MPLS-TP OAM Analysis

OAM (Operations, Administration, and Maintenance) plays a significant and fundamental role in carrier networks, providing methods for fault management and performance monitoring in both the transport and the service layers in order to improve their ability to support services with guaranteed and strict Service Level Agreements (SLAs) while reducing their operational costs. [MPLS-TP Requirements] in general, and [MPLS-TP OAM Requirements] in particular define a set of requirements for OAM functionality in MPLS-Transport Profile (MPLS-TP) for MPLS-TP Label Switched Paths (LSPs) (network infrastructure) and Pseudowires (PWs) (services). The purpose of this document is to analyze the OAM requirements and evaluate whether existing OAM tools defined for MPLS can be used to meet the requirements, identify which tools need to be extended to comply with the requirements, and which new tools need to be defined. The existing tools that are evaluated include LSP Ping (defined in [LSP Ping]), MPLS Bi-directional Forwarding Detection (BFD) (defined in [MPLS BFD]) and Virtual Circuit Connectivity Verification (VCCV) (defined in [PW VCCV] and [VCCV BFD]).

LSP Ping is a variation of ICMP Ping and traceroute [ICMP] adapted to the different needs of MPLS LSP. Forwarding, of the LSP Ping packets, is based upon the LSP Label and label stack, in order to guarantee that the echo messages are switched in-band (i.e. over the same data route) of the LSP. However, it should be noted that the messages are transmitted using IP/UDP encapsulation and IP addresses in the 127/8 (loopback) range. The use of the loopback range guarantees that the LSP Ping messages will be terminated, by a loss of connectivity or inability to continue on the path, without being transmitted beyond the LSP. LSP Ping extends the basic ICMP Ping operation (of data-plane connectivity and continuity check) with functionality to verify data-plane vs. control-plane consistency for a Forwarding Equivalence Class (FEC) and also Maximum Transmission Unit (MTU) problems. The traceroute functionality may be used to isolate and localize the MPLS faults, using the Time-to-live (TTL) indicator to incrementally identify the sub-path of the LSP that is succesfully traversed before the faulty link or node. LSP Ping is not dependent on the MPLS control-plane for its operation, i.e. even though the propagation of the LSP label may be performed over the control-plane via the Label Distribution Protocol (LDP). LSP Ping can be activated both in on-demand and pro-active (asynchronous) modes, as defined in [MPLS-TP OAM Requirements]. [P2MP LSP Ping] clarifies the applicability of LSP Ping to MPLS P2MP LSPs, and extends the techniques and mechanisms of LSP Ping to the MPLS P2MP environment. [LSP Ping over MPLS Tunnels] extends LSP Ping to operate over MPLS tunnels or for a stitched LSP. As pointed out above, TTL exhaust is the method used to terminate flows at intermediate LSRs, usually to locate a problem that was discovered previously. Some of the drawbacks identified with LSP Ping include - LSP Ping is considered to be computational intensive as pointed out in [MPLS BFD]. When LSP bundling is employed in the network, there is no guarantee that the LSP Ping packets will follow the same physical path used by the data traffic.

