Internet Draft Alex Audu Expiration: December 2003 Alcatel USA Inc. File: draft-gopal-forces-fact-04.txt Working Group: ForCES Ram Gopal Nokia Hormuzd Khosravi Intel Chaoping Wu Azanda Network Devices June 2003 ForwArding and Control ElemenT protocol (FACT) draft-gopal-forces-fact-04.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of [1]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [2]. Abstract This document defines a FACT protocol that is suitable for communicating between Forwarding Element and Control Elements inside a network element. This protocol addresses all the requirements described in Forces [3] requirements document. This document also describes some of the architecture that FACT may leverage during the protocol operation. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 1] Internet Draft Forwarding and Control Element protocol June 2003 Table of Content 1. Definitions.....................................................3 2. Introduction....................................................5 3. Protocol Overview...............................................5 3.1. Independence from Interconnect................................7 3.2. Reliability...................................................7 3.3. Separate Control and Data channels............................7 3.4. Fail-Over Model...............................................8 4. Message Overview................................................9 4.1. Protocol Message Header structure.............................9 4.1.1. Version.....................................................9 4.1.2. Message Classes and Types...................................9 4.1.3. Length.....................................................11 4.1.4. CE Tag.....................................................11 4.1.5. FE Identifier..............................................12 4.1.6. Priority (P) Bits..........................................12 4.1.7. Transaction Sequence Number (TSN)..........................12 4.2. Service Data or Payload Structure............................12 5. FACT Messages..................................................14 5.1. Association and Connection (CA) Messages.....................14 5.1.1. Join Request...............................................14 5.1.2. Join Response..............................................15 5.1.3. Leave Request..............................................16 5.1.4. Leave Response.............................................17 5.2. Capabilities Control (CAPCO) Messages........................17 5.2.1. Capabilities Request.......................................18 5.2.2. Capabilities Response......................................18 5.2.3. Configure Logic Components Request.........................19 5.2.4. Configure Logic Components Response........................21 5.2.5. Topology Request...........................................22 5.2.6. Topology Response..........................................22 5.2.7. Query Request..............................................23 5.2.8. Query Response.............................................23 5.2.9. Error TLV..................................................24 5.3. PE Maintenance Messages......................................25 5.3.1. Protocol Element UP (PEUP).................................25 5.3.2. Protocol Element Up Acknowledge............................25 5.3.3. Protocol Element Active (PEACT)............................25 5.3.4. Protocol Element Active Acknowledgement (PEACT-ACK)........27 5.3.5. Protocol Element Inactive (PEINACT)........................27 5.3.6. Protocol Element Inactive Acknowledgement (PEINACT-ACK)....27 5.3.7. Protocol Element Down (PEDOWN).............................27 5.3.8. Protocol Element Down Ack (PEDN-ACK).......................28 5.3.9. Heartbeat (or Health check)................................29 5.3.10. Heartbeat Acknowledgement (HB-ACK)........................29 5.4. PE Traffic Maintenance (PETM) Messages.......................29 Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 2] Internet Draft Forwarding and Control Element protocol June 2003 5.4.1. Control Packet Redirect to CE..............................29 5.4.2. Control Packet Forwarding to FE............................30 5.4.3. Control Packet Forwarding Acknowledgement..................31 5.5. Event Notification Messages..................................31 5.5.1. Event Register.............................................31 5.5.2. Event Register Acknowledgement.............................32 5.5.3. Event De-Register..........................................32 5.5.4. Event De-Register Acknowledgement..........................32 5.5.5. Asynchronous EE Event Notification.........................33 5.6. Vendor Specific Function Message Handling....................33 5.6.1. Vendor Specific Data (VS-DATA Request).....................34 5.6.2. Vendor Specific Data Ack (VS-Data Ack).....................34 6. Procedures for FACT Protocol...................................34 6.1. CE and FE State Maintenance..................................34 6.1.1. CE and FE States...........................................35 6.1.2. NE States..................................................36 6.2. State Maintenance Procedures.................................38 6.2.1. Protocol Element Up........................................38 6.2.2. Protocol Element Down......................................38 6.2.3. Protocol Element ACTIVE....................................39 6.2.4. Protocol Element Inactive..................................39 7. Example Scenarios..............................................40 7.1. Establishment of Association.................................40 7.2. Steady State Communication...................................41 7.3. CE Fail-over Scenarios.......................................42 8. Security Considerations........................................43 8.1. IPSec Usage with FACT........................................44 8.2. TLS Usage with FACT..........................................45 9. Architecture support for FACT protocol.........................45 9.1. Configurable parameters......................................45 10. IANA Considerations...........................................46 11. References....................................................46 12. Acknowledgments...............................................47 13. Authors' Addresses............................................47 1. Definitions The following definitions are taken from [3] Forwarding Element (FE) - A logical entity that implements the ForCES protocol. FEs use the underlying hardware to provide per- packet processing and handling as directed by a CE via the ForCES protocol. FEs may use PFE partitions, whole PFEs, or multiple PFEs. Control Element (CE) - A logical entity that implements the ForCES protocol and uses it to instruct one or more FEs how to process packets. CEs handle functionality such as the execution of control Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 3] Internet Draft Forwarding and Control Element protocol June 2003 and signaling protocols. CEs may consist of PCE partitions or whole PCEs. Pre-association Phase - The period of time during which a FE Manager (see below) and a CE Manager (see below) are determining which FE and CE should be part of the same network element. Post-association Phase - The period of time during which a FE does know which CE is to control it and vice versa, including the time during which the CE and FE are establishing communication with one another. ForCES Protocol - While there may be multiple protocols used within the overall ForCES architecture, the term "ForCES protocol" refers only to the ForCES post-association phase protocol (see below). ForCES Post-Association Phase Protocol - The protocol used for post- association phase communication between CEs and FEs. This protocol does not apply to CE-to-CE communication, FE-to-FE communication, or to communication between FE and CE managers. The ForCES protocol is a master-slave protocol in which FEs are slaves and CEs are masters. This protocol includes both the management of the communication channel (e.g., connection establishment, heartbeats) and the control messages themselves. The term ForCES protocol may refer to a suite of protocols that are used to exchange control information as well as redirect data packets between the CEs and FEs. FE Model û Modeling of logical functions in a Forwarding element line card. FE Manager - A logical entity that operates in the pre-association phase and is responsible for determining to which CE(s) a FE should communicate. This process is called CE discovery and may involve the FE manager learning the capabilities of available CEs. A FE manager may use anything from a static configuration to a pre- association phase protocol (see below) to determine which CE(s) to use. Being a logical entity, a FE manager might be physically combined with any of the other logical entities mentioned in this section. CE Manager - A logical entity that operates in the pre-association phase and is responsible for determining to which FE(s) a CE should communicate. This process is called FE discovery and may involve the CE manager learning the capabilities of available FEs. A CE manager may use anything from a static configuration to a pre- association phase protocol (see below) to determine which FE to use. Being a logical entity, a CE manager might be physically combined with any of the other logical entities mentioned in this section. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 4] Internet Draft Forwarding and Control Element protocol June 2003 Pre-association Phase Protocol - A protocol between FE managers and CE managers that is used to determine which CEs or FEs to use. A pre-association phase protocol may include a CE and/or FE capability discovery mechanism. Note that this capability discovery process is wholly separate from (and does not replace) that used within the ForCES protocol (see Section 7, requirement #1). However, the two capability discovery mechanisms may utilize the same FE model (see Section 6). Pre-association phase protocols are not discussed further in this document (see Section 11.3). ForCES Network Element (NE) - An entity composed of one or more CEs and one or more FEs. To entities outside a NE, the NE represents a single point of management. Similarly, a NE usually hides its internal organization from external entities. ForCES Protocol Element (PE) - A Forwarding Element or a Control Element. Logical Component û Components in the forwarding data path like filter, meter, forwarder, shaper etc. FE Model (FEM) û Organization of logical components in the Forwarding plane. 