draft-ietf-mpls-tp-linear-protection-08.txt   draft-ietf-mpls-tp-linear-protection-09.txt 
Network Working Group S. Bryant Network Working Group S. Bryant
Internet-Draft E. Osborne Internet-Draft E. Osborne
Intended status: Standards Track Cisco Intended status: Standards Track Cisco
Expires: January 26, 2012 N. Sprecher Expires: February 4, 2012 N. Sprecher
Nokia Siemens Networks Nokia Siemens Networks
A. Fulignoli, Ed. A. Fulignoli, Ed.
Ericsson Ericsson
Y. Weingarten, Ed. Y. Weingarten, Ed.
Nokia Siemens Networks Nokia Siemens Networks
July 25, 2011 August 3, 2011
MPLS-TP Linear Protection MPLS-TP Linear Protection
draft-ietf-mpls-tp-linear-protection-08.txt draft-ietf-mpls-tp-linear-protection-09.txt
Abstract Abstract
The Transport Profile for Multiprotocol Label Switching (MPLS-TP) is The Transport Profile for Multiprotocol Label Switching (MPLS-TP) is
being specified jointly by IETF and ITU-T. This document addresses being specified jointly by IETF and ITU-T. This document addresses
the functionality described in the MPLS-TP Survivability Framework the functionality described in the MPLS-TP Survivability Framework
document [SurvivFwk] and defines a protocol that may be used to document [SurvivFwk] and defines a protocol that may be used to
fulfill the function of the Protection State Coordination for linear fulfill the function of the Protection State Coordination for linear
protection, as described in that document. protection, as described in that document.
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 26, 2012. This Internet-Draft will expire on February 4, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 21 skipping to change at page 3, line 21
2. Conventions used in this document . . . . . . . . . . . . . . 6 2. Conventions used in this document . . . . . . . . . . . . . . 6
2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2. Definitions and Terminology . . . . . . . . . . . . . . . 7 2.2. Definitions and Terminology . . . . . . . . . . . . . . . 7
3. Protection switching control logic . . . . . . . . . . . . . . 7 3. Protection switching control logic . . . . . . . . . . . . . . 7
3.1. Local Request Logic . . . . . . . . . . . . . . . . . . . 8 3.1. Local Request Logic . . . . . . . . . . . . . . . . . . . 8
3.2. Remote Requests . . . . . . . . . . . . . . . . . . . . . 10 3.2. Remote Requests . . . . . . . . . . . . . . . . . . . . . 10
3.3. PSC Control Logic . . . . . . . . . . . . . . . . . . . . 11 3.3. PSC Control Logic . . . . . . . . . . . . . . . . . . . . 11
3.4. PSC Message Generator . . . . . . . . . . . . . . . . . . 12 3.4. PSC Message Generator . . . . . . . . . . . . . . . . . . 12
3.5. Wait-to-Restore (WTR) timer . . . . . . . . . . . . . . . 12 3.5. Wait-to-Restore (WTR) timer . . . . . . . . . . . . . . . 12
3.6. PSC Control States . . . . . . . . . . . . . . . . . . . . 12 3.6. PSC Control States . . . . . . . . . . . . . . . . . . . . 12
3.6.1. Local and Remote state . . . . . . . . . . . . . . . . 13 3.6.1. Local and Remote state . . . . . . . . . . . . . . . . 14
4. Protection state coordination (PSC) protocol . . . . . . . . . 14 4. Protection state coordination (PSC) protocol . . . . . . . . . 14
4.1. Transmission and acceptance of PSC control packets . . . . 15 4.1. Transmission and acceptance of PSC control packets . . . . 15
4.2. Protocol format . . . . . . . . . . . . . . . . . . . . . 16 4.2. Protocol format . . . . . . . . . . . . . . . . . . . . . 15
4.2.1. PSC Ver field . . . . . . . . . . . . . . . . . . . . 16 4.2.1. PSC Ver field . . . . . . . . . . . . . . . . . . . . 16
4.2.2. PSC Request field . . . . . . . . . . . . . . . . . . 16 4.2.2. PSC Request field . . . . . . . . . . . . . . . . . . 16
4.2.3. Protection Type (PT) . . . . . . . . . . . . . . . . . 18 4.2.3. Protection Type (PT) . . . . . . . . . . . . . . . . . 18
4.2.4. Revertive (R) field . . . . . . . . . . . . . . . . . 18 4.2.4. Revertive (R) field . . . . . . . . . . . . . . . . . 18
4.2.5. Fault path (FPath) field . . . . . . . . . . . . . . . 18 4.2.5. Fault path (FPath) field . . . . . . . . . . . . . . . 18
4.2.6. Data path (Path) field . . . . . . . . . . . . . . . . 19 4.2.6. Data path (Path) field . . . . . . . . . . . . . . . . 19
4.2.7. Additional TLV information . . . . . . . . . . . . . . 19 4.2.7. Additional TLV information . . . . . . . . . . . . . . 19
4.3. Principles of Operation . . . . . . . . . . . . . . . . . 20 4.3. Principles of Operation . . . . . . . . . . . . . . . . . 19
4.3.1. Basic operation . . . . . . . . . . . . . . . . . . . 20 4.3.1. Basic operation . . . . . . . . . . . . . . . . . . . 20
4.3.2. Priority of inputs . . . . . . . . . . . . . . . . . . 21 4.3.2. Priority of inputs . . . . . . . . . . . . . . . . . . 21
4.3.3. Operation of PSC States . . . . . . . . . . . . . . . 22 4.3.3. Operation of PSC States . . . . . . . . . . . . . . . 22
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
5.1. Pseudowire Associated Channel Type . . . . . . . . . . . . 32 5.1. Pseudowire Associated Channel Type . . . . . . . . . . . . 32
5.2. PSC Request Field . . . . . . . . . . . . . . . . . . . . 33 5.2. PSC Request Field . . . . . . . . . . . . . . . . . . . . 33
5.3. Additional TLVs . . . . . . . . . . . . . . . . . . . . . 33 5.3. Additional TLVs . . . . . . . . . . . . . . . . . . . . . 33
6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 34 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 35
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1. Normative References . . . . . . . . . . . . . . . . . . . 35 8.1. Normative References . . . . . . . . . . . . . . . . . . . 35
8.2. Informative References . . . . . . . . . . . . . . . . . . 35 8.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. PSC state machine tables . . . . . . . . . . . . . . 36 Appendix A. PSC state machine tables . . . . . . . . . . . . . . 36
Appendix B. Exercising the protection domain . . . . . . . . . . 40 Appendix B. Exercising the protection domain . . . . . . . . . . 40
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
The MPLS Transport Profile (MPLS-TP) [TPFwk] is a framework for the The MPLS Transport Profile (MPLS-TP) [TPFwk] is a framework for the
skipping to change at page 9, line 31 skipping to change at page 9, line 31
described in greater detail in [SurvivFwk]. described in greater detail in [SurvivFwk].
