tech-invite   World Map
3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search     Home

RFC 8077

 
 
 

Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)

Part 2 of 2, p. 17 to 35
Prev Section

 


prevText      Top      ToC       Page 17 
6.3.  Signaling of Pseudowire Status

6.3.1.  Use of Label Mapping Messages

   The PEs MUST send Label Mapping messages to their peers as soon as
   the PW is configured and administratively enabled, regardless of the
   Attachment Circuit state.  The PW label should not be withdrawn
   unless the operator administratively configures the pseudowire down
   (or the PW configuration is deleted entirely).  Using the procedures
   outlined in this section, a simple label withdraw method MAY also be
   supported as a legacy means of signaling PW status and AC status.  In
   any case, if the label-to-PW binding is not available, the PW MUST be
   considered in the down state.

   Once the PW status negotiation procedures are completed, if they
   result in the use of the label withdraw method for PW status
   communication, and this method is not supported by one of the PEs,
   then that PE must send a Label Release message to its peer with the
   following error:

   "Label Withdraw PW Status Method Not Supported"

   If the label withdraw method for PW status communication is selected
   for the PW, it will result in the Label Mapping message being
   advertised only if the Attachment Circuit is active.  The PW status
   signaling procedures described in this section MUST be fully
   implemented.

Top      Up      ToC       Page 18 
6.3.2.  Signaling PW Status

   The PE devices use an LDP TLV to indicate status to their remote
   peers.  This PW Status TLV contains more information than the
   alternative simple Label Withdraw message.

   The format of the PW Status TLV is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1|0|     PW Status (0x096A)    |            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         Status Code                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The status code is a 4-octet bit field as specified in "IANA
   Allocations for Pseudowire Edge to Edge Emulation (PWE3)" [RFC4446].
   The Length field specifies the length of the Status Code field in
   octets (equal to 4).

   Each bit in the Status Code field can be set individually to indicate
   more than a single failure at once.  Each fault can be cleared by
   sending an appropriate Notification message in which the respective
   bit is cleared.  The presence of the lowest bit (PW Not Forwarding)
   acts only as a generic failure indication when there is a link-down
   event for which none of the other bits apply.

   The Status TLV is transported to the remote PW peer via the LDP
   Notification message as described in [RFC5036].  The format of the
   Notification message for carrying the PW Status is as follows:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0|   Notification (0x0001)     |      Message Length           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Message ID                              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Status (TLV)                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      PW Status TLV                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           PWid FEC TLV or Generalized ID FEC TLV              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                PW Group ID TLV (Optional)                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 19 
   The Status TLV status code is set to 0x00000028, "PW status", to
   indicate that PW status follows.  Since this notification does not
   refer to any particular message, the Message ID field is set to 0.

   The PW FEC TLV SHOULD NOT include the Interface Parameter Sub-TLVs,
   as they are ignored in the context of this message.  However, the PW
   FEC TLV MUST include the C-bit, where applicable, as it is part of
   the FEC.  When a PE's Attachment Circuit encounters an error, use of
   the PW Notification message allows the PE to send a single "wildcard"
   status message, using a PW FEC TLV with only the Group ID set, to
   denote this change in status for all affected PW connections.  This
   status message contains either the PW FEC TLV with only the Group ID
   set, or else it contains the Generalized FEC TLV with only the PW
   Group ID TLV.

   As mentioned above, the Group ID field of the PWid FEC Element, or
   the PW Group ID TLV used with the Generalized PWid FEC Element, can
   be used to send a status notification for all arbitrary sets of PWs.
   This procedure is OPTIONAL, and if it is implemented, the LDP
   Notification message should be as follows: If the PWid FEC Element is
   used, the PW information length field is set to 0, the PW ID field is
   not present, and the Interface Parameter Sub-TLVs are not present.
   If the Generalized FEC Element is used, the AGI, SAII, and TAII are
   not present, the PW information length field is set to 0, the PW
   Group ID TLV is included, and the PW Interface Parameters TLV is
   omitted.  For the purpose of this document, this is called the
   "wildcard PW status notification procedure", and all PEs implementing
   this design are REQUIRED to accept such a Notification message but
   are not required to send it.