BFD (Bidirectional Forwarding Detection) is a mechanism that is defined for fast fault detection for point-to-point connections. BFD defines a simple packet that may be transmitted over any protocol, dependent on the application that is employing the mechanism. BFD is dependent upon creation of a session that is agreed upon by both ends of the link (which may be a single link, LSP, etc.) that is being checked. In addition to the control packets that BFD defines, BFD supports an echo function to check the continuity, and verify the reachability of the desired destination. BFD does not support neither a discovery mechanism nor a traceroute capability for fault localization, these must be provided by use of other mechanisms. The BFD packets support authentication between the routers being checked. BFD can be used in pro-active (asynchronous) and on-demand modes, as defined in [MPLS-TP OAM Requirements], of operation. [MPLS BFD] defines the use of BFD for P2P LSP end-points and is used to verify data-plane continuity. It uses a simple hello protocol which can be easily implemented in hardware. The end-points of the LSP exchange hello packets at negotiated regular intervals and an end-point is declared down when expected hello packets do not show up. Failures in each direction can be monitored independently using the same BFD session. The use of the BFD echo function and on-demand activation are outside the scope of the MPLS BFD specification. The BFD session mechanism requires an additional (external) mechanism to bootstrap and bind the session to a particular LSP or FEC. LSP Ping is designated by [MPLS BFD] as the bootstrap mechanism for the BFD session in an MPLS environment. The implication is that the session establishment BFD messages for MPLS are transmitted using a IP/UDP encapsulation. In order to be able to identify certain extreme cases of mis-connectivity, it is necessary that each managed connection have its own unique identifiers. BFD uses Discriminator values to identify the connection being verified, at both ends of the path. These discriminator values are set by each end-node to be unique only in the context of that node. This limited scope of uniqueness would not identify a misconnection of crossing paths that use the same discriminators at their end-points.

PW VCCV provides end-to-end fault detection and diagnostics for PWs (regardless of the underlying tunneling technology). The VCCV switching function provides a control channel associated with each PW (based on the PW Associated Channel Header (ACH) which is defined in [PW-ACH]), and allows sending OAM packets in-band with PW data (using CC Type 1: In-band VCCV) VCCV supports the following OAM mechanisms: ICMP Ping, LSP Ping and BFD. ICMP and LSP Ping are IP encapsulated before being sent over the PW ACH. BFD for VCCV supports two modes of encapsulation - either IP/UDP encapsulated (with IP/UDP header) or PW-ACH encapsulated (with no IP/UDP header) and provides support to signal the AC status. The use of the VCCV control channel provides the context, based on the MPLS-PW label, required to bind and bootstrap the BFD session to a particular pseudo wire (FEC), eliminating the need to exchange Discriminator values. VCCV consists of two components: (1) signaled component to communicate VCCV capabilities as part of VC label, and (2) switching component to cause the PW payload to be treated as a control packet. VCCV is not directly dependent upon the presence of a control plane. The VCCV capability negotiation may be performed as part of the PW signaling when LDP is used. In case of manual configuration of the PW, it is the responsibility of the operator to set consistent options at both ends.

This draft uses the following acronyms: ACAttachment Circuit ACHAssociated Channel Header BFDBidirectional Forwarding Detection FECForwarding Equivalence Class LDPLabel Distribution Protocol LSPLabel Switched Path MEMaintenance Entitity MEPMaintenance End Point MIPMaintenance Intermediate Point MPLS-TPTransport Profile for MPLS OAMOperations, Administration, and Maintenance PWPseudowire RDIRemote Defect Indication SLAService Level Agreement TCTandem Connection TCMETandem Connection Maintenance Entity TTLTime-to-live VCCVVirtual Circuit Connectivity Verification VPCVVirtual Path Connectivity Verification

Section 2 of the document analyzes the requirements that are documented in [MPLS-TP OAM Requirements] and provides basic principles of operation for the OAM functionality that is required. Section 3 evaluates which existing tools can provide coverage for the different OAM functions that are required to support MPLS-TP. Section 4 provides recommendations on what functionality could be covered by the existing toolset and what extensions or new tools would be needed in order to provide full coverage of the OAM functionality for MPLS-TP.

