idnits 2.17.1 draft-ietf-pals-mpls-tp-dual-homing-protection-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 1, 2016) is 2818 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-06) exists of draft-ietf-pals-mpls-tp-dual-homing-coordination-03 == Outdated reference: A later version (-05) exists of draft-ietf-pals-endpoint-fast-protection-03 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Cheng 3 Internet-Draft L. Wang 4 Intended status: Informational H. Li 5 Expires: February 2, 2017 China Mobile 6 K. Liu 7 Huawei Technologies 8 S. Davari 9 Broadcom Corporation 10 J. Dong 11 Huawei Technologies 12 A. D'Alessandro 13 Telecom Italia 14 August 1, 2016 16 Dual-Homing Protection for MPLS and MPLS-TP Pseudowires 17 draft-ietf-pals-mpls-tp-dual-homing-protection-04 19 Abstract 21 This document describes a framework and several scenarios for 22 Pseudowire (PW) dual-homing local protection. A Dual-Node 23 Interconnection (DNI) PW is provisioned between the dual-homing 24 Provider Edge (PE) nodes for carrying traffic when failure occurs in 25 the Attachment Circuit (AC) or PW side. In order for the dual-homing 26 PE nodes to determine the forwarding state of AC, PW and the DNI PW, 27 necessary state exchange and coordination are needed between the 28 dual-homing PEs. The PW dual-homing local protection mechanism is 29 complementary to the existing PW protection mechanisms. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on February 2, 2017. 48 Copyright Notice 50 Copyright (c) 2016 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 66 2. Reference Models of Dual-homing Local Protection . . . . . . 3 67 2.1. PE Architecture . . . . . . . . . . . . . . . . . . . . . 3 68 2.2. Dual-Homing Local Protection Reference Scenarios . . . . 4 69 2.2.1. One-Side Dual-Homing Protection . . . . . . . . . . . 4 70 2.2.2. Two-side Dual-Homing Protection . . . . . . . . . . . 6 71 3. Generic Dual-homing PW Protection Mechanism . . . . . . . . . 8 72 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 73 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 74 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 6.1. Normative References . . . . . . . . . . . . . . . . . . 9 76 6.2. Informative References . . . . . . . . . . . . . . . . . 10 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 79 1. Introduction 81 [RFC6372] and [RFC6378] describe the framework and mechanism of MPLS- 82 TP Linear protection, which can provide protection for the MPLS LSP 83 or pseudowire (PW) between the edge nodes. Such mechanism does not 84 protect the failure of the Attachment Circuit (AC) or the Provider 85 Edge (PE) node. [RFC6718] and [RFC6870] describe the framework and 86 mechanism for PW redundancy to provide protection for AC or PE node 87 failure. The PW redundancy mechanism is based on the signaling of 88 Label Distribution Protocol (LDP), which is applicable to PWs with a 89 dynamic control plane. [I-D.ietf-pals-endpoint-fast-protection] 90 describes a fast local repair mechanism for PW egress endpoint 91 failures, which is based on PW redundancy, upstream label assignment 92 and context specific label switching. Such mechanism is applicable 93 to PWs with a dynamic control plane. 95 In some scenarios such as mobile backhauling, the MPLS PWs are 96 provisioned with dual-homing topology, in which at least the CE node 97 in one side is dual-homed to two PEs. If some fault occurs in the 98 primary AC, operators usually prefer to have the switchover only in 99 the dual-homing PE side and keep the working pseudowires unchanged if 100 possible. This is to avoid massive PW switchover in the mobile 101 backhaul network due to the AC failure in the mobile core site, which 102 may in turn lead to congestion due to the migration of traffic from 103 the paths preferred by the network planners. Similarly, as multiple 104 PWs share the physical AC in the mobile core site, it is preferable 105 to keep using the working AC when one working PW fails in PSN 106 network, which could avoid unnecessary AC switchover for other PWs. 107 To meet the above requirements, a fast dual-homing PW protection 108 mechanism is needed to protect against the failures of an AC, the PE 109 node and the PSN network. 111 This document describes the framework and several typical scenarios 112 of pseudowire (PW) dual-homing local protection. A Dual-Node 113 Interconnection (DNI) PW is provisioned between the dual-homing PE 114 nodes for carrying traffic when a failure occurs in the AC or PW 115 side. In order for the dual-homing PE nodes to determine the 116 forwarding state of AC, PW and DNI PW, necessary state exchange and 117 coordination between the dual-homing PEs is needed. The mechanism 118 defined in this document is complementary to the existing protection 119 mechanisms [RFC6378][RFC6718]. The necessary protocol extensions is 120 described in a companion document 121 [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. 123 The proposed mechanism has been implemented and deployed in several 124 mobile backhaul networks which use static MPLS-TP PWs for the 125 backhauling of mobile traffic. 127 2. Reference Models of Dual-homing Local Protection 129 This section shows the reference architecture of the dual-homing PW 130 local protection and the usage of the architecture in different 131 scenarios. 133 2.1. PE Architecture 135 Figure 1 shows the PE architecture for dual-homing local protection. 136 This is based on the architecture in Figure 4a of [RFC3985]. In 137 addition to the AC and the service PW between the local and remote 138 PEs, a DNI PW is provisioned to connect the forwarders of the dual- 139 homing PEs. It can be used to forward traffic between the dual- 140 homing PEs when some failure occurs in the AC or service PW side. As 141 [RFC3985] specifies: "any required switching functionality is the 142 responsibility of a forwarder function", in this case, the forwarder 143 is responsible for switching the payloads between three entities: the 144 AC, the service PW and the DNI PW. The specific behavior of the 145 forwarder is determined according to the forwarding state machine 146 defined in this document. 148 +----------------------------------------+ 149 | Dual-homing PE Device | 150 Single +----------------------------------------+ 151 AC | | | Service PW 152 <------>o Forwarder + Service X<===========> 153 | | PW | 154 +--------+--------+ | 155 | DNI PW | | 156 +--------X--------+----------------------+ 157 ^ 158 | DNI PW 159 | 160 V 161 +--------X-------------------------------+ 162 | Peer Dual-homing PE Device | 163 +----------------------------------------+ 165 Figure 1: PE Architecture for Dual-homing Protection 167 2.2. Dual-Homing Local Protection Reference Scenarios 169 2.2.1. One-Side Dual-Homing Protection 171 Figure 2 illustrates the network scenario of dual-homing PW local 172 protection where only one of the CEs is dual-homed to two PE nodes. 173 CE1 is dual-homed to PE1 and PE2, while CE2 is single-homed to PE3. 174 A DNI-PW is established between the dual-homing PEs, which is used to 175 bridge traffic when a failure occurs in the PSN network or in the AC 176 side. A control mechanism enables the PEs and CE to determine which 177 AC should be used to carry traffic between CE1 and the PSN network. 178 These mechanisms/protocols are beyond the scope of this document. 179 The working and protection PWs can be determined either by 180 configuration or by existing signaling mechanisms. 182 This scenario can protect the node failure of PE1 or PE2, or the 183 failure of one of the ACs between CE1 and the dual-homing PEs. In 184 addition, dual-homing PW protection can protect the failure occured 185 in the PSN network which impacts the working PW, thus it can be an 186 alternative solution of PSN tunnel protection mechanisms. This 187 topology can be used in mobile backhauling application scenarios. 188 For example, CE2 might be a cell site equipment such as a NodeB, 189 whilst CE1 is the shared Radio Network Controller (RNC). 191 the NodeB serves as CE2 while the Radio Network Controller (RNC) 192 serves as CE1. PE3 works as an access side MPLS device while PE1 and 193 PE2 works as core side MPLS devices. 