6.3.3.  Pseudowire Status Negotiation Procedures

   When a PW is first set up, the PEs MUST attempt to negotiate the
   usage of the PW Status TLV.  This is accomplished as follows: A PE
   that supports the PW Status TLV MUST include it in the initial Label
   Mapping message following the PW FEC and the Interface Parameter Sub-
   TLVs.  The PW Status TLV will then be used for the lifetime of the
   pseudowire.  This is shown in the following diagram:

Top      Up      ToC       Page 20 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                 PWid FEC or Generalized PWid FEC              +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Interface Parameters                    |
    |                              "                                |
    |                              "                                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0|0| Generic Label (0x0200)    |      Length                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Label                                                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1|0|     PW Status (0x096A)    |            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         Status Code                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   If a PW Status TLV is included in the initial Label Mapping message
   for a PW, then if the Label Mapping message from the remote PE for
   that PW does not include a PW Status TLV, or if the remote PE does
   not support the PW Status TLV, the PW will revert to the label
   withdraw method of signaling PW status.  Note that if the PW Status
   TLV is not supported by the remote peer, the peer will automatically
   ignore it, since the I (ignore) bit is set in the TLV.  The PW Status
   TLV, therefore, will not be present in the corresponding FEC
   advertisement from the remote LDP peer, which results in exactly the
   above behavior.

   If the PW Status TLV is not present following the FEC TLV in the
   initial PW Label Mapping message received by a PE, then the PW Status
   TLV will not be used, and both PEs supporting the pseudowire will
   revert to the label withdraw procedure for signaling status changes.

   If the negotiation process results in the usage of the PW Status TLV,
   then the actual PW status is determined by the PW Status TLV that was
   sent within the initial PW Label Mapping message.  Subsequent updates
   of PW status are conveyed through the Notification message.

6.4.  Interface Parameter Sub-TLV

   This field specifies interface-specific parameters.  When applicable,
   it MUST be used to validate that the PEs and the ingress and egress
   ports at the edges of the circuit have the necessary capabilities to
   interoperate with each other.  The field structure is defined as
   follows:

Top      Up      ToC       Page 21 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Sub-TLV Type  |    Length     |    Variable Length Value      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         Variable Length Value                 |
    |                             "                                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The Length field is defined as the length of the interface parameter
   including the Sub-TLV Type and Length field itself.  Processing of
   the interface parameters should continue when unknown interface
   parameters are encountered, and they MUST be silently ignored.

   The Interface Parameter Sub-TLV Type values are specified in "IANA
   Allocations for Pseudowire Edge to Edge Emulation (PWE3)" [RFC4446].

   -  Interface MTU sub-TLV type

      A 2-octet value indicating the MTU in octets.  This is the Maximum
      Transmission Unit, excluding encapsulation overhead, of the egress
      packet interface that will be transmitting the decapsulated PDU
      that is received from the MPLS-enabled network.  This parameter is
      applicable only to PWs transporting packets and is REQUIRED for
      these PW types.  If this parameter does not match in both
      directions of a specific PW, that PW MUST NOT be enabled.

   -  Optional Interface Description string sub-TLV type

      This arbitrary, and OPTIONAL, interface description string is used
      to send a human-readable administrative string describing the
      interface to the remote PE.  This parameter is OPTIONAL and is
      applicable to all PW types.  The interface description parameter
      string length is variable and can be from 0 to 80 octets.  Human-
      readable text MUST be provided in the UTF-8 charset using the
      Default Language [RFC2277].

