Network Working Group W. Cheng Internet-Draft L. Wang Intended status: Standards Track H. Li Expires: April 30, 2015 China Mobile K. Liu Huawei Technologies S. Davari Broadcom Corporation J. Dong Huawei Technologies A. D'Alessandro Telecom Italia October 27, 2014 Dual-Homing Protection for MPLS and MPLS-TP Pseudowires draft-cheng-pwe3-mpls-tp-dual-homing-protection-01 Abstract This document describes a framework and several scenarios for pseudowire (PW) dual-homing local protection. A Dual-Node Interconncetion (DNI) PW is provisioned between the dual-homing Provider Edge (PE) nodes for carrying traffic when failure accurs in the Attachment Circuit (AC) or PW side. In order for the dual-homing PE nodes to determine the forwarding state of AC, PW and the DNI PW, necessary state exchange and coordination between the dual-homing PEs are needed. The PW dual-homing local protection mechanism is complementary to the existing PW protection mechanisms. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Cheng, et al. Expires April 30, 2015 [Page 1] Internet-Draft Dual-Homing PW Protection October 2014 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 30, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Reference Models of Dual-homing Local Protection . . . . . . 3 2.1. PE Architecture . . . . . . . . . . . . . . . . . . . . . 3 2.2. Dual-Homing Local Protection Reference Scenarios . . . . 4 2.2.1. One-Side Dual-Homing Protection . . . . . . . . . . . 4 2.2.2. Two-side Dual-Homing Protection . . . . . . . . . . . 6 3. Generic Dual-homing PW Protection Mechanism . . . . . . . . . 7 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. Normative References . . . . . . . . . . . . . . . . . . 8 6.2. Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction [RFC6372] and [RFC6378] describe the framework and mechanism of MPLS- TP Linear protection, which can provide protection for the MPLS LSP or PW between the edge nodes. Such mechanism does not protect the failure of the Attachement Circuit (AC) or the Provider Edge (PE) node. [RFC6718] and [RFC6870] describe the framework and mechanism for PW redundancy to provide protection for AC or PE node failure. The PW redundancy mechanism is based on the signaling of Label Distribution Protocol (LDP), which is applicable to PWs with a dynamic control plane. [I-D.ietf-pwe3-endpoint-fast-protection] describes a fast local repair mechanism for PW egress endpoint Cheng, et al. Expires April 30, 2015 [Page 2] Internet-Draft Dual-Homing PW Protection October 2014 failures, which is based on PW redundancy, upstream label assignment and context specific label switching. Such mechanism is applicable to PWs with a dynamic control plane. In some scenarios such as mobile backhauling, the MPLS PWs are provisioned with dual-homing topology, in which at least the CE node in one side is dual-homed to two PEs. If some fault occurs in the primary AC, operators usually prefer to have the switchover only in the dual-homing PE side and keeps the working pseudowires unchanged if possible. This is to avoid massive PWs switchover in the mobile backhaul network due to one AC failure in the core site, and also could achieve efficient and balanced link bandwidth utilization. Similarly, it is preferable to keep using the working AC when one working PW fails in the PSN network. To meet the above requirement, a fast dual-homing PW local protection mechanism is needed to protect the failures in AC, the PE node and the PSN network. This document describes a framework and several scenarios for pseudowire (PW) dual-homing local protection. A Dual-Node Interconncetion (DNI) PW is provisioned between the dual-homing Provider Edge (PE) nodes for carrying traffic when failure accurs in the AC or PW side. In order for the dual-homing PE nodes to determine the forwarding state of AC, PW and DNI PW, necessary state exchange and coordination between the dual-homing PEs is needed. The mechanism defined in this document is complementary to the existing protection mechanisms. The neccessary protocol extensions will be described in a seperate document. The proposed mechanism has been deployed in several mobile backhaul networks which use static MPLS-TP PWs for the backhauling of mobile traffic. 2. Reference Models of Dual-homing Local Protection This section shows the reference architecture of the PE for dual- homing PW local protection and the usage of the architecture in different scenarios. 2.1. PE Architecture Figure 1 shows the PE architecture for dual-homing local protection. This is based on the architecture in Figure 4a of [RFC3985]. In addition to the AC and the service PW, a DNI PW is provisioned to connect the forwarders of the dual-homing PEs. It can be used to forward traffic between the dual-homing PEs when failure accurs in the AC or service PW side. As [RFC3985] specifies: "any required switching functionality is the responsibility of a forwarder function", in this case, the forwarder is responsible for switching Cheng, et al. Expires April 30, 2015 [Page 3] Internet-Draft Dual-Homing PW Protection October 2014 the payloads between three entities: the AC, the service PW and the DNI PW. The specific behavior of forwarder is determined according to the forwarding state machine defined in this document. +----------------------------------------+ | Dual-homing PE Device | Single +----------------------------------------+ AC | | | Service PW <------>o Forwarder + Service X<===========> | | PW | +--------+--------+ | | DNI PW | | +--------X--------+----------------------+ ^ | DNI PW | V +--------X-------------------------------+ | Peer Dual-homing PE Device | +----------------------------------------+ Figure 1: PE Architecture for Dual-homing Protection 2.2. Dual-Homing Local Protection Reference Scenarios 2.2.1. One-Side Dual-Homing Protection Figure 2 illustrates the network scenario of dual-homing PW local protection where one of the CEs is dual-homed to two PE nodes. CE1 is dual-homed to PE1 and PE2, while CE2 is single-homed to PE3. DNI- PW is established between the dual-homing PEs, which is used to bridge traffic when a failure occurs in the PSN network or in the AC side. A control mechanism enables the PEs and CE to determine which AC should be used to carry traffic between CE1 and the PSN network. These mechanisms/protocols are beyond the scope of this document. The working and protection PWs can be determined either by configuration or by existing signaling mechanisms. This scenario can protect the node failure of PE1 or PE2, or the failure of one of the ACs between CE1 and the dual-homing PEs. In addition, dual-homing PW protection can protect the failure occured in the PSN network which impacts the working PW, thus it can be an alternative to PSN tunnel protection mechanisms. This topology can be used in mobile backhauling application scenarios. For example, the NodeB serves as CE2 while the RNC serves as CE1. PE3 works as an access side MPLS device while PE1 and PE2 works as core side MPLS devices. Cheng, et al. Expires April 30, 2015 [Page 4] Internet-Draft Dual-Homing PW Protection October 2014 |<--------------- Emulated Service --------------->| | | | |<------- Pseudo Wire ------>| | | | | | | | |<-- PSN Tunnels-->| | | | V V V V | V AC1 +----+ +----+ V +-----+ | | PE1| | | +-----+ | |----------|........PW1.(working).......| | | | | | | | | | | | | +-+--+ | | AC3 | | | | | | | | | | | CE1 | DNI PW | |PE3 |----------| CE2 | | | | | | | | | | +-+--+ | | | | | | | | | | | | | |----------|......PW2.(protection)......| | | +-----+ | | PE2| | | +-----+ AC2 +----+ +----+ Figure 2. One-side dual-homing PW protection Consider in normal state AC1 from CE1 to PE1 is initially active and AC2 from CE1 to PE2 is initially standby, PW1 is the working PW and PW2 is the protection PW. When a failure occurs in AC1, then the state of AC2 changes to active based on some AC redundancy mechanism. In order to keep the switchover local and continue using PW1 to forward traffic, the forwarder on PE2 needs to connect AC2 to the DNI PW, and the forwarder on PE1 needs to connect the DNI PW to the PW1. In this way the failure in the AC1 do not impact the forwarding of the service PWs across the network. After the switchover, traffic will go through the path: CE1-(AC2)-PE2-(DNI-PW)-PE1-(PW1)-PE3-(AC3)-CE2. When a failure in the PSN network affects the working PW (PW1), according to PW protection mechanisms, traffic is switched onto the protection PW (PW2), while the state of AC1 remains active. Then the forwarder on PE1 needs to connect AC1 to the DNI PW, and the forwarder on PE2 needs to connect the DNI PW to PW2. In this way the failure in the PSN network do not impact the state of the ACs. After the switchover, traffic will go through the path: CE1-(AC1)-PE1-(DNI- PW)-PE2-(PW2)-PE3-(AC3)-CE2. In both AC and PW failure cases, the dual-homing PW protection needs to coordinate the PEs to set the forwarding state between the AC, service PW and DNI PW properly. Cheng, et al. Expires April 30, 2015 [Page 5] Internet-Draft Dual-Homing PW Protection October 2014 2.2.2. Two-side Dual-Homing Protection Figure 3 illustrates the network scenario of dual-homing PW protection where the CEs in both sides are dual-homed. CE1 is dual- homed to PE1 and PE2, and CE2 is dual-homed to PE3 and PE4. A dual- homing control mechanism enables the PEs and CEs to determine which AC should be used to carry traffic between CE and the PSN network. The DNI-PWs are provisioned between the dual-homing PEs on both side. One service PW is established between PE1 and PE3, another service PW is established between PE2 and PE4. The role of working and protection PW can be determined either by configuration or via existing signaling mechansims. This scenario can protect the node failure of one of the dual-homing PEs, or the failure of one of the ACs between the CEs and their dual- homing PEs. Meanwhile, dual-homing PW protection can protect the failure occured in the PSN network which impacts one of the PWs, thus it can be an alternative to PSN tunnel protection mechanisms. This scenario is mainly used for services provisioning for important business customers. In this case, CE1 and CE2 can be regarded as service access points. |<---------------- Emulated Service -------------->| | | | |<-------- Pseudowire ------>| | | | | | | | |<-- PSN Tunnels-->| | | | V V V V | V AC1 +----+ +----+ AC3 V +-----+ | | ...|...PW1.(working)..|... | | +-----+ | |----------| PE1| | PE3|----------| | | | +----+ +----+ | | | | | | | | | CE1 | DNI PW1 | | DNI PW2 | CE2 | | | | | | | | | +----+ +----+ | | | | | | | | | | | |----------| PE2| | PE4|--------- | | +-----+ | | ...|.PW2.(protection).|... | | +-----+ AC2 +----+ +----+ AC4 Figure 3. Two-side dual-homing PW protection Consider in normal state AC1 from CE1 to PE1 is initially active and AC2 from CE1 to PE2 is initially standby, AC3 from CE2 to PE3 is initially active and AC4 from CE2 to PE4 is initially standby, PW1 is the working PW and PW2 is the protection PW. Cheng, et al. Expires April 30, 2015 [Page 6] Internet-Draft Dual-Homing PW Protection October 2014 When a failure occurs in AC1, the state of AC2 changes to active based on some AC redundancy mechanism. In order to keep the switchover local and continue using PW1 to forward traffic, the forwarder on PE2 needs to connect AC2 to the DNI PW, and the forwarder on PE1 needs to connect the DNI PW with PW1. In this way failures in the AC side do not impact the forwarding of the service PWs across the network. After the switchover, traffic will go through the path: CE1-(AC2)-PE2-(DNI-PW1)-PE1-(PW1)-PE3-(AC3)-CE2. When a failure occurs in the working PW (PW1), according to the PW protection mechanism, traffic is switched onto the protection PW "PW2". In order to keep the state of AC1 and AC3 unchanged, the forwarder on PE1 needs to connect AC1 to the DNI-PW1, and the forwarder on PE2 needs to connect the DNI-PW1 to PW2. On the other side, the forwarder of PE3 needs to connect AC3 to the DNI-PW2, and the forwarder on PE4 needs to connect PW2 to the DNI-PW2. In this way, the state of the ACs will not be impacted by the failure in the PSN network. After the switchover, traffic will go through the path: CE1-(AC1)-PE1-(DNI-PW1)-PE2-(PW2)-PE4-(DNI-PW2)-PE3-(AC3)-CE2. In both AC and PW failure cases, the dual-homing PW protection needs to coordinate the PEs to set the forwarding state between the AC, service PW and the DNI PW properly. 3. Generic Dual-homing PW Protection Mechanism As shown in the above scenarios, with the described Dual-Homing PW Protection, the failures in the AC side do not impact the forwarding behavior of the PWs in the PSN network, and vice-versa. This is achieved by properly setting the forwarding state between the following entities: o AC o Service PWs o DNI PW The forwarding behavior of the dual-homing PE nodes are determined by the forwarding state machine as shown in table 1: Cheng, et al. Expires April 30, 2015 [Page 7] Internet-Draft Dual-Homing PW Protection October 2014 +-----------+---------+--------+---------------------+ |Service PW | AC | DNI PW | Forwarding Behavior | +-----------+---------+--------+---------------------+ | Active | Active | Up |Service PW <-> AC | +-----------+---------+--------+---------------------+ | Active | Standby | Up |Service PW <-> DNI PW| +-----------+---------+--------+---------------------+ | Standby | Active | Up | DNI PW <-> AC | +-----------+---------+--------+---------------------+ | Standby | Standby | Up | Drop all packets | +-----------+---------+--------+---------------------+ Table 1. Dual-homing PE Forwarding State Machine In order for the dual-homing PEs to coordinate the traffic forwarding during the failures, synchronization of the status information of the involved entities and coordination of switchover between the dual- homing PEs are needed. For PWs with a dynamic control plane, such information sychronization and coordination can be achieved with a dynamic protocol, such as [RFC7275], possibly with some extensions. For PWs which are manually configured without a control plane, a new mechanism is needed to exchange the status information and coordinate switchover between the dual-homing PEs. This is described in a separate document. 4. IANA Considerations This document does not require any IANA action. 5. Security Considerations The mechanism defined in this document do not affect the security model as defined in [RFC3985]. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3985] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture", RFC 3985, March 2005. 6.2. Informative References Cheng, et al. Expires April 30, 2015 [Page 8] Internet-Draft Dual-Homing PW Protection October 2014 [I-D.ietf-pwe3-endpoint-fast-protection] Shen, Y., Aggarwal, R., Henderickx, W., and Y. Jiang, "PW Endpoint Fast Failure Protection", draft-ietf-pwe3- endpoint-fast-protection-01 (work in progress), July 2014. [RFC6372] Sprecher, N. and A. Farrel, "MPLS Transport Profile (MPLS- TP) Survivability Framework", RFC 6372, September 2011. [RFC6378] Weingarten, Y., Bryant, S., Osborne, E., Sprecher, N., and A. Fulignoli, "MPLS Transport Profile (MPLS-TP) Linear Protection", RFC 6378, October 2011. [RFC6718] Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire Redundancy", RFC 6718, August 2012. [RFC6870] Muley, P. and M. Aissaoui, "Pseudowire Preferential Forwarding Status Bit", RFC 6870, February 2013. [RFC7275] Martini, L., Salam, S., Sajassi, A., Bocci, M., Matsushima, S., and T. Nadeau, "Inter-Chassis Communication Protocol for Layer 2 Virtual Private Network (L2VPN) Provider Edge (PE) Redundancy", RFC 7275, June 2014. Authors' Addresses Weiqiang Cheng China Mobile No.32 Xuanwumen West Street Beijing 100053 China Email: chengweiqiang@chinamobile.com Lei Wang China Mobile No.32 Xuanwumen West Street Beijing 100053 China Email: Wangleiyj@chinamobile.com Cheng, et al. Expires April 30, 2015 [Page 9] Internet-Draft Dual-Homing PW Protection October 2014 Han Li China Mobile No.32 Xuanwumen West Street Beijing 100053 China Email: Lihan@chinamobile.com Kai Liu Huawei Technologies Huawei Base, Bantian, Longgang District Shenzhen 518129 China Email: alex.liukai@huawei.com Shahram Davari Broadcom Corporation 3151 Zanker Road San Jose 95134-1933 United States Email: davari@broadcom.com Jie Dong Huawei Technologies Huawei Campus, No. 156 Beiqing Rd. Beijing 100095 China Email: jie.dong@huawei.com Alessandro D'Alessandro Telecom Italia via Reiss Romoli, 274 Torino 10148 Italy Email: alessandro.dalessandro@telecomitalia.it Cheng, et al. Expires April 30, 2015 [Page 10]