1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
|
Internet Engineering Task Force (IETF) S. Salam
Request for Comments: 9062 A. Sajassi
Category: Informational Cisco
ISSN: 2070-1721 S. Aldrin
Google
J. Drake
Juniper
D. Eastlake 3rd
Futurewei
June 2021
Framework and Requirements for Ethernet VPN (EVPN)
Operations, Administration, and Maintenance (OAM)
Abstract
This document specifies the requirements and reference framework for
Ethernet VPN (EVPN) Operations, Administration, and Maintenance
(OAM). The requirements cover the OAM aspects of EVPN and Provider
Backbone Bridge EVPN (PBB-EVPN). The framework defines the layered
OAM model encompassing the EVPN service layer, network layer,
underlying Packet Switched Network (PSN) transport layer, and link
layer but focuses on the service and network layers.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9062.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
1.1. Relationship to Other OAM Work
1.2. Specification of Requirements
1.3. Terminology
2. EVPN OAM Framework
2.1. OAM Layering
2.2. EVPN Service OAM
2.3. EVPN Network OAM
2.4. Transport OAM for EVPN
2.5. Link OAM
2.6. OAM Interworking
3. EVPN OAM Requirements
3.1. Fault Management Requirements
3.1.1. Proactive Fault Management Functions
3.1.1.1. Fault Detection (Continuity Check)
3.1.1.2. Defect Indication
3.1.1.2.1. Forward Defect Indication (FDI)
3.1.1.2.2. Reverse Defect Indication (RDI)
3.1.2. On-Demand Fault Management Functions
3.1.2.1. Connectivity Verification
3.1.2.2. Fault Isolation
3.2. Performance Management
3.2.1. Packet Loss
3.2.2. Packet Delay and Jitter
4. Security Considerations
5. IANA Considerations
6. References
6.1. Normative References
6.2. Informative References
Acknowledgements
Authors' Addresses
1. Introduction
This document specifies the requirements and defines a reference
framework for Ethernet VPN (EVPN) Operations, Administration, and
Maintenance (OAM) [RFC6291]. In this context, we use the term "EVPN
OAM" to loosely refer to the OAM functions required for and/or
applicable to [RFC7432] and [RFC7623].
EVPN is a Layer 2 VPN (L2VPN) solution for multipoint Ethernet
services with advanced multihoming capabilities that uses BGP for
distributing Customer/Client Media Access Control (C-MAC) address
reachability information over the core MPLS/IP network.
PBB-EVPN combines Provider Backbone Bridging (PBB) [IEEE-802.1Q] with
EVPN in order to reduce the number of BGP MAC advertisement routes;
provide client MAC address mobility using C-MAC [RFC7623] aggregation
and Backbone MAC (B-MAC) [RFC7623] sub-netting; confine the scope of
C-MAC learning to only active flows; offer per-site policies; and
avoid C-MAC address flushing on topology changes.
This document focuses on the fault management and performance
management aspects of EVPN OAM. It defines the layered OAM model
encompassing the EVPN service layer, network layer, underlying Packet
Switched Network (PSN) transport layer, and link layer but focuses on
the service and network layers.
1.1. Relationship to Other OAM Work
This document leverages concepts and draws upon elements defined
and/or used in the following documents:
[RFC6136] specifies the requirements and a reference model for OAM as
it relates to L2VPN services, pseudowires, and associated Packet
Switched Network (PSN) tunnels. This document focuses on Virtual
Private LAN Service (VPLS) and Virtual Private Wire Service (VPWS)
solutions and services.
[RFC8029] defines mechanisms for detecting data plane failures in
MPLS Label Switched Paths (LSPs), including procedures to check the
correct operation of the data plane as well as mechanisms to verify
the data plane against the control plane.
[IEEE-802.1Q] specifies the Ethernet Connectivity Fault Management
(CFM) protocol, which defines the concepts of Maintenance Domains,
Maintenance Associations, Maintenance End Points, and Maintenance
Intermediate Points.
[Y.1731] extends Connectivity Fault Management in the following
areas: it defines fault notification and alarm suppression functions
for Ethernet and specifies mechanisms for Ethernet performance
management, including loss, delay, jitter, and throughput
measurement.
1.2. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.3. Terminology
This document uses the following terminology, much of which is
defined in [RFC6136]:
CE Customer Edge device; for example, a host, router, or
switch.
