Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7271

MPLS Transport Profile (MPLS-TP) Linear Protection to Match the Operational Expectations of Synchronous Digital Hierarchy, Optical Transport Network, and Ethernet Transport Network Operators

Pages: 40
Proposed Standard
Updates:  6378
Updated by:  8234

Top   ToC   RFC7271 - Page 1
Internet Engineering Task Force (IETF)                      J. Ryoo, Ed.
Request for Comments: 7271                                          ETRI
Updates: 6378                                               E. Gray, Ed.
Category: Standards Track                                       Ericsson
ISSN: 2070-1721                                          H. van Helvoort
                                                     Huawei Technologies
                                                         A. D'Alessandro
                                                          Telecom Italia
                                                               T. Cheung
                                                                    ETRI
                                                              E. Osborne
                                                               June 2014


    MPLS Transport Profile (MPLS-TP) Linear Protection to Match the
       Operational Expectations of Synchronous Digital Hierarchy,
  Optical Transport Network, and Ethernet Transport Network Operators

Abstract

This document describes alternate mechanisms to perform some of the functions of MPLS Transport Profile (MPLS-TP) linear protection defined in RFC 6378, and also defines additional mechanisms. The purpose of these alternate and additional mechanisms is to provide operator control and experience that more closely models the behavior of linear protection seen in other transport networks. This document also introduces capabilities and modes for linear protection. A capability is an individual behavior, and a mode is a particular combination of capabilities. Two modes are defined in this document: Protection State Coordination (PSC) mode and Automatic Protection Switching (APS) mode. This document describes the behavior of the PSC protocol including priority logic and state machine when all the capabilities associated with the APS mode are enabled. This document updates RFC 6378 in that the capability advertisement method defined here is an addition to that document.
Top   ToC   RFC7271 - Page 2
Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7271.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Conventions Used in This Document . . . . . . . . . . . . . . 5 3. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Capability 1: Priority Modification . . . . . . . . . . . . . 6 4.1. Motivation for Swapping Priorities of FS and SF-P . . . . 6 4.2. Motivation for Raising the Priority of SFc . . . . . . . 7 4.3. Motivation for Introducing the Freeze Command . . . . . . 7 4.4. Procedures in Support of Priority Modification . . . . . 8 5. Capability 2: Non-revertive Behavior Modification . . . . . . 8 6. Capability 3: Support of the MS-W Command . . . . . . . . . . 8 6.1. Motivation for adding MS-W . . . . . . . . . . . . . . . 8 6.2. Terminology to Support MS-W . . . . . . . . . . . . . . . 9 6.3. Behavior of MS-P and MS-W . . . . . . . . . . . . . . . . 9 6.4. Equal-Priority Resolution for MS . . . . . . . . . . . . 10 7. Capability 4: Support of Protection against SD . . . . . . . 10 7.1. Motivation for Supporting Protection against SD . . . . . 10 7.2. Terminology to Support SD . . . . . . . . . . . . . . . . 10
Top   ToC   RFC7271 - Page 3
     7.3.  Behavior of Protection against SD . . . . . . . . . . . .  11
     7.4.  Equal-Priority Resolution . . . . . . . . . . . . . . . .  12
   8.  Capability 5: Support of EXER Command . . . . . . . . . . . .  13
   9.  Capabilities and Modes  . . . . . . . . . . . . . . . . . . .  14
     9.1.  Capabilities  . . . . . . . . . . . . . . . . . . . . . .  14
       9.1.1.  Sending and Receiving the Capabilities TLV  . . . . .  15
     9.2.  Modes . . . . . . . . . . . . . . . . . . . . . . . . . .  16
       9.2.1.  PSC Mode  . . . . . . . . . . . . . . . . . . . . . .  16
       9.2.2.  APS Mode  . . . . . . . . . . . . . . . . . . . . . .  16
   10. PSC Protocol in APS Mode  . . . . . . . . . . . . . . . . . .  17
     10.1.  Request Field in PSC Protocol Message  . . . . . . . . .  17
     10.2.  Priorities of Local Inputs and Remote Requests . . . . .  17
       10.2.1.  Equal-Priority Requests  . . . . . . . . . . . . . .  18
     10.3.  Acceptance and Retention of Local Inputs . . . . . . . .  20
   11. State Transition Tables in APS Mode . . . . . . . . . . . . .  20
     11.1.  State Transition by Local Inputs . . . . . . . . . . . .  23
     11.2.  State Transition by Remote Messages  . . . . . . . . . .  25
     11.3.  State Transition for 1+1 Unidirectional Protection . . .  27
   12. Provisioning Mismatch and Protocol Failure in APS Mode  . . .  27
   13. Security Considerations . . . . . . . . . . . . . . . . . . .  28
   14. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  29
     14.1.  MPLS PSC Request Registry  . . . . . . . . . . . . . . .  29
     14.2.  MPLS PSC TLV Registry  . . . . . . . . . . . . . . . . .  29
     14.3.  MPLS PSC Capability Flag Registry  . . . . . . . . . . .  29
   15. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  30
   16. References  . . . . . . . . . . . . . . . . . . . . . . . . .  30
     16.1.  Normative References . . . . . . . . . . . . . . . . . .  30
     16.2.  Informative References . . . . . . . . . . . . . . . . .  30
   Appendix A.  An Example of an Out-of-Service Scenario . . . . . .  32
   Appendix B.  An Example of a Sequence Diagram Showing
                the Problem with the Priority Level of SFc . . . . .  33
   Appendix C.  Freeze Command . . . . . . . . . . . . . . . . . . .  34
   Appendix D.  Operation Examples of the APS Mode . . . . . . . . .  35
Top   ToC   RFC7271 - Page 4

1. Introduction

Linear protection mechanisms for the MPLS Transport Profile (MPLS-TP) are described in RFC 6378 [RFC6378] to meet the requirements described in RFC 5654 [RFC5654]. This document describes alternate mechanisms to perform some of the functions of linear protection, and also defines additional mechanisms. The purpose of these alternate and additional mechanisms is to provide operator control and experience that more closely models the behavior of linear protection seen in other transport networks, such as Synchronous Digital Hierarchy (SDH), Optical Transport Network (OTN), and Ethernet transport networks. Linear protection for SDH, OTN, and Ethernet transport networks is defined in ITU-T Recommendations G.841 [G841], G.873.1 [G873.1], and G.8031 [G8031], respectively. The reader of this document is assumed to be familiar with [RFC6378]. The alternative mechanisms described in this document are for the following capabilities: 1. Priority modification, 2. non-revertive behavior modification, and the following capabilities have been added to define additional mechanisms: 3. support of the Manual Switch to Working path (MS-W) command, 4. support of protection against Signal Degrade (SD), and 5. support of the Exercise (EXER) command. The priority modification includes raising the priority of Signal Fail on Protection path (SF-P) relative to Forced Switch (FS), and raising the priority level of Clear Signal Fail (SFc) above SF-P. Non-revertive behavior is modified to align with the behavior defined in RFC 4427 [RFC4427] as well as to follow the behavior of linear protection seen in other transport networks. Support of the MS-W command to revert traffic to the working path in non-revertive operation is covered in this document.
Top   ToC   RFC7271 - Page 5
   Support of the protection-switching protocol against SD is covered in
   this document.  The specifics for the method of identifying SD are
   out of the scope for this document and are treated similarly to
   Signal Fail (SF) in [RFC6378].

   Support of the EXER command to test if the Protection State
   Coordination (PSC) communication is operating correctly is also
   covered in this document.  Without actually switching traffic, the
   EXER command tests and validates the linear protection mechanism and
   PSC protocol including the aliveness of the priority logic, the PSC
   state machine, the PSC message generation and reception, and the
   integrity of the protection path.

   This document introduces capabilities and modes.  A capability is an
   individual behavior.  The capabilities of a node are advertised using
   the method given in this document.  A mode is a particular
   combination of capabilities.  Two modes are defined in this document:
   PSC mode and Automatic Protection Switching (APS) mode.

   Other modes may be defined as new combinations of the capabilities
   defined in this document or through the definition of additional
   capabilities.  In either case, the specification defining a new mode
   will be responsible for documenting the behavior, the priority logic,
   and the state machine of the PSC protocol when the set of
   capabilities in the new mode is enabled.

