draft-ietf-teas-rsvp-ingress-protection-13.txt   draft-ietf-teas-rsvp-ingress-protection-14.txt 
Internet Engineering Task Force H. Chen, Ed. Internet Engineering Task Force H. Chen, Ed.
Internet-Draft Huawei Technologies Internet-Draft Huawei Technologies
Intended status: Experimental R. Torvi, Ed. Intended status: Experimental R. Torvi, Ed.
Expires: August 17, 2018 Juniper Networks Expires: September 1, 2018 Juniper Networks
February 13, 2018 February 28, 2018
Extensions to RSVP-TE for LSP Ingress FRR Protection Extensions to RSVP-TE for LSP Ingress FRR Protection
draft-ietf-teas-rsvp-ingress-protection-13.txt draft-ietf-teas-rsvp-ingress-protection-14.txt
Abstract Abstract
This document describes extensions to Resource Reservation Protocol - This document describes extensions to Resource Reservation Protocol -
Traffic Engineering (RSVP-TE) for locally protecting the ingress node Traffic Engineering (RSVP-TE) for locally protecting the ingress node
of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic
Engineered (TE) Label Switched Path (LSP). The procedures described Engineered (TE) Label Switched Path (LSP). It extends the fast-
in this document are experimental. reroute (FRR) protection for transit nodes of an LSP to the ingress
node of the LSP. The procedures described in this document are
experimental.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 17, 2018. This Internet-Draft will expire on September 1, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Ingress Local Protection . . . . . . . . . . . . . . . . . 4 1.1. Ingress Local Protection Example . . . . . . . . . . . . . 4
1.2. Ingress Local Protection Overview . . . . . . . . . . . . 5
2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 5 2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 5
2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 5 2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 6
2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 5 2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 6
3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 6 3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 7
3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 6 3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 7
4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 7 4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 8
4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 7 4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 8
4.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 8 4.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 10
4.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 9 4.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 10
4.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 9 4.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 11
4.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 10 4.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 11
4.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 10 4.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 12
4.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 11 4.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 12
5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 11 5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 13
5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 12 5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13
5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 12 5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 14
5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 13 5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 15
5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 14 5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 15
5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 15 5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 16
5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 16 5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 17
5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 16 5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 18
5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 18 5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 20
5.3.3. Failure Detection and Refresh PATH Messages . . . . . 19 5.3.3. Failure Detection and Refresh PATH Messages . . . . . 21
5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 20 5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 21
5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 20 5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 21
5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 20 5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 22
6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 6. Security Considerations . . . . . . . . . . . . . . . . . . . 22
7. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 21 7. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 22
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
9. Co-authors and Contributors . . . . . . . . . . . . . . . . . 22 9. Co-authors and Contributors . . . . . . . . . . . . . . . . . 23
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 24 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
11.1. Normative References . . . . . . . . . . . . . . . . . . . 24 11.1. Normative References . . . . . . . . . . . . . . . . . . . 26
11.2. Informative References . . . . . . . . . . . . . . . . . . 25 11.2. Informative References . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
For a MPLS TE LSP, protecting the failures of its transit nodes using For a MPLS TE LSP, protecting the failures of its transit nodes using
fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875 fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875
for P2MP LSP. However, protecting the failure of its ingress node for P2MP LSP. However, protecting the failure of its ingress node
using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS
Transport Profile (MPLS-TP) Linear Protection described in RFC 6378 Transport Profile (MPLS-TP) Linear Protection described in RFC 6378
can provide a protection against the failure of any transit node of a can provide a protection against the failure of any transit node of a
LSP between the ingress node and the egress node of the LSP, but LSP between the ingress node and the egress node of the LSP, but
cannot protect against the failure of the ingress node. cannot protect against the failure of the ingress node.
To protect against the failure of the (primary) ingress node of a To protect against the failure of the (primary) ingress node of a
primary end to end P2MP (or P2P) TE LSP, a typical existing solution primary end to end P2MP (or P2P) TE LSP, a typical existing solution
is to set up a secondary backup end to end P2MP (or P2P) TE LSP from is to set up a secondary backup end to end P2MP (or P2P) TE LSP. The
a backup ingress node, which is different from the primary ingress backup LSP is from a backup ingress node to backup egress nodes (or
node, to the backup egress nodes (or node), which are (or is) node). The backup ingress node is different from the primary ingress
different from the primary egress nodes (or node) of the primary LSP. node. The backup egress nodes (or node) are (or is) different from
For a P2MP TE LSP, on each of the primary (and backup) egress nodes, the primary egress nodes (or node) of the primary LSP. For a P2MP TE
a P2P LSP is created from the egress node to its primary (backup) LSP, on each of the primary (and backup) egress nodes, a P2P LSP is
ingress node and configured with BFD. This is used to detect the created from the egress node to its primary (backup) ingress node and
failure of the primary (backup) ingress node for the receiver to configured with BFD. This is used to detect the failure of the
switch to the backup (or primary) egress node to receive the traffic primary (backup) ingress node for the receiver to switch to the
after the primary (or backup) ingress node fails when both the backup (or primary) egress node to receive the traffic after the
primary LSP and the secondary LSP carry the traffic. In addition, primary (or backup) ingress node fails when both the primary LSP and
FRR may be used to provide protections against the failures of the the secondary LSP carry the traffic. In addition, FRR may be used to
transit nodes and the links of the primary and secondary end to end provide protections against the failures of the transit nodes and the
TE LSPs. links of the primary and secondary end to end TE LSPs.