o Control plane - if there is a control plane active in the network o Control plane - if there is a control plane active in the network
(either signaling or routing), it MAY trigger protection switching (either signaling or routing), it MAY trigger protection switching
based on conditions detected by the control plane. If the control based on conditions detected by the control plane. If the control
plane is based on GMPLS [RFC3945] then the recovery process SHALL plane is based on GMPLS [RFC3945] then the recovery process SHALL
comply with the process described in [RFC4872] and [RFC4873]. comply with the process described in [RFC4872] and [RFC4873].
o OAM indication - OAM fault management or performance measurement o OAM indication - OAM fault management or performance measurement
tools may detect a failure or degrade condition on either the tools may detect a failure or degrade condition on either the
working or protection transport path and this must input an working or protection transport path and this MUST input an
indication to the Local Request Logic. indication to the Local Request Logic.
o WTR expires - The Wait-to-Restore timer is used in conjunction o WTR expires - The Wait-to-Restore timer is used in conjunction
with recovery from failure conditions on the working path in with recovery from failure conditions on the working path in
revertive mode. The timer SHALL signal the PSC control process revertive mode. The timer SHALL signal the PSC control process
when it expires and the end point SHALL revert to the normal when it expires and the end point SHALL revert to the normal
transmission of the user data traffic. transmission of the user data traffic.
The Local request logic processes these different input sources and, The input from these sources SHOULD be retained persistently for the
based on the priorities between them (see section 4.3.2), produces a duration of condition that initiated the trigger. The Local request
current local request. If more than one local input source generates logic processes these different input sources and, based on the
an indicator, then the Local request logic selects the higher priorities between them (see section 4.3.2), produces a current local
priority indicator and blocks any lower priority indicator. As a request. If more than one local input source generates a trigger,
result, there is a single current local request that is passed to the then the Local request logic selects the higher priority indicator
PSC Control logic. The different local requests that may be output and ignores any lower priority indicator. As a result, there is a
from the Local Request Logic are: single current local request that is passed to the PSC Control logic.
The different local requests that may be output from the Local
Request Logic are:
o Clear - if the operator cancels an active local administrative o Clear - if the operator cancels an active local administrative
command, i.e. LO/FS/MS. command, i.e. LO/FS/MS.
o Lockout of Protection (LO) - if the operator requested to prevent o Lockout of Protection (LO) - if the operator requested to prevent
switching data traffic to the protection path, for any purpose. switching data traffic to the protection path, for any purpose.
o Signal Fail (SF) - if any of the Server Layer, Control plane, or o Signal Fail (SF) - if any of the Server Layer, Control plane, or
OAM indications signaled a failure condition on either the OAM indications signaled a failure condition on either the
protection path or one of the working paths. protection path or one of the working paths.
skipping to change at page 15, line 19 skipping to change at page 15, line 23
the normal data traffic in the most prevalent case, i.e. the Normal the normal data traffic in the most prevalent case, i.e. the Normal
state. In addition, limiting the transmission to a single path state. In addition, limiting the transmission to a single path
avoids possible conflicts and race conditions that could develop if avoids possible conflicts and race conditions that could develop if
the PSC messages were sent on both paths. the PSC messages were sent on both paths.
When the protection domain state is changed due to a local input, When the protection domain state is changed due to a local input,
three PSC messages SHALL be transmitted as quickly as possible, to three PSC messages SHALL be transmitted as quickly as possible, to
allow for rapid protection switching. This set of three rapid allow for rapid protection switching. This set of three rapid
messages allows for fast protection switching even if one or two of messages allows for fast protection switching even if one or two of
these packets are lost or corrupted. When the protection domain these packets are lost or corrupted. When the protection domain
state changes due to a remote message the LER MAY send the three state changes due to a remote message the LER SHOULD send the three
rapid messages, but is not required to. However, when the LER rapid messages. However, when the LER tranfers from WTR state to
tranfers from WTR state to Normal state as a result of a remote NR Normal state as a result of a remote NR message, the three rapid
message, the three rapid messages SHALL be transmitted. After the messages SHALL be transmitted. After the transmission of the three
transmission of the three rapid messages, the LER MUST retransmit the rapid messages, the LER MUST retransmit the most recently transmitted
most recently transmitted PSC message on a continual basis. PSC message on a continual basis.
