Network Working Group                                  Luca Martini (ED)
Internet Draft Eric C. Rosen
Expiration Date: September 2005                      Cisco Systems, Inc.

Nasser El-Aawar                                               Toby Smith
Level 3 Communications, LLC.                       Laurel Networks, Inc.

Giles Heron
Tellabs
                                                              March 2005


               Pseudowire Setup and Maintenance using LDP


                draft-ietf-pwe3-control-protocol-16.txt

Status of this Memo

   By submitting this Internet-Draft, we certify that any applicable
   patent or other IPR claims of which we are aware have been disclosed,
   or will be disclosed, and any of which we become aware will be
   disclosed, in accordance with RFC 3668.


   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Abstract

   Layer 2 services (such as Frame Relay, ATM, ethernet) can be
   "emulated" over an MPLS backbone by encapsulating the layer 2 PDUs
   and then transmitting them over "pseudowires". It is also possible to
   use pseudowires to provide low-rate TDM and SONET circuit emulation
   over a MPLS network. This document specifies a protocol for
   establishing and maintaining the pseudowires, using extensions to



Martini, et al.                                                 [Page 1]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   LDP. Procedures for encapsulating layer 2 PDUs are specified in a set
   of companion documents.



Table of Contents

    1      Specification of Requirements  ..........................   3
    2      Introduction  ...........................................   3
    3      The Pseudowire Label  ...................................   5
    4      Details Specific to Particular Emulated Services  .......   7
    4.1    IP Layer2 Transport  ....................................   7
    5      LDP  ....................................................   7
    5.1    The PWid FEC Element  ...................................   8
    5.2    The Generalized PW ID FEC Element  ......................   9
    5.2.1  Attachment Identifiers  .................................  10
    5.2.2  Encoding the Generalized ID FEC Element  ................  11
    5.2.3  Signaling Procedures  ...................................  14
    5.3    Signaling of Pseudo Wire Status  ........................  15
    5.3.1  Use of Label Mappings.  .................................  15
    5.3.2  Signaling PW status.  ...................................  16
    5.3.3  Pseudowire Status Negotiation Procedures  ...............  17
    5.4    Interface Parameters Field  .............................  19
    6      Control Word  ...........................................  20
    6.1    PW types for which the control word is REQUIRED  ........  20
    6.2    PW types for which the control word is NOT mandatory  ...  20
    6.3    LDP label Withdrawal procedures  ........................  21
    6.4    Sequencing Considerations  ..............................  22
    6.4.1  Label Mapping Advertisements  ...........................  22
    6.4.2  Label Mapping Release  ..................................  23
    7      IANA Considerations  ....................................  23
    7.1    LDP TLV TYPE  ...........................................  23
    7.2    LDP status messages  ....................................  23
    7.3    FEC Type Name Space  ....................................  24
    8      Security Considerations  ................................  24
    8.1    Data-plane Security  ....................................  24
    8.2    Control Protocol Security  ..............................  25
    9      Intellectual Property Statement  ........................  26
   10      Full Copyright Statement  ...............................  27
   11      Acknowledgments  ........................................  27
   12      Normative References  ...................................  27
   13      Informative References  .................................  27
   14      Author Information  .....................................  28
   15      Additional Contributing Authors  ........................  29
   Ap A    C-bit Handling Procedures Diagram  ......................  32






Martini, et al.                                                 [Page 2]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


1. Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.


2. Introduction

   In [FRAME], [ATM], and [ETH] it is explained how to encapsulate a
   layer 2 Protocol Data Unit (PDU) for transmission over an  MPLS
   network. Those documents specify that a "pseudowire header",
   consisting of a demultiplexor field, will be prepended to the
   encapsulated PDU. The pseudowire demultiplexor field is put on before
   transmitting a packet on a pseudowire.  When the packet arrives at
   the remote endpoint of the pseudowire, the demultiplexor is what
   enables the receiver to identify the particular pseudowire on which
   the packet has arrived. To actually transmit the packet from one
   pseudowire endpoint to another, the packet may need to travel through
   a "PSN tunnel"; this will require an additional header to be
   prepended to the packet.

   Accompanying documents [CEP, SAToP] describe methods for transporting
   time division multiplexed (TDM) digital signals (TDM circuit
   emulation) over a packet-oriented MPLS network. The transmission
   system for circuit-oriented TDM signals is the Synchronous Optical
   Network (SONET)[SDH]/Synchronous Digital Hierarchy (SDH) [ITUG]. To
   support TDM traffic, which includes voice, data, and private leased
   line service, the pseudowires must emulate the circuit
   characteristics of SONET/SDH payloads. The TDM signals and payloads
   are encapsulated for transmission over pseudowires. To this
   encapsulation is prepended a pseudowire demultiplexor and a PSN
   tunnel header.

   [SAToP] describe methods for transporting low-rate time division
   multiplexed (TDM) digital signals (TDM circuit emulation) over PSNs,
   while [CEP] similarly describes transport of high-rate TDM
   (SONET/SDH). To support TDM traffic the pseudowires must emulate the
   circuit characteristics of the original T1, E1, T3, E3, SONET or SDH
   signals. [SAToP] does this by encapsulating an arbitrary but constant
   amount of the TDM data in each packet, while the other methods
   encapsulate TDM structures.

   In this document, we specify the use of the MPLS Label Distribution
   Protocol, LDP [RFC3036], as a protocol for setting up and maintaining
   the pseudowires. In particular, we define new TLVs for LDP, which
   enable LDP to identify pseudowires and to signal attributes of
   pseudowires. We specify how a pseudowire endpoint uses these TLVs in



Martini, et al.                                                 [Page 3]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   LDP to bind a demultiplexor field value to a pseudowire, and how it
   informs the remote endpoint of the binding. We also specify
   procedures for reporting pseudowire status changes, passing
   additional information about the pseudowire as needed, and for
   releasing the bindings.

   In the protocol specified herein, the pseudowire demultiplexor field
   is an MPLS label. Thus the packets which are transmitted from one end
   of the pseudowire to the other are MPLS packets which must be
   transmitted through a MPLS tunnel. However if the pseudowire
   endpoints are immediately adjacent, the MPLS tunnel may not be
   necessary. Any sort of PSN tunnel can be used, as long as it is
   possible to transmit MPLS packets through it. The PSN tunnel can
   itself be an MPLS LSP, or any other sort of tunnel which can carry
   MPLS packets. Procedures for setting up and maintaining the MPLS
   tunnels are outside the scope of this document.

   This document deals only with the setup and maintenance of point-to-
   point pseudowires. Neither point to multipoint nor multipoint to
   point pseudowires are discussed.

   QoS related issues are not discussed in this document.  The following
   two figures describe the reference models which are derived from
   [RFC3985] to support the PW emulated services.

         |<-------------- Emulated Service ---------------->|
         |                                                  |
         |          |<------- Pseudo Wire ------>|          |
         |          |                            |          |
         |Attachment|    |<-- PSN Tunnel -->|    |Attachment|
         |  Circuit V    V                  V    V  Circuit |
         V   (AC)   +----+                  +----+   (AC)   V
   +-----+    |     | PE1|==================| PE2|     |    +-----+
   |     |----------|............PW1.............|----------|     |
   | CE1 |    |     |    |                  |    |     |    | CE2 |
   |     |----------|............PW2.............|----------|     |
   +-----+  ^ |     |    |==================|    |     | ^  +-----+
         ^  |       +----+                  +----+     | |  ^
         |  |   Provider Edge 1         Provider Edge 2  |  |
         |  |                                            |  |
   Customer |                                            | Customer
   Edge 1   |                                            | Edge 2
            |                                            |
      native service                               native service

                     Figure 1: PWE3 Reference Model





Martini, et al.                                                 [Page 4]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   +-------------+                                +-------------+
   |  Layer2     |                                |  Layer2     |
   |  Emulated   |                                |  Emulated   |
   |  Services   |         Emulated Service       |  Services   |
   |             |<==============================>|             |
   +-------------+           Pseudo Wire          +-------------+
   |Demultiplexor|<==============================>|Demultiplexor|
   +-------------+                                +-------------+
   |    PSN      |            PSN Tunnel          |    PSN      |
   |   MPLS      |<==============================>|   MPLS      |
   +-------------+                                +-------------+
   |  Physical   |                                |  Physical   |
   +-----+-------+                                +-----+-------+

             Figure 2: PWE3 Protocol Stack Reference Model

   For the purpose of this document, PE1 will be defined as the ingress
   router, and PE2 as the egress router. A layer 2 PDU will be received
   at PE1, encapsulated at PE1, transported, decapsulated at PE2, and
   transmitted out of PE2.


3. The Pseudowire Label

   Suppose it is desired to transport layer 2 PDUs from ingress LSR PE1
   to egress LSR PE2, across an intervening MPLS network. We assume that
   there is a MPLS tunnel from PE1 to PE2. That is, we assume that PE1
   can cause a packet to be delivered to PE2 by encapsulating the packet
   in a "MPLS tunnel header" and sending the result to one of its
   adjacencies. The MPLS tunnel is an MPLS Label Switched Path (LSP),
   hence putting on a MPLS tunnel encapsulation is a matter of pushing
   on an MPLS label.

   We presuppose that a large number of pseudowires can be carried
   through a single MPLS tunnel.  Thus it is never necessary to maintain
   state in the network core for individual pseudowires.  We do not
   presuppose that the MPLS tunnels are point to point; although the
   pseudowires are point to point, the MPLS tunnels may be multipoint to
   point.  We do not presuppose that PE2 will even be able to determine
   the MPLS tunnel through which a received packet was transmitted.
   (E.g., if the MPLS tunnel is an LSP, and penultimate hop popping is
   used, when the packet arrives at PE2 it will contain no information
   identifying the tunnel.)

   When PE2 receives a packet over a pseudowire, it must be able to
   determine that the packet was in fact received over a pseudowire, and
   it must be able to associate that packet with a particular
   pseudowire.  PE2 is able to do this by examining the MPLS label which



Martini, et al.                                                 [Page 5]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   serves as the pseudowire demultiplexor field shown in Figure 2.  Call
   this label the "PW label".

   So when PE1 sends a layer 2 PDU to PE2, it first pushes a PW label on
   its label stack, thereby creating an MPLS packet.  It then (if PE1 is
   not adjacent to PE2) encapsulates that MPLS packet in a MPLS tunnel
   header.  (If the MPLS tunnel is an LSP, this is just a matter of
   pushing on a second label.)  The PW label is not visible again until
   the MPLS packet reaches PE2. PE2's disposition of the packet is based
   on the PW label.

   If the payload of the MPLS packet is, for example, an ATM AAL5 PDU,
   the PW label will generally correspond to a particular ATM VC at PE2.
   That is, PE2 needs to be able to infer from the PW label the outgoing
   interface and the VPI/VCI value for the AAL5 PDU. If the payload is a
   Frame Relay PDU, then PE2 needs to be able to infer from the PW label
   the outgoing interface and the DLCI value. If the payload is an
   Ethernet frame, then PE2 needs to be able to infer from the PW label
   the outgoing interface, and perhaps the VLAN identifier. This process
   is uni-directional, and will be repeated independently for bi-
   directional operation. It is REQUIRED to assign the same PW ID, and
   PW type for a given circuit in both directions. The group ID (see
   below) MUST NOT be required to match in both directions. The
   transported frame MAY be modified when it reaches the egress router.
   If the header of the transported layer 2 frame is modified, this MUST
   be done at the egress LSR only.  Note that the PW label must always
   be at the bottom of the packet's label stack and labels MUST be
   allocated from the per-platform label space.


   This document does not specify a method for distributing the MPLS
   tunnel label or any other labels that may appear above the PW label
   on the stack.  Any acceptable method of MPLS label distribution will
   do. This document specifies a protocol for assigning and distributing
   the PW label. This protocol is LDP, extended as specified in the
   remainder of this document. An LDP session must be set up between the
   pseudowire endpoints. LDP MUST be used in its "downstream
   unsolicited" mode. LDP's "liberal label retention" mode SHOULD be
   used.

   In addition to the protocol specified herein, static assignment of PW
   labels may be used, and implementations of this protocol SHOULD
   provide support for static assignment.

   This document specifies all the procedures necessary to set up and
   maintain the pseudowires needed to support "unswitched" point to
   point services, where each endpoint of the pseudowire is provisioned
   with the identify of the other endpoint. There are also protocol



Martini, et al.                                                 [Page 6]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   mechanisms specified herein which can be used to support switched
   services, and which can be used to support other provisioning models.
   However, the use of the protocol mechanisms to support those other
   models and services is not described in this document.


4. Details Specific to Particular Emulated Services

4.1. IP Layer2 Transport

   This mode carries IP packets over a Pseudo-Wire. The encapsulation
   used is according to [RFC3032]. The PW control word MAY be inserted
   between the MPLS stack and the IP payload. The encapsulation of the
   IP packets for forwarding on the attachment circuit is implementation
   specific, part of the NSP function [RFC3985], and is outside the
   scope of this document.


5. LDP

   The PW label bindings are distributed using the LDP downstream
   unsolicited mode described in [LDP]. The PEs will establish an LDP
   session using the Extended Discovery mechanism described in [LDP,
   section 2.4.2 and 2.5].

