draft-ietf-teas-rsvp-ingress-protection-17.txt   rfc8424.txt 
Internet Engineering Task Force H. Chen, Ed. Internet Engineering Task Force (IETF) H. Chen, Ed.
Internet-Draft Huawei Technologies Request for Comments: 8424 Huawei Technologies
Intended status: Experimental R. Torvi, Ed. Category: Experimental R. Torvi, Ed.
Expires: September 19, 2018 Juniper Networks ISSN: 2070-1721 Juniper Networks
March 18, 2018 August 2018
Extensions to RSVP-TE for LSP Ingress FRR Protection Extensions to RSVP-TE for Label Switched Path (LSP)
draft-ietf-teas-rsvp-ingress-protection-17.txt Ingress Fast Reroute (FRR) Protection
Abstract Abstract
This document describes extensions to Resource Reservation Protocol - This document describes extensions to Resource Reservation Protocol -
Traffic Engineering (RSVP-TE) for locally protecting the ingress node Traffic Engineering (RSVP-TE) for locally protecting the ingress node
of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic
Engineered (TE) Label Switched Path (LSP). It extends the fast- Engineered (TE) Label Switched Path (LSP). It extends the Fast
reroute (FRR) protection for transit nodes of an LSP to the ingress Reroute (FRR) protection for transit nodes of an LSP to the ingress
node of the LSP. The procedures described in this document are node of the LSP. The procedures described in this document are
experimental. experimental.
Status of this Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document is not an Internet Standards Track specification; it is
Task Force (IETF). Note that other groups may also distribute published for examination, experimental implementation, and
working documents as Internet-Drafts. The list of current Internet- evaluation.
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document defines an Experimental Protocol for the Internet
and may be updated, replaced, or obsoleted by other documents at any community. This document is a product of the Internet Engineering
time. It is inappropriate to use Internet-Drafts as reference Task Force (IETF). It represents the consensus of the IETF
material or to cite them other than as "work in progress." community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are candidates for any level of
Internet Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on September 19, 2018. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8424.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document.
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Ingress Local Protection Example . . . . . . . . . . . . . 4 1.1. Ingress Local Protection Example . . . . . . . . . . . . 5
1.2. Ingress Local Protection Overview . . . . . . . . . . . . 5 1.2. Ingress Local Protection Overview . . . . . . . . . . . . 6
2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 6 2. Conventions Used in This Document . . . . . . . . . . . . . . 7
2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 6 3. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 7
2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 7 3.1. Source Detects Failure . . . . . . . . . . . . . . . . . 7
3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 7 3.2. Backup and Source Detect Failure . . . . . . . . . . . . 8
3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 8 4. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 9
4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 8 4.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 9
4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 8 5. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 9
4.1.1. Class Number and Class Type . . . . . . . . . . . . . 9 5.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 10
4.1.2. Object Format . . . . . . . . . . . . . . . . . . . . 9 5.1.1. Class Number and Class Type . . . . . . . . . . . . . 10
4.1.3. Subobject: Backup Ingress IPv4 Address . . . . . . . . 10 5.1.2. Object Format . . . . . . . . . . . . . . . . . . . . 11
4.1.4. Subobject: Backup Ingress IPv6 Address . . . . . . . . 11 5.1.3. Subobject: Backup Ingress IPv4 Address . . . . . . . 12
4.1.5. Subobject: Ingress IPv4 Address . . . . . . . . . . . 11 5.1.4. Subobject: Backup Ingress IPv6 Address . . . . . . . 13
4.1.6. Subobject: Ingress IPv6 Address . . . . . . . . . . . 12 5.1.5. Subobject: Ingress IPv4 Address . . . . . . . . . . . 13
4.1.7. Subobject: Traffic Descriptor . . . . . . . . . . . . 12 5.1.6. Subobject: Ingress IPv6 Address . . . . . . . . . . . 13
4.1.8. Subobject: Label-Routes . . . . . . . . . . . . . . . 13 5.1.7. Subobject: TRAFFIC_DESCRIPTOR . . . . . . . . . . . . 14
5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 13 5.1.8. Subobject: Label-Routes . . . . . . . . . . . . . . . 15
5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 13 6. Behavior of Ingress Protection . . . . . . . . . . . . . . . 15
5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 14 6.1.1. Relay-Message Method . . . . . . . . . . . . . . . . 15
5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 15 6.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . 16
5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 16 6.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . 17
5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 16 6.2.1. Relay-Message Method . . . . . . . . . . . . . . . . 17
5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 18 6.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . 18
5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 18 6.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 19
5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 20 6.3.1. Backup Ingress Behavior in the Off-Path Case . . . . 20
5.3.3. Failure Detection and Refresh PATH Messages . . . . . 21 6.3.2. Backup Ingress Behavior in the On-Path Case . . . . . 22
5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 21 6.3.3. Failure Detection and Refresh PATH Messages . . . . . 23
5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 22 6.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . 23
5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 22 6.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 24
6. Security Considerations . . . . . . . . . . . . . . . . . . . 22 6.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 24
7. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 22 7. Security Considerations . . . . . . . . . . . . . . . . . . . 24
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 8. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 24
9. Co-authors and Contributors . . . . . . . . . . . . . . . . . 23 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 25 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 10.1. Normative References . . . . . . . . . . . . . . . . . . 25
11.1. Normative References . . . . . . . . . . . . . . . . . . . 25 10.2. Informative References . . . . . . . . . . . . . . . . . 26
11.2. Informative References . . . . . . . . . . . . . . . . . . 26 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
1. Introduction 1. Introduction
For a MPLS TE LSP, protecting the failures of its transit nodes using For an MPLS Traffic Engineered (TE) Label Switched Path (LSP),
fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875 protecting the failures of its transit nodes using Fast Reroute (FRR)
for P2MP LSP. However, protecting the failure of its ingress node is covered in [RFC4090] for Point-to-Point (P2P) LSPs and [RFC4875]
using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS for Point-to-Multipoint (P2MP) LSPs. However, protecting the failure
Transport Profile (MPLS-TP) Linear Protection described in RFC 6378 of its ingress node using FRR is not covered in either [RFC4090] or
can provide a protection against the failure of any transit node of a [RFC4875]. The MPLS Transport Profile (MPLS-TP) Linear Protection
LSP between the ingress node and the egress node of the LSP, but described in [RFC6378] can provide a protection against the failure
cannot protect against the failure of the ingress node. of any transit node of an LSP between the ingress node and the egress
node of the LSP, but it cannot protect against the failure of the
ingress node.
To protect against the failure of the (primary) ingress node of a To protect against the failure of the (primary) ingress node of a
primary end to end P2MP (or P2P) TE LSP, a typical existing solution primary end-to-end P2MP (or P2P) TE LSP, a typical existing solution
is to set up a secondary backup end to end P2MP (or P2P) TE LSP. The is to set up a secondary backup end-to-end P2MP (or P2P) TE LSP. The
backup LSP is from a backup ingress node to backup egress nodes (or backup LSP is from a backup ingress node to backup egress nodes (or
node). The backup ingress node is different from the primary ingress node). The backup ingress node is different from the primary ingress
node. The backup egress nodes (or node) are (or is) different from node. The backup egress nodes (or node) are (or is) different from
the primary egress nodes (or node) of the primary LSP. For a P2MP TE the primary egress nodes (or node) of the primary LSP. For a P2MP TE
LSP, on each of the primary (and backup) egress nodes, a P2P LSP is LSP, on each of the primary (and backup) egress nodes, a P2P LSP is
created from the egress node to its primary (backup) ingress node and created from the egress node to its primary (backup) ingress node and
configured with BFD. This is used to detect the failure of the configured with Bidirectional Forwarding Detection (BFD). This is
primary (backup) ingress node for the receiver to switch to the used to detect the failure of the primary (backup) ingress node for
backup (or primary) egress node to receive the traffic after the the receiver to switch to the backup (or primary) egress node to
primary (or backup) ingress node fails when both the primary LSP and receive the traffic after the primary (or backup) ingress node fails
the secondary LSP carry the traffic. In addition, FRR may be used to when both the primary LSP and the secondary LSP carry the traffic.
provide protections against the failures of the transit nodes and the In addition, FRR may be used to provide protections against the
links of the primary and secondary end to end TE LSPs. failures of the transit nodes and the links of the primary and
secondary end-to-end TE LSPs.
There are a number of issues in this solution: There are a number of issues in this solution:
o It consumes lots of network resources. Double states need to be o It consumes lots of network resources. Double states need to be
maintained in the network since two end to end TE LSPs are maintained in the network since two end-to-end TE LSPs are
created. Double link bandwidth is reserved and used when both the created. Double link bandwidth is reserved and used when both the
primary and the secondary end to end TE LSPs carry the traffic at primary and the secondary end-to-end TE LSPs carry the traffic at
the same time. the same time.
o More operations are needed, which include the configuration of two o More operations are needed, which include the configuration of two
end to end TE LSPs and BFDs from each of the egress nodes to its end-to-end TE LSPs and BFDs from each of the egress nodes to its
corresponding ingress node. corresponding ingress node.
o The detection of the failure of the ingress node may not be o The detection of the failure of the ingress node may not be
reliable. Any failure on the path of the BFD from an egress node reliable. Any failure on the path of the BFD from an egress node
to an ingress node may cause the BFD to indicate the failure of to an ingress node may cause the BFD to indicate the failure of
the ingress node. the ingress node.
o The speed of protection against the failure of the ingress node o The speed of protection against the failure of the ingress node
may be slow. may be slow.
This specification defines a simple extension to RSVP-TE for local This specification defines a simple extension to RSVP-TE for local
protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve
these issues. Ingress local protection and ingress FRR protection these issues. Ingress local protection and ingress FRR protection
will be used exchangeably. will be used interchangeably.
