Encapsulation of Simple Two-Way Active Measurement Protocol for Pseudowires and LSPs in MPLS Networks

The Simple Two-way Active Measurement Protocol (STAMP) provides capabilities for the measurement of various metrics in IP networks without the use of a control channel to pre-signal session parameters. defines optional extensions for STAMP. Pseudowires (PWs) are used in MPLS networks for various services including carrying layer 2 and layer 3 data packets . The PWs are bidirectional in nature. The PWs can be point-to-point or point-to-multipoint. The PWs may use optional Control Word (CW) as defined in the Section 3, "Generic PW MPLS Control Word" of . Label Switched Paths (LSPs) are used in MPLS networks for various services including carrying layer 2 and layer 3 data packets The MPLS LSPs may use optional CW as defined in the Section 3, "Generic PW MPLS Control Word" of . MPLS Transport Profile (MPLS-TP) was designed to use the MPLS data plane without any changes, therefore when we specify STAMP over an MPLS data plane, it is equally applicable to the MPLS-TP networks. As specified in Section 2 of , "OAM and protection mechanisms, and forwarding of data packets, must be able to operate without IP forwarding support". When using STAMP for MPLS and MPLS-TP for both PWs and LSPs, there are unique aspects that need to be considered concerning the CW, and these aspects are addressed in this document. A Generic Associated Channel (G-ACh) provides a mechanism to transport Operations, Administration, and Maintenance (OAM) and other control messages over MPLS data plane. The G-ACh types identify the various OAM messages being transported over the channel. Virtual Circuit Connectivity Verification (VCCV) is used as Control Channel for PWs as described in . A G-ACh can be used as a VCCV control channel as described in . This document describes the procedure for encapsulation of the STAMP defined in and its optional extensions defined in for point-to-point PWs and LSPs in MPLS networks. The procedure uses G-ACh to encapsulate STAMP test packets with or without an IP/UDP header for PWs and LSPs. This document defines two new G-ACh types when using STAMP without an IP/UDP header, those are PW demultiplexer agnostic and hence applicable to both PWs and Layer 2 Tunneling Protocol version 3 (L2TPv3) PW demultiplexers. This document uses existing G-ACh types for IPv4 and IPv6 when using STAMP with an IP/UDP header for PWs and LSPs.

The STAMP test packets need to be transmitted with the same label stack that is used by the PW and LSP to ensure proper validation of underlay path taken by the actual data traffic. Also, the test packets need to follow the same ECMP underlay path taken by the PW and LSP data traffic in the network. The PW data traffic may be encapsulated using CW with an IP header. As such, the STAMP test packets need to be transmitted over the PW using G-ACh and an IP/UDP header. The data traffic over L2-Specific Sublayer (L2SS) as used in L2TP PW carry CW but do not carry an IP/UDP header. As such, the STAMP packets need to be transmitted over L2-Specific Sublayer (L2SS) as used in L2TP PW using G-ACh without any IP/UDP header (as raw STAMP payload). The Private Line Emulation (PLE) traffic is sent over a Packet Switched Network (PSN) as Virtual Private Wire Services (VPWS) using PWs. The data packets are encapsulated with PLE CW, but they do not carry any IP header. As such, the STAMP test packets need to be transmitted using the same label stack including VPWS PW Label as the PLE traffic and encapsulated using G-ACh but without any IP/UDP header. This allows the STAMP test packets to experience the same forwarding behaviour, follow the same underlay path as the PLE traffic and avoid different ECMP behavior on intermediate nodes. The G-ACh type allows to demultiplex VCCV Control Channel for PWs . The G-ACh types for STAMP packets with or without IP/UDP headers are also used to demultiplex VCCV Control Channel for PWs. Signaling extensions for VCCV Control Channel for PW for STAMP are outside the scope of this document. The G-ACh provides support for OAM Control Channel associated with the MPLS Transport Profile (MPLS-TP) LSPs and PWs. The OAM Control Channel for MPLS-TP needs to be extended to encapsulate STAMP test packets (just like the delay and loss measurement packets defined in ). The G-ACh types for STAMP also allow to demultiplex OAM Control Channel for MPLS-TP. The requirements for the encapsulation of the STAMP test packets for the PWs and LSPs in MPLS networks can be summarized as follows: o The G-ACh MUST support STAMP test packets with an IP/UDP header. o The G-ACh MUST support STAMP test packets without an IP/UDP header. o The G-ACh MUST support STAMP to demultiplex Control Channel. o The Session-Sender test packets MUST follow the underlay path taken by the data traffic that is using CW. o The Session-Sender test packets MUST follow the same ECMP underlay path taken by the data traffic that is using CW and Entropy Label defined in . o The Session-Sender test packets MUST follow the same ECMP underlay path taken by the data traffic that is using CW but not using Entropy Label defined in . o The Session-Reflector test packets MAY follow the reverse underlay path taken by Session-Sender test packets. o The Session-Reflector test packets MAY follow the same reverse ECMP underlay path taken by Session-Sender test packets. This document concerns with the STAMP operation for the P2P Single-Segment PWs (SS-PWs). The procedure for STAMP operation for point-to-multipoint (P2MP) PWs is outside the scope of this document.

