . 177 . . 178 . . 180 | | 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 The Version Number is currently 1. (Note: the Version Number is to 184 be incremented whenever a change is made that affects the ability of 185 an implementation to correctly parse or process an MPLS echo 186 request/reply. These changes include any syntactic or semantic 187 changes made to any of the fixed fields, or to any TLV or sub-TLV 188 assignment or format that is defined at a certain version number. 189 The Version Number may not need to be changed if an optional TLV or 190 sub-TLV is added.) 192 The Message Type is one of the following: 194 Value Meaning 195 ----- ------- 196 1 MPLS Echo Request 197 2 MPLS Echo Reply 199 The Reply Mode can take one of the following values: 201 Value Meaning 202 ----- ------- 203 1 Do not reply 204 2 Reply via an IPv4/IPv6 UDP packet 205 3 Reply via an IPv4/IPv6 UDP packet with Router Alert 206 4 Reply via application level control channel 208 An MPLS echo request with "Do not reply" may be used for one-way 209 connectivity tests; the receiving router may log gaps in the sequence 210 numbers and/or maintain delay/jitter statistics. An MPLS echo 211 request would normally have "Reply via an IPv4/IPv6 UDP packet"; if 212 the normal IP return path is deemed unreliable, one may use "Reply 213 via an IPv4/IPv6 UDP packet with Router Alert" (note that this 214 requires that all intermediate routers understand and know how to 215 forward MPLS echo replies). The echo reply uses the same IP version 216 number as the received echo request, i.e., an IPv4 encapsulated echo 217 reply is sent in response to an IPv4 encapsulated echo request. 219 Any application which supports an IP control channel between its 220 control entities may set the Reply Mode to 4 to ensure that replies 221 use that same channel. Further definition of this codepoint is 222 application specific and thus beyond the scope of this docuemnt. 224 Return Codes and Subcodes are described in the next section. 226 The Sender's Handle is filled in by the sender, and returned 227 unchanged by the receiver in the echo reply (if any). There are no 228 semantics associated with this handle, although a sender may find 229 this useful for matching up requests with replies. 231 The Sequence Number is assigned by the sender of the MPLS echo 232 request, and can be (for example) used to detect missed replies. 234 The TimeStamp Sent is the time-of-day (in seconds and microseconds, 235 wrt the sender's clock) when the MPLS echo request is sent. The 236 TimeStamp Received in an echo reply is the time-of-day (wrt the 237 receiver's clock) that the corresponding echo request was received. 239 TLVs (Type-Length-Value tuples) have the following format: 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type | Length | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Value | 247 . . 248 . . 249 . . 250 | | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 Types are defined below; Length is the length of the Value field in 254 octets. The Value field depends on the Type; it is zero padded to 255 align to a four-octet boundary. 257 Type # Value Field 258 ------ ----------- 259 1 Target FEC Stack 260 2 Downstream Mapping 261 3 Pad 262 4 Error Code 263 5 Vendor Enterprise Code 265 3.1. Return Codes 267 The Return Code is set to zero by the sender. The receiver can set 268 it to one of the values listed below. The notation refers to 269 the Return Subcode. This field is filled in with the stack-depth for 270 those codes which specify that. For all other codes the Return 271 Subcode MUST be set to zero. 273 Value Meaning 274 ----- ------- 275 0 No return code or return code contained in the Error 276 Code TLV 278 1 Malformed echo request received 280 2 One or more of the TLVs was not understood 282 3 Replying router is an egress for the FEC at stack 283 depth 285 4 Replying router has no mapping for the FEC at stack 286 depth 288 5 Reserved 290 6 Reserved 292 7 Reserved 294 8 Label switched at stack-depth 296 9 Label switched but no MPLS forwarding at stack-depth 297 299 10 Mapping for this FEC is not the given label at stack 300 depth 302 11 No label entry at stack-depth 304 12 Protocol not associated with interface at FEC stack 305 depth 307 3.2. Target FEC Stack 309 A Target FEC Stack is a list of sub-TLVs. The number of elements is 310 determined by the looking at the sub-TLV length fields. 312 Sub-Type # Length Value Field 313 ---------- ------ ----------- 314 1 5 LDP IPv4 prefix 315 2 17 LDP IPv6 prefix 316 3 20 RSVP IPv4 Session Query 317 4 56 RSVP IPv6 Session Query 318 5 Reserved; see Appendix 319 6 13 VPN IPv4 prefix 320 7 25 VPN IPv6 prefix 321 8 14 L2 VPN endpoint 322 9 10 L2 circuit ID 324 Other FEC Types will be defined as needed. 326 Note that this TLV defines a stack of FECs, the first FEC element 327 corresponding to the top of the label stack, etc. 329 An MPLS echo request MUST have a Target FEC Stack that describes the 330 FEC stack being tested. For example, if an LSR X has an LDP mapping 331 for 192.168.1.1 (say label 1001), then to verify that label 1001 does 332 indeed reach an egress LSR that announced this prefix via LDP, X can 333 send an MPLS echo request with a FEC Stack TLV with one FEC in it, 334 namely of type LDP IPv4 prefix, with prefix 192.168.1.1/32, and send 335 the echo request with a label of 1001. 