1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
|
Independent Submission H. van Helvoort, Ed.
Request for Comments: 7347 Huawei Technologies
Category: Informational J. Ryoo, Ed.
ISSN: 2070-1721 ETRI
H. Zhang
Huawei Technologies
F. Huang
Philips
H. Li
China Mobile
A. D'Alessandro
Telecom Italia
September 2014
Pre-standard Linear Protection Switching in
MPLS Transport Profile (MPLS-TP)
Abstract
The IETF Standards Track solution for MPLS Transport Profile
(MPLS-TP) Linear Protection is provided in RFCs 6378, 7271, and 7324.
This document describes the pre-standard implementation of MPLS-TP
Linear Protection that has been deployed by several network operators
using equipment from multiple vendors. At the time of publication,
these pre-standard implementations were still in operation carrying
live traffic.
The specified mechanism supports 1+1 unidirectional/bidirectional
protection switching and 1:1 bidirectional protection switching. It
is purely supported by the MPLS-TP data plane and can work without
any control plane.
van Helvoort, et al. Informational [Page 1]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7347.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
van Helvoort, et al. Informational [Page 2]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions Used in This Document . . . . . . . . . . . . . . 5
3. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Linear Protection-Switching Overview . . . . . . . . . . . . 6
4.1. Protection Architecture Types . . . . . . . . . . . . . . 6
4.1.1. 1+1 Architecture . . . . . . . . . . . . . . . . . . 6
4.1.2. 1:1 Architecture . . . . . . . . . . . . . . . . . . 6
4.1.3. 1:n Architecture . . . . . . . . . . . . . . . . . . 7
4.2. Protection Switching Type . . . . . . . . . . . . . . . . 7
4.3. Protection Operation Type . . . . . . . . . . . . . . . . 7
5. Protection-Switching Trigger Conditions . . . . . . . . . . . 8
5.1. Fault Conditions . . . . . . . . . . . . . . . . . . . . 8
5.2. External Commands . . . . . . . . . . . . . . . . . . . . 8
5.2.1. End-to-End Commands . . . . . . . . . . . . . . . . . 8
5.2.2. Local Commands . . . . . . . . . . . . . . . . . . . 9
6. Protection-Switching Schemes . . . . . . . . . . . . . . . . 10
6.1. 1+1 Unidirectional Protection Switching . . . . . . . . . 10
6.2. 1+1 Bidirectional Protection Switching . . . . . . . . . 11
6.3. 1:1 Bidirectional Protection Switching . . . . . . . . . 12
7. APS Protocol . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1. APS PDU Format . . . . . . . . . . . . . . . . . . . . . 13
7.2. APS Transmission . . . . . . . . . . . . . . . . . . . . 16
7.3. Hold-Off Timer . . . . . . . . . . . . . . . . . . . . . 17
7.4. WTR Timer . . . . . . . . . . . . . . . . . . . . . . . . 17
7.5. Command Acceptance and Retention . . . . . . . . . . . . 18
7.6. Exercise Operation . . . . . . . . . . . . . . . . . . . 18
8. Protection-Switching Logic . . . . . . . . . . . . . . . . . 19
8.1. Principle of Operation . . . . . . . . . . . . . . . . . 19
8.2. Equal Priority Requests . . . . . . . . . . . . . . . . . 21
8.3. Signal Degrade of the Protection Transport Entity . . . . 22
9. Protection-Switching State Transition Tables . . . . . . . . 22
10. Security Considerations . . . . . . . . . . . . . . . . . . . 24
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 24
12.1. Normative References . . . . . . . . . . . . . . . . . . 24
12.2. Informative References . . . . . . . . . . . . . . . . . 25
Appendix A. Operation Examples of the APS Protocol . . . . . . . 26
van Helvoort, et al. Informational [Page 3]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
1. Introduction
The IETF Standards Track solution for MPLS Transport Profile
(MPLS-TP) Linear Protection is provided in [RFC6378], [RFC7271], and
[RFC7324].
This document describes the pre-standard implementation of MPLS-TP
Linear Protection that has been deployed by several network operators
using equipment from multiple vendors. At the time of publication,
these pre-standard implementations were still in operation carrying
live traffic.
This implementation was considered in the MPLS WG; however, a
different path was chosen.
This document may be useful in the future if a vendor or operator is
trying to interwork with a different vendor or operator who has
deployed the pre-standard implementation, and it provides a permanent
record of the pre-standard implementation. It is also worth noting
that the experience gained during deployment of the implementations
of this document was used to refine [RFC7271].
MPLS-TP is defined as the transport profile of MPLS technology to
allow its deployment in transport networks. A typical feature of a
transport network is that it can provide fast protection switching
for end-to-end transport paths and transport path segments. The
protection-switching time is generally required to be less than 50 ms
to meet the strict requirements of services such as voice, private
line, etc.
The goal of a linear protection-switching mechanism is to satisfy the
requirement of fast protection switching for an MPLS-TP network.
Linear protection switching means that, for one or more working
transport entities (working paths), there is one protection transport
entity (protection path), which is disjoint from any of the working
transport entities, ready to take over the service transmission when
a working transport entity has failed.
This document specifies a 1+1 unidirectional protection-switching
mechanism for a unidirectional transport entity (either point to
point or point to multipoint) as well as a bidirectional point-to-
point transport entity and a 1+1/1:1 bidirectional protection-
switching mechanism for a point-to-point bidirectional transport
entity. Since bidirectional protection switching needs the
coordination of the two endpoints of the transport entity, this
document also specifies the Automatic Protection Switching (APS)
protocol, which is used for this purpose.
van Helvoort, et al. Informational [Page 4]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
The linear protection mechanism described in this document is
applicable to both Label Switched Paths (LSPs) and Pseudowires (PWs).
