--- 1/draft-ietf-mpls-tp-shared-ring-protection-05.txt 2017-06-12 05:13:28.769457791 -0700 +++ 2/draft-ietf-mpls-tp-shared-ring-protection-06.txt 2017-06-12 05:13:28.889460644 -0700 @@ -1,23 +1,23 @@ Network Working Group W. Cheng Internet-Draft L. Wang Intended status: Standards Track H. Li -Expires: September 28, 2017 China Mobile +Expires: December 14, 2017 China Mobile H. Helvoort Hai Gaoming BV J. Dong Huawei Technologies - March 27, 2017 + June 12, 2017 Shared-Ring protection (MSRP) mechanism for ring topology - draft-ietf-mpls-tp-shared-ring-protection-05 + draft-ietf-mpls-tp-shared-ring-protection-06 Abstract This document describes requirements, architecture and solutions for MPLS-TP Shared Ring Protection (MSRP) in a ring topology for point- to-point (P2P) services. The MSRP mechanism is described to meet the ring protection requirements as described in RFC 5654. This document defines the Ring Protection Switch (RPS) Protocol that is used to coordinate the protection behavior of the nodes on MPLS ring. @@ -35,21 +35,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 28, 2017. + This Internet-Draft will expire on December 14, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -60,68 +60,68 @@ described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 3. MPLS-TP Ring Protection Criteria and Requirements . . . . . . 4 4. Shared Ring Protection Architecture . . . . . . . . . . . . . 5 4.1. Ring Tunnel . . . . . . . . . . . . . . . . . . . . . . . 5 4.1.1. Establishment of Ring Tunnel . . . . . . . . . . . . 6 - 4.1.2. Label Assignment and Distribution . . . . . . . . . . 7 - 4.1.3. Forwarding Operation . . . . . . . . . . . . . . . . 7 - 4.2. Failure Detection . . . . . . . . . . . . . . . . . . . . 8 - 4.3. Ring Protection . . . . . . . . . . . . . . . . . . . . . 9 - 4.3.1. Wrapping . . . . . . . . . . . . . . . . . . . . . . 10 - 4.3.2. Short Wrapping . . . . . . . . . . . . . . . . . . . 12 - 4.3.3. Steering . . . . . . . . . . . . . . . . . . . . . . 14 - 4.4. Interconnected Ring Protection . . . . . . . . . . . . . 17 - 4.4.1. Interconnected Ring Topology . . . . . . . . . . . . 17 - 4.4.2. Interconnected Ring Protection Mechanisms . . . . . . 19 - 4.4.3. Ring Tunnels in Interconnected Rings . . . . . . . . 20 - 4.4.4. Interconnected Ring Switching Procedure . . . . . . . 22 - 4.4.5. Interconnected Ring Detection Mechanism . . . . . . . 22 - 5. Ring Protection Coordination Protocol . . . . . . . . . . . . 23 - 5.1. RPS Protocol . . . . . . . . . . . . . . . . . . . . . . 23 - 5.1.1. Transmission and Acceptance of RPS Requests . . . . . 25 - 5.1.2. RPS PDU Format . . . . . . . . . . . . . . . . . . . 26 - 5.1.3. Ring Node RPS States . . . . . . . . . . . . . . . . 27 - 5.1.4. RPS State Transitions . . . . . . . . . . . . . . . . 29 - 5.2. RPS State Machine . . . . . . . . . . . . . . . . . . . . 31 - 5.2.1. Switch Initiation Criteria . . . . . . . . . . . . . 31 - 5.2.2. Initial States . . . . . . . . . . . . . . . . . . . 33 - 5.2.3. State transitions When Local Request is Applied . . . 34 - 5.2.4. State Transitions When Remote Request is Applied . . 38 - 5.2.5. State Transitions When Request Addresses to Another - Node is Received . . . . . . . . . . . . . . . . . . 41 - 5.3. RPS and PSC Comparison on Ring Topology . . . . . . . . . 43 - 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 44 - 6.1. G-ACh Channel Type . . . . . . . . . . . . . . . . . . . 44 - 6.2. RPS Request Codes . . . . . . . . . . . . . . . . . . . . 45 - 7. Security Considerations . . . . . . . . . . . . . . . . . . . 45 - 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 45 - 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 46 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 46 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 47 - 10.2. Informative References . . . . . . . . . . . . . . . . . 47 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48 + 4.1.2. Label Assignment and Distribution . . . . . . . . . . 8 + 4.1.3. Forwarding Operation . . . . . . . . . . . . . . . . 8 + 4.2. Failure Detection . . . . . . . . . . . . . . . . . . . . 9 + 4.3. Ring Protection . . . . . . . . . . . . . . . . . . . . . 10 + 4.3.1. Wrapping . . . . . . . . . . . . . . . . . . . . . . 11 + 4.3.2. Short Wrapping . . . . . . . . . . . . . . . . . . . 13 + 4.3.3. Steering . . . . . . . . . . . . . . . . . . . . . . 16 + 4.4. Interconnected Ring Protection . . . . . . . . . . . . . 19 + 4.4.1. Interconnected Ring Topology . . . . . . . . . . . . 19 + 4.4.2. Interconnected Ring Protection Mechanisms . . . . . . 21 + 4.4.3. Ring Tunnels in Interconnected Rings . . . . . . . . 22 + 4.4.4. Interconnected Ring Switching Procedure . . . . . . . 24 + 4.4.5. Interconnected Ring Detection Mechanism . . . . . . . 25 + 5. Ring Protection Coordination Protocol . . . . . . . . . . . . 26 + 5.1. RPS and PSC Comparison on Ring Topology . . . . . . . . . 26 + 5.2. RPS Protocol . . . . . . . . . . . . . . . . . . . . . . 27 + 5.2.1. Transmission and Acceptance of RPS Requests . . . . . 29 + 5.2.2. RPS PDU Format . . . . . . . . . . . . . . . . . . . 29 + 5.2.3. Ring Node RPS States . . . . . . . . . . . . . . . . 31 + 5.2.4. RPS State Transitions . . . . . . . . . . . . . . . . 33 + 5.3. RPS State Machine . . . . . . . . . . . . . . . . . . . . 35 + 5.3.1. Switch Initiation Criteria . . . . . . . . . . . . . 35 + 5.3.2. Initial States . . . . . . . . . . . . . . . . . . . 37 + 5.3.3. State transitions When Local Request is Applied . . . 38 + 5.3.4. State Transitions When Remote Request is Applied . . 42 + 5.3.5. State Transitions When Request Addresses to Another + Node is Received . . . . . . . . . . . . . . . . . . 45 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 47 + 6.1. G-ACh Channel Type . . . . . . . . . . . . . . . . . . . 48 + 6.2. RPS Request Codes . . . . . . . . . . . . . . . . . . . . 48 + 7. Operational Considerations . . . . . . . . . . . . . . . . . 48 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 49 + 9. Contributing Authors . . . . . . . . . . . . . . . . . . . . 50 + 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 51 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 52 + 11.2. Informative References . . . . . . . . . . . . . . . . . 52 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53 1. Introduction - As described in [RFC5654], MPLS-TP requirements, section 2.5.6.1, - Ring Protection, several service providers have expressed much - interest in operating MPLS-TP in ring topologies and require a high- - level survivability function in these topologies. In operational - transport network deployment, MPLS-TP networks are often constructed - using ring topologies. This calls for an efficient and optimized - ring protection mechanism to achieve simple operation and fast, sub - 50 ms, recovery performance. + As described in section 2.5.6.1 of [RFC5654], several service + providers have expressed much interest in operating MPLS-TP in ring + topologies and require a high- level survivability function in these + topologies. In operational transport network deployment, MPLS-TP + networks are often constructed using ring topologies. This calls for + an efficient and optimized ring protection mechanism to achieve + simple operation and fast, sub 50 ms, recovery performance. This document specifies an MPLS-TP Shared-Ring Protection mechanisms that meets the criteria for ring protection and the ring protection requirements described in section 2.5.6.1 of [RFC5654]. The basic concept and architecture of the Shared-Ring protection mechanism are specified in this document. This document describes the solutions for point-to-point transport paths. While the basic concept may also apply to point-to-multipoint transport paths, the solution for point-to-multipoint transport paths is out of the scope @@ -132,24 +132,24 @@ Terminology: Ring Node: All nodes in the ring topology are Ring Nodes and they MUST actively participate in the ring protection. Ring tunnel: A ring tunnel provides a server layer for the LSPs traversing the ring. The notation used for a ring tunnel is: R

where = c (clockwise) or a (anticlockwise),