An implementation that is concerned about the potential for end
points to become out of sync as a result of lost messages MAY choose
to send messages more frequently at every state change. Such
behavior is consistent with the protocol specified here and will be
handled correctly by the receiver.
Both the default frequency of the three rapid messages as well as the Both the default frequency of the three rapid messages as well as the
default frequency of the continual message transmission SHALL be default frequency of the continual message transmission SHALL be
configurable by the operator. The actual frequencies used may be configurable by the operator. The actual frequencies used MAY be
configurable, at the time of establishment, for each individual configurable, at the time of establishment, for each individual
protected LSP. For management purposes, the operator should be able protected LSP. For management purposes, the operator SHOULD be able
to retrieve the current default frequency values as well as the to retrieve the current default frequency values as well as the
actual values for any specific LSP. For protection switching within actual values for any specific LSP. For protection switching within
50ms, it is RECOMMENDED that the default interval of the first three 50ms, it is RECOMMENDED that the default interval of the first three
rapid PSC messages SHOULD be no larger than 3.3ms. Using this rapid PSC messages SHOULD be no larger than 3.3ms. Using this
frequency would allow the far-end to be guaranteed of receiving the frequency would allow the far-end to be guaranteed of receiving the
trigger indication within 10ms and completion of the switching trigger indication within 10ms and completion of the switching
operation within 50ms. Subsequent messages SHOULD be continuously operation within 50ms. Subsequent messages SHOULD be continuously
transmitted with a default interval of 5 seconds. The purpose of the transmitted with a default interval of 5 seconds. The purpose of the
continual messages is to verify that the PSC session is still alive. continual messages is to verify that the PSC session is still alive.
skipping to change at page 21, line 22 skipping to change at page 21, line 15
protection the data traffic will be transmitted exclusively on either protection the data traffic will be transmitted exclusively on either
the protection or working path, while when using 1+1 protection the the protection or working path, while when using 1+1 protection the
traffic will be transmitted on both paths and the receiving LER traffic will be transmitted on both paths and the receiving LER
should select the appropriate signal based on the state. The text should select the appropriate signal based on the state. The text
will refer to this transmission/selection as "transport" of the data will refer to this transmission/selection as "transport" of the data
traffic. For 1+1 unidirectional protection, the state of the traffic. For 1+1 unidirectional protection, the state of the
selector will only be switched in reaction to a local message. When selector will only be switched in reaction to a local message. When
receiving a remote message, a LER that is configured for 1+1 receiving a remote message, a LER that is configured for 1+1
unidirectional protection, will transfer to the new remote state, unidirectional protection, will transfer to the new remote state,
however it will continue to select data according to the latest known however it will continue to select data according to the latest known
local state. local state. When the LER transitions into the Normal state, the PSC
Control Process SHALL check the persistent state of the local
triggers to decide if it should further transition into a new state.
4.3.2. Priority of inputs 4.3.2. Priority of inputs
As noted above (in section 3.1) the PSC Control Process accepts input As noted above (in section 3.1) the PSC Control Process accepts input
from five local input sources. There is a definition of priority from five local input sources. There is a definition of priority
between the different inputs that may be triggered locally. The list between the different inputs that may be triggered locally. The list
of local requests in order of priority are (from highest to lowest of local requests in order of priority are (from highest to lowest
priority): priority):
1. Clear (Operator command) 1. Clear (Operator command)
2. Lockout of protection (Operator command) 2. Lockout of protection (Operator command)
3. Signal Fail on protection (OAM/Control Plane/Server Indication) 3. Forced switch (Operator command)
4. Forced switch (Operator command) 4. Signal Fail on protection (OAM/Control Plane/Server Indication)
5. Signal Fail on working (OAM/Control Plane/Server Indication) 5. Signal Fail on working (OAM/Control Plane/Server Indication)
6. Signal Degrade on working (OAM/Control Plane/Server Indication) 6. Signal Degrade on working (OAM/Control Plane/Server Indication)
7. Clear Signal Fail/Degrade (OAM/Control Plane/Server Indication) 7. Clear Signal Fail/Degrade (OAM/Control Plane/Server Indication)
8. Manual switch (Operator command) 8. Manual switch (Operator command)
9. WTR expires (WTR Timer) 9. WTR expires (WTR Timer)
skipping to change at page 22, line 32 skipping to change at page 22, line 28
The following sub-sections present the operation of the different The following sub-sections present the operation of the different
states defined in section 3.6. For each state we define the states defined in section 3.6. For each state we define the
reaction, i.e. the new state and the message to transmit, to each reaction, i.e. the new state and the message to transmit, to each
possible input - either the highest priority local input or the PSC possible input - either the highest priority local input or the PSC
message from the remote LER. It should be noted that the new state message from the remote LER. It should be noted that the new state
of the protection domain is described from the point of view of the of the protection domain is described from the point of view of the
LER that is reporting the state, therefore, the language of "the LER LER that is reporting the state, therefore, the language of "the LER
goes into a state" is referring to the LER reporting that the goes into a state" is referring to the LER reporting that the
protection domain is now in this new state. If the definition states protection domain is now in this new state. If the definition states
to "ignore" the message, the intention is that the protection domain to "ignore" the message, the intention is that the protection domain
should remain in its current state and the LER should continue SHALL remain in its current state and the LER SHALL continue
transmitting (as presented in section 4.1) the current PSC message. transmitting (as presented in section 4.1) the current PSC message.
