summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5254.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc5254.txt')
-rw-r--r--doc/rfc/rfc5254.txt1515
1 files changed, 1515 insertions, 0 deletions
diff --git a/doc/rfc/rfc5254.txt b/doc/rfc/rfc5254.txt
new file mode 100644
index 0000000..d4f68c8
--- /dev/null
+++ b/doc/rfc/rfc5254.txt
@@ -0,0 +1,1515 @@
+
+
+
+
+
+
+Network Working Group N. Bitar, Ed.
+Request for Comments: 5254 Verizon
+Category: Informational M. Bocci, Ed.
+ Alcatel-Lucent
+ L. Martini, Ed.
+ Cisco Systems, Inc.
+ October 2008
+
+
+Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Abstract
+
+ This document describes the necessary requirements to allow a service
+ provider to extend the reach of pseudowires across multiple domains.
+ These domains can be autonomous systems under one provider
+ administrative control, IGP areas in one autonomous system, different
+ autonomous systems under the administrative control of two or more
+ service providers, or administratively established pseudowire
+ domains.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 1]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+Table of Contents
+
+ 1. Introduction ....................................................3
+ 1.1. Scope ......................................................3
+ 1.2. Architecture ...............................................3
+ 2. Terminology .....................................................6
+ 2.1. Specification of Requirements ..............................6
+ 3. Use Cases .......................................................7
+ 3.1. Multi-Segment Pseudowire Setup Mechanisms ..................9
+ 4. Multi-Segment Pseudowire Requirements ..........................10
+ 4.1. All Mechanisms ............................................10
+ 4.1.1. Architecture .......................................10
+ 4.1.2. Resiliency .........................................11
+ 4.1.3. Quality of Service .................................11
+ 4.1.4. Congestion Control .................................12
+ 4.1.5 Generic Requirements for MS-PW Setup Mechanisms ....13
+ 4.1.6. Routing ............................................14
+ 4.2. Statically Configured MS-PWs ..............................15
+ 4.2.1. Architecture .......................................15
+ 4.2.2. MPLS-PWs ...........................................15
+ 4.2.3. Resiliency .........................................15
+ 4.2.4. Quality of Service .................................16
+ 4.3. Signaled PW Segments ......................................16
+ 4.3.1. Architecture .......................................16
+ 4.3.2. Resiliency .........................................16
+ 4.3.3. Quality of Service .................................17
+ 4.3.4. Routing ............................................17
+ 4.3.5. Additional Requirements on Signaled MS-PW Setup
+ Mechanisms .........................................17
+ 4.4. Signaled PW / Dynamic Route ...............................18
+ 4.4.1. Architecture .......................................18
+ 4.4.2. Resiliency .........................................18
+ 4.4.3. Quality of Service .................................18
+ 4.4.4. Routing ............................................18
+ 5. Operations and Maintenance (OAM) ...............................19
+ 6. Management of Multi-Segment Pseudowires ........................20
+ 6.1. MIB Requirements ..........................................20
+ 6.2. Management Interface Requirements .........................21
+ 7. Security Considerations ........................................21
+ 7.1. Inter-Provider MS-PWs .....................................21
+ 7.1.1. Data-Plane Security Requirements ...................21
+ 7.1.2. Control-Plane Security Requirements ................23
+ 7.2. Intra-Provider MS-PWs .....................................25
+ 8. Acknowledgments ................................................25
+ 9. References .....................................................25
+ 9.1. Normative References ......................................25
+ 9.2. Informative References ....................................25
+
+
+
+
+Bitar, et al. Informational [Page 2]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+1. Introduction
+
+1.1. Scope
+
+ This document specifies requirements for extending pseudowires across
+ more than one packet switched network (PSN) domain and/or more than
+ one PSN tunnel. These pseudowires are called multi-segment
+ pseudowires (MS-PWs). Requirements for single-segment pseudowires
+ (SS-PWs) that extend edge to edge across only one PSN domain are
+ specified in [RFC3916]. This document is not intended to invalidate
+ any part of [RFC3985].
+
+ This document specifies additional requirements that apply to MS-PWs.
+ These requirements do not apply to PSNs that only support SS-PWs.
+
+1.2. Architecture
+
+ The following three figures describe the reference models that are
+ derived from [RFC3985] to support PW emulated services.
+
+ |<-------------- Emulated Service ---------------->|
+ | |
+ | |<------- Pseudowire ------->| |
+ | | | |
+ | | |<-- PSN Tunnel -->| | |
+ | PW End V V V V PW End |
+ V Service +----+ +----+ Service V
+ +-----+ | | PE1|==================| PE2| | +-----+
+ | |----------|............PW1.............|----------| |
+ | CE1 | | | | | | | | CE2 |
+ | |----------|............PW2.............|----------| |
+ +-----+ ^ | | |==================| | | ^ +-----+
+ ^ | +----+ +----+ | | ^
+ | | Provider Edge 1 Provider Edge 2 | |
+ | | | |
+ Customer | | Customer
+ Edge 1 | | Edge 2
+ | |
+ | |
+ Attachment Circuit (AC) Attachment Circuit (AC)
+ Native service Native service
+
+ Figure 1: PWE3 Reference Configuration
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 3]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ Figure 1 shows the PWE3 reference architecture [RFC3985]. This
+ architecture applies to the case where a PSN tunnel extends between
+ two edges of a single PSN domain to transport a PW with endpoints at
+ these edges.
+
+ Native |<--------Multi-Segment Pseudowire----->| Native
+ Service | PSN PSN | Service
+ (AC) | |<-Tunnel->| |<-Tunnel->| | (AC)
+ | V V 1 V V 2 V V |
+ | +-----+ +-----+ +---- + |
+ +---+ | |T-PE1|==========|S-PE1|==========|T-PE2| | +---+
+ | |---------|........PW1.......... |...PW3..........|---|----| |
+ |CE1| | | | | | | | | |CE2|
+ | |---------|........PW2...........|...PW4..........|--------| |
+ +---+ | | |==========| |==========| | | +---+
+ ^ +-----+ +-----+ +-----+ ^
+ | Provider Edge 1 ^ Provider Edge 3 |
+ | | |
+ | | |
+ | PW switching point |
+ | |
+ | |
+ |<------------------- Emulated Service ------------------->|
+
+ Figure 2: PW Switching Reference Model
+
+ Figure 2 extends this architecture to show a multi-segment case.
+ Terminating PE1 (T-PE1) and Terminating PE3 (T-PE3) provide PWE3
+ service to CE1 and CE2. These PEs terminate different PSN tunnels,
+ PSN Tunnel 1 and PSN Tunnel 2, and may reside in different PSN or
+ pseudowire domains. One PSN tunnel extends from T-PE1 to S-PE1
+ across PSN1, and a second PSN tunnel extends from S-PE1 to T-PE2
+ across PSN2.
