Internet Engineering Task Force (IETF)                      R. Geib, Ed.
Request for Comments: 8403                              Deutsche Telekom
Category: Informational                                      C. Filsfils
ISSN: 2070-1721                                        C. Pignataro, Ed.
                                                                N. Kumar
                                                     Cisco Systems, Inc.
                                                               July 2018
        
      
Internet Engineering Task Force (IETF)                      R. Geib, Ed.
Request for Comments: 8403                              Deutsche Telekom
Category: Informational                                      C. Filsfils
ISSN: 2070-1721                                        C. Pignataro, Ed.
                                                                N. Kumar
                                                     Cisco Systems, Inc.
                                                               July 2018
        
      A Scalable and Topology-Aware MPLS Data-Plane Monitoring System
一种可扩展的拓扑感知MPLS数据平面监控系统
Abstract
摘要
This document describes features of an MPLS path monitoring system and related use cases. Segment-based routing enables a scalable and simple method to monitor data-plane liveliness of the complete set of paths belonging to a single domain. The MPLS monitoring system adds features to the traditional MPLS ping and Label Switched Path (LSP) trace, in a very complementary way. MPLS topology awareness reduces management and control-plane involvement of Operations, Administration, and Maintenance (OAM) measurements while enabling new OAM features.
本文档描述MPLS路径监控系统的功能和相关用例。基于段的路由提供了一种可扩展且简单的方法来监控属于单个域的完整路径集的数据平面活性。MPLS监控系统以一种非常互补的方式向传统的MPLS ping和标签交换路径(LSP)跟踪添加了功能。MPLS拓扑感知减少了操作、管理和维护(OAM)测量的管理和控制平面参与,同时启用了新的OAM功能。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8403.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8403.
Copyright Notice
版权公告
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology and Abbreviations . . . . . . . . . . . . . . . .   5
     2.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
     2.2.  Abbreviations . . . . . . . . . . . . . . . . . . . . . .   6
   3.  An MPLS Topology-Aware Path Monitoring System . . . . . . . .   6
   4.  Illustration of an SR-Based Path Monitoring Use Case  . . . .   8
     4.1.  Use Case 1: LSP Data-Plane Monitoring . . . . . . . . . .   8
     4.2.  Use Case 2: Monitoring a Remote Bundle  . . . . . . . . .  11
     4.3.  Use Case 3: Fault Localization  . . . . . . . . . . . . .  12
   5.  Path Trace and Failure Notification . . . . . . . . . . . . .  12
   6.  Applying SR to Monitoring LSPs That Are Not SR Based (LDP and
       Possibly RSVP-TE) . . . . . . . . . . . . . . . . . . . . . .  13
   7.  PMS Monitoring of Different Segment ID Types  . . . . . . . .  14
   8.  Connectivity Verification Using PMS . . . . . . . . . . . . .  14
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  15
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  17
     11.2.  Informative References . . . . . . . . . . . . . . . . .  17
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  19
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19
        
      
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology and Abbreviations . . . . . . . . . . . . . . . .   5
     2.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
     2.2.  Abbreviations . . . . . . . . . . . . . . . . . . . . . .   6
   3.  An MPLS Topology-Aware Path Monitoring System . . . . . . . .   6
   4.  Illustration of an SR-Based Path Monitoring Use Case  . . . .   8
     4.1.  Use Case 1: LSP Data-Plane Monitoring . . . . . . . . . .   8
     4.2.  Use Case 2: Monitoring a Remote Bundle  . . . . . . . . .  11
     4.3.  Use Case 3: Fault Localization  . . . . . . . . . . . . .  12
   5.  Path Trace and Failure Notification . . . . . . . . . . . . .  12
   6.  Applying SR to Monitoring LSPs That Are Not SR Based (LDP and
       Possibly RSVP-TE) . . . . . . . . . . . . . . . . . . . . . .  13
   7.  PMS Monitoring of Different Segment ID Types  . . . . . . . .  14
   8.  Connectivity Verification Using PMS . . . . . . . . . . . . .  14
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  15
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  17
     11.2.  Informative References . . . . . . . . . . . . . . . . .  17
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  19
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19
        
