idnits 2.17.1 

draft-ietf-bmwg-protection-term-09.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == The page length should not exceed 58 lines per page, but there was 6
     longer pages, the longest (page 25) being 65 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 2 instances of too long lines in the document, the longest one
     being 1 character in excess of 72.

  ** There are 2 instances of lines with control characters in the document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document seems to contain a disclaimer for pre-RFC5378 work, and may
     have content which was first submitted before 10 November 2008.  The
     disclaimer is necessary when there are original authors that you have
     been unable to contact, or if some do not wish to grant the BCP78 rights
     to the IETF Trust.  If you are able to get all authors (current and
     original) to grant those rights, you can and should remove the
     disclaimer; otherwise, the disclaimer is needed and you can ignore this
     comment. (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 2010) is 5032 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Outdated reference: A later version (-23) exists of
     draft-ietf-bmwg-igp-dataplane-conv-term-21


     Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	 Network Working Group                         S. Poretsky
2	 Internet Draft                                Allot Communications
3	 Expires: Jan 2011                             Rajiv Papneja
4	 Intended Status: Informational                Isocore
5						       J. Karthik
6	                                               S. Vapiwala
7	                                               Cisco Systems
8	                                               July 2010

10	                    Benchmarking Terminology
11	                   for Protection Performance
12	             <draft-ietf-bmwg-protection-term-09.txt >

14	Status of this Memo
15	   This Internet-Draft is submitted to IETF in full conformance with the
16	   provisions of BCP 78 and BCP 79.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups.  Note that
20	   other groups may also distribute working documents as Internet-
21	   Drafts.

23	   Internet-Drafts are draft documents valid for a maximum of six months
24	   and may be updated, replaced, or obsoleted by other documents at any
25	   time.  It is inappropriate to use Internet-Drafts as reference
26	   material or to cite them other than as "work in progress."

28	   The list of current Internet-Drafts can be accessed at
29	   http://www.ietf.org/ietf/1id-abstracts.txt.
30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on 7 Jan, 2011.

35	Copyright Notice
36	   Copyright (c) 2010 IETF Trust and the persons identified as the
37	   document authors.  All rights reserved.

39	   This document is subject to BCP 78 and the IETF Trust's Legal
40	   Provisions Relating to IETF Documents
41	   (http://trustee.ietf.org/license-info) in effect on the date of
42	   publication of this document. Please review these documents
43	   carefully, as they describe your rights and restrictions with
44	   respect to this document.  Code Components extracted from this
45	   document must include Simplified BSD License text as described
46	   in Section 4.e of the Trust Legal Provisions and are provided
47	   without warranty as described in the Simplified BSD License.

49	   This document may contain material from IETF Documents or IETF
50	   Contributions published or made publicly available before November
51	   10, 2008.  The person(s) controlling the copyright in some of this
52	   material may not have granted the IETF Trust the right to allow
53	   modifications of such material outside the IETF Standards Process.
54	   Without obtaining an adequate license from the person(s)
55	   controlling the copyright in such materials, this document may not
56	   be modified outside the IETF Standards Process, and derivative
57	   works of it may not be created outside the IETF Standards Process,
58	   except to format it for publication as an RFC or to translate it
59	   into languages other than English.

61	                          Protection Performance

63	Abstract
64	  This document provides common terminology and metrics for benchmarking
65	  the performance of sub-IP layer protection mechanisms. The performance
66	  benchmarks are measured at the IP-Layer with protection may be
67	  provided at the Sub-IP layer. The benchmarks and terminology can be
68	  applied in methodology documents for different sub-IP layer protection
69	  mechanisms such as Automatic Protection Switching (APS), Virtual Router
70	  Redundancy  Protocol (VRRP), Stateful High Availability (HA), and
71	  Multi-Protocol Label Switching Fast Reroute (MPLS-FRR).

73	                          Protection Performance
74	 Table of Contents
75	        1. Introduction..............................................3
76	        2. Existing definitions......................................6
77	        3. Test Considerations.......................................7
78	           3.1. Paths................................................7
79	              3.1.1. Path............................................7
80	              3.1.2. Working Path....................................8
81	              3.1.3. Primary Path....................................8
82	              3.1.4. Protected Primary Path..........................8
83	              3.1.5. Backup Path.....................................9
84	              3.1.6. Standby Backup Path.............................10
85	              3.1.7. Dynamic Backup Path.............................10
86	              3.1.8. Disjoint Paths..................................10
87	              3.1.9. Point of Local repair (PLR).....................11
88	              3.1.10. Shared Risk Link Group (SRLG)..................11
89	           3.2. Protection Mechanisms................................12
90	              3.2.1. Link Protection.................................12
91	              3.2.2. Node Protection.................................12
92	              3.2.3. Path Protection.................................12
93	              3.2.4. Backup Span.....................................13
94	              3.2.5. Local Link Protection...........................13
95	              3.2.6. Redundant Node Protection.......................14
96	              3.2.7  State Control Interface.........................14
97	              3.2.8. Protected Interface.............................15
98	           3.3. Protection Switching.................................15
99	              3.3.1. Protection Switching System.....................15
100	              3.3.2. Failover Event..................................15
101	              3.3.3. Failure Detection...............................16
102	              3.3.4. Failover........................................17
103	              3.3.5. Restoration.....................................17
104	              3.3.6. Reversion.......................................18
105	           3.4. Nodes................................................18
106	              3.4.1. Protection-Switching Node.......................18
107	              3.4.2. Non-Protection Switching Node...................19
108	              3.4.3. Headend Node....................................19
109	              3.4.4. Backup Node.....................................19
110	              3.4.5. Merge Node......................................20
111	              3.4.6. Primary Node....................................20
112	              3.4.7. Standby Node....................................21
113	           3.5. Benchmarks...........................................21
114	              3.5.1. Failover Packet Loss............................21
115	              3.5.2. Reversion Packet Loss...........................22
116	              3.5.3. Failover Time...................................22
117	              3.5.4. Reversion Time..................................23
118	              3.5.5. Additive Backup Delay...........................23
119	           3.6 Failover Time Calculation Methods.....................24
120	              3.6.1 Time-Based Loss Method...........................24
121	              3.6.2 Packet-Loss Based Method.........................25
122	              3.6.3 Timestamp-Based Method...........................25
123	        4. Acknowledgments...........................................26
124	        5. IANA Considerations.......................................26
125	        6. Security Considerations...................................26
126	        7. References................................................26
127	        8. Authors' Addresses........................................27
128	                          Protection Performance