Examples of MPLS data traffic use cases for STAMP test packets with IP/UDP headers: 1. MPLS PW Data Traffic (with CW and IP header) 2. MPLS-TP PW Data Traffic (with CW and IP header) 3. MPLS LSP Data Traffic (with IP header) Examples of MPLS data traffic use cases for STAMP test packets without IP/UDP headers: 1. MPLS Ethernet PW Data Traffic 2. L2-Specific Sublayer (L2SS) used in L2TPv3 PW Data Traffic 3. Private Line Emulation PW Data Traffic 4. TDM over IP PW Data Traffic (with no IP header) 5. MPLS-TP LSP Data Traffic

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

ECMP: Equal Cost Multi-Path. G-ACh: Generic Associated Channel. GAL: G-ACh Label. HMAC: Hashed Message Authentication Code. MPLS: Multiprotocol Label Switching. OAM: Operations, Administration, and Maintenance. PLE: Private Line Emulation. PW: Pseudowire. SHA: Secure Hash Algorithm. STAMP: Simple Two-way Active Measurement Protocol. TC: Traffic Class. TTL: Time-To-Live.

In the STAMP reference topology shown in Figure 1, there exists a PW or an LSP to transport data between Provider Edge (PE) Endpoints S1 and R1. The STAMP Session-Sender on PE node S1 initiates a Session-Sender test packet and the STAMP Session-Reflector on PE node R1 transmits a reply test packet. The Session-Reflector reply test packet may be transmitted to the STAMP Session-Sender node S1 on the same path (same set of links and nodes) in the reverse direction of the path taken towards the Session-Reflector node R1. T1 is a transmit timestamp, and T4 is a receive timestamp added by node S1. T2 is a receive timestamp, and T3 is a transmit timestamp added by node R1.

| |<-------- LSP -------------->| | | | T1 T2 | | / \ | +-------+ Test Packet +-------+ | | - - - - - - - - - ->| | | S1 |=====================| R1 | | |<- - - - - - - - - - | | +-------+ Reply Test Packet +-------+ \ / T4 T3 STAMP Session-Sender STAMP Session-Reflector Provider Edge Endpoint Provider Edge Endpoint ]]>

The STAMP Session-Sender and Session-Reflector test packets defined in are encapsulated and transmitted over the PWs in MPLS networks. The base STAMP test packets can be encapsulated using an IP/UDP header and may use destination UDP port 862 . The source UDP port is chosen by the Session-Sender.

There are two ways in which STAMP test packets may be encapsulated over a G-ACh, either using an IP/UDP header, referred to as Format1 or without using an IP/UDP header, referred to as Format2. For encapsulating the STAMP test packets over a G-ACh with IP/UDP headers (in Format1), IPv4 and IPv6 channel types are used for both Session-Sender and Session-Reflector test packets. The destination UDP port number in the Session-Sender and Session-Reflector test packets discriminate the test packets. The IP version (IPv4 or IPv6) MUST match the IP version used for for the PWs and LSPs being measured. For encapsulating the STAMP test packets over a G-ACh without adding IP/UDP headers (in Format2), two new channel types are defined in this document, one for the Session-Sender test packets and one for the Session-Reflector test packets. The different channel types are required for the Session-Sender and Session-Reflector test packets as the STAMP test packets do not have a way to discriminate them.

