idnits 2.17.1 draft-ietf-pwe3-segmented-pw-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 3, 2010) is 5076 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4447 (Obsoleted by RFC 8077) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 4379 (Obsoleted by RFC 8029) == Outdated reference: A later version (-16) exists of draft-ietf-pwe3-oam-msg-map-12 Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Luca Martini 3 Internet Draft Chris Metz 4 Expiration Date: December 2010 Cisco Systems Inc. 5 Intended status: Standards Track 6 Thomas D. Nadeau 7 Mustapha Aissaoui BT 9 Matthew Bocci 10 Mustapha Aissaoui 11 Alcatel-Lucent 13 June 3, 2010 15 Segmented Pseudowire 17 draft-ietf-pwe3-segmented-pw-15.txt 19 Status of this Memo 21 This Internet-Draft is submitted to IETF in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on Expiration Date: December 2010 42 Abstract 44 This document describes how to connect pseudowires (PW) between two 45 or more distinct PW control planes or PSN domains. The PW control 46 planes may belong to independent autonomous systems, or the PSN 47 technology is heterogeneous, or a PW might need to be aggregated at a 48 specific PSN point. The PW packet data units are simply switched from 49 one PW to another without changing the PW payload. 51 Table of Contents 53 1 Introduction ......................................... 4 54 2 Specification of Requirements ........................ 6 55 3 Terminology .......................................... 6 56 4 General Description .................................. 7 57 5 PW Switching and Attachment Circuit Type ............. 10 58 6 Applicability ........................................ 10 59 7 MPLS-PW to MPLS-PW Switching ......................... 10 60 7.1 Static Control plane switching ....................... 11 61 7.2 Two LDP control planes using the same FEC type ....... 11 62 7.2.1 FEC 129 Active/Passive T-PE Election Procedure ....... 12 63 7.3 LDP FEC 128 to LDP using the generalized FEC 129 ..... 12 64 7.4 LDP Switching Point PE TLV ........................... 13 65 7.4.1 PW Switching Point Sub-TLVs .......................... 14 66 7.4.2 Adaptation of Interface Parameters ................... 16 67 7.5 Group ID ............................................. 16 68 7.6 PW Loop Detection .................................... 16 69 8 MPLS-PW to L2TPv3-PW Control Plane Switching ......... 17 70 8.1 Static MPLS and L2TPv3 PWs ........................... 17 71 8.2 Static MPLS PW and Dynamic L2TPv3 PW ................. 17 72 8.3 Static L2TPv3 PW and Dynamic LDP/MPLS PW ............. 18 73 8.4 Dynamic LDP/MPLS and L2TPv3 PWs ...................... 18 74 8.4.1 Session Establishment ................................ 18 75 8.4.2 Adaptation of PW Status message ...................... 19 76 8.4.3 Session Tear Down .................................... 19 77 8.5 Adaptation of L2TPv3 AVPs to Interface Parameters .... 20 78 8.6 Switching Point TLV in L2TPv3 ........................ 21 79 8.7 L2TPv3 and MPLS PW Data Plane ........................ 21 80 8.7.1 Mapping the MPLS Control Word to L2TP ................ 22 81 9 Operation And Management ............................. 23 82 9.1 Extensions to VCCV to Support MS-PWs ................. 23 83 9.2 MPLS-PW to MPLS-PW OAM Data Plane Indication ......... 23 84 9.3 Signaling OAM Capabilities for Switched Pseudowires .. 23 85 9.4 OAM Capability for MS-PWs Demultiplexed using MPLS ... 24 86 9.4.1 MS-PW and VCCV CC Type 1 ............................. 24 87 9.4.2 MS-PW and VCCV CC type 2 ............................. 25 88 9.4.3 MS-PW and VCCV CC type 3 ............................. 25 89 9.5 MS-PW VCCV Operations ................................ 25 90 9.5.1 VCCV Echo Message Processing ......................... 26 91 9.5.1.1 Sending a VCCV Echo Request .......................... 26 92 9.5.1.2 Receiving a VCCV Echo Request ........................ 27 93 9.5.1.3 Receiving a VCCV Echo Reply .......................... 27 94 9.5.2 Detailed VCCV procedures ............................. 28 95 9.5.2.1 End to End Connectivity Verification Between T-PEs ... 28 96 9.5.2.2 Partial Connectivity Verification from T-PE .......... 29 97 9.5.2.3 Partial connectivity verification between S-PEs ...... 29 98 9.5.2.4 MS-PW Path Verification .............................. 30 99 9.5.2.5 MS-PW Path Trace ..................................... 31 100 10 Mapping Switched Pseudowire Status ................... 32 101 10.1 S-PE initiated PW status messages .................... 33 102 10.1.1 Local PW2 transmit direction fault ................... 34 103 10.1.2 Local PW1 transmit direction fault ................... 35 104 10.1.3 Local PW2 receive direction fault .................... 35 105 10.1.4 Local PW1 receive direction fault .................... 35 106 10.1.5 Clearing Faults ...................................... 35 107 10.2 PW status messages and S-PE TLV processing ........... 36 108 10.3 T-PE processing of PW status messages ................ 36 109 10.4 Pseudowire Status Negotiation Procedures ............. 36 110 10.5 Status Dampening ..................................... 36 111 11 Peering Between Autonomous Systems ................... 36 112 12 Congestion Considerations ............................ 37 113 13 Security Considerations .............................. 37 114 13.1 Data Plane Security .................................. 37 115 13.1.1 VCCV Security considerations ......................... 37 116 13.2 Control Protocol Security ............................ 38 117 14 IANA Considerations .................................. 39 118 14.1 L2TPv3 AVP ........................................... 39 119 14.2 LDP TLV TYPE ......................................... 39 120 14.3 LDP Status Codes ..................................... 39 121 14.4 L2TPv3 Result Codes .................................. 39 122 14.5 New IANA Registries .................................. 40 123 15 Normative References ................................. 40 124 16 Informative References ............................... 41 125 17 Author's Addresses ................................... 42 126 18 Additional Authors ................................... 43 128 1. Introduction 130 The PWE3 Architecture [RFC3985], defines the signaling and 131 encapsulation techniques for establishing SS-PWs between a pair of 132 terminating PEs and in the vast majority of cases this will be 133 sufficient. MS-PWs are most useful in two general cases: 135 -i. When it is not possible, desirable or feasible to establish 136 a PW control channel between the terminating source and 137 destination PEs. At a minimum PW control channel 138 establishment requires knowledge of and reachability to the 139 remote (terminating) PE IP address. The local (terminating) 140 PE may not have access to this information related to 141 topology, operational or security constraints. 143 An example is the inter-AS L2VPN scenario where the 144 terminating PEs reside in different provider networks (ASes) 145 and it is the practice to cryptogtaphiclly sign all control 146 traffic exchanged between two networks. Technically a SS-PW 147 could be used but this would require to cryptogtaphiclly 148 sign on ALL terminating source and destination PE nodes. An 149 MS-PW allows the providers to confine MD5 key administration 150 to just the PW switching points connecting the two domains. 152 A second example might involve a single AS where the PW 153 setup path between the terminating PEs is computed by an 154 external entity. Assume a full mesh of PWE3 control channels 155 established between PE-A, PE-B and PE-C. A client-layer L2 156 connection tunneled through a PW is required between 157 terminating PE-A and PE-C. The external entity computes a PW 158 setup path that passes through PE-B. This results in two 159 discrete PW segments being built: one between PE-A and PE-B 160 and one between PE-B and PE-C. The successful client-layer 161 L2 connection between terminating PE-A and terminating PE-C 162 requires that PE-B performs the PWE3 switching process. 164 A third example involves the use of PWs in hierarchical 165 IP/MPLS networks. Access networks connected to a backbone 166 use PWs to transport customer payloads between customer 167 sites serviced by the same access network and up to the edge 168 of the backbone where they can be terminated or switched 169 onto a succeeding PW segment crossing the backbone. The use 170 of PWE3 switching between the access and backbone networks 171 can potentially reduce the PWE3 control channels and routing 172 information processed by the access network T-PEs. 174 It should be noted that PWE3 switching does not help in any 175 way to reduce the amount of PW state supported by each 176 access network T-PE. 178 -ii. PWE3 signaling and encapsulation protocols are different. 179 The terminating PEs are connected to networks employing 180 different PW signaling and encapsulation protocols. In this 181 case it is not possible to use a SS-PW. A MS-PW with the 182 appropriate interworking performed at the PW switching 183 points can enable PW connectivity between the terminating 184 PEs in this scenario. 186 A more detailed discussion of the requirements pertining to MS-PWs 187 can be found in [RFC5254]. 189 There are four different signaling protocols that are defined to 190 signal PWs: 191 -i. Static configuration of the PW (MPLS or L2TPv3). 192 -ii. LDP using FEC 128 193 -iii. LDP using the generalized FEC 129 194 -iv. L2TPv3 196 While MS-PW are composed of PW segments, each PW segment cannot 197 function independently, as the PW service is always instantiated 198 across the complete MS-PW. Hence no PW segments, can be signaled, or 199 be operational without the complete MS-PW being signaled at once. 201 2. Specification of Requirements 203 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 204 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 205 document are to be interpreted as described in [RFC2119]. 207 3. Terminology 209 - PW Terminating Provider Edge (T-PE). A PE where the customer- 210 facing attachment circuits (ACs) are bound to a PW forwarder. A 211 Terminating PE is present in the first and last segments of a 212 MS-PW. This incorporates the functionality of a PE as defined in 213 [RFC3985]. 215 - Single-Segment Pseudowire (SS-PW). A PW set up directly between 216 two T-PE devices. The PW label is unchanged between the 217 originating and terminating T-PEs. 219 - Multi-Segment Pseudowire (MS-PW). A static or dynamically 220 configured set of two or more contiguous PW segments that behave 221 and function as a single point-to-point PW. Each end of a MS-PW 222 by definition MUST terminate on a T-PE. 224 - PW Segment. A part of a single-segment or multi-segment PW, which 225 traverses one PSN tunnel in each direction between two PE 226 devices, T-PEs and/or S-PEs (switching PE). 