idnits 2.17.1 draft-francois-spring-segment-routing-ti-lfa-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (Aug 10, 2015) is 3154 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'Adjacency' on line 324 -- Looks like a reference, but probably isn't: 'Node' on line 324 == Unused Reference: '3' is defined on line 359, but no explicit reference was found in the text == Outdated reference: A later version (-15) exists of draft-ietf-spring-segment-routing-04 ** Downref: Normative reference to an Informational RFC: RFC 5714 (ref. '2') ** Downref: Normative reference to an Informational RFC: RFC 6571 (ref. '3') Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Pierre Francois 3 Internet-Draft Clarence Filsfils 4 Intended status: Standards Track Ahmed Bashandy 5 Expires: February 11, 2016 Cisco Systems, Inc. 6 Bruno Decraene 7 Stephane Litkowski 8 Orange 9 Aug 10, 2015 11 Topology Independent Fast Reroute using Segment Routing 12 draft-francois-spring-segment-routing-ti-lfa-02 14 Abstract 16 This document presents Topology Independent Loop-free Alternate Fast 17 Re-route (TI-LFA), aimed at providing link and node protection of 18 node and adjacency segments within the Segment Routing (SR) 19 framework. This Fast Re-route (FRR) behavior builds on proven IP-FRR 20 concepts being LFAs, remote LFAs (RLFA), and remote LFAs with 21 directed forwarding (DLFA). It extends these concepts to provide 22 guaranteed coverage in any IGP network. We accommodate the FRR 23 discovery and selection approaches in order to establish protection 24 over post-convergence paths from the point of local repair, 25 dramatically reducing the operational need to control the tie-breaks 26 among various FRR options. 28 Status of this Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on February 11, 2016. 45 Copyright Notice 47 Copyright (c) 2015 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. Intersecting P-Space and Q-Space with post-convergence 65 paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 3.1. P-Space property computation for a resource X . . . . . . . 5 67 3.2. Q-Space property computation for a link S-F, over 68 post-convergence paths . . . . . . . . . . . . . . . . . . 5 69 3.3. Q-Space property computation for a node F, over 70 post-convergence paths . . . . . . . . . . . . . . . . . . 6 71 4. TI-LFA Repair Tunnel . . . . . . . . . . . . . . . . . . . . . 6 72 4.1. The repair node is a direct neighbor . . . . . . . . . . . 6 73 4.2. The repair node is a PQ node . . . . . . . . . . . . . . . 6 74 4.3. The repair is a Q node, neighbor of the last P node . . . . 7 75 4.4. Connecting distant P and Q nodes along 76 post-convergence paths . . . . . . . . . . . . . . . . . . 7 77 5. Protecting segments . . . . . . . . . . . . . . . . . . . . . . 7 78 5.1. The active segment is a node segment . . . . . . . . . . . 7 79 5.2. The active segment is an adjacency segment . . . . . . . . 7 80 5.2.1. Protecting [Adjacency, Adjacency] segment lists . . . . 8 81 5.2.2. Protecting [Adjacency, Node] segment lists . . . . . . 8 82 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 85 1. Introduction 87 Segment Routing aims at supporting services with tight SLA guarantees 88 [1]. This document provides local repair mechanisms using SR, 89 capable of restoring end-to-end connectivity in the case of a sudden 90 failure of a link or a node, with guaranteed coverage properties. 92 Using segment routing, there is no need to establish TLDP sessions 93 with remote nodes in order to take advantage of the applicability of 94 remote LFAs (RLFA) or remote LFAs with directed forwarding (DLFA) 95 [2]. As a result, preferring LFAs over RLFAs or DLFAs, as well as 96 minimizing the number of RLFA or DLFA repair nodes is not required. 97 Using SR, there is no need to create state in the network in order to 98 enforce an explicit FRR path. As a result, we can use optimized 99 detour paths for each specific destination and for each possible 100 failure in the network without creating additional forwarding state. 102 Building on such an easier forwarding environment, the FRR behavior 103 suggested in this document tailors the repair paths over the post- 104 convergence path from the PLR to the protected destination. 106 As the capacity of the post-convergence path is typically planned by 107 the operator to support the post-convergence routing of the traffic 108 for any expected failure, there is much less need for the operator to 109 tune the decision among which protection path to choose. The 110 protection path will automatically follow the natural backup path 111 that would be used after local convergence. This also helps to 112 reduce the amount of path changes and hence service transients: one 113 transition (pre-convergence to post-convergence) instead of two (pre- 114 convergence to FRR and then post-convergence). 116 We provide the TI-LFA approach that achieves guaranteed coverage 117 against link or node failure, in any IGP network, relying on the 118 flexibility of SR. 120 L ____ 121 S----------F--{____}--D 122 _|_ ___________ / 123 {___}--Q--{___________} 125 Figure 1: TI-LFA Protection 127 We use Figure 1 to illustrate the TI-LFA approach. 