draft-ietf-mpls-rsvp-ingress-protection-00.txt   draft-ietf-mpls-rsvp-ingress-protection-01.txt 
Internet Engineering Task Force H. Chen, Ed. Internet Engineering Task Force H. Chen, Ed.
Internet-Draft Huawei Technologies Internet-Draft Huawei Technologies
Intended status: Standards Track R. Torvi, Ed. Intended status: Standards Track R. Torvi, Ed.
Expires: September 18, 2014 Juniper Networks Expires: January 4, 2015 Juniper Networks
March 17, 2014 July 3, 2014
Extensions to RSVP-TE for LSP Ingress Local Protection Extensions to RSVP-TE for LSP Ingress Local Protection
draft-ietf-mpls-rsvp-ingress-protection-00.txt draft-ietf-mpls-rsvp-ingress-protection-01.txt
Abstract Abstract
This document describes extensions to Resource Reservation Protocol - This document describes extensions to Resource Reservation Protocol -
Traffic Engineering (RSVP-TE) for locally protecting the ingress node Traffic Engineering (RSVP-TE) for locally protecting the ingress node
of a Traffic Engineered (TE) Label Switched Path (LSP) in a Multi- of a Traffic Engineered (TE) Label Switched Path (LSP) in a Multi-
Protocol Label Switching (MPLS) and Generalized MPLS (GMPLS) network. Protocol Label Switching (MPLS) and Generalized MPLS (GMPLS) network.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 18, 2014. This Internet-Draft will expire on January 4, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 12 skipping to change at page 2, line 12
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Co-authors . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Co-authors . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. An Example of Ingress Local Protection . . . . . . . . . . 3 2.1. An Example of Ingress Local Protection . . . . . . . . . . 3
2.2. Ingress Local Protection with FRR . . . . . . . . . . . . 4 2.2. Ingress Local Protection with FRR . . . . . . . . . . . . 4
3. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 4 3. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 4
3.1. Backup and Source Detect Failure . . . . . . . . . . . . . 4 3.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 4
3.2. Backup Detects Failure . . . . . . . . . . . . . . . . . . 5 3.2. Backup and Source Detect Failure . . . . . . . . . . . . . 5
3.3. Source Detects Failure . . . . . . . . . . . . . . . . . . 5 3.3. Comparing Different Detection Modes . . . . . . . . . . . 5
3.4. Next Hops Detect Failure . . . . . . . . . . . . . . . . . 5 4. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 5
3.5. Comparing Different Detection Modes . . . . . . . . . . . 6 4.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 6
4. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 6 5. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 6
4.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 7 5.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 6
4.2. Forwarding State on Next Hops . . . . . . . . . . . . . . 7 5.1.1. Subobject: Backup Ingress IPv4/IPv6 Address . . . . . 8
5. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 7 5.1.2. Subobject: Ingress IPv4/IPv6 Address . . . . . . . . . 9
5.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 8 5.1.3. Subobject: Traffic Descriptor . . . . . . . . . . . . 9
5.1.1. Subobject: Backup Ingress IPv4/IPv6 Address . . . . . 10 5.1.4. Subobject: Label-Routes . . . . . . . . . . . . . . . 10
5.1.2. Subobject: Ingress IPv4/IPv6 Address . . . . . . . . . 11 6. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 11
5.1.3. Subobject: Traffic Descriptor . . . . . . . . . . . . 11 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1.4. Subobject: Label-Routes . . . . . . . . . . . . . . . 12 6.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 11
6. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 13 6.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 11
6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 13 6.1.3. Comparing Two Methods . . . . . . . . . . . . . . . . 12
6.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 6.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 13
6.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 13 6.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13
6.1.3. Comparing Two Methods . . . . . . . . . . . . . . . . 14 6.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 14
6.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 15 6.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 15
6.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 15 6.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 15
6.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 16 6.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 17
6.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 17 6.3.3. Failure Detection . . . . . . . . . . . . . . . . . . 18
6.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 17 6.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 19
6.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 20 6.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 19
6.3.3. Failure Detection . . . . . . . . . . . . . . . . . . 21 6.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 19
6.4. Merge Point Behavior . . . . . . . . . . . . . . . . . . . 21 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20
6.5. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 22 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
6.5.1. Revert to Primary Ingress . . . . . . . . . . . . . . 22 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.5.2. Global Repair by Backup Ingress . . . . . . . . . . . 23 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 21
7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 11.1. Normative References . . . . . . . . . . . . . . . . . . . 21
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 24 11.2. Informative References . . . . . . . . . . . . . . . . . . 22
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25 A. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
11.1. Normative References . . . . . . . . . . . . . . . . . . . 25
11.2. Informative References . . . . . . . . . . . . . . . . . . 26
A. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 26
1. Co-authors 1. Co-authors
Ning So, Autumn Liu, Alia Atlas, Yimin Shen, Fengman Xu, Mehmet Toy, Ning So, Autumn Liu, Alia Atlas, Yimin Shen, Fengman Xu, Mehmet Toy,
Lei Liu Lei Liu
2. Introduction 2. Introduction
For MPLS LSPs it is important to have a fast-reroute method for For MPLS LSPs it is important to have a fast-reroute method for
protecting its ingress node as well as transit nodes. This is not protecting its ingress node as well as transit nodes. This is not
skipping to change at page 3, line 37 skipping to change at page 3, line 37
Figure 1 shows an example of using a backup P2MP LSP to locally Figure 1 shows an example of using a backup P2MP LSP to locally
protect the ingress of a primary P2MP LSP, which is from ingress R1 protect the ingress of a primary P2MP LSP, which is from ingress R1
to three egresses: L1, L2 and L3. The backup LSP is from backup to three egresses: L1, L2 and L3. The backup LSP is from backup
ingress Ra to the next hops R2 and R4 of ingress R1. ingress Ra to the next hops R2 and R4 of ingress R1.
[R2]******[R3]*****[L1] [R2]******[R3]*****[L1]
* | **** Primary LSP * | **** Primary LSP
* | ---- Backup LSP * | ---- Backup LSP
* / .... BFD Session * / .... BFD Session
* / $ Link * / $ Link
[R1]*******[R4]****[R5]*****[L2] $ ....[R1]*******[R4]****[R5]*****[L2] $
$ . / / * $ : $ $ / / * $
$ . / / * : $ $ / / *
[S] . / / * [S] $ / / *
$ . / / * $ $ / / *
$ ./ / * $ $/ / *
[Ra]----[Rb] [L3] [Ra]----[Rb] [L3]
Figure 1: Backup P2MP LSP for Locally Protecting Ingress Figure 1: Backup P2MP LSP for Locally Protecting Ingress
Source S may send the traffic simultaneously to both primary ingress In normal operations, source S sends the traffic to primary ingress
R1 and backup ingress Ra. R1 imports the traffic into the primary R1. R1 imports the traffic into the primary LSP to egresses L1, L2
LSP. Ra normally does not put the traffic into the backup LSP. and L3.
Ra should be able to detect the failure of R1 and switch the traffic When source S detects the failure of R1, it switches the traffic to
within 10s of ms. The exact method by which Ra does so is out of backup ingress Ra, which imports the traffic from S into the backup
scope. Different options are discussed in this draft. LSP to R1's next hops R2 and R4, where the traffic is merged into the
primary LSP, and then sent to egresses L1, L2 and L3.
When Ra detects the failure of R1, it imports the traffic from S into Source S should be able to detect the failure of R1 and switch the
the backup LSP to R1's next hops R2 and R4, where the traffic is traffic within 10s of ms. The exact method by which S does so is out
merged into the primary LSP, and then sent to egresses L1, L2 and L3. of scope.
Note that the backup egress must be one logical hop away from the Note that the backup ingress must be one logical hop away from the
ingress. A logical hop is a direct link or a tunnel such as a GRE ingress. A logical hop is a direct link or a tunnel such as a GRE
tunnel, over which RSVP-TE messages may be exchanged. tunnel, over which RSVP-TE messages may be exchanged.
2.2. Ingress Local Protection with FRR 2.2. Ingress Local Protection with FRR
Through using the ingress local protection and the FRR, we can Through using the ingress local protection and the FRR, we can
locally protect the ingress node, all the links and the intermediate locally protect the ingress node, all the links and the intermediate
nodes of an LSP. The traffic switchover time is within tens of nodes of an LSP. The traffic switchover time is within tens of
milliseconds whenever the ingress, any of the links and the milliseconds whenever the ingress, any of the links and the
intermediate nodes of the LSP fails. intermediate nodes of the LSP fails.
skipping to change at page 4, line 35 skipping to change at page 4, line 36
The ingress node of the LSP can be locally protected through using The ingress node of the LSP can be locally protected through using
the ingress local protection. All the links and all the intermediate the ingress local protection. All the links and all the intermediate
nodes of the LSP can be locally protected through using the FRR. nodes of the LSP can be locally protected through using the FRR.
3. Ingress Failure Detection 3. Ingress Failure Detection
Exactly how the failure of the ingress (e.g. R1 in Figure 1) is Exactly how the failure of the ingress (e.g. R1 in Figure 1) is
detected is out of scope for this document. However, it is necessary detected is out of scope for this document. However, it is necessary
to discuss different modes for detecting the failure because they to discuss different modes for detecting the failure because they
determine what must be signaled and what is the required behavior for determine what must be signaled and what is the required behavior for
the traffic source, backup ingress, and merge-points. the traffic source and backup ingress.
3.1. Backup and Source Detect Failure 3.1. Source Detects Failure
Source Detects Failure or Source-Detect for short means that the
source is responsible for fast detecting the failure of the primary
ingress of an LSP. The backup ingress is ready to import the traffic
from the source into the backup LSP after the backup LSP is up.
In normal operations, the source sends the traffic to the primary
ingress. When the source detects the failure of the primary ingress,
it switches the traffic to the backup ingress, which delivers the
traffic to the next hops of the primary ingress through the backup
LSP, where the traffic is merged into the primary LSP.
For a P2P LSP, after the primary ingress fails, the backup ingress
must use a method to reliably detect the failure of the primary
ingress before the PATH message for the LSP expires at the next hop
of the primary ingress. After reliably detecting the failure, the
backup ingress sends/refreshes the PATH message to the next hop
through the backup LSP as needed.
After the primary ingress fails, it will not be reachable after
routing convergence. Thus checking whether the primary ingress
(address) is reachable is a possible method.
3.2. Backup and Source Detect Failure
Backup and Source Detect Failure or Backup-Source-Detect for short Backup and Source Detect Failure or Backup-Source-Detect for short
means that both the backup ingress and the source are concurrently means that both the backup ingress and the source are concurrently
responsible for detecting the failures of the primary ingress. responsible for fast detecting the failures of the primary ingress.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. It switches the traffic to the backup ingress when it ingress. It switches the traffic to the backup ingress when it
detects the failure of the primary ingress. detects the failure of the primary ingress.
The backup ingress does not import any traffic from the source into The backup ingress does not import any traffic from the source into
the backup LSP in normal operations. When it detects the failure of the backup LSP in normal operations. When it detects the failure of
the primary ingress, it imports the traffic from the source into the the primary ingress, it imports the traffic from the source into the
backup LSP to the next hops of the primary ingress, where the traffic backup LSP to the next hops of the primary ingress, where the traffic
is merged into the primary LSP. is merged into the primary LSP.
Note that the source may locally distinguish between the failure of Note that the source may locally distinguish between the failure of
the primary ingress and that of the link between the source and the the primary ingress and that of the link between the source and the
primary ingress. When the source detects the failure of the link, it primary ingress. When the source detects the failure of the link, it
may continue to send the traffic to the primary ingress via another may continue to send the traffic to the primary ingress via another
link between the source and the primary ingress if there is one. link between the source and the primary ingress if there is one.
3.2. Backup Detects Failure 3.3. Comparing Different Detection Modes
Backup Detects Failure or Backup-Detect means that the backup ingress
is responsible for detecting the failure of the primary ingress of an
LSP. The source SHOULD send the traffic simultaneously to both the
primary ingress and backup ingress.
The backup ingress does not import any traffic from the source into
the backup LSP in normal operations. When it detects the failure of
the primary ingress, it imports the traffic from the source into the
backup LSP to the next hops of the primary ingress, where the traffic
is merged into the primary LSP.
Note that the backup ingress may locally distinguish between the
failure of the primary ingress and that of the link between the
backup ingress and the primary ingress through two BFDs between the
backup ingress and the primary ingress. One is through the link, and
the other is not. If the first BFD is down and the second is up, the
link fails and the primary ingress does not.
3.3. Source Detects Failure
Source Detects Failure or Source-Detect means that the source is
responsible for detecting the failure of the primary ingress of an
LSP. The backup ingress is ready to import the traffic from the
source into the backup LSP after the backup LSP is up.
In normal operations, the source sends the traffic to the primary
ingress. When the source detects the failure of the primary ingress,
it switches the traffic to the backup ingress, which delivers the
traffic to the next hops of the primary ingress through the backup
LSP, where the traffic is merged into the primary LSP.
