Network Working Group M. Bocci Request for Comments: 5659 Alcatel-Lucent Category: Informational S. Bryant Cisco Systems October 2009
Network Working Group M. Bocci Request for Comments: 5659 Alcatel-Lucent Category: Informational S. Bryant Cisco Systems October 2009
An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge
一种多段伪线边到边仿真体系结构
Abstract
摘要
This document describes an architecture for extending pseudowire emulation across multiple packet switched network (PSN) segments. Scenarios are discussed where each segment of a given edge-to-edge emulated service spans a different provider's PSN, as are other scenarios where the emulated service originates and terminates on the same provider's PSN, but may pass through several PSN tunnel segments in that PSN. It presents an architectural framework for such multi-segment pseudowires, defines terminology, and specifies the various protocol elements and their functions.
本文档描述了跨多个分组交换网络(PSN)段扩展伪线仿真的体系结构。讨论了给定边到边仿真服务的每个段跨越不同提供商的PSN的场景,以及仿真服务在同一提供商的PSN上发起和终止,但可能通过该PSN中的多个PSN隧道段的其他场景。它给出了这种多段伪线的体系结构框架,定义了术语,并指定了各种协议元素及其功能。
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright and License Notice
版权及许可证公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括《信托法律条款》第4.e节中所述的简化BSD许可文本,并且提供BSD许可中所述的代码组件时不提供任何担保。
Table of Contents
目录
1. Introduction ....................................................3 1.1. Motivation and Context .....................................3 1.2. Non-Goals of This Document .................................6 1.3. Terminology ................................................6 2. Applicability ...................................................8 3. Protocol Layering Model .........................................8 3.1. Domain of MS-PW Solutions ..................................9 3.2. Payload Types ..............................................9 4. Multi-Segment Pseudowire Reference Model ........................9 4.1. Intra-Provider Connectivity Architecture ..................11 4.1.1. Intra-Provider Switching Using ACs .................11 4.1.2. Intra-Provider Switching Using PWs .................11 4.2. Inter-Provider Connectivity Architecture ..................11 4.2.1. Inter-Provider Switching Using ACs .................12 4.2.2. Inter-Provider Switching Using PWs .................12 5. PE Reference Model .............................................13 5.1. Pseudowire Pre-Processing .................................13 5.1.1. Forwarding .........................................13 5.1.2. Native Service Processing ..........................14 6. Protocol Stack Reference Model .................................14 7. Maintenance Reference Model ....................................15 8. PW Demultiplexer Layer and PSN Requirements ....................16 8.1. Multiplexing ..............................................16 8.2. Fragmentation .............................................17 9. Control Plane ..................................................17 9.1. Setup and Placement of MS-PWs .............................17 9.2. Pseudowire Up/Down Notification ...........................18 9.3. Misconnection and Payload Type Mismatch ...................18 10. Management and Monitoring .....................................18 11. Congestion Considerations .....................................19 12. Security Considerations .......................................20 13. Acknowledgments ...............................................23 14. References ....................................................23 14.1. Normative References .....................................23 14.2. Informative References ...................................23
1. Introduction ....................................................3 1.1. Motivation and Context .....................................3 1.2. Non-Goals of This Document .................................6 1.3. Terminology ................................................6 2. Applicability ...................................................8 3. Protocol Layering Model .........................................8 3.1. Domain of MS-PW Solutions ..................................9 3.2. Payload Types ..............................................9 4. Multi-Segment Pseudowire Reference Model ........................9 4.1. Intra-Provider Connectivity Architecture ..................11 4.1.1. Intra-Provider Switching Using ACs .................11 4.1.2. Intra-Provider Switching Using PWs .................11 4.2. Inter-Provider Connectivity Architecture ..................11 4.2.1. Inter-Provider Switching Using ACs .................12 4.2.2. Inter-Provider Switching Using PWs .................12 5. PE Reference Model .............................................13 5.1. Pseudowire Pre-Processing .................................13 5.1.1. Forwarding .........................................13 5.1.2. Native Service Processing ..........................14 6. Protocol Stack Reference Model .................................14 7. Maintenance Reference Model ....................................15 8. PW Demultiplexer Layer and PSN Requirements ....................16 8.1. Multiplexing ..............................................16 8.2. Fragmentation .............................................17 9. Control Plane ..................................................17 9.1. Setup and Placement of MS-PWs .............................17 9.2. Pseudowire Up/Down Notification ...........................18 9.3. Misconnection and Payload Type Mismatch ...................18 10. Management and Monitoring .....................................18 11. Congestion Considerations .....................................19 12. Security Considerations .......................................20 13. Acknowledgments ...............................................23 14. References ....................................................23 14.1. Normative References .....................................23 14.2. Informative References ...................................23
RFC 3985 [1] defines the architecture for pseudowires, where a pseudowire (PW) both originates and terminates on the edge of the same packet switched network (PSN). The PW label is unchanged between the originating and terminating provider edges (PEs). This is now known as a single-segment pseudowire (SS-PW).
RFC 3985[1]定义了伪线的体系结构,其中伪线(PW)在同一分组交换网络(PSN)的边缘发起和终止。原始和终止提供程序边缘(PE)之间的PW标签保持不变。这现在被称为单段伪导线(SS-PW)。
This document extends the architecture in RFC 3985 to enable point-to-point pseudowires to be extended through multiple PSN tunnels. These are known as multi-segment pseudowires (MS-PWs). Use cases for multi-segment pseudowires (MS-PWs), and the consequent requirements, are defined in RFC 5254 [5].
本文档扩展了RFC 3985中的体系结构,使点对点伪线能够通过多个PSN隧道进行扩展。这些被称为多段伪导线(MS PWs)。RFC 5254[5]中定义了多段伪导线(MS PWs)的用例和后续要求。
RFC 3985 addresses the case where a PW spans a single segment between two PEs. Such PWs are termed single-segment pseudowires (SS-PWs) and provide point-to-point connectivity between two edges of a provider network. However, there is now a requirement to be able to construct multi-segment pseudowires. These requirements are specified in RFC 5254 [5] and address three main problems:
RFC 3985解决了PW跨越两个PE之间的单个段的情况。此类PW被称为单段伪线(SS PW),并在提供商网络的两个边缘之间提供点对点连接。然而,现在需要能够构造多段伪导线。RFC 5254[5]中规定了这些要求,并解决了三个主要问题:
i. How to constrain the density of the mesh of PSN tunnels when the number of PEs grows to many hundreds or thousands, while minimizing the complexity of the PEs and P-routers.
i. 当PEs数量增长到数百或数千时,如何约束PSN隧道的网格密度,同时最小化PEs和P路由器的复杂性。
ii. How to provide PWs across multiple PSN routing domains or areas in the same provider.
二,。如何跨同一提供商中的多个PSN路由域或区域提供PWs。
iii. How to provide PWs across multiple provider domains and different PSN types.
iii.如何跨多个提供商域和不同PSN类型提供PWs。
Consider a single PW domain, such as that shown in Figure 1. There are 4 PEs, and PWs must be provided from any PE to any other PE. PWs can be supported by establishing a full mesh of PSN tunnels between the PEs, requiring a full mesh of LDP signaling adjacencies between the PEs. PWs can therefore be established between any PE and any other PE via a single, direct PSN tunnel that is switched only by intermediate P-routers (not shown in the figure). In this case, each PW is an SS-PW. A PE must terminate all the pseudowires that are carried on the PSN tunnels that terminate on that PE, according to the architecture of RFC 3985. This solution is adequate for small numbers of PEs, but the number of PEs, PSN tunnels, and signaling adjacencies will grow in proportion to the square of the number of PEs.
考虑单个PW域,如图1所示。共有4个PE,必须从任何PE向任何其他PE提供PWs。可通过在PEs之间建立完整的PSN隧道网格来支持PWs,这需要在PEs之间建立完整的LDP信令邻接网格。因此,可通过仅由中间P路由器(图中未显示)交换的单个直接PSN隧道在任何PE和任何其他PE之间建立PWs。在这种情况下,每个PW都是SS-PW。根据RFC 3985的体系结构,PE必须终止在该PE上终止的PSN隧道上承载的所有伪线。此解决方案适用于少量PE,但PE、PSN隧道和信令邻接的数量将与PE数量的平方成比例增长。
For reasons of economy, the edge PEs that terminate the attachment circuits (ACs) are often small devices built to very low cost with limited processing power. Consider an example where a particular PE, residing at the edge of a provider network, terminates N PWs to/from N different remote PEs. This needs N PW signaling adjacencies to be set up and maintained. If the edge PE attaches to a single intermediate PE that is able to switch the PW, that edge PE only needs a single adjacency to signal and maintain all N PWs. The intermediate switching PE (which is a larger device) needs M signaling adjacencies, but statistically this is less than tN, where t is the number of edge PEs that it is serving. Similarly, if the PWs are running over TE PSN tunnels, there is a statistical reduction in the number of TE PSN tunnels that need to be set up and maintained between the various PEs.
