Internet DRAFT - draft-ietf-teas-rsvp-egress-protection
draft-ietf-teas-rsvp-egress-protection
Internet Engineering Task Force H. Chen
Internet-Draft Huawei Technologies
Intended status: Standards Track A. Liu
Expires: September 19, 2018 Ciena
T. Saad
Cisco Systems
F. Xu
Verizon
L. Huang
China Mobile
March 18, 2018
Extensions to RSVP-TE for LSP Egress Local Protection
draft-ietf-teas-rsvp-egress-protection-16.txt
Abstract
This document describes extensions to Resource Reservation Protocol -
Traffic Engineering (RSVP-TE) for locally protecting the egress
node(s) of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP)
Traffic Engineered (TE) Label Switched Path (LSP).
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 19, 2018.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Chen, et al. Expires September 19, 2018 [Page 1]
�
Internet-Draft RSVP LSP Egress Protection March 2018
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Egress Local Protection . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 4
3. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 5
4.1. Extensions to SERO . . . . . . . . . . . . . . . . . . . . 5
4.1.1. Primary Egress Subobject . . . . . . . . . . . . . . . 7
4.1.2. P2P LSP ID Subobject . . . . . . . . . . . . . . . . . 8
5. Egress Protection Behaviors . . . . . . . . . . . . . . . . . 9
5.1. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 9
5.2. Primary Egress Behavior . . . . . . . . . . . . . . . . . 10
5.3. Backup Egress Behavior . . . . . . . . . . . . . . . . . . 10
5.4. Transit Node and PLR Behavior . . . . . . . . . . . . . . 11
5.4.1. Signaling for One-to-One Protection . . . . . . . . . 12
5.4.2. Signaling for Facility Protection . . . . . . . . . . 12
5.4.3. Signaling for S2L Sub LSP Protection . . . . . . . . . 13
5.4.4. PLR Procedures during Local Repair . . . . . . . . . . 13
6. Application Traffic Considerations . . . . . . . . . . . . . . 14
6.1. A Typical Application . . . . . . . . . . . . . . . . . . 14
6.2. PLR Procedure for Applications . . . . . . . . . . . . . . 16
6.3. Egress Procedures for Applications . . . . . . . . . . . . 17
7. Security Considerations . . . . . . . . . . . . . . . . . . . 17
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
9. Co-authors and Contributors . . . . . . . . . . . . . . . . . 18
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 19
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
11.1. Normative References . . . . . . . . . . . . . . . . . . . 19
11.2. Informative References . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
Chen, et al. Expires September 19, 2018 [Page 2]
�
Internet-Draft RSVP LSP Egress Protection March 2018
1. Introduction
RFC 4090 describes two methods for locally protecting the transit
nodes of a P2P LSP: one-to-one and facility protection. RFC 4875
specifies how these methods can be used to protect the transit nodes
of a P2MP LSP. These documents do not discuss the procedures for
locally protecting the egress node(s) of an LSP.
This document fills that void and specifies extensions to RSVP-TE for
local protection of the egress node(s) of an LSP. Egress node and
egress will be used exchangeably.
1.1. Egress Local Protection
In general, locally protecting an egress node of an LSP means that
when the egress node fails, the traffic that the LSP carries will be
delivered to its destination by the direct upstream node of the
egress node to a backup egress node. Without protecting the egress
node of the LSP, when the egress node fails, the traffic will be lost
(i.e., the traffic will not be delivered to its destination).
Figure 1 shows an example of using backup LSPs to locally protect
egress nodes L1 and L2 of a primary P2MP LSP starting from ingress
R1. La and Lb are the designated backup egress nodes for primary
egress nodes L1 and L2 respectively. The backup LSP for protecting
L1 is from its upstream node R3 to backup egress node La and the
backup LSP for protecting L2 is from R5 to Lb.
******* ******* S Source
[R2]-----[R3]-----[L1] CEx Customer Edge
*/ &\ \ Rx Non-Egress
*/ &\ \ Lx Egress
*/ &\ [CE1] *** Primary LSP
*/ &\ / &&& Backup LSP
*/ &\ /
*/ [La]
*/
*/
*/
*/ ******** ******** *******
[S]---[R1]------[R4]------[R5]-----[L2]
&\ \
&\ \
&\ [CE2]
&\ /
&\ /
[Lb]
Chen, et al. Expires September 19, 2018 [Page 3]
�
Internet-Draft RSVP LSP Egress Protection March 2018
Figure 1: Backup LSP for Locally Protecting Egress
During normal operations, the traffic carried by the P2MP LSP is sent
through R3 to L1, which delivers the traffic to its destination CE1.
When R3 detects the failure of L1, R3 switches the traffic to the
backup LSP to backup egress node La, which delivers the traffic to
CE1. The time for switching the traffic is within tens of
milliseconds.
The exact mechanism by which the failure of the primary egress node
is detected by the upstream node R3 is out of the scope of this
document.
In the beginning, the primary P2MP LSP from ingress R1 to primary
egress nodes L1 and L2 is configured. It may be used to transport
the traffic from source S connected to R1 to destinations CE1 and CE2
connected to L1 and L2 respectively.
To protect the primary egress nodes L1 and L2, one configures on the
ingress R1 a backup egress node for L1, another backup egress node
for L2 and other options. After the configuration, the ingress sends
a Path message for the LSP with the information such as SEROs (refer
to section 4.1) containing the backup egress nodes for protecting the
primary egress nodes.
After receiving the Path message with the information, the upstream
node of a primary egress node sets up a backup LSP to the
corresponding backup egress node for protecting the primary egress
node.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
3. Terminologies
The following terminologies are used in this document.
LSP: Label Switched Path
TE: Traffic Engineering
Chen, et al. Expires September 19, 2018 [Page 4]
�
Internet-Draft RSVP LSP Egress Protection March 2018
P2MP: Point-to-MultiPoint
P2P: Point-to-Point
LSR: Label Switching Router
RSVP: Resource ReSerVation Protocol
S2L: Source-to-Leaf
SERO: Secondary Explicit Route Object
RRO: Record Route Object
BFD: Bidirectional Forwarding Detection
VPN: Virtual Private Network
L3VPN: Layer 3 VPN
VRF: Virtual Routing and Forwarding
LFIB: Label Forwarding Information Base
UA: Upstream Assigned
PLR: Point of Local Repair
BGP: Border Gateway Protocol
CE: Customer Edge
PE: Provider Edge
4. Protocol Extensions
4.1. Extensions to SERO
The Secondary Explicit Route object (SERO) is defined in RFC 4873.
The format of the SERO is re-used.
The SERO used for protecting a primary egress node of a primary LSP
may be added into the Path messages for the LSP and sent from the
ingress node of the LSP to the upstream node of the egress node. It
contains three subobjects.
The first subobject (refer to RFC 4873 Section 4.2) indicates the
Chen, et al. Expires September 19, 2018 [Page 5]
�
Internet-Draft RSVP LSP Egress Protection March 2018
branch node that is to originate the backup LSP (to a backup egress
node). The branch node is typically the direct upstream node of the
primary egress node of the primary LSP. If the direct upstream node
does not support local protection against the failure of the primary
egress node, the branch node can be any (upstream) node on the
primary LSP. In this case, the backup LSP from the branch node to
the backup egress node protects against failures on the segment of
the primary LSP from the branch node to the primary egress node,
including the primary egress node.
The second subobject is an egress protection subobject, which is a
PROTECTION object with a new C-TYPE (TBA1). The format of the egress
protection subobject is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|L| Type | Length | Reserved | C-Type (TBA1) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |E-Flags|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional subobjects |
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
E-Flags are defined for egress local protection.
Bit 31 (Egress local protection flag): It is the least significant
bit of the 32-bit word and is set to 1 indicating an egress local
protection.
Bit 30 (S2L sub LSP backup desired flag): It is the second least
significant bit of the 32-bit word and is set to 1 indicating S2L
sub LSP (ref to RFC 4875) is desired for protecting an egress of a
P2MP LSP.
The Reserved parts MUST be set to zero on transmission and MUST be
ignored on receipt.
Four optional subobjects are defined. They are IPv4 and IPv6 primary
egress node, IPv4 and IPv6 P2P LSP ID subobjects. IPv4 and IPv6
primary egress node subobjects indicate the IPv4 and IPv6 address of
the primary egress node respectively. IPv4 and IPv6 P2P LSP ID
subobjects contains the information for identifying IPv4 and IPv6
backup point-to-point (P2P) LSP tunnels respectively. Their contents
are described in sections 4.1.1 through 4.1.2.2. They have the
following format:
Chen, et al. Expires September 19, 2018 [Page 6]
�
Internet-Draft RSVP LSP Egress Protection March 2018
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved (zero) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Contents/Body of subobject |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where Type is the type of a subobject, Length is the total size of
the subobject in bytes, including Type, Length and Contents fields.
The Reserved field MUST be set to zero on transmission and MUST be
ignored on receipt.
The third (final) subobject (refer to RFC 4873 Section 4.2) in the
SERO contains the egress node of the backup LSP, i.e., the address of
the backup egress node in the place of the merge node.
After the upstream node of the primary egress node as the branch node
receives the SERO and determines a backup egress node for the primary
egress node, it computes a path from itself to the backup egress node
and sets up a backup LSP along the path for protecting the primary
egress node according to the information in the FAST_REROUTE object
in the Path message. For example, if facility protection is desired,
facility protection is provided for the primary egress node.
The upstream node constructs a new SERO based on the SERO received
and adds the new SERO into the Path message for the backup LSP. The
new SERO also contains three subobjects as the SERO for the primary
LSP. The first subobject in the new SERO indicates the upstream
node, which may be copied from the first subobject in the SERO
received. The second subobject in the new SERO includes a primary
egress node, which indicates the address of the primary egress node.
The third one contains the backup egress node.
The upstream node updates the SERO in the Path message for the
primary LSP. The egress protection subobject in the SERO contains a
subobject called a P2P LSP ID subobject, which contains the
information for identifying the backup LSP. The final subobject in
the SERO indicates the address of the backup egress node.
4.1.1. Primary Egress Subobject
There are two primary egress subobjects. One is IPv4 primary egress
subobject and the other is IPv6 primary egress subobject.
The Type of an IPv4 primary egress subobject is 1, and the body of
the subobject is given below:
Chen, et al. Expires September 19, 2018 [Page 7]
�
Internet-Draft RSVP LSP Egress Protection March 2018
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o IPv4 address: IPv4 address of the primary egress node
The Type of an IPv6 primary egress subobject is 2, and the body of
the subobject is shown below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 address (16 bytes) |
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o IPv6 address: The IPv6 address of the primary egress node
4.1.2. P2P LSP ID Subobject
A P2P LSP ID subobject contains the information for identifying a
backup point-to-point (P2P) LSP tunnel.
4.1.2.1. IPv4 P2P LSP ID Subobject
The Type of an IPv4 P2P LSP ID subobject is 3, and the body of the
subobject is shown below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| P2P LSP Tunnel Egress IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (MUST be zero) | Tunnel ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extended Tunnel ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o P2P LSP Tunnel Egress IPv4 Address:
IPv4 address of the egress node of the tunnel
o Tunnel ID (ref to RFC 4875 and RFC 3209):
A 16-bit identifier being constant over the life of the tunnel
occupies the least significant 16 bits of the 32 bit word.
o Extended Tunnel ID (ref to RFC 4875 and RFC 3209):
A 4-byte identifier being constant over the life of the tunnel
Chen, et al. Expires September 19, 2018 [Page 8]
�
Internet-Draft RSVP LSP Egress Protection March 2018
4.1.2.2. IPv6 P2P LSP ID Subobject
The Type of an IPv6 P2P LSP ID subobject is 4, and the body of the
subobject is illustrated below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ P2P LSP Tunnel Egress IPv6 Address (16 bytes) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (MUST be zero) | Tunnel ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Extended Tunnel ID (16 bytes) ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o P2P LSP Tunnel Egress IPv6 Address:
IPv6 address of the egress node of the tunnel
o Tunnel ID (ref to RFC 4875 and RFC 3209):
A 16-bit identifier being constant over the life of the tunnel
occupies the least significant 16 bits of the 32 bit word.
o Extended Tunnel ID (ref to RFC 4875 and RFC 3209):
A 16-byte identifier being constant over the life of the tunnel
5. Egress Protection Behaviors
5.1. Ingress Behavior
To protect a primary egress node of an LSP, the ingress MUST set the
"label recording desired" flag and the "node protection desired" flag
in the SESSION_ATTRIBUTE object.
If one-to-one backup or facility backup is desired to protect a
primary egress node of an LSP, the ingress MUST include a
FAST_REROUTE object and set the "One-to-One Backup Desired" or
"Facility Backup Desired" flag respectively.
If S2L Sub LSP backup is desired to protect a primary egress node of
a P2MP LSP, the ingress MUST set the "S2L Sub LSP Backup Desired"
flag in an SERO object.
The decision to instantiate a backup egress for protecting the
primary egress of an LSP can be initiated by either the ingress or
the primary egress of that LSP, but not both.
A backup egress node MUST be configured on the ingress of an LSP to
protect a primary egress node of the LSP if and only if the backup
Chen, et al. Expires September 19, 2018 [Page 9]
�
Internet-Draft RSVP LSP Egress Protection March 2018
egress node is not configured on the primary egress node (refer to
section 5.2).
The ingress MUST send a Path message for the LSP with the objects
above and the SEROs for protecting egress nodes of the LSP if
protection of the egress nodes is desired. For each primary egress
node of the LSP to be protected, the ingress MUST add an SERO object
into the Path message if the backup egress node or some options are
given. If the backup egress node is given, then the final subobject
in the SERO contains it; otherwise the address in the final subobject
is zero.
5.2. Primary Egress Behavior
To protect a primary egress node of an LSP, a backup egress node MUST
be configured on the primary egress node of the LSP to protect the
primary egress node if and only if the backup egress node is not
configured on the ingress of the LSP (refer to section 5.1).
If the backup egress node is configured on the primary egress node of
the LSP, the primary egress node MUST send its upstream node a Resv
message for the LSP with an SERO for protecting the primary egress
node. It sets the flags in the SERO in the same way as an ingress.
If the LSP carries the service traffic with a service label, the
primary egress node sends its corresponding backup egress node the
information about the service label as a UA label and the related
forwarding.
5.3. Backup Egress Behavior
When a backup egress node receives a Path message for an LSP, it
determines whether the LSP is used for egress local protection
through checking the SERO with egress protection subobject in the
message. If there is an egress protection subobject in the Path
message for the LSP and the Egress local protection flag in the
object is set to one, the LSP is the backup LSP for egress local
protection. The primary egress node to be protected is in the
primary egress subobject in the SERO.
When the backup egress node receives the information about a UA label
and its related forwarding from the primary egress node, it uses the
backup LSP label as a context label and creates a forwarding entry
using the information about the UA label and the related forwarding.
This forwarding entry is in a forwarding table for the primary egress
node.
When the primary egress node fails, its upstream node switches the
Chen, et al. Expires September 19, 2018 [Page 10]
�
Internet-Draft RSVP LSP Egress Protection March 2018
traffic from the primary LSP to the backup LSP to the backup egress
node, which delivers the traffic to its receiver such as CE using the
backup LSP label as a context label to get the forwarding table for
the primary egress node and the service label as UA label to find the
forwarding entry in the table to forward the traffic to the receiver.
5.4. Transit Node and PLR Behavior
If a transit node of an LSP receives the Path message with the SEROs
and it is not an upstream node of any primary egress node of the LSP
as a branch node, it MUST forward them unchanged.
If the transit node is the upstream node of a primary egress node to
be protected as a branch node, it determines the backup egress node,
obtains a path for the backup LSP and sets up the backup LSP along
the path. If the upstream node receives the Resv message with an
SERO object, it MUST sends its upstream node the Resv message without
the object.
The PLR (upstream node of the primary egress node as the branch node)
MUST extract the backup egress node from the respective SERO object
in either a Path or a Resv message. If no matching SERO object is
found, the PLR tries to find the backup egress node, which is not the
primary egress node but has the same IP address as the destination IP
address of the LSP.
Note that if a backup egress node is not configured explicitly for
protecting a primary egress node, the primary egress node and the
backup egress node SHOULD have a same local address configured, and
the cost to the local address on the backup egress node SHOULD be
much bigger than the cost to the local address on the primary egress
node. Thus primary egress node and backup egress node is considered
as a virtual node. Note that the backup egress node is different
from this local address (e.g., from the primary egress node' view).
In other words, it is identified by an address different from this
local address.
After obtaining the backup egress node, the PLR computes a backup
path from itself to the backup egress node and sets up a backup LSP
along the path. It excludes the segment including the primary egress
node to be protected when computing the path. The PLR sends the
primary egress node a Path message with an SERO for the primary LSP,
which indicates the backup egress node by the final subobject in the
SERO. The PLR puts an SERO into the Path messages for the backup
LSP, which indicates the primary egress node.
The PLR MUST provide one-to-one backup protection for the primary
egress node if the "One-to-One Backup Desired" flag is set in the
Chen, et al. Expires September 19, 2018 [Page 11]
�
Internet-Draft RSVP LSP Egress Protection March 2018
message; otherwise, it MUST provide facility backup protection if the
"Facility Backup Desired flag" is set.
The PLR MUST set the protection flags in the RRO Sub-object for the
primary egress node in the Resv message according to the status of
the primary egress node and the backup LSP protecting the primary
egress node. For example, it sets the "local protection available"
and the "node protection" flag indicating that the primary egress
node is protected when the backup LSP is up and ready for protecting
the primary egress node.
5.4.1. Signaling for One-to-One Protection
The behavior of the upstream node of a primary egress node of an LSP
as a PLR is the same as that of a PLR for one-to-one backup described
in RFC 4090 except for that the upstream node as a PLR creates a
backup LSP from itself to a backup egress node in a session different
from the primary LSP.
If the LSP is a P2MP LSP and a primary egress node of the LSP is also
a transit node (i.e., bud node), the upstream node of the primary
egress node as a PLR creates a backup LSP from itself to each of the
next hops of the primary egress node.
When the PLR detects the failure of the primary egress node, it
switches the packets from the primary LSP to the backup LSP to the
backup egress node. For the failure of the bud node of a P2MP LSP,
the PLR also switches the packets to the backup LSPs to the bud
node's next hops, where the packets are merged into the primary LSP.
5.4.2. Signaling for Facility Protection
Except for backup LSP and downstream label, the behavior of the
upstream node of the primary egress node of a primary LSP as a PLR
follows the PLR behavior for facility backup described in RFC 4090.
For a number of primary P2P LSPs going through the same PLR to the
same primary egress node, the primary egress node of these LSPs MAY
be protected by one backup LSP from the PLR to the backup egress node
designated for protecting the primary egress node.
The PLR selects or creates a backup LSP from itself to the backup
egress node. If there is a backup LSP that satisfies the constraints
given in the Path message, then this one is selected; otherwise, a
new backup LSP to the backup egress node is created.
After getting the backup LSP, the PLR associates the backup LSP with
a primary LSP for protecting its primary egress node. The PLR
Chen, et al. Expires September 19, 2018 [Page 12]
�
Internet-Draft RSVP LSP Egress Protection March 2018
records that the backup LSP is used to protect the primary LSP
against its primary egress node failure and MUST include an SERO
object in the Path message for the primary LSP. The object MUST
contain the backup LSP ID. It indicates that the primary egress node
MUST send the backup egress node the service label as UA label and
the information about forwarding the traffic to its destination using
the label if there is a service carried by the LSP and the primary
LSP label as UA label if the label is not implicit null. How UA
label is sent is out of scope for this document.
When the PLR detects the failure of the primary egress node, it
redirects the packets from the primary LSP into the backup LSP to
backup egress node and keeps the primary LSP label from the primary
egress node in the label stack if the label is not implicit null.
The backup egress node delivers the packets to the same destinations
as the primary egress node using the backup LSP label as context
label and the labels under as UA labels.
5.4.3. Signaling for S2L Sub LSP Protection
The S2L Sub LSP Protection uses a S2L Sub LSP (ref to RFC 4875) as a
backup LSP to protect a primary egress node of a P2MP LSP. The PLR
MUST determine to protect a primary egress node of a P2MP LSP via S2L
sub LSP protection when it receives a Path message with flag "S2L Sub
LSP Backup Desired" set.
The PLR MUST set up the backup S2L sub LSP to the backup egress node,
create and maintain its state in the same way as of setting up a
source to leaf (S2L) sub LSP defined in RFC 4875 from the signaling's
point of view. It computes a path for the backup LSP from itself to
the backup egress node, constructs and sends a Path message along the
path, receives and processes a Resv message responding to the Path
message.
After receiving the Resv message for the backup LSP, the PLR creates
a forwarding entry with an inactive state or flag called inactive
forwarding entry. This inactive forwarding entry is not used to
forward any data traffic during normal operations.
When the PLR detects the failure of the primary egress node, it
changes the forwarding entry for the backup LSP to active. Thus, the
PLR forwards the traffic to the backup egress through the backup LSP,
which sends the traffic to its destination.
5.4.4. PLR Procedures during Local Repair
When the upstream node of a primary egress node of an LSP as a PLR
detects the failure of the primary egress node, it follows the
Chen, et al. Expires September 19, 2018 [Page 13]
�
Internet-Draft RSVP LSP Egress Protection March 2018
procedures defined in section 6.5 of RFC 4090. It SHOULD notify the
ingress about the failure of the primary egress node in the same way
as a PLR notifies the ingress about the failure of a transit node.
Moreover, the PLR MUST let the upstream part of the primary LSP stay
alive after the primary egress node fails through sending Resv
message to its upstream node along the primary LSP. The downstream
part of the primary LSP from the PLR to the primary egress node
SHOULD be removed. When a bypass LSP from the PLR to a backup egress
node protects the primary egress node, the PLR MUST NOT send any Path
message for the primary LSP through the bypass LSP to the backup
egress node.
In the local revertive mode, the PLR will re-signal each of the
primary LSPs that were routed over the restored resource once it
detects that the resource is restored. Every primary LSP
successfully re-signaled along the restored resource will be switched
back.
Note that the procedure for protecting the primary egress node is
triggered on the PLR if the primary egress node failure is
determined. If link (from PLR to primary egress node) failure and
primary egress node alive are determined, then link protection
procedure is triggered on the PLR. How to determine these is out of
scope for this document.
6. Application Traffic Considerations
This section focuses on an example with application traffic carried
by P2P LSPs.
6.1. A Typical Application
L3VPN is a typical application. Figure 2 below shows a simple VPN,
which consists of two CEs, CE1 and CE2, connected to two PEs, R1 and
L1, respectively. There is a P2P LSP from R1 to L1, which is
represented by stars (****). This LSP is called the primary LSP. R1
is the ingress of the LSP and L1 is the (primary) egress node of the
LSP. R1 sends the VPN traffic received from CE1 through the P2P LSP
to L1, which delivers the traffic to CE2. R1 sends the VPN traffic
with a LSP label and a VPN label via the LSP. When the traffic
reaches the egress node L1 of the LSP, L1 pops the LSP label and uses
the VPN label to deliver the traffic to CE2.
In previous solutions based on ingress protection to protect the VPN
traffic against failure of the egress node L1 of the LSP, when the
egress node fails, the ingress R1 of the LSP does the reroute (refer
Chen, et al. Expires September 19, 2018 [Page 14]
�
Internet-Draft RSVP LSP Egress Protection March 2018
to Figure 2). This solution entailed:
1. A multi-hop BFD session between ingress R1 and egress node L1 of
primary LSP. The BFD session is represented by dots (....).
2. A backup LSP from ingress R1 to backup egress node La, which is
indicated by ands (&&&&).
3. La sends R1 a VPN backup label and related information via BGP.
4. R1 has a VRF with two sets of routes for CE2: one set uses the
primary LSP and L1 as next hop; the other uses the backup LSP and
La as next hop.
***** *****
CE1,CE2 in [R2]-----[R3]-----[L1] **** Primary LSP
one VPN */ : \ &&&& Backup LSP
*/ .................: \ .... BFD Session
[CE1]--[R1] ..: [CE2]
&\ /
&\ /
[R4]-----[R5]-----[La](BGP sends R1 VPN backup label)
&&&&& &&&&&
Figure 2: Protect Egress for L3VPN Traffic
In normal operations, R1 sends the VPN traffic from CE1 through the
primary LSP with the VPN label received from L1 as inner label to L1,
which delivers the traffic to CE2 using the VPN label.
When R1 detects the failure of L1, R1 sends the traffic from CE1 via
the backup LSP with the VPN backup label received from La as inner
label to La, which delivers the traffic to CE2 using the VPN backup
label.
The solution defined in this document using egress local protection
for protecting L3VPN traffic entails (refer to Figure 3):
1. A BFD session between R3 (i.e., upstream of L1) and egress node
L1 of the primary LSP. This is different from the BFD session in
Figure 2, which is multi-hop between ingress R1 and egress node
L1. The PLR R3 is closer to L1 than the ingress R1. It may
detect the failure of the egress node L1 faster and more
reliably. Therefore, this solution can provide faster protection
for failure of an egress node.
Chen, et al. Expires September 19, 2018 [Page 15]
�
Internet-Draft RSVP LSP Egress Protection March 2018
2. A backup LSP from R3 to backup egress node La. This is different
from the backup LSP in Figure 2, which is an end to end LSP from
ingress R1 to backup egress node La.
3. Primary egress node L1 sends backup egress node La the VPN label
as UA label and related information. The backup egress node La
uses the backup LSP label as a context label and creates a
forwarding entry using the VPN label in a LFIB for the primary
egress node L1.
4. L1 and La is virtualized as one node (or address). R1 has a VRF
with one set of routes for CE2, using the primary LSP from R1 to
L1 and virtualized node as next hop. This can be achieved by
configuring a same local address on L1 and La, using the address
as a destination of the LSP and BGP next hop for the VPN traffic.
The cost to L1 is configured to be less than the cost to La.
***** *****
CE1,CE2 in [R2]-----[R3]-----[L1] **** Primary LSP
one VPN */ &\:.....: \ &&&& Backup LSP
*/ &\ \ .... BFD Session
[CE1]--[R1] &\ [CE2]
&\ /
&\ /
[La](VPN label from L1 as UA label)
Figure 3: Locally Protect Egress for L3VPN Traffic
In normal operations, R1 sends the VPN traffic from CE1 via the
primary LSP with the VPN label as inner label to L1, which delivers
the traffic to CE2 using the VPN label.
When the primary egress node L1 fails, its upstream node R3 detects
it and switches the VPN traffic from the primary LSP to the backup
LSP to La, which delivers the traffic to CE2 using the backup LSP
label as a context label to get the LFIB for L1 and the VPN label as
UA label to find the forwarding entry in the LFIB to forward the
traffic to CE2.
6.2. PLR Procedure for Applications
When the PLR gets a backup LSP from itself to a backup egress node
for protecting a primary egress node of a primary LSP, it includes an
SERO object in the Path message for the primary LSP. The object
contains the ID information of the backup LSP and indicates that the
primary egress node sends the backup egress node the application
traffic label (e.g., the VPN label) as UA label when needed.
Chen, et al. Expires September 19, 2018 [Page 16]
�
Internet-Draft RSVP LSP Egress Protection March 2018
6.3. Egress Procedures for Applications
When a primary egress node of an LSP sends the ingress of the LSP a
label for an application such as a VPN label, it sends the backup
egress node for protecting the primary egress node the label as a UA
label. Exactly how the label is sent is out of scope for this
document.
When the backup egress node receives a UA label from the primary
egress node, it adds a forwarding entry with the label into the LFIB
for the primary egress node. When the backup egress node receives a
packet from the backup LSP, it uses the top label as a context label
to find the LFIB for the primary egress node and the inner label to
deliver the packet to the same destination as the primary egress node
according to the LFIB.
7. Security Considerations
This document builds upon existing work, specifically the security
considerations of RFCs 4090, 4875, 3209 and 2205 continue to apply.
Additionally, protecting a primary egress node of a P2P LSP carrying
service traffic through a backup egress node requires an out-of-band
communication between the primary egress node and the backup egress
node, in order for the primary egress node to convey a service label
as UA label and its related forwarding information to the backup
egress node. It is important to confirm that the identifiers used to
identify the primary and backup egress nodes in the LSP are verified
to match with the identifiers used in the out-of-band protocol (such
as BGP).
8. IANA Considerations
IANA maintains a registry called "Class Names, Class Numbers, and
Class Types" under "Resource Reservation Protocol (RSVP) Parameters".
IANA is requested to assign a new C-Type under PROTECTION object
class, Class Number 37:
Value Description Definition
----- ----------- ----------
TBA1(suggested value 3) Egress Protection Section 4.1
IANA is requested to create and maintain a new registry under
PROTECTION object class (Class Number 37) and Egress Protection
(C-Type TBA1). Initial values for the registry are given below. The
future assignments are to be made through IETF Review (RFC 8216).
Chen, et al. Expires September 19, 2018 [Page 17]
�
Internet-Draft RSVP LSP Egress Protection March 2018
Value Name Definition
----- ---- ----------
0 Reserved
1 IPv4_PRIMARY_EGRESS Section 4.1.1
2 IPv6_PRIMARY_EGRESS Section 4.1.1
3 IPv4_P2P_LSP_ID Section 4.1.2
4 IPv6_P2P_LSP_ID Section 4.1.2
5-127 Unassigned
128-255 Reserved
9. Co-authors and Contributors
1. Co-authors
Ning So
Tata
E-mail: ningso01@gmail.com
Mehmet Toy
Verizon
E-mail: mehmet.toy@verizon.com
Lei Liu
Fujitsu
E-mail: lliu@us.fujitsu.com
Zhenbin Li
Huawei Technologies
Email: lizhenbin@huawei.com
2. Contributors
Boris Zhang
Telus Communications
Email: Boris.Zhang@telus.com
Nan Meng
Huawei Technologies
Email: mengnan@huawei.com
Chen, et al. Expires September 19, 2018 [Page 18]
�
Internet-Draft RSVP LSP Egress Protection March 2018
Prejeeth Kaladharan
Huawei Technologies
Email: prejeeth@gmail.com
Vic Liu
China Mobile
Email: liu.cmri@gmail.com
10. Acknowledgement
The authors would like to thank Richard Li, Nobo Akiya, Lou Berger,
Jeffrey Zhang, Lizhong Jin, Ravi Torvi, Eric Gray, Olufemi Komolafe,
Michael Yue, Daniel King, Rob Rennison, Neil Harrison, Kannan
Sampath, Yimin Shen, Ronhazli Adam and Quintin Zhao for their
valuable comments and suggestions on this draft.
11. References
11.1. Normative References
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
<https://www.rfc-editor.org/info/rfc3209>.
[RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast
Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090,
DOI 10.17487/RFC4090, May 2005,
<https://www.rfc-editor.org/info/rfc4090>.
[RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S.
Yasukawa, Ed., "Extensions to Resource Reservation
Protocol - Traffic Engineering (RSVP-TE) for Point-to-
Multipoint TE Label Switched Paths (LSPs)", RFC 4875,
DOI 10.17487/RFC4875, May 2007,
<https://www.rfc-editor.org/info/rfc4875>.
[RFC4873] Berger, L., Bryskin, I., Papadimitriou, D., and A. Farrel,
"GMPLS Segment Recovery", RFC 4873, DOI 10.17487/RFC4873,
May 2007, <https://www.rfc-editor.org/info/rfc4873>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
Chen, et al. Expires September 19, 2018 [Page 19]
�
Internet-Draft RSVP LSP Egress Protection March 2018
11.2. Informative References
[RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S.
Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
Functional Specification", RFC 2205, DOI 10.17487/RFC2205,
September 1997, <https://www.rfc-editor.org/info/rfc2205>.
[RFC5331] Aggarwal, R., Rekhter, Y., and E. Rosen, "MPLS Upstream
Label Assignment and Context-Specific Label Space",
RFC 5331, DOI 10.17487/RFC5331, August 2008,
<https://www.rfc-editor.org/info/rfc5331>.
[RFC4872] Lang, J., Ed., Rekhter, Y., Ed., and D. Papadimitriou,
Ed., "RSVP-TE Extensions in Support of End-to-End
Generalized Multi-Protocol Label Switching (GMPLS)
Recovery", RFC 4872, DOI 10.17487/RFC4872, May 2007,
<https://www.rfc-editor.org/info/rfc4872>.
[RFC3473] Berger, L., Ed., "Generalized Multi-Protocol Label
Switching (GMPLS) Signaling Resource ReserVation Protocol-
Traffic Engineering (RSVP-TE) Extensions", RFC 3473,
DOI 10.17487/RFC3473, January 2003,
<https://www.rfc-editor.org/info/rfc3473>.
[FRAMEWK] Shen, Y., Jeyananth, M., Decraene, B., and H. Gredler,
"MPLS Egress Protection Framework",
draft-shen-mpls-egress-protection-framework ,
October 2016.
Authors' Addresses
Huaimo Chen
Huawei Technologies
Boston, MA
USA
Email: huaimo.chen@huawei.com
Autumn Liu
Ciena
USA
Email: hliu@ciena.com
Chen, et al. Expires September 19, 2018 [Page 20]
�
Internet-Draft RSVP LSP Egress Protection March 2018
Tarek Saad
Cisco Systems
Email: tsaad@cisco.com
Fengman Xu
Verizon
2400 N. Glenville Dr
Richardson, TX 75082
USA
Email: fengman.xu@verizon.com
Lu Huang
China Mobile
No.32 Xuanwumen West Street, Xicheng District
Beijing, 100053
China
Email: huanglu@chinamobile.com
Chen, et al. Expires September 19, 2018 [Page 21]
�
