RFC 9037




Internet Engineering Task Force (IETF)                     B. Varga, Ed.
Request for Comments: 9037                                     J. Farkas
Category: Informational                                         Ericsson
ISSN: 2070-1721                                                 A. Malis
                                                        Malis Consulting
                                                               S. Bryant
                                                  Futurewei Technologies
                                                               June 2021


Deterministic Networking (DetNet) Data Plane: MPLS over IEEE 802.1 Time-
                       Sensitive Networking (TSN)

Abstract



   This document specifies the Deterministic Networking (DetNet) MPLS
   data plane when operating over an IEEE 802.1 Time-Sensitive
   Networking (TSN) sub-network.  This document does not define new
   procedures or processes.  Whenever this document makes statements or
   recommendations, they are taken from normative text in the referenced
   RFCs.

Status of This Memo



   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc9037.

Copyright Notice



   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents



   1.  Introduction
   2.  Terminology
     2.1.  Terms Used in This Document
     2.2.  Abbreviations
   3.  DetNet MPLS Data Plane Overview
   4.  DetNet MPLS Operation over IEEE 802.1 TSN Sub-networks
     4.1.  Functions for DetNet Flow to TSN Stream Mapping
     4.2.  TSN Requirements of MPLS DetNet Nodes
     4.3.  Service Protection within the TSN Sub-network
     4.4.  Aggregation during DetNet Flow to TSN Stream Mapping
   5.  Management and Control Implications
   6.  Security Considerations
   7.  IANA Considerations
   8.  References
     8.1.  Normative References
     8.2.  Informative References
   Acknowledgements

   Authors' Addresses



1.  Introduction



   Deterministic Networking (DetNet) is a service that can be offered by
   a network to DetNet flows.  DetNet provides these flows with low
   packet loss rate and assured maximum end-to-end delivery latency.
   General background and concepts of DetNet can be found in [RFC8655].

   The DetNet architecture decomposes DetNet-related data plane
   functions into two sub-layers: a service sub-layer and a forwarding
   sub-layer.  The service sub-layer is used to provide DetNet service
   protection and reordering.  The forwarding sub-layer is used to
   provide congestion protection (low loss, assured latency, and limited
   reordering) leveraging MPLS Traffic Engineering mechanisms.

   [RFC8964] specifies the DetNet data plane operation for an MPLS-based
   PSN.  MPLS-encapsulated DetNet flows can be carried over network
   technologies that can provide the DetNet-required level of service.
   This document focuses on the scenario where MPLS (DetNet) nodes are
   interconnected by an IEEE 802.1 TSN sub-network.  There is close
   cooperation between the IETF DetNet Working Group and the IEEE 802.1
   Time-Sensitive Networking Task Group (TSN TG).

2.  Terminology



2.1.  Terms Used in This Document



   This document uses the terminology established in the DetNet
   architecture [RFC8655] [RFC8964].  TSN-specific terms are defined in
   the TSN TG of the IEEE 802.1 Working Group.  The reader is assumed to
   be familiar with these documents and their terminology.

2.2.  Abbreviations



   The following abbreviations are used in this document:

   A-Label       Aggregation label; a special case of an S-Label.

   d-CW          DetNet Control Word

   DetNet        Deterministic Networking

   F-Label       Forwarding label that identifies the LSP used by a
                 DetNet flow.

   FRER          Frame Replication and Elimination for Redundancy (TSN
                 function)

   L2            Layer 2

   L3            Layer 3

   LSP           Label Switched Path

   MPLS          Multiprotocol Label Switching

   PREOF         Packet Replication, Elimination, and Ordering Functions

   PSN           Packet Switched Network

   PW            Pseudowire

   RSVP-TE       Resource Reservation Protocol - Traffic Engineering

   S-Label       Service label

   TSN           Time-Sensitive Networking

3.  DetNet MPLS Data Plane Overview



   The basic approach defined in [RFC8964] supports the DetNet service
   sub-layer based on existing PW encapsulations and mechanisms and
   supports the DetNet forwarding sub-layer based on existing MPLS
   Traffic Engineering encapsulations and mechanisms.

   A node operates on a DetNet flow in the DetNet service sub-layer,
   i.e., a node processing a DetNet packet that has the service label
   (S-Label) as the top of stack uses the local context associated with
   that S-Label, for example, a received forwarding label (F-Label), to
   determine what local DetNet operation(s) is applied to that packet.
   An S-Label may be unique when taken from the platform label space
   [RFC3031], which would enable correct DetNet flow identification
   regardless of which input interface or LSP the packet arrives on.
   The service sub-layer functions (i.e., PREOF) use a d-CW.