The APS protocol specified in this document is based on the same
principles and behavior of the APS protocol designed for Synchronous
Optical Network (SONET) [T1.105.01] / Synchronous Digital Hierarchy
(SDH) [G.841], Optical Transport Network (OTN) [G.873.1], and
Ethernet [G.8031] and provides commonality with the established
operation models utilized in transport network technologies (e.g.,
SDH/SONET, OTN, and Ethernet).
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Acronyms
This document uses the following acronyms:
APS Automatic Protection Switching
DNR Do not Revert
EXER Exercise
G-ACh Generic Associated Channel
FS Forced Switch
LO Lockout of Protection
LSP Label Switched Path
MPLS-TP MPLS Transport Profile
MS Manual Switch
MS-P Manual Switch to Protection transport entity
MS-W Manual Switch to Working transport entity
NR No Request
OAM Operations, Administration, and Maintenance
OTN Optical Transport Network
PDU Protocol Data Unit
PW Pseudowire
RR Reverse Request
SD Signal Degrade
SD-P Signal Degrade on Protection transport entity
SD-W Signal Degrade on Working transport entity
SDH Synchronous Digital Hierarchy
SF Signal Fail
SF-P Signal Fail on Protection transport entity
SF-W Signal Fail on Working transport entity
SONET Synchronous Optical Network
WTR Wait to Restore
van Helvoort, et al. Informational [Page 5]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
4. Linear Protection-Switching Overview
To guarantee the protection-switching time for a working transport
entity, its protection transport entity is always preconfigured
before the failure occurs. Normally, traffic will be transmitted and
received on the working transport entity. Switching to the
protection transport entity is usually triggered by link or node
failure, external commands, etc. Note that external commands are
often used in transport networks by operators, and they are very
useful in cases of service adjustment, path maintenance, etc.
4.1. Protection Architecture Types
4.1.1. 1+1 Architecture
In the 1+1 architecture, the protection transport entity is
associated with a working transport entity. The normal traffic is
permanently bridged onto both the working transport entity and the
protection transport entity at the source endpoint of the protected
domain. The normal traffic on working and protection transport
entities is transmitted simultaneously to the destination sink
endpoint of the protected domain, where a selection between the
working and protection transport entity is made based on
predetermined criteria, such as signal fail and signal degrade
indications.
4.1.2. 1:1 Architecture
In the 1:1 architecture, the protection transport entity is
associated with a working transport entity. When the working
transport entity is determined to be impaired, the normal traffic
MUST be transferred from the working to the protection transport
entity at both the source and sink endpoints of the protected domain.
The selection between the working and protection transport entities
is made based on predetermined criteria, such as signal fail and
signal degrade indications from the working or protection transport
entity.
The bridge at the source endpoint can be realized in two ways: it is
either a selector bridge or a broadcast bridge. With a selector
bridge, the normal traffic is connected either to the working
transport entity or the protection transport entity. With a
broadcast bridge, the normal traffic is permanently connected to the
working transport entity, and in case a protection switch is active,
it is also connected to the protection transport entity. The
broadcast bridge is recommended to be used in revertive mode only.
van Helvoort, et al. Informational [Page 6]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
4.1.3. 1:n Architecture
Details for the 1:n protection-switching architecture are out of
scope of this document and will be provided in a different document
in the future.
It is worth noting that the APS protocol defined here is capable of
supporting 1:n operations.
4.2. Protection Switching Type
The linear protection-switching types can be a unidirectional
switching type or a bidirectional switching type.
o Unidirectional switching type: Only the affected direction of the
working transport entity is switched to the protection transport
entity; the selectors at each endpoint operate independently.
This switching type is recommended to be used for 1+1 protection
in this document.
o Bidirectional switching type: Both directions of the working
transport entity, including the affected direction and the
unaffected direction, are switched to the protection transport
entity. For bidirectional switching, the APS protocol is required
to coordinate the two endpoints so that both have the same bridge
and selector settings, even for a unidirectional failure. This
type is applicable for 1+1 and 1:1 protection.
4.3. Protection Operation Type
The linear protection operation types can be a non-revertive
operation type or a revertive operation type.
o Non-revertive operation: The normal traffic will not be switched
back to the working transport entity even after a protection
switching cause has cleared. This is generally accomplished by
replacing the previous switch request with a "Do not Revert (DNR)"
request, which has a low priority.
o Revertive operation: The normal traffic is restored to the working
transport entity after the condition(s) causing the protection
switching has cleared. In the case of clearing a command (e.g.,
Forced Switch), this happens immediately. In the case of clearing
a defect, this generally happens after the expiry of a "Wait to
Restore (WTR)" timer, which is used to avoid chattering of
selectors in the case of intermittent defects.
van Helvoort, et al. Informational [Page 7]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
5. Protection-Switching Trigger Conditions
5.1. Fault Conditions
Fault conditions mean the requests generated by the local Operations,
Administration, and Maintenance (OAM) function.
o Signal Fail (SF): If an endpoint detects a failure by an OAM
function or other mechanism, it will submit a local signal failure
(local SF) to the APS module to request a protection switch. The
local SF could be on the working transport entity (Signal Fail on
Working transport entity (SF-W)) or the protection transport
entity (Signal Fail on Protection transport entity (SF-P)).
o Signal Degrade (SD): If an endpoint detects signal degradation by
an OAM function or other mechanism, it will submit a local signal
degrade (local SD) to the APS module to request a protection
switching. The local SD could be on the working transport entity
(Signal Degrade on Working transport entity (SD-W)) or the
protection transport entity (Signal Degrade on Protection
transport entity (SD-P)).
5.2. External Commands
The external command issues an appropriate external request to the
protection process.
