Dual-Homing
Coordination for MPLS Transport Profile (MPLS-TP) Pseudowires
ProtectionChina MobileNo.32 Xuanwumen West StreetBeijing100053Chinachengweiqiang@chinamobile.comChina MobileNo.32 Xuanwumen West StreetBeijing100053ChinaWangleiyj@chinamobile.comChina MobileNo.32 Xuanwumen West StreetBeijing100053ChinaLihan@chinamobile.comHuawei TechnologiesHuawei Campus, No. 156 Beiqing Rd.Beijing100095Chinajie.dong@huawei.comTelecom Italiavia Reiss Romoli, 274Torino10148Italyalessandro.dalessandro@telecomitalia.itIn some scenarios, MPLS Transport Profile (MPLS-TP) pseudowires (PWs)
(RFC 5921) may be statically configured when a dynamic control plane is
not available. A fast protection mechanism for MPLS-TP PWs is needed to
protect against the failure of an Attachment Circuit (AC), the failure
of a Provider Edge (PE), or a failure in the Packet Switched Network
(PSN). The framework and typical scenarios of dual-homing PW local
protection are described in RFC 8184. This document proposes
a dual-homing coordination mechanism for MPLS-TP PWs that is used for
state exchange and switchover coordination between the dual-homing PEs
for dual-homing PW local protection., , and describe the framework and mechanism of MPLS
Transport Profile (MPLS-TP) linear protection, which can provide
protection for the MPLS Label Switched Path (LSP) and pseudowires (PWs)
between the edge nodes. These mechanisms cannot protect against the failure of
the Attachment Circuit (AC) or the edge nodes.
and specify the PW redundancy framework and
mechanism for protecting the AC or edge node against failure by adding one or
more edge nodes, but it requires PW switchover in case of an AC failure;
also, PW redundancy relies on Packet Switched Network (PSN) protection
mechanisms to protect against the failure of PW.In some scenarios such as mobile backhauling, the MPLS PWs are
provisioned with dual-homing topology in which at least the Customer
Edge (CE) node on
one side is dual-homed to two Provider Edge (PE) nodes. If a failure
occurs in the primary AC, operators usually prefer to perform local
switchover in the dual-homing PE side and keep the working pseudowire
unchanged, if possible.
This is to avoid massive PW switchover in the mobile backhaul network due to
AC failure in the mobile core site; such massive PW switchover may in turn
lead to congestion caused by migrating traffic away from the preferred paths
of network planners.
Similarly, as multiple PWs share the physical AC in the
mobile core site, it is preferable to keep using the working AC when
one working PW fails in the PSN to potentially avoid unnecessary
switchover for other PWs. To meet the above requirements, a fast dual-homing PW
protection mechanism is needed to protect against failure in the AC, the PE node, and the PSN.
describes a framework and several scenarios of dual-homing PW local
protection. This document proposes a dual-homing coordination mechanism for static
MPLS-TP PWs; the mechanism is used for information exchange and switchover
coordination between the dual-homing PEs for the dual-homing PW local
protection. The proposed mechanism has been implemented and
deployed in several mobile backhaul networks that use static MPLS-TP
PWs for the backhauling of mobile traffic from the radio access sites to
the core site.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.Linear protection mechanisms for the MPLS-TP network are defined in , , and . When such mechanisms are applied to PW linear
protection , both the working PW and the
protection PW are terminated on the same PE node. In order to provide
dual-homing protection for MPLS-TP PWs, some additional mechanisms are
needed.In MPLS-TP PW dual-homing protection, the linear protection mechanism
(as defined in , , and
) on the single-homing PE (e.g., PE3 in )
is not changed, while on the dual-homing side, the working PW and
protection PW are terminated on two dual-homing PEs (e.g., PE1 and PE2 in
), respectively, to protect against a failure occurring in a PE or a
connected AC. As described in , a dedicated
Dual-Node Interconnection (DNI) PW is used between the two dual-homing
PE nodes to forward the traffic. In order to utilize the linear
protection mechanism in the dual-homing PEs
scenario, coordination between the dual-homing PE nodes is needed so
that the dual-homing PEs can switch the connection between the AC, the
service PW, and the DNI-PW properly in a coordinated fashion by the
forwarder.In dual-homing MPLS-TP PW local protection, the forwarding states of
the dual-homing PEs are determined by the forwarding state machine in
Table 1.In order to achieve dual-homing MPLS-TP PW protection,
coordination between the dual-homing PE nodes is needed to exchange the
PW status and protection coordination requests.The coordination information will be sent on the DNI-PW over the
Generic Associated Channel (G-ACh) as described in . A new G-ACh channel type is defined for the
dual-homing coordination between the dual-homing PEs of MPLS-TP PWs.
This channel type can be used for the exchange of different types of
information between the dual-homing PEs. This document uses this
channel type for the exchange of PW status and switchover coordination
between the dual-homing PEs. Other potential usages of this channel
type are for further study and are out of the scope of this
document.The MPLS-TP Dual-Homing Coordination (DHC) message is sent on the
DNI-PW between the dual-homing PEs. The format of the MPLS-TP DHC
message is shown below:The first 4 octets is the common G-ACh header as specified in . The DHC Channel Type is the G-ACh channel type
code point assigned by IANA (0x0009).The Dual-Homing Group ID is a 4-octet unsigned integer to identify
the dual-homing group to which the dual-homing PEs belong. It MUST be
the same at both PEs in the same group.The TLV Length field specifies the total length in octets of the
subsequent TLVs.In this document, two TLVs are defined in the MPLS-TP Dual-Homing
Coordination message for dual-homing MPLS-TP PW protection:The PW Status TLV is used by a dual-homing PE to report its service
PW status to the other dual-homing PE in the same dual-homing
group.The Length field specifies the length in octets of the value
field of the TLV.The Destination Dual-Homing PE Node_ID is the 32-bit identifier
of the receiver PE , which supports both IPv4
and IPv6 environments. Usually it is the same as the Label Switching
Router ID (LSR ID) of the
receiver PE.The Source Dual-Homing PE Node_ID is the 32-bit identifier of the
sending PE , which supports both IPv4 and IPv6
environments. Usually it is the same as the LSR ID of the sending
PE.The DNI-PW ID field contains the 32-bit PW ID of the DNI-PW.The Flags field contains 32-bit flags, in which:
The P (Protection) bit indicates whether the Source Dual-Homing
PE is the working PE (P=0) or the protection PE (P=1).Other bits are reserved for future use, which MUST be set to 0
on transmission and MUST be ignored upon receipt.The Service PW Status field indicates the status of the service
PW between the sending PE and the remote PE. Currently, two bits are
defined in the Service PW Status field:
F bit: If set, it indicates Signal Fail (SF) on the service PW. It can be either a local
request generated by the PE itself or a remote request received
from the remote PE.D bit: If set, it indicates Signal Degrade (SD) on the service PW. It can be either a local
request or a remote request received from the remote PE.Other bits are reserved for future use, which MUST be set to 0
on transmission and MUST be ignored upon receipt.The Dual-Node Switching TLV is used by one dual-homing PE to send
protection state coordination to the other PE in the same dual-homing
group.The Length field specifies the length in octets of the value
field of the TLV.The Destination Dual-Homing PE Node_ID is the 32-bit identifier
of the receiver PE . Usually it is the same as
the LSR ID of the receiver PE.The Source Dual-Homing PE Node_ID is the 32-bit identifier of the
sending PE . Usually it is the same as the
LSR ID of the sending PE.The DNI-PW ID field contains the 32-bit PW-ID of the DNI-PW.The Flags field contains 32-bit flags, in which:The P (Protection) bit indicates whether the Source Dual-Homing
PE is the working PE (P=0) or the protection PE (P=1).The S (PW Switching) bit indicates which service PW is used for
forwarding traffic. It is set to 0 when traffic will be
transported on the working PW, and it is set to 1 if traffic will be
transported on the protection PW. The value of the S bit is
determined by the protection coordination mechanism between the
dual-homing PEs and the remote PE.Other bits are reserved for future use, which MUST be set to 0
on transmission and MUST be ignored upon receipt.When a change of service PW status is detected by one of the
dual-homing PEs, it MUST be reflected in the PW Status TLV and sent to
the other dual-homing PE as quickly as possible to allow for fast
protection switching using three consecutive DHC messages. This set of
three messages allows for fast protection switching even if one or two
of these packets are lost or corrupted. After the transmission of the
three rapid messages, the dual-homing PE MUST send the most recently
transmitted service PW status periodically to the other dual-homing PE
on a continual basis using the DHC message.When one dual-homing PE determines that the active service PW needs
to be switched from the working PW to the protection PW, it MUST send
the Dual-Node Switching TLV to the other dual-homing PE as quickly as
possible to allow for fast protection switching using three consecutive
DHC messages. After the transmission of the three messages, the
protection PW would become the active service PW, and the dual-homing
PE MUST send the most recently transmitted Dual-Node Switching TLV
periodically to the other dual-homing PE on a continual basis using
the DHC message.It is RECOMMENDED that the default interval of the first three
rapid DHC messages be 3.3 ms, similar to , and
the default interval of the subsequent messages is 1 second. Both the
default interval of the three consecutive messages as well as the
default interval of the periodic messages SHALL be configurable by
the operator.The dual-homing MPLS-TP PW protection mechanism can be deployed
with the existing AC redundancy mechanisms. On the PSN side, a
PSN tunnel protection mechanism is not required, as the dual-homing PW
protection can also protect if a failure occurs in the PSN.This section uses the one-side dual-homing scenario as an example
to describe the dual-homing PW protection procedures; the procedures
for a two-side dual-homing scenario would be similar.On the dual-homing PE side, the role of working and protection PE
are set by the management system or local configuration. The service
PW connecting to the working PE is the working PW, and the service PW
connecting to the protection PE is called the protection PW.On the single-homing PE side, it treats the working PW and
protection PW as if they terminate on the same remote PE node, thus
normal MPLS-TP protection coordination procedures still apply on the
single-homing PE.The forwarding behavior of the dual-homing PEs is determined by the
components shown in the figure below:
In , for each dual-homing PE, the service PW is the PW used
to carry service between the dual-homing PE and the remote PE. The
state of the service PW is determined by the Operation, Administration,
and Maintenance (OAM) mechanisms between the dual-homing PEs and the
remote PE.The DNI-PW is provisioned between the two dual-homing PE nodes. It
is used to bridge traffic when a failure occurs in the PSN or
in the ACs. The state of the DNI-PW is determined by the OAM mechanism
between the dual-homing PEs. Since the DNI-PW is used to carry both
the DHC messages and the service traffic during protection switching,
it is important to ensure the robustness of the DNI-PW. In order to
avoid the DNI-PW failure due to the failure of a particular link, it
is RECOMMENDED that multiple diverse links be deployed between the
dual-homing PEs and the underlying Label Switched Path (LSP) protection
mechanism SHOULD be enabled.
The AC is the link that connects a dual-homing PE to the
dual-homed CE. The status of AC is determined by the existing AC
redundancy mechanisms; this is out of the scope of this document.In order to perform dual-homing PW local protection, the service PW
status and Dual-Node Switching coordination requests are exchanged
between the dual-homing PEs using the DHC message defined in .Whenever a change of service PW status is detected by a dual-homing
PE, it MUST be reflected in the PW Status TLV and sent to the other
dual-homing PE immediately using the three consecutive DHC messages. After
the transmission of the three rapid messages, the dual-homing PE MUST
send the most recently transmitted service PW status periodically to
the other dual-homing PE on a continual basis using the DHC message.
This way, both dual-homing PEs have the status of the working and
protection PW consistently.When there is a switchover request either generated locally or
received on the protection PW from the remote PE, based on the status
of the working and protection service PW along with the local and
remote request of the protection coordination between the dual-homing
PEs and the remote PE, the active/standby state of the service PW can
be determined by the dual-homing PEs. As the remote protection
coordination request is transmitted over the protection path, in this
case the active/standby status of the service PW is determined by the
protection PE in the dual-homing group.If it is determined on one dual-homing PE that switchover of the
service PW is needed, this dual-homing PE MUST set the S bit in the
Dual-Node Switching TLV and send it to the other dual-homing PE
immediately using the three consecutive DHC messages. With the
exchange of service PW status and the switching request, both dual-homing PEs are
consistent on the active/standby forwarding status of the working and
protection service PWs. The status of the DNI-PW is determined by PW
OAM mechanism as defined in , and the status
of ACs is determined by existing AC redundancy mechanisms: both are
out of the scope of this document. The forwarding behavior on the
dual-homing PE nodes is determined by the forwarding state machine as
shown in Table 1.Using the topology in as an example, in normal state, the
working PW (PW1) is in active state, the protection PW (PW2) is in
standby state, the DNI-PW is up, and AC1 is in active state according
to the AC redundancy mechanism. According to the forwarding state
machine in Table 1, traffic will be forwarded through the working PW
(PW1) and the primary AC (AC1). No traffic will go through the
protection PE (PE2) or the DNI-PW, as both the protection PW (PW2) and
the AC connecting to PE2 are in standby state.If a failure occurs in AC1, the state of AC2 changes to active
according to the AC redundancy mechanism, while there is no change in
the state of the working and protection PWs. According to the
forwarding state machine in Table 1, PE1 starts to forward traffic
between the working PW and the DNI-PW, and PE2 starts to forward
traffic between AC2 and the DNI-PW. It should be noted that in this
case only AC switchover takes place; in the PSN, traffic is
still forwarded using the working PW.If a failure in the PSN brings PW1 down, the failure can be
detected by PE1 or PE3 using existing OAM mechanisms. If PE1 detects
the failure of PW1, it MUST inform PE2 of the state of the working PW using
the PW Status TLV in the DHC messages and change the forwarding status
of PW1 to standby. On receipt of the DHC message, PE2 SHOULD change
the forwarding status of PW2 to active. Then, according to the
forwarding state machine in Table 1, PE1 SHOULD set up the connection
between the DNI-PW and AC1, and PE2 SHOULD set up the connection
between PW2 and the DNI-PW. According to the linear protection
mechanism , PE2 also sends an appropriate
protection coordination message over the
protection PW (PW2) to PE3 for the remote side to switchover from PW1
to PW2. If PE3 detects the failure of PW1, according to the linear
protection mechanism , it sends a protection
coordination message on the protection PW (PW2) to inform PE2 of the
failure on the working PW. Upon receipt of the message, PE2 SHOULD
change the forwarding status of PW2 to active and set up the
connection according to the forwarding state machine in Table 1. PE2
SHOULD send a DHC message to PE1 with the S bit set in the Dual-Node
Switching TLV to coordinate the switchover on PE1 and PE2. This is
useful for a unidirectional failure that cannot be detected by
PE1.If a failure brings the working PE (PE1) down, the failure can be
detected by both PE2 and PE3 using existing OAM mechanisms. Both PE2
and PE3 SHOULD change the forwarding status of PW2 to active and send
a protection coordination message on the
protection PW (PW2) to inform the remote side to switchover. According
to the existing AC redundancy mechanisms, the status of AC1 changes to
standby and the state of AC2 changes to active. According to the
forwarding state machine in Table 1, PE2 starts to forward traffic
between the PW2 and AC2.IANA has assigned a new channel type for the
"MPLS-TP Dual-Homing Coordination Message" from the
"MPLS Generalized Associated Channel (G-ACh) Types (including Pseudowire
Associated Channel Types)" subregistry witin the "Generic Associated Channel
(G-ACh) Parameters" registry.IANA has created a new subregistry called
"MPLS-TP DHC TLVs" within the "Generic Associated Channel (G-ACh)
Parameters" registry. The registry has the following fields and initial
allocations:The allocation policy for this registry is IETF Review, as specified
in .MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
the MPLS security model. Please refer to for
generic MPLS security issues and methods for securing traffic privacy
and integrity.The DHC message defined in this document contains control
information. If it is injected or modified by an attacker, the
dual-homing PEs might not agree on which PE should be used to deliver
the CE traffic, and this could be used as a denial-of-service attack
against the CE. It is important that the DHC message be used within a
trusted MPLS-TP network domain as described in .The DHC message is carried in the G-ACh , so
it is dependent on the security of the G-ACh itself. The G-ACh is a
generalization of the Associated Channel defined in . Thus, this document relies on the security
mechanisms provided for the Associated Channel as described in those two
documents.As described in the Security Considerations section of , the G-ACh is essentially connection oriented, so
injection or modification of control messages requires the subversion of
a transit node. Such subversion is generally considered hard in
connection-oriented MPLS networks and impossible to protect against at
the protocol level. Management-level techniques are more appropriate.
The procedures and protocol extensions defined in this document do not
affect the security model of MPLS-TP linear protection as defined in
.Uniqueness of the identifiers defined in this document is guaranteed
by the assigner (e.g., the operator). Failure by an assigner to use
unique values within the specified scoping for any of the identifiers
defined herein could result in operational problems. Please refer to
for more details about the uniqueness of the
identifiers.Dual-Homing Protection for MPLS and MPLS Transport Profile (MPLS-TP) Pseudowires
The following individuals substantially contributed to the content of this
document: