idnits 2.17.1 

draft-ietf-bmwg-protection-term-08.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** The document seems to lack a License Notice according IETF Trust
     Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
     Section 6.b -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     (You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Feb 2009 rather than one of the newer Notices.  See
     https://trustee.ietf.org/license-info/.)


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == The page length should not exceed 58 lines per page, but there was 5
     longer pages, the longest (page 26) being 67 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
     being 29 characters in excess of 72.

  ** There are 3 instances of lines with control characters in the document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (December 2009) is 5245 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Unused Reference: '6' is defined on line 1400, but no explicit reference
     was found in the text

  == Outdated reference: A later version (-23) exists of
     draft-ietf-bmwg-igp-dataplane-conv-term-16

  ** Obsolete normative reference: RFC 3768 (ref. '11') (Obsoleted by RFC
     5798)


     Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	 Network Working Group                         S. Poretsky
2	 Internet Draft                                Allot Communications
3	 Expires: June 2010                            Rajiv Papneja
4	 Intended Status: Informational                Isocore 					                               J. Karthik
5	                                               S. Vapiwala
6	                                               Cisco Systems

8	                                              December 2009

10	                    Benchmarking Terminology
11	                   for Protection Performance
12	             <draft-ietf-bmwg-protection-term-08.txt >

14	Status of this Memo
15	   This Internet-Draft is submitted to IETF in full conformance with the
16	   provisions of BCP 78 and BCP 79.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups.  Note that
20	   other groups may also distribute working documents as Internet-
21	   Drafts.

23	   Internet-Drafts are draft documents valid for a maximum of six months
24	   and may be updated, replaced, or obsoleted by other documents at any
25	   time.  It is inappropriate to use Internet-Drafts as reference
26	   material or to cite them other than as "work in progress."

28	   The list of current Internet-Drafts can be accessed at
29	   http://www.ietf.org/ietf/1id-abstracts.txt.
30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on April 15, 2010.

35	Copyright Notice
36	   Copyright (c) 2009 IETF Trust and the persons identified as the
37	   document authors.  All rights reserved.

39	   This document is subject to BCP 78 and the IETF Trust's Legal
40	   Provisions Relating to IETF Documents in effect on the date of
41	   publication of this document (http://trustee.ietf.org/license-info).
42	   Please review these documents carefully, as they describe your rights
43	   and restrictions with respect to this document.

45	Abstract
46	  This document provides common terminology and metrics for benchmarking
47	  the performance of sub-IP layer protection mechanisms. The performance
48	  benchmarks are measured at the IP-Layer, avoiding dependence on
49	  specific sub-IP protection mechanisms. The benchmarks and terminology
50	  can be applied in methodology documents for different sub-IP layer
51	  protection mechanisms such as Automatic Protection Switching (APS),
52	  Virtual Router Redundancy Protocol (VRRP), Stateful High Availability
53	  (HA), and Multi-Protocol Label Switching Fast Reroute (MPLS-FRR).

55	                          Protection Performance
56	 Table of Contents
57	        1. Introduction..............................................3
58	        2. Existing definitions......................................6
59	        3. Test Considerations.......................................7
60	           3.1. Paths................................................7
61	              3.1.1. Path............................................7
62	              3.1.2. Working Path....................................8
63	              3.1.3. Primary Path....................................8
64	              3.1.4. Protected Primary Path..........................8
65	              3.1.5. Backup Path.....................................9
66	              3.1.6. Standby Backup Path.............................10
67	              3.1.7. Dynamic Backup Path.............................10
68	              3.1.8. Disjoint Paths..................................10
69	              3.1.9. Point of Local repair (PLR).....................11
70	              3.1.10. Shared Risk Link Group (SRLG)..................11
71	           3.2. Protection Mechanisms................................12
72	              3.2.1. Link Protection.................................12
73	              3.2.2. Node Protection.................................12
74	              3.2.3. Path Protection.................................12
75	              3.2.4. Backup Span.....................................13
76	              3.2.5. Local Link Protection...........................13
77	              3.2.6. Redundant Node Protection.......................14
78	              3.2.7  State Control Interface.........................14
79	              3.2.8. Protected Interface.............................15
80	           3.3. Protection Switching.................................15
81	              3.3.1. Protection Switching System.....................15
82	              3.3.2. Failover Event..................................15
83	              3.3.3. Failure Detection...............................16
84	              3.3.4. Failover........................................17
85	              3.3.5. Restoration.....................................17
86	              3.3.6. Reversion.......................................18
87	           3.4. Nodes................................................18
88	              3.4.1. Protection-Switching Node.......................18
89	              3.4.2. Non-Protection Switching Node...................19
90	              3.4.3. Headend Node....................................19
91	              3.4.4. Backup Node.....................................19
92	              3.4.5. Merge Node......................................20
93	              3.4.6. Primary Node....................................20
94	              3.4.7. Standby Node....................................21
95	           3.5. Benchmarks...........................................21
96	              3.5.1. Failover Packet Loss............................21
97	              3.5.2. Reversion Packet Loss...........................22
98	              3.5.3. Failover Time...................................22
99	              3.5.4. Reversion Time..................................23
100	              3.5.5. Additive Backup Delay...........................23
101	           3.6 Failover Time Calculation Methods.....................24
102	              3.6.1 Time-Based Loss Method...........................24
103	              3.6.2 Packet-Loss Based Method.........................25
104	              3.6.3 Timestamp-Based Method...........................25
105	        4. Acknowledgments...........................................26
106	        5. IANA Considerations.......................................26
107	        6. Security Considerations...................................26
108	        7. References................................................26
109	        8. Authors' Addresses........................................27
110	                          Protection Performance

112	1. Introduction

114	   The IP network layer provides route convergence to protect data
115	   traffic against planned and unplanned failures in the internet. Fast
116	   convergence times are critical to maintain reliable network
117	   connectivity and performance.  Convergence Events [7] are recognized
118	   at the IP Layer so that Route Convergence [7] occurs.  Technologies
119	   that function at sub-IP layers can be enabled to provide further
120	   protection of IP traffic by providing the failure recovery at the
121	   sub-IP layers so that the outage is not observed at the IP-layer.
122	   Such sub-IP protection technologies include, but are not limited to,
123	   High Availability (HA) stateful failover, Virtual Router Redundancy
124	   Protocol (VRRP) [11], Automatic Link Protection (APS) for SONET/SDH,
125	   Resilient Packet Ring (RPR) for Ethernet, and Fast Reroute for
126	   Multi-Protocol Label Switching (MPLS-FRR) [8].

