Internet Engineering Task Force (IETF) Z. Liu Request for Comments: 7309 China Telecom Category: Standards Track L. Jin ISSN: 2070-1721 R. Chen ZTE Corporation D. Cai S. Salam Cisco July 2014
Internet Engineering Task Force (IETF) Z. Liu Request for Comments: 7309 China Telecom Category: Standards Track L. Jin ISSN: 2070-1721 R. Chen ZTE Corporation D. Cai S. Salam Cisco July 2014
Redundancy Mechanism for Inter-domain VPLS Service
域间VPLS业务的冗余机制
Abstract
摘要
In many existing Virtual Private LAN Service (VPLS) inter-domain deployments (based on RFC 4762), pseudowire (PW) connectivity offers no Provider Edge (PE) node redundancy, or offers PE node redundancy with only a single domain. This deployment approach incurs a high risk of service interruption, since at least one domain will not offer PE node redundancy. This document describes an inter-domain VPLS solution that provides PE node redundancy across domains.
在许多现有的虚拟专用LAN服务(VPLS)域间部署(基于RFC 4762)中,伪线(PW)连接不提供提供商边缘(PE)节点冗余,或者只提供单个域的PE节点冗余。这种部署方法会导致服务中断的高风险,因为至少有一个域不会提供PE节点冗余。本文档描述了跨域提供PE节点冗余的域间VPLS解决方案。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7309.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7309.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Network Use Case . . . . . . . . . . . . . . . . . . . . . . 4 5. PW Redundancy Application Procedure for Inter-domain Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.1. ICCP Switchover Condition . . . . . . . . . . . . . . . . 6 5.1.1. Inter-domain PW Failure . . . . . . . . . . . . . . . 6 5.1.2. PE Node Isolation . . . . . . . . . . . . . . . . . . 6 5.1.3. PE Node Failure . . . . . . . . . . . . . . . . . . . 6 5.2. Inter-domain Redundancy with Two PWs . . . . . . . . . . 6 5.3. Inter-domain Redundancy with Four PWs . . . . . . . . . . 7 6. Management Considerations . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative references . . . . . . . . . . . . . . . . . . 10 10.2. Informative references . . . . . . . . . . . . . . . . . 10
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Network Use Case . . . . . . . . . . . . . . . . . . . . . . 4 5. PW Redundancy Application Procedure for Inter-domain Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.1. ICCP Switchover Condition . . . . . . . . . . . . . . . . 6 5.1.1. Inter-domain PW Failure . . . . . . . . . . . . . . . 6 5.1.2. PE Node Isolation . . . . . . . . . . . . . . . . . . 6 5.1.3. PE Node Failure . . . . . . . . . . . . . . . . . . . 6 5.2. Inter-domain Redundancy with Two PWs . . . . . . . . . . 6 5.3. Inter-domain Redundancy with Four PWs . . . . . . . . . . 7 6. Management Considerations . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative references . . . . . . . . . . . . . . . . . . 10 10.2. Informative references . . . . . . . . . . . . . . . . . 10
In many existing Virtual Private LAN Service (VPLS) deployments based on [RFC4762], pseudowire (PW) connectivity offers no Provider Edge (PE) node redundancy, or offers PE node redundancy with only a single domain. This deployment approach incurs a high risk of service interruption, since at least one domain will not offer PE node redundancy. This document describes an inter-domain VPLS solution that provides PE node redundancy across domains. The redundancy mechanism will provide PE node redundancy and link redundancy in both domains. The PE throughout the document refers to a routing and bridging capable PE defined in [RFC4762], Section 10. The domain in this document refers to an autonomous system (AS), or other administrative domains.
