MPLS Transport Profile (MPLS-TP) Linear Protection
RFC 6378
| Document | Type | RFC - Proposed Standard (October 2011) | |
|---|---|---|---|
| Authors | Eric Osborne , Nurit Sprecher , Annamaria Fulignoli , Stewart Bryant , Yaacov Weingarten | ||
| Last updated | 2018-12-20 | ||
| Replaces | draft-weingarten-mpls-tp-linear-protection | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | (None) | ||
| IESG | IESG state | RFC 6378 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Adrian Farrel | ||
| IESG note | Ross Callon (rcallon@juniper.net) is the Document Shepherd | ||
| Send notices to | (None) |
RFC 6378
Internet Engineering Task Force (IETF) Y. Weingarten, Ed.
Request for Comments: 6378 Nokia Siemens Networks
Category: Standards Track S. Bryant
ISSN: 2070-1721 E. Osborne
Cisco
N. Sprecher
Nokia Siemens Networks
A. Fulignoli, Ed.
Ericsson
October 2011
MPLS Transport Profile (MPLS-TP) Linear Protection
Abstract
This document is a product of a joint Internet Engineering Task Force
(IETF) / International Telecommunications Union Telecommunications
Standardization Sector (ITU-T) effort to include an MPLS Transport
Profile within the IETF MPLS and Pseudowire Emulation Edge-to-Edge
(PWE3) architectures to support the capabilities and functionalities
of a packet transport network as defined by the ITU-T.
This document addresses the functionality described in the MPLS-TP
Survivability Framework document (RFC 6372) and defines a protocol
that may be used to fulfill the function of the Protection State
Coordination for linear protection, as described in that document.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6378.
Weingarten, et al. Standards Track [Page 1]
RFC 6378 MPLS-TP LP October 2011
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Weingarten, et al. Standards Track [Page 2]
RFC 6378 MPLS-TP LP October 2011
Table of Contents
1. Introduction ....................................................4
1.1. Protection Architectures ...................................4
1.2. Scope of the Document ......................................5
2. Conventions Used in This Document ...............................6
2.1. Acronyms ...................................................6
2.2. Definitions and Terminology ................................7
3. Protection State Control Logic ..................................7
3.1. Local Request Logic ........................................9
3.2. Remote Requests ...........................................11
3.3. PSC Control Logic .........................................12
3.4. PSC Message Generator .....................................12
3.5. Wait-to-Restore (WTR) Timer ...............................12
3.6. PSC Control States ........................................13
3.6.1. Local and Remote State .............................14
4. Protection State Coordination (PSC) Protocol ...................14
4.1. Transmission and Acceptance of PSC Control Packets ........15
4.2. Protocol Format ...........................................16
4.2.1. PSC Ver Field ......................................16
4.2.2. PSC Request Field ..................................17
4.2.3. Protection Type (PT) Field .........................18
4.2.4. Revertive (R) Field ................................18
4.2.5. Fault Path (FPath) Field ...........................19
4.2.6. Data Path (Path) Field .............................19
4.2.7. Additional TLV Information .........................19
4.3. Principles of Operation ...................................20
4.3.1. Basic Operation ....................................20
4.3.2. Priority of Inputs .................................21
4.3.3. Operation of PSC States ............................22
5. IANA Considerations ............................................33
5.1. Pseudowire Associated Channel Type ........................33
5.2. PSC Request Field .........................................33
5.3. Additional TLVs ...........................................34
6. Security Considerations ........................................34
7. Acknowledgements ...............................................35
8. Contributing Authors ...........................................36
9. References .....................................................37
9.1. Normative References ......................................37
9.2. Informative References ....................................37
Appendix A. PSC State Machine Tables ..............................39
Appendix B. Exercising the Protection Domain ......................44
Weingarten, et al. Standards Track [Page 3]
RFC 6378 MPLS-TP LP October 2011
1. Introduction
The MPLS Transport Profile (MPLS-TP) [RFC5921] is a framework for the
construction and operation of packet-switched transport networks
based on the architectures for MPLS ([RFC3031] and [RFC3032]) and for
Pseudowires (PWs) ([RFC3985] and [RFC5659]) and the requirements of
[RFC5654].
Network survivability is the ability of a network to recover traffic
delivery following failure, or degradation, of network resources.
The MPLS-TP Survivability Framework [RFC6372] is a framework for
survivability in MPLS-TP networks, and describes recovery elements,
types, methods, and topological considerations, focusing on
mechanisms for recovering MPLS-TP Label Switched Paths (LSPs).
Linear protection in mesh networks -- networks with arbitrary
interconnectivity between nodes -- is described in Section 4.7 of
[RFC6372]. Linear protection provides rapid and simple protection
switching. In a mesh network, linear protection provides a very
suitable protection mechanism because it can operate between any pair
of points within the network. It can protect against a defect in an
intermediate node, a span, a transport path segment, or an end-to-end
transport path.
1.1. Protection Architectures
Protection switching is a fully allocated survivability mechanism.
It is fully allocated in the sense that the route and resources of
the protection path are reserved for a selected working path or set
of working paths. It provides a fast and simple survivability
mechanism that allows the network operator to easily grasp the active
state of the network and that can operate between any pair of points
within the network.
As described in the Survivability Framework document [RFC6372],
protection switching is applied to a protection domain. For the
purposes of this document, we define the protection domain of a
point-to-point LSP as consisting of two Label Edge Routers (LERs) and
the transport paths that connect them (see Figure 3). For a point-
to-multipoint LSP, the protection domain includes the root (or
source) LER, the destination (or sink) LERs, and the transport paths
that connect them.
In 1+1 unidirectional architecture as presented in [RFC6372], a
protection transport path is dedicated to the working transport path.
Normal traffic is bridged (as defined in [RFC4427]) and fed to both
the working and the protection paths by a permanent bridge at the
source of the protection domain. The sink of the protection domain
Weingarten, et al. Standards Track [Page 4]
RFC 6378 MPLS-TP LP October 2011
uses a selector to choose either the working or protection path from
which to receive the traffic, based on predetermined criteria, e.g.,
server defect indication. When used for bidirectional switching the
1+1 protection architecture must also support a Protection State
Coordination (PSC) protocol. This protocol is used to help
coordinate between both ends of the protection domain in selecting
the proper traffic flow.
In the 1:1 architecture, a protection transport path is dedicated to
the working transport path of a single service, and the traffic is
only transmitted on either the working or the protection path, by
using a selector at the source of the protection domain. A selector
at the sink of the protection domain then selects the path that
carries the normal traffic. Since the source and sink need to be
coordinated to ensure that the selector at both ends select the same
path, this architecture must support a PSC protocol.
The 1:n protection architecture extends the 1:1 architecture above by
sharing the protection path among n services. Again, the protection
path is fully allocated and disjoint from any of the n working
transport paths that it is being used to protect. The normal data
traffic for each service is transmitted either on the normal working
path for that service or, in cases that trigger protection switching
(as listed in [RFC6372]), may be sent on the protection path. The
switching action is similar to the 1:1 case where a selector is used
at the source. In cases where multiple working path services have
triggered protection switching, it should be noted that some
services, dependent upon their Service Level Agreement (SLA), may not
be transmitted as a result of limited resources on the protection
path. In this architecture, there may be a need for coordination of
the protection switching and for resource allocation negotiation.
The procedures for this are for further study and may be addressed in
future documents.
1.2. Scope of the Document
As was pointed out in the Survivability Framework [RFC6372] and
highlighted above, there is a need for coordination between the end
points of the protection domain when employing bidirectional
protection schemes. This is especially true when there is a need to
verify that the traffic continues to be transported on a
bidirectional LSP that is co-routed.
The scope of this document is to present a protocol for the
Protection State Coordination of Linear Protection. The protocol
addresses the protection of LSPs in an MPLS-TP network as required by
[RFC5654] (in particular, requirements 63-65 and 74-79) and described
in [RFC6372]. The basic protocol is designed for use in conjunction
Weingarten, et al. Standards Track [Page 5]
RFC 6378 MPLS-TP LP October 2011
with the 1:1 protection architecture, bidirectional protection, and
for 1+1 protection of a bidirectional path (for both unidirectional
and bidirectional protection switching). Applicability of the
protocol for 1:1 unidirectional protection and for 1:n protection
schemes may be documented in a future document and is out of scope
for this document. The applicability of this protocol to additional
MPLS-TP constructs and topologies may be documented in future
documents.