130	1. Introduction

132	   The IP network layer provides route convergence to protect data
133	   traffic against planned and unplanned failures in the internet. Fast
134	   convergence times are critical to maintain reliable network
135	   connectivity and performance.  Convergence Events [6] are recognized
136	   at the IP Layer so that Route Convergence [6] occurs.  Technologies
137	   that function at sub-IP layers can be enabled to provide further
138	   protection of IP traffic by providing the failure recovery at the
139	   sub-IP layers so that the outage is not observed at the IP-layer.
140	   Such sub-IP protection technologies include, but are not limited to,
141	   High Availability (HA) stateful failover, Virtual Router Redundancy
142	   Protocol (VRRP) [8], Automatic Link Protection (APS) for SONET/SDH,
143	   Resilient Packet Ring (RPR) for Ethernet, and Fast Reroute for
144	   Multi-Protocol Label Switching (MPLS-FRR) [9].

146	   1.1 Scope
147	   Benchmarking terminology was defined for IP-layer convergence in
148	   [6].  Different terminology and methodologies specific to
149	   benchmarking sub-IP layer protection mechanisms are required.  The
150	   metrics for benchmarking the performance of sub-IP protection
151	   mechanisms are measured at the IP layer, so that the results are
152	   always measured in reference to IP and independent of the specific
153	   protection mechanism being used. The purpose of this document is
154	   to provide a single terminology for benchmarking sub-IP protection
155	   mechanisms.

157	   A common terminology for Sub-IP layer protection mechanism
158	   benchmarking enables different implementations of a protection
159	   mechanism to be benchmarked and evaluated.  In addition,
160	   implementations of different protection mechanisms can be
161	   benchmarked and evaluated.  It is intended that there can exist
162	   unique methodology documents for each sub-IP protection mechanism
163	   based upon this common terminology document.  The terminology
164	   can be applied to methodologies that benchmark sub-IP protection
165	   mechanism performance with a single stream of traffic or
166	   multiple streams of traffic.  The traffic flow may be
167	   uni-directional or bi-directional as to be indicated in the
168	   methodology.

170	   1.2 General Model
171	   The sequence of events to benchmark the performance of Sub-IP
172	   Protection Mechanisms is as follows:

174	   1. Failover Event - Primary Path fails
175	   2. Failure Detection-  Failover Event is detected
176	   3. Failover - Backup Path becomes the Working Path due to Failover
177	                 Event
178	   4. Restoration - Primary Path recovers from a Failover Event
179	   5. Reversion (optional) - Primary Path becomes the Working Path

181	   These terms are further defined in this document.

183	                          Protection Performance

185	   Figures 1 through 5 show models that MAY be used when benchmarking
186	   Sub-IP Protection mechanisms, which MUST use a Protection Switching
187	   System that consists of a minimum of two Protection-Switching Nodes,
188	   an Ingress Node known as the Headend Node and an Egress Node known
189	   as the Merge Node.  The Protection Switching System MUST include
190	   either a Primary Path and Backup Path, as shown in Figures 1 through
191	   4, or a Primary Node and Standby Node, as shown in Figure 5.  A
192	   Protection Switching System may provide link protection, node
193	   protection, path protection, local link protection, and high
194	   availability, as shown in Figures 1 through 5 respectively.  A
195	   Failover Event occurs along the Primary Path or at the Primary Node.
196	   The Working Path is the Primary Path prior to the Failover Event and
197	   the Backup Path after the Failover Event.  A Tester is set outside
198	   the two paths or nodes as it sends and receives IP traffic along the
199	   Working Path.  The tester MUST record the IP packet sequence numbers,
200	   departure time, and arrival time so that the metrics of Failover
201	   Time, Additive Latency, Packet Reordering, Duplicate Packets, and
202	   Reversion Time can be measured.  The Tester may be a single device
203	   or a test system.  If Reversion is supported then the Working Path is
204	   the Primary Path after Restoration (Failure Recovery) of the Primary
205	   Path.

207	   Link Protection, as shown in Figure 1, provides protection when a
208	   Failover Event occurs on the link between two nodes along the Primary
209	   Path.  Node Protection, as shown in Figure 2, provides protection
210	   when a Failover Event occurs at a Node along the Primary Path.
211	   Path Protection, as shown in Figure 3, provides protection for link
212	   or node failures for multiple hops along the Primary Path.  Local
213	   Link Protection, as shown in Figure 4, provides Sub-IP Protection of
214	   a link between two nodes, without a Backup Node.  An example of such
215	   a Sub-IP Protection mechanism is SONET APS.  High Availability
216	   Protection, as shown in Figure 5, provides protection of a Primary
217	   Node with a redundant Standby Node.  State Control is provided
218	   between the Primary and Standby Nodes.  Failure of the Primary Node
219	   is detected at the Sub-IP layer to force traffic to switch to the
220	   Standby Node, which has state maintained for zero or minimal packet
221	   loss.

223	                      +-----------+
224	       +--------------|  Tester   |<-----------------------+
225	       |              +-----------+                        |
226	       | IP Traffic        | Failover           IP Traffic |
227	       |                   |  Event                        |
228	       |     ------------  |                 ----------    |
229	       +--->|  Ingress/  | V                | Egress/  |---+
230	            |Headend Node|------------------|Merge Node|  Primary
231	             ------------                    ----------    Path
232	                |                                ^
233	                |         ---------              |  Backup
234	                +--------| Backup  |-------------+   Path
235	                         |  Node   |
236	                          ---------
237	   Figure 1. System Under Test (SUT) for Sub-IP Link Protection
238	                          Protection Performance

240	                            +-----------+
241	       +--------------------|  Tester   |<-----------------+
242	       |                    +-----------+                  |
243	       | IP Traffic               | Failover    IP Traffic |
244	       |                          | Event                  |
245	       |                          V                        |
246	       |     ------------      --------      ----------    |
247	       +--->|  Ingress/  |    |MidPoint|    | Egress/  |---+
248	            |Headend Node|----|  Node  |----|Merge Node|  Primary
249	             ------------      --------      ----------    Path
250	                |                                ^
251	                |         ---------              |  Backup
252	                +--------| Backup  |-------------+   Path
253	                         |  Node   |
254	                          ---------

