Network Working Group                                Sami Boutros (Ed.)
Internet Draft                                     Siva Sivabalan (Ed.)
Intended status: Standards Track                     Cisco Systems, Inc.
Expires: March 2, 2012
                                                   Rahul Aggarwal (Ed.)
                                                 Juniper Networks, Inc.

                                                 Martin Vigoureux (Ed.)
                                                         Alcatel-Lucent

                                                       Xuehui Dai (Ed.)
                                                        ZTE Corporation

                                                      September 2, 2011


        MPLS Transport Profile lock Instruct and Loopback Functions
                      draft-ietf-mpls-tp-li-lb-04.txt


Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on March 2, 2012.



Abstract




Boutros                 Expires March 2, 2012                  [Page 1]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011

     This document specifies one function and describes a second
     function which are applicable to MPLS transport networks. The first
     function enables an operator to lock a transport path while the
     second enables an operator to set, in loopback, a given node along
     a transport path. This document also defines the extension to MPLS
     operation, administration, and maintenance (OAM) to perform the
     lock function.

Table of Contents

   1. Introduction...................................................2
   2. Terminology....................................................4
   3. Lock Message...................................................5
      3.1. Message Identification....................................5
      3.2. LI Message Format.........................................5
   4. Lock, Loopback and maintenance operations......................6
   5. Operation......................................................6
      5.1. Lock Operation............................................6
      5.2. UnLock Operation..........................................7
      5.3. General Procedures........................................7
      5.4. Example Topology..........................................7
      5.5. Locking a transport path..................................8
      5.6. UnLocking a transport path................................8
   6. Security Considerations........................................8
   7. IANA Considerations............................................9
      7.1. Pseudowire Associated Channel Type........................9
   8. Acknowledgements...............................................9
   9. References.....................................................9
      9.1. Normative References......................................9
      9.2. Informative References...................................10
   Author's Addresses...............................................10
   Full Copyright Statement.........................................11
   Intellectual Property Statement..................................12



1. Introduction

   This document specifies one function and describes another function
   which are applicable to MPLS transport networks.

   The first function enables an operator to lock a transport path.  The
   second function enables an operator to set that transport path in
   loopback at a specified node along the path. This document also
   defines the extensions to the MPLS operation, administration and
   maintenance (OAM) to perform the lock function.

Boutros                 Expires March 2, 2012                  [Page 2]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011


   The Lock function pertains to Label Switched Paths (LSPs),
   Pseudowires(including multi-segment Pseudowires) and Sections. As per
   RFC 5860 [1], lock is an administrative state in which it is expected
   that no client traffic may be carried.
   However, test traffic and OAM messages dedicated to the transport
   path can be mapped on that transport path.

   Taking the example of an LSP, lock is initiated by an operator.
   Typically when an LSP is locked, both ends of the LSP are
   independently locked by the operator. It is often difficult to
   coordinate these lock operations within a tight window. This document
   defines a new OAM message, Lock Instruct (LI) in order to provide the
   desired tight coordination.

   When an endpoint of an LSP or PW is locked by an operator, the MEP
   sends LI messages to its peer MEP. An endpoint considers the LSP to
   be locked when either it receives an external operator command or
   when it receives an LI message.

   The Lock function can be performed using an extension to the MPLS OAM
   as described in the next sections. This is a common mechanism to lock
   PWs, LSPs and Sections.

   The Lock function can as well be realized using a management plane.

   The Loopback function is operated by NMS from MEP to MEP on
   bidirectional (associated and co-routed) Label Switched Paths (LSPs),
   Pseudowires (including multi-segment Pseudowires) and Sections. The
   Loopback function is additionally operated from MEP to MIP on co-
   routed bidirectional LSPs, on multi-segment Pseudowires and Sections.
   The Loopback is a function that enables a MEP to request a MEP or a
   MIP to enter a loopback state. This state corresponds to the
   situation where, at a given node, a forwarding plane loop is
   configured and the incoming direction of a transport path is cross-
   connected to the outgoing reverse direction. Therefore, except in the
   case of early TTL expiry, traffic sent by the source will be received
   by that source. Note that before setting a given node in Loopback for
   a specific transport path, this transport path MUST be locked.