   An LDP Label Mapping message contains a FEC TLV, a Label TLV, and
   zero or more optional parameter TLVs.

   The FEC TLV is used to indicate the meaning of the label.  In the
   current context, the FEC TLV would be used to identify the particular
   pseudowire that a particular label is bound to.  In this
   specification, we define two new FEC TLVs to be used for identifying
   pseudowires.  When setting up a particular pseudowire, only one of
   these FEC TLVs is used.  The one to be used will depend on the
   particular service being emulated and on the particular provisioning
   model being supported.

   LDP allows each FEC TLV to consist of a set of FEC elements.  For
   setting up and maintaining pseudowires, however, each FEC TLV MUST
   contain exactly one FEC element.

   LDP has several kinds of label TLVs.  For setting up and maintaining
   pseudowires, the Generic Label TLV MUST be used.








Martini, et al.                                                 [Page 7]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


5.1. The PWid FEC Element

   The PWid FEC element may be used whenever both pseudowire endpoints
   have been provisioned with the same 32-bit identifier for the
   pseudowire.

   For this purpose a new type of FEC element is defined. The FEC
   element type is 128 [note1], and is defined as follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    PW tlv     |C|         PW type             |PW info Length |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Group ID                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           PW ID                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Interface parameters                    |
   |                              "                                |
   |                              "                                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


     - PW type

       A 15 bit quantity containing a value which represents the type of
       PW. Assigned Values are specified in "IANA Allocations for pseudo
       Wire Edge to Edge Emulation (PWE3)" [IANA].

     - Control word bit (C)

       The bit (C) is used to flag the presence of a control word as
       follows:

           C = 1 control word present on this PW.
           C = 0 no control word present on this PW.

       Please see the section "C-Bit Handling Procedures" for further
       explanation.

     - PW information length

       Length of the PW ID field and the interface parameters field in
       octets. If this value is 0, then it references all PWs using the
       specified group ID and there is no PW ID present, nor any
       interface parameters.




Martini, et al.                                                 [Page 8]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


     - Group ID

       An arbitrary 32 bit value which represents a group of PWs that is
       used to create groups in the PW space. The group ID is intended
       to be used as a port index, or a virtual tunnel index. To
       simplify configuration a particular PW ID at ingress could be
       part of the virtual tunnel for transport to the egress router.
       The Group ID is very useful to send wild card label withdrawals,
       or PW wild card status notification messages to remote PEs upon
       physical port failure.

     - PW ID

       A non-zero 32-bit connection ID that together with the PW type,
       identifies a particular PW.  Note that the PW ID and the PW type
       must be the same at both endpoints.

     - Interface parameters

       This variable length field is used to provide interface specific
       parameters, such as attachment circuit MTU.

       Note that as the "interface parameters" are part of the FEC, the
       rules of LDP make it impossible to change the interface
       parameters once the pseudowire has been set up.  Thus the
       interface parameters field must not be used to pass information,
       such as status information, which may change during the life of
       the pseudowire.  Optional parameter TLVs should be used for that
       purpose.

   Using the PWid FEC, each of the two pseudowire endpoints
   independently initiates the set up of a unidirectional LSP.  An
   outgoing LSP and an incoming LSP are bound together into a single
   pseudowire if they have the same PW ID  and PW type.


5.2. The Generalized PW ID FEC Element

   The PWid FEC element can be used if a unique 32-bit value has been
   assigned to the PW, and if each endpoint has been provisioned with
   that value.  The Generalized ID FEC element requires that the PW
   endpoints be uniquely identified; the PW itself is identified as a
   pair of endpoints.  In addition the endpoint identifiers are
   structured to support applications where the identity of the remote
   endpoints needs to be auto-discovered rather than statically
   configured.

   The "Generalized ID FEC Element" is FEC type 129 (provisionally,



Martini, et al.                                                 [Page 9]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   subject to assignment by IANA).

   The Generalized ID FEC Element does not contain anything
   corresponding to the "group id" of the PWid FEC element.  The
   functionality of the "group id" is provided by a separate optional
   LDP TLV, the "PW Grouping TLV", described below. The Interface
   Parameters field of the PWid FEC element is also absent; its
   functionality is replaced by the optional Interface Parameters TLV,
   described below.


5.2.1. Attachment Identifiers

   As discussed in [RFC3985], a pseudowire can be thought of as
   connecting two "forwarders".  The protocol used to setup a pseudowire
   must allow the forwarder at one end of a pseudowire to identify the
   forwarder at the other end.  We use the term "attachment identifier",
   or "AI", to refer to the field which the protocol uses to identify
   the forwarders.  In the PWid FEC, the PWid field serves as the AI.
   In this section we specify a more general form of AI which is
   structured and of variable length.

   Every Forwarder in a PE must be associated with an Attachment
   Identifier (AI), either through configuration or through some
   algorithm.  The Attachment Identifier must be unique in the context
   of the PE router in which the Forwarder resides.  The combination <PE
   router, AI> must be globally unique.

   It is frequently convenient to regard a set of Forwarders as being
   members of a particular "group", where PWs may only be set up among
   members of a group.  In such cases, it is convenient to identify the
   Forwarders relative to the group, so that an Attachment Identifier
   would consist of an Attachment Group Identifier (AGI) plus an
   Attachment Individual Identifier (AII).

   An Attachment Group Identifier may be thought of as a VPN-id, or a
   VLAN identifier, some attribute which is shared by all the Attachment
   PWs (or pools thereof) which are allowed to be connected.

   The details of how to construct the AGI and AII fields identifying
   the pseudowire endpoints are outside the scope of this specification.
   Different pseudowire application, and different provisioning models,
   will require different sorts of AGI and AII fields.  The
   specification of each such application and/or model must include the
   rules for constructing the AGI and AII fields.

   As previously discussed, a (bidirectional) pseudowire consists of a
   pair of unidirectional LSPs, one in each direction. If a particular



Martini, et al.                                                [Page 10]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   pseudowire connects PE1 with PE2, the LSP in the PE1-->PE2 direction
   can be identified as:

           <PE1, <AGI, AII1>, PE2, <AGI, AII2>>,

   and the LSP in the PE2--PE1 direction can be identified by:

           <PE2, <AGI, AII2>, PE1, <AGI, AII1>>.

   Note that the AGI must be the same at both endpoints, but the AII
   will in general be different at each endpoint.  Thus from the
   perspective of a particular PE, each pseudowire has a local or
   "Source AII", and a remote or "Target AII".  The pseudowire setup
   protocol can carry all three of these quantities:

     - Attachment Group Identifier (AGI).