      Network operators need to be able to monitor the forwarding paths used to transport user packets. Monitoring packets are expected to be forwarded in the data plane in a similar way to user packets. Segment Routing (SR) enables forwarding of packets along predefined paths and segments; thus, an SR monitoring packet can stay in the data plane while passing along one or more segments to be monitored.
网络运营商需要能够监控用于传输用户数据包的转发路径。监视数据包期望以与用户数据包类似的方式在数据平面中转发。段路由(SR)能够沿着预定义的路径和段转发数据包;因此,SR监视分组可以在沿着要监视的一个或多个段传递时停留在数据平面中。
This document describes a system as a functional component called (MPLS) Path Monitoring System or PMS. The PMS uses capabilities for MPLS data-plane path monitoring. The use cases introduced here are limited to a single Interior Gateway Protocol (IGP) MPLS domain. The use cases of this document refer to the PMS realized as a separate node. Although many use cases depict the PMS as a physical node, no assumption should be made, and the node could be virtual. This system is defined as a functional component abstracted to have many realizations. The terms "PMS" and "system" are used interchangeably here.
本文档将系统描述为一个称为(MPLS)路径监控系统或PMS的功能组件。PMS使用MPLS数据平面路径监控功能。这里介绍的用例仅限于单个内部网关协议(IGP)MPLS域。本文档的用例指作为单独节点实现的PM。尽管许多用例将PMS描述为一个物理节点,但不应进行任何假设,并且该节点可以是虚拟的。该系统被定义为一个抽象的功能组件,具有许多实现。术语“PMS”和“系统”在此互换使用。
The system applies to the monitoring of non-SR LSPs like Label Distribution Protocol (LDP) as well as to the monitoring of SR LSPs (Section 7 offers some more information). As compared to non-SR approaches, SR is expected to simplify such a monitoring system by enabling MPLS topology detection based on IGP-signaled segments. The MPLS topology should be detected and correlated with the IGP topology, which is also detected by IGP signaling. Thus, a centralized and MPLS-topology-aware monitoring unit can be realized in an SR domain. This topology awareness can be used for Operation, Administration, and Maintenance (OAM) purposes as described by this document.
该系统适用于非SR LSP(如标签分发协议(LDP))的监控以及SR LSP的监控(第7节提供了更多信息)。与非SR方法相比,SR有望通过基于IGP信号段的MPLS拓扑检测来简化此类监控系统。MPLS拓扑应被检测并与IGP拓扑相关联,IGP拓扑也由IGP信令检测。因此,可以在SR域中实现集中式和MPLS拓扑感知的监视单元。此拓扑感知可用于本文档所述的操作、管理和维护(OAM)目的。
Benefits offered by the system:
系统提供的好处:
o The ability to set up an SR-domain-wide centralized connectivity validation. Many operators of large networks regard a centralized monitoring system as useful.
o 能够设置SR域范围的集中式连接验证。许多大型网络运营商认为集中监控系统很有用。
o The MPLS ping (or continuity check) packets never leave the MPLS user data plane.
o MPLS ping(或连续性检查)数据包永远不会离开MPLS用户数据平面。
o SR allows the transport of MPLS path trace or connectivity validation packets for every LSP to all nodes of an SR domain. This use case doesn't describe new path-trace features. The system described here allows for the set up of an SR-domain-wide centralized connectivity validation, which is useful in large network operator domains.
o SR允许将每个LSP的MPLS路径跟踪或连接验证数据包传输到SR域的所有节点。本用例不描述新的路径跟踪特性。此处描述的系统允许设置SR域范围的集中式连接验证,这在大型网络运营商域中非常有用。
o The system sending the monitoring packet is also receiving it. The payload of the monitoring packet may be chosen freely. This allows probing packets to be sent that represent customer traffic, possibly from multiple services (e.g., small Voice over IP packets, larger HTTP packets), and allows the embedding of useful monitoring data (e.g., accurate timestamps since both sender and receiver have the same clock and sequence numbers to ease the measurement).
o 发送监控数据包的系统也在接收它。监视分组的有效载荷可以自由选择。这允许发送代表客户流量的探测数据包,可能来自多个服务(例如,小型IP语音数据包、大型HTTP数据包),并允许嵌入有用的监控数据(例如,准确的时间戳,因为发送方和接收方具有相同的时钟和序列号,以便于测量)。
o Set up of a flexible MPLS monitoring system in terms of deployment: from one single centralized one to a set of distributed systems (e.g., on a per-region or service basis), and in terms of redundancy from 1+1 to N+1.
o 在部署方面建立灵活的MPLS监控系统:从一个集中式系统到一组分布式系统(例如,基于每个区域或服务),以及从1+1到N+1的冗余。
In addition to monitoring paths, problem localization is required. Topology awareness is an important feature of link-state IGPs deployed by operators of large networks. MPLS topology awareness combined with IGP topology awareness enables a simple and scalable data-plane-based monitoring mechanism. Faults can be localized:
除了监控路径外,还需要对问题进行定位。拓扑感知是大型网络运营商部署的链路状态IGP的一个重要特征。MPLS拓扑感知与IGP拓扑感知相结合,实现了一种简单且可扩展的基于数据平面的监控机制。故障可以定位为:
o by capturing the IGP topology and analyzing IGP messages indicating changes of it.
o 通过捕获IGP拓扑并分析指示其变化的IGP消息。
o by correlation between different SR-based monitoring probes.
o 通过不同基于SR的监测探头之间的相关性。
o by setting up an MPLS traceroute packet for a path (or segment) to be tested and transporting it to a node to validate path connectivity from that node on.
o 通过为要测试的路径(或段)设置MPLS跟踪路由数据包,并将其传输到节点,以验证该节点上的路径连接。
MPLS OAM offers flexible traceroute (connectivity verification) features to detect and execute data paths of an MPLS domain. By utilizing the ECMP-related tool set offered, e.g., by RFC 8029 [RFC8029], an SR-based MPLS monitoring system can be enabled to:
MPLS OAM提供灵活的跟踪路由(连接验证)功能,以检测和执行MPLS域的数据路径。通过利用RFC 8029[RFC8029]等提供的ECMP相关工具集,基于SR的MPLS监控系统可以实现:
o detect how to route packets along different ECMP-routed paths.
o 检测如何沿不同ECMP路由路径路由数据包。
o Construct ping packets that can be steered along a single path or ECMP towards a particular LER/LSR whose connectivity is to be checked.
o 构造ping数据包,该数据包可沿单个路径或ECMP导向要检查其连接的特定LER/LSR。
o limit the MPLS label stack of such a ping packet, checking continuity of every single IGP segment to the maximum number of 3 labels. A smaller label stack may also be helpful, if any router interprets a limited number of packet header bytes to determine an ECMP along which to route a packet.
o 限制这样一个ping数据包的MPLS标签栈,检查每个IGP段的连续性,最多3个标签。如果任何路由器解释有限数量的分组报头字节以确定沿其路由分组的ECMP,则较小的标签堆栈也可能有用。
Alternatively, any path may be executed by building suitable label stacks. This allows path execution without ECMP awareness.
或者,可以通过构建合适的标签堆栈来执行任何路径。这允许在没有ECMP意识的情况下执行路径。
   The MPLS PMS may be any server residing at a single interface of the
   domain to be monitored.  The PMS doesn't need to support the complete
   MPLS routing or control plane.  It needs to be capable of learning
   and maintaining an accurate MPLS and IGP topology.  MPLS ping and
   traceroute packets need to be set up and sent with the correct
   segment stack.  The PMS must further be able to receive and decode
   returning ping or traceroute packets.  Packets from a variety of
   protocols can be used to check continuity.  These include Internet
   Control Message Protocol (ICMP) [RFC0792] [RFC4443] [RFC4884]
   [RFC4950], Bidirectional Forwarding Detection (BFD) [RFC5884],
   Seamless Bidirectional Forwarding Detection (S-BFD) [RFC7880]
   [RFC7881] (see Section 3.4 of [RFC7882]), and MPLS LSP ping
   [RFC8029].  They can also have any other OAM format supported by the
   PMS.  As long as the packet used to check continuity returns to the
   server while no IGP change is detected, the monitored path can be
   considered as validated.  If monitoring requires pushing a large
   label stack, a software-based implementation is usually more flexible
   than a hardware-based one.  Hence, router label stack depth and label
   composition limitations don't limit MPLS OAM choices.
        
      
   The MPLS PMS may be any server residing at a single interface of the
   domain to be monitored.  The PMS doesn't need to support the complete
   MPLS routing or control plane.  It needs to be capable of learning
   and maintaining an accurate MPLS and IGP topology.  MPLS ping and
   traceroute packets need to be set up and sent with the correct
   segment stack.  The PMS must further be able to receive and decode
   returning ping or traceroute packets.  Packets from a variety of
   protocols can be used to check continuity.  These include Internet
   Control Message Protocol (ICMP) [RFC0792] [RFC4443] [RFC4884]
   [RFC4950], Bidirectional Forwarding Detection (BFD) [RFC5884],
   Seamless Bidirectional Forwarding Detection (S-BFD) [RFC7880]
   [RFC7881] (see Section 3.4 of [RFC7882]), and MPLS LSP ping
   [RFC8029].  They can also have any other OAM format supported by the
   PMS.  As long as the packet used to check continuity returns to the
   server while no IGP change is detected, the monitored path can be
   considered as validated.  If monitoring requires pushing a large
   label stack, a software-based implementation is usually more flexible
   than a hardware-based one.  Hence, router label stack depth and label
   composition limitations don't limit MPLS OAM choices.
        
