idnits 2.17.1 draft-chen-bier-egress-protect-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (25 October 2021) is 914 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 134 -- Looks like a reference, but probably isn't: '65535' on line 134 == Unused Reference: 'RFC5226' is defined on line 1134, but no explicit reference was found in the text == Unused Reference: 'RFC5250' is defined on line 1139, but no explicit reference was found in the text == Unused Reference: 'RFC5714' is defined on line 1148, but no explicit reference was found in the text == Unused Reference: 'RFC5880' is defined on line 1152, but no explicit reference was found in the text == Unused Reference: 'RFC7684' is defined on line 1166, but no explicit reference was found in the text == Unused Reference: 'RFC7770' is defined on line 1171, but no explicit reference was found in the text == Unused Reference: 'RFC8556' is defined on line 1186, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-spring-segment-protection-sr-te-paths' is defined on line 1201, but no explicit reference was found in the text == Unused Reference: 'RFC8296' is defined on line 1214, but no explicit reference was found in the text == Unused Reference: 'RFC8401' is defined on line 1220, but no explicit reference was found in the text == Unused Reference: 'RFC8444' is defined on line 1225, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 5714 == Outdated reference: A later version (-13) exists of draft-ietf-rtgwg-segment-routing-ti-lfa-07 == Outdated reference: A later version (-06) exists of draft-ietf-spring-segment-protection-sr-te-paths-01 Summary: 2 errors (**), 0 flaws (~~), 14 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Chen 3 Internet-Draft M. McBride 4 Intended status: Standards Track Futurewei 5 Expires: 28 April 2022 A. Wang 6 China Telecom 7 G. Mishra 8 Verizon Inc. 9 Y. Liu 10 China Mobile 11 M. Menth 12 University of Tuebingen 13 B. Khasanov 14 Yandex LLC 15 X. Geng 16 Huawei 17 Y. Fan 18 Casa Systems 19 L. Liu 20 Fujitsu 21 X. Liu 22 Volta Networks 23 25 October 2021 25 BIER Egress Protection 26 draft-chen-bier-egress-protect-03 28 Abstract 30 This document describes a mechanism for fast protection against the 31 failure of an egress node of a "Bit Index Explicit Replication" 32 (BIER) domain. It is called BIER egress protection. It does not 33 require any per-flow state in the core of the domain. With BIER 34 egress protection the failure of a primary BFER (Bit Forwarding 35 Egress Router) is protected with a backup BFER such that traffic 36 destined to the primary BFER in the BIER domain is fast rerouted by a 37 neighbor BFR to the backup BFER on the BIER layer. The mechanism is 38 applicable if all BIER traffic sent to the primary BFER can reach its 39 destination also via the backup BFER. It is complementary to BIER- 40 FRR which cannot protect against the failure of a BFER. 42 Requirements Language 44 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 45 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 46 document are to be interpreted as described in [RFC2119] [RFC8174] 47 when, and only when, they appear in all capitals, as shown here. 49 Status of This Memo 51 This Internet-Draft is submitted in full conformance with the 52 provisions of BCP 78 and BCP 79. 54 Internet-Drafts are working documents of the Internet Engineering 55 Task Force (IETF). Note that other groups may also distribute 56 working documents as Internet-Drafts. The list of current Internet- 57 Drafts is at https://datatracker.ietf.org/drafts/current/. 59 Internet-Drafts are draft documents valid for a maximum of six months 60 and may be updated, replaced, or obsoleted by other documents at any 61 time. It is inappropriate to use Internet-Drafts as reference 62 material or to cite them other than as "work in progress." 64 This Internet-Draft will expire on 28 April 2022. 66 Copyright Notice 68 Copyright (c) 2021 IETF Trust and the persons identified as the 69 document authors. All rights reserved. 71 This document is subject to BCP 78 and the IETF Trust's Legal 72 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 73 license-info) in effect on the date of publication of this document. 74 Please review these documents carefully, as they describe your rights 75 and restrictions with respect to this document. Code Components 76 extracted from this document must include Simplified BSD License text 77 as described in Section 4.e of the Trust Legal Provisions and are 78 provided without warranty as described in the Simplified BSD License. 80 Table of Contents 82 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 83 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 84 2. Overview of BIER Egress Protection . . . . . . . . . . . . . 4 85 3. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 7 86 3.1. Extensions to OSPF . . . . . . . . . . . . . . . . . . . 7 87 3.2. Extensions to IS-IS . . . . . . . . . . . . . . . . . . . 8 88 4. Extensions to BIFT . . . . . . . . . . . . . . . . . . . . . 9 89 4.1. Integrated one BIFT . . . . . . . . . . . . . . . . . . . 9 90 4.1.1. EP-BIFT on BFR as PLR . . . . . . . . . . . . . . . . 9 91 4.1.2. EP-BIFT on Backup Egress . . . . . . . . . . . . . . 12 92 4.1.3. Updated Forwarding Procedure for Integrated BIFT . . 14 93 4.2. Multiple Backup BIFTs . . . . . . . . . . . . . . . . . . 15 94 4.2.1. Multiple Backup BIFTs on BFR as PLR . . . . . . . . . 16 95 4.2.2. Multiple Backup BIFTs on Backup Egress . . . . . . . 17 96 4.2.3. Updated Forwarding Procedure for Multiple BIFTs . . . 18 97 4.2.4. Switching between EP and Normal Forwarding . . . . . 19 98 5. Example Application of BIER Egress Protection . . . . . . . . 20 99 5.1. BIRT and BIFT on a BFR . . . . . . . . . . . . . . . . . 20 100 5.2. Backup BIRTs and Backup BIFTs on a BFR . . . . . . . . . 21 101 5.3. Forwarding using Backup BIFT . . . . . . . . . . . . . . 24 102 6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 103 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 104 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 25 105 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 106 9.1. Normative References . . . . . . . . . . . . . . . . . . 25 107 9.2. Informative References . . . . . . . . . . . . . . . . . 26 108 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 110 1. Introduction 112 [RFC8279] specifies "Bit Index Explicit Replication" (BIER). It 113 provides optimal forwarding of multicast data packets through a 114 "multicast/BIER domain". It does not require the use of a protocol 115 for explicitly building multicast distribution trees, and it does not 116 require intermediate nodes to maintain any per-flow state. 118 This document describes a mechanism for fast protection against the 119 failure of an egress node of a "Bit Index Explicit Replication" 120 (BIER) domain, which is called BIER Egress Protection. 122 This BIER Egress Protection does not require intermediate nodes to 123 maintain any per-flow state for fast protection against the failure 124 of an egress node of the flow. 126 1.1. Terminology 128 BFR: Bit-Forwarding Router. 