     - Source Attachment Individual Identifier (SAII)

     - Target Attachment Individual Identifier (TAII)

   If the AGI is non-null, then the Source AI (SAI) consists of the AGI
   together with the SAII, and the Target AI (TAI) consists of the TAII
   together with the AGI.  If the AGI is null, then the SAII and TAII
   are the SAI and TAI respectively.

   The interpretation of the SAI and TAI is a local matter at the
   respective endpoint.

   The association of two unidirectional LSPs into a single
   bidirectional pseudowire depends on the SAI and the TAI.  Each
   application and/or provisioning model which uses the Generalized ID
   FEC element must specify the rules for performing this association.


5.2.2. Encoding the Generalized ID FEC Element

   FEC element type 129 [note1] is used.   The FEC element is encoded as
   follows:












Martini, et al.                                                [Page 11]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     129       |C|         PW Type             |PW info Length |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   AGI Type    |    Length     |      Value                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   ~                    AGI  Value (contd.)                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   AII Type    |    Length     |      Value                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   ~                   SAII  Value (contd.)                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   AII Type    |    Length     |      Value                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   ~                   TAII Value (contd.)                         ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   This document does not specify the AII, and AGI type field values;
   specification of the type field values to use for a particular
   application is part of the specification of that application. IANA
   will assign these values as defined in the [IANA] document.

   The SAII, TAII, and AGI are simply carried as octet strings. The
   length byte specifies the size of the Value field. The null string
   can be sent by setting the length byte to 0. If a particular
   application does not need all three of these sub-elements, it MUST
   send all the sub-elements, but set the length to 0 for the unused
   sub-elements.

   The PW information length field, contains the length of the SAII,
   TAII, AGI combined, and the interface parameters field in octets. If
   this value is 0, then it references all PWs using the specified
   grouping ID. In this case there are no other FEC element fields
   (AGI,SAII, etc. ) present, nor any interface parameters.

   Note that the interpretation of a particular field as AGI, SAII, or
   TAII depends on the order of its occurrence.  The type field
   identifies the type of the AGI, SAII, or TAII.  When comparing two
   occurrences of an AGI (or SAII or TAII), the two occurrences are
   considered to be identical if the type, length, and value fields of
   one are identical, respectively, to those of the other.





Martini, et al.                                                [Page 12]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


5.2.2.1. Interface Parameters TLV

   This TLV MUST only be used when sending the Generalized PW FEC.  It
   specifies interface specific parameters. Specific parameters, when
   applicable, MUST be used to validate that the PEs, and the ingress
   and egress ports at the edges of the circuit, have the necessary
   capabilities to interoperate with each other.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0|0|  PW Intf P. TLV (0x096B)  |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Parameter ID |    Length     |    Variable Length Value      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Variable Length Value                 |
   |                             "                                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   [ note: TLV type 0x096B pending IANA allocation ]

   A more detailed description of this field can be found in the section
   "Interface Parameters Field" below.


5.2.2.2. PW Grouping TLV

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0|0|PW Grouping ID TLV (0x096C)|            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             Value                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   [ note: TLV type 0x096C pending IANA allocation ]

   The PW Grouping ID is an arbitrary 32 bit value which represents an
   arbitrary group of PWs.  It is used create groups PWs; for example, a
   PW Grouping ID can be used as a port index, and assigned to all PWs
   that lead to that port.  Use of the PW Grouping ID enables one to
   send "wild card" label withdrawals, or "wild card" status
   notification messages to remote PEs upon physical port failure.

   Note Well: The PW Grouping ID is different than, and has no relation
   to, the Attachment Group Identifier.

   The PW Grouping ID TLV is not part of the FEC, and will not be



Martini, et al.                                                [Page 13]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   advertised except in the initial PW FEC advertisement. The
   advertising PE MAY use the wild card withdraw semantics, but the
   remote PEs MUST implement support for wildcard messages. This TLV
   MUST only be used when sending the Generalized PW ID FEC.

   To issue a wildcard command (status or withdraw):

        -i. Set the PW Info Length to 0 in the Generalized ID FEC
            Element.
       -ii. Send only the PW Grouping ID TLV with the FEC (No
            AGI/SAII/TAII is sent).


5.2.3. Signaling Procedures

   In order for PE1 to begin signaling PE2, PE1 must know the address of
   the remote PE2, and a TAI.  This information may have been configured
   at PE1, or it may have been learned dynamically via some
   autodiscovery procedure.

   To begin the signaling procedure, a PE (PE1) that has knowledge of
   the other endpoint (PE2) initiates the setup of the LSP in the
   incoming (PE2-->PE1) direction by sending a Label Mapping message
   containing the FEC type 129.  The FEC element includes the SAII, AGI,
   and TAII.

   What happens when PE2 receives such a Label Mapping message?

   PE2 interprets the message as a request to set up a PW whose endpoint
   (at PE2) is the Forwarder identified by the TAI.  From the
   perspective of the signaling protocol, exactly how PE2 maps AIs to
   Forwarders is a local matter.  In some VPWS provisioning models, the
   TAI might, e.g., be a string which identifies a particular Attachment
   Circuit, such as "ATM3VPI4VCI5", or it might, e.g., be a string such
   as "Fred" which is associated by configuration with a particular
   Attachment Circuit.  In VPLS, the AGI could be a VPN-id, identifying
   a particular VPLS instance.

   If PE2 cannot map the TAI to one of its Forwarders, then PE2 sends a
   Label Release message to PE1, with a Status Code meaning "invalid
   TAI" ,[ note:  Status Code 0x00000029 as defined in [IANA] pending
   IANA allocation ] and the processing of the Mapping message is
   complete.

   The FEC TLV sent in a Label Release is the same as the FEC TLV
   received in the Label Mapping being released (but without the
   interface parameters).  More generally, the FEC TLV is the same in
   all LDP messages relating to the same LSP.  In a Label Release this



Martini, et al.                                                [Page 14]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   means that the SAII is the remote peer's AII and the TAII is the
   sender's local AII.

   If the Label Mapping Message has a valid TAI, PE2 must decide whether
   to accept it or not. The procedures for so deciding will depend on
   the particular type of Forwarder identified by the TAI. Of course,
   the Label Mapping message may be rejected due to standard LDP error
   conditions as detailed in [LDP].

   If PE2 decides to accept the Label Mapping message, then it has to
   make sure that an LSP is set up in the opposite (PE1-->PE2)
   direction.  If it has already signaled for the corresponding LSP in
   that direction, nothing more need be done.  Otherwise, it must
   initiate such signaling by sending a Label Mapping message to PE1.
   This is very similar to the Label Mapping message PE2 received, but
   with the SAI and TAI reversed.

   Thus a bidirectional PW consists of two LSPs, where the FEC of one is
   the "reverse" of the FEC of the other.