= W (working) or P (protecting), and = the node name. - Ring map: A ring map is present in each ring-node. The ring-map + Ring map: A ring map is present in each ring node. The ring-map contains the ring topology information, i.e. the nodes in the ring, - the adjacency of the ring-nodes and the status of the links between - ring-nodes (Intact or Severed). The ring map is used by every ring + the adjacency of the ring nodes and the status of the links between + ring nodes (Intact or Severed). The ring map is used by every ring node to determine the switchover behavior of the ring tunnels. Notation: The following syntax will be used to describe the contents of the label stack: 1. The label stack will be enclosed in square brackets ("[]"). 2. Each level in the stack will be separated by the '|' character. @@ -162,68 +162,88 @@ 3. MPLS-TP Ring Protection Criteria and Requirements The generic requirements for MPLS-TP protection are specified in [RFC5654]. The requirements specific for ring protection are specified in section 2.5.6.1 of [RFC5654]. This section describes how the criteria for ring protection are met: a. The number of OAM entities needed to trigger protection - Each ring-node requires only one instance of the RPS protocol. The - OAM of the links connected to the adjacent ring-nodes has to be - forwarded to only this instance in order to trigger protection. + Each ring node requires only one instance of the RPS protocol per + ring. The OAM of the links connected to the adjacent ring-nodes has + to be forwarded to only this instance in order to trigger protection. + For detailed information, see section 5.2. b. The number of elements of recovery in the ring Each ring-node requires only one instance of the RPS protocol and is - independent of the number of LSPs that are protected. + independent of the number of LSPs that are protected. For detailed + information, see section 5.2. c. The required number of labels required for the protection paths The RPS protocol uses ring tunnels and each tunnel has a set of labels. The number of ring tunnel labels is related to the number of - ring-nodes and is independent of the number of protected LSPs. + ring-nodes and is independent of the number of protected LSPs. For + detailed information, see section 4.1.2. d. The amount of control and management-plane transactions - Each ring-node requires only one instance of the RPS protocol. This - means that only one maintenance operation is required per ring-node. + + Each ring-node requires only one instance of the RPS protocol per + ring. This means that only one maintenance operation is required per + ring-node. For detailed information, see section 5.2. e. Minimize the signaling and routing information exchange during protection Information exchange during a protection switch is using the in-band RPS and OAM messages. No control plane interactions are required. + For detailed information, see section 5.2. 4. Shared Ring Protection Architecture 4.1. Ring Tunnel This document introduces a new logical layer of the ring for shared ring protection in MPLS-TP networks. As shown in Figure 1, the new logical layer consists of ring tunnels which provides a server layer - for the LSPs traverse the ring. Once a ring tunnel is established, + for the LSPs traversing the ring. Once a ring tunnel is established, the forwarding and protection switching of the ring are all performed at the ring tunnel level. A port can carry multiple ring tunnels, and a ring tunnel can carry multiple LSPs. +------------- +-------------| +-------------| | ===Service1===| | | - | | Ring | Physical - ===Service2===| LSP | Tunnel | Port - | | | + ===Service2===| LSP1 | | + +-------------| | + |Ring-Tunnel1 | + +-------------| | ===Service3===| | | + ===Service4===| LSP2 | | + +-------------| | + +-------------| Physical + +-------------| + +-------------| | Port + ===Service5===| | | + ===Service6===| LSP3 | | + +-------------| | + |Ring-Tunnel2 | + +-------------| | + ===Service7===| | | + ===Service8===| LSP4 | | +-------------| | +-------------| +------------- + Figure 1. The logical layers of the ring The label stack used in MPLS-TP Shared Ring Protection mechanism is [Ring Tunnel Label|LSP Label|service Label](Payload) as illustrated in figure 2. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ring tunnel Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LSP Label | @@ -314,21 +334,21 @@ [RFC3031]. The ring tunnel labels on each hop of the ring tunnel can be either configured statically, provisioned by a controller, or distributed dynamically via a control protocol. For an LSP which traverses the ring tunnel, the ingress ring node and the egress ring node are considered adjacent at the LSP layer, and LSP label needs to be allocated at these two ring nodes. The control plane for label distribution is outside the scope of this document. 4.1.3. Forwarding Operation - When an MPLS-TP transport path, such as an LSP, enters the ring, the + When an MPLS-TP transport path, i.e. an LSP, enters the ring, the ingress node on the ring pushes the working ring tunnel label which is used to reach the specific egress node and sends the traffic to the next hop. The transit nodes on the working ring tunnel swap the ring tunnel labels and forward the packets to the next hop. When the packet arrives at the egress node, the egress node pops the ring tunnel label and forwards the packets based on the inner LSP label and service label. Figure 4 shows the label operation in the MPLS-TP shared ring protection mechanism. Assume that LSP1 enters the ring at Node A and exits from Node D, and the following label operations are executed. @@ -371,21 +391,21 @@ 4.2. Failure Detection The MPLS-TP section layer OAM is used to monitor the connectivity between each two adjacent nodes on the ring using the mechanisms defined in [RFC6371]. Protection switching is triggered by the failure detected on the ring by the OAM mechanisms. Two ports of a link form a Maintenance Entity Group (MEG), and an MEG end point (MEP) function is installed in each ring port. CC OAM packets are periodically exchanged between each pair of MEPs to - monitor the link health. Three consecutive lost CC packets will be + monitor the link health. Three consecutive lost CC packets MUST be interpreted as a link failure. A node failure is regarded as the failure of two links attached to that node. The two nodes adjacent to the failed node detect the failure in the links that are connected to the failed node. 4.3. Ring Protection This section specifies the ring protection mechanisms in detail. In general, the description uses the clockwise working ring tunnel and @@ -407,21 +427,24 @@ A->B->C->D. The label operation is: [LSP1](Payload) -> [RCW_D(B)|LSP1](NodeA) -> [RCW_D(C)|LSP1](NodeB) -> [RCW_D(D)| LSP1](NodeC) -> [LSP1](Payload). Then at node D the packet will be forwarded based on the label stack of LSP1. Three typical ring protection mechanisms are described in this section: wrapping, short wrapping and steering. All nodes on the - same ring MUST use the same protection mechanism. + same ring MUST use the same protection mechanism. If the RPS + protocol in any node detects RPS message with a protection switching + mode that was not provisioned in that node a failure of protocol will + be reported, and the protection mechanism will not be activated. Wrapping ring protection: the node which detects a failure or accepts a switch request switches the traffic impacted by the failure or the switch request to the opposite direction (away from the failure). In this way, the impacted traffic is switched to the protection ring tunnel by the switching node upstream of the failure, then travels around the ring to the switching node downstream of the failure through the protection ring tunnel, where it is switched back onto the working ring tunnel to reach the egress node. @@ -443,29 +466,31 @@ The following sections describe these protection mechanisms in detail. 4.3.1. Wrapping With the wrapping mechanism, the protection ring tunnel is a closed ring identified by the egress node. As shown in Figure 4, the RaP_D is the anticlockwise protection ring tunnel for the clockwise working ring tunnel RcW_D. As specified in the following sections, the closed ring protection tunnel can protect both link failures and node - failures. + failures. Wrapping can be applicable for the protection the p2mp + LSPs on the ring, the details of which is outside the scope of this + document. 