Network Working Group
Internet Engineering Task Force (IETF)                          W. Cheng
Internet-Draft
Request for Comments: 8184                                       L. Wang
Intended status:
Category: Informational                                            H. Li
Expires: October 28, 2017
ISSN: 2070-1721                                             China Mobile
                                                               S. Davari
                                                    Broadcom Corporation
                                                                 J. Dong
                                                     Huawei Technologies
                                                          April 26,
                                                               June 2017

Dual-Homing Protection for MPLS and MPLS-TP the MPLS Transport Profile (MPLS-TP)
                              Pseudowires
           draft-ietf-pals-mpls-tp-dual-homing-protection-06

Abstract

   This document describes a framework and several scenarios for a
   Pseudowire
   pseudowire (PW) dual-homing local protection mechanism which that avoids
   unnecessary switchovers and which can be used for scenarios using a
   control plane or does not using depend on whether a control plane.
   plane is used.  A Dual-Node Interconnection (DNI) PW is used for carrying to carry
   traffic between the dual-homing Provider Edge (PE) nodes for carrying traffic when a
   failure occurs in one of the Attachment Circuits (AC) or PWs.  This
   PW dual-homing local protection mechanism is complementary to
   existing PW protection mechanisms.

Status of This Memo

   This Internet-Draft document is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list  It represents the consensus of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a maximum candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of six months this document, any errata,
   and how to provide feedback on it may be updated, replaced, or obsoleted by other documents obtained at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 28, 2017.
   http://www.rfc-editor.org/info/rfc8184.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Reference Models of Dual-homing Dual-Homing Local Protection  . . . . . .   3
     2.1.  PE Architecture . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Dual-Homing Local Protection Reference Scenarios  . . . .   4
       2.2.1.  One-Side Dual-Homing Protection . . . . . . . . . . .   4
       2.2.2.  Two-side  Two-Side Dual-Homing Protection . . . . . . . . . . .   6
   3.  Generic Dual-homing Dual-Homing PW Protection Mechanism . . . . . . . . .   8
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   6.  Contributors  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
   7.
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     6.2.  Informative References  . . . . . . .   9
     7.1.  Normative References . . . . . . . . . .   9
   Contributors  . . . . . . . .   9
     7.2.  Informative References . . . . . . . . . . . . . . . . .   9 .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   [RFC6372] and [RFC6378] describe the framework and mechanism of MPLS-
   TP Linear MPLS
   Transport Profile (MPLS-TP) linear protection, which can provide
   protection for the MPLS LSP Label Switched Path (LSP) or pseudowire (PW)
   between the edge nodes.  This mechanism does not protect the against
   failure of the Attachment Circuit (AC) or the Provider Edge (PE)
   node.  [RFC6718] and [RFC6870] describe the framework and mechanism
   for PW redundancy to provide protection for against AC or PE node
   failure.  The PW redundancy mechanism is based on the signaling of
   the Label Distribution Protocol (LDP), which is applicable to PWs
   with a dynamic control plane.  [I-D.ietf-pals-endpoint-fast-protection]  [RFC8104] describes a fast local
   repair mechanism for PW egress endpoint failures, which is based on
   PW redundancy, upstream label assignment assignment, and context specific context-specific label
   switching.  The mechanism defined in
   [I-D.ietf-pals-endpoint-fast-protection] [RFC8104] is only applicable to
   PWs with a dynamic control plane.

   There is a need to support a dual-homing local protection mechanism
   which
   that avoids unnecessary switches of the AC or PW, PW and which can be used
   regardless if of whether a control plane is used.  In some scenarios scenarios,
   such as mobile backhauling, the MPLS PWs are provisioned with dual-homing
   topology, dual-
   homing topology in which at least the CE Customer Edge (CE) node on one
   side is dual-homed to two PEs.  If some fault occurs in the primary
   AC, operators usually prefer to have the switchover only on the dual-homing dual-
   homing PE side and keep the working pseudowires unchanged if
   possible.  This is to avoid massive PW switchover in the mobile
   backhaul network due to the AC failure in the mobile core site, which site; such
   massive PW switchover may in turn lead to congestion
   due to the migration of caused by
   migrating traffic away from the paths preferred by the paths of network planners.
   Similarly, as multiple PWs share the physical AC in the mobile core
   site, it is preferable to keep using the working AC when one working
   PW fails in PSN network, which could the Packet Switched Network (PSN) to potentially avoid
   unnecessary switchover for other PWs.  To meet the above
   requirements, a fast dual-homing local PW protection mechanism is
   needed to protect against the failures of an AC, the PE node, and the
   PSN network.
   PSN.

   This document describes the framework and several typical scenarios
   of pseudowire (PW) PW dual-homing local protection.  A Dual-Node Interconnection
   (DNI) PW is used between the dual-homing PE nodes for
   carrying to carry traffic
   when a failure occurs in the AC or PW side.  In order for the dual-homing dual-
   homing PE nodes to determine the forwarding state of AC, PW PW, and DNI DNI-
   PW, necessary state exchange and coordination between the dual-homing
   PEs is needed.  The necessary mechanisms and protocol extensions are
   defined in a companion document
   [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. [RFC8185].

2.  Reference Models of Dual-homing Dual-Homing Local Protection

   This section shows the reference architecture of the dual-homing PW
   local protection and the usage of the architecture in different
   scenarios.

2.1.  PE Architecture

   Figure 1 shows the PE architecture for dual-homing local protection.
   This is based on the architecture in Figure 4a of [RFC3985].  In
   addition to the AC and the service PW between the local and remote
   PEs, a DNI PW DNI-PW is used to connect the forwarders of the dual-homing
   PEs.  It can be used to forward traffic between the dual-homing PEs
   when a failure occurs in the AC or service PW side.  As [RFC3985]
   specifies: "any required switching functionality is the
   responsibility of a forwarder function", in function".  In this case, the forwarder
   is responsible for switching the payloads between three entities: the
   AC, the service PW PW, and the DNI PW. DNI-PW.

            +----------------------------------------+
            |          Dual-homing          Dual-Homing PE Device         |
            +----------------------------------------+
       AC   |                 |                      | Service PW
    <------>o    Forwarder    +       Service        X<===========>
            |                 |         PW           |
            +--------+--------+                      |
            |     DNI PW     DNI-PW      |                      |
            +--------X--------+----------------------+
                     ^
                     |  DNI PW  DNI-PW
                     |
                     V
            +--------X--------+----------------------+
            |     DNI PW     DNI-PW      |                      |
            +--------+--------+                      | Service PW
       AC   |                 |       Service        X<===========>
    <------>o    Forwarder    +         PW           |
            |                 |                      |
            +----------------------------------------+
            |          Dual-homing          Dual-Homing PE Device         |
            +----------------------------------------+

           Figure 1: PE Architecture for Dual-homing Dual-Homing Protection

2.2.  Dual-Homing Local Protection Reference Scenarios

2.2.1.  One-Side Dual-Homing Protection

   Figure 2 illustrates the network scenario of dual-homing PW local
   protection where only one of the CEs is dual-homed to two PE nodes.
   CE1 is dual-homed to PE1 and PE2, while CE2 is single-homed to PE3.
   A DNI-PW is established between the dual-homing PEs, which is used to
   bridge traffic when a failure occurs in the PSN network or in the AC side.  A
   dual-homing control mechanism enables the PEs and CE to determine
   which AC should be used to carry traffic between CE1 and the PSN network. PSN.
   The necessary control mechanisms and protocol extensions are defined
   in a companion document
   [I-D.ietf-pals-mpls-tp-dual-homing-coordination]. [RFC8185].

   This scenario can protect the against node failure of PE1 or PE2, PE2 or the
   failure of one of the ACs between CE1 and the dual-homing PEs.  In
   addition, dual-homing PW protection can protect a against failure occuring
   occurring in the PSN network which that impacts the working PW, thus PW; thus, it can be an
   alternative solution of PSN tunnel protection mechanisms.  This
   topology can be used in mobile backhauling application scenarios.
   For example, CE2 might be a an equipment cell site equipment such as a NodeB,
   whilst
   while CE1 is the shared Radio Network Controller (RNC).  PE3
   functions as an access side access-side MPLS device device, while PE1 and PE2 function
   as
   core side core-side MPLS devices.

           |<--------------- Emulated Service --------------->|
           |                                                  |
           |          |<------- Pseudo Wire Pseudowire  ------>|          |
           |          |                            |          |
           |          |    |<-- PSN Tunnels-->|    |          |
           |          V    V                  V    V          |
           V    AC1   +----+                  +----+          V
     +-----+    |     | PE1|                  |    |          +-----+
     |     |----------|........PW1.(working).......|          |     |
     |     |          |    |                  |    |          |     |
     |     |          +-+--+                  |    |     AC3  |     |
     |     |            |                     |    |     |    |     |
     | CE1 |     DNI-PW |                     |PE3 |----------| CE2 |
     |     |            |                     |    |          |     |
     |     |          +-+--+                  |    |          |     |
     |     |          |    |                  |    |          |     |
     |     |----------|......PW2.(protection)......|          |     |
     +-----+    |     | PE2|                  |    |          +-----+
                AC2   +----+                  +----+

               Figure 2. One-side dual-homing 2: One-Side Dual-Homing PW protection Protection

   Consider the example where in normal state AC1 from CE1 to PE1 is
   initially active and AC2 from CE1 to PE2 is initially standby, standby.  PW1
   is configured as the working PW and PW2 is configured as the
   protection PW.

   When a failure occurs in AC1, then the state of AC2 changes to active
   based on the AC dual-homing control mechanism.  In order to keep the
   switchover local and continue using PW1 for traffic forwarding as
   preferred according to traffic planning, the forwarder on PE2 needs
   to connect AC2 to the DNI PW, DNI-PW, and the forwarder on PE1 needs to
   connect the DNI PW DNI-PW to PW1.  In this way way, the failure in AC1 will not
   impact the forwarding of the service PWs across the network.  After
   the switchover, traffic will go through the bidirectional path: CE1-
   (AC2)-PE2-(DNI-PW)-PE1-(PW1)-PE3-(AC3)-CE2.
   CE1-(AC2)-PE2-(DNI-PW)-PE1-(PW1)-PE3-(AC3)-CE2.

   When a failure in the PSN network affects the working PW (PW1), according to
   PW protection mechanisms [RFC6378], traffic is switched onto the
   protection PW (PW2), (PW2) while the state of AC1 remains active.
   Then  Then, the
   forwarder on PE1 needs to connect AC1 to the DNI PW, DNI-PW, and the
   forwarder on PE2 needs to connect the DNI PW DNI-PW to PW2.  In this way way,
   the failure in the PSN network will not impact the state of the ACs.  After
   the switchover, traffic will go through the bidirectional path:
   CE1-(AC1)-PE1-(DNI-PW)-PE2-(PW2)-PE3-(AC3)-CE2.

   When a failure occurs in the working PE (PE1), it is equivalent to a
   failure of the working AC, the working PW PW, and the DNI PW. DNI-PW.  The state
   of AC2 changes to active based on the AC dual-homing control
   mechanism.  And  In addition, according to the PW protection mechanism,
   traffic is switched on to the protection PW "PW2".  In this case case, the
   forwarder on PE2 needs to connect AC2 to PW2.  After the switchover,
   traffic will go through the bidirectional path: CE1-(AC2)-PE2-(PW2)-PE3-
   (AC3)-CE2. CE1-(AC2)-PE2-(PW2)-
   PE3-(AC3)-CE2.

2.2.2.  Two-side  Two-Side Dual-Homing Protection

   Figure 3 illustrates the network scenario of dual-homing PW
   protection where the CEs in both sides are dual-homed.  CE1 is dual-
   homed to PE1 and PE2, and CE2 is dual-homed to PE3 and PE4.  A dual-
   homing control mechanism enables the PEs and CEs to determine which
   AC should be used to carry traffic between the CE and the PSN network.
   DNI-PWs PSN.  DNI-
   PWs are used between the dual-homing PEs on both sides.  One service
   PW is established between PE1 and PE3, and another service PW is
   established between PE2 and PE4.  The role of working and protection
   PW
   PWs can be determined either by either configuration or via existing signaling
   mechanisms.

   This scenario can protect the against node failure on one of the dual-homing
   PEs, dual-
   homing PEs or the failure on one of the ACs between the CEs and their dual-
   homing
   dual-homing PEs.  Also, dual-homing PW protection can protect if against
   the occurrence of failure occured in the PSN network which that impacts one of the PWs, thus PWs;
   thus, it can be used as an alternative solution of PSN tunnel
   protection mechanisms.  Note, this scenario is mainly used for
   services requiring high availability as it requires redundancy of the
   PEs and network utilization.  In this case, CE1 and CE2 can be
   regarded as service access points.

           |<---------------- Emulated Service -------------->|
           |                                                  |
           |          |<-------- Pseudowire ------>|          |
           |          |                            |          |
           |          |    |<-- PSN Tunnels-->|    |          |
           |          V    V                  V    V          |
           V    AC1   +----+                  +----+     AC3  V
     +-----+    |     | ...|...PW1.(working)..|... |     |    +-----+
     |     |----------| PE1|                  | PE3|----------|     |
     |     |          +----+                  +----+          |     |
     |     |            |                        |            |     |
     | CE1 |    DNI-PW1 |                        |  DNI-PW2   | CE2 |
     |     |            |                        |            |     |
     |     |          +----+                  +----+          |     |
     |     |          |    |                  |    |          |     |
     |     |----------| PE2|                  | PE4|--------- |     |
     +-----+    |     | ...|.PW2.(protection).|... |     |    +-----+
                AC2   +----+                  +----+     AC4

               Figure 3. Two-side dual-homing 3: Two-Side Dual-Homing PW protection Protection

   Consider the example where in normal state, state AC1 between CE1 and PE1 is
   initially active
   and active, AC2 between CE1 and PE2 is initially standby, AC3
   between CE2 and PE3 is initially active and AC4 from CE2 to PE4 is
   initially standby, standby.  PW1 is configured as the working PW and PW2 is
   configured as the protection PW.

   When a failure occurs in AC1, the state of AC2 changes to active
   based on the AC dual-homing control mechanism.  In order to keep the
   switchover local and continue using PW1 for traffic forwarding, the
   forwarder on PE2 needs to connect AC2 to the DNI-PW1, and the
   forwarder on PE1 needs to connect DNI-PW1 with PW1.  In this way way,
   failures in the AC side will not impact the forwarding of the service
   PWs across the network.  After the switchover, traffic will go
   through the bidirectional path: CE1-(AC2)-PE2-(DNI-PW1)-PE1-(PW1)-
   PE3-(AC3)-CE2.

   When a failure occurs in the working PW (PW1), according to the PW
   protection mechanism [RFC6378], traffic needs to be switched onto the
   protection PW "PW2".  In order to keep the state of AC1 and AC3
   unchanged, the forwarder on PE1 needs to connect AC1 to DNI-PW1, and
   the forwarder on PE2 needs to connect DNI-PW1 to PW2.  On the other
   side, the forwarder of PE3 needs to connect AC3 to DNI-PW2, and the
   forwarder on PE4 needs to connect PW2 to DNI-PW2.  In this way, the
   state of the ACs will not be impacted by the failure in the PSN
   network. PSN.
   After the switchover, traffic will go through the bidirectional path: CE1-(AC1)-PE1-(DNI-PW1)-PE2-(PW2)-PE4-(DNI-PW2)-
   PE3-(AC3)-CE2.
   CE1-(AC1)-PE1-(DNI-PW1)-PE2-(PW2)-PE4-(DNI-PW2)-PE3-(AC3)-CE2.

   When a failure occurs in the working PE (PE1), it is equivalent to
   the failures of the working AC, the working PW PW, and the DNI PW. DNI-PW.  The
   state of AC2 changes to active based on the AC dual-homing control
   mechanism.  And  In addition, according to the PW protection mechanism,
   traffic is switched on to the protection PW "PW2".  In this case case, the
   forwarder on PE2 needs to connect AC2 to PW2, and the forwarder on
   PE4 needs to connect PW2 to DNI-PW2.  After the switchover, traffic
   will go through the bidirectional path: CE1-(AC2)-PE2-(PW2)-PE4-(DNI-PW2)-
   PE3-(AC3)-CE2. CE1-(AC2)-PE2-(PW2)-PE4-(DNI-
   PW2)-PE3-(AC3)-CE2.

3.  Generic Dual-homing Dual-Homing PW Protection Mechanism

   As shown in the above scenarios, with the described dual-homing PW
   protection, failures in the AC side will not impact the forwarding
   behavior of the PWs in the PSN network, PSN, and vice-versa.

   In order for the dual-homing PEs to coordinate the traffic forwarding
   during the failures, synchronization of the status information of the
   involved entities and coordination of switchover between the dual-
   homing PEs are needed.  For PWs with a dynamic control plane, such
   information
   synchronization and coordination information can be achieved with a
   dynamic protocol, such as that described in [RFC7275], possibly with
   some extensions.  For PWs which that are manually configured without a
   control plane, a new mechanism is needed to exchange the status
   information and coordinate switchover between the dual-homing PEs, e.g.
   e.g., over an embedded PW control channel.  This is described in a companion document
   [I-D.ietf-pals-mpls-tp-dual-homing-coordination].
   [RFC8185].

4.  IANA Considerations

   This document does not require any IANA action.

5.  Security Considerations

   The scenarios defined in this document do not affect the security
   model as defined in [RFC3985].

   With the proposed protection mechanism, the disruption of a dual-
   homed AC, a component which that is outside the core network, would have a
   reduced impact on the traffic flows in the core network.  This could
   also avoid unnecessary congestion in the core network.

   The security consideration of the DNI PW DNI-PW is the same as for Service service
   PWs in the data plane [RFC3985].  Security considerations for the
   coordination/control mechanism will be addressed in the companion
   document that
   document, RFC 8185, which defines the mechanism.

6.  Contributors

   The following individuals substantially contributed to the content of
   this document:

   Kai Liu
   Huawei Technologies
   Email: alex.liukai@huawei.com

   Alessandro D'Alessandro
   Telecom Italia
   alessandro.dalessandro@telecomitalia.it

7.  References

7.1.

6.1.  Normative References

   [I-D.ietf-pals-mpls-tp-dual-homing-coordination]
              Cheng, W., Wang, L., Li, H., Dong, J., and A.
              D'Alessandro, "Dual-Homing Coordination for MPLS Transport
              Profile (MPLS-TP) Pseudowires Protection", draft-ietf-
              pals-mpls-tp-dual-homing-coordination-05 (work in
              progress), January 2017.

   [RFC3985]  Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation
              Edge-to-Edge (PWE3) Architecture", RFC 3985,
              DOI 10.17487/RFC3985, March 2005,
              <http://www.rfc-editor.org/info/rfc3985>.

7.2.  Informative References

   [I-D.ietf-pals-endpoint-fast-protection]
              Shen, Y., Aggarwal, R., Henderickx,

   [RFC8185]  Cheng, W., Wang, L., Li, H., Dong, J., and Y. Jiang, "PW
              Endpoint Fast Failure A.
              D'Alessandro, "Dual-Homing Coordination for MPLS Transport
              Profile (MPLS-TP) Pseudowires Protection", draft-ietf-pals-
              endpoint-fast-protection-05 (work in progress), January RFC 8185,
              DOI 10.17487/RFC8185, June 2017.

6.2.  Informative References

   [RFC6372]  Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport
              Profile (MPLS-TP) Survivability Framework", RFC 6372,
              DOI 10.17487/RFC6372, September 2011,
              <http://www.rfc-editor.org/info/rfc6372>.

   [RFC6378]  Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher,
              N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS-
              TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378,
              October 2011, <http://www.rfc-editor.org/info/rfc6378>.

   [RFC6718]  Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire
              Redundancy", RFC 6718, DOI 10.17487/RFC6718, August 2012,
              <http://www.rfc-editor.org/info/rfc6718>.

   [RFC6870]  Muley, P., Ed. and M. Aissaoui, Ed., "Pseudowire
              Preferential Forwarding Status Bit", RFC 6870,
              DOI 10.17487/RFC6870, February 2013,
              <http://www.rfc-editor.org/info/rfc6870>.

   [RFC7275]  Martini, L., Salam, S., Sajassi, A., Bocci, M.,
              Matsushima, S., and T. Nadeau, "Inter-Chassis
              Communication Protocol for Layer 2 Virtual Private Network
              (L2VPN) Provider Edge (PE) Redundancy", RFC 7275,
              DOI 10.17487/RFC7275, June 2014,
              <http://www.rfc-editor.org/info/rfc7275>.

   [RFC8104]  Shen, Y., Aggarwal, R., Henderickx, W., and Y. Jiang,
              "Pseudowire (PW) Endpoint Fast Failure Protection",
              RFC 8104, DOI 10.17487/RFC8104, March 2017,
              <http://www.rfc-editor.org/info/rfc8104>.

Contributors

   The following individuals substantially contributed to the content of
   this document:

   Kai Liu
   Huawei Technologies
   Email: alex.liukai@huawei.com

   Alessandro D'Alessandro
   Telecom Italia
   Email: alessandro.dalessandro@telecomitalia.it

Authors' Addresses

   Weiqiang Cheng
   China Mobile
   No.32 Xuanwumen West Street
   Beijing  100053
   China

   Email: chengweiqiang@chinamobile.com

   Lei Wang
   China Mobile
   No.32 Xuanwumen West Street
   Beijing  100053
   China

   Email: Wangleiyj@chinamobile.com

   Han Li
   China Mobile
   No.32 Xuanwumen West Street
   Beijing  100053
   China

   Email: Lihan@chinamobile.com
   Shahram Davari
   Broadcom Corporation
   3151 Zanker Road
   San Jose  95134-1933
   United States of America

   Email: davari@broadcom.com

   Jie Dong
   Huawei Technologies
   Huawei Campus, No. 156 Beiqing Rd.
   Beijing  100095
   China

   Email: jie.dong@huawei.com