Internet DRAFT - draft-allan-mpls-a-bit


 Internet Draft                                              David Allan
 Document: draft-allan-mpls-a-bit-00.txt                 Nortel Networks
 Category: Standards Track                                    April 2003

             The Case for the 'A' Bit in the MPLS and IP PID

 Status of this Memo

    This document is an Internet-Draft and is in full conformance with
    all provisions of Section 10 of RFC2026.

    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
    other groups may also distribute working documents as Internet-

    Internet-Drafts are draft documents valid for a maximum of six
    months and may be updated, replaced, or obsoleted by other documents
    at any time.  It is inappropriate to use Internet-Drafts as
    reference material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at
    The list of Internet-Draft Shadow Directories can be accessed at

 Copyright Notice

    Copyright(C) The Internet Society (2003). All Rights Reserved.


    This memo describes the underlying rationale for inclusion of the
    LSR alert bit in the proposed MPLS payload ID.

 Sub-IP ID Summary

    [to be removed when published]


    Fits in the MPLS, and PWE3.


    This draft addresses a number of issues associated with
    instrumenting/controlling MPLS LSPs and PWs in general.


    Allan           Expires October 2003                   Page 1
                        The Case for the 'A' Bit

 1. Introduction

    The internet draft [MPLSPID] had numerous commonalities with other
    proposals for an MPLS PID. All proposals include some well known
    value in the first nibble, and a means of identifying the protocol
    used in the subsequent payload. The only significant difference in
    the proposals is that [MPLSPID] includes an 'LSR alert' bit. This
    memo describes the underlying rationale for inclusion of the 'LSR
    alert' or 'A' bit.

 2. The 'A' bit mechanism

    The 'A' bit is provided as an alternative mechanism to the router
    alert reserved label [RFC3032]. Intermediate LSRs along an LSP that
    recognize the MPLS and IP PW payload ID must process the protocol
    PDU when the 'A' bit is set in the control word. The intent is to
    provide a hop-by-hop mechanism that is unaffected by deployed ECMP
    (which may impact fate sharing between RA labeled flows and the
    original LSP) and maximizes commonality of forwarding between hop-
    by-hop and normal LSP flows in the internal implementation of
    labeled payload handling.

    Specification of the 'A' bit would require that compliant LSRs check
    the MPLS top of stack label entry and if the 'S' bit is set, examine
    the first nybble of each packet. If it is the extended Payload CW,
    check the alert bit and if so, process the payload (which in most
    cases will also include subsequently forwarding the payload).

 3. Discussion

    There are aspects of the direction that proactive fault detection
    has taken that will introduce as many problems as are solved. This
    is an artifact of the currently available mechanisms for
    distinguishing fault detection messaging (discussed extensively in

    One specifically pathological mode of failure is misdirection of
    traffic as this is a defect NOT detected or recovered by means other
    than path specific testing. Misdirection of traffic is a prime
    motivation of MPLS OAM efforts [REQUIRE]. Unlike problems detected
    adjacent to the source of the fault such as link or node failures,
    detection of misdirection via e2e probing will have no associated
    IGP notification that could act as a coordinating mechanism for how
    nodes remote to the problem respond.

    MP2P LSPs and label stacking mean that large numbers of LSP
    ingresses may be impacted by a problem with a single forwarding
    table entry. One option for detection of such problems is the use of
    LSP-PING [LSP-PING] proactively on some number of the potentially
    impacted LSPs. A defect in that table entry will misdirect all of
    the associated ping transactions. This will be reported to the ping
    originators which in some implementations this may result in the
    ping originators initiating traceroute, isolating the problem and

    Allan                   Expires October 2003                 Page 2
                          The Case for the 'A' Bit

    alarming. The ping originators operate in an independent and
    unsynchronized manner so a defect may trigger a significant amount
    of redundant diagnostic traffic and alarms.

    Use of a one way transaction (either LSP-PING in 'do not reply' mode
    or the simpler FEC-CV [FEC-CV]) is a significant improvement as
    responsibility for handling the problem is pushed to a much reduced
    set of network elements. However this is still limited in recovery
    capability as the egress would only know it is some arbitrary number
    of hops downstream of the problem and would still need to take
    further action to isolate and recover from the problem. This would
    have security implications if it simply generated unsolicited fault
    notifications to untrusted peers some arbitrary number of hops
    across the network.

    When there are nested LSPs stacked on a misdirected LSP, the set of
    nested labels will also be misdirected. Some will not progress past
    the next LSR when there is no corresponding ILM but some number will
    collide with existing label values, and merge their traffic into
    existing LSPs. When combined with e2e testing even with an egress
    detection paradigm, this will result in a large number of LSRs in
    the network independently detecting a common failure.

    With that as the background, one conclusion we have come to is that
    misbranching detection is BEST performed hop by hop such that
    detection will frequently occur within one hop of the fault and
    prior to any significant fan out of misdirected nested LSPs. This
    minimizes the number of alarms associated with the fault, and may
    permit some misbranching faults to be automatically corrected.

 4. Current hop by hop Mechanisms

 4.1 Router Alert

    The current hop-by-hop mechanism is to prepend the current label
    stack with the Router Alert label. Use of the router alert label on
    top of the label under test will be subject to significant
    implementation variations that will impact the validity of any hop-
    by-hop testing using the router alert mechanism.

    The combination of ECMP (or other hashing based load spreading
    mechanisms) and label stacking means that use of any reserved label
    will interfere with fate sharing of flows. A path may fail or be
    misdirected and not be detected by probes pre-pended with the router
    alert label.

    We believe that the above two reasons disqualify use of the router
    alert label from consideration as a solution.

 4.2 TTL Manipulation

    Alternately use of TTL=1 to relay messages hop by hop down the LSP
    will promptly break if the mechanism is not ubiquitously deployed.

    Allan                   Expires October 2003                 Page 3
                          The Case for the 'A' Bit

    Non-implementation breaks the chain instead of simply forwarding the
    message transparently. This disqualifies hop by hop TTL manipulation
    as a candidate solution.

    Ideally some method of identifying hop-by-hop flows with minimal
    impact to label stack semantics is required (hence the 'A' bit).

 5. Load Spreading

    Load spreading can occur in the MPLS architecture when an FEC to
    NHLFE mapping or ILM mapping resolves to multiple NHLFEs. The
    ability to distinguish hop by hop probing of the network suggests a
    way forward. Hop-by-hop forwarding of misbranching probes can
    exercise the set of NHLFEs via any of several mechanisms:

    a) Replication: an incoming probe is simply replicated across the
       set of NHLFEs.
    b) Round-robin: an NHLFE selector selects the next NHLFE in the set
       for forwarding upon receipt of a misbranching probe.
    c) Probe examination such that a probe from any given source or
       directed to a src/dest pair always resolves to a specific NHLFE.

    It should be noted that proactive detection of a problem will have
    different requirements that fault isolation. A round robin approach
    will not provide consistent forwarding from probe to probe as there
    is no guarantee that two identical probes will share common
    forwarding, nor is it required to in this application. LSP-PING when
    used to isolate a fault and inserted either e2e or employing TTL
    exhaust would be required to produce consistent results for a given
    LSP and src/dest tuple and would do so independent of the hop-by-hop

    A round robin approach would most likely produce acceptable
    detection times without magnifying the probe load on the network. It
    would be expected to provide faster detection times than random
    payload manipulation techniques (altering a 127./8 destination
    address), and compared to when traceroute was used to establish a
    specific 127./8 test plan, would respond to topology changes faster
    than periodic traceroute.

 6. Protocol Options

    There are currently two protocol proposals that have suitable
    functional characteristics for hop-by-hop fault detection. They do
    have differences in implementation complexity. In both cases they
    would be used with the MPLS and IP PW payload ID.


    One would be the use of LSP-PING in either 'do not reply' mode or to
    modify the reply semantics such that a reply was only generated when
    either a fault was detected or the LSP egress was reached. The LSR

    Allan                   Expires October 2003                 Page 4
                          The Case for the 'A' Bit

    detecting the fault is delegated responsibility for reporting the
    problem and initiating corrective action.

    Each LSR intercepting the 'alert' designated ping message would
    check the FEC TLV and compare this with the FEC for the LSP. If the
    FEC was invalid, the If the FEC TLV contained a valid FEC, the probe
    would then be forwarded to the next LSR. This would be an
    improvement over simply running traceroute continuously as the
    number of messages would be significantly reduced.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    |  TBD  |A|    rsvd.    |   PA  |          Protocol ID          |
    |                                                               |
    //                         IP Header                           //
    |                                                               |
    |                                                               |
    //                         UDP Header                          //
    |                                                               |
    |         Version Number        |         Must Be Zero          |
    |  Message Type |   Reply mode  |  Return Code  | Return Subcode|
    |                        Sender's Handle                        |
    |                        Sequence Number                        |
    |                    TimeStamp Sent (seconds)                   |
    |                  TimeStamp Sent (microseconds)                |
    |                  TimeStamp Received (seconds)                 |
    |                TimeStamp Received (microseconds)              |
    |  TLV type = Target FEC Stack  |            Length             |
    |  SubTLV type = IPv4 FEC       |            Length =5          |
    |                         IPv4 Prefix                           |
    |   mask        |

          Figure 1: LSP-PING (IPv4 FEC) with MSLS & IP Payload CW

    Allan                   Expires October 2003                 Page 5
                          The Case for the 'A' Bit

    Note that if adopted, the option of specifying that the payload
    following the IP PW control word is an IP protocol, then if 'do not
    reply' mode is used, the LSP-PING PDU could be simplified by
    dispensing with the IP and UDP headers.

 6.2 FEC-CV

    The other would be the use of FEC-CV as proposed for Y.1711. Each
    LSR intercepting the 'alert' designated FEC-CV message would compare
    the FEC-filter with the expected value (Boolean 'AND' operation). If
    no mismatch is detected then the probe would be forwarded to the
    next LSR. FEC-CV is a one way probe message so it would simply be
    discarded at the LSP egress.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    |  TBD  |1|    rsvd.    |   PA  |       Protocol ID (TBD)       |
    | Function (=7) |                 Reserved (=0)                 |
    |                                                               |
    |                                                               |
    |                            TTSI                               |
    |                                                               |
    |                                                               |
    |                                                               |
    |                          FEC Filter                           |
    |                                                               |
    |                                                               |
    |        Reserved (=0)          |             BIP 16            |
                   Figure 2: FEC-CV PDU w. Payload ID CW

 7. Interlayer coordination

    When a misbranching defect occurs for an LSP that transports LSPs
    (e.g. TE trunk or PWs on a PSN), it is desirable to minimize the
    number of points detecting the problem.

    There are two scenarios that can be considered:

    1) The fault misdirects MPLS LSPs without changing the MPLS level
       (label swap problem).

    When an LSP is detected as being in a misforwarded state, probably
    the most secure response that the network can offer is to silently
    discard all traffic or at least all labeled traffic transported by
    the LSP. This has the additional benefit of not forwarding any
    misbranching probes that have been inserted into client LSPs. This

    Allan                   Expires October 2003                 Page 6
                          The Case for the 'A' Bit

    will have the desirable properly of ensuring client LSPs will not

    2) The fault misdirects traffic by altering the MPLS level (push or
       pop problem).

    A premature pop fault fault will result in a significant number of
    misbranching defects being detected by the immediately adjacent
    LSRs. It may also result in no-ILM conditions in the LSR where the
    unexpected pop occurred. LSRs should limit the rate of management
    notifications associated with misdirection of traffic.

    An unexpected push in the network would be more difficult to isolate
    if the traffic merged with an existing LSP. Detection of the fault
    would not occur until the egress of the LSP merged into was reached
    by any probes.

 8. Implications of partial deployment

    Partial deployment diminishes but does not eliminate the value of
    the hop-by-hop audit. Nodes that do not implement 'A' bit
    functionality will simply forward the misbranching probes without
    processing them.

    If the fault has occurred in an MP2P LSP, and for security reasons
    or other operational reasons detection of such a fault leads to
    silent discard of all traffic, then detection by virtually any node
    upstream of the egress node will reduce the amount of traffic
    impacted by the misbranching fault.

 9. Conclusions

    Most simply expressed, IP is hop by hop forwarding. Hop by hop
    detection of MPLS forwarding problems for LSPs set up with via LDP
    is consistent with the IP paradigm whereas proactive e2e path
    testing for the same is not.

    Proactive hop by hop verification of forwarding is only practical if
    a sufficiently lightweight mechanism existed such that the network
    was not degraded by proactive probing. Section 6 explores some
    possibilities and suggests that this is not an insurmountable

    Hop by hop verification of forwarding requires a mechanism for
    distinguishing hop-by-hop probes that has maximum commonality with
    the handling of the label of interest and immunity to deployed ECMP.
    This is what motivates the 'A' bit proposal.


    [MPLSPID]    Allan, D., 'The MPLS and IP PW Payload ID', Internet
                 Draft, draft-allan-mpls-pid-00, April 2003

    Allan                   Expires October 2003                 Page 7
                          The Case for the 'A' Bit

    [FEC-CV]     Allan, D., 'Overview of the FEC-CV proposed extension
                 to the Y.1711 protocol', IETF Internet Draft, draft-
                 IETF Internet Draft, draft-allan-mpls-oam-frmwk-04,
                 February 2003

    [LSPPING]    Pan, P.,'Detecting Data Plane Liveness',
                 Internet Draft, draft-ietf-mpls-lsp-ping-02, April 2003

    [REQUIRE]    Nadeau, 'OAM Requirements for MPLS Networks',
                 IETF Internet Draft, draft-nadeau-ietf-oam-
                 requirements-01, February 2003

 11.Author's Address

    David Allan
    Nortel Networks              Phone: 1-613-763-6362
    3500 Carling Ave.            Email:
    Ottawa, Ontario, CANADA

 12.Full Copyright Statement

    "Copyright (C) The Internet Society (2003). Except as set forth
    below, authors retain all their rights.

    This document and translations of it may be copied and furnished to
    others, and derivative works that comment on or otherwise explain it
    or assist in its implementation may be prepared, copied, published
    and distributed, in whole or in part, without restriction of any
    kind, provided that the above copyright notice and this paragraph
    are included on all such copies and derivative works.  However, this
    document itself may not be modified in any way, such as by removing
    the copyright notice or references to the Internet Society or other
    Internet organizations, except as needed for the  purpose of
    developing Internet standards in which case the procedures for
    rights in submissions defined in the IETF Standards Process must be
    followed, or as required to translate it into languages other than

    The limited permissions granted above are perpetual and will not be
    revoked by the Internet Society or its successors or assigns.

    This document and the information contained herein is provided on an