Network Working Group                         S. Poretsky              
 Internet Draft                                NextPoint Networks            
 Expires: August 2008                                   
 Intended Status: Informational                R. Papneja  	    
                                               Isocore 

                                               J. Karthik
                                               Cisco Systems

                                               S. Vapiwala
                                               Cisco Systems

                                               February 25, 2008 
                     
         Benchmarking Terminology for Protection Performance 

             <draft-ietf-bmwg-protection-term-04.txt > 

Intellectual Property Rights (IPR) statement:
   By submitting this Internet-Draft, each author represents that any 
   applicable patent or other IPR claims of which he or she is aware 
   have been or will be disclosed, and any of which he or she becomes 
   aware will be disclosed, in accordance with Section 6 of BCP 79.

Status of this Memo

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months 
   and may be updated, replaced, or obsoleted by other documents at any 
   time.  It is inappropriate to use Internet-Drafts as reference 
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice
   Copyright (C) The IETF Trust (2008).  

Abstract 
  This document provides common terminology and metrics for benchmarking 
  the performance of sub-IP layer protection mechanisms. The performance 
  benchmarks are measured at the IP-Layer, so avoid dependence on 
  specific sub-IP protection mechanisms. The benchmarks and terminology 
  can be applied in methodology documents for different sub-IP layer 
  protection mechanisms such as Automatic Protection Switching (APS), 
  Virtual Router Redundancy Protocol (VRRP), Stateful High Availability 
  (HA), and Multi-Protocol Label Switching Fast Reroute (MPLS-FRR).   

Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 1] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
 Table of Contents          
        1. Introduction..............................................3 
        2. Existing definitions......................................6 
        3. Test Considerations.......................................7 
           3.1. Paths................................................7
              3.1.1. Path............................................7 
              3.1.2. Working Path....................................8 
              3.1.3. Primary Path....................................8 
              3.1.4. Protected Primary Path..........................8 
              3.1.5. Backup Path.....................................9 
              3.1.6. Standby Backup Path.............................10 
              3.1.7. Dynamic Backup Path.............................10 
              3.1.8. Disjoint Paths..................................10 
              3.1.9. Point of Local repair (PLR).....................11 
              3.1.10. Shared Risk Link Group (SRLG)..................11
           3.2. Protection Mechanisms................................12
              3.2.1. Link Protection.................................12 
              3.2.2. Node Protection.................................12 
              3.2.3. Path Protection.................................12 
              3.2.4. Backup Span.....................................13 
              3.2.5. Local Link Protection...........................13
              3.2.6. Redundant Node Protection.......................14
              3.2.7  State Control Interface.........................14
              3.2.8. Protected Interface.............................15
           3.3. Protection Switching.................................15 
              3.3.1. Protection Switching System.....................15 
              3.3.2. Failover Event..................................15 
              3.3.3. Failure Detection...............................16 
              3.3.4. Failover........................................17 
              3.3.5. Restoration.....................................17 
              3.3.6. Reversion.......................................18 
           3.4. Nodes................................................18 
              3.4.1. Protection-Switching Node.......................18 
              3.4.2. Non-Protection Switching Node...................19 
              3.4.3. Headend Node....................................19
              3.4.4. Backup Node.....................................19
              3.4.5. Merge Node......................................20 
              3.4.6. Primary Node....................................20
              3.4.7. Standby Node....................................21  
           3.5. Benchmarks...........................................21 
              3.5.1. Failover Packet Loss............................21 
              3.5.2. Reversion Packet Loss...........................22 
              3.5.3. Failover Time...................................22 
              3.5.4. Reversion Time..................................23 
              3.5.5. Additive Backup Latency.........................23 
           3.6 Failover Time Calculation Methods.....................24
              3.6.1 Time-Based Loss Method...........................24
              3.6.2 Packet-Loss Based Method.........................25
              3.6.3 Timestamp-Based Method...........................25
        4. Acknowledgments...........................................26 
        5. IANA Considerations.......................................26 
        6. Security Considerations...................................26 
        7. References................................................26 
        8. Author's Address..........................................27 
Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 2] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

1. Introduction 

   The IP network layer provides route convergence to protect data  
   traffic against planned and unplanned failures in the internet. 
   Fast convergence times are critical to maintain reliable network  
   connectivity and performance.  Technologies that function at sub-IP  
   layers can be enabled to provide further protection of IP  
   traffic by providing the failure recovery at the sub-IP layers so  
   that the outage is not observed at the IP-layer.  Such Sub-IP
   Protection technologies include High Availability (HA) stateful 
   failover, Virtual Router Redundancy Protocol (VRRP), Automatic Link 
   Protection (APS) for SONET/SDH, Resilient Packet Ring (RPR) for 
   Ethernet, and Fast Reroute for Multi-Protocol Label Switching 
   (MPLS-FRR) [8].   
         
   Benchmarking terminology have been defined for IP-layer route 
   convergence [7].  New terminology and methodologies specific 
   to benchmarking sub-IP layer protection mechanisms are required.  
   This will enable different implementations of the same 
   protection mechanisms to be benchmarked and evaluated. In 
   addition, different protection mechanisms can be benchmarked and  
   evaluated.  The metrics for benchmarking the performance of sub-IP  
   protection mechanisms are measured at the IP layer, so that the  
   results are always measured in reference to IP and independent of  
   the specific protection mechanism being used. The purpose of this  
   document is to provide a single terminology for benchmarking sub-IP 
   protection mechanisms.  It is intended that there can exist unique  
   methodology documents for each sub-IP protection mechanism. The 
   sequence of events is as follows:
   
   1. Failover Event - Primary Path fails
   2. Failure Detection-  Failover Event is detected
   3. Failover - Backup Path becomes the Working Path due to Failover 
                 Event
   4. Restoration - Primary Path recovers from a Failover Event 
   5. Reversion (optional) - Primary Path becomes the Working Path
   
   These terms are further defined in this document.  Figures 1 
   through 5 show fundamental models that MAY be used in 
   benchmarking Sub-IP Protection mechanisms.  Sub-IP Protection 
   mechanisms MUST use a Protection Switching System that consists 
   of a minimum of two Protection-Switching Nodes, an Ingress Node 
   known as the Headend Node and an Egress Node known as the Merge 
   Node.  The protection MAY be provided with either a Primary 
   Path and Backup Path, as shown in Figures 1 through 4, or a 
   Primary Node and Standby Node, as shown in Figure 5.  

   A Protection Switching System may provide link protection, node
   protection, path protection, local link protection, and high 
   availability, as shown in Figures 1 through 5 respectively.
   A Failover Event occurs along the Primary Path or at the Primary 

Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 3] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

   Node.  The Working Path is the Primary Path prior to the Failover 
   Event and the Backup Path after the Failover Event.  A Tester is 
   set outside the two paths or nodes as it sends and receives IP 
   traffic along the Working Path.  The tester MUST record the IP 
   packet sequence numbers, departure time, and arrival time so that 
   the metrics of Failover Time, Additive Latency, Packet Reordering, 
   Duplicate Packets, and Reversion Time can be measured.  The Tester 
   may be a single device or a test system.  If Reversion is 
   supported then the Working Path is the Primary Path after 
   Restoration (Failure Recovery) of the Primary Path.  

   Link Protection, as shown in Figure 1, provides protection
   when a Failover Event occurs on the link between two nodes along 
   the Primary Path.  Node Protection, as shown in Figure 2, 
   provides protection when a Failover Event occurs at a Node along 
   the Primary Path.  Path Protection, as shown in Figure 3,
   provides protection for link or node failures for multiple hops
   along the Primary Path.  Local Link Protection, as shown in 
   Figure 4, provides Sub-IP Protection of a link between two nodes, 
   without a Backup Node.  An example of such a Sub-IP Protection
   mechanism is SONET APS.  High Availability Protection, as shown 
   in Figure 5, provides protection of a Primary Node with a 
   redundant Standby Node.  State Control is provided between the 
   Primary and Standby Nodes.  Failure of the Primary Node is 
   detected at the Sub-IP layer to force traffic to switch to
   the Standby Node, which has state maintained for zero or minimal
   packet loss.

                      +-----------+ 
       +--------------|  Tester   |<-----------------------+ 
       |              +-----------+                        | 
       | IP Traffic        | Failover           IP Traffic | 
       |                   |  Event                        | 
       |                   |                               | 
       |     ------------  |                 ----------    |   
       +--->|  Ingress/  | V                | Egress/  |---+ 
            |Headend Node|------------------|Merge Node|  Primary
             ------------                    ----------    Path    
                |                                ^
                |         ---------              |  Backup
                +--------| Backup  |-------------+   Path
                         |  Node   |
                          ---------
                                    
   Figure 1. System Under Test (SUT) for Sub-IP Link Protection

Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 4] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

                            +-----------+ 
       +--------------------|  Tester   |<-----------------+ 
       |                    +-----------+                  | 
       | IP Traffic               | Failover    IP Traffic | 
       |                          | Event                  | 
       |                          V                        | 
       |     ------------      --------      ----------    |   
       +--->|  Ingress/  |    |MidPoint|    | Egress/  |---+ 
            |Headend Node|----|  Node  |----|Merge Node|  Primary
             ------------      --------      ----------    Path    
                |                                ^
                |         ---------              |  Backup
                +--------| Backup  |-------------+   Path
                         |  Node   |
                          ---------
                                    
   Figure 2. System Under Test (SUT) for Sub-IP Node Protection

                               +-----------+ 
    +---------------------------|  Tester   |<----------------------+ 
    |                           +-----------+                       | 
    | IP Traffic                      | Failover         IP Traffic | 
    |                                 | Event                       | 
    |                Primary Path     |                             | 
    |     ------------      --------  |  --------     ----------    |   
    +--->|  Ingress/  |    |MidPoint| V |Midpoint|   | Egress/  |---+ 
         |Headend Node|----|  Node  |---|  Node  |---|Merge Node|  
          ------------      --------     --------     ----------       
                |                                         ^
                |         ---------      --------         | Backup
                +--------| Backup  |----| Backup |--------+  Path  
                         |  Node   |    |  Node  |  
                          ---------      --------
                                    
   Figure 3. System Under Test (SUT) for Sub-IP Path Protection
      
                                  +-----------+ 
             +--------------------|  Tester   |<-------------------+ 
             |                    +-----------+                    | 
             | IP Traffic               | Failover      IP Traffic | 
             |                          | Event                    | 
             |              Primary     |                          | 
             |    +--------+  Path      v            +--------+    | 
             |    |        |------------------------>|        |    | 
             +--->| Ingress|                         | Egress |----+ 
                  |  Node  |- - - - - - - - - - - - >|  Node  | 
                  +--------+      Backup Path        +--------+ 
                  ^                                           ^   
                  |            IP-Layer Forwarding            | 
                  +-------------------------------------------+ 

   Figure 4. System Under Test (SUT) for Sub-IP Local Link Protection
Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 5] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  


                         +-----------+ 
       +-----------------|  Tester   |<--------------------+ 
       |                 +-----------+                     | 
       | IP Traffic            | Failover       IP Traffic | 
       |                       | Event                     | 
       |                       V                           | 
       |     ---------      --------      ----------       |   
       +--->| Ingress |    |Primary |    | Egress/  |------+ 
            |   Node  |----|  Node  |----|Merge Node|  Primary
             ---------      --------      ----------    Path    
                |        State |Control       ^
                |    Interface |(Optional)    |
                |          ---------          |  
                +---------| Standby |---------+   
                          |  Node   |
                           ---------
                                    
Figure 5. System Under Test (SUT) for Sub-IP Redundant Node Protection


2. Existing definitions        
   This document uses existing terminology defined in other BMWG 
   work.  Examples include, but are not limited to: 
      
          Latency                   [Ref.[2], section 3.8] 
          Frame Loss Rate           [Ref.[2], section 3.6] 
          Throughput                [Ref.[2], section 3.17] 
          Device Under Test (DUT)   [Ref.[3], section 3.1.1] 
          System Under Test (SUT)   [Ref.[3], section 3.1.2] 
          Out-of-order Packet       [Ref.[4], section 3.3.2] 
          Duplicate Packet          [Ref.[4], section 3.3.3]
          Forwarding Delay          [Ref.[4], section 3.2.4]
          Jitter                    [Ref.[4], section 3.2.5]
          Packet Loss               [Ref.[7], Section 3.5] 
          Packet Reordering         [Ref.[10], section 3.3]
      
   This document has the following frequently used acronyms:
      DUT  Device Under Test
      SUT  System Under Test

   This document adopts the definition format in Section 2 of RFC 1242
   [2]. 
      
   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119 [5].  
   RFC 2119 defines the use of these key words to help make the
   intent of standards track documents as clear as possible.  While this
   document uses these keywords, this document is not a standards track
   document.

Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 6] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
          
3. Test Considerations 
   
  3.1. Paths  

    3.1.1 Path 
      
    Definition: 
       A unidirectional sequence of nodes, <R1, ..., Rn>, and links 
      <L12,... L(n-1)n> with the following properties: 
       
       a. R1 is the ingress node and forwards IP packets, which input 
       into DUT/SUT, to R2 as sub-IP frames over link L12. 
       
       b. Ri is a node which forwards data frames to R[i+1] over Link 
       Li[i+1] for all i, 1<i<n, based on information in the sub-IP 
       layer. 
       
       c. Rn is the egress node and it outputs sub-IP frames from 
       DUT/SUT as IP packets. 
                  
    Discussion: 
       The path is defined in the sub-IP layer in this document, unlike 
       an IP path in RFC 2026 [1].   One path may be regarded as being 
       equivalent to one IP link between two IP nodes, i.e., R1 and Rn.  
       The two IP nodes may have multiple paths for protection.  A 
       packet will travel on only one path between the nodes.  Packets 
       belonging to a microflow [9] will traverse one or more paths.  
       The path is unidirectional.  Example paths are the SONET/SDH 
       path and the label switched path for MPLS. 
            
    Measurement units: 
       n/a 
      
    Issues: 
       "A bidirectional path", which transmits traffic in both 
       directions along the same nodes, consists of two unidirectional 
       paths.  Therefore, the two unidirectional paths belonging to 
       "one bidirectional path" will be treated independently when 
       benchmarking for "a bidirectional path". 
      
    See Also: 
       Working Path
       Primary Path
       Backup Path



Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 7] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
         
    3.1.2. Working Path 

    Definition: 
       The path that the DUT/SUT is currently using to forward 
       packets. 
      
    Discussion: 
       A Primary Path is the Working Path before occurrence of a  
       Failover Event.  A Backup Path becomes the Working Path after 
       a Failover Event. 
      
    Measurement units: 
       n/a 
      
    Issues: 
      
    See Also: 
       Path 
       Primary Path  
       Backup Path 

   3.1.3.  Primary Path 

       Definition: 
       The preferred path for forwarding traffic between two or 
       more nodes. 
      
       Discussion:         
       The Primary Path is the Path that traffic traverses 
       prior to a Failover Event.

       Measurement units: 
          n/a 
      
        Issues: 
          None

        See Also: 
          Path 
          Failover Event

    3.1.4.  Protected Primary Path 

       Definition: 
       A Primary Path that is protected with a Backup Path.         
      
       Discussion: 
       A Protected Primary Path MUST include at least one Protection 
       Switching Node.


Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 8] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
       
       Measurement units: 
          n/a 
       
       Issues: None
      
       See Also: 
          Path 
          Primary Path 


    3.1.5.  Backup Path 

       Definition: 
       A path that exists to carry data traffic only if a Failover  
       Event occurs on a Primary Path. 
      
       Discussion: 
       The Backup Path SHALL be the Working Path upon a Failover Event.  
       A Path MAY have one or more Backup Paths.  A Backup Path MAY 
       protect one or more Primary Paths.  There are various types of 
       Backup Paths: 

          a. dedicated recovery Backup Path (1+1), which has 100% 
          redundancy for a specific ordinary path, 

          b. shared Backup Path (1:N), which is dedicated to the 
          protection for more than one specific Primary Path 

          c. associated shared Backup Path (M:N) for which a specific 
          set of Backup Paths protects a specific set of more than one 
          Primary Path. 
 
       A Backup Path may be signaled or unsignaled.  The Backup Path 
       MUST be created prior to the Failover Event.  A new Path 
       computed after the Failover Event is simply Convergence [7] 
       to a new Primary Path.   
      
       Measurement units: 
          n/a 
      
       Issues: 
      
       See Also: 
          Path 
          Working Path 
          Primary Path 





Poretsky, Papneja, Karthik, Vapiwala    Expires August 2008   [Page 9] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

     3.1.6.  Standby Backup Path   

        Definition: 
        A Backup Path that is established prior to a Failover Event 
        to protect a Primary Path.   

        Discussion: 
        The Standby Backup Path and Dynamic Backup Path provide 
        protection, but are established at different times.
 
        Measurement units: n/a 
       
        Issues: None
      
        See Also: 
           Backup Path 
           Primary Path 
           Failover Event 
      
     3.1.7. Dynamic Backup Path   

        Definition: 
        A Backup Path that is established upon occurrence of a  
        Failover Event.   
             
        Discussion: 
        The Standby Backup Path and Dynamic Backup Path provide 
        protection, but are established at different times.
      
        Measurement units: n/a 
       
        Issues: None
      
        See Also: 
            Backup Path 
            Standby Backup Path 
            Failover Event 
         
     3.1.8. Disjoint Paths 

        Definition:  
        A pair of paths is considered disjoint if they do not 
        share a common link.  
          
        Discussions: 
        Paths that protect a segment of a path may merge beyond the 
        segment being protected and are considered disjoint if they 
        do not use a link from the set of links in the protected 
        segment. A path is node disjoint if it does not share a 
        common node other than the ingress and egress.  

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 10] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

        Measurement units: n/a 
       
        Issues: None
      
        See Also: 
           Path 
           Primary Path 
           SRLG 

     3.1.9. Point of Local Repair (PLR) 
         Definition: 
         A node along the Primary Path that uses a Backup Path to 
         protect another node or link.

         Discussion: 
         Based on the functionality of the PLR, its role is defined 
         based on the type of method used.  If the one-to-one backup 
         method is used, the PLR is responsible for computing a 
         separate Backup Path for each Primary Path.  In the case 
         the facility backup method is used, the PLR creates a 
         single Backup Path that can be used to protect multiple 
         Primary Paths.  Any node from the ingress node to the 
         penultimate egress node MAY be a PLR.  If the PLR is at 
         the ingress, the Backup Path is a Disjoint Path from the 
         ingress to egress.

         Measurement units: n/a 
      
         Issues: None
      
         See Also: 
             Primary Path 
             Backup Path 
             Failover 

     3.1.10. Shared Risk Link Group (SRLG) 
         Definition:  
          SRLG is a set of links which share a physical resource. 
         
         Discussion: 
          SRLG is considered the set of links to be avoided when 
          the primary and secondary paths are considered disjoint.   
          The SRLG will fail as a group if the shared resource fails.

         Measurement units: n/a 
       
         Issues: None
      
         See Also: 
             Path 
             Primary Path       

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 11] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

   3.2. Protection        
     3.2.1. Link Protection   
         Definition: 
           A Backup Path that is signaled to at least one Backup Node 
           to protect for failure of interfaces and links along a 
           Primary Path.

         Discussion: 
           Link Protection may or may not protect the entire Primary 
           Path.  Link protection is shown in Figure 1.        
      
         Measurement units: n/a 
      
         Issues: None
      
         See Also: 
             Primary Path    
             Backup Path 
      
     3.2.2. Node Protection
         Definition: 
           A Backup Path that is signaled to at least one Backup Node
           to protect for failure of interfaces, links, and nodes 
           along a Primary Path.

         Discussion: 
           Node Protection may or may not protect the entire Primary 
           Path.  Node Protection also provides Link Protection. 
           Node Protection is shown in Figure 2.
   
         Measurement units: n/a 
      
         Issues: None
      
         See Also: 
             Link Protection 

     3.2.3. Path Protection   
        Definition: 
        A Backup Path that is signaled to at least one Backup Node
        to provide protection along the entire Primary Path. 
      
        Discussion: 
        Path Protection provides Node Protection and Link Protection 
        for every node and link along the Primary Path.  A Backup 
        Path providing Path Protection MUST have the same ingress 
        node as the Primary Path.  Path Protection is shown in 
        Figure 3.
      
        Measurement units: n/a 

        Issues: None
Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 12] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance             

        See Also: 
             Primary Path  
             Backup Path 
             Node Protection 
             Link protection 

     3.2.4. Backup Span 

        Definition: 
        The number of hops used by a Backup Path.
      
        Discussion: 
        The Backup Span is an integer obtained by counting the 
        number of nodes along the Backup path

        Measurement units: 
             number of nodes 
      
        Issues: 
             None
      
        See Also: 
             Primary Path 
             Backup Path 

     3.2.5. Local Link Protection

        Definition: 
        A Backup Path that is a redundant path between two nodes
        which does not use a Backup Node.

        Discussion: 
        Local Link Protection MUST be provided as a Backup Path
        between two nodes along the Primary Path without the use
        of a Backup Node.  Local Link Protection is provided by
        Protection Switching Systems such as SONET APS.  Local
        Link Protection is shown in Figure 4.
      
        Measurement units: None
                   
        Issues: None
      
        See Also: 
        Backup path
        Headend




Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 13] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance             

     3.2.6. Redundant Node Protection

        Definition: 
        A Protection Switching System with a Primary Node 
        protected by a Standby Node along the Primary Path.
          
        Discussion: 
        Redundant Node Protection is provided by Protection
        Switching Systems such as VRRP and HA.  The protection
        mechanisms occur at Sub-IP layers to switch traffic from
        a Primary Node to Backup Node upon a Failover Event at
        the Primary Node.  Traffic continues to traverse the 
        Primary Path through the Standby Node.  The failover MAY 
        be stateful, in which the state information MAY be 
        exchanged in-band or over an out-of-band state control 
        interface.  The Standby Node MAY be active or passive.
        Redundant Node Protection is shown in Figure 5.
  
        Measurement units: None
                   
        Issues: None
      
        See Also: 
        Primary Path
        Primary Node
        Backup Node  

     3.2.7. State Control Interface

        Definition: 
        An out-of-band control interface used to exchange state
        information between the Primary Node and Standby Node.

        Discussion: 
        The State Control Interface MAY be used for Redundant Node
        Protection.  The State Control Interface MUST be out-of-band.
        It is possible to have Redundant Node Protection in which
        there is no state control or state control is provided 
        in-band.  The State Control Interface between the Primary
        and Standby Node MAY be one or more hops.  

        Measurement units: None
                   
        Issues: None
      
        See Also: 
        Primary Node
        Standby Node

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 14] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance             

     3.2.8. Protected Interface

        Definition: 
        An interface along the Primary Path that is protected by 
        a Backup Path.
     
        Discussion: 
        A Protected Interface is an interface protected by a 
        Protection Switching Systems that provides Link 
        Protection, Node Protection, Path Protection, Local 
        Link Protection, and Redundant Node Protection.
       
        Measurement units: None
                   
        Issues: None
      
        See Also: 
           Primary Path
           Backup Path

   3.3. Protection Switching 

     3.3.1.  Protection Switching System  

        Definition: 
          A DUT/SUT that is capable of Failure Detection and Failover 
          from a Primary Path to a Backup Path or Standby Node when a 
          Failover Event occurs. 
      
        Discussion: 
          The Protection Switching System MUST have a Primary Path 
          and a Backup Path.  The Backup Path MAY be a Standby 
          Backup Path or a dynamic Backup Path.  The Protection 
          Switching System includes the mechanisms for both Failure 
          Detection and Failover.   
      
        Measurement units: n/a
      
        Issues: None
      
        See Also: 
             Primary Path 
             Backup Path 
             Failover 

     3.3.2.  Failover Event 

       Definition: 
       The occurrence of a planned or unplanned action in the network  
       that results in a change in the Path that data traffic traverses. 

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 15] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance    
      
       Discussion: 
       Failover Events include, but are not limited to, link failure  
       and router failure.  Routing changes are considered Convergence  
       Events [7] and are not Failover Events.  This restricts  
       Failover Events to sub-IP layers. Failover may be at the PLR or 
       at the ingress. If the failover is at the ingress it is 
       generally on a disjoint path from the ingress to egress.  
            
       Failover Events may results from failures such as link failure 
       or router failure.  The change in path after Failover MAY have
       a Backup Span of one or more nodes.  Failover Events are 
       distinguished from routing changes and Convergence Events [7] 
       by the detection of the failure and subsequent protection 
       switching at a sub-IP layer.  Failover occurs at a Point of 
       Local Repair (PLR) or Primary Node. 

       Measurement units: 
          n/a 
      
       Issues: 
      
       See Also: 
          Path 
          Failure Detection 
          Disjoint Path 

     3.3.3.  Failure Detection  

       Definition: 
       The process to identify at a sub-IP layer a Failover Event 
       at a Primary Node or along the Primary Path.   
      
       Discussion: 
       Failure Detection occurs at the Primary Node or ingress node 
       of the Primary  Path.  Failure Detection occurs via a sub-IP 
       mechanism such as detection of a link down event or timeout for
       receipt of a control packet. A failure may be completely 
       isolated. A failure may affect a set of links which share a 
       single SRLG (e.g. port with many sub-interfaces). A failure may 
       affect multiple links that are not part of SRLG. 
      
       Measurement units: n/a 
      
       Issues: 
      
       See Also: 
         Primary Path 


Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 16] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

     3.3.4.  Failover 

        Definition: 
        The process to switch data traffic from the Protected Primary 
        Path to the Backup Path upon Failure Detection of a Failover 
        Event. 
         
        Discussion: 
        Failover to a Backup Path provides Link Protection, Node 
        Protection, or Path Protection.  Failover is complete when 
        Packet Loss [7], Out-of-order Packets [4], and Duplicate 
        Packets [4] are no longer observed.  Forwarding Delay [4]
        may continue to be observed.
         
        Measurement units: 
            n/a 
         
        Issues: 
         
        See Also: 
             Primary Path  
             Backup Path 
             Failover Event 
         
     3.3.5.  Restoration

        Definition: 
        The state of failover recovery in which the Primary Path 
        has recovered from a Failover Event, but is not yet 
        forwarding packets because the Backup Path remains the 
        Working Path. 
      
        Discussion: 
        Restoration MUST occur while the Backup Path is the  
        Working Path.  The Backup Path is maintained as the  
        Working Path during Restoration.  Restoration produces 
        a Primary Path that is recovered from failure, but is 
        not yet forwarding traffic.  Traffic is still being 
        forwarded by the Backup Path functioning as the Working 
        Path. 
      
        Measurement units: 
            n/a
      
        Issues:
      
        See Also: 
            Primary Path 
            Failover Event 
            Failure Recovery 
            Working Path 
            Backup Path 

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 17] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
      
     3.3.6.  Reversion 

        Definition: 
        The state of failover recovery in which the Primary Path has
        become the Working Path so that it is forwarding packets. 
      
        Discussion: 
        Protection Switching Systems may or may not support Reversion. 
        Reversion, if supported, MUST occur after Restoration.  
        Packet forwarding on the Primary Path resulting from Reversion
        may occur either fully or partially over the Primary Path.  A 
        potential problem with Reversion is the discontinuity in end to 
        end delay when the Forwarding Delays [4] along the Primary Path 
        and Backup Path are different, possibly causing Out of Order 
        Packets [4], Duplicate Packets [4], and increased Jitter [4].  
      
        Measurement units: n/a 
      
        Issues: None
      
        See Also: 
            Protection Switching System 
            Working Path 
            Primary Path 
         
   3.4. Nodes  

     3.4.1.  Protection-Switching Node 

         Definition: 
         A node that is capable of participating in a Protection 
         Switching System. 
      
         Discussion: 
         The Protection Switching Node MAY be an ingress or egress for 
         a Primary Path or Backup Path, such as used for MPLS Fast 
         Reroute configurations.  The Protection Switching Node MAY 
         provide Redundant Node Protection as a Primary Node in a 
         Redundant chassis configuration with a Standby Node, such as 
         used for VRRP and HA configurations.         
      
         Measurement units: 
             n/a 
      
         Issues: 
      
         See Also: 
             Protection Switching System  


Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 18] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
      
     3.4.2.  Non-Protection Switching Node 

         Definition: 
         A node that is not capable of participating in a Protection  
         Switching System, however it MAY exist along the Primary 
         Path or Backup Path. 
      
         Discussion: 
       
         Measurement units: 
             n/a 
      
         Issues: 
      
         See Also: 
             Protection Switching System 
             Primary Path 
             Backup Path 
           
     3.4.3.  Headend Node 
        Definition:  
        A node along the Primary Path that is capable of Failover.

        Discussion:           
        The Headend Node can be any node along the Primary Path 
        except the egress node of the Primary Path.  There can be  
        multiple Failover Nodes along a Primary Path.  The Failover  
        Node MUST be the ingress to the Backup Path.  The Failover  
        Node MAY also be the ingress of the Primary Path. The Headend 
        Failover Node is always a PLR.  
      
        Measurement units: n/a 
            
        Issues: 

        See Also: 
             Primary Path 
             Point of Local Repair
             Failover 

     3.4.4.  Backup Node
        Definition:  
        A node along the Backup Path. 
           
        Discussion:           
        The Backup Node can be any node along the Backup Path. 
        There MAY be one or more Backup Nodes along the Backup Path.
        A Backup Node MAY be the ingress, mid-point, or egress of
        the Backup Path.  If the Backup Path has only one Backup 
        Node, then that Backup Node is the ingress and egress of the 
        Backup Path.

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 19] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
      
        Measurement units: n/a 
            
        Issues: 

        See Also: 
             Backup Path 

       3.4.5.  Merge Node   
         Definition: 
             A Node along the primary path where backup path terminates. 
      
         Discussion: 
             The Merge Node can be any node along the Primary Path 
             except the ingress node of the Primary Path.  There can be  
             multiple Merge Nodes along a Primary Path.  A Merge Node  
             can be the egress node for a single or multiple Backup  
             Paths.  The Merge Node MUST be the egress to the Backup  
             Path.  The Merge Node MAY also be the egress of the  
             Primary Path or point of local repair (PLR). 
      
         Measurement units: 
             n/a 

         Issues: 

         See Also: 
             Primary Path 
             Backup Path 
             PLR 
             Failover 
            
     3.4.6. Primary Node

        Definition:  
        A node along the Primary Path that is capable of Failover to a 
        redundant Standby Node. 
           
        Discussion:          
        The Primary Node MAY be used for Protection Switching Systems 
        that provide Redundant Node Protection, such as VRRP and HA 

        Measurement units: n/a 
            
        Issues: 

        See Also: 
             Protection Switching System
             Redundant Node Protection
             Standby Node

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 20] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

     3.4.7.  Standby Node 

        Definition:  
        A redundant node to a Primary Node that forwards traffic along
        the Primary Path upon Failure Detection of the Primary Node.
           
        Discussion:          
        The Standby Node MUST be used for Protection Switching 
        Systems that provide Redundant Node Protection, such as VRRP 
        and HA.  The Standby Node MUST provide protection along the 
        same Primary Path.  If the failover is to a Disjoint Path then 
        it is a Backup Node.  The Standby Node MAY be configured 
        for 1:1 or N:1 protection.  

        The communication between the Primary Node and Standby Node 
        MAY be in-band or across an out-of-band State Control 
        interface.  The Standby Node MAY be geographically dispersed 
        from the Primary Node.  When geographically dispersed, the 
        number of hops of separation may increase failover time.

        The Standby Node MAY be passive or active.  The Passive Standby 
        Node is not offered traffic and does not forward traffic until 
        Failure Detection of the Primary Node.  Upon Failure Detection 
        of the Primary Node, traffic offered to the Primary Node is 
        instead offered to the Passive Standby Node.  The Active 
        Standby Node is offered traffic and forwards traffic along the 
        Primary Path while the Primary Node is also active.  Upon 
        Failure Detection of the Primary Node, traffic offered to the 
        Primary Node is switched to the Active Standby Node. 
 
        Measurement units: n/a 
            
        Issues: 

        See Also: 
             Primary Node
             State Control Interface
      
     3.5.  Benchmarks 
      3.5.1.  Failover Packet Loss  
        Definition: 
        The amount of packet loss produced by a Failover Event until 
        Failover completes, where the measurement begins when the last 
        unimpaired packet is received by the Tester on the Protected 
        Primary Path and ends when the first unimpaired packet is 
        received by the Tester on the Backup Path.

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 21] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
            
        Discussion: 
        Packet loss can be observed as a reduction of forwarded 
        traffic from the maximum forwarding rate.  Failover Packet 
        Loss includes packets that were lost, reordered, or delayed.  
        Failover Packet Loss MAY reach 100% of the offered load. 
      
        Measurement units: 
          Number of Packets 
      
        Issues:  None
      
        See Also: 
           Failover Event 
           Failover 

      3.5.2.   Reversion Packet Loss  

        Definition: 
        The amount of packet loss produced by Reversion, where the 
        measurement begins when the last unimpaired packet is received 
        by the Tester on the Backup Path and ends when the first 
        unimpaired packet is received by the Tester on the Protected 
        Primary Path .
      
        Discussion: 
        Packet loss can be observed as a reduction of forwarded 
        traffic from the maximum forwarding rate.  Reversion Packet 
        Loss includes packets that were lost, reordered, or delayed.  
        Reversion Packet Loss MAY reach 100% of the offered load. 
      
         Measurement units: Number of Packets 
      
         Issues:  None
      
         See Also: 
           Reversion 
 
      3.5.3. Failover Time 

        Definition: 
         The amount of time it takes for Failover to successfully
         complete.   

        Discussion: 
        Failover Time can be calculated using the Time-Based Loss 
        Method (TBLM), Packet-Loss Based Method (PLBM), or 
        Timestamp-Based Method (TBM).  It is RECOMMENDED that the 
        TBM is used.  

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 22] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

        Measurement units: 
           milliseconds 
      
        Issues: None
      
        See Also: 
           Failover 
           Failover Time
           Time-Based Loss Method (TBLM)
           Packet-Loss Based Method (PLBM)
           Timestamp-Based Method (TBM) 
     
      3.5.4.  Reversion Time 

        Definition: 
        The amount of time it takes for Reversion to complete so  
        that the Primary Path is restored as the Working Path.   
      
        Discussion: 
        Reversion Time can be calculated using the Time-Based Loss 
        Method (TBLM), Packet-Loss Based Method (PLBM), or 
        Timestamp-Based Method (TBM).  It is RECOMMENDED that the 
        TBM is used.
 
        Measurement units: 
           milliseconds 
      
        Issues: None
      
        See Also: 
           Reversion 
           Primary Path     
           Working Path 
           Reversion Packet Loss 
           Time-Based Loss Method (TBLM)
           Packet-Loss Based Method (PLBM)
           Timestamp-Based Method (TBM)

      3.5.5.  Additive Backup Delay 

        Definition: 
        The amount of increased Forwarding Delay [4] resulting 
        from data traffic traversing the Backup Path instead of 
        the Primary Path.  
      
        Discussion: 
        Additive Backup Delay is calculated using Equation 1 as  
        shown below: 
      
        (Equation 1) 
        Additive Backup Delay = 
                  Forwarding Delay(Backup Path) - 
                  Forwarding Delay(Primary Path). 
      
Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 23] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

        Measurement units: 
           milliseconds 

        Issues: 
        Additive Backup Latency MAY be a negative result.  
        This is theoretically possible, but could be indicative 
        of a sub-optimum network configuration . 

        See Also: 
           Primary Path 
           Backup Path  
           Primary Path Latency 
           Backup Path Latency 

     3.6 Failover Time Calculation Methods
 
     3.6.1 Time-Based Loss Method (TBLM)
 
      Definition: 
      The method to calculate Failover Time (or Reversion Time) using a 
      time scale on the Tester to measure the interval of Failover 
      Packet Loss.
 
      Discussion: 
      The Tester MUST provide statistics which show the duration of 
      failure on a time scale to granularity of milliseconds based on 
      occurrence of packet loss on a time scale.  This is indicated by 
      the duration of non-zero packet loss.  The TBLM includes failure 
      detection time and time for data traffic to begin traversing the 
      Backup Path.  Failover Time and Reversion Time are calculated 
      using the TBLM as shown in Equation 2:

      (Equation 2)
          (Equation 2a)
          TBLM Failover Time = Time(Failover) - Time(Failover Event)

          (Equation 2b)
          TBLM Reversion Time = Time(Reversion) - Time(Restoration)
      
      Measurement units: 
         milliseconds
      
      Issues: 
         None
      
      See Also: 
         Failover 
         Packet-Loss Based Method

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 24] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
      
     3.6.2 Packet-Loss Based Method (PLBM)
 
      Definition: 
      The method used to calculate Failover Time (or Reversion Time)
      from the amount of Failover Packet Loss.

