[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]
Versions: 00 01 02 03
Trill WG R. Parameswaran,
INTERNET-DRAFT Brocade Communications, Inc.
Intended Status:Experimental February 23, 2017
Expires: August 27, 2017
TRILL: Parent node Shifts in Tree Construction, Mitigation.
<draft-rp-trill-parent-selection-02.txt>
Abstract
This draft documents a known problem in the Trill tree construction
mechanism and offers two different approaches to solve the problem.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Distribution of this document is unlimited. Comments should be sent
to the authors or the TRILL working group mailing list:
trill@ietf.org.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Terminology and Acronyms.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Table of Contents
1. Introduction...............................................1
2. Tree construction in Trill.................................2
3. Issues with the Trill tree construction algorithm..........2
4. Alternative A - Using the Affinity sub-TLV.................4
5. Alternative B - Variant of the Djikstra SPF algorithm......7
5.1 Choice of the policy function........................11
6. Network wide selection of computation algorithm...........13
7. Relationship to draft-ietf-trill-resilient-trees..........14
8. Security Considerations...................................16
9. IANA Considerations.......................................16
10. Informative References....................................16
1. Introduction.
Trill is a data center technology that uses link-state routing
mechanisms in a layer 2 setting, and serves as a replacement
for spanning-tree. Trill uses trees rooted at pre-determined nodes
as a way to distribute multi-destination traffic. Multi-destination
traffic includes traffic such as layer-2 broadcast frames, unknown
unicast flood frames, and layer 2 traffic with multicast MAC
addresses (collectively referred to as BUM traffic). Multi-destination
traffic is typically hashed onto one of the available trees and sent
over the tree, potentially reaching all nodes in the network (hosts
behind which may own/need the packet in question).
2. Tree construction in Trill.
Tree construction in Trill is defined by [RFC6325], with additional
corrections defined in [RFC7780].
The tree construction mechanism used in Trill codifies
certain tree construction steps which make the resultant trees
very brittle. Specifically, the parent selection mechanism in Trill
causes problems in case of node failures. Trill uses the following rule
- when constructing an SPF tree, if there are multiple possible
parents for a given node (i.e. if multiple upstream nodes can
potentially pull in a given node during SPF, all at the same
cumulative cost, then the parent selection is imposed in the
following manner):
[RFC6325]:
"When building the tree number j, remember all possible
equal cost parents for node N. After calculating the entire 'tree'
(actually, directed graph), for each node N, if N has 'p' parents,
then order the parents in ascending order according to the
7-octet IS-IS ID considered as an unsigned integer, and number them
starting at zero. For tree j, choose N's parent as choice j mod p."
There is an additional correction posted to this in [RFC7780]:
[RFC7780], Section 3.4:
"Section 4.5.1 of [RFC6325] specifies that, when building
distribution tree number j, node (RBridge) N that has multiple
possible parents in the tree is attached to possible parent
number j mod p. Trees are numbered starting with 1, but possible
parents are numbered starting with 0. As a result, if there are
two trees and two possible parents, then in tree 1 parent 1 will
be selected, and in tree 2 parent 0 will be selected.
This is changed so that the selected parent MUST be (j-1) mod p. As
a result, in the case above, tree 1 will select parent 0, and tree 2
will select parent 1. This change is not backward compatible with
[RFC6325]. If all RBridges in a campus do not determine distribution
trees in the same way, then for most topologies, the RPFC will drop
many multi-destination packets before they have been properly
delivered."
3. Issues with the Trill tree construction algorithm.
With this tree construction mechanism in mind,let's look at
the Spine-Leaf topology presented below and consider the
calculation of Tree number 2 in Trill. Assume all the links in the tree
are at the same cost.
