idnits 2.17.1 draft-ietf-bess-mvpn-fast-failover-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 28, 2019) is 1696 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Morin, Ed. 3 Internet-Draft Orange 4 Intended status: Standards Track R. Kebler, Ed. 5 Expires: February 29, 2020 Juniper Networks 6 G. Mirsky, Ed. 7 ZTE Corp. 8 August 28, 2019 10 Multicast VPN fast upstream failover 11 draft-ietf-bess-mvpn-fast-failover-08 13 Abstract 15 This document defines multicast VPN extensions and procedures that 16 allow fast failover for upstream failures, by allowing downstream PEs 17 to take into account the status of Provider-Tunnels (P-tunnels) when 18 selecting the upstream PE for a VPN multicast flow, and extending BGP 19 MVPN routing so that a C-multicast route can be advertised toward a 20 standby upstream PE. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 26 "OPTIONAL" in this document are to be interpreted as described in BCP 27 14 [RFC2119] [RFC8174] when, and only when, they appear in all 28 capitals, as shown here. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on February 29, 2020. 47 Copyright Notice 49 Copyright (c) 2019 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 3. UMH Selection based on tunnel status . . . . . . . . . . . . 3 67 3.1. Determining the status of a tunnel . . . . . . . . . . . 4 68 3.1.1. mVPN tunnel root tracking . . . . . . . . . . . . . . 5 69 3.1.2. PE-P Upstream link status . . . . . . . . . . . . . . 5 70 3.1.3. P2MP RSVP-TE tunnels . . . . . . . . . . . . . . . . 5 71 3.1.4. Leaf-initiated P-tunnels . . . . . . . . . . . . . . 6 72 3.1.5. (C-S, C-G) counter information . . . . . . . . . . . 6 73 3.1.6. BFD Discriminator . . . . . . . . . . . . . . . . . . 6 74 3.1.7. Per PE-CE link BFD Discriminator . . . . . . . . . . 9 75 4. Standby C-multicast route . . . . . . . . . . . . . . . . . . 9 76 4.1. Downstream PE behavior . . . . . . . . . . . . . . . . . 10 77 4.2. Upstream PE behavior . . . . . . . . . . . . . . . . . . 11 78 4.3. Reachability determination . . . . . . . . . . . . . . . 12 79 4.4. Inter-AS . . . . . . . . . . . . . . . . . . . . . . . . 12 80 4.4.1. Inter-AS procedures for downstream PEs, ASBR fast 81 failover . . . . . . . . . . . . . . . . . . . . . . 13 82 4.4.2. Inter-AS procedures for ASBRs . . . . . . . . . . . . 13 83 5. Hot Root Standby . . . . . . . . . . . . . . . . . . . . . . 14 84 6. Duplicate packets . . . . . . . . . . . . . . . . . . . . . . 14 85 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 86 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 87 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 88 10. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 15 89 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 90 11.1. Normative References . . . . . . . . . . . . . . . . . . 17 91 11.2. Informative References . . . . . . . . . . . . . . . . . 18 92 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 94 1. Introduction 96 In the context of multicast in BGP/MPLS VPNs, it is desirable to 97 provide mechanisms allowing fast recovery of connectivity on 98 different types of failures. This document addresses failures of 99 elements in the provider network that are upstream of PEs connected 100 to VPN sites with receivers. 102 Section 3 describes local procedures allowing an egress PE (a PE 103 connected to a receiver site) to take into account the status of 104 P-tunnels to determine the Upstream Multicast Hop (UMH) for a given 105 (C-S, C-G). This method does not provide a "fast failover" solution 106 when used alone, but can be used with the following sections for a 107 "fast failover" solution. 109 Section 4 describes protocol extensions that can speed up failover by 110 not requiring any multicast VPN routing message exchange at recovery 111 time. 113 Moreover, section 5 describes a "hot leaf standby" mechanism, that 114 uses a combination of these two mechanisms. This approach has 115 similarities with the solution described in [RFC7431] to improve 116 failover times when PIM routing is used in a network given some 117 topology and metric constraints. 