draft-ietf-teas-rsvp-ingress-protection-08.txt   draft-ietf-teas-rsvp-ingress-protection-09.txt 
Internet Engineering Task Force H. Chen, Ed. Internet Engineering Task Force H. Chen, Ed.
Internet-Draft Huawei Technologies Internet-Draft Huawei Technologies
Intended status: Experimental R. Torvi, Ed. Intended status: Experimental R. Torvi, Ed.
Expires: March 5, 2017 Juniper Networks Expires: August 9, 2017 Juniper Networks
September 1, 2016 February 5, 2017
Extensions to RSVP-TE for LSP Ingress FRR Protection Extensions to RSVP-TE for LSP Ingress FRR Protection
draft-ietf-teas-rsvp-ingress-protection-08.txt draft-ietf-teas-rsvp-ingress-protection-09.txt
Abstract Abstract
This document describes extensions to Resource Reservation Protocol - This document describes extensions to Resource Reservation Protocol -
Traffic Engineering (RSVP-TE) for locally protecting the ingress node Traffic Engineering (RSVP-TE) for locally protecting the ingress node
of a Traffic Engineered (TE) Label Switched Path (LSP), which is a of a Traffic Engineered (TE) Label Switched Path (LSP), which is a
Point-to-Point (P2P) LSP or a Point-to-Multipoint (P2MP) LSP. Point-to-Point (P2P) LSP or a Point-to-Multipoint (P2MP) LSP.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 5, 2017. This Internet-Draft will expire on August 9, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Co-authors . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. An Example of Ingress Local Protection . . . . . . . . . . 4
2.1. An Example of Ingress Local Protection . . . . . . . . . . 3 1.2. Ingress Local Protection with FRR . . . . . . . . . . . . 5
2.2. Ingress Local Protection with FRR . . . . . . . . . . . . 4 2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 5
3. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 4 2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 5
3.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 4 2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 6
3.2. Backup and Source Detect Failure . . . . . . . . . . . . . 5 3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 6
4. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 5 3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 6
4.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 5 4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 7
5. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 6 4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 7
5.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 6 4.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 8
5.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 7 4.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 9
5.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 8 4.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 9
5.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 8 4.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 10
5.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 8 4.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 10
5.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 9 4.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 11
5.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 9 5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 11
6. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 10 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 12
6.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 10 5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 12
6.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 11 5.1.3. Comparing Two Methods . . . . . . . . . . . . . . . . 13
6.1.3. Comparing Two Methods . . . . . . . . . . . . . . . . 12 5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 13
6.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 12 5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 14
6.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 15
6.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 13 5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 16
6.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 14 5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 16
6.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 14 5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 18
6.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 17 5.3.3. Failure Detection and Refresh PATH Messages . . . . . 19
6.3.3. Failure Detection and Refresh PATH Messages . . . . . 17 5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 19
6.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 18 5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 20
6.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 18 5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 20
6.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 19 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20
7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 8. Co-authors and Contributors . . . . . . . . . . . . . . . . . 21
8.1. A New Class Number . . . . . . . . . . . . . . . . . . . . 19 9. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 23
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 20 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 21 10.1. Normative References . . . . . . . . . . . . . . . . . . . 24
11. Normative References . . . . . . . . . . . . . . . . . . . . . 21 10.2. Informative References . . . . . . . . . . . . . . . . . . 24
A. Problem Summary . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24
B. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 23
1. Co-authors 1. Introduction
Ning So, Autumn Liu, Yimin Shen, Tarek Saad, Fengman Xu, Mehmet Toy, There is a need for a fast and efficient protection against the
Lei Liu failure of the ingress node of a MPLS TE LSP (either P2MP LSP or P2P
LSP).
2. Introduction For a MPLS TE LSP, protecting the failures of its transit nodes using
fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875
for P2MP LSP. However, protecting the failure of its ingress node
using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS
Transport Profile (MPLS-TP) Linear Protection described in RFC 6378
can provide a protection against the failure of any transit node of a
LSP between the ingress node and the egress node of the LSP, but
cannot protect against the failure of the ingress node.
For a MPLS LSP it is important to have a fast-reroute method for To protect against the failure of the (primary) ingress node of a
protecting its ingress node and transit nodes. Protecting an ingress primary end to end P2MP (or P2P) TE LSP, a typical existing solution
is not covered either in the fast-reroute method defined in [RFC4090] is to set up a secondary backup end to end P2MP (or P2P) TE LSP from
or in the P2MP fast-reroute extensions to fast-reroute in [RFC4875]. a backup ingress node, which is different from the primary ingress
node, to the backup egress nodes (or node), which are (or is)
different from the primary egress nodes (or node) of the primary LSP.
For a P2MP TE LSP, on each of the primary (and backup) egress nodes,
a P2P LSP is created from the egress node to its primary (backup)
ingress node and configured with BFD. This is used to detect the
failure of the primary (backup) ingress node for the receiver to
switch to the backup (or primary) egress node to receive the traffic
after the primary (or backup) ingress node fails when both the
primary LSP and the secondary LSP carry the traffic. In addition,
FRR may be used to provide protections against the failures of the
transit nodes and the links of the primary and secondary end to end
TE LSPs.
An alternate approach to local protection (fast-reroute) is to use There are a number of issues in this solution, which are briefed as
global protection and set up a secondary backup LSP (whether P2MP or follows:
P2P) from a backup ingress to the egresses. The main disadvantage of
this is that the backup LSP may reserve additional network bandwidth. o It consumes lots of network resources. Double states need to be
maintained in the network since two end to end TE LSPs are
created. Double link bandwidth is reserved and used when both the
primary and the secondary end to end TE LSPs carry the traffic at
the same time.
o More operations are needed, which include the configurations of
two end to end TE LSPs and BFDs from each of the egress nodes to
its corresponding ingress node.
o The detection of the failure of the ingress node may not be
reliable. Any failure on the path of the BFD from an egress node
to an ingress node may cause the BFD down to indicate the failure
of the ingress node.
o The speed of protection against the failure of the ingress node
may be slow.
This specification defines a simple extension to RSVP-TE for local This specification defines a simple extension to RSVP-TE for local
protection (FRR) of the ingress node of a P2MP or P2P LSP. Ingress protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve
local protection and ingress FRR protection will be used these issues. Ingress local protection and ingress FRR protection
exchangeably. will be used exchangeably.
2.1. An Example of Ingress Local Protection 1.1. An Example of Ingress Local Protection
Figure 1 shows an example of using a backup P2MP LSP to locally Figure 1 shows an example of using a backup P2MP LSP to locally
protect the ingress of a primary P2MP LSP, which is from ingress R1 protect the ingress of a primary P2MP LSP, which is from ingress R1
to three egresses: L1, L2 and L3. The backup LSP is from backup to three egresses: L1, L2 and L3. The backup LSP is from backup
ingress Ra to the next hops R2 and R4 of ingress R1. ingress Ra to the next hops R2 and R4 of ingress R1.
[R2]******[R3]*****[L1] [R2]******[R3]*****[L1]
* | **** Primary LSP * | **** Primary LSP
* | ---- Backup LSP * | ---- Backup LSP
* / .... BFD Session * / .... BFD Session
skipping to change at page 4, line 15 skipping to change at page 5, line 6
When source S detects the failure of R1, it switches the traffic to When source S detects the failure of R1, it switches the traffic to
backup ingress Ra, which imports the traffic from S into the backup backup ingress Ra, which imports the traffic from S into the backup
LSP to R1's next hops R2 and R4, where the traffic is merged into the LSP to R1's next hops R2 and R4, where the traffic is merged into the
primary LSP, and then sent to egresses L1, L2 and L3. Source S primary LSP, and then sent to egresses L1, L2 and L3. Source S
detects the failure of R1 and switches the traffic within 10s of ms. detects the failure of R1 and switches the traffic within 10s of ms.
Note that the backup ingress is one logical hop away from the Note that the backup ingress is one logical hop away from the
ingress. A logical hop is a direct link or a tunnel such as a GRE ingress. A logical hop is a direct link or a tunnel such as a GRE
tunnel, over which RSVP-TE messages may be exchanged. tunnel, over which RSVP-TE messages may be exchanged.
