idnits 2.17.1 draft-ietf-pals-rfc4447bis-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC6723, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 17, 2016) is 2862 days in the past. Is this intentional? Checking references for intended status: None ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 1060 -- Looks like a reference, but probably isn't: '32768' on line 1060 -- Obsolete informational reference (is this intentional?): RFC 4447 (Obsoleted by RFC 8077) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Luca Martini Ed. 3 Internet Draft Giles Heron Ed. 4 Intended status: Internet Standard 5 Expires: December 17, 2016 Cisco 6 Obsoletes: 6723, 4447 8 June 17, 2016 10 Pseudowire Setup and Maintenance using the Label Distribution Protocol 12 draft-ietf-pals-rfc4447bis-04.txt 14 Status of this Memo 16 This Internet-Draft is submitted to IETF in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on December 17, 2016 37 Abstract 39 Layer 2 services (such as Frame Relay, Asynchronous Transfer Mode, 40 and Ethernet) can be "emulated" over an MPLS backbone by 41 encapsulating the Layer 2 Protocol Data Units (PDU) and then 42 transmitting them over "pseudowires". It is also possible to use 43 pseudowires to provide low-rate Time Division Multiplexed and 44 Synchronous Optical NETworking circuit emulation over an MPLS-enabled 45 network. This document specifies a protocol for establishing and 46 maintaining the pseudowires, using extensions to the Label 47 Distribution Protocol (LDP). Procedures for encapsulating Layer 2 48 PDUs are specified in a set of companion documents. 50 This document has been written to address errata in a previous 51 version of this standard. 53 Table of Contents 55 1 Introduction ......................................... 4 56 2 Changes from RFC4447 ................................. 6 57 3 Specification of Requirements ........................ 7 58 4 The Pseudowire Label ................................. 7 59 5 Details Specific to Particular Emulated Services ..... 9 60 5.1 IP Layer 2 Transport ................................. 9 61 6 LDP .................................................. 9 62 6.1 The PWid FEC Element ................................. 10 63 6.2 The Generalized PWid FEC Element ..................... 11 64 6.2.1 Attachment Identifiers ............................... 12 65 6.2.2 Encoding the Generalized PWid FEC Element ............ 13 66 6.2.2.1 Interface Parameters TLV ............................. 15 67 6.2.2.2 PW Group ID TLV ...................................... 15 68 6.2.3 Signaling Procedures ................................. 16 69 6.3 Signaling of Pseudowire Status ....................... 17 70 6.3.1 Use of Label Mapping Messages ........................ 17 71 6.3.2 Signaling PW Status .................................. 17 72 6.3.3 Pseudowire Status Negotiation Procedures ............. 19 73 6.4 Interface Parameters Sub-TLV ......................... 21 74 6.5 LDP label Withdrawal procedures ...................... 22 75 7 Control Word ......................................... 22 76 7.1 PW Types for which the Control Word is REQUIRED ...... 22 77 7.2 PW Types for which the Control Word is NOT mandatory . 22 78 7.3 Control-Word Renegotiation by Label Request Message .. 24 79 7.4 Sequencing Considerations ............................ 25 80 7.4.1 Label Advertisements ................................. 25 81 7.4.2 Label Release ........................................ 25 82 8 IANA Considerations .................................. 26 83 9 Security Considerations .............................. 26 84 9.1 Data-Plane Security .................................. 26 85 9.2 Control-Plane Security ............................... 27 86 10 Interoperability and Deployment ...................... 28 87 11 Acknowledgments ...................................... 29 88 12 Normative References ................................. 29 89 13 Informative References ............................... 29 90 14 Author Information ................................... 31 91 15 Additional Historical Contributing Authors ........... 31 93 1. Introduction 95 [RFC4619], [RFC4717], [RFC4618], and [RFC4448] explain how to 96 encapsulate a Layer 2 Protocol Data Unit (PDU) for transmission over 97 an MPLS-enabled network. Those documents specify that a "pseudowire 98 header", consisting of a demultiplexor field, will be prepended to 99 the encapsulated PDU. The pseudowire demultiplexor field is 100 prepended before transmitting a packet on a pseudowire. When the 101 packet arrives at the remote endpoint of the pseudowire, the 102 demultiplexor is what enables the receiver to identify the particular 103 pseudowire on which the packet has arrived. To transmit the packet 104 from one pseudowire endpoint to another, the packet may need to 105 travel through a "Packet Switched Network (PSN) tunnel"; this will 106 require that an additional header be prepended to the packet. 108 Accompanying documents [RFC4842], [RFC4553] specify methods for 109 transporting time-division multiplexing (TDM) digital signals (TDM 110 circuit emulation) over a packet-oriented MPLS-enabled network. The 111 transmission system for circuit-oriented TDM signals is the 112 Synchronous Optical Network [ANSI] (SONET)/Synchronous Digital 113 Hierarchy (SDH) [ITUG]. To support TDM traffic, which includes 114 voice, data, and private leased-line service, the pseudowires must 115 emulate the circuit characteristics of SONET/SDH payloads. The TDM 116 signals and payloads are encapsulated for transmission over 117 pseudowires. A pseudowire demultiplexor and a PSN tunnel header is 118 prepended to this encapsulation. 120 [RFC4553] describes methods for transporting low-rate time-division 121 multiplexing (TDM) digital signals (TDM circuit emulation) over PSNs, 122 while [RFC4842] similarly describes transport of high-rate TDM 123 (SONET/SDH). To support TDM traffic, the pseudowires must emulate 124 the circuit characteristics of the original T1, E1, T3, E3, SONET, or 125 SDH signals. [RFC4553] does this by encapsulating an arbitrary but 126 constant amount of the TDM data in each packet, and the other methods 127 encapsulate TDM structures. 129 In this document, we specify the use of the MPLS Label Distribution 130 Protocol, LDP [RFC5036], as a protocol for setting up and maintaining 131 the pseudowires. In particular, we define new TLVs, FEC elements, 132 parameters, and codes for LDP, which enable LDP to identify 133 pseudowires and to signal attributes of pseudowires. We specify how 134 a pseudowire endpoint uses these TLVs in LDP to bind a demultiplexor 135 field value to a pseudowire, and how it informs the remote endpoint 136 of the binding. We also specify procedures for reporting pseudowire 137 status changes, for passing additional information about the 138 pseudowire as needed, and for releasing the bindings. These 139 procedures are intended to be independent of the underlying version 140 of IP used for LDP signaling. 142 In the protocol specified herein, the pseudowire demultiplexor field 143 is an MPLS label. Thus, the packets that are transmitted from one 144 end of the pseudowire to the other are MPLS packets, which must be 145 transmitted through an MPLS tunnel. However, if the pseudowire 146 endpoints are immediately adjacent and penultimate hop popping 147 behavior is in use, the MPLS tunnel may not be necessary. Any sort 148 of PSN tunnel can be used, as long as it is possible to transmit MPLS 149 packets through it. The PSN tunnel can itself be an MPLS LSP, or any 150 other sort of tunnel that can carry MPLS packets. Procedures for 151 setting up and maintaining the MPLS tunnels are outside the scope of 152 this document. 154 This document deals only with the setup and maintenance of point-to- 155 point pseudowires. Neither point-to-multipoint nor multipoint-to- 156 point pseudowires are discussed. 158 QoS-related issues are not discussed in this document. 160 The following two figures describe the reference models that are 161 derived from [RFC3985] to support the PW emulated services. 163 |<-------------- Emulated Service ---------------->| 164 | | 165 | |<------- Pseudowire ------->| | 166 | | | | 167 |Attachment| |<-- PSN Tunnel -->| |Attachment| 168 | Circuit V V V V Circuit | 169 V (AC) +----+ +----+ (AC) V 170 +-----+ | | PE1|==================| PE2| | +-----+ 171 | |----------|............PW1.............