idnits 2.17.1 draft-ietf-pals-mpls-tp-dual-homing-coordination-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 26, 2017) is 2557 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4447 (Obsoleted by RFC 8077) == Outdated reference: A later version (-06) exists of draft-ietf-pals-mpls-tp-dual-homing-protection-05 -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Cheng 3 Internet-Draft L. Wang 4 Intended status: Standards Track H. Li 5 Expires: October 28, 2017 China Mobile 6 J. Dong 7 Huawei Technologies 8 A. D'Alessandro 9 Telecom Italia 10 April 26, 2017 12 Dual-Homing Coordination for MPLS Transport Profile (MPLS-TP) 13 Pseudowires Protection 14 draft-ietf-pals-mpls-tp-dual-homing-coordination-06 16 Abstract 18 In some scenarios, MPLS Transport Profile (MPLS-TP) Pseudowires (PWs) 19 (RFC 5921) may be statically configured, when a dynamic control plane 20 is not available. A fast protection mechanism for MPLS-TP PWs is 21 needed to protect against the failure of an Attachment Circuit (AC), 22 the failure of a Provider Edge (PE), or a failure in the Packet 23 Switched Network (PSN). The framework and typical scenarios of dual- 24 homing PW local protection are described in [draft-ietf-pals-mpls-tp- 25 dual-homing-protection]. This document proposes a dual-homing 26 coordination mechanism for MPLS-TP PWs, which is used for state 27 exchange and switchover coordination between the dual-homing PEs for 28 dual-homing PW local protection. 30 Requirements Language 32 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 33 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 34 document are to be interpreted as described in RFC 2119 [RFC2119]. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at http://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on October 28, 2017. 53 Copyright Notice 55 Copyright (c) 2017 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents 60 (http://trustee.ietf.org/license-info) in effect on the date of 61 publication of this document. Please review these documents 62 carefully, as they describe your rights and restrictions with respect 63 to this document. Code Components extracted from this document must 64 include Simplified BSD License text as described in Section 4.e of 65 the Trust Legal Provisions and are provided without warranty as 66 described in the Simplified BSD License. 68 Table of Contents 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 71 2. Overview of the Proposed Solution . . . . . . . . . . . . . . 3 72 3. Protocol Extensions for Dual-Homing MPLS-TP PW Protection . . 4 73 3.1. Information Exchange Between Dual-Homing PEs . . . . . . 5 74 3.2. Protection Procedures . . . . . . . . . . . . . . . . . . 9 75 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 76 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 77 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14 78 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 79 7.1. Normative References . . . . . . . . . . . . . . . . . . 14 80 7.2. Informative References . . . . . . . . . . . . . . . . . 15 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 83 1. Introduction 85 [RFC6372], [RFC6378] and [RFC7771] describe the framework and 86 mechanism of MPLS Transport Profile (MPLS-TP) linear protection, 87 which can provide protection for the MPLS Label Switched Path (LSP) 88 and Pseudowires (PWs) between the edge nodes. These mechanisms 89 cannot protect the failure of the Attachment Circuit (AC) or the edge 90 nodes. [RFC6718] and [RFC6870] specifies the PW redundancy framework 91 and mechanism for protecting the AC or edge node failure by adding 92 one or more edge nodes, but it requires PW switchover in case of an 93 AC failure, also PW redundancy relies on Packet Switched Network 94 (PSN) protection mechanisms to protect the failure of PW. 96 In some scenarios such as mobile backhauling, the MPLS PWs are 97 provisioned with dual-homing topology, in which at least the CE node 98 on one side is dual-homed to two Provider Edge (PE) nodes. If a 99 failure occurs in the