While the unidirectional 1+1 protection architecture does not require
the use of a coordination protocol, the protocol may be used by the
ingress node of the path to notify the far-side end point that a
switching condition has occurred and verify the consistency of the
end-point configuration. This use may be especially useful for
point-to-multipoint transport paths, that are unidirectional by
definition of [RFC5654]. The use of this protocol for point-to-
multipoint paths is out of scope for this document and may be
addressed in a future applicability document.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2.1. Acronyms
This document uses the following acronyms:
CT Channel Type
DNR Do-not-Revert
FS Forced Switch
G-ACh Generic Associated Channel
LER Label Edge Router
LO Lockout of protection
LSR Label Switching Router
MEG Managed Entity Group
MEP MEG End Point
MPLS-TP Transport Profile for MPLS
MS Manual Switch
NR No Request
OAM Operations, Administration, and Maintenance
PSC Protection State Coordination Protocol
S-PE Switching Provider Edge
SD Signal Degrade
SF Signal Fail
SFc Clear Signal Fail
SLA Service Level Agreement
Weingarten, et al. Standards Track [Page 6]
RFC 6378 MPLS-TP LP October 2011
T-PE Terminating Provider Edge
WTR Wait-to-Restore
2.2. Definitions and Terminology
The terminology used in this document is based on the terminology
defined in [RFC4427] and further adapted for MPLS-TP in [RFC6372].
In addition, we use the term "LER" to refer to an MPLS-TP Network
Element, whether it is an LSR, LER, T-PE, or S-PE.
3. Protection State Control Logic
Protection switching processes the local triggers described in
requirements 74-79 of [RFC5654] together with inputs received from
the far-end LER. Based on these inputs, the LER will take certain
protection switching actions, e.g., switching the selector to
transmit on the working or protection path for 1:1 protection or
switching the selector to receive the traffic for either 1:1 or 1+1
protection and transmit different protocol messages.
The following figure shows the logical decomposition of the
Protection State Control logic into different logical processing
units. These processing units are presented in subsequent
subsections of this document. This logical decomposition is only
intended for descriptive purposes; any implementation that produces
the external behavior described in Section 4 is acceptable.
Weingarten, et al. Standards Track [Page 7]
RFC 6378 MPLS-TP LP October 2011
Server Indication Control-Plane Indication
-----------------+ +-------------
Operator Command | | OAM Indication
----------------+ | | +---------------
| | | |
V V V V
+---------------+ +-------+
| Local Request |<--------| WTR |
| logic |WTR Exps | Timer |
+---------------+ +-------+
| ^
Highest local|request |
V | Start/Stop
+-----------------+ |
Remote PSC | PSC Control |------------+
------------>| logic |
Request +-----------------+
|
| Action +------------+
+---------------->| Message |
| Generator |
+------------+
|
Output PSC | Message
V
Figure 1: Protection State Control Logic
Figure 1 describes the logical architecture of the protection
switching control. The Local Request logic unit accepts the triggers
from the OAM, server layer, external operator commands, local control
plane (when present), and the Wait-to-Restore timer. By considering
all of these local request sources, it determines the highest
priority local request. This high-priority request is passed to the
PSC Control logic, that will cross-check this local request with the
information received from the far-end LER. The PSC Control logic
uses this input to determine what actions need to be taken, e.g.,
local actions at the LER, or what message should be sent to the far-
end LER, and the current status of the protection domain.
Weingarten, et al. Standards Track [Page 8]
RFC 6378 MPLS-TP LP October 2011
3.1. Local Request Logic
The Local Request logic processes input triggers from five sources.
o Operator command - the network operator may issue local
administrative commands on the LER that trigger protection
switching. The commands Forced Switch, Manual Switch, Clear,
Lockout of protection (defined in [RFC4427] as Forced switch-over,
Manual switch-over, Clear, and Lockout of recovery LSP/span,
respectively) MUST be supported. An implementation MAY provide
additional commands for operator use; providing that these
commands do not introduce incompatible behavior between two
arbitrary implementations, they are outside the scope of this
document. For example, an implementation could provide a command
to manually set off a "WTR Expires" trigger (see below) input
without waiting for the duration of the WTR timer; as this merely
hastens the transition from one state to another and has no impact
on the state machine itself, it would be perfectly valid.
o Server-layer alarm indication - the underlying server layer of the
network detects failure conditions at the underlying layer and may
issue an indication to the MPLS-TP layer. The server layer may
employ its own protection switching mechanism; therefore, this
input MAY be controlled by a hold-off timer that SHOULD be
configurable by the network operator. The hold-off timer is
described in greater detail in [RFC6372].
o Control-Plane Indication - if there is a control plane active in
the network (either signaling or routing), it MAY trigger
protection switching based on conditions detected by the control
plane. If the control plane is based on GMPLS [RFC3945], then the
recovery process SHALL comply with the process described in
[RFC4872] and [RFC4873].
o OAM indication - OAM fault management or performance measurement
tools may detect a failure or degrade condition on either the
working or protection transport path, and this MUST input an
indication to the Local Request logic.
o WTR Expires - The Wait-to-Restore timer is used in conjunction
with recovery from failure conditions on the working path in
revertive mode. The timer SHALL signal the PSC control process
when it expires, and the end point SHALL revert to the normal
transmission of the user data traffic.
The input from these sources SHOULD be retained persistently for the
duration of the condition that initiated the trigger. The Local
Request logic processes these different input sources and, based on
Weingarten, et al. Standards Track [Page 9]
RFC 6378 MPLS-TP LP October 2011
the priorities between them (see Section 4.3.2), produces a current
local request. If more than one local input source generates a
trigger, then the Local Request logic selects the higher priority
indicator and ignores any lower priority indicator. As a result,
there is a single current local request that is passed to the PSC
Control logic. The different local requests that may be output from
the Local Request logic are as follows:
o Clear - if the operator cancels an active local administrative
command, i.e., LO/FS/MS.
o Lockout of protection (LO) - if the operator requested to prevent
switching data traffic to the protection path, for any purpose.
o Signal Fail (SF) - if any of the server-layer, control-plane, or
OAM indications signaled a failure condition on either the
protection path or one of the working paths.
o Signal Degrade (SD) - if any of the server-layer, control-plane,
or OAM indications signaled a degraded transmission condition on
either the protection path or one of the working paths. The
determination and actions for SD are for further study and may
appear in a separate document. All references to SD input are
placeholders for this extension.
o Clear Signal Fail (SFc) - if all of the server-layer, control-
plane, or OAM indications are no longer indicating a failure
condition on a path that was previously indicating a failure
condition.
o Forced Switch (FS) - if the operator requested that traffic be
switched from one of the working paths to the protection path.
o Manual Switch (MS) - if the operator requested that traffic be
switched from the working path to the protection path. This is
only relevant if there is no currently active fault condition or
operator command.
o WTR Expires (WTRExp) - generated by the WTR timer completing its
period.
If none of the input sources have generated any triggers, then the
Local Request logic should generate a No Request (NR) as the current
local request.
Weingarten, et al. Standards Track [Page 10]
RFC 6378 MPLS-TP LP October 2011
3.2. Remote Requests
In addition to the local requests, generated as a result of the local
triggers, indicated in the previous subsection, the PSC Control logic
SHALL accept PSC messages from the far-end LER of the transport path.
Remote messages indicate the status of the transport path from the
viewpoint of the far-end LER. These messages may drive state changes
on the local MEP, as defined later in this document. When using 1+1
unidirectional protection, an LER that receives a remote request
SHALL NOT perform any protection switching action, i.e., will
continue to select traffic from the working path and transport
traffic on both paths.
The following remote requests may be received by the PSC process:
o Remote LO - indicates that the remote end point is in Unavailable
state due to a Lockout of protection operator command.
o Remote SF - indicates that the remote end point has detected a
Signal Fail condition on one of the transport paths in the
protection domain. This remote message includes an indication of
which transport path is affected by the SF condition. In
addition, it should be noted that the SF condition may be either a
unidirectional or a bidirectional failure, even if the transport
path is bidirectional.
o Remote SD - indicates that the remote end point has detected a
Signal Degrade condition on one of the transport paths in the
protection domain. This remote message includes an indication of
which transport path is affected by the SD condition. In
addition, it should be noted that the SD condition may be either a
unidirectional or a bidirectional failure, even if the transport
path is bidirectional.
o Remote FS - indicates that the remote end point is operating under
an operator command to switch the traffic to the protection path.
o Remote MS - indicates that the remote end point is operating under
an operator command to switch the traffic from the working path to
the protection path.
o Remote WTR - indicates that the remote end point has determined
that the failure condition has recovered and has started its WTR
timer in preparation for reverting to the Normal state.
Weingarten, et al. Standards Track [Page 11]
RFC 6378 MPLS-TP LP October 2011
o Remote DNR - indicates that the remote end point has determined
that the failure condition has recovered and will continue
transporting traffic on the protection path due to operator
configuration that prevents automatic reversion to the Normal
state.
o Remote NR - indicates that the remote end point has no abnormal
condition to report.
3.3. PSC Control Logic
The PSC Control logic accepts the following input:
a. the current local request output from the Local Request logic
(see Section 3.1),
b. the remote request message from the remote end point of the
transport path (see Section 3.2), and
c. the current state of the PSC Control logic (maintained internally
by the PSC Control logic).
Based on the priorities between the different inputs, the PSC Control
logic determines the new state of the PSC Control logic and what
actions need to be taken.