337 Say LSR X wanted to verify that a label stack of <1001, 23456> is the 338 right label stack to use to reach a VPN IPv4 prefix of 10/8 in VPN 339 foo. Say further that LSR Y with loopback address 192.168.1.1 340 announced prefix 10/8 with Route Distinguisher RD-foo-Y (which may in 341 general be different from the Route Distinguisher that LSR X uses in 342 its own advertisements for VPN foo), label 23456 and BGP nexthop 343 192.168.1.1. Finally, suppose that LSR X receives a label binding of 344 1001 for 192.168.1.1 via LDP. X has two choices in sending an MPLS 345 echo request: X can send an MPLS echo request with a FEC Stack TLV 346 with a single FEC of type VPN IPv4 prefix with a prefix of 10/8 and a 347 Route Distinguisher of RD-foo-Y. Alternatively, X can send a FEC 348 Stack TLV with two FECs, the first of type LDP IPv4 with a prefix of 349 192.168.1.1/32 and the second of type of IP VPN with a prefix 10/8 350 with Route Distinguisher of RD-foo-Y. In either case, the MPLS echo 351 request would have a label stack of <1001, 23456>. (Note: in this 352 example, 1001 is the "outer" label and 23456 is the "inner" label.) 354 3.2.1. LDP IPv4 Prefix 356 The value consists of four octets of an IPv4 prefix followed by one 357 octet of prefix length in bits; the format is given below. The IPv4 358 prefix is in network byte order; if the prefix is shorter than 32 359 bits, trailing bits SHOULD be set to zero. See [LDP] for an example 360 of a Mapping for an IPv4 FEC. 362 0 1 2 3 363 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 | IPv4 prefix | 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 | Prefix Length | Must Be Zero | 368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 370 3.2.2. LDP IPv6 Prefix 372 The value consists of sixteen octets of an IPv6 prefix followed by 373 one octet of prefix length in bits; the format is given below. The 374 IPv6 prefix is in network byte order; if the prefix is shorter than 375 128 bits, the trailing bits SHOULD be set to zero. See [LDP] for an 376 example of a Mapping for an IPv6 FEC. 378 0 1 2 3 379 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 381 | IPv6 prefix | 382 | (16 octets) | 383 | | 384 | | 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 386 | Prefix Length | Must Be Zero | 387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 3.2.3. RSVP IPv4 Session 391 The value has the format below. The value fields are taken from 392 [RFC3209, sections 4.6.1.1 and 4.6.2.1]. 394 0 1 2 3 395 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 | IPv4 tunnel end point address | 398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 | Must Be Zero | Tunnel ID | 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 | Extended Tunnel ID | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 | IPv4 tunnel sender address | 404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 | Must Be Zero | LSP ID | 406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 408 3.2.4. RSVP IPv6 Session 410 The value has the format below. The value fields are taken from 411 [RFC3209, sections 4.6.1.2 and 4.6.2.2]. 413 0 1 2 3 414 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 415 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 416 | IPv6 tunnel end point address | 417 | | 418 | | 419 | | 420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 421 | Must Be Zero | Tunnel ID | 422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 423 | Extended Tunnel ID | 424 | | 425 | | 426 | | 427 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 428 | IPv6 tunnel sender address | 429 | | 430 | | 431 | | 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 | Must Be Zero | LSP ID | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 436 3.2.5. VPN IPv4 Prefix 438 The value field consists of the Route Distinguisher advertised with 439 the VPN IPv4 prefix, the IPv4 prefix and a prefix length, as follows: 441 0 1 2 3 442 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 444 | Route Distinguisher | 445 | (8 octets) | 446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 447 | IPv4 prefix | 448 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 449 | Prefix Length | Must Be Zero | 450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 452 3.2.6. VPN IPv6 Prefix 454 The value field consists of the Route Distinguisher advertised with 455 the VPN IPv6 prefix, the IPv6 prefix and a prefix length, as follows: 457 0 1 2 3 458 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | Route Distinguisher | 461 | (8 octets) | 462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 463 | IPv6 prefix | 464 | | 465 | | 466 | | 467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 | Prefix Length | Must Be Zero | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 471 3.2.7. L2 VPN Endpoint 473 The value field consists of a Route Distinguisher (8 octets), the 474 sender (of the ping)'s CE ID (2 octets), the receiver's CE ID (2 475 octets), and an encapsulation type (2 octets), formatted as follows: 477 0 1 2 3 478 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 479 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 | Route Distinguisher | 481 | (8 octets) | 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 | Sender's CE ID | Receiver's CE ID | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | Encapsulation Type | Must Be Zero | 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 488 3.2.8. L2 Circuit ID 490 The value field consists of the sender's PE address (the source 491 address of the targetted LDP session), the remote PE