primary AC, operators usually prefer to perform 100 local switchover in the dual-homing PE side and keep the working 101 pseudowire unchanged if possible. This is to avoid massive PW 102 switchover in the mobile backhaul network due to the AC failure in 103 the mobile core site, which may in turn lead to congestion due to the 104 migration of traffic from the paths preferred by the network 105 planners. Similarly, as multiple PWs share the physical AC in the 106 mobile core site, it is preferable to keep using the working AC when 107 one working PW fails in the PSN network, which could avoid 108 unnecessary switchover for other PWs. A fast dual-homing PW 109 protection mechanism is needed to protect the failure in AC, the PE 110 node and the PSN network to meet the above requirements. 112 [I-D.ietf-pals-mpls-tp-dual-homing-protection] describes a framework 113 and several scenarios of dual-homing PW local protection. This 114 document proposes a dual-homing coordination mechanism for static 115 MPLS-TP PWs, which is used for information exchange and switchover 116 coordination between the dual-homing PEs for the dual-homing PW local 117 protection. The proposed mechanism has been implemented and deployed 118 in several mobile backhaul networks which use static MPLS-TP PWs for 119 the backhauling of mobile traffic from the radio access sites to the 120 core site. 122 2. Overview of the Proposed Solution 124 Linear protection mechanisms for MPLS-TP network are defined in 125 [RFC6378], [RFC7271] and [RFC7324]. When such mechanisms are applied 126 to PW linear protection [RFC7771], both the working PW and the 127 protection PW are terminated on the same PE node. In order to 128 provide dual-homing protection for MPLS-TP PWs, some additional 129 mechanisms are needed. 131 In MPLS-TP PW dual-homing protection, the linear protection mechanism 132 as defined in [RFC6378] [RFC7271] and [RFC7324] on the single-homing 133 PE (e.g. PE3 in Figure 1) is not changed, while on the dual-homing 134 side, the working PW and protection PW are terminated on two dual- 135 homing PEs (e.g. PE1 and PE2 in Figure 1) respectively to protect a 136 failure occuring in a PE or a connected AC. As described in 137 [I-D.ietf-pals-mpls-tp-dual-homing-protection], a dedicated Dual-Node 138 Interconnection (DNI) PW is used between the two dual-homing PE nodes 139 to forward the traffic. In order to utilize the linear protection 140 mechanism [RFC7771] in the dual-homing PEs scenario, coordination 141 between the dual-homing PE nodes is needed, so that the dual-homing 142 PEs can switch the connection between the AC, the service PW and the 143 DNI-PW properly in a coordinated fashion by the forwarder. 145 +----------------------------------+ 146 | PE1 | 147 +----------------------------------+ +----+ 148 | | | Working | | 149 X Forwarder + Service X-------------X | 150 /| | PW | Service PW1 | | 151 AC1 / +--------+--------+ | | | 152 / | DNI PW | | | | 153 +---* +--------X--------+----------------+ | | +---+ 154 | | ^ | | | | 155 |CE1| | DNI PW |PE3 +---|CE2| 156 | | | | | | | 157 | | V | | | | 158 +---* +--------X--------+----------------+ | | +---+ 159 \ | DNI PW | | | | 160 AC2 \ +--------+--------+ | Protection | | 161 \| | Service X-------------X | 162 X Forwarder + PW | Service PW2 | | 163 | | | +----+ 164 +----------------------------------+ 165 | PE2 | 166 +----------------------------------+ 168 Figure 1. Dual-homing Protection with DNI-PW 170 3. Protocol Extensions for Dual-Homing MPLS-TP PW Protection 172 In dual-homing MPLS-TP PW local protection, the forwarding state of 173 the dual-homing PEs are determined by the forwarding state machine in 174 Table 1. 