6.5.  LDP Label Withdrawal Procedures

   As mentioned above, the Group ID field of the PWid FEC Element, or
   the PW Group ID TLV used with the Generalized PWid FEC Element, can
   be used to withdraw all PW labels associated with a particular PW
   group.  This procedure is OPTIONAL, and if it is implemented, the LDP
   Label Withdraw message should be as follows: If the PWid FEC Element
   is used, the PW information length field is set to 0, the PW ID field
   is not present, the Interface Parameter Sub-TLVs are not present, and
   the Label TLV is not present.  If the Generalized FEC Element is
   used, the AGI, SAII, and TAII are not present, the PW information

Top      Up      ToC       Page 22 
   length field is set to 0, the PW Group ID TLV is included, the PW
   Interface Parameters TLV is not present, and the Label TLV is not
   present.  For the purpose of this document, this is called the
   "wildcard withdraw procedure", and all PEs implementing this design
   are REQUIRED to accept such withdraw messages but are not required to
   send it.  Note that the PW Group ID TLV only applies to PWs using the
   Generalized ID FEC Element, while the Group ID only applies to PWid
   FEC Element.

   The Interface Parameter Sub-TLVs, or TLV, MUST NOT be present in any
   LDP PW Label Withdraw or Label Release message.  A wildcard Label
   Release message MUST include only the Group ID or PW Group ID TLV.  A
   Label Release message initiated by a PE router must always include
   the PW ID.

7.  Control Word

7.1.  PW Types for Which the Control Word Is REQUIRED

   The Label Mapping messages that are sent in order to set up these PWs
   MUST have C=1.  When a Label Mapping message for a PW of one of these
   types is received and C=0, a Label Release message MUST be sent, with
   an "Illegal C-bit" status code.  In this case, the PW will not be
   enabled.

7.2.  PW Types for Which the Control Word Is NOT Mandatory

   If a system is capable of sending and receiving the control word on
   PW types for which the control word is not mandatory, then each such
   PW endpoint MUST be configurable with a parameter that specifies
   whether the use of the control word is PREFERRED or NOT PREFERRED.
   For each PW, there MUST be a default value of this parameter.  This
   specification does NOT state what the default value should be.

   If a system is NOT capable of sending and receiving the control word
   on PW types for which the control word is not mandatory, then it
   behaves exactly as if it were configured for the use of the control
   word to be NOT PREFERRED.

   If a Label Mapping message for the PW has already been received but
   no Label Mapping message for the PW has yet been sent, then the
   procedure is as follows:

        -i. If the received Label Mapping message has C=0, send a Label
            Mapping message with C=0; the control word is not used.

Top      Up      ToC       Page 23 
       -ii. If the received Label Mapping message has C=1, and the PW is
            locally configured such that the use of the control word is
            preferred, then send a Label Mapping message with C=1; the
            control word is used.

      -iii. If the received Label Mapping message has C=1, and the PW is
            locally configured such that the use of the control word is
            not preferred or the control word is not supported, then act
            as if no Label Mapping message for the PW had been received
            (i.e., proceed to the next paragraph).

   If a Label Mapping message for the PW has not already been received
   (or if the received Label Mapping message had C=1 and either local
   configuration says that the use of the control word is not preferred
   or the control word is not supported), then send a Label Mapping
   message in which the C-bit is set to correspond to the locally
   configured preference for use of the control word.  (That is, set C=1
   if locally configured to prefer the control word, and set C=0 if
   locally configured to prefer not to use the control word or if the
   control word is not supported).

   The next action depends on what control message is next received for
   that PW.  The possibilities are as follows:

        -i. A Label Mapping message with the same C-bit value as
            specified in the Label Mapping message that was sent.  PW
            setup is now complete, and the control word is used if C=1
            but is not used if C=0.

       -ii. A Label Mapping message with C=1, but the Label Mapping
            message that was sent has C=0.  In this case, ignore the
            received Label Mapping message and continue to wait for the
            next control message for the PW.

      -iii. A Label Mapping message with C=0, but the Label Mapping
            message that was sent has C=1.  In this case, send a Label
            Withdraw message with a "Wrong C-bit" status code, followed
            by a Label Mapping message that has C=0.  PW setup is now
            complete, and the control word is not used.

       -iv. A Label Withdraw message with the "Wrong C-bit" status code.
            Treat as a normal Label Withdraw message, but do not
            respond.  Continue to wait for the next control message for
            the PW.

