GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc8424

Internet Engineering Task Force (IETF) H. Chen, Ed. Request for Comments: 8424 Huawei Technologies Category: Experimental R. Torvi, Ed. ISSN: 2070-1721 Juniper Networks

                                                           August 2018
        Extensions to RSVP-TE for Label Switched Path (LSP)
               Ingress Fast Reroute (FRR) Protection

Abstract

 This document describes extensions to Resource Reservation Protocol -
 Traffic Engineering (RSVP-TE) for locally protecting the ingress node
 of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic
 Engineered (TE) Label Switched Path (LSP).  It extends the Fast
 Reroute (FRR) protection for transit nodes of an LSP to the ingress
 node of the LSP.  The procedures described in this document are
 experimental.

Status of This Memo

 This document is not an Internet Standards Track specification; it is
 published for examination, experimental implementation, and
 evaluation.
 This document defines an Experimental Protocol for the Internet
 community.  This document is a product of the Internet Engineering
 Task Force (IETF).  It represents the consensus of the IETF
 community.  It has received public review and has been approved for
 publication by the Internet Engineering Steering Group (IESG).  Not
 all documents approved by the IESG are candidates for any level of
 Internet Standard; see Section 2 of RFC 7841.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 https://www.rfc-editor.org/info/rfc8424.

Chen & Torvi Experimental [Page 1] RFC 8424 LSP Ingress Protection August 2018

Copyright Notice

 Copyright (c) 2018 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (https://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.

Chen & Torvi Experimental [Page 2] RFC 8424 LSP Ingress Protection August 2018

Table of Contents

 1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
   1.1.  Ingress Local Protection Example  . . . . . . . . . . . .   5
   1.2.  Ingress Local Protection Overview . . . . . . . . . . . .   6
 2.  Conventions Used in This Document . . . . . . . . . . . . . .   7
 3.  Ingress Failure Detection . . . . . . . . . . . . . . . . . .   7
   3.1.  Source Detects Failure  . . . . . . . . . . . . . . . . .   7
   3.2.  Backup and Source Detect Failure  . . . . . . . . . . . .   8
 4.  Backup Forwarding State . . . . . . . . . . . . . . . . . . .   9
   4.1.  Forwarding State for Backup LSP . . . . . . . . . . . . .   9
 5.  Protocol Extensions . . . . . . . . . . . . . . . . . . . . .   9
   5.1.  INGRESS_PROTECTION Object . . . . . . . . . . . . . . . .  10
     5.1.1.  Class Number and Class Type . . . . . . . . . . . . .  10
     5.1.2.  Object Format . . . . . . . . . . . . . . . . . . . .  11
     5.1.3.  Subobject: Backup Ingress IPv4 Address  . . . . . . .  12
     5.1.4.  Subobject: Backup Ingress IPv6 Address  . . . . . . .  13
     5.1.5.  Subobject: Ingress IPv4 Address . . . . . . . . . . .  13
     5.1.6.  Subobject: Ingress IPv6 Address . . . . . . . . . . .  13
     5.1.7.  Subobject: TRAFFIC_DESCRIPTOR . . . . . . . . . . . .  14
     5.1.8.  Subobject: Label-Routes . . . . . . . . . . . . . . .  15
 6.  Behavior of Ingress Protection  . . . . . . . . . . . . . . .  15
   6.1.  Overview  . . . . . . . . . . . . . . . . . . . . . . . .  15
     6.1.1.  Relay-Message Method  . . . . . . . . . . . . . . . .  15
     6.1.2.  Proxy-Ingress Method  . . . . . . . . . . . . . . . .  16
   6.2.  Ingress Behavior  . . . . . . . . . . . . . . . . . . . .  17
     6.2.1.  Relay-Message Method  . . . . . . . . . . . . . . . .  17
     6.2.2.  Proxy-Ingress Method  . . . . . . . . . . . . . . . .  18
   6.3.  Backup Ingress Behavior . . . . . . . . . . . . . . . . .  19
     6.3.1.  Backup Ingress Behavior in the Off-Path Case  . . . .  20
     6.3.2.  Backup Ingress Behavior in the On-Path Case . . . . .  22
     6.3.3.  Failure Detection and Refresh PATH Messages . . . . .  23
   6.4.  Revertive Behavior  . . . . . . . . . . . . . . . . . . .  23
     6.4.1.  Revert to Primary Ingress . . . . . . . . . . . . . .  24
     6.4.2.  Global Repair by Backup Ingress . . . . . . . . . . .  24
 7.  Security Considerations . . . . . . . . . . . . . . . . . . .  24
 8.  Compatibility . . . . . . . . . . . . . . . . . . . . . . . .  24
 9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  25
 10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  25
   10.1.  Normative References . . . . . . . . . . . . . . . . . .  25
   10.2.  Informative References . . . . . . . . . . . . . . . . .  26
 Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  26
 Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  26
 Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28

Chen & Torvi Experimental [Page 3] RFC 8424 LSP Ingress Protection August 2018

1. Introduction

 For an MPLS Traffic Engineered (TE) Label Switched Path (LSP),
 protecting the failures of its transit nodes using Fast Reroute (FRR)
 is covered in [RFC4090] for Point-to-Point (P2P) LSPs and [RFC4875]
 for Point-to-Multipoint (P2MP) LSPs.  However, protecting the failure
 of its ingress node using FRR is not covered in either [RFC4090] or
 [RFC4875].  The MPLS Transport Profile (MPLS-TP) Linear Protection
 described in [RFC6378] can provide a protection against the failure
 of any transit node of an LSP between the ingress node and the egress
 node of the LSP, but it cannot protect against the failure of the
 ingress node.
 To protect against the failure of the (primary) ingress node of a
 primary end-to-end P2MP (or P2P) TE LSP, a typical existing solution
 is to set up a secondary backup end-to-end P2MP (or P2P) TE LSP.  The
 backup LSP is from a backup ingress node to backup egress nodes (or
 node).  The backup ingress node is different from the primary ingress
 node.  The backup egress nodes (or node) are (or is) different from
 the primary egress nodes (or node) of the primary LSP.  For a P2MP TE
 LSP, on each of the primary (and backup) egress nodes, a P2P LSP is
 created from the egress node to its primary (backup) ingress node and
 configured with Bidirectional Forwarding Detection (BFD).  This is
 used to detect the failure of the primary (backup) ingress node for
 the receiver to switch to the backup (or primary) egress node to
 receive the traffic after the primary (or backup) ingress node fails
 when both the primary LSP and the secondary LSP carry the traffic.
 In addition, FRR may be used to provide protections against the
 failures of the transit nodes and the links of the primary and
 secondary end-to-end TE LSPs.
 There are a number of issues in this solution:
 o  It consumes lots of network resources.  Double states need to be
    maintained in the network since two end-to-end TE LSPs are
    created.  Double link bandwidth is reserved and used when both the
    primary and the secondary end-to-end TE LSPs carry the traffic at
    the same time.
 o  More operations are needed, which include the configuration of two
    end-to-end TE LSPs and BFDs from each of the egress nodes to its
    corresponding ingress node.
 o  The detection of the failure of the ingress node may not be
    reliable.  Any failure on the path of the BFD from an egress node
    to an ingress node may cause the BFD to indicate the failure of
    the ingress node.