3.4. Next Hops Detect Failure
Next Hops Detect Failure or Next-Hop-Detect means that each of the
next hops of the primary ingress of an LSP is responsible for
detecting the failure of the primary ingress.
In normal operations, the source sends the traffic to both the
primary ingress and the backup ingress. Both ingresses deliver the
traffic to the next hops of the primary ingress. Each of the next
hops selects the traffic from the primary ingress and sends the
traffic to the destinations of the LSP.
When each of the next hops detects the failure of the primary
ingress, it switches to receive the traffic from the backup ingress
and then sends the traffic to the destinations.
3.5. Comparing Different Detection Modes
+----------+--------------+----------------+--------+-------------------+
|\_Behavior|Traffic Always|Backup Ingress |Next-Hop|Incorrect Failure |
| \______ |Sent to |Activation of |Select |Detection Cause |
|Detection\|Backup Ingress|Forwarding Entry|Stream |Traffic Duplication|
|Mode | | | |(Ingress does FRR) |
+----------+--------------+----------------+--------+-------------------+
|Backup- | | | | |
|Source- | No | Yes | No | No |
|Detect | | | | |
+----------+--------------+----------------+--------+-------------------+
|Backup- | Yes | Yes | No | Yes |
|Detect | | | | |
+----------+--------------+----------------+--------+-------------------+
|Source- | No | No | No | No |
|Detect | | (Always Active)| | |
+----------+--------------+----------------+--------+-------------------+
|Next-Hop- | Yes | No | Yes |(If Ingress-Next- |
|Detect | | (Always Active)| |Hop link fails, |
| | | | |stream selection |
| | | | |at Next-Next-Hops |
| | | | |can mitigate) |
+----------+--------------+----------------+--------+-------------------+
A primary goal of failure detection and FRR protection is to avoid The source-detect is preferred. It is simpler than the backup-
traffic duplication, particularly along the P2MP. A reasonable source-detect, which needs both the source and the backup ingress
assumption when this ingress protection is in use is that the ingress detect the ingress failaure quickly.
is also trying to provide link and node protection. When the failure
cannot be accurately identified as that of the ingress, this can lead
to the ingress sending traffic on bypass to the next-next-hop(s) for
node-protection while the backup ingress is sending traffic to its
next-hop(s) if Next-Hop-Detect mode is used. RSVP Path messages from
the bypass may help to eventually resolve this by removing the
forwarding entry for receiving the traffic from the next-hop.
4. Backup Forwarding State 4. Backup Forwarding State
Before the primary ingress fails, the backup ingress is responsible Before the primary ingress fails, the backup ingress is responsible
for creating the necessary backup LSPs to the next hops of the for creating the necessary backup LSPs. These LSPs might be multiple
ingress. These LSPs might be multiple bypass P2P LSPs that avoid the bypass P2P LSPs that avoid the ingress. Alternately, the backup
ingress. Alternately, the backup ingress could choose to use a ingress could choose to use a single backup P2MP LSP as a bypass or
single backup P2MP LSP as a bypass or detour to protect the primary detour to protect the primary ingress of a primary P2MP LSP.
ingress of a primary P2MP LSP.
The backup ingress may be off-path or on-path of an LSP. When a The backup ingress may be off-path or on-path of an LSP. When a
backup ingress is not any node of the LSP, we call the backup ingress backup ingress is not any node of the LSP, we call the backup ingress
is off-path. When a backup ingress is a next-hop of the primary is off-path. When a backup ingress is a next-hop of the primary
ingress of the LSP, we call it is on-path. If the backup ingress is ingress of the LSP, we call it is on-path. If the backup ingress is
on-path, the primary forwarding state associated with the primary LSP on-path, the primary forwarding state associated with the primary LSP
SHOULD be clearly separated from the backup LSP(s) state. SHOULD be clearly separated from the backup LSP(s) state.
Specifically in Backup-Detect mode, the backup ingress will receive
traffic from the primary ingress and from the traffic source; only
the former should be forwarded until failure is detected even if the
backup ingress is the only next-hop.
4.1. Forwarding State for Backup LSP 4.1. Forwarding State for Backup LSP
A forwarding entry for a backup LSP is created on the backup ingress A forwarding entry for a backup LSP is created on the backup ingress
after the LSP is set up. Depending on the failure-detection mode after the LSP is set up. Depending on the failure-detection mode
(e.g., source-detect), it may be used to forward received traffic or (e.g., source-detect), it may be used to forward received traffic or
simply be inactive (e.g., backup-detect) until required. In either simply be inactive (e.g., backup-source-detect) until required. In
case, when the primary ingress fails, this forwarding entry is used either case, when the primary ingress fails, this entry is used to
to import the traffic into the backup LSP to the next hops of the import the traffic into the backup LSP to the next hops of the
primary ingress, where the traffic is merged into the primary LSP. primary ingress, where the traffic is merged into the primary LSP.
The forwarding entry for a backup LSP is a local implementation The forwarding entry for a backup LSP is a local implementation
issue. In one device, it may have an inactive flag. This inactive issue. In one device, it may have an inactive flag. This inactive
forwarding entry is not used to forward any traffic normally. When forwarding entry is not used to forward any traffic normally. When
the primary ingress fails, it is changed to active, and thus the the primary ingress fails, it is changed to active, and thus the
traffic from the source is imported into the backup LSP. traffic from the source is imported into the backup LSP.
4.2. Forwarding State on Next Hops
When Next-Hop-Detect is used, a forwarding entry for a backup LSP is
created on each of the next hops of the primary ingress of the LSP.
This forwarding entry does not forward any traffic normally. When
the primary ingress fails, it is used to import/select the traffic
from the backup LSP into the primary LSP.
5. Protocol Extensions 5. Protocol Extensions
A new object INGRESS_PROTECTION is defined for signaling ingress A new object INGRESS_PROTECTION is defined for signaling ingress
local protection. It is backward compatible. local protection. It is backward compatible.
5.1. INGRESS_PROTECTION Object 5.1. INGRESS_PROTECTION Object
The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
message is used to control the backup for protecting the primary message is used to control the backup for protecting the primary
ingress of a primary LSP. The primary ingress MUST insert this ingress of a primary LSP. The primary ingress MUST insert this
skipping to change at page 8, line 14 skipping to change at page 6, line 40
5.1. INGRESS_PROTECTION Object 5.1. INGRESS_PROTECTION Object
The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
message is used to control the backup for protecting the primary message is used to control the backup for protecting the primary
ingress of a primary LSP. The primary ingress MUST insert this ingress of a primary LSP. The primary ingress MUST insert this
object into the PATH message to be sent to the backup ingress for object into the PATH message to be sent to the backup ingress for
protecting the primary ingress. It has the following format: protecting the primary ingress. It has the following format:
Class-Num = TBD C-Type = TBD Class-Num = TBD C-Type = TBD
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (bytes) | Class-Num | C-Type | | Length (bytes) | Class-Num | C-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Secondary LSP ID | Flags | Options | DM | | Secondary LSP ID | Flags | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ (Subobjects) ~ ~ (Subobjects) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Flags Flags
0x01 Ingress local protection available 0x01 Ingress local protection available
0x02 Ingress local protection in use 0x02 Ingress local protection in use
0x04 Bandwidth protection 0x04 Bandwidth protection
Options Options
0x01 Revert to Ingress 0x01 Revert to Ingress
0x02 Ingress-Proxy/Relay-Message 0x02 Ingress-Proxy/Relay-Message
0x04 P2MP Backup 0x04 P2MP Backup
skipping to change at page 8, line 35 skipping to change at page 7, line 14
Flags Flags
0x01 Ingress local protection available 0x01 Ingress local protection available
0x02 Ingress local protection in use 0x02 Ingress local protection in use
0x04 Bandwidth protection 0x04 Bandwidth protection
Options Options
0x01 Revert to Ingress 0x01 Revert to Ingress
0x02 Ingress-Proxy/Relay-Message 0x02 Ingress-Proxy/Relay-Message
0x04 P2MP Backup 0x04 P2MP Backup
DM (Detection Mode)
0x00 Backup-Source-Detect
0x01 Backup-Detect
0x02 Source-Detect
0x03 Next-Hop-Detect
For backward compatible, the two high-order bits of the Class-Num in
the object are set as follows:
o Class-Num = 0bbbbbbb for the object in a message not on LSP path.
The entire message should be rejected and an "Unknown Object
Class" error returned.
o Class-Num = 10bbbbbb for the object in a message on LSP path. The
node should ignore the object, neither forwarding it nor sending
an error message.
The Secondary LSP ID in the object is an LSP ID that the primary The Secondary LSP ID in the object is an LSP ID that the primary
ingress has allocated for a protected LSP tunnel. The backup ingress ingress has allocated for a protected LSP tunnel. The backup ingress
will use this LSP ID to set up a new LSP from the backup ingress to will use this LSP ID to set up a new LSP from the backup ingress to
the destinations of the protected LSP tunnel. This allows the new the destinations of the protected LSP tunnel. This allows the new
LSP to share resources with the old one. LSP to share resources with the old one.
The flags are used to communicate status information from the backup The flags are used to communicate status information from the backup
ingress to the primary ingress. ingress to the primary ingress.
o Ingress local protection available: The backup ingress sets this o Ingress local protection available: The backup ingress sets this
skipping to change at page 9, line 46 skipping to change at page 8, line 11
o Ingress-Proxy/Relay-Message: This option is set to one indicating o Ingress-Proxy/Relay-Message: This option is set to one indicating
that Ingress-Proxy method is used. It is set to zero indicating that Ingress-Proxy method is used. It is set to zero indicating
that Relay-Message method is used. that Relay-Message method is used.
o P2MP Backup: This option is set to ask for the backup ingress to o P2MP Backup: This option is set to ask for the backup ingress to
use P2MP backup LSP to protect the primary ingress. Note that one use P2MP backup LSP to protect the primary ingress. Note that one
spare bit of the flags in the FAST-REROUTE object can be used to spare bit of the flags in the FAST-REROUTE object can be used to
indicate whether P2MP or P2P backup LSP is desired for protecting indicate whether P2MP or P2P backup LSP is desired for protecting
an ingress and intermediate node. an ingress and intermediate node.
The DM (Detection Mode) is used by the primary ingress to specify a
desired failure detection mode.
o Backup-Source-Detect (0x00): The backup ingress and the source are
concurrently responsible for detecting the failure involving the
primary ingress and redirecting the traffic.
o Backup-Detect (0x01): The backup ingress is responsible for
detecting the failure and redirecting the traffic.
o Source-Detect (0x02): The source is responsible for detecting the
failure and redirecting the traffic.
o Next-Hop-Detect (0x03): The next hops of the primary ingress are
responsible for detecting the failure and selecting the traffic.
The INGRESS_PROTECTION object may contain some of the sub objects The INGRESS_PROTECTION object may contain some of the sub objects
described below. described below.
5.1.1. Subobject: Backup Ingress IPv4/IPv6 Address 5.1.1. Subobject: Backup Ingress IPv4/IPv6 Address
When the primary ingress of a protected LSP sends a PATH message with When the primary ingress of a protected LSP sends a PATH message with
an INGRESS_PROTECTION object to the backup ingress, the object may an INGRESS_PROTECTION object to the backup ingress, the object may
have a Backup Ingress IPv4/IPv6 Address sub object containing an have a Backup Ingress IPv4/IPv6 Address sub object containing an
IPv4/IPv6 address belonging to the backup ingress. The formats of IPv4/IPv6 address belonging to the backup ingress. The formats of
the sub object for Backup Ingress IPv4/IPv6 Address is given below: the sub object for Backup Ingress IPv4/IPv6 Address is given below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zeros) | | Type | Length | Reserved (zeros) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 address | | IPv4 address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD-1 Backup Ingress IPv4 Address Type: TBD-1 Backup Ingress IPv4 Address
Length: Total length of the subobject in bytes, including Length: Total length of the subobject in bytes, including
the Type and Length fields. The Length is always 8. the Type and Length fields. The Length is always 8.
Reserved: Reserved two bytes are set to zeros. Reserved: Reserved two bytes are set to zeros.
IPv4 address: A 32-bit unicast, host address. IPv4 address: A 32-bit unicast, host address.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zeros) | | Type | Length | Reserved (zeros) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ IPv6 address (16 bytes) ~ ~ IPv6 address (16 bytes) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD-2 Backup Ingress IPv6 Address Type: TBD-2 Backup Ingress IPv6 Address
Length: Total length of the subobject in bytes, including Length: Total length of the subobject in bytes, including
the Type and Length fields. The Length is always 20. the Type and Length fields. The Length is always 20.
Reserved: Reserved two bytes are set to zeros. Reserved: Reserved two bytes are set to zeros.
IPv6 address: A 128-bit unicast, host address. IPv6 address: A 128-bit unicast, host address.
5.1.2. Subobject: Ingress IPv4/IPv6 Address 5.1.2. Subobject: Ingress IPv4/IPv6 Address
The INGRESS_PROTECTION object in a PATH message from the primary The INGRESS_PROTECTION object may have an Ingress IPv4/IPv6 Address
ingress to the backup ingress may have an Ingress IPv4/IPv6 Address
sub object containing an IPv4/IPv6 address belonging to the primary sub object containing an IPv4/IPv6 address belonging to the primary
ingress. The sub object has the following format: ingress. The sub object has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zeros) | | Type | Length | Reserved (zeros) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 address | | IPv4 address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD-3 Ingress IPv4 Address Type: TBD-3 Ingress IPv4 Address
Length: Total length of the subobject in bytes, including Length: Total length of the subobject in bytes, including
the Type and Length fields. The Length is always 8. the Type and Length fields. The Length is always 8.
Reserved: Reserved two bytes are set to zeros. Reserved: Reserved two bytes are set to zeros.
IPv4 address: A 32-bit unicast, host address. IPv4 address: A 32-bit unicast, host address.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zeros) | | Type | Length | Reserved (zeros) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ IPv6 address (16 bytes) ~ ~ IPv6 address (16 bytes) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD-4 Backup Ingress IPv6 Address Type: TBD-4 Backup Ingress IPv6 Address
Length: Total length of the subobject in bytes, including Length: Total length of the subobject in bytes, including
the Type and Length fields. The Length is always 20. the Type and Length fields. The Length is always 20.
Reserved: Reserved two bytes are set to zeros. Reserved: Reserved two bytes are set to zeros.
IPv6 address: A 128-bit unicast, host address. IPv6 address: A 128-bit unicast, host address.
5.1.3. Subobject: Traffic Descriptor 5.1.3. Subobject: Traffic Descriptor
The INGRESS_PROTECTION object in a PATH message from the primary The INGRESS_PROTECTION object may have a Traffic Descriptor sub
ingress to the backup ingress may have a Traffic Descriptor sub
object describing the traffic to be mapped to the backup LSP on the object describing the traffic to be mapped to the backup LSP on the
backup ingress for locally protecting the primary ingress. The sub backup ingress for locally protecting the primary ingress. The sub
object has the following format: object has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zeros) | | Type | Length | Reserved (zeros) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Traffic Element 1 | | Traffic Element 1 |
skipping to change at page 15, line 7 skipping to change at page 13, line 7
+-------+-----------+------+--------+-----------------+---------+ +-------+-----------+------+--------+-----------------+---------+
|Relay- | No |Yes | No | No | Yes- | |Relay- | No |Yes | No | No | Yes- |
|Message| | | | | | |Message| | | | | |
+-------+-----------+------+--------+-----------------+---------+ +-------+-----------+------+--------+-----------------+---------+
|Proxy- | Yes |Yes- | Yes | Yes | Yes | |Proxy- | Yes |Yes- | Yes | Yes | Yes |
|Ingress| | | | | | |Ingress| | | | | |
+-------+-----------+------+--------+-----------------+---------+ +-------+-----------+------+--------+-----------------+---------+
6.2. Ingress Behavior 6.2. Ingress Behavior
The primary ingress must be configured with four pieces of The primary ingress must be configured with two or three pieces of
information for ingress protection. information for ingress protection.
o Backup Ingress Address: The primary ingress must know an IP o Backup Ingress Address: The primary ingress must know an IP
address for it to be included in the INGRESS-PROTECTION object. address for it to be included in the INGRESS-PROTECTION object.
o Failure Detection Mode: The primary ingress must know what failure
detection mode is to be used: Backup-Source-Detect, Backup-Detect,
Source-Detect, or Next-Hop-Detect.
o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The
Proxy-Ingress-Id is only used in the Record Route Object for Proxy-Ingress-Id is only used in the Record Route Object for
recording the proxy-ingress. If no proxy-ingress-id is specified, recording the proxy-ingress. If no proxy-ingress-id is specified,
then a local interface address that will not otherwise be included then a local interface address that will not otherwise be included
in the Record Route Object can be used. A similar technique is in the Record Route Object can be used. A similar technique is
used in [RFC4090 Sec 6.1.1]. used in [RFC4090 Sec 6.1.1].
o Application Traffic Identifier: The primary ingress and backup o Application Traffic Identifier: The primary ingress and backup
ingress must both know what application traffic should be directed ingress must both know what application traffic should be directed
into the LSP. If a list of prefixes in the Traffic Descriptor into the LSP. If a list of prefixes in the Traffic Descriptor
skipping to change at page 15, line 52 skipping to change at page 13, line 48
1. Select a PATH message. 1. Select a PATH message.
2. If the backup ingress is off-path, then send the backup ingress a 2. If the backup ingress is off-path, then send the backup ingress a
PATH message with the content from the selected PATH message and PATH message with the content from the selected PATH message and
an INGRESS-PROTECTION object; else (the backup ingress is a next an INGRESS-PROTECTION object; else (the backup ingress is a next
hop, i.e., on-path case) add an INGRESS-PROTECTION object into hop, i.e., on-path case) add an INGRESS-PROTECTION object into
the existing PATH message to the backup ingress (i.e., the next the existing PATH message to the backup ingress (i.e., the next
hop). The INGRESS-PROTECTION object contains the Traffic- hop). The INGRESS-PROTECTION object contains the Traffic-
Descriptor sub-object, the Backup Ingress Address sub-object and Descriptor sub-object, the Backup Ingress Address sub-object and
the Label-Routes sub-object. The DM (Detection Mode) in the the Label-Routes sub-object. The flags is set to indicate
object is set to indicate the failure detection mode desired. whether a Backup P2MP LSP is desired. If not yet allocated,
The flags is set to indicate whether a Backup P2MP LSP is allocate a second LSP-ID to be used in the INGRESS-PROTECTION
desired. If not yet allocated, allocate a second LSP-ID to be object. The Label-Routes sub-object contains the next-hops of
used in the INGRESS-PROTECTION object. The Label-Routes sub- the ingress and their labels.
object contains the next-hops of the ingress and their labels.
3. For each of the other PATH messages, if the node to which the 3. For each of the other PATH messages, if the node to which the
message is sent is not the backup ingress, then send the backup message is sent is not the backup ingress, then send the backup
ingress a PATH message with the content copied from the message ingress a PATH message with the content copied from the message
to the node and an empty INGRESS-PROTECTION object; else send the to the node and an empty INGRESS-PROTECTION object; else send the
node the message with an empty INGRESS-PROTECTION object. node the message with an empty INGRESS-PROTECTION object.
6.2.2. Proxy-Ingress Method 6.2.2. Proxy-Ingress Method
The primary ingress is responsible for starting the RSVP signaling The primary ingress is responsible for starting the RSVP signaling
skipping to change at page 16, line 37 skipping to change at page 14, line 32
3. In the PATH RRO, instead of recording the ingress node's address, 3. In the PATH RRO, instead of recording the ingress node's address,
replace it with the Proxy-Ingress-Id. replace it with the Proxy-Ingress-Id.