Note that this document is experimental. Two different approaches Note that this document is an Experimental RFC. Two different
are proposed to transfer the information for ingress protection. approaches are proposed to transfer the information for ingress
They both use the same new INGRESS_PROTECTION object, which is sent protection. They both use the same new INGRESS_PROTECTION object,
in both PATH and RESV messages between a primary ingress and a backup which is sent in both PATH and RESV messages between a primary
ingress. One approach is Relay-Message Method (refer to section ingress and a backup ingress. One approach is the Relay-Message
5.1.1 and 5.2.1), the other is Proxy-Ingress Method (refer to section Method (refer to Sections 6.1.1 and 6.2.1), the other is the Proxy-
5.1.2 and 5.2.2). Each of them has its advantages and disadvantages. Ingress Method (refer to Sections 6.1.2 and 6.2.2). Each of them has
It is hard to decide which one is used as a standard approach now. advantages and disadvantages. It is hard to decide which one is used
It is expected that the experiment on the ingress local protection as a standard approach now. It is expected that the experiment on
with these two approaches provides quantities to help choose one. the ingress local protection with these two approaches will provide
The quantities include the numbers on control traffic, states, codes quantities to help choose one. The quantities include the numbers on
and operations. After one approach is selected, the document will be control traffic, states, codes, and operations. After one approach
revised to reflect that selection and any other items learned from is selected, the document will be revised to reflect that selection
the experiment. The revised document is expected to be submitted for and any other items learned from the experiment. The revised
publication on the standards track. document is expected to be submitted for publication on the standards
track.
1.1. Ingress Local Protection Example 1.1. Ingress Local Protection Example
Figure 1 shows an example of using a backup P2MP LSP to locally Figure 1 shows an example of using a backup P2MP LSP to locally
protect the ingress of a primary P2MP LSP, which is from ingress Ia protect the ingress of a primary P2MP LSP, which is from ingress Ia
to three egresses: L1, L2 and L3. The backup LSP is from backup to three egresses: L1, L2, and L3. The backup LSP is from backup
ingress Ib to the next hops R2 and R4 of ingress Ia. ingress Ib to the next hops of ingress Ia: R2 and R4.
******* ******* S Source ******* ******* S Source
[R2]-----[R3]-----[L1] Ix Ingress [R2]-----[R3]-----[L1] Ix Ingress
*/ & Rx Transit */ & Rx Transit
*/ & Lx Egress */ & Lx Egress
*/ & *** Primary LSP */ & *** Primary LSP
*/ & &&& Backup LSP across */ & &&& Backup LSP across
*/ & logical hop */ & Logical Hop
*/ & */ &
*/ ******** ******** ******* */ ******** ******** *******
[S]---[Ia]--------[R4]------[R5]-----[L2] [S]---[Ia]--------[R4]------[R5]-----[L2]
\ | & & *\ \ | & & *\
\ | & & *\ \ | & & *\
\ | & & *\ \ | & & *\
\ | & & *\ \ | & & *\
\ | & & *\ \ | & & *\
\ |& & *\ \ |& & *\
[Ib]&&& [L3] [Ib]&&& [L3]
Figure 1: Ingress Local Protection Figure 1: Ingress Local Protection
In normal operations, source S sends the traffic to primary ingress In normal operations, source S sends the traffic to primary ingress
Ia. Ia imports the traffic into the primary LSP. Ia. Ia imports the traffic into the primary LSP.
When source S detects the failure of Ia, it switches the traffic to When source S detects the failure of Ia, it switches the traffic to
backup ingress Ib, which imports the traffic from S into the backup backup ingress Ib, which imports the traffic from S into the backup
LSP to Ia's next hops R2 and R4, where the traffic is merged into the LSP to Ia's next hops, R2 and R4, where the traffic is merged into
primary LSP, and then sent to egresses L1, L2 and L3. the primary LSP and then sent to egresses L1, L2, and L3.
Note that the backup ingress is one logical hop away from the Note that the backup ingress is one logical hop away from the
ingress. A logical hop is a direct link or a tunnel such as a GRE ingress. A logical hop is a direct link or a tunnel (such as a GRE
tunnel, over which RSVP-TE messages may be exchanged. tunnel) over which RSVP-TE messages may be exchanged.
1.2. Ingress Local Protection Overview 1.2. Ingress Local Protection Overview
There are four parts in ingress local protection: There are four parts in ingress local protection:
o Setting up the necessary backup LSP forwarding state based on the o setting up the necessary backup LSP forwarding state based on the
information received for ingress local protection; information received for ingress local protection;
o Detecting the primary ingress failure and providing the fast o detecting the primary ingress failure and providing the fast
repair (as discussed in Sections 2 and 3); repair (as discussed in Sections 3 and 4);
o Maintaining the RSVP-TE control plane state until a global repair o maintaining the RSVP-TE control-plane state until a global repair
is done; and is done; and,
o Performing the global repair(see Section 5.4.2). o performing the global repair (see Section 6.4.2).
The primary ingress of a primary LSP sends the backup ingress the The primary ingress of a primary LSP sends the backup ingress the
information for ingress protection in a PATH message with a new information for ingress protection in a PATH message with a new
INGRESS_PROTECTION object. The backup ingress sets up the backup INGRESS_PROTECTION object. The backup ingress sets up the backup
LSP(s) and forwarding state after receiving the necessary information LSP(s) and forwarding state after receiving the necessary information
for ingress protection. And then it sends the primary ingress the for ingress protection. Then, it sends the primary ingress the
status of ingress protection in a RESV message with a new status of ingress protection in a RESV message with a new
INGRESS_PROTECTION object. INGRESS_PROTECTION object.
When the primary ingress fails, the backup ingress sends or refreshes When the primary ingress fails, the backup ingress sends or refreshes
the next hops of the primary ingress the PATH messages without any the next hops of the primary ingress the PATH messages without any
INGRESS_PROTECTION object after verifying the failure. Thus the INGRESS_PROTECTION object after verifying the failure. Thus, the
RSVP-TE control plane state of the primary LSP is maintained. RSVP-TE control-plane state of the primary LSP is maintained.
2. Ingress Failure Detection 2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Ingress Failure Detection
Exactly how to detect the failure of the ingress is out of scope. Exactly how to detect the failure of the ingress is out of scope.
However, it is necessary to discuss different modes for detecting the However, it is necessary to discuss different modes for detecting the
failure because they determine what is the required behavior for the failure because they determine what is the required behavior for the
source and backup ingress. source and backup ingress.
2.1. Source Detects Failure 3.1. Source Detects Failure
Source Detects Failure or Source-Detect for short means that the Source Detects Failure, or Source-Detect for short, means that the
source is responsible for fast detecting the failure of the primary source is responsible for "fast detecting" the failure of the primary
ingress of an LSP. Fast detecting the failure means detecting the ingress of an LSP. Fast detecting the failure means detecting the
failure in a few or tens of milliseconds. The backup ingress is failure in a few or tens of milliseconds. The backup ingress is
ready to import the traffic from the source into the backup LSP(s) ready to import the traffic from the source into the backup LSP(s)
after the backup LSP(s) is up. after the backup LSP(s) is up.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. When the source detects the failure of the primary ingress, ingress. When the source detects the failure of the primary ingress,
it switches the traffic to the backup ingress, which delivers the it switches the traffic to the backup ingress, which delivers the
traffic to the next hops of the primary ingress through the backup traffic to the next hops of the primary ingress through the backup
LSP(s), where the traffic is merged into the primary LSP. LSP(s), where the traffic is merged into the primary LSP.
For an LSP, after the primary ingress fails, the backup ingress MUST For an LSP, after the primary ingress fails, the backup ingress MUST
use a method to verify the failure of the primary ingress before the use a method to verify the failure of the primary ingress before the
PATH message for the LSP expires at the next hop of the primary PATH message for the LSP expires at the next hop of the primary
ingress. After verifying the failure, the backup ingress sends/ ingress. After verifying the failure, the backup ingress sends/
refreshes the PATH message to the next hop through the backup LSP as refreshes the PATH message to the next hop through the backup LSP as
needed. The method may verify the failure of the primary ingress needed. The method may verify the failure of the primary ingress
slowly such as in seconds. slowly, such as in seconds.
After the primary ingress fails, it will not be reachable after After the primary ingress fails, it will not be reachable after
routing convergence. Thus checking whether the primary ingress routing convergence. Thus, checking whether the primary ingress
(address) is reachable is a possible method. (address) is reachable is a possible method.
When the previously failed primary ingress of a primary LSP becomes When the previously failed primary ingress of a primary LSP becomes
available again and the primary LSP has recovered from its primary available again and the primary LSP has recovered from its primary
ingress, the source may switch the traffic to the primary ingress ingress, the source may switch the traffic to the primary ingress
from the backup ingress. A operator may control the traffic switch from the backup ingress. An operator may control the traffic switch
through using a command on the source node after seeing that the through using a command on the source node after seeing that the
primary LSP has recovered. primary LSP has recovered.
2.2. Backup and Source Detect Failure 3.2. Backup and Source Detect Failure
Backup and Source Detect Failure or Backup-Source-Detect for short Backup and Source Detect Failure, or Backup-Source-Detect for short,
means that both the backup ingress and the source are concurrently means that both the backup ingress and the source are concurrently
responsible for fast detecting the failure of the primary ingress. responsible for fast detecting the failure of the primary ingress.
Note that one of the differences between Source-Detect and Backup- Note that one of the differences between Source-Detect and Backup-
Source-Detect is: in the former, the backup ingress verifies the Source-Detect is the following: in the former, the backup ingress
failure of the primary ingress slowly such as in seconds; in the verifies the failure of the primary ingress slowly, such as in
latter, the backup ingress detects the failure fast such as in a few seconds; in the latter, the backup ingress detects the failure fast,
or tens of milliseconds. such as in a few or tens of milliseconds.
In normal operations, the source sends the traffic to the primary In normal operations, the source sends the traffic to the primary
ingress. It switches the traffic to the backup ingress when it ingress. It switches the traffic to the backup ingress when it
detects the failure of the primary ingress. detects the failure of the primary ingress.