228 - PW Switching Provider Edge (S-PE). A PE capable of switching the 229 control and data planes of the preceding and succeeding PW 230 segments in a MS-PW. The S-PE terminates the PSN tunnels of the 231 preceding and succeeding segments of the MS-PW. It therefore 232 includes a PW switching point for an MS-PW. A PW switching point 233 is never the S-PE and the T-PE for the same MS-PW. A PW switching 234 point runs necessary protocols to set up and manage PW segments 235 with other PW switching points and terminating PEs. An S-PE can 236 exist anywhere a PW must be processed or policy applied. It is 237 therefore not limited to the edge of a provider network. 239 - MS-PW path. The set of S-PEs that will be traversed in sequence 240 to form the MS-PW. 242 4. General Description 244 A pseudowire (PW) is a mechanism that carries the essential elements 245 of an emulated service from one PE to one or more other PEs over a 246 PSN as described in Figure 1 and in [RFC3985]. Many providers have 247 deployed PWs as a means of migrating existing (or building new) L2VPN 248 services (e.g.. Frame Relay, ATM, or Ethernet) on to a PSN. 250 PWs may span multiple domains of the same or different provider 251 networks. In these scenarios PW control channels (i.e. targeted LDP, 252 L2TPv3) and PWs will cross AS boundaries. 254 Inter-AS L2VPN functionality is currently supported and several 255 techniques employing MPLS encapsulation and LDP signaling have been 256 documented [RFC4364]. It is also straightforward to support the same 257 inter-AS L2VPN functionality employing L2TPv3. In this document we 258 define methodology to switch a PW between two PW control planes. 260 |<-------------- Emulated Service ---------------->| 261 | | 262 | |<-------- Pseudowire ------>| | 263 | | | | 264 | | |<-- PSN Tunnel -->| | | 265 | V V V V | 266 V AC +----+ +----+ AC V 267 +-----+ | | PE1|==================| PE2| | +-----+ 268 | |----------|............PW1.............|----------| | 269 | CE1 | | | | | | | | CE2 | 270 | |----------|............PW2.............|----------| | 271 +-----+ ^ | | |==================| | | ^ +-----+ 272 ^ | +----+ +----+ | | ^ 273 | | Provider Edge 1 Provider Edge 2 | | 274 | | | | 275 Customer | | Customer 276 Edge 1 | | Edge 2 277 | | 278 native service native service 280 Figure 1: PWE3 Reference Model 282 There are two methods for switching a PW between two PW domains. In 283 the first method (Figure 2), the two control planes terminate on 284 different PEs. 286 |<-------Multi-Segment Pseudowire------->| 287 | PSN PSN | 288 AC | |<-1->| |<-2->| | AC 289 | V V V V V V | 290 | +----+ +-----+ +----+ +----+ | 291 +----+ | | |=====| | | |=====| | | +----+ 292 | |-------|......PW1.......|--AC1--|......PW2......|-------| | 293 | CE1| | | | | | | | | | | |CE2 | 294 | |-------|......PW3.......|--AC2--|......PW4......|-------| | 295 +----+ | | |=====| | | |=====| | | +----+ 296 ^ +----+ +-----+ +----+ +----+ ^ 297 | PE1 PE2 PE3 PE4 | 298 | ^ ^ | 299 | | | | 300 | PW stitching points | 301 | | 302 | | 303 |<-------------------- Emulated Service ---------------->| 305 Figure 2: PW Switching using ACs Reference Model 307 In Figure 2, pseudowires in two separate PSNs are stitched together 308 using native service attachment circuits. PE2 and PE3 only run the 309 control plane for the PSN to which they are directly attached. At PE2 310 and PE3, PW1 and PW2 are connected using attachment circuit AC1, 311 while PW3 and PW4 are connected using attachment circuit AC2. 313 Native |<-----Multi-Segment Pseudowire------>| Native 314 Service | PSN PSN | Service 315 (AC) | |<-Tunnel->| |<-Tunnel->| | (AC) 316 | V V 1 V V 2 V V | 317 | +----+ +-----+ +----+ | 318 +----+ | |TPE1|==========|SPE1 |==========|TPE2| | +----+ 319 | |------|.....PW.Seg't1....X....PW.Seg't3.....|-------| | 320 | CE1| | | | | | | | | |CE2 | 321 | |------|.....PW.Seg't2....X....PW.Seg't4.....|-------| | 322 +----+ | | |==========| |==========| | | +----+ 323 ^ +----+ +-----+ +----+ ^ 324 | Provider Edge 1 ^ Provider Edge 2 | 325 | | | 326 | | | 327 | PW switching point | 328 | | 329 |<----------------- Emulated Service --------------->| 330 Figure 3: MS-PW Reference Model 332 In Figure 3 SPE1 runs two separate control planes: one toward TPE1, 333 and one Toward TPE2. The PW switching point (S-PE) is configured to 334 connect PW Segment 1 and PW Segment 3 together to complete the 335 Multi-Segment PW between TPE1 and TPE2. PW Segment 1 and PW Segment 3 336 MUST be of the same PW type, but PSN Tunnel 1 and PSN Tunnel 2 need 337 not be the same technology. In the latter case, if the PW is switched 338 to a different technology, the PEs must adapt the PDU encapsulation 339 between the different PSN technologies. In the case where PSN Tunnel 340 1 and PSN Tunnel 2 are the same technology the PW PDU does not need 341 to be modified, and PDUs are then switched between the pseudowires at 342 the PW label level. 344 It should be noted that it is possible to adapt one PSN technology to 345 a different one, for example MPLS over an IP or GRE [RFC4023] 346 encapsulation, but this is outside the scope of this document. 347 Further, one could perform an interworking function on the PWs 348 themselves at the S-PE, allowing conversion from one PW type to 349 another, but this is also outside the scope of this document. 351 This document describes procedures for building multi-segment 352 pseudowires using manual configuration of the switching point PE1. 353 Other documents may build on this base specification to automate the 354 configuration and selection of S-PE1. It should also be noted that a 355 PW can traverse multiple PW switching points along it's path, and the 356 edge PEs will not require any specific knowledge of how many S-PEs 357 the PW has traversed (though this may be reported for troubleshooting 358 purposes). 360 The general approach taken for MS-PWs is to connect the individual 361 control planes by passing along any signaling information immediately 362 upon reception. First the S-PE is configured to switch a PW segment 363 from a specific peer to another PW segment destined for a different 364 peer. No control messages are exchanged yet as the S-PE does not have 365 enough information to actually initiate the PW setup messages. 366 However, if a session does not already exist, a control protocol 367 (LDP/L2TP) session MAY be setup. In this model the MS-PW setup is 368 starting from the T-PE devices. Once the T-PE is configured it sends 369 the PW control setup messages. These messages are received by the S- 370 PE, and immediately used to form the PW setup messages for the next 371 SS-PW of the MS-PW. 373 5. PW Switching and Attachment Circuit Type 375 The PWs in each PSN are established independently, with each PSN 376 being treated as a separate PW domain. For example, in Figure 2 for 377 the case of MPLS PSNs, PW1 is setup between PE1 and PE2 using the LDP 378 targeted session as described in [RFC4447], and at the same time a 379 separate pseudowire, PW2, is setup between PE3 and PE4. The ACs for 380 PW1 and PW2 at PE2 and PE3 MUST be configured such that they are the 381 same PW type e.g. ATM VCC, Ethernet VLAN, etc. 383 6. Applicability 385 The general applicability of MS-PWs and their relationship to L2VPNs 386 is described in [RFC5659]. The applicability of a PW type, as 387 specified in the relevant RFC for that encapsulation (e.g. [RFC4717] 388 for ATM), applies to each segment. This section describes further 389 applicability considerations. 391 As with SS-PWs, the performance of any segment will be limited by the 392 performance of the underlying PSN. The performance may be further 393 degraded by the emulation process, and performance degradation may be 394 further degraded by traversing multiple PW segments. Furthermore, the 395 overall performance of an MS-PW is no better than the worst 396 performing segment of that MS-PW. 398 Since different PSN types may be able to achieve different maximum 399 performance objectives, it is necessary to carefully consider which 400 PSN types are used along the path of a MS-PW. 402 7. MPLS-PW to MPLS-PW Switching 404 Referencing Figure 3, T-PE1 set up PW segment 1 using the LDP 405 targeted session as described in [RFC4447], at the same time a 406 separate pseudowire PW segment 3 is setup to T-PE2. Each PW is 407 configured independently on the PEs, but on S-PE1 pseudowire PW 408 segment 1 is connected to pseudowire PW segment 3. PDUs are then 409 switched between the pseudowires at the PW label level. Hence the 410 data plane does not need any special knowledge of the specific 411 pseudowire type. A simple standard MPLS label swap operation is 412 sufficient to connect the two PWs, and in this case the PW adaptation 413 function cannot be used. However when pushing a new PSN label the TTL 414 SHOULD be set to 255, or some other locally configured fixed value. 416 This process can be repeated as many times as necessary, the only 417 limitation to the number of S-PEs traversed is imposed by the TTL 418 field of the PW MPLS Label. The setting of the TTL of the PW MPLS 419 label is a matter of local policy on the originating PE, but SHOULD 420 be set to 255. However if the PW PDU contains an OAM packet then the 421 TTL can be set to the required value as explained later in this 422 document. 424 There are three MPLS to MPLS PW control planes: 425 -i. Static configuration of the PW. 426 -ii. LDP using FEC 128 427 -iii. LDP using the generalized FEC 129 428 This results in four distinct PW switching situations that are 429 significantly different, and must be considered in detail: 430 -i. PW Switching between two static control planes. 431 -ii. Static Control plane switching to LDP dynamic control plane. 