119 2. Terminology 121 The terminology used in this document is the terminology defined in 122 [RFC6513] and [RFC6514]. 124 x-PMSI: I-PMSI or S-PMSI 126 3. UMH Selection based on tunnel status 128 Current multicast VPN specifications [RFC6513], section 5.1, describe 129 the procedures used by a multicast VPN downstream PE to determine 130 what the upstream multicast hop (UMH) is for a given (C-S, C-G). 132 The procedure described here is an OPTIONAL procedure that consists 133 of having a downstream PE take into account the status of P-tunnels 134 rooted at each possible upstream PEs, Because all PEs could arrive at 135 a different conclusion regarding the state of the tunnel, procedures 136 described in Section 9.1.1 of [RFC6513] MUST be used when using 137 inclusive tunnels. 139 For a given downstream PE and a given VRF, the P-tunnel corresponding 140 to a given upstream PE for a given (C-S, C-G) state is the S-PMSI 141 tunnel advertised by that upstream PE for this (C-S, C-G) and 142 imported into that VRF, or if there isn't any such S-PMSI, the I-PMSI 143 tunnel advertised by that PE and imported into that VRF. 145 There are three options specified in Section 5.1 of [RFC6513] for a 146 downstream PE to select an Upstream PE. 148 o The first two options select the Upstream PE from a candidate PE 149 set either based on IP address or a hashing algorithm. When used 150 together with the optional procedure of considering the P-tunnel 151 status as in this document, a candidate upstream PE is included in 152 the set if it either: 154 A. advertise a PMSI bound to a tunnel, where the specified tunnel 155 is not known to be down or up 157 B. do not advertise any x-PMSI applicable to the given (C-S, C-G) 158 but have associated a VRF Route Import BGP attribute to the 159 unicast VPN route for S (this is necessary to avoid 160 incorrectly invalidating a UMH PE that would use a policy 161 where no I-PMSI is advertised for a given VRF and where only 162 S-PMSI are used, the S-PMSI advertisement being possibly done 163 only after the upstream PE receives a C-multicast route for 164 (C-S, C-G)/(C-*, C-G) to be carried over the advertised 165 S-PMSI). 167 If the resulting candidate set is empty, then the procedure is 168 repeated without considering the P-tunnel status. 170 o The third option uses the installed UMH Route (i.e., the "best" 171 route towards the C-root) as the Selected UMH Route, and its 172 originating PE is the selected Upstream PE. With the optional 173 procedure of considering P-tunnel status as in this document, the 174 Selected UMH Route is the best one among those whose originating 175 PE's P-tunnel is not "down". If that does not exist, the 176 installed UMH Route is selected regardless of the P-tunnel status. 178 3.1. Determining the status of a tunnel 180 Different factors can be considered to determine the "status" of a 181 P-tunnel and are described in the following sub-sections. The 182 optional procedures proposed in this section also allow that all 183 downstream PEs don't apply the same rules to define what the status 184 of a P-tunnel is (please see Section 6), and some of them will 185 produce a result that may be different for different downstream PEs. 186 Thus what is called the "status" of a P-tunnel in this section, is 187 not a characteristic of the tunnel in itself, but is the status of 188 the tunnel, *as seen from a particular downstream PE*. Additionally, 189 some of the following methods determine the ability of downstream PE 190 to receive traffic on the P-tunnel and not specifically on the status 191 of the P-tunnel itself. That could be referred to as "P-tunnel 192 reception status", but for simplicity, we will use the terminology of 193 P-tunnel "status" for all of these methods. 195 Depending on the criteria used to determine the status of a P-tunnel, 196 there may be an interaction with another resiliency mechanism used 197 for the P-tunnel itself, and the UMH update may happen immediately or 198 may need to be delayed. Each particular case is covered in each 199 separate sub-section below. 201 3.1.1. mVPN tunnel root tracking 203 A condition to consider that the status of a P-tunnel is up is that 204 the root of the tunnel, as determined in the PMSI tunnel attribute, 205 is reachable through unicast routing tables. In this case, the 206 downstream PE can immediately update its UMH when the reachability 207 condition changes. 209 That is similar to BGP next-hop tracking for VPN routes, except that 210 the address considered is not the BGP next-hop address, but the root 211 address in the PMSI tunnel attribute. 213 If BGP next-hop tracking is done for VPN routes and the root address 214 of a given tunnel happens to be the same as the next-hop address in 215 the BGP auto-discovery route advertising the tunnel, then this 216 mechanisms may be omitted for this tunnel, as it will not bring any 217 specific benefit. 219 3.1.2. PE-P Upstream link status 221 A condition to consider a tunnel status as Up can be that the last- 222 hop link of the P-tunnel is up. 224 This method should not be used when there is a fast restoration 225 mechanism (such as MPLS FRR [RFC4090]) in place for the link. 227 3.1.3. P2MP RSVP-TE tunnels 229 For P-tunnels of type P2MP MPLS-TE, the status of the P-tunnel is 230 considered up if the sub-LSP to this downstream PE is in Up state. 231 The determination of whether a P2MP RSVP-TE LSP is in Up state 232 requires Path and Resv state for the LSP and is based on procedures 233 specified in [RFC4875]. In this case, the downstream PE can 234 immediately update its UMH when the reachability condition changes. 236 When signaling state for a P2MP TE LSP is removed (e.g., if the 237 ingress of the P2MP TE LSP sends a PathTear message) or the P2MP TE 238 LSP changes state from Up to Down as determined by procedures in 239 [RFC4875], the status of the corresponding P-tunnel SHOULD be re- 240 evaluated. If the P-tunnel transitions from up to Down state, the 241 upstream PE that is the ingress of the P-tunnel SHOULD NOT be 242 considered a valid UMH. 244 3.1.4. Leaf-initiated P-tunnels 246 A PE can be removed from the UMH candidate list for a given (C-S, 247 C-G) if the P-tunnel (I or S, depending) for this (S, G) is leaf 248 triggered (PIM, mLDP), but for some reason internal to the protocol 249 the upstream one-hop branch of the tunnel from P to PE cannot be 250 built. In this case, the downstream PE can immediately update its 251 UMH when the reachability condition changes. 253 3.1.5. (C-S, C-G) counter information 255 In cases, where the downstream node can be configured so that the 256 maximum inter-packet time is known for all the multicast flows mapped 257 on a P-tunnel, the local per-(C-S, C-G) traffic counter information 258 for traffic received on this P-tunnel can be used to determine the 259 status of the P-tunnel. 261 When such a procedure is used, in the context where fast restoration 262 mechanisms are used for the P-tunnels, downstream PEs should be 263 configured to wait before updating the UMH, to let the P-tunnel 264 restoration mechanism happen. A configurable timer MUST be provided 265 for this purpose, and it is recommended to provide a reasonable 266 default value for this timer. 268 This method can be applicable, for instance, when a (C-S, C-G) flow 269 is mapped on an S-PMSI. 271 In cases where this mechanism is used in conjunction with 272 Hot Root Standby, no prior knowledge of the rate of the multicast 273 streams is required; downstream PEs can compare reception on the two 274 P-tunnels to determine when one of them is down. 276 3.1.6. BFD Discriminator 278 P-tunnel status can be derived from the status of a multipoint BFD 279 session [RFC8562] whose discriminator is advertised along with an 280 x-PMSI A-D route. 282 This document defines the format and ways of using a new BGP 283 attribute called the "BGP- BFD attribute". It is an optional 284 transitive BGP attribute. The format of this attribute is defined as 285 follows: 287 +-------------------------------+ 288 | Flags (1 octet) | 289 +-------------------------------+ 290 | BFD Discriminator (4 octets) | 291 +-------------------------------+ 293 The Flags field has the following format: 295 0 1 2 3 4 5 6 7 296 +-+-+-+-+-+-+-+-+ 297 | reserved | 298 +-+-+-+-+-+-+-+-+ 300 3.1.6.1. Upstream PE Procedures 302 When it is desired to track the P-tunnel status using a p2mp BFD 303 session, the Upstream PE: 305 o MUST initiate BFD session and set bfd.SessionType = MultipointHead 306 as described in [RFC8562]; 308 o MUST use an address in 127.0.0.0/8 range for IPv4 or in 309 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6 as destination IP address 310 when transmitting BFD control packets; 312 o MUST use the IP address of the Upstream PE as source IP address 313 when transmitting BFD control packets; 315 o MUST include the BGP-BFD Attribute in the x-PMSI A-D Route with 316 BFD Discriminator value set to My Discriminator value; 318 o MUST periodically transmit BFD control packets over the x-PMSI 319 tunnel. 321 If the tracking of the P-tunnel by using a p2mp BFD session is 322 enabled after the x-PMSI A-D route has been already advertised, the 323 x-PMSI A-D Route MUST be re-sent with precisely the same attributes 324 as before and the BGP-BFD Attribute included. 326 If the x-PMSI A-D route is advertised with P-tunnel status tracked 327 using the p2mp BFD session and it is desired to stop tracking 328 P-tunnel status using BFD, then: 330 o x-PMSI A-D Route MUST be re-sent with precisely the same 331 attributes as before, but the BGP-BFD Attribute MUST be excluded; 333 o the p2mp BFD session SHOULD be deleted. 335 3.1.6.2. Downstream PE Procedures 337 Upon receiving the BGP-BFD Attribute in the x-PMSI A-D Route, the 338 Downstream PE: 340 o MUST associate the received BFD discriminator value with the 341 P-tunnel originating from the Root PE and the IP address of the 342 Upstream PE; 344 o MUST create p2mp BFD session and set bfd.SessionType = 345 MultipointTail as described in [RFC8562]; 347 o MUST use the source IP address of the BFD control packet, the 348 value of the BFD Discriminator field, and the x-PMSI tunnel 349 identifier the BFD control packet was received to properly 350 demultiplex BFD sessions. 352 After the state of the p2mp BFD session is up, i.e., bfd.SessionState 353 == Up, the session state will then be used to track the health of the 354 P-tunnel. 356 According to [RFC8562], if the Downstream PE receives Down or 357 AdminDown in the State field of the BFD control packet or associated 358 with the BFD session Detection Timer expires, the BFD session state 359 is down, i.e., bfd.SessionState == Down. When the BFD session state 360 is Down, then the P-tunnel associated with the BFD session as down 361 MUST be declared down. Then The Downstream PE MAY initiate a 362 switchover of the traffic from the Primary Upstream PE to the Standby 363 Upstream PE only if the Standby Upstream PE deemed available. A 364 different p2mp BFD session MAY monitor the state of the Standby 365 Upstream PE. 367 If the Downstream PE's P-tunnel is already up when the Downstream PE 368 receives the new x-PMSI A-D Route with BGP-BFD Attribute, the 369 Downstream PE MUST accept the x-PMSI A-D Route and associate the 370 value of BFD Discriminator field with the P-tunnel. The Upstream PE 371 MUST follow procedures listed above in this section to bring the p2mp 372 BFD session up and use it to monitor the state of the associated 373 P-tunnel. 375 If the Downstream PE's P-tunnel is already up, its state being 376 monitored by the p2mp BFD session, and the Downstream PE receives the 377 new x-PMSI A-D Route without the BGP-BFD Attribute, the Downstream 378 PE: 380 o MUST accept the x-PMSI A-D Route; 382 o MUST stop processing BFD control packets for this p2mp BFD 383 session; 385 o SHOULD delete the p2mp BFD session associated with the P-tunnel; 387 o SHOULD NOT switch the traffic to the Standby Upstream PE. 389 3.1.7. Per PE-CE link BFD Discriminator 391 The following approach is defined in response to the detection by the 392 upstream PE of PE-CE link failure. Even though the provider tunnel 393 is still up, it is desired for the downstream PEs to switch to a 394 backup upstream PE. To achieve that, if the upstream PE detects that 395 its PE-CE link fails, it SHOULD set the bfd.LocalDiag of the p2mp BFD 396 session to Concatenated Path Down and/or Reverse Concatenated Path 397 Down (per section 6.8.17 [RFC5880]), unless it switches to a new PE- 398 CE link within the time of bfd.DesiredMinTxInterval for the p2mp BFD 399 session (in that case the upstream PE will start tracking the status 400 of the new PE-CE link). When a downstream PE receives that 401 bfd.LocalDiag code, it treats as if the tunnel itself failed and 402 tries to switch to a backup PE. 404 4. Standby C-multicast route 406 The procedures described below are limited to the case where the site 407 that contains C-S is connected to two or more PEs though, to simplify 408 the description, the case of dual-homing is described. The 409 procedures require all the PEs of that MVPN to follow the UMH 410 selection, as specified in [RFC6513], whether the PE selected based 411 on its IP address, hashing algorithm described in section 5.1.3 412 [RFC6513], or Installed UMH Route. The procedures assume that if a 413 site of a given MVPN that contains C-S is dual-homed to two PEs, then 414 all the other sites of that MVPN would have two unicast VPN routes 415 (VPN-IPv4 or VPN-IPv6) routes to C-S, each with its RD. 417 As long as C-S is reachable via both PEs, a given downstream PE will 418 select one of the PEs connected to C-S as its Upstream PE for C-S. 419 We will refer to the other PE connected to C-S as the "Standby 420 Upstream PE". Note that if the connectivity to C-S through the 421 Primary Upstream PE becomes unavailable, then the PE will select the 422 Standby Upstream PE as its Upstream PE for C-S. When the Primary PE 423 later becomes available, then the PE will select the Primary Upstream 424 PE again as its Upstream PE. Such behavior is referred to as 425 "revertive" behavior and MUST be supported. Non-revertive behavior 426 would refer to the behavior of continuing to select the backup PE as 427 the UMH even after the Primary has come up. This non-revertive 428 behavior can also be optionally supported by an implementation and 429 would be enabled through some configuration. 431 For readability, in the following sub-sections, the procedures are 432 described for BGP C-multicast Source Tree Join routes, but they apply 433 equally to BGP C-multicast Shared Tree Join routes failover for the 434 case where the customer RP is dual-homed (substitute "C-RP" to 435 "C-S"). 437 4.1. Downstream PE behavior 439 When a (downstream) PE connected to some site of an MVPN needs to 440 send a C-multicast route (C-S, C-G), then following the procedures 441 specified in Section "Originating C-multicast routes by a PE" of 442 [RFC6514] the PE sends the C-multicast route with RT that identifies 443 the Upstream PE selected by the PE originating the route. As long as 444 C-S is reachable via the Primary Upstream PE, and the Upstream PE is 445 the Primary Upstream PE. If C-S is reachable only via the Standby 446 Upstream PE, then the Upstream PE is the Standby Upstream PE. 448 If C-S is reachable via both the Primary and the Standby Upstream PE, 449 then in addition to sending the C-multicast route with an RT that 450 identifies the Primary Upstream PE, the PE also originates and sends 451 a C-multicast route with an RT that identifies the Standby Upstream 452 PE. This route that has the semantics of being a 'standby' 453 C-multicast route is further called a "Standby BGP C-multicast 454 route", and is constructed as follows: 456 o the NLRI is constructed as the original C-multicast route, except 457 that the RD is the same as if the C-multicast route was built 458 using the standby PE as the UMH (it will carry the RD associated 459 to the unicast VPN route advertised by the standby PE for S and a 460 Route Target derived from the standby PE's UMH route's VRF RT 461 Import EC); 463 o SHOULD carry the "Standby PE" BGP Community (this is a new BGP 464 Community, see Section 7). 466 The normal and the standby C-multicast routes must have their Local 467 Preference attribute adjusted so that, if two C-multicast routes with 468 same NLRI are received by a BGP peer, one carrying the "Standby PE" 469 attribute and the other one *not* carrying the "Standby PE" 470 community, then preference is given to the one *not* carrying the 471 "Standby PE" attribute. Such a situation can happen when, for 472 instance, due to transient unicast routing inconsistencies, two 473 different downstream PEs consider different upstream PEs to be the 474 primary one; in that case, without any precaution taken, both 475 upstream PEs would process a standby C-multicast route and possibly 476 stop forwarding at the same time. For this purpose, routes that 477 carry the "Standby PE" BGP Community MUST have the LOCAL_PREF 478 attribute set to zero. 480 Note that, when a PE advertises such a Standby C-multicast join for a 481 (C-S, C-G) it must join the corresponding P-tunnel. 483 If at some later point the local PE determines that C-S is no longer 484 reachable through the Primary Upstream PE, the Standby Upstream PE 485 becomes the Upstream PE, and the local PE re-sends the C-multicast 486 route with RT that identifies the Standby Upstream PE, except that 487 now the route does not carry the Standby PE BGP Community (which 488 results in replacing the old route with a new route, with the only 489 difference between these routes being the presence/absence of the 490 Standby PE BGP Community). Also, a LOCAL_PREF attribute MUST be set 491 to zero. 493 4.2. Upstream PE behavior 495 When a PE receives a C-multicast route for a particular (C-S, C-G), 496 and the RT carried in the route results in importing the route into a 497 particular VRF on the PE, if the route carries the Standby PE BGP 498 Community, then the PE performs as follows: 500 when the PE determines that C-S is not reachable through some 501 other PE, the PE SHOULD install VRF PIM state corresponding to 502 this Standby BGP C-multicast route (the result will be that a PIM 503 Join message will be sent to the CE towards C-S, and that the PE 504 will receive (C-S, C-G) traffic), and the PE SHOULD forward (C-S, 505 C-G) traffic received by the PE to other PEs through a P-tunnel 506 rooted at the PE. 508 Furthermore, irrespective of whether C-S carried in that route is 509 reachable through some other PE: 511 a) based on local policy, as soon as the PE receives this Standby BGP 512 C-multicast route, the PE MAY install VRF PIM state corresponding 513 to this BGP Source Tree Join route (the result will be that Join 514 messages will be sent to the CE toward C-S, and that the PE will 515 receive (C-S, C-G) traffic) 517 b) based on local policy, as soon as the PE receives this Standby BGP 518 C-multicast route, the PE MAY forward (C-S, C-G) traffic to other 519 PEs through a P-tunnel independently of the reachability of C-S 520 through some other PE. [note that this implies also doing (a)] 522 Doing neither (a) or (b) for a given (C-S, C-G) is called "cold root 523 standby". 525 Doing (a) but not (b) for a given (C-S, C-G) is called "warm root 526 standby". 528 Doing (b) (which implies also doing (a)) for a given (C-S, C-G) is 529 called "hot root standby". 531 Note that, if an upstream PE uses an S-PMSI only policy, it shall 532 advertise an S-PMSI for a (C-S, C-G) as soon as it receives a 533 C-multicast route for (C-S, C-G), normal or Standby; i.e., it shall 534 not wait for receiving a non-Standby C-multicast route before 535 advertising the corresponding S-PMSI. 537 Section 9.3.2 of [RFC6514], describes the procedures of sending a 538 Source-Active A-D result as a result of receiving the C-multicast 539 route. These procedures should be followed for both the normal and 540 Standby C-multicast routes. 542 4.3. Reachability determination 544 The standby PE can use the following information to determine that 545 C-S can or cannot be reached through the primary PE: 547 o presence/absence of a unicast VPN route toward C-S 549 o supposing that the standby PE is the egress of the tunnel rooted 550 at the Primary PE, the standby PE can determine the reachability 551 of C-S through the Primary PE based on the status of this tunnel, 552 determined thanks to the same criteria as the ones described in 553 Section 3.1 (without using the UMH selection procedures of 554 Section 3); 556 o other mechanisms MAY be used. 558 4.4. Inter-AS 560 If the non-segmented inter-AS approach is used, the procedures in 561 section 4 can be applied. 