Network Working Group                               Praveen Muley, Ed.
Internet Draft                                  Mustapha Aissaoui, Ed.
Intended Status: Informational                         Alcatel-Lucent
Expires: November 2010
                                                           May 14, 2010

                      Pseudowire (PW) Redundancy


   This document describes a framework comprised of few scenarios and
   associated requirements where PW redundancy is needed. A set of
   redundant PWs is configured between PE nodes in SS-PW applications,
   or between T-PE nodes in MS-PW applications. In order for the PE/T-PE
   nodes to indicate the preferred PW to forward to one another, a new
   status is needed to indicate the preferential forwarding status of
   active or standby for each PW in the redundancy set.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 14, 2010.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents

Muley et al.          Expires November 14, 2010               [Page 1]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC-2119 [1].

Table of Contents

   1. Terminology .............................................. 2
   2. Introduction.............................................. 3
   3. Reference Model........................................... 4
      3.1. PE Architecture...................................... 4
      3.2. Multiple Multi-homed................................. 5
      3.3. Single Homed CE with MS-PW redundancy................ 7
      3.4. PW redundancy between MTU-s.......................... 8
      3.5. PW redundancy between n-PEs.......................... 9
      3.6. PW redundancy in Bridge Module Model................. 10
   4. Generic PW redundancy requirements........................ 11
      4.1. Protection switching requirements.................... 11
      4.2. Operational requirements............................. 11
   5. Security Considerations................................... 12
   6. IANA considerations....................................... 12
   7. Major Contributing Authors................................ 12
   8. Acknowledgments........................................... 13
   9. References................................................ 14
      9.1. Normative References................................. 14
      9.2. Informative References............................... 14
   Author's Addresses........................................... 14

1. Terminology

   o Active PW.  A PW whose preferential status is set to Active and
      Operational status is UP and is used for forwarding user and OAM

Muley et al.          Expires November 14, 2010               [Page 2]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   o Standby PW. A PW whose preferential status is set to Standby and
      Operational status is UP and is not used for forwarding user
      traffic but may forward OAM traffic.

   o PW Endpoint: A PE where a PW terminates on a point where Native
      Service Processing is performed, e.g., A SS-PW PE, an MS-PW T-PE,
      or an H-VPLS MTU-s or PE-rs.

   o Primary PW: the PW which a PW endpoint activates in preference to
      any other PW when more than one PW qualify for active state. When
      the primary PW comes back up after a failure and qualifies for
      active state, the PW endpoint always reverts to it. The
      designation of Primary is performed by local configuration for
      the PW at the PE.

   o Secondary PW: when it qualifies for active state, a Secondary PW
      is only selected if no Primary PW is configured or if the
      configured primary PW does not qualify for active state (e.g., is
      DOWN). By default, a PW in a redundancy PW set is considered
      secondary. There is no Revertive mechanism among secondary PWs.

   o Revertive protection switching. Traffic will be carried by
      primary PW if it is Operationally UP and the wait-to-restore
      timer expires and primary PW is made the Active PW.

   o Non-revertive protection switching. Traffic will be carried by
      the last PW  selected as a result of previous active PW entering
      Operationally DOWN state.

   o Manual selection of PW . Ability for the operator to manually
      select the primary/secondary PWs.

   This document uses the term 'PE' to be synonymous with both PEs as
           per RFC3985 and T-PEs as per RFC5659.

   This document uses the term 'PW' to be synonymous with both PWs as
           per RFC3985 and SS-PWs, MS-PWs, S-PEs, PW-segment and  PW
           switching point as per RFC5659.

2. Introduction

   In single-segment PW (SS-PW) applications, protection for the PW is
   provided by the PSN layer. This may be an Resource Reservation
   Protocol traffic engineered (RSVP-TE) labeled switch (LSP) with a
   fast-Reroute (FRR) backup and/or an end-to-end backup LSP. There are

Muley et al.          Expires November 14, 2010               [Page 3]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   applications however where the backup PW terminates on a different
   target PE node. PSN protection mechanisms cannot protect against
   failure of the target PE node or the failure of the remote AC.

   In multi-segment PW (MS-PW) applications, a primary and one or more
   secondary PWs in standby mode are configured in the network. The
   paths of these PWs are diverse in the sense that they are switched at
   different S-PE nodes. In these applications, PW redundancy is
   important for the service resilience.