4.3.1.1. Wrapping for Link Failure When a link failure between Node B and Node C occurs, if it is a bi- directional failure, both Node B and Node C can detect the failure - via the OAM mechanism; if it is a uni-directional failure, one of the - two nodes would detect the failure via the OAM mechanism. In both - cases the node at the other side of the detected failure will be + via the OAM mechanism; if it is an uni-directional failure, one of + the two nodes would detect the failure via the OAM mechanism. In + both cases the node at the other side of the detected failure will be determined by the ring-map and informed using the Ring Protection Switch Protocol (RPS) which is specified in section 5. Then Node B switches the clockwise working ring tunnel (RcW_D) to the anticlockwise protection ring tunnel (RaP_D) and Node C switches anticlockwise protection ring tunnel(RaP_D) back to the clockwise working ring tunnel (RcW_D). The payload which enters the ring at Node A and leaves the ring at Node D follows the path A->B->A->F->E->D->C->D. The label operation is: [LSP1](Payload) -> [RcW_D(B)|LSP1](Node A) -> [RaP_D(A)|LSP1](Node B) @@ -506,22 +531,25 @@ (RPS) specified in section 5. The payload which enters the ring at Node A and exits at Node D follows the path A->F->E->D->C->D. The label operation is: [LSP1](Payload)-> [RaP_D(F)|LSP1](NodeA) -> [RaP_D(E)|LSP1](NodeF) -> [RaP_D(D)|LSP1](NodeE) -> [RaP_D(C)|LSP1] (NodeD) -> [RcW_D(D)|LSP1] (NodeC) -> [LSP1](Payload). In one special case where node D fails, all the ring tunnels with - node D as egress will become unusable. However, before the failure - location information is propagated to all the ring nodes, the + node D as egress will become unusable. The ingress node will update + its ring map according to received RPS messages and determine that + the egress node is not reachable thus it will not send traffic to + either the working or the protection tunnel. However, before the + failure location information is propagated to all the ring nodes, the wrapping protection mechanism may cause temporary traffic loop: node C detects the failure and switches the traffic from the clockwise work ring tunnel (RcW_D) to the anticlockwise protection ring tunnel (RaP_D), node E also detects the failure and would switch the traffic from anticlockwise protection ring tunnel (RaP_D) back to the clockwise work ring tunnel (RcW_D). A possible mechanism to mitigate the temporary loop problem is: the TTL of the ring tunnel label is set to 2*N by the ingress ring node of the traffic, where N is the number of nodes on the ring. @@ -547,31 +575,33 @@ Figure 6. Wrapping for node failure 4.3.2. Short Wrapping With the wrapping protection scheme, protection switching is executed at both nodes adjacent to the failure, consequently the traffic will be wrapped twice. This mechanism will cause additional latency and bandwidth consumption when traffic is switched to the protection path. - With short wrapping protection, payload switching is executed only at - the node upstream to the failure, and payload leaves the ring in the - protection ring tunnel at the egress node. This scheme can reduce - the additional latency and bandwidth consumption when traffic is - switched to the protection path. + With short wrapping protection, protection switching is executed only + at the node upstream to the failure, and the packet leaves the ring + in the protection ring tunnel at the egress node. This scheme can + reduce the additional latency and bandwidth consumption when traffic + is switched to the protection path. However the two directions of a + protected bidirectional LSP are no longer co-routed under the + protection switching conditions. - In the wrapping solution, in normal state the protection ring tunnel - is a closed ring, while in the short wrapping solution, the - protection ring tunnel is terminated at the egress node, which is - similar to the working ring tunnel. Short wrapping is easy to - implement in shared ring protection because both the working and + In the traditional wrapping solution, the protection ring tunnel is + configured as a closed ring, while in the short wrapping solution, + the protection ring tunnel is configured as ended at the egress node, + which is similar to the working ring tunnel. Short wrapping is easy + to implement in shared ring protection because both the working and protection ring tunnels are terminated on the egress nodes. Figure 7 shows the clockwise working ring tunnel and the anticlockwise protection ring tunnel with node D as the egress node. 4.3.2.1. Short Wrapping for Link Failure As shown in Figure 7, in normal state, LSP1 is carried by the clockwise working ring tunnel (RcW_D) through the path A->B->C->D. When a link failure between Node B and Node C occurs, Node B switches the working ring tunnel RcW_D to the protection ring tunnel RaP_D in @@ -609,36 +639,39 @@ For the node failure which happens on a non-egress node, the short wrapping protection switching is similar to the link failure case as described in the previous section. This section specifies the scenario of an egress node failure. As shown in Figure 8, LSP1 enters the ring on node A, and leaves the ring on node D. In normal state, LSP1 is carried by the clockwise working ring tunnel (RcW_D) through the path A->B->C->D. When node D fails, traffic of LSP1 cannot be protected by any ring tunnels which - use node D as the egress node. However, before the failure location - information is propagated to all the ring nodes using the RPS - protocol, node C switches all the traffic on the working ring tunnel - RcW_D to the protection ring tunnel RaP_D in the opposite direction - based on the information in the ring map. When the traffic arrives - at node E which also detects the failure of node D, the protection - ring tunnel RaP_D cannot be used to forward traffic to node D. Since - with short wrapping mechanism, protection switching can only be - performed once from the working ring tunnel to the protection ring - tunnel, thus node E MUST NOT switch the traffic which is already - carried on the protection ring tunnel back to the working ring tunnel - in the opposite direction. Instead, node E will discard the traffic - received on RaP_D locally. This can avoid the temporary traffic loop - when the failure happens on the egress node of the ring tunnel. This - also illustrates one of the benefits of having separate working and - protection ring tunnels in each ring direction. + use node D as the egress node. The ingress node will update its ring + map according to received RPS messages and determine that the egress + node is not reachable thus it will not send traffic to either the + working or the protection tunnel. However, before the failure + location information is propagated to all the ring nodes using the + RPS protocol, node C switches all the traffic on the working ring + tunnel RcW_D to the protection ring tunnel RaP_D in the opposite + direction based on the information in the ring map. When the traffic + arrives at node E which also detects the failure of node D, the + protection ring tunnel RaP_D cannot be used to forward traffic to + node D. Since with short wrapping mechanism, protection switching + can only be performed once from the working ring tunnel to the + protection ring tunnel, thus node E MUST NOT switch the traffic which + is already carried on the protection ring tunnel back to the working + ring tunnel in the opposite direction. Instead, node E will discard + the traffic received on RaP_D locally. This can avoid the temporary + traffic loop when the failure happens on the egress node of the ring + tunnel. This also illustrates one of the benefits of having separate + working and protection ring tunnels in each ring direction. +---+#####[RaP_D(F)]######+---+ | F |---------------------| A | +-- LSP1 +---+*****[RcW_D(A)]******+---+ #/* *\# [RaP_D(E)]#/*[RcW_D(F)] [RcW_D(B)]*\#RaP_D(A) #/* *\# +---+ +---+ | E | | B | +---+ +---+ @@ -655,34 +688,31 @@ Figure 8. Short Wrapping for egress node failure 4.3.3. Steering With the steering protection mechanism, the ingress node (which adds traffic to the ring) perform switching from the working to the protection ring tunnel, and at the egress node the traffic leaves the ring from the protection ring tunnel. When a failure occurs in the ring, the node which detects the failure - using the OAM mechanism sends the failure information in the opposite + with OAM mechanism sends the failure information in the opposite direction of the failure hop by hop along the ring using an RPS request message and the ring-map information. When a ring node receives the RPS message which identifies a failure, it can determine the location of the fault by using the topology information of the ring map and updates the ring map accordingly, then it can determine whether the LSPs entering the ring locally need to switchover or not. For LSPs that need to switchover, it will switch the LSPs from the working ring tunnels to their corresponding protection ring tunnels. - The transfer of the failure information by the RPS protocol will - increase the protection switch time. 4.3.3.1. Steering for Link Failure - Ring map of F +--LSPl +-+-+-+-+-+-+-+ +---+ ###[RaP_D(F)]### +---/ +-+-+-+-+-+-+-+ |F|A|B|C|D|E|F| | F | ---------------- | A | |A|B|C|D|E|F|A| +-+-+-+-+-+-+-+ +---+ ***[RcW_D(A)]*** +---+ +-+-+-+-+-+-+-+ |I|I|I|S|I|I| |I|I|S|I|I|I| +-+-+-+-+-+-+ #/* *\# +-+-+-+-+-+-+ [RaP_D(E)] #/* [RcW_D(B)] *\# [RaP_D(A)] #/* [RcW_D(F)] *\# +-+-+-+-+-+-+-+ #/* *\# |E|F|A|B|C|D|E| +---+ +---+ +-- LSP2 @@ -792,33 +822,32 @@ If the failure occurs at the egress node of the LSP, the ingress node will update its ring map according to the received RPS messages, it will also determine that the egress node is not reachable after the failure, thus it will not send traffic to either the working or the protection tunnel, and a traffic loop can be avoided. 4.4. Interconnected Ring Protection 4.4.1. Interconnected Ring Topology - Interconnected ring topology is widely used in MPLS-TP networks. - This document will discuss two typical interconnected ring - topologies: + Interconnected ring topology is widely used in MPLS-TP networks. For + a given ring, the interconnection node acts as the egress node for + that ring, meaning that all LSPs using the interconnection node as an + egress from one specific ring to another will use the same group of + ring tunnels within the ring. This document will discuss two typical + interconnected ring topologies: 1. Single-node interconnected rings - In single-node interconnected rings, the connection between the two rings is through a single node. Because the interconnection node is in fact a single point of failure, this topology should be avoided in real transport networks. - Figure 11 shows the topology of single-node interconnected - rings. Node C is the interconnection node between Ring1 and - Ring2. Figure 11 shows the topology of single-node interconnected rings. Node C is the interconnection node between Ring1 and Ring2. +---+ +---+ +---+ +---+ | A |------| B |----- -----| G |------| H | +---+ +---+ \ / +---+ +---+ | \ / | | \ +---+ / | @@ -859,44 +888,50 @@ 4.4.2. Interconnected Ring Protection Mechanisms Interconnected rings can be treated as two independent rings. Ring protection switching (RPS) protocol operates on each ring independently. A failure that happens in one ring only triggers protection switching in the ring itself and does not affect the other ring, unless the failure is on the interconnection node. In this way, protection switching on each ring is the same as the mechanisms described in section 4.3. - The service LSPs that traverse the interconnected rings use separate - ring tunnels on each ring, and the LSPs on different rings are - stitched by the interconnection node. On the interconnection node, + The service LSPs that traverse the interconnected rings use the ring + tunnels in each ring, within a given ring, the tunnel is selected + using normal ring selection procedures. The traversing LSPs are + stitched on the interconnection node. On the interconnection node, the ring tunnel label of the source ring is popped, then LSP label is swapped, after that the ring tunnel label of the destination ring is pushed. In the dual-node interconnected ring scenario, the two interconnection nodes can be managed as a virtual node group. In addition to the ring tunnels to each physical ring node, Each ring SHOULD assign the working and protection ring tunnels to the virtual interconnection node group. In addition, on both nodes in the virtual interconnection node group, the same LSP label is assigned for each traversed LSP. This way, any interconnection node in the virtual node group can terminate the working or protection ring tunnels targeted to the virtual node group, and stitch the service LSP from the source ring tunnel to the destination ring tunnel. When the service LSP passes through the interconnected rings, the direction of the working ring tunnels used on both rings SHOULD be - the same. For example, if the service LSP uses the clockwise working - ring tunnel on Ring1, when the service LSP leaves Ring1 and enters - Ring2, the working ring tunnel used on Ring2 SHOULD also follow the - clockwise direction. + the same. In dual-node interconnected rings, this ensures that in + normal state the traffic passes only one of the two interconnection + nodes, and does not pass the link between the two interconnection + nodes. The traffic will then only be switched to the protection path + if the interconnection node which is in working path fails. For + example, if the service LSP uses the clockwise working ring tunnel on + Ring1, when the service LSP leaves Ring1 and enters Ring2, the + working ring tunnel used on Ring2 should also follow the clockwise + direction. 4.4.3. Ring Tunnels in Interconnected Rings The same ring tunnels as described in section 4.1 are used in each ring of the interconnected rings. In addition, ring tunnels to the virtual interconnection node group are established on each ring of the interconnected rings, i.e.: o one clockwise working ring tunnel to the virtual interconnection node group @@ -1048,71 +1083,117 @@ In Figure 13, Node F determines that the ring tunnel to Node I is unreachable, the service LSP1 for which the destination node on the ring2 is Node I MUST switch to the protection ring tunnel (R1aP_F&A) and consequently the service traffic LSP1 traverses the interconnected rings at Node A. Node A will pop the ring tunnel label of Ring1 and push the ring tunnel label of Ring2 and send the traffic to Node I via ring tunnel (R2aW_I). 5. Ring Protection Coordination Protocol -5.1. RPS Protocol +5.1. RPS and PSC Comparison on Ring Topology - The MSRP protection operation MUST be controlled with the help of the - Ring Protection Switch protocol (RPS). The RPS processes in each of - the individual ring nodes that form the ring MUST communicate using - the G-ACh channel. The RPS protocol is applicable to all the three - ring protection modes. This section takes the short-wrapping - mechanism described in section 4.3.2 as an example. + This section provides comparison between RPS and PSC [RFC6378] + [RFC6974] on ring topologies. This can be helpful to explain the + reason of defining a new protocol for ring protection switching. - All nodes in the same ring MUST use the same protection mechanism, - Wrapping, steering or short-wrapping. + The PSC protocol [RFC6378] is designed for point-to-point LSPs, on + which the protection switching can only be performed on one or both + of the end points of the LSP. The RPS protocol is designed for ring + tunnels, which consist of multiple ring nodes, and the failure could + happen on any segment of the ring, thus RPS is capable of identifying + and handling the different failures on the ring, and coordinating the + protection switching behavior of all the nodes on the ring. As will + be specified in the following sections, this is achieved with the + introduction of the "Pass-Through" state for the ring nodes, and the + location