The new state information is retained by the PSC Control logic, while
the requested action should be sent to the PSC Message Generator (see
Section 3.4) to generate and transmit the proper PSC message to be
transmitted to the remote end point of the protection domain.
3.4. PSC Message Generator
Based on the action output from the PSC Control logic, this unit
formats the PSC protocol message that is transmitted to the remote
end point of the protection domain. This message may either be the
same as the previously transmitted message or change when the PSC
control state (see Section 3.6) has changed. The messages are
transmitted as described in Section 4.1 of this document.
3.5. Wait-to-Restore (WTR) Timer
The WTR timer is used to delay reversion to Normal state when
recovering from a failure condition on the working path and the
protection domain is configured for revertive behavior. The length
of the timer may be provisioned by the operator. The WTR may be in
Weingarten, et al. Standards Track [Page 12]
RFC 6378 MPLS-TP LP October 2011
one of two states: Running or Stopped. The control of the WTR timer
is managed by the PSC Control logic, by use of internal signals to
start and stop, i.e., reset, the WTR timer.
If the WTR timer expires prior to being stopped, it SHALL generate a
WTR Expires local signal that is processed by the Local Request
logic. If the WTR timer is running, sending a Stop command SHALL
reset the timer, and put the WTR timer into Stopped state, but SHALL
NOT generate a WTR Expires local signal. If the WTR timer is
stopped, a Stop command SHALL be ignored.
3.6. PSC Control States
The PSC Control logic should maintain information on the current
state of the protection domain. Information on the state of the
domain is maintained by each LER within the protection domain. The
state information would include information of the current state of
the protection domain, an indication of the cause for the current
state (e.g., unavailable due to local LO command, protecting due to
remote FS), and, for each LER, should include an indication if the
state is related to a remote or local condition.
It should be noted that when referring to the "transport" of the data
traffic, in the following descriptions and later in the document that
the data will be transmitted on both the working and the protection
paths when using 1+1 protection, and on either the working or the
protection path exclusively when using 1:1 protection. When using
1+1 protection, the receiving LER should select the proper
transmission, according to the state of the protection domain.
The protection domain states that are supported by the PSC Control
logic are as follows:
o Normal state - Both the protection and working paths are fully
allocated and active, data traffic is being transported over (or
selected from) the working path, and no trigger events are
reported within the domain.
o Unavailable state - The protection path is unavailable -- either
as a result of an operator Lockout command or a failure condition
detected on the protection path.
o Protecting failure state - The working path has reported a
failure/degrade condition and the user traffic is being
transported (or selected) on the protection path.
o Protecting administrative state - The operator has issued a
command switching the user traffic to the protection path.
Weingarten, et al. Standards Track [Page 13]
RFC 6378 MPLS-TP LP October 2011
o Wait-to-Restore state - The protection domain is recovering from
an SF/SD condition on the working path that is being controlled by
the Wait-to-Restore (WTR) timer.
o Do-not-Revert state - The protection domain has recovered from a
Protecting state, but the operator has configured the protection
domain not to automatically revert to the Normal state upon
recovery. The protection domain SHALL remain in this state until
the operator issues a command to revert to the Normal state or
there is a new trigger to switch to a different state.
See Section 4.3.3 for details on what actions are taken by the PSC
Process logic for each state and the relevant input.
3.6.1. Local and Remote State
An end point may be in a given state as a result of either a local
input indicator (e.g., OAM, WTR timer) or as a result of receiving a
PSC message from the far-end LER. If the state is entered as a
result of a local input indicator, then the state is considered a
local state. If the state is entered as a result of a PSC message,
in the absence of a local input, then the state is considered a
remote state. This differentiation affects how the LER reacts to
different inputs, as described in Section 4.3.3. The PSC Control
logic should maintain, together with the current protection domain
state, an indication of whether this is a local or remote state, for
this LER.
In any instance where the LER has both a local and remote indicator
that cause the protection domain to enter a particular state, then
the state is considered a local state, regardless of the order in
which the indicators were processed. If, however, the LER has local
and remote indicators that would cause the protection domain to enter
different states, e.g., a local SF on working and a remote Lockout of
protection message, then the input with the higher priority (see
Section 4.3.2) will be the deciding factor and the source of that
indicator will determine whether it is local or remote. In the given
example, the result would be a Remote Unavailable state transmitting
PSC messages that indicate an SF condition on the working path and
that the protection path is not being used to transport protected
traffic (as described in the next section).
4. Protection State Coordination (PSC) Protocol
Bidirectional protection switching, as well as unidirectional 1:1
protection, requires coordination between the two end points in
determining which of the two possible paths, the working or
protection path, is transmitting the data traffic in any given
Weingarten, et al. Standards Track [Page 14]
RFC 6378 MPLS-TP LP October 2011
situation. When protection switching is triggered as described in
Section 3, the end points must inform each other of the switchover
from one path to the other in a coordinated fashion.
There are different possibilities for the type of coordinating
protocol. One possibility is a two-phased coordination in which the
LER that is initiating the protection switching sends a protocol
message indicating the switch but the actual switchover is performed
only after receiving an 'Ack' from the far-end LER. The other
possibility is a single-phased coordination, in which the initiating
LER performs the protection switchover to the alternate path and
informs the far-end LER of the switch, and the far-end LER will
complete the switchover.
This protocol is a single-phased protocol, as described above. In
the following subsections, we describe the protocol messages that are
used between the two end points of the protection domain.
4.1. Transmission and Acceptance of PSC Control Packets
The PSC control packets SHALL be transmitted over the protection path
only. This allows the transmission of the messages without affecting
the normal data traffic in the most prevalent case, i.e., the Normal
state. In addition, limiting the transmission to a single path
avoids possible conflicts and race conditions that could develop if
the PSC messages were sent on both paths.
When the protection domain state is changed due to a local input,
three PSC messages SHALL be transmitted as quickly as possible, to
allow for rapid protection switching. This set of three rapid
messages allows for fast protection switching even if one or two of
these packets are lost or corrupted. When the protection domain
state changes due to a remote message, the LER SHOULD send the three
rapid messages. However, when the LER transfers from WTR state to
Normal state as a result of a remote NR message, the three rapid
messages SHALL be transmitted. After the transmission of the three
rapid messages, the LER MUST retransmit the most recently transmitted
PSC message on a continual basis.
Both the default frequency of the three rapid messages as well as the
default frequency of the continual message transmission SHALL be
configurable by the operator. The actual frequencies used MAY be
configurable, at the time of establishment, for each individual
protected LSP. For management purposes, the operator SHOULD be able
to retrieve the current default frequency values as well as the
actual values for any specific LSP. For protection switching within
50 ms, it is RECOMMENDED that the default interval of the first three
rapid PSC messages SHOULD be no longer than 3.3 ms. Using this
Weingarten, et al. Standards Track [Page 15]
RFC 6378 MPLS-TP LP October 2011
frequency would allow the far-end to be guaranteed of receiving the
trigger indication within 10 ms and completion of the switching
operation within 50 ms. Subsequent messages SHOULD be continuously
transmitted with a default interval of 5 seconds. The purpose of the
continual messages is to verify that the PSC session is still alive.
If no valid PSC message is received, over a period of several
continual messages intervals, the last valid received message remains
applicable.
4.2. Protocol Format
The protocol messages SHALL be sent over the G-ACh as described in
[RFC5586]. There is a single channel type for the set of PSC
messages. The actual message function SHALL be identified by the
Request field of the ACH payload as described below.
The channel type for the PSC messages SHALL be PSC-CT=0x0024.
The following figure shows the format for the complete PSC message.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 1|Version| Reserved | PSC-CT |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver|Request|PT |R| Reserved1 | FPath | Path |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV Length | Reserved2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Optional TLVs ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Format of PSC Packet with a G-ACh Header
Where:
o Both Reserved1 and Reserved2 fields MUST be set to 0 and ignored
upon receipt.
o The following subsections describe the remaining fields of the PSC
payload.
4.2.1. PSC Ver Field
The Ver field identifies the version of the protocol. For this
version of the document, the value SHALL be 1.