[MPLS-TP OAM Requirements] defines a set of requirements on OAM architecture and general principles of operations which are evaluated below: [MPLS-TP OAM Requirements] requires that OAM mechanisms in MPLS-TP are independent of the transmission media and of the client service being emulated by the PW. The existing tools comply with this requirement. [MPLS-TP OAM Requirements] requires that MPLS-TP OAM MUST be able to operate without IP functionality and without relying on control and/or management planes. It is required that OAM functionality MUST NOT be dependent on IP routing and forwarding capabilities. The existing tools do not rely on control and/or management plane, however the following should be observed regarding the reliance on IP functionality: LSP Ping, VCCV Ping, and MPLS BFD makes use of IP header (UDP/IP) and do not comply with the requirement. In the on-demand mode, LSP Ping also uses IP forwarding to reply back to the source router. This dependence on IP, has further implications concerning the use of LSP Ping as the bootstrap mechanism for BFD for MPLS. VCCV BFD supports the use of PW-ACH encapsulated BFD sessions for PWs and can comply with the requirement. [MPLS-TP OAM Requirements] requires that OAM tools for fault management do not rely on user traffic, and the existing MPLS OAM tools already comply with this requirement. It is also required that OAM packets and the user traffic are congruent (i.e. OAM packets are transmitted in-band) and there is a need to differentiate OAM packets from user-plane ones. For PWs, VCCV provides a control channel that can be associated with each PW which allows sending OAM packets in band of PWs and allow the receiving end-point to intercept, interpret, and process them locally as OAM messages. VCCV defines different VCCV Connectivity Verification Types for MPLS (like ICMP Ping, LSP Ping and IP/UDP encapsulated BFD and PW-ACH encapsulated BFD). Currently there is no distinct OAM payload identifier in MPLS shim. BFD and LSP Ping packets for LSPs are carried over UDP/IP and are addressed to the loopback address range. The router at the end-point intercepts, interprets, and processes the packets. [MPLS-TP OAM Requirements] requires that the MPLS-TP OAM mechanism allows the propagation of AC (Attachment Circuit) failures and their clearance across a MPLS-TP domain BFD for VCCV supports a mechanism for "Fault detection and AC/PW Fault status signaling." This can be used for both IP/UDP encapsulated or PW-ACH encapsulated BFD sessions, i.e. by setting the appropriate VCCV Connectivity Verification Type.This mechanism could support this requirement. [MPLS-TP OAM Requirements] defines Maintenance Domain, Maintenance End Points (MEPs) and Maintenance Intermediate Points (MIPs). Means should be defined to provision these entities, both by static configuration (as it is required to operate OAM in the absence of any control plane or dynamic protocols) and by a control plane. [MPLS-TP OAM Requirements] requires a single OAM technology and consistent OAM capabilities for LSPs, PWs, MPLS-TP Links, and Tandem Connections. There is currently no mechanism in the IETF to support OAM for Tandem Connections. Also, the existing set of tools defines a different way of operating the OAM functions (e.g. LSP Ping to bootstrap MPLS BFD vs. VCCV). [MPLS-TP OAM Requirements] requires allowing OAM packets to be directed to an intermediate node (MIP) of a LSP/PW. Technically, this could be supported by the proper setting of the TTL value. However, the applicability of such a solution needs to be examined per OAM function. For details, see below. [MPLS-TP OAM Requirements] suggests that OAM messages MAY be authenticated. BFD has a support for authentication. Other tools should support this capability as well.

Based on the requirements analysis above, the following guidelines should be followed to create an OAM environment that could more fully support the requirements cited: Extend the PW Associate Channel Header (ACH) to provide a control channel at the path and section levels. This could then be associated with a MPLS-TP Link, LSP, or a Tandem Connection (TC). The ACH should then become a common mechanism for PW, LSP, MPLS-TP Link, and Tandem Connection. Create a VPCV (Virtual Path Connectivity Verification) definition that would apply the definitions and functionality of VCCV to the MPLS-TP environment for LSP or Tandem Connection. Need a generalized addressing scheme that can also support unique identification of the monitored paths (or connections). Create or extend the VCCV definition to define a mechanism that would apply the definitions and functionality of VCCV to PW Tandem Connections Apply BFD to these new mechanisms using the control channel encapsulation, as defined above – allowing use of BFD for MPLS-TP independent of IP functionality. Define a mechanism to create TCME and allow transmission of the traffic via the Tandem Connection using label stacking. Define a mechanism that could be used to address a MIP of a path in a unique way, to support the maintenance functions. This addressing should be flexible to allow support for different addressing schemes, and would supplement the TTL addressing of intermediate points. Creating these extensions/mechanisms would fulfill the following architectural requirements, mentioned above: Independence of IP forwarding and routing. OAM packets should be transmitted in-band. Support a single OAM technology for LSP, PW, MPLS-TP Link, and TC. In addition, the following additional requirements can be satisfied: Provide the ability to carry other types of communications (e.g., APS, Management Control Channel (MCC), Signalling Control Channel (SCC)), by defining new types of communication channels for PWs, MPLS-TP Links, and LSPs. The design of the OAM mechanisms for MPLS-TP MUST allow the ability to support vendor specific and experimental OAM functions.