CFM Connectivity Fault Management [IEEE-802.1Q]
DF Designated Forwarder [RFC7432]
Down MEP A MEP that originates traffic away from and terminates
traffic towards the core of the device in whose port it
is logically located.
EVI An EVPN instance spanning the Provider Edge (PE) devices
participating in that EVPN [RFC7432].
L2VPN Layer 2 VPN
LOC Loss of continuity
MA Maintenance Association; a set of MEPs belonging to the
same Maintenance Domain (MD) established to verify the
integrity of a single service instance [IEEE-802.1Q].
MD Maintenance Domain; an OAM Domain that represents a
region over which OAM frames can operate unobstructed
[IEEE-802.1Q].
MEP Maintenance End Point; it is responsible for origination
and termination of OAM frames for a given MA. A MEP is
logically located in a device's port [IEEE-802.1Q].
MIP Maintenance Intermediate Point; it is located between
peer MEPs and can process and respond to certain OAM
frames but does not initiate them. A MIP is logically
located in a device's port [IEEE-802.1Q].
MP2P Multipoint to Point
NMS Network Management Station [RFC6632]
P Provider network interior (non-edge) node
P2MP Point to Multipoint
PBB Provider Backbone Bridge [RFC7623]
PE Provider Edge network device
Up MEP A MEP that originates traffic towards and terminates
traffic from the core of the device in whose port it is
logically located.
VPN Virtual Private Network
2. EVPN OAM Framework
2.1. OAM Layering
Multiple layers come into play for implementing an L2VPN service
using the EVPN family of solutions as listed below. The focus of
this document is the service and network layers.
* The service layer runs end to end between the sites or Ethernet
segments that are being interconnected by the EVPN solution.
* The network layer extends between the EVPN PE (Provider Edge)
nodes and is mostly transparent to the P (provider network
interior) nodes (except where flow entropy comes into play). It
leverages MPLS for service (i.e., EVI) multiplexing and split-
horizon functions.
* The transport layer is dictated by the networking technology of
the PSN. It may be based on either MPLS LSPs or IP.
* The link layer is dependent upon the physical technology used.
Ethernet is a popular choice for this layer, but other
alternatives are deployed (e.g., Packet over SONET (POS), Dense
Wavelength Division Multiplexing (DWDM), etc.).
This layering extends to the set of OAM protocols that are involved
in the ongoing maintenance and diagnostics of EVPN networks.
Figure 1 below depicts the OAM layering and shows which devices have
visibility into what OAM layer(s).
+---+ +---+
+--+ | | +---+ +---+ +---+ | | +--+
|CE|----|PE |----| P |----| P |----| P |----|PE |----|CE|
+--+ | | +---+ +---+ +---+ | | +--+
+---+ +---+
o-------o----------- Service OAM -----------o-------o
o----------- Network OAM -----------o
o--------o--------o--------o--------o Transport OAM
o----o o----o o----o o----o o----o o----o Link OAM
Figure 1: OAM Layering
Service OAM and Network OAM mechanisms only have visibility to the PE
nodes but not the P nodes. As such, they can be used to deduce
whether the fault is in the customer's own network, the local CE-PE
segment, the PE-PE segment, or the remote CE-PE segment(s). EVPN
Transport OAM mechanisms can be used for fault isolation between the
PEs and P nodes.
Figure 2 below shows an example network where Ethernet domains are
interconnected via EVPN using MPLS, and it shows the OAM mechanisms
that are applicable at each layer. The details of the layers are
described in the sections below.
+---+ +---+
+--+ | | +---+ +---+ +---+ | | +--+
|CE|----|PE |----| P |----| P |----| P |----|PE |----|CE|
+--+ | | +---+ +---+ +---+ | | +--+
+---+ +---+
o----o---------- CFM (Service OAM) ----------o----o
o-------- EVPN Network OAM ---------o
o--------o--------o--------o--------o MPLS OAM
o----o o----o o----o o----o o----o o----o 802.3 OAM
[IEEE-802.3]
Figure 2: EVPN OAM Example
2.2. EVPN Service OAM
The EVPN Service OAM protocol depends on what service-layer
technology is being interconnected by the EVPN solution. In the case
of [RFC7432] and [RFC7623], the service layer is Ethernet; hence, the
corresponding Service OAM protocol is Ethernet CFM [IEEE-802.1Q].
