Network Working Group                                        R. Papneja
     Internet Draft                                                  Isocore
     Intended status: Informational                               S.Vapiwala
     Expires: March August 2007                                          S.Vapiwala                                          J.Karthik
                                                               Cisco Systems
                                                                 S. Poretsky
                                                                  Reef Point
                                                                      S. Rao
                                                        Qwest Communications
                                                          Jean-Louis Le Roux
                                                              France Telecom
                                                                  October 06
                                                           February 23, 2007

             Methodology for benchmarking MPLS Protection mechanisms
                    <draft-ietf-bmwg-protection-meth-00.txt>
                    <draft-ietf-bmwg-protection-meth-01.txt>

     Status of this Memo

        By submitting this Internet-Draft, each author represents that
        any applicable patent or other IPR claims of which he or she is
        aware have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.

        This document may only be posted in an Internet-Draft.

        Internet-Drafts are working documents of the Internet Engineering
        Task Force (IETF), its areas, and its working groups.  Note that
        other groups may also distribute working documents as Internet-
        Drafts.

        Internet-Drafts are draft documents valid for a maximum of six months
        and may be updated, replaced, or obsoleted by other documents at any
        time.  It is inappropriate to use Internet-Drafts as reference
        material or to cite them other than as "work in progress."

        The list of current Internet-Drafts can be accessed at
             http://www.ietf.org/ietf/1id-abstracts.txt

        The list of Internet-Draft Shadow Directories can be accessed at
             http://www.ietf.org/shadow.html

        This Internet-Draft will expire on August 23, 2007.

     Copyright Notice

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Copyright (C) The IETF Trust (2007).

     Abstract

     This draft provides describes the methodology for benchmarking MPLS Protection
     mechanisms especially the failover time of local for link and node protection (MPLS Fast
     Reroute as defined in RFC-4090). [MPLS-FRR-EXT].
     The failover to a backup tunnel could
     happen at the headend of the primary tunnel or a midpoint  benchmarking  and the backup
     could offer link or node protection. It becomes vital  terminology  [TERM-ID]  are  to benchmark the
     failover time  be  used  for all the cases and combinations. The failover time
     could also greatly differ based on the design and implementation and by
     factors like the number of prefixes carried by the tunnel, the routing
     protocols that installed these prefixes (IGP, BGP...), the number of
     primary tunnels affected by the event that caused the failover, number
     of primary tunnels the backup protects and type of failure, the physical
     media  type  on  which  the  failover  occurs  etc.  All  the  required
     benchmarking criteria  MPLS  based  protection  mechanisms  [MPLS-FRR-EXT].  This
     document provides test methodologies and benchmarking topology required test-bed setup for measuring
     failover time times while considering all dependencies that might impact
     faster recovery of local protection is described Conventions real time services riding on MPLS based primary
     tunnel.  The terms used in the procedures included in this document are
     defined in [TERM-ID].

     The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
     "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
     document are to be interpreted as described in RFC 2119 [RFC2119]. RFC-2119 [RFC-WORDS].

     Table of Contents

        1. Introduction...................................................3
        2. Existing definitions...........................................6
        3. Test Considerations............................................6
           3.1. Failover Events...........................................6
           3.2. Failure Detection [TERMID]................................7 ........................................7
           3.3. Use of Data Traffic for MPLS Protection Benchmarking......7 Benchmarking......8
           3.4. LSP and Route Scaling.....................................8
           3.5. Selection of IGP..........................................8
           3.6. Reversion [TERMID]........................................8 ................................................9
           3.7. Traffic generation........................................9
           3.8. Motivation for topologies.................................9
        4. Test Setup.....................................................9 Setup....................................................10
           4.1. Link Protection with 1 hop primary (from PLR) and 1 hop
           backup........................................................10
           backup........................................................11
           TE tunnels....................................................10 tunnels....................................................11
           4.2. Link Protection with 1 hop primary (from PLR) and 2 hop
           backup TE tunnels.............................................11
           4.3. Link Protection with 2+ hop (from PLR) primary and 1 hop
           backup TE tunnels.............................................11

     Poretsky, Rao, Le Roux
                             Protection Mechanisms tunnels.............................................12
           4.4. Link Protection with 2+ hop (from PLR) primary and 2 hop
           backup TE tunnels.............................................12

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
           4.5. Node Protection with 2 hop primary (from PLR) and 1 hop
           backup TE tunnels.............................................13
           4.6. Node Protection with 2 hop primary (from PLR) and 2 hop
           backup TE tunnels.............................................13 tunnels.............................................14
           4.7. Node Protection with 3+ hop primary (from PLR) and 1 hop
           backup TE tunnels.............................................14 tunnels.............................................15
           4.8. Node Protection with 3+ hop primary (from PLR) and 2 hop
           backup TE tunnels.............................................15
           4.9. Baseline MPLS Forwarding Performance Test Topology.......15
        5. Test Methodology..............................................16
           5.1. Headend as PLR with link failure.........................16 failure.........................17
           5.2. Mid-Point as PLR with link failure.......................17 failure.......................18
           5.3. Headend as PLR with Node failure.........................18 failure.........................19
           5.4. Mid-Point as PLR with Node failure.......................20
           5.5. Baseline MPLS FRR Forwarding Performance Test Cases..........21 Cases...............22
              5.5.1. DUT Throughput PLR as Ingress...........................21 Headend......................................22
              5.5.2. DUT Latency as Ingress..............................21
              5.5.3. DUT Throughput as Egress............................22
              5.5.4. DUT Latency as Egress...............................22
              5.5.5. DUT Throughput as Mid-Point.........................23
              5.5.6. DUT Latency PLR as Mid-Point............................23 Mid-point....................................23
        6. Reporting Format..............................................24
        7. Security Considerations.......................................25
        8. Acknowledgements..............................................25 Acknowledgements..............................................26
        9. References....................................................25 References....................................................26
           9.1. Normative References.....................................25 References.....................................26
           9.2. Informative References...................................26
        10. Author's Address.............................................26 Address...................Error! Bookmark not defined.
        Appendix A: Fast Reroute Scalability Table.......................29 Table.......................30

     1. Introduction

     A

     This  draft  describes  the  methodology  for  benchmarking  MPLS  based
     protection mechanisms. The new terminology that it introduces is defined
     in [TERM-ID].