Chen & Torvi Experimental [Page 4] RFC 8424 LSP Ingress Protection August 2018

 o  The speed of protection against the failure of the ingress node
    may be slow.
 This specification defines a simple extension to RSVP-TE for local
 protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve
 these issues.  Ingress local protection and ingress FRR protection
 will be used interchangeably.
 Note that this document is an Experimental RFC.  Two different
 approaches are proposed to transfer the information for ingress
 protection.  They both use the same new INGRESS_PROTECTION object,
 which is sent in both PATH and RESV messages between a primary
 ingress and a backup ingress.  One approach is the Relay-Message
 Method (refer to Sections 6.1.1 and 6.2.1), the other is the Proxy-
 Ingress Method (refer to Sections 6.1.2 and 6.2.2).  Each of them has
 advantages and disadvantages.  It is hard to decide which one is used
 as a standard approach now.  It is expected that the experiment on
 the ingress local protection with these two approaches will provide
 quantities to help choose one.  The quantities include the numbers on
 control traffic, states, codes, and operations.  After one approach
 is selected, the document will be revised to reflect that selection
 and any other items learned from the experiment.  The revised
 document is expected to be submitted for publication on the standards
 track.

1.1. Ingress Local Protection Example

 Figure 1 shows an example of using a backup P2MP LSP to locally
 protect the ingress of a primary P2MP LSP, which is from ingress Ia
 to three egresses: L1, L2, and L3.  The backup LSP is from backup
 ingress Ib to the next hops of ingress Ia: R2 and R4.

Chen & Torvi Experimental [Page 5] RFC 8424 LSP Ingress Protection August 2018

  • * S Source

[R2]—–[R3]—–[L1] Ix Ingress

  • / & Rx Transit
  • / & Lx Egress
  • / & * Primary LSP */ & &&& Backup LSP across */ & Logical Hop */ & */ *

[S]—[Ia]——–[R4]——[R5]—–[L2]

     \      |     &    &           *\
      \     |    &    &             *\
       \    |   &    &               *\
        \   |  &    &                 *\
         \  | &    &                   *\
          \ |&    &                     *\
           [Ib]&&&                       [L3]
                  Figure 1: Ingress Local Protection
 In normal operations, source S sends the traffic to primary ingress
 Ia.  Ia imports the traffic into the primary LSP.
 When source S detects the failure of Ia, it switches the traffic to
 backup ingress Ib, which imports the traffic from S into the backup
 LSP to Ia's next hops, R2 and R4, where the traffic is merged into
 the primary LSP and then sent to egresses L1, L2, and L3.
 Note that the backup ingress is one logical hop away from the
 ingress.  A logical hop is a direct link or a tunnel (such as a GRE
 tunnel) over which RSVP-TE messages may be exchanged.

1.2. Ingress Local Protection Overview

 There are four parts in ingress local protection:
 o  setting up the necessary backup LSP forwarding state based on the
    information received for ingress local protection;
 o  detecting the primary ingress failure and providing the fast
    repair (as discussed in Sections 3 and 4);
 o  maintaining the RSVP-TE control-plane state until a global repair
    is done; and,
 o  performing the global repair (see Section 6.4.2).

Chen & Torvi Experimental [Page 6] RFC 8424 LSP Ingress Protection August 2018

 The primary ingress of a primary LSP sends the backup ingress the
 information for ingress protection in a PATH message with a new
 INGRESS_PROTECTION object.  The backup ingress sets up the backup
 LSP(s) and forwarding state after receiving the necessary information
 for ingress protection.  Then, it sends the primary ingress the
 status of ingress protection in a RESV message with a new
 INGRESS_PROTECTION object.
 When the primary ingress fails, the backup ingress sends or refreshes
 the next hops of the primary ingress the PATH messages without any
 INGRESS_PROTECTION object after verifying the failure.  Thus, the
 RSVP-TE control-plane state of the primary LSP is maintained.

2. Conventions Used in This Document

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
 "OPTIONAL" in this document are to be interpreted as described in
 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
 capitals, as shown here.

3. Ingress Failure Detection

 Exactly how to detect the failure of the ingress is out of scope.
 However, it is necessary to discuss different modes for detecting the
 failure because they determine what is the required behavior for the
 source and backup ingress.

3.1. Source Detects Failure

 Source Detects Failure, or Source-Detect for short, means that the
 source is responsible for "fast detecting" the failure of the primary
 ingress of an LSP.  Fast detecting the failure means detecting the
 failure in a few or tens of milliseconds.  The backup ingress is
 ready to import the traffic from the source into the backup LSP(s)
 after the backup LSP(s) is up.
 In normal operations, the source sends the traffic to the primary
 ingress.  When the source detects the failure of the primary ingress,
 it switches the traffic to the backup ingress, which delivers the
 traffic to the next hops of the primary ingress through the backup
 LSP(s), where the traffic is merged into the primary LSP.
 For an LSP, after the primary ingress fails, the backup ingress MUST
 use a method to verify the failure of the primary ingress before the
 PATH message for the LSP expires at the next hop of the primary
 ingress.  After verifying the failure, the backup ingress sends/

Chen & Torvi Experimental [Page 7] RFC 8424 LSP Ingress Protection August 2018

 refreshes the PATH message to the next hop through the backup LSP as
 needed.  The method may verify the failure of the primary ingress
 slowly, such as in seconds.
 After the primary ingress fails, it will not be reachable after
 routing convergence.  Thus, checking whether the primary ingress
 (address) is reachable is a possible method.
 When the previously failed primary ingress of a primary LSP becomes
 available again and the primary LSP has recovered from its primary
 ingress, the source may switch the traffic to the primary ingress
 from the backup ingress.  An operator may control the traffic switch
 through using a command on the source node after seeing that the
 primary LSP has recovered.