5.2.1. End-to-End Commands
These commands are applied to both local and remote nodes. When the
APS protocol is present, these commands, except the Clear command,
are signaled to the far end of the connection. In bidirectional
switching, these commands affect the bridge and selector at both
ends.
o Lockout of Protection (LO): This command is used to provide the
operator a tool for temporarily disabling access to the protection
transport entity.
o Manual Switch (MS): This command is used to provide the operator a
tool for temporarily switching normal traffic to the working
transport entity (Manual Switch to Working transport entity (MS-
W)) or to the protection transport entity (Manual Switch to
Protection transport entity (MS-P)), unless a higher priority
switch request (i.e., LO, FS, or SF) is in effect.
van Helvoort, et al. Informational [Page 8]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
o Forced Switch (FS): This command is used to provide the operator a
tool for temporarily switching normal traffic from the working
transport entity to the protection transport entity, unless a
higher priority switch request (i.e., LO or SF-P) is in effect.
o Exercise (EXER): Exercise is a command to test if the APS
communication is operating correctly. The EXER command SHALL NOT
affect the state of the protection selector and bridge.
o Clear: This command between management and the local protection
process is not a request sent by APS to other endpoints. It is
used to clear the active near-end external command or WTR state.
5.2.2. Local Commands
These commands apply only to the near end (local node) of the
protection group. Even when an APS protocol is supported, they are
not signaled to the far end.
o Freeze: This command freezes the state of the protection group.
Until the freeze is cleared, additional near-end commands are
rejected, and condition changes and received APS information are
ignored. When the Freeze command is cleared, the state of the
protection group is recomputed based on the condition and received
APS information.
Because the freeze is local, if the freeze is issued at one end
only, a failure of protocol can occur as the other end is open to
accept any operator command or fault condition.
o Clear Freeze: This command clears the local freeze.
van Helvoort, et al. Informational [Page 9]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
6. Protection-Switching Schemes
6.1. 1+1 Unidirectional Protection Switching
+-----------+ +-----------+
| |---------------------------------------| |
| -+---------------------------------------+- |
| / |---------------------------------------| \ |
| / | Working transport entity | \ |
--+-------> | | --------+->
| \ | | |
| \ |---------------------------------------| |
| -+---------------------------------------| |
| source |---------------------------------------| sink |
+-----------+ Protection transport entity +-----------+
(normal condition)
+-----------+ +-----------+
| |---------------------------------------| |
| -+------------------XX-------------------+ |
| / |---------------------------------------| |
| / | Working transport entity (failure) | |
--|-------> | | --------+->
| \ | | / |
| \ |---------------------------------------| / |
| -+---------------------------------------+- |
| source |---------------------------------------| sink |
+-----------+ Protection transport entity +-----------+
(failure condition)
Figure 1: 1+1 Unidirectional Linear Protection Switching
1+1 unidirectional protection switching is the simplest protection
switching mechanism. The normal traffic is permanently bridged on
both the working and protection transport entities at the source
endpoint of the protected domain. In the normal condition, the sink
endpoint receives traffic from the working transport entity. If the
sink endpoint detects a failure on the working transport entity, it
will switch to receive traffic from the protection transport entity.
1+1 unidirectional protection switching is recommended to be used for
unidirectional transport.
Note that 1+1 unidirectional protection switching does not use the
APS coordination protocol since it only performs protection switching
based on the local request.
van Helvoort, et al. Informational [Page 10]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
6.2. 1+1 Bidirectional Protection Switching
+-----------+ +-----------+
| |---------------------------------------| |
| -+<--------------------------------------+- |
| / +-------------------------------------->+ \ |
| sink / /|---------------------------------------|\ \ sink |
<-+-------/ / | Working transport entity | --\-------+->
--+--------> | | <------+--
| source \ | | / source|
| \|---------------------------------------| / |
| +-------------------------------------->| / |
| |<--------------------------------------+- |
| APS <...................................................> APS |
| |---------------------------------------+ |
+-----------+ Protection transport entity +-----------+
(normal condition)
+-----------+ +-----------+
| |---------------------------------------| |
| +<----------------XX--------------------+- |
| +-------------------------------------->+ \ |
| /|---------------------------------------| \ |
| source / | Working transport entity (failure) | \ source|
--+--------> | | \<-----+--
<-+------- \ | | --/------+->
| sink \ \|---------------------------------------| / / sink |
| \ +-------------------------------------->+- / |
| --+<--------------------------------------+-/ |
| APS <...................................................> APS |
| |---------------------------------------+ |
+-----------+ Protection transport entity +-----------+
(failure condition)
Figure 2: 1+1 Bidirectional Linear Protection Switching
In 1+1 bidirectional protection switching, for each direction, the
normal traffic is permanently bridged on both the working and
protection transport entities at the source endpoint of the protected
domain. In the normal condition, for each direction, the sink
endpoint receives traffic from the working transport entity.
If the sink endpoint detects a failure on the working transport
entity, it will switch to receive traffic from the protection
transport entity. It will also send an APS message to inform the
sink endpoint on the other direction to switch to receive traffic
from the protection transport entity.
van Helvoort, et al. Informational [Page 11]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
The APS mechanism is necessary to coordinate the two endpoints of the
transport entity and to implement 1+1 bidirectional protection
switching even for a unidirectional failure.
6.3. 1:1 Bidirectional Protection Switching
+-----------+ +-----------+
| |---------------------------------------| |
| -+<--------------------------------------+- |
| / +-------------------------------------->+ \ |
| sink / /|---------------------------------------|\ \ source|
<-+-------/ / | Working transport entity | \ <-------+--
--+--------> | | ---------+->
| source | | sink |
| |---------------------------------------| |
| | | |
| | | |
| APS <...................................................> APS |
| |---------------------------------------| |
+-----------+ Protection transport entity +-----------+
(normal condition)
+-----------+ +-----------+
| |---------------------------------------| |
| | \/ | |
| | /\ | |
| |---------------------------------------| |
| source | Working transport entity (failure) | sink |
--+-------> | | --------+->
<-+------- \ | | / <------+--
| sink \ \ |---------------------------------------| / / source|
| \ -+-------------------------------------->+- / |
| --+<--------------------------------------+-- |
| APS <...................................................> APS |
| |---------------------------------------+ |
+-----------+ Protection transport entity +-----------+
(failure condition)
Figure 3: 1:1 Bidirectional Linear Protection Switching
In 1:1 bidirectional protection switching, for each direction, the
source endpoint sends traffic on either the working transport entity
or the protection transport entity. The sink endpoint receives the
traffic from the same transport entity on which the source endpoint
sends the traffic.