     MPLS based protection mechanisms provide faster recovery of real time
     services in case of an unplanned link or a node failure could occur at the headend or in the mid point
     node of network
     core, where MPLS is used as a given primary tunnel. The time it takes to failover signaling protocol to setup point-to-point
     traffic engineered tunnels. MPLS based protection mechanisms improve
     service availability by minimizing the
     backup tunnel duration of the most common
     failures.  There  are  generally  two  factors  impacting  service
     availability. One is the frequency and the other is the duration of the
     failure. Unexpected correlated failures are less common. Correlated
     failures mean co-occurrence of two or more failures simultaneously.
     These failures are often observed when two or more logical resources

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
     (for e.g. layer-2 links), relying on a key measurement since common physical resource (for
     e.g. common transport) fail. Common transport may include TDM and WDM
     links providing multiplexing at layer-2 and layer-1. Within the context
     of MPLS protection mechanisms, Shared Risk Link Groups [MPLS-FRR-EXT]
     encompass correlations failures.

     Not all correlated failures can be anticipated in advance of their
     occurrence. Failures due to natural disasters or planned failures are
     the most notable causes. Due to the frequent occurrences of such
     failures, it directly affects is necessary that implementations can handle these faults
     gracefully, and recover the traffic
     carried over services affected by failures very quickly.

     Some  routers  recover  faster  as  compared  to  the tunnel. The failover  others,  hence
     benchmarking this type of failures become very useful. Benchmarking of
     unexpected   correlated   failures   should   include   measurement   of
     restoration with and without the availability of IP fallback. This
     document provides detailed test cases focusing on benchmarking MPLS
     protection mechanisms. Benchmarking of unexpected correlated failures
     is currently out of scope of this document.

     A link or a node failure could occur either at the headend head-end or at the
     midpoint
     mid point node of a primary tunnel. The backup tunnel and could offer either
     link or node protection following a failure along the path of the
     primary tunnel. The time it takes lapsed in transitioning primary tunnel traffic
     to failover depends
     on the backup tunnel is a variety of key measurement that ensures the service level
     agreements. Failover time depends upon many factors like such as the type of physical media, method number
     of FRR
     solution (detour vs facility), prefixes bound to a tunnel, services (such as IGP, BGP, Layer 3/
     Layer 2 VPNs) that are bound to the tunnel, number of primary tunnels, tunnels
     affected by the failure event, number of
     prefixes carried over primary tunnels protected by
     backup, the tunnel etc. Given all this service providers
     certainly like to see a methodology to measure type of failure and the physical media on which the failover time under
     all possible conditions.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

     The  following  sections  describe
     occurs. This document describes all  the different topologies and scenarios
     that should be used and considered to effectively benchmark
     the MPLS protection
     mechanisms and failover  time.  The times. Different failure  triggers,  procedures, scenarios and scaling
     considerations and are also provided in this document. In addition the
     document provides a reporting format of for the results are discussed as
     well.

     In order to observed results.

     To benchmark the failover time, data plane traffic is used as
     mentioned defined in [IGP-METH] since traffic
     [IGP-METH]. Traffic loss is measured the key component in a black-box type test
     and is a widely accepted way used to measure convergence.

     Important point to be noted when benchmarking the failover time is that
     depending on whether PHP is happening (whether or not implicit null is
     advertised by the tail-end), and on the number of hops of primary and
     backup tunnel, we could have different situations where the packets
     switched over to the backup tunnel may have one, more or 0 labels.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

     All the benchmarking test cases mentioned defined in this document could apply to both
     facility backup as well as and local protection enabled in the detour mode. The test
     cases cover all possible failure scenarios and the associated procedures described here should completely
     benchmark the failover time ability of a device under the DUT to perform recovery from failures
     within target failover time.

     Figure 1 represents the basic reference test in all possible
     scenarios bed and configuration.

     The additional scenarios defined in this document, are in addition is applicable to
     those considered in [FRR-METH]. All
     all the test cases enlisted defined in this document
     could be verified in a single topology that document. TG & TA represents Traffic
     Generator & Analyzer respectively. A tester is similar connected to this. the DUT and
     it sends and receives IP traffic along with the working Path, run
     protocol emulations simulating real world peering scenarios.

                   ---------------------------
                 |               ------------|---------------
                 |              |            |               |
                 |              |            |               |
             --------       --------      --------      --------     --------
         TG-|   R1   |-----|   R2   |----|   R3   |    |    R4  |   |  R5    |-TA
            |        |-----|        |----|        |----|        |---|        |
             --------       --------      --------      --------     --------
                   |            |              |           |
                   |            |              |           |
                   |          --------         |           |
                    ---------|   R6   |--------            |
                            |        |--------------------
                             --------

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

                          Fig.1: Fast Reroute Topology.

     In figure 1, TG & TA are Traffic Generator & Analyzer respectively.
     A tester is set outside the node as it sends and receives IP traffic
     along the working Path, run protocol emulations simulating real world
     peering scenarios. The tester MUST record the number of lost packets,
     duplicate packet count, reordered packet count, departure time, and
     arrival time so that the metrics of Failover Time, Additive Latency, and
     Reversion Time can be measured.  The tester may be a single device or a
     test system.

     Two or more failures are considered correlated if those failures occur
     more or less simultaneously. Correlated failures are often expected
     where two or more logical resources, such as layer-2 links, rely on a
     common physical resource, such as common transport. TDM and WDM provide
     multiplexing at layer-2 and layer-1 that are often the cause of
     correlated failures. Where such correlations are known, such as knowing
     that two logical links share a common fiber segment, the expectation of
     a common failure can be compensated for by specifying Shared Risk Link
     Groups [RFC-4090]. Not all correlated failures are anticipated in
     advance of their occurrence. Failures due to natural disasters or due
     to certain man-made disasters or mistakes are the most notable causes.
     Failures of this type occur many times a year and generally a quite
     spectacular failure occurs every few years.

     There are two factors impacting service availability. One is the
     frequency of failure.            |              |           |
                   |            |              |           |
                   |          --------         |           |
                    ---------|   R6   |--------            |
                             |        |--------------------
                              --------

                          Fig.1: Fast Reroute Topology.

     The other is the duration of failure. FRR
     improves availability by minimizing tester MUST record the duration number of the most common
     failures. Unexpected correlated failures are less common. Some routers
     recover much more quickly than others lost, duplicate, and therefore benchmarking this
     type  of  failure  may  also  be  useful.  Benchmarking  of  unexpected
     correlated failures reordered
     packets. It should include measurement of restoration with further record arrival and
     without the availability of IP fallback. departure times so that
     Failover Time, Additive Latency, and Reversion Time can be measured.
     The use BGP free core tester may be
     growing, making the latter case an important a single device or a test case. This document
     focuses on FRR failover benchmarking with MPLS TE. Benchmarking of
     unexpected correlated failures is out of scope but may be covered by system emulating all the
     different roles along a
     later document. primary or backup path.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
     2. Existing definitions

     For the sake of clarity and continuity this RFC adopts the template
     for definitions set out in Section 2 of RFC 1242.  Definitions are
     indexed and grouped together in sections for ease of reference.