4. Leave the HOP object populated as usual with information for the 4. Leave the HOP object populated as usual with information for the
ingress-node. ingress-node.
5. Add the INGRESS-PROTECTION object to the PATH message. Allocate 5. Add the INGRESS-PROTECTION object to the PATH message. Allocate
a second LSP-ID to be used in the INGRESS-PROTECTION object. a second LSP-ID to be used in the INGRESS-PROTECTION object.
Include the Backup Ingress Address (IPv4 or IPv6) sub-object and Include the Backup Ingress Address (IPv4 or IPv6) sub-object and
the Traffic-Descriptor sub-object. Set the control-options to the Traffic-Descriptor sub-object. Set or clear the flag
indicate the failure detection mode desired. Set or clear the indicating that a Backup P2MP LSP is desired.
flag indicating that a Backup P2MP LSP is desired.
6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path 6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path
message. Indicate whether one-to-one backup is desired. message. Indicate whether one-to-one backup is desired.
Indicate whether facility backup is desired. Indicate whether facility backup is desired.
7. The RSVP PATH message is sent to the backup node as normal. 7. The RSVP PATH message is sent to the backup node as normal.
If the ingress detects that it can't communicate with the backup If the ingress detects that it can't communicate with the backup
ingress, then the ingress should instead send the PATH message to the ingress, then the ingress should instead send the PATH message to the
next-hop indicated in the ERO computed in step 1. Once the ingress next-hop indicated in the ERO computed in step 1. Once the ingress
detects that it can communicate with the backup ingress, the ingress detects that it can communicate with the backup ingress, the ingress
SHOULD follow the steps 1-7 to obtain ingress failure protection. SHOULD follow the steps 1-7 to obtain ingress failure protection.
When the ingress node receives an RSVP PATH message with an INGRESS- When the ingress node receives an RSVP PATH message with an INGRESS-
PROTECTION object and the object specifies that node as the ingress PROTECTION object and the object specifies that node as the ingress
node and the PHOP as the backup ingress node, the ingress node SHOULD node and the PHOP as the backup ingress node, the ingress node SHOULD
check the Failure Scenario specified in the INGRESS-PROTECTION object
and, if it is not the Next-Hop-Detect, then the ingress node SHOULD
remove the INGRESS-PROTECTION object from the PATH message before remove the INGRESS-PROTECTION object from the PATH message before
sending it out. Additionally, the ingress node must store that it sending it out. Additionally, the ingress node must store that it
will install ingress forwarding state for the LSP rather than will install ingress forwarding state for the LSP rather than
midpoint forwarding. midpoint forwarding.
When an RSVP RESV message is received by the ingress, it uses the When an RSVP RESV message is received by the ingress, it uses the
NHOP to determine whether the message is received from the backup NHOP to determine whether the message is received from the backup
ingress or from a different node. The stored associated PATH message ingress or from a different node. The stored associated PATH message
contains an INGRESS-PROTECTION object that identifies the backup contains an INGRESS-PROTECTION object that identifies the backup
ingress node. If the RESV message is not from the backup node, then ingress node. If the RESV message is not from the backup node, then
skipping to change at page 18, line 15 skipping to change at page 16, line 7
FAST-REROUTE object. This applies to providing a P2MP backup if the FAST-REROUTE object. This applies to providing a P2MP backup if the
"P2MP backup" is set, a one-to-one backup if "one-to-one desired" is "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is
set, facility backup if the "facility backup desired" is set, and set, facility backup if the "facility backup desired" is set, and
backup paths that support the desired bandwidth, and administrative- backup paths that support the desired bandwidth, and administrative-
colors that are requested. colors that are requested.
If multiple INGRESS-PROTECTION objects have been received via If multiple INGRESS-PROTECTION objects have been received via
multiple PATH messages for the same LSP, then the most recent one multiple PATH messages for the same LSP, then the most recent one
that specified a Traffic-Descriptor sub-object MUST be the one used. that specified a Traffic-Descriptor sub-object MUST be the one used.
The backup ingress creates the appropriate forwarding state based on The backup ingress creates the appropriate forwarding state for the
failure detection mode specified. For the Source-Detect and Next- backup LSP tunnel(s) to the merge point(s).
Hop-Detect, this means that the backup ingress forwards any received
identified traffic into the backup LSP tunnel(s) to the merge
point(s). For the Backup-Detect and Backup-Source-Detect, this means
that the backup ingress creates state to quickly determine the
primary ingress has failed and switch to sending any received
identified traffic into the backup LSP tunnel(s) to the merge
point(s).
When the backup ingress sends a RESV message to the primary ingress, When the backup ingress sends a RESV message to the primary ingress,
it should add an INGRESS-PROTECTION object into the message. It it should add an INGRESS-PROTECTION object into the message. It
SHOULD set or clear the flags in the object to report "Ingress local SHOULD set or clear the flags in the object to report "Ingress local
protection available", "Ingress local protection in use", and protection available", "Ingress local protection in use", and
"bandwidth protection". "bandwidth protection".
If the backup ingress doesn't have a backup LSP tunnel to all the If the backup ingress doesn't have a backup LSP tunnel to all the
merge points, it SHOULD clear "Ingress local protection available". merge points, it SHOULD clear "Ingress local protection available".
[Editor Note: It is possible to indicate the number or which are [Editor Note: It is possible to indicate the number or which are
skipping to change at page 19, line 24 skipping to change at page 17, line 9
When the backup ingress receives a PATH message from the primary When the backup ingress receives a PATH message from the primary
ingress for locally protecting the primary ingress of a protected ingress for locally protecting the primary ingress of a protected
LSP, it checks to see if any critical information has been changed. LSP, it checks to see if any critical information has been changed.
If the next hops of the primary ingress are changed, the backup If the next hops of the primary ingress are changed, the backup
ingress SHALL update its backup LSP(s). ingress SHALL update its backup LSP(s).
6.3.1.1. Relay-Message Method 6.3.1.1. Relay-Message Method
When the backup ingress receives a PATH message with the INGRESS- When the backup ingress receives a PATH message with the INGRESS-
PROTECTION object, it examines the object to learn what traffic PROTECTION object, it examines the object to learn what traffic
associated with the LSP and what ingress failure detection mode is associated with the LSP. It determines the next-hops to be merged to
being used. It determines the next-hops to be merged to by examining by examining the Label-Routes sub-object in the object. If the
the Label-Routes sub-object in the object. If the Traffic-Descriptor Traffic-Descriptor sub-object isn't included, this object is
sub-object isn't included, this object is considered "empty". considered "empty".
