<?xmlversion='1.0' encoding='utf-8'?>version="1.0" encoding="utf-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY RFC0792 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.0792.xml"> <!ENTITY RFC2119 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC4443 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4443.xml"> <!ENTITY RFC5880 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5880.xml"> <!ENTITY RFC5881 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5881.xml"> <!ENTITY RFC5883 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5883.xml"> <!ENTITY RFC5884 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5884.xml"> <!ENTITY RFC6291 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6291.xml"> <!ENTITY RFC6425 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6425.xml"> <!ENTITY RFC6428 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6428.xml"> <!ENTITY RFC7432 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7432.xml"> <!ENTITY RFC7623 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7623.xml"> <!ENTITY RFC8029 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8029.xml"> <!ENTITY RFC8174 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC2544 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2544.xml"> <!ENTITY RFC2681 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2681.xml"> <!ENTITY RFC3393 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3393.xml"> <!ENTITY RFC5085 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5085.xml"> <!ENTITY RFC6136 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6136.xml"> <!ENTITY RFC6632 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6632.xml"> <!ENTITY RFC6673 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6673.xml"> <!ENTITY RFC7679 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7679.xml"> <!ENTITY RFC7680 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7680.xml"> ]>"rfc2629-xhtml.ent"> <rfcsubmissionType="IETF"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-bess-evpn-oam-req-frmwk-10" number="9062" submissionType="IETF" category="info"ipr="trust200902"> <!-- Generated by id2xml 1.5.0 on 2021-04-28T21:49:22Z --> <?rfc strict="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?> <?rfc symrefs="yes"?> <?rfc sortrefs="no"?> <?rfc text-list-symbols="-o*+"?> <?rfc toc="yes"?>consensus="true" ipr="trust200902" obsoletes="" updates="" xml:lang="en" symRefs="true" sortRefs="true" tocInclude="true" version="3" tocDepth="5"> <front> <title abbrev="EVPN OAMRequirements/Framework">EVPN Operations, AdministrationRequirements/Framework">Framework andMaintenanceRequirements for Ethernet VPN (EVPN) Operations, Administration, andFramework</title>Maintenance (OAM)</title> <seriesInfo name="RFC" value="9062"/> <author initials="S." surname="Salam" fullname="Samer Salam"> <organization>Cisco</organization><address><email>ssalam@cisco.com</email><address> <email>ssalam@cisco.com</email> </address> </author> <author initials="A." surname="Sajassi" fullname="Ali Sajassi"> <organization>Cisco</organization><address><postal><address> <postal> <street>170 West Tasman Drive</street> <city>San Jose</city> <region>CA</region> <code>95134</code> <country>United States of America</country> </postal> <email>sajassi@cisco.com</email> </address> </author> <author initials="S." surname="Aldrin" fullname="Sam Aldrin"> <organization abbrev="Google">Google, Inc.</organization><address><postal><address> <postal> <street>1600 Amphitheatre Parkway</street> <city>Mountain View</city> <region>CA</region> <code>94043</code> <country>United States of America</country> </postal> <email>aldrin.ietf@gmail.com</email> </address> </author> <author initials="J." surname="Drake" fullname="John E. Drake"> <organization abbrev="Juniper">Juniper Networks</organization><address><postal><address> <postal> <street>1194 N. Mathilda Ave.</street> <city>Sunnyvale</city> <region>CA</region> <code>94089</code> <country>United States of America</country> </postal> <email>jdrake@juniper.net</email> </address> </author> <author initials="D."surname="Eastlake"surname="Eastlake 3rd" fullname="Donald E.Eastlake,Eastlake 3rd"> <organization abbrev="Futurewei">Futurewei Technologies</organization><address><postal><address> <postal> <street>2386 Panoramic Circle</street> <city>Apopka</city> <region>FL</region> <code>32703</code> <country>United States of America</country> </postal> <phone>+1-508-333-2270</phone> <email>d3e3e3@gmail.com</email> </address> </author> <date year="2021"month="April"/> <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> <keyword>example</keyword> <abstract><t>month="June"/> <keyword>PBB-EVPN</keyword> <keyword>fault management</keyword> <keyword>performance management</keyword> <abstract> <t> This document specifies the requirements and reference framework for Ethernet VPN (EVPN) Operations,AdministrationAdministration, and Maintenance (OAM). The requirements cover the OAM aspects of EVPN andPBB-EVPN (ProviderProvider Backbone BridgeEVPN).EVPN (PBB-EVPN). The framework defines the layered OAM model encompassing the EVPN service layer, network layer, underlying Packet Switched Network (PSN) transport layer, and link layer but focuses on the service and network layers.</t> </abstract> </front> <middle> <sectiontitle="Introduction" anchor="sect-1"><t>anchor="sect-1" numbered="true" toc="default"> <name>Introduction</name> <t> This document specifies the requirements and defines a reference framework for Ethernet VPN (EVPN) Operations,AdministrationAdministration, and Maintenance(OAM,(OAM) <xreftarget="RFC6291"/>).target="RFC6291" format="default"/>. In this context, we use the termEVPN OAM"EVPN OAM" to loosely refer to the OAM functions required for and/or applicable to <xreftarget="RFC7432"/>target="RFC7432" format="default"/> and <xreftarget="RFC7623"/>.</t>target="RFC7623" format="default"/>.</t> <t> EVPN is a Layer 2 VPN (L2VPN) solution for multipoint Ethernetservices,services with advancedmulti-homing capabilities, usingmultihoming capabilities that uses BGP for distributingcustomer/client MACCustomer/Client Media Access Control (C-MAC) address reachability information over the core MPLS/IP network.</t> <t> PBB-EVPN combines Provider Backbone Bridging (PBB) <xreftarget="IEEE-802.1Q"/>target="IEEE-802.1Q" format="default"/> with EVPN in order to reduce the number of BGP MAC advertisementroutes,routes; provide client MAC address mobility using C-MAC(Client MAC<xreftarget="RFC7623"/>)target="RFC7623" format="default"/> aggregation andB-MAC (BackboneBackbone MAC (B-MAC) <xreftarget="RFC7623"/>) sub-netting,target="RFC7623" format="default"/> sub-netting; confine the scope of C-MAC learning to only activeflows,flows; offerper site policies,per-site policies; and avoid C-MAC address flushing on topology changes.</t> <t> This document focuses on the fault management and performance management aspects of EVPN OAM. It defines the layered OAM model encompassing the EVPN service layer, network layer, underlying Packet Switched Network (PSN) transport layer, and link layer but focuses on the service and network layers.</t> <sectiontitle="Relationshipanchor="sect-1.1" numbered="true" toc="default"> <name>Relationship to Other OAMWork" anchor="sect-1.1"><t>Work</name> <t> This document leverages concepts and draws upon elements definedand/orand / or used in the following documents:</t> <t> <xreftarget="RFC6136"/>target="RFC6136" format="default"/> specifies the requirements and a reference model for OAM as it relates to L2VPN services,pseudowirespseudowires, and associated Packet Switched Network (PSN) tunnels. This document focuses onVPLSVirtual Private LAN Service (VPLS) andVPWSVirtual Private Wire Service (VPWS) solutions and services.</t> <t> <xreftarget="RFC8029"/>target="RFC8029" format="default"/> defines mechanisms for detecting data plane failures in MPLSLSPs,Label Switched Paths (LSPs), including procedures to check the correct operation of the dataplane,plane as well as mechanisms to verify the data plane against the control plane.</t> <t> <xreftarget="IEEE-802.1Q"/>target="IEEE-802.1Q" format="default"/> specifies the Ethernet Connectivity Fault Management (CFM) protocol, which defines the concepts of Maintenance Domains, Maintenance Associations, Maintenance End Points, and Maintenance Intermediate Points.</t> <t>[Y.1731]<xref target="Y.1731"/> extends Connectivity Fault Management in the following areas: it defines fault notification and alarm suppression functions forEthernet. It alsoEthernet and specifies mechanisms for Ethernet performance management, including loss, delay, jitter, and throughput measurement.</t> </section> <sectiontitle="Specificationanchor="sect-1.2" numbered="true" toc="default"> <name>Specification ofRequirements" anchor="sect-1.2"><t>Requirements</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectiontitle="Terminology" anchor="sect-1.3"><t>anchor="sect-1.3" numbered="true" toc="default"> <name>Terminology</name> <t> This document uses the followingterminologyterminology, much of which is defined in <xreftarget="RFC6136"/>: <list style="hanging" hangIndent="6"> <t hangText="CE">Customertarget="RFC6136" format="default"/>: </t> <dl newline="false" spacing="normal" indent="12"> <dt>CE</dt> <dd>Customer Edgedevice, e.g.,device; for example, a host, router, orswitch.</t> <t hangText="CFM">Connectivityswitch.</dd> <dt>CFM</dt> <dd>Connectivity Fault Management <xreftarget="IEEE-802.1Q"/>.</t> <t hangText="DF">Designatedtarget="IEEE-802.1Q" format="default"/></dd> <dt>DF</dt> <dd>Designated Forwarder <xreftarget="RFC7432"/>.</t> <t hangText="Down MEP">Atarget="RFC7432" format="default"/></dd> <dt>Down MEP</dt> <dd>A MEP that originates traffic away from and terminates traffic towards the core of the device in whose port it is logicallylocated.</t> <t hangText="EVI">Anlocated.</dd> <dt>EVI</dt> <dd>An EVPN instance spanning the Provider Edge (PE) devices participating in that EVPN <xreftarget="RFC7432"/>.</t> <t hangText="L2VPN">Layertarget="RFC7432" format="default"/>.</dd> <dt>L2VPN</dt> <dd>Layer 2VPN.</t> <t hangText="MA">Maintenance Association isVPN</dd> <dt>LOC</dt> <dd>Loss of continuity</dd> <dt>MA</dt> <dd>Maintenance Association; a set of MEPs belonging to the same Maintenance Domain(MD),(MD) established to verify the integrity of a single service instance <xreftarget="IEEE-802.1Q"/>.</t> <t hangText="MD">Maintenance Domain,target="IEEE-802.1Q" format="default"/>.</dd> <dt>MD</dt> <dd>Maintenance Domain; an OAM Domain that represents a region over which OAM frames can operate unobstructed <xreftarget="IEEE-802.1Q"/>.</t> <t hangText="MEP">Maintenancetarget="IEEE-802.1Q" format="default"/>.</dd> <dt>MEP</dt> <dd>Maintenance EndPointPoint; it is responsible for origination and termination of OAM frames for a given MA. A MEP is logically located in a device's port <xreftarget="IEEE-802.1Q"/>.