From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc6378.txt | 2523 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2523 insertions(+) create mode 100644 doc/rfc/rfc6378.txt (limited to 'doc/rfc/rfc6378.txt') diff --git a/doc/rfc/rfc6378.txt b/doc/rfc/rfc6378.txt new file mode 100644 index 0000000..e18718d --- /dev/null +++ b/doc/rfc/rfc6378.txt @@ -0,0 +1,2523 @@ + + + + + + +Internet Engineering Task Force (IETF) Y. Weingarten, Ed. +Request for Comments: 6378 Nokia Siemens Networks +Category: Standards Track S. Bryant +ISSN: 2070-1721 E. Osborne + Cisco + N. Sprecher + Nokia Siemens Networks + A. Fulignoli, Ed. + Ericsson + October 2011 + + + MPLS Transport Profile (MPLS-TP) Linear Protection + +Abstract + + This document is a product of a joint Internet Engineering Task Force + (IETF) / International Telecommunications Union Telecommunications + Standardization Sector (ITU-T) effort to include an MPLS Transport + Profile within the IETF MPLS and Pseudowire Emulation Edge-to-Edge + (PWE3) architectures to support the capabilities and functionalities + of a packet transport network as defined by the ITU-T. + + This document addresses the functionality described in the MPLS-TP + Survivability Framework document (RFC 6372) and defines a protocol + that may be used to fulfill the function of the Protection State + Coordination for linear protection, as described in that document. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc6378. + + + + + + + + + + +Weingarten, et al. Standards Track [Page 1] + +RFC 6378 MPLS-TP LP October 2011 + + +Copyright Notice + + Copyright (c) 2011 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + This document may contain material from IETF Documents or IETF + Contributions published or made publicly available before November + 10, 2008. The person(s) controlling the copyright in some of this + material may not have granted the IETF Trust the right to allow + modifications of such material outside the IETF Standards Process. + Without obtaining an adequate license from the person(s) controlling + the copyright in such materials, this document may not be modified + outside the IETF Standards Process, and derivative works of it may + not be created outside the IETF Standards Process, except to format + it for publication as an RFC or to translate it into languages other + than English. + + + + + + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 2] + +RFC 6378 MPLS-TP LP October 2011 + + +Table of Contents + + 1. Introduction ....................................................4 + 1.1. Protection Architectures ...................................4 + 1.2. Scope of the Document ......................................5 + 2. Conventions Used in This Document ...............................6 + 2.1. Acronyms ...................................................6 + 2.2. Definitions and Terminology ................................7 + 3. Protection State Control Logic ..................................7 + 3.1. Local Request Logic ........................................9 + 3.2. Remote Requests ...........................................11 + 3.3. PSC Control Logic .........................................12 + 3.4. PSC Message Generator .....................................12 + 3.5. Wait-to-Restore (WTR) Timer ...............................12 + 3.6. PSC Control States ........................................13 + 3.6.1. Local and Remote State .............................14 + 4. Protection State Coordination (PSC) Protocol ...................14 + 4.1. Transmission and Acceptance of PSC Control Packets ........15 + 4.2. Protocol Format ...........................................16 + 4.2.1. PSC Ver Field ......................................16 + 4.2.2. PSC Request Field ..................................17 + 4.2.3. Protection Type (PT) Field .........................18 + 4.2.4. Revertive (R) Field ................................18 + 4.2.5. Fault Path (FPath) Field ...........................19 + 4.2.6. Data Path (Path) Field .............................19 + 4.2.7. Additional TLV Information .........................19 + 4.3. Principles of Operation ...................................20 + 4.3.1. Basic Operation ....................................20 + 4.3.2. Priority of Inputs .................................21 + 4.3.3. Operation of PSC States ............................22 + 5. IANA Considerations ............................................33 + 5.1. Pseudowire Associated Channel Type ........................33 + 5.2. PSC Request Field .........................................33 + 5.3. Additional TLVs ...........................................34 + 6. Security Considerations ........................................34 + 7. Acknowledgements ...............................................35 + 8. Contributing Authors ...........................................36 + 9. References .....................................................37 + 9.1. Normative References ......................................37 + 9.2. Informative References ....................................37 + Appendix A. PSC State Machine Tables ..............................39 + Appendix B. Exercising the Protection Domain ......................44 + + + + + + + + + +Weingarten, et al. Standards Track [Page 3] + +RFC 6378 MPLS-TP LP October 2011 + + +1. Introduction + + The MPLS Transport Profile (MPLS-TP) [RFC5921] is a framework for the + construction and operation of packet-switched transport networks + based on the architectures for MPLS ([RFC3031] and [RFC3032]) and for + Pseudowires (PWs) ([RFC3985] and [RFC5659]) and the requirements of + [RFC5654]. + + Network survivability is the ability of a network to recover traffic + delivery following failure, or degradation, of network resources. + The MPLS-TP Survivability Framework [RFC6372] is a framework for + survivability in MPLS-TP networks, and describes recovery elements, + types, methods, and topological considerations, focusing on + mechanisms for recovering MPLS-TP Label Switched Paths (LSPs). + + Linear protection in mesh networks -- networks with arbitrary + interconnectivity between nodes -- is described in Section 4.7 of + [RFC6372]. Linear protection provides rapid and simple protection + switching. In a mesh network, linear protection provides a very + suitable protection mechanism because it can operate between any pair + of points within the network. It can protect against a defect in an + intermediate node, a span, a transport path segment, or an end-to-end + transport path. + +1.1. Protection Architectures + + Protection switching is a fully allocated survivability mechanism. + It is fully allocated in the sense that the route and resources of + the protection path are reserved for a selected working path or set + of working paths. It provides a fast and simple survivability + mechanism that allows the network operator to easily grasp the active + state of the network and that can operate between any pair of points + within the network. + + As described in the Survivability Framework document [RFC6372], + protection switching is applied to a protection domain. For the + purposes of this document, we define the protection domain of a + point-to-point LSP as consisting of two Label Edge Routers (LERs) and + the transport paths that connect them (see Figure 3). For a point- + to-multipoint LSP, the protection domain includes the root (or + source) LER, the destination (or sink) LERs, and the transport paths + that connect them. + + In 1+1 unidirectional architecture as presented in [RFC6372], a + protection transport path is dedicated to the working transport path. + Normal traffic is bridged (as defined in [RFC4427]) and fed to both + the working and the protection paths by a permanent bridge at the + source of the protection domain. The sink of the protection domain + + + +Weingarten, et al. Standards Track [Page 4] + +RFC 6378 MPLS-TP LP October 2011 + + + uses a selector to choose either the working or protection path from + which to receive the traffic, based on predetermined criteria, e.g., + server defect indication. When used for bidirectional switching the + 1+1 protection architecture must also support a Protection State + Coordination (PSC) protocol. This protocol is used to help + coordinate between both ends of the protection domain in selecting + the proper traffic flow. + + In the 1:1 architecture, a protection transport path is dedicated to + the working transport path of a single service, and the traffic is + only transmitted on either the working or the protection path, by + using a selector at the source of the protection domain. A selector + at the sink of the protection domain then selects the path that + carries the normal traffic. Since the source and sink need to be + coordinated to ensure that the selector at both ends select the same + path, this architecture must support a PSC protocol. + + The 1:n protection architecture extends the 1:1 architecture above by + sharing the protection path among n services. Again, the protection + path is fully allocated and disjoint from any of the n working + transport paths that it is being used to protect. The normal data + traffic for each service is transmitted either on the normal working + path for that service or, in cases that trigger protection switching + (as listed in [RFC6372]), may be sent on the protection path. The + switching action is similar to the 1:1 case where a selector is used + at the source. In cases where multiple working path services have + triggered protection switching, it should be noted that some + services, dependent upon their Service Level Agreement (SLA), may not + be transmitted as a result of limited resources on the protection + path. In this architecture, there may be a need for coordination of + the protection switching and for resource allocation negotiation. + The procedures for this are for further study and may be addressed in + future documents. + +1.2. Scope of the Document + + As was pointed out in the Survivability Framework [RFC6372] and + highlighted above, there is a need for coordination between the end + points of the protection domain when employing bidirectional + protection schemes. This is especially true when there is a need to + verify that the traffic continues to be transported on a + bidirectional LSP that is co-routed. + + The scope of this document is to present a protocol for the + Protection State Coordination of Linear Protection. The protocol + addresses the protection of LSPs in an MPLS-TP network as required by + [RFC5654] (in particular, requirements 63-65 and 74-79) and described + in [RFC6372]. The basic protocol is designed for use in conjunction + + + +Weingarten, et al. Standards Track [Page 5] + +RFC 6378 MPLS-TP LP October 2011 + + + with the 1:1 protection architecture, bidirectional protection, and + for 1+1 protection of a bidirectional path (for both unidirectional + and bidirectional protection switching). Applicability of the + protocol for 1:1 unidirectional protection and for 1:n protection + schemes may be documented in a future document and is out of scope + for this document. The applicability of this protocol to additional + MPLS-TP constructs and topologies may be documented in future + documents. + + While the unidirectional 1+1 protection architecture does not require + the use of a coordination protocol, the protocol may be used by the + ingress node of the path to notify the far-side end point that a + switching condition has occurred and verify the consistency of the + end-point configuration. This use may be especially useful for + point-to-multipoint transport paths, that are unidirectional by + definition of [RFC5654]. The use of this protocol for point-to- + multipoint paths is out of scope for this document and may be + addressed in a future applicability document. + +2. Conventions Used in This Document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +2.1. Acronyms + + This document uses the following acronyms: + + CT Channel Type + DNR Do-not-Revert + FS Forced Switch + G-ACh Generic Associated Channel + LER Label Edge Router + LO Lockout of protection + LSR Label Switching Router + MEG Managed Entity Group + MEP MEG End Point + MPLS-TP Transport Profile for MPLS + MS Manual Switch + NR No Request + OAM Operations, Administration, and Maintenance + PSC Protection State Coordination Protocol + S-PE Switching Provider Edge + SD Signal Degrade + SF Signal Fail + SFc Clear Signal Fail + SLA Service Level Agreement + + + +Weingarten, et al. Standards Track [Page 6] + +RFC 6378 MPLS-TP LP October 2011 + + + T-PE Terminating Provider Edge + WTR Wait-to-Restore + +2.2. Definitions and Terminology + + The terminology used in this document is based on the terminology + defined in [RFC4427] and further adapted for MPLS-TP in [RFC6372]. + In addition, we use the term "LER" to refer to an MPLS-TP Network + Element, whether it is an LSR, LER, T-PE, or S-PE. + +3. Protection State Control Logic + + Protection switching processes the local triggers described in + requirements 74-79 of [RFC5654] together with inputs received from + the far-end LER. Based on these inputs, the LER will take certain + protection switching actions, e.g., switching the selector to + transmit on the working or protection path for 1:1 protection or + switching the selector to receive the traffic for either 1:1 or 1+1 + protection and transmit different protocol messages. + + The following figure shows the logical decomposition of the + Protection State Control logic into different logical processing + units. These processing units are presented in subsequent + subsections of this document. This logical decomposition is only + intended for descriptive purposes; any implementation that produces + the external behavior described in Section 4 is acceptable. + + + + + + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 7] + +RFC 6378 MPLS-TP LP October 2011 + + + Server Indication Control-Plane Indication + -----------------+ +------------- + Operator Command | | OAM Indication + ----------------+ | | +--------------- + | | | | + V V V V + +---------------+ +-------+ + | Local Request |<--------| WTR | + | logic |WTR Exps | Timer | + +---------------+ +-------+ + | ^ + Highest local|request | + V | Start/Stop + +-----------------+ | + Remote PSC | PSC Control |------------+ + ------------>| logic | + Request +-----------------+ + | + | Action +------------+ + +---------------->| Message | + | Generator | + +------------+ + | + Output PSC | Message + V + + + Figure 1: Protection State Control Logic + + Figure 1 describes the logical architecture of the protection + switching control. The Local Request logic unit accepts the triggers + from the OAM, server layer, external operator commands, local control + plane (when present), and the Wait-to-Restore timer. By considering + all of these local request sources, it determines the highest + priority local request. This high-priority request is passed to the + PSC Control logic, that will cross-check this local request with the + information received from the far-end LER. The PSC Control logic + uses this input to determine what actions need to be taken, e.g., + local actions at the LER, or what message should be sent to the far- + end LER, and the current status of the protection domain. + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 8] + +RFC 6378 MPLS-TP LP October 2011 + + +3.1. Local Request Logic + + The Local Request logic processes input triggers from five sources. + + o Operator command - the network operator may issue local + administrative commands on the LER that trigger protection + switching. The commands Forced Switch, Manual Switch, Clear, + Lockout of protection (defined in [RFC4427] as Forced switch-over, + Manual switch-over, Clear, and Lockout of recovery LSP/span, + respectively) MUST be supported. An implementation MAY provide + additional commands for operator use; providing that these + commands do not introduce incompatible behavior between two + arbitrary implementations, they are outside the scope of this + document. For example, an implementation could provide a command + to manually set off a "WTR Expires" trigger (see below) input + without waiting for the duration of the WTR timer; as this merely + hastens the transition from one state to another and has no impact + on the state machine itself, it would be perfectly valid. + + o Server-layer alarm indication - the underlying server layer of the + network detects failure conditions at the underlying layer and may + issue an indication to the MPLS-TP layer. The server layer may + employ its own protection switching mechanism; therefore, this + input MAY be controlled by a hold-off timer that SHOULD be + configurable by the network operator. The hold-off timer is + described in greater detail in [RFC6372]. + + o Control-Plane Indication - if there is a control plane active in + the network (either signaling or routing), it MAY trigger + protection switching based on conditions detected by the control + plane. If the control plane is based on GMPLS [RFC3945], then the + recovery process SHALL comply with the process described in + [RFC4872] and [RFC4873]. + + o OAM indication - OAM fault management or performance measurement + tools may detect a failure or degrade condition on either the + working or protection transport path, and this MUST input an + indication to the Local Request logic. + + o WTR Expires - The Wait-to-Restore timer is used in conjunction + with recovery from failure conditions on the working path in + revertive mode. The timer SHALL signal the PSC control process + when it expires, and the end point SHALL revert to the normal + transmission of the user data traffic. + + The input from these sources SHOULD be retained persistently for the + duration of the condition that initiated the trigger. The Local + Request logic processes these different input sources and, based on + + + +Weingarten, et al. Standards Track [Page 9] + +RFC 6378 MPLS-TP LP October 2011 + + + the priorities between them (see Section 4.3.2), produces a current + local request. If more than one local input source generates a + trigger, then the Local Request logic selects the higher priority + indicator and ignores any lower priority indicator. As a result, + there is a single current local request that is passed to the PSC + Control logic. The different local requests that may be output from + the Local Request logic are as follows: + + o Clear - if the operator cancels an active local administrative + command, i.e., LO/FS/MS. + + o Lockout of protection (LO) - if the operator requested to prevent + switching data traffic to the protection path, for any purpose. + + o Signal Fail (SF) - if any of the server-layer, control-plane, or + OAM indications signaled a failure condition on either the + protection path or one of the working paths. + + o Signal Degrade (SD) - if any of the server-layer, control-plane, + or OAM indications signaled a degraded transmission condition on + either the protection path or one of the working paths. The + determination and actions for SD are for further study and may + appear in a separate document. All references to SD input are + placeholders for this extension. + + o Clear Signal Fail (SFc) - if all of the server-layer, control- + plane, or OAM indications are no longer indicating a failure + condition on a path that was previously indicating a failure + condition. + + o Forced Switch (FS) - if the operator requested that traffic be + switched from one of the working paths to the protection path. + + o Manual Switch (MS) - if the operator requested that traffic be + switched from the working path to the protection path. This is + only relevant if there is no currently active fault condition or + operator command. + + o WTR Expires (WTRExp) - generated by the WTR timer completing its + period. + + If none of the input sources have generated any triggers, then the + Local Request logic should generate a No Request (NR) as the current + local request. + + + + + + + +Weingarten, et al. Standards Track [Page 10] + +RFC 6378 MPLS-TP LP October 2011 + + +3.2. Remote Requests + + In addition to the local requests, generated as a result of the local + triggers, indicated in the previous subsection, the PSC Control logic + SHALL accept PSC messages from the far-end LER of the transport path. + Remote messages indicate the status of the transport path from the + viewpoint of the far-end LER. These messages may drive state changes + on the local MEP, as defined later in this document. When using 1+1 + unidirectional protection, an LER that receives a remote request + SHALL NOT perform any protection switching action, i.e., will + continue to select traffic from the working path and transport + traffic on both paths. + + The following remote requests may be received by the PSC process: + + o Remote LO - indicates that the remote end point is in Unavailable + state due to a Lockout of protection operator command. + + o Remote SF - indicates that the remote end point has detected a + Signal Fail condition on one of the transport paths in the + protection domain. This remote message includes an indication of + which transport path is affected by the SF condition. In + addition, it should be noted that the SF condition may be either a + unidirectional or a bidirectional failure, even if the transport + path is bidirectional. + + o Remote SD - indicates that the remote end point has detected a + Signal Degrade condition on one of the transport paths in the + protection domain. This remote message includes an indication of + which transport path is affected by the SD condition. In + addition, it should be noted that the SD condition may be either a + unidirectional or a bidirectional failure, even if the transport + path is bidirectional. + + o Remote FS - indicates that the remote end point is operating under + an operator command to switch the traffic to the protection path. + + o Remote MS - indicates that the remote end point is operating under + an operator command to switch the traffic from the working path to + the protection path. + + o Remote WTR - indicates that the remote end point has determined + that the failure condition has recovered and has started its WTR + timer in preparation for reverting to the Normal state. + + + + + + + +Weingarten, et