1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
|
<pre>Internet Engineering Task Force (IETF) C. Villamizar, Ed.
Request for Comments: 7325 OCCNC
Category: Informational K. Kompella
ISSN: 2070-1721 Juniper Networks
S. Amante
Apple Inc.
A. Malis
Huawei
C. Pignataro
Cisco
August 2014
<span class="h1">MPLS Forwarding Compliance and Performance Requirements</span>
Abstract
This document provides guidelines for implementers regarding MPLS
forwarding and a basis for evaluations of forwarding implementations.
Guidelines cover many aspects of MPLS forwarding. Topics are
highlighted where implementers might otherwise overlook practical
requirements that are unstated or underemphasized, or that are
optional for conformance to RFCs but often considered mandatory by
providers.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc7325">http://www.rfc-editor.org/info/rfc7325</a>.
<span class="grey">Villamizar, et al. Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction and Document Scope . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-1.1">1.1</a>. Abbreviations . . . . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-1.2">1.2</a>. Use of Requirements Language . . . . . . . . . . . . . . <a href="#page-8">8</a>
<a href="#section-1.3">1.3</a>. Apparent Misconceptions . . . . . . . . . . . . . . . . . <a href="#page-9">9</a>
<a href="#section-1.4">1.4</a>. Target Audience . . . . . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-2">2</a>. Forwarding Issues . . . . . . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-2.1">2.1</a>. Forwarding Basics . . . . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-2.1.1">2.1.1</a>. MPLS Special-Purpose Labels . . . . . . . . . . . . . <a href="#page-12">12</a>
<a href="#section-2.1.2">2.1.2</a>. MPLS Differentiated Services . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-2.1.3">2.1.3</a>. Time Synchronization . . . . . . . . . . . . . . . . <a href="#page-14">14</a>
<a href="#section-2.1.4">2.1.4</a>. Uses of Multiple Label Stack Entries . . . . . . . . <a href="#page-14">14</a>
<a href="#section-2.1.5">2.1.5</a>. MPLS Link Bundling . . . . . . . . . . . . . . . . . <a href="#page-15">15</a>
<a href="#section-2.1.6">2.1.6</a>. MPLS Hierarchy . . . . . . . . . . . . . . . . . . . <a href="#page-16">16</a>
<a href="#section-2.1.7">2.1.7</a>. MPLS Fast Reroute (FRR) . . . . . . . . . . . . . . . <a href="#page-16">16</a>
<a href="#section-2.1.8">2.1.8</a>. Pseudowire Encapsulation . . . . . . . . . . . . . . <a href="#page-17">17</a>
<a href="#section-2.1.8.1">2.1.8.1</a>. Pseudowire Sequence Number . . . . . . . . . . . <a href="#page-17">17</a>
<a href="#section-2.1.9">2.1.9</a>. Layer 2 and Layer 3 VPN . . . . . . . . . . . . . . . <a href="#page-19">19</a>
<a href="#section-2.2">2.2</a>. MPLS Multicast . . . . . . . . . . . . . . . . . . . . . <a href="#page-20">20</a>
<a href="#section-2.3">2.3</a>. Packet Rates . . . . . . . . . . . . . . . . . . . . . . <a href="#page-21">21</a>
<a href="#section-2.4">2.4</a>. MPLS Multipath Techniques . . . . . . . . . . . . . . . . <a href="#page-23">23</a>
<a href="#section-2.4.1">2.4.1</a>. Pseudowire Control Word . . . . . . . . . . . . . . . <a href="#page-24">24</a>
<a href="#section-2.4.2">2.4.2</a>. Large Microflows . . . . . . . . . . . . . . . . . . <a href="#page-24">24</a>
<a href="#section-2.4.3">2.4.3</a>. Pseudowire Flow Label . . . . . . . . . . . . . . . . <a href="#page-25">25</a>
<a href="#section-2.4.4">2.4.4</a>. MPLS Entropy Label . . . . . . . . . . . . . . . . . <a href="#page-25">25</a>
<a href="#section-2.4.5">2.4.5</a>. Fields Used for Multipath Load Balance . . . . . . . <a href="#page-25">25</a>
<a href="#section-2.4.5.1">2.4.5.1</a>. MPLS Fields in Multipath . . . . . . . . . . . . <a href="#page-26">26</a>
<a href="#section-2.4.5.2">2.4.5.2</a>. IP Fields in Multipath . . . . . . . . . . . . . <a href="#page-27">27</a>
<a href="#section-2.4.5.3">2.4.5.3</a>. Fields Used in Flow Label . . . . . . . . . . . . <a href="#page-29">29</a>
<a href="#section-2.4.5.4">2.4.5.4</a>. Fields Used in Entropy Label . . . . . . . . . . <a href="#page-29">29</a>
<a href="#section-2.5">2.5</a>. MPLS-TP and UHP . . . . . . . . . . . . . . . . . . . . . <a href="#page-30">30</a>
<span class="grey">Villamizar, et al. Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<a href="#section-2.6">2.6</a>. Local Delivery of Packets . . . . . . . . . . . . . . . . <a href="#page-30">30</a>
<a href="#section-2.6.1">2.6.1</a>. DoS Protection . . . . . . . . . . . . . . . . . . . <a href="#page-31">31</a>
<a href="#section-2.6.2">2.6.2</a>. MPLS OAM . . . . . . . . . . . . . . . . . . . . . . <a href="#page-33">33</a>
<a href="#section-2.6.3">2.6.3</a>. Pseudowire OAM . . . . . . . . . . . . . . . . . . . <a href="#page-34">34</a>
<a href="#section-2.6.4">2.6.4</a>. MPLS-TP OAM . . . . . . . . . . . . . . . . . . . . . <a href="#page-34">34</a>
<a href="#section-2.6.5">2.6.5</a>. MPLS OAM and Layer 2 OAM Interworking . . . . . . . . <a href="#page-35">35</a>
<a href="#section-2.6.6">2.6.6</a>. Extent of OAM Support by Hardware . . . . . . . . . . <a href="#page-36">36</a>
<a href="#section-2.6.7">2.6.7</a>. Support for IPFIX in Hardware . . . . . . . . . . . . <a href="#page-37">37</a>
<a href="#section-2.7">2.7</a>. Number and Size of Flows . . . . . . . . . . . . . . . . <a href="#page-37">37</a>
<a href="#section-3">3</a>. Questions for Suppliers . . . . . . . . . . . . . . . . . . . <a href="#page-38">38</a>
<a href="#section-3.1">3.1</a>. Basic Compliance . . . . . . . . . . . . . . . . . . . . <a href="#page-38">38</a>
<a href="#section-3.2">3.2</a>. Basic Performance . . . . . . . . . . . . . . . . . . . . <a href="#page-40">40</a>
<a href="#section-3.3">3.3</a>. Multipath Capabilities and Performance . . . . . . . . . <a href="#page-41">41</a>
<a href="#section-3.4">3.4</a>. Pseudowire Capabilities and Performance . . . . . . . . . <a href="#page-41">41</a>
<a href="#section-3.5">3.5</a>. Entropy Label Support and Performance . . . . . . . . . . <a href="#page-42">42</a>
<a href="#section-3.6">3.6</a>. DoS Protection . . . . . . . . . . . . . . . . . . . . . <a href="#page-42">42</a>
<a href="#section-3.7">3.7</a>. OAM Capabilities and Performance . . . . . . . . . . . . <a href="#page-42">42</a>
<a href="#section-4">4</a>. Forwarding Compliance and Performance Testing . . . . . . . . <a href="#page-43">43</a>
<a href="#section-4.1">4.1</a>. Basic Compliance . . . . . . . . . . . . . . . . . . . . <a href="#page-43">43</a>
<a href="#section-4.2">4.2</a>. Basic Performance . . . . . . . . . . . . . . . . . . . . <a href="#page-44">44</a>
<a href="#section-4.3">4.3</a>. Multipath Capabilities and Performance . . . . . . . . . <a href="#page-45">45</a>
<a href="#section-4.4">4.4</a>. Pseudowire Capabilities and Performance . . . . . . . . . <a href="#page-46">46</a>
<a href="#section-4.5">4.5</a>. Entropy Label Support and Performance . . . . . . . . . . <a href="#page-46">46</a>
<a href="#section-4.6">4.6</a>. DoS Protection . . . . . . . . . . . . . . . . . . . . . <a href="#page-47">47</a>
<a href="#section-4.7">4.7</a>. OAM Capabilities and Performance . . . . . . . . . . . . <a href="#page-47">47</a>
<a href="#section-5">5</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-48">48</a>
<a href="#section-6">6</a>. Organization of References Section . . . . . . . . . . . . . <a href="#page-50">50</a>
<a href="#section-7">7</a>. References . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-50">50</a>
<a href="#section-7.1">7.1</a>. Normative References . . . . . . . . . . . . . . . . . . <a href="#page-50">50</a>
<a href="#section-7.2">7.2</a>. Informative References . . . . . . . . . . . . . . . . . <a href="#page-53">53</a>
<a href="#appendix-A">Appendix A</a>. Acknowledgements . . . . . . . . . . . . . . . . . . <a href="#page-59">59</a>
<span class="grey">Villamizar, et al. Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction and Document Scope</span>
The initial purpose of this document was to address concerns raised
on the MPLS WG mailing list about shortcomings in implementations of
MPLS forwarding. Documenting existing misconceptions and potential
pitfalls might potentially avoid repeating past mistakes. The
document has grown to address a broad set of forwarding requirements.
The focus of this document is MPLS forwarding, base pseudowire
forwarding, and MPLS Operations, Administration, and Maintenance
(OAM). The use of pseudowire Control Word and the use of pseudowire
Sequence Number are discussed. Specific pseudowire Attachment
Circuit (AC) and Native Service Processing (NSP) are out of scope.
Specific pseudowire applications, such as various forms of Virtual
Private Network (VPN), are out of scope.
MPLS support for multipath techniques is considered essential by many
service providers and is useful for other high-capacity networks. In
order to obtain sufficient entropy from MPLS, traffic service
providers and others find it essential for the MPLS implementation to
interpret the MPLS payload as IPv4 or IPv6 based on the contents of
the first nibble of payload. The use of IP addresses, the IP
protocol field, and UDP and TCP port number fields in multipath load
balancing are considered within scope. The use of any other IP
protocol fields, such as tunneling protocols carried within IP, are
out of scope.
Implementation details are a local matter and are out of scope. Most
interfaces today operate at 1 Gb/s or greater. It is assumed that
all forwarding operations are implemented in specialized forwarding
hardware rather than on a general-purpose processor. This is often
referred to as "fast path" and "slow path" processing. Some
recommendations are made regarding implementing control or
management-plane functionality in specialized hardware or with
limited assistance from specialized hardware. This advice is based
on expected control or management protocol loads and on the need for
denial of service (DoS) protection.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Abbreviations</span>
The following abbreviations are used.
AC Attachment Circuit ([<a href="./rfc3985" title=""Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture"">RFC3985</a>])
ACH Associated Channel Header (pseudowires)
ACK Acknowledgement (TCP flag and type of TCP packet)
<span class="grey">Villamizar, et al. Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
AIS Alarm Indication Signal (MPLS-TP OAM)
ATM Asynchronous Transfer Mode (legacy switched circuits)
BFD Bidirectional Forwarding Detection
BGP Border Gateway Protocol
CC-CV Continuity Check and Connectivity Verification
CE Customer Edge ([<a href="./rfc4364" title=""BGP/MPLS IP Virtual Private Networks (VPNs)"">RFC4364</a>])
CPU Central Processing Unit (computer or microprocessor)
CT Class Type ([<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>])
CW Control Word ([<a href="./rfc4385" title=""Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN"">RFC4385</a>])
DCCP Datagram Congestion Control Protocol
DDoS Distributed Denial of Service
DM Delay Measurement (MPLS-TP OAM)
DSCP Differentiated Services Code Point ([<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>])
DWDM Dense Wave Division Multiplexing
DoS Denial of Service
E-LSP Explicitly TC-encoded-PSC LSP ([<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>])
EBGP External BGP
ECMP Equal-Cost Multipath
ECN Explicit Congestion Notification ([<a href="./rfc3168" title=""The Addition of Explicit Congestion Notification (ECN) to IP"">RFC3168</a>] and [<a href="./rfc5129" title=""Explicit Congestion Marking in MPLS"">RFC5129</a>])
EL Entropy Label ([<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>])
ELI Entropy Label Indicator ([<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>])
EXP Experimental (field in MPLS renamed to "TC" in [<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>])
FEC Forwarding Equivalence Classes ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>]); also Forward Error
Correction in other context
FR Frame Relay (legacy switched circuits)
<span class="grey">Villamizar, et al. Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
FRR Fast Reroute ([<a href="./rfc4090" title=""Fast Reroute Extensions to RSVP-TE for LSP Tunnels"">RFC4090</a>])
G-ACh Generic Associated Channel ([<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>])
GAL Generic Associated Channel Label ([<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>])
GFP Generic Framing Procedure (used in OTN)
GMPLS Generalized MPLS ([<a href="./rfc3471" title=""Generalized Multi-Protocol Label Switching (GMPLS) Signaling Functional Description"">RFC3471</a>])
GTSM Generalized TTL Security Mechanism ([<a href="./rfc5082" title=""The Generalized TTL Security Mechanism (GTSM)"">RFC5082</a>])
Gb/s Gigabits per second (billion bits per second)
IANA Internet Assigned Numbers Authority
ILM Incoming Label Map ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>])
IP Internet Protocol
IPVPN Internet Protocol VPN
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
L-LSP Label-Only-Inferred-PSC LSP ([<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>])
L2VPN Layer 2 VPN
LDP Label Distribution Protocol ([<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>])
LER Label Edge Router ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>])
LM Loss Measurement (MPLS-TP OAM)
LSP Label Switched Path ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>])
LSR Label Switching Router ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>])
MP2MP Multipoint to Multipoint
MPLS Multiprotocol Label Switching ([<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>])
MPLS-TP MPLS Transport Profile ([<a href="./rfc5317" title=""Joint Working Team (JWT) Report on MPLS Architectural Considerations for a Transport Profile"">RFC5317</a>])
Mb/s Megabits per second (million bits per second)
<span class="grey">Villamizar, et al. Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
NSP Native Service Processing ([<a href="./rfc3985" title=""Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture"">RFC3985</a>])
NTP Network Time Protocol
OAM Operations, Administration, and Maintenance ([<a href="./rfc6291" title=""Guidelines for the Use of the "">RFC6291</a>])
OOB Out-of-band (not carried within a data channel)
OTN Optical Transport Network
P Provider router ([<a href="./rfc4364" title=""BGP/MPLS IP Virtual Private Networks (VPNs)"">RFC4364</a>])
P2MP Point to Multipoint
PE Provider Edge router ([<a href="./rfc4364" title=""BGP/MPLS IP Virtual Private Networks (VPNs)"">RFC4364</a>])
PHB Per-Hop Behavior ([<a href="./rfc2475" title=""An Architecture for Differentiated Services"">RFC2475</a>])
PHP Penultimate Hop Popping ([<a href="./rfc3443" title=""Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks"">RFC3443</a>])
POS PPP over SONET
PSC This abbreviation has multiple interpretations.
1. Packet Switch Capable ([<a href="./rfc3471" title=""Generalized Multi-Protocol Label Switching (GMPLS) Signaling Functional Description"">RFC3471</a>]
2. PHB Scheduling Class ([<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>])
3. Protection State Coordination ([<a href="./rfc6378" title=""MPLS Transport Profile (MPLS-TP) Linear Protection"">RFC6378</a>])
PTP Precision Time Protocol
PW Pseudowire
QoS Quality of Service
RA Router Alert ([<a href="./rfc3032" title=""MPLS Label Stack Encoding"">RFC3032</a>])
RDI Remote Defect Indication (MPLS-TP OAM)
RSVP-TE RSVP Traffic Engineering
RTP Real-time Transport Protocol
SCTP Stream Control Transmission Protocol
SDH Synchronous Data Hierarchy (European SONET, a form of TDM)
<span class="grey">Villamizar, et al. Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
SONET Synchronous Optical Network (US SDH, a form of TDM)
T-LDP Targeted LDP (LDP sessions over more than one hop)
TC Traffic Class ([<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>])
TCP Transmission Control Protocol
TDM Time-Division Multiplexing (legacy encapsulations)
TOS Type of Service (see [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>])
TTL Time-to-live (a field in IP and MPLS headers)
UDP User Datagram Protocol
UHP Ultimate Hop Popping (opposite of PHP)
VCCV Virtual Circuit Connectivity Verification ([<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>])
VLAN Virtual Local Area Network (Ethernet)
VOQ Virtual Output Queuing (switch fabric design)
VPN Virtual Private Network
WG Working Group
<span class="h3"><a class="selflink" id="section-1.2" href="#section-1.2">1.2</a>. Use of Requirements Language</span>
This document is Informational. The uppercase [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>] key words
"MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" are used in
this document in the following cases.
1. <a href="./rfc2119">RFC 2119</a> keywords are used where requirements stated in this
document are called for in referenced RFCs. In most cases, the
RFC containing the requirement is cited within the statement
using an <a href="./rfc2119">RFC 2119</a> keyword.
2. <a href="./rfc2119">RFC 2119</a> keywords are used where explicitly noted that the
keywords indicate that operator experiences indicate a
requirement, but there are no existing RFC requirements.
Advice provided by this document may be ignored by implementations.
Similarly, implementations not claiming conformance to specific RFCs
may ignore the requirements of those RFCs. In both cases,
implementers should consider the risk of doing so.
<span class="grey">Villamizar, et al. Informational [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-1.3" href="#section-1.3">1.3</a>. Apparent Misconceptions</span>
In early generations of forwarding silicon (which might now be behind
us), there apparently were some misconceptions about MPLS. The
following statements provide clarifications.
1. There are practical reasons to have more than one or two labels
in an MPLS label stack. Under some circumstances, the label
stack can become quite deep. See <a href="#section-2.1">Section 2.1</a>.
2. The label stack MUST be considered to be arbitrarily deep.
<a href="#section-3.27.4">Section 3.27.4</a> ("Hierarchy: LSP Tunnels within LSPs") of <a href="./rfc3031">RFC 3031</a>
states "The label stack mechanism allows LSP tunneling to nest to
any depth" [<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>]. If a bottom of the label stack cannot be
found, but sufficient number of labels exist to forward, an LSR
MUST forward the packet. An LSR MUST NOT assume the packet is
malformed unless the end of packet is found before the bottom of
the stack. See <a href="#section-2.1">Section 2.1</a>.
3. In networks where deep label stacks are encountered, they are not
rare. Full packet rate performance is required regardless of
label stack depth, except where multiple pop operations are
required. See <a href="#section-2.1">Section 2.1</a>.
4. Research has shown that long bursts of short packets with 40-byte
or 44-byte IP payload sizes in these bursts are quite common.
This is due to TCP ACK compression [<a href="#ref-ACK-compression">ACK-compression</a>]. The
following two sub-bullets constitute advice that reflects very
common nonnegotiable requirements of providers. Implementers may
ignore this advice but should consider the risk of doing so.
A. A forwarding engine SHOULD, if practical, be able to sustain
an arbitrarily long sequence of small packets arriving at
full interface rate.
B. If indefinitely sustained full packet rate for small packets
is not practical, a forwarding engine MUST be able to buffer
a long sequence of small packets inbound to the on-chip
decision engine and sustain full interface rate for some
reasonable average packet rate. Absent this small on-chip
buffering, QoS-agnostic packet drops can occur.
See <a href="#section-2.3">Section 2.3</a>.
5. The implementations and system designs MUST support pseudowire
Control Word (CW) if MPLS-TP is supported or if ACH [<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>] is
being used on a pseudowire. The implementation and system
designs SHOULD support pseudowire CW even if MPLS-TP and ACH
<span class="grey">Villamizar, et al. Informational [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC5586">RFC5586</a>] are not used, using instead CW and VCCV Type 1
[<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>] to allow the use of multipath in the underlying network
topology without impacting the PW traffic. [<a href="./rfc7079" title=""The Pseudowire (PW) and Virtual Circuit Connectivity Verification (VCCV) Implementation Survey Results"">RFC7079</a>] does note
that there are still some deployments where the CW is not always
used. It also notes that many service providers do enable the
CW. See <a href="#section-2.4.1">Section 2.4.1</a> for more discussion on why deployments
SHOULD enable the pseudowire CW.
The following statements provide clarification regarding more recent
requirements that are often missed.
1. The implementer and system designer SHOULD support adding a
pseudowire Flow Label [<a href="./rfc6391" title=""Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network"">RFC6391</a>]. Deployments MAY enable this
feature for appropriate pseudowire types. See <a href="#section-2.4.3">Section 2.4.3</a>.
2. The implementer and system designer SHOULD support adding an MPLS
Entropy Label [<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>]. Deployments MAY enable this feature.
See <a href="#section-2.4.4">Section 2.4.4</a>.
Non-IETF definitions of MPLS exist, and these should not be used as
normative texts in place of the relevant IETF RFCs. [<a href="./rfc5704" title=""Uncoordinated Protocol Development Considered Harmful"">RFC5704</a>]
documents incompatibilities between the IETF definition of MPLS and
one such alternative MPLS definition, which led to significant issues
in the resulting non-IETF specification.
<span class="h3"><a class="selflink" id="section-1.4" href="#section-1.4">1.4</a>. Target Audience</span>
This document is intended for multiple audiences: implementer
(implementing MPLS forwarding in silicon or in software); systems
designer (putting together a MPLS forwarding systems); deployer
(running an MPLS network). These guidelines are intended to serve
the following purposes:
1. Explain what to do and what not to do when a deep label stack is
encountered. (audience: implementer)
2. Highlight pitfalls to look for when implementing an MPLS
forwarding chip. (audience: implementer)
3. Provide a checklist of features and performance specifications to
request. (audience: systems designer, deployer)
4. Provide a set of tests to perform. (audience: systems designer,
deployer).
<span class="grey">Villamizar, et al. Informational [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
The implementer, systems designer, and deployer have a transitive
supplier-customer relationship. It is in the best interest of the
supplier to review their product against their customer's checklist
and secondary customer's checklist if applicable.
This document identifies and explains many details and potential
pitfalls of MPLS forwarding. It is likely that the identified set of
potential pitfalls will later prove to be an incomplete set.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Forwarding Issues</span>
A brief review of forwarding issues is provided in the subsections
that follow. This section provides some background on why some of
these requirements exist. The questions to ask of suppliers is
covered in <a href="#section-3">Section 3</a>. Some guidelines for testing are provided in
<a href="#section-4">Section 4</a>.
<span class="h3"><a class="selflink" id="section-2.1" href="#section-2.1">2.1</a>. Forwarding Basics</span>
Basic MPLS architecture and MPLS encapsulation, and therefore packet
forwarding, are defined in [<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>] and [<a href="./rfc3032" title=""MPLS Label Stack Encoding"">RFC3032</a>]. <a href="./rfc3031">RFC 3031</a> and <a href="./rfc3032">RFC</a>
<a href="./rfc3032">3032</a> are somewhat LDP centric. RSVP-TE supports traffic engineering
(TE) and fast reroute, features that LDP lacks. The base document
for MPLS RSVP-TE is [<a href="./rfc3209" title=""RSVP-TE: Extensions to RSVP for LSP Tunnels"">RFC3209</a>].
A few RFCs update <a href="./rfc3032">RFC 3032</a>. Those with impact on forwarding include
the following.
1. TTL processing is clarified in [<a href="./rfc3443" title=""Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks"">RFC3443</a>].
2. The use of MPLS Explicit NULL is modified in [<a href="./rfc4182" title=""Removing a Restriction on the use of MPLS Explicit NULL"">RFC4182</a>].
3. Differentiated Services is supported by [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>] and [<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>].
The "EXP" field is renamed to "Traffic Class" in [<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>],
removing any misconception that it was available for
experimentation or could be ignored.
4. ECN is supported by [<a href="./rfc5129" title=""Explicit Congestion Marking in MPLS"">RFC5129</a>].
5. The MPLS G-ACh and GAL are defined in [<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>].
6. [<a href="./rfc5332" title=""MPLS Multicast Encapsulations"">RFC5332</a>] redefines the two data link layer codepoints for MPLS
packets.
Tunneling encapsulations carrying MPLS, such as MPLS in IP [<a href="./rfc4023" title=""Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE)"">RFC4023</a>],
MPLS in GRE [<a href="./rfc4023" title=""Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE)"">RFC4023</a>], MPLS in L2TPv3 [<a href="./rfc4817" title=""Encapsulation of MPLS over Layer 2 Tunneling Protocol Version 3"">RFC4817</a>], or MPLS in UDP
[<a href="#ref-MPLS-IN-UDP">MPLS-IN-UDP</a>], are out of scope.
<span class="grey">Villamizar, et al. Informational [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Other RFCs have implications to MPLS Forwarding and do not update <a href="./rfc3032">RFC</a>
<a href="./rfc3032">3032</a> or <a href="./rfc3209">RFC 3209</a>, including:
1. The pseudowire (PW) Associated Channel Header (ACH) is defined by
[<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>] and was later generalized by the MPLS G-ACh [<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>].
2. The Entropy Label Indicator (ELI) and Entropy Label (EL) are
defined by [<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>].
A few RFCs update <a href="./rfc3209">RFC 3209</a>. Those that are listed as updating <a href="./rfc3209">RFC</a>
<a href="./rfc3209">3209</a> generally impact only RSVP-TE signaling. Forwarding is modified
by major extensions built upon <a href="./rfc3209">RFC 3209</a>.
RFCs that impact forwarding are discussed in the following
subsections.
<span class="h4"><a class="selflink" id="section-2.1.1" href="#section-2.1.1">2.1.1</a>. MPLS Special-Purpose Labels</span>
[<a id="ref-RFC3032">RFC3032</a>] specifies that label values 0-15 are special-purpose labels
with special meanings. [<a href="./rfc7274" title=""Allocating and Retiring Special-Purpose MPLS Labels"">RFC7274</a>] renamed these from the term
"reserved labels" used in [<a href="./rfc3032" title=""MPLS Label Stack Encoding"">RFC3032</a>] to "special-purpose labels".
Three values of NULL label are defined (two of which are later
updated by [<a href="./rfc4182" title=""Removing a Restriction on the use of MPLS Explicit NULL"">RFC4182</a>]) and a Router Alert Label is defined. The
original intent was that special-purpose labels, except the NULL
labels, could be sent to the routing engine CPU rather than be
processed in forwarding hardware. Hardware support is required by
new RFCs such as those defining Entropy Label and OAM processed as a
result of receiving a GAL. For new special-purpose labels, some
accommodation is needed for LSRs that will send the labels to a
general-purpose CPU or other highly programmable hardware. For
example, ELI will only be sent to LSRs that have signaled support for
[<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>], and a high OAM packet rate must be negotiated among
endpoints.
[<a id="ref-RFC3429">RFC3429</a>] reserves a label for ITU-T Y.1711; however, Y.1711 does not
work with multipath and its use is strongly discouraged.
The current list of special-purpose labels can be found on the
"Multiprotocol Label Switching Architecture (MPLS) Label Values"
registry reachable at IANA's pages at <<a href="http://www.iana.org">http://www.iana.org</a>>.
[<a id="ref-RFC7274">RFC7274</a>] introduces an IANA "Extended Special-Purpose MPLS Label
Values" registry and makes use of the "extension" label, label 15, to
indicate that the next label is an extended special-purpose label and
requires special handling. The range of only 16 values for special-
purpose labels allows a table to be used. The range of extended
special-purpose labels with 20 bits available for use may have to be
handled in some other way in the unlikely event that in the future
<span class="grey">Villamizar, et al. Informational [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
the range of currently reserved values 256-1048575 is used. If only
the Standards Action range, 16-239, and the Experimental range,
240-255, are used, then a table of 256 entries can be used.
Unknown special-purpose labels and unknown extended special-purpose
labels are handled the same. When an unknown special-purpose label
is encountered or a special purpose label not directly handled in
forwarding hardware is encountered, the packet should be sent to a
general-purpose CPU by default. If this capability is supported,
there must be an option to either drop or rate limit such packets
based on the value of each special-purpose label.
<span class="h4"><a class="selflink" id="section-2.1.2" href="#section-2.1.2">2.1.2</a>. MPLS Differentiated Services</span>
[<a id="ref-RFC2474">RFC2474</a>] deprecates the IP Type of Service (TOS) and IP Precedence
(Prec) fields and replaces them with the Differentiated Services
Field more commonly known as the Differentiated Services Code Point
(DSCP) field. [<a href="./rfc2475" title=""An Architecture for Differentiated Services"">RFC2475</a>] defines the Differentiated Services
architecture, which in other forums, is often called a Quality of
Service (QoS) architecture.
MPLS uses the Traffic Class (TC) field to support Differentiated
Services [<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>]. There are two primary documents describing how
DSCP is mapped into TC.
1. [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>] defines E-LSP and L-LSP. E-LSP uses a static mapping
of DSCP into TC. L-LSP uses a per-LSP mapping of DSCP into TC,
with one PHB Scheduling Class (PSC) per L-LSP. Each PSC can use
multiple Per-Hop Behavior (PHB) values. For example, the Assured
Forwarding service defines three PSCs, each with three PHB
[<a href="./rfc2597" title=""Assured Forwarding PHB Group"">RFC2597</a>].
2. [<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>] defines assignment of a class-type (CT) to an LSP,
where a per-CT static mapping of TC to PHB is used. [<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>]
provides a means to support up to eight E-LSP-like mappings of
DSCP to TC.
To meet Differentiated Services requirements specified in [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>],
the following forwarding requirements must be met. An ingress LER
MUST be able to select an LSP and then apply a per-LSP map of DSCP
into TC. A midpoint LSR MUST be able to apply a per-LSP map of TC to
PHB. The number of mappings supported will be far less than the
number of LSPs supported.
To meet Differentiated Services requirements specified in [<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>],
the following forwarding requirements must be met. An ingress LER
MUST be able to select an LSP and then apply a per-LSP map of DSCP
into TC. A midpoint LSR MUST be able to map LSP number to Class Type
<span class="grey">Villamizar, et al. Informational [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
(CT), then use a per-CT map to map TC to PHB. Since there are only
eight allowed values of CT, only eight maps of TC to PHB need to be
supported. The LSP label can be used directly to find the TC-to-PHB
mapping, as is needed to support L-LSPs as defined by [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>].
While support for [<a href="./rfc4124" title=""Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering"">RFC4124</a>] and not [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>] would allow support for
only eight mappings of TC to PHB, it is common to support both and
simply state a limit on the number of unique TC-to-PHB mappings that
can be supported.
<span class="h4"><a class="selflink" id="section-2.1.3" href="#section-2.1.3">2.1.3</a>. Time Synchronization</span>
PTP or NTP may be carried over MPLS [<a href="#ref-TIMING-OVER-MPLS">TIMING-OVER-MPLS</a>]. Generally,
NTP will be carried within IP, and IP will be carried in MPLS
[<a href="./rfc5905" title=""Network Time Protocol Version 4: Protocol and Algorithms Specification"">RFC5905</a>]. Both PTP and NTP benefit from accurate timestamping of
incoming packets and the ability to insert accurate timestamps in
outgoing packets. PTP correction that occurs when forwarding
requires updating a timestamp compensation field based on the
difference between packet arrival at an LSR and packet transmit time
at that same LSR.
Since the label stack depth may vary, hardware should allow a
timestamp to be placed in an outgoing packet at any specified byte
position. It may be necessary to modify Layer 2 checksums or frame
check sequences after insertion. PTP and NTP timestamp formats
differ in such a way as to require different implementations of the
timestamp correction. If NTP or PTP is carried over UDP/IP or
UDP/IP/MPLS, the UDP checksum will also have to be updated.
Accurate time synchronization, in addition to being generally useful,
is required for MPLS-TP Delay Measurement (DM) OAM. See
<a href="#section-2.6.4">Section 2.6.4</a>.
<span class="h4"><a class="selflink" id="section-2.1.4" href="#section-2.1.4">2.1.4</a>. Uses of Multiple Label Stack Entries</span>
MPLS deployments in the early part of the prior decade (circa 2000)
tended to support either LDP or RSVP-TE. LDP was favored by some for
its ability to scale to a very large number of PE devices at the edge
of the network, without adding deployment complexity. RSVP-TE was
favored, generally in the network core, where traffic engineering
and/or fast reroute were considered important.
Both LDP and RSVP-TE are used simultaneously within major service
provider networks using a technique known as "LDP over RSVP-TE
Tunneling". This technique allows service providers to carry LDP
tunnels inside RSVP-TE tunnels. This makes it possible to take
advantage of the traffic engineering and fast reroute on more
expensive intercity and intercontinental transport paths. The
<span class="grey">Villamizar, et al. Informational [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
ingress RSVP-TE PE places many LDP tunnels on a single RSVP-TE LSP
and carries it to the egress RSVP-TE PE. The LDP PEs are situated
further from the core, for example, within a metro network. LDP over
RSVP-TE tunneling requires a minimum of two MPLS labels: one each for
LDP and RSVP-TE.
The use of MPLS FRR [<a href="./rfc4090" title=""Fast Reroute Extensions to RSVP-TE for LSP Tunnels"">RFC4090</a>] might add one more label to MPLS
traffic but only when FRR protection is in use (active). If LDP over
RSVP-TE is in use, and FRR protection is in use, then at least three
MPLS labels are present on the label stack on the links through which
the Bypass LSP traverses. FRR is covered in <a href="#section-2.1.7">Section 2.1.7</a>.
LDP L2VPN, LDP IPVPN, BGP L2VPN, and BGP IPVPN added support for VPN
services that are deployed by the vast majority of service providers.
These VPN services added yet another label, bringing the label stack
depth (when FRR is active) to four.
Pseudowires and VPN are discussed in further detail in Sections <a href="#section-2.1.8">2.1.8</a>
and 2.1.9.
MPLS hierarchy as described in [<a href="./rfc4206" title=""Label Switched Paths (LSP) Hierarchy with Generalized Multi-Protocol Label Switching (GMPLS) Traffic Engineering (TE)"">RFC4206</a>] and updated by [<a href="./rfc7074" title=""Revised Definition of the GMPLS Switching Capability and Type Fields"">RFC7074</a>] can
in principle add at least one additional label. MPLS hierarchy is
discussed in <a href="#section-2.1.6">Section 2.1.6</a>.
Other features such as Entropy Label (discussed in <a href="#section-2.4.4">Section 2.4.4</a>) and
Flow Label (discussed in <a href="#section-2.4.3">Section 2.4.3</a>) can add additional labels to
the label stack.
Although theoretical scenarios can easily result in eight or more
labels, such cases are rare if they occur at all today. For the
purpose of forwarding, only the top label needs to be examined if PHP
is used, and a few more if UHP is used (see <a href="#section-2.5">Section 2.5</a>). For deep
label stacks, quite a few labels may have to be examined for the
purpose of load balancing across parallel links (see <a href="#section-2.4">Section 2.4</a>);
however, this depth can be bounded by a provider through use of
Entropy Label.
Other creative uses of MPLS within the IETF, such as the use of MPLS
label stack in source routing, may result in label stacks that are
considerably deeper than those encountered today.
<span class="h4"><a class="selflink" id="section-2.1.5" href="#section-2.1.5">2.1.5</a>. MPLS Link Bundling</span>
MPLS Link Bundling was the first RFC to address the need for multiple
parallel links between nodes [<a href="./rfc4201" title=""Link Bundling in MPLS Traffic Engineering (TE)"">RFC4201</a>]. MPLS Link Bundling is
notable in that it tried not to change MPLS forwarding, except in
<span class="grey">Villamizar, et al. Informational [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
specifying the "all-ones" component link. MPLS Link Bundling is
seldom if ever deployed. Instead, multipath techniques described in
<a href="#section-2.4">Section 2.4</a> are used.
<span class="h4"><a class="selflink" id="section-2.1.6" href="#section-2.1.6">2.1.6</a>. MPLS Hierarchy</span>
MPLS hierarchy is defined in [<a href="./rfc4206" title=""Label Switched Paths (LSP) Hierarchy with Generalized Multi-Protocol Label Switching (GMPLS) Traffic Engineering (TE)"">RFC4206</a>] and updated by [<a href="./rfc7074" title=""Revised Definition of the GMPLS Switching Capability and Type Fields"">RFC7074</a>].
Although <a href="./rfc4206">RFC 4206</a> is considered part of GMPLS, the Packet Switching
Capable (PSC) portion of the MPLS hierarchy is applicable to MPLS and
may be supported in an otherwise GMPLS-free implementation. The MPLS
PSC hierarchy remains the most likely means of providing further
scaling in an RSVP-TE MPLS network, particularly where the network is
designed to provide RSVP-TE connectivity to the edges. This is the
case for envisioned MPLS-TP networks. The use of the MPLS PSC
hierarchy can add at least one additional label to a label stack,
though it is likely that only one layer of PSC will be used in the
near future.
<span class="h4"><a class="selflink" id="section-2.1.7" href="#section-2.1.7">2.1.7</a>. MPLS Fast Reroute (FRR)</span>
Fast reroute is defined by [<a href="./rfc4090" title=""Fast Reroute Extensions to RSVP-TE for LSP Tunnels"">RFC4090</a>]. Two significantly different
methods are defined in <a href="./rfc4090">RFC 4090</a>: the "One-to-One Backup" method,
which uses the "Detour LSP", and the "Facility Backup", which uses a
"bypass tunnel". These are commonly referred to as the detour and
bypass methods, respectively.
The detour method makes use of a presignaled LSP. Hardware
assistance may be needed for detour FRR in order to accomplish local
repair of a large number of LSPs within the target of tens of
milliseconds. For each affected LSP, a swap operation must be
reprogrammed or otherwise switched over. The use of detour FRR
doubles the number of LSPs terminating at any given hop and will
increase the number of LSPs within a network by a factor dependent on
the average detour path length.
The bypass method makes use of a tunnel that is unused when no fault
exists but may carry many LSPs when a local repair is required.
There is no presignaling indicating which working LSP will be
diverted into any specific bypass LSP. If interface label space is
used, the bypass LSP MUST extend one hop beyond the merge point,
except if the merge point is the egress and PHP is used. If the
bypass LSPs are not extended in this way, then the merge LSR (egress
LSR of the bypass LSP) MUST use platform label space (as defined in
[<a href="./rfc3031" title=""Multiprotocol Label Switching Architecture"">RFC3031</a>]) so that an LSP working path on any given interface can be
backed up using a bypass LSP terminating on any other interface.
Hardware assistance may be needed to accomplish local repair of a
large number of LSPs within the target of tens of milliseconds. For
each affected LSP a swap operation must be reprogrammed or otherwise
<span class="grey">Villamizar, et al. Informational [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
switched over with an additional push of the bypass LSP label. The
use of platform label space impacts the size of the LSR ILM for an
LSR with a very large number of interfaces.
IP/LDP Fast Reroute (IP/LDP FRR) [<a href="./rfc5714" title=""IP Fast Reroute Framework"">RFC5714</a>] is also applicable in MPLS
networks. ECMP and Loop-Free Alternates (LFAs) [<a href="./rfc5286" title=""Basic Specification for IP Fast Reroute: Loop-Free Alternates"">RFC5286</a>] are well-
established IP/LDP FRR techniques and were the first methods to be
widely deployed. Work on IP/LDP FRR is ongoing within the IETF
RTGWG. Two topics actively discussed in RTGWG are microloops and
partial coverage of the established techniques in some network
topologies. [<a href="./rfc5715" title=""A Framework for Loop-Free Convergence"">RFC5715</a>] covers the topic of IP/LDP Fast Reroute
microloops and microloop prevention. RTGWG has developed additional
IP/LDP FRR techniques to handle coverage concerns. RTGWG is
extending LFA through the use of remote LFA [<a href="#ref-REMOTE-LFA">REMOTE-LFA</a>]. Other
techniques that require new forwarding paths to be established are
also under consideration, including the IPFRR "not-via" technique
defined in [<a href="./rfc6981" title=""A Framework for IP and MPLS Fast Reroute Using Not-Via Addresses"">RFC6981</a>] and maximally redundant trees (MRT) [<a href="#ref-MRT" title=""An Architecture for IP/LDP Fast-Reroute Using Maximally Redundant Trees"">MRT</a>].
ECMP, LFA (but not remote LFA), and MRT swap the top label to an
alternate MPLS label. The other methods operate in a similar manner
to the facility backup described in <a href="./rfc4090">RFC 4090</a> and push an additional
label. IP/LDP FRR methods that push more than one label have been
suggested but are in early discussion.
<span class="h4"><a class="selflink" id="section-2.1.8" href="#section-2.1.8">2.1.8</a>. Pseudowire Encapsulation</span>
The pseudowire (PW) architecture is defined in [<a href="./rfc3985" title=""Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture"">RFC3985</a>]. A
pseudowire, when carried over MPLS, adds one or more additional label
entries to the MPLS label stack. A PW Control Word is defined in
[<a href="./rfc4385" title=""Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN"">RFC4385</a>] with motivation for defining the Control Word in [<a href="./rfc4928" title=""Avoiding Equal Cost Multipath Treatment in MPLS Networks"">RFC4928</a>].
The PW Associated Channel defined in [<a href="./rfc4385" title=""Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN"">RFC4385</a>] is used for OAM in
[<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>]. The PW Flow Label is defined in [<a href="./rfc6391" title=""Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network"">RFC6391</a>] and is
discussed further in this document in <a href="#section-2.4.3">Section 2.4.3</a>.
There are numerous pseudowire encapsulations, supporting emulation of
services such as Frame Relay, ATM, Ethernet, TDM, and SONET/SDH over
packet switched networks (PSNs) using IP or MPLS.
The pseudowire encapsulation is out of scope for this document.
Pseudowire impact on MPLS forwarding at the midpoint LSR is within
scope. The impact on ingress MPLS push and egress MPLS UHP pop are
within scope. While pseudowire encapsulation is out of scope, some
advice is given on Sequence Number support.
<span class="h5"><a class="selflink" id="section-2.1.8.1" href="#section-2.1.8.1">2.1.8.1</a>. Pseudowire Sequence Number</span>
Pseudowire (PW) Sequence Number support is most important for PW
payload types with a high expectation of lossless and/or in-order
delivery. Identifying lost PW packets and the exact amount of lost
<span class="grey">Villamizar, et al. Informational [Page 17]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
payload is critical for PW services that maintain bit timing, such as
Time Division Multiplexing (TDM) services since these services MUST
compensate lost payload on a bit-for-bit basis.
With PW services that maintain bit timing, packets that have been
received out of order also MUST be identified and MAY be either
reordered or dropped. Resequencing requires, in addition to sequence
numbering, a "reorder buffer" in the egress PE, and the ability to
reorder is limited by the depth of this buffer. The down side of
maintaining a large reorder buffer is added end-to-end service delay.
For PW services that maintain bit timing or any other service where
jitter must be bounded, a jitter buffer is always necessary. The
jitter buffer is needed regardless of whether reordering is done. In
order to be effective, a reorder buffer must often be larger than a
jitter buffer needs to be, thus creating a tradeoff between reducing
loss and minimizing delay.
PW services that are not timing critical bit streams in nature are
cell oriented or frame oriented. Though resequencing support may be
beneficial to PW cell- and frame-oriented payloads such as ATM, FR,
and Ethernet, this support is desirable but not required.
Requirements to handle out-of-order packets at all vary among
services and deployments. For example, for Ethernet PW, occasional
(very rare) reordering is usually acceptable. If the Ethernet PW is
carrying MPLS-TP, then this reordering may be acceptable.
Reducing jitter is best done by an end-system, given that the
tradeoff of loss vs. delay varies among services. For example, with
interactive real-time services, low delay is preferred, while with
non-interactive (one-way) real-time services, low loss is preferred.
The same end-site may be receiving both types of traffic. Regardless
of this, bounded jitter is sometimes a requirement for specific
deployments.
Packet reordering should be rare except in a small number of
circumstances, most of which are due to network design or equipment
design errors:
1. The most common case is where reordering is rare, occurring only
when a network or equipment fault forces traffic on a new path
with different delay. The packet loss that accompanies a network
or equipment fault is generally more disruptive than any
reordering that may occur.
<span class="grey">Villamizar, et al. Informational [Page 18]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
2. A path change can be caused by reasons other than a network or
equipment fault, such as an administrative routing change. This
may result in packet reordering but generally without any packet
loss.
3. If the edge is not using pseudowire Control Word (CW) and the
core is using multipath, reordering will be far more common. If
this is occurring, using CW on the edge will solve the problem.
Without CW, resequencing is not possible since the Sequence
Number is contained in the CW.
4. Another avoidable case is where some core equipment has multipath
and for some reason insists on periodically installing a new
random number as the multipath hash seed. If supporting MPLS-TP,
equipment MUST provide a means to disable periodic hash
reseeding, and deployments MUST disable periodic hash reseeding.
Operator experience dictates that even if not supporting MPLS-TP,
equipment SHOULD provide a means to disable periodic hash
reseeding, and deployments SHOULD disable periodic hash
reseeding.
In provider networks that use multipath techniques and that may
occasionally rebalance traffic or that may change PW paths
occasionally for other reasons, reordering may be far more common
than loss. Where reordering is more common than loss, resequencing
packets is beneficial, rather than dropping packets at egress when
out-of-order arrival occurs. Resequencing is most important for PW
payload types with a high expectation of lossless delivery since in
such cases out-of-order delivery within the network results in PW
loss.
<span class="h4"><a class="selflink" id="section-2.1.9" href="#section-2.1.9">2.1.9</a>. Layer 2 and Layer 3 VPN</span>
Layer 2 VPN [<a href="./rfc4664" title=""Framework for Layer 2 Virtual Private Networks (L2VPNs)"">RFC4664</a>] and Layer 3 VPN [<a href="./rfc4110" title=""A Framework for Layer 3 Provider-Provisioned Virtual Private Networks (PPVPNs)"">RFC4110</a>] add one or more label
entry to the MPLS label stack. VPN encapsulations are out of scope
for this document. Their impact on forwarding at the midpoint LSR
are within scope.
Any of these services may be used on an ingress and egress that are
MPLS Entropy Label enabled (see <a href="#section-2.4.4">Section 2.4.4</a> for discussion of
Entropy Label); this would add an additional two labels to the MPLS
label stack. The need to provide a useful Entropy Label value
impacts the requirements of the VPN ingress LER but is out of scope
for this document.
<span class="grey">Villamizar, et al. Informational [Page 19]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-2.2" href="#section-2.2">2.2</a>. MPLS Multicast</span>
MPLS Multicast encapsulation is clarified in [<a href="./rfc5332" title=""MPLS Multicast Encapsulations"">RFC5332</a>]. MPLS
Multicast may be signaled using RSVP-TE [<a href="./rfc4875" title=""Extensions to Resource Reservation Protocol - Traffic Engineering (RSVP-TE) for Point-to-Multipoint TE Label Switched Paths (LSPs)"">RFC4875</a>] or LDP [<a href="./rfc6388" title=""Label Distribution Protocol Extensions for Point-to- Multipoint and Multipoint-to-Multipoint Label Switched Paths"">RFC6388</a>].
[<a id="ref-RFC4875">RFC4875</a>] defines a root-initiated RSVP-TE LSP setup rather than the
leaf-initiated join used in IP multicast. [<a href="./rfc6388" title=""Label Distribution Protocol Extensions for Point-to- Multipoint and Multipoint-to-Multipoint Label Switched Paths"">RFC6388</a>] defines a leaf-
initiated LDP setup. Both [<a href="./rfc4875" title=""Extensions to Resource Reservation Protocol - Traffic Engineering (RSVP-TE) for Point-to-Multipoint TE Label Switched Paths (LSPs)"">RFC4875</a>] and [<a href="./rfc6388" title=""Label Distribution Protocol Extensions for Point-to- Multipoint and Multipoint-to-Multipoint Label Switched Paths"">RFC6388</a>] define point-to-
multipoint (P2MP) LSP setup. [<a href="./rfc6388" title=""Label Distribution Protocol Extensions for Point-to- Multipoint and Multipoint-to-Multipoint Label Switched Paths"">RFC6388</a>] also defined multipoint-to-
multipoint (MP2MP) LSP setup.
The P2MP LSPs have a single source. An LSR may be a leaf node, an
intermediate node, or a "bud" node. A bud serves as both a leaf and
intermediate. At a leaf, an MPLS pop is performed. The payload may
be an IP multicast packet that requires further replication. At an
intermediate node, an MPLS swap operation is performed. The bud
requires that both a pop operation and a swap operation be performed
for the same incoming packet.
One strategy to support P2MP functionality is to pop at the LSR
interface serving as ingress to the P2MP traffic and then optionally
push labels at each LSR interface serving as egress to the P2MP
traffic at that same LSR. A given LSR egress chip may support
multiple egress interfaces, each of which requires a copy, but each
with a different set of added labels and Layer 2 encapsulation. Some
physical interfaces may have multiple sub-interfaces (such as
Ethernet VLAN or channelized interfaces), each requiring a copy.
If packet replication is performed at LSR ingress, then the ingress
interface performance may suffer. If the packet replication is
performed within a LSR switching fabric and at LSR egress, congestion
of egress interfaces cannot make use of backpressure to ingress
interfaces using techniques such as virtual output queuing (VOQ). If
buffering is primarily supported at egress, then the need for
backpressure is minimized. There may be no good solution for high
volumes of multicast traffic if VOQ is used.
Careful consideration should be given to the performance
characteristics of high-fanout multicast for equipment that is
intended to be used in such a role.
MP2MP LSPs differ in that any branch may provide an input, including
a leaf. Packets must be replicated onto all other branches. This
forwarding is often implemented as multiple P2MP forwarding trees,
one for each potential input interface at a given LSR.
<span class="grey">Villamizar, et al. Informational [Page 20]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-21" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-2.3" href="#section-2.3">2.3</a>. Packet Rates</span>
While average packet size of Internet traffic may be large, long
sequences of small packets have both been predicted in theory and
observed in practice. Traffic compression and TCP ACK compression
can conspire to create long sequences of packets of 40-44 bytes in
payload length. If carried over Ethernet, the 64-byte minimum
payload applies, yielding a packet rate of approximately 150 Mpps
(million packets per second) for the duration of the burst on a
nominal 100 Gb/s link. The peak rate for other encapsulations can be
as high as 250 Mpps (for example, when IP or MPLS is encapsulated
using GFP over OTN ODU4).
It is possible that the packet rates achieved by a specific
implementation are acceptable for a minimum payload size, such as a
64-byte (64B) payload for Ethernet, but the achieved rate declines to
an unacceptable level for other packet sizes, such as a 65B payload.
There are other packet rates of interest besides TCP ACK. For
example, a TCP ACK carried over an Ethernet PW over MPLS over
Ethernet may occupy 82B or 82B plus an increment of 4B if additional
MPLS labels are present.
A graph of packet rate vs. packet size often displays a sawtooth.
The sawtooth is commonly due to a memory bottleneck and memory
widths, sometimes an internal cache, but often a very wide external
buffer memory interface. In some cases, it may be due to a fabric
transfer width. A fine packing, rounding up to the nearest 8B or 16B
will result in a fine sawtooth with small degradation for 65B, and
even less for 82B packets. A coarse packing, rounding up to 64B can
yield a sharper drop in performance for 65B packets, or perhaps more
important, a larger drop for 82B packets.
The loss of some TCP ACK packets are not the primary concern when
such a burst occurs. When a burst occurs, any other packets,
regardless of packet length and packet QoS are dropped once on-chip
input buffers prior to the decision engine are exceeded. Buffers in
front of the packet decision engine are often very small or
nonexistent (less than one packet of buffer) causing significant QoS-
agnostic packet drop.
Internet service providers and content providers at one time
specified full rate forwarding with 40-byte payload packets as a
requirement. Today, this requirement often can be waived if the
provider can be convinced that when long sequences of short packets
occur no packets will be dropped.
<span class="grey">Villamizar, et al. Informational [Page 21]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-22" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Many equipment suppliers have pointed out that the extra cost in
designing hardware capable of processing the minimum size packets at
full line rate is significant for very-high-speed interfaces. If
hardware is not capable of processing the minimum size packets at
full line rate, then that hardware MUST be capable of handling large
bursts of small packets, a condition that is often observed. This
level of performance is necessary to meet Differentiated Services
[<a href="./rfc2475" title=""An Architecture for Differentiated Services"">RFC2475</a>] requirements; without it, packets are lost prior to
inspection of the IP DSCP field [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>] or MPLS TC field [<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>].
With adequate on-chip buffers before the packet decision engine, an
LSR can absorb a long sequence of short packets. Even if the output
is slowed to the point where light congestion occurs, the packets,
having cleared the decision process, can make use of larger VOQ or
output side buffers and be dealt with according to configured QoS
treatment, rather than dropped completely at random.
The buffering before the packet decision engine should be arranged
such that 1) it can hold a relatively large number of small packets,
2) it can hold a small number of large packets, and 3) it can hold a
mix of packets of different sizes.
These on-chip buffers need not contribute significant delay since
they are only used when the packet decision engine is unable to keep
up, not in response to congestion, plus these buffers are quite
small. For example, an on-chip buffer capable of handling 4K packets
of 64 bytes in length, or 256KB, corresponds to 200 microseconds on a
10 Gb/s link and 20 microseconds on a 100 Gb/s link. If the packet
decision engine is capable of handling packets at 90% of the full
rate for small packets, then the maximum added delay is 20
microseconds and 2 microseconds, respectively, and this delay only
applies if a 4K burst of short packets occurs. When no burst of
short packets was being processed, no delay is added. These buffers
are only needed on high-speed interfaces where it is difficult to
process small packets at full line rate.