出于经济原因,终止连接电路(ACs)的边缘PE通常是以非常低的成本和有限的处理能力构建的小型设备。考虑一个例子,其中一个特定的PE驻留在提供者网络的边缘,终止n个PWS到/来自n个不同的远程PES。这需要建立和维护N PW信令邻接。如果边缘PE连接到能够切换PW的单个中间PE,则该边缘PE仅需要单个邻接来发送信号并保持所有N个PW。中间交换PE(更大的设备)需要M个信令邻接,但从统计上看,这小于tN,其中t是它所服务的边缘PE的数量。类似地,如果PWs在TE PSN隧道上运行,则需要在不同PEs之间设置和维护的TE PSN隧道数量会有统计上的减少。
One possible solution that is more efficient for large numbers of PEs, in particular for the control plane, is therefore to support a partial mesh of PSN tunnels between the PEs, as shown in Figure 1. For example, consider a PW service whose endpoints are PE1 and PE4. Pseudowires for this can take the path PE1->PE2->PE4 and, rather than terminating at PE2, be switched between ingress and egress PSN tunnels on that PE. This requires a capability in PE2 that can concatenate PW segments PE1-PE2 to PW segments PE2-PE4. The end-to-end PW is known as a multi-segment PW.
因此,对于大量PEs,尤其是对于控制平面,一种可能更有效的解决方案是支持PEs之间PSN隧道的部分网格,如图1所示。例如,考虑一个PW服务,其端点是PE1和PE4。用于此目的的伪线可以采用路径PE1->PE2->PE4,并且可以在该PE上的入口和出口PSN隧道之间切换,而不是在PE2处终止。这需要PE2中能够将PW段PE1-PE2连接到PW段PE2-PE4的能力。端到端PW称为多段PW。
,,..--..,,_ .-`` `'., +-----+` '+-----+ | PE1 |---------------------| PE2 | | |---------------------| | +-----+ PSN Tunnel +-----+ / || || \ / || || \ | || || | | || PSN || | | || || | \ || || / \ || || / \|| ||/ +-----+ +-----+ | PE3 |---------------------| PE4 | | |---------------------| | +-----+`'.,_ ,.'` +-----+ `'''---''``
,,..--..,,_ .-`` `'., +-----+` '+-----+ | PE1 |---------------------| PE2 | | |---------------------| | +-----+ PSN Tunnel +-----+ / || || \ / || || \ | || || | | || PSN || | | || || | \ || || / \ || || / \|| ||/ +-----+ +-----+ | PE3 |---------------------| PE4 | | |---------------------| | +-----+`'.,_ ,.'` +-----+ `'''---''``
Figure 1: PWs Spanning a Single PSN with Partial Mesh of PSN Tunnels
图1:PSN隧道部分网格跨越单个PSN的PWs
Figure 1 shows a simple, flat PSN topology. However, large provider networks are typically not flat, consisting of many domains that are connected together to provide edge-to-edge services. The elements in each domain are specialized for a particular role, for example, supporting different PSN types or using different routing protocols.
图1显示了一个简单、平坦的PSN拓扑。然而,大型提供商网络通常不是扁平的,由许多连接在一起以提供边到边服务的域组成。每个域中的元素专门用于特定的角色,例如,支持不同的PSN类型或使用不同的路由协议。
An example application is shown in Figure 2. Here, the provider's network is divided into three domains: two access domains and the core domain. The access domains represent the edge of the provider's network at which services are delivered. In the access domain, simplicity is required in order to minimize the cost of the network. The core domain must support all of the aggregated services from the access domains, and the design requirements here are for scalability, performance, and information hiding (i.e., minimal state). The core must not be exposed to the state associated with large numbers of individual edge-to-edge flows. That is, the core must be simple and fast.
图2显示了一个示例应用程序。在这里,提供商的网络分为三个域:两个访问域和核心域。访问域表示服务交付的提供商网络的边缘。在接入域中,为了最小化网络成本,需要简单性。核心域必须支持来自访问域的所有聚合服务,这里的设计要求是可伸缩性、性能和信息隐藏(即最小状态)。堆芯不得暴露于与大量单个边到边流相关的状态。也就是说,核心必须简单快速。
In a traditional layer 2 network, the interconnection points between the domains are where services in the access domains are aggregated for transport across the core to other access domains. In an IP network, the interconnection points could also represent interworking points between different types of IP networks, e.g., those with MPLS and those without, and points where network policies can be applied.
在传统的第2层网络中,域之间的互连点是接入域中的服务聚合的地方,用于跨核心传输到其他接入域。在IP网络中,互连点还可以表示不同类型的IP网络之间的互通点,例如,具有MPLS和不具有MPLS的IP网络,以及可以应用网络策略的点。
<-------- Edge to Edge Emulated Services ------->
<-------- Edge to Edge Emulated Services ------->
,' . ,-` `', ,' . / \ .` `, / \ / \ / , / \ AC +----+ +----+ +----+ +----+ AC ---| PE |-----| PE |---------------| PE |-------| PE |--- | 1 | | 2 | | 3 | | 4 | +----+ +----+ +----+ +----+ \ / \ / \ / \ / \ Core ` \ / `, ` . ,` `, ` '-'` `., _.` '-'` Access 1 `''-''` Access 2
,' . ,-` `', ,' . / \ .` `, / \ / \ / , / \ AC +----+ +----+ +----+ +----+ AC ---| PE |-----| PE |---------------| PE |-------| PE |--- | 1 | | 2 | | 3 | | 4 | +----+ +----+ +----+ +----+ \ / \ / \ / \ / \ Core ` \ / `, ` . ,` `, ` '-'` `., _.` '-'` Access 1 `''-''` Access 2
Figure 2: Multi-Domain Network Model
图2:多域网络模型
A similar model can also be applied to inter-provider services, where a single PW spans a number of separate provider networks in order to connect ACs residing on PEs in disparate provider networks. In this case, each provider will typically maintain their own PE at the border of their network in order to apply policies such as security
类似的模型也可应用于提供商间服务,其中单个PW跨越多个独立的提供商网络,以便连接驻留在不同提供商网络中的PEs上的ACs。在这种情况下,每个提供商通常会在其网络边界维护自己的PE,以便应用安全等策略
and Quality of Service (QoS) to PWs entering their network. Thus, the connection between the domains will normally be a link between two PEs on the border of each provider's network.
以及对进入其网络的PWs的服务质量(QoS)。因此,域之间的连接通常是每个提供商网络边界上两个PE之间的链路。
Consider the application of this model to PWs. PWs use tunneling mechanisms such as MPLS to enable the underlying PSN to emulate characteristics of the native service. One solution to the multi-domain network model above is to extend PSN tunnels edge-to-edge between all of the PEs in access domain 1 and all of the PEs in access domain 2, but this requires a large number of PSN tunnels, as described above, and also exposes the access and the core of the network to undesirable complexity. An alternative is to constrain the complexity to the network domain interconnection points (PE2 and PE3 in the example above). Pseudowires between PE1 and PE4 would then be switched between PSN tunnels at the interconnection points, enabling PWs from many PEs in the access domains to be aggregated across only a few PSN tunnels in the core of the network. PEs in the access domains would only need to maintain direct signaling sessions and PSN tunnels, with other PEs in their own domain, thus minimizing complexity of the access domains.
考虑该模型在PWs中的应用。PWs使用隧道机制(如MPLS)使底层PSN能够模拟本机服务的特征。上述多域网络模型的一个解决方案是在接入域1中的所有PE和接入域2中的所有PE之间沿边到边扩展PSN隧道,但这需要大量的PSN隧道,如上所述,并且还将网络的接入和核心暴露于不期望的复杂性。另一种方法是将复杂性限制在网络域互连点(上述示例中的PE2和PE3)。然后,PE1和PE4之间的伪线将在互连点的PSN隧道之间切换,从而使得来自接入域中许多PE的PW能够在网络核心中的几个PSN隧道之间聚合。接入域中的PE只需要维护直接信令会话和PSN隧道,其他PE在其自己的域中,从而最小化接入域的复杂性。
The following are non-goals for this document:
以下是本文件的非目标:
o The on-the-wire specification of PW encapsulations.
o PW封装的在线规范。
o The detailed specification of mechanisms for establishing and maintaining multi-segment pseudowires.
o 建立和维护多段伪导线机制的详细规范。
The terminology specified in RFC 3985 [1] and RFC 4026 [2] applies. In addition, we define the following terms:
RFC 3985[1]和RFC 4026[2]中规定的术语适用。此外,我们定义了以下术语:
o PW Terminating Provider Edge (T-PE). A PE where the customer-facing attachment circuits (ACs) are bound to a PW forwarder. A terminating PE is present in the first and last segments of an MS-PW. This incorporates the functionality of a PE as defined in RFC 3985.
o PW端接提供程序边缘(T-PE)。一种PE,其中面向客户的连接电路(ACs)绑定到PW转发器。终端PE出现在MS-PW的第一段和最后一段中。这包括RFC 3985中定义的PE功能。
o Single-Segment Pseudowire (SS-PW). A PW set up directly between two T-PE devices. The PW label is unchanged between the originating and terminating T-PEs.