A-- --B
/ \ \/ /\
/ \/\ _/_ \
/__ _/\ / \\
// \/ \\
1 2 3
\ | /
\ | /
\ | /
\ | /
\ | /
\ | /
\ |/
C
Assume that in the above topology, when ordered by 7-octet ISIS-id,
1 < 2 < 3 holds and that the root for Tree number 2 is A. Given the
ordered set {1, 2, 3} , these nodes have the following indices (with a
starting index of 0):
Node Index
1 0
2 1
3 2
Given the SPF constraint and that the tree root is A, the parent for
nodes 1,2, and 3 will be A. However, when the SPF algorithm tries to
pull B or C into the tree, we have a choice of parents, namely 1, 2,
or 3.
Given that this is tree 2, the parent will be the one with index
(2-1) mod 3 (which is equal to 1). Hence the parent for node B will be
node 2.
A
/|\
/ | \
/ | \
1 2 3
/\
/ \
B C
However, due to Trill's parent selection algorithm, the sub-tree
rooted at Node 2 will be impacted even if Node 1 or Node 3
go down.
Take the case where Node 1 goes down. Tree 2 must now be
re-computed (this is normal) - but now, when the SPF computation is
underway, when the SPF process tries to pull in B, the list of
potential parents for B now are {2 and 3}. So, after ordering these
by ISIS-Id as {2, 3} (where 2 is considered to be at index of 0 and 3
is considered to be at index 1), for tree 1, we apply Trill's formula
of:
Parent's index = (TreeNumber-1) mod Number_of_parents.
= (2-1) mod 2
= 1 mod 2
= 1 (which is the index of Node 3)
The re-calculated tree now looks as shown below. The shift in
parent nodes (for B) may cause disruption to live traffic in the
network, and is unnecessary in absolute terms because the existing
parent for node B, node 2, was not perturbed in any way.
A
/ \
/ \
/ \
2 3
/\
/ \
B C
Aside from the disruption posed by the change in the tree links,
depending upon how the concerned rbridges stripe vlans/FGLs across
trees and how they may prune these, additional disruption is possible
if the forwarding state on the new parent rbridge is not primed to
match the new tree structure. This churn could simply be avoided
with a better algorithm/approach.
The parent shift issue noted above can be solved in at least two
different ways:
a) by means of the affinity sub-TLV.
b) by means of a network wide policy based parent selection
mechanism.
While the techniques identified in this draft have an immediate
benefit when applied to spine/leaf networks popular in data-center
designs, nothing in either of the approaches outlined below assumes a
spine-leaf network. The techniques outlined below will work on any
connected graph. Furthermore, no symmetry in link-cost is assumed.
4. Alternative A - Using the Affinity sub-TLV.
At a high level, this problem can be solved by having the affected
parent send out an affinity sub-TLV identifying the children for
which it wants to preserve the parent-child relationship, subject to
network events which may change the structure of the tree. The
preferred parent node would send out an affinity sub-TLV with
multiple affinity records, one per child node, listing the
concerned tree number.
It would be sufficient to have a local configuration option (e.g.
a CLI) at one of the nodes which is deemed to be the preferred parent.
In such case, the following steps may provide a way to implement this
proposal:
a. The operator locally configures the preferred parent to indicate
its stickiness in tree construction for a specific tree number
and tree root via the affinity sub-TLV. This can be done before
tree construction if the operator consults the 7 octet ISIS-ID
relative ordering of the concerned nodes and infers upfront which
of the potential parent nodes would become the parent node for a
given set of children on that tree number under the Trill tree
calculation mechanism. The operator assumes the responsibility
of configuring the preferred parent stickiness on only one node
amongst a set of sibling nodes relative to the tree root for
that tree number.
b. The very first tree calculation uses the default Trill specified
parent selection rules. The configured node advertises its parent
preference via the affinity sub-TLV when it completes a normal
Trill specified tree calculation, and finds itself the parent of
multiple child nodes per the calculation. The affinity sub-TLV
must reflect the appropriate tree number and the child nodes for
which the concerned node is a parent node. The affinity sub-TLV
should be published when the tree is deemed to have converged
and it may be necessary to start a timer when triggering the
tree calculation, to track the convergence. Alternately, the
publication of the affinity sub-TLV may be triggered by the
download of the routes to the (L2) RIB, which typically happens
after successful computation of the entire tree (however, see
vii. below).
c. When any change event happens in the network, one which forces a
tree re-calculation for the concerned tree, the configured node
should run through the normal Trill tree calculation agnostic of
the fact that it has published an affinity sub-TLV i.e the
node's own affinity sub-TLV should not be directly used in
establishing parent relationships. During the tree
calculation, if the node turns out to be on the list of potential
parents for some or all of the child nodes for which it
published the affinity sub-TLV (disregarding its possible
exclusion as parent due to 7 octet ISIS ID ordering logic), or
for any other child nodes for which it was not previously a
parent node, then it should react in the following manner:
i. If the node is still a potential parent for some of the
children identified in the existing affinity sub-TLV, it should
start a timer upon whose expiration, the node would intend to
send out an updated affinity sub-TLV identifying the correct
sub-set of children for which the node aspires to continue the
parent relationship. This case would also apply if there are
new child nodes for which the node is now a parent (however,
see the conflicted affinity sub-TLV rules below, and in vii
further below).
For its own tree computation, the node should use itself as
parent in order to pull the set of children identified during
the SPF run into the tree unless another affinity sub-TLV is
seen for the same tree number with an overlap in the set of
child nodes such that the other affinity sub-TLV would win
according to the conflict resolution rules in section 5.3
of [RFC7783]. In such case, this node should not publish
an affinity sub-TLV (and retract it if it is already
published), and honor the other node's affinity sub-TLV
instead.
ii. if the tree structure changes such that it is no longer a
potential parent for any of the child nodes in the advertised
affinity sub-TLV, then it must start a timer upon whose
expiration, it would intend to retract the affinity sub-TLV.
In this case, the default Trill tie-break rule would need to
be used during SPF construction for the vertices that were
children of this node previously.
iii. If there are any additional tree computations while the timer is
running, the timer should be re-started/extended in order to
absorb the interim network events. It is possible that the
intended action at the expiration of the timer may change
meanwhile. The timer needs to be large enough to absorb
multiple network events that may happen due to a change in the
physical state of the network, and yet short enough to
avoid delaying the update of the affinity sub-TLV.
iv. At the expiration of the timer, the existing state of the tree
should be compared with the existing affinity sub-TLV and the
intended change in the status of the affinity sub-TLV is
carried out e.g. an update to the list of children, or a
retraction.
v. Alternately, the above steps (re-examination of the affinity
sub-TLV and update) may be tied to/triggered from the download
of the tree routes to the RIB, since that typically happens
upon a successful computation of the complete tree. An
additional stabilization timer could be used to counteract
back-to-back computations of the tree due to a burst of
network events.
vi. Note that this approach may cause an additional tree computation
at remote nodes once the updated affinity sub-TLV (or lack of
it) is received/perceived, beyond the network events which led
up to the change in the tree.
vii. The preferred parent-node should not originate an affinity
sub-TLV if it sees an affinity sub-TLV from some other node
for the same tree number and for some or all of the same
child-nodes, but only if the other node's affinity sub-TLV would
win using the conflict tie-break rules in section 5.3 of
[RFC7783]. Any existing affinity sub-TLV already published by
this node in such a situation should be retracted.
d. Remote nodes should compute their trees honoring the latest
affinity sub-TLV or the lack thereof, sent from this node.
e. Situations where the node advertising the Affinity sub-TLV dies
or restarts should be handled using the normal handling for such
scenarios relating to the parent Router Capability TLV, and as
specified in [RFC4971].
f. Conflicts in the Affinity sub-TLV from different originators for
the same tree number and child node should be handled as
specified in section 5.3 of [RFC7783].
g. Situations where a link constantly flaps, should be handled
by having the preferred parent node retract the affinity
sub-TLV, if it affects the parent child relationships in
consideration. The long-term state of the affinity sub-TLV can
be monitored by the preferred parent node to see if it is being
published and retracted repeatedly in multiple iterations or
if a specific set of children are being constantly added and
removed. The preferred parent may resume publication of the
affinity sub-TLV once it perceives the network to be stable
again in the future.