2. Introduction Network elements such as routers play an important role in transporting IP packets in the Internet. QoS aware router, policy based routing and middle-box functions such as firewall, NAT, proxies put heavy requirements on per-hop behavior treatment for IP packets. This complicates the network element. Routers have emerged from simple monolithic software to a distributed routing complex that interconnects different networks and distributes the routing and forwarding logic to line cards and control cards. A line card does basic forwarding function and a control card runs all the control and management functions. Forces [3][4] defines both architectural and protocol requirements for the communication between CE and FE. Forwarding and Control ElemenT (FACT) protocol addresses all the requirement of Forces protocol and is described in this document. 3. Protocol Overview Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 5] Internet Draft Forwarding and Control Element protocol June 2003 ForCES is a framework consisting of set of protocols and data structure representing the forwarding and control elements in the form of an extensible model [4][Error! Reference source not found.]. CEs handle control, signaling and management protocols, while FEs perform forwarding functions. CEs control the behavior of FEs in a master/slave fashion. FACT protocol is designed to communicate between FE and CE, and/or between CE and CE. Since CE-CE communication is outside the scope of Forces activity, we will not be discussing CE-CE communication in this document FACT protocol satisfies all the Forces protocol requirements. The FACT protocol is logically separated into base control protocol and logical components service functions. This is similar to SNMP where SNMP protocol provides a set of message to exchange messages between SNMP manager and agent(s) MIB is the actual payload communicated in the form of OID between them. Similarly FACT protocol has fixed header and a variable size payload field; the payload field carries data that may contain one of the following * Control packets which are received by FE through external ports Packets that are sent to the external egress port * Logical components details which are represented in FE Modeling draft [5] * Other configuration information required according to [3], [4] (a) Base control functions FACT protocol depends upon certain information to facilitate communication between FE and CE; this information is sent to either FE or CE by FE-Manager and CE-Manager [sec 9.2] components respectively. After the pre-association phase, FACT protocol provides mechanism that carries traffic between FE and CE components. This includes support for dynamic association, high availability, security, topology discovery of FE and CE, Control packet redirection etc. (b) Service specific functions Using base Forces protocol, any logical components inside the FE can be configured or managed. Examples of service specific functions in FACT protocol include messages on Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 6] Internet Draft Forwarding and Control Element protocol June 2003 capability, logical component configuration, port status, etc. FE modeling is flexible enough to allow any arbitrary queries. These queries can be encoded using simple TLVs, OIDs, or XML. FACT protocol is independent of type of encoding. FACT protocol supports different types of messages, including synchronous messages like simple request/reply, asynchronous messages to notify PEs of status changes, and transaction oriented synchronous messages that support 2 phase commit operations. The FACT protocol provides a notion of distributed IPC mechanism by providing support functions required for replication, high availability and fail-over support for the ForCES distributed network element environment. Some of the features can be configured through FE-Manager and CE-Managers for FEs and CEs respectively during the pre-association phase. 3.1.Independence from Interconnect The FACT protocol is independent of the Interconnect Layer. It makes no assumptions about the interconnect layer and uses interconnect independent addressing (FE Identifier, CE tag) in its common header. For non-IP Interconnects, an Interconnect specific encapsulation may have to be defined to carry the FACT messages. For IP Interconnects, FACT recommends using TCP/STCP as transport [see section 3.2]. 3.2.Reliability The FACT protocol recommends using a reliable transport protocol/mechanism, which will meet all the reliability requirements stated in [Reqs] Section 7 #6, for carrying all its messages. The use of a reliable transport simplifies the protocol design considerably. In case of IP networks, FACT recommends the use of TCP/SCTP as the transport protocol. This also makes the FACT protocol deployable in both single hop and multi-hop scenarios (for multi-hop scenario, [Reqs] mandates the use of RFC 2914 based transport i.e. TCP/SCTP). Using a reliable transport has the additional benefit of providing more options for the security mechanisms [section 8] for the FACT protocol. 3.3.Separate Control and Data channels The ForCES protocol is vulnerable to Denial of Service (DoS) attacks [Requirements Section 7 #15]. A malicious system in the network could flood the ForCES based Network Element with bogus control Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 7] Internet Draft Forwarding and Control Element protocol June 2003 packets such as bogus RIP or OSPF packets and disrupt the communication between the CEs and FEs. In order to protect against this situation, the FACT protocol introduces the concept of using separate control and data channels for communication between the CEs and FEs. The data channel would carry the control packets such as RIP, OSPF messages, outlined in Requirements Section 7 #10, which would be part of the packet redirection messages, between the CEs and FEs. All the other FACT messages required for configuration/capability exchanges, etc would be carried over the control channel. The data channel would be set up only after the control channel is set up and the capability exchange has successfully taken place between the FEs and CEs. The CE would signal the FE to establish the data channel at the appropriate time and provide it with the channel information, such as, port number in case of TCP/SCTP. By default, the data channel is established on control channel port number +1. The data channel would use the same reliable transport as the control channel. The reason for using reliable transport for the data channel is two fold. Firstly in case of DoS attacks, if an unreliable transport such as UDP is used for the data traffic, it might affect the control traffic flow in a bad way causing it to slow down. Secondly, the congestion control mechanisms of the reliable transport start kicking in, in case data traffic flow increases erratically because of DoS attacks. 3.4.Fail-Over Model FACT protocol supports FE and/or CE fail-over functions in order to support a high availability of the network element. All control or data messages exchanged between a CE and a FE are assigned a tag for identification purposes. The CE-SET is a list of CEs that reside within a Network Element (NE) as a cooperating unit. Likewise, the FE-SET is a list of FEs that reside in an NE as a cooperating unit. The following is a list of high-availability mechanisms, which can be supported by FACT protocol. Note this list is not exhaustive and is provided for illustrative purpose. (1) Strong Consistency: FE sends all asynchronous notifications/ control protocol packets to the primary and backup CEs in the CE set. Thus the FE helps keep the state on both the primary and backup CEs synchronized. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 8] Internet Draft Forwarding and Control Element protocol June 2003 (2) Weak Consistency (Fail-over): FE can communicate directly with the primary CE and if the primary CE fails, FE will start communicating with the backup CE. The selection of primary and backup CEs is done during pre-association phase. In all the above cases, CE (including primary and backup CEs) and FEs are pre-configured to perform such activities as part of pre- association phase. Also, note that other high-availability modes such as Load Sharing are also possible. 4. Message Overview FACT protocol messages are made up of two parts: the common header, and the message body or service payload part. This section describes the details of the common header and payload structure. 4.1. Protocol Message Header structure FACT protocol Header contains the following fields; some of the fields are optional and it is interpreted based on the Type. All these messages are based on TLV format and is conforms to network byte ordering. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| MsgCls|Msg-Type |P| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CE-Tag | FE-Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Transaction sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4.1.1. Version The version field contains the version of the FACT protocol supported by the implementation. The current supported version is : value 0x01 A node upgraded to a newer version SHOULD support the older versions used on other nodes it is communicating with. 4.1.2. Message Classes and Types The messages can be grouped into classes, with each class consisting Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 9] Internet Draft Forwarding and Control Element protocol June 2003 of a set of related message types. In the following, ôPEö stands for Protocol Element and represents a CE or a FE in a network element. The valid message classes are: Message Class: 4 bits (unsigned integer) 0 Reserved 1 PE Connection and association (CA) Messages 2 Capabilities Control (CAPCO) Messages 3 PE State Maintenance (PESM ) Message 4 PE Traffic Maintenance (PETM) Messages 5 Event Notification (EN) Messages 6 Vendor Specific (VS) Messages 7-15 Reserved by IETF The message types for the defined message classes are as follows: Message Type for Connection and Association (CA) Message Class 0 Reserved 1 Join Request 2 Join Response 3 Leave Request 4 Leave Response 5-127 Reserved by IETF Message Type for Capabilities Control (CAPCO) Message Class 0 Reserved 1 Capabilities Request 2 Capabilities Response 3 Configure Logic Components Request 4 Configure Logic Components Response. 5 Topology Request 6 Topology Response 7 Query Request 8 Query Response 9-127 Reserved by IETF Message Types for PE State Maintenance (PESM) Message Class 0 Reserved 1 PE Up 2 PE Up Ack 3 PE Down 4 PE Down Ack 5 PE Active 6 PE Inactive Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 10] Internet Draft Forwarding and Control Element protocol June 2003 7 PE Active ACK 8 PE Inactive ACK 9 Heartbeat 10 Heartbeat Ack 11-127 Reserved by IETF Message Types for PE Traffic Maintenance (PETM) Message Class 0 Reserved 1 Control Packet Redirect 2 Control Packet Forward 3 Control Packet Forward Acknowledgement 5-127 Reserved by IETF Message Types for Event Notification (EN) Message Class 0 Reserved 1 Event Register 2 Event Register Acknowledgement 3 Event De-register 4 Event De-register Acknowledgement 5 Asynchronous EE Event Notification 9-127 Reserved by IETF Message Types for Vendor Specific Function (VSF) Message Class 0 Reserved 1 VS-Data Request 2 VS-Data Ack 3-127 Reserved for other vendor specific messages Vendor specific function types interpretation is beyond the scope of this protocol. 4.1.3. Length The Message Length denotes the length of the message in octets, including the Message Header. 4.1.4. CE Tag During a pre-association phase, CEs can be configured using CE- Manager component. In a network element, there may be many CEs; one or more CEs can be grouped together to form a CE-set. A CE-set is unique in one network element and is identified by an 8-bit number. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 11] Internet Draft Forwarding and Control Element protocol June 2003 To identify a CE inside a CE-set, the CE identifier is used which is also an 8-bit field. Figure 1 shows the CE-Tag fields, CE-Tag is a 16-bit integer which has two portions, the higher order 8-bit describes the CE-set number, and the lower 8-bit describes the CE-identification number. The main advantage of having such naming is to uniquely identify the Communicating elements and their logical association inside a network element. This field is mandatory for all message types. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CE-Set Number | CE-Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1 CE-Tag fields 4.1.5. FE Identifier This is a 16-bit field to uniquely identify the FE in one network element. The main advantage is that FE or CE may use different interconnect technologies, they can be identified by using the address itself (for example, portions of IP address or MAC address etc). This unique naming scheme helps to manage the CEs and FEs together and support some features, which are required for back-up recovery, configuration update process, and high availability support. This identifier is always present in all type of messages. 4.1.6. Priority (P) Bits If this bit is set then the message should be treated as a high- priority message by the receiving end-point. If this is set to zero then the message is of normal priority. 4.1.7. Transaction Sequence Number (TSN) This 32-bit field uniquely identifies the transaction between the FE and CE. When a request is made by one endpoint (say CE) it generates TSN number that is sent in the request message; the other endpoint (Say FE) can copy this same TSN number in its reply message. 4.2. Service Data or Payload Structure FACT protocol messages consist of the Common Message Header described in the previous section, followed by zero or more variable length parameters, as defined by the message type. This constitutes the Payload or Service Data. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 12] Internet Draft Forwarding and Control Element protocol June 2003 Examples of the service data are the following: (1) Logical component configuration (2) Logical component statistics (3) Logical component status and events (4) FE capabilities and topology information (5) Control protocol packets The variable length parameters in the payload are defined in a Tag- Length-Value (TLV) format as shown below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Parameter Tag | Parameter Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Parameter Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Mandatory parameters MUST be placed before optional parameters in a message. Parameter Tag: 16 bits (unsigned integer) The Tag field is a 16-bit unique identifier of the type of the parameter. It takes a value of 0 to 65534. Appendix-1 lists all used values of the Tag and related messages. The value of 65535 is reserved for IETF-defined extensions. Values other than those defined in specific parameter description are reserved for use by the IETF. Parameter Length: 16 bits (unsigned integer) The Parameter Length field contains the size of the parameter in bytes, including the Parameter Tag, Parameter Length, and Parameter Value fields. The Parameter Length does not include any padding bytes. Parameter Value: variable-length The Parameter Value field contains the actual information to be transferred in the parameter. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 13] Internet Draft Forwarding and Control Element protocol June 2003 The total length of a parameter (including Tag, Parameter Length and Value fields) MUST be a multiple of 4 bytes. If the length of the parameter is not a multiple of 4 bytes, the sender pads the parameter at the end (i.e., after the Parameter Value field) with all zero bytes. The length of the padding is NOT included in the parameter length field. A sender SHOULD NEVER pad with more than 3 bytes. The receiver MUST ignore the padding bytes. 5. FACT Messages This section defines the messages and their parameter contents. 5.1. Association and Connection (CA) Messages 5.1.1. Join Request After the pre-association phase [9.2], the FEs can join or leave any CE in a CE-set. A FE uses the Join Request message to initiate association with a CE-set. The message will contain the requesterÆs identity that was configured during pre-association. After a successful join process, FEs can report their capabilities to the CE. At a given point, CEs from one CE set can communicate with a FE. FE has to know which CEÆs request it can accept. This information is configured during the pre-association phase. FE uses this CE-list to send the join request. It first tries one of the CEÆs in the list and if it not successful, it tries the next CE in the list. If all of the CEs in the list are tried without success, the FE should start over again until Retry timer expires. The format of the JOIN Message payload is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x10) | Length (8) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2 Join request Address: The IP Address or interconnect dependant unique address of the FE. The tag value determines whether it is the IPv4 or IPv6 or some other type of address. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 14] Internet Draft Forwarding and Control Element protocol June 2003 5.1.2. Join Response CE after receiving a join request message performs the following operations. (1) Checks the FE association ID (FE identifier) in the request message and if it equals zero, then the CE generates a unique identifier for that FE and allocates resources for its attributes. (2) If the FE association ID (FE identifier) field is not zero, then the CE checks up its previously stored configuration for that FE. If it has any, it will use that to configure the FE in subsequent messages. This is warm restart operation. (3) If the CE needs to reject the join request for some reason, it sends a Leave Response Message as indicated later. After a successful JOIN operation, the CE should initiate the next phase of the association establishment process by querying the FE for its capabilities, its topologies, etc, and then configuring the FE for the functions it is to perform in the NE. The format for the JOIN RESPONSE message payload is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x11) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FE identifier | FE Behavior | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Heartbeat Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Association Expiry Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FE Behavior Expiry Timer (optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ FE Behavior: This defines the FE behavior when all the CEs are down. A value of 1 indicates that the FE should continue forwarding packets, a value of 2 indicates that FE should stop forwarding packets when CEs are down. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 15] Internet Draft Forwarding and Control Element protocol June 2003 Heartbeat Interval: This gives the time interval for the heartbeat messages sent from the CE to the FE in milliseconds. Association Expiry Timer: This gives the timer value in milliseconds after which if the FE does not receive any heartbeat messages from the CE it should consider the association with the CE to have expired (CE down). This can be a multiple of the heartbeat interval. FE Behavior Expiry Timer: This is an optional timer value, which applies in case the FE behavior is to continue forwarding packets when CEs are down. This value indicates the time in seconds for which the FE should continue forwarding packets without associations with any CEs. 5.1.3. Leave Request The FE can leave by sending Leave request to CE. The CEÆs upon receiving such request releases the associated resources assigned for the FE. Similarly CE can also send a leave request to other CEÆs in the CE-set and receiving CEÆs releases the associated resources assigned for the CEÆs. The LEAVE message contains the following parameters: Reason Info String (optional) The format for the LEAVE Message parameters is same as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xa) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reason | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x4) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > INFO String* < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The format and description of the optional Info String parameter is the same as for the PE Up message (See Section 4.3.2.1.). The reason parameter indicates the reason the PE is leaving the NE. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 16] Internet Draft Forwarding and Control Element protocol June 2003 Valid values are as follows: Value Description 0x1 Management Inhibit (Manual Removal) 0x2 Invalid NE group 0x3 FE or CE not ready 0x4 Max number of FEs reached (for leave response only) 0x5 Physical Layer fault 0x6 Fail-over switching (refer to Section 7.3) Note: Message 0x3 if generated by CE means CE is not ready. If generated by FE means FE is not ready. The optional INFO String parameter can be any meaningful 8-bit character string, up to 255 characters in length. This may be used for debugging purposes 5.1.4. Leave Response When a FE is leaving the CE generate an acknowledgment to the FE. IF a CE is leaving one of the CEÆs in the CE-set will generate a response to the leaving CE. Note that CE-CE communication is currently out of scope. If a CE needs to reject a join request from a FE for some reason, it sends a Leave Response Message to the FE as well (Refer to Section 5.1.2). The LEAVE Response message contains the following parameters: Reason Info String (optional) The format for the LEAVE Message parameters is same as in LEAVE Request message (See 5.1.3). 5.2.Capabilities Control (CAPCO) Messages This is the next phase of the JOIN process. After a FE has been successfully accepted into a CE-SET, the CE initiates the next phase of the association establishment process by querying the FE for its capabilities, its topologies, etc, and then configuring the FE for the functions it is to perform in the NE. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 17] Internet Draft Forwarding and Control Element protocol June 2003 5.2.1. Capabilities Request FE may have one or more logical components on the forwarding plane like meter, shaper, egress port etc. CE may configure or query these components and their status at any time. In order to do this, CE needs to know the logical components placement and sequence in the forwarding data path. FE Model [5] describes the arrangement and the relationship of those components. For understanding purposes, we provide the following summary: A FE identifier identifies FE; FE may contain one or more parallel data path(s). On each parallel data path, there may be one or more logical components and each one is connected to another either in series or in parallel fashion. The logical component is uniquely identified by a number. Examples of logical components are filter, shaper, egress port etc. 5.2.2. Capabilities Response This is used by the FE to report its capabilities to the CE as per CEÆs request. This message structure might change depending on the FE Model [5]. The format for the Capability Response is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x1b) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Port Info < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical Component Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Logical Component Info < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The format for the Port Info is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port ID | Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 18] Internet Draft Forwarding and Control Element protocol June 2003 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port Speed | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The format for the Logical Component Info is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | Logical Component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical Component Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DownStream L.Comp. Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DownStream L.Comp. Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . | DownStream L.Comp. Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 5.2.3. Configure Logic Components Request This message is used by the CE to configure the FE. The FE consists of functional or logic elements that could be configured to achieve a desired behavior of the FE in the network. Some configurable attributes of the FE include: 1) parameters of a logic elementÆs logic function 2) Port attributes (direction, bandwidth,..) 3) routing table functions 4) High Touch functions 5) Off-Load functions 6) Filter functions. The CE might also have received a command (either through CLI or through SNMP etc) to setup some tunnels or path or some configuration. This may sometimes involve configuring more than one FE. For example, packet may come through one line card and leave through another. In this situation, CE has to configure both FEsÆ logical components. If one of the logical components fails, it has to perform rollback operation and issue a command failure notification to the management station or CLI or SNMP etc. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 19] Internet Draft Forwarding and Control Element protocol June 2003 This operation is called 2-phase commit. To perform this, CE sends series of commands to each FE with command bundling bit set. Each FE after receiving the command will have to save the current configuration and check whether it can program the requested configuration. A status message should be sent back to the CE. Once CE receives all the status messages, it can then send an execute command with same transaction sequence number, signaling the FEs to now switch to the new configuration. Command bundling refers to the ability to send an ordered set of commands to the FE. FACT supports command bundling via multiple TLVs in its payload as described in section 4.2. Each command is formatted as a TLV structure shown below, and multiple commands are sent to the FE in a single CLC Request message. The format of the Configure Logic command is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x1c) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | C-Operation| Configuration Command | reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical Component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Command Data < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ C-Operation: FEÆs and CEÆs may engage in two-phase commit operation. This field provides the stage of such transaction. 0x00 - Command is single operation 0x01 û This command is a two-phase operation, FE needs to save the previous state if rollback operation may be performed later by FE. 0x10 û Rollback to the previous state. 0x11 û Execute and complete the command. During this operation the TSN value is same and used to identify the transaction. The same CE should generate this TSN otherwise, FE will treat this as different query from other CE. Configuration command: This field defines the command type. The valid values for this field are Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 20] Internet Draft Forwarding and Control Element protocol June 2003 0 Reserved 1 NULL 2 Add 3 Update 4 Delete 5 Delete All (Flush or Purge) Logical Component Handle: This field defines the logical component handle or identifier for which this command is being issued. Command Data: This is the variable length configuration data for the logical component. This can be encapsulated using TLV or OID or XML formats. 5.2.4. Configure Logic Components Response This is sent by the FE to CE to acknowledge Logic Components configuration as requested by CE. The format of the Configure Logic Response is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x1d) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | C-Operation| Configuration Command | G.Result | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical Component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Command Result < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The response contains the information from the command, but with ôGlobal Resultö field filled in to indicate success or failure. Result Value Meaning CONFIG-OK 0x0 Success CONFIG-BADCMD 0x1 Bad or unsupported configuration command. CONFIG-BADPRM 0x2 Bad configuration parameter. Logical Component Handle: This field defines the logical component handle or identifier for which this command is being issued. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 21] Internet Draft Forwarding and Control Element protocol June 2003 Command Result: This is the variable length configuration result for the logical component. This can be encapsulated using TLV or OID or XML formats. 5.2.5. Topology Request CE wants to know how each FE is connected or configured during the pre-association phase. This may be used by the CE to control and configure the different FEs correctly. 5.2.6. Topology Response This message is sent from the FE to CE in response to the Topology Request. It provides the CE with the topology information of how the FEs are connected to each other. The format for the Topology Response is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x1e) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Topology Info < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The format of the topology Info is as follows: It consists of the list of FEs (FE Addresses) directly connected to the communicating FE. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | #of neighbor FEs | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FE1 ADDRESS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FE2 ADDRESS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . | FEN ADDRESS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 22] Internet Draft Forwarding and Control Element protocol June 2003 5.2.7.Query Request CE may be interested in querying the properties of Logical Components or collecting statistical information from FE, including that of its logical components. In this case, a CE sends a Query Request Message to a FE and expects a Query Response Message from it. The format for the Query Request Message parameters is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x13) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type of Info | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Query Specific Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical component Handle2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ : : | Logical component HandleN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ There can be multiple logical component IDs in one message. The number of IDs is derived from the Length field. Valid values of the Info Type are: GEN-STATS (0x0) û General Statistics PORT-STATS (0x1) û Port Statistics LINK-STATS (0x2) û Link Statistics LComp-STATS (0x3) û Logical Component Statistics LComp-PROPS (0x4) û Logical Component Properties PORT-PROPS (0x5) û Port Properties Query Specific Data: This is query specific data, which can be in encapsulated as TLV or OID or XML. 5.2.8.Query Response Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 23] Internet Draft Forwarding and Control Element protocol June 2003 After receiving a Query Request Message, a FE replies with the Query Response Message. The format of the Query Response Message is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x14) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Info Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Logical component Data < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Logical Component data is encapsulated similar to the query specific data in the respective format. 5.2.9.Error TLV The Error TLV is used to notify the CE or FE of an error associated with an incoming synchronous Request message. For example, the message might be unexpected, given the current state, or a parameter value might be invalid. This Error TLV can be part of Join Response, Leave Response, Capability Response, Topology Response, Configure LC Response, Query Response, etc. The format of the Error TLV is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xc) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Error Code parameter indicates the reason for the error. Possible error parameter values include: INV-PROT (0x01) - Invalid Protocol Version INV-ASSOC (0x02) û Invalid Association ID BAD-MSGCLS (0x03) û Unsupported message class BAD-MSGTYP (0x04) û Unsupported message type UNEX-MSG (0x05) û Unexpected message PROT-ERROR (0x06) û Protocol Error TWOPHASE-ERR (0x07) û Could not complete two-phase command Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 24] Internet Draft Forwarding and Control Element protocol June 2003 COMM-FAIL (0x08) û Communication lost between CE and FE BAD-TRAF-MODE (0x09) û Unsupported Traffic Mode 5.3. PE Maintenance Messages 5.3.1.Protocol Element UP (PEUP) The UP message is sent by a PE to indicate to its master (or slave) that it is UP (in-service) and ready to be used. The format of the PEUP message is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xb) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > INFO String* < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The UP message contains the following parameters INFO String (Optional) The optional Info String parameter can be any meaningful 8-bit character string, up to 255 characters in length. 5.3.2. Protocol Element Up Acknowledge The PEUP Acknowledgement message is used to acknowledge a PE-Up message received from a remote PE slave or master peer. The PEUP Acknowledgement message contains the following parameters: INFO String (Optional) The format for the PEUP Acknowledgement message is the same as in PE UP Message. 5.3.3. Protocol Element Active (PEACT) The ACT message is sent by a controlling CE to ask its slave FE to go ACTIVE and start handling traffic. The FE must be UP and must Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 25] Internet Draft Forwarding and Control Element protocol June 2003 have sent the PEUP message to the CE. This message is used to trigger the establishment of the data channel between the FE and CE. The ACT message contains the following parameters Traffic Mode Type (Optional) INFO String (Optional) Data Channel Info (Optional) The format for the ACT message payload Is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xb) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | reserved | Traffic Mode Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x4) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > INFO String* < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x4) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Data Channel Info < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Traffic Mode Type parameter identifies the failover mode of the FE within an NE. The valid values for Type are shown in the following table: Value Description 0x1 Over-ride-strong-consistency 0x2 Over-ride-weak-consistency 0x3 Other Within a particular Association Identifier, only one Traffic Mode Type can be used. The Over-ride value indicates that the CE is over- riding the current failover mode of the FE. For example, the primary CE can change the failover mode from Strong-consistency to weak- consistency in order to update some software on the Standby CE. The optional Info String parameter can be any meaningful 8-bit character string, up to 255 characters in length. The optional Data Channel Info can contain any information relevant to establish the data channel such as the port number. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 26] Internet Draft Forwarding and Control Element protocol June 2003 5.3.4. Protocol Element Active Acknowledgement (PEACT-ACK) The ACT Acknowledgement message is used to acknowledge a PE-Active message received from a remote CE master. The ACT Acknowledgement message contains the following parameters: INFO String (Optional) The format for the ACT Acknowledgement message is the same as in PE Active Message (See 5.3.3) 5.3.5. Protocol Element Inactive (PEINACT) The INACT message is sent by a controlling CE to ask its slave FE to go IN ACTIVE and stop handling traffic. After receiving this message, the FE shuts down the Data channel with the CE. The INACT message contains the following parameters Traffic Mode Type (Optional) INFO String (Optional) The format for the CE/FE Inactive message parameters is as shown for FE/CE Active Message(See 5.3.3) 5.3.6. Protocol Element Inactive Acknowledgement (PEINACT-ACK) The INACT Acknowledgement message is used to acknowledge a PE- Inactive message received from a remote CE master. The INACT-ACK message contains the following parameters: INFO String (Optional) The format for the FE or CE Inactive Acknowledgement message parameters is same as CE or FE Active Message (See 5.3.3) 5.3.7. Protocol Element Down (PEDOWN) Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 27] Internet Draft Forwarding and Control Element protocol June 2003 Due to failure or maintenance operation, FE can send this DOWN message to its primary CE. Upon receiving this request, primary CE may reassign the responsibility to other FEÆs (if possible). Similarly CE in a CE-set can generate the same message to all other CEÆs in the same CE-set. The DOWN message contains the following parameters: Reason - (Mandatory) reason for going down Info String û (Optional) information to augment reason The format for the DOWN Message is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xc) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reason | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x4) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > INFO String* < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The reason parameter indicates the reason the PE is leaving the NE. Valid values are as follows: Value Description 0x1 Management Inhibit (Manual Removal) 0x2 Device Fault The format and description of the optional Info String parameter is the same as for the PE Up message (See Section 5.3.1.). 5.3.8. Protocol Element Down Ack (PEDN-ACK) The PEDN-ACK message is used by the primary CE to acknowledge the PEDN message sent by the outgoing PE. The format of this message is the same as for the PEDN message. The DOWN ACK message contains the following parameters: Reason - (Mandatory) reason for going down Info String û (Optional) information to augment reason The format for the DOWN ACK Message is same as for DOWN message. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 28] Internet Draft Forwarding and Control Element protocol June 2003 5.3.9. Heartbeat (or Health check) CE periodically polls each FE to ensure that it is operational. A CE starts generating these messages after the PE Active message has been sent to the FE. The timers for these messages are configurable during pre-configuration and can be different for the active and standby CEs. The heartbeat interval for a standby CE can be much larger than that of the active CE. An optional Heartbeat Data parameter may be sent in the heart beat message. Its contents are defined by the sending node. The Heartbeat Data could include, for example, a Heartbeat Sequence Number and, or Timestamp. The receiver of a Heartbeat message does not process this field as it is only of significance to the sender. The receiver MUST respond with a Heartbeat Acknowledgement message. The format for the Heartbeat Message is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x9) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Heartbeat Data < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 5.3.10. Heartbeat Acknowledgement (HB-ACK) After verifying the CE-Tag, FE simply echoÆs the original heartbeat message. 5.4. PE Traffic Maintenance (PETM) Messages These messages are sent over the data channel. The data channel is established after the PE Active message is sent from the CE to FE. 5.4.1. Control Packet Redirect to CE When a Router receives both control and data packets through a physical port, any of the following scenarios may occur: (a) Forwarding blade receives IP packet that is not destined for it; these packets are forwarded to the CE by the forwarding plane component. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 29] Internet Draft Forwarding and Control Element protocol June 2003 (b) Forwarding blade receives IP packet that is destined for it. These packets are not forwarded to the Control plane; rather they are processed by the forwarding plane control logic (stack in the forwarding plane). Example of such packet is ping request. (c) Forwarding blade receives IP packets that may be routing protocol packets or packets which cannot be processed by the stack in the line card. Such packets have to be forwarded to the control plane by the FE. The format of the Control Packet Redirect is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xe) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Port ID on which packet arrived | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xe) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Control Packet < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Control Packet: The control packet that the network element received through a particular IP interface. 5.4.2. Control Packet Forwarding to FE CE may generate a packet and want FE to forward that packet through a particular or multiple egress port(s). Examples of such packets are routing protocol updates, discoveries, etc. Before generating such request, CE has to know the FEÆs logical components and the list of available port and the configuration status. (reference snapshot of Logical components ) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xf) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress Port ID through which to forward packet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x30) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 30] Internet Draft Forwarding and Control Element protocol June 2003 > Packet to be forwarded < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Packet to be forwarded is preceded by the egress port through which the packet must be forwarded by the FE. To forward to multiple egress ports (such as multicast), the format is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x2f) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Start Egress Port ID1 through which to forward packet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | End Egress Port ID1 through which to forward packet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > .. < | Start Egress Port IDn through which to forward packet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | End Egress Port IDn through which to forward packet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x30) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Packet to be forwarded < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 5.4.3. Control Packet Forwarding Acknowledgement This is used by the FE to acknowledge the Control Packet Forwarding Request initiated by the CE. The format of this message is the same as for the Control Packet Forwarding Request message. 5.5. Event Notification Messages Various events in the data path can be monitored for by the FE and reported to the CE. The CE must first inform the FE which of these events it is interested in through a registration process. 5.5.1. Event Register Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 31] Internet Draft Forwarding and Control Element protocol June 2003 This is sent by the CE to the FE to request that FE notify the CE when the indicated events occur on the FE. The format of the payload is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0xe) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Event Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Event Specific Data < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Event Type is the type of the event to report. Valid values are as follows: NO-EVENTS (0x0) û No Events reported PKT-EVENTS (0x1) û Packet events PORT-EVENTS (0x2) - Port Events LINK-EVENTS (0x3) û Link related events GFE-EVENTS (0x4) û Generic FE events RSRC-USAGE (0x5) û System Specific levels LC-EVENTS (0x6) û Logical Component events ALL-EVENTS (0x8) û All events reported Event Specific Data: This is the variable length event specific data, which can be encapsulated using TLV or OID or XML formats. For example, this could be used to specify what packets should be redirected to the CE. This may also be a regular expression. 5.5.2. Event Register Acknowledgement This is used by the FE to acknowledge CEÆs event registration request. The format of this payload is same as in the Event Register Request. 5.5.3. Event De-Register This is sent by the CE to the FE to indicate that it no longer is interested in receiving notifies for the events indicated in message. The format of this payload is same as in the Event Register Request. 5.5.4. Event De-Register Acknowledgement The FE sends this message to the CE to acknowledge CEÆs request not get any more notifies for events indicated in message. The format for this payload is same as in the Event Register Request. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 32] Internet Draft Forwarding and Control Element protocol June 2003 5.5.5. Asynchronous EE Event Notification This is used to report asynchronous events occurring in the FE. These could be overall FE errors, Port/Link errors or Logical Component specific events. The message contains the following: Event Type û same as that defined for Event Register Event ID Logical Component Handle Diagnostic Info - this describes the event in more detail. The format of the GFENTFY is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x1e) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Event Type | Event ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Logical Component Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x7) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Diagnostic Info < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Valid values of the Event ID are as follows: CPU-USAGE (0x1) û CPU usage more than 75% of capacity FE-ERROR (0x2) û FE in non-catastrophic error state PORT-DOWN (0x3) û Port is down. PORT-UP (0x4) û Port is up. PORT-ERROR (0x5) - Port is in non-catastrophic error state LINK-DOWN (0x6) û Link attached to port is down; port is up. LINK-UP (0x7) û Link attached to port is up; port is up. LINK-ERROR (0x8) û Link attached to port is in error state. PRI-CE-DOWN (0x9) û Primary CE has gone DOWN. PRI-CE-DOWN (0xa) û Other LC specific. 5.6.Vendor Specific Function Message Handling This allows extensions to the FE functions so that new, currently unknown FE functionality (outside of those already specified) can be expressed. These messages will be transported transparently by the FACT protocol. Interpretation of the transported messages will be Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 33] Internet Draft Forwarding and Control Element protocol June 2003 left solely to the application layers sitting on FACT in the CE and FE. 5.6.1. Vendor Specific Data (VS-DATA Request) Separated PEs may use this message to pass any information that is not to be consumed by FACT to each other. This message is not destined outside the involved PEs either. Application layers sitting on top of the FACT protocol layer can exchange information with this message between PEs. An example is the SNMP management layer making use of this message to perform necessary duties. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag (0x30) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > Data to be transported < +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ As this message is opaque to FACT, the content is vendor-specific. FACT does not parse the content of this message. 5.6.2. Vendor Specific Data Ack (VS-Data Ack) This is used by the PE that receives an Inter-PE communication message to acknowledge the reception to the original sender. The format of this message is same as for VS-DATA Request. 6. Procedures for FACT Protocol 6.1.CE and FE State Maintenance FACT layer on the CE needs to maintain the states of the FEs it communicates with. Likewise, the FACT layer on the FE needs to maintain the states of the CEs the FE communicates with. The state of the (logical) NE also needs to be maintained. Since the NE is comprised of CEs and FEs, the NE state will be determined by the states of the contained FE and CE elements. Figure 6.1 below shows a hypothetical NE with its set of CEs and FEs Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 34] Internet Draft Forwarding and Control Element protocol June 2003 |--------------------------------------------| | NE | | |------| |-------| | | | CE1 | | CE2 | | | |(active)| |(standby)| | | |------| |-------| | | ^ ^ ^ ^ | | | | | | | | | \-----| |-------/ | | | | |-------|-/ |---------/ | | v v v v | | |------| |-----| |-----| |-----| | | | FE1 | | FE2 | | FE3 | | FE4 | | | |(act) |--->|(act)| (standby) (standby) | | |------| |-----| |-----| |-----| | | ^ | | | | | | |---|------------|---------------------------| | v Figure 2. Showing logical NE and its components 6.1.1.CE and FE States The state of each configured FE and CE is maintained by the FACT layer. The state of each CE or FE element can change due to the following events: . Reception of management messages by CE. . Reception of management messages by FE. . Reception of control messages by FE from CE. . Loss of communication between CE and FE (e.g. due to faults). The CE and FE state transition diagram is shown in fig 3. +-------------+ +---------------------| | | Alternate +-------| PE-ACTIVE | | PE | +-------------+ | Takeover | ^ | | | CE/FE | | CE/FE | | Active | | Inactive | | | v Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 35] Internet Draft Forwarding and Control Element protocol June 2003 | | +-------------+ | | | | | +------>| PE-INACT | | +-------------+ | ^ | CE/FE Down/ | CE/FE | | CE/FE Down / CE-FE COMM | Up | | CE-FE COMM FAIL FAIL | | v | +-------------+ +-------------------->| | | PE-DOWN | +-------------+ Figure 3. CE and FE State Transition Diagram The possible states of a protocol element (CE or FE) are: PE-DOWN: CE or FE is unavailable for service and/or the related CE-FE association is down. Initially, all CEs and FEs will be in this state. A CE or FE in this state should not be sent any traffic messages. PE-INACTIVE: The CE or FE is available for service and the related CE-FE association is up, but application traffic is stopped (the CE Or FE could be in a standby state for example). In this state, the CE or FE involved can be sent management, control, and non-traffic related messages. PE-ACTIVE: The CE or FE is available, and actively carrying application traffic. 6.1.2.NE States It may be necessary to track the state of the NE itself. Since the NE consists of distributed CEs and FEs, the state of the NE will be dependent on the states of its CEs and FEs. The state of the NE is maintained by FACT in both FE and CE. The state of an NE can be changed due to events including: . CE or FE state transitions . Recovery timer triggers The possible states of a NE are as follows: Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 36] Internet Draft Forwarding and Control Element protocol June 2003 NE-DOWN: The network element is not available for service. This implies all related CEs and FEs are in the PE-DOWN state. Initially, the NE will be in this state. NE-INACTIVE: The network element is available but no application traffic is active. Here, one or more protocol elements (CE or FE) are in the PE-INACTIVE state, but none in the PE-ACTIVE state. Also, the recovery timer is not running, or has expired. This may be the state of standby NE if redundancy is provided at logical NE level. NE-ACTIVE: The network element is available and it is carrying application traffic. This implies that at least, one CE-FE communicating pair is in PE-ACTIVE state. NE-PENDING: An active CE or FE has transitioned into inactive or down state, and it was the last remaining active CE or FE in the NE. A recovery timer T(r), will be started, and the source FE or CE will queue up messages meant for the inactive target. If another target CE or FE becomes active (depending on which went inactive), before T(r) expires, the queued up messages are directed to the newly active CE or FE, and T(r) timer is cancelled. In this case, NE will move back to the NE-ACTIVE state. However, if T(r) expires before an alternate CE or FE becomes active, the queued up messages are discarded, and the NE will move to NE-DOWN state. +----------+ one PE goes ACTIVE +-------------+ | |------------------------>| | | NE-INACT | | NE-ACTIVE | | | | | | |< | | +----------+ \ +-------------+ ^ | \ Tr fires; ^ | | | \ at least one | | | | \ PE is UP | | | | \ | | | | \ | | | | \ | | one PE | | \ one PE | | Last ACTIVE PE goes | | all PEs \------\ goes to | | goes INACT to | | go DOWN \ ACTIVE | | or DOWN INACT | | \ | | (start Tr timer) | | \ | | | | \ | | | | \ | | | v \ | v +----------+ \ +-------------+ | | -| | | NE-DOWN | | NE-PENDING | Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 37] Internet Draft Forwarding and Control Element protocol June 2003 | | | (queueing) | | |<------------------------| | +----------+ Tr Expiry and all +-------------+ PEs in DOWN state Tr = Recovery Timer Figure 3: NE State Transition Diagram 6.2.State Maintenance Procedures Before the establishment of a CE-FE association, the CE must be in- service and active but the FE is Down. Local management (CE Manager or FE Manager) can be used to effect appropriate state transitions of CEs and FEs. 6.2.1.Protocol Element Up After an FE has successfully established an association with a CE, the FE sends a PE-UP message to indicate to the CE that it has finished all its internal configuration and is available. When the CE gets the PE-UP message, and the FE is not locked out for local management reasons, FACT at the CE will mark the FE as UP but ôInactiveö. The CE responds with a PE-UP Ack message in acknowledgement. If for any reason the CE cannot respond with a PE- UP, it will respond with a PE-DOWN Ack message with an appropriate reason parameter. The CE can also generate the PE-UP message. The last ACTIVE CE may have gone DOWN after establishing an association with a FE. In this case, the NE would first transition into the PENDING state for a duration of T(r ), and then to DOWN state. The first CE that transitions to UP state will send a PE-UP to the FE to notify it of its status, assuming the link between them is up. The FE will acknowledge with a PE-UP Ack. If the source PE does not receive a response from the target PE, or if a PE-DOWN Ack is received, source PE MAY resend PE-UP message until it receives a PE-UP Ack from the target. The default behavior is NO retransmission. 6.2.2.Protocol Element Down Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 38] Internet Draft Forwarding and Control Element protocol June 2003 The FE will send a PE-DOWN to the CE when the FE is to be removed from the list of FEs in an NE that it is a member of, that is eligible to receive application traffic or management messages. FACT at the CE marks the FE as ôDownö and returns a PE-DOWN Ack message to the FE if one of the following events occur: - a PE-DOWN message is received from the FE - another state message is received from an FE but the FE is locked out by management for some reason. The CE sends a PE-DOWN Ack message in response this message. If the FE does not receive a response from the CE, the FE MAY send PE-DOWN messages until it receives a PE-DOWN Ack message from the CE or the association goes down. The default behavior is NO retransmission. The CE may also send a PE-DOWN messaged to the FE. This occurs when the CE is about to be removed from service, and it is the ACTIVE CE. On getting this notification, the FE will respond with a PE-DOWN Ack, and stop sending any more messages to the out-going CE. The whole mechanism allows for a graceful removal of CEs or FEs. 6.2.3.Protocol Element ACTIVE Any time after the CE has sent a PE-UP Ack to the FE, the CE can send a PE-Active (PEACT) to the FE, to activate the FE to start processing traffic. When a PEACT message is received, the FE responds with a PEACT Ack message, after which it starts handling traffic messages. The FE establishes the Data channel with the CE after this message. The FE must wait for the PEACT message from the CE before handling traffic data. The CE only sends the PEACT message if it intends to transition the FE to ACTIVE state. 6.2.4. Protocol Element Inactive Any time after the CE has sent a PE-Active to the FE, the CE can send a PE-Inactive (PEINACT) to the FE, to command the FE to stop processing traffic. When a PEINACT message is received, the FE responds with a PEINACT Ack message, after which it stops handling traffic messages. The FE shuts down the Data channel with the CE after it receives this message. The FE must wait for another PEACT message from the CE before starting handling traffic again. The CE only sends the Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 39] Internet Draft Forwarding and Control Element protocol June 2003 PEINACT message if it intends to transition the FE to INACTIVE state. 7. Example Scenarios 7.1.Establishment of Association The associations among CEs and FEs are established via join request and response messages. If a join request is granted, a join response message is replied to the join request message. If a join request is denied, a Leave response message is replied to the join request message. This association process is followed by capability query, topology query. If the capabilities match, the FE sends a PE-UP message to the CE. CE responds with PE-UP Ack. According to the configuration, the CE can send a PE-ACTIVE to inform the FE to go active. FE acknowledges it with a PE-ACTIVE Ack to indicate it is ready to take traffic. The FE establishes the data channel with the CE after this. The sequences of messages are illustrated in the Figure below. FE CE | | | Join REQ | 1 |---------------------->| | | | Join RESP | 2 |<----------------------| | | | CAPABILITY Request | 3 |<----------------------| | | | CAPABILITY Response | 4 |---------------------->| | | | TOPOLOGY Request | 5 |<----------------------| | | | TOPOLOGY Response | 6 |---------------------->| | | | PE UP | 7 |---------------------->| | | | PE UP ACK | 8 |<----------------------| | | | PE ACT | Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 40] Internet Draft Forwarding and Control Element protocol June 2003 9|<----------------------| | | | PE-ACT ACK | 10|---------------------->| | | | Data channel Estb | 11|---------------------->| Figure 4: Association Establishment messages between CE and FE 7.2.Steady State Communication Once CE and FE establish their association and exchange initial configuration information, they enter a phase of steady state communication, with the following example messages exchanging. FE CE | | |Heart Beat | 1 |<--------------------->| | | |Heart Beat ACK | 2 |<--------------------->| | | | Query Request | 3 |<----------------------| | | | Query Response | 4 |---------------------->| | | |Port Event Notice | 5 |---------------------->| | | |Configure logic components Request 6 |<----------------------| | | |Configure logic components Response 7 |---------------------->| | | |Control Packet Redirect|(over data channel) 8 |---------------------->| | | Figure 5: Steady State communication between CE and FE When transferring forwarding information to FE, the CE uses the configure logical component message with a 16-bit length field indicating the number of bytes of configuration information. If the CE has a very large amount of database that exceeds 64K Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 41] Internet Draft Forwarding and Control Element protocol June 2003 bytes in length, it should send multiple configure logical component messages to complete the configuration. 7.3.CE Fail-over Scenarios As mentioned before, there are two modes of high-availability or Failover support provided by FACT protocol. This is configured during the pre-association phase [as described in section 9]. For both cases, the FE must establish association using FACT protocol [as described in section 7.1] with both the primary and standby CEs in the CE set. This association establishment includes the security associations described in section 8, also capability and topology discovery. This helps with fast failover since the FE does not need to re-establish any associations during failover. For strong consistency, the FE establishes the control and data channels with both CEs and forwards all asynchronous events and protocol control packets such as RIP, OSPF packets to both CEs. But only the primary CE configures and controls the FE, the standby CE uses the information provided by the FE to keep its state synchronized with the primary CE. When FE detects failure of primary CE it informs the standby CE using the asynchronous Event message. The standby CE can also obtain that information using some CE-to-CE protocol. In case of failure of the primary CE, the standby CE takes over the control of the FE. Note that in case of strong consistency, CE-to-CE protocol is not needed to keep the state in the primary and standby CEs synchronized. FE CE Primary CE Standby | | | | Asso Estb(Caps, topo) | | 1 |<--------------------->| | | | | | Asso Estb(Caps, topo exchange) | 2 |<----------------------|------------------->| | | | | data + control | | 3 |<--------------------->| | | | | | data + control|(HeartBeats only) | 4 |-----------------------|------------------->| | | | | FAILURE | | | | PRI-CE-DOWN | 5 |------------------------------------------->| | | | data + control | 6 |------------------------------------------->| Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 42] Internet Draft Forwarding and Control Element protocol June 2003 Figure 6: CE Failover for strong consistency mode For weak consistency, the FE establishes the control channel with both CEs but the data channel with only the primary CE. The only communication with the standby CE is the heartbeat exchange. The standby CE keeps it state synchronized using some CE-to-CE protocol. When FE detects failure of primary CE it informs the standby CE using the asynchronous Event message. In case of failure of the primary CE, the FE establishes the data channel with the standby CE which then takes over the control of the FE. Note that in both failover modes the FE does not need to store any state in order to synchronize the CEs. FE CE Primary CE Standby | | | | Asso Estb(Caps, topo)| | 1 |<--------------------->| | | | | | Asso Estb(Caps, topo exchange) | 2 |<----------------------|------------------->| | | | | data + control | | 3 |<--------------------->| | | | | | control|(HeartBeats only) | 4 |-----------------------|------------------->| | | | | FAILURE | | | | PRI-CE-DOWN | 5 |------------------------------------------->| | | | data + control | 6 |------------------------------------------->| Figure 7: CE Failover for weak consistency mode 8. Security Considerations If the CE or FE are in a single box and network operator is running under a secured environment then its upto the network administrator to turn off all the security functions. CE and FE when it comes up it reads the configurable parameters and accordingly it starts the FACT session. Whether FE and CE are in a single box or multiple-hop, rate limiter mechanism should be in place to defend against the CPU bound and Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 43] Internet Draft Forwarding and Control Element protocol June 2003 bandwidth (network) bound attacks. We recommend this for all security mechanisms. It is recommended that FACT endpoints use the same security mechanism either IPsec or TLS or no security across all its sessions within one NE. The choice of the security service and mechanisms depends upon the network design and network administrator. If the network administrator is not sure about his or her network security it is recommended to use FACT with TLS. 8.1.IPSec Usage with FACT When IPsec is used between CE and FE to secure communication, IPsec MUST implement [8][9] in transport mode with non-null encryption and authentication to provide integrity and confidentiality service. IKE [10] shall be used to perform peer authentication, negotiation of security association between CE and FE endpoints and may support following key management procedure [11]. IKE MUST support both main mode and aggressive mode and MUST have support to perform shared secret key and certificate-based peer authentication. When shared secret key is used for FACT endpoint authentication IKE aggressive mode should be used and when certificated based mechanism is used IKE main mode or aggressive mode may be used. For certificate based authentication mechanisms, IKE negotiator should use IKE certificate request payload to specify the CA that is trusted in accordance with its local policy. The local policies are configured during the pre-association phase. IKE should perform validation of certificate and perform certification revocation process as described in [12]. Once IKE SA is established between FACT endpoints, quick mode exchanges are used to negotiate protection for CE and FE and they must carry identity payload fields. [11] specifies several types of identification payload and must carry single IP address, non-zero port number and must not use the IP subnet or IP address range formats. We do not expect a situation where FE and/or CE to be multihomed therefore SCTP and TCP configuration is similar [13]. IPsec policy SHOULD be set for IPsec protection for inbound connections, and to initiate IPsec protection for outbound connections (when IKE is used in automatic mode). We recommend IKE with anti-replay protection between FACT endpoints. For manual keying, both need to be pre-configured during pre-association phase. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 44] Internet Draft Forwarding and Control Element protocol June 2003 If IPSec is used with manual keying, no anti-replay protection is available. IPsec must be used for all control channels and for data channel it is optional. 8.2.TLS Usage with FACT This section is applicable for the CE or FE endpoints that uses FACT with TLS [14][15] to secure communication. Since CE is master and FE's are slaves, the FE's are TLS clients and CE's are TLS server. FACT endpoints that implement TLS MUST perform mutual authentication during TLS session establishment process. CE must request certificate from FE and FE needs to pass the requested information. We recommend TLS_RSA_WITH_AES_128_CBC_SHA cipher suite, but CE or FE may negotiate other TLS cipher suites. TLS must be used for all control channels and for data channel it is optional. We recommend use of TLS with FACT to provide security. This is because IPsec provides less flexibility when configuring trust anchors since it is transparent to the application and use of Port identifiers is prohibited within IKE Phase 1. This provides restriction for IPsec to configure trust anchors for each application separately and policy configuration is common for all applications. 9. Architecture support for FACT protocol Pre-association phase is used to configure certain key attributes. FE-Manager and CE-Manager are responsible for providing that information. 9.1.Configurable parameters The following are the currently identified configurable parameters that can be done through FE-Manager and CE-Manager for FE and CEÆs respectively (1) Fail over configuration (Strong, Weak consistency) (2) Security protocol(none, IPSec, TLS) (3) Number of CE to which it has to communicate (4) Maximum number of CE (5) Timer for health check (6) Data format support(TLV, OID, XML) (7) Maximum numbers of FEs that each CE can support in a NE Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 45] Internet Draft Forwarding and Control Element protocol June 2003 10. IANA Considerations FACT protocol needs to have a well-defined TCP/SCTP port number which needs to be an IANA assigned number. 11. References 1. S. Bradner, "The Internet Standards Process -Revision 3", RFC 2026, October 1996. 2. S. Bradner, "Keywords for use in RFCs to Indicate Requirement Levels", RFC2119 (BCP), IETF, March 1997. 3. Khosravi, et. al., öRequirements for Separation of IP Control and Forwardingö, work in progress, February 2002,,IETF. 4. L. Yang, et. al, ö ForCES Architectural Frameworkö,work in progressö, June 2002, 5. L. Yang, et. al, ö ForCES Forwarding Element Functional Modelö, work in progressö, June 2002,< draft-yang-forces-model-00.txt> 6. Morneault, K,. Rengasami, S,. Kalla, M., and G. Sidebottom, "ISDN Q.921-User Adaptation Layer", RFC 3057, February 2001 7. J. Moy, "OSPF Version 2", RFC 2328, April 1998 8. Kent, S. and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998. 9. Kent, S. and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998. 10. Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998. 11. Piper, D., "The Internet IP Security Domain of Interpretation for ISAKMP", RFC 2407, November 1998. 12. Housley, R., Polk, W., Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. 13. Bellovin, S., "On the Use of SCTP with IPsec",draft-ietf-ipsec- sctp-06 (work in progress), April 2003. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 46] Internet Draft Forwarding and Control Element protocol June 2003 14. Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January 1999. 15. Jungmaier, A., Rescorla, E. and M. Tuexen, "Transport Layer Security over Stream Control Transmission Protocol", RFC 3436, December 2002. 12. Acknowledgments We would like to thank Man Li, Nokia Research Center for her suggestions and comments. We would also like to acknowledge Jing Qian from Alcatel for her help with Appendix 1. 13. Authors' Addresses Ram Gopal Nokia Research Center 5, Wayside Road, Burlington, MA 01803 Phone: 1-781-993-3685 Email: ram.gopal@nokia.com Alex Audu Alcatel R&I 1000 Coit Road Plano, TX 75075 Phone: 1-972-477-7809 Email: alex.audu@alcatel.com Chaoping Wu Azanda Network Devices 250 Santa Ana Court Sunnyvale, CA 94085 Phone: 1-408-720-3117 Email: chaoping_wu@yahoo.com Hormuzd Khosravi Intel 2111 NE 25th Avenue Hillsboro, OR 97124 Phone: 1-503-264-0334 Email: hormuzd.m.khosravi@intel.com Appendix-1: Tag (Hex) Values Used in FACT Messages +-----+--------------------+---------------------------------------+ Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 47] Internet Draft Forwarding and Control Element protocol June 2003 |Tag | Meaning | Messages | +-----+--------------------+---------------------------------------+ |0001 |Join Capability | Join Request | +-----+--------------------+---------------------------------------+ |0002 |Join Configuration | Join Response | +-----+--------------------+---------------------------------------+ |0003 |Leave Reason | Leave Request/Response | +-----+--------------------+---------------------------------------+ |0004 |Info String |Leave Req/Resp, PE (IN)ACT/ACK, PE DOWN/ACK | +-----+--------------------+---------------------------------------+ |0005 |FE Capabilities | Capability Response | +-----+--------------------+---------------------------------------+ |0006 |Config Compo Command| Configure Logic Components | +-----+--------------------+---------------------------------------+ |0007 |Config Compo Result | Configure Logic Components Response | +-----+--------------------+---------------------------------------+ |0008 |Topology Data | Topology Response | +-----+--------------------+---------------------------------------+ |0009 |Query Data | Query Request | +-----+--------------------+---------------------------------------+ |000A |Logical Compo Data | Query Response | +-----+--------------------+---------------------------------------+ |000B |Traffic Mode | PE (IN)ACT/ACK | +-----+--------------------+---------------------------------------+ |000C |Data Channel Info | PE ACT | +-----+--------------------+---------------------------------------+ |000D |Down Reason | PE DOWN/ACK | +-----+--------------------+---------------------------------------+ |000E |Heartbeat Data | Heartbeat/Heartbeat ACK | +-----+--------------------+---------------------------------------+ |000F |Port ID | CP Redirect, CP Forwarding/ACK | +-----+--------------------+---------------------------------------+ |0010 |Control Packet | CP Redirect, CP Forwarding/ACK | +-----+--------------------+---------------------------------------+ |0011 |Multiple Port Ranges| CP Forwarding/ACK | +-----+--------------------+---------------------------------------+ |0012 |Event Data | Event (De-)Register/ACK | +-----+--------------------+---------------------------------------+ |0013 | Diagnostic Info | Asynchronous EE Event Notification | +-----+--------------------+---------------------------------------+ |0014 |Event-Handle ID | Asynchronous EE Event Notification | +-----+--------------------+---------------------------------------+ |0015 |Error Code | Join, leave, Cap, Topo Response msgs | +-----+--------------------+---------------------------------------+ |0016 |Vendor Specific Data| VS-DATA Request/Ack | +-----+--------------------+---------------------------------------+ Appendix-2: Interfaces To Local Management Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 48] Internet Draft Forwarding and Control Element protocol June 2003 As part of any normal protocol operation, management interface either CLI or EMS or NMS or other suitable entity would like to send commands to either FE or CE. This section identifies minimal command set that may be required for such operation. This may be implemented by each vendor in various ways and is beyond the scope of ForCES protocol. This section describes the minimal message and how FE and CE may use FACT to inform the local management operation to each other. +----------------------+ (NMS or EMS act as CE) <--FACT---> CE (FEÆs w.r.to NMS)| | ^ | | | |Network Element | | FACT | | | | | | | | V | | FE . . . FE | +----------------------+ M-PE-STATUS The status of CEs and FEs are stored in and tracked by FACT. This primitive is used to request, confirm, and indicate the status of a PE (FE or CE) to local management. M-ASSOCIATION-STATUS This is used to request and indicate the status of the association between a CE and an FE. M-ERROR This is used to indicate an error with a received FACT message to local management. M-PE-UP This primitive can be used by local management to request that a PE be restored into in-service (UP) state by FACT. This could be triggered by a RESTORE request from the CLI (Command Line Interface) into Local Management. (CLI)-----Restore(COLD)--->(LM)----- M-PE-UP(COLD)--->(FACT) OR other possible configuration is +----------------------+ (NMS or EMS act as CE) <--FACT---> CE (FEÆs w.r.to NMS)| | ^ | | | | Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 49] Internet Draft Forwarding and Control Element protocol June 2003 | NE | FACT | | | | | | | | V | | FE . . . FE | +----------------------+ FACT can also use this primitive to indicate or acknowledge to local management (LM) that a PE is UP (with a M-PE-UP.indicate and M-PE-UP.confirm primitives respectively). Valid parameters to M-PE-UP.req are: COLD û initialize all attributes of PE during restore process. WARM û use previous attributes in memory to restore PE (assumes those Attributes have not been lost). CONFIG - Restore PE with new configuration attributes. M-PE-DOWN This can be used by local management to request that a PE be taken to the DOWN State. It could be triggered for example, by CLI sending a Remove request to the local management layer. (CLI) ----Remove(BOOT)--->(LM)----- M-PE-DOWN(BOOT) --->(FACT) FACT can in turn indicate a PE-DOWN event or confirm the DOWN request with a M-PE-DOWN.ind or M-PE-DOWN.con respectively. Valid parameters to M-PE-DOWN.req are: NO-BOOT û previous (static) contents in memory are preserved. BOOT û all previous contents in memory are zeroÆd out. CONFIG û previous configuration information between FE and CE are lost and new ones are being established. M-PE-ACTIVE This is used by FACT to inform local management that PE has gone ACTIVE. M-PE-INACTIVE This is used by FACT to inform local management that PE has gone INACTIVE. Gopal,Audu,Wu,Khosravi Expires December 2003 [Page 50]