1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
|
<pre>Internet Engineering Task Force (IETF) H. Shah, Ed.
Request for Comments: 6575 Ciena
Category: Standards Track E. Rosen, Ed.
ISSN: 2070-1721 G. Heron, Ed.
Cisco
V. Kompella, Ed.
Alcatel-Lucent
June 2012
<span class="h1">Address Resolution Protocol (ARP) Mediation for</span>
<span class="h1">IP Interworking of Layer 2 VPNs</span>
Abstract
The Virtual Private Wire Service (VPWS), detailed in <a href="./rfc4664">RFC 4664</a>,
provides point-to-point connections between pairs of Customer Edge
(CE) devices. It does so by binding two Attachment Circuits (each
connecting a CE device with a Provider Edge (PE) device) to a
pseudowire (connecting the two PEs). In general, the Attachment
Circuits must be of the same technology (e.g., both Ethernet or both
ATM), and the pseudowire must carry the frames of that technology.
However, if it is known that the frames' payload consists solely of
IP datagrams, it is possible to provide a point-to-point connection
in which the pseudowire connects Attachment Circuits of different
technologies. This requires the PEs to perform a function known as
"Address Resolution Protocol (ARP) Mediation". ARP Mediation refers
to the process of resolving Layer 2 addresses when different
resolution protocols are used on either Attachment Circuit. The
methods described in this document are applicable even when the CEs
run a routing protocol between them, as long as the routing protocol
runs over IP.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc6575">http://www.rfc-editor.org/info/rfc6575</a>.
<span class="grey">Shah, et al. Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-3">3</a>
<a href="#section-1.1">1.1</a>. Conventions Used in This Document ..........................<a href="#page-4">4</a>
<a href="#section-2">2</a>. ARP Mediation (AM) Function .....................................<a href="#page-5">5</a>
<a href="#section-3">3</a>. IP Layer 2 Interworking Circuit .................................<a href="#page-6">6</a>
<a href="#section-4">4</a>. IP Address Discovery Mechanisms .................................<a href="#page-6">6</a>
<a href="#section-4.1">4.1</a>. Discovery of IP Addresses of Locally Attached IPv4 CE ......<a href="#page-7">7</a>
<a href="#section-4.1.1">4.1.1</a>. Monitoring Local Traffic ............................<a href="#page-7">7</a>
<a href="#section-4.1.2">4.1.2</a>. CE Devices Using ARP ................................<a href="#page-7">7</a>
<a href="#section-4.1.3">4.1.3</a>. CE Devices Using Inverse ARP ........................<a href="#page-8">8</a>
<a href="#section-4.1.4">4.1.4</a>. CE Devices Using PPP ................................<a href="#page-9">9</a>
<a href="#section-4.1.5">4.1.5</a>. Router Discovery Method ............................<a href="#page-10">10</a>
<a href="#section-4.1.6">4.1.6</a>. Manual Configuration ...............................<a href="#page-10">10</a>
<a href="#section-4.2">4.2</a>. How a CE Learns the IPv4 Address of a Remote CE ...........<a href="#page-10">10</a>
<a href="#section-4.2.1">4.2.1</a>. CE Devices Using ARP ...............................<a href="#page-11">11</a>
<a href="#section-4.2.2">4.2.2</a>. CE Devices Using Inverse ARP .......................<a href="#page-11">11</a>
<a href="#section-4.2.3">4.2.3</a>. CE Devices Using PPP ...............................<a href="#page-11">11</a>
<a href="#section-4.3">4.3</a>. Discovery of IP Addresses of IPv6 CE Devices ..............<a href="#page-11">11</a>
<a href="#section-4.3.1">4.3.1</a>. Distinguishing Factors between IPv4 and IPv6 .......<a href="#page-11">11</a>
<a href="#section-4.3.2">4.3.2</a>. Requirements for PEs ...............................<a href="#page-12">12</a>
<a href="#section-4.3.3">4.3.3</a>. Processing of Neighbor Solicitations ...............<a href="#page-12">12</a>
<a href="#section-4.3.4">4.3.4</a>. Processing of Neighbor Advertisements ..............<a href="#page-13">13</a>
<a href="#section-4.3.5">4.3.5</a>. Processing Inverse Neighbor Solicitations (INSs) ...<a href="#page-14">14</a>
4.3.6. Processing of Inverse Neighbor
Advertisements (INAs) ..............................<a href="#page-15">15</a>
<a href="#section-4.3.7">4.3.7</a>. Processing of Router Solicitations .................<a href="#page-15">15</a>
<a href="#section-4.3.8">4.3.8</a>. Processing of Router Advertisements ................<a href="#page-15">15</a>
<a href="#section-4.3.9">4.3.9</a>. Duplicate Address Detection ........................<a href="#page-16">16</a>
<a href="#section-4.3.10">4.3.10</a>. CE Address Discovery for CEs Attached Using PPP ...<a href="#page-16">16</a>
<a href="#section-5">5</a>. CE IPv4 Address Signaling between PEs ..........................<a href="#page-16">16</a>
<a href="#section-5.1">5.1</a>. When to Signal an IPv4 Address of a CE ....................<a href="#page-16">16</a>
<a href="#section-5.2">5.2</a>. LDP-Based Distribution of CE IPv4 Addresses ...............<a href="#page-17">17</a>
<span class="grey">Shah, et al. Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<a href="#section-6">6</a>. IPv6 Capability Advertisement ..................................<a href="#page-20">20</a>
<a href="#section-6.1">6.1</a>. PW Operational Down on Stack Capability Mismatch ..........<a href="#page-21">21</a>
<a href="#section-6.2">6.2</a>. Stack Capability Fallback .................................<a href="#page-21">21</a>
<a href="#section-7">7</a>. IANA Considerations ............................................<a href="#page-22">22</a>
<a href="#section-7.1">7.1</a>. LDP Status Messages .......................................<a href="#page-22">22</a>
<a href="#section-7.2">7.2</a>. Interface Parameters ......................................<a href="#page-22">22</a>
<a href="#section-8">8</a>. Security Considerations ........................................<a href="#page-22">22</a>
<a href="#section-8.1">8.1</a>. Control Plane Security ....................................<a href="#page-23">23</a>
<a href="#section-8.2">8.2</a>. Data Plane Security .......................................<a href="#page-24">24</a>
<a href="#section-9">9</a>. Acknowledgements ...............................................<a href="#page-24">24</a>
<a href="#section-10">10</a>. Contributors ..................................................<a href="#page-24">24</a>
<a href="#section-11">11</a>. References ....................................................<a href="#page-25">25</a>
<a href="#section-11.1">11.1</a>. Normative References .....................................<a href="#page-25">25</a>
<a href="#section-11.2">11.2</a>. Informative References ...................................<a href="#page-26">26</a>
<a href="#appendix-A">Appendix A</a>. Use of IGPs with IP L2 Interworking L2VPNs ...........<a href="#page-27">27</a>
<a href="#appendix-A.1">A.1</a>. OSPF ......................................................<a href="#page-27">27</a>
<a href="#appendix-A.2">A.2</a>. RIP .......................................................<a href="#page-27">27</a>
<a href="#appendix-A.3">A.3</a>. IS-IS .....................................................<a href="#page-28">28</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Layer 2 Virtual Private Networks (L2VPNs) are constructed over a
Service Provider IP/MPLS backbone but are presented to the Customer
Edge (CE) devices as Layer 2 networks. In theory, L2VPNs can carry
any Layer 3 protocol, but in many cases, the Layer 3 protocol is IP.
Thus, it makes sense to consider procedures that are optimized for
IP.
In a typical implementation, illustrated in the diagram below, the CE
devices are connected to the Provider Edge (PE) devices via
Attachment Circuits (ACs). The ACs are Layer 2 circuits. In a pure
L2VPN, if traffic sent from CE1 via AC1 reaches CE2 via AC2, both ACs
would have to be of the same type (i.e., both Ethernet, both Frame
Relay, etc.). However, if it is known that only IP traffic will be
carried, the ACs can be of different technologies, provided that the
PEs provide the appropriate procedures to allow the proper transfer
of IP packets.
<span class="grey">Shah, et al. Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
+-----+
+------ -----| CE3 |
|AC3 +-----+
+-----+
......| PE3 |...........
. +-----+ .
. | .
. | .
+-----+ AC1 +-----+ Service +-----+ AC2 +-----+
| CE1 |-----| PE1 |--- Provider ----| PE2 |-----| CE2 |
+-----+ +-----+ Backbone +-----+ +-----+
. .
........................
A CE, which is connected via a given type of AC, may use an IP
address resolution procedure that is specific to that type of AC.
For example, an Ethernet-attached IPv4 CE would use ARP [<a href="./rfc826" title=""Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware"">RFC826</a>] and
a Frame-Relay-attached CE might use Inverse ARP [<a href="./rfc2390" title=""Inverse Address Resolution Protocol"">RFC2390</a>]. If we are
to allow the two CEs to have a Layer 2 connection between them, even
though each AC uses a different Layer 2 technology, the PEs must
intercept and "mediate" the Layer-2-specific address resolution
procedures.
In this document, we specify the procedures for VPWS services
[<a href="./rfc4664" title=""Framework for Layer 2 Virtual Private Networks (L2VPNs)"">RFC4664</a>], which the PEs need to implement in order to mediate the IP
address resolution mechanism. We call these procedures "ARP
Mediation". Consider a Virtual Private Wire Service (VPWS)
constructed between CE1 and CE2 in the diagram above. If AC1 and AC2
are of different technologies, e.g., AC1 is Ethernet and AC2 is Frame
Relay (FR), then ARP requests coming from CE1 cannot be passed
transparently to CE2. PE1 MUST interpret the meaning of the ARP
requests and mediate the necessary information with PE2 before
responding.
This document uses the term "ARP" to mean any protocol that is used
to resolve IP addresses to link-layer addresses. For instance, in
IPv4, ARP and Inverse ARP protocols are used for address resolution
while in IPv6, Neighbor Discovery [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>] and Inverse Neighbor
Discovery [<a href="./rfc3122" title=""Extensions to IPv6 Neighbor Discovery for Inverse Discovery Specification"">RFC3122</a>] based on ICMPv6 are used for address resolution.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Conventions Used in This Document</span>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [<a href="./rfc2119" title=""Key words for use in RFCs to Indicate Requirement Levels"">RFC2119</a>].
<span class="grey">Shah, et al. Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. ARP Mediation (AM) Function</span>
The ARP Mediation (AM) function is an element of a PE node that deals
with the IP address resolution for CE devices connected via a VPWS
L2VPN. By placing this function in the PE node, ARP Mediation is
transparent to the CE devices.
For a given point-to-point connection between a pair of CEs, the ARP
Mediation procedure depends on whether the packets being forwarded
are IPv4 or IPv6. A PE that is to perform ARP Mediation for IPv4
packets MUST perform the following logical steps:
1. Discover the IP address of the locally attached CE device.
2. Terminate. Do not forward ARP and Inverse ARP requests from the
CE device at the local PE.
3. Distribute the IP address to the remote PE using pseudowire
control signaling.
4. Notify the locally attached CE of the IP address of the remote
CE.
5. Respond appropriately to ARP and Inverse ARP requests from the
local CE device using the IP address of the remote CE and the
hardware address of the local PE.
A PE that is to perform ARP Mediation for IPv6 packets MUST perform
the following logical steps:
1. Discover the IPv6 addresses of the locally attached CE device,
together with those of the remote CE device.
2. Perform the following steps:
a. Intercept Neighbor Discovery (ND) and Inverse Neighbor
Discovery (IND) packets received from the local CE device.
b. From these ND and IND packets, learn the IPv6 configuration
of the CE.
c. Forward the ND and IND packets over the pseudowire to the
remote PE.
<span class="grey">Shah, et al. Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
3. Intercept Neighbor Discovery and Inverse Neighbor Discovery
packets received over the pseudowire from the remote PE, possibly
modifying them (if required for the type of outgoing AC) before
forwarding to the local CE and learning information about the
IPv6 configuration of the remote CE.
Details for the procedures described above are given in the following
sections.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. IP Layer 2 Interworking Circuit</span>
The IP Layer 2 Interworking Circuit refers to interconnection of the
Attachment Circuit with the IP Layer 2 Transport pseudowire that
carries IP datagrams as the payload. The ingress PE removes the data
link header of its local Attachment Circuit and transmits the payload
(an IP packet) over the pseudowire with or without the optional
control word. If the IP packet arrives at the ingress PE with
multiple data link headers (for example, in the case of bridged
Ethernet PDU on an ATM Attachment Circuit), all data link headers
MUST be removed from the IP packet before transmission over the
pseudowire (PW). The egress PE encapsulates the IP packet with the
data link header used on its local Attachment Circuit.
The encapsulation for the IP Layer 2 Transport pseudowire is
described in [<a href="./rfc4447" title=""Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)"">RFC4447</a>]. The "IP Layer 2 Interworking Circuit"
pseudowire is also referred to as "IP pseudowire" in this document.
In the case of an IPv6 L2 Interworking Circuit, the egress PE MAY
modify the contents of Neighbor Discovery or Inverse Neighbor
Discovery packets before encapsulating the IP packet with the data
link header.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. IP Address Discovery Mechanisms</span>
An IP Layer 2 Interworking Circuit enters monitoring state
immediately after configuration. During this state, it performs two
functions:
o Discovery of the CE IP device(s)
o Establishment of the PW
The establishment of the PW occurs independently from local CE IP
address discovery. During the period when the PW has been
established but the local CE IP device has not been discovered, only
broadcast/multicast IP frames are propagated between the Attachment
Circuit and pseudowire; unicast IP datagrams are dropped. The IP
destination address is used to classify unicast/multicast packets.
<span class="grey">Shah, et al. Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
Unicast IP frames are propagated between the AC and pseudowire only
when CE IP devices on both Attachment Circuits have been discovered
and notified and proxy functions have completed.
The need to wait for address resolution completion before unicast IP
traffic can flow is simple.
o PEs do not perform routing operations.
o The destination IP address in the packet is not necessarily that
of the attached CE.
o On a broadcast link, there is no way to find out the Media Access
Control (MAC) address of the CE based on the destination IP
address of the packet.
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Discovery of IP Addresses of Locally Attached IPv4 CE</span>
A PE MUST support manual configuration of IPv4 CE addresses. This
section also describes automated mechanisms by which a PE MAY also
discover an IPv4 CE address.
<span class="h4"><a class="selflink" id="section-4.1.1" href="#section-4.1.1">4.1.1</a>. Monitoring Local Traffic</span>
The PE devices MAY learn the IP addresses of the locally attached CEs
from any IP traffic, such as link-local multicast packets (e.g.,
destined to 224.0.0.x), and are not restricted to the operations
below.
<span class="h4"><a class="selflink" id="section-4.1.2" href="#section-4.1.2">4.1.2</a>. CE Devices Using ARP</span>
If a CE device uses ARP to determine the IP-address-to-MAC-address
binding of its neighbor, the PE processes the ARP requests to learn
the IP address of the local CE for the local Attachment Circuit.
The method described in this document only supports the case where
there is a single CE per Attachment Circuit. However, customer-
facing access topologies may exist whereby more than one CE appears
to be connected to the PE on a single Attachment Circuit. For
example, this could be the case when CEs are connected to a shared
LAN that connects to the PE. In such a case, the PE MUST select one
local CE. The selection could be based on manual configuration or
the PE MAY optionally use the following selection criteria. In
either case, manual configuration of the IP address of the local CE
(and its MAC address) MUST be supported.
<span class="grey">Shah, et al. Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
o Wait to learn the IP address of the remote CE (through PW
signaling) and then select the local CE that is sending the
request for IP address of the remote CE.
o Augment cross-checking with the local IP address learned through
listening for link-local multicast packets (as per <a href="#section-4.1.1">Section 4.1.1</a>).
o Augment cross-checking with the local IP address learned through
the Router Discovery Protocol (as described in <a href="#section-4.1.5">Section 4.1.5</a>).
o There is still a possibility that the local PE may not receive an
IP address advertisement from the remote PE, and there may exist
multiple local IP routers that attempt to 'connect' to remote CEs.
In this situation, the local PE MAY use some other criteria to
select one IP device from many (such as "the first ARP received"),
or an operator MAY configure the IP address of the local CE. Note
that the operator does not have to configure the IP address of the
remote CE (as that would be learned through pseudowire signaling).
Once the local and remote CEs have been discovered for the given
Attachment Circuit, the local PE responds with its own MAC address to
any subsequent ARP requests from the local CE with a destination IP
address matching the IP address of the remote CE.
The local PE signals the IP address of the local CE to the remote PE
and MAY initiate an unsolicited ARP response to notify the IP-
address-to-MAC-address binding for the remote CE to the local CE
(again using its own MAC address).
Once the ARP Mediation function is completed (i.e., the PE device
knows both the local and remote CE IP addresses), unicast IP frames
are propagated between the AC and the established PW.
The PE MAY periodically generate ARP request messages for the IP
address of the CE as a means of verifying the continued existence of
the IP address and its MAC address binding. The absence of a
response from the CE device for a given number of retries could be
used as a trigger for withdrawal of the IP address advertisement to
the remote PE. The local PE would then re-enter the address
resolution phase to rediscover the IP address of the attached CE.
Note that this "heartbeat" scheme is needed only where the failure of
a CE device may otherwise be undetectable.
<span class="h4"><a class="selflink" id="section-4.1.3" href="#section-4.1.3">4.1.3</a>. CE Devices Using Inverse ARP</span>
If a CE device uses Inverse ARP to determine the IP address of its
neighbor, the attached PE processes the Inverse ARP request from the
Attachment Circuit and responds with an Inverse ARP reply containing
<span class="grey">Shah, et al. Standards Track [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
the IP address of the remote CE, if the address is known. If the PE
does not yet have the IP address of the remote CE, it does not
respond, but records the IP address of the local CE and the circuit
information. Subsequently, when the IP address of the remote CE
becomes available, the PE MAY initiate an Inverse ARP request as a
means of notifying the local CE of the IP address of the remote CE.
This is the typical mode of operation for Frame Relay and ATM
Attachment Circuits. If the CE does not use Inverse ARP, the PE can
still discover the IP address of the local CE using the mechanisms
described in Sections <a href="#section-4.1.1">4.1.1</a> and <a href="#section-4.1.5">4.1.5</a>.
<span class="h4"><a class="selflink" id="section-4.1.4" href="#section-4.1.4">4.1.4</a>. CE Devices Using PPP</span>
The IP Control Protocol [<a href="./rfc1332" title=""The PPP Internet Protocol Control Protocol (IPCP)"">RFC1332</a>] describes a procedure to establish
and configure IP on a point-to-point connection, including the
negotiation of IP addresses. When such an Attachment Circuit is
configured for IP interworking, PPP negotiation is not performed end-
to-end between CE devices. Instead, PPP negotiation takes place
between the CE and its local PE. The PE performs proxy PPP
negotiation and informs the attached CE of the IP address of the
remote CE during IP Control Protocol (IPCP) negotiation using the IP-
Address option (0x03).
When a PPP link completes Link Control Protocol (LCP) negotiations,
the local PE MAY perform the following IPCP actions:
o The PE learns the IP address of the local CE from the Configure-
Request received with the IP-Address option (0x03). If the IP
address is non-zero, the PE records the address and responds with
Configure-Ack. However, if the IP address is zero, the PE
responds with Configure-Reject (as this is a request from the CE
to assign it an IP address). Also, the IP-Address option is set
with a zero value in the Configure-Reject response to instruct the
CE not to include that option in any subsequent Configure-Request.
o If the PE receives a Configure-Request without the IP-Address
option, it responds with a Configure-Ack. In this case, the PE is
unable to learn the IP address of the local CE using IPCP; hence,
it MUST rely on other means as described in Sections <a href="#section-4.1.1">4.1.1</a> and
4.1.5. Note that in order to employ other learning mechanisms,
the IPCP negotiations MUST have reached the open state.
o If the PE does not know the IP address of the remote CE, it sends
a Configure-Request without the IP-Address option.
<span class="grey">Shah, et al. Standards Track [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
o If the PE knows the IP address of the remote CE, it sends a
Configure-Request with the IP-Address option containing the IP
address of the remote CE.
The IPCP IP-Address option MAY be negotiated between the PE and the
local CE device. Configuration of other IPCP options MAY be
rejected. Other Network Control Protocols (NCPs), with the exception
of the Compression Control Protocol (CCP) and the Encryption Control
Protocol (ECP), MUST be rejected. The PE device MAY reject
configuration of the CCP and ECP.
<span class="h4"><a class="selflink" id="section-4.1.5" href="#section-4.1.5">4.1.5</a>. Router Discovery Method</span>
In order to learn the IP address of the CE device for a given
Attachment Circuit, the PE device MAY execute the Router Discovery
Protocol [<a href="./rfc1256" title=""ICMP Router Discovery Messages"">RFC1256</a>] whereby a Router Discovery Request (ICMP - Router
Solicitation) message is sent using a source IP address of zero. The
IP address of the CE device is extracted from the Router Discovery
Response (ICMP - Router Advertisement) message from the CE. It is
possible that the response contains more than one router address with
the same preference level, in which case, some heuristics (such as
first on the list) are necessary. The use of the Router Discovery
method by the PE is optional.
<span class="h4"><a class="selflink" id="section-4.1.6" href="#section-4.1.6">4.1.6</a>. Manual Configuration</span>
In some cases, it may not be possible to discover the IP address of
the local CE device using the mechanisms described in Sections <a href="#section-4.1.1">4.1.1</a>
to 4.1.5. In such cases, manual configuration MAY be used. All
implementations of this document MUST support manual configuration of
the IPv4 address of the local CE. This is the only REQUIRED mode for
a PE to support.
The support for configuration of the IP address of the remote CE is
OPTIONAL.
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. How a CE Learns the IPv4 Address of a Remote CE</span>
Once the local PE has received the IP address information of the
remote CE from the remote PE, it will either initiate an address
resolution request or respond to an outstanding request from the
attached CE device.
In the event that the IPv4 address of the remote CE is manually
configured, the address resolution can begin immediately as receipt
of remote IP address of the CE becomes unnecessary.
<span class="grey">Shah, et al. Standards Track [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h4"><a class="selflink" id="section-4.2.1" href="#section-4.2.1">4.2.1</a>. CE Devices Using ARP</span>
When the PE learns the IP address of the remote CE as described in
<a href="#section-5.1">Section 5.1</a>, it may or may not already know the IP address of the
local CE. If the IP address is not known, the PE MUST wait until it
is acquired through one of the methods described in Sections <a href="#section-4.1.1">4.1.1</a>,
4.1.2, and 4.1.5. If the IP address of the local CE is known, the PE
MAY choose to generate an unsolicited ARP message to notify the local
CE about the binding of the IP address of the remote CE with the PE's
own MAC address.
When the local CE generates an ARP request, the PE MUST proxy the ARP
response [<a href="./rfc925" title=""Multi-LAN address resolution"">RFC925</a>] using its own MAC address as the source hardware
address and the IP address of the remote CE as the source protocol
address. The PE MUST respond only to those ARP requests whose
destination protocol address matches the IP address of the remote CE.
<span class="h4"><a class="selflink" id="section-4.2.2" href="#section-4.2.2">4.2.2</a>. CE Devices Using Inverse ARP</span>
When the PE learns the IP address of the remote CE, it SHOULD
generate an Inverse ARP request. If the Attachment Circuit requires
activation (e.g., Frame Relay), the PE SHOULD activate it first
before the Inverse ARP request. It should be noted that the PE might
never receive the response to its own request, nor see any Inverse
ARP request from the CE, in cases where the CE is pre-configured with
the IP address of the remote CE or where the use of Inverse ARP has
not been enabled. In either case, the CE has used other means to
learn the IP address of its neighbor.
<span class="h4"><a class="selflink" id="section-4.2.3" href="#section-4.2.3">4.2.3</a>. CE Devices Using PPP</span>
When the PE learns the IP address of the remote CE, it SHOULD
initiate a Configure-Request and set the IP-Address option to the IP
address of the remote CE. This notifies the local CE of the IP
address of the remote CE.
<span class="h3"><a class="selflink" id="section-4.3" href="#section-4.3">4.3</a>. Discovery of IP Addresses of IPv6 CE Devices</span>
<span class="h4"><a class="selflink" id="section-4.3.1" href="#section-4.3.1">4.3.1</a>. Distinguishing Factors between IPv4 and IPv6</span>
IPv4 uses ARP and Inverse ARP to resolve IP address and link-layer
associations. Since these are dedicated address resolution
protocols, and not IP packets, they cannot be carried on an IP
pseudowire. They MUST be processed locally and the IPv4 address
information they carry signaled between the PEs using the pseudowire
control plane. IPv6 uses ICMPv6 extensions to resolve IP address and
<span class="grey">Shah, et al. Standards Track [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
link address associations. As these are IPv6 packets, they can be
carried on an IP pseudowire; therefore, no IPv6 address signaling is
required.
<span class="h4"><a class="selflink" id="section-4.3.2" href="#section-4.3.2">4.3.2</a>. Requirements for PEs</span>
A PE device that supports IPv6 MUST be capable of the following:
o Intercepting ICMPv6 Neighbor Discovery [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>] and Inverse
Neighbor Discovery [<a href="./rfc3122" title=""Extensions to IPv6 Neighbor Discovery for Inverse Discovery Specification"">RFC3122</a>] packets received over the AC as well
as over the PW,
o Recording the IPv6 interface addresses and CE link-layer addresses
present in these packets,
o Possibly modifying these packets as dictated by the data link type
of the egress AC (described in the following sections), and
o Forwarding them towards the original destination.
The PE MUST also be capable of generating packets in order to
interwork between Neighbor Discovery (ND) and Inverse Neighbor
Discovery (IND). This is specified in Sections <a href="#section-4.3.3">4.3.3</a> to <a href="#section-4.3.6">4.3.6</a>.
If an IP PW is used to interconnect CEs that use IPv6 Router
Discovery [<a href="./rfc4861" title=""Neighbor Discovery for IP version 6 (IPv6)"">RFC4861</a>], a PE device MUST also be capable of intercepting
and processing those Router Discovery packets. This is required in
order to translate between different link-layer addresses. If a
Router Discovery message contains a link-layer address, then the PE
MAY also use this message to discover the link-layer address and IPv6
interface address. This is described in more detail in Sections
4.3.7 and 4.3.8.
The PE device MUST learn a list of CE IPv6 interface addresses for
its directly attached CE and another list of CE IPv6 interface
addresses for the far-end CE. The PE device MUST also learn the
link-layer address of the local CE and be able to use it when
forwarding traffic between the local and far-end CEs. The PE MAY
also wish to monitor the source link-layer address of data packets
received from the CE and discard packets not matching its learned CE
link-layer address.
<span class="h4"><a class="selflink" id="section-4.3.3" href="#section-4.3.3">4.3.3</a>. Processing of Neighbor Solicitations</span>
A Neighbor Solicitation received on an AC from a local CE SHOULD be
inspected to determine and learn an IPv6 interface address (if
provided, this will not be the case for Duplicate Address Detection)
and any link-layer address provided. The packet MUST then be
<span class="grey">Shah, et al. Standards Track [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
forwarded over the pseudowire unmodified. A Neighbor Solicitation
received over the pseudowire SHOULD be inspected to determine and
learn an IPv6 interface address for the far-end CE. If a source
link-layer address option is present, the PE MUST remove it. The PE
MAY substitute an appropriate link-layer address option, specifying
the link-layer address of the PE interface attached to the local AC.
Note that if the local AC is Ethernet, failure to substitute a link-
layer address option may mean that the CE has no valid link-layer
address with which to transmit data packets.
When a PE with a local AC, which is of the type point-to-point Layer
2 circuit, e.g., FR, ATM or PPP, receives a Neighbor Solicitation
from a far-end PE over the pseudowire, after learning the IP address
of the far-end CE, the PE MAY use one of the following procedures:
1. Forward the Neighbor Solicitation to the local CE after replacing
the source link-layer address with the link-layer address of the
local AC.
2. Send an Inverse Neighbor Solicitation to the local CE, specifying
the far-end CE's IP address and the link-layer address of the PE
interface attached to local AC.
3. Reply to the far-end PE with a Neighbor Advertisement, using the
IP address of the local CE as the source address and an
appropriate link-layer address option that specifies the link-
layer address of the PE interface attached to local AC. As
described in <a href="#section-4.3.10">Section 4.3.10</a>, the IP address of the local CE is
learned through IPv6 Control Protocol (IPv6CP) in the case of PPP
and through Neighbor Solicitation in other cases.
<span class="h4"><a class="selflink" id="section-4.3.4" href="#section-4.3.4">4.3.4</a>. Processing of Neighbor Advertisements</span>
A Neighbor Advertisement received on an AC from a local CE SHOULD be
inspected to determine and learn an IPv6 interface address and any
link-layer address provided. The packet MUST then be forwarded over
the IP pseudowire unmodified.
A Neighbor Advertisement received over the pseudowire SHOULD be
inspected to determine and learn an IPv6 interface address for the
far-end CE. If a source link-layer address option is present, the PE
MUST remove it. The PE MAY substitute an appropriate link-layer
address option, specifying the link-layer address of the PE interface
attached to local AC. Note that if the local AC is Ethernet, failure
to substitute a link-layer address option may mean that the local AC
has no valid link-layer address with which to transmit data packets.
<span class="grey">Shah, et al. Standards Track [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
When a PE with a local AC that is of the type point-to-point Layer 2
circuit, such as ATM, FR, or PPP, receives a Neighbor Advertisement
over the pseudowire, in addition to learning the remote CE's IPv6
address, it SHOULD perform the following steps:
o If the AC supports Inverse Neighbor Discovery (IND) and the PE had
already processed an Inverse Neighbor Solicitation (INS) from the
local CE, it SHOULD send an Inverse Neighbor Advertisement (INA)
on the local AC using source IP address information received in an
ND advertisement (ND-ADV) and its own local AC link-layer
information.
o If the PE has not received any Inverse Neighbor Solicitation (INS)
from the local CE and the AC supports Inverse Neighbor Discovery
(IND), it SHOULD send an INS on the local AC using source IP
address information received in the INA together with its own
local AC link-layer information.
<span class="h4"><a class="selflink" id="section-4.3.5" href="#section-4.3.5">4.3.5</a>. Processing Inverse Neighbor Solicitations (INSs)</span>
An INS received on an AC from a local CE SHOULD be inspected to
determine and learn the IPv6 addresses and the link-layer addresses.