      RFC 8287 [RFC8287] discusses SR OAM applicability and MPLS traceroute enhancements adding functionality to the use cases described by this document.
RFC 8287[RFC8287]讨论了SR OAM的适用性和MPLS跟踪路由的增强功能,将功能添加到本文档描述的用例中。
The document describes both use cases and a standalone monitoring framework. The monitoring system reuses existing IETF OAM protocols and leverage Segment Routing (Source Routing) to allow a single device to send, have exercised, and receive its own probing packets. As a consequence, there are no new interoperability considerations. A Standards Track RFC is not required; Informational status for this document is appropriate
该文档描述了用例和独立的监控框架。监控系统重用现有的IETF OAM协议,并利用段路由(源路由)允许单个设备发送、执行和接收自己的探测数据包。因此,没有新的互操作性考虑。不需要标准轨道RFC;此文档的信息状态是适当的
Continuity Check
连续性检查
See Section 2.2.7 of RFC 7276 [RFC7276].
参见RFC 7276[RFC7276]第2.2.7节。
Connectivity Verification
连通性验证
See Section 2.2.7 of RFC 7276 [RFC7276].
参见RFC 7276[RFC7276]第2.2.7节。
MPLS topology
MPLS拓扑
The MPLS topology of an MPLS domain is the complete set of MPLS-and IP-address information and all routing and data-plane information required to address and utilize every MPLS path within this domain from an MPLS PMS attached to this MPLS domain at an arbitrary access. This document assumes availability of the MPLS topology (which can be detected with available protocols and interfaces). None of the use cases will describe how to set it up.
MPLS域的MPLS拓扑是一组完整的MPLS和IP地址信息以及所有路由和数据平面信息,这些信息是从以任意访问方式连接到此MPLS域的MPLS PM地址和利用此域内的每个MPLS路径所需的。本文档假设MPLS拓扑可用(可用协议和接口可以检测到)。没有一个用例会描述如何设置它。
This document further adopts the terminology and framework described in [RFC8402].
本文件进一步采用了[RFC8402]中描述的术语和框架。
ECMP Equal-Cost Multipath
等成本多路径
IGP Interior Gateway Protocol
内部网关协议
LER Label Edge Router
标签边缘路由器
LSP Label Switched Path
标签交换路径
LSR Label Switching Router
标签交换路由器
OAM Operations, Administration, and Maintenance
OAM操作、管理和维护
PMS Path Monitoring System
PMS路径监控系统
RSVP-TE Resource Reservation Protocol - Traffic Engineering
RSVP-TE资源预留协议-流量工程
SID Segment Identifier
SID段标识符
SR Segment Routing
SR段路由
SRGB Segment Routing Global Block
SRGB段路由全局块
Any node at least listening to the IGP of an SR domain is MPLS topology aware (the node knows all related IP addresses, SR SIDs and MPLS labels). An MPLS PMS that is able to learn the IGP Link State Database (LSDB) (including the SIDs) is able to execute arbitrary chains of LSPs. To monitor an MPLS SR domain, a PMS needs to set up a topology database of the MPLS SR domain to be monitored. It may be used to send ping-type packets to only check continuity along such a path chain based only on the topology information. In addition, the
至少侦听SR域的IGP的任何节点都是MPLS拓扑感知的(该节点知道所有相关的IP地址、SR SID和MPLS标签)。能够学习IGP链路状态数据库(LSDB)(包括SID)的MPLS PMS能够执行任意LSP链。为了监视MPLS SR域,PMS需要建立要监视的MPLS SR域的拓扑数据库。它可用于发送ping类型分组,以便仅基于拓扑信息沿这样的路径链检查连续性。此外,
PMS can be used to trace MPLS LSP and, thus, verify their connectivity and correspondence between control and data planes, respectively. The PMS can direct suitable MPLS traceroute packets to any node along a path segment.
PMS可用于跟踪MPLS LSP,从而分别验证其控制平面和数据平面之间的连接和对应关系。PMS可以将合适的MPLS跟踪路由数据包定向到沿路径段的任何节点。
Let us describe how the PMS constructs a label stack to transport a packet to LER i, monitor its path to LER j, and then receive the packet back.
让我们描述PMS如何构造一个标签堆栈,将数据包传输到LER i,监视其到LER j的路径,然后接收回数据包。
The PMS may do so by sending packets carrying the following MPLS label stack information:
PMS可以通过发送携带以下MPLS标签堆栈信息的包来实现这一点:
o Top Label: a path from PMS to LER i, which is expressed as Node-SID of LER i.
o 顶部标签:从PMS到LER i的路径,表示为LER i的节点SID。
o Next Label: the path that needs to be monitored from LER i to LER j. If this path is a single physical interface (or a bundle of connected interfaces), it can be expressed by the related Adj-SID. If the shortest path from LER i to LER j is supposed to be monitored, the Node-SID (LER j) can be used. Another option is to insert a list of segments expressing the desired path (hop by hop as an extreme case). If LER i pushes a stack of labels based on an SR policy decision and this stack of LSPs is to be monitored, the PMS needs an interface to collect the information enabling it to address this SR-created path.
o 下一个标签:从LER i到LER j需要监控的路径。如果此路径是单个物理接口(或连接的接口束),则可以用相关的Adj SID表示。如果要监视从LER i到LER j的最短路径,则可以使用节点SID(LER j)。另一个选项是插入表示所需路径的段列表(极端情况下逐跳)。如果LER i根据SR策略决策推送标签堆栈,并且要监控LSP堆栈,则PMS需要一个接口来收集信息,使其能够寻址SR创建的路径。
o Next Label or address: the path back to the PMS. Likely, no further segment/label is required here. Indeed, once the packet reaches LER j, the 'steering' part of the solution is done, and the probe just needs to return to the PMS. This is best achieved by popping the MPLS stack and revealing a probe packet with PMS as destination address (note that in this case, the source and destination addresses could be the same). If an IP address is applied, no SID/label has to be assigned to the PMS (if it is a host/server residing in an IP subnet outside the MPLS domain).
o 下一个标签或地址:返回PMS的路径。此处可能不需要进一步的段/标签。事实上,一旦数据包到达LER j,解决方案的“指导”部分就完成了,探针只需要返回到PMS。这最好通过弹出MPLS堆栈并显示一个以PMS作为目标地址的探测包来实现(注意,在这种情况下,源地址和目标地址可能相同)。如果应用了IP地址,则不必为PMS分配SID/标签(如果它是驻留在MPLS域之外的IP子网中的主机/服务器)。
The PMS should be physically connected to a router that is part of the SR domain. It must be able to send and receive MPLS packets via this interface. As mentioned above, the routing protocol support isn't required, and the PMS itself doesn't have to be involved in IGP or MPLS routing. A static route will do. The option to connect a PMS to an MPLS domain by a tunnel may be attractive to some operators. So far, MPLS separates networks securely by avoiding tunnel access to MPLS domains. Tunnel-based access of a PMS to an MPLS domain is out of scope of this document, as it implies additional security aspects.
PMS应物理连接到属于SR域的路由器。它必须能够通过该接口发送和接收MPLS数据包。如上所述,不需要路由协议支持,PMS本身也不必参与IGP或MPLS路由。静态路由就可以了。通过隧道将PMS连接到MPLS域的选项可能对某些运营商具有吸引力。到目前为止,MPLS通过避免隧道访问MPLS域来安全地隔离网络。基于隧道的PMS到MPLS域的访问超出了本文档的范围,因为这意味着额外的安全方面。
Figure 1 shows an example of this functional component as a system, which can be physical or virtual.
图1显示了这个功能组件作为一个系统的示例,它可以是物理的,也可以是虚拟的。
                  +---+     +----+     +-----+
                  |PMS|     |LSR1|-----|LER i|
                  +---+     +----+     +-----+
                     |      /      \    /
                     |     /        \__/
                   +-----+/           /|
                   |LER m|           / |
                   +-----+\         /  \
                           \       /    \
                            \+----+     +-----+
                             |LSR2|-----|LER j|
                             +----+     +-----+
        
      
                  +---+     +----+     +-----+
                  |PMS|     |LSR1|-----|LER i|
                  +---+     +----+     +-----+
                     |      /      \    /
                     |     /        \__/
                   +-----+/           /|
                   |LER m|           / |
                   +-----+\         /  \
                           \       /    \
                            \+----+     +-----+
                             |LSR2|-----|LER j|
                             +----+     +-----+
        