176 +-----------+---------+--------+---------------------+ 177 |Service PW | AC | DNI PW | Forwarding Behavior | 178 +-----------+---------+--------+---------------------+ 179 | Active | Active | Up |Service PW <-> AC | 180 +-----------+---------+--------+---------------------+ 181 | Active | Standby | Up |Service PW <-> DNI PW| 182 +-----------+---------+--------+---------------------+ 183 | Standby | Active | Up | DNI PW <-> AC | 184 +-----------+---------+--------+---------------------+ 185 | Standby | Standby | Up | Drop all packets | 186 +-----------+---------+--------+---------------------+ 187 | Active | Active | Down |Service PW <-> AC | 188 +-----------+---------+--------+---------------------+ 189 | Active | Standby | Down | Drop all packets | 190 +-----------+---------+--------+---------------------+ 191 | Standby | Active | Down | Drop all packets | 192 +-----------+---------+--------+---------------------+ 193 | Standby | Standby | Down | Drop all packets | 194 +-----------+---------+--------+---------------------+ 195 Table 1. Dual-homing PE Forwarding State Machine 197 In order to achieve the dual-homing MPLS-TP PW protection, 198 coordination between the dual-homing PE nodes is needed to exchange 199 the PW status and protection coordination requests. 201 3.1. Information Exchange Between Dual-Homing PEs 203 The coordination information will be sent on the DNI PW over the 204 Generic Associated Channel (G-ACh) as described in [RFC5586]. A new 205 G-ACh channel type is defined for the dual-homing coordination 206 between the dual-homing PEs of MPLS-TP PWs. This channel type can be 207 used for the exchange of different types of information between the 208 dual-homing PEs. This document uses this channel type for the 209 exchange of PW status and switchover coordination between the dual- 210 homing PEs. Other potential usages of this channel type are for 211 further study and are out of the scope of this document. 213 The MPLS-TP Dual-Homing Coordination (DHC) message is sent on the DNI 214 PW between the dual-homing PEs. The format of the MPLS-TP DHC 215 message is shown below: 217 0 1 2 3 218 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 |0 0 0 1|Version| Reserved | DHC Channel Type | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | Dual-Homing PEs Group ID | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | TLV Length | Reserved | 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 ~ TLVs ~ 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 Figure 2. MPLS-TP Dual-Homing Coordination Message 230 The first 4-octets is the common G-ACh header as specified in 231 [RFC5586]. The DHC Channel Type is the G-ACh channel type code point 232 to be assigned by IANA. 234 The Dual-Homing Group ID is a 4-octet unsigned integer to identify 235 the dual-homing group which the dual-homing PEs belong to. It MUST 236 be the same at both PEs in the same group. 238 The TLV Length field specifies the total length in octets of the 239 subsequent TLVs. 241 In this document, two TLVs are defined in MPLS-TP Dual-Homing 242 Coordination message for dual-homing MPLS-TP PW protection: 244 Type Description Length 245 1 PW Status 20 Bytes 246 2 Dual-Node Switching 16 Bytes 248 The PW Status TLV is used by a dual-homing PE to report its service 249 PW status to the other dual-homing PE in the same dual-homing group. 251 0 1 2 3 252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | Type=1 (PW Status) | Length | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 256 | Destination Dual-homing PE Node_ID | 257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 258 | Source Dual-homing PE Node_ID | 259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 260 | DNI PW-ID | 261 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 262 | Flags |P| 263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 264 | Service PW Status |D|F| 265 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 Figure 3. PW Status TLV 268 - The Length field specifies the length in octets of the value field 269 of the TLV. 271 - The Destination Dual-homing PE Node_ID is the 32-bit identifier of 272 the receiver PE [RFC6370] which supports both IPv4 and IPv6 273 environments. Usually it is the same as the LSR-ID of the receiver 274 PE. 276 - The Source Dual-homing PE Node_ID is the 32-bit identifier of the 277 sending PE [RFC6370] which supports both IPv4 and IPv6 environments. 