1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
|
Network Working Group N. Bitar, Ed.
Request for Comments: 5254 Verizon
Category: Informational M. Bocci, Ed.
Alcatel-Lucent
L. Martini, Ed.
Cisco Systems, Inc.
October 2008
Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
This document describes the necessary requirements to allow a service
provider to extend the reach of pseudowires across multiple domains.
These domains can be autonomous systems under one provider
administrative control, IGP areas in one autonomous system, different
autonomous systems under the administrative control of two or more
service providers, or administratively established pseudowire
domains.
Bitar, et al. Informational [Page 1]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
Table of Contents
1. Introduction ....................................................3
1.1. Scope ......................................................3
1.2. Architecture ...............................................3
2. Terminology .....................................................6
2.1. Specification of Requirements ..............................6
3. Use Cases .......................................................7
3.1. Multi-Segment Pseudowire Setup Mechanisms ..................9
4. Multi-Segment Pseudowire Requirements ..........................10
4.1. All Mechanisms ............................................10
4.1.1. Architecture .......................................10
4.1.2. Resiliency .........................................11
4.1.3. Quality of Service .................................11
4.1.4. Congestion Control .................................12
4.1.5 Generic Requirements for MS-PW Setup Mechanisms ....13
4.1.6. Routing ............................................14
4.2. Statically Configured MS-PWs ..............................15
4.2.1. Architecture .......................................15
4.2.2. MPLS-PWs ...........................................15
4.2.3. Resiliency .........................................15
4.2.4. Quality of Service .................................16
4.3. Signaled PW Segments ......................................16
4.3.1. Architecture .......................................16
4.3.2. Resiliency .........................................16
4.3.3. Quality of Service .................................17
4.3.4. Routing ............................................17
4.3.5. Additional Requirements on Signaled MS-PW Setup
Mechanisms .........................................17
4.4. Signaled PW / Dynamic Route ...............................18
4.4.1. Architecture .......................................18
4.4.2. Resiliency .........................................18
4.4.3. Quality of Service .................................18
4.4.4. Routing ............................................18
5. Operations and Maintenance (OAM) ...............................19
6. Management of Multi-Segment Pseudowires ........................20
6.1. MIB Requirements ..........................................20
6.2. Management Interface Requirements .........................21
7. Security Considerations ........................................21
7.1. Inter-Provider MS-PWs .....................................21
7.1.1. Data-Plane Security Requirements ...................21
7.1.2. Control-Plane Security Requirements ................23
7.2. Intra-Provider MS-PWs .....................................25
8. Acknowledgments ................................................25
9. References .....................................................25
9.1. Normative References ......................................25
9.2. Informative References ....................................25
Bitar, et al. Informational [Page 2]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
1. Introduction
1.1. Scope
This document specifies requirements for extending pseudowires across
more than one packet switched network (PSN) domain and/or more than
one PSN tunnel. These pseudowires are called multi-segment
pseudowires (MS-PWs). Requirements for single-segment pseudowires
(SS-PWs) that extend edge to edge across only one PSN domain are
specified in [RFC3916]. This document is not intended to invalidate
any part of [RFC3985].
This document specifies additional requirements that apply to MS-PWs.
These requirements do not apply to PSNs that only support SS-PWs.
1.2. Architecture
The following three figures describe the reference models that are
derived from [RFC3985] to support PW emulated services.
|<-------------- Emulated Service ---------------->|
| |
| |<------- Pseudowire ------->| |
| | | |
| | |<-- PSN Tunnel -->| | |
| PW End V V V V PW End |
V Service +----+ +----+ Service V
+-----+ | | PE1|==================| PE2| | +-----+
| |----------|............PW1.............|----------| |
| CE1 | | | | | | | | CE2 |
| |----------|............PW2.............|----------| |
+-----+ ^ | | |==================| | | ^ +-----+
^ | +----+ +----+ | | ^
| | Provider Edge 1 Provider Edge 2 | |
| | | |
Customer | | Customer
Edge 1 | | Edge 2
| |
| |
Attachment Circuit (AC) Attachment Circuit (AC)
Native service Native service
Figure 1: PWE3 Reference Configuration
Bitar, et al. Informational [Page 3]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
Figure 1 shows the PWE3 reference architecture [RFC3985]. This
architecture applies to the case where a PSN tunnel extends between
two edges of a single PSN domain to transport a PW with endpoints at
these edges.
Native |<--------Multi-Segment Pseudowire----->| Native
Service | PSN PSN | Service
(AC) | |<-Tunnel->| |<-Tunnel->| | (AC)
| V V 1 V V 2 V V |
| +-----+ +-----+ +---- + |
+---+ | |T-PE1|==========|S-PE1|==========|T-PE2| | +---+
| |---------|........PW1.......... |...PW3..........|---|----| |
|CE1| | | | | | | | | |CE2|
| |---------|........PW2...........|...PW4..........|--------| |
+---+ | | |==========| |==========| | | +---+
^ +-----+ +-----+ +-----+ ^
| Provider Edge 1 ^ Provider Edge 3 |
| | |
| | |
| PW switching point |
| |
| |
|<------------------- Emulated Service ------------------->|
Figure 2: PW Switching Reference Model
Figure 2 extends this architecture to show a multi-segment case.
Terminating PE1 (T-PE1) and Terminating PE3 (T-PE3) provide PWE3
service to CE1 and CE2. These PEs terminate different PSN tunnels,
PSN Tunnel 1 and PSN Tunnel 2, and may reside in different PSN or
pseudowire domains. One PSN tunnel extends from T-PE1 to S-PE1
across PSN1, and a second PSN tunnel extends from S-PE1 to T-PE2
across PSN2.
PWs are used to connect the Attachment circuits (ACs) attached to
T-PE1 to the corresponding ACs attached to T-PE2. Each PW on PSN
tunnel 1 is switched to a PW in the tunnel across PSN2 at S-PE1 to
complete the multi-segment PW (MS-PW) between T-PE1 and T-PE2. S-PE1
is therefore the PW switching point and will be referred to as the PW
switching provider edge (S-PE). PW1 and PW3 are segments of the same
MS-PW while PW2 and PW4 are segments of another pseudowire. PW
segments of the same MS-PW (e.g., PW1 and PW3) MAY be of the same PW
type or different types, and PSN tunnels (e.g., PSN Tunnel 1 and PSN
Tunnel 2) can be the same or different technology. This document
requires support for MS-PWs with segments of the same PW type only.
Bitar, et al. Informational [Page 4]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
An S-PE switches an MS-PW from one segment to another based on the PW
identifiers (e.g., PW label in case of MPLS PWs). In Figure 2, the
domains that PSN Tunnel 1 and PSN Tunnel 2 traverse could be IGP
areas in the same IGP network or simply PWE3 domains in a single flat
IGP network, for instance.
|<------Multi-Segment Pseudowire------>|
| AS AS |
AC | |<----1---->| |<----2--->| | AC
| V V V V V V |
| +----+ +-----+ +----+ +----+ |
+----+ | | |=====| |=====| |=====| | | +----+
| |-------|.....PW1..........PW2.........PW3.....|-------| |
| CE1| | | | | | | | | | | |CE2 |
+----+ | | |=====| |=====| |=====| | | +----+
^ +----+ +-----+ +----+ +----+ ^
| T-PE1 S-PE2 S-PE3 T-PE4 |
| ^ ^ |
| | | |
| PW switching points |
| |
| |
|<------------------- Emulated Service --------------->|
Figure 3: PW Switching Inter-Provider Reference Model
Note that although Figure 2 only shows a single S-PE, a PW may
transit more than one S-PEs along its path. For instance, in the
multi-AS case shown in Figure 3, there can be an S-PE (S-PE2) at the
border of one AS (AS1) and another S-PE (S-PE3) at the border of the
other AS (AS2). An MS-PW that extends from the edge of one AS (T-
PE1) to the edge of the other AS (T-PE4) is composed of three
segments: (1) PW1, a segment in AS1, (2) PW2, a segment between the
two border routers (S-PE2 and S-PE3) that are switching PEs, and (3)
PWE3, a segment in AS2. AS1 and AS2 could belong to the same
provider (e.g., AS1 could be an access network or metro transport
network, and AS2 could be an MPLS core network) or to two different
providers (e.g., AS1 for Provider 1 and AS2 for Provider 2).
Bitar, et al. Informational [Page 5]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
2. Terminology
RFC 3985 [RFC3985] provides terminology for PWE3. The following
additional terminology is defined for multi-segment pseudowires:
- PW Terminating Provider Edge (T-PE). A PE where the
customer-facing attachment circuits (ACs) are bound to a PW
forwarder. A Terminating PE is present in the first and last
segments of an MS-PW. This incorporates the functionality of a
PE as defined in RFC 3985.
- Single-Segment Pseudowire (SS-PW). A PW setup directly between
two PE devices. Each direction of an SS-PW traverses one PSN
tunnel that connects the two PEs.
- Multi-Segment Pseudowire (MS-PW). A static or dynamically
configured set of two or more contiguous PW segments that
behave and function as a single point-to-point PW. Each end of
an MS-PW by definition MUST terminate on a T-PE.
- PW Segment. A single-segment or a part of a multi-segment PW,
which is set up between two PE devices, T-PEs and/or S-PEs.
- PW Switching Provider Edge (S-PE). A PE capable of switching
the control and data planes of the preceding and succeeding PW
segments in an MS-PW. The S-PE terminates the PSN tunnels
transporting the preceding and succeeding segments of the MS-
PW. It is therefore a PW switching point for an MS-PW. A PW
switching point is never the S-PE and the T-PE for the same
MS-PW. A PW switching point runs necessary protocols to set up
and manage PW segments with other PW switching points and
terminating PEs.
2.1. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Bitar, et al. Informational [Page 6]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
3. Use Cases
PWE3 defines the signaling and encapsulation techniques for
establishing SS-PWs between a pair of terminating PEs (T-PEs), and in
the vast majority of cases, this will be sufficient. MS-PWs may be
useful in the following situations:
-i. Inter-Provider PWs: An Inter-Provider PW is a PW that extends
from a T-PE in one provider domain to a T-PE in another
provider domain.
-ii. It may not be possible, desirable, or feasible to establish a
direct PW control channel between the T-PEs, residing in
different provider networks, to set up and maintain PWs. At a
minimum, a direct PW control channel establishment (e.g.,
targeted LDP session) requires knowledge of and reachability
to the remote T-PE IP address. The local T-PE may not have
access to this information due to operational or security
constraints. Moreover, an SS-PW would require the existence
of a PSN tunnel between the local T-PE and the remote T-PE.
It may not be feasible or desirable to extend single,
contiguous PSN tunnels between T-PEs in one domain and T-PEs
in another domain for security and/or scalability reasons or
because the two domains may be using different PSN
technologies.
-iii. MS-PW setup, maintenance, and forwarding procedures must
satisfy requirements placed by the constraints of a
multi-provider environment. An example is the inter-AS L2VPN
scenario where the T-PEs reside in different provider networks
(ASs) and it is the current practice to MD5-key all control
traffic exchanged between two networks. An MS-PW allows the
providers to confine MD5 key administration for the LDP
session to just the PW switching points connecting the two
domains.
-iv. PSN Interworking: PWE3 signaling protocols and PSN types may
differ in different provider networks. The terminating PEs
may be connected to networks employing different PW signaling
and/or PSN protocols. In this case, it is not possible to use
an SS-PW. An MS-PW with the appropriate interworking
performed at the PW switching points can enable PW
connectivity between the terminating PEs in this scenario.
Bitar, et al. Informational [Page 7]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-v. Traffic Engineered PSN Tunnels and bandwidth-managed PWs:
There is a requirement to deploy PWs edge to edge in large
service provider networks. Such networks typically encompass
hundreds or thousands of aggregation devices at the edge, each
of which would be a PE. Furthermore, there is a requirement
that these PWs have explicit bandwidth guarantees. To satisfy
these requirements, the PWs will be tunneled over PSN
TE-tunnels with bandwidth constraints. A single-segment
pseudowire architecture would require that a full mesh of PSN
TE-tunnels be provisioned to allow PWs to be established
between all PEs. Inter-provider PWs riding traffic engineered
tunnels further add to the number of tunnels that would have
to be supported by the PEs and the core network as the total
number of PEs increases.
In this environment, there is a requirement either to support
a sparse mesh of PSN TE-tunnels and PW signaling adjacencies,
or to partition the network into a number of smaller PWE3
domains. In either case, a PW would have to pass through more
than one PSN tunnel hop along its path. An objective is to
reduce the number of tunnels that must be supported, and thus
the complexity and scalability problem that may arise.
-vi. Pseudowires in access/metro networks: Service providers wish
to extend PW technology to access and metro networks in order
to reduce maintenance complexity and operational costs.
Today's access and metro networks are either legacy (Time
Division Multiplexed (TDM), Synchronous Optical
Network/Synchronous Digital Hierarchy (SONET/SDH), or Frame
Relay/Asynchronous Transfer Mode (ATM)), Ethernet, or IP
based.
Due to these architectures, circuits (e.g., Ethernet Virtual
Circuits (EVCs), ATM VCs, TDM circuits) in the access/metro
are traditionally handled as attachment circuits, in their
native format, to the edge of the IP-MPLS network where the PW
starts. This combination requires multiple separate access
networks and complicates end-to-end control, provisioning, and
maintenance. In addition, when a TDM or SONET/SDH access
network is replaced with a packet-based infrastructure,
expenses may be lowered due to moving statistical multiplexing
closer to the end-user and converging multiple services onto a
single access network.
Access networks have a number of properties that impact the
application of PWs. For example, there exist access
mechanisms where the PSN is not of an IETF specified type, but
uses mechanisms compatible with those of PWE3 at the PW layer.
Bitar, et al. Informational [Page 8]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
Here, use case (iv) may apply. In addition, many networks
consist of hundreds or thousands of access devices. There is
therefore a desire to support a sparse mesh of PW signaling
adjacencies and PSN tunnels. Use case (v) may therefore
apply. Finally, access networks also tend to differ from core
networks in that the access PW setup and maintenance mechanism
may only be a subset of that used in the core.
Using the MS-PWs, access and metro network elements need only
maintain PW signaling adjacencies with the PEs to which they
directly connect. They do not need PW signaling adjacencies
with every other access and metro network device. PEs in the
PSN backbone, in turn, maintain PW signaling adjacencies among
each other. In addition, a PSN tunnel is set up between an
access element and the PE to which it connects. Another PSN
tunnel needs to be established between every PE pair in the
PSN backbone. An MS-PW may be set up from one access network
element to another access element with three segments: (1)
access-element - PSN-PE, (2) PSN-PE to PSN-PE, and (3) PSN-PE
to access element. In this MS-PW setup, access elements are
T-PEs while PSN-PEs are S-PEs. It should be noted that the
PSN backbone can be also segmented into PWE3 domains resulting
in more segments per PW.
3.1. Multi-Segment Pseudowire Setup Mechanisms
This requirements document assumes that the above use cases are
realized using one or more of the following mechanisms:
-i. Static Configuration: The switching points (S-PEs), in
addition to the T-PEs, are manually provisioned for each
segment.
-ii. Pre-Determined Route: The PW is established along an
administratively determined route using an end-to-end
signaling protocol with automated stitching at the S-PEs.
-iii. Signaled Dynamic Route: The PW is established along a
dynamically determined route using an end-to-end signaling
protocol with automated stitching at the S-PEs. The route is
selected with the aid of one or more dynamic routing
protocols.
Note that we define the PW route to be the set of S-PEs through which
an MS-PW will pass between a given pair of T-PEs. PSN tunnels along
that route can be explicitly specified or locally selected at the
S-PEs and T-PEs. The routing of the PSN tunnels themselves is
outside the scope of the requirements specified in this document.
Bitar, et al. Informational [Page 9]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
4. Multi-Segment Pseudowire Requirements
The following sections detail the requirements that the above use
cases put on the MS-PW setup mechanisms.
4.1. All Mechanisms
The following generic requirements apply to the three MS-PW setup
mechanisms defined in the previous section.
4.1.1. Architecture
-i. If MS-PWs are tunneled across a PSN that only supports SS-PWs,
then only the requirements of [RFC3916] apply to that PSN.
The fact that the overlay is carrying MS-PWs MUST be
transparent to the routers in the PSN.
-ii. The PWs MUST remain transparent to the P-routers. A P-router
is not an S-PE or an T-PE from the MS-PW architecture
viewpoint. P-routers provide transparent PSN transport for
PWs and MUST not have any knowledge of the PWs traversing
them.
-iii. The MS-PWs MUST use the same encapsulation modes specified for
SS-PWs.
-iv. The MS-PWs MUST be composed of SS-PWs.
-v. An MS-PW MUST be able to pass across PSNs of all technologies
supported by PWE3 for SS-PWs. When crossing from one PSN
technology to another, an S-PE must provide the necessary PSN
interworking functions in that case.
-vi. Both directions of a PW segment MUST terminate on the same
S-PE/T-PE.
-vii. S-PEs MAY only support switching PWs of the same PW type. In
this case, the PW type is transparent to the S-PE in the
forwarding plane, except for functions needed to provide for
interworking between different PSN technologies.
-viii. Solutions MAY provide a way to prioritize the setup and
maintenance process among PWs.
Bitar, et al. Informational [Page 10]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
4.1.2. Resiliency
Mechanisms to protect an MS-PW when an element on the existing path
of an MS-PW fails MUST be provided. These mechanisms will depend on
the MS-PW setup. The following are the generic resiliency
requirements that apply to all MS-PW setup mechanisms:
-i. Configuration and establishment of a backup PW to a primary PW
SHOULD be supported. Mechanisms to perform a switchover from
a primary PW to a backup PW upon failure detection SHOULD be
provided.
-ii. The ability to configure an end-to-end backup PW path for a
primary PW path SHOULD be supported. The primary and backup
paths may be statically configured, statically specified for
signaling, or dynamically selected via dynamic routing
depending on the MS-PW establishment mechanism. Backup and
primary paths should have the ability to traverse separate
S-PEs. The backup path MAY be signaled at configuration time
or after failure.
-iii. The ability to configure a primary PW and a backup PW with a
different T-PE from the primary SHOULD be supported.
-iv. Automatic Mechanisms to perform a fast switchover from a
primary PW to a backup PW upon failure detection SHOULD be
provided.
-v. A mechanism to automatically revert to a primary PW from a
backup PW MAY be provided. When provided, it MUST be
configurable.
4.1.3. Quality of Service
Pseudowires are intended to support emulated services (e.g., TDM and
ATM) that may have strict per-connection quality-of-service (QoS)
requirements. This may include either absolute or relative
guarantees on packet loss, delay, and jitter. These guarantees are,
in part, delivered by reserving sufficient network resources (e.g.,
bandwidth), and by providing appropriate per-packet treatment (e.g.,
scheduling priority and drop precedence) throughout the network.
For SS-PWs, a traffic engineered PSN tunnel (i.e., MPLS-TE) may be
used to ensure that sufficient resources are reserved in the
P-routers to provide QoS to PWs on the tunnel. In this case, T-PEs
MUST have the ability to automatically request the PSN tunnel
resources in the direction of traffic (e.g., admission control of PWs
onto the PSN tunnel and accounting for reserved bandwidth and
Bitar, et al. Informational [Page 11]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
available bandwidth on the tunnel). In cases where the tunnel
supports multiple classes of service (CoS) (e.g., E-LSP), bandwidth
management is required per CoS.
For MS-PWs, each S-PE maps a PW segment to a PSN tunnel. Solutions
MUST enable S-PEs and T-PEs to automatically bind a PW segment to a
PSN tunnel based on CoS and bandwidth requirements when these
attributes are specified for a PW. Solutions SHOULD also provide the
capability of binding a PW segment to a tunnel as a matter of policy
configuration. S-PEs and T-PEs must be capable of automatically
requesting PSN tunnel resources per CoS.
S-PEs and T-PEs MUST be able to associate a CoS marking (e.g., EXP
field value for MPLS PWs) with PW PDUs. CoS marking in the PW PDUs
affects packet treatment. The CoS marking depends on the PSN
technology. Thus, solutions must enable the configuration of
necessary mapping for CoS marking when the MS-PW crosses from one PSN
technology to another. Similarly, different administrative domains
may use different CoS values to imply the same CoS treatment.
Solutions MUST provide the ability to define CoS marking maps on
S-PEs at administrative domain boundaries to translate from one CoS
value to another as a PW PDU crosses from one domain to the next.
[RFC3985] requires PWs to respond to path congestion by reducing
their transmission rate. Alternatively, RFC 3985 permits PWs that do
not have a congestion control mechanism to transmit using explicitly
reserved capacity along a provisioned path. Because MS-PWs are a
type of PW, this requirement extends to them as well. RFC 3985
applied to MS-PWs consequently requires that MS-PWs employ a
congestion control mechanism that is effective across an MS path, or
requires an explicit provisioning action that reserves sufficient
capacity in all domains along the MS path before the MS-PW begins
transmission. S-PEs are therefore REQUIRED to reject attempts to
establish MS-PW segments for PW types that either do not utilize an
appropriate congestion control scheme or when resources that are
sufficient to support the transmission rate of the PW cannot be
reserved along the path.
4.1.4. Congestion Control
[RFC3985] requires all PWs to respond to congestion, in order to
conform to [RFC2914]. In the absence of a well-defined congestion
control mechanism, [RFC3985] permits PWs to be carried across paths
that have been provisioned such that the traffic caused by PWs has no
harmful effect on concurrent traffic that shares the path, even under
congestion. These requirements extend to the MS-PWs defined in this
document.
Bitar, et al. Informational [Page 12]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
Path provisioning is frequently performed through QoS reservation
protocols or network management protocols. In the case of SS-PWs,
which remain within a single administrative domain, a number of
existing protocols can provide this provisioning functionality. MS-
PWs, however, may transmit across network domains that are under the
control of multiple entities. QoS provisioning across such paths is
inherently more difficult, due to the required inter-domain
interactions. It is important to note that these difficulties do not
invalidate the requirement to provision path capacity for MS-PW use.
Each domain MUST individually implement a method to control
congestion. This can be by QoS reservation, or other congestion
control method. MS-PWs MUST NOT transmit across unprovisioned, best
effort, paths in the absence of other congestion control schemes, as
required by [RFC3985].
Solutions MUST enable S-PEs and T-PEs on the path of an MS-PW to
notify other S-PEs and T-PEs on that path of congestion, when it
occurs. Congestion may be indicated by queue length, packet loss
rate, or bandwidth measurement (among others) crossing a respective
threshold. The action taken by a T-PE that receives a notification
of congestion along the path of one of its PWs could be to re-route
the MS-PW to an alternative path, including an alternative T-PE if
available. If a PE, or an S-PE has knowledge that a particular link
or tunnel is experiencing congestion, it MUST not set up any new
MS-PW that utilize that link or tunnel. Some PW types, such as TDM
PWs, are more sensitive to congestion than others. The reaction to a
congestion notification MAY vary per PW type.
4.1.5. Additional Generic Requirements for MS-PW Setup Mechanisms
The MS-PW setup mechanisms MUST accommodate the service provider's
practices, especially in relation to security, confidentiality of SP
information, and traffic engineering. Security and confidentiality
are especially important when the MS-PWs are set up across autonomous
systems in different administrative domains. The following are
generic requirements that apply to the three MS-PW setup mechanisms
defined earlier:
-i. The ability to statically select S-PEs and PSN tunnels on a PW
path MUST be provided. Static selection of S-PEs is by
definition a requirement for the static configuration and
signaled/static route setup mechanisms. This requirement
satisfies the need for forcing an MS-PW to traverse specific
S-PEs to enforce service provider security and administrative
policies.
-ii. Solutions SHOULD minimize the amount of configuration needed
to set up an MS-PW.
Bitar, et al. Informational [Page 13]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-iii. Solutions should support different PW setup mechanisms on the
same T-PE, S-PE, and PSN network.
-iv. Solutions MUST allow T-PEs to simultaneously support use of
SS-PW signaling mechanisms as specified in [RFC4447], as well
as MS-PW signaling mechanisms.
-v. Solutions MUST ensure that an MS-PW will be set up when a path
that satisfies the PW constraints for bandwidth, CoS, and
other possible attributes does exist in the network.
-vi. Solutions must clearly define the setup procedures for each
mechanism so that an MS-PW setup on T-PEs can be interpreted
as successful only when all PW segments are successfully set
up.
-vii. Admission control to the PSN tunnel needs to be performed
against available resources, when applicable. This process
MUST be performed at each PW segment comprising the MS-PW. PW
admission control into a PSN tunnel MUST be configurable.
-viii. In case the PSN tunnel lacks the resources necessary to
accommodate the new PW, an attempt to signal a new PSN tunnel,
or increase the capacity of the existing PSN tunnel MAY be
made. If the expanded PSN tunnel fails to set up, the PW MUST
fail to set up.
-ix. The setup mechanisms must allow the setup of a PW segment
between two directly connected S-PEs without the existence of
a PSN tunnel. This requirement allows a PW segment to be set
up between two (Autonomous System Border Routers (ASBRs) when
the MS-PW crosses AS boundaries without the need for
configuring and setting up a PSN tunnel. In this case,
admission control must be done, when enabled, on the link
between the S-PEs.
4.1.6. Routing
An objective of MS-PWs is to provide support for the following
connectivity:
-i. MS-PWs MUST be able to traverse multiple service provider
administrative domains.
-ii. MS-PWs MUST be able to traverse multiple autonomous systems
within the same administrative domain.
Bitar, et al. Informational [Page 14]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-iii. MS-PWs MUST be able to traverse multiple autonomous systems
belonging to different administrative domains.
-iv. MS-PWs MUST be able to support any hybrid combination of the
aforementioned connectivity scenarios, including both PW
transit and termination in a domain.
4.2. Statically Configured MS-PWs
When the MS-PW segments are statically configured, the following
requirements apply in addition to the generic requirements previously
defined.
4.2.1. Architecture
There are no additional requirements on the architecture.
4.2.2. MPLS-PWs
Solutions should allow for the static configuration of MPLS labels
for MPLS-PW segments and the cross-connection of these labels to
preceding and succeeding segments. This is especially useful when an
MS-PW crosses provider boundaries and two providers do not want to
run any PW signaling protocol between them. A T-PE or S-PE that
allows the configuration of static labels for MS-PW segments should
also simultaneously allow for dynamic label assignments for other
MS-PW segments. It should be noted that when two interconnected
S-PEs do not have signaling peering for the purpose of setting up
MS-PW segments, they should have in-band PW Operations and
Maintenance (OAM) capabilities that relay PW or attachment circuit
defect notifications between the adjacent S-PEs.
4.2.3. Resiliency
The solution should allow for the protection of a PW segment, a
contiguous set of PW segments, as well as the end-to-end path. The
primary and protection segments must share the same segment
endpoints. Solutions should allow for having the backup paths set up
prior to the failure or as a result of failure. The choice should be
made by configuration. When resources are limited and cannot satisfy
all PWs, the PWs with the higher setup priorities should be given
preference when compared with the setup priorities of other PWs being
set up or the holding priorities of existing PWs.
Solutions should strive to minimize traffic loss between T-PEs.
Bitar, et al. Informational [Page 15]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
4.2.4. Quality of Service
The CoS and bandwidth of the MS-PW must be configurable at T-PEs and
S-PEs.
4.3. Signaled PW Segments
When the MS-PW segments are dynamically signaled, the following
requirements apply in addition to the generic requirements previously
defined. The signaled MS-PW segments can be on the path of a
statically configured MS-PW, signaled/statically routed MS-PW, or
signaled/dynamically routed MS-PW.
There are four different mechanisms that are defined to setup SS-PWs:
-i. Static set up of the SS-PW (MPLS or L2TPv3 forwarding)
-ii. LDP using PWid Forwarding Equivalence Class (FEC) 128
-iii. LDP using the generalized PW FEC 129
-iv. L2TPv3
The MS-PW setup mechanism MUST be able to support PW segments
signaled with any of the above protocols; however, the specification
of which combinations of SS-PW signaling protocols are supported by a
specific implementation is outside the scope of this document.
For the signaled/statically routed and signaled/dynamically routed
MS-PW setup mechanisms, the following requirements apply in addition
to the generic requirements previously defined.
4.3.1. Architecture
There are no additional requirements on the architecture.
4.3.2. Resiliency
Solutions should allow for the signaling of a protection path for a
PW segment, sequence of segments, or end-to-end path. The protection
and primary paths for the protected segment(s) share the same
respective segments endpoints. When admission control is enabled,
systems must be careful not to double account for bandwidth
allocation at merged points (e.g., tunnels). Solutions should allow
for having the backup paths set up prior to the failure or as a
result of failure. The choice should be made by configuration at the
endpoints of the protected path. When resources are limited and
cannot satisfy all PWs, the PWs with the higher setup priorities
Bitar, et al. Informational [Page 16]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
should be given preference when compared with the setup priorities of
other PWs being set up or the holding priorities of existing PWs.
Procedures must allow for the primary and backup paths to be diverse.
4.3.3. Quality of Service
When the T-PE attempts to signal an MS-PW, the following capability
is required:
-i. Signaling must be able to identify the CoS associated with an
MS-PW.
-ii. Signaling must be able to carry the traffic parameters for an
MS-PW per CoS. Traffic parameters should be based on existing
INTSERV definitions and must be used for admission control
when admission control is enabled.
-iii. The PW signaling MUST enable separate traffic parameter values
to be specified for the forward and reverse directions of the
PW.
-iv. PW traffic parameter representations MUST be the same for all
types of MS-PWs.
-v. The signaling protocol must be able to accommodate a method to
prioritize the PW setup and maintenance operation among PWs.
4.3.4. Routing
See the requirements for "Resiliency" above.
4.3.5. Additional Requirements on Signaled MS-PW Setup Mechanisms
The following are further requirements on signaled MS-PW setup
mechanisms:
-i. The signaling procedures MUST be defined such that the setup
of an MS-PW is considered successful if all segments of the
MS-PW are successfully set up.
-ii. The MS-PW path MUST have the ability to be dynamically set up
between the T-PEs by provisioning only the T-PEs.
Bitar, et al. Informational [Page 17]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-iii. Dynamic MS-PW setup requires that a unique identifier be
associated with a PW and be carried in the signaling message.
That identifier must contain sufficient information to
determine the path to the remote T-PE through intermediate
S-PEs.
-iv. In a single-provider domain, it is natural to have the T-PE
identified by one of its IP addresses. This may also apply
when an MS-PW is set up across multiple domains operated by
the same provider. However, some service providers have
security and confidentiality policies that prevent them from
advertising reachability to routers in their networks to other
providers (reachability to an ASBR is an exception). Thus,
procedures MUST be provided to allow dynamic set up of MS-PWs
under these conditions.
4.4. Signaled PW / Dynamic Route
The following requirements apply, in addition to those in Sections
4.1 and 4.3, when both dynamic signaling and dynamic routing are
used.
4.4.1. Architecture
There are no additional architectural requirements.
4.4.2. Resiliency
The PW routing function MUST support dynamic re-routing around
failure points when segments are set up using the dynamic setup
method.
4.4.3. Quality of Service
There are no additional QoS requirements.
4.4.4. Routing
The following are requirements associated with dynamic route
selection for an MS-PW:
-i. Routing must enable S-PEs and T-PEs to discover S-PEs on the
path to a destination T-PE.
-ii. The MS-PW routing function MUST have the ability to
automatically select the S-PEs along the MS-PW path. Some of
the S-PEs MAY be statically selected and carried in the
signaling to constrain the route selection process.
Bitar, et al. Informational [Page 18]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-iii. The PW routing function MUST support re-routing around
failures that occur between the statically configured segment
endpoints. This may be done by choosing another PSN tunnel
between the two segment endpoints or setting up an alternative
tunnel.
-iv. Routing protocols must be able to advertise reachability
information of attachment circuit (AC) endpoints. This
reachability information must be consistent with the AC
identifiers carried in signaling.
5. Operations and Maintenance (OAM)
OAM mechanisms for the attachment circuits are defined in the
specifications for PW emulated specific technologies (e.g., ITU-T
I.610 [i610] for ATM). These mechanisms enable, among other things,
defects in the network to be detected, localized, and diagnosed.
They also enable communication of PW defect states on the PW
attachment circuit. Note that this document uses the term OAM as
Operations and Management as per ITU-T I.610.
The interworking of OAM mechanisms for SS-PWs between ACs and PWs is
defined in [PWE3-OAM]. These enable defect states to be propagated
across a PWE3 network following the failure and recovery from faults.
OAM mechanisms for MS-PWs MUST provide at least the same capabilities
as those for SS-PWs. In addition, it should be possible to support
both segment and end-to-end OAM mechanisms for both defect
notifications and connectivity verification in order to allow defects
to be localized in a multi-segment network. That is, PW OAM segments
can be T-PE to T-PE, T-PE to S-PE, or S-PE to S-PE.
The following requirements apply to OAM for MS-PWs:
-i. Mechanisms for PW segment failure detection and notification
to other segments of an MS-PW MUST be provided.
-ii. MS-PW OAM SHOULD be supported end-to-end across the network.
-iii. Single ended monitoring SHOULD be supported for both
directions of the MS-PW.
-iv. SS-PW OAM mechanisms (e.g., [RFC5085]) SHOULD be extended to
support MS-PWs on both an end-to-end basis and segment basis.
-v. All PE routers along the MS-PW MUST agree on a common PW OAM
mechanism to use for the MS-PW.
Bitar, et al. Informational [Page 19]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
-vi. At the S-PE, defects on an PSN tunnel MUST be propagated to
all PWs that utilize that particular PSN tunnel.
-vii. The directionality of defect notifications MUST be maintained
across the S-PE.
-viii. The S-PE SHOULD be able to behave as a segment endpoint for PW
OAM mechanisms.
-ix. The S-PE MUST be able to pass T-PE to T-PE PW OAM messages
transparently.
-x. Performance OAM is required for both MS-PWs and SS-PWs to
measure round-trip delay, one-way delay, jitter, and packet
loss ratio.
6. Management of Multi-Segment Pseudowires
Each PWE3 approach that uses MS-PWs SHOULD provide some mechanisms
for network operators to manage the emulated service. Management
mechanisms for MS-PWs MUST provide at least the same capabilities as
those for SS-PWs, as defined in [RFC3916].
It SHOULD also be possible to manage the additional attributes for
MS-PWs. Since the operator that initiates the establishment of an
MS-PW may reside in a different PSN domain from the S-PEs and one of
the T-PEs along the path of the MS-PW, mechanisms for the remote
management of the MS-PW SHOULD be provided.
The following additional requirements apply:
6.1. MIB Requirements
-i. MIB Tables MUST be designed to facilitate configuration and
provisioning of the MS-PW at the S-PEs and T-PEs.
-ii. The MIB(s) MUST facilitate inter-PSN configuration and
monitoring of the ACs.
Bitar, et al. Informational [Page 20]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
6.2. Management Interface Requirements
-i. Mechanisms MUST be provided to enable remote management of an
MS-PW at an S-PE or T-PE. It SHOULD be possible for these
mechanisms to operate across PSN domains. An example of a
commonly available mechanism is the command line interface
(CLI) over a telnet session.
-ii. For security or other reasons, it SHOULD be possible to
disable the remote management of an MS-PW.
7. Security Considerations
This document specifies the requirements both for MS-PWs that can be
set up across domain boundaries administered by one or more service
providers (inter-provider MS-PWs), and for MS-PWs that are only set
up across one provider (intra-provider MS-PWs).
7.1. Inter-Provider MS-PWs
The security requirements for MS-PW setup across domains administered
by one service provider are the same as those described under
security considerations in [RFC4447] and [RFC3916]. These
requirements also apply to inter-provider MS-PWs.
In addition, [RFC4111] identifies user and provider requirements for
L2 VPNs that apply to MS-PWs described in this document. In this
section, the focus is on the additional security requirements for
inter-provider operation of MS-PWs in both the control plane and data
plane, and some of these requirements may overlap with those in
[RFC4111].
7.1.1. Data-Plane Security Requirements
By security in the "data plane", we mean protection against the
following possibilities:
-i. Packets from within an MS-PW traveling to a PE or an AC to
which the PW is not intended to be connected, other than in a
manner consistent with the policies of the MS-PW.
-ii. Packets from outside an MS-PW entering the MS-PW, other than
in a manner consistent with the policies of the MS-PW.
MS-PWs that cross service provider (SP) domain boundaries may connect
one T-PE in a SP domain to a T-PE in another provider domain. They
may also transit other provider domains even if the two T-PEs are
under the control of one SP. Under these scenarios, there is a
Bitar, et al. Informational [Page 21]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
chance that one or more PDUs could be falsely inserted into an MS-PW
at any of the originating, terminating, or transit domains. Such
false injection can be the result of a malicious attack or fault in
the S-PE. Solutions MAY provide mechanisms for ensuring the
end-to-end authenticity of MS-PW PDUs.
The data plane security requirements at a service provider border for
MS-PWs are similar to those for inter-provider BGP/MPLS IP Virtual
Private Networks [RFC4364]. In particular, an S-PE or T-PE SHOULD
discard a packet received from a particular neighbor over the service
provider border unless one of the following two conditions holds:
-i. Any MPLS label processed at the receiving S-PE or T-PE, such
the PSN tunnel label or the PW label has a label value that
the receiving system has distributed to that neighbor; or
-ii. Any MPLS label processed at the receiving S-PE or T-PE, such
as the PSN tunnel label or the PW label has a label value that
the receiving S-PE or T-PE has previously distributed to the
peer S-PE or T-PE beyond that neighbor (i.e., when it is known
that the path from the system to which the label was
distributed to the receiving system is via that neighbor).
One of the domains crossed by an MS-PW may decide to selectively
mirror the PDUs of an MS-PW for eavesdropping purposes. It may also
decide to selectively hijack the PDUs of an MS-PW by directing the
PDUs away from their destination. In either case, the privacy of an
MS-PW can be violated.
Some types of PWs make assumptions about the security of the
underlying PSN. The minimal security provided by an MPLS PSN might
not be sufficient to meet the security requirements expected by the
applications using the MS-PW. This document does not place any
requirements on protecting the privacy of an MS-PW PDU via
encryption. However, encryption may be required at a higher layer in
the protocol stack, based on the application or network requirements.
The data plane of an S-PE at a domain boundary MUST be able to police
incoming MS-PW traffic to the MS-PW traffic parameters or to an
administratively configured profile. The option to enable/disable
policing MUST be provided to the network administrator. This is to
ensure that an MS-PW or a group of MS-PWs do not grab more resources
than they are allocated. In addition, the data plane of an S-PE MUST
be able to police OAM messages to a pre-configured traffic profile or
to filter out these messages upon administrative configuration.
Bitar, et al. Informational [Page 22]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
An ingress S-PE MUST ensure that an MS-PW receives the CoS treatment
configured or signaled for that MS-PW at the S-PE. Specifically, an
S-PE MUST guard against packets marked in the exp bits or IP-header
Differentiated Services (DS) field (depending on the PSN) for a
better CoS than they should receive.
An ingress S-PE MUST be able to define per-interface or
interface-group (a group may correspond to interfaces to a peer-
provider) label space for MPLS-PWs. An S-PE MUST be configurable not
to accept labeled packets from another provider unless the bottom
label is a PW-label assigned by the S-PE on the interface on which
the packet arrived.
Data plane security considerations for SS-PWs specified in [RFC3985]
also apply to MS-PWs.
7.1.2. Control-Plane Security Requirements
An MS-PW connects two attachment circuits. It is important to make
sure that PW connections are not arbitrarily accepted from anywhere,
or else a local attachment circuit might get connected to an
arbitrary remote attachment circuit. The fault in the connection can
start at a remote T-PE or an S-PE.
Where a PW segment crosses a border between one provider and another
provider, the PW segment endpoints (S-PEs) SHOULD be on ASBRs
interconnecting the two providers. Directly interconnecting the
S-PEs using a physically secure link, and enabling signaling and
routing authentication between the S-PEs, eliminates the possibility
of receiving an MS-PW signaling message or packet from an untrusted
peer. Other configurations are possible. For example, P routers for
the PSN tunnel between the adjacent S-PEs/T-PEs may reside on the
ASBRs. In which case, the S-PEs/T-PEs MUST satisfy themselves of the
security and privacy of the path.
The configuration and maintenance protocol MUST provide a strong
authentication and control protocol data protection mechanism. This
option MUST be implemented, but it should be deployed according to
the specific PSN environment requirements. Furthermore,
authentication using a signature for each individual MS-PW setup
message MUST be available, in addition to an overall control protocol
session authentication and message validation.
Since S-PEs in different provider networks SHOULD reside at each end
of a physically secure link, or be interconnected by a limited number
of trusted PSN tunnels, each S-PE will have a trust relationship with
only a limited number of S-PEs in other ASs. Thus, it is expected
that current security mechanisms based on manual key management will
Bitar, et al. Informational [Page 23]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
be sufficient. If deployment situations arise that require large
scale connection to S-PEs in other ASs, then a mechanism based on RFC
4107 [RFC4107] MUST be developed.
Peer authentication protects against IP address spoofing but does not
prevent one peer (S-PE or T-PE) from connecting to the wrong
attachment circuit. Under a single administrative authority, this
may be the result of a misconfiguration. When the MS-PW crosses
multiple provider domains, this may be the result of a malicious act
by a service provider or a security hole in that provider network.
Static manual configuration of MS-PWs at S-PEs and T-PEs provides a
greater degree of security. If an identification of both ends of an
MS-PW is configured and carried in the signaling message, an S-PE can
verify the signaling message against the configuration. To support
dynamic signaling of MS-PWs, whereby only endpoints are provisioned
and S-PEs are dynamically discovered, mechanisms SHOULD be provided
to configure such information on a server and to use that information
during a connection attempt for validation.
An incoming MS-PW request/reply MUST NOT be accepted unless its IP
source address is known to be the source of an "eligible" peer. An
eligible peer is an S-PE or a T-PE with which the originating S-PE or
T-PE has a trust relationship. The number of such trusted T-PEs or
S-PEs is bounded and not anticipated to create a scaling issue for
the control plane authentication mechanisms.
If a peering adjacency has to be established prior to exchanging
setup requests/responses, peering MUST only be done with eligible
peers. The set of eligible peers could be pre-configured (either as
a list of IP addresses, or as a list of address/mask combinations) or
automatically generated from the local PW configuration information.
Furthermore, the restriction of peering sessions to specific
interfaces MUST also be provided. The S-PE and T-PE MUST drop the
unaccepted signaling messages in the data path to avoid a
Denial-of-Service (DoS) attack on the control plane.
Even if a connection request appears to come from an eligible peer,
its source address may have been spoofed. Thus, means of preventing
source address spoofing must be in place. For example, if eligible
peers are in the same network, source address filtering at the border
routers of that network could eliminate the possibility of source
address spoofing.
Bitar, et al. Informational [Page 24]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
S-PEs that connect one provider domain to another provider domain
MUST have the capability to rate-limit signaling traffic in order to
prevent DoS attacks on the control plane. Furthermore, detection and
disposition of malformed packets and defense against various forms of
attacks that can be protocol-specific MUST be provided.
7.2. Intra-Provider MS-PWs
Security requirements for pseudowires are provided in [RFC3916].
These requirements also apply to MS-PWs.
MS-PWs are intended to enable many more PEs to provide PWE3 services
in a given service provider network than traditional SS-PWs,
particularly in access and metro environments where the PE may be
situated closer to the ultimate endpoint of the service. In order to
limit the impact of a compromise of one T-PE in a service provider
network, the data path security requirements for inter-provider
MS-PWs also apply to intra-provider MS-PWs in such cases.
8. Acknowledgments
The editors gratefully acknowledge the following contributors:
Dimitri Papadimitriou (Alcatel-Lucent), Peter Busschbach
(Alcatel-Lucent), Sasha Vainshtein (Axerra), Richard Spencer (British
Telecom), Simon Delord (France Telecom), Deborah Brungard (AT&T),
David McDysan (Verizon), Rahul Aggarwal (Juniper), Du Ke (ZTE),
Cagatay Buyukkoc (ZTE), and Stewart Bryant (Cisco).
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3916] Xiao, X., Ed., McPherson, D., Ed., and P. Pate, Ed.,
"Requirements for Pseudo-Wire Emulation Edge-to-Edge
(PWE3)", RFC 3916, September 2004.
[RFC3985] Bryant, S., Ed., and P. Pate, Ed., "Pseudo Wire Emulation
Edge-to-Edge (PWE3) Architecture", RFC 3985, March 2005.
9.2. Informative References
[i610] Recommendation I.610 "B-ISDN operation and maintenance
principles and functions", February 1999.
Bitar, et al. Informational [Page 25]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
[RFC5085] Nadeau, T., Ed., and C. Pignataro, Ed., "Pseudowire
Virtual Circuit Connectivity Verification (VCCV): A
Control Channel for Pseudowires", RFC 5085, December 2007.
[RFC4447] Martini, L., Ed., Rosen, E., El-Aawar, N., Smith, T., and
G. Heron, "Pseudowire Setup and Maintenance Using the
Label Distribution Protocol (LDP)", RFC 4447, April 2006.
[RFC4111] Fang, L., Ed., "Security Framework for Provider-
Provisioned Virtual Private Networks (PPVPNs)", RFC 4111,
July 2005.
[PWE3-OAM] Nadeau, T., Ed., Morrow, M., Ed., Busschbach, P., Ed.,
Alissaoui, M.,Ed., D. Allen, Ed., "Pseudo Wire (PW) OAM
Message Mapping", Work in Progress, March 2005.
[RFC2914] Floyd, S., "Congestion Control Principles", BCP 41, RFC
2914, September 2000.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006.
[RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic
Key Management", BCP 107, RFC 4107, June 2005.
Authors' Addresses
Nabil Bitar
Verizon
117 West Street
Waltham, MA 02145
EMail: nabil.n.bitar@verizon.com
Matthew Bocci
Alcatel-Lucent Telecom Ltd,
Voyager Place
Shoppenhangers Road
Maidenhead
Berks, UK
EMail: matthew.bocci@alcatel-lucent.co.uk
Luca Martini
Cisco Systems, Inc.
9155 East Nichols Avenue, Suite 400
Englewood, CO, 80112
EMail: lmartini@cisco.com
Bitar, et al. Informational [Page 26]
^L
RFC 5254 Requirements for Multi-Segment PWE3 October 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Bitar, et al. Informational [Page 27]
^L
|