The backup ingress stores the PATH message received from the primary The backup ingress stores the PATH message received from the primary
ingress, but does NOT forward it. ingress, but does NOT forward it.
The backup ingress MUST respond with a RESV to the PATH message The backup ingress MUST respond with a RESV to the PATH message
received from the primary ingress. If the INGRESS-PROTECTION object received from the primary ingress. If the INGRESS-PROTECTION object
is not "empty", the backup ingress SHALL send the RESV message with is not "empty", the backup ingress SHALL send the RESV message with
the state indicating protection is available after the backup LSP(s) the state indicating protection is available after the backup LSP(s)
are successfully established. are successfully established.
skipping to change at page 19, line 52 skipping to change at page 17, line 37
object) from the Record Route Object of each RESV that are closest to object) from the Record Route Object of each RESV that are closest to
the top and not the Ingress router; this should be the second to the the top and not the Ingress router; this should be the second to the
top pair. If a Label-Routes sub-object is included in the INGRESS- top pair. If a Label-Routes sub-object is included in the INGRESS-
PROTECTION object, the included IPv4/IPv6 sub-objects are used to PROTECTION object, the included IPv4/IPv6 sub-objects are used to
filter the set down to the specific next-hops where protection is filter the set down to the specific next-hops where protection is
desired. A RESV message must have been received before the Backup desired. A RESV message must have been received before the Backup
Ingress can create or select the appropriate backup LSP. Ingress can create or select the appropriate backup LSP.
When the backup ingress receives a PATH message with the INGRESS- When the backup ingress receives a PATH message with the INGRESS-
PROTECTION object, the backup ingress examines the object to learn PROTECTION object, the backup ingress examines the object to learn
what traffic associated with the LSP and what ingress failure what traffic associated with the LSP. The backup ingress forwards
detection mode is being used. The backup ingress forwards the PATH the PATH message to the ingress node with the normal RSVP changes.
message to the ingress node with the normal RSVP changes.
When the backup ingress receives a RESV message with the INGRESS- When the backup ingress receives a RESV message with the INGRESS-
PROTECTION object, the backup ingress records an IMPLICIT-NULL label PROTECTION object, the backup ingress records an IMPLICIT-NULL label
in the RRO. Then the backup ingress forwards the RESV message to the in the RRO. Then the backup ingress forwards the RESV message to the
ingress node, which is acting for the proxy ingress. ingress node, which is acting for the proxy ingress.
6.3.2. Backup Ingress Behavior in On-path Case 6.3.2. Backup Ingress Behavior in On-path Case
An LER as the backup ingress determines that it is on-path if one of An LER as the backup ingress determines that it is on-path if one of
its addresses is a next hop of the primary ingress and the primary its addresses is a next hop of the primary ingress and the primary
skipping to change at page 21, line 7 skipping to change at page 18, line 36
During the local repair, the backup ingress continues to send the During the local repair, the backup ingress continues to send the
PATH messages to its next hops as before, keeps the PATH message with PATH messages to its next hops as before, keeps the PATH message with
the INGRESS_PROTECTION object received from the primary ingress and the INGRESS_PROTECTION object received from the primary ingress and
the RESV message with the INGRESS_PROTECTION object to be sent to the the RESV message with the INGRESS_PROTECTION object to be sent to the
primary ingress. It sets the "local protection in use" flag in the primary ingress. It sets the "local protection in use" flag in the
RESV message. RESV message.
6.3.3. Failure Detection 6.3.3. Failure Detection
Failure detection happens much faster than RSVP, whether via a link-
level notification or BFD. As discussed, there are different modes
for detecting it. The backup ingress MUST have properly set up its
forwarding state to either always forward the specified traffic into
the backup LSP(s) for the Source-Detect and Next-Hop-Detect modes or
to swap from discarding to forwarding when a failure is detected for
the Backup-Source-Detect and Backup-Detect modes.
For facility backup LSPs, the correct inner MPLS label to use must be
determined. For the ingress-proxy method, that MPLS label comes
directly from the RRO of the RESV. For the relay-message method,
that MPLS label comes from the Label-Routes sub-object in the non-
empty INGRESS-PROTECTION object.
As described in [RFC4090], it is necessary to refresh the PATH As described in [RFC4090], it is necessary to refresh the PATH
messages via the backup LSP(s). The Backup Ingress MUST wait to messages via the backup LSP(s). The Backup Ingress MUST wait to
refresh the backup PATH messages until it can accurately detect that refresh the backup PATH messages until it can accurately detect that
the ingress node has failed. An example of such an accurate the ingress node has failed. An example of such an accurate
detection would be that the IGP has no bi-directional links to the detection would be that the IGP has no bi-directional links to the
ingress node and the last change was long enough in the past that ingress node and the last change was long enough in the past that
changes should have been received (i.e., an IGP network convergence changes should have been received (i.e., an IGP network convergence
time or approximately 2-3 seconds) or a BFD session to the primary time or approximately 2-3 seconds) or a BFD session to the primary
ingress' loopback address has failed and stayed failed after the ingress' loopback address has failed and stayed failed after the
network has reconverged. network has reconverged.
As described in [RFC4090 Section 6.4.3], the backup ingress, acting As described in [RFC4090 Section 6.4.3], the backup ingress, acting
as PLR, SHOULD modify - including removing any INGRESS-PROTECTION and as PLR, SHOULD modify - including removing any INGRESS-PROTECTION and
FAST-REROUTE objects - and send any saved PATH messages associated FAST-REROUTE objects - and send any saved PATH messages associated
with the primary LSP. with the primary LSP.
6.4. Merge Point Behavior 6.4. Revertive Behavior
An LSR that is serving as a Merge Point may need to support the
INGRESS-PROTECTION object and functionality defined in this
specification if the LSP is ingress-protected where the failure
scenario is Next-Hop-Detect. An LSR can determine that it must be a
merge point if it is not the ingress, it is not the backup ingress
(determined by examining the Backup Ingress Address (IPv4 or IPv6)
sub-object in the INGRESS-PROTECTION object), and the PHOP is the
ingress node.
In that case, when the LSR receives a PATH message with an INGRESS-
PROTECTION object, the LSR MUST remove the INGRESS-PROTECTION object
before forwarding on the PATH message. If the failure scenario
specified is Next-Hop-Detect, the MP must connect up the fast-failure
detection (as configured) to accepting backup traffic received from
the backup node. There are a number of different ways that the MP
can enforce not forwarding traffic normally received from the backup
node. For instance, first, any LSPs set up from the backup node
should not be signaled with an IMPLICIT NULL label and second, the
associated label for the ingress- protected LSP could be set to
normally discard inside that context.
When the MP receives a RESV message whose matching PATH state had an
INGRESS-PROTECTION object, the MP SHOULD add the INGRESS-PROTECTION
object to the RESV message before forwarding it. The Backup PATH
handling is as described in [RFC4090] and [RFC4875].
6.5. Revertive Behavior
Upon a failure event in the (primary) ingress of a protected LSP, the Upon a failure event in the (primary) ingress of a protected LSP, the
protected LSP is locally repaired by the backup ingress. There are a protected LSP is locally repaired by the backup ingress. There are a
couple of basic strategies for restoring the LSP to a full working couple of basic strategies for restoring the LSP to a full working
path. path.
- Revert to Primary Ingress: When the primary ingress is restored, - Revert to Primary Ingress: When the primary ingress is restored,
it re-signals each of the LSPs that start from the primary it re-signals each of the LSPs that start from the primary
ingress. The traffic for every LSP successfully re-signaled is ingress. The traffic for every LSP successfully re-signaled is
switched back to the primary ingress from the backup ingress. switched back to the primary ingress from the backup ingress.
- Global Repair by Backup Ingress: After determining that the - Global Repair by Backup Ingress: After determining that the
primary ingress of an LSP has failed, the backup ingress computes primary ingress of an LSP has failed, the backup ingress computes
a new optimal path, signals a new LSP along the new path, and a new optimal path, signals a new LSP along the new path, and
switches the traffic to the new LSP. switches the traffic to the new LSP.
6.5.1. Revert to Primary Ingress 6.4.1. Revert to Primary Ingress
If "Revert to Primary Ingress" is desired for a protected LSP, the If "Revert to Primary Ingress" is desired for a protected LSP, the
(primary) ingress of the LSP re-signals the LSP that starts from the (primary) ingress of the LSP re-signals the LSP that starts from the
primary ingress after the primary ingress restores. When the LSP is primary ingress after the primary ingress restores. When the LSP is
re-signaled successfully, the traffic is switched back to the primary re-signaled successfully, the traffic is switched back to the primary
ingress from the backup ingress and redirected into the LSP starting ingress from the backup ingress and redirected into the LSP starting
from the primary ingress. from the primary ingress.
It is possible that the Ingress failure was inaccurately detected,
that the Ingress recovers before the Backup Ingress does Global
Repair, or that the Ingress has the ability to take over an LSP based
on receiving the associated RESVs.
If the ingress can resignal the PATH messages for the LSP, then the If the ingress can resignal the PATH messages for the LSP, then the
ingress can specify the "Revert to Ingress" control-option in the ingress can specify the "Revert to Ingress" control-option in the
INGRESS-PROTECTION object. Doing so may cause a duplication of INGRESS-PROTECTION object. Doing so may cause a duplication of
traffic while the Ingress starts sending traffic again before the traffic while the Ingress starts sending traffic again before the
Backup Ingress stops; the alternative is to drop traffic for a short Backup Ingress stops; the alternative is to drop traffic for a short
period of time. period of time.
Additionally, the Backup Ingress can set the "Revert To Ingress" Additionally, the Backup Ingress can set the "Revert To Ingress"
control-option as a request for the Ingress to take over. control-option as a request for the Ingress to take over.
6.5.2. Global Repair by Backup Ingress 6.4.2. Global Repair by Backup Ingress
When the backup ingress has determined that the primary ingress of
the protected LSP has failed (e.g., via the IGP), it can compute a
new path and signal a new LSP along the new path so that it no longer
relies upon local repair. To do this, the backup ingress uses the
same tunnel sender address in the Sender Template Object and uses the
previously allocated second LSP-ID in the INGRESS-PROTECTION object
of the PATH message as the LSP-ID of the new LSP. This allows the
new LSP to share resources with the old LSP.
When the backup ingress has determined that the primary ingress of When the backup ingress has determined that the primary ingress of
the protected LSP has failed (e.g., via the IGP), it can compute a the protected LSP has failed (e.g., via the IGP), it can compute a
new path and signal a new LSP along the new path so that it no longer new path and signal a new LSP along the new path so that it no longer
relies upon local repair. To do this, the backup ingress uses the relies upon local repair. To do this, the backup ingress uses the
same tunnel sender address in the Sender Template Object and uses the same tunnel sender address in the Sender Template Object and uses the
previously allocated second LSP-ID in the INGRESS-PROTECTION object previously allocated second LSP-ID in the INGRESS-PROTECTION object
of the PATH message as the LSP-ID of the new LSP. This allows the of the PATH message as the LSP-ID of the new LSP. This allows the
new LSP to share resources with the old LSP. In addition, if the new LSP to share resources with the old LSP. In addition, if the
Ingress recovers, the Backup Ingress SHOULD send it RESVs with the Ingress recovers, the Backup Ingress SHOULD send it RESVs with the
skipping to change at page 25, line 7 skipping to change at page 21, line 27
Markus Jork Markus Jork
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
USA USA
Email: mjork@juniper.net Email: mjork@juniper.net
10. Acknowledgement 10. Acknowledgement
The authors would like to thank Rahul Aggarwal, Eric Osborne, Ross The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric
Callon, Loa Andersson, Michael Yue, Olufemi Komolafe, Rob Rennison, Osborne, Ross Callon, Loa Andersson, Michael Yue, Olufemi Komolafe,
Neil Harrison, Kannan Sampath, and Ronhazli Adam for their valuable Rob Rennison, Neil Harrison, Kannan Sampath, and Ronhazli Adam for
comments and suggestions on this draft. their valuable comments and suggestions on this draft.
11. References 11. References
11.1. Normative References 11.1. Normative References
[RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700, [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700,
October 1994. October 1994.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 26, line 33 skipping to change at page 23, line 15
Huawei Technologies Huawei Technologies
Boston, MA Boston, MA
USA USA
Email: huaimo.chen@huawei.com Email: huaimo.chen@huawei.com
Ning So Ning So
Tata Communications Tata Communications
2613 Fairbourne Cir. 2613 Fairbourne Cir.
Plano, TX 75082 Plano, TX 75082
USA USA
Email: ning.so@tatacommunications.com Email: ningso01@gmail.com
Autumn Liu Autumn Liu
Ericsson Ericsson
300 Holger Way 300 Holger Way
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: autumn.liu@ericsson.com Email: autumn.liu@ericsson.com
Raveendra Torvi Raveendra Torvi
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
USA USA
Email: rtorvi@juniper.net Email: rtorvi@juniper.net
Alia Atlas Alia Atlas
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
 End of changes. 46 change blocks. 
325 lines changed or deleted 146 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/