3.2. Backup and Source Detect Failure

 Backup and Source Detect Failure, or Backup-Source-Detect for short,
 means that both the backup ingress and the source are concurrently
 responsible for fast detecting the failure of the primary ingress.
 Note that one of the differences between Source-Detect and Backup-
 Source-Detect is the following: in the former, the backup ingress
 verifies the failure of the primary ingress slowly, such as in
 seconds; in the latter, the backup ingress detects the failure fast,
 such as in a few or tens of milliseconds.
 In normal operations, the source sends the traffic to the primary
 ingress.  It switches the traffic to the backup ingress when it
 detects the failure of the primary ingress.
 The backup ingress does not import any traffic from the source into
 the backup LSP in normal operations.  When it detects the failure of
 the primary ingress, it imports the traffic from the source into the
 backup LSP to the next hops of the primary ingress, where the traffic
 is merged into the primary LSP.
 The Source-Detect is preferred.  It is simpler than the Backup-
 Source-Detect, which needs both the source and the backup ingress to
 detect the ingress failure quickly.

Chen & Torvi Experimental [Page 8] RFC 8424 LSP Ingress Protection August 2018

4. Backup Forwarding State

 Before the primary ingress fails, the backup ingress is responsible
 for creating the necessary backup LSPs.  These LSPs might be multiple
 bypass P2P LSPs that avoid the ingress.  Alternately, the backup
 ingress could choose to use a single backup P2MP LSP as a bypass or
 detour to protect the primary ingress of a primary P2MP LSP.
 The backup ingress may be "off path" or "on path" of an LSP.  If a
 backup ingress is not any node of the LSP, it is off path.  If a
 backup ingress is a next hop of the primary ingress of the LSP, it is
 on path.  When a backup ingress for protecting the primary ingress is
 configured, the backup ingress MUST not be on the LSP except for if
 it is the next hop of the primary ingress.  If it is on path, the
 primary forwarding state associated with the primary LSP SHOULD be
 clearly separated from the backup LSP(s) state.

4.1. Forwarding State for Backup LSP

 A forwarding entry for a backup LSP is created on the backup ingress
 after the LSP is set up.  Depending on the failure-detection mode
 (e.g., Source-Detect), it may be used to forward received traffic or
 simply be inactive (e.g., Backup-Source-Detect) until required.  In
 either case, when the primary ingress fails, this entry is used to
 import the traffic into the backup LSP to the next hops of the
 primary ingress, where the traffic is merged into the primary LSP.
 The forwarding entry for a backup LSP is a local implementation
 issue.  In one device, it may have an inactive flag.  This inactive
 forwarding entry is not used to forward any traffic normally.  When
 the primary ingress fails, it is changed to active; thus, the traffic
 from the source is imported into the backup LSP.

5. Protocol Extensions

 A new object, INGRESS_PROTECTION, is defined for signaling ingress
 local protection.  The primary ingress of a primary LSP sends the
 backup ingress this object in a PATH message.  In this case, the
 object contains the information needed to set up ingress protection.
 The information includes:
 o  the Backup Ingress IP Address, which indicates the backup ingress;
 o  the TRAFFIC_DESCRIPTOR, which describes the traffic that the
    primary LSP transports (this traffic is imported into the backup
    LSP(s) on the backup ingress when the primary ingress fails);

Chen & Torvi Experimental [Page 9] RFC 8424 LSP Ingress Protection August 2018

 o  the Labels and Routes, which indicate the first hops of the
    primary LSP, each of which is paired with its label; and,
 o  the Desire options on ingress protection, such as a P2MP option,
    which indicates a desire to use a backup P2MP LSP to protect the
    primary ingress of a primary P2MP LSP.
 The backup ingress sends the primary ingress this object in a RESV
 message.  In this case, the object contains the information about the
 status on the ingress protection.

5.1. INGRESS_PROTECTION Object

5.1.1. Class Number and Class Type

 The Class Number for the INGRESS_PROTECTION object MUST be of the
 form 0bbbbbbb to enable implementations that do not recognize the
 object to reject the entire message and return an "Unknown Object
 Class" error [RFC2205].  It is suggested that a Class Number value
 from the Private Use range (124-127) [RFC3936] specified for the
 0bbbbbbb octet be chosen for this experiment.  It is also suggested
 that a Class Type value of 1 be used for this object in this
 experiment.
 The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH
 message is used to control the backup for protecting the primary
 ingress of a primary LSP.  The primary ingress MUST insert this
 object into the PATH message to be sent to the backup ingress for
 protecting the primary ingress.

Chen & Torvi Experimental [Page 10] RFC 8424 LSP Ingress Protection August 2018

5.1.2. Object Format

 The INGRESS_PROTECTION object has the following format:
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Length (bytes)        |    Class-Num  |    C-Type     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Reserved (zero)  |   NUB   |      Flags    |    Options    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   ~                         (Subobjects)                          ~
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      Flags
       0x01    Ingress local protection available
       0x02    Ingress local protection in use
       0x04    Bandwidth protection
      Options
       0x01    Revert to Ingress
       0x02    P2MP Backup
 For protecting the ingress of a P2MP LSP, if the backup ingress
 doesn't have a backup LSP to each of the next hops of the primary
 ingress, it SHOULD clear "Ingress local protection available" and set
 the Number of Unprotected Branches (NUB) to the number of the next
 hops to which there is no backup LSP.
 The flags are used to communicate status information from the backup
 ingress to the primary ingress.
 o Ingress local protection available:  The backup ingress MUST set
   this flag after backup LSPs are up and ready for locally protecting
   the primary ingress.  The backup ingress sends this to the primary
   ingress to indicate that the primary ingress is locally protected.
 o Ingress local protection in use:  The backup ingress MUST set this
   flag when it detects a failure in the primary ingress and actively
   redirects the traffic into the backup LSPs.  The backup ingress
   records this flag and does not send any RESV messages with this
   flag to the primary ingress since the primary ingress is down.
 o Bandwidth protection:  The backup ingress MUST set this flag if the
   backup LSPs guarantee to provide the desired bandwidth for the
   protected LSP against the primary ingress failure.

