idnits 2.17.1 draft-ietf-pwe3-rfc4447bis-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 9, 2015) is 3308 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1004 -- Looks like a reference, but probably isn't: '32768' on line 1004 ** Obsolete normative reference: RFC 6723 (Obsoleted by RFC 8077) -- Obsolete informational reference (is this intentional?): RFC 4447 (Obsoleted by RFC 8077) Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Luca Martini Ed. 3 Internet Draft Giles Heron Ed. 4 Intended status: Standards Track 5 Expires: September 9, 2015 Cisco 7 March 9, 2015 9 Pseudowire Setup and Maintenance using the Label Distribution Protocol 11 draft-ietf-pwe3-rfc4447bis-03.txt 13 Status of this Memo 15 This Internet-Draft is submitted to IETF in full conformance with the 16 provisions of BCP 78 and BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on September 9, 2015 36 Abstract 38 Layer 2 services (such as Frame Relay, Asynchronous Transfer Mode, 39 and Ethernet) can be "emulated" over an MPLS backbone by 40 encapsulating the Layer 2 Protocol Data Units (PDU) and then 41 transmitting them over "pseudowires". It is also possible to use 42 pseudowires to provide low-rate Time Division Multiplexed and 43 Synchronous Optical NETworking circuit emulation over an MPLS-enabled 44 network. This document specifies a protocol for establishing and 45 maintaining the pseudowires, using extensions to the Label 46 Distribution Protocol (LDP). Procedures for encapsulating Layer 2 47 PDUs are specified in a set of companion documents. 49 This document has been written to address errata in a previous 50 version of this standard. 52 Table of Contents 54 1 Introduction ......................................... 4 55 2 Specification of Requirements ........................ 6 56 3 The Pseudowire Label ................................. 6 57 4 Details Specific to Particular Emulated Services ..... 8 58 4.1 IP Layer 2 Transport ................................. 8 59 5 LDP .................................................. 8 60 5.1 The PWid FEC Element ................................. 9 61 5.2 The Generalized PWid FEC Element ..................... 11 62 5.2.1 Attachment Identifiers ............................... 11 63 5.2.2 Encoding the Generalized PWid FEC Element ............ 13 64 5.2.2.1 Interface Parameters TLV ............................. 14 65 5.2.2.2 PW Grouping ID TLV ................................... 14 66 5.2.3 Signaling Procedures ................................. 15 67 5.3 Signaling of Pseudowire Status ....................... 16 68 5.3.1 Use of Label Mapping Messages ........................ 16 69 5.3.2 Signaling PW Status .................................. 17 70 5.3.3 Pseudowire Status Negotiation Procedures ............. 18 71 5.4 Interface Parameters Sub-TLV ......................... 20 72 5.5 LDP label Withdrawal procedures ...................... 21 73 6 Control Word ......................................... 21 74 6.1 PW Types for which the Control Word is REQUIRED ...... 21 75 6.2 PW Types for which the Control Word is NOT mandatory . 21 76 6.3 Control-Word Renegotiation by Label Request Message .. 23 77 6.4 Sequencing Considerations ............................ 23 78 6.4.1 Label Advertisements ................................. 23 79 6.4.2 Label Release ........................................ 24 80 7 IANA Considerations .................................. 24 81 7.1 LDP TLV TYPE ......................................... 24 82 7.2 LDP Status Codes ..................................... 24 83 7.3 FEC Type Name Space .................................. 25 84 8 Security Considerations .............................. 25 85 8.1 Data-Plane Security .................................. 25 86 8.2 Control-Plane Security ............................... 26 87 9 Changes from RFC4447 ................................. 27 88 10 Acknowledgments ...................................... 27 89 11 Normative References ................................. 27 90 12 Informative References ............................... 28 91 13 Author Information ................................... 29 92 14 Additional Contributing Authors ...................... 29 94 1. Introduction 96 [RFC4619], [RFC4717], [RFC4618], and [RFC4448] explain how to 97 encapsulate a Layer 2 Protocol Data Unit (PDU) for transmission over 98 an MPLS-enabled network. Those documents specify that a "pseudowire 99 header", consisting of a demultiplexor field, will be prepended to 100 the encapsulated PDU. The pseudowire demultiplexor field is 101 prepended before transmitting a packet on a pseudowire. When the 102 packet arrives at the remote endpoint of the pseudowire, the 103 demultiplexor is what enables the receiver to identify the particular 104 pseudowire on which the packet has arrived. To transmit the packet 105 from one pseudowire endpoint to another, the packet may need to 106 travel through a "Packet Switched Network (PSN) tunnel"; this will 107 require that an additional header be prepended to the packet. 109 Accompanying documents [RFC4842], [RFC4553] specify methods for 110 transporting time-division multiplexing (TDM) digital signals (TDM 111 circuit emulation) over a packet-oriented MPLS-enabled network. The 112 transmission system for circuit-oriented TDM signals is the 113 Synchronous Optical Network [ANSI] (SONET)/Synchronous Digital 114 Hierarchy (SDH) [ITUG]. To support TDM traffic, which includes 115 voice, data, and private leased-line service, the pseudowires must 116 emulate the circuit characteristics of SONET/SDH payloads. The TDM 117 signals and payloads are encapsulated for transmission over 118 pseudowires. A pseudowire demultiplexor and a PSN tunnel header is 119 prepended to this encapsulation. 121 [RFC4553] describes methods for transporting low-rate time-division 122 multiplexing (TDM) digital signals (TDM circuit emulation) over PSNs, 123 while [RFC4842] similarly describes transport of high-rate TDM 124 (SONET/SDH). To support TDM traffic, the pseudowires must emulate 125 the circuit characteristics of the original T1, E1, T3, E3, SONET, or 126 SDH signals. [RFC4553] does this by encapsulating an arbitrary but 127 constant amount of the TDM data in each packet, and the other methods 128 encapsulate TDM structures. 130 In this document, we specify the use of the MPLS Label Distribution 131 Protocol, LDP [RFC5036], as a protocol for setting up and maintaining 132 the pseudowires. In particular, we define new TLVs, FEC elements, 133 parameters, and codes for LDP, which enable LDP to identify 134 pseudowires and to signal attributes of pseudowires. We specify how 135 a pseudowire endpoint uses these TLVs in LDP to bind a demultiplexor 136 field value to a pseudowire, and how it informs the remote endpoint 137 of the binding. We also specify procedures for reporting pseudowire 138 status changes, for passing additional information about the 139 pseudowire as needed, and for releasing the bindings. These 140 procedures are intended to be independent of the underlying version 141 of IP used for LDP signaling. 143 In the protocol specified herein, the pseudowire demultiplexor field 144 is an MPLS label. Thus, the packets that are transmitted from one 145 end of the pseudowire to the other are MPLS packets, which must be 146 transmitted through an MPLS tunnel. However, if the pseudowire 147 endpoints are immediately adjacent and penultimate hop popping 148 behavior is in use, the MPLS tunnel may not be necessary. Any sort 149 of PSN tunnel can be used, as long as it is possible to transmit MPLS 150 packets through it. The PSN tunnel can itself be an MPLS LSP, or any 151 other sort of tunnel that can carry MPLS packets. Procedures for 152 setting up and maintaining the MPLS tunnels are outside the scope of 153 this document. 