When a LER is in a remote state, i.e. state transition in reaction to When a LER is in a remote state, i.e. state transition in reaction to
a PSC message recieved from the far-end LER, and receives a new PSC a PSC message recieved from the far-end LER, and receives a new PSC
message from the far-end LER that indicates a contradictory state, message from the far-end LER that indicates a contradictory state,
e.g. in remote Unavailable state receiving a remote FS(1,1) message, e.g. in remote Unavailable state receiving a remote FS(1,1) message,
then the PSC Control Logic should reevaluate all inputs (both the then the PSC Control Logic SHALL reevaluate all inputs (both the
local input and the remote message) as if the LER is in the Normal local input and the remote message) as if the LER is in the Normal
state. state.
4.3.3.1. Normal State 4.3.3.1. Normal State
When the protection domain has no special condition in effect, the When the protection domain has no special condition in effect, the
ingress LER SHALL forward the user data along the working path, and, ingress LER SHALL forward the user data along the working path, and,
in the case of 1+1 protection, the Permanent Bridge will bridge the in the case of 1+1 protection, the Permanent Bridge will bridge the
data to the protection path as well. The receiving LER SHALL read data to the protection path as well. The receiving LER SHALL read
the data from the working path. the data from the working path.
When the protection domain is in Normal State the end-point SHALL When the LER transitions into the Normal state, the PSC Control
Process SHALL check the persistent state of the local triggers to
decide if it should further transition into a new state. If the
result of this check is a transition into a new state, the LER SHALL
transmit the corresponding message described in this section and
SHALL use the data path corresponding to the new state. When the
protection domain remains in Normal State, the end-point SHALL
transmit a NR(0,0) message, indicating - Nothing to report and data transmit a NR(0,0) message, indicating - Nothing to report and data
traffic is being transported on the working path. traffic is being transported on the working path.
When the protection domain is in Normal State the following When the protection domain is in Normal State the following
transitions are relevant in reaction to a local input (new state transitions are relevant in reaction to a local input to the LER:
SHOULD be marked as local) to the LER:
o A local Lockout of protection input SHALL cause the LER to go into o A local Lockout of protection input SHALL cause the LER to go into
local Unavailable State and begin transmission of a LO(0,0) local Unavailable State and begin transmission of a LO(0,0)
message. message.
o A local Forced switch input SHALL cause the LER to go into local o A local Forced switch input SHALL cause the LER to go into local
Protecting administrative state and begin transmission of a Protecting administrative state and begin transmission of a
FS(1,1) message. FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL cause o A local Signal Fail indication on the protection path SHALL cause
skipping to change at page 23, line 34 skipping to change at page 23, line 34
LER to go into local Protecting failure state and begin LER to go into local Protecting failure state and begin
transmission of a SF(1,1) message. transmission of a SF(1,1) message.
o A local Manual switch input SHALL cause the LER to go into local o A local Manual switch input SHALL cause the LER to go into local
Protecting administrative state and begin transmission of a Protecting administrative state and begin transmission of a
MS(1,1) message. MS(1,1) message.
o All other local inputs SHALL be ignored. o All other local inputs SHALL be ignored.
In Normal state, remote messages would cause the following reaction In Normal state, remote messages would cause the following reaction
from the LER (new state SHOULD be marked as remote): from the LER:
o A remote Lockout of protection message SHALL cause the LER to go o A remote Lockout of protection message SHALL cause the LER to go
into remote Unavailable state, while continuing to transmit the into remote Unavailable state, while continuing to transmit the
NR(0,0) message. NR(0,0) message.
o A remote Forced switch message SHALL cause the LER to go into o A remote Forced switch message SHALL cause the LER to go into
remote Protecting administrative state, and begin transmitting a remote Protecting administrative state, and begin transmitting a
NR(0,1) message. NR(0,1) message.
o A remote Signal Fail message that indicates that the failure is on o A remote Signal Fail message that indicates that the failure is on
skipping to change at page 24, line 16 skipping to change at page 24, line 16
remote Protecting administrative state, and transmit a NR(0,1) remote Protecting administrative state, and transmit a NR(0,1)
message. message.
o All other remote messages SHALL be ignored. o All other remote messages SHALL be ignored.
4.3.3.2. Unavailable State 4.3.3.2. Unavailable State
When the protection path is unavailable - either as a result of a When the protection path is unavailable - either as a result of a
Lockout operator command, or as a result of a SF detected on the Lockout operator command, or as a result of a SF detected on the
protection path - then the protection domain is in the unavailable protection path - then the protection domain is in the unavailable
state. In this state, the data traffic is transported on the working state. In this state, the data traffic SHALL be transported on the
path and is not protected. When the domain is in unavailable state working path and is not protected. When the domain is in unavailable
the PSC messages may not get through and therefore the protection is state the PSC messages may not get through and therefore the
more dependent on the local inputs rather than the remote messages protection is more dependent on the local inputs rather than the
(that may not be received). remote messages (that may not be received).
The protection domain will exit the unavailable state and revert to The protection domain will exit the unavailable state and revert to
the normal state when, either the operator clears the Lockout command the Normal state when either the operator clears the Lockout command
or the protection path recovers from the signal fail or degraded or the protection path recovers from the signal fail or degraded
situation. Both ends will continue to send the PSC messages over the situation. Both ends will continue to send the PSC messages over the
protection path, as a result of this recovery. protection path, as a result of this recovery.
When the LER (assume LER-A) is in Unavailable State the following When the LER (assume LER-A) is in Unavailable State the following
transitions are relevant in reaction to a local input (new state transitions are relevant in reaction to a local input:
SHOULD be marked as local):
o A local Clear input SHALL be ignored if the LER is in remote o A local Clear input SHALL be ignored if the LER is in remote
Unavailable state. If in local Unavailable state due to a Lockout Unavailable state. If in local Unavailable state due to a Lockout
command, then the input SHALL cause the LER to go to Normal state command, then the input SHALL cause the LER to go to Normal state.
and begin transmitting a NR(0,0) message.
o A local Lockout of protection input SHALL cause the LER to remain o A local Lockout of protection input SHALL cause the LER to remain
in local Unavailable State and transmit a LO(0,0) message to the in local Unavailable State and transmit a LO(0,0) message to the
far-end LER (LER-Z). far-end LER (LER-Z).
o A local Clear SF of the protection path in local Unavailable state o A local Clear SF of the protection path in local Unavailable state
that is due to a SF on the protection path SHALL cause the LER to that is due to a SF on the protection path SHALL cause the LER to
go to Normal state and begin transmitting a NR(0,0) message. If go to Normal state. If the LER is in remote Unavailable state but
the LER is in remote Unavailable state but has an active local SF has an active local SF condition, then the local Clear SF SHALL
condition, then the local Clear SF SHALL clear the SF local clear the SF local condition and the LER SHALL remain in remote
condition and the LER SHALL remain in remote Unavailable state and Unavailable state and begin transmitting NR(0,0) messages. In all
begin transmitting NR(0,0) messages. In all other cases the local other cases the local Clear SF SHALL be ignored.
Clear SF SHALL be ignored.
o A local Forced switch SHALL be ignored by the PSC Control Logic. o A local Forced switch SHALL be ignored by the PSC Control Logic
when in Unavailable state as a result of a (local or remote)
Lockout of protection. If in Unavailable state due to a SF on
protection, then the FS SHALL cause the LER to go into local
Protecting administrative state and begin transmitting a FS(1,1)
message. It should be noted that due to the unavailability of the
protection path (i.e., due to the SF condition) that this FS may
not be received by the far-end until the SF condition is cleared.
o A local Signal Fail on the protection path input when in local o A local Signal Fail on the protection path input when in local
Unavailable state [by implication this is due to a local SF on Unavailable state [by implication this is due to a local SF on
protection] SHALL cause the LER to remain in local Unavailable protection] SHALL cause the LER to remain in local Unavailable
state and transmit a SF(0,0) message. state and transmit a SF(0,0) message.
o A local Signal Fail on the working path input when in remote o A local Signal Fail on the working path input when in remote
Unavailable state SHALL cause the LER to remain in remote Unavailable state SHALL cause the LER to remain in remote
Unavailable state and transmit a SF(1,0) message. Unavailable state and transmit a SF(1,0) message.
skipping to change at page 25, line 26 skipping to change at page 25, line 28
If remote messages are being received over the protection path then If remote messages are being received over the protection path then
they would have the following affect: they would have the following affect:
o A remote Lockout of protection message SHALL cause the LER to o A remote Lockout of protection message SHALL cause the LER to
remain in Unavailable state, (note that if the LER was previously remain in Unavailable state, (note that if the LER was previously
in local Unavailable state due to a Signal Fail on the protection in local Unavailable state due to a Signal Fail on the protection
path, then it will now be in remote Unavailable state) and path, then it will now be in remote Unavailable state) and
continue transmission of the current message (either NR(0,0) or continue transmission of the current message (either NR(0,0) or
LO(0,0) or SF(0,0)) LO(0,0) or SF(0,0))
o A remote Forced switch message SHALL be ignored by the PSC Control
Logic when in Unavailable state as a result of a (local or remote)
Lockout of protection. If in Unavailable state due to a SF on
protection, then the FS SHALL cause the LER to go into remote
Protecting administrative state and begin transmitting a SF(0,1)
message.
o A remote Signal Fail message that indicates that the failure is on o A remote Signal Fail message that indicates that the failure is on
the protection path SHALL cause the LER to remain in Unavailable the protection path SHALL cause the LER to remain in Unavailable
state and continue transmission of the current message (either state and continue transmission of the current message (either
NR(0,0) or SF(0,0) or LO(0,0)). NR(0,0) or SF(0,0) or LO(0,0)).
o A remote No Request, when the LER is in remote Unavailable state o A remote No Request, when the LER is in remote Unavailable state
and there is no active local Signal Fail SHALL cause the LER to go and there is no active local Signal Fail SHALL cause the LER to go
into Normal state and continue transmission of the current into Normal state and continue transmission of the current
message. If there is a local Signal Fail on the protection path, message. If there is a local Signal Fail on the protection path,
the LER SHALL remain in local Unavailable state and transmit a the LER SHALL remain in local Unavailable state and transmit a
SF(0,0) message. If there is a local Signal Fail on the working SF(0,0) message. If there is a local Signal Fail on the working
path, the LER SHALL go into local Protecting Failure state and path, the LER SHALL go into local Protecting Failure state and
transmit a SF(1,1) message. When in local Unavailable state, the transmit a SF(1,1) message. When in local Unavailable state, the
remote message SHALL be ignored. remote message SHALL be ignored.
o All other remote messages SHALL be ignored. o All other remote messages SHALL be ignored.
4.3.3.3. Protecting administrative state 4.3.3.3. Protecting administrative state
In the protecting state the user data traffic is being transported on In the protecting state the user data traffic SHALL be transported on
the protection path, while the working path is blocked due to an the protection path, while the working path is blocked due to an
operator command, i.e. Forced Switch or Manual Switch. The operator command, i.e. Forced Switch or Manual Switch. The
difference between a local FS and local MS affects what local difference between a local FS and local MS affects what local
indicators may be received - the Local request logic will block any indicators may be received - the Local request logic will block any
local SF when under the influence of a local FS, whereas the SF would local SF when under the influence of a local FS, whereas the SF would
override a local MS. In general, a MS will be canceled in case of override a local MS. In general, a MS will be canceled in case of
either a local or remote SF or LO condition. either a local or remote SF or LO condition.
