idnits 2.17.1 

draft-ietf-isis-restart-03.txt:
  ** The Abstract section seems to be numbered


  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == There are 2 instances of lines with non-ascii characters in the document.

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** The abstract seems to contain references ([2], [3]), which it shouldn't.
      Please replace those with straight textual mentions of the documents in
     question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (March 2003) is 7706 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? '1' on line 13 looks like a reference

  -- Missing reference section? '2' on line 613 looks like a reference

  -- Missing reference section? '3' on line 613 looks like a reference

  -- Missing reference section? '4' on line 68 looks like a reference

  -- Missing reference section? '5' on line 113 looks like a reference


     Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Network Working Group                                          M. Shand
2	Internet Draft                                             Les Ginsberg
3	Expiration Date: September 2003                           Cisco Systems
4	                                                             March 2003

6	                      Restart signaling for IS-IS
7	                     draft-ietf-isis-restart-03.txt

9	Status of this Memo

11	   This document is an Internet-Draft and is in full conformance with
12	   all provisions of Section 10 of RFC2026 [1].

14	   Internet-Drafts are working documents of the Internet Engineering
15	   Task Force (IETF), its areas, and its working groups. Note that
16	   other groups may also distribute working documents as Internet-
17	   Drafts. Internet-Drafts are draft documents valid for a maximum of
18	   six months and may be updated, replaced, or obsoleted by other
19	   documents at any time. It is inappropriate to use Internet-Drafts as
20	   reference material or to cite them other than as "work in progress."

22	   The list of current Internet-Drafts can be accessed at
23	   http://www.ietf.org/ietf/1id-abstracts.txt

25	   The list of Internet-Draft Shadow Directories can be accessed at
26	   http://www.ietf.org/shadow.html.

28	1.   Abstract

30	   The IS-IS routing protocol (RFC 1142 [2], ISO/IEC 10589 [3]) is a
31	   link state intra-domain routing protocol. Normally, when an IS-IS
32	   router is restarted, the neighboring routers detect the restart
33	   event and cycle their adjacencies with the restarting router through
34	   the down state. This is necessary in order to invoke the protocol
35	   mechanisms to ensure correct synchronization of the LSP database.
36	   However, the cycling of the adjacency state causes the neighbors to
37	   regenerate their LSPs describing the adjacency concerned. This in
38	   turn causes temporary disruption of routes passing through the
39	   restarting router.

41	   In certain scenarios such temporary disruption of the routes is
42	   highly undesirable.

44	   This draft describes a mechanism for a restarting router to signal
45	   that it is restarting to its neighbors, and allow them to
46	   reestablish their adjacencies without cycling through the down
47	   state, while still correctly initiating database synchronization.

49	   When such a router is restarted, it is highly desirable that it does
50	   not recompute its own routes until it has achieved database
51	   synchronization with its neighbors. Recomputing its routes before
52	   synchronization is achieved will result in its own routes being
53	   temporarily incorrect.

55	   This draft additionally describes a mechanism for a restarting
56	   router to determine when it has achieved synchronization with its
57	   neighbors.

59	   This draft additionally describes a mechanism to optimize database
60	   synchronization and minimize transient routing disruption when a
61	   router starts.

63	2.   Conventions used in this document

65	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
66	   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
67	   this document are to be interpreted as described in RFC-2119 [4].

69	   If the control and forwarding functions in a router can be
70	   maintained independently, it is possible for the forwarding function
71	   state to be maintained across a control function restart. This
72	   functionality is assumed when the terms "restart/restarting" are
73	   used in this document.

75	   The terms "start/starting" are used to refer to a router in which
76	   the control function has either been started for the first time or
77	   has been restarted but the forwarding functions have not been
78	   maintained in a prior state.

80	   The terms "(re)start/(re)starting" are used when the text is
81	   applicable to both a "starting" and a "restarting" router.

83	3.   Overview

85	   There are two related problems with the existing specification of
86	   IS-IS with regard to synchronization of LSP databases when a router
87	   is restarted.

89	   Firstly, when a routing process restarts and an adjacency to a
90	   neighboring router is reinitialized the neighboring routing process
91	   does three things:

93	     1. It reinitializes the adjacency and causes its own LSP(s) to be
94	        regenerated, thus triggering SPF runs throughout the area (or
95	        in the case of Level 2, throughout the domain).

97	     2. It sets SRMflags on its own LSP database on the adjacency
98	        concerned.

100	     3. In the case of a Point-to-Point link it transmits a (set of)
101	        CSNP(s) over the adjacency.

103	   In the case of a restarting router process, the first of these is
104	   highly undesirable, but the second is essential in order to ensure
105	   synchronization of the LSP database.

107	   Secondly, whether or not the router is being restarted, it is
108	   desirable to be able to determine when the LSP databases of the
109	   neighboring routers have been synchronized (so that the overload bit
110	   can be cleared in the router's own LSP, for example). This document
111	   describes modifications to achieve this.

113	   It is assumed that the three-way handshake [5] is being used on
114	   Point-to-Point circuits.

116	4.   Approach

118	4.1    Timers

120	   Three additional timers, T1, T2 and T3 are required to support the
121	   functionality defined in this document.

123	   An instance of T1 is maintained per interface, and indicates the
124	   time after which an unacknowledged (re)start attempt will be
125	   repeated. A typical value might be 3 seconds.

127	   An instance of T2 is maintained for each LSP database present in the
128	   system i.e. for a Level1/2 system, there will be an instance of T2
129	   for Level 1 and an instance for Level 2. This is the maximum time
130	   that the system will wait for LSPDB synchronization. A typical value
131	   might be 60 seconds.

133	   A single instance of T3 is maintained for the entire system. It
134	   indicates the time after which the router will declare that it has
135	   failed to achieve database synchronization (by setting the overload
136	   bit in its own LSP). This is initialized to 65535 seconds, but is
137	   set to the minimum of the remaining times of received IIHs
138	   containing a restart TLV with RA set.

140	4.2    Restart TLV

142	   A new TLV is defined to be included in IIH PDUs. The presence of
143	   this TLV indicates that the sender supports the functionality
144	   defined in this document and it carries flags that are used to
145	   convey information during a (re)start. All IIHs transmitted by a
146	   router that supports this capability MUST include this TLV.

148	     Type   211
149	     Length 3
150	     Value (3 octets)
151	        Flags (1 octet)
152	               Bit 1 - Restart Request (RR)
153	               Bit 2 - Restart Acknowledgment (RA)
154	               Bit 3 � Suppress adjacency advertisement(SA)
155	               Bits 4-8 � Reserved
156	       Remaining Time (2 octets)
157	               Remaining holding time (in seconds)
158	               (note: only required when RA bit is set)

160	4.2.1      Use of RR and RA bits

162	   The RR bit is used by a (re)starting router to signal to its
163	   neighbors that a (re)start is in progress, that an existing
164	   adjacency should be maintained even under circumstances when the
165	   normal operation of the adjacency state machine would require the
166	   adjacency to be reinitialized, and to request a set of CSNPs.

168	   The RA bit is sent by the neighbor of a (re)starting router to
169	   acknowledge the receipt of a restart TLV with the RR bit set.

171	   When the neighbor of a (re)starting router receives an IIH with the
172	   restart TLV having the RR bit set, if there exists on this interface
173	   an adjacency in state "Up" with the same System ID, and in the case
174	   of a LAN circuit, with the same source LAN address, then,
175	   irrespective of the other contents of the "Intermediate System
176	   Neighbors" option (LAN circuits), or the "Point-to-Point Adjacency
177	   State" option (Point-to-Point circuits):

179	   a) The state of the adjacency is not changed. It is an
180	     implementation choice whether or not the holding time of the
181	     adjacency is refreshed. Not refreshing the holding time preserves
182	     the intention of the original holding time. Refreshing it may
183	     allow a longer grace period for the completion of the (re)start
184	     process. Whichever option is chosen, the "remaining time"
185	     transmitted according to (b) below MUST reflect the actual time
186	     after which the adjacency will now expire.

188	   b) immediately (i.e. without waiting for any currently running timer
189	     interval to expire, but with a small random delay of a few 10s of
190	     milliseconds on LANs to avoid "storms"), transmit over the
191	     corresponding interface an IIH including the restart TLV with the
192	     RR bit clear and the RA bit set, having updated the "Point-to-
193	     Point Adjacency State" option to reflect any new values received
194	     from the (re)starting router. (This allows a restarting router to
195	     quickly acquire the correct information to place in its hellos.)
196	     The "Remaining Time" MUST be set to the current time (in seconds)
197	     before the holding timer on this adjacency is due to expire. This
198	     IIH SHOULD be transmitted before any LSPs or SNPs transmitted as a
199	     result of the receipt of the original IIH.

201	   c) if the corresponding interface is a Point-to-Point interface, or
202	     if the receiving router has the highest LnRouterPriority (with
203	     highest source MAC address breaking ties) among those routers
204	     whose IIHs contain the restart TLV, excluding the transmitting
205	     router (note the actual DIS is NOT changed by this process.),
206	     initiate the transmission over the corresponding interface of a
207	     complete set of CSNPs, and set SRMflags on the corresponding
208	     interface for all LSPs in the local LSP database.

210	   Otherwise (i.e. if there was no adjacency in the "UP" state to the
211	   system ID in question), process the IIH as normal by reinitializing
212	   the adjacency, and setting the RA bit in the returned IIH.

214	4.2.2      Use of SA bit

216	   The SA bit is used by a starting router to request that its neighbor
217	   suppress advertisement of the adjacency to the starting router in
218	   the neighbors LSPs.

220	   A router which is starting has no maintained forwarding function
221	   state. This may or may not be the first time the router has started.
222	   If this is not the first time the router has started, copies of LSPs
223	   generated by this router in its previous incarnation may exist in
224	   the LSP databases of other routers in the network. These copies are
225	   likely to appear "newer" than LSPs initially generated by the
226	   starting router due to the reinitialization of LSP fragment sequence
227	   numbers by the starting router. This may cause temporary blackholes
228	   to occur until the normal operation of the update process causes the
229	   starting router to regenerate and flood copies of its own LSPs with
230	   higher sequence numbers. The temporary blackholes can be avoided if
231	   the starting router's neighbors suppress advertising an adjacency to
232	   the starting router until the starting router has been able to
233	   propagate newer versions of LSPs generated by previous incarnations.

235	   When the neighbor of a starting router receives an IIH with the
236	   restart TLV having the SA bit set, if there exists on this interface
237	   an adjacency in state "Up" with the same System ID, and in the case
238	   of a LAN circuit, with the same source LAN address, then
239	   advertisement of the adjacency to the starting router in LSPs should
240	   be suppressed. Until an IIH with the SA bit clear has been received,
241	   the adjacency advertisement should continue to be suppressed. If the
242	   adjacency transitions to the UP state, the new adjacency should not
243	   be advertised until an IIH with the SA bit clear has been received.

245	4.3    Adjacency (re)acquisition

247	   Adjacency (re)acquisition is the first step in (re)initialization.
248	   Both restarting and starting routers will make use of the RR bit in
249	   the restart TLV, though at different stages of the (re)start
250	   procedure.

252	4.3.1      Adjacency reacquisition during restart

254	   The restarting router explicitly notifies its neighbor that the
255	   adjacency is being reacquired, and hence that it should not
256	   reinitialize the adjacency. This is achieved by setting the RR bit
257	   in the restart TLV. When the neighbor of a restarting router
258	   receives an IIH with the restart TLV having the RR bit set, if there
259	   exists on this interface an adjacency in state "Up" with the same
260	   System ID, and in the case of a LAN circuit, with the same source
261	   LAN address, then the procedures described in 4.2.1 are followed.

263	   A router that does not support the restart capability will ignore
264	   the restart TLV and reinitialize the adjacency as normal, returning
265	   an IIH without the restart TLV.

267	   On restarting, a router initializes the timer T3, starts timer T2
268	   for each LSPDB and for each interface (and in the case of a LAN
269	   circuit, for each level) starts a timer T1 and transmits an IIH
270	   containing the restart TLV with the RR bit set.

272	   On a Point-to-Point circuit the "Point-to-Point Adjacency State"
273	   SHOULD be set to "Init", because the receipt of the acknowledging
274	   IIH (with RA set) MUST cause the adjacency to enter "Up" state
275	   immediately.

277	   On a LAN circuit the LAN-ID assigned to the circuit SHOULD be the
278	   same as that used prior to the restart. In particular, for any
279	   circuits for which the restarting router was previously DIS, the use
280	   of a different LAN-ID would necessitate the generation of a new set
281	   of pseudonode LSPs, and corresponding changes in all the LSPs
282	   referencing them from other routers on the LAN. By preserving the
283	   LAN-ID across the restart, this churn can be prevented. To enable a
284	   restarting router to learn the LAN-ID used prior to restart, the
285	   LAN-ID specified in an IIH w RR set MUST be ignored.

287	   Transmission of "normal" IIHs is inhibited until the conditions
288	   described below are met (in order to avoid causing an unnecessary
289	   adjacency reinitialization). On expiry of the timer T1, it is
290	   restarted and the IIH is retransmitted as above.

292	   On receipt of an IIH by the restarting router, a local adjacency is
293	   established as usual, and if the IIH contains a restart TLV with the
294	   RA bit set, the receipt of the acknowledgement over that interface
295	   is noted.

297	   T3 is set to the minimum of its current value and the value of the
298	   "Remaining Time" field in the received IIH.

300	   Receipt of an IIH not containing the restart TLV is also treated as
301	   an acknowledgement, since it indicates that the neighbor is not
302	   restart capable. In this case the neighbor will have reinitialized
303	   the adjacency as normal, which in the case of a Point-to-Point link
304	   will guarantee that SRMflags have been set on its database, thus
305	   ensuring eventual LSPDB synchronization. In the case of a LAN
306	   interface, the usual operation of the update process will also
307	   ensure that synchronization is eventually achieved. However, since
308	   no CSNP is guaranteed to be received over this interface, T1 is
309	   cancelled immediately without waiting for a CSNP. Synchronization
310	   may therefore be deemed complete even though there are some LSPs
311	   which are held(only) by this neighbor (see section 4.4).

313	   In the case of a Point-to-Point circuit, the "LocalCircuitID" and
314	   "Extended Local Circuit ID" information contained in the IIH can be
315	   used immediately to generate an IIH containing the correct 3-way
316	   handshake information. The presence of "Neighbor System ID" or
317	   "Neighbor Extended Local Circuit ID" information which does not
318	   match the values currently in use by the local system is ignored
319	   (since the IIH may have been transmitted before the neighbor had
320	   received the new values from the restarting router), but the
321	   adjacency remains in the initializing state until the correct
322	   information is received.

324	   In the case of a LAN circuit the information in the Intermediate
325	   Systems Neighbors option is recorded and used for the generation of
326	   subsequent IIHs as normal.

328	   When BOTH a complete set of CSNP(s) (for each active level, in the
329	   case of a pt-pt circuit) and an acknowledgement have been received
330	   over the interface, the timer T1 is cancelled.

332	   Once T3 has expired or been cancelled, subsequent IIHs are
333	   transmitted according to the normal algorithms, but including the
334	   restart TLV with both RR and RA clear.

336	   If a LAN contains a mixture of systems, only some of which support
337	   the new algorithm, database synchronization is still guaranteed, but
338	   the "old" systems will have reinitialized their adjacencies.

340	   If an interface is active, but does not have any neighboring router
341	   reachable over that interface the timer T1 would never be cancelled,
342	   and according to clause 4.4.1.1 the SPF would never be run.
343	   Therefore timer T1 is cancelled after some pre-determined number of
344	   expirations (which MAY be 1). (By this time any existing adjacency
345	   on a remote system would probably have expired anyway.)

347	   A router which supports restart SHOULD ensure that the holding time
348	   of any IIHs it transmits is greater than the expected time to
349	   complete a restart. However, where this is impracticable or
350	   undesirable a router MAY transmit one or more normal IIHs
351	   (containing a restart TLV with RR and RA clear) after the initial
352	   RR/RA exchange, but before synchronization has been achieved, in
353	   order to extend the holding time of the neighbors adjacencies beyond
354	   that indicated in the remaining time field of the neighbors IIH with
355	   the RA bit set.

357	4.3.2      Adjacency acquisition during start

359	   The starting router wants to ensure that in the event a neighboring
360	   router has an adjacency to the starting router in the UP state (from
361	   a previous incarnation of the starting router) that this adjacency
362	   is reinitialized. The starting router also wants neighboring routers
363	   to suppress advertisement of an adjacency to the starting router
364	   until LSP database synchronization is achieved. This is achieved by
365	   sending IIHs with the RR bit clear and the SA bit set in the restart
366	   TLV. The RR bit remains clear and the SA bit remains set in
367	   subsequent transmissions of IIHs until the adjacency has reached the
368	   UP state and the initial T1 timer interval (see below) has expired.

370	   Receipt of an IIH with RR bit clear will result in the neighboring
371	   router utilizing normal operation of the adjacency state machine.
372	   This will ensure that any old adjacency on the neighboring router
373	   will be reinitialized.

375	   On receipt of an IIH with SA bit set the behavior described in 4.2.2
376	   is followed.

378	   On starting, a router initializes the timer T3, and starts timer T2
379	   for each LSPDB.

381	   For each interface (and in the case of a LAN circuit, for each
382	   level), when an adjacency reaches the UP state, the starting router
383	   starts a timer T1 and transmits an IIH containing the restart TLV
384	   with the RR bit clear and SA bit set. On expiry of the timer T1, it
385	   is restarted and the IIH is retransmitted with both RR and SA bits
386	   set(only the RR bit has changed state from earlier IIHs).

388	   On receipt of an IIH with RR bit set(regardless of whether SA is set
389	   or not) the behavior described in 4.2.1 is followed.

391	   When an IIH is received by the starting router and the IIH contains
392	   a restart TLV with the RA bit set, the receipt of the
393	   acknowledgement over that interface is noted.

395	   T3 is set to the minimum of its current value and the value of the
396	   "Remaining Time" field in the received IIH.

398	   Receipt of an IIH not containing the restart TLV is also treated as
399	   an acknowledgement, since it indicates that the neighbor is not
400	   restart capable. In this case the neighbor will have reinitialized
401	   the adjacency as normal, which in the case of a Point-to-Point link
402	   will guarantee that SRMflags have been set on its database, thus
403	   ensuring eventual LSPDB synchronization. In the case of a LAN
404	   interface, the usual operation of the update process will also
405	   ensure that synchronization is eventually achieved. However, since
406	   no CSNP is guaranteed to be received over this interface, T1 is
407	   cancelled immediately without waiting for a CSNP. Synchronization
408	   may therefore be deemed complete even though there are some LSPs
409	   which are held(only) by this neighbor (see section 4.4).

411	   When BOTH a complete set of CSNP(s) (for each active level, in the
412	   case of a pt-pt circuit) and an acknowledgement have been received
413	   over the interface, the timer T1 is cancelled. Subsequent IIHs sent
414	   by the starting router have the RR and RA bits clear and the SA bit
415	   set in the restart TLV.

417	   Once T3 has expired or been cancelled, subsequent IIHs are
418	   transmitted according to the normal algorithms, but including the
419	   restart TLV with RR, RA, and SA bits clear.

421	   Timer T1 is cancelled after some pre-determined number of
422	   expirations (which MAY be 1).

424	   During the period when T1 is active, according to the rules defined
425	   in 4.3 the neighbor of the starting router may choose not to update
426	   the holding time for an adjacency because the RR bit is set in the
427	   received IIH. To prevent holding time expiration a starting router
428	   MAY transmit one or more IIHs containing a restart TLV with RR and
429	   RA bits clear and SA bit set after the initial RR/RA exchange.

431	   When T2 is cancelled or expires transmission of "normal" IIHs (with
432	   RR,RA, and SA bits clear) will begin.

434	4.3.3      Multiple levels

436	   A router which is operating as both a Level 1 and a Level 2 router
437	   on a particular interface MUST perform the above operations for each
438	   level.

440	   On a LAN interface, it MUST send and receive both Level 1 and
441	   Level 2 IIHs and perform the CSNP synchronizations independently for
442	   each level.

444	   On a pt-pt interface, only a single IIH (indicating support for both
445	   levels) is required, but it MUST perform the CSNP synchronizations
446	   independently for each level.

448	4.4    Database synchronization

450	   When a router is started or restarted it can expect to receive a
451	   (set of) CSNP(s) over each interface. The arrival of the CSNP(s) is
452	   now guaranteed, since an IIH with RR bit set will be retransmitted
453	   until the CSNP(s) are correctly received.

455	   The CSNPs describe the set of LSPs that are currently held by each
456	   neighbor. Synchronization will be complete when all these LSPs have
457	   been received.

459	   When (re)starting, a router starts the timer T3 and an instance of
460	   timer T2 for each LSPDB as described in 4.3.1 or 4.3.2. In addition
461	   to normal processing of the CSNPs, the set of LSPIDs contained in
462	   the first complete set of CSNP(s) received over each interface is
463	   recorded, together with their remaining lifetime. If there are
464	   multiple interfaces on the (re)starting router, the recorded set of
465	   LSPIDs is the union of those received over each interface. LSPs with
466	   a remaining lifetime of zero are NOT so recorded.

468	   As LSPs are received (by the normal operation of the update process)
469	   over any interface, the corresponding LSPID entry is removed (it is
470	   also removed if the LSP had arrived before the CSNP containing the
471	   reference). When an LSPID has been held in the list for its
472	   indicated remaining lifetime, it is removed from the list. When the
473	   list of LSPIDs is empty and T1 has been cancelled for all the
474	   interfaces that have an adjacency at this level, the timer T2 is
475	   cancelled.

477	   At this point the local database is guaranteed to contain all the
478	   LSP(s) (either the same sequence number, or a more recent sequence
479	   number) which were present in the neighbors' databases at the time
480	   of (re)starting. LSPs that arrived in a neighbor's database after
481	   the time of (re)starting may, or may not, be present, but the normal
482	   operation of the update process will guarantee that they will
483	   eventually be received. At this point the local database is deemed
484	   to be "synchronized".

486	   Since LSPs mentioned in the CSNP(s) with a zero remaining lifetime
487	   are not recorded, and those with a short remaining lifetime are
488	   deleted from the list when the lifetime expires, cancellation of the
489	   timer T2 will not be prevented by waiting for an LSP that will never
490	   arrive.

492	4.4.1      LSP generation and flooding and SPF computation

494	   The operation of a router starting, as opposed to restarting is
495	   somewhat different. These two cases are dealt with separately below.

497	4.4.1.1.         Restarting

499	   In order to avoid causing unnecessary routing churn in other
500	   routers, it is highly desirable that the own LSPs generated by the
501	   restarting system are the same as those previously present in the
502	   network (assuming no other changes have taken place). It is
503	   important therefore not to regenerate and flood the LSPs until all
504	   the adjacencies have been re-established and any information
505	   required for propagation into the local LSPs is fully available.
506	   Ideally, the information should be loaded into the LSPs in a
507	   deterministic way, such that the same information occurs in the same
508	   place in the same LSP (and hence the LSPs are identical to their
509	   previous versions). If this can be achieved, the new versions will
510	   not even cause SPF to be run in other systems. However, provided the
511	   same information is included in the set of LSPs (albeit in a
512	   different order, and possibly different LSPs), the result of running
513	   the SPF will be the same and will not cause churn to the forwarding
514	   tables.

516	   In the case of a restarting router, none of the router's LSPs are
517	   transmitted, nor are the router's own forwarding tables updated
518	   while the timer T3 is running.

520	   Redistribution of inter-level information must be regenerated before
521	   this router's LSP is flooded to other nodes. Therefore the Level-n
522	   non-pseudonode LSP(s) should not be flooded until the other level's
523	   T2 timer has expired and its SPF has been run. This ensures that any
524	   inter-level information that should be propagated can be included in
525	   the Level-n LSP(s).

527	   During this period, if one of the router's own (including
528	   pseudonodes) LSPs is received, which the local router does not
529	   currently have in its own database, it is NOT purged. Under normal
530	   operation, such an LSP would be purged, since the LSP clearly should
531	   not be present in the global LSP database. However, in the present
532	   circumstances, this would be highly undesirable, because it could
533	   cause premature removal of an own LSP -- and hence churn in remote
534	   routers. Even if the local system has one or more own LSPs (which it
535	   has generated, but not yet transmitted) it is still not valid to
536	   compare the received LSP against this set, since it may be that as a
537	   result of propagation between Level 1 and Level 2 (or vice versa) a
538	   further own LSP will need to be generated when the LSP databases
539	   have synchronized.

541	   During this period a restarting router SHOULD send CSNPs as it
542	   normally would. Information about the router's own LSPs MAY be
543	   included, but if it is included it MUST be based on LSPs which have
544	   been received, not on versions which have been generated(but not yet
545	   transmitted). This restriction is necessary to prevent premature
546	   removal of an LSP from the global LSP database.

548	   When the timer T2 expires or is cancelled indicating that
549	   synchronization for that level is complete, the SPF for that level
550	   is run in order to derive any information which is required to be
551	   propagated to another level, but the forwarding tables are not yet
552	   updated.

554	   Once the other level's SPF has run and any inter-level propagation
555	   has been resolved, the 'own' LSPs can be generated and flooded. Any
556	   'own' LSPs which were previously ignored, but which are not part of
557	   the current set of 'own' LSPs (including pseudonodes) should then be
558	   purged. Note that it is possible that a Designated Router change may
559	   have taken place, and consequently the router should purge those
560	   pseudonode LSPs which it previously owned, but which are now no
561	   longer part of its set of pseudonode LSPs.

563	   When all the T2 timers have expired or been cancelled, the timer T3
564	   is cancelled and the local forwarding tables are updated.

566	   If the timer T3 expires before all the T2 timers have expired or
567	   been cancelled, this indicates that the synchronization process is
568	   taking longer than minimum holding time of the neighbors. The
569	   router's own LSP(s) for levels which have not yet completed their
570	   first SPF computation are then flooded with the overload bit set to
571	   indicate that the router's LSPDB is not yet synchronized (and other
572	   routers should therefore not compute routes through this router).
573	   Normal operation of the update process resumes and the local
574	   forwarding tables are updated. In order to prevent the neighbor's
575	   adjacencies from expiring, IIHs with the normal interface value for
576	   the holding time are transmitted over all interfaces with neither RR
577	   nor RA set in the restart TLV. This will cause the neighbors to
578	   refresh their adjacencies. The own LSP(s) will continue to have the
579	   overload bit set until timer T2 has expired or been cancelled.

581	4.4.1.2.         Starting

583	   In the case of a starting router, as soon as each adjacency is
584	   established, and before any CSNP exchanges, the router's own zeroth
585	   LSP is transmitted with the overload bit set. This prevents other
586	   routers from computing routes through the router until it has
587	   reliably acquired the complete set of LSPs. The overload bit remains
588	   set in subsequent transmissions of the zeroth LSP (such as will
589	   occur if a previous copy of the routers LSP is still present in the
590	   network) while any timer T2 is running.

592	   When all the T2 timers have been cancelled, the own LSP(s) MAY be
593	   regenerated with the overload bit clear (assuming the router isn't
594	   in fact overloaded, and there is no other reason, such as incomplete
595	   BGP convergence, to keep the overload bit set), and flooded as
596	   normal.

598	   Other 'own' LSPs (including pseudonodes) are generated and flooded
599	   as normal, irrespective of the timer T2. The SPF is also run as
600	   normal and the RIB and FIB updated as routes become available.

602	   To avoid the possible formation of temporary blackholes the starting
603	   router sets the SA bit in the restart TLV (as described in 4.3.2) in
604	   all IIHs that it sends.

606	   When all T2 timers have been cancelled, the starting router MUST
607	   transmit IIHs with the SA bit clear.

609	5.   Security Considerations

611	   This memo does not create any new security issues for the IS-IS
612	   protocol. Security considerations for the base IS-IS protocol are
613	   covered in [2] and [3].

615	6.   References

617	   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP
618	      9, RFC 2026, October 1996.

620	   2  Callon, R., "OSI IS-IS for IP and Dual Environment," RFC 1195,
621	      December 1990.

623	   3  ISO, "Intermediate system to Intermediate system routeing
624	      information exchange protocol for use in conjunction with the
625	      Protocol for providing the Connectionless-mode Network Service
626	      (ISO 8473)," ISO/IEC 10589:2002, Second Edition.

628	   4  Bradner, S., "Key words for use in RFCs to Indicate Requirement
629	      Levels", BCP 14, RFC 2119, March 1997

631	   5  Katz, D., "Three-Way Handshake for IS-IS Point-to-Point
632	      Adjacencies", RFC 3373, September 2002

634	7.   Acknowledgments

636	   The authors would like to acknowledge contributions made by Radia
637	   Perlman, Mark Schaefer, Naiming Shen, Nischal Sheth, Russ White, and
638	   Rena Yang.

640	8.   Authors' Addresses

642	   Mike Shand
643	   Cisco Systems
644	   250 Longwater Avenue,
645	   Reading,
646	   Berkshire,
647	   RG2 6GB
648	   UK
649	   Phone: +44 208 824 8690
650	   Email: mshand@cisco.com

652	   Les Ginsberg
653	   Cisco Systems
654	   510 McCarthy Blvd.
655	   Milpitas, Ca. 95035 USA
656	   Email: ginsberg@cisco.com