155 This document deals only with the setup and maintenance of point-to- 156 point pseudowires. Neither point-to-multipoint nor multipoint-to- 157 point pseudowires are discussed. 159 QoS-related issues are not discussed in this document. 161 The following two figures describe the reference models that are 162 derived from [RFC3985] to support the PW emulated services. 164 |<-------------- Emulated Service ---------------->| 165 | | 166 | |<------- Pseudowire ------->| | 167 | | | | 168 |Attachment| |<-- PSN Tunnel -->| |Attachment| 169 | Circuit V V V V Circuit | 170 V (AC) +----+ +----+ (AC) V 171 +-----+ | | PE1|==================| PE2| | +-----+ 172 | |----------|............PW1.............|----------| | 173 | CE1 | | | | | | | | CE2 | 174 | |----------|............PW2.............|----------| | 175 +-----+ ^ | | |==================| | | ^ +-----+ 176 ^ | +----+ +----+ | | ^ 177 | | Provider Edge 1 Provider Edge 2 | | 178 | | | | 179 Customer | | Customer 180 Edge 1 | | Edge 2 181 | | 182 native service native service 184 Figure 1: PWE3 Reference Model 186 +-----------------+ +-----------------+ 187 |Emulated Service | |Emulated Service | 188 |(e.g., TDM, ATM) |<==== Emulated Service ===>|(e.g., TDM, ATM) | 189 +-----------------+ +-----------------+ 190 | Payload | | Payload | 191 | Encapsulation |<====== Pseudowire =======>| Encapsulation | 192 +-----------------+ +-----------------+ 193 |PW Demultiplexer | |PW Demultiplexer | 194 | PSN Tunnel, |<======= PSN Tunnel ======>| PSN Tunnel, | 195 | PSN & Physical | | PSN & Physical | 196 | Layers | | Layers | 197 +-------+---------+ ___________ +---------+-------+ 198 | / | 199 +===============/ PSN ===============+ 200 / 201 _____________/ 203 Figure 2: PWE3 Protocol Stack Reference Model 205 For the purpose of this document, PE1 will be defined as the ingress 206 router, and PE2 as the egress router. A layer 2 PDU will be received 207 at PE1, encapsulated at PE1, transported and decapsulated at PE2, and 208 transmitted out of PE2. 210 Note that this document was written to address errata in [RFC4447]. 212 2. Specification of Requirements 214 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 215 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 216 document are to be interpreted as described in [RFC2119]. 218 3. The Pseudowire Label 220 Suppose that it is desired to transport Layer 2 PDUs from ingress LSR 221 PE1 to egress LSR PE2, across an intervening MPLS-enabled network. 222 We assume that there is an MPLS tunnel from PE1 to PE2. That is, we 223 assume that PE1 can cause a packet to be delivered to PE2 by 224 encapsulating the packet in an "MPLS tunnel header" and sending the 225 result to one of its adjacencies. The MPLS tunnel is an MPLS Label 226 Switched Path (LSP); thus, putting on an MPLS tunnel encapsulation is 227 a matter of pushing on an MPLS label. 229 We presuppose that a large number of pseudowires can be carried 230 through a single MPLS tunnel. Thus it is never necessary to maintain 231 state in the network core for individual pseudowires. We do not 232 presuppose that the MPLS tunnels are point to point; although the 233 pseudowires are point to point, the MPLS tunnels may be multipoint to 234 point. We do not presuppose that PE2 will even be able to determine 235 the MPLS tunnel through which a received packet was transmitted. 236 (For example, if the MPLS tunnel is an LSP and penultimate hop 237 popping is used, when the packet arrives at PE2, it will contain no 238 information identifying the tunnel.) 240 When PE2 receives a packet over a pseudowire, it must be able to 241 determine that the packet was in fact received over a pseudowire, and 242 it must be able to associate that packet with a particular 243 pseudowire. PE2 is able to do this by examining the MPLS label that 244 serves as the pseudowire demultiplexor field shown in Figure 2. Call 245 this label the "PW label". 247 When PE1 sends a Layer 2 PDU to PE2, it creates an MPLS packet by 248 adding the PW label to the packet, thus creating the first entry of 249 the label stack. If the PSN tunnel is an MPLS LSP, the PE1 pushes 250 another label (the tunnel label) onto the packet as the second entry 251 of the label stack. The PW label is not visible again until the MPLS 252 packet reaches PE2. PE2's disposition of the packet is based on the 253 PW label. 255 If the payload of the MPLS packet is, for example, an ATM AAL5 PDU, 256 the PW label will generally correspond to a particular ATM VC at PE2. 257 That is, PE2 needs to be able to infer from the PW label the outgoing 258 interface and the VPI/VCI value for the AAL5 PDU. If the payload is 259 a Frame Relay PDU, then PE2 needs to be able to infer from the PW 260 label the outgoing interface and the DLCI value. If the payload is 261 an Ethernet frame, then PE2 needs to be able to infer from the PW 262 label the outgoing interface, and perhaps the VLAN identifier. This 263 process is uni-directional and will be repeated independently for 264 bi-directional operation. When using the PWid FEC Element, it is 265 REQUIRED that the same PW ID and PW type be assigned for a given 266 circuit in both directions. The group ID (see below) MUST NOT be 267 required to match in both directions. The transported frame MAY be 268 modified when it reaches the egress router. If the header of the 269 transported Layer 2 frame is modified, this MUST be done at the 270 egress LSR only. Note that the PW label must always be at the bottom 271 of the packet's label stack, and labels MUST be allocated from the 272 per-platform label space. 274 This document does not specify a method for distributing the MPLS 275 tunnel label or any other labels that may appear above the PW label 276 on the stack. Any acceptable method of MPLS label distribution will 277 do. This document specifies a protocol for assigning and 278 distributing the PW label. This protocol is LDP, extended as 279 specified in the remainder of this document. An LDP session must be 280 set up between the pseudowire endpoints. LDP MUST exchange PW FEC 281 label bindings in downstream unsolicited manner, independent of the 282 negotiated label advertisement mode of the LDP session. LDP's 283 "liberal label retention" mode SHOULD be used. 285 In addition to the protocol specified herein, static assignment of PW 286 labels may be used, and implementations of this protocol SHOULD 287 provide support for static assignment. PW encapsulation is always 288 symmetrical in both directions of traffic along a specific PW, 289 whether the PW uses an LDP control plane or not. 291 This document specifies all the procedures necessary to set up and 292 maintain the pseudowires needed to support "unswitched" point to 293 point services, where each endpoint of the pseudowire is provisioned 294 with the identity of the other endpoint. There are also protocol 295 mechanisms specified herein that can be used to support switched 296 services and other provisioning models. However, the use of the 297 protocol mechanisms to support those other models and services is not 298 described in this document. 300 4. Details Specific to Particular Emulated Services 302 4.1. IP Layer 2 Transport 304 This mode carries IP packets over a pseudowire. The encapsulation 305 used is according to [RFC3032]. The PW control word MAY be inserted 306 between the MPLS label stack and the IP payload. The encapsulation 307 of the IP packets for forwarding on the attachment circuit is 308 implementation specific, is part of the native service processing 309 (NSP) function [RFC3985], and is outside the scope of this document. 311 5. LDP 313 The PW label bindings are distributed using the LDP downstream 314 unsolicited mode described in [RFC5036]. The PEs will establish an 315 LDP session using the Extended Discovery mechanism described in [LDP, 316 sectionn 2.4.2 and 2.5]. 