MPLS
Click on the red underlined text to get to the source
... This document describes a simple and efficient mechanism that can be
used to detect data plane failures in MPLS Label Switched Paths
(LSPs). There are two parts to this document: information carried in
...
... (LSPs). There are two parts to this document: information carried in
an MPLS "echo request" and "echo reply", and mechanisms for
...
... fault isolation.
An important consideration in this design is that MPLS echo requests
follow the same data path that normal MPLS packets ...
... MPLS echo requests
follow the same data path that normal MPLS packets would traverse.
MPLS echo ...
... follow the same data path that normal MPLS packets would traverse.
MPLS echo requests are meant primarily to validate the data plane ...
... IP TTL, the authors have chosen the convention of
using the unqualified "TTL" to mean "MPLS TTL" and using "IP TTL" for
...
...
The body of this memo contains four main parts: motivation, MPLS echo
request/reply packet format, LSP ping operation, and a reliable
...
... LSP fails to deliver user traffic, the failure cannot always
be detected by the MPLS control plane. There is a need to provide a
tool that would enable users to detect such traffic ...
... Forwarding Equivalence Class (FEC) actually end their MPLS path on a
Label Switching Router (LSR ...
... FEC. This
document proposes that this test be carried out by sending a packet
(called an "MPLS echo request") along the same data path as other
packets belonging to this FEC. An MPLS echo request ...
... MPLS echo request") along the same data path as other
packets belonging to this FEC. An MPLS echo request also carries
information about the FEC whose MPLS ...
... MPLS echo request also carries
information about the FEC whose MPLS path is being verified. This
echo request is forwarded just like any other packet belonging to
...
... LSP ping is intended as a diagnostic tool. It is
intended to enable providers of an MPLS-based service to isolate
network ...
... data planes are out of sync. It performs this
by routing an MPLS echo request packet based solely on its label
stack. That is, the IP destination address ...
... destination address is never used in a
forwarding decision. In fact, the sender of an MPLS echo request
packet may not know, a priori, the address of the router ...
... trace all
of the possible paths that an LSP may take. Since most MPLS services
are based on IP unicast ...
... LSP in question may be broken in unknown ways, the
likelihood of a diagnostic packet being delivered to a user of an
MPLS service MUST be held to an absolute minimum.
...
... addresses. Use of the private address space was deemed
ineffective since the leading MPLS-based service is an IPv4 Virtual
Private Network ...
... version number is to
be incremented whenever a change is made that affects the ability of
an implementation to correctly parse or process an MPLS echo
request/reply. These changes include any syntactic or semantic
changes made to any of the fixed fields, or to any Type-Length-Value
...
... control channel
An MPLS echo request with 1 (Do not reply) in the Reply Mode field
may be used for one-way ...
... log gaps in the Sequence Numbers and/or maintain delay/jitter
statistics. An MPLS echo request would normally have 2 (Reply via an
IPv4/IPv6 UDP ...
... Router Alert). Note that this requires
that all intermediate routers understand and know how to forward MPLS
echo ...
... The Sequence Number is assigned by the sender of the MPLS echo
request and can be (for example) used to detect missed replies.
The TimeStamp ...
... sender's clock) in NTP format [NTP] when the MPLS
echo request is sent. The TimeStamp Received in an echo reply is the
...
... 8 Label switched at stack-depth <RSC>
9 Label switched but no MPLS forwarding at stack-depth
<RSC>
...
... corresponding to the top of the label stack, etc.
An MPLS echo request MUST have a Target FEC Stack that describes the
...
... binding of 1001 for 192.168.1.1 via LDP.
X has two choices in sending an MPLS echo request: X can send an MPLS
echo request with an FEC Stack TLV ...
... LDP.
X has two choices in sending an MPLS echo request: X can send an MPLS
echo request with an FEC Stack TLV with a single FEC ...
... Route Distinguisher of RD-
foo-Y. In either case, the MPLS echo request would have a label
stack of <1001, 23456>. (Note: in this example, 1001 is the "outer"
label and 23456 is the "inner" label.)
...
...
The MTU is the size in octets of the largest MPLS frame (including
label stack) that fits on the interface to the Downstream ...
... A Downstream Label is 24 bits, in the same format as an MPLS label
minus the TTL field, i.e., the MSBit of the label is bit ...
... echo request is a special
case. X needs to figure out what LSRs would receive the MPLS echo
request for a given FEC Stack that X originates with TTL=1.
...
... discussion below on ECMP) or simultaneous paths (e.g., for MPLS
multicast). In the former case, the Multipath Information is used as
...
... sub-TLV.
When an MPLS echo request is received, the receiver is expected to
verify that the control plane ...
... To deal with the last two first: it is assumed that the LSR sourcing
MPLS echo requests can force the echo request into any desired LSP ...