address (the 492 destination address of the targetted LDP session), a VC ID and an 493 encapsulation type, as follows: 495 0 1 2 3 496 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 498 | Sender's PE Address | 499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 500 | Remote PE Address | 501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 502 | VC ID | 503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 504 | Encapsulation Type | Must Be Zero | 505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 507 3.3. Downstream Mapping 509 The Downstream Mapping object is an optional TLV. Only one 510 Downstream Mapping request may appear in and echo request. The 511 presence of a Downstream Mapping object is a request that Downstream 512 Mapping objects be included in the echo reply. If the replying 513 router is the destination of the FEC, then a Downstream Mapping TLV 514 SHOULD NOT be included in the echo reply. Otherwise Downstream 515 Mapping objects SHOULD include a Downstream Mapping object for each 516 interface over which this FEC could be forwarded. 518 The Length is 16 + M + 4*N octets, where M is the Multipath Length, 519 and N is the number of Downstream Labels. The Value field of a 520 Downstream Mapping has the following format: 522 0 1 2 3 523 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 524 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 525 | MTU | Address Type | Resvd (SBZ) | 526 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 | Downstream IP Address (4 or 16 octets) | 528 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 529 | Downstream Interface Address (4 or 16 octets) | 530 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 531 | Hash Key Type | Depth Limit | Multipath Length | 532 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 533 . . 534 . (Multipath Information) . 535 . . 536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 537 | Downstream Label | Protocol | 538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 . . 540 . . 541 . . 542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 | Downstream Label | Protocol | 544 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 Maximum Transmission Unit (MTU) 548 The MTU is the largest MPLS frame (including label stack) that 549 fits on the interface to the Downstream LSR. 551 Address Type 553 The Address Type indicates if the interface is numbered or 554 unnumbered and is set to one of the following values: 556 Type # Address Type 557 ------ ------------ 558 1 IPv4 559 2 Unnumbered 560 3 IPv6 562 The field marked SBZ SHOULD be set to zero when sending and 563 SHOULD be ignored on receipt. 565 Downstream IP Address and Downstream Interface Address 567 If the interface to the downstream LSR is numbered, then the 568 Address Type MUST be set to IPv4 or IPv6, the Downstream IP 569 Address MUST be set to either the downstream LSR's Router ID or 570 the interface address of the downstream LSR, and the Downstream 571 Interface Address MUST be set to the downstream LSR's interface 572 address. 574 If the interface to the downstream LSR is unnumbered, the Address 575 Type MUST be Unnumbered, the Downstream IP Address MUST be the 576 downstream LSR's Router ID (4 octets), and the Downstream 577 Interface Address MUST be set to the index assigned by the 578 upstream LSR to the interface. 580 Multipath Length 582 The length in octets of the Multipath Information. 584 Downstream Label(s) 586 The set of labels in the label stack as it would have appeared if 587 this router were forwarding the packet through this interface. 588 Any Implicit Null labels are explicitly inluded. Labels are 589 treated as numbers, i.e. they are right justified in the field. 591 Protocol 593 The Protocol is taken from the following table: 595 Protocol # Signaling Protocol 596 ---------- ------------------ 597 0 Unknown 598 1 Static 599 2 BGP 600 3 LDP 601 4 RSVP-TE 602 5 Reserved; see Appendix 604 The notion of "downstream router" and "downstream interface" 605 should be explained. Consider an LSR X. If a packet that was 606 originated with TTL n>1 arrived with outermost label L at LSR X, 607 X must be able to compute which LSRs could receive the packet if 608 it was originated with TTL=n+1, over which interface the request 609 would arrive and what label stack those LSRs would see. (It is 610 outside the scope of this document to specify how this 611 computation is done.) The set of these LSRs/interfaces are the 612 downstream routers/interfaces (and their corresponding labels) 613 for X with respect to L. Each pair of downstream router and 614 interface requires a separate Downstream Mapping to be added to 615 the reply. (Note that there are multiple Downstream Label fields 616 in each TLV as the incoming label L may be swapped with a label 617 stack.) 619 The case where X is the LSR originating the echo request is a 620 special case. X needs to figure out what LSRs would receive the 621 MPLS echo request for a given FEC Stack that X originates with 622 TTL=1. 