EVPN Service OAM is visible to the CEs and EVPN PEs but not to the P
nodes. This is because the PEs operate at the Ethernet MAC layer in
[RFC7432] and [RFC7623], whereas the P nodes do not.
The EVPN PE MUST support MIP functions in the applicable Service OAM
protocol (for example, Ethernet CFM). The EVPN PE SHOULD support MEP
functions in the applicable Service OAM protocol. This includes both
Up and Down MEP functions.
As shown in Figure 3, the MIP and MEP functions being referred to are
logically located within the device's port operating at the customer
level. (There could be MEPs/MIPs within PE ports facing the provider
network, but they would not be relevant to EVPN Service OAM as the
traffic passing through them will be encapsulated/tunneled, so any
customer-level OAM messages will just be treated as data.) Down MEP
functions are away from the core of the device while Up MEP functions
are towards the core of the device (towards the PE forwarding
mechanism in the case of a PE). OAM messages between the PE Up MEPs
shown are a type of EVPN Network OAM, while such messages between the
CEs or from a PE to its local CE or to the remote CE are Service
OAMs.
+-------+ +----------------+ +----------------+ +-------+
|+-----+| |+--------------+| |+--------------+| |+-----+|
|| CE || || PE || ... || PE || || CE ||
|+--+--+| |+---+--------+-+| |+-+--------+---+| |+--+--+|
| | | | | | | | | | | | | |
|+--+--+| |+---+-----+ . | | . +-----+---+| |+--+--+|
|| MEP || || | Up ^| . | ... | . | Up ^| || || MEP ||
||DownV|| ||MIP|MEP | . | | . |MEP |MIP|| ||DownV||
|+--+--+| || |DownV| . | | . |DownV| || |+--+--+|
| | | |+---+-----+ | | | | +-----+---+| | | |
+---|---+ +----|--------|--+ +--|--------|----+ +---|---+
| | | | | |
+------------+ +--- ... ---+ +------------+
Figure 3: CFM Details
The EVPN PE MUST, by default, learn the MAC address of locally
attached CE MEPs by snooping on CFM frames and advertising them to
remote PEs as a MAC/IP Advertisement route. Some means to limit the
number of MAC addresses that a PE will learn SHOULD be implemented.
The EVPN PE SHOULD advertise any MEP/MIP local to the PE as a MAC/IP
Advertisement route. Since these are not subject to mobility, they
SHOULD be advertised with the static (sticky) bit set (see
Section 15.2 of [RFC7432]).
2.3. EVPN Network OAM
EVPN Network OAM is visible to the PE nodes only. This OAM layer is
analogous to Virtual Circuit Connectivity Verification (VCCV)
[RFC5085] in the case of VPLS/VPWS. It provides mechanisms to check
the correct operation of the data plane as well as a mechanism to
verify the data plane against the control plane. This includes the
ability to perform fault detection and diagnostics on:
* the MP2P tunnels used for the transport of unicast traffic between
PEs. EVPN allows for three different models of unicast label
assignment: label per EVI, label per <ESI, Ethernet Tag>, and
label per MAC address. In all three models, the label is bound to
an EVPN Unicast Forwarding Equivalence Class (FEC). EVPN Network
OAM MUST provide mechanisms to check the operation of the data
plane and verify that operation against the control plane view.
* the MP2P tunnels used for aliasing unicast traffic destined to a
multihomed Ethernet segment. The three label assignment models,
discussed above, apply here as well. In all three models, the
label is bound to an EVPN Aliasing FEC. EVPN Network OAM MUST
provide mechanisms to check the operation of the data plane and
verify that operation against the control plane view.
* the multicast tunnels (either MP2P or P2MP) used for the transport
of broadcast, unknown unicast, and multicast traffic between PEs.
In the case of ingress replication, a label is allocated per EVI
or per <EVI, Ethernet Tag> and is bound to an EVPN Multicast FEC.
In the case of Label Switched Multicast (LSM) and, more
specifically, aggregate inclusive trees, again, a label may be
allocated per EVI or per <EVI, Ethernet Tag> and is bound to the
tunnel FEC.
* the correct operation of the Ethernet Segment Identifier (ESI)
split-horizon filtering function. In EVPN, a label is allocated
per multihomed Ethernet segment for the purpose of performing the
access split-horizon enforcement. The label is bound to an EVPN
Ethernet segment.