of the protection request is identified via the Node IDs in + the RPS Request message. - The RPS protocol MUST carry the ring status information and RPS - requests, either automatically initiated or externally initiated, - between the ring nodes. + Taking a ring topology with N nodes as example: - Each node on the ring MUST be uniquely identified by assigning it a - node ID. The node ID MUST be unique on each ring. The maximum - number of nodes on the ring supported by the RPS protocol is 127. - The node ID SHOULD be independent of the order in which the nodes - appear on the ring. The node ID is used to identity the source and - destination nodes of each RPS request. + With the mechanism specified in [RFC6974], on every ring node, a + linear protection configuration has to be provisioned with every + other node in the ring, i.e. with (N-1) other nodes. This means that + on every ring node there will be (N-1) instances of the PSC protocol. + And in order to detect faults and to transport the PSC message, each + instance shall have a MEP on the working path and a MEP on the + protection path respectively. This means that every node on the ring + needs to be configured with (N-1) * 2 MEPs. + + With the mechanism defined in this document, on every ring node there + will only be a single instance of the RPS protocol. In order to + detect faults and to transport the RPS message, each node only needs + to have a MEP on the section to its adjacent nodes respectively. In + this way, every ring node only needs to be configured with 2 MEPs. + + As shown in the above example, RPS is designed for ring topologies + and can achieve ring protection efficiently with minimum protection + instances and OAM entities, which meets the requirements on topology + specific recovery mechanisms as specified in [RFC5654]. + +5.2. RPS Protocol + + The Ring Protection Switch (RPS) Protocol defined in this section is + used to coordinate the protection switching action of all the ring + nodes in the same ring. + + The protection operation of the ring tunnels is controlled with the + help of the RPS protocol. The RPS processes in each of the + individual ring nodes that form the ring MUST communicate using the + G-ACh channel. The RPS protocol is applicable to all the three ring + protection modes. This section takes the short-wrapping mechanism + described in section 4.3.2 as an example. + + The RPS protocol is used to distribute the ring status information + and RPS requests to all the ring nodes. Changes in the ring status + information and RPS requests can be initiated automatically based on + link status or caused by external commands. + + Each node on the ring is uniquely identified by assigning it a node + ID. The node ID MUST be unique on each ring. The maximum number of + nodes on the ring supported by the RPS protocol is 127. The node ID + SHOULD be independent of the order in which the nodes appear on the + ring. The node ID is used to identity the source and destination + nodes of each RPS request. Every node obtains the ring topology either by configuration or via some topology discovery mechanism. The ring map consists of the ring topology information, and connectivity status (Intact or Severed) between the adjacent ring nodes, which is determined via the OAM message exchanged between the adjacent nodes. The ring map is used by every ring node to determine the switchover behavior of the ring tunnels. As shown in Figure 14, when no protection switching is active on the ring, each node MUST send RPS requests with No Request (NR) to its - two adjacent nodes periodically. + two adjacent nodes periodically. The transmission interval of RPS + requests is specified in section 5.2.1. +---+ A->B(NR) +---+ B->C(NR) +---+ C->D(NR) -------| A |-------------| B |-------------| C |------- (NR)F<-A +---+ (NR)A<-B +---+ (NR)B<-C +---+ Figure 14. RPS communication between the ring nodes in case of no failure in the ring As shown in Figure 15, When a node detects a failure and determines that protection switching is required, it MUST send the appropriate RPS request in both directions to the destination node. The destination node is the other node that is adjacent to the identified failure. When a node that is not the destination node receives an RPS request and it has no higher priority local request, it MUST transfer in the same direction the RPS request as received. In this way, the switching nodes can maintain RPS protocol communication in - the ring. + the ring. The RPS request MUST be terminated by the destination node + of the message. If an RPS request with the node itself set as the + source node is received, this message MUST be dropped and not be + forwarded to next node. +---+ C->B(SF) +---+ B->C(SF) +---+ C->B(SF) -------| A |-------------| B |----- X -----| C |------- (SF)C<-B +---+ (SF)C<-B +---+ (SF)B<-C +---+ Figure 15. RPS communication between the ring nodes in case of failure between nodes B and C Note that in the case of a bidirectional failure such as a cable cut, the two adjacent nodes detect the failure and send each other an RPS @@ -1125,67 +1206,67 @@ request. o In rings utilizing the short wrapping protection, each node detects the failure or receives the RPS request as the destination node MUST perform the switch only from the working ring tunnels to the protection ring tunnels. o In rings utilizing the steering protection. When a ring switch is required, any node MUST perform the switches if its added/dropped traffic is affected by the failure. Determination of the affected - traffic SHOULD be performed by examining the RPS requests + traffic MUST be performed by examining the RPS requests (indicating the nodes adjacent to the failure or failures) and the stored ring map (indicating the relative position of the failure and the added traffic destined towards that failure). When the failure has cleared and the Wait-to-Restore (WTR) timer has - expired, the nodes sourcing RPS requests MUST drop their respective - switches and MUST source an RPS request carrying the NR code. The - node receiving from both directions such an RPS request MUST drop its - protection switches. + expired, the nodes which generate the RPS requests MUST drop their + respective switches and MUST generate an RPS request carrying the NR + code. The node receiving from both directions such an RPS request + MUST drop its protection switches. A protection switch MUST be initiated by one of the criteria - specified in Section 5.2. A failure of the RPS protocol or + specified in Section 5.3. A failure of the RPS protocol or controller MUST NOT trigger a protection switch. Ring switches MUST be preempted by higher priority RPS requests. For example, consider a protection switch that is active due to a manual switch request on the given link, and another protection switch is required due to a failure on another link. Then an RPS request MUST be generated, the former protection switch MUST be dropped, and the latter protection switch established. - MSRP mechanism SHOULD support multiple protection switches in the - ring, resulting in the ring being segmented into two or more separate - segments. This may happen when several RPS requests of the same - priority exist in the ring due to multiple failures or external - switch commands. + The shared ring protection mechanism supports multiple protection + switches in the ring, resulting in the ring being segmented into two + or more separate segments. This may happen when several RPS requests + of the same priority exist in the ring due to multiple failures or + external switch commands. Proper operation of the MSRP mechanism relies on all nodes using their ring map to determine the state of the ring (nodes and links). In order to accommodate ring state knowledge, during a protection switch the RPS requests MUST be sent in both directions. -5.1.1. Transmission and Acceptance of RPS Requests +5.2.1. Transmission and Acceptance of RPS Requests A new RPS request MUST be transmitted immediately when a change in the transmitted status occurs. - The first three RPS protocol messages carrying new RPS request SHOULD + The first three RPS protocol messages carrying new RPS