Packet rate requirements apply regardless of which network tier the
equipment is deployed in. Whether deployed in the network core or
near the network edges, one of the two conditions MUST be met if
Differentiated Services requirements are to be met:
1. Packets must be processed at full line rate with minimum-sized
packets. -OR-
2. Packets must be processed at a rate well under generally accepted
average packet sizes, with sufficient buffering prior to the
packet decision engine to accommodate long bursts of small
packets.
<span class="grey">Villamizar, et al. Informational [Page 22]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-23" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-2.4" href="#section-2.4">2.4</a>. MPLS Multipath Techniques</span>
In any large provider, service providers, and content providers,
hash-based multipath techniques are used in the core and in the edge.
In many of these providers, hash-based multipath is also used in the
larger metro networks.
For good reason, the Differentiated Services requirements dictate
that packets within a common microflow SHOULD NOT be reordered
[<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>]. Service providers generally impose stronger requirements,
commonly requiring that packets within a microflow MUST NOT be
reordered except in rare circumstances such as load balancing across
multiple links, path change for load balancing, or path change for
other reason.
The most common multipath techniques are ECMP applied at the IP
forwarding level, Ethernet Link Aggregation Group (LAG) with
inspection of the IP payload, and multipath on links carrying both IP
and MPLS, where the IP header is inspected below the MPLS label
stack. In most core networks, the vast majority of traffic is MPLS
encapsulated.
In order to support an adequately balanced load distribution across
multiple links, IP header information must be used. Common practice
today is to reinspect the IP headers at each LSR and use the label
stack and IP header information in a hash performed at each LSR.
Further details are provided in <a href="#section-2.4.5">Section 2.4.5</a>.
The use of this technique is so ubiquitous in provider networks that
lack of support for multipath makes any product unsuitable for use in
large core networks. This will continue to be the case in the near
future, even as deployment of the MPLS Entropy Label begins to relax
the core LSR multipath performance requirements given the existing
deployed base of edge equipment without the ability to add an Entropy
Label.
A generation of edge equipment supporting the ability to add an MPLS
Entropy Label is needed before the performance requirements for core
LSRs can be relaxed. However, it is likely that two generations of
deployment in the future will allow core LSRs to support full packet
rate only when a relatively small number of MPLS labels need to be
inspected before hashing. For now, don't count on it.
Common practice today is to reinspect the packet at each LSR and use
information from the packet combined with a hash seed that is
selected by each LSR. Where Flow Labels or Entropy Labels are used,
a hash seed must be used when creating these labels.
<span class="grey">Villamizar, et al. Informational [Page 23]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-24" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h4"><a class="selflink" id="section-2.4.1" href="#section-2.4.1">2.4.1</a>. Pseudowire Control Word</span>
Within the core of a network, some form of multipath is almost
certain to be used. Multipath techniques deployed today are likely
to be looking beneath the label stack for an opportunity to hash on
IP addresses.
A pseudowire encapsulated at a network edge must have a means to
prevent reordering within the core if the pseudowire will be crossing
a network core, or any part of a network topology where multipath is
used (see [<a href="./rfc4385" title=""Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN"">RFC4385</a>] and [<a href="./rfc4928" title=""Avoiding Equal Cost Multipath Treatment in MPLS Networks"">RFC4928</a>]).
Not supporting the ability to encapsulate a pseudowire with a Control
Word may lock a product out from consideration. A pseudowire
capability without Control Word support might be sufficient for
applications that are strictly both intra-metro and low bandwidth.
However, a provider with other applications will very likely not
tolerate having equipment that can only support a subset of their
pseudowire needs.
<span class="h4"><a class="selflink" id="section-2.4.2" href="#section-2.4.2">2.4.2</a>. Large Microflows</span>
Where multipath makes use of a simple hash and simple load balance
such as modulo or other fixed allocation (see <a href="#section-2.4">Section 2.4</a>), there can
be the presence of large microflows that each consume 10% of the
capacity of a component link of a potentially congested composite
link. One such microflow can upset the traffic balance, and more
than one can reduce the effective capacity of the entire composite
link by more than 10%.
When even a very small number of large microflows are present, there
is a significant probability that more than one of these large
microflows could fall on the same component link. If the traffic
contribution from large microflows is small, the probability for
three or more large microflows on the same component link drops
significantly. Therefore, in a network where a significant number of
parallel 10 Gb/s links exists, even a 1 Gb/s pseudowire or other
large microflow that could not otherwise be subdivided into smaller
flows should carry a Flow Label or Entropy Label if possible.
Active management of the hash space to better accommodate large
microflows has been implemented and deployed in the past; however,
such techniques are out of scope for this document.
<span class="grey">Villamizar, et al. Informational [Page 24]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-25" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h4"><a class="selflink" id="section-2.4.3" href="#section-2.4.3">2.4.3</a>. Pseudowire Flow Label</span>
Unlike a pseudowire Control Word, a pseudowire Flow Label [<a href="./rfc6391" title=""Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network"">RFC6391</a>]
is required only for pseudowires that have a relatively large
capacity. There are many cases where a pseudowire Flow Label makes
sense. Any service such as a VPN that carries IP traffic within a
pseudowire can make use of a pseudowire Flow Label.
Any pseudowire carried over MPLS that makes use of the pseudowire
Control Word and does not carry a Flow Label is in effect a single
microflow (in the terms defined in [<a href="./rfc2475" title=""An Architecture for Differentiated Services"">RFC2475</a>]) and may result in the
types of problems described in <a href="#section-2.4.2">Section 2.4.2</a>.
<span class="h4"><a class="selflink" id="section-2.4.4" href="#section-2.4.4">2.4.4</a>. MPLS Entropy Label</span>
The MPLS Entropy Label simplifies flow group identification [<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>]
at midpoint LSRs. Prior to the MPLS Entropy Label, midpoint LSRs
needed to inspect the entire label stack and often the IP headers to
provide an adequate distribution of traffic when using multipath
techniques (see <a href="#section-2.4.5">Section 2.4.5</a>). With the use of the MPLS Entropy
Label, a hash can be performed closer to network edges, placed in the
label stack, and used by midpoint LSRs without fully reinspecting the
label stack and inspecting the payload.
The MPLS Entropy Label is capable of avoiding full label stack and
payload inspection within the core where performance levels are most
difficult to achieve (see <a href="#section-2.3">Section 2.3</a>). The label stack inspection
can be terminated as soon as the first Entropy Label is encountered,
which is generally after a small number of labels are inspected.
In order to provide these benefits in the core, an LSR closer to the
edge must be capable of adding an Entropy Label. This support may
not be required in the access tier, the tier closest to the customer,
but is likely to be required in the edge or the border to the network
core. An LSR peering with external networks will also need to be
able to add an Entropy Label on incoming traffic.
<span class="h4"><a class="selflink" id="section-2.4.5" href="#section-2.4.5">2.4.5</a>. Fields Used for Multipath Load Balance</span>
The most common multipath techniques are based on a hash over a set
of fields. Regardless of whether a hash is used or some other method
is used, there is a limited set of fields that can safely be used for
multipath.
<span class="grey">Villamizar, et al. Informational [Page 25]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-26" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h5"><a class="selflink" id="section-2.4.5.1" href="#section-2.4.5.1">2.4.5.1</a>. MPLS Fields in Multipath</span>
If the "outer" or "first" layer of encapsulation is MPLS, then label
stack entries are used in the hash. Within a finite amount of time
(and for small packets arriving at high speed, that time can be quite
limited), only a finite number of label entries can be inspected.
Pipelined or parallel architectures improve this, but the limit is
still finite.
The following guidelines are provided for use of MPLS fields in
multipath load balancing.
1. Only the 20-bit label field SHOULD be used. The TTL field SHOULD
NOT be used. The S bit MUST NOT be used. The TC field (formerly
EXP) MUST NOT be used. See text following this list for reasons.
2. If an ELI label is found, then if the LSR supports Entropy
Labels, the EL label field in the next label entry (the EL)
SHOULD be used, label entries below that label SHOULD NOT be
used, and the MPLS payload SHOULD NOT be used. See below this
list for reasons.
3. Special-purpose labels (label values 0-15) MUST NOT be used.
Extended special-purpose labels (any label following label 15)
MUST NOT be used. In particular, GAL and RA MUST NOT be used so
that OAM traffic follows the same path as payload packets with
the same label stack.
4. If a new special-purpose label or extended special-purpose label
is defined that requires special load-balance processing, then,
as is the case for the ELI label, a special action may be needed
rather than skipping the special-purpose label or extended
special-purpose label.
5. The most entropy is generally found in the label stack entries
near the bottom of the label stack (innermost label, closest to
S=1 bit). If the entire label stack cannot be used (or entire
stack up to an EL), then it is better to use as many labels as
possible closest to the bottom of stack.
6. If no ELI is encountered, and the first nibble of payload
contains a 4 (IPv4) or 6 (IPv6), an implementation SHOULD support
the ability to interpret the payload as IPv4 or IPv6 and extract
and use appropriate fields from the IP headers. This feature is
considered a nonnegotiable requirement by many service providers.
If supported, there MUST be a way to disable it (if, for example,
PW without CW are used). This ability to disable this feature is
considered a nonnegotiable requirement by many service providers.
<span class="grey">Villamizar, et al. Informational [Page 26]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-27" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Therefore, an implementation has a very strong incentive to
support both options.
7. A label that is popped at egress (UHP pop) SHOULD NOT be used. A
label that is popped at the penultimate hop (PHP pop) SHOULD be
used.
Apparently, some chips have made use of the TC (formerly EXP) bits as
a source of entropy. This is very harmful since it will reorder
Assured Forwarding (AF) traffic [<a href="./rfc2597" title=""Assured Forwarding PHB Group"">RFC2597</a>] when a subset does not
conform to the configured rates and is remarked but not dropped at a
prior LSR. Traffic that uses MPLS ECN [<a href="./rfc5129" title=""Explicit Congestion Marking in MPLS"">RFC5129</a>] can also be
reordered if TC is used for entropy. Therefore, as stated in the
guidelines above, the TC field (formerly EXP) MUST NOT be used in
multipath load balancing as it violates Differentiated Services
Ordered Aggregate (OA) requirements in these two instances.
Use of the MPLS label entry S bit would result in putting OAM traffic
on a different path if the addition of a GAL at the bottom of stack
removed the S bit from the prior label.
If an ELI label is found, then if the LSR supports Entropy Labels,
the EL label field in the next label entry (the EL) SHOULD be used,
and the search for additional entropy within the packet SHOULD be
terminated. Failure to terminate the search will impact client MPLS-
TP LSPs carried within server MPLS LSPs. A network operator has the
option to use administrative attributes as a means to identify LSRs
that do not terminate the entropy search at the first EL.
Administrative attributes are defined in [<a href="./rfc3209" title=""RSVP-TE: Extensions to RSVP for LSP Tunnels"">RFC3209</a>]. Some
configuration is required to support this.
If the label removed by a PHP pop is not used, then for any PW for
which CW is used, there is no basis for multipath load split. In
some networks, it is infeasible to put all PW traffic on one
component link. Any PW that does not use CW will be improperly
split, regardless of whether the label removed by a PHP pop is used.
Therefore, the PHP pop label SHOULD be used as recommended above.
<span class="h5"><a class="selflink" id="section-2.4.5.2" href="#section-2.4.5.2">2.4.5.2</a>. IP Fields in Multipath</span>
Inspecting the IP payload provides the most entropy in provider
networks. The practice of looking past the bottom of stack label for
an IP payload is well accepted and documented in [<a href="./rfc4928" title=""Avoiding Equal Cost Multipath Treatment in MPLS Networks"">RFC4928</a>] and in
other RFCs.
Where IP is mentioned in the document, both IPv4 and IPv6 apply. All
LSRs MUST fully support IPv6.
<span class="grey">Villamizar, et al. Informational [Page 27]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-28" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
When information in the IP header is used, the following guidelines
apply:
1. Both the IP source address and IP destination address SHOULD be
used. There MAY be an option to reverse the order of these
addresses, improving the ability to provide symmetric paths in
some cases. Many service providers require that both addresses
be used.
2. Implementations SHOULD allow inspection of the IP protocol field
and use of the UDP or TCP port numbers. For many service
providers, this feature is considered mandatory, particularly for
enterprise, data center, or edge equipment. If this feature is
provided, it SHOULD be possible to disable use of TCP and UDP
ports. Many service providers consider it a nonnegotiable
requirement that use of UDP and TCP ports can be disabled.
Therefore, there is a strong incentive for implementations to
provide both options.
3. Equipment suppliers MUST NOT make assumptions that because the IP
version field is equal to 4 (an IPv4 packet) that the IP protocol
will either be TCP (IP protocol 6) or UDP (IP protocol 17) and
blindly fetch the data at the offset where the TCP or UDP ports
would be found. With IPv6, TCP and UDP port numbers are not at
fixed offsets. With IPv4 packets carrying IP options, TCP and
UDP port numbers are not at fixed offsets.
4. The IPv6 header flow field SHOULD be used. This is the explicit
purpose of the IPv6 flow field; however, observed flow fields
rarely contain a non-zero value. Some uses of the flow field
have been defined, such as [<a href="./rfc6438" title=""Using the IPv6 Flow Label for Equal Cost Multipath Routing and Link Aggregation in Tunnels"">RFC6438</a>]. In the absence of MPLS
encapsulation, the IPv6 flow field can serve a role equivalent to
the Entropy Label.
5. Support for other protocols that share a common Layer 4 header
such as RTP [<a href="./rfc3550" title=""RTP: A Transport Protocol for Real-Time Applications"">RFC3550</a>], UDP-Lite [<a href="./rfc3828" title=""The Lightweight User Datagram Protocol (UDP-Lite)"">RFC3828</a>], SCTP [<a href="./rfc4960" title=""Stream Control Transmission Protocol"">RFC4960</a>], and
DCCP [<a href="./rfc4340" title=""Datagram Congestion Control Protocol (DCCP)"">RFC4340</a>] SHOULD be provided, particularly for edge or
access equipment where additional entropy may be needed.
Equipment SHOULD also use RTP, UDP-lite, SCTP, and DCCP headers
when creating an Entropy Label.
6. The following IP header fields should not or must not be used:
A. Similar to avoiding TC in MPLS, the IP DSCP, and ECN bits
MUST NOT be used.
B. The IPv4 TTL or IPv6 Hop Count SHOULD NOT be used.
<span class="grey">Villamizar, et al. Informational [Page 28]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-29" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
C. Note that the IP TOS field was deprecated. ([<a href="./rfc0791" title=""Internet Protocol"">RFC0791</a>] was
updated by [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>].) No part of the IP DSCP field can be
used (formerly IP PREC and IP TOS bits).
7. Some IP encapsulations support tunneling, such as IP-in-IP, GRE,
L2TPv3, and IPsec. These provide a greater source of entropy
that some provider networks carrying large amounts of tunneled
traffic may need, for example, as used in [<a href="./rfc5640" title=""Load- Balancing for Mesh Softwires"">RFC5640</a>] for GRE and
L2TPv3. The use of tunneling header information is out of scope
for this document.
This document makes the following recommendations. These
recommendations are not required to claim compliance to any existing
RFC; therefore, implementers are free to ignore them, but due to
service provider requirements should consider the risk of doing so.
The use of IP addresses MUST be supported, and TCP and UDP ports
(conditional on the protocol field and properly located) MUST be
supported. The ability to disable use of UDP and TCP ports MUST be
available.
Though potentially very useful in some networks, it is uncommon to
support using payloads of tunneling protocols carried over IP.
Though the use of tunneling protocol header information is out of
scope for this document, it is not discouraged.
<span class="h5"><a class="selflink" id="section-2.4.5.3" href="#section-2.4.5.3">2.4.5.3</a>. Fields Used in Flow Label</span>
The ingress to a pseudowire (PW) can extract information from the
payload being encapsulated to create a Flow Label. [<a href="./rfc6391" title=""Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network"">RFC6391</a>]
references IP carried in Ethernet as an example. The Native Service
Processing (NSP) function defined in [<a href="./rfc3985" title=""Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture"">RFC3985</a>] differs with
pseudowire type. It is in the NSP function where information for a
specific type of PW can be extracted for use in a Flow Label.
Determining which fields to use for any given PW NSP is out of scope
for this document.
<span class="h5"><a class="selflink" id="section-2.4.5.4" href="#section-2.4.5.4">2.4.5.4</a>. Fields Used in Entropy Label</span>
An Entropy Label is added at the ingress to an LSP. The payload
being encapsulated is most often MPLS, a PW, or IP. The payload type
is identified by the Layer 2 encapsulation (Ethernet, GFP, POS,
etc.).
If the payload is MPLS, then the information used to create an
Entropy Label is the same information used for local load balancing
(see <a href="#section-2.4.5.1">Section 2.4.5.1</a>). This information MUST be extracted for use in
generating an Entropy Label even if the LSR local egress interface is
not a multipath.
<span class="grey">Villamizar, et al. Informational [Page 29]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-30" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Of the non-MPLS payload types, only payloads that are forwarded are
of interest. For example, payloads using the Address Resolution
Protocol (ARP) are not forwarded, and payloads using the
Connectionless-mode Network Protocol (CLNP), which is used only for
IS-IS, are not forwarded.
The non-MPLS payload types of greatest interest are IPv4 and IPv6.
The guidelines in <a href="#section-2.4.5.2">Section 2.4.5.2</a> apply to fields used to create an
Entropy Label.
The IP tunneling protocols mentioned in <a href="#section-2.4.5.2">Section 2.4.5.2</a> may be more
applicable to generation of an Entropy Label at the edge or access
where deep packet inspection is practical due to lower interface
speeds than in the core where deep packet inspection may be
impractical.
<span class="h3"><a class="selflink" id="section-2.5" href="#section-2.5">2.5</a>. MPLS-TP and UHP</span>
MPLS-TP introduces forwarding demands that will be extremely
difficult to meet in a core network. Most troublesome is the
requirement for Ultimate Hop Popping (UHP), the opposite of
Penultimate Hop Popping (PHP). Using UHP opens the possibility of
one or more MPLS pop operations plus an MPLS swap operation for each
packet. The potential for multiple lookups and multiple counter
instances per packet exists.