     The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
     "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
     this document are to be interpreted as described in RFC 2119.

     The reader is assumed to be familiar with the commonly used MPLS
     terminology, some of which is defined in [MPLS-RSVP], [MPLS-RSVP-TE],
     and [MPLS-FRR-EXT].

     3. Test Considerations

        This section discusses the fundamentals of MPLS Protection testing:

            -The types of network events that causes failover
            -Indications for failover
            -the use of data traffic
            -Traffic generation
            -LSP Scaling
            -Reversion of LSP
            -IGP Selection

      3.1. Failover Events

        Triggers for

        The failover to a the backup tunnel are is primarily triggered by either a
        link and or node failures
        seen observed downstream of the PLR as follows. Point of Local
        repair (PLR). Some of these failure events are listed below.

        Link failure events

            - Interface Shutdown interface on PLR side with POS Alarm
            - Interface Shutdown interface on remote side with POS Alarm
            - Interface Shutdown interface on PLR side with RSVP hello
            - Interface Shutdown interface on remote side with RSVP hello
            - Interface Shutdown interface on PLR side with BFD
            - Interface Shutdown interface on remote side with BFD

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
            - Fiber Pull on the PLR side (Both TX & RX or just the Tx)
            - Fiber Pull on the remote side (Both TX & RX or just the Rx)

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
            - OIR Online insertion and removal (OIR) on PLR side
            - OIR on remote side
            - Sub-interface failure (shutting (e.g. shutting down of a VLAN)
            - Shut parent Parent interface shutdown (an interface bearing multiple sub-interfaces sub-
          interfaces

        Node failure events

        A Reload System reload is initiated either by a graceful shutdown or by a
        power failure. We refer A system crash is referred to Crash as a software failure or
        an assert.

            - Reload protected Node, when RSVP Hello are enable is enabled
            - Crash  Protected Node, when RSVP Hello are is enable
            - Reload Protected Node, when BFD is enable
            - Crash  Protected Node, when BFD is enable

      3.2. Failure Detection [TERMID] [TERM-ID]

        Local failures can be detected via SONET/SDH failure with directly
        connected LSR.  Failure indication may vary with the type of alarm -
        LOS, AIS, or RDI. Failures on Ethernet technology links such as Gigabit Ethernet
        rely upon Layer 3 signaling indication for failure.

        Different MPLS protection mechanisms and different implementations
        use different failure indications detection techniques such as RSVP hellos, BFD
        etc. Ethernet technologies such as Gigabit Ethernet rely upon layer 3
        failure indication mechanisms since there is no Layer 2 failure
        indication mechanism. The failure detection time may not always be
        negligible and it could impact the overall failover time.

        The test procedures in this document can be used against for a local failure  as  well  as  against  a
        or remote failure  to  account scenarios for
        completeness of comprehensive benchmarking and to
        evaluate failover performance independent of the implemented signaling indication mechanism. failure detection
        techniques.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

    3.3. Use of Data Traffic for MPLS Protection Benchmarking

        Customers of service providers

        Currently end customers use packet loss as the a key metric for failover
        time. Packet loss is an externally observable event having and has direct
        impact on customers' application performance. applications.  MPLS protection mechanism is
        expected to minimize the packet loss in the event of a failure. For
        this reason it is important to develop a standard router benchmarking
        methodology for measuring MPLS protection that uses

     Poretsky, Rao, Le Roux
                             Protection Mechanisms measuring MPLS protection that uses packet loss as a
        metric.  At a known rate for of forwarding, packet loss can be measured
        and used to calculate the Failover time. time can be determined. Measurement of control plane
        signaling to establish backup paths is not enough to verify failover.
        Failover is best determined when packets are actually traversing the
        backup path.

        An additional benefit of using packet loss for calculation of
        Failover time is that it enables allows use of a black-box tests to be designed. environment.
        Data traffic can be is offered at line-rate to the device under test (DUT),
        and an emulated network failure event as described above can be is forced to occur, and packet
        loss  can  be is externally measured to calculate the convergence time. Knowledge of DUT architecture is not required.
        There This
        setup is no need to rely on the understanding of the implementation
        details independent of the DUT to get the required test results. architecture.

        In addition, this methodology will consider considers the errored packets in error and
        duplicate packets that could have been generated during the failover
        process. In extreme cases, scenarios, where separate measurement of errored packets in error
        and duplicate packets is difficult, difficult to obtain, these packets could should be
        attributed to lost packets.

      3.4. LSP and Route Scaling

        Failover time performance may vary with the number of established
        primary and backup LSPs tunnels (LSP) and routes learned. installed routes. However the
        procedure outlined here may should be used for any number of LSPs, L, LSPs (L) and
        number of routes protected by PLR, R. PLR(R). Number of L and R must be
        recorded.

      3.5. Selection of IGP

        The underlying IGP could be ISIS-TE or OSPF-TE for the methodology
        proposed here.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

      3.6. Reversion [TERMID] [TERM-ID]

        Fast Reroute provides a method to return or restore a backup path to
        original primary LSP upon recovery from the failure. This is referred
        to as Reversion, which can be implemented as Global Reversion or
        Local Reversion. In all test cases listed here Reversion should not
        produce any packet loss, out of order or duplicate packets. Each of
        the test cases in this methodology document provides a step check to verify
        confirm that there is no packet loss.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

      3.7. Traffic generation

        It is suggested that there be one or more traffic streams as long as
        there is a steady and constant rate of flow for all the streams.  In
        order to monitor the DUT performance for recovery times a set of
        route prefixes should be advertised before traffic is sent. The
        traffic should be configured towards these routes.

        A typical example would be configuring the traffic generator to send
        the traffic to the first, middle and last of the advertised routes.
        (First, middle and last could be decided by the numerically smallest,
        median and the largest respectively of the advertised prefix).
        Generating traffic to all of the prefixes reachable by the protected
        tunnel (probably in a Round-Robin fashion, where the traffic is
        destined to all the prefixes but one prefix at a time in a cyclic
        manner) is not recommended. The reason why traffic generation is not
        recommended in a Round-Robin fashion to all the prefixes, one at a
        time is that if there are many prefixes reachable through the LSP the
        time interval between 2 packets destined to one prefix may be
        significantly high and may be comparable with the failover time being
        measured  which  does  not  aid  in  getting  an  accurate  failover
        measurement.

      3.8. Motivation for topologies

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Given that the label stack is dependent on of the following 3 entities
        it is recommended that the benchmarking of failover time be performed
        on all the 8 topologies enlisted provided in section 4

            - Type of protection (Link Vs Node)

            - # of remaining hops of the primary tunnel from the PLR

            - # of remaining hops of the backup tunnel from the PLR

     4. Test Setup

        Topologies to be used for benchmarking the failover time:

        This section proposes a set of topologies that covers all the
        scenarios for local protection. All of these 8 topologies shown
        (figure 2- figure 9) can be mapped to the master FRR reference topology shown in
        figure 1. Topologies  shown provided in  section sections 4.1 to 4.8 refer to  the  network
        topologies test-
        bed required to benchmark failover time when DUT is configured as a
        PLR either in headend either head-end or midpoint role. The number of labels
        listed below are all w.r.t stack provided
        with each topology is at the PLR.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

        The label stacks shown below each figure in section 4.1 to 4.9
        considers the scenario when PHP is enabled.

        In enabling of Penultimate Hop Popping (PHP).

        Figures 2-9 uses the following network topologies, convention:

        a) HE is Head-End, Head-End

        b) TE is Tail-End, Tail-End

        c) MID is Mid point, point

        d) MP is Merge Point, Point

        e) PLR is Point of Local Repair, Repair

        f) PRI is Primary and

        g) BKP denotes Backup Node

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
      4.1. Link Protection with 1 hop primary (from PLR) and 1 hop backup

             TE tunnels

                -------    -------- PRI  --------
               |  R1   |  |   R2   |    |   R3   |
            TG-|  HE   |--|  MID   |----|    TE  |-TA
               |       |  |  PLR   |----|        |
                -------    -------- BKP  --------
               Figure 2: Represents the setup for section 4.1

            Traffic            No of Labels      No of labels after
                               before failure    failure
            IP TRAFFIC (P-P)             0             0
            Layer3 VPN (PE-PE)     1             1
            Layer3 VPN (PE-P)      2             2
            Layer2 VC (PE-PE)      1             1
            Layer2 VC (PE-P)       2             2
            Mid-point LSPs         0             0

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

      4.2. Link Protection with 1 hop primary (from PLR) and 2 hop backup TE
                     tunnels

                -------      --------      --------
               |  R1   |    |  R2    |    |   R3   |
            TG-|  HE   |    |  MID   |PRI |   TE   |-TA
               |       |----|  PLR   |----|        |
                -------      --------      --------
                                |BKP               |
                                |     --------     |
                                |    |   R6   |    |
                                |----|  BKP   |----|
                                     |   MID  |
                                      --------
              Figure 3: Representing setup for section 4.2

            Traffic            No of Labels      No of labels
                               before failure    after failure

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
            IP TRAFFIC (P-P)       0              1
            Layer3 VPN (PE-PE)     1              2
            Layer3 VPN (PE-P)      2              3
            Layer2 VC (PE-PE)      1              2
            Layer2 VC (PE-P)       2              3
            Mid-point LSPs         0              1

      4.3. Link Protection with 2+ hop (from PLR) primary and 1 hop backup TE
                     tunnels

                --------      --------      --------        --------
               |  R1    |    | R2     |PRI |   R3   |PRI   |   R4   |
            TG-|  HE    |----| MID    |----| MID    |------|   TE   |-TA
               |        |    | PLR    |----|        |      |        |
                --------      -------- BKP  --------        --------
              Figure 4: Representing setup for section 4.3

            Traffic            No of Labels      No of labels

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
                               before failure    after failure

            IP TRAFFIC (P-P)       1                1
            Layer3 VPN (PE-PE)     2                2
            Layer3 VPN (PE-P)      3                3
            Layer2 VC (PE-PE)      2                2
            Layer2 VC (PE-P)       3                3
            Mid-point LSPs         1                1

      4.4. Link Protection with 2+ hop (from PLR) primary and 2 hop backup TE
                     tunnels

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

                --------      -------- PRI  --------  PRI   --------
               |  R1    |    |  R2    |    |   R3   |      |   R4   |
            TG-|   HE   |----| MID    |----|  MID   |------|   TE   |-TA
               |        |    | PLR    |    |        |      |        |
                --------      --------      --------        --------
                             BKP|              |
                                |    --------  |
                                |   |   R6   | |
                                 ---|  BKP   |-
                                    |  MID   |
                                     --------
              Figure 5: Representing the setup for section 4.4

            Traffic            No of Labels      No of labels
                               before failure    after failure

            IP TRAFFIC (P-P)       1              2
            Layer3 VPN (PE-PE)     2              3
            Layer3 VPN (PE-P)      3              4
            Layer2 VC (PE-PE)      2              3
            Layer2 VC (PE-P)       3              4
            Mid-point LSPs         1              2

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

      4.5. Node Protection with 2 hop primary (from PLR) and 1 hop backup TE
                     tunnels

                --------      --------      --------        --------
               |  R1    |    |  R2    |PRI |   R3   | PRI  |   R4   |
            TG-|   HE   |----|  MID   |----|  MID   |------|  TE    |-TA
               |        |    |  PLR   |    |        |      |        |
                --------      --------      --------        --------
                               |BKP                          |
                                -----------------------------
              Figure 6: Representing the setup for section 4.5

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

            Traffic            No of Labels      No of labels
                               before failure    after failure

            IP TRAFFIC (P-P)       1             0
            Layer3 VPN (PE-PE)     2             1
            Layer3 VPN (PE-P)      3             2
            Layer2 VC (PE-PE)      2             1
            Layer2 VC (PE-P)       3             2
            Mid-point LSPs         1             0

      4.6. Node Protection with 2 hop primary (from PLR) and 2 hop backup TE
                     tunnels

                --------      --------      --------      --------
               |  R1    |    |  R2    |    |   R3   |    |   R4   |
            TG-|  HE    |    |  MID   |PRI |  MID   |PRI |  TE    |-TA
               |        |----|  PLR   |----|        |----|        |
                --------      --------      --------      --------
                               |                            |
                            BKP|          --------          |
                               |         |   R6   |         |
                                ---------|  BKP   |---------
                                         |  MID   |
                                          --------
              Figure 7: Representing setup for section 4.6

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

            Traffic            No of Labels      No of labels
                               before failure    after failure

            IP TRAFFIC (P-P)       1             1
            Layer3 VPN (PE-PE)     2             2
            Layer3 VPN (PE-P)      3             3

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
            Layer2 VC (PE-PE)      2             2
            Layer2 VC (PE-P)       3             3
            Mid-point LSPs         1             1