130 BFIR: Bit-Forwarding Ingress Router. 132 BFER: Bit-Forwarding Egress Router. 134 BFR-id: BFR Identifier. It is a number in the range [1,65535]. 136 BFR-NBR: BFR Neighbor. 138 F-BM: Forwarding Bit Mask. 140 BFR-prefix: An IP address (either IPv4 or IPv6) of a BFR. 142 BIRT: Bit Index Routing Table. It is a table that maps from the 143 BFR-id (in a particular sub-domain) of a BFER to the BFR-prefix 144 of that BFER, and to the BFR-NBR on the path to that BFER. 146 BIFT: Bit Index Forwarding Table. 148 FRR: Fast Re-Route. 150 PLR: Point of Local Repair. 152 LFA: Loop-Free Alternate. 154 Basic LFA: It is the LFA defined in [RFC5286]. 156 RLFA: Remote LFA. It is the LFA defined in [RFC7490]. 158 TI-LFA: Topology Independent LFA. It is the LFA defined in 159 [I-D.ietf-rtgwg-segment-routing-ti-lfa]. 161 IGP: Interior Gateway Protocol. 163 LSDB: Link State DataBase. 165 SPF: Shortest Path First. 167 SPT: Shortest Path Tree. 169 OSPF: Open Shortest Path First. 171 IS-IS: Intermediate System to Intermediate System. 173 LSA: Link State Advertisement in OSPF. 175 LSP: Link State Protocol Data Unit (PDU) in IS-IS. 177 FIB: Forwarding Information Base or Forwarding Table. 179 2. Overview of BIER Egress Protection 181 This section introduces BIER egress protection and describes its 182 operation using the BIER topology in Figure 1 as an example. The 183 figure illustrates a BIER sub-domain with the 8 nodes/BFRs A, B, C, 184 D, E, F, G and H. Each link connecting these nodes/BFRs has a cost. 185 The cost of a link (for routing purposes) is indicated in the figure 186 unless it is 1 by default. Nodes/BFRs D, F, E, H and A are BFERs and 187 have BFR-ids 1, 2, 3, 4, and 5 respectively. For simplicity, these 188 BFR-ids are represented by (SI:BitString), where SI = 0 and BitString 189 is 5 bits long. BFR-ids 1, 2, 3, 4, and 5 are represented by 190 (0:00001), (0:00010), (0:00100), (0:01000) and (0:10000), 191 respectively. 193 (CE2) Receiver 194 \ 195 \ 4 (0:01000) 196 /--------( G )--------- ( H ) Backup Egress for D 197 2/ 2\______ / \ 198 / _____)____/ \ 199 / / (____ (CE1) Receiver 200 / / \ / 201 / / \ / 202 ( A )----------( B )-----------( C )----------( D ) Primary Egress 203 5 (0:10000) \ \ 1 (0:00001) 204 4\ \ 205 \ \ 206 ( E )-----------( F ) 207 3 (0:00100) 2 (0:00010) 209 Figure 1: Example BIER topology 211 CE1 and CE2 in neighboring networks are multicast traffic receivers. 212 CE1 is connected to both BFER D and BFER H. CE2 is connected to H 213 but it is not connected to D. 215 We explain BIER egress protection for primary BFER D using backup 216 BFER H. At first, BFER H is configured to protect BFER D. In 217 addition, whether primary egress D and backup egress H send their 218 BIER packets' payloads to the same receiver CE1 (i.e., after 219 decapsulating their BIER packets, whether they send the same 220 decapsulated packets to the same receiver CE1) is configured. And 221 then, this information is distributed to BFR D's neighbors (BFR C and 222 BFR G) and the domain by IGP. BFR C, BFR G, and BFER H know that H 223 is the backup egress to protect the primary egress D. Two different 224 backup strategies or methods, Bit Protection Switching and Proxy 225 Backup, are specified for two different configurations regarding to 226 whether D and H send their BIER packets' payloads to the same 227 receiver. 229 1. Bit Protection Switching: If a neighbor of D detects D's outage, 230 it performs the following operations on all the packets that 231 are destined to D. It clears the bit for destination D and 232 sets the bit for H. Afterwards, these packets are forwarded 233 towards H and eventually reach H which decapsulates them and 234 delivers their payloads to the same receiver CE as D does. 236 2. Proxy Backup: If a neighbor as PLR of D detects D's outage, it 237 reroutes a copy of the packet with D as a destination towards 238 H. When H as backup BFER detects its primary BFER D's outage, 239 H, acting as a proxy of D, decapsulates all the BIER packets 240 with destination D and forwards their payloads according to D's 241 forwarding behavior for the payloads. 243 Bit Protection Switching is well applicable to the case where primary 244 egress D and backup egress H send their BIER packets' payloads to the 245 same receiver CE1. In this case, after D decapsulates D's BIER 246 packet (i.e., the BIER packet with BFER D as a destination), D sends 247 the decapsulated packet (i.e., the payload of the BIER packet) to 248 receiver CE1 through its multicast layer. After H decapsulates H's 249 BIER packet (i.e., the BIER packet with BFER H as a destination), H 250 sends the same decapsulated packet (i.e., the same payload as the one 251 in D's BIER packet) to the same receiver CE1 through its multicast 252 layer as D. 254 During normal operations, there is no multicast traffic to CE1 from 255 backup egress H, and CE1 receives the multicast traffic only from 256 primary egress D. There is no duplicated traffic to receiver CE1. 258 When primary egress D fails, the BIER packet with destination D is 259 updated through bit switch (i.e., the bit for D is cleared and bit 260 for H is set in the packet) by a PLR such as BFR C when the PLR 261 detects the failure of D. The updated packet with destination H is 262 sent to backup egress H. H decapsulates the packet and delivers the 263 packet's payload to its multicast layer, which sends the payload to 264 CE1. 266 Proxy Backup is applicable to the case where D and H send their BIER 267 packets' payloads to different receivers. In this case, after D 268 decapsulates D's BIER packet, D sends the decapsulated packet (i.e., 269 the payload of the BIER packet) to receiver CE1 through its multicast 270 layer. After H decapsulates H's BIER packet, H drops the same 271 decapsulated packet (i.e., the same payload as the one in D's BIER 272 packet) or sends it to different receiver CE2 through its multicast 273 layer. 275 During normal operations, primary egress D sends the payload of the 276 BIER packet with destination D to receiver CE1 and backup egress H 277 sends the payload of the BIER packet with destination H to receiver 278 CE2. H sends the BIER packet with destination D towards node D along 279 the shortest path to D. 281 When D fails, the BIER packet with destination D is sent to backup 282 egress H by a PLR such as BFR C when the PLR detects the failure of 283 D. H acting as a proxy of D MUST have a fast way to detect the 284 failure of D and obtain the forwarding behavior of D for the payload 285 of the BIER packet with destination D in advance. When H as the 286 proxy of D detects the failure of D, it sends the payload of the BIER 287 packet with destination D to receiver CE1 according to the forwarding 288 behavior of D for the payload. 290 Backup egress H may obtain the forwarding behavior of its primary 291 egress D for the payload of the BIER packet with the primary egress 292 as a destination from configurations or through some protocols such 293 as BGP or PCEP. How for a backup egress to obtain the forwarding 294 behavior of its primary egress is out scope of this document. 