278 Usually it is the same as the LSR-ID of the sending PE. 280 - The DNI PW-ID field contains the 32-bit PW ID [RFC4447] of the DNI 281 PW. 283 - The Flags field contains 32 bit flags, in which: 285 o The P (Protection) bit indicates whether the Source Dual-homing PE 286 is the working PE (P=0) or the protection PE (P=1). 288 o Other bits are reserved for future use, which MUST be set to 0 on 289 transmission and MUST be ignored upon receipt. 291 - The Service PW Status field indicates the status of the Service PW 292 between the sending PE and the remote PE. Currently two bits are 293 defined in the Service PW Status field: 295 o F bit: If set, it indicates Signal Fail (SF) [RFC6378] on the 296 service PW. It can be either a local request generated by the PE 297 itself or a remote request received from the remote PE. 299 o D bit: If set, it indicates Signal Degrade (SD) [RFC6378] on the 300 service PW. It can be either a local request or a remote request 301 received from the remote PE. 303 o Other bits are reserved for future use, which MUST be set to 0 on 304 transmission and MUST be ignored upon receipt. 306 The Dual-Node Switching TLV is used by one dual-homing PE to send 307 protection state coordination to the other PE in the same dual-homing 308 group. 310 0 1 2 3 311 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 312 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 | Type=2 (Dual-Node Switching) | Length | 314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 315 | Destination Dual-homing PE Node_ID | 316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 | Source Dual-homing PE Node_ID | 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 | DNI PW-ID | 320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 321 | Flags |S|P| 322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 323 Figure 4. Dual-Node Switching TLV 325 - The Length field specifies the length in octets of the value field 326 of the TLV. 328 - The Destination Dual-homing PE Node_ID is the 32-bit identifier of 329 the receiver PE [RFC6370]. Usually it is the same as the LSR-ID of 330 the receiver PE. 332 - The Source Dual-homing PE Node_ID is the 32-bit identifier of the 333 sending PE [RFC6370]. Usually it is the same as the LSR-ID of the 334 sending PE. 336 - The DNI PW-ID field contains the 32-bit PW-ID [RFC4447] of the DNI 337 PW. 339 - The Flags field contains 32 bit flags, in which: 341 o The P (Protection) bit indicates whether the Source Dual-homing PE 342 is the working PE or the protection PE. It is set to 1 when the 343 Source PE of the dual-node switching request is the protection PE. 345 o The S (PW Switching) bit indicates which service PW is used for 346 forwarding traffic. It is set to 0 when traffic will be 347 transported on the working PW, and is set to 1 if traffic will be 348 transported on the protection PW. The value of the S bit is 349 determined by the protection coordination mechanism between the 350 dual-homing PEs and the remote PE. 352 o Other bits are reserved for future use, which MUST be set to 0 on 353 transmission and MUST be ignored upon receipt. 355 When a change of the service PW status is detected by one of the 356 dual-homing PEs, it MUST be reflected in the PW Status TLV and sent 357 to the other dual-homing PE as quickly as possible to allow for fast 358 protection switching using 3 consecutive DHC messages. This set of 359 three messages allows for fast protection switching even if one or 360 two of these packets are lost or corrupted. After the transmission 361 of the three rapid messages, the dual-homing PE MUST send the most 362 recently transmitted service PW status periodically to the other 363 dual-homing PE on a continual basis using the DHC message. 365 When one dual-homing PE determines that the active service PW needs 366 to be switched from the working PW to the protection PW, It MUST send 367 the Dual-Node Switching TLV to the other dual-homing PE as quickly as 368 possible to allow for fast protection switching using 3 consecutive 369 DHC messages. After the transmission of the three messages, the 370 protection PW would become the active service PW, and the dual-homing 371 PE MUST send the most recently transmitted Dual-Node Switching TLV 372 periodically to the other dual-homing PE on a continual basis using 373 the DHC message. 