   In some deployments, it is important for operators that particular PW
   is preferred if it is available. For example, PW path with least
   latency may be preferred.

   This document describes framework for these applications and its
   associated operational requirements. The framework comprises of new
   required status called preferential status to PW apart from the
   operational status already defined in the PWE3 control protocol [2].

3. Reference Model

   Following figures shows the reference architecture of PE for the PW
   redundancy and its usage in different topologies and applications.

3.1. PE Architecture

   Figure 1 shows the PE architecture for PW redundancy, when more than
   one PW in a redundant set is associated with a single AC. This is
   based on the architecture in Figure 4b of RFC3985 [3]. The forwarder
   selects which of the redundant PWs to using the criteria described in
   this document.

Muley et al.          Expires November 14, 2010               [Page 4]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

              |                PE Device               |
     Single   |                 |        Single        | PW Instance
      AC      |                 +      PW Instance     X<===========>
              |                 |                      |
              |                 |----------------------|
      <------>o                 |        Single        | PW Instance
              |    Forwarder    +      PW Instance     X<===========>
              |                 |                      |
              |                 |----------------------|
              |                 |        Single        | PW Instance
              |                 +      PW Instance     X<===========>
              |                 |                      |
   Figure 1 PE architecture for PW redundancy

3.2. Multiple Multi-homed

         |<-------------- Emulated Service ---------------->|
         |                                                  |
         |          |<------- Pseudo Wire ------>|          |
         |          |                            |          |
         |          |    |<-- PSN Tunnels-->|    |          |
         |          V    V                  V    V          |
         V    AC    +----+                  +----+     AC   V
   +-----+    |     |....|.......PW1........|....|     |    +-----+
   |     |----------| PE1|......   .........| PE3|----------|     |
   | CE1 |          +----+      \ /  PW3    +----+          | CE2 |
   |     |          +----+       X          +----+          |     |
   |     |          |    |....../ \..PW4....|    |          |     |
   |     |----------| PE2|                  | PE4|--------- |     |
   +-----+    |     |....|.....PW2..........|....|     |    +-----+
              AC    +----+                  +----+    AC

    Figure 2                  Multiple Multi-homed CEs with single SS-PW redundancy

   In the Figure 2 illustrated above both CEs, CE1 and CE2 are dual-
   homed with PEs, PE1, PE2 and PE3, PE4 respectively. The method for
   dual-homing and the used protocols are outside the scope of this
   document.  Note that the PSN tunnels are not shown in this figure for
   clarity. However, it can be assumed that each of the PWs shown is
   encapsulated in a separate PSN tunnel.

   PE1 has PW1 and PW4 service connecting PE3 and PE4 respectively.
   Similarly PE2 has PW2 and Pw3 pseudo wire service connecting PE4 and

Muley et al.          Expires November 14, 2010               [Page 5]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   PE3 respectively. PW1, PW2, PW3 and PW4 are all operationally UP. In
   order to support N:1 or 1:1 only one PW is required to be selected to
   forward the traffic. Thus the PW needs to reflect its new status
   apart from the operational status. We call this as preferential
   forwarding status with state representing 'active' the one carrying
   traffic while the other 'standby' which is operationally UP but not
   forwarding traffic. The method of deriving Active/Standby status of
   the AC is outside the scope of this document.

   A new algorithm needs to be developed using the preferential
   forwarding state of PW and select only one PW to forward.

   On failure of AC between the dual homed CE1 in this case lets say PE1
   the preferential status on PE2 needs to be changed. Different
   mechanisms/protocols can be used to achieve this and these are beyond
   the scope of this document. After the change in status the algorithm
   for selection of PW needs to revaluate and select PW to forward the
   traffic. In this application, because each dual-homing algorithm
   running on the two node sets, i.e., {CE1, PE1, PE2} and {CE2, PE3,
   PE4}, selects the active AC independently, there is a need to signal
   the active status of the AC such that the PE nodes can select a
   common active PW path for end-to-end forwarding between CE1 and CE2.
   This helps in restricting the changes occurring on one side of
   network due to failure to the other side of the network.

   Also the failures in the carrier core network MUST NOT be propagated
   to customer network. Hence network operator should take this
   consideration while designing the network. For ex. if there is
   failure of LSP tunnel, operator should have rely on FRR or an
   alternate LSP path/tunnel which will be seamless to the PW service.
   Note this method also protects against any single PE failure or some
   dual PE failures.