In the normal condition, for each direction, the source and sink
endpoints send and receive traffic from the working transport entity.
van Helvoort, et al. Informational [Page 12]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
If the sink endpoint detects a failure on the working transport
entity, it will switch to send and receive traffic from the
protection transport entity. It will also send an APS message to
inform the sink endpoint on another direction to switch to send and
receive traffic from the protection transport entity.
The APS mechanism is necessary to coordinate the two endpoints of the
transport entity and implement 1:1 bidirectional protection switching
even for a unidirectional failure.
7. APS Protocol
This APS protocol is based upon the APS protocol defined in
Section 11 of [G.8031]. See that reference for further definition of
the Protocol Data Unit (PDU) fields and protocol details beyond the
description in this document.
7.1. APS PDU Format
APS packets MUST be sent over a Generic Associated Channel (G-ACh) as
defined in [RFC5586].
The format of APS PDU is specified in Figure 4 below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 1|0 0 0 0|0 0 0 0 0 0 0 0| Channel Type (=0x7FFA) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MEL | Version | OpCode | Flags | TLV Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| APS Specific Information |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| End TLV |
+-+-+-+-+-+-+-+-+
Figure 4: APS PDU Format
The following values MUST be used for APS PDU:
o Channel Type: The Channel Type MUST be configurable by the
implementation. During deployment, the local system administrator
provisioned the value 0x7FFA. This is a code point value in the
range of experimental Channel Types as described in RFC 5586,
Section 10.
van Helvoort, et al. Informational [Page 13]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
o Maintenance Entity group Level (MEL): The MEL value to set and
check MUST be configurable. The DEFAULT value MUST be "111".
With co-routed bidirectional transport paths, the configured MEL
MUST be the same in both directions.
o Version: 0x00
o OpCode: 0x27 (=0d39)
o Flags: 0x00
o TLV Offset: 4
o End TLV: 0x00
The format of the APS-specific information is defined in Figure 5.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Request|Pr.Type| Requested | Bridged | | |
| / |-+-+-+-| | |T| Reserved(0)|
| State |A|B|D|R| Signal | Signal | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: APS-Specific Information Format
All bits defined as "Reserved" MUST be transmitted as 0 and ignored
on reception.
o Request/State:
The four bits indicate the protection-switching request type. See
Figure 6 for the code of each request/state type.
van Helvoort, et al. Informational [Page 14]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
In case that there are multiple protection-switching requests,
only the protection-switching request with the highest priority
MUST be processed.
+------------------------------------+---------------+
| Request/State | Code/Priority |
+------------------------------------+---------------+
|Lockout of Protection (LO) | 1111 (highest)|
+------------------------------------+---------------+
|Signal Fail on Protection (SF-P) | 1110 |
+------------------------------------+---------------+
|Forced Switch (FS) | 1101 |
+------------------------------------+---------------+
|Signal Fail on Working (SF-W) | 1011 |
+------------------------------------+---------------+
|Signal Degrade (SD) | 1001 |
+------------------------------------+---------------+
|Manual Switch (MS) | 0111 |
+------------------------------------+---------------+
|Wait to Restore (WTR) | 0101 |
+------------------------------------+---------------+
|Exercise (EXER) | 0100 |
+------------------------------------+---------------+
|Reverse Request (RR) | 0010 |
+------------------------------------+---------------+
|Do Not Revert (DNR) | 0001 |
+------------------------------------+---------------+
|No Request (NR) | 0000 (lowest) |
+------------------------------------+---------------+
Figure 6: Protection-Switching Request Code/Priority
o Protection Type (Pr.Type):
The four bits are used to specify the protection type.
A: reserved (set by default to 1)
B: 0 - 1+1 (permanent bridge)
1 - 1:1 (no permanent bridge)
D: 0 - Unidirectional switching
1 - Bidirectional switching
R: 0 - Non-revertive operation
1 - Revertive operation
van Helvoort, et al. Informational [Page 15]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
o Requested Signal:
This byte is used to indicate the traffic that the near-end
requests to be carried over the protection entity.
value = 0: Null traffic
value = 1: Normal traffic 1
value = 2~255: Reserved
o Bridged Signal:
This byte is used to indicate the traffic that is bridged onto the
protection entity.
value = 0: Null traffic
value = 1: Normal traffic 1
value = 2~255: Reserved
o Bridge Type (T):
This bit is used to further specify the type of non-permanent
bridge for 1:1 protection switching.
value = 0: Selector bridge
value = 1: Broadcast bridge
o Reserved:
This field MUST be set to zero.
7.2. APS Transmission
The APS message MUST be transported on the protection transport
entity by encapsulation with the protection transport entity label
(the label of the LSP used to transport protection traffic). If an
endpoint receives APS-specific information from the working transport
entity, it MUST ignore this information and MUST report the failure
of protocol defect (see Section 8.1) to the operator.
A new APS packet MUST be transmitted immediately when a change in the
transmitted status occurs. The first three APS packets MUST be
transmitted as fast as possible only if the APS information to be
transmitted has been changed so that fast protection switching is
possible, even if one or two APS packets are lost or corrupted. The
interval of the first three APS packets SHOULD be 3.3 ms. APS
packets after the first three MUST be transmitted with the interval
of 5 seconds.
van Helvoort, et al. Informational [Page 16]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
If no valid APS-specific information is received, the last valid
received information remains applicable.
7.3. Hold-Off Timer
In order to coordinate timing of protection switches at multiple
layers, a hold-off timer MAY be required. The purpose is to allow a
server-layer protection switch to have a chance to fix the problem
before switching at a client layer.