296 The fast egress protection mechanism in this document is different 297 from MoFRR in [RFC7431], where the same traffic is sent through two 298 separated paths/trees to both primary egress node D and backup egress 299 node H, to which the receiver CE1 is dual homed. It will use less 300 network resources such as link bandwidth than MoFRR in [RFC7431]. 302 3. Protocol Extensions 304 This section defines extensions to OSPF and IS-IS for advertising the 305 backup information (including the backup egress node for protecting a 306 primary egress node). 308 3.1. Extensions to OSPF 310 When a node P (as a primary egress node) has a backup egress node 311 configured to protect against its failure, node P advertises the 312 information about the backup egress node to its neighbors in its 313 router information opaque LSA of LS type 9 or 10. Using the LSA of 314 LS type 9, node P will advertise the information only to its 315 neighbors (which will not advertise the information further). Using 316 the LSA of LS type 10, node P will advertise the information to the 317 whole BIER network domain (i.e., P's neighbors will advertise the 318 information further until the information reaches every node in the 319 domain). The information is included in a backup egress node TLV. 320 The format of the TLV is shown in Figure 2. 322 After each of the neighbors receives the backup egress node TLV, it 323 knows that node P as a primary egress node will be protected by the 324 backup egress node in the TLV. Once detecting the failure of node P, 325 it sends the BIER packet with the bit for destination P towards node 326 P's backup egress node. 328 0 1 2 3 329 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 331 | Type (TBD1) | Length | 332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 333 | Reserved |S| BFR-id of backup egress node | 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 | Sub-TLVs (Optional) | 336 : : 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 339 Figure 2: OSPF Backup Egress TLV 341 Type: 2 octets, its value (TBD1) is to be assigned by IANA. 343 Length: 2 octets, its value is 4 plus the length of the Sub-TLVs 344 included. If no Sub-TLV is included, its value is 4. 346 Reserved: 15 bits, they MUST be set to zero when sending and be 347 ignored while receiving. 349 S flag: 1 bit. It is set to one to indicate that the primary egress 350 and backup egress send their BIER packets' payloads to the same 351 CE receiver ; it is set to zero to indicate that the primary 352 egress and backup egress send their BIER packets' payloads to 353 different CE receivers . 355 BFR-id of backup egress node: 2 octets, its value is the BFR-id of 356 the backup egress node configured to protect against the 357 failure of the primary egress node. 359 Sub-TLVs (Optional): No Sub-TLV is defined now. 361 3.2. Extensions to IS-IS 363 For supporting fast protection against the failure of a primary 364 egress node in a BIER domain, a new IS-IS TLV, called IS-IS backup 365 egress node TLV, is defined. It contains the BFR-id of a backup 366 egress node. 368 When a node P (as a primary egress node) has a backup egress node 369 configured to protect against its failure, node P advertises the 370 information about the backup egress node using a IS-IS backup egress 371 node TLV. 373 This TLV may be advertised in IS-IS Hello (IIH) PDUs, LSPs, or in 374 Circuit Scoped Link State PDUs (CS-LSP) [RFC7356]. Using CS-LSP or 375 IIH PDUs, node P will advertise the information only to its 376 neighbors. Using LSPs, node P will advertise the information to the 377 whole BIER network domain. The format of the TLV is shown in 378 Figure 3. 380 0 1 2 3 381 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 382 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 383 | Type (TBD2) | Length | Reserved |S| 384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 385 | BFR-id of backup egress node | Sub-TLVs (Optional) ~ 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 Figure 3: IS-IS Backup Egress TLV 390 Type: 1 octet, its value (TBD2) is to be assigned by IANA. 392 Length: 1 octet, its value is 4 plus the length of the Sub-TLVs 393 included. If no Sub-TLV is included, its value is 4. 395 The other fields are the same as those in Figure 2. 397 4. Extensions to BIFT 399 This section specifies the BIFT extended for egress protection (EP- 400 BIFT) on a BFR as a PLR and the BIFT extended on a backup egress 401 node. In one option, the EP-BIFT is implemented in an Integrated one 402 BIFT. In another, it is implemented in Multiple Backup BIFTs. 404 4.1. Integrated one BIFT 406 A BFR has an integrated BIFT for both normal operations and 407 protections against the failure of each of its neighbor BFERs. That 408 is that the normal BIFT on the BFR is extended to have a backup entry 409 (or say sub-entry) for each of its neighbor BFERs. 411 4.1.1. EP-BIFT on BFR as PLR 413 To protect a primary egress node (e.g., BFER D in Figure 1), a BFR as 414 the primary egress node's neighbor (e.g., BFR C in Figure 1) and a 415 PLR has a backup entry in its BIFT extended for egress protection 416 (EP-BIFT). The backup entry contains: Backup Entry Active (BEA), 417 Same CE receiver (SC), Backup Egress BFER (BE-BFER), Backup F-BM (BF- 418 BM) and Backup BFR-NBR (BBFR-NBR). 420 * BEA = 1 indicates that the Backup Entry for egress protection is 421 active. 423 * SC = 1 indicates that both primary egress node and backup egress 424 node send their BIER packets' payloads to the same receiver CE. 426 * BE-BFER is the BFR-id of the backup egress node for the primary 427 egress node. 429 * BBFR-NBR is the backup BFR-NBR to the backup egress node (e.g., H 430 in Figure 1). When SC = 1 (i.e., both primary egress node and 431 backup egress node send their BIER packets' payloads to the same 432 receiver CE), the BFR finds a basic, remote or topology 433 independent (TI) LFA to the backup egress node and sets BBFR-NBR 434 to the LFA. When SC = 0 (i.e., the primary egress node and its 435 backup egress node send their BIER packets' payloads to different 436 receiver CEs), the BFR obtains the value of BBFR-NBR in following 437 steps. At first, the BFR finds a basic, remote or TI LFA to the 438 backup egress node. And then the BFR checks if the LFA is the 439 backup egress node or the backup egress node is on the shortest 440 path from the LFA to the primary egress node without going through 441 the primary egress node. If so, the LFA is used as the BBFR-NBR; 442 otherwise (i.e., the LFA is not the backup egress node and the 443 backup egress node is not on the shortest path from the LFA to the 444 primary egress node without going through the primary egress 445 node), the BBFR-NBR is set to the backup egress node through a 446 tunnel to the backup egress node without going through the primary 447 egress node. This is to make sure that the BIER packet with the 448 primary egress node as a destination reaches the backup egress 449 node. 451 When primary egress node (e.g., BFER D in Figure 1) fails, the BFR as 452 a PLR sets BEA in the entry for primary egress node to one after the 453 BFR detects the failure. The BFR uses the backup entry with BEA = 1 454 to forward the BIER packet with primary egress node as a destination. 455 The BFR forwards the packet to BBFR-NBR. Before forwarding the 456 packet, the BFR checks whether SC equals to one in the entry. If SC 457 = 1, the BFR as a PLR replaces the primary egress node as a 458 destination with its backup egress node as a destination through 459 clearing the bit for primary egress node (e.g., D) as a destination 460 in the BIER packet and setting the bit for backup egress node (e.g., 461 H) as a destination in the packet. 463 For example, the integrated BIFT (or say EP-BIFT) on BFR C in 464 Figure 1 is shown in Figure 4. 466 +--------------+-------+-------+---+---+----------+-------+---------+ 467 | BFR-id | F-BM |BFR-NBR|BEA|SC | BE-BFER | BF-BM |BBFR-NBR | 468 |(SI:BitString)| | | | | | | | 469 +==============+=======+=======+===+===+==========+=======+=========+ 470 | 1 (0:00001) | 00001 | D | 0 | 1 | H(01000) | 01001 | H | 471 +--------------+-------+-------+---+---+----------+-------+---------+ 472 | 2 (0:00010) | 00110 | F | 0 | 0 | E(00100) | 00010 |E(TI-LFA)| 473 +--------------+-------+-------+---+---+----------+-------+---------+ 474 | 3 (0:00100) | 00110 | F | 0 | 0 | F(00010) | 00110 | F | 475 +--------------+-------+-------+---+---+----------+-------+---------+ 476 | 4 (0:01000) | 01000 | H | 0 | 1 | D(00001) | 01001 | D | 477 +--------------+-------+-------+---+---+----------+-------+---------+ 478 | 5 (0:10000) | 10000 | B | 0 | | 0 | NULL | NULL | 479 +--------------+-------+-------+---+---+----------+-------+---------+ 481 Figure 4: Integrated BIFT on BFR C 483 BFR C in Figure 1 has three neighbor BFERs D, F and H with BFR-ids 1, 484 2 and 4 respectively. The backup entry for BFER D with BFR-id = 1 is 485 the last five columns in the first row of Figure 4. 487 * BEA = 0 means that D is working well. 489 * SC = 1 means that the primary egress node D and backup egress node 490 H send their BIER packets' payloads to the same CE receiver. 492 * BE-BFER = H means that H is the backup egress node for primary 493 egress node D. 495 * BF-BM = 01001 is computed by ORing the bit of BFR-id with BFR-NBR 496 = H and the bit of BFR-id with BBFR-NBR = H. BFR-id = 1 is with 497 BBFR-NBR = H and BFR-id = 4 is with BFR-NBR = H. 499 * BBFR-NBR = H means that BFER H is the next hop on the shortest 500 path to H without going D. 502 The backup entry for BFER F with BFR-id = 2 is the last five columns 503 in the second row of Figure 4. 505 * BEA = 0 means that F is working well. 507 * SC = 0 means that the primary egress node F and backup egress node 508 E send their BIER packets' payloads to different CE receivers. 510 * BE-BFER = E means that E is the backup egress node for primary 511 egress node F. 513 * BF-BM = 00010 is computed by ORing the bit of BFR-id with BFR-NBR 514 = E and the bit of BFR-id with BBFR-NBR = E. Since there is no 515 BFR-id with BFR-NBR = E, BF-BM = 00010. 517 * BBFR-NBR = E (TI-LFA) means that B and E in Figure 1 are not on 518 the shortest path to E without going F and TI-LFA tunnel is used 519 to send primary egress node F's BIER packet to backup egress node 520 E when F fails and BEA is set to one. 522 The backup entry for BFER H is similar to the one for BFER D. The 523 backup entry for BFER E is similar to the one for BFER F. 525 4.1.2. EP-BIFT on Backup Egress 527 If a primary egress node (e.g., D in Figure 1) and its backup egress 528 node (e.g., H in Figure 1) send their BIER packets' payloads to the 529 same receiver CE (e.g., CE1 in Figure 1), then the forwarding entry 530 for the primary egress node in the BIFT on the backup egress node 531 keeps the same as normal. 533 For example, the integrated BIFT on backup egress node H in Figure 1 534 with SC = 1 is the same as H's normal BIFT, which is illustrated in 535 Figure 5. 537 +--------------+-------+-------+ 538 | BFR-id | F-BM |BFR-NBR| 539 |(SI:BitString)| | | 540 +==============+=======+=======+ 541 | 1 (0:00001) | 10111 | C | 542 +--------------+-------+-------+ 543 | 2 (0:00010) | 10111 | C | 544 +--------------+-------+-------+ 545 | 3 (0:00100) | 10111 | C | 546 +--------------+-------+-------+ 547 | 4 (0:01000) | 01000 | H | 548 +--------------+-------+-------+ 549 | 5 (0:10000) | 10111 | C | 550 +--------------+-------+-------+ 552 Figure 5: Integrated BIFT on Backup Egress H with SC = 1 554 If the primary egress node and the backup egress node send their BIER 555 packets' payloads to different receiver CEs, for example, D as a 556 primary egress node sends its BIER packet's payload to CE1, H as the 557 backup egress node for D sends its BIER packet's payload to CE2, then 558 the forwarding entry for the primary egress node on the backup egress 559 node is extended to contain a backup entry for primary egress node. 560 The backup entry includes: 562 * Backup Entry Active (BEA), SC, BE-BFER, Backup F-BM (BF-BM). 563 These have the same meanings as those in Section 4.1.1. 565 * Backup BFR-NBR or Pointer to FIB for Primary Egress (BBFR-NBR/ 566 P-FIB) is a pointer to the FIB for the primary egress node. Using 567 this FIB, the backup egress node will forward the payload of the 568 BIER packet with the primary egress node as a destination to the 569 same CE receiver as the primary egress node. 571 BEA is set to one when the backup egress node detects the failure of 572 the primary egress node. After detecting the failure and receiving 573 the BIER packet with the bit for the primary egress node as a 574 destination set to one, the backup egress node forwards the packet's 575 payload to the primary egress node's CE receiver using the backup 576 forwarding entry with BEA = 1. 578 For example, the integrated BIFT on backup egress node H in Figure 1 579 with SC = 0 is illustrated in Figure 6. 581 +--------------+-------+-------+---+---+----------+-------+---------+ 582 | BFR-id | F-BM |BFR-NBR|BEA|SC | BE-BFER | BF-BM |BBFR-NBR | 583 |(SI:BitString)| | | | | | |/P-FIB | 584 +==============+=======+=======+===+===+==========+=======+=========+ 585 | 1 (0:00001) | 10111 | C | 0 | 0 | H(01000) | 00001 |P-FIB-4D | 586 +--------------+-------+-------+---+---+----------+-------+---------+ 587 | 2 (0:00010) | 10111 | C | 0 | 0 | | | NULL | 588 +--------------+-------+-------+---+---+----------+-------+---------+ 589 | 3 (0:00100) | 10111 | C | 0 | 0 | | | NULL | 590 +--------------+-------+-------+---+---+----------+-------+---------+ 591 | 4 (0:01000) | 01000 | H | 0 | 0 | | | NULL | 592 +--------------+-------+-------+---+---+----------+-------+---------+ 593 | 5 (0:10000) | 10111 | C | 0 | | | | NULL | 594 +--------------+-------+-------+---+---+----------+-------+---------+ 596 Figure 6: Integrated BIFT on Backup Egress H with SC = 0 598 In Figure 6, the backup entry for primary egress node D with BFR-id = 599 1 is the last five columns in the first row. 601 * BEA = 0 means that D is working well. 603 * SC = 0 means that the primary egress node D and backup egress node 604 H send their BIER packets' payloads to different CE receivers. 606 * BE-BFER = H means that H is the backup egress node for primary 607 egress node D. 609 * BF-BM = 00001 is computed by ORing the bit of BFR-id with BFR-NBR 610 = P-FIB-4D and the bit of BFR-id with BBFR-NBR = P-FIB-4D. Since 611 there is no BFR-id with BFR-NBR = P-FIB-4D, BF-BM = 00001. 613 * BBFR-NBR/P-FIB = P-FIB-4D is the pointer to the FIB for the 614 primary egress node D. When D fails and BEA is set to one, backup 615 egress node H for D acts as a proxy of D and sends D's BIER 616 packet's payload to CE receiver CE1 using the FIB for D. Backup 617 egress node H for D decapsulates the BIER packet with D as a 618 destination and forwards the payload using the FIB for D after it 619 detects the failure of D. 621 4.1.3. Updated Forwarding Procedure for Integrated BIFT 623 The forwarding procedure defined in [RFC8279] is updated/enhanced for 624 integrated BIFT to consider the egress protection. 626 For a multicast packet with the BitString indicating a BFER as one of 627 its destinations, the updated forwarding procedure on a BFR as a PLR 628 sends the packet towards the backup egress node of the BFER if the 629 BFER is protected. On the backup egress, the procedure sends the 630 packet's payload to the BFER's CE receiver. 632 It checks whether BEA = 1 in the forwarding entry for the BFER. If 633 BEA = 1, it determines whether the current node is backup egress 634 node. On backup egress node, the procedure sends the packet's 635 payload to the CE receiver. On the BFR as a PLR, the procedure sends 636 the packet copy to BBFR-NBR. Before sending the packet copy, the 637 procedure updates the packet copy by clearing the bit for primary 638 egress node and setting the bit for backup egress node when primary 639 egress node and backup egress node send their BIER packets' payload 640 to the same CE receiver. The bits for the other destinations which 641 are not through BBFR-NBR are cleared in the packet copy's BitString 642 by ANDing the BitString with BF-BM. The original packet's BitString 643 is updated to remove the bits for the destinations towards which the 644 packet copy is sent through BBFR-NBR by ANDing the BitString with the 645 INVERSE of BF-BM. 647 The updated forwarding procedure for integrated BFIT is described in 648 Figure 7. 650 Packet = the packet received by BFR; 651 FOR each BFER k (from the rightmost in Packet's BitString) { 652 IF BFER k is the BFR itself { 653 copies Packet, sends the copy to the multicast 654 flow overlay and clears bit k in Packet's BitString 655 } ELSE { 656 finds the row in the EP-BIFT for the sub-domain using 657 Packet's SI and BitString as the key/index 658 IF BEA == 1 { // Primary Egress fails 659 IF (BBFR-NBR/P-FIB is Pointer to FIB) {// on Backup Egress 660 Sends payload to CE using the FIB for primary egress; 661 } ELSE { 662 IF (SC == 1) {// on PLR and SC == 1 663 clears bit k in Packet's BitString;//BFER k is PE-BFER 664 sets bit j in Packet's BitString; //BFER j is BE-BFER 665 } // SC == 0, no updates to packet 666 Copies Packet, updates the copy's BitString by ANDing it 667 with BF-BM in the entry, sends updated copy to BBFR-NBR; 668 } 669 updates Packet's BitString by ANDing it with 670 the INVERSE of BF-BM; 671 } ELSE { 672 Copies Packet, updates the copy's BitString by ANDing 673 it with F-BM in the entry, sends updated copy to BFR-NBR; 674 updates Packet's BitString by ANDing it with the INVERSE 675 of the F-BM in the entry 676 } 677 } 678 } 680 Figure 7: Updated Forwarding Procedure for Integrated BIFT 682 4.2. Multiple Backup BIFTs 684 A BFR has a normal BIFT and multiple backup BIFTs for egress 685 protection. For each of the BFR's neighbor BFERs, the BFR has a 686 backup BIFT for the BFER, which considers the failure of the BFER. 687 In normal operations, the BFR uses its normal BIFT to forward all the 688 BIER packets. When the BFR detects the failure of the BFER, the BFR 689 uses the backup BIFT for the BFER to forward all the BIER packets. 691 4.2.1. Multiple Backup BIFTs on BFR as PLR 693 A BFR as a PLR has a backup BIFT for a BFER that has the same 694 structure as the normal BIFT except for a backup BFER (BE-BFER) for 695 the BFER and same CE receiver (SC) flag indicating whether the BE- 696 BFER and BFER send their BIER packets' payloads to the same CE 697 receiver. In the entry for the BFER in the backup BIFT, the value of 698 BFR-NBR is the backup BFR-NBR (BBFR-NBR), which is computed in the 699 same way as the BBFR-NBR is computed in Section 4.1.1. 701 For example, the backup BIFT for BFER D on BFR C in Figure 1 is shown 702 in Figure 8. The backup BIFT for D considers BFER D's failure. 704 +--------------+-------+-------+---+----------+ 705 | BFR-id | F-BM |BFR-NBR|SC | BE-BFER | 706 |(SI:BitString)| | | | | 707 +==============+=======+=======+===+==========+ 708 | 1 (0:00001) | 01001 | H | 1 | H(01000) | 709 +--------------+-------+-------+---+----------+ 710 | 2 (0:00010) | 00110 | F | | | 711 +--------------+-------+-------+---+----------+ 712 | 3 (0:00100) | 00110 | F | | | 713 +--------------+-------+-------+---+----------+ 714 | 4 (0:01000) | 01001 | H | | | 715 +--------------+-------+-------+---+----------+ 716 | 5 (0:10000) | 10000 | B | | | 717 +--------------+-------+-------+---+----------+ 719 Figure 8: BFR C's Backup BIFT for BFER D 721 In Figure 8, the entry for BFER D with BFR-id = 1 has its BFR-NBR 722 with value of the BBFR-NBR (which is H) and contains SC = 1 and BE- 723 BFER = H. BE-BFER = H means that BFER H is the backup egress node 724 for primary egress node D. SC = 1 means that primary egress node D 725 and backup egress node H send their BIER packets' payloads to the 726 same CE receiver. 728 For the entry with BFR-NBR = X, its F-BM has the bit of the BFR-id in 729 each entry with BFR-NBR = X. For example, the first entry with BFR- 730 NBR = H, its F-BM in the first entry has the bit of BFR-id = 1 and 731 BFR-id = 4 in the first entry and the fourth entry, which are with 732 BFR-NBR = H. 734 When BFR C detects the failure of BFER D, it uses the backup BIFT for 735 D to forwards all the BIER packets. For the packet with destination 736 D (i.e., BitString = 00001), BFR C sends the packet to BFR-NBR H 737 after clearing the bit for primary egress node D and setting the bit 738 for backup egress node H since SC = 1. The packet received by H 739 contains BitString = 01000 for destination H. After receiving the 740 packet, BFER H sends the packet's payload to the same CE receiver 741 CE1. 743 If SC = 0, BFR C sends the packet to BFR-NBR H without clearing the 744 bit for D or setting the bit for H. After receiving the packet with 745 destination D (i.e., BitString 00001) and detecting the failure of D, 746 BFER H as a proxy of D sends the packet's payload to primary egress 747 node D's CE receiver CE1. 749 4.2.2. Multiple Backup BIFTs on Backup Egress 751 When a primary egress node and its backup egress node send their BIER 752 packets' payloads to the same CE receiver, the backup BIFT for the 753 primary egress node on the backup egress node is the same as the 754 normal BIFT on the backup egress node. For example, the backup BIFT 755 for primary egress node on backup egress node H in Figure 1 with SC = 756 1 is the same as H's normal BIFT, which is illustrated in Figure 5. 