195 |<--------------- Emulated Service --------------->| 196 | | 197 | |<------- Pseudo Wire ------>| | 198 | | | | 199 | | |<-- PSN Tunnels-->| | | 200 | V V V V | 201 V AC1 +----+ +----+ V 202 +-----+ | | PE1| | | +-----+ 203 | |----------|........PW1.(working).......| | | 204 | | | | | | | | 205 | | +-+--+ | | AC3 | | 206 | | | | | | | | 207 | CE1 | DNI-PW | |PE3 |----------| CE2 | 208 | | | | | | | 209 | | +-+--+ | | | | 210 | | | | | | | | 211 | |----------|......PW2.(protection)......| | | 212 +-----+ | | PE2| | | +-----+ 213 AC2 +----+ +----+ 214 Figure 2. One-side dual-homing PW protection 216 Consider in normal state AC1 from CE1 to PE1 is initially active and 217 AC2 from CE1 to PE2 is initially standby, PW1 is the working PW and 218 PW2 is the protection PW. 220 When a failure occurs in AC1, then the state of AC2 changes to active 221 based on some AC redundancy mechanism. In order to keep the 222 switchover local and continue using PW1 for traffic forwarding which 223 is preferred according to traffic planning, the forwarder on PE2 224 needs to connect AC2 to the DNI PW, and the forwarder on PE1 needs to 225 connect the DNI PW to PW1. In this way the failure in AC1 will not 226 impact the forwarding of the service PWs across the network. After 227 the switchover, traffic will go through the bidirectional path: CE1- 228 (AC2)-PE2-(DNI-PW)-PE1-(PW1)-PE3-(AC3)-CE2. 230 When a failure in the PSN network affects the working PW (PW1), 231 according to PW protection mechanisms [RFC6378], traffic is switched 232 onto the protection PW (PW2), while the state of AC1 remains active. 233 Then the forwarder on PE1 needs to connect AC1 to the DNI PW, and the 234 forwarder on PE2 needs to connect the DNI PW to PW2. In this way the 235 failure in the PSN network will not impact the state of the ACs. 236 After the switchover, traffic will go through the bidirectional path: 237 CE1-(AC1)-PE1-(DNI-PW)-PE2-(PW2)-PE3-(AC3)-CE2. 239 When a failure occurs in the working PE (PE1), it is equivalent to 240 the failures of the working AC, the working PW and the DNI PW. The 241 state of AC2 changes to active based on the AC redundancy mechanism. 242 And according to the PW protection mechanism, traffic is switched on 243 to the protection PW "PW2". In this case the forwarder on PE2 needs 244 to connect AC2 to PW2. After the switchover, traffic will go through 245 the bidirectional path: CE1-(AC2)-PE2-(PW2)-PE3-(AC3)-CE2. 247 2.2.2. Two-side Dual-Homing Protection 249 Figure 3 illustrates the network scenario of dual-homing PW 250 protection where the CEs in both sides are dual-homed. CE1 is dual- 251 homed to PE1 and PE2, and CE2 is dual-homed to PE3 and PE4. A dual- 252 homing control mechanism enables the PEs and CEs to determine which 253 AC should be used to carry traffic between CE and the PSN network. 254 DNI-PWs are provisioned between the dual-homing PEs on both sides. 255 One service PW is established between PE1 and PE3, another service PW 256 is established between PE2 and PE4. The role of working and 257 protection PW can be determined either by configuration or via 258 existing signaling mechanisms. 260 This scenario can protect the node failure on one of the dual-homing 261 PEs, or the failure on one of the ACs between the CEs and their dual- 262 homing PEs. Meanwhile, dual-homing PW protection can protect the 263 failure occured in the PSN network which impacts one of the PWs, thus 264 it can be an alternative solution of PSN tunnel protection 265 mechanisms. This scenario is mainly used for services of important 266 business customers. In this case, CE1 and CE2 can be regarded as 267 service access points. 269 |<---------------- Emulated Service -------------->| 270 | | 271 | |<-------- Pseudowire ------>| | 272 | | | | 273 | | |<-- PSN Tunnels-->| | | 274 | V V V V | 275 V AC1 +----+ +----+ AC3 V 276 +-----+ | | ...|...PW1.(working)..|... | | +-----+ 277 | |----------| PE1| | PE3|----------| | 278 | | +----+ +----+ | | 279 | | | | | | 280 | CE1 | DNI-PW1 | | DNI-PW2 | CE2 | 281 | | | | | | 282 | | +----+ +----+ | | 283 | | | | | | | | 284 | |----------| PE2| | PE4|--------- | | 285 +-----+ | | ...