   This document describes the behavior, the priority logic, and the
   state machine of the PSC protocol when all the capabilities
   associated with the APS mode are enabled.  The PSC protocol behavior
   for the PSC mode is as defined in [RFC6378].

   This document updates [RFC6378] by adding a capability advertisement
   mechanism.  It is recommended that existing implementations of the
   PSC protocol be updated to support this capability.  Backward
   compatibility with existing implementations that do not support this
   mechanism is described in Section 9.2.1.

   Implementations are expected to be configured to support a specific
   set of capabilities (a mode) and to reject messages that indicate the
   use of a different set of capabilities (a different mode).  Thus, the
   capability advertisement is not a negotiation but a verification that
   peers are using the same mode.

2. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
Top   ToC   RFC7271 - Page 6

3. Acronyms

This document uses the following acronyms: APS Automatic Protection Switching DNR Do-not-Revert EXER Exercise FS Forced Switch LO Lockout of protection MS Manual Switch MS-P Manual Switch to Protection path MS-W Manual Switch to Working path MPLS-TP MPLS Transport Profile NR No Request OC Operator Clear OTN Optical Transport Network PSC Protection State Coordination RR Reverse Request SD Signal Degrade SD-P Signal Degrade on Protection path SD-W Signal Degrade on Working path SDH Synchronous Digital Hierarchy SF Signal Fail SF-P Signal Fail on Protection path SF-W Signal Fail on Working path SFc Clear Signal Fail SFDc Clear Signal Fail or Degrade WTR Wait-to-Restore

4. Capability 1: Priority Modification

[RFC6378] defines the priority of FS to be higher than that of SF-P. That document also defines the priority of Clear SF (SFc) to be low. This document defines the priority modification capability whereby the relative priorities of FS and SF-P are swapped, and the priority of Clear SF (SFc) is raised. In addition, this capability introduces the Freeze command as described in Appendix C. The rationale for these changes is detailed in the following subsections from both the technical and network operational aspects.

4.1. Motivation for Swapping Priorities of FS and SF-P

Defining the priority of FS higher than that of SF-P can result in a situation where the protected traffic is taken out of service. When the protection path fails, PSC communication may stop as a result. In this case, if any input that is supposed to be signaled to the other end has a higher priority than SF-P, then this can result in an
Top   ToC   RFC7271 - Page 7
   unpredictable protection-switching state.  An example scenario that
   may result in an out-of-service situation is presented in Appendix A
   of this document.

   According to Section 2.4 of [RFC5654], it MUST be possible to operate
   an MPLS-TP network without using a control plane.  This means that
   the PSC communication channel is very important for the transfer of
   external switching commands (e.g., FS), and these commands should not
   rely on the presence of a control plane.  In consequence, the failure
   of the PSC communication channel has higher priority than FS.

   In other transport networks (such as SDH, OTN, and Ethernet transport
   networks), the priority of SF-P has been higher than that of FS.  It
   is therefore important to offer network operators the option of
   having the same behavior in their MPLS-TP networks so that they can
   have the same operational protection-switching behavior to which they
   have become accustomed.  Typically, an FS command is issued before
   network maintenance jobs (e.g., replacing optical cables or other
   network components).  When an operator pulls out a cable on the
   protection path, by mistake, the traffic should continue to be
   protected, and the operator expects this behavior based on his/her
   experience with traditional transport network operations.

4.2. Motivation for Raising the Priority of SFc

The priority level of SFc defined in [RFC6378] can cause traffic disruption when a node that has experienced local signal fails on both the working and the protection paths is recovering from these failures. A sequence diagram highlighting the problem with the priority level of SFc as defined in [RFC6378] is presented in Appendix B.

4.3. Motivation for Introducing the Freeze Command

With the priority swapping between FS and SF-P, the traffic is always moved back to the working path when SF-P occurs in Protecting Administrative state. In case network operators need an option to control their networks so that the traffic can remain on the protection path even when the PSC communication channel is broken, the Freeze command can be used. Freeze is defined to be a "local" command that is not signaled to the remote node. The use of the Freeze command is described in Appendix C.
Top   ToC   RFC7271 - Page 8

4.4. Procedures in Support of Priority Modification

When the modified priority order specified in this document is in use, the list of local requests in order of priority SHALL be as follows (from highest to lowest): o Clear Signal Fail o Signal Fail on Protection path o Forced Switch o Signal Fail on Working path This requires modification of the PSC Control Logic (including the state machine) relative to that described in [RFC6378]. Sections 10 and 11 present the PSC Control Logic when all capabilities of APS mode are enabled.

5. Capability 2: Non-revertive Behavior Modification

Non-revertive operation of protection switching is defined in [RFC4427]. In this operation, the traffic does not return to the working path when switch-over requests are terminated. However, the PSC protocol defined in [RFC6378] supports this operation only when recovering from a defect condition: it does not support the non-revertive function when an operator's switch-over command, such as FS or Manual Switch (MS), is cleared. To be aligned with the behavior in other transport networks and to be consistent with [RFC4427], a node should go into the Do-not-Revert (DNR) state not only when a failure condition on the working path is cleared, but also when an operator command that requested switch-over is cleared. This requires modification to the PSC Control Logic (including the state machine) relative to that described in [RFC6378]. Sections 10 and 11 present the PSC Control Logic when all capabilities of APS mode are enabled.

6. Capability 3: Support of the MS-W Command

6.1. Motivation for adding MS-W

Changing the non-revertive operation as described in Section 5 introduces the necessity of a new operator command to revert traffic to the working path in the DNR state. When the traffic is on the protection path in the DNR state, a Manual Switch to Working (MS-W) command is issued to switch the normal traffic back to the working
Top   ToC   RFC7271 - Page 9
   path.  According to Section 4.3.3.6 (Do-not-Revert State) in
   [RFC6378], "To revert back to the Normal state, the administrator
   SHALL issue a Lockout of protection command followed by a Clear
   command."  However, using the Lockout of protection (LO) command
   introduces the potential risk of an unprotected situation while the
   LO is in effect.

   The "Manual switch-over for recovery LSP/span" command is defined in
   [RFC4427].  Requirement 83 in [RFC5654] states that the external
   commands defined in [RFC4427] MUST be supported.  Since there is no
   support for this external command in [RFC6378], this functionality
   should be added to PSC.  This support is provided by introducing the
   MS-W command.  The MS-W command, as described here, corresponds to
   the "Manual switch-over for recovery LSP/span" command.

6.2. Terminology to Support MS-W

[RFC6378] uses the term "Manual Switch" and its acronym "MS". This document uses the term "Manual Switch to Protection path" and "MS-P" to have the same meaning, while avoiding confusion with "Manual Switch to Working path" and its acronym "MS-W". Similarly, we modify the name of "Protecting Administrative" state (as defined in [RFC6378]) to be "Switching Administrative" state to include the case where traffic is switched to the working path as a result of the external MS-W command.

6.3. Behavior of MS-P and MS-W

MS-P and MS-W SHALL have the same priority. We consider different instances of determining the priority of the commands when they are received either in succession or simultaneously. o When two commands are received in succession, the command that is received after the initial command SHALL be cancelled. o If two nodes simultaneously receive commands that indicate opposite operations (i.e., one node receives MS-P and the other node receives MS-W) and transmit the indications to the remote node, the MS-W SHALL be considered to have a higher priority, and the MS-P SHALL be cancelled and discarded. Two commands, MS-P and MS-W, are transmitted using the same Request field value but SHALL indicate in the Fault Path (FPath) value the path from which the traffic is being diverted. When traffic is switched to the protection path, the FPath field value SHALL be set to 1, indicating that traffic is being diverted from the working path. When traffic is switched to the working path, the FPath field
Top   ToC   RFC7271 - Page 10
   value SHALL be set to 0, indicating that traffic is being diverted
   from the protection path.  The Data Path (Path) field SHALL indicate
   where user data traffic is being transported (i.e., if the working
   path is selected, then Path is set to 0; if the protection path is
   selected, then Path is set to 1).

   When an MS command is in effect at a node, any subsequent MS or EXER
   command and any other lower-priority requests SHALL be ignored.