* the correct operation of the Designated Forwarder (DF) [RFC7432]
filtering function. EVPN Network OAM MUST provide mechanisms to
check the operation of the data plane and verify that operation
against the control plane view for the DF filtering function.
EVPN Network OAM mechanisms MUST provide in-band monitoring
capabilities. It is desirable, to the extent practical, for OAM test
messages to share fate with data messages. Details of how to achieve
this are beyond the scope of this document.
EVPN Network OAM SHOULD provide both proactive and on-demand
mechanisms of monitoring the data plane operation and data plane
conformance to the state of the control plane.
2.4. Transport OAM for EVPN
The Transport OAM protocol depends on the nature of the underlying
transport technology in the PSN. MPLS OAM mechanisms [RFC8029]
[RFC6425] as well as ICMP [RFC0792] and ICMPv6 [RFC4443] are
applicable, depending on whether the PSN employs MPLS or IP
transport, respectively. Furthermore, Bidirectional Forwarding
Detection (BFD) mechanisms per [RFC5880], [RFC5881], [RFC5883], and
[RFC5884] apply. Also, the BFD mechanisms pertaining to MPLS-TP LSPs
per [RFC6428] are applicable.
2.5. Link OAM
Link OAM depends on the data-link technology being used between the
PE and P nodes. For example, if Ethernet links are employed, then
Ethernet Link OAM ([IEEE-802.3], Clause 57) may be used.
2.6. OAM Interworking
When interworking two networking domains, such as actual Ethernet and
EVPN to provide an end-to-end emulated service, there is a need to
identify the failure domain and location, even when a PE supports
both the Service OAM mechanisms and the EVPN Network OAM mechanisms.
In addition, scalability constraints may not allow the running of
proactive monitoring, such as Ethernet Continuity Check Messages
(CCMs) [IEEE-802.1Q], at a PE to detect the failure of an EVI across
the EVPN domain. Thus, the mapping of alarms generated upon failure
detection in one domain (e.g., actual Ethernet or EVPN network
domain) to the other domain is needed. There are also cases where a
PE may not be able to process Service OAM messages received from a
remote PE over the PSN even when such messages are defined, as in the
Ethernet case, thereby necessitating support for fault notification
message mapping between the EVPN Network domain and the Service
domain.
OAM interworking is not limited, though, to scenarios involving
disparate network domains. It is possible to perform OAM
interworking across different layers in the same network domain. In
general, alarms generated within an OAM layer, as a result of
proactive fault detection mechanisms, may be injected into its
client-layer OAM mechanisms. This allows the client-layer OAM to
trigger event-driven (i.e., asynchronous) fault notifications. For
example, alarms generated by the Link OAM mechanisms may be injected
into the Transport OAM layer, and alarms generated by the Transport
OAM mechanism may be injected into the Network OAM mechanism, and so
on.
EVPN OAM MUST support interworking between the Network OAM and
Service OAM mechanisms. EVPN OAM MAY support interworking among
other OAM layers.
3. EVPN OAM Requirements
This section discusses the EVPN OAM requirements pertaining to fault
management and performance management.
3.1. Fault Management Requirements
3.1.1. Proactive Fault Management Functions
The network operator configures proactive fault management functions
to run periodically. Certain actions (for example, protection
switchover or alarm indication signaling) can be associated with
specific events, such as entering or clearing fault states.
3.1.1.1. Fault Detection (Continuity Check)
Proactive fault detection is performed by periodically monitoring the
reachability between service end points, i.e., MEPs in a given MA,
through the exchange of CCMs [IEEE-802.1Q]. The reachability between
any two arbitrary MEPs may be monitored for:
* in-band, per-flow monitoring. This enables per-flow monitoring
between MEPs. EVPN Network OAM MUST support fault detection with
per-user flow granularity. EVPN Service OAM MAY support fault
detection with per-user flow granularity.
* a representative path. This enables a liveness check of the nodes
hosting the MEPs, assuming that the loss of continuity (LOC) to
the MEP is interpreted as a failure of the hosting node. This,
however, does not conclusively indicate liveness of the path(s)
taken by user data traffic. This enables node failure detection
but not path failure detection through the use of a test flow.
EVPN Network OAM and Service OAM MUST support fault detection
using test flows.