|.PW2.(protection).|... | | +-----+ 286 AC2 +----+ +----+ AC4 288 Figure 3. Two-side dual-homing PW protection 290 Consider in normal state, AC1 between CE1 and PE1 is initially active 291 and AC2 between CE1 and PE2 is initially standby, AC3 between CE2 and 292 PE3 is initially active and AC4 from CE2 to PE4 is initially standby, 293 PW1 is the working PW and PW2 is the protection PW. 295 When a failure occurs in AC1, the state of AC2 changes to active 296 based on the AC redundancy mechanism. In order to keep the 297 switchover local and continue using PW1 for traffic forwarding, the 298 forwarder on PE2 needs to connect AC2 to the DNI-PW1, and the 299 forwarder on PE1 needs to connect DNI-PW1 with PW1. In this way 300 failures in the AC side will not impact the forwarding of the service 301 PWs across the network. After the switchover, traffic will go 302 through the bidirectional path: CE1-(AC2)-PE2-(DNI-PW1)-PE1-(PW1)- 303 PE3-(AC3)-CE2. 305 When a failure occurs in the working PW (PW1), according to the PW 306 protection mechanism [RFC6378], traffic needs to be switched onto the 307 protection PW "PW2". In order to keep the state of AC1 and AC3 308 unchanged, the forwarder on PE1 needs to connect AC1 to DNI-PW1, and 309 the forwarder on PE2 needs to connect DNI-PW1 to PW2. On the other 310 side, the forwarder of PE3 needs to connect AC3 to DNI-PW2, and the 311 forwarder on PE4 needs to connect PW2 to DNI-PW2. In this way, the 312 state of the ACs will not be impacted by the failure in the PSN 313 network. After the switchover, traffic will go through the 314 bidirectional path: CE1-(AC1)-PE1-(DNI-PW1)-PE2-(PW2)-PE4-(DNI-PW2)- 315 PE3-(AC3)-CE2. 317 When a failure occurs in the working PE (PE1), it is equivalent to 318 the failures of the working AC, the working PW and the DNI PW. The 319 state of AC2 changes to active based on the AC redundancy mechanism. 320 And according to the PW protection mechanism, traffic is switched on 321 to the protection PW "PW2". In this case the forwarder on PE2 needs 322 to connect AC2 to PW2, and the forwarder on PE4 needs to connect PW2 323 to DNI-PW2. After the switchover, traffic will go through the 324 bidirectional path: CE1-(AC2)-PE2-(PW2)-PE4-(DNI-PW2)-PE3-(AC3)-CE2. 326 3. Generic Dual-homing PW Protection Mechanism 328 As shown in the above scenarios, with the described dual-homing PW 329 protection, failures in the AC side will not impact the forwarding 330 behavior of the PWs in the PSN network, and vice-versa. This is 331 achieved by properly setting the forwarding state between the 332 following entities: 334 o AC 336 o Service PW 338 o DNI PW 340 The forwarding behavior of the dual-homing PE nodes are determined by 341 the forwarding state machine as shown in table 1: 343 +-----------+---------+--------+---------------------+ 344 |Service PW | AC | DNI PW | Forwarding Behavior | 345 +-----------+---------+--------+---------------------+ 346 | Active | Active | Up |Service PW <-> AC | 347 +-----------+---------+--------+---------------------+ 348 | Active | Standby | Up |Service PW <-> DNI PW| 349 +-----------+---------+--------+---------------------+ 350 | Standby | Active | Up | DNI PW <-> AC | 351 +-----------+---------+--------+---------------------+ 352 | Standby | Standby | Up | Drop all packets | 353 +-----------+---------+--------+---------------------+ 354 | Active | Active | Down |Service PW <-> AC | 355 +-----------+---------+--------+---------------------+ 356 | Active | Standby | Down | Drop all packets | 357 +-----------+---------+--------+---------------------+ 358 | Standby | Active | Down | Drop all packets | 359 +-----------+---------+--------+---------------------+ 360 | Standby | Standby | Down | Drop all packets | 361 +-----------+---------+--------+---------------------+ 362 Table 1. Dual-homing PE Forwarding State Machine 364 In order for the dual-homing PEs to coordinate the traffic forwarding 365 during the failures, synchronization of the status information of the 366 involved entities and coordination of switchover between the dual- 367 homing PEs are needed. For PWs with a dynamic control plane, such 368 information synchronization and coordination can be achieved with a 369 dynamic protocol, such as [RFC7275], possibly with some extensions. 