idnits 2.17.1 draft-ietf-pals-mpls-tp-dual-homing-protection-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 17, 2017) is 2628 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-06) exists of draft-ietf-pals-mpls-tp-dual-homing-coordination-04 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Cheng 3 Internet-Draft L. Wang 4 Intended status: Informational H. Li 5 Expires: July 21, 2017 China Mobile 6 S. Davari 7 Broadcom Corporation 8 J. Dong 9 Huawei Technologies 10 January 17, 2017 12 Dual-Homing Protection for MPLS and MPLS-TP Pseudowires 13 draft-ietf-pals-mpls-tp-dual-homing-protection-05 15 Abstract 17 This document describes a framework and several scenarios for a 18 Pseudowire (PW) dual-homing local protection mechanism which avoids 19 unnecessary switchovers and which can be used for scenarios using a 20 control plane or not using a control plane. A Dual-Node 21 Interconnection (DNI) PW is used for carrying traffic between the 22 dual-homing Provider Edge (PE) nodes for carrying traffic when a 23 failure occurs in one of the Attachment Circuits (AC) or PWs. This 24 PW dual-homing local protection mechanism is complementary to 25 existing PW protection mechanisms. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on July 21, 2017. 44 Copyright Notice 46 Copyright (c) 2017 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Reference Models of Dual-homing Local Protection . . . . . . 3 63 2.1. PE Architecture . . . . . . . . . . . . . . . . . . . . . 3 64 2.2. Dual-Homing Local Protection Reference Scenarios . . . . 4 65 2.2.1. One-Side Dual-Homing Protection . . . . . . . . . . . 4 66 2.2.2. Two-side Dual-Homing Protection . . . . . . . . . . . 6 67 3. Generic Dual-homing PW Protection Mechanism . . . . . . . . . 8 68 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 69 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 70 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9 71 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 72 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 73 7.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 76 1. Introduction 78 [RFC6372] and [RFC6378] describe the framework and mechanism of MPLS- 79 TP Linear protection, which can provide protection for the MPLS LSP 80 or pseudowire (PW) between the edge nodes. This mechanism does not 81 protect the failure of the Attachment Circuit (AC) or the Provider 82 Edge (PE) node. [RFC6718] and [RFC6870] describe the framework and 83 mechanism for PW redundancy to provide protection for AC or PE node 84 failure. The PW redundancy mechanism is based on the signaling of 85 Label Distribution Protocol (LDP), which is applicable to PWs with a 86 dynamic control plane. [I-D.ietf-pals-endpoint-fast-protection] 87 describes a fast local repair mechanism for PW egress endpoint 88 failures, which is based on PW redundancy, upstream label assignment 89 and context specific label switching. This mechanism is only 90 applicable to PWs with a dynamic control plane. 92 There is a need to support a dual-homing local protection mechanism 93 which avoids unnecessary switches of the AC or PW, and which can be 94 used regardless if a control plane is used. In some scenarios such 95 as mobile backhauling, the MPLS PWs are provisioned with dual-homing 96 topology, in which at least the CE node on one side is dual-homed to 97 two PEs. If some fault occurs in the primary AC, operators usually 98 prefer to have the switchover only on the dual-homing PE side and 99 keep the working pseudowires unchanged if possible. This is to avoid 100 massive PW switchover in the mobile backhaul network due to the AC 101 failure in the mobile core site, which may in turn lead to congestion 102 due to the migration of traffic from the paths preferred by the 103 network planners. Similarly, as multiple PWs share the physical AC 104 in the mobile core site, it is preferable to keep using the working 105 AC when one working PW fails in PSN network, which could avoid 106 unnecessary switchover for other PWs. To meet the above 107 requirements, a fast dual-homing local PW protection mechanism is 108 needed to protect against the failures of an AC, the PE node, and the 109 PSN network. 111 This document describes the framework and several typical scenarios 112 of pseudowire (PW) dual-homing local protection. A Dual-Node 113 Interconnection (DNI) PW is used between the dual-homing PE nodes for 114 carrying traffic when a failure occurs in the AC or PW side. In 115 order for the dual-homing PE nodes to determine the forwarding state 116 of AC, PW and DNI PW, necessary state exchange and coordination 117 between the dual-homing PEs is needed. The necessary mechanisms and 118 protocol extensions are defined in a companion document 119 [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. 121 2. Reference Models of Dual-homing Local Protection 123 This section shows the reference architecture of the dual-homing PW 124 local protection and the usage of the architecture in different 125 scenarios. 127 2.1. PE Architecture 129 Figure 1 shows the PE architecture for dual-homing local protection. 130 This is based on the architecture in Figure 4a of [RFC3985]. In 131 addition to the AC and the service PW between the local and remote 132 PEs, a DNI PW is used to connect the forwarders of the dual-homing 133 PEs. It can be used to forward traffic between the dual-homing PEs 134 when a failure occurs in the AC or service PW side. As [RFC3985] 135 specifies: "any required switching functionality is the 136 responsibility of a forwarder function", in this case, the forwarder 137 is responsible for switching the payloads between three entities: the 138 AC, the service PW and the DNI PW. 140 +----------------------------------------+ 141 | Dual-homing PE Device | 142 +----------------------------------------+ 143 AC | | | Service PW 144 <------>o Forwarder + Service X<===========> 145 | | PW | 146 +--------+--------+ | 147 | DNI PW | | 148 +--------X--------+----------------------+ 149 ^ 150 | DNI PW 151 | 152 V 153 +--------X--------+----------------------+ 154 | DNI PW | | 155 +--------+--------+ | Service PW 156 AC | | Service X<===========> 157 <------>o Forwarder + PW | 158 | | | 159 +----------------------------------------+ 160 | Dual-homing PE Device | 161 +----------------------------------------+ 162 Figure 1: PE Architecture for Dual-homing Protection 164 2.2. Dual-Homing Local Protection Reference Scenarios 166 2.2.1. One-Side Dual-Homing Protection 168 Figure 2 illustrates the network scenario of dual-homing PW local 169 protection where only one of the CEs is dual-homed to two PE nodes. 170 CE1 is dual-homed to PE1 and PE2, while CE2 is single-homed to PE3. 171 A DNI-PW is established between the dual-homing PEs, which is used to 172 bridge traffic when a failure occurs in the PSN network or in the AC 173 side. A dual-homing control mechanism enables the PEs and CE to 174 determine which AC should be used to carry traffic between CE1 and 175 the PSN network. The necessary control mechanisms and protocol 176 extensions are defined in a companion document 177 [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. 179 This scenario can protect the node failure of PE1 or PE2, or the 180 failure of one of the ACs between CE1 and the dual-homing PEs. In 181 addition, dual-homing PW protection can protect a failure occuring in 182 the PSN network which impacts the working PW, thus it can be an 183 alternative solution of PSN tunnel protection mechanisms. This 184 topology can be used in mobile backhauling application scenarios. 185 For example, CE2 might be a cell site equipment such as a NodeB, 186 whilst CE1 is the shared Radio Network Controller (RNC). PE3 187 functions as an access side MPLS device while PE1 and PE2 function as 188 core side MPLS devices. 190 |<--------------- Emulated Service --------------->| 191 | | 192 | |<------- Pseudo Wire ------>| | 193 | | | | 194 | | |<-- PSN Tunnels-->| | | 195 | V V V V | 196 V AC1 +----+ +----+ V 197 +-----+ | | PE1| | | +-----+ 198 | |----------|........PW1.(working).......| | | 199 | | | | | | | | 200 | | +-+--+ | | AC3 | | 201 | | | | | | | | 202 | CE1 | DNI-PW | |PE3 |----------| CE2 | 203 | | | | | | | 204 | | +-+--+ | | | | 205 | | | | | | | | 206 | |----------|......PW2.(protection)......| | | 207 +-----+ | | PE2| | | +-----+ 208 AC2 +----+ +----+ 209 Figure 2. One-side dual-homing PW protection 211 Consider in normal state AC1 from CE1 to PE1 is initially active and 212 AC2 from CE1 to PE2 is initially standby, PW1 is the working PW and 213 PW2 is the protection PW. 215 When a failure occurs in AC1, then the state of AC2 changes to active 216 based on the AC dual-homing control mechanism. In order to keep the 217 switchover local and continue using PW1 for traffic forwarding as 218 preferred according to traffic planning, the forwarder on PE2 needs 219 to connect AC2 to the DNI PW, and the forwarder on PE1 needs to 220 connect the DNI PW to PW1. In this way the failure in AC1 will not 221 impact the forwarding of the service PWs across the network. After 222 the switchover, traffic will go through the bidirectional path: CE1- 223 (AC2)-PE2-(DNI-PW)-PE1-(PW1)-PE3-(AC3)-CE2. 225 When a failure in the PSN network affects the working PW (PW1), 226 according to PW protection mechanisms [RFC6378], traffic is switched 227 onto the protection PW (PW2), while the state of AC1 remains active. 