* all paths. For MPLS/IP networks with ECMP, the monitoring of all
unicast paths between MEPs (on non-adjacent nodes) may not be
possible since the per-hop ECMP hashing behavior may yield
situations where it is impossible for a MEP to pick flow entropy
characteristics that result in exercising the exhaustive set of
ECMP paths. The monitoring of all ECMP paths between MEPs (on
non-adjacent nodes) is not a requirement for EVPN OAM.
The fact that MPLS/IP networks do not enforce congruency between
unicast and multicast paths means that the proactive fault detection
mechanisms for EVPN networks MUST provide procedures to monitor the
unicast paths independently of the multicast paths. This applies to
EVPN Service OAM and Network OAM.
3.1.1.2. Defect Indication
Defect indications can be categorized into two types: forward and
reverse, as described below. EVPN Service OAM MUST support at least
one of these types of event-driven defect indications upon the
detection of a connectivity defect.
3.1.1.2.1. Forward Defect Indication (FDI)
FDI is used to signal a failure that is detected by a lower-layer OAM
mechanism. A server MEP (i.e., an actual or virtual MEP) transmits a
forward defect indication in a direction away from the direction of
the failure (refer to Figure 4 below).
Failure
|
+-----+ +-----+ V +-----+ +-----+
| A |------| B |--XXX--| C |------| D |
+-----+ +-----+ +-----+ +-----+
<===========| |============>
Forward Forward
Defect Defect
Indication Indication
Figure 4: Forward Defect Indication
Forward defect indication may be used for alarm suppression and/or
for the purpose of interworking with other layer OAM protocols.
Alarm suppression is useful when a transport-level or network-level
fault translates to multiple service- or flow-level faults. In such
a scenario, it is enough to alert a network management station (NMS)
of the single transport-level or network-level fault in lieu of
flooding that NMS with a multitude of Service or Flow granularity
alarms. EVPN PEs SHOULD support forward defect indication in the
Service OAM mechanisms.
3.1.1.2.2. Reverse Defect Indication (RDI)
RDI is used to signal that the advertising MEP has detected a LOC
defect. RDI is transmitted in the direction of the failure (refer to
Figure 5).
Failure
|
+-----+ +-----+ V +-----+ +-----+
| A |------| B |--XXX--| C |------| D |
+-----+ +-----+ +-----+ +-----+
|===========> <============|
Reverse Reverse
Defect Defect
Indication Indication
Figure 5: Reverse Defect Indication
RDI allows single-sided management, where the network operator can
examine the state of a single MEP and deduce the overall health of a
monitored service. EVPN PEs SHOULD support reverse defect indication
in the Service OAM mechanisms. This includes both the ability to
signal a LOC defect to a remote MEP as well as the ability to
recognize RDI from a remote MEP. Note that, in a multipoint MA, RDI
is not a useful indicator of unidirectional fault. This is because
RDI carries no indication of the affected MEP(s) with which the
sender had detected a LOC defect.
3.1.2. On-Demand Fault Management Functions
On-demand fault management functions are initiated manually by the
network operator and continue for a bounded time period. These
functions enable the operator to run diagnostics to investigate a
defect condition.
3.1.2.1. Connectivity Verification
EVPN Network OAM MUST support on-demand connectivity verification
mechanisms for unicast and multicast destinations. The connectivity
verification mechanisms SHOULD provide a means for specifying and
carrying the following in the messages:
* variable-length payload/padding to test connectivity problems
related to the Maximum Transmission Unit (MTU).
* test frame formats as defined in Appendix C of [RFC2544] to detect
potential packet corruption.
EVPN Network OAM MUST support connectivity verification at per-flow
granularity. This includes both user flows (to test a specific path
between PEs) as well as test flows (to test a representative path
between PEs).
EVPN Service OAM MUST support connectivity verification on test flows
and MAY support connectivity verification on user flows.
For multicast connectivity verification, EVPN Network OAM MUST
support reporting on:
* the DF filtering status of a specific port(s) or all the ports in
a given bridge domain.
* the split-horizon filtering status of a specific port(s) or all
the ports in a given bridge domain.
3.1.2.2. Fault Isolation
EVPN OAM MUST support an on-demand fault localization function. This
involves the capability to narrow down the locality of a fault to a
particular port, link, or node. The characteristic of forward/
reverse path asymmetry in MPLS/IP makes fault isolation a direction-
sensitive operation. That is, given two PEs A and B, localization of
continuity failures between them requires running fault-isolation
procedures from PE A to PE B as well as from PE B to PE A.