375 It is RECOMMENDED that the default interval of the first three rapid 376 DHC messages is 3.3 ms similar to [RFC6378], and the default interval 377 of the subsequent messages is 1 second. Both the default interval of 378 the three consecutive messages as well as the default interval of the 379 periodical messages SHALL be configurable by the operator. 381 3.2. Protection Procedures 383 The dual-homing MPLS-TP PW protection mechanism can be deployed with 384 the existing AC redundancy mechanisms. On the PSN network side, PSN 385 tunnel protection mechanism is not required, as the dual-homing PW 386 protection can also protect if a failure occurs in the PSN network. 388 This section uses the one-side dual-homing scenario as an example to 389 describe the dual-homing PW protection procedures, the procedures for 390 two-side dual-homing scenario would be similar. 392 On the dual-homing PE side, the role of working and protection PE are 393 set by the management system or local configuration. The service PW 394 connecting to the working PE is the working PW, and the service PW 395 connecting to the protection PE is called the protection PW. 397 On the single-homing PE side, it treats the working PW and protection 398 PW as if they terminate on the same remote PE node, thus normal MPLS- 399 TP protection coordination procedures still apply on the single- 400 homing PE. 402 The forwarding behavior of the dual-homing PEs is determined by the 403 components shown in the figure below: 405 +---------------------------------+ +-----+ 406 | PE1 (Working PE) | | | 407 +---------------------------------+ PW1 | | 408 | | | Working | | 409 + Forwarder + Service X<-------->X | 410 /| | PW | | | 411 / +--------+--------+ | | | 412 AC1 / | DNI PW | | | | 413 / +--------X--------+---------------+ | | 414 +-----+/ AC ^ DNI PW | | +---+ 415 | CE1 |redundancy | | PE3 +--|CE2| 416 +-----+ mechanism | DHC message | | +---+ 417 \ V exchange | | 418 AC2 \ +--------X--------+---------------+ | | 419 \ | DNI PW | | | | 420 \ +--------+--------+ | PW2 | | 421 \| | Service |Protection| | 422 + Forwarder + PW X<-------->X | 423 | | | PSC | | 424 +---------------------------------+ message | | 425 | PE2 (Protection PE) | exchange | | 426 +---------------------------------+ +-----+ 427 Figure 5. Components of one-side dual-homing PW protection 429 In Figure 5, for each dual-homing PE, the service PW is the PW used 430 to carry service between the dual-homing PE and the remote PE. The 431 state of the service PW is determined by the Operation Administration 432 and Maintanence (OAM) mechanisms between the dual-homing PEs and the 433 remote PE. 435 The DNI PW is provisioned between the two dual-homing PE nodes. It 436 is used to bridge traffic when a failure occurs in the PSN network or 437 in the ACs. The state of the DNI PW is determined by the OAM 438 mechanism between the dual-homing PEs. Since the DNI PW is used to 439 carry both the DHC messages and the service traffic during protection 440 switching, it is important to ensure the robustness of the DNI PW. 441 In order to avoid the DNI PW failure due to the failure of a 442 particular link, it is RECOMMENDED that multiple diverse links be 443 deployed between the dual-homing PEs and the underlay LSP protection 444 mechanism SHOULD be enabled. 446 The AC is the link which connects a dual-homing PE to the dual-homed 447 CE. The status of AC is determined by the existing AC redundancy 448 mechanisms, this is out of the scope of this document. 450 In order to perform dual-homing PW local protection, the service PW 451 status and Dual-node switching coordination requests are exchanged 452 between the dual-homing PEs using the DHC message defined in 453 Section 3.1. 