6.4. Equal-Priority Resolution for MS

[RFC6378] defines only one rule for the equal-priority condition in Section 4.3.2 as "The remote message from the far-end LER is assigned a priority just below the similar local input." In order to support the Manual Switch behavior described in Section 6.3, additional rules for equal-priority resolution are required. Since the support of protection against signal degrade also requires a similar equal- priority resolution, the rules are described in Section 7.4. Support of this function requires changes to the PSC Control Logic (including the state machine) relative to that shown in [RFC6378]. Sections 10 and 11 present the PSC Control Logic when all capabilities of APS mode are enabled.

7. Capability 4: Support of Protection against SD

7.1. Motivation for Supporting Protection against SD

In the MPLS-TP Survivability Framework [RFC6372], both SF and SD fault conditions can be used to trigger protection switching. [RFC6378], which defines the protection-switching protocol for MPLS-TP, does not specify how the SF and SD are detected, and specifies the protection-switching protocol associated with SF only. The PSC protocol associated with SD is covered in this document, but the specifics for the method of identifying SD is out of scope for the protection protocol in the same way that SF detection and MS or FS command initiation are out of scope.

7.2. Terminology to Support SD

In this document, the term Clear Signal Fail or Degrade (SFDc) is used to indicate the clearance of either a degraded condition or a failure condition.
Top   ToC   RFC7271 - Page 11
   The second paragraph of Section 4.3.3.2 (Unavailable State) in
   [RFC6378] shows the intention of including Signal Degrade on
   Protection path (SD-P) in the Unavailable state.  Even though the
   protection path can be partially available under the condition of
   SD-P, this document follows the same state grouping as [RFC6378] for
   SD-P.

   The bulleted item on the Protecting Failure state in Section 3.6 of
   [RFC6378] includes the degraded condition in the Protecting Failure
   state.  This document follows the same state grouping as [RFC6378]
   for Signal Degrade on Working path (SD-W).

7.3. Behavior of Protection against SD

To better align the behavior of MPLS-TP networks with that of other transport networks (such as SDH, OTN, and Ethernet transport networks), we define the following: o The priorities of SD-P and SD-W SHALL be equal. o Once a switch has been completed due to SD on one path, it will not be overridden by SD on the other path (first come, first served behavior), to avoid protection switching that cannot improve signal quality. The SD message indicates that the transmitting node has identified degradation of the signal or integrity of the packet received on either the working path or the protection path. The FPath field SHALL identify the path that is reporting the degraded condition (i.e., if the protection path, then FPath is set to 0; if the working path, then FPath is set to 1), and the Path field SHALL indicate where the data traffic is being transported (i.e., if the working path is selected, then Path is set to 0; if the protection path is selected, then Path is set to 1). When the SD condition is cleared and the protected domain is recovering from the situation, the Wait-to-Restore (WTR) timer SHALL be used if the protected domain is configured for revertive behavior. The WTR timer SHALL be started at the node that recovers from a local degraded condition on the working path. Protection switching against SD is always provided by a selector bridge duplicating user data traffic and feeding it to both the working path and the protection path under SD condition. When a local or remote SD occurs on either the working path or the protection path, the node SHALL duplicate user data traffic and SHALL feed it to both the working path and the protection path. The packet duplication SHALL continue as long as any SD condition exists in the
Top   ToC   RFC7271 - Page 12
   protected domain.  When the SD condition is cleared, in revertive
   operation, the packet duplication SHALL continue in the WTR state and
   SHALL stop when the node leaves the WTR state; while in non-revertive
   operation, the packet duplication SHALL stop immediately.

   The selector bridge with the packet duplication under SD condition,
   which is a non-permanent bridge, is considered to be a 1:1 protection
   architecture.

   Protection switching against SD does not introduce any modification
   to the operation of the selector at the sink node described in
   [RFC6378].  The selector chooses either the working or protection
   path from which to receive the normal traffic in both 1:1 and 1+1
   architectures.  The position of the selector, i.e., which path to
   receive the traffic, is determined by the PSC protocol in
   bidirectional switching or by the local input in unidirectional
   switching.

7.4. Equal-Priority Resolution

In order to support the MS behavior described in Section 6.3 and the protection against SD described in Section 7.3, it is necessary to expand rules for treating equal-priority inputs. For equal-priority local inputs, such as MS and SD, apply a simple first-come, first-served rule. Once a local input is determined as the highest priority local input, then a subsequent equal-priority local input requesting a different action, i.e., the action results in the same PSC Request field but different FPath value, will not be presented to the PSC Control Logic as the highest local request. Furthermore, in the case of an MS command, the subsequent local MS command requesting a different action will be cancelled. If a node is in a remote state due to a remote SD (or MS) message, a subsequent local input having the same priority but requesting a different action to the PSC Control Logic will be considered as having lower priority than the remote message and will be ignored. For example, if a node is in remote Switching Administrative state due to a remote MS-P, then any subsequent local MS-W SHALL be ignored and automatically cancelled. If a node is in remote Unavailable state due to a remote SD-P, then any subsequent local SD-W input will be ignored. However, the local SD-W SHALL continue to appear in the Local Request Logic as long as the SD condition exists, but it SHALL NOT be the top-priority global request, which determines the state transition at the PSC Control Logic.
Top   ToC   RFC7271 - Page 13
   Cases where two end-points of the protected domain simultaneously
   receive local triggers of the same priority that request different
   actions may occur (for example, one node receives SD-P and the other
   receives SD-W).  Subsequently, each node will receive a remote
   message with the opposing action indication.  To address these cases,
   we define the following priority resolution rules:

   o  When MS-W and MS-P occur simultaneously at both nodes, MS-W SHALL
      be considered as having higher priority than MS-P at both nodes.

   o  When SD-W and SD-P occur simultaneously at both nodes, the SD on
      the standby path (the path from which the selector does not select
      the user data traffic) is considered as having higher priority
      than the SD on the active path (the path from which the selector
      selects the user data traffic) regardless of its origin (local or
      remote message).  Therefore, no unnecessary protection switching
      is performed, and the user data traffic continues to be selected
      from the active path.

   In the preceding paragraphs, "simultaneously" refers to the case a
   sent SD (or MS) request has not been confirmed by the remote end in
   bidirectional protection switching.  When a local node that has
   transmitted an SD message receives an SD (or MS) message that
   indicates a different value of Path field from the value of Path
   field in the transmitted SD (or MS) message, both the local and
   remote SD requests are considered to occur simultaneously.

   The addition of support for protection against SD requires
   modification to the PSC Control Logic (including the state machine)
   relative to that described in [RFC6378].  Sections 10 and 11 present
   the PSC Control Logic when all capabilities of APS mode are enabled.

8. Capability 5: Support of EXER Command

The EXER command is used to verify the correct operation of the PSC communication, such as the aliveness of the Local Request Logic, the integrity of the PSC Control Logic, the PSC message generation and reception mechanism, and the integrity of the protection path. EXER does not trigger any actual traffic switching. The command is only relevant for bidirectional protection switching, since it is dependent upon receiving a response from the remote node. The EXER command is assigned lower priority than any switching message. It may be used regardless of the traffic usage of the working path.
Top   ToC   RFC7271 - Page 14
   When a node receives a remote EXER message, it SHOULD respond with a
   Reverse Request (RR) message with the FPath and Path fields set
   according to the current condition of the node.  The RR message SHALL
   be generated only in response to a remote EXER message.

   This command is documented in R84 of [RFC5654].

   If EXER commands are input at both ends, then a race condition may
   arise.  This is resolved as follows:

   o  If a node has issued EXER and receives EXER before receiving RR,
      it MUST treat the received EXER as it would an RR, and it SHOULD
      NOT respond with RR.

   The following PSC Requests are added to the PSC Request field to
   support the Exercise command (see also Section 14.1):

      (3) Exercise - indicates that the transmitting end-point is
      exercising the protection channel and mechanism.  FPath and Path
      are set to the same value of the No Request (NR), RR, or DNR
      message whose transmission is stopped by EXER.

      (2) Reverse Request - indicates that the transmitting end-point is
      responding to an EXER command from the remote node.  FPath and
      Path are set to the same value of the NR or DNR message whose
      transmission is stopped by RR.

   The relative priorities of EXER and RR are defined in Section 10.2.

9. Capabilities and Modes

9.1. Capabilities

A Capability is an individual behavior whose use is signaled in a Capabilities TLV, which is placed in Optional TLVs field inside the PSC message shown in Figure 2 of [RFC6378]. The format of the Capabilities TLV is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = Capabilities | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value = Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Format of Capabilities TLV
Top   ToC   RFC7271 - Page 15
   The value of the Type field is 1.

