Internet DRAFT - draft-deng-spring-sr-loop-free
draft-deng-spring-sr-loop-free
Spring Working Group L. Deng
Internet-Draft Y. Zhu
Intended status: Informational China Telecom
Expires: 26 May 2024 X. Geng
Z. Hu
Huawei Technologies
23 November 2023
SR based Loop-free implementation
draft-deng-spring-sr-loop-free-01
Abstract
Microloops are brief packet loops that occur in the network following
a topology change (link down, link up, node fault, or metric change
events). Microloops are caused by the non-simultaneous convergence
of different nodes in the network. If nodes converge and send
traffic to a neighbor node that has not converged yet, traffic may be
looped between these two nodes, resulting in packet loss,jitter, and
out-of-order packets. This document presents some optional
implementation methods aimed at providing loop avoidance in the case
of IGP network convergence event in different scenarios.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 26 May 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
Deng, et al. Expires 26 May 2024 [Page 1]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions used in this document . . . . . . . . . . . . . . 3
3. Anti-Microloop Scheme for Switching Scenarios . . . . . . . . 3
4. Anti-Microloop Scheme for Back-switching Scenarios . . . . . 4
5. Anti-Microloop Scheme for Multi-source Scenarios . . . . . . 6
6. Anti-Microloop Scheme for Multi-point Scenarios . . . . . . . 7
7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 7
8. Security Considerations . . . . . . . . . . . . . . . . . . . 7
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 7
11. Normative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
An IP network computes paths based on the distributed IGP protocols.
If a node or link fails, a loop may occur on the network because
LSDBs are not synchronized. Take the IS-IS/OSPF link-state protocol
as an example. Each time the network topology changes, some routers
need to update the FIB table based on the new topology. Due to the
different convergence time and convergence orders, different routers
may be asynchronous for a short time. Depending on the capability,
configuration parameters, and service volume of the device, the
database may not be synchronized in milliseconds to seconds. During
this period, each device on the packet forwarding path may be in the
pre-convergence state or the post-convergence state. If the status
is not synchronized, forwarding routes may be inconsistent and a
forwarding loop may occur. However, such a loop disappears after all
devices on the forwarding path complete convergence. Such a
transient loop is called a “microloop”. Microloops may cause packet
loss, delay variation, and packet disorder on the network.
Deng, et al. Expires 26 May 2024 [Page 2]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
The Segment Routing defined in [RFC8042] . can be used to cope with
microloop issue on the network. When a loop may occur due to a
network topology change, a network node creates a loop-free segment
list to direct traffic to the destination address. After all network
nodes converge, the network node returns to the normal forwarding
state. This effectively eliminates loops on the network.
[I-D.bashandy-rtgwg-segment-routing-uloop] describes the basic
principles of how to use Segment Routing to cope with microloop.
This document describes some optional implementation methods of SR
for microloop avoidance in different scenarios.
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119] .
3. Anti-Microloop Scheme for Switching Scenarios
Switching microloops refer to the microloop caused by node/link
failures. Along the traffic forwarding path, a loop may caused if a
node closer to the point of failure converges before a node far from
the point of failure. Figure 1 is used as an example to describe the
switching microloop caused process: when the link between R3 and R5
fails, it is assumed that R3 completes convergence first and R2 does
not complete convergence. R1 and R2 forward the packet along the
previous path to R3. Since R3 has convergenced, it forwarded the
traffic to R2 according to the route after convergence. Thus, the
switching microloops happened between R2 and R3.
+----------------------------------------------------------------+
| X link failure |
| |
| +-------+ +-------+ +-------+ |
| | R1 |------| R2 |-------| R3 | |
| +-------+ +-------+ +-------+ |
| | | |
| | X |
| | | |
| +-------+ +-------+ +-------+ |
| | R4 |-------| R5 |--------| R6 | |
| +-------+ +-------+ +-------+ |
| |
| |
+----------------------------------------------------------------+
Figure 1: Switching illustrative scenario, failure of link R3-R5
Deng, et al. Expires 26 May 2024 [Page 3]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
TI-LFA is deployed in all nodes of the network, and when the link
between R3 and R5 fails, the convergence process after deploying
switching anti-microloop is as follows:
* Phase 1: A hold-down timer T1 is configured on R3 (R3 is the
neighboring node of the failed node/link) and R3 uses TI-LFA
forwarding for the duration of T1;
* Phase 2: A hold-down timer T2 is configured on the remote node and
the node forwards traffic to R3 (specify the Node Sid of R3) for
the duration of T2;
* Phase 3: T2 timeout, the remote node returns to normal convergence
firstly;
* Phase 4: T1 timeout, R3 reverts back to normal convergence.
Time T1 must be longer than time T2. This scheme is limited to
single point of failure, the TI-LFA backup path may be affected in
case of multi-point failure.
4. Anti-Microloop Scheme for Back-switching Scenarios
Microloops may occur not only when the node/link fails, but also
after the failure node/link recovering. Figure 2 is used as an
example to introduce the process of the back-switching microloop.
After the failure node/link recovering, a loop may caused if a node
further from the point of failure converges before a node closer to
the point of failure.
R1 forwards the traffic to the destination node R6 following the path
R1->R2->R3->R5->R6. When the link between R2 and R3 fails, R1
forwards the traffic to the destination node R6 following the re-
converged path R1->R2->R4->R5->R6. After the failure link between R2
and R3 is recovered, assuming that R4 is the first to complete
convergence, R1 forwards the traffic to R2. Since R2 has not
completed convergence, the packet is still forwarded to R4 in
accordance with the path before the the failure link recovering. R4
has already completed convergence, so R4 forwards it to R2 in
accordance with the path after the the failure link recovering, and
the mircoloop occured between R2 and R4.
Deng, et al. Expires 26 May 2024 [Page 4]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
+---------------------------------------------------------------+
| & Link Recovery |
| |
| +-------+ +-------+ & +-------+ |
| | R1 |------| R2 |-------| R3 | |
| +-------+ +-------+ +-------+ |
| | | |
| | | |
| | | |
| +-------+ +-------+ +-------+ |
| | R4 |-------| R5 |--------| R6 | |
| +-------+ +-------+ +-------+ |
| |
| |
+---------------------------------------------------------------+
Figure 2: Back-switching illustrative scenario, recovery of link R2-R3
Since the network does not enter the TI-LFA forwarding process after
the node/link failure is recovered, the delay convergence cannot be
used in the back-switching scenario to prevent the generation of
microloops as in the switching scenario. In the back-switching
scenario, we only need to specify the Adj-SID of the back-switching
link to achieve loop-free.
From the above process of back-switching microloop generation, it can
be seen that microloops happens because R4 is unable to pre-install a
loop-free path computed for link up. Therefore, in order to
eliminate potential loop after the the faulty node/link recovering,
R4 needs to be able to converge to a loop-free path.
When the faulty node/link is recovered, the path can be anti-
microloop by simply specifying Adj-SIDs of the neighbor node. As
shown in Figure. 2, R4 senses that the faulty link R2-R3 is recovered
and re-converges to the destination R6 with the R4->R2->R3->R5->R6
path. The recovery of the faulty link R2-R3 does not affect the SR
path from R4 to R2, so the path from R4 to R2 must be a loop-free
path. Similarly, the path from R3 to R6 is not affected by the
recovery of the failed R2-R3 link, and the path from R3 to R6 must be
loop-free. The only thing affected is the path from R2 to R3. The
loop-free path from R4 to R6 can be determined by just specifying the
path from R2 to R3. So it is only necessary to insert an End.X SID
from R2 to R3 in the converged path of R4 End. X SID instructs the
message to be forwarded from R2 to R3, and the path from R4 to R6 is
guaranteed to be loop-free.
Deng, et al. Expires 26 May 2024 [Page 5]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
5. Anti-Microloop Scheme for Multi-source Scenarios
When an IPv4 or IPv6 prefix is advertised by multiple nodes in an IS-
IS domain, the prefix has multiple route sources, which is called a
multi-source route. This section is for the multi-source microloop
avoidance scenario, which may occur when multiple nodes advertise the
same route with inconsistent convergence speeds.
SRv6 multi-source microloop prevention mainly uses SRv6 END.X and END
SID as the label stack for multi-source microloop prevention. SR-
MPLS mainly uses the prefix SID and Adj SID as the label stack for
multi-source anti-microloop.
The following example is to describe how microloop happens when
multiple nodes advertise the same route.
1. R3 and R6 both import the route 2001:db8:3::. The link between R2
and R3 fails. It is assumed that R2 first completes convergence, and
R1 hasn’t completed convergence yet.
2. R1 forwards the packet to R2 along the path before the failure.
3. Because R2 has completed convergence, R2 forwards packets to R1
according to the next hop of the route. In this way, a loop is
formed between R1 and R2.
+---------------------------------------------------+
| X link failure |
| 2001:db8:1:: 2001:db8:2:: 2001:db8:3:: |
| +-------+ +-------+ +-------+ |
| | R1 |-------| R2 |----X---| R3 | |
| +-------+ +-------+ +-------+ |
| | |
| | |
| | |
| +-------+ +-------+ +-------+ |
| | R4 |-------| R5 |--------| R6 | |
| +-------+ +-------+ +-------+ |
| 2001:db8:4:: 2001:db8:5:: 2001:db8:6:: |
| |
+---------------------------------------------------+
Figure 3: Multi-source illustrative scenario, failure of link R2-R3
A possible solution is that: the preferred destination node of the
packets destined for 2001:db8:3:: changes from R3 to R6, but the
convergence path from R2 to R5 does not change. In this case, timer
T1 on R2 can be started. Before T1 expires, for a packet that
Deng, et al. Expires 26 May 2024 [Page 6]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
accesses the R6, an End.X SID between the R5 and the R6 or an End SID
of the R6 is added to the encapsulation in order to ensure that the
packet is forwarded to the R6. A basic principle is similar to that
of SR-MPLS.
6. Anti-Microloop Scheme for Multi-point Scenarios
TBD
7. Conclusion
There are various scenarios and different implementation methods for
loop prevention. The implementation methods proposed by this
document based on SR microloop avoidance mechanism can be used for
subsequent research and development.
8. Security Considerations
The behavior described in this document is internal functionality to
a router that result in the ability to explicitly steer traffic over
the post convergence path after a remote topology change in a manner
that guarantees loop freeness. Because the behavior serves to
minimize the disruption associated with a topology changes, it can be
seen as a modest security enhancement.
9. IANA Considerations
No requirements for IANA.
10. Acknowledgement
The authors would like to thank everyone who contributed to the
draft.
11. Normative References
[I-D.bashandy-rtgwg-segment-routing-uloop]
Bashandy, A., Filsfils, C., Litkowski, S., Decraene, B.,
Francois, P., and P. Psenak, "Loop avoidance using Segment
Routing", Work in Progress, Internet-Draft, draft-
bashandy-rtgwg-segment-routing-uloop-15, 18 June 2023,
<https://datatracker.ietf.org/doc/html/draft-bashandy-
rtgwg-segment-routing-uloop-15>.
[I-D.ietf-rtgwg-segment-routing-ti-lfa]
Litkowski, S., Bashandy, A., Filsfils, C., Francois, P.,
Decraene, B., and D. Voyer, "Topology Independent Fast
Reroute using Segment Routing", Work in Progress,
Deng, et al. Expires 26 May 2024 [Page 7]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
Internet-Draft, draft-ietf-rtgwg-segment-routing-ti-lfa-
12, 17 November 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-
segment-routing-ti-lfa-12>.
[I-D.ietf-spring-segment-protection-sr-te-paths]
Hegde, S., Bowers, C., Litkowski, S., Xu, X., and F. Xu,
"Segment Protection for SR-TE Paths", Work in Progress,
Internet-Draft, draft-ietf-spring-segment-protection-sr-
te-paths-05, 27 September 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-
segment-protection-sr-te-paths-05>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8042] Zhang, Z., Wang, L., and A. Lindem, "OSPF Two-Part
Metric", RFC 8042, DOI 10.17487/RFC8042, December 2016,
<https://www.rfc-editor.org/info/rfc8042>.
Authors' Addresses
Lijie Deng
China Telecom
109, West Zhongshan Road, Tianhe District
Guangzhou
Guangzhou, 510000
China
Email: denglj4@chinatelecom.cn
Yongqing Zhu
China Telecom
109, West Zhongshan Road, Tianhe District
Guangzhou
Guangzhou, 510000
China
Email: zhuyq8@chinatelecom.cn
Xuesong Geng
Huawei Technologies
Huawei Building, No.156 Beiqing Rd
Beijing
Beijing, 100095
China
Deng, et al. Expires 26 May 2024 [Page 8]
�
Internet-Draft draft-deng-spring-sr-loop-free November 2023
Email: gengxuesong@huawei.com
Zhibo Hu
Huawei Technologies
Huawei Building, No.156 Beiqing Rd
Beijing
Beijing, 100095
China
Email: huzhibo@huawei.com
Deng, et al. Expires 26 May 2024 [Page 9]