455 Whenever a change of service PW status is detected by a dual-homing 456 PE, it MUST be reflected in the PW Status TLV and sent to the other 457 dual-homing PE immediately using the 3 consecutive DHC messages. 458 After the transmission of the three rapid messages, the dual-homing 459 PE MUST send the most recently transmitted service PW status 460 periodically to the other dual-homing PE on a continual basis using 461 the DHC message. This way, both dual-homing PEs have the status of 462 the working and protection PW consistently. 464 When there is a switchover request either generated locally or 465 received on the protection PW from the remote PE, based on the status 466 of the working and protection service PW, along with the local and 467 remote request of the protection coordination between the dual-homing 468 PEs and the remote PE, the active/standby state of the service PW can 469 be determined by the dual-homing PEs. As the remote protection 470 coordination request is transmitted over the protection path, in this 471 case the active/standby status of the service PW is determined by the 472 protection PE in the dual-homing group. 474 If it is determined on one dual-homing PE that switchover of service 475 PW is needed, this dual-homing PE MUST set the S bit in the Dual-Node 476 Switching TLV and send it to the other dual-homing PE immediately 477 using the 3 consecutive DHC messages. With the exchange of service 478 PW status and the switching request, both dual-homing PEs are 479 consistent on the Active/Standby forwarding status of the working and 480 protection service PWs. The status of the DNI PW is determined by PW 481 OAM mechanism as defined in [RFC5085], and the status of ACs are 482 determined by existing AC redundancy mechanisms, both are out of the 483 scope of this document. The forwarding behavior on the dual-homing 484 PE nodes is determined by the forwarding state machine as shown in 485 Table 1 . 487 Using the topology in Figure 5 as an example, in normal state, the 488 working PW (PW1) is in active state, the protection PW (PW2) is in 489 standby state, the DNI PW is up, and AC1 is in active state according 490 to the AC redundancy mechanism. According to the forwarding state 491 machine in Table 1, traffic will be forwarded through the working PW 492 (PW1) and the primary AC (AC1). No traffic will go through the 493 protection PE (PE2) or the DNI PW, as both the protection PW (PW2) 494 and the AC connecting to PE2 are in standby state. 496 If a failure occurs in AC1, the state of AC2 changes to active 497 according to the AC redundancy mechanism, while there is no change in 498 the state of the working and protection PWs. According to the 499 forwarding state machine in Table 1, PE1 starts to forward traffic 500 between the working PW and the DNI PW, and PE2 starts to forward 501 traffic between AC2 and the DNI PW. It should be noted that in this 502 case only AC switchover takes place, in the PSN network traffic is 503 still forwarded using the working PW. 505 If a failure in the PSN network brings PW1 down, the failure can be 506 detected by PE1 or PE3 using existing OAM mechanisms. If PE1 detects 507 the failure of PW1, it MUST inform PE2 the state of working PW using 508 the PW Status TLV in the DHC messages and change the forwarding 509 status of PW1 to standby. On receipt of the DHC message, PE2 SHOULD 510 change the forwarding status of PW2 to active. Then according to the 511 forwarding state machine in Table 1, PE1 SHOULD set up the connection 512 between the DNI PW and AC1, and PE2 SHOULD set up the connection 513 between PW2 and the DNI PW. According to the linear protection 514 mechanism [RFC6378], PE2 also sends an appropriate protection 515 coordination message [RFC6378] over the protection PW (PW2) to PE3 516 for the remote side to switchover from PW1 to PW2. If PE3 detects 517 the failure of PW1, according to linear protection mechanism 518 [RFC6378], it sends a protection coordination message on the 519 protection PW (PW2) to inform PE2 of the failure on the working PW. 520 Upon receipt of the message, PE2 SHOULD change the forwarding status 521 of PW2 to active and set up the connection according to the 522 forwarding state machine in Table 1. PE2 SHOULD send a DHC message 523 to PE1 with the S bit set in the Dual-Node Switching TLV to 524 coordinate the switchover on PE1 and PE2. This is useful for a 525 unidirectional failure which cannot be detected by PE1. 