Updates to MPLS Transport Profile (MPLS-TP) Linear Protection
in Automatic Protection Switching (APS) Mode ETRIryoo@etri.re.krETRIcts@etri.re.krHai Gaoming BVhuubatwork@gmail.comHuawei TechnologiesItalo.Busi@huawei.comHuawei Technologieswenguangjuan@huawei.comMPLS Working GroupAPS modeinitialization
This document contains updates to MPLS Transport Profile (MPLS-TP) linear
protection in Automatic Protection Switching (APS) mode defined in RFC 7271.
The updates provide rules related to the initialization of the Protection
State Coordination (PSC) Control Logic (in which the state machine resides)
when operating in APS mode and clarify the operation related to state
transition table lookup.
MPLS Transport Profile (MPLS-TP) linear protection in Automatic Protection
Switching (APS) mode is defined in RFC 7271 .
It defines a set of alternate and additional mechanisms to perform
some of the functions of linear protection described in
RFC 6378 .
The actions performed at initialization of
the Protection State Coordination (PSC) Control Logic are not described in
either or .
Although it is a common perception that the state machine starts
at the Normal state, this is not explicitly specified in any of
the documents and various questions have been raised by implementers and in discussions on
the MPLS working group mailing list concerning the detailed actions
that the PSC Control Logic should take.
The state machine described in operates under the
assumption that both end nodes of a linear protection domain start
in the Normal state.
In the case that one node reboots while the other node is still in
operation, various scenarios may arise resulting in problematic situations.
This document resolves all the problematic cases and
minimizes traffic disruptions related to initialization,
including both cold and warm reboots
that require re-initialization of the PSC Control Logic.
This document contains updates to the MPLS-TP linear
protection in APS mode defined in
.
The updates provide rules related to initialization of the PSC Control
Logic (in which the state machine resides) when operating in APS mode.
The updates also include modifications to the state transition table
defined in Section 11.2 of .
The changes in the state transition table have been examined to make sure
that no new problems are introduced.
This document does not introduce backward compatibility issues with
implementations of .
In case a node implementing this document restarts,
the new state changes will not cause problems at the remote node
implementing ,
and the two ends will converge to the same local and remote states.
In case a node implementing restarts,
the two ends behave as they do today.
This document also provides some clarifications on the operation
related to state transition table lookup.
The reader of this document is assumed to be familiar with
.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
This document uses the following abbreviations:APSAutomatic Protection SwitchingDNRDo-not-RevertE::RExercise state due to remote EXER messageEXERExerciseMS-PManual Switch to Protection pathMS-WManual Switch to Working pathMPLS-TPMPLS Transport ProfileNRNo RequestPF:DW:RProtecting Failure state due to remote SD-W messagePF:W:LProtecting Failure state due to local SF-WPF:W:RProtecting Failure state due to remote SF-W messagePSCProtection State CoordinationRRReverse RequestSA:MP:RSwitching Administrative state due to remote MS-P messageSA:MW:RSwitching Administrative state due to remote MS-W messageSDSignal DegradeSD-WSignal Degrade on Working pathSFSignal FailSF-PSignal Fail on Protection pathSF-WSignal Fail on Working pathUA:P:LUnavailable state due to local SF-PWTRWait-to-RestoreThis section specifies
the actions that will be performed at the initialization of
the PSC Control Logic and
the modifications of the state transition table
defined in Section 11.2 of .
Some clarifications on the operation
related to state transition table lookup are also provided.
This section defines initialization behavior that is not described in
.
When the PSC Control Logic is initialized,
the following actions MUST be performed:
Stop the WTR timer if it is running.
Clear any operator command in the Local Request Logic.
If an SF-W or SF-P exists as the highest local request,
the node being initialized starts at the PF:W:L or UA:P:L state,
respectively.
If the node being initialized has no local request:
If the node being initialized does not remember the active path or
if the node being initialized remembers the working path as
the active path, the node starts at the Normal state.
Else (the node being initialized remembers the protection path
as the active path), the node starts at the WTR state sending NR(0,1)
or at the DNR state sending DNR(0,1) depending on the configuration
that allows or prevents automatic reversion to the Normal state.
In case any local SD exists, the local SD MUST be considered
as an input to the Local Request Logic only after the local node
has received the first protocol message from the remote node
and completed the processing
(i.e., updated the PSC Control Logic and decided which action, if any,
is to be sent to the PSC Message Generator).
If the local node receives an EXER message
as the first protocol message after initialization and
the remote EXER becomes the top-priority global request,
the local node MUST set the position of the bridge and selector
according to the Path value in the EXER message
and transit to the E::R state.
In the case of no local request, remembering the active path minimizes
traffic switchovers when the remote node is still in
operation. This approach does not cause a problem
even if the remembered active path is no longer valid
due to any local input that occurred at the remote node
while the initializing node was out of operation.
Note that in some restart scenarios (e.g., cold rebooting),
no valid SF/SD indications may be present at the input of the Local Request
Logic.
In this case, the PSC Control Logic restarts
as if no local requests are present.
If a valid SF/SD indication is detected later,
the PSC Control Logic is notified and state change is triggered.
In addition to the initialization behavior described in
,
four cells of the remote state transition table need to be changed
to make two end nodes converge after initialization.
State transition by remote message as defined in Section 11.2 of
is modified as follows
(only modified cells are shown):
The changes in two rows of remote protecting failure states
lead to the replacement of note (10) with DNR; therefore,
note (10) is no longer needed.
The resultant three rows read:
In the tables above, the letters 'i' and 'N' stand for
"ignore" and "Normal state", respectively.
Other abbreviations can be found in .
In addition to the rules related to the state transition table
lookup listed in Section 11 of ,
the following rule is also applied to the operation related to
the state transition table lookup:
When the local SF-P is cleared and the priorities of the
local and remote requests are re-evaluated,
the last received remote message may no longer be valid
due to the previous failure of the protection path.
Therefore, the last received message MUST be treated
as if it were NR and only the local request shall be evaluated.
The last paragraph in Section 11 of
is modified as follows:
No specific security issue is raised in addition to those ones
already documented in .
Note that tightening the description of the initializing behavior
may help to protect networks from restart attacks.
This document does not require any IANA actions.The authors would like to thank Joaquim Serra for raising
the issue related to initialization of the PSC Control Logic
at the very beginning. The authors would also like to thank Adrian Farrel and Loa Andersson
for their valuable comments and suggestions on this document.