o 单段伪导线(SS-PW)。直接在两个T-PE设备之间设置的PW。起始和终止T-PE之间的PW标签保持不变。
o Multi-Segment Pseudowire (MS-PW). A static or dynamically configured set of two or more contiguous PW segments that behave and function as a single point-to-point PW. Each end of an MS-PW, by definition, terminates on a T-PE.
o 多段伪导线(MS-PW)。由两个或多个连续PW段组成的静态或动态配置集,其行为和功能类似于单个点对点PW。根据定义,MS-PW的每一端终止于T-PE。
o PW Segment. A part of a single-segment or multi-segment PW, which traverses one PSN tunnel in each direction between two PE devices, T-PEs, and/or S-PEs (switching PE).
o PW段。单段或多段PW的一部分,在两个PE设备T-PE和/或S-PE(交换PE)之间的每个方向上穿过一个PSN隧道。
o PW Switching Provider Edge (S-PE). A PE capable of switching the control and data planes of the preceding and succeeding PW segments in an MS-PW. The S-PE terminates the PSN tunnels of the preceding and succeeding segments of the MS-PW. It therefore includes a PW switching point for an MS-PW. A PW switching point is never the S-PE and the T-PE for the same MS-PW. A PW switching point runs necessary protocols to set up and manage PW segments with other PW switching points and terminating PEs. An S-PE can exist anywhere a PW must be processed or policy applied. It is therefore not limited to the edge of a provider network.
o PW交换提供程序边缘(S-PE)。一种能够在MS-PW中切换前一个PW段和后一个PW段的控制平面和数据平面的PE。S-PE终止MS-PW之前和后续段的PSN隧道。因此,它包括MS-PW的PW开关点。PW切换点绝不是同一MS-PW的S-PE和T-PE。PW交换点运行必要的协议,以设置和管理与其他PW交换点和终端PE的PW段。S-PE可以存在于必须处理PW或应用策略的任何位置。因此,它不限于提供商网络的边缘。
Note that it was originally anticipated that S-PEs would only be deployed at the edge of a provider network where they would be used to switch the PWs of different service providers. However, as the design of MS-PW progressed, other applications for MS-PW were recognized. By this time S-PE had become the accepted term for the equipment, even though they were no longer universally deployed at the provider edge.
请注意,最初预计S-PEs将仅部署在提供商网络的边缘,用于切换不同服务提供商的PWs。然而,随着MS-PW设计的进展,MS-PW的其他应用也得到了认可。此时,S-PE已成为设备的公认术语,尽管它们不再普遍部署在提供商边缘。
o PW Switching. The process of switching the control and data planes of the preceding and succeeding PW segments in a MS-PW.
o PW开关。在MS-PW中切换前一个和后一个PW段的控制平面和数据平面的过程。
o PW Switching Point. The reference point in an S-PE where the switching takes place, e.g., where PW label swap is executed.
o PW开关点。S-PE中发生切换的参考点,如PW标签交换执行的位置。
o Eligible S-PE or T-PE. An eligible S-PE or T-PE is a PE that meets the security and privacy requirements of the MS-PW, according to the network operator's policy.
o 合格的S-PE或T-PE。根据网络运营商的政策,合格的S-PE或T-PE是符合MS-PW安全和隐私要求的PE。
o Trusted S-PE or T-PE. A trusted S-PE or T-PE is a PE that is understood to be eligible by its next-hop S-PE or T-PE, while a trust relationship exists between two S-PEs or T-PEs if they mutually consider each other to be eligible.
o 受信任的S-PE或T-PE。一个可信的S PE或T-PE是一个PE,被理解为符合其下一跳的S- PE或T-PE,而在两个S PES或T-PES之间存在信任关系,如果它们相互考虑彼此是合格的。
An MS-PW is a single PW that, for technical or administrative reasons, is segmented into a number of concatenated hops. From the perspective of a Layer 2 Virtual Private Network (L2VPN), an MS-PW is indistinguishable from an SS-PW. Thus, the following are equivalent from the perspective of the T-PE:
MS-PW是单个PW,出于技术或管理原因,将其分割为多个串联跃点。从第二层虚拟专用网(L2VPN)的角度来看,MS-PW与SS-PW无法区分。因此,从T-PE的角度来看,以下内容是等效的:
+----+ +----+ |TPE1+--------------------------------------------------+TPE2| +----+ +----+
+----+ +----+ |TPE1+--------------------------------------------------+TPE2| +----+ +----+
|<---------------------------PW----------------------------->|
|<---------------------------PW----------------------------->|
+----+ +---+ +---+ +----+ |TPE1+--------------+SPE+-----------+SPE+---------------+TPE2| +----+ +---+ +---+ +----+
+----+ +---+ +---+ +----+ |TPE1+--------------+SPE+-----------+SPE+---------------+TPE2| +----+ +---+ +---+ +----+
Figure 3: MS-PW Equivalence
图3:MS-PW等效性
Although an MS-PW may require services such as node discovery and path signaling to construct the PW, it should not be confused with an L2VPN system, which also requires these services. A Virtual Private Wire Service (VPWS) connects its endpoints via a set of PWs. MS-PW is a mechanism that abstracts the construction of complex PWs from the construction of a L2VPN. Thus, a T-PE might be an edge device optimized for simplicity and an S-PE might be an aggregation device designed to absorb the complexity of continuing the PW across the core of one or more service provider networks to another T-PE located at the edge of the network.
尽管MS-PW可能需要诸如节点发现和路径信令之类的服务来构建PW,但不应将其与同样需要这些服务的L2VPN系统混淆。虚拟专用线服务(VPWS)通过一组PW连接其端点。MS-PW是一种从L2VPN构造中抽象出复杂PWs构造的机制。因此,T-PE可以是为简单性而优化的边缘设备,S-PE可以是设计用于吸收将PW跨越一个或多个服务提供商网络的核心持续到位于网络边缘的另一T-PE的复杂性的聚合设备。
As well as supporting traditional L2VPNs, an MS-PW is applicable to providing connectivity across a transport network based on packet switching technology, e.g., the MPLS Transport Profile (MPLS-TP) [6], [8]. Such a network uses pseudowires to support the transport and aggregation of all services. This application requires deterministic characteristics and behavior from the network. The operational requirements of such networks may need pseudowire segments that can be established and maintained in the absence of a control plane, and may also need the operational independence of PW maintenance from the underlying PSN.
除了支持传统的L2VPN外,MS-PW还适用于基于分组交换技术,例如MPLS传输配置文件(MPLS-TP)[6],[8],在传输网络上提供连接。这样的网络使用伪线来支持所有服务的传输和聚合。此应用程序需要来自网络的确定性特征和行为。此类网络的运行要求可能需要在没有控制平面的情况下建立和维护的伪线段,还可能需要PW维护与基础PSN的运行独立性。
The protocol layering model specified in RFC 3985 applies to MS-PWs with the following clarification: the pseudowires may be considered to be a separate layer to the PSN tunnel. That is, although a PW segment will follow the path of the PSN tunnel between S-PEs, the
RFC 3985中规定的协议分层模型适用于MS PWs,澄清如下:伪线可被视为PSN隧道的单独层。也就是说,尽管PW段将沿着S-PEs之间的PSN隧道路径,但
MS-PW is independent of the PSN tunnel routing, operations, signaling, and maintenance. The design of PW routing domains should not imply that the underlying PSN routing domains are the same. However, MS-PWs will reuse the protocols of the PSN and may, if applicable, use information that is extracted from the PSN, e.g., reachability.
MS-PW独立于PSN隧道路由、操作、信令和维护。PW路由域的设计不应意味着基础PSN路由域是相同的。然而,MS PWs将重用PSN的协议,并且如果适用,可以使用从PSN提取的信息,例如可达性。
PWs provide the Encapsulation Layer, i.e., the method of carrying various payload types, and the interface to the PW Demultiplexer Layer. Other layers provide the following:
PWs提供封装层,即承载各种有效负载类型的方法,以及与PW解复用器层的接口。其他层提供以下功能:
o PSN tunnel setup, maintenance, and routing
o PSN隧道设置、维护和布线
o T-PE discovery
o T-PE发现
Not all PEs may be capable of providing S-PE functionality. Connectivity to the next-hop S-PE or T-PE must be provided by a PSN tunnel, according to [1]. The selection of which set of S-PEs to use to reach a given T-PE is considered to be within the scope of MS-PW solutions.
并非所有PE都能够提供S-PE功能。根据[1],到下一跳S-PE或T-PE的连接必须由PSN隧道提供。选择用于达到给定T-PE的一组S-PE被视为在MS-PW解决方案的范围内。
MS-PWs are applicable to all PW payload types. Encapsulations defined for SS-PWs are also used for MS-PW without change. Where the PSN types for each segment of an MS-PW are identical, the PW types of each segment must also be identical. However, if different segments run over different PSN types, the encapsulation may change but the PW segments must be of an equivalent PW type, i.e., the S-PE must not need to process the PW payload to provide translation.