624 The set of downstream routers at X may be alternative paths (see 625 the discussion below on ECMP) or simultaneous paths (e.g., for 626 MPLS multicast). In the former case, the Multipath sub-field is 627 used as a hint to the sender as to how it may influence the 628 choice of these alternatives. The "No of Multipaths" is the 629 number of IP Address/Next Label fields. The Hash Key Type is 630 taken from the following table: 632 Key Type Multipath Information 633 --- ---------------- --------------------- 634 0 no multipath (empty; M = 0) 635 1 label labels 636 2 IP address IP addresses 637 3 label range low/high label pairs 638 4 IP address range low/high address pairs 639 5 no more labels (empty; M = 0) 640 6 All IP addresses (empty; M = 0) 641 7 no match (empty; M = 0) 642 8 Bit-masked IPv4 IP address prefix and bit mask 643 address set 644 9 Bit-masked label set Label prefix and bit mask 646 Type 0 indicates that all packets will be forwarded out this one 647 interface. 649 Types 1, 2, 3, 4, 8 and 9 specify that the supplied Multipath 650 Information will serve to execise this path. 652 Types 5 and 6 are TBD. 654 Type 7 indicates that no matches are possible given the Multipath 655 Information in the received DS mapping information. 657 Depth Limit 658 The Depth Limit is applicable only to a label stack, and is the 659 maximum number of labels considered in the hash; this SHOULD be 660 set to zero if unspecified or unlimited. 662 Multipath Information 664 The multipath information encodes labels or addresses which will 665 exercise this path. The multipath informaiton depends on the 666 hash key type. The contents of the field are shown in the table 667 above. IP addresses are drawn from the range 127/8. Labels are 668 treated as numbers, i.e. they are right justified in the field. 669 Label and Address pairs MUST NOT overlap and MUST be in ascending 670 sequence. 672 Hash key 8 allows a denser encoding of IP address. The IPv4 673 prefix is formatted as a base IPv4 address with the non-prefix 674 low order bits set to zero. The maximum prefix length is 27. 675 Following the prefix is a mask of length 2^(32-prefix length) 676 bits. Each bit set to one represents a valid address. The 677 address is the base IPv4 address plus the position of the bit in 678 the mask where the bits are numbered left to right begining with 679 zero. 681 Hash key 9 allows a denser encoding of Labels. The label prefix 682 is formatted as a base label value with the non-prefix low order 683 bits set to zero. The maximum prefix (including leading zeros 684 due to encoding) length is 27. Following the prefix is a mask of 685 length 2^(32-prefix length) bits. Each bit set to one represents 686 a valid Label. The label is the base label plus the position of 687 the bit in the mask where the bits are numbered left to right 688 begining with zero. 690 If the received DS mapping information is non-null the labels and 691 IP addresses MUST be picked from the set provided or the Hash Key 692 Type MUST be set to 7. 694 For example, suppose LSR X at hop 10 has two downstream LSRs Y 695 and Z for the FEC in question. X could return Hash Key Type 4, 696 with low/high IP addresses of 1.1.1.1->1.1.1.255 for downstream 697 LSR Y and 2.1.1.1->2.1.1.255 for downstream LSR Z. The head end 698 reflects this information to LSR Y. Y, which has three 699 downstream LSRs U, V and W, computes that 1.1.1.1->1.1.1.127 700 would go to U and 1.1.1.128-> 1.1.1.255 would go to V. Y would 701 then respond with 3 Downstream Mappings: to U, with Hash Key Type 702 4 (1.1.1.1->1.1.1.127); to V, with Hash Key Type 4 703 (1.1.1.127->1.1.1.255); and to W, with Hash Key Type 7. 705 3.4. Pad TLV 707 The value part of the Pad TLV contains a variable number (>= 1) of 708 octets. The first octet takes values from the following table; all 709 the other octets (if any) are ignored. The receiver SHOULD verify 710 that the TLV is received in its entirety, but otherwise ignores the 711 contents of this TLV, apart from the first octet. 713 Value Meaning 714 ----- ------- 715 1 Drop Pad TLV from reply 716 2 Copy Pad TLV to reply 717 3-255 Reserved for future use 719 3.5. Error Code 721 The Error Code TLV is currently not defined; its purpose is to 722 provide a mechanism for a more elaborate error reporting structure, 723 should the reason arise. 725 3.6. Vendor Enterprise Code 727 The Length is always 4; the value is the SMI Enterprise code, in 728 network octet order, of the vendor with a Vendor Private extension to 729 any of the fields in the fixed part of the message, in which case 730 this TLV MUST be present. If none of the fields in the fixed part of 731 the message have vendor private extensions, this TLV is OPTIONAL. 733 4. Theory of Operation 735 An MPLS echo request is used to test a particular LSP. The LSP to be 736 tested is identified by the "FEC Stack"; for example, if the LSP was 737 set up via LDP, and is to an egress IP address of 10.1.1.1, the FEC 738 stack contains a single element, namely, an LDP IPv4 prefix sub-TLV 739 with value 10.1.1.1/32. If the LSP being tested is an RSVP LSP, the 740 FEC stack consists of a single element that captures the RSVP Session 741 and Sender Template which uniquely identifies the LSP. 743 FEC stacks can be more complex. For example, one may wish to test a 744 VPN IPv4 prefix of 10.1/8 that is tunneled over an LDP LSP with 745 egress 10.10.1.1. The FEC stack would then contain two sub-TLVs, the 746 first being a VPN IPv4 prefix, and the second being an LDP IPv4 747 prefix. If the underlying (LDP) tunnel were not known, or was 748 considered irrelevant, the FEC stack could be a single element with 749 just the VPN IPv4 sub-TLV. 751 When an MPLS echo request is received, the receiver is expected to do 752 a number of tests that verify that the control plane and data plane 753 are both healthy (for the FEC stack being pinged), and that the two 754 planes are in sync. 756 4.1. Dealing with Equal-Cost Multi-Path (ECMP) 758 LSPs need not be simple point-to-point tunnels. Frequently, a single 759 LSP may originate at several ingresses, and terminate at several 760 egresses; this is very common with LDP LSPs. LSPs for a given FEC 761 may also have multiple "next hops" at transit LSRs. At an ingress, 762 there may also be several different LSPs to choose from to get to the 763 desired endpoint. Finally, LSPs may have backup paths, detour paths 764 and other alternative paths to take should the primary LSP go down. 766 To deal with the last two first: it is assumed that the LSR sourcing 767 MPLS echo requests can force the echo request into any desired LSP, 768 so choosing among multiple LSPs at the ingress is not an issue. The 769 problem of probing the various flavors of backup paths that will 770 typically not be used for forwarding data unless the primary LSP is 771 down will not be addressed here. 773 Since the actual LSP and path that a given packet may take may not be 774 known a priori, it is useful if MPLS echo requests can exercise all 775 possible paths. This, while desirable, may not be practical, because 776 the algorithms that a given LSR uses to distribute packets over 777 alternative paths may be proprietary. 779 To achieve some degree of coverage of alternate paths, there is a 780 certain lattitude in choosing the destination IP address and source 781 UDP port for an MPLS echo request. This is clearly not sufficient; 782 in the case of traceroute, more lattitude is offered by means of the 783 "Multipath Exercise" sub-TLV of the Downstream Mapping TLV. This is 784 used as follows. An ingress LSR periodically sends an MPLS 785 traceroute message to determine whether there are multipaths for a 786 given LSP. If so, each hop will provide some information how each of 787 its downstreams can be exercised. The ingress can then send MPLS 788 echo requests that exercise these paths. If several transit LSRs 789 have ECMP, the ingress may attempt to compose these to exercise all 790 possible paths. However, full coverage may not be possible. 792 4.2. Sending an MPLS Echo Request 794 An MPLS echo request is a (possibly) labelled UDP packet. The IP 795 header is set as follows: the source IP address is a routable address 796 of the sender; the destination IP address is a (randomly chosen) 797 address from 127/8; the IP TTL is set to 1. The source UDP port is 798 chosen by the sender; the destination UDP port is set to 3503 799 (assigned by IANA for MPLS echo requests). The Router Alert option 800 is set in the IP header. 802 If the echo request is labelled, one may (depending on what is being 803 pinged) set the TTL of the innermost label to 1, to prevent the ping 804 request going farther than it should. Examples of this include 805 pinging a VPN IPv4 or IPv6 prefix, an L2 VPN end point or an L2 806 circuit ID. This can also be accomplished by inserting a router 807 alert label above this label; however, this may lead to the undesired 808 side effect that MPLS echo requests take a different data path than 809 actual data. 811 In "ping" mode (end-to-end connectivity check), the TTL in the 812 outermost label is set to 255. In "traceroute" mode (fault isolation 813 mode), the TTL is set successively to 1, 2, .... 815 The sender chooses a Sender's Handle, and a Sequence Number. When 816 sending subsequent MPLS echo requests, the sender SHOULD increment 817 the sequence number by 1. However, a sender MAY choose to send a 818 group of echo requests with the same sequence number to improve the 819 chance of arrival of at least one packet with that sequence number. 821 The TimeStamp Sent is set to the time-of-day (in seconds and 822 microseconds) that the echo request is sent. The TimeStamp Received 823 is set to zero. 825 An MPLS echo request MUST have a FEC Stack TLV. Also, the Reply Mode 826 must be set to the desired reply mode; the Return Code and Subcode 827 are set to zero. 829 In the "traceroute" mode, the echo request SHOULD contain one or more 830 Downstream Mapping TLVs. For TTL=1, all the downstream routers (and 831 corresponding labels) for the sender with respect to the FEC Stack 832 being pinged SHOULD be sent in the echo request. For n>1, the 833 Downstream Mapping TLVs from the echo reply for TTL=(n-1) are copied 834 to the echo request with TTL=n; the sender MAY choose to reduce the 835 size of a "Downstream Multipath Mapping TLV" when copying into the 836 next echo request as long as the Hash Key Type matching the label or 837 IP address used to exercise the current MP is still present. 839 4.3. Receiving an MPLS Echo Request 841 An LSR X that receives an MPLS echo request first parses the packet 842 to ensure that it is a well-formed packet, and that the TLVs that are 843 not marked "Ignore" are understood. If not, X SHOULD send an MPLS 844 echo reply with the Return Code set to "Malformed echo request 845 received" or "TLV not understood" (as appropriate), and the Subcode 846 set to zero. In the latter case, the misunderstood TLVs (only) are 847 included in the reply. 849 If the echo request is good, X notes the interface I over which the 850 echo was received, and the label stack with which it came. 852 X matches up the labels in the received label stack with the FECs 853 contained in the FEC stack. The matching is done beginning at the 854 bottom of both stacks, and working up. For reporting purposes the 855 bottom of stack is consided to be stack-depth of 1. This is to 856 establish an absolute reference for the case where the stack may have 857 more labels than are in the FEC stack. 