There are a number of issues in this solution, which are briefed as There are a number of issues in this solution:
follows:
o It consumes lots of network resources. Double states need to be o It consumes lots of network resources. Double states need to be
maintained in the network since two end to end TE LSPs are maintained in the network since two end to end TE LSPs are
created. Double link bandwidth is reserved and used when both the created. Double link bandwidth is reserved and used when both the
primary and the secondary end to end TE LSPs carry the traffic at primary and the secondary end to end TE LSPs carry the traffic at
the same time. the same time.
o More operations are needed, which include the configurations of o More operations are needed, which include the configuration of two
two end to end TE LSPs and BFDs from each of the egress nodes to end to end TE LSPs and BFDs from each of the egress nodes to its
its corresponding ingress node. corresponding ingress node.
o The detection of the failure of the ingress node may not be o The detection of the failure of the ingress node may not be
reliable. Any failure on the path of the BFD from an egress node reliable. Any failure on the path of the BFD from an egress node
to an ingress node may cause the BFD down to indicate the failure to an ingress node may cause the BFD to indicate the failure of
of the ingress node. the ingress node.
o The speed of protection against the failure of the ingress node o The speed of protection against the failure of the ingress node
may be slow. may be slow.
This specification defines a simple extension to RSVP-TE for local This specification defines a simple extension to RSVP-TE for local
protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve
these issues. Ingress local protection and ingress FRR protection these issues. Ingress local protection and ingress FRR protection
will be used exchangeably. will be used exchangeably.
Note that this document is experimental. Two different approaches Note that this document is experimental. Two different approaches
are proposed to transfer the information for ingress protection. are proposed to transfer the information for ingress protection.
They both use the same new INGRESS_PROTECTION object, which is sent They both use the same new INGRESS_PROTECTION object, which is sent
in both PATH and RESV messages between a primary ingress and a backup in both PATH and RESV messages between a primary ingress and a backup
ingress. One approach is Relay-Message Method (refer to section ingress. One approach is Relay-Message Method (refer to section
5.1.1 and 5.2.1), the other is Proxy-Ingress Method (refer to section 5.1.1 and 5.2.1), the other is Proxy-Ingress Method (refer to section
5.1.2 and 5.2.2). Each of them has its advantages and disadvantages. 5.1.2 and 5.2.2). Each of them has its advantages and disadvantages.
It is hard to decide which one is used as a standard approach now. It is hard to decide which one is used as a standard approach now.
After one approach is selected, the document SHOULD become proposed After one approach is selected, the document will be revised to
standard. reflect that selection and any other items learned from the
experiment. The revised document is expected to be submitted for
publication on the standards track.
1.1. Ingress Local Protection 1.1. Ingress Local Protection Example
Figure 1 shows an example of using a backup P2MP LSP to locally Figure 1 shows an example of using a backup P2MP LSP to locally
protect the ingress of a primary P2MP LSP, which is from ingress Ia protect the ingress of a primary P2MP LSP, which is from ingress Ia
to three egresses: L1, L2 and L3. The backup LSP is from backup to three egresses: L1, L2 and L3. The backup LSP is from backup
ingress Ib to the next hops R2 and R4 of ingress Ia. ingress Ib to the next hops R2 and R4 of ingress Ia.
******* ******* S Source ******* ******* S Source
[R2]-----[R3]-----[L1] Ix Ingress [R2]-----[R3]-----[L1] Ix Ingress
*/ & Rx Transit */ & Rx Transit
*/ & Lx Egress */ & Lx Egress
skipping to change at page 5, line 15 skipping to change at page 5, line 17
When source S detects the failure of Ia, it switches the traffic to When source S detects the failure of Ia, it switches the traffic to
backup ingress Ib, which imports the traffic from S into the backup backup ingress Ib, which imports the traffic from S into the backup
LSP to Ia's next hops R2 and R4, where the traffic is merged into the LSP to Ia's next hops R2 and R4, where the traffic is merged into the
primary LSP, and then sent to egresses L1, L2 and L3. primary LSP, and then sent to egresses L1, L2 and L3.
Note that the backup ingress is one logical hop away from the Note that the backup ingress is one logical hop away from the
ingress. A logical hop is a direct link or a tunnel such as a GRE ingress. A logical hop is a direct link or a tunnel such as a GRE
tunnel, over which RSVP-TE messages may be exchanged. tunnel, over which RSVP-TE messages may be exchanged.
1.2. Ingress Local Protection Overview
There are four parts in ingress local protection:
o Setting up the necessary backup LSP forwarding state based on the
information received for ingress local protection;
o Detecting the primary ingress failure and providing the fast
repair (as discussed in Sections 2 and 3);
o Maintaining the RSVP-TE control plane state until a global repair
is done; and
o Performing the global repair(see Section 5.4).
The primary ingress of a primary LSP sends the backup ingress the
information for ingress protection in a PATH message with a new
INGRESS_PROTECTION object. The backup ingress sets up the backup
LSP(s) and forwarding state after receiving the necessary information
for ingress protection. And then it sends the primary ingress the
status of ingress protection in a RESV message with a new
INGRESS_PROTECTION object.
When the primary ingress fails, the backup ingress sends or refreshes
the next hops of the primary ingress the PATH messages without any
INGRESS_PROTECTION object after verifying the failure. Thus the
RSVP-TE control plane state of the primary LSP is maintained.
2. Ingress Failure Detection 2. Ingress Failure Detection
Exactly how to detect the failure of the ingress is out of scope. Exactly how to detect the failure of the ingress is out of scope.
However, it is necessary to discuss different modes for detecting the However, it is necessary to discuss different modes for detecting the
failure because they determine what is the required behavior for the failure because they determine what is the required behavior for the
source and backup ingress. source and backup ingress.
2.1. Source Detects Failure 2.1. Source Detects Failure
Source Detects Failure or Source-Detect for short means that the Source Detects Failure or Source-Detect for short means that the
source is responsible for fast detecting the failure of the primary source is responsible for fast detecting the failure of the primary
ingress of an LSP. The backup ingress is ready to import the traffic ingress of an LSP. Fast detecting the failure means detecting the
from the source into the backup LSP(s) after the backup LSP(s) is up. failure in a few or tens of milliseconds. The backup ingress is
ready to import the traffic from the source into the backup LSP(s)
after the backup LSP(s) is up.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. When the source detects the failure of the primary ingress, ingress. When the source detects the failure of the primary ingress,
it switches the traffic to the backup ingress, which delivers the it switches the traffic to the backup ingress, which delivers the
traffic to the next hops of the primary ingress through the backup traffic to the next hops of the primary ingress through the backup
LSP(s), where the traffic is merged into the primary LSP. LSP(s), where the traffic is merged into the primary LSP.
For an LSP, after the primary ingress fails, the backup ingress MUST For an LSP, after the primary ingress fails, the backup ingress MUST
use a method to reliably detect the failure of the primary ingress use a method to verify the failure of the primary ingress before the
before the PATH message for the LSP expires at the next hop of the PATH message for the LSP expires at the next hop of the primary
primary ingress. After reliably detecting the failure, the backup ingress. After verifying the failure, the backup ingress sends/
ingress sends/refreshes the PATH message to the next hop through the refreshes the PATH message to the next hop through the backup LSP as
backup LSP as needed. The method may detect the failure of the needed. The method may verify the failure of the primary ingress
primary ingress slowly such as in seconds. slowly such as in seconds.
After the primary ingress fails, it will not be reachable after After the primary ingress fails, it will not be reachable after
routing convergence. Thus checking whether the primary ingress routing convergence. Thus checking whether the primary ingress
(address) is reachable is a possible method. (address) is reachable is a possible method.
When the previously failed primary ingress of a primary LSP becomes
available again and the primary LSP has recovered from its primary
ingress, the source may switches the traffic to the primary ingress
from the backup ingress. A operator may control the traffic switch
through using a command on the source node after seeing that the
primary LSP has recovered.
2.2. Backup and Source Detect Failure 2.2. Backup and Source Detect Failure
Backup and Source Detect Failure or Backup-Source-Detect for short Backup and Source Detect Failure or Backup-Source-Detect for short
means that both the backup ingress and the source are concurrently means that both the backup ingress and the source are concurrently
responsible for fast detecting the failure of the primary ingress. responsible for fast detecting the failure of the primary ingress.
Note that one of the differences between Source-Detect and Backup-
Source-Detect is: in the former, the backup ingress verifies the
failure of the primary ingress slowly such as in seconds; in the
latter, the backup ingress detects the failure fast such as in a few
or tens of milliseconds.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. It switches the traffic to the backup ingress when it ingress. It switches the traffic to the backup ingress when it
detects the failure of the primary ingress. detects the failure of the primary ingress.