563 When multicast VPNs are used in an inter-AS context with the 564 segmented inter-AS approach described in section 8.2 of [RFC6514], 565 the procedures in this section can be applied. 567 A pre-requisite for the procedures described below to be applied for 568 a source of a given MVPN is: 570 o that any PE of this MVPN receives two Inter-AS I-PMSI auto- 571 discovery routes advertised by the AS of the source (or more) 573 o that these Inter-AS I-PMSI auto-discovery routes have distinct 574 Route Distinguishers (as described in item "(2)" of section 9.2 of 575 [RFC6514]). 577 As an example, these conditions will be satisfied when the source is 578 dual-homed to an AS that connects to the receiver AS through two ASBR 579 using auto-configured RDs. 581 4.4.1. Inter-AS procedures for downstream PEs, ASBR fast failover 583 The following procedure is applied by downstream PEs of an AS, for a 584 source S in a remote AS. 586 Additionally, to choosing an Inter-AS I-PMSI auto-discovery route 587 advertised from the AS of the source to construct a C-multicast 588 route, as described in section 11.1.3 [RFC6514] a downstream PE will 589 choose a second Inter-AS I-PMSI auto-discovery route advertised from 590 the AS of the source and use this route to construct and advertise a 591 Standby C-multicast route (C-multicast route carrying the Standby 592 extended community) as described in Section 4.1. 594 4.4.2. Inter-AS procedures for ASBRs 596 When an upstream ASBR receives a C-multicast route, and at least one 597 of the RTs of the route matches one of the ASBR Import RT, the ASBR 598 locates an Inter-AS I-PMSI A-D route whose RD and Source AS matches 599 the RD and Source AS carried in the C-multicast route. If the match 600 is found, and C-multicast route carries the Standby PE BGP Community, 601 then the ASBR performs as follows: 603 o if the route was received over iBGP; the route is expected to have 604 a LOCAL_PREF attribute set to zero, and it should be re-advertised 605 in eBGP with a MED attribute (MULTI_EXIT_DISC) set to the highest 606 possible value (0xffff) 608 o if the route was received over eBGP; the route is expected to have 609 a MED attribute set of 0xffff and should be re-advertised in iBGP 610 with a LOCAL_PREF attribute set to zero 612 Other ASBR procedures are applied without modification. 614 5. Hot Root Standby 616 The mechanisms defined in sections Section 4 and Section 3 can be 617 used together as follows. 619 The principle is that, for a given VRF (or possibly only for a given 620 C-S,C-G): 622 o downstream PEs advertise a Standby BGP C-multicast route (based on 623 Section 4) 625 o upstream PEs use the "hot standby" optional behavior and thus will 626 forward traffic for a given multicast state as soon as they have 627 whether a (primary) BGP C-multicast route or a Standby BGP 628 C-multicast route for that state (or both) 630 o downstream PEs accept traffic from the primary or standby tunnel, 631 based on the status of the tunnel (based on Section 3) 633 Other combinations of the mechanisms proposed in Section 4 and 634 Section 3 are for further study. 636 Note that the same level of protection would be achievable with a 637 simple C-multicast Source Tree Join route advertised to both the 638 primary and secondary upstream PEs (carrying as Route Target extended 639 communities, the values of the VRF Route Import attribute of each VPN 640 route from each upstream PEs). The advantage of using the Standby 641 semantic for is that, supposing that downstream PEs always advertise 642 a Standby C-multicast route to the secondary upstream PE, it allows 643 to choose the protection level through a change of configuration on 644 the secondary upstream PE, without requiring any reconfiguration of 645 all the downstream PEs. 647 6. Duplicate packets 649 Multicast VPN specifications [RFC6513] impose that a PE only forwards 650 to CEs the packets coming from the expected upstream PE 651 (Section 9.1). 