request MUST be transmitted as fast as possible. For fast protection switching within 50 ms, the interval of the first three RPS protocol messages SHOULD be 3.3 ms. The successive RPS requests SHOULD be transmitted with the interval of 5 seconds. A ring node which is not the destination of the received RPS message MUST forward it to the next node along the ring immediately. -5.1.2. RPS PDU Format +5.2.2. RPS PDU Format Figure 16 depicts the format of an RPS packet that is sent on the G-ACh. The Channel Type field is set to indicate that the message is an RPS message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 1|Version| Reserved | RPS Channel Type (TBD) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -1228,48 +1309,48 @@ | 0 0 0 0 1 1 1 1 | Lockout of Protection (LP) | highest | | 0 0 0 0 1 1 0 1 | Forced Switch (FS) | | | 0 0 0 0 1 0 1 1 | Signal Fail (SF) | | | 0 0 0 0 0 1 1 0 | Manual Switch (MS) | | | 0 0 0 0 0 1 0 1 | Wait-To-Restore (WTR) | | | 0 0 0 0 0 0 1 1 | Exercise (EXER) | | | 0 0 0 0 0 0 0 1 | Reverse Request (RR) | | | 0 0 0 0 0 0 0 0 | No Request (NR) | lowest | +------------------+-----------------------------+----------+ -5.1.3. Ring Node RPS States +5.2.3. Ring Node RPS States Idle state: A node is in the idle state when it has no RPS request - and is sourcing and receiving NR code to/from both directions. + and is sending and receiving NR code to/from both directions. Switching state: A node not in the idle or pass-through states is in the switching state. Pass-through state: A node is in the pass-through state when its highest priority RPS request is a request not destined to it or - sourced by it. The pass-through is bidirectional. + generated by it. The pass-through is bidirectional. -5.1.3.1. Idle State +5.2.3.1. Idle State - A node in the idle state MUST source the NR request in both + A node in the idle state MUST generate the NR request in both directions. A node in the idle state MUST terminate RPS requests flow in both directions. A node in the idle state MUST block the traffic flow on protection ring tunnels in both directions. -5.1.3.2. Switching State +5.2.3.2. Switching State - A node in the switching state MUST source RPS request to its adjacent - node with its highest RPS request code in both directions when it - detects a failure or receives an external command. + A node in the switching state MUST generate RPS request to its + adjacent node with its highest RPS request code in both directions + when it detects a failure or receives an external command. In bidirectional failure condition, both of the nodes adjacent to the failure detect the failure and send the RPS request in both directions with the destination set to each other, while each node can only receive the RPS request via the long path, the message sent via the short path will get lost due to the bidirectional failure. Here the short path refers to the shorter path on the ring between the source and destination node of the RPS request, and the long path refers to the longer path on the ring between the source and @@ -1287,109 +1368,111 @@ by replying an RPS request with the RR code on the short path, and an RPS request with the received RPS request code on the long path. Accordingly, when the node which detects the failure receives RPS request with RR code on the short path, then the RPS request received from the same node along the long path SHOULD be ignored. A node in the switching state MUST terminate the received RPS requests in both directions and not forward it further along the ring. - The following switches MUST be allowed to coexist: + The following switches as defined in section 5.3.1 MUST be allowed to + coexist: o LP and LP o FS and FS o SF and SF o FS and SF When multiple MS RPS requests exist at the same time addressing different links and there is no higher priority request on the ring, no switch SHOULD be executed and existing switches MUST be dropped. - The nodes MUST signal, anyway, the MS RPS request code. + The nodes MUST still signal RPS request with the MS code. Multiple EXER requests MUST be allowed to coexist in the ring. A node in a ring switching state that receives the external command LP for the affected link MUST drop its switch and MUST signal NR for the locked link if there is no other RPS request on another link. The node still SHOULD signal relevant RPS request for another link. -5.1.3.3. Pass-through State +5.2.3.3. Pass-through State When a node is in a pass-through state, it MUST transfer the received - RPS Request in the same direction. + RPS Request unchanged in the same direction. When a node is in a pass-through state, it MUST enable the traffic flow on protection ring tunnels in both directions. -5.1.4. RPS State Transitions +5.2.4. RPS State Transitions All state transitions are triggered by an incoming RPS request change, a WTR expiration, an externally initiated command, or locally detected MPLS-TP section failure conditions. RPS requests due to a locally detected failure, an externally initiated command, or received RPS request shall preempt existing RPS - requests in the prioritized order given in Section 5.1.2, unless the + requests in the prioritized order given in Section 5.2.2, unless the requests are allowed to coexist. -5.1.4.1. Transitions Between Idle and Pass-through States +5.2.4.1. Transitions Between Idle and Pass-through States The transition from the idle state to pass-through state MUST be triggered by a valid RPS request change, in any direction, from the NR code to any other code, as long as the new request is not destined to the node itself. Both directions move then into a pass-through - state, so that, traffic entering the node through the protection Ring + state, so that, traffic entering the node through the protection ring tunnels are transferred transparently through the node. - A node MUST revert from pass-through state to the idle state when it - detects NR codes incoming from both directions. Both directions - revert simultaneously from the pass-through state to the idle state. + A node MUST revert from pass-through state to the idle state when RPS + request with NR code is received in both directions. Then both + directions revert simultaneously from the pass-through state to the + idle state. -5.1.4.2. Transitions Between Idle and Switching States +5.2.4.2. Transitions Between Idle and Switching States Transition of a node from the Idle state to the Switching state MUST be triggered by one of the following conditions: o A valid RPS request change from the NR code to any code received on either the long or the short path and is destined to this node o An externally initiated command for this node o The detection of an MPLS-TP section layer failure at this node Actions taken at a node in the Idle state upon transition to the switching state are: o For all protection switch requests, except EXER and LP, the node MUST execute the switch o For EXER, and LP, the node MUST signal appropriate request but not execute the switch - In one of the following conditions, transition from the Idle state to - the Switching state MUST be triggered: + In one of the following conditions, transition from the Switching + state to the Idle state MUST be triggered: o On node which triggers the protection switching, when the WTR time expires or an externally initiated command is cleared, the node MUST transit from Switching state to Idle State and signal the NR code using RPS message in both directions. o On node which enters the switching state due to the received RPS request: Upon reception of the NR code from both directions, the head-end node MUST drop its switch, transition to Idle State and signal the NR code in both directions. -5.1.4.3. Transitions Between Switching States +5.2.4.3. Transitions Between Switching States When a node that is currently executing any protection switch receives a higher priority RPS request (due to a locally detected failure, an externally initiated command, or a ring protection switch request destined to it) for the same link, it MUST update the priority of the switch it is executing to the priority of the received RPS request. When a failure condition clears at a node, the