The backup ingress does not import any traffic from the source into The backup ingress does not import any traffic from the source into
the backup LSP in normal operations. When it detects the failure of the backup LSP in normal operations. When it detects the failure of
the primary ingress, it imports the traffic from the source into the the primary ingress, it imports the traffic from the source into the
backup LSP to the next hops of the primary ingress, where the traffic backup LSP to the next hops of the primary ingress, where the traffic
is merged into the primary LSP. is merged into the primary LSP.
The source-detect is preferred. It is simpler than the backup- The Source-Detect is preferred. It is simpler than the Backup-
source-detect, which needs both the source and the backup ingress Source-Detect, which needs both the source and the backup ingress to
detect the ingress failure quickly. detect the ingress failure quickly.
3. Backup Forwarding State 4. Backup Forwarding State
Before the primary ingress fails, the backup ingress is responsible Before the primary ingress fails, the backup ingress is responsible
for creating the necessary backup LSPs. These LSPs might be multiple for creating the necessary backup LSPs. These LSPs might be multiple
bypass P2P LSPs that avoid the ingress. Alternately, the backup bypass P2P LSPs that avoid the ingress. Alternately, the backup
ingress could choose to use a single backup P2MP LSP as a bypass or ingress could choose to use a single backup P2MP LSP as a bypass or
detour to protect the primary ingress of a primary P2MP LSP. detour to protect the primary ingress of a primary P2MP LSP.
The backup ingress may be off-path or on-path of an LSP. If a backup The backup ingress may be "off path" or "on path" of an LSP. If a
ingress is not any node of the LSP, it is off-path. If a backup backup ingress is not any node of the LSP, it is off path. If a
ingress is a next-hop of the primary ingress of the LSP, it is on- backup ingress is a next hop of the primary ingress of the LSP, it is
path. When a backup ingress for protecting the primary ingress is on path. When a backup ingress for protecting the primary ingress is
configured, the backup ingress MUST not be on the LSP except for it configured, the backup ingress MUST not be on the LSP except for if
is the next hop of the primary ingress. If it is on-path, the it is the next hop of the primary ingress. If it is on path, the
primary forwarding state associated with the primary LSP SHOULD be primary forwarding state associated with the primary LSP SHOULD be
clearly separated from the backup LSP(s) state. clearly separated from the backup LSP(s) state.
3.1. Forwarding State for Backup LSP 4.1. Forwarding State for Backup LSP
A forwarding entry for a backup LSP is created on the backup ingress A forwarding entry for a backup LSP is created on the backup ingress
after the LSP is set up. Depending on the failure-detection mode after the LSP is set up. Depending on the failure-detection mode
(e.g., source-detect), it may be used to forward received traffic or (e.g., Source-Detect), it may be used to forward received traffic or
simply be inactive (e.g., backup-source-detect) until required. In simply be inactive (e.g., Backup-Source-Detect) until required. In
either case, when the primary ingress fails, this entry is used to either case, when the primary ingress fails, this entry is used to
import the traffic into the backup LSP to the next hops of the import the traffic into the backup LSP to the next hops of the
primary ingress, where the traffic is merged into the primary LSP. primary ingress, where the traffic is merged into the primary LSP.
The forwarding entry for a backup LSP is a local implementation The forwarding entry for a backup LSP is a local implementation
issue. In one device, it may have an inactive flag. This inactive issue. In one device, it may have an inactive flag. This inactive
forwarding entry is not used to forward any traffic normally. When forwarding entry is not used to forward any traffic normally. When
the primary ingress fails, it is changed to active, and thus the the primary ingress fails, it is changed to active; thus, the traffic
traffic from the source is imported into the backup LSP. from the source is imported into the backup LSP.
4. Protocol Extensions 5. Protocol Extensions
A new object INGRESS_PROTECTION is defined for signaling ingress A new object, INGRESS_PROTECTION, is defined for signaling ingress
local protection. The primary ingress of a primary LSP sends the local protection. The primary ingress of a primary LSP sends the
backup ingress this object in a PATH message. In this case, the backup ingress this object in a PATH message. In this case, the
object contains the information needed to set up ingress protection. object contains the information needed to set up ingress protection.
The information includes: The information includes:
o Backup ingress IP address indicating the backup ingress, o the Backup Ingress IP Address, which indicates the backup ingress;
o Traffic Descriptor describing the traffic that the primary LSP o the TRAFFIC_DESCRIPTOR, which describes the traffic that the
transports, this traffic is imported into the backup LSP(s) on the primary LSP transports (this traffic is imported into the backup
backup ingress when the primary ingress fails, LSP(s) on the backup ingress when the primary ingress fails);
o Label and Routes indicating the first hops of the primary LSP, o the Labels and Routes, which indicate the first hops of the
each of which is paired with its label, and primary LSP, each of which is paired with its label; and,
o Desire options on ingress protection such as P2MP option o the Desire options on ingress protection, such as a P2MP option,
indicating a desire to use a backup P2MP LSP to protect the which indicates a desire to use a backup P2MP LSP to protect the
primary ingress of a primary P2MP LSP. primary ingress of a primary P2MP LSP.
The backup ingress sends the primary ingress this object in a RESV The backup ingress sends the primary ingress this object in a RESV
message. In this case, the object contains the information about the message. In this case, the object contains the information about the
status on the ingress protection. status on the ingress protection.
4.1. INGRESS_PROTECTION Object 5.1. INGRESS_PROTECTION Object
4.1.1. Class Number and Class Type
5.1.1. Class Number and Class Type
The Class Number for the INGRESS_PROTECTION object MUST be of the The Class Number for the INGRESS_PROTECTION object MUST be of the
form 0bbbbbbb to enable implementations that do not recognize the form 0bbbbbbb to enable implementations that do not recognize the
object to reject the entire message and return an "Unknown Object object to reject the entire message and return an "Unknown Object
Class" error [RFC2205]. It is suggested that a Class Number value Class" error [RFC2205]. It is suggested that a Class Number value
from the Private Use range (124-127) [RFC3936] specified for the from the Private Use range (124-127) [RFC3936] specified for the
0bbbbbbb octet be chosen for this experiment. It is also suggested 0bbbbbbb octet be chosen for this experiment. It is also suggested
that a Class Type value of 1 be used for this object in this that a Class Type value of 1 be used for this object in this
experiment. experiment.
The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
message is used to control the backup for protecting the primary message is used to control the backup for protecting the primary
ingress of a primary LSP. The primary ingress MUST insert this ingress of a primary LSP. The primary ingress MUST insert this
object into the PATH message to be sent to the backup ingress for object into the PATH message to be sent to the backup ingress for
protecting the primary ingress. protecting the primary ingress.
4.1.2. Object Format 5.1.2. Object Format
The INGRESS_PROTECTION object has the following format: The INGRESS_PROTECTION object has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (bytes) | Class-Num | C-Type | | Length (bytes) | Class-Num | C-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (zero) | NUB | Flags | Options | | Reserved (zero) | NUB | Flags | Options |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ (Subobjects) ~ ~ (Subobjects) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
NUB Number of Unprotected Branches
Flags Flags
0x01 Ingress local protection available 0x01 Ingress local protection available
0x02 Ingress local protection in use 0x02 Ingress local protection in use
0x04 Bandwidth protection 0x04 Bandwidth protection
Options Options
0x01 Revert to Ingress 0x01 Revert to Ingress
0x02 P2MP Backup 0x02 P2MP Backup
For protecting the ingress of a P2MP LSP, if the backup ingress For protecting the ingress of a P2MP LSP, if the backup ingress
doesn't have a backup LSP to each of the next hops of the primary doesn't have a backup LSP to each of the next hops of the primary
ingress, it SHOULD clear "Ingress local protection available" and set ingress, it SHOULD clear "Ingress local protection available" and set
NUB to the number of the next hops to which there is no backup LSP. the Number of Unprotected Branches (NUB) to the number of the next
hops to which there is no backup LSP.
The flags are used to communicate status information from the backup The flags are used to communicate status information from the backup
ingress to the primary ingress. ingress to the primary ingress.
o Ingress local protection available: The backup ingress MUST set o Ingress local protection available: The backup ingress MUST set
this flag after backup LSPs are up and ready for locally this flag after backup LSPs are up and ready for locally protecting
protecting the primary ingress. The backup ingress sends this to the primary ingress. The backup ingress sends this to the primary
the primary ingress to indicate that the primary ingress is ingress to indicate that the primary ingress is locally protected.
locally protected.
o Ingress local protection in use: The backup ingress MUST set this o Ingress local protection in use: The backup ingress MUST set this
flag when it detects a failure in the primary ingress and actively flag when it detects a failure in the primary ingress and actively
redirects the traffic into the backup LSPs. The backup ingress redirects the traffic into the backup LSPs. The backup ingress
records this flag and does not send any RESV message with this records this flag and does not send any RESV messages with this
flag to the primary ingress since the primary ingress is down. flag to the primary ingress since the primary ingress is down.
o Bandwidth protection: The backup ingress MUST set this flag if the o Bandwidth protection: The backup ingress MUST set this flag if the
backup LSPs guarantee to provide desired bandwidth for the backup LSPs guarantee to provide the desired bandwidth for the
protected LSP against the primary ingress failure. protected LSP against the primary ingress failure.
The options are used by the primary ingress to specify the desired The options are used by the primary ingress to specify the desired
behavior to the backup ingress. behavior to the backup ingress.
o Revert to Ingress: The primary ingress sets this option indicating o Revert to Ingress: The primary ingress sets this option, which
that the traffic for the primary LSP successfully re-signaled will indicates that the traffic for the primary LSP, if successfully
be switched back to the primary ingress from the backup ingress resignaled, will be switched back to the primary ingress from the
when the primary ingress is restored. backup ingress when the primary ingress is restored.
o P2MP Backup: This option is set to ask for the backup ingress to o P2MP Backup: This option is set to ask for the backup ingress to
use backup P2MP LSP to protect the primary ingress. use backup P2MP LSP to protect the primary ingress.