Chen & Torvi Experimental [Page 11] RFC 8424 LSP Ingress Protection August 2018

 The options are used by the primary ingress to specify the desired
 behavior to the backup ingress.
 o Revert to Ingress:  The primary ingress sets this option, which
   indicates that the traffic for the primary LSP, if successfully
   resignaled, will be switched back to the primary ingress from the
   backup ingress when the primary ingress is restored.
 o P2MP Backup:  This option is set to ask for the backup ingress to
   use backup P2MP LSP to protect the primary ingress.
 The INGRESS_PROTECTION object may contain some subobjects of
 following format:
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |            Length             |Reserved (zero)|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Contents / Body of Subobject               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 where Type is the type of a subobject and Length is the total size of
 the subobject in bytes, including Type, Length, and Contents fields.

5.1.3. Subobject: Backup Ingress IPv4 Address

 When the primary ingress of a protected LSP sends a PATH message with
 an INGRESS_PROTECTION object to the backup ingress, the object MUST
 have a Backup Ingress IPv4 Address subobject containing an IPv4
 address belonging to the backup ingress if IPv4 is used.  The Type of
 the subobject is 1, and the body of the subobject is given below:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |              Backup Ingress IPv4 Address (4 bytes)            |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Backup Ingress IPv4 Address: An IPv4 host address of backup ingress

Chen & Torvi Experimental [Page 12] RFC 8424 LSP Ingress Protection August 2018

5.1.4. Subobject: Backup Ingress IPv6 Address

 When the primary ingress of a protected LSP sends a PATH message with
 an INGRESS_PROTECTION object to the backup ingress, the object MUST
 have a Backup Ingress IPv6 Address subobject containing an IPv6
 address belonging to the backup ingress if IPv6 is used.  The Type of
 the subobject is 2, the body of the subobject is given below:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |             Backup Ingress IPv6 Address (16 bytes)            |
 ~                                                               ~
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Backup Ingress IPv6 Address: An IPv6 host address of backup ingress

5.1.5. Subobject: Ingress IPv4 Address

 The INGRESS_PROTECTION object may have an Ingress IPv4 Address
 subobject containing an IPv4 address belonging to the primary ingress
 if IPv4 is used.  The Type of the subobject is 3.  The subobject has
 the following body:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |               Ingress IPv4 Address (4 bytes)                  |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Ingress IPv4 Address: An IPv4 host address of ingress

5.1.6. Subobject: Ingress IPv6 Address

 The INGRESS_PROTECTION object may have an Ingress IPv6 Address
 subobject containing an IPv6 address belonging to the primary ingress
 if IPv6 is used.  The Type of the subobject is 4.  The subobject has
 the following body:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |               Ingress IPv6 Address (16 bytes)                 |
 ~                                                               ~
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Ingress IPv6 Address: An IPv6 host address of ingress

Chen & Torvi Experimental [Page 13] RFC 8424 LSP Ingress Protection August 2018

5.1.7. Subobject: TRAFFIC_DESCRIPTOR

 The INGRESS_PROTECTION object may have a TRAFFIC_DESCRIPTOR subobject
 describing the traffic to be mapped to the backup LSP on the backup
 ingress for locally protecting the primary ingress.  The subobject
 types for Interface, IPv4 Prefix, IPv6 Prefix, and Application
 Identifier are 5, 6, 7, and 8, respectively.  The subobject has the
 following body:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                        Traffic Element 1                      |
 ~                                                               ~
 |                        Traffic Element n                      |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 The TRAFFIC_DESCRIPTOR subobject may contain multiple Traffic
 Elements of the same type as follows:
 o Interface Traffic:  Each of the Traffic Elements is a 32-bit index
   of an interface from which the traffic is imported into the backup
   LSP.
 o IPv4 Prefix Traffic:  Each of the Traffic Elements is an IPv4
   prefix that contains an 8-bit prefix length followed by an IPv4
   address prefix (whose length, in bits, is specified by the prefix
   length) that is padded to a byte boundary.
 o IPv6 Prefix Traffic  Each of the Traffic Elements is an IPv6
   prefix, containing an 8-bit prefix length followed by an IPv6
   address prefix (whose length, in bits, is specified by the prefix
   length) that is padded to a byte boundary.
 o Application Traffic:  Each of the Traffic Elements is a 32-bit
   identifier of an application from which the traffic is imported
   into the backup LSP.

Chen & Torvi Experimental [Page 14] RFC 8424 LSP Ingress Protection August 2018

5.1.8. Subobject: Label-Routes

 The INGRESS_PROTECTION object in a PATH message from the primary
 ingress to the backup ingress may have a Label-Routes subobject
 containing the labels and routes that the next hops of the ingress
 use.  The Type of the subobject is 9.  The subobject has the
 following body:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 ~                           Subobjects                          ~
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 The Subobjects in Label-Routes are copied from those in the
 RECORD_ROUTE objects in the RESV messages that the primary ingress
 receives from its next hops for the primary LSP.  They MUST contain
 the first hops of the LSP, each of which is paired with its label.

6. Behavior of Ingress Protection

6.1. Overview

 There are two different proposed signaling approaches to transfer the
 information for ingress protection.  They both use the same new
 INGRESS_PROTECTION object.  The object is sent in both PATH and RESV
 messages.

6.1.1. Relay-Message Method

 The primary ingress relays the information for ingress protection of
 an LSP to the backup ingress via PATH messages.  Once the LSP is
 created, the ingress of the LSP sends the backup ingress a PATH
 message with an INGRESS_PROTECTION object with a Label-Routes
 subobject, which is populated with the next hops and labels.  This
 provides sufficient information for the backup ingress to create the
 appropriate forwarding state and backup LSP(s).
 The ingress also sends the backup ingress all the other PATH messages
 for the LSP with an empty INGRESS_PROTECTION object.  An
 INGRESS_PROTECTION object without any TRAFFIC_DESCRIPTOR subobject is
 called an empty INGRESS_PROTECTION object.  Thus, the backup ingress
 has access to all the PATH messages needed for modification to
 refresh the control-plane state after a failure.
 The empty INGRESS_PROTECTION object is for efficient processing of
 ingress protection for a P2MP LSP.  A P2MP LSP's primary ingress may
 have more than one PATH message, each of which is sent to a next hop

Chen & Torvi Experimental [Page 15] RFC 8424 LSP Ingress Protection August 2018

 along a branch of the P2MP LSP.  The PATH message along a branch will
 be selected and sent to the backup ingress with an INGRESS_PROTECTION
 object containing the TRAFFIC_DESCRIPTOR subobject; all the PATH
 messages along the other branches will be sent to the backup ingress
 containing an INGRESS_PROTECTION object without any
 TRAFFIC_DESCRIPTOR subobject (empty INGRESS_PROTECTION object).  For
 a P2MP LSP, the backup ingress only needs one TRAFFIC_DESCRIPTOR.

6.1.2. Proxy-Ingress Method

 Conceptually, a proxy ingress is created that starts the RSVP
 signaling.  The explicit path of the LSP goes from the proxy ingress
 to the backup ingress and then to the real ingress.  The behavior and
 signaling for the proxy ingress is done by the real ingress; the use
 of a proxy-ingress address avoids problems with loop detection.  Note
 that the proxy ingress MUST reside within the same router as the real
 ingress.
                            [ Traffic Source ]       *** Primary LSP
                             $             $         --- Backup LSP
                             $             $          $$  Link
                             $             $
                     [ Proxy Ingress ]  [ Backup ]
                     [ & Ingress     ]     |
                            *              |
                            *****[ MP ]----|
    Figure 2: Example of a Protected LSP with a Proxy-Ingress Node
 The backup ingress MUST know the merge points or next hops and their
 associated labels.  This is accomplished by having the RSVP PATH and
 RESV messages go through the backup ingress, although the forwarding
 path need not go through the backup ingress.  If the backup ingress
 fails, the ingress simply removes the INGRESS_PROTECTION object and
 forwards the PATH messages to the LSP's next hop(s).  If the ingress
 has its LSP configured for ingress protection, then the ingress can
 add the backup ingress and itself to the Explicit Route Object (ERO)
 and start forwarding the PATH messages to the backup ingress.
 Slightly different behavior can apply for the on-path and off-path
 cases.  In the on-path case, the backup ingress is a next-hop node
 after the ingress for the LSP.  In the off-path case, the backup
 ingress is not any next-hop node after the ingress for all associated
 sub-LSPs.
 The key advantage of this approach is that it minimizes the special
 handling code required.  Because the backup ingress is on the
 signaling path, it can receive various notifications.  It easily has

Chen & Torvi Experimental [Page 16] RFC 8424 LSP Ingress Protection August 2018

 access to all the PATH messages needed for a modification to be sent
 to refresh the control-plane state after a failure.

6.2. Ingress Behavior

 The primary ingress MUST be configured with a couple of pieces of
 information for ingress protection.
 o Backup Ingress Address:  The primary ingress MUST know the IP
   address of the backup ingress it wants to be used before it can use
   the INGRESS_PROTECTION object.
 o Proxy-Ingress-Id (only needed for Proxy-Ingress Method):  The
   Proxy-Ingress-Id is only used in the RECORD_ROUTE object for
   recording the proxy ingress.  If no Proxy-Ingress-Id is specified,
   then a local interface address that will not otherwise be included
   in the RECORD_ROUTE object can be used.  A similar technique is
   used in Section 6.1.1. of [RFC4090].
 o Application Traffic Identifier:  The primary ingress and backup
   ingress MUST both know what application traffic should be directed
   into the LSP.  If a list of prefixes in the TRAFFIC_DESCRIPTOR
   subobject will not suffice, then a commonly understood Application
   Traffic Identifier can be sent between the primary ingress and
   backup ingress.  The exact meaning of the identifier should be
   configured similarly at both the primary ingress and backup
   ingress.  The Application Traffic Identifier is understood within
   the unique context of the primary ingress and backup ingress.
 o A Connection between Backup Ingress and Primary Ingress:  If there
   is not any direct link between the primary ingress and the backup
   ingress, a tunnel MUST be configured between them.
 With this additional information, the primary ingress can create and
 signal the necessary RSVP extensions to support ingress protection.

6.2.1. Relay-Message Method

 To protect the primary ingress of an LSP, the primary ingress MUST do
 the following after the LSP is up.
 1.  Select a PATH message P0 for the LSP.
 2.  If the backup ingress is off path (the backup ingress is not the
     next hop of the primary ingress for P0), then send it a PATH
     message P0' with the content from P0 and an INGRESS_PROTECTION
     object; else (the backup ingress is a next hop, i.e., on-path
     case) add an INGRESS_PROTECTION object into the existing PATH

Chen & Torvi Experimental [Page 17] RFC 8424 LSP Ingress Protection August 2018

     message to the backup ingress (i.e., the next hop).  The object
     contains the TRAFFIC_DESCRIPTOR subobject, the Backup Ingress
     Address subobject and the Label-Routes subobject.  The options
     field is set to indicate whether a backup P2MP LSP is desired.
     The Label-Routes subobject contains the next hops of the primary
     ingress and their labels.  Note that for the on-path case, there
     is an existing PATH message to the backup ingress (i.e., the next
     hop), and we just add an INGRESS_PROTECTION object into the
     existing PATH message to be sent to the backup ingress.  We do
     not send a separate PATH message to the backup ingress for this
     existing PATH message.
 3.  For each Pi of the other PATH messages for the LSP, send the
     backup ingress a PATH message Pi' with the content copied from Pi
     and an empty INGRESS_PROTECTION object.
 For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup
 ingress, it has the same SESSION as Pj (i.e., P0/Pi).  If the backup
 ingress is off path, the primary ingress updates Pj' according to the
 backup ingress as its next hop before sending it.  It adds the backup
 ingress to the beginning of the ERO and sets RSVP_HOP based on the
 interface to the backup ingress.  The primary ingress MUST NOT set up
 any forwarding state to the backup ingress if the backup ingress is
 off path.

6.2.2. Proxy-Ingress Method

 The primary ingress is responsible for starting the RSVP signaling
 for the proxy-ingress node.  To do this, the following MUST be done
 for the RSVP PATH message.
 1.  Compute the EROs for the LSP as normal for the ingress.
 2.  If the selected backup ingress node is not the first node on the
     path (for all sub-LSPs), then insert it at the beginning of the
     ERO first, then the backup ingress node, and then the ingress
     node.
 3.  In the PATH RECORD_ROUTE Object (RRO), instead of recording the
     ingress node's address, replace it with the Proxy-Ingress-Id.
 4.  Leave the hop (HOP) object populated as usual with information
     for the ingress node.
 5.  Add the INGRESS_PROTECTION object to the PATH message.  Include
     the Backup Ingress Address (IPv4 or IPv6) subobject and the
     TRAFFIC_DESCRIPTOR subobject.  Set or clear the options
     indicating that a backup P2MP LSP is desired.

Chen & Torvi Experimental [Page 18] RFC 8424 LSP Ingress Protection August 2018

 6.  Optionally, add the FAST-REROUTE object [RFC4090] to the Path
     message.  Indicate whether one-to-one backup is desired.
     Indicate whether facility backup is desired.
 7.  The RSVP PATH message is sent to the backup node as normal.
 If the ingress detects that it can't communicate with the backup
 ingress, then the ingress SHOULD instead send the PATH message to the
 next hop indicated in the ERO computed in step 1.  Once the ingress
 detects that it can communicate with the backup ingress, the ingress
 SHOULD follow steps 1-7 to obtain ingress failure protection.
 When the ingress node receives an RSVP PATH message with an
 INGRESS_PROTECTION object and the object specifies that node as the
 ingress node and the Previous Hop (PHOP) as the backup ingress node,
 the ingress node SHOULD remove the INGRESS_PROTECTION object from the
 PATH message before sending it out.  Additionally, the ingress node
 MUST store that it will install ingress forwarding state for the LSP
 rather than midpoint forwarding.
 When an RSVP RESV message is received by the ingress, it uses the
 Next Hop (NHOP) to determine whether the message is received from the
 backup ingress or from a different node.  The stored associated PATH
 message contains an INGRESS_PROTECTION object that identifies the
 backup ingress node.  If the RESV message is not from the backup
 node, then the ingress forwarding state SHOULD be set up, and the
 INGRESS_PROTECTION object MUST be added to the RESV before it is sent
 to the NHOP, which SHOULD be the backup node.  If the RESV message is
 from the backup node, then the LSP SHOULD be considered available for
 use.
 If the backup ingress node is on the forwarding path, then a RESV is
 received with an INGRESS_PROTECTION object and an NHOP that matches
 the backup ingress.  In this case, the ingress node's address will
 not appear after the backup ingress in the RRO.  The ingress node
 SHOULD set up the ingress forwarding state, just as is done if the
 ingress node of the LSP weren't protected.

6.3. Backup Ingress Behavior

 A Label Edge Router (LER) determines that the ingress local
 protection is requested for an LSP if the INGRESS_PROTECTION object
 is included in the PATH message it receives for the LSP.  The LER can
 further determine that it is the backup ingress if one of its
 addresses is in the Backup Ingress Address subobject of the
 INGRESS_PROTECTION object.  The LER as the backup ingress will assume
 full responsibility of the ingress after the primary ingress fails.
 In addition, the LER determines that it is off path if it is not any

Chen & Torvi Experimental [Page 19] RFC 8424 LSP Ingress Protection August 2018

 node of the LSP.  The LER determines whether it uses the Relay-
 Message Method or the Proxy-Ingress Method according to
 configurations.

6.3.1. Backup Ingress Behavior in the Off-Path Case

 The backup ingress considers itself a Point of Local Repair (PLR) and
 the primary ingress its next hop, and it provides a local protection
 for the primary ingress.  It behaves very similarly to a PLR
 providing fast reroute where the primary ingress is considered to be
 the failure point to protect.  Where not otherwise specified, the
 behavior given in [RFC4090] for a PLR applies.
 The backup ingress MUST follow the control options specified in the
 INGRESS_PROTECTION object and the flags and specifications in the
 FAST-REROUTE object.  This applies to providing a P2MP backup if the
 "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is
 set, a facility backup if the "facility backup desired" is set, and
 backup paths that support both the desired bandwidth and
 administrative groups that are requested.
 If multiple non-empty INGRESS_PROTECTION objects have been received
 via multiple PATH messages for the same LSP, then the most recent one
 MUST be the one used.
 The backup ingress creates the appropriate forwarding state for the
 backup LSP tunnel(s) to the merge point(s).
 When the backup ingress sends a RESV message to the primary ingress,
 it MUST add an INGRESS_PROTECTION object into the message.  It MUST
 set or clear the flags in the object to report "Ingress local
 protection available", "Ingress local protection in use", and
 "bandwidth protection".
 If the backup ingress doesn't have a backup LSP tunnel to each of the
 merge points, it SHOULD clear "Ingress local protection available"
 and set NUB to the number of the merge points to which there is no
 backup LSP.
 When the primary ingress fails, the backup ingress redirects the
 traffic from a source into the backup P2P LSPs or the backup P2MP LSP
 transmitting the traffic to the next hops of the primary ingress,
 where the traffic is merged into the protected LSP.
 In this case, the backup ingress MUST keep the PATH message with the
 INGRESS_PROTECTION object received from the primary ingress and the
 RESV message with the INGRESS_PROTECTION object to be sent to the
 primary ingress.  The backup ingress MUST set the "local protection

Chen & Torvi Experimental [Page 20] RFC 8424 LSP Ingress Protection August 2018

 in use" flag in the RESV message, which indicates that the backup
 ingress is actively redirecting the traffic into the backup P2P LSPs
 or the backup P2MP LSP for locally protecting the primary ingress
 failure.
 Note that the RESV message with this piece of information will not be
 sent to the primary ingress because the primary ingress has failed.
 If the backup ingress has not received any PATH messages from the
 primary ingress for an extended period of time (e.g., a cleanup
 timeout interval) and a confirmed primary ingress failure did not
 occur, then the standard RSVP soft-state removal SHOULD occur.  The
 backup ingress SHALL remove the state for the PATH message from the
 primary ingress and either tear down the one-to-one backup LSPs for
 protecting the primary ingress if one-to-one backup is used or unbind
 the facility backup LSPs if facility backup is used.
 When the backup ingress receives a PATH message from the primary
 ingress for locally protecting the primary ingress of a protected
 LSP, it MUST check to see if any critical information has been
 changed.  If the next hops of the primary ingress are changed, the
 backup ingress SHALL update its backup LSP(s) accordingly.

6.3.1.1. Relay-Message Method

 When the backup ingress receives a PATH message with a non-empty
 INGRESS_PROTECTION object, it examines the object to learn what
 traffic associated with the LSP.  It determines the next hops to be
 merged to by examining the Label-Routes subobject in the object.
 The backup ingress MUST store the PATH message received from the
 primary ingress but NOT forward it.
 The backup ingress responds with a RESV message to the PATH message
 received from the primary ingress.  If the backup ingress is off
 path, the LABEL object in the RESV message contains IMPLICIT-NULL.
 If the INGRESS_PROTECTION object is not "empty", the backup ingress
 SHALL send the RESV message with the state indicating protection is
 available after the backup LSP(s) are successfully established.

6.3.1.2. Proxy-Ingress Method

 When receiving a RESV message for an LSP from a router that is not
 primary ingress, the backup ingress collects the pair of (IPv4/IPv6
 subobject, Label subobject) in the second place to the top pair in
 the RECORD_ROUTE object of the message.  It determines the next hops
 to be merged according to the set of the pairs collected.  If a
 Label-Routes subobject is included in the INGRESS_PROTECTION object,

Chen & Torvi Experimental [Page 21] RFC 8424 LSP Ingress Protection August 2018

 the included IPv4/IPv6 subobjects are used to filter the set down to
 the specific next hops where protection is desired.  An RESV message
 MUST have been received before the backup ingress can create or
 select the appropriate backup LSP.
 When the backup ingress receives a PATH message with the
 INGRESS_PROTECTION object, the backup ingress examines the object to
 learn what traffic associated with the LSP.  The backup ingress
 forwards the PATH message to the ingress node with the normal RSVP
 changes.
 When the backup ingress receives a RESV message with the
 INGRESS_PROTECTION object, the backup ingress records an IMPLICIT-
 NULL label in the RRO.  Then, the backup ingress forwards the RESV
 message to the ingress node, which is acting for the proxy ingress.

6.3.2. Backup Ingress Behavior in the On-Path Case

 An LER as the backup ingress determines that it is on path if one of
 its addresses is a next hop of the primary ingress; for the Proxy-
 Ingress Method, the primary ingress is determined as not its next hop
 by checking the PATH message with the INGRESS_PROTECTION object
 received from the primary ingress.  The LER on path MUST send the
 corresponding PATH messages without any INGRESS_PROTECTION object to
 its next hops.  It creates a number of backup P2P LSPs or a backup
 P2MP LSP from itself to the other next hops (i.e., the next hops
 other than the backup ingress) of the primary ingress.  The other
 next hops are from the Label-Routes subobject.
 It also creates a forwarding entry, which sends/multicasts the
 traffic from the source to the next hops of the backup ingress along
 the protected LSP when the primary ingress fails.  The traffic is
 described by the TRAFFIC_DESCRIPTOR.
 After setting up all the backup P2P LSPs or the backup P2MP LSP, the
 backup ingress creates forwarding entry(s) for importing the traffic
 into the backup LSP(s) from the source when the primary ingress
 fails.  Then, it MUST send the primary ingress a RESV message with an
 INGRESS_PROTECTION object.  The object contains the state of the
 local protection, such as having the "local protection available"
 flag set to one, which indicates that the primary ingress is locally
 protected.
 When the primary ingress fails, the backup ingress sends/multicasts
 the traffic from the source to its next hops along the protected LSP
 and imports the traffic into each of the backup P2P LSPs or to the

Chen & Torvi Experimental [Page 22] RFC 8424 LSP Ingress Protection August 2018

 backup P2MP LSP transmitting the traffic to the other next hops of
 the primary ingress, where the traffic is merged into a protected
 LSP.
 During the local repair, the backup ingress MUST continue to send the
 PATH messages to its next hops as before and keep the PATH message
 with the INGRESS_PROTECTION object received from the primary ingress
 and the RESV message with the INGRESS_PROTECTION object to be sent to
 the primary ingress.  It MUST set the "local protection in use" flag
 in the RESV message.

6.3.3. Failure Detection and Refresh PATH Messages

 As described in [RFC4090], it is necessary to refresh the PATH
 messages via the backup LSP(s).  The backup ingress MUST wait to
 refresh the PATH messages until it can accurately detect that the
 ingress node has failed.  An example of such an accurate detection
 would be that the IGP has no bidirectional links to the ingress node,
 or a BFD session to the primary ingress' loopback address has failed
 and stayed failed after the network has reconverged.
 As described in Section 6.4.3 of [RFC4090], the backup ingress,
 acting as PLR, MUST modify and send any saved PATH messages
 associated with the primary LSP to the corresponding next hops
 through backup LSP(s).  Any PATH message sent will not contain any
 INGRESS_PROTECTION objects.  The RSVP_HOP object in the message
 contains an IP source address belonging to the backup ingress.  The
 SENDER_TEMPLATE object has the Backup Ingress Address as its tunnel
 sender address.

6.4. Revertive Behavior

 Upon a failure event in the (primary) ingress of a protected LSP, the
 protected LSP is locally repaired by the backup ingress.  There are a
 couple of basic strategies for restoring the LSP to a full working
 path.
 o Revert to Primary Ingress:  When the primary ingress is restored,
   it resignals each of the LSPs that start from the primary ingress.
   The traffic for every LSP successfully resignaled is switched back
   to the primary ingress from the backup ingress.
 o Global Repair by Backup Ingress:  After determining that the
   primary ingress of an LSP has failed, the backup ingress computes a
   new optimal path, signals a new LSP along the new path, and
   switches the traffic to the new LSP.

Chen & Torvi Experimental [Page 23] RFC 8424 LSP Ingress Protection August 2018

6.4.1. Revert to Primary Ingress

 If "Revert to Primary Ingress" is desired for a protected LSP, the
 (primary) ingress of the LSP SHOULD resignal the LSP that starts from
 the primary ingress after the primary ingress restores.  After the
 LSP is resignaled successfully, the traffic SHOULD be switched back
 to the primary ingress from the backup ingress on the source node and
 redirected into the LSP starting from the primary ingress.
 The primary ingress can specify the "Revert to Ingress" control
 option in the INGRESS_PROTECTION object in the PATH messages to the
 backup ingress.  After receiving the "Revert to Ingress" control
 option, the backup ingress MUST stop sending/refreshing PATH messages
 for the protected LSP.

6.4.2. Global Repair by Backup Ingress

 When the backup ingress has determined that the primary ingress of
 the protected LSP has failed (e.g., via the IGP), it can compute a
 new path and signal a new LSP along the new path so that it no longer
 relies upon local repair.  To do this, the backup ingress MUST use
 the same tunnel sender address in the SENDER_TEMPLATE object and
 allocate an LSP ID different from the one of the old LSP as the LSP
 ID of the new LSP.  This allows the new LSP to share resources with
 the old LSP.  Alternately, the backup ingress can create a new LSP
 with no bandwidth reservation that duplicates the path(s) of the
 protected LSP, move traffic to the new LSP, delete the protected LSP,
 and then resignal the new LSP with bandwidth.

7. Security Considerations

 In principle, this document does not introduce new security issues.
 The security considerations pertaining to [RFC4090], [RFC4875],
 [RFC2205], and [RFC3209] remain relevant.

8. Compatibility

 This extension reuses and extends semantics and procedures defined in
 [RFC2205], [RFC3209], [RFC4090], and [RFC4875] to support ingress
 protection.  The new object defined to indicate ingress protection
 has a Class Number of the form 0bbbbbbb.  Per [RFC2205], a node not
 supporting this extension will not recognize the new Class Number and
 should respond with an "Unknown Object Class" error.  The error
 message will propagate to the ingress, which can then take action to
 avoid the incompatible node as a backup ingress or may simply
 terminate the session.

Chen & Torvi Experimental [Page 24] RFC 8424 LSP Ingress Protection August 2018

9. IANA Considerations

 This document has no IANA actions.

10. References

10.1. Normative References

 [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
            Requirement Levels", BCP 14, RFC 2119,
            DOI 10.17487/RFC2119, March 1997,
            <https://www.rfc-editor.org/info/rfc2119>.
 [RFC2205]  Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S.
            Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
            Functional Specification", RFC 2205, DOI 10.17487/RFC2205,
            September 1997, <https://www.rfc-editor.org/info/rfc2205>.
 [RFC3209]  Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
            and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
            Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
            <https://www.rfc-editor.org/info/rfc3209>.
 [RFC3936]  Kompella, K. and J. Lang, "Procedures for Modifying the
            Resource reSerVation Protocol (RSVP)", BCP 96, RFC 3936,
            DOI 10.17487/RFC3936, October 2004,
            <https://www.rfc-editor.org/info/rfc3936>.
 [RFC4090]  Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast
            Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090,
            DOI 10.17487/RFC4090, May 2005,
            <https://www.rfc-editor.org/info/rfc4090>.
 [RFC4875]  Aggarwal, R., Ed., Papadimitriou, D., Ed., and S.
            Yasukawa, Ed., "Extensions to Resource Reservation
            Protocol - Traffic Engineering (RSVP-TE) for Point-to-
            Multipoint TE Label Switched Paths (LSPs)", RFC 4875,
            DOI 10.17487/RFC4875, May 2007,
            <https://www.rfc-editor.org/info/rfc4875>.
 [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
            2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
            May 2017, <https://www.rfc-editor.org/info/rfc8174>.

Chen & Torvi Experimental [Page 25] RFC 8424 LSP Ingress Protection August 2018

10.2. Informative References

 [RFC6378]  Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher,
            N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS-
            TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378,
            October 2011, <https://www.rfc-editor.org/info/rfc6378>.

Acknowledgements

 The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric
 Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia
 Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath,
 Gregory Mirsky, and Ronhazli Adam for their valuable comments and
 suggestions on this document.

Contributors

 The following people contributed significantly to the content of this
 document and should be considered coauthors:
          Autumn Liu
          Ciena
          United States of America
          Email: hliu@ciena.com
          Zhenbin Li
          Huawei Technologies
          Email: zhenbin.li@huawei.com
          Yimin Shen
          Juniper Networks
          10 Technology Park Drive
          Westford, MA  01886
          United States of America
          Email: yshen@juniper.net
          Tarek Saad
          Cisco Systems
          Email: tsaad@cisco.com
          Fengman Xu
          Verizon
          2400 N. Glenville Dr
          Richardson, TX  75082
          United States of America
          Email: fengman.xu@verizon.com

Chen & Torvi Experimental [Page 26] RFC 8424 LSP Ingress Protection August 2018

 The following people also contributed to the content of this
 document:
         Ning So
         Tata Communications
         2613 Fairbourne Cir.
         Plano, TX  75082
         United States of America
         Email: ningso01@gmail.com
         Mehmet Toy
         Verizon
         United States of America
         Email: mehmet.toy@verizon.com
         Lei Liu
         United States of America
         Email: liulei.kddi@gmail.com
         Renwei Li
         Huawei Technologies
         2330 Central Expressway
         Santa Clara, CA  95050
         United States of America
         Email: renwei.li@huawei.com
         Quintin Zhao
         Huawei Technologies
         Boston, MA
         United States of America
         Email: quintin.zhao@huawei.com
         Boris Zhang
         Telus Communications
         200 Consilium Pl Floor 15
         Toronto, ON  M1H 3J3
         Canada
         Email: Boris.Zhang@telus.com
         Markus Jork
         Juniper Networks
         10 Technology Park Drive
         Westford, MA  01886
         United States of America
         Email: mjork@juniper.net

Chen & Torvi Experimental [Page 27] RFC 8424 LSP Ingress Protection August 2018

Authors' Addresses

 Huaimo Chen (editor)
 Huawei Technologies
 Boston, MA
 United States of America
 Email: huaimo.chen@huawei.com
 Raveendra Torvi (editor)
 Juniper Networks
 10 Technology Park Drive
 Westford, MA  01886
 United States of America
 Email: rtorvi@juniper.net

Chen & Torvi Experimental [Page 28]

/data/webs/external/dokuwiki/data/pages/rfc/rfc8424.txt · Last modified: 2018/08/20 23:49 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki