idnits 2.17.1 draft-ietf-mpls-tp-mip-mep-map-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 22, 2013) is 3993 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Farrel 3 Internet-Draft Juniper Networks 4 Intended status: Informational H. Endo 5 Expires: October 24, 2013 Hitachi, Ltd. 6 R. Winter 7 NEC 8 Y. Koike 9 NTT 10 M. Paul 11 Deutsche Telekom 12 April 22, 2013 14 Per-Interface MIP Addressing Requirements and Design Considerations 15 draft-ietf-mpls-tp-mip-mep-map-07 17 Abstract 19 The Framework for Operations, Administration and Maintenance (OAM) 20 within the MPLS Transport Profile (MPLS-TP) describes how Maintenance 21 Entity Group Intermediate Points (MIPs) may be situated within 22 network nodes at the incoming and outgoing interfaces. 24 This document elaborates on important considerations for internal MIP 25 addressing. More precisely it describes important restrictions for 26 any mechanism that specifies a way of forming OAM messages so that 27 they can be targeted at MIPs on incoming or MIPs on outgoing 28 interfaces and forwarded correctly through the forwarding engine. 29 Furthermore, the document includes considerations for node 30 implementations where there is no distinction between the incoming 31 and outgoing MIP. 33 Status of this Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at http://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on October 24, 2013. 50 Copyright Notice 52 Copyright (c) 2013 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 2. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 69 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 70 4. Summary of the Problem Statement . . . . . . . . . . . . . . . 4 71 5. Requirements and Design Considerations for Internal-MIP 72 Adressing . . . . . . . . . . . . . . . . . . . . . . . . . . 6 73 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 74 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 75 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 77 9.1. Normative References . . . . . . . . . . . . . . . . . . . 11 78 9.2. Informative References . . . . . . . . . . . . . . . . . . 11 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 81 1. Introduction 83 The Framework for Operations, Administration and Maintenance (OAM) 84 within the MPLS Transport Profile (MPLS-TP)(the MPLS-TP OAM 85 Framework, [RFC6371]) distinguishes two configurations for 86 Maintenance Entity Group Intermediate Points (MIPs) on a node. It 87 defines per-node MIPs and per-interface MIPs, where a per-node MIP is 88 a single MIP per node in an unspecified location within the node and 89 per-interface MIPs are two (or more) MIPs per node on each side of 90 the forwarding engine. 92 In-band OAM messages are sent using the Generic Associated Channel 93 (G-ACh) [RFC5586]. OAM messages for the transit points of 94 pseudowires (PWs) or Label Switched Paths (LSPs) are delivered using 95 the expiration of the MPLS shim header time-to-live (TTL) field. OAM 96 messages for the end points of PWs and LSPs are simply delivered as 97 normal. 99 OAM messages delivered to end points or transit points are 100 distinguished from other (data) packets so that they can be processed 101 as OAM. In LSPs, the mechanism used is the presence of the Generic 102 Associated Channel Label (GAL) in the Label Stack Entry (LSE) under 103 the top LSE [RFC5586]. In PWs, the mechanism used is the presence of 104 the PW Associated Channel Header (PWACH) [RFC4385] or the presence of 105 a GAL [RFC6423]. 107 In case multiple MIPs are present on a single node, these mechanisms 108 alone provide no way to address one particular MIP out of the set of 109 MIPs. A mechanism that addresses this shortcoming has to obey a few 110 important design considerations which are discussed in this document. 112 Note that the acronym "OAM" is used in conformance with [RFC6291]. 114 2. Requirements notation 116 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 117 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 118 document are to be interpreted as described in [RFC2119]. 120 3. Terminology 122 In this document we use the term in-MIP (incoming MIP) to refer to 123 the MIP which processes OAM messages before they pass through the 124 forwarding engine of a node. An out-MIP (outgoing MIP) processes OAM 125 messages after they have passed the forwarding engine of the node. 126 The two together are referred to as internal MIPs. 128 4. Summary of the Problem Statement 130 Figure 1 shows an abstract functional representation of an MPLS-TP 131 node. It is decomposed as an incoming interface, a forwarding engine 132 (FW), and an outgoing interface. As per the discussion in [RFC6371], 133 MIPs may be placed in each of the functional interface components. 135 ------------------------ 136 |----- -----| 137 | MIP | | MIP | 138 | | ---- | | 139 ----->-| In |->-| FW |->-| Out |->---- 140 | i/f | ---- | i/f | 141 |----- -----| 142 ------------------------ 144 Figure 1: Abstract Functional Representation of an MPLS-TP Node 146 Several distinct OAM functions are required within this architectural 147 model for both PWs and LSPs such as: 149 o Connectivity Verification (CV) between a MEP and a MIP 150 o traceroute over an MPLS-TP LSP and/or an MPLS-TP PW containing 151 MIPs 152 o data-plane loopback configuration at a MIP 153 o diagnostic tests 155 The MIPs in these OAM functions may equally be the MIPs at the 156 incoming or outgoing interfaces. 158 Per-interface MIPs have the advantage that they enable a more 159 accurate localization and identification of faults and diagnostic 160 tests. In particular, the identification of whether a problem is 161 located between nodes or on a particular node and where on that node 162 is greatly enhanced. For obvious reasons, it is important to narrow 163 the cause of a fault down quickly to initiate a timely, and well- 164 directed maintenance action to resume normal network operation. 166 The following two figures illustrate the fundamental difference of 167 using per-node and per-interface MEPs and MIPs for OAM. Figure 2 168 depicts OAM using per-node MIPs and MEPs. For reasons of exposition 169 we pick a location for the MIPs on the nodes but the standard does 170 not mandate the exact location for the per-node model. Figure 3 on 171 the other hand shows the same basic network but for OAM operations 172 per-interface maintenance points are configured. Note that these 173 figures are merely examples. It is important to note that per- 174 interface MEPs or per-interface MIPs MUST logically be placed at a 175 point before (for in-MIP) or after (for out-MIP) passing the 176 forwarding engine as defined in [RFC6371]. It MUST be assured that 177 all traffic for which the MEP/MIP is associated with must pass 178 through or be terminated at that point. 180 Customer| Operator's administrative | Customer 181 Domain | Domain | Domain 182 ------> |<--------------------------------------->| <------ 183 CE1 | T-PE/PE1 S-PE/P1 T-PE/PE2 | CE2 184 | <--------> <--------> <--------> | 185 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 186 | | | | | | | | | | | | | | | | | | | | | | | | 187 | | | | | | | | | | | | | | | | | | | | | | | | 188 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 189 | In FW Out In FW Out In FW Out | 190 | | 191 FWD PW/LSP | o-------------------------- > | 192 | V-------------*-------------V | 193 | MEP1 MIP1 MEP2 | 194 BWD PW/LSP | <---------------------------o | 195 | V-------------*-------------V | 196 | MEP1' MIP1' MEP2'| 197 (S1)<============> 198 (S2)<==========================> 200 Figure 2: Example of OAM relying on per-node MIPs and MEPs 202 To illustrate the difference between these two modes of operation, we 203 use fault detection as an example. Consider the case where the 204 client traffic between CE1 and CE2 experiences a fault. Also assume 205 that an on-demand CV test between PE1 and PE2 was successful. The 206 scenario in Figure 2 therefore leaves the forwarding engine (FW) of 207 PE2, the out-going interface of PE2, the transmission line between 208 PE2 and CE2 or CE2 itself as a potential location of the fault as on- 209 demand CV can only be performed on segment S2. 211 The per-interface model in Figure 3 allows more fine-grained OAM 212 operations to be performed. At first, CV on segment S'4 and in 213 addition CV on segment S'5 can help to rule out e.g. the forwarding 214 engine of PE2. This is of course only a single example, and other 215 OAM functions and scenarios are trivially conceivable. The basic 216 message is that with the per-interface OAM model, an operator can 217 configure smaller segments on a transport path to which OAM 218 operations apply. This enables a more fine-grained scoping of OAM 219 operations such as fault localization and performance monitoring 220 which gives operators better information to deal with adverse 221 networking conditions. 