      Figure 1: Example of a PMS-Based LSP Data-Plane Monitoring
图1:基于PMS的LSP数据平面监控示例
For the sake of simplicity, let's assume that all the nodes are configured with the same SRGB [RFC8402].
为了简单起见,假设所有节点都配置了相同的SRGB[RFC8402]。
Let's assign the following Node-SIDs to the nodes of the figure: PMS = 10, LER i = 20, LER j = 30.
让我们将以下节点SID分配给图中的节点:PMS=10,LER i=20,LER j=30。
The aim is to set up a continuity check of the path between LER i and LER j. As has been said, the monitoring packets are to be sent and received by the PMS. Let's assume the design aim is to be able to work with the smallest possible SR label stack. In the given topology, a fairly simple option is to perform an MPLS path trace, as specified by RFC 8029 [RFC8029] (using the Downstream (Detailed) Mapping information resulting from a path trace). The starting point for the path trace is LER i and the PMS sends the MPLS path trace packet to LER i. The MPLS echo reply of LER i should be sent to the PMS. As a result, the IP destination address choices are detected, which are then used to target any one of the ECMP-routed paths between LER i and LER j by the MPLS ping packets to later check path continuity. The label stack of these ping packets doesn't need to consist of more than 3 labels. Finally, the PMS sets up and sends packets to monitor connectivity of the ECMP routed paths. The PMS does this by creating a measurement packet with the following label stack (top to bottom): 20 - 30 - 10. The ping packets reliably use the monitored path, if the IP-address information that has been
目的是对LER i和LER j之间的路径进行连续性检查。如前所述,监控数据包将由PMS发送和接收。让我们假设设计目标是能够使用尽可能最小的SR标签堆栈。在给定拓扑中,一个相当简单的选项是执行由RFC 8029[RFC8029]指定的MPLS路径跟踪(使用路径跟踪产生的下游(详细)映射信息)。路径跟踪的起点是LER i,PMS将MPLS路径跟踪数据包发送到LER i。LER i的MPLS回音回复应发送至PMS。结果,检测到IP目的地地址选择,然后通过MPLS ping分组将其用于针对LER i和LER j之间的ECMP路由路径中的任何一个,以稍后检查路径连续性。这些ping数据包的标签堆栈不需要包含超过3个标签。最后,PMS设置并发送数据包以监控ECMP路由路径的连接。PMS通过创建具有以下标签堆栈(从上到下)的测量数据包来实现这一点:20-30-10。如果IP地址信息已被删除,则ping数据包将可靠地使用受监视的路径
detected by the MPLS traceroute is used as the IP destination address (note that this IP address isn't used or required for any IP routing).
MPLS跟踪路由检测到的IP地址用作IP目标地址(请注意,任何IP路由都不使用或不需要此IP地址)。
LER m forwards the packet received from the PMS to LSR1. Assuming Penultimate Hop Popping is deployed, LSR1 pops the top label and forwards the packet to LER i. There the top label has a value 30 and LER i forwards it to LER j. This will be done transmitting the packet via LSR1 or LSR2. The LSR will again pop the top label. LER j will forward the packet now carrying the top label 10 to the PMS (and it will pass a LSR and LER m).
LER m将从PMS接收的数据包转发到LSR1。假设部署了倒数第二跳弹出,LSR1弹出顶部标签并将数据包转发给LER i。顶部标签的值为30,LER i将其转发给LER j。这将通过LSR1或LSR2传输数据包来完成。LSR将再次弹出顶部标签。LER j将现在携带顶部标签10的数据包转发给PMS(并且它将通过LSR和LER m)。
A few observations on the example given in Figure 1:
对图1中给出的示例的一些观察结果:
o The path from PMS to LER i must be available (i.e., a continuity check along the path to LER i must succeed). If desired, an MPLS traceroute may be used to exactly detect the data-plane path taken for this MPLS segment. It is usually sufficient to just apply any of the existing Shortest Path routed paths.
o 从PMS到LER i的路径必须可用(即,沿LER i路径的连续性检查必须成功)。如果需要,可以使用MPLS跟踪器路由来准确地检测该MPLS段所采用的数据平面路径。通常只应用任何现有的最短路径就足够了。
o If ECMP is deployed, separate continuity checks monitoring all possible paths that a packet may use between LER i and LER j may be desired. This can be done by applying an MPLS traceroute between LER i and LER j. Another option is to use SR, but this will likely require additional label information within the label stack of the ping packet. Further, if multiple links are deployed between two nodes, SR methods to address each individual path require an Adj-SID to be assigned to each single interface. This method is based on control-plane information -- a connectivity verification based on MPLS traceroute seems to be a fairly good option to deal with ECMP and validation of correlation between control and data planes.
o 如果部署了ECMP,则可能需要进行单独的连续性检查,以监控LER i和LER j之间的数据包可能使用的所有可能路径。这可以通过在LER i和LER j之间应用MPLS跟踪路由来实现。另一种选择是使用SR,但这可能需要ping数据包的标签堆栈中的附加标签信息。此外,如果在两个节点之间部署多个链路,则寻址每个单独路径的SR方法需要为每个接口分配Adj SID。该方法基于控制平面信息——基于MPLS跟踪路由的连接验证似乎是处理ECMP和验证控制平面和数据平面之间相关性的一个相当好的选择。
o The path LER j to PMS must be available (i.e., a continuity check only along the path from LER j to PMS must succeed). If desired, an MPLS traceroute may be used to exactly detect the data-plane path taken for this MPLS segment. It is usually sufficient to just apply any of the existing Shortest Path routed paths.
o LER j至PMS的路径必须可用(即,仅沿LER j至PMS的路径进行的连续性检查必须成功)。如果需要,可以使用MPLS跟踪器路由来准确地检测该MPLS段所采用的数据平面路径。通常只应用任何现有的最短路径就足够了。
Once the MPLS paths (Node-SIDs) and the required information to deal with ECMP have been detected, the path continuity between LER i and LER j can be monitored by the PMS. Path continuity monitoring by ping packets does not require the MPLS OAM functionality described in RFC 8029 [RFC8029]. All monitoring packets stay on the data plane; hence, path continuity monitoring does not require control-plane interaction in any LER or LSR of the domain. To ensure consistent interpretation of the results, the PMS should be aware of any changes in IGP or MPLS topology or ECMP routing. While this document
一旦检测到MPLS路径(节点SID)和处理ECMP所需的信息,PMS就可以监控LER i和LER j之间的路径连续性。通过ping数据包进行的路径连续性监视不需要RFC 8029[RFC8029]中描述的MPLS OAM功能。所有监控数据包都停留在数据平面上;因此,路径连续性监控不需要域的任何LER或LSR中的控制平面交互。为确保结果的一致性,PM应了解IGP或MPLS拓扑或ECMP路由的任何变化。当这份文件
describes path connectivity checking as a basic application, additional monitoring (like checking continuity of underlying physical infrastructure or performing delay measurements) may be desired. A change in ECMP routing that is not caused by an IGP or MPLS topology change may not be desirable for connectivity checks and delay measurements. Therefore, a PMS should also periodically verify connectivity of the SR paths that are monitored for continuity.
将路径连接检查描述为一个基本应用程序,可能需要额外的监视(如检查底层物理基础设施的连续性或执行延迟测量)。并非由IGP或MPLS拓扑更改引起的ECMP路由更改可能不适合用于连接检查和延迟测量。因此,PMS还应定期验证受连续性监控的SR路径的连通性。
Determining a path to be executed prior to a measurement may also be done by setting up a label stack including all Node-SIDs along that path (if LSR1 has Node-SID 40 in the example and it should be passed between LER i and LER j, the label stack is 20 - 40 - 30 - 10). The advantage of this method is that it does not involve connectivity verification as specified in RFC 8029 [RFC8029] and, if there's only one physical connection between all nodes, the approach is independent of ECMP functionalities. The method still is able to monitor all link combinations of all paths of an MPLS domain. If correct forwarding along the desired paths has to be checked, or multiple physical connections exist between any two nodes, all Adj-SIDs along that path should be part of the label stack.
在测量之前确定要执行的路径也可以通过设置包括沿该路径的所有节点SID的标签堆栈来完成(如果示例中LSR1具有节点SID 40,并且应该在LER i和LER j之间传递,则标签堆栈为20-40-30-10)。该方法的优点是,它不涉及RFC 8029[RFC8029]中规定的连接验证,并且,如果所有节点之间只有一个物理连接,则该方法独立于ECMP功能。该方法仍然能够监视MPLS域的所有路径的所有链路组合。如果必须检查沿所需路径的正确转发,或者任意两个节点之间存在多个物理连接,则沿该路径的所有Adj SID都应该是标签堆栈的一部分。
While a single PMS can detect the complete MPLS control- and data-plane topology, a reliable deployment requires two separated PMSs. Scalable permanent surveillance of a set of LSPs could require deployment of several PMSs. The PMS may be a router, but could also be a dedicated monitoring system. If measurement system reliability is an issue, more than a single PMS may be connected to the MPLS domain.
虽然单个PMS可以检测完整的MPLS控制和数据平面拓扑,但可靠的部署需要两个独立的PMS。对一组LSP的可扩展永久监视可能需要部署多个PMS。PMS可以是路由器,也可以是专用监控系统。如果测量系统的可靠性存在问题,则多个PMS可能连接到MPLS域。
Monitoring an MPLS domain by a PMS based on SR offers the option of monitoring complete MPLS domains with limited effort and a unique possibility to scale a flexible monitoring solution as required by the operator (the number of PMSs deployed is independent of the locations of the origin and destination of the monitored paths). The PMS can be enabled to send MPLS OAM packets with the label stacks and address information identical to those of the monitoring packets to any node of the MPLS domain. The routers of the monitored domain should support MPLS LSP ping RFC 8029 [RFC8029]. They may also incorporate the additional enhancements defined in RFC 8287 [RFC8287] to incorporate further MPLS traceroute features. ICMP-ping-based continuity checks don't require router-control-plane activity. Prior to monitoring a path, MPLS OAM may be used to detect ECMP-dependent forwarding of a packet. A PMS may be designed to learn the IP address information required to execute a particular ECMP-routed path and interfaces along that path. This allows for the monitoring of these paths with label stacks reduced to a limited number of Node-
通过基于SR的PMS监控MPLS域提供了监控完整MPLS域的选项,并提供了一种独特的可能性,可以根据运营商的要求扩展灵活的监控解决方案(部署的PMS数量与受监控路径的起点和目标位置无关)。可使PMS能够向MPLS域的任何节点发送具有与监视分组相同的标签栈和地址信息的MPLS OAM分组。受监控域的路由器应支持MPLS LSP ping RFC 8029[RFC8029]。它们还可以包含RFC 8287[RFC8287]中定义的附加增强功能,以包含更多MPLS跟踪路由功能。基于ICMP ping的连续性检查不需要路由器控制平面活动。在监视路径之前,MPLS OAM可用于检测包的依赖于ECMP的转发。PMS可设计用于学习执行特定ECMP路由路径所需的IP地址信息以及沿该路径的接口。这允许通过将标签堆栈减少到有限数量的节点来监视这些路径-
SIDs resulting from Shortest Path First (SPF) routing. The PMS does not require access to information about LSR/LER management or data planes to do so.
最短路径优先(SPF)路由产生的SID。PMS不需要访问有关LSR/LER管理或数据平面的信息。
               +---+    _   +--+                    +-------+
               |   |   { }  |  |---991---L1---662---|       |
               |PMS|--{   }-|R1|---992---L2---663---|R2 (72)|
               |   |   {_}  |  |---993---L3---664---|       |
               +---+        +--+                    +-------+
        