If the node is forced to retract its affinity sub-TLV due to a change,
in the tree structure, it can then repeat these steps in a subsequent
tree construction, if the same node becomes a parent again, so long
as it perceives the network to be stable (free of link/node flaps).
In terms of nodes that do not support this algorithm, they are
expected to seamlessly inter-operate with this scheme, so long as
they understand and honor the affinity sub-TLV. The draft assumes
that most implementations now support the affinity sub-TLV.
5. Alternative B - Using a variant of the Djikstra SPF algorithm.
While alternative A may be preferable, there may be another way in
which the same goal can be achieved - the classic SPF algorithm may be
modified to address the above problem. However, this approach should
be regarded as experimental, and is not advocated for use in a
production environment until further evaluation is possible. The
approach requires all nodes in the network to use the same modified
SPF algorithm and same tie-break policy, and may work best in small
sized networks.
When pulling vertices from TENT to PATH, if a given vertex can
can be pulled in by more than one parent at the same optimal cost,
the modified SPF algorithm presented below allows a policy filter to
be placed during the parent selection process, which can identify a
preferred parent for the vertex being pulled in.
Initially, tree computation starts off with the Trill parent
selection rules. For subsequent tree computations, the policy function
references stable snap-shots of the prior tree computation and tries to
match existing parent-child relationships on a best-effort basis.
The algorithm models the SPF algorithm in traditional terms,
referencing two sets of vertices, PATH, and TENT. PATH contains
vertices known to be reachable at optimal cost from the
root vertex v. TENT contains vertices being examined for optimal
reachability. TENT contains satellite information for each vertex,
which is the immediate parent that caused the vertex to be moved into
TENT, and the cost of the link between them. The algorithm is
presented in a pseudocode that is similar in syntax to the 'C'
language.
<CODE BEGINS>
policy_parent_selection_optimized_spf_run(vertex root,
PolicyFunction PF,
Tree PreviousTree)
/* representation of the
* same tree as computed
* in the previous iteration,
* as a reference for the
* policy tie-breaker
* function below.
*/
{
/* L, LL are lists of tuples of the following form */
List<(vertex, parent, link(parent, vertex),
link-cost(parent, vertex))> L, LL;
/* Heap is ordered in ascending order of link-costs */
HEAP tmpHEAP;
/*
* map_vertex2parents_heap maps a vertex to a HEAP of tuples, each
* identifying a parent relationship. The heap is ordered in
* ascending order of link-cost. It also serves as a representation
* of the set TENT.
*/
Mapping map_vertex2parents_heap{vertex -> HEAP of tuples of type
(vertex, parent,
link(parent,vertex)
link-cost(parent, vertex)) };
initialize_to_empty(L);
initialize_to_empty(LL);
initialize_to_empty(map_vertex2parents_heap);
set distance_from_root(root) = 0;
root.in_PATH = TRUE;
for each vertex in graph {
if vertex is not root then {
set distance_from_root(vertex) = infinity;
vertex.in_PATH = FALSE;
}
}
for each link (root,w) that is attached to root {
if (distance_from_root(w) > link-cost(root, w)) {
map_vertex2parents_heap{w}.add_to_heap(
(w, root, link(root,w), link-cost(root,w)));
}
}
/*
* Iterate while there are vertices (tuples) in TENT - TENT is
* realized via map_vertex2parents_heap which is a mapping table
* with each entry of the table representing a (per-vertex) HEAP
* of tuples. Each tuple represents a link i.e. a parent-child
* relationship along with the identity of the link and its
* associated cost.
*/
while (not_empty(map_vertex2parents_heap)) {
/* There may be more than one vertex in TENT at
* minimal cost, and this modified SPF algorithm considers all
* of them simultaneously, processing them as a list, in terms
* of their addition to PATH, and in terms of equally
* considering them parents of as-yet undiscovered vertices
* that may be reachable at the same total cost from members
* of the list.