</t> <t hangText="MIP">target="IEEE-802.1Q" format="default"/>.</dd> <dt>MIP</dt> <dd> Maintenance IntermediatePointPoint; it is located between peer MEPs and can process and respond to certain OAM frames but does not initiate them. A MIP is logically located in a device's port <xreftarget="IEEE-802.1Q"/>.</t> <t hangText="MP2P">Multipoint to Point.</t> <t hangText="NMS">Networktarget="IEEE-802.1Q" format="default"/>.</dd> <dt>MP2P</dt> <dd>Multipoint to Point</dd> <dt>NMS</dt> <dd>Network Management Station <xreftarget="RFC6632"/>.</t> <t hangText="P">Providertarget="RFC6632" format="default"/></dd> <dt>P</dt> <dd>Provider network interior (non-edge)node.</t> <t hangText="P2MP">Point to Multipoint.</t> <t hangText="PBB">Providernode</dd> <dt>P2MP</dt> <dd>Point to Multipoint</dd> <dt>PBB</dt> <dd>Provider Backbone Bridge <xreftarget="RFC7623"/>.</t> <t hangText="PE">Provider networktarget="RFC7623" format="default"/></dd> <dt>PE</dt> <dd>Provider Edgedevice.</t> <t hangText="Up MEP">network device</dd> <dt>Up MEP</dt> <dd> A MEP that originates traffic towards and terminates traffic from the core of the device in whose port it is logicallylocated.</t> <t hangText="VPN">Virtuallocated.</dd> <dt>VPN</dt> <dd>Virtual PrivateNetwork</t> </list> </t>Network</dd> </dl> </section> </section> <sectiontitle="EVPNanchor="sect-2" numbered="true" toc="default"> <name>EVPN OAMFramework" anchor="sect-2"><section title="OAM Layering" anchor="sect-2.1"><t>Framework</name> <section anchor="sect-2.1" numbered="true" toc="default"> <name>OAM Layering</name> <t> Multiple layers come into play for implementing an L2VPN service using the EVPN family of solutions as listed below. The focus of this document is theServiceservice andNetworknetwork layers.</t><t><list style="symbols"> <t>The Service Layer<ul spacing="normal"> <li>The service layer runs end to end between the sites or EthernetSegmentssegments that are being interconnected by the EVPNsolution.</t> <t>The Network Layersolution.</li> <li>The network layer extends between the EVPN PE (Provider Edge) nodes and is mostly transparent to the P(Provider(provider network interior) nodes (except whereFlow Entropyflow entropy comes into play). It leverages MPLS for service (i.e., EVI) multiplexing andSplit-Horizon functions.</t> <t>The Transport Layersplit-horizon functions.</li> <li>The transport layer is dictated by the networking technology of the PSN. It may beeitherbased on either MPLS LSPs orIP.</t> <t>The Link LayerIP.</li> <li>The link layer is dependent upon the physical technology used. Ethernet is a popular choice for this layer, but other alternatives are deployed (e.g.,POS, DWDM etc.).</t> </list> </t>Packet over SONET (POS), Dense Wavelength Division Multiplexing (DWDM), etc.).</li> </ul> <t> This layering extends to the set of OAM protocols that are involved in the ongoing maintenance and diagnostics of EVPN networks.Figure 1<xref target="fig-1"/> below depicts the OAMlayering,layering and shows which devices have visibility into what OAM layer(s).</t> <figuretitle="OAM Layering" anchor="fig-1"><artwork><![CDATA[anchor="fig-1"> <name>OAM Layering</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +---+ +---+ +--+ | | +---+ +---+ +---+ | | +--+ |CE|----|PE |----| P |----| P |----| P |----|PE |----|CE| +--+ | | +---+ +---+ +---+ | | +--+ +---+ +---+ o-------o----------- Service OAM -----------o-------o o----------- Network OAM -----------o o--------o--------o--------o--------o Transport OAM o----o o----o o----o o----o o----o o----o Link OAM ]]></artwork> </figure> <t> Service OAM and Network OAM mechanisms only have visibility to the PE(Provider Edge)nodes but not the P(Provider interior)nodes. As such, they can be used to deduce whether the fault is inthe</t> <t>the customer's own network, the local CE-PE segment, the PE-PEsegmentsegment, or the remote CE-PE segment(s). EVPN Transport OAM mechanisms can be used for fault isolation between the PEs and P nodes.</t> <t>Figure 2<xref target="fig-2"/> below shows an example network wherenativeEthernet domains are interconnected via EVPN usingMPLSMPLS, andgivesit shows the OAM mechanisms that are applicable at each layer. The details of the layers are described in the sections below.</t> <figuretitle="EVPNanchor="fig-2"> <name>EVPN OAMExample" anchor="fig-2"><artwork><![CDATA[Example</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +---+ +---+ +--+ | | +---+ +---+ +---+ | | +--+ |CE|----|PE |----| P |----| P |----| P |----|PE |----|CE| +--+ | | +---+ +---+ +---+ | | +--+ +---+ +---+ o----o---------- CFM (Service OAM) ----------o----o o-------- EVPN Network OAM ---------o o--------o--------o--------o--------o MPLS OAM o----o o----o o----o o----o o----o o----o[802.3]802.3 OAM [IEEE-802.3] ]]></artwork> </figure> </section> <sectiontitle="EVPNanchor="sect-2.2" numbered="true" toc="default"> <name>EVPN ServiceOAM" anchor="sect-2.2"><t>OAM</name> <t> The EVPN Service OAM protocol depends on whatservice layerservice-layer technology is being interconnected by the EVPN solution. In the case of <xreftarget="RFC7432"/>target="RFC7432" format="default"/> and <xreftarget="RFC7623"/>,target="RFC7623" format="default"/>, the service layer is Ethernet; hence, the correspondingserviceService OAM protocol is EthernetConnectivity Fault Management (CFM)CFM <xreftarget="IEEE-802.1Q"/>.</t>target="IEEE-802.1Q" format="default"/>.</t> <t> EVPNserviceService OAM is visible to the CEs and EVPNPEs,PEs but not to the P nodes. This is because the PEs operate at the Ethernet MAC layer in <xreftarget="RFC7432"/>target="RFC7432" format="default"/> and <xreftarget="RFC7623"/>target="RFC7623" format="default"/>, whereas the P nodes do not.</t> <t> The EVPN PEMUST<bcp14>MUST</bcp14> support MIP functions in the applicableserviceService OAMprotocol, for exampleprotocol (for example, EthernetCFM.CFM). The EVPN PESHOULD<bcp14>SHOULD</bcp14> support MEP functions in the applicableserviceService OAM protocol. This includes both Up and Down MEP functions.</t> <t> As shown inFigure 3,<xref target="fig-3"/>, the MIP and MEP functions being referred to are logically located within the device's port operating at the customer level. (There could be MEPs/MIPs within PE ports facing the providernetworknetwork, but they would not be relevant to EVPN Service OAM as the traffic passing through them will beencapsulated/tunneledencapsulated/tunneled, so anycustomer levelcustomer-level OAM messages will just be treated as data.) DownMEP</t> <t>MEP functions are away from the core of the device whileupUp MEP functions are towards the core of the device (towards the PE forwarding mechanism in the case of a PE). OAM messages between the PE Up MEPs shown are a type of EVPN NetworkOAMOAM, while such messages between the CEs or from a PE to its local CE or to the remote CE are ServiceOAM.</t>OAMs.</t> <figuretitle="CFM Details" anchor="fig-3"><artwork><![CDATA[anchor="fig-3"> <name>CFM Details</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +-------+ +----------------+ +----------------+ +-------+ |+-----+| |+--------------+| |+--------------+| |+-----+| || CE || || PE || ... || PE || || CE || |+--+--+| |+---+--------+-+| |+-+--------+---+| |+--+--+| | | | | | | | | | | | | | | |+--+--+| |+---+-----+ . | | . +-----+---+| |+--+--+| || MEP || || | Up ^| . | ... | . | Up ^| || || MEP || ||DownV|| ||MIP|MEP | . | | . |MEP |MIP|| ||DownV|| |+--+--+| || |DownV| . | | . |DownV| || |+--+--+| | | | |+---+-----+ | | | | +-----+---+| | | | +---|---+ +----|--------|--+ +--|--------|----+ +---|---+ | | | | | | +------------+ +--- ... ---+ +------------+ ]]></artwork> </figure> <t> The EVPN PEMUST,<bcp14>MUST</bcp14>, by default, learn the MAC address of locally attached CE MEPs by snooping on CFM frames and advertising them to remote PEs as a MAC/IP Advertisement route. Some means to limit the number of MAC addresses that a PE will learnSHOULD<bcp14>SHOULD</bcp14> be implemented.</t> <t> The EVPN PESHOULD<bcp14>SHOULD</bcp14> advertise any MEP/MIP local to the PE as a MAC/IP Advertisement route. Since these are not subject to mobility, theySHOULD<bcp14>SHOULD</bcp14> be advertised with the static (sticky) bit set (seeSection 15.2 of<xreftarget="RFC7432"/>).</t>target="RFC7432" sectionFormat="of" section="15.2"/>).</t> </section> <sectiontitle="EVPNanchor="sect-2.3" numbered="true" toc="default"> <name>EVPN NetworkOAM" anchor="sect-2.3"><t>OAM</name> <t> EVPN Network OAM is visible to the PE nodes only. This OAM layer is analogous toVCCVVirtual Circuit Connectivity Verification (VCCV) <xreftarget="RFC5085"/>target="RFC5085" format="default"/> in the case of VPLS/VPWS. It provides mechanisms to check the correct operation of the dataplane,plane as well as a mechanism to verify the data plane against the control plane. This includes the ability to perform fault detection and diagnostics on:</t><t><list style="symbols"><t>the<ul spacing="normal"> <li>the MP2P tunnels used for the transport of unicast traffic between PEs. EVPN allows for three different models of unicast label assignment: label per EVI, label per <ESI, EthernetTag>Tag>, and label per MAC address. In all three models, the label is bound to an EVPN UnicastFEC.Forwarding Equivalence Class (FEC). EVPN Network OAMMUST<bcp14>MUST</bcp14> provide mechanisms to check the operation of the data plane and verify that operation against the control planeview.</t> <t>theview.</li> <li>the MP2P tunnels used for aliasing unicast traffic destined to amulti-homedmultihomed EthernetSegment.segment. The three label assignment models, discussed above, apply here as well. In all three models, the label is bound to an EVPN Aliasing FEC. EVPN Network OAMMUST<bcp14>MUST</bcp14> provide mechanisms to check the operation of the data plane and verify that operation against the control planeview.</t> <t>theview.</li> <li>the multicast tunnels (either MP2P or P2MP) used for the transport of broadcast, unknownunicastunicast, and multicast traffic between PEs. In the case of ingress replication, a label is allocated per EVI or per <EVI, Ethernet Tag> and is bound to an EVPN Multicast FEC. In the case ofLSM (LabelLabel SwitchedMulticast), andMulticast (LSM) and, morespecificallyspecifically, aggregate inclusive trees,againagain, a label may be allocated per EVI or per <EVI, Ethernet Tag> and is bound to the tunnelFEC.</t> <t>theFEC.</li> <li>the correct operation of theESIEthernet Segment Identifier (ESI) split-horizon filtering function. In EVPN, a label is allocated permulti-homedmultihomed EthernetSegmentsegment for the purpose of performing the access split-horizon enforcement. The label is bound to an EVPN EthernetSegment.</t> <t>thesegment.</li> <li>the correct operation of theDF (DesignatedDesignated Forwarder (DF) <xreftarget="RFC7432"/>)target="RFC7432" format="default"/> filtering function. EVPN Network OAMMUST<bcp14>MUST</bcp14> provide mechanisms to check the operation of the data plane and verify that operation against the control plane view for the DF filteringfunction.