As networks grow and tunneling of LDP LSPs into RSVP-TE LSPs is used,
and/or RSVP-TE hierarchy is used, the requirement to perform one or
more MPLS pop operations plus an MPLS swap operation (and possibly a
push or two) increases. If MPLS-TP LM (link monitoring) OAM is
enabled at each layer, then a packet and byte count MUST be
maintained for each pop and swap operation so as to offer OAM for
each layer.
<span class="h3"><a class="selflink" id="section-2.6" href="#section-2.6">2.6</a>. Local Delivery of Packets</span>
There are a number of situations in which packets are destined to a
local address or where a return packet must be generated. There is a
need to mitigate the potential for outage as a result of either
attacks on network infrastructure, or in some cases unintentional
misconfiguration resulting in processor overload. Some hardware
assistance is needed for all traffic destined to the general-purpose
CPU that is used in processing of the MPLS control protocol or the
network management protocol and in most cases to other general-
purpose CPUs residing on an LSR. This is due to the ease of
overwhelming such a processor with traffic arriving on LSR high-speed
interfaces, whether the traffic is malicious or not.
<span class="grey">Villamizar, et al. Informational [Page 30]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-31" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Denial of service (DoS) protection is an area requiring hardware
support that is often overlooked or inadequately considered.
Hardware assists are also needed for OAM, particularly the more
demanding MPLS-TP OAM.
<span class="h4"><a class="selflink" id="section-2.6.1" href="#section-2.6.1">2.6.1</a>. DoS Protection</span>
Modern equipment supports a number of control-plane and management-
plane protocols. Generally, no single means of protecting network
equipment from DoS attacks is sufficient, particularly for high-speed
interfaces. This problem is not specific to MPLS but is a topic that
cannot be ignored when implementing or evaluating MPLS
implementations.
Two types of protections are often cited as the primary means of
protecting against attacks of all kinds.
Isolated Control/Management Traffic
Control and management traffic can be carried out-of-band (OOB),
meaning not intermixed with payload. For MPLS, use of G-ACh and
GAL to carry control and management traffic provides a means of
isolation from potentially malicious payloads. Used alone, the
compromise of a single node, including a small computer at a
network operations center, could compromise an entire network.
Implementations that send all G-ACh/GAL traffic directly to a
routing engine CPU are subject to DoS attack as a result of such
a compromise.
Cryptographic Authentication
Cryptographic authentication can very effectively prevent
malicious injection of control or management traffic.
Cryptographic authentication can in some circumstances be subject
to DoS attack by overwhelming the capacity of the decryption with
a high volume of malicious traffic. For very-low-speed
interfaces, cryptographic authentication can be performed by the
general-purpose CPU used as a routing engine. For all other
cases, cryptographic hardware may be needed. For very-high-speed
interfaces, even cryptographic hardware can be overwhelmed.
Some control and management protocols are often carried with payload
traffic. This is commonly the case with BGP, T-LDP, and SNMP. It is
often the case with RSVP-TE. Even when carried over G-ACh/GAL,
additional measures can reduce the potential for a minor breach to be
leveraged to a full network attack.
Some of the additional protections are supported by hardware packet
filtering.
<span class="grey">Villamizar, et al. Informational [Page 31]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-32" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
GTSM
[<a href="./rfc5082" title=""The Generalized TTL Security Mechanism (GTSM)"">RFC5082</a>] defines a mechanism that uses the IPv4 TTL or IPv6 Hop
Limit fields to ensure control traffic that can only originate
from an immediate neighbor is not forged and is not originating
from a distant source. GTSM can be applied to many control
protocols that are routable, for example, LDP [<a href="./rfc6720" title=""The Generalized TTL Security Mechanism (GTSM) for the Label Distribution Protocol (LDP)"">RFC6720</a>].
IP Filtering
At the very minimum, packet filtering plus classification and use
of multiple queues supporting rate limiting is needed for traffic
that could potentially be sent to a general-purpose CPU used as a
routing engine. The first level of filtering only allows
connections to be initiated from specific IP prefixes to specific
destination ports and then preferably passes traffic directly to
a cryptographic engine and/or rate limits. The second level of
filtering passes connected traffic, such as TCP connections
having received at least one authenticated SYN or having been
locally initiated. The second level of filtering only passes
traffic to specific address and port pairs to be checked for
cryptographic authentication.
The cryptographic authentication is generally the last resort in DoS
attack mitigation. If a packet must be first sent to a general-
purpose CPU, then sent to a cryptographic engine, a DoS attack is
possible on high-speed interfaces. Only where hardware can fully
process a cryptographic authentication without intervention from a
general-purpose CPU (to find the authentication field and to identify
the portion of packet to run the cryptographic algorithm over) is
cryptographic authentication beneficial in protecting against DoS
attacks.
For chips supporting multiple 100 Gb/s interfaces, only a very large
number of parallel cryptographic engines can provide the processing
capacity to handle a large-scale DoS or distributed DoS (DDoS)
attack. For many forwarding chips, this much processing power
requires significant chip real estate and power, and therefore
reduces system space and power density. For this reason,
cryptographic authentication is not considered a viable first line of
defense.
For some networks, the first line of defense is some means of
supporting OOB control and management traffic. In the past, this OOB
channel might make use of overhead bits in SONET or OTN or a
dedicated DWDM wavelength. G-ACh and GAL provide an alternative OOB
mechanism that is independent of underlying layers. In other
networks, including most IP/MPLS networks, perimeter filtering serves
a similar purpose, though it is less effective without extreme
vigilance.
<span class="grey">Villamizar, et al. Informational [Page 32]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-33" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
A second line of defense is filtering, including GTSM. For protocols
such as EBGP, GTSM and other filtering are often the first line of
defense. Cryptographic authentication is usually the last line of
defense and insufficient by itself to mitigate DoS or DDoS attacks.
<span class="h4"><a class="selflink" id="section-2.6.2" href="#section-2.6.2">2.6.2</a>. MPLS OAM</span>
[<a id="ref-RFC4377">RFC4377</a>] defines requirements for MPLS OAM that predate MPLS-TP.
[<a href="./rfc4379" title=""Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures"">RFC4379</a>] defines what is commonly referred to as LSP Ping and LSP
Traceroute. [<a href="./rfc4379" title=""Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures"">RFC4379</a>] is updated by [<a href="./rfc6424" title=""Mechanism for Performing Label Switched Path Ping (LSP Ping) over MPLS Tunnels"">RFC6424</a>], which supports MPLS
tunnels and stitched LSP and P2MP LSP. [<a href="./rfc4379" title=""Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures"">RFC4379</a>] is updated by
[<a href="./rfc6425" title=""Detecting Data-Plane Failures in Point-to-Multipoint MPLS - Extensions to LSP Ping"">RFC6425</a>], which supports P2MP LSP. [<a href="./rfc4379" title=""Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures"">RFC4379</a>] is updated by
[<a href="./rfc6426" title=""MPLS On-Demand Connectivity Verification and Route Tracing"">RFC6426</a>] to support MPLS-TP connectivity verification (CV) and route
tracing.
[<a id="ref-RFC4950">RFC4950</a>] extends the ICMP format to support TTL expiration that may
occur when using IP Traceroute within an MPLS tunnel. The ICMP
message generation can be implemented in forwarding hardware, but if
the ICMP packets are sent to a general-purpose CPU, this packet flow
must be rate limited to avoid a potential DoS attack.
[<a id="ref-RFC5880">RFC5880</a>] defines Bidirectional Forwarding Detection (BFD), a
protocol intended to detect faults in the bidirectional path between
two forwarding engines. [<a href="./rfc5884" title=""Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)"">RFC5884</a>] and [<a href="./rfc5885" title=""Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)"">RFC5885</a>] define BFD for MPLS.
BFD can provide failure detection on any kind of path between
systems, including direct physical links, virtual circuits, tunnels,
MPLS Label Switched Paths (LSPs), multihop routed paths, and
unidirectional links as long as there is some return path.
The processing requirements for BFD are less than for LSP Ping,
making BFD somewhat better suited for relatively high-rate proactive
monitoring. BFD does not verify that the data plane matches the
control plane, where LSP Ping does. LSP Ping is somewhat better
suited for on-demand monitoring including relatively low-rate
periodic verification of the data plane and as a diagnostic tool.
Hardware assistance is often provided for BFD response where BFD
setup or parameter change is not involved and may be necessary for
relatively high-rate proactive monitoring. If both BFD and LSP Ping
are recognized in filtering prior to passing traffic to a general-
purpose CPU, appropriate DoS protection can be applied (see
<a href="#section-2.6.1">Section 2.6.1</a>). Failure to recognize BFD and LSP Ping and at least
to rate limit creates the potential for misconfiguration to cause
outages rather than cause errors in the misconfigured OAM.
<span class="grey">Villamizar, et al. Informational [Page 33]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-34" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h4"><a class="selflink" id="section-2.6.3" href="#section-2.6.3">2.6.3</a>. Pseudowire OAM</span>
Pseudowire OAM makes use of the control channel provided by Virtual
Circuit Connectivity Verification (VCCV) [<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>]. VCCV makes use
of the pseudowire Control Word. BFD support over VCCV is defined by
[<a href="./rfc5885" title=""Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)"">RFC5885</a>]. [<a href="./rfc5885" title=""Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)"">RFC5885</a>] is updated by [<a href="./rfc6478" title=""Pseudowire Status for Static Pseudowires"">RFC6478</a>] in support of static
pseudowires. [<a href="./rfc4379" title=""Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures"">RFC4379</a>] is updated by [<a href="./rfc6829" title=""Label Switched Path (LSP) Ping for Pseudowire Forwarding Equivalence Classes (FECs) Advertised over IPv6"">RFC6829</a>] to support LSP Ping
for Pseudowire FEC advertised over IPv6.
G-ACh/GAL (defined in [<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>]) is the preferred MPLS-TP OAM control
channel and applies to any MPLS-TP endpoints, including pseudowire.
See <a href="#section-2.6.4">Section 2.6.4</a> for an overview of MPLS-TP OAM.
<span class="h4"><a class="selflink" id="section-2.6.4" href="#section-2.6.4">2.6.4</a>. MPLS-TP OAM</span>
[<a id="ref-RFC6669">RFC6669</a>] summarizes the MPLS-TP OAM toolset, the set of protocols
supporting the MPLS-TP OAM requirements specified in [<a href="./rfc5860" title=""Requirements for Operations, Administration, and Maintenance (OAM) in MPLS Transport Networks"">RFC5860</a>] and
supported by the MPLS-TP OAM framework defined in [<a href="./rfc6371" title=""Operations, Administration, and Maintenance Framework for MPLS-Based Transport Networks"">RFC6371</a>].
The MPLS-TP OAM toolset includes:
CC-CV
[<a href="./rfc6428" title=""Proactive Connectivity Verification, Continuity Check, and Remote Defect Indication for the MPLS Transport Profile"">RFC6428</a>] defines BFD extensions to support proactive Continuity
Check and Connectivity Verification (CC-CV) applications.
[<a href="./rfc6426" title=""MPLS On-Demand Connectivity Verification and Route Tracing"">RFC6426</a>] provides LSP Ping extensions that are used to implement
on-demand connectivity verification.
RDI
Remote Defect Indication (RDI) is triggered by failure of
proactive CC-CV, which is BFD based. For fast RDI, RDI SHOULD be
initiated and handled by hardware if BFD is handled in forwarding
hardware. [<a href="./rfc6428" title=""Proactive Connectivity Verification, Continuity Check, and Remote Defect Indication for the MPLS Transport Profile"">RFC6428</a>] provides an extension for BFD that includes
the RDI in the BFD format and a specification of how this
indication is to be used.
Route Tracing
[<a href="./rfc6426" title=""MPLS On-Demand Connectivity Verification and Route Tracing"">RFC6426</a>] specifies that the LSP Ping enhancements for MPLS-TP
on-demand connectivity verification include information on the
use of LSP Ping for route tracing of an MPLS-TP path.
Alarm Reporting
[<a href="./rfc6427" title=""MPLS Fault Management Operations, Administration, and Maintenance (OAM)"">RFC6427</a>] describes the details of a new protocol supporting
Alarm Indication Signal (AIS), Link Down Indication (LDI), and
fault management. Failure to support this functionality in
forwarding hardware can potentially result in failure to meet
protection recovery time requirements; therefore, support of this
functionality is strongly recommended.
<span class="grey">Villamizar, et al. Informational [Page 34]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-35" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Lock Instruct
Lock instruct is initiated on demand and therefore need not be
implemented in forwarding hardware. [<a href="./rfc6435" title=""MPLS Transport Profile Lock Instruct and Loopback Functions"">RFC6435</a>] defines a lock
instruct protocol.
Lock Reporting
[<a href="./rfc6427" title=""MPLS Fault Management Operations, Administration, and Maintenance (OAM)"">RFC6427</a>] covers lock reporting. Lock reporting need not be
implemented in forwarding hardware.
Diagnostic
[<a href="./rfc6435" title=""MPLS Transport Profile Lock Instruct and Loopback Functions"">RFC6435</a>] defines protocol support for loopback. Loopback
initiation is on demand and therefore need not be implemented in
forwarding hardware. Loopback of packet traffic SHOULD be
implemented in forwarding hardware on high-speed interfaces.
Packet Loss and Delay Measurement
[<a href="./rfc6374" title=""Packet Loss and Delay Measurement for MPLS Networks"">RFC6374</a>] and [<a href="./rfc6375" title=""A Packet Loss and Delay Measurement Profile for MPLS-Based Transport Networks"">RFC6375</a>] define a protocol and profile for Packet
Loss Measurement (LM) and Delay Measurement (DM). LM requires a
very accurate capture and insertion of packet and byte counters
when a packet is transmitted and capture of packet and byte
counters when a packet is received. This capture and insertion
MUST be implemented in forwarding hardware for LM OAM if high
accuracy is needed. DM requires very accurate capture and
insertion of a timestamp on transmission and capture of timestamp
when a packet is received. This timestamp capture and insertion
MUST be implemented in forwarding hardware for DM OAM if high
accuracy is needed.
See <a href="#section-2.6.2">Section 2.6.2</a> for discussion of hardware support necessary for
BFD and LSP Ping.
CC-CV and alarm reporting is tied to protection and therefore SHOULD
be supported in forwarding hardware in order to provide protection
for a large number of affected LSPs within target response intervals.
When using MPLS-TP, since CC-CV is supported by BFD, providing
hardware assistance for BFD processing helps ensure that protection
recovery time requirements can be met even for faults affecting a
large number of LSPs.
MPLS-TP Protection State Coordination (PSC) is defined by [<a href="./rfc6378" title=""MPLS Transport Profile (MPLS-TP) Linear Protection"">RFC6378</a>]
and updated by [<a href="./rfc7324" title=""Updates to MPLS Transport Profile Linear Protection"">RFC7324</a>], which corrects some errors in [<a href="./rfc6378" title=""MPLS Transport Profile (MPLS-TP) Linear Protection"">RFC6378</a>].
<span class="h4"><a class="selflink" id="section-2.6.5" href="#section-2.6.5">2.6.5</a>. MPLS OAM and Layer 2 OAM Interworking</span>
[<a id="ref-RFC6670">RFC6670</a>] provides the reasons for selecting a single MPLS-TP OAM
solution and examines the consequences were ITU-T to develop a second
OAM solution that is based on Ethernet encodings and mechanisms.
<span class="grey">Villamizar, et al. Informational [Page 35]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-36" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC6310">RFC6310</a>] and [<a href="./rfc7023" title=""MPLS and Ethernet Operations, Administration, and Maintenance (OAM) Interworking"">RFC7023</a>] specify the mapping of defect states between
many types of hardware Attachment Circuits (ACs) and associated
pseudowires (PWs). This functionality SHOULD be supported in
forwarding hardware.
It is beneficial if an MPLS OAM implementation can interwork with the
underlying server layer and provide a means to interwork with a
client layer. For example, [<a href="./rfc6427" title=""MPLS Fault Management Operations, Administration, and Maintenance (OAM)"">RFC6427</a>] specifies an inter-layer
propagation of AIS and LDI from MPLS server layer to client MPLS
layers. Where the server layer uses a Layer 2 mechanism, such as
Ethernet, PPP over SONET/SDH, or GFP over OTN, interwork among layers
is also beneficial. For high-speed interfaces, supporting this
interworking in forwarding hardware helps ensure that protection
based on this interworking can meet recovery time requirements even
for faults affecting a large number of LSPs.
<span class="h4"><a class="selflink" id="section-2.6.6" href="#section-2.6.6">2.6.6</a>. Extent of OAM Support by Hardware</span>
Where certain requirements must be met, such as relatively high CC-CV
rates and a large number of interfaces, or strict protection recovery
time requirements and a moderate number of affected LSPs, some OAM
functionality must be supported by forwarding hardware. In other
cases, such as highly accurate LM and DM OAM or strict protection
recovery time requirements with a large number of affected LSPs, OAM
functionality must be entirely implemented in forwarding hardware.
Where possible, implementation in forwarding hardware should be in
programmable hardware such that if standards are later changed or
extended these changes are likely to be accommodated with hardware
reprogramming rather than replacement.
For some functionality, there is a strong case for an implementation
in dedicated forwarding hardware. Examples include packet and byte
counters needed for LM OAM as well as needed for management
protocols. Similarly, the capture and insertion of packet and byte
counts or timestamps needed for transmitted LM or DM or time
synchronization packets MUST be implemented in forwarding hardware if
high accuracy is required.
For some functions, there is a strong case to provide limited support
in forwarding hardware, but an external general-purpose processor may
be used if performance criteria can be met. For example, origination
of RDI triggered by CC-CV, response to RDI, and Protection State
Coordination (PSC) functionality may be supported by hardware, but
expansion to a large number of client LSPs and transmission of AIS or
RDI to the client LSPs may occur in a general-purpose processor.