Weingarten, et al. Standards Track [Page 16]
RFC 6378 MPLS-TP LP October 2011
4.2.2. PSC Request Field
The PSC protocol SHALL support transmission of the following requests
between the two end points of the protection domain:
o (14) Lockout of protection - indicates that the end point has
disabled the protection path as a result of an administrative
command. Both the FPath and Path fields SHALL be set to 0.
o (12) Forced Switch - indicates that the transmitting end point has
switched traffic to the protection path as a result of an
administrative command. The FPath field SHALL indicate that the
working path is being blocked (i.e., FPath set to 1), and the Path
field SHALL indicate that user data traffic is being transported
on the protection path (i.e., Path set to 1).
o (10) Signal Fail - indicates that the transmitting end point has
identified a signal fail condition on either the working or
protection path. The FPath field SHALL identify the path that is
reporting the failure condition (i.e., if protection path, then
FPath is set to 0; if working path, then FPath is set to 1), and
the Path field SHALL indicate where the data traffic is being
transported (i.e., if protection path is blocked, then Path is set
to 0; if working path is blocked, then Path is set to 1).
o (7) Signal Degrade - indicates that the transmitting end point has
identified a degradation of the signal, or integrity of the packet
transmission on either the working or protection path. This
request is presented here only as a placeholder. The specifics
for the method of identifying this degradation is out of scope for
this document. The details of the actions to be taken for this
situation are left for future specification.
o (5) Manual Switch - indicates that the transmitting end point has
switched traffic to the protection path as a result of an
administrative Manual Switch command. The FPath field SHALL
indicate that the working path is being blocked (i.e., FPath set
to 1), and the Path field SHALL indicate that user data traffic is
being transported on the protection path (i.e., Path set to 1).
o (4) Wait-to-Restore - indicates that the transmitting end point is
recovering from a failure condition of the working path and has
started the Wait-to-Restore timer. FPath SHALL be set to 0 and
ignored upon receipt. Path SHALL indicate the working path that
is currently being protected (i.e., Path set to 1).
Weingarten, et al. Standards Track [Page 17]
RFC 6378 MPLS-TP LP October 2011
o (1) Do-not-Revert - indicates that the transmitting end point has
recovered from a failure/blocked condition, but due to the local
settings, is requesting that the protection domain continues to
transport the data as if it is in a protecting state, rather than
revert to the Normal state. FPath SHALL be set to 0 and ignored
upon receipt. Path SHALL indicate the working path that is
currently being protected (i.e., Path set to 1).
o (0) No Request - indicates that the transmitting end point has
nothing to report, FPath and Path fields SHALL be set according to
the transmission state of the end point, see Section 4.3.3 for
detailed scenarios.
All other values are for future extensions (to be administered by
IANA) and SHALL be ignored upon receipt.
4.2.3. Protection Type (PT) Field
The PT field indicates the currently configured protection
architecture type, this SHOULD be validated to be consistent for both
ends of the protection domain. If an inconsistency is detected, then
an alarm SHALL be sent to the management system. The following are
the possible values:
o 3: bidirectional switching using a permanent bridge
o 2: bidirectional switching using a selector bridge
o 1: unidirectional switching using a permanent bridge
o 0: for future extensions
As described in the Introduction (Section 1.1) a 1+1 protection
architecture is characterized by the use of a permanent bridge at the
source node, whereas the 1:1 and 1:n protection architectures are
characterized by the use of a selector bridge at the source node.
4.2.4. Revertive (R) Field
This field indicates that the transmitting end point is configured to
work in revertive mode. If there is an inconsistency between the two
end points, i.e., one end point is configured for revertive action
and the second end point is in non-revertive mode, then the
management system SHOULD be notified. The following are the possible
values:
Weingarten, et al. Standards Track [Page 18]
RFC 6378 MPLS-TP LP October 2011
o 0 - non-revertive mode
o 1 - revertive mode
4.2.5. Fault Path (FPath) Field
The FPath field indicates which path (i.e., working or protection) is
identified to be in a fault condition or affected by an
administrative command, when a fault or command is indicated by the
Request field to be in effect. The following are the possible
values:
o 0: indicates that the anomaly condition is on the protection path
o 1: indicates that the anomaly condition is on the working path
o 2-255: for future extensions and SHALL be ignored by this version
of the protocol.
4.2.6. Data Path (Path) Field
The Path field indicates which data is being transported on the
protection path. Under normal conditions, the protection path
(especially, in 1:1 or 1:n architecture) does not need to carry any
user data traffic. If there is a failure/degrade condition on one of
the working paths, then that working path's data traffic will be
transported over the protection path. The following are the possible
values:
o 0: indicates that the protection path is not transporting user
data traffic (in 1:n architecture) or transporting redundant user
data traffic (in 1+1 architecture).
o 1: indicates that the protection path is transmitting user traffic
replacing the use of the working path.
o 2-255: for future extensions and SHALL be ignored by this version
of the protocol.
4.2.7. Additional TLV Information
It may be necessary for future applications of the protocol to
include additional information for the proper processing of the
requests. For this purpose, we provide for optional additional
information to be included in the PSC payload. This information MUST
include a header that indicates the total length (in bytes) of the
additional information.
Weingarten, et al. Standards Track [Page 19]
RFC 6378 MPLS-TP LP October 2011
This information includes the following fields:
o TLV Length: indicates the number of bytes included in the optional
TLV information. For the basic PSC protocol operation described
in this document, this value MUST be 0.
o Optional TLVs: this includes any additional information formatted
as TLV units. There are no TLV units defined for the basic PSC
operation.
4.3. Principles of Operation
In all of the following subsections, assume a protection domain
between LER-A and LER-Z, using paths W (working) and P (protection),
as shown in Figure 3.
+-----+ //=======================\\ +-----+
|LER-A|// Working Path \\|LER-Z|
| /| |\ |
| ?< | | >? |
| \|\\ Protection Path //|/ |
+-----+ \\=======================// +-----+
|--------Protection Domain--------|
Figure 3: Protection Domain
4.3.1. Basic Operation
The purpose of the PSC protocol is to allow an end point of the
protection domain to notify its peer of the status of the domain that
is known at the end point and coordinate the transmission of the data
traffic. The current state of the end point is expressed in the
values of the Request field (reflecting the local requests at that
end point) and the FPath field (reflecting knowledge of a blocked
path). The coordination between the end points is expressed by the
value of the Path field (indicating where the user data traffic is
being transmitted). Except during a protection switch, the value of
the Path field should be identical for both end points at any
particular time. The values of the Request and FPath fields may not
be identical between the two end points. In particular it should be
noted that a remote message may not cause the end point to change the
Request field that is being transmitted while it does affect the Path
field (see details in the following subsections).
Weingarten, et al. Standards Track [Page 20]
RFC 6378 MPLS-TP LP October 2011
The protocol is a single-phased protocol. "Single-phased" implies
that each end point notifies its peer of a change in the operation
(switching to or from the protection path) and makes the switch
without waiting for acknowledgement. As a side effect of using a
single-phased protocol, there will be a short period during state
transitions of one-sided triggers (e.g., operator commands or
unidirectional SF) when one LER may be transporting/selecting the
data from one transport path while the other end point is
transporting/selecting from the other transport path. This should
become coordinated once the remote message is received and the far-
end LER performs the protection switching operation.
The following subsections will identify the messages that will be
transmitted by the end point in different scenarios. The messages
are described as REQ(FP, P) -- where REQ is the value of the Request
field, FP is the value of the FPath field, and P is the value of the
Path field. All examples assume a protection domain between LER-A
and LER-Z with a single working path and single protection path (as
shown in Figure 3). Again, it should be noted that when using 1:1
protection the data traffic will be transmitted exclusively on either
the protection or working path; whereas when using 1+1 protection,
the traffic will be transmitted on both paths and the receiving LER
should select the appropriate signal based on the state. The text
will refer to this transmission/selection as "transport" of the data
traffic. For 1+1 unidirectional protection, the state of the
selector will only be switched in reaction to a local message. When
receiving a remote message, a LER that is configured for 1+1
unidirectional protection, will transfer to the new remote state;
however, it will continue to select data according to the latest
known local state. When the LER transitions into the Normal state,
the PSC Control Process SHALL check the persistent state of the local
triggers to decide if it should further transition into a new state.
4.3.2. Priority of Inputs
As noted above (in Section 3.1), the PSC Control Process accepts
input from five local input sources. There is a definition of
priority between the different inputs that may be triggered locally.
The list of local requests in order of priority are (from highest to
lowest priority):
1. Clear (operator command)
2. Lockout of protection (operator command)
3. Forced Switch (operator command)
Weingarten, et al. Standards Track [Page 21]
RFC 6378 MPLS-TP LP October 2011
4. Signal Fail on protection (OAM / control-plane / server
indication)
5. Signal Fail on working (OAM / control-plane / server indication)
6. Signal Degrade on working (OAM / control-plane / server
indication)
7. Clear Signal Fail/Degrade (OAM / control-plane / server
indication)
8. Manual Switch (operator command)
9. WTR Expires (WTR timer)
10. No Request (default)
As was noted above, the Local Request logic SHALL always select the
local input indicator with the highest priority as the current local
request, i.e., only the highest priority local input will be used to
affect the control logic. All local inputs with lower priority than
this current local request will be ignored.
The remote message from the far-end LER is assigned a priority just
below the similar local input. For example, a remote Forced Switch
would have a priority just below a local Forced Switch but above a
local Signal Fail on protection input. As mentioned in
Section 3.6.1, the state transition is determined by the higher
priority input between the highest priority local input and the
remote message. This also determines the classification of the state
as local or remote. The following subsections detail the transition
based on the current state and the higher priority of these two
inputs.