The following sections discuss the required OAM functions that were identified in [MPLS-TP OAM Requirements]. LSP Ping is not considered a candidate to fulfill the required functionality, due its failure to comply with the basic architectural requirement for independence from IP routing and forwarding, as documented in Section 2 of this document. However, usage of LSP Ping, in addition to the MPLS-TP OAM tools, or in MPLS-TP deployments with IP functionality is not precluded.

Continuity and Connectivity Verification (CC-V) are OAM operations generally used in tandem, and compliment each other. Together they are used to detect loss of traffic continuity and misconnections between MEPs and are useful for applications like Fault Management, Performance Monitoring and Protection Switching, etc. To guarantee that CC-V can identify misconnections from cross-connections it is necessary that the tool use network-wide unique identifiers for the path that is being checked in the session.

BFD defines functionality that can be used to support the pro-active OAM CC-V function when operated in the asynchronous mode. However, the current definition of basic BFD is dependent on use of LSP Ping to bootstrap the BFD session. Regarding the connectivity functional aspects, basic BFD has a limitation that it uses only locally unique session identifiers. VCCV can be used to carry BFD packets that are not IP/UDP encapsulated for CC-V on a PW and use the PW label to identify the path.

There is currently no tool that gives coverage for both aspects of CC-V functionality. One possible option, is to extend BFD to fill the gaps indicated above. The extension would include: A mechanism should be defined to carry BFD packets over LSP without reliance on IP functionality. A mechanism should be defined to bootstrap BFD sessions for MPLS that is not dependent on UDP. BFD needs to be used in conjunction with "globally" unique identifiers for the path or ME being checked to allow connectivity verfication support. There are two possibilities, to allow BFD to support this new type of identifier – Change the semantics of the two Discriminator fields that exist in BFD and have each node select the ME unique identifier. This may have backward compatibility implications. Create a new optional field in the packet carrying the BFD that would identify the path being checked, in addition to the existing session identifiers. Extensions to BFD would be needed to cover P2MP connections. An additional option would be to create a new tool that would give coverage for both aspects of CC-V according to the requirements and the principles of operation (see section 2.1). This option is less preferable.

Extend BFD to resolve the gaps, using a new optional field for the unique path identifier. Note that [MP BFD] defines a method for using BFD to provide verification of multipoint or multicast connectivity.

Alarm Suppression is a function that is used by a server layer MEP to notify a failure condition to its client layer MEP(s) in order to suppress alarms that may be generated by maintenance domains of the client layer as a result of the failure condition in the server layer. This function should also have the capability to differentiate an administrative lock from a failure condition at a different execution level.

There is no mechanism defined in the IETF to support this function.

Define a tool to support Alarm Suppression.

Packet Loss Measurement is a function that is used to verify the quality of the service. This function indicates the ratio of packets that are not delivered out of all packets that are transmitted by the path source. There are two possible ways of determining this measurement – Using OAM packets, it is possible to compute the statistics based on a series of OAM packets. This, however, has the disadvantage of being artificial, and may not be representative since part of the packet loss may be dependent upon packet sizes. Sending delimiting messages for the start and end of a measurement period during which the source and sink of the path count the packets transmitted and received. After the end delimiter, the ratio would be calculated by the path OAM entity.