859 If there are more FECs than labels, the extra FECs are assumed to 860 correspond to Implicit Null Labels. Thus for the processing below, 861 there is never the case where there is a FEC with no corresponding 862 label. Further the label operation associated with an assumed Null 863 Label is 'pop and continue processing'. 865 Note: in all the error codes listed in this draft a stack-depth of 0 866 means "no value specified". This allows compatibility with existing 867 implementations which do not use the Return Subcode field. 869 X sets a variable, call it current-stack-depth, to the number of 870 labels in the received label stack. Processing now continues with 871 the following steps: 873 1. Check if there is a FEC corresponding to the current-stack- 874 depth. If there is, go to step 2. If not, check if the label is 875 valid on interface I. If it is, continue with step 4. Otherwise 876 X MUST send an MPLS echo reply with a Return Code 11, "No label 877 entry at stack-depth" and a Return Subcode set to current-stack- 878 depth. 880 2. Check the FEC at the current-stack-depth to determine what 881 protocol would be used to advertise it. If it can determine that 882 no protocol associated with interface I, would have advertised a 883 FEC of that FEC-Type, X MUST send an MPLS echo reply with a 884 Return Code 12, "Protocol not associated with interface at FEC 885 stack-depth" and a Return Subcode set to current-stack-depth. 887 3. Check that the mapping for the FEC at the current-stack-depth is 888 the corresponding label. 890 If no mapping for the FEC exists, X MUST send an MPLS echo reply 891 with a Return Code 4, "Replying router has no mapping for the FEC 892 at stack-depth" and a Return Subcode set to current- stack-depth. 894 If a mapping is found, but the mapping is not the corresponding 895 label, X MUST send an MPLS echo reply with a Return Code 10, 896 "Mapping for this FEC is not the given label at stack-depth" and 897 a Return Subcode set to current-stack-depth. 899 4. X determines the label operation. If the operation is to pop and 900 continue processing, X checks the current-stack-depth. If it is 901 one, X MUST send an MPLS echo reply with a Return Code 3, 902 "Replying router is an egress for the FEC at stack depth" and a 903 Return Subcode set to one. Otherwise, X decrements current-stack- 904 depth and goes back to step 1. 906 If the label operation is pop and switch based on the popped 907 label, X then checks if it is valid to forward a labelled packet. 908 If it is, X MUST send an MPLS echo reply with a Return Code 8, 909 "Label switched at stack-depth" and a Return Subcode set to 910 current-stack-depth. If it is not valid to forward a labelled 911 packet, X MUST send an MPLS echo reply with a Return Code 9, 912 "Label switched but no MPLS forwarding at stack-depth" and a 913 Return Subcode set to current-stack-depth. This return code is 914 sent even if current-stack-depth is one. 916 If the label operation is swap, X MUST send an MPLS echo reply 917 with a Return Code 8, "Label switched at stack-depth" and a 918 Return Subcode set to current-stack-depth. 920 If the MPLS echo request contains a downstream mapping TLV, and the 921 MPLS echo reply has either a Return Code of 8, or a Return Code of 9 922 with a Return Subcode of 1 then Downstream mapping TLVs SHOULD be 923 included for each multipath. 925 X uses the procedure in the next subsection to send the echo reply. 927 4.4. Sending an MPLS Echo Reply 929 An MPLS echo reply is a UDP packet. It MUST ONLY be sent in response 930 to an MPLS echo request. The source IP address is a routable address 931 of the replier; the source port is the well-known UDP port for MPLS 932 ping. The destination IP address and UDP port are copied from the 933 source IP address and UDP port of the echo request. The IP TTL is 934 set to 255. If the Reply Mode in the echo request is "Reply via an 935 IPv4 UDP packet with Router Alert", then the IP header MUST contain 936 the Router Alert IP option. If the reply is sent over an LSP, the 937 topmost label MUST in this case be the Router Alert label (1) (see 938 [LABEL-STACK]). 940 The format of the echo reply is the same as the echo request. The 941 Sender's Handle, the Sequence Number and TimeStamp Sent are copied 942 from the echo request; the TimeStamp Received is set to the time-of- 943 day that the echo request is received (note that this information is 944 most useful if the time-of-day clocks on the requestor and the 945 replier are synchronized). The FEC Stack TLV from the echo request 946 MAY be copied to the reply. 948 The replier MUST fill in the Return Code and Subcode, as determined 949 in the previous subsection. 951 If the echo request contains a Pad TLV, the replier MUST interpret 952 the first octet for instructions regarding how to reply. 