</t> </list> </t>function.</li> </ul> <t> EVPN Network OAM mechanismsMUST<bcp14>MUST</bcp14> provide in-band monitoring capabilities. It is desirable, to the extent practical, for OAM test messages to share fate with data messages. Details of how to achieve this are beyond the scope of this document.</t> <t> EVPN Network OAMSHOULD<bcp14>SHOULD</bcp14> provide both proactive and on-demand mechanisms of monitoring the data plane operation and data plane conformance to the state of the control plane.</t> </section> <sectiontitle="Transportanchor="sect-2.4" numbered="true" toc="default"> <name>Transport OAM forEVPN" anchor="sect-2.4"><t>EVPN</name> <t> ThetransportTransport OAM protocol depends on the nature of the underlying transport technology in the PSN. MPLS OAM mechanisms <xreftarget="RFC8029"/>target="RFC8029" format="default"/> <xreftarget="RFC6425"/>target="RFC6425" format="default"/> as well as ICMP <xreftarget="RFC0792"/> /target="RFC0792" format="default"/> and ICMPv6 <xreftarget="RFC4443"/>target="RFC4443" format="default"/> are applicable, depending on whether the PSN employs MPLS or IP transport, respectively. Furthermore,BFDBidirectional Forwarding Detection (BFD) mechanisms per <xreftarget="RFC5880"/>,target="RFC5880" format="default"/>, <xreftarget="RFC5881"/>,target="RFC5881" format="default"/>, <xreftarget="RFC5883"/>target="RFC5883" format="default"/>, and <xreftarget="RFC5884"/>target="RFC5884" format="default"/> apply. Also, the BFD mechanisms pertaining to MPLS-TP LSPs per <xreftarget="RFC6428"/>target="RFC6428" format="default"/> are applicable.</t> </section> <sectiontitle="Link OAM" anchor="sect-2.5"><t>anchor="sect-2.5" numbered="true" toc="default"> <name>Link OAM</name> <t> Link OAM depends on thedata linkdata-link technology being used between the PE and P nodes. For example, if Ethernet links are employed, then Ethernet Link OAM (<xreftarget="IEEE-802.3"/>target="IEEE-802.3" format="default"/>, Clause 57) may be used.</t> </section> <sectiontitle="OAM Inter-working" anchor="sect-2.6"><t>anchor="sect-2.6" numbered="true" toc="default"> <name>OAM Interworking</name> <t> Wheninter-workinginterworking two networking domains, such asnativeactual Ethernet and EVPN to provide an end-to-end emulated service, there is a need to identify the failure domain and location, even when a PE supports both the Service OAM mechanisms and the EVPN Network OAM mechanisms. In addition, scalability constraints may not allow the running of proactive monitoring, such as Ethernet Continuity Check Messages(CCMs(CCMs) <xreftarget="IEEE-802.1Q"/>),target="IEEE-802.1Q" format="default"/>, at a PE to detect the failure of an EVI across the EVPN domain. Thus, the mapping of alarms generated upon failure detection in one domain (e.g.,nativeactual Ethernet or EVPN network domain) to the other domain is needed. There are also cases where a PE may not be able to process Service OAM messages received from a remote PE over the PSN even when such messages are defined, as in the Ethernet case, thereby necessitating support for fault notification message mapping between the EVPN Network domain and the Service domain.</t> <t> OAMinter-workinginterworking is notlimited thoughlimited, though, to scenarios involving disparate network domains. It is possible to perform OAMinter-workinginterworking across different layers in the same network domain. In general, alarms generated within an OAM layer, as a result of proactive fault detection mechanisms, may be injected into itsclient layerclient-layer OAM mechanisms. This allows theclient layerclient-layer OAM to trigger event-driven (i.e., asynchronous) fault notifications. For example, alarms generated by the Link OAM mechanisms may be injected into the Transport OAM layer, and alarms generated by the Transport OAM mechanism may be injected into the Network OAM mechanism, and so on.</t> <t> EVPN OAMMUST<bcp14>MUST</bcp14> supportinter-workinginterworking between the Network OAM and Service OAM mechanisms. EVPN OAMMAY<bcp14>MAY</bcp14> supportinter-workinginterworking among other OAM layers.</t> </section> </section> <sectiontitle="EVPNanchor="sect-3" numbered="true" toc="default"> <name>EVPN OAMRequirements" anchor="sect-3"><t>Requirements</name> <t> This section discusses the EVPN OAM requirements pertaining toFault Managementfault management andPerformance Management.</t>performance management.</t> <sectiontitle="Faultanchor="sect-3.1" numbered="true" toc="default"> <name>Fault ManagementRequirements" anchor="sect-3.1"><section title="ProactiveRequirements</name> <section anchor="sect-3.1.1" numbered="true" toc="default"> <name>Proactive Fault ManagementFunctions" anchor="sect-3.1.1"><t>Functions</name> <t> The network operator configures proactive fault management functions to runperiodically without a time bound.periodically. Certainactions, for exampleactions (for example, protection switchover or alarm indicationsignaling,signaling) can be associated with specific events, such as entering or clearing fault states.