Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)
The information below is for an old version of the document that is already published as an RFC.
This is an older version of an Internet-Draft that was ultimately published as RFC 4447.
|Last updated||2015-10-14 (Latest revision 2005-06-13)|
|RFC stream||Internet Engineering Task Force (IETF)|
|Additional resources||Mailing list discussion|
|IESG||IESG state||RFC 4447 (Proposed Standard)|
|Responsible AD||Mark Townsley|
|Send notices email@example.com, firstname.lastname@example.org|
Network Working Group Luca Martini (ED) Internet Draft Eric C. Rosen Expiration Date: December 2005 Cisco Systems, Inc. Nasser El-Aawar Toby Smith Level 3 Communications, LLC. Laurel Networks, Inc. Giles Heron Tellabs June 2005 Pseudowire Setup and Maintenance using the Label Distribution Protocol draft-ietf-pwe3-control-protocol-17.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract Layer 2 services (such as Frame Relay, Asyncronus Transfer Mode, Ethernet) can be "emulated" over an MPLS backbone by encapsulating the layer 2 Packet Data Units (PDU) and then transmitting them over "pseudowires". It is also possible to use pseudowires to provide low-rate Time Dividion Multiplexed and a Synchronous Optical NETworking circuit emulation over a MPLS enabled network. This Martini, et al. [Page 1] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 document specifies a protocol for establishing and maintaining the pseudowires, using extensions to Label Distribution Protocol (LDP). Procedures for encapsulating layer 2 PDUs are specified in a set of companion documents. Martini, et al. [Page 2] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Table of Contents 1 Specification of Requirements ........................ 4 2 Introduction ......................................... 4 3 The Pseudowire Label ................................. 6 4 Details Specific to Particular Emulated Services ..... 8 4.1 IP Layer2 Transport .................................. 8 5 LDP .................................................. 8 5.1 LDP Extensions ....................................... 9 5.2 The PWid FEC Element ................................. 9 5.3 The Generalized PWid FEC Element ..................... 11 5.3.1 Attachment Identifiers ............................... 12 5.3.2 Encoding the Generalized ID FEC Element .............. 13 126.96.36.199 Interface Parameters TLV ............................. 15 188.8.131.52 PW Grouping TLV ...................................... 15 5.3.3 Signaling Procedures ................................. 16 5.4 Signaling of Pseudo Wire Status ...................... 17 5.4.1 Use of Label Mappings Messages. ...................... 17 5.4.2 Signaling PW status. ................................. 18 5.4.3 Pseudowire Status Negotiation Procedures ............. 19 5.5 Interface Parameters sub-TLV ......................... 21 6 Control Word ......................................... 22 6.1 PW types for which the control word is REQUIRED ...... 22 6.2 PW types for which the control word is NOT mandatory . 22 6.3 LDP label Withdrawal procedures ...................... 23 6.4 Sequencing Considerations ............................ 24 6.4.1 Label Advertisements ................................. 24 6.4.2 Label Release ........................................ 25 7 IANA Considerations .................................. 25 7.1 LDP TLV TYPE ......................................... 25 7.2 LDP Status Codes ..................................... 25 7.3 FEC Type Name Space .................................. 26 8 Security Considerations .............................. 26 8.1 Data-plane Security .................................. 26 8.2 Control Protocol Security ............................ 27 9 Intellectual Property Statement ...................... 28 10 Full Copyright Statement ............................. 29 11 Acknowledgments ...................................... 29 12 Normative References ................................. 29 13 Informative References ............................... 29 14 Author Information ................................... 30 15 Additional Contributing Authors ...................... 31 Ap A C-bit Handling Procedures Diagram .................... 34 Martini, et al. [Page 3] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 1. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 2. Introduction In [FRAME], [ATM], and [ETH] it is explained how to encapsulate a layer 2 Protocol Data Unit (PDU) for transmission over an MPLS enabled network. Those documents specify that a "pseudowire header", consisting of a demultiplexor field, will be prepended to the encapsulated PDU. The pseudowire demultiplexor field is put on before transmitting a packet on a pseudowire. When the packet arrives at the remote endpoint of the pseudowire, the demultiplexor is what enables the receiver to identify the particular pseudowire on which the packet has arrived. To actually transmit the packet from one pseudowire endpoint to another, the packet may need to travel through a "Public switched Network (PSN) tunnel"; this will require an additional header to be prepended to the packet. Accompanying documents [CEP, SAToP] specify methods for transporting time division multiplexed (TDM) digital signals (TDM circuit emulation) over a packet-oriented MPLS enabled network. The transmission system for circuit-oriented TDM signals is the Synchronous Optical Network (SONET)[SDH]/Synchronous Digital Hierarchy (SDH) [ITUG]. To support TDM traffic, which includes voice, data, and private leased line service, the pseudowires must emulate the circuit characteristics of SONET/SDH payloads. The TDM signals and payloads are encapsulated for transmission over pseudowires. To this encapsulation is prepended a pseudowire demultiplexor and a PSN tunnel header. [SAToP] describe methods for transporting low-rate time division multiplexed (TDM) digital signals (TDM circuit emulation) over PSNs, while [CEP] similarly describes transport of high-rate TDM (SONET/SDH). To support TDM traffic the pseudowires must emulate the circuit characteristics of the original T1, E1, T3, E3, SONET or SDH signals. [SAToP] does this by encapsulating an arbitrary but constant amount of the TDM data in each packet, while the other methods encapsulate TDM structures. In this document, we specify the use of the MPLS Label Distribution Protocol, LDP [RFC3036], as a protocol for setting up and maintaining the pseudowires. In particular, we define new TLVs, FEC elements, parameters and codes for LDP, which enable LDP to identify pseudowires and to signal attributes of pseudowires. We specify how a Martini, et al. [Page 4] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 pseudowire endpoint uses these TLVs in LDP to bind a demultiplexor field value to a pseudowire, and how it informs the remote endpoint of the binding. We also specify procedures for reporting pseudowire status changes, passing additional information about the pseudowire as needed, and for releasing the bindings. In the protocol specified herein, the pseudowire demultiplexor field is an MPLS label. Thus the packets which are transmitted from one end of the pseudowire to the other are MPLS packets which must be transmitted through a MPLS tunnel. However if the pseudowire endpoints are immediately adjacent, and penultimate hop popping behaviour is in use, the MPLS tunnel may not be necessary. Any sort of PSN tunnel can be used, as long as it is possible to transmit MPLS packets through it. The PSN tunnel can itself be an MPLS LSP, or any other sort of tunnel which can carry MPLS packets. Procedures for setting up and maintaining the MPLS tunnels are outside the scope of this document. This document deals only with the setup and maintenance of point-to- point pseudowires. Neither point to multipoint nor multipoint to point pseudowires are discussed. QoS related issues are not discussed in this document. The following two figures describe the reference models which are derived from [RFC3985] to support the PW emulated services. |<-------------- Emulated Service ---------------->| | | | |<------- Pseudo Wire ------>| | | | | | |Attachment| |<-- PSN Tunnel -->| |Attachment| | Circuit V V V V Circuit | V (AC) +----+ +----+ (AC) V +-----+ | | PE1|==================| PE2| | +-----+ | |----------|............PW1.............