* priority_heap_minimum_multiple_dequeue_as_list takes the
* heap and returns a list of all the vertices that are at
* minimum cost from v. The list is returned as a list of
* tuples, where each tuple is of the form:
*
* (vertex, parent, link(parent, vertex),
* link-cost(vertex, parent))
*/
initialize_to_empty(tmpHEAP);
/*
* Iterate over the vertices comprising the key-space of
* map_vertex2parents_heap. The minimum from TENT is
* derived in two steps - find the minimum cost for each vertex
* from its potential parents (find the tuples), and then find
* the minimum of the above minimums using a temporary HEAP.
*/
foreach (vertex v in valid-keys(map_vertex2parents_heap)) {
/* tuples of the type
* (vertex, parent,link(vertex, parent),
* link-cost(vertex, parent)) at a minimum cost per hash
* table vertex entry are inserted to tmpHEAP. Each entry
* in tmpHEAP is a tuple.
*/
if (is-empty(map_vertex2parents_heap{v})
continue; /* Move on to the next vertex */
/*
* heap_dequeue_multiple_minimum_as_list() is assumed to
* dequeue multiple entries at the top of the heap, if
* they are all at the same minimum value of the heap
* metric (cumulative reachability cost for this
* application).
*/
tmpHEAP.add_to_heap(heap_dequeue_multiple_minimum_as_list(
map_vertex2parents_heap{v}));
}
L = heap_dequeue_multiple_minimum_as_list(tmpHEAP);
/*
* L is a list of tuples.
* L could potentially have only a single tuple. Iterate over
* tuples in L. Tuples in L are optimally reachable from nodes
* already in PATH.
*/
foreach tuple (y, y_parent, link(y_parent, y),
link-cost(y_parent, y)) in L {
/*
* Identify tuples relating to y's potential parents,
* all leading to optimal reachability for y, collect
* them in LL.
*/
LL =
heap_dequeue_multiple_minimum_as_list(
map_vertex2parents_heap{y});
/*
* Policy function below takes a vertex, and its list of
* eligible parents, and chooses one parent for the vertex.
* It can be simply thought of as a tie-breaker that
* chooses one parent out of the list of eligible parents
* of y, but based on the consideration specified by the
* policy, and being able to do so in a way that
* minimizes tree churn.
*
* ASSUMPTION: Policy Function needs to be able
* to deal with trivial case of the list of eligible
* parents having only one parent, it must select that one
* parent unconditionally in that case for the given child
* node.
*
* PolicyFunction is not explicitly defined here, it may
* take other parameters such as a representation of the
* previous computation of the tree to help it make a
* selection that helps preserve links in the tree as they
* existed prior to this computation.
*/
if (y_parent ==
PolicyFunction(y, LL, PreviousTree, TreeNumber)) {
/*
* if y is allowed by the policy function, it can get
* pulled into PATH here. However, if y is excluded
* at this stage, then it must have another potential
* instance in TENT (but see assumption above), which
* will pull it in thru a different parent -
* correctness of the SPF algorithm guarantees this,
* and this other instance with other parent must be
* in the list L.
*/
y.in_PATH = TRUE;
distance_from_root(y) = distance_from_root(y_parent)
+ link-cost(y_parent,y);
if (y_parent == root)
/* directly connected */
nexthop_link_at_root(y) = link (root ,y);
else
nexthop_link_at_root(y) =
nexthop_link_at_root(y_parent);
/* y is now in PATH.
* identify_vertex_as_parent() is defined further
* down below, it marks y as parent for its
* downstream children, by updating the
* map_vertex2parents_heap entry for nodes
* immediately downstream of y. Note
* that we do not need to iterate over all instances
* of y in LL - this can be done by simply examining
* all links on y and pulling in those not in PATH.
*/
identify_vertex_as_parent(y, map_vertex2parents_heap);
}
}
}
for each vertex w in graph {
if (w is not root) {
print (distance_from_root(w), nexthop_link_at_root(w));
}
}
}
identify_vertex_as_parent(vertex y, Mapping map_vertex2parents_heap)
{
for each link (y,x) that is attached to y {
if (x.in_PATH == FALSE) // Ignore nodes already in PATH.