527 If a failure brings the working PE (PE1) down, the failure can be 528 detected by both PE2 and PE3 using existing OAM mechanisms. Both PE2 529 and PE3 SHOULD change the forwarding status of PW2 to active, and 530 send a protection coordination message [RFC6378] on the protection PW 531 (PW2) to inform the remote side to switchover. According to the 532 existing AC redundancy mechanisms, the status of AC1 changes to 533 standby, and the state of AC2 changes to active. According to the 534 forwarding state machine in Table 1, PE2 starts to forward traffic 535 between the PW2 and AC2. 537 4. IANA Considerations 539 This document requests that IANA assigns one new channel type for 540 "MPLS-TP Dual-Homing Coordination message" from the "MPLS Generalized 541 Associated Channel (G-ACh) Types (including Pseudowire Associated 542 Channel Types)" registry of the "Generic Associated Channel (G-ACh) 543 Parameters" registry. 545 Value Description Reference 546 TBD MPLS-TP Dual-Homing Coordination message [This document] 548 This document requests that IANA creates a new sub-registry called 549 "MPLS-TP DHC TLVs" in the "Generic Associated Channel (G-ACh) 550 Parameters" registry, with fields and initial allocations as follows: 552 Type Description Length Reference 553 0x00 Reserved 554 0x01 PW Status 20 Bytes [this document] 555 0x02 Dual-Node Switching 16 Bytes [this document] 557 The allocation policy for this registry is IETF Review as specified 558 in [RFC5226]. 560 5. Security Considerations 562 MPLS-TP is a subset of MPLS and so builds upon many of the aspects of 563 the security model of MPLS. Please refer to [RFC5920] for generic 564 MPLS security issues and methods for securing traffic privacy and 565 integrity. 567 The DHC message defined in this document contains control 568 information, if it is injected or modified by an attacker, the dual- 569 homing PEs might not agree on which PE should be used to deliver the 570 CE traffic, and this could be used as a denial of service attack 571 against the CE. It is important that the DHC message is used within 572 a trusted MPLS-TP network domain as described in [RFC6941]. 574 The DHC message is carried in the G-ACh [RFC5586], so it is dependent 575 on the security of the G-ACh itself. The G-ACh is a generalization 576 of the Associated Channel defined in [RFC4385]. Thus, this document 577 relies on the security mechanisms provided for the Associated Channel 578 as described in those two documents. 580 As described in the security considerations of [RFC6378], the G-ACh 581 is essentially connection oriented so injection or modification of 582 control messages requires the subversion of a transit node. Such 583 subversion is generally considered hard in connection oriented MPLS 584 networks and impossible to protect against at the protocol level. 586 Management level techniques are more appropriate. The procedures and 587 protocol extensions defined in this document do not affect the 588 security model of MPLS-TP linear protection as defined in [RFC6378]. 590 Uniqueness of the identifiers defined in this document is guaranteed 591 by the assigner (e.g. the operator). Failure by an assigner to use 592 unique values within the specified scoping for any of the identifiers 593 defined herein could result in operational problems. Please refer to 594 [RFC6370] for more details about the uniqueness of the identifiers. 596 6. Contributors 598 The following individuals substantially contributed to the content of 599 this document: 601 Kai Liu 602 Huawei Technologies 603 Email: alex.liukai@huawei.com 605 Shahram Davari 606 Broadcom Corporation 607 davari@broadcom.com 609 7. References 611 7.1. Normative References 613 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 614 Requirement Levels", BCP 14, RFC 2119, 615 DOI 10.17487/RFC2119, March 1997, 616 . 618 [RFC4447] Martini, L., Ed., Rosen, E., El-Aawar, N., Smith, T., and 619 G. Heron, "Pseudowire Setup and Maintenance Using the 620 Label Distribution Protocol (LDP)", RFC 4447, 621 DOI 10.17487/RFC4447, April 2006, 622 . 624 [RFC5085] Nadeau, T., Ed. and C. Pignataro, Ed., "Pseudowire Virtual 625 Circuit Connectivity Verification (VCCV): A Control 626 Channel for Pseudowires", RFC 5085, DOI 10.17487/RFC5085, 627 December 2007, . 629 [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., 630 "MPLS Generic Associated Channel", RFC 5586, 631 DOI 10.17487/RFC5586, June 2009, 632 . 634 [RFC6370] Bocci, M., Swallow, G., and E. Gray, "MPLS Transport 635 Profile (MPLS-TP) Identifiers", RFC 6370, 636 DOI 10.17487/RFC6370, September 2011, 637 . 639 [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, 640 N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS- 641 TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378, 642 October 2011, . 644 [RFC7271] Ryoo, J., Ed., Gray, E., Ed., van Helvoort, H., 645 D'Alessandro, A., Cheung, T., and E. Osborne, "MPLS 646 Transport Profile (MPLS-TP) Linear Protection to Match the 647 Operational Expectations of Synchronous Digital Hierarchy, 648 Optical Transport Network, and Ethernet Transport Network 649 Operators", RFC 7271, DOI 10.17487/RFC7271, June 2014, 650 . 652 [RFC7324] Osborne, E., "Updates to MPLS Transport Profile Linear 653 Protection", RFC 7324, DOI 10.17487/RFC7324, July 2014, 654 . 656 7.2. Informative References 658 [I-D.ietf-pals-mpls-tp-dual-homing-protection] 659 Cheng, W., Wang, L., Li, H., Davari, S., and J. Dong, 660 "Dual-Homing Protection for MPLS and MPLS-TP Pseudowires", 661 draft-ietf-pals-mpls-tp-dual-homing-protection-05 (work in 662 progress), January 2017. 664 [RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson, 665 "Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for 666 Use over an MPLS PSN", RFC 4385, DOI 10.17487/RFC4385, 667 February 2006, . 669 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 670 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 671 DOI 10.17487/RFC5226, May 2008, 672 . 674 [RFC5920] Fang, L., Ed., "Security Framework for MPLS and GMPLS 675 Networks", RFC 5920, DOI 10.17487/RFC5920, July 2010, 676 . 678 [RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport 679 Profile (MPLS-TP) Survivability Framework", RFC 6372, 680 DOI 10.17487/RFC6372, September 2011, 681 . 683 [RFC6718] Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire 684 Redundancy", RFC 6718, DOI 10.17487/RFC6718, August 2012, 685 . 687 [RFC6870] Muley, P., Ed. and M. Aissaoui, Ed., "Pseudowire 688 Preferential Forwarding Status Bit", RFC 6870, 689 DOI 10.17487/RFC6870, February 2013, 690 . 692 [RFC6941] Fang, L., Ed., Niven-Jenkins, B., Ed., Mansfield, S., Ed., 693 and R. Graveman, Ed., "MPLS Transport Profile (MPLS-TP) 694 Security Framework", RFC 6941, DOI 10.17487/RFC6941, April 695 2013, . 697 [RFC7771] Malis, A., Ed., Andersson, L., van Helvoort, H., Shin, J., 698 Wang, L., and A. D'Alessandro, "Switching Provider Edge 699 (S-PE) Protection for MPLS and MPLS Transport Profile 700 (MPLS-TP) Static Multi-Segment Pseudowires", RFC 7771, 701 DOI 10.17487/RFC7771, January 2016, 702 . 704 Authors' Addresses 706 Weiqiang Cheng 707 China Mobile 708 No.32 Xuanwumen West Street 709 Beijing 100053 710 China 712 Email: chengweiqiang@chinamobile.com 714 Lei Wang 715 China Mobile 716 No.32 Xuanwumen West Street 717 Beijing 100053 718 China 720 Email: Wangleiyj@chinamobile.com 722 Han Li 723 China Mobile 724 No.32 Xuanwumen West Street 725 Beijing 100053 726 China 728 Email: Lihan@chinamobile.com 729 Jie Dong 730 Huawei Technologies 731 Huawei Campus, No. 156 Beiqing Rd. 732 Beijing 100095 733 China 735 Email: jie.dong@huawei.com 737 Alessandro D'Alessandro 738 Telecom Italia 739 via Reiss Romoli, 274 740 Torino 10148 741 Italy 743 Email: alessandro.dalessandro@telecomitalia.it