   The value of the Length field is the length of the Flags field in
   octets.  The length of the Flags field MUST be a multiple of 4 octets
   and MUST be the minimum required to signal all the required
   capabilities.

   Section 4 to Section 8 discuss five capabilities that are signaled
   using the five most significant bits; if a node wishes to signal
   these five capabilities, it MUST send a Flags field of 4 octets.  A
   node would send a Flags field greater than 4 octets only if it had
   more than 32 Capabilities to indicate.  All unused bits MUST be set
   to zero.

   If the bit assigned for an individual capability is set to 1, it
   indicates the sending node's intent to use that capability in the
   protected domain.  If a bit is set to 0, the sending node does not
   intend to use the indicated capability in the protected domain.  Note
   that it is not possible to distinguish between the intent not to use
   a capability and a node's complete non-support (i.e., lack of
   implementation) of a given capability.

   This document defines five specific capabilities that are described
   in Section 4 to Section 8.  Each capability is assigned bit as
   follows:

      0x80000000: priority modification

      0x40000000: non-revertive behavior modification

      0x20000000: support of MS-W command

      0x10000000: support of protection against SD

      0x08000000: support of EXER command

   If all the five capabilities should be used, a node SHALL set the
   Flags field to 0xF8000000.

9.1.1. Sending and Receiving the Capabilities TLV

A node MUST include its Capabilities TLV in every PSC message that it transmits. The transmission and acceptance of the PSC message is described in Section 4.1 of [RFC6378]. When a node receives a Capabilities TLV, it MUST compare the Flags value to its most recent Flags value transmitted by the node. If the two are equal, the protected domain is said to be running in the mode
Top   ToC   RFC7271 - Page 16
   indicated by that set of capabilities (see Section 9.2).  If the sent
   and received Capabilities TLVs are not equal, this indicates a
   Capabilities TLV mismatch.  When this happens, the node MUST alert
   the operator and MUST NOT perform any protection switching until the
   operator resolves the mismatch between the two end-points.

9.2. Modes

A mode is a given set of Capabilities. Modes are shorthand; referring to a set of capabilities by their individual values or by the name of their mode does not change the protocol behavior. This document defines two modes -- PSC and APS. Capabilities TLVs with other combinations than the one specified by a mode are not supported in this specification.

9.2.1. PSC Mode

PSC mode is defined as the lack of support for any of the additional capabilities defined in this document -- that is, a Capabilities set of 0x0. It is the behavior specified in [RFC6378]. There are two ways to declare PSC mode. A node can send no Capabilities TLV at all since there are no TLV units defined in [RFC6378], or it can send a Capabilities TLV with Flags value set to 0x0. In order to allow backward compatibility between two end-points -- one which supports sending the Capabilities TLV, and one which does not, the node that has the ability to send and process the PSC mode Capabilities TLV MUST be able to both send the PSC mode Capabilities TLV and send no Capabilities TLV at all. An implementation MUST be configurable between these two options.

9.2.2. APS Mode

APS mode is defined as the use of all the five specific capabilities, which are described in Sections 4 to 8 in this document. APS mode is indicated with the Flags value of 0xF8000000.
Top   ToC   RFC7271 - Page 17

10. PSC Protocol in APS Mode

This section and the following section define the behavior of the PSC protocol when all of the aforementioned capabilities are enabled, i.e., APS mode.

10.1. Request Field in PSC Protocol Message

This document defines two new values for the "Request" field in the PSC protocol message that is shown in Figure 2 of [RFC6378] as follows: (2) Reverse Request (3) Exercise See also Section 14.1 of this document.

10.2. Priorities of Local Inputs and Remote Requests

Based on the description in Sections 3 and 4.3.2 in [RFC6378], the priorities of multiple outstanding local inputs are evaluated in the Local Request Logic, where the highest priority local input (highest local request) is determined. This highest local request is passed to the PSC Control Logic that will determine the higher-priority input (top-priority global request) between the highest local request and the last received remote message. When a remote message comes to the PSC Control Logic, the top-priority global request is determined between this remote message and the highest local request that is present. The top-priority global request is used to determine the state transition, which is described in Section 11. In this document, in order to simplify the description on the PSC Control Logic, we strictly decouple the priority evaluation from the state transition table lookup. The priorities for both local and remote requests are defined as follows from highest to lowest: o Operator Clear (Local only) o Lockout of protection (Local and Remote) o Clear Signal Fail or Degrade (Local only) o Signal Fail on Protection path (Local and Remote) o Forced Switch (Local and Remote)
Top   ToC   RFC7271 - Page 18
   o  Signal Fail on Working path (Local and Remote)

   o  Signal Degrade on either Protection path or Working path (Local
      and Remote)

   o  Manual Switch to either Protection path or Working path (Local and
      Remote)

   o  WTR Timer Expiry (Local only)

   o  WTR (Remote only)

   o  Exercise (Local and Remote)

   o  Reverse Request (Remote only)

   o  Do-Not-Revert (Remote only)

   o  No Request (Remote and Local)

   Note that the "Local only" requests are not transmitted to the remote
   node.  Likewise, the "Remote only" requests do not exist in the Local
   Request Logic as local inputs.  For example, the priority of WTR only
   applies to the received WTR message, which is generated from the
   remote node.  The remote node that is running the WTR timer in the
   WTR state has no local request.

   The remote SF and SD on either the working path or the protection
   path and the remote MS to either the working path or the protection
   path are indicated by the values of the Request and FPath fields in
   the PSC message.

   The remote request from the remote node is assigned a priority just
   below the same local request except for NR and equal-priority
   requests, such as SD and MS.  Since a received NR message needs to be
   used in the state transition table lookup when there is no
   outstanding local request, the remote NR request SHALL have a higher
   priority than the local NR.  For the equal-priority requests, see
   Section 10.2.1.

10.2.1. Equal-Priority Requests

As stated in Section 10.2, the remote request from the remote node is assigned a priority just below the same local request. However, for equal-priority requests, such as SD and MS, the priority SHALL be evaluated as described in this section.
Top   ToC   RFC7271 - Page 19
   For equal-priority local requests, the first-come, first-served rule
   SHALL be applied.  Once a local request appears in the Local Request
   Logic, a subsequent equal-priority local request requesting a
   different action, i.e., the action results in the same Request value
   but a different FPath value, SHALL be considered to have a lower
   priority.  Furthermore, in the case of an MS command, the subsequent
   local MS command requesting a different action SHALL be rejected and
   cleared.

   When the priority is evaluated in the PSC Control Logic between the
   highest local request and a remote request, the following equal-
   priority resolution rules SHALL be applied:

   o  If two requests request the same action, i.e., the same Request
      and FPath values, then the local request SHALL be considered to
      have a higher priority than the remote request.

   o  When the highest local request comes to the PSC Control Logic, if
      the remote request that requests a different action exists, then
      the highest local request SHALL be ignored and the remote request
      SHALL remain to be the top-priority global request.  In the case
      of an MS command, the local MS command requesting a different
      action SHALL be cancelled.

   o  When the remote request comes to the PSC Control Logic, if the
      highest local request that requests a different action exists,
      then the top-priority global request SHALL be determined by the
      following rules:

      *  For MS requests, the MS-W request SHALL be considered to have a
         higher priority than the MS-P request.  The node that has the
         local MS-W request SHALL maintain the local MS-W request as the
         top-priority global request.  The other node that has the local
         MS-P request SHALL cancel the MS-P command and SHALL generate
         "Operator Clear" internally as the top-priority global request.

      *  For SD requests, the SD on the standby path (the path from
         which the selector does not select the user data traffic) SHALL
         be considered to have a higher priority than the SD on the
         active path (the path from which the selector selects the user
         data traffic) regardless of its origin (local or remote
         message).  The node that has the SD on the standby path SHALL
         maintain the local SD on the standby path request as the top-
         priority global request.  The other node that has local SD on
         the active path SHALL use the remote SD on the standby path as
         the top-priority global request to lookup the state transition
Top   ToC   RFC7271 - Page 20
         table.  The differentiation of the active and standby paths is
         based upon which path had been selected for the user data
         traffic when each node detected its local SD.