      Discussion: 
      PLBM includes failure detection time and time for data traffic to 
      begin traversing the Backup Path.  Failover Time can be 
      calculated using PLBM from the amount Failover Packet Loss as 
      shown below in Equation 3:   

      (Equation 3)
           (Equation 3a) 
           PLBM Failover Time = 
              Number of packets lost / 
                       (Offered Load rate * 1000) 

           (Equation 3b) 
           PLBM Restoration Time = 
              Number of packets lost / 
                       (Offered Load rate * 1000) 

           Units are packets/(packets/second) = seconds
            
      Measurement units: 
         milliseconds
             
      Issues: 
         None
      
      See Also: 
         Failover 
         Time-Based Loss Method

     3.6.3 Timestamp-Based Method (TBM)

      Definition:
      The method to calculate Failover Time (or Reversion Time)
      using a time scale to quantify the interval between
      unimpaired packets arriving in the test stream.

      Discussion:
      The purpose of this method is to quantify the duration of
      failure or reversion on a time scale with granularity of
      milliseconds based on the observation of unimpaired packets, 
      using Equation 2 with the difference being that the time
      values are obtained from the timestamp in the packet payload
      rather than from the Tester.

      Unimpaired packets are normal packets that are not lost, 
      reordered, or duplicated.  A reordered packet is defined in 

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 25] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

      [10, section 3.3].  A duplicate packet is defined in 
      [4, section 3.3.3].  A lost packet is defined in 
      [7, Section 3.5].  Unimpaired packets may be detected by checking 
      a sequence number in the payload, where the sequence number equals 
      the next expected number for an unimpaired packet.  A sequence gap
      or sequence reversal indicates impaired packets. 

      For calculating Failover Time, the TBM includes failure 
      detection time and time for data traffic to begin traversing the 
      Backup Path.  For calculating Reversion Time, the TBM includes 
      Reversion Time and time for data traffic to begin traversing the 
      Primary Path.

      Measurement units: 
         milliseconds
      
      Issues: None
      
      See Also: 
         Failover 
         Failover Time
         Reversion
         Reversion Time

4. Acknowledgements  
     We would like thank the BMWG and particularly Al Morton and Curtis 
     Villamizar for their reviews, comments, and contributions to this
     work.   

5. IANA Considerations 
     This document requires no IANA considerations. 

6. Security Considerations 
     This document only addresses terminology for the performance 
     benchmarking of protection systems, and the information contained 
     in this document has no effect on the security of the Internet. 

7. References
7.1. Normative References 
     [1] Bradner, S., "The Internet Standards Process -- Revision 3", 
         RFC 2026, October 1996. 
      
     [2] Bradner, S., Editor, "Benchmarking Terminology for 
         Network Interconnection Devices", RFC 1242, July 1991. 
      
     [3] Mandeville, R., "Benchmarking Terminology for LAN 
         Switching Devices", RFC 2285, February 1998. 
      
     [4] Poretsky, S., et al., "Terminology for Benchmarking 
         Network-layer Traffic Control Mechanisms", RFC 4689, 
         November 2006. 

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 26] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  
      
     [5] Bradner, S., "Key words for use in RFCs to Indicate 
         Requirement Levels", RFC 2119, July 1997. 

     [6] Paxson, V., et al., "Framework for IP Performance Metrics", 
         RFC 2330, May 1998.  
      
     [7] Poretsky, S., Imhoff, B., "Benchmarking Terminology for IGP          
         Convergence", draft-ietf-bmwg-igp-dataplane-conv-term-15, 
         work in progress, February 2008. 
        
     [8] Pan., P. et al, "Fast Reroute Extensions to RSVP-TE for LSP       
         Paths", RFC 4090, May 2005. 
 
     [9] Nichols, K., et al, "Definition of the Differentiated 
         Services Field (DS Field) in the IPv4 and IPv6 Headers",
         RFC 2474, December 1998.

     [10] Morton, A., et al, "Packet Reordering Metrics", RFC 4737,
          November 2006.

7.2. Informative References 
     None  

8.  Author's Address 

   Scott Poretsky  
   NextPoint Networks
   3 Federal Street
   Billerica, MA 01821
   USA        
   Phone: + 1 508 439 9008
   EMail: sporetsky@nextpointnetworks.com
      
   Rajiv Papneja 
   Isocore 
   12359 Sunrise Valley Drive 
   Reston, VA 22102 
   USA 
   Phone: 1 703 860 9273 
   Email: rpapneja@isocore.com 
      
   Jay Karthik
   Cisco Systems
   300 Beaver Brook Road
   Boxborough, MA 01719
   USA
   Phone: +1 978 936 0533
   Email: jkarthik@cisco.com

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008   [Page 27] 
  
Internet-Draft         Benchmarking Terminology for      February 2008 
                          Protection Performance  

   Samir Vapiwala 
   Cisco System 
   300 Beaver Brook Road 
   Boxborough, MA 01719 
   USA 
   Phone: +1 978 936 1484 
   Email: svapiwal@cisco.com
     

Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided
   on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 
   IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
   WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
   WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
   ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
   FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement
   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Poretsky, Papneja, Karthik, Vapiwala   Expires August 2008  [Page 28]