318 An LDP Label Mapping message contains an FEC TLV, a Label TLV, and 319 zero or more optional parameter TLVs. 321 The FEC TLV is used to indicate the meaning of the label. In the 322 current context, the FEC TLV would be used to identify the particular 323 pseudowire that a particular label is bound to. In this 324 specification, we define two new FEC TLVs to be used for identifying 325 pseudowires. When setting up a particular pseudowire, only one of 326 these FEC TLVs is used. The one to be used will depend on the 327 particular service being emulated and on the particular provisioning 328 model being supported. 330 LDP allows each FEC TLV to consist of a set of FEC elements. For 331 setting up and maintaining pseudowires, however, each FEC TLV MUST 332 contain exactly one FEC element. 334 The LDP base specification has several kinds of label TLVs, including 335 the Generic Label TLV, as specified in [RFC5036], section 3.4.2.1. 336 For setting up and maintaining pseudowires, the Generic Label TLV 337 MUST be used. 339 5.1. The PWid FEC Element 341 The PWid FEC element may be used whenever both pseudowire endpoints 342 have been provisioned with the same 32-bit identifier for the 343 pseudowire. 345 For this purpose, a new type of FEC element is defined. The FEC 346 element type is 0x80 and is defined as follows: 348 0 1 2 3 349 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | PWid (0x80) |C| PW type |PW info Length | 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 | Group ID | 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 | PW ID | 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 | Interface Parameter Sub-TLV | 358 | " | 359 | " | 360 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 - PW type 364 A 15 bit quantity containing a value that represents the type of 365 PW. Assigned Values are specified in "IANA Allocations for 366 pseudo Wire Edge to Edge Emulation (PWE3)" [RFC4446]. 368 - Control word bit (C) 370 The bit (C) is used to flag the presence of a control word as 371 follows: 373 C = 1 control word present on this PW. 374 C = 0 no control word present on this PW. 376 Please see the section "Control Word" for further explanation. 378 - PW information length 380 Length of the PW ID field and the interface parameters sub-TLV in 381 octets. If this value is 0, then it references all PWs using the 382 specified group ID, and there is no PW ID present, nor are there 383 any interface parameter sub-TLVs. 385 - Group ID 387 An arbitrary 32 bit value which represents a group of PWs that is 388 used to create groups in the PW space. The group ID is intended 389 to be used as a port index, or a virtual tunnel index. To 390 simplify configuration a particular PW ID at ingress could be 391 part of a Group ID assigned to the virtual tunnel for transport 392 to the egress router. The Group ID is very useful for sending 393 wild card label withdrawals, or PW wild card status notification 394 messages to remote PEs upon physical port failure. 396 - PW ID 398 A non-zero 32-bit connection ID that together with the PW type 399 identifies a particular PW. Note that the PW ID and the PW type 400 MUST be the same at both endpoints. 402 - Interface Parameter Sub-TLV 404 This variable length TLV is used to provide interface specific 405 parameters, such as attachment circuit MTU. 407 Note that as the "interface parameter sub-TLV" is part of the 408 FEC, the rules of LDP make it impossible to change the interface 409 parameters once the pseudowire has been set up. Thus the 410 interface parameters field must not be used to pass information, 411 such as status information, that may change during the life of 412 the pseudowire. Optional parameter TLVs should be used for that 413 purpose. 415 Using the PWid FEC, each of the two pseudowire endpoints 416 independently initiates the setup of a unidirectional LSP. An 417 outgoing LSP and an incoming LSP are bound together into a single 418 pseudowire if they have the same PW ID and PW type. 420 5.2. The Generalized PWid FEC Element 422 The PWid FEC element can be used if a unique 32-bit value has been 423 assigned to the PW, and if each endpoint has been provisioned with 424 that value. The Generalized PWid FEC element requires that the PW 425 endpoints be uniquely identified; the PW itself is identified as a 426 pair of endpoints. In addition, the endpoint identifiers are 427 structured to support applications where the identity of the remote 428 endpoints needs to be auto-discovered rather than statically 429 configured. 431 The "Generalized PWid FEC Element" is FEC type 0x81. 433 The Generalized PWid FEC Element does not contain anything 434 corresponding to the "Group ID" of the PWid FEC element. The 435 functionality of the "Group ID" is provided by a separate optional 436 LDP TLV, the "PW Grouping TLV", described below. The Interface 437 Parameters field of the PWid FEC element is also absent; its 438 functionality is replaced by the optional Interface Parameters TLV, 439 described below. 441 5.2.1. Attachment Identifiers 443 As discussed in [RFC3985], a pseudowire can be thought of as 444 connecting two "forwarders". The protocol used to set up a 445 pseudowire must allow the forwarder at one end of a pseudowire to 446 identify the forwarder at the other end. We use the term "attachment 447 identifier", or "AI", to refer to the field that the protocol uses to 448 identify the forwarders. In the PWid FEC, the PWid field serves as 449 the AI. In this section, we specify a more general form of AI that 450 is structured and of variable length. 452 Every Forwarder in a PE must be associated with an Attachment 453 Identifier (AI), either through configuration or through some 454 algorithm. The Attachment Identifier must be unique in the context 455 of the PE router in which the Forwarder resides. The combination must be globally unique. 458 It is frequently convenient to regard a set of Forwarders as being 459 members of a particular "group", where PWs may only be set up among 460 members of a group. In such cases, it is convenient to identify the 461 Forwarders relative to the group, so that an Attachment Identifier 462 would consist of an Attachment Group Identifier (AGI) plus an 463 Attachment Individual Identifier (AII). 465 An Attachment Group Identifier may be thought of as a VPN-id, or a 466 VLAN identifier, some attribute that is shared by all the Attachment 467 PWs (or pools thereof) that are allowed to be connected. 469 The details of how to construct the AGI and AII fields identifying 470 the pseudowire endpoints are outside the scope of this specification. 471 Different pseudowire applications, and different provisioning models, 472 will require different sorts of AGI and AII fields. The 473 specification of each such application and/or model must include the 474 rules for constructing the AGI and AII fields. 476 As previously discussed, a (bidirectional) pseudowire consists of a 477 pair of unidirectional LSPs, one in each direction. If a particular 478 pseudowire connects PE1 with PE2, the PW direction from PE1 to PE2 479 can be identified as: 481 , PE2, >, 483 and the PW direction from PE2 to PE1 can be identified by: 485 , PE1, >. 487 Note that the AGI must be the same at both endpoints, but the AII 488 will in general be different at each endpoint. Thus, from the 489 perspective of a particular PE, each pseudowire has a local or 490 "Source AII", and a remote or "Target AII". The pseudowire setup 491 protocol can carry all three of these quantities: 493 - Attachment Group Identifier (AGI). 495 - Source Attachment Individual Identifier (SAII) 497 - Target Attachment Individual Identifier (TAII) 499 If the AGI is non-null, then the Source AI (SAI) consists of the AGI 500 together with the SAII, and the Target AI (TAI) consists of the TAII 501 together with the AGI. If the AGI is null, then the SAII and TAII 502 are the SAI and TAI, respectively. 504 The interpretation of the SAI and TAI is a local matter at the 505 respective endpoint. 