5.3. Signaling of Pseudo Wire Status

5.3.1. Use of Label Mappings.

   The PEs MUST send PW label mapping messages to their peers as soon as
   the PW is configured and administratively enabled, regardless of the
   attachment circuit state. The PW label should not be withdrawn unless
   the operator administratively configures the pseudo wire down (or the
   PW configuration is deleted entirely). Using the procedures outlined
   in this section a simple label withdraw method MAY also be supported
   as a legacy means of signaling PW status and AC status. In any case
   if the Label mapping is not available the PW MUST be considered in
   the down state.

   Once, the PW status negotiation procedures are completed and if they
   result in the use of the label withdraw method for PW status
   communication, and this method is not supported by one of the PEs,
   than that PE must send a label release message to its peer with the
   following error:

   "Label Withdraw PW Status Method Not Supported"

   If the label withdraw method for PW status communication is selected
   for the PW, it will result in the PW label mapping message being
   advertised only if the attachment circuit is active. The PW status
   signaling procedures described in this section MUST be fully
   implemented.



Martini, et al.                                                [Page 15]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


5.3.2. Signaling PW status.

   The PE devices use an LDP TLV to indicate status to their remote
   peers. This PW Status TLV contains more information than the
   alternative simple Label Withdraw message.

   The format of the PW Status TLV is:
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1|0|     PW Status (0x096A)    |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Status Code                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   [ note: TLV type 0x096A pending IANA allocation ]

   Where the status code is a 4 octet bit field is specified in the PW
   IANA Allocations document [IANA]. The length specifies the length of
   the Status Code field in octets (equal to 4).

   Each bit in the status code field can be set individually to indicate
   more then a single failure at once. Each fault can be cleared by
   sending an appropriate status message with the respective bit
   cleared. The presence of the lowest bit (PW Not Forwarding) acts only
   as a generic failure indication when there is a link-down event for
   which none of the other bits apply.

   The Status TLV is transported to the remote PW peer via the LDP
   notification message. The general format of the Notification Message
   is:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0|   Notification (0x0001)     |      Message Length           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Message ID                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Status (TLV)                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      PW Status TLV                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 PWId FEC or Generalized ID FEC                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   The Status TLV status code is set to 0x00000028 "PW status", to



Martini, et al.                                                [Page 16]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   indicate that PW status follows. Since this notification does not
   refer to any particular message the Message Id, and Message Type
   fields are set to 0.  [ note: Status Code 0x00000028 as defined in
   [IANA] pending IANA allocation ]

   The PW FEC TLV SHOULD not include the interface parameters as they
   are ignored in the context of this message. When a PE's attachment
   circuit encounters an error, use of the PW status message allows the
   PE to send a single "wild card" status message, using a PW FEC TLV
   with only the group ID set, to denote this change in status for all
   affected PW connections.  This status message contains either the PW
   FEC TLV with only the group ID set, or else it contains the
   Generalized FEC TLV and the PW Grouping ID TLV.

   As mentioned above the Group ID field of the PWid FEC element, or the
   PW Grouping ID TLV used with the Generalized ID FEC element, can be
   used to send a status notification for all arbitrary sets of PWs.
   This procedure is OPTIONAL, and if it is implemented the LDP
   Notification message should be as follows: If the PWid FEC element is
   used, the PW information length field is set to 0, the PW ID field is
   not present, and the interface parameters field is not present. If
   the Generalized FEC element is used, the AGI, SAII, and TAII are not
   present,the PW information length field is set to 0, the PW Grouping
   ID TLV is included, and the Interface Parameters TLV is omitted.  For
   the purpose of this document this is called the "wild card PW status
   notification procedure", and all PEs implementing this design are
   REQUIRED to accept such a notification message, but are not required
   to send it.


5.3.3. Pseudowire Status Negotiation Procedures

   When a PW is first set up the PEs MUST attempt to negotiate the usage
   of the PW status TLV. This is accomplished as follows:  A PE that
   supports the PW Status TLV MUST include it the initial label mapping
   signaling following label mapping TLV, the PW FEC, and the interface
   parameters field. The PW Status TLV will then be used for the
   lifetime of the Pseudowire. This is shown in the following diagram:













Martini, et al.                                                [Page 17]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                 PWId FEC or Generalized ID FEC                +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Interface parameters                    |
   |                              "                                |
   |                              "                                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0|0| Generic Label (0x0200)    |      Length                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Label                                                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |1|0|     PW Status (0x0???)    |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Status Code                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   If PW status TLV is sent following the label mapping TLV in the
   initial PW FEC Message, but the remote PE corresponding FEC
   advertisement does not include a PW status TLV, or the remote PE does
   not support the PW Status TLV and the PW will revert to the label
   withdraw method to signal PW status.  Note that if the PW Status TLV
   is not supported, by the remote peer, it will automatically be
   ignored, since the LDP ignore bit is set. The PW Status TLV,
   therefore, will not be present in the corresponding FEC advertisement
   from the remote LDP peer resulting in exactly the above behavior.

   If the PW Status TLV is not present following the label mapping TLV
   in the initial PW FEC Message received by a PE, then the PW Status
   TLV will not be used and both PEs supporting the pseudowire will
   revert to the label withdraw procedure for signaling status changes.

   If the negotiation process results in the usage of the PW status TLV,
   then the actual PW status is determined by the PW status TLV that was
   sent within the initial PW label mapping. Subsequent updates of PW
   status are conveyed through the notification message











Martini, et al.                                                [Page 18]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


5.4. Interface Parameters Field

   This field specifies interface specific parameters. When applicable,
   it MUST be used to validate that the PEs, and the ingress and egress
   ports at the edges of the circuit, have the necessary capabilities to
   interoperate with each other. The field structure is defined as
   follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Parameter ID |    Length     |    Variable Length Value      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Variable Length Value                 |
   |                             "                                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   The parameter ID Values are specified in "IANA Allocations for pseudo
   Wire Edge to Edge Emulation (PWE3)" [IANA].

   The Length field is defined as the length of the interface parameter
   including the parameter id and length field itself. Processing of the
   interface parameters should continue when encountering unknown
   interface parameters and they MUST be silently ignored.

     - Interface MTU

       A 2 octet value indicating the MTU in octets. This is the Maximum
       Transmission Unit, excluding encapsulation overhead, of the
       egress packet interface that will be transmitting the
       decapsulated PDU that is received from the MPLS network. This
       parameter is applicable only to PWs transporting packets and is
       REQUIRED for these PW types. If this parameter does not match in
       both directions of a specific PW, that PW MUST NOT be enabled.

     - Optional Interface Description string

       This arbitrary, OPTIONAL, interface description string is used to
       send a human-readable administrative string describing the
       interface to the remote. This parameter is OPTIONAL, and is
       applicable to all PW types.  The interface description parameter
       string length is variable, and can be from 0 to 80 octets.
       Human-readable text MUST be provided in the UTF-8 charset using
       the Default Language [RFC2277].