The following describe the reaction to local input: The following describe the reaction to local input:
o A local Clear SHALL be ignored if in remote Protecting o A local Clear SHALL be ignored if in remote Protecting
administrative state. If in local Protecting administrative state administrative state. If in local Protecting administrative state
then this input SHALL cause the LER to go into Normal state and then this input SHALL cause the LER to go into Normal state.
begin transmitting a NR(0,0) message.
o A local Lockout of protection input SHALL cause the LER to go into o A local Lockout of protection input SHALL cause the LER to go into
local Unavailable state and begin transmission of a LO(0,0) local Unavailable state and begin transmission of a LO(0,0)
message. message.
o A local Forced switch input SHALL cause the LER to remain in local o A local Forced switch input SHALL cause the LER to remain in local
Protecting administrative state and transmit a FS(1,1) message. Protecting administrative state and transmit a FS(1,1) message.
o A local Signal Fail indication on the protection path SHALL cause o A local Signal Fail indication on the protection path SHALL cause
the LER to go into local Unavailable state (i.e. overriding the MS the LER to go into local Unavailable state and begin transmission
or FS related Protection administrative state) and begin of a SF(0,0) message, if the current state is due to a (local or
transmission of a SF(0,0) message. remote) Manual switch operator command. If the LER is in (local
or remote) Protecting administrative state due to a FS situation,
then the SF on protection SHALL be ignored.
o A local Signal Fail indication on the working path SHALL cause the o A local Signal Fail indication on the working path SHALL cause the
LER to go into local Protecting failure state and begin LER to go into local Protecting failure state and begin
transmitting a SF(1,1) message, if the current state is due to a transmitting a SF(1,1) message, if the current state is due to a
(local or remote) Manual switch operator command. If the LER is (local or remote) Manual switch operator command. If the LER is
in remote Protecting administrative state due to a remote Forced in remote Protecting administrative state due to a remote Forced
Switch command, then this local indication SHALL cause the LER to Switch command, then this local indication SHALL cause the LER to
remain in remote Protecting administrative state and transmit a remain in remote Protecting administrative state and transmit a
SF(1,1) message. If the LER is in local Protecting administrative SF(1,1) message. If the LER is in local Protecting administrative
state due to a local Forced Switch command then this indication state due to a local Forced Switch command then this indication
SHALL be ignored (i.e. the indication should have been blocked by SHALL be ignored (i.e. the indication should have been blocked by
the Local request logic). the Local request logic).
o A local Clear SF when in remote Protecting administrative state o A local Clear SF SHALL clear any local SF condition that may
SHALL clear any local SF condition that may exist. The LER SHALL exist. If in remote Protecting administrative state, the LER
stop transmitting the SF(x,1) message and begin transmitting an SHALL stop transmitting the SF(x,1) message and begin transmitting
NR(0,1) message. an NR(0,1) message.
o A local Manual switch input SHALL be ignored if in remote o A local Manual switch input SHALL be ignored if in remote
Protecting administrative state is due to a remote Forced switch Protecting administrative state is due to a remote Forced switch
command. If the current state is due to a (local or remote) command. If the current state is due to a (local or remote)
Manual switch operator command, it SHALL cause the LER to remain Manual switch operator command, it SHALL cause the LER to remain
in local Protecting administrative state and transmit a MS(1,1) in local Protecting administrative state and transmit a MS(1,1)
message. message.
o All other local inputs SHALL be ignored. o All other local inputs SHALL be ignored.
skipping to change at page 27, line 24 skipping to change at page 27, line 36
switch message then the LER SHALL remain in remote Protecting switch message then the LER SHALL remain in remote Protecting
administrative state and continue transmitting the last message. administrative state and continue transmitting the last message.
If the Protecting administrative state is due to either a local or If the Protecting administrative state is due to either a local or
remote Manual switch then the LER SHALL remain in remote remote Manual switch then the LER SHALL remain in remote
Protecting administrative state (updating the state information Protecting administrative state (updating the state information
with the proper relevant information) and begin transmitting a with the proper relevant information) and begin transmitting a
NR(0,1) message. NR(0,1) message.
o A remote Signal Fail message indicating a failure on the o A remote Signal Fail message indicating a failure on the
protection path SHALL cause the LER to go into remote Unavailable protection path SHALL cause the LER to go into remote Unavailable
state and begin transmitting a NR(0,0) message. It should be state and begin transmitting a NR(0,0) message, if the Protecting
noted that this automatically cancels the current Forced switch or administrative state is due to a Manual switch command. It should
Manual switch command and data traffic is reverted to the working be noted that this automatically cancels the current Manual switch
path. command and data traffic is reverted to the working path.
o A remote Signal Fail message indicating a failure on the working o A remote Signal Fail message indicating a failure on the working
path SHALL be ignored if there is an active local Forced switch path SHALL be ignored if there is an active local Forced switch
command. If the Protecting state is due to a local or remote command. If the Protecting state is due to a local or remote
Manual switch then the LER SHALL go to remote Protecting failure Manual switch then the LER SHALL go to remote Protecting failure
state and begin transmitting a NR(0,1) message. state and begin transmitting a NR(0,1) message.
o A remote Manual switch message SHALL be ignored by the PSC Control o A remote Manual switch message SHALL be ignored by the PSC Control
Logic if in Protecting administrative state due to a local or Logic if in Protecting administrative state due to a local or
remote Forced switch. If in Protecting administrative state due remote Forced switch. If in Protecting administrative state due
skipping to change at page 28, line 15 skipping to change at page 28, line 27
message. If there is a local Signal Fail on the working path, the message. If there is a local Signal Fail on the working path, the
LER SHALL go to local Protecting failure state and begin LER SHALL go to local Protecting failure state and begin
transmitting a SF(1,1) message. transmitting a SF(1,1) message.
o All other remote messages SHALL be ignored. o All other remote messages SHALL be ignored.