+
+ PWs are used to connect the Attachment circuits (ACs) attached to
+ T-PE1 to the corresponding ACs attached to T-PE2. Each PW on PSN
+ tunnel 1 is switched to a PW in the tunnel across PSN2 at S-PE1 to
+ complete the multi-segment PW (MS-PW) between T-PE1 and T-PE2. S-PE1
+ is therefore the PW switching point and will be referred to as the PW
+ switching provider edge (S-PE). PW1 and PW3 are segments of the same
+ MS-PW while PW2 and PW4 are segments of another pseudowire. PW
+ segments of the same MS-PW (e.g., PW1 and PW3) MAY be of the same PW
+ type or different types, and PSN tunnels (e.g., PSN Tunnel 1 and PSN
+ Tunnel 2) can be the same or different technology. This document
+ requires support for MS-PWs with segments of the same PW type only.
+
+
+
+
+
+
+Bitar, et al. Informational [Page 4]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ An S-PE switches an MS-PW from one segment to another based on the PW
+ identifiers (e.g., PW label in case of MPLS PWs). In Figure 2, the
+ domains that PSN Tunnel 1 and PSN Tunnel 2 traverse could be IGP
+ areas in the same IGP network or simply PWE3 domains in a single flat
+ IGP network, for instance.
+
+ |<------Multi-Segment Pseudowire------>|
+ | AS AS |
+ AC | |<----1---->| |<----2--->| | AC
+ | V V V V V V |
+ | +----+ +-----+ +----+ +----+ |
+ +----+ | | |=====| |=====| |=====| | | +----+
+ | |-------|.....PW1..........PW2.........PW3.....|-------| |
+ | CE1| | | | | | | | | | | |CE2 |
+ +----+ | | |=====| |=====| |=====| | | +----+
+ ^ +----+ +-----+ +----+ +----+ ^
+ | T-PE1 S-PE2 S-PE3 T-PE4 |
+ | ^ ^ |
+ | | | |
+ | PW switching points |
+ | |
+ | |
+ |<------------------- Emulated Service --------------->|
+
+ Figure 3: PW Switching Inter-Provider Reference Model
+
+ Note that although Figure 2 only shows a single S-PE, a PW may
+ transit more than one S-PEs along its path. For instance, in the
+ multi-AS case shown in Figure 3, there can be an S-PE (S-PE2) at the
+ border of one AS (AS1) and another S-PE (S-PE3) at the border of the
+ other AS (AS2). An MS-PW that extends from the edge of one AS (T-
+ PE1) to the edge of the other AS (T-PE4) is composed of three
+ segments: (1) PW1, a segment in AS1, (2) PW2, a segment between the
+ two border routers (S-PE2 and S-PE3) that are switching PEs, and (3)
+ PWE3, a segment in AS2. AS1 and AS2 could belong to the same
+ provider (e.g., AS1 could be an access network or metro transport
+ network, and AS2 could be an MPLS core network) or to two different
+ providers (e.g., AS1 for Provider 1 and AS2 for Provider 2).
+
+
+
+
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 5]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+2. Terminology
+
+ RFC 3985 [RFC3985] provides terminology for PWE3. The following
+ additional terminology is defined for multi-segment pseudowires:
+
+ - PW Terminating Provider Edge (T-PE). A PE where the
+ customer-facing attachment circuits (ACs) are bound to a PW
+ forwarder. A Terminating PE is present in the first and last
+ segments of an MS-PW. This incorporates the functionality of a
+ PE as defined in RFC 3985.
+
+ - Single-Segment Pseudowire (SS-PW). A PW setup directly between
+ two PE devices. Each direction of an SS-PW traverses one PSN
+ tunnel that connects the two PEs.
+
+ - Multi-Segment Pseudowire (MS-PW). A static or dynamically
+ configured set of two or more contiguous PW segments that
+ behave and function as a single point-to-point PW. Each end of
+ an MS-PW by definition MUST terminate on a T-PE.
+
+ - PW Segment. A single-segment or a part of a multi-segment PW,
+ which is set up between two PE devices, T-PEs and/or S-PEs.
+
+ - PW Switching Provider Edge (S-PE). A PE capable of switching
+ the control and data planes of the preceding and succeeding PW
+ segments in an MS-PW. The S-PE terminates the PSN tunnels
+ transporting the preceding and succeeding segments of the MS-
+ PW. It is therefore a PW switching point for an MS-PW. A PW
+ switching point is never the S-PE and the T-PE for the same
+ MS-PW. A PW switching point runs necessary protocols to set up
+ and manage PW segments with other PW switching points and
+ terminating PEs.
+
+2.1. Specification of Requirements
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+
+
+
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 6]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+3. Use Cases
+
+ PWE3 defines the signaling and encapsulation techniques for
+ establishing SS-PWs between a pair of terminating PEs (T-PEs), and in
+ the vast majority of cases, this will be sufficient. MS-PWs may be
+ useful in the following situations:
+
+ -i. Inter-Provider PWs: An Inter-Provider PW is a PW that extends
+ from a T-PE in one provider domain to a T-PE in another
+ provider domain.
+
+ -ii. It may not be possible, desirable, or feasible to establish a
+ direct PW control channel between the T-PEs, residing in
+ different provider networks, to set up and maintain PWs. At a
+ minimum, a direct PW control channel establishment (e.g.,
+ targeted LDP session) requires knowledge of and reachability
+ to the remote T-PE IP address. The local T-PE may not have
+ access to this information due to operational or security
+ constraints. Moreover, an SS-PW would require the existence
+ of a PSN tunnel between the local T-PE and the remote T-PE.
+ It may not be feasible or desirable to extend single,
+ contiguous PSN tunnels between T-PEs in one domain and T-PEs
+ in another domain for security and/or scalability reasons or
+ because the two domains may be using different PSN
+ technologies.
+
+ -iii. MS-PW setup, maintenance, and forwarding procedures must
+ satisfy requirements placed by the constraints of a
+ multi-provider environment. An example is the inter-AS L2VPN
+ scenario where the T-PEs reside in different provider networks
+ (ASs) and it is the current practice to MD5-key all control
+ traffic exchanged between two networks. An MS-PW allows the
+ providers to confine MD5 key administration for the LDP
+ session to just the PW switching points connecting the two
+ domains.
+
+ -iv. PSN Interworking: PWE3 signaling protocols and PSN types may
+ differ in different provider networks. The terminating PEs
+ may be connected to networks employing different PW signaling
+ and/or PSN protocols. In this case, it is not possible to use
+ an SS-PW. An MS-PW with the appropriate interworking
+ performed at the PW switching points can enable PW
+ connectivity between the terminating PEs in this scenario.