507 The association of two unidirectional LSPs into a single 508 bidirectional pseudowire depends on the SAI and the TAI. Each 509 application and/or provisioning model that uses the Generalized PWid 510 FEC element must specify the rules for performing this association. 512 5.2.2. Encoding the Generalized PWid FEC Element 514 FEC element type 0x81 is used. The FEC element is encoded as 515 follows: 517 0 1 2 3 518 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 519 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 520 |Gen PWid (0x81)|C| PW Type |PW info Length | 521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 522 | AGI Type | Length | Value | 523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 524 ~ AGI Value (contd.) ~ 525 | | 526 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 | AII Type | Length | Value | 528 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 529 ~ SAII Value (contd.) ~ 530 | | 531 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 532 | AII Type | Length | Value | 533 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 534 ~ TAII Value (contd.) ~ 535 | | 536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 538 This document does not specify the AII and AGI type field values; 539 specification of the type field values to be used for a particular 540 application is part of the specification of that application. IANA 541 has assigned these values using the method defined in the [RFC4446] 542 document. 544 The SAII, TAII, and AGI are simply carried as octet strings. The 545 length byte specifies the size of the Value field. The null string 546 can be sent by setting the length byte to 0. If a particular 547 application does not need all three of these sub-elements, it MUST 548 send all the sub-elements but set the length to 0 for the unused 549 sub-elements. 551 The PW information length field contains the length of the SAII, 552 TAII, and AGI, combined in octets. If this value is 0, then it 553 references all PWs using the specific grouping ID (specified in the 554 PW grouping ID TLV). In this case, there are no other FEC element 555 fields (AGI, SAII, etc.) present, nor any interface parameters TLVs. 557 Note that the interpretation of a particular field as AGI, SAII, or 558 TAII depends on the order of its occurrence. The type field 559 identifies the type of the AGI, SAII, or TAII. When comparing two 560 occurrences of an AGI (or SAII or TAII), the two occurrences are 561 considered identical if the type, length, and value fields of one are 562 identical, respectively, to those of the other. 564 5.2.2.1. Interface Parameters TLV 566 This TLV MUST only be used when sending the Generalized PW FEC. It 567 specifies interface-specific parameters. Specific parameters, when 568 applicable, MUST be used to validate that the PEs and the ingress and 569 egress ports at the edges of the circuit have the necessary 570 capabilities to interoperate with each other. 572 0 1 2 3 573 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 |0|0| PW Intf P. TLV (0x096B) | Length | 576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 577 | Sub-TLV Type | Length | Variable Length Value | 578 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 579 | Variable Length Value | 580 | " | 581 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 583 A more detailed description of this field can be found in the section 584 "Interface Parameters Sub-TLV", below. 586 5.2.2.2. PW Grouping ID TLV 588 0 1 2 3 589 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 590 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 591 |0|0|PW Grouping ID TLV (0x096C)| Length | 592 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 593 | Value | 594 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 The PW Grouping ID is an arbitrary 32-bit value that represents an 597 arbitrary group of PWs. It is used to create group PWs; for example, 598 a PW Grouping ID can be used as a port index and assigned to all PWs 599 that lead to that port. Use of the PW Grouping ID enables one to 600 send "wild card" label withdrawals, or "wild card" status 601 notification messages, to remote PEs upon physical port failure. 603 Note Well: The PW Grouping ID is different from and has no relation 604 to, the Attachment Group Identifier. 606 The PW Grouping ID TLV is not part of the FEC and will not be 607 advertised except in the PW FEC advertisement. The advertising PE 608 MAY use the wild card withdraw semantics, but the remote PEs MUST 609 implement support for wild card messages. This TLV MUST only be used 610 when sending the Generalized PW ID FEC. 612 To issue a wild card command (status or withdraw): 614 - Set the PW Info Length to 0 in the Generalized PWid FEC Element. 615 - Send only the PW Grouping ID TLV with the FEC (no AGI/SAII/TAII 616 is sent). 618 5.2.3. Signaling Procedures 620 In order for PE1 to begin signaling PE2, PE1 must know the address of 621 the remote PE2, and a TAI. This information may have been configured 622 at PE1, or it may have been learned dynamically via some 623 autodiscovery procedure. 625 The egress PE (PE1), which has knowledge of the ingress PE, initiates 626 the setup by sending a Label Mapping Message to the ingress PE (PE2). 627 The Label Mapping message contains the FEC TLV, carrying the 628 Generalized PWid FEC Element (type 0x81). The Generalized PWid FEC 629 element contains the AGI, SAII, and TAII information. 631 Next, when PE2 receives such a Label Mapping message, PE2 interprets 632 the message as a request to set up a PW whose endpoint (at PE2) is 633 the Forwarder identified by the TAI. From the perspective of the 634 signaling protocol, exactly how PE2 maps AIs to Forwarders is a local 635 matter. In some Virtual Private Wire Services (VPWS) provisioning 636 models, the TAI might, for example, be a string that identifies a 637 particular Attachment Circuit, such as "ATM3VPI4VCI5", or it might, 638 for example, be a string, such as "Fred", that is associated by 639 configuration with a particular Attachment Circuit. In VPLS, the AGI 640 could be a VPN-id, identifying a particular VPLS instance. 642 If PE2 cannot map the TAI to one of its Forwarders, then PE2 sends a 643 Label Release message to PE1, with a Status Code of 644 "Unassigned/Unrecognized TAI", and the processing of the Label 645 Mapping message is complete. 647 The FEC TLV sent in a Label Release message is the same as the FEC 648 TLV received in the Label Mapping being released (but without the 649 interface parameter TLV). More generally, the FEC TLV is the same in 650 all LDP messages relating to the same PW. In a Label Release this 651 means that the SAII is the remote peer's AII and the TAII is the 652 sender's local AII. 654 If the Label Mapping Message has a valid TAI, PE2 must decide whether 655 to accept it. The procedures for so deciding will depend on the 656 particular type of Forwarder identified by the TAI. Of course, the 657 Label Mapping message may be rejected due to standard LDP error 658 conditions as detailed in [RFC5036]. 660 If PE2 decides to accept the Label Mapping message, then it has to 661 make sure that a PW LSP is set up in the opposite (PE1-->PE2) 662 direction. If it has already signaled for the corresponding PW LSP 663 in that direction, nothing more needs to be done. Otherwise, it must 664 initiate such signaling by sending a Label Mapping message to PE1. 665 This is very similar to the Label Mapping message PE2 received, but 666 the SAI and TAI are reversed. 668 Thus, a bidirectional PW consists of two LSPs, where the FEC of one 669 has the SAII and TAII reversed with respect to the FEC of the other. 671 5.3. Signaling of Pseudowire Status 673 5.3.1. Use of Label Mapping Messages 675 The PEs MUST send Label Mapping Messages to their peers as soon as 676 the PW is configured and administratively enabled, regardless of the 677 attachment circuit state. The PW label should not be withdrawn 678 unless the operator administratively configures the pseudowire down 679 (or the PW configuration is deleted entirely). Using the procedures 680 outlined in this section, a simple label withdraw method MAY also be 681 supported as a legacy means of signaling PW status and AC status. In 682 any case, if the label-to-PW binding is not available the PW MUST be 683 considered in the down state. 685 Once the PW status negotiation procedures are completed and if they 686 result in the use of the label withdraw method for PW status 687 communication, and this method is not supported by one of the PEs, 688 then that PE must send a Label Release Message to its peer with the 689 following error: 691 "Label Withdraw PW Status Method Not Supported" 693 If the label withdraw method for PW status communication is selected 694 for the PW, it will result in the Label Mapping Message being 695 advertised only if the attachment circuit is active. The PW status 696 signaling procedures described in this section MUST be fully 697 implemented. 699 5.3.2. Signaling PW Status 701 The PE devices use an LDP TLV to indicate status to their remote 702 peers. This PW Status TLV contains more information than the 703 alternative simple Label Withdraw message. 705 The format of the PW Status TLV is: 706 0 1 2 3 707 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 708 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 709 |1|0| PW Status (0x096A) | Length | 710 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 711 | Status Code | 712 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 714 The status code is a 4 octet bit field as specified in the PW IANA 715 Allocations document [RFC4446]. The length specifies the length of 716 the Status Code field in octets (equal to 4). 718 Each bit in the status code field can be set individually to indicate 719 more than a single failure at once. Each fault can be cleared by 720 sending an appropriate Notification message in which the respective 721 bit is cleared. The presence of the lowest bit (PW Not Forwarding) 722 acts only as a generic failure indication when there is a link-down 723 event for which none of the other bits apply. 725 The Status TLV is transported to the remote PW peer via the LDP 726 Notification message. The general format of the Notification Message 727 is: 729 0 1 2 3 730 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 |0| Notification (0x0001) | Message Length | 733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 734 | Message ID | 735 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 736 | Status (TLV) | 737 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 738 | PW Status TLV | 739 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 740 | PWId FEC TLV or Generalized ID FEC TLV | 741 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 742 | PW Grouping ID TLV (Optional) | 743 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 744 The Status TLV status code is set to 0x00000028, "PW status", to 745 indicate that PW status follows. Since this notification does not 746 refer to any particular message, the Message Id and Message Type 747 fields are set to 0. 749 The PW FEC TLV SHOULD NOT include the interface parameter sub-TLVs, 750 as they are ignored in the context of this message. When a PE's 751 attachment circuit encounters an error, use of the PW Notification 752 Message allows the PE to send a single "wild card" status message, 753 using a PW FEC TLV with only the group ID set, to denote this change 754 in status for all affected PW connections. This status message 755 contains either the PW FEC TLV with only the group ID set, or else it 756 contains the Generalized FEC TLV with only the PW Grouping ID TLV. 758 As mentioned above, the Group ID field of the PWid FEC element, or 759 the PW Grouping ID TLV used with the Generalized PWid FEC element, 760 can be used to send a status notification for all arbitrary sets of 761 PWs. This procedure is OPTIONAL, and if it is implemented, the LDP 762 Notification message should be as follows: If the PWid FEC element is 763 used, the PW information length field is set to 0, the PW ID field is 764 not present, and the interface parameter sub-TLVs are not present. 765 If the Generalized FEC element is used, the AGI, SAII, and TAII are 766 not present, the PW information length field is set to 0, the PW 767 Grouping ID TLV is included, and the Interface Parameters TLV is 768 omitted. For the purpose of this document, this is called the "wild 769 card PW status notification procedure", and all PEs implementing this 770 design are REQUIRED to accept such a notification message but are not 771 required to send it. 773 5.3.3. Pseudowire Status Negotiation Procedures 775 When a PW is first set up, the PEs MUST attempt to negotiate the 776 usage of the PW status TLV. This is accomplished as follows: A PE 777 that supports the PW Status TLV MUST include it in the initial Label 778 Mapping message following the PW FEC and the interface parameter 779 sub-TLVs. The PW Status TLV will then be used for the lifetime of 780 the pseudowire. This is shown in the following diagram: 782 0 1 2 3 783 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 785 | | 786 + PWId FEC or Generalized ID FEC + 787 | | 788 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 789 | Interface Parameters | 790 | " | 791 | " | 792 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 793 |0|0| Generic Label (0x0200) | Length | 794 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 795 | Label | 796 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 797 |1|0| PW Status (0x096A) | Length | 798 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 799 | Status Code | 800 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 802 If a PW Status TLV is included in the initial Label Mapping message 803 for a PW, then if the Label Mapping message from the remote PE for 804 that PW does not include a PW status TLV, or if the remote PE does 805 not support the PW Status TLV, the PW will revert to the label 806 withdraw method of signaling PW status. Note that if the PW Status 807 TLV is not supported by the remote peer, the peer will automatically 808 ignore it, since the I (ignore) bit is set in the TLV. The PW Status 809 TLV, therefore, will not be present in the corresponding FEC 810 advertisement from the remote LDP peer, which results in exactly the 811 above behavior. 813 If the PW Status TLV is not present following the FEC TLV in the 814 initial PW Label Mapping message received by a PE, then the PW Status 815 TLV will not be used, and both PEs supporting the pseudowire will 816 revert to the label withdraw procedure for signaling status changes. 818 If the negotiation process results in the usage of the PW status TLV, 819 then the actual PW status is determined by the PW status TLV that was 820 sent within the initial PW Label Mapping message. Subsequent updates 821 of PW status are conveyed through the notification message. 823 5.4. Interface Parameters Sub-TLV 825 This field specifies interface-specific parameters. When applicable, 826 it MUST be used to validate that the PEs and the ingress and egress 827 ports at the edges of the circuit have the necessary capabilities to 828 interoperate with each other. The field structure is defined as 829 follows: 831 0 1 2 3 832 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 833 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 834 | Sub-TLV Type | Length | Variable Length Value | 835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 836 | Variable Length Value | 837 | " | 838 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 840 The interface parameter sub-TLV type values are specified in "IANA 841 Allocations for Pseudowire Edge to Edge Emulation (PWE3)" [RFC4446]. 