   The DetNet MPLS data plane builds on MPLS Traffic Engineering
   encapsulations and mechanisms to provide a forwarding sub-layer that
   is responsible for providing resource allocation and explicit routes.
   The forwarding sub-layer is supported by one or more F-Labels.

   DetNet edge/relay nodes are DetNet service sub-layer-aware,
   understand the particular needs of DetNet flows, and provide both
   DetNet service and forwarding sub-layer functions.  They add, remove,
   and process d-CWs, S-Labels, and F-Labels as needed.  MPLS DetNet
   nodes and transit nodes include DetNet forwarding sub-layer
   functions, notable support for explicit routes, and resource
   allocation to eliminate (or reduce) congestion loss and jitter.
   Unlike other DetNet node types, transit nodes provide no service sub-
   layer processing.

   MPLS (DetNet) nodes and transit nodes interconnected by a TSN sub-
   network are the primary focus of this document.  The mapping of
   DetNet MPLS flows to TSN Streams and TSN protection mechanisms are
   covered in Section 4.

4.  DetNet MPLS Operation over IEEE 802.1 TSN Sub-networks



   The DetNet WG collaborates with IEEE 802.1 TSN in order to define a
   common architecture for both Layer 2 and Layer 3 that maintains
   consistency across diverse networks.  Both DetNet MPLS and TSN use
   the same techniques to provide their deterministic service:

   *  Service protection

   *  Resource allocation

   *  Explicit routes

   As described in the DetNet architecture [RFC8655], from the MPLS
   perspective, a sub-network provides a single-hop connection between
   MPLS (DetNet) nodes.  Functions used for resource allocation and
   explicit routes are treated as domain internal functions and do not
   require function interworking across the DetNet MPLS network and the
   TSN sub-network.

   In the case of the service protection function, due to the
   similarities of the DetNet PREOF and TSN FRER functions, some level
   of interworking is possible.  However, such interworking is out of
   scope of this document and left for further study.

   Figure 1 illustrates a scenario where two MPLS (DetNet) nodes are
   interconnected by a TSN sub-network.  Node-1 is single-homed, and
   Node-2 is dual-homed to the TSN sub-network.

      MPLS (DetNet)                 MPLS (DetNet)
         Node-1                        Node-2

      +----------+                  +----------+
   <--| Service* |-- DetNet flow ---| Service* |-->
      +----------+                  +----------+
      |Forwarding|                  |Forwarding|
      +--------.-+    <-TSN Str->   +-.-----.--+
                \      ,-------.     /     /
                 +----[ TSN Sub-]---+     /
                      [ network ]--------+
                       `-------'
   <---------------- DetNet MPLS --------------->

   Note: * no service sub-layer required for transit nodes

        Figure 1: DetNet-Enabled MPLS Network over a TSN Sub-network

   At the time of this writing, the TSN TG of the IEEE 802.1 Working
   Group have defined (and are defining) a number of amendments to
   [IEEE8021Q] that provide zero congestion loss and bounded latency in
   bridged networks.  Furthermore, [IEEE8021CB] defines frame
   replication and elimination functions for reliability that should
   prove both compatible with and useful to DetNet networks.  All these
   functions have to identify flows that require TSN treatment (i.e.,
   applying TSN functions during forwarding).

   TSN capabilities of the TSN sub-network are made available for MPLS
   (DetNet) flows via the protocol interworking function defined in
   Annex C.5 of [IEEE8021CB].  For example, when applied on the TSN edge
   port, it can convert an ingress unicast MPLS (DetNet) flow to use a
   specific Layer 2 multicast destination Media Access Control (MAC)
   address and a VLAN, in order to direct the packet through a specific
   path inside the bridged network.  A similar interworking function
   pair at the other end of the TSN sub-network would restore the packet
   to its original Layer 2 destination MAC address and VLAN.

   The placement of TSN functions depends on the TSN capabilities of the
   nodes along the path.  MPLS (DetNet) nodes may or may not support TSN
   functions.  For a given TSN Stream (i.e., DetNet flow), an MPLS
   (DetNet) node is treated as a Talker or a Listener inside the TSN
   sub-network.

4.1.  Functions for DetNet Flow to TSN Stream Mapping



   Mapping of a DetNet MPLS flow to a TSN Stream is provided via the
   combination of a passive and an active Stream identification function
   that operate at the frame level.  The passive Stream identification
   function is used to catch the MPLS label(s) of a DetNet MPLS flow,
   and the active Stream identification function is used to modify the
   Ethernet header according to the ID of the mapped TSN Stream.

   Clause 6.8 of [IEEEP8021CBdb] defines a Mask-and-Match Stream
   identification function that can be used as a passive function for
   MPLS DetNet flows.

   Clause 6.6 of [IEEE8021CB] defines an Active Destination MAC and a
   VLAN Stream identification function that can replace some Ethernet
   header fields, namely (1) the destination MAC address, (2) the VLAN-
   ID, and (3) priority parameters with alternate values.  Replacement
   is provided for the frame that is passed either down the stack from
   the upper layers or up the stack from the lower layers.

   Active Destination MAC and VLAN Stream identification can be used
   within a Talker to set flow identity or a Listener to recover the
   original addressing information.  It can also be used in a TSN bridge
   that is providing translation as a proxy service for an end system.

4.2.  TSN Requirements of MPLS DetNet Nodes



   This section covers required behavior of a TSN-aware MPLS (DetNet)
   node using a TSN sub-network.  The implementation of TSN packet-
   processing functions must be compliant with the relevant IEEE 802.1
   standards.

   From the TSN sub-network perspective, MPLS (DetNet) nodes are treated
   as a Talker or Listener, which may be (1) TSN-unaware or (2) TSN-
   aware.

   In cases of TSN-unaware MPLS DetNet nodes, the TSN relay nodes within
   the TSN sub-network must modify the Ethernet encapsulation of the
   DetNet MPLS flow (e.g., MAC translation, VLAN-ID setting, sequence
   number addition, etc.) to allow proper TSN-specific handling inside
   the sub-network.  There are no requirements defined for TSN-unaware
   MPLS DetNet nodes in this document.

   MPLS (DetNet) nodes that are TSN-aware can be treated as a
   combination of a TSN-unaware Talker/Listener and a TSN-Relay, as
   shown in Figure 2.  In such cases, the MPLS (DetNet) node must
   provide the TSN sub-network-specific Ethernet encapsulation over the
   link(s) towards the sub-network.

                 MPLS (DetNet)
                     Node
      <---------------------------------->

      +----------+
   <--| Service* |-- DetNet flow ------------------
      +----------+
      |Forwarding|
      +----------+    +---------------+
      |    L2    |    | L2 Relay with |<--- TSN ---
      |          |    | TSN function  |    Stream
      +-----.----+    +--.------.---.-+
             \__________/        \   \______
                                  \_________
       TSN-unaware
        Talker /          TSN-Bridge
        Listener             Relay
                                          <----- TSN Sub-network -----
      <------- TSN-aware Tlk/Lstn ------->

   Note: * no service sub-layer required for transit nodes

              Figure 2: MPLS (DetNet) Node with TSN Functions

   A TSN-aware MPLS (DetNet) node implementation must support the Stream
   identification TSN component for recognizing flows.

   A Stream identification component must be able to instantiate the
   following functions: (1) Active Destination MAC and VLAN Stream
   identification function, (2) Mask-and-Match Stream identification
   function, and (3) the related managed objects in Clause 9 of
   [IEEE8021CB] and [IEEEP8021CBdb].

   A TSN-aware MPLS (DetNet) node implementation must support the
   Sequencing function and the Sequence encode/decode function as
   defined in Clauses 7.4 and 7.6 of [IEEE8021CB] in order for FRER to
   be used inside the TSN sub-network.

   The Sequence encode/decode function must support the Redundancy tag
   (R-TAG) format as per Clause 7.8 of [IEEE8021CB].

   A TSN-aware MPLS (DetNet) node implementation must support the Stream
   splitting function and the Individual recovery function as defined in
   Clauses 7.5 and 7.7 of [IEEE8021CB] in order for that node to be a
   replication or elimination point for FRER.

4.3.  Service Protection within the TSN Sub-network



   TSN Streams supporting DetNet flows may use FRER as defined in Clause
   8 of [IEEE8021CB] based on the loss service requirements of the TSN
   Stream, which is derived from the DetNet service requirements of the
   DetNet mapped flow.  The specific operation of FRER is not modified
   by the use of DetNet and follows [IEEE8021CB].

   FRER function and the provided service recovery is available only
   within the TSN sub-network as the TSN Stream-ID and the TSN sequence
   number are not valid outside the sub-network.  An MPLS (DetNet) node
   represents an L3 border, and as such, it terminates all related
   information elements encoded in the L2 frames.

   As the Stream-ID and the TSN sequence number are paired with similar
   MPLS flow parameters, FRER can be combined with PREOF functions.
   Such service protection interworking scenarios may require moving
   sequence number fields among TSN (L2) and PW (MPLS) encapsulations,
   and they are left for further study.

4.4.  Aggregation during DetNet Flow to TSN Stream Mapping



   Implementation of this document shall use management and control
   information to map a DetNet flow to a TSN Stream.  N:1 mapping
   (aggregating DetNet flows in a single TSN Stream) shall be supported.
   The management or control function that provisions flow mapping shall
   ensure that adequate resources are allocated and configured to
   provide proper service requirements of the mapped flows.

5.  Management and Control Implications



   Information related to DetNet flow and TSN Stream mapping is required
   only for TSN-aware MPLS (DetNet) nodes.  From the data plane
   perspective, there is no practical difference based on the origin of
   flow-mapping-related information (management plane or control plane).

   The following summarizes the set of information that is needed to
   configure DetNet MPLS over TSN:

   *  DetNet MPLS-related configuration information according to the
      DetNet role of the DetNet MPLS node, as per [RFC8964].

   *  TSN-related configuration information according to the TSN role of
      the DetNet MPLS node, as per [IEEE8021Q], [IEEE8021CB], and
      [IEEEP8021CBdb].

   *  Mapping between a DetNet MPLS flow(s) (label information:
      A-Labels, S-Labels, and F-Labels as defined in [RFC8964]) and a
      TSN Stream(s) (as Stream identification information defined in
      [IEEEP8021CBdb]).  Note that managed objects for TSN Stream
      identification can be found in [IEEEP8021CBcv].

   This information must be provisioned per DetNet flow.

   Mappings between DetNet and TSN management and control planes are out
   of scope of this document.  Some of the challenges are highlighted
   below.

   TSN-aware MPLS DetNet nodes are members of both the DetNet domain and
   the TSN sub-network.  Within the TSN sub-network, the TSN-aware MPLS
   (DetNet) node has a TSN-aware Talker/Listener role, so TSN-specific
   management and control plane functionalities must be implemented.
   There are many similarities in the management plane techniques used
   in DetNet and TSN, but that is not the case for the control plane
   protocols.  For example, RSVP-TE and the Multiple Stream Registration
   Protocol (MSRP) behave differently.  Therefore, management and
   control plane design are important aspects of scenarios where mapping
   between DetNet and TSN is required.

   In order to use a TSN sub-network between DetNet nodes, DetNet-
   specific information must be converted to information specific to the
   TSN sub-network.  DetNet flow ID and flow-related parameters/
   requirements must be converted to a TSN Stream ID and stream-related
   parameters/requirements.  Note that, as the TSN sub-network is just a
   portion of the end-to-end DetNet path (i.e., a single hop from the
   MPLS perspective), some parameters (e.g., delay) may differ
   significantly.  Other parameters (like bandwidth) also may have to be
   tuned due to the L2 encapsulation used within the TSN sub-network.

   In some cases, it may be challenging to determine some TSN-Stream-
   related information.  For example, on a TSN-aware MPLS (DetNet) node
   that acts as a Talker, it is quite obvious which DetNet node is the
   Listener of the mapped TSN Stream (i.e., the MPLS next hop).
   However, it may be not trivial to locate the point/interface where
   that Listener is connected to the TSN sub-network.  Such attributes
   may require interaction between control and management plane
   functions and between DetNet and TSN domains.

   Mapping between DetNet flow identifiers and TSN Stream identifiers,
   if not provided explicitly, can be done by a TSN-aware MPLS (DetNet)
   node locally based on information provided for configuration of the
   TSN Stream identification functions (Mask-and-Match Stream
   identification and active Stream identification).

   Triggering the setup/modification of a TSN Stream in the TSN sub-
   network is an example where management and/or control plane
   interactions are required between the DetNet and TSN sub-network.
   TSN-unaware MPLS (DetNet) nodes make such a triggering even more
   complicated as they are fully unaware of the sub-network and run
   independently.

   Configuration of TSN-specific functions (e.g., FRER) inside the TSN
   sub-network is a TSN-domain-specific decision and may not be visible
   in the DetNet domain.  Service protection interworking scenarios are
   left for further study.

6.  Security Considerations



   Security considerations for DetNet are described in detail in
   [DETNET-SECURITY].  General security considerations are described in
   [RFC8655].  Considerations specific to the DetNet MPLS data plane are
   summarized in [RFC8964].  This section considers exclusively security
   considerations that are specific to the DetNet MPLS over TSN sub-
   network scenario.

   The sub-network between DetNet nodes needs to be subject to
   appropriate confidentiality.  Additionally, knowledge of what DetNet/
   TSN services are provided by a sub-network may supply information
   that can be used in a variety of security attacks.  The ability to
   modify information exchanges between connected DetNet nodes may
   result in bogus operations.  Therefore, it is important that the
   interface between DetNet nodes and the TSN sub-network are subject to
   authorization, authentication, and encryption.

   The TSN sub-network operates at Layer 2, so various security
   mechanisms defined by IEEE can be used to secure the connection
   between the DetNet nodes (e.g., encryption may be provided using
   MACsec [IEEE802.1AE-2018]).

7.  IANA Considerations



   This document has no IANA actions.

8.  References



8.1.  Normative References



   [IEEE8021CB]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks -- Frame Replication and Elimination for
              Reliability", IEEE Std 802.1CB-2017,
              DOI 10.1109/IEEESTD.2017.8091139, October 2017,
              <https://ieeexplore.ieee.org/document/8091139>.

   [IEEEP8021CBdb]
              IEEE, "Draft Standard for Local and metropolitan area
              networks -- Frame Replication and Elimination for
              Reliability -- Amendment: Extended Stream Identification
              Functions", IEEE P802.1CBdb / D1.3, April 2021,
              <https://1.ieee802.org/tsn/802-1cbdb/>.

   [RFC3031]  Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
              Label Switching Architecture", RFC 3031,
              DOI 10.17487/RFC3031, January 2001,
              <https://www.rfc-editor.org/info/rfc3031>.

   [RFC8655]  Finn, N., Thubert, P., Varga, B., and J. Farkas,
              "Deterministic Networking Architecture", RFC 8655,
              DOI 10.17487/RFC8655, October 2019,
              <https://www.rfc-editor.org/info/rfc8655>.

   [RFC8964]  Varga, B., Ed., Farkas, J., Berger, L., Malis, A., Bryant,
              S., and J. Korhonen, "Deterministic Networking (DetNet)
              Data Plane: MPLS", RFC 8964, DOI 10.17487/RFC8964, January
              2021, <https://www.rfc-editor.org/info/rfc8964>.

8.2.  Informative References



   [DETNET-SECURITY]
              Grossman, E., Ed., Mizrahi, T., and A. Hacker,
              "Deterministic Networking (DetNet) Security
              Considerations", Work in Progress, Internet-Draft, draft-
              ietf-detnet-security-16, 2 March 2021,
              <https://tools.ietf.org/html/draft-ietf-detnet-security-
              16>.

   [IEEE802.1AE-2018]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks-Media Access Control (MAC) Security", IEEE Std
              802.1AE-2018, DOI 10.1109/IEEESTD.2018.8585421, December
              2018, <https://ieeexplore.ieee.org/document/8585421>.

   [IEEE8021Q]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks -- Bridges and Bridged Networks", IEEE Std
              802.1Q-2018, DOI 10.1109/IEEESTD.2018.8403927, July 2018,
              <https://ieeexplore.ieee.org/document/8403927/>.

   [IEEEP8021CBcv]
              IEEE 802.1, "Draft Standard for Local and metropolitan
              area networks -- Frame Replication and Elimination for
              Reliability -- Amendment: Information Model, YANG Data
              Model and Management Information Base Module", IEEE
              P802.1CBcv, Draft 1.1, February 2021,
              <https://1.ieee802.org/tsn/802-1cbcv/>.

Acknowledgements



   The authors wish to thank Norman Finn, Lou Berger, Craig Gunther,
   Christophe Mangin, and Jouni Korhonen for their various contributions
   to this work.

Authors' Addresses



   Balázs Varga (editor)
   Ericsson
   Budapest
   Magyar Tudosok krt. 11.
   1117
   Hungary

   Email: balazs.a.varga@ericsson.com


   János Farkas
   Ericsson
   Budapest
   Magyar Tudosok krt. 11.
   1117
   Hungary

   Email: janos.farkas@ericsson.com


   Andrew G. Malis
   Malis Consulting

   Email: agmalis@gmail.com


   Stewart Bryant
   Futurewei Technologies

   Email: sb@stewartbryant.com