The backup ingress does not import any traffic from the source into The backup ingress does not import any traffic from the source into
the backup LSP in normal operations. When it detects the failure of the backup LSP in normal operations. When it detects the failure of
the primary ingress, it imports the traffic from the source into the the primary ingress, it imports the traffic from the source into the
backup LSP to the next hops of the primary ingress, where the traffic backup LSP to the next hops of the primary ingress, where the traffic
is merged into the primary LSP. is merged into the primary LSP.
skipping to change at page 6, line 29 skipping to change at page 7, line 25
3. Backup Forwarding State 3. Backup Forwarding State
Before the primary ingress fails, the backup ingress is responsible Before the primary ingress fails, the backup ingress is responsible
for creating the necessary backup LSPs. These LSPs might be multiple for creating the necessary backup LSPs. These LSPs might be multiple
bypass P2P LSPs that avoid the ingress. Alternately, the backup bypass P2P LSPs that avoid the ingress. Alternately, the backup
ingress could choose to use a single backup P2MP LSP as a bypass or ingress could choose to use a single backup P2MP LSP as a bypass or
detour to protect the primary ingress of a primary P2MP LSP. detour to protect the primary ingress of a primary P2MP LSP.
The backup ingress may be off-path or on-path of an LSP. If a backup The backup ingress may be off-path or on-path of an LSP. If a backup
ingress is not any node of the LSP, we call it is off-path. If a ingress is not any node of the LSP, it is off-path. If a backup
backup ingress is a next-hop of the primary ingress of the LSP, we ingress is a next-hop of the primary ingress of the LSP, it is on-
call it is on-path. When a backup ingress for protecting the primary path. When a backup ingress for protecting the primary ingress is
ingress is configured or computed, the backup ingress MUST not be on configured, the backup ingress MUST not be on the LSP except for it
the LSP except for it is the next hop of the primary ingress. If it is the next hop of the primary ingress. If it is on-path, the
is on-path, the primary forwarding state associated with the primary primary forwarding state associated with the primary LSP SHOULD be
LSP SHOULD be clearly separated from the backup LSP(s) state. clearly separated from the backup LSP(s) state.
3.1. Forwarding State for Backup LSP 3.1. Forwarding State for Backup LSP
A forwarding entry for a backup LSP is created on the backup ingress A forwarding entry for a backup LSP is created on the backup ingress
after the LSP is set up. Depending on the failure-detection mode after the LSP is set up. Depending on the failure-detection mode
(e.g., source-detect), it may be used to forward received traffic or (e.g., source-detect), it may be used to forward received traffic or
simply be inactive (e.g., backup-source-detect) until required. In simply be inactive (e.g., backup-source-detect) until required. In
either case, when the primary ingress fails, this entry is used to either case, when the primary ingress fails, this entry is used to
import the traffic into the backup LSP to the next hops of the import the traffic into the backup LSP to the next hops of the
primary ingress, where the traffic is merged into the primary LSP. primary ingress, where the traffic is merged into the primary LSP.
The forwarding entry for a backup LSP is a local implementation The forwarding entry for a backup LSP is a local implementation
issue. In one device, it may have an inactive flag. This inactive issue. In one device, it may have an inactive flag. This inactive
forwarding entry is not used to forward any traffic normally. When forwarding entry is not used to forward any traffic normally. When
the primary ingress fails, it is changed to active, and thus the the primary ingress fails, it is changed to active, and thus the
traffic from the source is imported into the backup LSP. traffic from the source is imported into the backup LSP.
4. Protocol Extensions 4. Protocol Extensions
A new object INGRESS_PROTECTION is defined for signaling ingress A new object INGRESS_PROTECTION is defined for signaling ingress
local protection. It is backward compatible. local protection. The primary ingress of a primary LSP sends the
backup ingress this object in a PATH message. In this case, the
object contains the information needed to set up ingress protection.
The information includes:
o Backup ingress IP address indicating the backup ingress,
o Traffic Descriptor describing the traffic that the primary LSP
transports, this traffic is imported into the backup LSP(s) on the
backup ingress when the primary ingress fails,
o Label and Routes indicating the first hops of the primary LSP,
each of which is paired with its label, and
o Desire options on ingress protection such as P2MP option
indicating a desire to use a backup P2MP LSP to protect the
primary ingress of a primary P2MP LSP.
The backup ingress sends the primary ingress this object in a RESV
message. In this case, the object contains the information about the
status on the ingress protection.