10.3. Acceptance and Retention of Local Inputs

A local input indicating a defect, such as SF-P, SF-W, SD-P, and SD-W, SHALL be accepted and retained persistently in the Local Request Logic as long as the defect condition exists. If there is any higher-priority local input than the local defect input, the higher-priority local input is passed to the PSC Control Logic as the highest local request, but the local defect input cannot be removed but remains in the Local Request Logic. When the higher-priority local input is cleared, the local defect will become the highest local request if the defect condition still exists. The Operator Clear (OC) command, SFDc, and WTR Timer Expiry are not persistent. Once they appear to the Local Request Logic and complete all the operations in the protection-switching control, they SHALL disappear. The LO, FS, MS, and EXER commands SHALL be rejected if there is any higher-priority local input in the Local Request Logic. If a new higher-priority local request (including an operator command) is accepted, any previous lower-priority local operator command SHALL be cancelled. When any higher-priority remote request is received, a lower-priority local operator command SHALL be cancelled. The cancelled operator command is cleared. If the operators wish to renew the cancelled command, then they should reissue the command.

11. State Transition Tables in APS Mode

When there is a change in the highest local request or in remote PSC messages, the top-priority global request SHALL be evaluated, and the state transition tables SHALL be looked up in the PSC Control Logic. The following rules are applied to the operation related to the state transition table lookup. o If the top-priority global request, which determines the state transition, is the highest local request, the local state transition table in Section 11.1 SHALL be used to decide the next state of the node. Otherwise, the remote state transition table in Section 11.2 SHALL be used. o If in remote state, the highest local defect condition (SF-P, SF-W, SD-P, or SD-W) SHALL always be reflected in the Request and FPath fields.
Top   ToC   RFC7271 - Page 21
   o  For the node currently in the local state, if the top-priority
      global request is changed to OC or SFDc, causing the next state to
      be Normal, WTR, or DNR, then all the local and remote requests
      SHALL be re-evaluated as if the node is in the state specified in
      the footnotes to the state transition tables, before deciding the
      final state.  If there are no active requests, the node enters the
      state specified in the footnotes to the state transition tables.
      This re-evaluation is an internal operation confined within the
      local node, and the PSC messages are generated according to the
      final state.

   o  The WTR timer is started only when the node that has recovered
      from a local failure or degradation enters the WTR state.  A node
      that is entering into the WTR state due to a remote WTR message
      does not start the WTR timer.  The WTR timer SHALL be stopped when
      any local or remote request triggers the state change out of the
      WTR state.

   The extended states, as they appear in the table, are as follows:

   N        Normal state
   UA:LO:L  Unavailable state due to local LO command
   UA:P:L   Unavailable state due to local SF-P
   UA:DP:L  Unavailable state due to local SD-P
   UA:LO:R  Unavailable state due to remote LO message
   UA:P:R   Unavailable state due to remote SF-P message
   UA:DP:R  Unavailable state due to remote SD-P message
   PF:W:L   Protecting Failure state due to local SF-W
   PF:DW:L  Protecting Failure state due to local SD-W
   PF:W:R   Protecting Failure state due to remote SF-W message
   PF:DW:R  Protecting Failure state due to remote SD-W message
   SA:F:L   Switching Administrative state due to local FS command
   SA:MW:L  Switching Administrative state due to local MS-W command
   SA:MP:L  Switching Administrative state due to local MS-P command
   SA:F:R   Switching Administrative state due to remote FS message
   SA:MW:R  Switching Administrative state due to remote MS-W message
   SA:MP:R  Switching Administrative state due to remote MS-P message
   WTR      Wait-to-Restore state
   DNR      Do-not-Revert state
   E::L     Exercise state due to local EXER command
   E::R     Exercise state due to remote EXER message

   Each state corresponds to the transmission of a particular set of
   Request, FPath, and Path fields.  The table below lists the message
   that is generally sent in each particular state.  If the message to
   be sent in a particular state deviates from the table below, it is
   noted in the footnotes of the state transition tables.
Top   ToC   RFC7271 - Page 22
   State    Request(FPath,Path)
   -------  ------------------------------------
   N        NR(0,0)
   UA:LO:L  LO(0,0)
   UA:P:L   SF(0,0)
   UA:DP:L  SD(0,0)
   UA:LO:R  highest local request(local FPath,0)
   UA:P:R   highest local request(local FPath,0)
   UA:DP:R  highest local request(local FPath,0)
   PF:W:L   SF(1,1)
   PF:DW:L  SD(1,1)
   PF:W:R   highest local request(local FPath,1)
   PF:DW:R  highest local request(local FPath,1)
   SA:F:L   FS(1,1)
   SA:MW:L  MS(0,0)
   SA:MP:L  MS(1,1)
   SA:F:R   highest local request(local FPath,1)
   SA:MW:R  NR(0,0)
   SA:MP:R  NR(0,1)
   WTR      WTR(0,1)
   DNR      DNR(0,1)
   E::L     EXER(0,x), where x is the existing Path value
                       when Exercise command is issued.
   E::R     RR(0,x), where x is the existing Path value
                     when RR message is generated.

   Some operation examples of APS mode are shown in Appendix D.

   In the state transition tables below, the letter 'i' stands for
   "ignore" and is an indication to remain in the current state and
   continue transmitting the current PSC message
Top   ToC   RFC7271 - Page 23

11.1. State Transition by Local Inputs

| OC | LO | SFDc | SF-P | FS | SF-W | --------+-----+---------+------+--------+--------+--------+ N | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | UA:LO:L | (1) | i | i | i | i | i | UA:P:L | i | UA:LO:L | (1) | i | i | i | UA:DP:L | i | UA:LO:L | (1) | UA:P:L | SA:F:L | PF:W:L | UA:LO:R | i | UA:LO:L | i | UA:P:L | i | PF:W:L | UA:P:R | i | UA:LO:L | i | UA:P:L | i | PF:W:L | UA:DP:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | PF:W:L | i | UA:LO:L | (2) | UA:P:L | SA:F:L | i | PF:DW:L | i | UA:LO:L | (2) | UA:P:L | SA:F:L | PF:W:L | PF:W:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | PF:DW:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | SA:F:L | (3) | UA:LO:L | i | UA:P:L | i | i | SA:MW:L | (1) | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | SA:MP:L | (3) | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | SA:F:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | SA:MW:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | SA:MP:R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | WTR | (4) | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | DNR | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | E::L | (5) | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L | E::R | i | UA:LO:L | i | UA:P:L | SA:F:L | PF:W:L |
Top   ToC   RFC7271 - Page 24
(Continued)

           | SD-P    | SD-W    | MS-W    | MS-P    | WTRExp | EXER
   --------+---------+---------+---------+---------+--------+------
   N       | UA:DP:L | PF:DW:L | SA:MW:L | SA:MP:L | i      | E::L
   UA:LO:L | i       | i       | i       | i       | i      | i
   UA:P:L  | i       | i       | i       | i       | i      | i
   UA:DP:L | i       | i       | i       | i       | i      | i
   UA:LO:R | UA:DP:L | PF:DW:L | i       | i       | i      | i
   UA:P:R  | UA:DP:L | PF:DW:L | i       | i       | i      | i
   UA:DP:R | UA:DP:L | PF:DW:L | i       | i       | i      | i
   PF:W:L  | i       | i       | i       | i       | i      | i
   PF:DW:L | i       | i       | i       | i       | i      | i
   PF:W:R  | UA:DP:L | PF:DW:L | i       | i       | i      | i
   PF:DW:R | UA:DP:L | PF:DW:L | i       | i       | i      | i
   SA:F:L  | i       | i       | i       | i       | i      | i
   SA:MW:L | UA:DP:L | PF:DW:L | i       | i       | i      | i
   SA:MP:L | UA:DP:L | PF:DW:L | i       | i       | i      | i
   SA:F:R  | UA:DP:L | PF:DW:L | i       | i       | i      | i
   SA:MW:R | UA:DP:L | PF:DW:L | SA:MW:L | i       | i      | i
   SA:MP:R | UA:DP:L | PF:DW:L | i       | SA:MP:L | i      | i
   WTR     | UA:DP:L | PF:DW:L | SA:MW:L | SA:MP:L | (6)    | i
   DNR     | UA:DP:L | PF:DW:L | SA:MW:L | SA:MP:L | i      | E::L
   E::L    | UA:DP:L | PF:DW:L | SA:MW:L | SA:MP:L | i      | i
   E::R    | UA:DP:L | PF:DW:L | SA:MW:L | SA:MP:L | i      | E::L

   NOTES:

   (1)  Re-evaluate to determine the final state as if the node is in
        the Normal state.  If there are no active requests, the node
        enters the Normal State.