MS PWs适用于所有PW有效负载类型。为SS PW定义的封装也用于MS-PW,无需更改。如果MS-PW各段的PSN类型相同,则各段的PW类型也必须相同。然而,如果不同的段在不同的PSN类型上运行,封装可能会改变,但PW段必须是等效的PW类型,即S-PE不需要处理PW有效载荷以提供转换。
The pseudowire emulation edge-to-edge (PWE3) reference architecture for the single-segment case is shown in [1]. This architecture applies to the case where a PSN tunnel extends between two edges of a single PSN domain to transport a PW with endpoints at these edges.
单段情况下的伪线仿真边到边(PWE3)参考体系结构如[1]所示。此体系结构适用于PSN隧道在单个PSN域的两个边缘之间延伸以传输端点位于这些边缘的PW的情况。
Native |<------Multi-Segment Pseudowire------>| Native Service | PSN PSN | Service (AC) | |<-Tunnel->| |<-Tunnel->| | (AC) | V V 1 V V 2 V V | | +----+ +-----+ +----+ | +----+ | |TPE1|===========|SPE1 |==========|TPE2| | +----+ | |------|..... PW.Seg't1....X....PW.Seg't3.....|-------| | | CE1| | | | | | | | | |CE2 | | |------|..... PW.Seg't2....X....PW.Seg't4.....|-------| | +----+ | | |===========| |==========| | | +----+ ^ +----+ +-----+ +----+ ^ | Provider Edge 1 ^ Provider Edge 2 | | | | | | | | PW switching point | | | |<------------------ Emulated Service --------------->|
Native |<------Multi-Segment Pseudowire------>| Native Service | PSN PSN | Service (AC) | |<-Tunnel->| |<-Tunnel->| | (AC) | V V 1 V V 2 V V | | +----+ +-----+ +----+ | +----+ | |TPE1|===========|SPE1 |==========|TPE2| | +----+ | |------|..... PW.Seg't1....X....PW.Seg't3.....|-------| | | CE1| | | | | | | | | |CE2 | | |------|..... PW.Seg't2....X....PW.Seg't4.....|-------| | +----+ | | |===========| |==========| | | +----+ ^ +----+ +-----+ +----+ ^ | Provider Edge 1 ^ Provider Edge 2 | | | | | | | | PW switching point | | | |<------------------ Emulated Service --------------->|
Figure 4: MS-PW Reference Model
图4:MS-PW参考模型
Figure 4 extends this architecture to show a multi-segment case. The PEs that provide services to CE1 and CE2 are Terminating PE1 (T-PE1) and Terminating PE2 (T-PE2), respectively. A PSN tunnel extends from T-PE1 to Switching PE1 (S-PE1) across PSN1, and a second PSN tunnel extends from S-PE1 to T-PE2 across PSN2. PWs are used to connect the attachment circuits (ACs) attached to PE1 to the corresponding ACs attached to T-PE2.
图4扩展了该体系结构以显示多段情况。向CE1和CE2提供服务的PEs分别为端接PE1(T-PE1)和端接PE2(T-PE2)。PSN隧道从T-PE1延伸到PSN1上的交换PE1(S-PE1),第二个PSN隧道从S-PE1延伸到PSN2上的T-PE2。PW用于将连接至PE1的连接电路(ACs)连接至连接至T-PE2的相应ACs。
Each PW segment on the tunnel across PSN1 is switched to a PW segment in the tunnel across PSN2 at S-PE1 to complete the multi-segment PW (MS-PW) between T-PE1 and T-PE2. S-PE1 is therefore the PW switching point. PW segment 1 and PW segment 3 are segments of the same MS-PW, while PW segment 2 and PW segment 4 are segments of another MS-PW. PW segments of the same MS-PW (e.g., PW segment 1 and PW segment 3) must be of equivalent PW types, as described in Section 3.2, while PSN tunnels (e.g., PSN1 and PSN2) may be of the same or different PSN types. An S-PE switches an MS-PW from one segment to another based on the PW demultiplexer, i.e., a PW label that may take one of the forms defined in Section 5.4.1 of RFC 3985 [1].
穿过PSN1的隧道上的每个PW段切换到S-PE1处穿过PSN2的隧道中的一个PW段,以完成T-PE1和T-PE2之间的多段PW(MS-PW)。因此,S-PE1是PW开关点。PW段1和PW段3是同一MS-PW的段,而PW段2和PW段4是另一MS-PW的段。如第3.2节所述,相同MS-PW的PW段(例如PW段1和PW段3)必须具有同等的PW类型,而PSN隧道(例如PSN1和PSN2)可能具有相同或不同的PSN类型。S-PE基于PW解复用器将MS-PW从一段切换到另一段,即PW标签可以采用RFC 3985[1]第5.4.1节中定义的形式之一。
Note that although Figure 4 only shows a single S-PE, a PW may transit more than one S-PE along its path. This architecture is applicable when the S-PEs are statically chosen, or when they are chosen using a dynamic path-selection mechanism. Both directions of an MS-PW must traverse the same set of S-PEs on a reciprocal path. Note that although the S-PE path is therefore reciprocal, the path taken by the PSN tunnels between the T-PEs and S-PEs might not be reciprocal due to choices made by the PSN routing protocol.
请注意,尽管图4仅显示了一个S-PE,但PW可能会沿着其路径传输多个S-PE。该体系结构适用于静态选择S-PE或使用动态路径选择机制选择S-PE的情况。MS-PW的两个方向必须在反向路径上穿过同一组S-PE。注意,尽管S-PE路径因此是互惠的,但是由于PSN路由协议的选择,T-PEs和S-PEs之间的PSN隧道所采用的路径可能不是互惠的。
There is a requirement to deploy PWs edge-to-edge in large service provider networks (RFC 5254 [5]). Such networks typically encompass hundreds or thousands of aggregation devices at the edge, each of which would be a PE. These networks may be partitioned into separate metro and core PW domains, where the PEs are interconnected by a sparse mesh of tunnels.
需要在大型服务提供商网络中部署PWs边到边(RFC 5254[5])。这种网络通常在边缘包含数百或数千个聚合设备,每个设备都是PE。这些网络可划分为单独的城域和核心PW域,其中PEs通过隧道的稀疏网格互连。
Whether or not the network is partitioned into separate PW domains, there is also a requirement to support a partial mesh of traffic-engineered PSN tunnels.
无论网络是否划分为单独的PW域,都需要支持部分流量工程PSN隧道网格。
The architecture shown in Figure 4 can be used to support such cases. PSN1 and PSN2 may be in different administrative domains or access regions, core regions, or metro regions within the same provider's network. PSN1 and PSN2 may also be of different types. For example, S-PEs may be used to connect PW segments traversing metro networks of one technology, e.g., statically allocated labels, with segments traversing an MPLS core network.
图4所示的体系结构可用于支持此类情况。PSN1和PSN2可能位于同一提供商网络内的不同管理域或接入区域、核心区域或城域区域中。PSN1和PSN2也可以是不同的类型。例如,S-PEs可用于将穿过一种技术的城域网络(例如,静态分配的标签)的PW段与穿过MPLS核心网络的段连接起来。
Alternatively, T-PE1, S-PE1, and T-PE2 may reside at the edges of the same PSN.
或者,T-PE1、S-PE1和T-PE2可以位于相同PSN的边缘。
In this model, the PW reverts to the native service AC at the domain boundary PE. This AC is then connected to a separate PW on the same PE. In this case, the reference models of RFC 3985 apply to each segment and to the PEs. The remaining PE architectural considerations in this document do not apply to this case.
在此模型中,PW在域边界PE处恢复为本机服务AC。然后将该AC连接到同一PE上的单独PW。在这种情况下,RFC 3985的参考模型适用于每个分段和PEs。本文档中剩余的PE架构注意事项不适用于这种情况。
In this model, PW segments are switched between PSN tunnels that span portions of a provider's network, without reverting to the native service at the boundary. For example, in Figure 4, PSN1 and PSN2 would be portions of the same provider's network.
在该模型中,PW段在跨越提供商网络部分的PSN隧道之间切换,而不会恢复到边界处的本机服务。例如,在图4中,PSN1和PSN2将是同一提供商网络的一部分。
Inter-provider PWs may need to be switched between PSN tunnels at the provider boundary in order to minimize the number of tunnels required to provide PW-based services to CEs attached to each provider's network. In addition, the following may need to be implemented on a per-PW basis at the provider boundary:
提供商间PW可能需要在提供商边界的PSN隧道之间切换,以尽量减少向连接到每个提供商网络的CE提供基于PW的服务所需的隧道数量。此外,在供应商边界,可能需要在每个PW的基础上实施以下内容:
o Operations, Administration, and Maintenance (OAM). Note that this is synonymous with 'Operations and Maintenance' referred to in RFC 5254 [5].
o 运营、管理和维护(OAM)。注意,这与RFC 5254[5]中提到的“操作和维护”同义。
o Authentication, Authorization, and Accounting (AAA)
o 身份验证、授权和记帐(AAA)
o Security mechanisms
o 安全机制
Further security-related architectural considerations are described in Section 12.
第12节描述了与安全相关的其他架构注意事项。
In this model, the PW reverts to the native service at the provider boundary PE. This AC is then connected to a separate PW at the peer provider boundary PE. In this case, the reference models of RFC 3985 apply to each segment and to the PEs. This is similar to the case in Section 4.1.1, except that additional security and policy enforcement measures will be required. The remaining PE architectural considerations in this document do not apply to this case.