228 Then the forwarder on PE1 needs to connect AC1 to the DNI PW, and the 229 forwarder on PE2 needs to connect the DNI PW to PW2. In this way the 230 failure in the PSN network will not impact the state of the ACs. 231 After the switchover, traffic will go through the bidirectional path: 232 CE1-(AC1)-PE1-(DNI-PW)-PE2-(PW2)-PE3-(AC3)-CE2. 234 When a failure occurs in the working PE (PE1), it is equivalent to a 235 failure of the working AC, the working PW and the DNI PW. The state 236 of AC2 changes to active based on the AC dual-homing control 237 mechanism. And according to the PW protection mechanism, traffic is 238 switched on to the protection PW "PW2". In this case the forwarder 239 on PE2 needs to connect AC2 to PW2. After the switchover, traffic 240 will go through the bidirectional path: CE1-(AC2)-PE2-(PW2)-PE3- 241 (AC3)-CE2. 243 2.2.2. Two-side Dual-Homing Protection 245 Figure 3 illustrates the network scenario of dual-homing PW 246 protection where the CEs in both sides are dual-homed. CE1 is dual- 247 homed to PE1 and PE2, and CE2 is dual-homed to PE3 and PE4. A dual- 248 homing control mechanism enables the PEs and CEs to determine which 249 AC should be used to carry traffic between CE and the PSN network. 250 DNI-PWs are used between the dual-homing PEs on both sides. One 251 service PW is established between PE1 and PE3, another service PW is 252 established between PE2 and PE4. The role of working and protection 253 PW can be determined either by configuration or via existing 254 signaling mechanisms. 256 This scenario can protect the node failure on one of the dual-homing 257 PEs, or the failure on one of the ACs between the CEs and their dual- 258 homing PEs. Also, dual-homing PW protection can protect if the 259 failure occured in the PSN network which impacts one of the PWs, thus 260 it can be used as an alternative solution of PSN tunnel protection 261 mechanisms. Note, this scenario is mainly used for services 262 requiring high availability as it requires redundancy of the PEs and 263 network utilization. In this case, CE1 and CE2 can be regarded as 264 service access points. 266 |<---------------- Emulated Service -------------->| 267 | | 268 | |<-------- Pseudowire ------>| | 269 | | | | 270 | | |<-- PSN Tunnels-->| | | 271 | V V V V | 272 V AC1 +----+ +----+ AC3 V 273 +-----+ | | ...|...PW1.(working)..|... | | +-----+ 274 | |----------| PE1| | PE3|----------| | 275 | | +----+ +----+ | | 276 | | | | | | 277 | CE1 | DNI-PW1 | | DNI-PW2 | CE2 | 278 | | | | | | 279 | | +----+ +----+ | | 280 | | | | | | | | 281 | |----------| PE2| | PE4|--------- | | 282 +-----+ | | ...|.PW2.(protection).|... | | +-----+ 283 AC2 +----+ +----+ AC4 285 Figure 3. Two-side dual-homing PW protection 287 Consider in normal state, AC1 between CE1 and PE1 is initially active 288 and AC2 between CE1 and PE2 is initially standby, AC3 between CE2 and 289 PE3 is initially active and AC4 from CE2 to PE4 is initially standby, 290 PW1 is the working PW and PW2 is the protection PW. 292 When a failure occurs in AC1, the state of AC2 changes to active 293 based on the AC dual-homing control mechanism. In order to keep the 294 switchover local and continue using PW1 for traffic forwarding, the 295 forwarder on PE2 needs to connect AC2 to the DNI-PW1, and the 296 forwarder on PE1 needs to connect DNI-PW1 with PW1. In this way 297 failures in the AC side will not impact the forwarding of the service 298 PWs across the network. After the switchover, traffic will go 299 through the bidirectional path: CE1-(AC2)-PE2-(DNI-PW1)-PE1-(PW1)- 300 PE3-(AC3)-CE2. 302 When a failure occurs in the working PW (PW1), according to the PW 303 protection mechanism [RFC6378], traffic needs to be switched onto the 304 protection PW "PW2". In order to keep the state of AC1 and AC3 305 unchanged, the forwarder on PE1 needs to connect AC1 to DNI-PW1, and 306 the forwarder on PE2 needs to connect DNI-PW1 to PW2. On the other 307 side, the forwarder of PE3 needs to connect AC3 to DNI-PW2, and the 308 forwarder on PE4 needs to connect PW2 to DNI-PW2. In this way, the 309 state of the ACs will not be impacted by the failure in the PSN 310 network. After the switchover, traffic will go through the 311 bidirectional path: CE1-(AC1)-PE1-(DNI-PW1)-PE2-(PW2)-PE4-(DNI-PW2)- 312 PE3-(AC3)-CE2. 314 When a failure occurs in the working PE (PE1), it is equivalent to 315 the failures of the working AC, the working PW and the DNI PW. The 316 state of AC2 changes to active based on the AC dual-homing control 317 mechanism. And according to the PW protection mechanism, traffic is 318 switched on to the protection PW "PW2". In this case the forwarder 319 on PE2 needs to connect AC2 to PW2, and the forwarder on PE4 needs to 320 connect PW2 to DNI-PW2. After the switchover, traffic will go 321 through the bidirectional path: CE1-(AC2)-PE2-(PW2)-PE4-(DNI-PW2)- 322 PE3-(AC3)-CE2. 324 3. Generic Dual-homing PW Protection Mechanism 326 As shown in the above scenarios, with the described dual-homing PW 327 protection, failures in the AC side will not impact the forwarding 328 behavior of the PWs in the PSN network, and vice-versa. 330 In order for the dual-homing PEs to coordinate the traffic forwarding 331 during the failures, synchronization of the status information of the 332 involved entities and coordination of switchover between the dual- 333 homing PEs are needed. For PWs with a dynamic control plane, such 334 information synchronization and coordination can be achieved with a 335 dynamic protocol, such as [RFC7275], possibly with some extensions. 336 For PWs which are manually configured without a control plane, a new 337 mechanism is needed to exchange the status information and coordinate 338 switchover between the dual-homing PEs, e.g. over an embedded PW 339 control channel. This is described in a companion document 340 [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. 342 4. IANA Considerations 344 This document does not require any IANA action. 346 5. Security Considerations 348 The scenarios defined in this document do not affect the security 349 model as defined in [RFC3985]. 351 With the proposed protection mechanism, the disruption of a dual- 352 homed AC, a component which is outside the core network, would have a 353 reduced impact on the traffic flows in the core network. This could 354 also avoid unnecessary congestion in the core network. 356 The security consideration of the DNI PW is the same as for Service 357 PWs in the data plane [RFC3985]. Security considerations for the 358 coordination/control mechanism will be addressed in the companion 359 document that defines the mechanism. 361 6. Contributors 363 The following individuals substantially contributed to the content of 364 this document: 366 Kai Liu 367 Huawei Technologies 368 Email: alex.liukai@huawei.com 370 Alessandro D'Alessandro 371 Telecom Italia 372 alessandro.dalessandro@telecomitalia.it 374 7. References 376 7.1. Normative References 378 [I-D.ietf-pals-mpls-tp-dual-homing-coordination] 379 Cheng, W., Wang, L., Li, H., Liu, K., Davari, S., Dong, 380 J., and A. D'Alessandro, "Dual-Homing Coordination for 381 MPLS Transport Profile (MPLS-TP) Pseudowires Protection", 382 draft-ietf-pals-mpls-tp-dual-homing-coordination-04 (work 383 in progress), August 2016. 385 [RFC3985] Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation 386 Edge-to-Edge (PWE3) Architecture", RFC 3985, 387 DOI 10.17487/RFC3985, March 2005, 388 . 390 7.2. Informative References 392 [I-D.ietf-pals-endpoint-fast-protection] 393 Shen, Y., Aggarwal, R., Henderickx, W., and Y. Jiang, "PW 394 Endpoint Fast Failure Protection", draft-ietf-pals- 395 endpoint-fast-protection-05 (work in progress), January 396 2017. 398 [RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport 399 Profile (MPLS-TP) Survivability Framework", RFC 6372, 400 DOI 10.17487/RFC6372, September 2011, 401 . 403 [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, 404 N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS- 405 TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378, 406 October 2011, . 408 [RFC6718] Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire 409 Redundancy", RFC 6718, DOI 10.17487/RFC6718, August 2012, 410 . 412 [RFC6870] Muley, P., Ed. and M. Aissaoui, Ed., "Pseudowire 413 Preferential Forwarding Status Bit", RFC 6870, 414 DOI 10.17487/RFC6870, February 2013, 415 . 417 [RFC7275] Martini, L., Salam, S., Sajassi, A., Bocci, M., 418 Matsushima, S., and T. Nadeau, "Inter-Chassis 419 Communication Protocol for Layer 2 Virtual Private Network 420 (L2VPN) Provider Edge (PE) Redundancy", RFC 7275, 421 DOI 10.17487/RFC7275, June 2014, 422 . 424 Authors' Addresses 426 Weiqiang Cheng 427 China Mobile 428 No.32 Xuanwumen West Street 429 Beijing 100053 430 China 432 Email: chengweiqiang@chinamobile.com 434 Lei Wang 435 China Mobile 436 No.32 Xuanwumen West Street 437 Beijing 100053 438 China 440 Email: Wangleiyj@chinamobile.com 442 Han Li 443 China Mobile 444 No.32 Xuanwumen West Street 445 Beijing 100053 446 China 448 Email: Lihan@chinamobile.com 449 Shahram Davari 450 Broadcom Corporation 451 3151 Zanker Road 452 San Jose 95134-1933 453 United States 455 Email: davari@broadcom.com 457 Jie Dong 458 Huawei Technologies 459 Huawei Campus, No. 156 Beiqing Rd. 460 Beijing 100095 461 China 463 Email: jie.dong@huawei.com