      
               +---+    _   +--+                    +-------+
               |   |   { }  |  |---991---L1---662---|       |
               |PMS|--{   }-|R1|---992---L2---663---|R2 (72)|
               |   |   {_}  |  |---993---L3---664---|       |
               +---+        +--+                    +-------+
        
      Figure 2: SR-Based Probing of All the Links of a Remote Bundle
图2:基于SR的远程捆绑包所有链接的探测
In the figure, R1 addresses Link "x" Lx by the Adj-SID 99x, while R2 addresses Link Lx by the Adj-SID 66(x+1).
在图中,R1通过Adj SID 99x寻址链路“x”Lx,而R2通过Adj SID 66(x+1)寻址链路Lx。
In the above figure, the PMS needs to assess the data-plane availability of all the links within a remote bundle connected to routers R1 and R2.
在上图中,PMS需要评估连接到路由器R1和R2的远程捆绑包中所有链路的数据平面可用性。
The monitoring system retrieves the SID/label information from the IGP LSDB and appends the following segment list/label stack: {72, 662, 992, 664} on its IP probe (whose source and destination addresses are the address of the PMS).
监控系统从IGP LSDB检索SID/标签信息,并在其IP探测器上附加以下段列表/标签堆栈:{72,662,992,664}(其源地址和目标地址为PMS的地址)。
The PMS sends the probe to its connected router. The MPLS/SR domain then forwards the probe to R2 (72 is the Node-SID of R2). R2 forwards the probe to R1 over link L1 (Adj-SID 662). R1 forwards the probe to R2 over link L2 (Adj-SID 992). R2 forwards the probe to R1 over link L3 (Adj-SID 664). R1 then forwards the IP probe to the PMS as per classic IP forwarding.
PMS将探头发送至其连接的路由器。然后,MPLS/SR域将探测转发给R2(72是R2的节点SID)。R2通过链路L1(Adj SID 662)将探头转发给R1。R1通过链路L2(Adj SID 992)将探头转发给R2。R2通过链路L3(Adj SID 664)将探头转发至R1。R1然后按照经典IP转发将IP探测器转发给PMS。
As was mentioned in Section 4.1, the PMS must be able to monitor the continuity of the path PMS to R2 (Node-SID 72) as well as the continuity from R1 to the PMS. If both are given and packets are lost, forwarding on one of the three interfaces connecting R1 to R2 must be disturbed.
如第4.1节所述,PMS必须能够监控路径PMS到R2(节点SID 72)的连续性以及从R1到PMS的连续性。如果两者都给定,并且数据包丢失,则必须干扰连接R1到R2的三个接口之一上的转发。
In the previous example, a unidirectional fault on the middle link in direction of R2 to R1 would be localized by sending the following two probes with respective segment lists:
在前面的示例中,通过发送以下两个带有相应段列表的探针,可以定位R2至R1方向中间链路上的单向故障:
o 72, 662, 992, 664
o 72, 662, 992, 664
o 72, 663, 992, 664
o 72, 663, 992, 664
The first probe would succeed while the second would fail. Correlation of the measurements reveals that the only difference is using the Adj-SID 663 of the middle link from R2 to R1 in the unsuccessful measurement. Assuming the second probe has been routed correctly, the problem is that, for some (possibly unknown) reason, SR packets to be forwarded from R2 via the interface identified by Adj-SID 663 are lost.
第一次探测将成功,而第二次探测将失败。测量的相关性表明,唯一的区别是在不成功的测量中使用从R2到R1的中间链路的Adj SID 663。假设第二个探测器已正确路由,问题在于,由于某些(可能未知)原因,将通过Adj SID 663标识的接口从R2转发的SR数据包丢失。
The example above only illustrates a method to localize a fault by correlated continuity checks. Any operational deployment requires well-designed engineering to allow for the desired unambiguous diagnosis on the monitored section of the SR network. 'Section' here could be a path, a single physical interface, the set of all links of a bundle, or an adjacency of two nodes (just to name a few).
上述示例仅说明了通过相关连续性检查定位故障的方法。任何操作部署都需要精心设计的工程设计,以便在SR网络的受监控部分进行所需的明确诊断。”这里的“部分”可以是路径、单个物理接口、捆绑包的所有链接集或两个节点的邻接(仅举几个例子)。
Sometimes, forwarding along a single path doesn't work, even though the control-plane information is healthy. Such a situation may occur after maintenance work within a domain. An operator may perform on-demand tests, but execution of automated PMS path trace checks may be set up as well (scope may be limited to a subset of important end-to-end paths crossing the router or network section after completion of the maintenance work there). Upon detection of a path that can't be used, the operator needs to be notified. A check ensuring that a re-routing event is differed from a path facing whose forwarding behavior doesn't correspond to the control-plane information is necessary (but out of scope of this document).
有时,即使控制平面信息正常,沿单个路径转发也不起作用。这种情况可能发生在域内的维护工作之后。操作员可以执行按需测试,但也可以设置自动PMS路径跟踪检查的执行(范围可能限于在完成维护工作后穿过路由器或网络段的重要端到端路径的子集)。当检测到无法使用的路径时,需要通知操作员。有必要进行检查,确保重路由事件与转发行为不符合控制平面信息的路径不同(但不在本文档范围内)。
Adding an automated problem solution to the PMS features only makes sense if the root cause of the symptom appears often, can be assumed to be unambiguous by its symptoms, can be solved by a predetermined chain of commands, is not collaterally damaged by the automated PMS reaction. A closer analysis is out of scope of this document.
只有当症状的根本原因经常出现,可以假定其症状是明确的,可以通过预定的命令链解决,并且不会因自动PMS反应而受到附带损害时,向PMS功能添加自动问题解决方案才有意义。更详细的分析超出了本文件的范围。
The PMS is expected to check control-plane liveliness after a path repair effort was executed. It doesn't matter whether the path repair was triggered manually or by an automated system.