954 If the echo request contains a Downstream Mapping TLV, the replier 955 SHOULD compute its downstream routers and corresponding labels for 956 the incoming label, and add Downstream Mapping TLVs for each one to 957 the echo reply it sends back. 959 4.5. Receiving an MPLS Echo Reply 961 An LSR X should only receive an MPLS Echo Reply in response to an 962 MPLS Echo Request that it sent. Thus, on receipt of an MPLS Echo 963 Reply, X should parse the packet to assure that it is well-formed, 964 then attempt to match up the Echo Reply with an Echo Request that it 965 had previously sent, using the destination UDP port and the Sender's 966 Handle. If no match is found, then X jettisons the Echo Reply; 967 otherwise, it checks the Sequence Number to see if it matches. Gaps 968 in the Sequence Number MAY be logged and SHOULD be counted. Once an 969 Echo Reply is received for a given Sequence Number (for a given UDP 970 port and Handle), the Sequence Number for subsequent Echo Requests 971 for that UDP port and Handle SHOULD be incremented. 973 If the Echo Reply contains Downstream Mappings, and X wishes to 974 traceroute further, it SHOULD copy the Downstream Mappings into its 975 next Echo Request (with TTL incremented by one). 977 4.6. Non-compliant Routers 979 If the egress for the FEC Stack being pinged does not support MPLS 980 ping, then no reply will be sent, resulting in possible "false 981 negatives". If in "traceroute" mode, a transit LSR does not support 982 MPLS ping, then no reply will be forthcoming from that LSR for some 983 TTL, say n. The LSR originating the echo request SHOULD try sending 984 the echo request with TTL=n+1, n+2, ..., n+k in the hope that some 985 transit LSR further downstream may support MPLS echo requests and 986 reply. In such a case, the echo request for TTL>n MUST NOT have 987 Downstream Mapping TLVs, until a reply is received with a Downstream 988 Mapping. 990 Normative References 992 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 993 Requirement Levels", BCP 14, RFC 2119, March 1997. 995 [LABEL-STACK] Rosen, E., et al, "MPLS Label Stack Encoding", RFC 996 3032, January 2001. 998 [RSVP] Braden, R. (Editor), et al, "Resource ReSerVation protocol 999 (RSVP) -- Version 1 Functional Specification," RFC 2205, 1000 September 1997. 1002 [RSVP-REFRESH] Berger, L., et al, "RSVP Refresh Overhead Reduction 1003 Extensions", RFC 2961, April 2001. 1005 [RSVP-TE] Awduche, D., et al, "RSVP-TE: Extensions to RSVP for LSP 1006 tunnels", RFC 3209, December 2001. 1008 Informative References 1010 [ICMP] Postel, J., "Internet Control Message Protocol", RFC 792. 1012 [LDP] Andersson, L., et al, "LDP Specification", RFC 3036, January 1013 2001. 1015 Security Considerations 1017 There are at least two approaches to attacking LSRs using the 1018 mechanisms defined here. One is a Denial of Service attack, by 1019 sending MPLS echo requests/replies to LSRs and thereby increasing 1020 their workload. The other is obfuscating the state of the MPLS data 1021 plane liveness by spoofing, hijacking, replaying or otherwise 1022 tampering with MPLS echo requests and replies. 1024 Authentication will help reduce the number of seemingly valid MPLS 1025 echo requests, and thus cut down the Denial of Service attacks; 1026 beyond that, each LSR must protect itself. 1028 Authentication sufficiently addresses spoofing, replay and most 1029 tampering attacks; one hopes to use some mechanism devised or 1030 suggested by the RPSec WG. It is not clear how to prevent hijacking 1031 (non-delivery) of echo requests or replies; however, if these 1032 messages are indeed hijacked, MPLS ping will report that the data 1033 plane isn't working as it should. 1035 It doesn't seem vital (at this point) to secure the data carried in 1036 MPLS echo requests and replies, although knowledge of the state of 1037 the MPLS data plane may be considered confidential by some. 1039 5. IANA Considerations 1041 The TCP and UDP port number 3503 has been allocated by IANA for LSP 1042 echo requests and replies. 1044 The following sections detail the new name spaces to be managed by 1045 IANA. For each of these name spaces, the space is divided into 1046 assignment ranges; the following terms are used in describing the 1047 procedures by which IANA allocates values: "Standards Action" (as 1048 defined in [IANA]); "Expert Review" and "Vendor Private Use". 1050 Values from "Expert Review" ranges MUST be registered with IANA, and 1051 MUST be accompanied by an Experimental RFC that describes the format 1052 and procedures for using the code point. 1054 Values from "Vendor Private" ranges MUST NOT be registered with IANA; 1055 however, the message MUST contain an enterprise code as registered 1056 with the IANA SMI Network Management Private Enterprise Codes. For 1057 each name space that has a Vendor Private range, it must be specified 1058 where exactly the SMI Enterprise Code resides; see below for 1059 examples. In this way, several enterprises (vendors) can use the 1060 same code point without fear of collision. 1062 5.1. Message Types, Reply Modes, Return Codes 1064 It is requested that IANA maintain registries for Message Types, 1065 Reply Modes, Return Codes and Return Subcodes. Each of these can 1066 take values in the range 0-255. Assignments in the range 0-191 are 1067 via Standards Action; assignments in the range 192-251 are made via 1068 Expert Review; values in the range 252-255 are for Vendor Private 1069 Use, and MUST NOT be allocated. 1071 If any of these fields fall in the Vendor Private range, a top-level 1072 Vendor Enterprise Code TLV MUST be present in the message. 1074 5.2. TLVs 1076 It is requested that IANA maintain registries for the Type field of 1077 top-level TLVs as well as for sub-TLVs. The valid range for each of 1078 these is 0-65535. Assignments in the range 0-32767 are made via 1079 Standards Action; assignments in the range 32768-64511 are made via 1080 Expert Review; values in the range 64512-65535 are for Vendor Private 1081 Use, and MUST NOT be allocated. 