256	   Figure 2. System Under Test (SUT) for Sub-IP Node Protection

258	                               +-----------+
259	    +---------------------------|  Tester   |<----------------------+
260	    |                           +-----------+                       |
261	    | IP Traffic                      | Failover         IP Traffic |
262	    |                                 | Event                       |
263	    |                Primary Path     |                             |
264	    |     ------------      --------  |  --------     ----------    |
265	    +--->|  Ingress/  |    |MidPoint| V |Midpoint|   | Egress/  |---+
266	         |Headend Node|----|  Node  |---|  Node  |---|Merge Node|
267	          ------------      --------     --------     ----------
268	                |                                         ^
269	                |         ---------      --------         | Backup
270	                +--------| Backup  |----| Backup |--------+  Path
271	                         |  Node   |    |  Node  |
272	                          ---------      --------

274	   Figure 3. System Under Test (SUT) for Sub-IP Path Protection

276	                                  +-----------+
277	             +--------------------|  Tester   |<-------------------+
278	             |                    +-----------+                    |
279	             | IP Traffic               | Failover      IP Traffic |
280	             |                          | Event                    |
281	             |              Primary     |                          |
282	             |    +--------+  Path      v            +--------+    |
283	             |    |        |------------------------>|        |    |
284	             +--->| Ingress|                         | Egress |----+
285	                  |  Node  |- - - - - - - - - - - - >|  Node  |
286	                  +--------+      Backup Path        +--------+
287	                  |                                           |
288	                  |            IP-Layer Forwarding            |
289	                  +<----------------------------------------->+

291	   Figure 4. System Under Test (SUT) for Sub-IP Local Link Protection
292	                          Protection Performance

294	                         +-----------+
295	       +-----------------|  Tester   |<--------------------+
296	       |                 +-----------+                     |
297	       | IP Traffic            | Failover       IP Traffic |
298	       |                       | Event                     |
299	       |                       V                           |
300	       |     ---------      --------      ----------       |
301	       +--->| Ingress |    |Primary |    | Egress/  |------+
302	            |   Node  |----|  Node  |----|Merge Node|  Primary
303	             ---------      --------      ----------    Path
304	                |        State |Control       ^
305	                |    Interface |(Optional)    |
306	                |          ---------          |
307	                +---------| Standby |---------+
308	                          |  Node   |
309	                           ---------

311	Figure 5. System Under Test (SUT) for Sub-IP Redundant Node Protection

313	   Some protection switching technologies may use a series of
314	   steps that differ from the general model. The specific differences
315	   SHOULD be highlighted in each technology-specific methodology.
316	   Note that some protection switching technologies are endowed
317	   with the ability to re-optimize the working path after a
318	   node or link failure.

320	2. Existing definitions
321	   This document uses existing terminology defined in other BMWG
322	   work.  Examples include, but are not limited to:

324	          Latency                   [Ref.[2], section 3.8]
325	          Frame Loss Rate           [Ref.[2], section 3.6]
326	          Throughput                [Ref.[2], section 3.17]
327	          Device Under Test (DUT)   [Ref.[3], section 3.1.1]
328	          System Under Test (SUT)   [Ref.[3], section 3.1.2]
329	          Offered Load              [Ref.[3], section 3.5.2]
330	          Out-of-order Packet       [Ref.[4], section 3.3.2]
331	          Duplicate Packet          [Ref.[4], section 3.3.3]
332	          Forwarding Delay          [Ref.[4], section 3.2.4]
333	          Jitter                    [Ref.[4], section 3.2.5]
334	          Packet Loss               [Ref.[6], Section 3.5]
335	          Packet Reordering         [Ref.[7], section 3.3]

337	   This document has the following frequently used acronyms:
338	      DUT  Device Under Test
339	      SUT  System Under Test

341	   This document adopts the definition format in Section 2 of RFC 1242
342	   [2].  Terms defined in this document are capitalized when used
343	   within this document.

345	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
346	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
347	   document are to be interpreted as described in BCP 14, RFC 2119 [5].

349	                          Protection Performance

351	   RFC 2119 defines the use of these key words to help make the
352	   intent of standards track documents as clear as possible.  While this
353	   document uses these keywords, this document is not a standards track
354	   document.

356	3. Test Considerations

358	  3.1. Paths

360	    3.1.1 Path

362	    Definition:
363	       A unidirectional sequence of nodes, <R1, ..., Rn>, and links
364	      <L12,... L(n-1)n> with the following properties:

366	       a. R1 is the ingress node and forwards IP packets, which input
367	       into DUT/SUT, to R2 as sub-IP frames over link L12.

369	       b. Ri is a node which forwards data frames to R(i+1) over Link
370	       Li(i+1) for all i, 1<i<n-1, based on information in the sub-IP
371	       layer.

373	       c. Rn is the egress node and it outputs sub-IP frames from
374	       DUT/SUT as IP packets. L(n-1)n is the link between the R(n-1)
375	       and Rn.

377	    Discussion:
378	       The path is defined in the sub-IP layer in this document, unlike
379	       an IP path in RFC 2026 [1].   One path may be regarded as being
380	       equivalent to one IP link between two IP nodes, i.e., R1 and Rn.
381	       The two IP nodes may have multiple paths for protection.  A
382	       packet will travel on only one path between the nodes.  Packets
383	       belonging to a microflow [10] will traverse one or more paths.
384	       The path is unidirectional.  For example, the link between R1
385	       and R2 in the direction from R1 to R2 is L12.  For traffic
386	       flowing in the reverse direction from R2 to R1, the link is L21.
387	       Example paths are the SONET/SDH path and the label switched path
388	       for MPLS.

390	    Measurement units:
391	       n/a

393	    Issues:
394	       "A bidirectional path", which transmits traffic in both
395	       directions along the same nodes, consists of two unidirectional
396	       paths.  Therefore, the two unidirectional paths belonging to
397	       "one bidirectional path" will be treated independently when
398	       benchmarking for "a bidirectional path".

400	    See Also:
401	       Working Path
402	       Primary Path
403	       Backup Path
404	                          Protection Performance

406	    3.1.2. Working Path

408	    Definition:
409	       The path that the DUT/SUT is currently using to forward
410	       packets.

412	    Discussion:
413	       A Primary Path is the Working Path before occurrence of a
414	       Failover Event.  A Backup Path shall become the Working Path
415	       after a Failover Event.

