idnits 2.17.1 draft-ietf-teas-rsvp-ingress-protection-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Authors' Addresses Section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 21, 2016) is 2958 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'S' is mentioned on line 128, but not defined == Missing Reference: 'Ra' is mentioned on line 131, but not defined == Missing Reference: 'Rb' is mentioned on line 131, but not defined == Missing Reference: 'L3' is mentioned on line 131, but not defined == Unused Reference: 'RFC2119' is defined on line 957, but no explicit reference was found in the text == Unused Reference: 'RFC3031' is defined on line 962, but no explicit reference was found in the text == Unused Reference: 'RFC3209' is defined on line 967, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force H. Chen, Ed. 3 Internet-Draft Huawei Technologies 4 Intended status: Experimental R. Torvi, Ed. 5 Expires: September 22, 2016 Juniper Networks 6 March 21, 2016 8 Extensions to RSVP-TE for LSP Ingress Local Protection 9 draft-ietf-teas-rsvp-ingress-protection-05.txt 11 Abstract 13 This document describes extensions to Resource Reservation Protocol - 14 Traffic Engineering (RSVP-TE) for locally protecting the ingress node 15 of a Traffic Engineered (TE) Label Switched Path (LSP), which is a 16 Point-to-Point (P2P) LSP or a Point-to-Multipoint (P2MP) LSP. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on September 22, 2016. 35 Copyright Notice 37 Copyright (c) 2016 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Co-authors . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2.1. An Example of Ingress Local Protection . . . . . . . . . . 3 55 2.2. Ingress Local Protection with FRR . . . . . . . . . . . . 4 56 3. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 4 57 3.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 4 58 3.2. Backup and Source Detect Failure . . . . . . . . . . . . . 5 59 4. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 5 60 4.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 5 61 5. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 6 62 5.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 6 63 5.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 7 64 5.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 8 65 5.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 8 66 5.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 8 67 5.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 9 68 5.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 10 69 6. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 10 70 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 10 71 6.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 10 72 6.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 11 73 6.1.3. Comparing Two Methods . . . . . . . . . . . . . . . . 12 74 6.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 12 75 6.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 76 6.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 13 77 6.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 14 78 6.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 15 79 6.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 17 80 6.3.3. Failure Detection and Refresh PATH Messages . . . . . 18 81 6.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 18 82 6.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 18 83 6.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 19 84 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 85 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 86 8.1. A New Class Number . . . . . . . . . . . . . . . . . . . . 20 87 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 20 88 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 21 89 11. Normative References . . . . . . . . . . . . . . . . . . . . . 21 90 A. Problem Summary . . . . . . . . . . . . . . . . . . . . . . . 22 91 B. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 23 93 1. Co-authors 95 Ning So, Autumn Liu, Alia Atlas, Yimin Shen, Tarek Saad, Fengman Xu, 96 Mehmet Toy, Lei Liu 98 2. Introduction 100 For a MPLS LSP it is important to have a fast-reroute method for 101 protecting its ingress node and transit nodes. Protecting an ingress 102 is not covered either in the fast-reroute method defined in [RFC4090] 103 or in the P2MP fast-reroute extensions to fast-reroute in [RFC4875]. 105 An alternate approach to local protection (fast-reroute) is to use 106 global protection and set up a secondary backup LSP (whether P2MP or 107 P2P) from a backup ingress to the egresses. The main disadvantage of 108 this is that the backup LSP may reserve additional network bandwidth. 110 This specification defines a simple extension to RSVP-TE for local 111 protection of the ingress node of a P2MP or P2P LSP. 113 2.1. An Example of Ingress Local Protection 115 Figure 1 shows an example of using a backup P2MP LSP to locally 116 protect the ingress of a primary P2MP LSP, which is from ingress R1 117 to three egresses: L1, L2 and L3. The backup LSP is from backup 118 ingress Ra to the next hops R2 and R4 of ingress R1. 120 [R2]******[R3]*****[L1] 121 * | **** Primary LSP 122 * | ---- Backup LSP 123 * / .... BFD Session 124 * / $ Link 125 ....[R1]*******[R4]****[R5]*****[L2] $ 126 : $ $ / / * $ 127 : $ $ / / * 128 [S] $ / / * 129 $ $ / / * 130 $ $/ / * 131 [Ra]----[Rb] [L3] 133 Figure 1: Backup P2MP LSP for Locally Protecting Ingress 135 In normal operations, source S sends the traffic to primary ingress 136 R1. R1 imports the traffic into the primary LSP. 138 When source S detects the failure of R1, it switches the traffic to 139 backup ingress Ra, which imports the traffic from S into the backup 140 LSP to R1's next hops R2 and R4, where the traffic is merged into the 141 primary LSP, and then sent to egresses L1, L2 and L3. Source S 142 detects the failure of R1 and switches the traffic within 10s of ms. 144 Note that the backup ingress is one logical hop away from the 145 ingress. A logical hop is a direct link or a tunnel such as a GRE 146 tunnel, over which RSVP-TE messages may be exchanged. 148 2.2. Ingress Local Protection with FRR 150 Through using the ingress local protection and the FRR, we can 151 locally protect the ingress, all the links and the transit nodes of 152 an LSP. The traffic switchover time is within 10s of ms whenever the 153 ingress, any of the links and the transit nodes of the LSP fails. 155 The ingress node of the LSP can be locally protected through using 156 the ingress local protection. All the links and all the transit 157 nodes of the LSP can be locally protected through using the FRR. 159 3. Ingress Failure Detection 161 Exactly how to detect the failure of the ingress is out of scope. 162 However, it is necessary to discuss different modes for detecting the 163 failure because they determine what is the required behavior for the 164 source and backup ingress. 166 3.1. Source Detects Failure 168 Source Detects Failure or Source-Detect for short means that the 169 source is responsible for fast detecting the failure of the primary 170 ingress of an LSP. The backup ingress is ready to import the traffic 171 from the source into the backup LSP after the backup LSP is up. 173 In normal operations, the source sends the traffic to the primary 174 ingress. When the source detects the failure of the primary ingress, 175 it switches the traffic to the backup ingress, which delivers the 176 traffic to the next hops of the primary ingress through the backup 177 LSP, where the traffic is merged into the primary LSP. 179 For a P2P LSP, after the primary ingress fails, the backup ingress 180 MUST use a method to reliably detect the failure of the primary 181 ingress before the PATH message for the LSP expires at the next hop 182 of the primary ingress. After reliably detecting the failure, the 183 backup ingress sends/refreshes the PATH message to the next hop 184 through the backup LSP as needed. 186 After the primary ingress fails, it will not be reachable after 187 routing convergence. Thus checking whether the primary ingress 188 (address) is reachable is a possible method. 190 3.2. Backup and Source Detect Failure 192 Backup and Source Detect Failure or Backup-Source-Detect for short 193 means that both the backup ingress and the source are concurrently 194 responsible for fast detecting the failure of the primary ingress. 196 In normal operations, the source sends the traffic to the primary 197 ingress. It switches the traffic to the backup ingress when it 198 detects the failure of the primary ingress. 200 The backup ingress does not import any traffic from the source into 201 the backup LSP in normal operations. When it detects the failure of 202 the primary ingress, it imports the traffic from the source into the 203 backup LSP to the next hops of the primary ingress, where the traffic 204 is merged into the primary LSP. 206 The source-detect is preferred. It is simpler than the backup- 207 source-detect, which needs both the source and the backup ingress 208 detect the ingress failure quickly. 210 4. Backup Forwarding State 212 Before the primary ingress fails, the backup ingress is responsible 213 for creating the necessary backup LSPs. These LSPs might be multiple 214 bypass P2P LSPs that avoid the ingress. Alternately, the backup 215 ingress could choose to use a single backup P2MP LSP as a bypass or 216 detour to protect the primary ingress of a primary P2MP LSP. 218 The backup ingress may be off-path or on-path of an LSP. If a backup 219 ingress is not any node of the LSP, we call it is off-path. If a 220 backup ingress is a next-hop of the primary ingress of the LSP, we 221 call it is on-path. If it is on-path, the primary forwarding state 222 associated with the primary LSP SHOULD be clearly separated from the 223 backup LSP(s) state. 225 4.1. Forwarding State for Backup LSP 227 A forwarding entry for a backup LSP is created on the backup ingress 228 after the LSP is set up. Depending on the failure-detection mode 229 (e.g., source-detect), it may be used to forward received traffic or 230 simply be inactive (e.g., backup-source-detect) until required. In 231 either case, when the primary ingress fails, this entry is used to 232 import the traffic into the backup LSP to the next hops of the 233 primary ingress, where the traffic is merged into the primary LSP. 235 The forwarding entry for a backup LSP is a local implementation 236 issue. In one device, it may have an inactive flag. This inactive 237 forwarding entry is not used to forward any traffic normally. When 238 the primary ingress fails, it is changed to active, and thus the 239 traffic from the source is imported into the backup LSP. 241 5. Protocol Extensions 243 A new object INGRESS_PROTECTION is defined for signaling ingress 244 local protection. It is backward compatible. 246 5.1. INGRESS_PROTECTION Object 248 The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH 249 message is used to control the backup for protecting the primary 250 ingress of a primary LSP. The primary ingress MUST insert this 251 object into the PATH message to be sent to the backup ingress for 252 protecting the primary ingress. It has the following format: 254 Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IPv4 255 C-Type = 2 for INGRESS_PROTECTION_IPv6 256 0 1 2 3 257 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 | Length (bytes) | Class-Num | C-Type | 260 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 | Secondary LSP ID | Flags | Options | 262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 ~ (Subobjects) ~ 264 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 266 Flags 267 0x01 Ingress local protection available 268 0x02 Ingress local protection in use 269 0x04 Bandwidth protection 271 Options 272 0x01 Revert to Ingress 273 0x02 P2MP Backup 275 The Secondary LSP ID in the object is an LSP ID that the primary 276 ingress has allocated for a protected LSP tunnel. The backup ingress 277 may use this LSP ID to set up a new LSP from the backup ingress to 278 the destinations of the protected LSP tunnel. This allows the new 279 LSP to share resources with the old one. 281 The flags are used to communicate status information from the backup 282 ingress to the primary ingress. 284 o Ingress local protection available: The backup ingress sets this 285 flag after backup LSPs are up and ready for locally protecting the 286 primary ingress. The backup ingress sends this to the primary 287 ingress to indicate that the primary ingress is locally protected. 289 o Ingress local protection in use: The backup ingress sets this flag 290 when it detects a failure in the primary ingress. The backup 291 ingress keeps it and does not send it to the primary ingress since 292 the primary ingress is down. 294 o Bandwidth protection: The backup ingress sets this flag if the 295 backup LSPs guarantee to provide desired bandwidth for the 296 protected LSP against the primary ingress failure. 298 The options are used by the primary ingress to specify the desired 299 behavior to the backup ingress. 301 o Revert to Ingress: The primary ingress sets this option indicating 302 that the traffic for the primary LSP successfully re-signaled will 303 be switched back to the primary ingress from the backup ingress 304 when the primary ingress is restored. 306 o P2MP Backup: This option is set to ask for the backup ingress to 307 use P2MP backup LSP to protect the primary ingress. Note that one 308 spare bit of the flags in the FAST-REROUTE object can be used to 309 indicate whether P2MP or P2P backup LSP is desired for protecting 310 an ingress and transit node. 312 The INGRESS_PROTECTION object may contain some sub objects below. 314 5.1.1. Subobject: Backup Ingress IPv4 Address 316 When the primary ingress of a protected LSP sends a PATH message with 317 an INGRESS_PROTECTION object to the backup ingress, the object may 318 have a Backup Ingress IPv4 Address sub object containing an IPv4 319 address belonging to the backup ingress. The Type of the sub object 320 is TBD1 (the exact number to be assigned by IANA), and the body of 321 the sub object is given below: 323 0 1 2 3 324 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 325 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 326 | Backup ingress IPv4 address (4 bytes) | 327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 Backup ingress IPv4 address: An IPv4 host address of backup ingress 331 5.1.2. Subobject: Backup Ingress IPv6 Address 333 When the primary ingress of a protected LSP sends a PATH message with 334 an INGRESS_PROTECTION object to the backup ingress, the object may 335 have a Backup Ingress IPv6 Address sub object containing an IPv6 336 address belonging to the backup ingress. The Type of the sub object 337 is TBD2, the body of the sub object is given below: 339 0 1 2 3 340 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Backup ingress IPv6 address (16 bytes) | 343 ~ ~ 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 346 Backup ingress IPv6 address: An IPv6 host address of backup ingress 348 5.1.3. Subobject: Ingress IPv4 Address 350 The INGRESS_PROTECTION object may have an Ingress IPv4 Address sub 351 object containing an IPv4 address belonging to the primary ingress. 352 The Type of the sub object is TBD3. The sub object has the following 353 body: 355 0 1 2 3 356 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 | Ingress IPv4 address (4 bytes) | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 361 Ingress IPv4 address: An IPv4 host address of ingress 363 5.1.4. Subobject: Ingress IPv6 Address 365 The INGRESS_PROTECTION object may have an Ingress IPv6 Address sub 366 object containing an IPv6 address belonging to the primary ingress. 367 The Type of the sub object is TBD4. The sub object has the following 368 body: 370 0 1 2 3 371 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 372 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 373 | Ingress IPv6 address (16 bytes) | 374 ~ ~ 375 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 Ingress IPv6 address: An IPv6 host address of ingress 379 5.1.5. Subobject: Traffic Descriptor 381 The INGRESS_PROTECTION object may have a Traffic Descriptor sub 382 object describing the traffic to be mapped to the backup LSP on the 383 backup ingress for locally protecting the primary ingress. The Type 384 of the sub object is TBD5, TBD6, TBD7 or TBD8 for Interface, IPv4 385 Prefix, IPv6 Prefix or Application Identifier respectively. The sub 386 object has the following body: 388 0 1 2 3 389 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 | Traffic Element 1 | 392 ~ ~ 393 | Traffic Element n | 394 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 The Traffic Descriptor sub object may contain multiple Traffic 397 Elements of same type as follows: 399 o Interface Traffic (Type TBD5): Each of the Traffic Elements is a 400 32 bit index of an interface, from which the traffic is imported 401 into the backup LSP. 403 o IPv4 Prefix Traffic (Type TBD6): Each of the Traffic Elements is 404 an IPv4 prefix, containing an 8-bit prefix length followed by an 405 IPv4 address prefix, whose length, in bits, is specified by the 406 prefix length, padded to a byte boundary. 408 o IPv6 Prefix Traffic (Type TBD7): Each of the Traffic Elements is 409 an IPv6 prefix, containing an 8-bit prefix length followed by an 410 IPv6 address prefix, whose length, in bits, is specified by the 411 prefix length, padded to a byte boundary. 413 o Application Traffic (Type TBD8): Each of the Traffic Elements is a 414 32 bit identifier of an application, from which the traffic is 415 imported into the backup LSP. 417 5.1.6. Subobject: Label-Routes 419 The INGRESS_PROTECTION object in a PATH message from the primary 420 ingress to the backup ingress will have a Label-Routes sub object 421 containing the labels and routes that the next hops of the ingress 422 use. The Type of the sub object is TBD9. The sub object has the 423 following body: 425 0 1 2 3 426 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 427 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 428 ~ Subobjects ~ 429 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 431 The Subobjects in the Label-Routes are copied from those in the 432 RECORD_ROUTE objects in the RESV messages that the primary ingress 433 receives from its next hops for the primary LSP. They MUST contain 434 the first hops of the LSP, each of which is paired with its label. 436 6. Behavior of Ingress Protection 438 6.1. Overview 440 There are four parts of ingress protection: 1) setting up the 441 necessary backup LSP forwarding state; 2) identifying the failure and 442 providing the fast repair (as discussed in Sections 3 and 4); 3) 443 maintaining the RSVP-TE control plane state until a global repair is 444 done; and 4) performing the global repair(see Section 6.4). 446 There are two different proposed signaling approaches to obtain 447 ingress protection. They both use the same new INGRESS_PROTECTION 448 object. The object is sent in both PATH and RESV messages. 450 6.1.1. Relay-Message Method 452 The primary ingress relays the information for ingress protection of 453 an LSP to the backup ingress via PATH messages. Once the LSP is 454 created, the ingress of the LSP sends the backup ingress a PATH 455 message with an INGRESS_PROTECTION object with Label-Routes 456 subobject, which is populated with the next-hops and labels. This 457 provides sufficient information for the backup ingress to create the 458 appropriate forwarding state and backup LSP(s). 460 The ingress also sends the backup ingress all the other PATH messages 461 for the LSP with an empty INGRESS_PROTECTION object. Thus, the 462 backup ingress has access to all the PATH messages needed for 463 modification to refresh control-plane state after a failure. 465 The advantages of this method include: 1) the primary LSP is 466 independent of the backup ingress; 2) simple; 3) less configuration; 467 and 4) less control traffic. 469 6.1.2. Proxy-Ingress Method 471 Conceptually, a proxy ingress is created that starts the RSVP 472 signaling. The explicit path of the LSP goes from the proxy ingress 473 to the backup ingress and then to the real ingress. The behavior and 474 signaling for the proxy ingress is done by the real ingress; the use 475 of a proxy ingress address avoids problems with loop detection. 477 [ traffic source ] *** Primary LSP 478 $ $ --- Backup LSP 479 $ $ $$ Link 480 $ $ 481 [ proxy ingress ] [ backup ] 482 [ & ingress ] | 483 * | 484 *****[ MP ]----| 486 Figure 2: Example Protected LSP with Proxy Ingress Node 488 The backup ingress must know the merge points or next-hops and their 489 associated labels. This is accomplished by having the RSVP PATH and 490 RESV messages go through the backup ingress, although the forwarding 491 path need not go through the backup ingress. If the backup ingress 492 fails, the ingress simply removes the INGRESS_PROTECTION object and 493 forwards the PATH messages to the LSP's next-hop(s). If the ingress 494 has its LSP configured for ingress protection, then the ingress can 495 add the backup ingress and itself to the ERO and start forwarding the 496 PATH messages to the backup ingress. 498 Slightly different behavior can apply for the on-path and off-path 499 cases. In the on-path case, the backup ingress is a next hop node 500 after the ingress for the LSP. In the off-path, the backup ingress 501 is not any next-hop node after the ingress for all associated sub- 502 LSPs. 504 The key advantage of this approach is that it minimizes the special 505 handling code requires. Because the backup ingress is on the 506 signaling path, it can receive various notifications. It easily has 507 access to all the PATH messages needed for modification to be sent to 508 refresh control-plane state after a failure. 510 6.1.3. Comparing Two Methods 512 +-------+-----------+-------+--------------+---------------+---------+ 513 |\_ Item|Primary LSP|Config |PATH Msg from |RESV Msg from |Reuse | 514 | \_ |Depends on |Proxy- |Backup Ingress|Primary Ingress|Some | 515 | \|Backup |Ingress|to Primary |to Backup |Existing | 516 |Method |Ingress |ID |Ingress |Ingress |Functions| 517 +-------+-----------+-------+--------------+---------------+---------+ 518 |Relay- | No | No | No | No | Yes- | 519 |Message| | | | | | 520 +-------+-----------+-------+--------------+---------------+---------+ 521 |Proxy- | Yes | Yes- | Yes | Yes | Yes | 522 |Ingress| | | | | | 523 +-------+-----------+-------+--------------+---------------+---------+ 525 6.2. Ingress Behavior 527 The primary ingress MUST be configured with a couple of pieces of 528 information for ingress protection. 530 o Backup Ingress Address: The primary ingress MUST know an IP 531 address for it to be included in the INGRESS_PROTECTION object. 533 o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The 534 Proxy-Ingress-Id is only used in the Record Route Object for 535 recording the proxy-ingress. If no proxy-ingress-id is specified, 536 then a local interface address that will not otherwise be included 537 in the Record Route Object can be used. A similar technique is 538 used in [RFC4090 Sec 6.1.1]. 540 o Application Traffic Identifier: The primary ingress and backup 541 ingress MUST both know what application traffic should be directed 542 into the LSP. If a list of prefixes in the Traffic Descriptor 543 sub-object will not suffice, then a commonly understood 544 Application Traffic Identifier can be sent between the primary 545 ingress and backup ingress. The exact meaning of the identifier 546 should be configured similarly at both the primary ingress and 547 backup ingress. The Application Traffic Identifier is understood 548 within the unique context of the primary ingress and backup 549 ingress. 551 o A connection between backup ingress and primary ingress: If there 552 is not any direct link between the primary ingress and the backup 553 ingress, a tunnel MUST be configured between them. 555 With this additional information, the primary ingress can create and 556 signal the necessary RSVP extensions to support ingress protection. 558 6.2.1. Relay-Message Method 560 To protect the ingress of an LSP, the ingress MUST do the following 561 after the LSP is up. 563 1. Select a PATH message. 565 2. If the backup ingress is off-path, then send it a PATH message 566 with the content from the selected PATH message and an 567 INGRESS_PROTECTION object; else (the backup ingress is a next 568 hop, i.e., on-path case) add an INGRESS_PROTECTION object into 569 the existing PATH message to the backup ingress (i.e., the next 570 hop). The object contains the Traffic-Descriptor sub-object, the 571 Backup Ingress Address sub-object and the Label-Routes sub- 572 object. The options is set to indicate whether a Backup P2MP LSP 573 is desired. A secondary LSP-ID is allocated (if it is not 574 allocated yet) and used in the object. The Label-Routes sub- 575 object contains the next-hops of the ingress and their labels. 577 3. For each of the other PATH messages, send the backup ingress a 578 PATH message with the content copied from the message and an 579 empty INGRESS_PROTECTION object, which is an object without any 580 Traffic-Descriptor sub-object. 582 6.2.2. Proxy-Ingress Method 584 The primary ingress is responsible for starting the RSVP signaling 585 for the proxy-ingress node. To do this, the following MUST be done 586 for the RSVP PATH message. 588 1. Compute the EROs for the LSP as normal for the ingress. 590 2. If the selected backup ingress node is not the first node on the 591 path (for all sub-LSPs), then insert at the beginning of the ERO 592 first the backup ingress node and then the ingress node. 594 3. In the PATH RRO, instead of recording the ingress node's address, 595 replace it with the Proxy-Ingress-Id. 597 4. Leave the HOP object populated as usual with information for the 598 ingress-node. 600 5. Add the INGRESS_PROTECTION object to the PATH message. Allocate 601 a secondary LSP-ID to be used in the INGRESS-PROTECTION object. 602 Include the Backup Ingress Address (IPv4 or IPv6) sub-object and 603 the Traffic-Descriptor sub-object. Set or clear the options 604 indicating that a Backup P2MP LSP is desired. 606 6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path 607 message. Indicate whether one-to-one backup is desired. 608 Indicate whether facility backup is desired. 610 7. The RSVP PATH message is sent to the backup node as normal. 612 If the ingress detects that it can't communicate with the backup 613 ingress, then the ingress SHOULD instead send the PATH message to the 614 next-hop indicated in the ERO computed in step 1. Once the ingress 615 detects that it can communicate with the backup ingress, the ingress 616 SHOULD follow the steps 1-7 to obtain ingress failure protection. 618 When the ingress node receives an RSVP PATH message with an INGRESS- 619 PROTECTION object and the object specifies that node as the ingress 620 node and the PHOP as the backup ingress node, the ingress node SHOULD 621 remove the INGRESS_PROTECTION object from the PATH message before 622 sending it out. Additionally, the ingress node MUST store that it 623 will install ingress forwarding state for the LSP rather than 624 midpoint forwarding. 626 When an RSVP RESV message is received by the ingress, it uses the 627 NHOP to determine whether the message is received from the backup 628 ingress or from a different node. The stored associated PATH message 629 contains an INGRESS_PROTECTION object that identifies the backup 630 ingress node. If the RESV message is not from the backup node, then 631 ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION 632 object MUST be added to the RESV before it is sent to the NHOP, which 633 SHOULD be the backup node. If the RESV message is from the backup 634 node, then the LSP SHOULD be considered available for use. 636 If the backup ingress node is on the forwarding path, then a RESV is 637 received with an INGRESS_PROTECTION object and an NHOP that matches 638 the backup ingress. In this case, the ingress node's address will 639 not appear after the backup ingress in the RRO. The ingress node 640 SHOULD set up ingress forwarding state, just as is done if the LSP 641 weren't ingress-node protected. 643 6.3. Backup Ingress Behavior 645 An LER determines that the ingress local protection is requested for 646 an LSP if the INGRESS_PROTECTION object is included in the PATH 647 message it receives for the LSP. The LER can further determine that 648 it is the backup ingress if one of its addresses is in the Backup 649 Ingress Address sub-object of the INGRESS_PROTECTION object. The LER 650 as the backup ingress will assume full responsibility of the ingress 651 after the primary ingress fails. In addition, the LER determines 652 that it is off-path if it is not any node of the LSP. 654 6.3.1. Backup Ingress Behavior in Off-path Case 656 The backup ingress considers itself as a PLR and the primary ingress 657 as its next hop and provides a local protection for the primary 658 ingress. It behaves very similarly to a PLR providing fast-reroute 659 where the primary ingress is considered as the failure-point to 660 protect. Where not otherwise specified, the behavior given in 661 [RFC4090] for a PLR applies. 663 The backup ingress MUST follow the control-options specified in the 664 INGRESS_PROTECTION object and the flags and specifications in the 665 FAST-REROUTE object. This applies to providing a P2MP backup if the 666 "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is 667 set, facility backup if the "facility backup desired" is set, and 668 backup paths that support the desired bandwidth, and administrative- 669 colors that are requested. 671 If multiple non empty INGRESS_PROTECTION objects have been received 672 via multiple PATH messages for the same LSP, then the most recent one 673 MUST be the one used. 675 The backup ingress creates the appropriate forwarding state for the 676 backup LSP tunnel(s) to the merge point(s). 678 When the backup ingress sends a RESV message to the primary ingress, 679 it MUST add an INGRESS_PROTECTION object into the message. It MUST 680 set or clear the flags in the object to report "Ingress local 681 protection available", "Ingress local protection in use", and 682 "bandwidth protection". 684 If the backup ingress doesn't have a backup LSP tunnel to each of the 685 merge points, it SHOULD clear "Ingress local protection available". 686 [Editor Note: It is possible to indicate the number or which are 687 unprotected via a sub-object if desired.] 689 When the primary ingress fails, the backup ingress redirects the 690 traffic from a source into the backup P2P LSPs or the backup P2MP LSP 691 transmitting the traffic to the next hops of the primary ingress, 692 where the traffic is merged into the protected LSP. 694 In this case, the backup ingress MUST keep the PATH message with the 695 INGRESS_PROTECTION object received from the primary ingress and the 696 RESV message with the INGRESS_PROTECTION object to be sent to the 697 primary ingress. The backup ingress MUST set the "local protection 698 in use" flag in the RESV message, indicating that the backup ingress 699 is actively redirecting the traffic into the backup P2P LSPs or the 700 backup P2MP LSP for locally protecting the primary ingress failure. 702 Note that the RESV message with this piece of information will not be 703 sent to the primary ingress because the primary ingress has failed. 705 If the backup ingress has not received any PATH message from the 706 primary ingress for an extended period of time (e.g., a cleanup 707 timeout interval) and a confirmed primary ingress failure did not 708 occur, then the standard RSVP soft-state removal SHOULD occur. The 709 backup ingress SHALL remove the state for the PATH message from the 710 primary ingress, and tear down the one-to-one backup LSPs for 711 protecting the primary ingress if one-to-one backup is used or unbind 712 the facility backup LSPs if facility backup is used. 714 When the backup ingress receives a PATH message from the primary 715 ingress for locally protecting the primary ingress of a protected 716 LSP, it MUST check to see if any critical information has been 717 changed. If the next hops of the primary ingress are changed, the 718 backup ingress SHALL update its backup LSP(s) accordingly. 720 6.3.1.1. Relay-Message Method 722 When the backup ingress receives a PATH message with an non empty 723 INGRESS_PROTECTION object, it examines the object to learn what 724 traffic associated with the LSP. It determines the next-hops to be 725 merged to by examining the Label-Routes sub-object in the object. 727 The backup ingress MUST store the PATH message received from the 728 primary ingress, but NOT forward it. 730 The backup ingress responds with a RESV to the PATH message received 731 from the primary ingress. If the INGRESS_PROTECTION object is not 732 "empty", the backup ingress SHALL send the RESV message with the 733 state indicating protection is available after the backup LSP(s) are 734 successfully established. 736 6.3.1.2. Proxy-Ingress Method 738 The backup ingress determines the next-hops to be merged to by 739 collecting the set of the pair of (IPv4/IPv6 sub-object, Label sub- 740 object) from the Record Route Object of each RESV that are closest to 741 the top and not the Ingress router; this should be the second to the 742 top pair. If a Label-Routes sub-object is included in the 743 INGRESS_PROTECTION object, the included IPv4/IPv6 sub-objects are 744 used to filter the set down to the specific next-hops where 745 protection is desired. A RESV message MUST have been received before 746 the Backup Ingress can create or select the appropriate backup LSP. 748 When the backup ingress receives a PATH message with the 749 INGRESS_PROTECTION object, the backup ingress examines the object to 750 learn what traffic associated with the LSP. The backup ingress 751 forwards the PATH message to the ingress node with the normal RSVP 752 changes. 754 When the backup ingress receives a RESV message with the 755 INGRESS_PROTECTION object, the backup ingress records an IMPLICIT- 756 NULL label in the RRO. Then the backup ingress forwards the RESV 757 message to the ingress node, which is acting for the proxy ingress. 759 6.3.2. Backup Ingress Behavior in On-path Case 761 An LER as the backup ingress determines that it is on-path if one of 762 its addresses is a next hop of the primary ingress (and for Proxy- 763 Ingress Method the primary ingress is not its next hop via checking 764 the PATH message with the INGRESS_PROTECTION object received from the 765 primary ingress). The LER on-path MUST send the corresponding PATH 766 messages without any INGRESS_PROTECTION object to its next hops. It 767 creates a number of backup P2P LSPs or a backup P2MP LSP from itself 768 to the other next hops (i.e., the next hops other than the backup 769 ingress) of the primary ingress. The other next hops are from the 770 Label-Routes sub object. 772 It also creates a forwarding entry, which sends/multicasts the 773 traffic from the source to the next hops of the backup ingress along 774 the protected LSP when the primary ingress fails. The traffic is 775 described by the Traffic-Descriptor. 777 After the forwarding entry is created, all the backup P2P LSPs or the 778 backup P2MP LSP is up and associated with the protected LSP, the 779 backup ingress MUST send the primary ingress the RESV message with 780 the INGRESS_PROTECTION object containing the state of the local 781 protection such as "local protection available" flag set to one, 782 which indicates that the primary ingress is locally protected. 784 When the primary ingress fails, the backup ingress sends/multicasts 785 the traffic from the source to its next hops along the protected LSP 786 and imports the traffic into each of the backup P2P LSPs or the 787 backup P2MP LSP transmitting the traffic to the other next hops of 788 the primary ingress, where the traffic is merged into protected LSP. 790 During the local repair, the backup ingress MUST continue to send the 791 PATH messages to its next hops as before, keep the PATH message with 792 the INGRESS_PROTECTION object received from the primary ingress and 793 the RESV message with the INGRESS_PROTECTION object to be sent to the 794 primary ingress. It MUST set the "local protection in use" flag in 795 the RESV message. 797 6.3.3. Failure Detection and Refresh PATH Messages 799 As described in [RFC4090], it is necessary to refresh the PATH 800 messages via the backup LSP(s). The Backup Ingress MUST wait to 801 refresh the PATH messages until it can accurately detect that the 802 ingress node has failed. An example of such an accurate detection 803 would be that the IGP has no bi-directional links to the ingress node 804 and the last change was long enough in the past that changes should 805 have been received (i.e., an IGP network convergence time or 806 approximately 2-3 seconds) or a BFD session to the primary ingress' 807 loopback address has failed and stayed failed after the network has 808 reconverged. 810 As described in [RFC4090 Section 6.4.3], the backup ingress, acting 811 as PLR, MUST modify and send any saved PATH messages associated with 812 the primary LSP to the corresponding next hops through backup LSP(s). 813 Any PATH message sent will not contain any INGRESS_PROTECTION object. 814 The RSVP_HOP object in the message contains an IP source address 815 belonging to the backup ingress. The sender template object has the 816 backup ingress address as its tunnel sender address. 818 6.4. Revertive Behavior 820 Upon a failure event in the (primary) ingress of a protected LSP, the 821 protected LSP is locally repaired by the backup ingress. There are a 822 couple of basic strategies for restoring the LSP to a full working 823 path. 825 - Revert to Primary Ingress: When the primary ingress is restored, 826 it re-signals each of the LSPs that start from the primary 827 ingress. The traffic for every LSP successfully re-signaled is 828 switched back to the primary ingress from the backup ingress. 830 - Global Repair by Backup Ingress: After determining that the 831 primary ingress of an LSP has failed, the backup ingress computes 832 a new optimal path, signals a new LSP along the new path, and 833 switches the traffic to the new LSP. 835 6.4.1. Revert to Primary Ingress 837 If "Revert to Primary Ingress" is desired for a protected LSP, the 838 (primary) ingress of the LSP SHOULD re-signal the LSP that starts 839 from the primary ingress after the primary ingress restores. After 840 the LSP is re-signaled successfully, the traffic SHOULD be switched 841 back to the primary ingress from the backup ingress on the source 842 node and redirected into the LSP starting from the primary ingress. 844 The primary ingress can specify the "Revert to Ingress" control- 845 option in the INGRESS_PROTECTION object in the PATH messages to the 846 backup ingress. After receiving the "Revert to Ingress" control- 847 option, the backup ingress MUST stop sending/refreshing PATH messages 848 for the protected LSP. 850 6.4.2. Global Repair by Backup Ingress 852 When the backup ingress has determined that the primary ingress of 853 the protected LSP has failed (e.g., via the IGP), it can compute a 854 new path and signal a new LSP along the new path so that it no longer 855 relies upon local repair. To do this, the backup ingress MUST use 856 the same tunnel sender address in the Sender Template Object and the 857 previously allocated secondary LSP-ID in the INGRESS_PROTECTION 858 object of the PATH message as the LSP-ID of the new LSP. This allows 859 the new LSP to share resources with the old LSP. In addition, if the 860 Ingress recovers, the Backup Ingress SHOULD send it RESVs with the 861 INGRESS_PROTECTION object where the "Revert to Ingress" is specified. 862 The Secondary LSP ID MUST be the unused LSP ID - while the LSP ID 863 signaled in the RESV will be that currently active. The Ingress can 864 learn from the RESVs what to signal. Even if the Ingress does not 865 take over, the RESVs notify it that the particular LSP IDs are in 866 use. The Backup Ingress can reoptimize the new LSP as necessary 867 until the Ingress recovers. Alternately, the Backup Ingress can 868 create a new LSP with no bandwidth reservation that duplicates the 869 path(s) of the protected LSP, move traffic to the new LSP, delete the 870 protected LSP, and then resignal the new LSP with bandwidth. 872 7. Security Considerations 874 In principle this document does not introduce new security issues. 875 The security considerations pertaining to RFC 4090, RFC 4875 and 876 other RSVP protocols remain relevant. 878 8. IANA Considerations 880 IANA is requested to administer the assignment of new values defined 881 in this document and summarized in this section. 883 8.1. A New Class Number 885 IANA maintains a registry called "Class Names, Class Numbers, and 886 Class Types" under "Resource Reservation Protocol-Traffic Engineering 887 (RSVP-TE) Parameters". IANA is requested to assign a new Class 888 Number for new object INGRESS_PROTECTION as follows: 890 +====================+===============+============================+ 891 | Class Names | Class Numbers | Class Types | 892 +====================+===============+============================+ 893 | INGRESS_PROTECTION | TBD (>192) | 1: INGRESS_PROTECTION_IPv4 | 894 | | +----------------------------+ 895 | | | 2: INGRESS_PROTECTION_IPv6 | 896 +--------------------+---------------+----------------------------+ 898 IANA is requested to assign Types for new TLVs in the new objects as 899 follows: 901 Type Name Allowed in 902 1 BACKUP_INGRESS_IPv4_ADDRESS INGRESS_PROTECTION_IPv4 903 2 BACKUP_INGRESS_IPv6_ADDRESS INGRESS_PROTECTION_IPv6 904 3 INGRESS_IPv4_ADDRESS INGRESS_PROTECTION_IPv4 905 4 INGRESS_IPv6_ADDRESS INGRESS_PROTECTION_IPv6 906 5 TRAFFIC_DESCRIPTOR_INTERFACE INGRESS_PROTECTION 907 6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX INGRESS_PROTECTION_IPv4 908 7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX INGRESS_PROTECTION_IPv6 909 8 TRAFFIC_DESCRIPTOR_APPLICATION INGRESS_PROTECTION 910 9 LabeL_Routes INGRESS_PROTECTION 912 9. Contributors 914 Renwei Li 915 Huawei Technologies 916 2330 Central Expressway 917 Santa Clara, CA 95050 918 USA 919 Email: renwei.li@huawei.com 921 Quintin Zhao 922 Huawei Technologies 923 Boston, MA 924 USA 925 Email: quintin.zhao@huawei.com 926 Zhenbin Li 927 Huawei Technologies 928 2330 Central Expressway 929 Santa Clara, CA 95050 930 USA 931 Email: zhenbin.li@huawei.com 933 Boris Zhang 934 Telus Communications 935 200 Consilium Pl Floor 15 936 Toronto, ON M1H 3J3 937 Canada 938 Email: Boris.Zhang@telus.com 940 Markus Jork 941 Juniper Networks 942 10 Technology Park Drive 943 Westford, MA 01886 944 USA 945 Email: mjork@juniper.net 947 10. Acknowledgement 949 The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric 950 Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, 951 Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath, 952 Gregory Mirsky, and Ronhazli Adam for their valuable comments and 953 suggestions on this draft. 955 11. Normative References 957 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 958 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 959 RFC2119, March 1997, 960 . 962 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 963 Label Switching Architecture", RFC 3031, DOI 10.17487/ 964 RFC3031, January 2001, 965 . 967 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 968 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 969 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 970 . 972 [RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast 973 Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090, 974 DOI 10.17487/RFC4090, May 2005, 975 . 977 [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. 978 Yasukawa, Ed., "Extensions to Resource Reservation 979 Protocol - Traffic Engineering (RSVP-TE) for Point-to- 980 Multipoint TE Label Switched Paths (LSPs)", RFC 4875, 981 DOI 10.17487/RFC4875, May 2007, 982 . 984 Appendix A. Problem Summary 986 There is a need for a fast and efficient protection against the 987 failure of the ingress node of a MPLS TE LSP (either P2MP LSP or P2P 988 LSP). 990 For a MPLS TE LSP, protecting the failures of its transit nodes using 991 fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875 992 for P2MP LSP. However, protecting the failure of its ingress node 993 using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS 994 Transport Profile (MPLS-TP) Linear Protection described in RFC 6378 995 can provide a protection against the failure of any transit node of a 996 LSP between the ingress node and the egress node of the LSP, but 997 cannot protect against the failure of the ingress node. 999 To protect against the failure of the (primary) ingress node of a 1000 primary end to end P2MP (or P2P) TE LSP, a typical existing solution 1001 is to set up a secondary backup end to end P2MP (or P2P) TE LSP from 1002 a backup ingress node, which is different from the primary ingress 1003 node, to the backup egress nodes (or node), which are (or is) 1004 different from the primary egress nodes (or node) of the primary LSP. 1005 For a P2MP TE LSP, on each of the primary (and backup) egress nodes, 1006 a P2P LSP is created from the egress node to its primary (backup) 1007 ingress node and configured with BFD. This is used to detect the 1008 failure of the primary (backup) ingress node for the receiver to 1009 switch to the backup (or primary) egress node to receive the traffic 1010 after the primary (or backup) ingress node fails when both the 1011 primary LSP and the secondary LSP carry the traffic. In addition, 1012 FRR may be used to provide protections against the failures of the 1013 transit nodes and the links of the primary and secondary end to end 1014 TE LSPs. 1016 There are a number of issues in this solution, which are briefed as 1017 follows: 1019 o It consumes lots of network resources. Double states need to be 1020 maintained in the network since two end to end TE LSPs are 1021 created. Double link bandwidth is reserved and used when both the 1022 primary and the secondary end to end TE LSPs carry the traffic at 1023 the same time. 1025 o More operations are needed, which include the configurations of 1026 two end to end TE LSPs and BFDs from each of the egress nodes to 1027 its corresponding ingress node. 1029 o The detection of the failure of the ingress node may not be 1030 reliable. Any failure on the path of the BFD from an egress node 1031 to an ingress node may cause the BFD down to indicate the failure 1032 of the ingress node. 1034 o The speed of protection against the failure of the ingress node 1035 may be slow. 1037 The ingress local protection proposed in this draft will resolve the 1038 above issues. 1040 Appendix B. Authors' Addresses 1042 Huaimo Chen 1043 Huawei Technologies 1044 Boston, MA 1045 USA 1046 Email: huaimo.chen@huawei.com 1048 Raveendra Torvi 1049 Juniper Networks 1050 10 Technology Park Drive 1051 Westford, MA 01886 1052 USA 1053 Email: rtorvi@juniper.net 1054 Ning So 1055 Tata Communications 1056 2613 Fairbourne Cir. 1057 Plano, TX 75082 1058 USA 1059 Email: ningso01@gmail.com 1061 Autumn Liu 1062 Ericsson 1063 300 Holger Way 1064 San Jose, CA 95134 1065 USA 1066 Email: autumn.liu@ericsson.com 1068 Alia Atlas 1069 Juniper Networks 1070 10 Technology Park Drive 1071 Westford, MA 01886 1072 USA 1073 Email: akatlas@juniper.net 1075 Yimin Shen 1076 Juniper Networks 1077 10 Technology Park Drive 1078 Westford, MA 01886 1079 USA 1080 Email: yshen@juniper.net 1082 Tarek Saad 1083 Cisco Systems 1084 Email: tsaad@cisco.com 1086 Fengman Xu 1087 Verizon 1088 2400 N. Glenville Dr 1089 Richardson, TX 75082 1090 USA 1091 Email: fengman.xu@verizon.com 1092 Mehmet Toy 1093 Comcast 1094 1800 Bishops Gate Blvd. 1095 Mount Laurel, NJ 08054 1096 USA 1097 Email: mehmet_toy@cable.comcast.com 1099 Lei Liu 1100 UC Davis 1101 USA 1102 Email: liulei.kddi@gmail.com