... Since the actual LSP and path that a given packet may take may not be
known a priori, it is useful if MPLS echo requests can exercise all
possible paths. This, although desirable, may not be practical,
...
... certain latitude in choosing the destination IP address and source
UDP port for an MPLS echo request. This is clearly not sufficient;
in the case of traceroute, more latitude is offered by means of the
...
... TLV. This is used as
follows. An ingress LSR periodically sends an MPLS traceroute
message to determine whether there are multipaths for a given LSP ...
... If so, each hop will provide some information how each of its
downstream paths can be exercised. The ingress can then send MPLS
echo requests that exercise these paths. If several transit LSRs ...
... LSP breakages, it may be necessary to encapsulate
an MPLS echo request packet with at least one additional label when
testing LSPs that are used to carry MPLS ...
... MPLS echo request packet with at least one additional label when
testing LSPs that are used to carry MPLS payloads (such as LSPs used
...
... RSVP-TE LSPs, just sending an MPLS echo request packet may not detect
instances where the router immediately upstream ...
... destination of
the LSP ping may forward the MPLS echo request successfully over an
interface not configured to carry MPLS ...
... MPLS echo request successfully over an
interface not configured to carry MPLS payloads because of the use of
penultimate hop popping. Since the receiving ...
... differentiate whether the IP packet was sent unlabeled or implicitly
labeled, the addition of labels shimmed above the MPLS echo request
(using the Nil FEC) will prevent a router ...
... Sending an MPLS Echo Request ...
... IP header.
An MPLS echo request is sent with a label stack corresponding to the
FEC Stack being tested. Note that further labels could be applied
...
... RSVP-TE]. If all of the FECs in the
stack correspond to Implicit Null labels, the MPLS echo request is
considered unlabeled even if further labels will be applied in
sending the packet.
...
... also be accomplished by inserting a Router Alert label above this
label; however, this may lead to the undesired side effect that MPLS
echo requests take a different data path than actual data. For more
...
... Sender's Handle and a Sequence Number. When
sending subsequent MPLS echo requests, the sender SHOULD increment
...
... Receiving an MPLS Echo Request ...
...
Sending an MPLS echo request to the control plane is triggered by one
of the following packet processing ...
...
An LSR X that receives an MPLS echo request then processes it as
follows.
...
... 1. General packet sanity is verified. If the packet is not well-
formed, LSR X SHOULD send an MPLS Echo Reply with the Return Code
...
... LSR X does not
understand, LSR X SHOULD send an MPLS "TLV not understood" (as
appropriate), and the Subcode set to zero ...
... Sequence Number, and Timestamp Sent are not examined, but are
included in the MPLS echo reply message.
...
... Set Best-return-code to Return Code 9, "Label switched
but no MPLS forwarding at stack-depth" and set
Best-rtn-subcode to Label-stack-depth and goto
Send_Reply_Packet.
...
... Sending an MPLS Echo Reply ...
... echo reply is a UDP packet. It MUST ONLY be sent in response
to an MPLS echo request. The source IP address is a routable address
...
... MPLS echo reply in response to an
MPLS echo request that it sent. Thus, on receipt of an MPLS echo
reply, X should parse the packet to ensure that it is well-formed ...
... echo reply in response to an
MPLS echo request that it sent. Thus, on receipt of an MPLS echo
reply, X should parse the packet to ensure that it is well-formed,
...
... Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack Encoding", RFC 3032prop, January 2001. ...
... Rosen, E., "Applicability Statement for BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4365 ...
... mechanisms defined here. One is a Denial-of-Service attack, by
sending MPLS echo requests/replies to LSRs and thereby increasing
...
... LSRs and thereby increasing
their workload. The second is obfuscating the state of the MPLS data
plane liveness by spoofing, hijacking ...
... spoofing, hijacking, replaying, or otherwise
tampering with MPLS echo requests and replies. The third is an
unauthorized source using an LSP ping ...
... spoofing attacks involving faking or
replaying MPLS echo reply messages are unlikely to be effective.
These replies would have to match the Sender ...
... These replies would have to match the Sender's Handle and Sequence
Number of an outstanding MPLS echo request message. A non-matching
replay would be discarded as the sequence has moved on, thus a spoof
has only a small window of opportunity. However, to provide a
...
... Sent by requiring and exact match on this field.
To protect against unauthorized sources using MPLS echo request
messages to obtain network information, it is RECOMMENDED that
...
... implementations provide a means of checking the source addresses of
MPLS echo request messages against an access list before accepting
the message.
...
...
It does not seem vital (at this point) to secure the data carried in
MPLS echo requests and replies, although knowledge of the state of
...
... echo requests and replies, although knowledge of the state of
the MPLS data plane may be considered confidential by some.
Implementations SHOULD, however, provide a means of filtering ...