|----------| | 172 | CE1 | | | | | | | | CE2 | 173 | |----------|............PW2.............|----------| | 174 +-----+ ^ | | |==================| | | ^ +-----+ 175 ^ | +----+ +----+ | | ^ 176 | | Provider Edge 1 Provider Edge 2 | | 177 | | | | 178 Customer | | Customer 179 Edge 1 | | Edge 2 180 | | 181 native service native service 183 Figure 1: PWE3 Reference Model 185 +-----------------+ +-----------------+ 186 |Emulated Service | |Emulated Service | 187 |(e.g., TDM, ATM) |<==== Emulated Service ===>|(e.g., TDM, ATM) | 188 +-----------------+ +-----------------+ 189 | Payload | | Payload | 190 | Encapsulation |<====== Pseudowire =======>| Encapsulation | 191 +-----------------+ +-----------------+ 192 |PW Demultiplexer | |PW Demultiplexer | 193 | PSN Tunnel, |<======= PSN Tunnel ======>| PSN Tunnel, | 194 | PSN & Physical | | PSN & Physical | 195 | Layers | | Layers | 196 +-------+---------+ ___________ +---------+-------+ 197 | / | 198 +===============/ PSN ===============+ 199 / 200 _____________/ 202 Figure 2: PWE3 Protocol Stack Reference Model 204 For the purpose of this document, PE1 will be defined as the ingress 205 router, and PE2 as the egress router. A layer 2 PDU will be received 206 at PE1, encapsulated at PE1, transported and decapsulated at PE2, and 207 transmitted out of PE2. 209 2. Changes from RFC4447 211 The changes in this document are mostly minor fixes to spelling and 212 grammar, or clarifications to the text, which were either noted as 213 errata to [RFC4447] or found by the editors. 215 Additionally a new section (7.3) on control-word renegotiation by 216 label request message has been added, obsoleting [RFC6723]. The 217 diagram of C-bit handling procedures has also been removed. A note 218 has been added in section 6.3.2 to clarify that the C-bit is part of 219 the FEC. 221 A reference has also been added to [RFC7358] indicating the use of 222 downstream unsolicited mode to distribute PW FEC label bindings, 223 independent of the negotiated label advertisement mode of the LDP 224 session. 226 3. Specification of Requirements 228 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 229 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 230 document are to be interpreted as described in [RFC2119]. 232 4. The Pseudowire Label 234 Suppose that it is desired to transport Layer 2 PDUs from ingress LSR 235 PE1 to egress LSR PE2, across an intervening MPLS-enabled network. 236 We assume that there is an MPLS tunnel from PE1 to PE2. That is, we 237 assume that PE1 can cause a packet to be delivered to PE2 by 238 encapsulating the packet in an "MPLS tunnel header" and sending the 239 result to one of its adjacencies. The MPLS tunnel is an MPLS Label 240 Switched Path (LSP); thus, putting on an MPLS tunnel encapsulation is 241 a matter of pushing on an MPLS label. 243 We presuppose that a large number of pseudowires can be carried 244 through a single MPLS tunnel. Thus it is never necessary to maintain 245 state in the network core for individual pseudowires. We do not 246 presuppose that the MPLS tunnels are point to point; although the 247 pseudowires are point to point, the MPLS tunnels may be multipoint to 248 point. We do not presuppose that PE2 will even be able to determine 249 the MPLS tunnel through which a received packet was transmitted. 250 (For example, if the MPLS tunnel is an LSP and penultimate hop 251 popping is used, when the packet arrives at PE2, it will contain no 252 information identifying the tunnel.) 254 When PE2 receives a packet over a pseudowire, it must be able to 255 determine that the packet was in fact received over a pseudowire, and 256 it must be able to associate that packet with a particular 257 pseudowire. PE2 is able to do this by examining the MPLS label that 258 serves as the pseudowire demultiplexor field shown in Figure 2. Call 259 this label the "PW label". 261 When PE1 sends a Layer 2 PDU to PE2, it creates an MPLS packet by 262 adding the PW label to the packet, thus creating the first entry of 263 the label stack. If the PSN tunnel is an MPLS LSP, the PE1 pushes 264 another label (the tunnel label) onto the packet as the second entry 265 of the label stack. The PW label is not visible again until the MPLS 266 packet reaches PE2. PE2's disposition of the packet is based on the 267 PW label. 269 If the payload of the MPLS packet is, for example, an ATM AAL5 PDU, 270 the PW label will generally correspond to a particular ATM VC at PE2. 271 That is, PE2 needs to be able to infer from the PW label the outgoing 272 interface and the VPI/VCI value for the AAL5 PDU. If the payload is 273 a Frame Relay PDU, then PE2 needs to be able to infer from the PW 274 label the outgoing interface and the DLCI value. If the payload is 275 an Ethernet frame, then PE2 needs to be able to infer from the PW 276 label the outgoing interface, and perhaps the VLAN identifier. This 277 process is uni-directional and will be repeated independently for 278 bi-directional operation. When using the PWid FEC Element, it is 279 REQUIRED that the same PW ID and PW type be assigned for a given 280 circuit in both directions. The group ID (see below) MUST NOT be 281 required to match in both directions. The transported frame MAY be 282 modified when it reaches the egress router. If the header of the 283 transported Layer 2 frame is modified, this MUST be done at the 284 egress LSR only. Note that the PW label must always be at the bottom 285 of the packet's label stack, and labels MUST be allocated from the 286 per-platform label space. 288 This document does not specify a method for distributing the MPLS 289 tunnel label or any other labels that may appear above the PW label 290 on the stack. Any acceptable method of MPLS label distribution will 291 do. This document specifies a protocol for assigning and distributing 292 the PW label. This protocol is LDP, extended as specified in the 293 remainder of this document. An LDP session must be set up between the 294 pseudowire endpoints. LDP MUST exchange PW FEC label bindings in 295 downstream unsolicited mode, independent of the negotiated label 296 advertisement mode of the LDP session according to the specifications 297 in specified in [RFC7358]. LDP's "liberal label retention" mode 298 SHOULD be used. However all the LDP procedures that are specified in 299 [RFC5036], and that are also applicable to this protocol 300 specification MUST be implemented. 302 This document requires that a receiving LSR MUST respond to a Label 303 Request message with either a Label Mapping for the requested label 304 or with a Notification message that indicates why it cannot satisfy 305 the request. These procedures are specified in [RFC5036] section 306 3.5.7 "Label Mapping Message", and 3.5.8 "Label Request Message". 307 Note that sending these responses is a stricter requirement than is 308 specified in [RFC5036] but these response messages are REQUIRED to 309 ensure correct operation of this protocol. 311 In addition to the protocol specified herein, static assignment of PW 312 labels may be used, and implementations of this protocol SHOULD 313 provide support for static assignment. PW encapsulation is always 314 symmetrical in both directions of traffic along a specific PW, 315 whether the PW uses an LDP control plane or not. 317 This document specifies all the procedures necessary to set up and 318 maintain the pseudowires needed to support "unswitched" point to 319 point services, where each endpoint of the pseudowire is provisioned 320 with the identity of the other endpoint. There are also protocol 321 mechanisms specified herein that can be used to support switched 322 services and other provisioning models. However, the use of the 323 protocol mechanisms to support those other models and services is not 324 described in this document. 326 5. Details Specific to Particular Emulated Services 328 5.1. IP Layer 2 Transport 330 This mode carries IP packets over a pseudowire. The encapsulation 331 used is according to [RFC3032]. The PW control word MAY be inserted 332 between the MPLS label stack and the IP payload. The encapsulation 333 of the IP packets for forwarding on the attachment circuit is 334 implementation specific, is part of the native service processing 335 (NSP) function [RFC3985], and is outside the scope of this document. 