2.2. Ingress Local Protection with FRR 1.2. Ingress Local Protection with FRR
Through using the ingress local protection and the FRR, we can Through using the ingress local protection and the FRR, we can
locally protect the ingress, all the links and the transit nodes of locally protect the ingress, all the links and the transit nodes of
an LSP. The traffic switchover time is within 10s of ms whenever the an LSP. The traffic switchover time is within 10s of ms whenever the
ingress, any of the links and the transit nodes of the LSP fails. ingress, any of the links and the transit nodes of the LSP fails.
The ingress node of the LSP can be locally protected through using The ingress node of the LSP can be locally protected through using
the ingress local protection. All the links and all the transit the ingress local protection. All the links and all the transit
nodes of the LSP can be locally protected through using the FRR. nodes of the LSP can be locally protected through using the FRR.
3. Ingress Failure Detection 2. Ingress Failure Detection
Exactly how to detect the failure of the ingress is out of scope. Exactly how to detect the failure of the ingress is out of scope.
However, it is necessary to discuss different modes for detecting the However, it is necessary to discuss different modes for detecting the
failure because they determine what is the required behavior for the failure because they determine what is the required behavior for the
source and backup ingress. source and backup ingress.
3.1. Source Detects Failure 2.1. Source Detects Failure
Source Detects Failure or Source-Detect for short means that the Source Detects Failure or Source-Detect for short means that the
source is responsible for fast detecting the failure of the primary source is responsible for fast detecting the failure of the primary
ingress of an LSP. The backup ingress is ready to import the traffic ingress of an LSP. The backup ingress is ready to import the traffic
from the source into the backup LSP(s) after the backup LSP(s) is up. from the source into the backup LSP(s) after the backup LSP(s) is up.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. When the source detects the failure of the primary ingress, ingress. When the source detects the failure of the primary ingress,
it switches the traffic to the backup ingress, which delivers the it switches the traffic to the backup ingress, which delivers the
traffic to the next hops of the primary ingress through the backup traffic to the next hops of the primary ingress through the backup
skipping to change at page 5, line 9 skipping to change at page 6, line 5
MUST use a method to reliably detect the failure of the primary MUST use a method to reliably detect the failure of the primary
ingress before the PATH message for the LSP expires at the next hop ingress before the PATH message for the LSP expires at the next hop
of the primary ingress. After reliably detecting the failure, the of the primary ingress. After reliably detecting the failure, the
backup ingress sends/refreshes the PATH message to the next hop backup ingress sends/refreshes the PATH message to the next hop
through the backup LSP as needed. through the backup LSP as needed.
After the primary ingress fails, it will not be reachable after After the primary ingress fails, it will not be reachable after
routing convergence. Thus checking whether the primary ingress routing convergence. Thus checking whether the primary ingress
(address) is reachable is a possible method. (address) is reachable is a possible method.
3.2. Backup and Source Detect Failure 2.2. Backup and Source Detect Failure
Backup and Source Detect Failure or Backup-Source-Detect for short Backup and Source Detect Failure or Backup-Source-Detect for short
means that both the backup ingress and the source are concurrently means that both the backup ingress and the source are concurrently
responsible for fast detecting the failure of the primary ingress. responsible for fast detecting the failure of the primary ingress.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. It switches the traffic to the backup ingress when it ingress. It switches the traffic to the backup ingress when it
detects the failure of the primary ingress. detects the failure of the primary ingress.
The backup ingress does not import any traffic from the source into The backup ingress does not import any traffic from the source into
the backup LSP in normal operations. When it detects the failure of the backup LSP in normal operations. When it detects the failure of
the primary ingress, it imports the traffic from the source into the the primary ingress, it imports the traffic from the source into the
backup LSP to the next hops of the primary ingress, where the traffic backup LSP to the next hops of the primary ingress, where the traffic
is merged into the primary LSP. is merged into the primary LSP.
The source-detect is preferred. It is simpler than the backup- The source-detect is preferred. It is simpler than the backup-
source-detect, which needs both the source and the backup ingress source-detect, which needs both the source and the backup ingress
detect the ingress failure quickly. detect the ingress failure quickly.
4. Backup Forwarding State 3. Backup Forwarding State
Before the primary ingress fails, the backup ingress is responsible Before the primary ingress fails, the backup ingress is responsible
for creating the necessary backup LSPs. These LSPs might be multiple for creating the necessary backup LSPs. These LSPs might be multiple
bypass P2P LSPs that avoid the ingress. Alternately, the backup bypass P2P LSPs that avoid the ingress. Alternately, the backup
ingress could choose to use a single backup P2MP LSP as a bypass or ingress could choose to use a single backup P2MP LSP as a bypass or
detour to protect the primary ingress of a primary P2MP LSP. detour to protect the primary ingress of a primary P2MP LSP.
The backup ingress may be off-path or on-path of an LSP. If a backup The backup ingress may be off-path or on-path of an LSP. If a backup
ingress is not any node of the LSP, we call it is off-path. If a ingress is not any node of the LSP, we call it is off-path. If a
backup ingress is a next-hop of the primary ingress of the LSP, we backup ingress is a next-hop of the primary ingress of the LSP, we
call it is on-path. If it is on-path, the primary forwarding state call it is on-path. If it is on-path, the primary forwarding state
associated with the primary LSP SHOULD be clearly separated from the associated with the primary LSP SHOULD be clearly separated from the
backup LSP(s) state. backup LSP(s) state.
4.1. Forwarding State for Backup LSP 3.1. Forwarding State for Backup LSP
A forwarding entry for a backup LSP is created on the backup ingress A forwarding entry for a backup LSP is created on the backup ingress
after the LSP is set up. Depending on the failure-detection mode after the LSP is set up. Depending on the failure-detection mode
(e.g., source-detect), it may be used to forward received traffic or (e.g., source-detect), it may be used to forward received traffic or
simply be inactive (e.g., backup-source-detect) until required. In simply be inactive (e.g., backup-source-detect) until required. In
either case, when the primary ingress fails, this entry is used to either case, when the primary ingress fails, this entry is used to
import the traffic into the backup LSP to the next hops of the import the traffic into the backup LSP to the next hops of the
primary ingress, where the traffic is merged into the primary LSP. primary ingress, where the traffic is merged into the primary LSP.
The forwarding entry for a backup LSP is a local implementation The forwarding entry for a backup LSP is a local implementation
issue. In one device, it may have an inactive flag. This inactive issue. In one device, it may have an inactive flag. This inactive
forwarding entry is not used to forward any traffic normally. When forwarding entry is not used to forward any traffic normally. When
the primary ingress fails, it is changed to active, and thus the the primary ingress fails, it is changed to active, and thus the
traffic from the source is imported into the backup LSP. traffic from the source is imported into the backup LSP.
5. Protocol Extensions 4. Protocol Extensions
A new object INGRESS_PROTECTION is defined for signaling ingress A new object INGRESS_PROTECTION is defined for signaling ingress
local protection. It is backward compatible. local protection. It is backward compatible.
5.1. INGRESS_PROTECTION Object 4.1. INGRESS_PROTECTION Object
The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
message is used to control the backup for protecting the primary message is used to control the backup for protecting the primary
ingress of a primary LSP. The primary ingress MUST insert this ingress of a primary LSP. The primary ingress MUST insert this
object into the PATH message to be sent to the backup ingress for object into the PATH message to be sent to the backup ingress for
protecting the primary ingress. It has the following format: protecting the primary ingress. It has the following format:
Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IPv4 Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IPv4
C-Type = 2 for INGRESS_PROTECTION_IPv6 C-Type = 2 for INGRESS_PROTECTION_IPv6
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (bytes) | Class-Num | C-Type | | Length (bytes) | Class-Num | C-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (zero) | NUB | Flags | Options | | Reserved (zero) | NUB | Flags | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ (Subobjects) ~ ~ (Subobjects) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
NUB Number of Unprotected Branches NUB Number of Unprotected Branches
Flags Flags
0x01 Ingress local protection available 0x01 Ingress local protection available
0x02 Ingress local protection in use 0x02 Ingress local protection in use
0x04 Bandwidth protection 0x04 Bandwidth protection
Options Options
skipping to change at page 7, line 8 skipping to change at page 8, line 5
0x02 P2MP Backup 0x02 P2MP Backup
For protecting the ingress of a P2MP LSP, if the backup ingress For protecting the ingress of a P2MP LSP, if the backup ingress
doesn't have a backup LSP to each of the next hops of the primary doesn't have a backup LSP to each of the next hops of the primary
ingress, it SHOULD clear "Ingress local protection available" and set ingress, it SHOULD clear "Ingress local protection available" and set
NUB to the number of the next hops to which there is no backup LSP. NUB to the number of the next hops to which there is no backup LSP.