432 -iii. Two LDP control planes using the same FEC type 433 -iv. LDP using FEC 128, to LDP using the generalized FEC 129 435 7.1. Static Control plane switching 437 In the case of two static control planes the S-PE MUST be configured 438 to direct the MPLS packets from one PW into the other. There is no 439 control protocol involved in this case. When one of the control 440 planes is a simple static PW configuration and the other control 441 plane is a dynamic LDP FEC 128 or generalized PW FEC, then the static 442 control plane should be considered similar to an attachment circuit 443 (AC) in the reference model of Figure 1. The switching point PE 444 SHOULD signal the appropriate PW status if it detects a failure in 445 sending or receiving packets over the static PW segment. In the 446 absence of a PW status communication mechanism when the PW is 447 statically configured, the status communicated to the dynamic LDP PW 448 will be limited to local interface failures. In this case, the S-PE 449 PE behaves in a very similar manner to a T-PE, assuming an active 450 signaling role. This means that the S-PE will immediately send the 451 LDP Label Mapping message if the static PW is deemed to be UP. 453 7.2. Two LDP control planes using the same FEC type 455 The S-PE SHOULD assume an initial passive role. This means that when 456 independent PWs are configured on the switching point, the LSR does 457 not advertise the LDP PW FEC mapping until it has received at least 458 one of the two PW LDP FECs from a remote PE. This is necessary 459 because the switching point LSR does not know a priori what the 460 interface parameter field in the initial FEC advertisement will 461 contain. 463 If one of the S-PEs doesn't accept an LDP Label Mapping message then 464 a Label Release message may be sent back to the originator T-PE 465 depending on the cause of the error. LDP liberal label retention mode 466 still applies, hence if a PE is simply not configured yet, the label 467 mapping is stored for future use. A MS-PW is declared UP only when 468 all the constituent SS-PWs are UP. 470 The Pseudowire Identifier (PWID), as defined in [RFC4447] is a unique 471 number between each pair of PEs. Hence Each SS-PW that forms an MS-PW 472 may have a different PWID. In the case of The Generalized PW FEC, the 473 AGI/SAI/TAI may have to also be different for some, or sometimes all, 474 SS-PWs. 476 7.2.1. FEC 129 Active/Passive T-PE Election Procedure 478 When a MS-PW is signaled using FEC 129, each T-PE might independently 479 start signaling the MS-PW. If the MS-PW path is not statically 480 configured, in certain cases the signaling procedure could result in 481 an attempt to setup each direction of the MS-PW through different S- 482 PEs. If an operator wishes to avoid this situation one of the T-PE 483 MUST start the PW signaling (active role), while the other waits to 484 receive the LDP label mapping before sending the respective PW LDP 485 label mapping message. (passive role). When the MS-PW path not 486 statically configured, the Active T-PE (the ST-PE) and the passive 487 T-PE (the TT-PE) MUST be identified before signaling is initiated for 488 a given MS-PW. 490 The determination of which T-PE assume the active role SHOULD be done 491 as follows: 493 The SAII and TAII are compared as unsigned integers, if the SAII is 494 larger, then the T-PE assumes the active role. 496 The selection process to determine which T-PE assumes the active role 497 MAY be superseded by manual provisioning. In this case one of the T- 498 PEs MUST be set to active role, and the other one MUST be set to 499 passive role. 501 7.3. LDP FEC 128 to LDP using the generalized FEC 129 503 When a PE is using the generalized FEC 129, there are two distinct 504 roles that a PE can assume: active and passive. A PE that assumes the 505 active role will send the LDP PW setup message, while a passive role 506 PE will simply reply to an incoming LDP PW setup message. The S-PE 507 PE, will always remain passive until a PWID FEC 128 LDP message is 508 received, which will cause the corresponding generalized PW FEC LDP 509 message to be formed and sent. If a generalized FEC PW LDP message is 510 received while the switching point PE is in a passive role, the 511 corresponding PW FEC 128 LDP message will be formed and sent. 513 PW IDs need to be mapped to the corresponding AGI/TAI/SAI and vice 514 versa. This can be accomplished by local S-PE configuration, or by 515 some other means, such as some form of auto discovery. Such other 516 means are outside the scope of this document. 518 7.4. LDP Switching Point PE TLV 520 The edge to edge PW might traverse several switching points, in 521 separate administrative domains. For management and troubleshooting 522 reasons it is useful to record information about the switching points 523 that the PW traverses. This is accomplished by using a PW switching 524 Point TLV. 526 Sending the PW switching Point TLV (S-PE TLV) is OPTIONAL, however 527 the PE or S-PE MUST process the TLV upon reception. The "U" bit MUST 528 be set for backward compatibility with T-PEs that do not support the 529 MS-PW extensions described in the document. The S-PE TLV MAY appear 530 only once for each switching point traversed. The S-PE TLV is 531 appended to the PW FEC at each switching point, and the order of the 532 S-PE TLVs in the LDP message MUST be preserved. The S-PE TLV is 533 necessary to support some of the VCCV functions for MS-PWs. See 534 Section 9.5 for more details. The S-PE TLV is encoded as follows: 536 0 1 2 3 537 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 |1|0| S-PE TLV (0x096D) | S-PE TLV Length | 540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 | Sub-TLV Type | Length | Variable Length Value | 542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 | Variable Length Value | 544 | " " " | 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 [note] LDP TLV type is pending IANA approval. 549 - S-PE TLV Length 551 Specifies the total length of all the following S-PE TLV fields 552 in octets 554 - Sub-TLV Type 556 Encodes how the Value field is to be interpreted. 558 - Length 560 Specifies the length of the Value field in octets. 562 - Value 564 Octet string of Length octets that encodes information to be 565 interpreted as specified by the Type field. 567 PW Switching point sub-TLV Types are assigned by IANA according the 568 process defined in the "IANA Allocations" section below. 570 For local policy reasons, a particular S-PE can filter out all S-PE 571 TLVs in a label mapping message that traverses it and not include 572 it's own S-PE TLV. In this case, from any upstream PE, it will 573 appear as if this particular S-PE is the T-PE. This might be 574 necessary, depending on local policy if the S-PE is at the service 575 provider administrative boundary. It should also be noted that 576 because there are no S-PE TLVs describing the path beyond the S-PE 577 that removed them, VCCV will only work as far as that S-PE . 579 7.4.1. PW Switching Point Sub-TLVs 581 The S-PE TLV contains sub-TLVs that describe various characteristics 582 of the S-PE traversed. Below are the definitions of PW Switching 583 Point Sub-TLVs defined in this document: 585 - PW ID of last PW segment traversed. 587 This is only applicable if the last PW segment traversed used LDP 588 FEC 128 to signal the PW. This sub-TLV type contains a PW ID in 589 the format of the PWID described in [RFC4447]. This is just a 32 590 bit unsigned integer number. 592 - PW Switching Point description string. 594 An OPTIONAL description string of text up to 80 characters long. 595 Human-readable text MUST be provided in the UTF-8 charset using 596 the Default Language [RFC2277]. 598 - Local IP address of PW Switching Point. 600 The Local IP V4 or V6 address of the PW Switching Point. This is 601 an OPTIONAL Sub-TLV. In most cases this will be the local LDP 602 session IP address of the S-PE. 604 - Remote IP address of the last PW Switching Point traversed or of 605 the T-PE 607 The IP V4 or V6 address of the last PW Switching Point traversed 608 or of the T-PE. This is an OPTIONAL Sub-TLV. In most cases this 609 will be the remote IP address of the LDP session. This Sub-TLV 610 SHOULD only be included if there are no other S-PE TLV present 611 from other S-PEs, or if the remote ip address of the LDP session 612 does not correspond to the "Local IP address of PW Switching 613 Point" TLV value contained in the last S-PE TLV. 615 - The FEC element of last PW segment traversed. 617 This is only applicable if the last PW segment traversed used LDP 618 FEC 129 to signal the PW. 620 The FEC element of the last PW segment traversed. This is encoded 621 in the following format: 623 0 1 2 3 624 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 626 | AGI Type | Length | Value | 627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 628 ~ AGI Value (contd.) ~ 629 | | 630 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 631 | AII Type | Length | Value | 632 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 633 ~ SAII Value (contd.) ~ 634 | | 635 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 636 | AII Type | Length | Value | 637 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 638 ~ TAII Value (contd.) ~ 639 | | 640 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 - L2 PW address of PW Switching Point (recommended format). 644 This sub-TLV type contains a L2 PW address of PW Switching Point in 645 the format described in Section 3.2 of [RFC5003]. This includes the 646 AII type field, and length, as well as the L2 PW address with the AC 647 ID field set to zero. 649 7.4.2. Adaptation of Interface Parameters 651 [RFC4447] defines several interface parameters, which are used by the 652 Network Service Processing (NSP) to adapt the PW to the Attachment 653 Circuit (AC). The interface parameters are only used at the end 654 points, and MUST be passed unchanged across the S-PE. However the 655 following interface parameters MAY be modified as follows: 657 - 0x03 Optional Interface Description string This Interface 658 parameter MAY be modified, or altogether removed from the FEC 659 element depending on local configuration policies. 661 - 0x09 Fragmentation indicator This parameter MAY be inserted in 662 the FEC by the switching point if it is capable of re-assembly of 663 fragmented PW frames according to [RFC4623]. 665 - 0x0C VCCV parameter This Parameter contains the CC type, and CV 666 type bit fields. The CV type bit field MUST be reset to reflect 667 the CV type supported by the S-PE. CC type bit field MUST have 668 bit 1 "Type 2: MPLS Router Alert Label " set to 0. The other bit 669 fields MUST be reset to reflect the CC type supported by the S- 670 PE. 672 7.5. Group ID 674 The Group ID (GR ID) is used to reduce the number of status messages 675 that need to be sent by the PE advertising the PW FEC. The GR ID has 676 local significance only, and therefore MUST be mapped to a unique GR 677 ID allocated by the S-PE PE. 679 7.6. PW Loop Detection 681 A switching point PE SHOULD inspect the PW switching Point TLV, to 682 verify that it's own IP address does not appears in it. If the PE's 683 IP address appears in a received PW switching Point TLV, the PE 684 SHOULD break the loop, and send a label release message with the 685 following error code: 686 Assignment E Description 687 0x0000003A 0 "PW Loop Detected" 689 [ note: error code pending IANA allocation ] 690 If an S-PE along the MS-PW removed all S-PE TLVs, as mentined above, 691 this loop detection method will fail. 693 8. MPLS-PW to L2TPv3-PW Control Plane Switching 695 Both MPLS and L2TPv3 PWs may be static or dynamic. This results in 696 four possibilities when switching between L2TPv3 and MPLS. 698 -i. Switching between MPLS and L2TPv3 static control planes. 