</t> <sectiontitle="Faultanchor="sect-3.1.1.1" numbered="true" toc="default"> <name>Fault Detection (ContinuityCheck)" anchor="sect-3.1.1.1"><t>Check)</name> <t> Proactive fault detection is performed by periodically monitoring the reachability between serviceendpoints,end points, i.e., MEPs in a given MA, through the exchange ofContinuity Check MessagesCCMs <xreftarget="IEEE-802.1Q"/>.target="IEEE-802.1Q" format="default"/>. The reachability between any two arbitrary MEPs may be monitored for:</t><t><list style="symbols"><t>in-band<ul spacing="normal"> <li>in-band, per-flow monitoring. This enablesper flowper-flow monitoring between MEPs. EVPN Network OAMMUST<bcp14>MUST</bcp14> support fault detection withper userper-user flow granularity. EVPN Service OAMMAY<bcp14>MAY</bcp14> support fault detection withper userper-user flowgranularity.</t> <t>agranularity.</li> <li>a representative path. This enables a liveness check of the nodes hosting theMEPsMEPs, assuming that the loss of continuity (LOC) to the MEP is interpreted as a failure of the hosting node. This, however, does not conclusively indicate liveness of the path(s) taken by user data traffic. This enables node failure detection but not path failuredetection,detection through the use of a test flow. EVPN Network OAM and Service OAMMUST<bcp14>MUST</bcp14> support fault detection using testflows.</t> <t>allflows.</li> <li>all paths. For MPLS/IP networks with ECMP, the monitoring of all unicast paths between MEPs (on non-adjacent nodes) may not bepossible,possible since the per-hop ECMP hashing behavior may yield situations where it is impossible for a MEP to pick flow entropy characteristics that result in exercising the exhaustive set of ECMP paths.MonitoringThe monitoring of all ECMP paths between MEPs (on non-adjacent nodes) is not a requirement for EVPNOAM.</t> </list> </t>OAM.</li> </ul> <t> The fact that MPLS/IP networks do not enforce congruency between unicast and multicast paths means that the proactive fault detection mechanisms for EVPN networksMUST<bcp14>MUST</bcp14> provide procedures to monitor the unicast paths independently of the multicast paths. This applies to EVPN Service OAM and Network OAM.</t> </section> <sectiontitle="Defect Indication" anchor="sect-3.1.1.2"><t>anchor="sect-3.1.1.2" numbered="true" toc="default"> <name>Defect Indication</name> <t> Defect indications can be categorized into two types: forward andreverse defect indicationsreverse, as described below. EVPN Service OAMMUST<bcp14>MUST</bcp14> support at least one of these types of event-driven defectindicationindications upon the detection of a connectivity defect.</t> <sectiontitle="Forwardanchor="sect-3.1.1.2.1" numbered="true" toc="default"> <name>Forward DefectIndication" anchor="sect-3.1.1.2.1"><t> ThisIndication (FDI)</name> <t> FDI is used to signal a failure that is detected by alower layerlower-layer OAM mechanism. A server MEP (i.e., an actual or virtual MEP) transmits aForward Defect Indicationforward defect indication in a directionthat isaway from the direction of the failure (refer toFigure 4<xref target="fig-4"/> below).</t> <figuretitle="Forwardanchor="fig-4"> <name>Forward DefectIndication" anchor="fig-4"><artwork><![CDATA[Indication</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Failure | +-----+ +-----+ V +-----+ +-----+ | A |------| B |--XXX--| C |------| D | +-----+ +-----+ +-----+ +-----+ <===========| |============> Forward Forward Defect Defect Indication Indication ]]></artwork> </figure> <t> Forward defect indication may be used for alarm suppression and/or for the purpose ofinter-workinginterworking with other layer OAM protocols. Alarm suppression is useful when atransport/network leveltransport-level or network-level fault translates to multipleserviceservice- orflow levelflow-level faults. In such a scenario, it is enough to alert a network management station (NMS) of the singletransport/network leveltransport-level or network-level fault in lieu of flooding that NMS with a multitude of Service or Flow granularity alarms. EVPN PEsSHOULD<bcp14>SHOULD</bcp14> supportForward Defect Indicationforward defect indication in the Service OAM mechanisms.</t> </section> <sectiontitle="Reverseanchor="sect-3.1.1.2.2" numbered="true" toc="default"> <name>Reverse Defect Indication(RDI)" anchor="sect-3.1.1.2.2"><t>(RDI)</name> <t> RDI is used to signal that the advertising MEP has detected aloss of continuity (LoC)LOC defect. RDI is transmitted in the direction of the failure (refer toFigure 5).</t><xref target="fig-5"/>).</t> <figuretitle="Reverseanchor="fig-5"> <name>Reverse DefectIndication" anchor="fig-5"><artwork><![CDATA[Indication</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Failure | +-----+ +-----+ V +-----+ +-----+ | A |------| B |--XXX--| C |------| D | +-----+ +-----+ +-----+ +-----+ |===========> <============| Reverse Reverse Defect Defect Indication Indication ]]></artwork> </figure> <t> RDI allows single-sided management, where the network operator can examine the state of a single MEP and deduce the overall health of a monitored service. EVPN PEsSHOULD<bcp14>SHOULD</bcp14> supportReverse Defect Indicationreverse defect indication in the Service OAM mechanisms. This includes both the ability to signalLoCa LOC defect to a remoteMEP,MEP as well as the ability to recognize RDI from a remote MEP. Note that, in a multipoint MA, RDI is not a useful indicator of unidirectional fault. This is because RDI carries no indication of the affected MEP(s) with which the sender had detected aLoCLOC defect.</t> </section> </section> </section> <sectiontitle="On-Demandanchor="sect-3.1.2" numbered="true" toc="default"> <name>On-Demand Fault ManagementFunctions" anchor="sect-3.1.2"><t>Functions</name> <t> On-demand fault management functions are initiated manually by the network operator and continue for a bounded timeboundperiod. These functions enable the operator to run diagnostics to investigate a defect condition.