|----------| | | CE1 | | | | | | | | CE2 | | |----------|............PW2.............|----------| | +-----+ ^ | | |==================| | | ^ +-----+ ^ | +----+ +----+ | | ^ | | Provider Edge 1 Provider Edge 2 | | | | | | Customer | | Customer Edge 1 | | Edge 2 | | native service native service Figure 1: PWE3 Reference Model Martini, et al. [Page 5] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 +-----------------+ +-----------------+ |Emulated Service | |Emulated Service | |(e.g., TDM, ATM) |<==== Emulated Service ===>|(e.g., TDM, ATM) | +-----------------+ +-----------------+ | Payload | | Payload | | Encapsulation |<====== Pseudo Wire ======>| Encapsulation | +-----------------+ +-----------------+ |PW Demultiplexer | |PW Demultiplexer | | PSN Tunnel, |<======= PSN Tunnel ======>| PSN Tunnel, | | PSN & Physical | | PSN & Physical | | Layers | | Layers | +-------+---------+ ___________ +---------+-------+ | / | +===============/ PSN ===============+ / _____________/ Figure 2: PWE3 Protocol Stack Reference Model For the purpose of this document, PE1 will be defined as the ingress router, and PE2 as the egress router. A layer 2 PDU will be received at PE1, encapsulated at PE1, transported, decapsulated at PE2, and transmitted out of PE2. 3. The Pseudowire Label Suppose it is desired to transport layer 2 PDUs from ingress LSR PE1 to egress LSR PE2, across an intervening MPLS enabled network. We assume that there is a MPLS tunnel from PE1 to PE2. That is, we assume that PE1 can cause a packet to be delivered to PE2 by encapsulating the packet in a "MPLS tunnel header" and sending the result to one of its adjacencies. The MPLS tunnel is an MPLS Label Switched Path (LSP), hence putting on a MPLS tunnel encapsulation is a matter of pushing on an MPLS label. We presuppose that a large number of pseudowires can be carried through a single MPLS tunnel. Thus it is never necessary to maintain state in the network core for individual pseudowires. We do not presuppose that the MPLS tunnels are point to point; although the pseudowires are point to point, the MPLS tunnels may be multipoint to point. We do not presuppose that PE2 will even be able to determine the MPLS tunnel through which a received packet was transmitted. (E.g., if the MPLS tunnel is an LSP, and penultimate hop popping is used, when the packet arrives at PE2 it will contain no information identifying the tunnel.) Martini, et al. [Page 6] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 When PE2 receives a packet over a pseudowire, it must be able to determine that the packet was in fact received over a pseudowire, and it must be able to associate that packet with a particular pseudowire. PE2 is able to do this by examining the MPLS label which serves as the pseudowire demultiplexor field shown in Figure 2. Call this label the "PW label". When PE1 sends a layer 2 PDU to PE2, it creates a MPLS packet by adding the PW label to the packet, thus creating the first entry of the label stack. If the PSN tunnel is an MPLS LSP the PE1 pushes another label (the tunnel label) on to the packet as the second entry of the label stack. The PW label is not visible again until the MPLS packet reaches PE2. PE2's disposition of the packet is based on the PW label. If the payload of the MPLS packet is, for example, an ATM AAL5 PDU, the PW label will generally correspond to a particular ATM VC at PE2. That is, PE2 needs to be able to infer from the PW label the outgoing interface and the VPI/VCI value for the AAL5 PDU. If the payload is a Frame Relay PDU, then PE2 needs to be able to infer from the PW label the outgoing interface and the DLCI value. If the payload is an Ethernet frame, then PE2 needs to be able to infer from the PW label the outgoing interface, and perhaps the VLAN identifier. This process is uni-directional, and will be repeated independently for bi- directional operation. It is REQUIRED to assign the same PW ID, and PW type for a given circuit in both directions. The group ID (see below) MUST NOT be required to match in both directions. The transported frame MAY be modified when it reaches the egress router. If the header of the transported layer 2 frame is modified, this MUST be done at the egress LSR only. Note that the PW label must always be at the bottom of the packet's label stack and labels MUST be allocated from the per-platform label space. This document does not specify a method for distributing the MPLS tunnel label or any other labels that may appear above the PW label on the stack. Any acceptable method of MPLS label distribution will do. This document specifies a protocol for assigning and distributing the PW label. This protocol is LDP, extended as specified in the remainder of this document. An LDP session must be set up between the pseudowire endpoints. LDP MUST be used in its "downstream unsolicited" mode. LDP's "liberal label retention" mode SHOULD be used. In addition to the protocol specified herein, static assignment of PW labels may be used, and implementations of this protocol SHOULD provide support for static assignment. Martini, et al. [Page 7] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 This document specifies all the procedures necessary to set up and maintain the pseudowires needed to support "unswitched" point to point services, where each endpoint of the pseudowire is provisioned with the identify of the other endpoint. There are also protocol mechanisms specified herein which can be used to support switched services, and which can be used to support other provisioning models. However, the use of the protocol mechanisms to support those other models and services is not described in this document. 4. Details Specific to Particular Emulated Services 4.1. IP Layer2 Transport This mode carries IP packets over a Pseudo-Wire. The encapsulation used is according to [RFC3032]. The PW control word MAY be inserted between the MPLS label stack and the IP payload. The encapsulation of the IP packets for forwarding on the attachment circuit is implementation specific, part of the NSP function [RFC3985], and is outside the scope of this document. 5. LDP The PW label bindings are distributed using the LDP downstream unsolicited mode described in [LDP]. The PEs will establish an LDP session using the Extended Discovery mechanism described in [LDP, section 2.4.2 and 2.5]. An LDP Label Mapping message contains a FEC TLV, a Label TLV, and zero or more optional parameter TLVs. The FEC TLV is used to indicate the meaning of the label. In the current context, the FEC TLV would be used to identify the particular pseudowire that a particular label is bound to. In this specification, we define two new FEC TLVs to be used for identifying pseudowires. When setting up a particular pseudowire, only one of these FEC TLVs is used. The one to be used will depend on the particular service being emulated and on the particular provisioning model being supported. LDP allows each FEC TLV to consist of a set of FEC elements. For setting up and maintaining pseudowires, however, each FEC TLV MUST contain exactly one FEC element. The LDP base specification has several kinds of label TLVs, including the Generic Label TLV as specified in [LDP] section 184.108.40.206. For setting up and maintaining pseudowires, the Generic Label TLV MUST be Martini, et al. [Page 8] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 used. 5.1. LDP Extensions This draft specifies no new LDP messages. This draft specifies the following new TLVs to be used with LDP: TLV Specified in Section Defined for Message PW Status TLV 5.4.2 Notification PW Interface Parameters TLV 220.127.116.11 FEC PW Grouping ID TLV 18.104.22.168 FEC Additionally the following new FEC element type are defined: FEC element Type Specified in Section Defined for Message 0x80 5.2 FEC 0x81 5.3 FEC The following new LDP error codes are also defined: Status Code Specified in Section "Illegal C-Bit" 6.1 "Wrong C-Bit" 6.2 "Incompatible bit-rate" [CEP] "CEP/TDM mis-configuration" [CEP] "PW status" 5.4.2 "Unassigned/Unrecognized TAI" 5.3.3 "Generic Misconfiguration Error" [SaTOP] "Label Withdraw PW Status Method Not Supported" 5.4.1 5.2. The PWid FEC Element The PWid FEC element may be used whenever both pseudowire endpoints have been provisioned with the same 32-bit identifier for the pseudowire. For this purpose a new type of FEC element is defined. The FEC element type is 0x80 [note1], and is defined as follows: Martini, et al. [Page 9] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PWid (0x80) |C| PW type |PW info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PW ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Parameter Sub-TLV | | " | | " | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - PW type A 15 bit quantity containing a value which represents the type of PW. Assigned Values are specified in "IANA Allocations for pseudo Wire Edge to Edge Emulation (PWE3)" [IANA]. - Control word bit (C) The bit (C) is used to flag the presence of a control word as follows: C = 1 control word present on this PW. C = 0 no control word present on this PW. Please see the section "C-Bit Handling Procedures" for further explanation. - PW information length Length of the PW ID field and the interface parameters sub-TLV in octets. If this value is 0, then it references all PWs using the specified group ID and there is no PW ID present, nor any interface parameter sub-TLVs. - Group ID An arbitrary 32 bit value which represents a group of PWs that is used to create groups in the PW space. The group ID is intended to be used as a port index, or a virtual tunnel index. To simplify configuration a particular PW ID at ingress could be part of the virtual tunnel for transport to the egress router. The Group ID is very useful to send wild card label withdrawals, or PW wild card status notification messages to remote PEs upon Martini, et al. [Page 10] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 physical port failure. - PW ID A non-zero 32-bit connection ID that together with the PW type, identifies a particular PW. Note that the PW ID and the PW type MUST be the same at both endpoints. - Interface Parameter Sub-TLV This variable length TLV is used to provide interface specific parameters, such as attachment circuit MTU. Note that as the "interface parameter sub-TLV" are part of the FEC, the rules of LDP make it impossible to change the interface parameters once the pseudowire has been set up. Thus the interface parameters field must not be used to pass information, such as status information, which may change during the life of the pseudowire. Optional parameter TLVs should be used for that purpose. Using the PWid FEC, each of the two pseudowire endpoints independently initiates the set up of a unidirectional LSP. An outgoing LSP and an incoming LSP are bound together into a single pseudowire if they have the same PW ID and PW type. 5.3. The Generalized PWid FEC Element The PWid FEC element can be used if a unique 32-bit value has been assigned to the PW, and if each endpoint has been provisioned with that value. The Generalized PWid FEC element requires that the PW endpoints be uniquely identified; the PW itself is identified as a pair of endpoints. In addition the endpoint identifiers are structured to support applications where the identity of the remote endpoints needs to be auto-discovered rather than statically configured. The "Generalized PWid FEC Element" is FEC type 0x81 (provisionally, subject to assignment by IANA). The Generalized PWid FEC Element does not contain anything corresponding to the "Group ID" of the PWid FEC element. The functionality of the "Group ID" is provided by a separate optional LDP TLV, the "PW Grouping TLV", described below. The Interface Parameters field of the PWid FEC element is also absent; its functionality is replaced by the optional Interface Parameters TLV, described below. Martini, et al. [Page 11] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 5.3.1. Attachment Identifiers As discussed in [RFC3985], a pseudowire can be thought of as connecting two "forwarders". The protocol used to setup a pseudowire must allow the forwarder at one end of a pseudowire to identify the forwarder at the other end. We use the term "attachment identifier", or "AI", to refer to the field which the protocol uses to identify the forwarders. In the PWid FEC, the PWid field serves as the AI. In this section we specify a more general form of AI which is structured and of variable length. Every Forwarder in a PE must be associated with an Attachment Identifier (AI), either through configuration or through some algorithm. The Attachment Identifier must be unique in the context of the PE router in which the Forwarder resides. The combination <PE router IP address, AI> must be globally unique. It is frequently convenient to regard a set of Forwarders as being members of a particular "group", where PWs may only be set up among members of a group. In such cases, it is convenient to identify the Forwarders relative to the group, so that an Attachment Identifier would consist of an Attachment Group Identifier (AGI) plus an Attachment Individual Identifier (AII). An Attachment Group Identifier may be thought of as a VPN-id, or a VLAN identifier, some attribute which is shared by all the Attachment PWs (or pools thereof) which are allowed to be connected. The details of how to construct the AGI and AII fields identifying the pseudowire endpoints are outside the scope of this specification. Different pseudowire application, and different provisioning models, will require different sorts of AGI and AII fields. The specification of each such application and/or model must include the rules for constructing the AGI and AII fields. As previously discussed, a (bidirectional) pseudowire