653 We highlight the reader's attention to the fact that the respect of 654 this part of multicast VPN specifications is especially important 655 when two distinct upstream PEs are susceptible to forward the same 656 traffic on P-tunnels at the same time in the steady state. That will 657 be the case when "hot root standby" mode is used (Section 4), and 658 which can also be the case if procedures of Section 3 are used and 659 (a) the rules determining the status of a tree are not the same on 660 two distinct downstream PEs or (b) the rule determining the status of 661 a tree depends on conditions local to a PE (e.g., the PE-P upstream 662 link being up). 664 7. IANA Considerations 666 Allocation is expected from IANA for the BGP "Standby PE" community. 667 (TBC) 669 8. Security Considerations 671 9. Acknowledgments 673 The authors want to thank Greg Reaume, Eric Rosen, Jeffrey Zhang, and 674 Zheng (Sandy) Zhang for their reviews, useful comments, and helpful 675 suggestions. 677 10. Contributor Addresses 679 Below is a list of other contributing authors in alphabetical order: 681 Rahul Aggarwal 682 Arktan 684 Email: raggarwa_1@yahoo.com 686 Nehal Bhau 687 Cisco 689 Email: NBhau@cisco.com 691 Clayton Hassen 692 Bell Canada 693 2955 Virtual Way 694 Vancouver 695 CANADA 697 Email: Clayton.Hassen@bell.ca 699 Wim Henderickx 700 Nokia 701 Copernicuslaan 50 702 Antwerp 2018 703 Belgium 705 Email: wim.henderickx@nokia.com 707 Pradeep Jain 708 Nokia 709 701 E Middlefield Rd 710 Mountain View, CA 94043 711 USA 713 Email: pradeep.jain@nokia.com 715 Jayant Kotalwar 716 Nokia 717 701 E Middlefield Rd 718 Mountain View, CA 94043 719 USA 721 Email: Jayant.Kotalwar@nokia.com 723 Praveen Muley 724 Nokia 725 701 East Middlefield Rd 726 Mountain View, CA 94043 727 U.S.A. 729 Email: praveen.muley@nokia.com 731 Ray (Lei) Qiu 732 Juniper Networks 733 1194 North Mathilda Ave. 734 Sunnyvale, CA 94089 735 U.S.A. 737 Email: rqiu@juniper.net 739 Yakov Rekhter 740 Juniper Networks 741 1194 North Mathilda Ave. 743 Sunnyvale, CA 94089 744 U.S.A. 746 Email: yakov@juniper.net 748 Kanwar Singh 749 Nokia 750 701 E Middlefield Rd 751 Mountain View, CA 94043 752 USA 754 Email: kanwar.singh@nokia.com 756 11. References 758 11.1. Normative References 760 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 761 Requirement Levels", BCP 14, RFC 2119, 762 DOI 10.17487/RFC2119, March 1997, 763 . 765 [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. 766 Yasukawa, Ed., "Extensions to Resource Reservation 767 Protocol - Traffic Engineering (RSVP-TE) for Point-to- 768 Multipoint TE Label Switched Paths (LSPs)", RFC 4875, 769 DOI 10.17487/RFC4875, May 2007, 770 . 772 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 773 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 774 . 776 [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ 777 BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 778 2012, . 780 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP 781 Encodings and Procedures for Multicast in MPLS/BGP IP 782 VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, 783 . 785 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 786 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 787 May 2017, . 789 [RFC8562] Katz, D., Ward, D., Pallagatti, S., Ed., and G. Mirsky, 790 Ed., "Bidirectional Forwarding Detection (BFD) for 791 Multipoint Networks", RFC 8562, DOI 10.17487/RFC8562, 792 April 2019, . 794 11.2. Informative References 796 [RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast 797 Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090, 798 DOI 10.17487/RFC4090, May 2005, 799 . 801 [RFC7431] Karan, A., Filsfils, C., Wijnands, IJ., Ed., and B. 802 Decraene, "Multicast-Only Fast Reroute", RFC 7431, 803 DOI 10.17487/RFC7431, August 2015, 804 . 806 Authors' Addresses 808 Thomas Morin (editor) 809 Orange 810 2, avenue Pierre Marzin 811 Lannion 22307 812 France 814 Email: thomas.morin@orange-ftgroup.com 816 Robert Kebler (editor) 817 Juniper Networks 818 1194 North Mathilda Ave. 819 Sunnyvale, CA 94089 820 U.S.A. 822 Email: rkebler@juniper.net 824 Greg Mirsky (editor) 825 ZTE Corp. 827 Email: gregimirsky@gmail.com