   One Multi-homed CE with single SS-PW redundancy application is a
   subset of above. Only PW1 and PW3 exist in this case. This helps
   against AC failure and PE failure of dual homed AC. Similar
   requirements applies in usage MS-PW redundancy as well. An additional
   requirement applicable to MS-PW is forwarding of status notification
   through S-PE. In general from customer view, SS-PW and MS-PW has
   similar resiliency requirement.

   There is also a 1:1 protection switching case that is a subset of the
   above where PW3 and PW4 are not present.

   o If the CEs do not perform native service protection switching, but
      instead may use load balancing. This protects against AC failures
      and can use the native service to indicate active/failed state.

Muley et al.          Expires November 14, 2010               [Page 6]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   o If each CE homes to different PEs, then the CEs can implement
      native service protection switching, without any PW redundancy
      functions. All that the PW needs to do is detect AC, PE, or PSN
      tunnel failures and convey that information to both PEs at the end
      of the PW. This is applicable to MS-PW as well.

3.3. Single Homed CE with MS-PW redundancy

   This is the main application of interest and the network setup is
   shown in Figure 3

       Native   |<------------Pseudo Wire------------>|  Native
       Service  |                                     |  Service
        (AC)    |     |<-PSN1-->|     |<-PSN2-->|     |  (AC)
          |     V     V         V     V         V     V   |
          |     +-----+         +-----+         +-----+   |
   +----+ |     |T-PE1|=========|S-PE1|=========|T-PE2|   |   +----+
   |    |-------|......PW1-Seg1.......|.PW1-Seg2......|-------|    |
   | CE1|       |     |=========|     |=========|     |       | CE2|
   |    |       +-----+         +-----+         +-----+       |    |
   +----+        |.||.|                          |.||.|       +----+
                 |.||.|         +-----+          |.||.|
                 |.||.|=========|     |========== .||.|
                 |.| ===========|S-PE2|============ |.|
                 |.|            +-----+             |.|
                 |.|============+-----+============= .|
                 |.....PW3-Seg1.|     | PW3-Seg2......|
                                |     |

   Figure 3 Single homed CE with multi-segment pseudo-wire redundancy

   In Figure 3, CE1 is connected to PE1 in provider Edge 1 and CE2 to
   PE2 in provider edge 2 respectively. There are three segmented PWs. A
   PW1, is switched at S-PE1, PW2, which is switched at S-PE2 and PW3,
   is switched at S-PE3.

   Since there is no multi-homing running on the AC, the T-PE nodes
   would advertise 'Active' for the forwarding status based on the
   priority. Priorities associate meaning of 'primary PW' and 'secondary
   PW'. These priorities MUST be used in revertive mode as well and
   paths must be switched accordingly. The priority can be configuration
   or derivation from the PWid. Lower the PWid higher the priority.
   However, this does not guarantee selection of same PW by the T-PEs
   because, for example, mismatch of the configuration of the PW

Muley et al.          Expires November 14, 2010               [Page 7]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   priority in each T-PE. The intent of this application is to have T-
   PE1 and T-PE2 synchronize the transmit and receive path of the PW
   over the network. In other words, both T-PE nodes are required to
   transmit over the PW segment which is switched by the same S-PE. This
   is desirable for ease of operation and troubleshooting.

3.4. PW redundancy between MTU-s

   Following figure illustrates the application of use of PW redundancy
   in spoke PW by dual homed MTU-s to PEs.

                     |<-PSN1-->|     |<-PSN2-->|
                     V         V     V         V
               +-----+         +-----+
               |MTU-s|=========|PE1  |========
               |..Active PW group....| H-VPLS-core
               |     |=========|     |=========
               +-----+         +-----+
                  |.|           +-----+
                  |.|===========|     |==========
                  |...Standby PW group|.H-VPLS-core
                   =============|  PE2|==========

               Figure 4  Multi-homed MTU-s in H-VPLS core

   In Figure 4, MTU-s is dual homed to PE1 and PE2 and has spoke PWs to
   each of them. MTU-s needs to choose only one of the spoke PW (active
   PW) to one of the PE to forward the traffic and the other to standby
   status. MTU-s can derive the status of the PWs based on local policy
   configuration. PE1 and PE2 are connected to H-VPLS core on the other
   side of network. MTU-s communicates the status of its member PWs for
   a set of VSIs having common status Active/Standby. Here MTU-s
   controls the selection of PWs to forward the traffic. Signaling
   using PW grouping with common group-id in PWid FEC Element or
   Grouping TLV in Generalized PWid FEC Element as defined in [2] to PE1
   and PE2 respectively, is encouraged to scale better.

   Whenever MTU-s performs a switchover, it needs to communicate to PE2
   for the Standby PW group the changed status of active.

   In this scenario, PE devices are aware of switchovers at MTU-s and
   could generate MAC Withdraw Messages to trigger MAC flushing within

Muley et al.          Expires November 14, 2010               [Page 8]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   the H-VPLS full mesh. By default, MTU-s devices should still trigger
   MAC Withdraw messages as currently defined in [5] to prevent two
   copies of MAC withdraws to be sent (one by MTU-s and another one by
   PEs). Mechanisms to disable MAC Withdraw trigger in certain devices
   is out of the scope of this document.

3.5. PW redundancy between n-PEs

   Following figure illustrates the application of use of PW redundancy
   for dual homed connectivity between PE devices in a ring topology.

             +-------+                     +-------+

             |  PE1  |=====================|  PE2  |====...

             +-------+    PW Group 1       +-------+

                 ||                            ||

   VPLS Domain A ||                            || VPLS Domain B

                 ||                            ||

             +-------+                     +-------+

             |  PE3  |=====================|  PE4  |==...

             +-------+    PW Group 2       +-------+

                 Figure 5   Redundancy in Ring topology

   In Figure 5, PE1 and PE3 from VPLS domain A are connected to PE2 and
   PE4 in VPLS domain B via PW group 1 and group 2. Each of the PE in
   respective domain is connected to each other as well to form the ring
   topology. Such scenarios may arise in inter-domain H-VPLS deployments
   where RSTP or other mechanisms may be used to maintain loop free
   connectivity of PW groups.

   Ref.[5] outlines about multi-domain VPLS service without specifying
   how redundant border PEs per domain per VPLS instance can be
   supported. In the example above, PW group1 may be blocked at PE1 by
   RSTP and it is desirable to block the group at PE2 by virtue of
   exchanging the PW preferential status as Standby. How the PW grouping
   should be done here is again deployment specific and is out of scope
   of the solution.

Muley et al.          Expires November 14, 2010               [Page 9]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

3.6. PW redundancy in Bridge Module Model

   ----------------------------+  Provider  +------------------------

                               .   Core     .

                   +------+    .            .    +------+

                   | n-PE |======================| n-PE |

        Provider   | (P)  |---------\    /-------| (P)  |  Provider

        Access     +------+    ._    \  /   .    +------+  Access

        Network                .      \/    .              Network

          (1)      +------+    .      /\    .    +------+     (2)

                   | n-PE |----------/  \--------| n-PE |

                   |  (B) |----------------------| (B)  |_

                   +------+    .            .    +------+

                               .            .

   ----------------------------+            +------------------------

                         Figure 6 Bridge Module Model

   In Figure 6, two provider access networks, each having two n-PEs,
   where the n-PEs are connected via a full mesh of PWs for a given VPLS
   instance. As shown in the figure, only one n-PE in each access
   network is serving as a Primary PE (P) for that VPLS instance and the
   other n-PE is serving as the backup PE (B).In this figure, each
   primary PE has two active PWs originating from it. Therefore, when a
   multicast, broadcast, and unknown unicast frame arrives at the
   primary n-PE from the access network side, the n-PE replicates the
   frame over both PWs in the core even though it only needs to send the
   frames over a single PW (shown with == in the figure) to the primary
   n-PE on the other side. This is an unnecessary replication of the

Muley et al.          Expires November 14, 2010              [Page 10]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   customer frames that consumes core-network bandwidth (half of the
   frames get discarded at the receiving n-PE). This issue gets
   aggravated when there is three or more n-PEs per provider, access
   network. For example if there are three n-PEs or four n-PEs per
   access network, then 67% or 75% of core-BW for multicast, broadcast
   and unknown unicast are respectively wasted.

   In this scenario, n-PEs can disseminate the status of PWs
   active/standby among themselves and furthermore to have it tied up
   with the redundancy mechanism such that per VPLS instance the status
   of active/backup n-PE gets reflected on the corresponding PWs
   emanating from that n-PE.

4. Generic PW redundancy requirements

4.1. Protection switching requirements

   o Protection architecture such as N:1,1:1 or 1+1 can be used. N:1
      protection case is somewhat inefficient in terms of capacity
      consumption hence implementations SHOULD support this method
      while  1:1 being subset and efficient MUST be supported. 1+1
      protection architecture can be supported but is left for further

   o Non-revertive mode MUST be supported, while revertive mode is an
      optional one.

   o Protection switchover can be operator driven like Manual
      lockout/force switchover or due to signal failure. Both methods
      MUST be supported and signal failure MUST be given higher
      priority than any local or far end request.

4.2.  Operational requirements

   o (T-)PEs involved in protecting a PW SHOULD automatically discover
      and attempt to resolve inconsistencies in the configuration of
      primary/secondary PW.

   o (T-)PEs involved in protecting a PW SHOULD automatically discover
      and attempt to resolve inconsistencies in the configuration of
      revertive/non-revertive protection switching mode.

   o (T-)PEs that do not automatically discover or resolve
      inconsistencies in the configuration of primary/secondary,
      revertive/non-revertive, or other parameters MUST generate an
      alarm upon detection of an inconsistent configuration.

Muley et al.          Expires November 14, 2010              [Page 11]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   o (T-)PEs involved with protection switching MUST support the
      configuration of revertive or non-revertive protection switching

   o (T-)PEs involved with protection switching SHOULD support the
      local invocation of protection switching.

   o (T-)PEs involved with protection switching SHOULD support the
      local invocation of a lockout of protection switching.

   o In standby status PW can still receive packets in order to avoid
      black holing of in-flight packets during switchover. However in
      case of use of VPLS application packets are dropped in standby
      status except for the OAM packets.

5. Security Considerations

   This document expects extensions to LDP that are needed for
   protecting pseudo-wires. It will have the same security properties as
   in LDP [4] and the PW control protocol [2].

6. IANA considerations

   This document has no actions for IANA.

7. Major Contributing Authors

   The editors would like to thank Matthew Bocci, Pranjal Kumar Dutta,
   Marc Lasserre,  Jonathan Newton, Hamid Ould-Brahim, Olen Stokes, Dave
   Mcdysan, Giles Heron and Thomas Nadeau who made a major contribution
   to the development of this document.

Muley et al.          Expires November 14, 2010              [Page 12]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

   Matthew Bocci
   Voyager Place, Shoppenhangers Rd
   Maidenhead, Berks, UK SL6 2PJ

   Pranjal Kumar Dutta

   Marc Lasserre

   Jonathan Newton
   Cable & Wireless

   Olen Stokes
   Extreme Networks

   Hamid Ould-Brahim

   Dave McDysan

   Giles Heron

   Thomas Nadeau

8. Acknowledgments

   The authors would like to thank Vach Kompella, Kendall Harvey,
   Tiberiu Grigoriu, Neil Hart, Kajal Saha, Florin Balus and Philippe
   Niger for their valuable comments and suggestions.

Muley et al.          Expires November 14, 2010              [Page 13]

Internet-Draft       Pseudowire (PW) Redundancy               May 2010

9. References

9.1. Normative References

   [1]  Bradner, S., "Key words for use in RFCs to Indicate
         Requirement Levels", BCP 14, RFC 2119, March 1997.

   [2]  Martini, L., et al., "Pseudowire Setup and Maintenance using
         LDP", RFC 4447, April 2006.

   [3]  Bryant, S., et al., " Pseudo Wire Emulation Edge-to-Edge
         (PWE3) Architecture", RFC 3985 March 2005

   [4]  Andersson, L., Minei, I., and B. Thomas, "LDP Specification",
         RFC 5036, January 2001

   [5]  Kompella,V., Lasserrre, M. , et al., "Virtual Private LAN
         Service (VPLS) Using LDP Signalling", RFC 4762, January 2007

9.2. Informative References

   [6]  Martini, L., et al., "Segmented Pseudo Wire", draft-ietf-pwe3-
         segmented-pw-14.txt, October 2010.

Author's Addresses

   Praveen Muley
   701 E. Middlefiled Road
   Mountain View, CA, USA

  Mustapha Aissaoui
   600 March Rd
   Kanata, ON, Canada K2K 2E6

Muley et al.          Expires November 14, 2010              [Page 14]