4.3.3. Operation of PSC States
The following subsections present the operation of the different
states defined in Section 3.6. For each state, we define the
reaction, i.e., the new state and the message to transmit, to each
possible input -- either the highest priority local input or the PSC
message from the remote LER. It should be noted that the new state
of the protection domain is described from the point of view of the
LER that is reporting the state; therefore, the language of "the LER
goes into a state" is referring to the LER reporting that the
protection domain is now in this new state. If the definition states
to "ignore" the message, the intention is that the protection domain
SHALL remain in its current state and the LER SHALL continue
transmitting (as presented in Section 4.1) the current PSC message.
Weingarten, et al. Standards Track [Page 22]
RFC 6378 MPLS-TP LP October 2011
When a LER is in a remote state, i.e., state transition in reaction
to a PSC message received from the far-end LER, and receives a new
PSC message from the far-end LER that indicates a contradictory
state, e.g., in remote Unavailable state receiving a remote FS(1,1)
message, then the PSC Control logic SHALL reevaluate all inputs (both
the local input and the remote message) as if the LER is in the
Normal state.
4.3.3.1. Normal State
When the protection domain has no special condition in effect, the
ingress LER SHALL forward the user data along the working path, and,
in the case of 1+1 protection, the Permanent Bridge will bridge the
data to the protection path as well. The receiving LER SHALL read
the data from the working path.
When the LER transitions into the Normal state, the PSC Control
Process SHALL check the persistent state of the local triggers to
decide if it should further transition into a new state. If the
result of this check is a transition into a new state, the LER SHALL
transmit the corresponding message described in this section and
SHALL use the data path corresponding to the new state. When the
protection domain remains in Normal state, the end point SHALL
transmit an NR(0,0) message, indicating -- Nothing to report and data
traffic is being transported on the working path.
When the protection domain is in Normal state, the following
transitions are relevant in reaction to a local input to the LER:
o A local Lockout of protection input SHALL cause the LER to go into
local Unavailable state and begin transmission of an LO(0,0)
message.
o A local Forced Switch input SHALL cause the LER to go into local
Protecting administrative state and begin transmission of an
FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL cause
the LER to go into local Unavailable state and begin transmission
of an SF(0,0) message.
o A local Signal Fail indication on the working path SHALL cause the
LER to go into local Protecting failure state and begin
transmission of an SF(1,1) message.
o A local Manual Switch input SHALL cause the LER to go into local
Protecting administrative state and begin transmission of an
MS(1,1) message.
Weingarten, et al. Standards Track [Page 23]
RFC 6378 MPLS-TP LP October 2011
o All other local inputs SHALL be ignored.
In Normal state, remote messages would cause the following reaction
from the LER:
o A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state, while continuing to transmit the
NR(0,0) message.
o A remote Forced Switch message SHALL cause the LER to go into
remote Protecting administrative state and begin transmitting an
NR(0,1) message.
o A remote Signal Fail message that indicates that the failure is on
the protection path SHALL cause the LER (LER-A) to go into remote
Unavailable state, while continuing to transmit the NR(0,0)
message.
o A remote Signal Fail message that indicates that the failure is on
the working path SHALL cause the LER to go into remote Protecting
failure state, and transmit an NR(0,1) message.
o A remote Manual Switch message SHALL cause the LER to go into
remote Protecting administrative state, and transmit an NR(0,1)
message.
o All other remote messages SHALL be ignored.
4.3.3.2. Unavailable State
When the protection path is unavailable -- either as a result of a
Lockout operator command, or as a result of a SF detected on the
protection path -- then the protection domain is in the Unavailable
state. In this state, the data traffic SHALL be transported on the
working path and is not protected. When the domain is in Unavailable
state, the PSC messages may not get through: therefore, the
protection is more dependent on the local inputs than the remote
messages (that may not be received).
The protection domain will exit the Unavailable state and revert to
the Normal state when either the operator clears the Lockout command
or the protection path recovers from the signal fail or degraded
situation. Both ends will continue to send the PSC messages over the
protection path, as a result of this recovery.
When the LER (assume LER-A) is in Unavailable state, the following
transitions are relevant in reaction to a local input:
Weingarten, et al. Standards Track [Page 24]
RFC 6378 MPLS-TP LP October 2011
o A local Clear input SHALL be ignored if the LER is in remote
Unavailable state. If in local Unavailable state due to a Lockout
command, then the input SHALL cause the LER to go to Normal state.
o A local Lockout of protection input SHALL cause the LER to remain
in local Unavailable state and transmit an LO(0,0) message to the
far-end LER (LER-Z).
o A local Clear SF of the protection path in local Unavailable state
that is due to an SF on the protection path SHALL cause the LER to
go to Normal state. If the LER is in remote Unavailable state but
has an active local SF condition, then the local Clear SF SHALL
clear the SF local condition and the LER SHALL remain in remote
Unavailable state and begin transmitting NR(0,0) messages. In all
other cases, the local Clear SF SHALL be ignored.
o A local Forced Switch SHALL be ignored by the PSC Control logic
when in Unavailable state as a result of a (local or remote)
Lockout of protection. If in Unavailable state due to an SF on
protection, then the FS SHALL cause the LER to go into local
Protecting administrative state and begin transmitting an FS(1,1)
message. It should be noted that due to the unavailability of the
protection path (i.e., due to the SF condition) that this FS may
not be received by the far-end until the SF condition is cleared.
o A local Signal Fail on the protection path input when in local
Unavailable state (by implication, this is due to a local SF on
protection) SHALL cause the LER to remain in local Unavailable
state and transmit an SF(0,0) message.
o A local Signal Fail on the working path input when in remote
Unavailable state SHALL cause the LER to remain in remote
Unavailable state and transmit an SF(1,0) message.
o All other local inputs SHALL be ignored.
If remote messages are being received over the protection path, then
they would have the following effect:
o A remote Lockout of protection message SHALL cause the LER to
remain in Unavailable state (note that if the LER was previously
in local Unavailable state due to a Signal Fail on the protection
path, then it will now be in remote Unavailable state) and
continue transmission of the current message (either NR(0,0) or
LO(0,0) or SF(0,0)).
Weingarten, et al. Standards Track [Page 25]
RFC 6378 MPLS-TP LP October 2011
o A remote Forced Switch message SHALL be ignored by the PSC Control
logic when in Unavailable state as a result of a (local or remote)
Lockout of protection. If in Unavailable state due to a local or
remote SF on protection, then the FS SHALL cause the LER to go
into remote Protecting administrative state; if in Unavailable
state due to local SF, begin transmitting an SF(0,1) message.
o A remote Signal Fail message that indicates that the failure is on
the protection path SHALL cause the LER to remain in Unavailable
state and continue transmission of the current message (either
NR(0,0) or SF(0,0) or LO(0,0)).
o A remote No Request, when the LER is in remote Unavailable state
and there is no active local Signal Fail SHALL cause the LER to go
into Normal state and continue transmission of the current
message. If there is a local Signal Fail on the protection path,
the LER SHALL remain in local Unavailable state and transmit an
SF(0,0) message. If there is a local Signal Fail on the working
path, the LER SHALL go into local Protecting Failure state and
transmit an SF(1,1) message. When in local Unavailable state, the
remote message SHALL be ignored.
o All other remote messages SHALL be ignored.
4.3.3.3. Protecting Administrative State
In the Protecting administrative state, the user data traffic SHALL
be transported on the protection path, while the working path is
blocked due to an operator command, i.e., Forced Switch or Manual
Switch. The difference between a local FS and local MS affects what
local indicators may be received -- the Local Request logic will
block any local SF when under the influence of a local FS, whereas
the SF would override a local MS. In general, an MS will be canceled
in case of either a local or remote SF or LO condition.
The following describe the reaction to local input:
o A local Clear SHALL be ignored if in remote Protecting
administrative state. If in local Protecting administrative
state, then this input SHALL cause the LER to go into Normal
state.
o A local Lockout of protection input SHALL cause the LER to go into
local Unavailable state and begin transmission of an LO(0,0)
message.
o A local Forced Switch input SHALL cause the LER to remain in local
Protecting administrative state and transmit an FS(1,1) message.
Weingarten, et al. Standards Track [Page 26]
RFC 6378 MPLS-TP LP October 2011
o A local Signal Fail indication on the protection path SHALL cause
the LER to go into local Unavailable state and begin transmission
of an SF(0,0) message, if the current state is due to a (local or
remote) Manual Switch operator command. If the LER is in (local
or remote) Protecting administrative state due to an FS situation,
then the SF on protection SHALL be ignored.
o A local Signal Fail indication on the working path SHALL cause the
LER to go into local Protecting failure state and begin
transmitting an SF(1,1) message, if the current state is due to a
(local or remote) Manual Switch operator command. If the LER is
in remote Protecting administrative state due to a remote Forced
Switch command, then this local indication SHALL cause the LER to
remain in remote Protecting administrative state and transmit an
SF(1,1) message. If the LER is in local Protecting administrative
state due to a local Forced Switch command, then this indication
SHALL be ignored (i.e., the indication should have been blocked by
the Local Request logic).
o A local Clear SF SHALL clear any local SF condition that may
exist. If in remote Protecting administrative state, the LER
SHALL stop transmitting the SF(x,1) message and begin transmitting
an NR(0,1) message.
o A local Manual Switch input SHALL be ignored if in remote
Protecting administrative state due to a remote Forced Switch
command. If the current state is due to a (local or remote)
Manual Switch operator command, it SHALL cause the LER to remain
in local Protecting administrative state and transmit an MS(1,1)
message.
o All other local inputs SHALL be ignored.
While in Protecting administrative state the LER may receive and
react as follows to remote PSC messages:
o A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state and begin transmitting an NR(0,0)
message. It should be noted that this automatically cancels the
current Forced Switch or Manual Switch command and data traffic is
reverted to the working path.
o A remote Forced Switch message SHALL be ignored by the PSC Process
logic if there is an active local Forced Switch operator command.
If the Protecting administrative state is due to a remote Forced
Switch message, then the LER SHALL remain in remote Protecting
administrative state and continue transmitting the last message.
If the Protecting administrative state is due to either a local or
Weingarten, et al. Standards Track [Page 27]
RFC 6378 MPLS-TP LP October 2011
remote Manual Switch, then the LER SHALL remain in remote
Protecting administrative state (updating the state information
with the proper relevant information) and begin transmitting an
NR(0,1) message.
o A remote Signal Fail message indicating a failure on the
protection path SHALL cause the LER to go into remote Unavailable
state and begin transmitting an NR(0,0) message, if the Protecting
administrative state is due to a Manual Switch command. It should
be noted that this automatically cancels the current Manual Switch
command and data traffic is reverted to the working path.
o A remote Signal Fail message indicating a failure on the working
path SHALL be ignored if there is an active local Forced Switch
command. If the Protecting state is due to a local or remote
Manual Switch, then the LER SHALL go to remote Protecting failure
state and begin transmitting an NR(0,1) message.
o A remote Manual Switch message SHALL be ignored by the PSC Control
logic if in Protecting administrative state due to a local or
remote Forced Switch. If in Protecting administrative state due
to a remote Manual Switch, then the LER SHALL remain in remote
Protecting administrative state and continue transmitting the
current message. If in local Protecting administrative state due
to an active Manual Switch, then the LER SHALL remain in local
Protecting administrative state and continue transmission of the
MS(1,1) message.
o A remote DNR(0,1) message SHALL be ignored if in local Protecting
administrative state. If in remote Protecting administrative
state, then the LER SHALL go to Do-not-Revert state and continue
transmitting the current message.
o A remote NR(0,0) message SHALL be ignored if in local Protecting
administrative state. If in remote Protecting administrative
state and there is no active local Signal Fail indication, then
the LER SHALL go to Normal state and begin transmitting an NR(0,0)
message. If there is a local Signal Fail on the working path, the
LER SHALL go to local Protecting failure state and begin
transmitting an SF(1,1) message.
o All other remote messages SHALL be ignored.
4.3.3.4. Protecting Failure State
When the protection mechanism has been triggered and the protection
domain has performed a protection switch, the domain is in the
Protecting failure state. In this state, the normal data traffic
Weingarten, et al. Standards Track [Page 28]
RFC 6378 MPLS-TP LP October 2011
SHALL be transported on the protection path. When an LER is in this
state, it implies that there either was a local SF condition or it
received a remote SF PSC message. The SF condition or message
indicated that the failure is on the working path.
This state may be overridden by the Unavailable state triggers, i.e.,
Lockout of protection or SF on the protection path, or by issuing an
FS operator command. This state will be cleared when the SF
condition is cleared. In order to prevent flapping due to an
intermittent fault, the LER SHOULD employ a Wait-to-Restore timer to
delay return to Normal state until the network has stabilized (see
Section 3.5).
The following describe the reaction to local input:
o A local Clear SF SHALL be ignored if in remote Protecting failure
state. If in local Protecting failure state and the LER is
configured for revertive behavior, then this input SHALL cause the
LER to go into Wait-to-Restore state, start the WTR timer, and
begin transmitting a WTR(0,1) message. If in local Protecting
failure state and the LER is configured for non-revertive
behavior, then this input SHALL cause the LER to go into Do-not-
Revert state and begin transmitting a DNR(0,1) message.
o A local Lockout of protection input SHALL cause the LER to go into
Unavailable state and begin transmission of an LO(0,0) message.
o A local Forced Switch input SHALL cause the LER to go into
Protecting administrative state and begin transmission of an
FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL cause
the LER to go into Unavailable state and begin transmission of an
SF(0,0) message.
o A local Signal Fail indication on the working path SHALL cause the
LER to remain in local Protecting failure state and transmit an
SF(1,1) message.
o All other local inputs SHALL be ignored.
While in Protecting failure state, the LER may receive and react as
follows to remote PSC messages:
o A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state, and if in local Protecting failure
state, then the LER SHALL transmit an SF(1,0) message; otherwise,
Weingarten, et al. Standards Track [Page 29]
RFC 6378 MPLS-TP LP October 2011
it SHALL transmit an NR(0,0) message. It should be noted that
this may cause loss of user data since the working path is still
in a failure condition.
o A remote Forced Switch message SHALL cause the LER go into remote
Protecting administrative state, and if in local Protecting
failure state, the LER SHALL transmit the SF(1,1) message;
otherwise, it SHALL transmit NR(0,1).
o A remote Signal Fail message indicating a failure on the
protection path SHALL cause the LER to go into remote Unavailable
state, and if in local Protecting failure state, then the LER
SHALL transmit an SF(1,0) message; otherwise, it SHALL transmit an
NR(0,0) message. It should be noted that this may cause loss of
user data since the working path is still in a failure condition.
o If in remote Protecting failure state, a remote Wait-to-Restore
message SHALL cause the LER to go into remote Wait-to-Restore
state and continue transmission of the current message.
o If in remote Protecting failure state, a remote Do-not-Revert
message SHALL cause the LER to go into remote Do-not-Revert state
and continue transmission of the current message.
o If in remote Protecting failure state, a remote NR(0,0) SHALL
cause the LER to go to Normal state.
o All other remote messages SHALL be ignored.
4.3.3.5. Wait-to-Restore State
When recovering from a failure condition on the working path, the
Wait-to-Restore state is used by the PSC protocol to delay reverting
to the Normal state, for the period of the WTR timer to allow the
recovering failure to stabilize. While in the Wait-to-Restore state,
the data traffic SHALL continue to be transported on the protection
path. The natural transition from the Wait-to-Restore state to
Normal state will occur when the WTR timer expires.
When in Wait-to-Restore state, the following describe the reaction to
local inputs:
o A local Lockout of protection command SHALL send the Stop command
to the WTR timer, go into local Unavailable state, and begin
transmitting an LO(0,0) message.
Weingarten, et al. Standards Track [Page 30]
RFC 6378 MPLS-TP LP October 2011
o A local Forced Switch command SHALL send the Stop command to the
WTR timer, go into local Protecting administrative state, and
begin transmission of an FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL send
the Stop command to the WTR timer, go into local Unavailable
state, and begin transmission of an SF(0,0) message.
o A local Signal Fail indication on the working path SHALL send the
Stop command to the WTR timer, go into local Protecting failure
state, and begin transmission of an SF(1,1) message.
o A local Manual Switch input SHALL send the Stop command to the WTR
timer, go into local Protecting administrative state, and begin
transmission of an MS(1,1) message.
o A local WTR Expires input SHALL cause the LER to remain in Wait-
to-Restore state, and begin transmitting an NR(0,1) message.
o All other local inputs SHALL be ignored.
When in Wait-to-Restore state, the following describe the reaction to
remote messages:
o A remote Lockout of protection message SHALL send the Stop command
to the WTR timer, go into remote Unavailable state, and begin
transmitting an NR(0,0) message.
o A remote Forced Switch message SHALL send the Stop command to the
WTR timer, go into remote Protecting administrative state, and
begin transmission of an NR(0,1) message.
o A remote Signal Fail message for the protection path SHALL send
the Stop command to the WTR timer, go into remote Unavailable
state, and begin transmission of an NR(0,0) message.
o A remote Signal Fail message for the working path SHALL send the
Stop command to the WTR timer, go into remote Protecting failure
state, and begin transmission of an NR(0,1) message.
o A remote Manual Switch message SHALL send the Stop command to the
WTR timer, go into remote Protecting administrative state, and
begin transmission of an NR(0,1) message.
o If the WTR timer is running, then a remote NR message SHALL be
ignored. If the WTR timer is stopped, then a remote NR message
SHALL cause the LER to go into Normal state.
Weingarten, et al. Standards Track [Page 31]
RFC 6378 MPLS-TP LP October 2011
o All other remote messages SHALL be ignored.
4.3.3.6. Do-not-Revert State
Do-not-Revert state is a continuation of the Protecting failure state
when the protection domain is configured for non-revertive behavior.
While in Do-not-Revert state, data traffic SHALL continue to be
transported on the protection path until the administrator sends a
command to revert to Normal state. It should be noted that there is
a fundamental difference between this state and Normal -- whereas
Forced Switch in Normal state actually causes a switch in the
transport path used, in Do-not-Revert state, the Forced Switch just
switches the state (to Protecting administrative state) but the
traffic would continue to be transported on the protection path! To
revert back to Normal state, the administrator SHALL issue a Lockout
of protection command followed by a Clear command.
When in Do-not-Revert state, the following describe the reaction to
local input:
o A local Lockout of protection command SHALL cause the LER to go
into local Unavailable state and begin transmitting an LO(0,0)
message.
o A local Forced Switch command SHALL cause the LER to go into local
Protecting administrative state and begin transmission of an
FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL cause
the LER to go into local Unavailable state and begin transmission
of an SF(0,0) message.
o A local Signal Fail indication on the working path SHALL cause the
LER to go into local Protecting failure state and begin
transmission of an SF(1,1) message.
o A local Manual Switch input SHALL cause the LER to go into local
Protecting administrative state and begin transmission of an
MS(1,1) message.
o All other local inputs SHALL be ignored.
When in Do-not-Revert state, the following describe the reaction to
remote messages:
o A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state and begin transmitting an NR(0,0)
message.
Weingarten, et al. Standards Track [Page 32]
RFC 6378 MPLS-TP LP October 2011
o A remote Forced Switch message SHALL cause the LER to go into
remote Protecting administrative state and begin transmission of
an NR(0,1) message.
o A remote Signal Fail message for the protection path SHALL cause
the LER to go into remote Unavailable state and begin transmission
of an NR(0,0) message.
o A remote Signal Fail message for the working path SHALL cause the
LER to go into remote Protecting failure state and begin
transmission of an NR(0,1) message.
o A remote Manual Switch message SHALL cause the LER to go into
remote Protecting administrative state and begin transmission of
an NR(0,1) message.
o All other remote messages SHALL be ignored.
5. IANA Considerations
5.1. Pseudowire Associated Channel Type
In the "Pseudowire Name Spaces (PWE3)" registry, IANA maintains the
"Pseudowire Associated Channel Types" registry.
IANA has assigned a new code point from this registry. The code
point has been assigned from the code point space that requires "IETF
Review" as follows:
Registry:
Value Description TLV Follows Reference
------ ----------------------- ----------- ---------------
0x0024 Protection State no [this document]
Coordination Protocol -
Channel Type (PSC-CT)
5.2. PSC Request Field
IANA has created and maintains a new sub-registry within the
"Multiprotocol Label Switching (MPLS) Operations, Administration, and
Management (OAM) Parameters" registry called the "MPLS PSC Request
Registry". All code points within this registry shall be allocated
according to the "Standards Action" procedure as specified in
[RFC5226].
The PSC Request Field is 4 bits, and the values have been allocated
as follows:
Weingarten, et al. Standards Track [Page 33]
RFC 6378 MPLS-TP LP October 2011
Value Description Reference
----- --------------------- ---------------
0 No Request [this document]
1 Do-not-Revert [this document]
2 - 3 Unassigned
4 Wait-to-Restore [this document]
5 Manual Switch [this document]
6 Unassigned
7 Signal Degrade [this document]
8 - 9 Unassigned
10 Signal Fail [this document]
11 Unassigned
12 Forced Switch [this document]
13 Unassigned
14 Lockout of protection [this document]
15 Unassigned
5.3. Additional TLVs
The IANA has created and maintains a new sub-registry within the
"Multiprotocol Label Switching (MPLS) Operations, Administration, and
Management (OAM) Parameters" registry called the "MPLS PSC TLV
Registry". All code points within this registry shall be allocated
according to the "IETF Review" procedure as specified in [RFC5226].
6. Security Considerations
MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
the security model of MPLS. MPLS networks make the assumption that
it is very hard to inject traffic into a network and equally hard to
cause traffic to be directed outside the network. The control-plane
protocols utilize hop-by-hop security and assume a "chain-of-trust"
model such that end-to-end control-plane security is not used. For
more information on the generic aspects of MPLS security, see
[RFC5920].
This document describes a protocol carried in the G-ACh [RFC5586],
and so is dependent on the security of the G-ACh, itself. The G-ACh
is a generalization of the Associated Channel defined in [RFC4385].
Thus, this document relies heavily on the security mechanisms
provided for the Associated Channel and described in those two
documents.
A specific concern for the G-ACh is that is can be used to provide a
covert channel. This problem is wider than the scope of this
document and does not need to be addressed here, but it should be
noted that the channel provides end-to-end connectivity and SHOULD
Weingarten, et al. Standards Track [Page 34]
RFC 6378 MPLS-TP LP October 2011
NOT be policed by transit nodes. Thus, there is no simple way of
preventing any traffic being carried between in the G-ACh consenting
nodes.
A good discussion of the data-plane security of an associated channel
may be found in [RFC5085]. That document also describes some
mitigation techniques.
It should be noted that the G-ACh is essentially connection oriented
so injection or modification of control messages specified in this
document require the subversion of a transit node. Such subversion
is generally considered hard in MPLS networks and impossible to
protect against at the protocol level. Management level techniques
are more appropriate.
However, a new concern for this document is the accidental corruption
of messages (through faulty implementations or random corruption).
The main concern is around the Request, FPath, and Path fields as a
change to these fields would change the behavior of the peer end
point. Although this document does not define a way to avoid a
change in network behavior upon receipt of a message indicating a
change in protection status, the transition between states will
converge on a known and stable behavior in the face of messages that
do not match reality.
7. Acknowledgements
The authors would like to thank all members of the teams (the Joint
Working Team, the MPLS Interoperability Design Team in the IETF, and
the T-MPLS Ad Hoc Group in ITU-T) involved in the definition and
specification of the MPLS Transport Profile.
Weingarten, et al. Standards Track [Page 35]
RFC 6378 MPLS-TP LP October 2011
8. Contributing Authors
Hao Long
Huawei Technologies Co., Ltd.
F3 Building, Huawei Industrial Park
Bantian, Shenzhen, China
EMail: longhao@huawei.com
Davide Chiara
Ericsson
Via Calda 5, 16152 Genova Italy
EMail: davide.chiara@ericsson.com
Dan Frost
Cisco Systems
EMail: danfrost@cisco.com
Francesco Fondelli
Ericsson
via Moruzzi 1
56100, Pisa
Italy
EMail: francesco.fondelli@ericsson.com
Weingarten, et al. Standards Track [Page 36]
RFC 6378 MPLS-TP LP October 2011
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson,
"Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN", RFC 4385, February 2006.
[RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", RFC 5586, June 2009.
[RFC5654] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N.,
and S. Ueno, "Requirements of an MPLS Transport Profile",
RFC 5654, September 2009.
9.2. Informative References
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, January 2001.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Encoding", RFC 3032, January 2001.
[RFC3945] Mannie, E., "Generalized Multi-Protocol Label Switching
(GMPLS) Architecture", RFC 3945, October 2004.
[RFC3985] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to-
Edge (PWE3) Architecture", RFC 3985, March 2005.
[RFC4427] Mannie, E. and D. Papadimitriou, "Recovery (Protection and
Restoration) Terminology for Generalized Multi-Protocol
Label Switching (GMPLS)", RFC 4427, March 2006.
[RFC4872] Lang, J., Rekhter, Y., and D. Papadimitriou, "RSVP-TE
Extensions in Support of End-to-End Generalized Multi-
Protocol Label Switching (GMPLS) Recovery", RFC 4872,
May 2007.
[RFC4873] Berger, L., Bryskin, I., Papadimitriou, D., and A. Farrel,
"GMPLS Segment Recovery", RFC 4873, May 2007.
[RFC5085] Nadeau, T. and C. Pignataro, "Pseudowire Virtual Circuit
Connectivity Verification (VCCV): A Control Channel for
Pseudowires", RFC 5085, December 2007.
Weingarten, et al. Standards Track [Page 37]
RFC 6378 MPLS-TP LP October 2011
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC5659] Bocci, M. and S. Bryant, "An Architecture for Multi-
Segment Pseudowire Emulation Edge-to-Edge", RFC 5659,
October 2009.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010.
[RFC5921] Bocci, M., Bryant, S., Frost, D., Levrau, L., and L.
Berger, "A Framework for MPLS in Transport Networks",
RFC 5921, July 2010.
[RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport
Profile (MPLS-TP) Survivability Framework", RFC 6372,
September 2011.
Weingarten, et al. Standards Track [Page 38]
RFC 6378 MPLS-TP LP October 2011
Appendix A. PSC State Machine Tables
The PSC state machine is described in Section 4.3.3. This appendix
provides the same information but in tabular format. In the event of
a mismatch between these tables and the text in Section 4.3.3, the
text is authoritative. Note that this appendix is intended to be a
functional description, not an implementation specification.