Top      Up      ToC       Page 24 
   If at any time after a Label Mapping message has been received a
   corresponding Label Withdraw or Release is received, the action taken
   is the same as for any Label Withdraw or Release messages that might
   be received at any time.

   If both endpoints prefer the use of the control word, this procedure
   will cause it to be used.  If either endpoint prefers not to use the
   control word or does not support the control word, this procedure
   will cause it not to be used.  If one endpoint prefers to use the
   control word but the other does not, the one that prefers not to use
   it has no extra protocol to execute; it just waits for a Label
   Mapping message that has C=0.

7.3.  Control-Word Renegotiation by Label Request Message

   It is possible that after the PW C-bit negotiation procedure
   described above is complete, the local PE is re-provisioned with a
   different control word preference.  Therefore, once the control-word
   negotiation procedures are complete, the procedure can be restarted
   as follows:

        -i. If the local PE previously sent a Label Mapping message, it
            MUST send a Label Withdraw message to the remote PE and wait
            until it has received a Label Release message from the
            remote PE.

       -ii. The local PE MUST send a Label Release message to the remote
            PE for the specific label associated with the FEC that was
            advertised for this specific PW.  Note: The above-mentioned
            steps of the Label Release message and Label Withdraw
            message are not required to be executed in any specific
            sequence.

      -iii. The local PE MUST send a Label Request message to the peer
            PE and then MUST wait until it receives a Label Mapping
            message containing the remote PE's currently configured
            preference for use of the control word.

   Once the remote PE has successfully processed the Label Withdraw
   message and Label Release messages, it will reset the C-bit
   negotiation state machine and its use of the control word with the
   locally configured preference.

   From this point on, the local and remote PEs will follow the C-bit
   negotiation procedures defined in the previous section.

   The above C-bit renegotiation process SHOULD NOT be interrupted until
   it is completed, or unpredictable results might occur.

Top      Up      ToC       Page 25 
7.4.  Sequencing Considerations

   In the case where the router considers the sequence number field in
   the control word, it is important to note the following details when
   advertising labels.

7.4.1.  Label Advertisements

   After a label has been withdrawn by the output router and/or released
   by the input router, care must be taken not to advertise (reuse) the
   same released label until the output router can be reasonably certain
   that old packets containing the released label no longer persist in
   the MPLS-enabled network.

   This precaution is required to prevent the imposition router from
   restarting packet forwarding with a sequence number of 1 when it
   receives a Label Mapping message that binds the same FEC to the same
   label if there are still older packets in the network with a sequence
   number between 1 and 32768.  For example, if there is a packet with
   sequence number=n, where n is in the interval [1,32768] traveling
   through the network, it would be possible for the disposition router
   to receive that packet after it re-advertises the label.  Since the
   label has been released by the imposition router, the disposition
   router SHOULD be expecting the next packet to arrive with a sequence
   number of 1.  Receipt of a packet with a sequence number equal to n
   will result in n packets potentially being rejected by the
   disposition router until the imposition router imposes a sequence
   number of n+1 into a packet.  Possible methods to avoid this are for
   the disposition router always to advertise a different PW label, or
   for the disposition router to wait for a sufficient time before
   attempting to re-advertise a recently released label.  This is only
   an issue when sequence number processing is enabled at the
   disposition router.

7.4.2.  Label Release

   In situations where the imposition router wants to restart forwarding
   of packets with sequence number 1, the router shall 1) send to the
   disposition router a Label Release message, and 2) send to the
   disposition router a Label Request message.  When sequencing is
   supported, advertisement of a PW label in response to a Label Request
   message MUST also consider the issues discussed in Section 7.4.1
   ("Label Advertisements").

Top      Up      ToC       Page 26 
8.  IANA Considerations

8.1.  LDP TLV TYPE

   This document uses several new LDP TLV types; IANA already maintains
   a registry titled "TLV Type Name Space", defined by RFC 5036.  The
   following values have been assigned from said registry:

     TLV Type  Description
     =====================================
     0x096A    PW Status TLV
     0x096B    PW Interface Parameters TLV
     0x096C    PW Group ID TLV

8.2.  LDP Status Codes

   This document uses several new LDP status codes; IANA already
   maintains a registry titled "Status Code Name Space", defined by RFC
   5036.  The following values have been assigned:

     Range/Value     E     Description                       Reference
     ------------- -----   ----------------------            ---------
     0x00000024      0     Illegal C-Bit                     [RFC8077]
     0x00000025      0     Wrong C-Bit                       [RFC8077]
     0x00000026      0     Incompatible bit-rate             [RFC8077]
     0x00000027      0     CEP-TDM mis-configuration         [RFC8077]
     0x00000028      0     PW Status                         [RFC8077]
     0x00000029      0     Unassigned/Unrecognized TAI       [RFC8077]
     0x0000002A      0     Generic Misconfiguration Error    [RFC8077]
     0x0000002B      0     Label Withdraw PW Status          [RFC8077]
                           Method Not Supported

8.3.  FEC Type Name Space

   This document uses two new FEC element types, 0x80 and 0x81, from the
   registry "Forwarding Equivalence Class (FEC) Type Name Space" for the
   Label Distribution Protocol (LDP) [RFC5036].

9.  Security Considerations

   This document specifies the LDP extensions that are needed for
   setting up and maintaining pseudowires.  The purpose of setting up
   pseudowires is to enable Layer 2 frames to be encapsulated in MPLS
   and transmitted from one end of a pseudowire to the other.
   Therefore, we address the security considerations for both the data
   plane and the control plane.

Top      Up      ToC       Page 27 
9.1.  Data-Plane Security

   With regard to the security of the data plane, the following areas
   must be considered:

      - MPLS PDU inspection
      - MPLS PDU spoofing
      - MPLS PDU alteration
      - MPLS PSN protocol security
      - Access Circuit security
      - Denial-of-service prevention on the PE routers

   When an MPLS PSN is used to provide pseudowire service, there is a
   perception that security must be at least equal to the currently
   deployed Layer 2 native protocol networks that the MPLS/PW network
   combination is emulating.  This means that the MPLS-enabled network
   SHOULD be isolated from outside packet insertion in such a way that
   it SHOULD NOT be possible to insert an MPLS packet into the network
   directly.  To prevent unwanted packet insertion, it is also important
   to prevent unauthorized physical access to the PSN, as well as
   unauthorized administrative access to individual network elements.

   As mentioned above, an MPLS-enabled network should not accept MPLS
   packets from its external interfaces (i.e., interfaces to CE devices
   or to other providers' networks) unless the top label of the packet
   was legitimately distributed to the system from which the packet is
   being received.  If the packet's incoming interface leads to a
   different Service Provider (SP) (rather than to a customer), an
   appropriate trust relationship must also be present, including the
   trust that the other SP also provides appropriate security measures.

   The three main security problems faced when using an MPLS-enabled
   network to transport PWs are spoofing, alteration, and inspection.
   First, there is a possibility that the PE receiving PW PDUs will get
   a PDU that appears to be from the PE transmitting the PW into the PSN
   but that was not actually transmitted by the PE originating the PW.
   (That is, the specified encapsulations do not by themselves enable
   the decapsulator to authenticate the encapsulator.)  A second problem
   is the possibility that the PW PDU will be altered between the time
   it enters the PSN and the time it leaves the PSN (i.e., the specified
   encapsulations do not by themselves assure the decapsulator of the
   packet's integrity.)  A third problem is the possibility that the
   PDU's contents will be seen while the PDU is in transit through the
   PSN (i.e., the specification encapsulations do not ensure privacy.)
   How significant these issues are in practice depends on the security
   requirements of the applications whose traffic is being sent through
   the tunnel and how secure the PSN itself is.

Top      Up      ToC       Page 28 
9.2.  Control-Plane Security

   General security considerations with regard to the use of LDP are
   specified in Section 5 of [RFC5036].  Those considerations also apply
   to the case where LDP is used to set up pseudowires.

   A pseudowire connects two Attachment Circuits.  It is important to
   make sure that LDP connections are not arbitrarily accepted from
   anywhere, or else a local Attachment Circuit might get connected to
   an arbitrary remote Attachment Circuit.  Therefore, an incoming LDP
   session request MUST NOT be accepted unless its IP source address is
   known to be the source of an "eligible" LDP peer.  The set of
   eligible peers could be preconfigured (either as a list of IP
   addresses or as a list of address/mask combinations), or it could be
   discovered dynamically via an auto-discovery protocol that is itself
   trusted.  (Obviously, if the auto-discovery protocol were not
   trusted, the set of eligible peers it produces could not be trusted.)

   Even if an LDP connection request appears to come from an eligible
   peer, its source address may have been spoofed.  Therefore, some
   means of preventing source address spoofing must be in place.  For
   example, if all the eligible peers are in the same network, source
   address filtering at the border routers of that network could
   eliminate the possibility of source address spoofing.

   The LDP MD5 authentication key option, as described in Section 2.9 of
   [RFC5036], MUST be implemented, and for a greater degree of security,
   it must be used.  This provides integrity and authentication for the
   LDP messages and eliminates the possibility of source address
   spoofing.  Use of the MD5 option does not provide privacy, but
   privacy of the LDP control messages is not usually considered
   important.  As the MD5 option relies on the configuration of pre-
   shared keys, it does not provide much protection against replay
   attacks.  In addition, its reliance on pre-shared keys may make it
   very difficult to deploy when the set of eligible neighbors is
   determined by an auto-configuration protocol.

   When the Generalized PWid FEC Element is used, it is possible that a
   particular LDP peer may be one of the eligible LDP peers but may not
   be the right one to connect to the particular Attachment Circuit
   identified by the particular instance of the Generalized PWid FEC
   Element.  However, given that the peer is known to be one of the
   eligible peers (as discussed above), this would be the result of a
   configuration error rather than a security problem.  Nevertheless, it
   may be advisable for a PE to associate each of its local Attachment
   Circuits with a set of eligible peers rather than have just a single
   set of eligible peers associated with the PE as a whole.

Top      Up      ToC       Page 29 
10.  Interoperability and Deployment

   Section 2.2 of [RFC6410] specifies four requirements that an Internet
   Standard must meet.  This section documents how this document meets
   those requirements.

   The pseudowire technology was first deployed in 2001 and has been
   widely deployed by many carriers.  [RFC7079] documents the results of
   a survey of PW implementations with specific emphasis on control-word
   usage.  [EANTC] documents a public multi-vendor interoperability test
   of MPLS and Carrier Ethernet equipment, which included testing of
   Ethernet, ATM, and TDM pseudowires.

   The errata against [RFC4447] are generally editorial in nature and
   have been addressed in this document.

   All features in this specification have been implemented by multiple
   vendors.

   No IPR disclosures have been made to the IETF related to this
   document, to RFCs 4447 or 6723, or to the Internet-Drafts that
   resulted in RFCs 4447 and 6723.

11.  References

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, DOI
              10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC5036]  Andersson, L., Ed., Minei, I., Ed., and B. Thomas, Ed.,
              "LDP Specification", RFC 5036, DOI 10.17487/RFC5036,
              October 2007, <http://www.rfc-editor.org/info/rfc5036>.

   [RFC3032]  Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
              Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
              Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
              <http://www.rfc-editor.org/info/rfc3032>.

   [RFC4446]  Martini, L., "IANA Allocations for Pseudowire Edge to Edge
              Emulation (PWE3)", BCP 116, RFC 4446, DOI
              10.17487/RFC4446, April 2006,
              <http://www.rfc-editor.org/info/rfc4446>.

Top      Up      ToC       Page 30 
   [RFC7358]  Raza, K., Boutros, S., Martini, L., and N. Leymann, "Label
              Advertisement Discipline for LDP Forwarding Equivalence
              Classes (FECs)", RFC 7358, DOI 10.17487/RFC7358, October
              2014, <http://www.rfc-editor.org/info/rfc7358>.

11.2.  Informative References

   [RFC2277]  Alvestrand, H., "IETF Policy on Character Sets and
              Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277,
              January 1998, <http://www.rfc-editor.org/info/rfc2277>.

   [RFC3985]  Bryant, S., Ed., and P. Pate, Ed., "Pseudo Wire Emulation
              Edge-to-Edge (PWE3) Architecture", RFC 3985, DOI
              10.17487/RFC3985, March 2005,
              <http://www.rfc-editor.org/info/rfc3985>.

   [RFC4842]  Malis, A., Pate, P., Cohen, R., Ed., and D. Zelig,
              "Synchronous Optical Network/Synchronous Digital Hierarchy
              (SONET/SDH) Circuit Emulation over Packet (CEP)", RFC
              4842, DOI 10.17487/RFC4842, April 2007,
              <http://www.rfc-editor.org/info/rfc4842>.

   [RFC4553]  Vainshtein, A., Ed., and YJ. Stein, Ed., "Structure-
              Agnostic Time Division Multiplexing (TDM) over Packet
              (SAToP)", RFC 4553, DOI 10.17487/RFC4553, June 2006,
              <http://www.rfc-editor.org/info/rfc4553>.

   [RFC4619]  Martini, L., Ed., Kawa, C., Ed., and A. Malis, Ed.,
              "Encapsulation Methods for Transport of Frame Relay over
              Multiprotocol Label Switching (MPLS) Networks", RFC 4619,
              DOI 10.17487/RFC4619, September 2006,
              <http://www.rfc-editor.org/info/rfc4619>.

   [RFC4717]  Martini, L., Jayakumar, J., Bocci, M., El-Aawar, N.,
              Brayley, J., and G. Koleyni, "Encapsulation Methods for
              Transport of Asynchronous Transfer Mode (ATM) over MPLS
              Networks", RFC 4717, DOI 10.17487/RFC4717, December 2006,
              <http://www.rfc-editor.org/info/rfc4717>.

   [RFC4618]  Martini, L., Rosen, E., Heron, G., and A. Malis,
              "Encapsulation Methods for Transport of PPP/High-Level
              Data Link Control (HDLC) over MPLS Networks", RFC 4618,
              DOI 10.17487/RFC4618, September 2006,
              <http://www.rfc-editor.org/info/rfc4618>.

Top      Up      ToC       Page 31 
   [RFC4448]  Martini, L., Ed., Rosen, E., El-Aawar, N., and G. Heron,
              "Encapsulation Methods for Transport of Ethernet over MPLS
              Networks", RFC 4448, DOI 10.17487/RFC4448, April 2006,
              <http://www.rfc-editor.org/info/rfc4448>.

   [RFC4447]  Martini, L., Ed., Rosen, E., El-Aawar, N., Smith, T., and
              G. Heron, "Pseudowire Setup and Maintenance Using the
              Label Distribution Protocol (LDP)", RFC 4447, DOI
              10.17487/RFC4447, April 2006,
              <http://www.rfc-editor.org/info/rfc4447>.

   [RFC6410]  Housley, R., Crocker, D., and E. Burger, "Reducing the
              Standards Track to Two Maturity Levels", BCP 9, RFC 6410,
              DOI 10.17487/RFC6410, October 2011,
              <http://www.rfc-editor.org/info/rfc6410>.

   [RFC6723]  Jin, L., Ed., Key, R., Ed., Delord, S., Nadeau, T., and S.
              Boutros, "Update of the Pseudowire Control-Word
              Negotiation Mechanism", RFC 6723, DOI 10.17487/RFC6723,
              September 2012, <http://www.rfc-editor.org/info/rfc6723>.

   [RFC7079]  Del Regno, N., Ed., and A. Malis, Ed., "The Pseudowire
              (PW) and Virtual Circuit Connectivity Verification (VCCV)
              Implementation Survey Results", RFC 7079, DOI
              10.17487/RFC7079, November 2013,
              <http://www.rfc-editor.org/info/rfc7079>.

   [ANSI]     American National Standards Institute, "Telecommunications
              - Synchronous Optical Network (SONET) - Basic Description
              Including Multiplex Structures, Rates, and Formats", ANSI
              T1.105, October 1995.

   [ITUG]     International Telecommunications Union, "Network node
              interface for the synchronous digital hierarchy (SDH)",
              ITU-T Recommendation G.707, May 1996.

   [EANTC]    European Advanced Networking Test Center, "MPLS and
              Carrier Ethernet: Service - Connect - Transport. Public
              Multi-Vendor Interoperability Test", February 2009.

Acknowledgments

   The authors wish to acknowledge the contributions of Vach Kompella,
   Vanson Lim, Wei Luo, Himanshu Shah, and Nick Weeds.  The authors wish
   to also acknowledge the contribution of the authors of RFC 6723,
   whose work has been incorporated in this document: Lizhong Jin,
   Raymond Key, Simon Delord, Tom Nadeau, and Sami Boutros.

Top      Up      ToC       Page 32 
Contributors

   The following individuals were either authors or contributing authors
   for RFC 4447.  They are listed here in recognition of their work on
   that document.

   Nasser El-Aawar
   Level 3 Communications, LLC.
   1025 Eldorado Blvd.
   Broomfield, CO 80021
   United States of America

   Email: nna@level3.net


   Eric C.  Rosen
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA 01719
   United States of America

   Email: erosen@cisco.com


   Dan Tappan
   Cisco Systems, Inc.
   1414 Massachusetts Avenue
   Boxborough, MA 01719
   United States of America

   Email: tappan@cisco.com


   Toby Smith
   Google
   6425 Penn Ave. #700
   Pittsburgh, PA 15206
   United States of America

   Email: tob@google.com


   Dimitri Vlachos
   Riverbed Technology

   Email: dimitri@riverbed.com

Top      Up      ToC       Page 33 
   Jayakumar Jayakumar
   Cisco Systems Inc.
   3800 Zanker Road, MS-SJ02/2
   San Jose, CA 95134
   United States of America

   Email: jjayakum@cisco.com


   Alex Hamilton,
   Cisco Systems Inc.
   485 East Tasman Drive, MS-SJC07/3
   San Jose, CA 95134
   United States of America

   Email: tahamilt@cisco.com


   Steve Vogelsang
   ECI Telecom
   Omega Corporate Center
   1300 Omega Drive
   Pittsburgh, PA 15205
   United States of America

   Email: stephen.vogelsang@ecitele.com


   John Shirron
   ECI Telecom
   Omega Corporate Center
   1300 Omega Drive
   Pittsburgh, PA 15205
   United States of America

   Email: john.shirron@ecitele.com


   Andrew G. Malis
   Verizon
   60 Sylvan Rd.
   Waltham, MA 02451
   United States of America

   Email: andrew.g.malis@verizon.com

Top      Up      ToC       Page 34 
   Vinai Sirkay
   Reliance Infocomm
   Dhirubai Ambani Knowledge City
   Navi Mumbai 400 709
   India

   Email: vinai@sirkay.com


   Vasile Radoaca
   Nortel Networks
   600  Technology Park
   Billerica MA 01821
   United States of America

   Email: vasile@nortelnetworks.com


   Chris Liljenstolpe
   149 Santa Monica Way
   San Francisco, CA 94127
   United States of America

   Email: ietf@cdl.asgaard.org


   Dave Cooper
   Global Crossing
   960 Hamlin Court
   Sunnyvale, CA 94089
   United States of America

   Email: dcooper@gblx.net


   Kireeti Kompella
   Juniper Networks
   1194 N. Mathilda Ave
   Sunnyvale, CA 94089
   United States of America

   Email: kireeti@juniper.net

Top      Up      ToC       Page 35 
Authors' Addresses

   Luca Martini (editor)
   Cisco Systems, Inc.
   1899 Wynkoop Street, Suite 600
   Denver, CO 80202
   United States of America

   Email: lmartini@monoski.com


   Giles Heron (editor)
   Cisco Systems
   10 New Square
   Bedfont Lakes
   Feltham
   Middlesex
   TW14 8HA
   United Kingdom

   Email: giheron@cisco.com