4.3.3.4. Protecting failure state 4.3.3.4. Protecting failure state
When the protection mechanism has been triggered and the protection When the protection mechanism has been triggered and the protection
domain has performed a protection switch, the domain is in the domain has performed a protection switch, the domain is in the
protecting failure state. In this state the normal data traffic is protecting failure state. In this state the normal data traffic
transported on the protection path. When an LER is in this state it SHALL be transported on the protection path. When an LER is in this
implies that there was either a local SF condition or received a state it implies that there was either a local SF condition or
remote SF PSC message. The SF condition or message indicated that received a remote SF PSC message. The SF condition or message
the failure is on the working path. indicated that the failure is on the working path.
This state may be overridden by the Unavailable state triggers, i.e. This state may be overridden by the Unavailable state triggers, i.e.
Lockout of Protection or SF on the protection path, or by issuing a Lockout of Protection or SF on the protection path, or by issuing a
FS operator command. This state will be cleared when the SF FS operator command. This state will be cleared when the SF
condition is cleared. In order to prevent flapping due to an condition is cleared. In order to prevent flapping due to an
intermittent fault, the LER SHOULD employ a Wait-to-restore timer to intermittent fault, the LER SHOULD employ a Wait-to-restore timer to
delay return to Normal state until the network has stabilized (see delay return to Normal state until the network has stabilized (see
section 3.5) section 3.5)
The following describe the reaction to local input: The following describe the reaction to local input:
skipping to change at page 29, line 42 skipping to change at page 30, line 6
o If in remote Protecting failure state, a remote Wait-to-Restore o If in remote Protecting failure state, a remote Wait-to-Restore
message SHALL cause the LER to go into remote Wait-to-Restore message SHALL cause the LER to go into remote Wait-to-Restore
state and continue transmission of the current message. state and continue transmission of the current message.
o If in remote Protecting failure state, a remote Do-not-revert o If in remote Protecting failure state, a remote Do-not-revert
message SHALL cause the LER to go into remote Do-not-revert state message SHALL cause the LER to go into remote Do-not-revert state
and continue transmission of the current message. and continue transmission of the current message.
o If in remote Protecting failure state, a remote NR(0,0) SHALL o If in remote Protecting failure state, a remote NR(0,0) SHALL
cause the LER to go to Normal state and transmit an NR(0,0) cause the LER to go to Normal state.
message.
o All other remote messages SHALL be ignored. o All other remote messages SHALL be ignored.
4.3.3.5. Wait-to-restore state 4.3.3.5. Wait-to-restore state
The Wait-to-Restore state is used by the PSC protocol to delay The Wait-to-Restore state is used by the PSC protocol to delay
reverting to the normal state, when recovering from a failure reverting to the Normal state, when recovering from a failure
condition on the working path, for the period of the WTR timer to condition on the working path, for the period of the WTR timer to
allow the recovering failure to stabilize. While in the Wait-to- allow the recovering failure to stabilize. While in the Wait-to-
Restore state the data traffic SHALL continue to be transported on Restore state the data traffic SHALL continue to be transported on
the protection path. The natural transition from the Wait-to-Restore the protection path. The natural transition from the Wait-to-Restore
state to Normal state will occur when the WTR timer expires. state to Normal state will occur when the WTR timer expires.
When in Wait-to-Restore state the following describe the reaction to When in Wait-to-Restore state the following describe the reaction to
local inputs: local inputs:
o A local Lockout of protection command SHALL cause the LER to Stop o A local Lockout of protection command SHALL cause the LER to Stop
skipping to change at page 31, line 15 skipping to change at page 31, line 24
o A remote Signal Fail message for the working path SHALL cause the o A remote Signal Fail message for the working path SHALL cause the
LER to Stop the WTR timer, go into remote Protecting failure LER to Stop the WTR timer, go into remote Protecting failure
state, and begin transmission of a NR(0,1) message. state, and begin transmission of a NR(0,1) message.
o A remote Manual switch message SHALL cause the LER to Stop the WTR o A remote Manual switch message SHALL cause the LER to Stop the WTR
timer, go into remote Protecting administrative state and begin timer, go into remote Protecting administrative state and begin
transmission of a NR(0,1) message. transmission of a NR(0,1) message.
o If the WTR timer is running then a remote NR message SHALL be o If the WTR timer is running then a remote NR message SHALL be
ignored. If the WTR timer is stopped then a remote NR message ignored. If the WTR timer is stopped then a remote NR message
SHALL cause the LER to go into Normal state and begin transmitting SHALL cause the LER to go into Normal state.
a NR(0,0) message.
o All other remote messages SHALL be ignored. o All other remote messages SHALL be ignored.