699 -ii. Switching between a static MPLS PW and a dynamic L2TPv3 PW. 700 -iii. Switching between a static L2TPv3 PW and a dynamic MPLS PW. 701 -iv. Switching between a dynamic MPLS PW and a dynamic L2TPv3 PW. 703 8.1. Static MPLS and L2TPv3 PWs 705 In the case of two static control planes, the S-PE MUST be configured 706 to direct packets from one PW into the other. There is no control 707 protocol involved in this case. The configuration MUST include which 708 MPLS PW Label maps to which L2TPv3 Session ID (and associated Cookie, 709 if present) as well as which MPLS Tunnel Label maps to which PE 710 destination IP address. 712 8.2. Static MPLS PW and Dynamic L2TPv3 PW 714 When a statically configured MPLS PW is switched to a dynamic L2TPv3 715 PW, the static control plane should be considered identical to an 716 attachment circuit (AC) in the reference model of Figure 1. The 717 switching point PE SHOULD signal the appropriate PW status if it 718 detects a failure in sending or receiving packets over the static PW. 719 Because the PW is statically configured, the status communicated to 720 the dynamic L2TPv3 PW will be limited to local interface failures. In 721 this case, the S-PE PE behaves in a very similar manner to a T-PE, 722 assuming an active role. 724 8.3. Static L2TPv3 PW and Dynamic LDP/MPLS PW 726 When a statically configured L2TPv3 PW is switched to a dynamic 727 LDP/MPLS PW, then the static control plane should be considered 728 identical to an attachment circuit (AC) in the reference model of 729 Figure 1. The switching point PE SHOULD signal the appropriate PW 730 status (via an L2TPv3 SLI message) if it detects a failure in sending 731 or receiving packets over the static PW. Because the PW is 732 statically configured, the status communicated to the dynamic 733 LDP/MPLS PW will be limited to local interface failures. In this 734 case, the S-PE PE behaves in a very similar manner to a T-PE, 735 assuming an active role. 737 8.4. Dynamic LDP/MPLS and L2TPv3 PWs 739 When switching between dynamic PWs, the switching point always 740 assumes an initial passive role. Thus, it does not initiate an 741 LDP/MPLS or L2TPv3 PW until it has received a connection request 742 (Label Mapping or ICRQ) from one side of the node. Note that while 743 MPLS PWs are made up of two unidirectional LSPs bonded together by 744 FEC identifiers, L2TPv3 PWs are bidirectional in nature, setup via a 745 3-message exchange (ICRQ, ICRP and ICCN). Details of Session 746 Establishment, Tear Down, and PW Status signaling are detailed below. 748 8.4.1. Session Establishment 750 When the S-PE receives an L2TPv3 ICRQ message, the identifying AVPs 751 included in the message are mapped to FEC identifiers and sent in an 752 LDP label mapping message. Conversely, if an LDP Label Mapping 753 message is received, it is either mapped to an ICRP message or causes 754 an L2TPv3 session to be initiated by sending an ICRQ. 756 Following are two example exchanges of messages between LDP and 757 L2TPv3. The first is a case where an L2TPv3 T-PE initiates an MS-PW, 758 the second is a case where an MPLS T-PE initiates an MS-PW. 760 PE 1 (L2TPv3) PW Switching Node PE3 (MPLS/LDP) 762 AC "Up" 763 L2TPv3 ICRQ ---> 764 LDP Label Mapping ---> 765 AC "Up" 766 <--- LDP Label Mapping 767 <--- L2TPv3 ICRP 768 L2TPv3 ICCN ---> 769 <-------------------- MH PW Established ------------------> 770 PE 1 (MPLS/LDP) PW Switching Node PE3 (L2TPv3) 772 AC "Up" 773 LDP Label Mapping ---> 774 L2TPv3 ICRQ ---> 775 <--- L2TPv3 ICRP 776 <--- LDP Label Mapping 777 L2TPv3 ICCN ---> 778 AC "Up" 779 <-------------------- MH PW Established ------------------> 781 8.4.2. Adaptation of PW Status message 783 L2TPv3 uses the SLI message to indicate a interface status change 784 (such as the interface transitioning from "Up" or "Down"). MPLS/LDP 785 PWs either signal this via an LDP Label Withdraw or the PW Status 786 Notification message defined in section 4.4 of [RFC4447]. 788 8.4.3. Session Tear Down 790 L2TPv3 uses a single message, CDN, to tear down a pseudowire. The CDN 791 message translates to a Label Withdraw message in LDP. Following are 792 two example exchanges of messages between LDP and L2TPv3. The first 793 is a case where an L2TPv3 T-PE initiates the termination of an MS-PW, 794 the second is a case where an MPLS T-PE initiates the termination of 795 an MS-PW. 797 PE 1 (L2TPv3) PW Switching Node PE3 (MPLS/LDP) 799 AC "Down" 800 L2TPv3 CDN ---> 801 LDP Label Withdraw ---> 802 AC "Down" 803 <-- LDP Label Release 805 <--------------- MH PW Data Path Down ------------------> 806 PE 1 (MPLS LDP) PW Switching Node PE3 (L2TPv3) 808 AC "Down" 809 LDP Label Withdraw ---> 810 L2TPv3 CDN --> 811 <-- LDP Label Release 812 AC "Down" 814 <---------------- MH PW Data Path Down ------------------> 816 8.5. Adaptation of L2TPv3 AVPs to Interface Parameters 818 [RFC4447] defines several interface parameters which MUST be mapped 819 to the equivalent AVPs in L2TPv3 setup messages. 821 * Interface MTU 823 The Interface MTU parameter is mapped directly to the L2TP 824 Interface MTU AVP defined in [RFC4667] 826 * Max Number of Concatenated ATM cells 828 This interface parameter is mapped directly to the L2TP "ATM 829 Maximum Concatenated Cells AVP" described in section 6 of 830 [RFC4454]. 832 * PW Type 834 The PW Type defined in [RFC4446] is mapped to the L2TPv3 "PW 835 Type" AVP defined in [L2TPv3]. 837 * PW ID (FEC 128) 839 For FEC 128, the PW ID is mapped directly to the L2TPv3 "Remote 840 End ID" AVP defined in [L2TPv3]. 842 * Generalized FEC 129 SAI/TAI 844 Section 4.3 of [RFC4667] defines how to encode the SAI and TAI 845 parameters. These can be mapped directly. 847 Other interface parameter mappings are unsupported when switching 848 between LDP/MPLS and L2TPv3 PWs. 850 8.6. Switching Point TLV in L2TPv3 852 When translating between LDP and L2TPv3 control messages, the PW 853 Switching Point TLV described earlier in this document is carried in 854 a single variable length L2TP AVP present in the ICRQ, ICRP messages, 855 and optionally in the ICCN message. 857 The L2TP "Switching Point AVP" is Attribute Type TBA-L2TP-AVP-1. The 858 AVP MAY be hidden (the L2TP AVP H-bit may be 0 or 1), the length of 859 the AVP is 6 plus the length of the series of Switching Point sub- 860 TLVs included in the AVP, and the AVP MUST NOT be marked Mandatory 861 (the L2TP AVP M-bit MUST be 0). 863 8.7. L2TPv3 and MPLS PW Data Plane 865 When switching between an MPLS and L2TP PW, packets are sent in their 866 entirety from one PW to the other, replacing the MPLS label stack 867 with the L2TPv3 and IP header or vice versa. 869 Section 5.4 of [RFC3985] discusses the purpose of the various shim 870 headers necessary for enabling a pseudowire over an IP or MPLS PSN. 871 For L2TPv3, the Payload Convergence and Sequencing function is 872 carried out via the Default L2-Specific Sublayer defined in [L2TPv3]. 873 For MPLS, these two functions (together with PSN Convergence) are 874 carried out via the MPLS Control Word. Since these functions are 875 different between MPLS and L2TPv3, interworking between the two may 876 be necessary. 878 The L2TP L2-Specific Sublayer and MPLS Control Word are shim headers 879 which in some cases are not necessary to be present at all. For 880 example, an Ethernet PW with sequencing disabled will generally not 881 require an MPLS Control Word or L2TP Default L2-Specific Sublayer to 882 be present at all. In this case, Ethernet frames are simply sent from 883 one PW to the other without any modification beyond the MPLS and 884 L2TP/IP encapsulation and decapsulation. 886 The following section offers guidelines for how to interwork between 887 L2TP and MPLS for those cases where the Payload Convergence, 888 Sequencing, or PSN Convergence functions are necessary on one or both 889 sides of the switching node. 891 8.7.1. Mapping the MPLS Control Word to L2TP 893 The MPLS Control Word consists of (from left to right): 895 0 1 2 3 896 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 897 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 898 |0 0 0 0| Reserved | Length | Sequence Number | 899 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 901 -i. These bits are always zero in MPLS are not necessary to be 902 mapped to L2TP. 904 -ii. These six bits may be used for Payload Convergence depending 905 on the PW type. For ATM, the first four of these bits are 906 defined in [RFC4717]. These map directly to the bits defined 907 in [RFC4454]. For Frame Relay, these bits indicate how to 908 set the bits in the Frame Relay header which must be 909 regenerated for L2TP as it carries the Frame Relay header 910 intact. 912 -iii. L2TP determines its payload length from IP. Thus, this 913 Length field need not be carried directly to L2TP. This 914 Length field will have to be calculated and inserted for 915 MPLS when necessary. 917 -iv. The Default L2-Specific Sublayer has a sequence number with 918 different semantics than that of the MPLS Control Word. This 919 difference eliminates the possibility of supporting 920 sequencing across the MS-PW by simply carrying the sequence 921 number through the switching point transparently. As such, 922 sequence numbers MAY be supported by checking the sequence 923 numbers of packets arriving at the switching point and 924 regenerating a new sequence number in the appropriate format 925 for the PW on egress. If this type of sequence interworking 926 at the switching node is not supported, and a T-PE requests 927 sequencing of all packets via the L2TP control channel 928 during session setup, the switching node SHOULD NOT allow 929 the session to be established by sending a CDN message with 930 Result Code set to 17 "sequencing not supported" (subject to 931 IANA Assignment). 933 9. Operation And Management 935 9.1. Extensions to VCCV to Support MS-PWs 937 Single-segment pseudowires are signaled using the Virtual Circuit 938 Connectivity Verification (VCCV) parameter included in the interface 939 parameter field of the PW ID FEC TLV or the interface parameter sub- 940 TLV of the Generalized PW ID FEC TLV as described in [RFC5085]. When 941 a switching point exist between PE nodes, it is required to be able 942 to continue operating VCCV end-to-end across a switching point and to 943 provide the ability to trace the path of the MS-PW over any number of 944 segments. 946 This document provides a method for achieving these two objectives. 947 This method is based on re-using the existing VCCV CW and 948 decrementing the TTL of the PW label at each S-PE in the path of the 949 MS-PW. 951 9.2. MPLS-PW to MPLS-PW OAM Data Plane Indication 953 As stated above the S-PE MUST perform a standard MPLS label swap 954 operation on the MPLS PW label. By the rules defined in [RFC3032] the 955 PW label TTL MUST be decreased at every S-PE. Once the PW label TTL 956 reaches the value of 0, the packet is sent to the control plane to be 957 processed. Hence, by controlling the PW TTL value of the PW label it 958 is possible to select exactly which S-PE will respond to the VCCV 959 packet. 961 9.3. Signaling OAM Capabilities for Switched Pseudowires 963 Similarly to SS-PW, MS-PW VCCV capabilities are signaled using the 964 VCCV parameter included in the interface parameter field of the PW ID 965 FEC TLV or the sub-TLV interface parameter of the Generalized PW ID 966 FEC TLV as described in [RFC5085]. 968 In Figure 3 T-PE1 uses the VCCV parameter included in the interface 969 parameter field of the PW ID FEC TLV or the sub-TLV interface 970 parameter of the Generalized PW ID FEC TLV to indicate to the far end 971 T-PE2 what VCCV capabilities T-PE1 supports. This is the same VCCV 972 parameter as would be used if T-PE1 and T-PE2 were connected 973 directly. S-PE2, which is a PW switching point, as part of the 974 adaptation function for interface parameters, processes locally the 975 VCCV parameter then passes it to T-PE2. If there were multiple S-PEs 976 on the path between T-PE1 and T-PE2, each would carry out the same 977 processing, passing along the VCCV parameter. The local processing of 978 the VCCV parameter removes CC Types specified by the originating T-PE 979 that are not supported on the S-PE. For example, if T-PE1 indicates 980 supports CC Types 1,2,3 and the Then the S-PE removes the Router 981 Alert CC Type=2, leaving the rest of the TLV unchanged, and passes 982 the modified VCCV parameter to the next S-PE along the path. 984 The far end T-PE (T-PE2) receives the VCCV parameter indicating only 985 the CC types that are supported by the initial T-PE (T-PE1) and all 986 S-PEs along the PW path. 988 9.4. OAM Capability for MS-PWs Demultiplexed using MPLS 990 The VCCV parameter ID is defined as follows in [RFC4446]: 992 Parameter ID Length Description 993 0x0c 4 VCCV 995 The format of the VCCV parameter field is as follows: 997 0 1 2 3 998 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 999 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1000 | 0x0c | 0x04 | CC Types | CV Types | 1001 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1003 0x01 Type 1: PWE3 control word with 0001b as first nibble 1004 as defined in [RFC4385]. 1005 0x02 Type 2: MPLS Router Alert Label. 1006 0x04 Type 3: MPLS PW De-multiplexor Label TTL = 1 (Type 3). 1008 9.4.1. MS-PW and VCCV CC Type 1 1010 VCCV CC type 1 can be used for MS-PWs. However, if the CW is enabled 1011 on user packets, VCCV CC type 1 MUST be used according to the rules 1012 in [RFC5085]. When using CC type 1 for MS-PWs the PE transmitting 1013 the VCCV packet MUST set the TTL to the appropriate value to reach 1014 the destination S-PE. However if the packet is destined for the T-PE, 1015 the TTL can be set to any value that is sufficient for the packet to 1016 reach the T-PE. 1018 9.4.2. MS-PW and VCCV CC type 2 1020 VCCV CC type 2 is not supported for MS-PWs and MUST be removed from a 1021 VCCV parameter field by the S-PE. 1023 9.4.3. MS-PW and VCCV CC type 3 1025 VCCV CC type 3 can be used for MS-PWs, however if the CW is enabled 1026 VCCV type 1 is preferred according to the rules in [RFC5085]. Note 1027 that for using the VCCV type 3, TTL method, the PE will set the PW 1028 label TTL to the appropriate value necessary to reach the target PE, 1029 otherwise the VCCV packet might be forwarded over the AC to the CPE. 1031 9.5. MS-PW VCCV Operations 1033 This document specifies four VCCV operations: 1034 -i. End-to-end MS-PW connectivity verification. This operation 1035 enables the connectivity of the MS-PW to be tested from 1036 source T-PE to destination T-PE. In order to do this, the 1037 sending T-PE must include the FEC used in the last segment 1038 of the MS-PW to the destination T-PE in the VCCV-Ping echo 1039 request. This information is either configured at the 1040 sending T-PE or is obtained by processing the corresponding 1041 sub-TLVs of the optional S-PE TLV, as described below. 1042 -ii. Partial MS-PW connectivity verification. This operation 1043 enables the connectivity of any contiguous subset of the 1044 segments of a MS-PW to be tested from the source T-PE or a 1045 source S-PE to a destination S-PE or T-PE. Again, the FEC 1046 used on the last segment to be tested must be included in 1047 the VCCV-Ping echo request message. This information is 1048 determined by the sending T-PE or S-PE as in (i) above. 1049 -iii. MS-PW path verification. This operation verifies the path of 1050 the MS-PW, as returned by the S-PE TLV, against the actual 1051 data path of the MS-PW. The sending T-PE or S-PE iteratively 1052 sends a VCCV echo request to each S-PE along the MS-PW path, 1053 using the FEC for the corresponding MS-PW segment in the 1054 switching point TLV. If the S-PE TLV information is correct, 1055 then a VCCV echo reply showing that this is a valid router 1056 for the FEC will be received. However, if the switching 1057 point TLV information is incorrect, then this operation 1058 enables the first incorrect switching point to be 1059 determined, but not the actual path of the MS-PW beyond 1060 that. This operation cannot be used when the MS-PW is 1061 statically configured or when the S-PE TLV is not suported. 1062 The processing of the PW switching TLV used for this 1063 operation is described below. This operation is OPTIONAL. 1065 -iv. MS-PW path trace. This operation traces the data path of the 1066 MS-PW using FECs included in the Target FEC stack TLV 1067 [RFC4379] returned by S-PEs or T-PEs in an echo reply 1068 message. The sending T-PE or S-PE uses this information to 1069 recursively test each S-PE along the path of the MS-PW in a 1070 single operation in a similar manner to LSP trace. This 1071 operation is able to determine the actual data path of the 1072 MS-PW, and can be used for both statically configured and 1073 signaled MS-PWs. Support for this operation is OPTIONAL. 1075 Note that the above operations rely on intermediate S-PEs and/or the 1076 destination T-PE to include the switching point TLV as a part of the 1077 MS-PW setup process, or to include the Target FEC stack TLV in the 1078 VCCV echo reply message. For various reasons, e.g. privacy or 1079 security of the S-PE/T-PE, this information may not be available to 1080 the source T-PE. In these cases, manual configuration of the FEC MAY 1081 still be used. 1083 9.5.1. VCCV Echo Message Processing 1085 The challenge for the control plane is to be able to build the VCCV 1086 echo request packet with the necessary information to reach the 1087 desired S-PE or T-PE, for example the target FEC 128 PW sub-TLV of 1088 the downstream PW segment that the packet is destined for. This could 1089 be even more difficult in situations in which the MS-PW spans 1090 different providers and Autonomous Systems. 1092 For example, in Figure 3, T-PE1 has the FEC128 of the segment, PW 1093 segment 1, but it does not readily have the information required to 1094 compose the FEC128 of the following segment, PW segment 3, if a VCCV 1095 echo request to be sent to T-PE2. This can be achieved by the methods 1096 described in the following subsections. 1098 9.5.1.1. Sending a VCCV Echo Request 1100 When performing a partial or end-to-end connectivity or path 1101 verification, the sender of the echo request message requires the FEC 1102 of the last segment to the target S-PE/T-PE node. This information 1103 can either be configured manually or be obtained by inspecting the 1104 corresponding sub-TLV's of the PW switching point TLV. 1106 The necessary S-PE sub-TLVs are : 1108 Type Description 1109 0x01 PW ID of last PW segment traversed 1110 0x03 Local IP address of PW Switching Point 1111 0x04 Remote IP address of last PW Switching Point traversed or 1112 of the T-PE 1114 When performing an OPTIONAL MS-PW path trace operation, the T-PE will 1115 automatically learn the target FEC by probing, one by one, the S-PEs 1116 of the MS-PW path, using the FEC returned in the Target FEC stack of 1117 the previous VCCV echo reply. 1119 9.5.1.2. Receiving a VCCV Echo Request 1121 Upon receiving a VCCV echo request the control plane on S-PEs (or the 1122 target node of each segment of the MS-PW) validates the request and 1123 responds to the request with an echo reply consisting of a return 1124 code of 8 (label switched at stack-depth) indicating that it is an 1125 S-PE and not the egress router for the MS-PW. 1127 S-PEs that wish to reveal their downstream next-hop in a trace 1128 operation should include the FEC of the downstream PW segment in the 1129 Target FEC stack (as per Sections 3.2 and 4.5 of [RFC4379]) of the 1130 echo reply message. FEC128 PWs MUST use the format shown in Section 1131 3.2.09 of [RFC4379] for the sub-TLV in the Target FEC stack, while 1132 FEC129 PWs MUST use the format shown in Section 3.2.10 of [RFC4379] 1133 for the sub-TLV in the Target FEC stack. Note that an S-PE MUST NOT 1134 include this FEC information in the reply if it has been configured 1135 not to do so for administrative reasons, or for reasons explained 1136 previously. 1138 If the node is the T-PE or the egress node of the MS-PW, it responds 1139 to the echo request with an echo reply with a return code of 3 1140 (egress router). 1142 9.5.1.3. Receiving a VCCV Echo Reply 1144 The operation to be taken by the node receiving the echo reply in 1145 response to an echo request depends on the VCCV mode of operation 1146 described above. See Section 9.5.2 for detailed procedures. 1148 9.5.2. Detailed VCCV procedures 1150 There are two similar methods of verifying the MS-PW path: Path 1151 Trace, and Path Verification. Path Trace does not use the LDP control 1152 plane to obtain information on the path to verify, so this method is 1153 well suited if portions of the MS-PW are statically configured SS- 1154 PWs. The Path Verification method relies on information obtained from 1155 the LDP control plane, and hence offers better verification of the 1156 current forwarding behavior compared to the LDP signaled forwarding 1157 information of the MS-PW path. However in the case where there are 1158 statically signaled SS-PW in the MS-PW path, the path information is 1159 unavailable and must be programmed manually. 1161 9.5.2.1. End to End Connectivity Verification Between T-PEs 1163 In Figure 3, if T-PE1, S-PE and T-PE2 support Control Word, the PW 1164 control plane will automatically negotiate the use of the CW. VCCV CC 1165 type 3 will function correctly whether the CW is enable or not on the 1166 PW. However VCCV type 1 for (which can be use for end to end 1167 verification only), is only supported if the CW is enabled. 1169 At the S-PE the data path operations include an outer label pop, 1170 inner label swap and new outer label push. Note that there is no 1171 requirement for the S-PE to inspect the CW. Thus, the end-to-end 1172 connectivity of the multi-segment pseudowire can be verified by 1173 performing all of the following steps: 1174 -i. T-PE forms a VCCV-ping echo request message with the FEC 1175 matching that of the last segment PW to the destination T- 1176 PE. 1178 -ii. T-PE sets the inner PW label TTL to the exact value to allow 1179 the packet to reach the far end T-PE. ( the value is 1180 determined by counting the number of S-PEs from the control 1181 plane information ) Alternatively, if CC type 1 is supported 1182 the packet can be encapsulated according to CC type 1 in 1183 [RFC5085] 1185 -iii. T-PE sends a VCCV packet that will follow the exact same 1186 data path at each S-PE as that taken by data packets. 1188 -iv. S-PE may performs an outer label pop, if PHP is disabled, 1189 and will perform an inner label swap with TTL decrement, and 1190 new outer label push. 1192 -v. There is no requirement for the S-PE to inspect the CW. 1194 -vi. The VCCV packet is diverted to VCCV control processing at 1195 the destination T-PE. 1197 -vii. Destination T-PE replies using the specified reply mode, 1198 i.e., reverse PW path or IP path. 1200 9.5.2.2. Partial Connectivity Verification from T-PE 1202 In order to trace part of the multi-segment pseudowire, the TTL of 1203 the PW label may be used to force the VCCV message to 'pop out' at an 1204 intermediate node. When the TTL expires, the S-PE can determine that 1205 the packet is a VCCV packet by either checking the control word (CW), 1206 or if the CW is not in use by checking for a valid IP header with UDP 1207 destination port 3503. The packet should then be diverted to VCCV 1208 processing. 1210 In Figure 3, if T-PE1 sends a VCCV message with the TTL of the PW 1211 label equal to 1, the TTL will expire at the S-PE. T-PE1 can thus 1212 verify the first segment of the pseudowire. 1214 The VCCV packet is built according to [RFC4379] section 3.2.9 for FEC 1215 128, or 3.2.10 for a FEC 129 PW. All the information necessary to 1216 build the VCCV LSP ping packet is collected by inspecting the S-PE 1217 TLVs. 1219 Note that this use of the TTL is subject to the caution expressed in 1220 [RFC5085]. If a penultimate LSR between S-PEs or between an S-PE and 1221 a T-PE manipulates the PW label TTL, the VCCV message may not emerge 1222 from the MS-PW at the correct S-PE. 1224 9.5.2.3. Partial connectivity verification between S-PEs 1226 Assuming that all nodes along an MS-PW support the Control Word CC 1227 Type 3, VCCV between S-PEs may be accomplished using the PW label TTL 1228 as described above. In Figure 3, the S-PE may verify the path between 1229 it and T-PE2 by sending a VCCV message with the PW label TTL set to 1230 1. Given a more complex network with multiple S-PEs, an S-PE may 1231 verify the connectivity between it and an S-PE two segments away by 1232 sending a VCCV message with the PW label TTL set to 2. Thus, an S-PE 1233 can diagnose connectivity problems by successively increasing the 1234 TTL. All the information needed to build the proper VCCV echo 1235 request packet as described in [RFC4379] section 3.2.9 or 3.2.10 is 1236 obtained automatically from the LDP label mapping that contains S-PE 1237 TLVs. 1239 9.5.2.4. MS-PW Path Verification 1241 As an example, in Figure 3, VCCV trace can be performed on the MS-PW 1242 originating from T-PE1 by a single operational command. The following 1243 process ensues: 1244 -i. T-PE1 sends a VCCV echo request with TTL set to 1 and a FEC 1245 containing the pseudowire information of the first segment 1246 (PW1 between T-PE1 and S-PE) to S-PE for validation. If FEC 1247 Stack Validation is enabled, the request may also include 1248 additional sub-TLV such as LDP Prefix and/or RSVP LSP 1249 dependent on the type of transport tunnel the segmented PW 1250 is riding on. 1252 -ii. S-PE validates the echo request with the FEC. Since it is a 1253 switching point between the first and second segment it 1254 builds an echo reply with a return code of 8 and sends the 1255 echo reply back to T-PE1. 1257 -iii. T-PE1 builds a second VCCV echo request based on the 1258 infomation obtained from the control plane (S-PE TLV). It 1259 then increments the TTL and sends it out to T-PE2. Note that 1260 the VCCV echo request packet is switched at the S-PE 1261 datapath and forwarded to the next downstream segment 1262 without any involvement from the control plane. 1264 -iv. T-PE2 receives and validates the echo request with the FEC. 1265 Since T-PE2 is the destination node or the egress node of 1266 the MS-PW it replies to T-PE1 with an echo reply with a 1267 return code of 3 (Egress Router). 1269 -v. T-PE1 receives the echo reply from T-PE2. T-PE1 is made 1270 aware that T-PE2 is the destination of the MS-PW because the 1271 echo reply has a return code of is 3. The trace process is 1272 completed. 1274 If no echo reply is received, or an error code is received from a 1275 particular PE, the trace process MUST stop immediately, and packets 1276 MUST NOT be sent further along the MS-PW. 1278 For more detail on the format of the VCCV echo packet, refer to 1279 [RFC5085] and [RFC4379]. The TTL here refers to that of the inner 1280 (PW) label TTL. 1282 9.5.2.5. MS-PW Path Trace 1284 As an example, in Figure 3, VCCV trace can be performed on the MS-PW 1285 originating from T-PE1 by a single operational command. The following 1286 OPTIONAL process ensues: 1288 -i. T-PE1 sends a VCCV echo request with TTL set to 1 and a FEC 1289 containing the pseudowire information of the first segment 1290 (PW1 between T-PE1 and S-PE) to S-PE for validation. If FEC 1291 Stack Validation is enabled, the request may also include 1292 additional sub-TLV such as LDP Prefix and/or RSVP LSP 1293 dependent on the type of transport tunnel the segmented PW 1294 is riding on. 1296 -ii. The S-PE validates the echo request with the FEC. 1298 -iii. The S-PE builds an echo reply with a return code of 8 and 1299 sends the echo reply back to T-PE1, appending the FEC128 1300 information for the next segment along the MS-PW to the VCCV 1301 echo reply packet using the Target FEC stack TLV (as per 1302 Sections 3.2 and 4.5 of [RFC4379]). 1304 -iv. T-PE1 builds a second VCCV echo request based on the 1305 infomation obtained from the FEC stack TLV received in the 1306 previous VCCV echo reply. It then increments the TTL and 1307 sends it out to T-PE2. Note that the VCCV echo request 1308 packet is switched at the S-PE datapath and forwarded to the 1309 next downstream segment without any involvement from the 1310 control plane. 1312 -v. T-PE2 receives and validates the echo request with the FEC. 1313 Since T-PE2 is the destination node or the egress node of 1314 the MS-PW it replies to T-PE1 with an echo reply with a 1315 return code of 3 (Egress Router). 1317 -vi. T-PE1 receives the echo reply from T-PE2. T-PE1 is made 1318 aware that T-PE2 is the destination of the MS-PW because the 1319 echo reply has a return code of is 3. The trace process is 1320 completed. 1322 If no echo reply is received, or an error code is received from a 1323 particular PE, the trace process MUST stop immediately, and packets 1324 MUST NOT be sent further along the MS-PW. 1326 For more detail on the format of the VCCV echo packet, refer to 1327 [RFC5085] and [RFC4379]. The TTL here refers to that of the inner 1328 (PW) label TTL. 1330 10. Mapping Switched Pseudowire Status 1332 In the PW switching with attachment circuits case (Figure 2), PW 1333 status messages indicating PW or attachment circuit faults MUST be 1334 mapped to fault indications or OAM messages on the connecting AC as 1335 defined in [PW-MSG-MAP]. 1337 In the PW control plane switching case (Figure 3), there is no 1338 attachment circuit at the S-PE, but the two PWs are connected 1339 together. Similarly, the status of the PWs are forwarded unchanged 1340 from one PW to the other by the control plane switching function. 1341 However, it may sometimes be necessary to communicate fault status of 1342 one of the locally attached PW segments at a S-PE. For LDP this can 1343 be accomplished by sending an LDP notification message containing the 1344 PW status TLV, as well as an OPTIONAL PW switching point TLV as 1345 follows: 1347 0 1 2 3 1348 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1350 |0| Notification (0x0001) | Message Length | 1351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1352 | Message ID | 1353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1354 |0|1| Status (0x0300) | Length | 1355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1356 |0|1| Status Code=0x00000028 | 1357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1358 | Message ID=0 | 1359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1360 | Message Type=0 | PW Status TLV | 1361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1362 | PW Status TLV | 1363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1364 | PW Status TLV | PWId FEC | 1365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1366 | | 1367 | | 1368 | PWId FEC or Generalized ID FEC | 1369 | | 1370 | | 1371 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1372 |1|0| S-PE TLV (0x096D) | S-PE TLV Length | 1373 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1374 | Type | Length | Variable Length Value | 1375 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1376 Only one S-PE TLV can be present in this message. This message is 1377 then relayed by each S-PE unchanged. The T-PE decodes the status 1378 message and the included S-PE TLV to detect exactly where the fault 1379 occurred. At the T-PE if there is no S-PE TLV included in the LDP 1380 status notification then the status message can be assumed to have 1381 originated at the remote T-PE. 1383 The merging of the received LDP status and the local status for the 1384 PW segments at an S-PE can be summarized as follows: 1386 -i. When the local status for both PW segments is UP, the S-PE 1387 passes any received AC or PW status bits unchanged, i.e., 1388 the status notification TLV is unchanged but the PWid in the 1389 case of a FEC 128 TLV is set to the value of the PW segment 1390 of the next hop. 1392 -ii. When the local status for any of the PW segments is at 1393 fault, the S-PE always sends the local status bits 1394 regardless if the received status bits from the remote node 1395 indicated that an upstream fault has cleared. AC status bit 1396 are passed along unchanged. 1398 10.1. S-PE initiated PW status messages 1400 The PW fault directions are defined as follows: 1402 +-------+ 1403 ---PW1 receive---->| |-----PW2 Transmit----> 1404 S-PE1 | S-PE2 | S-PE3 1405 <--PW1 Transmit----| |<----PW2 Receive------ 1406 +-------+ 1407 Figure 4. S-PE and PW tx/rx directions. 1409 When a local fault is detected by the S-PE, a PW status message is 1410 sent in both directions along the PW. Since there are no attachment 1411 circuits on an S-PE, only the following status messages are relevant: 1413 0x00000008 - Local PSN-facing PW (ingress) Receive Fault 1414 0x00000010 - Local PSN-facing PW (egress) Transmit Fault 1416 Each S-PE needs to store only two 32-bit PW status words for each PW 1417 segment: One for local failures, and one for remote failures 1418 (normally received from another PE). The first failure will set the 1419 appropriate bit in the 32-bit status word, and each subsequent 1420 failure will be ORed to the appropriate PW status word. In the case 1421 of the PW status word storing remote failures, this rule has the 1422 effect of a logical OR operation with the first failure received on 1423 the particular PW segment. 1425 It should be noted that remote failures received on an S-PE are just 1426 passed along the MS-PW unchanged while local failures detected an S- 1427 PE are signalled on both PW segments. 1429 A T-PE can receive multiple failures from S-PEs along the MS-PW, 1430 however only the failure from the remote closest S-PE will be stored 1431 (last pw status message received). The PW status word received are 1432 just ORed to any existing remote PW status already stored on the T- 1433 PE. 1435 Given that there are two PW segments at a particular S-PE for a 1436 particular MS-PW, referring to figure 4, there are four possible 1437 failure cases as follows: 1439 -i. PW2 Transmit direction fault 1440 -ii. PW1 Transmit direction fault 1441 -iii. PW2 Receive direction fault 1442 -iv. PW1 Receive direction fault 1444 Once a PW status notification message is initiated at a S-PE for a 1445 particular PW status bit any further status message, for the same 1446 status bit, received from an upstream neighbor is processed locally 1447 and not forwarded until the S-PE original status error state is 1448 cleared. 1450 Each S-PE along the MS-PW MUST store any PW status messages 1451 transiting it. If more than one status message with the same PW 1452 status bit set is received by a T-PE, or S-PE only the last PW 1453 status message is stored. 1455 10.1.1. Local PW2 transmit direction fault 1457 When this failure occurs the S-PE will take the following actions: 1459 * Send a PW status message to S-PE3 containing "0x00000010 - Local 1460 PSN-facing PW (egress) Transmit Fault" 1461 * Send a PW status message to S-PE1 containing "0x00000008 - Local 1462 PSN-facing PW (ingress) Receive Fault" 1463 * Store 0x00000010 in the local PW status word for the PW segment 1464 toward S-PE3. 1466 10.1.2. Local PW1 transmit direction fault 1468 When this failure occurs the S-PE will take the following actions: 1470 * Send a PW status message to S-PE1 containing "0x00000010 - Local 1471 PSN-facing PW (egress) Transmit Fault" 1472 * Send a PW status message to S-PE3 containing "0x00000008 - Local 1473 PSN-facing PW (ingress) Receive Fault" 1474 * Store 0x00000010 in the local PW status word for the PW segment 1475 toward S-PE1. 1477 10.1.3. Local PW2 receive direction fault 1479 When this failure occurs the S-PE will take the following actions: 1480 * Send a PW status message to S-PE3 containing "0x00000008 - Local 1481 PSN-facing PW (ingress) Receive Fault" 1482 * Send a PW status message to S-PE1 containing "0x00000010 - Local 1483 PSN-facing PW (egress) Transmit Fault" 1484 * Store 0x00000008 in the local PW status word for the PW segment 1485 toward S-PE3. 1487 10.1.4. Local PW1 receive direction fault 1489 When this failure occurs the S-PE will take the following actions: 1490 * Send a PW status message to S-PE1 containing "0x00000008 - Local 1491 PSN-facing PW (ingress) Receive Fault" 1492 * Send a PW status message to S-PE3 containing "0x00000010 - Local 1493 PSN-facing PW (egress) Transmit Fault" 1494 * Store 0x00000008 in the local PW status word for the PW segment 1495 toward S-PE1. 1497 10.1.5. Clearing Faults 1499 Remote PW status fault clearing messages received by an S-PE will 1500 only be forwarded if there are no corresponding local faults on the 1501 S-PE. (local faults always supersede remote faults) 1503 Once the local fault has cleared, and there is no corresponding (same 1504 PW status bit set) remote fault, a PW status messages is sent out to 1505 the adjacent PEs clearing the fault. 1507 When a PW status fault clearing message is forwarded, the S-PE will 1508 always send the S-PE TLV associated with the PE which cleared the 1509 fault. 1511 10.2. PW status messages and S-PE TLV processing 1513 When a PW status message is received that includes a S-PE TLV, the 1514 S-PE TLV information MAY be stored, along with the contents of the PW 1515 status Word according to the procedures described above. The S-PE TLV 1516 stored is always the S-PE TLV that is associated with the PE that set 1517 that particular last fault. If subsequent PW status message for the 1518 same PW status bit are received the S-PE TLV will overwrite the 1519 previously stored S-PE TLV. 1521 10.3. T-PE processing of PW status messages 1523 The PW switching architecture is based on the concept that the T-PE 1524 should process the PW LDP messages in the same manner as if it was 1525 participating in the setup of a PW segment. However T-PE 1526 participating a MS-PW, SHOULD be able to process the S-PE TLV. 1527 Otherwise the processing of PW status messages, and other PW setup 1528 messages is exactly as described in [RFC4447]. 1530 10.4. Pseudowire Status Negotiation Procedures 1532 Pseudowire Status signaling methodology, defined in [RFC4447], SHOULD 1533 be transparent to the switching point. 1535 10.5. Status Dampening 1537 When the PW control plane switching methodology is used to cross an 1538 administrative boundary it might be necessary to prevent excessive 1539 status signaling changes from being propagated across the 1540 administrative boundary. This can be achieved by using a similar 1541 method as commonly employed for the BGP protocol route advertisement 1542 dampening. The details of this OPTIONAL algorithm are a matter of 1543 implementation, and are outside the scope of this document. 1545 11. Peering Between Autonomous Systems 1547 The procedures outlined in this document can be employed to provision 1548 and manage MS-PWs crossing AS boundaries. The use of more advanced 1549 mechanisms involving auto-discovery and ordered PWE3 MS-PW signaling 1550 will be covered in a separate document. 1552 12. Congestion Considerations 1554 Each PSN carrying the PW may be subject to congestion. The Congestion 1555 considerations in [RFC3985] apply to PW segments as well. Each PW 1556 segment will handle any congestion experienced by the PW traffic 1557 independently of the other MS-PW segments. It is possible that 1558 passing knowledge of congestion between segments, and to the T-PEs 1559 can result in more efficients edge to edge congestion mitigation 1560 systems. However any specific methods of congestion mitigation are 1561 outside the scope of this document and left for further study. 1563 13. Security Considerations 1565 This document specifies the LDP, L2TPv3, and VCCV extensions that are 1566 needed for setting up and maintaining pseudowires. The purpose of 1567 setting up pseudowires is to enable layer 2 frames to be encapsulated 1568 and transmitted from one end of a pseudowire to the other. Therefore 1569 we discuss the security considerations for both the data plane and 1570 the control plane in the following sections. 1572 13.1. Data Plane Security 1574 Data plane security consideration as discussed in [RFC4447], 1575 [L2TPv3], and [RFC3985] apply to this extension without any changes. 1577 13.1.1. VCCV Security considerations 1579 The VCCV technology for MS-PW offers a method for the service 1580 provider to verify the data path of a specific PW. This involves 1581 sending a packet to a specific PE and receiving an answer which 1582 either confirms, or indicates that the information contained in the 1583 packet is incorrect. This is a very similar process to the commonly 1584 used IP ICMP ping, and TTL expired methods for IP networks. It should 1585 be noted that when using VCCV Type 3 for PW when the CW is not 1586 enabled, if a packet is crafted with a TTL greater then the number of 1587 hops along the MS-PW path, or an S-PE along the path mis-processes 1588 the TTL, the packet could mistakenly be forwarded out the attachment 1589 circuit as a native PW packet. This packet would most likely be 1590 treated as an error packet by the CE. However if this possibility is 1591 not acceptable, the CW should be enabled to guarantee that a VCCV 1592 packet will never be mistakenly forwarded to the AC. 1594 13.2. Control Protocol Security 1596 General security considerations with regard to the use of LDP are 1597 specified in section 5 of RFC 5036. Security considerations with 1598 regard to the L2TPv3 control plane are specified in [L2TPv3]. These 1599 considerations apply as well to the case where LDP or L2TPv3 is used 1600 to set up PWs. 1602 A Pseudowire connects two attachment circuits. It is important to 1603 make sure that LDP connections are not arbitrarily accepted from 1604 anywhere, or else a local attachment circuit might get connected to 1605 an arbitrary remote attachment circuit. Therefore an incoming session 1606 request MUST NOT be accepted unless its IP source address is known to 1607 be the source of an "eligible" peer. The set of eligible peers could 1608 be pre-configured (either as a list of IP addresses, or as a list of 1609 address/mask combinations), or it could be discovered dynamically via 1610 an auto-discovery protocol which is itself trusted. (Note that if the 1611 auto-discovery protocol were not trusted, the set of "eligible peers" 1612 it produces could not be trusted.) 1614 Even if a connection request appears to come from an eligible peer, 1615 its source address may have been spoofed. So some means of 1616 preventing source address spoofing must be in place. For example, if 1617 all the eligible peers are in the same network, source address 1618 filtering at the border routers of that network could eliminate the 1619 possibility of source address spoofing. 1621 For a greater degree of security, the LDP authentication option, as 1622 described in section 2.9 of [RFC5036], or the Control Message 1623 Authentication option of [L2TPv3] MAY be used. This provides 1624 integrity and authentication for the control messages, and eliminates 1625 the possibility of source address spoofing. Use of the message 1626 authentication option does not provide privacy, but privacy of 1627 control messages are not usually considered to be highly important. 1628 Both the LDP and L2TPv3 message authentication options rely on the 1629 configuration of pre-shared keys, making it difficult to deploy when 1630 the set of eligible neighbors is determined by an auto-configuration 1631 protocol. 1633 When the Generalized ID FEC Element is used, it is possible that a 1634 particular peer may be one of the eligible peers, but may not be the 1635 right one to connect to the particular attachment circuit identified 1636 by the particular instance of the Generalized ID FEC element. 1637 However, given that the peer is known to be one of the eligible peers 1638 (as discussed above), this would be the result of a configuration 1639 error, rather than a security problem. Nevertheless, it may be 1640 advisable for a PE to associate each of its local attachment circuits 1641 with a set of eligible peers, rather than having just a single set of 1642 eligible peers associated with the PE as a whole. 1644 14. IANA Considerations 1646 14.1. L2TPv3 AVP 1648 This document uses a new L2TP parameter, IANA already maintains a 1649 registry of name "Control Message Attribute Value Pair" defined by 1650 [RFC3438]. The following new value is required: 1652 TBA-L2TP-AVP-1 - PW Switching Point AVP 1654 14.2. LDP TLV TYPE 1656 This document uses a new LDP TLV types, IANA already maintains a 1657 registry of name "TLV TYPE NAME SPACE" defined by RFC5036. The 1658 following value is suggested for assignment: 1660 TLV type Description 1661 0x096D Pseudowire Switching Point PE TLV 1663 14.3. LDP Status Codes 1665 This document uses a new LDP status codes, IANA already maintains a 1666 registry of name "STATUS CODE NAME SPACE" defined by RFC5036. The 1667 following value is suggested for assignment: 1669 Assignment E Description 1670 0x0000003A 0 "PW Loop Detected" 1672 14.4. L2TPv3 Result Codes 1674 This document uses a new L2TPv3 Result Code for the CDN message, to 1675 be assigned IANA in the "Result Code AVP (Attribute Type 1) Values" 1676 registry as follows: 1678 Registry Name: Result Code AVP (Attribute Type 1) Values Defined 1679 Result Code values for the CDN message are: 1680 Assignment Description 1681 TBD Sequencing not supported 1683 14.5. New IANA Registries 1685 IANA needs to set up a registry of "Pseudowire Switching Point PE 1686 sub-TLV Type". These are 8-bit values. Type value 1 through 6 are 1687 defined in this document. Type values 7 through 64 are to be assigned 1688 by IANA using the "Expert Review" policy defined in RFC5226. Type 1689 values 65 through 127, 0 and 255 are to be allocated using the IETF 1690 consensus policy defined in [RFC5226]. Type values 128 through 254 1691 are reserved for vendor proprietary extensions and are to be assigned 1692 by IANA, using the "First Come First Served" policy defined in 1693 RFC5226. 1695 The Type Values are assigned as follows: 1696 Type Length Description 1698 0x01 4 PW ID of last PW segment traversed 1699 0x02 variable PW Switching Point description string 1700 0x03 4/16 Local IP address of PW Switching Point 1701 0x04 4/16 Remote IP address of last PW Switching Point traversed 1702 or of the T-PE 1703 0x05 variable FEC Element of last PW segment traversed 1704 0x06 12 L2 PW address of PW Switching Point 1706 15. Normative References 1708 [RFC4385] " Pseudowire Emulation Edge-to-Edge (PWE3) 1709 Control Word for Use over an MPLS PSN", S. Bryant, et al., 1710 RFC4385, February 2006. 1712 [RFC4446] "IANA Allocations for Pseudowire Edge to Edge 1713 mulation (PWE3)", L. Martini, RFC4446, April 2006. 1715 [RFC4447] "Pseudowire Setup and Maintenance Using the 1716 Label Distribution Protocol (LDP)", Martini, L., 1717 et al., rfc4447 April 2006. 1719 [RFC4364] "BGP/MPLS IP Virtual Private Networks (VPNs)", Rosen, E, 1720 Rekhter, Y., RFC4364, February 2006 1721 October 2004. 1723 [L2TPv3] "Layer Two Tunneling Protocol (Version 3)", J. Lau, 1724 M. Townsley, I. Goyret, RFC3931 1726 [RFC5085] Nadeau, T., et al. "Pseudo Wire Virtual Circuit Connection 1727 Verification (VCCV), A Control Channel for Pseudowires", 1728 RFC5085 December 2007. 1730 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1731 IANA Considerations section in RFCs", BCP 26, RFC 5226, May 2008 1733 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 1734 Requirement Levels", BCP 14, RFC 2119, March 1997. 1736 [RFC5003] C. Metz, L. Martini, F. Balus, J. Sugimoto, "Attachment 1737 Individual Identifier (AII) Types for Aggregation", RFC5003, 1738 September 2007. 1740 [RFC4379] K. Kompella, G. Swallow, "Detecting Multi-Protocol 1741 Label Switched (MPLS) Data Plane Failures", RFC4379, 1742 September 2007 1744 [RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP 1745 Specification", RFC 5036, October 2007. 1747 [RFC2277] H. Alvestrand, "IETF Policy on Character Sets and 1748 Languages", RFC 2277, January 1998 1750 16. Informative References 1752 [RFC4023] "Encapsulating MPLS in IP or Generic 1753 Routing Encapsulation (GRE)", Rosen, E, Rekhter, Y. 1754 RFC4023, March 2005. 1756 [RFC3985] "Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture" 1757 Bryant, et al., RFC 3985, March 2005. 1759 [RFC4623] "Pseudowire Emulation Edge-to-Edge (PWE3) Fragmentation 1760 and Reassembly", A. Malis, W. M. Townsley, RFC 4623, August 2006 1762 [RFC4667] "Layer 2 Virtual Private Network (L2VPN) 1763 Extensions for Layer 2 Tunneling Protocol (L2TP)", Luo, Wei, 1764 RFC4667, W. Luo, September 2006 1766 [RFC4454] "Asynchronous Transfer Mode (ATM) over Layer 2 1767 Tunneling Protocol Version 3 (L2TPv3)", Singh, Townsley, 1768 Pignataro, RFC4454, May 2006 1769 ( work in progress ), March 2004. 1771 [RFC4717] "Encapsulation Methods for Transport of (ATM) 1772 MPLS Networks", Martini et al., RFC4717, December 2006 1774 [RFC3438] W. M. Townsley, "Layer Two Tunneling Protocol 1775 (L2TP) Internet Assigned Numbers Authority (IANA) 1776 Considerations Update", December 2002, RFC3438 1778 [PW-MSG-MAP] "Pseudo Wire (PW) OAM Message Mapping", Nadeau et al, 1779 draft-ietf-pwe3-oam-msg-map-12.txt, ( work in progress ), 1780 March 2010 1782 [RFC3032] "MPLS Label Stack Encoding", RFC3032, January 2001 1784 [RFC5659] "An Architecture for Multi-Segment Pseudo Wire Emulation 1785 Edge-to-Edge", Bocci et al, RFC5659, October 2009. 1787 [RFC5254] "Requirements for Multi-Segment Pseudowire Emulation 1788 Edge-to-Edge (PWE3)", N. Bitar, M. Bocci, L. Martini, RFC5254, 1789 October 2008 1791 17. Author's Addresses 1793 Luca Martini 1794 Cisco Systems, Inc. 1795 9155 East Nichols Avenue, Suite 400 1796 Englewood, CO, 80112 1797 e-mail: lmartini@cisco.com 1799 Thomas D. Nadeau 1800 BT 1801 BT Centre 1802 81 Newgate Street 1803 London, EC1A 7AJ 1804 United Kingdom 1805 e-mail: tom.nadeau@bt.com 1807 Chris Metz 1808 Cisco Systems, Inc. 1809 e-mail: chmetz@cisco.com 1811 Matthew Bocci 1812 Alcatel-Lucent 1813 Grove House, Waltham Road Rd 1814 White Waltham, Berks, UK. SL6 3TN 1815 e-mail: matthew.bocci@alcatel-lucent.co.uk 1816 Mustapha Aissaoui 1817 Alcatel-Lucent 1818 600, March Road, 1819 Kanata, ON, Canada 1820 e-mail: mustapha.aissaoui@alcatel-lucent.com 1822 18. Additional Authors 1824 The following people also contributed text to this document: 1826 Florin Balus 1827 Alcatel-Lucent 1828 701 East Middlefield Rd. 1829 Mountain View, CA 94043 1830 e-mail: florin.balus@alcatel-lucent.com 1832 Mike Duckett 1833 Bellsouth 1834 Lindbergh Center 1835 D481 1836 575 Morosgo Dr 1837 Atlanta, GA 30324 1838 e-mail: mduckett@bellsouth.net 1840 Copyright Notice 1842 Copyright (c) 2010 IETF Trust and the persons identified as the 1843 document authors. All rights reserved. 1845 This document is subject to BCP 78 and the IETF Trust's Legal 1846 Provisions Relating to IETF Documents 1847 (http://trustee.ietf.org/license-info) in effect on the date of 1848 publication of this document. Please review these documents 1849 carefully, as they describe your rights and restrictions with respect 1850 to this document. Code Components extracted from this document must 1851 include Simplified BSD License text as described in Section 4.e of 1852 the Trust Legal Provisions and are provided without warranty as 1853 described in the Simplified BSD License. 1855 This document may contain material from IETF Documents or IETF 1856 Contributions published or made publicly available before November 1857 10, 2008. The person(s) controlling the copyright in some of this 1858 material may not have granted the IETF Trust the right to allow 1859 modifications of such material outside the IETF Standards Process. 1860 Without obtaining an adequate license from the person(s) controlling 1861 the copyright in such materials, this document may not be modified 1862 outside the IETF Standards Process, and derivative works of it may 1863 not be created outside the IETF Standards Process, except to format 1864 it for publication as an RFC or to translate it into languages other 1865 than English. 1867 Acknowledgments 1869 The authors wish to acknowledge the contributions of Satoru 1870 Matsushima, Wei Luo, Neil Mcgill, Skip Booth, Neil Hart, Michael Hua, 1871 and Tiberiu Grigoriu. 1873 Expiration Date: December 2010