在执行路径修复工作后,预计PMS将检查控制平面的活动性。路径修复是手动触发还是由自动系统触发并不重要。
6. Applying SR to Monitoring LSPs That Are Not SR Based (LDP and Possibly RSVP-TE)
6. 将SR应用于监控不基于SR的LSP(LDP和可能的RSVP-TE)
The MPLS PMS described by this document can be realized with technology that is not SR based. Making such a monitoring system that is not SR MPLS based aware of a domain's complete MPLS topology requires, e.g., management-plane access to the routers of the domain to be monitored or set up of a dedicated tLDP tunnel per router to set up an LDP adjacency. To avoid the use of stale MPLS label information, the IGP must be monitored and MPLS topology must be aligned with IGP topology in a timely manner. Enhancing IGPs to the exchange of MPLS-topology information as done by SR significantly simplifies and stabilizes such an MPLS PMS.
本文档中描述的MPLS PM可以使用非基于SR的技术实现。使这种非基于SR-MPLS的监控系统了解域的完整MPLS拓扑需要,例如,管理平面访问要监控的域的路由器,或者为每个路由器设置专用tLDP隧道以设置LDP邻接。为了避免使用过时的MPLS标签信息,必须监控IGP,并且MPLS拓扑必须及时与IGP拓扑对齐。如SR所做的那样,将IGP增强为MPLS拓扑信息的交换,可显著简化和稳定此类MPLS PMS。
An SR-based PMS connected to an MPLS domain consisting of LER and LSRs supporting SR and LDP or RSVP-TE in parallel in all nodes may use SR paths to transmit packets to and from the start and endpoints of LSPs that are not SR based to be monitored. In the example given in Figure 1, the label stack top to bottom may be as follows, when sent by the PMS:
连接到由在所有节点中并行支持SR和LDP或RSVP-TE的LER和LSR组成的MPLS域的基于SR的PM可以使用SR路径向不基于SR的LSP的起点和终点发送数据包。在图1中给出的示例中,当PMS发送时,标签堆栈从上到下可能如下所示:
o Top: SR-based Node-SID of LER i at LER m.
o 顶部:LER m处LER i的基于SR的节点SID。
o Next: LDP or RSVP-TE label identifying the path or tunnel, respectively, from LER i to LER j (at LER i).
o 下一步:LDP或RSVP-TE标签,分别标识从LER i到LER j(在LER i处)的路径或隧道。
o Bottom: SR-based Node-SID identifying the path to the PMS at LER j.
o 底部:基于SR的节点SID,标识LER j处的PMS路径。
While the mixed operation shown here still requires the PMS to be aware of the LER LDP-MPLS topology, the PMS may learn the SR MPLS topology by the IGP and use this information.
虽然这里所示的混合操作仍然要求pm知道LER LDP-MPLS拓扑,但是pm可以通过IGP学习SR MPLS拓扑并使用该信息。
An implementation report on a PMS operating in an LDP domain is given in [MPLS-PMS-REPORT]. In addition, this report compares delays measured with a single PMS to the results measured by systems that are conformant with IP Performance Metrics (IPPM) connected to the MPLS domain at three sites (see [RFC6808] for IPPM conformance). The delay measurements of the PMS and the IPPM Measurement Agents were compared based on a statistical test in [RFC6576]. The Anderson Darling k-sample test showed that the PMS round-trip delay measurements are equal to those captured by an IPPM-conformant IP measurement system for 64 Byte measurement packets with 95% confidence.
[MPLS-PMS-report]中给出了在LDP域中运行的PMS的实施报告。此外,本报告将单个PM测量的延迟与三个站点连接到MPLS域的符合IP性能指标(IPPM)的系统测量的结果进行比较(IPPM符合性见[RFC6808])。根据[RFC6576]中的统计测试,比较了PMS和IPPM测量代理的延迟测量。Anderson-Darling k样本测试表明,PMS往返延迟测量值与IPPM一致性IP测量系统捕获的64字节测量数据包的测量值相等,置信度为95%。
The authors are not aware of similar deployment for RSVP-TE. Identification of tunnel entry- and transit-nodes may add complexity. They are not within scope of this document.
作者不知道RSVP-TE的类似部署。隧道入口和运输节点的识别可能会增加复杂性。它们不在本文件的范围内。
MPLS SR topology awareness should allow the PMS to monitor liveliness of SIDs related to interfaces within the SR and IGP domain, respectively. Tracing a path where an SR-capable node assigns an Adj-SID for a node that is not SR capable may fail. This and other backward compatibility with non-SR devices are discussed by RFC 8287 [RFC8287].
MPLS SR拓扑感知应允许PM分别监控SR和IGP域内接口相关的SID的活动性。跟踪支持SR的节点为不支持SR的节点分配Adj SID的路径可能会失败。RFC 8287[RFC8287]讨论了与非SR设备的这种向后兼容性和其他向后兼容性。
To match control-plane information with data-plane information for all relevant types of Segment IDs, RFC 8287 [RFC8287] enhances MPLS OAM functions defined by RFC 8029 [RFC8029].
为了将所有相关类型的段ID的控制平面信息与数据平面信息相匹配,RFC 8287[RFC8287]增强了RFC 8029[RFC8029]定义的MPLS OAM功能。
While the PMS-based use cases explained in Section 5 are sufficient to provide continuity checks between LER i and LER j, they may not help perform connectivity verification.
虽然第5节中解释的基于PMS的用例足以提供LER i和LER j之间的连续性检查,但它们可能无助于执行连接验证。
                       +---+
                       |PMS|
                       +---+
                         |
                         |
                      +----+     +----+     +-----+
                      |LSRa|-----|LSR1|-----|LER i|
                      +----+     +----+     +-----+
                         |      /      \    /
                         |     /        \__/
                       +-----+/           /|
                       |LER m|           / |
                       +-----+\         /  \
                               \       /    \
                                \+----+     +-----+
                                 |LSR2|     |LER j|
                                 +----+     +-----+
        
      
                       +---+
                       |PMS|
                       +---+
                         |
                         |
                      +----+     +----+     +-----+
                      |LSRa|-----|LSR1|-----|LER i|
                      +----+     +----+     +-----+
                         |      /      \    /
                         |     /        \__/
                       +-----+/           /|
                       |LER m|           / |
                       +-----+\         /  \
                               \       /    \
                                \+----+     +-----+
                                 |LSR2|     |LER j|
                                 +----+     +-----+
        
      Figure 3: Connectivity Verification with a PMS
图3:使用PMS进行连接验证
Let's assign the following Node-SIDs to the nodes of the figure: PMS = 10, LER i = 20, LER j = 30, LER m = 40. The PMS is intended to validate the path between LER m and LER j. In order to validate this path, the PMS will send the probe packet with a label stack of (top to bottom): {40} {30} {10}. Imagine any of the below forwarding entry misprogrammed situation:
让我们将以下节点SID分配给图中的节点:PMS=10,LER i=20,LER j=30,LER m=40。PMS旨在验证LER m和LER j之间的路径。为了验证该路径,PMS将发送标签堆栈为(从上到下){40}{30}{10}的探测数据包。设想以下任何一种转发条目编程错误的情况:
o LSRa receiving any packet with top label 40 will POP and forwards to LSR1 instead of LER m.
o LSRa接收到任何带有顶部标签40的数据包时,将弹出并转发到LSR1,而不是LER m。
o LSR1 receiving any packet with top label 30 will pop and forward to LER i instead of LER j.
o LSR1接收到任何带有顶部标签30的数据包时,将弹出并转发到LER i而不是LER j。
In either of the above situations, the probe packet will be delivered back to the PMS leading to a falsified path liveliness indication by the PMS.
在上述任何一种情况下,探测数据包将被发送回PMS,导致PMS伪造的路径活跃度指示。
Connectivity Verification functions help us to verify if the probe is taking the expected path. For example, the PMS can intermittently send the probe packet with a label stack of (top to bottom): {40;ttl=255} {30;ttl=1} {10;ttl=255}. The probe packet may carry information about LER m, which could be carried in the Target FEC Stack in case of an MPLS Echo Request or Discriminator in the case of Seamless BFD. When LER m receives the packet, it will punt due to Time-To-Live (TTL) expiry and send a positive response. In the above-mentioned misprogramming situation, LSRa will forward to LSR1, which will send a negative response to the PMS as the information in probe does not match the local node. The PMS can do the same for bottom label as well. This will help perform connectivity verification and ensure that the path between LER m and LER j is working as expected.
连接性验证功能帮助我们验证探测器是否采用预期路径。例如,PMS可以间歇地发送标签堆栈为(从上到下):{40;ttl=255}{30;ttl=1}{10;ttl=255}的探测包。探测分组可以携带关于lerm的信息,在MPLS回波请求的情况下,可以携带在目标FEC堆栈中,在无缝BFD的情况下,可以携带在鉴别器中。当LER m收到数据包时,它将由于生存时间(TTL)到期而跳转并发送肯定响应。在上述错误编程情况下,LSRa将转发给LSR1,LSR1将向PMS发送否定响应,因为探测器中的信息与本地节点不匹配。PMS也可以对底部标签执行相同的操作。这将有助于执行连接验证,并确保LER m和LER j之间的路径按预期工作。
This document has no IANA actions.
本文档没有IANA操作。
The PMS builds packets with the intent of performing OAM tasks. It uses address information based on topology information rather than a protocol.
PMS构建数据包的目的是执行OAM任务。它使用基于拓扑信息的地址信息,而不是协议。
The PMS allows the insertion of traffic into non-SR domains. This may be required in the case of an LDP domain attached to the SR domain, but it can be used to maliciously insert traffic in the case of external IP domains and MPLS-based VPNs.
PMS允许将流量插入非SR域。在LDP域连接到SR域的情况下,这可能是必需的,但在外部IP域和基于MPLS的VPN的情况下,它可用于恶意插入流量。
To prevent a PMS from inserting traffic into an MPLS VPN domain, one or more sets of label ranges may be reserved for service labels within an SR domain. The PMS should be configured to reject usage of these service label values. In the same way, misuse of IP destination addresses is blocked if only IP destination address values conforming to RFC 8029 [RFC8029] are settable by the PMS.
为了防止PMS将流量插入MPLS VPN域,可以为SR域内的服务标签保留一组或多组标签范围。PMS应配置为拒绝使用这些服务标签值。同样,如果PMS仅可设置符合RFC 8029[RFC8029]的IP目标地址值,则IP目标地址的误用将被阻止。
To limit potential misuse, access to a PMS needs to be authorized and should be logged. OAM supported by a PMS requires skilled personnel; hence, only experts requiring PMS access should be allowed to access such a system. It is recommended to directly attach a PMS to an SR domain. Connecting a PMS to an SR domain by a tunnel is technically possible, but adds further security issues. A tunnel-based access of a PMS to an SR domain is not recommended.
为了限制潜在的误用,对PMS的访问需要获得授权,并应记录。PMS支持的OAM需要熟练的人员;因此,只有需要PMS访问的专家才能访问此类系统。建议将PMS直接连接到SR域。通过隧道将PMS连接到SR域在技术上是可行的,但会增加更多的安全问题。不建议PMS通过隧道访问SR域。
Use of stale MPLS or IGP routing information could cause a PMS-monitoring packet to leave the domain where it originated. PMS-monitoring packets should not be sent using stale MPLS- or IGP-routing information. To carry out a desired measurement properly, the PMS must be aware of and respect the actual route changes, convergence events, as well as the assignment of Segment IDs relevant for measurements. At a minimum, the PMS must be able to listen to IGP topology changes or pull routing and segment information from routers signaling topology changes.
使用过时的MPLS或IGP路由信息可能会导致PMS监视数据包离开其发源的域。PMS监控数据包不应使用过时的MPLS或IGP路由信息发送。为正确执行所需测量,PMS必须了解并尊重实际路线变化、会聚事件以及与测量相关的段ID分配。至少,PMS必须能够监听IGP拓扑变化,或从路由器获取路由和段信息,以发送拓扑变化的信号。
Traffic insertion by a PMS may be unintended, especially if the IGP or MPLS topology stored locally is in stale state. As soon as the PMS has an indication that its IGP or MPLS topology are stale, it should stop operations involving network sections whose topology may not be accurate. However, note that it is the task of an OAM system to discover and locate network sections where forwarding behavior is not matching control-plane state. As soon as a PMS or an operator of a PMS has the impression that the PMS topology information is stale, measures need to be taken to refresh the topology information. These measures should be part of the PMS design. Matching forwarding and control-plane state by periodically automated execution of the mechanisms described in RFC 8029 [RFC8029] may be such a feature. Whenever network maintenance tasks are performed by operators, the PMS topology discovery should be started asynchronously after network maintenance has been finished.
PMS的流量插入可能是无意的,尤其是当本地存储的IGP或MPLS拓扑处于过时状态时。一旦PMS有迹象表明其IGP或MPLS拓扑过时,就应停止涉及拓扑可能不准确的网络部分的操作。但是,请注意,OAM系统的任务是发现和定位转发行为与控制平面状态不匹配的网络部分。一旦PMS或PMS操作员认为PMS拓扑信息过时,就需要采取措施刷新拓扑信息。这些措施应为PMS设计的一部分。通过周期性地自动执行RFC8029[RFC8029]中描述的机制来匹配转发和控制平面状态可以是这样的特征。每当操作员执行网络维护任务时,应在网络维护完成后异步启动PMS拓扑发现。
A PMS that is losing network connectivity or crashing must remove all IGP- and MPLS-topology information prior to restarting operation.
正在失去网络连接或崩溃的PMS必须在重新启动操作之前删除所有IGP和MPLS拓扑信息。
A PMS may operate routine measurements on a large scale. Care must be taken to avoid unintended traffic insertion after topology changes that result in, e.g., changes of label assignments to routes or interfaces within a domain. If the labels concerned are part of the
PMS可在大范围内进行常规测量。必须注意避免在拓扑更改后意外插入流量,这会导致域内路由或接口的标签分配发生变化。如果有关标签是
label stack composed by the PMS for any measurement packet and their state is stale, the measurement initially needs to be stopped. Setup and operation of routine measurements may be automated. Secure automated PMS operation requires a working automated detection and recognition of stale routing state.
由PMS为任何测量数据包组成的标签堆栈,其状态为陈旧,测量最初需要停止。常规测量的设置和操作可以自动化。安全的自动PMS操作需要对陈旧路由状态进行自动检测和识别。
[RFC7276] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y. Weingarten, "An Overview of Operations, Administration, and Maintenance (OAM) Tools", RFC 7276, DOI 10.17487/RFC7276, June 2014, <https://www.rfc-editor.org/info/rfc7276>.
[RFC7276]Mizrahi,T.,Sprecher,N.,Bellagamba,E.,和Y.Weingarten,“运营、管理和维护(OAM)工具概述”,RFC 7276,DOI 10.17487/RFC72762014年6月<https://www.rfc-editor.org/info/rfc7276>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "Segment Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8402]Filsfils,C.,Ed.,Previdi,S.,Ed.,Ginsberg,L.,Decarene,B.,Litkowski,S.,和R.Shakir,“段路由架构”,RFC 8402,DOI 10.17487/RFC8402,2018年7月<https://www.rfc-editor.org/info/rfc8402>.
[MPLS-PMS-REPORT] Leipnitz, R., Ed. and R. Geib, "A scalable and topology aware MPLS data plane monitoring system", Work in Progress, draft-leipnitz-spring-pms-implementation-report-00, June 2016.
[MPLS-PMS-REPORT]Leipnitz,R.,Ed.和R.Geib,“可扩展和拓扑感知的MPLS数据平面监控系统”,正在进行的工作,draft-Leipnitz-spring-PMS-implementation-REPORT-002016年6月。
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September 1981, <https://www.rfc-editor.org/info/rfc792>.
[RFC0792]Postel,J.,“互联网控制消息协议”,STD 5,RFC 792,DOI 10.17487/RFC0792,1981年9月<https://www.rfc-editor.org/info/rfc792>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006, <https://www.rfc-editor.org/info/rfc4443>.
[RFC4443]Conta,A.,Deering,S.和M.Gupta,Ed.“互联网协议版本6(IPv6)规范的互联网控制消息协议(ICMPv6)”,STD 89,RFC 4443,DOI 10.17487/RFC4443,2006年3月<https://www.rfc-editor.org/info/rfc4443>.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, "Extended ICMP to Support Multi-Part Messages", RFC 4884, DOI 10.17487/RFC4884, April 2007, <https://www.rfc-editor.org/info/rfc4884>.
[RFC4884]Bonica,R.,Gan,D.,Tappan,D.,和C.Pignataro,“扩展ICMP以支持多部分消息”,RFC 4884,DOI 10.17487/RFC4884,2007年4月<https://www.rfc-editor.org/info/rfc4884>.
[RFC4950] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, "ICMP Extensions for Multiprotocol Label Switching", RFC 4950, DOI 10.17487/RFC4950, August 2007, <https://www.rfc-editor.org/info/rfc4950>.
[RFC4950]Bonica,R.,Gan,D.,Tappan,D.,和C.Pignataro,“多协议标签交换的ICMP扩展”,RFC 4950,DOI 10.17487/RFC4950,2007年8月<https://www.rfc-editor.org/info/rfc4950>.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, "Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)", RFC 5884, DOI 10.17487/RFC5884, June 2010, <https://www.rfc-editor.org/info/rfc5884>.
[RFC5884]Aggarwal,R.,Kompella,K.,Nadeau,T.,和G.Swallow,“MPLS标签交换路径(LSP)的双向转发检测(BFD)”,RFC 5884,DOI 10.17487/RFC5884,2010年6月<https://www.rfc-editor.org/info/rfc5884>.
[RFC6576] Geib, R., Ed., Morton, A., Fardid, R., and A. Steinmitz, "IP Performance Metrics (IPPM) Standard Advancement Testing", BCP 176, RFC 6576, DOI 10.17487/RFC6576, March 2012, <https://www.rfc-editor.org/info/rfc6576>.
[RFC6576]Geib,R.,Ed.,Morton,A.,Fardid,R.,和A.Steinmitz,“IP性能度量(IPPM)标准推进测试”,BCP 176,RFC 6576,DOI 10.17487/RFC6576,2012年3月<https://www.rfc-editor.org/info/rfc6576>.
[RFC6808] Ciavattone, L., Geib, R., Morton, A., and M. Wieser, "Test Plan and Results Supporting Advancement of RFC 2679 on the Standards Track", RFC 6808, DOI 10.17487/RFC6808, December 2012, <https://www.rfc-editor.org/info/rfc6808>.
[RFC6808]Ciavattone,L.,Geib,R.,Morton,A.,和M.Wieser,“支持在标准轨道上推进RFC 2679的测试计划和结果”,RFC 6808,DOI 10.17487/RFC6808,2012年12月<https://www.rfc-editor.org/info/rfc6808>.
[RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S. Pallagatti, "Seamless Bidirectional Forwarding Detection (S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016, <https://www.rfc-editor.org/info/rfc7880>.
[RFC7880]Pignataro,C.,Ward,D.,Akiya,N.,Bhatia,M.,和S.Pallagati,“无缝双向转发检测(S-BFD)”,RFC 7880,DOI 10.17487/RFC78802016年7月<https://www.rfc-editor.org/info/rfc7880>.
[RFC7881] Pignataro, C., Ward, D., and N. Akiya, "Seamless Bidirectional Forwarding Detection (S-BFD) for IPv4, IPv6, and MPLS", RFC 7881, DOI 10.17487/RFC7881, July 2016, <https://www.rfc-editor.org/info/rfc7881>.
[RFC7881]Pignataro,C.,Ward,D.,和N.Akiya,“IPv4,IPv6和MPLS的无缝双向转发检测(S-BFD)”,RFC 7881,DOI 10.17487/RFC7881,2016年7月<https://www.rfc-editor.org/info/rfc7881>.
[RFC7882] Aldrin, S., Pignataro, C., Mirsky, G., and N. Kumar, "Seamless Bidirectional Forwarding Detection (S-BFD) Use Cases", RFC 7882, DOI 10.17487/RFC7882, July 2016, <https://www.rfc-editor.org/info/rfc7882>.
[RFC7882]Aldrin,S.,Pignataro,C.,Mirsky,G.,和N.Kumar,“无缝双向转发检测(S-BFD)用例”,RFC 7882,DOI 10.17487/RFC7882,2016年7月<https://www.rfc-editor.org/info/rfc7882>.
[RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., Aldrin, S., and M. Chen, "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures", RFC 8029, DOI 10.17487/RFC8029, March 2017, <https://www.rfc-editor.org/info/rfc8029>.
[RFC8029]Kompella,K.,Swallow,G.,Pignataro,C.,Ed.,Kumar,N.,Aldrin,S.,和M.Chen,“检测多协议标签交换(MPLS)数据平面故障”,RFC 8029,DOI 10.17487/RFC8029,2017年3月<https://www.rfc-editor.org/info/rfc8029>.
[RFC8287] Kumar, N., Ed., Pignataro, C., Ed., Swallow, G., Akiya, N., Kini, S., and M. Chen, "Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) IGP-Prefix and IGP-Adjacency Segment Identifiers (SIDs) with MPLS Data Planes", RFC 8287, DOI 10.17487/RFC8287, December 2017, <https://www.rfc-editor.org/info/rfc8287>.
[RFC8287]Kumar,N.,Ed.,Pignataro,C.,Ed.,Swallow,G.,Akiya,N.,Kini,S.,和M.Chen,“带MPLS数据平面的段路由(SR)IGP前缀和IGP邻接段标识符(SID)的标签交换路径(LSP)Ping/Traceroute”,RFC 8287,DOI 10.17487/RFC8287,2017年12月<https://www.rfc-editor.org/info/rfc8287>.
Acknowledgements
致谢
The authors would like to thank Nobo Akiya for his contribution. Raik Leipnitz kindly provided an editorial review. The authors would also like to thank Faisal Iqbal for an insightful review and a useful set of comments and suggestions. Finally, Bruno Decraene's Document Shepherd review led to a clarified document.
作者要感谢Nobo Akiya的贡献。Raik Leipnitz善意地提供了一份编辑评论。作者还要感谢费萨尔·伊克巴尔(Faisal Iqbal)的深刻评论和一系列有用的评论和建议。最后,布鲁诺·德雷恩的《文件守护者》审查得出了一份澄清的文件。
Authors' Addresses
作者地址
Ruediger Geib (editor) Deutsche Telekom Heinrich Hertz Str. 3-7 Darmstadt 64295 Germany
Ruediger Geib(编辑)德国电信海因里希赫兹街3-7号达姆施塔特64295
   Phone: +49 6151 5812747
   Email: Ruediger.Geib@telekom.de
        
      
   Phone: +49 6151 5812747
   Email: Ruediger.Geib@telekom.de
        
      Clarence Filsfils Cisco Systems, Inc. Brussels Belgium
Clarence Filsfils思科系统公司,比利时布鲁塞尔
   Email: cfilsfil@cisco.com
        
      
   Email: cfilsfil@cisco.com
        
      Carlos Pignataro (editor) Cisco Systems, Inc. 7200 Kit Creek Road Research Triangle Park, NC 27709-4987 United States of America
Carlos Pignataro(编辑)思科系统公司7200 Kit Creek Road Research Triangle Park,NC 27709-4987美利坚合众国
   Email: cpignata@cisco.com
        
      
   Email: cpignata@cisco.com
        
      Nagendra Kumar Cisco Systems, Inc. 7200 Kit Creek Road Research Triangle Park, NC 27709-4987 United States of America
美国北卡罗来纳州Kit Creek Road研究三角公园7200号Nagendra Kumar Cisco Systems,Inc.美国北卡罗来纳州27709-4987
   Email: naikumar@cisco.com
        
      
   Email: naikumar@cisco.com