Internet Engineering Task Force (IETF) T. Beckhaus, Ed. Request for Comments: 7032 Deutsche Telekom AG Category: Standards Track B. Decraene ISSN: 2070-1721 Orange K. Tiruveedhula Juniper Networks M. Konstantynowicz, Ed. L. Martini Cisco Systems, Inc. October 2013
Internet Engineering Task Force (IETF) T. Beckhaus, Ed. Request for Comments: 7032 Deutsche Telekom AG Category: Standards Track B. Decraene ISSN: 2070-1721 Orange K. Tiruveedhula Juniper Networks M. Konstantynowicz, Ed. L. Martini Cisco Systems, Inc. October 2013
LDP Downstream-on-Demand in Seamless MPLS
无缝MPLS中的LDP下游随需应变
Abstract
摘要
Seamless MPLS design enables a single IP/MPLS network to scale over core, metro, and access parts of a large packet network infrastructure using standardized IP/MPLS protocols. One of the key goals of Seamless MPLS is to meet requirements specific to access networks including high number of devices, device position in network topology, and compute and memory constraints that limit the amount of state access devices can hold. This can be achieved with LDP Downstream-on-Demand (DoD) label advertisement. This document describes LDP DoD use cases and lists required LDP DoD procedures in the context of Seamless MPLS design.
无缝MPLS设计使单个IP/MPLS网络能够使用标准化IP/MPLS协议在大型分组网络基础设施的核心、城域和接入部分上扩展。无缝MPLS的关键目标之一是满足特定于接入网络的需求,包括大量设备、设备在网络拓扑中的位置以及限制状态接入设备可容纳量的计算和内存约束。这可以通过LDP下游按需(DoD)标签广告实现。本文件描述了LDP DoD用例,并列出了无缝MPLS设计中所需的LDP DoD程序。
In addition, a new optional TLV type in the LDP Label Request message is defined for fast-up convergence.
此外,在LDP标签请求消息中定义了一种新的可选TLV类型,以加快收敛速度。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7032.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7032.
Copyright Notice
版权公告
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................4 2. Reference Topologies ............................................6 2.1. Access Topologies with Static Routing ......................6 2.2. Access Topologies with Access IGP .........................10 3. LDP DoD Use Cases ..............................................11 3.1. Initial Network Setup .....................................12 3.1.1. AN with Static Routing .............................12 3.1.2. AN with Access IGP .................................13 3.2. Service Provisioning and Activation .......................14 3.3. Service Changes and Decommissioning .......................16 3.4. Service Failure ...........................................17 3.5. Network Transport Failure .................................17 3.5.1. General Notes ......................................17 3.5.2. AN Failure .........................................18 3.5.3. AN/AGN Link Failure ................................19 3.5.4. AGN Failure ........................................20 3.5.5. AGN Network-Side Reachability Failure ..............20 4. LDP DoD Procedures .............................................20 4.1. LDP Label Distribution Control and Retention Modes ........21 4.2. LDP DoD Session Negotiation ...............................23 4.3. Label Request Procedures ..................................23 4.3.1. Access LSR/ABR Label Request .......................23 4.3.2. Label Request Retry ................................24 4.4. Label Withdraw ............................................25 4.5. Label Release .............................................26 4.6. Local-Repair ..............................................27 5. LDP Extension for LDP DoD Fast-Up Convergence ..................27 6. IANA Considerations ............................................29 6.1. LDP TLV Type ..............................................29 7. Security Considerations ........................................29 7.1. LDP DoD Native Security Properties ........................30 7.2. Data-Plane Security .......................................31 7.3. Control-Plane Security ....................................31 8. Acknowledgements ...............................................32 9. References .....................................................33 9.1. Normative References ......................................33 9.2. Informative References ....................................33
1. Introduction ....................................................4 2. Reference Topologies ............................................6 2.1. Access Topologies with Static Routing ......................6 2.2. Access Topologies with Access IGP .........................10 3. LDP DoD Use Cases ..............................................11 3.1. Initial Network Setup .....................................12 3.1.1. AN with Static Routing .............................12 3.1.2. AN with Access IGP .................................13 3.2. Service Provisioning and Activation .......................14 3.3. Service Changes and Decommissioning .......................16 3.4. Service Failure ...........................................17 3.5. Network Transport Failure .................................17 3.5.1. General Notes ......................................17 3.5.2. AN Failure .........................................18 3.5.3. AN/AGN Link Failure ................................19 3.5.4. AGN Failure ........................................20 3.5.5. AGN Network-Side Reachability Failure ..............20 4. LDP DoD Procedures .............................................20 4.1. LDP Label Distribution Control and Retention Modes ........21 4.2. LDP DoD Session Negotiation ...............................23 4.3. Label Request Procedures ..................................23 4.3.1. Access LSR/ABR Label Request .......................23 4.3.2. Label Request Retry ................................24 4.4. Label Withdraw ............................................25 4.5. Label Release .............................................26 4.6. Local-Repair ..............................................27 5. LDP Extension for LDP DoD Fast-Up Convergence ..................27 6. IANA Considerations ............................................29 6.1. LDP TLV Type ..............................................29 7. Security Considerations ........................................29 7.1. LDP DoD Native Security Properties ........................30 7.2. Data-Plane Security .......................................31 7.3. Control-Plane Security ....................................31 8. Acknowledgements ...............................................32 9. References .....................................................33 9.1. Normative References ......................................33 9.2. Informative References ....................................33
Seamless MPLS design [SEAMLESS-MPLS] enables a single IP/MPLS network to scale over core, metro, and access parts of a large packet network infrastructure using standardized IP/MPLS protocols. One of the key goals of Seamless MPLS is to meet requirements specific to access including high number of devices, device position in network topology, and compute and memory constraints that limit the amount of state access devices can hold.
无缝MPLS设计[Seamless-MPLS]使单个IP/MPLS网络能够使用标准化IP/MPLS协议在大型分组网络基础设施的核心、城域和访问部分上扩展。无缝MPLS的关键目标之一是满足特定于访问的需求,包括大量设备、设备在网络拓扑中的位置以及限制状态访问设备可容纳量的计算和内存约束。
In general, MPLS Label Switching Routers (LSRs) implement either LDP or RSVP for MPLS label distribution.
通常,MPLS标签交换路由器(LSR)为MPLS标签分发实现LDP或RSVP。
The focus of this document is on LDP, as Seamless MPLS design does not include a requirement for general-purpose explicit traffic engineering and bandwidth reservation. This document concentrates on the unicast connectivity only. Multicast connectivity is a subject for further study.
本文档的重点是LDP,因为无缝MPLS设计不包括通用显式流量工程和带宽预留的要求。本文档仅关注单播连接。组播连通性是一个有待进一步研究的课题。
In Seamless MPLS design [SEAMLESS-MPLS], IP/MPLS protocol optimization is possible due to relatively simple access network topologies. Examples of such topologies involving access nodes (ANs) and aggregation nodes (AGNs) include:
在无缝MPLS设计[Seamless-MPLS]中,由于相对简单的接入网络拓扑,IP/MPLS协议优化是可能的。涉及接入节点(AN)和聚合节点(AGN)的此类拓扑的示例包括:
a. A single AN homed to a single AGN.
a. 一个单一的家庭到一个单一的活动星系核。
b. A single AN dual-homed to two AGNs.
b. 一个单人房和两个活动星系核的双人房。
c. Multiple ANs daisy-chained via a hub-AN to a single AGN.
c. 多个ANs通过集线器菊花链连接到单个AGN。
d. Multiple ANs daisy-chained via a hub-AN to two AGNs.
d. 多个ANs通过一个集线器菊花链连接到两个AGN。
e. Two ANs dual-homed to two AGNs.
e. 两个ANs双宿于两个AGN。
f. Multiple ANs chained in a ring and dual-homed to two AGNs.
f. 多个ANs链在一个环中,双宿于两个AGN。
The amount of IP Routing Information Base (RIB) and Forwarding Information Base (FIB) state on ANs can be easily controlled in the listed access topologies by using simple IP routing configuration with either static routes or dedicated access IGP. Note that in all of the above topologies, AGNs act as the access area border routers (access ABRs) connecting the access topology to the rest of the network. Hence, in many cases, it is sufficient for ANs to have a default route pointing towards AGNs in order to achieve complete network connectivity from ANs to the network.
ANs上IP路由信息库(RIB)和转发信息库(FIB)状态的数量可以通过使用静态路由或专用访问IGP的简单IP路由配置在列出的访问拓扑中轻松控制。注意,在上述所有拓扑中,AGN充当接入区域边界路由器(接入ABR),将接入拓扑连接到网络的其余部分。因此,在许多情况下,为了实现从ANs到网络的完整网络连接,ANs具有指向AGN的默认路由就足够了。
However, the amount of MPLS forwarding state requires additional consideration. In general, MPLS routers implement LDP Downstream Unsolicited (LDP DU) label advertisements [RFC5036] and advertise MPLS labels for all valid routes in their RIB tables. This is seen as an inadequate approach for ANs, which require a small subset of the total routes (and associated labels) based on the required connectivity for the provisioned services. Although filters can be applied to those LDP DU label advertisements, it is not seen as a suitable tool to facilitate any-to-any AN-driven connectivity between access and the rest of the MPLS network.
然而,MPLS转发状态的数量需要额外考虑。通常,MPLS路由器实现LDP下游非请求(LDP DU)标签广告[RFC5036],并在其RIB表中为所有有效路由广告MPLS标签。这被视为ANs的一种不适当的方法,ANs需要基于所提供服务所需的连接性的总路由(和相关标签)的一小部分。尽管过滤器可应用于那些LDP DU标签广告,但它不被视为促进接入和MPLS网络其余部分之间的任意驱动连接的合适工具。
This document describes an AN-driven "subscription model" for label distribution in the access network. The approach relies on the standard LDP DoD label advertisements as specified in [RFC5036]. LDP DoD enables on-demand label distribution ensuring that only required labels are requested, provided, and installed. Procedures described in this document are equally applicable to LDP IPv4 and IPv6 address families. For simplicity, the document provides examples based on the LDP IPv4 address family.
本文档描述了接入网络中标签分发的驱动“订阅模型”。该方法依赖于[RFC5036]中规定的标准LDP DoD标签广告。LDP DoD支持按需标签分发,确保仅请求、提供和安装所需标签。本文档中描述的过程同样适用于LDP IPv4和IPv6地址系列。为简单起见,本文档提供了基于LDP IPv4地址系列的示例。
The following sections describe a set of reference access topologies considered for LDP DoD usage and their associated IP routing configurations, followed by LDP DoD use cases and LDP DoD procedures in the context of Seamless MPLS design.
以下各节描述了LDP DoD使用中考虑的一组参考访问拓扑及其相关IP路由配置,随后介绍了无缝MPLS设计中的LDP DoD用例和LDP DoD程序。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
LDP DoD use cases are described in the context of a generic reference end-to-end network topology based on Seamless MPLS design [SEAMLESS-MPLS] as shown in Figure 1.
LDP DoD用例在基于无缝MPLS设计[无缝MPLS]的通用参考端到端网络拓扑中描述,如图1所示。
+-------+ +-------+ +------+ +------+ ---+ AGN11 +--+ AGN21 +--+ ABR1 +--+ LSR1 +--> to LSR/AGN +--------+/ +-------+ +-------+ +------+ +------+ | Access | \/ \/ | Network| /\ /\ +--------+ +-------+ +-------+ +------+ +------+ \---+ AGN12 +--+ AGN22 +--+ ABR2 +--+ LSR2 +--> to LSR/AGN +-------+ +-------+ +------+ +------+
+-------+ +-------+ +------+ +------+ ---+ AGN11 +--+ AGN21 +--+ ABR1 +--+ LSR1 +--> to LSR/AGN +--------+/ +-------+ +-------+ +------+ +------+ | Access | \/ \/ | Network| /\ /\ +--------+ +-------+ +-------+ +------+ +------+ \---+ AGN12 +--+ AGN22 +--+ ABR2 +--+ LSR2 +--> to LSR/AGN +-------+ +-------+ +------+ +------+
static routes or access IGP IGP area IGP area <----Access----><--Aggregation Domain--><----Core-----> <------------------------- MPLS ---------------------->
static routes or access IGP IGP area IGP area <----Access----><--Aggregation Domain--><----Core-----> <------------------------- MPLS ---------------------->
Figure 1: Seamless MPLS End-to-End Reference Network Topology
图1:无缝MPLS端到端参考网络拓扑
The access network is either single- or dual-homed to AGN1x, with either a single parallel link or multiple parallel links to AGN1x.
接入网络可以是单宿或双宿AGN1x,可以是单并行链路,也可以是多个并行链路。
Seamless MPLS access network topologies can range from a single- or dual-homed access node to a chain or ring of access nodes, and it can use either static routing or access IGP (IS-IS or OSPF). The following sections describe reference access topologies in more detail.
无缝MPLS接入网络拓扑可以从单宿或双宿接入节点到接入节点链或环,并且可以使用静态路由或接入IGP(IS-IS或OSPF)。以下各节将更详细地描述参考访问拓扑。
In most cases, access nodes connect to the rest of the network using very simple topologies. Here, static routing is sufficient to provide the required IP connectivity. The following topologies are considered for use with static routing and LDP DoD:
在大多数情况下,访问节点使用非常简单的拓扑连接到网络的其余部分。在这里,静态路由足以提供所需的IP连接。以下拓扑可用于静态路由和LDP DoD:
a. [I1] topology - a single AN homed to a single AGN.
a. [I1]拓扑-单个AGN的主节点。
b. [I] topology - multiple ANs daisy-chained to a single AGN.
b. [一] 拓扑-多个ANs菊花链连接到单个AGN。
c. [V] topology - a single AN dual-homed to two AGNs.
c. [五] 拓扑结构-一个单一或双重的两个活动星系核。
d. [U2] topology - two ANs dual-homed to two AGNs.
d. [U2]拓扑-两个ANs双驻留到两个AGN。
e. [Y] topology - multiple ANs daisy-chained to two AGNs.
e. [Y] 拓扑-多个ANs菊花链连接到两个AGN。
The reference static routing and LDP configuration for [V] access topology is shown in Figure 2. The same static routing and LDP configuration also applies to the [I1] topology.
[V]接入拓扑的参考静态路由和LDP配置如图2所示。相同的静态路由和LDP配置也适用于[I1]拓扑。
+----+ +-------+ |AN1 +------------------------+ AGN11 +------- | +-------\ /-----------+ +-\ / +----+ \ / +-------+ \ / \/ \/ /\ /\ +----+ / \ +-------+ / \ |AN2 +-------/ \-----------+ AGN12 +-/ \ | +------------------------+ +------- +----+ +-------+
+----+ +-------+ |AN1 +------------------------+ AGN11 +------- | +-------\ /-----------+ +-\ / +----+ \ / +-------+ \ / \/ \/ /\ /\ +----+ / \ +-------+ / \ |AN2 +-------/ \-----------+ AGN12 +-/ \ | +------------------------+ +------- +----+ +-------+
--(u)-> <-(d)--
--(u)-> <-(d)--
<----- static routing -------> <------ IGP ------> <---- LDP DU -----> <--------- LDP DoD ----------> <-- labeled BGP -->
<----- static routing -------> <------ IGP ------> <---- LDP DU -----> <--------- LDP DoD ----------> <-- labeled BGP -->
(u) static routes: 0/0 default, (optional) /32 routes (d) static routes: AN loopbacks
(u) static routes: 0/0 default, (optional) /32 routes (d) static routes: AN loopbacks
Figure 2: [V] Access Topology with Static Routes
图2:[V]具有静态路由的访问拓扑
In line with the Seamless MPLS design, static routes configured on AGN1x and pointing towards the access network are redistributed in either IGP or BGP labeled IP routes [RFC3107].
根据无缝MPLS设计,AGN1x上配置的指向接入网络的静态路由在IGP或BGP标记的IP路由中重新分配[RFC3107]。
The reference static routing and LDP configuration for [U2] access topology is shown in Figure 3.
[U2]接入拓扑的参考静态路由和LDP配置如图3所示。
+----+ +-------+ (d1) |AN1 +------------------------+ AGN11 +------- | | + + +-\ / v +-+--+ +-------+ \ / | \/ | /\ ^ +-+--+ +-------+ / \ | |AN2 + + AGN12 +-/ \ (d2) | +------------------------+ +------- +----+ +-------+
+----+ +-------+ (d1) |AN1 +------------------------+ AGN11 +------- | | + + +-\ / v +-+--+ +-------+ \ / | \/ | /\ ^ +-+--+ +-------+ / \ | |AN2 + + AGN12 +-/ \ (d2) | +------------------------+ +------- +----+ +-------+
--(u)-> <-(d)--
--(u)-> <-(d)--
<----- static routing -------> <------ IGP ------> <---- LDP DU -----> <--------- LDP DoD ----------> <-- labeled BGP -->
<----- static routing -------> <------ IGP ------> <---- LDP DU -----> <--------- LDP DoD ----------> <-- labeled BGP -->
(u) static route 0/0 default, (optional) /32 routes (d) static route for AN loopbacks (d1) static route for AN2 loopback and 0/0 default with lower preference (d2) static route for AN1 loopback and 0/0 default with lower preference
(u) 静态路由0/0默认值,(可选)/32个路由(d)环回的静态路由(d1)AN2环回的静态路由和具有较低首选项的0/0默认值(d2)AN1环回的静态路由和具有较低首选项的0/0默认值
Figure 3: [U2] Access Topology with Static Routes
图3:[U2]具有静态路由的访问拓扑
The reference static routing and LDP configuration for [Y] access topology is shown in Figure 4. The same static routing and LDP configuration also applies to the [I] topology.
[Y]接入拓扑的参考静态路由和LDP配置如图4所示。相同的静态路由和LDP配置也适用于[I]拓扑。
+-------+ | |---/ /----+ AGN11 | +----+ +----+ +----+ / | |---\ | | | | | +----/ +-------+ |ANn +...|AN2 +---+AN1 | | | | | | +----\ +-------+ +----+ +----+ +----+ \ | |---/ \----+ AGN12 | <-(d2)-- <-(d1)-- | |---\ --(u)-> --(u)-> --(u)-> +-------+ <-(d)--
+-------+ | |---/ /----+ AGN11 | +----+ +----+ +----+ / | |---\ | | | | | +----/ +-------+ |ANn +...|AN2 +---+AN1 | | | | | | +----\ +-------+ +----+ +----+ +----+ \ | |---/ \----+ AGN12 | <-(d2)-- <-(d1)-- | |---\ --(u)-> --(u)-> --(u)-> +-------+ <-(d)--
<------- static routing --------> <------ IGP ------> <---- LDP DU -----> <----------- LDP DoD -----------> <-- labeled BGP -->
<------- static routing --------> <------ IGP ------> <---- LDP DU -----> <----------- LDP DoD -----------> <-- labeled BGP -->
(u) static routes: 0/0 default, (optional) /32 routes (d) static routes: AN loopbacks [1..n] (d1) static routes: AN loopbacks [2..n] (d2) static routes: AN loopbacks [3..n]
(u) static routes: 0/0 default, (optional) /32 routes (d) static routes: AN loopbacks [1..n] (d1) static routes: AN loopbacks [2..n] (d2) static routes: AN loopbacks [3..n]
Figure 4: [Y] Access Topology with Static Routes
图4:[Y]具有静态路由的访问拓扑
Note that in all of the above topologies, parallel Equal-Cost Multipath (ECMP) (or Layer 2 Link Aggregation Group (L2 LAG)) links can be used between the nodes.
注意,在上述所有拓扑中,节点之间可以使用并行等成本多路径(ECMP)(或第2层链路聚合组(L2-LAG))链路。
ANs support Inter-area LDP [RFC5283] in order to use the IP default route to match the LDP Forwarding Equivalence Class (FEC) advertised by AGN1x and other ANs.
ANs支持区域间LDP[RFC5283],以便使用IP默认路由来匹配AGN1x和其他ANs公布的LDP转发等价类(FEC)。
A dedicated access IGP instance is used in the access network to perform the internal routing between AGN1x and connected AN devices. Examples of such an IGP could be IS-IS, OSPFv2 and v3, or RIPv2 and RIPng. This access IGP instance is distinct from the IGP of the aggregation domain.
在接入网络中使用专用接入IGP实例来执行AGN1x和连接的设备之间的内部路由。此类IGP的示例可以是IS-IS、OSPFv2和v3,或RIPv2和RIPng。此访问IGP实例不同于聚合域的IGP。
The following topologies are considered for use with access IGP routing and LDP DoD:
以下拓扑考虑用于接入IGP路由和LDP DoD:
a. [U] topology - multiple ANs chained in an open ring and dual-homed to two AGNs.
a. [U] 拓扑-多个ANs链接在一个开放环中,并双宿于两个AGN。
b. [Y] topology - multiple ANs daisy-chained via a hub-AN to two AGNs.
b. [Y] 拓扑-多个ANs通过一个集线器菊花链连接到两个AGN。
The reference access IGP and LDP configuration for [U] access topology is shown in Figure 5. +-------+ +-----+ +-----+ +----+ | +---/ | AN3 |---| AN2 |---|AN1 +-----+ AGN11 | +-----+ +-----+ +----+ | +---\ . +-------+ . . +-------+ +-----+ +-----+ +----+ | +---/ |ANn-2|---|ANn-1|---|ANn +-----+ AGN12 | +-----+ +-----+ +----+ | +---\ +-------+
The reference access IGP and LDP configuration for [U] access topology is shown in Figure 5. +-------+ +-----+ +-----+ +----+ | +---/ | AN3 |---| AN2 |---|AN1 +-----+ AGN11 | +-----+ +-----+ +----+ | +---\ . +-------+ . . +-------+ +-----+ +-----+ +----+ | +---/ |ANn-2|---|ANn-1|---|ANn +-----+ AGN12 | +-----+ +-----+ +----+ | +---\ +-------+
<---------- access IGP ------------> <------ IGP ------> <---- LDP DU -----> <------------ LDP DoD -------------> <-- labeled BGP -->
<---------- access IGP ------------> <------ IGP ------> <---- LDP DU -----> <------------ LDP DoD -------------> <-- labeled BGP -->
Figure 5: [U] Access Topology with Access IGP
图5:[U]带有接入IGP的接入拓扑
The reference access IGP and LDP configuration for [Y] access topology is shown in Figure 6. +-------+ | |---/ /----+ AGN11 |2 +----+ +----+ +----+ / | |---\ | | | | | +----/ +-------+ |ANn +...|AN2 +---+AN1 | | | | | | +----\ +-------+ +----+ +----+ +----+ \ | |---/ \----+ AGN12 | | |---\ +-------+
The reference access IGP and LDP configuration for [Y] access topology is shown in Figure 6. +-------+ | |---/ /----+ AGN11 |2 +----+ +----+ +----+ / | |---\ | | | | | +----/ +-------+ |ANn +...|AN2 +---+AN1 | | | | | | +----\ +-------+ +----+ +----+ +----+ \ | |---/ \----+ AGN12 | | |---\ +-------+
<---------- access IGP ------------> <------ IGP ------> <---- LDP DU -----> <------------ LDP DoD -------------> <-- labeled BGP -->
<---------- access IGP ------------> <------ IGP ------> <---- LDP DU -----> <------------ LDP DoD -------------> <-- labeled BGP -->
Figure 6: [Y] Access Topology with Access IGP
图6:[Y]带有接入IGP的接入拓扑
Note that in all of the above topologies, parallel ECMP (or L2 LAG) links can be used between the nodes.
注意,在上述所有拓扑中,节点之间可以使用并行ECMP(或L2 LAG)链路。
In both of the above topologies, ANs (ANn ... AN1) and AGN1x share the access IGP and advertise their IPv4 and IPv6 loopbacks and link addresses. AGN1x advertises a default route into the access IGP.
在上述两种拓扑中,ANs(ANn…AN1)和AGN1x共享访问IGP,并公布其IPv4和IPv6环回和链路地址。AGN1x向接入IGP播发默认路由。
ANs support Inter-area LDP [RFC5283] in order to use the IP default route for matching the LDP FECs advertised by AGN1x or other ANs.
ANs支持区域间LDP[RFC5283],以便使用IP默认路由来匹配AGN1x或其他ANs公布的LDP FEC。
LDP DoD use cases described in this document are based on the Seamless MPLS scenarios listed in Seamless MPLS design [SEAMLESS-MPLS]. This section illustrates these use cases focusing on services provisioned on the access nodes and clarifies expected LDP DoD operation on the AN and AGN1x devices. Two representative service types are used to illustrate the service use cases: MPLS Pseudowire Edge-to-Edge (PWE3) [RFC4447] and BGP/MPLS IP VPN [RFC4364].
本文件中描述的LDP国防部用例基于无缝MPLS设计[无缝MPLS]中列出的无缝MPLS场景。本节说明了这些用例,重点介绍了在接入节点上提供的服务,并阐明了在AN和AGN1x设备上预期的LDP DoD操作。两种代表性的服务类型用于说明服务用例:MPLS伪线边缘到边缘(PWE3)[RFC4447]和BGP/MPLS IP VPN[RFC4364]。
Described LDP DoD operations apply equally to all reference access topologies described in Section 2. Operations that are specific to certain access topologies are called out explicitly.
描述的LDP DoD操作同样适用于第2节中描述的所有参考访问拓扑。明确调用特定于某些访问拓扑的操作。
References to upstream and downstream nodes are made in line with the definition of upstream and downstream LSRs [RFC3031].
对上游和下游节点的引用符合上游和下游LSR的定义[RFC3031]。
An access node is commissioned without any services provisioned on it. The AN can request labels for loopback addresses of any AN, AGN, or other nodes within the Seamless MPLS network for operational and management purposes. It is assumed that AGN1x has the required IP/MPLS configuration for network-side connectivity in line with Seamless MPLS design [SEAMLESS-MPLS].
访问节点在没有提供任何服务的情况下进行调试。出于操作和管理目的,AN可以请求无缝MPLS网络中任何AN、AGN或其他节点的环回地址标签。假定AGN1x具有网络侧连接所需的IP/MPLS配置,符合无缝MPLS设计[无缝MPLS]。
LDP sessions are configured between adjacent ANs and AGN1x using their respective loopback addresses.
LDP会话在相邻ANs和AGN1x之间使用各自的环回地址进行配置。
If access static routing is used, ANs are provisioned with the following static IP routing entries (topology references from Section 2 are listed in square brackets):
如果使用访问静态路由,ANs将配备以下静态IP路由条目(方括号中列出了第2节中的拓扑参考):
a. [I1, V, U2] - Static default route 0/0 pointing to links connected to AGN1x. Requires support for Inter-area LDP [RFC5283].
a. [I1,V,U2]-指向连接到AGN1x的链路的静态默认路由0/0。需要对区域间LDP[RFC5283]的支持。
b. [U2] - Static /32 routes pointing to the other AN. Lower preference static default route 0/0 pointing to links connected to the other AN. Requires support for Inter-area LDP [RFC5283].
b. [U2]-指向另一个AN的静态/32路由。较低的首选项静态默认路由0/0指向连接到另一个AN的链接。需要对区域间LDP[RFC5283]的支持。
c. [I, Y] - Static default route 0/0 pointing to links leading towards AGN1x. Requires support for Inter-area LDP [RFC5283].
c. [I,Y]-指向指向AGN1x链路的静态默认路由0/0。需要对区域间LDP[RFC5283]的支持。
d. [I, Y] - Static /32 routes to all ANs in the daisy-chain pointing to links towards those ANs.
d. [I,Y]-指向指向指向这些AN的链路的菊花链中所有AN的静态/32路由。
e. [I1, V, U2] - Optional - Static /32 routes for specific nodes within the Seamless MPLS network, pointing to links connected to AGN1x.
e. [I1,V,U2]-可选-无缝MPLS网络内特定节点的静态/32路由,指向连接到AGN1x的链路。
f. [I, Y] - Optional - Static /32 routes for specific nodes within the Seamless MPLS network, pointing to links leading towards AGN1x.
f. [I,Y]-可选-无缝MPLS网络内特定节点的静态/32路由,指向指向AGN1x的链路。
The upstream AN/AGN1x requests labels over an LDP DoD session(s) from downstream AN/AGN1x for configured static routes if those static routes are configured with an LDP DoD request policy and if they are pointing to a next hop selected by routing. It is expected that all configured /32 static routes to be used for LDP DoD are configured with such a policy on an AN/AGN1x.
上游AN/AGN1x通过LDP DoD会话从下游AN/AGN1x请求标签,用于配置的静态路由,前提是这些静态路由配置有LDP DoD请求策略,并且它们指向路由选择的下一跳。预计LDP DoD使用的所有配置的/32静态路由在an/AGN1x上都配置了这样的策略。
The downstream AN/AGN1x responds to the Label Request from the upstream AN/AGN1x with a label mapping if the requested route is present in its RIB and there is a valid label binding from its downstream neighbor or if it is the egress node. In such a case, the downstream AN/AGN1x installs the advertised label as an incoming label in its label information base (LIB) and its label forwarding information base (LFIB). The upstream AN/AGN1x also installs the received label as an outgoing label in its LIB and LFIB. If the downstream AN/AGN1x does have the route present in its RIB, but does not have a valid label binding from its downstream neighbor, it forwards the request to its downstream neighbor.
如果请求的路由存在于其RIB中并且存在来自其下游邻居的有效标签绑定,或者如果其是出口节点,则下游AN/AGN1x使用标签映射来响应来自上游AN/AGN1x的标签请求。在这种情况下,下游AN/AGN1x在其标签信息库(LIB)和标签转发信息库(LFIB)中将广告标签安装为传入标签。上游AN/AGN1x还将接收到的标签作为传出标签安装在其LIB和LFIB中。如果下游AN/AGN1x的RIB中确实存在路由,但没有来自其下游邻居的有效标签绑定,则它将请求转发给其下游邻居。
In order to facilitate ECMP and IP Fast Reroute (IPFRR) Loop-Free Alternate (LFA) local-repair [RFC5286], the upstream AN/AGN1x also sends LDP DoD Label Requests to alternate next hops per its RIB, and installs received labels as alternate entries in its LIB and LFIB.
为了促进ECMP和IP快速重路由(IPFRR)无环路备用(LFA)本地修复[RFC5286],上游AN/AGN1x还向每个RIB的备用下一跳发送LDP DoD标签请求,并将收到的标签作为备用条目安装在其LIB和LFIB中。
The AGN1x on the network side can use BGP labeled IP routes [RFC3107] in line with the Seamless MPLS design [SEAMLESS-MPLS]. In such a case, AGN1x will redistribute its static routes pointing to local ANs into BGP labeled IP routes to facilitate network-to-access traffic flows. Likewise, to facilitate access-to-network traffic flows, AGN1x will respond to access-originated LDP DoD Label Requests with label mappings based on its BGP labeled IP routes reachability for requested FECs.
网络侧的AGN1x可以使用BGP标记的IP路由[RFC3107],符合无缝MPLS设计[无缝MPLS]。在这种情况下,AGN1x将把指向本地ANs的静态路由重新分配到BGP标记的IP路由中,以便于网络访问流量。同样,为了方便访问网络流量,AGN1x将根据其BGP标记的IP路由对请求的FEC的可达性,使用标签映射来响应来自访问的LDP DoD标签请求。
If access IGP is used, an AN(s) advertises its loopbacks over the access IGP with configured metrics. The AGN1x advertises a default route over the access IGP.
如果使用了访问IGP,an将使用配置的度量在访问IGP上公布其环回。AGN1x通过接入IGP播发默认路由。
Routers request labels over LDP DoD session(s) according to their needs for MPLS connectivity (via Label Switching Paths (LSPs)). In particular, if AGNs, as per Seamless MPLS design [SEAMLESS-MPLS], redistribute routes from the IGP into BGP labeled IP routes [RFC3107], they request labels over LDP DoD session(s) for those routes.
路由器根据其MPLS连接需求(通过标签交换路径(LSP))通过LDP DoD会话请求标签。特别是,如果活动星系核按照无缝MPLS设计[无缝MPLS],将IGP的路由重新分配到BGP标记的IP路由[RFC3107],它们会通过LDP DoD会话为这些路由请求标签。
Identical to the static route case, the downstream AN/AGN1x responds to the Label Request from the upstream AN/AGN1x with a label mapping (if the requested route is present in its RIB and there is a valid label binding from its downstream neighbor), and installs the advertised label as an incoming label in its LIB and LFIB. The upstream AN/AGN1x also installs the received label as an outgoing label in its LIB and LFIB.
与静态路由情况相同,下游AN/AGN1x使用标签映射响应来自上游AN/AGN1x的标签请求(如果请求的路由存在于其RIB中,并且存在来自其下游邻居的有效标签绑定),并在其LIB和LFIB中将播发标签安装为传入标签。上游AN/AGN1x还将接收到的标签作为传出标签安装在其LIB和LFIB中。
Identical to the static route case, in order to facilitate ECMP and IPFRR LFA local-repair, the upstream AN/AGN1x also sends LDP DoD Label Requests to alternate next hops per its RIB, and it installs received labels as alternate entries in its LIB and LFIB.
与静态路由情况相同,为了便于ECMP和IPFRR LFA本地修复,上游AN/AGN1x还发送LDP DoD标签请求,以每个RIB交替下一跳,并在其LIB和LFIB中安装接收到的标签作为备用条目。
The AGN1x on the network side can use labeled BGP [RFC3107] in line with Seamless MPLS design [SEAMLESS-MPLS]. In such a case, AGN1x will redistribute routes received over the access IGP (and pointing to local ANs), into BGP labeled IP routes to facilitate network-to-access traffic flows. Likewise, to facilitate access-to-network traffic flows, the AGN1x will respond to access-originated LDP DoD Label Requests with label mappings based on its BGP labeled IP routes reachability for requested FECs.
网络侧的AGN1x可以使用标签BGP[RFC3107],与无缝MPLS设计[无缝MPLS]一致。在这种情况下,AGN1x将通过接入IGP(并指向本地ANs)接收的路由重新分配到BGP标记的IP路由中,以促进网络访问流量。同样,为了方便访问网络流量,AGN1x将根据其BGP标记的IP路由对请求的FEC的可达性,使用标签映射来响应来自访问的LDP DoD标签请求。
Following the initial setup phase described in Section 3.1, a specific access node, referred to as AN*, is provisioned with a network service. AN* relies on LDP DoD to request the required MPLS LSP(s) label(s) from the downstream AN/AGN1x node(s). Note that LDP DoD operations are service agnostic; that is, they are the same independently of the services provisioned on the AN*.
在第3.1节中描述的初始设置阶段之后,为特定接入节点(称为AN*)提供网络服务。AN*依赖LDP DoD从下游AN/AGN1x节点请求所需的MPLS LSP标签。请注意,LDP国防部的作战行动与服务无关;也就是说,它们与AN*上提供的服务无关。
For illustration purposes, two service types are described: MPLS PWE3 [RFC4447] service and BGP/MPLS IPVPN [RFC4364].
出于说明目的,描述了两种服务类型:MPLS PWE3[RFC4447]服务和BGP/MPLS IPVPN[RFC4364]。
MPLS PWE3 service: For description simplicity, it is assumed that a single segment pseudowire is signaled using targeted LDP (tLDP) FEC128 (0x80), and it is provisioned with the pseudowire ID and the loopback IPv4 address of the destination node. The following IP/MPLS operations need to be completed on the AN* to successfully establish such PWE3 service:
MPLS PWE3服务:为简化描述,假设使用目标LDP(tLDP)FEC128(0x80)发送单段伪线信号,并使用伪线ID和目标节点的环回IPv4地址对其进行配置。要成功建立此类PWE3服务,需要在AN*上完成以下IP/MPLS操作:
a. LSP labels for destination /32 FEC (outgoing label) and the local /32 loopback (incoming label) need to be signaled using LDP DoD.
a. 目标/32 FEC(传出标签)和本地/32环回(传入标签)的LSP标签需要使用LDP DoD发出信号。
b. A tLDP session over an associated TCP/IP connection needs to be established to the PWE3 destination Provider Edge (PE). This is triggered either by an explicit tLDP session configuration on the AN* or automatically at the time of provisioning the PWE3 instance.
b. 需要通过关联的TCP/IP连接建立到PWE3目标提供程序边缘(PE)的tLDP会话。这可以由an*上的显式tLDP会话配置触发,也可以在配置PWE3实例时自动触发。
c. Local and remote PWE3 labels for specific FEC128 PW ID need to be signaled using tLDP and PWE3 signaling procedures [RFC4447].
c. 特定FEC128 PW ID的本地和远程PWE3标签需要使用tLDP和PWE3信令程序发信号[RFC4447]。
d. Upon successful completion of the above operations, AN* programs its RIB/LIB and LFIB tables and activates the MPLS PWE3 service.
d. 成功完成上述操作后,AN*对其RIB/LIB和LFIB表进行编程,并激活MPLS PWE3服务。
Note: Only minimum operations applicable to service connectivity have been listed. Other non-IP/non-MPLS connectivity operations that are required for successful service provisioning and activation are out of scope in this document.
注:仅列出了适用于服务连接的最低操作。成功提供和激活服务所需的其他非IP/非MPLS连接操作不在本文档的范围内。
BGP/MPLS IPVPN service: For description simplicity, it is assumed that the AN* is provisioned with a unicast IPv4 IPVPN service (VPNv4 for short) [RFC4364]. The following IP/MPLS operations need to be completed on the AN* to successfully establish VPNv4 service:
BGP/MPLS IPVPN服务:为了简单描述,假设AN*配置了单播IPv4 IPVPN服务(简称VPNv4)[RFC4364]。要成功建立VPNv4服务,需要在AN*上完成以下IP/MPLS操作:
a. BGP peering sessions with associated TCP/IP connections need to be established with the remote destination VPNv4 PEs or Route Reflectors.
a. 需要与远程目标VPNv4 PE或路由反射器建立具有相关TCP/IP连接的BGP对等会话。
b. Based on configured BGP policies, VPNv4 BGP Network Layer Reachability Information (NLRI) needs to be exchanged between AN* and its BGP peers.
b. 根据配置的BGP策略,VPNv4 BGP网络层可达性信息(NLRI)需要在AN*与其BGP对等方之间交换。
c. Based on configured BGP policies, VPNv4 routes need to be installed in the AN* VPN Routing and Forwarding (VRF) RIB and FIB, with corresponding BGP next hops.
c. 根据配置的BGP策略,VPNv4路由需要安装在AN*VPN路由和转发(VRF)RIB和FIB中,并具有相应的BGP下一跳。
d. LSP labels for destination BGP next-hop /32 FEC (outgoing label) and the local /32 loopback (incoming label) need to be signaled using LDP DoD.
d. 目标BGP下一跳/32 FEC(传出标签)和本地/32环回(传入标签)的LSP标签需要使用LDP DoD发出信号。
e. Upon successful completion of above operations, AN* programs its RIB/LIB and LFIB tables, and activates the BGP/MPLS IPVPN service.
e. 成功完成上述操作后,AN*编程其RIB/LIB和LFIB表,并激活BGP/MPLS IPVPN服务。
Note: Only minimum operations applicable to service connectivity have been listed. Other non-IP/-MPLS connectivity operations that are required for successful service provisioning are out of scope in this document.
注:仅列出了适用于服务连接的最低操作。成功提供服务所需的其他非IP/-MPLS连接操作超出了本文档的范围。
To establish an LSP for destination /32 FEC for any of the above services, AN* looks up its local routing table for a matching route and selects the best next hop(s) and associated outgoing link(s).
要为上述任何服务的目的地/32 FEC建立LSP,*查找其本地路由表以查找匹配的路由,并选择最佳下一跳和相关的传出链路。
If a label for this /32 FEC is not already installed based on the configured static route with LDP DoD request policy or access IGP RIB entry, AN* sends an LDP DoD label mapping request. A downstream AN/AGN1x LSR(s) checks its RIB for presence of the requested /32 and associated valid outgoing label binding, and if both are present, replies with its label for this FEC and installs this label as incoming in its LIB and LFIB. Upon receiving the label mapping, the AN* accepts this label based on the exact route match of the advertised FEC and route entry in its RIB or based on the longest
如果此/32 FEC的标签尚未根据配置的具有LDP DoD请求策略的静态路由或访问IGP RIB条目安装,则*发送LDP DoD标签映射请求。下游AN/AGN1x LSR检查其RIB是否存在请求的/32和相关的有效传出标签绑定,如果两者都存在,则使用其用于此FEC的标签进行回复,并将此标签作为传入安装在其LIB和LFIB中。在接收到标签映射后,AN*基于其RIB中的广告FEC和路由条目的精确路由匹配或基于最长路径接受该标签
match in line with Inter-area LDP [RFC5283]. If the AN* accepts the label, it installs it as an outgoing label in its LIB and LFIB.
根据区域间LDP[RFC5283]进行匹配。如果AN*接受该标签,它会将其作为传出标签安装在其LIB和LFIB中。
In access topologies [V] and [Y], if AN* is dual-homed to two AGN1x and routing entries for these AGN1x's are configured as equal-cost paths, AN* sends LDP DoD Label Requests to both AGN1x devices and installs all received labels in its LIB and LFIB.
在访问拓扑[V]和[Y]中,如果*与两个AGN1x双宿,并且这些AGN1x的路由条目配置为等成本路径,则*向两个AGN1x设备发送LDP DoD标签请求,并在其LIB和LFIB中安装所有接收到的标签。
In order for AN* to implement IPFRR LFA local-repair, AN* also sends LDP DoD Label Requests to alternate next hops per its RIB, and installs received labels as alternate entries in its LIB and LFIB.
为了*实施IPFRR LFA本地修复,AN*还发送LDP DoD标签请求到每个RIB的备用下一跳,并将收到的标签作为备用条目安装在其LIB和LFIB中。
When forwarding PWE3 or VPNv4 packets, AN* chooses the LSP label based on the locally configured static /32 or default route or default route signaled via access IGP. If a route is reachable via multiple interfaces to AGN1x nodes and the route has multiple equal-cost paths, AN* implements ECMP functionality. This involves AN* using a hash-based load-balancing mechanism and sending the PWE3 or VPNv4 packets in a flow-aware manner with appropriate LSP labels via all equal-cost links.
转发PWE3或VPNv4数据包时,*根据本地配置的静态/32或默认路由或通过访问IGP发出信号的默认路由选择LSP标签。如果一条路由可通过多个接口到达AGN1x节点,且该路由具有多条等成本路径,则*实现ECMP功能。这涉及*使用基于哈希的负载平衡机制,并通过所有等成本链路以流感知方式发送带有适当LSP标签的PWE3或VPNv4数据包。
The ECMP mechanism is applicable in an equal manner to parallel links between two network elements and multiple paths towards the destination. The traffic demand is distributed over the available paths.
ECMP机制同样适用于两个网元之间的并行链路和通向目的地的多条路径。交通需求分布在可用路径上。
The AGN1x on the network side can use labeled BGP [RFC3107] in line with Seamless MPLS design [SEAMLESS-MPLS]. In such a case, the AGN1x will redistribute its static routes (or routes received from the access IGP) pointing to local ANs into BGP labeled IP routes to facilitate network-to-access traffic flows. Likewise, to facilitate access-to-network traffic flows, the AGN1x will respond to access-originated LDP DoD Label Requests with label mappings based on its BGP labeled IP routes reachability for requested FECs.
网络侧的AGN1x可以使用标签BGP[RFC3107],与无缝MPLS设计[无缝MPLS]一致。在这种情况下,AGN1x将其指向本地ANs的静态路由(或从接入IGP接收的路由)重新分配到BGP标记的IP路由中,以便于网络访问流量。同样,为了方便访问网络流量,AGN1x将根据其BGP标记的IP路由对请求的FEC的可达性,使用标签映射来响应来自访问的LDP DoD标签请求。
Whenever the AN* service gets decommissioned or changed and connectivity to a specific destination is no longer required, the associated MPLS LSP label resources are to be released on AN*.
每当AN*服务退役或更改,并且不再需要连接到特定目的地时,都会在*上释放相关的MPLS LSP标签资源。
MPLS PWE3 service: If the PWE3 service gets decommissioned and it is the last PWE3 to a specific destination node, the tLDP session is no longer needed and is to be terminated (automatically or by configuration). The MPLS LSP(s) to that destination is no longer needed either.
MPLS PWE3服务:如果PWE3服务退役,并且它是到特定目标节点的最后一个PWE3,则不再需要tLDP会话,并且将终止该会话(自动或通过配置)。到该目的地的MPLS LSP也不再需要。
BGP/MPLS IPVPN service: Deletion of a specific VPNv4 (VRF) instance via local or remote reconfiguration can result in a specific BGP next hop(s) no longer being needed. The MPLS LSP(s) to that destination is no longer needed either.
BGP/MPLS IPVPN服务:通过本地或远程重新配置删除特定的VPNv4(VRF)实例可能导致不再需要特定的BGP下一跳。到该目的地的MPLS LSP也不再需要。
In all of the above cases, the following operations related to LDP DoD apply:
在上述所有情况下,以下与LDP DoD相关的操作适用:
o If the /32 FEC label for the aforementioned destination node was originally requested based on either tLDP session configuration and default route or required BGP next hop and default route, AN* deletes the label from its LIB and LFIB, and releases it from the downstream AN/AGN1x by using LDP DoD procedures.
o 如果上述目的地节点的/32 FEC标签最初是基于tLDP会话配置和默认路由或所需的BGP下一跳和默认路由请求的,AN*将从其LIB和LFIB中删除该标签,并使用LDP DoD过程从下游AN/AGN1x中释放该标签。
o If the /32 FEC label was originally requested based on the static /32 route configuration with LDP DoD request policy, the label is retained by AN*.
o 如果最初根据LDP DoD请求策略的静态/32路由配置请求/32 FEC标签,则标签由*保留。
A service instance can stop being operational due to a local or remote service failure event.
服务实例可能由于本地或远程服务故障事件而停止运行。
In general, unless the service failure event modifies required MPLS connectivity, there is no impact on the LDP DoD operation.
一般来说,除非服务故障事件修改了所需的MPLS连接,否则不会对LDP DoD操作产生影响。
If the service failure event does modify the required MPLS connectivity, LDP DoD operations apply as described in Sections 3.2 and 3.3.
如果服务故障事件确实修改了所需的MPLS连接,则LDP DoD操作适用于第3.2节和第3.3节中所述。
A number of different network events can impact services on AN*. The following sections describe network event types that impact LDP DoD operation on AN and AGN1x nodes.
许多不同的网络事件会影响*上的服务。以下各节描述了影响LDP DoD在AN和AGN1x节点上运行的网络事件类型。
If service on any of the ANs is affected by any network failure and there is no network redundancy, the service goes into a failure state. Upon recovery from network failure, the service is to be re-established automatically.
如果任何ANs上的服务受到任何网络故障的影响,并且没有网络冗余,则该服务将进入故障状态。从网络故障中恢复后,服务将自动重新建立。
The following additional LDP-related functions need to be supported to comply with Seamless MPLS [SEAMLESS-MPLS] fast service restoration requirements:
需要支持以下与LDP相关的附加功能,以符合无缝MPLS[无缝MPLS]快速服务恢复要求:
a. Local-repair: AN and AGN1x support local-repair for adjacent link or node failure for access-to-network, network-to-access, and access-to-access traffic flows. Local-repair is to be implemented by using either IPFRR LDP LFA, simple ECMP, or primary/backup switchover upon failure detection.
a. 本地修复:AN和AGN1x支持对网络访问、网络访问和访问流量访问的相邻链路或节点故障进行本地修复。本地修复将通过使用IPFRR LDP LFA、简单ECMP或故障检测时的主/备用切换来实现。
b. LDP session protection: LDP sessions are configured with LDP session protection to avoid delay upon the recovery from link failure. LDP session protection ensures that FEC label binding is maintained in the control plane as long as the LDP session stays up.
b. LDP会话保护:LDP会话配置LDP会话保护,避免链路故障恢复时的延迟。LDP会话保护确保只要LDP会话保持不变,FEC标签绑定就在控制平面中保持。
c. IGP-LDP synchronization: If access IGP is used, LDP sessions between ANs, and between ANs and AGN1x, are configured with IGP-LDP synchronization to avoid unnecessary traffic loss in case the access IGP converged before LDP and there is no LDP label binding to the best downstream next hop.
c. IGP-LDP同步:如果使用接入IGP,则ANs之间以及ANs和AGN1x之间的LDP会话都配置了IGP-LDP同步,以避免在接入IGP在LDP之前聚合,并且没有LDP标签绑定到最佳下游下一跳时出现不必要的流量损失。
If the AN fails, adjacent AN/AGN1x nodes remove all routes pointing to the failed node from their RIB tables (including /32 loopback belonging to the failed AN and any other routes reachable via the failed AN). In turn, this triggers the removal of associated outgoing /32 FEC labels from their LIB and LFIB tables.
如果AN发生故障,相邻的AN/AGN1x节点将从其RIB表中删除指向故障节点的所有路由(包括属于故障AN的/32环回以及可通过故障AN访问的任何其他路由)。反过来,这会触发从LIB和LFIB表中删除相关的传出/32 FEC标签。
If access IGP is used, the AN failure will be propagated via IGP link updates across the access topology.
如果使用访问IGP,则故障将通过访问拓扑中的IGP链路更新传播。
If a specific /32 FEC(s) is no longer reachable from those ANs/AGN1x's, they also send LDP Label Withdraw messages to their upstream LSRs to notify them about the failure, and remove the associated incoming label(s) from their LIB and LFIB tables. Upstream LSRs, upon receiving a Label Withdraw, remove the signaled labels from their LIB/LFIB tables, and propagate LDP Label Withdraws across their upstream LDP DoD sessions.
如果无法再从这些ANs/AGN1x访问特定的/32 FEC,它们也会向其上游LSR发送LDP Label DRACH消息,通知其故障,并从其LIB和LFIB表中删除相关的传入标签。上游LSR在接收到标签撤回后,从其LIB/LFIB表中移除信号标签,并在其上游LDP DoD会话中传播LDP标签撤回。
In the [U] topology, there may be an alternative path to routes previously reachable via the failed AN. In this case, adjacent AN/AGN1x pairs invoke local-repair (IPFRR LFA, ECMP) and switch over to an alternate next hop to reach those routes.
在[U]拓扑中,可能存在一个替代路径,用于先前可通过故障an到达的路由。在这种情况下,相邻的AN/AGN1x对调用本地修复(IPFRR LFA、ECMP)并切换到备用下一跳以到达这些路由。
AGN1x is notified about the AN failure via access IGP (if used) and/or cascaded LDP DoD Label Withdraw(s). AGN1x implements all relevant global-repair IP/MPLS procedures to propagate the AN failure towards the core network. This involves removing associated routes (in the access IGP case) and labels from its LIB and LFIB tables, and
AGN1x通过访问IGP(如果使用)和/或级联LDP DoD标签撤回通知故障。AGN1x执行所有相关的全局修复IP/MPLS过程,将故障传播到核心网络。这涉及从其LIB和LFIB表中删除关联路由(在accessigp情况下)和标签,以及
propagating the failure on the network side using labeled BGP and/or core IGP/LDP DU procedures.
使用标记的BGP和/或核心IGP/LDP DU程序在网络侧传播故障。
Upon the AN coming back up, adjacent AN/AGN1x nodes automatically add routes pointing to recovered links based on the configured static routes or access IGP adjacency and link state updates. This is then followed by LDP DoD label signaling and subsequent binding and installation of labels in LIB and LFIB tables.
AN恢复后,相邻AN/AGN1x节点会根据配置的静态路由或访问IGP邻接和链路状态更新自动添加指向恢复链路的路由。然后是LDP DoD标签信令,以及随后在LIB和LFIB表中绑定和安装标签。
Depending on the access topology and the failed link location, different cases apply to the network operation after AN link failure (topology references from Section 2 in square brackets):
根据接入拓扑和故障链路位置,不同情况适用于链路故障后的网络操作(方括号中第2节的拓扑参考):
a. [all] - link failed, but at least one ECMP parallel link remains. Nodes on both sides of the failed link stop using the failed link immediately (local-repair) and keep using the remaining ECMP parallel links.
a. [all]-链路失败,但至少还有一个ECMP并行链路。故障链路两侧的节点立即停止使用故障链路(本地修复),并继续使用剩余的ECMP并行链路。
b. [I1, I, Y] - link failed, and there are no ECMP or alternative links and paths. Nodes on both sides of the failed link remove routes pointing to the failed link immediately from the RIB, remove associated labels from their LIB and LFIB tables, and send LDP Label Withdraw(s) to their upstream LSRs.
b. [I1,I,Y]-链路失败,并且没有ECMP或替代链路和路径。故障链路两侧的节点立即从RIB中删除指向故障链路的路由,从其LIB和LFIB表中删除相关标签,并将LDP标签撤回发送到其上游LSR。
c. [U2, U, V, Y] - link failed, but at least one ECMP or alternate path remains. The AN/AGN1x node stops using the failed link and immediately switches over (local-repair) to the remaining ECMP path or alternate path. The AN/AGN1x removes affected next hops and labels. If there is an AGN1x terminating the failed link, it immediately removes routes pointing to the failed link from the RIB, removes any associated labels from the LIB and LFIB tables, and propagates the failure on the network side using labeled BGP and/or core IGP procedures.
c. [U2,U,V,Y]-链路失败,但至少还有一个ECMP或备用路径。AN/AGN1x节点停止使用故障链路,并立即切换(本地修复)到剩余的ECMP路径或备用路径。AN/AGN1x将删除受影响的下一个跃点和标签。如果有AGN1x终止故障链路,它会立即从RIB中删除指向故障链路的路由,从LIB和LFIB表中删除任何相关标签,并使用标记的BGP和/或核心IGP过程在网络侧传播故障。
If access IGP is used, AN/AGN1x link failure will be propagated via IGP link updates across the access topology.
如果使用访问IGP,则/AGN1x链路故障将通过访问拓扑中的IGP链路更新传播。
LDP DoD will also propagate the link failure by sending Label Withdraws to upstream AN/AGN1x nodes, and Label Release messages to downstream AN/AGN1x nodes.
LDP DoD还将通过向上游AN/AGN1x节点发送标签撤销,并向下游AN/AGN1x节点发送标签释放消息来传播链路故障。
If an AGN1x fails adjacent access then, depending on the access topology, the following cases apply to the network operation (topology references from Section 2 are shown in square brackets):
如果AGN1x相邻访问失败,则根据访问拓扑,以下情况适用于网络操作(第2节中的拓扑参考显示在方括号中):
a. [I1, I] - ANs are isolated from the network - An AN adjacent to the failure immediately removes routes pointing to the failed AGN1x from the RIB, removes associated labels from the LIB and LFIB tables, and sends LDP Label Withdraw message(s) to its upstream neighbors. If access IGP is used, an IGP link update is sent.
a. [I1,I]-ANs与网络隔离-与故障相邻的An立即从RIB中删除指向故障AGN1x的路由,从LIB和LFIB表中删除相关标签,并向其上游邻居发送LDP标签撤销消息。如果使用访问IGP,则发送IGP链路更新。
b. [U2, U, V, Y] - at least one ECMP or alternate path remains. AN adjacent to failed AGN1x stops using the failed link and immediately switches over (local-repair) to the remaining ECMP path or alternate path by following LDP [RFC5036] procedures. (Appendix A.1.7 "Detect Change in FEC Next Hop")
b. [U2,U,V,Y]-至少保留一个ECMP或备用路径。故障AGN1x附近的一个传感器停止使用故障链路,并通过LDP[RFC5036]程序立即切换(本地修复)到剩余的ECMP路径或备用路径。(附录A.1.7“检测FEC下一跳的变化”)
Network-side procedures for handling AGN1x failure have been described in Seamless MPLS [SEAMLESS-MPLS].
无缝MPLS[无缝MPLS]中描述了处理AGN1x故障的网络端程序。
If AGN1x loses network reachability to a specific destination or set of network-side destinations, AGN1x sends LDP Label Withdraw messages to its upstream ANs, withdrawing labels for all affected /32 FECs. Upon receiving those messages, ANs remove those labels from their LIB and LFIB tables, and use alternative LSPs instead (if available) as part of global-repair.
如果AGN1x失去到特定目的地或一组网络侧目的地的网络可达性,AGN1x将LDP标签撤销消息发送到其上游ANs,撤销所有受影响/32 FEC的标签。收到这些消息后,AN将从其LIB和LFIB表中删除这些标签,并使用替代LSP(如果可用)作为全局修复的一部分。
If access IGP is used, and AGN1x gets completely isolated from the core network, it stops advertising the default route 0/0 into the access IGP.
如果使用了接入IGP,并且AGN1x与核心网络完全隔离,它将停止向接入IGP播发默认路由0/0。
All LDP Downstream-on-Demand implementations follow the Label Distribution Protocol as specified in [RFC5036]. This section does not update [RFC5036] procedures, but illustrates LDP DoD operations in the context of use cases identified in Section 3 in this document, for information only.
所有LDP下游按需实现均遵循[RFC5036]中规定的标签分发协议。本节不更新[RFC5036]程序,但说明了LDP国防部在本文件第3节确定的用例中的操作,仅供参考。
In the MPLS architecture [RFC3031], network traffic flows from the upstream LSR to the downstream LSR. The use cases in this document rely on the downstream assignment of labels, where labels are assigned by the downstream LSR and signaled to the upstream LSR as shown in Figure 7.
在MPLS体系结构[RFC3031]中,网络流量从上游LSR流向下游LSR。本文档中的用例依赖于标签的下游分配,其中标签由下游LSR分配,并向上游LSR发送信号,如图7所示。
+----------+ +------------+ | upstream | | downstream | ------+ LSR +------+ LSR +---- traffic | | | | address source +----------+ +------------+ (/32 for IPv4) traffic label distribution for IPv4 FEC destination <-------------------------
+----------+ +------------+ | upstream | | downstream | ------+ LSR +------+ LSR +---- traffic | | | | address source +----------+ +------------+ (/32 for IPv4) traffic label distribution for IPv4 FEC destination <-------------------------
traffic flow ------------------------->
traffic flow ------------------------->
Figure 7: LDP Label Assignment Direction
图7:LDP标签分配方向
The LDP specification [RFC5036] defines two modes for label distribution control, following the definitions in the MPLS architecture [RFC3031]:
LDP规范[RFC5036]按照MPLS体系结构[RFC3031]中的定义,定义了标签分发控制的两种模式:
o Independent mode: An LSR recognizes a particular FEC and makes a decision to bind a label to the FEC independently from distributing that label binding to its label distribution peers. A new FEC is recognized whenever a new route becomes valid on the LSR.
o 独立模式:LSR识别特定FEC,并决定将标签绑定到FEC,独立于将标签绑定分发到其标签分发对等方。每当新路由在LSR上变为有效时,就会识别新的FEC。
o Ordered mode: An LSR needs to bind a label to a particular FEC if it knows how to forward packets for that FEC (i.e., it has a route corresponding to that FEC) and if it has already received at least one Label Request message from an upstream LSR.
o 有序模式:LSR需要将标签绑定到特定FEC,前提是它知道如何转发该FEC的数据包(即,它有一条与该FEC对应的路由),并且它已经从上游LSR接收到至少一条标签请求消息。
Using independent label distribution control with LDP DoD and access static routing would prevent the access LSRs from propagating label binding failure along the access topology, making it impossible for an upstream LSR to be notified about the downstream failure and for an application using the LSP to switch over to an alternate path, even if such a path exists.
通过LDP DoD和访问静态路由使用独立的标签分发控制将防止访问LSR沿着访问拓扑传播标签绑定故障,从而使上游LSR无法收到下游故障的通知,并且使用LSP的应用程序无法切换到备用路径,即使存在这样的路径。
The LDP specification [RFC5036] defines two modes for label retention, following the definitions in the MPLS architecture [RFC3031]:
LDP规范[RFC5036]按照MPLS体系结构[RFC3031]中的定义,定义了两种标签保留模式:
o Conservative label retention mode: If operating in DoD mode, an LSR will request label mappings only from the next-hop LSR according to routing. The main advantage of the conservative label retention mode is that only the labels that are required for the forwarding of data are allocated and maintained. This is particularly important in LSRs where the label space is inherently
o 保守标签保留模式:如果在DoD模式下运行,LSR将根据路由仅从下一跳LSR请求标签映射。保守标签保留模式的主要优点是,仅分配和维护数据转发所需的标签。这一点在标签空间固有的LSR中尤为重要
limited, such as in an ATM switch. A disadvantage of the conservative label retention mode is that if routing changes the next hop for a given destination, a new label must be obtained from the new next hop before labeled packets can be forwarded.
有限的,如在ATM交换机中。保守标签保留模式的缺点是,如果路由更改给定目的地的下一跳,则必须从新的下一跳获取新标签,然后才能转发标记的数据包。
o Liberal label retention mode: When operating in DoD mode with liberal label retention mode, an LSR might choose to request label mappings for all known prefixes from all peer LSRs. The main advantage of the liberal label retention mode is that reaction to routing changes can be quick because labels already exist. The main disadvantage of the liberal label retention mode is that unneeded label mappings are distributed and maintained.
o 自由标签保留模式:在DoD模式和自由标签保留模式下运行时,LSR可能会选择从所有对等LSR请求所有已知前缀的标签映射。自由标签保留模式的主要优点是,对路由更改的反应可以很快,因为标签已经存在。自由标签保留模式的主要缺点是分发和维护不需要的标签映射。
Note that the conservative label retention mode would prevent LSRs from requesting and maintaining label mappings for any backup routes that are not used for forwarding. In turn, this would prevent the access LSRs (AN and AGN1x nodes) from implementing any local protection schemes that rely on using alternate next hops in case of the primary next-hop failure. Such schemes include IPFRR LFA if access IGP is used, or a primary and backup static route configuration. Using LDP DoD in combination with liberal label retention mode allows the LSR to request labels for the specific FEC from primary next-hop LSR(s) and the alternate next-hop LSR(s) for this FEC.
请注意,保守的标签保留模式将阻止LSR为任何不用于转发的备份路由请求和维护标签映射。反过来,这将阻止访问LSR(AN和AGN1x节点)实施任何本地保护方案,这些方案在主下一跳失败时依赖于使用备用下一跳。此类方案包括IPFRR LFA(如果使用访问IGP),或主和备份静态路由配置。将LDP DoD与自由标签保留模式结合使用,允许LSR从该FEC的主下一跳LSR和备用下一跳LSR请求特定FEC的标签。
Note that even though LDP DoD operates in a liberal label retention mode, if used with access IGP and if no LFA exists, the LDP DoD will introduce additional delay in traffic restoration as the labels for the new next hop will be requested only after the access IGP convergence.
请注意,即使LDP DoD在自由标签保留模式下运行,如果与接入IGP一起使用,并且如果不存在LFA,LDP DoD将在流量恢复中引入额外延迟,因为只有在接入IGP聚合后才会请求新下一跳的标签。
Adhering to the overall design goals of Seamless MPLS [SEAMLESS-MPLS], specifically achieving a large network scale without compromising fast service restoration, all access LSRs (AN and AGN1x nodes) use LDP DoD advertisement mode with:
遵循无缝MPLS[无缝MPLS]的总体设计目标,特别是在不影响快速服务恢复的情况下实现大规模网络,所有接入LSR(AN和AGN1x节点)使用LDP DoD广告模式,包括:
o Ordered label distribution control: enables propagation of label binding failure within the access topology.
o 有序标签分发控制:允许在访问拓扑中传播标签绑定故障。
o Liberal label retention mode: enables pre-programming of alternate next hops with associated FEC labels.
o 自由标签保留模式:允许使用相关FEC标签对备用下一跳进行预编程。
In Seamless MPLS [SEAMLESS-MPLS], an AGN1x acts as an access ABR connecting access and metro domains. To enable failure propagation between those domains, the access ABR implements ordered label distribution control when redistributing routes/FECs between the
在无缝MPLS[Seamless-MPLS]中,AGN1x充当连接接入域和城域的接入ABR。为了实现这些域之间的故障传播,当在这些域之间重新分配路由/fec时,访问ABR实现有序标签分配控制
access side (using LDP DoD and static or access IGP) and the network side (using labeled BGP [RFC3107] or core IGP with LDP Downstream Unsolicited label advertisements).
接入侧(使用LDP DoD和静态或接入IGP)和网络侧(使用标签BGP[RFC3107]或核心IGP和LDP下游未经请求的标签广告)。
An access LSR/ABR proposes the DoD label advertisement by setting the "A" value to 1 in the Common Session Parameters TLV of the Initialization message. The rules for negotiating the label advertisement mode are specified in the LDP specification [RFC5036].
接入LSR/ABR通过在初始化消息的公共会话参数TLV中将“A”值设置为1来提出国防部标签公告。LDP规范[RFC5036]中规定了协商标签广告模式的规则。
To establish a DoD session between the two access LSR/ABRs, both propose the DoD label advertisement mode in the Initialization message. If the access LSR only supports LDP DoD and the access ABR proposes the Downstream Unsolicited mode, the access LSR sends a Notification message with status "Session Rejected/Parameters Advertisement Mode" and then closes the LDP session as specified in the LDP specification [RFC5036].
为了在两个访问LSR/ABR之间建立国防部会话,双方都在初始化消息中提出国防部标签广告模式。如果接入LSR仅支持LDP DoD,且接入ABR提出下游非请求模式,则接入LSR发送状态为“会话拒绝/参数公告模式”的通知消息,然后按照LDP规范[RFC5036]的规定关闭LDP会话。
If an access LSR is acting in an active role, it re-attempts the LDP session immediately. If the access LSR receives the same Downstream Unsolicited mode again, it follows the exponential backoff algorithm as defined in the LDP specification [RFC5036] with a delay of 15 seconds and subsequent delays growing to a maximum delay of 2 minutes.
如果访问LSR以活动角色运行,它将立即重新尝试LDP会话。如果接入LSR再次接收到相同的下游非请求模式,则它遵循LDP规范[RFC5036]中定义的指数退避算法,延迟为15秒,随后的延迟增加到最大延迟2分钟。
In case a PWE3 service is required between the adjacent access LSR/ABR, and LDP DoD has been negotiated for IPv4 and IPv6 FECs, the same LDP session is used for PWE3 FECs. Even if the LDP DoD label advertisement has been negotiated for IPv4 and IPv6 LDP FECs as described earlier, the LDP session uses a Downstream Unsolicited label advertisement for PWE3 FECs as specified in PWE3 LDP [RFC4447].
如果相邻接入LSR/ABR之间需要PWE3服务,并且已针对IPv4和IPv6 FEC协商LDP DoD,则相同的LDP会话将用于PWE3 FEC。即使如前所述,已针对IPv4和IPv6 LDP FEC协商LDP DoD标签广告,LDP会话也会按照PWE3 LDP[RFC4447]中的规定,针对PWE3 FEC使用下游未经请求的标签广告。
The upstream access LSR/ABR will request label bindings from an adjacent downstream access LSR/ABR based on the following trigger events:
上游接入LSR/ABR将基于以下触发事件从相邻的下游接入LSR/ABR请求标签绑定:
a. An access LSR/ABR is configured with /32 static route with LDP DoD Label Request policy in line with the initial network setup use case described in Section 3.1.
a. 接入LSR/ABR配置有LDP DoD标签请求策略的/32静态路由,符合第3.1节中描述的初始网络设置用例。
b. An access LSR/ABR is configured with a service in line with service use cases described in Sections 3.2 and 3.3.
b. 接入LSR/ABR配置有符合第3.2节和第3.3节所述服务用例的服务。
c. Configuration with access static routes: An access LSR/ABR link to an adjacent node comes up, and an LDP DoD session is established. In this case, the access LSR sends Label Request messages for all /32 static routes configured with an LDP DoD policy and all /32 routes related to provisioned services that are covered by the default route.
c. 具有访问静态路由的配置:连接到相邻节点的访问LSR/ABR链路启动,并建立LDP DoD会话。在这种情况下,访问LSR为配置有LDP DoD策略的所有/32静态路由以及与默认路由覆盖的已配置服务相关的所有/32路由发送标签请求消息。
d. Configuration with access IGP: An access LSR/ABR link to an adjacent node comes up, and an LDP DoD session is established. In this case, the access LSR sends Label Request messages for all /32 routes learned over the access IGP and all /32 routes related to provisioned services that are covered by access IGP routes.
d. 接入IGP配置:接入相邻节点的LSR/ABR链路接通,LDP DoD会话建立。在这种情况下,接入LSR发送通过接入IGP学习的所有/32路由的标签请求消息,以及与接入IGP路由所覆盖的供应服务相关的所有/32路由的标签请求消息。
e. In all above cases, requests are sent to any next-hop LSRs and alternate LSRs.
e. 在上述所有情况下,请求被发送到任何下一跳LSR和备用LSR。
The downstream access LSR/ABR will respond with a Label Mapping message with a non-null label if any of the below conditions are met:
如果满足以下任一条件,则下游接入LSR/ABR将使用非空标签的标签映射消息进行响应:
a. Downstream access LSR/ABR: The requested FEC is an IGP or static route, and there is an LDP label already learned from the next-next-hop downstream LSR (by LDP DoD or LDP DU). If there is no label for the requested FEC and there is an LDP DoD session to the next-next-hop downstream LSR, the downstream LSR sends a Label Request message for the same FEC to the next-next-hop downstream LSR. In such a case, the downstream LSR will respond back to the requesting upstream access LSR only after getting a label from the next-next-hop downstream LSR peer.
a. 下游接入LSR/ABR:请求的FEC是IGP或静态路由,并且已经从下一跳下游LSR(LDP DoD或LDP DU)学习到LDP标签。如果请求的FEC没有标签,并且存在到下一跳下游LSR的LDP DoD会话,则下游LSR向下一跳下游LSR发送相同FEC的标签请求消息。在这种情况下,下游LSR仅在从下一跳下游LSR对等方获得标签之后才响应请求的上游接入LSR。
b. Downstream access ABR only: The requested FEC is a BGP labeled IP routes [RFC3107], and this BGP route is the best selected for this FEC.
b. 仅下游接入ABR:请求的FEC是标记为IP路由[RFC3107]的BGP,该BGP路由是该FEC的最佳选择。
The downstream access LSR/ABR can respond with a label mapping with an explicit-null or implicit-null label if it is acting as an egress for the requested FEC, or it can respond with a "No Route" notification if no route exists.
如果下游接入LSR/ABR用作所请求FEC的出口,则其可以使用带有显式null或隐式null标签的标签映射来响应,或者如果不存在路由,则其可以使用“无路由”通知来响应。
Following the LDP specification [RFC5036], if an access LSR/ABR receives a "No Route" notification in response to its Label Request message, it retries using an exponential backoff algorithm similar to the backoff algorithm mentioned in the LDP session negotiation described in Section 4.2.
按照LDP规范[RFC5036],如果接入LSR/ABR收到“无路由”通知以响应其标签请求消息,则其使用指数退避算法重试,该退避算法类似于第4.2节中描述的LDP会话协商中提到的退避算法。
If there is no response to the Label Request message sent, the LDP specification [RFC5036] (Section A.1.1) states that the LSR does not send another request for the same label to the peer and mandates that a duplicate Label Request be considered a protocol error and be dropped by the receiving LSR by sending a Notification message.
如果发送的标签请求消息没有响应,LDP规范[RFC5036](第A.1.1节)规定LSR不会向对等方发送另一个相同标签的请求,并要求将重复标签请求视为协议错误,并通过发送通知消息由接收LSR丢弃。
Thus, if there is no response from the downstream peer, the access LSR/ABR does not send a duplicate Label Request message.
因此,如果没有来自下游对等方的响应,则接入LSR/ABR不发送重复标签请求消息。
If the static route corresponding to the FEC gets deleted or if the DoD request policy is modified to reject the FEC before receiving the Label Mapping message, then the access LSR/ABR sends a Label Abort message to the downstream LSR.
如果与FEC对应的静态路由被删除,或者如果DoD请求策略被修改为在接收标签映射消息之前拒绝FEC,则接入LSR/ABR向下游LSR发送标签中止消息。
To address the case of slower convergence resulting from described LDP behavior in line with the LDP specification [RFC5036], a new LDP TLV extension is proposed and described in Section 5.
为了解决根据LDP规范[RFC5036]描述的LDP行为导致收敛较慢的情况,提出了一种新的LDP TLV扩展,并在第5节中进行了描述。
If an MPLS label on the downstream access LSR/ABR is no longer valid, the downstream access LSR/ABR withdraws this FEC/label binding from the upstream access LSR/ABR with the Label Withdraw message [RFC5036] with a specified label TLV or with an empty label TLV.
如果下游接入LSR/ABR上的MPLS标签不再有效,则下游接入LSR/ABR使用带有指定标签TLV或空标签TLV的标签撤销消息[RFC5036]从上游接入LSR/ABR撤销该FEC/标签绑定。
The downstream access LSR/ABR withdraws a label for a specific FEC in the following cases:
在以下情况下,下游接入LSR/ABR撤销特定FEC的标签:
a. If an LDP DoD ingress label is associated with an outgoing label assigned by a labeled BGP route and this route is withdrawn.
a. 如果LDP DoD入口标签与标记的BGP路由分配的出站标签相关联,并且该路由被撤回。
b. If an LDP DoD ingress label is associated with an outgoing label assigned by LDP (DoD or DU), and the IGP route is withdrawn from the RIB or the downstream LDP session is lost.
b. 如果LDP DoD入口标签与LDP(DoD或DU)分配的出站标签相关联,且IGP路由从RIB中退出或下游LDP会话丢失。
c. If an LDP DoD ingress label is associated with an outgoing label assigned by LDP (DoD or DU) and the outgoing label is withdrawn by the downstream LSR.
c. 如果LDP DoD入口标签与LDP(DoD或DU)分配的输出标签相关联,且输出标签由下游LSR撤回。
d. If an LDP DoD ingress label is associated with an outgoing label assigned by LDP (DoD or DU), the next hop in the route has changed, and
d. 如果LDP DoD入口标签与LDP(DoD或DU)分配的出站标签相关联,则路由中的下一跳发生了变化,并且
* there is no LDP session to the new next hop. To minimize the probability of this, the access LSR/ABR implements LDP-IGP synchronization procedures as specified in [RFC5443].
* 新的下一跳没有LDP会话。为了最小化这种可能性,接入LSR/ABR实现[RFC5443]中规定的LDP-IGP同步程序。
* there is an LDP session but no label from a downstream LSR. See note below.
* 存在LDP会话,但没有来自下游LSR的标签。见下文注释。
e. If an access LSR/ABR is configured with a policy to reject exporting label mappings to an upstream LSR.
e. 如果访问LSR/ABR配置了拒绝将标签映射导出到上游LSR的策略。
The upstream access LSR/ABR responds to the Label Withdraw message with the Label Release message [RFC5036].
上游接入LSR/ABR使用标签释放消息[RFC5036]响应标签撤回消息。
After sending the Label Release message to the downstream access LSR/ABR, the upstream access LSR/ABR resends the Label Request message, assuming the upstream access LSR/ABR still requires the label.
在向下游接入LSR/ABR发送标签释放消息之后,上游接入LSR/ABR重新发送标签请求消息,假设上游接入LSR/ABR仍然需要标签。
The downstream access LSR/ABR withdraws a label if the local route configuration (e.g., /32 loopback) is deleted.
如果删除本地路由配置(例如/32环回),则下游接入LSR/ABR撤回标签。
Note: For any events inducing next-hop change, a downstream access LSR/ABR attempts to converge the LSP locally before withdrawing the label from an upstream access LSR/ABR. For example, if the next hop changes for a particular FEC and if the new next hop allocates labels by the LDP DoD session, then the downstream access LSR/ABR sends a Label Request on the new next-hop session. If the downstream access LSR/ABR doesn't get a label mapping for some duration, then and only then does the downstream access LSR/ABR withdraw the upstream label.
注意:对于引起下一跳改变的任何事件,下游接入LSR/ABR在从上游接入LSR/ABR撤回标签之前尝试在本地会聚LSP。例如,如果特定FEC的下一跳改变,并且如果新的下一跳通过LDP-DoD会话分配标签,则下游接入LSR/ABR在新的下一跳会话上发送标签请求。如果下游接入LSR/ABR在一段时间内没有得到标签映射,则下游接入LSR/ABR只有在这段时间内才会撤回上游标签。
If an access LSR/ABR no longer needs a label for a FEC, it sends a Label Release message [RFC5036] to the downstream access LSR/ABR with or without the label TLV.
如果接入LSR/ABR不再需要FEC的标签,则它向下游接入LSR/ABR发送标签释放消息[RFC5036],该消息带有或不带有标签TLV。
If an upstream access LSR/ABR receives an unsolicited label mapping on a DoD session, it releases the label by sending a Label Release message.
如果上游接入LSR/ABR在DoD会话上接收到未经请求的标签映射,它将通过发送标签释放消息来释放标签。
The access LSR/ABR sends a Label Release message to the downstream LSR in the following cases:
在以下情况下,接入LSR/ABR向下游LSR发送标签释放消息:
a. If it receives a Label Withdraw from the downstream access LSR/ABR.
a. 如果收到标签,则从下游接入LSR/ABR撤回。
b. If the /32 static route with LDP DoD Label Request policy is deleted.
b. 如果删除具有LDP DoD标签请求策略的/32静态路由。
c. If the service gets decommissioned and there is no corresponding /32 static route with LDP DoD Label Request policy configured.
c. 如果服务退役,并且没有配置LDP DoD标签请求策略的相应/32静态路由。
d. If the next hop in the route has changed and the label does not point to the best or alternate next hop.
d. 如果路由中的下一个跃点已更改,且标签未指向最佳或备用下一个跃点。
e. If it receives a Label Withdraw from a downstream DoD session.
e. 如果收到标签,则从下游国防部会话中退出。
To support local-repair with ECMP and IPFRR LFA, the access LSR/ABR requests labels on both the best next-hop and the alternate next-hop LDP DoD sessions, as specified in the Label Request procedures in Section 4.3. If remote LFA is enabled, the access LSR/ABR needs a label from its alternate next hop toward the PQ node and needs a label from the remote PQ node toward its FEC/destination [RLFA]. If the access LSR/ABR doesn't already know those labels, it requests them.
为了支持ECMP和IPFRR LFA的本地修复,访问LSR/ABR请求最佳下一跳和备用下一跳LDP DoD会话上的标签,如第4.3节中的标签请求程序所述。如果启用了远程LFA,则接入LSR/ABR需要从其备用下一跳到PQ节点的标签,并且需要从远程PQ节点到其FEC/目的地[RLFA]的标签。如果访问LSR/ABR还不知道这些标签,它会请求它们。
This will enable the access LSR/ABR to pre-program the alternate forwarding path with the alternate label(s) and invoke the IPFRR LFA switchover procedure if the primary next-hop link fails.
这将使接入LSR/ABR能够使用备用标签对备用转发路径进行预编程,并在主下一跳链路失败时调用IPFRR LFA切换过程。
In some conditions, the exponential backoff algorithm usage described in Section 4.3.2 can result in a wait time that is longer than desired to get a successful LDP label-to-route mapping. An example is when a specific route is unavailable on the downstream LSR when the label mapping request from the upstream is received, but later comes back. In such a case, using the exponential backoff algorithm can result in a max delay wait time before the upstream LSR sends another LDP Label Request.
在某些情况下,第4.3.2节中描述的指数退避算法的使用可能会导致等待时间比成功获得LDP标签到路由映射所需的时间更长。例如,当接收到来自上游的标签映射请求时,下游LSR上的特定路由不可用,但随后返回。在这种情况下,使用指数退避算法可导致在上游LSR发送另一个LDP标签请求之前的最大延迟等待时间。
This section describes an extension to the LDP DoD procedure to address fast-up convergence, and as such is to be treated as a normative reference. The downstream and upstream LSRs SHOULD implement this extension if fast-up convergence is desired.
本节描述了LDP DoD程序的扩展,以解决快速收敛问题,因此将被视为规范性参考。如果需要快速收敛,则下游和上游LSR应实现此扩展。
The extension consists of the upstream LSR indicating to the downstream LSR that the Label Request SHOULD be queued on the downstream LSR until the requested route is available.
扩展由上游LSR组成,向下游LSR指示标签请求应在下游LSR上排队,直到请求的路由可用。
To implement this behavior, a new Optional Parameter is defined for use in the Label Request message:
为了实现此行为,定义了一个新的可选参数,用于标签请求消息:
Optional Parameter Length Value Queue Request TLV 0 see below
可选参数长度值队列请求TLV 0见下文
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1|0| Queue Request (0x0971) | Length (0x00) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1|0| Queue Request (0x0971) | Length (0x00) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
U-bit = 1 Unknown TLV bit. Upon receipt of an unknown TLV, due to the U-bit being set (=1), the unknown TLV MUST be silently ignored and the rest of the message processed as if the unknown TLV did not exist. In case the requested route is not available, the downstream LSR MUST ignore this unknown TLV and send a "No Route" notification back. This ensures backward compatibility.
U位=1个未知TLV位。在接收到未知TLV时,由于设置了U位(=1),必须默默地忽略未知TLV,并且处理消息的其余部分,就好像未知TLV不存在一样。如果请求的路由不可用,则下游LSR必须忽略此未知TLV并发送“无路由”通知。这确保了向后兼容性。
F-bit = 0 Forward unknown TLV bit. This bit applies only when the U-bit is set and the LDP message containing the unknown TLV is to be forwarded. Due to the F-bit being clear (=0), the unknown TLV is not forwarded with the message.
F位=0前向未知TLV位。此位仅在设置了U位且包含未知TLV的LDP消息要转发时适用。由于F位为清除(=0),未知TLV不会随消息一起转发。
Type = 0x0971 Queue Request TLV (allocated by IANA).
类型=0x0971队列请求TLV(由IANA分配)。
Length = 0x00 Specifies the length of the Value field in octets.
Length=0x00指定值字段的长度(以八位字节为单位)。
The specified operation is as follows.
指定的操作如下所示。
To benefit from the fast-up convergence improvement, the upstream LSR sends a Label Request message with a Queue Request TLV.
为了从快速收敛改进中获益,上游LSR发送带有队列请求TLV的标签请求消息。
If the downstream LSR supports the Queue Request TLV, it verifies if a route is available; if so, it replies with a label mapping as per existing LDP procedures. If the route is not available, the downstream LSR queues the request and replies as soon as the route becomes available. In the meantime, it does not send a "No Route" notification back. When sending a Label Request with the Queue Request TLV, the upstream LSR does not retry the Label Request message if it does not receive a reply from its downstream peer.
如果下游LSR支持队列请求TLV,则验证路由是否可用;如果是这样,它将按照现有LDP程序使用标签映射进行回复。如果路由不可用,则下游LSR将请求排队,并在路由可用时立即答复。同时,它不会发回“无路由”通知。当使用队列请求TLV发送标签请求时,如果上游LSR没有收到来自其下游对等方的回复,则不会重试标签请求消息。
If the upstream LSR wants to abort an outstanding Label Request while the Label Request is queued in the downstream LSR, the upstream LSR sends a Label Abort Request message, making the downstream LSR remove the original request from the queue and send back a Label Request Aborted notification [RFC5036].
当标签请求在下游LSR中排队时,如果上游LSR希望中止未完成的标签请求,则上游LSR发送标签中止请求消息,使下游LSR从队列中删除原始请求并发回标签请求中止通知[RFC5036]。
If the downstream LSR does not support the Queue Request TLV, and the requested route is not available, it ignores this unknown TLV and sends a "No Route" notification back, in line with [RFC5036]. In this case, the upstream LSR invokes the exponential backoff algorithm described in Section 4.3.2, following the LDP specification [RFC5036].
如果下游LSR不支持队列请求TLV,且请求的路由不可用,它将忽略此未知TLV,并根据[RFC5036]发回“无路由”通知。在这种情况下,上游LSR根据LDP规范[RFC5036]调用第4.3.2节中描述的指数退避算法。
This procedure ensures backward compatibility.
此过程确保向后兼容性。
This document uses a new Optional Parameter, Queue Request TLV, in the Label Request message defined in Section 5. IANA already maintains a registry of LDP parameters called the "TLV Type Name Space" registry, as defined by RFC 5036. The following assignment has been made:
本文档在第5节中定义的标签请求消息中使用了一个新的可选参数Queue Request TLV。IANA已经维护了一个LDP参数注册表,称为RFC 5036定义的“TLV类型名称空间”注册表。已完成以下任务:
TLV type Description 0x0971 Queue Request TLV
TLV类型说明0x0971队列请求TLV
MPLS LDP DoD deployment in the access network is subject to the same security threats as any MPLS LDP deployment. It is recommended that baseline security measures be considered, as described in "Security Framework for MPLS and GMPLS Networks" [RFC5920] and the LDP specification [RFC5036] including ensuring authenticity and integrity of LDP messages, as well as protection against spoofing and denial-of-service attacks.
接入网络中的MPLS LDP DoD部署受到与任何MPLS LDP部署相同的安全威胁。建议考虑基线安全措施,如“MPLS和GMPLS网络安全框架”[RFC5920]和LDP规范[RFC5036]所述,包括确保LDP消息的真实性和完整性,以及防止欺骗和拒绝服务攻击。
Some deployments require increased measures of network security if a subset of access nodes are placed in locations with lower levels of physical security, e.g., street cabinets (common practice for Very high bit-rate Digital Subscriber Line (VDSL) access). In such cases, it is the responsibility of the system designer to take into account the physical security measures (environmental design, mechanical or electronic access control, intrusion detection) as well as monitoring and auditing measures (configuration and Operating System changes, reloads, route advertisements).
如果将接入节点的子集放置在物理安全级别较低的位置,例如街道机柜(非常高比特率数字用户线(VDSL)接入的常见做法),则某些部署需要增加网络安全措施。在这种情况下,系统设计师有责任考虑物理安全措施(环境设计、机械或电子访问控制、入侵检测)以及监控和审核措施(配置和操作系统更改、重新加载、路由公告)。
But even with all this in mind, the designer still needs to consider network security risks and adequate measures arising from the lower level of physical security of those locations.
但是,即使考虑到这一切,设计者仍然需要考虑网络安全风险和适当的措施所产生的较低水平的物理安全性的那些位置。
MPLS LDP DoD operation is request driven, and unsolicited label mappings are not accepted by upstream LSRs by design. This inherently limits the potential of an unauthorized third party injecting unsolicited label mappings on the wire.
MPLS LDP DoD操作是请求驱动的,上游LSR设计不接受未经请求的标签映射。这本质上限制了未经授权的第三方在线路上注入未经请求的标签映射的可能性。
This native security property enables an ABR LSR to act as a gateway to the MPLS network and to control the requests coming from any access LSR and prevent cases when the access LSR attempts to get access to an unauthorized FEC or remote LSR after being compromised.
此本机安全属性使ABR LSR能够充当MPLS网络的网关,控制来自任何访问LSR的请求,并防止访问LSR在被破坏后试图访问未经授权的FEC或远程LSR的情况。
In the event that an access LSR gets compromised and manages to advertise a FEC belonging to another LSR (e.g., in order to 'steal' third-party data flows, or breach the privacy of a VPN), such an access LSR would also have to influence the routing decision for affected FECs on the ABR LSR to attract the flows. The following measures need to be considered on an ABR LSR to prevent such an event from occurring:
在接入LSR受到损害并设法公布属于另一LSR的FEC的情况下(例如,为了“窃取”第三方数据流,或破坏VPN的隐私),这样的接入LSR还必须影响ABR LSR上受影响FEC的路由决策以吸引流。在ABR LSR上需要考虑以下措施,以防止此类事件发生:
a. Access with static routes: An access LSR cannot influence ABR LSR routing decisions due to the static nature of routing configuration, a native property of the design.
a. 静态路由访问:由于路由配置的静态性质(设计的本机属性),访问LSR不能影响ABR LSR路由决策。
b. Access with IGP - access FEC "stealing": If the compromised access LSR is a leaf in the access topology (leaf node in topologies I1, I, V, Y described earlier), this will not have any adverse effect, due to the leaf IGP metrics being configured on the ABR LSR. If the compromised access LSR is a transit LSR in the access topology (transit node in topologies I, Y, U), it is only possible for this access LSR to attract traffic destined to the nodes upstream from it. Such a 'man-in-the-middle attack' can quickly be detected by upstream access LSRs not receiving traffic and by the LDP TCP session being lost.
b. 使用IGP访问-访问FEC“窃取”:如果受损的访问LSR是访问拓扑中的一个叶(前面描述的拓扑I1、I、V、Y中的叶节点),这不会产生任何不利影响,因为在ABR LSR上配置了叶IGP度量。如果受损接入LSR是接入拓扑中的传输LSR(拓扑I、Y、U中的传输节点),则该接入LSR仅可能吸引目的地为其上游节点的流量。这种“中间人攻击”可以通过上游接入LSR(未接收流量)和LDP TCP会话丢失快速检测到。
c. Access with IGP - network FEC "stealing": The compromised access LSR can use IGP to advertise a "stolen" FEC prefix belonging to the network side. This case can be prevented by giving a better administrative preference to the BGP labeled IP routes versus access IGP routes.
c. 使用IGP访问-网络FEC“窃取”:受损访问LSR可以使用IGP公布属于网络侧的“窃取”FEC前缀。通过对BGP标记的IP路由与访问IGP路由给予更好的管理优先权,可以防止这种情况。
In summary, the native properties of MPLS in access design with LDP DoD prevent a number of security attacks and make their detection quick and straightforward.
总之,在LDP DoD的接入设计中,MPLS的本机特性可防止大量安全攻击,并使其检测快速直观。
The following two sections describe other security considerations applicable to general MPLS deployments in the access network.
以下两部分描述了适用于接入网络中的一般MPLS部署的其他安全注意事项。
Data-plane security risks applicable to the access MPLS network include:
适用于接入MPLS网络的数据平面安全风险包括:
a. Labeled packets from a specific access LSR that are sent to an unauthorized destination.
a. 从特定访问LSR发送到未经授权目的地的标记数据包。
b. Unlabeled packets that are sent by an access LSR to remote network nodes.
b. 由访问LSR发送到远程网络节点的未标记数据包。
The following mechanisms apply to MPLS access design with LDP DoD that address listed data-plane security risks:
以下机制适用于LDP DoD的MPLS访问设计,以解决列出的数据平面安全风险:
1. addressing (a): Access and ABR LSRs do not accept labeled packets over a particular data link, unless from the access or ABR LSR perspective this data link is known to attach to a trusted system based on control-plane security as described in Section 7.3 and the top label has been distributed to the upstream neighbor by the receiving access or ABR LSR.
1. 寻址(a):访问和ABR LSR不接受特定数据链路上的标记数据包,除非从接入或ABR LSR的角度来看,已知该数据链路连接到基于第7.3节所述控制平面安全的受信任系统,并且接收接入或ABR LSR已将顶部标签分发给上游邻居。
2. addressing (a) - The ABR LSR restricts network reachability for access devices to a subset of remote network LSRs, based on control-plane security as described in Section 7.3, FEC filters, and routing policy.
2. 寻址(a)-ABR LSR基于第7.3节“FEC过滤器”和路由策略中所述的控制平面安全性,将接入设备的网络可达性限制在远程网络LSR的子集。
3. addressing (a): Control-plane authentication as described in Section 7.3 is used.
3. 寻址(a):使用第7.3节所述的控制平面认证。
4. addressing (b): The ABR LSR restricts IP network reachability to and from the access LSR.
4. 寻址(b):ABR LSR限制访问LSR的IP网络可达性。
Similar to Inter-AS MPLS/VPN deployments [RFC4364], control-plane security is a prerequisite for data-plane security.
与内部AS MPLS/VPN部署[RFC4364]类似,控制平面安全性是数据平面安全性的先决条件。
To ensure control-plane security access, LDP DoD sessions are established only with LDP peers that are considered trusted from the local LSR perspective, meaning they are reachable over a data link that is known to attach to a trusted system based on employed authentication mechanism(s) on the local LSR.
为确保控制面安全访问,LDP DoD会话仅与从本地LSR角度来看被视为可信的LDP对等方建立,这意味着它们可以通过已知连接到基于本地LSR上所采用的身份验证机制的可信系统的数据链路访问。
The security of LDP sessions is analyzed in the LDP specification [RFC5036] and in [RFC6952] ("Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide"). Both documents state that LDP is subject to two different types of attacks: spoofing and denial-of-service attacks.
LDP规范[RFC5036]和[RFC6952]对LDP会话的安全性进行了分析(“根据路由协议键控和认证(KARP)设计指南对BGP、LDP、PCEP和MSDP问题进行分析”)。两份文件都指出LDP受到两种不同类型的攻击:欺骗和拒绝服务攻击。
The threat of spoofed LDP Hello messages can be reduced by following guidelines listed in the LDP specification [RFC5036]: accepting Basic Hellos only on interfaces connected to trusted LSRs, ignoring Basic Hellos that are not addressed to all routers in this subnet multicast group, and using access lists. LDP Hello messages can also be secured using an optional Cryptographic Authentication TLV as specified in "LDP Hello Cryptographic Authentication" [CRYPTO-AUTH] that further reduces the threat of spoofing during the LDP discovery phase.
通过遵循LDP规范[RFC5036]中列出的指导原则,可以降低伪造LDP Hello消息的威胁:仅在连接到受信任LSR的接口上接受基本Hello,忽略未寻址到此子网多播组中所有路由器的基本Hello,并使用访问列表。还可以使用“LDP Hello Cryptographic Authentication”[CRYPTO-AUTH]中指定的可选加密身份验证TLV保护LDP Hello消息,该TLV可进一步降低LDP发现阶段的欺骗威胁。
Spoofing during the LDP session communication phase can be prevented by using the TCP Authentication Option (TCP-AO) [RFC5925], which uses a stronger hashing algorithm, e.g., SHA1 as compared to the traditionally used MD5 authentication. TCP-AO is recommended as being more secure as compared to the TCP/IP MD5 authentication option [RFC5925].
可通过使用TCP认证选项(TCP-AO)[RFC5925]防止LDP会话通信阶段期间的欺骗,该选项使用比传统使用的MD5认证更强的散列算法,例如SHA1。与TCP/IP MD5身份验证选项[RFC5925]相比,建议TCP-AO更安全。
The threat of a denial-of-service attack targeting a well-known UDP port for LDP discovery or a TCP port for LDP session establishment can be reduced by following the guidelines listed in [RFC5036] and in [RFC6952].
通过遵循[RFC5036]和[RFC6952]中列出的准则,可以降低针对LDP发现的知名UDP端口或LDP会话建立的TCP端口的拒绝服务攻击的威胁。
Access IGP (if used) and any routing protocols used in the access network for signaling service routes also need to be secured following best practices in routing protocol security. Refer to the KARP IS-IS security analysis document [KARP-ISIS] and to [RFC6863] ("Analysis of OSPF Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guide") for further analysis of security properties of IS-IS and OSPF IGP routing protocols.
接入IGP(如果使用)和接入网络中用于信令服务路由的任何路由协议也需要按照路由协议安全中的最佳实践进行安全保护。有关IS-IS和OSPF IGP路由协议安全特性的进一步分析,请参阅KARP IS-IS安全分析文件[KARP-ISIS]和[RFC6863](《路由协议密钥和认证(KARP)设计指南》中的OSPF安全分析)。
The authors would like to thank Nischal Sheth, Nitin Bahadur, Nicolai Leymann, George Swallow, Geraldine Calvignac, Ina Minei, Eric Gray, and Lizhong Jin for their suggestions and review. Additional thanks go to Adrian Farrel for thorough pre-publication review, and to Stephen Kent for review and guidance specifically for the security section.
作者要感谢Nischal Sheth、Nitin Bahadur、Nicolai Leymann、George Swallow、Geraldine Calvignac、Ina Minei、Eric Gray和Lizhong Jin的建议和评论。另外还要感谢阿德里安·法雷尔(Adrian Farrel)进行了全面的出版前审查,并感谢斯蒂芬·肯特(Stephen Kent)专门为安全部分提供审查和指导。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, January 2001.
[RFC3031]Rosen,E.,Viswanathan,A.,和R.Callon,“多协议标签交换体系结构”,RFC 30312001年1月。
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006.
[RFC4364]Rosen,E.和Y.Rekhter,“BGP/MPLS IP虚拟专用网络(VPN)”,RFC 4364,2006年2月。
[RFC4447] Martini, L., Rosen, E., El-Aawar, N., Smith, T., and G. Heron, "Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)", RFC 4447, April 2006.
[RFC4447]Martini,L.,Rosen,E.,El Aawar,N.,Smith,T.,和G.Heron,“使用标签分发协议(LDP)的伪线设置和维护”,RFC 4447,2006年4月。
[RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP Specification", RFC 5036, October 2007.
[RFC5036]Andersson,L.,Minei,I.,和B.Thomas,“LDP规范”,RFC 5036,2007年10月。
[RFC5283] Decraene, B., Le Roux, JL., and I. Minei, "LDP Extension for Inter-Area Label Switched Paths (LSPs)", RFC 5283, July 2008.
[RFC5283]DeClaene,B.,Le Roux,JL.,和I.Minei,“区域间标签交换路径(LSP)的LDP扩展”,RFC 5283,2008年7月。
[CRYPTO-AUTH] Zheng, L., Chen, M., and M. Bhatia, "LDP Hello Cryptographic Authentication", Work in Progress, August 2013.
[CRYPTO-AUTH]Zheng,L.,Chen,M.和M.Bhatia,“LDP Hello加密认证”,正在进行的工作,2013年8月。
[KARP-ISIS] Chunduri, U., Tian, A., and W. Lu, "KARP IS-IS security analysis", Work in Progress, March 2013.
[KARP-ISIS]Chunduri,U.,Tian,A.,和W.Lu,“KARP IS-IS安全分析”,正在进行的工作,2013年3月。
[RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in BGP-4", RFC 3107, May 2001.
[RFC3107]Rekhter,Y.和E.Rosen,“在BGP-4中携带标签信息”,RFC 3107,2001年5月。
[RFC5286] Atlas, A. and A. Zinin, "Basic Specification for IP Fast Reroute: Loop-Free Alternates", RFC 5286, September 2008.
[RFC5286]Atlas,A.和A.Zinin,“IP快速重路由的基本规范:无环路交替”,RFC 5286,2008年9月。
[RFC5443] Jork, M., Atlas, A., and L. Fang, "LDP IGP Synchronization", RFC 5443, March 2009.
[RFC5443]Jork,M.,Atlas,A.,和L.Fang,“LDP IGP同步”,RFC 54432009年3月。
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS Networks", RFC 5920, July 2010.
[RFC5920]方,L,“MPLS和GMPLS网络的安全框架”,RFC 5920,2010年7月。
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, June 2010.
[RFC5925]Touch,J.,Mankin,A.,和R.Bonica,“TCP认证选项”,RFC 59252010年6月。
[RFC6863] Hartman, S. and D. Zhang, "Analysis of OSPF Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6863, March 2013.
[RFC6863]Hartman,S.和D.Zhang,“根据路由协议键控和认证(KARP)设计指南分析OSPF安全性”,RFC 6863,2013年3月。
[RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6952, May 2013.
[RFC6952]Jethanandani,M.,Patel,K.,和L.Zheng,“根据路由协议键控和认证(KARP)设计指南分析BGP,LDP,PCEP和MSDP问题”,RFC 6952,2013年5月。
[RLFA] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, "Remote LFA FRR", Work in Progress, May 2013.
[RLFA]Bryant,S.,Filsfils,C.,Previdi,S.,Shand,M.,和N.So,“远程LFA FRR”,正在进行的工作,2013年5月。
[SEAMLESS-MPLS] Leymann, N., Ed., Decraene, B., Filsfils, C., Konstantynowicz, M., Ed., and D. Steinberg, "Seamless MPLS Architecture", Work in Progress, July 2013.
[SEAMLESS-MPLS]莱曼,N.,Ed.,德雷恩,B.,菲尔斯菲尔斯,C.,康斯坦蒂诺维奇,M.,Ed.,和D.斯坦伯格,“无缝MPLS架构”,正在进行的工作,2013年7月。
Authors' Addresses
作者地址
Thomas Beckhaus (editor) Deutsche Telekom AG Heinrich-Hertz-Strasse 3-7 Darmstadt 64307 Germany
托马斯·贝克豪斯(编辑)德国电信公司海因里希·赫兹大街3-7号德国达姆施塔特64307
Phone: +49 6151 58 12825 EMail: thomas.beckhaus@telekom.de
Phone: +49 6151 58 12825 EMail: thomas.beckhaus@telekom.de
Bruno Decraene Orange 38-40 rue du General Leclerc Issy Moulineaux cedex 9 92794 France
法国莱克勒将军街38-40号布鲁诺·德雷恩·奥兰治伊西·穆尔内奥克斯9 92794
EMail: bruno.decraene@orange.com
EMail: bruno.decraene@orange.com
Kishore Tiruveedhula Juniper Networks 10 Technology Park Drive Westford, Massachusetts 01886 USA
美国马萨诸塞州韦斯特福德科技园大道10号Kishore Tiruveedhula Juniper Networks美国马萨诸塞州01886
Phone: 1-(978)-589-8861 EMail: kishoret@juniper.net
Phone: 1-(978)-589-8861 EMail: kishoret@juniper.net
Maciek Konstantynowicz (editor) Cisco Systems, Inc. 10 New Square Park, Bedfont Lakes London United Kingdom
Maciek Konstantynowicz(编辑)Cisco Systems,Inc.英国伦敦贝德丰湖新广场公园10号
EMail: maciek@cisco.com
EMail: maciek@cisco.com
Luca Martini Cisco Systems, Inc. 9155 East Nichols Avenue, Suite 400 Englewood, CO 80112 USA
Luca Martini Cisco Systems,Inc.美国科罗拉多州恩格尔伍德东尼科尔斯大道9155号400室,邮编:80112
EMail: lmartini@cisco.com
EMail: lmartini@cisco.com