   Data plane loopback is an out-of-service function, as required in
   section 2.2.5 of RFC 5860 [1]. This function loops back all traffic
   (including user data and OAM). The traffic can be originated from one

Boutros                 Expires March 2, 2012                  [Page 3]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   internal point at the ingress of a transport path within an interface
   or inserted from input port of an interface using an external test
   equipment. The traffic is looped back unmodified (other than normal
   per hop processing such as TTL decrement) in the direction of the
   point of origin by an interface at either an intermediate node or a
   terminating node. It should be noted that data plane loopback
   function itself is applied to data plane loopback points that can
   resides on different interfaces from MIPs/MEPs. All traffic
   (including both payload and OAM) received on the looped back
   interface is sent on the reverse direction of the transport path.

   If the data plane loopback point is set somewhere at an intermediate
   point in bidirectional transport path, the side of loop back function
   (one side or both side) needs to be configured. A management system
   can configure one side or both sides to loopback at an intermediate
   point.

   The Loopback can be performed using a management plane. Management
   plane MUST insure that the two MEPs are locked before performing the
   loopback function.


   The Lock function is based on a new G-ACH message using a new channel
   type as well as an existing TLV.

   When an LSP is locked, the management or control function is expected
   to lock both ends. The purpose of the Lock instruct LI message is to
   ensure the tight coordination of locking and unlocking the two ends.
   Lock Instruct messages may be lost during looping or maintenance
   operations, thus locking both ends is required, before such
   operations occur.



   Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [2].

2. Terminology

   ACH: Associated Channel Header

   LSR: Label Switching Router


Boutros                 Expires March 2, 2012                  [Page 4]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   MEP: Maintenance Entity Group End Point

   MIP: Maintenance Entity Group Intermediate Point.

   MPLS-TP: MPLS Transport Profile

   MPLS-OAM: MPLS Operations, Administration and Maintenance

   MPLS-TP LSP: Bidirectional Label Switch Path

   NMS: Network Management System

   TLV: Type Length Value

   TTL: Time To Live

   LI: Lock Instruct

   Transport path: MPLS-TP LSP or MPLS Pseudowire.

3. Lock Message

3.1. Message Identification

   The proposed mechanism uses a new code point in the Associated
   Channel Header (ACH) described in [4].

  The LI channel is identified by the ACH as defined in RFC 5586 [4]
  with the Channel Type set to the LI code point = 0xHH.  [HH to be
  assigned by IANA from the PW Associated Channel Type registry]  The
  LI Channel does not use ACH TLVs and MUST NOT include the ACH TLV
  header. The LI ACH Channel is shown below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 1|Version|Reserved       |    0xHH (LI)                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 1: ACH Indication of LI

   The LI Channel is 0xHH (to be assigned by IANA)

3.2. LI Message Format

   The format of an LI Message is shown below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Boutros                 Expires March 2, 2012                  [Page 5]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Vers  | Reserved                              | Refresh Timer |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        MEP Source ID TLV                      |
   ~                                                               ~
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 2: MPLS LI Message Format

   Version: The Version Number is currently 1.  (Note: the version
   number is to be incremented whenever a change is made that affects
   the ability of an implementation to correctly parse or process the
   message. These changes include any syntactic or semantic changes made
   to any of the fixed fields, or to any Type-Length-Value (TLV) or sub-
   TLV assignment or format that is defined at a certain version number.
   The version number may not need to be changed if an optional TLV or
   sub-TLV is added.)

   Refresh Timer: The maximum time between successive LI messages
   specified in seconds.  The default value is 1.  The value 0 is not
   permitted. When a lock is applied, a refresh timer is chosen.  This
   value MUST NOT be changed for the duration of that lock.

   MEP Source ID TLV: This is the "CC/CV MEP ID TLV" defined in [3].

4. Lock, Loopback and maintenance operations

   When an LSP is locked, the management or control function is expected
   to lock both ends. The purpose of the LI message is to ensure the
   tight coordination of locking and unlocking the two ends.  LI
   messages may be lost during looping or maintenance operations, thus
   locking both ends is required, before such operations occur.

   When a transport path is put in loopback, traffic sent from the
   sender MEP will be looped back to that sender MEP. OAM packets not
   intercepted by TTL expiry will as well be looped back. The use of
   traffic to measure packet loss, delay and delay variation is outside
   the scope of this document.

5. Operation

5.1. Lock Operation

   Lock is used to request a MEP to take a transport path out of service
   so that some form of maintenance can be done or other administrative
   reasons.

   When performing a lock, a sender MEP in response to a management
   system request MUST take the transport path out of service and MUST
   send LI messages periodically to the target MEP at the end of the

Boutros                 Expires March 2, 2012                  [Page 6]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   transport path. LI messages will be sent once every refresh time
   interval.