Each selector SHOULD have a provisioned hold-off timer. The
suggested range of the hold-off timer is 0 to 10 seconds in steps of
100 ms (accuracy of +/-5 ms).
When a new defect or more severe defect occurs (new SF or SD) on the
active transport entity (the transport entity that currently carries
and selects traffic), this event will not be reported immediately to
protection switching if the provisioned hold-off timer value is non-
zero. Instead, the hold-off timer SHALL be started. When the hold-
off timer expires, it SHALL be checked whether a defect still exists
on the transport entity that started the timer. If it does, that
defect SHALL be reported to protection switching. The defect need
not be the same one that started the timer.
This hold-off timer mechanism SHALL be applied for both working and
protection transport entities.
7.4. WTR Timer
In revertive mode of operation, to prevent frequent operation of the
protection switch due to an intermittent defect, a failed working
transport entity MUST become fault free. After the failed working
transport entity meets this criterion, a fixed period of time SHALL
elapse before a normal traffic signal uses it again. This period,
called a WTR period, MAY be configured by the operator in 1 minute
steps between 5 and 12 minutes; the default value is 5 minutes. An
SF or SD condition will override the WTR. To activate the WTR timer
appropriately, even when both ends concurrently detect clearance of
SF-W and SD-W, when the local state transits from SF-W or SD-W to No
Request (NR) with the requested signal number 1, the previous local
state, SF-W or SD-W, MUST be memorized. If both the local state and
far-end state are NR with the requested signal number 1, the local
state transits to WTR only when the previous local state is SF-W or
SD-W. Otherwise, the local state transits to NR with the requested
signal number 0.
van Helvoort, et al. Informational [Page 17]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
In revertive mode of operation, when the protection is no longer
requested, i.e., the failed working transport entity is no longer in
SF or SD condition (and assuming no other requesting transport
entities), a local WTR state will be activated. Since this state
becomes the highest in priority, it is indicated on the APS signal
and maintains the normal traffic signal from the previously failed
working transport entity on the protection transport entity. This
state SHALL normally time out and become an NR state. The WTR timer
deactivates earlier when any request of higher priority request
preempts this state.
7.5. Command Acceptance and Retention
The commands Clear, LO, FS, MS, and EXER are accepted or rejected in
the context of previous commands, the condition of the working and
protection entities in the protection group, and (in bidirectional
switching only) the APS information received.
The Clear command MUST be only valid if a near-end LO, FS, MS, or
EXER command is in effect or if a WTR state is present at the near
end and rejected otherwise. This command will remove the near-end
command or WTR state, allowing the next lower-priority condition or
(in bidirectional switching) APS request to be asserted.
Other commands MUST be rejected unless they are higher priority than
the previously existing command, condition, or (in bidirectional
switching) APS request. If a new command is accepted, any previous,
lower-priority command that is overridden MUST be forgotten. If a
higher priority command overrides a lower-priority condition or (in
bidirectional switching) APS request, that other request will be
reasserted if it still exists at the time the command is cleared. If
a command is overridden by a condition or (in bidirectional
switching) APS request, that command MUST be forgotten.
7.6. Exercise Operation
Exercise is a command to test if the APS communication is operating
correctly. It is lower priority than any "real" switch request. It
is only valid in bidirectional switching, since this is the only
place where you can get a meaningful test by looking for a response.
The Exercise command SHALL issue the command with the same requested
and bridged signal numbers of the NR, Reverse Request (RR), or DNR
request that it replaces. The valid response will be an RR with the
corresponding requested and bridged signal numbers. When Exercise
commands are input at both ends, an EXER, instead of RR, MUST be
transmitted from both ends. The standard response to DNR MUST be DNR
rather than NR. When the exercise command is cleared, it MUST be
van Helvoort, et al. Informational [Page 18]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
replaced with NR or RR if the requested signal number is 0 and DNR or
RR if the requested signal number is 1.
8. Protection-Switching Logic
8.1. Principle of Operation
+-------------+ Persistent +----------+
SF,SD | Hold-off | fault | Local |
----------->| timer logic |----------->| request |
+-------------+ | logic |
Other local requests ----------------->| |
(LO, FS, MS, EXER, Clear) +----------+
|
| Highest
| local request
|
Remote APS V
message +-------+ Remote APS +----------------+
------------->| APS | request/state | APS process |
(received | check |-------------->| logic |
from far end) +-------+ +----------------+
| ^ | |
| | | Signaled |
| | | APS |
| | Txed | |
| | "Requested V |
| | Signal" +-----------+ |
| +-----------------| APS mess. | |
| | generator | |
| +-----------+ |
| | |
V | |
Failure of V |
protocol APS message |
detection V
Set local
bridge/selector
Figure 7: Protection-Switching Logic
Figure 7 describes the protection-switching logic.
One or more local protection-switching requests may be active. The
"local request logic" determines which of these requests is highest
using the order of priority given in Figure 6. This highest local
request information SHALL be passed on to the "APS process logic".
Note that an accepted Clear command, clearance of SF or SD, or
van Helvoort, et al. Informational [Page 19]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
expiration of the WTR timer SHALL NOT be processed by the local
request logic but SHALL be considered as the highest local request
and submitted to the APS process logic for processing.
The remote APS message is received from the far end and is subjected
to the validity check and mismatch detection in "APS check". Failure
of protocol situations are as follows:
o The "B" field mismatch due to incompatible provisioning;
o The reception of the APS message from the working entity due to
working/protection configuration mismatch;
o No match in sent "Requested Signal" and received "Requested
Signal" for more than 50 ms;
o No APS message is received on the protection transport entity
during at least 3.5 times the long APS interval (e.g., at least
17.5 seconds), and there is no defect on the protection transport
entity.