The INGRESS_PROTECTION object may contain some subobjects of The INGRESS_PROTECTION object may contain some subobjects of
following format: following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |Reserved (zero)| | Type | Length |Reserved (zero)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contents/Body of subobject | | Contents / Body of Subobject |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where Type is the type of a subobject, Length is the total size of where Type is the type of a subobject and Length is the total size of
the subobject in bytes, including Type, Length and Contents fields. the subobject in bytes, including Type, Length, and Contents fields.
4.1.3. Subobject: Backup Ingress IPv4 Address 5.1.3. Subobject: Backup Ingress IPv4 Address
When the primary ingress of a protected LSP sends a PATH message with When the primary ingress of a protected LSP sends a PATH message with
an INGRESS_PROTECTION object to the backup ingress, the object MUST an INGRESS_PROTECTION object to the backup ingress, the object MUST
have a Backup Ingress IPv4 Address subobject containing an IPv4 have a Backup Ingress IPv4 Address subobject containing an IPv4
address belonging to the backup ingress if IPv4 is used. The Type of address belonging to the backup ingress if IPv4 is used. The Type of
the subobject is 1, and the body of the subobject is given below: the subobject is 1, and the body of the subobject is given below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Backup ingress IPv4 address (4 bytes) | | Backup Ingress IPv4 Address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Backup ingress IPv4 address: An IPv4 host address of backup ingress Backup Ingress IPv4 Address: An IPv4 host address of backup ingress
4.1.4. Subobject: Backup Ingress IPv6 Address 5.1.4. Subobject: Backup Ingress IPv6 Address
When the primary ingress of a protected LSP sends a PATH message with When the primary ingress of a protected LSP sends a PATH message with
an INGRESS_PROTECTION object to the backup ingress, the object MUST an INGRESS_PROTECTION object to the backup ingress, the object MUST
have a Backup Ingress IPv6 Address subobject containing an IPv6 have a Backup Ingress IPv6 Address subobject containing an IPv6
address belonging to the backup ingress if IPv6 is used. The Type of address belonging to the backup ingress if IPv6 is used. The Type of
the subobject is 2, the body of the subobject is given below: the subobject is 2, the body of the subobject is given below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Backup ingress IPv6 address (16 bytes) | | Backup Ingress IPv6 Address (16 bytes) |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Backup ingress IPv6 address: An IPv6 host address of backup ingress Backup Ingress IPv6 Address: An IPv6 host address of backup ingress
4.1.5. Subobject: Ingress IPv4 Address 5.1.5. Subobject: Ingress IPv4 Address
The INGRESS_PROTECTION object may have an Ingress IPv4 Address The INGRESS_PROTECTION object may have an Ingress IPv4 Address
subobject containing an IPv4 address belonging to the primary ingress subobject containing an IPv4 address belonging to the primary ingress
if IPv4 is used. The Type of the subobject is 3. The subobject has if IPv4 is used. The Type of the subobject is 3. The subobject has
the following body: the following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress IPv4 address (4 bytes) | | Ingress IPv4 Address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ingress IPv4 address: An IPv4 host address of ingress Ingress IPv4 Address: An IPv4 host address of ingress
4.1.6. Subobject: Ingress IPv6 Address 5.1.6. Subobject: Ingress IPv6 Address
The INGRESS_PROTECTION object may have an Ingress IPv6 Address The INGRESS_PROTECTION object may have an Ingress IPv6 Address
subobject containing an IPv6 address belonging to the primary ingress subobject containing an IPv6 address belonging to the primary ingress
if IPv6 is used. The Type of the subobject is 4. The subobject has if IPv6 is used. The Type of the subobject is 4. The subobject has
the following body: the following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress IPv6 address (16 bytes) | | Ingress IPv6 Address (16 bytes) |
~ ~ ~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Ingress IPv6 address: An IPv6 host address of ingress Ingress IPv6 Address: An IPv6 host address of ingress
4.1.7. Subobject: Traffic Descriptor 5.1.7. Subobject: TRAFFIC_DESCRIPTOR
The INGRESS_PROTECTION object may have a Traffic Descriptor subobject The INGRESS_PROTECTION object may have a TRAFFIC_DESCRIPTOR subobject
describing the traffic to be mapped to the backup LSP on the backup describing the traffic to be mapped to the backup LSP on the backup
ingress for locally protecting the primary ingress. The subobject ingress for locally protecting the primary ingress. The subobject
types for Interface, IPv4 Prefix, IPv6 Prefix and Application types for Interface, IPv4 Prefix, IPv6 Prefix, and Application
Identifier are 5, 6, 7 and 8 respectively. The subobject has the Identifier are 5, 6, 7, and 8, respectively. The subobject has the
following body: following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Traffic Element 1 | | Traffic Element 1 |
~ ~ ~ ~
| Traffic Element n | | Traffic Element n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Traffic Descriptor subobject may contain multiple Traffic The TRAFFIC_DESCRIPTOR subobject may contain multiple Traffic
Elements of same type as follows: Elements of the same type as follows:
o Interface Traffic: Each of the Traffic Elements is a 32 bit index o Interface Traffic: Each of the Traffic Elements is a 32-bit index
of an interface, from which the traffic is imported into the of an interface from which the traffic is imported into the backup
backup LSP. LSP.
o IPv4 Prefix Traffic: Each of the Traffic Elements is an IPv4 o IPv4 Prefix Traffic: Each of the Traffic Elements is an IPv4
prefix, containing an 8-bit prefix length followed by an IPv4 prefix that contains an 8-bit prefix length followed by an IPv4
address prefix, whose length, in bits, is specified by the prefix address prefix (whose length, in bits, is specified by the prefix
length, padded to a byte boundary. length) that is padded to a byte boundary.
o IPv6 Prefix Traffic: Each of the Traffic Elements is an IPv6 o IPv6 Prefix Traffic Each of the Traffic Elements is an IPv6
prefix, containing an 8-bit prefix length followed by an IPv6 prefix, containing an 8-bit prefix length followed by an IPv6
address prefix, whose length, in bits, is specified by the prefix address prefix (whose length, in bits, is specified by the prefix
length, padded to a byte boundary. length) that is padded to a byte boundary.
o Application Traffic: Each of the Traffic Elements is a 32 bit o Application Traffic: Each of the Traffic Elements is a 32-bit
identifier of an application, from which the traffic is imported identifier of an application from which the traffic is imported
into the backup LSP. into the backup LSP.
4.1.8. Subobject: Label-Routes 5.1.8. Subobject: Label-Routes
The INGRESS_PROTECTION object in a PATH message from the primary The INGRESS_PROTECTION object in a PATH message from the primary
ingress to the backup ingress may have a Label-Routes subobject ingress to the backup ingress may have a Label-Routes subobject
containing the labels and routes that the next hops of the ingress containing the labels and routes that the next hops of the ingress
use. The Type of the subobject is 9. The subobject has the use. The Type of the subobject is 9. The subobject has the
following body: following body:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Subobjects ~ ~ Subobjects ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Subobjects in the Label-Routes are copied from those in the The Subobjects in Label-Routes are copied from those in the
RECORD_ROUTE objects in the RESV messages that the primary ingress RECORD_ROUTE objects in the RESV messages that the primary ingress
receives from its next hops for the primary LSP. They MUST contain receives from its next hops for the primary LSP. They MUST contain
the first hops of the LSP, each of which is paired with its label. the first hops of the LSP, each of which is paired with its label.
5. Behavior of Ingress Protection 6. Behavior of Ingress Protection
5.1. Overview 6.1. Overview
There are two different proposed signaling approaches to transfer the There are two different proposed signaling approaches to transfer the
information for ingress protection. They both use the same new information for ingress protection. They both use the same new
INGRESS_PROTECTION object. The object is sent in both PATH and RESV INGRESS_PROTECTION object. The object is sent in both PATH and RESV
messages. messages.
5.1.1. Relay-Message Method 6.1.1. Relay-Message Method
The primary ingress relays the information for ingress protection of The primary ingress relays the information for ingress protection of
an LSP to the backup ingress via PATH messages. Once the LSP is an LSP to the backup ingress via PATH messages. Once the LSP is
created, the ingress of the LSP sends the backup ingress a PATH created, the ingress of the LSP sends the backup ingress a PATH
message with an INGRESS_PROTECTION object with Label-Routes message with an INGRESS_PROTECTION object with a Label-Routes
subobject, which is populated with the next-hops and labels. This subobject, which is populated with the next hops and labels. This
provides sufficient information for the backup ingress to create the provides sufficient information for the backup ingress to create the
appropriate forwarding state and backup LSP(s). appropriate forwarding state and backup LSP(s).
The ingress also sends the backup ingress all the other PATH messages The ingress also sends the backup ingress all the other PATH messages
for the LSP with an empty INGRESS_PROTECTION object. An for the LSP with an empty INGRESS_PROTECTION object. An
INGRESS_PROTECTION object without any Traffic-Descriptor subobject is INGRESS_PROTECTION object without any TRAFFIC_DESCRIPTOR subobject is
called an empty INGRESS_PROTECTION object. Thus, the backup ingress called an empty INGRESS_PROTECTION object. Thus, the backup ingress
has access to all the PATH messages needed for modification to has access to all the PATH messages needed for modification to
refresh control-plane state after a failure. refresh the control-plane state after a failure.