The flags are used to communicate status information from the backup The flags are used to communicate status information from the backup
ingress to the primary ingress. ingress to the primary ingress.
o Ingress local protection available: The backup ingress sets this o Ingress local protection available: The backup ingress MUST set
flag after backup LSPs are up and ready for locally protecting the this flag after backup LSPs are up and ready for locally
primary ingress. The backup ingress sends this to the primary protecting the primary ingress. The backup ingress sends this to
ingress to indicate that the primary ingress is locally protected. the primary ingress to indicate that the primary ingress is
locally protected.
o Ingress local protection in use: The backup ingress sets this flag o Ingress local protection in use: The backup ingress MUST set this
when it detects a failure in the primary ingress. The backup flag when it detects a failure in the primary ingress and actively
ingress keeps it and does not send it to the primary ingress since redirects the traffic into the backup LSPs. The backup ingress
the primary ingress is down. keeps it and does not send it to the primary ingress since the
primary ingress is down.
o Bandwidth protection: The backup ingress sets this flag if the o Bandwidth protection: The backup ingress MUST set this flag if the
backup LSPs guarantee to provide desired bandwidth for the backup LSPs guarantee to provide desired bandwidth for the
protected LSP against the primary ingress failure. protected LSP against the primary ingress failure.
The options are used by the primary ingress to specify the desired The options are used by the primary ingress to specify the desired
behavior to the backup ingress. behavior to the backup ingress.
o Revert to Ingress: The primary ingress sets this option indicating o Revert to Ingress: The primary ingress sets this option indicating
that the traffic for the primary LSP successfully re-signaled will that the traffic for the primary LSP successfully re-signaled will
be switched back to the primary ingress from the backup ingress be switched back to the primary ingress from the backup ingress
when the primary ingress is restored. when the primary ingress is restored.
o P2MP Backup: This option is set to ask for the backup ingress to o P2MP Backup: This option is set to ask for the backup ingress to
use P2MP backup LSP to protect the primary ingress. use P2MP backup LSP to protect the primary ingress.
The INGRESS_PROTECTION object may contain some sub objects below. The INGRESS_PROTECTION object may contain some sub objects of
following format:
5.1.1. Subobject: Backup Ingress IPv4 Address 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |Reserved (zero)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contents/Body of subobject |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where Type is the type of a sub object, Length is the total size of
the sub object in bytes, including Type, Length and Contents fields.
4.1.1. Subobject: Backup Ingress IPv4 Address
When the primary ingress of a protected LSP sends a PATH message with When the primary ingress of a protected LSP sends a PATH message with
an INGRESS_PROTECTION object to the backup ingress, the object MUST an INGRESS_PROTECTION object to the backup ingress, the object MUST
have a Backup Ingress IPv4 Address sub object containing an IPv4 have a Backup Ingress IPv4 Address sub object containing an IPv4
address belonging to the backup ingress if IPv4 is used. The Type of address belonging to the backup ingress if IPv4 is used. The Type of
the sub object is TBD1 (the exact number to be assigned by IANA), and the sub object is TBD1 (the exact number to be assigned by IANA), and
the body of the sub object is given below: the body of the sub object is given below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Backup ingress IPv4 address (4 bytes) | | Backup ingress IPv4 address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Backup ingress IPv4 address: An IPv4 host address of backup ingress Backup ingress IPv4 address: An IPv4 host address of backup ingress
5.1.2. Subobject: Backup Ingress IPv6 Address 4.1.2. Subobject: Backup Ingress IPv6 Address
When the primary ingress of a protected LSP sends a PATH message with When the primary ingress of a protected LSP sends a PATH message with
an INGRESS_PROTECTION object to the backup ingress, the object MUST an INGRESS_PROTECTION object to the backup ingress, the object MUST
have a Backup Ingress IPv6 Address sub object containing an IPv6 have a Backup Ingress IPv6 Address sub object containing an IPv6
address belonging to the backup ingress if IPv6 is used. The Type of address belonging to the backup ingress if IPv6 is used. The Type of
the sub object is TBD2, the body of the sub object is given below: the sub object is TBD2, the body of the sub object is given below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Backup ingress IPv6 address (16 bytes) | | Backup ingress IPv6 address (16 bytes) |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Backup ingress IPv6 address: An IPv6 host address of backup ingress Backup ingress IPv6 address: An IPv6 host address of backup ingress
5.1.3. Subobject: Ingress IPv4 Address 4.1.3. Subobject: Ingress IPv4 Address
The INGRESS_PROTECTION object may have an Ingress IPv4 Address sub The INGRESS_PROTECTION object may have an Ingress IPv4 Address sub
object containing an IPv4 address belonging to the primary ingress. object containing an IPv4 address belonging to the primary ingress if
The Type of the sub object is TBD3. The sub object has the following IPv4 is used. The Type of the sub object is TBD3. The sub object
body: has the following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress IPv4 address (4 bytes) | | Ingress IPv4 address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ingress IPv4 address: An IPv4 host address of ingress Ingress IPv4 address: An IPv4 host address of ingress
5.1.4. Subobject: Ingress IPv6 Address 4.1.4. Subobject: Ingress IPv6 Address
The INGRESS_PROTECTION object may have an Ingress IPv6 Address sub The INGRESS_PROTECTION object may have an Ingress IPv6 Address sub
object containing an IPv6 address belonging to the primary ingress. object containing an IPv6 address belonging to the primary ingress if
The Type of the sub object is TBD4. The sub object has the following IPv6 is used. The Type of the sub object is TBD4. The sub object
body: has the following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress IPv6 address (16 bytes) | | Ingress IPv6 address (16 bytes) |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ingress IPv6 address: An IPv6 host address of ingress Ingress IPv6 address: An IPv6 host address of ingress
5.1.5. Subobject: Traffic Descriptor 4.1.5. Subobject: Traffic Descriptor
The INGRESS_PROTECTION object may have a Traffic Descriptor sub The INGRESS_PROTECTION object may have a Traffic Descriptor sub
object describing the traffic to be mapped to the backup LSP on the object describing the traffic to be mapped to the backup LSP on the
backup ingress for locally protecting the primary ingress. The Type backup ingress for locally protecting the primary ingress. The Type
of the sub object is TBD5, TBD6, TBD7 or TBD8 for Interface, IPv4 of the sub object is TBD5, TBD6, TBD7 or TBD8 for Interface, IPv4
Prefix, IPv6 Prefix or Application Identifier respectively. The sub Prefix, IPv6 Prefix or Application Identifier respectively. The sub
object has the following body: object has the following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 9, line 44 skipping to change at page 11, line 14
o IPv6 Prefix Traffic (Type TBD7): Each of the Traffic Elements is o IPv6 Prefix Traffic (Type TBD7): Each of the Traffic Elements is
an IPv6 prefix, containing an 8-bit prefix length followed by an an IPv6 prefix, containing an 8-bit prefix length followed by an
IPv6 address prefix, whose length, in bits, is specified by the IPv6 address prefix, whose length, in bits, is specified by the
prefix length, padded to a byte boundary. prefix length, padded to a byte boundary.
o Application Traffic (Type TBD8): Each of the Traffic Elements is a o Application Traffic (Type TBD8): Each of the Traffic Elements is a
32 bit identifier of an application, from which the traffic is 32 bit identifier of an application, from which the traffic is
imported into the backup LSP. imported into the backup LSP.
5.1.6. Subobject: Label-Routes 4.1.6. Subobject: Label-Routes
The INGRESS_PROTECTION object in a PATH message from the primary The INGRESS_PROTECTION object in a PATH message from the primary
ingress to the backup ingress will have a Label-Routes sub object ingress to the backup ingress will have a Label-Routes sub object
containing the labels and routes that the next hops of the ingress containing the labels and routes that the next hops of the ingress
use. The Type of the sub object is TBD9. The sub object has the use. The Type of the sub object is TBD9. The sub object has the
following body: following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Subobjects ~ ~ Subobjects ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Subobjects in the Label-Routes are copied from those in the The Subobjects in the Label-Routes are copied from those in the
RECORD_ROUTE objects in the RESV messages that the primary ingress RECORD_ROUTE objects in the RESV messages that the primary ingress
receives from its next hops for the primary LSP. They MUST contain receives from its next hops for the primary LSP. They MUST contain
the first hops of the LSP, each of which is paired with its label. the first hops of the LSP, each of which is paired with its label.
6. Behavior of Ingress Protection 5. Behavior of Ingress Protection
6.1. Overview 5.1. Overview
There are four parts of ingress protection: 1) setting up the There are four parts of ingress protection: 1) setting up the
necessary backup LSP forwarding state; 2) identifying the failure and necessary backup LSP forwarding state based on the information for
providing the fast repair (as discussed in Sections 3 and 4); 3) ingress protection; 2) identifying the failure and providing the fast
maintaining the RSVP-TE control plane state until a global repair is repair (as discussed in Sections 3 and 4); 3) maintaining the RSVP-TE
done; and 4) performing the global repair(see Section 6.4). control plane state until a global repair is done; and 4) performing
the global repair(see Section 6.4).
There are two different proposed signaling approaches to obtain There are two different proposed signaling approaches to transfer the
ingress protection. They both use the same new INGRESS_PROTECTION information for ingress protection. They both use the same new
object. The object is sent in both PATH and RESV messages. INGRESS_PROTECTION object. The object is sent in both PATH and RESV
messages.
6.1.1. Relay-Message Method 5.1.1. Relay-Message Method
The primary ingress relays the information for ingress protection of The primary ingress relays the information for ingress protection of
an LSP to the backup ingress via PATH messages. Once the LSP is an LSP to the backup ingress via PATH messages. Once the LSP is
created, the ingress of the LSP sends the backup ingress a PATH created, the ingress of the LSP sends the backup ingress a PATH
message with an INGRESS_PROTECTION object with Label-Routes message with an INGRESS_PROTECTION object with Label-Routes
subobject, which is populated with the next-hops and labels. This subobject, which is populated with the next-hops and labels. This
provides sufficient information for the backup ingress to create the provides sufficient information for the backup ingress to create the
appropriate forwarding state and backup LSP(s). appropriate forwarding state and backup LSP(s).
The ingress also sends the backup ingress all the other PATH messages The ingress also sends the backup ingress all the other PATH messages
for the LSP with an empty INGRESS_PROTECTION object. An for the LSP with an empty INGRESS_PROTECTION object. An
INGRESS_PROTECTION object without any Traffic-Descriptor sub-object INGRESS_PROTECTION object without any Traffic-Descriptor sub-object
is called an empty INGRESS_PROTECTION object. Thus, the backup is called an empty INGRESS_PROTECTION object. Thus, the backup
ingress has access to all the PATH messages needed for modification ingress has access to all the PATH messages needed for modification
to refresh control-plane state after a failure. to refresh control-plane state after a failure.
The advantages of this method include: 1) the primary LSP is The advantages of this method include: 1) the primary LSP is
independent of the backup ingress; 2) simple; 3) less configuration; independent of the backup ingress; 2) simple; 3) less configuration;
and 4) less control traffic. and 4) less control traffic.
6.1.2. Proxy-Ingress Method 5.1.2. Proxy-Ingress Method
Conceptually, a proxy ingress is created that starts the RSVP Conceptually, a proxy ingress is created that starts the RSVP
signaling. The explicit path of the LSP goes from the proxy ingress signaling. The explicit path of the LSP goes from the proxy ingress
to the backup ingress and then to the real ingress. The behavior and to the backup ingress and then to the real ingress. The behavior and
signaling for the proxy ingress is done by the real ingress; the use signaling for the proxy ingress is done by the real ingress; the use
of a proxy ingress address avoids problems with loop detection. of a proxy ingress address avoids problems with loop detection.
[ traffic source ] *** Primary LSP [ traffic source ] *** Primary LSP
$ $ --- Backup LSP $ $ --- Backup LSP
$ $ $$ Link $ $ $$ Link
$ $ $ $
[ proxy ingress ] [ backup ] [ proxy ingress ] [ backup ]
[ & ingress ] | [ & ingress ] |
* | * |
*****[ MP ]----| *****[ MP ]----|
Figure 2: Example Protected LSP with Proxy Ingress Node Figure 2: Example Protected LSP with Proxy Ingress Node
The backup ingress must know the merge points or next-hops and their The backup ingress MUST know the merge points or next-hops and their
associated labels. This is accomplished by having the RSVP PATH and associated labels. This is accomplished by having the RSVP PATH and
RESV messages go through the backup ingress, although the forwarding RESV messages go through the backup ingress, although the forwarding
path need not go through the backup ingress. If the backup ingress path need not go through the backup ingress. If the backup ingress
fails, the ingress simply removes the INGRESS_PROTECTION object and fails, the ingress simply removes the INGRESS_PROTECTION object and
forwards the PATH messages to the LSP's next-hop(s). If the ingress forwards the PATH messages to the LSP's next-hop(s). If the ingress
has its LSP configured for ingress protection, then the ingress can has its LSP configured for ingress protection, then the ingress can
add the backup ingress and itself to the ERO and start forwarding the add the backup ingress and itself to the ERO and start forwarding the
PATH messages to the backup ingress. PATH messages to the backup ingress.
Slightly different behavior can apply for the on-path and off-path Slightly different behavior can apply for the on-path and off-path
skipping to change at page 12, line 5 skipping to change at page 13, line 20
after the ingress for the LSP. In the off-path, the backup ingress after the ingress for the LSP. In the off-path, the backup ingress
is not any next-hop node after the ingress for all associated sub- is not any next-hop node after the ingress for all associated sub-
LSPs. LSPs.
The key advantage of this approach is that it minimizes the special The key advantage of this approach is that it minimizes the special
handling code requires. Because the backup ingress is on the handling code requires. Because the backup ingress is on the
signaling path, it can receive various notifications. It easily has signaling path, it can receive various notifications. It easily has
access to all the PATH messages needed for modification to be sent to access to all the PATH messages needed for modification to be sent to
refresh control-plane state after a failure. refresh control-plane state after a failure.