The STAMP test packets are encapsulated with MPLS header using the same label stack as the PW data traffic (including the PW label) and G-ACh header (instead of CW used by the data traffic). The encapsulation allows the STAMP test packets to follow the same path as the PW data traffic, and provide the same ECMP behaviour on the intermediate nodes. The IPv4 Time to Live (TTL), IPv6 Hop Limit and Generalized TTL Security Mechanism (GTSM) procedures from also apply to the encapsulation of STAMP test packets, and hence the IPv4 and MPLS TTL and IPv6 Hop Limit MUST be set to 255. The OAM Control Channel traffic between two Provider Edge (PE) endpoints is not forwarded past the PE endpoints towards the Customer Edge (CE) devices; instead, the OAM messages are intercepted at the PE endpoints for exception processing in control-plane. defines mechanisms for VCCV Control Channel to carry OAM messages for PWs. The "In-band VCCV for Control Word with 0001b as first nibble (Type 1)" defined in Section 5.1.1 of MUST be added when when measuring PW with CW to avoid the different ECMP hashing behaviour. The method for "TTL Expiry VCCV (Type 3)" defined in Section 5.1.3 of allows to terminate the OAM messages on the remote PE endpoint nodes. This method is applied to the STAMP test packets to force test packets to be processed on Session-Sender and Session-Reflector control-planes by adding the PW label with TTL value 1. The VCCC Type 2 is also referred to as 'MPLS Router Alert Label" . This method could result in a different Equal Cost Multi-Path (ECMP) hashing behavior, and thus result in the STAMP packets taking a path which differs from that of the actual data traffic under test . Hence, the VCCV Type 2 is not supported for STAMP for measuring the PW traffic. The procedure to encapsulate STAMP packets for PWs, is also applicable to MPLS LSPs and MPLS-TP LSPs when using CW. For measuring the data traffic over MPLS LSPs using an IP header, STAMP test packet in Format1 is transmitted. For measuring the data traffic over MPLS-TP LSPs, not using an IP header, STAMP test packet in Format2 is transmitted with TTL value 1 with the ultimate LSP label in the MPLS header. The G-ACh label (GAL) along with Generic Associated Channel (G-ACh) types defined in this document can be used with STAMP test packets without an IP/UDP header (in Format2), similar to the case of MPLS-TP LSP performance measurement defined in .

Control Channel Types defined in are applicable to STAMP Test Packets for PWs and LSPs as follows: Control Channel Type Control Channel Name STAMP Header Format G-ACh Type Type 1 In-band: Control Word with 0001b as first nibble Format1 (IP/UDP Headers) IPv4 G-ACH (0x21) and IPv6 G-ACH (0x57) Type 1 In-band: Control Word with 0001b as first nibble Format2 (No IP/UDP Headers) G-ACH Type STAMP G-ACH (TBD1/TBD2) Type 2 Out-of-band: MPLS Router Alert Label Not supported Not supported Type 3 TTL Expiry: Label with TTL as 1 Format 1 (IP/UDP Headers) IPv4 G-ACH (0x21) and IPv6 G-ACH (0x57) Type 3 TTL Expiry: Label with TTL as 1 Format2 (No IP/UDP Headers) G-ACH Type STAMP G-ACH (TBD1/TBD2)

The STAMP Session-Sender test packets are transmitted for a PW or an LSP using an MPLS header with or without an IP/UDP header. The Session-Sender STAMP test packets are transmitted using the label stack of the PW, including the PW label of the PW and G-ACh. The Session-Sender STAMP test packets are transmitted using the label stack of the LSP as well as G-ACh.

The content of an example STAMP Session-Sender test packet for a PW or an LSP encapsulated using a G-ACh and an IP/UDP header is shown in Figure 2.

The G-ACh header with channel type for IPv4 or IPv6 MUST immediately follow the bottom of the label stack. The payload contains the STAMP Session-Sender test packet defined in . The STAMP Session-Sender test packet G-ACh header contains following fields: The Version field is set to 0, as defined in . Reserved Bits MUST be set to zero upon transmission and ignored upon receipt. G-ACh type for IPv4 header (0x0021) or IPv6 header (0x0057) .

The content of an example STAMP Session-Sender test packet for a PW or an LSP encapsulated using a G-ACh without an IP/UDP header is shown in Figure 3.

The G-ACh header with new STAMP Session-Sender channel type (value TBD1) MUST immediately follow the bottom of the label stack. The payload contains the STAMP Session-Sender test packet defined in . The STAMP channel type allows the identification of the encased STAMP payload when demultiplexing G-ACh. The STAMP Session-Sender test packet G-ACh header contains following fields: The Version field is set to 0, as defined in . Reserved Bits MUST be set to zero upon transmission and ignored upon receipt. G-ACh type for STAMP Session-Sender packet (TBD1).