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 7]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -v. Traffic Engineered PSN Tunnels and bandwidth-managed PWs:
+ There is a requirement to deploy PWs edge to edge in large
+ service provider networks. Such networks typically encompass
+ hundreds or thousands of aggregation devices at the edge, each
+ of which would be a PE. Furthermore, there is a requirement
+ that these PWs have explicit bandwidth guarantees. To satisfy
+ these requirements, the PWs will be tunneled over PSN
+ TE-tunnels with bandwidth constraints. A single-segment
+ pseudowire architecture would require that a full mesh of PSN
+ TE-tunnels be provisioned to allow PWs to be established
+ between all PEs. Inter-provider PWs riding traffic engineered
+ tunnels further add to the number of tunnels that would have
+ to be supported by the PEs and the core network as the total
+ number of PEs increases.
+
+ In this environment, there is a requirement either to support
+ a sparse mesh of PSN TE-tunnels and PW signaling adjacencies,
+ or to partition the network into a number of smaller PWE3
+ domains. In either case, a PW would have to pass through more
+ than one PSN tunnel hop along its path. An objective is to
+ reduce the number of tunnels that must be supported, and thus
+ the complexity and scalability problem that may arise.
+
+ -vi. Pseudowires in access/metro networks: Service providers wish
+ to extend PW technology to access and metro networks in order
+ to reduce maintenance complexity and operational costs.
+ Today's access and metro networks are either legacy (Time
+ Division Multiplexed (TDM), Synchronous Optical
+ Network/Synchronous Digital Hierarchy (SONET/SDH), or Frame
+ Relay/Asynchronous Transfer Mode (ATM)), Ethernet, or IP
+ based.
+
+ Due to these architectures, circuits (e.g., Ethernet Virtual
+ Circuits (EVCs), ATM VCs, TDM circuits) in the access/metro
+ are traditionally handled as attachment circuits, in their
+ native format, to the edge of the IP-MPLS network where the PW
+ starts. This combination requires multiple separate access
+ networks and complicates end-to-end control, provisioning, and
+ maintenance. In addition, when a TDM or SONET/SDH access
+ network is replaced with a packet-based infrastructure,
+ expenses may be lowered due to moving statistical multiplexing
+ closer to the end-user and converging multiple services onto a
+ single access network.
+
+ Access networks have a number of properties that impact the
+ application of PWs. For example, there exist access
+ mechanisms where the PSN is not of an IETF specified type, but
+ uses mechanisms compatible with those of PWE3 at the PW layer.
+
+
+
+Bitar, et al. Informational [Page 8]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ Here, use case (iv) may apply. In addition, many networks
+ consist of hundreds or thousands of access devices. There is
+ therefore a desire to support a sparse mesh of PW signaling
+ adjacencies and PSN tunnels. Use case (v) may therefore
+ apply. Finally, access networks also tend to differ from core
+ networks in that the access PW setup and maintenance mechanism
+ may only be a subset of that used in the core.
+
+ Using the MS-PWs, access and metro network elements need only
+ maintain PW signaling adjacencies with the PEs to which they
+ directly connect. They do not need PW signaling adjacencies
+ with every other access and metro network device. PEs in the
+ PSN backbone, in turn, maintain PW signaling adjacencies among
+ each other. In addition, a PSN tunnel is set up between an
+ access element and the PE to which it connects. Another PSN
+ tunnel needs to be established between every PE pair in the
+ PSN backbone. An MS-PW may be set up from one access network
+ element to another access element with three segments: (1)
+ access-element - PSN-PE, (2) PSN-PE to PSN-PE, and (3) PSN-PE
+ to access element. In this MS-PW setup, access elements are
+ T-PEs while PSN-PEs are S-PEs. It should be noted that the
+ PSN backbone can be also segmented into PWE3 domains resulting
+ in more segments per PW.
+
+3.1. Multi-Segment Pseudowire Setup Mechanisms
+
+ This requirements document assumes that the above use cases are
+ realized using one or more of the following mechanisms:
+
+ -i. Static Configuration: The switching points (S-PEs), in
+ addition to the T-PEs, are manually provisioned for each
+ segment.
+
+ -ii. Pre-Determined Route: The PW is established along an
+ administratively determined route using an end-to-end
+ signaling protocol with automated stitching at the S-PEs.
+
+ -iii. Signaled Dynamic Route: The PW is established along a
+ dynamically determined route using an end-to-end signaling
+ protocol with automated stitching at the S-PEs. The route is
+ selected with the aid of one or more dynamic routing
+ protocols.
+
+ Note that we define the PW route to be the set of S-PEs through which
+ an MS-PW will pass between a given pair of T-PEs. PSN tunnels along
+ that route can be explicitly specified or locally selected at the
+ S-PEs and T-PEs. The routing of the PSN tunnels themselves is
+ outside the scope of the requirements specified in this document.
+
+
+
+Bitar, et al. Informational [Page 9]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+4. Multi-Segment Pseudowire Requirements
+
+ The following sections detail the requirements that the above use
+ cases put on the MS-PW setup mechanisms.
+
+4.1. All Mechanisms
+
+ The following generic requirements apply to the three MS-PW setup
+ mechanisms defined in the previous section.
+
+4.1.1. Architecture
+
+ -i. If MS-PWs are tunneled across a PSN that only supports SS-PWs,
+ then only the requirements of [RFC3916] apply to that PSN.
+ The fact that the overlay is carrying MS-PWs MUST be
+ transparent to the routers in the PSN.
+
+ -ii. The PWs MUST remain transparent to the P-routers. A P-router
+ is not an S-PE or an T-PE from the MS-PW architecture
+ viewpoint. P-routers provide transparent PSN transport for
+ PWs and MUST not have any knowledge of the PWs traversing
+ them.
+
+ -iii. The MS-PWs MUST use the same encapsulation modes specified for
+ SS-PWs.
+
+ -iv. The MS-PWs MUST be composed of SS-PWs.
+
+ -v. An MS-PW MUST be able to pass across PSNs of all technologies
+ supported by PWE3 for SS-PWs. When crossing from one PSN
+ technology to another, an S-PE must provide the necessary PSN
+ interworking functions in that case.
+
+ -vi. Both directions of a PW segment MUST terminate on the same
+ S-PE/T-PE.
+
+ -vii. S-PEs MAY only support switching PWs of the same PW type. In
+ this case, the PW type is transparent to the S-PE in the
+ forwarding plane, except for functions needed to provide for
+ interworking between different PSN technologies.
+
+ -viii. Solutions MAY provide a way to prioritize the setup and
+ maintenance process among PWs.