Martini, et al.                                                [Page 19]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


6. Control Word

6.1. PW types for which the control word is REQUIRED

   The Label Mapping messages which are sent in order to set up these
   PWs MUST have c=1. When a Label Mapping message for a PW of one of
   these types is received, and c=0, a Label Release MUST be sent, with
   an "Illegal C-bit" status code. In this case, the PW will not be
   enabled.


6.2. PW types for which the control word is NOT mandatory

   If a system is capable of sending and receiving the control word on
   PW types for which the control word is not mandatory, then each such
   PW endpoint MUST be configurable with a parameter that specifies
   whether the use of the control word is PREFERRED or NOT PREFERRED.
   For each PW, there MUST be a default value of this parameter. This
   specification does NOT state what the default value should be.

   If a system is NOT capable of sending and receiving the control word
   on PW types for which the control word is not mandatory, then it
   behaves exactly as if it were configured for the use of the control
   word to be NOT PREFERRED.

   If a Label Mapping message for the PW has already been received, but
   no Label Mapping message for the PW has yet been sent, then the
   procedure is the following:

        -i. If the received Label Mapping message has c=0, send a Label
            Mapping message with c=0, and the control word is not used.
       -ii. If the received Label Mapping message has c=1, and the PW is
            locally configured such that the use of the control word is
            preferred, then send a Label Mapping message with c=1, and
            the control word is used.
      -iii. If the received Label Mapping message has c=1, and the PW is
            locally configured such that the use of the control word is
            not preferred or the control word is not supported, then act
            as if no Label Mapping message for the PW had been received
            (i.e., proceed to the next paragraph).

   If a Label Mapping message for the PW has not already been received
   (or if the received Label Mapping message had c=1 and either local
   configuration says that the use of the control word is not preferred
   or the control word is not supported), then send a Label Mapping
   message in which the c bit is set to correspond to the locally
   configured preference for use of the control word.  (I.e., set c=1 if
   locally configured to prefer the control word, set c=0 if locally



Martini, et al.                                                [Page 20]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   configured to prefer not to use the control word or if the control
   word is not supported).

   The next action depends on what control message is next received for
   that PW.  The possibilities are:

        -i. A Label Mapping message with the same c bit value as
            specified in the Label Mapping message that was sent. PW
            setup is now complete, and the control word is used if c=1
            but not used if c=0.
       -ii. A Label Mapping message with c=1, but the Label Mapping
            message that was sent has c=0. In this case, ignore the
            received Label Mapping message, and continue to wait for the
            next control message for the PW.
      -iii. A Label Mapping message with c=0, but the Label Mapping
            message that was sent has c=1. In this case, send a Label
            Withdraw message with a "Wrong C-bit" status code, followed
            by a Label Mapping message that has c=0. PW setup is now
            complete, and the control word is not used.
       -iv. A Label Withdraw message with the "Wrong c-bit" status code.
            Treat as a normal Label Withdraw, but do not respond.
            Continue to wait for the next control message for the PW.

   If at any time after a Label Mapping message has been received, a
   corresponding Label Withdraw or Release is received, the action taken
   is the same as for any Label Withdraw or Release that might be
   received at any time.

   If both endpoints prefer the use of the control word, this procedure
   will cause it to be used. If either endpoint prefers not to use the
   control word, or does not support the control word, this procedure
   will cause it not to be used. If one endpoint prefers to use the
   control word but the other does not, the one that prefers not to use
   it is has no extra protocol to execute, it just waits for a Label
   Mapping message that has c=0.

   The diagram in Appendix A illustrates the above procedure.


6.3. LDP label Withdrawal procedures

   As mentioned above, the Group ID field of the PWid FEC element, or
   the PW Grouping ID TLV used with the Generalized ID FEC element, can
   be used to withdraw all PW labels associated with a particular PW
   group. This procedure is OPTIONAL, and if it is implemented the LDP
   label withdraw message should be as follows: If the PWid FEC element
   is used, the PW information length field is set to 0, the PW ID field
   is not present, and the interface parameters field is not present. If



Martini, et al.                                                [Page 21]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   the Generalized FEC element is used, the AGI, SAII, and TAII are not
   present,the PW information length field is set to 0, the PW Grouping
   ID TLV is included, and the Interface Parameters TLV is omitted. For
   the purpose of this document this is called the "wild card withdraw
   procedure", and all PEs implementing this design are REQUIRED to
   accept such withdrawn message, but are not required to send it. Note
   that the PW Grouping ID TLV only applies to PW using the Generalized
   ID FEC element, while the Group ID only applies to PWid FEC element.

   The interface parameters field, or TLV, MUST NOT be present in any
   LDP PW label withdrawal message or release message. A wildcard
   release message MUST include only the group ID, or Grouping ID TLV. A
   Label Release message initiated a PE router must always include the
   PW ID.


6.4. Sequencing Considerations

   In the case where the router considers the sequence number field in
   the control word, it is important to note the following when
   advertising labels


6.4.1. Label Mapping Advertisements

   After a label has been withdrawn by the output router and/or released
   by the input router, care must be taken to not advertise (re-use) the
   same released label until the output router can be reasonably certain
   that old packets containing the released label no longer persist in
   the MPLS network.

   This precaution is required to prevent the imposition router from
   restarting packet forwarding with sequence number of 1 when it
   receives the same label mapping if there are still older packets
   persisting in the network with sequence number between 1 and 32768.
   For example, if there is a packet with sequence number=n where n is
   in the interval[1,32768] traveling through the network, it would be
   possible for the disposition router to receive that packet after it
   re-advertises the label. Since the label has been released by the
   imposition router, the disposition router SHOULD be expecting the
   next packet to arrive with sequence number to be 1. Receipt of a
   packet with sequence number equal to n will result in n packets
   potentially being rejected by the disposition router until the
   imposition router imposes a sequence number of n+1 into a packet.
   Possible methods to avoid this is for the disposition router to
   always advertise a different PW label, or for the disposition router
   to wait for a sufficient time before attempting to re-advertised a
   recently released label. This is only an issue when sequence number



Martini, et al.                                                [Page 22]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   processing at the disposition router is enabled.


6.4.2. Label Mapping Release

   In situations where the imposition router wants to restart forwarding
   of packets with sequence number 1, the router shall 1) Send to
   disposition router a label mapping release, and 2) Send to
   disposition router a label mapping request. When sequencing is
   supported, advertisement of a PW label in response to a label mapping
   request MUST also consider the issues discussed in the section on
   Label Mapping Advertisements.