370 For PWs which are manually configured without a control plane, a new 371 mechanism is needed to exchange the status information and coordinate 372 switchover between the dual-homing PEs, e.g. over an embedded PW 373 control channel. This is described in a companion document 374 [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. 376 4. IANA Considerations 378 This document does not require any IANA action. 380 5. Security Considerations 382 The mechanism defined in this document do not affect the security 383 model as defined in [RFC3985]. 385 With the proposed protection mechanism, the disruption of a dual- 386 homed AC, a component which is outside the core network, would have a 387 reduced impact on the traffic flows in the core network, which could 388 also avoid unnecessary congestion in the core network. 390 The security consideration of the DNI PW is exactly the same as for 391 Service PWs in the data plane. The co-ordination/control mechanism 392 will have its security analysis in the document that defines the 393 mechanism. 395 6. References 397 6.1. Normative References 399 [I-D.ietf-pals-mpls-tp-dual-homing-coordination] 400 Cheng, W., Wang, L., Li, H., Liu, K., Davari, S., Dong, 401 J., and A. D'Alessandro, "Dual-Homing Coordination for 402 MPLS Transport Profile (MPLS-TP) Pseudowires Protection", 403 draft-ietf-pals-mpls-tp-dual-homing-coordination-03 (work 404 in progress), June 2016. 406 [RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation 407 Edge-to-Edge (PWE3) Architecture", RFC 3985, 408 DOI 10.17487/RFC3985, March 2005, 409 . 411 6.2. Informative References 413 [I-D.ietf-pals-endpoint-fast-protection] 414 Shen, Y., Aggarwal, R., Henderickx, W., and Y. Jiang, "PW 415 Endpoint Fast Failure Protection", draft-ietf-pals- 416 endpoint-fast-protection-03 (work in progress), June 2016. 418 [RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport 419 Profile (MPLS-TP) Survivability Framework", RFC 6372, 420 DOI 10.17487/RFC6372, September 2011, 421 . 423 [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, 424 N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS- 425 TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378, 426 October 2011, . 428 [RFC6718] Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire 429 Redundancy", RFC 6718, DOI 10.17487/RFC6718, August 2012, 430 . 432 [RFC6870] Muley, P., Ed. and M. Aissaoui, Ed., "Pseudowire 433 Preferential Forwarding Status Bit", RFC 6870, 434 DOI 10.17487/RFC6870, February 2013, 435 . 437 [RFC7275] Martini, L., Salam, S., Sajassi, A., Bocci, M., 438 Matsushima, S., and T. Nadeau, "Inter-Chassis 439 Communication Protocol for Layer 2 Virtual Private Network 440 (L2VPN) Provider Edge (PE) Redundancy", RFC 7275, 441 DOI 10.17487/RFC7275, June 2014, 442 . 444 Authors' Addresses 446 Weiqiang Cheng 447 China Mobile 448 No.32 Xuanwumen West Street 449 Beijing 100053 450 China 452 Email: chengweiqiang@chinamobile.com 453 Lei Wang 454 China Mobile 455 No.32 Xuanwumen West Street 456 Beijing 100053 457 China 459 Email: Wangleiyj@chinamobile.com 461 Han Li 462 China Mobile 463 No.32 Xuanwumen West Street 464 Beijing 100053 465 China 467 Email: Lihan@chinamobile.com 469 Kai Liu 470 Huawei Technologies 471 Huawei Base, Bantian, Longgang District 472 Shenzhen 518129 473 China 475 Email: alex.liukai@huawei.com 477 Shahram Davari 478 Broadcom Corporation 479 3151 Zanker Road 480 San Jose 95134-1933 481 United States 483 Email: davari@broadcom.com 485 Jie Dong 486 Huawei Technologies 487 Huawei Campus, No. 156 Beiqing Rd. 488 Beijing 100095 489 China 491 Email: jie.dong@huawei.com 492 Alessandro D'Alessandro 493 Telecom Italia 494 via Reiss Romoli, 274 495 Torino 10148 496 Italy 498 Email: alessandro.dalessandro@telecomitalia.it