337 6. LDP 339 The PW label bindings are distributed using the LDP downstream 340 unsolicited mode described in [RFC5036]. The PEs will establish an 341 LDP session using the Extended Discovery mechanism described in [LDP, 342 sectionn 2.4.2 and 2.5]. 344 An LDP Label Mapping message contains an FEC TLV, a Label TLV, and 345 zero or more optional parameter TLVs. 347 The FEC TLV is used to indicate the meaning of the label. In the 348 current context, the FEC TLV would be used to identify the particular 349 pseudowire that a particular label is bound to. In this 350 specification, we define two new FEC TLVs to be used for identifying 351 pseudowires. When setting up a particular pseudowire, only one of 352 these FEC TLVs is used. The one to be used will depend on the 353 particular service being emulated and on the particular provisioning 354 model being supported. 356 LDP allows each FEC TLV to consist of a set of FEC elements. For 357 setting up and maintaining pseudowires, however, each FEC TLV MUST 358 contain exactly one FEC element. 360 The LDP base specification has several kinds of label TLVs, including 361 the Generic Label TLV, as specified in [RFC5036], section 3.4.2.1. 362 For setting up and maintaining pseudowires, the Generic Label TLV 363 MUST be used. 365 6.1. The PWid FEC Element 367 The PWid FEC element may be used whenever both pseudowire endpoints 368 have been provisioned with the same 32-bit identifier for the 369 pseudowire. 371 For this purpose, a new type of FEC element is defined. The FEC 372 element type is 0x80 and is defined as follows: 374 0 1 2 3 375 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 | PWid (0x80) |C| PW type |PW info Length | 378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 379 | Group ID | 380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 381 | PW ID | 382 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 383 | Interface Parameter Sub-TLV | 384 | " | 385 | " | 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 - PW type 390 A 15 bit quantity containing a value that represents the type of 391 PW. Assigned Values are specified in "IANA Allocations for 392 pseudo Wire Edge to Edge Emulation (PWE3)" [RFC4446]. 394 - Control word bit (C) 396 The bit (C) is used to flag the presence of a control word as 397 follows: 399 C = 1 control word present on this PW. 400 C = 0 no control word present on this PW. 402 Please see the section "Control Word" for further explanation. 404 - PW information length 406 Length of the PW ID field and the interface parameters sub-TLV in 407 octets. If this value is 0, then it references all PWs using the 408 specified group ID, and there is no PW ID present, nor are there 409 any interface parameter sub-TLVs. 411 - Group ID 413 An arbitrary 32 bit value which represents a group of PWs that is 414 used to create groups in the PW space. The group ID is intended 415 to be used as a port index, or a virtual tunnel index. To 416 simplify configuration a particular PW ID at ingress could be 417 part of a Group ID assigned to the virtual tunnel for transport 418 to the egress router. The Group ID is very useful for sending 419 wild card label withdrawals, or PW wild card status notification 420 messages to remote PEs upon physical port failure. 422 - PW ID 424 A non-zero 32-bit connection ID that together with the PW type 425 identifies a particular PW. Note that the PW ID and the PW type 426 MUST be the same at both endpoints. 428 - Interface Parameter Sub-TLV 430 This variable length TLV is used to provide interface specific 431 parameters, such as attachment circuit MTU. 433 Note that as the "interface parameter sub-TLV" is part of the 434 FEC, the rules of LDP make it impossible to change the interface 435 parameters once the pseudowire has been set up. Thus the 436 interface parameters field must not be used to pass information, 437 such as status information, that may change during the life of 438 the pseudowire. Optional parameter TLVs should be used for that 439 purpose. 441 Using the PWid FEC, each of the two pseudowire endpoints 442 independently initiates the setup of a unidirectional LSP. An 443 outgoing LSP and an incoming LSP are bound together into a single 444 pseudowire if they have the same PW ID and PW type. 446 6.2. The Generalized PWid FEC Element 448 The PWid FEC element can be used if a unique 32-bit value has been 449 assigned to the PW, and if each endpoint has been provisioned with 450 that value. The Generalized PWid FEC element requires that the PW 451 endpoints be uniquely identified; the PW itself is identified as a 452 pair of endpoints. In addition, the endpoint identifiers are 453 structured to support applications where the identity of the remote 454 endpoints needs to be auto-discovered rather than statically 455 configured. 457 The "Generalized PWid FEC Element" is FEC type 0x81. 459 The Generalized PWid FEC Element does not contain anything 460 corresponding to the "Group ID" of the PWid FEC element. The 461 functionality of the "Group ID" is provided by a separate optional 462 LDP TLV, the "PW Group ID TLV", described below. The Interface 463 Parameters field of the PWid FEC element is also absent; its 464 functionality is replaced by the optional Interface Parameters TLV, 465 described below. 467 6.2.1. Attachment Identifiers 469 As discussed in [RFC3985], a pseudowire can be thought of as 470 connecting two "forwarders". The protocol used to set up a 471 pseudowire must allow the forwarder at one end of a pseudowire to 472 identify the forwarder at the other end. We use the term "attachment 473 identifier", or "AI", to refer to the field that the protocol uses to 474 identify the forwarders. In the PWid FEC, the PWid field serves as 475 the AI. In this section, we specify a more general form of AI that 476 is structured and of variable length. 478 Every Forwarder in a PE must be associated with an Attachment 479 Identifier (AI), either through configuration or through some 480 algorithm. The Attachment Identifier must be unique in the context 481 of the PE router in which the Forwarder resides. The combination must be globally unique. 484 It is frequently convenient to regard a set of Forwarders as being 485 members of a particular "group", where PWs may only be set up among 486 members of a group. In such cases, it is convenient to identify the 487 Forwarders relative to the group, so that an Attachment Identifier 488 would consist of an Attachment Group Identifier (AGI) plus an 489 Attachment Individual Identifier (AII). 491 An Attachment Group Identifier may be thought of as a VPN-id, or a 492 VLAN identifier, some attribute that is shared by all the Attachment 493 PWs (or pools thereof) that are allowed to be connected. 495 The details of how to construct the AGI and AII fields identifying 496 the pseudowire endpoints are outside the scope of this specification. 497 Different pseudowire applications, and different provisioning models, 498 will require different sorts of AGI and AII fields. The 499 specification of each such application and/or model must include the 500 rules for constructing the AGI and AII fields. 502 As previously discussed, a (bidirectional) pseudowire consists of a 503 pair of unidirectional LSPs, one in each direction. If a particular 504 pseudowire connects PE1 with PE2, the PW direction from PE1 to PE2 505 can be identified as: 507 , PE2, >, 509 and the PW direction from PE2 to PE1 can be identified by: 511 , PE1, >. 513 Note that the AGI must be the same at both endpoints, but the AII 514 will in general be different at each endpoint. Thus, from the 515 perspective of a particular PE, each pseudowire has a local or 516 "Source AII", and a remote or "Target AII". The pseudowire setup 517 protocol can carry all three of these quantities: 519 - Attachment Group Identifier (AGI). 521 - Source Attachment Individual Identifier (SAII) 523 - Target Attachment Individual Identifier (TAII) 525 If the AGI is non-null, then the Source AI (SAI) consists of the AGI 526 together with the SAII, and the Target AI (TAI) consists of the TAII 527 together with the AGI. If the AGI is null, then the SAII and TAII 528 are the SAI and TAI, respectively. 530 The interpretation of the SAI and TAI is a local matter at the 531 respective endpoint. 533 The association of two unidirectional LSPs into a single 534 bidirectional pseudowire depends on the SAI and the TAI. Each 535 application and/or provisioning model that uses the Generalized PWid 536 FEC element must specify the rules for performing this association. 538 6.2.2. Encoding the Generalized PWid FEC Element 540 FEC element type 0x81 is used. The FEC element is encoded as 541 follows: 543 0 1 2 3 544 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 |Gen PWid (0x81)|C| PW Type |PW info Length | 547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 548 | AGI Type | Length | Value | 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 ~ AGI Value (contd.) ~ 551 | | 552 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 553 | AII Type | Length | Value | 554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 555 ~ SAII Value (contd.) ~ 556 | | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 558 | AII Type | Length | Value | 559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 560 ~ TAII Value (contd.) ~ 561 | | 562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 564 This document does not specify the AII and AGI type field values; 565 specification of the type field values to be used for a particular 566 application is part of the specification of that application. IANA 567 has assigned these values using the method defined in the [RFC4446] 568 document. 570 The SAII, TAII, and AGI are simply carried as octet strings. The 571 length byte specifies the size of the Value field. The null string 572 can be sent by setting the length byte to 0. If a particular 573 application does not need all three of these sub-elements, it MUST 574 send all the sub-elements but set the length to 0 for the unused 575 sub-elements. 577 The PW information length field contains the length of the SAII, 578 TAII, and AGI, combined in octets. If this value is 0, then it 579 references all PWs using the specific grouping ID (specified in the 580 PW Group ID TLV). In this case, there are no other FEC element 581 fields (AGI, SAII, etc.) present, nor any interface parameters TLVs. 583 Note that the interpretation of a particular field as AGI, SAII, or 584 TAII depends on the order of its occurrence. The type field 585 identifies the type of the AGI, SAII, or TAII. When comparing two 586 occurrences of an AGI (or SAII or TAII), the two occurrences are 587 considered identical if the type, length, and value fields of one are 588 identical, respectively, to those of the other. 590 6.2.2.1. Interface Parameters TLV 592 This TLV MUST only be used when sending the Generalized PW FEC. It 593 specifies interface-specific parameters. Specific parameters, when 594 applicable, MUST be used to validate that the PEs and the ingress and 595 egress ports at the edges of the circuit have the necessary 596 capabilities to interoperate with each other. 598 0 1 2 3 599 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 600 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 601 |0|0| PW Intf P. TLV (0x096B) | Length | 602 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 603 | Sub-TLV Type | Length | Variable Length Value | 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 | Variable Length Value | 606 | " | 607 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 609 A more detailed description of this field can be found in the section 610 "Interface Parameters Sub-TLV", below. 612 6.2.2.2. PW Group ID TLV 614 0 1 2 3 615 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 |0|0| PW Group ID TLV (0x096C) | Length | 618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 | Value | 620 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 622 The PW Group ID is an arbitrary 32-bit value that represents an 623 arbitrary group of PWs. It is used to create group PWs; for example, 624 a PW Grouping ID can be used as a port index and assigned to all PWs 625 that lead to that port. Use of the PW Group ID enables a PE to send 626 "wild card" label withdrawals, or "wild card" status notification 627 messages, to remote PEs upon physical port failure. 629 Note Well: The PW Group ID is different from and has no relation to, 630 the Attachment Group Identifier. 632 The PW Group ID TLV is not part of the FEC and will not be advertised 633 except in the PW FEC advertisement. The advertising PE MAY use the 634 wild card withdraw semantics, but the remote PEs MUST implement 635 support for wild card messages. This TLV MUST only be used when 636 sending the Generalized PW ID FEC. 638 To issue a wild card command (status or withdraw): 640 - Set the PW Info Length to 0 in the Generalized PWid FEC Element. 641 - Send only the PW Group ID TLV with the FEC (no AGI/SAII/TAII is 642 sent). 644 6.2.3. Signaling Procedures 646 In order for PE1 to begin signaling PE2, PE1 must know the address of 647 the remote PE2, and a TAI. This information may have been configured 648 at PE1, or it may have been learned dynamically via some 649 autodiscovery procedure. 651 The egress PE (PE1), which has knowledge of the ingress PE, initiates 652 the setup by sending a Label Mapping Message to the ingress PE (PE2). 653 The Label Mapping message contains the FEC TLV, carrying the 654 Generalized PWid FEC Element (type 0x81). The Generalized PWid FEC 655 element contains the AGI, SAII, and TAII information. 657 Next, when PE2 receives such a Label Mapping message, PE2 interprets 658 the message as a request to set up a PW whose endpoint (at PE2) is 659 the Forwarder identified by the TAI. From the perspective of the 660 signaling protocol, exactly how PE2 maps AIs to Forwarders is a local 661 matter. In some Virtual Private Wire Services (VPWS) provisioning 662 models, the TAI might, for example, be a string that identifies a 663 particular Attachment Circuit, such as "ATM3VPI4VCI5", or it might, 664 for example, be a string, such as "Fred", that is associated by 665 configuration with a particular Attachment Circuit. In VPLS, the AGI 666 could be a VPN-id, identifying a particular VPLS instance. 668 If PE2 cannot map the TAI to one of its Forwarders, then PE2 sends a 669 Label Release message to PE1, with a Status Code of 670 "Unassigned/Unrecognized TAI", and the processing of the Label 671 Mapping message is complete. 673 The FEC TLV sent in a Label Release message is the same as the FEC 674 TLV received in the Label Mapping being released (but without the 675 interface parameter TLV). More generally, the FEC TLV is the same in 676 all LDP messages relating to the same PW. In a Label Release this 677 means that the SAII is the remote peer's AII and the TAII is the 678 sender's local AII. 680 If the Label Mapping Message has a valid TAI, PE2 must decide whether 681 to accept it. The procedures for so deciding will depend on the 682 particular type of Forwarder identified by the TAI. Of course, the 683 Label Mapping message may be rejected due to standard LDP error 684 conditions as detailed in [RFC5036]. 686 If PE2 decides to accept the Label Mapping message, then it has to 687 make sure that a PW LSP is set up in the opposite (PE1-->PE2) 688 direction. If it has already signaled for the corresponding PW LSP 689 in that direction, nothing more needs to be done. Otherwise, it must 690 initiate such signaling by sending a Label Mapping message to PE1. 691 This is very similar to the Label Mapping message PE2 received, but 692 the SAI and TAI are reversed. 694 Thus, a bidirectional PW consists of two LSPs, where the FEC of one 695 has the SAII and TAII reversed with respect to the FEC of the other. 697 6.3. Signaling of Pseudowire Status 699 6.3.1. Use of Label Mapping Messages 701 The PEs MUST send Label Mapping Messages to their peers as soon as 702 the PW is configured and administratively enabled, regardless of the 703 attachment circuit state. The PW label should not be withdrawn 704 unless the operator administratively configures the pseudowire down 705 (or the PW configuration is deleted entirely). Using the procedures 706 outlined in this section, a simple label withdraw method MAY also be 707 supported as a legacy means of signaling PW status and AC status. In 708 any case, if the label-to-PW binding is not available the PW MUST be 709 considered in the down state. 