1083 If a TLV or sub-TLV has a Type that falls in the range for Vendor 1084 Private Use, the Length MUST be at least 4, and the first four octets 1085 MUST be that vendor's SMI Enterprise Code, in network octet order. 1086 The rest of the Value field is private to the vendor. 1088 Acknowledgments 1090 This document is the outcome of many discussions among many people, 1091 that include Manoj Leelanivas, Paul Traina, Yakov Rekhter, Der-Hwa 1092 Gan, Brook Bailey, Eric Rosen and Ina Minei. 1094 The description of the Multipath Information sub-field of the 1095 Downstream Mapping TLV was adapted from text suggested by Curtis 1096 Villamizar. 1098 Appendix 1100 This appendix specifies non-normative aspects of detecting MPLS data 1101 plane liveness. 1103 5.1. CR-LDP FEC 1105 This section describes how a CR-LDP FEC can be included in an Echo 1106 Request using the following FEC subtype: 1108 Sub-Type # Length Value Field 1109 ---------- ------ ------------- 1110 5 6 CR-LDP LSP ID 1112 The value consists of the LSPID of the LSP being pinged. An LSPID is 1113 a four octet IPv4 address (a local address on the ingress LSR, for 1114 example, the Router ID) plus a two octet identifier that is unique 1115 per LSP on a given ingress LSR. 1117 0 1 2 3 1118 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1120 | Ingress LSR Router ID | 1121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1122 | Must Be Zero | LSP ID | 1123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1125 5.2. Downstream Mapping for CR-LDP 1127 If a label in a Downstream Mapping was learned via CR-LDP, the 1128 Protocol field in the Mapping TLV can use the following entry: 1130 Protocol # Signaling Protocol 1131 ---------- ------------------ 1132 5 CR-LDP 1134 Authors' Addresses 1136 Kireeti Kompella 1137 Nischal Sheth 1138 Juniper Networks 1139 1194 N.Mathilda Ave 1140 Sunnyvale, CA 94089 1141 e-mail: kireeti@juniper.net 1142 e-mail: nsheth@juniper.net 1144 Ping Pan 1145 Ciena 1146 10480 Ridgeview Court 1147 Cupertino, CA 95014 1148 e-mail: ppan@ciena.com 1149 phone: +1 408.366.4700 1151 Dave Cooper 1152 Global Crossing 1153 960 Hamlin Court 1154 Sunnyvale, CA 94089 1155 email: dcooper@gblx.net 1156 phone: +1 916.415.0437 1158 George Swallow 1159 Cisco Systems, Inc. 1160 250 Apollo Drive 1161 Chelmsford, MA 01824 1162 e-mail: swallow@cisco.com 1163 phone: +1 978.497.8143 1165 Sanjay Wadhwa 1166 Juniper Networks 1167 10 Technology Park Drive 1168 Westford, MA 01886-3146 1169 email: swadhwa@unispherenetworks.com 1170 phone: +1 978.589.0697 1171 Ronald P. Bonica 1172 WorldCom 1173 22001 Loudoun County Pkwy 1174 Ashburn, Virginia, 20147 1175 email: ronald.p.bonica@wcom.com 1176 phone: +1 703.886.1681 1178 Intellectual Property Rights Notices 1180 The IETF takes no position regarding the validity or scope of any 1181 intellectual property or other rights that might be claimed to 1182 pertain to the implementation or use of the technology described in 1183 this document or the extent to which any license under such rights 1184 might or might not be available; neither does it represent that it 1185 has made any effort to identify any such rights. Information on the 1186 IETF's procedures with respect to rights in standards-track and 1187 standards-related documentation can be found in BCP-11. Copies of 1188 claims of rights made available for publication and any assurances of 1189 licenses to be made available, or the result of an attempt made to 1190 obtain a general license or permission for the use of such 1191 proprietary rights by implementors or users of this specification can 1192 be obtained from the IETF Secretariat. 1194 The IETF invites any interested party to bring to its attention any 1195 copyrights, patents or patent applications, or other proprietary 1196 rights which may cover technology that may be required to practice 1197 this standard. Please address the information to the IETF Executive 1198 Director. 1200 Full Copyright Statement 1202 Copyright (C) The Internet Society (2004). All Rights Reserved. 1204 This document and translations of it may be copied and furnished to 1205 others, and derivative works that comment on or otherwise explain it 1206 or assist in its implmentation may be prepared, copied, published and 1207 distributed, in whole or in part, without restriction of any kind, 1208 provided that the above copyright notice and this paragraph are 1209 included on all such copies and derivative works. However, this 1210 document itself may not be modified in any way, such as by removing 1211 the copyright notice or references to the Internet Society or other 1212 Internet organizations, except as needed for the purpose of 1213 developing Internet standards in which case the procedures for 1214 copyrights defined in the Internet Standards process must be 1215 followed, or as required to translate it into languages other than 1216 English. 1218 The limited permissions granted above are perpetual and will not be 1219 revoked by the Internet Society or its successors or assigns. 1221 This document and the information contained herein is provided on an 1222 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1223 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1224 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1225 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1226 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.