The STAMP Session-Reflector reflects the test packet back to the Session-Sender using the same channel in the reverse direction of the PW or the LSP on which it was received. The Session-Reflector has enough information to reflect the test packet received by it to the Session- Sender using the PW or the LSP context. The STAMP Session-Reflector reply test packet is transmitted on the same path in the reverse direction of the PW or the LSP. The STAMP test packet can be transmitted using an MPLS header with or without an IP/UDP header. The Session-Reflector test packet is sent with an IP/UDP header if the Session-Sender test packet is received with an IP/UDP header, otherwise, it is sent without an IP/UDP header. The Session-Reflector can use the PW label or the ultimate LSP label in the received packet to find the PW or the LSP in the reverse direction. The Session-Reflector uses the label stack of that PW or LSP as well as G-ACh, to transmit the Session-Reflector test packet. The Session-Reflector test packet uses the same G-ACh as the received in the Session-Sender test packet.

The content of an example STAMP Session-Reflector test packet for a PW or an LSP encapsulated using a G-ACh and an IP/UDP header is shown in Figure 4.

The G-ACh header with channel type IPv4 or IPv6 MUST immediately follow the bottom of the label stack. The payload contains the STAMP Session-Reflector test packet defined in . The STAMP Session-Reflector reply test packet MUST use the IP/UDP information from the received test packet when an IP/UDP header is present in the received test packet. The STAMP Session-Reflector test packet G-ACh header contains following fields: The Version field is set to 0, as defined in . Reserved Bits MUST be set to zero upon transmission and ignored upon receipt. G-ACh type for IPv4 header (0x0021) or IPv6 header (0x0057) .

The content of an example STAMP Session-Reflector test packet for a PW or an LSP encapsulated using a G-ACh without an IP/UDP header is shown in Figure 5.

The G-ACh header with new STAMP Session-Reflector channel type (value TBD2) MUST immediately follow the bottom of the label stack. The payload contains the STAMP Session-Reflector test packet defined in . The STAMP channel type allows the identification of the encased STAMP payload when demultiplexing G-ACh. The STAMP Session-Reflector test packet G-ACh header contains following fields: The Version field is set to 0, as defined in . Reserved Bits MUST be set to zero upon transmission and ignored upon receipt. G-ACh type for STAMP Session-Reflector packet (TBD2).

The procedures defined in this document is intended for deployment in a single network administrative domain. As such, the Session-Sender address, Session-Reflector address, and IP and MPLS forward and return paths are provisioned by the operator for the STAMP session. It is assumed that the operator has verified the integrity of the IP and MPLS forward and return paths used to transmit STAMP test packets. The security considerations specified in and also apply to the procedure described in this document. Specifically, the message integrity protection using HMAC, as defined in Section 4.4 of , also apply to the procedure described in this document. Routers that support G-ACh are subject to the same security considerations as defined in and . The message throttling mechanisms described in Security Section of also apply to the procedure described in this document. STAMP uses the well-known UDP port number that could become a target of denial of service (DoS) or could be used to aid on-path attacks. Thus, the security considerations and measures to mitigate the risk of the attack documented in equally apply to the STAMP extensions in this document. If desired, attacks can be mitigated by performing basic validation checks of the timestamp fields (such as T2 is later than T1 in the STAMP Reference Topology shown in Figure 1 in received reply test packets at the Session-Sender. The minimal state associated with these protocols also limit the extent of measurement disruption that can be caused by a corrupt or invalid test packet to a single test cycle.

IANA maintains G-ACh Type Registry (see ). IANA is requested to allocate values for the G-ACh Types for STAMP from "MPLS Generalized Associated Channel (G-ACh) Types (including Pseudowire Associated Channel Types)" registry. Value Description Reference TBD1 STAMP Session-Sender G-ACh Type This document TBD2 STAMP Session-Reflector G-ACh Type This document

&RFC2119; &RFC4385; &RFC5085; &RFC5586; &RFC8174; &RFC8762; &RFC8972; &RFC3931; &RFC4448; &RFC5082; &RFC5087; &RFC5921; &RFC5960; &RFC6374; &RFC6658; &RFC6790; &RFC7708; &RFC8545; &I-D.ietf-pals-ple;

The authors would like to thank Bharath Vasudevan, Ali Sianati, and Parag Jain for the discussions on method to punt STAMP test packets to control-plane for processing. The authors would also like to thank Greg Mirsky, Loa Andersson, and Stewart Bryant for reviewing this document and providing useful comments and suggestions.