   (2)  In the case that both local input after SFDc and the last
        received remote message are NR, the node enters into the WTR
        state when the domain is configured for revertive behavior, or
        the node enters into the DNR state when the domain is configured
        for non-revertive behavior.  In all the other cases, where one
        or more active requests exist, re-evaluate to determine the
        final state as if the node is in the Normal state.

   (3)  Re-evaluate to determine final state as if the node is in the
        Normal state when the domain is configured for revertive
        behavior, or as if the node is in the DNR state when the domain
        is configured for non-revertive behavior.  If there are no
        active requests, the node enters either the Normal state when
        the domain is configured for revertive behavior or the DNR state
        when the domain is configured for non-revertive behavior.
Top   ToC   RFC7271 - Page 25
   (4)  Remain in the WTR state and send an NR(0,1) message.  Stop the
        WTR timer if it is running.  In APS mode, OC can cancel the WTR
        timer and hasten the state transition to the Normal state as in
        other transport networks.

   (5)  If Path value is 0, re-evaluate to determine final state as if
        the node is in the Normal state.  If Path value is 1,
        re-evaluate to determine final state as if the node is in the
        DNR state.  If there are no active requests, the node enters the
        Normal state when Path value is 0, or the DNR state when Path
        value is 1.

   (6)  Remain in the WTR state and send an NR(0,1) message.

11.2. State Transition by Remote Messages

| LO | SF-P | FS | SF-W | SD-P | SD-W | --------+---------+--------+--------+--------+---------+---------+ N | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | UA:LO:L | i | i | i | i | i | i | UA:P:L | UA:LO:R | i | i | i | i | i | UA:DP:L | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | i | (7) | UA:LO:R | i | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | UA:P:R | UA:LO:R | i | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | UA:DP:R | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | i | PF:DW:R | PF:W:L | UA:LO:R | UA:P:R | SA:F:R | i | i | i | PF:DW:L | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | (8) | i | PF:W:R | UA:LO:R | UA:P:R | SA:F:R | i | UA:DP:R | PF:DW:R | PF:DW:R | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | i | SA:F:L | UA:LO:R | UA:P:R | i | i | i | i | SA:MW:L | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | SA:MP:L | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | SA:F:R | UA:LO:R | UA:P:R | i | PF:W:R | UA:DP:R | PF:DW:R | SA:MW:R | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | SA:MP:R | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | WTR | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | DNR | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | E::L | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R | E::R | UA:LO:R | UA:P:R | SA:F:R | PF:W:R | UA:DP:R | PF:DW:R |
Top   ToC   RFC7271 - Page 26
(Continued)

           | MS-W    | MS-P    | WTR | EXER | RR | DNR  | NR
   --------+---------+---------+-----+------+----+------+----
   N       | SA:MW:R | SA:MP:R | i   | E::R | i  | i    | i
   UA:LO:L | i       | i       | i   | i    | i  | i    | i
   UA:P:L  | i       | i       | i   | i    | i  | i    | i
   UA:DP:L | i       | i       | i   | i    | i  | i    | i
   UA:LO:R | SA:MW:R | SA:MP:R | i   | E::R | i  | i    | N
   UA:P:R  | SA:MW:R | SA:MP:R | i   | E::R | i  | i    | N
   UA:DP:R | SA:MW:R | SA:MP:R | i   | E::R | i  | i    | N
   PF:W:L  | i       | i       | i   | i    | i  | i    | i
   PF:DW:L | i       | i       | i   | i    | i  | i    | i
   PF:W:R  | SA:MW:R | SA:MP:R | (9) | E::R | i  | (10) | (11)
   PF:DW:R | SA:MW:R | SA:MP:R | (9) | E::R | i  | (10) | (11)
   SA:F:L  | i       | i       | i   | i    | i  | i    | i
   SA:MW:L | i       | i       | i   | i    | i  | i    | i
   SA:MP:L | i       | i       | i   | i    | i  | i    | i
   SA:F:R  | SA:MW:R | SA:MP:R | i   | E::R | i  | DNR  | N
   SA:MW:R | i       | SA:MP:R | i   | E::R | i  | i    | N
   SA:MP:R | SA:MW:R | i       | i   | E::R | i  | DNR  | N
   WTR     | SA:MW:R | SA:MP:R | i   | i    | i  | i    | (12)
   DNR     | SA:MW:R | SA:MP:R | (13)| E::R | i  | i    | i
   E::L    | SA:MW:R | SA:MP:R | i   | i    | i  | i    | i
   E::R    | SA:MW:R | SA:MP:R | i   | i    | i  | DNR  | N

   NOTES:

   (7)  If the received SD-W message has Path=0, ignore the message.  If
        the received SD-W message has Path=1, go to the PF:DW:R state
        and transmit an SD(0,1) message.

   (8)  If the received SD-P message has Path=1, ignore the message.  If
        the received SD-P message has Path=0, go to the UA:DP:R state
        and transmit an SD(1,0) message.

   (9)  Transition to the WTR state and continue to send the current
        message.

   (10) Transition to the DNR state and continue to send the current
        message.

   (11) If the received NR message has Path=1, transition to the WTR
        state if the domain is configured for revertive behavior, else
        transition to the DNR state.  If the received NR message has
        Path=0, transition to the Normal state.
Top   ToC   RFC7271 - Page 27
   (12) If the receiving node's WTR timer is running, maintain the
        current state and message.  If the WTR timer is not running,
        transition to the Normal state.

   (13) Transit to the WTR state and send an NR(0,1) message.  The WTR
        timer is not initiated.

11.3. State Transition for 1+1 Unidirectional Protection

The state transition tables given in Sections 11.1 and 11.2 are for bidirectional protection switching, where remote PSC protocol messages are used to determine the protection-switching actions. 1+1 unidirectional protection switching does not require the remote information in the PSC protocol message and acts upon local inputs only. The state transition by local inputs in Section 11.1 SHALL be reused for 1+1 unidirectional protection under the following conditions: o The value of Request field in the received remote message is ignored and always assumed to be no request. o Replace footnote (4) with "Stop the WTR timer and transit to the Normal state." o Replace footnote (6) with "Transit to the Normal state." o Exercise command is not relevant.

12. Provisioning Mismatch and Protocol Failure in APS Mode

The remote PSC message that is received from the remote node is subject to the detection of provisioning mismatch and protocol failure conditions. In APS mode, provisioning mismatches are handled as follows: o If the PSC message is received from the working path due to working/protection path configuration mismatch, the node MUST alert the operator and MUST NOT perform any protection switching until the operator resolves this path configuration mismatch. o In the case that the mismatch happens in the two-bit "Protection Type (PT)" field, which indicates permanent/selector bridge type and uni/bidirectional switching type:
Top   ToC   RFC7271 - Page 28
      *  If the value of the PT field of one side is 2 (i.e., selector
         bridge) and that of the other side is 1 or 3 (i.e., permanent
         bridge), then this event MUST be notified to the operator and
         each node MUST NOT perform any protection switching until the
         operator resolves this bridge type mismatch.

      *  If the bridge type matches but the switching type mismatches,
         i.e., one side has PT=1 (unidirectional switching) while the
         other side has PT=2 or 3 (bidirectional switching), then the
         node provisioned for bidirectional switching SHOULD fall back
         to unidirectional switching to allow interworking.  The node
         SHOULD notify the operator of this event.

   o  If the "Revertive (R)" bit mismatches, two sides will interwork
      and traffic is protected according to the state transition
      definition given in Section 11.  The node SHOULD notify the
      operator of this event.

   o  If the Capabilities TLV mismatches, the node MUST alert the
      operator and MUST NOT perform any protection switching until the
      operator resolves the mismatch in the Capabilities TLV.

   The following are the protocol failure situations and the actions to
   be taken:

   o  No match in sent "Data Path (Path)" and received "Data Path
      (Path)" for more than 50 ms: The node MAY continue to perform
      protection switching and SHOULD notify the operator of this event.

   o  No PSC message is received on the protection path during at least
      3.5 times the long PSC message interval (e.g., at least 17.5
      seconds with a default message interval of 5 seconds), and there
      is no defect on the protection path: The node MUST alert the
      operator and MUST NOT perform any protection switching until the
      operator resolves this defect.