Provided the "B" field matches:
o If the "D" bit mismatches, the bidirectional side will fall back
to unidirectional switching.
o If the "R" bit mismatches, one side will clear switches to WTR and
the other will clear to DNR. The two sides will interwork and the
traffic is protected.
o If the "T" bit mismatches, the side using a broadcast bridge will
fall back to using a selector bridge.
The APS message with invalid information MUST be ignored, and the
last valid received information remains applicable.
The linear protection-switching algorithm SHALL commence immediately
every time one of the input signals changes, i.e., when the status of
any local request changes, or when different APS-specific information
is received from the far end. The consequent actions of the
algorithm are also initiated immediately, i.e., change the local
bridge/selector position (if necessary), transmit new APS-specific
information (if necessary), or detect the failure of protocol defect
if the protection switching is not completed within 50 ms.
van Helvoort, et al. Informational [Page 20]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
The state transition is calculated in the "APS process logic" based
on the highest local request, the request of the last received
"Request/State" information, and state transition tables defined in
Section 9, as follows:
o If the highest local request is Clear, clearance of SF or SD, or
expiration of WTR, a state transition is calculated first based on
the highest local request and state machine table for local
requests to obtain an intermediate state. This intermediate state
is the final state in case of clearance of SF-P; otherwise,
starting at this intermediate state, the last received far-end
request and the state machine table for far-end requests are used
to calculate the final state.
o If the highest local request is neither Clear nor clearance of SF
or of SD nor expiration of WTR, the APS process logic compares the
highest local request with the request of the last received
"Request/State" information based on Figure 6.
1. If the highest local request has higher or equal priority, it
is used with the state transition table for local requests
defined in Section 9 to determine the final state; otherwise,
2. The request of the last received "Request/State" information
is used with the state transition table for far-end requests
defined in Section 9 to determine the final state.
The "APS message generator" generates APS-specific information with
the signaled APS information for the final state from the state
transition calculation (with coding as described in Figure 5).
8.2. Equal Priority Requests
In general, once a switch has been completed due to a request, it
will not be overridden by another request of the same priority
(first-come, first-served policy). Equal priority requests from both
sides of a bidirectional protection group are both considered valid,
as follows:
o If the local state is NR, with the requested signal number 1, and
the far-end state is NR, with the requested signal number 0, the
local state transits to NR with the requested signal number 0.
This applies to the case when the remote request for switching to
the protection transport entity has been cleared.
van Helvoort, et al. Informational [Page 21]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
o If both the local and far-end states are NR, with the requested
signal number 1, the local state transits to the appropriate new
state (DNR state for non-revertive mode and WTR state for
revertive mode). This applies to the case when the old request
has been cleared at both ends.
o If both the local and far-end states are RR, with the same
requested signal number, both ends transit to the appropriate new
state according to the requested signal number. This applies to
the case of concurrent deactivation of EXER from both ends.
o In other cases, no state transition occurs, even if equal priority
requests are activated from both ends. Note that if MSs are
issued simultaneously to both working and protection transport
entities, either as local or far-end requests, the MS to the
working transport entity is considered as having higher priority
than the MS to the protection transport entity.
8.3. Signal Degrade of the Protection Transport Entity
Signal degrade on the protection transport entity has the same
priority as signal degrade on the working transport entity. As a
result, if an SD condition affects both transport entities, the first
SD detected MUST NOT be overridden by the second SD detected. If the
SD is detected simultaneously, either as local or far-end requests on
both working and protection transport entities, then the SD on the
standby transport entity MUST be considered as having higher priority
than the SD on the active transport entity, and the normal traffic
signal continues to be selected from the active transport entity
(i.e., no unnecessary protection switching is performed).
In the preceding sentence, "simultaneously" relates to the occurrence
of SD on both the active and standby transport entities at input to
the protection-switching process at the same time, or as long as an
SD request has not been acknowledged by the remote end in
bidirectional protection switching.
9. Protection-Switching State Transition Tables
In this section, state transition tables for the following protection
switching configurations are described.
o 1:1 bidirectional (revertive mode, non-revertive mode);
o 1+1 bidirectional (revertive mode, non-revertive mode);
o 1+1 unidirectional (revertive mode, non-revertive mode).
van Helvoort, et al. Informational [Page 22]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
Note that any other global or local request that is not described in
state transition tables does not trigger any state transition.
The states specified in the state transition tables can be described
as follows:
o NR: NR is the state entered by the local priority under all
conditions where no local protection-switching requests (including
WTR and DNR) are active. NR can also indicate that the highest
local request is overridden by the far-end request, whose priority
is higher than the highest local request. Normal traffic signal
is selected from the corresponding transport entity.
o LO, SF-P, SD-P: The access by the normal traffic to the protection
transport entity is NOT allowed in this state. The normal traffic
is carried by the working transport entity, regardless of the
fault/degrade condition possibly present (due to the highest
priority of the switching triggers leading to this state).
o FS, SF-W, SD-W, MS-W, MS-P: A switching trigger NOT resulting in
the protection transport entity unavailability is present. The
normal traffic is selected either from the corresponding working
transport entity or from the protection transport entity,
according to the behavior of the specific switching trigger.
o WTR: In revertive operation, after the clearing of an SF-W or SD-
W, this maintains normal traffic as selected from the protection
transport entity until the WTR timer expires or another request
with higher priority, including the Clear command, is received.
This is used to prevent frequent operation of the selector in the
case of intermittent failures.
o DNR: In non-revertive operation, this is used to maintain a normal
traffic to be selected from the protection transport entity.
o EXER: Exercise of the APS protocol.
o RR: The near end will enter and signal Reverse Request only in
response to an EXER from the far end.
[State transition tables are shown at the end of the PDF form of this
document.]
van Helvoort, et al. Informational [Page 23]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
10. Security Considerations
MPLS-TP is a subset of MPLS and so builds upon many of the aspects of
the security model of MPLS. MPLS networks make the assumption that
it is very hard to inject traffic into a network and equally hard to
cause traffic to be directed outside the network. The control-plane
protocols utilize hop-by-hop security and assume a "chain-of-trust"
model such that end-to-end control-plane security is not used. For
more information on the generic aspects of MPLS security, see
[RFC5920].