4.1. INGRESS_PROTECTION Object 4.1. INGRESS_PROTECTION Object
The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
message is used to control the backup for protecting the primary message is used to control the backup for protecting the primary
ingress of a primary LSP. The primary ingress MUST insert this ingress of a primary LSP. The primary ingress MUST insert this
object into the PATH message to be sent to the backup ingress for object into the PATH message to be sent to the backup ingress for
protecting the primary ingress. It has the following format: protecting the primary ingress. It has the following format:
Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IPv4 Class-Num = TBD (Using 37 PROTECTION is suggested)
C-Type = 2 for INGRESS_PROTECTION_IPv6 C-Type = 4 for INGRESS_PROTECTION
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (bytes) | Class-Num | C-Type | | Length (bytes) | Class-Num | C-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (zero) | NUB | Flags | Options | | Reserved (zero) | NUB | Flags | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ (Subobjects) ~ ~ (Subobjects) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
NUB Number of Unprotected Branches NUB Number of Unprotected Branches
skipping to change at page 8, line 14 skipping to change at page 9, line 43
o Ingress local protection available: The backup ingress MUST set o Ingress local protection available: The backup ingress MUST set
this flag after backup LSPs are up and ready for locally this flag after backup LSPs are up and ready for locally
protecting the primary ingress. The backup ingress sends this to protecting the primary ingress. The backup ingress sends this to
the primary ingress to indicate that the primary ingress is the primary ingress to indicate that the primary ingress is
locally protected. locally protected.
o Ingress local protection in use: The backup ingress MUST set this o Ingress local protection in use: The backup ingress MUST set this
flag when it detects a failure in the primary ingress and actively flag when it detects a failure in the primary ingress and actively
redirects the traffic into the backup LSPs. The backup ingress redirects the traffic into the backup LSPs. The backup ingress
keeps it and does not send it to the primary ingress since the records this flag and does not send any RESV message with this
primary ingress is down. flag to the primary ingress since the primary ingress is down.
o Bandwidth protection: The backup ingress MUST set this flag if the o Bandwidth protection: The backup ingress MUST set this flag if the
backup LSPs guarantee to provide desired bandwidth for the backup LSPs guarantee to provide desired bandwidth for the
protected LSP against the primary ingress failure. protected LSP against the primary ingress failure.
The options are used by the primary ingress to specify the desired The options are used by the primary ingress to specify the desired
behavior to the backup ingress. behavior to the backup ingress.
o Revert to Ingress: The primary ingress sets this option indicating o Revert to Ingress: The primary ingress sets this option indicating
that the traffic for the primary LSP successfully re-signaled will that the traffic for the primary LSP successfully re-signaled will
be switched back to the primary ingress from the backup ingress be switched back to the primary ingress from the backup ingress
when the primary ingress is restored. when the primary ingress is restored.
o P2MP Backup: This option is set to ask for the backup ingress to o P2MP Backup: This option is set to ask for the backup ingress to
use P2MP backup LSP to protect the primary ingress. use backup P2MP LSP to protect the primary ingress.
The INGRESS_PROTECTION object may contain some sub objects of The INGRESS_PROTECTION object may contain some sub objects of
following format: following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |Reserved (zero)| | Type | Length |Reserved (zero)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contents/Body of subobject | | Contents/Body of subobject |
skipping to change at page 11, line 17 skipping to change at page 12, line 46
IPv6 address prefix, whose length, in bits, is specified by the IPv6 address prefix, whose length, in bits, is specified by the
prefix length, padded to a byte boundary. prefix length, padded to a byte boundary.
o Application Traffic (Type TBD8): Each of the Traffic Elements is a o Application Traffic (Type TBD8): Each of the Traffic Elements is a
32 bit identifier of an application, from which the traffic is 32 bit identifier of an application, from which the traffic is
imported into the backup LSP. imported into the backup LSP.
4.1.6. Subobject: Label-Routes 4.1.6. Subobject: Label-Routes
The INGRESS_PROTECTION object in a PATH message from the primary The INGRESS_PROTECTION object in a PATH message from the primary
ingress to the backup ingress will have a Label-Routes sub object ingress to the backup ingress may have a Label-Routes sub object
containing the labels and routes that the next hops of the ingress containing the labels and routes that the next hops of the ingress
use. The Type of the sub object is TBD9. The sub object has the use. The Type of the sub object is TBD9. The sub object has the
following body: following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Subobjects ~ ~ Subobjects ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Subobjects in the Label-Routes are copied from those in the The Subobjects in the Label-Routes are copied from those in the
RECORD_ROUTE objects in the RESV messages that the primary ingress RECORD_ROUTE objects in the RESV messages that the primary ingress
receives from its next hops for the primary LSP. They MUST contain receives from its next hops for the primary LSP. They MUST contain
the first hops of the LSP, each of which is paired with its label. the first hops of the LSP, each of which is paired with its label.