在此模型中,PW恢复为提供者边界PE处的本机服务。然后,该AC连接到对等提供商边界PE处的单独PW。在这种情况下,RFC 3985的参考模型适用于每个分段和PEs。这与第4.1.1节中的情况类似,只是需要额外的安全和政策执行措施。本文档中剩余的PE架构注意事项不适用于这种情况。
In this model, PW segments are switched between PSN tunnels in each provider's network, without reverting to the native service at the boundary. This architecture is shown in Figure 5. Here, S-PE1 and S-PE2 are provider border routers. PW segment 1 is switched to PW segment 2 at S-PE1. PW segment 2 is then carried across an inter-provider PSN tunnel to S-PE2, where it is switched to PW segment 3 in PSN2.
在该模型中,PW段在每个提供商的网络中的PSN隧道之间切换,而不恢复到边界处的本机服务。该体系结构如图5所示。这里,S-PE1和S-PE2是提供商边界路由器。PW段1在S-PE1处切换至PW段2。然后,PW段2通过提供商间PSN隧道传输至S-PE2,并在PSN2中切换至PW段3。
|<------Multi-Segment Pseudowire------>| | Provider Provider | AC | |<----1---->| |<----2--->| | AC | V V V V V V | | +----+ +-----+ +----+ +----+ | +----+ | | |=====| |=====| |=====| | | +----+ | |-------|......PW.....X....PW.....X...PW.......|-------| | | CE1| | | |Seg 1| |Seg 2| |Seg 3| | | |CE2 | +----+ | | |=====| |=====| |=====| | | +----+ ^ +----+ +-----+ +----+ +----+ ^ | T-PE1 S-PE1 S-PE2 T-PE2 | | ^ ^ | | | | | | PW switching points | | | | | |<------------------- Emulated Service --------------->|
|<------Multi-Segment Pseudowire------>| | Provider Provider | AC | |<----1---->| |<----2--->| | AC | V V V V V V | | +----+ +-----+ +----+ +----+ | +----+ | | |=====| |=====| |=====| | | +----+ | |-------|......PW.....X....PW.....X...PW.......|-------| | | CE1| | | |Seg 1| |Seg 2| |Seg 3| | | |CE2 | +----+ | | |=====| |=====| |=====| | | +----+ ^ +----+ +-----+ +----+ +----+ ^ | T-PE1 S-PE1 S-PE2 T-PE2 | | ^ ^ | | | | | | PW switching points | | | | | |<------------------- Emulated Service --------------->|
Figure 5: Inter-Provider Reference Model
图5:供应商间参考模型
Pseudowire pre-processing is applied in the T-PEs as specified in RFC 3985. Processing at the S-PEs is specified in the following sections.
按照RFC 3985的规定,T-PEs采用伪线预处理。以下章节规定了S-PEs的处理。
Each forwarder in the S-PE forwards packets from one PW segment on the ingress PSN-facing interface of the S-PE to one PW segment on the egress PSN-facing interface of the S-PE.
S-PE中的每个转发器将数据包从S-PE面向入口PSN接口上的一个PW段转发到S-PE面向出口PSN接口上的一个PW段。
The forwarder selects the egress segment PW based on the ingress PW label. The mapping of ingress to egress PW label may be statically or dynamically configured. Figure 6 shows how a single forwarder is associated with each PW segment at the S-PE.
转发器根据入口PW标签选择出口段PW。入口到出口PW标签的映射可以是静态或动态配置的。图6显示了单个转发器如何与S-PE的每个PW段相关联。
+------------------------------------------+ | S-PE Device | +------------------------------------------+ Ingress | | | | Egress PW instance | Single | | Single | PW Instance <==========>X PW Instance + Forwarder + PW Instance X<==========> | | | | +------------------------------------------+
+------------------------------------------+ | S-PE Device | +------------------------------------------+ Ingress | | | | Egress PW instance | Single | | Single | PW Instance <==========>X PW Instance + Forwarder + PW Instance X<==========> | | | | +------------------------------------------+
Figure 6: Point-to-Point Service
图6:点对点服务
Other mappings of PW-to-forwarder are for further study.
PW到转发器的其他映射有待进一步研究。
There is no native service processing in the S-PEs.
S-PEs中没有本机服务处理。
Figure 7 illustrates the protocol stack reference model for multi-segment PWs.
图7说明了多段PWs的协议栈参考模型。
+-----------+ +-----------+ | Emulated | | Emulated | | Service | | Service | |(e.g., ATM)|<======= Emulated Service =======>|(e.g., ATM)| +-----------+ +-----------+ | Payload | | Payload | | Encap. |<=== Multi-segment Pseudowire ===>| Encap. | +-----------+ +--------+ +-----------+ | PW Demux |<PW Segment>|PW Demux|<PW Segment>| PW Demux | +-----------+ +--------+ +-----------+ |PSN Tunnel,|<PSN Tunnel>| PSN |<PSN Tunnel>|PSN Tunnel,| | PSN & PHY | |Physical| | PSN & PHY | | Layers | | Layers | | Layers | +----+------+ +--------+ +-----+-----+ | .......... | .......... | | / \ | / \ | +==========/ PSN \===/ PSN \======+ \ domain 1 / \ domain 2 / \__________/ \__________/ `````````` ``````````
+-----------+ +-----------+ | Emulated | | Emulated | | Service | | Service | |(e.g., ATM)|<======= Emulated Service =======>|(e.g., ATM)| +-----------+ +-----------+ | Payload | | Payload | | Encap. |<=== Multi-segment Pseudowire ===>| Encap. | +-----------+ +--------+ +-----------+ | PW Demux |<PW Segment>|PW Demux|<PW Segment>| PW Demux | +-----------+ +--------+ +-----------+ |PSN Tunnel,|<PSN Tunnel>| PSN |<PSN Tunnel>|PSN Tunnel,| | PSN & PHY | |Physical| | PSN & PHY | | Layers | | Layers | | Layers | +----+------+ +--------+ +-----+-----+ | .......... | .......... | | / \ | / \ | +==========/ PSN \===/ PSN \======+ \ domain 1 / \ domain 2 / \__________/ \__________/ `````````` ``````````
Figure 7: Multi-Segment PW Protocol Stack
图7:多段PW协议栈
The MS-PW provides the CE with an emulated physical or virtual connection to its peer at the far end. Native service PDUs from the CE are passed through an Encapsulation Layer and a PW demultiplexer
MS-PW为CE提供了到远端对等机的模拟物理或虚拟连接。来自CE的本机服务PDU通过封装层和PW解复用器
is added at the sending T-PE. The PDU is sent over PSN domain via the PSN transport tunnel. The receiving S-PE swaps the existing PW demultiplexer for the demultiplexer of the next segment and then sends the PDU over transport tunnel in PSN2. Where the ingress and egress PSN domains of the S-PE are of the same type, e.g., they are both MPLS PSNs, a simple label swap operation is performed, as described in Section 3.13 of RFC 3031 [3]. However, where the ingress and egress PSNs are of different types, e.g., MPLS and L2TPv3, the ingress PW demultiplexer is removed (or popped), and a mapping to the egress PW demultiplexer is performed and then inserted (or pushed).
在发送T-PE时添加。PDU通过PSN传输隧道通过PSN域发送。接收S-PE将现有PW解复用器交换为下一段的解复用器,然后通过PSN2中的传输隧道发送PDU。如果S-PE的入口和出口PSN域是相同类型的,例如,它们都是MPLS PSN,则执行简单的标签交换操作,如RFC 3031[3]第3.13节所述。然而,如果入口和出口psn是不同类型的,例如MPLS和L2TPv3,则移除(或弹出)入口PW解复用器,并且执行到出口PW解复用器的映射,然后插入(或推送)。
Policies may also be applied to the PW at this point. Examples of such policies include admission control, rate control, QoS mappings, and security. The receiving T-PE removes the PW demultiplexer and restores the payload to its native format for transmission to the destination CE.
此时,政策也可能适用于PW。此类策略的示例包括接纳控制、速率控制、QoS映射和安全性。接收T-PE移除PW解复用器,并将有效负载恢复为其本机格式,以便传输到目的地CE。
Where the encapsulation format is different, e.g., MPLS and L2TPv3, the payload encapsulation may be translated at the S-PE.
在封装格式不同的情况下,例如MPLS和L2TPv3,可以在S-PE处转换有效负载封装。
Figure 8 shows the maintenance reference model for multi-segment pseudowires.