6.1.3. Comparing Two Methods 5.1.3. Comparing Two Methods
+-------+-----------+-------+--------------+---------------+---------+ +-------+-----------+-------+--------------+---------------+---------+
|\_ Item|Primary LSP|Config |PATH Msg from |RESV Msg from |Reuse | |\_ Item|Primary LSP|Config |PATH Msg from |RESV Msg from |Reuse |
| \_ |Depends on |Proxy- |Backup Ingress|Primary Ingress|Some | | \_ |Depends on |Proxy- |Backup Ingress|Primary Ingress|Some |
| \|Backup |Ingress|to Primary |to Backup |Existing | | \|Backup |Ingress|to Primary |to Backup |Existing |
|Method |Ingress |ID |Ingress |Ingress |Functions| |Method |Ingress |ID |Ingress |Ingress |Functions|
+-------+-----------+-------+--------------+---------------+---------+ +-------+-----------+-------+--------------+---------------+---------+
|Relay- | No | No | No | No | Yes- | |Relay- | No | No | No | No | Yes- |
|Message| | | | | | |Message| | | | | |
+-------+-----------+-------+--------------+---------------+---------+ +-------+-----------+-------+--------------+---------------+---------+
|Proxy- | Yes | Yes- | Yes | Yes | Yes | |Proxy- | Yes | Yes- | Yes | Yes | Yes |
|Ingress| | | | | | |Ingress| | | | | |
+-------+-----------+-------+--------------+---------------+---------+ +-------+-----------+-------+--------------+---------------+---------+
6.2. Ingress Behavior 5.2. Ingress Behavior
The primary ingress MUST be configured with a couple of pieces of The primary ingress MUST be configured with a couple of pieces of
information for ingress protection. information for ingress protection.
o Backup Ingress Address: The primary ingress MUST know an IP o Backup Ingress Address: The primary ingress MUST know an IP
address for it to be included in the INGRESS_PROTECTION object. address for it to be included in the INGRESS_PROTECTION object.
o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The
Proxy-Ingress-Id is only used in the Record Route Object for Proxy-Ingress-Id is only used in the Record Route Object for
recording the proxy-ingress. If no proxy-ingress-id is specified, recording the proxy-ingress. If no proxy-ingress-id is specified,
skipping to change at page 13, line 5 skipping to change at page 14, line 23
within the unique context of the primary ingress and backup within the unique context of the primary ingress and backup
ingress. ingress.
o A connection between backup ingress and primary ingress: If there o A connection between backup ingress and primary ingress: If there
is not any direct link between the primary ingress and the backup is not any direct link between the primary ingress and the backup
ingress, a tunnel MUST be configured between them. ingress, a tunnel MUST be configured between them.
With this additional information, the primary ingress can create and With this additional information, the primary ingress can create and
signal the necessary RSVP extensions to support ingress protection. signal the necessary RSVP extensions to support ingress protection.
6.2.1. Relay-Message Method 5.2.1. Relay-Message Method
To protect the ingress of an LSP, the ingress MUST do the following To protect the primary ingress of an LSP, the primary ingress MUST do
after the LSP is up. the following after the LSP is up.
1. Select a PATH message. 1. Select a PATH message P0 for the LSP.
2. If the backup ingress is off-path, then send it a PATH message 2. If the backup ingress is off-path (the backup ingress is not the
with the content from the selected PATH message and an next hop of the primary ingress for P0), then send it a PATH
INGRESS_PROTECTION object; else (the backup ingress is a next message P0' with the content from P0 and an INGRESS_PROTECTION
hop, i.e., on-path case) add an INGRESS_PROTECTION object into object; else (the backup ingress is a next hop, i.e., on-path
the existing PATH message to the backup ingress (i.e., the next case) add an INGRESS_PROTECTION object into the existing PATH
hop). The object contains the Traffic-Descriptor sub-object, the message to the backup ingress (i.e., the next hop). The object
Backup Ingress Address sub-object and the Label-Routes sub- contains the Traffic-Descriptor sub-object, the Backup Ingress
object. The options is set to indicate whether a Backup P2MP LSP Address sub-object and the Label-Routes sub-object. The options
is desired. The Label-Routes sub-object contains the next-hops is set to indicate whether a Backup P2MP LSP is desired. The
of the ingress and their labels. Label-Routes sub-object contains the next-hops of the primary
ingress and their labels.
3. For each of the other PATH messages, send the backup ingress a 3. For each Pi of the other PATH messages for the LSP, send the
PATH message with the content copied from the message and an backup ingress a PATH message Pi' with the content copied from Pi
empty INGRESS_PROTECTION object. and an empty INGRESS_PROTECTION object.
6.2.2. Proxy-Ingress Method For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup
ingress, it has the same SESSION as Pj (i.e., P0/Pi). If the backup
ingress is off-path, the primary ingress updates Pj' according to the
backup ingress as its next hop before sending it. It adds the backup
ingress to the beginning of the ERO, and sets RSVP_HOP based on the
interface to the backup ingress. The primary ingress MUST NOT set up
any forwarding state to the backup ingress if the backup ingress is
off-path.
5.2.2. Proxy-Ingress Method
The primary ingress is responsible for starting the RSVP signaling The primary ingress is responsible for starting the RSVP signaling
for the proxy-ingress node. To do this, the following MUST be done for the proxy-ingress node. To do this, the following MUST be done
for the RSVP PATH message. for the RSVP PATH message.
1. Compute the EROs for the LSP as normal for the ingress. 1. Compute the EROs for the LSP as normal for the ingress.
2. If the selected backup ingress node is not the first node on the 2. If the selected backup ingress node is not the first node on the
path (for all sub-LSPs), then insert at the beginning of the ERO path (for all sub-LSPs), then insert at the beginning of the ERO
first the backup ingress node and then the ingress node. first the backup ingress node and then the ingress node.
skipping to change at page 14, line 13 skipping to change at page 15, line 41
Indicate whether facility backup is desired. Indicate whether facility backup is desired.
7. The RSVP PATH message is sent to the backup node as normal. 7. The RSVP PATH message is sent to the backup node as normal.
If the ingress detects that it can't communicate with the backup If the ingress detects that it can't communicate with the backup
ingress, then the ingress SHOULD instead send the PATH message to the ingress, then the ingress SHOULD instead send the PATH message to the
next-hop indicated in the ERO computed in step 1. Once the ingress next-hop indicated in the ERO computed in step 1. Once the ingress
detects that it can communicate with the backup ingress, the ingress detects that it can communicate with the backup ingress, the ingress
SHOULD follow the steps 1-7 to obtain ingress failure protection. SHOULD follow the steps 1-7 to obtain ingress failure protection.
When the ingress node receives an RSVP PATH message with an INGRESS- When the ingress node receives an RSVP PATH message with an
PROTECTION object and the object specifies that node as the ingress INGRESS_PROTECTION object and the object specifies that node as the
node and the PHOP as the backup ingress node, the ingress node SHOULD ingress node and the PHOP as the backup ingress node, the ingress
remove the INGRESS_PROTECTION object from the PATH message before node SHOULD remove the INGRESS_PROTECTION object from the PATH
sending it out. Additionally, the ingress node MUST store that it message before sending it out. Additionally, the ingress node MUST
will install ingress forwarding state for the LSP rather than store that it will install ingress forwarding state for the LSP
midpoint forwarding. rather than midpoint forwarding.
When an RSVP RESV message is received by the ingress, it uses the When an RSVP RESV message is received by the ingress, it uses the
NHOP to determine whether the message is received from the backup NHOP to determine whether the message is received from the backup
ingress or from a different node. The stored associated PATH message ingress or from a different node. The stored associated PATH message
contains an INGRESS_PROTECTION object that identifies the backup contains an INGRESS_PROTECTION object that identifies the backup
ingress node. If the RESV message is not from the backup node, then ingress node. If the RESV message is not from the backup node, then
ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION
object MUST be added to the RESV before it is sent to the NHOP, which object MUST be added to the RESV before it is sent to the NHOP, which
SHOULD be the backup node. If the RESV message is from the backup SHOULD be the backup node. If the RESV message is from the backup
node, then the LSP SHOULD be considered available for use. node, then the LSP SHOULD be considered available for use.
If the backup ingress node is on the forwarding path, then a RESV is If the backup ingress node is on the forwarding path, then a RESV is
received with an INGRESS_PROTECTION object and an NHOP that matches received with an INGRESS_PROTECTION object and an NHOP that matches
the backup ingress. In this case, the ingress node's address will the backup ingress. In this case, the ingress node's address will
not appear after the backup ingress in the RRO. The ingress node not appear after the backup ingress in the RRO. The ingress node
SHOULD set up ingress forwarding state, just as is done if the LSP SHOULD set up ingress forwarding state, just as is done if the LSP
weren't ingress-node protected. weren't ingress-node protected.