5. Behavior of Ingress Protection 5. Behavior of Ingress Protection
5.1. Overview 5.1. Overview
There are four parts of ingress protection: 1) setting up the
necessary backup LSP forwarding state based on the information for
ingress protection; 2) identifying the failure and providing the fast
repair (as discussed in Sections 3 and 4); 3) maintaining the RSVP-TE
control plane state until a global repair is done; and 4) performing
the global repair(see Section 6.4).
There are two different proposed signaling approaches to transfer the There are two different proposed signaling approaches to transfer the
information for ingress protection. They both use the same new information for ingress protection. They both use the same new
INGRESS_PROTECTION object. The object is sent in both PATH and RESV INGRESS_PROTECTION object. The object is sent in both PATH and RESV
messages. messages.
5.1.1. Relay-Message Method 5.1.1. Relay-Message Method
The primary ingress relays the information for ingress protection of The primary ingress relays the information for ingress protection of
an LSP to the backup ingress via PATH messages. Once the LSP is an LSP to the backup ingress via PATH messages. Once the LSP is
created, the ingress of the LSP sends the backup ingress a PATH created, the ingress of the LSP sends the backup ingress a PATH
skipping to change at page 12, line 22 skipping to change at page 13, line 42
provides sufficient information for the backup ingress to create the provides sufficient information for the backup ingress to create the
appropriate forwarding state and backup LSP(s). appropriate forwarding state and backup LSP(s).
The ingress also sends the backup ingress all the other PATH messages The ingress also sends the backup ingress all the other PATH messages
for the LSP with an empty INGRESS_PROTECTION object. An for the LSP with an empty INGRESS_PROTECTION object. An
INGRESS_PROTECTION object without any Traffic-Descriptor sub-object INGRESS_PROTECTION object without any Traffic-Descriptor sub-object
is called an empty INGRESS_PROTECTION object. Thus, the backup is called an empty INGRESS_PROTECTION object. Thus, the backup
ingress has access to all the PATH messages needed for modification ingress has access to all the PATH messages needed for modification
to refresh control-plane state after a failure. to refresh control-plane state after a failure.
The empty INGRESS_PROTECTION object is for efficient process of The empty INGRESS_PROTECTION object is for efficient processing of
ingress protection for a P2MP LSP. For a P2MP LSP, its primary ingress protection for a P2MP LSP. For a P2MP LSP, its primary
ingress may have more than one PATH messages, each of which is sent ingress may have more than one PATH messages, each of which is sent
to a next hop along a branch of the P2MP LSP. The PATH message along to a next hop along a branch of the P2MP LSP. The PATH message along
a branch will be selected and sent to the backup ingress with an a branch will be selected and sent to the backup ingress with an
INGRESS_PROTECTION object containing the Traffic-Descriptor sub- INGRESS_PROTECTION object containing the Traffic-Descriptor sub-
object; all the PATH messages along the other branches will be sent object; all the PATH messages along the other branches will be sent
to the backup ingress containing an INGRESS_PROTECTION object without to the backup ingress containing an INGRESS_PROTECTION object without
any Traffic-Descriptor sub-object (empty INGRESS_PROTECTION object). any Traffic-Descriptor sub-object (empty INGRESS_PROTECTION object).
For a P2MP LSP, the backup ingress only needs one Traffic-Descriptor.
The advantages of this method include: 1) the primary LSP is For a P2MP LSP, the backup ingress only needs one Traffic-Descriptor.
independent of the backup ingress; 2) simple; 3) less configuration;
and 4) less control traffic.
5.1.2. Proxy-Ingress Method 5.1.2. Proxy-Ingress Method
Conceptually, a proxy ingress is created that starts the RSVP Conceptually, a proxy ingress is created that starts the RSVP
signaling. The explicit path of the LSP goes from the proxy ingress signaling. The explicit path of the LSP goes from the proxy ingress
to the backup ingress and then to the real ingress. The behavior and to the backup ingress and then to the real ingress. The behavior and
signaling for the proxy ingress is done by the real ingress; the use signaling for the proxy ingress is done by the real ingress; the use
of a proxy ingress address avoids problems with loop detection. Note of a proxy ingress address avoids problems with loop detection. Note
that the proxy ingress MUST reside within the same router as the real that the proxy ingress MUST reside within the same router as the real
ingress. ingress.
skipping to change at page 13, line 33 skipping to change at page 14, line 45
add the backup ingress and itself to the ERO and start forwarding the add the backup ingress and itself to the ERO and start forwarding the
PATH messages to the backup ingress. PATH messages to the backup ingress.