711 Once the PW status negotiation procedures are completed and if they 712 result in the use of the label withdraw method for PW status 713 communication, and this method is not supported by one of the PEs, 714 then that PE must send a Label Release Message to its peer with the 715 following error: 717 "Label Withdraw PW Status Method Not Supported" 719 If the label withdraw method for PW status communication is selected 720 for the PW, it will result in the Label Mapping Message being 721 advertised only if the attachment circuit is active. The PW status 722 signaling procedures described in this section MUST be fully 723 implemented. 725 6.3.2. Signaling PW Status 727 The PE devices use an LDP TLV to indicate status to their remote 728 peers. This PW Status TLV contains more information than the 729 alternative simple Label Withdraw message. 731 The format of the PW Status TLV is: 733 0 1 2 3 734 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 735 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 736 |1|0| PW Status (0x096A) | Length | 737 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 738 | Status Code | 739 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 741 The status code is a 4 octet bit field as specified in the PW IANA 742 Allocations document [RFC4446]. The length specifies the length of 743 the Status Code field in octets (equal to 4). 745 Each bit in the status code field can be set individually to indicate 746 more than a single failure at once. Each fault can be cleared by 747 sending an appropriate Notification message in which the respective 748 bit is cleared. The presence of the lowest bit (PW Not Forwarding) 749 acts only as a generic failure indication when there is a link-down 750 event for which none of the other bits apply. 752 The Status TLV is transported to the remote PW peer via the LDP 753 Notification message as described in [RFC5036]. The format of the 754 Notification Message for carrying the PW Status is as follows: 756 0 1 2 3 757 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 758 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 759 |0| Notification (0x0001) | Message Length | 760 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 761 | Message ID | 762 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 763 | Status (TLV) | 764 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 765 | PW Status TLV | 766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 767 | PWId FEC TLV or Generalized ID FEC TLV | 768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 | PW Group ID TLV (Optional) | 770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 The Status TLV status code is set to 0x00000028, "PW status", to 773 indicate that PW status follows. Since this notification does not 774 refer to any particular message, the Message Id field is set to 0. 776 The PW FEC TLV SHOULD NOT include the interface parameter sub-TLVs, 777 as they are ignored in the context of this message. However the PW 778 FEC TLV MUST include the C-bit, where aplicable, as it is part of the 779 FEC. When a PE's attachment circuit encounters an error, use of the 780 PW Notification Message allows the PE to send a single "wild card" 781 status message, using a PW FEC TLV with only the group ID set, to 782 denote this change in status for all affected PW connections. This 783 status message contains either the PW FEC TLV with only the group ID 784 set, or else it contains the Generalized FEC TLV with only the PW 785 Group ID TLV. 787 As mentioned above, the Group ID field of the PWid FEC element, or 788 the PW Grouping ID TLV used with the Generalized PWid FEC element, 789 can be used to send a status notification for all arbitrary sets of 790 PWs. This procedure is OPTIONAL, and if it is implemented, the LDP 791 Notification message should be as follows: If the PWid FEC element is 792 used, the PW information length field is set to 0, the PW ID field is 793 not present, and the interface parameter sub-TLVs are not present. 794 If the Generalized FEC element is used, the AGI, SAII, and TAII are 795 not present, the PW information length field is set to 0, the PW 796 Group ID TLV is included, and the Interface Parameters TLV is 797 omitted. For the purpose of this document, this is called the "wild 798 card PW status notification procedure", and all PEs implementing this 799 design are REQUIRED to accept such a notification message but are not 800 required to send it. 802 6.3.3. Pseudowire Status Negotiation Procedures 804 When a PW is first set up, the PEs MUST attempt to negotiate the 805 usage of the PW status TLV. This is accomplished as follows: A PE 806 that supports the PW Status TLV MUST include it in the initial Label 807 Mapping message following the PW FEC and the interface parameter 808 sub-TLVs. The PW Status TLV will then be used for the lifetime of 809 the pseudowire. This is shown in the following diagram: 811 0 1 2 3 812 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 813 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 814 | | 815 + PWId FEC or Generalized ID FEC + 816 | | 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 | Interface Parameters | 819 | " | 820 | " | 821 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 822 |0|0| Generic Label (0x0200) | Length | 823 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 824 | Label | 825 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 826 |1|0| PW Status (0x096A) | Length | 827 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 828 | Status Code | 829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 831 If a PW Status TLV is included in the initial Label Mapping message 832 for a PW, then if the Label Mapping message from the remote PE for 833 that PW does not include a PW status TLV, or if the remote PE does 834 not support the PW Status TLV, the PW will revert to the label 835 withdraw method of signaling PW status. Note that if the PW Status 836 TLV is not supported by the remote peer, the peer will automatically 837 ignore it, since the I (ignore) bit is set in the TLV. The PW Status 838 TLV, therefore, will not be present in the corresponding FEC 839 advertisement from the remote LDP peer, which results in exactly the 840 above behavior. 842 If the PW Status TLV is not present following the FEC TLV in the 843 initial PW Label Mapping message received by a PE, then the PW Status 844 TLV will not be used, and both PEs supporting the pseudowire will 845 revert to the label withdraw procedure for signaling status changes. 847 If the negotiation process results in the usage of the PW status TLV, 848 then the actual PW status is determined by the PW status TLV that was 849 sent within the initial PW Label Mapping message. Subsequent updates 850 of PW status are conveyed through the notification message. 852 6.4. Interface Parameters Sub-TLV 854 This field specifies interface-specific parameters. When applicable, 855 it MUST be used to validate that the PEs and the ingress and egress 856 ports at the edges of the circuit have the necessary capabilities to 857 interoperate with each other. The field structure is defined as 858 follows: 860 0 1 2 3 861 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 862 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 863 | Sub-TLV Type | Length | Variable Length Value | 864 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 865 | Variable Length Value | 866 | " | 867 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 869 The interface parameter sub-TLV type values are specified in "IANA 870 Allocations for Pseudowire Edge to Edge Emulation (PWE3)" [RFC4446]. 872 The Length field is defined as the length of the interface parameter 873 including the parameter id and length field itself. Processing of 874 the interface parameters should continue when unknown interface 875 parameters are encountered, and they MUST be silently ignored. 877 - Interface MTU sub-TLV type 879 A 2 octet value indicating the MTU in octets. This is the 880 Maximum Transmission Unit, excluding encapsulation overhead, of 881 the egress packet interface that will be transmitting the 882 decapsulated PDU that is received from the MPLS-enabled network. 