758 When a primary egress node and its backup egress node send their BIER 759 packets' payloads to different CE receivers, the backup BIFT for the 760 primary egress node on the backup egress node considers the failure 761 of the primary egress node. The BFR-NBR/P-FIB in the entry for the 762 primary egress node is the pointer to the FIB for the primary egress 763 node which is used to forward the payload of the BIER packet with the 764 primary egress node as a destination. For example, the backup BIFT 765 for primary egress node D on backup egress node H in Figure 1 with SC 766 = 0 is illustrated in Figure 9. 768 +--------------+-------+---------+---+----------+ 769 | BFR-id | F-BM | BFR-NBR |SC | BE-BFER | 770 |(SI:BitString)| | /P-FIB | | | 771 +==============+=======+=========+===+==========+ 772 | 1 (0:00001) | 00001 |P-FIB-4D | 0 | H(01000) | 773 +--------------+-------+---------+---+----------+ 774 | 2 (0:00010) | 00110 | C | | | 775 +--------------+-------+---------+---+----------+ 776 | 3 (0:00100) | 00110 | C | | | 777 +--------------+-------+---------+---+----------+ 778 | 4 (0:01000) | 01001 | H | | | 779 +--------------+-------+---------+---+----------+ 780 | 5 (0:10000) | 10000 | C | | | 781 +--------------+-------+---------+---+----------+ 783 Figure 9: Backup Egress H's Backup BIFT for Egress D 785 In Figure 9, the entry for BFER D with BFR-id = 1 has its BFR-NBR/ 786 P-FIB = P-FIB-4D (the pointer to the FIB for primary egress node D) 787 and contains BE-BFER = H and SC = 0. BE-BFER = H means that BFER H 788 is the backup egress node for primary egress node D. SC = 0 means 789 that primary egress node D and backup egress node H send their BIER 790 packets' payloads to different CE receivers. Note that the last two 791 columns can be removed since they are not used for forwarding. 793 When backup egress node H detects the failure of primary egress node 794 D, node H uses the backup BIFT for egress D to forward all the BIER 795 packets. For the packet with destination D (i.e., BitString = 796 00001), node H as a proxy of D sends the packet's payload to the CE1 797 (D's CE receiver) using the FIB for BFER D, which contains the 798 forwarding behavior of primary egress node D for the payload of D's 799 BIER packet. 801 4.2.3. Updated Forwarding Procedure for Multiple BIFTs 803 The updated forwarding procedure for multiple BIFTs is illustrated in 804 Figure 10. This forwarding procedure is used with the normal BIFT on 805 a BFR in normal operations. It is used with a backup BIFT for a 806 primary egress node on a BFR as a PLR and on a backup egress node 807 when the primary egress node fails. 809 On the backup egress node (i.e., BFR-NBR/P-FIB is a pointer to the 810 FIB for the primary egress node), the procedure sends the payload of 811 the packet with primary egress node/BFER as a destination to the 812 BFER's CE receiver. 814 The forwarding procedure on a BFR as a PLR for each of multiple 815 backup BIFTs is the same as the one defined in [RFC8279] except for 816 sending the packet with primary egress node as a destination to the 817 backup egress node of primary egress node. Before sending the packet 818 to the backup egress node, the procedure updates the BitString in the 819 packet by clearing the bit for the primary egress node and setting 820 the bit for the backup egress node when SC = 1 (i.e., the primary 821 egress node and backup egress node send their BIER packets' payloads 822 to the same CE receiver). 824 Packet = the packet received by BFR; 825 FOR each BFER k (from the rightmost in Packet's BitString) { 826 IF BFER k is the BFR itself { 827 copies Packet, sends the copy to the multicast 828 flow overlay and clears bit k in Packet's BitString 829 } ELSE { 830 finds the row in the EP-BIFT for the sub-domain using 831 Packet's SI and BitString as the key/index 832 IF (BFR-NBR/P-FIB is Pointer to FIB) {// on Backup Egress 833 Sends payload using the FIB for the primary egress; 834 } ELSE { 835 IF (SC == 1) {// on PLR and SC == 1 836 clears bit k in Packet's BitString;//BFER k is PE-BFER 837 sets bit j in Packet's BitString; //BFER j is BE-BFER 838 } // SC == 0, no updates to packet 839 Copies Packet, updates the copy's BitString by ANDing 840 it with F-BM in the entry, sends updated copy to BFR-NBR; 841 } 842 updates Packet's BitString by ANDing it with the INVERSE 843 of the F-BM in the entry 844 } 845 } 847 Figure 10: Updated Forwarding Procedure for Multiple BIFTs 849 4.2.4. Switching between EP and Normal Forwarding 851 When multiple backup BIFTs are used, the multiple backup BIFTs are 852 pre-computed and installed ready for activation when an egress node 853 failure is detected. In normal operations, a BFR uses its normal 854 BIFT to forward BIER packets. Once the BFR detects the failure of 855 its BFR-NBR X as an egress, it activates (i.e., uses) the backup BIFT 856 for X to forward BIER packets and de-activates (i.e., does not use) 857 its normal BIFT. After activation of the backup BIFT, it remains in 858 effect until it is no longer required. 860 In general, when the routing protocol has re-converged on the new 861 topology taking into account the failure of X, the BIRT is re- 862 computed using the updated LSDB and the BIFT is re-derived from the 863 BIRT. Once the BIFT is installed ready for activation, it is 864 activated to forward packets with BIER headers and the backup BIFT 865 for X is de-activated. 867 From the new topology, the BFR computes/re-computes the backup BIRT 868 for each BFR-NBR Y as an egress and the backup BIFT for Y is derived/ 869 re-derived from the backup BIRT for Y. The backup BIFT is installed/ 870 re-installed ready for activation when Y fails. 872 5. Example Application of BIER Egress Protection 874 This section illustrates an example application of BIER Egress 875 Protection using multiple backup BIFTs on a BFR in a BIER topology in 876 Figure 1. 878 5.1. BIRT and BIFT on a BFR 880 Every BFR in a BIER sub-domain/topology builds and maintains a Bit 881 Index Routing Table (BIRT). For the BIER topology in Figure 1, each 882 of 8 nodes/BFRs A, B, C, D, E, F, G and H builds and maintains a BIRT 883 using the LSDB for the topology. 885 The BIRT built on BFR C (i.e., node C) is shown in Figure 11. 887 +----------------+--------------+------------+ 888 | BFR-id | BFR-Prefix | BFR-NBR | 889 | (SI:BitString) | of Dest BFER | (Next Hop) | 890 +================+==============+============+ 891 | 1 (0:00001) | D | D | 892 +----------------+--------------+------------+ 893 | 2 (0:00010) | F | F | 894 +----------------+--------------+------------+ 895 | 3 (0:00100) | E | F | 896 +----------------+--------------+------------+ 897 | 4 (0:01000) | H | H | 898 +----------------+--------------+------------+ 899 | 5 (0:10000) | A | B | 900 +----------------+--------------+------------+ 902 Figure 11: Bit Index Routing Table on BFR C 904 The 1st row in the BIRT indicates that the next hop BFR-NBR on the 905 shortest path to BFER D with BFR-id 1 is BFR D. 907 The 2nd row in the BIRT indicates that the next hop BFR-NBR on the 908 shortest path to BFER F with BFR-id 2 is BFR F. 910 The 3rd row in the BIRT indicates that the next hop BFR-NBR on the 911 shortest path to BFER E with BFR-id 3 is BFR F. 913 The 4-th row in the BIRT indicates that the next hop BFR-NBR on the 914 shortest path to BFER H with BFR-id 4 is BFR H. 916 The 5-th row in the BIRT indicates that the next hop BFR-NBR on the 917 shortest path to BFER A with BFR-id 5 is BFR B. 919 From this BIRT on BFR C, a Bit Index Forwarding Table (BIFT) is 920 derived. This BIFT is shown in Figure 12. 922 The 2nd and 3-th rows in the BIRT have the same SI = 0 and next hop 923 BFR-NBR = F. The F-BM for each of these two rows in the BIFT is the 924 logical OR of the BitStrings of these rows, which is 00110 (00010 OR 925 00100 = 00110). 927 The F-BM for 1st row in the BIFT is 00001. 929 The F-BM for 4-th row in the BIFT is 01000. 931 The F-BM for 5-th row in the BIFT is 10000. 933 +----------------+---------+------------+ 934 | BFR-id | F-BM | BFR-NBR | 935 | (SI:BitString) | | (Next Hop) | 936 +================+=========+============+ 937 | 1 (0:00001) | 00001 | D | 938 +----------------+---------+------------+ 939 | 2 (0:00010) | 00110 | F | 940 +----------------+---------+------------+ 941 | 3 (0:00100) | 00110 | F | 942 +----------------+---------+------------+ 943 | 4 (0:01000) | 01000 | H | 944 +----------------+---------+------------+ 945 | 5 (0:10000) | 10000 | B | 946 +----------------+---------+------------+ 948 Figure 12: Bit Index Forwarding Table on BFR C 950 5.2. Backup BIRTs and Backup BIFTs on a BFR 952 Each of the BFRs that are neighbors of egress nodes (i.e., BFERs) in 953 a BIER sub-domain/topology builds and maintains a number of Egress 954 Protection Bit Index Routing Tables (EP-BIRTs) or say backup BIRTs. 956 For the BIER topology in Figure 1, 958 BFR B is the neighbor of BFERs A and E; 959 BFR C is the neighbor of BFERs D, F and H; 960 BFR E is the neighbor of BFER F; 961 BFR F is the neighbor of BFER E; 962 BFR G is the neighbor of BFERs D and H. 964 Each of 5 nodes/BFRs B, C, E, F and G builds and maintains a number 965 of backup BIRTs using the LSDB for the topology for its every BFR-NBR 966 as an egress node. 968 For example, BFR C (i.e., node C) in the BIER topology builds and 969 maintains three backup BIRTs for its three BFR-NBRs (BFERs D, F and 970 H) that are egress nodes respectively. 972 The backup BIRT for BEFR D built by BFR C based on the BIRT on BFR C 973 (refer to Figure 11) is shown in Figure 13. 975 The BIRT is copied to the backup BIRT for BFER D (i.e., the first 976 three columns of the backup BIRT). The new backup information (i.e., 977 the 4-th column) for every row in the backup BIRT is initialized with 978 BE-BFER = 0/NULL. 980 +--------------+--------------+----------+-----------+ 981 | BFR-id | BFR-Prefix | BFR-NBR | BE-BFER | 982 |(SI:BitString)| of Dest BFER |(Next Hop)| | 983 +==============+==============+==========+===========+ 984 | 1 (0:00001) | D | H | H | 985 +--------------+--------------+----------+-----------+ 986 | 2 (0:00010) | F | F | 0 | 987 +--------------+--------------+----------+-----------+ 988 | 3 (0:00100) | E | F | 0 | 989 +--------------+--------------+----------+-----------+ 990 | 4 (0:01000) | H | H | 0 | 991 +--------------+--------------+----------+-----------+ 992 | 5 (0:10000) | A | B | 0 | 993 +--------------+--------------+----------+-----------+ 995 Figure 13: C's Backup BIRT for BFER D 997 In the backup BIRT for BFER D, the row that has Destination BFER == D 998 is the 1st row. This row has the new backup information BE-BFER = H, 999 which indicates that BFER D (i.e., primary egress node D) is 1000 protected by BFER H (i.e., backup egress node H). Each of the other 1001 rows has the new backup information BE-BFER = 0/NULL. 1003 The 1st row in the EP-BIRT indicates that the packet with destination 1004 D will be sent to D's backup egress node H when D fails. 1006 The 2nd row in the backup BIRT indicates that the next hop BFR-NBR on 1007 the path to BFER F with BFR-id 2 is BFR F. 1009 The 3rd row in the backup BIRT indicates that the next hop BFR-NBR on 1010 the path to BFER E with BFR-id 3 is BFR F. 1012 The 4-th row in the backup BIRT indicates that the next hop BFR-NBR 1013 on the path to BFER H with BFR-id 4 is BFR H. 1015 The 5-th row in the backup BIRT indicates that the next hop BFR-NBR 1016 on the path to BFER A with BFR-id 5 is BFR B. 1018 From this backup BIRT for BFER D on BFR C, an Egress Protection Bit 1019 Index Forwarding Table (EP-BIFT) or say backup BIFT for BFER D is 1020 derived. This backup BIFT for BFER D is shown in Figure 14. 1022 The first and 4-th rows in the backup BIRT have the same next hop 1023 BFR-NBR = H. The F-BM for each of these two rows in the backup BIFT 1024 is the logical OR of the BitStrings of these rows, which is 01001 1025 (00001 OR 01000 = 01001). 1027 The 2nd and 3rd rows in the backup BIRT have the same next hop BFR- 1028 NBR = E. The F-BM for each of these two rows in the backup BIFT is 1029 the logical OR of the BitStrings of these rows, which is 00110 (00010 1030 OR 00100 = 00110). 1032 +----------------+---------+------------+----+----------+ 1033 | BFR-id | F-BM | BFR-NBR | SC | BE-BFER | 1034 | (SI:BitString) | | (Next Hop) | | | 1035 +================+=========+============+====+==========+ 1036 | 1 (0:00001) | 01001 | H | 1 | H | 1037 +----------------+---------+------------+----+----------+ 1038 | 2 (0:00010) | 00110 | F | 0 | 0 | 1039 +----------------+---------+------------+----+----------+ 1040 | 3 (0:00100) | 00110 | F | 0 | 0 | 1041 +----------------+---------+------------+----+----------+ 1042 | 4 (0:01000) | 01001 | H | 0 | 0 | 1043 +----------------+---------+------------+----+----------+ 1044 | 5 (0:10000) | 10000 | B | 0 | 0 | 1045 +----------------+---------+------------+----+----------+ 1047 Figure 14: C's Backup BIFT for BFER D 1049 The F-BM for 5-th row in the backup BIFT is 10000. 1051 5.3. Forwarding using Backup BIFT 1053 Suppose that there is a multicast traffic from BFR A as ingress/BFIR 1054 to egresses/BFERs D, F and E. For every packet of the traffic, after 1055 receiving it, BFR A adds a BIER header into the packet and sends the 1056 packet with the BIER header to BFR B, which sends the packet BFR C. 1057 The BIER header contains (SI:BitString) = (0:00111) for egresses/ 1058 BFERs D, F and E. 1060 In normal operations, after receiving the packet from BFR B, BFR C 1061 copies, updates and sends the packet to BFR D and BFR F using the 1062 normal BIFT on BFR C according to the forwarding procedure defined in 1063 [RFC8279]. 1065 Once BFR C detects the failure of its BFR-NBR D, which is a BFER, 1066 after receiving the packet from BFR B, BFR C copies, updates and 1067 sends the packet using the backup BIFT for BFER D on BFR C according 1068 to the updated forwarding procedure. 1070 For the packet targeting to BFER D (i.e., primary egress node), BFR C 1071 sends it towards BFER H (i.e., backup egress node), which is 1072 configured to protect BFER D. 1074 For example, once BFR C detects the failure of its BFR-NBR D, after 1075 receiving the packet from BFR B, BFR C copies, updates and sends the 1076 packet to BFR H and BFR F using the backup BIFT for BFER D on BFR C. 1078 The packet received by BFR C from BFR B contains (SI:BitString) = 1079 (0:00111). The rightmost one bit in BitString is bit 1. For BFER 1 1080 (0:00001) (i.e., BFR D as BFER), BFR C gets the 1st row (i.e., 1081 forwarding entry) in the backup BIFT for BFER D. BE-BFER = H in the 1082 row indicates that BFER D is protected against the failure of D by 1083 backup BFER H. BFR C clears bit 1 in Packet's BitString and sets bit 1084 4 (i.e., the bit for BE-BFER = H) in Packet's BitString to one since 1085 SC = 1. The BitString in Packet is 01110 now. BFR C copies, updates 1086 the BitString by ANDing it with F-BM (which is 01001) and sends the 1087 packet copy with BitString = 01000 to BFR-NBR H in the entry. 1089 After sending the packet to H, BFR C updates the original packet by 1090 ANDing its BitString with the INVERSE of the F-BM in the first row. 1091 The updated BitString = 00110, which is 01110 & ~F-BM in the row = 1092 01110 & 10110 = 00110. 1094 For the packet containing BitString = 00110, the rightmost one bit in 1095 BitString is bit 2. For BFER 2 (0:00010) (i.e., BFR F as BFER), BFR 1096 C gets the 2nd row (i.e., forwarding entry) in the backup BIFT for 1097 BFER D. The next hop BFR-NBR is F in the row. BFR C copies, updates 1098 and sends the packet to F. 1100 The packet sent to F contains the updated BitString = 00110, which is 1101 00110 & F-BM in the 2nd row = 00110 & 00110 = 00110. 1103 After sending the packet to F, BFR C updates the original packet by 1104 ANDing its BitString with the INVERSE of the F-BM in the 2nd row. 1105 The updated BitString = 00000, which is 00110 & ~F-BM in the row = 1106 00110 & 11001 = 00000. 1108 The updated packet has BitString without any one bit. BFR C finishes 1109 forwarding the packet to F and H (backup for D). BFR F will sends 1110 the packet to E. 1112 6. Security Considerations 1114 TBD. 1116 7. IANA Considerations 1118 No requirements for IANA. 1120 8. Acknowledgements 1122 The authors would like to thank Jeffrey Zhang, Jingrong Xie for their 1123 comments to this work. 1125 9. References 1127 9.1. Normative References 1129 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1130 Requirement Levels", BCP 14, RFC 2119, 1131 DOI 10.17487/RFC2119, March 1997, 1132 . 1134 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1135 IANA Considerations Section in RFCs", RFC 5226, 1136 DOI 10.17487/RFC5226, May 2008, 1137 . 1139 [RFC5250] Berger, L., Bryskin, I., Zinin, A., and R. Coltun, "The 1140 OSPF Opaque LSA Option", RFC 5250, DOI 10.17487/RFC5250, 1141 July 2008, . 1143 [RFC5286] Atlas, A., Ed. and A. Zinin, Ed., "Basic Specification for 1144 IP Fast Reroute: Loop-Free Alternates", RFC 5286, 1145 DOI 10.17487/RFC5286, September 2008, 1146 . 1148 [RFC5714] Shand, M. and S. Bryant, "IP Fast Reroute Framework", 1149 RFC 5714, DOI 10.17487/RFC5714, January 2010, 1150 . 1152 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 1153 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 1154 . 1156 [RFC7356] Ginsberg, L., Previdi, S., and Y. Yang, "IS-IS Flooding 1157 Scope Link State PDUs (LSPs)", RFC 7356, 1158 DOI 10.17487/RFC7356, September 2014, 1159 . 1161 [RFC7490] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. 1162 So, "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", 1163 RFC 7490, DOI 10.17487/RFC7490, April 2015, 1164 . 1166 [RFC7684] Psenak, P., Gredler, H., Shakir, R., Henderickx, W., 1167 Tantsura, J., and A. Lindem, "OSPFv2 Prefix/Link Attribute 1168 Advertisement", RFC 7684, DOI 10.17487/RFC7684, November 1169 2015, . 1171 [RFC7770] Lindem, A., Ed., Shen, N., Vasseur, JP., Aggarwal, R., and 1172 S. Shaffer, "Extensions to OSPF for Advertising Optional 1173 Router Capabilities", RFC 7770, DOI 10.17487/RFC7770, 1174 February 2016, . 1176 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1177 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1178 May 2017, . 1180 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 1181 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 1182 Explicit Replication (BIER)", RFC 8279, 1183 DOI 10.17487/RFC8279, November 2017, 1184 . 1186 [RFC8556] Rosen, E., Ed., Sivakumar, M., Przygienda, T., Aldrin, S., 1187 and A. Dolganow, "Multicast VPN Using Bit Index Explicit 1188 Replication (BIER)", RFC 8556, DOI 10.17487/RFC8556, April 1189 2019, . 1191 9.2. Informative References 1193 [I-D.ietf-rtgwg-segment-routing-ti-lfa] 1194 Litkowski, S., Bashandy, A., Filsfils, C., Francois, P., 1195 Decraene, B., and D. Voyer, "Topology Independent Fast 1196 Reroute using Segment Routing", Work in Progress, 1197 Internet-Draft, draft-ietf-rtgwg-segment-routing-ti-lfa- 1198 07, 29 June 2021, . 1201 [I-D.ietf-spring-segment-protection-sr-te-paths] 1202 Hegde, S., Bowers, C., Litkowski, S., Xu, X., and F. Xu, 1203 "Segment Protection for SR-TE Paths", Work in Progress, 1204 Internet-Draft, draft-ietf-spring-segment-protection-sr- 1205 te-paths-01, 11 July 2021, 1206 . 1209 [RFC7431] Karan, A., Filsfils, C., Wijnands, IJ., Ed., and B. 1210 Decraene, "Multicast-Only Fast Reroute", RFC 7431, 1211 DOI 10.17487/RFC7431, August 2015, 1212 . 1214 [RFC8296] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 1215 Tantsura, J., Aldrin, S., and I. Meilik, "Encapsulation 1216 for Bit Index Explicit Replication (BIER) in MPLS and Non- 1217 MPLS Networks", RFC 8296, DOI 10.17487/RFC8296, January 1218 2018, . 1220 [RFC8401] Ginsberg, L., Ed., Przygienda, T., Aldrin, S., and Z. 1221 Zhang, "Bit Index Explicit Replication (BIER) Support via 1222 IS-IS", RFC 8401, DOI 10.17487/RFC8401, June 2018, 1223 . 1225 [RFC8444] Psenak, P., Ed., Kumar, N., Wijnands, IJ., Dolganow, A., 1226 Przygienda, T., Zhang, J., and S. Aldrin, "OSPFv2 1227 Extensions for Bit Index Explicit Replication (BIER)", 1228 RFC 8444, DOI 10.17487/RFC8444, November 2018, 1229 . 1231 Authors' Addresses 1233 Huaimo Chen 1234 Futurewei 1235 Boston, MA, 1236 United States of America 1238 Email: Huaimo.chen@futurewei.com 1240 Mike McBride 1241 Futurewei 1242 Email: michael.mcbride@futurewei.com 1244 Aijun Wang 1245 China Telecom 1246 Beiqijia Town, Changping District 1247 Beijing 1248 102209 1249 China 1251 Email: wangaj3@chinatelecom.cn 1253 Gyan S. Mishra 1254 Verizon Inc. 1255 13101 Columbia Pike 1256 Silver Spring, MD 20904 1257 United States of America 1259 Phone: 301 502-1347 1260 Email: gyan.s.mishra@verizon.com 1262 Yisong Liu 1263 China Mobile 1265 Email: liuyisong@chinamobile.com 1267 Michael Menth 1268 University of Tuebingen 1270 Email: menth@uni-tuebingen.de 1272 Boris Khasanov 1273 Yandex LLC 1274 Moscow 1276 Email: bhassanov@yahoo.com 1278 Xuesong Geng 1279 Huawei 1281 Email: gengxuesong@huawei.com 1282 Yanhe Fan 1283 Casa Systems 1284 United States of America 1286 Email: yfan@casa-systems.com 1288 Lei Liu 1289 Fujitsu 1290 United States of America 1292 Email: liulei.kddi@gmail.com 1294 Xufeng Liu 1295 Volta Networks 1296 McLean, VA 1297 United States of America 1299 Email: xufeng.liu.ietf@gmail.com