Slightly different behavior can apply for the on-path and off-path Slightly different behavior can apply for the on-path and off-path
cases. In the on-path case, the backup ingress is a next hop node cases. In the on-path case, the backup ingress is a next hop node
after the ingress for the LSP. In the off-path, the backup ingress after the ingress for the LSP. In the off-path, the backup ingress
is not any next-hop node after the ingress for all associated sub- is not any next-hop node after the ingress for all associated sub-
LSPs. LSPs.
The key advantage of this approach is that it minimizes the special The key advantage of this approach is that it minimizes the special
handling code requires. Because the backup ingress is on the handling code required. Because the backup ingress is on the
signaling path, it can receive various notifications. It easily has signaling path, it can receive various notifications. It easily has
access to all the PATH messages needed for modification to be sent to access to all the PATH messages needed for modification to be sent to
refresh control-plane state after a failure. refresh control-plane state after a failure.
5.2. Ingress Behavior 5.2. Ingress Behavior
The primary ingress MUST be configured with a couple of pieces of The primary ingress MUST be configured with a couple of pieces of
information for ingress protection. information for ingress protection.
o Backup Ingress Address: The primary ingress MUST know an IP o Backup Ingress Address: The primary ingress MUST know the IP
address for it to be included in the INGRESS_PROTECTION object. address of the backup ingress it wants to be used before it can
use the INGRESS_PROTECTION object.
o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The
Proxy-Ingress-Id is only used in the Record Route Object for Proxy-Ingress-Id is only used in the Record Route Object for
recording the proxy-ingress. If no proxy-ingress-id is specified, recording the proxy-ingress. If no proxy-ingress-id is specified,
then a local interface address that will not otherwise be included then a local interface address that will not otherwise be included
in the Record Route Object can be used. A similar technique is in the Record Route Object can be used. A similar technique is
used in [RFC4090 Sec 6.1.1]. used in [RFC4090 Sec 6.1.1].
o Application Traffic Identifier: The primary ingress and backup o Application Traffic Identifier: The primary ingress and backup
ingress MUST both know what application traffic should be directed ingress MUST both know what application traffic should be directed
skipping to change at page 16, line 50 skipping to change at page 18, line 19
ingress. It behaves very similarly to a PLR providing fast-reroute ingress. It behaves very similarly to a PLR providing fast-reroute
where the primary ingress is considered as the failure-point to where the primary ingress is considered as the failure-point to
protect. Where not otherwise specified, the behavior given in protect. Where not otherwise specified, the behavior given in
[RFC4090] for a PLR applies. [RFC4090] for a PLR applies.
The backup ingress MUST follow the control-options specified in the The backup ingress MUST follow the control-options specified in the
INGRESS_PROTECTION object and the flags and specifications in the INGRESS_PROTECTION object and the flags and specifications in the
FAST-REROUTE object. This applies to providing a P2MP backup if the FAST-REROUTE object. This applies to providing a P2MP backup if the
"P2MP backup" is set, a one-to-one backup if "one-to-one desired" is "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is
set, facility backup if the "facility backup desired" is set, and set, facility backup if the "facility backup desired" is set, and
backup paths that support the desired bandwidth, and administrative- backup paths that support the desired bandwidth, and administrative
colors that are requested. groups that are requested.
If multiple non empty INGRESS_PROTECTION objects have been received If multiple non empty INGRESS_PROTECTION objects have been received
via multiple PATH messages for the same LSP, then the most recent one via multiple PATH messages for the same LSP, then the most recent one
MUST be the one used. MUST be the one used.
The backup ingress creates the appropriate forwarding state for the The backup ingress creates the appropriate forwarding state for the
backup LSP tunnel(s) to the merge point(s). backup LSP tunnel(s) to the merge point(s).
When the backup ingress sends a RESV message to the primary ingress, When the backup ingress sends a RESV message to the primary ingress,
it MUST add an INGRESS_PROTECTION object into the message. It MUST it MUST add an INGRESS_PROTECTION object into the message. It MUST
skipping to change at page 21, line 8 skipping to change at page 22, line 23
allocate a LSP ID different from the one of the old LSP as the LSP-ID allocate a LSP ID different from the one of the old LSP as the LSP-ID
of the new LSP. This allows the new LSP to share resources with the of the new LSP. This allows the new LSP to share resources with the
old LSP. Alternately, the Backup Ingress can create a new LSP with old LSP. Alternately, the Backup Ingress can create a new LSP with
no bandwidth reservation that duplicates the path(s) of the protected no bandwidth reservation that duplicates the path(s) of the protected
LSP, move traffic to the new LSP, delete the protected LSP, and then LSP, move traffic to the new LSP, delete the protected LSP, and then
resignal the new LSP with bandwidth. resignal the new LSP with bandwidth.
6. Security Considerations 6. Security Considerations
In principle this document does not introduce new security issues. In principle this document does not introduce new security issues.