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 10]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+4.1.2. Resiliency
+
+ Mechanisms to protect an MS-PW when an element on the existing path
+ of an MS-PW fails MUST be provided. These mechanisms will depend on
+ the MS-PW setup. The following are the generic resiliency
+ requirements that apply to all MS-PW setup mechanisms:
+
+ -i. Configuration and establishment of a backup PW to a primary PW
+ SHOULD be supported. Mechanisms to perform a switchover from
+ a primary PW to a backup PW upon failure detection SHOULD be
+ provided.
+
+ -ii. The ability to configure an end-to-end backup PW path for a
+ primary PW path SHOULD be supported. The primary and backup
+ paths may be statically configured, statically specified for
+ signaling, or dynamically selected via dynamic routing
+ depending on the MS-PW establishment mechanism. Backup and
+ primary paths should have the ability to traverse separate
+ S-PEs. The backup path MAY be signaled at configuration time
+ or after failure.
+
+ -iii. The ability to configure a primary PW and a backup PW with a
+ different T-PE from the primary SHOULD be supported.
+
+ -iv. Automatic Mechanisms to perform a fast switchover from a
+ primary PW to a backup PW upon failure detection SHOULD be
+ provided.
+
+ -v. A mechanism to automatically revert to a primary PW from a
+ backup PW MAY be provided. When provided, it MUST be
+ configurable.
+
+4.1.3. Quality of Service
+
+ Pseudowires are intended to support emulated services (e.g., TDM and
+ ATM) that may have strict per-connection quality-of-service (QoS)
+ requirements. This may include either absolute or relative
+ guarantees on packet loss, delay, and jitter. These guarantees are,
+ in part, delivered by reserving sufficient network resources (e.g.,
+ bandwidth), and by providing appropriate per-packet treatment (e.g.,
+ scheduling priority and drop precedence) throughout the network.
+
+ For SS-PWs, a traffic engineered PSN tunnel (i.e., MPLS-TE) may be
+ used to ensure that sufficient resources are reserved in the
+ P-routers to provide QoS to PWs on the tunnel. In this case, T-PEs
+ MUST have the ability to automatically request the PSN tunnel
+ resources in the direction of traffic (e.g., admission control of PWs
+ onto the PSN tunnel and accounting for reserved bandwidth and
+
+
+
+Bitar, et al. Informational [Page 11]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ available bandwidth on the tunnel). In cases where the tunnel
+ supports multiple classes of service (CoS) (e.g., E-LSP), bandwidth
+ management is required per CoS.
+
+ For MS-PWs, each S-PE maps a PW segment to a PSN tunnel. Solutions
+ MUST enable S-PEs and T-PEs to automatically bind a PW segment to a
+ PSN tunnel based on CoS and bandwidth requirements when these
+ attributes are specified for a PW. Solutions SHOULD also provide the
+ capability of binding a PW segment to a tunnel as a matter of policy
+ configuration. S-PEs and T-PEs must be capable of automatically
+ requesting PSN tunnel resources per CoS.
+
+ S-PEs and T-PEs MUST be able to associate a CoS marking (e.g., EXP
+ field value for MPLS PWs) with PW PDUs. CoS marking in the PW PDUs
+ affects packet treatment. The CoS marking depends on the PSN
+ technology. Thus, solutions must enable the configuration of
+ necessary mapping for CoS marking when the MS-PW crosses from one PSN
+ technology to another. Similarly, different administrative domains
+ may use different CoS values to imply the same CoS treatment.
+ Solutions MUST provide the ability to define CoS marking maps on
+ S-PEs at administrative domain boundaries to translate from one CoS
+ value to another as a PW PDU crosses from one domain to the next.
+
+ [RFC3985] requires PWs to respond to path congestion by reducing
+ their transmission rate. Alternatively, RFC 3985 permits PWs that do
+ not have a congestion control mechanism to transmit using explicitly
+ reserved capacity along a provisioned path. Because MS-PWs are a
+ type of PW, this requirement extends to them as well. RFC 3985
+ applied to MS-PWs consequently requires that MS-PWs employ a
+ congestion control mechanism that is effective across an MS path, or
+ requires an explicit provisioning action that reserves sufficient
+ capacity in all domains along the MS path before the MS-PW begins
+ transmission. S-PEs are therefore REQUIRED to reject attempts to
+ establish MS-PW segments for PW types that either do not utilize an
+ appropriate congestion control scheme or when resources that are
+ sufficient to support the transmission rate of the PW cannot be
+ reserved along the path.
+
+4.1.4. Congestion Control
+
+ [RFC3985] requires all PWs to respond to congestion, in order to
+ conform to [RFC2914]. In the absence of a well-defined congestion
+ control mechanism, [RFC3985] permits PWs to be carried across paths
+ that have been provisioned such that the traffic caused by PWs has no
+ harmful effect on concurrent traffic that shares the path, even under
+ congestion. These requirements extend to the MS-PWs defined in this
+ document.
+
+
+
+
+Bitar, et al. Informational [Page 12]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ Path provisioning is frequently performed through QoS reservation
+ protocols or network management protocols. In the case of SS-PWs,
+ which remain within a single administrative domain, a number of
+ existing protocols can provide this provisioning functionality. MS-
+ PWs, however, may transmit across network domains that are under the
+ control of multiple entities. QoS provisioning across such paths is
+ inherently more difficult, due to the required inter-domain
+ interactions. It is important to note that these difficulties do not
+ invalidate the requirement to provision path capacity for MS-PW use.
+ Each domain MUST individually implement a method to control
+ congestion. This can be by QoS reservation, or other congestion
+ control method. MS-PWs MUST NOT transmit across unprovisioned, best
+ effort, paths in the absence of other congestion control schemes, as
+ required by [RFC3985].
+
+ Solutions MUST enable S-PEs and T-PEs on the path of an MS-PW to
+ notify other S-PEs and T-PEs on that path of congestion, when it
+ occurs. Congestion may be indicated by queue length, packet loss
+ rate, or bandwidth measurement (among others) crossing a respective
+ threshold. The action taken by a T-PE that receives a notification
+ of congestion along the path of one of its PWs could be to re-route
+ the MS-PW to an alternative path, including an alternative T-PE if
+ available. If a PE, or an S-PE has knowledge that a particular link
+ or tunnel is experiencing congestion, it MUST not set up any new
+ MS-PW that utilize that link or tunnel. Some PW types, such as TDM
+ PWs, are more sensitive to congestion than others. The reaction to a
+ congestion notification MAY vary per PW type.
+
+4.1.5. Additional Generic Requirements for MS-PW Setup Mechanisms
+
+ The MS-PW setup mechanisms MUST accommodate the service provider's
+ practices, especially in relation to security, confidentiality of SP
+ information, and traffic engineering. Security and confidentiality
+ are especially important when the MS-PWs are set up across autonomous
+ systems in different administrative domains. The following are
+ generic requirements that apply to the three MS-PW setup mechanisms
+ defined earlier:
+
+ -i. The ability to statically select S-PEs and PSN tunnels on a PW
+ path MUST be provided. Static selection of S-PEs is by
+ definition a requirement for the static configuration and
+ signaled/static route setup mechanisms. This requirement
+ satisfies the need for forcing an MS-PW to traverse specific
+ S-PEs to enforce service provider security and administrative
+ policies.
+
+ -ii. Solutions SHOULD minimize the amount of configuration needed
+ to set up an MS-PW.
+
+
+
+Bitar, et al. Informational [Page 13]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -iii. Solutions should support different PW setup mechanisms on the
+ same T-PE, S-PE, and PSN network.
+
+ -iv. Solutions MUST allow T-PEs to simultaneously support use of
+ SS-PW signaling mechanisms as specified in [RFC4447], as well
+ as MS-PW signaling mechanisms.
+
+ -v. Solutions MUST ensure that an MS-PW will be set up when a path
+ that satisfies the PW constraints for bandwidth, CoS, and
+ other possible attributes does exist in the network.
+
+ -vi. Solutions must clearly define the setup procedures for each
+ mechanism so that an MS-PW setup on T-PEs can be interpreted
+ as successful only when all PW segments are successfully set
+ up.
+
+ -vii. Admission control to the PSN tunnel needs to be performed
+ against available resources, when applicable. This process
+ MUST be performed at each PW segment comprising the MS-PW. PW
+ admission control into a PSN tunnel MUST be configurable.
+
+ -viii. In case the PSN tunnel lacks the resources necessary to
+ accommodate the new PW, an attempt to signal a new PSN tunnel,
+ or increase the capacity of the existing PSN tunnel MAY be
+ made. If the expanded PSN tunnel fails to set up, the PW MUST
+ fail to set up.
+
+ -ix. The setup mechanisms must allow the setup of a PW segment
+ between two directly connected S-PEs without the existence of
+ a PSN tunnel. This requirement allows a PW segment to be set
+ up between two (Autonomous System Border Routers (ASBRs) when
+ the MS-PW crosses AS boundaries without the need for
+ configuring and setting up a PSN tunnel. In this case,
+ admission control must be done, when enabled, on the link
+ between the S-PEs.
+
+4.1.6. Routing
+
+ An objective of MS-PWs is to provide support for the following
+ connectivity:
+
+ -i. MS-PWs MUST be able to traverse multiple service provider
+ administrative domains.
+
+ -ii. MS-PWs MUST be able to traverse multiple autonomous systems
+ within the same administrative domain.
+
+
+
+
+
+Bitar, et al. Informational [Page 14]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -iii. MS-PWs MUST be able to traverse multiple autonomous systems
+ belonging to different administrative domains.
+
+ -iv. MS-PWs MUST be able to support any hybrid combination of the
+ aforementioned connectivity scenarios, including both PW
+ transit and termination in a domain.
+
+4.2. Statically Configured MS-PWs
+
+ When the MS-PW segments are statically configured, the following
+ requirements apply in addition to the generic requirements previously
+ defined.
+
+4.2.1. Architecture
+
+ There are no additional requirements on the architecture.
+
+4.2.2. MPLS-PWs
+
+ Solutions should allow for the static configuration of MPLS labels
+ for MPLS-PW segments and the cross-connection of these labels to
+ preceding and succeeding segments. This is especially useful when an
+ MS-PW crosses provider boundaries and two providers do not want to
+ run any PW signaling protocol between them. A T-PE or S-PE that
+ allows the configuration of static labels for MS-PW segments should
+ also simultaneously allow for dynamic label assignments for other
+ MS-PW segments. It should be noted that when two interconnected
+ S-PEs do not have signaling peering for the purpose of setting up
+ MS-PW segments, they should have in-band PW Operations and
+ Maintenance (OAM) capabilities that relay PW or attachment circuit
+ defect notifications between the adjacent S-PEs.
+
+4.2.3. Resiliency
+
+ The solution should allow for the protection of a PW segment, a
+ contiguous set of PW segments, as well as the end-to-end path. The
+ primary and protection segments must share the same segment
+ endpoints. Solutions should allow for having the backup paths set up
+ prior to the failure or as a result of failure. The choice should be
+ made by configuration. When resources are limited and cannot satisfy
+ all PWs, the PWs with the higher setup priorities should be given
+ preference when compared with the setup priorities of other PWs being
+ set up or the holding priorities of existing PWs.
+
+ Solutions should strive to minimize traffic loss between T-PEs.
+
+
+
+
+
+
+Bitar, et al. Informational [Page 15]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+4.2.4. Quality of Service
+
+ The CoS and bandwidth of the MS-PW must be configurable at T-PEs and
+ S-PEs.
+
+4.3. Signaled PW Segments
+
+ When the MS-PW segments are dynamically signaled, the following
+ requirements apply in addition to the generic requirements previously
+ defined. The signaled MS-PW segments can be on the path of a
+ statically configured MS-PW, signaled/statically routed MS-PW, or
+ signaled/dynamically routed MS-PW.
+
+ There are four different mechanisms that are defined to setup SS-PWs:
+
+ -i. Static set up of the SS-PW (MPLS or L2TPv3 forwarding)
+
+ -ii. LDP using PWid Forwarding Equivalence Class (FEC) 128
+
+ -iii. LDP using the generalized PW FEC 129
+
+ -iv. L2TPv3
+
+ The MS-PW setup mechanism MUST be able to support PW segments
+ signaled with any of the above protocols; however, the specification
+ of which combinations of SS-PW signaling protocols are supported by a
+ specific implementation is outside the scope of this document.
+
+ For the signaled/statically routed and signaled/dynamically routed
+ MS-PW setup mechanisms, the following requirements apply in addition
+ to the generic requirements previously defined.
+
+4.3.1. Architecture
+
+ There are no additional requirements on the architecture.
+
+4.3.2. Resiliency
+
+ Solutions should allow for the signaling of a protection path for a
+ PW segment, sequence of segments, or end-to-end path. The protection
+ and primary paths for the protected segment(s) share the same
+ respective segments endpoints. When admission control is enabled,
+ systems must be careful not to double account for bandwidth
+ allocation at merged points (e.g., tunnels). Solutions should allow
+ for having the backup paths set up prior to the failure or as a
+ result of failure. The choice should be made by configuration at the
+ endpoints of the protected path. When resources are limited and
+ cannot satisfy all PWs, the PWs with the higher setup priorities
+
+
+
+Bitar, et al. Informational [Page 16]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ should be given preference when compared with the setup priorities of
+ other PWs being set up or the holding priorities of existing PWs.
+ Procedures must allow for the primary and backup paths to be diverse.
+
+4.3.3. Quality of Service
+
+ When the T-PE attempts to signal an MS-PW, the following capability
+ is required:
+
+ -i. Signaling must be able to identify the CoS associated with an
+ MS-PW.
+
+ -ii. Signaling must be able to carry the traffic parameters for an
+ MS-PW per CoS. Traffic parameters should be based on existing
+ INTSERV definitions and must be used for admission control
+ when admission control is enabled.
+
+ -iii. The PW signaling MUST enable separate traffic parameter values
+ to be specified for the forward and reverse directions of the
+ PW.
+
+ -iv. PW traffic parameter representations MUST be the same for all
+ types of MS-PWs.
+
+ -v. The signaling protocol must be able to accommodate a method to
+ prioritize the PW setup and maintenance operation among PWs.
+
+4.3.4. Routing
+
+ See the requirements for "Resiliency" above.
+
+4.3.5. Additional Requirements on Signaled MS-PW Setup Mechanisms
+
+ The following are further requirements on signaled MS-PW setup
+ mechanisms:
+
+ -i. The signaling procedures MUST be defined such that the setup
+ of an MS-PW is considered successful if all segments of the
+ MS-PW are successfully set up.
+
+ -ii. The MS-PW path MUST have the ability to be dynamically set up
+ between the T-PEs by provisioning only the T-PEs.
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 17]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -iii. Dynamic MS-PW setup requires that a unique identifier be
+ associated with a PW and be carried in the signaling message.
+ That identifier must contain sufficient information to
+ determine the path to the remote T-PE through intermediate
+ S-PEs.
+
+ -iv. In a single-provider domain, it is natural to have the T-PE
+ identified by one of its IP addresses. This may also apply
+ when an MS-PW is set up across multiple domains operated by
+ the same provider. However, some service providers have
+ security and confidentiality policies that prevent them from
+ advertising reachability to routers in their networks to other
+ providers (reachability to an ASBR is an exception). Thus,
+ procedures MUST be provided to allow dynamic set up of MS-PWs
+ under these conditions.
+
+4.4. Signaled PW / Dynamic Route
+
+ The following requirements apply, in addition to those in Sections
+ 4.1 and 4.3, when both dynamic signaling and dynamic routing are
+ used.
+
+4.4.1. Architecture
+
+ There are no additional architectural requirements.
+
+4.4.2. Resiliency
+
+ The PW routing function MUST support dynamic re-routing around
+ failure points when segments are set up using the dynamic setup
+ method.
+
+4.4.3. Quality of Service
+
+ There are no additional QoS requirements.
+
+4.4.4. Routing
+
+ The following are requirements associated with dynamic route
+ selection for an MS-PW:
+
+ -i. Routing must enable S-PEs and T-PEs to discover S-PEs on the
+ path to a destination T-PE.
+
+ -ii. The MS-PW routing function MUST have the ability to
+ automatically select the S-PEs along the MS-PW path. Some of
+ the S-PEs MAY be statically selected and carried in the
+ signaling to constrain the route selection process.
+
+
+
+Bitar, et al. Informational [Page 18]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -iii. The PW routing function MUST support re-routing around
+ failures that occur between the statically configured segment
+ endpoints. This may be done by choosing another PSN tunnel
+ between the two segment endpoints or setting up an alternative
+ tunnel.
+
+ -iv. Routing protocols must be able to advertise reachability
+ information of attachment circuit (AC) endpoints. This
+ reachability information must be consistent with the AC
+ identifiers carried in signaling.
+
+5. Operations and Maintenance (OAM)
+
+ OAM mechanisms for the attachment circuits are defined in the
+ specifications for PW emulated specific technologies (e.g., ITU-T
+ I.610 [i610] for ATM). These mechanisms enable, among other things,
+ defects in the network to be detected, localized, and diagnosed.
+ They also enable communication of PW defect states on the PW
+ attachment circuit. Note that this document uses the term OAM as
+ Operations and Management as per ITU-T I.610.
+
+ The interworking of OAM mechanisms for SS-PWs between ACs and PWs is
+ defined in [PWE3-OAM]. These enable defect states to be propagated
+ across a PWE3 network following the failure and recovery from faults.
+
+ OAM mechanisms for MS-PWs MUST provide at least the same capabilities
+ as those for SS-PWs. In addition, it should be possible to support
+ both segment and end-to-end OAM mechanisms for both defect
+ notifications and connectivity verification in order to allow defects
+ to be localized in a multi-segment network. That is, PW OAM segments
+ can be T-PE to T-PE, T-PE to S-PE, or S-PE to S-PE.
+
+ The following requirements apply to OAM for MS-PWs:
+
+ -i. Mechanisms for PW segment failure detection and notification
+ to other segments of an MS-PW MUST be provided.
+
+ -ii. MS-PW OAM SHOULD be supported end-to-end across the network.
+
+ -iii. Single ended monitoring SHOULD be supported for both
+ directions of the MS-PW.
+
+ -iv. SS-PW OAM mechanisms (e.g., [RFC5085]) SHOULD be extended to
+ support MS-PWs on both an end-to-end basis and segment basis.
+
+ -v. All PE routers along the MS-PW MUST agree on a common PW OAM
+ mechanism to use for the MS-PW.
+
+
+
+
+Bitar, et al. Informational [Page 19]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ -vi. At the S-PE, defects on an PSN tunnel MUST be propagated to
+ all PWs that utilize that particular PSN tunnel.
+
+ -vii. The directionality of defect notifications MUST be maintained
+ across the S-PE.
+
+ -viii. The S-PE SHOULD be able to behave as a segment endpoint for PW
+ OAM mechanisms.
+
+ -ix. The S-PE MUST be able to pass T-PE to T-PE PW OAM messages
+ transparently.
+
+ -x. Performance OAM is required for both MS-PWs and SS-PWs to
+ measure round-trip delay, one-way delay, jitter, and packet
+ loss ratio.
+
+6. Management of Multi-Segment Pseudowires
+
+ Each PWE3 approach that uses MS-PWs SHOULD provide some mechanisms
+ for network operators to manage the emulated service. Management
+ mechanisms for MS-PWs MUST provide at least the same capabilities as
+ those for SS-PWs, as defined in [RFC3916].
+
+ It SHOULD also be possible to manage the additional attributes for
+ MS-PWs. Since the operator that initiates the establishment of an
+ MS-PW may reside in a different PSN domain from the S-PEs and one of
+ the T-PEs along the path of the MS-PW, mechanisms for the remote
+ management of the MS-PW SHOULD be provided.
+
+ The following additional requirements apply:
+
+6.1. MIB Requirements
+
+ -i. MIB Tables MUST be designed to facilitate configuration and
+ provisioning of the MS-PW at the S-PEs and T-PEs.
+
+ -ii. The MIB(s) MUST facilitate inter-PSN configuration and
+ monitoring of the ACs.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 20]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+6.2. Management Interface Requirements
+
+ -i. Mechanisms MUST be provided to enable remote management of an
+ MS-PW at an S-PE or T-PE. It SHOULD be possible for these
+ mechanisms to operate across PSN domains. An example of a
+ commonly available mechanism is the command line interface
+ (CLI) over a telnet session.
+
+ -ii. For security or other reasons, it SHOULD be possible to
+ disable the remote management of an MS-PW.
+
+7. Security Considerations
+
+ This document specifies the requirements both for MS-PWs that can be
+ set up across domain boundaries administered by one or more service
+ providers (inter-provider MS-PWs), and for MS-PWs that are only set
+ up across one provider (intra-provider MS-PWs).
+
+7.1. Inter-Provider MS-PWs
+
+ The security requirements for MS-PW setup across domains administered
+ by one service provider are the same as those described under
+ security considerations in [RFC4447] and [RFC3916]. These
+ requirements also apply to inter-provider MS-PWs.
+
+ In addition, [RFC4111] identifies user and provider requirements for
+ L2 VPNs that apply to MS-PWs described in this document. In this
+ section, the focus is on the additional security requirements for
+ inter-provider operation of MS-PWs in both the control plane and data
+ plane, and some of these requirements may overlap with those in
+ [RFC4111].
+
+7.1.1. Data-Plane Security Requirements
+
+ By security in the "data plane", we mean protection against the
+ following possibilities:
+
+ -i. Packets from within an MS-PW traveling to a PE or an AC to
+ which the PW is not intended to be connected, other than in a
+ manner consistent with the policies of the MS-PW.
+
+ -ii. Packets from outside an MS-PW entering the MS-PW, other than
+ in a manner consistent with the policies of the MS-PW.
+
+ MS-PWs that cross service provider (SP) domain boundaries may connect
+ one T-PE in a SP domain to a T-PE in another provider domain. They
+ may also transit other provider domains even if the two T-PEs are
+ under the control of one SP. Under these scenarios, there is a
+
+
+
+Bitar, et al. Informational [Page 21]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ chance that one or more PDUs could be falsely inserted into an MS-PW
+ at any of the originating, terminating, or transit domains. Such
+ false injection can be the result of a malicious attack or fault in
+ the S-PE. Solutions MAY provide mechanisms for ensuring the
+ end-to-end authenticity of MS-PW PDUs.
+
+ The data plane security requirements at a service provider border for
+ MS-PWs are similar to those for inter-provider BGP/MPLS IP Virtual
+ Private Networks [RFC4364]. In particular, an S-PE or T-PE SHOULD
+ discard a packet received from a particular neighbor over the service
+ provider border unless one of the following two conditions holds:
+
+ -i. Any MPLS label processed at the receiving S-PE or T-PE, such
+ the PSN tunnel label or the PW label has a label value that
+ the receiving system has distributed to that neighbor; or
+
+ -ii. Any MPLS label processed at the receiving S-PE or T-PE, such
+ as the PSN tunnel label or the PW label has a label value that
+ the receiving S-PE or T-PE has previously distributed to the
+ peer S-PE or T-PE beyond that neighbor (i.e., when it is known
+ that the path from the system to which the label was
+ distributed to the receiving system is via that neighbor).
+
+ One of the domains crossed by an MS-PW may decide to selectively
+ mirror the PDUs of an MS-PW for eavesdropping purposes. It may also
+ decide to selectively hijack the PDUs of an MS-PW by directing the
+ PDUs away from their destination. In either case, the privacy of an
+ MS-PW can be violated.
+
+ Some types of PWs make assumptions about the security of the
+ underlying PSN. The minimal security provided by an MPLS PSN might
+ not be sufficient to meet the security requirements expected by the
+ applications using the MS-PW. This document does not place any
+ requirements on protecting the privacy of an MS-PW PDU via
+ encryption. However, encryption may be required at a higher layer in
+ the protocol stack, based on the application or network requirements.
+
+ The data plane of an S-PE at a domain boundary MUST be able to police
+ incoming MS-PW traffic to the MS-PW traffic parameters or to an
+ administratively configured profile. The option to enable/disable
+ policing MUST be provided to the network administrator. This is to
+ ensure that an MS-PW or a group of MS-PWs do not grab more resources
+ than they are allocated. In addition, the data plane of an S-PE MUST
+ be able to police OAM messages to a pre-configured traffic profile or
+ to filter out these messages upon administrative configuration.
+
+
+
+
+
+
+Bitar, et al. Informational [Page 22]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ An ingress S-PE MUST ensure that an MS-PW receives the CoS treatment
+ configured or signaled for that MS-PW at the S-PE. Specifically, an
+ S-PE MUST guard against packets marked in the exp bits or IP-header
+ Differentiated Services (DS) field (depending on the PSN) for a
+ better CoS than they should receive.
+
+ An ingress S-PE MUST be able to define per-interface or
+ interface-group (a group may correspond to interfaces to a peer-
+ provider) label space for MPLS-PWs. An S-PE MUST be configurable not
+ to accept labeled packets from another provider unless the bottom
+ label is a PW-label assigned by the S-PE on the interface on which
+ the packet arrived.
+
+ Data plane security considerations for SS-PWs specified in [RFC3985]
+ also apply to MS-PWs.
+
+7.1.2. Control-Plane Security Requirements
+
+ An MS-PW connects two attachment circuits. It is important to make
+ sure that PW connections are not arbitrarily accepted from anywhere,
+ or else a local attachment circuit might get connected to an
+ arbitrary remote attachment circuit. The fault in the connection can
+ start at a remote T-PE or an S-PE.
+
+ Where a PW segment crosses a border between one provider and another
+ provider, the PW segment endpoints (S-PEs) SHOULD be on ASBRs
+ interconnecting the two providers. Directly interconnecting the
+ S-PEs using a physically secure link, and enabling signaling and
+ routing authentication between the S-PEs, eliminates the possibility
+ of receiving an MS-PW signaling message or packet from an untrusted
+ peer. Other configurations are possible. For example, P routers for
+ the PSN tunnel between the adjacent S-PEs/T-PEs may reside on the
+ ASBRs. In which case, the S-PEs/T-PEs MUST satisfy themselves of the
+ security and privacy of the path.
+
+ The configuration and maintenance protocol MUST provide a strong
+ authentication and control protocol data protection mechanism. This
+ option MUST be implemented, but it should be deployed according to
+ the specific PSN environment requirements. Furthermore,
+ authentication using a signature for each individual MS-PW setup
+ message MUST be available, in addition to an overall control protocol
+ session authentication and message validation.
+
+ Since S-PEs in different provider networks SHOULD reside at each end
+ of a physically secure link, or be interconnected by a limited number
+ of trusted PSN tunnels, each S-PE will have a trust relationship with
+ only a limited number of S-PEs in other ASs. Thus, it is expected
+ that current security mechanisms based on manual key management will
+
+
+
+Bitar, et al. Informational [Page 23]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ be sufficient. If deployment situations arise that require large
+ scale connection to S-PEs in other ASs, then a mechanism based on RFC
+ 4107 [RFC4107] MUST be developed.
+
+ Peer authentication protects against IP address spoofing but does not
+ prevent one peer (S-PE or T-PE) from connecting to the wrong
+ attachment circuit. Under a single administrative authority, this
+ may be the result of a misconfiguration. When the MS-PW crosses
+ multiple provider domains, this may be the result of a malicious act
+ by a service provider or a security hole in that provider network.
+ Static manual configuration of MS-PWs at S-PEs and T-PEs provides a
+ greater degree of security. If an identification of both ends of an
+ MS-PW is configured and carried in the signaling message, an S-PE can
+ verify the signaling message against the configuration. To support
+ dynamic signaling of MS-PWs, whereby only endpoints are provisioned
+ and S-PEs are dynamically discovered, mechanisms SHOULD be provided
+ to configure such information on a server and to use that information
+ during a connection attempt for validation.
+
+ An incoming MS-PW request/reply MUST NOT be accepted unless its IP
+ source address is known to be the source of an "eligible" peer. An
+ eligible peer is an S-PE or a T-PE with which the originating S-PE or
+ T-PE has a trust relationship. The number of such trusted T-PEs or
+ S-PEs is bounded and not anticipated to create a scaling issue for
+ the control plane authentication mechanisms.
+
+ If a peering adjacency has to be established prior to exchanging
+ setup requests/responses, peering MUST only be done with eligible
+ peers. The set of eligible peers could be pre-configured (either as
+ a list of IP addresses, or as a list of address/mask combinations) or
+ automatically generated from the local PW configuration information.
+
+ Furthermore, the restriction of peering sessions to specific
+ interfaces MUST also be provided. The S-PE and T-PE MUST drop the
+ unaccepted signaling messages in the data path to avoid a
+ Denial-of-Service (DoS) attack on the control plane.
+
+ Even if a connection request appears to come from an eligible peer,
+ its source address may have been spoofed. Thus, means of preventing
+ source address spoofing must be in place. For example, if eligible
+ peers are in the same network, source address filtering at the border
+ routers of that network could eliminate the possibility of source
+ address spoofing.
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 24]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ S-PEs that connect one provider domain to another provider domain
+ MUST have the capability to rate-limit signaling traffic in order to
+ prevent DoS attacks on the control plane. Furthermore, detection and
+ disposition of malformed packets and defense against various forms of
+ attacks that can be protocol-specific MUST be provided.
+
+7.2. Intra-Provider MS-PWs
+
+ Security requirements for pseudowires are provided in [RFC3916].
+ These requirements also apply to MS-PWs.
+
+ MS-PWs are intended to enable many more PEs to provide PWE3 services
+ in a given service provider network than traditional SS-PWs,
+ particularly in access and metro environments where the PE may be
+ situated closer to the ultimate endpoint of the service. In order to
+ limit the impact of a compromise of one T-PE in a service provider
+ network, the data path security requirements for inter-provider
+ MS-PWs also apply to intra-provider MS-PWs in such cases.
+
+8. Acknowledgments
+
+ The editors gratefully acknowledge the following contributors:
+ Dimitri Papadimitriou (Alcatel-Lucent), Peter Busschbach
+ (Alcatel-Lucent), Sasha Vainshtein (Axerra), Richard Spencer (British
+ Telecom), Simon Delord (France Telecom), Deborah Brungard (AT&T),
+ David McDysan (Verizon), Rahul Aggarwal (Juniper), Du Ke (ZTE),
+ Cagatay Buyukkoc (ZTE), and Stewart Bryant (Cisco).
+
+9. References
+
+9.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC3916] Xiao, X., Ed., McPherson, D., Ed., and P. Pate, Ed.,
+ "Requirements for Pseudo-Wire Emulation Edge-to-Edge
+ (PWE3)", RFC 3916, September 2004.
+
+ [RFC3985] Bryant, S., Ed., and P. Pate, Ed., "Pseudo Wire Emulation
+ Edge-to-Edge (PWE3) Architecture", RFC 3985, March 2005.
+
+9.2. Informative References
+
+ [i610] Recommendation I.610 "B-ISDN operation and maintenance
+ principles and functions", February 1999.
+
+
+
+
+
+Bitar, et al. Informational [Page 25]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+ [RFC5085] Nadeau, T., Ed., and C. Pignataro, Ed., "Pseudowire
+ Virtual Circuit Connectivity Verification (VCCV): A
+ Control Channel for Pseudowires", RFC 5085, December 2007.
+
+ [RFC4447] Martini, L., Ed., Rosen, E., El-Aawar, N., Smith, T., and
+ G. Heron, "Pseudowire Setup and Maintenance Using the
+ Label Distribution Protocol (LDP)", RFC 4447, April 2006.
+
+ [RFC4111] Fang, L., Ed., "Security Framework for Provider-
+ Provisioned Virtual Private Networks (PPVPNs)", RFC 4111,
+ July 2005.
+
+ [PWE3-OAM] Nadeau, T., Ed., Morrow, M., Ed., Busschbach, P., Ed.,
+ Alissaoui, M.,Ed., D. Allen, Ed., "Pseudo Wire (PW) OAM
+ Message Mapping", Work in Progress, March 2005.
+
+ [RFC2914] Floyd, S., "Congestion Control Principles", BCP 41, RFC
+ 2914, September 2000.
+
+ [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
+ Networks (VPNs)", RFC 4364, February 2006.
+
+ [RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic
+ Key Management", BCP 107, RFC 4107, June 2005.
+
+Authors' Addresses
+
+ Nabil Bitar
+ Verizon
+ 117 West Street
+ Waltham, MA 02145
+ EMail: nabil.n.bitar@verizon.com
+
+
+ Matthew Bocci
+ Alcatel-Lucent Telecom Ltd,
+ Voyager Place
+ Shoppenhangers Road
+ Maidenhead
+ Berks, UK
+ EMail: matthew.bocci@alcatel-lucent.co.uk
+
+
+ Luca Martini
+ Cisco Systems, Inc.
+ 9155 East Nichols Avenue, Suite 400
+ Englewood, CO, 80112
+ EMail: lmartini@cisco.com
+
+
+
+Bitar, et al. Informational [Page 26]
+
+RFC 5254 Requirements for Multi-Segment PWE3 October 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+Bitar, et al. Informational [Page 27]
+