417	    Measurement units:
418	       n/a

420	    Issues:

422	    See Also:
423	       Path
424	       Primary Path
425	       Backup Path

427	   3.1.3.  Primary Path

429	       Definition:
430	       The preferred point to point path for forwarding traffic
431	       between two or more nodes.

433	       Discussion:
434	       The Primary Path is the Path that traffic traverses
435	       prior to a Failover Event.

437	       Measurement units:
438	          n/a

440	        Issues:
441	          None

443	        See Also:
444	          Path
445	          Failover Event

447	    3.1.4.  Protected Primary Path

449	       Definition:
450	       A Primary Path that is protected with a Backup Path.

452	       Discussion:
453	       A Protected Primary Path must include at least one Protection
454	       Switching Node.

456	                          Protection Performance

458	       Measurement units:
459	          n/a

461	       Issues: None

463	       See Also:
464	          Path
465	          Primary Path

467	    3.1.5.  Backup Path

469	       Definition:
470	       A path that exists to carry data traffic only if a Failover
471	       Event occurs on a Primary Path.

473	       Discussion:
474	       The Backup Path shall become the Working Path upon a Failover
475	       Event.  A Path may have one or more Backup Paths.  A Backup
476	       Path may protect one or more Primary Paths.  There are various
477	       types of Backup Paths:

479	          a. dedicated recovery Backup Path (1+1) or (1:1), which has
480	          100% redundancy for a specific ordinary path,

482	          b. shared Backup Path (1:N), which is dedicated to the
483	          protection for more than one specific Primary Path

485	          c. associated shared Backup Path (M:N) for which a specific
486	          set of Backup Paths protects a specific set of more than one
487	          Primary Path.

489	       A Backup Path may be signaled or unsignaled.  The Backup Path
490	       must be created prior to the Failover Event.  The backup path
491	       generally originates at the point of local repair (PLR), and
492	       terminates at a node along a primary path.

494	       Measurement units:
495	          n/a

497	       Issues:

499	       See Also:
500	          Path
501	          Working Path
502	          Primary Path
503	                          Protection Performance

505	     3.1.6.  Standby Backup Path

507	        Definition:
508	        A Backup Path that is established prior to a Failover Event
509	        to protect a Primary Path.

511	        Discussion:
512	        The Standby Backup Path and Dynamic Backup Path provide
513	        protection, but are established at different times.

515	        Measurement units: n/a

517	        Issues: None

519	        See Also:
520	           Backup Path
521	           Primary Path
522	           Failover Event

524	     3.1.7. Dynamic Backup Path

526	        Definition:
527	        A Backup Path that is established upon occurrence of a
528	        Failover Event.

530	        Discussion:
531	        The Standby Backup Path and Dynamic Backup Path provide
532	        protection, but are established at different times.

534	        Measurement units: n/a

536	        Issues: None

538	        See Also:
539	            Backup Path
540	            Standby Backup Path
541	            Failover Event

543	     3.1.8. Disjoint Paths

545	        Definition:
546	        A pair of paths that do not share a common link or nodes.

548	        Discussion:
549	        Two paths are disjoint if they do not share a common node or link
550	        other than the ingress and egress.

552	                          Protection Performance

554	        Measurement units: n/a

556	        Issues: None

558	        See Also:
559	           Path
560	           Primary Path
561	           SRLG

563	     3.1.9. Point of Local Repair (PLR)
564	         Definition:
565	         A node capable of Failover along the Primary Path that is
566	         also the ingress node for the Backup Path to protect another
567	         node or link.

569	         Discussion:
570	         Any node along the Primary Path from the ingress node to
571	         the penultimate node may be a PLR.  The PLR may use
572	         a single Backup Path for protecting one or more Primary
573	         Paths.  There can be multiple PLRs along a Primary Path.
574	         The PLR must be an ingress to a Backup Path.  The PLR can
575	         be any node along the Primary Path except the egress node
576	         of the Primary Path.  The PLR may simultaneously be a
577	         Headend Node when it is serving the role as ingress to
578	         the Primary Path and the Backup Path.  If the PLR is
579	         also the Headend Node, then the Backup Path is a Disjoint
580	         Path from the ingress to the Merge Node.

582	         Measurement units: n/a

584	         Issues: None

586	         See Also:
587	             Primary Path
588	             Backup Path
589	             Failover

591	     3.1.10. Shared Risk Link Group (SRLG)
592	         Definition:
593	         SRLG is a set of links which share the same risk (physical
594	         or logical) within a network.

596	         Discussion:
597	         SRLG is considered the set of links to be avoided when
598	         the primary and secondary paths are considered disjoint.
599	         The SRLG will fail as a group if the shared resource
600	         (physical or anything abstract such as software version)
601	         fails.

603	         Measurement units: n/a

605	         Issues: None

607	         See Also:
608	             Path
609	             Primary Path
610	                          Protection Performance

612	   3.2. Protection
613	     3.2.1. Link Protection
614	         Definition:
615	         A Backup Path that is signaled to at least one Backup Node
616	         to protect for failure of interfaces and links along a
617	         Primary Path.

619	         Discussion:
620	         Link Protection may or may not protect the entire Primary
621	         Path.  Link protection is shown in Figure 1.

623	         Measurement units: n/a

625	         Issues: None

627	         See Also:
628	             Primary Path
629	             Backup Path

631	     3.2.2. Node Protection
632	         Definition:
633	         A Backup Path that is signaled to at least one Backup Node
634	         to protect for failure of interfaces, links, and nodes
635	         along a Primary Path.

637	         Discussion:
638	         Node Protection may or may not protect the entire Primary
639	         Path.  Node Protection also provides Link Protection.
640	         Node Protection is shown in Figure 2.

642	         Measurement units: n/a

644	         Issues: None

646	         See Also:
647	             Link Protection

649	     3.2.3. Path Protection
650	        Definition:
651	        A Backup Path that is signaled to at least one Backup Node
652	        to provide protection along the entire Primary Path.

654	        Discussion:
655	        Path Protection provides Node Protection and Link Protection
656	        for every node and link along the Primary Path.  A Backup
657	        Path providing Path Protection may have the same ingress
658	        node as the Primary Path.  Path Protection is shown in
659	        Figure 3.