      4.7. Node Protection with 3+ hop primary (from PLR) and 1 hop backup TE
                     tunnels

            --------    -------- PRI -------- PRI -------- PRI --------
           |  R1    |  |  R2    |   |   R3   |   |   R4   |   |   R5   |
        TG-|   HE   |--|  MID   |---| MID    |---|  MP    |---|  TE    |-TA
           |        |  |  PLR   |   |        |   |        |   |        |
            --------    --------     --------     --------     --------
                       BKP|                          |
                           --------------------------
        Figure 8: Representing setup for section 4.7

            Traffic            No of Labels      No of labels
                               before failure    after failure

            IP TRAFFIC (P-P)       1             1
            Layer3 VPN (PE-PE)     2             2
            Layer3 VPN (PE-P)      3             3
            Layer2 VC (PE-PE)      2             2
            Layer2 VC (PE-P)       3             3
            Mid-point LSPs         1             1

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

      4.8.  Node Protection with 3+ hop primary (from PLR) and 2 hop backup
                     TE tunnels

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

            --------     --------     --------     --------     --------
           |  R1    |   |  R2    |   |   R3   |   |   R4   |   |   R5   |
        TG-|  HE    |   |   MID  |PRI|  MID   |PRI|  MP    |PRI|  TE    |-TA
           |        |-- |  PLR   |---|        |---|        |---|        |
            --------     --------     --------     --------     --------
                          BKP|                          |
                             |          --------        |
                             |         |  R6    |       |
                              ---------|  BKP   |-------
                                       |  MID   |
                                        --------
        Figure 9: Representing setup for section 4.8

            Traffic            No of Labels      No of labels
                               before failure    after failure

            IP TRAFFIC (P-P)       1             2
            Layer3 VPN (PE-PE)     2             3
            Layer3 VPN (PE-P)      3             4
            Layer2 VC (PE-PE)      2             3
            Layer2 VC (PE-P)       3             4
            Any
            Mid-point LSPs         1             2

      4.9. Baseline MPLS Forwarding Performance Test Topology

                -------    --------      --------
               |  R1   |  |   R2   |    |   R3   |
               |  HE   |--|  MID   |----|   TE   |
               |       |  |        |    |        |
                -------    --------      --------

        Figure 10: Baseline Forwarding Performance

     Poretsky, Rao, Le Roux
                             Protection Mechanisms             2

     5. Test Methodology

        The procedure described in this section can be applied to all the 8
        base test cases and the associated topologies. The backup as well as
        the primary tunnel are configured to be alike in terms of bandwidth
        usage. In order to benchmark failover with all possible label stack
        depth applicable as seen with current deployments, it is suggested
        that the methodology includes all the scenarios listed here

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
          5.1. Headend as PLR with link failure

          Objective

          To benchmark the MPLS failover time due to Link failure events
          described in section 3.1 experienced by the DUT which is the point
          of local repair (PLR).

           Test Setup

             - select any one topology out of 8 from section 4
             - select overlay technology for FRR test e.g e.g. IGP,VPN,or VC
             - The DUT will also have 2 interfaces connected to the traffic
               Generator/analyzer. (If the node downstream of the PLR is not
               A simulated node, then the Ingress of the tunnel should have
               one link connected to the traffic generator and the node
               downstream to the PLR or the egress of the tunnel should have
               a link connected to the traffic analyzer).

           Test Configuration

            1.  Configure the number of primaries on R2 and the backups on
                 R2 as required by the topology selected.
            2.   Advertise prefixes (as per FRR Scalability table describe in
                 Appendix A) by the tail end.

           Procedure

             1. Establish the primary lsp on R2 required by the topology
                 selected
             2. Establish the backup lsp on R2 required by the selected
                 topology

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
             3. Verify primary and backup lsps are up and that primary is
                 protected
             4. Verify Fast Reroute protection is enabled and ready
             5. Setup traffic streams as described in section 3.7
             6. Send IP traffic at maximum Forwarding Rate to DUT.
             7. Verify traffic switched over Primary LSP.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
             8. Trigger any choice of Link failure as describe in section
                 3.1
             9. Verify that primary tunnel and prefixes gets mapped to
                 backup tunnels
             10. Stop traffic stream and measure the traffic loss.
             11. Failover time is calculated as per defined in section 6,
                 Reporting format.
             12. Start traffic stream again to verify reversion when
                 protected interface comes up. Traffic loss should be 0 due
                 to make before break or reversion.
             13. Enable protected interface that was down (Node in the case
                 of NNHOP)
             14. Verify head-end signals new LSP and protection should be in
                 place again

          5.2. Mid-Point as PLR with link failure

          Objective

          To benchmark the MPLS failover time due to Link failure events
          described in section 3.1 experienced by the device under test which
          is the point of local repair (PLR).

          Test Setup

             - select any one topology out of 8 from section 4
             - select overlay technology for FRR test as Mid-Point lsps
             - The DUT will also have 2 interfaces connected to the traffic
               generator.

          Test Configuration

            1.  Configure the number of primaries on R1 and the backups on
                 R2 as required by the topology selected

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
            2.   Advertise prefixes (as per FRR Scalability table describe in
                 Appendix A) by the tail end.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
           Procedure

             1. Establish the primary lsp on R1 required by the topology
                 selected
             2. Establish the backup lsp on R2 required by the selected
                 topology
             3. Verify primary and backup lsps are up and that primary is
                 protected
             4. Verify Fast Reroute protection
             5. Setup traffic streams as described in section 3.7
             6. Send IP traffic at maximum Forwarding Rate to DUT.
             7. Verify traffic switched over Primary LSP.
             8. Trigger any choice of Link failure as describe in section
                 3.1
             9. Verify that primary tunnel and prefixes gets mapped to
                 backup tunnels
             10. Stop traffic stream and measure the traffic loss.
             11. Failover time is calculated as per defined in section 6,
                 Reporting format.
             12. Start traffic stream again to verify reversion when
                 protected interface comes up. Traffic loss should be 0 due
                 to make before break or reversion
             13. Enable protected interface that was down (Node in the case
                 of NNHOP)
             14. Verify head-end signals new LSP and protection should be in
                 place again

          5.3. Headend as PLR with Node failure

           Objective

          To benchmark the MPLS failover time due to Node failure events
          described in section 3.1 experienced by the device under test which
          is the point of local repair (PLR).

           Test Setup

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

             - select any one topology from section 4.5 to 4.8
             - select overlay technology for FRR test e.g e.g. IGP,VPN,or VC
             - The DUT will also have 2 interfaces connected to the traffic

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
               generator.