The packet MUST then be forwarded over the pseudowire unmodified.
An INS received over the pseudowire SHOULD be inspected to determine
and learn one or more IPv6 addresses for the far-end CE. If the
local AC supports IND (e.g., a switched Frame Relay AC), the packet
SHOULD be forwarded to the local CE after modifying the link-layer
address options to match the type of the local AC.
If the local AC does not support IND, processing of the packet
depends on whether the PE has learned at least one interface address
for its directly attached CE.
o If it has learned at least one IPv6 address for the CE, the PE
MUST discard the Inverse Neighbor Solicitation (INS) and generate
an Inverse Neighbor Advertisement (INA) back into the pseudowire.
The destination address of the INA is the source address from the
INS; the source address is one of the local CE's interface
addresses; and all the local CE's interface addresses that have
been learned so far SHOULD be included in the Target Address List.
The Source and Target link-layer addresses are copied from the
INS. In addition, the PE SHOULD generate ND advertisements on the
local AC using the IPv6 address of the remote CE and the link-
layer address of the local PE.
<span class="grey">Shah, et al. Standards Track [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
o If it has not learned at least one IPv6 and link-layer address of
its directly connected CE, the INS MUST continue to be discarded
until the PE learns an IPv6 and link-layer address from the local
CE (through receiving, for example, a Neighbor Solicitation).
After this has occurred, the PE will be able to respond to INS
messages received over the pseudowire as described above.
<span class="h4"><a class="selflink" id="section-4.3.6" href="#section-4.3.6">4.3.6</a>. Processing of Inverse Neighbor Advertisements (INAs)</span>
An INA received on an AC from a local CE SHOULD be inspected to
determine and learn one or more IPv6 addresses for the CE. It MUST
then be forwarded unmodified over the pseudowire.
An INA received over the pseudowire SHOULD be inspected to determine
and learn one or more IPv6 addresses for the far-end CE.
If the local AC supports IND (e.g., a Frame Relay AC), the packet MAY
be forwarded to the local CE after modifying the link-layer address
options to match the type of the local AC.
If the local AC does not support IND, the PE MUST discard the INA and
generate a Neighbor Advertisement (NA) towards its local CE. The
source IPv6 address of the NA is the source IPv6 address from the
INA; the destination IPv6 address is the destination IPv6 address
from the INA; and the link-layer address is that of the local AC on
the PE.
<span class="h4"><a class="selflink" id="section-4.3.7" href="#section-4.3.7">4.3.7</a>. Processing of Router Solicitations</span>
A Router Solicitation received on an AC from a local CE SHOULD be
inspected to determine and learn an IPv6 address for the CE and, if
present, the link-layer address of the CE. It MUST then be forwarded
unmodified over the pseudowire.
A Router Solicitation received over the pseudowire SHOULD be
inspected to determine and learn an IPv6 address for the far-end CE.
If a source link-layer address option is present, the PE MUST remove
it. The PE MAY substitute a source link-layer address option
specifying the link-layer address of its local AC. The packet is
then forwarded to the local CE.
<span class="h4"><a class="selflink" id="section-4.3.8" href="#section-4.3.8">4.3.8</a>. Processing of Router Advertisements</span>
A Router Advertisement received on an AC from a local CE SHOULD be
inspected to determine and learn an IPv6 address for the CE and, if
present, the link-layer address of the CE. It MUST then be forwarded
unmodified over the pseudowire.
<span class="grey">Shah, et al. Standards Track [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
A Router Advertisement received over the pseudowire SHOULD be
inspected to determine and learn an IPv6 address for the far-end CE.
If a source link-layer address option is present, the PE MUST remove
it. The PE MAY substitute a source link-layer address option
specifying the link-layer address of its local AC. If an MTU option
is present, the PE MAY reduce the specified MTU if the MTU of the
pseudowire is less than the value specified in the option. The
packet is then forwarded to the local CE.
<span class="h4"><a class="selflink" id="section-4.3.9" href="#section-4.3.9">4.3.9</a>. Duplicate Address Detection</span>
Duplicate Address Detection [<a href="./rfc4862" title=""IPv6 Stateless Address Autoconfiguration"">RFC4862</a>] allows IPv6 hosts and routers
to ensure that the addresses assigned to interfaces are unique on a
link. As with all Neighbor Discovery packets, those used in
Duplicate Address Detection will simply flow through the pseudowire,
being inspected at the PEs at each end. Processing is performed as
detailed in Sections <a href="#section-4.3.3">4.3.3</a> and <a href="#section-4.3.4">4.3.4</a>. However, the source IPv6
address of Neighbor Solicitations used in Duplicate Address Detection
is the unspecified address, so the PEs cannot learn the CE's IPv6
interface address (nor would it make sense to do so, given that at
least one address is tentative at that time).
<span class="h4"><a class="selflink" id="section-4.3.10" href="#section-4.3.10">4.3.10</a>. CE Address Discovery for CEs Attached Using PPP</span>
The IPv6 Control Protocol (IPv6CP) [<a href="./rfc5072" title=""IP Version 6 over PPP"">RFC5072</a>] describes a procedure
for establishing and configuring IPv6 on a point-to-point connection,
including the negotiation of a link-local interface identifier. As
in the case of IPv4, when such an AC is configured for IP
interworking, PPP negotiation is not performed end-to-end between CE
devices. Instead, PPP negotiation takes place between the CE and its
local PE. The PE performs proxy PPP negotiation and informs the
attached CE of the link-local identifier of its local interface using
the Interface-Identifier option (0x01). This local interface
identifier is used by stateless address autoconfiguration [<a href="./rfc4862" title=""IPv6 Stateless Address Autoconfiguration"">RFC4862</a>].
When a PPP link completes IPv6CP negotiations and the PPP link is
open, a PE MAY discover the IPv6 unicast address of the CE using any
of the mechanisms described above.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. CE IPv4 Address Signaling between PEs</span>
<span class="h3"><a class="selflink" id="section-5.1" href="#section-5.1">5.1</a>. When to Signal an IPv4 Address of a CE</span>
A PE device advertises the IPv4 address of the attached CE only when
the encapsulation type of the pseudowire is IP Layer2 Transport (the
value 0x000B, as defined in [<a href="./rfc4446" title=""IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)"">RFC4446</a>]). The IP Layer2 transport PW
is also referred to as IP PW and is used interchangeably in this
document. It is quite possible that the IPv4 address of a CE device
<span class="grey">Shah, et al. Standards Track [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
is not available at the time the PW labels are signaled. For
example, in Frame Relay, the CE device sends an Inverse ARP request
only when the Data Link Connection Identifier (DLCI) is active. If
the PE signals the DLCI to be active only when it has received the
IPv4 address along with the PW Forwarding Equivalence Class (FEC)
from the remote PE, a deadlock situation arises. In order to avoid
such problems, the PE MUST be prepared to advertise the PW FEC before
the IPv4 address of the CE is known; hence,the PE uses an IPv4
address value zero. When the IPv4 address of the CE device does
become available, the PE re-advertises the PW FEC along with the IPv4
address of the CE.
Similarly, if the PE detects that an IP address of a CE is no longer
valid (by methods described above), the PE MUST re-advertise the PW
FEC with a null IP address to denote the withdrawal of the IP address
of the CE. The receiving PE then waits for notification of the
remote IP address. During this period, propagation of unicast IPv4
traffic is suspended, but multicast IPv4 traffic can continue to flow
between the AC and the pseudowire.
If two CE devices are locally attached to the PE on disparate AC
types (for example, one CE connected to an Ethernet port and the
other to a Frame Relay port), the IPv4 addresses are learned in the
same manner as described above. However, since the CE devices are
local, the distribution of IPv4 addresses for these CE devices is a
local step.
Note that the PEs discover the IPv6 addresses of the remote CE by
intercepting Neighbor Discovery and Inverse Neighbor Discovery
packets that have been passed in-band through the pseudowire. Hence,
there is no need to communicate the IPv6 addresses of the CEs through
LDP signaling.
If the pseudowire is carrying both IPv4 and IPv6 traffic, the
mechanisms used for IPv6 and IPv4 SHOULD NOT interact. In
particular, just because a PE has learned a link-layer address for
IPv6 traffic by intercepting a Neighbor Advertisement from its
directly connected CE, it SHOULD NOT assume that it can use that
link-layer address for IPv4 traffic until that fact is confirmed by
reception of, for example, an IPv4 ARP message from the CE.
<span class="h3"><a class="selflink" id="section-5.2" href="#section-5.2">5.2</a>. LDP-Based Distribution of CE IPv4 Addresses</span>
[<a id="ref-RFC4447">RFC4447</a>] uses Label Distribution Protocol (LDP) transport to
exchange PW FECs in the Label Mapping message in the Downstream
Unsolicited (DU) mode. The PW FEC comes in two flavors, with some
<span class="grey">Shah, et al. Standards Track [Page 17]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
common fields between them: PWid and Generalized ID FEC elements.
The discussions below refer to these common fields for IP L2
Interworking encapsulation.
In addition to PW FEC, this document uses an IP Address List TLV (as
defined in [<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>]) that is to be included in the optional
parameter field of the Label Mapping message when advertising the PW
FEC for the IP Layer2 Transport. The use of optional parameters in
the Label Mapping message to extend the attributes of the PW FEC is
specified in [<a href="./rfc4447" title=""Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)"">RFC4447</a>].
As defined in [<a href="./rfc4447" title=""Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)"">RFC4447</a>], when processing a received PW FEC, the PE
matches the PW ID and PW type with the locally configured PW ID and
PW Type. If there is a match and if the PW Type is IP Layer2
Transport, the PE further checks for the presence of an Address List
TLV [<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>] in the optional parameter TLVs. The processing of the
Address List TLV is as follows.
o If a PE is configured for an AC to a CE enabled for IPv4 or dual-
stack IPv4/IPv6, the PE SHOULD advertise an Address List TLV with
address family type of IPv4 address. The PE SHOULD process the
IPv4 Address List TLV as described in this document. The PE MUST
advertise and process IPv6 capability using the procedures
described in <a href="#section-6">Section 6</a>.
o If a PE does not receive any IPv4 address in the Address List TLV,
it MAY assume IPv4 behavior. The address resolution for IPv4 MUST
then depend on local manual configuration. In the case of
mismatched configuration whereby one PE has manual configuration
while the other does not, the IP address to link-layer address
mapping remains unresolved, resulting in unsuccessful propagation
of IPv4 traffic to the local CE.
o If a PE is configured for an AC to a CE enabled for IPv6 only, the
PE MUST advertise IPv6 capability using the procedures described
in <a href="#section-6">Section 6</a>. In addition, by virtue of not setting the manual
configuration for IPv4 support, IPv6-only support is realized.
We use the Address List TLV [<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>] to signal the IPv4 address of
the local CE. This IP Address List TLV is included in the optional
parameter field of the Label Mapping message.
The Address List TLV is only used for IPv4 addresses.
<span class="grey">Shah, et al. Standards Track [Page 18]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
The fields of the IP Address List TLV are set as follows:
Length
Set to 6 to encompass 2 bytes of Address Family field and 4 bytes
of Addresses field (because a single IPv4 address is used).
Address Family
Set to 1 to indicate IPv4 as defined in [<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>].
Addresses
Contains a single IPv4 address that is the address of the CE
attached to the advertising PE.
The address in the Addresses field is set to all zeros to denote that
the advertising PE has not learned the IPv4 address of its local CE.
Any non-zero address value denotes the IPv4 address of the
advertising PE's attached CE device.
The IPv4 address of the CE is also supplied in the optional
parameters field of the LDP Notification message along with the PW
FEC. The LDP Notification message is used to signal any change in
the status of the CE's IPv4 address.
The encoding of the LDP Notification message is as follows.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| Notification (0x0001) | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status TLV |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address List TLV (as defined above) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PWid FEC or Generalized ID FEC |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Status TLV status code is set to 0x0000002C "IP address of CE",
to indicate that an IP address update follows. Since this
notification does not refer to any particular message, the Message ID
field is set to 0.
The PW FEC TLV SHOULD NOT include the interface parameters as they
are ignored in the context of this message.
<span class="grey">Shah, et al. Standards Track [Page 19]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IPv6 Capability Advertisement</span>
A Stack Capability Interface Parameter sub-TLV is signaled by the two
PEs so that they can agree which network protocol(s) they SHOULD be
using. As discussed earlier, the use of the Address List TLV
signifies support for IPv4 stack, so the Stack Capability Interface
Parameter sub-TLV is used to indicate whether support for IPv6 stack
is required on a given IP PW.
The Stack Capability Interface Parameter sub-TLV is part of the
interface parameters. The proposed format for the Stack Capability
Interface Parameter sub-TLV is as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Parameter ID | Length | Stack Capability |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameter ID = 0x16
Length = 4
The Stack Capability field is a bit field. Only one bit is defined
in this document. When bit zero (the least significant bit with
bitmask 0x0001) is set, it indicates IPv6 Stack Capability.
The presence of the Stack Capability Interface Parameter sub-TLV is
relevant only when the PW type is IP PW. A PE that supports IPv6 on
an IP PW MUST signal the Stack Capability Interface Parameter sub-TLV
in the initial Label Mapping message for the PW. The PE nodes
compare the value advertised by the remote PE with the local
configuration and only use a capability that is supported by both.
The behavior of a PE that does not understand an Interface Parameter
sub-TLV is specified in <a href="./rfc4447#section-5.5">Section 5.5 of RFC 4447</a> [<a href="./rfc4447" title=""Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)"">RFC4447</a>].
In some deployment scenarios, it may be desirable to take a PW
operationally down if there is a mismatch of the Stack Capability
between the PEs. In other deployment scenarios, an operator may wish
the IP version supported by both PEs to fall back to IPv4 if one of
the PEs does not support IPv6. The following procedures MUST be
followed for each of these cases.
<span class="grey">Shah, et al. Standards Track [Page 20]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-21" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. PW Operational Down on Stack Capability Mismatch</span>
If a PE that supports IPv6 and has not yet sent a Label Mapping
message receives an initial Label Mapping message from the far-end PE
that does not include the Stack Capability Interface Parameter sub-
TLV, or one is received but it is not set to the 'IPv6 Stack
Capability' value, then the PE supporting this procedure MUST NOT
send a Label Mapping message for this PW.
If a PE that supports IPv6 has already sent an initial Label Mapping
message for the PW and does not receive a Stack Capability Interface
Parameter sub-TLV in the Label Mapping message from the far-end PE,
or one is received but it is not set to 'IPv6 Stack Capability', the
PE supporting this procedure MUST withdraw its PW label with the LDP
status code meaning "IP Address type mismatch" (Status Code
0x0000004A). However, subsequently, if the configuration was to
change at the far-end PE and a Stack Capability Interface Parameter
sub-TLV in the Label Mapping message is received from the far-end PE,
the local PE MUST re-advertise the Label Mapping message for the PW.
<span class="h3"><a class="selflink" id="section-6.2" href="#section-6.2">6.2</a>. Stack Capability Fallback</span>
If a PE that supports IPv6 and has not yet sent a Label Mapping
message receives an initial Label Mapping message from the far-end PE
that does not include the Stack Capability Interface Parameter sub-
TLV, or one is received but it is not set to the 'IPv6 Stack
Capability' value, then it MAY send a Label Mapping message for this
PW but MUST NOT include the Stack Capability Interface Parameter sub-
TLV.
If a PE that supports IPv6 and has already sent a Label Mapping
message for the PW with the Stack Capability Interface Parameter sub-
TLV but does not receive a Stack Capability Interface Parameter sub-
TLV from the far-end PE in the initial Label Mapping message (or one
is received but it is not set to the 'IPv6 Stack Capability' value),
the PE following this procedure MUST send a Label Withdraw for its PW
label with the LDP status code meaning "Wrong IP Address type"
(Status Code 0x000004B) followed by a Label Mapping message that does
not include the Stack Capability Interface Parameter sub-TLV. If a
Label Withdraw message with the "Wrong IP Address Type" status code
is received by a PE, it SHOULD treat this as a normal Label Withdraw
but MUST NOT respond with a Label Release. It MUST continue to wait
for the next control message for the PW as specified in <a href="./rfc4447#section-6.2">Section 6.2
of RFC 4447</a> [<a href="./rfc4447" title=""Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)"">RFC4447</a>].
<span class="grey">Shah, et al. Standards Track [Page 21]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-22" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. IANA Considerations</span>
<span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. LDP Status Messages</span>
This document uses new LDP status codes. IANA already maintains a
registry of name "Status Code Name Space" defined by [<a href="./rfc5036" title=""LDP Specification"">RFC5036</a>]. The
following values have been assigned:
0x0000002C "IP Address of CE"
0x0000004A "IP Address Type Mismatch"
0x0000004B "Wrong IP Address Type"
<span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Interface Parameters</span>
This document proposes a new Interface Parameters sub-TLV, that has
been assigned from the 'Pseudowire Interface Parameters Sub-TLV type
Registry'. The following value has been assigned for the Parameter
ID:
0x16 "Stack Capability"
IANA has also set up a registry of "L2VPN PE stack Capabilities".
This is a 16-bit field. Stack Capability bitmask 0x0001 is specified
in <a href="#section-6">Section 6</a> of this document. The remaining bitfield values
(0x0002,..,0x8000) are to be assigned by IANA using the "IETF Review"
policy defined in [<a href="./rfc5226" title="">RFC5226</a>].
L2VPN PE Stack Capabilities:
Bit (Value) Description
=============== ========================
Bit 0 (0x0001) - IPv6 stack capability
Bit 1 (0x0002) - Unassigned
Bit 2 (0x0004) - Unassigned
.
.
.
Bit 14 (0x4000) - Unassigned
Bit 15 (0x8000) - Unassigned
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Security Considerations</span>
The security aspect of this solution is addressed for two planes: the
control plane and the data plane.
<span class="grey">Shah, et al. Standards Track [Page 22]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-23" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h3"><a class="selflink" id="section-8.1" href="#section-8.1">8.1</a>. Control Plane Security</span>
Control plane security pertains to establishing the LDP connection
and to pseudowire signaling and CE IP address distribution over that
LDP connection. For greater security, the LDP connection between two
trusted PEs MUST be secured by each PE verifying the incoming
connection against the configured address of the peer and
authenticating the LDP messages, as described in <a href="./rfc5036#section-2.9">Section 2.9 of
[RFC5036]</a>. Pseudowire signaling between two secure LDP peers does
not pose a security issue but mis-wiring could occur due to
configuration error. However, the fact that the pseudowire will only
be established if the two PEs have matching configurations (e.g., PW
ID, PW type, and MTU) provides some protection against mis-wiring due
to configuration errors.
Learning the IP address of the appropriate CE can be a security
issue. It is expected that the Attachment Circuit to the local CE
will be physically secured. If this is a concern, the PE MUST be
configured with the IP and MAC address of the CE when connected with
Ethernet, IP and virtual circuit information (DLCI or VPI/VCI
(Virtual Path Identifier / Virtual Circuit Identifier) when connected
over Frame Relay or ATM, and IP address only when connected over PPP.
During ARP/Inverse ARP frame processing, the PE MUST verify the
received information against local configuration before forwarding
the information to the remote PE to protect against hijacking of the
connection.
For IPv6, the preferred means of security is Secure Neighbor
Discovery (SEND) [<a href="./rfc3971" title=""SEcure Neighbor Discovery (SEND)"">RFC3971</a>]. SEND provides a mechanism for securing
Neighbor Discovery packets over media (such as wireless links) that
may be insecure and open to packet interception and substitution.
SEND is based upon cryptographic signatures of Neighbor Discovery
packets. These signatures allow the receiving node to detect packet
modification and confirm that a received packet originated from the
claimed source node. SEND is incompatible with the Neighbor
Discovery packet modifications described in this document. As such,
SEND cannot be used for Neighbor Discovery across an ARP Mediation
pseudowire. PEs taking part in IPv6 ARP Mediation MUST remove all
SEND packet options from Neighbor Discovery packets before forwarding
into the pseudowire. If the CE devices are configured to accept only
SEND Neighbor Discovery packets, Neighbor Discovery will fail. Thus,
the CE devices MUST be configured to accept non-SEND packets, even if
they treat them with lower priority than SEND packets. Because SEND
cannot be used in combination with IPv6 ARP Mediation, it is
suggested that IPv6 ARP Mediation only be used with secure Attachment
Circuits. An exception to this recommendation applies to an
implementation that supports the SEND Proxy [<a href="./rfc6496" title=""Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)"">RFC6496</a>], which allows a
device such as PE to act as an ND proxy as described in [<a href="./rfc6496" title=""Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)"">RFC6496</a>].
<span class="grey">Shah, et al. Standards Track [Page 23]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-24" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h3"><a class="selflink" id="section-8.2" href="#section-8.2">8.2</a>. Data Plane Security</span>
The data traffic between CE and PE is not encrypted, and it is
possible that in an insecure environment, a malicious user may tap
into the CE-to-PE connection and generate traffic using the spoofed
destination MAC address on the Ethernet Attachment Circuit. In order
to avoid such hijacking, the local PE may verify the source MAC
address of the received frame against the MAC address of the admitted
connection. The frame is forwarded to the PW only when authenticity
is verified. When spoofing is detected, the PE MUST sever the
connection with the local CE, tear down the PW, and start over.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Acknowledgements</span>
The authors would like to thank Yetik Serbest, Prabhu Kavi, Bruce
Lasley, Mark Lewis, Carlos Pignataro, and others who participated in
the discussions related to this document.
<span class="h2"><a class="selflink" id="section-10" href="#section-10">10</a>. Contributors</span>
This document is the combined effort of many who have contributed,
carefully reviewed, and provided technical clarifications. This
includes the individuals listed in this section and those listed in
the Editors' Addresses.
Matthew Bocci
Alcatel-Lucent
EMail: Mathew.bocci@alcatel-lucent.com
Tiberiu Grigoriu
Alcatel-Lucent
EMail: Tiberiu.Grigoriu@alcatel-lucent.com
Neil Hart
Alcatel-Lucent
EMail: Neil.Hart@alcatel-lucent.com
Andrew Dolganow
Alcatel-Lucent
EMail: Andrew.Dolganow@alcatel-lucent.com
Shane Amante
Level 3
EMail: Shane@castlepoint.net
Toby Smith
Google
EMail: tob@google.com
<span class="grey">Shah, et al. Standards Track [Page 24]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-25" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
Andrew G. Malis
Verizon
EMail: Andy.g.Malis@verizon.com
Steven Wright
Bell South Corp
EMail: steven.wright@bellsouth.com
Waldemar Augustyn
Consultant
EMail: waldemar@wdmsys.com
Arun Vishwanathan
Juniper Networks
EMail: arunvn@juniper.net
Ashwin Moranganti
IneoQuest Technologies
EMail: Ashwin.Moranganti@Ineoquest.com
<span class="h2"><a class="selflink" id="section-11" href="#section-11">11</a>. References</span>
<span class="h3"><a class="selflink" id="section-11.1" href="#section-11.1">11.1</a>. Normative References</span>
[<a id="ref-RFC826">RFC826</a>] Plummer, D., "Ethernet Address Resolution Protocol: Or
Converting Network Protocol Addresses to 48.bit Ethernet
Address for Transmission on Ethernet Hardware", STD 37,
<a href="./rfc826">RFC 826</a>, November 1982.
[<a id="ref-RFC2390">RFC2390</a>] Bradley, T., Brown, C., and A. Malis, "Inverse Address
Resolution Protocol", <a href="./rfc2390">RFC 2390</a>, September 1998.
[<a id="ref-RFC4447">RFC4447</a>] Martini, L., Ed., Rosen, E., El-Aawar, N., Smith, T., and
G. Heron, "Pseudowire Setup and Maintenance Using the
Label Distribution Protocol (LDP)", <a href="./rfc4447">RFC 4447</a>, April 2006.
[<a id="ref-RFC4446">RFC4446</a>] Martini, L., "IANA Allocations for Pseudowire Edge to Edge
Emulation (PWE3)", <a href="https://www.rfc-editor.org/bcp/bcp116">BCP 116</a>, <a href="./rfc4446">RFC 4446</a>, April 2006.
[<a id="ref-RFC2119">RFC2119</a>] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", <a href="https://www.rfc-editor.org/bcp/bcp14">BCP 14</a>, <a href="./rfc2119">RFC 2119</a>, March 1997.
[<a id="ref-RFC5036">RFC5036</a>] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed.,
"LDP Specification", <a href="./rfc5036">RFC 5036</a>, October 2007.
[<a id="ref-RFC4861">RFC4861</a>] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", <a href="./rfc4861">RFC 4861</a>,
September 2007.
<span class="grey">Shah, et al. Standards Track [Page 25]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-26" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
[<a id="ref-RFC3122">RFC3122</a>] Conta, A., "Extensions to IPv6 Neighbor Discovery for
Inverse Discovery Specification", <a href="./rfc3122">RFC 3122</a>, June 2001.
[<a id="ref-RFC4862">RFC4862</a>] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", <a href="./rfc4862">RFC 4862</a>, September 2007.
[<a id="ref-RFC3971">RFC3971</a>] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander,
"SEcure Neighbor Discovery (SEND)", <a href="./rfc3971">RFC 3971</a>, March 2005.
[<a id="ref-RFC5226">RFC5226</a>] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", <a href="https://www.rfc-editor.org/bcp/bcp26">BCP 26</a>, <a href="./rfc5226">RFC 5226</a>,
May 2008.
<span class="h3"><a class="selflink" id="section-11.2" href="#section-11.2">11.2</a>. Informative References</span>
[<a id="ref-RFC4664">RFC4664</a>] Andersson, L., Ed., and E. Rosen, Ed., "Framework for
Layer 2 Virtual Private Networks (L2VPNs)", <a href="./rfc4664">RFC 4664</a>,
September 2006.
[<a id="ref-RFC1332">RFC1332</a>] McGregor, G., "The PPP Internet Protocol Control Protocol
(IPCP)", <a href="./rfc1332">RFC 1332</a>, May 1992.
[<a id="ref-RFC5072">RFC5072</a>] Varada, S., Ed., Haskins, D., and E. Allen, "IP Version 6
over PPP", <a href="./rfc5072">RFC 5072</a>, September 2007.
[<a id="ref-RFC925">RFC925</a>] Postel, J., "Multi-LAN address resolution", <a href="./rfc925">RFC 925</a>,
October 1984.
[<a id="ref-RFC1256">RFC1256</a>] Deering, S., Ed., "ICMP Router Discovery Messages", <a href="./rfc1256">RFC</a>
<a href="./rfc1256">1256</a>, September 1991.
[<a id="ref-RFC5309">RFC5309</a>] Shen, N., Ed., and A. Zinin, Ed., "Point-to-Point
Operation over LAN in Link State Routing Protocols", <a href="./rfc5309">RFC</a>
<a href="./rfc5309">5309</a>, October 2008.
[<a id="ref-RFC6496">RFC6496</a>] Krishnan, S., Laganier, J., Bonola, M., and A. Garcia-
Martinez, "Secure Proxy ND Support for SEcure Neighbor
Discovery (SEND)", <a href="./rfc6496">RFC 6496</a>, February 2012.
<span class="grey">Shah, et al. Standards Track [Page 26]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-27" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Use of IGPs with IP L2 Interworking L2VPNs</span>
In an IP L2 interworking L2VPN, when an IGP on a CE connected to a
broadcast link is cross-connected with an IGP on a CE connected to a
point-to-point link, there are routing protocol related issues that
MUST be addressed. The link state routing protocols are cognizant of
the underlying link characteristics and behave accordingly when
establishing neighbor adjacencies, representing the network topology,
and passing protocol packets. The point-to-point operations of the
routing protocols over a LAN are discussed in [<a href="./rfc5309" title=""Point-to-Point Operation over LAN in Link State Routing Protocols"">RFC5309</a>].
<span class="h3"><a class="selflink" id="appendix-A.1" href="#appendix-A.1">A.1</a>. OSPF</span>
The OSPF protocol treats a broadcast link type with a special
procedure that engages in Neighbor Discovery to elect a designated
router and a backup designated router (DR and BDR, respectively),
with which each other router on the link forms adjacencies. However,
these procedures are neither applicable nor understood by OSPF
running on a point-to-point link. By cross-connecting two neighbors
with disparate link types, an IP L2 interworking L2VPN may experience
connectivity issues.
Additionally, the link type specified in the router Link State
Advertisement (LSA) will not match for the two cross-connected
routers.
Finally, each OSPF router generates network LSAs when connected to a
broadcast link such as Ethernet, receipt of which by an OSPF router
that believes itself to be connected to a point-to-point link further
adds to the confusion.
Fortunately, the OSPF protocol provides a configuration option
(ospfIfType) whereby OSPF will treat the underlying physical
broadcast link as a point-to-point link.
It is strongly recommended that all OSPF protocols on CE devices
connected to Ethernet interfaces use this configuration option when
attached to a PE that is participating in an IP L2 Interworking VPN.
<span class="h3"><a class="selflink" id="appendix-A.2" href="#appendix-A.2">A.2</a>. RIP</span>
The RIP protocol broadcasts RIP advertisements every 30 seconds. If
the multicast/broadcast traffic snooping mechanism is used as
described in <a href="#section-4.1">Section 4.1</a>, the attached PE can learn the local CE
router's IP address from the IP header of its advertisements. No
special configuration is required for RIP in this type of Layer 2 IP
Interworking L2VPN.
<span class="grey">Shah, et al. Standards Track [Page 27]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-28" ></span>
<span class="grey"><a href="./rfc6575">RFC 6575</a> ARP Mediation for IP Interworking of L2VPNs June 2012</span>
<span class="h3"><a class="selflink" id="appendix-A.3" href="#appendix-A.3">A.3</a>. IS-IS</span>
The IS-IS protocol does not encapsulate its PDUs in IP; hence, it
cannot be supported in IP L2 Interworking L2VPNs.
Editors' Addresses
Himanshu Shah (editor)
Ciena
EMail: hshah@ciena.com
Eric Rosen (editor)
Cisco Systems
EMail: erosen@cisco.com
Giles Heron (editor)
Cisco Systems
EMail: giheron@cisco.com
Vach Kompella (editor)
Alcatel-Lucent
EMail: vach.kompella@alcatel-lucent.com
Shah, et al. Standards Track [Page 28]
</pre>
|