For the sake of clarity of the table, the six states listed in the
text are split into 13 states. The logic of the split is to
differentiate between the different cases given in the conditional
statements in the descriptions of each state in the text. In
addition, the remote and local states were split for the Unavailable,
Protecting failure, and Protecting administrative states.
There is only one table for the PSC state machine, but it is broken
into two parts for space reasons. The first part lists the 13
possible states, the eight possible local inputs (that is, inputs
that are generated by the node in question), and the action taken
when a given input is received when the node is in a particular
state. The second part of the table lists the 13 possible states and
the eight remote inputs (inputs that come from a node other than the
one executing the state machine).
There are 13 rows in the table, headers notwithstanding. These rows
are the 13 possible extended states in the state machine.
The text in the first column is the current state. Those states that
have both source and cause are formatted as State:Cause:Source. For
example, the string UA:LO:L indicates that the current state is
'Unavailable', that the cause of the current state is a Lockout of
protection that was a local input. In contrast, the state N simply
is Normal; there is no need to track the cause for entry into Normal
state.
Weingarten, et al. Standards Track [Page 39]
RFC 6378 MPLS-TP LP October 2011
The 13 extended states, as they appear in the table, are as follows:
N Normal state
UA:LO:L Unavailable state due to local Lockout
UA:P:L Unavailable state due to local SF on protection path
UA:LO:R Unavailable state due to remote Lockout of protection message
UA:P:R Unavailable state due to remote SF message on protection path
PF:W:L Protecting failure state due to local SF on working path
PF:W:R Protecting failure state due to remote SF message on working
path
PA:F:L Protecting administrative state due to local FS operator
command
PA:M:L Protecting administrative state due to local MS operator
command
PA:F:R Protecting administrative state due to remote FS message
PA:M:R Protecting administrative state due to remote MS message
WTR Wait-to-Restore state
DNR Do-not-Revert state
Each state corresponds to the transmission of a particular set of
Request, FPath and Path bits. The table below lists the message that
is generally sent in each particular state. If the message to be
sent in a particular state deviates from the table below, it is noted
in the footnotes to the state-machine table.
State REQ(FP,P)
------- ---------
N NR(0,0)
UA:LO:L LO(0,0)
UA:P:L SF(0,0)
UA:LO:R NR(0,0)
UA:P:R NR(0,0)
PF:W:L SF(1,1)
PF:W:R NR(0,1)
PA:F:L FS(1,1)
PA:M:L MS(1,1)
PA:F:R NR(0,1)
PA:M:R NR(0,1)
WTR WTR(0,1)
DNR DNR(0,1)
Weingarten, et al. Standards Track [Page 40]
RFC 6378 MPLS-TP LP October 2011
The top row in each table is the list of possible inputs. The local
inputs are as follows:
NR No Request
OC Operator Clear
LO Lockout of protection
SF-P Signal Fail on protection path
SF-W Signal Fail on working path
FS Forced Switch
SFc Clear Signal Fail
MS Manual Switch
WTRExp WTR Expired
and the remote inputs are as follows:
LO remote LO message
SF-P remote SF message indicating protection path
SF-W remote SF message indicating working path
FS remote FS message
MS remote MS message
WTR remote WTR message
DNR remote DNR message
NR remote NR message
Section 4.3.3 refers to some states as 'remote' and some as 'local'.
By definition, all states listed in the table of local sources are
local states, and all states listed in the table of remote sources
are remote states. For example, Section 4.3.3.1 says "A local
Lockout of protection input SHALL cause the LER to go into local
Unavailable state". As the trigger for this state change is a local
one, 'local Unavailable state' is, by definition, displayed in the
table of local sources. Similarly, Section 4.3.3.1 also states that
"A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state" means that the state represented in
the Unavailable rows in the table of remote sources is by definition
a remote Unavailable state.
Each cell in the table below contains either a state, a footnote, or
the letter 'i'. 'i' stands for Ignore, and is an indication to
continue with the current behavior. See Section 4.3.3. The
footnotes are listed below the table.
Weingarten, et al. Standards Track [Page 41]
RFC 6378 MPLS-TP LP October 2011
Part 1: Local input state machine
| OC | LO | SF-P | FS | SF-W | SFc | MS | WTRExp
--------+-----+-------+------+------+------+------+------+-------
N | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
UA:LO:L | N | i | i | i | i | i | i | i
UA:P:L | i |UA:LO:L| i |PA:F:L| i | [5] | i | i
UA:LO:R | i |UA:LO:L| [1] | i | [2] | [6] | i | i
UA:P:R | i |UA:LO:L|UA:P:L|PA:F:L| [3] | [6] | i | i
PF:W:L | i |UA:LO:L|UA:P:L|PA:F:L| i | [7] | i | i
PF:W:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i
PA:F:L | N |UA:LO:L| i | i | i | i | i | i
PA:M:L | N |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i
PA:F:R | i |UA:LO:L| i |PA:F:L| [4] | [8] | i | i
PA:M:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
WTR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| [9]
DNR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
Part 2: Remote messages state machine
| LO | SF-P | FS | SF-W | MS | WTR | DNR | NR
--------+-------+------+------+------+------+------+------+------
N |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i
UA:LO:L | i | i | i | i | i | i | i | i
UA:P:L | [10] | i | [19] | i | i | i | i | i
UA:LO:R | i | i | i | i | i | i | i | [16]
UA:P:R |UA:LO:R| i |PA:F:R| i | i | i | i | [16]
PF:W:L | [11] | [12] |PA:F:R| i | i | i | i | i
PF:W:R |UA:LO:R|UA:P:R|PA:F:R| i | i | [14] | [15] | N
PA:F:L |UA:LO:R| i | i | i | i | i | i | i
PA:M:L |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | i
PA:F:R |UA:LO:R| i | i | i | i | i | DNR | [17]
PA:M:R |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | DNR | N
WTR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | [18]
DNR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i
The following are the footnotes for the table:
[1] Remain in the current state (UA:LO:R) and transmit SF(0,0).
[2] Remain in the current state (UA:LO:R) and transmit SF(1,0).
[3] Remain in the current state (UA:P:R) and transmit SF(1,0).
[4] Remain in the current state (PA:F:R) and transmit SF(1,1).
[5] If the SF being cleared is SF-P, transition to N. If it's
SF-W, ignore the clear.
Weingarten, et al. Standards Track [Page 42]
RFC 6378 MPLS-TP LP October 2011
[6] Remain in current state (UA:x:R), if the SFc corresponds to a
previous SF, then begin transmitting NR(0,0).
[7] If domain configured for revertive behavior transition to WTR,
else transition to DNR.
[8] Remain in PA:F:R and transmit NR(0,1).
[9] Remain in WTR, send NR(0,1).
[10] Transition to UA:LO:R continue sending SF(0,0).
[11] Transition to UA:LO:R and send SF(1,0).
[12] Transition to UA and send SF(1,0).
[13] Transition to PF:W:R and send NR(0,1).
[14] Transition to WTR state and continue to send the current
message.
[15] Transition to DNR state and continue to send the current
message.
[16] If the local input is SF-P, then transition to UA:P:L. If the
local input is SF-W, then transition to PF:W:L. Else,
transition to N state and continue to send the current message.
[17] If the local input is SF-W, then transition to PF:W:L. Else,
transition to N state and continue to send the current message.
[18] If the receiving LER's WTR timer is running, maintain current
state and message. If the WTR timer is stopped, transition to
N.
[19] Transition to PA:F:R and send SF (0,1).
Weingarten, et al. Standards Track [Page 43]
RFC 6378 MPLS-TP LP October 2011
Appendix B. Exercising the Protection Domain
There is a requirement in [RFC5654] (number 84) that discusses a
requirement to verify that the protection path is viable. While the
PSC protocol does not define a specific operation for this
functionality, it is possible to perform this operation by combining
operations of the PSC and other OAM functionalities. One such
possible combination would be to issue a Lockout of protection
operation and then use the OAM function for diagnostic testing of the
protection path. Similarly, to test the paths when the working path
is not active would involve performing a Forced Switch to protection
and then perform the diagnostic function on either the working or
protection path.
Weingarten, et al. Standards Track [Page 44]
RFC 6378 MPLS-TP LP October 2011
Authors' Addresses
Yaacov Weingarten (editor)
Nokia Siemens Networks
3 Hanagar St. Neve Ne'eman B
Hod Hasharon 45241
Israel
EMail: yaacov.weingarten@nsn.com
Stewart Bryant
Cisco
United Kingdom
EMail: stbryant@cisco.com
Eric Osborne
Cisco
United States
EMail: eosborne@cisco.com
Nurit Sprecher
Nokia Siemens Networks
3 Hanagar St. Neve Ne'eman B
Hod Hasharon 45241
Israel
EMail: nurit.sprecher@nsn.com
Annamaria Fulignoli (editor)
Ericsson
Via Moruzzi
Pisa 56100
Italy
EMail: annamaria.fulignoli@ericsson.com
Weingarten, et al. Standards Track [Page 45]