           Test Configuration

            1.  Configure the number of primaries on R2 and the backups on
                 R2 as required by the topology selected
            2.   Advertise prefixes (as per FRR Scalability table describe in
                 Appendix A) by the tail end.

           Procedure

             1. Establish the primary lsp on R2 required by the topology
                 selected
             2. Establish the backup lsp on R2 required by the selected
                 topology
             3. Verify primary and backup lsps are up and that primary is
                 protected
             4. Verify Fast Reroute protection
             5. Setup traffic streams as described in section 3.7
             6. Send IP traffic at maximum Forwarding Rate to DUT.
             7. Verify traffic switched over Primary LSP.
             8. Trigger any choice of Node failure as describe in section
                 3.1
             9. Verify that primary tunnel and prefixes gets mapped to
                 backup tunnels
             10. Stop traffic stream and measure the traffic loss.
             11. Failover time is calculated as per defined in section 6,
                 Reporting format.
             12. Start traffic stream again to verify reversion when
                 protected interface comes up. Traffic loss should be 0 due
                 to make before break or reversion
             13. Boot protected Node that was down.
             14. Verify head-end signals new LSP and protection should be in
                 place again

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

          5.4. Mid-Point as PLR with Node failure

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
          Objective

          To benchmark the MPLS failover time due to Node failure events
          described in section 3.1 experienced by the device under test which
          is the point of local repair (PLR).

           Test Setup

             - select any one topology from section 4.5 to 4.8
             - select overlay technology for FRR test as Mid-Point lsps
             - The DUT will also have 2 interfaces connected to the traffic
               generator.

           Test Configuration

            1.  Configure the number of primaries on R1 and the backups on
                 R2 as required by the topology selected
            2.   Advertise prefixes (as per FRR Scalability table describe in
                 Appendix A) by the tail end.

           Procedure

             1. Establish the primary lsp on R1 required by the topology
                 selected
             2. Establish the backup lsp on R2 required by the selected
                 topology
             3. Verify primary and backup lsps are up and that primary is
                 protected
             4. Verify Fast Reroute protection
             5. Setup traffic streams as described in section 3.7
             6. Send IP traffic at maximum Forwarding Rate to DUT.
             7. Verify traffic switched over Primary LSP.
             8. Trigger any choice of Node failure as describe in section
                 3.1
             9. Verify that primary tunnel and prefixes gets mapped to
                 backup tunnels
             10. Stop traffic stream and measure the traffic loss.
             11. Failover time is calculated as per defined in section 6,
                 Reporting format.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
             12. Start traffic stream again to verify reversion when
                 protected interface comes up. Traffic loss should be 0 due
                 to make before break or reversion
             13. Boot protected Node that was down
             14. Verify head-end signals new LSP and protection should be in
                 place again

          5.5. Baseline MPLS FRR Forwarding Performance Test Cases

          For the following MPLS FRR Forwarding Performance Benchmarking
          cases, Test the
          egress must not send an implicit-null label. That is PHP should
          not occur. maximum PPS rate allowed by given hardware

          5.5.1. DUT Throughput PLR as Ingress Headend

               Objective

                To baseline the MPLS Throughput of the DUT acting as an
             Ingress.

                Procedure

                1. Configure the DUT as R1, Ingress and the Tester as R2/R3
             Midpoint and Egress as shown in Figure 10.
                2. Execute benchmark the Throughput benchmarking test, as specified in
             [RFC-BENCH], paragraph 26.1.

                Expected Results:

                The DUT will push a single label onto maximum rate (pps) on the IP packet PLR (as headend)
             over primary FRR LSP and
             forward it to the Tester as an MPLS packet.

          5.5.2. DUT Latency as Ingress

                Objective

                To baseline the MPLS Latency backup lsp.

                Test Setup

             - select any one topology out of the DUT acting as an
             Ingress.

                Procedure

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

                1. Configure the DUT as R1, Ingress and the Tester as R2/R3
             Midpoint and Egress as shown in Figure 10.
                2. Execute the Latency benchmarking test, as specified in
             [RFC-BENCH], paragraph 26.2.

                Expected Results: 8 from section 4
             - select overlay technology for FRR test e.g. IGP,VPN,or VC
             - The DUT will push a single label onto the IP packet and
             forward it also have 2 interfaces connected to the Tester as an MPLS packet.

          5.5.3. DUT Throughput as Egress

                Objective

                To baseline traffic
               Generator/analyzer. (If the MPLS Throughput node downstream of the DUT acting as an
             Egress.

                Procedure

                1. Configure the DUT as R3, Egress and the Tester as R1/R2
             Ingress and Midpoint as shown in Figure 10.
                2. Execute the Throughput benchmarking test, as specified in
             [RFC-BENCH], paragraph 26.1 using MPLS labeled IP packets for PLR is not
               A simulated node, then the offered load.

                Expected Results:

                The DUT will pop a single label from Ingress of the IP packet tunnel should have
               one link connected to the traffic generator and
             forward it the node
               downstream to the Tester as an IP packet.

          5.5.4. DUT Latency as Egress

                Objective

                To baseline PLR or the MPLS Latency egress of the DUT acting as an Egress. tunnel should have
               a link connected to the traffic analyzer).

                Procedure

                  1. Configure Establish the DUT as R3, Egress and primary lsp on R2 required by the Tester as R1/R2
             Ingress
                      topology selected
                  2. Establish the backup lsp on R2 required by the
                      selected topology
                  3. Verify primary and Midpoint as shown in Figure 10. backup lsps are up and that primary
                      is protected
                  4. Verify Fast Reroute protection is enabled and ready

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
                2. Execute the Latency benchmarking test,
                  5. Setup traffic streams as specified described in
             [RFC-BENCH], paragraph 26.2 using MPLS labeled section 3.7
                  6. Send IP packets for traffic at maximum forwarding rate (pps) that
                      the offered load.

                Expected Results:

                The DUT will pop a single label from device under test supports over the IP packet primary LSP
                  7. Record maximum PPS rate forwarded over primary LSP
                  8. Stop traffic stream
                  9. Trigger any choice of Link failure as describe in
                      section 3.1
                  10. Verify that primary tunnel and
             forward it prefixes gets mapped to the Tester as an
                      backup tunnels
                  11. Send IP packet.