</t> <sectiontitle="Connectivity Verification" anchor="sect-3.1.2.1"><t>anchor="sect-3.1.2.1" numbered="true" toc="default"> <name>Connectivity Verification</name> <t> EVPN Network OAMMUST<bcp14>MUST</bcp14> support on-demand connectivity verification mechanisms for unicast and multicast destinations. The connectivity verification mechanismsSHOULD<bcp14>SHOULD</bcp14> provide a means for specifying and carrying the following in the messages:</t><t><list style="symbols"><t>variable length<ul spacing="normal"> <li>variable-length payload/padding to testMTU (Maximum Transmission Unit) relatedconnectivityproblems.</t> <t>testproblems related to the Maximum Transmission Unit (MTU).</li> <li>test frame formats as defined inAppendix C of<xreftarget="RFC2544"/>target="RFC2544" sectionFormat="of" section="C"/> to detect potential packetcorruption.</t> </list> </t>corruption.</li> </ul> <t> EVPN Network OAMMUST<bcp14>MUST</bcp14> support connectivity verification atper flowper-flow granularity. This includes both user flows (to test a specific path between PEs) as well as test flows (to test a representative path between PEs).</t> <t> EVPN Service OAMMUST<bcp14>MUST</bcp14> support connectivity verification on test flows andMAY<bcp14>MAY</bcp14> support connectivity verification on user flows.</t> <t> For multicast connectivity verification, EVPN Network OAMMUST<bcp14>MUST</bcp14> support reporting on:</t><t><list style="symbols"><t>the<ul spacing="normal"> <li>the DF filtering status of a specific port(s) or all the ports in a givenbridge-domain.</t> <t>the Split Horizonbridge domain.</li> <li>the split-horizon filtering status of a specific port(s) or all the ports in a givenbridge-domain.</t> </list> </t>bridge domain.</li> </ul> </section> <sectiontitle="Fault Isolation" anchor="sect-3.1.2.2"><t>anchor="sect-3.1.2.2" numbered="true" toc="default"> <name>Fault Isolation</name> <t> EVPN OAMMUST<bcp14>MUST</bcp14> support an on-demand fault localization function. This involves the capability to narrow down the locality of a fault to a particular port,linklink, or node. The characteristic of forward/reverse pathasymmetry,asymmetry inMPLS/IP,MPLS/IP makes fault isolation a direction-sensitive operation. That is, given two PEs A and B, localization of continuity failures between them requires runningfault isolationfault-isolation procedures from PE A to PE B as well as from PE B to PE A.</t> <t> EVPN Service OAM mechanisms only have visibility to the PEs but not the MPLS or IP P nodes. As such, they can be used to deduce whether the fault is in the customer's own network, the local CE-PEsegmentsegment, or a remote CE-PE segment(s). EVPN Network and Transport OAM mechanisms can be used for fault isolation between the PEs and P nodes.</t> </section> </section> </section> <sectiontitle="Performance Management" anchor="sect-3.2"><t>anchor="sect-3.2" numbered="true" toc="default"> <name>Performance Management</name> <t> PerformanceManagementmanagement functions can be performed both proactively andon-demand.on demand. Proactive management involves a recurring function, where the performance management probes are run continuously without a trigger. We cover both proactive and on-demand functions in this section.</t> <sectiontitle="Packet Loss" anchor="sect-3.2.1"><t>anchor="sect-3.2.1" numbered="true" toc="default"> <name>Packet Loss</name> <t> EVPN Network OAMSHOULD<bcp14>SHOULD</bcp14> provide mechanisms for measuring packet loss for a givenservice,service -- forexampleexample, <xreftarget="RFC7680"/>target="RFC7680" format="default"/> and <xreftarget="RFC6673"/>.</t>target="RFC6673" format="default"/>.</t> <t> Given that EVPN provides inherent support for multipoint-to-multipoint connectivity,thenpacket loss cannot be accurately measured by means of counting user data packets. This is because user packets can be delivered to more PEs or more ports than are necessary (e.g., due to broadcast,un-pruned multicastunpruned multicast, or unknown unicast flooding). As such, a statistical means of approximating the packet loss rate is required. This can be achieved by sending "synthetic" OAM packets that are counted only by those ports (MEPs) that are required to receive them. This provides a statistical approximation of the number of data frames lost, even with multipoint-to-multipoint connectivity.</t> </section> <sectiontitle="Packetanchor="sect-3.2.2" numbered="true" toc="default"> <name>Packet Delay andJitter" anchor="sect-3.2.2"><t>Jitter</name> <t> EVPN Service OAMSHOULD<bcp14>SHOULD</bcp14> support measurement of one-way and two-way packet delay and delay variation (jitter) across the EVPN network. Measurement of one-way delay requires clock synchronization between the probe source and target devices. Mechanisms for clock synchronization are outside the scope of this document. Note that Service OAM performance management mechanisms defined in[Y.1731]<xref target="Y.1731"/> can be used. See also <xreftarget="RFC7679"/>,target="RFC7679" format="default"/>, <xreftarget="RFC2681"/>,target="RFC2681" format="default"/>, and <xreftarget="RFC3393"/></t>target="RFC3393" format="default"/>.</t> <t> EVPN Network OAMMAY<bcp14>MAY</bcp14> support measurement of one-way and two-way packet delay and delay variation (jitter) across the EVPN network.</t> </section> </section> </section> <sectiontitle="Security Considerations" anchor="sect-4"><t>anchor="sect-4" numbered="true" toc="default"> <name>Security Considerations</name> <t> EVPN OAMMUST<bcp14>MUST</bcp14> prevent OAM packets from leaking outside of the EVPN network or outside their corresponding Maintenance Domain. This can be done for CFM, for example, by having MEPs implement a filtering function based on the Maintenance Level associated with received OAM packets.</t> <t> EVPN OAMSHOULD<bcp14>SHOULD</bcp14> provide mechanisms for implementation and optional use to:</t><t><list style="symbols"><t>Prevent denial of service<ul spacing="normal"> <li>prevent denial-of-service attacks caused by exploitation of the OAM message channel (forexampleexample, by forging messages to exceed amaintenance end point'sMaintenance End Point's capacity to maintainstate).</t> <t>Authenticatestate).</li> <li>authenticate communicatingendpointsend points (forexampleexample, MEPs andMIPs).</t> </list> </t>MIPs).</li> </ul> </section> <sectiontitle="IANA Considerations" anchor="sect-5"><t>anchor="sect-5" numbered="true" toc="default"> <name>IANA Considerations</name> <t> This documentrequireshas no IANA actions.</t> </section><section title="Acknowledgements" anchor="sect-6"><t> The authors would like to thank the following for their review of this work and valuable comments:</t> <figure><artwork><![CDATA[ David Black, Martin Duke, Xiao Min, Gregory Mirsky, Zaheduzzaman Sarker, Dave Schinazi, John Scudder, Melinda Shore, Robert Wilton, Alexander Vainshtein, Stig Venaas, and Eric Vyncke. ]]></artwork></figure> </section></middle> <back><references title="Normative References"> &RFC0792; &RFC2119; &RFC4443; &RFC5880; &RFC5881; &RFC5883; &RFC5884; &RFC6291; &RFC6425; &RFC6428; &RFC7432; &RFC7623; &RFC8029; &RFC8174;<references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.0792.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4443.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5880.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5881.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5883.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5884.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6291.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6425.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6428.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7432.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7623.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8029.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> </references><references title="Informative References"><references> <name>Informative References</name> <referenceanchor="IEEE-802.1Q"><front>anchor="IEEE-802.1Q"> <front> <title>IEEE Standard for Local and metropolitan areanetworks - Media Access Control (MAC) Bridgesnetworks--Bridges andVirtual Bridge Local AreaBridged Networks</title> <author> <organization>IEEE</organization> </author> <date month="December" year="2014"/> </front> <seriesInfo name="IEEE" value="Std 802.1Q-2014"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2014.6991462"/> </reference> <referenceanchor="IEEE-802.3"><front>anchor="IEEE-802.3"> <front> <title>IEEE Standard for Ethernet</title> <author> <organization>IEEE</organization> </author> <dateyear="2015"/>year="2018" month="August"/> </front> <seriesInfo name="IEEE" value="Std802.3-2015"/>802.3-2018"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8457469"/> </reference>&RFC2544; &RFC2681; &RFC3393; &RFC5085; &RFC6136; &RFC6632; &RFC6673; &RFC7679; &RFC7680; <!-- draft-ietf-bess-evpn-oam-req-frmwk-10-manual.txt(799): Warning: Failed parsing a reference. Are all elements separated by commas (not periods, not just spaces)?: [Y.1731] "ITU-T Recommendation Y.1731 (02/08) - OAM<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2544.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2681.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3393.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5085.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6136.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6632.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6673.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7679.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7680.xml"/> <reference anchor="Y.1731"> <front> <title>Operation, administration and maintenance (OAM) functions and mechanisms forEthernet based networks", February 2008. -->Ethernet-based networks</title> <author> <organization>ITU-T</organization> </author> <date year="2015" month="August"/> </front> <seriesInfo name="ITU-T Recommendation" value="G.8013/Y.1731"/> </reference> </references> </references> <section anchor="sect-6" numbered="false" toc="default"> <name>Acknowledgements</name> <t> The authors would like to thank the following for their review of this work and their valuable comments: <contact fullname="David Black"/>, <contact fullname="Martin Duke"/>, <contact fullname="Xiao Min"/>, <contact fullname="Gregory Mirsky"/>, <contact fullname="Zaheduzzaman Sarker"/>, <contact fullname="Dave Schinazi"/>, <contact fullname="John Scudder"/>, <contact fullname="Melinda Shore"/>, <contact fullname="Robert Wilton"/>, <contact fullname="Alexander Vainshtein"/>, <contact fullname="Stig Venaas"/>, and <contact fullname="Éric Vyncke"/>.</t> </section> </back> </rfc>