883 This parameter is applicable only to PWs transporting packets and 884 is REQUIRED for these PW types. If this parameter does not match 885 in both directions of a specific PW, that PW MUST NOT be enabled. 887 - Optional Interface Description string sub-TLV type 889 This arbitrary, and OPTIONAL, interface description string is 890 used to send a human-readable administrative string describing 891 the interface to the remote. This parameter is OPTIONAL, and is 892 applicable to all PW types. The interface description parameter 893 string length is variable, and can be from 0 to 80 octets. 894 Human-readable text MUST be provided in the UTF-8 charset using 895 the Default Language [RFC2277]. 897 6.5. LDP label Withdrawal procedures 899 As mentioned above, the Group ID field of the PWid FEC element, or 900 the PW Grouping ID TLV used with the Generalized PWid FEC element, 901 can be used to withdraw all PW labels associated with a particular PW 902 group. This procedure is OPTIONAL, and if it is implemented, the LDP 903 Label Withdraw message should be as follows: If the PWid FEC element 904 is used, the PW information length field is set to 0, the PW ID field 905 is not present, the interface parameter sub-TLVs are not present, and 906 the Label TLV is not present. If the Generalized FEC element is 907 used, the AGI, SAII, and TAII are not present, the PW information 908 length field is set to 0, the PW Group ID TLV is included, the 909 Interface Parameters TLV is not present, and the Label TLV is not 910 present. For the purpose of this document, this is called the "wild 911 card withdraw procedure", and all PEs implementing this design are 912 REQUIRED to accept such withdrawn message but are not required to 913 send it. Note that the PW Group ID TLV only applies to PWs using the 914 Generalized ID FEC element, while the Group ID only applies to PWid 915 FEC element. 917 The interface parameter sub-TLVs, or TLV, MUST NOT be present in any 918 LDP PW Label Withdraw or Label Release message. A wild card Label 919 Release message MUST include only the group ID, or Grouping ID TLV. 920 A Label Release message initiated by a PE router must always include 921 the PW ID. 923 7. Control Word 925 7.1. PW Types for which the Control Word is REQUIRED 927 The Label Mapping messages that are sent in order to set up these PWs 928 MUST have C=1. When a Label Mapping message for a PW of one of these 929 types is received and C=0, a Label Release message MUST be sent, with 930 an "Illegal C-bit" status code. In this case, the PW will not be 931 enabled 933 7.2. PW Types for which the Control Word is NOT mandatory 935 If a system is capable of sending and receiving the control word on 936 PW types for which the control word is not mandatory, then each such 937 PW endpoint MUST be configurable with a parameter that specifies 938 whether the use of the control word is PREFERRED or NOT PREFERRED. 939 For each PW, there MUST be a default value of this parameter. This 940 specification does NOT state what the default value should be. 942 If a system is NOT capable of sending and receiving the control word 943 on PW types for which the control word is not mandatory, then it 944 behaves exactly as if it were configured for the use of the control 945 word to be NOT PREFERRED. 947 If a Label Mapping message for the PW has already been received but 948 no Label Mapping message for the PW has yet been sent, then the 949 procedure is as follows: 951 -i. If the received Label Mapping message has C=0, send a Label 952 Mapping message with C=0; the control word is not used. 953 -ii. If the received Label Mapping message has C=1, and the PW is 954 locally configured such that the use of the control word is 955 preferred, then send a Label Mapping message with C=1; the 956 control word is used. 957 -iii. If the received Label Mapping message has C=1, and the PW is 958 locally configured such that the use of the control word is 959 not preferred or the control word is not supported, then act 960 as if no Label Mapping message for the PW had been received 961 (That is: proceed to the next paragraph). 963 If a Label Mapping message for the PW has not already been received 964 (or if the received Label Mapping message had C=1 and either local 965 configuration says that the use of the control word is not preferred 966 or the control word is not supported), then send a Label Mapping 967 message in which the C-bit is set to correspond to the locally 968 configured preference for use of the control word. (That is, set C=1 969 if locally configured to prefer the control word, and set C=0 if 970 locally configured to prefer not to use the control word or if the 971 control word is not supported). 973 The next action depends on what control message is next received for 974 that PW. The possibilities are as follows: 976 -i. A Label Mapping message with the same C-bit value as 977 specified in the Label Mapping message that was sent. PW 978 setup is now complete, and the control word is used if C=1 979 but is not used if C=0. 981 -ii. A Label Mapping message with C=1, but the Label Mapping 982 message that was sent has C=0. In this case, ignore the 983 received Label Mapping message and continue to wait for the 984 next control message for the PW. 986 -iii. A Label Mapping message with C=0, but the Label Mapping 987 message that was sent has C=1. In this case, send a Label 988 Withdraw message with a "Wrong C-bit" status code, followed 989 by a Label Mapping message that has C=0. PW setup is now 990 complete, and the control word is not used. 992 -iv. A Label Withdraw message with the "Wrong C-bit" status code. 993 Treat as a normal Label Withdraw, but do not respond. 994 Continue to wait for the next control message for the PW. 996 If at any time after a Label Mapping message has been received a 997 corresponding Label Withdraw or Release is received, the action taken 998 is the same as for any Label Withdraw or Release that might be 999 received at any time. 1001 If both endpoints prefer the use of the control word, this procedure 1002 will cause it to be used. If either endpoint prefers not to use the 1003 control word or does not support the control word, this procedure 1004 will cause it not to be used. If one endpoint prefers to use the 1005 control word but the other does not, the one that prefers not to use 1006 it has no extra protocol to execute; it just waits for a Label 1007 Mapping message that has C=0. 1009 7.3. Control-Word Renegotiation by Label Request Message 1011 It is possible that after the PW C-bit negotation procedure described 1012 above is completed, the local PE is re-provisioned with a different 1013 control word preference. Therefore once the Control-Word negotation 1014 procedures are completed, the procedure can be restarted as follows: 1015 -i. If local PE has previously sent a Label Mapping message, it 1016 MUST send a Label Withdraw message to remote PE and wait 1017 until it has received a Label Release message from the 1018 remote PE. 1019 -ii. the local PE MUST send a label release message to the remote 1020 PE for the specific label associated with the FEC that was 1021 advertized for this specific PW. Note: the above-mentioned 1022 steps of the Label Release message and Label Withdraw 1023 message are not required to be excuted in any specific 1024 sequence. 1025 -iii. The local PE MUST send a Label Request message to the peer 1026 PE, and then MUST wait until it receives a Label Mapping 1027 message containing the remote PE's currently configured 1028 preference for use of the control word. 1030 Once the remote PE has successfully processed the Label Withdraw 1031 message and Label Release messages, it will reset the C-bit 1032 negotation state machine and its use of the control word with the 1033 locally configured preference. 1035 From this point on the local and remote PEs will follow the C-bit 1036 negotaiation procedures defined in the previous section. 1038 The above C-bit renegotation process SHOULD NOT be interupted until 1039 it is completed, or unpredictable results might occur. 1041 7.4. Sequencing Considerations 1043 In the case where the router considers the sequence number field in 1044 the control word, it is important to note the following details when 1045 advertising labels. 1047 7.4.1. Label Advertisements 1049 After a label has been withdrawn by the output router and/or released 1050 by the input router, care must be taken not to advertise (re-use) the 1051 same released label until the output router can be reasonably certain 1052 that old packets containing the released label no longer persist in 1053 the MPLS-enabled network. 1055 This precaution is required to prevent the imposition router from 1056 restarting packet forwarding with a sequence number of 1 when it 1057 receives a Label Mapping message that binds the same FEC to the same 1058 label if there are still older packets in the network with a sequence 1059 number between 1 and 32768. For example, if there is a packet with a 1060 sequence number=n, where n is in the interval [1,32768] traveling 1061 through the network, it would be possible for the disposition router 1062 to receive that packet after it re-advertises the label. Since the 1063 label has been released by the imposition router, the disposition 1064 router SHOULD be expecting the next packet to arrive with a sequence 1065 number of 1. Receipt of a packet with a sequence number equal to n 1066 will result in n packets potentially being rejected by the 1067 disposition router until the imposition router imposes a sequence 1068 number of n+1 into a packet. Possible methods to avoid this are for 1069 the disposition router always to advertise a different PW label, or 1070 for the disposition router to wait for a sufficient time before 1071 attempting to re-advertise a recently released label. This is only 1072 an issue when sequence number processing is enabled at the 1073 disposition router. 1075 7.4.2. Label Release 1077 In situations where the imposition router wants to restart forwarding 1078 of packets with sequence number 1, the router shall 1) send to the 1079 disposition router a Label Release Message, and 2) send to the 1080 disposition router a Label Request message. When sequencing is 1081 supported, advertisement of a PW label in response to a Label Request 1082 message MUST also consider the issues discussed in the section on 1083 Label Advertisements. 1085 8. IANA Considerations 1087 The authors request that IANA remove this section before publication 1088 and that IANA update any references to [RFC4447] in their registries 1089 to refer to this document. 1091 9. Security Considerations 1093 This document specifies the LDP extensions that are needed for 1094 setting up and maintaining pseudowires. The purpose of setting up 1095 pseudowires is to enable Layer 2 frames to be encapsulated in MPLS 1096 and transmitted from one end of a pseudowire to the other. Therefore 1097 we treat the security considerations for both the data plane and the 1098 control plane. 1100 9.1. Data-Plane Security 1102 With regard to the security of the data plane, the following areas 1103 must be considered: 1105 - MPLS PDU inspection. 1106 - MPLS PDU spoofing. 1107 - MPLS PDU alteration. 1108 - MPLS PSN protocol security. 1109 - Access Circuit security. 1110 - Denial of service prevention on the PE routers. 1112 When an MPLS PSN is used to provide pseudowire service, there is a 1113 perception that security MUST be at least equal to the currently 1114 deployed Layer 2 native protocol networks that the MPLS/PW network 1115 combination is emulating. This means that the MPLS-enabled network 1116 SHOULD be isolated from outside packet insertion in such a way that 1117 it SHOULD NOT be possible to insert an MPLS packet into the network 1118 directly. To prevent unwanted packet insertion, it is also important 1119 to prevent unauthorized physical access to the PSN, as well as 1120 unauthorized administrative access to individual network elements. 1122 As mentioned above, an MPLS-enabled network should not accept MPLS 1123 packets from its external interfaces (i.e., interfaces to CE devices 1124 or to other providers' networks) unless the top label of the packet 1125 was legitimately distributed to the system from which the packet is 1126 being received. If the packet's incoming interface leads to a 1127 different SP (rather than to a customer), an appropriate trust 1128 relationship must also be present, including the trust that the other 1129 SP also provides appropriate security measures. 1131 The three main security problems faced when using an MPLS-enabled 1132 network to transport PWs are spoofing, alteration, and inspection. 1133 First, there is a possibility that the PE receiving PW PDUs will get 1134 a PDU that appears to be from the PE transmitting the PW into the 1135 PSN, but that was not actually transmitted by the PE originating the 1136 PW. (That is, the specified encapsulations do not by themselves 1137 enable the decapsulator to authenticate the encapsulator.) A second 1138 problem is the possibility that the PW PDU will be altered between 1139 the time it enters the PSN and the time it leaves the PSN (i.e., the 1140 specified encapsulations do not by themselves assure the decapsulator 1141 of the packet's integrity.) A third problem is the possibility that 1142 the PDU's contents will be seen while the PDU is in transit through 1143 the PSN (i.e., the specification encapsulations do not ensure 1144 privacy.) How significant these issues are in practice depends on 1145 the security requirements of the applications whose traffic is being 1146 sent through the tunnel, and how secure the PSN itself is. 1148 9.2. Control-Plane Security 1150 General security considerations with regard to the use of LDP are 1151 specified in section 5 of [RFC5036]. Those considerations also apply 1152 to the case where LDP is used to set up pseudowires. 1154 A pseudowire connects two attachment circuits. It is important to 1155 make sure that LDP connections are not arbitrarily accepted from 1156 anywhere, or else a local attachment circuit might get connected to 1157 an arbitrary remote attachment circuit. Therefore, an incoming LDP 1158 session request MUST NOT be accepted unless its IP source address is 1159 known to be the source of an "eligible" LDP peer. The set of 1160 eligible peers could be pre-configured (either as a list of IP 1161 addresses, or as a list of address/mask combinations), or it could be 1162 discovered dynamically via an auto-discovery protocol that is itself 1163 trusted. (Obviously, if the auto-discovery protocol were not 1164 trusted, the set of "eligible peers" it produces could not be 1165 trusted.) 1167 Even if an LDP connection request appears to come from an eligible 1168 peer, its source address may have been spoofed. Therefore, some 1169 means of preventing source address spoofing must be in place. For 1170 example, if all the eligible peers are in the same network, source 1171 address filtering at the border routers of that network could 1172 eliminate the possibility of source address spoofing. 1174 The LDP MD5 authentication key option, as described in section 2.9 of 1175 [RFC5036], MUST be implemented, and for a greater degree of security, 1176 it must be used. This provides integrity and authentication for the 1177 LDP messages and eliminates the possibility of source address 1178 spoofing. Use of the MD5 option does not provide privacy, but 1179 privacy of the LDP control messages is not usually considered 1180 important. As the MD5 option relies on the configuration of pre- 1181 shared keys, it does not provide much protection against replay 1182 attacks. In addition, its reliance on pre-shared keys may make it 1183 very difficult to deploy when the set of eligible neighbors is 1184 determined by an auto-configuration protocol. 1186 When the Generalized PWid FEC Element is used, it is possible that a 1187 particular LDP peer may be one of the eligible LDP peers but may not 1188 be the right one to connect to the particular attachment circuit 1189 identified by the particular instance of the Generalized PWid FEC 1190 element. However, given that the peer is known to be one of the 1191 eligible peers (as discussed above), this would be the result of a 1192 configuration error, rather than a security problem. Nevertheless, 1193 it may be advisable for a PE to associate each of its local 1194 attachment circuits with a set of eligible peers rather than have 1195 just a single set of eligible peers associated with the PE as a 1196 whole. 1198 10. Interoperability and Deployment 1200 Section 2.2. of [RFC6410] specifies four requirements that an 1201 Internet Standard must meet. This section documents how this 1202 document meets those requirements. 1204 The pseudowire technology was first deployed in 2001 and has been 1205 widely deployed by many carriers. [RFC7079] documents the results of 1206 a survey of PW implementations, with specific emphasis on Control 1207 Word usage. [EANTC] documents a public multi-vendor interoperability 1208 test of MPLS and Carrier Ethernet equipment, which included testing 1209 of Ethernet, ATM and TDM pseudowires. 1211 The errata against [RFC4447] are generally editorial in nature and 1212 have been addressed in this document. 1214 All features in this specification have been implemented by multiple 1215 vendors. 1217 No IPR disloures have been made to the IETF related to this document, 1218 to RFC4447 or RFC6723, or to the Internet-Drafts that resulted in 1219 RFC4447 and RFC6723. 1221 11. Acknowledgments 1223 The authors wish to acknowledge the contributions of Vach Kompella, 1224 Vanson Lim, Wei Luo, Himanshu Shah, and Nick Weeds. 1226 12. Normative References 1228 [RFC2119] Bradner S., "Key words for use in RFCs to Indicate 1229 Requirement Levels", RFC 2119, March 1997 1231 [RFC5036] "LDP Specification." Andersson, L. Ed., 1232 Minei, I. Ed., Thomas, B. Ed. January 2001. RFC5036, 1233 October 2007 1235 [RFC3032] "MPLS Label Stack Encoding", Rosen E., Rekhter Y., 1236 Tappan D., Fedorkow G., Farinacci D., Li T., Conta A.. 1237 RFC3032 1239 [RFC4446] "IANA Allocations for pseudo Wire Edge to Edge Emulation 1240 (PWE3)" Martini L. RFC4446, April 2006 1242 [RFC7358] "Label Advertisement Discipline for LDP Forwarding 1243 Equivalence Classes (FECs)", Raza K., Boutros S., Martini L., 1244 RFC7358, October 2014 1246 13. Informative References 1248 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 1249 Languages", BCP 18, RFC 2277, January 1998. 1251 [RFC3985] "PWE3 Architecture" Bryant, et al., RFC3985. 1253 [RFC4842] "Synchronous Optical Network/Synchronous Digital Hierarchy 1254 (SONET/SDH) Circuit Emulation over Packet (CEP)", A. Malis, 1255 P. Pate, R. Cohen, Ed., D. Zelig, RFC4842, April 2007 1257 [RFC4553] "Structure-Agnostic Time Division Multiplexing (TDM) over 1258 Packet (SAToP)", Vainshtein A. Ed., Stein, YJ. Ed. RFC4553, 1259 June 2006 1261 [RFC4619] "Encapsulation Methods for Transport of Frame Relay over 1262 Multiprotocol Label Switching (MPLS) Networks", Martini L. Ed. 1263 C. Kawa Ed., A. Malis, Ed. RFC4619, September 2006 1265 [RFC4717] "Encapsulation Methods for Transport of Asynchronous 1266 Transfer Mode (ATM) over MPLS Networks", Martini L., Jayakumar 1267 J., Bocci M., El-Aawar N., Brayley J., Koleyni G. RFC4717, 1268 December 2006 1270 [RFC4618] "Encapsulation Methods for Transport of PPP/High-Level 1271 Data Link Control (HDLC) Frames over MPLS Networks", Martini L. 1272 Rosen E., Heron G., Malis A. RFC4618, September 2006 1274 [RFC4448] "Encapsulation Methods for Transport of Ethernet over 1275 MPLS Networks", Martini L. Ed., Rosen E., El-Aawar N., Heron 1276 G. RFC4448, April 2006. 1278 [RFC4447] "Pseudowire Setup and Maintenance Using the Label 1279 Distribution Protocol (LDP)", Martini L. Ed., Rosen E., 1280 El-Aawar N., Smith T., Heron G. RFC4447, April 2006 1282 [RFC6410] "Reducing the Standards Track to Two Maturity Levels", 1283 Housley R., Crocker D., Burger E. RFC6410, October 2011 1285 [RFC6723] "Update of the Pseudowire Control-Word Negotiation 1286 Mechanism", Jin L. Ed., Key R. Ed., Delord S., Nadeau T., 1287 Boutros S. RFC5723, September 2012 1289 [RFC6410] "Reducing the Standads Track to Two Maturity Levels", 1290 Housley R., Crocker D., Burger E. RFC6410, October 2011 1292 [RFC7079] "The Pseudowire (PW) and Virtual Circuit Connectivity 1293 Verification (VCCV) Implementation Survey Results", Del Regno 1294 N., Malis A. RFC7079, November 2013 1296 [ANSI] American National Standards Institute, "Synchronous Optical 1297 Network Formats", ANSI T1.105-1995. 1299 [ITUG] ITU Recommendation G.707, "Network Node Interface For The 1300 Synchronous Digital Hierarchy", 1996. 1302 [EANTC] The European Advanced Networking Test Center "MPLS and 1303 Carrier Ethernet: Service - Connect - Transport. Public 1304 Multi-Vendor Interoperability Test", February 2009. 1306 14. Author Information 1308 Luca Martini 1309 Cisco Systems, Inc. 1310 1899 Wynkoop Street 1311 Suite 600 1312 Denver, CO, 80202 1313 e-mail: lmartini@cisco.com 1315 Giles Heron 1316 Cisco Systems 1317 10 New Square 1318 Bedfont Lakes 1319 Feltham 1320 Middlesex 1321 TW14 8HA 1322 UK 1323 e-mail: giheron@cisco.com 1325 15. Additional Historical Contributing Authors 1327 This historical list is from the original RFC, and is not updated. It 1328 is intended for recognition of their work on RFC4447. 1330 Nasser El-Aawar 1331 Level 3 Communications, LLC. 1332 1025 Eldorado Blvd. 1333 Broomfield, CO, 80021 1334 e-mail: nna@level3.net 1336 Eric C. Rosen 1337 Cisco Systems, Inc. 1338 1414 Massachusetts Avenue 1339 Boxborough, MA 01719 1340 e-mail: erosen@cisco.com 1342 Dan Tappan 1343 Cisco Systems, Inc. 1344 1414 Massachusetts Avenue 1345 Boxborough, MA 01719 1346 e-mail: tappan@cisco.com 1347 Toby Smith 1348 Google 1349 6425 Penn Ave. #700 1350 Pittsburgh, PA 15206 1351 e-mail: tob@google.com 1353 Dimitri Vlachos 1354 Riverbed Technology 1355 e-mail: dimitri@riverbed.com 1357 Jayakumar Jayakumar, 1358 Cisco Systems Inc. 1359 3800 Zanker Road, MS-SJ02/2, 1360 San Jose, CA, 95134 1361 e-mail: jjayakum@cisco.com 1363 Alex Hamilton, 1364 Cisco Systems Inc. 1365 485 East Tasman Drive, MS-SJC07/3, 1366 San Jose, CA, 95134 1367 e-mail: tahamilt@cisco.com 1369 Steve Vogelsang 1370 ECI Telecom 1371 Omega Corporate Center 1372 1300 Omega Drive 1373 Pittsburgh, PA 15205 1374 e-mail: stephen.vogelsang@ecitele.com 1376 John Shirron 1377 ECI Telecom 1378 Omega Corporate Center 1379 1300 Omega Drive 1380 Pittsburgh, PA 15205 1381 e-mail: john.shirron@ecitele.com 1383 Andrew G. Malis 1384 Verizon 1385 60 Sylvan Rd. 1386 Waltham, MA 02451 1387 e-mail: andrew.g.malis@verizon.com 1388 Vinai Sirkay 1389 Reliance Infocomm 1390 Dhirubai Ambani Knowledge City 1391 Navi Mumbai 400 709 1392 e-mail: vinai@sirkay.com 1394 Vasile Radoaca 1395 Nortel Networks 1396 600 Technology Park 1397 Billerica MA 01821 1398 e-mail: vasile@nortelnetworks.com 1400 Chris Liljenstolpe 1401 149 Santa Monica Way 1402 San Francisco, CA 94127 1403 e-mail: ietf@cdl.asgaard.org 1405 Dave Cooper 1406 Global Crossing 1407 960 Hamlin Court 1408 Sunnyvale, CA 94089 1409 e-mail: dcooper@gblx.net 1411 Kireeti Kompella 1412 Juniper Networks 1413 1194 N. Mathilda Ave 1414 Sunnyvale, CA 94089 1415 e-mail: kireeti@juniper.net 1417 Copyright Notice 1419 Copyright (c) 2016 IETF Trust and the persons identified as the 1420 document authors. All rights reserved. 1422 This document is subject to BCP 78 and the IETF Trust's Legal 1423 Provisions Relating to IETF Documents 1424 (http://trustee.ietf.org/license-info) in effect on the date of 1425 publication of this document. Please review these documents 1426 carefully, as they describe your rights and restrictions with respect 1427 to this document. Code Components extracted from this document must 1428 include Simplified BSD License text as described in Section 4.e of 1429 the Trust Legal Provisions and are provided without warranty as 1430 described in the Simplified BSD License. 1432 This document may contain material from IETF Documents or IETF 1433 Contributions published or made publicly available before November 1434 10, 2008. The person(s) controlling the copyright in some of this 1435 material may not have granted the IETF Trust the right to allow 1436 modifications of such material outside the IETF Standards Process. 1437 Without obtaining an adequate license from the person(s) controlling 1438 the copyright in such materials, this document may not be modified 1439 outside the IETF Standards Process, and derivative works of it may 1440 not be created outside the IETF Standards Process, except to format 1441 it for publication as an RFC or to translate it into languages other 1442 than English. 1444 Expiration Date: December 2016