图8显示了多段伪导线的维护参考模型。
|<------------- CE (end-to-end) Signaling ------------>| | | | |<-------- MS-PW/T-PE Maintenance ----->| | | | |<---PW Seg't-->| |<--PW Seg't--->| | | | | | Maintenance | | Maintenance | | | | | | | | | | | | | | PSN | | PSN | | | | | | |<-Tunnel1->| | | |<-Tunnel2->| | | | | V V V Signaling V V V V Signaling V V V | V +----+ +-----+ +----+ V +----+ |TPE1|===========|SPE1 |===========|TPE2| +----+ | |-------|......PW.Seg't1....X....PW Seg't3......|------| | | CE1| | | | | | | |CE2 | | |-------|......PW.Seg't2....X....PW Seg't4......|------| | +----+ | |===========| |===========| | +----+ ^ +----+ +-----+ +----+ ^ | Terminating ^ Terminating | | Provider Edge 1 | Provider Edge 2 | | | | | PW switching point | | | |<--------------------- Emulated Service ------------------->|
|<------------- CE (end-to-end) Signaling ------------>| | | | |<-------- MS-PW/T-PE Maintenance ----->| | | | |<---PW Seg't-->| |<--PW Seg't--->| | | | | | Maintenance | | Maintenance | | | | | | | | | | | | | | PSN | | PSN | | | | | | |<-Tunnel1->| | | |<-Tunnel2->| | | | | V V V Signaling V V V V Signaling V V V | V +----+ +-----+ +----+ V +----+ |TPE1|===========|SPE1 |===========|TPE2| +----+ | |-------|......PW.Seg't1....X....PW Seg't3......|------| | | CE1| | | | | | | |CE2 | | |-------|......PW.Seg't2....X....PW Seg't4......|------| | +----+ | |===========| |===========| | +----+ ^ +----+ +-----+ +----+ ^ | Terminating ^ Terminating | | Provider Edge 1 | Provider Edge 2 | | | | | PW switching point | | | |<--------------------- Emulated Service ------------------->|
Figure 8: MS-PW Maintenance Reference Model
图8:MS-PW维修参考模型
RFC 3985 specifies the use of CE (end-to-end) and PSN tunnel signaling as well as PW/PE maintenance. CE and PSN tunnel signaling is as specified in RFC 3985. However, in the case of MS-PWs, signaling between the PEs now has both an edge-to-edge and a hop-by-hop context. That is, signaling and maintenance between T-PEs and S-PEs and between adjacent S-PEs is used to set up, maintain, and tear down the MS-PW segments, which includes the coordination of parameters related to each switching point as well as to the MS-PW endpoints.
RFC 3985规定了CE(端到端)和PSN隧道信令以及PW/PE维护的使用。CE和PSN隧道信令符合RFC 3985的规定。然而,在MS PWs的情况下,PEs之间的信令现在具有边到边和逐跳上下文。也就是说,T-PEs和S-PEs之间以及相邻S-PEs之间的信令和维护用于设置、维护和拆除MS-PW段,包括协调与每个开关点以及MS-PW端点相关的参数。
The purpose of the PW Demultiplexer Layer at the S-PE is to demultiplex PWs from ingress PSN tunnels and to multiplex them into egress PSN tunnels. Although each PW may contain multiple native service circuits, e.g., multiple ATM virtual circuits (VCs), the S-PEs do not have visibility of, and hence do not change, this level of multiplexing because they contain no Native Service Processor (NSP).
S-PE处PW解复用器层的目的是将PW从入口PSN隧道解复用,并将其复用到出口PSN隧道中。尽管每个PW可能包含多个本机服务电路,例如多个ATM虚拟电路(VCs),但S-PE不具有该复用级别的可见性,因此不会改变,因为它们不包含本机服务处理器(NSP)。
If fragmentation is to be used in an MS-PW, T-PEs and S-PEs must satisfy themselves that fragmented PW payloads can be correctly reassembled for delivery to the destination attachment circuit.
如果要在MS-PW中使用碎片,T-PEs和S-PEs必须确保碎片PW有效载荷能够正确重新组装,以交付至目标连接电路。
An S-PE is not required to make any attempt to reassemble a fragmented PW payload. However, it may choose to do so if, for example, it knows that a downstream PW segment does not support reassembly.
S-PE无需尝试重新组装碎片PW有效载荷。然而,如果它知道下游PW段不支持重新组装,它可以选择这样做。
An S-PE may fragment a PW payload using [4].
S-PE可使用[4]对PW有效载荷进行分段。
For multi-segment pseudowires, the intermediate PW switching points may be statically provisioned or chosen dynamically.
对于多段伪线,中间PW开关点可以静态供应或动态选择。
For the static case, there are two options for exchanging the PW labels:
对于静态情况,有两个用于交换PW标签的选项:
o By configuration at the T-PEs or S-PEs.
o 通过T-PEs或S-PEs的配置。
o By signaling across each segment using a dynamic maintenance protocol.
o 通过使用动态维护协议跨每个段发送信号。
A multi-segment pseudowire may thus consist of segments where the labels are statically configured and segments where the labels are signaled.
因此,多段伪线可由静态配置标签的段和标记信号的段组成。
For the case of dynamic choice of the PW switching points, there are two options for selecting the path of the MS-PW:
对于PW开关点的动态选择,有两种选择MS-PW路径的选项:
o T-PEs determine the full path of the PW through intermediate switching points. This may be either static or based on a dynamic PW path-selection mechanism.
o T-PEs确定PW通过中间开关点的完整路径。这可以是静态的,也可以基于动态PW路径选择机制。
o Each T-PE and S-PE makes a local decision as to which next-hop S-PE to choose to reach the target T-PE. This choice is made either using locally configured information or by using a dynamic PW path-selection mechanism.
o 每个T-PE和S-PE做出本地决定,决定选择哪个下一跳S-PE到达目标T-PE。可以使用本地配置的信息或使用动态PW路径选择机制进行选择。
Since a multi-segment PW consists of a number of concatenated PW segments, the emulated service can only be considered as being up when all of the constituting PW segments and PSN tunnels are functional and operational along the entire path of the MS-PW.
由于多段PW由多个串联PW段组成,因此只有当构成PW段的所有PW段和PSN隧道沿MS-PW的整个路径正常运行时,才能将仿真服务视为启动。
If a native service requires bi-directional connectivity, the corresponding emulated service can only be signaled as being up when the PW segments and PSN tunnels (if used), are functional and operational in both directions.
如果本机服务需要双向连接,则只有当PW段和PSN隧道(如果使用)在两个方向上都能正常工作和运行时,相应的模拟服务才能发出启动信号。
RFC 3985 describes the architecture of failure and other status notification mechanisms for PWs. These mechanisms are also needed in multi-segment pseudowires. In addition, if a failure notification mechanism is provided for consecutive segments of the same PW, the S-PE must propagate such notifications between the consecutive concatenated segments.
RFC 3985描述了PWs的故障和其他状态通知机制的体系结构。在多段伪导线中也需要这些机制。此外,如果为同一PW的连续段提供了故障通知机制,则S-PE必须在连续连接段之间传播此类通知。
Misconnection and payload type mismatch can occur with PWs. Misconnection can breach the integrity of the system. Payload mismatch can disrupt the customer network. In both instances, there are security and operational concerns.
PWs可能会发生错误连接和负载类型不匹配。错误连接会破坏系统的完整性。负载不匹配会中断客户网络。在这两种情况下,都存在安全和操作问题。
The services of the underlying tunneling mechanism or the PW control and OAM protocols can be used to ensure that the identity of the PW next hop is as expected. As part of the PW setup, a PW-TYPE identifier is exchanged. This is then used by the forwarder and the NSP of the T-PEs to verify the compatibility of the ACs. This can also be used by S-PEs to ensure that concatenated segments of a given MS-PW are compatible or that an MS-PW is not misconnected into a local AC. In addition, it is possible to perform an end-to-end connection verification to check the integrity of the PW, to verify the identity of S-PEs and check the correct connectivity at S-PEs, and to verify the identity of the T-PE.
底层隧道机制或PW控制和OAM协议的服务可用于确保PW下一跳的身份符合预期。作为PW设置的一部分,交换PW类型标识符。然后,转发器和T-PEs的NSP将使用该方法来验证ACs的兼容性。这也可由S-PEs使用,以确保给定MS-PW的连接段兼容,或MS-PW未错误连接到本地AC。此外,可以执行端到端连接验证,以检查PW的完整性,验证S-PEs的身份,并检查S-PEs的正确连接,以及验证T-PE的身份。
The management and monitoring as described in RFC 3985 applies here.
RFC 3985中所述的管理和监控适用于此处。
The MS-PW architecture introduces additional considerations related to management and monitoring, which need to be reflected in the design of maintenance tools and additional management objects for MS-PWs.
MS-PW体系结构引入了与管理和监控相关的其他注意事项,需要在MS-PWs维护工具和其他管理对象的设计中予以反映。
The first is that each S-PE is a new point at which defects may occur along the path of the PW. In order to troubleshoot MS-PWs, management and monitoring should be able to operate on a subset of the segments of an MS-PW, as well as edge-to-edge. That is, connectivity verification mechanisms should be able to troubleshoot and differentiate the connectivity between T-PEs and intermediate S-PEs, as well as the connectivity between T-PE and T-PE.
首先,每个S-PE都是一个新的点,在该点上,沿着PW路径可能会出现缺陷。为了对MS PW进行故障排除,管理和监控应能够对MS-PW段的子集以及边到边进行操作。也就是说,连接验证机制应该能够排除故障并区分T-PE和中间S-PE之间的连接,以及T-PE和T-PE之间的连接。
The second is that the set of S-PEs and P-routers along the MS-PW path may be less optimal than a path between the T-PEs chosen solely by the underlying PSN routing protocols. This is because the S-PEs are chosen by the MS-PW path selection mechanism and not by the PSN routing protocols. Troubleshooting mechanisms should therefore be provided to verify the set of S-PEs that are traversed by an MS-PW to reach a T-PE.
第二个问题是,沿着MS-PW路径的S-PE和P-Router集合可能不如仅由底层PSN路由协议选择的T-PE之间的路径最优。这是因为S-PE由MS-PW路径选择机制选择,而不是由PSN路由协议选择。因此,应提供故障排除机制,以验证MS-PW穿过以到达T-PE的一组S-PE。
Some of the S-PEs and the T-PEs for an MS-PW may reside in a different service provider's PSN domain from that of the operator who initiated the establishment of the MS-PW. These situations may necessitate the use of remote management of the MS-PW, which is able to securely operate across provider boundaries.
MS-PW的一些S-PE和T-PE可能位于与发起建立MS-PW的运营商不同的服务提供商的PSN域中。这些情况可能需要使用MS-PW的远程管理,它能够安全地跨提供商边界运行。
The following congestion considerations apply to MS-PWs. These are in addition to the considerations for PWs described in RFC 3985 [1], [7], and the respective RFCs specifying each PW type.
以下拥塞注意事项适用于MS PWs。除了RFC 3985[1]、[7]中所述的PW注意事项,以及规定每种PW类型的相应RFC。
The control plane and the data plane fate-share in traditional IP networks. The implication of this is that congestion in the data plane can cause degradation of the operation of the control plane. Under quiescent operating conditions, it is expected that the network will be designed to avoid such problems. However, MS-PW mechanisms should also consider what happens when congestion does occur, when the network is stretched beyond its design limits, for example, during unexpected network failure conditions.
在传统IP网络中,控制平面和数据平面命运共享。这意味着数据平面中的拥塞会导致控制平面的操作降级。在静态运行条件下,预计网络的设计将避免此类问题。然而,MS-PW机制也应考虑当拥塞发生时,当网络超出其设计极限时发生的情况,例如,在意外的网络故障条件下。
Although congestion within a single provider's network can be mitigated by suitable engineering of the network so that the traffic imposed by PWs can never cause congestion in the underlying PSN, a significant number of MS-PWs are expected to be deployed for inter-provider services. In this case, there may be no way of a provider who initiates the establishment of an MS-PW at a T-PE guaranteeing that it will not cause congestion in a downstream PSN. A specific PSN may be able to protect itself from excess PW traffic by policing all PWs at the S-PE at the provider border. However, this may not be
虽然可以通过适当的网络工程来缓解单个提供商网络中的拥塞,以便PWs施加的流量永远不会导致底层PSN中的拥塞,但预计将为提供商间服务部署大量MS PWs。在这种情况下,提供商可能无法在T-PE发起MS-PW的建立,从而保证它不会在下游PSN中造成拥塞。特定的PSN可以通过在提供商边界的S-PE处监控所有PW来保护自己免受多余PW流量的影响。然而,这可能并非如此
effective when the PSN tunnel across a provider utilizes the transit services of another provider that cannot distinguish PW traffic from ordinary, TCP-controlled IP traffic.
当跨提供商的PSN隧道使用另一提供商的传输服务时生效,该服务无法区分PW流量和普通的TCP控制的IP流量。
Each segment of an MS-PW therefore needs to implement congestion detection and congestion control mechanisms where it is not possible to explicitly provision sufficient capacity to avoid congestion.
因此,MS-PW的每个段都需要实施拥塞检测和拥塞控制机制,因为无法明确提供足够的容量来避免拥塞。
In many cases, only the T-PEs may have sufficient information about each PW to fairly apply congestion control. Therefore, T-PEs need to be aware of which of their PWs are causing congestion in a downstream PSN and of their native service characteristics, and to apply congestion control accordingly. S-PEs therefore need to propagate PSN congestion state information between their downstream and upstream directions. If the MS-PW transits many S-PEs, it may take some time for congestion state information to propagate from the congested PSN segment to the source T-PE, thus delaying the application of congestion control. Congestion control in the S-PE at the border of the congested PSN can enable a more rapid response and thus potentially reduce the duration of congestion.
在许多情况下,只有T-PEs可能有足够的关于每个PW的信息来公平地应用拥塞控制。因此,T-PEs需要知道他们的哪些PW正在下游PSN中引起拥塞,以及他们的本机服务特性,并相应地应用拥塞控制。因此,S-PEs需要在其下游和上游方向之间传播PSN拥塞状态信息。如果MS-PW传输多个S-PE,拥塞状态信息可能需要一些时间从拥塞的PSN段传播到源T-PE,从而延迟拥塞控制的应用。在拥塞的PSN边界处的S-PE中的拥塞控制可以实现更快速的响应,从而潜在地减少拥塞的持续时间。
In addition to protecting the operation of the underlying PSN, consistent QoS and traffic engineering mechanisms should be used on each segment of an MS-PW to support the requirements of the emulated service. The QoS treatment given to a PW packet at an S-PE may be derived from context information of the PW (e.g., traffic or QoS parameters signaled to the S-PE by an MS-PW control protocol) or from PSN-specific QoS flags in the PSN tunnel label or PW demultiplexer, e.g., TC bits in either the label switched path (LSP) or PW label for an MPLS PSN or the DS field of the outer IP header for L2TPv3.
除了保护底层PSN的运行外,MS-PW的每个段上都应使用一致的QoS和流量工程机制,以支持模拟服务的需求。在S-PE处给予PW分组的QoS处理可从PW的上下文信息(例如,通过MS-PW控制协议发信号给S-PE的业务或QoS参数)或从PSN隧道标签或PW解复用器中的PSN特定QoS标志(例如,标签交换路径(LSP)中的TC位)导出或MPLS PSN的PW标签或L2TPv3的外部IP头的DS字段。
The security considerations described in RFC 3985 [1] apply here. Detailed security requirements for MS-PWs are specified in RFC 5254 [5]. This section describes the architectural implications of those requirements.
RFC 3985[1]中描述的安全注意事项适用于此处。RFC 5254[5]中规定了MS PWs的详细安全要求。本节描述了这些需求的体系结构含义。
The security implications for T-PEs are similar to those for PEs in single-segment pseudowires. However, S-PEs represent a point in the network where the PW label is exposed to additional processing. An S-PE or T-PE must trust that the context of the MS-PW is maintained by a downstream S-PE. OAM tools must be able to verify the identity of the far end T-PE to the satisfaction of the network operator. Additional consideration needs to be given to the security of the S-PEs, both at the data plane and the control plane, particularly when these are dynamically selected and/or when the MS-PW transits the networks of multiple operators.
T-PEs的安全含义类似于单段伪线中PEs的安全含义。然而,S-PEs代表网络中PW标签暴露于额外处理的点。S-PE或T-PE必须相信MS-PW的上下文由下游S-PE维护。OAM工具必须能够验证远端T-PE的身份,以使网络运营商满意。需要额外考虑S-PEs在数据平面和控制平面上的安全性,特别是当这些是动态选择的和/或MS-PW传输多个运营商的网络时。
An implicit trust relationship exists between the initiator of an MS-PW, the T-PEs, and the S-PEs along the MS-PW's path. That is, the T-PE trusts the S-PEs to process and switch PWs without compromising the security or privacy of the PW service. An S-PE should not select a next-hop S-PE or T-PE unless it knows it would be considered eligible, as defined in Section 1.3, by the originator of the MS-PW. For dynamically placed MS-PWs, this can be achieved by allowing the T-PE to explicitly specify the path of the MS-PW. When the MS-PW is dynamically created by the use of a signaling protocol, an S-PE or T-PE should determine the authenticity of the peer entity from which it receives the request and the compliance of that request with policy.
MS-PW的发起人、T-PEs和沿MS-PW路径的S-PEs之间存在隐式信任关系。也就是说,T-PE信任S-PE在不损害PW服务的安全性或隐私的情况下处理和切换PW。S-PE不应选择下一跳S-PE或T-PE,除非其知道MS-PW的发起人认为其符合第1.3节中的规定。对于动态放置的MS-PW,这可以通过允许T-PE显式指定MS-PW的路径来实现。当通过使用信令协议动态创建MS-PW时,S-PE或T-PE应确定从其接收请求的对等实体的真实性以及该请求与策略的符合性。
Where an MS-PW crosses a border between one provider and another provider, the MS-PW segment endpoints (S-PEs or T-PEs) or, for the PSN tunnel, P-routers typically reside on the same nodes as the Autonomous System Border Router (ASBRs) interconnecting the two providers. In either case, an S-PE in one provider is connected to a limited number of trusted T-PEs or S-PEs in the other provider. The number of such trusted T-PEs or S-PEs is bounded and not anticipated to create a scaling issue for the control plane authentication mechanisms.
当MS-PW跨越一个提供商和另一个提供商之间的边界时,MS-PW段端点(S-PEs或T-PEs)或对于PSN隧道,P路由器通常位于与互连两个提供商的自治系统边界路由器(ASBR)相同的节点上。在这两种情况下,一个提供商中的S-PE连接到另一个提供商中数量有限的受信任T-PE或S-PE。此类受信任T-PE或S-PE的数量是有界的,预计不会为控制平面身份验证机制造成缩放问题。
Directly interconnecting the S-PEs/T-PEs using a physically secure link and enabling signaling and routing authentication between the S-PEs/T-PEs eliminates the possibility of receiving an MS-PW signaling message or packet from an untrusted peer. The S-PEs/T-PEs represent security policy enforcement points for the MS-PW, while the ASBRs represent security policy enforcement points for the provider's PSNs. This architecture is illustrated in Figure 9.
使用物理安全链路直接互连S-PEs/T-PEs,并启用S-PEs/T-PEs之间的信令和路由认证,消除了从不受信任的对等方接收MS-PW信令消息或数据包的可能性。S-PEs/T-PEs代表MS-PW的安全策略实施点,而ASBR代表提供商PSN的安全策略实施点。该体系结构如图9所示。
|<------------- MS-PW ---------------->| | Provider Provider | AC | |<----1---->| |<----2--->| | AC | V V V V V V | | +----+ +-----+ +----+ +----+ | +---+ | | |=====| |=====| |=====| | | +---+ | |-------|......PW.....X....PW.....X...PW.......|-------| | |CE1| | | |Seg 1| |Seg 2| |Seg 3| | | |CE2| +---+ | | |=====| |=====| |=====| | | +---+ ^ +----+ +-----+ ^ +----+ +----+ ^ | T-PE1 S-PE1 | S-PE2 T-PE2 | | ASBR | ASBR | | | | | Physically secure link | | | | | |<------------------- Emulated Service --------------->|
|<------------- MS-PW ---------------->| | Provider Provider | AC | |<----1---->| |<----2--->| | AC | V V V V V V | | +----+ +-----+ +----+ +----+ | +---+ | | |=====| |=====| |=====| | | +---+ | |-------|......PW.....X....PW.....X...PW.......|-------| | |CE1| | | |Seg 1| |Seg 2| |Seg 3| | | |CE2| +---+ | | |=====| |=====| |=====| | | +---+ ^ +----+ +-----+ ^ +----+ +----+ ^ | T-PE1 S-PE1 | S-PE2 T-PE2 | | ASBR | ASBR | | | | | Physically secure link | | | | | |<------------------- Emulated Service --------------->|
Figure 9: Directly Connected Inter-Provider Reference Model
图9:直接连接的跨提供商参考模型
Alternatively, the P-routers for the PSN tunnel may reside on the ASBRs, while the S-PEs or T-PEs reside behind the ASBRs within each provider's network. A limited number of trusted inter-provider PSN tunnels interconnect the provider networks. This is illustrated in Figure 10.
或者,用于PSN隧道的P路由器可以驻留在asbr上,而S-PEs或T-PEs驻留在每个提供商的网络内的asbr后面。有限数量的可信提供商间PSN隧道互连提供商网络。如图10所示。
|<-------------- MS-PW -------------------->| | Provider Provider | AC | |<------1----->| |<-----2------->| | AC | V V V V V V | | +---+ +---+ +--+ +--+ +---+ +---+ | +---+ | | |=====| |===============| |=====| | | +---+ | |-----|.....PW....X.......PW..............PW....X.|------| | |CE1| | | |Seg 1| | Seg 2 | |Seg 3| | | |CE2| +---+ | | |=====| |===============| |=====| | | +---+ ^ +---+ +---+ +--+ ^ +--+ +---+ +---+ ^ | T-PE1 S-PE1 ASBR | ASBR S-PE2 T-PE2 | | | | | | | | Trusted Inter-AS PSN Tunnel | | | | | |<------------------- Emulated Service ----------------->|
|<-------------- MS-PW -------------------->| | Provider Provider | AC | |<------1----->| |<-----2------->| | AC | V V V V V V | | +---+ +---+ +--+ +--+ +---+ +---+ | +---+ | | |=====| |===============| |=====| | | +---+ | |-----|.....PW....X.......PW..............PW....X.|------| | |CE1| | | |Seg 1| | Seg 2 | |Seg 3| | | |CE2| +---+ | | |=====| |===============| |=====| | | +---+ ^ +---+ +---+ +--+ ^ +--+ +---+ +---+ ^ | T-PE1 S-PE1 ASBR | ASBR S-PE2 T-PE2 | | | | | | | | Trusted Inter-AS PSN Tunnel | | | | | |<------------------- Emulated Service ----------------->|
Figure 10: Indirectly Connected Inter-Provider Reference Model
图10:间接连接的供应商间参考模型
Particular consideration needs to be given to Quality of Service requests because the inappropriate use of priority may impact any service guarantees given to other PWs. Consideration also needs to be given to the avoidance of spoofing the PW demultiplexer.
需要特别考虑服务质量请求,因为不适当地使用优先级可能会影响提供给其他PW的任何服务保证。还需要考虑避免欺骗PW解复用器。
Where an S-PE provides interconnection between different providers, security considerations that are similar to the security considerations for ASBRs apply. In particular, peer entity authentication should be used.
当S-PE提供不同提供商之间的互连时,适用与ASBR的安全考虑类似的安全考虑。特别是,应该使用对等实体身份验证。
Where an S-PE also supports T-PE functionality, mechanisms should be provided to ensure that MS-PWs are switched correctly to the appropriate outgoing PW segment, rather than to a local AC. Other mechanisms for PW endpoint verification may also be used to confirm the correct PW connection prior to enabling the attachment circuits.
如果S-PE还支持T-PE功能,则应提供机制,以确保MS PWs正确切换到适当的输出PW段,而不是本地AC。在启用连接电路之前,也可使用其他PW端点验证机制来确认正确的PW连接。
The authors gratefully acknowledge the input of Mustapha Aissaoui, Dimitri Papadimitrou, Sasha Vainshtein, and Luca Martini.
作者感谢Mustapha Aissaoui、Dimitri Papadimitro、Sasha Vainstein和Luca Martini的贡献。
[1] Bryant, S., Ed., and P. Pate, Ed., "Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture", RFC 3985, March 2005.
[1] Bryant,S.,Ed.,和P.Pate,Ed.,“伪线仿真边到边(PWE3)架构”,RFC 3985,2005年3月。
[2] Andersson, L. and T. Madsen, "Provider Provisioned Virtual Private Network (VPN) Terminology", RFC 4026, March 2005.
[2] Andersson,L.和T.Madsen,“提供商提供的虚拟专用网络(VPN)术语”,RFC 4026,2005年3月。
[3] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, January 2001.
[3] Rosen,E.,Viswanathan,A.,和R.Callon,“多协议标签交换体系结构”,RFC 30312001年1月。
[4] Malis, A. and M. Townsley, "Pseudowire Emulation Edge-to-Edge (PWE3) Fragmentation and Reassembly", RFC 4623, August 2006.
[4] Malis,A.和M.Townsley,“伪线仿真边到边(PWE3)碎片化和重组”,RFC 46232006年8月。
[5] Bitar, N., Ed., Bocci, M., Ed., and L. Martini, Ed., "Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)", RFC 5254, October 2008.
[5] Bitar,N.,Ed.,Bocci,M.,Ed.,和L.Martini,Ed.,“多段伪线仿真边到边(PWE3)的要求”,RFC 5254,2008年10月。
[6] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., Sprecher, N., and S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, September 2009.
[6] Niven Jenkins,B.,Ed.,Brungard,D.,Ed.,Betts,M.,Ed.,Sprecher,N.,和S.Ueno,“MPLS传输配置文件的要求”,RFC 56542009年9月。
[7] Bryant, S., Davie, B., Martini, L., and E. Rosen, "Pseudowire Congestion Control Framework", Work in Progress, June 2009.
[7] Bryant,S.,Davie,B.,Martini,L.,和E.Rosen,“伪线路拥塞控制框架”,正在进行的工作,2009年6月。
[8] Bocci, M., Bryant, S., and L. Levrau, "A Framework for MPLS in Transport Networks", Work in Progress, August 2009.
[8] Bocci,M.,Bryant,S.,和L.Levrau,“传输网络中MPLS的框架”,正在进行的工作,2009年8月。
Authors' Addresses
作者地址
Matthew Bocci Alcatel-Lucent Voyager Place, Shoppenhangers Road, Maidenhead, Berks, UK Phone: +44 1633 413600 EMail: matthew.bocci@alcatel-lucent.com
Matthew Bocci Alcatel-Lucent Voyager Place,英国伯克斯麦登黑德Shoppenivers路电话:+44 1633 413600电子邮件:Matthew。bocci@alcatel-朗讯网
Stewart Bryant Cisco Systems 250, Longwater, Green Park, Reading, RG2 6GB, United Kingdom EMail: stbryant@cisco.com
Stewart Bryant Cisco Systems 250,Longwater,Green Park,Reading,RG2 6GB,英国电子邮件:stbryant@cisco.com