There is no mechanism defined in the IETF to support this function.

Define a mechanism to support Packet Loss Measurement, based on the delimiting messages. This would include a way for delimiting the periods for monitoring the packet transmissions to measure the loss ratios, and computation of the ratio between received and transmitted packets.

A diagnostic test is a function that is used between MEPs to verify bandwidth throughput, packet loss, bit errors, etc.

There is no mechanism defined in the IETF to support this function.

Define a tool to support Diagnostic Test.

Route Determination is used to determine the route of a connection across the MPLS transport network.

LSP Ping supports a trace route function that could be used but as it does not comply with the requirement for OAM functions to be independent of IP routing and forwarding capabilities. Therefore, it can not be utilized for MPLS-TP

Define a new tool to support Route Determination.

Delay Measurement is a function that is used to measure one-way or two-way delay of a packet transmission between a pair of MEPs. Where: One-way packet delay is the time elapsed from the start of transmission of the first bit of the packet by a source node until the reception of the first bit of that packet by the destination node. Two-way packet delay is the time elapsed from the start of transmission of the first bit of the packet by a source node until the reception of the last bit of the loop-backed packet by the same source node, when the loopback is performed at the packet's destination node. Similarly to the packet loss measurement this could be performed in one of two ways – Using OAM packets – checking delay (either one-way or two-way) in transmission of OAM packets. May not fully reflect delay of larger packets, however, gives feedback on general service level. Using delimited periods of transmission – may be too intrusive on the client traffic.

There is no mechanism defined in the IETF that fulfills all of the MPLS-TP OAM requirements.

Define a mechanism that would allow to support Delay Measurement. The mechanism should be based on measurement of the delay in transmission and reception of OAM packets, transmitted in-band with normal traffic.

Remote Defect Indication (RDI) is used by a MEP to notify its peer MEP that a defect is detected on a bi-directional connection between them. This function should be supported in pro-active mode.

There is no mechanism defined in the IETF to fully support this functionality, however BFD supports a mechanism of informing the far-end that the session has gone down, and the Diagnostic field indicates the reason.

Either create a dedicated mechanism for this functionality or extend the BFD session functionality to support the functionality without disrupting the CC or CV functionality.

Client Fail Indication (CFI) function is used to propagate an indication of a failure to the far-end sink when alarm suppression in the client layer is not supported.

There is a possibility of using the BFD over VCCV mechanism for "Fault detection and AC/PW Fault status signalling". However, there is a need to differentiate between faults on the AC and the PW.

Either extend the BFD tool or define a tool to support Client Fail Indication propagation.

Define a maintenance entity that could be applied both to LSPs and PWs that would support management of a sub-path. This entity should allow for transmission of traffic by means of label stacking and proper TTL setting. Extend the control and the management planes to support the configuration of the OAM maintenance entities and the set of functions to be supported by these entities. Extend the ACH to provide a control channel for MPLS-TP Links, LSPs, and Tandem Connections. Define a mechanism that would allow the unique addressing of the elements that need to be monitored, e.g., the connections, MEPs, and MIPs of a path. This mechanism needs to be flexible enough to support different addressing schemes, e.g. IP addresses, NSAP, connection names. Define a VPCV mechanism for LSP and Tandem Connection. This mechanism should reuse, as much as possible, the same principles of operation as VCCV. The ACH should be extended to support CV types for each of the tools that are defined below, in a way that is consistent for PW, LSP and Tandem Connection. The appropriate assignment of network-wide unique identifiers needed to support connectivity verification should be considered. Tools should be defined to support the following functions: On-demand connectivity verification Alarm suppression Packet loss measurement Diagnostic test Route determination Delay measurement Remote defect indication Client fail indication The tools may have the capability to authenticate the messages.

This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC.

This document does not by itself raise any particular security considerations.

The authors wish to thank xxxxxxx for his review and proposed enhancements to the text.