6.3. Backup Ingress Behavior 5.3. Backup Ingress Behavior
An LER determines that the ingress local protection is requested for An LER determines that the ingress local protection is requested for
an LSP if the INGRESS_PROTECTION object is included in the PATH an LSP if the INGRESS_PROTECTION object is included in the PATH
message it receives for the LSP. The LER can further determine that message it receives for the LSP. The LER can further determine that
it is the backup ingress if one of its addresses is in the Backup it is the backup ingress if one of its addresses is in the Backup
Ingress Address sub-object of the INGRESS_PROTECTION object. The LER Ingress Address sub-object of the INGRESS_PROTECTION object. The LER
as the backup ingress will assume full responsibility of the ingress as the backup ingress will assume full responsibility of the ingress
after the primary ingress fails. In addition, the LER determines after the primary ingress fails. In addition, the LER determines
that it is off-path if it is not any node of the LSP. that it is off-path if it is not any node of the LSP.
6.3.1. Backup Ingress Behavior in Off-path Case 5.3.1. Backup Ingress Behavior in Off-path Case
The backup ingress considers itself as a PLR and the primary ingress The backup ingress considers itself as a PLR and the primary ingress
as its next hop and provides a local protection for the primary as its next hop and provides a local protection for the primary
ingress. It behaves very similarly to a PLR providing fast-reroute ingress. It behaves very similarly to a PLR providing fast-reroute
where the primary ingress is considered as the failure-point to where the primary ingress is considered as the failure-point to
protect. Where not otherwise specified, the behavior given in protect. Where not otherwise specified, the behavior given in
[RFC4090] for a PLR applies. [RFC4090] for a PLR applies.
The backup ingress MUST follow the control-options specified in the The backup ingress MUST follow the control-options specified in the
INGRESS_PROTECTION object and the flags and specifications in the INGRESS_PROTECTION object and the flags and specifications in the
skipping to change at page 16, line 18 skipping to change at page 17, line 47
primary ingress, and tear down the one-to-one backup LSPs for primary ingress, and tear down the one-to-one backup LSPs for
protecting the primary ingress if one-to-one backup is used or unbind protecting the primary ingress if one-to-one backup is used or unbind
the facility backup LSPs if facility backup is used. the facility backup LSPs if facility backup is used.
When the backup ingress receives a PATH message from the primary When the backup ingress receives a PATH message from the primary
ingress for locally protecting the primary ingress of a protected ingress for locally protecting the primary ingress of a protected
LSP, it MUST check to see if any critical information has been LSP, it MUST check to see if any critical information has been
changed. If the next hops of the primary ingress are changed, the changed. If the next hops of the primary ingress are changed, the
backup ingress SHALL update its backup LSP(s) accordingly. backup ingress SHALL update its backup LSP(s) accordingly.
6.3.1.1. Relay-Message Method 5.3.1.1. Relay-Message Method
When the backup ingress receives a PATH message with an non empty When the backup ingress receives a PATH message with an non empty
INGRESS_PROTECTION object, it examines the object to learn what INGRESS_PROTECTION object, it examines the object to learn what
traffic associated with the LSP. It determines the next-hops to be traffic associated with the LSP. It determines the next-hops to be
merged to by examining the Label-Routes sub-object in the object. merged to by examining the Label-Routes sub-object in the object.
The backup ingress MUST store the PATH message received from the The backup ingress MUST store the PATH message received from the
primary ingress, but NOT forward it. primary ingress, but NOT forward it.
The backup ingress responds with a RESV to the PATH message received The backup ingress responds with a RESV message to the PATH message
from the primary ingress. If the INGRESS_PROTECTION object is not received from the primary ingress. If the backup ingress is off-
"empty", the backup ingress SHALL send the RESV message with the path, the LABEL object in the RESV message contains IMPLICIT-NULL.
state indicating protection is available after the backup LSP(s) are If the INGRESS_PROTECTION object is not "empty", the backup ingress
successfully established. SHALL send the RESV message with the state indicating protection is
available after the backup LSP(s) are successfully established.
6.3.1.2. Proxy-Ingress Method 5.3.1.2. Proxy-Ingress Method
The backup ingress determines the next-hops to be merged to by The backup ingress determines the next-hops to be merged to by
collecting the set of the pair of (IPv4/IPv6 sub-object, Label sub- collecting the set of the pair of (IPv4/IPv6 sub-object, Label sub-
object) from the Record Route Object of each RESV that are closest to object) from the Record Route Object of each RESV that are closest to
the top and not the Ingress router; this should be the second to the the top and not the Ingress router; this should be the second to the
top pair. If a Label-Routes sub-object is included in the top pair. If a Label-Routes sub-object is included in the
INGRESS_PROTECTION object, the included IPv4/IPv6 sub-objects are INGRESS_PROTECTION object, the included IPv4/IPv6 sub-objects are
used to filter the set down to the specific next-hops where used to filter the set down to the specific next-hops where
protection is desired. A RESV message MUST have been received before protection is desired. A RESV message MUST have been received before
the Backup Ingress can create or select the appropriate backup LSP. the Backup Ingress can create or select the appropriate backup LSP.
skipping to change at page 17, line 10 skipping to change at page 18, line 38
INGRESS_PROTECTION object, the backup ingress examines the object to INGRESS_PROTECTION object, the backup ingress examines the object to
learn what traffic associated with the LSP. The backup ingress learn what traffic associated with the LSP. The backup ingress
forwards the PATH message to the ingress node with the normal RSVP forwards the PATH message to the ingress node with the normal RSVP
changes. changes.
When the backup ingress receives a RESV message with the When the backup ingress receives a RESV message with the
INGRESS_PROTECTION object, the backup ingress records an IMPLICIT- INGRESS_PROTECTION object, the backup ingress records an IMPLICIT-
NULL label in the RRO. Then the backup ingress forwards the RESV NULL label in the RRO. Then the backup ingress forwards the RESV
message to the ingress node, which is acting for the proxy ingress. message to the ingress node, which is acting for the proxy ingress.
6.3.2. Backup Ingress Behavior in On-path Case 5.3.2. Backup Ingress Behavior in On-path Case
An LER as the backup ingress determines that it is on-path if one of An LER as the backup ingress determines that it is on-path if one of
its addresses is a next hop of the primary ingress (and for Proxy- its addresses is a next hop of the primary ingress (and for Proxy-
Ingress Method the primary ingress is not its next hop via checking Ingress Method the primary ingress is not its next hop via checking
the PATH message with the INGRESS_PROTECTION object received from the the PATH message with the INGRESS_PROTECTION object received from the
primary ingress). The LER on-path MUST send the corresponding PATH primary ingress). The LER on-path MUST send the corresponding PATH
messages without any INGRESS_PROTECTION object to its next hops. It messages without any INGRESS_PROTECTION object to its next hops. It
creates a number of backup P2P LSPs or a backup P2MP LSP from itself creates a number of backup P2P LSPs or a backup P2MP LSP from itself
to the other next hops (i.e., the next hops other than the backup to the other next hops (i.e., the next hops other than the backup
ingress) of the primary ingress. The other next hops are from the ingress) of the primary ingress. The other next hops are from the
skipping to change at page 17, line 48 skipping to change at page 19, line 27
backup P2MP LSP transmitting the traffic to the other next hops of backup P2MP LSP transmitting the traffic to the other next hops of
the primary ingress, where the traffic is merged into protected LSP. the primary ingress, where the traffic is merged into protected LSP.
During the local repair, the backup ingress MUST continue to send the During the local repair, the backup ingress MUST continue to send the
PATH messages to its next hops as before, keep the PATH message with PATH messages to its next hops as before, keep the PATH message with
the INGRESS_PROTECTION object received from the primary ingress and the INGRESS_PROTECTION object received from the primary ingress and
the RESV message with the INGRESS_PROTECTION object to be sent to the the RESV message with the INGRESS_PROTECTION object to be sent to the
primary ingress. It MUST set the "local protection in use" flag in primary ingress. It MUST set the "local protection in use" flag in
the RESV message. the RESV message.