661	        Measurement units: n/a

663	        Issues: None
664	                          Protection Performance

666	        See Also:
667	             Primary Path
668	             Backup Path
669	             Node Protection
670	             Link protection

672	     3.2.4. Backup Span

674	        Definition:
675	        The number of hops used by a Backup Path.

677	        Discussion:
678	        The Backup Span is an integer obtained by counting the
679	        number of nodes along the Backup Path.

681	        Measurement units:
682	             number of nodes

684	        Issues:
685	             None

687	        See Also:
688	             Primary Path
689	             Backup Path

691	     3.2.5. Local Link Protection

693	        Definition:
694	        A Backup Path that is a redundant path between two nodes
695	        which does not use a Backup Node.

697	        Discussion:
698	        Local Link Protection must be provided as a Backup Path
699	        between two nodes along the Primary Path without the use
700	        of a Backup Node.  Local Link Protection is provided by
701	        Protection Switching Systems such as SONET APS.  Local
702	        Link Protection is shown in Figure 4.

704	        Measurement units: None

706	        Issues: None

708	        See Also:
709	        Backup Path
710	        Backup Node
711	                          Protection Performance

713	     3.2.6. Redundant Node Protection

715	        Definition:
716	        A Protection Switching System with a Primary Node
717	        protected by a Standby Node along the Primary Path.

719	        Discussion:
720	        Redundant Node Protection is provided by Protection
721	        Switching Systems such as VRRP and HA.  The protection
722	        mechanisms occur at Sub-IP layers to switch traffic from
723	        a Primary Node to Backup Node upon a Failover Event at
724	        the Primary Node.  Traffic continues to traverse the
725	        Primary Path through the Standby Node.  The failover may
726	        be stateful, in which the state information may be
727	        exchanged in-band or over an out-of-band state control
728	        interface.  The Standby Node may be active or passive.
729	        Redundant Node Protection is shown in Figure 5.

731	        Measurement units: None

733	        Issues: None

735	        See Also:
736	        Primary Path
737	        Primary Node
738	        Standby Node

740	     3.2.7. State Control Interface

742	        Definition:
743	        An out-of-band control interface used to exchange state
744	        information between the Primary Node and Standby Node.

746	        Discussion:
747	        The State Control Interface may be used for Redundant Node
748	        Protection. The State Control Interface should be out-of-band.
749	        It is possible to have Redundant Node Protection in which
750	        there is no state control or state control is provided
751	        in-band.  The State Control Interface between the Primary
752	        and Standby Node may be one or more hops.

754	        Measurement units: None

756	        Issues: None

758	        See Also:
759	        Primary Node
760	        Standby Node
761	                          Protection Performance

763	     3.2.8. Protected Interface

765	        Definition:
766	        An interface along the Primary Path that is protected by
767	        a Backup Path.

769	        Discussion:
770	        A Protected Interface is an interface protected by a
771	        Protection Switching System that provides Link
772	        Protection, Node Protection, Path Protection, Local
773	        Link Protection, and Redundant Node Protection.

775	        Measurement units: None

777	        Issues: None

779	        See Also:
780	           Primary Path
781	           Backup Path

783	   3.3. Protection Switching

785	     3.3.1.  Protection Switching System

787	        Definition:
788	          A DUT/SUT that is capable of Failure Detection and Failover
789	          from a Primary Path to a Backup Path or Standby Node when a
790	          Failover Event occurs.

792	        Discussion:
793	          The Protection Switching System must include either a
794	          Primary Path and Backup Path, as shown in Figures 1 through
795	          4, or a Primary Node and Standby Node, as shown in Figure
796	          5.  The Backup Path may be a Standby Backup Path or a
797	          dynamic Backup Path.  The Protection Switching System
798	          includes the mechanisms for both Failure Detection and
799	          Failover.

801	        Measurement units: n/a

803	        Issues: None

805	        See Also:
806	             Primary Path
807	             Backup Path
808	             Failover

810	     3.3.2.  Failover Event

812	       Definition:
813	       The occurrence of a planned or unplanned action in the network
814	       that results in a change in the Path that data traffic traverses.

816	                          Protection Performance

818	       Discussion:
819	       Failover Events include, but are not limited to, link failure
820	       and router failure.  Routing changes are considered Convergence
821	       Events [6] and are not Failover Events.  This restricts
822	       Failover Events to sub-IP layers. Failover may be at the PLR or
823	       at the ingress. If the failover is at the ingress it is
824	       generally on a disjoint path from the ingress to egress.

826	       Failover Events may results from failures such as link failure
827	       or router failure.  The change in path after Failover may have
828	       a Backup Span of one or more nodes.  Failover Events are
829	       distinguished from routing changes and Convergence Events [6]
830	       by the detection of the failure and subsequent protection
831	       switching at a sub-IP layer.  Failover occurs at a Point of
832	       Local Repair (PLR) or Primary Node.

834	       Measurement units:
835	          n/a

837	       Issues: None

839	       See Also:
840	          Path
841	          Failure Detection
842	          Disjoint Path

844	     3.3.3.  Failure Detection

846	       Definition:
847	       The process to identify at a sub-IP layer a Failover Event
848	       at a Primary Node or along the Primary Path.

850	       Discussion:
851	       Failure Detection occurs at the Primary Node or ingress node
852	       of the Primary  Path.  Failure Detection occurs via a sub-IP
853	       mechanism such as detection of a link down event or timeout for
854	       receipt of a control packet. A failure may be completely
855	       isolated. A failure may affect a set of links which share a
856	       single SRLG (e.g. port with many sub-interfaces). A failure may
857	       affect multiple links that are not part of SRLG.

859	       Measurement units: n/a

861	       Issues:

863	       See Also:
864	         Primary Path
865	                          Protection Performance

867	     3.3.4.  Failover

869	        Definition:
870	        The process to switch data traffic from the protected Primary
871	        Path to the Backup Path upon Failure Detection of a Failover
872	        Event.

874	        Discussion:
875	        Failover to a Backup Path provides Link Protection, Node
876	        Protection, or Path Protection.  Failover is complete when
877	        Packet Loss [6], Out-of-order Packets [4], and Duplicate
878	        Packets [4] are no longer observed.  Forwarding Delay [4]
879	        may continue to be observed.