在许多基于[RFC4762]的现有虚拟专用LAN服务(VPLS)部署中,伪线(PW)连接不提供提供商边缘(PE)节点冗余,或仅提供单个域的PE节点冗余。这种部署方法会导致服务中断的高风险,因为至少有一个域不会提供PE节点冗余。本文档描述了跨域提供PE节点冗余的域间VPLS解决方案。冗余机制将在两个域中提供PE节点冗余和链路冗余。本文件中的PE指的是[RFC4762]第10节中定义的具有路由和桥接功能的PE。本文档中的域是指自治系统(AS)或其他管理域。
The solution relies on the use of the Inter-Chassis Communication Protocol (ICCP) [RFC7275] to coordinate between the two redundant edge nodes, and use of PW Preferential Forwarding Status Bit [RFC6870] to negotiate the PW status. There is no change to any protocol message formats and no new protocol options are introduced. This solution is a description of reusing existing protocol building blocks to achieve the desired function, but also defines implementation behavior necessary for the function to work.
该解决方案依赖于使用机箱间通信协议(ICCP)[RFC7275]在两个冗余边缘节点之间进行协调,并使用PW优先转发状态位[RFC6870]协商PW状态。没有对任何协议消息格式进行更改,也没有引入新的协议选项。此解决方案描述了如何重用现有的协议构建块以实现所需的功能,但也定义了功能工作所需的实现行为。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Inter-AS VPLS offerings are widely deployed in service provider networks today. Typically, the Autonomous System Border Router (ASBR) and associated physical links that connect the domains carry a multitude of services. As such, it is important to provide PE node and link redundancy, to ensure high service availability and meet the end customer service level agreements (SLAs).
Inter-AS VPLS产品目前广泛部署在服务提供商网络中。通常,自治系统边界路由器(ASBR)和连接域的相关物理链路承载大量服务。因此,重要的是提供PE节点和链路冗余,以确保高服务可用性并满足最终客户服务水平协议(SLA)。
Several current deployments of inter-AS VPLS are implemented like inter-AS option A as described in [RFC4364], Section 10, where the Virtual Local Area Network (VLAN) is used to hand-off the services between two domains. In these deployments, PE node/link redundancy is achieved using Multi-Chassis Link Aggregation (MC-LAG) and ICCP [RFC7275]. This, however, places two restrictions on the interconnection: the two domains must be interconnected using Ethernet links, and the links must be homogeneous, i.e., of the same speed, in order to be aggregated. These two conditions cannot always
如[RFC4364]第10节所述,实现了几种当前的inter-AS VPL部署,如inter-AS选项A,其中虚拟局域网(VLAN)用于在两个域之间切换服务。在这些部署中,PE节点/链路冗余是使用多机箱链路聚合(MC-LAG)和ICCP[RFC7275]实现的。然而,这对互连造成了两个限制:两个域必须使用以太网链路互连,并且链路必须是同质的,即速度相同,以便聚合。这两个条件并不总是适用的
be guaranteed in live deployments. For instance, there are many scenarios where the interconnection between the domains uses packet over Synchronous Optical Networking (SONET) / Synchronous Digital Hierarchy (SDH), thereby ruling out the applicability of MC-LAG as a redundancy mechanism. As such, from a technical point of view, it is desirable to use PWs to interconnect the VPLS domains, and to offer resiliency using PW redundancy mechanisms.
在实时部署中得到保证。例如,在许多情况下,域之间的互连使用分组同步光网络(SONET)/同步数字体系(SDH),从而排除了MC-LAG作为冗余机制的适用性。因此,从技术角度来看,希望使用PW互连VPLS域,并使用PW冗余机制提供弹性。
Multiprotocol Border Gateway Protocol (MP-BGP) can be used for VPLS inter-domain protection, as described in [RFC6074], using either option B or option C inter-AS models. However, with this solution, the protection time relies on BGP control-plane convergence. In certain deployments, with tight SLA requirements on availability, this mechanism may not provide the desired failover time characteristics. Furthermore, in certain situations MP-BGP is not deployed for VPLS. The redundancy solution described in this document reuses ICCP [RFC7275] and PW redundancy [RFC6718] to provide fast convergence.