843 The Length field is defined as the length of the interface parameter 844 including the parameter id and length field itself. Processing of 845 the interface parameters should continue when unknown interface 846 parameters are encountered, and they MUST be silently ignored. 848 - Interface MTU sub-TLV type 850 A 2 octet value indicating the MTU in octets. This is the 851 Maximum Transmission Unit, excluding encapsulation overhead, of 852 the egress packet interface that will be transmitting the 853 decapsulated PDU that is received from the MPLS-enabled network. 854 This parameter is applicable only to PWs transporting packets and 855 is REQUIRED for these PW types. If this parameter does not match 856 in both directions of a specific PW, that PW MUST NOT be enabled. 858 - Optional Interface Description string sub-TLV type 860 This arbitrary, and OPTIONAL, interface description string is 861 used to send a human-readable administrative string describing 862 the interface to the remote. This parameter is OPTIONAL, and is 863 applicable to all PW types. The interface description parameter 864 string length is variable, and can be from 0 to 80 octets. 865 Human-readable text MUST be provided in the UTF-8 charset using 866 the Default Language [RFC2277]. 868 5.5. LDP label Withdrawal procedures 870 As mentioned above, the Group ID field of the PWid FEC element, or 871 the PW Grouping ID TLV used with the Generalized PWid FEC element, 872 can be used to withdraw all PW labels associated with a particular PW 873 group. This procedure is OPTIONAL, and if it is implemented, the LDP 874 Label Withdraw message should be as follows: If the PWid FEC element 875 is used, the PW information length field is set to 0, the PW ID field 876 is not present, the interface parameter sub-TLVs are not present, and 877 the Label TLV is not present. If the Generalized FEC element is 878 used, the AGI, SAII, and TAII are not present, the PW information 879 length field is set to 0, the PW Grouping ID TLV is included, the 880 Interface Parameters TLV is not present, and the Label TLV is not 881 present. For the purpose of this document, this is called the "wild 882 card withdraw procedure", and all PEs implementing this design are 883 REQUIRED to accept such withdrawn message but are not required to 884 send it. Note that the PW Grouping ID TLV only applies to PWs using 885 the Generalized ID FEC element, while the Group ID only applies to 886 PWid FEC element. 888 The interface parameter sub-TLVs, or TLV, MUST NOT be present in any 889 LDP PW Label Withdraw or Label Release message. A wild card Label 890 Release message MUST include only the group ID, or Grouping ID TLV. 891 A Label Release message initiated by a PE router must always include 892 the PW ID. 894 6. Control Word 896 6.1. PW Types for which the Control Word is REQUIRED 898 The Label Mapping messages that are sent in order to set up these PWs 899 MUST have c=1. When a Label Mapping message for a PW of one of these 900 types is received and c=0, a Label Release message MUST be sent, with 901 an "Illegal C-bit" status code. In this case, the PW will not be 902 enabled. 904 6.2. PW Types for which the Control Word is NOT mandatory 906 If a system is capable of sending and receiving the control word on 907 PW types for which the control word is not mandatory, then each such 908 PW endpoint MUST be configurable with a parameter that specifies 909 whether the use of the control word is PREFERRED or NOT PREFERRED. 910 For each PW, there MUST be a default value of this parameter. This 911 specification does NOT state what the default value should be. 913 If a system is NOT capable of sending and receiving the control word 914 on PW types for which the control word is not mandatory, then it 915 behaves exactly as if it were configured for the use of the control 916 word to be NOT PREFERRED. 918 If a Label Mapping message for the PW has already been received but 919 no Label Mapping message for the PW has yet been sent, then the 920 procedure is as follows: 922 -i. If the received Label Mapping message has c=0, send a Label 923 Mapping message with c=0; the control word is not used. 924 -ii. If the received Label Mapping message has c=1, and the PW is 925 locally configured such that the use of the control word is 926 preferred, then send a Label Mapping message with c=1; the 927 control word is used. 928 -iii. If the received Label Mapping message has c=1, and the PW is 929 locally configured such that the use of the control word is 930 not preferred or the control word is not supported, then act 931 as if no Label Mapping message for the PW had been received 932 (That is: proceed to the next paragraph). 934 If a Label Mapping message for the PW has not already been received 935 (or if the received Label Mapping message had c=1 and either local 936 configuration says that the use of the control word is not preferred 937 or the control word is not supported), then send a Label Mapping 938 message in which the c bit is set to correspond to the locally 939 configured preference for use of the control word. (That is, set c=1 940 if locally configured to prefer the control word, and set c=0 if 941 locally configured to prefer not to use the control word or if the 942 control word is not supported). 944 The next action depends on what control message is next received for 945 that PW. The possibilities are as follows: 947 -i. A Label Mapping message with the same c bit value as 948 specified in the Label Mapping message that was sent. PW 949 setup is now complete, and the control word is used if c=1 950 but is not used if c=0. 952 -ii. A Label Mapping message with c=1, but the Label Mapping 953 message that was sent has c=0. In this case, ignore the 954 received Label Mapping message and continue to wait for the 955 next control message for the PW. 957 -iii. A Label Mapping message with c=0, but the Label Mapping 958 message that was sent has c=1. In this case, send a Label 959 Withdraw message with a "Wrong C-bit" status code, followed 960 by a Label Mapping message that has c=0. PW setup is now 961 complete, and the control word is not used. 963 -iv. A Label Withdraw message with the "Wrong c-bit" status code. 964 Treat as a normal Label Withdraw, but do not respond. 965 Continue to wait for the next control message for the PW. 967 If at any time after a Label Mapping message has been received a 968 corresponding Label Withdraw or Release is received, the action taken 969 is the same as for any Label Withdraw or Release that might be 970 received at any time. 972 If both endpoints prefer the use of the control word, this procedure 973 will cause it to be used. If either endpoint prefers not to use the 974 control word or does not support the control word, this procedure 975 will cause it not to be used. If one endpoint prefers to use the 976 control word but the other does not, the one that prefers not to use 977 it has no extra protocol to execute; it just waits for a Label 978 Mapping message that has c=0. 980 6.3. Control-Word Renegotiation by Label Request Message 982 Implementations of this document SHOULD follow the updated control- 983 word negotiation mechanism documented in [RFC6723]. 985 6.4. Sequencing Considerations 987 In the case where the router considers the sequence number field in 988 the control word, it is important to note the following details when 989 advertising labels. 991 6.4.1. Label Advertisements 993 After a label has been withdrawn by the output router and/or released 994 by the input router, care must be taken not to advertise (re-use) the 995 same released label until the output router can be reasonably certain 996 that old packets containing the released label no longer persist in 997 the MPLS-enabled network. 999 This precaution is required to prevent the imposition router from 1000 restarting packet forwarding with a sequence number of 1 when it 1001 receives a Label Mapping message that binds the same FEC to the same 1002 label if there are still older packets in the network with a sequence 1003 number between 1 and 32768. For example, if there is a packet with a 1004 sequence number=n, where n is in the interval [1,32768] traveling 1005 through the network, it would be possible for the disposition router 1006 to receive that packet after it re-advertises the label. Since the 1007 label has been released by the imposition router, the disposition 1008 router SHOULD be expecting the next packet to arrive with a sequence 1009 number of 1. Receipt of a packet with a sequence number equal to n 1010 will result in n packets potentially being rejected by the 1011 disposition router until the imposition router imposes a sequence 1012 number of n+1 into a packet. Possible methods to avoid this are for 1013 the disposition router always to advertise a different PW label, or 1014 for the disposition router to wait for a sufficient time before 1015 attempting to re-advertise a recently released label. This is only 1016 an issue when sequence number processing is enabled at the 1017 disposition router. 1019 6.4.2. Label Release 1021 In situations where the imposition router wants to restart forwarding 1022 of packets with sequence number 1, the router shall 1) send to the 1023 disposition router a Label Release Message, and 2) send to the 1024 disposition router a Label Request message. When sequencing is 1025 supported, advertisement of a PW label in response to a Label Request 1026 message MUST also consider the issues discussed in the section on 1027 Label Advertisements. 1029 7. IANA Considerations 1031 7.1. LDP TLV TYPE 1033 This document uses several new LDP TLV types; IANA already maintains 1034 a registry of name "TLV TYPE NAME SPACE" defined by RFC 5036. The 1035 following values are suggested for assignment: 1037 TLV type Description 1038 ===================================== 1039 0x096A PW Status TLV 1040 0x096B PW Interface Parameters TLV 1041 0x096C Group ID TLV 1043 7.2. LDP Status Codes 1045 This document uses several new LDP status codes; IANA already 1046 maintains a registry of name "STATUS CODE NAME SPACE" defined by RFC 1047 5036. The following values are suggested for assignment: 1049 Range/Value E Description Reference 1050 ------------- ----- ---------------------- --------- 1051 0x00000024 0 Illegal C-Bit [RFC4447] 1052 0x00000025 0 Wrong C-Bit [RFC4447] 1053 0x00000026 0 Incompatible bit-rate [RFC4447] 1054 0x00000027 0 CEP-TDM mis-configuration [RFC4447] 1055 0x00000028 0 PW Status [RFC4447] 1056 0x00000029 0 Unassigned/Unrecognized TAI [RFC4447] 1057 0x0000002A 0 Generic Misconfiguration Error [RFC4447] 1058 0x0000002B 0 Label Withdraw PW Status Method [RFC4447] 1060 7.3. FEC Type Name Space 1062 This document uses two new FEC element types, 0x80 and 0x81, from the 1063 registry "FEC Type Name Space" for the Label Distribution Protocol 1064 (LDP RFC 5036). 1066 8. Security Considerations 1068 This document specifies the LDP extensions that are needed for 1069 setting up and maintaining pseudowires. The purpose of setting up 1070 pseudowires is to enable Layer 2 frames to be encapsulated in MPLS 1071 and transmitted from one end of a pseudowire to the other. Therefore 1072 we treat the security considerations for both the data plane and the 1073 control plane. 1075 8.1. Data-Plane Security 1077 With regard to the security of the data plane, the following areas 1078 must be considered: 1080 - MPLS PDU inspection. 1081 - MPLS PDU spoofing. 1082 - MPLS PDU alteration. 1083 - MPLS PSN protocol security. 1084 - Access Circuit security. 1085 - Denial of service prevention on the PE routers. 1087 When an MPLS PSN is used to provide pseudowire service, there is a 1088 perception that security MUST be at least equal to the currently 1089 deployed Layer 2 native protocol networks that the MPLS/PW network 1090 combination is emulating. This means that the MPLS-enabled network 1091 SHOULD be isolated from outside packet insertion in such a way that 1092 it SHOULD NOT be possible to insert an MPLS packet into the network 1093 directly. To prevent unwanted packet insertion, it is also important 1094 to prevent unauthorized physical access to the PSN, as well as 1095 unauthorized administrative access to individual network elements. 1097 As mentioned above, an MPLS-enabled network should not accept MPLS 1098 packets from its external interfaces (i.e., interfaces to CE devices 1099 or to other providers' networks) unless the top label of the packet 1100 was legitimately distributed to the system from which the packet is 1101 being received. If the packet's incoming interface leads to a 1102 different SP (rather than to a customer), an appropriate trust 1103 relationship must also be present, including the trust that the other 1104 SP also provides appropriate security measures. 1106 The three main security problems faced when using an MPLS-enabled 1107 network to transport PWs are spoofing, alteration, and inspection. 1108 First, there is a possibility that the PE receiving PW PDUs will get 1109 a PDU that appears to be from the PE transmitting the PW into the 1110 PSN, but that was not actually transmitted by the PE originating the 1111 PW. (That is, the specified encapsulations do not by themselves 1112 enable the decapsulator to authenticate the encapsulator.) A second 1113 problem is the possibility that the PW PDU will be altered between 1114 the time it enters the PSN and the time it leaves the PSN (i.e., the 1115 specified encapsulations do not by themselves assure the decapsulator 1116 of the packet's integrity.) A third problem is the possibility that 1117 the PDU's contents will be seen while the PDU is in transit through 1118 the PSN (i.e., the specification encapsulations do not ensure 1119 privacy.) How significant these issues are in practice depends on 1120 the security requirements of the applications whose traffic is being 1121 sent through the tunnel, and how secure the PSN itself is. 1123 8.2. Control-Plane Security 1125 General security considerations with regard to the use of LDP are 1126 specified in section 5 of RFC 5036. Those considerations also apply 1127 to the case where LDP is used to set up pseudowires. 1129 A pseudowire connects two attachment circuits. It is important to 1130 make sure that LDP connections are not arbitrarily accepted from 1131 anywhere, or else a local attachment circuit might get connected to 1132 an arbitrary remote attachment circuit. Therefore, an incoming LDP 1133 session request MUST NOT be accepted unless its IP source address is 1134 known to be the source of an "eligible" LDP peer. The set of 1135 eligible peers could be pre-configured (either as a list of IP 1136 addresses, or as a list of address/mask combinations), or it could be 1137 discovered dynamically via an auto-discovery protocol that is itself 1138 trusted. (Obviously, if the auto-discovery protocol were not 1139 trusted, the set of "eligible peers" it produces could not be 1140 trusted.) 1142 Even if an LDP connection request appears to come from an eligible 1143 peer, its source address may have been spoofed. Therefore, some 1144 means of preventing source address spoofing must be in place. For 1145 example, if all the eligible peers are in the same network, source 1146 address filtering at the border routers of that network could 1147 eliminate the possibility of source address spoofing. 