          5.5.5. DUT Throughput as Mid-Point

                Objective

                To baseline traffic at maximum forwarding rate (pps) that
                      the MPLS Throughput of device under test supports over the DUT acting primary LSP
                  12. Record maximum PPS rate forwarded over backup LSP

          5.5.2. PLR as a Mid-
             Point.

                Procedure

                1. Configure Mid-point

             To benchmark the DUT as R2, Mid-Point and maximum rate (pps) on the Tester as
             R1/R3 Ingress PLR (as mid-point)
             over primary FRR LSP and Egress as shown in Figure 10.
                2. Execute the Throughput benchmarking test, as specified in
             [RFC-BENCH], paragraph 26.1 using MPLS labeled IP packets backup lsp.

                Test Setup

             - select any one topology out of 8 from section 4
             - select overlay technology for
             the offered load.

                Expected Results: FRR test as Mid-Point lsps
             - The DUT will receive the MPLS labeled packet, swap a single
             MPLS label and forward it also have 2 interfaces connected to the Tester as an MPLS labeled
             packet.

          5.5.6. DUT Latency as Mid-Point

                Objective

                To baseline traffic
               generator.

                Procedure

                  1. Establish the MPLS Latency of primary lsp on R1 required by the DUT acting
                      topology selected
                  2. Establish the backup lsp on R2 required by the
                      selected topology
                  3. Verify primary and backup lsps are up and that primary
                      is protected
                  4. Verify Fast Reroute protection is enabled and ready
                  5. Setup traffic streams as a Mid-
             Point.

                Procedure described in section 3.7

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
                1. Configure
                  6. Send IP traffic at maximum forwarding rate (pps) that
                      the DUT as R2, Mid-Point and device under test supports over the Tester as
             R1/R3 Ingress and Egress primary LSP
                  7. Record maximum PPS rate forwarded over primary LSP
                  8. Stop traffic stream
                  9. Trigger any choice of Link failure as shown describe in Figure
                      section 3.1
                  10.
                2. Execute the Latency benchmarking test, as specified in
             [RFC-BENCH], paragraph 26.2 using MPLS labeled IP packets for
             the offered load.

                Expected Results:

                The DUT will receive the MPLS labeled packet, swap a single
             MPLS label Verify that primary tunnel and forward it prefixes gets mapped to
                      backup tunnels
                  11. Send IP traffic at maximum forwarding rate (pps) that
                      the Tester as an MPLS labeled
             packet. device under test supports over the backup LSP
                  12. Record maximum PPS rate forwarded over backup LSP

     6. Reporting Format

        For each test, it is recommended that the results be reported in the
        following format.

             Parameter                               Units

             IGP used for the test                   ISIS-TE/ OSPF-TE
             Interface types                         Gige,POS,ATM,VLAN etc.
             Packet Sizes offered to the DUT         Bytes
             Forwarding rate                         number of packets
             IGP routes advertised                   number of IGP routes
             RSVP hello timers configured (if any)   milliseconds
             Number of FRR tunnels configured        number of tunnels
             Number of VPN routes in head-end        number of VPN routes
             Number of VC tunnels                    number of VC tunnels
             Number of BGP routes                    number of BGP routes
             Number of mid-point tunnels             number of tunnels
             Number of Prefixes protected by Primary number of prefixes
             Number of LSPs being protected          number of LSPs
             Topology being used                     Section number
             Failure Event                           Event type

             Benchmarks

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
             Minimum failover time                    milliseconds
             Mean failover time                       milliseconds

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
             Maximum failover time                    milliseconds
             Minimum reversion time                   milliseconds
             Mean reversion time                      milliseconds
             Maximum reversion time                   milliseconds

        Failover time suggested above is calculated using one of the
        following
        formula: 2 methods

           1. Packet loss based method: (Numbers of packet drop/rate per second * 1000) milliseconds drop/rate per
             second * 1000) milliseconds

           2. Time based method: Traffic generators provide statistics which
             show the duration of failure in milliseconds based on the when
             the packet loss occurred (interval between non-zero packet loss
             and zero loss).

        Note: If the primary is configured to be dynamic, and if the primary
        is to reroute, make before break should occur from the backup that is
        in use to a new alternate primary. If there is any packet loss seen,
        it should be added to failover time.

     7. IANA Considerations

        This document requires no IANA considerations.

     8. Security Considerations

         Documents of

        Benchmarking activities as described in this type do not directly affect memo are limited to
        technology characterization using controlled stimuli in a laboratory
        environment, with dedicated address space and the security of constraints
        specified in the Internet sections above.

        The benchmarking network topology will be an independent test setup
        and MUST NOT be connected to devices that may forward the test
        traffic into a production network, or of corporate networks as long as misroute traffic to the test
        management network.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Further, benchmarking is not performed on devices or systems connected a "black-box" basis, relying
        solely on measurements observable external to operating the DUT/SUT.

        Special capabilities SHOULD NOT exist in the DUT/SUT specifically
        for benchmarking purposes. Any implications for network security
        arising from the DUT/SUT SHOULD be identical in the lab and in
        production networks.

     8.

        The isolated nature of the benchmarking environments and the fact
        that no special features or capabilities, other than those used in
        operational networks, are enabled on the DUT/SUT requires no
        security considerations specific to the benchmarking process.

     9. Acknowledgements

        We would like to thank Jean Philip Vasseur for his invaluable input
        to the document and Curtis Villamizar for his contribution in suggesting
        text on definition and need for benchmarking Correlated failures.

        Additionally we would like to thank Arun Gandhi, Amrit Hanspal, Karu
        Ratnam and for their input to the document.

     9.

     10. References

      9.1.

      10.1. Normative References

        [MPLS-RSVP]       R. Braden, Ed., et al, "Resource ReSerVation
                          protocol (RSVP) -- version 1 functional
                          specification," RFC2205, September 1999.

        [MPLS-RSVP-TE]    D. Awduche, et al, "RSVP-TE: Extensions to
                          RSVP for LSP Tunnels", RFC3209, December 2001.

        [MPLS-FRR-EXT]   Pan, P., Atlas, A., Swallow, G.,

     Poretsky, Rao, Le Roux
                             Protection Mechanisms "Fast Reroute
                         Extensions to RSVP-TE for LSP Tunnels", RFC 4090.

        [MPLS-ARCH]       Rosen, E., Viswanathan, A. and R. Callon,
                          "Multiprotocol Label Switching Architecture",
                          RFC 3031, January 2001.

        [RFC-BENCH]       Bradner, S. and McQuaid, J., "Benchmarking
                          Methodology for Network Interconnect Devices",
                          RFC 2544.

      9.2.

      10.2. Informative References

        [MPLS-LDP]        Andersson, L., Doolan, P., Feldman, N.,
                          Fredette, A. and B. Thomas, "LDP Specification",
                          RFC 3036, January 2001.