多协议边界网关协议(MP-BGP)可用于VPLS域间保护,如[RFC6074]中所述,使用选项B或选项C作为域间模型。然而,在这种解决方案中,保护时间依赖于BGP控制平面收敛。在某些对可用性有严格SLA要求的部署中,此机制可能无法提供所需的故障切换时间特性。此外,在某些情况下,不为VPL部署MP-BGP。本文档中描述的冗余解决方案重用ICCP[RFC7275]和PW冗余[RFC6718]以提供快速收敛。
Furthermore, in the case where label switched multicast is not used for VPLS multicast [RFC7117], the solution described here provides a better behavior compared to inter-AS option B: with option B, each PE must perform ingress replication to all other PEs in its local as well as the remote domain. Whereas, with the ICCP solution, the PE only replicates to local PEs and to the ASBR. The ASBR then sends traffic point to point to the remote ASBR, and the remote ASBR replicates to its local PEs. As a result, the load of replication is distributed and is more efficient than option B.
此外,在标签交换多播不用于VPLS多播[RFC7117]的情况下,这里描述的解决方案提供了比inter-AS选项B更好的行为:使用选项B,每个PE必须执行到其本地和远程域中所有其他PE的入口复制。然而,对于ICCP解决方案,PE仅复制到本地PE和ASBR。然后,ASBR将流量点对点发送到远程ASBR,远程ASBR复制到其本地PE。因此,复制负载是分布式的,并且比选项B更高效。
Two PW redundancy modes defined in [RFC6718], namely independent mode and master/slave mode, are applicable in this solution. In order to maintain control-plane separation between two domains, the independent mode is preferred by operators. The master/slave mode provides some enhanced capabilities and, hence, is included in this document.
[RFC6718]中定义的两种PW冗余模式,即独立模式和主/从模式,适用于本解决方案。为了保持两个域之间的控制平面分离,操作员首选独立模式。主/从模式提供了一些增强功能,因此包含在本文档中。
There are two network use cases for VPLS inter-domain redundancy: two-PWs redundancy case, and four-PWs redundancy case.
VPLS域间冗余有两种网络使用情形:两种PWs冗余情形和四种PWs冗余情形。
Figure 1 presents an example use case with two inter-domain PWs. PE3/PE4/PE5/PE6 may be ASBRs of their respective AS, or VPLS PEs within its own AS. PE3 and PE4 belong to one redundancy group (RG), and PE5 and PE6 belong to another RG. A deployment example of this use case is where there are only two physical links between two domains and PE3 is physically connected with PE5, and PE4 is physically connected with PE6.
图1给出了两个域间PW的示例用例。PE3/PE4/PE5/PE6可以是其各自AS的ASBR,也可以是其自身AS内的VPLS PE。PE3和PE4属于一个冗余组(RG),PE5和PE6属于另一个RG。该用例的一个部署示例是,两个域之间只有两个物理链路,PE3与PE5物理连接,PE4与PE6物理连接。
+---------+ +---------+ +---+ | +-----+ | active PW1 | +-----+| +---+ |PE1|---|-| PE3 |-|-----------------|--| PE5 ||----|PE7| +---+\ |/+-----+ | | +-----+\ /+---+ | \ / | * | | * | |\ / | | \| | |ICCP| |ICCP| | | \ | | / \ | * | | * | |/ \ | +---+/ |\+-----+ | | +-----+/ \+---+ |PE2|---|-| PE4 |-|-----------------|--| PE6 ||----|PE8| +---+ | +-----+ | standby PW2 | +-----+| +---+ | | | | | | | | | RG1 | | RG2 | +---------+ +---------+ operator A network operator B network
+---------+ +---------+ +---+ | +-----+ | active PW1 | +-----+| +---+ |PE1|---|-| PE3 |-|-----------------|--| PE5 ||----|PE7| +---+\ |/+-----+ | | +-----+\ /+---+ | \ / | * | | * | |\ / | | \| | |ICCP| |ICCP| | | \ | | / \ | * | | * | |/ \ | +---+/ |\+-----+ | | +-----+/ \+---+ |PE2|---|-| PE4 |-|-----------------|--| PE6 ||----|PE8| +---+ | +-----+ | standby PW2 | +-----+| +---+ | | | | | | | | | RG1 | | RG2 | +---------+ +---------+ operator A network operator B network
Figure 1
图1
Figure 2 presents a four-PWs inter-domain VPLS redundancy use case. PE3/PE4/PE5/PE6 may be ASBRs of their respective AS, or VPLS PEs within its own AS. A deployment example of this use case is where there are four physical links between two domains and four PEs are physically connected with each other with four links.