   The receiver MEP, will lock the transport path as long as it is
   receiving the periodic LI messages.

   The receiver MEP once locked, MUST take the transport path out of
   service.

   A MEP can be locked because it was requested by NMS to lock and as
   such it is sending LI OAM messages, and/or it is receiving OAM LI
   messages from the other MEP.

5.2. UnLock Operation

   Unlock is used to request a MEP to bring the previously locked
   transport path back in service.

   When a MEP is unlocked via management or control it MUST cease
   sending LI messages. Further, it must have stopped receiving LI
   messages for a period of 3.5 times the previously received refresh
   timer before it brings the transport path back in service.

   A MEP would unlock transport path and put it back to service if and
   only if there is no management request to lock the path and it is not
   receiving in-band LI messages.

   A MEP is unlocked when there is no NMS request to Lock and no LI OAM
   messages are received.

5.3. General Procedures

   When taking a transport path out of service, the operation MUST first
   be preceded by a lock operation.

5.4. Example Topology

   The next sections discuss the procedures for locking, Unlocking a
   transport path.  Assume a transport path traverses nodes A <--> B <--
   > C <--> D.  We will refer to the Maintenance Entities involved as
   MEP-A, MIP-B, MIP-C, and MEP-D respectively. Suppose a maintenance
   operation invoked at MEP-A requires to lock the transport path.

   The following sections describe MEP-A setting and unsetting a lock at
   MEP-D.






Boutros                 Expires March 2, 2012                  [Page 7]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
5.5. Locking a transport path

   1. MEP-A sends an in-band LI Message in response to a Management
   system request to lock the transport path. The message will include
   the source MEP-ID TLV.

   2. Upon receiving the LI message, D uses the received label stack and
   the source MEP-ID as per [3] to identify the transport path. If no
   label binding exists or there is no associated transport path back to
   the originator, or if the source MEP-ID does not match, the event is
   logged.  Processing ceases. Otherwise the message is processed.



5.6. UnLocking a transport path

   1. In response to a Management system request to unlock the transport
   path MEP-A stops sending LI Messages.

   2. After 3.5 times the refresh timer, both sender MEP A and receive
   MEP D unlock the transport path and put the transport path back in
   service.



6. Security Considerations

   MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
   the security model of MPLS. MPLS networks make the assumption that it
   is very hard to inject traffic into a network, and equally hard to
   cause traffic to be directed outside the network. The control plane
   protocols utilize hop-by-hop security, and assume a "chain-of-trust"
   model such that end-to-end control plane security is not used. For
   more information on the generic aspects of MPLS security, see [6].

   This document describes a protocol carried in the G-ACh [4], and so
   is dependent on the security of the G-ACh, itself. The G-ACh is a
   generalization of the Associated Channel defined in [7]. Thus, this
   document relies heavily on the security mechanisms provided for the
   Associated Channel and described in those two documents.

   A specific concern for the G-ACh is that is can be used to provide a
   covert channel. This problem is wider than the scope of this
   document and does not need to be addressed here, but it should be
   noted that the channel provides end-to-end connectivity and SHOULD
   NOT be policed by transit nodes. Thus, there is no simple way of
   preventing any traffic being carried between in the G-ACh consenting
   nodes.



Boutros                 Expires March 2, 2012                  [Page 8]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   A good discussion of the data plane security of an associated channel
   may be found in [5]. That document also describes some mitigation
   techniques.

   It should be noted that the G-ACh is essentially connection-oriented
   so injection or modification of control messages specified in this
   document require the subversion of a transit node. Such subversion is
   generally considered hard in MPLS networks, and impossible to protect
   against at the protocol level. Management level techniques are more
   appropriate.

7. IANA Considerations

7.1. Pseudowire Associated Channel Type

   LI OAM requires a unique Associated Channel Type which is assigned by
   IANA from the Pseudowire Associated Channel Types Registry.

   Registry:
      Value        Description              TLV Follows  Reference
      -----------  -----------------------  -----------  ---------
      0xHHHH       LI                       No           (Section 3.1)



8. Acknowledgements

   The authors would like to thank Loa Andersson, Yoshinori Koike,
   D'Alessandro Alessandro Gerardo, Shahram Davari, Greg Mirsky, Yaacov
   Weingarten, Liu Guoman, Matthew Bocci, Stewart Bryant and Adrian
   Farrel for their valuable comments.