223 Customer Operator's administrative Customer 224 Domain Domain Domain 225 ------->|<--------------------------------------->|<------ 226 CE1 | T-PE/PE1 S-PE/P1 T-PE/PE2 | CE2 227 | <--------> <--------> <--------> | 228 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 229 | | | | | | | | | | | | | | | | | | | | | | | | 230 | | | | | | | | | | | | | | | | | | | | | | | | 231 +---+ | +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ +-+ | +---+ 232 | In FW Out In FW Out In FW Out | 233 | | 234 FWD PW/LSP | o-----------------------------------> | 235 | V-------*------*------*-----*-------V | 236 | MEP1 MIP1 MIP2 MIP3 MIP4 MEP2| 237 | | 238 BWD PW/LSP | <-----------------------------------o | 239 | MEP1' MIP1' MIP2' MIP3' MIP4' MEP2'| 240 (S'1)<======> 241 (S'2)<=============> 242 (S'3)<====================> 243 (S'4)<==========================> 244 (S'5)<==================================> 246 Figure 3: Example of OAM relying on per-interface MIPs and MEPs 248 5. Requirements and Design Considerations for Internal-MIP Adressing 250 OAM messages for transit points of PWs or LSPs are delivered using 251 the expiration of the time-to-live (TTL) field in the top LSE of the 252 MPLS packet header. OAM messages for the end points of PWs and LSPs 253 are simply delivered as normal. These messages are distinguished 254 from other (data) packets so that they can be processed as OAM. In 255 LSPs, the mechanism used is the presence of the Generic Associated 256 Channel Label (GAL) in the LSE under the top LSE [RFC5586]. In PWs, 257 the mechanism used is the presence of the PW Associated Channel 258 Header [RFC4385] or the presence of a GAL [RFC6423]. In addition, 259 two sets of identifiers exist that can be used to address MIPs which 260 are defined in [RFC6370] and [I-D.ietf-mpls-tp-itu-t-identifiers] 262 Any solution for sending OAM messages to the in and out-MIPs must fit 263 within these existing models of handling OAM. 265 Additionally, many MPLS-TP nodes are implemented in a way that all 266 queuing and the forwarding function is performed at the incoming 267 interface. The abstract functional representation of such a node is 268 shown in Figure 4. As shown in the figure, the outgoing interfaces 269 are minimal and for this reason it may not be possible to include MIP 270 functions on those interfaces. This is in particular the case for 271 existing deployed implementations. 273 Any solution that attempts to send OAM messages to the outgoing 274 interface of an MPLS-TP node must not cause any problems when such 275 implementations are present (such as leaking OAM packets with a TTL 276 of 0). 278 ------------------ 279 |------------ | 280 | MIP | | 281 | ---- | | 282 ----->-| In | FW | |-->--|->--- 283 | i/f ---- | | 284 |------------ | 285 ------------------ 287 Figure 4: Abstract Functional Representation of Some Existing MPLS-TP 288 Nodes 290 OAM must operate on MPLS-TP nodes that are branch points on point-to- 291 multipoint (P2MP) trees. That means that it must be possible to 292 target individual outgoing MIPs as well as all outgoing MIPs in the 293 abstract functional representation shown in Figure 5, as well as to 294 handle the P2MP node implementations as shown in Figure 6 without 295 causing problems. 297 -------------------------- 298 | -----| 299 | | MIP | 300 | ->-| |->---- 301 | | | Out | 302 | | | i/f | 303 | | -----| 304 |----- | -----| 305 | MIP | ---- | | MIP | 306 | | | |- | | 307 ----->-| In |->-| FW |--->-| Out |->---- 308 | i/f | | |- | i/f | 309 |----- ---- | -----| 310 | | -----| 311 | | | MIP | 312 | | | | 313 | ->-| Out |->---- 314 | | i/f | 315 | -----| 316 -------------------------- 318 Figure 5: Abstract Functional Representation of an MPLS-TP Node 319 Supporting P2MP 321 ------------------ 322 | ->-|->---- 323 | | | 324 |------------ | | 325 | | | | 326 | MIP ---- | | | 327 | | | |- | 328 ----->-| In | FW | |--->-|->---- 329 | i/f | | |- | 330 | ---- | | | 331 | | | | 332 |------------ | | 333 | | | 334 | ->-|->---- 335 ------------------ 337 Figure 6: Abstract Functional Representation of Some Existing MPLS-TP 338 Nodes Supporting P2MP 340 In summary, the solution for OAM message delivery must behave as 341 follows: 343 o Delivery of OAM messages to the correct MPLS-TP node. 344 o Delivery of OAM instructions to the correct MIP within an MPLS-TP 345 node. 346 o Forwarding of OAM packets exactly as data packets. 347 o Packet inspection at the incoming and outgoing interfaces must be 348 minimized. 350 The first and second bullet point are obvious. The third bullet 351 point however is also vital. To illustrate the importance, a 352 rejected solution is depicted in Figure 7. In the figure, all data 353 and non-local OAM is handled as normal. Local OAM is intercepted at 354 the incoming interface and delivered to the MIP at the incoming 355 interface. If the OAM is intended for the incoming MIP it is handled 356 there with no issue. If the OAM is intended for the outgoing MIP it 357 is forwarded to that MIP using some internal messaging system that is 358 implementation-specific. 360 ------------------------ 361 |----- -----| 362 local OAM ----->-| MIP |----->------| MIP | 363 | | ---- | | 364 data =====>=| In |=>=| FW |=>=| Out |=>==== data 365 non-local OAM ~~~~~>~| i/f |~>~| |~>~| i/f |~>~~~~ non-local OAM 366 |----- ---- -----| 367 ------------------------ 369 Figure 7: OAM Control Message Delivery Bypassing the Forwarding 370 Engine 372 This solution is fully functional for the incoming MIP. It also 373 supports control of data loopback for the outgoing MIP, and can 374 adequately perform some OAM features such as interface identity 375 reporting at the outgoing MIP. 377 However, because the OAM message is not forwarded through the 378 forwarding engine, this solution cannot correctly perform OAM 379 loopback, connectivity verification, LSP tracing, or performance 380 measurement. 382 The last bullet point is also an important requirement for any 383 solution to the internal-MIP addressing problem. Since OAM packets 384 that target an out-MIP need to be sent through the forwarding engine 385 and treated exactly as regular data packets, the determination of 386 whether to forward the packet or process it at the incoming MIP needs 387 to be fast and therefore the processing overhead must be kept to a 388 minimum. In addition, there are a few OAM procedures that operate at 389 line rate such as OAM loopback. This adds to the requirement of 390 minimal processing overhead for both the in-MIP and out-MIP. 392 Most of the above superficially appears to be an implementation 393 matter local to an individual node, the format of the message needs 394 to be standardised so that: 396 o A MEP can correctly target the outgoing MIP of a specific MPLS-TP 397 node. 398 o A node can correctly filter out any OAM messages that were 399 intended for its upstream neighbor's outgoing MIP, but which were 400 not handled there because the upstream neighbor is an 401 implementation as shown in Figure 4 or Figure 6. 403 Note that the last bullet point describes a safety net and an 404 implementation should avoid that this situation ever arises. 406 6. Security Considerations 408 OAM security is discussed in [RFC6371] and security aspects specific 409 to MPLS-TP in general are outlined in 410 [I-D.ietf-mpls-tp-security-framework]. 412 OAM can provide useful information for detecting and tracing security 413 attacks. 415 OAM can also be used to illicitly gather information or for denial of 416 service attacks and other types of attack. Implementations therefore 417 are required to offer security mechanisms for OAM. Deployments are 418 strongly advised to use such mechanisms. 420 Mixing of per-node and per-interface OAM on a single node is not 421 advised as OAM message leakage could be the result. 423 7. IANA Considerations 425 This revision of this document does not make any requests of IANA. 427 8. Acknowledgments 429 The authors gratefully acknowledge the substantial contributions of 430 Zhenlong Cui. We would also like to thank Eric Gray, Sami Boutros and 431 Shahram Davari for interesting input to this document through 432 discussions. 434 9. References 436 9.1. Normative References 438 [I-D.ietf-mpls-tp-itu-t-identifiers] 439 Winter, R., Gray, E., Helvoort, H., and M. Betts, "MPLS-TP 440 Identifiers Following ITU-T Conventions", 441 draft-ietf-mpls-tp-itu-t-identifiers-08 (work in 442 progress), February 2013. 444 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 445 Requirement Levels", BCP 14, RFC 2119, March 1997. 447 [RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson, 448 "Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for 449 Use over an MPLS PSN", RFC 4385, February 2006. 451 [RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic 452 Associated Channel", RFC 5586, June 2009. 454 [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport 455 Profile (MPLS-TP) Identifiers", RFC 6370, September 2011. 457 [RFC6371] Busi, I. and D. Allan, "Operations, Administration, and 458 Maintenance Framework for MPLS-Based Transport Networks", 459 RFC 6371, September 2011. 461 [RFC6423] Li, H., Martini, L., He, J., and F. Huang, "Using the 462 Generic Associated Channel Label for Pseudowire in the 463 MPLS Transport Profile (MPLS-TP)", RFC 6423, 464 November 2011. 466 9.2. Informative References 468 [I-D.ietf-mpls-tp-security-framework] 469 Fang, L., Niven-Jenkins, B., Mansfield, S., and R. 470 Graveman, "MPLS-TP Security Framework", 471 draft-ietf-mpls-tp-security-framework-09 (work in 472 progress), February 2013. 474 [RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu, 475 D., and S. Mansfield, "Guidelines for the Use of the "OAM" 476 Acronym in the IETF", BCP 161, RFC 6291, June 2011. 478 Authors' Addresses 480 Adrian Farrel 481 Juniper Networks 483 Email: adrian@olddog.co.uk 485 Hideki Endo 486 Hitachi, Ltd. 488 Email: hideki.endo.es@hitachi.com 490 Rolf Winter 491 NEC 493 Email: rolf.winter@neclab.eu 495 Yoshinori Koike 496 NTT 498 Email: koike.yoshinori@lab.ntt.co.jp 500 Manuel Paul 501 Deutsche Telekom 503 Email: Manuel.Paul@telekom.de