图2显示了一个四PWs域间VPLS冗余用例。PE3/PE4/PE5/PE6可以是其各自AS的ASBR,也可以是其自身AS内的VPLS PE。该用例的一个部署示例是,两个域之间有四个物理链路,四个PE通过四个链路彼此物理连接。
+---------+ +---------+ +---+ | +-----+ | | +-----+| +---+ |PE1|---|-| PE3 |-|--------PW1------|--| PE5 ||----|PE7| | | | | |-|-PW3\ /------|--| || | | +---+\ |/+-----+ | \ / | +-----+\ /+---+ | \ / | * | \ / | * | |\ / | | \| | |ICCP| X |ICCP| | | \ | | / \ | * | / \ | * | |/ \ | +---+/ |\+-----+ | / \ | +-----+/ \+---+ | | | | |-|-PW4/ \------|--| || | | |PE2|---|-| PE4 |-|----PW2----------|--| PE6 ||----|PE8| +---+ | +-----+ | | +-----+| +---+ | | | | | | | | | RG1 | | RG2 | +---------+ +---------+ operator A network operator B network
+---------+ +---------+ +---+ | +-----+ | | +-----+| +---+ |PE1|---|-| PE3 |-|--------PW1------|--| PE5 ||----|PE7| | | | | |-|-PW3\ /------|--| || | | +---+\ |/+-----+ | \ / | +-----+\ /+---+ | \ / | * | \ / | * | |\ / | | \| | |ICCP| X |ICCP| | | \ | | / \ | * | / \ | * | |/ \ | +---+/ |\+-----+ | / \ | +-----+/ \+---+ | | | | |-|-PW4/ \------|--| || | | |PE2|---|-| PE4 |-|----PW2----------|--| PE6 ||----|PE8| +---+ | +-----+ | | +-----+| +---+ | | | | | | | | | RG1 | | RG2 | +---------+ +---------+ operator A network operator B network
Figure 2
图2
PW redundancy application procedures are described in Section 9.1 of [RFC7275]. When a PE node encounters a failure, the other PE takes over. This document reuses the PW redundancy mechanism defined in [RFC7275], with new ICCP switchover conditions as specified in following section.
[RFC7275]第9.1节描述了PW冗余应用程序。当一个PE节点遇到故障时,另一个PE接管。本文件使用[RFC7275]中定义的PW冗余机制,并按照下一节的规定使用新的ICCP切换条件。
There are two PW redundancy modes defined in [RFC6870]: Independent mode and Master/Slave mode. For the inter-domain four-PW scenario, it is required that PEs ensure that the same mode be supported on the two ICCP peers in the same RG. This can be achieved using manual configuration at the ICCP peers. Other methods for ensuring consistency are out of the scope of this document.
[RFC6870]中定义了两种PW冗余模式:独立模式和主/从模式。对于域间四PW场景,要求PEs确保在同一RG中的两个ICCP对等点上支持相同的模式。这可以通过在ICCP对等机上使用手动配置来实现。确保一致性的其他方法不在本文件范围内。
When a PE receives advertisements from the active PE, in the same RG, indicating that all the inter-domain PW status has changed to DOWN/ STANDBY, then if it has the highest priority (after the advertising PE), it SHOULD advertise active state for all of its associated inter-domain PWs.
当PE在同一RG中接收到来自活动PE的播发,指示所有域间PW状态已更改为关闭/备用时,如果其具有最高优先级(在播发PE之后),则应为其所有关联的域间PW播发活动状态。
When a PE detects failure of all PWs to the local domain, it SHOULD advertise standby state for all its inter-domain PWs to trigger remote PE to switchover.
当一个PE检测到本地域的所有PW出现故障时,它应该通告其所有域间PW的待机状态,以触发远程PE切换。
When a PE node detects that the active PE, that is a member of the same RG, has gone down, if the local PE has redundant PWs for the affected services and has the highest priority (after the failed PE), it SHOULD advertise the active state for all associated inter-domain PWs.
当PE节点检测到活动PE(即同一RG的成员)已停机时,如果本地PE对受影响的服务具有冗余PW并且具有最高优先级(在失败的PE之后),则它应该为所有关联的域间PW播发活动状态。
In this use case, it is recommended that the operation be as follows:
在此用例中,建议操作如下:
o ICCP deployment option: ICCP is deployed on VPLS edge nodes in both domains;
o ICCP部署选项:ICCP部署在两个域的VPLS边缘节点上;
o PW redundancy mode: independent mode only;
o PW冗余模式:仅限独立模式;
o Protection architectures: 1:1 (1 standby, 1 active).
o 保护架构:1:1(1个备用,1个活动)。
The switchover rules described in Section 5.1 apply. Before deploying this inter-domain VPLS, the operators should negotiate to configure the same PW high/low priority at two PW endpoints. The inter-domain VPLS relationship normally involves a contractual process between operators, and the configuration of PW roles forms part of this process. For example, in Figure 1, PE3 and PE5 must both have higher/lower priority than PE4 and PE6; otherwise, both PW1 and PW2 will be in standby state.
第5.1节中描述的切换规则适用。在部署此域间VPL之前,运营商应协商在两个PW端点配置相同的PW高/低优先级。域间VPLS关系通常涉及运营商之间的合同流程,PW角色的配置构成该流程的一部分。例如,在图1中,PE3和PE5的优先级必须高于/低于PE4和PE6;否则,PW1和PW2都将处于待机状态。
In this use case, there are two options to provide protection: 1:1 and 3:1 protection. The inter-domain PWs that connect to the same PE should have proper PW priority to advertise the same active/standby state. For example, in Figure 2, both PW1 and PW3 are connected to PE3 and should advertise active/standby state.
在这个用例中,有两个选项可以提供保护:1:1和3:1保护。连接到同一PE的域间PW应具有适当的PW优先级,以播发相同的活动/备用状态。例如,在图2中,PW1和PW3都连接到PE3,并且应该公布活动/备用状态。
For the 1:1 protection model, the operation would be as follows:
对于1:1保护模式,操作如下:
o ICCP deployment option: ICCP is deployed on VPLS edge nodes in both domains;
o ICCP部署选项:ICCP部署在两个域的VPLS边缘节点上;
o PW redundancy mode: independent mode only;
o PW冗余模式:仅限独立模式;
o Protection architectures: 1:1 (1 standby, 1 active).
o 保护架构:1:1(1个备用,1个活动)。
The switchover rules described in Section 5.1 apply. In this case, the operators do not need to do any coordination of the inter-domain PW priority. The PE detecting one PW DOWN SHOULD set the other PW to STANDBY if available, and then synchronize the updated state to its ICCP peer. When a PE detects that the PWs from the ICCP peer PE are DOWN or STANDBY, it SHOULD switchover as described in Section 5.1.1.
第5.1节中描述的切换规则适用。在这种情况下,运营商不需要对域间PW优先级进行任何协调。检测到一个PW关闭的PE应将另一个PW设置为备用(如果可用),然后将更新状态同步到其ICCP对等方。当PE检测到来自ICCP对等PE的PWs停机或待机时,应按照第5.1.1节所述进行切换。
There are two variants of the 3:1 protection model. We will refer to them as options A and B. The implementation MUST support option A and MAY support option B. Option B will be useful when the two legacy PEs in one domain do not support the function in this document. The two legacy PEs still need to support PW redundancy defined in [RFC6870] and be configured as slave node.
3:1保护模式有两种变体。我们将其称为选项A和B。实施必须支持选项A,也可能支持选项B。当一个域中的两个传统PE不支持本文档中的功能时,选项B将非常有用。这两个传统PEs仍然需要支持[RFC6870]中定义的PW冗余,并配置为从节点。
For option A of the 3:1 protection model, the support of the Request Switchover status bit [RFC6870] is required. The operation is as follows:
对于3:1保护模式的选项A,需要支持请求切换状态位[RFC6870]。行动如下:
o ICCP deployment option: ICCP is deployed on VPLS edge nodes in both domains;
o ICCP部署选项:ICCP部署在两个域的VPLS边缘节点上;
o PW redundancy mode: Independent mode with 'request switchover' bit support;
o PW冗余模式:具有“请求切换”位支持的独立模式;
o Protection architectures: 3:1 (3 standby, 1 active).
o 保护架构:3:1(3个备用,1个活动)。
In this case, the procedure on the PE for the PW failure is per Section 6.3 of [RFC6870] and with the following additions:
在这种情况下,PW故障的PE程序符合[RFC6870]第6.3节的要求,并增加了以下内容:
o When the PE detects failure of the active inter-domain PW, it SHOULD switch to the other local standby inter-domain PW if available, and send an updated LDP PW status message with the 'request switchover' bit set on that local standby inter-domain PW to the remote PE;
o 当PE检测到活动域间PW故障时,应切换到另一个本地备用域间PW(如果可用),并向远程PE发送更新的LDP PW状态消息,该消息在该本地备用域间PW上设置了“请求切换”位;
o Local and remote PE SHOULD also update the new PW status to their ICCP peers, respectively, in Application Data Messages with the PW-RED Synchronization Request TLV for corresponding service, so as to synchronize the latest PW status on both PE sides.
o 本地和远程PE还应在应用程序数据消息中分别向其ICCP对等方更新新的PW状态,并使用PW-RED同步请求TLV进行相应服务,以便同步PE双方的最新PW状态。
o While waiting for the acknowledgement, the PE that sends the 'request switchover' bit may receive a switchover request from its ICCP peer's PW remote endpoint by virtue of the ICCP synchronization. The PE MUST compare IP addresses with that PW remote peer. The PE with a higher IP address SHOULD ignore the request and continue to wait for the acknowledgement from its peer in the remote domain. The PE with the lower IP address SHOULD clear the 'request switchover' bit and set the 'Preferential Forwarding' local status bit, and update the PW status to ICCP peer.
o 在等待确认时,发送“请求切换”位的PE可借助ICCP同步从其ICCP对等方的PW远程端点接收切换请求。PE必须将IP地址与PW远程对等方进行比较。IP地址较高的PE应忽略该请求,并继续等待来自远程域中对等方的确认。IP地址较低的PE应清除“请求切换”位并设置“优先转发”本地状态位,并将PW状态更新为ICCP对等方。
o The remote PE receiving the 'request switchover' bit SHOULD acknowledge the request and activate the PW only when it is ready to take over as described in Section 5.1; otherwise, it SHOULD ignore the request.
o 接收“请求切换”位的远程PE应确认请求,并仅在其准备好按照第5.1节所述接管时激活PW;否则,它应该忽略该请求。
The PE node isolation failure and PE node failure is described in Section 5.1.
第5.1节描述了PE节点隔离故障和PE节点故障。
For option B of the 3:1 protection model, master/slave mode support is required and should be as follows:
对于3:1保护模式的选项B,需要主/从模式支持,应如下所示:
o ICCP deployment option: ICCP is deployed on VPLS edge nodes in only one domain;
o ICCP部署选项:ICCP仅部署在一个域的VPLS边缘节点上;
o PW redundancy mode: master/slave only;
o PW冗余模式:仅主/从模式;
o Protection architectures: 3:1 (3 standby, 1 active).
o 保护架构:3:1(3个备用,1个活动)。
When master/slave PW redundancy mode is employed, the network operators of two domains must agree on which domain PEs will be master, and configure the devices accordingly. The inter-domain PWs that connect to one PE should have higher PW priority than the PWs on the other PE in the same RG. The procedure on the PE for PW failure is as follows:
当采用主/从PW冗余模式时,两个域的网络运营商必须就哪一个域PE将成为主域达成一致,并相应地配置设备。连接到一个PE的域间PW应具有比同一RG中其他PE上的PW更高的PW优先级。针对PW故障的PE程序如下:
o The PE with higher PW priority should only enable one PW active, and the other PWs should be in the standby state.
o 具有较高PW优先级的PE应仅启用一个PW活动,而其他PW应处于备用状态。
o When the PE detects an active PW DOWN, it SHOULD enable the other local standby PW to be active with preference. Only when two inter-domain PWs connected to the PE are DOWN, the ICCP peer PE in the same RG SHOULD switchover as described in Section 5.1.
o 当PE检测到活动PW DOWN时,它应优先启用其他本地备用PW。仅当连接到PE的两个域间PW关闭时,同一RG中的ICCP对等PE应按照第5.1节所述进行切换。
The PE node isolation failure and PE node failure are described in Section 5.1.
第5.1节描述了PE节点隔离故障和PE节点故障。
When deploying the inter-domain redundancy mechanism described in this document, consistent provisioning is required for proper operation. The two domains must both use the same use case (Section 5.2 or Section 5.3). Within each section, all of the described modes and options must be provisioned identically both within each RG and between the RGs. Additionally, for the two-PWs redundancy options defined in Section 5.2, the two operators must also negotiate to configure same high/low PW priority at the two PW endpoints. If the provisioning is inconsistent, then the inter-domain redundancy mechanism may not work properly.
部署本文档中描述的域间冗余机制时,需要一致的资源调配才能正常运行。这两个域必须使用相同的用例(第5.2节或第5.3节)。在每个部分中,必须在每个RG内和RG之间以相同的方式提供所有描述的模式和选项。此外,对于第5.2节中定义的两个PWs冗余选项,两个操作员还必须协商在两个PW端点配置相同的高/低PW优先级。如果设置不一致,则域间冗余机制可能无法正常工作。
Besides the security properties of [RFC7275] for the ICCP control plane, and [RFC4762] and [RFC6870] for the PW control plane, this document has additional security considerations for the ICCP control plane.
除了ICCP控制平面的[RFC7275]和PW控制平面的[RFC4762]和[RFC6870]的安全属性外,本文件还有ICCP控制平面的其他安全注意事项。
In this document, ICCP is deployed between two PEs or ASBRs. The two PEs or ASBRs should only be connected by a network that is well managed and whose service levels and availability are highly monitored. This should be ensured by the operator.
在本文档中,ICCP部署在两个PEs或ASBR之间。这两个PEs或ASBR只能通过管理良好、服务级别和可用性受到高度监控的网络连接。这应由操作员确保。
The state flapping on the inter-domain and intra-domain PW may cause security threats or be exploited to create denial-of-service attacks. For example, excessive PW state flapping (e.g., by malicious peer
域间和域内PW上的状态波动可能导致安全威胁或被利用来创建拒绝服务攻击。例如,过度的PW状态摆动(例如,恶意对等
PE's implementation) may lead to excessive ICCP exchanges. Implementations SHOULD provide mechanisms to perform control-plane policing and mitigate such types of attacks.
PE的实施)可能导致过度ICCP交换。实现应提供执行控制平面监控和缓解此类攻击的机制。
The authors would like to thank Sami Boutros, Giles Heron, Adrian Farrel, Andrew G. Malis, and Stephen Kent for their valuable comments.
作者要感谢Sami Boutros、Giles Heron、Adrian Farrel、Andrew G.Malis和Stephen Kent的宝贵评论。
Daniel Cohn Email:daniel.cohn.ietf@gmail.com
Daniel Cohn电子邮件:Daniel.Cohn。ietf@gmail.com
Yubao Wang ZTE Corporation
宇宝网中兴通讯公司
Nanjing, China Email: wang.yubao@zte.com.cn
中国南京电子邮件:王。yubao@zte.com.cn
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC6870] Muley, P. and M. Aissaoui, "Pseudowire Preferential Forwarding Status Bit", RFC 6870, February 2013.
[RFC6870]Muley,P.和M.Aissaoui,“伪线优先转发状态位”,RFC 68702013年2月。
[RFC7275] Martini, L., Salam, S., Sajassi, A., Bocci, M., Matsushima, S., and T. Nadeau, "Inter-Chassis Communication Protocol for Layer 2 Virtual Private Network (L2VPN) Provider Edge (PE) Redundancy", RFC 7275, June 2014.
[RFC7275]Martini,L.,Salam,S.,Sajassi,A.,Bocci,M.,Matsushima,S.,和T.Nadeau,“第2层虚拟专用网络(L2VPN)提供商边缘(PE)冗余的机箱间通信协议”,RFC 7275,2014年6月。
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006.
[RFC4364]Rosen,E.和Y.Rekhter,“BGP/MPLS IP虚拟专用网络(VPN)”,RFC 4364,2006年2月。
[RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007.
[RFC4762]Lasserre,M.和V.Kompella,“使用标签分发协议(LDP)信令的虚拟专用LAN服务(VPLS)”,RFC 4762,2007年1月。
[RFC6074] Rosen, E., Davie, B., Radoaca, V., and W. Luo, "Provisioning, Auto-Discovery, and Signaling in Layer 2 Virtual Private Networks (L2VPNs)", RFC 6074, January 2011.
[RFC6074]Rosen,E.,Davie,B.,Radoaca,V.,和W.Luo,“第二层虚拟专用网络(L2VPN)中的资源调配、自动发现和信令”,RFC 6074,2011年1月。
[RFC6718] Muley, P., Aissaoui, M., and M. Bocci, "Pseudowire Redundancy", RFC 6718, August 2012.
[RFC6718]Muley,P.,Aissaoui,M.和M.Bocci,“伪线冗余”,RFC 67182012年8月。
[RFC7117] Aggarwal, R., Kamite, Y., Fang, L., Rekhter, Y., and C. Kodeboniya, "Multicast in Virtual Private LAN Service (VPLS)", RFC 7117, February 2014.
[RFC7117]Aggarwal,R.,Kamite,Y.,Fang,L.,Rekhter,Y.,和C.Kodeboniya,“虚拟专用局域网服务(VPLS)中的多播”,RFC 71172014年2月。
Authors' Addresses
作者地址
Zhihua Liu China Telecom 109 Zhongshan Ave. Guangzhou 510630 P.R.China
中国电信广州中山大道109号,邮编:510630
EMail: zhliu@gsta.com
EMail: zhliu@gsta.com
Lizhong Jin Shanghai P.R.China
中国上海市李忠区
EMail: lizho.jin@gmail.com
EMail: lizho.jin@gmail.com
Ran Chen ZTE Corporation NO.19 East Huayuan Road Haidian District Beijing 100191 P.R.China
中国北京市海淀区花园东路19号冉晨中兴通讯公司100191
EMail: chen.ran@zte.com.cn
EMail: chen.ran@zte.com.cn
Dennis Cai Cisco 3750 Cisco Way, San Jose, California 95134 USA
美国加利福尼亚州圣何塞市思科路3750号,邮编95134
EMail: dcai@cisco.com
EMail: dcai@cisco.com
Samer Salam Cisco 595 Burrard Street, Suite:2123 Vancouver, BC V7X 1J1 Canada
萨默萨拉姆思科595伯拉德街,套房:2123温哥华,不列颠哥伦比亚省V7X 1J1加拿大
EMail: ssalam@cisco.com
EMail: ssalam@cisco.com