1149 The LDP MD5 authentication key option, as described in section 2.9 of 1150 RFC 5036, MUST be implemented, and for a greater degree of security, 1151 it must be used. This provides integrity and authentication for the 1152 LDP messages and eliminates the possibility of source address 1153 spoofing. Use of the MD5 option does not provide privacy, but 1154 privacy of the LDP control messages is not usually considered 1155 important. As the MD5 option relies on the configuration of pre- 1156 shared keys, it does not provide much protection against replay 1157 attacks. In addition, its reliance on pre-shared keys may make it 1158 very difficult to deploy when the set of eligible neighbors is 1159 determined by an auto-configuration protocol. 1161 When the Generalized PWid FEC Element is used, it is possible that a 1162 particular LDP peer may be one of the eligible LDP peers but may not 1163 be the right one to connect to the particular attachment circuit 1164 identified by the particular instance of the Generalized PWid FEC 1165 element. However, given that the peer is known to be one of the 1166 eligible peers (as discussed above), this would be the result of a 1167 configuration error, rather than a security problem. Nevertheless, 1168 it may be advisable for a PE to associate each of its local 1169 attachment circuits with a set of eligible peers rather than have 1170 just a single set of eligible peers associated with the PE as a 1171 whole. 1173 9. Changes from RFC4447 1175 The changes in this document are mostly minor fixes to spelling and 1176 grammar, or clarifications to the text, which were either noted as 1177 errata to RFC4447 or found by the editors. 1179 However a new section (6.3) on control-word renegotiation by label 1180 request message has been added, referencing RFC 6723. The diagram 1181 of C-bit handling procedures has also been removed, as the updated 1182 diagram in RFC 6723 is now definitive. 1184 10. Acknowledgments 1186 The authors wish to acknowledge the contributions of Vach Kompella, 1187 Vanson Lim, Wei Luo, Himanshu Shah, and Nick Weeds. 1189 11. Normative References 1191 [RFC2119] Bradner S., "Key words for use in RFCs to Indicate 1192 Requirement Levels", RFC 2119, March 1997 1194 [RFC5036] "LDP Specification." L. Andersson, P. Ed. 1195 Minei, I. Ed. B. Thomas. January 2001. RFC5036 1197 [RFC3032] "MPLS Label Stack Encoding", E. Rosen, Y. Rekhter, 1198 D. Tappan, G. Fedorkow, D. Farinacci, T. Li, A. Conta. 1200 RFC3032 1202 [RFC4446] "IANA Allocations for pseudo Wire Edge to Edge Emulation 1203 (PWE3)" L. Martini RFC4446 , April 2006 1205 [RFC6723] "Update of the Pseudowire Control-Word Negotiation Mechanism", 1206 Jin L. Ed, Key R. Ed, Delord S, Nadeau T, Boutros S, RFC6723, 1207 September 2012 1209 12. Informative References 1211 [RFC4842] "Synchronous Optical Network/Synchronous Digital Hierarchy 1212 (SONET/SDH) Circuit Emulation over Packet (CEP)", A. Malis, 1213 P. Pate, R. Cohen, Ed., D. Zelig, RFC4842, April 2007 1215 [RFC4553] "Structure-Agnostic Time Division Multiplexing (TDM) over 1216 Packet (SAToP)", Vainshtein A. Ed. Stein, Ed. YJ. RFC4553, 1217 June 2006 1219 [RFC4619] "Encapsulation Methods for Transport of Frame Relay over 1220 Multiprotocol Label Switching (MPLS) Networks", Martini L. Ed. 1221 C. Kawa Ed. A. Malis Ed. RFC4619, September 2006 1223 [RFC4717] "Encapsulation Methods for Transport of Asynchronous 1224 Transfer Mode (ATM) over MPLS Networks", Martini L. Jayakumar J. 1225 Bocci M. El-Aawar N. Brayley J. Koleyni G. RFC4717, 1226 December 2006 1228 [RFC4618] "Encapsulation Methods for Transport of PPP/High-Level 1229 Data Link Control (HDLC) Frames over MPLS Networks", Martini L. 1230 Rosen E. Heron G. Malis A. RFC4618, September 2006 1232 [RFC4448] "Encapsulation Methods for Transport of Ethernet over 1233 MPLS Networks", Martini L. Ed. Rosen E. El-Aawar N. Heron G. 1234 RFC4448, April 2006. 1236 [RFC4447] "Pseudowire Setup and Maintenance Using the Label 1237 Distribution Protocol (LDP)", Martini L. Ed. Rosen E. 1238 El-Aawar N. Smith T. Heron G. RFC4447, April 2006 1240 [ANSI] American National Standards Institute, "Synchronous Optical 1241 Network Formats," ANSI T1.105-1995. 1243 [ITUG] ITU Recommendation G.707, "Network Node Interface For The 1244 Synchronous Digital Hierarchy", 1996. 1246 [RFC3985] "PWE3 Architecture" Bryant, et al., RFC3985. 1248 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 1249 Languages", BCP 18, RFC 2277, January 1998. 1251 13. Author Information 1253 Luca Martini 1254 Cisco Systems, Inc. 1255 9155 East Nichols Avenue, Suite 400 1256 Englewood, CO, 80112 1257 e-mail: lmartini@cisco.com 1259 Giles Heron 1260 Cisco Systems 1261 10 New Square 1262 Bedfont Lakes 1263 Feltham 1264 Middlesex 1265 TW14 8HA 1266 UK 1267 e-mail: giheron@cisco.com 1269 14. Additional Contributing Authors 1271 Nasser El-Aawar 1272 Level 3 Communications, LLC. 1273 1025 Eldorado Blvd. 1274 Broomfield, CO, 80021 1275 e-mail: nna@level3.net 1277 Eric C. Rosen 1278 Cisco Systems, Inc. 1279 1414 Massachusetts Avenue 1280 Boxborough, MA 01719 1281 e-mail: erosen@cisco.com 1282 Dan Tappan 1283 Cisco Systems, Inc. 1284 1414 Massachusetts Avenue 1285 Boxborough, MA 01719 1286 e-mail: tappan@cisco.com 1288 Toby Smith 1289 Google 1290 6425 Penn Ave. #700 1291 Pittsburgh, PA 15206 1292 e-mail: tob@google.com 1294 Dimitri Vlachos 1295 Riverbed Technology 1296 e-mail: dimitri@riverbed.com 1298 Jayakumar Jayakumar, 1299 Cisco Systems Inc. 1300 3800 Zanker Road, MS-SJ02/2, 1301 San Jose, CA, 95134 1302 e-mail: jjayakum@cisco.com 1304 Alex Hamilton, 1305 Cisco Systems Inc. 1306 485 East Tasman Drive, MS-SJC07/3, 1307 San Jose, CA, 95134 1308 e-mail: tahamilt@cisco.com 1310 Steve Vogelsang 1311 ECI Telecom 1312 Omega Corporate Center 1313 1300 Omega Drive 1314 Pittsburgh, PA 15205 1315 e-mail: stephen.vogelsang@ecitele.com 1317 John Shirron 1318 ECI Telecom 1319 Omega Corporate Center 1320 1300 Omega Drive 1321 Pittsburgh, PA 15205 1322 e-mail: john.shirron@ecitele.com 1323 Andrew G. Malis 1324 Verizon 1325 60 Sylvan Rd. 1326 Waltham, MA 02451 1327 e-mail: andrew.g.malis@verizon.com 1329 Vinai Sirkay 1330 Reliance Infocomm 1331 Dhirubai Ambani Knowledge City 1332 Navi Mumbai 400 709 1333 e-mail: vinai@sirkay.com 1335 Vasile Radoaca 1336 Nortel Networks 1337 600 Technology Park 1338 Billerica MA 01821 1339 e-mail: vasile@nortelnetworks.com 1341 Chris Liljenstolpe 1342 149 Santa Monica Way 1343 San Francisco, CA 94127 1344 e-mail: ietf@cdl.asgaard.org 1346 Dave Cooper 1347 Global Crossing 1348 960 Hamlin Court 1349 Sunnyvale, CA 94089 1350 e-mail: dcooper@gblx.net 1352 Kireeti Kompella 1353 Juniper Networks 1354 1194 N. Mathilda Ave 1355 Sunnyvale, CA 94089 1356 e-mail: kireeti@juniper.net 1358 Copyright Notice 1360 Copyright (c) 2013 IETF Trust and the persons identified as the 1361 document authors. All rights reserved. 1363 This document is subject to BCP 78 and the IETF Trust's Legal 1364 Provisions Relating to IETF Documents 1365 (http://trustee.ietf.org/license-info) in effect on the date of 1366 publication of this document. Please review these documents 1367 carefully, as they describe your rights and restrictions with respect 1368 to this document. Code Components extracted from this document must 1369 include Simplified BSD License text as described in Section 4.e of 1370 the Trust Legal Provisions and are provided without warranty as 1371 described in the Simplified BSD License. 1373 This document may contain material from IETF Documents or IETF 1374 Contributions published or made publicly available before November 1375 10, 2008. The person(s) controlling the copyright in some of this 1376 material may not have granted the IETF Trust the right to allow 1377 modifications of such material outside the IETF Standards Process. 1378 Without obtaining an adequate license from the person(s) controlling 1379 the copyright in such materials, this document may not be modified 1380 outside the IETF Standards Process, and derivative works of it may 1381 not be created outside the IETF Standards Process, except to format 1382 it for publication as an RFC or to translate it into languages other 1383 than English. 1385 Expiration Date: September 2015