node MUST enter WTR condition and remain in it for the appropriate time-out interval, @@ -1402,44 +1485,44 @@ o An externally initiated command becomes active The node MUST send out a WTR code on both the long and short paths. When a node that is executing a switch in response to incoming SF RPS request (not due to a locally detected failure) receives a WTR code (unidirectional failure case), it MUST send out RR code on the short path and the WTR on the long path. -5.1.4.4. Transitions Between Switching and Pass-through States +5.2.4.4. Transitions Between Switching and Pass-through States When a node that is currently executing a switch receives an RPS request for a non-adjacent link of higher priority than the switch it is executing, it MUST drop its switch immediately and enter the pass- through state. The transition of a node from pass-through to switching state MUST be triggered by: o An equal priority, a higher priority, or an allowed coexisting externally initiated command o The detection of an equal priority, a higher priority, or an allowed coexisting automatic initiated command o The receipt of an equal, a higher priority, or an allowed coexisting RPS request destined to this node -5.2. RPS State Machine +5.3. RPS State Machine -5.2.1. Switch Initiation Criteria +5.3.1. Switch Initiation Criteria -5.2.1.1. Administrative Commands +5.3.1.1. Administrative Commands Administrative commands can be initiated by the network operator through the Network Management System (NMS). The operator command may be transmitted to the appropriate node via the MPLS-TP RPS message. The following commands can be transferred by the RPS message: o Lockout of Protection (LP): This command prevents any protection activity and prevents using ring switches anywhere in the ring. @@ -1463,58 +1546,58 @@ o Exercise - Ring (EXER): This command exercises ring protection switching on the addressed link without completing the actual switch. The command is issued and the responses (RR) are checked, but no normal traffic is affected. The following commands are not transferred by the RPS message: o Clear: This command clears the administrative command and Wait-To- Restore timer (WTR) at the node to which the command was - addressed. The node-to-node signaling after the removal of the + addressed. The node to node signaling after the removal of the externally initiated commands is performed using the no-request code (NR). o Lockout of Working (LW): This command prevents the normal traffic transported over the addressed link from being switched to the protection entity by disabling the node's capability of requesting switch for this link in case of failure. If any normal traffic is already switched on the protection entity, the switch is dropped. If no other switch requests are active on the ring, the no-request code (NR) is transmitted. This command has no impact on any other link. If the node receives the switch request from the adjacent node from any side it will perform the requested switch. If the node receives the switch request addressed to the other node, it will enter the pass-through state. -5.2.1.2. Automatically Initiated Commands +5.3.1.2. Automatically Initiated Commands Automatically initiated commands can be initiated based on MPLS-TP section layer OAM indication and the received switch requests. The node can initiate the following switch requests automatically: o Signal Fail (SF): This command is issued when the MPLS-TP section layer OAM detects signal failure condition. o Wait-To-Restore (WTR): This command is issued when MPLS-TP section detects that the SF condition has cleared. It is used to maintain the state during the WTR period unless it is preempted by a higher priority switch request. The WTR time may be configured by the operator in 1 minute steps between 0 and 12 minutes; the default value is 5 minutes. o Reverse Request (RR): This command is transmitted to the source node of the received RPS message over the short path as an acknowledgment for receiving the switch request. -5.2.2. Initial States +5.3.2. Initial States This section describes the possible states of a ring node, the corresponding action of the working and protection ring tunnels on the node, and the RPS request which should be generated in that state. +-----------------------------------+----------------+ | State | Signaled RPS | +-----------------------------------+----------------+ | A | Idle | NR | @@ -1547,21 +1630,21 @@ +-----+-----------------------------+----------------+ | H | Switching - WTR | WTR | | | Working: switched | | | | Protection: switched | | +-----+-----------------------------+----------------+ | I | Switching - EXER | EXER | | | Working: no switch | | | | Protection: no switch | | +-----+-----------------------------+----------------+ -5.2.3. State transitions When Local Request is Applied +5.3.3. State transitions When Local Request is Applied In the state description below 'O' means that new local request will be rejected because of exiting request. ===================================================================== Initial state New request New state ------------- ----------- --------- A (Idle) LP C (Switching - LP) LW D (Idle - LW) FS E (Switching - FS) @@ -1706,21 +1789,21 @@ FS E (Switching - FS) SF F (Switching - SF) Recover from SF N/A MS G (Switching - MS) Clear A WTR expires N/A EXER N/A - if on the same link I (Switching - EXER) ===================================================================== -5.2.4. State Transitions When Remote Request is Applied +5.3.4. State Transitions When Remote Request is Applied The priority of a remote request does not depend on the side from which the request is received. ===================================================================== Initial state New request New state ------------- ----------- --------- A (Idle) LP C (Switching - LP) FS E (Switching - FS) SF F (Switching - SF) @@ -1838,21 +1921,21 @@ I (Switching - EXER) LP C (Switching - LP) FS E (Switching - FS) SF F (Switching - SF) MS G (Switching - MS) WTR N/A EXER I (Switching - EXER) RR I (Switching - EXER) NR N/A ===================================================================== -5.2.5. State Transitions When Request Addresses to Another Node is +5.3.5. State Transitions When Request Addresses to Another Node is Received The priority of a remote request does not depend on the side from which the request is received. ===================================================================== Initial state New request New state ------------- ----------- --------- A (Idle) LP B (Pass-through) FS B (Pass-through) @@ -1973,60 +2056,20 @@ I (Switching - EXER) LP B (Pass-through) FS B (Pass-through) SF B (Pass-through) MS B (Pass-through) WTR N/A EXER I (Switching - EXER) RR N/A NR N/A ===================================================================== -5.3. RPS and PSC Comparison on Ring Topology - - This section provides comparison between RPS and PSC [RFC6378] - [RFC6974] on ring topologies. This can be helpful to explain the - reason of defining a new protocol for ring protection switching. - - The PSC protocol [RFC6378] is designed for point-to-point LSPs, on - which the protection switching can only be performed on one or both - of the end points of the LSP. The RPS protocol is designed for ring - tunnels, which consist of multiple ring nodes, and the failure could - happen on any segment of the ring, thus RPS SHOULD be capable of - identifying and handling the different failures on the ring, and - coordinating the protection switching behavior of all the nodes on - the ring. As specified in section 5, this is achieved with the - introduction of the "Pass-Through" state for the ring nodes, and the - location of the protection request is identified via the Node IDs in - the RPS Request message. - - Taking a ring topology with N nodes as example: - - With the mechanism specified in [RFC6974], on every ring-node, a - linear protection configuration has to be provisioned with every - other node in the ring, i.e. with (N-1) other nodes. This means that - on every ring node there will be (N-1) instances of the PSC protocol. - And in order to detect faults and to transport the PSC message, each - instance shall have a MEP on the working path and a MEP on the - protection path respectively. This means that every node on the ring - needs to be configured with (N-1) * 2 MEPs. - - With the mechanism defined in this document, on every ring node there - will only be a single instance of the RPS protocol. In order to - detect faults and to transport the RPS message, each node only needs - to have a MEP on the section to its adjacent nodes respectively. In - this way, every ring-node only needs to be configured with 2 MEPs. - - As shown in the above example, RPS is designed for ring topologies - and can achieve ring protection efficiently with minimum protection - instances and OAM entities, which meets the requirements on topology - specific recovery mechanisms as specified in [RFC5654]. - 6. IANA Considerations IANA is requested to administer the assignment of new values defined in this document and listed in the sections below. 6.1. G-ACh Channel Type The Channel Types for the Generic Associated channel (GACh) are allocated from the IANA PW Associated Channel Type registry defined in [RFC4446] and updated by [RFC5586]. @@ -2038,22 +2081,22 @@ TBD | Ring Protection Switching |this document | Protocol (RPS) | ------+---------------------------+-------------- 6.2. RPS Request Codes IANA is requested to create a new sub-registry under the "Multiprotocol Label Switching (MPLS) Operations, Administration, and Management (OAM) Parameters" registry called the "MPLS RPS Request Code Registry". All code points within this registry shall be - allocated according to the "Standards Action" procedure as specified - in [RFC5226]. + allocated according to the "Specification Required" procedure as + specified in [RFC5226]. The RPS Request Field is 8 bits, the allocated values are as follows: Value Description Reference ------- --------------------------- --------------- 0 No Request (NR) this document 1 Reverse Request (RR) this document 2 unassigned 3 Exercise (EXER) this document 4 unassigned @@ -2061,28 +2104,89 @@ 6 Manual Switch (MS) this document 7-10 unassigned 11 Signal Fail (SF) this document 12 unassigned 13 Forced Switch (FS) this document 14 unassigned 15 Lockout of Protection (LP) this document 16-254 unassigned 255 Reserved -7. Security Considerations +7. Operational Considerations - The RPS protocol defined in this document is carried in the G-ACh - [RFC5586], which is a generalization of the Associated Channel - defined in [RFC4385]. The security considerations specified in these - documents apply to the proposed RPS mechanism. + This document describes three protection modes of the RPS protocol. + Operators could choose the appropriate protection mode according to + their network and service requirement. -8. Contributing Authors + Wrapping mode provides a ring protection mechanism in which the + protected traffic will reach every node of the ring, and is + applicable to protect both the point-to-point LSPs and LSPs which + needs to be dropped in several ring nodes, i.e. the point-to- + multipoint applications. When protection is in active, the protected + traffic is switched (wrapped) to/from the protection ring tunnel at + both sides of the defective link/node. Due to the wrapping the + additional propagation delay and bandwidth consumption of the + protection tunnel are considerable. For bidirectional LSP, the + protected traffic in both directions is co-routed. + + Short wrapping mode provides a ring protection mechanism which can be + used to protect only point-to-point LSPs. When protection is in + active, the protected traffic wrapped to the protection ring tunnel + at the defective link/node and leaves the ring when the protection + ring tunnel reach the egress node. Compared with wrapping mode, + short wrapping can reduce the propagation latency and bandwidth + consumption of the protection tunnel. However the two directions of + a protected bidirectional LSP are not totally co-routed. + + Steering mode provides a ring protection mechanism that can be used + to protect only point-to-point LSPs. When protection is in + active,the protected traffic is switched to the protection ring + tunnel at the ingress node and leaves the ring when the protection + ring tunnel reach the egress node. Steering mode has the least + propagation delay and bandwidth consumption of the three modes, and + the two directions of a protected bidirectional LSP can be kept co- + routed. + + Note that only one protection mode can be provisioned in the whole + ring for all protected traffic. + +8. Security Considerations + + MPLS-TP is a subset of MPLS and so builds upon many of the aspects of + the security model of MPLS. Please refer to [RFC5920] for generic + MPLS security issues and methods for securing traffic privacy and + integrity. + + The RPS message defined in this document is used for protection + coordination on the ring, if it is injected or modified by an + attacker, the ring nodes might not agree on the protection action, + and the improper protection switching action may cause temporary + break to services traversing the ring. It is important that the RPS + message is used within a trusted MPLS-TP network domain as described + in [RFC6941]. + + The RPS message is carried in the G-ACh [RFC5586], so it is dependent + on the security of the G-ACh itself. The G-ACh is a generalization + of the Associated Channel defined in [RFC4385]. Thus, this document + relies on the security mechanisms provided for the Associated Channel + as described in those two documents. + + As described in the security considerations of [RFC6378], the G-ACh + is essentially connection oriented so injection or modification of + control messages requires the subversion of a transit node. Such + subversion is generally considered hard in connection oriented MPLS + networks and impossible to protect against at the protocol level. + Management level techniques are more appropriate. The procedures and + protocol extensions defined in this document do not affect the + security model of MPLS-TP linear protection as defined in [RFC6378]. + +9. Contributing Authors Kai Liu Huawei Technologies Email: alex.liukai@huawei.com Jia He Huawei Technologies Email: hejia@huawei.com Fang Li China Academy of Telecommunication Research MIIT., China @@ -2105,28 +2209,28 @@ Email: wangminxue@chinamobile.com Sheng Liu China Mobile Email: liusheng@chinamobile.com Guanghui Sun Huawei Technologies Email: sunguanghui@huawei.com -9. Acknowledgements +10. Acknowledgements The authors would like to thank Gregory Mirsky, Yimin Shen, Eric Osborne, Spencer Jackson and Eric Gray for their valuable comments and suggestions. -10. References -10.1. Normative References +11. References +11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, DOI 10.17487/RFC3031, January 2001, . @@ -2144,37 +2248,46 @@ [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., "MPLS Generic Associated Channel", RFC 5586, DOI 10.17487/RFC5586, June 2009, . [RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., Sprecher, N., and S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, DOI 10.17487/RFC5654, September 2009, . -10.2. Informative References +11.2. Informative References [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, . + [RFC5920] Fang, L., Ed., "Security Framework for MPLS and GMPLS + Networks", RFC 5920, DOI 10.17487/RFC5920, July 2010, + . + [RFC6371] Busi, I., Ed. and D. Allan, Ed., "Operations, Administration, and Maintenance Framework for MPLS-Based Transport Networks", RFC 6371, DOI 10.17487/RFC6371, September 2011, . [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS- TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378, October 2011, . + [RFC6941] Fang, L., Ed., Niven-Jenkins, B., Ed., Mansfield, S., Ed., + and R. Graveman, Ed., "MPLS Transport Profile (MPLS-TP) + Security Framework", RFC 6941, DOI 10.17487/RFC6941, April + 2013, . + [RFC6974] Weingarten, Y., Bryant, S., Ceccarelli, D., Caviglia, D., Fondelli, F., Corsi, M., Wu, B., and X. Dai, "Applicability of MPLS Transport Profile for Ring Topologies", RFC 6974, DOI 10.17487/RFC6974, July 2013, . Authors' Addresses Weiqiang Cheng China Mobile