128	   1.1 Scope
129	   Benchmarking terminology was defined for IP-layer convergence in
130	   [7].  Different terminology and methodologies specific to
131	   benchmarking sub-IP layer protection mechanisms are required.  The
132	   metrics for benchmarking the performance of sub-IP protection
133	   mechanisms are measured at the IP layer, so that the results are
134	   always measured in reference to IP and independent of the specific
135	   protection mechanism being used. The purpose of this document is
136	   to provide a single terminology for benchmarking sub-IP protection
137	   mechanisms.

139	   A common terminology for Sub-IP layer protection mechanism
140	   benchmarking enables different implementations of a protection
141	   mechanism to be benchmarked and evaluated.  In addition,
142	   implementations of different protection mechanisms can be
143	   benchmarked and evaluated.  It is intended that there can exist
144	   unique methodology documents for each sub-IP protection mechanism
145	   based upon this common terminology document.  The terminology
146	   can be applied to methodologies that benchmark sub-IP protection
147	   mechanism performance with a single stream of traffic or
148	   multiple streams of traffic.  The traffic flow may be
149	   uni-directional or bi-directional as to be indicated in the
150	   methodology.

152	   1.2 General Model
153	   The sequence of events to benchmark the performance of Sub-IP
154	   Protection Mechanisms is as follows:

156	   1. Failover Event - Primary Path fails
157	   2. Failure Detection-  Failover Event is detected
158	   3. Failover - Backup Path becomes the Working Path due to Failover
159	                 Event
160	   4. Restoration - Primary Path recovers from a Failover Event
161	   5. Reversion (optional) - Primary Path becomes the Working Path

163	   These terms are further defined in this document.

165	                          Protection Performance

167	   Figures 1 through 5 show models that MAY be used when benchmarking
168	   Sub-IP Protection mechanisms, which MUST use a Protection Switching
169	   System that consists of a minimum of two Protection-Switching Nodes,
170	   an Ingress Node known as the Headend Node and an Egress Node known
171	   as the Merge Node.  The Protection Switching System MUST include
172	   either a Primary Path and Backup Path, as shown in Figures 1 through
173	   4, or a Primary Node and Standby Node, as shown in Figure 5.  A
174	   Protection Switching System may provide link protection, node
175	   protection, path protection, local link protection, and high
176	   availability, as shown in Figures 1 through 5 respectively.  A
177	   Failover Event occurs along the Primary Path or at the Primary Node.
178	   The Working Path is the Primary Path prior to the Failover Event and
179	   the Backup Path after the Failover Event.  A Tester is set outside
180	   the two paths or nodes as it sends and receives IP traffic along the
181	   Working Path.  The tester MUST record the IP packet sequence numbers,
182	   departure time, and arrival time so that the metrics of Failover
183	   Time, Additive Latency, Packet Reordering, Duplicate Packets, and
184	   Reversion Time can be measured.  The Tester may be a single device
185	   or a test system.  If Reversion is supported then the Working Path is
186	   the Primary Path after Restoration (Failure Recovery) of the Primary
187	   Path.

189	   Link Protection, as shown in Figure 1, provides protection when a
190	   Failover Event occurs on the link between two nodes along the Primary
191	   Path.  Node Protection, as shown in Figure 2, provides protection
192	   when a Failover Event occurs at a Node along the Primary Path.
193	   Path Protection, as shown in Figure 3, provides protection for link
194	   or node failures for multiple hops along the Primary Path.  Local
195	   Link Protection, as shown in Figure 4, provides Sub-IP Protection of
196	   a link between two nodes, without a Backup Node.  An example of such
197	   a Sub-IP Protection mechanism is SONET APS.  High Availability
198	   Protection, as shown in Figure 5, provides protection of a Primary
199	   Node with a redundant Standby Node.  State Control is provided
200	   between the Primary and Standby Nodes.  Failure of the Primary Node
201	   is detected at the Sub-IP layer to force traffic to switch to the
202	   Standby Node, which has state maintained for zero or minimal packet
203	   loss.

205	                      +-----------+
206	       +--------------|  Tester   |<-----------------------+
207	       |              +-----------+                        |
208	       | IP Traffic        | Failover           IP Traffic |
209	       |                   |  Event                        |
210	       |     ------------  |                 ----------    |
211	       +--->|  Ingress/  | V                | Egress/  |---+
212	            |Headend Node|------------------|Merge Node|  Primary
213	             ------------                    ----------    Path
214	                |                                ^
215	                |         ---------              |  Backup
216	                +--------| Backup  |-------------+   Path
217	                         |  Node   |
218	                          ---------
219	   Figure 1. System Under Test (SUT) for Sub-IP Link Protection
220	                          Protection Performance

222	                            +-----------+
223	       +--------------------|  Tester   |<-----------------+
224	       |                    +-----------+                  |
225	       | IP Traffic               | Failover    IP Traffic |
226	       |                          | Event                  |
227	       |                          V                        |
228	       |     ------------      --------      ----------    |
229	       +--->|  Ingress/  |    |MidPoint|    | Egress/  |---+
230	            |Headend Node|----|  Node  |----|Merge Node|  Primary
231	             ------------      --------      ----------    Path
232	                |                                ^
233	                |         ---------              |  Backup
234	                +--------| Backup  |-------------+   Path
235	                         |  Node   |
236	                          ---------

238	   Figure 2. System Under Test (SUT) for Sub-IP Node Protection

240	                               +-----------+
241	    +---------------------------|  Tester   |<----------------------+
242	    |                           +-----------+                       |
243	    | IP Traffic                      | Failover         IP Traffic |
244	    |                                 | Event                       |
245	    |                Primary Path     |                             |
246	    |     ------------      --------  |  --------     ----------    |
247	    +--->|  Ingress/  |    |MidPoint| V |Midpoint|   | Egress/  |---+
248	         |Headend Node|----|  Node  |---|  Node  |---|Merge Node|
249	          ------------      --------     --------     ----------
250	                |                                         ^
251	                |         ---------      --------         | Backup
252	                +--------| Backup  |----| Backup |--------+  Path
253	                         |  Node   |    |  Node  |
254	                          ---------      --------

256	   Figure 3. System Under Test (SUT) for Sub-IP Path Protection

258	                                  +-----------+
259	             +--------------------|  Tester   |<-------------------+
260	             |                    +-----------+                    |
261	             | IP Traffic               | Failover      IP Traffic |
262	             |                          | Event                    |
263	             |              Primary     |                          |
264	             |    +--------+  Path      v            +--------+    |
265	             |    |        |------------------------>|        |    |
266	             +--->| Ingress|                         | Egress |----+
267	                  |  Node  |- - - - - - - - - - - - >|  Node  |
268	                  +--------+      Backup Path        +--------+
269	                  ^                                           ^
270	                  |            IP-Layer Forwarding            |
271	                  +-------------------------------------------+

273	   Figure 4. System Under Test (SUT) for Sub-IP Local Link Protection
274	                          Protection Performance

276	                         +-----------+
277	       +-----------------|  Tester   |<--------------------+
278	       |                 +-----------+                     |
279	       | IP Traffic            | Failover       IP Traffic |
280	       |                       | Event                     |
281	       |                       V                           |
282	       |     ---------      --------      ----------       |
283	       +--->| Ingress |    |Primary |    | Egress/  |------+
284	            |   Node  |----|  Node  |----|Merge Node|  Primary
285	             ---------      --------      ----------    Path
286	                |        State |Control       ^
287	                |    Interface |(Optional)    |
288	                |          ---------          |
289	                +---------| Standby |---------+
290	                          |  Node   |
291	                           ---------

293	Figure 5. System Under Test (SUT) for Sub-IP Redundant Node Protection

295	   Some protection switching technologies may use a series of
296	   steps that differ from the general model. The specific differences
297	   SHOULD be highlighted in each technology-specific methodology.
298	   Note that some protection switching technologies are endowed
299	   with the ability to re-optimize the working path after a
300	   node or link failure.

302	2. Existing definitions
303	   This document uses existing terminology defined in other BMWG
304	   work.  Examples include, but are not limited to:

306	          Latency                   [Ref.[2], section 3.8]
307	          Frame Loss Rate           [Ref.[2], section 3.6]
308	          Throughput                [Ref.[2], section 3.17]
309	          Device Under Test (DUT)   [Ref.[3], section 3.1.1]
310	          System Under Test (SUT)   [Ref.[3], section 3.1.2]
311	          Offered Load              [Ref.[3], section 3.5.2]
312	          Out-of-order Packet       [Ref.[4], section 3.3.2]
313	          Duplicate Packet          [Ref.[4], section 3.3.3]
314	          Forwarding Delay          [Ref.[4], section 3.2.4]
315	          Jitter                    [Ref.[4], section 3.2.5]
316	          Packet Loss               [Ref.[7], Section 3.5]
317	          Packet Reordering         [Ref.[10], section 3.3]

319	   This document has the following frequently used acronyms:
320	      DUT  Device Under Test
321	      SUT  System Under Test

323	   This document adopts the definition format in Section 2 of RFC 1242
324	   [2].  Terms defined in this document are capitalized when used
325	   within this document.

327	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
328	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
329	   document are to be interpreted as described in BCP 14, RFC 2119 [5].
330	   RFC 2119 defines the use of these key words to help make the
331	   intent of standards track documents as clear as possible.  While this
332	   document uses these keywords, this document is not a standards track
333	   document.

335	                          Protection Performance

337	3. Test Considerations

339	  3.1. Paths

341	    3.1.1 Path

343	    Definition:
344	       A unidirectional sequence of nodes, <R1, ..., Rn>, and links
345	      <L12,... L(n-1)n> with the following properties:

347	       a. R1 is the ingress node and forwards IP packets, which input
348	       into DUT/SUT, to R2 as sub-IP frames over link L12.

350	       b. Ri is a node which forwards data frames to R[i+1] over Link
351	       Li[i+1] for all i, 1<i<n, based on information in the sub-IP
352	       layer.

354	       c. Rn is the egress node and it outputs sub-IP frames from
355	       DUT/SUT as IP packets.

357	    Discussion:
358	       The path is defined in the sub-IP layer in this document, unlike
359	       an IP path in RFC 2026 [1].   One path may be regarded as being
360	       equivalent to one IP link between two IP nodes, i.e., R1 and Rn.
361	       The two IP nodes may have multiple paths for protection.  A
362	       packet will travel on only one path between the nodes.  Packets
363	       belonging to a microflow [9] will traverse one or more paths.
364	       The path is unidirectional.  For example, the link between R1
365	       and R2 in the direction from R1 to R2 is L12.  For traffic
366	       flowing in the reverse direction from R2 to R1, the link is L21.
367	       Example paths are the SONET/SDH path and the label switched path
368	       for MPLS.

370	    Measurement units:
371	       n/a

373	    Issues:
374	       "A bidirectional path", which transmits traffic in both
375	       directions along the same nodes, consists of two unidirectional
376	       paths.  Therefore, the two unidirectional paths belonging to
377	       "one bidirectional path" will be treated independently when
378	       benchmarking for "a bidirectional path".

380	    See Also:
381	       Working Path
382	       Primary Path
383	       Backup Path
384	                          Protection Performance

386	    3.1.2. Working Path

388	    Definition:
389	       The path that the DUT/SUT is currently using to forward
390	       packets.

392	    Discussion:
393	       A Primary Path is the Working Path before occurrence of a
394	       Failover Event.  A Backup Path SHALL become the Working Path
395	       after a Failover Event.

397	    Measurement units:
398	       n/a

400	    Issues:

402	    See Also:
403	       Path
404	       Primary Path
405	       Backup Path

407	   3.1.3.  Primary Path

409	       Definition:
410	       The preferred path for forwarding traffic between two or
411	       more nodes.

413	       Discussion:
414	       The Primary Path is the Path that traffic traverses
415	       prior to a Failover Event.

417	       Measurement units:
418	          n/a

420	        Issues:
421	          None

423	        See Also:
424	          Path
425	          Failover Event

427	    3.1.4.  Protected Primary Path

429	       Definition:
430	       A Primary Path that is protected with a Backup Path.

432	       Discussion:
433	       A Protected Primary Path MUST include at least one Protection
434	       Switching Node.

436	                          Protection Performance

438	       Measurement units:
439	          n/a

441	       Issues: None

443	       See Also:
444	          Path
445	          Primary Path

447	    3.1.5.  Backup Path

449	       Definition:
450	       A path that exists to carry data traffic only if a Failover
451	       Event occurs on a Primary Path.

453	       Discussion:
454	       The Backup Path SHALL become the Working Path upon a Failover
455	       Event.  A Path MAY have one or more Backup Paths.  A Backup
456	       Path MAY protect one or more Primary Paths.  There are various
457	       types of Backup Paths:

459	          a. dedicated recovery Backup Path (1+1), which has 100%
460	          redundancy for a specific ordinary path,

462	          b. shared Backup Path (1:N), which is dedicated to the
463	          protection for more than one specific Primary Path

465	          c. associated shared Backup Path (M:N) for which a specific
466	          set of Backup Paths protects a specific set of more than one
467	          Primary Path.

469	       A Backup Path may be signaled or unsignaled.  The Backup Path
470	       MUST be created prior to the Failover Event.  The backup path
471	       generally originates at the point of failure, and terminates at
472	       a node along a primary path.

474	       Measurement units:
475	          n/a

477	       Issues:

479	       See Also:
480	          Path
481	          Working Path
482	          Primary Path
483	                          Protection Performance

485	     3.1.6.  Standby Backup Path

487	        Definition:
488	        A Backup Path that is established prior to a Failover Event
489	        to protect a Primary Path.

491	        Discussion:
492	        The Standby Backup Path and Dynamic Backup Path provide
493	        protection, but are established at different times.

495	        Measurement units: n/a

497	        Issues: None

499	        See Also:
500	           Backup Path
501	           Primary Path
502	           Failover Event

504	     3.1.7. Dynamic Backup Path

506	        Definition:
507	        A Backup Path that is established upon occurrence of a
508	        Failover Event.

510	        Discussion:
511	        The Standby Backup Path and Dynamic Backup Path provide
512	        protection, but are established at different times.

514	        Measurement units: n/a

516	        Issues: None

518	        See Also:
519	            Backup Path
520	            Standby Backup Path
521	            Failover Event

523	     3.1.8. Disjoint Paths

525	        Definition:
526	        A pair of paths that do not share a common link.

528	        Discussion:
529	        Two paths are disjoint if they do not share a common node other
530	        than the ingress and egress.

532	                          Protection Performance

534	        Measurement units: n/a

536	        Issues: None

538	        See Also:
539	           Path
540	           Primary Path
541	           SRLG

543	     3.1.9. Point of Local Repair (PLR)
544	         Definition:
545	         A node capable of Failover along the Primary Path that is
546	         also the ingress node for the Backup Path to protect another
547	         node or link.

549	         Discussion:
550	         Any node along the Primary Path from the ingress node to
551	         the penultimate egress node MAY be a PLR.  The PLR MAY use
552	         a single Backup Path for protecting one or more Primary
553	         Paths.  There can be multiple PLRs along a Primary Path.
554	         The PLR MUST be an ingress to a Backup Path.  The PLR can
555	         be any node along the Primary Path except the egress node
556	         of the Primary Path.  The PLR MAY simultaneously be a
557	         Headend Node when it is serving the role as ingress to
558	         the Primary Path and the Backup Path.  If the PLR is
559	         also the Headend Node, then the Backup Path is a Disjoint
560	         Path from the ingress to the Merge Node.

562	         Measurement units: n/a

564	         Issues: None

566	         See Also:
567	             Primary Path
568	             Backup Path
569	             Failover

571	     3.1.10. Shared Risk Link Group (SRLG)
572	         Definition:
573	         SRLG is a set of links which share a physical resource.

575	         Discussion:
576	         SRLG is considered the set of links to be avoided when
577	         the primary and secondary paths are considered disjoint.
578	         The SRLG will fail as a group if the shared resource fails.

580	         Measurement units: n/a

582	         Issues: None

584	         See Also:
585	             Path
586	             Primary Path
587	                          Protection Performance

589	   3.2. Protection
590	     3.2.1. Link Protection
591	         Definition:
592	         A Backup Path that is signaled to at least one Backup Node
593	         to protect for failure of interfaces and links along a
594	         Primary Path.

596	         Discussion:
597	         Link Protection may or may not protect the entire Primary
598	         Path.  Link protection is shown in Figure 1.

600	         Measurement units: n/a

602	         Issues: None

604	         See Also:
605	             Primary Path
606	             Backup Path

608	     3.2.2. Node Protection
609	         Definition:
610	         A Backup Path that is signaled to at least one Backup Node
611	         to protect for failure of interfaces, links, and nodes
612	         along a Primary Path.

614	         Discussion:
615	         Node Protection may or may not protect the entire Primary
616	         Path.  Node Protection also provides Link Protection.
617	         Node Protection is shown in Figure 2.

619	         Measurement units: n/a

621	         Issues: None

623	         See Also:
624	             Link Protection

626	     3.2.3. Path Protection
627	        Definition:
628	        A Backup Path that is signaled to at least one Backup Node
629	        to provide protection along the entire Primary Path.

631	        Discussion:
632	        Path Protection provides Node Protection and Link Protection
633	        for every node and link along the Primary Path.  A Backup
634	        Path providing Path Protection MUST have the same ingress
635	        node as the Primary Path.  Path Protection is shown in
636	        Figure 3.

638	        Measurement units: n/a

640	        Issues: None
641	                          Protection Performance

643	        See Also:
644	             Primary Path
645	             Backup Path
646	             Node Protection
647	             Link protection

649	     3.2.4. Backup Span

651	        Definition:
652	        The number of hops used by a Backup Path.

654	        Discussion:
655	        The Backup Span is an integer obtained by counting the
656	        number of nodes along the Backup Path.

658	        Measurement units:
659	             number of nodes

661	        Issues:
662	             None

664	        See Also:
665	             Primary Path
666	             Backup Path

668	     3.2.5. Local Link Protection

670	        Definition:
671	        A Backup Path that is a redundant path between two nodes
672	        which does not use a Backup Node.

674	        Discussion:
675	        Local Link Protection MUST be provided as a Backup Path
676	        between two nodes along the Primary Path without the use
677	        of a Backup Node.  Local Link Protection is provided by
678	        Protection Switching Systems such as SONET APS.  Local
679	        Link Protection is shown in Figure 4.

681	        Measurement units: None

683	        Issues: None

685	        See Also:
686	        Backup Path
687	        Backup Node
688	                          Protection Performance

690	     3.2.6. Redundant Node Protection

692	        Definition:
693	        A Protection Switching System with a Primary Node
694	        protected by a Standby Node along the Primary Path.

696	        Discussion:
697	        Redundant Node Protection is provided by Protection
698	        Switching Systems such as VRRP and HA.  The protection
699	        mechanisms occur at Sub-IP layers to switch traffic from
700	        a Primary Node to Backup Node upon a Failover Event at
701	        the Primary Node.  Traffic continues to traverse the
702	        Primary Path through the Standby Node.  The failover MAY
703	        be stateful, in which the state information MAY be
704	        exchanged in-band or over an out-of-band state control
705	        interface.  The Standby Node MAY be active or passive.
706	        Redundant Node Protection is shown in Figure 5.

708	        Measurement units: None

710	        Issues: None

712	        See Also:
713	        Primary Path
714	        Primary Node
715	        Standby Node

717	     3.2.7. State Control Interface

719	        Definition:
720	        An out-of-band control interface used to exchange state
721	        information between the Primary Node and Standby Node.

723	        Discussion:
724	        The State Control Interface MAY be used for Redundant Node
725	        Protection.  The State Control Interface MUST be out-of-band.
726	        It is possible to have Redundant Node Protection in which
727	        there is no state control or state control is provided
728	        in-band.  The State Control Interface between the Primary
729	        and Standby Node MAY be one or more hops.

731	        Measurement units: None

733	        Issues: None

735	        See Also:
736	        Primary Node
737	        Standby Node
738	                          Protection Performance

740	     3.2.8. Protected Interface

742	        Definition:
743	        An interface along the Primary Path that is protected by
744	        a Backup Path.

746	        Discussion:
747	        A Protected Interface is an interface protected by a
748	        Protection Switching System that provides Link
749	        Protection, Node Protection, Path Protection, Local
750	        Link Protection, and Redundant Node Protection.

752	        Measurement units: None

754	        Issues: None

756	        See Also:
757	           Primary Path
758	           Backup Path

760	   3.3. Protection Switching

762	     3.3.1.  Protection Switching System

764	        Definition:
765	          A DUT/SUT that is capable of Failure Detection and Failover
766	          from a Primary Path to a Backup Path or Standby Node when a
767	          Failover Event occurs.

769	        Discussion:
770	          The Protection Switching System MUST include either a
771	          Primary Path and Backup Path, as shown in Figures 1 through
772	          4, or a Primary Node and Standby Node, as shown in Figure
773	          5.  The Backup Path MAY be a Standby Backup Path or a
774	          dynamic Backup Path.  The Protection Switching System
775	          includes the mechanisms for both Failure Detection and
776	          Failover.

778	        Measurement units: n/a

780	        Issues: None

782	        See Also:
783	             Primary Path
784	             Backup Path
785	             Failover

787	     3.3.2.  Failover Event

789	       Definition:
790	       The occurrence of a planned or unplanned action in the network
791	       that results in a change in the Path that data traffic traverses.

793	                          Protection Performance

795	       Discussion:
796	       Failover Events include, but are not limited to, link failure
797	       and router failure.  Routing changes are considered Convergence
798	       Events [7] and are not Failover Events.  This restricts
799	       Failover Events to sub-IP layers. Failover may be at the PLR or
800	       at the ingress. If the failover is at the ingress it is
801	       generally on a disjoint path from the ingress to egress.

803	       Failover Events may results from failures such as link failure
804	       or router failure.  The change in path after Failover MAY have
805	       a Backup Span of one or more nodes.  Failover Events are
806	       distinguished from routing changes and Convergence Events [7]
807	       by the detection of the failure and subsequent protection
808	       switching at a sub-IP layer.  Failover occurs at a Point of
809	       Local Repair (PLR) or Primary Node.

811	       Measurement units:
812	          n/a

814	       Issues: None

816	       See Also:
817	          Path
818	          Failure Detection
819	          Disjoint Path

821	     3.3.3.  Failure Detection

823	       Definition:
824	       The process to identify at a sub-IP layer a Failover Event
825	       at a Primary Node or along the Primary Path.

827	       Discussion:
828	       Failure Detection occurs at the Primary Node or ingress node
829	       of the Primary  Path.  Failure Detection occurs via a sub-IP
830	       mechanism such as detection of a link down event or timeout for
831	       receipt of a control packet. A failure may be completely
832	       isolated. A failure may affect a set of links which share a
833	       single SRLG (e.g. port with many sub-interfaces). A failure may
834	       affect multiple links that are not part of SRLG.

836	       Measurement units: n/a

838	       Issues:

840	       See Also:
841	         Primary Path
842	                          Protection Performance

844	     3.3.4.  Failover

846	        Definition:
847	        The process to switch data traffic from the protected Primary
848	        Path to the Backup Path upon Failure Detection of a Failover
849	        Event.

851	        Discussion:
852	        Failover to a Backup Path provides Link Protection, Node
853	        Protection, or Path Protection.  Failover is complete when
854	        Packet Loss [7], Out-of-order Packets [4], and Duplicate
855	        Packets [4] are no longer observed.  Forwarding Delay [4]
856	        may continue to be observed.

858	        Measurement units:
859	            n/a

861	        Issues:

863	        See Also:
864	             Primary Path
865	             Backup Path
866	             Failover Event

868	     3.3.5.  Restoration

870	        Definition:
871	        The state of failover recovery in which the Primary Path
872	        has recovered from a Failover Event, but is not yet
873	        forwarding packets because the Backup Path remains the
874	        Working Path.

876	        Discussion:
877	        Restoration MUST occur while the Backup Path is the
878	        Working Path.  The Backup Path is maintained as the
879	        Working Path during Restoration.  Restoration produces
880	        a Primary Path that is recovered from failure, but is
881	        not yet forwarding traffic.  Traffic is still being
882	        forwarded by the Backup Path functioning as the Working
883	        Path.

885	        Measurement units:
886	            n/a

888	        Issues:

890	        See Also:
891	            Primary Path
892	            Failover Event
893	            Failure Recovery
894	            Working Path
895	            Backup Path
896	                          Protection Performance

898	     3.3.6.  Reversion

900	        Definition:
901	        The state of failover recovery in which the Primary Path has
902	        become the Working Path so that it is forwarding packets.

904	        Discussion:
905	        Protection Switching Systems may or may not support Reversion.
906	        Reversion, if supported, MUST occur after Restoration.
907	        Packet forwarding on the Primary Path resulting from Reversion
908	        may occur either fully or partially over the Primary Path.  A
909	        potential problem with Reversion is the discontinuity in end to
910	        end delay when the Forwarding Delays [4] along the Primary Path
911	        and Backup Path are different, possibly causing Out of Order
912	        Packets [4], Duplicate Packets [4], and increased Jitter [4].

914	        Measurement units: n/a

916	        Issues: None

918	        See Also:
919	            Protection Switching System
920	            Working Path
921	            Primary Path

923	   3.4. Nodes

925	     3.4.1.  Protection-Switching Node

927	         Definition:
928	         A node that is capable of participating in a Protection
929	         Switching System.

931	         Discussion:
932	         The Protection Switching Node MAY be an ingress or egress for
933	         a Primary Path or Backup Path, such as used for MPLS Fast
934	         Reroute configurations.  The Protection Switching Node MAY
935	         provide Redundant Node Protection as a Primary Node in a
936	         Redundant chassis configuration with a Standby Node, such as
937	         used for VRRP and HA configurations.

939	         Measurement units:
940	             n/a

942	         Issues:

944	         See Also:
945	             Protection Switching System
946	                          Protection Performance

948	     3.4.2.  Non-Protection Switching Node

950	         Definition:
951	         A node that is not capable of participating in a Protection
952	         Switching System, but MAY exist along the Primary Path or
953	         Backup Path.

955	         Discussion:

957	         Measurement units:
958	             n/a

960	         Issues:

962	         See Also:
963	             Protection Switching System
964	             Primary Path
965	             Backup Path

967	     3.4.3.  Headend Node
968	        Definition:
969	        The ingress node of the Primary Path.

971	        Discussion:
972	        The Headend Node may also be a PLR when it is serving in
973	        the dual role as the ingress to the Backup Path.

975	        Measurement units: n/a

977	        Issues:

979	        See Also:
980	             Primary Path
981	             Point of Local Repair (PLR)
982	             Failover

984	     3.4.4.  Backup Node
985	        Definition:
986	        A node along the Backup Path.

988	        Discussion:
989	        The Backup Node can be any node along the Backup Path.
990	        There MAY be one or more Backup Nodes along the Backup Path.
991	        A Backup Node MAY be the ingress, mid-point, or egress of
992	        the Backup Path.  If the Backup Path has only one Backup
993	        Node, then that Backup Node is the ingress and egress of the
994	        Backup Path.

996	                          Protection Performance

998	        Measurement units: n/a

1000	        Issues:

1002	        See Also:
1003	             Backup Path

1005	       3.4.5.  Merge Node
1006	         Definition:
1007	             A node along the Primary Path where Backup Path terminates.

1009	         Discussion:
1010	             The Merge Node can be any node along the Primary Path
1011	             except the ingress node of the Primary Path.  There can be
1012	             multiple Merge Nodes along a Primary Path.  A Merge Node
1013	             can be the egress node for a single or multiple Backup
1014	             Paths.  The Merge Node MUST be the egress to the Backup
1015	             Path.  The Merge Node MAY also be the egress of the
1016	             Primary Path or Point of Local Repair (PLR).

1018	         Measurement units:
1019	             n/a

1021	         Issues:

1023	         See Also:
1024	             Primary Path
1025	             Backup Path
1026	             PLR
1027	             Failover

1029	     3.4.6. Primary Node

1031	        Definition:
1032	        A node along the Primary Path that is capable of Failover to a
1033	        redundant Standby Node.

1035	        Discussion:
1036	        The Primary Node MAY be used for Protection Switching Systems
1037	        that provide Redundant Node Protection, such as VRRP and HA

1039	        Measurement units: n/a

1041	        Issues:

1043	        See Also:
1044	             Protection Switching System
1045	             Redundant Node Protection
1046	             Standby Node
1047	                          Protection Performance

1049	     3.4.7.  Standby Node

1051	        Definition:
1052	        A redundant node to a Primary Node that forwards traffic along
1053	        the Primary Path upon Failure Detection of the Primary Node.

1055	        Discussion:
1056	        The Standby Node MUST be used for Protection Switching
1057	        Systems that provide Redundant Node Protection, such as VRRP
1058	        and HA.  The Standby Node MUST provide protection along the
1059	        same Primary Path.  If the failover is to a Disjoint Path then
1060	        it is a Backup Node.  The Standby Node MAY be configured
1061	        for 1:1 or N:1 protection.

1063	        The communication between the Primary Node and Standby Node
1064	        MAY be in-band or across an out-of-band State Control
1065	        interface.  The Standby Node MAY be geographically dispersed
1066	        from the Primary Node.  When geographically dispersed, the
1067	        number of hops of separation may increase failover time.

1069	        The Standby Node MAY be passive or active.  The Passive Standby
1070	        Node is not offered traffic and does not forward traffic until
1071	        Failure Detection of the Primary Node.  Upon Failure Detection
1072	        of the Primary Node, traffic offered to the Primary Node is
1073	        instead offered to the Passive Standby Node.  The Active
1074	        Standby Node is offered traffic and forwards traffic along the
1075	        Primary Path while the Primary Node is also active.  Upon
1076	        Failure Detection of the Primary Node, traffic offered to the
1077	        Primary Node is switched to the Active Standby Node.

1079	        Measurement units: n/a

1081	        Issues:

1083	        See Also:
1084	             Primary Node
1085	             State Control Interface

1087	     3.5.  Benchmarks
1088		The following Benchmarks MAY be assessed on a per-flow basis
1089	        using at least 16 flows spread over the routing table (more
1090	        flows is better). Otherwise, the impact of a prefix-dependency
1091	        in the implementation of a particular protection technology
1092	        could be missed. However, the test designer must be aware of
1093	        the number of packets per second sent to each prefix, as this
1094	        establishes sampling of the path and the time resolution for
1095	        measurement of Failover time on a per-flow basis.

1097	      3.5.1.  Failover Packet Loss
1098	        Definition:
1099	        The amount of packet loss produced by a Failover Event until
1100	        Failover completes, where the measurement begins when the last
1101	        unimpaired packet is received by the Tester on the Protected
1102	        Primary Path and ends when the first unimpaired packet is
1103	        received by the Tester on the Backup Path.

1105	                          Protection Performance

1107	        Discussion:
1108	        Packet loss can be observed as a reduction of forwarded
1109	        traffic from the maximum forwarding rate.  Failover Packet
1110	        Loss includes packets that were lost, reordered, or delayed.
1111	        Failover Packet Loss MAY reach 100% of the offered load.

1113	        Measurement units:
1114	          Number of Packets

1116	        Issues:  None

1118	        See Also:
1119	           Failover Event
1120	           Failover

1122	      3.5.2.   Reversion Packet Loss

1124	        Definition:
1125	        The amount of packet loss produced by Reversion, where the
1126	        measurement begins when the last unimpaired packet is received
1127	        by the Tester on the Backup Path and ends when the first
1128	        unimpaired packet is received by the Tester on the Protected
1129	        Primary Path .

1131	        Discussion:
1132	        Packet loss can be observed as a reduction of forwarded
1133	        traffic from the maximum forwarding rate.  Reversion Packet
1134	        Loss includes packets that were lost, reordered, or delayed.
1135	        Reversion Packet Loss MAY reach 100% of the offered load.

1137	         Measurement units: Number of Packets

1139	         Issues:  None

1141	         See Also:
1142	           Reversion

1144	      3.5.3. Failover Time

1146	        Definition:
1147	         The amount of time it takes for Failover to successfully
1148	         complete.

1150	        Discussion:
1151	        Failover Time can be calculated using the Time-Based Loss
1152	        Method (TBLM), Packet-Loss Based Method (PLBM), or
1153	        Timestamp-Based Method (TBM).  It is RECOMMENDED that the
1154	        TBM is used.

1156	                          Protection Performance

1158	        Measurement units:
1159	           milliseconds

1161	        Issues: None

1163	        See Also:
1164	           Failover
1165	           Failover Time
1166	           Time-Based Loss Method (TBLM)
1167	           Packet-Loss Based Method (PLBM)
1168	           Timestamp-Based Method (TBM)

1170	      3.5.4.  Reversion Time

1172	        Definition:
1173	        The amount of time it takes for Reversion to complete so
1174	        that the Primary Path is restored as the Working Path.

1176	        Discussion:
1177	        Reversion Time can be calculated using the Time-Based Loss
1178	        Method (TBLM), Packet-Loss Based Method (PLBM), or
1179	        Timestamp-Based Method (TBM).  It is RECOMMENDED that the
1180	        TBM is used.

1182	        Measurement units:
1183	           milliseconds

1185	        Issues: None

1187	        See Also:
1188	           Reversion
1189	           Primary Path
1190	           Working Path
1191	           Reversion Packet Loss
1192	           Time-Based Loss Method (TBLM)
1193	           Packet-Loss Based Method (PLBM)
1194	           Timestamp-Based Method (TBM)

1196	      3.5.5.  Additive Backup Delay

1198	        Definition:
1199	        The amount of increased Forwarding Delay [4] resulting
1200	        from data traffic traversing the Backup Path instead of
1201	        the Primary Path.

1203	        Discussion:
1204	        Additive Backup Delay is calculated using Equation 1 as
1205	        shown below:

1207	        (Equation 1)
1208	        Additive Backup Delay =
1209	                  Forwarding Delay(Backup Path) -
1210	                  Forwarding Delay(Primary Path).

1212	                          Protection Performance

1214	        Measurement units:
1215	           milliseconds

1217	        Issues:
1218	        Additive Backup Latency MAY be a negative result.
1219	        This is theoretically possible, but could be indicative
1220	        of a sub-optimum network configuration .

1222	        See Also:
1223	           Primary Path
1224	           Backup Path
1225	           Primary Path Latency
1226	           Backup Path Latency

1228	     3.6 Failover Time Calculation Methods
1229	        The following Methods MAY be assessed on a per-flow basis using
1230		at least 16 flows spread over the routing table (more flows is
1231	        better). Otherwise, the impact of a prefix-dependency in the
1232	        implementation of a particular protection technology could be
1233	        missed. However, the test designer must be aware of the number
1234	        of packets per second sent to each prefix, as this establishes
1235	        sampling of the path and the time resolution for measurement
1236	        of Failover time on a per-flow basis.

1238	     3.6.1 Time-Based Loss Method (TBLM)

1240	      Definition:
1241	      The method to calculate Failover Time (or Reversion Time) using a
1242	      time scale on the Tester to measure the interval of Failover
1243	      Packet Loss.

1245	      Discussion:
1246	      The Tester MUST provide statistics which show the duration of
1247	      failure on a time scale based on occurrence of packet loss on
1248	      a time scale.  This is indicated by the duration of non-zero
1249	      packet loss.  The TBLM includes failure detection time and
1250	      time for data traffic to begin traversing the Backup Path.
1251	      Failover Time and Reversion Time are calculated using the
1252	      TBLM as shown in Equation 2:

1254	      (Equation 2)
1255	          (Equation 2a)
1256	          TBLM Failover Time = Time(Failover) - Time(Failover Event)

1258	          (Equation 2b)
1259	          TBLM Reversion Time = Time(Reversion) - Time(Restoration)

1261	      Measurement units:
1262	         milliseconds

1264	      Issues:
1265	         None

1267	      See Also:
1268	         Failover
1269	         Packet-Loss Based Method
1270	                          Protection Performance

1272	     3.6.2 Packet-Loss Based Method (PLBM)

1274	      Definition:
1275	      The method used to calculate Failover Time (or Reversion Time)
1276	      from the amount of Failover Packet Loss.

1278	      Discussion:
1279	      PLBM includes failure detection time and time for data traffic to
1280	      begin traversing the Backup Path.  Failover Time can be
1281	      calculated using PLBM from the amount Failover Packet Loss as
1282	      shown below in Equation 3. Note: If traffic is sent to more than 1
1283	      destination, PLBM gives the average loss over the measured
1284	      destinations

1286	      (Equation 3)
1287	           (Equation 3a)
1288	           PLBM Failover Time =
1289	              (Number of packets lost /
1290	                       Offered Load rate) * 1000)

1292	           (Equation 3b)
1293	           PLBM Restoration Time =
1294	              (Number of packets lost /
1295	                       Offered Load rate) * 1000)

1297	           Units are packets/(packets/second) = seconds

1299	      Measurement units:
1300	         milliseconds

1302	      Issues:
1303	         None

1305	      See Also:
1306	         Failover
1307	         Time-Based Loss Method

1309	     3.6.3 Timestamp-Based Method (TBM)

1311	      Definition:
1312	      The method to calculate Failover Time (or Reversion Time)
1313	      using a time scale to quantify the interval between
1314	      unimpaired packets arriving in the test stream.

1316	      Discussion:
1317	      The purpose of this method is to quantify the duration of
1318	      failure or reversion on a time scale based on the
1319	      observation of unimpaired packets,  The TBM is calculated
1320	      from Equation 2 with the values obtained from the timestamp
1321	      in the packet payload, rather than from the Tester clock as
1322	      is used for the values when using the TBLM.

1324	      Unimpaired packets are normal packets that are not lost,
1325	      reordered, or duplicated.  A reordered packet is defined in
1326	                          Protection Performance

1328	      [10, section 3.3].  A duplicate packet is defined in
1329	      [4, section 3.3.3].  A lost packet is defined in
1330	      [7, Section 3.5].  Unimpaired packets may be detected by checking
1331	      a sequence number in the payload, where the sequence number equals
1332	      the next expected number for an unimpaired packet.  A sequence gap
1333	      or sequence reversal indicates impaired packets.

1335	      For calculating Failover Time, the TBM includes failure
1336	      detection time and time for data traffic to begin traversing the
1337	      Backup Path.  For calculating Reversion Time, the TBM includes
1338	      Reversion Time and time for data traffic to begin traversing the
1339	      Primary Path.

1341	      Measurement units:
1342	         milliseconds

1344	      Issues: None

1346	      See Also:
1347	         Failover
1348	         Failover Time
1349	         Reversion
1350	         Reversion Time

1352	4. Acknowledgements
1353	     We would like thank the BMWG and particularly Al Morton and Curtis
1354	     Villamizar for their reviews, comments, and contributions to this
1355	     work.

1357	5. IANA Considerations
1358	     This document requires no IANA considerations.

1360	6. Security Considerations

1362	   Benchmarking activities as described in this memo are limited to
1363	   technology characterization using controlled stimuli in a laboratory
1364	   environment, with dedicated address space and the constraints
1365	   specified in the sections above.

1367	   The benchmarking network topology will be an independent test setup
1368	   and MUST NOT be connected to devices that may forward the test
1369	   traffic into a production network, or misroute traffic to the test
1370	   management network.

1372	   Further, benchmarking is performed on a "black-box" basis, relying
1373	   solely on measurements observable external to the DUT/SUT.

1375	   Special capabilities SHOULD NOT exist in the DUT/SUT specifically for
1376	   benchmarking purposes.  Any implications for network security arising
1377	   from the DUT/SUT SHOULD be identical in the lab and in production
1378	   networks.

1380	7. References
1381	7.1. Normative References
1382	     [1] Bradner, S., "The Internet Standards Process -- Revision 3",
1383	         RFC 2026, October 1996.

1385	     [2] Bradner, S., Editor, "Benchmarking Terminology for
1386	         Network Interconnection Devices", RFC 1242, July 1991.

1388	     [3] Mandeville, R., "Benchmarking Terminology for LAN
1389	         Switching Devices", RFC 2285, February 1998.

1391	                          Protection Performance

1393	     [4] Poretsky, S., et al., "Terminology for Benchmarking
1394	         Network-layer Traffic Control Mechanisms", RFC 4689,
1395	         November 2006.

1397	     [5] Bradner, S., "Key words for use in RFCs to Indicate
1398	         Requirement Levels", RFC 2119, July 1997.

1400	     [6] Not used.

1402	     [7] Poretsky, S., Imhoff, B., "Benchmarking Terminology for IGP
1403	         Convergence", draft-ietf-bmwg-igp-dataplane-conv-term-16,
1404	         work in progress, October 2009.

1406	     [8] Pan., P. et al, "Fast Reroute Extensions to RSVP-TE for LSP
1407	         Paths", RFC 4090, May 2005.

1409	     [9] Nichols, K., et al, "Definition of the Differentiated
1410	         Services Field (DS Field) in the IPv4 and IPv6 Headers",
1411	         RFC 2474, December 1998.

1413	     [10] Morton, A., et al, "Packet Reordering Metrics", RFC 4737,
1414	          November 2006.

1416	     [11] Hinden, R., "Virtual Router Redundancy Protocol", RFC 3768,
1417	          April 2004.

1419	7.2. Informative References
1420	     None

1422	8.  Authors' Addresses

1424	   Scott Poretsky
1425	   Allot Communications
1426	   67 South Bedford Street, Suite 400
1427	   Burlington, MA 01803
1428	   USA
1429	   Phone: + 1 508 309 2179
1430	   Email: sporetsky@allot.com

1432	   Rajiv Papneja
1433	   Isocore
1434	   12359 Sunrise Valley Drive
1435	   Reston, VA 22102
1436	   USA
1437	   Phone: +1 703 860 9273
1438	   Email: rpapneja@isocore.com
1439	                          Protection Performance

1441	   Jay Karthik
1442	   Cisco Systems
1443	   300 Beaver Brook Road
1444	   Boxborough, MA 01719
1445	   USA
1446	   Phone: +1 978 936 0533
1447	   Email: jkarthik@cisco.com

1449	   Samir Vapiwala
1450	   Cisco System
1451	   300 Beaver Brook Road
1452	   Boxborough, MA 01719
1453	   USA
1454	   Phone: +1 978 936 1484
1455	   Email: svapiwal@cisco.com