13. Security Considerations

This document introduces no new security risks. [RFC6378] points out that MPLS relies on assumptions about the difficulty of traffic injection and assumes that the control plane does not have end-to-end security. [RFC5920] describes MPLS security issues and generic methods for securing traffic privacy and integrity. MPLS use should conform to such advice.
Top   ToC   RFC7271 - Page 29

14. IANA Considerations

14.1. MPLS PSC Request Registry

In the "Generic Associated Channel (G-ACh) Parameters" registry, IANA maintains the "MPLS PSC Request Registry". IANA has assigned the following two new code points from this registry. Value Description Reference ----- --------------------- --------------- 2 Reverse Request (this document) 3 Exercise (this document)

14.2. MPLS PSC TLV Registry

In the "Generic Associated Channel (G-ACh) Parameters" registry, IANA maintains the "MPLS PSC TLV Registry". This document defines the following new value for the Capabilities TLV type in the "MPLS PSC TLV Registry". Value Description Reference ------ --------------------- --------------- 1 Capabilities (this document)

14.3. MPLS PSC Capability Flag Registry

IANA has created and now maintains a new registry within the "Generic Associated Channel (G-ACh) Parameters" registry called "MPLS PSC Capability Flag Registry". All flags within this registry SHALL be allocated according to the "Standards Action" procedures as specified in RFC 5226 [RFC5226]. The length of each flag MUST be a multiple of 4 octets. This document defines 4-octet flags. Flags greater than 4 octets SHALL be used only if more than 32 Capabilities need to be defined. The flags defined in this document are: Bit Hex Value Capability Reference ---- ---------- ----------------------------------- --------------- 0 0x80000000 priority modification (this document) 1 0x40000000 non-revertive behavior modification (this document) 2 0x20000000 support of MS-W command (this document) 3 0x10000000 support of protection against SD (this document) 4 0x08000000 support of EXER command (this document) 5-31 Unassigned (this document)
Top   ToC   RFC7271 - Page 30

15. Acknowledgements

The authors would like to thank Yaacov Weingarten, Yuji Tochio, Malcolm Betts, Ross Callon, Qin Wu, and Xian Zhang for their valuable comments and suggestions on this document. We would also like to acknowledge explicit text provided by Loa Andersson and Adrian Farrel.

16. References

16.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5654] Niven-Jenkins, B., Brungard, D., Betts, M., Sprecher, N., and S. Ueno, "Requirements of an MPLS Transport Profile", RFC 5654, September 2009. [RFC6378] Weingarten, Y., Bryant, S., Osborne, E., Sprecher, N., and A. Fulignoli, "MPLS Transport Profile (MPLS-TP) Linear Protection", RFC 6378, October 2011.

16.2. Informative References

[G8031] International Telecommunication Union, "Ethernet Linear Protection Switching", ITU-T Recommendation G.8031/Y.1342, June 2011. [G841] International Telecommunication Union, "Types and characteristics of SDH network protection architectures", ITU-T Recommendation G.841, October 1998. [G873.1] International Telecommunication Union, "Optical Transport Network (OTN): Linear protection", ITU-T Recommendation G.873.1, July 2011. [RFC4427] Mannie, E. and D. Papadimitriou, "Recovery (Protection and Restoration) Terminology for Generalized Multi-Protocol Label Switching (GMPLS)", RFC 4427, March 2006. [RFC5920] Fang, L., "Security Framework for MPLS and GMPLS Networks", RFC 5920, July 2010.
Top   ToC   RFC7271 - Page 31
   [RFC6372]  Sprecher, N. and A. Farrel, "MPLS Transport Profile
              (MPLS-TP) Survivability Framework", RFC 6372, September
              2011.
Top   ToC   RFC7271 - Page 32

Appendix A. An Example of an Out-of-Service Scenario

The sequence diagram shown is an example of the out-of-service scenarios based on the priority level defined in [RFC6378]. The first PSC message that differs from the previous PSC message is shown. A Z | | (1) |-- NR(0,0) ------>| (1) |<----- NR(0,0) ---| | | | | | (FS issued at Z) | (2) (3) |<------ FS(1,1) --| |-- NR(0,1) ------>| | | | | (4) | (SF on P(A<-Z)) | | | | | | (Clear FS at Z) | (5) (6) | X <- NR(0,0) --| | | | | (1) Each end is in the Normal state and transmits NR(0,0) messages. (2) When a FS command is issued at node Z, node Z goes into local Protecting Administrative state (PA:F:L) and begins transmission of an FS(1,1) message. (3) A remote FS message causes node A to go into remote Protecting Administrative state (PA:F:R), and node A begins transmitting NR(0,1) messages. (4) When node A detects a unidirectional SF-P, node A keeps sending an NR(0,1) message because SF-P is ignored under the PA:F:R state. (5) When a Clear command is issued at node Z, node Z goes into the Normal state and begins transmission of NR(0,0) messages. (6) But, node A cannot receive PSC message because of local unidirectional SF-P. Because no valid PSC message is received over a period of several successive message intervals, the last valid received message remains applicable, and the node A continue to transmit an NR(0,1) message in the PA:F:R state.
Top   ToC   RFC7271 - Page 33
   Now, there exists a mismatch between the selector and bridge
   positions of node A (transmitting an NR(0,1) message) and node Z
   (transmitting an NR(0,0) message).  It results in an out-of-service
   situation even when there is neither SF-W nor FS.

Appendix B. An Example of a Sequence Diagram Showing the Problem with the Priority Level of SFc

An example of a sequence diagram showing the problem with the priority level of SFc defined in [RFC6378] is given below. The following sequence diagram depicts the case when the bidirectional signal fails. However, other cases with unidirectional signal fails can result in the same problem. The first PSC message that differs from the previous PSC message is shown. A Z | | (1) |-- NR(0,0) ------>| (1) |<----- NR(0,0) ---| | | | | (2) | (SF on P(A<->Z)) | (2) |-- SF(0,0) ------>| |<------ SF(0,0) --| | | | | (3) | (SF on W(A<->Z)) | (3) | | | | (4) | (Clear SF-P) | (4) | | | | (5) | (Clear SF-W) | (5) | | | | (1) Each end is in the Normal state and transmits NR(0,0) messages. (2) When SF-P occurs, each node enters into the UA:P:L state and transmits SF(0,0) messages. Traffic remains on the working path. (3) When SF-W occurs, each node remains in the UA:P:L state as SF-W has a lower priority than SF-P. Traffic is still on the working path. Traffic cannot be delivered, as both the working path and the protection path are experiencing signal fails.
Top   ToC   RFC7271 - Page 34
   (4)  When SF-P is cleared, the local "Clear SF-P" request cannot be
        presented to the PSC Control Logic, which takes the highest
        local request and runs the PSC state machine, since the priority
        of "Clear SF-P" is lower than that of SF-W.  Consequently, there
        is no change in state, and the selector and/or bridge keep
        pointing at the working path, which has SF condition.

   Now, traffic cannot be delivered while the protection path is
   recovered and available.  It should be noted that the same problem
   will occur in the case that the sequence of SF-P and SF-W events is
   changed.

   If we further continue with this sequence to see what will happen
   after SF-W is cleared:

   (5)  When SF-W is cleared, the local "Clear SF-W" request can be
        passed to the PSC Control Logic, as there is no higher-priority
        local input, but it will be ignored in the PSC Control Logic
        according to the state transition definition in [RFC6378].
        There will be no change in state or protocol message
        transmitted.

   As SF-W is now cleared and the selector and/or bridge are still
   pointing at the working path, traffic delivery is resumed.  However,
   each node is in the UA:P:L state and transmitting SF(0,0) messages,
   while there exists no outstanding request for protection switching.
   Moreover, any future legitimate protection-switching requests, such
   as SF-W, will be rejected as each node thinks the protection path is
   unavailable.