{
/*
* Routine is only called on vertices y that are already
* in PATH, so child x will be reachable optimally from y.
*
* y is a potential parent of x, because x is optimally
* reachable from y. But we need to see if there are
* other potential parents of x at the same optimal cost,
* the policy function will help pick the right parent,
* during its invocation in the SPF run for x's selection
* into path.
*
*/
if (distance_from_root(x) > (distance_from_root(y)
+ cost(y,x)) {
map_vertex2parents_heap{x}.add_to_heap(x, y, (y,x),
distance_from_root(y)+cost(y,x));
}
}
}
}
<CODE ENDS>
5.1 Choice of the policy function.
In order to solve the discussed problem, the policy function must
preserve parent-child links as they existed in previous stable
(non-transient) computations of the tree and it can do this by
consulting a a stable snapshot of the previous tree computation,
to identify and preserve parent-child relationships in the prior
SPF tree. Text further below discusses how a stable snap-shot of
the tree may be collected.
The policy is applied on a best-effort basis and is consulted
during the normal SPF tree construction mechanism if a given child
node can be pulled in from a choice of multiple parents, and if one
of those parents had pulled in that child node in a previous
stable snap-shot of the tree.
When used in this manner, if a parent node in the previous
tree computation is no longer alive/reachable, it should not be used
as a reference in preserving any parent-child relationships. A
secondary policy or fall-back tie-break may be needed to identify
a parent for a given child in this situation, and this is detailed
below. Also, as noted in the code section, in the case where a child
node has only one parent, the policy function must unconditionally
select that parent node to pull in the child to the SPF tree. The
policy function may also take the tree number as an input
parameter to determine a fallback tie-break.
When the policy function is set up in the manner described above,
it helps maintain parent affinity by explicitly breaking ties
preferentially so that prior parent relationships are maintained in a
new computation of the tree. However, the challenge of synchronizing
the application of the policy across rBridges in the network needs to
be addressed. In order to do this, the following rules may need to be
adhered to when using this approach:
a. The first tree computation is carried out using the Trill
specified tree construction mechanism.
b. So long as the root node for that tree number does not
change physically, the second and subsequent tree computations
for the same tree can use this algorithm and try to feed in a
representation of the previous steady-state tree computation as
a guide to the policy function, subject to the following caveats:
i. if a non-root node that was a parent in a previous computation
is no longer reachable/alive, then the computation should fall
back to the default Trill parent selection rule for the set of
remaining parent candidates and the associated children. Note
that if a sibling of the parent node goes away or changes its
link connectivity, it does not impact the concerned parent's
child relationships.
ii. If a link between a parent node and child node (in the previous
computation of that tree) goes down, then that child alone should
be pulled in to the SPF tree using vertices that are upstream of
it during tree computation, subject to the Trill specified
tie-break rule. Note that this may result in some children being
pulled in through the old parent and some pulled in through a
different node, subject to the Trill tie-break rule.
c. If the root node for that tree number changes to a physically
different node, then the first tree computation for that tree number
with that new tree root should be carried out using the default
Trill parent-selection rules. The second and subsequent computations
can leverage this approach, each feeding in a representation of the
previous stable snap-shot as a reference for the current computation.
d. There may be cases during tree construction with this approach
where more than one parent finds a match in the representation
of the previous tree - in this case the tie should be broken
according to the default Trill parent selection rule. This can
happen, when a node that was a parent in a previous computation
becomes a child node of its former child in the current tree,
due to a link going down, for example. In this case, the
directional nature of the (parent, child) link in the prior
snapshot may need to be ignored while trying to find a match in
the prior snapshot.
e. The policy function must always be given the representation of the
most recent stable snapshot of the prior tree computation for that
tree number. Ideally, a stable snap-shot should reflect a converged
tree state after all recent network churn events have been absorbed.
A timer may be started when any tree computation starts. The timer
would need to be long enough to capture a converged tree state.
Any interim network events received while the timer is running
extend the timer. When the timer expires the tree is deemed to have
converged, and a snap-shot of the tree may be collected.
f. Alternatively, snap-shot collection may be triggered when the tree
routes are being programmed in the RIB, since most implementations
would download routes to the RIB only when the tree calculation has
completed successfully. An additional stabilization timer may be
used, after the RIB trigger, to capture cases where multiple tree
computations run back to back. The snapshot must collect all links
in the tree, reflecting parent child relationships in the tree.
g. To handle situations where a link or node is flapping constantly,
nodes in the network should turn off snap-shot matching on the
child nodes connected to the affected link or node
(if the node happens to be a parent node, then snapshot matching
should be turned of for all the children of that node) and fallback
to default Trill parent selection rules for the affected children.
Nodes in the network may examine parent-child relationships in the
successive collected snapshots to see if a specific sub-tree is
toggling within a pre-configured interval of time.
6. Network wide selection of computation algorithm.
Alternative A does not need any operational change to the
Trill protocol, beyond the usage of the affinity sub-TLV (which is
already in the proposed standard) for the use case identified in
this draft.
For alternative B, this draft takes no position on how rBridges in
the network may negotiate and select the modified algorithm as the
preferred tree computation mechanism at this time.
7. Relationship to draft-ietf-trill-resilient-trees.
Given that both draft-ietf-trill-resilient-trees, and
draft-rp-trill-parent-selection-02 drafts use the affinity sub-TLV,
it is worthwhile to examine if there is any functional overlap
between the two drafts.
At a high level, draft-ietf-trill-resilient-trees relates to link
protection, and defines the notion of a primary distribution tree
and a backup distribution tree (DT), where these trees are
intentionally kept link disjoint to the extent possible, and the
backup tree is pre-programmed in the hardware, and activated either
upfront or upon failure of the primary distribution tree.
On the other hand, draft-rp-trill-parent-selection-02 protects
parent-child relationships of interest on the primary DT, and has
no direct notion of a backup DT.
draft-ietf-trill-resilient-trees considers the following algorithmic
approaches to the building the backup distribution tree (section
numbers listed are from that draft):
1. Pure operator configuration for links on the backup DT/manual
generation of affinity sub-TLV - this is very tedious and unlikely
to scale or be implemented in practice, and hence is disregarded
in the analysis here.
2. Section 3.2.1.1a: Use of MRT algorithms (which will produce conjugate
trees - link disjoint trees with roots for primary and backup trees
that are coincident on the same physical rBridge).
3. Section 3.2.1.1b: Once the primary DT is constructed, the links
used in the primary DT are additively cost re-weighted, and a
second SPF is run to derive the links comprising the backup DT.
Affinity sub-TLV is used to mark links on the back-up DT which are
not also on the primary DT. This approach can handle conjugate
trees as well as non-conjugate trees (link disjoint trees that are
rooted at different physical nodes).
4. Section 3.2.2: A variation on the section 3.2.1.1b approach, but
without affinity sub-TLV advertisement. Once the primary DT is
constructed, costs for links on the primary DT are multiplied by a
fixed multiplier to prevent them from being selected in a
subsequent SPF run, unless there is no other choice, and the
subsequent SPF yields links on the backup DT.
All of the approaches above yield maximally link disjoint trees,
when applied as prescribed.
Approach 4 above does not seem to use affinity sub-TLVs and instead
seems to depend upon a network wide agreement on the alternative
tree computation algorithm being used.
Approaches 2 and 3 use affinity sub-TLV on the backup DT, for links
that are not already on the primary DT. The primary DT does not
appear to use affinity sub-TLVs. Additionally, from an end-to-end
perspective the backup DT comes into picture when the primary DT
fails (this is effectively true even in the 1+1 protection mechanism
and in the local protection case), and then again, only until the
primary DT is recalculated. Once the primary DT is recalculated, the
backup DT is recalculated as well, and can change corresponding to
the new primary DT.
draft-ietf-trill-resilient-trees cannot directly prevent/mitigate a
parent node shift on the primary DT at a given parent node, and while
usage of the affinity sub-TLV on the backup DT might confer a parent
affinity on some nodes on the backup DT, these are not necessarily
the nodes on which the network operator may want/prefer an explicit
parent affinity. Further, the backup DT is only used on a transient
basis, from a forwarding perspective, until the primary DT is
recomputed.
In situations involving a node failure, there is no direct functional
overlap between draft-ietf-trill-resilient-trees, and the
draft-rp-trill-parent-selection-02 draft. The two drafts have different
goals and appear to solve unrelated problems, in this situation.
Sometimes, a parent shift can be triggered by link failure. In a
situation where both drafts are active in the implementation, failure
of a specific link may cause the backup DT to kick in, but when the
primary DT is re-calculated, draft-rp-trill-parent-selection-02 can be
used to preserve parent-child relationships on the primary DT, to the
extent possible, during the re-calculation. So, in this case also,
there does not appear to be a direct functional overlap in the
simultaneous usage of these drafts.
8. Security Considerations.
The proposal primarily influences tree construction and tries to
preserve parent-child relationships in the tree from prior computations
of the same tree, without changing any of operational aspects of the
protocol. Hence, no new security considerations for Trill are raised
by this proposal.
9. IANA Considerations.
No new registry entries are requested to be assigned by IANA. The
Affinity Sub-TLV has been defined in [RFC7176], and this proposal
does not change its semantics in any way.
10. Informative References.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC6325] Perlman, R., Eastlake 3rd, D., Dutt, D., Gai, S., and A.
Ghanwani, "Routing Bridges (RBridges): Base Protocol
Specification", RFC 6325, DOI 10.17487/RFC6325, July 2011,
<http://www.rfc-editor.org/info/rfc6325>.
[RFC7780] - Eastlake 3rd, D., Zhang, M., Perlman, R., Banerjee, A.,
Ghanwani, A., and S. Gupta, "Transparent Interconnection of
Lots of Links (TRILL): Clarifications, Corrections, and
Updates", RFC 7780, DOI 10.17487/RFC7780, February 2016,
<http://www.rfc-editor.org/info/rfc7780>.
[RFC7783] Senevirathne, T., Pathangi, J., Hudson, J., "Coordinated
Multicast Trees (CMT) for Transparent Interconnection of
Lots of Links (TRILL)", RFC 7783, February 2016,
<http://datatracker.ietf.org/doc/rfc7783>
[RFC4971] Vasseur, JP., Shen, N., Aggarwal, R., "Intermediate
System to Intermediate System (IS-IS) Extensions for
Advertising Router Information", RFC 4971, July 2007,
<http://datatracker.ietf.org/doc/rfc4971>
Author's Address:
R. Parameswaran,
Brocade Communications, Inc.
120 Holger Way,
San Jose, CA 95134.
Email: parameswaran.r7@gmail.com
Copyright and IPR Provisions
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. The definitive version of
an IETF Document is that published by, or under the auspices of, the
IETF. Versions of IETF Documents that are published by third parties,
including those that are translated into other languages, should not
be considered to be definitive versions of IETF Documents. The
definitive version of these Legal Provisions is that published by, or
under the auspices of, the IETF. Versions of these Legal Provisions
that are published by third parties, including those that are
translated into other languages, should not be considered to be
definitive versions of these Legal Provisions. For the avoidance of
doubt, each Contributor to the IETF Standards Process licenses each
Contribution that he or she makes as part of the IETF Standards
Process to the IETF Trust pursuant to the provisions of RFC 5378. No
language to the contrary, or terms, conditions or rights that differ
from or are inconsistent with the rights and licenses granted under
RFC 5378, shall have any effect and shall be null and void, whether
published or posted by such Contributor, or included with or in such
Contribution.
Html markup produced by rfcmarkup 1.123, available from
https://tools.ietf.org/tools/rfcmarkup/