881	        Measurement units:
882	            n/a

884	        Issues:

886	        See Also:
887	             Primary Path
888	             Backup Path
889	             Failover Event

891	     3.3.5.  Restoration

893	        Definition:
894	        The state of failover recovery in which the Primary Path
895	        has recovered from a Failover Event, but is not yet
896	        forwarding packets because the Backup Path remains the
897	        Working Path.

899	        Discussion:
900	        Restoration must occur while the Backup Path is the
901	        Working Path.  The Backup Path is maintained as the
902	        Working Path during Restoration.  Restoration produces
903	        a Primary Path that is recovered from failure, but is
904	        not yet forwarding traffic.  Traffic is still being
905	        forwarded by the Backup Path functioning as the Working
906	        Path.

908	        Measurement units:
909	            n/a

911	        Issues:

913	        See Also:
914	            Primary Path
915	            Failover Event
916	            Failure Recovery
917	            Working Path
918	            Backup Path
919	                          Protection Performance

921	     3.3.6.  Reversion

923	        Definition:
924	        The state of failover recovery in which the Primary Path has
925	        become the Working Path so that it is forwarding packets.

927	        Discussion:
928	        Protection Switching Systems may or may not support Reversion.
929	        Reversion, if supported, must occur after Restoration.
930	        Packet forwarding on the Primary Path resulting from Reversion
931	        may occur either fully or partially over the Primary Path.  A
932	        potential problem with Reversion is the discontinuity in end to
933	        end delay when the Forwarding Delays [4] along the Primary Path
934	        and Backup Path are different, possibly causing Out of Order
935	        Packets [4], Duplicate Packets [4], and increased Jitter [4].

937	        Measurement units: n/a

939	        Issues: None

941	        See Also:
942	            Protection Switching System
943	            Working Path
944	            Primary Path

946	   3.4. Nodes

948	     3.4.1.  Protection-Switching Node

950	         Definition:
951	         A node that is capable of participating in a Protection
952	         Switching System.

954	         Discussion:
955	         The Protection Switching Node may be an ingress or egress for
956	         a Primary Path or Backup Path, such as used for MPLS Fast
957	         Reroute configurations.  The Protection Switching Node may
958	         provide Redundant Node Protection as a Primary Node in a
959	         Redundant chassis configuration with a Standby Node, such as
960	         used for VRRP and HA configurations.

962	         Measurement units:
963	             n/a

965	         Issues:

967	         See Also:
968	             Protection Switching System
969	                          Protection Performance

971	     3.4.2.  Non-Protection Switching Node

973	         Definition:
974	         A node that is not capable of participating in a Protection
975	         Switching System, but may exist along the Primary Path or
976	         Backup Path.

978	         Discussion:

980	         Measurement units:
981	             n/a

983	         Issues:

985	         See Also:
986	             Protection Switching System
987	             Primary Path
988	             Backup Path

990	     3.4.3.  Headend Node
991	        Definition:
992	        The ingress node of the Primary Path.

994	        Discussion:
995	        The Headend Node may also be a PLR when it is serving in
996	        the dual role as the ingress to the Backup Path.

998	        Measurement units: n/a

1000	        Issues:

1002	        See Also:
1003	             Primary Path
1004	             Point of Local Repair (PLR)
1005	             Failover

1007	     3.4.4.  Backup Node
1008	        Definition:
1009	        A node along the Backup Path.

1011	        Discussion:
1012	        The Backup Node can be any node along the Backup Path.
1013	        There may be one or more Backup Nodes along the Backup Path.
1014	        A Backup Node may be the ingress, mid-point, or egress of
1015	        the Backup Path.  If the Backup Path has only one Backup
1016	        Node, then that Backup Node is the ingress and egress of the
1017	        Backup Path.

1019	                          Protection Performance

1021	        Measurement units: n/a

1023	        Issues:

1025	        See Also:
1026	             Backup Path

1028	       3.4.5.  Merge Node
1029	         Definition:
1030	             A node along the Primary Path where Backup Path terminates.

1032	         Discussion:
1033	             The Merge Node can be any node along the Primary Path
1034	             except the ingress node of the Primary Path.  There can be
1035	             multiple Merge Nodes along a Primary Path.  A Merge Node
1036	             can be the egress node for a single or multiple Backup
1037	             Paths.  The Merge Node must be the egress to the Backup
1038	             Path.  The Merge Node may also be the egress of the
1039	             Primary Path or Point of Local Repair (PLR).

1041	         Measurement units:
1042	             n/a

1044	         Issues:

1046	         See Also:
1047	             Primary Path
1048	             Backup Path
1049	             PLR
1050	             Failover

1052	     3.4.6. Primary Node

1054	        Definition:
1055	        A node along the Primary Path that is capable of Failover to a
1056	        redundant Standby Node.

1058	        Discussion:
1059	        The Primary Node may be used for Protection Switching Systems
1060	        that provide Redundant Node Protection, such as VRRP and HA

1062	        Measurement units: n/a

1064	        Issues:

1066	        See Also:
1067	             Protection Switching System
1068	             Redundant Node Protection
1069	             Standby Node
1070	                          Protection Performance

1072	     3.4.7.  Standby Node

1074	        Definition:
1075	        A redundant node to a Primary Node that forwards traffic along
1076	        the Primary Path upon Failure Detection of the Primary Node.

1078	        Discussion:
1079	        The Standby Node must be used for Protection Switching
1080	        Systems that provide Redundant Node Protection, such as VRRP
1081	        and HA.  The Standby Node must provide protection along the
1082	        same Primary Path.  If the failover is to a Disjoint Path then
1083	        it is a Backup Node.  The Standby Node may be configured
1084	        for 1:1 or N:1 protection.

1086	        The communication between the Primary Node and Standby Node
1087	        may be in-band or across an out-of-band State Control
1088	        interface.  The Standby Node may be geographically dispersed
1089	        from the Primary Node.  When geographically dispersed, the
1090	        number of hops of separation may increase failover time.

1092	        The Standby Node may be passive or active.  The Passive Standby
1093	        Node is not offered traffic and does not forward traffic until
1094	        Failure Detection of the Primary Node.  Upon Failure Detection
1095	        of the Primary Node, traffic offered to the Primary Node is
1096	        instead offered to the Passive Standby Node.  The Active
1097	        Standby Node is offered traffic and forwards traffic along the
1098	        Primary Path while the Primary Node is also active.  Upon
1099	        Failure Detection of the Primary Node, traffic offered to the
1100	        Primary Node is switched to the Active Standby Node.

1102	        Measurement units: n/a

1104	        Issues:

1106	        See Also:
1107	             Primary Node
1108	             State Control Interface

1110	     3.5.  Benchmarks

1112	      3.5.1.  Failover Packet Loss
1113	        Definition:
1114	        The amount of packet loss produced by a Failover Event until
1115	        Failover completes, where the measurement begins when the last
1116	        unimpaired packet is received by the Tester on the Protected
1117	        Primary Path and ends when the first unimpaired packet is
1118	        received by the Tester on the Backup Path.

1120	                          Protection Performance

1122	        Discussion:
1123	        Packet loss can be observed as a reduction of forwarded
1124	        traffic from the maximum forwarding rate.  Failover Packet
1125	        Loss includes packets that were lost, reordered, or delayed.
1126	        Failover Packet Loss may reach 100% of the offered load.

1128	        Measurement units:
1129	          Number of Packets

1131	        Issues:  None

1133	        See Also:
1134	           Failover Event
1135	           Failover

1137	      3.5.2.   Reversion Packet Loss

1139	        Definition:
1140	        The amount of packet loss produced by Reversion, where the
1141	        measurement begins when the last unimpaired packet is received
1142	        by the Tester on the Backup Path and ends when the first
1143	        unimpaired packet is received by the Tester on the Protected
1144	        Primary Path .

1146	        Discussion:
1147	        Packet loss can be observed as a reduction of forwarded
1148	        traffic from the maximum forwarding rate.  Reversion Packet
1149	        Loss includes packets that were lost, reordered, or delayed.
1150	        Reversion Packet Loss may reach 100% of the offered load.

1152	         Measurement units: Number of Packets

1154	         Issues:  None

1156	         See Also:
1157	           Reversion

1159	      3.5.3. Failover Time

1161	        Definition:
1162	         The amount of time it takes for Failover to successfully
1163	         complete.

1165	        Discussion:
1166	        Failover Time can be calculated using the Time-Based Loss
1167	        Method (TBLM), Packet-Loss Based Method (PLBM), or
1168	        Timestamp-Based Method (TBM).  It is RECOMMENDED that the
1169	        TBM is used.

1171	                          Protection Performance

1173	        Measurement units:
1174	           milliseconds

1176	        Issues: None

1178	        See Also:
1179	           Failover
1180	           Failover Time
1181	           Time-Based Loss Method (TBLM)
1182	           Packet-Loss Based Method (PLBM)
1183	           Timestamp-Based Method (TBM)

1185	      3.5.4.  Reversion Time

1187	        Definition:
1188	        The amount of time it takes for Reversion to complete so
1189	        that the Primary Path is restored as the Working Path.

1191	        Discussion:
1192	        Reversion Time can be calculated using the Time-Based Loss
1193	        Method (TBLM), Packet-Loss Based Method (PLBM), or
1194	        Timestamp-Based Method (TBM).  It is RECOMMENDED that the
1195	        TBM is used.

1197	        Measurement units:
1198	           milliseconds

1200	        Issues: None

1202	        See Also:
1203	           Reversion
1204	           Primary Path
1205	           Working Path
1206	           Reversion Packet Loss
1207	           Time-Based Loss Method (TBLM)
1208	           Packet-Loss Based Method (PLBM)
1209	           Timestamp-Based Method (TBM)

1211	      3.5.5.  Additive Backup Delay

1213	        Definition:
1214	        The amount of increased Forwarding Delay [4] resulting
1215	        from data traffic traversing the Backup Path instead of
1216	        the Primary Path.

1218	        Discussion:
1219	        Additive Backup Delay is calculated using Equation 1 as
1220	        shown below:

1222	        (Equation 1)
1223	        Additive Backup Delay =
1224	                  Forwarding Delay(Backup Path) -
1225	                  Forwarding Delay(Primary Path).

1227	                          Protection Performance

1229	        Measurement units:
1230	           milliseconds

1232	        Issues:
1233	        Additive Backup Latency may be a negative result.
1234	        This is theoretically possible, but could be indicative
1235	        of a sub-optimum network configuration .

1237	        See Also:
1238	           Primary Path
1239	           Backup Path
1240	           Primary Path Latency
1241	           Backup Path Latency

1243	     3.6 Failover Time Calculation Methods
1244	        The following Methods may be assessed on a per-flow basis using
1245		at least 16 flows spread over the routing table (more flows is
1246	        better). Otherwise, the impact of a prefix-dependency in the
1247	        implementation of a particular protection technology could be
1248	        missed. However, the test designer must be aware of the number
1249	        of packets per second sent to each prefix, as this establishes
1250	        sampling of the path and the time resolution for measurement
1251	        of Failover time on a per-flow basis.

1253	     3.6.1 Time-Based Loss Method (TBLM)

1255	      Definition:
1256	      The method to calculate Failover Time (or Reversion Time) using a
1257	      time scale on the Tester to measure the interval of Failover
1258	      Packet Loss.

1260	      Discussion:
1261	      The Tester must provide statistics which show the duration of
1262	      failure on a time scale based on occurrence of packet loss on
1263	      a time scale.  This is indicated by the duration of non-zero
1264	      packet loss.  The TBLM includes failure detection time and
1265	      time for data traffic to begin traversing the Backup Path.
1266	      Failover Time and Reversion Time are calculated using the
1267	      TBLM as shown in Equation 2:

1269	      (Equation 2)
1270	          (Equation 2a)
1271	          TBLM Failover Time = Time(Failover) - Time(Failover Event)

1273	          (Equation 2b)
1274	          TBLM Reversion Time = Time(Reversion) - Time(Restoration)

1276	      Where as Time(Failover)= Time on the tester at the receipt of the
1277	      first unimpaired packet at egress node after the backup path
1278	      became the working path

1280	      Time(Failover Event)= Time on the tester at the receipt of the
1281	      last unimpaired packet at egress node on the primary path
1282	      before failure

1284	      Measurement units:
1285	         milliseconds

1287	      Issues:
1288	         None
1289	                          Protection Performance
1290	      See Also:
1291	         Failover
1292	         Packet-Loss Based Method

1294	    3.6.2 Packet-Loss Based Method (PLBM)

1296	      Definition:
1297	      The method used to calculate Failover Time (or Reversion Time)
1298	      from the amount of Failover Packet Loss.