consists of a pair of unidirectional LSPs, one in each direction. If a particular pseudowire connects PE1 with PE2, the PW direction from PE1 to PE2 can be identified as: <PE1, <AGI, AII1>, PE2, <AGI, AII2>>, and the PW direction from PE2 to PE1 can be identified by: <PE2, <AGI, AII2>, PE1, <AGI, AII1>>. Note that the AGI must be the same at both endpoints, but the AII will in general be different at each endpoint. Thus from the Martini, et al. [Page 12] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 perspective of a particular PE, each pseudowire has a local or "Source AII", and a remote or "Target AII". The pseudowire setup protocol can carry all three of these quantities: - Attachment Group Identifier (AGI). - Source Attachment Individual Identifier (SAII) - Target Attachment Individual Identifier (TAII) If the AGI is non-null, then the Source AI (SAI) consists of the AGI together with the SAII, and the Target AI (TAI) consists of the TAII together with the AGI. If the AGI is null, then the SAII and TAII are the SAI and TAI respectively. The interpretation of the SAI and TAI is a local matter at the respective endpoint. The association of two unidirectional LSPs into a single bidirectional pseudowire depends on the SAI and the TAI. Each application and/or provisioning model which uses the Generalized ID FEC element must specify the rules for performing this association. 5.3.2. Encoding the Generalized ID FEC Element FEC element type 0x81 [note1] is used. The FEC element is encoded as follows: Martini, et al. [Page 13] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Gen PWid (0x81)|C| PW Type |PW info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AGI Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ AGI Value (contd.) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AII Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ SAII Value (contd.) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AII Type | Length | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ TAII Value (contd.) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This document does not specify the AII, and AGI type field values; specification of the type field values to use for a particular application is part of the specification of that application. IANA will assign these values using the method defined in the [IANA] document. The SAII, TAII, and AGI are simply carried as octet strings. The length byte specifies the size of the Value field. The null string can be sent by setting the length byte to 0. If a particular application does not need all three of these sub-elements, it MUST send all the sub-elements, but set the length to 0 for the unused sub-elements. The PW information length field, contains the length of the SAII, TAII and, AGI combined in octets. If this value is 0, then it references all PWs using the specified grouping ID. In this case there are no other FEC element fields (AGI,SAII, etc. ) present, nor any interface parameters TLVs. Note that the interpretation of a particular field as AGI, SAII, or TAII depends on the order of its occurrence. The type field identifies the type of the AGI, SAII, or TAII. When comparing two occurrences of an AGI (or SAII or TAII), the two occurrences are considered to be identical if the type, length, and value fields of one are identical, respectively, to those of the other. Martini, et al. [Page 14] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 22.214.171.124. Interface Parameters TLV This TLV MUST only be used when sending the Generalized PW FEC. It specifies interface specific parameters. Specific parameters, when applicable, MUST be used to validate that the PEs, and the ingress and egress ports at the edges of the circuit, have the necessary capabilities to interoperate with each other. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0| PW Intf P. TLV (0x096B) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-TLV Type | Length | Variable Length Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length Value | | " | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [ note: TLV type 0x096B pending IANA allocation ] A more detailed description of this field can be found in the section "Interface Parameters Sub-TLV" below. 126.96.36.199. PW Grouping TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0|PW Grouping ID TLV (0x096C)| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [ note: TLV type 0x096C pending IANA allocation ] The PW Grouping ID is an arbitrary 32 bit value which represents an arbitrary group of PWs. It is used create groups PWs; for example, a PW Grouping ID can be used as a port index, and assigned to all PWs that lead to that port. Use of the PW Grouping ID enables one to send "wild card" label withdrawals, or "wild card" status notification messages to remote PEs upon physical port failure. Note Well: The PW Grouping ID is different than, and has no relation to, the Attachment Group Identifier. The PW Grouping ID TLV is not part of the FEC, and will not be Martini, et al. [Page 15] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 advertised except in the PW FEC advertisement. The advertising PE MAY use the wild card withdraw semantics, but the remote PEs MUST implement support for wildcard messages. This TLV MUST only be used when sending the Generalized PW ID FEC. To issue a wildcard command (status or withdraw): - Set the PW Info Length to 0 in the Generalized ID FEC Element. - Send only the PW Grouping ID TLV with the FEC (No AGI/SAII/TAII is sent). 5.3.3. Signaling Procedures In order for PE1 to begin signaling PE2, PE1 must know the address of the remote PE2, and a TAI. This information may have been configured at PE1, or it may have been learned dynamically via some autodiscovery procedure. The egress PE (PE1), that has knowledge of the ingress PE, initiates the setup by sending a Label Mapping Message to the ingress PE (PE2). The Label Mapping message contains the FEC TLV, carrying the Generalized PWid FEC Element (type 0x81). The Generalized PWid FEC element contains the AGI, SAII and TAII information. Next when PE2 receives such a Label Mapping message, PE2 interprets the message as a request to set up a PW whose endpoint (at PE2) is the Forwarder identified by the TAI. From the perspective of the signaling protocol, exactly how PE2 maps AIs to Forwarders is a local matter. In some Virtual Private Wire Services (VPWS) provisioning models, the TAI might, e.g., be a string which identifies a particular Attachment Circuit, such as "ATM3VPI4VCI5", or it might, e.g., be a string such as "Fred" which is associated by configuration with a particular Attachment Circuit. In VPLS, the AGI could be a VPN-id, identifying a particular VPLS instance. If PE2 cannot map the TAI to one of its Forwarders, then PE2 sends a Label Release message to PE1, with a Status Code of "Unassigned/Unrecognized TAI" , and the processing of the Label Mapping message is complete. [ note: Status Code 0x00000029 "Unassigned/Unrecognized TAI" as defined in [IANA] pending IANA allocation ] The FEC TLV sent in a Label Release message is the same as the FEC TLV received in the Label Mapping being released (but without the interface parameter TLV). More generally, the FEC TLV is the same in all LDP messages relating to the same PW. In a Label Release this Martini, et al. [Page 16] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 means that the SAII is the remote peer's AII and the TAII is the sender's local AII. If the Label Mapping Message has a valid TAI, PE2 must decide whether to accept it or not. The procedures for so deciding will depend on the particular type of Forwarder identified by the TAI. Of course, the Label Mapping message may be rejected due to standard LDP error conditions as detailed in [LDP]. If PE2 decides to accept the Label Mapping message, then it has to make sure that an PW LSP is set up in the opposite (PE1-->PE2) direction. If it has already signaled for the corresponding PW LSP in that direction, nothing more need be done. Otherwise, it must initiate such signaling by sending a Label Mapping message to PE1. This is very similar to the Label Mapping message PE2 received, but with the SAI and TAI reversed. Thus a bidirectional PW consists of two LSPs, where the FEC of one has the SAII and TAII reversed wiht respect of the FEC of the other. 5.4. Signaling of Pseudo Wire Status 5.4.1. Use of Label Mappings Messages. The PEs MUST send Label Mapping Messages to their peers as soon as the PW is configured and administratively enabled, regardless of the attachment circuit state. The PW label should not be withdrawn unless the operator administratively configures the pseudo wire down (or the PW configuration is deleted entirely). Using the procedures outlined in this section a simple label withdraw method MAY also be supported as a legacy means of signaling PW status and AC status. In any case if the label-to-PW binding is not available the PW MUST be considered in the down state. Once, the PW status negotiation procedures are completed and if they result in the use of the label withdraw method for PW status communication, and this method is not supported by one of the PEs, than that PE must send a Label Release Message to its peer with the following error: "Label Withdraw PW Status Method Not Supported" If the label withdraw method for PW status communication is selected for the PW, it will result in the Label Mapping Message being advertised only if the attachment circuit is active. The PW status signaling procedures described in this section MUST be fully implemented. Martini, et al. [Page 17] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 5.4.2. Signaling PW status. The PE devices use an LDP TLV to indicate status to their remote peers. This PW Status TLV contains more information than the alternative simple Label Withdraw message. The format of the PW Status TLV is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1|0| PW Status (0x096A) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [ note: TLV type 0x096A pending IANA allocation ] Where the status code is a 4 octet bit field is specified in the PW IANA Allocations document [IANA]. The length specifies the length of the Status Code field in octets (equal to 4). Each bit in the status code field can be set individually to indicate more then a single failure at once. Each fault can be cleared by sending an appropriate Notification message with the respective bit cleared. The presence of the lowest bit (PW Not Forwarding) acts only as a generic failure indication when there is a link-down event for which none of the other bits apply. The Status TLV is transported to the remote PW peer via the LDP Notification message. The general format of the Notification Message is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| Notification (0x0001) | Message Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status (TLV) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PW Status TLV | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PWId FEC TLV or Generalized ID FEC TLV | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Status TLV status code is set to 0x00000028 "PW status", to Martini, et al. [Page 18] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 indicate that PW status follows. Since this notification does not refer to any particular message the Message Id, and Message Type fields are set to 0. [ note: Status Code 0x00000028 as defined in [IANA] pending IANA allocation ] The PW FEC TLV SHOULD not include the interface parameter sub-TLVs as they are ignored in the context of this message. When a PE's attachment circuit encounters an error, use of the PW Notification Message allows the PE to send a single "wild card" status message, using a PW FEC TLV with only the group ID set, to denote this change in status for all affected PW connections. This status message contains either the PW FEC TLV with only the group ID set, or else it contains the Generalized FEC TLV with only the PW Grouping ID TLV. As mentioned above the Group ID field of the PWid FEC element, or the PW Grouping ID TLV used with the Generalized ID FEC element, can be used to send a status notification for all arbitrary sets of PWs. This procedure is OPTIONAL, and if it is implemented the LDP Notification message should be as follows: If the PWid FEC element is used, the PW information length field is set to 0, the PW ID field is not present, and the interface parameter sub-TLVs are not present. If the Generalized FEC element is used, the AGI, SAII, and TAII are not present,the PW information length field is set to 0, the PW Grouping ID TLV is included, and the Interface Parameters TLV is omitted. For the purpose of this document this is called the "wild card PW status notification procedure", and all PEs implementing this design are REQUIRED to accept such a notification message, but are not required to send it. 5.4.3. Pseudowire Status Negotiation Procedures When a PW is first set up the PEs MUST attempt to negotiate the usage of the PW status TLV. This is accomplished as follows: A PE that supports the PW Status TLV MUST include it the initial Label Mapping message following the PW FEC, and the interface parameter sub-TLVs. The PW Status TLV will then be used for the lifetime of the Pseudowire. This is shown in the following diagram: Martini, et al. [Page 19] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + PWId FEC or Generalized ID FEC + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface Parameters | | " | | " | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0| Generic Label (0x0200) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1|0| PW Status (0x0???) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ If a PW Status TLV is included in the initial Label Mapping message for a PW then if the Label Mapping message from the remote PE for that PW does not include a PW status TLV or if the remote PE does not support the PW Status TLV the PW will revert to the label withdraw method of signaling PW status. Note that if the PW Status TLV is not supported by the remote peer the peer will automatically ignore it since the I(ignore) bit is set in the TLV. The PW Status TLV, therefore, will not be present in the corresponding FEC advertisement from the remote LDP peer resulting in exactly the above behavior. If the PW Status TLV is not present following the FEC TLV in the initial PW Label Mapping message received by a PE, then the PW Status TLV will not be used and both PEs supporting the pseudowire will revert to the label withdraw procedure for signaling status changes. If the negotiation process results in the usage of the PW status TLV, then the actual PW status is determined by the PW status TLV that was sent within the initial PW Label Mapping message. Subsequent updates of PW status are conveyed through the notification message Martini, et al. [Page 20] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 5.5. Interface Parameters sub-TLV This field specifies interface specific parameters. When applicable, it MUST be used to validate that the PEs, and the ingress and egress ports at the edges of the circuit, have the necessary capabilities to interoperate with each other. The field structure is defined as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-TLV Type | Length | Variable Length Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length Value | | " | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The interface paramater sub-TLV type values are specified in "IANA Allocations for pseudo Wire Edge to Edge Emulation (PWE3)" [IANA]. The Length field is defined as the length of the interface parameter including the parameter id and length field itself. Processing of the interface parameters should continue when encountering unknown interface parameters and they MUST be silently ignored. - Interface MTU sub-TLV type A 2 octet value indicating the MTU in octets. This is the Maximum Transmission Unit, excluding encapsulation overhead, of the egress packet interface that will be transmitting the decapsulated PDU that is received from the MPLS enabled network. This parameter is applicable only to PWs transporting packets and is REQUIRED for these PW types. If this parameter does not match in both directions of a specific PW, that PW MUST NOT be enabled. - Optional Interface Description string sub-TLV type This arbitrary, OPTIONAL, interface description string is used to send a human-readable administrative string describing the interface to the remote. This parameter is OPTIONAL, and is applicable to all PW types. The interface description parameter string length is variable, and can be from 0 to 80 octets. Human-readable text MUST be provided in the UTF-8 charset using the Default Language [RFC2277]. Martini, et al. [Page 21] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 6. Control Word 6.1. PW types for which the control word is REQUIRED The Label Mapping messages which are sent in order to set up these PWs MUST have c=1. When a Label Mapping message for a PW of one of these types is received, and c=0, a Label Release message MUST be sent, with an "Illegal C-bit" status code. In this case, the PW will not be enabled. 6.2. PW types for which the control word is NOT mandatory If a system is capable of sending and receiving the control word on PW types for which the control word is not mandatory, then each such PW endpoint MUST be configurable with a parameter that specifies whether the use of the control word is PREFERRED or NOT PREFERRED. For each PW, there MUST be a default value of this parameter. This specification does NOT state what the default value should be. If a system is NOT capable of sending and receiving the control word on PW types for which the control word is not mandatory, then it behaves exactly as if it were configured for the use of the control word to be NOT PREFERRED. If a Label Mapping message for the PW has already been received, but no Label Mapping message for the PW has yet been sent, then the procedure is the following: -i. If the received Label Mapping message has c=0, send a Label Mapping message with c=0, and the control word is not used. -ii. If the received Label Mapping message has c=1, and the PW is locally configured such that the use of the control word is preferred, then send a Label Mapping message with c=1, and the control word is used. -iii. If the received Label Mapping message has c=1, and the PW is locally configured such that the use of the control word is not preferred or the control word is not supported, then act as if no Label Mapping message for the PW had been received (i.e., proceed to the next paragraph). If a Label Mapping message for the PW has not already been received (or if the received Label Mapping message had c=1 and either local configuration says that the use of the control word is not preferred or the control word is not supported), then send a Label Mapping message in which the c bit is set to correspond to the locally configured preference for use of the control word. (I.e., set c=1 if locally configured to prefer the control word, set c=0 if locally Martini, et al. [Page 22] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 configured to prefer not to use the control word or if the control word is not supported). The next action depends on what control message is next received for that PW. The possibilities are: -i. A Label Mapping message with the same c bit value as specified in the Label Mapping message that was sent. PW setup is now complete, and the control word is used if c=1 but not used if c=0. -ii. A Label Mapping message with c=1, but the Label Mapping message that was sent has c=0. In this case, ignore the received Label Mapping message, and continue to wait for the next control message for the PW. -iii. A Label Mapping message with c=0, but the Label Mapping message that was sent has c=1. In this case, send a Label Withdraw message with a "Wrong C-bit" status code, followed by a Label Mapping message that has c=0. PW setup is now complete, and the control word is not used. -iv. A Label Withdraw message with the "Wrong c-bit" status code. Treat as a normal Label Withdraw, but do not respond. Continue to wait for the next control message for the PW. If at any time after a Label Mapping message has been received, a corresponding Label Withdraw or Release is received, the action taken is the same as for any Label Withdraw or Release that might be received at any time. If both endpoints prefer the use of the control word, this procedure will cause it to be used. If either endpoint prefers not to use the control word, or does not support the control word, this procedure will cause it not to be used. If one endpoint prefers to use the control word but the other does not, the one that prefers not to use it is has no extra protocol to execute, it just waits for a Label Mapping message that has c=0. The diagram in Appendix A illustrates the above procedure. 6.3. LDP label Withdrawal procedures As mentioned above, the Group ID field of the PWid FEC element, or the PW Grouping ID TLV used with the Generalized ID FEC element, can be used to withdraw all PW labels associated with a particular PW group. This procedure is OPTIONAL, and if it is implemented the LDP Label Withdraw message should be as follows: If the PWid FEC element is used, the PW information length field is set to 0, the PW ID field is not present, and the interface parameter sub-TLVs are not present. Martini, et al. [Page 23] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 If the Generalized FEC element is used, the AGI, SAII, and TAII are not present,the PW information length field is set to 0, the PW Grouping ID TLV is included, and the Interface Parameters TLV is omitted. For the purpose of this document this is called the "wild card withdraw procedure", and all PEs implementing this design are REQUIRED to accept such withdrawn message, but are not required to send it. Note that the PW Grouping ID TLV only applies to PW using the Generalized ID FEC element, while the Group ID only applies to PWid FEC element. The interface parameter sub-TLVs, or TLV, MUST NOT be present in any LDP PW Label Withdraw or Label Release message. A wildcard Label Release message MUST include only the group ID, or Grouping ID TLV. A Label Release message initiated a PE router must always include the PW ID. 6.4. Sequencing Considerations In the case where the router considers the sequence number field in the control word, it is important to note the following when advertising labels 6.4.1. Label Advertisements After a label has been withdrawn by the output router and/or released by the input router, care must be taken to not advertise (re-use) the same released label until the output router can be reasonably certain that old packets containing the released label no longer persist in the MPLS enabled network. This precaution is required to prevent the imposition router from restarting packet forwarding with sequence number of 1 when it receives a Label Mapping message that binds the same FEC to the same label if there are still older packets persisting in the network with sequence number between 1 and 32768. For example, if there is a packet with sequence number=n where n is in the interval[1,32768] traveling through the network, it would be possible for the disposition router to receive that packet after it re-advertises the label. Since the label has been released by the imposition router, the disposition router SHOULD be expecting the next packet to arrive with sequence number to be 1. Receipt of a packet with sequence number equal to n will result in n packets potentially being rejected by the disposition router until the imposition router imposes a sequence number of n+1 into a packet. Possible methods to avoid this is for the disposition router to always advertise a different PW label, or for the disposition router to wait for a sufficient time Martini, et al. [Page 24] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 before attempting to re-advertised a recently released label. This is only an issue when sequence number processing at the disposition router is enabled. 6.4.2. Label Release In situations where the imposition router wants to restart forwarding of packets with sequence number 1, the router shall 1) Send to disposition router a Label Release Message, and 2) Send to disposition router a Label Request message. When sequencing is supported, advertisement of a PW label in response to a Label Request message MUST also consider the issues discussed in the section on Label Advertisements. 7. IANA Considerations 7.1. LDP TLV TYPE This document uses several new LDP TLV types, IANA already maintains a registry of name "TLV TYPE NAME SPACE" defined by RFC3036. The following values are suggested for assignment: TLV type Description 0x096A PW Status TLV 0x096B PW Interface Parameters TLV 0x096C Group ID TLV 7.2. LDP Status Codes This document uses several new LDP status codes, IANA already maintains a registry of name "STATUS CODE NAME SPACE" defined by RFC3036. The following values are suggested for assignment: 0x00000024 "Illegal C-Bit" 0x00000025 "Wrong C-Bit" 0x00000026 "Incompatible bit-rate" 0x00000027 "CEP/TDM mis-configuration" 0x00000028 "PW status" 0x00000029 "Unassigned/Unrecognized TAI" 0x0000002A "Generic Misconfiguration Error" 0x0000002B "Label Withdraw PW Status Method Not Supported" Martini, et al. [Page 25] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 7.3. FEC Type Name Space This document uses two new FEC element types, 0x80 and 0x81 from the registry "FEC Type Name Space" for the Label Distribution Protocol (LDP RFC3036). 8. Security Considerations This document specifies the LDP extensions that are needed for setting up and maintaining Pseudowires. The purpose of setting up Pseudowires is to enable layer 2 frames to be encapsulated in MPLS and transmitted from one end of a Pseudowire to the other. Therefore we treat the security considerations for both the data plane and the control plane. 8.1. Data-plane Security With regard to the security of the data plane, the following areas must be considered: - MPLS PDU inspection. - MPLS PDU spoofing. - MPLS PDU alteration. - MPLS PSN protocol security. - Access Circuit security. - Denial of service prevention on the PE routers. When a MPLS PSN is used to provide pseudowire service, there is a perception that security MUST be at least equal to the currently deployed layer2 native protocol networks that the MPLS/PW network combination is emulating. This means that the MPLS enabled network SHOULD be isolated from outside packet insertion in such a way that it SHOULD not be possible to directly insert an MPLS packet into the network. To prevent unwanted packet insertion, it is also important to prevent unauthorized physical access to the PSN as well as unauthorized administrative access to individual network elements. As mentioned above, as MPLS enabled network, should not accept MPLS packets from its external interfaces (i.e. interfaces to CE devices or to other providers' networks) unless the top label of the packet was legitimately distributed to the system from which the packet is being received. If the packet's incoming interface leads to a different SP (rather than to a customer), an appropriate trust relationship must also be present, including the trust that the other SP also provides appropriate security measures. Martini, et al. [Page 26] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 The three main security problems faced when using an MPLS enabled network to transport PWs are spoofing, alteration, and inspection. First there is a possibility that the PE receiving PW PDUs will get a PDU which appears to be from the PE transmitting the PW into the PSN, but which was not actually transmitted by the PE originating the PW. (I.e., the specified encapsulations do not by themselves enable the decapsulator to authenticate the encapsulator.) A second problem is the possibility that the PW PDU will be altered between the time it enters PSN and the time it leaves the PSN. (I.e., the specified encapsulations do not by themselves assure the decapsulator of the packet's integrity.) A third problem is the possibility that the PDU's contents will be seen while the PDU is in transit through the PSN. (I.e., the specification encapsulations do not ensure privacy.) How significant these issues are in practice depends on the security requirements of the applications whose traffic is being sent through the tunnel, and how secure is the PSN itself. 8.2. Control Protocol Security General security considerations with regard to the use of LDP are specified in section 5 of RFC 3036. Those considerations apply as well to the case where LDP is used to set up Pseudowires. A Pseudowire connects two attachment circuits. It is important to make sure that LDP connections are not arbitrarily accepted from anywhere, or else a local attachment circuit might get connected to an arbitrary remote attachment circuit. Therefore an incoming LDP session request MUST NOT be accepted unless its IP source address is known to be the source of an "eligible" LDP peer. The set of eligible peers could be pre-configured (either as a list of IP addresses, or as a list of address/mask combinations), or it could be discovered dynamically via an auto-discovery protocol which is itself trusted. (Obviously if the auto-discovery protocol were not trusted, the set of "eligible peers" it produces could not be trusted.) Even if an LDP connection request appears to come from an eligible peer, its source address may have been spoofed. So some means of preventing source address spoofing must be in place. For example, if all the eligible peers are in the same network, source address filtering at the border routers of that network could eliminate the possibility of source address spoofing. The LDP MD5 authentication key option, as described in section 2.9 of RFC 3036, MUST be implemented, and for a greater degree of security it must be used. This provides integrity and authentication for the LDP messages, and eliminates the possibility of source address spoofing. Use of the MD5 option does not provide privacy, but privacy Martini, et al. [Page 27] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 of the LDP control messages is not usually considered to be important. As the MD5 option relies on the configuration of pre- shared keys, it does not provide much protection against replay attacks. In addition, its reliance on pre-shared keys may make it very difficult to deploy when the set of eligible neighbors is determined by an auto-configuration protocol. When the Generalized ID FEC Element is used, it is possible that a particular LDP peer may be one of the eligible LDP peers, but may not be the right one to connect to the particular attachment circuit identified by the particular instance of the Generalized ID FEC element. However, given that the peer is known to be one of the eligible peers (as discussed above), this would be the result of a configuration error, rather than a security problem. Nevertheless, it may be advisable for a PE to associate each of its local attachment circuits with a set of eligible peers, rather than having just a single set of eligible peers associated with the PE as a whole. 9. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- email@example.com. Martini, et al. [Page 28] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 10. Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 11. Acknowledgments The authors wish to acknowledge the contributions of Vach Kompella, Vanson Lim, Wei Luo, Himanshu Shah, and Nick Weeds. 12. Normative References [LDP] "LDP Specification." L. Andersson, P. Doolan, N. Feldman, A. Fredette, B. Thomas. January 2001. RFC3036 [RFC3032] "MPLS Label Stack Encoding", E. Rosen, Y. Rekhter, D. Tappan, G. Fedorkow, D. Farinacci, T. Li, A. Conta. RFC3032 [IANA] "IANA Allocations for pseudo Wire Edge to Edge Emulation (PWE3)" Martini,Townsley, draft-ietf-pwe3-iana-allocation-08.txt (work in progress), April 2004 13. Informative References [CEP] "SONET/SDH Circuit Emulation Service Over Packet (CEP)", draft-ietf-pwe3-sonet-11.txt (work in progress) [SAToP] "Structure-Agnostic TDM over Packet (SAToP)", draft-ietf-pwe3-satop-01.txt (work in progress) [FRAME] "Frame Relay over Pseudo-Wires", draft-ietf-pwe3-frame-relay-02.txt (work in progress ) [ATM] "Encapsulation Methods for Transport of ATM Cells/Frame Over IP and MPLS Networks", draft-ietf-pwe3-atm-encap-05.txt (work in progress) Martini, et al. [Page 29] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 [PPPHDLC] "Encapsulation Methods for Transport of PPP/HDLC Frames Over IP and MPLS Networks", draft-ietf-pwe3-hdlc-ppp-encap-05.txt (work in progress) [ETH] "Encapsulation Methods for Transport of Ethernet Frames Over IP/MPLS Networks", draft-ietf-pwe3-ethernet-encap-06.txt. (work in progress) [802.3] "IEEE 802.3ac-1998" IEEE standard specification. [SDH] American National Standards Institute, "Synchronous Optical Network Formats," ANSI T1.105-1995. [ITUG] ITU Recommendation G.707, "Network Node Interface For The Synchronous Digital Hierarchy", 1996. [RFC3985] "PWE3 Architecture" Bryant, et al., RFC3985. [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations section in RFCs", BCP 26, RFC 2434, October 1998. [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and Languages", BCP 18, RFC 2277, January 1998. [note1] FEC element type 0x80,0x81 is pending IANA approval. 14. Author Information Luca Martini Cisco Systems, Inc. 9155 East Nichols Avenue, Suite 400 Englewood, CO, 80112 e-mail: firstname.lastname@example.org Nasser El-Aawar Level 3 Communications, LLC. 1025 Eldorado Blvd. Broomfield, CO, 80021 e-mail: email@example.com Martini, et al. [Page 30] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Giles Heron Tellabs Abbey Place 24-28 Easton Street High Wycombe Bucks HP11 1NT UK e-mail: firstname.lastname@example.org Eric C. Rosen Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719 e-mail: email@example.com Dan Tappan Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719 e-mail: firstname.lastname@example.org Toby Smith Omega Corporate Center 1300 Omega Drive Pittsburgh, PA 15205 Laurel Networks, Inc. e-mail: email@example.com 15. Additional Contributing Authors Dimitri Stratton Vlachos Mazu Networks, Inc. 125 Cambridgepark Drive Cambridge, MA 02140 e-mail: firstname.lastname@example.org Martini, et al. [Page 31] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Jayakumar Jayakumar, Cisco Systems Inc. 225, E.Tasman, MS-SJ3/3, San Jose, CA, 95134 e-mail: email@example.com Alex Hamilton, Cisco Systems Inc. 285 W. Tasman, MS-SJCI/3/4, San Jose, CA, 95134 e-mail: firstname.lastname@example.org Steve Vogelsang Laurel Networks, Inc. Omega Corporate Center 1300 Omega Drive Pittsburgh, PA 15205 e-mail: email@example.com John Shirron Omega Corporate Center 1300 Omega Drive Pittsburgh, PA 15205 Laurel Networks, Inc. e-mail: firstname.lastname@example.org Andrew G. Malis Tellabs 90 Rio Robles Dr. San Jose, CA 95134 e-mail: Andy.Malis@tellabs.com Vinai Sirkay Reliance Infocomm Dhirubai Ambani Knowledge City Navi Mumbai 400 709 e-mail: email@example.com Martini, et al. [Page 32] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Vasile Radoaca Nortel Networks 600 Technology Park Billerica MA 01821 e-mail: firstname.lastname@example.org Chris Liljenstolpe Cable & Wireless 11700 Plaza America Drive Reston, VA 20190 e-mail: email@example.com Dave Cooper Global Crossing 960 Hamlin Court Sunnyvale, CA 94089 e-mail: firstname.lastname@example.org Kireeti Kompella Juniper Networks 1194 N. Mathilda Ave Sunnyvale, CA 94089 e-mail: email@example.com Martini, et al. [Page 33] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Ap A C-bit Handling Procedures Diagram ------------------ Y | Received Label | N -------| Mapping Msg? |-------------- | ------------------ | -------------- | | | | ------- ------- | | C=0 | | C=1 | | ------- ------- | | | | | ---------------- | | | Control Word | N | | | Capable? |----------- | | ---------------- | | | Y | | | | | | | | ---------------- | | | | Control Word | N | | | | Preferred? |---- | | | ---------------- | | | | Y | | | | | | | | ---------------- | | | | | Control Word | | | | | | Preferred? | | | | | ---------------- | | | | N | Y | | | | | | | Send Send Send Send Send Send C=0 C=1 C=0 C=0 C=0 C=1 | | | | ---------------------------------- | If receive the same as sent, | | PW setup is complete. If not: | ---------------------------------- | | | | ------------------- ----------- | Receive | | Receive | | C=1 | | C=0 | ------------------- ----------- | | Wait for the Send next message Wrong C-Bit | Send Label Mapping Message Martini, et al. [Page 34] Internet Draft draft-ietf-pwe3-control-protocol-17.txt June 2005 Martini, et al. [Page 35]