7. IANA Considerations

7.1. LDP TLV TYPE

   This document uses several new LDP TLV types, IANA already maintains
   a registry of name "TLV TYPE NAME SPACE" defined by RFC3036. The
   following values are suggested for assignment:

      TLV type  Description
       0x096A   PW Status TLV
       0x096B   PW Interface Parameters TLV
       0x096C   Group ID TLV


7.2. LDP status messages

   This document uses several new LDP status codes, IANA already
   maintains a registry of name "STATUS CODE NAME SPACE" defined by
   RFC3036. The following values are suggested for assignment:

      0x00000024 "Illegal C-Bit"
      0x00000025 "Wrong C-Bit"
      0x00000026 "Incompatible bit-rate"
      0x00000027 "CEP/TDM mis-configuration"
      0x00000028 "PW status"
      0x00000029 "Invalid TAI"
      0x0000002A "Generic Misconfiguration Error"
      0x0000002B "Label Withdraw PW Status Method Not Supported"









Martini, et al.                                                [Page 23]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


7.3. FEC Type Name Space

   This document uses two new FEC element types, 128 and 129 from the
   registry "FEC Type Name Space" for the Label Distribution Protocol
   (LDP RFC3036).


8. Security Considerations

   This document specifies the LDP extensions that are needed for
   setting up and maintaining Pseudowires.  The purpose of setting up
   Pseudowires is to enable layer 2 frames to be encapsulated in MPLS
   and transmitted from one end of a Pseudowire to the other.  Therefore
   we treat the security considerations for both the data plane and the
   control plane.


8.1. Data-plane Security

   With regard to the security of the data plane, the following areas
   must be considered:

     - MPLS PDU inspection.
     - MPLS PDU spoofing.
     - MPLS PDU alteration.
     - MPLS PSN protocol security.
     - Access Circuit security.
     - Denial of service prevention on the PE routers.

   When a MPLS PSN is used to provide pseudowire service, there is a
   perception that security MUST be at least equal to the currently
   deployed layer2 native protocol networks that the MPLS/PW network
   combination is emulating. This means that the MPLS network SHOULD be
   isolated from outside packet insertion in such a way that it SHOULD
   not be possible to directly insert an MPLS packet into the network.
   To prevent unwanted packet insertion, it is also important to prevent
   unauthorized physical access to the PSN as well as unauthorized
   administrative access to individual network elements.

   As mentioned above, as MPLS network, should not accept MPLS packets
   from its external interfaces (i.e. interfaces to CE devices or to
   other providers' networks) unless the top label of the packet was
   legitimately distributed to the system from which the packet is being
   received. If the packet's incoming interface leads to a different SP
   (rather than to a customer), an appropriate trust relationship must
   also be present, including the trust that the other SP also provides
   appropriate security measures.




Martini, et al.                                                [Page 24]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   The three main security problems faced when using an MPLS network to
   transport PWs are spoofing, alteration, and inspection. First there
   is a possibility that the PE receiving PW PDUs will get a PDU which
   appears to be from the PE transmitting the PW into the PSN, but which
   was not actually transmitted by the PE originating the PW. (I.e., the
   specified encapsulations do not by themselves enable the decapsulator
   to authenticate the encapsulator.) A second problem is the
   possibility that the PW PDU will be altered between the time it
   enters PSN and the time it leaves the PSN. (I.e., the specified
   encapsulations do not by themselves assure the decapsulator of the
   packet's integrity.) A third problem is the possibility that the
   PDU's contents will be seen while the PDU is in transit through the
   PSN. (I.e., the specification encapsulations do not ensure privacy.)
   How significant these issues are in practice depends on the security
   requirements of the applications whose traffic is being sent through
   the tunnel, and how secure is the PSN itself.


8.2. Control Protocol Security

   General security considerations with regard to the use of LDP are
   specified in section 5 of RFC 3036.  Those considerations apply as
   well to the case where LDP is used to set up Pseudowires.

   A Pseudowire connects two attachment circuits. It is important to
   make sure that LDP connections are not arbitrarily accepted from
   anywhere, or else a local attachment circuit might get connected to
   an arbitrary remote attachment circuit.  Therefore an incoming LDP
   session request MUST NOT be accepted unless its IP source address is
   known to be the source of an "eligible" LDP peer.  The set of
   eligible peers could be pre-configured (either as a list of IP
   addresses, or as a list of address/mask combinations), or it could be
   discovered dynamically via an auto-discovery protocol which is itself
   trusted.  (Obviously if the auto-discovery protocol were not trusted,
   the set of "eligible peers" it produces could not be trusted.)

   Even if an LDP connection request appears to come from an eligible
   peer, its source address may have been spoofed.  So some means of
   preventing source address spoofing must be in place.  For example, if
   all the eligible peers are in the same network, source address
   filtering at the border routers of that network could eliminate the
   possibility of source address spoofing.

   The LDP MD5 authentication key option, as described in section 2.9 of
   RFC 3036, MUST be implemented, and for a greater degree of security
   it must be used. This provides integrity and authentication for the
   LDP messages, and eliminates the possibility of source address
   spoofing. Use of the MD5 option does not provide privacy, but privacy



Martini, et al.                                                [Page 25]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   of the LDP control messages is not usually considered to be
   important. As the MD5 option relies on the configuration of pre-
   shared keys, it does not provide much protection against replay
   attacks. In addition, its reliance on pre-shared keys may make it
   very difficult to deploy when the set of eligible neighbors is
   determined by an auto-configuration protocol.

   When the Generalized ID FEC Element is used, it is possible that a
   particular LDP peer may be one of the eligible LDP peers, but may not
   be the right one to connect to the particular attachment circuit
   identified by the particular instance of the Generalized ID FEC
   element.  However, given that the peer is known to be one of the
   eligible peers (as discussed above), this would be the result of a
   configuration error, rather than a security problem.  Nevertheless,
   it may be advisable for a PE to associate each of its local
   attachment circuits with a set of eligible peers, rather than having
   just a single set of eligible peers associated with the PE as a
   whole.


9. Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.








Martini, et al.                                                [Page 26]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


10. Full Copyright Statement

   Copyright (C) The Internet Society (2004).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78 and
   except as set forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


11. Acknowledgments

   The authors wish to acknowledge the contributions of Vach Kompella,
   Vanson Lim, Wei Luo, Himanshu Shah, and Nick Weeds.


12. Normative References

   [LDP] "LDP Specification." L. Andersson, P. Doolan, N. Feldman, A.
        Fredette, B. Thomas. January 2001. RFC3036

   [RFC3032] "MPLS Label Stack Encoding", E. Rosen, Y. Rekhter,
        D. Tappan, G. Fedorkow, D. Farinacci, T. Li, A. Conta. RFC3032

   [IANA] "IANA Allocations for pseudo Wire Edge to Edge Emulation
        (PWE3)" Martini,Townsley, draft-ietf-pwe3-iana-allocation-08.txt
        (work in progress), April 2004


13. Informative References

   [CEP] "SONET/SDH Circuit Emulation Service Over Packet (CEP)",
        draft-ietf-pwe3-sonet-09.txt (work in progress)

   [SAToP] "Structure-Agnostic TDM over Packet (SAToP)",
        draft-ietf-pwe3-satop-01.txt (work in progress)

   [FRAME] "Frame Relay over Pseudo-Wires",
        draft-ietf-pwe3-frame-relay-02.txt (work in progress )

   [ATM] "Encapsulation Methods for Transport of ATM Cells/Frame Over IP
        and MPLS Networks", draft-ietf-pwe3-atm-encap-05.txt (work in
        progress)



Martini, et al.                                                [Page 27]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


   [PPPHDLC] "Encapsulation Methods for Transport of PPP/HDLC Frames
        Over IP and MPLS Networks",
        draft-ietf-pwe3-hdlc-ppp-encap-05.txt (work in progress)

   [ETH] "Encapsulation Methods for Transport of Ethernet Frames Over
        IP/MPLS Networks", draft-ietf-pwe3-ethernet-encap-06.txt.
        (work in progress)

   [802.3] "IEEE 802.3ac-1998" IEEE standard specification.

   [SDH] American National Standards Institute, "Synchronous Optical
        Network Formats," ANSI T1.105-1995.

   [ITUG] ITU Recommendation G.707, "Network Node Interface For The
        Synchronous Digital Hierarchy", 1996.

   [RFC3985] "PWE3 Architecture" Bryant, et al., RFC3985.

   [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
        IANA Considerations section in RFCs", BCP 26, RFC 2434, October
        1998.

   [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
        Languages", BCP 18, RFC 2277, January 1998.

   [note1] FEC element type 128,129 is pending IANA approval.


14. Author Information


   Luca Martini
   Cisco Systems, Inc.
   9155 East Nichols Avenue, Suite 400
   Englewood, CO, 80112
   e-mail: lmartini@cisco.com


   Nasser El-Aawar
   Level 3 Communications, LLC.
   1025 Eldorado Blvd.
   Broomfield, CO, 80021
   e-mail: nna@level3.net








Martini, et al.                                                [Page 28]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005



   Giles Heron
   Tellabs
   Abbey Place
   24-28 Easton Street
   High Wycombe
   Bucks
   HP11 1NT
   UK
   e-mail: giles.heron@tellabs.com


   Eric C. Rosen
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA 01719
   e-mail: erosen@cisco.com


   Dan Tappan
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA 01719
   e-mail: tappan@cisco.com


   Toby Smith
   Omega Corporate Center
   1300 Omega Drive
   Pittsburgh, PA 15205
   Laurel Networks, Inc.
   e-mail: tob@laurelnetworks.com


15. Additional Contributing Authors


   Dimitri Stratton Vlachos
   Mazu Networks, Inc.
   125 Cambridgepark Drive
   Cambridge, MA 02140
   e-mail: d@mazunetworks.com









Martini, et al.                                                [Page 29]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005



   Jayakumar Jayakumar,
   Cisco Systems Inc.
   225, E.Tasman, MS-SJ3/3,
   San Jose, CA, 95134
   e-mail: jjayakum@cisco.com


   Alex Hamilton,
   Cisco Systems Inc.
   285 W. Tasman, MS-SJCI/3/4,
   San Jose, CA, 95134
   e-mail: tahamilt@cisco.com


   Steve Vogelsang
   Laurel Networks, Inc.
   Omega Corporate Center
   1300 Omega Drive
   Pittsburgh, PA 15205
   e-mail: sjv@laurelnetworks.com


   John Shirron
   Omega Corporate Center
   1300 Omega Drive
   Pittsburgh, PA 15205
   Laurel Networks, Inc.
   e-mail: jshirron@laurelnetworks.com


   Andrew G. Malis
   Tellabs
   90 Rio Robles Dr.
   San Jose, CA 95134
   e-mail: Andy.Malis@tellabs.com


   Vinai Sirkay
   Reliance Infocomm
   Dhirubai Ambani Knowledge City
   Navi Mumbai 400 709
   e-mail: vinai@sirkay.com








Martini, et al.                                                [Page 30]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005



   Vasile Radoaca
   Nortel Networks
   600  Technology Park
   Billerica MA 01821
   e-mail: vasile@nortelnetworks.com


   Chris Liljenstolpe
   Cable & Wireless
   11700 Plaza America Drive
   Reston, VA 20190
   e-mail: chris@cw.net


   Dave Cooper
   Global Crossing
   960 Hamlin Court
   Sunnyvale, CA 94089
   e-mail: dcooper@gblx.net


   Kireeti Kompella
   Juniper Networks
   1194 N. Mathilda Ave
   Sunnyvale, CA 94089
   e-mail: kireeti@juniper.net
























Martini, et al.                                                [Page 31]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005


Ap A C-bit Handling Procedures Diagram

                   ------------------
               Y   | Received Label |       N
            -------|  Mapping Msg?  |--------------
            |      ------------------             |
        --------------                            |
        |            |                            |
     -------      -------                         |
     | C=0 |      | C=1 |                         |
     -------      -------                         |
        |            |                            |
        |    ----------------                     |
        |    | Control Word |     N               |
        |    |    Capable?  |-----------          |
        |    ----------------          |          |
        |          Y |                 |          |
        |            |                 |          |
        |   ----------------           |          |
        |   | Control Word |  N        |          |
        |   |  Preferred?  |----       |          |
        |   ----------------   |       |          |
        |          Y |         |       |          |
        |            |         |       |   ----------------
        |            |         |       |   | Control Word |
        |            |         |       |   |  Preferred?  |
        |            |         |       |   ----------------
        |            |         |       |     N |     Y |
        |            |         |       |       |       |
      Send         Send      Send    Send    Send    Send
       C=0          C=1       C=0     C=0     C=0     C=1
                               |       |       |       |
                            ----------------------------------
                            | If receive the same as sent,   |
                            | PW setup is complete. If not:  |
                            ----------------------------------
                               |       |       |       |
                              ------------------- -----------
                              |     Receive     | | Receive |
                              |       C=1       | |   C=0   |
                              ------------------- -----------
                                       |               |
                                 Wait for the        Send
                                 next message     Wrong C-Bit
                                                       |
                                                  Send Label
                                               Mapping Message




Martini, et al.                                                [Page 32]


Internet Draft  draft-ietf-pwe3-control-protocol-16.txt       March 2005





















































Martini, et al.                                                [Page 33]