1300	      Discussion:
1301	      PLBM includes failure detection time and time for data traffic to
1302	      begin traversing the Backup Path.  Failover Time can be
1303	      calculated using PLBM from the amount Failover Packet Loss as
1304	      shown below in Equation 3. Note: If traffic is sent to more than 1
1305	      destination, PLBM gives the average loss over the measured
1306	      destinations

1308	      (Equation 3)
1309	           (Equation 3a)
1310	           PLBM Failover Time =
1311	              (Number of packets lost /
1312	                       Offered Load rate) * 1000)

1314	           (Equation 3b)
1315	           PLBM Restoration Time =
1316	              (Number of packets lost /
1317	                       Offered Load rate) * 1000)

1319	           Units are packets/(packets/second) = seconds

1321	      Measurement units:
1322	         milliseconds

1324	      Issues:
1325	         None

1327	      See Also:
1328	         Failover
1329	         Time-Based Loss Method

1331	     3.6.3 Timestamp-Based Method (TBM)

1333	      Definition:
1334	      The method to calculate Failover Time (or Reversion Time)
1335	      using a time scale to quantify the interval between
1336	      unimpaired packets arriving in the test stream.

1338	      Discussion:
1339	      The purpose of this method is to quantify the duration of
1340	      failure or reversion on a time scale based on the
1341	      observation of unimpaired packets.  The TBM is calculated
1342	      from Equation 2 with the values obtained from the timestamp
1343	      in the packet payload, rather than from the Tester clock as
1344	      is used for the values when using the TBLM.

1346	      Unimpaired packets are normal packets that are not lost,
1347	      reordered, or duplicated.  A reordered packet is defined in
1348	                          Protection Performance

1350	      [10, section 3.3].  A duplicate packet is defined in
1351	      [4, section 3.3.3].  A lost packet is defined in
1352	      [7, Section 3.5].  Unimpaired packets may be detected by checking
1353	      a sequence number in the payload, where the sequence number equals
1354	      the next expected number for an unimpaired packet.  A sequence gap
1355	      or sequence reversal indicates impaired packets.

1357	      For calculating Failover Time, the TBM includes failure
1358	      detection time and time for data traffic to begin traversing the
1359	      Backup Path.  For calculating Reversion Time, the TBM includes
1360	      Reversion Time and time for data traffic to begin traversing the
1361	      Primary Path.

1363	      Measurement units:
1364	         milliseconds

1366	      Issues: None

1368	      See Also:
1369	         Failover
1370	         Failover Time
1371	         Reversion
1372	         Reversion Time

1374	4. Acknowledgements
1375	     We would like thank the BMWG and particularly Al Morton and Curtis
1376	     Villamizar for their reviews, comments, and contributions to this
1377	     work.

1379	5. IANA Considerations
1380	     This document requires no IANA considerations.

1382	6. Security Considerations

1384	   Benchmarking activities as described in this memo are limited to
1385	   technology characterization using controlled stimuli in a laboratory
1386	   environment, with dedicated address space and the constraints
1387	   specified in the sections above.

1389	   The benchmarking network topology will be an independent test setup
1390	   and MUST NOT be connected to devices that may forward the test
1391	   traffic into a production network, or misroute traffic to the test
1392	   management network.

1394	   Further, benchmarking is performed on a "black-box" basis, relying
1395	   solely on measurements observable external to the DUT/SUT.

1397	   Special capabilities SHOULD NOT exist in the DUT/SUT specifically for
1398	   benchmarking purposes.  Any implications for network security arising
1399	   from the DUT/SUT SHOULD be identical in the lab and in production
1400	   networks.

1402	                          Protection Performance

1404	7. References
1405	7.1. Normative References
1406	     [1] Bradner, S., "The Internet Standards Process -- Revision 3",
1407	         RFC 2026, October 1996.

1409	     [2] Bradner, S., Editor, "Benchmarking Terminology for
1410	         Network Interconnection Devices", RFC 1242, July 1991.

1412	     [3] Mandeville, R., "Benchmarking Terminology for LAN
1413	         Switching Devices", RFC 2285, February 1998.
1414	     [4] Poretsky, S., et al., "Terminology for Benchmarking
1415	         Network-layer Traffic Control Mechanisms", RFC 4689,
1416	         November 2006.

1418	     [5] Bradner, S., "Key words for use in RFCs to Indicate
1419	         Requirement Levels", RFC 2119, July 1997.

1421	     [6] Poretsky, S., Imhoff, B., "Benchmarking Terminology for IGP
1422	         Convergence", draft-ietf-bmwg-igp-dataplane-conv-term-21,
1423	         work in progress, May 2010.

1425	     [7] Morton, A., et al, "Packet Reordering Metrics", RFC 4737,
1426	          November 2006.

1428	     [8] Hinden, R., "Virtual Router Redundancy Protocol", RFC 5798,
1429	          March 2010.

1431	7.2. Informative References

1433	     [9] Pan., P. et al, "Fast Reroute Extensions to RSVP-TE for LSP
1434	         Paths", RFC 4090, May 2005.

1436	     [10] Nichols, K., et al, "Definition of the Differentiated
1437	         Services Field (DS Field) in the IPv4 and IPv6 Headers",
1438	         RFC 2474, December 1998.

1440	8.  Authors' Addresses

1442	   Scott Poretsky
1443	   Allot Communications
1444	   67 South Bedford Street, Suite 400
1445	   Burlington, MA 01803
1446	   USA
1447	   Phone: + 1 508 309 2179
1448	   Email: sporetsky@allot.com
1449	                          Protection Performance

1451	   Rajiv Papneja
1452	   Isocore
1453	   12359 Sunrise Valley Drive
1454	   Reston, VA 22102
1455	   USA
1456	   Phone: +1 703 860 9273
1457	   Email: rpapneja@isocore.com

1459	   Jay Karthik
1460	   Cisco Systems
1461	   300 Beaver Brook Road
1462	   Boxborough, MA 01719
1463	   USA
1464	   Phone: +1 978 936 0533
1465	   Email: jkarthik@cisco.com

1467	   Samir Vapiwala
1468	   Cisco System
1469	   300 Beaver Brook Road
1470	   Boxborough, MA 01719
1471	   USA
1472	   Phone: +1 978 936 1484
1473	   Email: svapiwal@cisco.com