        [RFC-WORDS]      Bradner, S., "Key words for use in RFCs to
                         Indicate Requirement Levels", RFC 2119, March 1997.

        [RFC-IANA]        T. Narten and H. Alvestrand, "Guidelines for
                          Writing an IANA Considerations Section in RFCs",
                          RFC 2434.

        [TERM-ID]        Poretsky, S., Papneja, R., "Benchmarking Terminology
                         for Protection Performance", draft-poretsky-protection-term-
                          00.txt, draft-poretsky-

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
                         protection-term-00.txt, work in progress.

        [MPLS-FRR-EXT]   Pan P., Swollow G., Atlas A., "Fast Reroute
                         Extensions to RSVP-TE for LSP Tunnels, RFC 4090.

         [IGP-METH]      S. Poretsky, B. Imhoff. Imhoff, "Benchmarking Methodology
                         for IGP Data Plane Route Convergence," draft-ietf-
                         bmwg-igp-dataplane-conv-meth-11.txt, Convergence, "draft-ietf-
                         bmwg-igp-dataplane-conv-meth-11.txt, work in
                         progress.

     10.  Author's Address

     11.  Authors' Addresses

        Rajiv Papneja

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Isocore
        12359 Sunrise Valley Drive, STE 100
        Reston, VA 20190
        USA
        Phone: +1 703 860 9273
        Email: rpapneja@isocore.com

        Samir Vapiwala
        Cisco System
        300 Beaver Brook Road
        Boxborough, MA 01719
        USA
        Phone: +1 978 936 1484
        Email: svapiwal@cisco.com

        Jay Karthik
        Cisco System
        300 Beaver Brook Road
        Boxborough, MA 01719
        USA
        Phone: +1 978 936 0533
        Email: jkarthik@cisco.com

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Scott Poretsky
        Reef Point Systems
        8 New England Executive Park
        Burlington, MA 01803
        USA
        Phone: + 1 781 395 5090
        EMail: sporetsky@reefpoint.com

        Shankar Rao
        Qwest Communications,
        950 17th Street
        Suite 1900
        Qwest Communications
        Denver, CO 80210
        USA
        Phone: + 1 303 437 6643
        Email: shankar.rao@qwest.com

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

        Jean-Louis Le Roux
        France Telecom
        2 av Pierre Marzin
        22300 Lannion
        France
        Phone: 00 33 2 96 05 30 20
        Email: jeanlouis.leroux@orange-ft.com

     Full Copyright Statement

        Copyright (C) The Internet Society (2006). IETF Trust (2007).

        This document is subject to the rights, licenses and restrictions
        contained in BCP 78, and except as set forth therein, the authors
        retain all their rights.

     Disclaimer

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        This document and the information contained herein are provided
        on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
        REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY SOCIETY, THE
        IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
        WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
        WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
        ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
        FOR A PARTICULAR PURPOSE.

     Intellectual Property Statement

        The IETF takes no position regarding the validity or scope of any
        Intellectual Property Rights or other rights that might be claimed to
        pertain to the implementation or use of the technology described in
        this document or the extent to which any license under such rights
        might or might not be available; nor does it represent that it has
        made any independent effort to identify any such rights.  Information
        on the procedures with respect to rights in RFC documents can be
        found in BCP 78 and BCP 79.

        Copies of IPR disclosures made to the IETF Secretariat and any
        assurances of licenses to be made available, or the result of an
        attempt made to obtain a general license or permission for the use of
        such proprietary rights by implementers or users of this
        specification can be obtained from the IETF on-line IPR repository at

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        http://www.ietf.org/ipr.

        The IETF invites any interested party to bring to its attention any
        copyrights, patents or patent applications, or other proprietary
        rights that may cover technology that may be required to implement
        this standard.  Please address the information to the IETF at ietf-
        ipr@ietf.org.
        ietf-ipr@ietf.org

     Acknowledgement

        Funding for the RFC Editor function is currently provided by the
        Internet Society.

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        Appendix A: Fast Reroute Scalability Table

        This section provides the recommended numbers for evaluating the
        scalability of fast reroute implementations. It also recommends the
        typical numbers for IGP/VPNv4 Prefixes, LSP Tunnels and VC entries.
        Based on the features supported by the device under test, appropriate
        scaling limits can be used for the test bed.

        A 1. FRR IGP Table

        No of Headend     IGP Prefixes
        TE LSPs
        1                  100
        1                  500
        1                 1000
        1                 2000
        1                 5000
        2(Load Balance)    100
        2(Load Balance)    500
        2(Load Balance)   1000
        2(Load Balance)   2000
        2(Load Balance)   5000
        100                100
        500                500
        1000              1000
        2000              2000

     Poretsky, Rao, Le Roux
                             Protection Mechanisms

        A 2. FRR VPN Table

        No of Headend     VPNv4 Prefixes
        TE LSPs

        1                  100
        1                  500
        1                 1000
        1                 2000
        1                 5000
        1                10000

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        1                20000
        1                  Max
        2(Load Balance)    100
        2(Load Balance)    500
        2(Load Balance)   1000
        2(Load Balance)   2000
        2(Load Balance)   5000
        2(Load Balance)  10000
        2(Load Balance)  20000
        2(Load Balance)    Max

        A 3. FRR Mid-Point LSP Table

        No of Mid-point TE LSps LSPs could be configured at the following
     recommended levels
        100
        500
        1000
        2000
        Max supported number

        A 4.   FRR VC Table

        No of Headend     VC entries
        TE LSPs

        1                 100
        1                 500
        1                1000

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        1                2000
        1                 Max
        100               100
        500               500
        1000             1000
        2000             2000

        Appendix B: Abbreviations

     Poretsky, Rao, Le Roux
                             Protection Mechanisms
        BFD      - Bidirectional Fault Detection
        BGP      - Border Gateway protocol
        CE       - Customer Edge
        DUT      - Device Under Test
        FRR      - Fast Reroute
        IGP      - Interior Gateway Protocol
        IP       - Internet Protocol
        LSP      - Label Switched Path
        MP       - Merge Point
        MPLS     - Multi Protocol Label Switching
        N-Nhop   - Next - Next Hop
        Nhop     - Next Hop
        OIR      - Online Insertion and Removal
        P        - Provider
        PE       - Provider Edge
        PHP      - Penultimate Hop Popping
        PLR      - Point of Local Repair
        RSVP     - Resource reSerVation Protocol
        SRLG     - Shared Risk Link Group
        TA       - Traffic Analyzer
        TE       - Traffic Engineering
        TG       - Traffic Generator
        VC       - Virtual Circuit
        VPN      - Virtual Private Network

     Poretsky, Rao, Le Roux