6.3.3. Failure Detection and Refresh PATH Messages 5.3.3. Failure Detection and Refresh PATH Messages
As described in [RFC4090], it is necessary to refresh the PATH As described in [RFC4090], it is necessary to refresh the PATH
messages via the backup LSP(s). The Backup Ingress MUST wait to messages via the backup LSP(s). The Backup Ingress MUST wait to
refresh the PATH messages until it can accurately detect that the refresh the PATH messages until it can accurately detect that the
ingress node has failed. An example of such an accurate detection ingress node has failed. An example of such an accurate detection
would be that the IGP has no bi-directional links to the ingress node would be that the IGP has no bi-directional links to the ingress node
and the last change was long enough in the past that changes should or a BFD session to the primary ingress' loopback address has failed
have been received (i.e., an IGP network convergence time or and stayed failed after the network has reconverged.
approximately 2-3 seconds) or a BFD session to the primary ingress'
loopback address has failed and stayed failed after the network has
reconverged.
As described in [RFC4090 Section 6.4.3], the backup ingress, acting As described in [RFC4090 Section 6.4.3], the backup ingress, acting
as PLR, MUST modify and send any saved PATH messages associated with as PLR, MUST modify and send any saved PATH messages associated with
the primary LSP to the corresponding next hops through backup LSP(s). the primary LSP to the corresponding next hops through backup LSP(s).
Any PATH message sent will not contain any INGRESS_PROTECTION object. Any PATH message sent will not contain any INGRESS_PROTECTION object.
The RSVP_HOP object in the message contains an IP source address The RSVP_HOP object in the message contains an IP source address
belonging to the backup ingress. The sender template object has the belonging to the backup ingress. The sender template object has the
backup ingress address as its tunnel sender address. backup ingress address as its tunnel sender address.
6.4. Revertive Behavior 5.4. Revertive Behavior
Upon a failure event in the (primary) ingress of a protected LSP, the Upon a failure event in the (primary) ingress of a protected LSP, the
protected LSP is locally repaired by the backup ingress. There are a protected LSP is locally repaired by the backup ingress. There are a
couple of basic strategies for restoring the LSP to a full working couple of basic strategies for restoring the LSP to a full working
path. path.
- Revert to Primary Ingress: When the primary ingress is restored, - Revert to Primary Ingress: When the primary ingress is restored,
it re-signals each of the LSPs that start from the primary it re-signals each of the LSPs that start from the primary
ingress. The traffic for every LSP successfully re-signaled is ingress. The traffic for every LSP successfully re-signaled is
switched back to the primary ingress from the backup ingress. switched back to the primary ingress from the backup ingress.
- Global Repair by Backup Ingress: After determining that the - Global Repair by Backup Ingress: After determining that the
primary ingress of an LSP has failed, the backup ingress computes primary ingress of an LSP has failed, the backup ingress computes
a new optimal path, signals a new LSP along the new path, and a new optimal path, signals a new LSP along the new path, and
switches the traffic to the new LSP. switches the traffic to the new LSP.
6.4.1. Revert to Primary Ingress 5.4.1. Revert to Primary Ingress
If "Revert to Primary Ingress" is desired for a protected LSP, the If "Revert to Primary Ingress" is desired for a protected LSP, the
(primary) ingress of the LSP SHOULD re-signal the LSP that starts (primary) ingress of the LSP SHOULD re-signal the LSP that starts
from the primary ingress after the primary ingress restores. After from the primary ingress after the primary ingress restores. After
the LSP is re-signaled successfully, the traffic SHOULD be switched the LSP is re-signaled successfully, the traffic SHOULD be switched
back to the primary ingress from the backup ingress on the source back to the primary ingress from the backup ingress on the source
node and redirected into the LSP starting from the primary ingress. node and redirected into the LSP starting from the primary ingress.
The primary ingress can specify the "Revert to Ingress" control- The primary ingress can specify the "Revert to Ingress" control-
option in the INGRESS_PROTECTION object in the PATH messages to the option in the INGRESS_PROTECTION object in the PATH messages to the
backup ingress. After receiving the "Revert to Ingress" control- backup ingress. After receiving the "Revert to Ingress" control-
option, the backup ingress MUST stop sending/refreshing PATH messages option, the backup ingress MUST stop sending/refreshing PATH messages
for the protected LSP. for the protected LSP.
6.4.2. Global Repair by Backup Ingress 5.4.2. Global Repair by Backup Ingress
When the backup ingress has determined that the primary ingress of When the backup ingress has determined that the primary ingress of
the protected LSP has failed (e.g., via the IGP), it can compute a the protected LSP has failed (e.g., via the IGP), it can compute a
new path and signal a new LSP along the new path so that it no longer new path and signal a new LSP along the new path so that it no longer
relies upon local repair. To do this, the backup ingress MUST use relies upon local repair. To do this, the backup ingress MUST use
the same tunnel sender address in the Sender Template Object and the same tunnel sender address in the Sender Template Object and
allocate a LSP ID different from the one of the old LSP as the LSP-ID allocate a LSP ID different from the one of the old LSP as the LSP-ID
of the new LSP. This allows the new LSP to share resources with the of the new LSP. This allows the new LSP to share resources with the
old LSP. Alternately, the Backup Ingress can create a new LSP with old LSP. Alternately, the Backup Ingress can create a new LSP with
no bandwidth reservation that duplicates the path(s) of the protected no bandwidth reservation that duplicates the path(s) of the protected
LSP, move traffic to the new LSP, delete the protected LSP, and then LSP, move traffic to the new LSP, delete the protected LSP, and then
resignal the new LSP with bandwidth. resignal the new LSP with bandwidth.
7. Security Considerations 6. Security Considerations
In principle this document does not introduce new security issues. In principle this document does not introduce new security issues.
The security considerations pertaining to RFC 4090, RFC 4875 and The security considerations pertaining to RFC 4090, RFC 4875 and
other RSVP protocols remain relevant. other RSVP protocols remain relevant.
8. IANA Considerations 7. IANA Considerations
IANA is requested to administer the assignment of new values defined
in this document and summarized in this section.
8.1. A New Class Number
IANA maintains a registry called "Class Names, Class Numbers, and IANA maintains a registry called "Class Names, Class Numbers, and
Class Types" under "Resource Reservation Protocol-Traffic Engineering Class Types" under "Resource Reservation Protocol-Traffic Engineering
(RSVP-TE) Parameters". IANA is requested to assign a new Class (RSVP-TE) Parameters". IANA is requested to assign a new Class
Number for new object INGRESS_PROTECTION as follows: Number for new object INGRESS_PROTECTION as follows:
+====================+===============+============================+ +====================+===============+============================+
| Class Names | Class Numbers | Class Types | | Class Names | Class Numbers | Class Types |
+====================+===============+============================+ +====================+===============+============================+
| INGRESS_PROTECTION | 206 | 1: INGRESS_PROTECTION_IPv4 | | INGRESS_PROTECTION | 206 | 1: INGRESS_PROTECTION_IPv4 |
| | is suggested +----------------------------+ | | is suggested +----------------------------+
| | | 2: INGRESS_PROTECTION_IPv6 | | | | 2: INGRESS_PROTECTION_IPv6 |
+--------------------+---------------+----------------------------+ +--------------------+---------------+----------------------------+
IANA is requested to assign Types for new TLVs in the new objects as IANA is to create and maintain a new registry under
follows: INGRESS_PROTECTION:
Type Name Allowed in o Sub-object type - 206 INGRESS_PROTECTION
1 BACKUP_INGRESS_IPv4_ADDRESS INGRESS_PROTECTION_IPv4
2 BACKUP_INGRESS_IPv6_ADDRESS INGRESS_PROTECTION_IPv6
3 INGRESS_IPv4_ADDRESS INGRESS_PROTECTION_IPv4
4 INGRESS_IPv6_ADDRESS INGRESS_PROTECTION_IPv6
5 TRAFFIC_DESCRIPTOR_INTERFACE INGRESS_PROTECTION
6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX INGRESS_PROTECTION_IPv4
7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX INGRESS_PROTECTION_IPv6
8 TRAFFIC_DESCRIPTOR_APPLICATION INGRESS_PROTECTION
9 LabeL_Routes INGRESS_PROTECTION
9. Contributors Initial values for the registry are given below. The future
assignments are to be made through IETF Review.