EVPN Service OAM mechanisms only have visibility to the PEs but not
the MPLS or IP P nodes. As such, they can be used to deduce whether
the fault is in the customer's own network, the local CE-PE segment,
or a remote CE-PE segment(s). EVPN Network and Transport OAM
mechanisms can be used for fault isolation between the PEs and P
nodes.
3.2. Performance Management
Performance management functions can be performed both proactively
and on demand. Proactive management involves a recurring function,
where the performance management probes are run continuously without
a trigger. We cover both proactive and on-demand functions in this
section.
3.2.1. Packet Loss
EVPN Network OAM SHOULD provide mechanisms for measuring packet loss
for a given service -- for example, [RFC7680] and [RFC6673].
Given that EVPN provides inherent support for multipoint-to-
multipoint connectivity, packet loss cannot be accurately measured by
means of counting user data packets. This is because user packets
can be delivered to more PEs or more ports than are necessary (e.g.,
due to broadcast, unpruned multicast, or unknown unicast flooding).
As such, a statistical means of approximating the packet loss rate is
required. This can be achieved by sending "synthetic" OAM packets
that are counted only by those ports (MEPs) that are required to
receive them. This provides a statistical approximation of the
number of data frames lost, even with multipoint-to-multipoint
connectivity.
3.2.2. Packet Delay and Jitter
EVPN Service OAM SHOULD support measurement of one-way and two-way
packet delay and delay variation (jitter) across the EVPN network.
Measurement of one-way delay requires clock synchronization between
the probe source and target devices. Mechanisms for clock
synchronization are outside the scope of this document. Note that
Service OAM performance management mechanisms defined in [Y.1731] can
be used. See also [RFC7679], [RFC2681], and [RFC3393].
EVPN Network OAM MAY support measurement of one-way and two-way
packet delay and delay variation (jitter) across the EVPN network.
4. Security Considerations
EVPN OAM MUST prevent OAM packets from leaking outside of the EVPN
network or outside their corresponding Maintenance Domain. This can
be done for CFM, for example, by having MEPs implement a filtering
function based on the Maintenance Level associated with received OAM
packets.
EVPN OAM SHOULD provide mechanisms for implementation and optional
use to:
* prevent denial-of-service attacks caused by exploitation of the
OAM message channel (for example, by forging messages to exceed a
Maintenance End Point's capacity to maintain state).
* authenticate communicating end points (for example, MEPs and
MIPs).
5. IANA Considerations
This document has no IANA actions.
6. References
6.1. Normative References
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881,
DOI 10.17487/RFC5881, June 2010,
<https://www.rfc-editor.org/info/rfc5881>.
[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for Multihop Paths", RFC 5883, DOI 10.17487/RFC5883,
June 2010, <https://www.rfc-editor.org/info/rfc5883>.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", RFC 5884, DOI 10.17487/RFC5884,
June 2010, <https://www.rfc-editor.org/info/rfc5884>.
[RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu,
D., and S. Mansfield, "Guidelines for the Use of the "OAM"
Acronym in the IETF", BCP 161, RFC 6291,
DOI 10.17487/RFC6291, June 2011,
<https://www.rfc-editor.org/info/rfc6291>.
[RFC6425] Saxena, S., Ed., Swallow, G., Ali, Z., Farrel, A.,
Yasukawa, S., and T. Nadeau, "Detecting Data-Plane
Failures in Point-to-Multipoint MPLS - Extensions to LSP
Ping", RFC 6425, DOI 10.17487/RFC6425, November 2011,
<https://www.rfc-editor.org/info/rfc6425>.
[RFC6428] Allan, D., Ed., Swallow, G., Ed., and J. Drake, Ed.,
"Proactive Connectivity Verification, Continuity Check,
and Remote Defect Indication for the MPLS Transport
Profile", RFC 6428, DOI 10.17487/RFC6428, November 2011,
<https://www.rfc-editor.org/info/rfc6428>.
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
2015, <https://www.rfc-editor.org/info/rfc7432>.
[RFC7623] Sajassi, A., Ed., Salam, S., Bitar, N., Isaac, A., and W.
Henderickx, "Provider Backbone Bridging Combined with
Ethernet VPN (PBB-EVPN)", RFC 7623, DOI 10.17487/RFC7623,
September 2015, <https://www.rfc-editor.org/info/rfc7623>.
[RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N.,
Aldrin, S., and M. Chen, "Detecting Multiprotocol Label
Switched (MPLS) Data-Plane Failures", RFC 8029,
DOI 10.17487/RFC8029, March 2017,
<https://www.rfc-editor.org/info/rfc8029>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
6.2. Informative References
[IEEE-802.1Q]
IEEE, "IEEE Standard for Local and metropolitan area
networks--Bridges and Bridged Networks", IEEE Std 802.1Q-
2014, DOI 10.1109/IEEESTD.2014.6991462, December 2014,
<https://doi.org/10.1109/IEEESTD.2014.6991462>.
[IEEE-802.3]
IEEE, "IEEE Standard for Ethernet", IEEE Std 802.3-2018,
DOI 10.1109/IEEESTD.2018.8457469, August 2018,
<https://doi.org/10.1109/IEEESTD.2018.8457469>.
[RFC2544] Bradner, S. and J. McQuaid, "Benchmarking Methodology for
Network Interconnect Devices", RFC 2544,
DOI 10.17487/RFC2544, March 1999,
<https://www.rfc-editor.org/info/rfc2544>.
[RFC2681] Almes, G., Kalidindi, S., and M. Zekauskas, "A Round-trip
Delay Metric for IPPM", RFC 2681, DOI 10.17487/RFC2681,
September 1999, <https://www.rfc-editor.org/info/rfc2681>.
[RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation
Metric for IP Performance Metrics (IPPM)", RFC 3393,
DOI 10.17487/RFC3393, November 2002,
<https://www.rfc-editor.org/info/rfc3393>.
[RFC5085] Nadeau, T., Ed. and C. Pignataro, Ed., "Pseudowire Virtual
Circuit Connectivity Verification (VCCV): A Control
Channel for Pseudowires", RFC 5085, DOI 10.17487/RFC5085,
December 2007, <https://www.rfc-editor.org/info/rfc5085>.
[RFC6136] Sajassi, A., Ed. and D. Mohan, Ed., "Layer 2 Virtual
Private Network (L2VPN) Operations, Administration, and
Maintenance (OAM) Requirements and Framework", RFC 6136,
DOI 10.17487/RFC6136, March 2011,
<https://www.rfc-editor.org/info/rfc6136>.
[RFC6632] Ersue, M., Ed. and B. Claise, "An Overview of the IETF
Network Management Standards", RFC 6632,
DOI 10.17487/RFC6632, June 2012,
<https://www.rfc-editor.org/info/rfc6632>.
[RFC6673] Morton, A., "Round-Trip Packet Loss Metrics", RFC 6673,
DOI 10.17487/RFC6673, August 2012,
<https://www.rfc-editor.org/info/rfc6673>.
[RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton,
Ed., "A One-Way Delay Metric for IP Performance Metrics
(IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January
2016, <https://www.rfc-editor.org/info/rfc7679>.
[RFC7680] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton,
Ed., "A One-Way Loss Metric for IP Performance Metrics
(IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January
2016, <https://www.rfc-editor.org/info/rfc7680>.
[Y.1731] ITU-T, "Operation, administration and maintenance (OAM)
functions and mechanisms for Ethernet-based networks",
ITU-T Recommendation G.8013/Y.1731, August 2015.
Acknowledgements
The authors would like to thank the following for their review of
this work and their valuable comments: David Black, Martin Duke, Xiao
Min, Gregory Mirsky, Zaheduzzaman Sarker, Dave Schinazi, John
Scudder, Melinda Shore, Robert Wilton, Alexander Vainshtein, Stig
Venaas, and Éric Vyncke.
Authors' Addresses
Samer Salam
Cisco
The Atrium Building, Floor 3
Weygand St.
Beirut
Lebanon
Email: ssalam@cisco.com
Ali Sajassi
Cisco
170 West Tasman Drive
San Jose, CA 95134
United States of America
Email: sajassi@cisco.com
Sam Aldrin
Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
United States of America
Email: aldrin.ietf@gmail.com
John E. Drake
Juniper Networks
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
United States of America
Email: jdrake@juniper.net
Donald E. Eastlake 3rd
Futurewei Technologies
2386 Panoramic Circle
Apopka, FL 32703
United States of America
Phone: +1-508-333-2270
Email: d3e3e3@gmail.com
|