The empty INGRESS_PROTECTION object is for efficient processing of The empty INGRESS_PROTECTION object is for efficient processing of
ingress protection for a P2MP LSP. For a P2MP LSP, its primary ingress protection for a P2MP LSP. A P2MP LSP's primary ingress may
ingress may have more than one PATH messages, each of which is sent have more than one PATH message, each of which is sent to a next hop
to a next hop along a branch of the P2MP LSP. The PATH message along along a branch of the P2MP LSP. The PATH message along a branch will
a branch will be selected and sent to the backup ingress with an be selected and sent to the backup ingress with an INGRESS_PROTECTION
INGRESS_PROTECTION object containing the Traffic-Descriptor object containing the TRAFFIC_DESCRIPTOR subobject; all the PATH
subobject; all the PATH messages along the other branches will be messages along the other branches will be sent to the backup ingress
sent to the backup ingress containing an INGRESS_PROTECTION object containing an INGRESS_PROTECTION object without any
without any Traffic-Descriptor subobject (empty INGRESS_PROTECTION TRAFFIC_DESCRIPTOR subobject (empty INGRESS_PROTECTION object). For
object). For a P2MP LSP, the backup ingress only needs one Traffic- a P2MP LSP, the backup ingress only needs one TRAFFIC_DESCRIPTOR.
Descriptor.
5.1.2. Proxy-Ingress Method 6.1.2. Proxy-Ingress Method
Conceptually, a proxy ingress is created that starts the RSVP Conceptually, a proxy ingress is created that starts the RSVP
signaling. The explicit path of the LSP goes from the proxy ingress signaling. The explicit path of the LSP goes from the proxy ingress
to the backup ingress and then to the real ingress. The behavior and to the backup ingress and then to the real ingress. The behavior and
signaling for the proxy ingress is done by the real ingress; the use signaling for the proxy ingress is done by the real ingress; the use
of a proxy ingress address avoids problems with loop detection. Note of a proxy-ingress address avoids problems with loop detection. Note
that the proxy ingress MUST reside within the same router as the real that the proxy ingress MUST reside within the same router as the real
ingress. ingress.
[ traffic source ] *** Primary LSP [ Traffic Source ] *** Primary LSP
$ $ --- Backup LSP $ $ --- Backup LSP
$ $ $$ Link $ $ $$ Link
$ $ $ $
[ proxy ingress ] [ backup ] [ Proxy Ingress ] [ Backup ]
[ & ingress ] | [ & Ingress ] |
* | * |
*****[ MP ]----| *****[ MP ]----|
Figure 2: Example Protected LSP with Proxy Ingress Node Figure 2: Example of a Protected LSP with a Proxy-Ingress Node
The backup ingress MUST know the merge points or next-hops and their The backup ingress MUST know the merge points or next hops and their
associated labels. This is accomplished by having the RSVP PATH and associated labels. This is accomplished by having the RSVP PATH and
RESV messages go through the backup ingress, although the forwarding RESV messages go through the backup ingress, although the forwarding
path need not go through the backup ingress. If the backup ingress path need not go through the backup ingress. If the backup ingress
fails, the ingress simply removes the INGRESS_PROTECTION object and fails, the ingress simply removes the INGRESS_PROTECTION object and
forwards the PATH messages to the LSP's next-hop(s). If the ingress forwards the PATH messages to the LSP's next hop(s). If the ingress
has its LSP configured for ingress protection, then the ingress can has its LSP configured for ingress protection, then the ingress can
add the backup ingress and itself to the ERO and start forwarding the add the backup ingress and itself to the Explicit Route Object (ERO)
PATH messages to the backup ingress. and start forwarding the PATH messages to the backup ingress.
Slightly different behavior can apply for the on-path and off-path Slightly different behavior can apply for the on-path and off-path
cases. In the on-path case, the backup ingress is a next hop node cases. In the on-path case, the backup ingress is a next-hop node
after the ingress for the LSP. In the off-path, the backup ingress after the ingress for the LSP. In the off-path case, the backup
is not any next-hop node after the ingress for all associated sub- ingress is not any next-hop node after the ingress for all associated
LSPs. sub-LSPs.
The key advantage of this approach is that it minimizes the special The key advantage of this approach is that it minimizes the special
handling code required. Because the backup ingress is on the handling code required. Because the backup ingress is on the
signaling path, it can receive various notifications. It easily has signaling path, it can receive various notifications. It easily has
access to all the PATH messages needed for modification to be sent to access to all the PATH messages needed for a modification to be sent
refresh control-plane state after a failure. to refresh the control-plane state after a failure.
5.2. Ingress Behavior 6.2. Ingress Behavior
The primary ingress MUST be configured with a couple of pieces of The primary ingress MUST be configured with a couple of pieces of
information for ingress protection. information for ingress protection.
o Backup Ingress Address: The primary ingress MUST know the IP o Backup Ingress Address: The primary ingress MUST know the IP
address of the backup ingress it wants to be used before it can address of the backup ingress it wants to be used before it can use
use the INGRESS_PROTECTION object. the INGRESS_PROTECTION object.
o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The
Proxy-Ingress-Id is only used in the Record Route Object for Proxy-Ingress-Id is only used in the RECORD_ROUTE object for
recording the proxy-ingress. If no proxy-ingress-id is specified, recording the proxy ingress. If no Proxy-Ingress-Id is specified,
then a local interface address that will not otherwise be included then a local interface address that will not otherwise be included
in the Record Route Object can be used. A similar technique is in the RECORD_ROUTE object can be used. A similar technique is
used in [RFC4090 Sec 6.1.1]. used in Section 6.1.1. of [RFC4090].
o Application Traffic Identifier: The primary ingress and backup o Application Traffic Identifier: The primary ingress and backup
ingress MUST both know what application traffic should be directed ingress MUST both know what application traffic should be directed
into the LSP. If a list of prefixes in the Traffic Descriptor into the LSP. If a list of prefixes in the TRAFFIC_DESCRIPTOR
subobject will not suffice, then a commonly understood Application subobject will not suffice, then a commonly understood Application
Traffic Identifier can be sent between the primary ingress and Traffic Identifier can be sent between the primary ingress and
backup ingress. The exact meaning of the identifier should be backup ingress. The exact meaning of the identifier should be
configured similarly at both the primary ingress and backup configured similarly at both the primary ingress and backup
ingress. The Application Traffic Identifier is understood within ingress. The Application Traffic Identifier is understood within
the unique context of the primary ingress and backup ingress. the unique context of the primary ingress and backup ingress.
o A connection between backup ingress and primary ingress: If there o A Connection between Backup Ingress and Primary Ingress: If there
is not any direct link between the primary ingress and the backup is not any direct link between the primary ingress and the backup
ingress, a tunnel MUST be configured between them. ingress, a tunnel MUST be configured between them.
With this additional information, the primary ingress can create and With this additional information, the primary ingress can create and
signal the necessary RSVP extensions to support ingress protection. signal the necessary RSVP extensions to support ingress protection.
5.2.1. Relay-Message Method 6.2.1. Relay-Message Method
To protect the primary ingress of an LSP, the primary ingress MUST do To protect the primary ingress of an LSP, the primary ingress MUST do
the following after the LSP is up. the following after the LSP is up.
1. Select a PATH message P0 for the LSP. 1. Select a PATH message P0 for the LSP.
2. If the backup ingress is off-path (the backup ingress is not the 2. If the backup ingress is off path (the backup ingress is not the
next hop of the primary ingress for P0), then send it a PATH next hop of the primary ingress for P0), then send it a PATH
message P0' with the content from P0 and an INGRESS_PROTECTION message P0' with the content from P0 and an INGRESS_PROTECTION
object; else (the backup ingress is a next hop, i.e., on-path object; else (the backup ingress is a next hop, i.e., on-path
case) add an INGRESS_PROTECTION object into the existing PATH case) add an INGRESS_PROTECTION object into the existing PATH
message to the backup ingress (i.e., the next hop). The object message to the backup ingress (i.e., the next hop). The object
contains the Traffic-Descriptor subobject, the Backup Ingress contains the TRAFFIC_DESCRIPTOR subobject, the Backup Ingress
Address subobject and the Label-Routes subobject. The options is Address subobject and the Label-Routes subobject. The options
set to indicate whether a Backup P2MP LSP is desired. The Label- field is set to indicate whether a backup P2MP LSP is desired.
Routes subobject contains the next-hops of the primary ingress The Label-Routes subobject contains the next hops of the primary
and their labels. Note that for on-path case, there is an ingress and their labels. Note that for the on-path case, there
existing PATH message to the backup ingress (i.e., the next hop), is an existing PATH message to the backup ingress (i.e., the next
and we just add an INGRESS_PROTECTION object into the existing hop), and we just add an INGRESS_PROTECTION object into the
PATH message to be sent to the backup ingress. We do not send a existing PATH message to be sent to the backup ingress. We do
separate PATH message to the backup ingress for this existing not send a separate PATH message to the backup ingress for this
PATH message. existing PATH message.
3. For each Pi of the other PATH messages for the LSP, send the 3. For each Pi of the other PATH messages for the LSP, send the
backup ingress a PATH message Pi' with the content copied from Pi backup ingress a PATH message Pi' with the content copied from Pi
and an empty INGRESS_PROTECTION object. and an empty INGRESS_PROTECTION object.
For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup
ingress, it has the same SESSION as Pj (i.e., P0/Pi). If the backup ingress, it has the same SESSION as Pj (i.e., P0/Pi). If the backup
ingress is off-path, the primary ingress updates Pj' according to the ingress is off path, the primary ingress updates Pj' according to the
backup ingress as its next hop before sending it. It adds the backup backup ingress as its next hop before sending it. It adds the backup
ingress to the beginning of the ERO, and sets RSVP_HOP based on the ingress to the beginning of the ERO and sets RSVP_HOP based on the
interface to the backup ingress. The primary ingress MUST NOT set up interface to the backup ingress. The primary ingress MUST NOT set up
any forwarding state to the backup ingress if the backup ingress is any forwarding state to the backup ingress if the backup ingress is
off-path. off path.
5.2.2. Proxy-Ingress Method 6.2.2. Proxy-Ingress Method
The primary ingress is responsible for starting the RSVP signaling The primary ingress is responsible for starting the RSVP signaling
for the proxy-ingress node. To do this, the following MUST be done for the proxy-ingress node. To do this, the following MUST be done
for the RSVP PATH message. for the RSVP PATH message.
1. Compute the EROs for the LSP as normal for the ingress. 1. Compute the EROs for the LSP as normal for the ingress.
2. If the selected backup ingress node is not the first node on the 2. If the selected backup ingress node is not the first node on the
path (for all sub-LSPs), then insert at the beginning of the ERO path (for all sub-LSPs), then insert it at the beginning of the
first the backup ingress node and then the ingress node. ERO first, then the backup ingress node, and then the ingress
node.
3. In the PATH RRO, instead of recording the ingress node's address, 3. In the PATH RECORD_ROUTE Object (RRO), instead of recording the
replace it with the Proxy-Ingress-Id. ingress node's address, replace it with the Proxy-Ingress-Id.
4. Leave the HOP object populated as usual with information for the 4. Leave the hop (HOP) object populated as usual with information
ingress-node. for the ingress node.
5. Add the INGRESS_PROTECTION object to the PATH message. Include 5. Add the INGRESS_PROTECTION object to the PATH message. Include
the Backup Ingress Address (IPv4 or IPv6) subobject and the the Backup Ingress Address (IPv4 or IPv6) subobject and the
Traffic-Descriptor subobject. Set or clear the options TRAFFIC_DESCRIPTOR subobject. Set or clear the options
indicating that a Backup P2MP LSP is desired. indicating that a backup P2MP LSP is desired.
6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path 6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path
message. Indicate whether one-to-one backup is desired. message. Indicate whether one-to-one backup is desired.
Indicate whether facility backup is desired. Indicate whether facility backup is desired.
7. The RSVP PATH message is sent to the backup node as normal. 7. The RSVP PATH message is sent to the backup node as normal.
If the ingress detects that it can't communicate with the backup If the ingress detects that it can't communicate with the backup
ingress, then the ingress SHOULD instead send the PATH message to the ingress, then the ingress SHOULD instead send the PATH message to the
next-hop indicated in the ERO computed in step 1. Once the ingress next hop indicated in the ERO computed in step 1. Once the ingress
detects that it can communicate with the backup ingress, the ingress detects that it can communicate with the backup ingress, the ingress
SHOULD follow the steps 1-7 to obtain ingress failure protection. SHOULD follow steps 1-7 to obtain ingress failure protection.
When the ingress node receives an RSVP PATH message with an When the ingress node receives an RSVP PATH message with an
INGRESS_PROTECTION object and the object specifies that node as the INGRESS_PROTECTION object and the object specifies that node as the
ingress node and the PHOP as the backup ingress node, the ingress ingress node and the Previous Hop (PHOP) as the backup ingress node,
node SHOULD remove the INGRESS_PROTECTION object from the PATH the ingress node SHOULD remove the INGRESS_PROTECTION object from the
message before sending it out. Additionally, the ingress node MUST PATH message before sending it out. Additionally, the ingress node
store that it will install ingress forwarding state for the LSP MUST store that it will install ingress forwarding state for the LSP
rather than midpoint forwarding. rather than midpoint forwarding.
When an RSVP RESV message is received by the ingress, it uses the When an RSVP RESV message is received by the ingress, it uses the
NHOP to determine whether the message is received from the backup Next Hop (NHOP) to determine whether the message is received from the
ingress or from a different node. The stored associated PATH message backup ingress or from a different node. The stored associated PATH
contains an INGRESS_PROTECTION object that identifies the backup message contains an INGRESS_PROTECTION object that identifies the
ingress node. If the RESV message is not from the backup node, then backup ingress node. If the RESV message is not from the backup
ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION node, then the ingress forwarding state SHOULD be set up, and the
object MUST be added to the RESV before it is sent to the NHOP, which INGRESS_PROTECTION object MUST be added to the RESV before it is sent
SHOULD be the backup node. If the RESV message is from the backup to the NHOP, which SHOULD be the backup node. If the RESV message is
node, then the LSP SHOULD be considered available for use. from the backup node, then the LSP SHOULD be considered available for
use.
If the backup ingress node is on the forwarding path, then a RESV is If the backup ingress node is on the forwarding path, then a RESV is
received with an INGRESS_PROTECTION object and an NHOP that matches received with an INGRESS_PROTECTION object and an NHOP that matches
the backup ingress. In this case, the ingress node's address will the backup ingress. In this case, the ingress node's address will
not appear after the backup ingress in the RRO. The ingress node not appear after the backup ingress in the RRO. The ingress node
SHOULD set up ingress forwarding state, just as is done if the LSP SHOULD set up the ingress forwarding state, just as is done if the
weren't ingress-node protected. ingress node of the LSP weren't protected.
5.3. Backup Ingress Behavior 6.3. Backup Ingress Behavior
An LER determines that the ingress local protection is requested for A Label Edge Router (LER) determines that the ingress local
an LSP if the INGRESS_PROTECTION object is included in the PATH protection is requested for an LSP if the INGRESS_PROTECTION object
message it receives for the LSP. The LER can further determine that is included in the PATH message it receives for the LSP. The LER can
it is the backup ingress if one of its addresses is in the Backup further determine that it is the backup ingress if one of its
Ingress Address subobject of the INGRESS_PROTECTION object. The LER addresses is in the Backup Ingress Address subobject of the
as the backup ingress will assume full responsibility of the ingress INGRESS_PROTECTION object. The LER as the backup ingress will assume
after the primary ingress fails. In addition, the LER determines full responsibility of the ingress after the primary ingress fails.
that it is off-path if it is not any node of the LSP. The LER In addition, the LER determines that it is off path if it is not any
determines whether it uses Relay-Message Method or Proxy-Ingress node of the LSP. The LER determines whether it uses the Relay-
Method according to configurations. Message Method or the Proxy-Ingress Method according to
configurations.
5.3.1. Backup Ingress Behavior in Off-path Case 6.3.1. Backup Ingress Behavior in the Off-Path Case
The backup ingress considers itself as a PLR and the primary ingress The backup ingress considers itself a Point of Local Repair (PLR) and
as its next hop and provides a local protection for the primary the primary ingress its next hop, and it provides a local protection
ingress. It behaves very similarly to a PLR providing fast-reroute for the primary ingress. It behaves very similarly to a PLR
where the primary ingress is considered as the failure-point to providing fast reroute where the primary ingress is considered to be
protect. Where not otherwise specified, the behavior given in the failure point to protect. Where not otherwise specified, the
[RFC4090] for a PLR applies. behavior given in [RFC4090] for a PLR applies.
The backup ingress MUST follow the control-options specified in the The backup ingress MUST follow the control options specified in the
INGRESS_PROTECTION object and the flags and specifications in the INGRESS_PROTECTION object and the flags and specifications in the
FAST-REROUTE object. This applies to providing a P2MP backup if the FAST-REROUTE object. This applies to providing a P2MP backup if the
"P2MP backup" is set, a one-to-one backup if "one-to-one desired" is "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is
set, facility backup if the "facility backup desired" is set, and set, a facility backup if the "facility backup desired" is set, and
backup paths that support the desired bandwidth, and administrative backup paths that support both the desired bandwidth and
groups that are requested. administrative groups that are requested.
If multiple non empty INGRESS_PROTECTION objects have been received If multiple non-empty INGRESS_PROTECTION objects have been received
via multiple PATH messages for the same LSP, then the most recent one via multiple PATH messages for the same LSP, then the most recent one
MUST be the one used. MUST be the one used.
The backup ingress creates the appropriate forwarding state for the The backup ingress creates the appropriate forwarding state for the
backup LSP tunnel(s) to the merge point(s). backup LSP tunnel(s) to the merge point(s).
When the backup ingress sends a RESV message to the primary ingress, When the backup ingress sends a RESV message to the primary ingress,
it MUST add an INGRESS_PROTECTION object into the message. It MUST it MUST add an INGRESS_PROTECTION object into the message. It MUST
set or clear the flags in the object to report "Ingress local set or clear the flags in the object to report "Ingress local
protection available", "Ingress local protection in use", and protection available", "Ingress local protection in use", and
skipping to change at page 19, line 19 skipping to change at page 21, line 4
When the primary ingress fails, the backup ingress redirects the When the primary ingress fails, the backup ingress redirects the
traffic from a source into the backup P2P LSPs or the backup P2MP LSP traffic from a source into the backup P2P LSPs or the backup P2MP LSP
transmitting the traffic to the next hops of the primary ingress, transmitting the traffic to the next hops of the primary ingress,
where the traffic is merged into the protected LSP. where the traffic is merged into the protected LSP.
In this case, the backup ingress MUST keep the PATH message with the In this case, the backup ingress MUST keep the PATH message with the
INGRESS_PROTECTION object received from the primary ingress and the INGRESS_PROTECTION object received from the primary ingress and the
RESV message with the INGRESS_PROTECTION object to be sent to the RESV message with the INGRESS_PROTECTION object to be sent to the
primary ingress. The backup ingress MUST set the "local protection primary ingress. The backup ingress MUST set the "local protection
in use" flag in the RESV message, indicating that the backup ingress in use" flag in the RESV message, which indicates that the backup
is actively redirecting the traffic into the backup P2P LSPs or the ingress is actively redirecting the traffic into the backup P2P LSPs
backup P2MP LSP for locally protecting the primary ingress failure. or the backup P2MP LSP for locally protecting the primary ingress
failure.
Note that the RESV message with this piece of information will not be Note that the RESV message with this piece of information will not be
sent to the primary ingress because the primary ingress has failed. sent to the primary ingress because the primary ingress has failed.
If the backup ingress has not received any PATH message from the If the backup ingress has not received any PATH messages from the
primary ingress for an extended period of time (e.g., a cleanup primary ingress for an extended period of time (e.g., a cleanup
timeout interval) and a confirmed primary ingress failure did not timeout interval) and a confirmed primary ingress failure did not
occur, then the standard RSVP soft-state removal SHOULD occur. The occur, then the standard RSVP soft-state removal SHOULD occur. The
backup ingress SHALL remove the state for the PATH message from the backup ingress SHALL remove the state for the PATH message from the
primary ingress, and tear down the one-to-one backup LSPs for primary ingress and either tear down the one-to-one backup LSPs for
protecting the primary ingress if one-to-one backup is used or unbind protecting the primary ingress if one-to-one backup is used or unbind
the facility backup LSPs if facility backup is used. the facility backup LSPs if facility backup is used.
When the backup ingress receives a PATH message from the primary When the backup ingress receives a PATH message from the primary
ingress for locally protecting the primary ingress of a protected ingress for locally protecting the primary ingress of a protected
LSP, it MUST check to see if any critical information has been LSP, it MUST check to see if any critical information has been
changed. If the next hops of the primary ingress are changed, the changed. If the next hops of the primary ingress are changed, the
backup ingress SHALL update its backup LSP(s) accordingly. backup ingress SHALL update its backup LSP(s) accordingly.
5.3.1.1. Relay-Message Method 6.3.1.1. Relay-Message Method
When the backup ingress receives a PATH message with an non empty When the backup ingress receives a PATH message with a non-empty
INGRESS_PROTECTION object, it examines the object to learn what INGRESS_PROTECTION object, it examines the object to learn what
traffic associated with the LSP. It determines the next-hops to be traffic associated with the LSP. It determines the next hops to be
merged to by examining the Label-Routes subobject in the object. merged to by examining the Label-Routes subobject in the object.
The backup ingress MUST store the PATH message received from the The backup ingress MUST store the PATH message received from the
primary ingress, but NOT forward it. primary ingress but NOT forward it.
The backup ingress responds with a RESV message to the PATH message The backup ingress responds with a RESV message to the PATH message
received from the primary ingress. If the backup ingress is off- received from the primary ingress. If the backup ingress is off
path, the LABEL object in the RESV message contains IMPLICIT-NULL. path, the LABEL object in the RESV message contains IMPLICIT-NULL.
If the INGRESS_PROTECTION object is not "empty", the backup ingress If the INGRESS_PROTECTION object is not "empty", the backup ingress
SHALL send the RESV message with the state indicating protection is SHALL send the RESV message with the state indicating protection is
available after the backup LSP(s) are successfully established. available after the backup LSP(s) are successfully established.
5.3.1.2. Proxy-Ingress Method 6.3.1.2. Proxy-Ingress Method
The backup ingress determines the next-hops to be merged to by When receiving a RESV message for an LSP from a router that is not
collecting the set of the pair of (IPv4/IPv6 subobject, Label primary ingress, the backup ingress collects the pair of (IPv4/IPv6
subobject) from the Record Route Object of each RESV that are closest subobject, Label subobject) in the second place to the top pair in
to the top and not the Ingress router; this should be the second to the RECORD_ROUTE object of the message. It determines the next hops
the top pair. If a Label-Routes subobject is included in the to be merged according to the set of the pairs collected. If a
INGRESS_PROTECTION object, the included IPv4/IPv6 subobjects are used Label-Routes subobject is included in the INGRESS_PROTECTION object,
to filter the set down to the specific next-hops where protection is the included IPv4/IPv6 subobjects are used to filter the set down to
desired. A RESV message MUST have been received before the Backup the specific next hops where protection is desired. An RESV message
Ingress can create or select the appropriate backup LSP. MUST have been received before the backup ingress can create or
select the appropriate backup LSP.
When the backup ingress receives a PATH message with the When the backup ingress receives a PATH message with the
INGRESS_PROTECTION object, the backup ingress examines the object to INGRESS_PROTECTION object, the backup ingress examines the object to
learn what traffic associated with the LSP. The backup ingress learn what traffic associated with the LSP. The backup ingress
forwards the PATH message to the ingress node with the normal RSVP forwards the PATH message to the ingress node with the normal RSVP
changes. changes.
When the backup ingress receives a RESV message with the When the backup ingress receives a RESV message with the
INGRESS_PROTECTION object, the backup ingress records an IMPLICIT- INGRESS_PROTECTION object, the backup ingress records an IMPLICIT-
NULL label in the RRO. Then the backup ingress forwards the RESV NULL label in the RRO. Then, the backup ingress forwards the RESV
message to the ingress node, which is acting for the proxy ingress. message to the ingress node, which is acting for the proxy ingress.
5.3.2. Backup Ingress Behavior in On-path Case 6.3.2. Backup Ingress Behavior in the On-Path Case
An LER as the backup ingress determines that it is on-path if one of An LER as the backup ingress determines that it is on path if one of
its addresses is a next hop of the primary ingress (and for Proxy- its addresses is a next hop of the primary ingress; for the Proxy-
Ingress Method the primary ingress is not its next hop via checking Ingress Method, the primary ingress is determined as not its next hop
the PATH message with the INGRESS_PROTECTION object received from the by checking the PATH message with the INGRESS_PROTECTION object
primary ingress). The LER on-path MUST send the corresponding PATH received from the primary ingress. The LER on path MUST send the
messages without any INGRESS_PROTECTION object to its next hops. It corresponding PATH messages without any INGRESS_PROTECTION object to
creates a number of backup P2P LSPs or a backup P2MP LSP from itself its next hops. It creates a number of backup P2P LSPs or a backup
to the other next hops (i.e., the next hops other than the backup P2MP LSP from itself to the other next hops (i.e., the next hops
ingress) of the primary ingress. The other next hops are from the other than the backup ingress) of the primary ingress. The other
Label-Routes subobject. next hops are from the Label-Routes subobject.
It also creates a forwarding entry, which sends/multicasts the It also creates a forwarding entry, which sends/multicasts the
traffic from the source to the next hops of the backup ingress along traffic from the source to the next hops of the backup ingress along
the protected LSP when the primary ingress fails. The traffic is the protected LSP when the primary ingress fails. The traffic is
described by the Traffic-Descriptor. described by the TRAFFIC_DESCRIPTOR.
After the forwarding entry is created, all the backup P2P LSPs or the After setting up all the backup P2P LSPs or the backup P2MP LSP, the
backup P2MP LSP is up and associated with the protected LSP, the backup ingress creates forwarding entry(s) for importing the traffic
backup ingress MUST send the primary ingress the RESV message with into the backup LSP(s) from the source when the primary ingress
the INGRESS_PROTECTION object containing the state of the local fails. Then, it MUST send the primary ingress a RESV message with an
protection such as "local protection available" flag set to one, INGRESS_PROTECTION object. The object contains the state of the
which indicates that the primary ingress is locally protected. local protection, such as having the "local protection available"
flag set to one, which indicates that the primary ingress is locally
protected.
When the primary ingress fails, the backup ingress sends/multicasts When the primary ingress fails, the backup ingress sends/multicasts
the traffic from the source to its next hops along the protected LSP the traffic from the source to its next hops along the protected LSP
and imports the traffic into each of the backup P2P LSPs or the and imports the traffic into each of the backup P2P LSPs or to the
backup P2MP LSP transmitting the traffic to the other next hops of backup P2MP LSP transmitting the traffic to the other next hops of
the primary ingress, where the traffic is merged into protected LSP. the primary ingress, where the traffic is merged into a protected
LSP.
During the local repair, the backup ingress MUST continue to send the During the local repair, the backup ingress MUST continue to send the
PATH messages to its next hops as before, keep the PATH message with PATH messages to its next hops as before and keep the PATH message
the INGRESS_PROTECTION object received from the primary ingress and with the INGRESS_PROTECTION object received from the primary ingress
the RESV message with the INGRESS_PROTECTION object to be sent to the and the RESV message with the INGRESS_PROTECTION object to be sent to
primary ingress. It MUST set the "local protection in use" flag in the primary ingress. It MUST set the "local protection in use" flag
the RESV message. in the RESV message.
5.3.3. Failure Detection and Refresh PATH Messages 6.3.3. Failure Detection and Refresh PATH Messages
As described in [RFC4090], it is necessary to refresh the PATH As described in [RFC4090], it is necessary to refresh the PATH
messages via the backup LSP(s). The Backup Ingress MUST wait to messages via the backup LSP(s). The backup ingress MUST wait to
refresh the PATH messages until it can accurately detect that the refresh the PATH messages until it can accurately detect that the
ingress node has failed. An example of such an accurate detection ingress node has failed. An example of such an accurate detection
would be that the IGP has no bi-directional links to the ingress node would be that the IGP has no bidirectional links to the ingress node,
or a BFD session to the primary ingress' loopback address has failed or a BFD session to the primary ingress' loopback address has failed
and stayed failed after the network has reconverged. and stayed failed after the network has reconverged.
As described in [RFC4090 Section 6.4.3], the backup ingress, acting As described in Section 6.4.3 of [RFC4090], the backup ingress,
as PLR, MUST modify and send any saved PATH messages associated with acting as PLR, MUST modify and send any saved PATH messages
the primary LSP to the corresponding next hops through backup LSP(s). associated with the primary LSP to the corresponding next hops
Any PATH message sent will not contain any INGRESS_PROTECTION object. through backup LSP(s). Any PATH message sent will not contain any
The RSVP_HOP object in the message contains an IP source address INGRESS_PROTECTION objects. The RSVP_HOP object in the message
belonging to the backup ingress. The sender template object has the contains an IP source address belonging to the backup ingress. The
backup ingress address as its tunnel sender address. SENDER_TEMPLATE object has the Backup Ingress Address as its tunnel
sender address.
5.4. Revertive Behavior 6.4. Revertive Behavior
Upon a failure event in the (primary) ingress of a protected LSP, the Upon a failure event in the (primary) ingress of a protected LSP, the
protected LSP is locally repaired by the backup ingress. There are a protected LSP is locally repaired by the backup ingress. There are a
couple of basic strategies for restoring the LSP to a full working couple of basic strategies for restoring the LSP to a full working
path. path.
- Revert to Primary Ingress: When the primary ingress is restored, o Revert to Primary Ingress: When the primary ingress is restored,
it re-signals each of the LSPs that start from the primary it resignals each of the LSPs that start from the primary ingress.
ingress. The traffic for every LSP successfully re-signaled is The traffic for every LSP successfully resignaled is switched back
switched back to the primary ingress from the backup ingress. to the primary ingress from the backup ingress.