Value Name Definition
1 BACKUP_INGRESS_IPv4_ADDRESS Section 4.1.1
2 BACKUP_INGRESS_IPv6_ADDRESS Section 4.1.2
3 INGRESS_IPv4_ADDRESS Section 4.1.3
4 INGRESS_IPv6_ADDRESS Section 4.1.4
5 TRAFFIC_DESCRIPTOR_INTERFACE Section 4.1.5
6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX Section 4.1.5
7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX Section 4.1.5
8 TRAFFIC_DESCRIPTOR_APPLICATION Section 4.1.5
9 LabeL_Routes Section 4.1.6
8. Co-authors and Contributors
1. Co-authors
Ning So
Tata Communications
2613 Fairbourne Cir.
Plano, TX 75082
USA
Email: ningso01@gmail.com
Autumn Liu
Ciena
USA
Email: hliu@ciena.com
Zhenbin Li
Huawei Technologies
Email: zhenbin.li@huawei.com
Yimin Shen
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: yshen@juniper.net
Tarek Saad
Cisco Systems
Email: tsaad@cisco.com
Fengman Xu
Verizon
2400 N. Glenville Dr
Richardson, TX 75082
USA
Email: fengman.xu@verizon.com
Mehmet Toy
Verizon
USA
Email: mehmet.toy@verizon.com
Lei Liu
USA
Email: liulei.kddi@gmail.com
2. Contributors
Renwei Li Renwei Li
Huawei Technologies Huawei Technologies
2330 Central Expressway 2330 Central Expressway
Santa Clara, CA 95050 Santa Clara, CA 95050
USA USA
Email: renwei.li@huawei.com Email: renwei.li@huawei.com
Quintin Zhao Quintin Zhao
Huawei Technologies Huawei Technologies
Boston, MA Boston, MA
USA USA
Email: quintin.zhao@huawei.com Email: quintin.zhao@huawei.com
Zhenbin Li
Huawei Technologies
2330 Central Expressway
Santa Clara, CA 95050
USA
Email: zhenbin.li@huawei.com
Boris Zhang Boris Zhang
Telus Communications Telus Communications
200 Consilium Pl Floor 15 200 Consilium Pl Floor 15
Toronto, ON M1H 3J3 Toronto, ON M1H 3J3
Canada Canada
Email: Boris.Zhang@telus.com Email: Boris.Zhang@telus.com
Markus Jork Markus Jork
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
USA USA
Email: mjork@juniper.net Email: mjork@juniper.net
10. Acknowledgement 9. Acknowledgement
The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric
Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia
Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath, Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath,
Gregory Mirsky, and Ronhazli Adam for their valuable comments and Gregory Mirsky, and Ronhazli Adam for their valuable comments and
suggestions on this draft. suggestions on this draft.
11. Normative References 10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, DOI 10.17487/ Label Switching Architecture", RFC 3031, DOI 10.17487/
RFC3031, January 2001, RFC3031, January 2001,
<http://www.rfc-editor.org/info/rfc3031>. <http://www.rfc-editor.org/info/rfc3031>.
skipping to change at page 22, line 5 skipping to change at page 24, line 33
DOI 10.17487/RFC4090, May 2005, DOI 10.17487/RFC4090, May 2005,
<http://www.rfc-editor.org/info/rfc4090>. <http://www.rfc-editor.org/info/rfc4090>.
[RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S.
Yasukawa, Ed., "Extensions to Resource Reservation Yasukawa, Ed., "Extensions to Resource Reservation
Protocol - Traffic Engineering (RSVP-TE) for Point-to- Protocol - Traffic Engineering (RSVP-TE) for Point-to-
Multipoint TE Label Switched Paths (LSPs)", RFC 4875, Multipoint TE Label Switched Paths (LSPs)", RFC 4875,
DOI 10.17487/RFC4875, May 2007, DOI 10.17487/RFC4875, May 2007,
<http://www.rfc-editor.org/info/rfc4875>. <http://www.rfc-editor.org/info/rfc4875>.
Appendix A. Problem Summary 10.2. Informative References
There is a need for a fast and efficient protection against the
failure of the ingress node of a MPLS TE LSP (either P2MP LSP or P2P
LSP).
For a MPLS TE LSP, protecting the failures of its transit nodes using
fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875
for P2MP LSP. However, protecting the failure of its ingress node
using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS
Transport Profile (MPLS-TP) Linear Protection described in RFC 6378
can provide a protection against the failure of any transit node of a
LSP between the ingress node and the egress node of the LSP, but
cannot protect against the failure of the ingress node.
To protect against the failure of the (primary) ingress node of a
primary end to end P2MP (or P2P) TE LSP, a typical existing solution
is to set up a secondary backup end to end P2MP (or P2P) TE LSP from
a backup ingress node, which is different from the primary ingress
node, to the backup egress nodes (or node), which are (or is)
different from the primary egress nodes (or node) of the primary LSP.
For a P2MP TE LSP, on each of the primary (and backup) egress nodes,
a P2P LSP is created from the egress node to its primary (backup)
ingress node and configured with BFD. This is used to detect the
failure of the primary (backup) ingress node for the receiver to
switch to the backup (or primary) egress node to receive the traffic
after the primary (or backup) ingress node fails when both the
primary LSP and the secondary LSP carry the traffic. In addition,
FRR may be used to provide protections against the failures of the
transit nodes and the links of the primary and secondary end to end
TE LSPs.
There are a number of issues in this solution, which are briefed as
follows:
o It consumes lots of network resources. Double states need to be
maintained in the network since two end to end TE LSPs are
created. Double link bandwidth is reserved and used when both the
primary and the secondary end to end TE LSPs carry the traffic at
the same time.
o More operations are needed, which include the configurations of
two end to end TE LSPs and BFDs from each of the egress nodes to
its corresponding ingress node.
o The detection of the failure of the ingress node may not be
reliable. Any failure on the path of the BFD from an egress node
to an ingress node may cause the BFD down to indicate the failure
of the ingress node.
o The speed of protection against the failure of the ingress node
may be slow.
The ingress local protection proposed in this draft will resolve the
above issues.
The Pseudowire (PW) protection in PALS is a different level
protection than the TE LSP tunnel protection in TEAS. The former is
about protecting a PW, which is one level above an LSP tunnel.
Draft "Dual-Homing Protection for MPLS and MPLS-TP Pseudowires" in
PALS describes a framework and several scenarios for Pseudowire (PW)
dual-homing protection, which protects the failures in the Attachment
Circuit (AC) or PW side. For protecting a working PW (against the
failure of the primary PW ingress such as PE1), an end-to-end
protection PW from a backup PW ingress such as PE2 is created. The
protection PW crosses the network from a PE connecting to a CE to
another PE connecting to another CE.
Appendix B. Authors' Addresses
Huaimo Chen
Huawei Technologies
Boston, MA
USA
Email: huaimo.chen@huawei.com
Raveendra Torvi
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: rtorvi@juniper.net
Ning So
Tata Communications
2613 Fairbourne Cir.
Plano, TX 75082
USA
Email: ningso01@gmail.com
Autumn Liu [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher,
Ericsson N., and A. Fulignoli, Ed., "MPLS Transport Profile
300 Holger Way (MPLS-TP) Linear Protection", RFC 6378, DOI 10.17487/
San Jose, CA 95134 RFC6378, October 2011,
USA <http://www.rfc-editor.org/info/rfc6378>.
Email: autumn.liu@ericsson.com
Yimin Shen Authors' Addresses
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: yshen@juniper.net
Tarek Saad Huaimo Chen (editor)
Cisco Systems Huawei Technologies
Email: tsaad@cisco.com Boston, MA
USA
Fengman Xu Email: huaimo.chen@huawei.com
Verizon Raveendra Torvi (editor)
2400 N. Glenville Dr Juniper Networks
Richardson, TX 75082 10 Technology Park Drive
USA Westford, MA 01886
Email: fengman.xu@verizon.com USA
Mehmet Toy Email: rtorvi@juniper.net
USA
Email: mtoy054@yahoo.com
Lei Liu
USA
Email: liulei.kddi@gmail.com
 End of changes. 76 change blocks. 
289 lines changed or deleted 297 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/