Appendix C. Freeze Command

The "Freeze" command applies only to the local node of the protection group and is not signaled to the remote node. This command freezes the state of the protection group. Until the Freeze is cleared, additional local commands are rejected, and condition changes and received PSC information are ignored. The "Clear Freeze" command clears the local freeze. When the Freeze command is cleared, the state of the protection group is recomputed based on the persistent condition of the local triggers. Because the freeze is local, if the freeze is issued at one end only, a failure of protocol can occur as the other end is open to accept any operator command or a fault condition.
Top   ToC   RFC7271 - Page 35

Appendix D. Operation Examples of the APS Mode

The sequence diagrams shown in this section are only a few examples of the APS mode operations. The first PSC protocol message that differs from the previous message is shown. The operation of the hold-off timer is omitted. The Request, FPath, and Path fields whose values are changed during PSC message exchange are shown. For an example, SF(1,0) represents a PSC message with the following field values: Request=SF, FPath=1, and Path=0. The values of the other fields remain unchanged from the initial configuration. W(A->Z) and P(A->Z) indicate the working path and the protection path in the direction of A to Z, respectively. Example 1. 1:1 bidirectional protection switching (revertive operation) - Unidirectional SF case A Z | | (1) |<---- NR(0,0)---->| (1) | | | | (2) | (SF on W(Z->A)) | |---- SF(1,1)----->| (3) (4) |<----- NR(0,1)----| | | | | (5) | (Clear SF-W) | |---- WTR(0,1)---->| /| | | | | WTR timer | | | | | \| | (6) |---- NR(0,1)----->| (7) (8) |<----- NR(0,0)----| |---- NR(0,0)----->| (9) | | (1) The protected domain is operating without any defect, and the working path is used for delivering the traffic in the Normal state. (2) SF-W occurs in the Z to A direction. Node A enters into the PF:W:L state and generates an SF(1,1) message. Both the selector and bridge of node A are pointing at the protection path.
Top   ToC   RFC7271 - Page 36
   (3)  Upon receiving an SF(1,1) message, node Z sets both the selector
        and bridge to the protection path.  As there is no local request
        in node Z, node Z generates an NR(0,1) message in the PF:W:R
        state.

   (4)  Node A confirms that the remote node is also selecting the
        protection path.

   (5)  Node A detects clearing of SF condition, starts the WTR timer,
        and sends a WTR(0,1) message in the WTR state.

   (6)  Upon expiration of the WTR timer, node A sets both the selector
        and bridge to the working path and sends an NR(0,1) message.

   (7)  Node Z is notified that the remote request has been cleared.
        Node Z transits to the Normal state and sends an NR(0,0)
        message.

   (8)  Upon receiving an NR(0,0) message, node A transits to the Normal
        state and sends an NR(0,0) message.

   (9)  It is confirmed that the remote node is also selecting the
        working path.
Top   ToC   RFC7271 - Page 37
   Example 2.  1:1 bidirectional protection switching (revertive
   operation) - Bidirectional SF case - Inconsistent WTR timers

                       A                  Z
                       |                  |
                   (1) |<---- NR(0,0)---->| (1)
                       |                  |
                       |                  |
                   (2) | (SF on W(A<->Z)) | (2)
                       |<---- SF(1,1)---->|
                       |                  |
                       |                  |
                   (3) |   (Clear SF-W)   | (3)
                       |<---- NR(0,1)---->|
                   (4) |<--- WTR(0,1) --->| (4)
                      /|                  |\
                     | |                  | |
             WTR timer |                  | WTR timer
                     | |                  | |
                     | |                  |/
                     | |<------ NR(0,1)---| (5)
                     | |                  |
                      \|                  |
                   (6) |--- NR(0,1)------>|
                       |<------ NR(0,0)---| (7)
                   (8) |--- NR(0,0)------>|
                       |                  |

   (1)  Each end is in the Normal state and transmits NR(0,0) messages.

   (2)  When SF-W occurs, each node enters into the PF:W:L state and
        transmits SF(1,1) messages.  Traffic is switched to the
        protection path.  Upon receiving an SF(1,1) message, each node
        confirms that the remote node is also sending and receiving the
        traffic from the protection path.

   (3)  When SF-W is cleared, each node transits to the PF:W:R state and
        transmits NR(0,1) messages as the last received message is SF-W.

   (4)  Upon receiving NR(0,1) messages, each node goes into the WTR
        state, starts the WTR timer, and sends the WTR(0,1) messages.

   (5)  Upon expiration of the WTR timer in node Z, node Z sends an
        NR(0,1) message as the last received APS message was WTR.  When
        the NR(0,1) message arrives at node A, node A maintains the WTR
        state and keeps sending current WTR messages as described in the
        state transition table.
Top   ToC   RFC7271 - Page 38
   (6)  Upon expiration of the WTR timer in node A, node A sends an
        NR(0,1) message.

   (7)  When the NR(0,1) message arrives at node Z, node Z moves to the
        Normal state, sets both the selector and bridge to the working
        path, and sends an NR(0,0) message.

   (8)  The received NR(0,0) message causes node A to go to the Normal
        state.  Now, the traffic is switched back to the working path.

   Example 3.  1:1 bidirectional protection switching - R bit mismatch

   This example shows that both sides will interwork and the traffic is
   protected when one side (node A) is configured as revertive operation
   and the other (node Z) is configured as non-revertive operation.  The
   interworking is covered in the state transition tables.

           (revertive) A                  Z (non-revertive)
                       |                  |
                   (1) |<---- NR(0,0)---->| (1)
                       |                  |
                       |                  |
                   (2) | (SF on W(A<->Z)) | (2)
                       |<---- SF(1,1)---->|
                       |                  |
                       |                  |
                   (3) |   (Clear SF-W)   | (3)
                       |<---- NR(0,1)---->|
                   (4) |<----- DNR(0,1)---| (4)
                      /|-- WTR(0,1)------>|
                     | |<----- NR(0,1)----| (5)
                     | |                  |
             WTR timer |                  |
                     | |                  |
                     | |                  |
                      \|                  |
                   (6) |--- NR(0,1)------>|
                       |<------ NR(0,0)---| (7)
                   (8) |--- NR(0,0)------>|
                       |                  |

   (1)  Each end is in the Normal state and transmits NR(0,0) messages.

   (2)  When SF-W occurs, each node enters into the PF:W:L state and
        transmits SF(l,l) messages.  Traffic is switched to the
        protection path.  Upon receiving an SF(1,1) message, each node
        confirms that the remote node is also sending and receiving the
        traffic on the protection path.
Top   ToC   RFC7271 - Page 39
   (3)  When SF-W is cleared, each node transits to the PF:W:R state and
        transmits NR(0,1) messages as the last received message is SF-W.

   (4)  Upon receiving NR(0,1) messages, node A goes into the WTR state,
        starts the WTR timer, and sends WTR(0,1) messages.  At the same
        time, node Z transits to the DNR state and sends a DNR(0,1)
        message.

   (5)  When the WTR message arrives at node Z, node Z transits to the
        WTR state and sends an NR(0,1) message according to the state
        transition table.  At the same time, the DNR message arrived at
        node Z is ignored according to the state transition table.
        Therefore, node Z, which is configured as non-revertive
        operation, is operating as if in revertive operation.

   (6)  Upon expiration of the WTR timer in node A, node A sends an
        NR(0,1) message.

   (7)  When the NR(0,1) message arrives at node Z, node Z moves to the
        Normal state, sets both the selector and bridge to the working
        path, and sends an NR(0,0) message.

   (8)  The received NR(0,0) message causes node A to transit to the
        Normal state.  Now, the traffic is switched back to the working
        path.
Top   ToC   RFC7271 - Page 40

Authors' Addresses

Jeong-dong Ryoo (editor) ETRI 218 Gajeongno Yuseong-gu, Daejeon 305-700 South Korea Phone: +82-42-860-5384 EMail: ryoo@etri.re.kr Eric Gray (editor) Ericsson EMail: eric.gray@ericsson.com Huub van Helvoort Huawei Technologies Karspeldreef 4, Amsterdam 1101 CJ The Netherlands Phone: +31 20 4300936 EMail: huub.van.helvoort@huawei.com Alessandro D'Alessandro Telecom Italia via Reiss Romoli, 274 Torino 10148 Italy Phone: +39 011 2285887 EMail: alessandro.dalessandro@telecomitalia.it Taesik Cheung ETRI 218 Gajeongno Yuseong-gu, Daejeon 305-700 South Korea Phone: +82-42-860-5646 EMail: cts@etri.re.kr Eric Osborne EMail: eric.osborne@notcom.com