The security considerations pertaining to RFC 4090, RFC 4875 and The security considerations pertaining to RFC 4090, RFC 4875, RFC
other RSVP protocols remain relevant. 2205 and RFC 3209 remain relevant.
7. Compatibility 7. Compatibility
This extension reuses and extends semantics and procedures defined in This extension reuses and extends semantics and procedures defined in
RFC 2205, RFC 3209, RFC 4090 and RFC 4875 to support ingress RFC 2205, RFC 3209, RFC 4090 and RFC 4875 to support ingress
protection. One new object is defined to indicate ingress protection protection. One new object is defined to indicate ingress protection
with class numbers in the form 0bbbbbbb. Per RFC 2205, a node not with class numbers in the form 0bbbbbbb. Per RFC 2205, a node not
supporting this extension will not recognize the new class number and supporting this extension will not recognize the new class number and
should respond with an "Unknown Object Class" error. The error should respond with an "Unknown Object Class" error. The error
message will propagate to the ingress, which can then take action to message will propagate to the ingress, which can then take action to
avoid the incompatible node as a backup ingress or may simply avoid the incompatible node as a backup ingress or may simply
terminate the session. terminate the session.
8. IANA Considerations 8. IANA Considerations
IANA maintains a registry called "Class Names, Class Numbers, and IANA maintains a registry called "Class Names, Class Numbers, and
Class Types" under "Resource Reservation Protocol-Traffic Engineering Class Types" under "Resource Reservation Protocol (RSVP) Parameters".
(RSVP-TE) Parameters". Upon approval of this document, IANA is Upon approval of this document, IANA is requested to assign a new
requested to assign a new Class Number of form 0bbbbbbb for new Class Type or C-Type under Class Number 37 and Class Name PROTECTION
object INGRESS_PROTECTION located at <http://www.iana.org/ located at <https://www.iana.org/assignments/rsvp-parameters/
assignments/rsvp-te-parameters/rsvp-te-parameters.xhtml>, as follows: rsvpparameters.xhtml#rsvp-parameters-39>, as follows:
+====================+===============+============================+
| Class Names | Class Numbers | Class Types |
+====================+===============+============================+
| INGRESS_PROTECTION | TBD | 1: INGRESS_PROTECTION_IPv4 |
| |(124 suggested)+----------------------------+
| | | 2: INGRESS_PROTECTION_IPv6 |
+--------------------+---------------+----------------------------+
When this document moves to standards track, IANA is requested to
create and maintain a new registry under INGRESS_PROTECTION located
at <http://www.iana.org/assignments/rsvp-te-parameters/
rsvp-te-parameters.xhtml>.
o Sub-object type - TBD INGRESS_PROTECTION Value Description Reference
----- ----------- ---------
4 Type 4 INGRESS_PROTECTION This Document
Initial values for the registry are given below. The future It is anticipated that the future document that moves the idea to the
assignments are to be made through IETF Review. standard track expects IANA to create and maintain a new registry
under PROTECTION object class, Class Number 37, C-Type 4. Initial
values for the registry are given below. The future assignments are
to be made through IETF Review.
Value Name Definition Value Name Definition
1 BACKUP_INGRESS_IPv4_ADDRESS Section 4.1.1 ----- ---- ----------
2 BACKUP_INGRESS_IPv6_ADDRESS Section 4.1.2 0 Reserved
3 INGRESS_IPv4_ADDRESS Section 4.1.3 1 BACKUP_INGRESS_IPv4_ADDRESS Section 4.1.1
4 INGRESS_IPv6_ADDRESS Section 4.1.4 2 BACKUP_INGRESS_IPv6_ADDRESS Section 4.1.2
5 TRAFFIC_DESCRIPTOR_INTERFACE Section 4.1.5 3 INGRESS_IPv4_ADDRESS Section 4.1.3
6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX Section 4.1.5 4 INGRESS_IPv6_ADDRESS Section 4.1.4
7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX Section 4.1.5 5 TRAFFIC_DESCRIPTOR_INTERFACE Section 4.1.5
8 TRAFFIC_DESCRIPTOR_APPLICATION Section 4.1.5 6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX Section 4.1.5
9 LABEL_ROUTES Section 4.1.6 7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX Section 4.1.5
8 TRAFFIC_DESCRIPTOR_APPLICATION Section 4.1.5
9 LABEL_ROUTES Section 4.1.6
10-127 Unassigned
128-255 Reserved
9. Co-authors and Contributors 9. Co-authors and Contributors
1. Co-authors 1. Co-authors
Autumn Liu Autumn Liu
Ciena Ciena
USA USA
Email: hliu@ciena.com Email: hliu@ciena.com
 End of changes. 35 change blocks. 
138 lines changed or deleted 192 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/