4.3.3.6. Do-not-revert state 4.3.3.6. Do-not-revert state
Do-not-revert state is a continuation of the Protecting failure Do-not-revert state is a continuation of the Protecting failure
state. When the protection domain is configured for non-revertive state. When the protection domain is configured for non-revertive
behavior. While in Do-not-revert state, data traffic continues to be behavior. While in Do-not-revert state, data traffic SHALL continue
transported on the protection path until the administrator sends a to be transported on the protection path until the administrator
command to revert to the Normal state. It should be noted that there sends a command to revert to the Normal state. It should be noted
is a fundamental difference between this state and Normal - whereas that there is a fundamental difference between this state and Normal
Forced Switch in Normal state actually causes a switch in the - whereas Forced Switch in Normal state actually causes a switch in
transport path used, in Do-not-revert state the Forced switch just the transport path used, in Do-not-revert state the Forced switch
switches the state (to Protecting administrative state) but the just switches the state (to Protecting administrative state) but the
traffic would continue to be transported on the protection path! To traffic would continue to be transported on the protection path! To
revert back to Normal state the administrator SHALL issue a Lockout revert back to Normal state the administrator SHALL issue a Lockout
of protection command followed by a Clear command. of protection command followed by a Clear command.
When in Do-not-revert state the following describe the reaction to When in Do-not-revert state the following describe the reaction to
local input: local input:
o A local Lockout of protection command SHALL cause the LER to go o A local Lockout of protection command SHALL cause the LER to go
into local Unavailable state and begin transmitting a LO(0,0) into local Unavailable state and begin transmitting a LO(0,0)
message. message.
skipping to change at page 39, line 19 skipping to change at page 39, line 19
the letter 'i'. 'i' stands for Ignore, and is an indication to the letter 'i'. 'i' stands for Ignore, and is an indication to
continue with the current behavior. See section 4.3.3. The continue with the current behavior. See section 4.3.3. The
footnotes are listed below the table. footnotes are listed below the table.
Part 1: Local input state machine Part 1: Local input state machine
| OC | LO | SF-P | FS | SF-W | SFc | MS | WTRExp | OC | LO | SF-P | FS | SF-W | SFc | MS | WTRExp
--------+-----+-------+------+------+------+------+------+------- --------+-----+-------+------+------+------+------+------+-------
N | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i N | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
UA:LO:L | N | i | i | i | i | i | i | i UA:LO:L | N | i | i | i | i | i | i | i
UA:P:L | i |UA:LO:L| i | i | i | [5] | i | i UA:P:L | i |UA:LO:L| i |PA:F:L| i | [5] | i | i
UA:LO:R | i |UA:LO:L| [1] | i | [2] | [6] | i | i UA:LO:R | i |UA:LO:L| [1] | i | [2] | [6] | i | i
UA:P:R | i |UA:LO:L|UA:P:L| i | [3] | [6] | i | i UA:P:R | i |UA:LO:L|UA:P:L|PA:F:L| [3] | [6] | i | i
PF:W:L | i |UA:LO:L|UA:P:L|PA:F:L| i | [7] | i | i PF:W:L | i |UA:LO:L|UA:P:L|PA:F:L| i | [7] | i | i
PF:W:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i PF:W:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i
PA:F:L | N |UA:LO:L|UA:P:L| i | i | i | i | i PA:F:L | N |UA:LO:L| i | i | i | i | i | i
PA:M:L | N |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i PA:M:L | N |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i | i | i
PA:F:R | i |UA:LO:L|UA:P:L|PA:F:L| [4] | [8] | i | i PA:F:R | i |UA:LO:L| i |PA:F:L| [4] | [8] | i | i
PA:M:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i PA:M:R | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
WTR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| [9] WTR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| [9]
DNR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i DNR | i |UA:LO:L|UA:P:L|PA:F:L|PF:W:L| i |PA:M:L| i
Part 2: Remote messages state machine Part 2: Remote messages state machine
| LO | SF-P | FS | SF-W | MS | WTR | DNR | NR | LO | SF-P | FS | SF-W | MS | WTR | DNR | NR
--------+-------+------+------+------+------+------+------+------ --------+-------+------+------+------+------+------+------+------
N |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i N |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i
UA:LO:L | i | i | i | i | i | i | i | i UA:LO:L | i | i | i | i | i | i | i | i
UA:P:L | [10] | i | i | i | i | i | i | i UA:P:L | [10] | i | i |PF:W:R| i | i | i | i
UA:LO:R | i | i | i | i | i | i | i | [16] UA:LO:R | i | i | i | i | i | i | i | [16]
UA:P:R |UA:LO:R| i | i | i | i | i | i | [16] UA:P:R |UA:LO:R| i | i |PF:W:R| i | i | i | [16]
PF:W:L | [11] | [12] |PA:F:R| i | i | i | i | i PF:W:L | [11] | [12] |PA:F:R| i | i | i | i | i
PF:W:R |UA:LO:R|UA:P:R|PA:F:R| i | i | [14] | [15] | N PF:W:R |UA:LO:R|UA:P:R|PA:F:R| i | i | [14] | [15] | N
PA:F:L |UA:LO:R|UA:P:R| i | i | i | i | i | i PA:F:L |UA:LO:R| i | i | i | i | i | i | i
PA:M:L |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | i PA:M:L |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | i
PA:F:R |UA:LO:R|UA:P:R| i | i | i | i | i | [17] PA:F:R |UA:LO:R| i | i | i | i | i | i | [17]
PA:M:R |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | N PA:M:R |UA:LO:R|UA:P:R|PA:F:R| [13] | i | i | i | N
WTR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | [18] WTR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | [18]
DNR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i DNR |UA:LO:R|UA:P:R|PA:F:R|PF:W:R|PA:M:R| i | i | i
The following are the footnotes for the table: The following are the footnotes for the table:
[1] Remain in the current state (UA:LO:R) and transmit SF(0,0) [1] Remain in the current state (UA:LO:R) and transmit SF(0,0)
[2] Remain in the current state (UA:LO:R) and transmit SF(1,0) [2] Remain in the current state (UA:LO:R) and transmit SF(1,0)
 End of changes. 46 change blocks. 
97 lines changed or deleted 110 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/