9. References

9.1. Normative References

   [1]   Vigoureux, M., Ward, D., and M. Betts, "Requirements for
         Operations, Administration, and Maintenance (OAM) in MPLS
         Transport Networks", RFC 5860, May 2010.

   [2]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [3]   D. Allan, et. al., Proactive Connectivity Verification,
         Continuity Check and Remote Defect indication for MPLS
         Transport Profile draft-ietf-mpls-tp-cc-cv-rdi-06, work in
         progress, June 2010

   [4]   Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
         Associated Channel", RFC 5586, June 2009.

Boutros                 Expires March 2, 2012                  [Page 9]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   [5]   T. Nadeau, C. Pignataro, "Pseudowire Virtual Circuit
         Connectivity Verification (VCCV): A Control Channel for
         Pseudowires", RFC 5085, Dec 2007.



9.2. Informative References

   [6]   L. Fang, "Security Framework for MPLS and GMPLS Networks", RFC
         5920, July 2010.

   [7]   S. Bryant, G. Swallow, L. Martini "Pseudowire Emulation Edge-
         to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC
         4385, Feb 2006.

Author's Addresses

    Sami Boutros
   Cisco Systems, Inc.
   Email: sboutros@cisco.com

   Siva Sivabalan
   Cisco Systems, Inc.
   Email: msiva@cisco.com

   Rahul Aggarwal
   Juniper Networks.
   EMail: rahul@juniper.net

   Martin Vigoureux
   Alcatel-Lucent.
   Email: martin.vigoureux@alcatel-lucent.com

   Xuehui Dai
   ZTE Corporation.
   Email: dai.xuehui@zte.com.cn

   George Swallow
   Cisco Systems, Inc.
   Email: swallow@cisco.com

   David Ward
   Juniper Networks.
   Email: dward@juniper.net

Boutros                 Expires March 2, 2012                 [Page 10]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011

   Stewart Bryant
   Cisco Systems, Inc.
   Email: stbryant@cisco.com

   Carlos Pignataro
   Cisco Systems, Inc.
   Email: cpignata@cisco.com

   Eric Osborne
   Cisco Systems, Inc.
   Email: eosborne@cisco.com

   Nabil Bitar
   Verizon.
   Email: nabil.bitar@verizon.com

   Italo Busi
   Alcatel-Lucent.
   Email: italo.busi@alcatel-lucent.com

   Lieven Levrau
   Alcatel-Lucent.
   Email: lieven.levrau@alcatel-lucent.com

   Laurent Ciavaglia
   Alcatel-Lucent.
   Email: laurent.ciavaglia@alcatel-lucent.com

   Bo Wu
   ZTE Corporation.
   Email: wu.bo@zte.com.cn

   Jian Yang
   ZTE Corporation.
   Email: yang_jian@zte.com.cn

Full Copyright Statement

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors. All rights reserved.


Boutros                 Expires March 2, 2012                 [Page 11]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   All IETF Documents and the information contained therein are provided
   on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
   IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
   WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
   WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE
   ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
   FOR A PARTICULAR PURPOSE.

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.

   Copies of Intellectual Property disclosures made to the IETF
   Secretariat and any assurances of licenses to be made available, or
   the result of an attempt made to obtain a general license or
   permission for the use of such proprietary rights by implementers or
   users of this specification can be obtained from the IETF on-line IPR
   repository at http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   any standard or specification contained in an IETF Document.  Please
   address the information to the IETF at ietf-ipr@ietf.org.

   The definitive version of an IETF Document is that published by, or
   under the auspices of, the IETF. Versions of IETF Documents that are
   published by third parties, including those that are translated into
   other languages, should not be considered to be definitive versions
   of IETF Documents. The definitive version of these Legal Provisions
   is that published by, or under the auspices of, the IETF. Versions of
   these Legal Provisions that are published by third parties, including
   those that are translated into other languages, should not be
   considered to be definitive versions of these Legal Provions.

Boutros                 Expires March 2, 2012                 [Page 12]


Internet-Draft     draft-ietf-mpls-tp-li-lb-04.txt       September 2011
   For the avoidance of doubt, each Contributor to the UETF Standards
   Process licenses each Contribution that he or she makes as part of
   the IETF Standards Process to the IETF Trust pursuant to the
   provisions of RFC 5378. No language to the contrary, or terms,
   conditions or rights that differ from or are inconsistent with the
   rights and licenses granted under RFC 5378, shall have any effect and
   shall be null and void, whether published or posted by such
   Contributor, or included with or in such Contribution.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.






































Boutros                 Expires March 2, 2012                 [Page 13]