This document describes a protocol carried in the G-ACh [RFC5586] and
so is dependent on the security of the G-ACh, itself. The G-ACh is a
generalization of the associated channel defined in [RFC4385]. Thus,
this document relies heavily on the security mechanisms provided for
the associated channel and described in those two documents.
11. Acknowledgements
The authors would like to thank Hao Long, Vincenzo Sestito, Italo
Busi, Igor Umansky, and Andy Malis for their input to and review of
the current document.
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson,
"Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN", RFC 4385, February 2006.
[RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", RFC 5586, June 2009.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010.
[G.841] International Telecommunications Union, "Types and
characteristics of SDH network protection architectures",
ITU-T Recommendation G.841, October 1998.
[G.873.1] International Telecommunications Union, "Optical Transport
Network (OTN): Linear protection", ITU-T Recommendation
G.873.1, May 2014.
van Helvoort, et al. Informational [Page 24]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
[G.8031] International Telecommunications Union, "Ethernet linear
protection switching", ITU-T Recommendation G.8031/Y.1342,
June 2011.
[T1.105.01]
American National Standards Institute, "Synchronous
Optical Network (SONET) - Automatic Protection Switching",
ANSI 0900105.01:2000 (R2010), March 2000.
12.2. Informative References
[RFC6378] Weingarten, Y., Bryant, S., Osborne, E., Sprecher, N., and
A. Fulignoli, "MPLS Transport Profile (MPLS-TP) Linear
Protection", RFC 6378, October 2011.
[RFC7271] Ryoo, J., Gray, E., van Helvoort, H., D'Alessandro, A.,
Cheung, T., and E. Osborne, "MPLS Transport Profile (MPLS-
TP) Linear Protection to Match the Operational
Expectations of Synchronous Digital Hierarchy, Optical
Transport Network, and Ethernet Transport Network
Operators", RFC 7271, June 2014.
[RFC7324] Osborne, E., "Updates to MPLS Transport Profile Linear
Protection", RFC 7324, July 2014.
van Helvoort, et al. Informational [Page 25]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
Appendix A. Operation Examples of the APS Protocol
The sequence diagrams shown in this section are only a few examples
of the APS operations. The first APS message, which differs from the
previous APS message, is shown. The operation of hold-off timer is
omitted. The fields whose values are changed during APS packet
exchange are shown in the APS packet exchange. They are Request/
State, requested traffic, and bridged traffic. For an example,
SF(0,1) represents an APS packet with the following field values:
Request/State = SF, Requested Signal = 0, and Bridged Signal = 1.
The values of the other fields remain unchanged from the initial
configuration. The signal numbers 0 and 1 refer to null signal and
normal traffic signal, respectively. W(A->Z) and P(A->Z) indicate
the working and protection paths in the direction of A to Z,
respectively.
Example 1. 1:1 bidirectional protection switching (revertive mode) -
Unidirectional SF case
A Z
| |
(1) |---- NR(0,0)----->|
|<----- NR(0,0)----|
| |
| |
(2) | (SF on W(Z->A)) |
|---- SF(1,1)----->| (3)
|<----- NR(1,1)----|
(4) | |
| |
(5) | (Recovery) |
|---- WTR(1,1)---->|
/| |
WTR timer | |
\| |
(6) |---- NR(0,0)----->| (7)
(8) |<----- NR(0,0)----|
| |
(1) The protected domain is operating without any defect, and the
working entity is used for delivering the normal traffic.
(2) Signal Fail occurs on the working entity in the Z to A
direction. Selector and bridge of node A select protection
entity. Node A generates an SF(1,1) message.
van Helvoort, et al. Informational [Page 26]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
(3) Upon receiving SF(1,1), node Z sets selector and bridge to
protection entity. As there is no local request in node Z, node
Z generates an NR(1,1) message.
(4) Node A confirms that the far end is also selecting protection
entity.
(5) Node A detects clearing of the SF condition, starts the WTR
timer, and sends a WTR(1,1) message.
(6) At expiration of the WTR timer, node A sets selector and bridge
to working entity and sends an NR(0,0) message.
(7) Node Z is notified that the far-end request has been cleared and
sets selector and bridge to working entity.
(8) It is confirmed that the far end is also selecting working
entity.
Example 2. 1:1 bidirectional protection switching (revertive mode) -
Bidirectional SF case
A Z
| |
(1) |---- NR(0,0)----->| (1)
|<----- NR(0,0)----|
| |
| |
(2) | (SF on W(Z<->A)) | (2)
|<---- SF(1,1)---->|
(3) | | (3)
| |
(4) | (Recovery) | (4)
|<---- NR(1,1)---->|
(5) |<--- WTR(1,1)---->| (5)
/| |\
WTR timer | | WTR timer
\| |/
(6) |<---- NR(1,1)---->| (6)
(7) |<----- NR(0,0)--->| (7)
(8) | | (8)
(1) The protected domain is operating without any defect, and the
working entity is used for delivering the normal traffic.
(2) Nodes A and Z detect local SF conditions on the working entity,
set selector and bridge to protection entity, and generate
SF(1,1) messages.
van Helvoort, et al. Informational [Page 27]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
(3) Upon receiving SF(1,1), each node confirms that the far end is
also selecting protection entity.
(4) Each node detects clearing of the SF condition and sends an
NR(1,1) message as the last received APS message was SF.
(5) Upon receiving NR(1,1), each node starts the WTR timer and sends
WTR(1,1).
(6) At expiration of the WTR timer, each node sends NR(1,1) as the
last received APS message was WTR.
(7) Upon receiving NR(1,1), each node sets selector and bridge to
working entity and sends an NR(0,0) message.
(8) It is confirmed that the far end is also selecting working
entity.