129 The Point of Local Repair (PLR), S, needs to find a node Q (a repair 130 node) that is capable of safely forwarding the traffic to a 131 destination D affected by the failure of the protected link L, or 132 node F. The PLR also needs to find a way to reach Q without being 133 affected by the convergence state of the nodes over the paths it 134 wants to use to reach Q. 136 In Section 2 we define the main notations used in the document. They 137 are in line with [2]. 139 In Section 3, we suggest to compute the P-Space and Q-Space 140 properties defined in Section 2, for the specific case of nodes lying 141 over the post-convergence paths towards the protected destinations. 142 The failure of a link S-F as well as the failure of a neighbor F is 143 discussed. 145 Using the properties defined in Section 3, we describe how to compute 146 protection lists that encode a loopfree post-convergence towards the 147 destination, in Section 4. 149 Finally, we define the segment operations to be applied by the PLR to 150 ensure consistency with the forwarding state of the repair node, in 151 Section 5. 153 2. Terminology 155 We define the main notations used in this document as the following. 157 We refer to "old" and "new" topologies as the LSDB state before and 158 after the considered failure. 160 SPT_old(R) is the Shortest Path Tree rooted at node R in the initial 161 state of the network. 163 SPT_new(R, X) is the Shortest Path Tree rooted at node R in the state 164 of the network after the resource X has failed. 166 Dist_old(A,B) is the distance from node A to node B in SPT_old(A). 168 Dist_new(A,B, X) is the distance from node A to node B in SPT_new(A, 169 X). 171 Similarly to [4], we rely on the concept of P-Space and Q-Space for 172 TI-LFA. 174 The P-Space P(R,X) of a node R w.r.t. a resource X (e.g. a link S-F, 175 or a node F) is the set of nodes that are reachable from R without 176 passing through X. It is the set of nodes that are not downstream of 177 X in SPT_old(R). 179 The Extended P-Space P'(R,X) of a node R w.r.t. a resource X is the 180 set of nodes that are reachable from R or a neighbor of R, without 181 passing through X. 183 The Q-Space Q(D,X) of a destination node D w.r.t. a resource X is the 184 set of nodes which do not use X to reach D in the initial state of 185 the network. In other words, it is the set of nodes which have D in 186 their P-Space w.r.t. S-F (or F). 188 A symmetric network is a network such that the IGP metric of each 189 link is the same in both directions of the link. 191 3. Intersecting P-Space and Q-Space with post-convergence paths 193 In this section, we suggest to determine the P-Space and Q-Space 194 properties of the nodes along on the post-convergence paths from the 195 PLR to the protected destination and compute an SR-based explicit 196 path from P to Q when they are not adjacent. Such properties will be 197 used in Section 4 to compute the TI-LFA repair list. 199 3.1. P-Space property computation for a resource X 201 A node N is in P(R, X) if it is not downstream of X in SPT_old(R). 203 A node N is in P'(R,X) if it is not downstream of X in SPT_old(N), 204 for at least one neighbor N of R. 206 3.2. Q-Space property computation for a link S-F, over post-convergence 207 paths 209 We want to determine which nodes on the post-convergence from the PLR 210 to the destination D are in the Q-Space of destination D w.r.t. link 211 S-F. 213 This can be found by intersecting the post-convergence path to D, 214 assuming the failure of S-F, with Q(D, S-F). 216 The post-convergence path to D requires to compute SPT_new(S, S-F). 218 A node N is in Q(D,S-F) if it is not downstream of S-F in 219 rSPT_old(D). 221 3.3. Q-Space property computation for a node F, over post-convergence 222 paths 224 We want to determine which nodes on the post-convergence from the PLR 225 to the destination D are in the Q-Space of destination D w.r.t. node 226 F. 228 This can be found by intersecting the post-convergence path to D, 229 assuming the failure of F with Q(D, F). 231 The post-convergence path to D requires to compute SPT_new(S, F). 233 A node N is in Q(D,F) if it is not downstream of F in rSPT_old(D). 235 4. TI-LFA Repair Tunnel 237 The TI-LFA repair tunnel consists of an outgoing interface and a list 238 of segments (repair list) to insert on the SR header. The repair 239 list encodes the explicit post-convergence path to the destination, 240 which avoids the protected resource X. 242 The TI-LFA repair tunnel is found by intersecting P(S,X) and Q(D,X) 243 with the post-convergence path to D and computing the explicit SR- 244 based path EP(P, Q) from P to Q when these nodes are not adjacent 245 along the post convergence path. The TI-LFA repair list is expressed 246 generally as (Node_SID(P), EP(P, Q)). 248 Most often, the TI-LFA repair list has a simpler form, as described 249 in the following sections. 251 4.1. The repair node is a direct neighbor 253 When the repair node is a direct neighbor, the outgoing interface is 254 set to that neighbor and the repair segment list is empty. 256 This is comparable to an LFA FRR repair. 258 4.2. The repair node is a PQ node 260 When the repair node is in P(S,X), the repair list is made of a 261 single node segment to the repair node. 263 This is comparable to an RLFA repair tunnel. 265 4.3. The repair is a Q node, neighbor of the last P node 267 When the repair node is adjacent to P(S,X), the repair list is made 268 of two segments: A node segment to the adjacent P node, and an 269 adjacency segment from that node to the repair node. 271 This is comparable to a DLFA repair tunnel. 273 4.4. Connecting distant P and Q nodes along post-convergence paths 275 In some cases, there is no adjacent P and Q node along the post- 276 convergence path. However, the PLR can perform additional 277 computations to compute a list of segments that represent a loopfree 278 path from P to Q. 280 5. Protecting segments 282 In this section, we explain how a protecting router S processes the 283 active segment of a packet upon the failure of its primary outgoing 284 interface. 286 The behavior depends on the type of active segment to be protected. 288 5.1. The active segment is a node segment 290 The active segment is kept on the SR header, unchanged (1). The 291 repair list is inserted at the head of the list. The active segment 292 becomes the first segment of the inserted repair list. 294 A future version of the document will describe the FRR behavior when 295 the active segment is a node segment destined to F, and F has failed. 297 Note (1): If the SRGB at the repair node is different from the SRGB 298 at the PLR, then the active segment must be updated to fit the SRGB 299 of the repair node. 301 5.2. The active segment is an adjacency segment 303 We define hereafter the FRR behavior applied by S for any packet 304 received with an active adjacency segment S-F for which protection 305 was enabled. We distinguish the case where this active segment is 306 followed by another adjacency segment from the case where it is 307 followed by a node segment. 309 5.2.1. Protecting [Adjacency, Adjacency] segment lists 311 If the next segment in the list is an Adjacency segment, then the 312 packet has to be conveyed to F. 314 To do so, S applies a "NEXT" operation on Adj(S-F) and then two 315 consecutive "PUSH" operations: first it pushes a node segment for F, 316 and then it pushes a protection list allowing to reach F while 317 bypassing S-F. 319 Upon failure of S-F, a packet reaching S with a segment list matching 320 [adj(S-F),adj(M),...] will thus leave S with a segment list matching 321 [RT(F),node(F),adj(M)], where RT(F) is the repair tunnel for 322 destination F. 324 5.2.2. Protecting [Adjacency, Node] segment lists 326 If the next segment in the stack is a node segment, say for node T, 327 the packet segment list matches [adj(S-F),node(T),...]. 329 A first solution would consist in steering the packet back to F while 330 avoiding S-F, similarly to the previous case. To do so, S applies a 331 "NEXT" operation on Adj(S-F) and then two consecutive "PUSH" 332 operations: first it pushes a node segment for F, and then it pushes 333 a repair list allowing to reach F while bypassing S-F. 335 Upon failure of S-F, a packet reaching S with a segment list matching 336 [adj(S-F),node(T),...] will thus leave S with a segment list matching 337 [RT(F),node(F),node(T)]. 339 Another solution is to not steer the packet back via F but rather 340 follow the new shortest path to T. In this case, S just needs to 341 apply a "NEXT" operation on the Adjacency segment related to S-F, and 342 push a repair list redirecting the traffic to a node Q, whose path to 343 node segment T is not affected by the failure. 345 Upon failure of S-F, packets reaching S with a segment list matching 346 [adj(L), node(T), ...], would leave S with a segment list matching 347 [RT(Q),node(T), ...]. 349 6. References 351 [1] Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., and R. 352 Shakir, "Segment Routing Architecture", 353 draft-ietf-spring-segment-routing-04 (work in progress), 354 July 2015. 356 [2] Shand, M. and S. Bryant, "IP Fast Reroute Framework", RFC 5714, 357 January 2010. 359 [3] Filsfils, C., Francois, P., Shand, M., Decraene, B., Uttaro, J., 360 Leymann, N., and M. Horneffer, "Loop-Free Alternate (LFA) 361 Applicability in Service Provider (SP) Networks", RFC 6571, 362 June 2012. 364 [4] Bryant, S., Filsfils, C., Previdi, S., Shand, M., and N. So, 365 "Remote Loop-Free Alternate (LFA) Fast Reroute (FRR)", RFC 7490, 366 DOI 10.17487/RFC7490, April 2015, 367 . 369 Authors' Addresses 371 Pierre Francois 372 Cisco Systems, Inc. 373 Vimercate 374 IT 376 Email: pifranco@cisco.com 378 Clarence Filsfils 379 Cisco Systems, Inc. 380 Brussels 381 BE 383 Email: cfilsfil@cisco.com 385 Ahmed Bashandy 386 Cisco Systems, Inc. 387 San Jose 388 US 390 Email: bashandy@cisco.com 392 Bruno Decraene 393 Orange 394 Issy-les-Moulineaux 395 FR 397 Email: bruno.decraene@orange.com 398 Stephane Litkowski 399 Orange 400 FR 402 Email: bruno.decraene@orange.com