idnits 2.17.1 draft-ietf-teas-rsvp-ingress-protection-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (October 15, 2017) is 2384 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'Ib' is mentioned on line 168, but not defined == Missing Reference: 'L3' is mentioned on line 168, but not defined == Unused Reference: 'RFC2119' is defined on line 1020, but no explicit reference was found in the text == Unused Reference: 'RFC3031' is defined on line 1025, but no explicit reference was found in the text == Unused Reference: 'RFC3209' is defined on line 1030, but no explicit reference was found in the text == Unused Reference: 'RFC4875' is defined on line 1040, but no explicit reference was found in the text == Unused Reference: 'RFC6378' is defined on line 1049, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force H. Chen, Ed. 3 Internet-Draft Huawei Technologies 4 Intended status: Experimental R. Torvi, Ed. 5 Expires: April 18, 2018 Juniper Networks 6 October 15, 2017 8 Extensions to RSVP-TE for LSP Ingress FRR Protection 9 draft-ietf-teas-rsvp-ingress-protection-11.txt 11 Abstract 13 This document describes extensions to Resource Reservation Protocol - 14 Traffic Engineering (RSVP-TE) for locally protecting the ingress node 15 of a Point-to-Point (P2P) or Point-to-Multipoint (P2MP) Traffic 16 Engineered (TE) Label Switched Path (LSP). 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on April 18, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 1.1. Ingress Local Protection . . . . . . . . . . . . . . . . . 4 54 2. Ingress Failure Detection . . . . . . . . . . . . . . . . . . 5 55 2.1. Source Detects Failure . . . . . . . . . . . . . . . . . . 5 56 2.2. Backup and Source Detect Failure . . . . . . . . . . . . . 5 57 3. Backup Forwarding State . . . . . . . . . . . . . . . . . . . 6 58 3.1. Forwarding State for Backup LSP . . . . . . . . . . . . . 6 59 4. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . 6 60 4.1. INGRESS_PROTECTION Object . . . . . . . . . . . . . . . . 6 61 4.1.1. Subobject: Backup Ingress IPv4 Address . . . . . . . . 8 62 4.1.2. Subobject: Backup Ingress IPv6 Address . . . . . . . . 9 63 4.1.3. Subobject: Ingress IPv4 Address . . . . . . . . . . . 9 64 4.1.4. Subobject: Ingress IPv6 Address . . . . . . . . . . . 9 65 4.1.5. Subobject: Traffic Descriptor . . . . . . . . . . . . 10 66 4.1.6. Subobject: Label-Routes . . . . . . . . . . . . . . . 11 67 5. Behavior of Ingress Protection . . . . . . . . . . . . . . . . 11 68 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 11 69 5.1.1. Relay-Message Method . . . . . . . . . . . . . . . . . 11 70 5.1.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 12 71 5.2. Ingress Behavior . . . . . . . . . . . . . . . . . . . . . 13 72 5.2.1. Relay-Message Method . . . . . . . . . . . . . . . . . 13 73 5.2.2. Proxy-Ingress Method . . . . . . . . . . . . . . . . . 14 74 5.3. Backup Ingress Behavior . . . . . . . . . . . . . . . . . 15 75 5.3.1. Backup Ingress Behavior in Off-path Case . . . . . . . 16 76 5.3.2. Backup Ingress Behavior in On-path Case . . . . . . . 18 77 5.3.3. Failure Detection and Refresh PATH Messages . . . . . 19 78 5.4. Revertive Behavior . . . . . . . . . . . . . . . . . . . . 19 79 5.4.1. Revert to Primary Ingress . . . . . . . . . . . . . . 19 80 5.4.2. Global Repair by Backup Ingress . . . . . . . . . . . 20 81 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 82 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 83 8. Co-authors and Contributors . . . . . . . . . . . . . . . . . 21 84 9. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 23 85 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 86 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23 87 10.2. Informative References . . . . . . . . . . . . . . . . . . 24 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24 90 1. Introduction 92 For a MPLS TE LSP, protecting the failures of its transit nodes using 93 fast-reroute (FRR) is covered in RFC 4090 for P2P LSP and RFC 4875 94 for P2MP LSP. However, protecting the failure of its ingress node 95 using FRR is not covered in either RFC 4090 or RFC 4875. The MPLS 96 Transport Profile (MPLS-TP) Linear Protection described in RFC 6378 97 can provide a protection against the failure of any transit node of a 98 LSP between the ingress node and the egress node of the LSP, but 99 cannot protect against the failure of the ingress node. 101 To protect against the failure of the (primary) ingress node of a 102 primary end to end P2MP (or P2P) TE LSP, a typical existing solution 103 is to set up a secondary backup end to end P2MP (or P2P) TE LSP from 104 a backup ingress node, which is different from the primary ingress 105 node, to the backup egress nodes (or node), which are (or is) 106 different from the primary egress nodes (or node) of the primary LSP. 107 For a P2MP TE LSP, on each of the primary (and backup) egress nodes, 108 a P2P LSP is created from the egress node to its primary (backup) 109 ingress node and configured with BFD. This is used to detect the 110 failure of the primary (backup) ingress node for the receiver to 111 switch to the backup (or primary) egress node to receive the traffic 112 after the primary (or backup) ingress node fails when both the 113 primary LSP and the secondary LSP carry the traffic. In addition, 114 FRR may be used to provide protections against the failures of the 115 transit nodes and the links of the primary and secondary end to end 116 TE LSPs. 118 There are a number of issues in this solution, which are briefed as 119 follows: 121 o It consumes lots of network resources. Double states need to be 122 maintained in the network since two end to end TE LSPs are 123 created. Double link bandwidth is reserved and used when both the 124 primary and the secondary end to end TE LSPs carry the traffic at 125 the same time. 127 o More operations are needed, which include the configurations of 128 two end to end TE LSPs and BFDs from each of the egress nodes to 129 its corresponding ingress node. 131 o The detection of the failure of the ingress node may not be 132 reliable. Any failure on the path of the BFD from an egress node 133 to an ingress node may cause the BFD down to indicate the failure 134 of the ingress node. 136 o The speed of protection against the failure of the ingress node 137 may be slow. 139 This specification defines a simple extension to RSVP-TE for local 140 protection (FRR) of the ingress node of a P2MP or P2P LSP to resolve 141 these issues. Ingress local protection and ingress FRR protection 142 will be used exchangeably. The procedures described in this document 143 are experimental. 145 1.1. Ingress Local Protection 147 Figure 1 shows an example of using a backup P2MP LSP to locally 148 protect the ingress of a primary P2MP LSP, which is from ingress Ia 149 to three egresses: L1, L2 and L3. The backup LSP is from backup 150 ingress Ib to the next hops R2 and R4 of ingress Ia. 152 ******* ******* S Source 153 [R2]-----[R3]-----[L1] Ix Ingress 154 */ & Rx Transit 155 */ & Lx Egress 156 */ & *** Primary LSP 157 */ & &&& Backup LSP across 158 */ & logical hop 159 */ & 160 */ ******** ******** ******* 161 [S]---[Ia]--------[R4]------[R5]-----[L2] 162 \ | & & *\ 163 \ | & & *\ 164 \ | & & *\ 165 \ | & & *\ 166 \ | & & *\ 167 \ |& & *\ 168 [Ib]&&& [L3] 170 Figure 1: Ingress Local Protection 172 In normal operations, source S sends the traffic to primary ingress 173 Ia. Ia imports the traffic into the primary LSP. 175 When source S detects the failure of Ia, it switches the traffic to 176 backup ingress Ib, which imports the traffic from S into the backup 177 LSP to Ia's next hops R2 and R4, where the traffic is merged into the 178 primary LSP, and then sent to egresses L1, L2 and L3. Source S 179 detects the failure of Ia and switches the traffic within 10s of ms. 181 Note that the backup ingress is one logical hop away from the 182 ingress. A logical hop is a direct link or a tunnel such as a GRE 183 tunnel, over which RSVP-TE messages may be exchanged. 185 2. Ingress Failure Detection 187 Exactly how to detect the failure of the ingress is out of scope. 188 However, it is necessary to discuss different modes for detecting the 189 failure because they determine what is the required behavior for the 190 source and backup ingress. 192 2.1. Source Detects Failure 194 Source Detects Failure or Source-Detect for short means that the 195 source is responsible for fast detecting the failure of the primary 196 ingress of an LSP. The backup ingress is ready to import the traffic 197 from the source into the backup LSP(s) after the backup LSP(s) is up. 199 In normal operations, the source sends the traffic to the primary 200 ingress. When the source detects the failure of the primary ingress, 201 it switches the traffic to the backup ingress, which delivers the 202 traffic to the next hops of the primary ingress through the backup 203 LSP(s), where the traffic is merged into the primary LSP. 205 For a P2P LSP, after the primary ingress fails, the backup ingress 206 MUST use a method to reliably detect the failure of the primary 207 ingress before the PATH message for the LSP expires at the next hop 208 of the primary ingress. After reliably detecting the failure, the 209 backup ingress sends/refreshes the PATH message to the next hop 210 through the backup LSP as needed. 212 After the primary ingress fails, it will not be reachable after 213 routing convergence. Thus checking whether the primary ingress 214 (address) is reachable is a possible method. 216 2.2. Backup and Source Detect Failure 218 Backup and Source Detect Failure or Backup-Source-Detect for short 219 means that both the backup ingress and the source are concurrently 220 responsible for fast detecting the failure of the primary ingress. 222 In normal operations, the source sends the traffic to the primary 223 ingress. It switches the traffic to the backup ingress when it 224 detects the failure of the primary ingress. 226 The backup ingress does not import any traffic from the source into 227 the backup LSP in normal operations. When it detects the failure of 228 the primary ingress, it imports the traffic from the source into the 229 backup LSP to the next hops of the primary ingress, where the traffic 230 is merged into the primary LSP. 232 The source-detect is preferred. It is simpler than the backup- 233 source-detect, which needs both the source and the backup ingress 234 detect the ingress failure quickly. 236 3. Backup Forwarding State 238 Before the primary ingress fails, the backup ingress is responsible 239 for creating the necessary backup LSPs. These LSPs might be multiple 240 bypass P2P LSPs that avoid the ingress. Alternately, the backup 241 ingress could choose to use a single backup P2MP LSP as a bypass or 242 detour to protect the primary ingress of a primary P2MP LSP. 244 The backup ingress may be off-path or on-path of an LSP. If a backup 245 ingress is not any node of the LSP, we call it is off-path. If a 246 backup ingress is a next-hop of the primary ingress of the LSP, we 247 call it is on-path. If it is on-path, the primary forwarding state 248 associated with the primary LSP SHOULD be clearly separated from the 249 backup LSP(s) state. 251 3.1. Forwarding State for Backup LSP 253 A forwarding entry for a backup LSP is created on the backup ingress 254 after the LSP is set up. Depending on the failure-detection mode 255 (e.g., source-detect), it may be used to forward received traffic or 256 simply be inactive (e.g., backup-source-detect) until required. In 257 either case, when the primary ingress fails, this entry is used to 258 import the traffic into the backup LSP to the next hops of the 259 primary ingress, where the traffic is merged into the primary LSP. 261 The forwarding entry for a backup LSP is a local implementation 262 issue. In one device, it may have an inactive flag. This inactive 263 forwarding entry is not used to forward any traffic normally. When 264 the primary ingress fails, it is changed to active, and thus the 265 traffic from the source is imported into the backup LSP. 267 4. Protocol Extensions 269 A new object INGRESS_PROTECTION is defined for signaling ingress 270 local protection. It is backward compatible. 272 4.1. INGRESS_PROTECTION Object 274 The INGRESS_PROTECTION object with the FAST_REROUTE object in a PATH 275 message is used to control the backup for protecting the primary 276 ingress of a primary LSP. The primary ingress MUST insert this 277 object into the PATH message to be sent to the backup ingress for 278 protecting the primary ingress. It has the following format: 280 Class-Num = TBD C-Type = 1 for INGRESS_PROTECTION_IPv4 281 C-Type = 2 for INGRESS_PROTECTION_IPv6 282 0 1 2 3 283 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 | Length (bytes) | Class-Num | C-Type | 286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 | Reserved (zero) | NUB | Flags | Options | 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 ~ (Subobjects) ~ 290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 291 NUB Number of Unprotected Branches 292 Flags 293 0x01 Ingress local protection available 294 0x02 Ingress local protection in use 295 0x04 Bandwidth protection 297 Options 298 0x01 Revert to Ingress 299 0x02 P2MP Backup 301 For protecting the ingress of a P2MP LSP, if the backup ingress 302 doesn't have a backup LSP to each of the next hops of the primary 303 ingress, it SHOULD clear "Ingress local protection available" and set 304 NUB to the number of the next hops to which there is no backup LSP. 306 The flags are used to communicate status information from the backup 307 ingress to the primary ingress. 309 o Ingress local protection available: The backup ingress MUST set 310 this flag after backup LSPs are up and ready for locally 311 protecting the primary ingress. The backup ingress sends this to 312 the primary ingress to indicate that the primary ingress is 313 locally protected. 315 o Ingress local protection in use: The backup ingress MUST set this 316 flag when it detects a failure in the primary ingress and actively 317 redirects the traffic into the backup LSPs. The backup ingress 318 keeps it and does not send it to the primary ingress since the 319 primary ingress is down. 321 o Bandwidth protection: The backup ingress MUST set this flag if the 322 backup LSPs guarantee to provide desired bandwidth for the 323 protected LSP against the primary ingress failure. 325 The options are used by the primary ingress to specify the desired 326 behavior to the backup ingress. 328 o Revert to Ingress: The primary ingress sets this option indicating 329 that the traffic for the primary LSP successfully re-signaled will 330 be switched back to the primary ingress from the backup ingress 331 when the primary ingress is restored. 333 o P2MP Backup: This option is set to ask for the backup ingress to 334 use P2MP backup LSP to protect the primary ingress. 336 The INGRESS_PROTECTION object may contain some sub objects of 337 following format: 339 0 1 2 3 340 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Type | Length |Reserved (zero)| 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 344 | Contents/Body of subobject | 345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 347 where Type is the type of a sub object, Length is the total size of 348 the sub object in bytes, including Type, Length and Contents fields. 350 4.1.1. Subobject: Backup Ingress IPv4 Address 352 When the primary ingress of a protected LSP sends a PATH message with 353 an INGRESS_PROTECTION object to the backup ingress, the object MUST 354 have a Backup Ingress IPv4 Address sub object containing an IPv4 355 address belonging to the backup ingress if IPv4 is used. The Type of 356 the sub object is TBD1 (the exact number to be assigned by IANA), and 357 the body of the sub object is given below: 359 0 1 2 3 360 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | Backup ingress IPv4 address (4 bytes) | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 Backup ingress IPv4 address: An IPv4 host address of backup ingress 367 4.1.2. Subobject: Backup Ingress IPv6 Address 369 When the primary ingress of a protected LSP sends a PATH message with 370 an INGRESS_PROTECTION object to the backup ingress, the object MUST 371 have a Backup Ingress IPv6 Address sub object containing an IPv6 372 address belonging to the backup ingress if IPv6 is used. The Type of 373 the sub object is TBD2, the body of the sub object is given below: 375 0 1 2 3 376 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 378 | Backup ingress IPv6 address (16 bytes) | 379 ~ ~ 380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 382 Backup ingress IPv6 address: An IPv6 host address of backup ingress 384 4.1.3. Subobject: Ingress IPv4 Address 386 The INGRESS_PROTECTION object may have an Ingress IPv4 Address sub 387 object containing an IPv4 address belonging to the primary ingress if 388 IPv4 is used. The Type of the sub object is TBD3. The sub object 389 has the following body: 391 0 1 2 3 392 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 393 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 | Ingress IPv4 address (4 bytes) | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 Ingress IPv4 address: An IPv4 host address of ingress 399 4.1.4. Subobject: Ingress IPv6 Address 401 The INGRESS_PROTECTION object may have an Ingress IPv6 Address sub 402 object containing an IPv6 address belonging to the primary ingress if 403 IPv6 is used. The Type of the sub object is TBD4. The sub object 404 has the following body: 406 0 1 2 3 407 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 | Ingress IPv6 address (16 bytes) | 410 ~ ~ 411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 413 Ingress IPv6 address: An IPv6 host address of ingress 415 4.1.5. Subobject: Traffic Descriptor 417 The INGRESS_PROTECTION object may have a Traffic Descriptor sub 418 object describing the traffic to be mapped to the backup LSP on the 419 backup ingress for locally protecting the primary ingress. The Type 420 of the sub object is TBD5, TBD6, TBD7 or TBD8 for Interface, IPv4 421 Prefix, IPv6 Prefix or Application Identifier respectively. The sub 422 object has the following body: 424 0 1 2 3 425 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 427 | Traffic Element 1 | 428 ~ ~ 429 | Traffic Element n | 430 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 432 The Traffic Descriptor sub object may contain multiple Traffic 433 Elements of same type as follows: 435 o Interface Traffic (Type TBD5): Each of the Traffic Elements is a 436 32 bit index of an interface, from which the traffic is imported 437 into the backup LSP. 439 o IPv4 Prefix Traffic (Type TBD6): Each of the Traffic Elements is 440 an IPv4 prefix, containing an 8-bit prefix length followed by an 441 IPv4 address prefix, whose length, in bits, is specified by the 442 prefix length, padded to a byte boundary. 444 o IPv6 Prefix Traffic (Type TBD7): Each of the Traffic Elements is 445 an IPv6 prefix, containing an 8-bit prefix length followed by an 446 IPv6 address prefix, whose length, in bits, is specified by the 447 prefix length, padded to a byte boundary. 449 o Application Traffic (Type TBD8): Each of the Traffic Elements is a 450 32 bit identifier of an application, from which the traffic is 451 imported into the backup LSP. 453 4.1.6. Subobject: Label-Routes 455 The INGRESS_PROTECTION object in a PATH message from the primary 456 ingress to the backup ingress will have a Label-Routes sub object 457 containing the labels and routes that the next hops of the ingress 458 use. The Type of the sub object is TBD9. The sub object has the 459 following body: 461 0 1 2 3 462 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 ~ Subobjects ~ 465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 467 The Subobjects in the Label-Routes are copied from those in the 468 RECORD_ROUTE objects in the RESV messages that the primary ingress 469 receives from its next hops for the primary LSP. They MUST contain 470 the first hops of the LSP, each of which is paired with its label. 472 5. Behavior of Ingress Protection 474 5.1. Overview 476 There are four parts of ingress protection: 1) setting up the 477 necessary backup LSP forwarding state based on the information for 478 ingress protection; 2) identifying the failure and providing the fast 479 repair (as discussed in Sections 3 and 4); 3) maintaining the RSVP-TE 480 control plane state until a global repair is done; and 4) performing 481 the global repair(see Section 6.4). 483 There are two different proposed signaling approaches to transfer the 484 information for ingress protection. They both use the same new 485 INGRESS_PROTECTION object. The object is sent in both PATH and RESV 486 messages. 488 5.1.1. Relay-Message Method 490 The primary ingress relays the information for ingress protection of 491 an LSP to the backup ingress via PATH messages. Once the LSP is 492 created, the ingress of the LSP sends the backup ingress a PATH 493 message with an INGRESS_PROTECTION object with Label-Routes 494 subobject, which is populated with the next-hops and labels. This 495 provides sufficient information for the backup ingress to create the 496 appropriate forwarding state and backup LSP(s). 498 The ingress also sends the backup ingress all the other PATH messages 499 for the LSP with an empty INGRESS_PROTECTION object. An 500 INGRESS_PROTECTION object without any Traffic-Descriptor sub-object 501 is called an empty INGRESS_PROTECTION object. Thus, the backup 502 ingress has access to all the PATH messages needed for modification 503 to refresh control-plane state after a failure. 505 The advantages of this method include: 1) the primary LSP is 506 independent of the backup ingress; 2) simple; 3) less configuration; 507 and 4) less control traffic. 509 5.1.2. Proxy-Ingress Method 511 Conceptually, a proxy ingress is created that starts the RSVP 512 signaling. The explicit path of the LSP goes from the proxy ingress 513 to the backup ingress and then to the real ingress. The behavior and 514 signaling for the proxy ingress is done by the real ingress; the use 515 of a proxy ingress address avoids problems with loop detection. 517 [ traffic source ] *** Primary LSP 518 $ $ --- Backup LSP 519 $ $ $$ Link 520 $ $ 521 [ proxy ingress ] [ backup ] 522 [ & ingress ] | 523 * | 524 *****[ MP ]----| 526 Figure 2: Example Protected LSP with Proxy Ingress Node 528 The backup ingress MUST know the merge points or next-hops and their 529 associated labels. This is accomplished by having the RSVP PATH and 530 RESV messages go through the backup ingress, although the forwarding 531 path need not go through the backup ingress. If the backup ingress 532 fails, the ingress simply removes the INGRESS_PROTECTION object and 533 forwards the PATH messages to the LSP's next-hop(s). If the ingress 534 has its LSP configured for ingress protection, then the ingress can 535 add the backup ingress and itself to the ERO and start forwarding the 536 PATH messages to the backup ingress. 538 Slightly different behavior can apply for the on-path and off-path 539 cases. In the on-path case, the backup ingress is a next hop node 540 after the ingress for the LSP. In the off-path, the backup ingress 541 is not any next-hop node after the ingress for all associated sub- 542 LSPs. 544 The key advantage of this approach is that it minimizes the special 545 handling code requires. Because the backup ingress is on the 546 signaling path, it can receive various notifications. It easily has 547 access to all the PATH messages needed for modification to be sent to 548 refresh control-plane state after a failure. 550 5.2. Ingress Behavior 552 The primary ingress MUST be configured with a couple of pieces of 553 information for ingress protection. 555 o Backup Ingress Address: The primary ingress MUST know an IP 556 address for it to be included in the INGRESS_PROTECTION object. 558 o Proxy-Ingress-Id (only needed for Proxy-Ingress Method): The 559 Proxy-Ingress-Id is only used in the Record Route Object for 560 recording the proxy-ingress. If no proxy-ingress-id is specified, 561 then a local interface address that will not otherwise be included 562 in the Record Route Object can be used. A similar technique is 563 used in [RFC4090 Sec 6.1.1]. 565 o Application Traffic Identifier: The primary ingress and backup 566 ingress MUST both know what application traffic should be directed 567 into the LSP. If a list of prefixes in the Traffic Descriptor 568 sub-object will not suffice, then a commonly understood 569 Application Traffic Identifier can be sent between the primary 570 ingress and backup ingress. The exact meaning of the identifier 571 should be configured similarly at both the primary ingress and 572 backup ingress. The Application Traffic Identifier is understood 573 within the unique context of the primary ingress and backup 574 ingress. 576 o A connection between backup ingress and primary ingress: If there 577 is not any direct link between the primary ingress and the backup 578 ingress, a tunnel MUST be configured between them. 580 With this additional information, the primary ingress can create and 581 signal the necessary RSVP extensions to support ingress protection. 583 5.2.1. Relay-Message Method 585 To protect the primary ingress of an LSP, the primary ingress MUST do 586 the following after the LSP is up. 588 1. Select a PATH message P0 for the LSP. 590 2. If the backup ingress is off-path (the backup ingress is not the 591 next hop of the primary ingress for P0), then send it a PATH 592 message P0' with the content from P0 and an INGRESS_PROTECTION 593 object; else (the backup ingress is a next hop, i.e., on-path 594 case) add an INGRESS_PROTECTION object into the existing PATH 595 message to the backup ingress (i.e., the next hop). The object 596 contains the Traffic-Descriptor sub-object, the Backup Ingress 597 Address sub-object and the Label-Routes sub-object. The options 598 is set to indicate whether a Backup P2MP LSP is desired. The 599 Label-Routes sub-object contains the next-hops of the primary 600 ingress and their labels. 602 3. For each Pi of the other PATH messages for the LSP, send the 603 backup ingress a PATH message Pi' with the content copied from Pi 604 and an empty INGRESS_PROTECTION object. 606 For every PATH message Pj' (i.e., P0'/Pi') to be sent to the backup 607 ingress, it has the same SESSION as Pj (i.e., P0/Pi). If the backup 608 ingress is off-path, the primary ingress updates Pj' according to the 609 backup ingress as its next hop before sending it. It adds the backup 610 ingress to the beginning of the ERO, and sets RSVP_HOP based on the 611 interface to the backup ingress. The primary ingress MUST NOT set up 612 any forwarding state to the backup ingress if the backup ingress is 613 off-path. 615 5.2.2. Proxy-Ingress Method 617 The primary ingress is responsible for starting the RSVP signaling 618 for the proxy-ingress node. To do this, the following MUST be done 619 for the RSVP PATH message. 621 1. Compute the EROs for the LSP as normal for the ingress. 623 2. If the selected backup ingress node is not the first node on the 624 path (for all sub-LSPs), then insert at the beginning of the ERO 625 first the backup ingress node and then the ingress node. 627 3. In the PATH RRO, instead of recording the ingress node's address, 628 replace it with the Proxy-Ingress-Id. 630 4. Leave the HOP object populated as usual with information for the 631 ingress-node. 633 5. Add the INGRESS_PROTECTION object to the PATH message. Include 634 the Backup Ingress Address (IPv4 or IPv6) sub-object and the 635 Traffic-Descriptor sub-object. Set or clear the options 636 indicating that a Backup P2MP LSP is desired. 638 6. Optionally, add the FAST-REROUTE object [RFC4090] to the Path 639 message. Indicate whether one-to-one backup is desired. 640 Indicate whether facility backup is desired. 642 7. The RSVP PATH message is sent to the backup node as normal. 644 If the ingress detects that it can't communicate with the backup 645 ingress, then the ingress SHOULD instead send the PATH message to the 646 next-hop indicated in the ERO computed in step 1. Once the ingress 647 detects that it can communicate with the backup ingress, the ingress 648 SHOULD follow the steps 1-7 to obtain ingress failure protection. 650 When the ingress node receives an RSVP PATH message with an 651 INGRESS_PROTECTION object and the object specifies that node as the 652 ingress node and the PHOP as the backup ingress node, the ingress 653 node SHOULD remove the INGRESS_PROTECTION object from the PATH 654 message before sending it out. Additionally, the ingress node MUST 655 store that it will install ingress forwarding state for the LSP 656 rather than midpoint forwarding. 658 When an RSVP RESV message is received by the ingress, it uses the 659 NHOP to determine whether the message is received from the backup 660 ingress or from a different node. The stored associated PATH message 661 contains an INGRESS_PROTECTION object that identifies the backup 662 ingress node. If the RESV message is not from the backup node, then 663 ingress forwarding state SHOULD be set up, and the INGRESS_PROTECTION 664 object MUST be added to the RESV before it is sent to the NHOP, which 665 SHOULD be the backup node. If the RESV message is from the backup 666 node, then the LSP SHOULD be considered available for use. 668 If the backup ingress node is on the forwarding path, then a RESV is 669 received with an INGRESS_PROTECTION object and an NHOP that matches 670 the backup ingress. In this case, the ingress node's address will 671 not appear after the backup ingress in the RRO. The ingress node 672 SHOULD set up ingress forwarding state, just as is done if the LSP 673 weren't ingress-node protected. 675 5.3. Backup Ingress Behavior 677 An LER determines that the ingress local protection is requested for 678 an LSP if the INGRESS_PROTECTION object is included in the PATH 679 message it receives for the LSP. The LER can further determine that 680 it is the backup ingress if one of its addresses is in the Backup 681 Ingress Address sub-object of the INGRESS_PROTECTION object. The LER 682 as the backup ingress will assume full responsibility of the ingress 683 after the primary ingress fails. In addition, the LER determines 684 that it is off-path if it is not any node of the LSP. 686 5.3.1. Backup Ingress Behavior in Off-path Case 688 The backup ingress considers itself as a PLR and the primary ingress 689 as its next hop and provides a local protection for the primary 690 ingress. It behaves very similarly to a PLR providing fast-reroute 691 where the primary ingress is considered as the failure-point to 692 protect. Where not otherwise specified, the behavior given in 693 [RFC4090] for a PLR applies. 695 The backup ingress MUST follow the control-options specified in the 696 INGRESS_PROTECTION object and the flags and specifications in the 697 FAST-REROUTE object. This applies to providing a P2MP backup if the 698 "P2MP backup" is set, a one-to-one backup if "one-to-one desired" is 699 set, facility backup if the "facility backup desired" is set, and 700 backup paths that support the desired bandwidth, and administrative- 701 colors that are requested. 703 If multiple non empty INGRESS_PROTECTION objects have been received 704 via multiple PATH messages for the same LSP, then the most recent one 705 MUST be the one used. 707 The backup ingress creates the appropriate forwarding state for the 708 backup LSP tunnel(s) to the merge point(s). 710 When the backup ingress sends a RESV message to the primary ingress, 711 it MUST add an INGRESS_PROTECTION object into the message. It MUST 712 set or clear the flags in the object to report "Ingress local 713 protection available", "Ingress local protection in use", and 714 "bandwidth protection". 716 If the backup ingress doesn't have a backup LSP tunnel to each of the 717 merge points, it SHOULD clear "Ingress local protection available" 718 and set NUB to the number of the merge points to which there is no 719 backup LSP. 721 When the primary ingress fails, the backup ingress redirects the 722 traffic from a source into the backup P2P LSPs or the backup P2MP LSP 723 transmitting the traffic to the next hops of the primary ingress, 724 where the traffic is merged into the protected LSP. 726 In this case, the backup ingress MUST keep the PATH message with the 727 INGRESS_PROTECTION object received from the primary ingress and the 728 RESV message with the INGRESS_PROTECTION object to be sent to the 729 primary ingress. The backup ingress MUST set the "local protection 730 in use" flag in the RESV message, indicating that the backup ingress 731 is actively redirecting the traffic into the backup P2P LSPs or the 732 backup P2MP LSP for locally protecting the primary ingress failure. 734 Note that the RESV message with this piece of information will not be 735 sent to the primary ingress because the primary ingress has failed. 737 If the backup ingress has not received any PATH message from the 738 primary ingress for an extended period of time (e.g., a cleanup 739 timeout interval) and a confirmed primary ingress failure did not 740 occur, then the standard RSVP soft-state removal SHOULD occur. The 741 backup ingress SHALL remove the state for the PATH message from the 742 primary ingress, and tear down the one-to-one backup LSPs for 743 protecting the primary ingress if one-to-one backup is used or unbind 744 the facility backup LSPs if facility backup is used. 746 When the backup ingress receives a PATH message from the primary 747 ingress for locally protecting the primary ingress of a protected 748 LSP, it MUST check to see if any critical information has been 749 changed. If the next hops of the primary ingress are changed, the 750 backup ingress SHALL update its backup LSP(s) accordingly. 752 5.3.1.1. Relay-Message Method 754 When the backup ingress receives a PATH message with an non empty 755 INGRESS_PROTECTION object, it examines the object to learn what 756 traffic associated with the LSP. It determines the next-hops to be 757 merged to by examining the Label-Routes sub-object in the object. 759 The backup ingress MUST store the PATH message received from the 760 primary ingress, but NOT forward it. 762 The backup ingress responds with a RESV message to the PATH message 763 received from the primary ingress. If the backup ingress is off- 764 path, the LABEL object in the RESV message contains IMPLICIT-NULL. 765 If the INGRESS_PROTECTION object is not "empty", the backup ingress 766 SHALL send the RESV message with the state indicating protection is 767 available after the backup LSP(s) are successfully established. 769 5.3.1.2. Proxy-Ingress Method 771 The backup ingress determines the next-hops to be merged to by 772 collecting the set of the pair of (IPv4/IPv6 sub-object, Label sub- 773 object) from the Record Route Object of each RESV that are closest to 774 the top and not the Ingress router; this should be the second to the 775 top pair. If a Label-Routes sub-object is included in the 776 INGRESS_PROTECTION object, the included IPv4/IPv6 sub-objects are 777 used to filter the set down to the specific next-hops where 778 protection is desired. A RESV message MUST have been received before 779 the Backup Ingress can create or select the appropriate backup LSP. 781 When the backup ingress receives a PATH message with the 782 INGRESS_PROTECTION object, the backup ingress examines the object to 783 learn what traffic associated with the LSP. The backup ingress 784 forwards the PATH message to the ingress node with the normal RSVP 785 changes. 787 When the backup ingress receives a RESV message with the 788 INGRESS_PROTECTION object, the backup ingress records an IMPLICIT- 789 NULL label in the RRO. Then the backup ingress forwards the RESV 790 message to the ingress node, which is acting for the proxy ingress. 792 5.3.2. Backup Ingress Behavior in On-path Case 794 An LER as the backup ingress determines that it is on-path if one of 795 its addresses is a next hop of the primary ingress (and for Proxy- 796 Ingress Method the primary ingress is not its next hop via checking 797 the PATH message with the INGRESS_PROTECTION object received from the 798 primary ingress). The LER on-path MUST send the corresponding PATH 799 messages without any INGRESS_PROTECTION object to its next hops. It 800 creates a number of backup P2P LSPs or a backup P2MP LSP from itself 801 to the other next hops (i.e., the next hops other than the backup 802 ingress) of the primary ingress. The other next hops are from the 803 Label-Routes sub object. 805 It also creates a forwarding entry, which sends/multicasts the 806 traffic from the source to the next hops of the backup ingress along 807 the protected LSP when the primary ingress fails. The traffic is 808 described by the Traffic-Descriptor. 810 After the forwarding entry is created, all the backup P2P LSPs or the 811 backup P2MP LSP is up and associated with the protected LSP, the 812 backup ingress MUST send the primary ingress the RESV message with 813 the INGRESS_PROTECTION object containing the state of the local 814 protection such as "local protection available" flag set to one, 815 which indicates that the primary ingress is locally protected. 817 When the primary ingress fails, the backup ingress sends/multicasts 818 the traffic from the source to its next hops along the protected LSP 819 and imports the traffic into each of the backup P2P LSPs or the 820 backup P2MP LSP transmitting the traffic to the other next hops of 821 the primary ingress, where the traffic is merged into protected LSP. 823 During the local repair, the backup ingress MUST continue to send the 824 PATH messages to its next hops as before, keep the PATH message with 825 the INGRESS_PROTECTION object received from the primary ingress and 826 the RESV message with the INGRESS_PROTECTION object to be sent to the 827 primary ingress. It MUST set the "local protection in use" flag in 828 the RESV message. 830 5.3.3. Failure Detection and Refresh PATH Messages 832 As described in [RFC4090], it is necessary to refresh the PATH 833 messages via the backup LSP(s). The Backup Ingress MUST wait to 834 refresh the PATH messages until it can accurately detect that the 835 ingress node has failed. An example of such an accurate detection 836 would be that the IGP has no bi-directional links to the ingress node 837 or a BFD session to the primary ingress' loopback address has failed 838 and stayed failed after the network has reconverged. 840 As described in [RFC4090 Section 6.4.3], the backup ingress, acting 841 as PLR, MUST modify and send any saved PATH messages associated with 842 the primary LSP to the corresponding next hops through backup LSP(s). 843 Any PATH message sent will not contain any INGRESS_PROTECTION object. 844 The RSVP_HOP object in the message contains an IP source address 845 belonging to the backup ingress. The sender template object has the 846 backup ingress address as its tunnel sender address. 848 5.4. Revertive Behavior 850 Upon a failure event in the (primary) ingress of a protected LSP, the 851 protected LSP is locally repaired by the backup ingress. There are a 852 couple of basic strategies for restoring the LSP to a full working 853 path. 855 - Revert to Primary Ingress: When the primary ingress is restored, 856 it re-signals each of the LSPs that start from the primary 857 ingress. The traffic for every LSP successfully re-signaled is 858 switched back to the primary ingress from the backup ingress. 860 - Global Repair by Backup Ingress: After determining that the 861 primary ingress of an LSP has failed, the backup ingress computes 862 a new optimal path, signals a new LSP along the new path, and 863 switches the traffic to the new LSP. 865 5.4.1. Revert to Primary Ingress 867 If "Revert to Primary Ingress" is desired for a protected LSP, the 868 (primary) ingress of the LSP SHOULD re-signal the LSP that starts 869 from the primary ingress after the primary ingress restores. After 870 the LSP is re-signaled successfully, the traffic SHOULD be switched 871 back to the primary ingress from the backup ingress on the source 872 node and redirected into the LSP starting from the primary ingress. 874 The primary ingress can specify the "Revert to Ingress" control- 875 option in the INGRESS_PROTECTION object in the PATH messages to the 876 backup ingress. After receiving the "Revert to Ingress" control- 877 option, the backup ingress MUST stop sending/refreshing PATH messages 878 for the protected LSP. 880 5.4.2. Global Repair by Backup Ingress 882 When the backup ingress has determined that the primary ingress of 883 the protected LSP has failed (e.g., via the IGP), it can compute a 884 new path and signal a new LSP along the new path so that it no longer 885 relies upon local repair. To do this, the backup ingress MUST use 886 the same tunnel sender address in the Sender Template Object and 887 allocate a LSP ID different from the one of the old LSP as the LSP-ID 888 of the new LSP. This allows the new LSP to share resources with the 889 old LSP. Alternately, the Backup Ingress can create a new LSP with 890 no bandwidth reservation that duplicates the path(s) of the protected 891 LSP, move traffic to the new LSP, delete the protected LSP, and then 892 resignal the new LSP with bandwidth. 894 6. Security Considerations 896 In principle this document does not introduce new security issues. 897 The security considerations pertaining to RFC 4090, RFC 4875 and 898 other RSVP protocols remain relevant. 900 7. IANA Considerations 902 IANA maintains a registry called "Class Names, Class Numbers, and 903 Class Types" under "Resource Reservation Protocol-Traffic Engineering 904 (RSVP-TE) Parameters". IANA is requested to assign a new Class 905 Number for new object INGRESS_PROTECTION as follows: 907 +====================+===============+============================+ 908 | Class Names | Class Numbers | Class Types | 909 +====================+===============+============================+ 910 | INGRESS_PROTECTION | TBD | 1: INGRESS_PROTECTION_IPv4 | 911 | | +----------------------------+ 912 | | | 2: INGRESS_PROTECTION_IPv6 | 913 +--------------------+---------------+----------------------------+ 915 IANA is to create and maintain a new registry under 916 INGRESS_PROTECTION: 918 o Sub-object type - TBD INGRESS_PROTECTION 920 Initial values for the registry are given below. The future 921 assignments are to be made through IETF Review. 923 Value Name Definition 924 1 BACKUP_INGRESS_IPv4_ADDRESS Section 4.1.1 925 2 BACKUP_INGRESS_IPv6_ADDRESS Section 4.1.2 926 3 INGRESS_IPv4_ADDRESS Section 4.1.3 927 4 INGRESS_IPv6_ADDRESS Section 4.1.4 928 5 TRAFFIC_DESCRIPTOR_INTERFACE Section 4.1.5 929 6 TRAFFIC_DESCRIPTOR_IPv4_PREFIX Section 4.1.5 930 7 TRAFFIC_DESCRIPTOR_IPv6_PREFIX Section 4.1.5 931 8 TRAFFIC_DESCRIPTOR_APPLICATION Section 4.1.5 932 9 LabeL_Routes Section 4.1.6 934 8. Co-authors and Contributors 936 1. Co-authors 938 Autumn Liu 939 Ciena 940 USA 941 Email: hliu@ciena.com 943 Zhenbin Li 944 Huawei Technologies 945 Email: zhenbin.li@huawei.com 947 Yimin Shen 948 Juniper Networks 949 10 Technology Park Drive 950 Westford, MA 01886 951 USA 952 Email: yshen@juniper.net 954 Tarek Saad 955 Cisco Systems 956 Email: tsaad@cisco.com 957 Fengman Xu 958 Verizon 959 2400 N. Glenville Dr 960 Richardson, TX 75082 961 USA 962 Email: fengman.xu@verizon.com 964 2. Contributors 966 Ning So 967 Tata Communications 968 2613 Fairbourne Cir. 969 Plano, TX 75082 970 USA 971 Email: ningso01@gmail.com 973 Mehmet Toy 974 Verizon 975 USA 976 Email: mehmet.toy@verizon.com 978 Lei Liu 979 USA 980 Email: liulei.kddi@gmail.com 982 Renwei Li 983 Huawei Technologies 984 2330 Central Expressway 985 Santa Clara, CA 95050 986 USA 987 Email: renwei.li@huawei.com 989 Quintin Zhao 990 Huawei Technologies 991 Boston, MA 992 USA 993 Email: quintin.zhao@huawei.com 994 Boris Zhang 995 Telus Communications 996 200 Consilium Pl Floor 15 997 Toronto, ON M1H 3J3 998 Canada 999 Email: Boris.Zhang@telus.com 1001 Markus Jork 1002 Juniper Networks 1003 10 Technology Park Drive 1004 Westford, MA 01886 1005 USA 1006 Email: mjork@juniper.net 1008 9. Acknowledgement 1010 The authors would like to thank Nobo Akiya, Rahul Aggarwal, Eric 1011 Osborne, Ross Callon, Loa Andersson, Daniel King, Michael Yue, Alia 1012 Atlas, Olufemi Komolafe, Rob Rennison, Neil Harrison, Kannan Sampath, 1013 Gregory Mirsky, and Ronhazli Adam for their valuable comments and 1014 suggestions on this draft. 1016 10. References 1018 10.1. Normative References 1020 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1021 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1022 RFC2119, March 1997, 1023 . 1025 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 1026 Label Switching Architecture", RFC 3031, DOI 10.17487/ 1027 RFC3031, January 2001, 1028 . 1030 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 1031 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 1032 Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001, 1033 . 1035 [RFC4090] Pan, P., Ed., Swallow, G., Ed., and A. Atlas, Ed., "Fast 1036 Reroute Extensions to RSVP-TE for LSP Tunnels", RFC 4090, 1037 DOI 10.17487/RFC4090, May 2005, 1038 . 1040 [RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. 1041 Yasukawa, Ed., "Extensions to Resource Reservation 1042 Protocol - Traffic Engineering (RSVP-TE) for Point-to- 1043 Multipoint TE Label Switched Paths (LSPs)", RFC 4875, 1044 DOI 10.17487/RFC4875, May 2007, 1045 . 1047 10.2. Informative References 1049 [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, 1050 N., and A. Fulignoli, Ed., "MPLS Transport Profile 1051 (MPLS-TP) Linear Protection", RFC 6378, DOI 10.17487/ 1052 RFC6378, October 2011, 1053 . 1055 Authors' Addresses 1057 Huaimo Chen (editor) 1058 Huawei Technologies 1059 Boston, MA 1060 USA 1062 Email: huaimo.chen@huawei.com 1064 Raveendra Torvi (editor) 1065 Juniper Networks 1066 10 Technology Park Drive 1067 Westford, MA 01886 1068 USA 1070 Email: rtorvi@juniper.net