Example 3. 1:1 bidirectional protection switching (revertive mode) -
Bidirectional SF case - Inconsistent WTR timers
A Z
| |
(1) |---- NR(0,0)----->| (1)
|<----- NR(0,0)----|
| |
| |
(2) | (SF on W(Z<->A)) | (2)
|<---- SF(1,1)---->|
(3) | | (3)
| |
(4) | (Recovery) | (4)
|<---- NR(1,1)---->|
(5) |<--- WTR(1,1)---->| (5)
/| |\
WTR timer | | |
\| | WTR timer
(6) |----- NR(1,1)---->| | (7)
| |/
(9) |<----- NR(0,0)----| (8)
|---- NR(0,0)----->| (10)
(1) The protected domain is operating without any defect, and the
working entity is used for delivering the normal traffic.
(2) Nodes A and Z detect local SF conditions on the working entity,
set selector and bridge to protection entity, and generate
SF(1,1) messages.
van Helvoort, et al. Informational [Page 28]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
(3) Upon receiving SF(1,1), each node confirms that the far end is
also selecting protection entity.
(4) Each node detects clearing of the SF condition and sends an
NR(1,1) message as the last received APS message was SF.
(5) Upon receiving NR(1,1), each node starts the WTR timer and
sends WTR(1,1).
(6) At expiration of the WTR timer in node A, node A sends an
NR(1,1) message as the last received APS message was WTR.
(7) At node Z, the received NR(1,1) is ignored as the local WTR has
a higher priority.
(8) At expiration of the WTR timer in node Z, node Z sets selector
and bridge to working entity and sends an NR(0,0) message.
(9) Upon receiving NR(0,0), node A sets selector and bridge to
working entity and sends an NR(0,0) message.
(10) It is confirmed that the far end is also selecting working
entity.
Example 4. 1:1 bidirectional protection switching (non-revertive
mode) - Unidirectional SF on working followed by unidirectional SF on
protection
van Helvoort, et al. Informational [Page 29]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
A Z
| |
(1) |---- NR(0,0)----->| (1)
|<----- NR(0,0)----|
| |
| |
(2) | (SF on W(Z->A)) |
|----- SF(1,1)---->| (3)
(4) |<----- NR(1,1)----|
| |
| |
(5) | (Recovery) |
|----- DNR(1,1)--->| (6)
|<--- DNR(1,1)---->|
| |
| |
| (SF on P(A->Z)) | (7)
(8) |<--- SF-P(0,0)----|
|---- NR(0,0)----->|
| |
| |
| (Recovery) | (9)
|<----- NR(0,0)----|
| |
(1) The protected domain is operating without any defect, and the
working entity is used for delivering the normal traffic.
(2) Signal Fail occurs on the working entity in the Z to A
direction. Selector and bridge of node A select the protection
entity. Node A generates an SF(1,1) message.
(3) Upon receiving SF(1,1), node Z sets selector and bridge to
protection entity. As there is no local request in node Z, node
Z generates an NR(1,1) message.
(4) Node A confirms that the far end is also selecting protection
entity.
(5) Node A detects clearing of the SF condition and sends a DNR(1,1)
message.
(6) Upon receiving DNR(1,1), node Z also generates a DNR(1,1)
message.
(7) Signal Fail occurs on the protection entity in the A to Z
direction. Selector and bridge of node Z select the working
entity. Node Z generates an SF-P(0,0) message.
van Helvoort, et al. Informational [Page 30]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
(8) Upon receiving SF-P(0,0), node A sets selector and bridge to
working entity and generates an NR(0,0) message.
(9) Node Z detects clearing of the SF condition and sends an NR(0,0)
message.
Exmaple 5. 1:1 bidirectional protection switching (non-revertive
mode) - Bidirectional SF on working followed by bidirectional SF on
protection
A Z
| |
(1) |---- NR(0,0)----->| (1)
|<----- NR(0,0)----|
| |
| |
(2) | (SF on W(A<->Z)) | (2)
(3) |<---- SF(1,1)---->| (3)
| |
| |
(4) | (Recovery) | (4)
(5) |<---- NR(1,1)---->| (5)
|<--- DNR(1,1)---->|
| |
| |
(6) | (SF on P(A<->Z)) | (6)
(7) |<--- SF-P(0,0)--->| (7)
| |
| |
(8) | (Recovery) | (8)
|<---- NR(0,0)---->|
| |
(1) The protected domain is operating without any defect, and the
working entity is used for delivering the normal traffic.
(2) Nodes A and Z detect local SF conditions on the working entity,
set selector and bridge to protection entity, and generate
SF(1,1) messages.
(3) Upon receiving SF(1,1), each node confirms that the far end is
also selecting protection entity.
(4) Each node detects clearing of the SF condition and sends an
NR(1,1) message as the last received APS message was SF.
(5) Upon receiving NR(1,1), each node sends DNR(1,1).
van Helvoort, et al. Informational [Page 31]
^L
RFC 7347 Pre-standard MPLS-TP Lin. Prot. Switching September 2014
(6) Signal Fail occurs on the protection entity in both directions.
Selector and bridge of each node selects the working entity.
Each node generates an SF-P(0,0) message.
(7) Upon receiving SF-P(0,0), each node confirms that the far end is
also selecting working entity.
(8) Each node detects clearing of the SF condition and sends an
NR(0,0) message.
Authors' Addresses
Huub van Helvoort (editor)
Huawei Technologies
EMail: huub@van-helvoort.eu
Jeong-dong Ryoo (editor)
ETRI
EMail: ryoo@etri.re.kr
Haiyan Zhang
Huawei Technologies
EMail: zhanghaiyan@huawei.com
Feng Huang
Philips
EMail: feng.huang@philips.com
Han Li
China Mobile
EMail: lihan@chinamobile.com
Alessandro D'Alessandro
Telecom Italia
EMail: alessandro.dalessandro@telecomitalia.it
van Helvoort, et al. Informational [Page 32]
^L
|