al. Standards Track [Page 11] + +RFC 6378 MPLS-TP LP October 2011 + + + o Remote DNR - indicates that the remote end point has determined + that the failure condition has recovered and will continue + transporting traffic on the protection path due to operator + configuration that prevents automatic reversion to the Normal + state. + + o Remote NR - indicates that the remote end point has no abnormal + condition to report. + +3.3. PSC Control Logic + + The PSC Control logic accepts the following input: + + a. the current local request output from the Local Request logic + (see Section 3.1), + + b. the remote request message from the remote end point of the + transport path (see Section 3.2), and + + c. the current state of the PSC Control logic (maintained internally + by the PSC Control logic). + + Based on the priorities between the different inputs, the PSC Control + logic determines the new state of the PSC Control logic and what + actions need to be taken. + + The new state information is retained by the PSC Control logic, while + the requested action should be sent to the PSC Message Generator (see + Section 3.4) to generate and transmit the proper PSC message to be + transmitted to the remote end point of the protection domain. + +3.4. PSC Message Generator + + Based on the action output from the PSC Control logic, this unit + formats the PSC protocol message that is transmitted to the remote + end point of the protection domain. This message may either be the + same as the previously transmitted message or change when the PSC + control state (see Section 3.6) has changed. The messages are + transmitted as described in Section 4.1 of this document. + +3.5. Wait-to-Restore (WTR) Timer + + The WTR timer is used to delay reversion to Normal state when + recovering from a failure condition on the working path and the + protection domain is configured for revertive behavior. The length + of the timer may be provisioned by the operator. The WTR may be in + + + + + +Weingarten, et al. Standards Track [Page 12] + +RFC 6378 MPLS-TP LP October 2011 + + + one of two states: Running or Stopped. The control of the WTR timer + is managed by the PSC Control logic, by use of internal signals to + start and stop, i.e., reset, the WTR timer. + + If the WTR timer expires prior to being stopped, it SHALL generate a + WTR Expires local signal that is processed by the Local Request + logic. If the WTR timer is running, sending a Stop command SHALL + reset the timer, and put the WTR timer into Stopped state, but SHALL + NOT generate a WTR Expires local signal. If the WTR timer is + stopped, a Stop command SHALL be ignored. + +3.6. PSC Control States + + The PSC Control logic should maintain information on the current + state of the protection domain. Information on the state of the + domain is maintained by each LER within the protection domain. The + state information would include information of the current state of + the protection domain, an indication of the cause for the current + state (e.g., unavailable due to local LO command, protecting due to + remote FS), and, for each LER, should include an indication if the + state is related to a remote or local condition. + + It should be noted that when referring to the "transport" of the data + traffic, in the following descriptions and later in the document that + the data will be transmitted on both the working and the protection + paths when using 1+1 protection, and on either the working or the + protection path exclusively when using 1:1 protection. When using + 1+1 protection, the receiving LER should select the proper + transmission, according to the state of the protection domain. + + The protection domain states that are supported by the PSC Control + logic are as follows: + + o Normal state - Both the protection and working paths are fully + allocated and active, data traffic is being transported over (or + selected from) the working path, and no trigger events are + reported within the domain. + + o Unavailable state - The protection path is unavailable -- either + as a result of an operator Lockout command or a failure condition + detected on the protection path. + + o Protecting failure state - The working path has reported a + failure/degrade condition and the user traffic is being + transported (or selected) on the protection path. + + o Protecting administrative state - The operator has issued a + command switching the user traffic to the protection path. + + + +Weingarten, et al. Standards Track [Page 13] + +RFC 6378 MPLS-TP LP October 2011 + + + o Wait-to-Restore state - The protection domain is recovering from + an SF/SD condition on the working path that is being controlled by + the Wait-to-Restore (WTR) timer. + + o Do-not-Revert state - The protection domain has recovered from a + Protecting state, but the operator has configured the protection + domain not to automatically revert to the Normal state upon + recovery. The protection domain SHALL remain in this state until + the operator issues a command to revert to the Normal state or + there is a new trigger to switch to a different state. + + See Section 4.3.3 for details on what actions are taken by the PSC + Process logic for each state and the relevant input. + +3.6.1. Local and Remote State + + An end point may be in a given state as a result of either a local + input indicator (e.g., OAM, WTR timer) or as a result of receiving a + PSC message from the far-end LER. If the state is entered as a + result of a local input indicator, then the state is considered a + local state. If the state is entered as a result of a PSC message, + in the absence of a local input, then the state is considered a + remote state. This differentiation affects how the LER reacts to + different inputs, as described in Section 4.3.3. The PSC Control + logic should maintain, together with the current protection domain + state, an indication of whether this is a local or remote state, for + this LER. + + In any instance where the LER has both a local and remote indicator + that cause the protection domain to enter a particular state, then + the state is considered a local state, regardless of the order in + which the indicators were processed. If, however, the LER has local + and remote indicators that would cause the protection domain to enter + different states, e.g., a local SF on working and a remote Lockout of + protection message, then the input with the higher priority (see + Section 4.3.2) will be the deciding factor and the source of that + indicator will determine whether it is local or remote. In the given + example, the result would be a Remote Unavailable state transmitting + PSC messages that indicate an SF condition on the working path and + that the protection path is not being used to transport protected + traffic (as described in the next section). + +4. Protection State Coordination (PSC) Protocol + + Bidirectional protection switching, as well as unidirectional 1:1 + protection, requires coordination between the two end points in + determining which of the two possible paths, the working or + protection path, is transmitting the data traffic in any given + + + +Weingarten, et al. Standards Track [Page 14] + +RFC 6378 MPLS-TP LP October 2011 + + + situation. When protection switching is triggered as described in + Section 3, the end points must inform each other of the switchover + from one path to the other in a coordinated fashion. + + There are different possibilities for the type of coordinating + protocol. One possibility is a two-phased coordination in which the + LER that is initiating the protection switching sends a protocol + message indicating the switch but the actual switchover is performed + only after receiving an 'Ack' from the far-end LER. The other + possibility is a single-phased coordination, in which the initiating + LER performs the protection switchover to the alternate path and + informs the far-end LER of the switch, and the far-end LER will + complete the switchover. + + This protocol is a single-phased protocol, as described above. In + the following subsections, we describe the protocol messages that are + used between the two end points of the protection domain. + +4.1. Transmission and Acceptance of PSC Control Packets + + The PSC control packets SHALL be transmitted over the protection path + only. This allows the transmission of the messages without affecting + the normal data traffic in the most prevalent case, i.e., the Normal + state. In addition, limiting the transmission to a single path + avoids possible conflicts and race conditions that could develop if + the PSC messages were sent on both paths. + + When the protection domain state is changed due to a local input, + three PSC messages SHALL be transmitted as quickly as possible, to + allow for rapid protection switching. This set of three rapid + messages allows for fast protection switching even if one or two of + these packets are lost or corrupted. When the protection domain + state changes due to a remote message, the LER SHOULD send the three + rapid messages. However, when the LER transfers from WTR state to + Normal state as a result of a remote NR message, the three rapid + messages SHALL be transmitted. After the transmission of the three + rapid messages, the LER MUST retransmit the most recently transmitted + PSC message on a continual basis. + + Both the default frequency of the three rapid messages as well as the + default frequency of the continual message transmission SHALL be + configurable by the operator. The actual frequencies used MAY be + configurable, at the time of establishment, for each individual + protected LSP. For management purposes, the operator SHOULD be able + to retrieve the current default frequency values as well as the + actual values for any specific LSP. For protection switching within + 50 ms, it is RECOMMENDED that the default interval of the first three + rapid PSC messages SHOULD be no longer than 3.3 ms. Using this + + + +Weingarten, et al. Standards Track [Page 15] + +RFC 6378 MPLS-TP LP October 2011 + + + frequency would allow the far-end to be guaranteed of receiving the + trigger indication within 10 ms and completion of the switching + operation within 50 ms. Subsequent messages SHOULD be continuously + transmitted with a default interval of 5 seconds. The purpose of the + continual messages is to verify that the PSC session is still alive. + + If no valid PSC message is received, over a period of several + continual messages intervals, the last valid received message remains + applicable. + +4.2. Protocol Format + + The protocol messages SHALL be sent over the G-ACh as described in + [RFC5586]. There is a single channel type for the set of PSC + messages. The actual message function SHALL be identified by the + Request field of the ACH payload as described below. + + The channel type for the PSC messages SHALL be PSC-CT=0x0024. + + The following figure shows the format for the complete PSC message. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |0 0 0 1|Version| Reserved | PSC-CT | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |Ver|Request|PT |R| Reserved1 | FPath | Path | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | TLV Length | Reserved2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Optional TLVs ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 2: Format of PSC Packet with a G-ACh Header + + Where: + + o Both Reserved1 and Reserved2 fields MUST be set to 0 and ignored + upon receipt. + + o The following subsections describe the remaining fields of the PSC + payload. + +4.2.1. PSC Ver Field + + The Ver field identifies the version of the protocol. For this + version of the document, the value SHALL be 1. + + + + +Weingarten, et al. Standards Track [Page 16] + +RFC 6378 MPLS-TP LP October 2011 + + +4.2.2. PSC Request Field + + The PSC protocol SHALL support transmission of the following requests + between the two end points of the protection domain: + + o (14) Lockout of protection - indicates that the end point has + disabled the protection path as a result of an administrative + command. Both the FPath and Path fields SHALL be set to 0. + + o (12) Forced Switch - indicates that the transmitting end point has + switched traffic to the protection path as a result of an + administrative command. The FPath field SHALL indicate that the + working path is being blocked (i.e., FPath set to 1), and the Path + field SHALL indicate that user data traffic is being transported + on the protection path (i.e., Path set to 1). + + o (10) Signal Fail - indicates that the transmitting end point has + identified a signal fail condition on either the working or + protection path. The FPath field SHALL identify the path that is + reporting the failure condition (i.e., if protection path, then + FPath is set to 0; if working path, then FPath is set to 1), and + the Path field SHALL indicate where the data traffic is being + transported (i.e., if protection path is blocked, then Path is set + to 0; if working path is blocked, then Path is set to 1). + + o (7) Signal Degrade - indicates that the transmitting end point has + identified a degradation of the signal, or integrity of the packet + transmission on either the working or protection path. This + request is presented here only as a placeholder. The specifics + for the method of identifying this degradation is out of scope for + this document. The details of the actions to be taken for this + situation are left for future specification. + + o (5) Manual Switch - indicates that the transmitting end point has + switched traffic to the protection path as a result of an + administrative Manual Switch command. The FPath field SHALL + indicate that the working path is being blocked (i.e., FPath set + to 1), and the Path field SHALL indicate that user data traffic is + being transported on the protection path (i.e., Path set to 1). + + o (4) Wait-to-Restore - indicates that the transmitting end point is + recovering from a failure condition of the working path and has + started the Wait-to-Restore timer. FPath SHALL be set to 0 and + ignored upon receipt. Path SHALL indicate the working path that + is currently being protected (i.e., Path set to 1). + + + + + + +Weingarten, et al. Standards Track [Page 17] + +RFC 6378 MPLS-TP LP October 2011 + + + o (1) Do-not-Revert - indicates that the transmitting end point has + recovered from a failure/blocked condition, but due to the local + settings, is requesting that the protection domain continues to + transport the data as if it is in a protecting state, rather than + revert to the Normal state. FPath SHALL be set to 0 and ignored + upon receipt. Path SHALL indicate the working path that is + currently being protected (i.e., Path set to 1). + + o (0) No Request - indicates that the transmitting end point has + nothing to report, FPath and Path fields SHALL be set according to + the transmission state of the end point, see Section 4.3.3 for + detailed scenarios. + + All other values are for future extensions (to be administered by + IANA) and SHALL be ignored upon receipt. + +4.2.3. Protection Type (PT) Field + + The PT field indicates the currently configured protection + architecture type, this SHOULD be validated to be consistent for both + ends of the protection domain. If an inconsistency is detected, then + an alarm SHALL be sent to the management system. The following are + the possible values: + + o 3: bidirectional switching using a permanent bridge + + o 2: bidirectional switching using a selector bridge + + o 1: unidirectional switching using a permanent bridge + + o 0: for future extensions + + As described in the Introduction (Section 1.1) a 1+1 protection + architecture is characterized by the use of a permanent bridge at the + source node, whereas the 1:1 and 1:n protection architectures are + characterized by the use of a selector bridge at the source node. + +4.2.4. Revertive (R) Field + + This field indicates that the transmitting end point is configured to + work in revertive mode. If there is an inconsistency between the two + end points, i.e., one end point is configured for revertive action + and the second end point is in non-revertive mode, then the + management system SHOULD be notified. The following are the possible + values: + + + + + + +Weingarten, et al. Standards Track [Page 18] + +RFC 6378 MPLS-TP LP October 2011 + + + o 0 - non-revertive mode + + o 1 - revertive mode + +4.2.5. Fault Path (FPath) Field + + The FPath field indicates which path (i.e., working or protection) is + identified to be in a fault condition or affected by an + administrative command, when a fault or command is indicated by the + Request field to be in effect. The following are the possible + values: + + o 0: indicates that the anomaly condition is on the protection path + + o 1: indicates that the anomaly condition is on the working path + + o 2-255: for future extensions and SHALL be ignored by this version + of the protocol. + +4.2.6. Data Path (Path) Field + + The Path field indicates which data is being transported on the + protection path. Under normal conditions, the protection path + (especially, in 1:1 or 1:n architecture) does not need to carry any + user data traffic. If there is a failure/degrade condition on one of + the working paths, then that working path's data traffic will be + transported over the protection path. The following are the possible + values: + + o 0: indicates that the protection path is not transporting user + data traffic (in 1:n architecture) or transporting redundant user + data traffic (in 1+1 architecture). + + o 1: indicates that the protection path is transmitting user traffic + replacing the use of the working path. + + o 2-255: for future extensions and SHALL be ignored by this version + of the protocol. + +4.2.7. Additional TLV Information + + It may be necessary for future applications of the protocol to + include additional information for the proper processing of the + requests. For this purpose, we provide for optional additional + information to be included in the PSC payload. This information MUST + include a header that indicates the total length (in bytes) of the + additional information. + + + + +Weingarten, et al. Standards Track [Page 19] + +RFC 6378 MPLS-TP LP October 2011 + + + This information includes the following fields: + + o TLV Length: indicates the number of bytes included in the optional + TLV information. For the basic PSC protocol operation described + in this document, this value MUST be 0. + + o Optional TLVs: this includes any additional information formatted + as TLV units. There are no TLV units defined for the basic PSC + operation. + +4.3. Principles of Operation + + In all of the following subsections, assume a protection domain + between LER-A and LER-Z, using paths W (working) and P (protection), + as shown in Figure 3. + + +-----+ //=======================\\ +-----+ + |LER-A|// Working Path \\|LER-Z| + | /| |\ | + | ?< | | >? | + | \|\\ Protection Path //|/ | + +-----+ \\=======================// +-----+ + + |--------Protection Domain--------| + + + Figure 3: Protection Domain + +4.3.1. Basic Operation + + The purpose of the PSC protocol is to allow an end point of the + protection domain to notify its peer of the status of the domain that + is known at the end point and coordinate the transmission of the data + traffic. The current state of the end point is expressed in the + values of the Request field (reflecting the local requests at that + end point) and the FPath field (reflecting knowledge of a blocked + path). The coordination between the end points is expressed by the + value of the Path field (indicating where the user data traffic is + being transmitted). Except during a protection switch, the value of + the Path field should be identical for both end points at any + particular time. The values of the Request and FPath fields may not + be identical between the two end points. In particular it should be + noted that a remote message may not cause the end point to change the + Request field that is being transmitted while it does affect the Path + field (see details in the following subsections). + + + + + + +Weingarten, et al. Standards Track [Page 20] + +RFC 6378 MPLS-TP LP October 2011 + + + The protocol is a single-phased protocol. "Single-phased" implies + that each end point notifies its peer of a change in the operation + (switching to or from the protection path) and makes the switch + without waiting for acknowledgement. As a side effect of using a + single-phased protocol, there will be a short period during state + transitions of one-sided triggers (e.g., operator commands or + unidirectional SF) when one LER may be transporting/selecting the + data from one transport path while the other end point is + transporting/selecting from the other transport path. This should + become coordinated once the remote message is received and the far- + end LER performs the protection switching operation. + + The following subsections will identify the messages that will be + transmitted by the end point in different scenarios. The messages + are described as REQ(FP, P) -- where REQ is the value of the Request + field, FP is the value of the FPath field, and P is the value of the + Path field. All examples assume a protection domain between LER-A + and LER-Z with a single working path and single protection path (as + shown in Figure 3). Again, it should be noted that when using 1:1 + protection the data traffic will be transmitted exclusively on either + the protection or working path; whereas when using 1+1 protection, + the traffic will be transmitted on both paths and the receiving LER + should select the appropriate signal based on the state. The text + will refer to this transmission/selection as "transport" of the data + traffic. For 1+1 unidirectional protection, the state of the + selector will only be switched in reaction to a local message. When + receiving a remote message, a LER that is configured for 1+1 + unidirectional protection, will transfer to the new remote state; + however, it will continue to select data according to the latest + known local state. When the LER transitions into the Normal state, + the PSC Control Process SHALL check the persistent state of the local + triggers to decide if it should further transition into a new state. + +4.3.2. Priority of Inputs + + As noted above (in Section 3.1), the PSC Control Process accepts + input from five local input sources. There is a definition of + priority between the different inputs that may be triggered locally. + The list of local requests in order of priority are (from highest to + lowest priority): + + 1. Clear (operator command) + + 2. Lockout of protection (operator command) + + 3. Forced Switch (operator command) + + + + + +Weingarten, et al. Standards Track [Page 21] + +RFC 6378 MPLS-TP LP October 2011 + + + 4. Signal Fail on protection (OAM / control-plane / server + indication) + + 5. Signal Fail on working (OAM / control-plane / server indication) + + 6. Signal Degrade on working (OAM / control-plane / server + indication) + + 7. Clear Signal Fail/Degrade (OAM / control-plane / server + indication) + + 8. Manual Switch (operator command) + + 9. WTR Expires (WTR timer) + + 10. No Request (default) + + As was noted above, the Local Request logic SHALL always select the + local input indicator with the highest priority as the current local + request, i.e., only the highest priority local input will be used to + affect the control logic. All local inputs with lower priority than + this current local request will be ignored. + + The remote message from the far-end LER is assigned a priority just + below the similar local input. For example, a remote Forced Switch + would have a priority just below a local Forced Switch but above a + local Signal Fail on protection input. As mentioned in + Section 3.6.1, the state transition is determined by the higher + priority input between the highest priority local input and the + remote message. This also determines the classification of the state + as local or remote. The following subsections detail the transition + based on the current state and the higher priority of these two + inputs. + +4.3.3. Operation of PSC States + + The following subsections present the operation of the different + states defined in Section 3.6. For each state, we define the + reaction, i.e., the new state and the message to transmit, to each + possible input -- either the highest priority local input or the PSC + message from the remote LER. It should be noted that the new state + of the protection domain is described from the point of view of the + LER that is reporting the state; therefore, the language of "the LER + goes into a state" is referring to the LER reporting that the + protection domain is now in this new state. If the definition states + to "ignore" the message, the intention is that the protection domain + SHALL remain in its current state and the LER SHALL continue + transmitting (as presented in Section 4.1) the current PSC message. + + + +Weingarten, et al. Standards Track [Page 22] + +RFC 6378 MPLS-TP LP October 2011 + + + When a LER is in a remote state, i.e., state transition in reaction + to a PSC message received from the far-end LER, and receives a new + PSC message from the far-end LER that indicates a contradictory + state, e.g., in remote Unavailable state receiving a remote FS(1,1) + message, then the PSC Control logic SHALL reevaluate all inputs (both + the local input and the remote message) as if the LER is in the + Normal state. + +4.3.3.1. Normal State + + When the protection domain has no special condition in effect, the + ingress LER SHALL forward the user data along the working path, and, + in the case of 1+1 protection, the Permanent Bridge will bridge the + data to the protection path as well. The receiving LER SHALL read + the data from the working path. + + When the LER transitions into the Normal state, the PSC Control + Process SHALL check the persistent state of the local triggers to + decide if it should further transition into a new state. If the + result of this check is a transition into a new state, the LER SHALL + transmit the corresponding message described in this section and + SHALL use the data path corresponding to the new state. When the + protection domain remains in Normal state, the end point SHALL + transmit an NR(0,0) message, indicating -- Nothing to report and data + traffic is being transported on the working path. + + When the protection domain is in Normal state, the following + transitions are relevant in reaction to a local input to the LER: + + o A local Lockout of protection input SHALL cause the LER to go into + local Unavailable state and begin transmission of an LO(0,0) + message. + + o A local Forced Switch input SHALL cause the LER to go into local + Protecting administrative state and begin transmission of an + FS(1,1) message. + + o A local Signal Fail indication on the protection path SHALL cause + the LER to go into local Unavailable state and begin transmission + of an SF(0,0) message. + + o A local Signal Fail indication on the working path SHALL cause the + LER to go into local Protecting failure state and begin + transmission of an SF(1,1) message. + + o A local Manual Switch input SHALL cause the LER to go into local + Protecting administrative state and begin transmission of an + MS(1,1) message. + + + +Weingarten, et al. Standards Track [Page 23] + +RFC 6378 MPLS-TP LP October 2011 + + + o All other local inputs SHALL be ignored. + + In Normal state, remote messages would cause the following reaction + from the LER: + + o A remote Lockout of protection message SHALL cause the LER to go + into remote Unavailable state, while continuing to transmit the + NR(0,0) message. + + o A remote Forced Switch message SHALL cause the LER to go into + remote Protecting administrative state and begin transmitting an + NR(0,1) message. + + o A remote Signal Fail message that indicates that the failure is on + the protection path SHALL cause the LER (LER-A) to go into remote + Unavailable state, while continuing to transmit the NR(0,0) + message. + + o A remote Signal Fail message that indicates that the failure is on + the working path SHALL cause the LER to go into remote Protecting + failure state, and transmit an NR(0,1) message. + + o A remote Manual Switch message SHALL cause the LER to go into + remote Protecting administrative state, and transmit an NR(0,1) + message. + + o All other remote messages SHALL be ignored. + +4.3.3.2. Unavailable State + + When the protection path is unavailable -- either as a result of a + Lockout operator command, or as a result of a SF detected on the + protection path -- then the protection domain is in the Unavailable + state. In this state, the data traffic SHALL be transported on the + working path and is not protected. When the domain is in Unavailable + state, the PSC messages may not get through: therefore, the + protection is more dependent on the local inputs than the remote + messages (that may not be received). + + The protection domain will exit the Unavailable state and revert to + the Normal state when either the operator clears the Lockout command + or the protection path recovers from the signal fail or degraded + situation. Both ends will continue to send the PSC messages over the + protection path, as a result of this recovery. + + When the LER (assume LER-A) is in Unavailable state, the following + transitions are relevant in reaction to a local input: + + + + +Weingarten, et al. Standards Track [Page 24] + +RFC 6378 MPLS-TP LP October 2011 + + + o A local Clear input SHALL be ignored if the LER is in remote + Unavailable state. If in local Unavailable state due to a Lockout + command, then the input SHALL cause the LER to go to Normal state. + + o A local Lockout of protection input SHALL cause the LER to remain + in local Unavailable state and transmit an LO(0,0) message to the + far-end LER (LER-Z). + + o A local Clear SF of the protection path in local Unavailable state + that is due to an SF on the protection path SHALL cause the LER to + go to Normal state. If the LER is in remote Unavailable state but + has an active local SF condition, then the local Clear SF SHALL + clear the SF local condition and the LER SHALL remain in remote + Unavailable state and begin transmitting NR(0,0) messages. In all + other cases, the local Clear SF SHALL be ignored. + + o A local Forced Switch SHALL be ignored by the PSC Control logic + when in Unavailable state as a result of a (local or remote) + Lockout of protection. If in Unavailable state due to an SF on + protection, then the FS SHALL cause the LER to go into local + Protecting administrative state and begin transmitting an FS(1,1) + message. It should be noted that due to the unavailability of the + protection path (i.e., due to the SF condition) that this FS may + not be received by the far-end until the SF condition is cleared. + + o A local Signal Fail on the protection path input when in local + Unavailable state (by implication, this is due to a local SF on + protection) SHALL cause the LER to remain in local Unavailable + state and transmit an SF(0,0) message. + + o A local Signal Fail on the working path input when in remote + Unavailable state SHALL cause the LER to remain in remote + Unavailable state and transmit an SF(1,0) message. + + o All other local inputs SHALL be ignored. + + If remote messages are being received over the protection path, then + they would have the following effect: + + o A remote Lockout of protection message SHALL cause the LER to + remain in Unavailable state (note that if the LER was previously + in local Unavailable state due to a Signal Fail on the protection + path, then it will now be in remote Unavailable state) and + continue transmission of the current message (either NR(0,0) or + LO(0,0) or SF(0,0)). + + + + + + +Weingarten, et al. Standards Track [Page 25] + +RFC 6378 MPLS-TP LP October 2011 + + + o A remote Forced Switch message SHALL be ignored by the PSC Control + logic when in Unavailable state as a result of a (local or remote) + Lockout of protection. If in Unavailable state due to a local or + remote SF on protection, then the FS SHALL cause the LER to go + into remote Protecting administrative state; if in Unavailable + state due to local SF, begin transmitting an SF(0,1) message. + + o A remote Signal Fail message that indicates that the failure is on + the protection path SHALL cause the LER to remain in Unavailable + state and continue transmission of the current message (either + NR(0,0) or SF(0,0) or LO(0,0)). + + o A remote No Request, when the LER is in remote Unavailable state + and there is no active local Signal Fail SHALL cause the LER to go + into Normal state and continue transmission of the current + message. If there is a local Signal Fail on the protection path, + the LER SHALL remain in local Unavailable state and transmit an + SF(0,0) message. If there is a local Signal Fail on the working + path, the LER SHALL go into local Protecting Failure state and + transmit an SF(1,1) message. When in local Unavailable state, the + remote message SHALL be ignored. + + o All other remote messages SHALL be ignored. + +4.3.3.3. Protecting Administrative State + + In the Protecting administrative state, the user data traffic SHALL + be transported on the protection path, while the working path is + blocked due to an operator command, i.e., Forced Switch or Manual + Switch. The difference between a local FS and local MS affects what + local indicators may be received -- the Local Request logic will + block any local SF when under the influence of a local FS, whereas + the SF would override a local MS. In general, an MS will be canceled + in case of either a local or remote SF or LO condition. + + The following describe the reaction to local input: + + o A local Clear SHALL be ignored if in remote Protecting + administrative state. If in local Protecting administrative + state, then this input SHALL cause the LER to go into Normal + state. + + o A local Lockout of protection input SHALL cause the LER to go into + local Unavailable state and begin transmission of an LO(0,0) + message. + + o A local Forced Switch input SHALL cause the LER to remain in local + Protecting administrative state and transmit an FS(1,1) message. + + + +Weingarten, et al. Standards Track [Page 26] + +RFC 6378 MPLS-TP LP October 2011 + + + o A local Signal Fail indication on the protection path SHALL cause + the LER to go into local Unavailable state and begin transmission + of an SF(0,0) message, if the current state is due to a (local or + remote) Manual Switch operator command. If the LER is in (local + or remote) Protecting administrative state due to an FS situation, + then the SF on protection SHALL be ignored. + + o A local Signal Fail indication on the working path SHALL cause the + LER to go into local Protecting failure state and begin + transmitting an SF(1,1) message, if the current state is due to a + (local or remote) Manual Switch operator command. If the LER is + in remote Protecting administrative state due to a remote Forced + Switch command, then this local indication SHALL cause the LER to + remain in remote Protecting administrative state and transmit an + SF(1,1) message. If the LER is in local Protecting administrative + state due to a local Forced Switch command, then this indication + SHALL be ignored (i.e., the indication should have been blocked by + the Local Request logic). + + o A local Clear SF SHALL clear any local SF condition that may + exist. If in remote Protecting administrative state, the LER + SHALL stop transmitting the SF(x,1) message and begin transmitting + an NR(0,1) message. + + o A local Manual Switch input SHALL be ignored if in remote + Protecting administrative state due to a remote Forced Switch + command. If the current state is due to a (local or remote) + Manual Switch operator command, it SHALL cause the LER to remain + in local Protecting administrative state and transmit an MS(1,1) + message. + + o All other local inputs SHALL be ignored. + + While in Protecting administrative state the LER may receive and + react as follows to remote PSC messages: + + o A remote Lockout of protection message SHALL cause the LER to go + into remote Unavailable state and begin transmitting an NR(0,0) + message. It should be noted that this automatically cancels the + current Forced Switch or Manual Switch command and data traffic is + reverted to the working path. + + o A remote Forced Switch message SHALL be ignored by the PSC Process + logic if there is an active local Forced Switch operator command. + If the Protecting administrative state is due to a remote Forced + Switch message, then the LER SHALL remain in remote Protecting + administrative state and continue transmitting the last message. + If the Protecting administrative state is due to either a local or + + + +Weingarten, et al. Standards Track [Page 27] + +RFC 6378 MPLS-TP LP October 2011 + + + remote Manual Switch, then the LER SHALL remain in remote + Protecting administrative state (updating the state information + with the proper relevant information) and begin transmitting an + NR(0,1) message. + + o A remote Signal Fail message indicating a failure on the + protection path SHALL cause the LER to go into remote Unavailable + state and begin transmitting an NR(0,0) message, if the Protecting + administrative state is due to a Manual Switch command. It should + be noted that this automatically cancels the current Manual Switch + command and data traffic is reverted to the working path. + + o A remote Signal Fail message indicating a failure on the working + path SHALL be ignored if there is an active local Forced Switch + command. If the Protecting state is due to a local or remote + Manual Switch, then the LER SHALL go to remote Protecting failure + state and begin transmitting an NR(0,1) message. + + o A remote Manual Switch message SHALL be ignored by the PSC Control + logic if in Protecting administrative state due to a local or + remote Forced Switch. If in Protecting administrative state due + to a remote Manual Switch, then the LER SHALL remain in remote + Protecting administrative state and continue transmitting the + current message. If in local Protecting administrative state due + to an active Manual Switch, then the LER SHALL remain in local + Protecting administrative state and continue transmission of the + MS(1,1) message. + + o A remote DNR(0,1) message SHALL be ignored if in local Protecting + administrative state. If in remote Protecting administrative + state, then the LER SHALL go to Do-not-Revert state and continue + transmitting the current message. + + o A remote NR(0,0) message SHALL be ignored if in local Protecting + administrative state. If in remote Protecting administrative + state and there is no active local Signal Fail indication, then + the LER SHALL go to Normal state and begin transmitting an NR(0,0) + message. If there is a local Signal Fail on the working path, the + LER SHALL go to local Protecting failure state and begin + transmitting an SF(1,1) message. + + o All other remote messages SHALL be ignored. + +4.3.3.4. Protecting Failure State + + When the protection mechanism has been triggered and the protection + domain has performed a protection switch, the domain is in the + Protecting failure state. In this state, the normal data traffic + + + +Weingarten, et al. Standards Track [Page 28] + +RFC 6378 MPLS-TP LP October 2011 + + + SHALL be transported on the protection path. When an LER is in this + state, it implies that there either was a local SF condition or it + received a remote SF PSC message. The SF condition or message + indicated that the failure is on the working path. + + This state may be overridden by the Unavailable state triggers, i.e., + Lockout of protection or SF on the protection path, or by issuing an + FS operator command. This state will be cleared when the SF + condition is cleared. In order to prevent flapping due to an + intermittent fault, the LER SHOULD employ a Wait-to-Restore timer to + delay return to Normal state until the network has stabilized (see + Section 3.5). + + The following describe the reaction to local input: + + o A local Clear SF SHALL be ignored if in remote Protecting failure + state. If in local Protecting failure state and the LER is + configured for revertive behavior, then this input SHALL cause the + LER to go into Wait-to-Restore state, start the WTR timer, and + begin transmitting a WTR(0,1) message. If in local Protecting + failure state and the LER is configured for non-revertive + behavior, then this input SHALL cause the LER to go into Do-not- + Revert state and begin transmitting a DNR(0,1) message. + + o A local Lockout of protection input SHALL cause the LER to go into + Unavailable state and begin transmission of an LO(0,0) message. + + o A local Forced Switch input SHALL cause the LER to go into + Protecting administrative state and begin transmission of an + FS(1,1) message. + + o A local Signal Fail indication on the protection path SHALL cause + the LER to go into Unavailable state and begin transmission of an + SF(0,0) message. + + o A local Signal Fail indication on the working path SHALL cause the + LER to remain in local Protecting failure state and transmit an + SF(1,1) message. + + o All other local inputs SHALL be ignored. + + While in Protecting failure state, the LER may receive and react as + follows to remote PSC messages: + + o A remote Lockout of protection message SHALL cause the LER to go + into remote Unavailable state, and if in local Protecting failure + state, then the LER SHALL transmit an SF(1,0) message; otherwise, + + + + +Weingarten, et al. Standards Track [Page 29] + +RFC 6378 MPLS-TP LP October 2011 + + + it SHALL transmit an NR(0,0) message. It should be noted that + this may cause loss of user data since the working path is still + in a failure condition. + + o A remote Forced Switch message SHALL cause the LER go into remote + Protecting administrative state, and if in local Protecting + failure state, the LER SHALL transmit the SF(1,1) message; + otherwise, it SHALL transmit NR(0,1). + + o A remote Signal Fail message indicating a failure on the + protection path SHALL cause the LER to go into remote Unavailable + state, and if in local Protecting failure state, then the LER + SHALL transmit an SF(1,0) message; otherwise, it SHALL transmit an + NR(0,0) message. It should be noted that this may cause loss of + user data since the working path is still in a failure condition. + + o If in remote Protecting failure state, a remote Wait-to-Restore + message SHALL cause the LER to go into remote Wait-to-Restore + state and continue transmission of the current message. + + o If in remote Protecting failure state, a remote Do-not-Revert + message SHALL cause the LER to go into remote Do-not-Revert state + and continue transmission of the current message. + + o If in remote Protecting failure state, a remote NR(0,0) SHALL + cause the LER to go to Normal state. + + o All other remote messages SHALL be ignored. + +4.3.3.5. Wait-to-Restore State + + When recovering from a failure condition on the working path, the + Wait-to-Restore state is used by the PSC protocol to delay reverting + to the Normal state, for the period of the WTR timer to allow the + recovering failure to stabilize. While in the Wait-to-Restore state, + the data traffic SHALL continue to be transported on the protection + path. The natural transition from the Wait-to-Restore state to + Normal state will occur when the WTR timer expires. + + When in Wait-to-Restore state, the following describe the reaction to + local inputs: + + o A local Lockout of protection command SHALL send the Stop command + to the WTR timer, go into local Unavailable state, and begin + transmitting an LO(0,0) message. + + + + + + +Weingarten, et al. Standards Track [Page 30] + +RFC 6378 MPLS-TP LP October 2011 + + + o A local Forced Switch command SHALL send the Stop command to the + WTR timer, go into local Protecting administrative state, and + begin transmission of an FS(1,1) message. + + o A local Signal Fail indication on the protection path SHALL send + the Stop command to the WTR timer, go into local Unavailable + state, and begin transmission of an SF(0,0) message. + + o A local Signal Fail indication on the working path SHALL send the + Stop command to the WTR timer, go into local Protecting failure + state, and begin transmission of an SF(1,1) message. + + o A local Manual Switch input SHALL send the Stop command to the WTR + timer, go into local Protecting administrative state, and begin + transmission of an MS(1,1) message. + + o A local WTR Expires input SHALL cause the LER to remain in Wait- + to-Restore state, and begin transmitting an NR(0,1) message. + + o All other local inputs SHALL be ignored. + + When in Wait-to-Restore state, the following describe the reaction to + remote messages: + + o A remote Lockout of protection message SHALL send the Stop command + to the WTR timer, go into remote Unavailable state, and begin + transmitting an NR(0,0) message. + + o A remote Forced Switch message SHALL send the Stop command to the + WTR timer, go into remote Protecting administrative state, and + begin transmission of an NR(0,1) message. + + o A remote Signal Fail message for the protection path SHALL send + the Stop command to the WTR timer, go into remote Unavailable + state, and begin transmission of an NR(0,0) message. + + o A remote Signal Fail message for the working path SHALL send the + Stop command to the WTR timer, go into remote Protecting failure + state, and begin transmission of an NR(0,1) message. + + o A remote Manual Switch message SHALL send the Stop command to the + WTR timer, go into remote Protecting administrative state, and + begin transmission of an NR(0,1) message. + + o If the WTR timer is running, then a remote NR message SHALL be + ignored. If the WTR timer is stopped, then a remote NR message + SHALL cause the LER to go into Normal state. + + + + +Weingarten, et al. Standards Track [Page 31] + +RFC 6378 MPLS-TP LP October 2011 + + + o All other remote messages SHALL be ignored. + +4.3.3.6. Do-not-Revert State + + Do-not-Revert state is a continuation of the Protecting failure state + when the protection domain is configured for non-revertive behavior. + While in Do-not-Revert state, data traffic SHALL continue to be + transported on the protection path until the administrator sends a + command to revert to Normal state. It should be noted that there is + a fundamental difference between this state and Normal -- whereas + Forced Switch in Normal state actually causes a switch in the + transport path used, in Do-not-Revert state, the Forced Switch just + switches the state (to Protecting administrative state) but the + traffic would continue to be transported on the protection path! To + revert back to Normal state, the administrator SHALL issue a Lockout + of protection command followed by a Clear command. + + When in Do-not-Revert state, the following describe the reaction to + local input: + + o A local Lockout of protection command SHALL cause the LER to go + into local Unavailable state and begin transmitting an LO(0,0) + message. + + o A local Forced Switch command SHALL cause the LER to go into local + Protecting administrative state and begin transmission of an + FS(1,1) message. + + o A local Signal Fail indication on the protection path SHALL cause + the LER to go into local Unavailable state and begin transmission + of an SF(0,0) message. + + o A local Signal Fail indication on the working path SHALL cause the + LER to go into local Protecting failure state and begin + transmission of an SF(1,1) message. + + o A local Manual Switch input SHALL cause the LER to go into local + Protecting administrative state and begin transmission of an + MS(1,1) message. + + o All other local inputs SHALL be ignored. + + When in Do-not-Revert state, the following describe the reaction to + remote messages: + + o A remote Lockout of protection message SHALL cause the LER to go + into remote Unavailable state and begin transmitting an NR(0,0) + message. + + + +Weingarten, et al. Standards Track [Page 32] + +RFC 6378 MPLS-TP LP October 2011 + + + o A remote Forced Switch message SHALL cause the LER to go into + remote Protecting administrative state and begin transmission of + an NR(0,1) message. + + o A remote Signal Fail message for the protection path SHALL cause + the LER to go into remote Unavailable state and begin transmission + of an NR(0,0) message. + + o A remote Signal Fail message for the working path SHALL cause the + LER to go into remote Protecting failure state and begin + transmission of an NR(0,1) message. + + o A remote Manual Switch message SHALL cause the LER to go into + remote Protecting administrative state and begin transmission of + an NR(0,1) message. + + o All other remote messages SHALL be ignored. + +5. IANA Considerations + +5.1. Pseudowire Associated Channel Type + + In the "Pseudowire Name Spaces (PWE3)" registry, IANA maintains the + "Pseudowire Associated Channel Types" registry. + + IANA has assigned a new code point from this registry. The code + point has been assigned from the code point space that requires "IETF + Review" as follows: + + Registry: + + Value Description TLV Follows Reference + ------ ----------------------- ----------- --------------- + 0x0024 Protection State no [this document] + Coordination Protocol - + Channel Type (PSC-CT) + +5.2. PSC Request Field + + IANA has created and maintains a new sub-registry within the + "Multiprotocol Label Switching (MPLS) Operations, Administration, and + Management (OAM) Parameters" registry called the "MPLS PSC Request + Registry". All code points within this registry shall be allocated + according to the "Standards Action" procedure as specified in + [RFC5226]. + + The PSC Request Field is 4 bits, and the values have been allocated + as follows: + + + +Weingarten, et al. Standards Track [Page 33] + +RFC 6378 MPLS-TP LP October 2011 + + + Value Description Reference + ----- --------------------- --------------- + 0 No Request [this document] + 1 Do-not-Revert [this document] + 2 - 3 Unassigned + 4 Wait-to-Restore [this document] + 5 Manual Switch [this document] + 6 Unassigned + 7 Signal Degrade [this document] + 8 - 9 Unassigned + 10 Signal Fail [this document] + 11 Unassigned + 12 Forced Switch [this document] + 13 Unassigned + 14 Lockout of protection [this document] + 15 Unassigned + +5.3. Additional TLVs + + The IANA has created and maintains a new sub-registry within the + "Multiprotocol Label Switching (MPLS) Operations, Administration, and + Management (OAM) Parameters" registry called the "MPLS PSC TLV + Registry". All code points within this registry shall be allocated + according to the "IETF Review" procedure as specified in [RFC5226]. + +6. Security Considerations + + MPLS-TP is a subset of MPLS and so builds upon many of the aspects of + the security model of MPLS. MPLS networks make the assumption that + it is very hard to inject traffic into a network and equally hard to + cause traffic to be directed outside the network. The control-plane + protocols utilize hop-by-hop security and assume a "chain-of-trust" + model such that end-to-end control-plane security is not used. For + more information on the generic aspects of MPLS security, see + [RFC5920]. + + This document describes a protocol carried in the G-ACh [RFC5586], + and so is dependent on the security of the G-ACh, itself. The G-ACh + is a generalization of the Associated Channel defined in [RFC4385]. + Thus, this document relies heavily on the security mechanisms + provided for the Associated Channel and described in those two + documents. + + A specific concern for the G-ACh is that is can be used to provide a + covert channel. This problem is wider than the scope of this + document and does not need to be addressed here, but it should be + noted that the channel provides end-to-end connectivity and SHOULD + + + + +Weingarten, et al. Standards Track [Page 34] + +RFC 6378 MPLS-TP LP October 2011 + + + NOT be policed by transit nodes. Thus, there is no simple way of + preventing any traffic being carried between in the G-ACh consenting + nodes. + + A good discussion of the data-plane security of an associated channel + may be found in [RFC5085]. That document also describes some + mitigation techniques. + + It should be noted that the G-ACh is essentially connection oriented + so injection or modification of control messages specified in this + document require the subversion of a transit node. Such subversion + is generally considered hard in MPLS networks and impossible to + protect against at the protocol level. Management level techniques + are more appropriate. + + However, a new concern for this document is the accidental corruption + of messages (through faulty implementations or random corruption). + The main concern is around the Request, FPath, and Path fields as a + change to these fields would change the behavior of the peer end + point. Although this document does not define a way to avoid a + change in network behavior upon receipt of a message indicating a + change in protection status, the transition between states will + converge on a known and stable behavior in the face of messages that + do not match reality. + +7. Acknowledgements + + The authors would like to thank all members of the teams (the Joint + Working Team, the MPLS Interoperability Design Team in the IETF, and + the T-MPLS Ad Hoc Group in ITU-T) involved in the definition and + specification of the MPLS Transport Profile. + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 35] + +RFC 6378 MPLS-TP LP October 2011 + + +8. Contributing Authors + + Hao Long + Huawei Technologies Co., Ltd. + F3 Building, Huawei Industrial Park + Bantian, Shenzhen, China + + EMail: longhao@huawei.com + + + Davide Chiara + Ericsson + Via Calda 5, 16152 Genova Italy + + EMail: davide.chiara@ericsson.com + + + Dan Frost + Cisco Systems + + EMail: danfrost@cisco.com + + + Francesco Fondelli + Ericsson + via Moruzzi 1 + 56100, Pisa + Italy + + EMail: francesco.fondelli@ericsson.com + + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 36] + +RFC 6378 MPLS-TP LP October 2011 + + +9. References + +9.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson, + "Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for + Use over an MPLS PSN", RFC 4385, February 2006. + + [RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic + Associated Channel", RFC 5586, June 2009. + + [RFC5654] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N., + and S. Ueno, "Requirements of an MPLS Transport Profile", + RFC 5654, September 2009. + +9.2. Informative References + + [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol + Label Switching Architecture", RFC 3031, January 2001. + + [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., + Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack + Encoding", RFC 3032, January 2001. + + [RFC3945] Mannie, E., "Generalized Multi-Protocol Label Switching + (GMPLS) Architecture", RFC 3945, October 2004. + + [RFC3985] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to- + Edge (PWE3) Architecture", RFC 3985, March 2005. + + [RFC4427] Mannie, E. and D. Papadimitriou, "Recovery (Protection and + Restoration) Terminology for Generalized Multi-Protocol + Label Switching (GMPLS)", RFC 4427, March 2006. + + [RFC4872] Lang, J., Rekhter, Y., and D. Papadimitriou, "RSVP-TE + Extensions in Support of End-to-End Generalized Multi- + Protocol Label Switching (GMPLS) Recovery", RFC 4872, + May 2007. + + [RFC4873] Berger, L., Bryskin, I., Papadimitriou, D., and A. Farrel, + "GMPLS Segment Recovery", RFC 4873, May 2007. + + [RFC5085] Nadeau, T. and C. Pignataro, "Pseudowire Virtual Circuit + Connectivity Verification (VCCV): A Control Channel for + Pseudowires", RFC 5085, December 2007. + + + +Weingarten, et al. Standards Track [Page 37] + +RFC 6378 MPLS-TP LP October 2011 + + + [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 5226, + May 2008. + + [RFC5659] Bocci, M. and S. Bryant, "An Architecture for Multi- + Segment Pseudowire Emulation Edge-to-Edge", RFC 5659, + October 2009. + + [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS + Networks", RFC 5920, July 2010. + + [RFC5921] Bocci, M., Bryant, S., Frost, D., Levrau, L., and L. + Berger, "A Framework for MPLS in Transport Networks", + RFC 5921, July 2010. + + [RFC6372] Sprecher, N., Ed. and A. Farrel, Ed., "MPLS Transport + Profile (MPLS-TP) Survivability Framework", RFC 6372, + September 2011. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 38] + +RFC 6378 MPLS-TP LP October 2011 + + +Appendix A. PSC State Machine Tables + + The PSC state machine is described in Section 4.3.3. This appendix + provides the same information but in tabular format. In the event of + a mismatch between these tables and the text in Section 4.3.3, the + text is authoritative. Note that this appendix is intended to be a + functional description, not an implementation specification. + + For the sake of clarity of the table, the six states listed in the + text are split into 13 states. The logic of the split is to + differentiate between the different cases given in the conditional + statements in the descriptions of each state in the text. In + addition, the remote and local states were split for the Unavailable, + Protecting failure, and Protecting administrative states. + + There is only one table for the PSC state machine, but it is broken + into two parts for space reasons. The first part lists the 13 + possible states, the eight possible local inputs (that is, inputs + that are generated by the node in question), and the action taken + when a given input is received when the node is in a particular + state. The second part of the table lists the 13 possible states and + the eight remote inputs (inputs that come from a node other than the + one executing the state machine). + + There are 13 rows in the table, headers notwithstanding. These rows + are the 13 possible extended states in the state machine. + + The text in the first column is the current state. Those states that + have both source and cause are formatted as State:Cause:Source. For + example, the string UA:LO:L indicates that the current state is + 'Unavailable', that the cause of the current state is a Lockout of + protection that was a local input. In contrast, the state N simply + is Normal; there is no need to track the cause for entry into Normal + state. + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 39] + +RFC 6378 MPLS-TP LP October 2011 + + + The 13 extended states, as they appear in the table, are as follows: + + N Normal state + UA:LO:L Unavailable state due to local Lockout + UA:P:L Unavailable state due to local SF on protection path + UA:LO:R Unavailable state due to remote Lockout of protection message + UA:P:R Unavailable state due to remote SF message on protection path + PF:W:L Protecting failure state due to local SF on working path + PF:W:R Protecting failure state due to remote SF message on working + path + PA:F:L Protecting administrative state due to local FS operator + command + PA:M:L Protecting administrative state due to local MS operator + command + PA:F:R Protecting administrative state due to remote FS message + PA:M:R Protecting administrative state due to remote MS message + WTR Wait-to-Restore state + DNR Do-not-Revert state + + Each state corresponds to the transmission of a particular set of + Request, FPath and Path bits. The table below lists the message that + is generally sent in each particular state. If the message to be + sent in a particular state deviates from the table below, it is noted + in the footnotes to the state-machine table. + + State REQ(FP,P) + ------- --------- + N NR(0,0) + UA:LO:L LO(0,0) + UA:P:L SF(0,0) + UA:LO:R NR(0,0) + UA:P:R NR(0,0) + PF:W:L SF(1,1) + PF:W:R NR(0,1) + PA:F:L FS(1,1) + PA:M:L MS(1,1) + PA:F:R NR(0,1) + PA:M:R NR(0,1) + WTR WTR(0,1) + DNR DNR(0,1) + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 40] + +RFC 6378 MPLS-TP LP October 2011 + + + The top row in each table is the list of possible inputs. The local + inputs are as follows: + + NR No Request + OC Operator Clear + LO Lockout of protection + SF-P Signal Fail on protection path + SF-W Signal Fail on working path + FS Forced Switch + SFc Clear Signal Fail + MS Manual Switch + WTRExp WTR Expired + + and the remote inputs are as follows: + + LO remote LO message + SF-P remote SF message indicating protection path + SF-W remote SF message indicating working path + FS remote FS message + MS remote MS message + WTR remote WTR message + DNR remote DNR message + NR remote NR message + + Section 4.3.3 refers to some states as 'remote' and some as 'local'. + By definition, all states listed in the table of local sources are + local states, and all states listed in the table of remote sources + are remote states. For example, Section 4.3.3.1 says "A local + Lockout of protection input SHALL cause the LER to go into local + Unavailable state". As the trigger for this state change is a local + one, 'local Unavailable state' is, by definition, displayed in the + table of local sources. Similarly, Section 4.3.3.1 also states that + + "A remote Lockout of protection message SHALL cause the LER to go + into remote Unavailable state" means that the state represented in + the Unavailable rows in the table of remote sources is by definition + a remote Unavailable state. + + Each cell in the table below contains either a state, a footnote, or + the letter 'i'. 'i' stands for Ignore, and is an indication to + continue with the current behavior. See Section 4.3.3. The + footnotes are listed below the table. + + + + + + + + + +Weingarten, et al. Standards Track [Page 41] + +RFC 6378 MPLS-TP LP October 2011 + + + Part 1: Local input state machine + + | OC | LO | SF-P | FS | SF-W | SFc | MS | WTRExp + --------+-----+-------+------+------+------+------+------+------- + N | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i + UA:LO:L | N | i | i | i | i | i | i | i + UA:P:L | i |UA:LO:L| i |PA:F:L| i | [5] | i | i + UA:LO:R | i |UA:LO:L| [1] | i | [2] | [6] | i | i + UA:P:R | i |UA:LO:L|UA:P:L|PA:F:L| [3] | [6] | i | i + PF:W:L | i |UA:LO:L|UA:P:L|PA:F:L| i | [7] | i | i + PF:W:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i + PA:F:L | N |UA:LO:L| i | i | i | i | i | i + PA:M:L | N |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i + PA:F:R | i |UA:LO:L| i |PA:F:L| [4] | [8] | i | i + PA:M:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i + WTR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| [9] + DNR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i + + Part 2: Remote messages state machine + + | LO | SF-P | FS | SF-W | MS | WTR | DNR | NR + --------+-------+------+------+------+------+------+------+------ + N |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i + UA:LO:L | i | i | i | i | i | i | i | i + UA:P:L | [10] | i | [19] | i | i | i | i | i + UA:LO:R | i | i | i | i | i | i | i | [16] + UA:P:R |UA:LO:R| i |PA:F:R| i | i | i | i | [16] + PF:W:L | [11] | [12] |PA:F:R| i | i | i | i | i + PF:W:R |UA:LO:R|UA:P:R|PA:F:R| i | i | [14] | [15] | N + PA:F:L |UA:LO:R| i | i | i | i | i | i | i + PA:M:L |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | i + PA:F:R |UA:LO:R| i | i | i | i | i | DNR | [17] + PA:M:R |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | DNR | N + WTR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | [18] + DNR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i + + The following are the footnotes for the table: + + [1] Remain in the current state (UA:LO:R) and transmit SF(0,0). + + [2] Remain in the current state (UA:LO:R) and transmit SF(1,0). + + [3] Remain in the current state (UA:P:R) and transmit SF(1,0). + + [4] Remain in the current state (PA:F:R) and transmit SF(1,1). + + [5] If the SF being cleared is SF-P, transition to N. If it's + SF-W, ignore the clear. + + + +Weingarten, et al. Standards Track [Page 42] + +RFC 6378 MPLS-TP LP October 2011 + + + [6] Remain in current state (UA:x:R), if the SFc corresponds to a + previous SF, then begin transmitting NR(0,0). + + [7] If domain configured for revertive behavior transition to WTR, + else transition to DNR. + + [8] Remain in PA:F:R and transmit NR(0,1). + + [9] Remain in WTR, send NR(0,1). + + [10] Transition to UA:LO:R continue sending SF(0,0). + + [11] Transition to UA:LO:R and send SF(1,0). + + [12] Transition to UA and send SF(1,0). + + [13] Transition to PF:W:R and send NR(0,1). + + [14] Transition to WTR state and continue to send the current + message. + + [15] Transition to DNR state and continue to send the current + message. + + [16] If the local input is SF-P, then transition to UA:P:L. If the + local input is SF-W, then transition to PF:W:L. Else, + transition to N state and continue to send the current message. + + [17] If the local input is SF-W, then transition to PF:W:L. Else, + transition to N state and continue to send the current message. + + [18] If the receiving LER's WTR timer is running, maintain current + state and message. If the WTR timer is stopped, transition to + N. + + [19] Transition to PA:F:R and send SF (0,1). + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 43] + +RFC 6378 MPLS-TP LP October 2011 + + +Appendix B. Exercising the Protection Domain + + There is a requirement in [RFC5654] (number 84) that discusses a + requirement to verify that the protection path is viable. While the + PSC protocol does not define a specific operation for this + functionality, it is possible to perform this operation by combining + operations of the PSC and other OAM functionalities. One such + possible combination would be to issue a Lockout of protection + operation and then use the OAM function for diagnostic testing of the + protection path. Similarly, to test the paths when the working path + is not active would involve performing a Forced Switch to protection + and then perform the diagnostic function on either the working or + protection path. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Weingarten, et al. Standards Track [Page 44] + +RFC 6378 MPLS-TP LP October 2011 + + +Authors' Addresses + + Yaacov Weingarten (editor) + Nokia Siemens Networks + 3 Hanagar St. Neve Ne'eman B + Hod Hasharon 45241 + Israel + + EMail: yaacov.weingarten@nsn.com + + + Stewart Bryant + Cisco + United Kingdom + + EMail: stbryant@cisco.com + + + Eric Osborne + Cisco + United States + + EMail: eosborne@cisco.com + + + Nurit Sprecher + Nokia Siemens Networks + 3 Hanagar St. Neve Ne'eman B + Hod Hasharon 45241 + Israel + + EMail: nurit.sprecher@nsn.com + + + Annamaria Fulignoli (editor) + Ericsson + Via Moruzzi + Pisa 56100 + Italy + + EMail: annamaria.fulignoli@ericsson.com + + + + + + + + + + +Weingarten, et al. Standards Track [Page 45] + -- cgit v1.2.3