Some forwarding hardware supports one or more on-chip general-purpose
processors that may be well suited for such a role. [<a href="./rfc7324" title=""Updates to MPLS Transport Profile Linear Protection"">RFC7324</a>], being
<span class="grey">Villamizar, et al. Informational [Page 36]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-37" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
a very recent document that affects a protection state machine that
requires hardware support, underscores the importance of having a
degree of programmability in forwarding hardware.
The customer (system supplier or provider) should not dictate design,
but should independently validate target functionality and
performance. However, it is not uncommon for service providers and
system implementers to insist on reviewing design details (under a
non-disclosure agreement) due to past experiences with suppliers and
to reject suppliers who are unwilling to provide details.
<span class="h4"><a class="selflink" id="section-2.6.7" href="#section-2.6.7">2.6.7</a>. Support for IPFIX in Hardware</span>
The IPFIX architecture is defined by [<a href="./rfc5470" title=""Architecture for IP Flow Information Export"">RFC5470</a>]. IPFIX supports per-
flow statistics. IPFIX information elements (IEs) are defined in
[<a href="./rfc7012" title=""Information Model for IP Flow Information Export (IPFIX)"">RFC7012</a>] and include IEs for MPLS.
The forwarding chips used in core routers are not optimized for high-
touch applications like IPFIX. Often, support for IPFIX in core
routers is limited to optional IPFIX metering, which involves a
1-in-N packet sampling, limited filtering support, and redirection to
either an internal CPU or an external interface. The CPU or device
at the other end of the external interface then implements the full
IPFIX filtering and IPFIX collector functionality.
LSRs that are intended to be deployed further from the core may
support lower-capacity interfaces but support higher-touch
applications on the forwarding hardware and may provide dedicated
hardware to support a greater subset of IPFIX functionality before
handing off to a general-purpose CPU. In some cases, far from the
core the entire IPFIX functionality up to and including the collector
may be implemented in hardware and firmware in the forwarding
silicon. It is also worth noting that at lower speeds a general-
purpose CPU may become adequate to implement IPFIX, particularly if
metering is used.
<span class="h3"><a class="selflink" id="section-2.7" href="#section-2.7">2.7</a>. Number and Size of Flows</span>
Service provider networks may carry up to hundreds of millions of
flows on 10 Gb/s links. Most flows are very short lived, many under
a second. A subset of the flows are low capacity and somewhat long
lived. When Internet traffic dominates capacity, a very small subset
of flows are high capacity and/or very long lived.
<span class="grey">Villamizar, et al. Informational [Page 37]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-38" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Two types of limitations with regard to number and size of flows have
been observed.
1. Some hardware cannot handle some high-capacity flows because of
internal paths that are limited, such as per-packet backplane
paths or paths internal or external to chips such as buffer
memory paths. Such designs can handle aggregates of smaller
flows. Some hardware with acknowledged limitations has been
successfully deployed but may be increasingly problematic if the
capacity of large microflows in deployed networks continues to
grow.
2. Some hardware approaches cannot handle a large number of flows,
or a large number of large flows, due to attempting to count per
flow, rather than deal with aggregates of flows. Hash techniques
scale with regard to number of flows due to a fixed hash size
with many flows falling into the same hash bucket. Techniques
that identify individual flows have been implemented but have
never successfully deployed for Internet traffic.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Questions for Suppliers</span>
The following questions should be asked of a supplier. These
questions are grouped into broad categories and are intended to be
open-ended questions to the supplier. The tests in <a href="#section-4">Section 4</a> are
intended to verify whether the supplier disclosed any compliance or
performance limitations completely and accurately.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Basic Compliance</span>
Q#1 Can the implementation forward packets with an arbitrarily
large stack depth? What limitations exist, and under what
circumstances do further limitations come into play (such as
high packet rate or specific features enabled or specific types
of packet processing)? See <a href="#section-2.1">Section 2.1</a>.
Q#2 Is the entire set of basic MPLS functionality described in
<a href="#section-2.1">Section 2.1</a> supported?
Q#3 Is the set of MPLS special-purpose labels handled correctly and
with adequate performance? Are extended special-purpose labels
handled correctly and with adequate performance? See
<a href="#section-2.1.1">Section 2.1.1</a>.
Q#4 Are mappings of label value and TC to PHB handled correctly,
including L-LSP mappings (<a href="./rfc3270">RFC 3270</a>) and CT mappings (<a href="./rfc4124">RFC 4124</a>)
to PHB? See <a href="#section-2.1.2">Section 2.1.2</a>.
<span class="grey">Villamizar, et al. Informational [Page 38]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-39" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Q#5 Is time synchronization adequately supported in forwarding
hardware?
A. Are both PTP and NTP formats supported?
B. Is the accuracy of timestamp insertion and incoming
stamping sufficient?
See <a href="#section-2.1.3">Section 2.1.3</a>.
Q#6 Is link bundling supported?
A. Can an LSP be pinned to specific components?
B. Is the "all-ones" component link supported?
See <a href="#section-2.1.5">Section 2.1.5</a>.
Q#7 Is MPLS hierarchy supported?
A. Are both PHP and UHP supported? What limitations exist on
the number of pop operations with UHP?
B. Are the pipe, short-pipe, and uniform models supported?
Are TTL and TC values updated correctly at egress where
applicable?
See <a href="#section-2.1.6">Section 2.1.6</a> regarding MPLS hierarchy. See [<a href="./rfc3443" title=""Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks"">RFC3443</a>]
regarding PHP, UHP, and pipe, short-pipe, and uniform models.
Q#8 Is FRR supported?
A. Are both "One-to-One Backup" and "Facility Backup"
supported?
B. What forms of IP/LDP FRR are supported?
C. How quickly does protection recovery occur?
D. Does protection recovery speed increase when a fault
affects a large number of protected LSPs? And if so, by
how much?
See <a href="#section-2.1.7">Section 2.1.7</a>.
Q#9 Are pseudowire Sequence Numbers handled correctly? See
<a href="#section-2.1.8.1">Section 2.1.8.1</a>.
<span class="grey">Villamizar, et al. Informational [Page 39]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-40" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Q#10 Is VPN LER functionality handled correctly and without
performance issues? See <a href="#section-2.1.9">Section 2.1.9</a>.
Q#11 Is MPLS multicast (P2MP and MP2MP) handled correctly?
A. Are packets dropped on uncongested outputs if some outputs
are congested?
B. Is performance limited in high-fanout situations?
See <a href="#section-2.2">Section 2.2</a>.
<span class="h3"><a class="selflink" id="section-3.2" href="#section-3.2">3.2</a>. Basic Performance</span>
Q#12 Can very small packets be forwarded at full line rate on all
interfaces indefinitely? What limitations exist? And under
what circumstances do further limitations come into play (such
as specific features enabled or specific types of packet
processing)?
Q#13 Customers must decide whether to relax the prior requirement and
to what extent. If the answer to the prior question indicates
that limitations exist, then:
A. What is the smallest packet size where full line rate
forwarding can be supported?
B. What is the longest burst of full-rate small packets that
can be supported?
Specify circumstances (such as specific features enabled or
specific types of packet processing) that often impact these
rates and burst sizes.
Q#14 How many pop operations can be supported along with a swap
operation at full line rate while maintaining per-LSP packet and
byte counts for each pop and swap? This requirement is
particularly relevant for MPLS-TP.
Q#15 How many label push operations can be supported. While this
limitation is rarely an issue, it applies to both PHP and UHP,
unlike the pop limit that applies to UHP.
Q#16 For a worst case where all packets arrive on one LSP, what is
the counter overflow time? Are any means provided to avoid
polling all counters at short intervals? This applies to both
MPLS and MPLS-TP.
<span class="grey">Villamizar, et al. Informational [Page 40]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-41" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-3.3" href="#section-3.3">3.3</a>. Multipath Capabilities and Performance</span>
Multipath capabilities and performance do not apply to MPLS-TP, but
they apply to MPLS and apply if MPLS-TP is carried in MPLS.
Q#17 How are large microflows accommodated? Is there active
management of the hash space mapping to output ports? See
<a href="#section-2.4.2">Section 2.4.2</a>.
Q#18 How many MPLS labels can be included in a hash based on the MPLS
label stack?
Q#19 Is packet rate performance decreased beyond some number of
labels?
Q#20 Can the IP header and payload information below the MPLS stack
be used in the hash? If so, which IP fields, payload types, and
payload fields are supported?
Q#21 At what maximum MPLS label stack depth can Bottom of Stack and
an IP header appear without impacting packet rate performance?
Q#22 Are special-purpose labels excluded from the label stack hash?
Are extended special-purpose labels excluded from the label
stack hash? See <a href="#section-2.4.5.1">Section 2.4.5.1</a>.
Q#23 How is multipath performance affected by high-capacity flows, an
extremely large number of flows, or very short-lived flows? See
<a href="#section-2.7">Section 2.7</a>.
<span class="h3"><a class="selflink" id="section-3.4" href="#section-3.4">3.4</a>. Pseudowire Capabilities and Performance</span>
Q#24 Is the pseudowire Control Word supported?
Q#25 What is the maximum rate of pseudowire encapsulation and
decapsulation? Apply the same questions as in <a href="#section-3.2">Section 3.2</a>
("Basic Performance") for any packet-based pseudowire, such as
IP VPN or Ethernet.
Q#26 Does inclusion of a pseudowire Control Word impact performance?
Q#27 Are Flow Labels supported?
Q#28 If so, what fields are hashed on for the Flow Label for
different types of pseudowires?
Q#29 Does inclusion of a Flow Label impact performance?
<span class="grey">Villamizar, et al. Informational [Page 41]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-42" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-3.5" href="#section-3.5">3.5</a>. Entropy Label Support and Performance</span>
Q#30 Can an Entropy Label be added when acting as an ingress LER, and
can it be removed when acting as an egress LER?
Q#31 If an Entropy Label can be added, what fields are hashed on for
the Entropy Label?
Q#32 Does adding or removing an Entropy Label impact packet rate
performance?
Q#33 Can an Entropy Label be detected in the label stack, used in the
hash, and properly terminate the search for further information
to hash on?
Q#34 Does using an Entropy Label have any negative impact on
performance? It should have no impact or a positive impact.
<span class="h3"><a class="selflink" id="section-3.6" href="#section-3.6">3.6</a>. DoS Protection</span>
Q#35 For each control- and management-plane protocol in use, what
measures are taken to provide DoS attack hardening?
Q#36 Have DoS attack tests been performed?
Q#37 Can compromise of an internal computer on a management subnet be
leveraged for any form of attack including DoS attack?
<span class="h3"><a class="selflink" id="section-3.7" href="#section-3.7">3.7</a>. OAM Capabilities and Performance</span>
Q#38 What OAM proactive and on-demand mechanisms are supported?
Q#39 What performance limits exist under high proactive monitoring
rates?
Q#40 Can excessively high proactive monitoring rates impact control-
plane performance or cause control-plane instability?
Q#41 Ask the prior questions for each of the following.
A. MPLS OAM
B. Pseudowire OAM
C. MPLS-TP OAM
<span class="grey">Villamizar, et al. Informational [Page 42]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-43" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
D. Layer 2 OAM Interworking
See <a href="#section-2.6">Section 2.6</a>.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Forwarding Compliance and Performance Testing</span>
Packet rate performance of equipment supporting a large number of 10
Gb/s or 100 Gb/s links is not possible using desktop computers or
workstations. The use of high-end workstations as a source of test
traffic was barely viable 20 years ago but is no longer at all
viable. Though custom microcode has been used on specialized router
forwarding cards to serve the purpose of generating test traffic and
measuring it, for the most part, performance testing will require
specialized test equipment. There are multiple sources of suitable
equipment.
The set of tests listed here do not correspond one-to-one to the set
of questions in <a href="#section-3">Section 3</a>. The same categorization is used, and
these tests largely serve to validate answers provided to the prior
questions. They can also provide answers where a supplier is
unwilling to disclose compliance or performance.
Performance testing is the domain of the IETF Benchmark Methodology
Working Group (BMWG). Below are brief descriptions of conformance
and performance tests. Some very basic tests, specified in
[<a href="./rfc5695" title=""MPLS Forwarding Benchmarking Methodology for IP Flows"">RFC5695</a>], partially cover only the basic performance test T#3.
The following tests should be performed by the systems designer or
deployer; or, if it is not practical for the potential customer to
perform the tests directly, they may be performed by the supplier on
their behalf. These tests are grouped into broad categories.
The tests in <a href="#section-4.1">Section 4.1</a> should be repeated under various conditions
to retest basic performance when critical capabilities are enabled.
Complete repetition of the performance tests enabling each capability
and combinations of capabilities would be very time intensive;
therefore, a reduced set of performance tests can be used to gauge
the impact of enabling specific capabilities.
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Basic Compliance</span>
T#1 Test forwarding at a high rate for packets with varying number
of label entries. While packets with more than a dozen label
entries are unlikely to be used in any practical scenario today,
it is useful to know if limitations exists.
<span class="grey">Villamizar, et al. Informational [Page 43]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-44" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
T#2 For each of the questions listed under "Basic Compliance" in
<a href="#section-3">Section 3</a>, verify the claimed compliance. For any functionality
considered critical to a deployment, the applicable performance
using each capability under load should be verified in addition
to basic compliance.
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. Basic Performance</span>
T#3 Test packet forwarding at full line rate with small packets.
See [<a href="./rfc5695" title=""MPLS Forwarding Benchmarking Methodology for IP Flows"">RFC5695</a>]. The most likely case to fail is the smallest
packet size. Also, test with packet sizes in 4-byte increments
ranging from payload sizes of 40 to 128 bytes.
T#4 If the prior tests did not succeed for all packet sizes, then
perform the following tests.
A. Increase the packet size by 4 bytes until a size is found
that can be forwarded at full rate.
B. Inject bursts of consecutive small packets into a stream of
larger packets. Allow some time for recovery between
bursts. Increase the number of packets in the burst until
packets are dropped.
T#5 Send test traffic where a swap operation is required. Also set
up multiple LSPs carried over other LSPs where the device under
test (DUT) is the egress of these LSPs. Create test packets
such that the swap operation is performed after pop operations,
increasing the number of pop operations until forwarding of
small packets at full line rate can no longer be supported.
Also, check to see how many pop operations can be supported
before the full set of counters can no longer be maintained.
This requirement is particularly relevant for MPLS-TP.
T#6 Send all traffic on one LSP and see if the counters become
inaccurate. Often, counters on silicon are much smaller than
the 64-bit packet and byte counters in various IETF MIBs.
System developers should consider what counter polling rate is
necessary to maintain accurate counters and whether those
polling rates are practical. Relevant MIBs for MPLS are
discussed in [<a href="./rfc4221" title=""Multiprotocol Label Switching (MPLS) Management Overview"">RFC4221</a>] and [<a href="./rfc6639" title=""Multiprotocol Label Switching Transport Profile (MPLS-TP) MIB-Based Management Overview"">RFC6639</a>].
T#7 [<a href="./rfc6894" title=""Methodology for Benchmarking MPLS Traffic Engineered (MPLS-TE) Fast Reroute Protection"">RFC6894</a>] provides a good basis for MPLS FRR testing. Similar
testing should be performed to determine restoration times;
however, this testing is far more difficult to perform due to
the need for a simulated test topology that is capable of
simulating the signaling used in restoration. The simulated
topology should be comparable with the target deployment in the
<span class="grey">Villamizar, et al. Informational [Page 44]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-45" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
number of nodes and links and in resource usage flooding and
setup delays. Some commercial test equipment can support this
type of testing.
<span class="h3"><a class="selflink" id="section-4.3" href="#section-4.3">4.3</a>. Multipath Capabilities and Performance</span>
Multipath capabilities do not apply to MPLS-TP but apply to MPLS and
apply if MPLS-TP is carried in MPLS.
T#8 Send traffic at a rate well exceeding the capacity of a single
multipath component link, and where entropy exists only below
the top of stack. If only the top label is used, this test will
fail immediately.
T#9 Move the labels with entropy down in the stack until either the
full forwarding rate can no longer be supported or most or all
packets try to use the same component link.
T#10 Repeat the two tests above with the entropy contained in IP
headers or IP payload fields below the label stack rather than
in the label stack. Test with the set of IP headers or IP
payload fields considered relevant to the deployment or to the
target market.
T#11 Determine whether traffic that contains a pseudowire Control
Word is interpreted as IP traffic. Information in the payload
MUST NOT be used in the load balancing if the first nibble of
the packet is not 4 or 6 (IPv4 or IPv6).
T#12 Determine whether special-purpose labels and extended special-
purpose labels are excluded from the label stack hash. They
MUST be excluded.
T#13 Perform testing in the presence of combinations of:
A. Very large microflows.
B. Relatively short-lived high-capacity flows.
C. Extremely large numbers of flows.
D. Very short-lived small flows.
<span class="grey">Villamizar, et al. Informational [Page 45]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-46" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-4.4" href="#section-4.4">4.4</a>. Pseudowire Capabilities and Performance</span>
T#14 Ensure that pseudowire can be set up with a pseudowire label and
pseudowire Control Word added at ingress and the pseudowire
label and pseudowire Control Word removed at egress.
T#15 For pseudowire that contains variable-length payload packets,
repeat performance tests listed under "Basic Performance" for
pseudowire ingress and egress functions.
T#16 Repeat pseudowire performance tests with and without a
pseudowire Control Word.
T#17 Determine whether pseudowire can be set up with a pseudowire
label, Flow Label, and pseudowire Control Word added at ingress
and the pseudowire label, Flow Label, and pseudowire Control
Word removed at egress.
T#18 Determine which payload fields are used to create the Flow Label
and whether the set of fields and algorithm provide sufficient
entropy for load balancing.
T#19 Repeat pseudowire performance tests with Flow Labels included.
<span class="h3"><a class="selflink" id="section-4.5" href="#section-4.5">4.5</a>. Entropy Label Support and Performance</span>
T#20 Determine whether Entropy Labels can be added at ingress and
removed at egress.
T#21 Determine which fields are used to create an Entropy Label.
Labels further down in the stack, including Entropy Labels
further down and IP headers or IP payload fields where
applicable, should be used. Determine whether the set of fields
and algorithm provide sufficient entropy for load balancing.
T#22 Repeat performance tests under "Basic Performance" when Entropy
Labels are used, where ingress or egress is the device under
test (DUT).
T#23 Determine whether an ELI is detected when acting as a midpoint
LSR and whether the search for further information on which to
base the load balancing is used. Information below the Entropy
Label SHOULD NOT be used.
T#24 Ensure that the Entropy Label indicator and Entropy Label (ELI
and EL) are removed from the label stack during UHP and PHP
operations.
<span class="grey">Villamizar, et al. Informational [Page 46]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-47" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
T#25 Ensure that operations on the TC field when adding and removing
Entropy Label are correctly carried out. If TC is changed
during a swap operation, the ability to transfer that change
MUST be provided. The ability to suppress the transfer of TC
MUST also be provided. See the pipe, short-pipe, and uniform
models in [<a href="./rfc3443" title=""Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks"">RFC3443</a>].
T#26 Repeat performance tests for a midpoint LSR with Entropy Labels
found at various label stack depths.
<span class="h3"><a class="selflink" id="section-4.6" href="#section-4.6">4.6</a>. DoS Protection</span>
T#27 Actively attack LSRs under high protocol churn load and
determine control-plane performance impact or successful DoS
under test conditions. Specifically, test for the following.
A. TCP SYN attack against control-plane and management-plane
protocols using TCP, including CLI access (typically SSH-
protected login), NETCONF, etc.
B. High traffic volume attack against control-plane and
management-plane protocols not using TCP.
C. Attacks that can be performed from a compromised management
subnet computer, but not one with authentication keys.
D. Attacks that can be performed from a compromised peer within
the control plane (internal domain and external domain).
Assume that keys that are per peering and keys that are per
router ID, rather than network-wide keys, are in use.
See <a href="#section-2.6.1">Section 2.6.1</a>.
<span class="h3"><a class="selflink" id="section-4.7" href="#section-4.7">4.7</a>. OAM Capabilities and Performance</span>
T#28 Determine maximum sustainable rates of BFD traffic. If BFD
requires CPU intervention, determine both maximum rates and CPU
loading when multiple interfaces are active.
T#29 Verify LSP Ping and LSP Traceroute capability.
T#30 Determine maximum rates of MPLS-TP CC-CV traffic. If CC-CV
requires CPU intervention, determine both maximum rates and CPU
loading when multiple interfaces are active.
T#31 Determine MPLS-TP DM precision.
T#32 Determine MPLS-TP LM accuracy.
<span class="grey">Villamizar, et al. Informational [Page 47]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-48" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
T#33 Verify MPLS-TP AIS/RDI and Protection State Coordination (PSC)
functionality, protection speed, and AIS/RDI notification speed
when a large number of Maintenance Entities (MEs) must be
notified with AIS/RDI.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Security Considerations</span>
This document reviews forwarding behavior specified elsewhere and
points out compliance and performance requirements. As such, it
introduces no new security requirements or concerns.
Discussion of hardware support and other equipment hardening against
DoS attack can be found in <a href="#section-2.6.1">Section 2.6.1</a>. <a href="#section-3.6">Section 3.6</a> provides a
list of questions regarding DoS to be asked of suppliers.
<a href="#section-4.6">Section 4.6</a> suggests types of testing that can provide some assurance
of the effectiveness of a supplier's claims about DoS hardening.
Knowledge of potential performance shortcomings may serve to help new
implementations avoid pitfalls. It is unlikely that such knowledge
could be the basis of new denial of service, as these pitfalls are
already widely known in the service provider community and among
leading equipment suppliers. In practice, extreme data and packet
rates are needed to affect existing equipment and to affect networks
that may be still vulnerable due to failure to implement adequate
protection. The extreme data and packet rates make this type of
denial of service unlikely and make undetectable denial of service of
this type impossible.
Each normative reference contains security considerations. A brief
summarization of MPLS security considerations applicable to
forwarding follows:
1. MPLS encapsulation does not support an authentication extension.
This is reflected in the security section of [<a href="./rfc3032" title=""MPLS Label Stack Encoding"">RFC3032</a>].
Documents that clarify MPLS header fields such as TTL [<a href="./rfc3443" title=""Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks"">RFC3443</a>],
the explicit null label [<a href="./rfc4182" title=""Removing a Restriction on the use of MPLS Explicit NULL"">RFC4182</a>], renaming EXP to TC [<a href="./rfc5462" title=""Multiprotocol Label Switching (MPLS) Label Stack Entry: "">RFC5462</a>],
ECN for MPLS [<a href="./rfc5129" title=""Explicit Congestion Marking in MPLS"">RFC5129</a>], and MPLS Ethernet encapsulation
[<a href="./rfc5332" title=""MPLS Multicast Encapsulations"">RFC5332</a>] make no changes to security considerations in
[<a href="./rfc3032" title=""MPLS Label Stack Encoding"">RFC3032</a>].
2. Some cited RFCs are related to Diffserv forwarding. [<a href="./rfc3270" title=""Multi- Protocol Label Switching (MPLS) Support of Differentiated Services"">RFC3270</a>]
refers to MPLS and Diffserv security. [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>] mentions theft
of service and denial of service due to mismarking. [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>]
mentions IPsec interaction, but with MPLS, not being carried by
IP, the type of interaction in [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>] is not relevant.
<span class="grey">Villamizar, et al. Informational [Page 48]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-49" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
3. [<a href="./rfc3209" title=""RSVP-TE: Extensions to RSVP for LSP Tunnels"">RFC3209</a>] is cited here due only to make-before-break forwarding
requirements. This is related to resource sharing and the
theft-of-service and denial-of-service concerns in [<a href="./rfc2474" title=""Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers"">RFC2474</a>]
apply.
4. [<a href="./rfc4090" title=""Fast Reroute Extensions to RSVP-TE for LSP Tunnels"">RFC4090</a>] defines FRR, which provides protection but does not
add security concerns. <a href="./rfc4201">RFC 4201</a> defines link bundling but
raises no additional security concerns.
5. Various OAM control channels are defined in [<a href="./rfc4385" title=""Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN"">RFC4385</a>] (PW CW),
[<a href="./rfc5085" title=""Pseudowire Virtual Circuit Connectivity Verification (VCCV): A Control Channel for Pseudowires"">RFC5085</a>] (VCCV), and [<a href="./rfc5586" title=""MPLS Generic Associated Channel"">RFC5586</a>] (G-Ach and GAL). These
documents describe potential abuse of these OAM control
channels.
6. [<a href="./rfc4950" title=""ICMP Extensions for Multiprotocol Label Switching"">RFC4950</a>] defines ICMP extensions when MPLS TTL expires and the
payload is IP. This provides MPLS header information that is of
no use to an IP attacker, but sending this information can be
suppressed through configuration.
7. GTSM [<a href="./rfc5082" title=""The Generalized TTL Security Mechanism (GTSM)"">RFC5082</a>] provides a means to improve protection against
high traffic volume spoofing as a form of DoS attack.
8. BFD [<a href="./rfc5880" title=""Bidirectional Forwarding Detection (BFD)"">RFC5880</a>] [<a href="./rfc5884" title=""Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)"">RFC5884</a>] [<a href="./rfc5885" title=""Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)"">RFC5885</a>] provides a form of OAM used in
MPLS and MPLS-TP. The security considerations related to the
OAM control channel are relevant. The BFD payload supports
authentication. The MPLS encapsulation, the MPLS control
channel, or the PW control channel, which BFD may be carried in,
do not support authentication. Where an IP return OAM path is
used, IPsec is suggested as a means of securing the return path.
9. Other forms of OAM are supported by [<a href="./rfc6374" title=""Packet Loss and Delay Measurement for MPLS Networks"">RFC6374</a>] [<a href="./rfc6375" title=""A Packet Loss and Delay Measurement Profile for MPLS-Based Transport Networks"">RFC6375</a>] (Loss
and Delay Measurement), [<a href="./rfc6428" title=""Proactive Connectivity Verification, Continuity Check, and Remote Defect Indication for the MPLS Transport Profile"">RFC6428</a>] (Continuity Check/Verification
based on BFD), and [<a href="./rfc6427" title=""MPLS Fault Management Operations, Administration, and Maintenance (OAM)"">RFC6427</a>] (Fault Management). The security
considerations related to the OAM control channel are relevant.
IP return paths, where used, can be secured with IPsec.
10. Linear protection is defined by [<a href="./rfc6378" title=""MPLS Transport Profile (MPLS-TP) Linear Protection"">RFC6378</a>] and updated by
[<a href="./rfc7324" title=""Updates to MPLS Transport Profile Linear Protection"">RFC7324</a>]. Security concerns related to MPLS encapsulation and
OAM control channels apply. Security concerns reiterate
[<a href="./rfc5920" title=""Security Framework for MPLS and GMPLS Networks"">RFC5920</a>] as applied to protection switching.
11. The PW Flow Label [<a href="./rfc6391" title=""Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network"">RFC6391</a>] and MPLS Entropy Label [<a href="./rfc6790" title=""The Use of Entropy Labels in MPLS Forwarding"">RFC6790</a>]
affect multipath load balancing. Security concerns reiterate
[<a href="./rfc5920" title=""Security Framework for MPLS and GMPLS Networks"">RFC5920</a>]. Security impacts would be limited to load
distribution.
<span class="grey">Villamizar, et al. Informational [Page 49]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-50" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
MPLS security including data-plane security is discussed in greater
detail in [<a href="./rfc5920" title=""Security Framework for MPLS and GMPLS Networks"">RFC5920</a>] (MPLS/GMPLS Security Framework). The MPLS-TP
security framework [<a href="./rfc6941" title=""MPLS Transport Profile (MPLS-TP) Security Framework"">RFC6941</a>] builds upon this, focusing largely on
the MPLS-TP OAM additions and OAM channels with some attention given
to using network management in place of control-plane setup. In both
security framework documents, MPLS is assumed to run within a
"trusted zone", defined as being where a single service provider has
total operational control over that part of the network.
If control-plane security and management-plane security are
sufficiently robust, compromise of a single network element may
result in chaos in the data plane anywhere in the network through
denial-of-service attacks, but not a Byzantine security failure in
which other network elements are fully compromised.
MPLS security, or lack thereof, can affect whether traffic can be
misrouted and lost, or intercepted, or intercepted and reinserted (a
man-in-the-middle attack), or spoofed. End-user applications,
including control-plane and management-plane protocols used by the
service provider, are expected to make use of appropriate end-to-end
authentication and, where appropriate, end-to-end encryption.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Organization of References Section</span>
The References section is split into Normative and Informative
subsections. References that directly specify forwarding
encapsulations or behaviors are listed as normative. References that
describe signaling only, though normative with respect to signaling,
are listed as informative. They are informative with respect to MPLS
forwarding.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. References</span>
<span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. Normative References</span>
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC3032">RFC3032</a>] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Encoding", <a href="./rfc3032">RFC 3032</a>, January 2001.
[<a id="ref-RFC3209">RFC3209</a>] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", <a href="./rfc3209">RFC 3209</a>, December 2001.
<span class="grey">Villamizar, et al. Informational [Page 50]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-51" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC3270">RFC3270</a>] Le Faucheur, F., Wu, L., Davie, B., Davari, S., Vaananen,
P., Krishnan, R., Cheval, P., and J. Heinanen, "Multi-
Protocol Label Switching (MPLS) Support of Differentiated
Services", <a href="./rfc3270">RFC 3270</a>, May 2002.
[<a id="ref-RFC3443">RFC3443</a>] Agarwal, P. and B. Akyol, "Time To Live (TTL) Processing
in Multi-Protocol Label Switching (MPLS) Networks", <a href="./rfc3443">RFC</a>
<a href="./rfc3443">3443</a>, January 2003.
[<a id="ref-RFC4090">RFC4090</a>] Pan, P., Swallow, G., and A. Atlas, "Fast Reroute
Extensions to RSVP-TE for LSP Tunnels", <a href="./rfc4090">RFC 4090</a>, May
2005.
[<a id="ref-RFC4182">RFC4182</a>] Rosen, E., "Removing a Restriction on the use of MPLS
Explicit NULL", <a href="./rfc4182">RFC 4182</a>, September 2005.
[<a id="ref-RFC4201">RFC4201</a>] Kompella, K., Rekhter, Y., and L. Berger, "Link Bundling
in MPLS Traffic Engineering (TE)", <a href="./rfc4201">RFC 4201</a>, October 2005.
[<a id="ref-RFC4385">RFC4385</a>] Bryant, S., Swallow, G., Martini, L., and D. McPherson,
"Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN", <a href="./rfc4385">RFC 4385</a>, February 2006.
[<a id="ref-RFC4950">RFC4950</a>] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, "ICMP
Extensions for Multiprotocol Label Switching", <a href="./rfc4950">RFC 4950</a>,
August 2007.
[<a id="ref-RFC5082">RFC5082</a>] Gill, V., Heasley, J., Meyer, D., Savola, P., and C.
Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", <a href="./rfc5082">RFC 5082</a>, October 2007.
[<a id="ref-RFC5085">RFC5085</a>] Nadeau, T. and C. Pignataro, "Pseudowire Virtual Circuit
Connectivity Verification (VCCV): A Control Channel for
Pseudowires", <a href="./rfc5085">RFC 5085</a>, December 2007.
[<a id="ref-RFC5129">RFC5129</a>] Davie, B., Briscoe, B., and J. Tay, "Explicit Congestion
Marking in MPLS", <a href="./rfc5129">RFC 5129</a>, January 2008.
[<a id="ref-RFC5332">RFC5332</a>] Eckert, T., Rosen, E., Aggarwal, R., and Y. Rekhter, "MPLS
Multicast Encapsulations", <a href="./rfc5332">RFC 5332</a>, August 2008.
[<a id="ref-RFC5586">RFC5586</a>] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", <a href="./rfc5586">RFC 5586</a>, June 2009.
[<a id="ref-RFC5880">RFC5880</a>] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", <a href="./rfc5880">RFC 5880</a>, June 2010.
<span class="grey">Villamizar, et al. Informational [Page 51]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-52" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC5884">RFC5884</a>] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", <a href="./rfc5884">RFC 5884</a>, June 2010.
[<a id="ref-RFC5885">RFC5885</a>] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding
Detection (BFD) for the Pseudowire Virtual Circuit
Connectivity Verification (VCCV)", <a href="./rfc5885">RFC 5885</a>, June 2010.
[<a id="ref-RFC6374">RFC6374</a>] Frost, D. and S. Bryant, "Packet Loss and Delay
Measurement for MPLS Networks", <a href="./rfc6374">RFC 6374</a>, September 2011.
[<a id="ref-RFC6375">RFC6375</a>] Frost, D. and S. Bryant, "A Packet Loss and Delay
Measurement Profile for MPLS-Based Transport Networks",
<a href="./rfc6375">RFC 6375</a>, September 2011.
[<a id="ref-RFC6378">RFC6378</a>] Weingarten, Y., Bryant, S., Osborne, E., Sprecher, N., and
A. Fulignoli, "MPLS Transport Profile (MPLS-TP) Linear
Protection", <a href="./rfc6378">RFC 6378</a>, October 2011.
[<a id="ref-RFC6391">RFC6391</a>] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan,
J., and S. Amante, "Flow-Aware Transport of Pseudowires
over an MPLS Packet Switched Network", <a href="./rfc6391">RFC 6391</a>, November
2011.
[<a id="ref-RFC6427">RFC6427</a>] Swallow, G., Fulignoli, A., Vigoureux, M., Boutros, S.,
and D. Ward, "MPLS Fault Management Operations,
Administration, and Maintenance (OAM)", <a href="./rfc6427">RFC 6427</a>, November
2011.
[<a id="ref-RFC6428">RFC6428</a>] Allan, D., Swallow Ed. , G., and J. Drake Ed. , "Proactive
Connectivity Verification, Continuity Check, and Remote
Defect Indication for the MPLS Transport Profile", <a href="./rfc6428">RFC</a>
<a href="./rfc6428">6428</a>, November 2011.
[<a id="ref-RFC6790">RFC6790</a>] Kompella, K., Drake, J., Amante, S., Henderickx, W., and
L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
<a href="./rfc6790">RFC 6790</a>, November 2012.
[<a id="ref-RFC7324">RFC7324</a>] Osborne, E., "Updates to MPLS Transport Profile Linear
Protection", <a href="./rfc7324">RFC 7324</a>, July 2014.
<span class="grey">Villamizar, et al. Informational [Page 52]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-53" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Informative References</span>
[<a id="ref-ACK-compression">ACK-compression</a>]
Zhang, L., Shenker, S., and D. Clark, "Observations and
Dynamics of a Congestion Control Algorithm: The Effects of
Two-Way Traffic", Proc. ACM SIGCOMM, ACM Computer
Communications Review (CCR) Vol. 21, No. 4, pp. 133-147.,
1991.
[<a id="ref-MPLS-IN-UDP">MPLS-IN-UDP</a>]
Xu, X., Sheth, N., Yong, L., Pignataro, C., and F.
Yongbing, "Encapsulating MPLS in UDP", Work in Progress,
January 2014.
[<a id="ref-MRT">MRT</a>] Atlas, A., Kebler, R., Bowers, C., Envedi, G., Csaszar,
A., Tantsura, J., Konstantynowicz, M., and R. White, "An
Architecture for IP/LDP Fast-Reroute Using Maximally
Redundant Trees", Work in Progress, July 2014.
[<a id="ref-REMOTE-LFA">REMOTE-LFA</a>]
Bryant, S., Filsfils, C., Previdi, S., Shand, M., and S.
Ning, "Remote LFA FRR", Work in Progress, May 2014.
[<a id="ref-RFC0791">RFC0791</a>] Postel, J., "Internet Protocol", STD 5, <a href="./rfc791">RFC 791</a>, September
1981.
[<a id="ref-RFC2474">RFC2474</a>] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", <a href="./rfc2474">RFC 2474</a>, December
1998.
[<a id="ref-RFC2475">RFC2475</a>] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", <a href="./rfc2475">RFC 2475</a>, December 1998.