- Global Repair by Backup Ingress: After determining that the o Global Repair by Backup Ingress: After determining that the
primary ingress of an LSP has failed, the backup ingress computes primary ingress of an LSP has failed, the backup ingress computes a
a new optimal path, signals a new LSP along the new path, and new optimal path, signals a new LSP along the new path, and
switches the traffic to the new LSP. switches the traffic to the new LSP.
5.4.1. Revert to Primary Ingress 6.4.1. Revert to Primary Ingress
If "Revert to Primary Ingress" is desired for a protected LSP, the If "Revert to Primary Ingress" is desired for a protected LSP, the
(primary) ingress of the LSP SHOULD re-signal the LSP that starts (primary) ingress of the LSP SHOULD resignal the LSP that starts from
from the primary ingress after the primary ingress restores. After the primary ingress after the primary ingress restores. After the
the LSP is re-signaled successfully, the traffic SHOULD be switched LSP is resignaled successfully, the traffic SHOULD be switched back
back to the primary ingress from the backup ingress on the source to the primary ingress from the backup ingress on the source node and
node and redirected into the LSP starting from the primary ingress. redirected into the LSP starting from the primary ingress.
The primary ingress can specify the "Revert to Ingress" control- The primary ingress can specify the "Revert to Ingress" control
option in the INGRESS_PROTECTION object in the PATH messages to the option in the INGRESS_PROTECTION object in the PATH messages to the
backup ingress. After receiving the "Revert to Ingress" control- backup ingress. After receiving the "Revert to Ingress" control
option, the backup ingress MUST stop sending/refreshing PATH messages option, the backup ingress MUST stop sending/refreshing PATH messages
for the protected LSP. for the protected LSP.
5.4.2. Global Repair by Backup Ingress 6.4.2. Global Repair by Backup Ingress
When the backup ingress has determined that the primary ingress of When the backup ingress has determined that the primary ingress of
the protected LSP has failed (e.g., via the IGP), it can compute a the protected LSP has failed (e.g., via the IGP), it can compute a
new path and signal a new LSP along the new path so that it no longer new path and signal a new LSP along the new path so that it no longer
relies upon local repair. To do this, the backup ingress MUST use relies upon local repair. To do this, the backup ingress MUST use
the same tunnel sender address in the Sender Template Object and the same tunnel sender address in the SENDER_TEMPLATE object and
allocate a LSP ID different from the one of the old LSP as the LSP-ID allocate an LSP ID different from the one of the old LSP as the LSP
of the new LSP. This allows the new LSP to share resources with the ID of the new LSP. This allows the new LSP to share resources with
old LSP. Alternately, the Backup Ingress can create a new LSP with the old LSP. Alternately, the backup ingress can create a new LSP
no bandwidth reservation that duplicates the path(s) of the protected with no bandwidth reservation that duplicates the path(s) of the
LSP, move traffic to the new LSP, delete the protected LSP, and then protected LSP, move traffic to the new LSP, delete the protected LSP,
resignal the new LSP with bandwidth. and then resignal the new LSP with bandwidth.
6. Security Considerations 7. Security Considerations
In principle this document does not introduce new security issues. In principle, this document does not introduce new security issues.
The security considerations pertaining to RFC 4090, RFC 4875, RFC The security considerations pertaining to [RFC4090], [RFC4875],
2205 and RFC 3209 remain relevant. [RFC2205], and [RFC3209] remain relevant.
7. Compatibility 8. Compatibility
This extension reuses and extends semantics and procedures defined in This extension reuses and extends semantics and procedures defined in
RFC 2205, RFC 3209, RFC 4090 and RFC 4875 to support ingress [RFC2205], [RFC3209], [RFC4090], and [RFC4875] to support ingress
protection. The new object defined to indicate ingress protection protection. The new object defined to indicate ingress protection
has a class number of the form 0bbbbbbb. Per RFC 2205, a node not has a Class Number of the form 0bbbbbbb. Per [RFC2205], a node not
supporting this extension will not recognize the new class number and supporting this extension will not recognize the new Class Number and
should respond with an "Unknown Object Class" error. The error should respond with an "Unknown Object Class" error. The error
message will propagate to the ingress, which can then take action to message will propagate to the ingress, which can then take action to
avoid the incompatible node as a backup ingress or may simply avoid the incompatible node as a backup ingress or may simply
terminate the session. terminate the session.
8. IANA Considerations 9. IANA Considerations
This document does not request any IANA actions.
9. Co-authors and Contributors
1. Co-authors
Autumn Liu
Ciena
USA
Email: hliu@ciena.com
Zhenbin Li
Huawei Technologies
Email: zhenbin.li@huawei.com
Yimin Shen
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: yshen@juniper.net
Tarek Saad
Cisco Systems
Email: tsaad@cisco.com
Fengman Xu
Verizon
2400 N. Glenville Dr
Richardson, TX 75082
USA
Email: fengman.xu@verizon.com
2. Contributors
Ning So
Tata Communications
2613 Fairbourne Cir.
Plano, TX 75082
USA
Email: ningso01@gmail.com
Mehmet Toy
Verizon
USA
Email: mehmet.toy@verizon.com
Lei Liu
USA
Email: liulei.kddi@gmail.com
Renwei Li
Huawei Technologies
2330 Central Expressway
Santa Clara, CA 95050
USA
Email: renwei.li@huawei.com
Quintin Zhao
Huawei Technologies
Boston, MA
USA
Email: quintin.zhao@huawei.com
Boris Zhang
Telus Communications
200 Consilium Pl Floor 15
Toronto, ON M1H 3J3
Canada
Email: Boris.Zhang@telus.com
Markus Jork
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: mjork@juniper.net
10. Acknowledgement
The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric This document has no IANA actions.
Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia
Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath,
Gregory Mirsky, and Ronhazli Adam for their valuable comments and
suggestions on this draft.
11. References 10. References
11.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119,
RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol [RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S.
Label Switching Architecture", RFC 3031, DOI 10.17487/ Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
RFC3031, January 2001, Functional Specification", RFC 2205, DOI 10.17487/RFC2205,
<https://www.rfc-editor.org/info/rfc3031>. September 1997, <https://www.rfc-editor.org/info/rfc2205>.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
<https://www.rfc-editor.org/info/rfc3209>. <https://www.rfc-editor.org/info/rfc3209>.
[RFC3936] Kompella, K. and J. Lang, "Procedures for Modifying the
Resource reSerVation Protocol (RSVP)", BCP 96, RFC 3936,
DOI 10.17487/RFC3936, October 2004,
<https://www.rfc-editor.org/info/rfc3936>.
[RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast [RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast
Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090, Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090,
DOI 10.17487/RFC4090, May 2005, DOI 10.17487/RFC4090, May 2005,
<https://www.rfc-editor.org/info/rfc4090>. <https://www.rfc-editor.org/info/rfc4090>.
[RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S.
Yasukawa, Ed., "Extensions to Resource Reservation Yasukawa, Ed., "Extensions to Resource Reservation
Protocol - Traffic Engineering (RSVP-TE) for Point-to- Protocol - Traffic Engineering (RSVP-TE) for Point-to-
Multipoint TE Label Switched Paths (LSPs)", RFC 4875, Multipoint TE Label Switched Paths (LSPs)", RFC 4875,
DOI 10.17487/RFC4875, May 2007, DOI 10.17487/RFC4875, May 2007,
<https://www.rfc-editor.org/info/rfc4875>. <https://www.rfc-editor.org/info/rfc4875>.
11.2. Informative References [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
10.2. Informative References
[RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher,
N., and A. Fulignoli, Ed., "MPLS Transport Profile N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS-
(MPLS-TP) Linear Protection", RFC 6378, DOI 10.17487/ TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378,
RFC6378, October 2011, October 2011, <https://www.rfc-editor.org/info/rfc6378>.
<https://www.rfc-editor.org/info/rfc6378>.
Acknowledgements
The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric
Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia
Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath,
Gregory Mirsky, and Ronhazli Adam for their valuable comments and
suggestions on this document.
Contributors
The following people contributed significantly to the content of this
document and should be considered coauthors:
Autumn Liu
Ciena
United States of America
Email: hliu@ciena.com
Zhenbin Li
Huawei Technologies
Email: zhenbin.li@huawei.com
Yimin Shen
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
United States of America
Email: yshen@juniper.net
Tarek Saad
Cisco Systems
Email: tsaad@cisco.com
Fengman Xu
Verizon
2400 N. Glenville Dr
Richardson, TX 75082
United States of America
Email: fengman.xu@verizon.com
The following people also contributed to the content of this
document:
Ning So
Tata Communications
2613 Fairbourne Cir.
Plano, TX 75082
United States of America
Email: ningso01@gmail.com
Mehmet Toy
Verizon
United States of America
Email: mehmet.toy@verizon.com
Lei Liu
United States of America
Email: liulei.kddi@gmail.com
Renwei Li
Huawei Technologies
2330 Central Expressway
Santa Clara, CA 95050
United States of America
Email: renwei.li@huawei.com
Quintin Zhao
Huawei Technologies
Boston, MA
United States of America
Email: quintin.zhao@huawei.com
Boris Zhang
Telus Communications
200 Consilium Pl Floor 15
Toronto, ON M1H 3J3
Canada
Email: Boris.Zhang@telus.com
Markus Jork
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
United States of America
Email: mjork@juniper.net
Authors' Addresses Authors' Addresses
Huaimo Chen (editor) Huaimo Chen (editor)
Huawei Technologies Huawei Technologies
Boston, MA Boston, MA
USA United States of America
Email: huaimo.chen@huawei.com Email: huaimo.chen@huawei.com
Raveendra Torvi (editor) Raveendra Torvi (editor)
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
USA United States of America
Email: rtorvi@juniper.net Email: rtorvi@juniper.net
 End of changes. 176 change blocks. 
561 lines changed or deleted 593 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/