[<a id="ref-RFC2597">RFC2597</a>] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski,
"Assured Forwarding PHB Group", <a href="./rfc2597">RFC 2597</a>, June 1999.
[<a id="ref-RFC3031">RFC3031</a>] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", <a href="./rfc3031">RFC 3031</a>, January 2001.
[<a id="ref-RFC3168">RFC3168</a>] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP", <a href="./rfc3168">RFC</a>
<a href="./rfc3168">3168</a>, September 2001.
<span class="grey">Villamizar, et al. Informational [Page 53]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-54" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC3429">RFC3429</a>] Ohta, H., "Assignment of the 'OAM Alert Label' for
Multiprotocol Label Switching Architecture (MPLS)
Operation and Maintenance (OAM) Functions", <a href="./rfc3429">RFC 3429</a>,
November 2002.
[<a id="ref-RFC3471">RFC3471</a>] Berger, L., "Generalized Multi-Protocol Label Switching
(GMPLS) Signaling Functional Description", <a href="./rfc3471">RFC 3471</a>,
January 2003.
[<a id="ref-RFC3550">RFC3550</a>] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, <a href="./rfc3550">RFC 3550</a>, July 2003.
[<a id="ref-RFC3828">RFC3828</a>] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., and
G. Fairhurst, "The Lightweight User Datagram Protocol
(UDP-Lite)", <a href="./rfc3828">RFC 3828</a>, July 2004.
[<a id="ref-RFC3985">RFC3985</a>] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to-
Edge (PWE3) Architecture", <a href="./rfc3985">RFC 3985</a>, March 2005.
[<a id="ref-RFC4023">RFC4023</a>] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or Generic Routing Encapsulation (GRE)", <a href="./rfc4023">RFC</a>
<a href="./rfc4023">4023</a>, March 2005.
[<a id="ref-RFC4110">RFC4110</a>] Callon, R. and M. Suzuki, "A Framework for Layer 3
Provider-Provisioned Virtual Private Networks (PPVPNs)",
<a href="./rfc4110">RFC 4110</a>, July 2005.
[<a id="ref-RFC4124">RFC4124</a>] Le Faucheur, F., "Protocol Extensions for Support of
Diffserv-aware MPLS Traffic Engineering", <a href="./rfc4124">RFC 4124</a>, June
2005.
[<a id="ref-RFC4206">RFC4206</a>] Kompella, K. and Y. Rekhter, "Label Switched Paths (LSP)
Hierarchy with Generalized Multi-Protocol Label Switching
(GMPLS) Traffic Engineering (TE)", <a href="./rfc4206">RFC 4206</a>, October 2005.
[<a id="ref-RFC4221">RFC4221</a>] Nadeau, T., Srinivasan, C., and A. Farrel, "Multiprotocol
Label Switching (MPLS) Management Overview", <a href="./rfc4221">RFC 4221</a>,
November 2005.
[<a id="ref-RFC4340">RFC4340</a>] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", <a href="./rfc4340">RFC 4340</a>, March 2006.
[<a id="ref-RFC4364">RFC4364</a>] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", <a href="./rfc4364">RFC 4364</a>, February 2006.
<span class="grey">Villamizar, et al. Informational [Page 54]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-55" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC4377">RFC4377</a>] Nadeau, T., Morrow, M., Swallow, G., Allan, D., and S.
Matsushima, "Operations and Management (OAM) Requirements
for Multi-Protocol Label Switched (MPLS) Networks", <a href="./rfc4377">RFC</a>
<a href="./rfc4377">4377</a>, February 2006.
[<a id="ref-RFC4379">RFC4379</a>] Kompella, K. and G. Swallow, "Detecting Multi-Protocol
Label Switched (MPLS) Data Plane Failures", <a href="./rfc4379">RFC 4379</a>,
February 2006.
[<a id="ref-RFC4664">RFC4664</a>] Andersson, L. and E. Rosen, "Framework for Layer 2 Virtual
Private Networks (L2VPNs)", <a href="./rfc4664">RFC 4664</a>, September 2006.
[<a id="ref-RFC4817">RFC4817</a>] Townsley, M., Pignataro, C., Wainner, S., Seely, T., and
J. Young, "Encapsulation of MPLS over Layer 2 Tunneling
Protocol Version 3", <a href="./rfc4817">RFC 4817</a>, March 2007.
[<a id="ref-RFC4875">RFC4875</a>] Aggarwal, R., Papadimitriou, D., and S. Yasukawa,
"Extensions to Resource Reservation Protocol - Traffic
Engineering (RSVP-TE) for Point-to-Multipoint TE Label
Switched Paths (LSPs)", <a href="./rfc4875">RFC 4875</a>, May 2007.
[<a id="ref-RFC4928">RFC4928</a>] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal
Cost Multipath Treatment in MPLS Networks", <a href="https://www.rfc-editor.org/bcp/bcp128">BCP 128</a>, <a href="./rfc4928">RFC</a>
<a href="./rfc4928">4928</a>, June 2007.
[<a id="ref-RFC4960">RFC4960</a>] Stewart, R., "Stream Control Transmission Protocol", <a href="./rfc4960">RFC</a>
<a href="./rfc4960">4960</a>, September 2007.
[<a id="ref-RFC5036">RFC5036</a>] Andersson, L., Minei, I., and B. Thomas, "LDP
Specification", <a href="./rfc5036">RFC 5036</a>, October 2007.
[<a id="ref-RFC5286">RFC5286</a>] Atlas, A. and A. Zinin, "Basic Specification for IP Fast
Reroute: Loop-Free Alternates", <a href="./rfc5286">RFC 5286</a>, September 2008.
[<a id="ref-RFC5317">RFC5317</a>] Bryant, S. and L. Andersson, "Joint Working Team (JWT)
Report on MPLS Architectural Considerations for a
Transport Profile", <a href="./rfc5317">RFC 5317</a>, February 2009.
[<a id="ref-RFC5462">RFC5462</a>] Andersson, L. and R. Asati, "Multiprotocol Label Switching
(MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
Class" Field", <a href="./rfc5462">RFC 5462</a>, February 2009.
[<a id="ref-RFC5470">RFC5470</a>] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture for IP Flow Information Export", <a href="./rfc5470">RFC 5470</a>,
March 2009.
[<a id="ref-RFC5640">RFC5640</a>] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load-
Balancing for Mesh Softwires", <a href="./rfc5640">RFC 5640</a>, August 2009.
<span class="grey">Villamizar, et al. Informational [Page 55]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-56" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC5695">RFC5695</a>] Akhter, A., Asati, R., and C. Pignataro, "MPLS Forwarding
Benchmarking Methodology for IP Flows", <a href="./rfc5695">RFC 5695</a>, November
2009.
[<a id="ref-RFC5704">RFC5704</a>] Bryant, S., Morrow, M., and IAB, "Uncoordinated Protocol
Development Considered Harmful", <a href="./rfc5704">RFC 5704</a>, November 2009.
[<a id="ref-RFC5714">RFC5714</a>] Shand, M. and S. Bryant, "IP Fast Reroute Framework", <a href="./rfc5714">RFC</a>
<a href="./rfc5714">5714</a>, January 2010.
[<a id="ref-RFC5715">RFC5715</a>] Shand, M. and S. Bryant, "A Framework for Loop-Free
Convergence", <a href="./rfc5715">RFC 5715</a>, January 2010.
[<a id="ref-RFC5860">RFC5860</a>] Vigoureux, M., Ward, D., and M. Betts, "Requirements for
Operations, Administration, and Maintenance (OAM) in MPLS
Transport Networks", <a href="./rfc5860">RFC 5860</a>, May 2010.
[<a id="ref-RFC5905">RFC5905</a>] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network
Time Protocol Version 4: Protocol and Algorithms
Specification", <a href="./rfc5905">RFC 5905</a>, June 2010.
[<a id="ref-RFC5920">RFC5920</a>] Fang, L., "Security Framework for MPLS and GMPLS
Networks", <a href="./rfc5920">RFC 5920</a>, July 2010.
[<a id="ref-RFC6291">RFC6291</a>] Andersson, L., van Helvoort, H., Bonica, R., Romascanu,
D., and S. Mansfield, "Guidelines for the Use of the "OAM"
Acronym in the IETF", <a href="https://www.rfc-editor.org/bcp/bcp161">BCP 161</a>, <a href="./rfc6291">RFC 6291</a>, June 2011.
[<a id="ref-RFC6310">RFC6310</a>] Aissaoui, M., Busschbach, P., Martini, L., Morrow, M.,
Nadeau, T., and Y(J). Stein, "Pseudowire (PW) Operations,
Administration, and Maintenance (OAM) Message Mapping",
<a href="./rfc6310">RFC 6310</a>, July 2011.
[<a id="ref-RFC6371">RFC6371</a>] Busi, I. and D. Allan, "Operations, Administration, and
Maintenance Framework for MPLS-Based Transport Networks",
<a href="./rfc6371">RFC 6371</a>, September 2011.
[<a id="ref-RFC6388">RFC6388</a>] Wijnands, IJ., Minei, I., Kompella, K., and B. Thomas,
"Label Distribution Protocol Extensions for Point-to-
Multipoint and Multipoint-to-Multipoint Label Switched
Paths", <a href="./rfc6388">RFC 6388</a>, November 2011.
[<a id="ref-RFC6424">RFC6424</a>] Bahadur, N., Kompella, K., and G. Swallow, "Mechanism for
Performing Label Switched Path Ping (LSP Ping) over MPLS
Tunnels", <a href="./rfc6424">RFC 6424</a>, November 2011.
<span class="grey">Villamizar, et al. Informational [Page 56]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-57" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC6425">RFC6425</a>] Saxena, S., Swallow, G., Ali, Z., Farrel, A., Yasukawa,
S., and T. Nadeau, "Detecting Data-Plane Failures in
Point-to-Multipoint MPLS - Extensions to LSP Ping", <a href="./rfc6425">RFC</a>
<a href="./rfc6425">6425</a>, November 2011.
[<a id="ref-RFC6426">RFC6426</a>] Gray, E., Bahadur, N., Boutros, S., and R. Aggarwal, "MPLS
On-Demand Connectivity Verification and Route Tracing",
<a href="./rfc6426">RFC 6426</a>, November 2011.
[<a id="ref-RFC6435">RFC6435</a>] Boutros, S., Sivabalan, S., Aggarwal, R., Vigoureux, M.,
and X. Dai, "MPLS Transport Profile Lock Instruct and
Loopback Functions", <a href="./rfc6435">RFC 6435</a>, November 2011.
[<a id="ref-RFC6438">RFC6438</a>] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", <a href="./rfc6438">RFC 6438</a>, November 2011.
[<a id="ref-RFC6478">RFC6478</a>] Martini, L., Swallow, G., Heron, G., and M. Bocci,
"Pseudowire Status for Static Pseudowires", <a href="./rfc6478">RFC 6478</a>, May
2012.
[<a id="ref-RFC6639">RFC6639</a>] King, D. and M. Venkatesan, "Multiprotocol Label Switching
Transport Profile (MPLS-TP) MIB-Based Management
Overview", <a href="./rfc6639">RFC 6639</a>, June 2012.
[<a id="ref-RFC6669">RFC6669</a>] Sprecher, N. and L. Fang, "An Overview of the Operations,
Administration, and Maintenance (OAM) Toolset for MPLS-
Based Transport Networks", <a href="./rfc6669">RFC 6669</a>, July 2012.
[<a id="ref-RFC6670">RFC6670</a>] Sprecher, N. and KY. Hong, "The Reasons for Selecting a
Single Solution for MPLS Transport Profile (MPLS-TP)
Operations, Administration, and Maintenance (OAM)", <a href="./rfc6670">RFC</a>
<a href="./rfc6670">6670</a>, July 2012.
[<a id="ref-RFC6720">RFC6720</a>] Pignataro, C. and R. Asati, "The Generalized TTL Security
Mechanism (GTSM) for the Label Distribution Protocol
(LDP)", <a href="./rfc6720">RFC 6720</a>, August 2012.
[<a id="ref-RFC6829">RFC6829</a>] Chen, M., Pan, P., Pignataro, C., and R. Asati, "Label
Switched Path (LSP) Ping for Pseudowire Forwarding
Equivalence Classes (FECs) Advertised over IPv6", <a href="./rfc6829">RFC</a>
<a href="./rfc6829">6829</a>, January 2013.
[<a id="ref-RFC6894">RFC6894</a>] Papneja, R., Vapiwala, S., Karthik, J., Poretsky, S., Rao,
S., and JL. Le Roux, "Methodology for Benchmarking MPLS
Traffic Engineered (MPLS-TE) Fast Reroute Protection", <a href="./rfc6894">RFC</a>
<a href="./rfc6894">6894</a>, March 2013.
<span class="grey">Villamizar, et al. Informational [Page 57]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-58" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
[<a id="ref-RFC6941">RFC6941</a>] Fang, L., Niven-Jenkins, B., Mansfield, S., and R.
Graveman, "MPLS Transport Profile (MPLS-TP) Security
Framework", <a href="./rfc6941">RFC 6941</a>, April 2013.
[<a id="ref-RFC6981">RFC6981</a>] Bryant, S., Previdi, S., and M. Shand, "A Framework for IP
and MPLS Fast Reroute Using Not-Via Addresses", <a href="./rfc6981">RFC 6981</a>,
August 2013.
[<a id="ref-RFC7012">RFC7012</a>] Claise, B. and B. Trammell, "Information Model for IP Flow
Information Export (IPFIX)", <a href="./rfc7012">RFC 7012</a>, September 2013.
[<a id="ref-RFC7023">RFC7023</a>] Mohan, D., Bitar, N., Sajassi, A., DeLord, S., Niger, P.,
and R. Qiu, "MPLS and Ethernet Operations, Administration,
and Maintenance (OAM) Interworking", <a href="./rfc7023">RFC 7023</a>, October
2013.
[<a id="ref-RFC7074">RFC7074</a>] Berger, L. and J. Meuric, "Revised Definition of the GMPLS
Switching Capability and Type Fields", <a href="./rfc7074">RFC 7074</a>, November
2013.
[<a id="ref-RFC7079">RFC7079</a>] Del Regno, N. and A. Malis, "The Pseudowire (PW) and
Virtual Circuit Connectivity Verification (VCCV)
Implementation Survey Results", <a href="./rfc7079">RFC 7079</a>, November 2013.
[<a id="ref-RFC7274">RFC7274</a>] Kompella, K., Andersson, L., and A. Farrel, "Allocating
and Retiring Special-Purpose MPLS Labels", <a href="./rfc7274">RFC 7274</a>, June
2014.
[<a id="ref-TIMING-OVER-MPLS">TIMING-OVER-MPLS</a>]
Davari, S., Oren, A., Bhatia, M., Roberts, P., and L.
Montini, "Transporting Timing messages over MPLS
Networks", Work in Progress, April 2014.
<span class="grey">Villamizar, et al. Informational [Page 58]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-59" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Acknowledgements</span>
Numerous very useful comments have been received in private email.
Some of these contributions are acknowledged here, approximately in
chronologic order.
Paul Doolan provided a brief review resulting in a number of
clarifications, most notably regarding on-chip vs. system buffering,
100 Gb/s link speed assumptions in the 150 Mpps figure, and handling
of large microflows. Pablo Frank reminded us of the sawtooth effect
in PPS vs. packet-size graphs, prompting the addition of a few
paragraphs on this. Comments from Lou Berger at IETF 85 prompted the
addition of <a href="#section-2.7">Section 2.7</a>.
Valuable comments were received on the BMWG mailing list. Jay
Karthik pointed out testing methodology hints that after discussion
were deemed out of scope and were removed but may benefit later work
in BMWG.
Nabil Bitar pointed out the need to cover QoS (Differentiated
Services), MPLS multicast (P2MP and MP2MP), and MPLS-TP OAM. Nabil
also provided a number of clarifications to the questions and tests
in Sections <a href="#section-3">3</a> and <a href="#section-4">4</a>.
Mark Szczesniak provided a thorough review and a number of useful
comments and suggestions that improved the document.
Gregory Mirsky and Thomas Beckhaus provided useful comments during
the review by the MPLS Review Team.
Tal Mizrahi provided comments that prompted clarifications regarding
timestamp processing, local delivery of packets, and the need for
hardware assistance in processing OAM traffic.
Alexander (Sasha) Vainshtein pointed out errors in <a href="#section-2.1.8.1">Section 2.1.8.1</a>
and suggested new text that, after lengthy discussion, resulted in
restating the summarization of requirements from PWE3 RFCs and more
clearly stating the benefits and drawbacks of packet resequencing
based on PW Sequence Number.
Loa Anderson provided useful comments and corrections prior to WGLC.
Adrian Farrel provided useful comments and corrections prior as part
of the AD review.
Discussion with Steve Kent during SecDir review resulted in expansion
of <a href="#section-5">Section 5</a>, briefly summarizing security considerations related to
forwarding in normative references. Tom Petch pointed out some
editorial errors in private email plus an important math error. Al
<span class="grey">Villamizar, et al. Informational [Page 59]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-60" ></span>
<span class="grey"><a href="./rfc7325">RFC 7325</a> MPLS Forwarding August 2014</span>
Morton during OpsDir review prompted clarification in the section
about the target audience, suggested more clear wording in places,
and found numerous editorial errors.
Discussion with Stewart Bryant and Alia Atlas as part of IESG review
resulted in coverage of IPFIX and improvements to document coverage
of MPLS FRR, and IP/LDP FRR, plus some corrections to the text
elsewhere.
Authors' Addresses
Curtis Villamizar (editor)
Outer Cape Cod Network Consulting, LLC
EMail: curtis@occnc.com
Kireeti Kompella
Juniper Networks
EMail: kireeti@juniper.net
Shane Amante
Apple Inc.
1 Infinite Loop
Cupertino, California 95014
EMail: amante@apple.com
Andrew Malis
Huawei Technologies
EMail: agmalis@gmail.com
Carlos Pignataro
Cisco Systems
7200-12 Kit Creek Road
Research Triangle Park, NC 27709
US
EMail: cpignata@cisco.com
Villamizar, et al. Informational [Page 60]
</pre>
|
